Blame
Date:
Sat Aug 1 09:01:52 2020 UTC
Message:
move extended RCODE's out of the RCODE section those are only 0x00 through 0x0F make a section that shows extended RCODE's that are added to a EDNS0 tag.
0001
2016-07-06
pjp
/*
0002
2020-06-25
pjp
* Copyright (c) 2002-2020 Peter J. Philipp
0003
2016-07-06
pjp
* All rights reserved.
0004
2016-07-06
pjp
*
0005
2016-07-06
pjp
* Redistribution and use in source and binary forms, with or without
0006
2016-07-06
pjp
* modification, are permitted provided that the following conditions
0007
2016-07-06
pjp
* are met:
0008
2016-07-06
pjp
* 1. Redistributions of source code must retain the above copyright
0009
2016-07-06
pjp
* notice, this list of conditions and the following disclaimer.
0010
2016-07-06
pjp
* 2. Redistributions in binary form must reproduce the above copyright
0011
2016-07-06
pjp
* notice, this list of conditions and the following disclaimer in the
0012
2016-07-06
pjp
* documentation and/or other materials provided with the distribution.
0013
2016-07-06
pjp
* 3. The name of the author may not be used to endorse or promote products
0014
2016-07-06
pjp
* derived from this software without specific prior written permission
0015
2016-07-06
pjp
*
0016
2016-07-06
pjp
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
0017
2016-07-06
pjp
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
0018
2016-07-06
pjp
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
0019
2016-07-06
pjp
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
0020
2016-07-06
pjp
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
0021
2016-07-06
pjp
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
0022
2016-07-06
pjp
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
0023
2016-07-06
pjp
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
0024
2016-07-06
pjp
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
0025
2016-07-06
pjp
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
0026
2016-07-06
pjp
*
0027
2016-07-06
pjp
*/
0028
2017-10-26
pjp
0029
2017-10-26
pjp
/*
0030
2020-07-28
pjp
* $Id: delphinusdnsd.c,v 1.137 2020/07/28 06:49:24 pjp Exp $
0031
2017-10-26
pjp
*/
0032
2017-10-26
pjp
0033
2019-06-06
pjp
0034
2019-06-06
pjp
#include <sys/types.h>
0035
2019-06-06
pjp
#include <sys/socket.h>
0036
2019-06-06
pjp
#include <sys/time.h>
0037
2019-06-06
pjp
#include <sys/stat.h>
0038
2019-06-06
pjp
#include <sys/uio.h>
0039
2019-06-06
pjp
#include <sys/mman.h>
0040
2019-06-06
pjp
#include <sys/wait.h>
0041
2019-06-06
pjp
#include <sys/un.h>
0042
2019-06-06
pjp
0043
2019-06-06
pjp
#include <net/if.h>
0044
2019-06-06
pjp
0045
2019-06-06
pjp
#include <netinet/in.h>
0046
2019-06-06
pjp
#include <arpa/inet.h>
0047
2019-06-06
pjp
#include <netdb.h>
0048
2019-06-06
pjp
0049
2019-06-06
pjp
#include <stdio.h>
0050
2019-06-06
pjp
#include <stdlib.h>
0051
2019-06-06
pjp
#include <stdint.h>
0052
2019-06-06
pjp
#include <stdarg.h>
0053
2019-06-06
pjp
#include <string.h>
0054
2019-06-06
pjp
#include <unistd.h>
0055
2019-06-06
pjp
#include <fcntl.h>
0056
2019-06-06
pjp
#include <errno.h>
0057
2019-06-06
pjp
#include <syslog.h>
0058
2019-06-06
pjp
#include <ctype.h>
0059
2019-06-06
pjp
#include <pwd.h>
0060
2019-06-06
pjp
#include <ifaddrs.h>
0061
2019-06-06
pjp
#include <dirent.h>
0062
2019-06-06
pjp
#include <signal.h>
0063
2019-06-06
pjp
#include <time.h>
0064
2019-06-06
pjp
0065
2019-06-06
pjp
#ifdef __linux__
0066
2020-07-13
pjp
#include <linux/bpf.h>
0067
2020-07-13
pjp
#include <linux/filter.h>
0068
2019-06-06
pjp
#include <grp.h>
0069
2019-06-06
pjp
#define __USE_BSD 1
0070
2019-06-06
pjp
#include <endian.h>
0071
2019-06-06
pjp
#include <bsd/stdlib.h>
0072
2019-06-06
pjp
#include <bsd/string.h>
0073
2019-06-06
pjp
#include <bsd/unistd.h>
0074
2019-06-06
pjp
#include <bsd/sys/queue.h>
0075
2019-06-06
pjp
#define __unused
0076
2019-06-06
pjp
#include <bsd/sys/tree.h>
0077
2019-06-06
pjp
#include <bsd/sys/endian.h>
0078
2019-06-06
pjp
#include "imsg.h"
0079
2019-06-06
pjp
#else /* not linux */
0080
2019-06-06
pjp
#include <sys/queue.h>
0081
2019-06-06
pjp
#include <sys/tree.h>
0082
2019-06-06
pjp
#ifdef __FreeBSD__
0083
2019-06-06
pjp
#include "imsg.h"
0084
2019-06-06
pjp
#else
0085
2019-06-06
pjp
#include <imsg.h>
0086
2019-06-06
pjp
#endif /* __FreeBSD__ */
0087
2019-06-06
pjp
#endif /* __linux__ */
0088
2019-06-06
pjp
0089
2019-06-06
pjp
#ifndef NTOHS
0090
2019-06-06
pjp
#include "endian.h"
0091
2019-06-06
pjp
#endif
0092
2019-06-06
pjp
0093
2016-07-06
pjp
#include "ddd-dns.h"
0094
2016-07-06
pjp
#include "ddd-db.h"
0095
2016-07-06
pjp
#include "ddd-config.h"
0096
2016-07-06
pjp
0097
2016-07-06
pjp
/* prototypes */
0098
2016-07-06
pjp
0099
2020-07-08
pjp
extern char *convert_name(char *, int);
0100
2019-12-03
pjp
extern void pack(char *, char *, int);
0101
2019-12-03
pjp
extern void pack32(char *, u_int32_t);
0102
2019-12-03
pjp
extern void pack16(char *, u_int16_t);
0103
2019-12-03
pjp
extern void pack8(char *, u_int8_t);
0104
2019-12-03
pjp
extern uint32_t unpack32(char *);
0105
2019-12-03
pjp
extern uint16_t unpack16(char *);
0106
2019-12-03
pjp
extern void unpack(char *, char *, int);
0107
2019-12-03
pjp
0108
2016-07-06
pjp
extern void add_rrlimit(int, u_int16_t *, int, char *);
0109
2017-08-09
pjp
extern void axfrloop(int *, int, char **, ddDB *, struct imsgbuf *);
0110
2020-07-03
pjp
extern void forwardloop(ddDB *, struct cfg *, struct imsgbuf *, struct imsgbuf *);
0111
2020-06-25
pjp
extern void replicantloop(ddDB *, struct imsgbuf *);
0112
2019-02-26
pjp
extern struct question *build_fake_question(char *, int, u_int16_t, char *, int);
0113
2017-01-09
pjp
extern int check_ent(char *, int);
0114
2016-07-06
pjp
extern int check_rrlimit(int, u_int16_t *, int, char *);
0115
2016-07-06
pjp
extern void collects_init(void);
0116
2016-07-06
pjp
extern void dolog(int, char *, ...);
0117
2017-08-09
pjp
extern int find_axfr(struct sockaddr_storage *, int);
0118
2016-07-06
pjp
extern int find_filter(struct sockaddr_storage *, int);
0119
2016-07-06
pjp
extern u_int8_t find_region(struct sockaddr_storage *, int);
0120
2020-07-16
pjp
extern int find_passlist(struct sockaddr_storage *, int);
0121
2019-02-24
pjp
extern int find_tsig(struct sockaddr_storage *, int);
0122
2016-08-30
pjp
extern char * get_dns_type(int, int);
0123
2016-07-06
pjp
extern void init_dnssec(void);
0124
2016-07-06
pjp
extern void init_region(void);
0125
2017-06-26
pjp
extern int init_entlist(ddDB *);
0126
2016-07-06
pjp
extern void init_filter(void);
0127
2020-07-16
pjp
extern void init_passlist(void);
0128
2019-02-24
pjp
extern void init_tsig(void);
0129
2020-06-25
pjp
extern void init_notifyddd(void);
0130
2020-01-16
pjp
extern struct rbtree * lookup_zone(ddDB *, struct question *, int *, int *, char *, int);
0131
2019-10-31
pjp
extern struct rbtree * Lookup_zone(ddDB *, char *, u_int16_t, u_int16_t, int);
0132
2017-01-11
pjp
extern int memcasecmp(u_char *, u_char *, int);
0133
2020-07-21
pjp
extern int reply_a(struct sreply *, int *, ddDB *);
0134
2020-07-21
pjp
extern int reply_aaaa(struct sreply *, int *, ddDB *);
0135
2020-07-21
pjp
extern int reply_any(struct sreply *, int *, ddDB *);
0136
2020-07-21
pjp
extern int reply_badvers(struct sreply *, int *, ddDB *);
0137
2020-07-21
pjp
extern int reply_nodata(struct sreply *, int *, ddDB *);
0138
2020-07-21
pjp
extern int reply_cname(struct sreply *, int *, ddDB *);
0139
2020-07-21
pjp
extern int reply_fmterror(struct sreply *, int *, ddDB *);
0140
2020-07-21
pjp
extern int reply_notauth(struct sreply *, int *, ddDB *);
0141
2020-07-21
pjp
extern int reply_notimpl(struct sreply *, int *, ddDB *);
0142
2020-07-21
pjp
extern int reply_nxdomain(struct sreply *, int *, ddDB *);
0143
2020-07-21
pjp
extern int reply_noerror(struct sreply *, int *, ddDB *);
0144
2020-07-21
pjp
extern int reply_notify(struct sreply *, int *, ddDB *);
0145
2020-07-21
pjp
extern int reply_soa(struct sreply *, int *, ddDB *);
0146
2020-07-21
pjp
extern int reply_mx(struct sreply *, int *, ddDB *);
0147
2020-07-21
pjp
extern int reply_naptr(struct sreply *, int *, ddDB *);
0148
2020-07-21
pjp
extern int reply_ns(struct sreply *, int *, ddDB *);
0149
2020-07-21
pjp
extern int reply_ptr(struct sreply *, int *, ddDB *);
0150
2020-07-21
pjp
extern int reply_refused(struct sreply *, int *, ddDB *);
0151
2020-07-21
pjp
extern int reply_srv(struct sreply *, int *, ddDB *);
0152
2020-07-21
pjp
extern int reply_sshfp(struct sreply *, int *, ddDB *);
0153
2020-07-21
pjp
extern int reply_tlsa(struct sreply *, int *, ddDB *);
0154
2020-07-21
pjp
extern int reply_txt(struct sreply *, int *, ddDB *);
0155
2020-07-21
pjp
extern int reply_version(struct sreply *, int *, ddDB *);
0156
2020-07-21
pjp
extern int reply_rrsig(struct sreply *, int *, ddDB *);
0157
2020-07-21
pjp
extern int reply_dnskey(struct sreply *, int *, ddDB *);
0158
2020-07-23
pjp
extern int reply_caa(struct sreply *, int *, ddDB *);
0159
2020-07-23
pjp
extern int reply_rp(struct sreply *, int *, ddDB *);
0160
2020-07-23
pjp
extern int reply_hinfo(struct sreply *, int *, ddDB *);
0161
2020-07-21
pjp
extern int reply_ds(struct sreply *, int *, ddDB *);
0162
2020-07-21
pjp
extern int reply_nsec(struct sreply *, int *, ddDB *);
0163
2020-07-21
pjp
extern int reply_nsec3(struct sreply *, int *, ddDB *);
0164
2020-07-21
pjp
extern int reply_nsec3param(struct sreply *, int *, ddDB *);
0165
2016-07-06
pjp
extern char *rrlimit_setup(int);
0166
2016-07-06
pjp
extern char *dns_label(char *, int *);
0167
2020-06-25
pjp
extern void ddd_shutdown(void);
0168
2017-06-26
pjp
extern int get_record_size(ddDB *, char *, int);
0169
2019-02-26
pjp
extern struct question *build_question(char *, int, int, char *);
0170
2019-02-07
pjp
extern int free_question(struct question *);
0171
2019-02-15
pjp
extern struct rbtree * find_rrset(ddDB *db, char *name, int len);
0172
2019-02-15
pjp
extern struct rrset * find_rr(struct rbtree *rbt, u_int16_t rrtype);
0173
2019-10-25
pjp
extern int add_rr(struct rbtree *, char *, int, u_int16_t, void *);
0174
2019-10-25
pjp
extern int display_rr(struct rrset *rrset);
0175
2019-10-25
pjp
extern int notifysource(struct question *, struct sockaddr_storage *);
0176
2019-11-06
pjp
extern int drop_privs(char *, struct passwd *);
0177
2019-11-11
pjp
extern struct rbtree * get_soa(ddDB *, struct question *);
0178
2019-11-11
pjp
extern struct rbtree * get_ns(ddDB *, struct rbtree *, int *);
0179
2016-07-06
pjp
0180
2019-02-15
pjp
0181
2020-07-06
pjp
struct question *convert_question(struct parsequestion *, int);
0182
2020-06-29
pjp
void build_reply(struct sreply *, int, char *, int, struct question *, struct sockaddr *, socklen_t, struct rbtree *, struct rbtree *, u_int8_t, int, int, char *);
0183
2016-07-06
pjp
int compress_label(u_char *, u_int16_t, int);
0184
2019-11-11
pjp
int determine_glue(ddDB *db);
0185
2020-06-25
pjp
void mainloop(struct cfg *, struct imsgbuf *);
0186
2016-07-06
pjp
void master_reload(int);
0187
2016-07-06
pjp
void master_shutdown(int);
0188
2020-06-25
pjp
void setup_master(ddDB *, char **, char *, struct imsgbuf *);
0189
2020-06-25
pjp
void setup_cortex(struct imsgbuf *);
0190
2019-01-29
pjp
void setup_unixsocket(char *, struct imsgbuf *);
0191
2020-06-25
pjp
void ddd_signal(int);
0192
2020-07-03
pjp
void tcploop(struct cfg *, struct imsgbuf *, struct imsgbuf *);
0193
2020-06-25
pjp
void parseloop(struct cfg *, struct imsgbuf *);
0194
2020-06-25
pjp
struct imsgbuf * register_cortex(struct imsgbuf *, int);
0195
2020-06-25
pjp
void nomore_neurons(struct imsgbuf *);
0196
2020-07-13
pjp
int bind_this_res(struct addrinfo *, int);
0197
2020-07-13
pjp
int bind_this_pifap(struct ifaddrs *, int, int);
0198
2016-07-06
pjp
0199
2016-07-06
pjp
/* aliases */
0200
2016-07-06
pjp
0201
2016-07-06
pjp
0202
2016-07-06
pjp
#define MYDB_PATH "/var/db/delphinusdns"
0203
2016-07-06
pjp
0204
2019-01-25
pjp
/* structs */
0205
2019-01-25
pjp
0206
2020-07-06
pjp
/* reply_logic is mirrored with forward.c */
0207
2020-07-06
pjp
static struct reply_logic rlogic[] = {
0208
2019-01-25
pjp
{ DNS_TYPE_A, DNS_TYPE_CNAME, BUILD_CNAME, reply_cname },
0209
2019-01-25
pjp
{ DNS_TYPE_A, DNS_TYPE_NS, BUILD_OTHER, reply_ns },
0210
2019-01-25
pjp
{ DNS_TYPE_A, DNS_TYPE_A, BUILD_OTHER, reply_a },
0211
2019-01-25
pjp
{ DNS_TYPE_AAAA, DNS_TYPE_CNAME, BUILD_CNAME, reply_cname },
0212
2019-01-25
pjp
{ DNS_TYPE_AAAA, DNS_TYPE_NS, BUILD_OTHER, reply_ns },
0213
2019-01-25
pjp
{ DNS_TYPE_AAAA, DNS_TYPE_AAAA, BUILD_OTHER, reply_aaaa },
0214
2019-01-25
pjp
{ DNS_TYPE_DNSKEY, DNS_TYPE_DNSKEY, BUILD_OTHER, reply_dnskey },
0215
2019-01-25
pjp
{ DNS_TYPE_SOA, DNS_TYPE_SOA, BUILD_OTHER, reply_soa },
0216
2019-01-25
pjp
{ DNS_TYPE_SOA, DNS_TYPE_NS, BUILD_OTHER, reply_ns },
0217
2019-01-25
pjp
{ DNS_TYPE_MX, DNS_TYPE_CNAME, BUILD_CNAME, reply_cname },
0218
2019-01-25
pjp
{ DNS_TYPE_MX, DNS_TYPE_NS, BUILD_OTHER, reply_ns },
0219
2019-01-25
pjp
{ DNS_TYPE_MX, DNS_TYPE_MX, BUILD_OTHER, reply_mx },
0220
2019-01-25
pjp
{ DNS_TYPE_TXT, DNS_TYPE_TXT, BUILD_OTHER, reply_txt },
0221
2019-01-25
pjp
{ DNS_TYPE_NS, DNS_TYPE_NS, BUILD_OTHER, reply_ns },
0222
2019-01-25
pjp
{ DNS_TYPE_ANY, DNS_TYPE_ANY, BUILD_OTHER, reply_any },
0223
2019-01-25
pjp
{ DNS_TYPE_DS, DNS_TYPE_DS, BUILD_OTHER, reply_ds },
0224
2019-01-25
pjp
{ DNS_TYPE_SSHFP, DNS_TYPE_SSHFP, BUILD_OTHER, reply_sshfp },
0225
2019-01-25
pjp
{ DNS_TYPE_TLSA, DNS_TYPE_TLSA, BUILD_OTHER, reply_tlsa },
0226
2019-01-25
pjp
{ DNS_TYPE_SRV, DNS_TYPE_SRV, BUILD_OTHER, reply_srv },
0227
2019-01-25
pjp
{ DNS_TYPE_CNAME, DNS_TYPE_CNAME, BUILD_OTHER, reply_cname },
0228
2019-01-25
pjp
{ DNS_TYPE_CNAME, DNS_TYPE_NS, BUILD_OTHER, reply_ns },
0229
2019-01-25
pjp
{ DNS_TYPE_NSEC3PARAM, DNS_TYPE_NSEC3PARAM, BUILD_OTHER, reply_nsec3param },
0230
2019-01-25
pjp
{ DNS_TYPE_PTR, DNS_TYPE_CNAME, BUILD_CNAME, reply_cname },
0231
2019-01-25
pjp
{ DNS_TYPE_PTR, DNS_TYPE_NS, BUILD_OTHER, reply_ns },
0232
2019-01-25
pjp
{ DNS_TYPE_PTR, DNS_TYPE_PTR, BUILD_OTHER, reply_ptr },
0233
2019-01-25
pjp
{ DNS_TYPE_NAPTR, DNS_TYPE_NAPTR, BUILD_OTHER, reply_naptr },
0234
2019-01-25
pjp
{ DNS_TYPE_NSEC3, DNS_TYPE_NSEC3, BUILD_OTHER, reply_nsec3 },
0235
2019-01-25
pjp
{ DNS_TYPE_NSEC, DNS_TYPE_NSEC, BUILD_OTHER, reply_nsec },
0236
2019-01-25
pjp
{ DNS_TYPE_RRSIG, DNS_TYPE_RRSIG, BUILD_OTHER, reply_rrsig },
0237
2020-07-23
pjp
{ DNS_TYPE_CAA, DNS_TYPE_CAA, BUILD_OTHER, reply_caa },
0238
2020-07-23
pjp
{ DNS_TYPE_RP, DNS_TYPE_RP, BUILD_OTHER, reply_rp },
0239
2020-07-23
pjp
{ DNS_TYPE_HINFO, DNS_TYPE_HINFO, BUILD_OTHER, reply_hinfo },
0240
2019-01-25
pjp
{ 0, 0, 0, NULL }
0241
2019-01-25
pjp
};
0242
2020-07-06
pjp
0243
2019-01-25
pjp
0244
2020-07-06
pjp
0245
2019-06-07
pjp
TAILQ_HEAD(, tcpentry) tcphead;
0246
2019-06-07
pjp
0247
2019-06-07
pjp
struct tcpentry {
0248
2019-06-07
pjp
int intidx;
0249
2019-12-26
pjp
uint bytes_read;
0250
2019-06-07
pjp
int bytes_expected;
0251
2019-12-26
pjp
uint bytes_limit;
0252
2019-12-26
pjp
int seen; /* seen heading bytes */
0253
2019-06-07
pjp
int so;
0254
2019-06-07
pjp
time_t last_used;
0255
2020-01-14
pjp
char buf[0xffff + 3];
0256
2019-06-07
pjp
char *address;
0257
2019-06-07
pjp
TAILQ_ENTRY(tcpentry) tcpentries;
0258
2019-06-07
pjp
} *tcpn1, *tcpn2, *tcpnp;
0259
2019-06-07
pjp
0260
2016-07-06
pjp
/* global variables */
0261
2016-07-06
pjp
0262
2016-07-06
pjp
extern char *__progname;
0263
2016-07-06
pjp
extern int axfrport;
0264
2016-07-06
pjp
extern int ratelimit;
0265
2016-07-06
pjp
extern int ratelimit_packets_per_second;
0266
2020-07-16
pjp
extern int passlist;
0267
2019-02-24
pjp
extern int tsig;
0268
2017-01-09
pjp
extern int dnssec;
0269
2019-11-01
pjp
extern int raxfrflag;
0270
2016-07-06
pjp
0271
2016-07-06
pjp
static int reload = 0;
0272
2016-07-06
pjp
static int mshutdown = 0;
0273
2016-07-06
pjp
static int msig;
0274
2016-07-06
pjp
static char *rptr;
0275
2016-07-06
pjp
static int ratelimit_backlog;
0276
2016-07-06
pjp
0277
2016-07-06
pjp
int debug = 0;
0278
2016-07-06
pjp
int verbose = 0;
0279
2016-07-06
pjp
int bflag = 0;
0280
2016-07-06
pjp
int iflag = 0;
0281
2016-07-06
pjp
int lflag = 0;
0282
2016-07-06
pjp
int nflag = 0;
0283
2016-07-06
pjp
int bcount = 0;
0284
2016-07-06
pjp
int icount = 0;
0285
2020-06-30
pjp
int forward = 0;
0286
2020-07-01
pjp
int forwardtsig = 0;
0287
2020-07-17
pjp
int strictx20i = 1;
0288
2020-07-03
pjp
int zonecount = 0;
0289
2020-07-06
pjp
int cache = 0;
0290
2016-07-06
pjp
u_int16_t port = 53;
0291
2016-07-06
pjp
u_int32_t cachesize = 0;
0292
2016-07-06
pjp
char *bind_list[255];
0293
2016-07-06
pjp
char *interface_list[255];
0294
2017-01-03
pjp
#ifndef DD_VERSION
0295
2019-12-06
pjp
char *versionstring = "delphinusdnsd-1.4";
0296
2017-12-27
pjp
uint8_t vslen = 17;
0297
2017-01-03
pjp
#else
0298
2017-01-03
pjp
char *versionstring = DD_VERSION;
0299
2017-01-03
pjp
uint8_t vslen = DD_VERSION_LEN;
0300
2017-01-03
pjp
#endif
0301
2020-06-25
pjp
pid_t *ptr = 0;
0302
2020-03-10
pjp
long glob_time_offset = 0;
0303
2016-07-06
pjp
0304
2016-07-06
pjp
/*
0305
2016-07-06
pjp
* MAIN - set up arguments, set up database, set up sockets, call mainloop
0306
2016-07-06
pjp
*
0307
2016-07-06
pjp
*/
0308
2016-07-06
pjp
0309
2016-07-06
pjp
int
0310
2017-10-04
pjp
main(int argc, char *argv[], char *environ[])
0311
2016-07-06
pjp
{
0312
2016-07-06
pjp
static int udp[DEFAULT_SOCKET];
0313
2016-07-06
pjp
static int tcp[DEFAULT_SOCKET];
0314
2016-07-06
pjp
static int afd[DEFAULT_SOCKET];
0315
2016-07-06
pjp
static int uafd[DEFAULT_SOCKET];
0316
2017-06-26
pjp
int n;
0317
2016-07-06
pjp
0318
2016-07-06
pjp
int ch, i, j;
0319
2016-07-06
pjp
int gai_error;
0320
2017-06-26
pjp
int salen;
0321
2016-07-06
pjp
int found = 0;
0322
2016-07-06
pjp
int on = 1;
0323
2016-07-06
pjp
0324
2016-07-06
pjp
pid_t pid;
0325
2016-07-06
pjp
0326
2016-07-06
pjp
static char *ident[DEFAULT_SOCKET];
0327
2016-07-06
pjp
char *conffile = CONFFILE;
0328
2016-07-06
pjp
char buf[512];
0329
2016-07-06
pjp
char **av = NULL;
0330
2019-01-29
pjp
char *socketpath = SOCKPATH;
0331
2016-07-06
pjp
0332
2016-07-06
pjp
struct passwd *pw;
0333
2016-07-06
pjp
struct addrinfo hints, *res0, *res;
0334
2016-07-06
pjp
struct ifaddrs *ifap, *pifap;
0335
2016-07-06
pjp
struct sockaddr_in *sin;
0336
2016-07-06
pjp
struct sockaddr_in6 *sin6;
0337
2016-07-06
pjp
struct cfg *cfg;
0338
2020-06-25
pjp
struct imsgbuf cortex_ibuf;
0339
2020-06-25
pjp
struct imsgbuf *ibuf;
0340
2020-07-10
pjp
struct rr_imsg *ri = NULL;
0341
2020-07-10
pjp
struct sf_imsg *sf = NULL;
0342
2020-07-14
pjp
struct pkt_imsg *pi = NULL;
0343
2016-07-06
pjp
0344
2017-06-26
pjp
static ddDB *db;
0345
2020-03-10
pjp
0346
2020-03-10
pjp
time_t now;
0347
2020-03-10
pjp
struct tm *ltm;
0348
2017-06-27
pjp
0349
2020-07-10
pjp
char *shptr;
0350
2020-07-10
pjp
int shsize;
0351
2020-07-10
pjp
0352
2017-06-27
pjp
0353
2016-07-06
pjp
if (geteuid() != 0) {
0354
2019-09-12
pjp
fprintf(stderr, "must be started as root\n");
0355
2016-07-06
pjp
exit(1);
0356
2016-07-06
pjp
}
0357
2016-07-06
pjp
0358
2020-03-10
pjp
now = time(NULL);
0359
2020-03-10
pjp
ltm = localtime(&now);
0360
2020-03-10
pjp
glob_time_offset = ltm->tm_gmtoff;
0361
2020-03-10
pjp
0362
2016-07-06
pjp
av = argv;
0363
2019-12-19
pjp
0364
2017-10-04
pjp
#if __linux__
0365
2017-10-04
pjp
setproctitle_init(argc, av, environ);
0366
2017-10-04
pjp
#endif
0367
2017-10-04
pjp
0368
2017-10-04
pjp
0369
2019-01-29
pjp
while ((ch = getopt(argc, argv, "b:df:i:ln:p:s:v")) != -1) {
0370
2016-07-06
pjp
switch (ch) {
0371
2016-07-06
pjp
case 'b':
0372
2016-07-06
pjp
bflag = 1;
0373
2016-07-06
pjp
if (bcount > 253) {
0374
2016-07-06
pjp
fprintf(stderr, "too many -b flags\n");
0375
2016-07-06
pjp
exit(1);
0376
2016-07-06
pjp
}
0377
2016-07-06
pjp
bind_list[bcount++] = optarg;
0378
2016-07-06
pjp
break;
0379
2016-07-06
pjp
case 'd':
0380
2016-07-06
pjp
debug = 1;
0381
2016-07-06
pjp
break;
0382
2016-07-06
pjp
case 'f':
0383
2016-07-06
pjp
conffile = optarg;
0384
2016-07-06
pjp
break;
0385
2016-07-06
pjp
case 'i':
0386
2016-07-06
pjp
iflag = 1;
0387
2016-07-06
pjp
if (icount > 254) {
0388
2016-07-06
pjp
fprintf(stderr, "too many -i flags\n");
0389
2016-07-06
pjp
exit(1);
0390
2016-07-06
pjp
}
0391
2016-07-06
pjp
interface_list[icount++] = optarg;
0392
2016-07-06
pjp
break;
0393
2016-07-06
pjp
case 'l':
0394
2016-07-06
pjp
lflag = 1;
0395
2016-07-06
pjp
break;
0396
2016-07-06
pjp
case 'n':
0397
2016-07-06
pjp
nflag = atoi(optarg);
0398
2016-07-06
pjp
break;
0399
2016-07-06
pjp
case 'p':
0400
2016-07-06
pjp
port = atoi(optarg) & 0xffff;
0401
2016-07-06
pjp
break;
0402
2019-01-29
pjp
case 's':
0403
2019-01-29
pjp
socketpath = optarg;
0404
2019-01-29
pjp
break;
0405
2016-07-06
pjp
case 'v':
0406
2016-07-06
pjp
verbose++;
0407
2016-07-06
pjp
break;
0408
2016-07-06
pjp
default:
0409
2016-07-06
pjp
fprintf(stderr, "usage: delphinusdnsd [-i interface] [-b bindaddress] [-f configfile] [-p portnumber] [-drv]\n");
0410
2016-07-06
pjp
exit (1);
0411
2016-07-06
pjp
}
0412
2016-07-06
pjp
}
0413
2016-07-06
pjp
0414
2016-07-06
pjp
if (bflag && iflag) {
0415
2016-07-06
pjp
fprintf(stderr, "you may specify -i or -b but not both\n");
0416
2016-07-06
pjp
exit(1);
0417
2016-07-06
pjp
}
0418
2016-07-06
pjp
0419
2016-07-06
pjp
/*
0420
2016-07-06
pjp
* calling daemon before a sleuth of configurations ala rwhod.c
0421
2016-07-06
pjp
*/
0422
2016-07-06
pjp
0423
2016-07-06
pjp
if (! debug)
0424
2016-07-06
pjp
daemon(0,0);
0425
2018-07-11
pjp
else {
0426
2019-11-02
pjp
int status;
0427
2018-07-11
pjp
/*
0428
2019-11-02
pjp
* clean up any zombies left behind, this is only in debug mode
0429
2019-11-02
pjp
*/
0430
2019-11-02
pjp
0431
2019-11-02
pjp
while (waitpid(-1, &status, WNOHANG) > 0);
0432
2019-11-02
pjp
0433
2019-11-02
pjp
/*
0434
2018-07-11
pjp
* even if in debug mode we want to have our own parent group
0435
2018-07-11
pjp
* for reasons in that regress needs it when killing debug
0436
2018-07-11
pjp
* mode delphinusdnsd
0437
2018-07-11
pjp
*/
0438
2016-07-06
pjp
0439
2018-07-12
pjp
#if __linux__
0440
2018-07-12
pjp
if (setpgrp() < 0) {
0441
2018-07-12
pjp
#else
0442
2018-07-11
pjp
if (setpgrp(0, 0) < 0) {
0443
2018-07-12
pjp
#endif
0444
2018-07-11
pjp
perror("setpgrp");
0445
2018-07-11
pjp
exit(1);
0446
2018-07-11
pjp
}
0447
2018-07-11
pjp
}
0448
2018-07-11
pjp
0449
2018-07-11
pjp
0450
2016-07-06
pjp
openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
0451
2016-07-06
pjp
dolog(LOG_INFO, "starting up\n");
0452
2016-07-06
pjp
0453
2016-07-06
pjp
/* cfg struct */
0454
2016-07-06
pjp
cfg = calloc(1, sizeof(struct cfg));
0455
2016-07-06
pjp
if (cfg == NULL) {
0456
2016-07-06
pjp
dolog(LOG_ERR, "calloc: %s\n", strerror(errno));
0457
2016-07-06
pjp
exit(1);
0458
2016-07-06
pjp
}
0459
2017-08-09
pjp
0460
2016-07-06
pjp
/*
0461
2016-07-06
pjp
* make a shared memory segment for signaling kills between
0462
2016-07-06
pjp
* processes...
