xfrin.c revision 1.1.1.15
1 1.1 christos /* $NetBSD: xfrin.c,v 1.1.1.15 2025/05/21 14:40:55 christos Exp $ */ 2 1.1 christos 3 1.1 christos /* 4 1.1 christos * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 1.1 christos * 6 1.1.1.9 christos * SPDX-License-Identifier: MPL-2.0 7 1.1.1.9 christos * 8 1.1 christos * This Source Code Form is subject to the terms of the Mozilla Public 9 1.1 christos * License, v. 2.0. If a copy of the MPL was not distributed with this 10 1.1.1.6 christos * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 1.1 christos * 12 1.1 christos * See the COPYRIGHT file distributed with this work for additional 13 1.1 christos * information regarding copyright ownership. 14 1.1 christos */ 15 1.1 christos 16 1.1 christos /*! \file */ 17 1.1 christos 18 1.1.1.2 christos #include <inttypes.h> 19 1.1.1.2 christos #include <stdbool.h> 20 1.1.1.2 christos 21 1.1.1.14 christos #include <isc/async.h> 22 1.1.1.14 christos #include <isc/atomic.h> 23 1.1 christos #include <isc/mem.h> 24 1.1 christos #include <isc/random.h> 25 1.1.1.12 christos #include <isc/result.h> 26 1.1.1.14 christos #include <isc/string.h> 27 1.1 christos #include <isc/util.h> 28 1.1.1.14 christos #include <isc/work.h> 29 1.1 christos 30 1.1 christos #include <dns/callbacks.h> 31 1.1 christos #include <dns/catz.h> 32 1.1 christos #include <dns/db.h> 33 1.1 christos #include <dns/diff.h> 34 1.1.1.14 christos #include <dns/dispatch.h> 35 1.1 christos #include <dns/journal.h> 36 1.1 christos #include <dns/log.h> 37 1.1 christos #include <dns/message.h> 38 1.1.1.14 christos #include <dns/peer.h> 39 1.1 christos #include <dns/rdataclass.h> 40 1.1 christos #include <dns/rdatalist.h> 41 1.1 christos #include <dns/rdataset.h> 42 1.1 christos #include <dns/result.h> 43 1.1 christos #include <dns/soa.h> 44 1.1.1.14 christos #include <dns/trace.h> 45 1.1.1.12 christos #include <dns/transport.h> 46 1.1 christos #include <dns/tsig.h> 47 1.1 christos #include <dns/view.h> 48 1.1 christos #include <dns/xfrin.h> 49 1.1 christos #include <dns/zone.h> 50 1.1 christos 51 1.1 christos #include <dst/dst.h> 52 1.1 christos 53 1.1.1.14 christos #include "probes.h" 54 1.1.1.14 christos 55 1.1 christos /* 56 1.1 christos * Incoming AXFR and IXFR. 57 1.1 christos */ 58 1.1 christos 59 1.1.1.14 christos #define CHECK(op) \ 60 1.1.1.14 christos { \ 61 1.1.1.14 christos result = (op); \ 62 1.1.1.14 christos if (result != ISC_R_SUCCESS) { \ 63 1.1.1.14 christos goto failure; \ 64 1.1.1.14 christos } \ 65 1.1.1.14 christos } 66 1.1 christos 67 1.1 christos /*% 68 1.1 christos * The states of the *XFR state machine. We handle both IXFR and AXFR 69 1.1 christos * with a single integrated state machine because they cannot be distinguished 70 1.1 christos * immediately - an AXFR response to an IXFR request can only be detected 71 1.1 christos * when the first two (2) response RRs have already been received. 72 1.1 christos */ 73 1.1 christos typedef enum { 74 1.1 christos XFRST_SOAQUERY, 75 1.1 christos XFRST_GOTSOA, 76 1.1.1.14 christos XFRST_ZONEXFRREQUEST, 77 1.1 christos XFRST_FIRSTDATA, 78 1.1 christos XFRST_IXFR_DELSOA, 79 1.1 christos XFRST_IXFR_DEL, 80 1.1 christos XFRST_IXFR_ADDSOA, 81 1.1 christos XFRST_IXFR_ADD, 82 1.1 christos XFRST_IXFR_END, 83 1.1 christos XFRST_AXFR, 84 1.1 christos XFRST_AXFR_END 85 1.1 christos } xfrin_state_t; 86 1.1 christos 87 1.1 christos /*% 88 1.1 christos * Incoming zone transfer context. 89 1.1 christos */ 90 1.1 christos 91 1.1.1.14 christos struct dns_xfrin { 92 1.1.1.4 christos unsigned int magic; 93 1.1.1.4 christos isc_mem_t *mctx; 94 1.1.1.4 christos dns_zone_t *zone; 95 1.1.1.14 christos dns_view_t *view; 96 1.1.1.4 christos 97 1.1.1.12 christos isc_refcount_t references; 98 1.1.1.12 christos 99 1.1.1.12 christos atomic_bool shuttingdown; 100 1.1.1.4 christos 101 1.1.1.4 christos isc_result_t shutdown_result; 102 1.1 christos 103 1.1.1.4 christos dns_name_t name; /*%< Name of zone to transfer */ 104 1.1.1.4 christos dns_rdataclass_t rdclass; 105 1.1 christos 106 1.1.1.4 christos dns_messageid_t id; 107 1.1 christos 108 1.1 christos /*% 109 1.1 christos * Requested transfer type (dns_rdatatype_axfr or 110 1.1 christos * dns_rdatatype_ixfr). The actual transfer type 111 1.1 christos * may differ due to IXFR->AXFR fallback. 112 1.1 christos */ 113 1.1.1.4 christos dns_rdatatype_t reqtype; 114 1.1 christos 115 1.1.1.12 christos isc_sockaddr_t primaryaddr; 116 1.1.1.4 christos isc_sockaddr_t sourceaddr; 117 1.1.1.12 christos 118 1.1.1.14 christos dns_dispatch_t *disp; 119 1.1.1.14 christos dns_dispentry_t *dispentry; 120 1.1 christos 121 1.1 christos /*% Buffer for IXFR/AXFR request message */ 122 1.1.1.4 christos isc_buffer_t qbuffer; 123 1.1.1.4 christos unsigned char qbuffer_data[512]; 124 1.1 christos 125 1.1.1.3 christos /*% 126 1.1.1.3 christos * Whether the zone originally had a database attached at the time this 127 1.1.1.12 christos * transfer context was created. Used by xfrin_destroy() when making 128 1.1.1.3 christos * logging decisions. 129 1.1.1.3 christos */ 130 1.1.1.4 christos bool zone_had_db; 131 1.1.1.3 christos 132 1.1.1.4 christos dns_db_t *db; 133 1.1.1.4 christos dns_dbversion_t *ver; 134 1.1.1.4 christos dns_diff_t diff; /*%< Pending database changes */ 135 1.1.1.4 christos 136 1.1.1.14 christos /* Diff queue */ 137 1.1.1.14 christos bool diff_running; 138 1.1.1.14 christos struct __cds_wfcq_head diff_head; 139 1.1.1.14 christos struct cds_wfcq_tail diff_tail; 140 1.1.1.14 christos 141 1.1.1.14 christos _Atomic xfrin_state_t state; 142 1.1.1.14 christos uint32_t expireopt; 143 1.1.1.14 christos bool edns, expireoptset; 144 1.1.1.14 christos atomic_bool is_ixfr; 145 1.1.1.4 christos 146 1.1.1.14 christos /* 147 1.1.1.14 christos * Following variable were made atomic only for loading the values for 148 1.1.1.14 christos * the statistics channel, thus all accesses can be **relaxed** because 149 1.1.1.14 christos * all store and load operations that affect XFR are done on the same 150 1.1.1.14 christos * thread and only the statistics channel thread could perform a load 151 1.1.1.14 christos * operation from a different thread and it's ok to not be precise in 152 1.1.1.14 christos * the statistics. 153 1.1.1.14 christos */ 154 1.1.1.14 christos atomic_uint nmsg; /*%< Number of messages recvd */ 155 1.1.1.14 christos atomic_uint nrecs; /*%< Number of records recvd */ 156 1.1.1.14 christos atomic_uint_fast64_t nbytes; /*%< Number of bytes received */ 157 1.1.1.14 christos _Atomic(isc_time_t) start; /*%< Start time of the transfer */ 158 1.1.1.15 christos atomic_uint_fast64_t rate_bytes_per_second; 159 1.1.1.14 christos _Atomic(dns_transport_type_t) soa_transport_type; 160 1.1.1.14 christos atomic_uint_fast32_t end_serial; 161 1.1.1.4 christos 162 1.1.1.4 christos unsigned int maxrecords; /*%< The maximum number of 163 1.1.1.4 christos * records set for the zone */ 164 1.1.1.15 christos uint64_t nbytes_saved; /*%< For enforcing the minimum transfer rate */ 165 1.1.1.4 christos 166 1.1.1.4 christos dns_tsigkey_t *tsigkey; /*%< Key used to create TSIG */ 167 1.1.1.4 christos isc_buffer_t *lasttsig; /*%< The last TSIG */ 168 1.1.1.4 christos dst_context_t *tsigctx; /*%< TSIG verification context */ 169 1.1.1.4 christos unsigned int sincetsig; /*%< recvd since the last TSIG */ 170 1.1.1.12 christos 171 1.1.1.12 christos dns_transport_t *transport; 172 1.1.1.12 christos 173 1.1.1.4 christos dns_xfrindone_t done; 174 1.1 christos 175 1.1 christos /*% 176 1.1 christos * AXFR- and IXFR-specific data. Only one is used at a time 177 1.1 christos * according to the is_ixfr flag, so this could be a union, 178 1.1 christos * but keeping them separate makes it a bit simpler to clean 179 1.1 christos * things up when destroying the context. 180 1.1 christos */ 181 1.1.1.4 christos dns_rdatacallbacks_t axfr; 182 1.1 christos 183 1.1 christos struct { 184 1.1.1.4 christos uint32_t request_serial; 185 1.1.1.4 christos uint32_t current_serial; 186 1.1.1.4 christos dns_journal_t *journal; 187 1.1 christos } ixfr; 188 1.1.1.8 christos 189 1.1.1.8 christos dns_rdata_t firstsoa; 190 1.1.1.8 christos unsigned char *firstsoa_data; 191 1.1.1.12 christos 192 1.1.1.12 christos isc_tlsctx_cache_t *tlsctx_cache; 193 1.1.1.12 christos 194 1.1.1.14 christos isc_loop_t *loop; 195 1.1.1.14 christos 196 1.1.1.15 christos isc_timer_t *min_rate_timer; 197 1.1.1.12 christos isc_timer_t *max_time_timer; 198 1.1.1.12 christos isc_timer_t *max_idle_timer; 199 1.1.1.14 christos 200 1.1.1.14 christos char info[DNS_NAME_MAXTEXT + 32]; 201 1.1 christos }; 202 1.1 christos 203 1.1.1.4 christos #define XFRIN_MAGIC ISC_MAGIC('X', 'f', 'r', 'I') 204 1.1.1.4 christos #define VALID_XFRIN(x) ISC_MAGIC_VALID(x, XFRIN_MAGIC) 205 1.1 christos 206 1.1.1.14 christos #define XFRIN_WORK_MAGIC ISC_MAGIC('X', 'f', 'r', 'W') 207 1.1.1.14 christos #define VALID_XFRIN_WORK(x) ISC_MAGIC_VALID(x, XFRIN_WORK_MAGIC) 208 1.1.1.14 christos 209 1.1.1.14 christos typedef struct xfrin_work { 210 1.1.1.14 christos unsigned int magic; 211 1.1.1.14 christos isc_result_t result; 212 1.1.1.14 christos dns_xfrin_t *xfr; 213 1.1.1.14 christos } xfrin_work_t; 214 1.1.1.14 christos 215 1.1 christos /**************************************************************************/ 216 1.1 christos /* 217 1.1 christos * Forward declarations. 218 1.1 christos */ 219 1.1 christos 220 1.1.1.12 christos static void 221 1.1.1.14 christos xfrin_create(isc_mem_t *mctx, dns_zone_t *zone, dns_db_t *db, isc_loop_t *loop, 222 1.1.1.4 christos dns_name_t *zonename, dns_rdataclass_t rdclass, 223 1.1.1.12 christos dns_rdatatype_t reqtype, const isc_sockaddr_t *primaryaddr, 224 1.1.1.12 christos const isc_sockaddr_t *sourceaddr, dns_tsigkey_t *tsigkey, 225 1.1.1.14 christos dns_transport_type_t soa_transport_type, 226 1.1.1.12 christos dns_transport_t *transport, isc_tlsctx_cache_t *tlsctx_cache, 227 1.1.1.14 christos dns_xfrin_t **xfrp); 228 1.1 christos 229 1.1.1.4 christos static isc_result_t 230 1.1.1.14 christos axfr_init(dns_xfrin_t *xfr); 231 1.1.1.4 christos static isc_result_t 232 1.1.1.14 christos axfr_putdata(dns_xfrin_t *xfr, dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl, 233 1.1.1.14 christos dns_rdata_t *rdata); 234 1.1.1.14 christos static void 235 1.1.1.14 christos axfr_commit(dns_xfrin_t *xfr); 236 1.1.1.4 christos static isc_result_t 237 1.1.1.14 christos axfr_finalize(dns_xfrin_t *xfr); 238 1.1.1.4 christos 239 1.1.1.4 christos static isc_result_t 240 1.1.1.14 christos ixfr_init(dns_xfrin_t *xfr); 241 1.1.1.4 christos static isc_result_t 242 1.1.1.14 christos ixfr_putdata(dns_xfrin_t *xfr, dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl, 243 1.1.1.14 christos dns_rdata_t *rdata); 244 1.1.1.4 christos static isc_result_t 245 1.1.1.14 christos ixfr_commit(dns_xfrin_t *xfr); 246 1.1.1.4 christos 247 1.1.1.4 christos static isc_result_t 248 1.1.1.14 christos xfr_rr(dns_xfrin_t *xfr, dns_name_t *name, uint32_t ttl, dns_rdata_t *rdata); 249 1.1.1.4 christos 250 1.1.1.4 christos static isc_result_t 251 1.1.1.14 christos xfrin_start(dns_xfrin_t *xfr); 252 1.1.1.4 christos 253 1.1.1.4 christos static void 254 1.1.1.14 christos xfrin_connect_done(isc_result_t result, isc_region_t *region, void *arg); 255 1.1.1.4 christos static isc_result_t 256 1.1.1.14 christos xfrin_send_request(dns_xfrin_t *xfr); 257 1.1.1.4 christos static void 258 1.1.1.14 christos xfrin_send_done(isc_result_t eresult, isc_region_t *region, void *arg); 259 1.1.1.14 christos static void 260 1.1.1.14 christos xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg); 261 1.1.1.14 christos 262 1.1.1.4 christos static void 263 1.1.1.14 christos xfrin_end(dns_xfrin_t *xfr, isc_result_t result); 264 1.1.1.4 christos 265 1.1.1.4 christos static void 266 1.1.1.14 christos xfrin_destroy(dns_xfrin_t *xfr); 267 1.1 christos 268 1.1 christos static void 269 1.1.1.14 christos xfrin_timedout(void *); 270 1.1.1.12 christos static void 271 1.1.1.14 christos xfrin_idledout(void *); 272 1.1.1.12 christos static void 273 1.1.1.15 christos xfrin_minratecheck(void *); 274 1.1.1.15 christos static void 275 1.1.1.14 christos xfrin_fail(dns_xfrin_t *xfr, isc_result_t result, const char *msg); 276 1.1 christos static isc_result_t 277 1.1 christos render(dns_message_t *msg, isc_mem_t *mctx, isc_buffer_t *buf); 278 1.1 christos 279 1.1 christos static void 280 1.1.1.14 christos xfrin_log(dns_xfrin_t *xfr, int level, const char *fmt, ...) 