Tarun Kundu | 567116b | 2024-08-15 16:22:58 -0700 | [diff] [blame^] | 1 | /* dnsmasq is Copyright (c) 2000-2024 Simon Kelley |
| 2 | |
| 3 | This program is free software; you can redistribute it and/or modify |
| 4 | it under the terms of the GNU General Public License as published by |
| 5 | the Free Software Foundation; version 2 dated June, 1991, or |
| 6 | (at your option) version 3 dated 29 June, 2007. |
| 7 | |
| 8 | This program is distributed in the hope that it will be useful, |
| 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 11 | GNU General Public License for more details. |
| 12 | |
| 13 | You should have received a copy of the GNU General Public License |
| 14 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 15 | */ |
| 16 | |
| 17 | #include "dnsmasq.h" |
| 18 | |
| 19 | static struct crec *cache_head = NULL, *cache_tail = NULL, **hash_table = NULL; |
| 20 | #ifdef HAVE_DHCP |
| 21 | static struct crec *dhcp_spare = NULL; |
| 22 | #endif |
| 23 | static struct crec *new_chain = NULL; |
| 24 | static int insert_error; |
| 25 | static union bigname *big_free = NULL; |
| 26 | static int bignames_left, hash_size; |
| 27 | |
| 28 | static void make_non_terminals(struct crec *source); |
| 29 | static struct crec *really_insert(char *name, union all_addr *addr, unsigned short class, |
| 30 | time_t now, unsigned long ttl, unsigned int flags); |
| 31 | static void dump_cache_entry(struct crec *cache, time_t now); |
| 32 | static char *querystr(char *desc, unsigned short type); |
| 33 | |
| 34 | /* type->string mapping: this is also used by the name-hash function as a mixing table. */ |
| 35 | /* taken from https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml */ |
| 36 | static const struct { |
| 37 | unsigned int type; |
| 38 | const char * const name; |
| 39 | } typestr[] = { |
| 40 | { 1, "A" }, /* a host address [RFC1035] */ |
| 41 | { 2, "NS" }, /* an authoritative name server [RFC1035] */ |
| 42 | { 3, "MD" }, /* a mail destination (OBSOLETE - use MX) [RFC1035] */ |
| 43 | { 4, "MF" }, /* a mail forwarder (OBSOLETE - use MX) [RFC1035] */ |
| 44 | { 5, "CNAME" }, /* the canonical name for an alias [RFC1035] */ |
| 45 | { 6, "SOA" }, /* marks the start of a zone of authority [RFC1035] */ |
| 46 | { 7, "MB" }, /* a mailbox domain name (EXPERIMENTAL) [RFC1035] */ |
| 47 | { 8, "MG" }, /* a mail group member (EXPERIMENTAL) [RFC1035] */ |
| 48 | { 9, "MR" }, /* a mail rename domain name (EXPERIMENTAL) [RFC1035] */ |
| 49 | { 10, "NULL" }, /* a null RR (EXPERIMENTAL) [RFC1035] */ |
| 50 | { 11, "WKS" }, /* a well known service description [RFC1035] */ |
| 51 | { 12, "PTR" }, /* a domain name pointer [RFC1035] */ |
| 52 | { 13, "HINFO" }, /* host information [RFC1035] */ |
| 53 | { 14, "MINFO" }, /* mailbox or mail list information [RFC1035] */ |
| 54 | { 15, "MX" }, /* mail exchange [RFC1035] */ |
| 55 | { 16, "TXT" }, /* text strings [RFC1035] */ |
| 56 | { 17, "RP" }, /* for Responsible Person [RFC1183] */ |
| 57 | { 18, "AFSDB" }, /* for AFS Data Base location [RFC1183][RFC5864] */ |
| 58 | { 19, "X25" }, /* for X.25 PSDN address [RFC1183] */ |
| 59 | { 20, "ISDN" }, /* for ISDN address [RFC1183] */ |
| 60 | { 21, "RT" }, /* for Route Through [RFC1183] */ |
| 61 | { 22, "NSAP" }, /* for NSAP address, NSAP style A record [RFC1706] */ |
| 62 | { 23, "NSAP_PTR" }, /* for domain name pointer, NSAP style [RFC1348][RFC1637][RFC1706] */ |
| 63 | { 24, "SIG" }, /* for security signature [RFC2535][RFC2536][RFC2537][RFC2931][RFC3008][RFC3110][RFC3755][RFC4034] */ |
| 64 | { 25, "KEY" }, /* for security key [RFC2535][RFC2536][RFC2537][RFC2539][RFC3008][RFC3110][RFC3755][RFC4034] */ |
| 65 | { 26, "PX" }, /* X.400 mail mapping information [RFC2163] */ |
| 66 | { 27, "GPOS" }, /* Geographical Position [RFC1712] */ |
| 67 | { 28, "AAAA" }, /* IP6 Address [RFC3596] */ |
| 68 | { 29, "LOC" }, /* Location Information [RFC1876] */ |
| 69 | { 30, "NXT" }, /* Next Domain (OBSOLETE) [RFC2535][RFC3755] */ |
| 70 | { 31, "EID" }, /* Endpoint Identifier [Michael_Patton][http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt] 1995-06*/ |
| 71 | { 32, "NIMLOC" }, /* Nimrod Locator [1][Michael_Patton][http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt] 1995-06*/ |
| 72 | { 33, "SRV" }, /* Server Selection [1][RFC2782] */ |
| 73 | { 34, "ATMA" }, /* ATM Address [ ATM Forum Technical Committee, "ATM Name System, V2.0", Doc ID: AF-DANS-0152.000, July 2000. Available from and held in escrow by IANA.] */ |
| 74 | { 35, "NAPTR" }, /* Naming Authority Pointer [RFC2168][RFC2915][RFC3403] */ |
| 75 | { 36, "KX" }, /* Key Exchanger [RFC2230] */ |
| 76 | { 37, "CERT" }, /* CERT [RFC4398] */ |
| 77 | { 38, "A6" }, /* A6 (OBSOLETE - use AAAA) [RFC2874][RFC3226][RFC6563] */ |
| 78 | { 39, "DNAME" }, /* DNAME [RFC6672] */ |
| 79 | { 40, "SINK" }, /* SINK [Donald_E_Eastlake][http://tools.ietf.org/html/draft-eastlake-kitchen-sink] 1997-11*/ |
| 80 | { 41, "OPT" }, /* OPT [RFC3225][RFC6891] */ |
| 81 | { 42, "APL" }, /* APL [RFC3123] */ |
| 82 | { 43, "DS" }, /* Delegation Signer [RFC3658][RFC4034] */ |
| 83 | { 44, "SSHFP" }, /* SSH Key Fingerprint [RFC4255] */ |
| 84 | { 45, "IPSECKEY" }, /* IPSECKEY [RFC4025] */ |
| 85 | { 46, "RRSIG" }, /* RRSIG [RFC3755][RFC4034] */ |
| 86 | { 47, "NSEC" }, /* NSEC [RFC3755][RFC4034][RFC9077] */ |
| 87 | { 48, "DNSKEY" }, /* DNSKEY [RFC3755][RFC4034] */ |
| 88 | { 49, "DHCID" }, /* DHCID [RFC4701] */ |
| 89 | { 50, "NSEC3" }, /* NSEC3 [RFC5155][RFC9077] */ |
| 90 | { 51, "NSEC3PARAM" }, /* NSEC3PARAM [RFC5155] */ |
| 91 | { 52, "TLSA" }, /* TLSA [RFC6698] */ |
| 92 | { 53, "SMIMEA" }, /* S/MIME cert association [RFC8162] SMIMEA/smimea-completed-template 2015-12-01*/ |
| 93 | { 55, "HIP" }, /* Host Identity Protocol [RFC8005] */ |
| 94 | { 56, "NINFO" }, /* NINFO [Jim_Reid] NINFO/ninfo-completed-template 2008-01-21*/ |
| 95 | { 57, "RKEY" }, /* RKEY [Jim_Reid] RKEY/rkey-completed-template 2008-01-21*/ |
| 96 | { 58, "TALINK" }, /* Trust Anchor LINK [Wouter_Wijngaards] TALINK/talink-completed-template 2010-02-17*/ |
| 97 | { 59, "CDS" }, /* Child DS [RFC7344] CDS/cds-completed-template 2011-06-06*/ |
| 98 | { 60, "CDNSKEY" }, /* DNSKEY(s) the Child wants reflected in DS [RFC7344] 2014-06-16*/ |
| 99 | { 61, "OPENPGPKEY" }, /* OpenPGP Key [RFC7929] OPENPGPKEY/openpgpkey-completed-template 2014-08-12*/ |
| 100 | { 62, "CSYNC" }, /* Child-To-Parent Synchronization [RFC7477] 2015-01-27*/ |
| 101 | { 63, "ZONEMD" }, /* Message Digest Over Zone Data [RFC8976] ZONEMD/zonemd-completed-template 2018-12-12*/ |
| 102 | { 64, "SVCB" }, /* Service Binding [draft-ietf-dnsop-svcb-https-00] SVCB/svcb-completed-template 2020-06-30*/ |
| 103 | { 65, "HTTPS" }, /* HTTPS Binding [draft-ietf-dnsop-svcb-https-00] HTTPS/https-completed-template 2020-06-30*/ |
| 104 | { 99, "SPF" }, /* [RFC7208] */ |
| 105 | { 100, "UINFO" }, /* [IANA-Reserved] */ |
| 106 | { 101, "UID" }, /* [IANA-Reserved] */ |
| 107 | { 102, "GID" }, /* [IANA-Reserved] */ |
| 108 | { 103, "UNSPEC" }, /* [IANA-Reserved] */ |
| 109 | { 104, "NID" }, /* [RFC6742] ILNP/nid-completed-template */ |
| 110 | { 105, "L32" }, /* [RFC6742] ILNP/l32-completed-template */ |
| 111 | { 106, "L64" }, /* [RFC6742] ILNP/l64-completed-template */ |
| 112 | { 107, "LP" }, /* [RFC6742] ILNP/lp-completed-template */ |
| 113 | { 108, "EUI48" }, /* an EUI-48 address [RFC7043] EUI48/eui48-completed-template 2013-03-27*/ |
| 114 | { 109, "EUI64" }, /* an EUI-64 address [RFC7043] EUI64/eui64-completed-template 2013-03-27*/ |
| 115 | { 249, "TKEY" }, /* Transaction Key [RFC2930] */ |
| 116 | { 250, "TSIG" }, /* Transaction Signature [RFC8945] */ |
| 117 | { 251, "IXFR" }, /* incremental transfer [RFC1995] */ |
| 118 | { 252, "AXFR" }, /* transfer of an entire zone [RFC1035][RFC5936] */ |
| 119 | { 253, "MAILB" }, /* mailbox-related RRs (MB, MG or MR) [RFC1035] */ |
| 120 | { 254, "MAILA" }, /* mail agent RRs (OBSOLETE - see MX) [RFC1035] */ |
| 121 | { 255, "ANY" }, /* A request for some or all records the server has available [RFC1035][RFC6895][RFC8482] */ |
| 122 | { 256, "URI" }, /* URI [RFC7553] URI/uri-completed-template 2011-02-22*/ |
| 123 | { 257, "CAA" }, /* Certification Authority Restriction [RFC8659] CAA/caa-completed-template 2011-04-07*/ |
| 124 | { 258, "AVC" }, /* Application Visibility and Control [Wolfgang_Riedel] AVC/avc-completed-template 2016-02-26*/ |
| 125 | { 259, "DOA" }, /* Digital Object Architecture [draft-durand-doa-over-dns] DOA/doa-completed-template 2017-08-30*/ |
| 126 | { 260, "AMTRELAY" }, /* Automatic Multicast Tunneling Relay [RFC8777] AMTRELAY/amtrelay-completed-template 2019-02-06*/ |
| 127 | { 261, "RESINFO" }, /* Resolver Information as Key/Value Pairs https://datatracker.ietf.org/doc/draft-ietf-add-resolver-info/06/ */ |
| 128 | { 32768, "TA" }, /* DNSSEC Trust Authorities [Sam_Weiler][http://cameo.library.cmu.edu/][ Deploying DNSSEC Without a Signed Root. Technical Report 1999-19, Information Networking Institute, Carnegie Mellon University, April 2004.] 2005-12-13*/ |
| 129 | { 32769, "DLV" }, /* DNSSEC Lookaside Validation (OBSOLETE) [RFC8749][RFC4431] */ |
| 130 | }; |
| 131 | |
| 132 | static void cache_free(struct crec *crecp); |
| 133 | static void cache_unlink(struct crec *crecp); |
| 134 | static void cache_link(struct crec *crecp); |
| 135 | static void rehash(int size); |
| 136 | static void cache_hash(struct crec *crecp); |
| 137 | |
| 138 | unsigned short rrtype(char *in) |
| 139 | { |
| 140 | unsigned int i; |
| 141 | |
| 142 | for (i = 0; i < (sizeof(typestr)/sizeof(typestr[0])); i++) |
| 143 | if (strcasecmp(in, typestr[i].name) == 0) |
| 144 | return typestr[i].type; |
| 145 | |
| 146 | return 0; |
| 147 | } |
| 148 | |
| 149 | void next_uid(struct crec *crecp) |
| 150 | { |
| 151 | static unsigned int uid = 0; |
| 152 | |
