search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / external / bsd / bind / dist / bin / named / client.c
blob33aad014338cee383515b182012fe1f6e7bddb45
1 /* $NetBSD$ */
2
3 /*
4 * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (C) 1999-2003 Internet Software Consortium.
6 *
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 /* Id: client.c,v 1.266 2009/10/26 23:14:53 each Exp */
21
22 #include <config.h>
23
24 #include <isc/formatcheck.h>
25 #include <isc/mutex.h>
26 #include <isc/once.h>
27 #include <isc/platform.h>
28 #include <isc/print.h>
29 #include <isc/stats.h>
30 #include <isc/stdio.h>
31 #include <isc/string.h>
32 #include <isc/task.h>
33 #include <isc/timer.h>
34 #include <isc/util.h>
35
36 #include <dns/db.h>
37 #include <dns/dispatch.h>
38 #include <dns/events.h>
39 #include <dns/message.h>
40 #include <dns/peer.h>
41 #include <dns/rcode.h>
42 #include <dns/rdata.h>
43 #include <dns/rdataclass.h>
44 #include <dns/rdatalist.h>
45 #include <dns/rdataset.h>
46 #include <dns/resolver.h>
47 #include <dns/stats.h>
48 #include <dns/tsig.h>
49 #include <dns/view.h>
50 #include <dns/zone.h>
51
52 #include <named/interfacemgr.h>
53 #include <named/log.h>
54 #include <named/notify.h>
55 #include <named/os.h>
56 #include <named/server.h>
57 #include <named/update.h>
58
59 /***
60 *** Client
61 ***/
62
63 /*! \file
64 * Client Routines
65 *
66 * Important note!
67 *
68 * All client state changes, other than that from idle to listening, occur
69 * as a result of events. This guarantees serialization and avoids the
70 * need for locking.
71 *
72 * If a routine is ever created that allows someone other than the client's
73 * task to change the client, then the client will have to be locked.
74 */
75
76 #define NS_CLIENT_TRACE
77 #ifdef NS_CLIENT_TRACE
78 #define CTRACE(m) ns_client_log(client, \
79 NS_LOGCATEGORY_CLIENT, \
80 NS_LOGMODULE_CLIENT, \
81 ISC_LOG_DEBUG(3), \
82 "%s", (m))
83 #define MTRACE(m) isc_log_write(ns_g_lctx, \
84 NS_LOGCATEGORY_GENERAL, \
85 NS_LOGMODULE_CLIENT, \
86 ISC_LOG_DEBUG(3), \
87 "clientmgr @%p: %s", manager, (m))
88 #else
89 #define CTRACE(m) ((void)(m))
90 #define MTRACE(m) ((void)(m))
91 #endif
92
93 #define TCP_CLIENT(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
94
95 #define TCP_BUFFER_SIZE (65535 + 2)
96 #define SEND_BUFFER_SIZE 4096
97 #define RECV_BUFFER_SIZE 4096
98
99 #ifdef ISC_PLATFORM_USETHREADS
100 #define NMCTXS 100
101 /*%<
102 * Number of 'mctx pools' for clients. (Should this be configurable?)
103 * When enabling threads, we use a pool of memory contexts shared by
104 * client objects, since concurrent access to a shared context would cause
105 * heavy contentions. The above constant is expected to be enough for
106 * completely avoiding contentions among threads for an authoritative-only
107 * server.
108 */
109 #else
110 #define NMCTXS 0
111 /*%<
112 * If named with built without thread, simply share manager's context. Using
113 * a separate context in this case would simply waste memory.
114 */
115 #endif
116
117 /*% nameserver client manager structure */
118 struct ns_clientmgr {
119 /* Unlocked. */
120 unsigned int magic;
121 isc_mem_t * mctx;
122 isc_taskmgr_t * taskmgr;
123 isc_timermgr_t * timermgr;
124 isc_mutex_t lock;
125 /* Locked by lock. */
126 isc_boolean_t exiting;
127 client_list_t active; /*%< Active clients */
128 client_list_t recursing; /*%< Recursing clients */
129 client_list_t inactive; /*%< To be recycled */
130 #if NMCTXS > 0
131 /*%< mctx pool for clients. */
132 unsigned int nextmctx;
133 isc_mem_t * mctxpool[NMCTXS];
134 #endif
135 };
136
137 #define MANAGER_MAGIC ISC_MAGIC('N', 'S', 'C', 'm')
138 #define VALID_MANAGER(m) ISC_MAGIC_VALID(m, MANAGER_MAGIC)
139
140 /*!
141 * Client object states. Ordering is significant: higher-numbered
142 * states are generally "more active", meaning that the client can
143 * have more dynamically allocated data, outstanding events, etc.
144 * In the list below, any such properties listed for state N
145 * also apply to any state > N.
146 *
147 * To force the client into a less active state, set client->newstate
148 * to that state and call exit_check(). This will cause any
149 * activities defined for higher-numbered states to be aborted.
150 */
151
152 #define NS_CLIENTSTATE_FREED 0
153 /*%<
154 * The client object no longer exists.
155 */
156
157 #define NS_CLIENTSTATE_INACTIVE 1
158 /*%<
159 * The client object exists and has a task and timer.
160 * Its "query" struct and sendbuf are initialized.
161 * It is on the client manager's list of inactive clients.
162 * It has a message and OPT, both in the reset state.
163 */
164
165 #define NS_CLIENTSTATE_READY 2
166 /*%<
167 * The client object is either a TCP or a UDP one, and
168 * it is associated with a network interface. It is on the
169 * client manager's list of active clients.
170 *
171 * If it is a TCP client object, it has a TCP listener socket
172 * and an outstanding TCP listen request.
173 *
174 * If it is a UDP client object, it has a UDP listener socket
175 * and an outstanding UDP receive request.
176 */
177
178 #define NS_CLIENTSTATE_READING 3
179 /*%<
180 * The client object is a TCP client object that has received
181 * a connection. It has a tcpsocket, tcpmsg, TCP quota, and an
182 * outstanding TCP read request. This state is not used for
183 * UDP client objects.
184 */
185
186 #define NS_CLIENTSTATE_WORKING 4
187 /*%<
188 * The client object has received a request and is working
189 * on it. It has a view, and it may have any of a non-reset OPT,
190 * recursion quota, and an outstanding write request.
191 */
192
193 #define NS_CLIENTSTATE_MAX 9
194 /*%<
195 * Sentinel value used to indicate "no state". When client->newstate
196 * has this value, we are not attempting to exit the current state.
197 * Must be greater than any valid state.
198 */
199
200 /*
201 * Enable ns_client_dropport() by default.
202 */
203 #ifndef NS_CLIENT_DROPPORT
204 #define NS_CLIENT_DROPPORT 1
205 #endif
206
207 unsigned int ns_client_requests;
208
209 static void client_read(ns_client_t *client);
210 static void client_accept(ns_client_t *client);
211 static void client_udprecv(ns_client_t *client);
212 static void clientmgr_destroy(ns_clientmgr_t *manager);
213 static isc_boolean_t exit_check(ns_client_t *client);
214 static void ns_client_endrequest(ns_client_t *client);
215 static void ns_client_checkactive(ns_client_t *client);
216 static void client_start(isc_task_t *task, isc_event_t *event);
217 static void client_request(isc_task_t *task, isc_event_t *event);
218 static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
219
220 void
221 ns_client_recursing(ns_client_t *client) {
222 REQUIRE(NS_CLIENT_VALID(client));
223
224 LOCK(&client->manager->lock);
225 ISC_LIST_UNLINK(*client->list, client, link);
226 ISC_LIST_APPEND(client->manager->recursing, client, link);
227 client->list = &client->manager->recursing;
228 UNLOCK(&client->manager->lock);
229 }
230
231 void
232 ns_client_killoldestquery(ns_client_t *client) {
233 ns_client_t *oldest;
234 REQUIRE(NS_CLIENT_VALID(client));
235
236 LOCK(&client->manager->lock);
237 oldest = ISC_LIST_HEAD(client->manager->recursing);
238 if (oldest != NULL) {
239 ns_query_cancel(oldest);
240 ISC_LIST_UNLINK(*oldest->list, oldest, link);
241 ISC_LIST_APPEND(client->manager->active, oldest, link);
242 oldest->list = &client->manager->active;
243 }
244 UNLOCK(&client->manager->lock);
245 }
246
247 void
248 ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
249 isc_result_t result;
250 isc_interval_t interval;
251
252 isc_interval_set(&interval, seconds, 0);
253 result = isc_timer_reset(client->timer, isc_timertype_once, NULL,
254 &interval, ISC_FALSE);
255 client->timerset = ISC_TRUE;
256 if (result != ISC_R_SUCCESS) {
257 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
258 NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
259 "setting timeout: %s",
260 isc_result_totext(result));
261 /* Continue anyway. */
262 }
263 }
264
265 /*%
266 * Check for a deactivation or shutdown request and take appropriate
267 * action. Returns ISC_TRUE if either is in progress; in this case
268 * the caller must no longer use the client object as it may have been
269 * freed.
270 */
271 static isc_boolean_t
272 exit_check(ns_client_t *client) {
273 ns_clientmgr_t *locked_manager = NULL;
274 ns_clientmgr_t *destroy_manager = NULL;
275
276 REQUIRE(NS_CLIENT_VALID(client));
277
278 if (client->state <= client->newstate)
279 return (ISC_FALSE); /* Business as usual. */
280
281 INSIST(client->newstate < NS_CLIENTSTATE_WORKING);
282
283 /*
284 * We need to detach from the view early when shutting down
285 * the server to break the following vicious circle:
286 *
287 * - The resolver will not shut down until the view refcount is zero
288 * - The view refcount does not go to zero until all clients detach
289 * - The client does not detach from the view until references is zero
290 * - references does not go to zero until the resolver has shut down
291 *
292 * Keep the view attached until any outstanding updates complete.
293 */
294 if (client->nupdates == 0 &&
295 client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL)
296 dns_view_detach(&client->view);
297
298 if (client->state == NS_CLIENTSTATE_WORKING) {
299 INSIST(client->newstate <= NS_CLIENTSTATE_READING);
300 /*
301 * Let the update processing complete.
302 */
303 if (client->nupdates > 0)
304 return (ISC_TRUE);
305 /*
306 * We are trying to abort request processing.
307 */
308 if (client->nsends > 0) {
309 isc_socket_t *socket;
310 if (TCP_CLIENT(client))
311 socket = client->tcpsocket;
312 else
313 socket = client->udpsocket;
314 isc_socket_cancel(socket, client->task,
315 ISC_SOCKCANCEL_SEND);
316 }
317
318 if (! (client->nsends == 0 && client->nrecvs == 0 &&
319 client->references == 0))
320 {
321 /*
322 * Still waiting for I/O cancel completion.
323 * or lingering references.
324 */
325 return (ISC_TRUE);
326 }
327 /*
328 * I/O cancel is complete. Burn down all state
329 * related to the current request. Ensure that
330 * the client is on the active list and not the
331 * recursing list.
332 */
333 LOCK(&client->manager->lock);
334 if (client->list == &client->manager->recursing) {
335 ISC_LIST_UNLINK(*client->list, client, link);
336 ISC_LIST_APPEND(client->manager->active, client, link);
337 client->list = &client->manager->active;
338 }
339 UNLOCK(&client->manager->lock);
340 ns_client_endrequest(client);
341
342 client->state = NS_CLIENTSTATE_READING;
343 INSIST(client->recursionquota == NULL);
344 if (NS_CLIENTSTATE_READING == client->newstate) {
345 client_read(client);
346 client->newstate = NS_CLIENTSTATE_MAX;
347 return (ISC_TRUE); /* We're done. */
348 }
349 }
350
351 if (client->state == NS_CLIENTSTATE_READING) {
352 /*
353 * We are trying to abort the current TCP connection,
354 * if any.