0463
2016-07-06
pjp
*/
0464
2016-07-06
pjp
0465
2016-07-06
pjp
0466
2020-06-25
pjp
ptr = mmap(NULL, sizeof(pid_t), PROT_READ | PROT_WRITE, MAP_SHARED |\
0467
2016-07-06
pjp
MAP_ANON, -1, 0);
0468
2016-07-06
pjp
0469
2016-07-06
pjp
if (ptr == MAP_FAILED) {
0470
2016-07-06
pjp
dolog(LOG_ERR, "failed to setup mmap segment, exit\n");
0471
2016-07-06
pjp
exit(1);
0472
2016-07-06
pjp
}
0473
2016-07-06
pjp
0474
2016-07-06
pjp
*ptr = 0;
0475
2016-07-06
pjp
0476
2017-06-26
pjp
/* open internal database */
0477
2016-07-06
pjp
0478
2017-06-26
pjp
db = dddbopen();
0479
2017-06-26
pjp
if (db == NULL) {
0480
2017-06-26
pjp
dolog(LOG_INFO, "dddbopen() failed\n");
0481
2020-06-25
pjp
ddd_shutdown();
0482
2016-07-06
pjp
exit(1);
0483
2016-07-06
pjp
}
0484
2016-07-06
pjp
0485
2020-06-25
pjp
0486
2020-06-25
pjp
if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, PF_UNSPEC, &cfg->my_imsg[MY_IMSG_CORTEX].imsg_fds[0]) < 0) {
0487
2017-08-09
pjp
dolog(LOG_INFO, "socketpair() failed\n");
0488
2020-06-25
pjp
ddd_shutdown();
0489
2017-08-09
pjp
exit(1);
0490
2017-08-09
pjp
}
0491
2017-08-09
pjp
0492
2017-06-26
pjp
pid = fork();
0493
2017-06-26
pjp
switch (pid) {
0494
2017-06-26
pjp
case -1:
0495
2017-06-26
pjp
dolog(LOG_ERR, "fork(): %s\n", strerror(errno));
0496
2016-07-06
pjp
exit(1);
0497
2017-06-26
pjp
case 0:
0498
2020-06-25
pjp
close(cfg->my_imsg[MY_IMSG_CORTEX].imsg_fds[0]);
0499
2020-06-25
pjp
imsg_init(&cortex_ibuf, cfg->my_imsg[MY_IMSG_CORTEX].imsg_fds[1]);
0500
2020-06-25
pjp
setup_cortex(&cortex_ibuf);
0501
2020-06-25
pjp
/* NOTREACHED */
0502
2020-06-25
pjp
exit(1);
0503
2020-06-25
pjp
0504
2019-11-03
pjp
break;
0505
2019-11-03
pjp
default:
0506
2020-06-25
pjp
close(cfg->my_imsg[MY_IMSG_CORTEX].imsg_fds[1]);
0507
2020-06-25
pjp
imsg_init(&cortex_ibuf, cfg->my_imsg[MY_IMSG_CORTEX].imsg_fds[0]);
0508
2020-06-25
pjp
}
0509
2019-01-29
pjp
0510
2020-06-25
pjp
pid = fork();
0511
2020-06-25
pjp
switch (pid) {
0512
2020-06-25
pjp
case -1:
0513
2020-06-25
pjp
dolog(LOG_ERR, "fork(): %s\n", strerror(errno));
0514
2020-06-25
pjp
exit(1);
0515
2020-06-25
pjp
case 0:
0516
2020-06-25
pjp
ibuf = register_cortex(&cortex_ibuf, MY_IMSG_MASTER);
0517
2020-06-25
pjp
if (ibuf != NULL) {
0518
2020-06-25
pjp
setup_master(db, av, socketpath, ibuf);
0519
2020-06-25
pjp
}
0520
2019-11-03
pjp
/* NOTREACHED */
0521
2020-06-25
pjp
ddd_shutdown();
0522
2016-07-06
pjp
exit(1);
0523
2020-06-25
pjp
break;
0524
2020-06-25
pjp
default:
0525
2020-06-25
pjp
break;
0526
2019-11-03
pjp
}
0527
2019-11-03
pjp
0528
2019-11-03
pjp
if (! debug) {
0529
2019-11-03
pjp
switch (pid = fork()) {
0530
2019-11-03
pjp
case -1:
0531
2019-11-03
pjp
dolog(LOG_ERR, "fork(): %s\n", strerror(errno));
0532
2019-11-03
pjp
exit(1);
0533
2019-11-03
pjp
case 0:
0534
2019-11-09
pjp
/*
0535
2019-11-09
pjp
* add signals here too
0536
2019-11-09
pjp
*/
0537
2019-11-09
pjp
0538
2019-11-09
pjp
signal(SIGPIPE, SIG_IGN);
0539
2019-11-09
pjp
0540
2020-06-25
pjp
signal(SIGTERM, ddd_signal);
0541
2020-06-25
pjp
signal(SIGINT, ddd_signal);
0542
2020-06-25
pjp
signal(SIGQUIT, ddd_signal);
0543
2019-11-09
pjp
0544
2020-06-25
pjp
ibuf = register_cortex(&cortex_ibuf, MY_IMSG_UNIXCONTROL);
0545
2020-06-25
pjp
if (ibuf != NULL) {
0546
2020-06-25
pjp
setup_unixsocket(socketpath, ibuf);
0547
2020-06-25
pjp
}
0548
2020-06-25
pjp
ddd_shutdown();
0549
2019-11-03
pjp
exit(1);
0550
2019-11-03
pjp
default:
0551
2019-11-03
pjp
break;
0552
2019-11-03
pjp
}
0553
2019-01-29
pjp
}
0554
2019-01-29
pjp
0555
2019-01-29
pjp
0556
2016-07-06
pjp
/* end of setup_master code */
0557
2016-07-06
pjp
0558
2016-07-06
pjp
init_region();
0559
2016-07-06
pjp
init_filter();
0560
2020-07-16
pjp
init_passlist();
0561
2016-07-06
pjp
init_dnssec();
0562
2019-02-24
pjp
init_tsig();
0563
2019-06-07
pjp
TAILQ_INIT(&tcphead);
0564
2016-07-06
pjp
0565
2019-11-14
pjp
if (parse_file(db, conffile, 0) < 0) {
0566
2016-07-06
pjp
dolog(LOG_INFO, "parsing config file failed\n");
0567
2020-06-25
pjp
ddd_shutdown();
0568
2016-07-06
pjp
exit(1);
0569
2016-07-06
pjp
}
0570
2016-07-06
pjp
0571
2020-07-03
pjp
if (zonecount && determine_glue(db) < 0) {
0572
2019-11-11
pjp
dolog(LOG_INFO, "determine_glue() failed\n");
0573
2020-06-25
pjp
ddd_shutdown();
0574
2019-11-11
pjp
exit(1);
0575
2019-11-11
pjp
}
0576
2019-11-11
pjp
0577
2020-07-03
pjp
if (zonecount && init_entlist(db) < 0) {
0578
2017-01-09
pjp
dolog(LOG_INFO, "creating entlist failed\n");
0579
2020-06-25
pjp
ddd_shutdown();
0580
2017-01-09
pjp
exit(1);
0581
2017-01-09
pjp
}
0582
2017-01-09
pjp
0583
2016-07-06
pjp
/* ratelimiting setup */
0584
2016-07-06
pjp
if (ratelimit) {
0585
2016-07-06
pjp
ratelimit_backlog = ratelimit_packets_per_second * 2;
0586
2016-07-06
pjp
rptr = rrlimit_setup(ratelimit_backlog);
0587
2016-07-06
pjp
if (rptr == NULL) {
0588
2016-07-06
pjp
dolog(LOG_INFO, "ratelimiting error\n");
0589
2020-06-25
pjp
ddd_shutdown();
0590
2016-07-06
pjp
exit(1);
0591
2016-07-06
pjp
}
0592
2016-07-06
pjp
}
0593
2016-07-06
pjp
0594
2016-07-06
pjp
pw = getpwnam(DEFAULT_PRIVILEGE);
0595
2016-07-06
pjp
if (pw == NULL) {
0596
2016-07-06
pjp
dolog(LOG_INFO, "getpwnam: %s\n", strerror(errno));
0597
2020-06-25
pjp
ddd_shutdown();
0598
2016-07-06
pjp
exit(1);
0599
2016-07-06
pjp
}
0600
2016-07-06
pjp
0601
2016-07-06
pjp
if (bcount > DEFAULT_SOCKET) {
0602
2016-07-06
pjp
dolog(LOG_INFO, "not enough sockets available\n");
0603
2020-06-25
pjp
ddd_shutdown();
0604
2016-07-06
pjp
exit(1);
0605
2016-07-06
pjp
}
0606
2016-07-06
pjp
0607
2016-07-06
pjp
if (bflag) {
0608
2016-07-06
pjp
for (i = 0; i < bcount; i++) {
0609
2016-07-06
pjp
memset(&hints, 0, sizeof(hints));
0610
2016-07-06
pjp
0611
2016-07-06
pjp
if (strchr(bind_list[i], ':') != NULL) {
0612
2016-07-06
pjp
hints.ai_family = AF_INET6;
0613
2016-07-06
pjp
} else {
0614
2016-07-06
pjp
hints.ai_family = AF_INET;
0615
2016-07-06
pjp
}
0616
2016-07-06
pjp
0617
2016-07-06
pjp
hints.ai_socktype = SOCK_DGRAM;
0618
2016-07-06
pjp
hints.ai_protocol = IPPROTO_UDP;
0619
2016-07-06
pjp
hints.ai_flags = AI_NUMERICHOST;
0620
2016-07-06
pjp
0621
2016-07-06
pjp
snprintf(buf, sizeof(buf) - 1, "%u", port);
0622
2016-07-06
pjp
0623
2016-07-06
pjp
if ((gai_error = getaddrinfo(bind_list[i], buf, &hints, &res0)) != 0) {
0624
2016-07-06
pjp
dolog(LOG_INFO, "getaddrinfo: %s\n", gai_strerror(gai_error));
0625
2020-06-25
pjp
ddd_shutdown();
0626
2016-07-06
pjp
exit (1);
0627
2016-07-06
pjp
}
0628
2016-07-06
pjp
0629
2016-07-06
pjp
res = res0;
0630
2016-07-06
pjp
0631
2020-07-13
pjp
udp[i] = bind_this_res(res, 0);
0632
2020-07-21
pjp
memcpy((void *)&cfg->ss[i], (void *)res->ai_addr, res->ai_addrlen);
0633
2016-07-06
pjp
0634
2016-07-06
pjp
if (res->ai_family == AF_INET) {
0635
2020-06-30
pjp
on = 1;
0636
2016-07-06
pjp
if (setsockopt(udp[i], IPPROTO_IP, IP_RECVTTL,
0637
2016-07-06
pjp
&on, sizeof(on)) < 0) {
0638
2020-06-30
pjp
dolog(LOG_INFO, "setsockopt: %s\n", strerror(errno));
0639
2016-07-06
pjp
}
0640
2016-07-06
pjp
} else if (res->ai_family == AF_INET6) {
0641
2016-07-06
pjp
/* RFC 3542 page 30 */
0642
2016-07-06
pjp
on = 1;
0643
2016-07-06
pjp
if (setsockopt(udp[i], IPPROTO_IPV6,
0644
2016-07-06
pjp
IPV6_RECVHOPLIMIT, &on, sizeof(on)) < 0) {
0645
2016-07-06
pjp
dolog(LOG_INFO, "setsockopt: %s\n", strerror(errno));
0646
2016-07-06
pjp
}
0647
2016-07-06
pjp
}
0648
2016-07-06
pjp
0649
2016-07-06
pjp
ident[i] = bind_list[i];
0650
2016-07-06
pjp
0651
2016-07-06
pjp
/* tcp below */
0652
2016-07-06
pjp
hints.ai_socktype = SOCK_STREAM;
0653
2016-07-06
pjp
hints.ai_protocol = IPPROTO_TCP;
0654
2016-07-06
pjp
hints.ai_flags = AI_NUMERICHOST;
0655
2016-07-06
pjp
0656
2016-07-06
pjp
snprintf(buf, sizeof(buf) - 1, "%u", port);
0657
2016-07-06
pjp
0658
2016-07-06
pjp
if ((gai_error = getaddrinfo(bind_list[i], buf, &hints, &res0)) != 0) {
0659
2016-07-06
pjp
dolog(LOG_INFO, "getaddrinfo: %s\n", gai_strerror(gai_error));
0660
2020-06-25
pjp
ddd_shutdown();
0661
2016-07-06
pjp
exit (1);
0662
2016-07-06
pjp
}
0663
2016-07-06
pjp
0664
2016-07-06
pjp
res = res0;
0665
2016-07-06
pjp
0666
2016-07-06
pjp
if ((tcp[i] = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) < 0) {
0667
2016-07-06
pjp
dolog(LOG_INFO, "tcp socket: %s\n", strerror(errno));
0668
2020-06-25
pjp
ddd_shutdown();
0669
2016-07-06
pjp
exit(1);
0670
2016-07-06
pjp
}
0671
2016-07-06
pjp
if (setsockopt(tcp[i], SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
0672
2016-07-06
pjp
dolog(LOG_INFO, "setsockopt: %s\n", strerror(errno));
0673
2020-06-25
pjp
ddd_shutdown();
0674
2016-07-06
pjp
exit(1);
0675
2016-07-06
pjp
}
0676
2016-07-06
pjp
if (bind(tcp[i], res->ai_addr, res->ai_addrlen) < 0) {
0677
2016-07-06
pjp
dolog(LOG_INFO, "tcp bind: %s\n", strerror(errno));
0678
2020-06-25
pjp
ddd_shutdown();
0679
2016-07-06
pjp
exit(1);
0680
2016-07-06
pjp
}
0681
2016-07-06
pjp
0682
2017-08-10
pjp
if (axfrport && axfrport != port) {
0683
2016-07-06
pjp
/* axfr port below */
0684
2016-07-06
pjp
hints.ai_socktype = SOCK_STREAM;
0685
2016-07-06
pjp
hints.ai_protocol = IPPROTO_TCP;
0686
2016-07-06
pjp
hints.ai_flags = AI_NUMERICHOST;
0687
2016-07-06
pjp
0688
2016-07-06
pjp
snprintf(buf, sizeof(buf) - 1, "%u", axfrport);
0689
2016-07-06
pjp
0690
2016-07-06
pjp
if ((gai_error = getaddrinfo(bind_list[i], buf, &hints, &res0)) != 0) {
0691
2016-07-06
pjp
dolog(LOG_INFO, "getaddrinfo: %s\n", gai_strerror(gai_error));
0692
2020-06-25
pjp
ddd_shutdown();
0693
2016-07-06
pjp
exit (1);
0694
2016-07-06
pjp
}
0695
2016-07-06
pjp
0696
2016-07-06
pjp
res = res0;
0697
2016-07-06
pjp
0698
2016-07-06
pjp
if ((afd[i] = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) < 0) {
0699
2016-07-06
pjp
dolog(LOG_INFO, "tcp socket: %s\n", strerror(errno));
0700
2020-06-25
pjp
ddd_shutdown();
0701
2016-07-06
pjp
exit(1);
0702
2016-07-06
pjp
}
0703
2016-07-06
pjp
if (setsockopt(afd[i], SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
0704
2016-07-06
pjp
dolog(LOG_INFO, "setsockopt: %s\n", strerror(errno));
0705
2020-06-25
pjp
ddd_shutdown();
0706
2016-07-06
pjp
exit(1);
0707
2016-07-06
pjp
}
0708
2016-07-06
pjp
if (bind(afd[i], res->ai_addr, res->ai_addrlen) < 0) {
0709
2016-07-06
pjp
dolog(LOG_INFO, "tcp bind: %s\n", strerror(errno));
0710
2020-06-25
pjp
ddd_shutdown();
0711
2016-07-06
pjp
exit(1);
0712
2016-07-06
pjp
}
0713
2016-07-06
pjp
0714
2016-07-06
pjp
if ((uafd[i] = socket(res->ai_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
0715
2016-07-06
pjp
dolog(LOG_INFO, "axfr udp socket: %s\n", strerror(errno));
0716
2020-06-25
pjp
ddd_shutdown();
0717
2016-07-06
pjp
exit(1);
0718
2016-07-06
pjp
}
0719
2016-07-06
pjp
if (bind(uafd[i], res->ai_addr, res->ai_addrlen) < 0) {
0720
2016-07-06
pjp
dolog(LOG_INFO, "axfr udp socket bind: %s\n", strerror(errno));
0721
2020-06-25
pjp
ddd_shutdown();
0722
2016-07-06
pjp
exit(1);
0723
2016-07-06
pjp
}
0724
2017-12-14
pjp
} else if (axfrport && axfrport == port) {
0725
2017-12-14
pjp
afd[i] = -1;
0726
2017-12-14
pjp
}
0727
2016-07-06
pjp
0728
2016-07-06
pjp
} /* for .. bcount */
0729
2016-07-06
pjp
0730
2016-07-06
pjp
} else {
0731
2016-07-06
pjp
if (getifaddrs(&ifap) < 0) {
0732
2016-07-06
pjp
dolog(LOG_INFO, "getifaddrs\n");
0733
2020-06-25
pjp
ddd_shutdown();
0734
2016-07-06
pjp
exit(1);
0735
2016-07-06
pjp
}
0736
2016-07-06
pjp
0737
2016-07-06
pjp
for (pifap = ifap, i = 0; i < DEFAULT_SOCKET && pifap; pifap = pifap->ifa_next, i++) {
0738
2016-07-06
pjp
0739
2016-07-06
pjp
found = 0;
0740
2016-07-06
pjp
0741
2016-07-06
pjp
/* we want only one interface not the rest */
0742
2016-07-06
pjp
if (icount > 0) {
0743
2016-07-06
pjp
for (j = 0; j < icount; j++) {
0744
2016-07-06
pjp
if (strcmp(pifap->ifa_name, interface_list[j]) == 0) {
0745
2016-07-06
pjp
found = 1;
0746
2016-07-06
pjp
}
0747
2016-07-06
pjp
}
0748
2016-07-06
pjp
0749
2016-07-06
pjp
if (! found) {
0750
2016-07-06
pjp
i--;
0751
2016-07-06
pjp
continue;
0752
2016-07-06
pjp
}
0753
2016-07-06
pjp
0754
2016-07-06
pjp
}
0755
2016-07-06
pjp
if ((pifap->ifa_flags & IFF_UP) != IFF_UP) {
0756
2016-07-06
pjp
dolog(LOG_INFO, "skipping interface %s\n", pifap->ifa_name);
0757
2016-07-06
pjp
i--;
0758
2016-07-06
pjp
continue;
0759
2016-07-06
pjp
}
0760
2016-07-06
pjp
0761
2016-07-06
pjp
if (pifap->ifa_addr->sa_family == AF_INET) {
0762
2016-07-06
pjp
sin = (struct sockaddr_in *)pifap->ifa_addr;
0763
2016-07-06
pjp
sin->sin_port = htons(port);
0764
2016-07-06
pjp
salen = sizeof(struct sockaddr_in);
0765
2016-07-06
pjp
/* no address bound to this interface */
0766
2016-07-06
pjp
if (sin->sin_addr.s_addr == INADDR_ANY) {
0767
2016-07-06
pjp
i--;
0768
2016-07-06
pjp
continue;
0769
2016-07-06
pjp
}
0770
2016-07-06
pjp
} else if (pifap->ifa_addr->sa_family == AF_INET6) {
0771
2016-07-06
pjp
sin6 = (struct sockaddr_in6 *)pifap->ifa_addr;
0772
2016-07-06
pjp
sin6->sin6_port = htons(port);
0773
2016-07-06
pjp
/* no address bound to this interface */
0774
2016-07-06
pjp
salen = sizeof(struct sockaddr_in6);
0775
2016-07-06
pjp
0776
2016-07-06
pjp
} else {
0777
2016-07-06
pjp
dolog(LOG_DEBUG, "unknown address family %d\n", pifap->ifa_addr->sa_family);
0778
2016-07-06
pjp
i--;
0779
2016-07-06
pjp
continue;
0780
2016-07-06
pjp
}
0781
2016-07-06
pjp
0782
2020-07-13
pjp
udp[i] = bind_this_pifap(pifap, 0, salen);
0783
2020-07-21
pjp
memcpy((void *)&cfg->ss[i], (void *)pifap->ifa_addr, salen);
0784
2016-07-06
pjp
0785
2016-07-06
pjp
if (pifap->ifa_addr->sa_family == AF_INET) {
0786
2020-06-30
pjp
on = 1;
0787
2016-07-06
pjp
if (setsockopt(udp[i], IPPROTO_IP, IP_RECVTTL,
0788
2016-07-06
pjp
&on, sizeof(on)) < 0) {
0789
2016-07-06
pjp
dolog(LOG_INFO, "setsockopt: %s\n", strerror(errno));
0790
2016-07-06
pjp
}
0791
2016-07-06
pjp
} else if (pifap->ifa_addr->sa_family == AF_INET6) {
0792
2016-07-06
pjp
/* RFC 3542 page 30 */
0793
2016-07-06
pjp
on = 1;
0794
2016-07-06
pjp
if (setsockopt(udp[i], IPPROTO_IPV6,
0795
2016-07-06
pjp
IPV6_RECVHOPLIMIT, &on, sizeof(on)) < 0) {
0796
2016-07-06
pjp
dolog(LOG_INFO, "setsockopt: %s\n", strerror(errno));
0797
2016-07-06
pjp
}
0798
2016-07-06
pjp
}
0799
2016-07-06
pjp
0800
2016-07-06
pjp
0801
2016-07-06
pjp
ident[i] = pifap->ifa_name;
0802
2016-07-06
pjp
0803
2016-07-06
pjp
if ((tcp[i] = socket(pifap->ifa_addr->sa_family, SOCK_STREAM, IPPROTO_TCP)) < 0) {
0804
2016-07-06
pjp
dolog(LOG_INFO, "tcp socket: %s\n", strerror(errno));
0805
2020-06-25
pjp
ddd_shutdown();
0806
2016-07-06
pjp
exit(1);
0807
2016-07-06
pjp
}
0808
2016-07-06
pjp
if (setsockopt(tcp[i], SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
0809
2016-07-06
pjp
dolog(LOG_INFO, "setsockopt: %s\n", strerror(errno));
0810
2020-06-25
pjp
ddd_shutdown();
0811
2016-07-06
pjp
exit(1);
0812
2016-07-06
pjp
}
0813
2016-07-06
pjp
0814
2016-07-06
pjp
if (bind(tcp[i], (struct sockaddr *)pifap->ifa_addr, salen) < 0) {
0815
2016-07-06
pjp
dolog(LOG_INFO, "tcp bind: %s\n", strerror(errno));
0816
2020-06-25
pjp
ddd_shutdown();
0817
2016-07-06
pjp
exit(1);
0818
2016-07-06
pjp
}
0819
2016-07-06
pjp
0820
2016-07-06
pjp
0821
2016-07-06
pjp
/* axfr socket */
0822
2017-08-10
pjp
if (axfrport && axfrport != port) {
0823
2016-07-06
pjp
if ((afd[i] = socket(pifap->ifa_addr->sa_family, SOCK_STREAM, IPPROTO_TCP)) < 0) {
0824
2016-07-06
pjp
dolog(LOG_INFO, "tcp socket: %s\n", strerror(errno));
0825
2020-06-25
pjp
ddd_shutdown();
0826
2016-07-06
pjp
exit(1);
0827
2016-07-06
pjp
}
0828
2016-07-06
pjp
if (setsockopt(afd[i], SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
0829
2016-07-06
pjp
dolog(LOG_INFO, "setsockopt: %s\n", strerror(errno));
0830
2020-06-25
pjp
ddd_shutdown();
0831
2016-07-06
pjp
exit(1);
0832
2016-07-06
pjp
}
0833
2016-07-06
pjp
0834
2016-07-06
pjp
((struct sockaddr_in *)pifap->ifa_addr)->sin_port = htons(axfrport);
0835
2016-07-06
pjp
0836
2016-07-06
pjp
if (bind(afd[i], (struct sockaddr *)pifap->ifa_addr, salen) < 0) {
0837
2016-07-06
pjp
dolog(LOG_INFO, "tcp bind: %s\n", strerror(errno));
0838
2020-06-25
pjp
ddd_shutdown();
0839
2016-07-06
pjp
exit(1);
0840
2016-07-06
pjp
}
0841
2016-07-06
pjp