| 153 | if (crecp->uid == UID_NONE) |
| 154 | { |
| 155 | uid++; |
| 156 | |
| 157 | /* uid == 0 used to indicate CNAME to interface name. */ |
| 158 | if (uid == UID_NONE) |
| 159 | uid++; |
| 160 | |
| 161 | crecp->uid = uid; |
| 162 | } |
| 163 | } |
| 164 | |
| 165 | void cache_init(void) |
| 166 | { |
| 167 | struct crec *crecp; |
| 168 | int i; |
| 169 | |
| 170 | bignames_left = daemon->cachesize/10; |
| 171 | |
| 172 | if (daemon->cachesize > 0) |
| 173 | { |
| 174 | crecp = safe_malloc(daemon->cachesize*sizeof(struct crec)); |
| 175 | |
| 176 | for (i=0; i < daemon->cachesize; i++, crecp++) |
| 177 | { |
| 178 | cache_link(crecp); |
| 179 | crecp->flags = 0; |
| 180 | crecp->uid = UID_NONE; |
| 181 | } |
| 182 | } |
| 183 | |
| 184 | /* create initial hash table*/ |
| 185 | rehash(daemon->cachesize); |
| 186 | } |
| 187 | |
| 188 | /* In most cases, we create the hash table once here by calling this with (hash_table == NULL) |
| 189 | but if the hosts file(s) are big (some people have 50000 ad-block entries), the table |
| 190 | will be much too small, so the hosts reading code calls rehash every 1000 addresses, to |
| 191 | expand the table. */ |
| 192 | static void rehash(int size) |
| 193 | { |
| 194 | struct crec **new, **old, *p, *tmp; |
| 195 | int i, new_size, old_size; |
| 196 | |
| 197 | /* hash_size is a power of two. */ |
| 198 | for (new_size = 64; new_size < size/10; new_size = new_size << 1); |
| 199 | |
| 200 | /* must succeed in getting first instance, failure later is non-fatal */ |
| 201 | if (!hash_table) |
| 202 | new = safe_malloc(new_size * sizeof(struct crec *)); |
| 203 | else if (new_size <= hash_size || !(new = whine_malloc(new_size * sizeof(struct crec *)))) |
| 204 | return; |
| 205 | |
| 206 | for (i = 0; i < new_size; i++) |
| 207 | new[i] = NULL; |
| 208 | |
| 209 | old = hash_table; |
| 210 | old_size = hash_size; |
| 211 | hash_table = new; |
| 212 | hash_size = new_size; |
| 213 | |
| 214 | if (old) |
| 215 | { |
| 216 | for (i = 0; i < old_size; i++) |
| 217 | for (p = old[i]; p ; p = tmp) |
| 218 | { |
| 219 | tmp = p->hash_next; |
| 220 | cache_hash(p); |
| 221 | } |
| 222 | free(old); |
| 223 | } |
| 224 | } |
| 225 | |
| 226 | static struct crec **hash_bucket(char *name) |
| 227 | { |
| 228 | unsigned int c, val = 017465; /* Barker code - minimum self-correlation in cyclic shift */ |
| 229 | const unsigned char *mix_tab = (const unsigned char*)typestr; |
| 230 | |
| 231 | while((c = (unsigned char) *name++)) |
| 232 | { |
| 233 | /* don't use tolower and friends here - they may be messed up by LOCALE */ |
| 234 | if (c >= 'A' && c <= 'Z') |
| 235 | c += 'a' - 'A'; |
| 236 | val = ((val << 7) | (val >> (32 - 7))) + (mix_tab[(val + c) & 0x3F] ^ c); |
| 237 | } |
| 238 | |
| 239 | /* hash_size is a power of two */ |
| 240 | return hash_table + ((val ^ (val >> 16)) & (hash_size - 1)); |
| 241 | } |
| 242 | |
| 243 | static void cache_hash(struct crec *crecp) |
| 244 | { |
| 245 | /* maintain an invariant that all entries with F_REVERSE set |
| 246 | are at the start of the hash-chain and all non-reverse |
| 247 | immortal entries are at the end of the hash-chain. |
| 248 | This allows reverse searches and garbage collection to be optimised */ |
| 249 | |
| 250 | char *name = cache_get_name(crecp); |
| 251 | struct crec **up = hash_bucket(name); |
| 252 | unsigned int flags = crecp->flags & (F_IMMORTAL | F_REVERSE); |
| 253 | |
| 254 | if (!(flags & F_REVERSE)) |
| 255 | { |
| 256 | while (*up && ((*up)->flags & F_REVERSE)) |
| 257 | up = &((*up)->hash_next); |
| 258 | |
| 259 | if (flags & F_IMMORTAL) |
| 260 | while (*up && !((*up)->flags & F_IMMORTAL)) |
| 261 | up = &((*up)->hash_next); |
| 262 | } |
| 263 | |
| 264 | /* Preserve order when inserting the same name multiple times. |
| 265 | Do not mess up the flag invariants. */ |
| 266 | while (*up && |
| 267 | hostname_isequal(cache_get_name(*up), name) && |
| 268 | flags == ((*up)->flags & (F_IMMORTAL | F_REVERSE))) |
| 269 | up = &((*up)->hash_next); |
| 270 | |
| 271 | crecp->hash_next = *up; |
| 272 | *up = crecp; |
| 273 | } |
| 274 | |
| 275 | static void cache_blockdata_free(struct crec *crecp) |
| 276 | { |
| 277 | if (!(crecp->flags & F_NEG)) |
| 278 | { |
| 279 | if ((crecp->flags & F_RR) && (crecp->flags & F_KEYTAG)) |
| 280 | blockdata_free(crecp->addr.rrblock.rrdata); |
| 281 | #ifdef HAVE_DNSSEC |
| 282 | else if (crecp->flags & F_DNSKEY) |
| 283 | blockdata_free(crecp->addr.key.keydata); |
| 284 | else if (crecp->flags & F_DS) |
| 285 | blockdata_free(crecp->addr.ds.keydata); |
| 286 | #endif |
| 287 | } |
| 288 | } |
| 289 | |
| 290 | static void cache_free(struct crec *crecp) |
| 291 | { |
| 292 | crecp->flags &= ~F_FORWARD; |
| 293 | crecp->flags &= ~F_REVERSE; |
| 294 | crecp->uid = UID_NONE; /* invalidate CNAMES pointing to this. */ |
| 295 | |
| 296 | if (cache_tail) |
| 297 | cache_tail->next = crecp; |
| 298 | else |
| 299 | cache_head = crecp; |
| 300 | crecp->prev = cache_tail; |
| 301 | crecp->next = NULL; |
| 302 | cache_tail = crecp; |
| 303 | |
| 304 | /* retrieve big name for further use. */ |
| 305 | if (crecp->flags & F_BIGNAME) |
| 306 | { |
| 307 | crecp->name.bname->next = big_free; |
| 308 | big_free = crecp->name.bname; |
| 309 | crecp->flags &= ~F_BIGNAME; |
| 310 | } |
| 311 | |
| 312 | cache_blockdata_free(crecp); |
| 313 | } |
| 314 | |
| 315 | /* insert a new cache entry at the head of the list (youngest entry) */ |
| 316 | static void cache_link(struct crec *crecp) |
| 317 | { |
| 318 | if (cache_head) /* check needed for init code */ |
| 319 | cache_head->prev = crecp; |
| 320 | crecp->next = cache_head; |
| 321 | crecp->prev = NULL; |
| 322 | cache_head = crecp; |
| 323 | if (!cache_tail) |
| 324 | cache_tail = crecp; |
| 325 | } |
| 326 | |
| 327 | /* remove an arbitrary cache entry for promotion */ |
| 328 | static void cache_unlink (struct crec *crecp) |
| 329 | { |
| 330 | if (crecp->prev) |
| 331 | crecp->prev->next = crecp->next; |
| 332 | else |
| 333 | cache_head = crecp->next; |
| 334 | |
| 335 | if (crecp->next) |
| 336 | crecp->next->prev = crecp->prev; |
| 337 | else |
| 338 | cache_tail = crecp->prev; |
| 339 | } |
| 340 | |
| 341 | char *cache_get_name(struct crec *crecp) |
| 342 | { |
| 343 | if (crecp->flags & F_BIGNAME) |
| 344 | return crecp->name.bname->name; |
| 345 | else if (crecp->flags & F_NAMEP) |
| 346 | return crecp->name.namep; |
| 347 | |
| 348 | return crecp->name.sname; |
| 349 | } |
| 350 | |
| 351 | char *cache_get_cname_target(struct crec *crecp) |
| 352 | { |
| 353 | if (crecp->addr.cname.is_name_ptr) |
| 354 | return crecp->addr.cname.target.name; |
| 355 | else |
| 356 | return cache_get_name(crecp->addr.cname.target.cache); |
| 357 | } |
| 358 | |
| 359 | |
| 360 | |
| 361 | struct crec *cache_enumerate(int init) |
| 362 | { |
| 363 | static int bucket; |
| 364 | static struct crec *cache; |
| 365 | |
| 366 | if (init) |
| 367 | { |
| 368 | bucket = 0; |
| 369 | cache = NULL; |
| 370 | } |
| 371 | else if (cache && cache->hash_next) |
| 372 | cache = cache->hash_next; |
| 373 | else |
| 374 | { |
| 375 | cache = NULL; |
| 376 | while (bucket < hash_size) |
| 377 | if ((cache = hash_table[bucket++])) |
| 378 | break; |
| 379 | } |
| 380 | |
| 381 | return cache; |
| 382 | } |
| 383 | |
| 384 | static int is_outdated_cname_pointer(struct crec *crecp) |
| 385 | { |
| 386 | if (!(crecp->flags & F_CNAME) || crecp->addr.cname.is_name_ptr) |
| 387 | return 0; |
| 388 | |
| 389 | /* NB. record may be reused as DS or DNSKEY, where uid is |
| 390 | overloaded for something completely different */ |
| 391 | if (crecp->addr.cname.target.cache && |
| 392 | !(crecp->addr.cname.target.cache->flags & (F_DNSKEY | F_DS)) && |
| 393 | crecp->addr.cname.uid == crecp->addr.cname.target.cache->uid) |
| 394 | return 0; |
| 395 | |
| 396 | return 1; |
| 397 | } |
| 398 | |
| 399 | static int is_expired(time_t now, struct crec *crecp) |
| 400 | { |
| 401 | /* Don't dump expired entries if they are within the accepted timeout range. |
| 402 | The cache becomes approx. LRU. Never use expired DS or DNSKEY entries. |
| 403 | Possible values for daemon->cache_max_expiry: |
| 404 | -1 == serve cached content regardless how long ago it expired |
| 405 | 0 == the option is disabled, expired content isn't served |
| 406 | <n> == serve cached content only if it expire less than <n> seconds |
| 407 | ago (where n is a positive integer) */ |
| 408 | if (daemon->cache_max_expiry != 0 && |
| 409 | (daemon->cache_max_expiry == -1 || |
| 410 | difftime(now, crecp->ttd) < daemon->cache_max_expiry) && |
| 411 | !(crecp->flags & (F_DS | F_DNSKEY))) |
| 412 | return 0; |
| 413 | |
| 414 | if (crecp->flags & F_IMMORTAL) |
| 415 | return 0; |
| 416 | |
| 417 | if (difftime(now, crecp->ttd) < 0) |
| 418 | return 0; |
| 419 | |
| 420 | return 1; |
| 421 | } |
| 422 | |
| 423 | /* Remove entries with a given UID from the cache */ |
| 424 | unsigned int cache_remove_uid(const unsigned int uid) |
| 425 | { |
| 426 | int i; |
| 427 | unsigned int removed = 0; |
| 428 | struct crec *crecp, *tmp, **up; |
| 429 | |
| 430 | for (i = 0; i < hash_size; i++) |
| 431 | for (crecp = hash_table[i], up = &hash_table[i]; crecp; crecp = tmp) |
| 432 | { |
| 433 | tmp = crecp->hash_next; |
| 434 | if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) && crecp->uid == uid) |
| 435 | { |
| 436 | *up = tmp; |
| 437 | free(crecp); |
| 438 | removed++; |
| 439 | } |
| 440 | else |
| 441 | up = &crecp->hash_next; |
| 442 | } |
| 443 | |
| 444 | return removed; |
| 445 | } |
| 446 | |
| 447 | static struct crec *cache_scan_free(char *name, union all_addr *addr, unsigned short class, time_t now, |
| 448 | unsigned int flags, struct crec **target_crec, unsigned int *target_uid) |
| 449 | { |
| 450 | /* Scan and remove old entries. |
