1 /* 2 * cachedb/cachedb.c - cache from a database external to the program module 3 * 4 * Copyright (c) 2016, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains a module that uses an external database to cache 40 * dns responses. 41 */ 42 43 #include "config.h" 44 #ifdef USE_CACHEDB 45 #include "cachedb/cachedb.h" 46 #include "cachedb/redis.h" 47 #include "util/regional.h" 48 #include "util/net_help.h" 49 #include "util/config_file.h" 50 #include "util/data/dname.h" 51 #include "util/data/msgreply.h" 52 #include "util/data/msgencode.h" 53 #include "services/cache/dns.h" 54 #include "services/mesh.h" 55 #include "services/modstack.h" 56 #include "validator/val_neg.h" 57 #include "validator/val_secalgo.h" 58 #include "iterator/iter_utils.h" 59 #include "sldns/parseutil.h" 60 #include "sldns/wire2str.h" 61 #include "sldns/sbuffer.h" 62 63 /* header file for htobe64 */ 64 #ifdef HAVE_ENDIAN_H 65 # include <endian.h> 66 #endif 67 #ifdef HAVE_SYS_ENDIAN_H 68 # include <sys/endian.h> 69 #endif 70 71 #ifndef HAVE_HTOBE64 72 # ifdef HAVE_LIBKERN_OSBYTEORDER_H 73 /* In practice this is specific to MacOS X. We assume it doesn't have 74 * htobe64/be64toh but has alternatives with a different name. */ 75 # include <libkern/OSByteOrder.h> 76 # define htobe64(x) OSSwapHostToBigInt64(x) 77 # define be64toh(x) OSSwapBigToHostInt64(x) 78 # else 79 /* not OSX */ 80 /* Some compilers do not define __BYTE_ORDER__, like IBM XLC on AIX */ 81 # if __BIG_ENDIAN__ 82 # define be64toh(n) (n) 83 # define htobe64(n) (n) 84 # else 85 # define be64toh(n) (((uint64_t)htonl((n) & 0xFFFFFFFF) << 32) | htonl((n) >> 32)) 86 # define htobe64(n) (((uint64_t)htonl((n) & 0xFFFFFFFF) << 32) | htonl((n) >> 32)) 87 # endif /* _ENDIAN */ 88 # endif /* HAVE_LIBKERN_OSBYTEORDER_H */ 89 #endif /* HAVE_BE64TOH */ 90 91 /** the unit test testframe for cachedb, its module state contains 92 * a cache for a couple queries (in memory). */ 93 struct testframe_moddata { 94 /** lock for mutex */ 95 lock_basic_type lock; 96 /** key for single stored data element, NULL if none */ 97 char* stored_key; 98 /** data for single stored data element, NULL if none */ 99 uint8_t* stored_data; 100 /** length of stored data */ 101 size_t stored_datalen; 102 }; 103 104 static int 105 testframe_init(struct module_env* env, struct cachedb_env* cachedb_env) 106 { 107 struct testframe_moddata* d; 108 verbose(VERB_ALGO, "testframe_init"); 109 d = (struct testframe_moddata*)calloc(1, 110 sizeof(struct testframe_moddata)); 111 cachedb_env->backend_data = (void*)d; 112 if(!cachedb_env->backend_data) { 113 log_err("out of memory"); 114 return 0; 115 } 116 /* Register an EDNS option (65534) to bypass the worker cache lookup 117 * for testing */ 118 if(!edns_register_option(LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST, 119 1 /* bypass cache */, 120 0 /* no aggregation */, env)) { 121 log_err("testframe_init, could not register test opcode"); 122 free(d); 123 return 0; 124 } 125 lock_basic_init(&d->lock); 126 lock_protect(&d->lock, d, sizeof(*d)); 127 return 1; 128 } 129 130 static void 131 testframe_deinit(struct module_env* env, struct cachedb_env* cachedb_env) 132 { 133 struct testframe_moddata* d = (struct testframe_moddata*) 134 cachedb_env->backend_data; 135 (void)env; 136 verbose(VERB_ALGO, "testframe_deinit"); 137 if(!d) 138 return; 139 lock_basic_destroy(&d->lock); 140 free(d->stored_key); 141 free(d->stored_data); 142 free(d); 143 } 144 145 static int 146 testframe_lookup(struct module_env* env, struct cachedb_env* cachedb_env, 147 char* key, struct sldns_buffer* result_buffer) 148 { 149 struct testframe_moddata* d = (struct testframe_moddata*) 150 cachedb_env->backend_data; 151 (void)env; 152 verbose(VERB_ALGO, "testframe_lookup of %s", key); 153 lock_basic_lock(&d->lock); 154 if(d->stored_key && strcmp(d->stored_key, key) == 0) { 155 if(d->stored_datalen > sldns_buffer_capacity(result_buffer)) { 156 lock_basic_unlock(&d->lock); 157 return 0; /* too large */ 158 } 159 verbose(VERB_ALGO, "testframe_lookup found %d bytes", 160 (int)d->stored_datalen); 161 sldns_buffer_clear(result_buffer); 162 sldns_buffer_write(result_buffer, d->stored_data, 163 d->stored_datalen); 164 sldns_buffer_flip(result_buffer); 165 