"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.11.23/bin/named/include/named/client.h" (7 Sep 2020, 12067 Bytes) of package /linux/misc/dns/bind9/9.11.23/bind-9.11.23.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "client.h" see the Fossies "Dox" file reference documentation.

    1 /*
    2  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
    3  *
    4  * This Source Code Form is subject to the terms of the Mozilla Public
    5  * License, v. 2.0. If a copy of the MPL was not distributed with this
    6  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    7  *
    8  * See the COPYRIGHT file distributed with this work for additional
    9  * information regarding copyright ownership.
   10  */
   11 
   12 #ifndef NAMED_CLIENT_H
   13 #define NAMED_CLIENT_H 1
   14 
   15 /*****
   16  ***** Module Info
   17  *****/
   18 
   19 /*! \file
   20  * \brief
   21  * This module defines two objects, ns_client_t and ns_clientmgr_t.
   22  *
   23  * An ns_client_t object handles incoming DNS requests from clients
   24  * on a given network interface.
   25  *
   26  * Each ns_client_t object can handle only one TCP connection or UDP
   27  * request at a time.  Therefore, several ns_client_t objects are
   28  * typically created to serve each network interface, e.g., one
   29  * for handling TCP requests and a few (one per CPU) for handling
   30  * UDP requests.
   31  *
   32  * Incoming requests are classified as queries, zone transfer
   33  * requests, update requests, notify requests, etc, and handed off
   34  * to the appropriate request handler.  When the request has been
   35  * fully handled (which can be much later), the ns_client_t must be
   36  * notified of this by calling one of the following functions
   37  * exactly once in the context of its task:
   38  * \code
   39  *   ns_client_send()   (sending a non-error response)
   40  *   ns_client_sendraw() (sending a raw response)
   41  *   ns_client_error()  (sending an error response)
   42  *   ns_client_next()   (sending no response)
   43  *\endcode
   44  * This will release any resources used by the request and
   45  * and allow the ns_client_t to listen for the next request.
   46  *
   47  * A ns_clientmgr_t manages a number of ns_client_t objects.
   48  * New ns_client_t objects are created by calling
   49  * ns_clientmgr_createclients(). They are destroyed by
   50  * destroying their manager.
   51  */
   52 
   53 /***
   54  *** Imports
   55  ***/
   56 
   57 #include <inttypes.h>
   58 #include <stdbool.h>
   59 
   60 #include <isc/buffer.h>
   61 #include <isc/magic.h>
   62 #include <isc/stdtime.h>
   63 #include <isc/quota.h>
   64 #include <isc/queue.h>
   65 
   66 #include <dns/db.h>
   67 #include <dns/fixedname.h>
   68 #include <dns/name.h>
   69 #include <dns/rdataclass.h>
   70 #include <dns/rdatatype.h>
   71 #include <dns/tcpmsg.h>
   72 #include <dns/types.h>
   73 
   74 #include <named/types.h>
   75 #include <named/query.h>
   76 
   77 /***
   78  *** Types
   79  ***/
   80 
   81 /*% reference-counted TCP connection object */
   82 typedef struct ns_tcpconn {
   83     isc_refcount_t      clients;    /* Number of clients using
   84                          * this connection. Conn can
   85                          * be freed if goes to 0
   86                          */
   87     isc_quota_t     *tcpquota;
   88     bool            pipelined;
   89 } ns_tcpconn_t;
   90 
   91 /*% nameserver client structure */
   92 struct ns_client {
   93     unsigned int        magic;
   94     isc_mem_t *     mctx;
   95     ns_clientmgr_t *    manager;
   96     int         state;
   97     int         newstate;
   98     int         naccepts;
   99     int         nreads;
  100     int         nsends;
  101     int         nrecvs;
  102     int         nupdates;
  103     int         nctls;
  104     int         references;
  105     bool            tcpactive;
  106     bool            needshutdown;   /*
  107                          * Used by clienttest to get
  108                          * the client to go from
  109                          * inactive to free state
  110                          * by shutting down the
  111                          * client's task.