| 451 | If (flags & F_FORWARD) then remove any forward entries for name and any expired |
| 452 | entries but only in the same hash bucket as name. |
| 453 | If (flags & F_REVERSE) then remove any reverse entries for addr and any expired |
| 454 | entries in the whole cache. |
| 455 | If (flags == 0) remove any expired entries in the whole cache. |
| 456 | |
| 457 | In the flags & F_FORWARD case, the return code is valid, and returns a non-NULL pointer |
| 458 | to a cache entry if the name exists in the cache as a HOSTS or DHCP entry (these are never deleted) |
| 459 | |
| 460 | We take advantage of the fact that hash chains have stuff in the order <reverse>,<other>,<immortal> |
| 461 | so that when we hit an entry which isn't reverse and is immortal, we're done. |
| 462 | |
| 463 | If we free a crec which is a CNAME target, return the entry and uid in target_crec and target_uid. |
| 464 | This entry will get re-used with the same name, to preserve CNAMEs. */ |
| 465 | |
| 466 | struct crec *crecp, **up; |
| 467 | |
| 468 | (void)class; |
| 469 | |
| 470 | if (flags & F_FORWARD) |
| 471 | { |
| 472 | for (up = hash_bucket(name), crecp = *up; crecp; crecp = crecp->hash_next) |
| 473 | { |
| 474 | if ((crecp->flags & F_FORWARD) && hostname_isequal(cache_get_name(crecp), name)) |
| 475 | { |
| 476 | int rrmatch = 0; |
| 477 | if (crecp->flags & flags & F_RR) |
| 478 | { |
| 479 | unsigned short rrc = (crecp->flags & F_KEYTAG) ? crecp->addr.rrblock.rrtype : crecp->addr.rrdata.rrtype; |
| 480 | unsigned short rra = (flags & F_KEYTAG) ? addr->rrblock.rrtype : addr->rrdata.rrtype; |
| 481 | |
| 482 | if (rrc == rra) |
| 483 | rrmatch = 1; |
| 484 | } |
| 485 | |
| 486 | /* Don't delete DNSSEC in favour of a CNAME, they can co-exist */ |
| 487 | if ((flags & crecp->flags & (F_IPV4 | F_IPV6 | F_NXDOMAIN)) || |
| 488 | (((crecp->flags | flags) & F_CNAME) && !(crecp->flags & (F_DNSKEY | F_DS))) || |
| 489 | rrmatch) |
| 490 | { |
| 491 | if (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) |
| 492 | return crecp; |
| 493 | *up = crecp->hash_next; |
| 494 | /* If this record is for the name we're inserting and is the target |
| 495 | of a CNAME record. Make the new record for the same name, in the same |
| 496 | crec, with the same uid to avoid breaking the existing CNAME. */ |
| 497 | if (crecp->uid != UID_NONE) |
| 498 | { |
| 499 | if (target_crec) |
| 500 | *target_crec = crecp; |
| 501 | if (target_uid) |
| 502 | *target_uid = crecp->uid; |
| 503 | } |
| 504 | cache_unlink(crecp); |
| 505 | cache_free(crecp); |
| 506 | continue; |
| 507 | } |
| 508 | |
| 509 | #ifdef HAVE_DNSSEC |
| 510 | /* Deletion has to be class-sensitive for DS and DNSKEY */ |
| 511 | if ((flags & crecp->flags & (F_DNSKEY | F_DS)) && crecp->uid == class) |
| 512 | { |
| 513 | if (crecp->flags & F_CONFIG) |
| 514 | return crecp; |
| 515 | *up = crecp->hash_next; |
| 516 | cache_unlink(crecp); |
| 517 | cache_free(crecp); |
| 518 | continue; |
| 519 | } |
| 520 | #endif |
| 521 | } |
| 522 | |
| 523 | if (is_expired(now, crecp) || is_outdated_cname_pointer(crecp)) |
| 524 | { |
| 525 | *up = crecp->hash_next; |
| 526 | if (!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG))) |
| 527 | { |
| 528 | cache_unlink(crecp); |
| 529 | cache_free(crecp); |
| 530 | } |
| 531 | continue; |
| 532 | } |
| 533 | |
| 534 | up = &crecp->hash_next; |
| 535 | } |
| 536 | } |
| 537 | else |
| 538 | { |
| 539 | int i; |
| 540 | int addrlen = (flags & F_IPV6) ? IN6ADDRSZ : INADDRSZ; |
| 541 | |
| 542 | for (i = 0; i < hash_size; i++) |
| 543 | for (crecp = hash_table[i], up = &hash_table[i]; |
| 544 | crecp && ((crecp->flags & F_REVERSE) || !(crecp->flags & F_IMMORTAL)); |
| 545 | crecp = crecp->hash_next) |
| 546 | if (is_expired(now, crecp)) |
| 547 | { |
| 548 | *up = crecp->hash_next; |
| 549 | if (!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG))) |
| 550 | { |
| 551 | cache_unlink(crecp); |
| 552 | cache_free(crecp); |
| 553 | } |
| 554 | } |
| 555 | else if (!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) && |
| 556 | (flags & crecp->flags & F_REVERSE) && |
| 557 | (flags & crecp->flags & (F_IPV4 | F_IPV6)) && |
| 558 | addr && memcmp(&crecp->addr, addr, addrlen) == 0) |
| 559 | { |
| 560 | *up = crecp->hash_next; |
| 561 | cache_unlink(crecp); |
| 562 | cache_free(crecp); |
| 563 | } |
| 564 | else |
| 565 | up = &crecp->hash_next; |
| 566 | } |
| 567 | |
| 568 | return NULL; |
| 569 | } |
| 570 | |
| 571 | /* Note: The normal calling sequence is |
| 572 | cache_start_insert |
| 573 | cache_insert * n |
| 574 | cache_end_insert |
| 575 | |
| 576 | but an abort can cause the cache_end_insert to be missed |
| 577 | in which can the next cache_start_insert cleans things up. */ |
| 578 | |
| 579 | void cache_start_insert(void) |
| 580 | { |
| 581 | /* Free any entries which didn't get committed during the last |
| 582 | insert due to error. |
| 583 | */ |
| 584 | while (new_chain) |
| 585 | { |
| 586 | struct crec *tmp = new_chain->next; |
| 587 | cache_free(new_chain); |
| 588 | new_chain = tmp; |
| 589 | } |
| 590 | new_chain = NULL; |
| 591 | insert_error = 0; |
| 592 | } |
| 593 | |
| 594 | struct crec *cache_insert(char *name, union all_addr *addr, unsigned short class, |
| 595 | time_t now, unsigned long ttl, unsigned int flags) |
| 596 | { |
| 597 | #ifdef HAVE_DNSSEC |
| 598 | if (flags & (F_DNSKEY | F_DS)) |
| 599 | { |
| 600 | /* The DNSSEC validation process works by getting needed records into the |
| 601 | cache, then retrying the validation until they are all in place. |
| 602 | This can be messed up by very short TTLs, and _really_ messed up by |
| 603 | zero TTLs, so we force the TTL to be at least long enough to do a validation. |
| 604 | Ideally, we should use some kind of reference counting so that records are |
| 605 | locked until the validation that asked for them is complete, but this |
| 606 | is much easier, and just as effective. */ |
| 607 | if (ttl < DNSSEC_MIN_TTL) |
| 608 | ttl = DNSSEC_MIN_TTL; |
| 609 | } |
| 610 | else |
| 611 | #endif |
| 612 | { |
| 613 | if (daemon->max_cache_ttl != 0 && daemon->max_cache_ttl < ttl) |
| 614 | ttl = daemon->max_cache_ttl; |
| 615 | if (daemon->min_cache_ttl != 0 && daemon->min_cache_ttl > ttl) |
| 616 | ttl = daemon->min_cache_ttl; |
| 617 | } |
| 618 | |
| 619 | return really_insert(name, addr, class, now, ttl, flags); |
| 620 | } |
| 621 | |
| 622 | |
| 623 | static struct crec *really_insert(char *name, union all_addr *addr, unsigned short class, |
| 624 | time_t now, unsigned long ttl, unsigned int flags) |
| 625 | { |
| 626 | struct crec *new, *target_crec = NULL; |
| 627 | union bigname *big_name = NULL; |
| 628 | int freed_all = (flags & F_REVERSE); |
| 629 | struct crec *free_avail = NULL; |
| 630 | unsigned int target_uid; |
| 631 | |
| 632 | /* if previous insertion failed give up now. */ |
| 633 | if (insert_error) |
| 634 | return NULL; |
| 635 | |
| 636 | /* we don't cache zero-TTL records unless we're doing stale-caching. */ |
| 637 | if (daemon->cache_max_expiry == 0 && ttl == 0) |
| 638 | { |
| 639 | insert_error = 1; |
| 640 | return NULL; |
| 641 | } |
| 642 | |
| 643 | /* First remove any expired entries and entries for the name/address we |
| 644 | are currently inserting. */ |
| 645 | if ((new = cache_scan_free(name, addr, class, now, flags, &target_crec, &target_uid))) |
| 646 | { |
| 647 | /* We're trying to insert a record over one from |
| 648 | /etc/hosts or DHCP, or other config. If the |
| 649 | existing record is for an A or AAAA or CNAME and |
| 650 | the record we're trying to insert is the same, |
| 651 | just drop the insert, but don't error the whole process. */ |
| 652 | if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr) |
| 653 | { |
| 654 | if ((flags & F_IPV4) && (new->flags & F_IPV4) && |
| 655 | new->addr.addr4.s_addr == addr->addr4.s_addr) |
| 656 | return new; |
| 657 | else if ((flags & F_IPV6) && (new->flags & F_IPV6) && |
| 658 | IN6_ARE_ADDR_EQUAL(&new->addr.addr6, &addr->addr6)) |
| 659 | return new; |
| 660 | } |
| 661 | |
| 662 | insert_error = 1; |
| 663 | return NULL; |
| 664 | } |
| 665 | |
| 666 | /* Now get a cache entry from the end of the LRU list */ |
| 667 | if (!target_crec) |
| 668 | while (1) { |
| 669 | if (!(new = cache_tail)) /* no entries left - cache is too small, bail */ |
| 670 | { |
| 671 | insert_error = 1; |
| 672 | return NULL; |
| 673 | } |
| 674 | |
| 675 | /* Free entry at end of LRU list, use it. */ |
| 676 | if (!(new->flags & (F_FORWARD | F_REVERSE))) |
| 677 | break; |
| 678 | |
| 679 | /* End of LRU list is still in use: if we didn't scan all the hash |
| 680 | chains for expired entries do that now. If we already tried that |
| 681 | then it's time to start spilling things. */ |
| 682 | |
| 683 | /* If free_avail set, we believe that an entry has been freed. |
| 684 | Bugs have been known to make this not true, resulting in |
| 685 | a tight loop here. If that happens, abandon the |
| 686 | insert. Once in this state, all inserts will probably fail. */ |
| 687 | if (free_avail) |
| 688 | { |
| 689 | my_syslog(LOG_ERR, _("Internal error in cache.")); |
| 690 | /* Log the entry we tried to delete. */ |
| 691 | dump_cache_entry(free_avail, now); |
| 692 | insert_error = 1; |
| 693 | return NULL; |
| 694 | } |
| 695 | |
| 696 | if (freed_all) |
| 697 | { |
| 698 | /* For DNSSEC records, uid holds class. */ |
| 699 | free_avail = new; /* Must be free space now. */ |
| 700 | |
| 701 | /* condition valid when stale-caching */ |
| 702 | if (difftime(now, new->ttd) < 0) |
| 703 | daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED]++; |
| 704 | |
| 705 | cache_scan_free(cache_get_name(new), &new->addr, new->uid, now, new->flags, NULL, NULL); |
| 706 | } |
| 707 | else |
| 708 | { |
| 709 | cache_scan_free(NULL, NULL, class, now, 0, NULL, NULL); |