355 */
356 INSIST(client->recursionquota == NULL);
357 INSIST(client->newstate <= NS_CLIENTSTATE_READY);
358 if (client->nreads > 0)
359 dns_tcpmsg_cancelread(&client->tcpmsg);
360 if (! client->nreads == 0) {
361 /* Still waiting for read cancel completion. */
362 return (ISC_TRUE);
363 }
364
365 if (client->tcpmsg_valid) {
366 dns_tcpmsg_invalidate(&client->tcpmsg);
367 client->tcpmsg_valid = ISC_FALSE;
368 }
369 if (client->tcpsocket != NULL) {
370 CTRACE("closetcp");
371 isc_socket_detach(&client->tcpsocket);
372 }
373
374 if (client->tcpquota != NULL)
375 isc_quota_detach(&client->tcpquota);
376
377 if (client->timerset) {
378 (void)isc_timer_reset(client->timer,
379 isc_timertype_inactive,
380 NULL, NULL, ISC_TRUE);
381 client->timerset = ISC_FALSE;
382 }
383
384 client->peeraddr_valid = ISC_FALSE;
385
386 client->state = NS_CLIENTSTATE_READY;
387 INSIST(client->recursionquota == NULL);
388
389 /*
390 * Now the client is ready to accept a new TCP connection
391 * or UDP request, but we may have enough clients doing
392 * that already. Check whether this client needs to remain
393 * active and force it to go inactive if not.
394 */
395 ns_client_checkactive(client);
396
397 if (NS_CLIENTSTATE_READY == client->newstate) {
398 if (TCP_CLIENT(client)) {
399 client_accept(client);
400 } else
401 client_udprecv(client);
402 client->newstate = NS_CLIENTSTATE_MAX;
403 return (ISC_TRUE);
404 }
405 }
406
407 if (client->state == NS_CLIENTSTATE_READY) {
408 INSIST(client->newstate <= NS_CLIENTSTATE_INACTIVE);
409 /*
410 * We are trying to enter the inactive state.
411 */
412 if (client->naccepts > 0)
413 isc_socket_cancel(client->tcplistener, client->task,
414 ISC_SOCKCANCEL_ACCEPT);
415
416 if (! (client->naccepts == 0)) {
417 /* Still waiting for accept cancel completion. */
418 return (ISC_TRUE);
419 }
420 /* Accept cancel is complete. */
421
422 if (client->nrecvs > 0)
423 isc_socket_cancel(client->udpsocket, client->task,
424 ISC_SOCKCANCEL_RECV);
425 if (! (client->nrecvs == 0)) {
426 /* Still waiting for recv cancel completion. */
427 return (ISC_TRUE);
428 }
429 /* Recv cancel is complete. */
430
431 if (client->nctls > 0) {
432 /* Still waiting for control event to be delivered */
433 return (ISC_TRUE);
434 }
435
436 /* Deactivate the client. */
437 if (client->interface)
438 ns_interface_detach(&client->interface);
439
440 INSIST(client->naccepts == 0);
441 INSIST(client->recursionquota == NULL);
442 if (client->tcplistener != NULL)
443 isc_socket_detach(&client->tcplistener);
444
445 if (client->udpsocket != NULL)
446 isc_socket_detach(&client->udpsocket);
447
448 if (client->dispatch != NULL)
449 dns_dispatch_detach(&client->dispatch);
450
451 client->attributes = 0;
452 client->mortal = ISC_FALSE;
453
454 LOCK(&client->manager->lock);
455 /*
456 * Put the client on the inactive list. If we are aiming for
457 * the "freed" state, it will be removed from the inactive
458 * list shortly, and we need to keep the manager locked until
459 * that has been done, lest the manager decide to reactivate
460 * the dying client inbetween.
461 */
462 locked_manager = client->manager;
463 ISC_LIST_UNLINK(*client->list, client, link);
464 ISC_LIST_APPEND(client->manager->inactive, client, link);
465 client->list = &client->manager->inactive;
466 client->state = NS_CLIENTSTATE_INACTIVE;
467 INSIST(client->recursionquota == NULL);
468
469 if (client->state == client->newstate) {
470 client->newstate = NS_CLIENTSTATE_MAX;
471 if (client->needshutdown)
472 isc_task_shutdown(client->task);
473 goto unlock;
474 }
475 }
476
477 if (client->state == NS_CLIENTSTATE_INACTIVE) {
478 INSIST(client->newstate == NS_CLIENTSTATE_FREED);
479 /*
480 * We are trying to free the client.
481 *
482 * When "shuttingdown" is true, either the task has received
483 * its shutdown event or no shutdown event has ever been
484 * set up. Thus, we have no outstanding shutdown
485 * event at this point.
486 */
487 REQUIRE(client->state == NS_CLIENTSTATE_INACTIVE);
488
489 INSIST(client->recursionquota == NULL);
490
491 ns_query_free(client);
492 isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
493 isc_event_free((isc_event_t **)&client->sendevent);
494 isc_event_free((isc_event_t **)&client->recvevent);
495 isc_timer_detach(&client->timer);
496
497 if (client->tcpbuf != NULL)
498 isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
499 if (client->opt != NULL) {
500 INSIST(dns_rdataset_isassociated(client->opt));
501 dns_rdataset_disassociate(client->opt);
502 dns_message_puttemprdataset(client->message, &client->opt);
503 }
504 dns_message_destroy(&client->message);
505 if (client->manager != NULL) {
506 ns_clientmgr_t *manager = client->manager;
507 if (locked_manager == NULL) {
508 LOCK(&manager->lock);
509 locked_manager = manager;
510 }
511 ISC_LIST_UNLINK(*client->list, client, link);
512 client->list = NULL;
513 if (manager->exiting &&
514 ISC_LIST_EMPTY(manager->active) &&
515 ISC_LIST_EMPTY(manager->inactive) &&
516 ISC_LIST_EMPTY(manager->recursing))
517 destroy_manager = manager;
518 }
519 /*
520 * Detaching the task must be done after unlinking from
521 * the manager's lists because the manager accesses
522 * client->task.
523 */
524 if (client->task != NULL)
525 isc_task_detach(&client->task);
526
527 CTRACE("free");
528 client->magic = 0;
529 /*
530 * Check that there are no other external references to
531 * the memory context.
532 */
533 if (ns_g_clienttest && isc_mem_references(client->mctx) != 1) {
534 isc_mem_stats(client->mctx, stderr);
535 INSIST(0);
536 }
537 isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
538
539 goto unlock;
540 }
541
542 unlock:
543 if (locked_manager != NULL) {
544 UNLOCK(&locked_manager->lock);
545 locked_manager = NULL;
546 }
547
548 /*
549 * Only now is it safe to destroy the client manager (if needed),
550 * because we have accessed its lock for the last time.
551 */
552 if (destroy_manager != NULL)
553 clientmgr_destroy(destroy_manager);
554
555 return (ISC_TRUE);
556 }
557
558 /*%
559 * The client's task has received the client's control event
560 * as part of the startup process.
561 */
562 static void
563 client_start(isc_task_t *task, isc_event_t *event) {
564 ns_client_t *client = (ns_client_t *) event->ev_arg;
565
566 INSIST(task == client->task);
567
568 UNUSED(task);
569
570 INSIST(client->nctls == 1);
571 client->nctls--;
572
573 if (exit_check(client))
574 return;
575
576 if (TCP_CLIENT(client)) {
577 client_accept(client);
578 } else {
579 client_udprecv(client);
580 }
581 }
582
583
584 /*%
585 * The client's task has received a shutdown event.
586 */
587 static void
588 client_shutdown(isc_task_t *task, isc_event_t *event) {
589 ns_client_t *client;
590
591 REQUIRE(event != NULL);
592 REQUIRE(event->ev_type == ISC_TASKEVENT_SHUTDOWN);
593 client = event->ev_arg;
594 REQUIRE(NS_CLIENT_VALID(client));
595 REQUIRE(task == client->task);
596
597 UNUSED(task);
598
599 CTRACE("shutdown");
600
601 isc_event_free(&event);
602
603 if (client->shutdown != NULL) {
604 (client->shutdown)(client->shutdown_arg, ISC_R_SHUTTINGDOWN);
605 client->shutdown = NULL;
606 client->shutdown_arg = NULL;
607 }
608
609 client->newstate = NS_CLIENTSTATE_FREED;
610 client->needshutdown = ISC_FALSE;
611 (void)exit_check(client);
612 }
613
614 static void
615 ns_client_endrequest(ns_client_t *client) {
616 INSIST(client->naccepts == 0);
617 INSIST(client->nreads == 0);
618 INSIST(client->nsends == 0);
619 INSIST(client->nrecvs == 0);
620 INSIST(client->nupdates == 0);
621 INSIST(client->state == NS_CLIENTSTATE_WORKING);
622
623 CTRACE("endrequest");
624
625 if (client->next != NULL) {
626 (client->next)(client);
627 client->next = NULL;
628 }
629
630 if (client->view != NULL)
631 dns_view_detach(&client->view);
632 if (client->opt != NULL) {
633 INSIST(dns_rdataset_isassociated(client->opt));
634 dns_rdataset_disassociate(client->opt);
635 dns_message_puttemprdataset(client->message, &client->opt);
636 }
637
638 client->udpsize = 512;
639 client->extflags = 0;
640 client->ednsversion = -1;
641 dns_message_reset(client->message, DNS_MESSAGE_INTENTPARSE);
642
643 if (client->recursionquota != NULL)
644 isc_quota_detach(&client->recursionquota);
645
646 /*
647 * Clear all client attributes that are specific to
648 * the request; that's all except the TCP flag.
649 */
650 client->attributes &= NS_CLIENTATTR_TCP;
651 }
652
653 static void
654 ns_client_checkactive(ns_client_t *client) {
655 if (client->mortal) {
656 /*
657 * This client object should normally go inactive
658 * at this point, but if we have fewer active client
659 * objects than desired due to earlier quota exhaustion,
660 * keep it active to make up for the shortage.
661 */
662 isc_boolean_t need_another_client = ISC_FALSE;
663 if (TCP_CLIENT(client) && !ns_g_clienttest) {
664 LOCK(&client->interface->lock);
665 if (client->interface->ntcpcurrent <
666 client->interface->ntcptarget)
667 need_another_client = ISC_TRUE;
668 UNLOCK(&client->interface->lock);
669 } else {
670 /*
671 * The UDP client quota is enforced by making
672 * requests fail rather than by not listening
673 * for new ones. Therefore, there is always a
674 * full set of UDP clients listening.
675 */
676 }
677 if (! need_another_client) {
678 /*
679 * We don't need this client object. Recycle it.
680 */
681 if (client->newstate >= NS_CLIENTSTATE_INACTIVE)
682 client->newstate = NS_CLIENTSTATE_INACTIVE;
683 }
684 }
685 }
686
687 void
688 ns_client_next(ns_client_t *client, isc_result_t result) {
689 int newstate;
690
691 REQUIRE(NS_CLIENT_VALID(client));
692 REQUIRE(client->state == NS_CLIENTSTATE_WORKING ||
693 client->state == NS_CLIENTSTATE_READING);
694
695 CTRACE("next");
696
697 if (result != ISC_R_SUCCESS)
698 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
699 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
700 "request failed: %s", isc_result_totext(result));
701
702 /*
703 * An error processing a TCP request may have left
704 * the connection out of sync. To be safe, we always
705 * sever the connection when result != ISC_R_SUCCESS.
706 */
707 if (result == ISC_R_SUCCESS && TCP_CLIENT(client))
708 newstate = NS_CLIENTSTATE_READING;
709 else
710 newstate = NS_CLIENTSTATE_READY;
711
712 if (client->newstate > newstate)
713 client->newstate = newstate;
714 (void)exit_check(client);
715 }
716
717
718 static void
719 client_senddone(isc_task_t *task, isc_event_t *event) {
720 ns_client_t *client;
721 isc_socketevent_t *sevent = (isc_socketevent_t *) event;
722
723 REQUIRE(sevent != NULL);
724 REQUIRE(sevent->ev_type == ISC_SOCKEVENT_SENDDONE);
725 client = sevent->ev_arg;
726 REQUIRE(NS_CLIENT_VALID(client));
727 REQUIRE(task == client->task);
728 REQUIRE(sevent == client->sendevent);
729
730 UNUSED(task);
731
732 CTRACE("senddone");
733
734 if (sevent->result != ISC_R_SUCCESS)
735 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
736 NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
737 "error sending response: %s",
738 isc_result_totext(sevent->result));
739
740 INSIST(client->nsends > 0);
741 client->nsends--;
742
743 if (client->tcpbuf != NULL) {
744 INSIST(TCP_CLIENT(client));
745 isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
746 client->tcpbuf = NULL;
747 }
748
749 if (exit_check(client))
750 return;
751
752 ns_client_next(client, ISC_R_SUCCESS);
753 }
754
755 /*%
756 * We only want to fail with ISC_R_NOSPACE when called from
757 * ns_client_sendraw() and not when called from ns_client_send(),
758 * tcpbuffer is NULL when called from ns_client_sendraw() and
759 * length != 0. tcpbuffer != NULL when called from ns_client_send()
760 * and length == 0.