  112                          */
  113     unsigned int        attributes;
  114     isc_task_t *        task;
  115     dns_view_t *        view;
  116     dns_dispatch_t *    dispatch;
  117     isc_socket_t *      udpsocket;
  118     isc_socket_t *      tcplistener;
  119     isc_socket_t *      tcpsocket;
  120     unsigned char *     tcpbuf;
  121     dns_tcpmsg_t        tcpmsg;
  122     bool        tcpmsg_valid;
  123     isc_timer_t *       timer;
  124     isc_timer_t *       delaytimer;
  125     bool        timerset;
  126     dns_message_t *     message;
  127     isc_socketevent_t * sendevent;
  128     isc_socketevent_t * recvevent;
  129     unsigned char *     recvbuf;
  130     dns_rdataset_t *    opt;
  131     uint16_t        udpsize;
  132     uint16_t        extflags;
  133     int16_t     ednsversion;    /* -1 noedns */
  134     void            (*next)(ns_client_t *);
  135     void            (*shutdown)(void *arg, isc_result_t result);
  136     void            *shutdown_arg;
  137     ns_query_t      query;
  138     isc_time_t      requesttime;
  139     isc_stdtime_t       now;
  140     isc_time_t      tnow;
  141     dns_name_t      signername;   /*%< [T]SIG key name */
  142     dns_name_t      *signer;      /*%< NULL if not valid sig */
  143     bool            mortal;       /*%< Die after handling request */
  144     ns_tcpconn_t        *tcpconn;
  145     isc_quota_t     *recursionquota;
  146     ns_interface_t      *interface;
  147 
  148     isc_sockaddr_t      peeraddr;
  149     bool        peeraddr_valid;
  150     isc_netaddr_t       destaddr;
  151     isc_sockaddr_t      destsockaddr;
  152 
  153     isc_netaddr_t       ecs_addr;   /*%< EDNS client subnet */
  154     uint8_t         ecs_addrlen;
  155     uint8_t         ecs_scope;
  156 
  157     struct in6_pktinfo  pktinfo;
  158     isc_dscp_t      dscp;
  159     isc_event_t     ctlevent;
  160 #ifdef ALLOW_FILTER_AAAA
  161     dns_aaaa_t      filter_aaaa;
  162 #endif
  163     /*%
  164      * Information about recent FORMERR response(s), for
  165      * FORMERR loop avoidance.  This is separate for each
  166      * client object rather than global only to avoid
  167      * the need for locking.
  168      */
  169     struct {
  170         isc_sockaddr_t      addr;
  171         isc_stdtime_t       time;
  172         dns_messageid_t     id;
  173     } formerrcache;
  174 
  175     ISC_LINK(ns_client_t)   link;
  176     ISC_LINK(ns_client_t)   rlink;
  177     ISC_QLINK(ns_client_t)  ilink;
  178     unsigned char       cookie[8];
  179     uint32_t        expire;
  180     unsigned char       *keytag;
  181     uint16_t        keytag_len;
  182 };
  183 
  184 typedef ISC_QUEUE(ns_client_t) client_queue_t;
  185 typedef ISC_LIST(ns_client_t) client_list_t;
  186 
  187 #define NS_CLIENT_MAGIC         ISC_MAGIC('N','S','C','c')
  188 #define NS_CLIENT_VALID(c)      ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC)
  189 
  190 #define NS_CLIENTATTR_TCP       0x0001
  191 #define NS_CLIENTATTR_RA        0x0002 /*%< Client gets recursive service */
  192 #define NS_CLIENTATTR_PKTINFO       0x0004 /*%< pktinfo is valid */
  193 #define NS_CLIENTATTR_MULTICAST     0x0008 /*%< recv'd from multicast */
  194 #define NS_CLIENTATTR_WANTDNSSEC    0x0010 /*%< include dnssec records */
  195 #define NS_CLIENTATTR_WANTNSID          0x0020 /*%< include nameserver ID */
  196 #ifdef ALLOW_FILTER_AAAA
  197 #define NS_CLIENTATTR_FILTER_AAAA   0x0040 /*%< suppress AAAAs */
  198 #define NS_CLIENTATTR_FILTER_AAAA_RC    0x0080 /*%< recursing for A against AAAA */
  199 #endif
  200 #define NS_CLIENTATTR_WANTAD        0x0100 /*%< want AD in response if possible */
  201 #define NS_CLIENTATTR_WANTCOOKIE    0x0200 /*%< return a COOKIE */
  202 #define NS_CLIENTATTR_HAVECOOKIE    0x0400 /*%< has a valid COOKIE */
  203 #define NS_CLIENTATTR_WANTEXPIRE    0x0800 /*%< return seconds to expire */
  204 #define NS_CLIENTATTR_HAVEEXPIRE    0x1000 /*%< return seconds to expire */
  205 #define NS_CLIENTATTR_WANTOPT       0x2000 /*%< add opt to reply */
  206 #define NS_CLIENTATTR_HAVEECS       0x4000 /*%< received an ECS option */
  207 
  208 #define NS_CLIENTATTR_NOSETFC       0x8000 /*%< don't set servfail cache */
  209 
  210 /*
  211  * Flag to use with the SERVFAIL cache to indicate
  212  * that a query had the CD bit set.