281 1.1.1.4 christos ISC_FORMAT_PRINTF(3, 4); 282 1.1 christos 283 1.1 christos /**************************************************************************/ 284 1.1 christos /* 285 1.1 christos * AXFR handling 286 1.1 christos */ 287 1.1 christos 288 1.1 christos static isc_result_t 289 1.1.1.14 christos axfr_init(dns_xfrin_t *xfr) { 290 1.1 christos isc_result_t result; 291 1.1 christos 292 1.1.1.14 christos atomic_store(&xfr->is_ixfr, false); 293 1.1 christos 294 1.1.1.4 christos if (xfr->db != NULL) { 295 1.1 christos dns_db_detach(&xfr->db); 296 1.1.1.4 christos } 297 1.1 christos 298 1.1.1.13 christos CHECK(dns_zone_makedb(xfr->zone, &xfr->db)); 299 1.1.1.13 christos 300 1.1.1.13 christos dns_zone_rpz_enable_db(xfr->zone, xfr->db); 301 1.1.1.13 christos dns_zone_catz_enable_db(xfr->zone, xfr->db); 302 1.1.1.13 christos 303 1.1 christos dns_rdatacallbacks_init(&xfr->axfr); 304 1.1 christos CHECK(dns_db_beginload(xfr->db, &xfr->axfr)); 305 1.1 christos result = ISC_R_SUCCESS; 306 1.1.1.4 christos failure: 307 1.1.1.14 christos return result; 308 1.1 christos } 309 1.1 christos 310 1.1.1.14 christos static void 311 1.1.1.14 christos axfr_apply(void *arg); 312 1.1.1.14 christos 313 1.1 christos static isc_result_t 314 1.1.1.14 christos axfr_putdata(dns_xfrin_t *xfr, dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl, 315 1.1.1.14 christos dns_rdata_t *rdata) { 316 1.1 christos isc_result_t result; 317 1.1 christos 318 1.1 christos dns_difftuple_t *tuple = NULL; 319 1.1 christos 320 1.1.1.4 christos if (rdata->rdclass != xfr->rdclass) { 321 1.1.1.14 christos return DNS_R_BADCLASS; 322 1.1.1.4 christos } 323 1.1 christos 324 1.1 christos CHECK(dns_zone_checknames(xfr->zone, name, rdata)); 325 1.1.1.14 christos 326 1.1.1.14 christos if (dns_diff_size(&xfr->diff) > 128 && 327 1.1.1.14 christos dns_diff_is_boundary(&xfr->diff, name)) 328 1.1.1.14 christos { 329 1.1.1.14 christos xfrin_work_t work = (xfrin_work_t){ 330 1.1.1.14 christos .magic = XFRIN_WORK_MAGIC, 331 1.1.1.14 christos .result = ISC_R_UNSET, 332 1.1.1.14 christos .xfr = xfr, 333 1.1.1.14 christos }; 334 1.1.1.14 christos axfr_apply((void *)&work); 335 1.1.1.14 christos CHECK(work.result); 336 1.1.1.14 christos } 337 1.1.1.14 christos 338 1.1.1.4 christos CHECK(dns_difftuple_create(xfr->diff.mctx, op, name, ttl, rdata, 339 1.1.1.4 christos &tuple)); 340 1.1 christos dns_diff_append(&xfr->diff, &tuple); 341 1.1.1.14 christos 342 1.1 christos result = ISC_R_SUCCESS; 343 1.1.1.4 christos failure: 344 1.1.1.14 christos return result; 345 1.1 christos } 346 1.1 christos 347 1.1 christos /* 348 1.1 christos * Store a set of AXFR RRs in the database. 349 1.1 christos */ 350 1.1.1.14 christos static void 351 1.1.1.14 christos axfr_apply(void *arg) { 352 1.1.1.14 christos xfrin_work_t *work = arg; 353 1.1.1.14 christos REQUIRE(VALID_XFRIN_WORK(work)); 354 1.1.1.14 christos 355 1.1.1.14 christos dns_xfrin_t *xfr = work->xfr; 356 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 357 1.1.1.14 christos 358 1.1.1.14 christos isc_result_t result = ISC_R_SUCCESS; 359 1.1.1.2 christos uint64_t records; 360 1.1 christos 361 1.1.1.14 christos if (atomic_load(&xfr->shuttingdown)) { 362 1.1.1.14 christos result = ISC_R_SHUTTINGDOWN; 363 1.1.1.14 christos goto failure; 364 1.1.1.14 christos } 365 1.1.1.14 christos 366 1.1.1.14 christos CHECK(dns_diff_load(&xfr->diff, &xfr->axfr)); 367 1.1 christos if (xfr->maxrecords != 0U) { 368 1.1 christos result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL); 369 1.1 christos if (result == ISC_R_SUCCESS && records > xfr->maxrecords) { 370 1.1 christos result = DNS_R_TOOMANYRECORDS; 371 1.1 christos goto failure; 372 1.1 christos } 373 1.1 christos } 374 1.1.1.14 christos 375 1.1.1.4 christos failure: 376 1.1.1.14 christos dns_diff_clear(&xfr->diff); 377 1.1.1.14 christos work->result = result; 378 1.1 christos } 379 1.1 christos 380 1.1.1.14 christos static void 381 1.1.1.14 christos axfr_apply_done(void *arg) { 382 1.1.1.14 christos xfrin_work_t *work = arg; 383 1.1.1.14 christos REQUIRE(VALID_XFRIN_WORK(work)); 384 1.1 christos 385 1.1.1.14 christos dns_xfrin_t *xfr = work->xfr; 386 1.1.1.14 christos isc_result_t result = work->result; 387 1.1.1.14 christos 388 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 389 1.1.1.14 christos 390 1.1.1.14 christos if (atomic_load(&xfr->shuttingdown)) { 391 1.1.1.14 christos result = ISC_R_SHUTTINGDOWN; 392 1.1.1.14 christos } 393 1.1.1.14 christos 394 1.1.1.14 christos if (result == ISC_R_SUCCESS) { 395 1.1.1.14 christos CHECK(dns_db_endload(xfr->db, &xfr->axfr)); 396 1.1.1.14 christos CHECK(dns_zone_verifydb(xfr->zone, xfr->db, NULL)); 397 1.1.1.14 christos CHECK(axfr_finalize(xfr)); 398 1.1.1.14 christos } else { 399 1.1.1.14 christos (void)dns_db_endload(xfr->db, &xfr->axfr); 400 1.1.1.14 christos } 401 1.1 christos 402 1.1.1.4 christos failure: 403 1.1.1.14 christos xfr->diff_running = false; 404 1.1.1.14 christos 405 1.1.1.14 christos isc_mem_put(xfr->mctx, work, sizeof(*work)); 406 1.1.1.14 christos 407 1.1.1.14 christos if (result == ISC_R_SUCCESS) { 408 1.1.1.14 christos if (atomic_load(&xfr->state) == XFRST_AXFR_END) { 409 1.1.1.14 christos xfrin_end(xfr, result); 410 1.1.1.14 christos } 411 1.1.1.14 christos } else { 412 1.1.1.14 christos xfrin_fail(xfr, result, "failed while processing responses"); 413 1.1.1.14 christos } 414 1.1.1.14 christos 415 1.1.1.14 christos dns_xfrin_detach(&xfr); 416 1.1.1.14 christos } 417 1.1.1.14 christos 418 1.1.1.14 christos static void 419 1.1.1.14 christos axfr_commit(dns_xfrin_t *xfr) { 420 1.1.1.14 christos REQUIRE(!xfr->diff_running); 421 1.1.1.14 christos 422 1.1.1.14 christos xfrin_work_t *work = isc_mem_get(xfr->mctx, sizeof(*work)); 423 1.1.1.14 christos *work = (xfrin_work_t){ 424 1.1.1.14 christos .magic = XFRIN_WORK_MAGIC, 425 1.1.1.14 christos .result = ISC_R_UNSET, 426 1.1.1.14 christos .xfr = dns_xfrin_ref(xfr), 427 1.1.1.14 christos }; 428 1.1.1.14 christos xfr->diff_running = true; 429 1.1.1.14 christos isc_work_enqueue(xfr->loop, axfr_apply, axfr_apply_done, work); 430 1.1 christos } 431 1.1 christos 432 1.1 christos static isc_result_t 433 1.1.1.14 christos axfr_finalize(dns_xfrin_t *xfr) { 434 1.1 christos isc_result_t result; 435 1.1 christos 436 1.1.1.14 christos LIBDNS_XFRIN_AXFR_FINALIZE_BEGIN(xfr, xfr->info); 437 1.1.1.14 christos result = dns_zone_replacedb(xfr->zone, xfr->db, true); 438 1.1.1.14 christos LIBDNS_XFRIN_AXFR_FINALIZE_END(xfr, xfr->info, result); 439 1.1 christos 440 1.1.1.14 christos return result; 441 1.1 christos } 442 1.1 christos 443 1.1 christos /**************************************************************************/ 444 1.1 christos /* 445 1.1 christos * IXFR handling 446 1.1 christos */ 447 1.1 christos 448 1.1.1.14 christos typedef struct ixfr_apply_data { 449 1.1.1.14 christos dns_diff_t diff; /*%< Pending database changes */ 450 1.1.1.14 christos struct cds_wfcq_node wfcq_node; 451 1.1.1.14 christos } ixfr_apply_data_t; 452 1.1.1.14 christos 453 1.1 christos static isc_result_t 454 1.1.1.14 christos ixfr_init(dns_xfrin_t *xfr) { 455 1.1 christos isc_result_t result; 456 1.1.1.12 christos char *journalfile = NULL; 457 1.1 christos 458 1.1 christos if (xfr->reqtype != dns_rdatatype_ixfr) { 459 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_NOTICE, 460 1.1 christos "got incremental response to AXFR request"); 461 1.1.1.14 christos return DNS_R_FORMERR; 462 1.1 christos } 463 1.1 christos 464 1.1.1.14 christos atomic_store(&xfr->is_ixfr, true); 465 1.1 christos INSIST(xfr->db != NULL); 466 1.1 christos 467 1.1 christos journalfile = dns_zone_getjournal(xfr->zone); 468 1.1.1.4 christos if (journalfile != NULL) { 469 1.1 christos CHECK(dns_journal_open(xfr->mctx, journalfile, 470 1.1 christos DNS_JOURNAL_CREATE, &xfr->ixfr.journal)); 471 1.1.1.4 christos } 472 1.1 christos 473 1.1 christos result = ISC_R_SUCCESS; 474 1.1.1.4 christos failure: 475 1.1.1.14 christos return result; 476 1.1 christos } 477 1.1 christos 478 1.1 christos static isc_result_t 479 1.1.1.14 christos ixfr_putdata(dns_xfrin_t *xfr, dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl, 480 1.1.1.14 christos dns_rdata_t *rdata) { 481 1.1 christos isc_result_t result; 482 1.1 christos dns_difftuple_t *tuple = NULL; 483 1.1 christos 484 1.1.1.4 christos if (rdata->rdclass != xfr->rdclass) { 485 1.1.1.14 christos return DNS_R_BADCLASS; 486 1.1.1.4 christos } 487 1.1 christos 488 1.1.1.4 christos if (op == DNS_DIFFOP_ADD) { 489 1.1 christos CHECK(dns_zone_checknames(xfr->zone, name, rdata)); 490 1.1.1.4 christos } 491 1.1.1.4 christos CHECK(dns_difftuple_create(xfr->diff.mctx, op, name, ttl, rdata, 492 1.1.1.4 christos &tuple)); 493 1.1 christos dns_diff_append(&xfr->diff, &tuple); 494 1.1 christos result = ISC_R_SUCCESS; 495 1.1.1.4 christos failure: 496 1.1.1.14 christos return result; 497 1.1 christos } 498 1.1 christos 499 1.1 christos static isc_result_t 500 1.1.1.14 christos ixfr_begin_transaction(dns_xfrin_t *xfr) { 501 1.1.1.14 christos isc_result_t result = ISC_R_SUCCESS; 502 1.1 christos 503 1.1.1.14 christos if (xfr->ixfr.journal != NULL) { 504 1.1.1.14 christos CHECK(dns_journal_begin_transaction(xfr->ixfr.journal)); 505 1.1.1.14 christos } 506 1.1.1.14 christos failure: 507 1.1.1.14 christos return result; 508 1.1.1.14 christos } 509 1.1.1.14 christos 510 1.1.1.14 christos static isc_result_t 511 1.1.1.14 christos ixfr_end_transaction(dns_xfrin_t *xfr) { 512 1.1.1.14 christos isc_result_t result = ISC_R_SUCCESS; 513 1.1.1.14 christos 514 1.1.1.14 christos CHECK(dns_zone_verifydb(xfr->zone, xfr->db, xfr->ver)); 515 1.1.1.14 christos /* XXX enter ready-to-commit state here */ 516 1.1.1.14 christos if (xfr->ixfr.journal != NULL) { 517 1.1.1.14 christos CHECK(dns_journal_commit(xfr->ixfr.journal)); 518 1.1 christos } 519 1.1.1.14 christos failure: 520 1.1.1.14 christos return result; 521 1.1.1.14 christos } 522 1.1.1.14 christos 523 1.1.1.14 christos static isc_result_t 524 1.1.1.14 christos ixfr_apply_one(dns_xfrin_t *xfr, ixfr_apply_data_t *data) { 525 1.1.1.14 christos isc_result_t result = ISC_R_SUCCESS; 526 1.1.1.14 christos uint64_t records; 527 1.1.1.14 christos 528 1.1.1.14 christos CHECK(ixfr_begin_transaction(xfr)); 529 1.1.1.14 christos 530 1.1.1.14 christos CHECK(dns_diff_apply(&data->diff, xfr->db, xfr->ver)); 531 1.1 christos if (xfr->maxrecords != 0U) { 532 1.1 christos result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL); 533 1.1 christos if (result == ISC_R_SUCCESS && records > xfr->maxrecords) { 534 1.1 christos result = DNS_R_TOOMANYRECORDS; 535 1.1 christos goto failure; 536 1.1 christos } 537 1.1 christos } 538 1.1 christos if (xfr->ixfr.journal != NULL) { 539 1.1.1.14 christos CHECK(dns_journal_writediff(xfr->ixfr.journal, &data->diff)); 540 1.1 christos } 541 1.1.1.14 christos 542 1.1.1.14 christos result = ixfr_end_transaction(xfr); 543 1.1.1.14 christos 544 1.1.1.14 christos return result; 545 1.1.1.4 christos failure: 546 1.1.1.14 christos /* We need to end the transaction, but keep the previous error */ 547 1.1.1.14 christos (void)ixfr_end_transaction(xfr); 548 1.1.1.14 christos 549 1.1.1.14 christos return result; 550 1.1 christos } 551 1.1 christos 552 1.1.1.14 christos static void 553 1.1.1.14 christos ixfr_apply(void *arg) { 554 1.1.1.14 christos xfrin_work_t *work = arg; 555 1.1.1.14 christos dns_xfrin_t *xfr = work->xfr; 556 1.1.1.14 christos isc_result_t result = ISC_R_SUCCESS; 557 1.1 christos 558 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 559 1.1.1.14 christos REQUIRE(VALID_XFRIN_WORK(work)); 560 1.1.1.14 christos 561 1.1.1.14 christos struct __cds_wfcq_head diff_head; 562 1.1.1.14 christos struct cds_wfcq_tail diff_tail; 563 1.1.1.14 christos 564 1.1.1.14 christos /* Initialize local wfcqueue */ 565 1.1.1.14 christos __cds_wfcq_init(&diff_head, &diff_tail); 566 1.1.1.14 christos 567 1.1.1.14 christos enum cds_wfcq_ret ret = __cds_wfcq_splice_blocking( 568 1.1.1.14 christos &diff_head, &diff_tail, &xfr->diff_head, &xfr->diff_tail); 569 1.1.1.14 christos INSIST(ret == CDS_WFCQ_RET_DEST_EMPTY); 570 1.1.1.14 christos 571 1.1.1.14 christos struct cds_wfcq_node *node, *next; 572 1.1.1.14 christos __cds_wfcq_for_each_blocking_safe(&diff_head, &diff_tail, node, next) { 573 1.1.1.14 christos ixfr_apply_data_t *data = 574 1.1.1.14 christos caa_container_of(node, ixfr_apply_data_t, wfcq_node); 575 1.1.1.14 christos 576 1.1.1.14 christos if (atomic_load(&xfr->shuttingdown)) { 577 1.1.1.14 christos result = ISC_R_SHUTTINGDOWN; 578 1.1.1.14 christos } 579 1.1.1.14 christos 580 1.1.1.14 christos /* Apply only until first failure */ 581 1.1.1.14 christos if (result == ISC_R_SUCCESS) { 582 1.1.1.14 christos /* This also checks for shuttingdown condition */ 