| 710 | freed_all = 1; |
| 711 | } |
| 712 | } |
| 713 | |
| 714 | /* Check if we need to and can allocate extra memory for a long name. |
| 715 | If that fails, give up now, always succeed for DNSSEC records. */ |
| 716 | if (name && (strlen(name) > SMALLDNAME-1)) |
| 717 | { |
| 718 | if (big_free) |
| 719 | { |
| 720 | big_name = big_free; |
| 721 | big_free = big_free->next; |
| 722 | } |
| 723 | else if ((bignames_left == 0 && !(flags & (F_DS | F_DNSKEY))) || |
| 724 | !(big_name = (union bigname *)whine_malloc(sizeof(union bigname)))) |
| 725 | { |
| 726 | insert_error = 1; |
| 727 | return NULL; |
| 728 | } |
| 729 | else if (bignames_left != 0) |
| 730 | bignames_left--; |
| 731 | |
| 732 | } |
| 733 | |
| 734 | /* If we freed a cache entry for our name which was a CNAME target, use that. |
| 735 | and preserve the uid, so that existing CNAMES are not broken. */ |
| 736 | if (target_crec) |
| 737 | { |
| 738 | new = target_crec; |
| 739 | new->uid = target_uid; |
| 740 | } |
| 741 | |
| 742 | /* Got the rest: finally grab entry. */ |
| 743 | cache_unlink(new); |
| 744 | |
| 745 | new->flags = flags; |
| 746 | if (big_name) |
| 747 | { |
| 748 | new->name.bname = big_name; |
| 749 | new->flags |= F_BIGNAME; |
| 750 | } |
| 751 | |
| 752 | if (name) |
| 753 | strcpy(cache_get_name(new), name); |
| 754 | else |
| 755 | *cache_get_name(new) = 0; |
| 756 | |
| 757 | #ifdef HAVE_DNSSEC |
| 758 | if (flags & (F_DS | F_DNSKEY)) |
| 759 | new->uid = class; |
| 760 | #endif |
| 761 | |
| 762 | if (addr) |
| 763 | new->addr = *addr; |
| 764 | |
| 765 | new->ttd = now + (time_t)ttl; |
| 766 | new->next = new_chain; |
| 767 | new_chain = new; |
| 768 | |
| 769 | return new; |
| 770 | } |
| 771 | |
| 772 | /* after end of insertion, commit the new entries */ |
| 773 | void cache_end_insert(void) |
| 774 | { |
| 775 | if (insert_error) |
| 776 | return; |
| 777 | |
| 778 | while (new_chain) |
| 779 | { |
| 780 | struct crec *tmp = new_chain->next; |
| 781 | /* drop CNAMEs which didn't find a target. */ |
| 782 | if (is_outdated_cname_pointer(new_chain)) |
| 783 | cache_free(new_chain); |
| 784 | else |
| 785 | { |
| 786 | cache_hash(new_chain); |
| 787 | cache_link(new_chain); |
| 788 | daemon->metrics[METRIC_DNS_CACHE_INSERTED]++; |
| 789 | |
| 790 | /* If we're a child process, send this cache entry up the pipe to the master. |
| 791 | The marshalling process is rather nasty. */ |
| 792 | if (daemon->pipe_to_parent != -1) |
| 793 | { |
| 794 | char *name = cache_get_name(new_chain); |
| 795 | ssize_t m = strlen(name); |
| 796 | unsigned int flags = new_chain->flags; |
| 797 | #ifdef HAVE_DNSSEC |
| 798 | u16 class = new_chain->uid; |
| 799 | #endif |
| 800 | |
| 801 | read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0); |
| 802 | read_write(daemon->pipe_to_parent, (unsigned char *)name, m, 0); |
| 803 | read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->ttd, sizeof(new_chain->ttd), 0); |
| 804 | read_write(daemon->pipe_to_parent, (unsigned char *)&flags, sizeof(flags), 0); |
| 805 | read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); |
| 806 | |
| 807 | if (flags & F_RR) |
| 808 | { |
| 809 | /* A negative RR entry is possible and has no data, obviously. */ |
| 810 | if (!(flags & F_NEG) && (flags & F_KEYTAG)) |
| 811 | blockdata_write(new_chain->addr.rrblock.rrdata, new_chain->addr.rrblock.datalen, daemon->pipe_to_parent); |
| 812 | } |
| 813 | #ifdef HAVE_DNSSEC |
| 814 | if (flags & F_DNSKEY) |
| 815 | { |
| 816 | read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); |
| 817 | blockdata_write(new_chain->addr.key.keydata, new_chain->addr.key.keylen, daemon->pipe_to_parent); |
| 818 | } |
| 819 | else if (flags & F_DS) |
| 820 | { |
| 821 | read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); |
| 822 | /* A negative DS entry is possible and has no data, obviously. */ |
| 823 | if (!(flags & F_NEG)) |
| 824 | blockdata_write(new_chain->addr.ds.keydata, new_chain->addr.ds.keylen, daemon->pipe_to_parent); |
| 825 | } |
| 826 | #endif |
| 827 | } |
| 828 | } |
| 829 | |
| 830 | new_chain = tmp; |
| 831 | } |
| 832 | |
| 833 | /* signal end of cache insert in master process */ |
| 834 | if (daemon->pipe_to_parent != -1) |
| 835 | { |
| 836 | ssize_t m = -1; |
| 837 | |
| 838 | read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0); |
| 839 | |
| 840 | #ifdef HAVE_DNSSEC |
| 841 | /* Sneak out possibly updated crypto HWM values. */ |
| 842 | m = daemon->metrics[METRIC_CRYPTO_HWM]; |
| 843 | read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0); |
| 844 | m = daemon->metrics[METRIC_SIG_FAIL_HWM]; |
| 845 | read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0); |
| 846 | m = daemon->metrics[METRIC_WORK_HWM]; |
| 847 | read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0); |
| 848 | #endif |
| 849 | } |
| 850 | |
| 851 | new_chain = NULL; |
| 852 | } |
| 853 | |
| 854 | |
| 855 | /* A marshalled cache entry arrives on fd, read, unmarshall and insert into cache of master process. */ |
| 856 | int cache_recv_insert(time_t now, int fd) |
| 857 | { |
| 858 | ssize_t m; |
| 859 | union all_addr addr; |
| 860 | unsigned long ttl; |
| 861 | time_t ttd; |
| 862 | unsigned int flags; |
| 863 | struct crec *crecp = NULL; |
| 864 | |
| 865 | cache_start_insert(); |
| 866 | |
| 867 | while (1) |
| 868 | { |
| 869 | |
| 870 | if (!read_write(fd, (unsigned char *)&m, sizeof(m), 1)) |
| 871 | return 0; |
| 872 | |
| 873 | if (m == -1) |
| 874 | { |
| 875 | #ifdef HAVE_DNSSEC |
| 876 | /* Sneak in possibly updated crypto HWM. */ |
| 877 | if (!read_write(fd, (unsigned char *)&m, sizeof(m), 1)) |
| 878 | return 0; |
| 879 | if (m > daemon->metrics[METRIC_CRYPTO_HWM]) |
| 880 | daemon->metrics[METRIC_CRYPTO_HWM] = m; |
| 881 | if (!read_write(fd, (unsigned char *)&m, sizeof(m), 1)) |
| 882 | return 0; |
| 883 | if (m > daemon->metrics[METRIC_SIG_FAIL_HWM]) |
| 884 | daemon->metrics[METRIC_SIG_FAIL_HWM] = m; |
| 885 | if (!read_write(fd, (unsigned char *)&m, sizeof(m), 1)) |
| 886 | return 0; |
| 887 | if (m > daemon->metrics[METRIC_WORK_HWM]) |
| 888 | daemon->metrics[METRIC_WORK_HWM] = m; |
| 889 | #endif |
| 890 | cache_end_insert(); |
| 891 | return 1; |
| 892 | } |
| 893 | |
| 894 | if (!read_write(fd, (unsigned char *)daemon->namebuff, m, 1) || |
| 895 | !read_write(fd, (unsigned char *)&ttd, sizeof(ttd), 1) || |
| 896 | !read_write(fd, (unsigned char *)&flags, sizeof(flags), 1) || |
| 897 | !read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) |
| 898 | return 0; |
| 899 | |
| 900 | daemon->namebuff[m] = 0; |
| 901 | |
| 902 | ttl = difftime(ttd, now); |
| 903 | |
| 904 | if (flags & F_CNAME) |
| 905 | { |
| 906 | struct crec *newc = really_insert(daemon->namebuff, NULL, C_IN, now, ttl, flags); |
| 907 | /* This relies on the fact that the target of a CNAME immediately precedes |
| 908 | it because of the order of extraction in extract_addresses, and |
| 909 | the order reversal on the new_chain. */ |
| 910 | if (newc) |
| 911 | { |
| 912 | newc->addr.cname.is_name_ptr = 0; |
| 913 | |
| 914 | if (!crecp) |
| 915 | newc->addr.cname.target.cache = NULL; |
| 916 | else |
| 917 | { |
| 918 | next_uid(crecp); |
| 919 | newc->addr.cname.target.cache = crecp; |
| 920 | newc->addr.cname.uid = crecp->uid; |
| 921 | } |
| 922 | } |
| 923 | } |
| 924 | else |
| 925 | { |
| 926 | unsigned short class = C_IN; |
| 927 | |
| 928 | if ((flags & F_RR) && !(flags & F_NEG) && (flags & F_KEYTAG) |
| 929 | && !(addr.rrblock.rrdata = blockdata_read(fd, addr.rrblock.datalen))) |
| 930 | return 0; |
| 931 | #ifdef HAVE_DNSSEC |
| 932 | if (flags & F_DNSKEY) |
| 933 | { |
| 934 | if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || |
| 935 | !(addr.key.keydata = blockdata_read(fd, addr.key.keylen))) |
| 936 | return 0; |
| 937 | } |
| 938 | else if (flags & F_DS) |
| 939 | { |
| 940 | if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || |
| 941 | (!(flags & F_NEG) && !(addr.key.keydata = blockdata_read(fd, addr.key.keylen)))) |
| 942 | return 0; |
| 943 | } |
| 944 | #endif |
| 945 | crecp = really_insert(daemon->namebuff, &addr, class, now, ttl, flags); |
| 946 | } |
| 947 | } |
| 948 | } |
| 949 | |
| 950 | int cache_find_non_terminal(char *name, time_t now) |
| 951 | { |
| 952 | struct crec *crecp; |
| 953 | |
| 954 | for (crecp = *hash_bucket(name); crecp; crecp = crecp->hash_next) |
| 955 | if (!is_outdated_cname_pointer(crecp) && |
| 956 | !is_expired(now, crecp) && |
| 957 | (crecp->flags & F_FORWARD) && |
| 958 | !(crecp->flags & F_NXDOMAIN) && |
| 959 | hostname_isequal(name, cache_get_name(crecp))) |
| 960 | return 1; |
| 961 | |
| 962 | return 0; |
| 963 | } |
| 964 | |
| 965 | struct crec *cache_find_by_name(struct crec *crecp, char *name, time_t now, unsigned int prot) |
| 966 | { |
| 967 | struct crec *ans; |
| 968 | int no_rr = (prot & F_NO_RR) || option_bool(OPT_NORR); |
| 969 | |
| 970 | prot &= ~F_NO_RR; |
| 971 | |
| 972 | if (crecp) /* iterating */ |
| 973 | ans = crecp->next; |
| 974 | else |
| 975 | { |
| 976 | /* first search, look for relevant entries and push to top of list |
| 977 | also free anything which has expired */ |
| 978 | struct crec *next, **up, **insert = NULL, **chainp = &ans; |
| 979 | unsigned int ins_flags = 0; |
| 980 | |
| 981 | for (up = hash_bucket(name), crecp = *up; crecp; crecp = next) |
| 982 | { |
| 983 | next = crecp->hash_next; |
| 984 | |
| 985 | if (!is_expired(now, crecp) && !is_outdated_cname_pointer(crecp)) |
| 986 | { |
| 987 | if ((crecp->flags & F_FORWARD) && |
| 988 | (crecp->flags & prot) && |
| 989 | hostname_isequal(cache_get_name(crecp), name)) |
| 990 | { |
| 991 | if (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) |
| 992 | { |
| 993 | *chainp = crecp; |
| 994 | chainp = &crecp->next; |
| 995 | } |
| 996 | else |
| 997 | { |
