"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/forward.c" between
dnsmasq-2.84.tar.xz and dnsmasq-2.85.tar.xz

About: Dnsmasq is a lightweight caching DNS forwarder and DHCP server.

forward.c  (dnsmasq-2.84.tar.xz):forward.c  (dnsmasq-2.85.tar.xz)
skipping to change at line 19 skipping to change at line 19
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include "dnsmasq.h" #include "dnsmasq.h"
static struct frec *lookup_frec(unsigned short id, int fd, int family, void *has static struct frec *lookup_frec(unsigned short id, int fd, void *hash);
h);
static struct frec *lookup_frec_by_sender(unsigned short id,
union mysockaddr *addr,
void *hash);
static struct frec *lookup_frec_by_query(void *hash, unsigned int flags); static struct frec *lookup_frec_by_query(void *hash, unsigned int flags);
static unsigned short get_id(void); static unsigned short get_id(void);
static void free_frec(struct frec *f); static void free_frec(struct frec *f);
static void query_full(time_t now);
/* Send a UDP packet with its source address set as "source" /* Send a UDP packet with its source address set as "source"
unless nowild is true, when we just send it with the kernel default */ unless nowild is true, when we just send it with the kernel default */
int send_from(int fd, int nowild, char *packet, size_t len, int send_from(int fd, int nowild, char *packet, size_t len,
union mysockaddr *to, union all_addr *source, union mysockaddr *to, union all_addr *source,
unsigned int iface) unsigned int iface)
{ {
struct msghdr msg; struct msghdr msg;
struct iovec iov[1]; struct iovec iov[1];
union { union {
skipping to change at line 251 skipping to change at line 249
} }
} }
else if ((*type) & SERV_USE_RESOLV) else if ((*type) & SERV_USE_RESOLV)
{ {
*type = 0; /* use normal servers for this domain */ *type = 0; /* use normal servers for this domain */
*domain = NULL; *domain = NULL;
} }
return flags; return flags;
} }
#ifdef HAVE_CONNTRACK
static void set_outgoing_mark(struct frec *forward, int fd)
{
/* Copy connection mark of incoming query to outgoing connection. */
unsigned int mark;
if (get_incoming_mark(&forward->frec_src.source, &forward->frec_src.dest, 0, &
mark))
setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
}
#endif
static void log_query_mysockaddr(unsigned int flags, char *name, union mysockadd
r *addr, char *arg)
{
if (addr->sa.sa_family == AF_INET)
log_query(flags | F_IPV4, name, (union all_addr *)&addr->in.sin_addr, arg);
else
log_query(flags | F_IPV6, name, (union all_addr *)&addr->in6.sin6_addr, arg)
;
}
static void server_send(struct server *server, int fd,
const void *header, size_t plen, int flags)
{
while (retry_send(sendto(fd, header, plen, flags,
&server->addr.sa,
sa_len(&server->addr))));
}
#ifdef HAVE_DNSSEC
static void server_send_log(struct server *server, int fd,
const void *header, size_t plen, int dumpflags,
unsigned int logflags, char *name, char *arg)
{
#ifdef HAVE_DUMPFILE
dump_packet(dumpflags, (void *)header, (size_t)plen, NULL, &server->add
r);
#endif
log_query_mysockaddr(logflags, name, &server->addr, arg);
server_send(server, fd, header, plen, 0);
}
#endif
static int server_test_type(const struct server *server,
const char *domain, int type, int extratype)
{
return (type == (server->flags & (SERV_TYPE | extratype)) &&
(type != SERV_HAS_DOMAIN || hostname_isequal(domain, server->domain)) &&
!(server->flags & (SERV_LITERAL_ADDRESS | SERV_LOOP)));
}
static int forward_query(int udpfd, union mysockaddr *udpaddr, static int forward_query(int udpfd, union mysockaddr *udpaddr,
union all_addr *dst_addr, unsigned int dst_iface, union all_addr *dst_addr, unsigned int dst_iface,
struct dns_header *header, size_t plen, time_t now, struct dns_header *header, size_t plen, time_t now,
struct frec *forward, int ad_reqd, int do_bit) struct frec *forward, int ad_reqd, int do_bit)
{ {
char *domain = NULL; char *domain = NULL;
int type = SERV_DO_DNSSEC, norebind = 0; int type = SERV_DO_DNSSEC, norebind = 0;
union all_addr *addrp = NULL; union all_addr *addrp = NULL;
unsigned int flags = 0; unsigned int flags = 0;
unsigned int fwd_flags = 0; unsigned int fwd_flags = 0;
struct server *start = NULL; struct server *start = NULL;
void *hash = hash_questions(header, plen, daemon->namebuff); void *hash = hash_questions(header, plen, daemon->namebuff);
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
int do_dnssec = 0; int do_dnssec = 0;
#endif #endif
unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL); unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
unsigned char *oph = find_pseudoheader(header, plen, NULL, NULL, NULL, NULL); unsigned char *oph = find_pseudoheader(header, plen, NULL, NULL, NULL, NULL);
int old_src = 0;
(void)do_bit; (void)do_bit;
if (header->hb4 & HB4_CD) if (header->hb4 & HB4_CD)
fwd_flags |= FREC_CHECKING_DISABLED; fwd_flags |= FREC_CHECKING_DISABLED;
if (ad_reqd) if (ad_reqd)
fwd_flags |= FREC_AD_QUESTION; fwd_flags |= FREC_AD_QUESTION;
if (oph) if (oph)
fwd_flags |= FREC_HAS_PHEADER; fwd_flags |= FREC_HAS_PHEADER;
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
if (do_bit) if (do_bit)
fwd_flags |= FREC_DO_QUESTION; fwd_flags |= FREC_DO_QUESTION;
#endif #endif
/* may be no servers available. */ /* Check for retry on existing query */
if (forward || (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, ha if (forward)
sh))) old_src = 1;
else if ((forward = lookup_frec_by_query(hash, fwd_flags)))
{
struct frec_src *src;
for (src = &forward->frec_src; src; src = src->next)
if (src->orig_id == ntohs(header->id) &&
sockaddr_isequal(&src->source, udpaddr))
break;
if (src)
old_src = 1;
else
{
/* Existing query, but from new source, just add this
client to the list that will get the reply.*/
/* Note whine_malloc() zeros memory. */
if (!daemon->free_frec_src &&
daemon->frec_src_count < daemon->ftabsize &&
(daemon->free_frec_src = whine_malloc(sizeof(struct frec_src))))
{
daemon->frec_src_count++;
daemon->free_frec_src->next = NULL;
}
/* If we've been spammed with many duplicates, return REFUSED. */
if (!daemon->free_frec_src)
{
query_full(now);
goto frec_err;
}
src = daemon->free_frec_src;
daemon->free_frec_src = src->next;
src->next = forward->frec_src.next;
forward->frec_src.next = src;
src->orig_id = ntohs(header->id);
src->source = *udpaddr;
src->dest = *dst_addr;
src->log_id = daemon->log_id;
src->iface = dst_iface;
src->fd = udpfd;
/* closely spaced identical queries cannot be a try and a retry, so
it's safe to wait for the reply from the first without
forwarding the second. */
if (difftime(now, forward->time) < 2)
return 0;
}
}
/* retry existing query */
if (forward)
{ {
/* If we didn't get an answer advertising a maximal packet in EDNS, /* If we didn't get an answer advertising a maximal packet in EDNS,
fall back to 1280, which should work everywhere on IPv6. fall back to 1280, which should work everywhere on IPv6.