lock_basic_unlock(&d->lock); 166 return 1; 167 } 168 lock_basic_unlock(&d->lock); 169 return 0; 170 } 171 172 static void 173 testframe_store(struct module_env* env, struct cachedb_env* cachedb_env, 174 char* key, uint8_t* data, size_t data_len, time_t ATTR_UNUSED(ttl)) 175 { 176 struct testframe_moddata* d = (struct testframe_moddata*) 177 cachedb_env->backend_data; 178 (void)env; 179 lock_basic_lock(&d->lock); 180 verbose(VERB_ALGO, "testframe_store %s (%d bytes)", key, (int)data_len); 181 182 /* free old data element (if any) */ 183 free(d->stored_key); 184 d->stored_key = NULL; 185 free(d->stored_data); 186 d->stored_data = NULL; 187 d->stored_datalen = 0; 188 189 d->stored_data = memdup(data, data_len); 190 if(!d->stored_data) { 191 lock_basic_unlock(&d->lock); 192 log_err("out of memory"); 193 return; 194 } 195 d->stored_datalen = data_len; 196 d->stored_key = strdup(key); 197 if(!d->stored_key) { 198 free(d->stored_data); 199 d->stored_data = NULL; 200 d->stored_datalen = 0; 201 lock_basic_unlock(&d->lock); 202 return; 203 } 204 lock_basic_unlock(&d->lock); 205 /* (key,data) successfully stored */ 206 } 207 208 /** The testframe backend is for unit tests */ 209 static struct cachedb_backend testframe_backend = { "testframe", 210 testframe_init, testframe_deinit, testframe_lookup, testframe_store 211 }; 212 213 /** find a particular backend from possible backends */ 214 static struct cachedb_backend* 215 cachedb_find_backend(const char* str) 216 { 217 #ifdef USE_REDIS 218 if(strcmp(str, redis_backend.name) == 0) 219 return &redis_backend; 220 #endif 221 if(strcmp(str, testframe_backend.name) == 0) 222 return &testframe_backend; 223 /* TODO add more backends here */ 224 return NULL; 225 } 226 227 /** apply configuration to cachedb module 'global' state */ 228 static int 229 cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg) 230 { 231 const char* backend_str = cfg->cachedb_backend; 232 if(!backend_str || *backend_str==0) 233 return 1; 234 cachedb_env->backend = cachedb_find_backend(backend_str); 235 if(!cachedb_env->backend) { 236 log_err("cachedb: cannot find backend name '%s'", backend_str); 237 return 0; 238 } 239 240 /* TODO see if more configuration needs to be applied or not */ 241 return 1; 242 } 243 244 int 245 cachedb_init(struct module_env* env, int id) 246 { 247 struct cachedb_env* cachedb_env = (struct cachedb_env*)calloc(1, 248 sizeof(struct cachedb_env)); 249 if(!cachedb_env) { 250 log_err("malloc failure"); 251 return 0; 252 } 253 env->modinfo[id] = (void*)cachedb_env; 254 if(!cachedb_apply_cfg(cachedb_env, env->cfg)) { 255 log_err("cachedb: could not apply configuration settings."); 256 free(cachedb_env); 257 env->modinfo[id] = NULL; 258 return 0; 259 } 260 /* see if a backend is selected */ 261 if(!cachedb_env->backend || !cachedb_env->backend->name) 262 return 1; 263 if(!(*cachedb_env->backend->init)(env, cachedb_env)) { 264 log_err("cachedb: could not init %s backend", 265 cachedb_env->backend->name); 266 free(cachedb_env); 267 env->modinfo[id] = NULL; 268 return 0; 269 } 270 cachedb_env->enabled = 1; 271 return 1; 272 } 273 274 void 275 cachedb_deinit(struct module_env* env, int id) 276 { 277 struct cachedb_env* cachedb_env; 278 if(!env || !env->modinfo[id]) 279 return; 280 cachedb_env = (struct cachedb_env*)env->modinfo[id]; 281 if(cachedb_env->enabled) { 282 (*cachedb_env->backend->deinit)(env, cachedb_env); 283 } 284 free(cachedb_env); 285 env->modinfo[id] = NULL; 286 } 287 288 /** new query for cachedb */ 289 static int 290 cachedb_new(struct module_qstate* qstate, int id) 291 { 292 struct cachedb_qstate* iq = (struct cachedb_qstate*)regional_alloc( 293 qstate->region, sizeof(struct cachedb_qstate)); 294 qstate->minfo[id] = iq; 295 if(!iq) 296 return 0; 297 memset(iq, 0, sizeof(*iq)); 298 /* initialise it */ 299 /* TODO */ 300 301 return 1; 302 } 303 304 /** 305 * Return an error 306 * @param qstate: our query state 307 * @param id: module id 308 * @param rcode: error code (DNS errcode). 309 * @return: 0 for use by caller, to make notation easy, like: 310 * return error_response(..). 311 */ 312 static int 313 error_response(struct module_qstate* qstate, int id, int rcode) 314 { 315 verbose(VERB_QUERY, "return error response %s", 316 sldns_lookup_by_id(sldns_rcodes, rcode)? 