761 */
762
763 static isc_result_t
764 client_allocsendbuf(ns_client_t *client, isc_buffer_t *buffer,
765 isc_buffer_t *tcpbuffer, isc_uint32_t length,
766 unsigned char *sendbuf, unsigned char **datap)
767 {
768 unsigned char *data;
769 isc_uint32_t bufsize;
770 isc_result_t result;
771
772 INSIST(datap != NULL);
773 INSIST((tcpbuffer == NULL && length != 0) ||
774 (tcpbuffer != NULL && length == 0));
775
776 if (TCP_CLIENT(client)) {
777 INSIST(client->tcpbuf == NULL);
778 if (length + 2 > TCP_BUFFER_SIZE) {
779 result = ISC_R_NOSPACE;
780 goto done;
781 }
782 client->tcpbuf = isc_mem_get(client->mctx, TCP_BUFFER_SIZE);
783 if (client->tcpbuf == NULL) {
784 result = ISC_R_NOMEMORY;
785 goto done;
786 }
787 data = client->tcpbuf;
788 if (tcpbuffer != NULL) {
789 isc_buffer_init(tcpbuffer, data, TCP_BUFFER_SIZE);
790 isc_buffer_init(buffer, data + 2, TCP_BUFFER_SIZE - 2);
791 } else {
792 isc_buffer_init(buffer, data, TCP_BUFFER_SIZE);
793 INSIST(length <= 0xffff);
794 isc_buffer_putuint16(buffer, (isc_uint16_t)length);
795 }
796 } else {
797 data = sendbuf;
798 if (client->udpsize < SEND_BUFFER_SIZE)
799 bufsize = client->udpsize;
800 else
801 bufsize = SEND_BUFFER_SIZE;
802 if (length > bufsize) {
803 result = ISC_R_NOSPACE;
804 goto done;
805 }
806 isc_buffer_init(buffer, data, bufsize);
807 }
808 *datap = data;
809 result = ISC_R_SUCCESS;
810
811 done:
812 return (result);
813 }
814
815 static isc_result_t
816 client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
817 struct in6_pktinfo *pktinfo;
818 isc_result_t result;
819 isc_region_t r;
820 isc_sockaddr_t *address;
821 isc_socket_t *socket;
822 isc_netaddr_t netaddr;
823 int match;
824 unsigned int sockflags = ISC_SOCKFLAG_IMMEDIATE;
825
826 if (TCP_CLIENT(client)) {
827 socket = client->tcpsocket;
828 address = NULL;
829 } else {
830 socket = client->udpsocket;
831 address = &client->peeraddr;
832
833 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
834 if (ns_g_server->blackholeacl != NULL &&
835 dns_acl_match(&netaddr, NULL,
836 ns_g_server->blackholeacl,
837 &ns_g_server->aclenv,
838 &match, NULL) == ISC_R_SUCCESS &&
839 match > 0)
840 return (DNS_R_BLACKHOLED);
841 sockflags |= ISC_SOCKFLAG_NORETRY;
842 }
843
844 if ((client->attributes & NS_CLIENTATTR_PKTINFO) != 0 &&
845 (client->attributes & NS_CLIENTATTR_MULTICAST) == 0)
846 pktinfo = &client->pktinfo;
847 else
848 pktinfo = NULL;
849
850 isc_buffer_usedregion(buffer, &r);
851
852 CTRACE("sendto");
853
854 result = isc_socket_sendto2(socket, &r, client->task,
855 address, pktinfo,
856 client->sendevent, sockflags);
857 if (result == ISC_R_SUCCESS || result == ISC_R_INPROGRESS) {
858 client->nsends++;
859 if (result == ISC_R_SUCCESS)
860 client_senddone(client->task,
861 (isc_event_t *)client->sendevent);
862 result = ISC_R_SUCCESS;
863 }
864 return (result);
865 }
866
867 void
868 ns_client_sendraw(ns_client_t *client, dns_message_t *message) {
869 isc_result_t result;
870 unsigned char *data;
871 isc_buffer_t buffer;
872 isc_region_t r;
873 isc_region_t *mr;
874 unsigned char sendbuf[SEND_BUFFER_SIZE];
875
876 REQUIRE(NS_CLIENT_VALID(client));
877
878 CTRACE("sendraw");
879
880 mr = dns_message_getrawmessage(message);
881 if (mr == NULL) {
882 result = ISC_R_UNEXPECTEDEND;
883 goto done;
884 }
885
886 result = client_allocsendbuf(client, &buffer, NULL, mr->length,
887 sendbuf, &data);
888 if (result != ISC_R_SUCCESS)
889 goto done;
890
891 /*
892 * Copy message to buffer and fixup id.
893 */
894 isc_buffer_availableregion(&buffer, &r);
895 result = isc_buffer_copyregion(&buffer, mr);
896 if (result != ISC_R_SUCCESS)
897 goto done;
898 r.base[0] = (client->message->id >> 8) & 0xff;
899 r.base[1] = client->message->id & 0xff;
900
901 result = client_sendpkg(client, &buffer);
902 if (result == ISC_R_SUCCESS)
903 return;
904
905 done:
906 if (client->tcpbuf != NULL) {
907 isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
908 client->tcpbuf = NULL;
909 }
910 ns_client_next(client, result);
911 }
912
913 void
914 ns_client_send(ns_client_t *client) {
915 isc_result_t result;
916 unsigned char *data;
917 isc_buffer_t buffer;
918 isc_buffer_t tcpbuffer;
919 isc_region_t r;
920 dns_compress_t cctx;
921 isc_boolean_t cleanup_cctx = ISC_FALSE;
922 unsigned char sendbuf[SEND_BUFFER_SIZE];
923 unsigned int render_opts;
924 unsigned int preferred_glue;
925 isc_boolean_t opt_included = ISC_FALSE;
926
927 REQUIRE(NS_CLIENT_VALID(client));
928
929 CTRACE("send");
930
931 if ((client->attributes & NS_CLIENTATTR_RA) != 0)
932 client->message->flags |= DNS_MESSAGEFLAG_RA;
933
934 if ((client->attributes & NS_CLIENTATTR_WANTDNSSEC) != 0)
935 render_opts = 0;
936 else
937 render_opts = DNS_MESSAGERENDER_OMITDNSSEC;
938 #ifdef ALLOW_FILTER_AAAA_ON_V4
939 /*
940 * filter-aaaa-on-v4 yes or break-dnssec option to suppress
941 * AAAA records
942 * We already know that request came via IPv4,
943 * that we have both AAAA and A records,
944 * and that we either have no signatures that the client wants
945 * or we are supposed to break DNSSEC.
946 */
947 if ((client->attributes & NS_CLIENTATTR_FILTER_AAAA) != 0)
948 render_opts |= DNS_MESSAGERENDER_FILTER_AAAA;
949 #endif
950 preferred_glue = 0;
951 if (client->view != NULL) {
952 if (client->view->preferred_glue == dns_rdatatype_a)
953 preferred_glue = DNS_MESSAGERENDER_PREFER_A;
954 else if (client->view->preferred_glue == dns_rdatatype_aaaa)
955 preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA;
956 }
957
958 /*
959 * XXXRTH The following doesn't deal with TCP buffer resizing.
960 */
961 result = client_allocsendbuf(client, &buffer, &tcpbuffer, 0,
962 sendbuf, &data);
963 if (result != ISC_R_SUCCESS)
964 goto done;
965
966 result = dns_compress_init(&cctx, -1, client->mctx);
967 if (result != ISC_R_SUCCESS)
968 goto done;
969 cleanup_cctx = ISC_TRUE;
970
971 result = dns_message_renderbegin(client->message, &cctx, &buffer);
972 if (result != ISC_R_SUCCESS)
973 goto done;
974
975 if (client->opt != NULL) {
976 result = dns_message_setopt(client->message, client->opt);
977 opt_included = ISC_TRUE;
978 client->opt = NULL;
979 if (result != ISC_R_SUCCESS)
980 goto done;
981 }
982 result = dns_message_rendersection(client->message,
983 DNS_SECTION_QUESTION, 0);
984 if (result == ISC_R_NOSPACE) {
985 client->message->flags |= DNS_MESSAGEFLAG_TC;
986 goto renderend;
987 }
988 if (result != ISC_R_SUCCESS)
989 goto done;
990 result = dns_message_rendersection(client->message,
991 DNS_SECTION_ANSWER,
992 DNS_MESSAGERENDER_PARTIAL |
993 render_opts);
994 if (result == ISC_R_NOSPACE) {
995 client->message->flags |= DNS_MESSAGEFLAG_TC;
996 goto renderend;
997 }
998 if (result != ISC_R_SUCCESS)
999 goto done;
1000 result = dns_message_rendersection(client->message,
1001 DNS_SECTION_AUTHORITY,
1002 DNS_MESSAGERENDER_PARTIAL |
1003 render_opts);
1004 if (result == ISC_R_NOSPACE) {
1005 client->message->flags |= DNS_MESSAGEFLAG_TC;
1006 goto renderend;
1007 }
1008 if (result != ISC_R_SUCCESS)
1009 goto done;
1010 result = dns_message_rendersection(client->message,
1011 DNS_SECTION_ADDITIONAL,
1012 preferred_glue | render_opts);
1013 if (result != ISC_R_SUCCESS && result != ISC_R_NOSPACE)
1014 goto done;
1015 renderend:
1016 result = dns_message_renderend(client->message);
1017
1018 if (result != ISC_R_SUCCESS)
1019 goto done;
1020
1021 if (cleanup_cctx) {
1022 dns_compress_invalidate(&cctx);
1023 cleanup_cctx = ISC_FALSE;
1024 }
1025
1026 if (TCP_CLIENT(client)) {
1027 isc_buffer_usedregion(&buffer, &r);
1028 isc_buffer_putuint16(&tcpbuffer, (isc_uint16_t) r.length);
1029 isc_buffer_add(&tcpbuffer, r.length);
1030 result = client_sendpkg(client, &tcpbuffer);
1031 } else
1032 result = client_sendpkg(client, &buffer);
1033
1034 /* update statistics (XXXJT: is it okay to access message->xxxkey?) */
1035 isc_stats_increment(ns_g_server->nsstats, dns_nsstatscounter_response);
1036 if (opt_included) {
1037 isc_stats_increment(ns_g_server->nsstats,
1038 dns_nsstatscounter_edns0out);
1039 }
1040 if (client->message->tsigkey != NULL) {
1041 isc_stats_increment(ns_g_server->nsstats,
1042 dns_nsstatscounter_tsigout);
1043 }
1044 if (client->message->sig0key != NULL) {
1045 isc_stats_increment(ns_g_server->nsstats,
1046 dns_nsstatscounter_sig0out);
1047 }
1048 if ((client->message->flags & DNS_MESSAGEFLAG_TC) != 0)
1049 isc_stats_increment(ns_g_server->nsstats,
1050 dns_nsstatscounter_truncatedresp);
1051
1052 if (result == ISC_R_SUCCESS)
1053 return;
1054
1055 done:
1056 if (client->tcpbuf != NULL) {
1057 isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
1058 client->tcpbuf = NULL;
1059 }
1060
1061 if (cleanup_cctx)
1062 dns_compress_invalidate(&cctx);
1063
1064 ns_client_next(client, result);
1065 }
1066
1067 #if NS_CLIENT_DROPPORT
1068 #define DROPPORT_NO 0
1069 #define DROPPORT_REQUEST 1
1070 #define DROPPORT_RESPONSE 2
1071 /*%
1072 * ns_client_dropport determines if certain requests / responses
1073 * should be dropped based on the port number.
1074 *
1075 * Returns:
1076 * \li 0: Don't drop.