| 998 | cache_unlink(crecp); |
| 999 | cache_link(crecp); |
| 1000 | } |
| 1001 | |
| 1002 | /* Move all but the first entry up the hash chain |
| 1003 | this implements round-robin. |
| 1004 | Make sure that re-ordering doesn't break the hash-chain |
| 1005 | order invariants. |
| 1006 | */ |
| 1007 | if (insert && (crecp->flags & (F_REVERSE | F_IMMORTAL)) == ins_flags) |
| 1008 | { |
| 1009 | *up = crecp->hash_next; |
| 1010 | crecp->hash_next = *insert; |
| 1011 | *insert = crecp; |
| 1012 | insert = &crecp->hash_next; |
| 1013 | } |
| 1014 | else |
| 1015 | { |
| 1016 | if (!insert && !no_rr) |
| 1017 | { |
| 1018 | insert = up; |
| 1019 | ins_flags = crecp->flags & (F_REVERSE | F_IMMORTAL); |
| 1020 | } |
| 1021 | up = &crecp->hash_next; |
| 1022 | } |
| 1023 | } |
| 1024 | else |
| 1025 | /* case : not expired, incorrect entry. */ |
| 1026 | up = &crecp->hash_next; |
| 1027 | } |
| 1028 | else |
| 1029 | { |
| 1030 | /* expired entry, free it */ |
| 1031 | *up = crecp->hash_next; |
| 1032 | if (!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG))) |
| 1033 | { |
| 1034 | cache_unlink(crecp); |
| 1035 | cache_free(crecp); |
| 1036 | } |
| 1037 | } |
| 1038 | } |
| 1039 | |
| 1040 | *chainp = cache_head; |
| 1041 | } |
| 1042 | |
| 1043 | if (ans && |
| 1044 | (ans->flags & F_FORWARD) && |
| 1045 | (ans->flags & prot) && |
| 1046 | hostname_isequal(cache_get_name(ans), name)) |
| 1047 | return ans; |
| 1048 | |
| 1049 | return NULL; |
| 1050 | } |
| 1051 | |
| 1052 | struct crec *cache_find_by_addr(struct crec *crecp, union all_addr *addr, |
| 1053 | time_t now, unsigned int prot) |
| 1054 | { |
| 1055 | struct crec *ans; |
| 1056 | int addrlen = (prot == F_IPV6) ? IN6ADDRSZ : INADDRSZ; |
| 1057 | |
| 1058 | if (crecp) /* iterating */ |
| 1059 | ans = crecp->next; |
| 1060 | else |
| 1061 | { |
| 1062 | /* first search, look for relevant entries and push to top of list |
| 1063 | also free anything which has expired. All the reverse entries are at the |
| 1064 | start of the hash chain, so we can give up when we find the first |
| 1065 | non-REVERSE one. */ |
| 1066 | int i; |
| 1067 | struct crec **up, **chainp = &ans; |
| 1068 | |
| 1069 | for (i=0; i<hash_size; i++) |
| 1070 | for (crecp = hash_table[i], up = &hash_table[i]; |
| 1071 | crecp && (crecp->flags & F_REVERSE); |
| 1072 | crecp = crecp->hash_next) |
| 1073 | if (!is_expired(now, crecp)) |
| 1074 | { |
| 1075 | if ((crecp->flags & prot) && |
| 1076 | memcmp(&crecp->addr, addr, addrlen) == 0) |
| 1077 | { |
| 1078 | if (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) |
| 1079 | { |
| 1080 | *chainp = crecp; |
| 1081 | chainp = &crecp->next; |
| 1082 | } |
| 1083 | else |
| 1084 | { |
| 1085 | cache_unlink(crecp); |
| 1086 | cache_link(crecp); |
| 1087 | } |
| 1088 | } |
| 1089 | up = &crecp->hash_next; |
| 1090 | } |
| 1091 | else |
| 1092 | { |
| 1093 | *up = crecp->hash_next; |
| 1094 | if (!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG))) |
| 1095 | { |
| 1096 | cache_unlink(crecp); |
| 1097 | cache_free(crecp); |
| 1098 | } |
| 1099 | } |
| 1100 | |
| 1101 | *chainp = cache_head; |
| 1102 | } |
| 1103 | |
| 1104 | if (ans && |
| 1105 | (ans->flags & F_REVERSE) && |
| 1106 | (ans->flags & prot) && |
| 1107 | memcmp(&ans->addr, addr, addrlen) == 0) |
| 1108 | return ans; |
| 1109 | |
| 1110 | return NULL; |
| 1111 | } |
| 1112 | |
| 1113 | static void add_hosts_entry(struct crec *cache, union all_addr *addr, int addrlen, |
| 1114 | unsigned int index, struct crec **rhash, int hashsz) |
| 1115 | { |
| 1116 | int i; |
| 1117 | unsigned int j; |
| 1118 | struct crec *lookup = NULL; |
| 1119 | |
| 1120 | /* Remove duplicates in hosts files. */ |
| 1121 | while ((lookup = cache_find_by_name(lookup, cache_get_name(cache), 0, cache->flags & (F_IPV4 | F_IPV6)))) |
| 1122 | if ((lookup->flags & F_HOSTS) && memcmp(&lookup->addr, addr, addrlen) == 0) |
| 1123 | { |
| 1124 | free(cache); |
| 1125 | return; |
| 1126 | } |
| 1127 | |
| 1128 | /* Ensure there is only one address -> name mapping (first one trumps) |
| 1129 | We do this by steam here, The entries are kept in hash chains, linked |
| 1130 | by ->next (which is unused at this point) held in hash buckets in |
| 1131 | the array rhash, hashed on address. Note that rhash and the values |
| 1132 | in ->next are only valid whilst reading hosts files: the buckets are |
| 1133 | then freed, and the ->next pointer used for other things. |
| 1134 | Only insert each unique address once into this hashing structure. |
| 1135 | |
| 1136 | This complexity avoids O(n^2) divergent CPU use whilst reading |
| 1137 | large (10000 entry) hosts files. |
| 1138 | |
| 1139 | Note that we only do this process when bulk-reading hosts files, |
| 1140 | for incremental reads, rhash is NULL, and we use cache lookups |
| 1141 | instead. |
| 1142 | */ |
| 1143 | |
| 1144 | if (rhash) |
| 1145 | { |
| 1146 | /* hash address */ |
| 1147 | for (j = 0, i = 0; i < addrlen; i++) |
| 1148 | j = (j*2 +((unsigned char *)addr)[i]) % hashsz; |
| 1149 | |
| 1150 | for (lookup = rhash[j]; lookup; lookup = lookup->next) |
| 1151 | if ((lookup->flags & cache->flags & (F_IPV4 | F_IPV6)) && |
| 1152 | memcmp(&lookup->addr, addr, addrlen) == 0) |
| 1153 | { |
| 1154 | cache->flags &= ~F_REVERSE; |
| 1155 | break; |
| 1156 | } |
| 1157 | |
| 1158 | /* maintain address hash chain, insert new unique address */ |
| 1159 | if (!lookup) |
| 1160 | { |
| 1161 | cache->next = rhash[j]; |
| 1162 | rhash[j] = cache; |
| 1163 | } |
| 1164 | } |
| 1165 | else |
| 1166 | { |
| 1167 | /* incremental read, lookup in cache */ |
| 1168 | lookup = cache_find_by_addr(NULL, addr, 0, cache->flags & (F_IPV4 | F_IPV6)); |
| 1169 | if (lookup && lookup->flags & F_HOSTS) |
| 1170 | cache->flags &= ~F_REVERSE; |
| 1171 | } |
| 1172 | |
| 1173 | cache->uid = index; |
| 1174 | memcpy(&cache->addr, addr, addrlen); |
| 1175 | cache_hash(cache); |
| 1176 | make_non_terminals(cache); |
| 1177 | } |
| 1178 | |
| 1179 | static int eatspace(FILE *f) |
| 1180 | { |
| 1181 | int c, nl = 0; |
| 1182 | |
| 1183 | while (1) |
| 1184 | { |
| 1185 | if ((c = getc(f)) == '#') |
| 1186 | while (c != '\n' && c != EOF) |
| 1187 | c = getc(f); |
| 1188 | |
| 1189 | if (c == EOF) |
| 1190 | return 1; |
| 1191 | |
| 1192 | if (!isspace(c)) |
| 1193 | { |
| 1194 | ungetc(c, f); |
| 1195 | return nl; |
| 1196 | } |
| 1197 | |
| 1198 | if (c == '\n') |
| 1199 | nl++; |
| 1200 | } |
| 1201 | } |
| 1202 | |
| 1203 | static int gettok(FILE *f, char *token) |
| 1204 | { |
| 1205 | int c, count = 0; |
| 1206 | |
| 1207 | while (1) |
| 1208 | { |
| 1209 | if ((c = getc(f)) == EOF) |
| 1210 | return (count == 0) ? -1 : 1; |
| 1211 | |
| 1212 | if (isspace(c) || c == '#') |
| 1213 | { |
| 1214 | ungetc(c, f); |
| 1215 | return eatspace(f); |
| 1216 | } |
| 1217 | |
| 1218 | if (count < (MAXDNAME - 1)) |
| 1219 | { |
| 1220 | token[count++] = c; |
| 1221 | token[count] = 0; |
| 1222 | } |
| 1223 | } |
| 1224 | } |
| 1225 | |
| 1226 | int read_hostsfile(char *filename, unsigned int index, int cache_size, struct crec **rhash, int hashsz) |
| 1227 | { |
| 1228 | FILE *f = fopen(filename, "r"); |
| 1229 | char *token = daemon->namebuff, *domain_suffix = NULL; |
| 1230 | int names_done = 0, name_count = cache_size, lineno = 1; |
| 1231 | unsigned int flags = 0; |
| 1232 | union all_addr addr; |
| 1233 | int atnl, addrlen = 0; |
| 1234 | |
| 1235 | if (!f) |
| 1236 | { |
| 1237 | my_syslog(LOG_ERR, _("failed to load names from %s: %s"), filename, strerror(errno)); |
| 1238 | return cache_size; |
| 1239 | } |
| 1240 | |
| 1241 | lineno += eatspace(f); |
| 1242 | |
| 1243 | while ((atnl = gettok(f, token)) != -1) |
| 1244 | { |
| 1245 | if (inet_pton(AF_INET, token, &addr) > 0) |
| 1246 | { |
| 1247 | flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4; |
| 1248 | addrlen = INADDRSZ; |
| 1249 | domain_suffix = get_domain(addr.addr4); |
| 1250 | } |
| 1251 | else if (inet_pton(AF_INET6, token, &addr) > 0) |
| 1252 | { |
| 1253 | flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6; |
| 1254 | addrlen = IN6ADDRSZ; |
| 1255 | domain_suffix = get_domain6(&addr.addr6); |
| 1256 | } |
| 1257 | else |
| 1258 | { |
| 1259 | my_syslog(LOG_ERR, _("bad address at %s line %d"), filename, lineno); |
| 1260 | while (atnl == 0) |
| 1261 | atnl = gettok(f, token); |
| 1262 | lineno += atnl; |
| 1263 | continue; |
| 1264 | } |
| 1265 | |
| 1266 | /* rehash every 1000 names. */ |
| 1267 | if (rhash && ((name_count - cache_size) > 1000)) |
| 1268 | { |
| 1269 | rehash(name_count); |
| 1270 | cache_size = name_count; |
| 1271 | } |
| 1272 | |
| 1273 | while (atnl == 0) |
| 1274 | { |
| 1275 | struct crec *cache; |
| 1276 | int fqdn, nomem; |
| 1277 | char *canon; |
| 1278 | |
| 1279 | if ((atnl = gettok(f, token)) == -1) |
| 1280 | break; |
| 1281 | |
| 1282 | fqdn = !!strchr(token, '.'); |
| 1283 | |
| 1284 | if ((canon = canonicalise(token, &nomem))) |
| 1285 | { |
| 1286 | /* If set, add a version of the name with a default domain appended */ |
| 1287 | if (option_bool(OPT_EXPAND) && domain_suffix && !fqdn && |
| 1288 | (cache = whine_malloc(SIZEOF_BARE_CREC + strlen(canon) + 2 + strlen(domain_suffix)))) |
| 1289 | { |
| 1290 | strcpy(cache->name.sname, canon); |
| 1291 | strcat(cache->name.sname, "."); |
| 1292 | strcat(cache->name.sname, domain_suffix); |
| 1293 | cache->flags = flags; |
| 1294 | cache->ttd = daemon->local_ttl; |
| 1295 | add_hosts_entry(cache, &addr, addrlen, index, rhash, hashsz); |
| 1296 | name_count++; |
| 1297 | names_done++; |
| 1298 | } |
| 1299 | if ((cache = whine_malloc(SIZEOF_BARE_CREC + strlen(canon) + 1))) |
| 1300 | { |
| 1301 | strcpy(cache->name.sname, canon); |
| 1302 | cache->flags = flags; |
| 1303 | cache->ttd = daemon->local_ttl; |
| 1304 | add_hosts_entry(cache, &addr, addrlen, index, rhash, hashsz); |
