1 /* 2 * nsd.h -- nsd(8) definitions and prototypes 3 * 4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 * 8 */ 9 10 #ifndef NSD_H 11 #define NSD_H 12 13 #include <signal.h> 14 #include <net/if.h> 15 #ifndef IFNAMSIZ 16 # ifdef IF_NAMESIZE 17 # define IFNAMSIZ IF_NAMESIZE 18 # else 19 # define IFNAMSIZ 16 20 # endif 21 #endif 22 #ifdef HAVE_OPENSSL_SSL_H 23 #include <openssl/ssl.h> 24 #endif 25 26 #include "dns.h" 27 #include "edns.h" 28 #include "bitset.h" 29 #ifdef USE_XDP 30 #include "xdp-server.h" 31 #endif 32 struct netio_handler; 33 struct nsd_options; 34 struct udb_base; 35 struct daemon_remote; 36 #ifdef USE_METRICS 37 struct daemon_metrics; 38 #endif /* USE_METRICS */ 39 #ifdef USE_DNSTAP 40 struct dt_collector; 41 #endif 42 43 /* The NSD runtime states and NSD ipc command values */ 44 #define NSD_RUN 0 45 #define NSD_RELOAD 1 46 #define NSD_SHUTDOWN 2 47 #define NSD_STATS 3 48 #define NSD_REAP_CHILDREN 4 49 #define NSD_QUIT 5 50 /* 51 * RELOAD_REQ is sent when parent receives a SIGHUP and tells 52 * xfrd that it wants to initiate a reload (and thus task swap). 53 */ 54 #define NSD_RELOAD_REQ 7 55 /* 56 * RELOAD_DONE is sent at the end of a reload pass. 57 * xfrd then knows that reload phase is over. 58 */ 59 #define NSD_RELOAD_DONE 8 60 /* 61 * QUIT_SYNC is sent to signify a synchronisation of ipc 62 * channel content during reload 63 */ 64 #define NSD_QUIT_SYNC 9 65 /* 66 * QUIT_CHILD is sent at exit, to make sure the child has exited so that 67 * port53 is free when all of nsd's processes have exited at shutdown time 68 */ 69 #define NSD_QUIT_CHILD 11 70 /* 71 * This is the exit code of a nsd "new master" child process to indicate to 72 * the master process that some zones failed verification and that it should 73 * reload again, reprocessing the difffiles. The master process will resend 74 * the command to xfrd so it will not reload from xfrd yet. 75 */ 76 #define NSD_RELOAD_FAILED 14 77 78 #define NSD_SERVER_MAIN 0x0U 79 #define NSD_SERVER_UDP 0x1U 80 #define NSD_SERVER_TCP 0x2U 81 #define NSD_SERVER_BOTH (NSD_SERVER_UDP | NSD_SERVER_TCP) 82 83 #ifdef INET6 84 #define DEFAULT_AI_FAMILY AF_UNSPEC 85 #else 86 #define DEFAULT_AI_FAMILY AF_INET 87 #endif 88 89 #ifdef BIND8_STATS 90 /* Counter for statistics */ 91 typedef unsigned long stc_type; 92 93 #define LASTELEM(arr) (sizeof(arr) / sizeof(arr[0]) - 1) 94 95 #define STATUP(nsd, stc) nsd->st->stc++ 96 /* #define STATUP2(nsd, stc, i) ((i) <= (LASTELEM(nsd->st->stc) - 1)) ? nsd->st->stc[(i)]++ : \ 97 nsd->st.stc[LASTELEM(nsd->st->stc)]++ */ 98 99 #define STATUP2(nsd, stc, i) nsd->st->stc[(i) <= (LASTELEM(nsd->st->stc) - 1) ? i : LASTELEM(nsd->st->stc)]++ 100 #else /* BIND8_STATS */ 101 102 #define STATUP(nsd, stc) /* Nothing */ 103 #define STATUP2(nsd, stc, i) /* Nothing */ 104 105 #endif /* BIND8_STATS */ 106 107 #ifdef USE_ZONE_STATS 108 /* increment zone statistic, checks if zone-nonNULL and zone array bounds */ 109 #define ZTATUP(nsd, zone, stc) ( \ 110 (zone && zone->zonestatid < nsd->zonestatsizenow) ? \ 111 nsd->zonestatnow[zone->zonestatid].stc++ \ 112 : 0) 113 #define ZTATUP2(nsd, zone, stc, i) ( \ 114 (zone && zone->zonestatid < nsd->zonestatsizenow) ? \ 115 (nsd->zonestatnow[zone->zonestatid].stc[(i) <= (LASTELEM(nsd->zonestatnow[zone->zonestatid].stc) - 1) ? i : LASTELEM(nsd->zonestatnow[zone->zonestatid].stc)]++ ) \ 116 : 0) 117 #else /* USE_ZONE_STATS */ 118 #define ZTATUP(nsd, zone, stc) /* Nothing */ 119 #define ZTATUP2(nsd, zone, stc, i) /* Nothing */ 120 #endif /* USE_ZONE_STATS */ 121 122 #ifdef BIND8_STATS 123 /* Data structure to keep track of statistics */ 124 struct nsdst { 125 time_t boot; 126 stc_type