If that generates an answer, it will become the new default If that generates an answer, it will become the new default
for this server */ for this server */
forward->flags |= FREC_TEST_PKTSZ; forward->flags |= FREC_TEST_PKTSZ;
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
/* If we've already got an answer to this query, but we're awaiting keys f or validation, /* If we've already got an answer to this query, but we're awaiting keys f or validation,
there's no point retrying the query, retry the key query instead...... * / there's no point retrying the query, retry the key query instead...... * /
skipping to change at line 310 skipping to change at line 411
while (forward->blocking_query) while (forward->blocking_query)
forward = forward->blocking_query; forward = forward->blocking_query;
blockdata_retrieve(forward->stash, forward->stash_len, (void *)header); blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
plen = forward->stash_len; plen = forward->stash_len;
forward->flags |= FREC_TEST_PKTSZ; forward->flags |= FREC_TEST_PKTSZ;
if (find_pseudoheader(header, plen, NULL, &pheader, &is_sign, NULL) && !is_sign) if (find_pseudoheader(header, plen, NULL, &pheader, &is_sign, NULL) && !is_sign)
PUTSHORT(SAFE_PKTSZ, pheader); PUTSHORT(SAFE_PKTSZ, pheader);
if (forward->sentto->addr.sa.sa_family == AF_INET) if ((fd = allocate_rfd(&forward->rfds, forward->sentto)) != -1)
log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (union all_addr *)& server_send_log(forward->sentto, fd, header, plen,
forward->sentto->addr.in.sin_addr, "dnssec"); DUMP_SEC_QUERY,
else F_NOEXTRA | F_DNSSEC, "retry", "dnssec");
log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (union all_addr *)&
forward->sentto->addr.in6.sin6_addr, "dnssec");
if (forward->sentto->sfd)
fd = forward->sentto->sfd->fd;
else
{
if (forward->sentto->addr.sa.sa_family == AF_INET6)
fd = forward->rfd6->fd;
else
fd = forward->rfd4->fd;
}
while (retry_send(sendto(fd, (char *)header, plen, 0,
&forward->sentto->addr.sa,
sa_len(&forward->sentto->addr))));
return 1; return 1;
} }
#endif #endif
/* retry on existing query, send to all available servers */ /* retry on existing query, from original source. Send to all available se rvers */
domain = forward->sentto->domain; domain = forward->sentto->domain;
forward->sentto->failed_queries++; forward->sentto->failed_queries++;
if (!option_bool(OPT_ORDER)) if (!option_bool(OPT_ORDER) && old_src)
{ {
forward->forwardall = 1; forward->forwardall = 1;
daemon->last_server = NULL; daemon->last_server = NULL;
} }
type = forward->sentto->flags & SERV_TYPE; type = forward->sentto->flags & SERV_TYPE;
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
do_dnssec = forward->sentto->flags & SERV_DO_DNSSEC; do_dnssec = forward->sentto->flags & SERV_DO_DNSSEC;
#endif #endif
if (!(start = forward->sentto->next)) if (!(start = forward->sentto->next))
start = daemon->servers; /* at end of list, recycle */ start = daemon->servers; /* at end of list, recycle */
header->id = htons(forward->new_id); header->id = htons(forward->new_id);
} }
else else
{ {
/* Query from new source, but the same query may be in progress /* new query */
from another source. If so, just add this client to the
list that will get the reply.*/
if (!option_bool(OPT_ADD_MAC) && !option_bool(OPT_MAC_B64) &&
(forward = lookup_frec_by_query(hash, fwd_flags)))
{
/* Note whine_malloc() zeros memory. */
if (!daemon->free_frec_src &&
daemon->frec_src_count < daemon->ftabsize &&
(daemon->free_frec_src = whine_malloc(sizeof(struct frec_src))))
{
daemon->frec_src_count++;
daemon->free_frec_src->next = NULL;
}
/* If we've been spammed with many duplicates, just drop the query. */
if (daemon->free_frec_src)
{
struct frec_src *new = daemon->free_frec_src;
daemon->free_frec_src = new->next;
new->next = forward->frec_src.next;
forward->frec_src.next = new;
new->orig_id = ntohs(header->id);
new->source = *udpaddr;
new->dest = *dst_addr;
new->log_id = daemon->log_id;
new->iface = dst_iface;
new->fd = udpfd;
}
return 1;
}
if (gotname) if (gotname)
flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &do main, &norebind); flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &do main, &norebind);
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
do_dnssec = type & SERV_DO_DNSSEC; do_dnssec = type & SERV_DO_DNSSEC;
#endif #endif
type &= ~SERV_DO_DNSSEC; type &= ~SERV_DO_DNSSEC;
/* may be no servers available. */
if (daemon->servers && !flags) if (daemon->servers && !flags)
forward = get_new_frec(now, NULL, NULL); forward = get_new_frec(now, NULL, NULL);
/* table full - flags == 0, return REFUSED */ /* table full - flags == 0, return REFUSED */
if (forward) if (forward)
{ {
forward->frec_src.source = *udpaddr; forward->frec_src.source = *udpaddr;
forward->frec_src.orig_id = ntohs(header->id); forward->frec_src.orig_id = ntohs(header->id);
forward->frec_src.dest = *dst_addr; forward->frec_src.dest = *dst_addr;
forward->frec_src.iface = dst_iface; forward->frec_src.iface = dst_iface;
skipping to change at line 504 skipping to change at line 560
if (edns0_len > 11) if (edns0_len > 11)
forward->flags |= FREC_HAS_EXTRADATA; forward->flags |= FREC_HAS_EXTRADATA;
/* Reduce udp size on retransmits. */ /* Reduce udp size on retransmits. */
if (forward->flags & FREC_TEST_PKTSZ) if (forward->flags & FREC_TEST_PKTSZ)
PUTSHORT(SAFE_PKTSZ, pheader); PUTSHORT(SAFE_PKTSZ, pheader);
} }
while (1) while (1)
{ {
int fd;
/* only send to servers dealing with our domain. /* only send to servers dealing with our domain.
domain may be NULL, in which case server->domain domain may be NULL, in which case server->domain
must be NULL also. */ must be NULL also. */
if (type == (start->flags & SERV_TYPE) && if (server_test_type(start, domain, type, 0) &&
(type != SERV_HAS_DOMAIN || hostname_isequal(domain, start->domain) ((fd = allocate_rfd(&forward->rfds, start)) != -1))
) && {
!(start->flags & (SERV_LITERAL_ADDRESS | SERV_LOOP)))
{
int fd;
/* find server socket to use, may need to get random one. */
if (start->sfd)
fd = start->sfd->fd;
else
{
if (start->addr.sa.sa_family == AF_INET6)
{
if (!forward->rfd6 &&
!(forward->rfd6 = allocate_rfd(AF_INET6)))
break;
daemon->rfd_save = forward->rfd6;
fd = forward->rfd6->fd;
}
else
{
if (!forward->rfd4 &&
!(forward->rfd4 = allocate_rfd(AF_INET)))
break;
daemon->rfd_save = forward->rfd4;
fd = forward->rfd4->fd;
}
#ifdef HAVE_CONNTRACK #ifdef HAVE_CONNTRACK
/* Copy connection mark of incoming query to outgoing connectio /* Copy connection mark of incoming query to outgoing connection. *
n. */ /
if (option_bool(OPT_CONNTRACK)) if (option_bool(OPT_CONNTRACK))
{ set_outgoing_mark(forward, fd);
unsigned int mark;
if (get_incoming_mark(&forward->frec_src.source, &forward->
frec_src.dest, 0, &mark))
setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigne
d int));
}
#endif #endif
}
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
if (option_bool(OPT_DNSSEC_VALID) && (forward->flags & FREC_ADDED_P HEADER)) if (option_bool(OPT_DNSSEC_VALID) && (forward->flags & FREC_ADDED_P HEADER))
{ {
/* Difficult one here. If our client didn't send EDNS0, we will have set the UDP /* Difficult one here. If our client didn't send EDNS0, we will have set the UDP
packet size to 512. But that won't provide space for the RRS IGS in many cases. packet size to 512. But that won't provide space for the RRS IGS in many cases.