317 sldns_lookup_by_id(sldns_rcodes, rcode)->name:"??"); 318 qstate->return_rcode = rcode; 319 qstate->return_msg = NULL; 320 qstate->ext_state[id] = module_finished; 321 return 0; 322 } 323 324 /** 325 * Hash the query name, type, class and dbacess-secret into lookup buffer. 326 * @param qinfo: query info 327 * @param env: with env->cfg with secret. 328 * @param buf: returned buffer with hash to lookup 329 * @param len: length of the buffer. 330 */ 331 static void 332 calc_hash(struct query_info* qinfo, struct module_env* env, char* buf, 333 size_t len) 334 { 335 uint8_t clear[1024]; 336 size_t clen = 0; 337 uint8_t hash[CACHEDB_HASHSIZE/8]; 338 const char* hex = "0123456789ABCDEF"; 339 const char* secret = env->cfg->cachedb_secret; 340 size_t i; 341 342 /* copy the hash info into the clear buffer */ 343 if(clen + qinfo->qname_len < sizeof(clear)) { 344 memmove(clear+clen, qinfo->qname, qinfo->qname_len); 345 query_dname_tolower(clear+clen); 346 clen += qinfo->qname_len; 347 } 348 if(clen + 4 < sizeof(clear)) { 349 uint16_t t = htons(qinfo->qtype); 350 uint16_t c = htons(qinfo->qclass); 351 memmove(clear+clen, &t, 2); 352 memmove(clear+clen+2, &c, 2); 353 clen += 4; 354 } 355 if(secret && secret[0] && clen + strlen(secret) < sizeof(clear)) { 356 memmove(clear+clen, secret, strlen(secret)); 357 clen += strlen(secret); 358 } 359 360 /* hash the buffer */ 361 secalgo_hash_sha256(clear, clen, hash); 362 #ifdef HAVE_EXPLICIT_BZERO 363 explicit_bzero(clear, clen); 364 #else 365 memset(clear, 0, clen); 366 #endif 367 368 /* hex encode output for portability (some online dbs need 369 * no nulls, no control characters, and so on) */ 370 log_assert(len >= sizeof(hash)*2 + 1); 371 (void)len; 372 for(i=0; i<sizeof(hash); i++) { 373 buf[i*2] = hex[(hash[i]&0xf0)>>4]; 374 buf[i*2+1] = hex[hash[i]&0x0f]; 375 } 376 buf[sizeof(hash)*2] = 0; 377 } 378 379 /** convert data from return_msg into the data buffer */ 380 static int 381 prep_data(struct module_qstate* qstate, struct sldns_buffer* buf) 382 { 383 uint64_t timestamp, expiry; 384 size_t oldlim; 385 struct edns_data edns; 386 memset(&edns, 0, sizeof(edns)); 387 edns.edns_present = 1; 388 edns.bits = EDNS_DO; 389 edns.ext_rcode = 0; 390 edns.edns_version = EDNS_ADVERTISED_VERSION; 391 edns.udp_size = EDNS_ADVERTISED_SIZE; 392 393 if(!qstate->return_msg || !qstate->return_msg->rep) 394 return 0; 395 /* do not store failures like SERVFAIL in the cachedb, this avoids 396 * overwriting expired, valid, content with broken content. */ 397 if(FLAGS_GET_RCODE(qstate->return_msg->rep->flags) != 398 LDNS_RCODE_NOERROR && 399 FLAGS_GET_RCODE(qstate->return_msg->rep->flags) != 400 LDNS_RCODE_NXDOMAIN && 401 FLAGS_GET_RCODE(qstate->return_msg->rep->flags) != 402 LDNS_RCODE_YXDOMAIN) 403 return 0; 404 /* We don't store the reply if its TTL is 0. This is probably coming 405 * from upstream and it is not meant to be stored. */ 406 if(qstate->return_msg->rep->ttl == 0) 407 return 0; 408 409 /* The EDE is added to the out-list so it is encoded in the cached message */ 410 if (qstate->env->cfg->ede && qstate->return_msg->rep->reason_bogus != LDNS_EDE_NONE) { 411 edns_opt_list_append_ede(&edns.opt_list_out, qstate->env->scratch, 412 qstate->return_msg->rep->reason_bogus, 413 qstate->return_msg->rep->reason_bogus_str); 414 } 415 416 if(verbosity >= VERB_ALGO) 417 log_dns_msg("cachedb encoding", &qstate->return_msg->qinfo, 418 qstate->return_msg->rep); 419 if(!reply_info_answer_encode(&qstate->return_msg->qinfo, 420 qstate->return_msg->rep, 0, qstate->query_flags, 421 buf, 0, 1, qstate->env->scratch, 65535, &edns, 1, 0)) 422 return 0; 423 424 /* TTLs in the return_msg are relative to time(0) so we have to 425 * store that, we also store the smallest ttl in the packet+time(0) 426 * as the packet expiry time */ 427 /* qstate->return_msg->rep->ttl contains that relative shortest ttl */ 428 timestamp = (uint64_t)*qstate->env->now; 429 expiry = timestamp + (uint64_t)qstate->return_msg->rep->ttl; 430 timestamp = htobe64(timestamp); 431 expiry = htobe64(expiry); 432 oldlim = sldns_buffer_limit(buf); 433 if(oldlim + sizeof(timestamp)+sizeof(expiry) >= 434 sldns_buffer_capacity(buf)) 435 return 0; /* doesn't