reloadcount; /* counts reloads */ 127 stc_type qtype[257]; /* Counters per qtype */ 128 stc_type qclass[4]; /* Class IN or Class CH or other */ 129 stc_type qudp, qudp6; /* Number of queries udp and udp6 */ 130 stc_type ctcp, ctcp6; /* Number of tcp and tcp6 connections */ 131 stc_type ctls, ctls6; /* Number of tls and tls6 connections */ 132 stc_type rcode[17], opcode[6]; /* Rcodes & opcodes */ 133 /* Dropped, truncated, queries for nonconfigured zone, tx errors */ 134 stc_type dropped, truncated, wrongzone, txerr, rxerr; 135 stc_type edns, ednserr, raxfr, nona, rixfr; 136 uint64_t db_disk, db_mem; 137 }; 138 #endif /* BIND8_STATS */ 139 140 #define NSD_SOCKET_IS_OPTIONAL (1<<0) 141 #define NSD_BIND_DEVICE (1<<1) 142 143 struct nsd_addrinfo 144 { 145 int ai_flags; 146 int ai_family; 147 int ai_socktype; 148 socklen_t ai_addrlen; 149 struct sockaddr_storage ai_addr; 150 }; 151 152 struct nsd_socket 153 { 154 struct nsd_addrinfo addr; 155 int s; 156 int flags; 157 struct nsd_bitset *servers; 158 char device[IFNAMSIZ]; 159 int fib; 160 }; 161 162 struct nsd_child 163 { 164 #ifdef HAVE_CPUSET_T 165 /* Processor(s) that child process must run on (if applicable). */ 166 cpuset_t *cpuset; 167 #endif 168 169 /* The type of child process (UDP or TCP handler). */ 170 int kind; 171 172 /* The child's process id. */ 173 pid_t pid; 174 175 /* child number in child array */ 176 int child_num; 177 178 /* 179 * Socket used by the parent process to send commands and 180 * receive responses to/from this child process. 181 */ 182 int child_fd; 183 184 /* 185 * Socket used by the child process to receive commands and 186 * send responses from/to the parent process. 187 */ 188 int parent_fd; 189 190 /* 191 * IPC info, buffered for nonblocking writes to the child 192 */ 193 uint8_t need_to_send_STATS, need_to_send_QUIT; 194 uint8_t need_to_exit, has_exited; 195 196 /* 197 * The handler for handling the commands from the child. 198 */ 199 struct netio_handler* handler; 200 201 #ifdef BIND8_STATS 202 stc_type query_count; 203 #endif 204 }; 205 206 #define NSD_COOKIE_HISTORY_SIZE 2 207 #define NSD_COOKIE_SECRET_SIZE 16 208 209 struct cookie_secret { 210 /** cookie secret */ 211 uint8_t cookie_secret[NSD_COOKIE_SECRET_SIZE]; 212 }; 213 typedef struct cookie_secret cookie_secret_type; 214 typedef cookie_secret_type cookie_secrets_type[NSD_COOKIE_HISTORY_SIZE]; 215 216 enum cookie_secrets_source { 217 COOKIE_SECRETS_NONE = 0, 218 COOKIE_SECRETS_GENERATED = 1, 219 COOKIE_SECRETS_FROM_FILE = 2, 220 COOKIE_SECRETS_FROM_CONFIG = 3 221 }; 222 typedef enum cookie_secrets_source cookie_secrets_source_type; 223 224 /* NSD configuration and run-time variables */ 225 typedef struct nsd nsd_type; 226 struct nsd 227 { 228 /* 229 * Global region that is not deallocated until NSD shuts down. 230 */ 231 region_type *region; 232 233 /* Run-time variables */ 234 pid_t pid; 235 volatile sig_atomic_t mode; 236 volatile sig_atomic_t signal_hint_reload_hup; 237 volatile sig_atomic_t signal_hint_reload; 238 volatile sig_atomic_t signal_hint_child; 239 volatile sig_atomic_t signal_hint_quit; 240 volatile sig_atomic_t signal_hint_shutdown; 241 volatile sig_atomic_t signal_hint_stats; 242 volatile sig_atomic_t signal_hint_statsusr; 243 volatile sig_atomic_t quit_sync_done; 244 unsigned server_kind; 245 struct namedb *db; 246 int debug; 247 248 size_t child_count; 249 struct nsd_child *children; 250 int restart_children; 251 int reload_failed; 252 253 /* NULL if this is the parent process. */ 254 struct nsd_child *this_child; 255 256 /* mmaps with data exchange from xfrd and reload */ 257 struct udb_base* task[2]; 258 int mytask; 259 /* the base used by this (child)process */ 260 struct event_base* event_base; 261 /* the server_region used by this (child)process */ 262 region_type* server_region; 263 struct netio_handler* xfrd_listener; 264 struct daemon_remote* rc; 265 #ifdef USE_METRICS 266 struct daemon_metrics* metrics; 267 #endif /* USE_METRICS */ 268 269 /* Configuration */ 270 const char *pidfile; 271 const char *log_filename; 272 const char *username; 273 uid_t uid; 274 gid_t gid; 275 const char *chrootdir; 276 const char *version; 277 const char *identity; 278 uint16_t nsid_len; 279 unsigned char *nsid; 280 uint8_t file_rotation_ok; 281 282 #ifdef HAVE_CPUSET_T 283 int use_cpu_affinity; 284 cpuset_t* cpuset; 285 cpuset_t* xfrd_cpuset; 286 #endif 287 288 /* number of interfaces */ 289 size_t ifs; 290 /* non0 if so_reuseport is in use, if so, tcp, udp array increased */ 291 int reuseport; 292 293 /* TCP specific configuration (array size ifs) */ 294 struct nsd_socket* tcp; 295 296 /* UDP specific configuration (array size ifs) */ 297 struct nsd_socket* udp; 298 299 /* Interfaces used for zone verification */ 300 size_t verify_ifs; 301 struct nsd_socket *verify_tcp; 302 struct nsd_socket *verify_udp; 303 304 struct zone *next_zone_to_verify; 305 size_t verifier_count; /* Number of active verifiers */ 306 size_t verifier_limit; /* Maximum number of active verifiers */ 307 int verifier_pipe[2]; /* Pipe to trigger verifier exit handler */ 308 struct verifier *verifiers; 309 310 #ifdef USE_XDP 311 struct { 312 /* only one interface for now */ 313 struct xdp_server xdp_server; 314 } xdp; 315 #endif 316 317 edns_data_type edns_ipv4; 318 #if defined(INET6) 319 edns_data_type edns_ipv6; 320 #endif 321 322 int maximum_tcp_count; 323 int current_tcp_count; 324 int tcp_query_count; 325 int tcp_timeout; 326 int tcp_mss; 327 int outgoing_tcp_mss; 328 size_t ipv4_edns_size; 329 size_t ipv6_edns_size; 330 331 #ifdef BIND8_STATS 332 /* statistics for this server */ 333 struct nsdst* st; 334 /* Produce statistics dump every st_period seconds */ 335 int st_period; 336 /* per zone stats, each an array per zone-stat-idx, stats per zone is 337 * add of [0][zoneidx] and [1][zoneidx]. */ 338 struct nsdst* zonestat[2]; 339 /* fd for zonestat mapping (otherwise mmaps cannot be shared between 340 * processes and resized) */ 341 int zonestatfd[2]; 342 /* filenames */ 343 char* zonestatfname[2]; 344 /* size of the mmapped zone stat array (number of array entries) */ 345 size_t zonestatsize[2], zonestatdesired, zonestatsizenow; 346 /* current zonestat array to use */ 347 struct nsdst* zonestatnow; 348 /* filenames for stat file mappings */ 349 char* statfname; 350 /* fd for stat mapping (otherwise mmaps cannot be shared between 351 * processes and resized) */ 352 int statfd; 353 /* statistics array, of size child_count*2, twice for old and new 354 * server processes. */ 355 struct nsdst* stat_map; 356 /* statistics array of size child_count, twice */ 357 struct nsdst* stats_per_child[2]; 358 /* current stats_per_child array that is in use for the child set */ 359 int stat_current; 360 /* start value for per process statistics printout, to clear it */ 361 struct nsdst stat_proc; 362 #endif /* BIND8_STATS */ 363 #ifdef USE_DNSTAP 364 /* the dnstap collector process info */ 365 struct dt_collector* dt_collector; 366 /* the pipes from server processes to the dt_collector, 367 * arrays of size child_count * 2. Kept open for (re-)forks. */ 368 int *dt_collector_fd_send, *dt_collector_fd_recv; 369 /* the pipes from server processes to the dt_collector. Initially 370 * these point halfway into dt_collector_fd_send, but during reload 371 * the pointer is swapped with dt_collector_fd_send in order to 372 * to prevent writing to the dnstap collector by old serve childs 373 * simultaneous with new serve childs. */ 374 int *dt_collector_fd_swap; 375 #endif /* USE_DNSTAP */ 376 /* the pipes from the serve processes to xfrd, for passing through 377 * NOTIFY messages, arrays of size child_count * 2. 