1077 * \li 1: Drop request.
1078 * \li 2: Drop (error) response.
1079 */
1080 static int
1081 ns_client_dropport(in_port_t port) {
1082 switch (port) {
1083 case 7: /* echo */
1084 case 13: /* daytime */
1085 case 19: /* chargen */
1086 case 37: /* time */
1087 return (DROPPORT_REQUEST);
1088 case 464: /* kpasswd */
1089 return (DROPPORT_RESPONSE);
1090 }
1091 return (DROPPORT_NO);
1092 }
1093 #endif
1094
1095 void
1096 ns_client_error(ns_client_t *client, isc_result_t result) {
1097 dns_rcode_t rcode;
1098 dns_message_t *message;
1099
1100 REQUIRE(NS_CLIENT_VALID(client));
1101
1102 CTRACE("error");
1103
1104 message = client->message;
1105 rcode = dns_result_torcode(result);
1106
1107 #if NS_CLIENT_DROPPORT
1108 /*
1109 * Don't send FORMERR to ports on the drop port list.
1110 */
1111 if (rcode == dns_rcode_formerr &&
1112 ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) !=
1113 DROPPORT_NO) {
1114 char buf[64];
1115 isc_buffer_t b;
1116
1117 isc_buffer_init(&b, buf, sizeof(buf) - 1);
1118 if (dns_rcode_totext(rcode, &b) != ISC_R_SUCCESS)
1119 isc_buffer_putstr(&b, "UNKNOWN RCODE");
1120 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1121 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
1122 "dropped error (%.*s) response: suspicious port",
1123 (int)isc_buffer_usedlength(&b), buf);
1124 ns_client_next(client, ISC_R_SUCCESS);
1125 return;
1126 }
1127 #endif
1128
1129 /*
1130 * Message may be an in-progress reply that we had trouble
1131 * with, in which case QR will be set. We need to clear QR before
1132 * calling dns_message_reply() to avoid triggering an assertion.
1133 */
1134 message->flags &= ~DNS_MESSAGEFLAG_QR;
1135 /*
1136 * AA and AD shouldn't be set.
1137 */
1138 message->flags &= ~(DNS_MESSAGEFLAG_AA | DNS_MESSAGEFLAG_AD);
1139 result = dns_message_reply(message, ISC_TRUE);
1140 if (result != ISC_R_SUCCESS) {
1141 /*
1142 * It could be that we've got a query with a good header,
1143 * but a bad question section, so we try again with
1144 * want_question_section set to ISC_FALSE.
1145 */
1146 result = dns_message_reply(message, ISC_FALSE);
1147 if (result != ISC_R_SUCCESS) {
1148 ns_client_next(client, result);
1149 return;
1150 }
1151 }
1152 message->rcode = rcode;
1153
1154 /*
1155 * FORMERR loop avoidance: If we sent a FORMERR message
1156 * with the same ID to the same client less than two
1157 * seconds ago, assume that we are in an infinite error
1158 * packet dialog with a server for some protocol whose
1159 * error responses look enough like DNS queries to
1160 * elicit a FORMERR response. Drop a packet to break
1161 * the loop.
1162 */
1163 if (rcode == dns_rcode_formerr) {
1164 if (isc_sockaddr_equal(&client->peeraddr,
1165 &client->formerrcache.addr) &&
1166 message->id == client->formerrcache.id &&
1167 client->requesttime - client->formerrcache.time < 2) {
1168 /* Drop packet. */
1169 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1170 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
1171 "possible error packet loop, "
1172 "FORMERR dropped");
1173 ns_client_next(client, result);
1174 return;
1175 }
1176 client->formerrcache.addr = client->peeraddr;
1177 client->formerrcache.time = client->requesttime;
1178 client->formerrcache.id = message->id;
1179 }
1180 ns_client_send(client);
1181 }
1182
1183 static inline isc_result_t
1184 client_addopt(ns_client_t *client) {
1185 dns_rdataset_t *rdataset;
1186 dns_rdatalist_t *rdatalist;
1187 dns_rdata_t *rdata;
1188 isc_result_t result;
1189 dns_view_t *view;
1190 dns_resolver_t *resolver;
1191 isc_uint16_t udpsize;
1192
1193 REQUIRE(client->opt == NULL); /* XXXRTH free old. */
1194
1195 rdatalist = NULL;
1196 result = dns_message_gettemprdatalist(client->message, &rdatalist);
1197 if (result != ISC_R_SUCCESS)
1198 return (result);
1199 rdata = NULL;
1200 result = dns_message_gettemprdata(client->message, &rdata);
1201 if (result != ISC_R_SUCCESS)
1202 return (result);
1203 rdataset = NULL;
1204 result = dns_message_gettemprdataset(client->message, &rdataset);
1205 if (result != ISC_R_SUCCESS)
1206 return (result);
1207 dns_rdataset_init(rdataset);
1208
1209 rdatalist->type = dns_rdatatype_opt;
1210 rdatalist->covers = 0;
1211
1212 /*
1213 * Set the maximum UDP buffer size.
1214 */
1215 view = client->view;
1216 resolver = (view != NULL) ? view->resolver : NULL;
1217 if (resolver != NULL)
1218 udpsize = dns_resolver_getudpsize(resolver);
1219 else
1220 udpsize = ns_g_udpsize;
1221 rdatalist->rdclass = udpsize;
1222
1223 /*
1224 * Set EXTENDED-RCODE, VERSION and Z to 0.
1225 */
1226 rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE);
1227
1228 /* Set EDNS options if applicable */
1229 if (client->attributes & NS_CLIENTATTR_WANTNSID &&
1230 (ns_g_server->server_id != NULL ||
1231 ns_g_server->server_usehostname)) {
1232 /*
1233 * Space required for NSID data:
1234 * 2 bytes for opt code
1235 * + 2 bytes for NSID length
1236 * + NSID itself
1237 */
1238 char nsid[BUFSIZ], *nsidp;
1239 isc_buffer_t *buffer = NULL;
1240
1241 if (ns_g_server->server_usehostname) {
1242 isc_result_t result;
1243 result = ns_os_gethostname(nsid, sizeof(nsid));
1244 if (result != ISC_R_SUCCESS) {
1245 goto no_nsid;
1246 }
1247 nsidp = nsid;
1248 } else
1249 nsidp = ns_g_server->server_id;
1250
1251 rdata->length = strlen(nsidp) + 4;
1252 result = isc_buffer_allocate(client->mctx, &buffer,
1253 rdata->length);
1254 if (result != ISC_R_SUCCESS)
1255 goto no_nsid;
1256
1257 isc_buffer_putuint16(buffer, DNS_OPT_NSID);
1258 isc_buffer_putuint16(buffer, strlen(nsidp));
1259 isc_buffer_putstr(buffer, nsidp);
1260 rdata->data = buffer->base;
1261 dns_message_takebuffer(client->message, &buffer);
1262 } else {
1263 no_nsid:
1264 rdata->data = NULL;
1265 rdata->length = 0;
1266 }
1267
1268 rdata->rdclass = rdatalist->rdclass;
1269 rdata->type = rdatalist->type;
1270 rdata->flags = 0;
1271
1272 ISC_LIST_INIT(rdatalist->rdata);
1273 ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
1274 RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset)
1275 == ISC_R_SUCCESS);
1276
1277 client->opt = rdataset;
1278
1279 return (ISC_R_SUCCESS);
1280 }
1281
1282 static inline isc_boolean_t
1283 allowed(isc_netaddr_t *addr, dns_name_t *signer, dns_acl_t *acl) {
1284 int match;
1285 isc_result_t result;
1286
1287 if (acl == NULL)
1288 return (ISC_TRUE);
1289 result = dns_acl_match(addr, signer, acl, &ns_g_server->aclenv,
1290 &match, NULL);
1291 if (result == ISC_R_SUCCESS && match > 0)
1292 return (ISC_TRUE);
1293 return (ISC_FALSE);
1294 }
1295
1296 /*
1297 * Callback to see if a non-recursive query coming from 'srcaddr' to
1298 * 'destaddr', with optional key 'mykey' for class 'rdclass' would be
1299 * delivered to 'myview'.
1300 *
1301 * We run this unlocked as both the view list and the interface list
1302 * are updated when the appropriate task has exclusivity.
1303 */
1304 isc_boolean_t
1305 ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
1306 isc_sockaddr_t *srcaddr, isc_sockaddr_t *dstaddr,
1307 dns_rdataclass_t rdclass, void *arg)
1308 {
1309 dns_view_t *view;
1310 dns_tsigkey_t *key = NULL;
1311 dns_name_t *tsig = NULL;
1312 isc_netaddr_t netsrc;
1313 isc_netaddr_t netdst;
1314
1315 UNUSED(arg);
1316
1317 if (!ns_interfacemgr_listeningon(ns_g_server->interfacemgr, dstaddr))
1318 return (ISC_FALSE);
1319
1320 isc_netaddr_fromsockaddr(&netsrc, srcaddr);
1321 isc_netaddr_fromsockaddr(&netdst, dstaddr);
1322
1323 for (view = ISC_LIST_HEAD(ns_g_server->viewlist);
1324 view != NULL;
1325 view = ISC_LIST_NEXT(view, link)) {
1326
1327 if (view->matchrecursiveonly)
1328 continue;
1329
1330 if (rdclass != view->rdclass)
1331 continue;
1332
1333 if (mykey != NULL) {
1334 isc_boolean_t match;
1335 isc_result_t result;
1336
1337 result = dns_view_gettsig(view, &mykey->name, &key);
1338 if (result != ISC_R_SUCCESS)
1339 continue;
1340 match = dst_key_compare(mykey->key, key->key);
1341 dns_tsigkey_detach(&key);
1342 if (!match)
1343 continue;
1344 tsig = dns_tsigkey_identity(mykey);
1345 }
1346
1347 if (allowed(&netsrc, tsig, view->matchclients) &&
1348 allowed(&netdst, tsig, view->matchdestinations))
1349 break;
1350 }
1351 return (ISC_TF(view == myview));
1352 }
1353
1354 /*
1355 * Handle an incoming request event from the socket (UDP case)
1356 * or tcpmsg (TCP case).
1357 */
1358 static void
1359 client_request(isc_task_t *task, isc_event_t *event) {
1360 ns_client_t *client;
1361 isc_socketevent_t *sevent;
1362 isc_result_t result;
1363 isc_result_t sigresult = ISC_R_SUCCESS;
1364 isc_buffer_t *buffer;
1365 isc_buffer_t tbuffer;
1366 dns_view_t *view;
1367 dns_rdataset_t *opt;
1368 dns_name_t *signame;
1369 isc_boolean_t ra; /* Recursion available. */
1370 isc_netaddr_t netaddr;
1371 int match;
1372 dns_messageid_t id;
1373 unsigned int flags;
1374 isc_boolean_t notimp;
1375 dns_rdata_t rdata;
1376 isc_uint16_t optcode;
1377
1378 REQUIRE(event != NULL);
1379 client = event->ev_arg;
1380 REQUIRE(NS_CLIENT_VALID(client));
1381 REQUIRE(task == client->task);
1382
1383 INSIST(client->recursionquota == NULL);
1384
1385 INSIST(client->state ==
1386 TCP_CLIENT(client) ?
1387 NS_CLIENTSTATE_READING :
1388 NS_CLIENTSTATE_READY);
1389
1390 ns_client_requests++;
1391
1392 if (event->ev_type == ISC_SOCKEVENT_RECVDONE) {
1393 INSIST(!TCP_CLIENT(client));
1394 sevent = (isc_socketevent_t *)event;
1395 REQUIRE(sevent == client->recvevent);
1396 isc_buffer_init(&tbuffer, sevent->region.base, sevent->n);
1397 isc_buffer_add(&tbuffer, sevent->n);
1398 buffer = &tbuffer;
1399 result = sevent->result;
1400 if (result == ISC_R_SUCCESS) {
1401 client->peeraddr = sevent->address;
1402 client->peeraddr_valid = ISC_TRUE;
1403 }
1404 if ((sevent->attributes & ISC_SOCKEVENTATTR_PKTINFO) != 0) {
1405 client->attributes |= NS_CLIENTATTR_PKTINFO;
1406 client->pktinfo = sevent->pktinfo;
1407 }
1408 if ((sevent->attributes & ISC_SOCKEVENTATTR_MULTICAST) != 0)
1409 client->attributes |= NS_CLIENTATTR_MULTICAST;
1410 client->nrecvs--;
1411 } else {
1412 INSIST(TCP_CLIENT(client));
1413 REQUIRE(event->ev_type == DNS_EVENT_TCPMSG);
1414 REQUIRE(event->ev_sender == &client->tcpmsg);
1415 buffer = &client->tcpmsg.buffer;
1416 result = client->tcpmsg.result;
1417 INSIST(client->nreads == 1);
1418 /*
1419 * client->peeraddr was set when the connection was accepted.