The RRSIGS will be stripped out before the answer goes back, so the packet should The RRSIGS will be stripped out before the answer goes back, so the packet should
shrink again. So, if we added a do-bit, bump the udp packet size to the value shrink again. So, if we added a do-bit, bump the udp packet size to the value
known to be OK for this server. We check returned size after stripping and set known to be OK for this server. We check returned size after stripping and set
the truncated bit if it's still too big. */ the truncated bit if it's still too big. */
skipping to change at line 577 skipping to change at line 606
if (errno == 0) if (errno == 0)
{ {
#ifdef HAVE_DUMPFILE #ifdef HAVE_DUMPFILE
dump_packet(DUMP_UP_QUERY, (void *)header, plen, NULL, &start-> addr); dump_packet(DUMP_UP_QUERY, (void *)header, plen, NULL, &start-> addr);
#endif #endif
/* Keep info in case we want to re-send this packet */ /* Keep info in case we want to re-send this packet */
daemon->srv_save = start; daemon->srv_save = start;
daemon->packet_len = plen; daemon->packet_len = plen;
daemon->fd_save = fd;
if (!gotname) if (!gotname)
strcpy(daemon->namebuff, "query"); strcpy(daemon->namebuff, "query");
if (start->addr.sa.sa_family == AF_INET) log_query_mysockaddr(F_SERVER | F_FORWARD, daemon->namebuff,
log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, &start->addr, NULL);
(union all_addr *)&start->addr.in.sin_addr, NULL);
else
log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff,
(union all_addr *)&start->addr.in6.sin6_addr, NULL
);
start->queries++; start->queries++;
forwarded = 1; forwarded = 1;
forward->sentto = start; forward->sentto = start;
if (!forward->forwardall) if (!forward->forwardall)
break; break;
forward->forwardall++; forward->forwardall++;
} }
} }
if (!(start = start->next)) if (!(start = start->next))
skipping to change at line 611 skipping to change at line 637
if (forwarded) if (forwarded)
return 1; return 1;
/* could not send on, prepare to return */ /* could not send on, prepare to return */
header->id = htons(forward->frec_src.orig_id); header->id = htons(forward->frec_src.orig_id);
free_frec(forward); /* cancel */ free_frec(forward); /* cancel */
} }
/* could not send on, return empty answer or address if known for whole domain */ /* could not send on, return empty answer or address if known for whole domain */
frec_err:
if (udpfd != -1) if (udpfd != -1)
{ {
plen = setup_reply(header, plen, addrp, flags, daemon->local_ttl); plen = setup_reply(header, plen, addrp, flags, daemon->local_ttl);
if (oph) if (oph)
plen = add_pseudoheader(header, plen, ((unsigned char *) header) + PACKET SZ, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0); plen = add_pseudoheader(header, plen, ((unsigned char *) header) + PACKET SZ, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0);
send_from(udpfd, option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND), ( char *)header, plen, udpaddr, dst_addr, dst_iface); send_from(udpfd, option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND), ( char *)header, plen, udpaddr, dst_addr, dst_iface);
} }
return 0; return 0;
} }
skipping to change at line 734 skipping to change at line 761
if (!(header->hb4 & HB4_RA) && rcode == NOERROR && if (!(header->hb4 & HB4_RA) && rcode == NOERROR &&
server && !(server->flags & SERV_WARNED_RECURSIVE)) server && !(server->flags & SERV_WARNED_RECURSIVE))
{ {
(void)prettyprint_addr(&server->addr, daemon->namebuff); (void)prettyprint_addr(&server->addr, daemon->namebuff);
my_syslog(LOG_WARNING, _("nameserver %s refused to do a recursive query"), daemon->namebuff); my_syslog(LOG_WARNING, _("nameserver %s refused to do a recursive query"), daemon->namebuff);
if (!option_bool(OPT_LOG)) if (!option_bool(OPT_LOG))
server->flags |= SERV_WARNED_RECURSIVE; server->flags |= SERV_WARNED_RECURSIVE;
} }
if (daemon->bogus_addr && rcode != NXDOMAIN && if (daemon->bogus_addr && rcode != NXDOMAIN &&
check_for_bogus_wildcard(header, n, daemon->namebuff, daemon->bogus_addr, now)) check_for_bogus_wildcard(header, n, daemon->namebuff, now))
{ {
munged = 1; munged = 1;
SET_RCODE(header, NXDOMAIN); SET_RCODE(header, NXDOMAIN);
header->hb3 &= ~HB3_AA; header->hb3 &= ~HB3_AA;
cache_secure = 0; cache_secure = 0;
} }
else else
{ {
int doctored = 0; int doctored = 0;
skipping to change at line 808 skipping to change at line 835
header->hb3 &= ~HB3_TC; header->hb3 &= ~HB3_TC;
} }
/* the bogus-nxdomain stuff, doctor and NXDOMAIN->NODATA munging can all elide /* the bogus-nxdomain stuff, doctor and NXDOMAIN->NODATA munging can all elide
sections of the packet. Find the new length here and put back pseudoheader sections of the packet. Find the new length here and put back pseudoheader
if it was removed. */ if it was removed. */
return resize_packet(header, n, pheader, plen); return resize_packet(header, n, pheader, plen);
} }
/* sets new last_server */ /* sets new last_server */
void reply_query(int fd, int family, time_t now) void reply_query(int fd, time_t now)
{ {
/* packet from peer server, extract data for cache, and send to /* packet from peer server, extract data for cache, and send to
original requester */ original requester */
struct dns_header *header; struct dns_header *header;
union mysockaddr serveraddr; union mysockaddr serveraddr;
struct frec *forward; struct frec *forward;
socklen_t addrlen = sizeof(serveraddr); socklen_t addrlen = sizeof(serveraddr);
ssize_t n = recvfrom(fd, daemon->packet, daemon->packet_buff_sz, 0, &serveradd r.sa, &addrlen); ssize_t n = recvfrom(fd, daemon->packet, daemon->packet_buff_sz, 0, &serveradd r.sa, &addrlen);
size_t nn; size_t nn;
struct server *server; struct server *server;
void *hash; void *hash;
/* packet buffer overwritten */ /* packet buffer overwritten */
daemon->srv_save = NULL; daemon->srv_save = NULL;
/* Determine the address of the server replying so that we can mark that as g ood */ /* Determine the address of the server replying so that we can mark that as g ood */
if ((serveraddr.sa.sa_family = family) == AF_INET6) if (serveraddr.sa.sa_family == AF_INET6)
serveraddr.in6.sin6_flowinfo = 0; serveraddr.in6.sin6_flowinfo = 0;
header = (struct dns_header *)daemon->packet; header = (struct dns_header *)daemon->packet;
if (n < (int)sizeof(struct dns_header) || !(header->hb3 & HB3_QR)) if (n < (int)sizeof(struct dns_header) || !(header->hb3 & HB3_QR))
return; return;
/* spoof check: answer must come from known server, */ /* spoof check: answer must come from known server, */
for (server = daemon->servers; server; server = server->next) for (server = daemon->servers; server; server = server->next)
if (!(server->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) && if (!(server->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) &&
skipping to change at line 848 skipping to change at line 875
if (!server) if (!server)
return; return;
/* If sufficient time has elapsed, try and expand UDP buffer size again. */ /* If sufficient time has elapsed, try and expand UDP buffer size again. */