583 1.1.1.14 christos result = ixfr_apply_one(xfr, data); 584 1.1.1.4 christos } 585 1.1.1.14 christos 586 1.1.1.14 christos /* We need to clear and free all data chunks */ 587 1.1.1.14 christos dns_diff_clear(&data->diff); 588 1.1.1.14 christos isc_mem_put(xfr->mctx, data, sizeof(*data)); 589 1.1.1.14 christos } 590 1.1.1.14 christos 591 1.1.1.14 christos work->result = result; 592 1.1.1.14 christos } 593 1.1.1.14 christos 594 1.1.1.14 christos static void 595 1.1.1.14 christos ixfr_apply_done(void *arg) { 596 1.1.1.14 christos xfrin_work_t *work = arg; 597 1.1.1.14 christos REQUIRE(VALID_XFRIN_WORK(work)); 598 1.1.1.14 christos 599 1.1.1.14 christos dns_xfrin_t *xfr = work->xfr; 600 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 601 1.1.1.14 christos 602 1.1.1.14 christos isc_result_t result = work->result; 603 1.1.1.14 christos 604 1.1.1.14 christos if (atomic_load(&xfr->shuttingdown)) { 605 1.1.1.14 christos result = ISC_R_SHUTTINGDOWN; 606 1.1.1.14 christos } 607 1.1.1.14 christos 608 1.1.1.14 christos if (result != ISC_R_SUCCESS) { 609 1.1.1.14 christos goto failure; 610 1.1.1.14 christos } 611 1.1.1.14 christos 612 1.1.1.14 christos /* Reschedule */ 613 1.1.1.14 christos if (!cds_wfcq_empty(&xfr->diff_head, &xfr->diff_tail)) { 614 1.1.1.14 christos isc_work_enqueue(xfr->loop, ixfr_apply, ixfr_apply_done, work); 615 1.1.1.14 christos return; 616 1.1.1.14 christos } 617 1.1.1.14 christos 618 1.1.1.14 christos failure: 619 1.1.1.14 christos xfr->diff_running = false; 620 1.1.1.14 christos 621 1.1.1.14 christos isc_mem_put(xfr->mctx, work, sizeof(*work)); 622 1.1.1.14 christos 623 1.1.1.14 christos if (result == ISC_R_SUCCESS) { 624 1.1.1.2 christos dns_db_closeversion(xfr->db, &xfr->ver, true); 625 1.1 christos dns_zone_markdirty(xfr->zone); 626 1.1.1.14 christos 627 1.1.1.14 christos if (atomic_load(&xfr->state) == XFRST_IXFR_END) { 628 1.1.1.14 christos xfrin_end(xfr, result); 629 1.1.1.14 christos } 630 1.1.1.14 christos } else { 631 1.1.1.14 christos dns_db_closeversion(xfr->db, &xfr->ver, false); 632 1.1.1.14 christos 633 1.1.1.14 christos xfrin_fail(xfr, result, "failed while processing responses"); 634 1.1 christos } 635 1.1.1.14 christos 636 1.1.1.14 christos dns_xfrin_detach(&xfr); 637 1.1.1.14 christos } 638 1.1.1.14 christos 639 1.1.1.14 christos /* 640 1.1.1.14 christos * Apply a set of IXFR changes to the database. 641 1.1.1.14 christos */ 642 1.1.1.14 christos static isc_result_t 643 1.1.1.14 christos ixfr_commit(dns_xfrin_t *xfr) { 644 1.1.1.14 christos isc_result_t result = ISC_R_SUCCESS; 645 1.1.1.14 christos ixfr_apply_data_t *data = isc_mem_get(xfr->mctx, sizeof(*data)); 646 1.1.1.14 christos 647 1.1.1.14 christos *data = (ixfr_apply_data_t){ 0 }; 648 1.1.1.14 christos cds_wfcq_node_init(&data->wfcq_node); 649 1.1.1.14 christos 650 1.1.1.14 christos if (xfr->ver == NULL) { 651 1.1.1.14 christos CHECK(dns_db_newversion(xfr->db, &xfr->ver)); 652 1.1.1.14 christos } 653 1.1.1.14 christos 654 1.1.1.14 christos dns_diff_init(xfr->mctx, &data->diff); 655 1.1.1.14 christos /* FIXME: Should we add dns_diff_move() */ 656 1.1.1.14 christos ISC_LIST_MOVE(data->diff.tuples, xfr->diff.tuples); 657 1.1.1.14 christos 658 1.1.1.14 christos (void)cds_wfcq_enqueue(&xfr->diff_head, &xfr->diff_tail, 659 1.1.1.14 christos &data->wfcq_node); 660 1.1.1.14 christos 661 1.1.1.14 christos if (!xfr->diff_running) { 662 1.1.1.14 christos xfrin_work_t *work = isc_mem_get(xfr->mctx, sizeof(*work)); 663 1.1.1.14 christos *work = (xfrin_work_t){ 664 1.1.1.14 christos .magic = XFRIN_WORK_MAGIC, 665 1.1.1.14 christos .result = ISC_R_UNSET, 666 1.1.1.14 christos .xfr = dns_xfrin_ref(xfr), 667 1.1.1.14 christos }; 668 1.1.1.14 christos xfr->diff_running = true; 669 1.1.1.14 christos isc_work_enqueue(xfr->loop, ixfr_apply, ixfr_apply_done, work); 670 1.1.1.14 christos } 671 1.1.1.14 christos 672 1.1.1.4 christos failure: 673 1.1.1.14 christos return result; 674 1.1 christos } 675 1.1 christos 676 1.1 christos /**************************************************************************/ 677 1.1 christos /* 678 1.1 christos * Common AXFR/IXFR protocol code 679 1.1 christos */ 680 1.1 christos 681 1.1 christos /* 682 1.1 christos * Handle a single incoming resource record according to the current 683 1.1 christos * state. 684 1.1 christos */ 685 1.1 christos static isc_result_t 686 1.1.1.14 christos xfr_rr(dns_xfrin_t *xfr, dns_name_t *name, uint32_t ttl, dns_rdata_t *rdata) { 687 1.1 christos isc_result_t result; 688 1.1.1.14 christos uint_fast32_t end_serial; 689 1.1 christos 690 1.1.1.14 christos atomic_fetch_add_relaxed(&xfr->nrecs, 1); 691 1.1 christos 692 1.1 christos if (rdata->type == dns_rdatatype_none || 693 1.1.1.10 christos dns_rdatatype_ismeta(rdata->type)) 694 1.1.1.10 christos { 695 1.1.1.12 christos char buf[64]; 696 1.1.1.12 christos dns_rdatatype_format(rdata->type, buf, sizeof(buf)); 697 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_NOTICE, 698 1.1.1.12 christos "Unexpected %s record in zone transfer", buf); 699 1.1.1.14 christos result = DNS_R_FORMERR; 700 1.1.1.14 christos goto failure; 701 1.1.1.4 christos } 702 1.1 christos 703 1.1.1.7 christos /* 704 1.1.1.7 christos * Immediately reject the entire transfer if the RR that is currently 705 1.1.1.7 christos * being processed is an SOA record that is not placed at the zone 706 1.1.1.7 christos * apex. 707 1.1.1.7 christos */ 708 1.1.1.7 christos if (rdata->type == dns_rdatatype_soa && 709 1.1.1.10 christos !dns_name_equal(&xfr->name, name)) 710 1.1.1.10 christos { 711 1.1.1.7 christos char namebuf[DNS_NAME_FORMATSIZE]; 712 1.1.1.7 christos dns_name_format(name, namebuf, sizeof(namebuf)); 713 1.1.1.7 christos xfrin_log(xfr, ISC_LOG_DEBUG(3), "SOA name mismatch: '%s'", 714 1.1.1.7 christos namebuf); 715 1.1.1.14 christos result = DNS_R_NOTZONETOP; 716 1.1.1.14 christos goto failure; 717 1.1.1.7 christos } 718 1.1.1.7 christos 719 1.1.1.4 christos redo: 720 1.1.1.14 christos switch (atomic_load(&xfr->state)) { 721 1.1 christos case XFRST_SOAQUERY: 722 1.1 christos if (rdata->type != dns_rdatatype_soa) { 723 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_NOTICE, 724 1.1 christos "non-SOA response to SOA query"); 725 1.1.1.14 christos result = DNS_R_FORMERR; 726 1.1.1.14 christos goto failure; 727 1.1 christos } 728 1.1.1.14 christos end_serial = dns_soa_getserial(rdata); 729 1.1.1.14 christos atomic_store_relaxed(&xfr->end_serial, end_serial); 730 1.1.1.14 christos if (!DNS_SERIAL_GT(end_serial, xfr->ixfr.request_serial) && 731 1.1.1.4 christos !dns_zone_isforced(xfr->zone)) 732 1.1.1.4 christos { 733 1.1 christos xfrin_log(xfr, ISC_LOG_DEBUG(3), 734 1.1 christos "requested serial %u, " 735 1.1.1.14 christos "primary has %" PRIuFAST32 ", not updating", 736 1.1.1.14 christos xfr->ixfr.request_serial, end_serial); 737 1.1.1.14 christos result = DNS_R_UPTODATE; 738 1.1.1.14 christos goto failure; 739 1.1 christos } 740 1.1.1.14 christos atomic_store(&xfr->state, XFRST_GOTSOA); 741 1.1 christos break; 742 1.1 christos 743 1.1 christos case XFRST_GOTSOA: 744 1.1 christos /* 745 1.1 christos * Skip other records in the answer section. 746 1.1 christos */ 747 1.1 christos break; 748 1.1 christos 749 1.1.1.14 christos case XFRST_ZONEXFRREQUEST: 750 1.1 christos if (rdata->type != dns_rdatatype_soa) { 751 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_NOTICE, 752 1.1 christos "first RR in zone transfer must be SOA"); 753 1.1.1.14 christos result = DNS_R_FORMERR; 754 1.1.1.14 christos goto failure; 755 1.1 christos } 756 1.1 christos /* 757 1.1 christos * Remember the serial number in the initial SOA. 758 1.1 christos * We need it to recognize the end of an IXFR. 759 1.1 christos */ 760 1.1.1.14 christos end_serial = dns_soa_getserial(rdata); 761 1.1.1.14 christos atomic_store_relaxed(&xfr->end_serial, end_serial); 762 1.1 christos if (xfr->reqtype == dns_rdatatype_ixfr && 763 1.1.1.14 christos !DNS_SERIAL_GT(end_serial, xfr->ixfr.request_serial) && 764 1.1.1.4 christos !dns_zone_isforced(xfr->zone)) 765 1.1 christos { 766 1.1 christos /* 767 1.1 christos * This must be the single SOA record that is 768 1.1.1.12 christos * sent when the current version on the primary 769 1.1 christos * is not newer than the version in the request. 770 1.1 christos */ 771 1.1 christos xfrin_log(xfr, ISC_LOG_DEBUG(3), 772 1.1 christos "requested serial %u, " 773 1.1.1.14 christos "primary has %" PRIuFAST32 ", not updating", 774 1.1.1.14 christos xfr->ixfr.request_serial, end_serial); 775 1.1.1.14 christos result = DNS_R_UPTODATE; 776 1.1.1.14 christos goto failure; 777 1.1 christos } 778 1.1.1.8 christos xfr->firstsoa = *rdata; 779 1.1.1.8 christos if (xfr->firstsoa_data != NULL) { 780 1.1.1.8 christos isc_mem_free(xfr->mctx, xfr->firstsoa_data); 781 1.1.1.8 christos } 782 1.1.1.8 christos xfr->firstsoa_data = isc_mem_allocate(xfr->mctx, rdata->length); 783 1.1.1.8 christos memcpy(xfr->firstsoa_data, rdata->data, rdata->length); 784 1.1.1.8 christos xfr->firstsoa.data = xfr->firstsoa_data; 785 1.1.1.14 christos atomic_store(&xfr->state, XFRST_FIRSTDATA); 786 1.1 christos break; 787 1.1 christos 788 1.1 christos case XFRST_FIRSTDATA: 789 1.1 christos /* 790 1.1 christos * If the transfer begins with one SOA record, it is an AXFR, 791 1.1 christos * if it begins with two SOAs, it is an IXFR. 792 1.1 christos */ 793 1.1 christos if (xfr->reqtype == dns_rdatatype_ixfr && 794 1.1 christos rdata->type == dns_rdatatype_soa && 795 1.1.1.4 christos xfr->ixfr.request_serial == dns_soa_getserial(rdata)) 796 1.1.1.4 christos { 797 1.1 christos xfrin_log(xfr, ISC_LOG_DEBUG(3), 798 1.1 christos "got incremental response"); 799 1.1 christos CHECK(ixfr_init(xfr)); 800 1.1.1.14 christos atomic_store(&xfr->state, XFRST_IXFR_DELSOA); 801 1.1 christos } else { 802 1.1 christos xfrin_log(xfr, ISC_LOG_DEBUG(3), 803 1.1 christos "got nonincremental response"); 804 1.1 christos CHECK(axfr_init(xfr)); 805 1.1.1.14 christos atomic_store(&xfr->state, XFRST_AXFR); 806 1.1 christos } 807 1.1 christos goto redo; 808 1.1 christos 809 1.1 christos case XFRST_IXFR_DELSOA: 810 1.1 christos INSIST(rdata->type == dns_rdatatype_soa); 811 1.1 christos CHECK(ixfr_putdata(xfr, DNS_DIFFOP_DEL, name, ttl, rdata)); 812 1.1.1.14 christos atomic_store(&xfr->state, XFRST_IXFR_DEL); 813 1.1 christos break; 814 1.1 christos 815 1.1 christos case XFRST_IXFR_DEL: 816 1.1 christos if (rdata->type == dns_rdatatype_soa) { 817 1.1.1.2 christos uint32_t soa_serial = dns_soa_getserial(rdata); 818 1.1.1.14 christos atomic_store(&xfr->state, XFRST_IXFR_ADDSOA); 819 1.1 christos xfr->ixfr.current_serial = soa_serial; 820 1.1 christos goto redo; 821 1.1 christos } 822 1.1 christos CHECK(ixfr_putdata(xfr, DNS_DIFFOP_DEL, name, ttl, rdata)); 823 1.1 christos break; 824 1.1 christos 825 1.1 christos case XFRST_IXFR_ADDSOA: 826 1.1 christos INSIST(rdata->type == dns_rdatatype_soa); 827 1.1 christos CHECK(ixfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata)); 828 1.1.1.14 christos atomic_store(&xfr->state, XFRST_IXFR_ADD); 829 1.1 christos break; 830 1.1 christos 831 1.1 christos case XFRST_IXFR_ADD: 832 1.1 christos if (rdata->type == dns_rdatatype_soa) { 833 1.1.1.2 christos uint32_t soa_serial = dns_soa_getserial(rdata); 834 1.1.1.14 christos if (soa_serial == atomic_load_relaxed(&xfr->end_serial)) 835 1.1.1.14 christos { 836 1.1 christos CHECK(ixfr_commit(xfr)); 837 1.1.1.14 christos atomic_store(&xfr->state, XFRST_IXFR_END); 838 1.1 christos break; 839 1.1 christos } else if (soa_serial != xfr->ixfr.current_serial) { 840 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_NOTICE, 841 1.1 christos "IXFR out of sync: " 842 1.1 christos "expected serial %u, got %u", 843 1.1 christos xfr->ixfr.current_serial, soa_serial); 844 1.1.1.14 christos result = DNS_R_FORMERR; 845 1.1.1.14 christos goto failure; 846 1.1 christos } else { 847 1.1 christos CHECK(ixfr_commit(xfr)); 848 1.1.1.14 christos atomic_store(&xfr->state, XFRST_IXFR_DELSOA); 849 1.1 christos goto redo; 850 1.1 christos } 851 1.1 christos } 852 1.1 christos if (rdata->type == dns_rdatatype_ns && 853 1.1.1.10 christos dns_name_iswildcard(name)) 854 1.1.1.10 christos { 855 1.1.1.14 christos result = DNS_R_INVALIDNS; 856 1.1.1.14 christos goto failure; 857 1.1.1.4 christos } 858 1.1 christos CHECK(ixfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata)); 859 1.1 christos break; 860 1.1 christos 861 1.1 christos case XFRST_AXFR: 862 1.1 christos /* 863 1.1 christos * Old BINDs sent cross class A records for non IN classes. 