fit. */ 436 sldns_buffer_set_limit(buf, oldlim + sizeof(timestamp)+sizeof(expiry)); 437 sldns_buffer_write_at(buf, oldlim, ×tamp, sizeof(timestamp)); 438 sldns_buffer_write_at(buf, oldlim+sizeof(timestamp), &expiry, 439 sizeof(expiry)); 440 441 return 1; 442 } 443 444 /** check expiry, return true if matches OK */ 445 static int 446 good_expiry_and_qinfo(struct module_qstate* qstate, struct sldns_buffer* buf) 447 { 448 uint64_t expiry; 449 /* the expiry time is the last bytes of the buffer */ 450 if(sldns_buffer_limit(buf) < sizeof(expiry)) 451 return 0; 452 sldns_buffer_read_at(buf, sldns_buffer_limit(buf)-sizeof(expiry), 453 &expiry, sizeof(expiry)); 454 expiry = be64toh(expiry); 455 456 /* Check if we are allowed to return expired entries: 457 * - serve_expired needs to be set 458 * - if SERVE_EXPIRED_TTL is set make sure that the record is not older 459 * than that. */ 460 if(TTL_IS_EXPIRED((time_t)expiry, *qstate->env->now) && 461 (!qstate->env->cfg->serve_expired || 462 (SERVE_EXPIRED_TTL && 463 *qstate->env->now - (time_t)expiry > SERVE_EXPIRED_TTL))) 464 return 0; 465 466 return 1; 467 } 468 469 /* Adjust the TTL of the given RRset by 'subtract'. If 'subtract' is 470 * negative, set the TTL to 0. */ 471 static void 472 packed_rrset_ttl_subtract(struct packed_rrset_data* data, time_t subtract, 473 time_t timestamp) 474 { 475 size_t i; 476 size_t total = data->count + data->rrsig_count; 477 if(subtract >= 0 && data->ttl > subtract) 478 data->ttl -= subtract; 479 else data->ttl = 0; 480 for(i=0; i<total; i++) { 481 if(subtract >= 0 && data->rr_ttl[i] > subtract) 482 data->rr_ttl[i] -= subtract; 483 else data->rr_ttl[i] = 0; 484 } 485 data->ttl_add = timestamp; 486 } 487 488 /* Adjust the TTL of a DNS message and its RRs by 'adjust'. If 'adjust' is 489 * negative, set the TTLs to 0. */ 490 static void 491 adjust_msg_ttl(struct dns_msg* msg, time_t adjust, time_t timestamp) 492 { 493 size_t i; 494 if(adjust >= 0 && msg->rep->ttl > adjust) 495 msg->rep->ttl -= adjust; 496 else 497 msg->rep->ttl = 0; 498 msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); 499 msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL; 500 501 for(i=0; i<msg->rep->rrset_count; i++) { 502 packed_rrset_ttl_subtract((struct packed_rrset_data*)msg-> 503 rep->rrsets[i]->entry.data, adjust, timestamp); 504 } 505 } 506 507 /* Set the TTL of the given RRset to fixed value. */ 508 static void 509 packed_rrset_ttl_set(struct packed_rrset_data* data, time_t ttl, time_t timestamp) 510 { 511 size_t i; 512 size_t total = data->count + data->rrsig_count; 513 data->ttl = ttl; 514 for(i=0; i<total; i++) { 515 data->rr_ttl[i] = ttl; 516 } 517 data->ttl_add = timestamp; 518 } 519 520 /* Set the TTL of a DNS message and its RRs by to a fixed value. */ 521 static void 522 set_msg_ttl(struct dns_msg* msg, time_t ttl, time_t timestamp) 523 { 524 size_t i; 525 msg->rep->ttl = ttl; 526 msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); 527 msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL; 528 529 for(i=0; i<msg->rep->rrset_count; i++) { 530 packed_rrset_ttl_set((struct packed_rrset_data*)msg-> 531 rep->rrsets[i]->entry.data, ttl, timestamp); 532 } 533 } 534 535 /** convert dns message in buffer to return_msg */ 536 static int 537 parse_data(struct module_qstate* qstate, struct sldns_buffer* buf, 538 int* msg_expired, time_t* msg_timestamp, time_t* msg_expiry) 539 { 540 struct msg_parse* prs; 541 struct edns_data edns; 542 struct edns_option* ede; 543 uint64_t timestamp, expiry; 544 time_t adjust; 545 size_t lim = sldns_buffer_limit(buf); 546 if(lim < LDNS_HEADER_SIZE+sizeof(timestamp)+sizeof(expiry)) 547 return 0; /* too short */ 548 549 /* remove timestamp and expiry from end */ 550 sldns_buffer_read_at(buf, lim-sizeof(expiry), &expiry, sizeof(expiry)); 551 sldns_buffer_read_at(buf, lim-sizeof(expiry)-sizeof(timestamp), 552 ×tamp, sizeof(timestamp)); 553 expiry = be64toh(expiry); 554 timestamp = be64toh(timestamp); 555 log_assert(timestamp <= expiry); 556 *msg_expiry = (time_t)expiry; 557 *msg_timestamp = (time_t)timestamp; 558 559 /* parse DNS packet */ 560 regional_free_all(qstate->env->scratch); 561 prs = (struct msg_parse*)regional_alloc(qstate->env->scratch, 562 