if (difftime(now, server->pktsz_reduced) > UDP_TEST_TIME) if (difftime(now, server->pktsz_reduced) > UDP_TEST_TIME)
server->edns_pktsz = daemon->edns_pktsz; server->edns_pktsz = daemon->edns_pktsz;
hash = hash_questions(header, n, daemon->namebuff); hash = hash_questions(header, n, daemon->namebuff);
if (!(forward = lookup_frec(ntohs(header->id), fd, family, hash))) if (!(forward = lookup_frec(ntohs(header->id), fd, hash)))
return; return;
#ifdef HAVE_DUMPFILE #ifdef HAVE_DUMPFILE
dump_packet((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) ? DUMP_SEC_ REPLY : DUMP_UP_REPLY, dump_packet((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) ? DUMP_SEC_ REPLY : DUMP_UP_REPLY,
(void *)header, n, &serveraddr, NULL); (void *)header, n, &serveraddr, NULL);
#endif #endif
/* log_query gets called indirectly all over the place, so /* log_query gets called indirectly all over the place, so
pass these in global variables - sorry. */ pass these in global variables - sorry. */
daemon->log_display_id = forward->frec_src.log_id; daemon->log_display_id = forward->frec_src.log_id;
daemon->log_source_addr = &forward->frec_src.source; daemon->log_source_addr = &forward->frec_src.source;
if (daemon->ignore_addr && RCODE(header) == NOERROR && if (daemon->ignore_addr && RCODE(header) == NOERROR &&
check_for_ignored_address(header, n, daemon->ignore_addr)) check_for_ignored_address(header, n))
return; return;
/* Note: if we send extra options in the EDNS0 header, we can't recreate /* Note: if we send extra options in the EDNS0 header, we can't recreate
the query from the reply. */ the query from the reply. */
if ((RCODE(header) == REFUSED || RCODE(header) == SERVFAIL) && if ((RCODE(header) == REFUSED || RCODE(header) == SERVFAIL) &&
forward->forwardall == 0 && forward->forwardall == 0 &&
!(forward->flags & FREC_HAS_EXTRADATA)) !(forward->flags & FREC_HAS_EXTRADATA))
/* for broken servers, attempt to send to another one. */ /* for broken servers, attempt to send to another one. */
{ {
unsigned char *pheader; unsigned char *pheader;
skipping to change at line 901 skipping to change at line 928
if (!(start = start->next)) if (!(start = start->next))
start = daemon->servers; start = daemon->servers;
if (start == forward->sentto) if (start == forward->sentto)
break; break;
if ((start->flags & SERV_TYPE) == 0 && if ((start->flags & SERV_TYPE) == 0 &&
(start->flags & SERV_DO_DNSSEC)) (start->flags & SERV_DO_DNSSEC))
break; break;
} }
fd = -1; if ((fd = allocate_rfd(&forward->rfds, start)) != -1)
server_send_log(start, fd, header, plen,
if (start->sfd) DUMP_SEC_QUERY,
fd = start->sfd->fd; F_NOEXTRA | F_DNSSEC, "retry", "dnssec");
else
{
if (start->addr.sa.sa_family == AF_INET6)
{
/* may have changed family */
if (forward->rfd6 || (forward->rfd6 = allocate_rfd(AF_INET6)))
fd = forward->rfd6->fd;
}
else
{
/* may have changed family */
if (forward->rfd4 || (forward->rfd4 = allocate_rfd(AF_INET)))
fd = forward->rfd4->fd;
}
}
/* Can't get socket. */
if (fd == -1)
return;
#ifdef HAVE_DUMPFILE
dump_packet(DUMP_SEC_QUERY, (void *)header, (size_t)plen, NULL, &start-
>addr);
#endif
while (retry_send(sendto(fd, (char *)header, plen, 0,
&start->addr.sa,
sa_len(&start->addr))));
if (start->addr.sa.sa_family == AF_INET)
log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (union all_addr *)&
start->addr.in.sin_addr, "dnssec");
else
log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (union all_addr *)&
start->addr.in6.sin6_addr, "dnssec");
return; return;
} }
#endif #endif
/* In strict order mode, there must be a server later in the chain /* In strict order mode, there must be a server later in the chain
left to send to, otherwise without the forwardall mechanism, left to send to, otherwise without the forwardall mechanism,
code further on will cycle around the list forwever if they code further on will cycle around the list forwever if they
all return REFUSED. Note that server is always non-NULL before all return REFUSED. Note that server is always non-NULL before
this executes. */ this executes. */
if (option_bool(OPT_ORDER)) if (option_bool(OPT_ORDER))
skipping to change at line 1107 skipping to change at line 1101
/* Find server to forward to. This will normally be the /* Find server to forward to. This will normally be the
same as for the original query, but may be another if same as for the original query, but may be another if
servers for domains are involved. */ servers for domains are involved. */
if (search_servers(now, NULL, F_DNSSECOK, daemon->keyname, &type, &domain, NULL) == 0) if (search_servers(now, NULL, F_DNSSECOK, daemon->keyname, &type, &domain, NULL) == 0)
{ {
struct server *start, *new_server = NULL; struct server *start, *new_server = NULL;
start = server = forward->sentto; start = server = forward->sentto;
while (1) while (1)
{ {
if (type == (start->flags & (SERV_TYPE | SERV_DO_DN if (server_test_type(start, domain, type, SERV_DO_D
SSEC)) && NSSEC))
((type & SERV_TYPE) != SERV_HAS_DOMAIN || hostn
ame_isequal(domain, start->domain)) &&
!(start->flags & (SERV_LITERAL_ADDRESS | SERV_L
OOP)))
{ {
new_server = start; new_server = start;
if (server == start) if (server == start)
{ {
new_server = NULL; new_server = NULL;
break; break;
} }
} }
if (!(start = start->next)) if (!(start = start->next))
start = daemon->servers; start = daemon->servers;
if (start == server) if (start == server)
break; break;
} }
if (new_server) if (new_server)
server = new_server; server = new_server;
} }
new->sentto = server; new->sentto = server;
new->rfd4 = NULL; new->rfds = NULL;
new->rfd6 = NULL;
new->frec_src.next = NULL; new->frec_src.next = NULL;
new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_HA S_EXTRADATA); new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_HA S_EXTRADATA);
new->forwardall = 0; new->forwardall = 0;
new->dependent = forward; /* to find query awaiting new one . */ new->dependent = forward; /* to find query awaiting new one . */
forward->blocking_query = new; /* for garbage cleaning */ forward->blocking_query = new; /* for garbage cleaning */
/* validate routines leave name of required record in daemo n->keyname */ /* validate routines leave name of required record in daemo n->keyname */
if (status == STAT_NEED_KEY) if (status == STAT_NEED_KEY)
{ {
new->flags |= FREC_DNSKEY_QUERY; new->flags |= FREC_DNSKEY_QUERY;
skipping to change at line 1153 skipping to change at line 1144
} }
else else
{ {
new->flags |= FREC_DS_QUERY; new->flags |= FREC_DS_QUERY;
querytype = T_DS; querytype = T_DS;
} }
nn = dnssec_generate_query(header,((unsigned char *) header ) + server->edns_pktsz, nn = dnssec_generate_query(header,((unsigned char *) header ) + server->edns_pktsz,
daemon->keyname, forward->class, querytype, server->edns_pktsz); daemon->keyname, forward->class, querytype, server->edns_pktsz);
if (server->addr.sa.sa_family == AF_INET)
log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, daemon->keyname,
(union all_addr *)&(server->addr.in.sin_addr),
querystr("dnssec-query", querytype));
else