| 1305 | name_count++; |
| 1306 | names_done++; |
| 1307 | } |
| 1308 | free(canon); |
| 1309 | |
| 1310 | } |
| 1311 | else if (!nomem) |
| 1312 | my_syslog(LOG_ERR, _("bad name at %s line %d"), filename, lineno); |
| 1313 | } |
| 1314 | |
| 1315 | lineno += atnl; |
| 1316 | } |
| 1317 | |
| 1318 | fclose(f); |
| 1319 | |
| 1320 | if (rhash) |
| 1321 | rehash(name_count); |
| 1322 | |
| 1323 | my_syslog(LOG_INFO, _("read %s - %d names"), filename, names_done); |
| 1324 | |
| 1325 | return name_count; |
| 1326 | } |
| 1327 | |
| 1328 | void cache_reload(void) |
| 1329 | { |
| 1330 | struct crec *cache, **up, *tmp; |
| 1331 | int revhashsz, i, total_size = daemon->cachesize; |
| 1332 | struct hostsfile *ah; |
| 1333 | struct host_record *hr; |
| 1334 | struct name_list *nl; |
| 1335 | struct cname *a; |
| 1336 | struct crec lrec; |
| 1337 | struct mx_srv_record *mx; |
| 1338 | struct txt_record *txt; |
| 1339 | struct interface_name *intr; |
| 1340 | struct ptr_record *ptr; |
| 1341 | struct naptr *naptr; |
| 1342 | #ifdef HAVE_DNSSEC |
| 1343 | struct ds_config *ds; |
| 1344 | #endif |
| 1345 | |
| 1346 | daemon->metrics[METRIC_DNS_CACHE_INSERTED] = 0; |
| 1347 | daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED] = 0; |
| 1348 | |
| 1349 | for (i=0; i<hash_size; i++) |
| 1350 | for (cache = hash_table[i], up = &hash_table[i]; cache; cache = tmp) |
| 1351 | { |
| 1352 | cache_blockdata_free(cache); |
| 1353 | |
| 1354 | tmp = cache->hash_next; |
| 1355 | if (cache->flags & (F_HOSTS | F_CONFIG)) |
| 1356 | { |
| 1357 | *up = cache->hash_next; |
| 1358 | free(cache); |
| 1359 | } |
| 1360 | else if (!(cache->flags & F_DHCP)) |
| 1361 | { |
| 1362 | *up = cache->hash_next; |
| 1363 | if (cache->flags & F_BIGNAME) |
| 1364 | { |
| 1365 | cache->name.bname->next = big_free; |
| 1366 | big_free = cache->name.bname; |
| 1367 | } |
| 1368 | cache->flags = 0; |
| 1369 | } |
| 1370 | else |
| 1371 | up = &cache->hash_next; |
| 1372 | } |
| 1373 | |
| 1374 | /* Add locally-configured CNAMEs to the cache */ |
| 1375 | for (a = daemon->cnames; a; a = a->next) |
| 1376 | if (a->alias[1] != '*' && |
| 1377 | ((cache = whine_malloc(SIZEOF_POINTER_CREC)))) |
| 1378 | { |
| 1379 | cache->flags = F_FORWARD | F_NAMEP | F_CNAME | F_IMMORTAL | F_CONFIG; |
| 1380 | cache->ttd = a->ttl; |
| 1381 | cache->name.namep = a->alias; |
| 1382 | cache->addr.cname.target.name = a->target; |
| 1383 | cache->addr.cname.is_name_ptr = 1; |
| 1384 | cache->uid = UID_NONE; |
| 1385 | cache_hash(cache); |
| 1386 | make_non_terminals(cache); |
| 1387 | } |
| 1388 | |
| 1389 | #ifdef HAVE_DNSSEC |
| 1390 | for (ds = daemon->ds; ds; ds = ds->next) |
| 1391 | if ((cache = whine_malloc(SIZEOF_POINTER_CREC)) && |
| 1392 | (cache->addr.ds.keydata = blockdata_alloc(ds->digest, ds->digestlen))) |
| 1393 | { |
| 1394 | cache->flags = F_FORWARD | F_IMMORTAL | F_DS | F_CONFIG | F_NAMEP; |
| 1395 | cache->ttd = daemon->local_ttl; |
| 1396 | cache->name.namep = ds->name; |
| 1397 | cache->addr.ds.keylen = ds->digestlen; |
| 1398 | cache->addr.ds.algo = ds->algo; |
| 1399 | cache->addr.ds.keytag = ds->keytag; |
| 1400 | cache->addr.ds.digest = ds->digest_type; |
| 1401 | cache->uid = ds->class; |
| 1402 | cache_hash(cache); |
| 1403 | make_non_terminals(cache); |
| 1404 | } |
| 1405 | #endif |
| 1406 | |
| 1407 | /* borrow the packet buffer for a temporary by-address hash */ |
| 1408 | memset(daemon->packet, 0, daemon->packet_buff_sz); |
| 1409 | revhashsz = daemon->packet_buff_sz / sizeof(struct crec *); |
| 1410 | /* we overwrote the buffer... */ |
| 1411 | daemon->srv_save = NULL; |
| 1412 | |
| 1413 | /* Do host_records in config. */ |
| 1414 | for (hr = daemon->host_records; hr; hr = hr->next) |
| 1415 | for (nl = hr->names; nl; nl = nl->next) |
| 1416 | { |
| 1417 | if ((hr->flags & HR_4) && |
| 1418 | (cache = whine_malloc(SIZEOF_POINTER_CREC))) |
| 1419 | { |
| 1420 | cache->name.namep = nl->name; |
| 1421 | cache->ttd = hr->ttl; |
| 1422 | cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4 | F_NAMEP | F_CONFIG; |
| 1423 | add_hosts_entry(cache, (union all_addr *)&hr->addr, INADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); |
| 1424 | } |
| 1425 | |
| 1426 | if ((hr->flags & HR_6) && |
| 1427 | (cache = whine_malloc(SIZEOF_POINTER_CREC))) |
| 1428 | { |
| 1429 | cache->name.namep = nl->name; |
| 1430 | cache->ttd = hr->ttl; |
| 1431 | cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6 | F_NAMEP | F_CONFIG; |
| 1432 | add_hosts_entry(cache, (union all_addr *)&hr->addr6, IN6ADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); |
| 1433 | } |
| 1434 | } |
| 1435 | |
| 1436 | if (option_bool(OPT_NO_HOSTS) && !daemon->addn_hosts) |
| 1437 | { |
| 1438 | if (daemon->cachesize > 0) |
| 1439 | my_syslog(LOG_INFO, _("cleared cache")); |
| 1440 | } |
| 1441 | else |
| 1442 | { |
| 1443 | if (!option_bool(OPT_NO_HOSTS)) |
| 1444 | total_size = read_hostsfile(HOSTSFILE, SRC_HOSTS, total_size, (struct crec **)daemon->packet, revhashsz); |
| 1445 | |
| 1446 | daemon->addn_hosts = expand_filelist(daemon->addn_hosts); |
| 1447 | for (ah = daemon->addn_hosts; ah; ah = ah->next) |
| 1448 | if (!(ah->flags & AH_INACTIVE)) |
| 1449 | total_size = read_hostsfile(ah->fname, ah->index, total_size, (struct crec **)daemon->packet, revhashsz); |
| 1450 | } |
| 1451 | |
| 1452 | /* Make non-terminal records for all locally-define RRs */ |
| 1453 | lrec.flags = F_FORWARD | F_CONFIG | F_NAMEP | F_IMMORTAL; |
| 1454 | |
| 1455 | for (txt = daemon->txt; txt; txt = txt->next) |
| 1456 | { |
| 1457 | lrec.name.namep = txt->name; |
| 1458 | make_non_terminals(&lrec); |
| 1459 | } |
| 1460 | |
| 1461 | for (naptr = daemon->naptr; naptr; naptr = naptr->next) |
| 1462 | { |
| 1463 | lrec.name.namep = naptr->name; |
| 1464 | make_non_terminals(&lrec); |
| 1465 | } |
| 1466 | |
| 1467 | for (mx = daemon->mxnames; mx; mx = mx->next) |
| 1468 | { |
| 1469 | lrec.name.namep = mx->name; |
| 1470 | make_non_terminals(&lrec); |
| 1471 | } |
| 1472 | |
| 1473 | for (intr = daemon->int_names; intr; intr = intr->next) |
| 1474 | { |
| 1475 | lrec.name.namep = intr->name; |
| 1476 | make_non_terminals(&lrec); |
| 1477 | } |
| 1478 | |
| 1479 | for (ptr = daemon->ptr; ptr; ptr = ptr->next) |
| 1480 | { |
| 1481 | lrec.name.namep = ptr->name; |
| 1482 | make_non_terminals(&lrec); |
| 1483 | } |
| 1484 | |
| 1485 | #ifdef HAVE_INOTIFY |
| 1486 | set_dynamic_inotify(AH_HOSTS, total_size, (struct crec **)daemon->packet, revhashsz); |
| 1487 | #endif |
| 1488 | |
| 1489 | } |
| 1490 | |
| 1491 | #ifdef HAVE_DHCP |
| 1492 | struct in_addr a_record_from_hosts(char *name, time_t now) |
| 1493 | { |
| 1494 | struct crec *crecp = NULL; |
| 1495 | struct in_addr ret; |
| 1496 | |
| 1497 | /* If no DNS service, cache not initialised. */ |
| 1498 | if (daemon->port != 0) |
| 1499 | while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4))) |
| 1500 | if (crecp->flags & F_HOSTS) |
| 1501 | return crecp->addr.addr4; |
| 1502 | |
| 1503 | my_syslog(MS_DHCP | LOG_WARNING, _("No IPv4 address found for %s"), name); |
| 1504 | |
| 1505 | ret.s_addr = 0; |
| 1506 | return ret; |
| 1507 | } |
| 1508 | |
| 1509 | void cache_unhash_dhcp(void) |
| 1510 | { |
| 1511 | struct crec *cache, **up; |
| 1512 | int i; |
| 1513 | |
| 1514 | for (i=0; i<hash_size; i++) |
| 1515 | for (cache = hash_table[i], up = &hash_table[i]; cache; cache = cache->hash_next) |
| 1516 | if (cache->flags & F_DHCP) |
| 1517 | { |
| 1518 | *up = cache->hash_next; |
| 1519 | cache->next = dhcp_spare; |
| 1520 | dhcp_spare = cache; |
| 1521 | } |
| 1522 | else |
| 1523 | up = &cache->hash_next; |
| 1524 | } |
| 1525 | |
| 1526 | void cache_add_dhcp_entry(char *host_name, int prot, |
| 1527 | union all_addr *host_address, time_t ttd) |
| 1528 | { |
| 1529 | struct crec *crec = NULL, *fail_crec = NULL; |
| 1530 | unsigned int flags = F_IPV4; |
| 1531 | int in_hosts = 0; |
| 1532 | size_t addrlen = sizeof(struct in_addr); |
| 1533 | |
| 1534 | if (prot == AF_INET6) |
| 1535 | { |
| 1536 | flags = F_IPV6; |
| 1537 | addrlen = sizeof(struct in6_addr); |
| 1538 | } |
| 1539 | |
| 1540 | inet_ntop(prot, host_address, daemon->addrbuff, ADDRSTRLEN); |
| 1541 | |
| 1542 | while ((crec = cache_find_by_name(crec, host_name, 0, flags | F_CNAME))) |
| 1543 | { |
| 1544 | /* check all addresses associated with name */ |
| 1545 | if (crec->flags & (F_HOSTS | F_CONFIG)) |
| 1546 | { |
| 1547 | if (crec->flags & F_CNAME) |
| 1548 | my_syslog(MS_DHCP | LOG_WARNING, |
| 1549 | _("%s is a CNAME, not giving it to the DHCP lease of %s"), |
| 1550 | host_name, daemon->addrbuff); |
| 1551 | else if (memcmp(&crec->addr, host_address, addrlen) == 0) |
| 1552 | in_hosts = 1; |
| 1553 | else |
| 1554 | fail_crec = crec; |
| 1555 | } |
| 1556 | else if (!(crec->flags & F_DHCP)) |
| 1557 | { |
| 1558 | cache_scan_free(host_name, NULL, C_IN, 0, crec->flags & (flags | F_CNAME | F_FORWARD), NULL, NULL); |
| 1559 | /* scan_free deletes all addresses associated with name */ |
| 1560 | break; |
| 1561 | } |
| 1562 | } |
| 1563 | |
| 1564 | /* if in hosts, don't need DHCP record */ |
| 1565 | if (in_hosts) |
| 1566 | return; |
| 1567 | |
| 1568 | /* Name in hosts, address doesn't match */ |
| 1569 | if (fail_crec) |
| 1570 | { |
| 1571 | inet_ntop(prot, &fail_crec->addr, daemon->namebuff, MAXDNAME); |
| 1572 | my_syslog(MS_DHCP | LOG_WARNING, |
| 1573 | _("not giving name %s to the DHCP lease of %s because " |
| 1574 | "the name exists in %s with address %s"), |
| 1575 | host_name, daemon->addrbuff, |
| 1576 | record_source(fail_crec->uid), daemon->namebuff); |
| 1577 | return; |
| 1578 | } |
| 1579 | |
| 1580 | if ((crec = cache_find_by_addr(NULL, (union all_addr *)host_address, 0, flags))) |
| 1581 | { |
| 1582 | if (crec->flags & F_NEG) |
| 1583 | { |
| 1584 | flags |= F_REVERSE; |