sizeof(struct msg_parse)); 563 if(!prs) 564 return 0; /* out of memory */ 565 memset(prs, 0, sizeof(*prs)); 566 memset(&edns, 0, sizeof(edns)); 567 sldns_buffer_set_limit(buf, lim - sizeof(expiry)-sizeof(timestamp)); 568 if(parse_packet(buf, prs, qstate->env->scratch) != LDNS_RCODE_NOERROR) { 569 sldns_buffer_set_limit(buf, lim); 570 return 0; 571 } 572 if(parse_extract_edns_from_response_msg(prs, &edns, qstate->env->scratch) != 573 LDNS_RCODE_NOERROR) { 574 sldns_buffer_set_limit(buf, lim); 575 return 0; 576 } 577 578 qstate->return_msg = dns_alloc_msg(buf, prs, qstate->region); 579 sldns_buffer_set_limit(buf, lim); 580 if(!qstate->return_msg) 581 return 0; 582 583 /* We find the EDE in the in-list after parsing */ 584 if(qstate->env->cfg->ede && 585 (ede = edns_opt_list_find(edns.opt_list_in, LDNS_EDNS_EDE))) { 586 if(ede->opt_len >= 2) { 587 qstate->return_msg->rep->reason_bogus = 588 sldns_read_uint16(ede->opt_data); 589 } 590 /* allocate space and store the error string and it's size */ 591 if(ede->opt_len > 2) { 592 size_t ede_len = ede->opt_len - 2; 593 qstate->return_msg->rep->reason_bogus_str = regional_alloc( 594 qstate->region, sizeof(char) * (ede_len+1)); 595 memcpy(qstate->return_msg->rep->reason_bogus_str, 596 ede->opt_data+2, ede_len); 597 qstate->return_msg->rep->reason_bogus_str[ede_len] = 0; 598 } 599 } 600 601 qstate->return_rcode = LDNS_RCODE_NOERROR; 602 603 /* see how much of the TTL expired, and remove it */ 604 if(*qstate->env->now <= (time_t)timestamp) { 605 verbose(VERB_ALGO, "cachedb msg adjust by zero"); 606 return 1; /* message from the future (clock skew?) */ 607 } 608 adjust = *qstate->env->now - (time_t)timestamp; 609 if(TTL_IS_EXPIRED((time_t)expiry, *qstate->env->now)) { 610 verbose(VERB_ALGO, "cachedb msg expired"); 611 *msg_expired = 1; 612 if(!qstate->env->cfg->serve_expired || 613 (FLAGS_GET_RCODE(qstate->return_msg->rep->flags) 614 != LDNS_RCODE_NOERROR && 615 FLAGS_GET_RCODE(qstate->return_msg->rep->flags) 616 != LDNS_RCODE_NXDOMAIN && 617 FLAGS_GET_RCODE(qstate->return_msg->rep->flags) 618 != LDNS_RCODE_YXDOMAIN)) 619 return 0; /* message expired */ 620 /* If serve-expired is enabled, we still use an expired message. 621 * Set the TTL to 0 now and it will be handled specially later 622 * when we need to store it internally. */ 623 adjust = -1; 624 } 625 adjust_msg_ttl(qstate->return_msg, adjust, timestamp); 626 verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust); 627 if(qstate->env->cfg->aggressive_nsec) { 628 limit_nsec_ttl(qstate->return_msg); 629 } 630 631 /* Similar to the unbound worker, if serve-expired is enabled and 632 * the msg would be considered to be expired, mark the state so a 633 * refetch will be scheduled. */ 634 if(*msg_expired && !qstate->env->cfg->serve_expired_client_timeout) { 635 qstate->need_refetch = 1; 636 } 637 638 return 1; 639 } 640 641 /** 642 * Lookup the qstate.qinfo in extcache, store in qstate.return_msg. 643 * return true if lookup was successful. 644 */ 645 static int 646 cachedb_extcache_lookup(struct module_qstate* qstate, struct cachedb_env* ie, 647 int* msg_expired, time_t* msg_timestamp, time_t* msg_expiry) 648 { 649 char key[(CACHEDB_HASHSIZE/8)*2+1]; 650 calc_hash(&qstate->qinfo, qstate->env, key, sizeof(key)); 651 652 /* call backend to fetch data for key into scratch buffer */ 653 if( !(*ie->backend->lookup)(qstate->env, ie, key, 654 qstate->env->scratch_buffer)) { 655 return 0; 656 } 657 658 /* check expiry date and check if query-data matches */ 659 if( !good_expiry_and_qinfo(qstate, qstate->env->scratch_buffer) ) { 660 return 0; 661 } 662 663 /* parse dns message into return_msg */ 664 if( !parse_data(qstate, qstate->env->scratch_buffer, msg_expired, 665 msg_timestamp, msg_expiry) ) { 666 return 0; 667 } 668 return 1; 669 } 670 671 /** 672 * Store the qstate.return_msg in extcache for key qstate.info 673 */ 674 static void 675 cachedb_extcache_store(struct module_qstate* qstate, struct cachedb_env* ie) 676 { 677 char key[(CACHEDB_HASHSIZE/8)*2+1]; 678 calc_hash(&qstate->qinfo, qstate->env, key, sizeof(key)); 679 680 /* prepare data in scratch buffer */ 681 if(!prep_data(qstate, qstate->env->scratch_buffer)) 682 return; 683 684 /* call backend */ 685 (*ie->backend->store)(qstate->env, ie, key, 686 sldns_buffer_begin(qstate->env->scratch_buffer), 687 sldns_buffer_limit(qstate->env->scratch_buffer), 688 qstate->return_msg->rep->ttl); 689 } 690 691 /** 692 * See if unbound's internal cache can answer the query 693 */ 694 static int 695 cachedb_intcache_lookup(struct module_qstate* qstate, struct cachedb_env* cde) 696 { 697 uint8_t dpname_storage[LDNS_MAX_DOMAINLEN+1]; 698 uint8_t* dpname=NULL; 699 size_t dpnamelen=0; 700 struct dns_msg* msg; 701 /* for testframe bypass this lookup */ 702 if(cde->backend == &testframe_backend) { 703 return 0; 704 } 705 if(iter_stub_fwd_no_cache(qstate, &qstate->qinfo, 706 &dpname, &dpnamelen, dpname_storage, sizeof(dpname_storage))) 707 return 0; /* no cache for these queries */ 708 msg = dns_cache_lookup(qstate->env, qstate->qinfo.qname, 709 qstate->qinfo.qname_len, qstate->qinfo.qtype, 710 qstate->qinfo.qclass, qstate->query_flags, 711 qstate->region, qstate->env->scratch, 712 1, /* no partial messages with only a CNAME */ 713 dpname, dpnamelen 714 ); 715 if(!msg && qstate->env->neg_cache && 716 iter_qname_indicates_dnssec(qstate->env, &qstate->qinfo)) { 717 /* lookup in negative cache; may result in 718 * NOERROR/NODATA or NXDOMAIN answers that need validation */ 719 msg = val_neg_getmsg(qstate->env->neg_cache, &qstate->qinfo, 720 qstate->region, qstate->env->rrset_cache, 721 qstate->env->scratch_buffer, 722 *qstate->env->now, 1/*add SOA*/, NULL, 723 qstate->env->cfg); 724 } 725 if(!msg) 726 return 0; 727 /* this is the returned msg */ 728 qstate->return_rcode = LDNS_RCODE_NOERROR; 729 qstate->return_msg = msg; 730 return 1; 731 } 732 733 /** 734 * Store query into the internal cache of unbound. 735 */ 736 static void 737 cachedb_intcache_store(struct module_qstate* qstate, int msg_expired, 738 time_t msg_timestamp, time_t msg_expiry) 739 { 740 uint32_t store_flags = qstate->query_flags; 741 int serve_expired = qstate->env->cfg->serve_expired; 742 if(!qstate->return_msg) 743 return; 744 if(serve_expired && msg_expired) { 745 time_t original_ttl = msg_expiry - msg_timestamp; 746 store_flags |= DNSCACHE_STORE_EXPIRED_MSG_CACHEDB; 747 /* Pass the original TTL of the expired message and signal with 748 * the DNSCACHE_STORE_EXPIRED_MSG_CACHEDB flag that 749 * dns_cache_store_msg() needs to set absolute expired TTLs 750 * based on the original message TTL. 751 * Results as expired message in the cache */ 752 set_msg_ttl(qstate->return_msg, original_ttl, 0); 753 verbose(VERB_ALGO, "cachedb expired msg set to be expired now " 754 "(original ttl: %d)", (int)original_ttl); 755 /* The expired entry does not get checked by the validator 756 * and we need a validation value for it. */ 757 /* By setting this to unchecked, bogus data is not returned 758 * as non-bogus. */ 759 if(qstate->env->cfg->cachedb_check_when_serve_expired) 760 qstate->return_msg->rep->security = sec_status_unchecked; 761 } 762 (void)dns_cache_store(qstate->env, &qstate->qinfo, 763 qstate->return_msg->rep, 0, qstate->prefetch_leeway, 0, 764 qstate->region, store_flags, qstate->qstarttime, 765 qstate->is_valrec); 766 if(serve_expired && msg_expired) { 767 if(qstate->env->cfg->serve_expired_client_timeout) { 768 /* No expired response from the query state, the 769 * query resolution needs to continue and it can 770 * pick up the expired result after the timer out 771 * of cache. */ 772 return; 773 } 774 /* Send serve expired responses based on the cachedb 775 * returned message, that was just stored in the cache. 776 * It can then continue to work on this query. */ 777 mesh_respond_serve_expired(qstate->mesh_info); 778 /* set TTLs as expired for this return_msg in case it is used 779 * later on */ 780 set_msg_ttl(qstate->return_msg, 781 EXPIRED_REPLY_TTL_CALC(msg_expiry, msg_timestamp), 0); 782 } 783 } 784 785 /** 786 * Handle a cachedb module event with a query 787 * @param qstate: query state (from the mesh), passed between modules. 788 * contains qstate->env module environment with global caches and so on. 789 * @param iq: query state specific for this module. per-query. 790 * @param ie: environment specific for this module. global. 