1420 */
1421 client->nreads--;
1422 }
1423
1424 if (exit_check(client))
1425 goto cleanup;
1426 client->state = client->newstate = NS_CLIENTSTATE_WORKING;
1427
1428 isc_task_getcurrenttime(task, &client->requesttime);
1429 client->now = client->requesttime;
1430
1431 if (result != ISC_R_SUCCESS) {
1432 if (TCP_CLIENT(client)) {
1433 ns_client_next(client, result);
1434 } else {
1435 if (result != ISC_R_CANCELED)
1436 isc_log_write(ns_g_lctx, NS_LOGCATEGORY_CLIENT,
1437 NS_LOGMODULE_CLIENT,
1438 ISC_LOG_ERROR,
1439 "UDP client handler shutting "
1440 "down due to fatal receive "
1441 "error: %s",
1442 isc_result_totext(result));
1443 isc_task_shutdown(client->task);
1444 }
1445 goto cleanup;
1446 }
1447
1448 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
1449
1450 #if NS_CLIENT_DROPPORT
1451 if (ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) ==
1452 DROPPORT_REQUEST) {
1453 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1454 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
1455 "dropped request: suspicious port");
1456 ns_client_next(client, ISC_R_SUCCESS);
1457 goto cleanup;
1458 }
1459 #endif
1460
1461 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1462 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
1463 "%s request",
1464 TCP_CLIENT(client) ? "TCP" : "UDP");
1465
1466 /*
1467 * Check the blackhole ACL for UDP only, since TCP is done in
1468 * client_newconn.
1469 */
1470 if (!TCP_CLIENT(client)) {
1471
1472 if (ns_g_server->blackholeacl != NULL &&
1473 dns_acl_match(&netaddr, NULL, ns_g_server->blackholeacl,
1474 &ns_g_server->aclenv,
1475 &match, NULL) == ISC_R_SUCCESS &&
1476 match > 0)
1477 {
1478 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1479 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
1480 "blackholed UDP datagram");
1481 ns_client_next(client, ISC_R_SUCCESS);
1482 goto cleanup;
1483 }
1484 }
1485
1486 /*
1487 * Silently drop multicast requests for the present.
1488 * XXXMPA revisit this as mDNS spec was published.
1489 */
1490 if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0) {
1491 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1492 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
1493 "dropping multicast request");
1494 ns_client_next(client, DNS_R_REFUSED);
1495 goto cleanup;
1496 }
1497
1498 result = dns_message_peekheader(buffer, &id, &flags);
1499 if (result != ISC_R_SUCCESS) {
1500 /*
1501 * There isn't enough header to determine whether
1502 * this was a request or a response. Drop it.
1503 */
1504 ns_client_next(client, result);
1505 goto cleanup;
1506 }
1507
1508 /*
1509 * The client object handles requests, not responses.
1510 * If this is a UDP response, forward it to the dispatcher.
1511 * If it's a TCP response, discard it here.
1512 */
1513 if ((flags & DNS_MESSAGEFLAG_QR) != 0) {
1514 if (TCP_CLIENT(client)) {
1515 CTRACE("unexpected response");
1516 ns_client_next(client, DNS_R_FORMERR);
1517 goto cleanup;
1518 } else {
1519 dns_dispatch_importrecv(client->dispatch, event);
1520 ns_client_next(client, ISC_R_SUCCESS);
1521 goto cleanup;
1522 }
1523 }
1524
1525 /*
1526 * Update some statistics counters. Don't count responses.
1527 */
1528 if (isc_sockaddr_pf(&client->peeraddr) == PF_INET) {
1529 isc_stats_increment(ns_g_server->nsstats,
1530 dns_nsstatscounter_requestv4);
1531 } else {
1532 isc_stats_increment(ns_g_server->nsstats,
1533 dns_nsstatscounter_requestv6);
1534 }
1535 if (TCP_CLIENT(client))
1536 isc_stats_increment(ns_g_server->nsstats,
1537 dns_nsstatscounter_tcp);
1538
1539 /*
1540 * It's a request. Parse it.
1541 */
1542 result = dns_message_parse(client->message, buffer, 0);
1543 if (result != ISC_R_SUCCESS) {
1544 /*
1545 * Parsing the request failed. Send a response
1546 * (typically FORMERR or SERVFAIL).
1547 */
1548 ns_client_error(client, result);
1549 goto cleanup;
1550 }
1551
1552 dns_opcodestats_increment(ns_g_server->opcodestats,
1553 client->message->opcode);
1554 switch (client->message->opcode) {
1555 case dns_opcode_query:
1556 case dns_opcode_update:
1557 case dns_opcode_notify:
1558 notimp = ISC_FALSE;
1559 break;
1560 case dns_opcode_iquery:
1561 default:
1562 notimp = ISC_TRUE;
1563 break;
1564 }
1565
1566 client->message->rcode = dns_rcode_noerror;
1567
1568 /* RFC1123 section 6.1.3.2 */
1569 if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0)
1570 client->message->flags &= ~DNS_MESSAGEFLAG_RD;
1571
1572 /*
1573 * Deal with EDNS.
1574 */
1575 opt = dns_message_getopt(client->message);
1576 if (opt != NULL) {
1577 /*
1578 * Set the client's UDP buffer size.
1579 */
1580 client->udpsize = opt->rdclass;
1581
1582 /*
1583 * If the requested UDP buffer size is less than 512,
1584 * ignore it and use 512.
1585 */
1586 if (client->udpsize < 512)
1587 client->udpsize = 512;
1588
1589 /*
1590 * Get the flags out of the OPT record.
1591 */
1592 client->extflags = (isc_uint16_t)(opt->ttl & 0xFFFF);
1593
1594 /*
1595 * Do we understand this version of EDNS?
1596 *
1597 * XXXRTH need library support for this!
1598 */
1599 client->ednsversion = (opt->ttl & 0x00FF0000) >> 16;
1600 if (client->ednsversion > 0) {
1601 isc_stats_increment(ns_g_server->nsstats,
1602 dns_nsstatscounter_badednsver);
1603 result = client_addopt(client);
1604 if (result == ISC_R_SUCCESS)
1605 result = DNS_R_BADVERS;
1606 ns_client_error(client, result);
1607 goto cleanup;
1608 }
1609
1610 /* Check for NSID request */
1611 result = dns_rdataset_first(opt);
1612 if (result == ISC_R_SUCCESS) {
1613 dns_rdata_init(&rdata);
1614 dns_rdataset_current(opt, &rdata);
1615 if (rdata.length >= 2) {
1616 isc_buffer_t nsidbuf;
1617 isc_buffer_init(&nsidbuf,
1618 rdata.data, rdata.length);
1619 isc_buffer_add(&nsidbuf, rdata.length);
1620 optcode = isc_buffer_getuint16(&nsidbuf);
1621 if (optcode == DNS_OPT_NSID)
1622 client->attributes |=
1623 NS_CLIENTATTR_WANTNSID;
1624 }
1625 }
1626
1627 isc_stats_increment(ns_g_server->nsstats,
1628 dns_nsstatscounter_edns0in);
1629
1630 /*
1631 * Create an OPT for our reply.
1632 */
1633 result = client_addopt(client);
1634 if (result != ISC_R_SUCCESS) {
1635 ns_client_error(client, result);
1636 goto cleanup;
1637 }
1638 }
1639
1640 if (client->message->rdclass == 0) {
1641 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1642 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
1643 "message class could not be determined");
1644 ns_client_dumpmessage(client,
1645 "message class could not be determined");
1646 ns_client_error(client, notimp ? DNS_R_NOTIMP : DNS_R_FORMERR);
1647 goto cleanup;
1648 }
1649
1650 /*
1651 * Determine the destination address. If the receiving interface is
1652 * bound to a specific address, we simply use it regardless of the
1653 * address family. All IPv4 queries should fall into this case.
1654 * Otherwise, if this is a TCP query, get the address from the
1655 * receiving socket (this needs a system call and can be heavy).
1656 * For IPv6 UDP queries, we get this from the pktinfo structure (if
1657 * supported).
1658 * If all the attempts fail (this can happen due to memory shortage,
1659 * etc), we regard this as an error for safety.
1660 */
1661 if ((client->interface->flags & NS_INTERFACEFLAG_ANYADDR) == 0)
1662 isc_netaddr_fromsockaddr(&client->destaddr,
1663 &client->interface->addr);
1664 else {
1665 isc_sockaddr_t sockaddr;
1666 result = ISC_R_FAILURE;
1667
1668 if (TCP_CLIENT(client))
1669 result = isc_socket_getsockname(client->tcpsocket,
1670 &sockaddr);
1671 if (result == ISC_R_SUCCESS)
1672 isc_netaddr_fromsockaddr(&client->destaddr, &sockaddr);
1673 if (result != ISC_R_SUCCESS &&
1674 client->interface->addr.type.sa.sa_family == AF_INET6 &&
1675 (client->attributes & NS_CLIENTATTR_PKTINFO) != 0) {
1676 /*
1677 * XXXJT technically, we should convert the receiving
1678 * interface ID to a proper scope zone ID. However,
1679 * due to the fact there is no standard API for this,
1680 * we only handle link-local addresses and use the
1681 * interface index as link ID. Despite the assumption,
1682 * it should cover most typical cases.
1683 */
1684 isc_netaddr_fromin6(&client->destaddr,
1685 &client->pktinfo.ipi6_addr);
1686 if (IN6_IS_ADDR_LINKLOCAL(&client->pktinfo.ipi6_addr))
1687 isc_netaddr_setzone(&client->destaddr,
1688 client->pktinfo.ipi6_ifindex);
1689 result = ISC_R_SUCCESS;
1690 }
1691 if (result != ISC_R_SUCCESS) {
1692 UNEXPECTED_ERROR(__FILE__, __LINE__,
1693 "failed to get request's "
1694 "destination: %s",
1695 isc_result_totext(result));
1696 ns_client_next(client, ISC_R_SUCCESS);
1697 goto cleanup;
1698 }
1699 }
1700
1701 /*
1702 * Find a view that matches the client's source address.
1703 */
1704 for (view = ISC_LIST_HEAD(ns_g_server->viewlist);
1705 view != NULL;
1706 view = ISC_LIST_NEXT(view, link)) {
1707 if (client->message->rdclass == view->rdclass ||
1708 client->message->rdclass == dns_rdataclass_any)
1709 {
1710 dns_name_t *tsig = NULL;
1711
1712 sigresult = dns_message_rechecksig(client->message,
1713 view);
1714 if (sigresult == ISC_R_SUCCESS)
1715 tsig = dns_tsigkey_identity(client->message->tsigkey);
1716
1717 if (allowed(&netaddr, tsig, view->matchclients) &&
1718 allowed(&client->destaddr, tsig,
1719 view->matchdestinations) &&
1720 !((client->message->flags & DNS_MESSAGEFLAG_RD)
1721 == 0 && view->matchrecursiveonly))
1722 {
1723 dns_view_attach(view, &client->view);
1724 break;
1725 }
1726 }
1727 }
1728
1729 if (view == NULL) {
1730 char classname[DNS_RDATACLASS_FORMATSIZE];
1731
1732 /*
1733 * Do a dummy TSIG verification attempt so that the
1734 * response will have a TSIG if the query did, as
1735 * required by RFC2845.