| 1585 | cache_scan_free(NULL, (union all_addr *)host_address, C_IN, 0, flags, NULL, NULL); |
| 1586 | } |
| 1587 | } |
| 1588 | else |
| 1589 | flags |= F_REVERSE; |
| 1590 | |
| 1591 | if ((crec = dhcp_spare)) |
| 1592 | dhcp_spare = dhcp_spare->next; |
| 1593 | else /* need new one */ |
| 1594 | crec = whine_malloc(SIZEOF_POINTER_CREC); |
| 1595 | |
| 1596 | if (crec) /* malloc may fail */ |
| 1597 | { |
| 1598 | crec->flags = flags | F_NAMEP | F_DHCP | F_FORWARD; |
| 1599 | if (ttd == 0) |
| 1600 | crec->flags |= F_IMMORTAL; |
| 1601 | else |
| 1602 | crec->ttd = ttd; |
| 1603 | crec->addr = *host_address; |
| 1604 | crec->name.namep = host_name; |
| 1605 | crec->uid = UID_NONE; |
| 1606 | cache_hash(crec); |
| 1607 | make_non_terminals(crec); |
| 1608 | } |
| 1609 | } |
| 1610 | #endif |
| 1611 | |
| 1612 | /* Called when we put a local or DHCP name into the cache. |
| 1613 | Creates empty cache entries for subnames (ie, |
| 1614 | for three.two.one, for two.one and one), without |
| 1615 | F_IPV4 or F_IPV6 or F_CNAME set. These convert |
| 1616 | NXDOMAIN answers to NoData ones. */ |
| 1617 | static void make_non_terminals(struct crec *source) |
| 1618 | { |
| 1619 | char *name = cache_get_name(source); |
| 1620 | struct crec *crecp, *tmp, **up; |
| 1621 | int type = F_HOSTS | F_CONFIG; |
| 1622 | #ifdef HAVE_DHCP |
| 1623 | if (source->flags & F_DHCP) |
| 1624 | type = F_DHCP; |
| 1625 | #endif |
| 1626 | |
| 1627 | /* First delete any empty entries for our new real name. Note that |
| 1628 | we only delete empty entries deriving from DHCP for a new DHCP-derived |
| 1629 | entry and vice-versa for HOSTS and CONFIG. This ensures that |
| 1630 | non-terminals from DHCP go when we reload DHCP and |
| 1631 | for HOSTS/CONFIG when we re-read. */ |
| 1632 | for (up = hash_bucket(name), crecp = *up; crecp; crecp = tmp) |
| 1633 | { |
| 1634 | tmp = crecp->hash_next; |
| 1635 | |
| 1636 | if (!is_outdated_cname_pointer(crecp) && |
| 1637 | (crecp->flags & F_FORWARD) && |
| 1638 | (crecp->flags & type) && |
| 1639 | !(crecp->flags & (F_IPV4 | F_IPV6 | F_CNAME | F_DNSKEY | F_DS | F_RR)) && |
| 1640 | hostname_isequal(name, cache_get_name(crecp))) |
| 1641 | { |
| 1642 | *up = crecp->hash_next; |
| 1643 | #ifdef HAVE_DHCP |
| 1644 | if (type & F_DHCP) |
| 1645 | { |
| 1646 | crecp->next = dhcp_spare; |
| 1647 | dhcp_spare = crecp; |
| 1648 | } |
| 1649 | else |
| 1650 | #endif |
| 1651 | free(crecp); |
| 1652 | break; |
| 1653 | } |
| 1654 | else |
| 1655 | up = &crecp->hash_next; |
| 1656 | } |
| 1657 | |
| 1658 | while ((name = strchr(name, '.'))) |
| 1659 | { |
| 1660 | name++; |
| 1661 | |
| 1662 | /* Look for one existing, don't need another */ |
| 1663 | for (crecp = *hash_bucket(name); crecp; crecp = crecp->hash_next) |
| 1664 | if (!is_outdated_cname_pointer(crecp) && |
| 1665 | (crecp->flags & F_FORWARD) && |
| 1666 | (crecp->flags & type) && |
| 1667 | hostname_isequal(name, cache_get_name(crecp))) |
| 1668 | break; |
| 1669 | |
| 1670 | if (crecp) |
| 1671 | { |
| 1672 | /* If the new name expires later, transfer that time to |
| 1673 | empty non-terminal entry. */ |
| 1674 | if (!(crecp->flags & F_IMMORTAL)) |
| 1675 | { |
| 1676 | if (source->flags & F_IMMORTAL) |
| 1677 | crecp->flags |= F_IMMORTAL; |
| 1678 | else if (difftime(crecp->ttd, source->ttd) < 0) |
| 1679 | crecp->ttd = source->ttd; |
| 1680 | } |
| 1681 | continue; |
| 1682 | } |
| 1683 | |
| 1684 | #ifdef HAVE_DHCP |
| 1685 | if ((source->flags & F_DHCP) && dhcp_spare) |
| 1686 | { |
| 1687 | crecp = dhcp_spare; |
| 1688 | dhcp_spare = dhcp_spare->next; |
| 1689 | } |
| 1690 | else |
| 1691 | #endif |
| 1692 | crecp = whine_malloc(SIZEOF_POINTER_CREC); |
| 1693 | |
| 1694 | if (crecp) |
| 1695 | { |
| 1696 | crecp->flags = (source->flags | F_NAMEP) & ~(F_IPV4 | F_IPV6 | F_CNAME | F_RR | F_DNSKEY | F_DS | F_REVERSE); |
| 1697 | if (!(crecp->flags & F_IMMORTAL)) |
| 1698 | crecp->ttd = source->ttd; |
| 1699 | crecp->name.namep = name; |
| 1700 | |
| 1701 | cache_hash(crecp); |
| 1702 | } |
| 1703 | } |
| 1704 | } |
| 1705 | |
| 1706 | #ifndef NO_ID |
| 1707 | int cache_make_stat(struct txt_record *t) |
| 1708 | { |
| 1709 | static char *buff = NULL; |
| 1710 | static int bufflen = 60; |
| 1711 | int len; |
| 1712 | struct server *serv, *serv1; |
| 1713 | char *p; |
| 1714 | |
| 1715 | if (!buff && !(buff = whine_malloc(60))) |
| 1716 | return 0; |
| 1717 | |
| 1718 | p = buff; |
| 1719 | |
| 1720 | switch (t->stat) |
| 1721 | { |
| 1722 | case TXT_STAT_CACHESIZE: |
| 1723 | sprintf(buff+1, "%d", daemon->cachesize); |
| 1724 | break; |
| 1725 | |
| 1726 | case TXT_STAT_INSERTS: |
| 1727 | sprintf(buff+1, "%d", daemon->metrics[METRIC_DNS_CACHE_INSERTED]); |
| 1728 | break; |
| 1729 | |
| 1730 | case TXT_STAT_EVICTIONS: |
| 1731 | sprintf(buff+1, "%d", daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED]); |
| 1732 | break; |
| 1733 | |
| 1734 | case TXT_STAT_MISSES: |
| 1735 | sprintf(buff+1, "%u", daemon->metrics[METRIC_DNS_QUERIES_FORWARDED]); |
| 1736 | break; |
| 1737 | |
| 1738 | case TXT_STAT_HITS: |
| 1739 | sprintf(buff+1, "%u", daemon->metrics[METRIC_DNS_LOCAL_ANSWERED]); |
| 1740 | break; |
| 1741 | |
| 1742 | #ifdef HAVE_AUTH |
| 1743 | case TXT_STAT_AUTH: |
| 1744 | sprintf(buff+1, "%u", daemon->metrics[METRIC_DNS_AUTH_ANSWERED]); |
| 1745 | break; |
| 1746 | #endif |
| 1747 | |
| 1748 | case TXT_STAT_SERVERS: |
| 1749 | /* sum counts from different records for same server */ |
| 1750 | for (serv = daemon->servers; serv; serv = serv->next) |
| 1751 | serv->flags &= ~SERV_MARK; |
| 1752 | |
| 1753 | for (serv = daemon->servers; serv; serv = serv->next) |
| 1754 | if (!(serv->flags & SERV_MARK)) |
| 1755 | { |
| 1756 | char *new, *lenp; |
| 1757 | int port, newlen, bytes_avail, bytes_needed; |
| 1758 | unsigned int queries = 0, failed_queries = 0; |
| 1759 | for (serv1 = serv; serv1; serv1 = serv1->next) |
| 1760 | if (!(serv1->flags & SERV_MARK) && sockaddr_isequal(&serv->addr, &serv1->addr)) |
| 1761 | { |
| 1762 | serv1->flags |= SERV_MARK; |
| 1763 | queries += serv1->queries; |
| 1764 | failed_queries += serv1->failed_queries; |
| 1765 | } |
| 1766 | port = prettyprint_addr(&serv->addr, daemon->addrbuff); |
| 1767 | lenp = p++; /* length */ |
| 1768 | bytes_avail = bufflen - (p - buff ); |
| 1769 | bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries); |
| 1770 | if (bytes_needed >= bytes_avail) |
| 1771 | { |
| 1772 | /* expand buffer if necessary */ |
| 1773 | newlen = bytes_needed + 1 + bufflen - bytes_avail; |
| 1774 | if (!(new = whine_realloc(buff, newlen))) |
| 1775 | return 0; |
| 1776 | p = new + (p - buff); |
| 1777 | lenp = p - 1; |
| 1778 | buff = new; |
| 1779 | bufflen = newlen; |
| 1780 | bytes_avail = bufflen - (p - buff ); |
| 1781 | bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries); |
| 1782 | } |
| 1783 | *lenp = bytes_needed; |
| 1784 | p += bytes_needed; |
| 1785 | } |
| 1786 | t->txt = (unsigned char *)buff; |
| 1787 | t->len = p - buff; |
| 1788 | |
| 1789 | return 1; |
| 1790 | } |
| 1791 | |
| 1792 | len = strlen(buff+1); |
| 1793 | t->txt = (unsigned char *)buff; |
| 1794 | t->len = len + 1; |
| 1795 | *buff = len; |
| 1796 | return 1; |
| 1797 | } |
| 1798 | #endif |
| 1799 | |
| 1800 | /* There can be names in the cache containing control chars, don't |
| 1801 | mess up logging or open security holes. */ |
| 1802 | static char *sanitise(char *name) |
| 1803 | { |
| 1804 | unsigned char *r; |
| 1805 | if (name) |
| 1806 | for (r = (unsigned char *)name; *r; r++) |
| 1807 | if (!isprint((int)*r)) |
| 1808 | return "<name unprintable>"; |
| 1809 | |
| 1810 | return name; |
| 1811 | } |
| 1812 | |
| 1813 | static void dump_cache_entry(struct crec *cache, time_t now) |
| 1814 | { |
| 1815 | (void)now; |
| 1816 | static char *buff = NULL; |
| 1817 | |
| 1818 | char *p, *t = " "; |
| 1819 | char *a = daemon->addrbuff, *n = cache_get_name(cache); |
| 1820 | |
| 1821 | /* String length is limited below */ |
| 1822 | if (!buff && !(buff = whine_malloc(150))) |
| 1823 | return; |
| 1824 | |
| 1825 | p = buff; |
| 1826 | |
| 1827 | *a = 0; |
| 1828 | |
| 1829 | if (cache->flags & F_REVERSE) |
| 1830 | { |
| 1831 | if ((cache->flags & F_NEG)) |
| 1832 | n = ""; |
| 1833 | } |
| 1834 | else |
| 1835 | { |
| 1836 | if (strlen(n) == 0) |
| 1837 | n = "<Root>"; |
| 1838 | } |
| 1839 | |
| 1840 | p += sprintf(p, "%-30.30s ", sanitise(n)); |
| 1841 | if ((cache->flags & F_CNAME) && !is_outdated_cname_pointer(cache)) |
| 1842 | a = sanitise(cache_get_cname_target(cache)); |
| 1843 | else if (cache->flags & F_RR) |
| 1844 | { |
| 1845 | if (cache->flags & F_KEYTAG) |
| 1846 | sprintf(a, "%s", querystr(NULL, cache->addr.rrblock.rrtype)); |
| 1847 | else |
| 1848 | sprintf(a, "%s", querystr(NULL, cache->addr.rrdata.rrtype)); |
| 1849 | } |
| 1850 | #ifdef HAVE_DNSSEC |
| 1851 | else if (cache->flags & F_DS) |
| 1852 | { |
| 1853 | if (!(cache->flags & F_NEG)) |
| 1854 | sprintf(a, "%5u %3u %3u", cache->addr.ds.keytag, |
| 1855 | cache->addr.ds.algo, cache->addr.ds.digest); |
| 1856 | } |
| 1857 | else if (cache->flags & F_DNSKEY) |
| 1858 | sprintf(a, "%5u %3u %3u", cache->addr.key.keytag, |
| 1859 | cache->addr.key.algo, cache->addr.key.flags); |
| 1860 | #endif |
| 1861 | else if (!(cache->flags & F_NEG) || !(cache->flags & F_FORWARD)) |
| 1862 | { |
| 1863 | a = daemon->addrbuff; |
| 1864 | if (cache->flags & F_IPV4) |
| 1865 | inet_ntop(AF_INET, &cache->addr, a, ADDRSTRLEN); |
| 1866 | else if (cache->flags & F_IPV6) |
| 1867 | inet_ntop(AF_INET6, &cache->addr, a, ADDRSTRLEN); |
| 1868 | } |
| 1869 | |
| 1870 | if (cache->flags & F_IPV4) |
| 1871 | t = "4"; |
| 1872 | else if (cache->flags & F_IPV6) |
| 1873 | t = "6"; |
| 1874 | else if (cache->flags & F_CNAME) |
| 1875 | t = "C"; |
| 1876 | else if (cache->flags & F_RR) |
| 1877 | t = "T"; |