log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, daemon->keyname,
(union all_addr *)&(server->addr.in6.sin6_addr),
querystr("dnssec-query", querytype));
memcpy(new->hash, hash_questions(header, nn, daemon->namebu ff), HASH_SIZE); memcpy(new->hash, hash_questions(header, nn, daemon->namebu ff), HASH_SIZE);
new->new_id = get_id(); new->new_id = get_id();
header->id = htons(new->new_id); header->id = htons(new->new_id);
/* Save query for retransmission */ /* Save query for retransmission */
new->stash = blockdata_alloc((char *)header, nn); new->stash = blockdata_alloc((char *)header, nn);
new->stash_len = nn; new->stash_len = nn;
/* Don't resend this. */ /* Don't resend this. */
daemon->srv_save = NULL; daemon->srv_save = NULL;
if (server->sfd) if ((fd = allocate_rfd(&new->rfds, server)) != -1)
fd = server->sfd->fd;
else
{
fd = -1;
if (server->addr.sa.sa_family == AF_INET6)
{
if (new->rfd6 || (new->rfd6 = allocate_rfd(AF_INET6
)))
fd = new->rfd6->fd;
}
else
{
if (new->rfd4 || (new->rfd4 = allocate_rfd(AF_INET)
))
fd = new->rfd4->fd;
}
}
if (fd != -1)
{ {
#ifdef HAVE_CONNTRACK #ifdef HAVE_CONNTRACK
/* Copy connection mark of incoming query to outgoing c onnection. */
if (option_bool(OPT_CONNTRACK)) if (option_bool(OPT_CONNTRACK))
{ set_outgoing_mark(orig, fd);
unsigned int mark;
if (get_incoming_mark(&orig->frec_src.source, &orig
->frec_src.dest, 0, &mark))
setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof
(unsigned int));
}
#endif
#ifdef HAVE_DUMPFILE
dump_packet(DUMP_SEC_QUERY, (void *)header, (size_t)nn,
NULL, &server->addr);
#endif #endif
server_send_log(server, fd, header, nn, DUMP_SEC_QUERY,
while (retry_send(sendto(fd, (char *)header, nn, 0, F_NOEXTRA | F_DNSSEC, daemon->keyname,
&server->addr.sa, querystr("dnssec-query", querytype));
sa_len(&server->addr))));
server->queries++; server->queries++;
} }
} }
return; return;
} }
/* Validated original answer, all done. */ /* Validated original answer, all done. */
if (!forward->dependent) if (!forward->dependent)
break; break;
skipping to change at line 1563 skipping to change at line 1520
dump_packet(DUMP_QUERY, daemon->packet, (size_t)n, &source_addr, NULL); dump_packet(DUMP_QUERY, daemon->packet, (size_t)n, &source_addr, NULL);
#endif #endif
if (extract_request(header, (size_t)n, daemon->namebuff, &type)) if (extract_request(header, (size_t)n, daemon->namebuff, &type))
{ {
#ifdef HAVE_AUTH #ifdef HAVE_AUTH
struct auth_zone *zone; struct auth_zone *zone;
#endif #endif
char *types = querystr(auth_dns ? "auth" : "query", type); char *types = querystr(auth_dns ? "auth" : "query", type);
if (family == AF_INET) log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff,
log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, &source_addr, types);
(union all_addr *)&source_addr.in.sin_addr, types);
else
log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff,
(union all_addr *)&source_addr.in6.sin6_addr, types);
#ifdef HAVE_AUTH #ifdef HAVE_AUTH
/* find queries for zones we're authoritative for, and answer them directl y */ /* find queries for zones we're authoritative for, and answer them directl y */
if (!auth_dns && !option_bool(OPT_LOCALISE)) if (!auth_dns && !option_bool(OPT_LOCALISE))
for (zone = daemon->auth_zones; zone; zone = zone->next) for (zone = daemon->auth_zones; zone; zone = zone->next)
if (in_zone(zone, daemon->namebuff, NULL)) if (in_zone(zone, daemon->namebuff, NULL))
{ {
auth_dns = 1; auth_dns = 1;
local_auth = 1; local_auth = 1;
break; break;
skipping to change at line 1730 skipping to change at line 1683
if (!(server = server->next)) if (!(server = server->next))
server = daemon->servers; server = daemon->servers;
if (server == firstsendto) if (server == firstsendto)
{ {
/* can't find server to accept our query. */ /* can't find server to accept our query. */
new_status = STAT_ABANDONED; new_status = STAT_ABANDONED;
break; break;
} }
} }
if (type != (server->flags & (SERV_TYPE | SERV_DO_DNSSEC)) || if (!server_test_type(server, domain, type, SERV_DO_DNSSEC))
(type == SERV_HAS_DOMAIN && !hostname_isequal(domain, server->domai
n)) ||
(server->flags & (SERV_LITERAL_ADDRESS | SERV_LOOP)))
continue; continue;
retry: retry:
/* may need to make new connection. */ /* may need to make new connection. */
if (server->tcpfd == -1) if (server->tcpfd == -1)
{ {
if ((server->tcpfd = socket(server->addr.sa.sa_family, SOCK_STREAM, 0)) == -1) if ((server->tcpfd = socket(server->addr.sa.sa_family, SOCK_STREAM, 0)) == -1)
continue; /* No good, next server */ continue; /* No good, next server */
#ifdef HAVE_CONNTRACK #ifdef HAVE_CONNTRACK
skipping to change at line 1756 skipping to change at line 1707
#endif #endif
if (!local_bind(server->tcpfd, &server->source_addr, server->inter face, 0, 1)) if (!local_bind(server->tcpfd, &server->source_addr, server->inter face, 0, 1))
{ {
close(server->tcpfd); close(server->tcpfd);
server->tcpfd = -1; server->tcpfd = -1;
continue; /* No good, next server */ continue; /* No good, next server */
} }
#ifdef MSG_FASTOPEN #ifdef MSG_FASTOPEN
while(retry_send(sendto(server->tcpfd, packet, m + sizeof(u16), server_send(server, server->tcpfd, packet, m + sizeof(u16), MSG_FAS
MSG_FASTOPEN, &server->addr.sa, sa_len(&ser TOPEN);
ver->addr))));
if (errno == 0) if (errno == 0)
data_sent = 1; data_sent = 1;
#endif #endif
if (!data_sent && connect(server->tcpfd, &server->addr.sa, sa_len(& server->addr)) == -1) if (!data_sent && connect(server->tcpfd, &server->addr.sa, sa_len(& server->addr)) == -1)
{ {
close(server->tcpfd); close(server->tcpfd);
server->tcpfd = -1; server->tcpfd = -1;
continue; /* No good, next server */ continue; /* No good, next server */
skipping to change at line 1789 skipping to change at line 1739
server->tcpfd = -1; server->tcpfd = -1;
/* We get data then EOF, reopen connection to same server, /* We get data then EOF, reopen connection to same server,
else try next. This avoids DoS from a server which accepts else try next. This avoids DoS from a server which accepts
connections and then closes them. */ connections and then closes them. */
if (server->flags & SERV_GOT_TCP) if (server->flags & SERV_GOT_TCP)
goto retry; goto retry;
else else
continue; continue;
} }
if (server->addr.sa.sa_family == AF_INET) log_query_mysockaddr(F_NOEXTRA | F_DNSSEC, keyname, &server->addr,
log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, keyname, (union all_addr *)&
(server->addr.in.sin_addr),
querystr("dnssec-query", new_status == STAT_NEED_KEY ? T_DN
SKEY : T_DS));
else
log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, keyname, (union all_addr *)&
(server->addr.in6.sin6_addr),
querystr("dnssec-query", new_status == STAT_NEED_KEY ? T_DN SKEY : T_DS)); querystr("dnssec-query", new_status == STAT_NEED_KEY ? T_DN SKEY : T_DS));
server->flags |= SERV_GOT_TCP; server->flags |= SERV_GOT_TCP;
m = (c1 << 8) | c2; m = (c1 << 8) | c2;
new_status = tcp_key_recurse(now, new_status, new_header, m, class, nam e, keyname, server, have_mark, mark, keycount); new_status = tcp_key_recurse(now, new_status, new_header, m, class, nam e, keyname, server, have_mark, mark, keycount);