864 1.1 christos */ 865 1.1 christos if (rdata->type == dns_rdatatype_a && 866 1.1 christos rdata->rdclass != xfr->rdclass && 867 1.1 christos xfr->rdclass != dns_rdataclass_in) 868 1.1.1.4 christos { 869 1.1 christos break; 870 1.1.1.4 christos } 871 1.1 christos CHECK(axfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata)); 872 1.1 christos if (rdata->type == dns_rdatatype_soa) { 873 1.1.1.8 christos /* 874 1.1.1.8 christos * Use dns_rdata_compare instead of memcmp to 875 1.1.1.8 christos * allow for case differences. 876 1.1.1.8 christos */ 877 1.1.1.8 christos if (dns_rdata_compare(rdata, &xfr->firstsoa) != 0) { 878 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_NOTICE, 879 1.1.1.8 christos "start and ending SOA records " 880 1.1.1.8 christos "mismatch"); 881 1.1.1.14 christos result = DNS_R_FORMERR; 882 1.1.1.14 christos goto failure; 883 1.1.1.8 christos } 884 1.1.1.14 christos axfr_commit(xfr); 885 1.1.1.14 christos atomic_store(&xfr->state, XFRST_AXFR_END); 886 1.1 christos break; 887 1.1 christos } 888 1.1 christos break; 889 1.1 christos case XFRST_AXFR_END: 890 1.1 christos case XFRST_IXFR_END: 891 1.1.1.14 christos result = DNS_R_EXTRADATA; 892 1.1.1.14 christos goto failure; 893 1.1 christos default: 894 1.1.1.9 christos UNREACHABLE(); 895 1.1 christos } 896 1.1 christos result = ISC_R_SUCCESS; 897 1.1.1.4 christos failure: 898 1.1.1.14 christos return result; 899 1.1 christos } 900 1.1 christos 901 1.1.1.14 christos void 902 1.1 christos dns_xfrin_create(dns_zone_t *zone, dns_rdatatype_t xfrtype, 903 1.1.1.12 christos const isc_sockaddr_t *primaryaddr, 904 1.1.1.12 christos const isc_sockaddr_t *sourceaddr, dns_tsigkey_t *tsigkey, 905 1.1.1.14 christos dns_transport_type_t soa_transport_type, 906 1.1.1.12 christos dns_transport_t *transport, isc_tlsctx_cache_t *tlsctx_cache, 907 1.1.1.14 christos isc_mem_t *mctx, dns_xfrin_t **xfrp) { 908 1.1 christos dns_name_t *zonename = dns_zone_getorigin(zone); 909 1.1.1.14 christos dns_xfrin_t *xfr = NULL; 910 1.1 christos dns_db_t *db = NULL; 911 1.1.1.14 christos isc_loop_t *loop = NULL; 912 1.1 christos 913 1.1 christos REQUIRE(xfrp != NULL && *xfrp == NULL); 914 1.1.1.12 christos REQUIRE(isc_sockaddr_getport(primaryaddr) != 0); 915 1.1.1.14 christos REQUIRE(zone != NULL); 916 1.1.1.14 christos REQUIRE(dns_zone_getview(zone) != NULL); 917 1.1.1.14 christos 918 1.1.1.14 christos loop = dns_zone_getloop(zone); 919 1.1 christos 920 1.1 christos (void)dns_zone_getdb(zone, &db); 921 1.1 christos 922 1.1.1.4 christos if (xfrtype == dns_rdatatype_soa || xfrtype == dns_rdatatype_ixfr) { 923 1.1 christos REQUIRE(db != NULL); 924 1.1.1.4 christos } 925 1.1 christos 926 1.1.1.14 christos xfrin_create(mctx, zone, db, loop, zonename, dns_zone_getclass(zone), 927 1.1.1.14 christos xfrtype, primaryaddr, sourceaddr, tsigkey, 928 1.1.1.14 christos soa_transport_type, transport, tlsctx_cache, &xfr); 929 1.1 christos 930 1.1.1.3 christos if (db != NULL) { 931 1.1.1.3 christos xfr->zone_had_db = true; 932 1.1.1.14 christos dns_db_detach(&db); 933 1.1.1.3 christos } 934 1.1.1.3 christos 935 1.1.1.14 christos *xfrp = xfr; 936 1.1.1.14 christos } 937 1.1.1.12 christos 938 1.1.1.14 christos isc_result_t 939 1.1.1.14 christos dns_xfrin_start(dns_xfrin_t *xfr, dns_xfrindone_t done) { 940 1.1.1.14 christos isc_result_t result; 941 1.1.1.12 christos 942 1.1.1.14 christos REQUIRE(xfr != NULL); 943 1.1.1.14 christos REQUIRE(xfr->zone != NULL); 944 1.1.1.14 christos REQUIRE(done != NULL); 945 1.1.1.14 christos 946 1.1.1.14 christos xfr->done = done; 947 1.1 christos 948 1.1.1.12 christos result = xfrin_start(xfr); 949 1.1.1.12 christos if (result != ISC_R_SUCCESS) { 950 1.1.1.14 christos xfr->done = NULL; 951 1.1.1.14 christos xfrin_fail(xfr, result, "zone transfer start failed"); 952 1.1.1.12 christos } 953 1.1.1.12 christos 954 1.1.1.14 christos return result; 955 1.1.1.14 christos } 956 1.1.1.12 christos 957 1.1.1.14 christos static void 958 1.1.1.14 christos xfrin_timedout(void *xfr) { 959 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 960 1.1.1.12 christos 961 1.1.1.14 christos xfrin_fail(xfr, ISC_R_TIMEDOUT, "maximum transfer time exceeded"); 962 1.1 christos } 963 1.1 christos 964 1.1.1.12 christos static void 965 1.1.1.14 christos xfrin_idledout(void *xfr) { 966 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 967 1.1.1.12 christos 968 1.1.1.14 christos xfrin_fail(xfr, ISC_R_TIMEDOUT, "maximum idle time exceeded"); 969 1.1.1.14 christos } 970 1.1.1.14 christos 971 1.1.1.15 christos static void 972 1.1.1.15 christos xfrin_minratecheck(void *arg) { 973 1.1.1.15 christos dns_xfrin_t *xfr = arg; 974 1.1.1.15 christos 975 1.1.1.15 christos REQUIRE(VALID_XFRIN(xfr)); 976 1.1.1.15 christos 977 1.1.1.15 christos const uint64_t nbytes = atomic_load_relaxed(&xfr->nbytes); 978 1.1.1.15 christos const uint64_t min = dns_zone_getminxfrratebytesin(xfr->zone); 979 1.1.1.15 christos uint64_t rate = nbytes - xfr->nbytes_saved; 980 1.1.1.15 christos 981 1.1.1.15 christos if (rate < min) { 982 1.1.1.15 christos isc_timer_stop(xfr->min_rate_timer); 983 1.1.1.15 christos xfrin_fail(xfr, ISC_R_TIMEDOUT, 984 1.1.1.15 christos "minimum transfer rate reached"); 985 1.1.1.15 christos } else { 986 1.1.1.15 christos xfr->nbytes_saved = nbytes; 987 1.1.1.15 christos 988 1.1.1.15 christos /* 989 1.1.1.15 christos * Calculate and store for the statistics channel the transfer 990 1.1.1.15 christos * rate in bytes-per-second for the latest interval. 991 1.1.1.15 christos */ 992 1.1.1.15 christos rate /= dns_zone_getminxfrratesecondsin(xfr->zone); 993 1.1.1.15 christos atomic_store_relaxed(&xfr->rate_bytes_per_second, rate); 994 1.1.1.15 christos } 995 1.1.1.15 christos } 996 1.1.1.15 christos 997 1.1.1.14 christos isc_time_t 998 1.1.1.14 christos dns_xfrin_getstarttime(dns_xfrin_t *xfr) { 999 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 1000 1.1.1.14 christos 1001 1.1.1.14 christos return atomic_load_relaxed(&xfr->start); 1002 1.1.1.14 christos } 1003 1.1.1.14 christos 1004 1.1.1.14 christos void 1005 1.1.1.14 christos dns_xfrin_getstate(const dns_xfrin_t *xfr, const char **statestr, 1006 1.1.1.14 christos bool *is_first_data_received, bool *is_ixfr) { 1007 1.1.1.14 christos xfrin_state_t state; 1008 1.1.1.14 christos 1009 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 1010 1.1.1.14 christos REQUIRE(statestr != NULL && *statestr == NULL); 1011 1.1.1.14 christos REQUIRE(is_ixfr != NULL); 1012 1.1.1.14 christos 1013 1.1.1.14 christos state = atomic_load(&xfr->state); 1014 1.1.1.14 christos *statestr = ""; 1015 1.1.1.14 christos *is_first_data_received = (state > XFRST_FIRSTDATA); 1016 1.1.1.14 christos *is_ixfr = atomic_load(&xfr->is_ixfr); 1017 1.1.1.14 christos 1018 1.1.1.14 christos switch (state) { 1019 1.1.1.14 christos case XFRST_SOAQUERY: 1020 1.1.1.14 christos *statestr = "SOA Query"; 1021 1.1.1.14 christos break; 1022 1.1.1.14 christos case XFRST_GOTSOA: 1023 1.1.1.14 christos *statestr = "Got SOA"; 1024 1.1.1.14 christos break; 1025 1.1.1.14 christos case XFRST_ZONEXFRREQUEST: 1026 1.1.1.14 christos *statestr = "Zone Transfer Request"; 1027 1.1.1.14 christos break; 1028 1.1.1.14 christos case XFRST_FIRSTDATA: 1029 1.1.1.14 christos *statestr = "First Data"; 1030 1.1.1.14 christos break; 1031 1.1.1.14 christos case XFRST_IXFR_DELSOA: 1032 1.1.1.14 christos case XFRST_IXFR_DEL: 1033 1.1.1.14 christos case XFRST_IXFR_ADDSOA: 1034 1.1.1.14 christos case XFRST_IXFR_ADD: 1035 1.1.1.14 christos *statestr = "Receiving IXFR Data"; 1036 1.1.1.14 christos break; 1037 1.1.1.14 christos case XFRST_IXFR_END: 1038 1.1.1.14 christos *statestr = "Finalizing IXFR"; 1039 1.1.1.14 christos break; 1040 1.1.1.14 christos case XFRST_AXFR: 1041 1.1.1.14 christos *statestr = "Receiving AXFR Data"; 1042 1.1.1.14 christos break; 1043 1.1.1.14 christos case XFRST_AXFR_END: 1044 1.1.1.14 christos *statestr = "Finalizing AXFR"; 1045 1.1.1.14 christos break; 1046 1.1.1.14 christos } 1047 1.1.1.14 christos } 1048 1.1.1.14 christos 1049 1.1.1.14 christos uint32_t 1050 1.1.1.14 christos dns_xfrin_getendserial(dns_xfrin_t *xfr) { 1051 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 1052 1.1.1.14 christos 1053 1.1.1.14 christos return atomic_load_relaxed(&xfr->end_serial); 1054 1.1.1.14 christos } 1055 1.1.1.14 christos 1056 1.1.1.14 christos void 1057 1.1.1.14 christos dns_xfrin_getstats(dns_xfrin_t *xfr, unsigned int *nmsgp, unsigned int *nrecsp, 1058 1.1.1.15 christos uint64_t *nbytesp, uint64_t *ratep) { 1059 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 1060 1.1.1.14 christos REQUIRE(nmsgp != NULL && nrecsp != NULL && nbytesp != NULL); 1061 1.1.1.14 christos 1062 1.1.1.15 christos uint64_t rate = atomic_load_relaxed(&xfr->rate_bytes_per_second); 1063 1.1.1.15 christos if (rate == 0) { 1064 1.1.1.15 christos /* 1065 1.1.1.15 christos * Likely the first 'min-transfer-rate-in <bytes> <minutes>' 1066 1.1.1.15 christos * minutes interval hasn't passed yet. Calculate the overall 1067 1.1.1.15 christos * average transfer rate instead. 1068 1.1.1.15 christos */ 1069 1.1.1.15 christos isc_time_t now = isc_time_now(); 1070 1.1.1.15 christos isc_time_t start = atomic_load_relaxed(&xfr->start); 1071 1.1.1.15 christos uint64_t sec = isc_time_microdiff(&now, &start) / US_PER_SEC; 1072 1.1.1.15 christos if (sec > 0) { 1073 1.1.1.15 christos rate = atomic_load_relaxed(&xfr->nbytes) / sec; 1074 1.1.1.15 christos } 1075 1.1.1.15 christos } 1076 1.1.1.15 christos 1077 1.1.1.14 christos SET_IF_NOT_NULL(nmsgp, atomic_load_relaxed(&xfr->nmsg)); 1078 1.1.1.14 christos SET_IF_NOT_NULL(nrecsp, atomic_load_relaxed(&xfr->nrecs)); 1079 1.1.1.14 christos SET_IF_NOT_NULL(nbytesp, atomic_load_relaxed(&xfr->nbytes)); 1080 1.1.1.15 christos SET_IF_NOT_NULL(ratep, rate); 1081 1.1.1.14 christos } 1082 1.1.1.14 christos 1083 1.1.1.14 christos const isc_sockaddr_t * 1084 1.1.1.14 christos dns_xfrin_getsourceaddr(const dns_xfrin_t *xfr) { 1085 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 1086 1.1.1.14 christos 1087 1.1.1.14 christos return &xfr->sourceaddr; 1088 1.1.1.14 christos } 1089 1.1.1.14 christos 1090 1.1.1.14 christos const isc_sockaddr_t * 1091 1.1.1.14 christos dns_xfrin_getprimaryaddr(const dns_xfrin_t *xfr) { 1092 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 1093 1.1.1.14 christos 1094 1.1.1.14 christos return &xfr->primaryaddr; 1095 1.1.1.14 christos } 1096 1.1.1.12 christos 1097 1.1.1.14 christos dns_transport_type_t 1098 1.1.1.14 christos dns_xfrin_gettransporttype(const dns_xfrin_t *xfr) { 1099 1.1.1.12 christos REQUIRE(VALID_XFRIN(xfr)); 1100 1.1.1.12 christos 1101 1.1.1.14 christos if (xfr->transport != NULL) { 1102 1.1.1.14 christos return dns_transport_get_type(xfr->transport); 1103 1.1.1.14 christos } 1104 1.1.1.12 christos 1105 1.1.1.14 christos return DNS_TRANSPORT_TCP; 1106 1.1.1.14 christos } 1107 1.1.1.12 christos 1108 1.1.1.14 christos dns_transport_type_t 1109 1.1.1.14 christos dns_xfrin_getsoatransporttype(dns_xfrin_t *xfr) { 1110 1.1.1.12 christos REQUIRE(VALID_XFRIN(xfr)); 1111 1.1.1.12 christos 1112 1.1.1.14 christos return atomic_load_relaxed(&xfr->soa_transport_type); 1113 1.1.1.12 christos } 1114 1.1.1.12 christos 1115 1.1.1.14 christos const dns_name_t * 1116 1.1.1.14 christos dns_xfrin_gettsigkeyname(const dns_xfrin_t *xfr) { 1117 1.1.1.12 christos REQUIRE(VALID_XFRIN(xfr)); 1118 1.1.1.12 christos 1119 1.1.1.14 christos if (xfr->tsigkey == NULL || xfr->tsigkey->key == NULL) { 1120 1.1.1.14 christos return NULL; 1121 1.1.1.14 christos } 1122 1.1.1.14 christos 1123 1.1.1.14 christos return dst_key_name(xfr->tsigkey->key); 1124 1.1 christos } 1125 1.1 christos 1126 1.1.1.14 christos static void 1127 1.1.1.14 christos xfrin_shutdown(void *arg) { 1128 1.1.1.14 christos dns_xfrin_t *xfr = arg; 1129 1.1.1.14 christos 1130 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 1131 1.1.1.12 christos 1132 1.1.1.14 christos xfrin_fail(xfr, ISC_R_SHUTTINGDOWN, "shut down"); 1133 1.1.1.14 christos dns_xfrin_detach(&xfr); 1134 1.1 christos } 1135 1.1 christos 1136 1.1 christos void 1137 1.1.1.14 christos dns_xfrin_shutdown(dns_xfrin_t *xfr) { 1138 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 1139 1.1.1.12 christos 1140 1.1.1.14 christos if (xfr->loop != isc_loop()) { 1141 1.1.1.14 christos dns_xfrin_ref(xfr); 1142 1.1.1.14 christos isc_async_run(xfr->loop, xfrin_shutdown, xfr); 1143 1.1.1.14 christos } else { 1144 1.1.1.14 christos xfrin_fail(xfr, ISC_R_SHUTTINGDOWN, "shut down"); 1145 1.1.1.12 christos } 1146 1.1 christos } 1147 1.1 christos 1148 1.1.1.14 christos #if DNS_XFRIN_TRACE 1149 1.1.1.14 christos ISC_REFCOUNT_TRACE_IMPL(dns_xfrin, xfrin_destroy); 1150 1.1.1.14 christos #else 1151 1.1.1.14 