  213  */
  214 #define NS_FAILCACHE_CD     0x01
  215 
  216 
  217 
  218 extern unsigned int ns_client_requests;
  219 
  220 /***
  221  *** Functions
  222  ***/
  223 
  224 /*%
  225  * Note!  These ns_client_ routines MUST be called ONLY from the client's
  226  * task in order to ensure synchronization.
  227  */
  228 
  229 void
  230 ns_client_send(ns_client_t *client);
  231 /*%
  232  * Finish processing the current client request and
  233  * send client->message as a response.
  234  * \brief
  235  * Note!  These ns_client_ routines MUST be called ONLY from the client's
  236  * task in order to ensure synchronization.
  237  */
  238 
  239 void
  240 ns_client_sendraw(ns_client_t *client, dns_message_t *msg);
  241 /*%
  242  * Finish processing the current client request and
  243  * send msg as a response using client->message->id for the id.
  244  */
  245 
  246 void
  247 ns_client_error(ns_client_t *client, isc_result_t result);
  248 /*%
  249  * Finish processing the current client request and return
  250  * an error response to the client.  The error response
  251  * will have an RCODE determined by 'result'.
  252  */
  253 
  254 void
  255 ns_client_next(ns_client_t *client, isc_result_t result);
  256 /*%
  257  * Finish processing the current client request,
  258  * return no response to the client.
  259  */
  260 
  261 bool
  262 ns_client_shuttingdown(ns_client_t *client);
  263 /*%
  264  * Return true iff the client is currently shutting down.
  265  */
  266 
  267 void
  268 ns_client_attach(ns_client_t *source, ns_client_t **target);
  269 /*%
  270  * Attach '*targetp' to 'source'.
  271  */
  272 
  273 void
  274 ns_client_detach(ns_client_t **clientp);
  275 /*%
  276  * Detach '*clientp' from its client.
  277  */
  278 
  279 isc_result_t
  280 ns_client_replace(ns_client_t *client);
  281 /*%
  282  * Try to replace the current client with a new one, so that the
  283  * current one can go off and do some lengthy work without
  284  * leaving the dispatch/socket without service.
  285  */
  286 
  287 void
  288 ns_client_settimeout(ns_client_t *client, unsigned int seconds);
  289 /*%
  290  * Set a timer in the client to go off in the specified amount of time.
  291  */
  292 
  293 isc_result_t
  294 ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
  295             isc_timermgr_t *timermgr, ns_clientmgr_t **managerp);
  296 /*%
  297  * Create a client manager.
  298  */
  299 
  300 void
  301 ns_clientmgr_destroy(ns_clientmgr_t **managerp);
  302 /*%
  303  * Destroy a client manager and all ns_client_t objects
  304  * managed by it.
  305  */
  306 
  307 isc_result_t
  308 ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
  309                ns_interface_t *ifp, bool tcp);
  310 /*%
  311  * Create up to 'n' clients listening on interface 'ifp'.
  312  * If 'tcp' is true, the clients will listen for TCP connections,
  313  * otherwise for UDP requests.
  314  */
  315 
  316 isc_sockaddr_t *
  317 ns_client_getsockaddr(ns_client_t *client);
  318 /*%
  319  * Get the socket address of the client whose request is
  320  * currently being processed.