break; break;
} }
if (new_status != STAT_OK) if (new_status != STAT_OK)
skipping to change at line 1932 skipping to change at line 1878
if ((checking_disabled = header->hb4 & HB4_CD)) if ((checking_disabled = header->hb4 & HB4_CD))
no_cache_dnssec = 1; no_cache_dnssec = 1;
if ((gotname = extract_request(header, (unsigned int)size, daemon->namebuf f, &qtype))) if ((gotname = extract_request(header, (unsigned int)size, daemon->namebuf f, &qtype)))
{ {
#ifdef HAVE_AUTH #ifdef HAVE_AUTH
struct auth_zone *zone; struct auth_zone *zone;
#endif #endif
char *types = querystr(auth_dns ? "auth" : "query", qtype); char *types = querystr(auth_dns ? "auth" : "query", qtype);
if (peer_addr.sa.sa_family == AF_INET) log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff,
log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, &peer_addr, types);
(union all_addr *)&peer_addr.in.sin_addr, types);
else
log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff,
(union all_addr *)&peer_addr.in6.sin6_addr, types);
#ifdef HAVE_AUTH #ifdef HAVE_AUTH
/* find queries for zones we're authoritative for, and answer them dire ctly */ /* find queries for zones we're authoritative for, and answer them dire ctly */
if (!auth_dns && !option_bool(OPT_LOCALISE)) if (!auth_dns && !option_bool(OPT_LOCALISE))
for (zone = daemon->auth_zones; zone; zone = zone->next) for (zone = daemon->auth_zones; zone; zone = zone->next)
if (in_zone(zone, daemon->namebuff, NULL)) if (in_zone(zone, daemon->namebuff, NULL))
{ {
auth_dns = 1; auth_dns = 1;
local_auth = 1; local_auth = 1;
break; break;
skipping to change at line 2052 skipping to change at line 1994
else else
{ {
if (!(last_server = last_server->next)) if (!(last_server = last_server->next))
last_server = daemon->servers; last_server = daemon->servers;
if (last_server == firstsendto) if (last_server == firstsendto)
break; break;
} }
/* server for wrong domain */ /* server for wrong domain */
if (type != (last_server->flags & SERV_TYPE) || if (!server_test_type(last_server, domain, type, 0))
(type == SERV_HAS_DOMAIN && !hostname_isequal(domain, l
ast_server->domain)) ||
(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_LOOP
)))
continue; continue;
retry: retry:
*length = htons(size); *length = htons(size);
if (last_server->tcpfd == -1) if (last_server->tcpfd == -1)
{ {
if ((last_server->tcpfd = socket(last_server->addr.sa.s a_family, SOCK_STREAM, 0)) == -1) if ((last_server->tcpfd = socket(last_server->addr.sa.s a_family, SOCK_STREAM, 0)) == -1)
continue; continue;
skipping to change at line 2079 skipping to change at line 2019
#endif #endif
if ((!local_bind(last_server->tcpfd, &last_server->sou rce_addr, last_server->interface, 0, 1))) if ((!local_bind(last_server->tcpfd, &last_server->sou rce_addr, last_server->interface, 0, 1)))
{ {
close(last_server->tcpfd); close(last_server->tcpfd);
last_server->tcpfd = -1; last_server->tcpfd = -1;
continue; continue;
} }
#ifdef MSG_FASTOPEN #ifdef MSG_FASTOPEN
while(retry_send(sendto(last_server->tcpfd, packet, s server_send(last_server, last_server->tcpfd, packet,
ize + sizeof(u16), size + sizeof(u16), MSG_FASTOPEN);
MSG_FASTOPEN, &last_server->a
ddr.sa, sa_len(&last_server->addr))));
if (errno == 0) if (errno == 0)
data_sent = 1; data_sent = 1;
#endif #endif
if (!data_sent && connect(last_server->tcpfd, &last_s erver->addr.sa, sa_len(&last_server->addr)) == -1) if (!data_sent && connect(last_server->tcpfd, &last_s erver->addr.sa, sa_len(&last_server->addr)) == -1)
{ {
close(last_server->tcpfd); close(last_server->tcpfd);
last_server->tcpfd = -1; last_server->tcpfd = -1;
continue; continue;
skipping to change at line 2120 skipping to change at line 2059
if (last_server->flags & SERV_GOT_TCP) if (last_server->flags & SERV_GOT_TCP)
goto retry; goto retry;
else else
continue; continue;
} }
last_server->flags |= SERV_GOT_TCP; last_server->flags |= SERV_GOT_TCP;
m = (c1 << 8) | c2; m = (c1 << 8) | c2;
if (last_server->addr.sa.sa_family == AF_INET) log_query_mysockaddr(F_SERVER | F_FORWARD, daemon->namebuff
log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff ,
, &last_server->addr, NULL);
(union all_addr *)&last_server->addr.in.sin_add
r, NULL);
else
log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff
,
(union all_addr *)&last_server->addr.in6.sin6_a
ddr, NULL);
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
if (option_bool(OPT_DNSSEC_VALID) && !checking_disabled && (last_server->flags & SERV_DO_DNSSEC)) if (option_bool(OPT_DNSSEC_VALID) && !checking_disabled && (last_server->flags & SERV_DO_DNSSEC))
{ {
int keycount = DNSSEC_WORK; /* Limit to number of DNSSE C questions, to catch loops and avoid filling cache. */ int keycount = DNSSEC_WORK; /* Limit to number of DNSSE C questions, to catch loops and avoid filling cache. */
int status = tcp_key_recurse(now, STAT_OK, header, m, 0 , daemon->namebuff, daemon->keyname, int status = tcp_key_recurse(now, STAT_OK, header, m, 0 , daemon->namebuff, daemon->keyname,
last_server, have_mark, ma rk, &keycount); last_server, have_mark, ma rk, &keycount);
char *result, *domain = "result"; char *result, *domain = "result";
if (status == STAT_ABANDONED) if (status == STAT_ABANDONED)
skipping to change at line 2218 skipping to change at line 2153
static struct frec *allocate_frec(time_t now) static struct frec *allocate_frec(time_t now)
{ {
struct frec *f; struct frec *f;
if ((f = (struct frec *)whine_malloc(sizeof(struct frec)))) if ((f = (struct frec *)whine_malloc(sizeof(struct frec))))
{ {
f->next = daemon->frec_list; f->next = daemon->frec_list;
f->time = now; f->time = now;
f->sentto = NULL; f->sentto = NULL;
f->rfd4 = NULL; f->rfds = NULL;
f->flags = 0; f->flags = 0;
f->rfd6 = NULL;
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
f->dependent = NULL; f->dependent = NULL;
f->blocking_query = NULL; f->blocking_query = NULL;
f->stash = NULL; f->stash = NULL;
#endif #endif
daemon->frec_list = f; daemon->frec_list = f;
} }
return f; return f;
} }
struct randfd *allocate_rfd(int family) /* return a UDP socket bound to a random port, have to cope with straying into
occupied port nos and reserved ones. */
static int random_sock(struct server *s)
{
int fd;
if ((fd = socket(s->source_addr.sa.sa_family, SOCK_DGRAM, 0)) != -1)
{
if (local_bind(fd, &s->source_addr, s->interface, s->ifindex, 0))
return fd;
if (s->interface[0] == 0)
(void)prettyprint_addr(&s->source_addr, daemon->namebuff);
else
strcpy(daemon->namebuff, s->interface);
my_syslog(LOG_ERR, _("failed to bind server socket to %s: %s"),
daemon->namebuff, strerror(errno));
close(fd);
}
return -1;
}
/* compare source addresses and interface, serv2 can be null. */
static int server_isequal(const struct server *serv1,
const struct server *serv2)
{
return (serv2 &&
serv2->ifindex == serv1->ifindex &&
sockaddr_isequal(&serv2->source_addr, &serv1->source_addr) &&
strncmp(serv2->interface, serv1->interface, IF_NAMESIZE) == 0);
}
/* fdlp points to chain of randomfds already in use by transaction.