if ((uafd[i] = socket(pifap->ifa_addr->sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
0842
2016-07-06
pjp
dolog(LOG_INFO, "axfr udp socket: %s\n", strerror(errno));
0843
2020-06-25
pjp
ddd_shutdown();
0844
2016-07-06
pjp
exit(1);
0845
2016-07-06
pjp
}
0846
2016-07-06
pjp
if (bind(uafd[i], (struct sockaddr *)pifap->ifa_addr, salen) < 0) {
0847
2016-07-06
pjp
dolog(LOG_INFO, "udp axfr bind: %s\n", strerror(errno));
0848
2020-06-25
pjp
ddd_shutdown();
0849
2016-07-06
pjp
exit(1);
0850
2016-07-06
pjp
}
0851
2017-12-14
pjp
} else if (axfrport && axfrport == port) {
0852
2017-12-14
pjp
afd[i] = -1;
0853
2017-12-14
pjp
}
0854
2016-07-06
pjp
0855
2016-07-06
pjp
} /* AF_INET */
0856
2016-07-06
pjp
0857
2016-07-06
pjp
if (i >= DEFAULT_SOCKET) {
0858
2016-07-06
pjp
dolog(LOG_INFO, "not enough sockets available\n");
0859
2020-06-25
pjp
ddd_shutdown();
0860
2016-07-06
pjp
exit(1);
0861
2016-07-06
pjp
}
0862
2016-07-06
pjp
} /* if bflag? */
0863
2016-07-06
pjp
0864
2020-07-21
pjp
if ((cfg->raw[0] = socket(AF_INET, SOCK_RAW, IPPROTO_UDP)) < 0) {
0865
2020-07-21
pjp
dolog(LOG_INFO, "raw0 socket: %s\n", strerror(errno));
0866
2020-07-21
pjp
ddd_shutdown();
0867
2020-07-21
pjp
exit(1);
0868
2020-07-21
pjp
}
0869
2020-07-21
pjp
shutdown(cfg->raw[0], SHUT_RD);
0870
2020-07-21
pjp
if ((cfg->raw[1] = socket(AF_INET6, SOCK_RAW, IPPROTO_UDP)) < 0) {
0871
2020-07-21
pjp
dolog(LOG_INFO, "raw1 socket: %s\n", strerror(errno));
0872
2020-07-21
pjp
ddd_shutdown();
0873
2020-07-21
pjp
exit(1);
0874
2020-07-21
pjp
}
0875
2020-07-21
pjp
on = 1;
0876
2020-07-21
pjp
shutdown(cfg->raw[1], SHUT_RD);
0877
2020-07-21
pjp
cfg->port = port;
0878
2020-07-13
pjp
0879
2019-11-01
pjp
#if __OpenBSD__
0880
2019-11-01
pjp
if (unveil(DELPHINUS_RZONE_PATH, "rwc") < 0) {
0881
2019-11-01
pjp
perror("unveil");
0882
2020-06-25
pjp
ddd_shutdown();
0883
2019-11-01
pjp
exit(1);
0884
2019-11-01
pjp
}
0885
2019-11-01
pjp
if (unveil(pw->pw_dir, "wc") < 0) {
0886
2019-11-01
pjp
perror("unveil");
0887
2020-06-25
pjp
ddd_shutdown();
0888
2019-11-01
pjp
exit(1);
0889
2019-11-01
pjp
}
0890
2019-11-01
pjp
0891
2019-11-01
pjp
#endif
0892
2019-11-01
pjp
0893
2019-11-01
pjp
/*
0894
2019-11-01
pjp
* add signals
0895
2019-11-01
pjp
*/
0896
2019-11-01
pjp
0897
2019-11-01
pjp
signal(SIGPIPE, SIG_IGN);
0898
2019-11-01
pjp
0899
2020-06-25
pjp
signal(SIGTERM, ddd_signal);
0900
2020-06-25
pjp
signal(SIGINT, ddd_signal);
0901
2020-06-25
pjp
signal(SIGQUIT, ddd_signal);
0902
2019-11-01
pjp
0903
2020-07-10
pjp
/*
0904
2020-07-10
pjp
* start our axfr process
0905
2020-07-10
pjp
*/
0906
2020-07-10
pjp
0907
2020-07-10
pjp
if (axfrport) {
0908
2019-11-01
pjp
switch (pid = fork()) {
0909
2019-11-01
pjp
case -1:
0910
2019-11-01
pjp
dolog(LOG_ERR, "fork() failed: %s\n", strerror(errno));
0911
2020-06-25
pjp
ddd_shutdown();
0912
2019-11-01
pjp
exit(1);
0913
2019-11-01
pjp
case 0:
0914
2020-07-10
pjp
ibuf = register_cortex(&cortex_ibuf, MY_IMSG_AXFR);
0915
2020-06-25
pjp
if (ibuf == NULL) {
0916
2020-06-25
pjp
ddd_shutdown();
0917
2020-06-25
pjp
exit(1);
0918
2020-06-25
pjp
}
0919
2020-06-25
pjp
0920
2019-11-01
pjp
/* chroot to the drop priv user home directory */
0921
2019-12-11
pjp
#ifdef DEFAULT_LOCATION
0922
2019-12-11
pjp
if (drop_privs(DEFAULT_LOCATION, pw) < 0) {
0923
2019-12-11
pjp
#else
0924
2019-11-01
pjp
if (drop_privs(pw->pw_dir, pw) < 0) {
0925
2019-12-11
pjp
#endif
0926
2020-07-10
pjp
dolog(LOG_INFO, "axfr dropping privileges\n", strerror(errno));
0927
2020-06-25
pjp
ddd_shutdown();
0928
2016-07-06
pjp
exit(1);
0929
2016-07-06
pjp
}
0930
2019-11-01
pjp
#if __OpenBSD__
0931
2020-07-10
pjp
if (pledge("stdio inet proc id sendfd recvfd unveil", NULL) < 0) {
0932
2019-11-01
pjp
perror("pledge");
0933
2019-11-01
pjp
exit(1);
0934
2019-11-01
pjp
}
0935
2019-11-01
pjp
#endif
0936
2019-11-01
pjp
0937
2019-11-01
pjp
/* close descriptors that we don't need */
0938
2019-11-01
pjp
for (j = 0; j < i; j++) {
0939
2019-11-01
pjp
close(tcp[j]);
0940
2019-11-01
pjp
close(udp[j]);
0941
2020-07-10
pjp
if (axfrport && axfrport != port)
0942
2020-06-30
pjp
close(uafd[j]);
0943
2020-07-10
pjp
0944
2019-11-01
pjp
}
0945
2020-07-21
pjp
close(cfg->raw[0]);
0946
2020-07-21
pjp
close(cfg->raw[1]);
0947
2019-11-01
pjp
0948
2020-07-10
pjp
setproctitle("AXFR engine on port %d", axfrport);
0949
2020-07-10
pjp
axfrloop(afd, (axfrport == port) ? 0 : i, ident, db, ibuf);
0950
2019-11-01
pjp
/* NOTREACHED */
0951
2019-11-01
pjp
exit(1);
0952
2019-11-01
pjp
default:
0953
2020-07-10
pjp
/* close afd descriptors, they aren't needed here */
0954
2020-07-10
pjp
for (j = 0; j < i; j++) {
0955
2020-07-10
pjp
if (axfrport && axfrport != port)
0956
2020-07-10
pjp
close(afd[j]);
0957
2020-07-10
pjp
}
0958
2016-07-06
pjp
break;
0959
2016-07-06
pjp
}
0960
2019-11-01
pjp
0961
2020-07-10
pjp
} /* axfrport */
0962
2020-07-10
pjp
0963
2020-07-10
pjp
/* raxfr */
0964
2020-07-10
pjp
if (raxfrflag) {
0965
2019-11-01
pjp
switch (pid = fork()) {
0966
2019-11-01
pjp
case -1:
0967
2019-11-01
pjp
dolog(LOG_ERR, "fork() failed: %s\n", strerror(errno));
0968
2020-06-25
pjp
ddd_shutdown();
0969
2019-11-01
pjp
exit(1);
0970
2019-11-01
pjp
case 0:
0971
2020-07-10
pjp
ibuf = register_cortex(&cortex_ibuf, MY_IMSG_RAXFR);
0972
2020-06-25
pjp
if (ibuf == NULL) {
0973
2020-06-25
pjp
ddd_shutdown();
0974
2020-06-25
pjp
exit(1);
0975
2020-06-25
pjp
}
0976
2020-06-25
pjp
0977
2019-11-01
pjp
/* chroot to the drop priv user home directory */
0978
2020-07-10
pjp
if (drop_privs(DELPHINUS_RZONE_PATH, pw) < 0) {
0979
2020-07-10
pjp
dolog(LOG_INFO, "raxfr dropping privileges failed", strerror(errno));
0980
2020-06-25
pjp
ddd_shutdown();
0981
2016-07-06
pjp
exit(1);
0982
2016-07-06
pjp
}
0983
2020-07-10
pjp
0984
2019-11-01
pjp
#if __OpenBSD__
0985
2020-07-10
pjp
if (unveil("/replicant", "rwc") < 0) {
0986
2020-07-10
pjp
perror("unveil");
0987
2020-07-10
pjp
ddd_shutdown();
0988
2020-07-10
pjp
exit(1);
0989
2020-07-10
pjp
}
0990
2020-07-10
pjp
0991
2020-07-10
pjp
if (pledge("stdio inet proc id sendfd recvfd unveil cpath wpath rpath", NULL) < 0) {
0992
2019-11-01
pjp
perror("pledge");
0993
2020-07-10
pjp
ddd_shutdown();
0994
2016-07-06
pjp
exit(1);
0995
2016-07-06
pjp
}
0996
2019-11-01
pjp
#endif
0997
2019-11-01
pjp
0998
2019-11-01
pjp
/* close descriptors that we don't need */
0999
2019-11-01
pjp
for (j = 0; j < i; j++) {
1000
2019-11-01
pjp
close(tcp[j]);
1001
2019-11-01
pjp
close(udp[j]);
1002
2019-11-01
pjp
}
1003
2020-07-21
pjp
close(cfg->raw[0]);
1004
2020-07-21
pjp
close(cfg->raw[1]);
1005
2019-11-01
pjp
1006
2020-07-10
pjp
setproctitle("Replicant engine");
1007
2020-07-10
pjp
1008
2020-07-10
pjp
replicantloop(db, ibuf);
1009
2020-07-10
pjp
1010
2019-11-01
pjp
/* NOTREACHED */
1011
2019-11-01
pjp
exit(1);
1012
2020-07-10
pjp
1013
2019-11-01
pjp
default:
1014
2019-11-01
pjp
break;
1015
2019-11-01
pjp
}
1016
2020-07-10
pjp
1017
2020-07-10
pjp
} /* raxfrflag */
1018
2020-07-10
pjp
/* start our forwarding process */
1019
2020-06-30
pjp
1020
2020-07-10
pjp
if (forward) {
1021
2020-07-14
pjp
/* initialize the only global shared memory segment */
1022
2020-07-14
pjp
1023
2020-07-10
pjp
shsize = 16 + (SHAREDMEMSIZE * sizeof(struct sf_imsg));
1024
2020-07-10
pjp
1025
2020-07-10
pjp
shptr = mmap(NULL, shsize, PROT_READ | PROT_WRITE, MAP_SHARED |\
1026
2020-07-10
pjp
MAP_ANON, -1, 0);
1027
2020-07-10
pjp
1028
2020-07-10
pjp
if (shptr == MAP_FAILED) {
1029
2020-07-10
pjp
dolog(LOG_ERR, "failed to setup mmap segment, exit\n");
1030
2020-07-10
pjp
exit(1);
1031
2020-07-10
pjp
}
1032
2020-07-10
pjp
1033
2020-07-10
pjp
/* initialize */
1034
2020-07-12
pjp
for (sf = (struct sf_imsg *)&shptr[0], j = 0; j < SHAREDMEMSIZE; j++, sf++) {
1035
2020-07-12
pjp
pack32((char *)&sf->u.s.read, 1);
1036
2020-07-10
pjp
}
1037
2020-07-10
pjp
1038
2020-07-10
pjp
cfg->shptr = shptr;
1039
2020-07-11
pjp
cfg->shptrsize = shsize;
1040
2020-07-10
pjp
1041
2020-07-10
pjp
1042
2020-06-30
pjp
switch (pid = fork()) {
1043
2020-06-30
pjp
case -1:
1044
2020-06-30
pjp
dolog(LOG_ERR, "fork() failed: %s\n", strerror(errno));
1045
2020-06-30
pjp
ddd_shutdown();
1046
2020-06-30
pjp
exit(1);
1047
2020-06-30
pjp
case 0:
1048
2020-07-10
pjp
ibuf = register_cortex(&cortex_ibuf, MY_IMSG_FORWARD);
1049
2020-06-30
pjp
if (ibuf == NULL) {
1050
2020-06-30
pjp
ddd_shutdown();
1051
2020-06-30
pjp
exit(1);
1052
2020-06-30
pjp
}
1053
2020-06-30
pjp
1054
2020-07-14
pjp
/* initialize shared memory for forward here */
1055
2020-07-14
pjp
shsize = 16 + (SHAREDMEMSIZE * sizeof(struct rr_imsg));
1056
2020-07-14
pjp
1057
2020-07-14
pjp
shptr = mmap(NULL, shsize, PROT_READ | PROT_WRITE, MAP_SHARED |\
1058
2020-07-14
pjp
MAP_ANON, -1, 0);
1059
2020-07-14
pjp
1060
2020-07-14
pjp
if (shptr == MAP_FAILED) {
1061
2020-07-14
pjp
dolog(LOG_ERR, "failed to setup mmap segment, exit\n");
1062
2020-07-14
pjp
exit(1);
1063
2020-07-14
pjp
}
1064
2020-07-14
pjp
1065
2020-07-14
pjp
/* initialize */
1066
2020-07-14
pjp
for (ri = (struct rr_imsg *)&shptr[0], j = 0; j < SHAREDMEMSIZE; j++, ri++) {
1067
2020-07-14
pjp
pack32((char *)&ri->u.s.read, 1);
1068
2020-07-14
pjp
}
1069
2020-07-14
pjp
1070
2020-07-14
pjp
cfg->shptr2 = shptr;
1071
2020-07-14
pjp
cfg->shptr2size = shsize;
1072
2020-07-14
pjp
1073
2020-07-14
pjp
shsize = 16 + (SHAREDMEMSIZE3 * sizeof(struct pkt_imsg));
1074
2020-07-14
pjp
1075
2020-07-14
pjp
shptr = mmap(NULL, shsize, PROT_READ | PROT_WRITE, MAP_SHARED |\
1076
2020-07-14
pjp
MAP_ANON, -1, 0);
1077
2020-07-14
pjp
1078
2020-07-14
pjp
if (shptr == MAP_FAILED) {
1079
2020-07-14
pjp
dolog(LOG_ERR, "failed to setup mmap segment, exit\n");
1080
2020-07-14
pjp
exit(1);
1081
2020-07-14
pjp
}
1082
2020-07-14
pjp
1083
2020-07-14
pjp
/* initialize */
1084
2020-07-14
pjp
for (pi = (struct pkt_imsg *)&shptr[0], j = 0; j < SHAREDMEMSIZE3; j++, pi++) {
1085
2020-07-14
pjp
pack32((char *)&pi->pkt_s.read, 1);
1086
2020-07-14
pjp
}
1087
2020-07-14
pjp
1088
2020-07-14
pjp
cfg->shptr3 = shptr;
1089
2020-07-14
pjp
cfg->shptr3size = shsize;
1090
2020-07-14
pjp
1091
2020-06-30
pjp
/* chroot to the drop priv user home directory */
1092
2020-07-10
pjp
#ifdef DEFAULT_LOCATION
1093
2020-07-10
pjp
if (drop_privs(DEFAULT_LOCATION, pw) < 0) {
1094
2020-07-10
pjp
#else
1095
2020-07-10
pjp
if (drop_privs(pw->pw_dir, pw) < 0) {
1096
2020-07-10
pjp
#endif
1097
2020-07-10
pjp
dolog(LOG_INFO, "forward dropping privileges\n", strerror(errno));
1098
2020-06-30
pjp
ddd_shutdown();
1099
2020-06-30
pjp
exit(1);
1100
2020-06-30
pjp
}
1101
2020-06-30
pjp
#if __OpenBSD__
1102
2020-07-10
pjp
if (unveil("/", "") < 0) {
1103
2020-07-10
pjp
dolog(LOG_INFO, "unveil locking failed: %s\n", strerror(errno));
1104
2020-06-30
pjp
ddd_shutdown();
1105
2020-06-30
pjp
exit(1);
1106
2020-06-30
pjp
}
1107
2020-06-30
pjp
1108
2020-07-10
pjp
if (unveil(NULL, NULL) < 0) {
1109
2020-07-10
pjp
dolog(LOG_INFO, "unveil locking failed: %s\n", strerror(errno));
1110
2020-06-30
pjp
ddd_shutdown();
1111
2020-06-30
pjp
exit(1);
1112
2020-06-30
pjp
}
1113
2020-07-10
pjp
if (pledge("stdio inet proc id sendfd recvfd", NULL) < 0) {
1114
2020-07-10
pjp
perror("pledge");
1115
2020-07-10
pjp
exit(1);
1116
2020-07-10
pjp
}
1117
2020-06-30
pjp
#endif
1118
2020-06-30
pjp
1119
2020-06-30
pjp
/* close descriptors that we don't need */
1120
2020-06-30
pjp
for (j = 0; j < i; j++) {
1121
2020-06-30
pjp
close(tcp[j]);
1122
2020-06-30
pjp
close(udp[j]);
1123
2020-07-21
pjp
if (axfrport && axfrport != port)
1124
2020-07-21
pjp
close(uafd[j]);
1125
2020-07-10
pjp
1126
2020-06-30
pjp
}
1127
2020-06-30
pjp
1128
2020-07-10
pjp
cfg->sockcount = i;
1129
2020-07-10
pjp
cfg->db = db;
1130
2020-06-30
pjp
1131
2020-07-11
pjp
/* shptr has no business in parse process */
1132
2020-07-13
pjp
#if __OpenBSD__
1133
2020-07-11
pjp
minherit(cfg->shptr, cfg->shptrsize,
1134
2020-07-11
pjp
MAP_INHERIT_NONE);
1135
2020-07-13
pjp
#endif
1136
2020-07-11
pjp
1137
2020-07-10
pjp
setproctitle("FORWARD engine");
1138
2020-07-10
pjp
forwardloop(db, cfg, ibuf, &cortex_ibuf);
1139
2020-06-30
pjp
/* NOTREACHED */
1140
2020-06-30
pjp
exit(1);
1141
2020-06-30
pjp
default:
1142
2020-06-30
pjp
break;
1143
2020-06-30
pjp
}
1144
2020-07-10
pjp
1145
2020-07-10
pjp
} /* forward */
1146
2020-06-30
pjp
1147
2020-07-21
pjp
close(cfg->raw[0]);
1148
2020-07-21
pjp
close(cfg->raw[1]);
1149
2020-06-30
pjp
1150
2020-07-10
pjp
1151
2019-11-01
pjp
/* the rest of the daemon goes on in TCP and UDP loops */
1152
2019-12-11
pjp
#ifdef DEFAULT_LOCATION
1153
2019-12-11
pjp
if (drop_privs(DEFAULT_LOCATION, pw) < 0) {
1154
2019-12-11
pjp
#else
1155
2019-11-01
pjp
if (drop_privs(pw->pw_dir, pw) < 0) {
1156
2019-12-11
pjp
#endif
1157
2019-11-01
pjp
dolog(LOG_INFO, "dropping privileges failed\n");
1158
2020-06-25
pjp
ddd_shutdown();
1159
2019-11-01
pjp
exit(1);
1160
2019-11-01
pjp
}
1161
2019-11-01
pjp
#if __OpenBSD__
1162
2019-11-01
pjp
if (unveil(NULL, NULL) < 0) {
1163
2019-11-01
pjp
dolog(LOG_INFO, "unveil locking failed: %s\n", strerror(errno));
1164
2020-06-25
pjp
ddd_shutdown();
1165
2019-11-01
pjp
exit(1);
1166
2019-11-01
pjp
}
1167
2019-11-01
pjp
if (pledge("stdio inet proc id sendfd recvfd", NULL) < 0) {
1168
2019-11-01
pjp
perror("pledge");
1169
2019-11-01
pjp
exit(1);
1170
2019-11-01
pjp
}
1171
2019-11-01
pjp
#endif
1172
2019-11-01
pjp
1173
2016-07-06
pjp
/* what follows is a bit mangled code, we set up nflag + 1 amount of
1174
2016-07-06
pjp
* server instances (1 per cpu?) and if we're recursive we also set up
1175
2016-07-06
pjp
* the same amount of recursive instances all connected through a
1176
2016-07-06
pjp
* socketpair() so that it looks somewhat like this (with 4 instances):
1177
2016-07-06
pjp
*
1178
2016-07-06
pjp
* replies <--- [] ---- [] recursive end
1179
2016-07-06
pjp
* |
1180
2016-07-06
pjp
* replies <--- [] ---- []
1181
2016-07-06
pjp
* request * ---> |
1182
2016-07-06
pjp
* replies <--- [] ---- []
1183
2016-07-06
pjp
* |
1184
2016-07-06
pjp
* replies <--- [] ---- []
1185
2016-07-06
pjp
*
1186
2016-07-06
pjp
*/
1187
2016-07-06
pjp
1188
2017-12-26
pjp
cfg->pid = 0;
1189
2017-12-26
pjp
cfg->nth = 0;
1190
2017-12-26
pjp
1191
2016-07-06
pjp
for (n = 0; n < nflag; n++) {
1192
2016-07-06
pjp
switch (pid = fork()) {
1193
2016-07-06
pjp
case 0:
1194
2017-12-26
pjp
cfg->pid = getpid();
1195
2017-12-26
pjp
cfg->nth = n;
1196
2016-07-06
pjp
cfg->sockcount = i;
1197
2016-07-06
pjp
cfg->db = db;
1198
2016-07-06
pjp
for (i = 0; i < cfg->sockcount; i++) {
1199
2016-07-06
pjp
cfg->udp[i] = udp[i];
1200
2016-07-06
pjp
cfg->tcp[i] = tcp[i];
1201
2016-07-06
pjp
1202
2017-08-10
pjp
if (axfrport && axfrport != port)
1203
2016-07-06
pjp
cfg->axfr[i] = uafd[i];
1204
2016-07-06
pjp
1205
2016-07-06
pjp
cfg->ident[i] = strdup(ident[i]);
1206
2020-07-03
pjp
1207
2016-07-06
pjp
}
1208
2016-07-06
pjp
1209
2017-12-26
pjp
setproctitle("child %d pid %d", n, cfg->pid);
1210
2020-06-25
pjp
(void)mainloop(cfg, &cortex_ibuf);
1211
2016-07-06
pjp
1212
2016-07-06
pjp
/* NOTREACHED */
1213
2016-07-06
pjp
default:
1214
2016-07-06
pjp
break;
1215
2016-07-06
pjp
} /* switch pid= fork */
1216
2016-07-06
pjp
} /* for (.. nflag */
1217
2016-07-06
pjp
1218
2016-07-06
pjp
cfg->sockcount = i;
1219
2016-07-06
pjp
cfg->db = db;
1220
2016-07-06
pjp
for (i = 0; i < cfg->sockcount; i++) {
1221
2016-07-06
pjp
cfg->udp[i] = udp[i];
1222
2016-07-06
pjp
cfg->tcp[i] = tcp[i];
1223
2016-07-06
pjp
1224
2017-08-10
pjp
if (axfrport && axfrport != port)
1225
2016-07-06
pjp
cfg->axfr[i] = uafd[i];
1226
2016-07-06
pjp
1227
2016-07-06
pjp
cfg->ident[i] = strdup(ident[i]);
1228
2016-07-06
pjp
}
1229
2016-07-06
pjp
1230
2020-06-25
pjp
(void)mainloop(cfg, &cortex_ibuf);
1231
2016-07-06
pjp
1232
2016-07-06
pjp
/* NOTREACHED */
1233
2016-07-06
pjp
return (0);
1234
2016-07-06
pjp
}
1235
2016-07-06
pjp
1236
2016-07-06
pjp
1237
2016-07-06
pjp
1238
2016-07-06
pjp
/*
1239
2016-07-06
pjp
* COMPRESS_LABEL - compress a DNS name, must be passed an entire reply
1240
2016-07-06
pjp
* with the to be compressed name before the offset of
1241
2016-07-06
pjp
* that reply.