christos ISC_REFCOUNT_IMPL(dns_xfrin, xfrin_destroy); 1152 1.1.1.14 christos #endif 1153 1.1.1.14 christos 1154 1.1 christos static void 1155 1.1.1.14 christos xfrin_cancelio(dns_xfrin_t *xfr) { 1156 1.1.1.14 christos if (xfr->dispentry != NULL) { 1157 1.1.1.14 christos dns_dispatch_done(&xfr->dispentry); 1158 1.1.1.14 christos } 1159 1.1.1.14 christos if (xfr->disp != NULL) { 1160 1.1.1.14 christos dns_dispatch_detach(&xfr->disp); 1161 1.1 christos } 1162 1.1 christos } 1163 1.1 christos 1164 1.1 christos static void 1165 1.1.1.14 christos xfrin_reset(dns_xfrin_t *xfr) { 1166 1.1 christos REQUIRE(VALID_XFRIN(xfr)); 1167 1.1 christos 1168 1.1 christos xfrin_log(xfr, ISC_LOG_INFO, "resetting"); 1169 1.1 christos 1170 1.1.1.4 christos if (xfr->lasttsig != NULL) { 1171 1.1 christos isc_buffer_free(&xfr->lasttsig); 1172 1.1.1.4 christos } 1173 1.1 christos 1174 1.1 christos dns_diff_clear(&xfr->diff); 1175 1.1 christos 1176 1.1.1.4 christos if (xfr->ixfr.journal != NULL) { 1177 1.1 christos dns_journal_destroy(&xfr->ixfr.journal); 1178 1.1.1.4 christos } 1179 1.1 christos 1180 1.1.1.4 christos if (xfr->axfr.add_private != NULL) { 1181 1.1 christos (void)dns_db_endload(xfr->db, &xfr->axfr); 1182 1.1.1.4 christos } 1183 1.1 christos 1184 1.1.1.4 christos if (xfr->ver != NULL) { 1185 1.1.1.2 christos dns_db_closeversion(xfr->db, &xfr->ver, false); 1186 1.1.1.4 christos } 1187 1.1 christos } 1188 1.1 christos 1189 1.1 christos static void 1190 1.1.1.14 christos xfrin_fail(dns_xfrin_t *xfr, isc_result_t result, const char *msg) { 1191 1.1.1.14 christos REQUIRE(VALID_XFRIN(xfr)); 1192 1.1.1.14 christos 1193 1.1.1.14 christos dns_xfrin_ref(xfr); 1194 1.1.1.14 christos 1195 1.1.1.12 christos /* Make sure only the first xfrin_fail() trumps */ 1196 1.1.1.12 christos if (atomic_compare_exchange_strong(&xfr->shuttingdown, &(bool){ false }, 1197 1.1.1.12 christos true)) 1198 1.1.1.12 christos { 1199 1.1.1.14 christos if (result != DNS_R_UPTODATE) { 1200 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_ERROR, "%s: %s", msg, 1201 1.1.1.12 christos isc_result_totext(result)); 1202 1.1.1.14 christos if (atomic_load(&xfr->is_ixfr) && 1203 1.1.1.14 christos result != ISC_R_CANCELED && 1204 1.1.1.14 christos result != ISC_R_SHUTTINGDOWN) 1205 1.1.1.14 christos { 1206 1.1.1.14 christos /* 1207 1.1.1.14 christos * Pass special result code to force AXFR retry 1208 1.1.1.12 christos */ 1209 1.1.1.12 christos result = DNS_R_BADIXFR; 1210 1.1.1.12 christos } 1211 1.1.1.4 christos } 1212 1.1.1.14 christos 1213 1.1.1.12 christos xfrin_cancelio(xfr); 1214 1.1.1.14 christos 1215 1.1.1.14 christos xfrin_end(xfr, result); 1216 1.1 christos } 1217 1.1.1.14 christos 1218 1.1.1.14 christos dns_xfrin_detach(&xfr); 1219 1.1 christos } 1220 1.1 christos 1221 1.1.1.12 christos static void 1222 1.1.1.14 christos xfrin_create(isc_mem_t *mctx, dns_zone_t *zone, dns_db_t *db, isc_loop_t *loop, 1223 1.1.1.4 christos dns_name_t *zonename, dns_rdataclass_t rdclass, 1224 1.1.1.12 christos dns_rdatatype_t reqtype, const isc_sockaddr_t *primaryaddr, 1225 1.1.1.12 christos const isc_sockaddr_t *sourceaddr, dns_tsigkey_t *tsigkey, 1226 1.1.1.14 christos dns_transport_type_t soa_transport_type, 1227 1.1.1.12 christos dns_transport_t *transport, isc_tlsctx_cache_t *tlsctx_cache, 1228 1.1.1.14 christos dns_xfrin_t **xfrp) { 1229 1.1.1.14 christos dns_xfrin_t *xfr = NULL; 1230 1.1 christos 1231 1.1 christos xfr = isc_mem_get(mctx, sizeof(*xfr)); 1232 1.1.1.14 christos *xfr = (dns_xfrin_t){ 1233 1.1.1.14 christos .shutdown_result = ISC_R_UNSET, 1234 1.1.1.14 christos .rdclass = rdclass, 1235 1.1.1.14 christos .reqtype = reqtype, 1236 1.1.1.14 christos .maxrecords = dns_zone_getmaxrecords(zone), 1237 1.1.1.14 christos .primaryaddr = *primaryaddr, 1238 1.1.1.14 christos .sourceaddr = *sourceaddr, 1239 1.1.1.14 christos .soa_transport_type = soa_transport_type, 1240 1.1.1.14 christos .firstsoa = DNS_RDATA_INIT, 1241 1.1.1.14 christos .edns = true, 1242 1.1.1.14 christos .references = 1, 1243 1.1.1.14 christos .magic = XFRIN_MAGIC, 1244 1.1.1.14 christos }; 1245 1.1.1.12 christos 1246 1.1.1.14 christos isc_loop_attach(loop, &xfr->loop); 1247 1.1 christos isc_mem_attach(mctx, &xfr->mctx); 1248 1.1 christos dns_zone_iattach(zone, &xfr->zone); 1249 1.1.1.14 christos dns_view_weakattach(dns_zone_getview(zone), &xfr->view); 1250 1.1 christos dns_name_init(&xfr->name, NULL); 1251 1.1 christos 1252 1.1.1.14 christos __cds_wfcq_init(&xfr->diff_head, &xfr->diff_tail); 1253 1.1.1.12 christos 1254 1.1.1.14 christos atomic_init(&xfr->is_ixfr, false); 1255 1.1.1.12 christos 1256 1.1.1.4 christos if (db != NULL) { 1257 1.1 christos dns_db_attach(db, &xfr->db); 1258 1.1.1.4 christos } 1259 1.1.1.12 christos 1260 1.1 christos dns_diff_init(xfr->mctx, &xfr->diff); 1261 1.1 christos 1262 1.1.1.4 christos if (reqtype == dns_rdatatype_soa) { 1263 1.1.1.14 christos atomic_init(&xfr->state, XFRST_SOAQUERY); 1264 1.1.1.4 christos } else { 1265 1.1.1.14 christos atomic_init(&xfr->state, XFRST_ZONEXFRREQUEST); 1266 1.1.1.4 christos } 1267 1.1 christos 1268 1.1.1.14 christos atomic_init(&xfr->start, isc_time_now()); 1269 1.1 christos 1270 1.1.1.4 christos if (tsigkey != NULL) { 1271 1.1 christos dns_tsigkey_attach(tsigkey, &xfr->tsigkey); 1272 1.1.1.4 christos } 1273 1.1 christos 1274 1.1.1.12 christos if (transport != NULL) { 1275 1.1.1.12 christos dns_transport_attach(transport, &xfr->transport); 1276 1.1.1.12 christos } 1277 1.1 christos 1278 1.1.1.4 christos dns_name_dup(zonename, mctx, &xfr->name); 1279 1.1 christos 1280 1.1.1.12 christos INSIST(isc_sockaddr_pf(primaryaddr) == isc_sockaddr_pf(sourceaddr)); 1281 1.1 christos isc_sockaddr_setport(&xfr->sourceaddr, 0); 1282 1.1 christos 1283 1.1 christos /* 1284 1.1.1.4 christos * Reserve 2 bytes for TCP length at the beginning of the buffer. 1285 1.1 christos */ 1286 1.1 christos isc_buffer_init(&xfr->qbuffer, &xfr->qbuffer_data[2], 1287 1.1 christos sizeof(xfr->qbuffer_data) - 2); 1288 1.1 christos 1289 1.1.1.12 christos isc_tlsctx_cache_attach(tlsctx_cache, &xfr->tlsctx_cache); 1290 1.1.1.12 christos 1291 1.1.1.14 christos dns_zone_name(xfr->zone, xfr->info, sizeof(xfr->info)); 1292 1.1.1.12 christos 1293 1.1 christos *xfrp = xfr; 1294 1.1.1.12 christos } 1295 1.1.1.12 christos 1296 1.1.1.12 christos static isc_result_t 1297 1.1.1.14 christos xfrin_start(dns_xfrin_t *xfr) { 1298 1.1.1.12 christos isc_result_t result = ISC_R_FAILURE; 1299 1.1.1.14 christos isc_interval_t interval; 1300 1.1.1.12 christos 1301 1.1.1.14 christos dns_xfrin_ref(xfr); 1302 1.1.1.12 christos 1303 1.1.1.14 christos /* If this is a retry, we need to cancel the previous dispentry */ 1304 1.1.1.14 christos xfrin_cancelio(xfr); 1305 1.1.1.12 christos 1306 1.1.1.14 christos dns_dispatchmgr_t *dispmgr = dns_view_getdispatchmgr(xfr->view); 1307 1.1.1.14 christos if (dispmgr == NULL) { 1308 1.1.1.14 christos result = ISC_R_SHUTTINGDOWN; 1309 1.1.1.14 christos goto failure; 1310 1.1.1.12 christos } else { 1311 1.1.1.14 christos result = dns_dispatch_createtcp( 1312 1.1.1.14 christos dispmgr, &xfr->sourceaddr, &xfr->primaryaddr, 1313 1.1.1.14 christos xfr->transport, DNS_DISPATCHOPT_UNSHARED, &xfr->disp); 1314 1.1.1.14 christos dns_dispatchmgr_detach(&dispmgr); 1315 1.1.1.14 christos if (result != ISC_R_SUCCESS) { 1316 1.1.1.14 christos goto failure; 1317 1.1.1.14 christos } 1318 1.1.1.12 christos } 1319 1.1.1.12 christos 1320 1.1.1.14 christos LIBDNS_XFRIN_START(xfr, xfr->info); 1321 1.1.1.12 christos 1322 1.1.1.12 christos /* 1323 1.1.1.14 christos * If the transfer is started when the 'state' is XFRST_SOAQUERY, it 1324 1.1.1.14 christos * means the SOA query will be performed by xfrin. A transfer could also 1325 1.1.1.14 christos * be initiated starting from the XFRST_ZONEXFRREQUEST state, which 1326 1.1.1.14 christos * means that the SOA query was already performed by other means (e.g. 1327 1.1.1.14 christos * by zone.c:soa_query()), or that it's a transfer without a preceding 1328 1.1.1.14 christos * SOA request, and 'soa_transport_type' is already correctly 1329 1.1.1.14 christos * set by the creator of the xfrin. 1330 1.1.1.12 christos */ 1331 1.1.1.14 christos if (atomic_load(&xfr->state) == XFRST_SOAQUERY) { 1332 1.1.1.14 christos /* 1333 1.1.1.14 christos * The "SOA before" mode is used, where the SOA request is 1334 1.1.1.14 christos * using the same transport as the XFR. 1335 1.1.1.14 christos */ 1336 1.1.1.14 christos atomic_store_relaxed(&xfr->soa_transport_type, 1337 1.1.1.14 christos dns_xfrin_gettransporttype(xfr)); 1338 1.1.1.4 christos } 1339 1.1 christos 1340 1.1.1.14 christos CHECK(dns_dispatch_add( 1341 1.1.1.14 christos xfr->disp, xfr->loop, 0, 0, &xfr->primaryaddr, xfr->transport, 1342 1.1.1.14 christos xfr->tlsctx_cache, xfrin_connect_done, xfrin_send_done, 1343 1.1.1.14 christos xfrin_recv_done, xfr, &xfr->id, &xfr->dispentry)); 1344 1.1.1.12 christos 1345 1.1.1.12 christos /* Set the maximum timer */ 1346 1.1.1.14 christos if (xfr->max_time_timer == NULL) { 1347 1.1.1.14 christos isc_timer_create(dns_zone_getloop(xfr->zone), xfrin_timedout, 1348 1.1.1.14 christos xfr, &xfr->max_time_timer); 1349 1.1.1.14 christos } 1350 1.1.1.12 christos isc_interval_set(&interval, dns_zone_getmaxxfrin(xfr->zone), 0); 1351 1.1.1.14 christos isc_timer_start(xfr->max_time_timer, isc_timertype_once, &interval); 1352 1.1.1.12 christos 1353 1.1.1.12 christos /* Set the idle timer */ 1354 1.1.1.14 christos if (xfr->max_idle_timer == NULL) { 1355 1.1.1.14 christos isc_timer_create(dns_zone_getloop(xfr->zone), xfrin_idledout, 1356 1.1.1.14 christos xfr, &xfr->max_idle_timer); 1357 1.1.1.14 christos } 1358 1.1.1.12 christos isc_interval_set(&interval, dns_zone_getidlein(xfr->zone), 0); 1359 1.1.1.14 christos isc_timer_start(xfr->max_idle_timer, isc_timertype_once, &interval); 1360 1.1.1.12 christos 1361 1.1.1.15 christos /* Set the minimum transfer rate checking timer */ 1362 1.1.1.15 christos if (xfr->min_rate_timer == NULL) { 1363 1.1.1.15 christos isc_timer_create(dns_zone_getloop(xfr->zone), 1364 1.1.1.15 christos xfrin_minratecheck, xfr, &xfr->min_rate_timer); 1365 1.1.1.15 christos } 1366 1.1.1.15 christos isc_interval_set(&interval, dns_zone_getminxfrratesecondsin(xfr->zone), 1367 1.1.1.15 christos 0); 1368 1.1.1.15 christos isc_timer_start(xfr->min_rate_timer, isc_timertype_ticker, &interval); 1369 1.1.1.15 christos 1370 1.1.1.12 christos /* 1371 1.1.1.14 christos * The connect has to be the last thing that is called before returning, 1372 1.1.1.14 christos * as it can end synchronously and destroy the xfr object. 1373 1.1.1.12 christos */ 1374 1.1.1.14 christos CHECK(dns_dispatch_connect(xfr->dispentry)); 1375 1.1.1.12 christos 1376 1.1.1.14 christos return ISC_R_SUCCESS; 1377 1.1.1.12 christos 1378 1.1.1.4 christos failure: 1379 1.1.1.14 christos xfrin_cancelio(xfr); 1380 1.1.1.14 christos dns_xfrin_detach(&xfr); 1381 1.1.1.14 christos 1382 1.1.1.14 christos return result; 1383 1.1 christos } 1384 1.1 christos 1385 1.1 christos /* XXX the resolver could use this, too */ 1386 1.1 christos 1387 1.1 christos static isc_result_t 1388 1.1 christos render(dns_message_t *msg, isc_mem_t *mctx, isc_buffer_t *buf) { 1389 1.1 christos dns_compress_t cctx; 1390 1.1 christos isc_result_t result; 1391 1.1 christos 1392 1.1.1.14 christos dns_compress_init(&cctx, mctx, 0); 1393 1.1 christos CHECK(dns_message_renderbegin(msg, &cctx, buf)); 1394 1.1 christos CHECK(dns_message_rendersection(msg, DNS_SECTION_QUESTION, 0)); 1395 1.1 christos CHECK(dns_message_rendersection(msg, DNS_SECTION_ANSWER, 0)); 1396 1.1 christos CHECK(dns_message_rendersection(msg, DNS_SECTION_AUTHORITY, 0)); 1397 1.1 christos CHECK(dns_message_rendersection(msg, DNS_SECTION_ADDITIONAL, 0)); 1398 1.1 christos CHECK(dns_message_renderend(msg)); 1399 1.1 christos result = ISC_R_SUCCESS; 1400 1.1.1.4 christos failure: 1401 1.1.1.14 christos dns_compress_invalidate(&cctx); 1402 1.1.1.14 christos return result; 1403 1.1 christos } 1404 1.1 christos 1405 1.1 christos /* 1406 1.1 christos * A connection has been established. 