If there's already a suitable one, return it, else allocate a
new one and add it to the list.
Not leaking any resources in the face of allocation failures
is rather convoluted here.
Note that rfd->serv may be NULL, when a server goes away.
*/
int allocate_rfd(struct randfd_list **fdlp, struct server *serv)
{ {
static int finger = 0; static int finger = 0;
int i; int i, j = 0;
struct randfd_list *rfl;
struct randfd *rfd = NULL;
int fd = 0;
/* If server has a pre-allocated fd, use that. */
if (serv->sfd)
return serv->sfd->fd;
/* existing suitable random port socket linked to this transaction? */
for (rfl = *fdlp; rfl; rfl = rfl->next)
if (server_isequal(serv, rfl->rfd->serv))
return rfl->rfd->fd;
/* No. need new link. */
if ((rfl = daemon->rfl_spare))
daemon->rfl_spare = rfl->next;
else if (!(rfl = whine_malloc(sizeof(struct randfd_list))))
return -1;
/* limit the number of sockets we have open to avoid starvation of /* limit the number of sockets we have open to avoid starvation of
(eg) TFTP. Once we have a reasonable number, randomness should be OK */ (eg) TFTP. Once we have a reasonable number, randomness should be OK */
for (i = 0; i < daemon->numrrand; i++)
for (i = 0; i < RANDOM_SOCKS; i++)
if (daemon->randomsocks[i].refcount == 0) if (daemon->randomsocks[i].refcount == 0)
{ {
if ((daemon->randomsocks[i].fd = random_sock(family)) == -1) if ((fd = random_sock(serv)) != -1)
break; {
rfd = &daemon->randomsocks[i];
daemon->randomsocks[i].refcount = 1; rfd->serv = serv;
daemon->randomsocks[i].family = family; rfd->fd = fd;
return &daemon->randomsocks[i]; rfd->refcount = 1;
}
break;
} }
/* No free ones or cannot get new socket, grab an existing one */ /* No free ones or cannot get new socket, grab an existing one */
for (i = 0; i < RANDOM_SOCKS; i++) if (!rfd)
for (j = 0; j < daemon->numrrand; j++)
{
i = (j + finger) % daemon->numrrand;
if (daemon->randomsocks[i].refcount != 0 &&
server_isequal(serv, daemon->randomsocks[i].serv) &&
daemon->randomsocks[i].refcount != 0xfffe)
{
finger = i + 1;
rfd = &daemon->randomsocks[i];
rfd->refcount++;
break;
}
}
if (j == daemon->numrrand)
{ {
int j = (i+finger) % RANDOM_SOCKS; struct randfd_list *rfl_poll;
if (daemon->randomsocks[j].refcount != 0 &&
daemon->randomsocks[j].family == family && /* there are no free slots, and non with the same parameters we can piggy-
daemon->randomsocks[j].refcount != 0xffff) back on.
We're going to have to allocate a new temporary record, distinguished by
refcount == 0xffff. This will exist in the frec randfd list, never be sh
ared,
and be freed when no longer in use. It will also be held on
the daemon->rfl_poll list so the poll system can find it. */
if ((rfl_poll = daemon->rfl_spare))
daemon->rfl_spare = rfl_poll->next;
else
rfl_poll = whine_malloc(sizeof(struct randfd_list));
if (!rfl_poll ||
!(rfd = whine_malloc(sizeof(struct randfd))) ||
(fd = random_sock(serv)) == -1)
{ {
finger = j;
daemon->randomsocks[j].refcount++; /* Don't leak anything we may already have */
return &daemon->randomsocks[j]; rfl->next = daemon->rfl_spare;
daemon->rfl_spare = rfl;
if (rfl_poll)
{
rfl_poll->next = daemon->rfl_spare;
daemon->rfl_spare = rfl_poll;
}
if (rfd)
free(rfd);
return -1; /* doom */
} }
/* Note rfd->serv not set here, since it's not reused */
rfd->fd = fd;
rfd->refcount = 0xffff; /* marker for temp record */
rfl_poll->rfd = rfd;
rfl_poll->next = daemon->rfl_poll;
daemon->rfl_poll = rfl_poll;
} }
return NULL; /* doom */ rfl->rfd = rfd;
rfl->next = *fdlp;
*fdlp = rfl;
return rfl->rfd->fd;
} }
void free_rfd(struct randfd *rfd) void free_rfds(struct randfd_list **fdlp)
{ {
if (rfd && --(rfd->refcount) == 0) struct randfd_list *tmp, *rfl, *poll, *next, **up;
close(rfd->fd);
for (rfl = *fdlp; rfl; rfl = tmp)
{
if (rfl->rfd->refcount == 0xffff || --(rfl->rfd->refcount) == 0)
close(rfl->rfd->fd);
/* temporary overflow record */
if (rfl->rfd->refcount == 0xffff)
{
free(rfl->rfd);
/* go through the link of all these by steam to delete.