1242
2016-07-06
pjp
*/
1243
2016-07-06
pjp
1244
2016-07-06
pjp
int
1245
2016-07-06
pjp
compress_label(u_char *buf, u_int16_t offset, int labellen)
1246
2016-07-06
pjp
{
1247
2016-07-06
pjp
u_char *label[256]; /* should be enough */
1248
2016-07-06
pjp
u_char *end = &buf[offset];
1249
2016-07-06
pjp
struct question {
1250
2016-07-06
pjp
u_int16_t type;
1251
2016-07-06
pjp
u_int16_t class;
1252
2016-07-06
pjp
} __attribute__((packed));
1253
2016-07-06
pjp
struct answer {
1254
2016-07-06
pjp
u_int16_t type;
1255
2016-07-06
pjp
u_int16_t class;
1256
2016-07-06
pjp
u_int32_t ttl;
1257
2016-07-06
pjp
u_int16_t rdlength;
1258
2016-07-06
pjp
} __attribute__((packed));
1259
2016-07-06
pjp
struct soa {
1260
2016-07-06
pjp
u_int32_t serial;
1261
2016-07-06
pjp
u_int32_t refresh;
1262
2016-07-06
pjp
u_int32_t retry;
1263
2016-07-06
pjp
u_int32_t expire;
1264
2016-07-06
pjp
u_int32_t minttl;
1265
2016-07-06
pjp
} __attribute__((packed));
1266
2016-07-06
pjp
1267
2016-07-06
pjp
struct answer *a;
1268
2016-07-06
pjp
1269
2016-07-06
pjp
u_int i, j;
1270
2016-07-06
pjp
u_int checklen;
1271
2016-07-06
pjp
1272
2016-07-06
pjp
u_char *p, *e;
1273
2016-07-06
pjp
u_char *compressmark;
1274
2016-07-06
pjp
1275
2016-07-06
pjp
1276
2016-07-06
pjp
p = &buf[sizeof(struct dns_header)];
1277
2016-07-06
pjp
label[0] = p;
1278
2016-07-06
pjp
1279
2016-07-06
pjp
while (p <= end && *p) {
1280
2016-07-06
pjp
p += *p;
1281
2016-07-06
pjp
p++;
1282
2016-07-06
pjp
}
1283
2016-07-06
pjp
1284
2016-07-06
pjp
/*
1285
2016-07-06
pjp
* the question label was bogus, we'll just get out of there, return 0
1286
2016-07-06
pjp
*/
1287
2016-07-06
pjp
1288
2016-07-06
pjp
if (p >= end)
1289
2016-07-06
pjp
return (0);
1290
2016-07-06
pjp
1291
2016-07-06
pjp
p += sizeof(struct question);
1292
2016-07-06
pjp
p++; /* one more */
1293
2016-07-06
pjp
/* start of answer/additional/authoritative */
1294
2016-07-06
pjp
1295
2016-07-06
pjp
for (i = 1; i < 100; i++) {
1296
2016-07-06
pjp
label[i] = p;
1297
2016-07-06
pjp
1298
2016-07-06
pjp
while (p <= end && *p) {
1299
2016-07-06
pjp
if ((*p & 0xc0) == 0xc0) {
1300
2016-07-06
pjp
p++;
1301
2016-07-06
pjp
break;
1302
2016-07-06
pjp
}
1303
2016-07-06
pjp
p += *p;
1304
2016-07-06
pjp
p++;
1305
2016-07-06
pjp
1306
2016-07-06
pjp
if (p >= end)
1307
2016-07-06
pjp
goto end;
1308
2016-07-06
pjp
}
1309
2016-07-06
pjp
1310
2016-07-06
pjp
p++; /* one more */
1311
2016-07-06
pjp
1312
2016-07-06
pjp
1313
2016-07-06
pjp
a = (struct answer *)p;
1314
2016-07-06
pjp
p += sizeof(struct answer);
1315
2016-07-06
pjp
1316
2016-07-06
pjp
/* Thanks FreeLogic! */
1317
2016-07-06
pjp
if (p >= end)
1318
2016-07-06
pjp
goto end;
1319
2016-07-06
pjp
1320
2016-07-06
pjp
switch (ntohs(a->type)) {
1321
2016-07-06
pjp
case DNS_TYPE_A:
1322
2016-07-06
pjp
p += sizeof(in_addr_t);
1323
2016-07-06
pjp
break;
1324
2016-07-06
pjp
case DNS_TYPE_AAAA:
1325
2016-07-06
pjp
p += 16; /* sizeof 4 * 32 bit */
1326
2016-07-06
pjp
break;
1327
2016-07-06
pjp
case DNS_TYPE_TXT:
1328
2016-07-06
pjp
p += *p;
1329
2016-07-06
pjp
p++;
1330
2016-07-06
pjp
break;
1331
2016-07-06
pjp
case DNS_TYPE_TLSA:
1332
2016-07-06
pjp
p += 2;
1333
2016-07-06
pjp
switch (*p) {
1334
2016-07-06
pjp
case 1:
1335
2016-07-06
pjp
p += DNS_TLSA_SIZE_SHA256 + 1;
1336
2016-07-06
pjp
break;
1337
2016-07-06
pjp
case 2:
1338
2016-07-06
pjp
p += DNS_TLSA_SIZE_SHA512 + 1;
1339
2016-07-06
pjp
break;
1340
2016-07-06
pjp
default:
1341
2016-07-06
pjp
/* XXX */
1342
2016-07-06
pjp
goto end;
1343
2016-07-06
pjp
}
1344
2016-07-06
pjp
1345
2016-07-06
pjp
break;
1346
2016-07-06
pjp
case DNS_TYPE_SSHFP:
1347
2016-07-06
pjp
p++;
1348
2016-07-06
pjp
switch (*p) {
1349
2016-07-06
pjp
case 1:
1350
2016-07-06
pjp
p += DNS_SSHFP_SIZE_SHA1 + 1;
1351
2016-07-06
pjp
break;
1352
2016-07-06
pjp
case 2:
1353
2016-07-06
pjp
p += DNS_SSHFP_SIZE_SHA256 + 1;
1354
2016-07-06
pjp
break;
1355
2016-07-06
pjp
default:
1356
2016-07-06
pjp
/* XXX */
1357
2016-07-06
pjp
goto end;
1358
2016-07-06
pjp
}
1359
2016-07-06
pjp
1360
2016-07-06
pjp
break;
1361
2016-07-06
pjp
case DNS_TYPE_SRV:
1362
2016-07-06
pjp
p += (2 * sizeof(u_int16_t)); /* priority, weight */
1363
2016-07-06
pjp
/* the port will be assumed in the fall through for
1364
2016-07-06
pjp
mx_priority..
1365
2016-07-06
pjp
*/
1366
2016-07-06
pjp
/* FALLTHROUGH */
1367
2016-07-06
pjp
case DNS_TYPE_MX:
1368
2016-07-06
pjp
p += sizeof(u_int16_t); /* mx_priority */
1369
2016-07-06
pjp
/* FALLTHROUGH */
1370
2016-07-06
pjp
case DNS_TYPE_NS:
1371
2016-07-06
pjp
case DNS_TYPE_PTR:
1372
2016-07-06
pjp
case DNS_TYPE_CNAME:
1373
2016-07-06
pjp
label[++i] = p;
1374
2016-07-06
pjp
while (p <= end && *p) {
1375
2016-07-06
pjp
if ((*p & 0xc0) == 0xc0) {
1376
2016-07-06
pjp
p++;
1377
2016-07-06
pjp
break;
1378
2016-07-06
pjp
}
1379
2016-07-06
pjp
p += *p;
1380
2016-07-06
pjp
p++;
1381
2016-07-06
pjp
1382
2016-07-06
pjp
if (p >= end)
1383
2016-07-06
pjp
goto end;
1384
2016-07-06
pjp
}
1385
2016-07-06
pjp
1386
2016-07-06
pjp
p++; /* one more */
1387
2016-07-06
pjp
break;
1388
2016-07-06
pjp
case DNS_TYPE_SOA:
1389
2016-07-06
pjp
/* nsserver */
1390
2016-07-06
pjp
label[++i] = p;
1391
2016-07-06
pjp
while (p <= end && *p) {
1392
2016-07-06
pjp
if ((*p & 0xc0) == 0xc0) {
1393
2016-07-06
pjp
p++;
1394
2016-07-06
pjp
break;
1395
2016-07-06
pjp
}
1396
2016-07-06
pjp
p += *p;
1397
2016-07-06
pjp
p++;
1398
2016-07-06
pjp
if (p >= end)
1399
2016-07-06
pjp
goto end;
1400
2016-07-06
pjp
}
1401
2016-07-06
pjp
1402
2016-07-06
pjp
p++; /* one more */
1403
2016-07-06
pjp
1404
2016-07-06
pjp
if (p >= end)
1405
2016-07-06
pjp
break;
1406
2016-07-06
pjp
1407
2016-07-06
pjp
/* responsible person */
1408
2016-07-06
pjp
label[++i] = p;
1409
2016-07-06
pjp
while (p <= end && *p) {
1410
2016-07-06
pjp
if ((*p & 0xc0) == 0xc0) {
1411
2016-07-06
pjp
p++;
1412
2016-07-06
pjp
break;
1413
2016-07-06
pjp
}
1414
2016-07-06
pjp
p += *p;
1415
2016-07-06
pjp
p++;
1416
2016-07-06
pjp
}
1417
2016-07-06
pjp
1418
2016-07-06
pjp
p++; /* one more */
1419
2016-07-06
pjp
1420
2016-07-06
pjp
if (p >= end)
1421
2016-07-06
pjp
break;
1422
2016-07-06
pjp
1423
2016-07-06
pjp
p += sizeof(struct soa); /* advance struct soa */
1424
2016-07-06
pjp
1425
2016-07-06
pjp
break;
1426
2016-07-06
pjp
case DNS_TYPE_NAPTR:
1427
2016-07-06
pjp
p += (2 * sizeof(u_int16_t)); /* order and preference */
1428
2016-07-06
pjp
p += *p; /* flags */
1429
2016-07-06
pjp
p++;
1430
2016-07-06
pjp
p += *p; /* services */
1431
2016-07-06
pjp
p++;
1432
2016-07-06
pjp
p += *p; /* regexp */
1433
2016-07-06
pjp
p++;
1434
2016-07-06
pjp
1435
2016-07-06
pjp
label[++i] = p;
1436
2016-07-06
pjp
while (p <= end && *p) {
1437
2016-07-06
pjp
if ((*p & 0xc0) == 0xc0) {
1438
2016-07-06
pjp
p++;
1439
2016-07-06
pjp
break;
1440
2016-07-06
pjp
}
1441
2016-07-06
pjp
p += *p;
1442
2016-07-06
pjp
p++;
1443
2016-07-06
pjp
1444
2016-07-06
pjp
if (p >= end)
1445
2016-07-06
pjp
goto end;
1446
2016-07-06
pjp
}
1447
2016-07-06
pjp
1448
2016-07-06
pjp
p++; /* one more */
1449
2016-07-06
pjp
break;
1450
2016-07-06
pjp
1451
2016-07-06
pjp
default:
1452
2016-07-06
pjp
break;
1453
2016-07-06
pjp
/* XXX */
1454
2016-07-06
pjp
} /* switch */
1455
2016-07-06
pjp
1456
2016-07-06
pjp
if (p >= end)
1457
2016-07-06
pjp
break;
1458
2016-07-06
pjp
} /* for (i *) */
1459
2016-07-06
pjp
1460
2016-07-06
pjp
end:
1461
2016-07-06
pjp
1462
2016-07-06
pjp
p = &buf[offset - labellen];
1463
2016-07-06
pjp
checklen = labellen;
1464
2016-07-06
pjp
1465
2016-07-06
pjp
for (;*p != 0;) {
1466
2016-07-06
pjp
for (j = 0; j < i; j++) {
1467
2016-07-06
pjp
for (e = label[j]; *e; e += *e, e++) {
1468
2016-07-06
pjp
if ((*e & 0xc0) == 0xc0)
1469
2016-07-06
pjp
break;
1470
2016-07-06
pjp
1471
2016-07-06
pjp
if (memcasecmp(e, p, checklen) == 0) {
1472
2016-07-06
pjp
/* e is now our compress offset */
1473
2016-07-06
pjp
compressmark = e;
1474
2016-07-06
pjp
goto out; /* found one */
1475
2016-07-06
pjp
}
1476
2016-07-06
pjp
} /* for (e .. */
1477
2016-07-06
pjp
1478
2016-07-06
pjp
} /* for (j .. */
1479
2016-07-06
pjp
1480
2016-07-06
pjp
if (*p > DNS_MAXLABEL)
1481
2016-07-06
pjp
return 0; /* totally bogus label */
1482
2016-07-06
pjp
1483
2016-07-06
pjp
checklen -= *p;
1484
2016-07-06
pjp
p += *p;
1485
2016-07-06
pjp
checklen--;
1486
2016-07-06
pjp
p++;
1487
2016-07-06
pjp
}
1488
2016-07-06
pjp
1489
2016-07-06
pjp
return (0); /* no compression possible */
1490
2016-07-06
pjp
1491
2016-07-06
pjp
out:
1492
2016-07-06
pjp
/* take off our compress length */
1493
2016-07-06
pjp
offset -= checklen;
1494
2016-07-06
pjp
/* write compressed label */
1495
2019-12-03
pjp
pack16(&buf[offset], htons((compressmark - &buf[0]) | 0xc000));
1496
2016-07-06
pjp
1497
2016-07-06
pjp
offset += sizeof(u_int16_t);
1498
2016-07-06
pjp
1499
2016-07-06
pjp
return (offset);
1500
2016-07-06
pjp
}
1501
2016-07-06
pjp
1502
2016-07-06
pjp
1503
2016-07-06
pjp
1504
2016-07-06
pjp
/*
1505
2016-07-06
pjp
* MAINLOOP - does the polling of tcp & udp descriptors and if ready receives the
1506
2016-07-06
pjp
* requests, builds the question and calls for replies, loops
1507
2016-07-06
pjp
*
1508
2016-07-06
pjp
*/
1509
2016-07-06
pjp
1510
2016-07-06
pjp
void
1511
2020-06-25
pjp
mainloop(struct cfg *cfg, struct imsgbuf *ibuf)
1512
2016-07-06
pjp
{
1513
2016-07-06
pjp
fd_set rset;
1514
2017-08-09
pjp
pid_t pid;
1515
2017-08-09
pjp
1516
2020-07-03
pjp
int sel, oldsel;
1517
2019-10-25
pjp
int len, slen = 0;
1518
2016-07-06
pjp
int is_ipv6;
1519
2020-06-25
pjp
int i, nomore = 0;
1520
2016-07-06
pjp
int istcp = 1;
1521
2016-07-06
pjp
int maxso;
1522
2016-07-06
pjp
int so;
1523
2016-07-06
pjp
int type0, type1;
1524
2016-07-06
pjp
int lzerrno;
1525
2016-07-06
pjp
int filter = 0;
1526
2016-07-06
pjp
int rcheck = 0;
1527
2020-07-16
pjp
int blocklist = 1;
1528
2019-02-24
pjp
int require_tsig = 0;
1529
2020-06-25
pjp
pid_t idata;
1530
2016-07-06
pjp
1531
2018-07-13
pjp
u_int32_t received_ttl;
1532
2019-02-24
pjp
u_int32_t imsg_type;
1533
2016-07-06
pjp
u_char *ttlptr;
1534
2016-07-06
pjp
1535
2016-07-06
pjp
u_int8_t aregion; /* region where the address comes from */
1536
2016-07-06
pjp
1537
2016-07-06
pjp
char buf[4096];
1538
2016-07-06
pjp
char *replybuf = NULL;
1539
2016-07-06
pjp
char address[INET6_ADDRSTRLEN];
1540
2016-07-06
pjp
char replystring[DNS_MAXNAME + 1];
1541
2016-07-06
pjp
char fakereplystring[DNS_MAXNAME + 1];
1542
2016-07-06
pjp
char controlbuf[64];
1543
2016-07-06
pjp
1544
2016-07-06
pjp
union {
1545
2016-07-06
pjp
struct sockaddr sa;
1546
2016-07-06
pjp
struct sockaddr_in sin;
1547
2016-07-06
pjp
struct sockaddr_in6 sin6;
1548
2016-07-06
pjp
} sockaddr_large;
1549
2016-07-06
pjp
1550
2016-07-06
pjp
socklen_t fromlen = sizeof(sockaddr_large);
1551
2016-07-06
pjp
1552
2016-07-06
pjp
struct sockaddr *from = (void *)&sockaddr_large;
1553
2016-07-06
pjp
struct sockaddr_in *sin;
1554
2016-07-06
pjp
struct sockaddr_in6 *sin6;
1555
2016-07-06
pjp
1556
2016-07-06
pjp
struct question *question = NULL, *fakequestion = NULL;
1557
2017-11-28
pjp
struct parsequestion pq;
1558
2019-02-15
pjp
struct rbtree *rbt0 = NULL, *rbt1 = NULL;
1559
2019-02-15
pjp
struct rrset *csd;
1560
2019-02-15
pjp
struct rr *rr_csd;
1561
2020-07-10
pjp
struct sf_imsg sf, *sfi = NULL;
1562
2016-07-06
pjp
1563
2016-07-06
pjp
struct sreply sreply;
1564
2019-01-25
pjp
struct reply_logic *rl = NULL;
1565
2016-07-06
pjp
struct timeval tv = { 10, 0};
1566
2020-07-25
pjp
struct timeval rectv0, rectv1, *prectv;
1567
2016-07-06
pjp
1568
2016-07-06
pjp
struct msghdr msgh;
1569
2017-11-27
pjp
struct cmsghdr *cmsg = NULL;
1570
2016-07-06
pjp
struct iovec iov;
1571
2020-06-25
pjp
struct imsgbuf *tcp_ibuf, *udp_ibuf, parse_ibuf;
1572
2017-11-28
pjp
struct imsgbuf *pibuf;
1573
2017-11-28
pjp
struct imsg imsg;
1574
2017-11-28
pjp
1575
2020-07-03
pjp
struct sforward *sforward;
1576
2020-06-30
pjp
1577
2017-11-28
pjp
ssize_t n, datalen;
1578
2020-07-10
pjp
int ix;
1579
2020-07-21
pjp
int sretlen;
1580
2020-07-25
pjp
1581
2020-07-25
pjp
memset(&rectv0, 0, sizeof(struct timeval));
1582
2020-07-25
pjp
memset(&rectv1, 0, sizeof(struct timeval));
1583
2020-06-25
pjp
1584
2020-07-11
pjp
pid = fork();
1585
2020-07-11
pjp
switch (pid) {
1586
2020-07-11
pjp
case -1:
1587
2020-07-11
pjp
dolog(LOG_ERR, "fork(): %s\n", strerror(errno));
1588
2020-07-11
pjp
exit(1);
1589
2020-07-11
pjp
case 0:
1590
2020-07-11
pjp
for (i = 0; i < cfg->sockcount; i++) {
1591
2020-07-11
pjp
close(cfg->udp[i]);
1592
2020-07-11
pjp
if (axfrport && axfrport != port)
1593
2020-07-11
pjp
close(cfg->axfr[i]);
1594
2020-07-11
pjp
}
1595
2020-07-11
pjp
tcp_ibuf = register_cortex(ibuf, MY_IMSG_TCP);
1596
2020-07-11
pjp
if (tcp_ibuf == NULL) {
1597
2020-07-11
pjp
ddd_shutdown();
1598
2020-07-11
pjp
exit(1);
1599
2020-07-11
pjp
}
1600
2020-07-11
pjp
/* shptr has no business in a tcp parse process */
1601
2020-07-11
pjp
if (forward) {
1602
2020-07-13
pjp
#if __OpenBSD__
1603
2020-07-11
pjp
minherit(cfg->shptr, cfg->shptrsize,
1604
2020-07-11
pjp
MAP_INHERIT_NONE);
1605
2020-07-13
pjp
#endif
1606
2020-07-11
pjp
}
1607
2020-06-25
pjp
1608
2020-07-11
pjp
setproctitle("TCP engine %d", cfg->pid);
1609
2020-07-11
pjp
tcploop(cfg, tcp_ibuf, ibuf);
1610
2020-07-11
pjp
/* NOTREACHED */
1611
2020-07-11
pjp
exit(1);
1612
2020-07-11
pjp
default:
1613
2020-07-11
pjp
for (i = 0; i < cfg->sockcount; i++) {
1614
2020-07-11
pjp
close(cfg->tcp[i]);
1615
2020-07-11
pjp
}
1616
2020-07-11
pjp
break;
1617
2020-07-11
pjp
}
1618
2020-07-11
pjp
1619
2020-07-11
pjp
/* shptr has no business in a udp parse process */
1620
2020-07-11
pjp
if (forward) {
1621
2020-07-13
pjp
#if __OpenBSD__
1622
2020-07-11
pjp
minherit(cfg->shptr, cfg->shptrsize,
1623
2020-07-11
pjp
MAP_INHERIT_NONE);
1624
2020-07-13
pjp
#endif
1625
2020-07-11
pjp
}
1626
2020-07-11
pjp
1627
2020-07-03
pjp
sforward = (struct sforward *)calloc(1, sizeof(struct sforward));
1628
2020-07-03
pjp
if (sforward == NULL) {
1629
2020-06-30
pjp
dolog(LOG_ERR, "calloc: %s\n", strerror(errno));
1630
2020-06-30
pjp
ddd_shutdown();
1631
2020-06-30
pjp
exit(1);
1632
2020-06-30
pjp
}
1633
2020-06-30
pjp
1634
2020-06-25
pjp
replybuf = calloc(1, 65536);
1635
2020-06-25
pjp
if (replybuf == NULL) {
1636
2020-06-25
pjp
dolog(LOG_ERR, "calloc: %s\n", strerror(errno));
1637
2020-06-25
pjp
ddd_shutdown();
1638
2020-06-25
pjp
exit(1);
1639
2020-06-30
pjp
}
1640
2020-06-25
pjp
1641
2020-07-03
pjp
udp_ibuf = register_cortex(ibuf, MY_IMSG_UDP);
1642
2020-07-03
pjp
if (udp_ibuf == NULL) {
1643
2020-07-03
pjp
ddd_shutdown();
1644
2020-07-03
pjp
exit(1);
1645
2020-07-03
pjp
}
1646
2020-07-03
pjp
1647
2020-06-25
pjp
if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, PF_UNSPEC, &cfg->my_imsg[MY_IMSG_PARSER].imsg_fds[0]) < 0) {
1648
2017-08-09
pjp
dolog(LOG_INFO, "socketpair() failed\n");
1649
2020-06-25
pjp
ddd_shutdown();
1650
2017-08-09
pjp
exit(1);
1651
2017-08-09
pjp
}
1652
2016-07-06
pjp
1653
2017-08-09
pjp
pid = fork();
1654
2017-08-09
pjp
switch (pid) {
1655
2017-08-09
pjp
case -1:
1656
2017-08-09
pjp
dolog(LOG_ERR, "fork(): %s\n", strerror(errno));
1657
2017-08-09
pjp
exit(1);
1658
2017-08-09
pjp
case 0:
1659
2020-07-14
pjp
#ifndef __OpenBSD__
1660
2020-07-14
pjp
/* OpenBSD has minherit() */
1661
2020-07-14
pjp
if (munmap(cfg->shptr, cfg->shptrsize) == -1) {