791 * @param id: module id. 792 */ 793 static void 794 cachedb_handle_query(struct module_qstate* qstate, 795 struct cachedb_qstate* ATTR_UNUSED(iq), 796 struct cachedb_env* ie, int id) 797 { 798 int msg_expired = 0; 799 time_t msg_timestamp, msg_expiry; 800 qstate->is_cachedb_answer = 0; 801 /* check if we are enabled, and skip if so */ 802 if(!ie->enabled) { 803 /* pass request to next module */ 804 qstate->ext_state[id] = module_wait_module; 805 return; 806 } 807 808 if(qstate->blacklist || qstate->no_cache_lookup 809 || iter_stub_fwd_no_cache(qstate, &qstate->qinfo, NULL, NULL, 810 NULL, 0)) { 811 /* cache is blacklisted or we are instructed from edns to not 812 * look or a forwarder/stub forbids it */ 813 /* pass request to next module */ 814 qstate->ext_state[id] = module_wait_module; 815 return; 816 } 817 818 /* lookup inside unbound's internal cache. 819 * This does not look for expired entries. */ 820 if(cachedb_intcache_lookup(qstate, ie)) { 821 if(verbosity >= VERB_ALGO) { 822 if(qstate->return_msg->rep) 823 log_dns_msg("cachedb internal cache lookup", 824 &qstate->return_msg->qinfo, 825 qstate->return_msg->rep); 826 else log_info("cachedb internal cache lookup: rcode %s", 827 sldns_lookup_by_id(sldns_rcodes, qstate->return_rcode) 828 ?sldns_lookup_by_id(sldns_rcodes, qstate->return_rcode)->name 829 :"??"); 830 } 831 /* we are done with the query */ 832 qstate->ext_state[id] = module_finished; 833 return; 834 } 835 836 /* ask backend cache to see if we have data */ 837 if(cachedb_extcache_lookup(qstate, ie, &msg_expired, &msg_timestamp, 838 &msg_expiry)) { 839 if(verbosity >= VERB_ALGO) 840 log_dns_msg(ie->backend->name, 841 &qstate->return_msg->qinfo, 842 qstate->return_msg->rep); 843 /* store this result in internal cache */ 844 cachedb_intcache_store(qstate, 845 msg_expired, msg_timestamp, msg_expiry); 846 /* In case we have expired data but there is a client timer for expired 847 * answers, pass execution to next module in order to try updating the 848 * data first. 849 */ 850 if(qstate->env->cfg->serve_expired && msg_expired) { 851 qstate->return_msg = NULL; 852 qstate->ext_state[id] = module_wait_module; 853 /* The expired reply is sent with 854 * mesh_respond_serve_expired, and so 855 * the need_refetch is not used. */ 856 qstate->need_refetch = 0; 857 return; 858 } 859 if(qstate->need_refetch && qstate->serve_expired_data && 860 qstate->serve_expired_data->timer) { 861 qstate->return_msg = NULL; 862 qstate->ext_state[id] = module_wait_module; 863 return; 864 } 865 /* No 0TTL answers escaping from external cache. */ 866 log_assert(qstate->return_msg->rep->ttl > 0); 867 qstate->is_cachedb_answer = 1; 868 /* we are done with the query */ 869 qstate->ext_state[id] = module_finished; 870 return; 871 } 872 873 if(qstate->serve_expired_data && 874 qstate->env->cfg->cachedb_check_when_serve_expired && 875 !qstate->env->cfg->serve_expired_client_timeout) { 876 /* Reply with expired data if any to client, because cachedb 877 * also has no useful, current data */ 878 mesh_respond_serve_expired(qstate->mesh_info); 879 } 880 881 /* no cache fetches */ 882 /* pass request to next module */ 883 qstate->ext_state[id] = module_wait_module; 884 } 885 886 /** 887 * Handle a cachedb module event with a response from the iterator. 888 * @param qstate: query state (from the mesh), passed between modules. 889 * contains qstate->env module environment with global caches and so on. 890 * @param iq: query state specific for this module. per-query. 891 * @param ie: environment specific for this module. global. 892 * @param id: module id. 893 */ 894 static void 895 cachedb_handle_response(struct module_qstate* qstate, 896 struct cachedb_qstate* ATTR_UNUSED(iq), struct cachedb_env* ie, int id) 897 { 898 qstate->is_cachedb_answer = 0; 899 /* check if we are not enabled or instructed to not cache, and skip */ 900 if(!ie->enabled || qstate->no_cache_store 901 || iter_stub_fwd_no_cache(qstate, &qstate->qinfo, NULL, NULL, 902 NULL, 0)) { 903 /* we are done with the query */ 904 qstate->ext_state[id] = module_finished; 905 return; 906 } 907 if(qstate->env->cfg->cachedb_no_store) { 908 /* do not store the item in the external cache */ 909 qstate->ext_state[id] = module_finished; 910 return; 911 } 912 913 /* store the item into the backend cache */ 914 