1736 */
1737 isc_buffer_t b;
1738 isc_region_t *r;
1739
1740 dns_message_resetsig(client->message);
1741
1742 r = dns_message_getrawmessage(client->message);
1743 isc_buffer_init(&b, r->base, r->length);
1744 isc_buffer_add(&b, r->length);
1745 (void)dns_tsig_verify(&b, client->message, NULL, NULL);
1746
1747 dns_rdataclass_format(client->message->rdclass, classname,
1748 sizeof(classname));
1749 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1750 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
1751 "no matching view in class '%s'", classname);
1752 ns_client_dumpmessage(client, "no matching view in class");
1753 ns_client_error(client, notimp ? DNS_R_NOTIMP : DNS_R_REFUSED);
1754 goto cleanup;
1755 }
1756
1757 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1758 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(5),
1759 "using view '%s'", view->name);
1760
1761 /*
1762 * Check for a signature. We log bad signatures regardless of
1763 * whether they ultimately cause the request to be rejected or
1764 * not. We do not log the lack of a signature unless we are
1765 * debugging.
1766 */
1767 client->signer = NULL;
1768 dns_name_init(&client->signername, NULL);
1769 result = dns_message_signer(client->message, &client->signername);
1770 if (result != ISC_R_NOTFOUND) {
1771 signame = NULL;
1772 if (dns_message_gettsig(client->message, &signame) != NULL) {
1773 isc_stats_increment(ns_g_server->nsstats,
1774 dns_nsstatscounter_tsigin);
1775 } else {
1776 isc_stats_increment(ns_g_server->nsstats,
1777 dns_nsstatscounter_sig0in);
1778 }
1779
1780 }
1781 if (result == ISC_R_SUCCESS) {
1782 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1783 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
1784 "request has valid signature");
1785 client->signer = &client->signername;
1786 } else if (result == ISC_R_NOTFOUND) {
1787 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1788 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
1789 "request is not signed");
1790 } else if (result == DNS_R_NOIDENTITY) {
1791 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1792 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
1793 "request is signed by a nonauthoritative key");
1794 } else {
1795 char tsigrcode[64];
1796 isc_buffer_t b;
1797 dns_rcode_t status;
1798 isc_result_t tresult;
1799
1800 /* There is a signature, but it is bad. */
1801 isc_stats_increment(ns_g_server->nsstats,
1802 dns_nsstatscounter_invalidsig);
1803 signame = NULL;
1804 if (dns_message_gettsig(client->message, &signame) != NULL) {
1805 char namebuf[DNS_NAME_FORMATSIZE];
1806 char cnamebuf[DNS_NAME_FORMATSIZE];
1807 dns_name_format(signame, namebuf, sizeof(namebuf));
1808 status = client->message->tsigstatus;
1809 isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
1810 tresult = dns_tsigrcode_totext(status, &b);
1811 INSIST(tresult == ISC_R_SUCCESS);
1812 tsigrcode[isc_buffer_usedlength(&b)] = '\0';
1813 if (client->message->tsigkey->generated) {
1814 dns_name_format(client->message->tsigkey->creator,
1815 cnamebuf, sizeof(cnamebuf));
1816 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1817 NS_LOGMODULE_CLIENT,
1818 ISC_LOG_ERROR,
1819 "request has invalid signature: "
1820 "TSIG %s (%s): %s (%s)", namebuf,
1821 cnamebuf,
1822 isc_result_totext(result),
1823 tsigrcode);
1824 } else {
1825 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1826 NS_LOGMODULE_CLIENT,
1827 ISC_LOG_ERROR,
1828 "request has invalid signature: "
1829 "TSIG %s: %s (%s)", namebuf,
1830 isc_result_totext(result),
1831 tsigrcode);
1832 }
1833 } else {
1834 status = client->message->sig0status;
1835 isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
1836 tresult = dns_tsigrcode_totext(status, &b);
1837 INSIST(tresult == ISC_R_SUCCESS);
1838 tsigrcode[isc_buffer_usedlength(&b)] = '\0';
1839 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1840 NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
1841 "request has invalid signature: %s (%s)",
1842 isc_result_totext(result), tsigrcode);
1843 }
1844 /*
1845 * Accept update messages signed by unknown keys so that
1846 * update forwarding works transparently through slaves
1847 * that don't have all the same keys as the master.
1848 */
1849 if (!(client->message->tsigstatus == dns_tsigerror_badkey &&
1850 client->message->opcode == dns_opcode_update)) {
1851 ns_client_error(client, sigresult);
1852 goto cleanup;
1853 }
1854 }
1855
1856 /*
1857 * Decide whether recursive service is available to this client.
1858 * We do this here rather than in the query code so that we can
1859 * set the RA bit correctly on all kinds of responses, not just
1860 * responses to ordinary queries. Note if you can't query the
1861 * cache there is no point in setting RA.
1862 */
1863 ra = ISC_FALSE;
1864 if (client->view->resolver != NULL &&
1865 client->view->recursion == ISC_TRUE &&
1866 ns_client_checkaclsilent(client, NULL,
1867 client->view->recursionacl,
1868 ISC_TRUE) == ISC_R_SUCCESS &&
1869 ns_client_checkaclsilent(client, NULL,
1870 client->view->queryacl,
1871 ISC_TRUE) == ISC_R_SUCCESS &&
1872 ns_client_checkaclsilent(client, &client->destaddr,
1873 client->view->recursiononacl,
1874 ISC_TRUE) == ISC_R_SUCCESS &&
1875 ns_client_checkaclsilent(client, &client->destaddr,
1876 client->view->queryonacl,
1877 ISC_TRUE) == ISC_R_SUCCESS)
1878 ra = ISC_TRUE;
1879
1880 if (ra == ISC_TRUE)
1881 client->attributes |= NS_CLIENTATTR_RA;
1882
1883 ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
1884 ISC_LOG_DEBUG(3), ra ? "recursion available" :
1885 "recursion not available");
1886
1887 /*
1888 * Adjust maximum UDP response size for this client.
1889 */
1890 if (client->udpsize > 512) {
1891 dns_peer_t *peer = NULL;
1892 isc_uint16_t udpsize = view->maxudp;
1893 (void) dns_peerlist_peerbyaddr(view->peers, &netaddr, &peer);
1894 if (peer != NULL)
1895 dns_peer_getmaxudp(peer, &udpsize);
1896 if (client->udpsize > udpsize)
1897 client->udpsize = udpsize;
1898 }
1899
1900 /*
1901 * Dispatch the request.
1902 */
1903 switch (client->message->opcode) {
1904 case dns_opcode_query:
1905 CTRACE("query");
1906 ns_query_start(client);
1907 break;
1908 case dns_opcode_update:
1909 CTRACE("update");
1910 ns_client_settimeout(client, 60);
1911 ns_update_start(client, sigresult);
1912 break;
1913 case dns_opcode_notify:
1914 CTRACE("notify");
1915 ns_client_settimeout(client, 60);
1916 ns_notify_start(client);
1917 break;
1918 case dns_opcode_iquery:
1919 CTRACE("iquery");
1920 ns_client_error(client, DNS_R_NOTIMP);
1921 break;
1922 default:
1923 CTRACE("unknown opcode");
1924 ns_client_error(client, DNS_R_NOTIMP);
1925 }
1926
1927 cleanup:
1928 return;
1929 }
1930
1931 static void
1932 client_timeout(isc_task_t *task, isc_event_t *event) {
1933 ns_client_t *client;
1934
1935 REQUIRE(event != NULL);
1936 REQUIRE(event->ev_type == ISC_TIMEREVENT_LIFE ||
1937 event->ev_type == ISC_TIMEREVENT_IDLE);
1938 client = event->ev_arg;
1939 REQUIRE(NS_CLIENT_VALID(client));
1940 REQUIRE(task == client->task);
1941 REQUIRE(client->timer != NULL);
1942
1943 UNUSED(task);
1944
1945 CTRACE("timeout");
1946
1947 isc_event_free(&event);
1948
1949 if (client->shutdown != NULL) {
1950 (client->shutdown)(client->shutdown_arg, ISC_R_TIMEDOUT);
1951 client->shutdown = NULL;
1952 client->shutdown_arg = NULL;
1953 }
1954
1955 if (client->newstate > NS_CLIENTSTATE_READY)
1956 client->newstate = NS_CLIENTSTATE_READY;
1957 (void)exit_check(client);
1958 }
1959
1960 static isc_result_t
1961 get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) {
1962 isc_mem_t *clientmctx;
1963 isc_result_t result;
1964
1965 /*
1966 * Caller must be holding the manager lock.
1967 */
1968 if (ns_g_clienttest) {
1969 result = isc_mem_create(0, 0, mctxp);
1970 if (result == ISC_R_SUCCESS)
1971 isc_mem_setname(*mctxp, "client", NULL);
1972 return (result);
1973 }
1974 #if NMCTXS > 0
1975 INSIST(manager->nextmctx < NMCTXS);
1976 clientmctx = manager->mctxpool[manager->nextmctx];
1977 if (clientmctx == NULL) {
1978 result = isc_mem_create(0, 0, &clientmctx);
1979 if (result != ISC_R_SUCCESS)
1980 return (result);
1981 isc_mem_setname(clientmctx, "client", NULL);
1982
1983 manager->mctxpool[manager->nextmctx] = clientmctx;
1984 }
1985 manager->nextmctx++;
1986 if (manager->nextmctx == NMCTXS)
1987 manager->nextmctx = 0;
1988 #else
1989 clientmctx = manager->mctx;
1990 #endif
1991
1992 isc_mem_attach(clientmctx, mctxp);
1993
1994 return (ISC_R_SUCCESS);
1995 }
1996
1997 static isc_result_t
1998 client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
1999 ns_client_t *client;
2000 isc_result_t result;
2001 isc_mem_t *mctx = NULL;
2002
2003 /*
2004 * Caller must be holding the manager lock.
2005 *
2006 * Note: creating a client does not add the client to the
2007 * manager's client list or set the client's manager pointer.
2008 * The caller is responsible for that.
2009 */
2010
2011 REQUIRE(clientp != NULL && *clientp == NULL);
2012
2013 result = get_clientmctx(manager, &mctx);
2014 if (result != ISC_R_SUCCESS)
2015 return (result);
2016
2017 client = isc_mem_get(mctx, sizeof(*client));
2018 if (client == NULL) {
2019 isc_mem_detach(&mctx);
2020 return (ISC_R_NOMEMORY);
2021 }
2022 client->mctx = mctx;
2023
2024 client->task = NULL;
2025 result = isc_task_create(manager->taskmgr, 0, &client->task);
2026 if (result != ISC_R_SUCCESS)
2027 goto cleanup_client;
2028 isc_task_setname(client->task, "client", client);
2029
2030 client->timer = NULL;
2031 result = isc_timer_create(manager->timermgr, isc_timertype_inactive,
2032 NULL, NULL, client->task, client_timeout,
2033 client, &client->timer);
2034 if (result != ISC_R_SUCCESS)
2035 goto cleanup_task;
2036 client->timerset = ISC_FALSE;
2037
2038 client->message = NULL;
2039 result = dns_message_create(client->mctx, DNS_MESSAGE_INTENTPARSE,
2040 &client->message);
2041 if (result != ISC_R_SUCCESS)
2042 goto cleanup_timer;
2043
2044 /* XXXRTH Hardwired constants */
2045
2046 client->sendevent = (isc_socketevent_t *)
2047 isc_event_allocate(client->mctx, client,
2048 ISC_SOCKEVENT_SENDDONE,
2049 client_senddone, client,
2050 sizeof(isc_socketevent_t));
2051 if (client->sendevent == NULL) {
2052 result = ISC_R_NOMEMORY;
2053 goto cleanup_message;
2054 }
2055
2056 client->recvbuf = isc_mem_get(client->mctx, RECV_BUFFER_SIZE);
2057 if (client->recvbuf == NULL) {
2058 result = ISC_R_NOMEMORY;
2059 goto cleanup_sendevent;
2060 }
2061
2062 client->recvevent = (isc_socketevent_t *)
2063 isc_event_allocate(client->mctx, client,
2064 ISC_SOCKEVENT_RECVDONE,
2065 client_request, client,
2066 sizeof(isc_socketevent_t));
2067 if (client->recvevent == NULL) {
2068 result = ISC_R_NOMEMORY;
2069 goto cleanup_recvbuf;
2070 }
2071
2072 client->magic = NS_CLIENT_MAGIC;
2073 client->manager = NULL;
2074 client->state = NS_CLIENTSTATE_INACTIVE;
2075 client->newstate = NS_CLIENTSTATE_MAX;
2076 client->naccepts = 0;
2077 client->nreads = 0;
2078 client->nsends = 0;
2079 client->nrecvs = 0;
2080 client->nupdates = 0;
2081 client->nctls = 0;
2082 client->references = 0;
2083 client->attributes = 0;
2084 client->view = NULL;
2085 client->dispatch = NULL;
2086 client->udpsocket = NULL;
2087 client->tcplistener = NULL;
2088 client->tcpsocket = NULL;
2089 client->tcpmsg_valid = ISC_FALSE;
2090 client->tcpbuf = NULL;
2091 client->opt = NULL;
2092 client->udpsize = 512;
2093 client->extflags = 0;
2094 client->ednsversion = -1;
2095 client->next = NULL;
2096 client->shutdown = NULL;
2097 client->shutdown_arg = NULL;
2098 dns_name_init(&client->signername, NULL);
2099 client->mortal = ISC_FALSE;
2100 client->tcpquota = NULL;
2101 client->recursionquota = NULL;
2102 client->interface = NULL;
2103 client->peeraddr_valid = ISC_FALSE;
2104 ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
2105 NS_EVENT_CLIENTCONTROL, client_start, client, client,
2106 NULL, NULL);
2107 /*
2108 * Initialize FORMERR cache to sentinel value that will not match
2109 * any actual FORMERR response.