This list is expected to be almost always empty. */
for (poll = daemon->rfl_poll, up = &daemon->rfl_poll; poll; poll = next
)
{
next = poll->next;
if (poll->rfd == rfl->rfd)
{
*up = poll->next;
poll->next = daemon->rfl_spare;
daemon->rfl_spare = poll;
}
else
up = &poll->next;
}
}
tmp = rfl->next;
rfl->next = daemon->rfl_spare;
daemon->rfl_spare = rfl;
}
*fdlp = NULL;
} }
static void free_frec(struct frec *f) static void free_frec(struct frec *f)
{ {
struct frec_src *last; struct frec_src *last;
/* add back to freelist if not the record builtin to every frec. */ /* add back to freelist if not the record builtin to every frec. */
for (last = f->frec_src.next; last && last->next; last = last->next) ; for (last = f->frec_src.next; last && last->next; last = last->next) ;
if (last) if (last)
{ {
last->next = daemon->free_frec_src; last->next = daemon->free_frec_src;
daemon->free_frec_src = f->frec_src.next; daemon->free_frec_src = f->frec_src.next;
} }
f->frec_src.next = NULL; f->frec_src.next = NULL;
free_rfd(f->rfd4); free_rfds(&f->rfds);
f->rfd4 = NULL;
f->sentto = NULL; f->sentto = NULL;
f->flags = 0; f->flags = 0;
free_rfd(f->rfd6);
f->rfd6 = NULL;
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
if (f->stash) if (f->stash)
{ {
blockdata_free(f->stash); blockdata_free(f->stash);
f->stash = NULL; f->stash = NULL;
} }
/* Anything we're waiting on is pointless now, too */ /* Anything we're waiting on is pointless now, too */
if (f->blocking_query) if (f->blocking_query)
skipping to change at line 2375 skipping to change at line 2452
{ {
free_frec(oldest); free_frec(oldest);
oldest->time = now; oldest->time = now;
} }
return oldest; return oldest;
} }
/* none available, calculate time 'till oldest record expires */ /* none available, calculate time 'till oldest record expires */
if (!force && count > daemon->ftabsize) if (!force && count > daemon->ftabsize)
{ {
static time_t last_log = 0;
if (oldest && wait) if (oldest && wait)
*wait = oldest->time + (time_t)TIMEOUT - now; *wait = oldest->time + (time_t)TIMEOUT - now;
if ((int)difftime(now, last_log) > 5) query_full(now);
{
last_log = now;
my_syslog(LOG_WARNING, _("Maximum number of concurrent DNS queries reac
hed (max: %d)"), daemon->ftabsize);
}
return NULL; return NULL;
} }
if (!(f = allocate_frec(now)) && wait) if (!(f = allocate_frec(now)) && wait)
/* wait one second on malloc failure */ /* wait one second on malloc failure */
*wait = 1; *wait = 1;
return f; /* OK if malloc fails and this is NULL */ return f; /* OK if malloc fails and this is NULL */
} }
static struct frec *lookup_frec(unsigned short id, int fd, int family, void *has static void query_full(time_t now)
h) {
static time_t last_log = 0;
if ((int)difftime(now, last_log) > 5)
{
last_log = now;
my_syslog(LOG_WARNING, _("Maximum number of concurrent DNS queries reached
(max: %d)"), daemon->ftabsize);
}
}
static struct frec *lookup_frec(unsigned short id, int fd, void *hash)
{ {
struct frec *f; struct frec *f;
struct server *s;
int type;
struct randfd_list *fdl;
for(f = daemon->frec_list; f; f = f->next) for(f = daemon->frec_list; f; f = f->next)
if (f->sentto && f->new_id == id && if (f->sentto && f->new_id == id &&
(memcmp(hash, f->hash, HASH_SIZE) == 0)) (memcmp(hash, f->hash, HASH_SIZE) == 0))
{ {
/* sent from random port */ /* sent from random port */
if (family == AF_INET && f->rfd4 && f->rfd4->fd == fd) for (fdl = f->rfds; fdl; fdl = fdl->next)
if (fdl->rfd->fd == fd)
return f; return f;
if (family == AF_INET6 && f->rfd6 && f->rfd6->fd == fd) /* Sent to upstream from socket associated with a server.
return f; Note we have to iterate over all the possible servers, since they may
have different bound sockets. */
type = f->sentto->flags & SERV_TYPE;
s = f->sentto;
do {
if (server_test_type(s, f->sentto->domain, type, 0) &&
s->sfd && s->sfd->fd == fd)
return f;
/* sent to upstream from bound socket. */ s = s->next ? s->next : daemon->servers;
if (f->sentto->sfd && f->sentto->sfd->fd == fd) } while (s != f->sentto);
return f;
} }
return NULL; return NULL;
} }
static struct frec *lookup_frec_by_sender(unsigned short id,
union mysockaddr *addr,
void *hash)
{
struct frec *f;
struct frec_src *src;
for (f = daemon->frec_list; f; f = f->next)
if (f->sentto &&
!(f->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) &&
memcmp(hash, f->hash, HASH_SIZE) == 0)
for (src = &f->frec_src; src; src = src->next)
if (src->orig_id == id &&
sockaddr_isequal(&src->source, addr))
return f;
return NULL;
}
static struct frec *lookup_frec_by_query(void *hash, unsigned int flags) static struct frec *lookup_frec_by_query(void *hash, unsigned int flags)
{ {
struct frec *f; struct frec *f;
/* FREC_DNSKEY and FREC_DS_QUERY are never set in flags, so the test below /* FREC_DNSKEY and FREC_DS_QUERY are never set in flags, so the test below
ensures that no frec created for internal DNSSEC query can be returned here . ensures that no frec created for internal DNSSEC query can be returned here .
Similarly FREC_NO_CACHE is never set in flags, so a query which is Similarly FREC_NO_CACHE is never set in flags, so a query which is
contigent on a particular source address EDNS0 option will never be matched . */ contigent on a particular source address EDNS0 option will never be matched . */
skipping to change at line 2464 skipping to change at line 2537
memcmp(hash, f->hash, HASH_SIZE) == 0) memcmp(hash, f->hash, HASH_SIZE) == 0)
return f; return f;
return NULL; return NULL;
} }
/* Send query packet again, if we can. */ /* Send query packet again, if we can. */
void resend_query() void resend_query()
{ {
if (daemon->srv_save) if (daemon->srv_save)
{ server_send(daemon->srv_save, daemon->fd_save,
int fd; daemon->packet, daemon->packet_len, 0);
if (daemon->srv_save->sfd)
fd = daemon->srv_save->sfd->fd;
else if (daemon->rfd_save && daemon->rfd_save->refcount != 0)
fd = daemon->rfd_save->fd;
else
return;
while(retry_send(sendto(fd, daemon->packet, daemon->packet_len, 0,
&daemon->srv_save->addr.sa,
sa_len(&daemon->srv_save->addr))));
}
} }
/* A server record is going away, remove references to it */ /* A server record is going away, remove references to it */
void server_gone(struct server *server) void server_gone(struct server *server)
{ {
struct frec *f; struct frec *f;
int i;
for (f = daemon->frec_list; f; f = f->next) for (f = daemon->frec_list; f; f = f->next)
if (f->sentto && f->sentto == server) if (f->sentto && f->sentto == server)
free_frec(f); free_frec(f);
/* If any random socket refers to this server, NULL the reference.
No more references to the socket will be created in the future. */
for (i = 0; i < daemon->numrrand; i++)
if (daemon->randomsocks[i].refcount != 0 && daemon->randomsocks[i].serv == s
erver)
daemon->randomsocks[i].serv = NULL;
if (daemon->last_server == server) if (daemon->last_server == server)
daemon->last_server = NULL; daemon->last_server = NULL;
if (daemon->srv_save == server) if (daemon->srv_save == server)
daemon->srv_save = NULL; daemon->srv_save = NULL;
} }
/* return unique random ids. */ /* return unique random ids. */
static unsigned short get_id(void) static unsigned short get_id(void)
{ {
 End of changes. 64 change blocks. 
331 lines changed or deleted 376 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)