1662
2020-07-14
pjp
dolog(LOG_INFO, "unmapping shptr failed: %s\n", \
1663
2020-07-14
pjp
strerror(errno));
1664
2020-07-14
pjp
}
1665
2020-07-14
pjp
#endif
1666
2020-07-14
pjp
cfg->shptrsize = 0;
1667
2020-07-11
pjp
/* close udp decriptors */
1668
2017-08-09
pjp
for (i = 0; i < cfg->sockcount; i++) {
1669
2017-08-09
pjp
close(cfg->udp[i]);
1670
2017-08-09
pjp
}
1671
2020-06-25
pjp
close(ibuf->fd);
1672
2020-07-03
pjp
close(udp_ibuf->fd);
1673
2020-06-25
pjp
close(cfg->my_imsg[MY_IMSG_PARSER].imsg_fds[1]);
1674
2020-06-25
pjp
imsg_init(&parse_ibuf, cfg->my_imsg[MY_IMSG_PARSER].imsg_fds[0]);
1675
2020-06-25
pjp
setproctitle("udp parse engine %d", cfg->pid);
1676
2020-06-25
pjp
parseloop(cfg, &parse_ibuf);
1677
2017-08-09
pjp
/* NOTREACHED */
1678
2017-08-09
pjp
exit(1);
1679
2017-08-09
pjp
default:
1680
2020-06-25
pjp
close(cfg->my_imsg[MY_IMSG_PARSER].imsg_fds[0]);
1681
2020-06-25
pjp
imsg_init(&parse_ibuf, cfg->my_imsg[MY_IMSG_PARSER].imsg_fds[1]);
1682
2020-06-25
pjp
pibuf = &parse_ibuf;
1683
2017-08-09
pjp
break;
1684
2017-08-09
pjp
}
1685
2016-07-06
pjp
1686
2020-06-25
pjp
1687
2020-06-25
pjp
1688
2017-11-27
pjp
#if __OpenBSD__
1689
2017-11-27
pjp
if (pledge("stdio inet sendfd recvfd", NULL) < 0) {
1690
2017-11-27
pjp
perror("pledge");
1691
2017-11-27
pjp
exit(1);
1692
2017-11-27
pjp
}
1693
2017-11-27
pjp
#endif
1694
2017-11-27
pjp
1695
2016-07-06
pjp
for (;;) {
1696
2016-07-06
pjp
is_ipv6 = 0;
1697
2016-07-06
pjp
maxso = 0;
1698
2016-07-06
pjp
1699
2016-07-06
pjp
FD_ZERO(&rset);
1700
2016-07-06
pjp
for (i = 0; i < cfg->sockcount; i++) {
1701
2016-07-06
pjp
if (maxso < cfg->udp[i])
1702
2016-07-06
pjp
maxso = cfg->udp[i];
1703
2016-07-06
pjp
1704
2017-08-10
pjp
if (axfrport && axfrport != port && maxso < cfg->axfr[i])
1705
2016-07-06
pjp
maxso = cfg->axfr[i];
1706
2016-07-06
pjp
1707
2016-07-06
pjp
FD_SET(cfg->udp[i], &rset);
1708
2016-07-06
pjp
1709
2017-08-10
pjp
if (axfrport && axfrport != port)
1710
2016-07-06
pjp
FD_SET(cfg->axfr[i], &rset);
1711
2016-07-06
pjp
}
1712
2016-07-06
pjp
1713
2016-07-06
pjp
tv.tv_sec = 10;
1714
2016-07-06
pjp
tv.tv_usec = 0;
1715
2016-07-06
pjp
1716
2016-07-06
pjp
sel = select(maxso + 1, &rset, NULL, NULL, &tv);
1717
2016-07-06
pjp
1718
2016-07-06
pjp
if (sel < 0) {
1719
2016-07-06
pjp
dolog(LOG_INFO, "select: %s\n", strerror(errno));
1720
2016-07-06
pjp
continue;
1721
2016-07-06
pjp
}
1722
2016-07-06
pjp
1723
2016-07-06
pjp
if (sel == 0) {
1724
2020-06-25
pjp
if (nomore)
1725
2020-06-25
pjp
continue;
1726
2017-08-09
pjp
1727
2017-08-09
pjp
idata = 42;
1728
2020-06-25
pjp
imsg_compose(ibuf, IMSG_CRIPPLE_NEURON,
1729
2017-08-09
pjp
0, 0, -1, &idata, sizeof(idata));
1730
2020-06-25
pjp
msgbuf_write(&ibuf->w);
1731
2017-08-09
pjp
1732
2020-06-25
pjp
nomore = 1;
1733
2020-06-25
pjp
1734
2016-07-06
pjp
continue;
1735
2016-07-06
pjp
}
1736
2016-07-06
pjp
1737
2016-07-06
pjp
for (i = 0; i < cfg->sockcount; i++) {
1738
2017-08-10
pjp
if (axfrport && axfrport != port && FD_ISSET(cfg->axfr[i], &rset)) {
1739
2017-08-09
pjp
istcp = 0;
1740
2017-08-09
pjp
so = cfg->axfr[i];
1741
2017-08-09
pjp
1742
2017-08-09
pjp
goto axfrentry;
1743
2017-08-09
pjp
}
1744
2017-08-09
pjp
1745
2017-08-09
pjp
if (FD_ISSET(cfg->udp[i], &rset)) {
1746
2017-08-09
pjp
istcp = 0;
1747
2017-08-09
pjp
so = cfg->udp[i];
1748
2020-07-03
pjp
oldsel = i;
1749
2017-08-09
pjp
axfrentry:
1750
2016-07-06
pjp
fromlen = sizeof(sockaddr_large);
1751
2016-07-06
pjp
1752
2017-08-09
pjp
memset(&msgh, 0, sizeof(msgh));
1753
2017-08-09
pjp
iov.iov_base = buf;
1754
2017-08-09
pjp
iov.iov_len = sizeof(buf);
1755
2017-08-09
pjp
msgh.msg_name = from;
1756
2017-08-09
pjp
msgh.msg_namelen = fromlen;
1757
2017-08-09
pjp
msgh.msg_iov = &iov;
1758
2017-08-09
pjp
msgh.msg_iovlen = 1;
1759
2017-08-09
pjp
msgh.msg_control = (struct cmsghdr*)&controlbuf;
1760
2017-08-09
pjp
msgh.msg_controllen = sizeof(controlbuf);
1761
2017-08-09
pjp
1762
2017-08-09
pjp
len = recvmsg(so, &msgh, 0);
1763
2017-08-09
pjp
if (len < 0) {
1764
2017-08-09
pjp
dolog(LOG_INFO, "recvmsg: on descriptor %u interface \"%s\" %s\n", so, cfg->ident[i], strerror(errno));
1765
2016-07-06
pjp
continue;
1766
2016-07-06
pjp
}
1767
2016-07-06
pjp
1768
2017-08-09
pjp
received_ttl = 0;
1769
2017-08-09
pjp
1770
2017-08-09
pjp
for (cmsg = CMSG_FIRSTHDR(&msgh);
1771
2017-08-09
pjp
cmsg != NULL;
1772
2017-08-09
pjp
cmsg = CMSG_NXTHDR(&msgh,cmsg)) {
1773
2017-08-09
pjp
if (cmsg->cmsg_level == IPPROTO_IP
1774
2017-08-09
pjp
#ifdef __linux__
1775
2017-08-09
pjp
&& cmsg->cmsg_type == IP_TTL) {
1776
2017-08-09
pjp
#else
1777
2017-08-09
pjp
1778
2017-08-09
pjp
&& cmsg->cmsg_type == IP_RECVTTL) {
1779
2017-08-09
pjp
#endif
1780
2017-08-09
pjp
1781
2017-08-09
pjp
ttlptr = (u_char *) CMSG_DATA(cmsg);
1782
2017-08-09
pjp
received_ttl = (u_int)*ttlptr;
1783
2017-08-09
pjp
}
1784
2017-08-09
pjp
1785
2017-08-09
pjp
if (cmsg->cmsg_level == IPPROTO_IPV6 &&
1786
2017-08-09
pjp
cmsg->cmsg_type == IPV6_HOPLIMIT) {
1787
2017-08-09
pjp
1788
2017-08-09
pjp
if (cmsg->cmsg_len !=
1789
2017-08-09
pjp
CMSG_LEN(sizeof(int))) {
1790
2020-07-25
pjp
dolog(LOG_INFO, "IPV6_HOPLIMIT cmsg->cmsg_len == %d\n", cmsg->cmsg_len);
1791
2017-08-09
pjp
continue;
1792
2017-08-09
pjp
}
1793
2017-08-09
pjp
1794
2017-08-09
pjp
ttlptr = (u_char *) CMSG_DATA(cmsg);
1795
2017-08-09
pjp
received_ttl = (u_int)*ttlptr;
1796
2017-08-09
pjp
}
1797
2020-07-25
pjp
1798
2020-07-25
pjp
if (cmsg->cmsg_level == SOL_SOCKET &&
1799
2020-07-25
pjp
cmsg->cmsg_type == SCM_TIMESTAMP) {
1800
2020-07-25
pjp
1801
2020-07-25
pjp
if (cmsg->cmsg_len !=
1802
2020-07-25
pjp
CMSG_LEN(sizeof(struct timeval))) {
1803
2020-07-25
pjp
dolog(LOG_INFO, "SCM_TIMESTAMP cmsg->cmsg_len == %d\n", cmsg->cmsg_len);
1804
2020-07-25
pjp
continue;
1805
2020-07-25
pjp
}
1806
2020-07-25
pjp
1807
2020-07-25
pjp
prectv = (struct timeval *) CMSG_DATA(cmsg);
1808
2020-07-25
pjp
memcpy((char *)&rectv0, (char *)prectv, sizeof(struct timeval));
1809
2020-07-25
pjp
}
1810
2017-08-09
pjp
}
1811
2017-08-09
pjp
1812
2016-07-06
pjp
if (from->sa_family == AF_INET6) {
1813
2016-07-06
pjp
is_ipv6 = 1;
1814
2016-07-06
pjp
1815
2016-07-06
pjp
fromlen = sizeof(struct sockaddr_in6);
1816
2016-07-06
pjp
sin6 = (struct sockaddr_in6 *)from;
1817
2016-07-06
pjp
inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, (char *)&address, sizeof(address));
1818
2017-08-09
pjp
if (ratelimit) {
1819
2017-08-09
pjp
add_rrlimit(ratelimit_backlog, (u_int16_t *)&sin6->sin6_addr, sizeof(sin6->sin6_addr), rptr);
1820
2017-08-09
pjp
1821
2017-08-09
pjp
rcheck = check_rrlimit(ratelimit_backlog, (u_int16_t *)&sin6->sin6_addr, sizeof(sin6->sin6_addr), rptr);
1822
2017-08-09
pjp
}
1823
2017-08-09
pjp
1824
2016-07-06
pjp
aregion = find_region((struct sockaddr_storage *)sin6, AF_INET6);
1825
2019-02-24
pjp
filter = 0;
1826
2016-07-06
pjp
filter = find_filter((struct sockaddr_storage *)sin6, AF_INET6);
1827
2020-07-16
pjp
if (passlist) {
1828
2020-07-16
pjp
blocklist = find_passlist((struct sockaddr_storage *)sin6, AF_INET6);
1829
2016-07-06
pjp
}
1830
2019-02-24
pjp
1831
2019-02-24
pjp
require_tsig = 0;
1832
2019-02-24
pjp
if (tsig) {
1833
2019-02-24
pjp
require_tsig = find_tsig((struct sockaddr_storage *)sin6, AF_INET6);
1834
2019-02-24
pjp
}
1835
2019-02-24
pjp
1836
2016-07-06
pjp
} else if (from->sa_family == AF_INET) {
1837
2016-07-06
pjp
is_ipv6 = 0;
1838
2016-07-06
pjp
1839
2016-07-06
pjp
fromlen = sizeof(struct sockaddr_in);
1840
2016-07-06
pjp
sin = (struct sockaddr_in *)from;
1841
2016-07-06
pjp
inet_ntop(AF_INET, (void *)&sin->sin_addr, (char *)&address, sizeof(address));
1842
2017-08-09
pjp
if (ratelimit) {
1843
2017-08-09
pjp
add_rrlimit(ratelimit_backlog, (u_int16_t *)&sin->sin_addr.s_addr, sizeof(sin->sin_addr.s_addr), rptr);
1844
2017-08-09
pjp
1845
2017-08-09
pjp
rcheck = check_rrlimit(ratelimit_backlog, (u_int16_t *)&sin->sin_addr.s_addr, sizeof(sin->sin_addr.s_addr), rptr);
1846
2017-08-09
pjp
}
1847
2017-08-09
pjp
1848
2016-07-06
pjp
aregion = find_region((struct sockaddr_storage *)sin, AF_INET);
1849
2019-02-24
pjp
filter = 0;
1850
2016-07-06
pjp
filter = find_filter((struct sockaddr_storage *)sin, AF_INET);
1851
2020-07-16
pjp
if (passlist) {
1852
2020-07-16
pjp
blocklist = find_passlist((struct sockaddr_storage *)sin, AF_INET);
1853
2016-07-06
pjp
}
1854
2016-07-06
pjp
1855
2019-02-24
pjp
require_tsig = 0;
1856
2019-02-24
pjp
if (tsig) {
1857
2019-02-24
pjp
require_tsig = find_tsig((struct sockaddr_storage *)sin, AF_INET);
1858
2019-02-24
pjp
}
1859
2019-02-24
pjp
1860
2017-08-09
pjp
} else {
1861
2017-08-09
pjp
dolog(LOG_INFO, "packet received on descriptor %u interface \"%s\" had weird address family (%u), drop\n", so, cfg->ident[i], from->sa_family);
1862
2017-08-09
pjp
goto drop;
1863
2016-07-06
pjp
}
1864
2016-07-06
pjp
1865
2017-08-09
pjp
/* if UDP packet check length for minimum / maximum */
1866
2017-08-09
pjp
if (len > DNS_MAXUDP || len < sizeof(struct dns_header)){
1867
2017-08-09
pjp
dolog(LOG_INFO, "on descriptor %u interface \"%s\" illegal dns packet length from %s, drop\n", so, cfg->ident[i], address);
1868
2017-08-09
pjp
goto drop;
1869
2016-07-06
pjp
}
1870
2016-07-06
pjp
1871
2019-02-24
pjp
if (filter && require_tsig == 0) {
1872
2016-07-06
pjp
1873
2020-06-29
pjp
build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
1874
2020-07-21
pjp
slen = reply_refused(&sreply, &sretlen, NULL);
1875
2017-11-27
pjp
1876
2017-11-28
pjp
dolog(LOG_INFO, "UDP connection refused on descriptor %u interface \"%s\" from %s (ttl=%d, region=%d) replying REFUSED, filter policy\n", so, cfg->ident[i], address, received_ttl, aregion);
1877
2017-08-09
pjp
goto drop;
1878
2017-08-09
pjp
}
1879
2016-07-06
pjp
1880
2020-07-16
pjp
if (passlist && blocklist == 0) {
1881
2016-07-06
pjp
1882
2020-06-29
pjp
build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
1883
2020-07-21
pjp
slen = reply_refused(&sreply, &sretlen, NULL);
1884
2017-08-09
pjp
1885
2020-07-16
pjp
dolog(LOG_INFO, "UDP connection refused on descriptor %u interface \"%s\" from %s (ttl=%d, region=%d) replying REFUSED, passlist policy\n", so, cfg->ident[i], address, received_ttl, aregion);
1886
2017-08-09
pjp
goto drop;
1887
2016-07-06
pjp
}
1888
2017-08-09
pjp
1889
2017-11-28
pjp
if (ratelimit && rcheck) {
1890
2017-11-28
pjp
dolog(LOG_INFO, "UDP connection refused on descriptor %u interface \"%s\" from %s (ttl=%d, region=%d) ratelimit policy dropping packet\n", so, cfg->ident[i], address, received_ttl, aregion);
1891
2017-08-09
pjp
goto drop;
1892
2016-07-06
pjp
}
1893
2017-11-28
pjp
1894
2017-11-28
pjp
/* pjp - branch to pledge parser here */
1895
2019-02-24
pjp
imsg_type = IMSG_PARSE_MESSAGE;
1896
2019-02-24
pjp
1897
2019-02-24
pjp
if (imsg_compose(pibuf, imsg_type,
1898
2017-11-28
pjp
0, 0, -1, buf, len) < 0) {
1899
2017-11-28
pjp
dolog(LOG_INFO, "imsg_compose %s\n", strerror(errno));
1900
2017-11-28
pjp
}
1901
2017-11-28
pjp
msgbuf_write(&pibuf->w);
1902
2016-07-06
pjp
1903
2017-11-28
pjp
FD_ZERO(&rset);
1904
2017-11-28
pjp
FD_SET(pibuf->fd, &rset);
1905
2016-07-06
pjp
1906
2017-11-28
pjp
tv.tv_sec = 10;
1907
2017-11-28
pjp
tv.tv_usec = 0;
1908
2016-07-06
pjp
1909
2017-11-28
pjp
sel = select(pibuf->fd + 1, &rset, NULL, NULL, &tv);
1910
2017-11-28
pjp
1911
2017-11-28
pjp
if (sel < 0) {
1912
2017-11-28
pjp
dolog(LOG_ERR, "internal error around select, dropping packet\n");
1913
2017-08-09
pjp
goto drop;
1914
2016-07-06
pjp
}
1915
2016-07-06
pjp
1916
2017-11-28
pjp
if (sel == 0) {
1917
2017-11-28
pjp
dolog(LOG_ERR, "internal error, timeout on parse imsg, drop\n");
1918
2017-08-09
pjp
goto drop;
1919
2017-08-09
pjp
}
1920
2017-12-14
pjp
1921
2017-12-14
pjp
if (FD_ISSET(pibuf->fd, &rset)) {
1922
2017-11-28
pjp
1923
2017-12-14
pjp
if (((n = imsg_read(pibuf)) == -1 && errno != EAGAIN) || n == 0) {
1924
2017-12-14
pjp
dolog(LOG_ERR, "internal error, timeout on parse imsg, drop\n");
1925
2017-12-14
pjp
goto drop;
1926
2017-12-14
pjp
}
1927
2017-11-28
pjp
1928
2017-12-14
pjp
for (;;) {
1929
2017-12-14
pjp
1930
2017-12-14
pjp
if ((n = imsg_get(pibuf, &imsg)) == -1) {
1931
2017-12-14
pjp
break;
1932
2017-12-14
pjp
}
1933
2017-11-28
pjp
1934
2017-12-14
pjp
if (n == 0) {
1935
2017-12-14
pjp
break;
1936
2017-12-14
pjp
}
1937
2017-11-28
pjp
1938
2017-12-14
pjp
datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
1939
2017-11-28
pjp
1940
2017-12-14
pjp
switch (imsg.hdr.type) {
1941
2017-12-14
pjp
case IMSG_PARSEREPLY_MESSAGE:
1942
2017-12-14
pjp
if (datalen != sizeof(struct parsequestion)) {
1943
2017-12-14
pjp
dolog(LOG_ERR, "datalen != sizeof(struct parsequestion), can't work with this, drop\n");
1944
2017-12-14
pjp
goto drop;
1945
2017-12-14
pjp
}
1946
2017-12-14
pjp
1947
2017-12-14
pjp
memcpy((char *)&pq, imsg.data, datalen);
1948
2017-11-28
pjp
1949
2017-12-14
pjp
if (pq.rc != PARSE_RETURN_ACK) {
1950
2017-12-14
pjp
switch (pq.rc) {
1951
2017-12-14
pjp
case PARSE_RETURN_MALFORMED:
1952
2017-12-14
pjp
dolog(LOG_INFO, "on descriptor %u interface \"%s\" malformed question from %s, drop\n", so, cfg->ident[i], address);
1953
2017-12-14
pjp
imsg_free(&imsg);
1954
2017-12-14
pjp
goto drop;
1955
2017-12-14
pjp
case PARSE_RETURN_NOQUESTION:
1956
2017-12-14
pjp
dolog(LOG_INFO, "on descriptor %u interface \"%s\" header from %s has no question, drop\n", so, cfg->ident[i], address);
1957
2017-12-14
pjp
/* format error */
1958
2020-06-29
pjp
build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
1959
2020-07-21
pjp
slen = reply_fmterror(&sreply, &sretlen, NULL);
1960
2017-12-14
pjp
dolog(LOG_INFO, "question on descriptor %d interface \"%s\" from %s, did not have question of 1 replying format error\n", so, cfg->ident[i], address);
1961
2017-12-14
pjp
imsg_free(&imsg);
1962
2017-12-14
pjp
goto drop;
1963
2017-12-14
pjp
case PARSE_RETURN_NOTAQUESTION:
1964
2017-12-14
pjp
dolog(LOG_INFO, "on descriptor %u interface \"%s\" dns header from %s is not a question, drop\n", so, cfg->ident[i], address);
1965
2017-12-14
pjp
imsg_free(&imsg);
1966
2017-12-14
pjp
goto drop;
1967
2017-12-14
pjp
case PARSE_RETURN_NAK:
1968
2017-12-14
pjp
dolog(LOG_INFO, "on descriptor %u interface \"%s\" illegal dns packet length from %s, drop\n", so, cfg->ident[i], address);
1969
2017-12-14
pjp
imsg_free(&imsg);
1970
2017-12-14
pjp
goto drop;
1971
2019-02-24
pjp
case PARSE_RETURN_NOTAUTH:
1972
2019-02-24
pjp
/* we didn't see a tsig header */
1973
2019-02-24
pjp
if (filter && pq.tsig.have_tsig == 0) {
1974
2020-06-29
pjp
build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
1975
2020-07-21
pjp
slen = reply_refused(&sreply, &sretlen, NULL);
1976
2019-02-24
pjp
dolog(LOG_INFO, "UDP connection refused on descriptor %u interface \"%s\" from %s (ttl=%d, region=%d) replying REFUSED, not a tsig\n", so, cfg->ident[i], address, received_ttl, aregion);
1977
2019-02-24
pjp
imsg_free(&imsg);
1978
2019-02-24
pjp
goto drop;
1979
2019-02-24
pjp
}
1980
2017-12-14
pjp
}
1981
2019-02-24
pjp
}
1982
2017-11-28
pjp
1983
2020-07-06
pjp
question = convert_question(&pq, 1);
1984
2017-12-14
pjp
if (question == NULL) {
1985
2017-12-14
pjp
dolog(LOG_INFO, "on descriptor %u interface \"%s\" internal error from %s, drop\n", so, cfg->ident[i], address);
1986
2017-12-14
pjp
imsg_free(&imsg);
1987