2110 */
2111 isc_sockaddr_any(&client->formerrcache.addr);
2112 client->formerrcache.time = 0;
2113 client->formerrcache.id = 0;
2114 ISC_LINK_INIT(client, link);
2115 client->list = NULL;
2116
2117 /*
2118 * We call the init routines for the various kinds of client here,
2119 * after we have created an otherwise valid client, because some
2120 * of them call routines that REQUIRE(NS_CLIENT_VALID(client)).
2121 */
2122 result = ns_query_init(client);
2123 if (result != ISC_R_SUCCESS)
2124 goto cleanup_recvevent;
2125
2126 result = isc_task_onshutdown(client->task, client_shutdown, client);
2127 if (result != ISC_R_SUCCESS)
2128 goto cleanup_query;
2129
2130 client->needshutdown = ns_g_clienttest;
2131
2132 CTRACE("create");
2133
2134 *clientp = client;
2135
2136 return (ISC_R_SUCCESS);
2137
2138 cleanup_query:
2139 ns_query_free(client);
2140
2141 cleanup_recvevent:
2142 isc_event_free((isc_event_t **)&client->recvevent);
2143
2144 cleanup_recvbuf:
2145 isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
2146
2147 cleanup_sendevent:
2148 isc_event_free((isc_event_t **)&client->sendevent);
2149
2150 client->magic = 0;
2151
2152 cleanup_message:
2153 dns_message_destroy(&client->message);
2154
2155 cleanup_timer:
2156 isc_timer_detach(&client->timer);
2157
2158 cleanup_task:
2159 isc_task_detach(&client->task);
2160
2161 cleanup_client:
2162 isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
2163
2164 return (result);
2165 }
2166
2167 static void
2168 client_read(ns_client_t *client) {
2169 isc_result_t result;
2170
2171 CTRACE("read");
2172
2173 result = dns_tcpmsg_readmessage(&client->tcpmsg, client->task,
2174 client_request, client);
2175 if (result != ISC_R_SUCCESS)
2176 goto fail;
2177
2178 /*
2179 * Set a timeout to limit the amount of time we will wait
2180 * for a request on this TCP connection.
2181 */
2182 ns_client_settimeout(client, 30);
2183
2184 client->state = client->newstate = NS_CLIENTSTATE_READING;
2185 INSIST(client->nreads == 0);
2186 INSIST(client->recursionquota == NULL);
2187 client->nreads++;
2188
2189 return;
2190 fail:
2191 ns_client_next(client, result);
2192 }
2193
2194 static void
2195 client_newconn(isc_task_t *task, isc_event_t *event) {
2196 ns_client_t *client = event->ev_arg;
2197 isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
2198 isc_result_t result;
2199
2200 REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
2201 REQUIRE(NS_CLIENT_VALID(client));
2202 REQUIRE(client->task == task);
2203
2204 UNUSED(task);
2205
2206 INSIST(client->state == NS_CLIENTSTATE_READY);
2207
2208 INSIST(client->naccepts == 1);
2209 client->naccepts--;
2210
2211 LOCK(&client->interface->lock);
2212 INSIST(client->interface->ntcpcurrent > 0);
2213 client->interface->ntcpcurrent--;
2214 UNLOCK(&client->interface->lock);
2215
2216 /*
2217 * We must take ownership of the new socket before the exit
2218 * check to make sure it gets destroyed if we decide to exit.
2219 */
2220 if (nevent->result == ISC_R_SUCCESS) {
2221 client->tcpsocket = nevent->newsocket;
2222 isc_socket_setname(client->tcpsocket, "client-tcp", NULL);
2223 client->state = NS_CLIENTSTATE_READING;
2224 INSIST(client->recursionquota == NULL);
2225
2226 (void)isc_socket_getpeername(client->tcpsocket,
2227 &client->peeraddr);
2228 client->peeraddr_valid = ISC_TRUE;
2229 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2230 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
2231 "new TCP connection");
2232 } else {
2233 /*
2234 * XXXRTH What should we do? We're trying to accept but
2235 * it didn't work. If we just give up, then TCP
2236 * service may eventually stop.
2237 *
2238 * For now, we just go idle.
2239 *
2240 * Going idle is probably the right thing if the
2241 * I/O was canceled.
2242 */
2243 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2244 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
2245 "accept failed: %s",
2246 isc_result_totext(nevent->result));
2247 }
2248
2249 if (exit_check(client))
2250 goto freeevent;
2251
2252 if (nevent->result == ISC_R_SUCCESS) {
2253 int match;
2254 isc_netaddr_t netaddr;
2255
2256 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
2257
2258 if (ns_g_server->blackholeacl != NULL &&
2259 dns_acl_match(&netaddr, NULL,
2260 ns_g_server->blackholeacl,
2261 &ns_g_server->aclenv,
2262 &match, NULL) == ISC_R_SUCCESS &&
2263 match > 0)
2264 {
2265 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2266 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
2267 "blackholed connection attempt");
2268 client->newstate = NS_CLIENTSTATE_READY;
2269 (void)exit_check(client);
2270 goto freeevent;
2271 }
2272
2273 INSIST(client->tcpmsg_valid == ISC_FALSE);
2274 dns_tcpmsg_init(client->mctx, client->tcpsocket,
2275 &client->tcpmsg);
2276 client->tcpmsg_valid = ISC_TRUE;
2277
2278 /*
2279 * Let a new client take our place immediately, before
2280 * we wait for a request packet. If we don't,
2281 * telnetting to port 53 (once per CPU) will
2282 * deny service to legitimate TCP clients.
2283 */
2284 result = isc_quota_attach(&ns_g_server->tcpquota,
2285 &client->tcpquota);
2286 if (result == ISC_R_SUCCESS)
2287 result = ns_client_replace(client);
2288 if (result != ISC_R_SUCCESS) {
2289 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2290 NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
2291 "no more TCP clients: %s",
2292 isc_result_totext(result));
2293 }
2294
2295 client_read(client);
2296 }
2297
2298 freeevent:
2299 isc_event_free(&event);
2300 }
2301
2302 static void
2303 client_accept(ns_client_t *client) {
2304 isc_result_t result;
2305
2306 CTRACE("accept");
2307
2308 result = isc_socket_accept(client->tcplistener, client->task,
2309 client_newconn, client);
2310 if (result != ISC_R_SUCCESS) {
2311 UNEXPECTED_ERROR(__FILE__, __LINE__,
2312 "isc_socket_accept() failed: %s",
2313 isc_result_totext(result));
2314 /*
2315 * XXXRTH What should we do? We're trying to accept but
2316 * it didn't work. If we just give up, then TCP
2317 * service may eventually stop.
2318 *
2319 * For now, we just go idle.
2320 */
2321 return;
2322 }
2323 INSIST(client->naccepts == 0);
2324 client->naccepts++;
2325 LOCK(&client->interface->lock);
2326 client->interface->ntcpcurrent++;
2327 UNLOCK(&client->interface->lock);
2328 }
2329
2330 static void
2331 client_udprecv(ns_client_t *client) {
2332 isc_result_t result;
2333 isc_region_t r;
2334
2335 CTRACE("udprecv");
2336
2337 r.base = client->recvbuf;
2338 r.length = RECV_BUFFER_SIZE;
2339 result = isc_socket_recv2(client->udpsocket, &r, 1,
2340 client->task, client->recvevent, 0);
2341 if (result != ISC_R_SUCCESS) {
2342 UNEXPECTED_ERROR(__FILE__, __LINE__,
2343 "isc_socket_recv2() failed: %s",
2344 isc_result_totext(result));
2345 /*
2346 * This cannot happen in the current implementation, since
2347 * isc_socket_recv2() cannot fail if flags == 0.
2348 *
2349 * If this does fail, we just go idle.
2350 */
2351 return;
2352 }
2353 INSIST(client->nrecvs == 0);
2354 client->nrecvs++;
2355 }
2356
2357 void
2358 ns_client_attach(ns_client_t *source, ns_client_t **targetp) {
2359 REQUIRE(NS_CLIENT_VALID(source));
2360 REQUIRE(targetp != NULL && *targetp == NULL);
2361
2362 source->references++;
2363 ns_client_log(source, NS_LOGCATEGORY_CLIENT,
2364 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
2365 "ns_client_attach: ref = %d", source->references);
2366 *targetp = source;
2367 }
2368
2369 void
2370 ns_client_detach(ns_client_t **clientp) {
2371 ns_client_t *client = *clientp;
2372
2373 client->references--;
2374 INSIST(client->references >= 0);
2375 *clientp = NULL;
2376 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2377 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
2378 "ns_client_detach: ref = %d", client->references);
2379 (void)exit_check(client);
2380 }
2381
2382 isc_boolean_t
2383 ns_client_shuttingdown(ns_client_t *client) {
2384 return (ISC_TF(client->newstate == NS_CLIENTSTATE_FREED));
2385 }
2386
2387 isc_result_t
2388 ns_client_replace(ns_client_t *client) {
2389 isc_result_t result;
2390
2391 CTRACE("replace");
2392
2393 result = ns_clientmgr_createclients(client->manager,
2394 1, client->interface,
2395 (TCP_CLIENT(client) ?
2396 ISC_TRUE : ISC_FALSE));
2397 if (result != ISC_R_SUCCESS)
2398 return (result);
2399
2400 /*
2401 * The responsibility for listening for new requests is hereby
2402 * transferred to the new client. Therefore, the old client
2403 * should refrain from listening for any more requests.