cachedb_extcache_store(qstate, ie); 915 916 /* we are done with the query */ 917 qstate->ext_state[id] = module_finished; 918 } 919 920 void 921 cachedb_operate(struct module_qstate* qstate, enum module_ev event, int id, 922 struct outbound_entry* outbound) 923 { 924 struct cachedb_env* ie = (struct cachedb_env*)qstate->env->modinfo[id]; 925 struct cachedb_qstate* iq = (struct cachedb_qstate*)qstate->minfo[id]; 926 verbose(VERB_QUERY, "cachedb[module %d] operate: extstate:%s event:%s", 927 id, strextstate(qstate->ext_state[id]), strmodulevent(event)); 928 if(iq) log_query_info(VERB_QUERY, "cachedb operate: query", 929 &qstate->qinfo); 930 931 /* perform cachedb state machine */ 932 if((event == module_event_new || event == module_event_pass) && 933 iq == NULL) { 934 if(!cachedb_new(qstate, id)) { 935 (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); 936 return; 937 } 938 iq = (struct cachedb_qstate*)qstate->minfo[id]; 939 } 940 if(iq && (event == module_event_pass || event == module_event_new)) { 941 cachedb_handle_query(qstate, iq, ie, id); 942 return; 943 } 944 if(iq && (event == module_event_moddone)) { 945 cachedb_handle_response(qstate, iq, ie, id); 946 return; 947 } 948 if(iq && outbound) { 949 /* cachedb does not need to process responses at this time 950 * ignore it. 951 cachedb_process_response(qstate, iq, ie, id, outbound, event); 952 */ 953 return; 954 } 955 if(event == module_event_error) { 956 verbose(VERB_ALGO, "got called with event error, giving up"); 957 (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); 958 return; 959 } 960 if(!iq && (event == module_event_moddone)) { 961 /* during priming, module done but we never started */ 962 qstate->ext_state[id] = module_finished; 963 return; 964 } 965 966 log_err("bad event for cachedb"); 967 (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); 968 } 969 970 void 971 cachedb_inform_super(struct module_qstate* ATTR_UNUSED(qstate), 972 int ATTR_UNUSED(id), struct module_qstate* ATTR_UNUSED(super)) 973 { 974 /* cachedb does not use subordinate requests at this time */ 975 verbose(VERB_ALGO, "cachedb inform_super was called"); 976 } 977 978 void 979 cachedb_clear(struct module_qstate* qstate, int id) 980 { 981 struct cachedb_qstate* iq; 982 if(!qstate) 983 return; 984 iq = (struct cachedb_qstate*)qstate->minfo[id]; 985 if(iq) { 986 /* free contents of iq */ 987 /* TODO */ 988 } 989 qstate->minfo[id] = NULL; 990 } 991 992 size_t 993 cachedb_get_mem(struct module_env* env, int id) 994 { 995 struct cachedb_env* ie = (struct cachedb_env*)env->modinfo[id]; 996 if(!ie) 997 return 0; 998 return sizeof(*ie); /* TODO - more mem */ 999 } 1000 1001 /** 1002 * The cachedb function block 1003 */ 1004 static struct module_func_block cachedb_block = { 1005 "cachedb", 1006 NULL, NULL, &cachedb_init, &cachedb_deinit, &cachedb_operate, 1007 &cachedb_inform_super, &cachedb_clear, &cachedb_get_mem 1008 }; 1009 1010 struct module_func_block* 1011 cachedb_get_funcblock(void) 1012 { 1013 return &cachedb_block; 1014 } 1015 1016 int 1017 cachedb_is_enabled(struct module_stack* mods, struct module_env* env) 1018 { 1019 struct cachedb_env* ie; 1020 int id = modstack_find(mods, "cachedb"); 1021 if(id == -1) 1022 return 0; 1023 ie = (struct cachedb_env*)env->modinfo[id]; 1024 if(ie && ie->enabled) 1025 return 1; 1026 return 0; 1027 } 1028 1029 void cachedb_msg_remove(struct module_qstate* qstate) 1030 { 1031 cachedb_msg_remove_qinfo(qstate->env, &qstate->qinfo); 1032 } 1033 1034 void cachedb_msg_remove_qinfo(struct module_env* env, struct query_info* qinfo) 1035 { 1036 char key[(CACHEDB_HASHSIZE/8)*2+1]; 1037 int id = modstack_find(env->modstack, "cachedb"); 1038 struct cachedb_env* ie = (struct cachedb_env*)env->modinfo[id]; 1039 1040 log_query_info(VERB_ALGO, "cachedb msg remove", qinfo); 1041 calc_hash(qinfo, env, key, sizeof(key)); 1042 sldns_buffer_clear(env->scratch_buffer); 1043 sldns_buffer_write_u32(env->scratch_buffer, 0); 1044 sldns_buffer_flip(env->scratch_buffer); 1045 1046 /* call backend */ 1047 (*ie->backend->store)(env, ie, key, 1048 sldns_buffer_begin(env->scratch_buffer), 1049 sldns_buffer_limit(env->scratch_buffer), 1050 0); 1051 } 1052 #endif /* USE_CACHEDB */ 1053
Indexes created Fri Jun 19 00:25:02 UTC 2026