2017-12-14
pjp
goto drop;
1988
2017-12-14
pjp
}
1989
2019-02-24
pjp
1990
2017-12-14
pjp
1991
2017-12-14
pjp
1992
2017-12-14
pjp
break;
1993
2017-12-14
pjp
} /* switch */
1994
2017-12-14
pjp
1995
2017-11-28
pjp
imsg_free(&imsg);
1996
2017-12-14
pjp
} /* for (;;) */
1997
2017-12-14
pjp
} else { /* FD_ISSET */
1998
2017-12-14
pjp
goto drop;
1999
2017-12-14
pjp
}
2000
2017-12-14
pjp
2001
2017-12-14
pjp
/* goto drop beyond this point should goto out instead */
2002
2019-10-25
pjp
/* handle notifications */
2003
2019-10-25
pjp
if (question->notify) {
2004
2019-10-25
pjp
if (question->tsig.have_tsig && notifysource(question, (struct sockaddr_storage *)from) &&
2005
2019-10-25
pjp
question->tsig.tsigverified == 1) {
2006
2019-10-25
pjp
dolog(LOG_INFO, "on descriptor %u interface \"%s\" authenticated dns NOTIFY packet from %s, replying NOTIFY\n", so, cfg->ident[i], address);
2007
2019-10-25
pjp
snprintf(replystring, DNS_MAXNAME, "NOTIFY");
2008
2020-06-29
pjp
build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
2009
2020-07-21
pjp
slen = reply_notify(&sreply, &sretlen, NULL);
2010
2019-11-04
pjp
2011
2019-11-04
pjp
/* send notify to replicant process */
2012
2020-06-25
pjp
idata = (pid_t)question->hdr->namelen;
2013
2020-06-25
pjp
imsg_compose(udp_ibuf, IMSG_NOTIFY_MESSAGE,
2014
2019-11-04
pjp
0, 0, -1, question->hdr->name, idata);
2015
2020-06-25
pjp
msgbuf_write(&udp_ibuf->w);
2016
2019-10-25
pjp
goto udpout;
2017
2019-10-25
pjp
2018
2019-10-25
pjp
} else if (question->tsig.have_tsig && question->tsig.tsigerrorcode != 0) {
2019
2019-10-25
pjp
dolog(LOG_INFO, "on descriptor %u interface \"%s\" not authenticated dns NOTIFY packet (code = %d) from %s, replying notauth\n", so, cfg->ident[i], question->tsig.tsigerrorcode, address);
2020
2019-10-25
pjp
snprintf(replystring, DNS_MAXNAME, "NOTAUTH");
2021
2020-06-29
pjp
build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
2022
2020-07-21
pjp
slen = reply_notauth(&sreply, &sretlen, NULL);
2023
2019-10-25
pjp
goto udpout;
2024
2019-10-25
pjp
}
2025
2019-10-25
pjp
2026
2019-10-25
pjp
if (notifysource(question, (struct sockaddr_storage *)from)) {
2027
2019-10-25
pjp
dolog(LOG_INFO, "on descriptor %u interface \"%s\" dns NOTIFY packet from %s, replying NOTIFY\n", so, cfg->ident[i], address);
2028
2019-10-25
pjp
snprintf(replystring, DNS_MAXNAME, "NOTIFY");
2029
2020-06-29
pjp
build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
2030
2020-07-21
pjp
slen = reply_notify(&sreply, &sretlen, NULL);
2031
2019-11-04
pjp
/* send notify to replicant process */
2032
2020-06-25
pjp
idata = (pid_t)question->hdr->namelen;
2033
2020-06-25
pjp
imsg_compose(udp_ibuf, IMSG_NOTIFY_MESSAGE,
2034
2019-11-04
pjp
0, 0, -1, question->hdr->name, idata);
2035
2020-06-25
pjp
msgbuf_write(&udp_ibuf->w);
2036
2019-10-25
pjp
goto udpout;
2037
2019-10-25
pjp
} else {
2038
2019-10-25
pjp
/* RFC 1996 - 3.10 is probably broken reply REFUSED */
2039
2019-10-25
pjp
dolog(LOG_INFO, "on descriptor %u interface \"%s\" dns NOTIFY packet from %s, NOT in our list of MASTER servers replying REFUSED\n", so, cfg->ident[i], address);
2040
2019-10-25
pjp
snprintf(replystring, DNS_MAXNAME, "REFUSED");
2041
2020-06-29
pjp
build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
2042
2020-07-21
pjp
slen = reply_refused(&sreply, &sretlen, NULL);
2043
2019-10-25
pjp
2044
2019-10-25
pjp
goto udpout;
2045
2019-10-25
pjp
}
2046
2019-10-25
pjp
} /* if question->notify */
2047
2019-10-25
pjp
2048
2019-02-24
pjp
if (question->tsig.have_tsig && question->tsig.tsigerrorcode != 0) {
2049
2019-02-24
pjp
dolog(LOG_INFO, "on descriptor %u interface \"%s\" not authenticated dns packet (code = %d) from %s, replying notauth\n", so, cfg->ident[i], question->tsig.tsigerrorcode, address);
2050
2019-02-24
pjp
snprintf(replystring, DNS_MAXNAME, "NOTAUTH");
2051
2020-06-29
pjp
build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
2052
2020-07-21
pjp
slen = reply_notauth(&sreply, &sretlen, NULL);
2053
2019-02-24
pjp
goto udpout;
2054
2019-02-24
pjp
}
2055
2017-08-09
pjp
/* hack around whether we're edns version 0 */
2056
2017-08-09
pjp
if (question->ednsversion != 0) {
2057
2020-06-29
pjp
build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
2058
2020-07-21
pjp
slen = reply_badvers(&sreply, &sretlen, NULL);
2059
2016-07-06
pjp
2060
2019-02-24
pjp
dolog(LOG_INFO, "on TCP descriptor %u interface \"%s\" edns version is %u from %s, replying badvers\n", so, cfg->ident[i], question->ednsversion, address);
2061
2017-08-09
pjp
2062
2017-08-09
pjp
snprintf(replystring, DNS_MAXNAME, "BADVERS");
2063
2017-08-09
pjp
goto udpout;
2064
2016-07-06
pjp
}
2065
2016-07-06
pjp
2066
2019-02-18
pjp
if (ntohs(question->hdr->qclass) == DNS_CLASS_CH &&
2067
2019-02-18
pjp
ntohs(question->hdr->qtype) == DNS_TYPE_TXT &&
2068
2019-02-18
pjp
strcasecmp(question->converted_name, "version.bind.") == 0) {
2069
2019-02-18
pjp
snprintf(replystring, DNS_MAXNAME, "VERSION");
2070
2020-06-29
pjp
build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
2071
2020-07-21
pjp
slen = reply_version(&sreply, &sretlen, NULL);
2072
2019-02-18
pjp
goto udpout;
2073
2019-02-18
pjp
}
2074
2019-02-18
pjp
2075
2016-07-06
pjp
fakequestion = NULL;
2076
2016-07-06
pjp
2077
2020-01-16
pjp
rbt0 = lookup_zone(cfg->db, question, &type0, &lzerrno, (char *)&replystring, sizeof(replystring));
2078
2016-07-06
pjp
if (type0 < 0) {
2079
2016-07-06
pjp
switch (lzerrno) {
2080
2016-07-06
pjp
default:
2081
2016-07-06
pjp
dolog(LOG_INFO, "invalid lzerrno! dropping\n");
2082
2016-07-06
pjp
/* FALLTHROUGH */
2083
2016-07-06
pjp
case ERR_DROP:
2084
2016-07-06
pjp
snprintf(replystring, DNS_MAXNAME, "DROP");
2085
2019-10-25
pjp
slen = 0;
2086
2017-08-09
pjp
goto udpout;
2087
2016-07-06
pjp
case ERR_REFUSED:
2088
2016-07-06
pjp
snprintf(replystring, DNS_MAXNAME, "REFUSED");
2089
2017-08-09
pjp
2090
2020-06-29
pjp
build_reply(&sreply, so, buf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, replybuf);
2091
2020-07-21
pjp
slen = reply_refused(&sreply, &sretlen, NULL);
2092
2017-08-09
pjp
goto udpout;
2093
2016-07-06
pjp
break;
2094
2016-07-06
pjp
case ERR_NXDOMAIN:
2095
2019-02-18
pjp
/*
2096
2019-02-18
pjp
* lookup_zone could not find an RR for the
2097
2019-02-18
pjp
* question at all -> nxdomain
2098
2019-02-18
pjp
*/
2099
2019-02-18
pjp
snprintf(replystring, DNS_MAXNAME, "NXDOMAIN");
2100
2019-02-18
pjp
2101
2019-02-18
pjp
/*
2102
2019-02-18
pjp
* lookup an authoritative soa
2103
2019-02-18
pjp
*/
2104
2019-02-18
pjp
2105
2019-02-18
pjp
if (rbt0 != NULL) {
2106
2019-02-18
pjp
build_reply(&sreply, so, buf, len, question, from, \
2107
2019-02-18
pjp
fromlen, rbt0, NULL, aregion, istcp, \
2108
2020-06-29
pjp
0, replybuf);
2109
2019-02-18
pjp
2110
2020-07-21
pjp
slen = reply_nxdomain(&sreply, &sretlen, cfg->db);
2111
2019-02-18
pjp
}
2112
2019-02-18
pjp
goto udpout;
2113
2019-02-18
pjp
break;
2114
2019-02-18
pjp
2115
2019-02-18
pjp
case ERR_NODATA:
2116
2019-02-18
pjp
if (rbt1) {
2117
2019-02-18
pjp
rbt1 = NULL;
2118
2019-02-18
pjp
}
2119
2019-02-18
pjp
2120
2019-02-18
pjp
rbt1 = get_soa(cfg->db, question);
2121
2019-02-18
pjp
if (rbt1 != NULL) {
2122
2019-02-18
pjp
snprintf(replystring, DNS_MAXNAME, "NODATA");
2123
2020-06-29
pjp
build_reply(&sreply, so, buf, len, question, from, fromlen, rbt1, rbt0, aregion, istcp, 0, replybuf);
2124
2020-07-21
pjp
slen = reply_nodata(&sreply, &sretlen, cfg->db);
2125
2017-01-09
pjp
} else {
2126
2020-07-03
pjp
if (forward)
2127
2020-07-03
pjp
goto forwardudp;
2128
2020-06-29
pjp
build_reply(&sreply, so, buf, len, question, from, fromlen, rbt1, rbt0, aregion, istcp, 0, replybuf);
2129
2020-07-21
pjp
slen = reply_refused(&sreply, &sretlen, cfg->db);
2130
2019-02-24
pjp
snprintf(replystring, DNS_MAXNAME, "REFUSED");
2131
2017-01-09
pjp
}
2132
2019-02-18
pjp
goto udpout;
2133
2019-02-18
pjp
break;
2134
2020-06-30
pjp
2135
2020-06-30
pjp
case ERR_FORWARD:
2136
2020-07-03
pjp
forwardudp:
2137
2020-07-01
pjp
if (forwardtsig) {
2138
2020-07-01
pjp
if (question->tsig.have_tsig &&
2139
2020-07-01
pjp
question->tsig.tsigverified) {
2140
2020-07-01
pjp
snprintf(replystring, DNS_MAXNAME, "FORWARD");
2141
2020-07-01
pjp
} else {
2142
2020-07-01
pjp
snprintf(replystring, DNS_MAXNAME, "REFUSED");
2143
2020-07-01
pjp
build_reply(&sreply, so, buf, len, question, from, fromlen, rbt1, rbt0, aregion, istcp, 0, replybuf);
2144
2020-07-21
pjp
slen = reply_refused(&sreply, &sretlen, cfg->db);
2145
2020-07-01
pjp
goto udpout;
2146
2020-07-01
pjp
}
2147
2020-07-01
pjp
} else
2148
2020-07-01
pjp
snprintf(replystring, DNS_MAXNAME, "FORWARD");
2149
2020-07-01
pjp
2150
2020-06-30
pjp
/* send query to forward process/cortex */
2151
2020-06-30
pjp
2152
2020-06-30
pjp
if (len > 4000) {
2153
2020-06-30
pjp
dolog(LOG_INFO, "question is larger than 4000 bytes, not forwarding\n");
2154
2020-06-30
pjp
goto udpout;
2155
2020-06-30
pjp
}
2156
2020-06-30
pjp
2157
2020-07-03
pjp
memset(sforward, 0, sizeof(struct sforward));
2158
2020-07-03
pjp
sforward->oldsel = oldsel;
2159
2020-07-03
pjp
2160
2020-07-01
pjp
switch (from->sa_family) {
2161
2020-07-01
pjp
case AF_INET:
2162
2020-07-03
pjp
sforward->rport = sin->sin_port;
2163
2020-07-03
pjp
memcpy((char *)&sforward->from4, sin, fromlen);
2164
2020-07-03
pjp
sforward->family = AF_INET;
2165
2020-07-03
pjp
2166
2020-07-01
pjp
break;
2167
2020-07-01
pjp
case AF_INET6:
2168
2020-07-03
pjp
sforward->rport = sin6->sin6_port;
2169
2020-07-03
pjp
memcpy((char *)&sforward->from6, sin6, fromlen);
2170
2020-07-03
pjp
sforward->family = AF_INET6;
2171
2020-07-03
pjp
2172
2020-07-01
pjp
break;
2173
2020-07-01
pjp
}
2174
2020-07-01
pjp
2175
2020-07-16
pjp
memcpy(&sforward->buf, question->hdr->original_name, question->hdr->namelen);
2176
2020-07-03
pjp
sforward->buflen = question->hdr->namelen;
2177
2020-07-03
pjp
2178
2020-07-03
pjp
memcpy((char *)&sforward->header, buf, sizeof(struct dns_header));
2179
2020-07-03
pjp
sforward->type = question->hdr->qtype;
2180
2020-07-03
pjp
sforward->class = question->hdr->qclass;
2181
2020-07-03
pjp
sforward->edns0len = question->edns0len;
2182
2020-07-04
pjp
sforward->dnssecok = question->dnssecok;
2183
2020-06-30
pjp
2184
2020-07-03
pjp
if (question->tsig.have_tsig && question->tsig.tsigverified) {
2185
2020-07-03
pjp
sforward->havemac = 1;
2186
2020-07-03
pjp
memcpy((char *)&sforward->tsigname, question->tsig.tsigkey, question->tsig.tsigkeylen);
2187
2020-07-03
pjp
sforward->tsignamelen = question->tsig.tsigkeylen;
2188
2020-07-03
pjp
memcpy(&sforward->mac, question->tsig.tsigmac, sizeof(sforward->mac));
2189
2020-07-03
pjp
sforward->tsigtimefudge = question->tsig.tsig_timefudge;
2190
2020-07-03
pjp
} else
2191
2020-07-03
pjp
sforward->havemac = 0;
2192
2020-07-01
pjp
2193
2020-07-10
pjp
sforward->gotit = time(NULL);
2194
2020-07-12
pjp
memcpy(&sf.sfi_sf, sforward, sizeof(struct sforward));
2195
2020-07-10
pjp
2196
2020-07-10
pjp
/* wait for lock */
2197
2020-07-12
pjp
while (cfg->shptr[cfg->shptrsize - 16] == '*') {
2198
2020-07-10
pjp
usleep(arc4random() % 300);
2199
2020-07-10
pjp
}
2200
2020-07-10
pjp
2201
2020-07-12
pjp
cfg->shptr[cfg->shptrsize - 16] = '*'; /* nice semaphore eh? */
2202
2020-07-10
pjp
2203
2020-07-12
pjp
for (sfi = (struct sf_imsg *)&cfg->shptr[0], ix = 0;
2204
2020-07-10
pjp
ix < SHAREDMEMSIZE; ix++, sfi++) {
2205
2020-07-12
pjp
if (unpack32((char *)&sfi->u.s.read) == 1) {
2206
2020-07-10
pjp
memcpy(sfi, &sf, sizeof(struct sf_imsg));
2207
2020-07-12
pjp
pack32((char *)&sfi->u.s.read, 0);
2208
2020-07-10
pjp
break;
2209
2020-07-10
pjp
}
2210
2020-07-10
pjp
}
2211
2020-07-10
pjp
2212
2020-07-10
pjp
if (ix == SHAREDMEMSIZE) {
2213
2020-07-10
pjp
dolog(LOG_INFO, "delphinusdnsd udp: can't find an open slot in sharedmemsize\n");
2214
2020-07-10
pjp
goto udpout;
2215
2020-07-10
pjp
}
2216
2020-07-10
pjp
2217
2020-07-12
pjp
cfg->shptr[cfg->shptrsize - 16] = ' ';
2218
2020-07-10
pjp
2219
2020-07-03
pjp
imsg_compose(udp_ibuf, IMSG_FORWARD_UDP,
2220
2020-07-10
pjp
0, 0, -1, &ix, sizeof(int));
2221
2020-07-03
pjp
2222
2020-07-03
pjp
msgbuf_write(&udp_ibuf->w);
2223
2020-06-30
pjp
goto udpout;
2224
2020-06-30
pjp
break;
2225
2020-06-30
pjp
2226
2019-02-18
pjp
case ERR_NOERROR:
2227
2016-07-06
pjp
/*
2228
2019-02-18
pjp
* this is hackish not sure if this should be here
2229
2016-07-06
pjp
*/
2230
2016-07-06
pjp
2231
2019-02-18
pjp
snprintf(replystring, DNS_MAXNAME, "NOERROR");
2232
2019-02-18
pjp
2233
2019-02-18
pjp
/*
2234
2019-02-18
pjp
* lookup an authoritative soa
2235
2016-07-06
pjp
*/
2236
2019-02-18
pjp
2237
2019-02-18
pjp
if (rbt0) {
2238
2019-02-18
pjp
rbt0 = NULL;
2239
2019-02-18
pjp
}
2240
2019-02-18
pjp
2241
2019-02-18
pjp
rbt0 = get_soa(cfg->db, question);
2242
2019-02-15
pjp
if (rbt0 != NULL) {
2243
2019-02-18
pjp
build_reply(&sreply, so, buf, len, question, from, \
2244
2019-02-18
pjp
fromlen, rbt0, NULL, aregion, istcp, 0,
2245
2020-06-29
pjp
replybuf);
2246
2019-02-15
pjp
2247
2020-07-21
pjp
slen = reply_noerror(&sreply, &sretlen, cfg->db);
2248
2019-02-24
pjp
2249
2019-02-24
pjp
goto udpout;
2250
2019-02-18
pjp
}
2251
2019-02-18
pjp
2252
2019-02-24
pjp
snprintf(replystring, DNS_MAXNAME, "DROP");
2253
2019-10-25
pjp
slen = 0;
2254
2019-10-25
pjp
goto udpout;
2255
2019-10-30
pjp
2256
2019-10-30
pjp
case ERR_DELEGATE:
2257
2019-10-30
pjp
if (rbt0 != NULL) {
2258
2019-10-30
pjp
build_reply(&sreply, so, buf, len, question, from, \
2259
2019-10-30
pjp
fromlen, rbt0, NULL, aregion, istcp, \
2260
2020-06-29
pjp
0, replybuf);
2261
2019-10-30
pjp
2262
2020-07-21
pjp
slen = reply_ns(&sreply, &sretlen, cfg->db);
2263
2019-10-30
pjp
} else {
2264
2019-10-30
pjp
slen = 0;
2265
2019-10-30
pjp
snprintf(replystring, DNS_MAXNAME, "DROP");
2266
2019-10-30
pjp
}
2267
2019-10-30
pjp
2268
2019-10-30
pjp
goto udpout;
2269
2019-10-30
pjp
break;
2270
2019-10-30
pjp
2271
2019-02-18
pjp
}
2272
2019-02-18
pjp
}
2273
2019-02-18
pjp
2274
2019-02-18
pjp
switch (type0) {
2275
2016-07-06
pjp
case DNS_TYPE_CNAME:
2276
2019-02-15
pjp
csd = find_rr(rbt0, DNS_TYPE_SOA);
2277
2019-02-15
pjp
if (csd == NULL)
2278
2019-02-15
pjp
break;
2279
2019-02-15
pjp
2280
2019-02-15
pjp
rr_csd = TAILQ_FIRST(&csd->rr_head);
2281
2019-02-15
pjp
if (rr_csd == NULL)
2282
2019-02-15
pjp
break;
2283
2019-02-15
pjp
2284
2019-02-26
pjp
fakequestion = build_fake_question(((struct cname *)rr_csd)->cname, ((struct cname *)rr_csd)->cnamelen, question->hdr->qtype, NULL, 0);
2285
2016-07-06
pjp
if (fakequestion == NULL) {
2286
2016-07-06
pjp
dolog(LOG_INFO, "fakequestion failed\n");
2287
2016-07-06
pjp
break;
2288
2016-07-06
pjp
}
2289
2016-07-06
pjp
2290
2020-01-16
pjp
rbt1 = lookup_zone(cfg->db, fakequestion, &type1, &lzerrno, (char *)&fakereplystring, sizeof(fakereplystring));
2291
2016-07-06
pjp
/* break CNAMES pointing to CNAMES */
2292
2016-07-06
pjp
if (type1 == DNS_TYPE_CNAME)
2293
2016-07-06
pjp
type1 = 0;
2294
2016-07-06
pjp
2295
2016-07-06
pjp
break;
2296
2016-07-06
pjp
default:
2297
2016-07-06
pjp
2298
2016-07-06
pjp
break;
2299
2016-07-06
pjp
}
2300
2016-07-06
pjp
2301
2016-07-06
pjp
/*
2302
2016-07-06
pjp
* Allow CLASS IN, CHAOS and others are
2303
2016-07-06
pjp
* not implemented and so we build a reply for
2304
2016-07-06
pjp
* that and go out.