1407 1.1 christos */ 1408 1.1 christos static void 1409 1.1.1.14 christos xfrin_connect_done(isc_result_t result, isc_region_t *region ISC_ATTR_UNUSED, 1410 1.1.1.14 christos void *arg) { 1411 1.1.1.14 christos dns_xfrin_t *xfr = (dns_xfrin_t *)arg; 1412 1.1.1.14 christos char addrtext[ISC_SOCKADDR_FORMATSIZE]; 1413 1.1 christos char signerbuf[DNS_NAME_FORMATSIZE]; 1414 1.1 christos const char *signer = "", *sep = ""; 1415 1.1.1.12 christos dns_zonemgr_t *zmgr = NULL; 1416 1.1 christos 1417 1.1 christos REQUIRE(VALID_XFRIN(xfr)); 1418 1.1 christos 1419 1.1.1.12 christos if (atomic_load(&xfr->shuttingdown)) { 1420 1.1.1.12 christos result = ISC_R_SHUTTINGDOWN; 1421 1.1.1.12 christos } 1422 1.1 christos 1423 1.1.1.14 christos LIBDNS_XFRIN_CONNECTED(xfr, xfr->info, result); 1424 1.1.1.14 christos 1425 1.1.1.12 christos if (result != ISC_R_SUCCESS) { 1426 1.1.1.12 christos xfrin_fail(xfr, result, "failed to connect"); 1427 1.1.1.12 christos goto failure; 1428 1.1.1.12 christos } 1429 1.1.1.12 christos 1430 1.1.1.14 christos result = dns_dispatch_checkperm(xfr->disp); 1431 1.1.1.12 christos if (result != ISC_R_SUCCESS) { 1432 1.1.1.12 christos xfrin_fail(xfr, result, "connected but unable to transfer"); 1433 1.1.1.12 christos goto failure; 1434 1.1 christos } 1435 1.1 christos 1436 1.1 christos zmgr = dns_zone_getmgr(xfr->zone); 1437 1.1 christos if (zmgr != NULL) { 1438 1.1.1.12 christos dns_zonemgr_unreachabledel(zmgr, &xfr->primaryaddr, 1439 1.1.1.12 christos &xfr->sourceaddr); 1440 1.1 christos } 1441 1.1 christos 1442 1.1 christos if (xfr->tsigkey != NULL && xfr->tsigkey->key != NULL) { 1443 1.1.1.4 christos dns_name_format(dst_key_name(xfr->tsigkey->key), signerbuf, 1444 1.1.1.4 christos sizeof(signerbuf)); 1445 1.1 christos sep = " TSIG "; 1446 1.1 christos signer = signerbuf; 1447 1.1 christos } 1448 1.1 christos 1449 1.1.1.14 christos isc_sockaddr_format(&xfr->primaryaddr, addrtext, sizeof(addrtext)); 1450 1.1.1.14 christos xfrin_log(xfr, ISC_LOG_INFO, "connected using %s%s%s", addrtext, sep, 1451 1.1.1.4 christos signer); 1452 1.1 christos 1453 1.1.1.12 christos result = xfrin_send_request(xfr); 1454 1.1.1.12 christos if (result != ISC_R_SUCCESS) { 1455 1.1.1.12 christos xfrin_fail(xfr, result, "connected but unable to send"); 1456 1.1.1.14 christos goto detach; 1457 1.1.1.12 christos } 1458 1.1 christos 1459 1.1.1.14 christos return; 1460 1.1.1.14 christos 1461 1.1.1.4 christos failure: 1462 1.1.1.12 christos switch (result) { 1463 1.1.1.12 christos case ISC_R_NETDOWN: 1464 1.1.1.12 christos case ISC_R_HOSTDOWN: 1465 1.1.1.12 christos case ISC_R_NETUNREACH: 1466 1.1.1.12 christos case ISC_R_HOSTUNREACH: 1467 1.1.1.12 christos case ISC_R_CONNREFUSED: 1468 1.1.1.12 christos case ISC_R_TIMEDOUT: 1469 1.1.1.12 christos /* 1470 1.1.1.12 christos * Add the server to unreachable primaries table if 1471 1.1.1.12 christos * the server has a permanent networking error or 1472 1.1.1.12 christos * the connection attempt as timed out. 1473 1.1.1.12 christos */ 1474 1.1.1.12 christos zmgr = dns_zone_getmgr(xfr->zone); 1475 1.1.1.12 christos if (zmgr != NULL) { 1476 1.1.1.14 christos isc_time_t now = isc_time_now(); 1477 1.1.1.12 christos 1478 1.1.1.12 christos dns_zonemgr_unreachableadd(zmgr, &xfr->primaryaddr, 1479 1.1.1.12 christos &xfr->sourceaddr, &now); 1480 1.1.1.12 christos } 1481 1.1.1.12 christos break; 1482 1.1.1.12 christos default: 1483 1.1.1.12 christos /* Retry sooner than in 10 minutes */ 1484 1.1.1.12 christos break; 1485 1.1.1.4 christos } 1486 1.1.1.12 christos 1487 1.1.1.14 christos detach: 1488 1.1.1.12 christos dns_xfrin_detach(&xfr); 1489 1.1 christos } 1490 1.1 christos 1491 1.1 christos /* 1492 1.1 christos * Convert a tuple into a dns_name_t suitable for inserting 1493 1.1 christos * into the given dns_message_t. 1494 1.1 christos */ 1495 1.1.1.14 christos static void 1496 1.1.1.4 christos tuple2msgname(dns_difftuple_t *tuple, dns_message_t *msg, dns_name_t **target) { 1497 1.1 christos dns_rdata_t *rdata = NULL; 1498 1.1 christos dns_rdatalist_t *rdl = NULL; 1499 1.1 christos dns_rdataset_t *rds = NULL; 1500 1.1 christos dns_name_t *name = NULL; 1501 1.1 christos 1502 1.1 christos REQUIRE(target != NULL && *target == NULL); 1503 1.1 christos 1504 1.1.1.14 christos dns_message_gettemprdata(msg, &rdata); 1505 1.1 christos dns_rdata_init(rdata); 1506 1.1 christos dns_rdata_clone(&tuple->rdata, rdata); 1507 1.1 christos 1508 1.1.1.14 christos dns_message_gettemprdatalist(msg, &rdl); 1509 1.1 christos dns_rdatalist_init(rdl); 1510 1.1 christos rdl->type = tuple->rdata.type; 1511 1.1 christos rdl->rdclass = tuple->rdata.rdclass; 1512 1.1 christos rdl->ttl = tuple->ttl; 1513 1.1 christos ISC_LIST_APPEND(rdl->rdata, rdata, link); 1514 1.1 christos 1515 1.1.1.14 christos dns_message_gettemprdataset(msg, &rds); 1516 1.1.1.14 christos dns_rdatalist_tordataset(rdl, rds); 1517 1.1 christos 1518 1.1.1.14 christos dns_message_gettempname(msg, &name); 1519 1.1 christos dns_name_clone(&tuple->name, name); 1520 1.1 christos ISC_LIST_APPEND(name->list, rds, link); 1521 1.1 christos 1522 1.1 christos *target = name; 1523 1.1.1.14 christos } 1524 1.1 christos 1525 1.1.1.14 christos static const char * 1526 1.1.1.14 christos request_type(dns_xfrin_t *xfr) { 1527 1.1.1.14 christos switch (xfr->reqtype) { 1528 1.1.1.14 christos case dns_rdatatype_soa: 1529 1.1.1.14 christos return "SOA"; 1530 1.1.1.14 christos case dns_rdatatype_axfr: 1531 1.1.1.14 christos return "AXFR"; 1532 1.1.1.14 christos case dns_rdatatype_ixfr: 1533 1.1.1.14 christos return "IXFR"; 1534 1.1.1.14 christos default: 1535 1.1.1.14 christos ISC_UNREACHABLE(); 1536 1.1 christos } 1537 1.1.1.14 christos } 1538 1.1.1.14 christos 1539 1.1.1.14 christos static isc_result_t 1540 1.1.1.14 christos add_opt(dns_message_t *message, uint16_t udpsize, bool reqnsid, 1541 1.1.1.14 christos bool reqexpire) { 1542 1.1.1.14 christos isc_result_t result; 1543 1.1.1.14 christos dns_rdataset_t *rdataset = NULL; 1544 1.1.1.14 christos dns_ednsopt_t ednsopts[DNS_EDNSOPTIONS]; 1545 1.1.1.14 christos int count = 0; 1546 1.1.1.14 christos 1547 1.1.1.14 christos /* Set EDNS options if applicable. */ 1548 1.1.1.14 christos if (reqnsid) { 1549 1.1.1.14 christos INSIST(count < DNS_EDNSOPTIONS); 1550 1.1.1.14 christos ednsopts[count].code = DNS_OPT_NSID; 1551 1.1.1.14 christos ednsopts[count].length = 0; 1552 1.1.1.14 christos ednsopts[count].value = NULL; 1553 1.1.1.14 christos count++; 1554 1.1.1.14 christos } 1555 1.1.1.14 christos if (reqexpire) { 1556 1.1.1.14 christos INSIST(count < DNS_EDNSOPTIONS); 1557 1.1.1.14 christos ednsopts[count].code = DNS_OPT_EXPIRE; 1558 1.1.1.14 christos ednsopts[count].length = 0; 1559 1.1.1.14 christos ednsopts[count].value = NULL; 1560 1.1.1.14 christos count++; 1561 1.1 christos } 1562 1.1.1.14 christos result = dns_message_buildopt(message, &rdataset, 0, udpsize, 0, 1563 1.1.1.14 christos ednsopts, count); 1564 1.1.1.14 christos if (result != ISC_R_SUCCESS) { 1565 1.1.1.14 christos return result; 1566 1.1.1.4 christos } 1567 1.1 christos 1568 1.1.1.14 christos return dns_message_setopt(message, rdataset); 1569 1.1 christos } 1570 1.1 christos 1571 1.1 christos /* 1572 1.1 christos * Build an *XFR request and send its length prefix. 1573 1.1 christos */ 1574 1.1 christos static isc_result_t 1575 1.1.1.14 christos xfrin_send_request(dns_xfrin_t *xfr) { 1576 1.1 christos isc_result_t result; 1577 1.1 christos isc_region_t region; 1578 1.1 christos dns_rdataset_t *qrdataset = NULL; 1579 1.1 christos dns_message_t *msg = NULL; 1580 1.1 christos dns_difftuple_t *soatuple = NULL; 1581 1.1 christos dns_name_t *qname = NULL; 1582 1.1 christos dns_dbversion_t *ver = NULL; 1583 1.1 christos dns_name_t *msgsoaname = NULL; 1584 1.1.1.14 christos bool edns = xfr->edns; 1585 1.1.1.14 christos bool reqnsid = xfr->view->requestnsid; 1586 1.1.1.14 christos bool reqexpire = dns_zone_getrequestexpire(xfr->zone); 1587 1.1.1.14 christos uint16_t udpsize = dns_view_getudpsize(xfr->view); 1588 1.1.1.14 christos 1589 1.1.1.14 christos LIBDNS_XFRIN_RECV_SEND_REQUEST(xfr, xfr->info); 1590 1.1 christos 1591 1.1 christos /* Create the request message */ 1592 1.1.1.14 christos dns_message_create(xfr->mctx, NULL, NULL, DNS_MESSAGE_INTENTRENDER, 1593 1.1.1.14 christos &msg); 1594 1.1 christos CHECK(dns_message_settsigkey(msg, xfr->tsigkey)); 1595 1.1 christos 1596 1.1 christos /* Create a name for the question section. */ 1597 1.1.1.14 christos dns_message_gettempname(msg, &qname); 1598 1.1 christos dns_name_clone(&xfr->name, qname); 1599 1.1 christos 1600 1.1 christos /* Formulate the question and attach it to the question name. */ 1601 1.1.1.14 christos dns_message_gettemprdataset(msg, &qrdataset); 1602 1.1 christos dns_rdataset_makequestion(qrdataset, xfr->rdclass, xfr->reqtype); 1603 1.1 christos ISC_LIST_APPEND(qname->list, qrdataset, link); 1604 1.1 christos qrdataset = NULL; 1605 1.1 christos 1606 1.1 christos dns_message_addname(msg, qname, DNS_SECTION_QUESTION); 1607 1.1 christos qname = NULL; 1608 1.1 christos 1609 1.1 christos if (xfr->reqtype == dns_rdatatype_ixfr) { 1610 1.1 christos /* Get the SOA and add it to the authority section. */ 1611 1.1 christos dns_db_currentversion(xfr->db, &ver); 1612 1.1 christos CHECK(dns_db_createsoatuple(xfr->db, ver, xfr->mctx, 1613 1.1 christos DNS_DIFFOP_EXISTS, &soatuple)); 1614 1.1 christos xfr->ixfr.request_serial = dns_soa_getserial(&soatuple->rdata); 1615 1.1 christos xfr->ixfr.current_serial = xfr->ixfr.request_serial; 1616 1.1 christos xfrin_log(xfr, ISC_LOG_DEBUG(3), 1617 1.1 christos "requesting IXFR for serial %u", 1618 1.1 christos xfr->ixfr.request_serial); 1619 1.1 christos 1620 1.1.1.14 christos tuple2msgname(soatuple, msg, &msgsoaname); 1621 1.1 christos dns_message_addname(msg, msgsoaname, DNS_SECTION_AUTHORITY); 1622 1.1.1.4 christos } else if (xfr->reqtype == dns_rdatatype_soa) { 1623 1.1 christos CHECK(dns_db_getsoaserial(xfr->db, NULL, 1624 1.1 christos &xfr->ixfr.request_serial)); 1625 1.1.1.4 christos } 1626 1.1 christos 1627 1.1.1.14 christos if (edns && xfr->view->peers != NULL) { 1628 1.1.1.14 christos dns_peer_t *peer = NULL; 1629 1.1.1.14 christos isc_netaddr_t primaryip; 1630 1.1.1.14 christos isc_netaddr_fromsockaddr(&primaryip, &xfr->primaryaddr); 1631 1.1.1.14 christos result = dns_peerlist_peerbyaddr(xfr->view->peers, &primaryip, 1632 1.1.1.14 christos &peer); 1633 1.1.1.14 christos if (result == ISC_R_SUCCESS) { 1634 1.1.1.14 christos (void)dns_peer_getsupportedns(peer, &edns); 1635 1.1.1.14 christos (void)dns_peer_getudpsize(peer, &udpsize); 1636 1.1.1.14 christos (void)dns_peer_getrequestnsid(peer, &reqnsid); 1637 1.1.1.14 christos (void)dns_peer_getrequestexpire(peer, &reqexpire); 1638 1.1.1.14 christos } 1639 1.1.1.14 christos } 1640 1.1.1.14 christos 1641 1.1.1.14 christos if (edns) { 1642 1.1.1.14 christos CHECK(add_opt(msg, udpsize, reqnsid, reqexpire)); 1643 1.1.1.14 christos } 1644 1.1.1.14 christos 1645 1.1.1.14 christos atomic_store_relaxed(&xfr->nmsg, 0); 1646 1.1.1.14 christos atomic_store_relaxed(&xfr->nrecs, 0); 1647 1.1.1.14 christos atomic_store_relaxed(&xfr->nbytes, 0); 1648 1.1.1.14 christos atomic_store_relaxed(&xfr->start, isc_time_now()); 1649 1.1.1.14 christos 1650 1.1.1.15 christos xfr->nbytes_saved = 0; 1651 1.1.1.15 christos 1652 1.1 christos msg->id = xfr->id; 1653 1.1.1.4 christos if (xfr->tsigctx != NULL) { 1654 1.1 christos dst_context_destroy(&xfr->tsigctx); 1655 1.1.1.4 christos } 1656 1.1 christos 1657 1.1 christos CHECK(render(msg, xfr->mctx, &xfr->qbuffer)); 1658 1.1 christos 1659 1.1 christos /* 1660 1.1 christos * Free the last tsig, if there is one. 1661 1.1 christos */ 1662 1.1.1.4 christos if (xfr->lasttsig != NULL) { 1663 1.1 christos isc_buffer_free(&xfr->lasttsig); 1664 1.1.1.4 christos } 1665 1.1 christos 1666 1.1 christos /* 1667 1.1 christos * Save the query TSIG and don't let message_destroy free it. 1668 1.1 christos */ 1669 1.1 christos CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig)); 1670 1.1 christos 1671 1.1 christos isc_buffer_usedregion(&xfr->qbuffer, ®ion); 1672 1.1 christos INSIST(region.length <= 65535); 1673 1.1 christos 1674 1.1.1.14 christos dns_xfrin_ref(xfr); 1675 1.1.1.14 christos dns_dispatch_send(xfr->dispentry, ®ion); 1676 1.1.1.14 christos xfrin_log(xfr, ISC_LOG_DEBUG(3), "sending %s request, QID %d", 1677 1.1.1.14 christos request_type(xfr), xfr->id); 1678 1.1 christos 1679 1.1.1.4 christos failure: 1680 1.1.1.14 christos dns_message_detach(&msg); 1681 1.1.1.4 christos if (soatuple != NULL) { 1682 1.1 christos dns_difftuple_free(&soatuple); 1683 1.1.1.4 christos } 1684 1.1.1.4 christos if (ver != NULL) { 1685 1.1.1.2 christos dns_db_closeversion(xfr->db, &ver, false); 1686 1.1.1.4 christos } 1687 1.1.1.12 christos 1688 1.1.1.14 christos return result; 1689 1.1 christos } 1690 1.1 christos 1691 1.1 christos static void 1692 1.1.1.14 christos xfrin_send_done(isc_result_t result, isc_region_t *region, void *arg) { 1693 1.1.1.14 christos dns_xfrin_t *xfr = (dns_xfrin_t *)arg; 1694 1.1.1.14 christos 1695 1.1.1.14 christos UNUSED(region); 1696 1.1 christos 1697 1.1 christos REQUIRE(VALID_XFRIN(xfr)); 1698 1.1 christos 1699 1.1.1.12 christos if (atomic_load(&xfr->shuttingdown)) { 1700 1.1.1.12 christos result = ISC_R_SHUTTINGDOWN; 1701 1.1.1.12 christos } 1702 1.1 christos 1703 1.1.1.14 christos LIBDNS_XFRIN_SENT(xfr, xfr->info, result); 1704 1.1.1.14 christos 1705 1.1.1.12 christos CHECK(result); 1706 1.1 christos 1707 1.1 christos xfrin_log(xfr, ISC_LOG_DEBUG(3), "sent request data"); 1708 1.1 christos 1709 1.1.1.4 christos failure: 1710 1.1.1.4 christos if (result != ISC_R_SUCCESS) { 1711 1.1 christos xfrin_fail(xfr, result, "failed sending request data"); 1712 1.1.1.4 christos } 1713 1.1.1.12 christos 1714 1.1.1.14 christos dns_xfrin_detach(&xfr); 1715 1.1.1.14 christos } 1716 1.1.1.14 christos 1717 1.1.1.14 christos static void 1718 1.1.1.14 christos get_edns_expire(dns_xfrin_t *xfr, dns_message_t *msg) { 1719 1.1.1.14 christos isc_result_t result; 1720 1.1.1.14 christos dns_rdata_t rdata = DNS_RDATA_INIT; 1721 1.1.1.14 christos isc_buffer_t optbuf; 1722 1.1.1.14 christos uint16_t optcode; 1723 1.1.1.14 christos uint16_t optlen; 1724 1.1.1.14 christos 1725 1.1.1.14 christos result = dns_rdataset_first(msg->opt); 1726 1.1.1.14 christos if (result == ISC_R_SUCCESS) { 1727 1.1.1.14 christos dns_rdataset_current(msg->opt, &rdata); 1728 1.1.1.14 christos isc_buffer_init(&optbuf, rdata.data, rdata.length); 1729 1.1.1.14 christos isc_buffer_add(&optbuf, rdata.length); 1730 1.1.1.14 christos while (isc_buffer_remaininglength(&optbuf) >= 4) { 1731 1.1.1.14 christos optcode = isc_buffer_getuint16(&optbuf); 1732 1.1.1.14 christos optlen = isc_buffer_getuint16(&optbuf); 1733 1.1.1.14 christos /* 1734 1.1.1.14 christos * A EDNS EXPIRE response has a length of 4. 