  321  */
  322 
  323 isc_sockaddr_t *
  324 ns_client_getdestaddr(ns_client_t *client);
  325 /*%<
  326  * Get the destination address (server) for the request that is
  327  * currently being processed.
  328  */
  329 
  330 isc_result_t
  331 ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr,
  332              dns_acl_t *acl, bool default_allow);
  333 
  334 /*%
  335  * Convenience function for client request ACL checking.
  336  *
  337  * Check the current client request against 'acl'.  If 'acl'
  338  * is NULL, allow the request iff 'default_allow' is true.
  339  * If netaddr is NULL, check the ACL against client->peeraddr;
  340  * otherwise check it against netaddr.
  341  *
  342  * Notes:
  343  *\li   This is appropriate for checking allow-update,
  344  *  allow-query, allow-transfer, etc.  It is not appropriate
  345  *  for checking the blackhole list because we treat positive
  346  *  matches as "allow" and negative matches as "deny"; in
  347  *  the case of the blackhole list this would be backwards.
  348  *
  349  * Requires:
  350  *\li   'client' points to a valid client.
  351  *\li   'netaddr' points to a valid address, or is NULL.
  352  *\li   'acl' points to a valid ACL, or is NULL.
  353  *
  354  * Returns:
  355  *\li   ISC_R_SUCCESS   if the request should be allowed
  356  * \li  DNS_R_REFUSED   if the request should be denied
  357  *\li   No other return values are possible.
  358  */
  359 
  360 isc_result_t
  361 ns_client_checkacl(ns_client_t  *client,
  362            isc_sockaddr_t *sockaddr,
  363            const char *opname, dns_acl_t *acl,
  364            bool default_allow,
  365            int log_level);
  366 /*%
  367  * Like ns_client_checkaclsilent, except the outcome of the check is
  368  * logged at log level 'log_level' if denied, and at debug 3 if approved.
  369  * Log messages will refer to the request as an 'opname' request.
  370  *
  371  * Requires:
  372  *\li   'client' points to a valid client.
  373  *\li   'sockaddr' points to a valid address, or is NULL.
  374  *\li   'acl' points to a valid ACL, or is NULL.
  375  *\li   'opname' points to a null-terminated string.
  376  */
  377 
  378 void
  379 ns_client_log(ns_client_t *client, isc_logcategory_t *category,
  380           isc_logmodule_t *module, int level,
  381           const char *fmt, ...) ISC_FORMAT_PRINTF(5, 6);
  382 
  383 void
  384 ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
  385            isc_logmodule_t *module, int level, const char *fmt, va_list ap) ISC_FORMAT_PRINTF(5, 0);
  386 
  387 void
  388 ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
  389          dns_rdataclass_t rdclass, char *buf, size_t len);
  390 
  391 #define NS_CLIENT_ACLMSGSIZE(x) \
  392     (DNS_NAME_FORMATSIZE + DNS_RDATATYPE_FORMATSIZE + \
  393      DNS_RDATACLASS_FORMATSIZE + sizeof(x) + sizeof("'/'"))
  394 
  395 void
  396 ns_client_recursing(ns_client_t *client);
  397 /*%
  398  * Add client to end of th recursing list.
  399  */
  400 
  401 void
  402 ns_client_killoldestquery(ns_client_t *client);
  403 /*%
  404  * Kill the oldest recursive query (recursing list head).
  405  */
  406 
  407 void
  408 ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager);
  409 /*%
  410  * Dump the outstanding recursive queries to 'f'.
  411  */
  412 
  413 void
  414 ns_client_qnamereplace(ns_client_t *client, dns_name_t *name);
  415 /*%
  416  * Replace the qname.
  417  */
  418 
  419 bool
  420 ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
  421          isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr,
  422          dns_rdataclass_t rdclass, void *arg);
  423 /*%
  424  * Isself callback.
  425  */
  426 
  427 isc_result_t
  428 ns_client_sourceip(dns_clientinfo_t *ci, isc_sockaddr_t **addrp);
  429 
  430 isc_result_t
  431 ns_client_addopt(ns_client_t *client, dns_message_t *message,
  432          dns_rdataset_t **opt);
  433 
  434 #endif /* NAMED_CLIENT_H */