2305
2016-07-06
pjp
*/
2306
2016-07-06
pjp
2307
2016-07-06
pjp
switch (ntohs(question->hdr->qclass)) {
2308
2016-07-06
pjp
case DNS_CLASS_IN:
2309
2016-07-06
pjp
break;
2310
2016-07-06
pjp
default:
2311
2017-08-09
pjp
build_reply(&sreply, so, buf, len, question, from, \
2312
2017-08-09
pjp
fromlen, NULL, NULL, aregion, istcp, 0, \
2313
2020-06-29
pjp
replybuf);
2314
2016-07-06
pjp
2315
2020-07-21
pjp
slen = reply_notimpl(&sreply, &sretlen, NULL);
2316
2016-07-06
pjp
snprintf(replystring, DNS_MAXNAME, "NOTIMPL");
2317
2017-08-09
pjp
goto udpout;
2318
2016-07-06
pjp
}
2319
2016-07-06
pjp
2320
2019-01-25
pjp
for (rl = &rlogic[0]; rl->rrtype != 0; rl++) {
2321
2019-01-25
pjp
if (rl->rrtype == ntohs(question->hdr->qtype)) {
2322
2019-01-25
pjp
if (rl->type0 == type0) {
2323
2019-01-25
pjp
switch (rl->buildtype) {
2324
2019-01-25
pjp
case BUILD_CNAME:
2325
2019-01-25
pjp
build_reply(&sreply, so, buf, len, question,
2326
2019-02-15
pjp
from, fromlen, rbt0, ((type1 > 0) ? rbt1 :
2327
2020-06-29
pjp
NULL), aregion, istcp, 0, replybuf);
2328
2019-01-25
pjp
break;
2329
2019-01-25
pjp
case BUILD_OTHER:
2330
2019-01-25
pjp
build_reply(&sreply, so, buf, len, question,
2331
2019-02-15
pjp
from, fromlen, rbt0, NULL, aregion, istcp,
2332
2020-06-29
pjp
0, replybuf);
2333
2019-01-25
pjp
break;
2334
2019-01-25
pjp
}
2335
2019-01-25
pjp
} else {
2336
2019-01-25
pjp
continue;
2337
2019-01-25
pjp
}
2338
2019-01-25
pjp
2339
2020-07-21
pjp
slen = (*rl->reply)(&sreply, &sretlen, cfg->db);
2340
2016-07-06
pjp
break;
2341
2019-01-25
pjp
} /* if rl->rrtype == */
2342
2019-01-25
pjp
}
2343
2016-07-06
pjp
2344
2019-01-25
pjp
if (rl->rrtype == 0) {
2345
2017-08-09
pjp
/*
2346
2017-08-09
pjp
* ANY unkown RR TYPE gets a NOTIMPL
2347
2017-08-09
pjp
*/
2348
2017-08-09
pjp
/*
2349
2017-08-09
pjp
* except for delegations
2350
2017-08-09
pjp
*/
2351
2017-08-09
pjp
2352
2017-08-09
pjp
if (type0 == DNS_TYPE_NS) {
2353
2016-07-06
pjp
2354
2017-08-09
pjp
build_reply(&sreply, so, buf, len, question, from, \
2355
2019-02-15
pjp
fromlen, rbt0, NULL, aregion, istcp, 0, \
2356
2020-06-29
pjp
replybuf);
2357
2016-07-06
pjp
2358
2020-07-21
pjp
slen = reply_ns(&sreply, &sretlen, cfg->db);
2359
2017-08-09
pjp
} else {
2360
2016-07-06
pjp
2361
2016-07-06
pjp
2362
2017-08-09
pjp
build_reply(&sreply, so, buf, len, question, from, \
2363
2017-08-09
pjp
fromlen, NULL, NULL, aregion, istcp, 0, \
2364
2020-06-29
pjp
replybuf);
2365
2016-07-06
pjp
2366
2020-07-21
pjp
slen = reply_notimpl(&sreply, &sretlen, NULL);
2367
2017-08-09
pjp
snprintf(replystring, DNS_MAXNAME, "NOTIMPL");
2368
2017-08-09
pjp
}
2369
2017-08-09
pjp
}
2370
2017-08-09
pjp
2371
2017-08-09
pjp
udpout:
2372
2017-08-09
pjp
if (lflag) {
2373
2020-07-25
pjp
double diffms;
2374
2016-07-06
pjp
2375
2020-07-25
pjp
gettimeofday(&rectv1, NULL);
2376
2020-07-25
pjp
if (rectv1.tv_sec - rectv0.tv_sec > 0) {
2377
2020-07-25
pjp
rectv1.tv_usec += 1000000;
2378
2020-07-25
pjp
rectv1.tv_sec--;
2379
2020-07-25
pjp
}
2380
2020-07-25
pjp
diffms = (((double)rectv1.tv_sec - (double)rectv0.tv_sec) \
2381
2020-07-25
pjp
* 1000) + \
2382
2020-07-25
pjp
(double)(rectv1.tv_usec - rectv0.tv_usec) / 1000;
2383
2020-07-25
pjp
2384
2020-07-25
pjp
dolog(LOG_INFO, "request on descriptor %u interface \"%s\" from %s (ttl=%u, region=%d, tta=%2.3fms) for \"%s\" type=%s class=%u, %s%s%sanswering \"%s\" (%d/%d)\n", so, cfg->ident[i], address, received_ttl, aregion, diffms, question->converted_name, get_dns_type(ntohs(question->hdr->qtype), 1), ntohs(question->hdr->qclass), (question->edns0len ? "edns0, " : ""), (question->dnssecok ? "dnssecok, " : ""), (question->tsig.tsigverified ? "tsig, " : "") , replystring, len, slen);
2385
2020-07-25
pjp
2386
2017-08-09
pjp
}
2387
2016-07-06
pjp
2388
2017-08-09
pjp
if (fakequestion != NULL) {
2389
2017-08-09
pjp
free_question(fakequestion);
2390
2017-08-09
pjp
}
2391
2017-08-09
pjp
2392
2017-08-09
pjp
free_question(question);
2393
2016-07-06
pjp
2394
2019-02-15
pjp
if (rbt0) {
2395
2019-02-15
pjp
rbt0 = NULL;
2396
2017-08-09
pjp
}
2397
2019-02-15
pjp
if (rbt1) {
2398
2019-02-15
pjp
rbt1 = NULL;
2399
2017-08-09
pjp
}
2400
2016-07-06
pjp
2401
2017-08-09
pjp
} /* END ISSET */
2402
2016-07-06
pjp
2403
2017-08-09
pjp
} /* for */
2404
2016-07-06
pjp
2405
2017-08-09
pjp
drop:
2406
2017-08-09
pjp
2407
2019-02-15
pjp
if (rbt0) {
2408
2019-02-15
pjp
rbt0 = NULL;
2409
2017-08-09
pjp
}
2410
2016-07-06
pjp
2411
2019-02-15
pjp
if (rbt1) {
2412
2019-02-15
pjp
rbt1 = NULL;
2413
2017-08-09
pjp
}
2414
2016-07-06
pjp
2415
2017-08-09
pjp
continue;
2416
2017-08-09
pjp
} /* for (;;) */
2417
2016-07-06
pjp
2418
2017-08-09
pjp
/* NOTREACHED */
2419
2017-08-09
pjp
}
2420
2016-07-06
pjp
2421
2017-08-09
pjp
/*
2422
2017-08-09
pjp
* BUILD_REPLY - a function that populates struct reply from arguments, doesn't
2423
2017-08-09
pjp
* return anything. This replaces the alias BUILD_REPLY.
2424
2017-08-09
pjp
*
2425
2017-08-09
pjp
*/
2426
2016-07-06
pjp
2427
2017-08-09
pjp
void
2428
2020-06-29
pjp
build_reply(struct sreply *reply, int so, char *buf, int len, struct question *q, struct sockaddr *sa, socklen_t slen, struct rbtree *rbt1, struct rbtree *rbt2, u_int8_t region, int istcp, int deprecated0, char *replybuf)
2429
2017-08-09
pjp
{
2430
2017-08-09
pjp
reply->so = so;
2431
2017-08-09
pjp
reply->buf = buf;
2432
2017-08-09
pjp
reply->len = len;
2433
2017-08-09
pjp
reply->q = q;
2434
2017-08-09
pjp
reply->sa = sa;
2435
2017-08-09
pjp
reply->salen = slen;
2436
2019-02-15
pjp
reply->rbt1 = rbt1;
2437
2019-02-15
pjp
reply->rbt2 = rbt2;
2438
2017-08-09
pjp
reply->region = region;
2439
2017-08-09
pjp
reply->istcp = istcp;
2440
2017-08-09
pjp
reply->wildcard = 0;
2441
2017-08-09
pjp
reply->replybuf = replybuf;
2442
2016-07-06
pjp
2443
2017-08-09
pjp
return;
2444
2017-08-09
pjp
}
2445
2017-08-09
pjp
2446
2016-07-06
pjp
2447
2017-08-09
pjp
/*
2448
2017-08-09
pjp
* The master process, waits to be killed, if any other processes are killed
2449
2017-08-09
pjp
* and they indicate shutdown through the shared memory segment it will kill
2450
2017-08-09
pjp
* the rest of processes in the parent group.
2451
2017-08-09
pjp
*/
2452
2016-07-06
pjp
2453
2017-08-09
pjp
void
2454
2019-01-29
pjp
setup_master(ddDB *db, char **av, char *socketpath, struct imsgbuf *ibuf)
2455
2017-08-09
pjp
{
2456
2017-08-09
pjp
pid_t pid;
2457
2017-08-09
pjp
int sel, max = 0;
2458
2016-07-06
pjp
2459
2017-08-09
pjp
ssize_t n;
2460
2017-08-09
pjp
fd_set rset;
2461
2016-07-06
pjp
2462
2017-08-09
pjp
struct timeval tv;
2463
2017-08-09
pjp
struct imsg imsg;
2464
2016-07-06
pjp
2465
2017-08-09
pjp
#if __OpenBSD__
2466
2019-01-29
pjp
if (unveil(socketpath, "rwc") < 0) {
2467
2018-10-19
pjp
perror("unveil");
2468
2017-08-09
pjp
exit(1);
2469
2017-08-09
pjp
}
2470
2018-10-19
pjp
if (unveil("/usr/local/sbin/delphinusdnsd", "rx") < 0) {
2471
2018-10-19
pjp
perror("unveil");
2472
2017-08-09
pjp
exit(1);
2473
2017-08-09
pjp
}
2474
2018-10-19
pjp
if (pledge("stdio wpath cpath exec proc", NULL) < 0) {
2475
2018-10-19
pjp
perror("pledge");
2476
2017-08-09
pjp
exit(1);
2477
2017-08-09
pjp
}
2478
2018-10-19
pjp
#endif
2479
2017-08-09
pjp
2480
2019-12-19
pjp
#ifndef NO_SETPROCTITLE
2481
2019-01-30
pjp
setproctitle("master");
2482
2019-12-19
pjp
#endif
2483
2018-10-19
pjp
2484
2017-08-09
pjp
pid = getpid();
2485
2016-07-06
pjp
2486
2017-08-09
pjp
signal(SIGTERM, master_shutdown);
2487
2017-08-09
pjp
signal(SIGINT, master_shutdown);
2488
2017-08-09
pjp
signal(SIGQUIT, master_shutdown);
2489
2017-08-09
pjp
signal(SIGHUP, master_reload);
2490
2016-07-06
pjp
2491
2017-08-09
pjp
FD_ZERO(&rset);
2492
2017-08-09
pjp
for (;;) {
2493
2019-01-29
pjp
tv.tv_sec = 1;
2494
2017-08-09
pjp
tv.tv_usec = 0;
2495
2016-07-06
pjp
2496
2017-08-09
pjp
FD_SET(ibuf->fd, &rset);
2497
2017-08-09
pjp
if (ibuf->fd > max)
2498
2017-08-09
pjp
max = ibuf->fd;
2499
2017-08-09
pjp
2500
2017-08-09
pjp
sel = select(max + 1, &rset, NULL, NULL, &tv);
2501
2017-08-09
pjp
/* on signal or timeout check...*/
2502
2017-08-09
pjp
if (sel < 1) {
2503
2017-08-09
pjp
if (*ptr) {
2504
2017-08-09
pjp
dolog(LOG_INFO, "pid %u died, killing delphinusdnsd\n", *ptr);
2505
2017-08-09
pjp
master_shutdown(SIGTERM);
2506
2017-08-09
pjp
}
2507
2016-07-06
pjp
2508
2017-08-09
pjp
if (mshutdown) {
2509
2017-08-09
pjp
dolog(LOG_INFO, "shutting down on signal %d\n", msig);
2510
2019-11-04
pjp
if (! debug)
2511
2019-11-04
pjp
unlink(socketpath);
2512
2016-07-06
pjp
2513
2017-08-09
pjp
pid = getpgrp();
2514
2017-08-09
pjp
killpg(pid, msig);
2515
2016-07-06
pjp
2516
2017-08-09
pjp
exit(0);
2517
2017-08-09
pjp
}
2518
2016-07-06
pjp
2519
2017-08-09
pjp
if (reload) {
2520
2017-08-09
pjp
signal(SIGTERM, SIG_IGN);
2521
2016-07-06
pjp
2522
2017-08-09
pjp
pid = getpgrp();
2523
2017-08-09
pjp
killpg(pid, SIGTERM);
2524
2020-06-25
pjp
if (munmap(ptr, sizeof(pid_t)) < 0) {
2525
2017-08-09
pjp
dolog(LOG_ERR, "munmap: %s\n", strerror(errno));
2526
2017-08-09
pjp
}
2527
2017-08-09
pjp
2528
2019-11-04
pjp
if (! debug)
2529
2019-11-04
pjp
unlink(socketpath);
2530
2016-07-06
pjp
2531
2019-01-29
pjp
dolog(LOG_INFO, "restarting on SIGHUP or command\n");
2532
2016-07-06
pjp
2533
2017-08-09
pjp
closelog();
2534
2019-12-19
pjp
#ifndef NO_SETPROCTITLE
2535
2019-12-07
pjp
#if __linux__
2536
2019-12-07
pjp
setproctitle(NULL);
2537
2019-12-07
pjp
#endif
2538
2019-12-19
pjp
#endif
2539
2017-08-09
pjp
if (execvp("/usr/local/sbin/delphinusdnsd", av) < 0) {
2540
2017-08-09
pjp
dolog(LOG_ERR, "execvp: %s\n", strerror(errno));
2541
2017-08-09
pjp
}
2542
2017-08-09
pjp
/* NOTREACHED */
2543
2017-08-09
pjp
exit(1);
2544
2017-08-09
pjp
}
2545
2017-08-09
pjp
continue;
2546
2017-08-09
pjp
}
2547
2017-08-09
pjp
2548
2017-08-09
pjp
if (FD_ISSET(ibuf->fd, &rset)) {
2549
2016-07-06
pjp
2550
2017-08-09
pjp
if ((n = imsg_read(ibuf)) < 0 && errno != EAGAIN) {
2551
2017-08-09
pjp
dolog(LOG_ERR, "imsg read failure %s\n", strerror(errno));
2552
2017-08-09
pjp
continue;
2553
2017-08-09
pjp
}
2554
2017-08-09
pjp
if (n == 0) {
2555
2017-08-09
pjp
/* child died? */
2556
2020-07-08
pjp
dolog(LOG_INFO, "sigpipe on child? delphinusdnsd master process exiting.\n");
2557
2017-08-09
pjp
exit(1);
2558
2017-08-09
pjp
}
2559
2016-07-06
pjp
2560
2017-08-09
pjp
for (;;) {
2561
2017-08-09
pjp
if ((n = imsg_get(ibuf, &imsg)) < 0) {
2562
2017-08-09
pjp
dolog(LOG_ERR, "imsg read error: %s\n", strerror(errno));
2563
2017-08-09
pjp
break;
2564
2017-08-09
pjp
} else {
2565
2017-08-09
pjp
if (n == 0)
2566
2016-07-06
pjp
break;
2567
2016-07-06
pjp
2568
2017-08-09
pjp
switch(imsg.hdr.type) {
2569
2017-08-09
pjp
case IMSG_HELLO_MESSAGE:
2570
2017-08-09
pjp
/* dolog(LOG_DEBUG, "received hello from child\n"); */
2571
2017-08-09
pjp
break;
2572
2019-01-29
pjp
case IMSG_RELOAD_MESSAGE:
2573
2019-01-29
pjp
reload = 1;
2574
2019-01-29
pjp
break;
2575
2019-01-29
pjp
case IMSG_SHUTDOWN_MESSAGE:
2576
2020-06-25
pjp
#if DEBUG
2577
2020-06-25
pjp
dolog(LOG_INFO, "received shutdown from cortex\n");
2578
2020-06-25
pjp
#endif
2579
2019-01-29
pjp
mshutdown = 1;
2580
2019-01-29
pjp
msig = SIGTERM;
2581
2019-01-29
pjp
break;
2582
2016-07-06
pjp
}
2583
2016-07-06
pjp
2584
2017-08-09
pjp
imsg_free(&imsg);
2585
2017-08-09
pjp
}
2586
2017-08-09
pjp
} /* for (;;) */
2587
2017-08-09
pjp
} /* FD_ISSET... */
2588
2017-08-09
pjp
} /* for (;;) */
2589
2016-07-06
pjp
2590
2017-08-09
pjp
/* NOTREACHED */
2591
2017-08-09
pjp
}
2592
2016-07-06
pjp
2593
2017-08-09
pjp
/*
2594
2017-08-09
pjp
* master_shutdown - unlink pid file and kill parent group
2595
2017-08-09
pjp
*/
2596
2016-07-06
pjp
2597
2017-08-09
pjp
void
2598
2017-08-09
pjp
master_shutdown(int sig)
2599
2017-08-09
pjp
{
2600
2017-08-09
pjp
msig = sig;
2601
2017-08-09
pjp
mshutdown = 1;
2602
2017-08-09
pjp
}
2603
2016-07-06
pjp
2604
2017-08-09
pjp
/*
2605
2020-06-25
pjp
* ddd_signal - delphinusdnsd got a signal, call ddd_shutdown and exit..
2606
2017-08-09
pjp
*/
2607
2016-07-06
pjp
2608
2017-08-09
pjp
void
2609
2020-06-25
pjp
ddd_signal(int sig)
2610
2017-08-09
pjp
{
2611
2020-06-25
pjp
ddd_shutdown();
2612
2017-08-09
pjp
dolog(LOG_INFO, "shutting down on signal\n");
2613
2017-08-09
pjp
exit(1);
2614
2017-08-09
pjp
}
2615
2016-07-06
pjp
2616
2017-08-09
pjp
/*
2617
2017-08-09
pjp
* master_reload - reload the delphinusdnsd system
2618
2017-08-09
pjp
*/
2619
2016-07-06
pjp
2620
2017-08-09
pjp
void
2621
2017-08-09
pjp
master_reload(int sig)
2622
2017-08-09
pjp
{
2623
2017-08-09
pjp
reload = 1;
2624
2017-08-09
pjp
}
2625
2016-07-06
pjp
2626
2017-08-09
pjp
2627
2017-08-09
pjp
/*
2628
2017-08-09
pjp
* TCPLOOP - does the polling of tcp descriptors and if ready receives the
2629
2017-08-09
pjp
* requests, builds the question and calls for replies, loops
2630
2017-08-09
pjp
*
2631
2017-08-09
pjp
*/
2632
2017-03-14
pjp
2633
2017-08-09
pjp
void
2634
2020-07-03
pjp
tcploop(struct cfg *cfg, struct imsgbuf *ibuf, struct imsgbuf *cortex)
2635
2017-08-09
pjp
{
2636
2017-08-09
pjp
fd_set rset;
2637
2017-08-09
pjp
int sel;
2638
2020-01-14
pjp
int len, slen = 0;
2639
2017-08-09
pjp
int is_ipv6;
2640
2017-08-09
pjp
int i;
2641
2017-08-09
pjp
int istcp = 1;
2642
2017-08-09
pjp
int maxso;
2643
2017-08-09
pjp
int so;
2644
2017-08-09
pjp
int type0, type1;
2645
2017-08-09
pjp
int lzerrno;
2646
2017-08-09
pjp
int filter = 0;
2647
2020-07-16
pjp
int blocklist = 1;
2648
2019-02-24
pjp
int require_tsig = 0;
2649
2017-08-09
pjp
int axfr_acl = 0;
2650
2020-06-25
pjp
pid_t idata;
2651
2019-06-17
pjp
uint conncnt = 0;
2652
2019-06-07
pjp
int tcpflags;
2653
2017-11-28
pjp
pid_t pid;
2654
2016-07-06
pjp
2655
2017-08-09
pjp
u_int8_t aregion; /* region where the address comes from */
2656
2016-07-06
pjp
2657
2017-08-09
pjp
char *pbuf;
2658
2017-08-09
pjp
char *replybuf = NULL;
2659
2017-08-09
pjp
char address[INET6_ADDRSTRLEN];
2660
2017-08-09
pjp
char replystring[DNS_MAXNAME + 1];
2661
2017-08-09
pjp
char fakereplystring[DNS_MAXNAME + 1];
2662
2017-08-09
pjp
2663
2017-08-09
pjp
union {
2664
2017-08-09
pjp
struct sockaddr sa;
2665
2017-08-09
pjp
struct sockaddr_in sin;
2666
2017-08-09
pjp
struct sockaddr_in6 sin6;
2667
2017-08-09
pjp
} sockaddr_large;
2668
2017-08-09
pjp
2669
2017-08-09
pjp
socklen_t fromlen = sizeof(sockaddr_large);
2670
2017-08-09
pjp
2671
2017-08-09
pjp
struct sockaddr *from = (void *)&sockaddr_large;
2672
2017-08-09
pjp
struct sockaddr_in *sin;
2673
2017-08-09
pjp
struct sockaddr_in6 *sin6;
2674
2017-08-09
pjp
2675
2017-08-09
pjp
struct question *question = NULL, *fakequestion = NULL;
2676
2019-02-15
pjp
struct rbtree *rbt0 = NULL, *rbt1 = NULL;
2677
2019-02-15
pjp
struct rrset *csd;
2678
2019-02-15
pjp
struct rr *rr_csd;
2679
2020-07-10
pjp
struct sf_imsg sf, *sfi = NULL;
2680
2016-07-06
pjp
2681
2017-08-09
pjp
struct sreply sreply;
2682
2019-01-25
pjp
struct reply_logic *rl = NULL;
2683
2017-08-09
pjp
struct timeval tv = { 10, 0};
2684
2017-11-28
pjp
struct imsgbuf parse_ibuf;
2685
2017-11-28
pjp
struct imsgbuf *pibuf;
2686
2017-11-28
pjp
struct imsg imsg;
2687
2017-11-28
pjp
struct parsequestion pq;
2688
2016-07-06
pjp
2689
2017-11-28
pjp
ssize_t n, datalen;
2690
2019-02-24
pjp
u_int32_t imsg_type;
2691
2017-11-28
pjp
2692
2020-07-03
pjp
struct sforward *sforward;
2693
2020-07-10
pjp
int ix;
2694
2020-07-21
pjp
int sretlen;
2695
2020-07-03
pjp
2696
2020-07-03
pjp
2697
2020-07-03
pjp
sforward = (struct sforward *)calloc(1, sizeof(struct sforward));
2698
2020-07-03
pjp
if (sforward == NULL) {
2699
2020-07-03
pjp
dolog(LOG_ERR, "calloc: %s\n", strerror(errno));
2700
2020-07-03
pjp
ddd_shutdown();
2701
2020-07-03
pjp
exit(1);
2702
2020-07-03
pjp
}
2703
2020-07-03
pjp
2704
2020-06-25
pjp
if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, PF_UNSPEC, &cfg->my_imsg[MY_IMSG_PARSER].imsg_fds[0]) < 0) {
2705
2017-11-28
pjp
dolog(LOG_INFO, "socketpair() failed\n");
2706
2020-06-25
pjp
ddd_shutdown();
2707
2017-11-28
pjp
exit(1);
2708
2017-11-28
pjp
}
2709
2017-11-28
pjp
2710
2017-11-28
pjp
pid = fork();
2711
2017-11-28
pjp
switch (pid) {
2712
2017-11-28
pjp
case -1:
2713
2017-11-28
pjp
dolog(LOG_ERR, "fork(): %s\n", strerror(errno));
2714
2017-11-28
pjp
exit(1);
2715
2017-11-28
pjp
case 0:
2716
2020-07-14
pjp
#ifndef __OpenBSD__
2717
2020-07-14
pjp
/* OpenBSD has minherit() */
2718
2020-07-14
pjp
if (munmap(cfg->shptr, cfg->shptrsize) == -1) {
2719
2020-07-14
pjp
dolog(LOG_INFO, "unmapping shptr failed: %s\n", \
2720
2020-07-14
pjp
strerror(errno));
2721
2020-07-14
pjp
}
2722
2020-07-14
pjp
#endif
2723
2020-07-14
pjp
cfg->shptrsize = 0;
2724
2017-11-28
pjp
for (i = 0; i < cfg->sockcount; i++) {
2725
2017-11-28
pjp
close(cfg->tcp[i]);
2726
2017-11-28
pjp
}
2727
2020-06-25
pjp
close(ibuf->fd);
2728
2020-07-03
pjp
close(cortex->fd);
2729
2017-11-28
pjp
close(cfg->my_imsg[MY_IMSG_PARSER].imsg_fds[1]);
2730
2020-06-25
pjp
imsg_init(&parse_ibuf, cfg->my_imsg[MY_IMSG_PARSER].imsg_fds[0]);
2731
2017-12-26
pjp
setproctitle("tcp parse engine %d", cfg->pid);
2732
2020-06-25
pjp
parseloop(cfg, &parse_ibuf);
2733
2017-11-28
pjp
/* NOTREACHED */
2734
2017-11-28
pjp
exit(1);
2735
2017-11-28
pjp
default:
2736
2017-11-28
pjp
close(cfg->my_imsg[MY_IMSG_PARSER].imsg_fds[0]);
2737
2017-11-28
pjp
imsg_init(&parse_ibuf, cfg->my_imsg[MY_IMSG_PARSER].imsg_fds[1]);
2738
2017-11-28
pjp
pibuf = &parse_ibuf;
2739
2017-11-28
pjp
break;
2740
2017-11-28
pjp
}
2741
2017-11-28
pjp
2742
2017-11-27
pjp
#if __OpenBSD__
2743
2017-11-27
pjp
if (pledge("stdio inet sendfd recvfd", NULL) < 0) {
2744
2017-11-27
pjp
perror("pledge");
2745
2017-11-27
pjp
exit(1);
2746
2017-11-27
pjp
}
2747
2017-11-27
pjp
#endif
2748
2017-11-27
pjp
2749
2017-11-28
pjp
2750
2017-08-09
pjp
replybuf = calloc(1, 65536);
2751
2017-08-09
pjp
if (replybuf == NULL) {
2752
2017-08-09
pjp