378 * Kept open for (re-)forks. */ 379 int *serve2xfrd_fd_send, *serve2xfrd_fd_recv; 380 /* the pipes from the serve processes to the xfrd. Initially 381 * these point halfway into serve2xfrd_fd_send, but during reload 382 * the pointer is swapped with serve2xfrd_fd_send so that only one 383 * serve child will write to the same fd simultaneously. */ 384 int *serve2xfrd_fd_swap; 385 /* ratelimit for errors, time value */ 386 time_t err_limit_time; 387 /* ratelimit for errors, packet count */ 388 unsigned int err_limit_count; 389 390 /* do answer with server cookie when request contained cookie option */ 391 int do_answer_cookie; 392 393 /* how many cookies are there in the cookies array */ 394 size_t cookie_count; 395 396 /* keep track of the last `NSD_COOKIE_HISTORY_SIZE` 397 * cookies as per rfc requirement .*/ 398 cookie_secrets_type cookie_secrets; 399 400 /* From where came the configured cookies */ 401 cookie_secrets_source_type cookie_secrets_source; 402 403 /* The cookie secrets filename when they came from file; when 404 * cookie_secrets_source == COOKIE_SECRETS_FROM_FILE */ 405 char* cookie_secrets_filename; 406 407 struct nsd_options* options; 408 409 #ifdef HAVE_SSL 410 /* TLS specific configuration */ 411 SSL_CTX *tls_ctx; 412 SSL_CTX *tls_auth_ctx; 413 #endif 414 }; 415 416 extern struct nsd nsd; 417 418 /* nsd.c */ 419 pid_t readpid(const char *file); 420 int writepid(struct nsd *nsd); 421 void unlinkpid(const char* file, const char* username); 422 void sig_handler(int sig); 423 void bind8_stats(struct nsd *nsd); 424 425 /* server.c */ 426 int server_init(struct nsd *nsd); 427 int server_prepare(struct nsd *nsd); 428 void server_main(struct nsd *nsd); 429 void server_child(struct nsd *nsd); 430 void server_shutdown(struct nsd *nsd) ATTR_NORETURN; 431 void server_close_all_sockets(struct nsd_socket sockets[], size_t n); 432 const char* nsd_event_vs(void); 433 const char* nsd_event_method(void); 434 struct event_base* nsd_child_event_base(void); 435 void service_remaining_tcp(struct nsd* nsd); 436 /* extra domain numbers for temporary domains */ 437 #define EXTRA_DOMAIN_NUMBERS 1024 438 #define SLOW_ACCEPT_TIMEOUT 2 /* in seconds */ 439 /* ratelimit for error responses */ 440 #define ERROR_RATELIMIT 100 /* qps */ 441 /* allocate zonestat structures */ 442 void server_zonestat_alloc(struct nsd* nsd); 443 /* remap the mmaps for zonestat isx, to bytesize sz. Caller has to set 444 * the zonestatsize */ 445 void zonestat_remap(struct nsd* nsd, int idx, size_t sz); 446 /* allocate stat structures */ 447 void server_stat_alloc(struct nsd* nsd); 448 /* free stat mmap file, unlinks it */ 449 void server_stat_free(struct nsd* nsd); 450 /* allocate and init xfrd variables */ 451 void server_prepare_xfrd(struct nsd *nsd); 452 /* start xfrdaemon (again) */ 453 void server_start_xfrd(struct nsd *nsd, int del_db, int reload_active); 454 /* send SOA serial numbers to xfrd */ 455 void server_send_soa_xfrd(struct nsd *nsd, int shortsoa); 456 #ifdef HAVE_SSL 457 SSL_CTX* server_tls_ctx_setup(char* key, char* pem, char* verifypem); 458 SSL_CTX* server_tls_ctx_create(struct nsd *nsd, char* verifypem, char* ocspfile); 459 void perform_openssl_init(void); 460 #endif 461 ssize_t block_read(struct nsd* nsd, int s, void* p, ssize_t sz, int timeout); 462 463 #endif /* NSD_H */ 464
Indexes created Tue Feb 24 08:35:24 UTC 2026