1735 1.1.1.14 christos */ 1736 1.1.1.14 christos if (optcode != DNS_OPT_EXPIRE || optlen != 4) { 1737 1.1.1.14 christos isc_buffer_forward(&optbuf, optlen); 1738 1.1.1.14 christos continue; 1739 1.1.1.14 christos } 1740 1.1.1.14 christos xfr->expireopt = isc_buffer_getuint32(&optbuf); 1741 1.1.1.14 christos xfr->expireoptset = true; 1742 1.1.1.14 christos dns_zone_log(xfr->zone, ISC_LOG_DEBUG(1), 1743 1.1.1.14 christos "got EDNS EXPIRE of %u", xfr->expireopt); 1744 1.1.1.14 christos break; 1745 1.1.1.14 christos } 1746 1.1.1.14 christos } 1747 1.1.1.14 christos } 1748 1.1.1.14 christos 1749 1.1.1.14 christos static void 1750 1.1.1.14 christos xfrin_end(dns_xfrin_t *xfr, isc_result_t result) { 1751 1.1.1.14 christos /* Inform the caller. */ 1752 1.1.1.14 christos if (xfr->done != NULL) { 1753 1.1.1.14 christos LIBDNS_XFRIN_DONE_CALLBACK_BEGIN(xfr, xfr->info, result); 1754 1.1.1.14 christos (xfr->done)(xfr->zone, 1755 1.1.1.14 christos xfr->expireoptset ? &xfr->expireopt : NULL, result); 1756 1.1.1.14 christos xfr->done = NULL; 1757 1.1.1.14 christos LIBDNS_XFRIN_DONE_CALLBACK_END(xfr, xfr->info, result); 1758 1.1.1.14 christos } 1759 1.1.1.14 christos 1760 1.1.1.14 christos atomic_store(&xfr->shuttingdown, true); 1761 1.1.1.14 christos 1762 1.1.1.14 christos if (xfr->max_time_timer != NULL) { 1763 1.1.1.14 christos isc_timer_stop(xfr->max_time_timer); 1764 1.1.1.14 christos isc_timer_destroy(&xfr->max_time_timer); 1765 1.1.1.14 christos } 1766 1.1.1.14 christos if (xfr->max_idle_timer != NULL) { 1767 1.1.1.14 christos isc_timer_stop(xfr->max_idle_timer); 1768 1.1.1.14 christos isc_timer_destroy(&xfr->max_idle_timer); 1769 1.1.1.14 christos } 1770 1.1.1.15 christos if (xfr->min_rate_timer != NULL) { 1771 1.1.1.15 christos isc_timer_stop(xfr->min_rate_timer); 1772 1.1.1.15 christos isc_timer_destroy(&xfr->min_rate_timer); 1773 1.1.1.15 christos } 1774 1.1.1.14 christos 1775 1.1.1.14 christos if (xfr->shutdown_result == ISC_R_UNSET) { 1776 1.1.1.14 christos xfr->shutdown_result = result; 1777 1.1.1.14 christos } 1778 1.1 christos } 1779 1.1 christos 1780 1.1 christos static void 1781 1.1.1.14 christos xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) { 1782 1.1.1.14 christos dns_xfrin_t *xfr = (dns_xfrin_t *)arg; 1783 1.1 christos dns_message_t *msg = NULL; 1784 1.1.1.12 christos dns_name_t *name = NULL; 1785 1.1 christos const dns_name_t *tsigowner = NULL; 1786 1.1.1.12 christos isc_buffer_t buffer; 1787 1.1 christos 1788 1.1 christos REQUIRE(VALID_XFRIN(xfr)); 1789 1.1 christos 1790 1.1.1.12 christos if (atomic_load(&xfr->shuttingdown)) { 1791 1.1.1.12 christos result = ISC_R_SHUTTINGDOWN; 1792 1.1 christos } 1793 1.1 christos 1794 1.1.1.12 christos /* Stop the idle timer */ 1795 1.1.1.14 christos isc_timer_stop(xfr->max_idle_timer); 1796 1.1.1.14 christos 1797 1.1.1.14 christos LIBDNS_XFRIN_RECV_START(xfr, xfr->info, result); 1798 1.1 christos 1799 1.1.1.12 christos CHECK(result); 1800 1.1 christos 1801 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_DEBUG(7), "received %u bytes", region->length); 1802 1.1 christos 1803 1.1.1.14 christos dns_message_create(xfr->mctx, NULL, NULL, DNS_MESSAGE_INTENTPARSE, 1804 1.1.1.14 christos &msg); 1805 1.1 christos 1806 1.1 christos CHECK(dns_message_settsigkey(msg, xfr->tsigkey)); 1807 1.1.1.14 christos dns_message_setquerytsig(msg, xfr->lasttsig); 1808 1.1 christos 1809 1.1 christos msg->tsigctx = xfr->tsigctx; 1810 1.1 christos xfr->tsigctx = NULL; 1811 1.1 christos 1812 1.1 christos dns_message_setclass(msg, xfr->rdclass); 1813 1.1 christos 1814 1.1.1.14 christos msg->tcp_continuation = (atomic_load_relaxed(&xfr->nmsg) > 0) ? 1 : 0; 1815 1.1 christos 1816 1.1.1.12 christos isc_buffer_init(&buffer, region->base, region->length); 1817 1.1.1.12 christos isc_buffer_add(&buffer, region->length); 1818 1.1 christos 1819 1.1.1.12 christos result = dns_message_parse(msg, &buffer, 1820 1.1.1.12 christos DNS_MESSAGEPARSE_PRESERVEORDER); 1821 1.1.1.4 christos if (result == ISC_R_SUCCESS) { 1822 1.1.1.14 christos dns_message_logpacket( 1823 1.1.1.14 christos msg, "received message from", &xfr->primaryaddr, 1824 1.1.1.14 christos DNS_LOGCATEGORY_XFER_IN, DNS_LOGMODULE_XFER_IN, 1825 1.1.1.14 christos ISC_LOG_DEBUG(10), xfr->mctx); 1826 1.1.1.4 christos } else { 1827 1.1 christos xfrin_log(xfr, ISC_LOG_DEBUG(10), "dns_message_parse: %s", 1828 1.1.1.12 christos isc_result_totext(result)); 1829 1.1.1.4 christos } 1830 1.1 christos 1831 1.1.1.14 christos LIBDNS_XFRIN_RECV_PARSED(xfr, xfr->info, result); 1832 1.1.1.14 christos 1833 1.1 christos if (result != ISC_R_SUCCESS || msg->rcode != dns_rcode_noerror || 1834 1.1.1.14 christos msg->opcode != dns_opcode_query || msg->rdclass != xfr->rdclass) 1835 1.1.1.4 christos { 1836 1.1.1.14 christos if (result == ISC_R_SUCCESS && 1837 1.1.1.14 christos msg->rcode == dns_rcode_formerr && xfr->edns && 1838 1.1.1.14 christos (atomic_load(&xfr->state) == XFRST_SOAQUERY || 1839 1.1.1.14 christos atomic_load(&xfr->state) == XFRST_ZONEXFRREQUEST)) 1840 1.1.1.14 christos { 1841 1.1.1.14 christos xfr->edns = false; 1842 1.1.1.14 christos dns_message_detach(&msg); 1843 1.1.1.14 christos xfrin_reset(xfr); 1844 1.1.1.14 christos goto try_again; 1845 1.1.1.14 christos } else if (result == ISC_R_SUCCESS && 1846 1.1.1.14 christos msg->rcode != dns_rcode_noerror) 1847 1.1.1.4 christos { 1848 1.1.1.12 christos result = dns_result_fromrcode(msg->rcode); 1849 1.1.1.4 christos } else if (result == ISC_R_SUCCESS && 1850 1.1.1.10 christos msg->opcode != dns_opcode_query) 1851 1.1.1.10 christos { 1852 1.1 christos result = DNS_R_UNEXPECTEDOPCODE; 1853 1.1.1.4 christos } else if (result == ISC_R_SUCCESS && 1854 1.1.1.10 christos msg->rdclass != xfr->rdclass) 1855 1.1.1.10 christos { 1856 1.1 christos result = DNS_R_BADCLASS; 1857 1.1.1.4 christos } else if (result == ISC_R_SUCCESS || result == DNS_R_NOERROR) { 1858 1.1 christos result = DNS_R_UNEXPECTEDID; 1859 1.1.1.4 christos } 1860 1.1.1.12 christos 1861 1.1 christos if (xfr->reqtype == dns_rdatatype_axfr || 1862 1.1.1.10 christos xfr->reqtype == dns_rdatatype_soa) 1863 1.1.1.10 christos { 1864 1.1 christos goto failure; 1865 1.1.1.4 christos } 1866 1.1.1.12 christos 1867 1.1 christos xfrin_log(xfr, ISC_LOG_DEBUG(3), "got %s, retrying with AXFR", 1868 1.1.1.4 christos isc_result_totext(result)); 1869 1.1.1.4 christos try_axfr: 1870 1.1.1.14 christos LIBDNS_XFRIN_RECV_TRY_AXFR(xfr, xfr->info, result); 1871 1.1.1.6 christos dns_message_detach(&msg); 1872 1.1 christos xfrin_reset(xfr); 1873 1.1 christos xfr->reqtype = dns_rdatatype_soa; 1874 1.1.1.14 christos atomic_store(&xfr->state, XFRST_SOAQUERY); 1875 1.1.1.14 christos try_again: 1876 1.1.1.12 christos result = xfrin_start(xfr); 1877 1.1.1.12 christos if (result != ISC_R_SUCCESS) { 1878 1.1.1.12 christos xfrin_fail(xfr, result, "failed setting up socket"); 1879 1.1.1.12 christos } 1880 1.1.1.14 christos dns_xfrin_detach(&xfr); 1881 1.1 christos return; 1882 1.1.1.12 christos } 1883 1.1.1.12 christos 1884 1.1.1.12 christos /* 1885 1.1.1.12 christos * The question section should exist for SOA and in the first 1886 1.1.1.12 christos * message of a AXFR or IXFR response. The question section 1887 1.1.1.12 christos * may exist in the 2nd and subsequent messages in a AXFR or 1888 1.1.1.12 christos * IXFR response. If the question section exists it should 1889 1.1.1.12 christos * match the question that was sent. 1890 1.1.1.12 christos */ 1891 1.1.1.12 christos if (msg->counts[DNS_SECTION_QUESTION] > 1) { 1892 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_NOTICE, "too many questions (%u)", 1893 1.1.1.12 christos msg->counts[DNS_SECTION_QUESTION]); 1894 1.1.1.12 christos result = DNS_R_FORMERR; 1895 1.1.1.12 christos goto failure; 1896 1.1.1.12 christos } 1897 1.1.1.12 christos 1898 1.1.1.14 christos if ((atomic_load(&xfr->state) == XFRST_SOAQUERY || 1899 1.1.1.14 christos atomic_load(&xfr->state) == XFRST_ZONEXFRREQUEST) && 1900 1.1.1.12 christos msg->counts[DNS_SECTION_QUESTION] != 1) 1901 1.1.1.12 christos { 1902 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_NOTICE, "missing question section"); 1903 1.1.1.12 christos result = DNS_R_FORMERR; 1904 1.1.1.12 christos goto failure; 1905 1.1.1.12 christos } 1906 1.1.1.12 christos 1907 1.1.1.12 christos for (result = dns_message_firstname(msg, DNS_SECTION_QUESTION); 1908 1.1.1.12 christos result == ISC_R_SUCCESS; 1909 1.1.1.12 christos result = dns_message_nextname(msg, DNS_SECTION_QUESTION)) 1910 1.1.1.12 christos { 1911 1.1.1.12 christos dns_rdataset_t *rds = NULL; 1912 1.1.1.12 christos 1913 1.1.1.14 christos LIBDNS_XFRIN_RECV_QUESTION(xfr, xfr->info, msg); 1914 1.1.1.14 christos 1915 1.1.1.12 christos name = NULL; 1916 1.1.1.12 christos dns_message_currentname(msg, DNS_SECTION_QUESTION, &name); 1917 1.1.1.12 christos if (!dns_name_equal(name, &xfr->name)) { 1918 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_NOTICE, 1919 1.1.1.12 christos "question name mismatch"); 1920 1.1.1.14 christos result = DNS_R_FORMERR; 1921 1.1.1.12 christos goto failure; 1922 1.1.1.12 christos } 1923 1.1.1.12 christos rds = ISC_LIST_HEAD(name->list); 1924 1.1.1.12 christos INSIST(rds != NULL); 1925 1.1.1.12 christos if (rds->type != xfr->reqtype) { 1926 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_NOTICE, 1927 1.1.1.12 christos "question type mismatch"); 1928 1.1.1.14 christos result = DNS_R_FORMERR; 1929 1.1.1.12 christos goto failure; 1930 1.1.1.12 christos } 1931 1.1.1.12 christos if (rds->rdclass != xfr->rdclass) { 1932 1.1.1.12 christos xfrin_log(xfr, ISC_LOG_NOTICE, 1933 1.1.1.12 christos "question class mismatch"); 1934 1.1.1.14 christos result = DNS_R_FORMERR; 1935 1.1.1.12 christos goto failure; 1936 1.1.1.12 christos } 1937 1.1.1.12 christos } 1938 1.1.1.12 christos if (result != ISC_R_NOMORE) { 1939 1.1.1.12 christos goto failure; 1940 1.1 christos } 1941 1.1 christos 1942 1.1 christos /* 1943 1.1 christos * Does the server know about IXFR? If it doesn't we will get 1944 1.1 christos * a message with a empty answer section or a potentially a CNAME / 1945 1.1 christos * DNAME, the later is handled by xfr_rr() which will return FORMERR 1946 1.1 christos * if the first RR in the answer section is not a SOA record. 