dolog(LOG_ERR, "calloc: %s\n", strerror(errno));
2753
2020-06-25
pjp
ddd_shutdown();
2754
2017-08-09
pjp
exit(1);
2755
2017-08-09
pjp
}
2756
2016-07-06
pjp
2757
2016-07-06
pjp
2758
2017-08-09
pjp
/*
2759
2017-08-10
pjp
* listen on descriptors
2760
2017-08-09
pjp
*/
2761
2016-07-06
pjp
2762
2017-08-09
pjp
for (i = 0; i < cfg->sockcount; i++) {
2763
2017-08-09
pjp
listen(cfg->tcp[i], 5);
2764
2017-08-09
pjp
}
2765
2017-08-10
pjp
2766
2017-08-09
pjp
for (;;) {
2767
2017-08-09
pjp
is_ipv6 = 0;
2768
2017-08-09
pjp
maxso = 0;
2769
2016-07-06
pjp
2770
2017-08-09
pjp
FD_ZERO(&rset);
2771
2017-08-09
pjp
for (i = 0; i < cfg->sockcount; i++) {
2772
2017-08-09
pjp
if (maxso < cfg->tcp[i])
2773
2017-08-09
pjp
maxso = cfg->tcp[i];
2774
2017-08-09
pjp
2775
2017-08-09
pjp
FD_SET(cfg->tcp[i], &rset);
2776
2017-08-09
pjp
}
2777
2019-06-07
pjp
2778
2019-06-07
pjp
TAILQ_FOREACH(tcpnp, &tcphead, tcpentries) {
2779
2019-06-07
pjp
if (maxso < tcpnp->so)
2780
2019-06-07
pjp
maxso = tcpnp->so;
2781
2019-06-07
pjp
2782
2019-06-07
pjp
FD_SET(tcpnp->so, &rset);
2783
2019-06-07
pjp
}
2784
2017-08-09
pjp
2785
2019-06-07
pjp
tv.tv_sec = 3;
2786
2017-08-09
pjp
tv.tv_usec = 0;
2787
2016-07-06
pjp
2788
2017-08-09
pjp
sel = select(maxso + 1, &rset, NULL, NULL, &tv);
2789
2016-07-06
pjp
2790
2017-08-09
pjp
if (sel < 0) {
2791
2017-08-09
pjp
dolog(LOG_INFO, "select: %s\n", strerror(errno));
2792
2017-08-09
pjp
continue;
2793
2017-08-09
pjp
}
2794
2016-07-06
pjp
2795
2017-08-09
pjp
if (sel == 0) {
2796
2019-06-07
pjp
TAILQ_FOREACH_SAFE(tcpnp, &tcphead, tcpentries, tcpn1) {
2797
2019-06-07
pjp
if ((tcpnp->last_used + 3) < time(NULL)) {
2798
2019-06-07
pjp
dolog(LOG_INFO, "tcp timeout on interface \"%s\" for address %s\n", cfg->ident[tcpnp->intidx], tcpnp->address);
2799
2019-06-07
pjp
TAILQ_REMOVE(&tcphead, tcpnp, tcpentries);
2800
2019-06-07
pjp
close(tcpnp->so);
2801
2019-06-07
pjp
free(tcpnp->address);
2802
2019-06-07
pjp
free(tcpnp);
2803
2019-06-17
pjp
if (conncnt > 0)
2804
2019-06-07
pjp
conncnt--;
2805
2019-06-07
pjp
}
2806
2019-06-07
pjp
}
2807
2017-08-09
pjp
continue;
2808
2017-08-09
pjp
}
2809
2017-08-09
pjp
2810
2017-08-09
pjp
for (i = 0; i < cfg->sockcount; i++) {
2811
2017-08-09
pjp
if (FD_ISSET(cfg->tcp[i], &rset)) {
2812
2017-08-09
pjp
fromlen = sizeof(sockaddr_large);
2813
2017-08-09
pjp
2814
2017-08-09
pjp
so = accept(cfg->tcp[i], (struct sockaddr*)from, &fromlen);
2815
2017-08-09
pjp
2816
2017-08-09
pjp
if (so < 0) {
2817
2017-08-09
pjp
dolog(LOG_INFO, "tcp accept: %s\n", strerror(errno));
2818
2017-08-09
pjp
continue;
2819
2017-08-09
pjp
}
2820
2017-08-09
pjp
2821
2016-07-06
pjp
if (from->sa_family == AF_INET6) {
2822
2016-07-06
pjp
is_ipv6 = 1;
2823
2016-07-06
pjp
2824
2016-07-06
pjp
fromlen = sizeof(struct sockaddr_in6);
2825
2016-07-06
pjp
sin6 = (struct sockaddr_in6 *)from;
2826
2016-07-06
pjp
inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, (char *)&address, sizeof(address));
2827
2016-07-06
pjp
aregion = find_region((struct sockaddr_storage *)sin6, AF_INET6);
2828
2016-07-06
pjp
filter = find_filter((struct sockaddr_storage *)sin6, AF_INET6);
2829
2020-07-16
pjp
if (passlist) {
2830
2020-07-16
pjp
blocklist = find_passlist((struct sockaddr_storage *)sin6, AF_INET6);
2831
2016-07-06
pjp
}
2832
2017-08-09
pjp
axfr_acl = find_axfr((struct sockaddr_storage *)sin6, AF_INET6);
2833
2019-02-24
pjp
2834
2019-02-24
pjp
require_tsig = 0;
2835
2019-02-24
pjp
if (tsig) {
2836
2019-02-24
pjp
require_tsig = find_tsig((struct sockaddr_storage *)sin6, AF_INET6);
2837
2019-02-24
pjp
}
2838
2016-07-06
pjp
} else if (from->sa_family == AF_INET) {
2839
2016-07-06
pjp
is_ipv6 = 0;
2840
2016-07-06
pjp
2841
2016-07-06
pjp
fromlen = sizeof(struct sockaddr_in);
2842
2016-07-06
pjp
sin = (struct sockaddr_in *)from;
2843
2016-07-06
pjp
inet_ntop(AF_INET, (void *)&sin->sin_addr, (char *)&address, sizeof(address));
2844
2016-07-06
pjp
aregion = find_region((struct sockaddr_storage *)sin, AF_INET);
2845
2016-07-06
pjp
filter = find_filter((struct sockaddr_storage *)sin, AF_INET);
2846
2020-07-16
pjp
if (passlist) {
2847
2020-07-16
pjp
blocklist = find_passlist((struct sockaddr_storage *)sin, AF_INET);
2848
2016-07-06
pjp
}
2849
2017-08-09
pjp
axfr_acl = find_axfr((struct sockaddr_storage *)sin, AF_INET);
2850
2019-02-24
pjp
2851
2019-02-24
pjp
require_tsig = 0;
2852
2019-02-24
pjp
if (tsig) {
2853
2019-02-24
pjp
require_tsig = find_tsig((struct sockaddr_storage *)sin, AF_INET);
2854
2019-02-24
pjp
}
2855
2016-07-06
pjp
} else {
2856
2017-08-09
pjp
dolog(LOG_INFO, "TCP packet received on descriptor %u interface \"%s\" had weird address family (%u), drop\n", so, cfg->ident[i], from->sa_family);
2857
2017-08-09
pjp
close(so);
2858
2017-08-09
pjp
continue;
2859
2016-07-06
pjp
}
2860
2016-07-06
pjp
2861
2017-08-09
pjp
2862
2019-02-24
pjp
if (filter && require_tsig == 0) {
2863
2020-01-01
pjp
dolog(LOG_INFO, "TCP connection refused on descriptor %u interface \"%s\" from %s, filter policy, drop\n", so, cfg->ident[i], address);
2864
2020-01-01
pjp
#if 0
2865
2020-06-29
pjp
build_reply(&sreply, so, pbuf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
2866
2020-07-21
pjp
slen = reply_refused(&sreply, &sretlen, NULL);
2867
2020-01-01
pjp
#endif
2868
2017-08-09
pjp
close(so);
2869
2017-08-09
pjp
continue;
2870
2016-07-06
pjp
}
2871
2016-07-06
pjp
2872
2020-07-16
pjp
if (passlist && blocklist == 0) {
2873
2020-07-16
pjp
dolog(LOG_INFO, "TCP connection refused on descriptor %u interface \"%s\" from %s, passlist policy\n", so, cfg->ident[i], address);
2874
2017-08-09
pjp
close(so);
2875
2017-08-09
pjp
continue;
2876
2017-08-09
pjp
}
2877
2016-07-06
pjp
2878
2019-06-07
pjp
if (conncnt >= 64) {
2879
2019-06-07
pjp
dolog(LOG_INFO, "TCP connection refused on descriptor %u interface \"%s\" from %s, too many TCP connections", so
2880
2019-06-07
pjp
, cfg->ident[i], address);
2881
2017-08-09
pjp
close(so);
2882
2017-08-09
pjp
continue;
2883
2017-08-10
pjp
}
2884
2016-07-06
pjp
2885
2019-06-07
pjp
if ((tcpflags = fcntl(so, F_GETFL, 0)) < 0) {
2886
2019-06-07
pjp
dolog(LOG_INFO, "tcp fcntl can't query fcntl flags\n");
2887
2017-09-05
pjp
close(so);
2888
2017-09-05
pjp
continue;
2889
2019-06-07
pjp
}
2890
2019-06-07
pjp
2891
2019-06-07
pjp
tcpflags |= O_NONBLOCK;
2892
2019-12-06
pjp
if (fcntl(so, F_SETFL, tcpflags) < 0) {
2893
2019-06-07
pjp
dolog(LOG_INFO, "tcp fcntl can't set nonblocking\n");
2894
2017-09-05
pjp
close(so);
2895
2017-09-05
pjp
continue;
2896
2017-09-05
pjp
}
2897
2019-06-07
pjp
2898
2019-06-07
pjp
tcpn1 = malloc(sizeof(struct tcpentry));
2899
2019-06-07
pjp
if (tcpn1 == NULL) {
2900
2019-06-07
pjp
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
2901
2017-09-05
pjp
close(so);
2902
2017-09-05
pjp
continue;
2903
2017-09-05
pjp
}
2904
2019-06-07
pjp
tcpn1->bytes_read = 0;
2905
2019-06-07
pjp
tcpn1->bytes_expected = 0;
2906
2019-12-26
pjp
tcpn1->bytes_limit = 0;
2907
2019-12-26
pjp
tcpn1->seen = 0;
2908
2019-06-07
pjp
tcpn1->so = so;
2909
2019-06-07
pjp
tcpn1->last_used = time(NULL);
2910
2019-06-07
pjp
tcpn1->intidx = i;
2911
2019-06-07
pjp
tcpn1->address = strdup(address);
2912
2019-06-07
pjp
2913
2019-06-07
pjp
TAILQ_INSERT_TAIL(&tcphead, tcpn1, tcpentries);
2914
2019-06-07
pjp
conncnt++;
2915
2017-09-05
pjp
2916
2019-06-07
pjp
} /* FD_ISSET */
2917
2019-06-07
pjp
}
2918
2019-06-07
pjp
2919
2019-06-07
pjp
TAILQ_FOREACH_SAFE(tcpnp, &tcphead, tcpentries, tcpn1) {
2920
2019-06-07
pjp
if (FD_ISSET(tcpnp->so, &rset)) {
2921
2019-06-07
pjp
2922
2019-06-07
pjp
if (tcpnp->bytes_read < 2)
2923
2019-06-07
pjp
len = recv(tcpnp->so, &tcpnp->buf[tcpnp->bytes_read], 2, 0);
2924
2019-06-07
pjp
else
2925
2019-06-07
pjp
len = recv(tcpnp->so, &tcpnp->buf[tcpnp->bytes_read], tcpnp->bytes_expected, 0);
2926
2019-06-07
pjp
2927
2019-06-07
pjp
if (len <= 0) {
2928
2017-08-10
pjp
if (errno == EWOULDBLOCK) {
2929
2019-06-07
pjp
continue;
2930
2017-08-10
pjp
}
2931
2019-06-07
pjp
TAILQ_REMOVE(&tcphead, tcpnp, tcpentries);
2932
2019-06-07
pjp
close(tcpnp->so);
2933
2019-06-07
pjp
free(tcpnp->address);
2934
2019-06-07
pjp
free(tcpnp);
2935
2019-06-17
pjp
if (conncnt > 0)
2936
2019-06-17
pjp
conncnt--;
2937
2017-08-10
pjp
continue;
2938
2017-08-10
pjp
} /* if len */
2939
2019-06-07
pjp
2940
2019-06-07
pjp
tcpnp->bytes_read += len;
2941
2019-12-26
pjp
tcpnp->bytes_expected -= len;
2942
2019-12-26
pjp
2943
2019-12-26
pjp
if (tcpnp->bytes_expected < 0)
2944
2019-12-26
pjp
tcpnp->bytes_expected = 0;
2945
2019-12-26
pjp
2946
2019-12-26
pjp
if (tcpnp->seen == 0 && tcpnp->bytes_read >= 2) {
2947
2020-01-14
pjp
uint16_t u16tmp;
2948
2020-01-14
pjp
2949
2020-01-14
pjp
u16tmp = unpack16(&tcpnp->buf[0]);
2950
2020-01-14
pjp
tcpnp->bytes_expected = ntohs(u16tmp);
2951
2019-12-26
pjp
tcpnp->bytes_limit = tcpnp->bytes_expected;
2952
2019-12-26
pjp
tcpnp->seen = 1;
2953
2020-01-01
pjp
}
2954
2019-12-26
pjp
2955
2020-01-01
pjp
/*
2956
2020-01-01
pjp
* disallow continuing if we only have the
2957
2020-01-01
pjp
* length and nothing else
2958
2020-01-01
pjp
*/
2959
2020-01-01
pjp
2960
2020-01-01
pjp
if (tcpnp->bytes_read <= 2)
2961
2020-01-01
pjp
continue;
2962
2020-01-01
pjp
2963
2019-12-26
pjp
if ((tcpnp->bytes_read - 2) != tcpnp->bytes_limit)
2964
2019-06-07
pjp
continue;
2965
2017-08-10
pjp
2966
2019-06-07
pjp
len = tcpnp->bytes_read - 2;
2967
2019-06-07
pjp
pbuf = &tcpnp->buf[2];
2968
2019-06-07
pjp
so = tcpnp->so;
2969
2017-08-10
pjp
2970
2017-08-09
pjp
if (len > DNS_MAXUDP || len < sizeof(struct dns_header)){
2971
2019-06-07
pjp
dolog(LOG_INFO, "TCP packet on descriptor %u interface \"%s\" illegal dns packet length from %s, drop\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
2972
2019-06-07
pjp
2973
2016-07-06
pjp
goto drop;
2974
2016-07-06
pjp
}
2975
2016-07-06
pjp
2976
2019-06-07
pjp
imsg_type = IMSG_PARSE_MESSAGE;
2977
2019-02-24
pjp
if (imsg_compose(pibuf, imsg_type,
2978
2017-11-28
pjp
0, 0, -1, pbuf, len) < 0) {
2979
2017-11-28
pjp
dolog(LOG_INFO, "imsg_compose %s\n", strerror(errno));
2980
2017-08-09
pjp
}
2981
2017-11-28
pjp
msgbuf_write(&pibuf->w);
2982
2016-07-06
pjp
2983
2017-11-28
pjp
FD_ZERO(&rset);
2984
2017-11-28
pjp
FD_SET(pibuf->fd, &rset);
2985
2016-07-06
pjp
2986
2017-11-28
pjp
tv.tv_sec = 10;
2987
2017-11-28
pjp
tv.tv_usec = 0;
2988
2017-08-09
pjp
2989
2017-11-28
pjp
sel = select(pibuf->fd + 1, &rset, NULL, NULL, &tv);
2990
2017-08-09
pjp
2991
2017-11-28
pjp
if (sel < 0) {
2992
2017-11-28
pjp
dolog(LOG_ERR, "tcploop internal error around select, dropping packet\n");
2993
2016-07-06
pjp
goto drop;
2994
2016-07-06
pjp
}
2995
2017-11-28
pjp
2996
2017-11-28
pjp
if (sel == 0) {
2997
2017-11-28
pjp
dolog(LOG_ERR, "tcploop internal error, timeout on parse imsg, drop\n");
2998
2016-07-06
pjp
goto drop;
2999
2016-07-06
pjp
}
3000
2017-11-28
pjp
3001
2017-11-28
pjp
if (((n = imsg_read(pibuf)) == -1 && errno != EAGAIN) || n == 0) {
3002
2017-11-28
pjp
dolog(LOG_ERR, "tcploop internal error, timeout on parse imsg, drop\n");
3003
2017-11-28
pjp
goto drop;
3004
2017-11-28
pjp
}
3005
2017-11-28
pjp
3006
2017-11-28
pjp
for (;;) {
3007
2017-11-28
pjp
3008
2017-11-28
pjp
if ((n = imsg_get(pibuf, &imsg)) == -1) {
3009
2017-11-28
pjp
break;
3010
2017-11-28
pjp
}
3011
2017-11-28
pjp
3012
2017-11-28
pjp
if (n == 0) {
3013
2017-11-28
pjp
break;
3014
2017-11-28
pjp
}
3015
2017-11-28
pjp
3016
2017-11-28
pjp
datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
3017
2017-11-28
pjp
3018
2017-11-28
pjp
switch (imsg.hdr.type) {
3019
2017-11-28
pjp
case IMSG_PARSEREPLY_MESSAGE:
3020
2017-11-28
pjp
if (datalen != sizeof(struct parsequestion)) {
3021
2017-11-28
pjp
dolog(LOG_ERR, "tcploop datalen != sizeof(struct parsequestion), can't work with this, drop\n");
3022
2017-11-28
pjp
imsg_free(&imsg);
3023
2017-11-28
pjp
goto drop;
3024
2017-11-28
pjp
}
3025
2017-11-28
pjp
3026
2017-11-28
pjp
memcpy((char *)&pq, imsg.data, datalen);
3027
2017-11-28
pjp
3028
2017-11-28
pjp
if (pq.rc != PARSE_RETURN_ACK) {
3029
2017-11-28
pjp
switch (pq.rc) {
3030
2017-11-28
pjp
case PARSE_RETURN_MALFORMED:
3031
2019-06-07
pjp
dolog(LOG_INFO, "TCP packet on descriptor %u interface \"%s\" malformed question from %s, drop\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
3032
2017-11-28
pjp
imsg_free(&imsg);
3033
2017-11-28
pjp
goto drop;
3034
2017-11-28
pjp
case PARSE_RETURN_NOQUESTION:
3035
2019-06-07
pjp
dolog(LOG_INFO, "TCP packet on descriptor %u interface \"%s\" header from %s has no question, drop\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
3036
2017-11-28
pjp
/* format error */
3037
2020-06-29
pjp
build_reply(&sreply, so, pbuf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
3038
2020-07-21
pjp
slen = reply_fmterror(&sreply, &sretlen, NULL);
3039
2019-06-07
pjp
dolog(LOG_INFO, "TCP question on descriptor %d interface \"%s\" from %s, did not have question of 1 replying format error\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
3040
2017-11-28
pjp
imsg_free(&imsg);
3041
2017-11-28
pjp
goto drop;
3042
2017-11-28
pjp
case PARSE_RETURN_NOTAQUESTION:
3043
2019-06-07
pjp
dolog(LOG_INFO, "TCP packet on descriptor %u interface \"%s\" dns header from %s is not a question, drop\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
3044
2017-11-28
pjp
imsg_free(&imsg);
3045
2017-11-28
pjp
goto drop;
3046
2017-11-28
pjp
case PARSE_RETURN_NAK:
3047
2019-06-07
pjp
dolog(LOG_INFO, "TCP packet on descriptor %u interface \"%s\" illegal dns packet length from %s, drop\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
3048
2017-11-28
pjp
imsg_free(&imsg);
3049
2017-11-28
pjp
goto drop;
3050
2019-02-24
pjp
case PARSE_RETURN_NOTAUTH:
3051
2019-02-24
pjp
if (filter && pq.tsig.have_tsig == 0) {
3052
2020-06-29
pjp
build_reply(&sreply, so, pbuf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
3053
2020-07-21
pjp
slen = reply_refused(&sreply, &sretlen, NULL);
3054
2019-06-07
pjp
dolog(LOG_INFO, "TCP connection refused on descriptor %u interface \"%s\" from %s (ttl=TCP, region=%d) replying REFUSED, not a tsig\n", so, cfg->ident[tcpnp->intidx], tcpnp->address, aregion);
3055
2019-02-24
pjp
imsg_free(&imsg);
3056
2019-02-24
pjp
goto drop;
3057
2019-02-24
pjp
}
3058
2017-11-28
pjp
}
3059
2017-11-28
pjp
}
3060
2017-11-28
pjp
3061
2020-07-06
pjp
question = convert_question(&pq, 1);
3062
2017-11-28
pjp
if (question == NULL) {
3063
2019-06-07
pjp
dolog(LOG_INFO, "TCP packet on descriptor %u interface \"%s\" internal error from %s, drop\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
3064
2017-11-28
pjp
imsg_free(&imsg);
3065
2017-11-28
pjp
goto drop;
3066
2017-11-28
pjp
}
3067
2017-11-28
pjp
3068
2017-11-28
pjp
3069
2017-11-28
pjp
break;
3070
2017-11-28
pjp
} /* switch */
3071
2017-11-28
pjp
3072
2017-11-28
pjp
imsg_free(&imsg);
3073
2017-11-28
pjp
} /* for (;;) */
3074
2017-11-28
pjp
3075
2016-07-06
pjp
/* goto drop beyond this point should goto out instead */
3076
2017-08-09
pjp
fakequestion = NULL;
3077
2019-10-25
pjp
/* handle tcp notifications , XXX not tested */
3078
2019-10-25
pjp
if (question->notify) {
3079
2019-10-25
pjp
if (question->tsig.have_tsig && notifysource(question, (struct sockaddr_storage *)from) &&
3080
2019-10-25
pjp
question->tsig.tsigverified == 1) {
3081
2019-10-25
pjp
dolog(LOG_INFO, "on TCP descriptor %u interface \"%s\" authenticated dns NOTIFY packet from %s, replying NOTIFY\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
3082
2019-10-25
pjp
snprintf(replystring, DNS_MAXNAME, "NOTIFY");
3083
2020-06-29
pjp
build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
3084
2020-07-21
pjp
slen = reply_notify(&sreply, &sretlen, NULL);
3085
2019-11-04
pjp
/* send notify to replicant process */
3086
2020-06-25
pjp
idata = (pid_t)question->hdr->namelen;
3087
2020-06-25
pjp
imsg_compose(ibuf, IMSG_NOTIFY_MESSAGE,
3088
2019-11-04
pjp
0, 0, -1, question->hdr->name, idata);
3089
2020-06-25
pjp
msgbuf_write(&ibuf->w);
3090
2019-10-25
pjp
goto tcpout;
3091
2019-10-25
pjp
3092
2019-10-25
pjp
} else if (question->tsig.have_tsig && question->tsig.tsigerrorcode != 0) {
3093
2019-10-25
pjp
dolog(LOG_INFO, "on TCP descriptor %u interface \"%s\" not authenticated dns NOTIFY packet (code = %d) from %s, replying notauth\n", so, cfg->ident[tcpnp->intidx], question->tsig.tsigerrorcode, tcpnp->address);
3094
2019-10-25
pjp
snprintf(replystring, DNS_MAXNAME, "NOTAUTH");
3095
2020-06-29
pjp
build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
3096
2020-07-21
pjp
slen = reply_notauth(&sreply, &sretlen, NULL);
3097
2019-10-25
pjp
goto tcpout;
3098
2019-10-25
pjp
}
3099
2016-07-06
pjp
3100
2019-10-25
pjp
if (notifysource(question, (struct sockaddr_storage *)from)) {
3101
2019-10-25
pjp
dolog(LOG_INFO, "on TCP descriptor %u interface \"%s\" dns NOTIFY packet from %s, replying NOTIFY\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
3102
2019-10-25
pjp
snprintf(replystring, DNS_MAXNAME, "NOTIFY");
3103
2020-06-29
pjp
build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
3104
2020-07-21
pjp
slen = reply_notify(&sreply, &sretlen, NULL);
3105
2019-11-04
pjp
/* send notify to replicant process */
3106
2020-06-25
pjp
idata = (pid_t)question->hdr->namelen;
3107
2020-06-25
pjp
imsg_compose(ibuf, IMSG_NOTIFY_MESSAGE,
3108
2019-11-04
pjp
0, 0, -1, question->hdr->name, idata);
3109
2020-06-25
pjp
msgbuf_write(&ibuf->w);
3110
2019-10-25
pjp
goto tcpout;
3111
2019-10-25
pjp
} else {
3112
2019-10-25
pjp
/* RFC 1996 - 3.10 is probably broken, replying REFUSED */
3113
2019-10-25
pjp
dolog(LOG_INFO, "on TCP descriptor %u interface \"%s\" dns NOTIFY packet from %s, NOT in our list of MASTER servers replying REFUSED\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
3114
2019-10-25
pjp
snprintf(replystring, DNS_MAXNAME, "REFUSED");
3115