2404 */
2405 client->mortal = ISC_TRUE;
2406
2407 return (ISC_R_SUCCESS);
2408 }
2409
2410 /***
2411 *** Client Manager
2412 ***/
2413
2414 static void
2415 clientmgr_destroy(ns_clientmgr_t *manager) {
2416 #if NMCTXS > 0
2417 int i;
2418 #endif
2419
2420 REQUIRE(ISC_LIST_EMPTY(manager->active));
2421 REQUIRE(ISC_LIST_EMPTY(manager->inactive));
2422 REQUIRE(ISC_LIST_EMPTY(manager->recursing));
2423
2424 MTRACE("clientmgr_destroy");
2425
2426 #if NMCTXS > 0
2427 for (i = 0; i < NMCTXS; i++) {
2428 if (manager->mctxpool[i] != NULL)
2429 isc_mem_detach(&manager->mctxpool[i]);
2430 }
2431 #endif
2432
2433 DESTROYLOCK(&manager->lock);
2434 manager->magic = 0;
2435 isc_mem_put(manager->mctx, manager, sizeof(*manager));
2436 }
2437
2438 isc_result_t
2439 ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
2440 isc_timermgr_t *timermgr, ns_clientmgr_t **managerp)
2441 {
2442 ns_clientmgr_t *manager;
2443 isc_result_t result;
2444 #if NMCTXS > 0
2445 int i;
2446 #endif
2447
2448 manager = isc_mem_get(mctx, sizeof(*manager));
2449 if (manager == NULL)
2450 return (ISC_R_NOMEMORY);
2451
2452 result = isc_mutex_init(&manager->lock);
2453 if (result != ISC_R_SUCCESS)
2454 goto cleanup_manager;
2455
2456 manager->mctx = mctx;
2457 manager->taskmgr = taskmgr;
2458 manager->timermgr = timermgr;
2459 manager->exiting = ISC_FALSE;
2460 ISC_LIST_INIT(manager->active);
2461 ISC_LIST_INIT(manager->inactive);
2462 ISC_LIST_INIT(manager->recursing);
2463 #if NMCTXS > 0
2464 manager->nextmctx = 0;
2465 for (i = 0; i < NMCTXS; i++)
2466 manager->mctxpool[i] = NULL; /* will be created on-demand */
2467 #endif
2468 manager->magic = MANAGER_MAGIC;
2469
2470 MTRACE("create");
2471
2472 *managerp = manager;
2473
2474 return (ISC_R_SUCCESS);
2475
2476 cleanup_manager:
2477 isc_mem_put(manager->mctx, manager, sizeof(*manager));
2478
2479 return (result);
2480 }
2481
2482 void
2483 ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
2484 ns_clientmgr_t *manager;
2485 ns_client_t *client;
2486 isc_boolean_t need_destroy = ISC_FALSE;
2487
2488 REQUIRE(managerp != NULL);
2489 manager = *managerp;
2490 REQUIRE(VALID_MANAGER(manager));
2491
2492 MTRACE("destroy");
2493
2494 LOCK(&manager->lock);
2495
2496 manager->exiting = ISC_TRUE;
2497
2498 for (client = ISC_LIST_HEAD(manager->recursing);
2499 client != NULL;
2500 client = ISC_LIST_NEXT(client, link))
2501 isc_task_shutdown(client->task);
2502
2503 for (client = ISC_LIST_HEAD(manager->active);
2504 client != NULL;
2505 client = ISC_LIST_NEXT(client, link))
2506 isc_task_shutdown(client->task);
2507
2508 for (client = ISC_LIST_HEAD(manager->inactive);
2509 client != NULL;
2510 client = ISC_LIST_NEXT(client, link))
2511 isc_task_shutdown(client->task);
2512
2513 if (ISC_LIST_EMPTY(manager->active) &&
2514 ISC_LIST_EMPTY(manager->inactive) &&
2515 ISC_LIST_EMPTY(manager->recursing))
2516 need_destroy = ISC_TRUE;
2517
2518 UNLOCK(&manager->lock);
2519
2520 if (need_destroy)
2521 clientmgr_destroy(manager);
2522
2523 *managerp = NULL;
2524 }
2525
2526 isc_result_t
2527 ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
2528 ns_interface_t *ifp, isc_boolean_t tcp)
2529 {
2530 isc_result_t result = ISC_R_SUCCESS;
2531 unsigned int i;
2532 ns_client_t *client;
2533
2534 REQUIRE(VALID_MANAGER(manager));
2535 REQUIRE(n > 0);
2536
2537 MTRACE("createclients");
2538
2539 /*
2540 * We MUST lock the manager lock for the entire client creation
2541 * process. If we didn't do this, then a client could get a
2542 * shutdown event and disappear out from under us.
2543 */
2544
2545 LOCK(&manager->lock);
2546
2547 for (i = 0; i < n; i++) {
2548 isc_event_t *ev;
2549 /*
2550 * Allocate a client. First try to get a recycled one;
2551 * if that fails, make a new one.
2552 */
2553 client = NULL;
2554 if (!ns_g_clienttest)
2555 client = ISC_LIST_HEAD(manager->inactive);
2556 if (client != NULL) {
2557 MTRACE("recycle");
2558 ISC_LIST_UNLINK(manager->inactive, client, link);
2559 client->list = NULL;
2560 } else {
2561 MTRACE("create new");
2562 result = client_create(manager, &client);
2563 if (result != ISC_R_SUCCESS)
2564 break;
2565 }
2566
2567 ns_interface_attach(ifp, &client->interface);
2568 client->state = NS_CLIENTSTATE_READY;
2569 INSIST(client->recursionquota == NULL);
2570
2571 if (tcp) {
2572 client->attributes |= NS_CLIENTATTR_TCP;
2573 isc_socket_attach(ifp->tcpsocket,
2574 &client->tcplistener);
2575 } else {
2576 isc_socket_t *sock;
2577
2578 dns_dispatch_attach(ifp->udpdispatch,
2579 &client->dispatch);
2580 sock = dns_dispatch_getsocket(client->dispatch);
2581 isc_socket_attach(sock, &client->udpsocket);
2582 }
2583 client->manager = manager;
2584 ISC_LIST_APPEND(manager->active, client, link);
2585 client->list = &manager->active;
2586
2587 INSIST(client->nctls == 0);
2588 client->nctls++;
2589 ev = &client->ctlevent;
2590 isc_task_send(client->task, &ev);
2591 }
2592 if (i != 0) {
2593 /*
2594 * We managed to create at least one client, so we
2595 * declare victory.
2596 */
2597 result = ISC_R_SUCCESS;
2598 }
2599
2600 UNLOCK(&manager->lock);
2601
2602 return (result);
2603 }
2604
2605 isc_sockaddr_t *
2606 ns_client_getsockaddr(ns_client_t *client) {
2607 return (&client->peeraddr);
2608 }
2609
2610 isc_result_t
2611 ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr,
2612 dns_acl_t *acl, isc_boolean_t default_allow)
2613 {
2614 isc_result_t result;
2615 isc_netaddr_t tmpnetaddr;
2616 int match;
2617
2618 if (acl == NULL) {
2619 if (default_allow)
2620 goto allow;
2621 else
2622 goto deny;
2623 }
2624
2625 if (netaddr == NULL) {
2626 isc_netaddr_fromsockaddr(&tmpnetaddr, &client->peeraddr);
2627 netaddr = &tmpnetaddr;
2628 }
2629
2630 result = dns_acl_match(netaddr, client->signer, acl,
2631 &ns_g_server->aclenv, &match, NULL);
2632
2633 if (result != ISC_R_SUCCESS)
2634 goto deny; /* Internal error, already logged. */
2635 if (match > 0)
2636 goto allow;
2637 goto deny; /* Negative match or no match. */
2638
2639 allow:
2640 return (ISC_R_SUCCESS);
2641
2642 deny:
2643 return (DNS_R_REFUSED);
2644 }
2645
2646 isc_result_t
2647 ns_client_checkacl(ns_client_t *client, isc_sockaddr_t *sockaddr,
2648 const char *opname, dns_acl_t *acl,
2649 isc_boolean_t default_allow, int log_level)
2650 {
2651 isc_result_t result;
2652 isc_netaddr_t netaddr;
2653
2654 if (sockaddr != NULL)
2655 isc_netaddr_fromsockaddr(&netaddr, sockaddr);
2656
2657 result = ns_client_checkaclsilent(client, sockaddr ? &netaddr : NULL,
2658 acl, default_allow);
2659
2660 if (result == ISC_R_SUCCESS)
2661 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2662 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
2663 "%s approved", opname);
2664 else
2665 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2666 NS_LOGMODULE_CLIENT,
2667 log_level, "%s denied", opname);
2668 return (result);
2669 }
2670
2671 static void
2672 ns_client_name(ns_client_t *client, char *peerbuf, size_t len) {
2673 if (client->peeraddr_valid)
2674 isc_sockaddr_format(&client->peeraddr, peerbuf, len);
2675 else
2676 snprintf(peerbuf, len, "@%p", client);
2677 }
2678
2679 void
2680 ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
2681 isc_logmodule_t *module, int level, const char *fmt, va_list ap)
2682 {
2683 char msgbuf[2048];
2684 char peerbuf[ISC_SOCKADDR_FORMATSIZE];
2685 const char *name = "";
2686 const char *sep = "";
2687
2688 vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);
2689 ns_client_name(client, peerbuf, sizeof(peerbuf));
2690 if (client->view != NULL && strcmp(client->view->name, "_bind") != 0 &&
2691 strcmp(client->view->name, "_default") != 0) {
2692 name = client->view->name;
2693 sep = ": view ";
2694 }
2695
2696 isc_log_write(ns_g_lctx, category, module, level,
2697 "client %s%s%s: %s", peerbuf, sep, name, msgbuf);
2698 }
2699
2700 void
2701 ns_client_log(ns_client_t *client, isc_logcategory_t *category,
2702 isc_logmodule_t *module, int level, const char *fmt, ...)
2703 {
2704 va_list ap;
2705
2706 if (! isc_log_wouldlog(ns_g_lctx, level))
2707 return;
2708
2709 va_start(ap, fmt);
2710 ns_client_logv(client, category, module, level, fmt, ap);
2711 va_end(ap);
2712 }
2713
2714 void
2715 ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
2716 dns_rdataclass_t rdclass, char *buf, size_t len)
2717 {
2718 char namebuf[DNS_NAME_FORMATSIZE];
2719 char typebuf[DNS_RDATATYPE_FORMATSIZE];
2720 char classbuf[DNS_RDATACLASS_FORMATSIZE];
2721
2722 dns_name_format(name, namebuf, sizeof(namebuf));
2723 dns_rdatatype_format(type, typebuf, sizeof(typebuf));
2724 dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
2725 (void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
2726 classbuf);
2727 }
2728
2729 static void
2730 ns_client_dumpmessage(ns_client_t *client, const char *reason) {
2731 isc_buffer_t buffer;
2732 char *buf = NULL;
2733 int len = 1024;
2734 isc_result_t result;
2735
2736 /*
2737 * Note that these are multiline debug messages. We want a newline
2738 * to appear in the log after each message.
2739 */
2740
2741 do {
2742 buf = isc_mem_get(client->mctx, len);
2743 if (buf == NULL)
2744 break;
2745 isc_buffer_init(&buffer, buf, len);
2746 result = dns_message_totext(client->message,
2747 &dns_master_style_debug,
2748 0, &buffer);
2749 if (result == ISC_R_NOSPACE) {
2750 isc_mem_put(client->mctx, buf, len);
2751 len += 1024;
2752 } else if (result == ISC_R_SUCCESS)
2753 ns_client_log(client, NS_LOGCATEGORY_UNMATCHED,
2754 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
2755 "%s\n%.*s", reason,
2756 (int)isc_buffer_usedlength(&buffer),
2757 buf);
2758 } while (result == ISC_R_NOSPACE);
2759
2760 if (buf != NULL)
2761 isc_mem_put(client->mctx, buf, len);
2762 }
2763
2764 void
2765 ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
2766 ns_client_t *client;
2767 char namebuf[DNS_NAME_FORMATSIZE];
2768 char peerbuf[ISC_SOCKADDR_FORMATSIZE];
2769 const char *name;
2770 const char *sep;
2771
2772 REQUIRE(VALID_MANAGER(manager));
2773
2774 LOCK(&manager->lock);
2775 client = ISC_LIST_HEAD(manager->recursing);
2776 while (client != NULL) {
2777 ns_client_name(client, peerbuf, sizeof(peerbuf));
2778 if (client->view != NULL &&
2779 strcmp(client->view->name, "_bind") != 0 &&
2780 strcmp(client->view->name, "_default") != 0) {
2781 name = client->view->name;
2782 sep = ": view ";
2783 } else {
2784 name = "";
2785 sep = "";
2786 }
2787 dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
2788 fprintf(f, "; client %s%s%s: '%s' requesttime %d\n",
2789 peerbuf, sep, name, namebuf, client->requesttime);
2790 client = ISC_LIST_NEXT(client, link);
2791 }
2792 UNLOCK(&manager->lock);
2793 }
2794
2795 void
2796 ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) {
2797
2798 if (client->manager != NULL)
2799 LOCK(&client->manager->lock);
2800 if (client->query.restarts > 0) {
2801 /*
2802 * client->query.qname was dynamically allocated.
2803 */
2804 dns_message_puttempname(client->message,
2805 &client->query.qname);
2806 }
2807 client->query.qname = name;
2808 if (client->manager != NULL)
2809 UNLOCK(&client->manager->lock);
2810 }
NetBSD on the FriendlyARM MINI2440