1947 1.1 christos */ 1948 1.1 christos if (xfr->reqtype == dns_rdatatype_ixfr && 1949 1.1.1.14 christos atomic_load(&xfr->state) == XFRST_ZONEXFRREQUEST && 1950 1.1.1.4 christos msg->counts[DNS_SECTION_ANSWER] == 0) 1951 1.1.1.4 christos { 1952 1.1 christos xfrin_log(xfr, ISC_LOG_DEBUG(3), 1953 1.1 christos "empty answer section, retrying with AXFR"); 1954 1.1 christos goto try_axfr; 1955 1.1 christos } 1956 1.1 christos 1957 1.1 christos if (xfr->reqtype == dns_rdatatype_soa && 1958 1.1.1.10 christos (msg->flags & DNS_MESSAGEFLAG_AA) == 0) 1959 1.1.1.10 christos { 1960 1.1.1.14 christos result = DNS_R_NOTAUTHORITATIVE; 1961 1.1.1.14 christos goto failure; 1962 1.1 christos } 1963 1.1 christos 1964 1.1.1.14 christos result = dns_message_checksig(msg, xfr->view); 1965 1.1 christos if (result != ISC_R_SUCCESS) { 1966 1.1 christos xfrin_log(xfr, ISC_LOG_DEBUG(3), "TSIG check failed: %s", 1967 1.1.1.4 christos isc_result_totext(result)); 1968 1.1 christos goto failure; 1969 1.1 christos } 1970 1.1 christos 1971 1.1 christos for (result = dns_message_firstname(msg, DNS_SECTION_ANSWER); 1972 1.1 christos result == ISC_R_SUCCESS; 1973 1.1 christos result = dns_message_nextname(msg, DNS_SECTION_ANSWER)) 1974 1.1 christos { 1975 1.1.1.12 christos dns_rdataset_t *rds = NULL; 1976 1.1 christos 1977 1.1.1.14 christos LIBDNS_XFRIN_RECV_ANSWER(xfr, xfr->info, msg); 1978 1.1.1.14 christos 1979 1.1 christos name = NULL; 1980 1.1 christos dns_message_currentname(msg, DNS_SECTION_ANSWER, &name); 1981 1.1.1.4 christos for (rds = ISC_LIST_HEAD(name->list); rds != NULL; 1982 1.1 christos rds = ISC_LIST_NEXT(rds, link)) 1983 1.1 christos { 1984 1.1 christos for (result = dns_rdataset_first(rds); 1985 1.1 christos result == ISC_R_SUCCESS; 1986 1.1 christos result = dns_rdataset_next(rds)) 1987 1.1 christos { 1988 1.1 christos dns_rdata_t rdata = DNS_RDATA_INIT; 1989 1.1 christos dns_rdataset_current(rds, &rdata); 1990 1.1 christos CHECK(xfr_rr(xfr, name, rds->ttl, &rdata)); 1991 1.1 christos } 1992 1.1 christos } 1993 1.1 christos } 1994 1.1.1.14 christos if (result == ISC_R_NOMORE) { 1995 1.1.1.14 christos result = ISC_R_SUCCESS; 1996 1.1.1.4 christos } 1997 1.1.1.14 christos CHECK(result); 1998 1.1 christos 1999 1.1 christos if (dns_message_gettsig(msg, &tsigowner) != NULL) { 2000 1.1 christos /* 2001 1.1 christos * Reset the counter. 2002 1.1 christos */ 2003 1.1 christos xfr->sincetsig = 0; 2004 1.1 christos 2005 1.1 christos /* 2006 1.1 christos * Free the last tsig, if there is one. 2007 1.1 christos */ 2008 1.1.1.4 christos if (xfr->lasttsig != NULL) { 2009 1.1 christos isc_buffer_free(&xfr->lasttsig); 2010 1.1.1.4 christos } 2011 1.1 christos 2012 1.1 christos /* 2013 1.1 christos * Update the last tsig pointer. 2014 1.1 christos */ 2015 1.1.1.4 christos CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig)); 2016 1.1 christos } else if (dns_message_gettsigkey(msg) != NULL) { 2017 1.1 christos xfr->sincetsig++; 2018 1.1.1.14 christos if (xfr->sincetsig > 100 || 2019 1.1.1.14 christos atomic_load_relaxed(&xfr->nmsg) == 0 || 2020 1.1.1.14 christos atomic_load(&xfr->state) == XFRST_AXFR_END || 2021 1.1.1.14 christos atomic_load(&xfr->state) == XFRST_IXFR_END) 2022 1.1 christos { 2023 1.1 christos result = DNS_R_EXPECTEDTSIG; 2024 1.1 christos goto failure; 2025 1.1 christos } 2026 1.1 christos } 2027 1.1 christos 2028 1.1 christos /* 2029 1.1.1.14 christos * Update the number of messages and bytes received. 2030 1.1 christos */ 2031 1.1.1.14 christos atomic_fetch_add_relaxed(&xfr->nmsg, 1); 2032 1.1.1.14 christos atomic_fetch_add_relaxed(&xfr->nbytes, buffer.used); 2033 1.1 christos 2034 1.1 christos /* 2035 1.1 christos * Take the context back. 2036 1.1 christos */ 2037 1.1 christos INSIST(xfr->tsigctx == NULL); 2038 1.1 christos xfr->tsigctx = msg->tsigctx; 2039 1.1 christos msg->tsigctx = NULL; 2040 1.1 christos 2041 1.1.1.14 christos if (!xfr->expireoptset && msg->opt != NULL) { 2042 1.1.1.14 christos get_edns_expire(xfr, msg); 2043 1.1.1.14 christos } 2044 1.1.1.14 christos 2045 1.1.1.14 christos switch (atomic_load(&xfr->state)) { 2046 1.1 christos case XFRST_GOTSOA: 2047 1.1 christos xfr->reqtype = dns_rdatatype_axfr; 2048 1.1.1.14 christos atomic_store(&xfr->state, XFRST_ZONEXFRREQUEST); 2049 1.1.1.14 christos CHECK(xfrin_start(xfr)); 2050 1.1 christos break; 2051 1.1 christos case XFRST_AXFR_END: 2052 1.1 christos case XFRST_IXFR_END: 2053 1.1.1.14 christos /* We are at the end, cancel the timers and IO */ 2054 1.1.1.15 christos isc_timer_stop(xfr->min_rate_timer); 2055 1.1.1.14 christos isc_timer_stop(xfr->max_idle_timer); 2056 1.1.1.14 christos isc_timer_stop(xfr->max_time_timer); 2057 1.1.1.14 christos xfrin_cancelio(xfr); 2058 1.1 christos break; 2059 1.1 christos default: 2060 1.1 christos /* 2061 1.1 christos * Read the next message. 2062 1.1 christos */ 2063 1.1.1.12 christos dns_message_detach(&msg); 2064 1.1.1.14 christos result = dns_dispatch_getnext(xfr->dispentry); 2065 1.1.1.14 christos if (result != ISC_R_SUCCESS) { 2066 1.1.1.14 christos goto failure; 2067 1.1.1.14 christos } 2068 1.1.1.14 christos 2069 1.1.1.12 christos isc_interval_t interval; 2070 1.1.1.12 christos isc_interval_set(&interval, dns_zone_getidlein(xfr->zone), 0); 2071 1.1.1.14 christos isc_timer_start(xfr->max_idle_timer, isc_timertype_once, 2072 1.1.1.14 christos &interval); 2073 1.1.1.14 christos 2074 1.1.1.14 christos LIBDNS_XFRIN_READ(xfr, xfr->info, result); 2075 1.1.1.12 christos return; 2076 1.1 christos } 2077 1.1 christos 2078 1.1.1.4 christos failure: 2079 1.1.1.4 christos if (result != ISC_R_SUCCESS) { 2080 1.1 christos xfrin_fail(xfr, result, "failed while receiving responses"); 2081 1.1.1.4 christos } 2082 1.1 christos 2083 1.1.1.12 christos if (msg != NULL) { 2084 1.1.1.12 christos dns_message_detach(&msg); 2085 1.1.1.12 christos } 2086 1.1.1.14 christos dns_xfrin_detach(&xfr); 2087 1.1.1.14 christos LIBDNS_XFRIN_RECV_DONE(xfr, xfr->info, result); 2088 1.1 christos } 2089 1.1 christos 2090 1.1 christos static void 2091 1.1.1.14 christos xfrin_destroy(dns_xfrin_t *xfr) { 2092 1.1.1.14 christos uint64_t msecs, persec; 2093 1.1.1.14 christos isc_time_t now = isc_time_now(); 2094 1.1.1.14 christos char expireopt[sizeof("4000000000")] = { 0 }; 2095 1.1.1.14 christos const char *sep = ""; 2096 1.1 christos 2097 1.1 christos REQUIRE(VALID_XFRIN(xfr)); 2098 1.1 christos 2099 1.1.1.12 christos /* Safe-guards */ 2100 1.1.1.12 christos REQUIRE(atomic_load(&xfr->shuttingdown)); 2101 1.1 christos 2102 1.1.1.12 christos INSIST(xfr->shutdown_result != ISC_R_UNSET); 2103 1.1 christos 2104 1.1.1.12 christos /* 2105 1.1.1.12 christos * If we're called through dns_xfrin_detach() and are not 2106 1.1 christos * shutting down, we can't know what the transfer status is as 2107 1.1 christos * we are only called when the last reference is lost. 2108 1.1 christos */ 2109 1.1.1.14 christos xfrin_log(xfr, ISC_LOG_INFO, "Transfer status: %s", 2110 1.1.1.14 christos isc_result_totext(xfr->shutdown_result)); 2111 1.1 christos 2112 1.1 christos /* 2113 1.1 christos * Calculate the length of time the transfer took, 2114 1.1 christos * and print a log message with the bytes and rate. 2115 1.1 christos */ 2116 1.1.1.14 christos isc_time_t start = atomic_load_relaxed(&xfr->start); 2117 1.1.1.14 christos msecs = isc_time_microdiff(&now, &start) / 1000; 2118 1.1.1.4 christos if (msecs == 0) { 2119 1.1 christos msecs = 1; 2120 1.1.1.4 christos } 2121 1.1.1.14 christos persec = (atomic_load_relaxed(&xfr->nbytes) * 1000) / msecs; 2122 1.1.1.14 christos 2123 1.1.1.14 christos if (xfr->expireoptset) { 2124 1.1.1.14 christos sep = ", expire option "; 2125 1.1.1.14 christos snprintf(expireopt, sizeof(expireopt), "%u", xfr->expireopt); 2126 1.1.1.14 christos } 2127 1.1.1.14 christos 2128 1.1 christos xfrin_log(xfr, ISC_LOG_INFO, 2129 1.1 christos "Transfer completed: %d messages, %d records, " 2130 1.1.1.2 christos "%" PRIu64 " bytes, " 2131 1.1.1.14 christos "%u.%03u secs (%u bytes/sec) (serial %" PRIuFAST32 "%s%s)", 2132 1.1.1.14 christos atomic_load_relaxed(&xfr->nmsg), 2133 1.1.1.14 christos atomic_load_relaxed(&xfr->nrecs), 2134 1.1.1.14 christos atomic_load_relaxed(&xfr->nbytes), 2135 1.1.1.4 christos (unsigned int)(msecs / 1000), (unsigned int)(msecs % 1000), 2136 1.1.1.14 christos (unsigned int)persec, atomic_load_relaxed(&xfr->end_serial), 2137 1.1.1.14 christos sep, expireopt); 2138 1.1 christos 2139 1.1.1.14 christos /* Cleanup unprocessed IXFR data */ 2140 1.1.1.14 christos struct cds_wfcq_node *node, *next; 2141 1.1.1.14 christos __cds_wfcq_for_each_blocking_safe(&xfr->diff_head, &xfr->diff_tail, 2142 1.1.1.14 christos node, next) { 2143 1.1.1.14 christos ixfr_apply_data_t *data = 2144 1.1.1.14 christos caa_container_of(node, ixfr_apply_data_t, wfcq_node); 2145 1.1.1.14 christos /* We need to clear and free all data chunks */ 2146 1.1.1.14 christos dns_diff_clear(&data->diff); 2147 1.1.1.14 christos isc_mem_put(xfr->mctx, data, sizeof(*data)); 2148 1.1.1.4 christos } 2149 1.1 christos 2150 1.1.1.14 christos /* Cleanup unprocessed AXFR data */ 2151 1.1.1.14 christos dns_diff_clear(&xfr->diff); 2152 1.1.1.14 christos 2153 1.1.1.14 christos xfrin_cancelio(xfr); 2154 1.1.1.14 christos 2155 1.1.1.12 christos if (xfr->transport != NULL) { 2156 1.1.1.12 christos dns_transport_detach(&xfr->transport); 2157 1.1.1.4 christos } 2158 1.1 christos 2159 1.1.1.4 christos if (xfr->tsigkey != NULL) { 2160 1.1 christos dns_tsigkey_detach(&xfr->tsigkey); 2161 1.1.1.4 christos } 2162 1.1 christos 2163 1.1.1.4 christos if (xfr->lasttsig != NULL) { 2164 1.1 christos isc_buffer_free(&xfr->lasttsig); 2165 1.1.1.4 christos } 2166 1.1 christos 2167 1.1.1.4 christos if (xfr->ixfr.journal != NULL) { 2168 1.1 christos dns_journal_destroy(&xfr->ixfr.journal); 2169 1.1.1.4 christos } 2170 1.1 christos 2171 1.1.1.4 christos if (xfr->axfr.add_private != NULL) { 2172 1.1 christos (void)dns_db_endload(xfr->db, &xfr->axfr); 2173 1.1.1.4 christos } 2174 1.1 christos 2175 1.1.1.4 christos if (xfr->tsigctx != NULL) { 2176 1.1 christos dst_context_destroy(&xfr->tsigctx); 2177 1.1.1.4 christos } 2178 1.1 christos 2179 1.1.1.14 christos if (xfr->name.attributes.dynamic) { 2180 1.1 christos dns_name_free(&xfr->name, xfr->mctx); 2181 1.1.1.4 christos } 2182 1.1 christos 2183 1.1.1.4 christos if (xfr->ver != NULL) { 2184 1.1.1.2 christos dns_db_closeversion(xfr->db, &xfr->ver, false); 2185 1.1.1.4 christos } 2186 1.1 christos 2187 1.1.1.4 christos if (xfr->db != NULL) { 2188 1.1 christos dns_db_detach(&xfr->db); 2189 1.1.1.4 christos } 2190 1.1 christos 2191 1.1.1.3 christos if (xfr->zone != NULL) { 2192 1.1.1.12 christos if (!xfr->zone_had_db && 2193 1.1.1.3 christos xfr->shutdown_result == ISC_R_SUCCESS && 2194 1.1.1.3 christos dns_zone_gettype(xfr->zone) == dns_zone_mirror) 2195 1.1.1.3 christos { 2196 1.1.1.3 christos dns_zone_log(xfr->zone, ISC_LOG_INFO, 2197 1.1.1.3 christos "mirror zone is now in use"); 2198 1.1.1.3 christos } 2199 1.1.1.3 christos xfrin_log(xfr, ISC_LOG_DEBUG(99), "freeing transfer context"); 2200 1.1.1.3 christos /* 2201 1.1.1.3 christos * xfr->zone must not be detached before xfrin_log() is called. 2202 1.1.1.3 christos */ 2203 1.1 christos dns_zone_idetach(&xfr->zone); 2204 1.1.1.3 christos } 2205 1.1 christos 2206 1.1.1.14 christos if (xfr->view != NULL) { 2207 1.1.1.14 christos dns_view_weakdetach(&xfr->view); 2208 1.1.1.14 christos } 2209 1.1.1.14 christos 2210 1.1.1.8 christos if (xfr->firstsoa_data != NULL) { 2211 1.1.1.8 christos isc_mem_free(xfr->mctx, xfr->firstsoa_data); 2212 1.1.1.8 christos } 2213 1.1.1.8 christos 2214 1.1.1.12 christos if (xfr->tlsctx_cache != NULL) { 2215 1.1.1.12 christos isc_tlsctx_cache_detach(&xfr->tlsctx_cache); 2216 1.1.1.12 christos } 2217 1.1.1.12 christos 2218 1.1.1.14 christos INSIST(xfr->max_time_timer == NULL); 2219 1.1.1.14 christos INSIST(xfr->max_idle_timer == NULL); 2220 1.1.1.15 christos INSIST(xfr->min_rate_timer == NULL); 2221 1.1.1.14 christos 2222 1.1.1.14 christos isc_loop_detach(&xfr->loop); 2223 1.1.1.12 christos 2224 1.1 christos isc_mem_putanddetach(&xfr->mctx, xfr, sizeof(*xfr)); 2225 1.1 christos } 2226 1.1 christos 2227 1.1 christos /* 2228 1.1 christos * Log incoming zone transfer messages in a format like 2229 1.1 christos * transfer of <zone> from <address>: <message> 2230 1.1 christos */ 2231 1.1 christos 2232 1.1 christos static void 2233 1.1.1.14 christos xfrin_log(dns_xfrin_t *xfr, int level, const char *fmt, ...) { 2234 1.1 christos va_list ap; 2235 1.1.1.14 christos char primarytext[ISC_SOCKADDR_FORMATSIZE]; 2236 1.1.1.14 christos char msgtext[2048]; 2237 1.1 christos 2238 1.1.1.5 christos if (!isc_log_wouldlog(dns_lctx, level)) { 2239 1.1 christos return; 2240 1.1.1.4 christos } 2241 1.1 christos 2242 1.1.1.14 christos isc_sockaddr_format(&xfr->primaryaddr, primarytext, 2243 1.1.1.14 christos sizeof(primarytext)); 2244 1.1 christos va_start(ap, fmt); 2245 1.1.1.14 christos vsnprintf(msgtext, sizeof(msgtext), fmt, ap); 2246 1.1 christos va_end(ap); 2247 1.1 christos 2248 1.1.1.14 christos isc_log_write(dns_lctx, DNS_LOGCATEGORY_XFER_IN, DNS_LOGMODULE_XFER_IN, 2249 1.1.1.14 christos level, "%p: transfer of '%s' from %s: %s", xfr, xfr->info, 2250 1.1.1.14 christos primarytext, msgtext); 2251 1.1 christos } 2252
Indexes created Fri Mar 27 00:22:57 UTC 2026