| 1878 | #ifdef HAVE_DNSSEC |
| 1879 | else if (cache->flags & F_DS) |
| 1880 | t = "S"; |
| 1881 | else if (cache->flags & F_DNSKEY) |
| 1882 | t = "K"; |
| 1883 | #endif |
| 1884 | else if (!(cache->flags & F_NXDOMAIN)) /* non-terminal */ |
| 1885 | t = "!"; |
| 1886 | |
| 1887 | p += sprintf(p, "%-40.40s %s%s%s%s%s%s%s%s%s%s ", a, t, |
| 1888 | cache->flags & F_FORWARD ? "F" : " ", |
| 1889 | cache->flags & F_REVERSE ? "R" : " ", |
| 1890 | cache->flags & F_IMMORTAL ? "I" : " ", |
| 1891 | cache->flags & F_DHCP ? "D" : " ", |
| 1892 | cache->flags & F_NEG ? "N" : " ", |
| 1893 | cache->flags & F_NXDOMAIN ? "X" : " ", |
| 1894 | cache->flags & F_HOSTS ? "H" : " ", |
| 1895 | cache->flags & F_CONFIG ? "C" : " ", |
| 1896 | cache->flags & F_DNSSECOK ? "V" : " "); |
| 1897 | #ifdef HAVE_BROKEN_RTC |
| 1898 | p += sprintf(p, "%-24lu", cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now)); |
| 1899 | #else |
| 1900 | p += sprintf(p, "%-24.24s", cache->flags & F_IMMORTAL ? "" : ctime(&(cache->ttd))); |
| 1901 | #endif |
| 1902 | if(cache->flags & (F_HOSTS | F_CONFIG) && cache->uid > 0) |
| 1903 | p += sprintf(p, " %-40.40s", record_source(cache->uid)); |
| 1904 | |
| 1905 | my_syslog(LOG_INFO, "%s", buff); |
| 1906 | } |
| 1907 | |
| 1908 | void dump_cache(time_t now) |
| 1909 | { |
| 1910 | struct server *serv, *serv1; |
| 1911 | |
| 1912 | my_syslog(LOG_INFO, _("time %lu"), (unsigned long)now); |
| 1913 | my_syslog(LOG_INFO, _("cache size %d, %d/%d cache insertions re-used unexpired cache entries."), |
| 1914 | daemon->cachesize, daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED], daemon->metrics[METRIC_DNS_CACHE_INSERTED]); |
| 1915 | my_syslog(LOG_INFO, _("queries forwarded %u, queries answered locally %u"), |
| 1916 | daemon->metrics[METRIC_DNS_QUERIES_FORWARDED], daemon->metrics[METRIC_DNS_LOCAL_ANSWERED]); |
| 1917 | if (daemon->cache_max_expiry != 0) |
| 1918 | my_syslog(LOG_INFO, _("queries answered from stale cache %u"), daemon->metrics[METRIC_DNS_STALE_ANSWERED]); |
| 1919 | #ifdef HAVE_AUTH |
| 1920 | my_syslog(LOG_INFO, _("queries for authoritative zones %u"), daemon->metrics[METRIC_DNS_AUTH_ANSWERED]); |
| 1921 | #endif |
| 1922 | #ifdef HAVE_DNSSEC |
| 1923 | my_syslog(LOG_INFO, _("DNSSEC per-query subqueries HWM %u"), daemon->metrics[METRIC_WORK_HWM]); |
| 1924 | my_syslog(LOG_INFO, _("DNSSEC per-query crypto work HWM %u"), daemon->metrics[METRIC_CRYPTO_HWM]); |
| 1925 | my_syslog(LOG_INFO, _("DNSSEC per-RRSet signature fails HWM %u"), daemon->metrics[METRIC_SIG_FAIL_HWM]); |
| 1926 | #endif |
| 1927 | |
| 1928 | blockdata_report(); |
| 1929 | my_syslog(LOG_INFO, _("child processes for TCP requests: in use %zu, highest since last SIGUSR1 %zu, max allowed %zu."), |
| 1930 | daemon->metrics[METRIC_TCP_CONNECTIONS], |
| 1931 | daemon->max_procs_used, |
| 1932 | daemon->max_procs); |
| 1933 | daemon->max_procs_used = daemon->metrics[METRIC_TCP_CONNECTIONS]; |
| 1934 | |
| 1935 | /* sum counts from different records for same server */ |
| 1936 | for (serv = daemon->servers; serv; serv = serv->next) |
| 1937 | serv->flags &= ~SERV_MARK; |
| 1938 | |
| 1939 | for (serv = daemon->servers; serv; serv = serv->next) |
| 1940 | if (!(serv->flags & SERV_MARK)) |
| 1941 | { |
| 1942 | int port; |
| 1943 | unsigned int queries = 0, failed_queries = 0, nxdomain_replies = 0, retrys = 0; |
| 1944 | unsigned int sigma_latency = 0, count_latency = 0; |
| 1945 | |
| 1946 | for (serv1 = serv; serv1; serv1 = serv1->next) |
| 1947 | if (!(serv1->flags & SERV_MARK) && sockaddr_isequal(&serv->addr, &serv1->addr)) |
| 1948 | { |
| 1949 | serv1->flags |= SERV_MARK; |
| 1950 | queries += serv1->queries; |
| 1951 | failed_queries += serv1->failed_queries; |
| 1952 | nxdomain_replies += serv1->nxdomain_replies; |
| 1953 | retrys += serv1->retrys; |
| 1954 | sigma_latency += serv1->query_latency; |
| 1955 | count_latency++; |
| 1956 | } |
| 1957 | port = prettyprint_addr(&serv->addr, daemon->addrbuff); |
| 1958 | my_syslog(LOG_INFO, _("server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"), |
| 1959 | daemon->addrbuff, port, queries, retrys, failed_queries, nxdomain_replies, sigma_latency/count_latency); |
| 1960 | } |
| 1961 | |
| 1962 | if (option_bool(OPT_DEBUG) || option_bool(OPT_LOG)) |
| 1963 | { |
| 1964 | struct crec *cache; |
| 1965 | int i; |
| 1966 | my_syslog(LOG_INFO, "Host Address Flags Expires Source"); |
| 1967 | my_syslog(LOG_INFO, "------------------------------ ---------------------------------------- ---------- ------------------------ ------------"); |
| 1968 | |
| 1969 | for (i=0; i<hash_size; i++) |
| 1970 | for (cache = hash_table[i]; cache; cache = cache->hash_next) |
| 1971 | dump_cache_entry(cache, now); |
| 1972 | } |
| 1973 | } |
| 1974 | |
| 1975 | char *record_source(unsigned int index) |
| 1976 | { |
| 1977 | struct hostsfile *ah; |
| 1978 | #ifdef HAVE_INOTIFY |
| 1979 | struct dyndir *dd; |
| 1980 | #endif |
| 1981 | |
| 1982 | if (index == SRC_CONFIG) |
| 1983 | return "config"; |
| 1984 | else if (index == SRC_HOSTS) |
| 1985 | return HOSTSFILE; |
| 1986 | |
| 1987 | for (ah = daemon->addn_hosts; ah; ah = ah->next) |
| 1988 | if (ah->index == index) |
| 1989 | return ah->fname; |
| 1990 | |
| 1991 | #ifdef HAVE_INOTIFY |
| 1992 | /* Dynamic directories contain multiple files */ |
| 1993 | for (dd = daemon->dynamic_dirs; dd; dd = dd->next) |
| 1994 | for (ah = dd->files; ah; ah = ah->next) |
| 1995 | if (ah->index == index) |
| 1996 | return ah->fname; |
| 1997 | #endif |
| 1998 | |
| 1999 | return "<unknown>"; |
| 2000 | } |
| 2001 | |
| 2002 | static char *querystr(char *desc, unsigned short type) |
| 2003 | { |
| 2004 | unsigned int i; |
| 2005 | int len = 10; /* strlen("type=xxxxx") */ |
| 2006 | const char *types = NULL; |
| 2007 | static char *buff = NULL; |
| 2008 | static int bufflen = 0; |
| 2009 | |
| 2010 | for (i = 0; i < (sizeof(typestr)/sizeof(typestr[0])); i++) |
| 2011 | if (typestr[i].type == type) |
| 2012 | { |
| 2013 | types = typestr[i].name; |
| 2014 | len = strlen(types); |
| 2015 | break; |
| 2016 | } |
| 2017 | |
| 2018 | if (desc) |
| 2019 | { |
| 2020 | len += 2; /* braces */ |
| 2021 | len += strlen(desc); |
| 2022 | } |
| 2023 | len++; /* terminator */ |
| 2024 | |
| 2025 | if (!buff || bufflen < len) |
| 2026 | { |
| 2027 | if (buff) |
| 2028 | free(buff); |
| 2029 | else if (len < 20) |
| 2030 | len = 20; |
| 2031 | |
| 2032 | buff = whine_malloc(len); |
| 2033 | bufflen = len; |
| 2034 | } |
| 2035 | |
| 2036 | if (buff) |
| 2037 | { |
| 2038 | if (desc) |
| 2039 | { |
| 2040 | if (types) |
| 2041 | sprintf(buff, "%s[%s]", desc, types); |
| 2042 | else |
| 2043 | sprintf(buff, "%s[type=%d]", desc, type); |
| 2044 | } |
| 2045 | else |
| 2046 | { |
| 2047 | if (types) |
| 2048 | sprintf(buff, "<%s>", types); |
| 2049 | else |
| 2050 | sprintf(buff, "<type=%d>", type); |
| 2051 | } |
| 2052 | } |
| 2053 | |
| 2054 | return buff ? buff : ""; |
| 2055 | } |
| 2056 | |
| 2057 | static char *edestr(int ede) |
| 2058 | { |
| 2059 | switch (ede) |
| 2060 | { |
| 2061 | case EDE_OTHER: return "other"; |
| 2062 | case EDE_USUPDNSKEY: return "unsupported DNSKEY algorithm"; |
| 2063 | case EDE_USUPDS: return "unsupported DS digest"; |
| 2064 | case EDE_STALE: return "stale answer"; |
| 2065 | case EDE_FORGED: return "forged"; |
| 2066 | case EDE_DNSSEC_IND: return "DNSSEC indeterminate"; |
| 2067 | case EDE_DNSSEC_BOGUS: return "DNSSEC bogus"; |
| 2068 | case EDE_SIG_EXP: return "DNSSEC signature expired"; |
| 2069 | case EDE_SIG_NYV: return "DNSSEC sig not yet valid"; |
| 2070 | case EDE_NO_DNSKEY: return "DNSKEY missing"; |
| 2071 | case EDE_NO_RRSIG: return "RRSIG missing"; |
| 2072 | case EDE_NO_ZONEKEY: return "no zone key bit set"; |
| 2073 | case EDE_NO_NSEC: return "NSEC(3) missing"; |
| 2074 | case EDE_CACHED_ERR: return "cached error"; |
| 2075 | case EDE_NOT_READY: return "not ready"; |
| 2076 | case EDE_BLOCKED: return "blocked"; |
| 2077 | case EDE_CENSORED: return "censored"; |
| 2078 | case EDE_FILTERED: return "filtered"; |
| 2079 | case EDE_PROHIBITED: return "prohibited"; |
| 2080 | case EDE_STALE_NXD: return "stale NXDOMAIN"; |
| 2081 | case EDE_NOT_AUTH: return "not authoritative"; |
| 2082 | case EDE_NOT_SUP: return "not supported"; |
| 2083 | case EDE_NO_AUTH: return "no reachable authority"; |
| 2084 | case EDE_NETERR: return "network error"; |
| 2085 | case EDE_INVALID_DATA: return "invalid data"; |
| 2086 | case EDE_SIG_E_B_V: return "signature expired before valid"; |
| 2087 | case EDE_TOO_EARLY: return "too early"; |
| 2088 | case EDE_UNS_NS3_ITER: return "unsupported NSEC3 iterations value"; |
| 2089 | case EDE_UNABLE_POLICY: return "uanble to conform to policy"; |
| 2090 | case EDE_SYNTHESIZED: return "synthesized"; |
| 2091 | default: return "unknown"; |
| 2092 | } |
| 2093 | } |
| 2094 | |
| 2095 | void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg, unsigned short type) |
| 2096 | { |
| 2097 | char *source, *dest; |
| 2098 | char *verb = "is"; |
| 2099 | char *extra = ""; |
| 2100 | char *gap = " "; |
| 2101 | char portstring[7]; /* space for #<portnum> */ |
| 2102 | |
| 2103 | if (!option_bool(OPT_LOG)) |
| 2104 | return; |
| 2105 | |
| 2106 | /* build query type string if requested */ |
| 2107 | if (!(flags & (F_SERVER | F_IPSET)) && type > 0) |
| 2108 | arg = querystr(arg, type); |
| 2109 | |
| 2110 | dest = arg; |
| 2111 | |
| 2112 | #ifdef HAVE_DNSSEC |
| 2113 | if ((flags & F_DNSSECOK) && option_bool(OPT_EXTRALOG)) |
| 2114 | extra = " (DNSSEC signed)"; |
| 2115 | #endif |
| 2116 | |
| 2117 | name = sanitise(name); |
| 2118 | |
| 2119 | if (addr) |
| 2120 | { |
| 2121 | dest = daemon->addrbuff; |
| 2122 | |
| 2123 | if (flags & F_RR) |
| 2124 | { |
| 2125 | if (flags & F_KEYTAG) |
| 2126 | dest = querystr(NULL, addr->rrblock.rrtype); |
| 2127 | else |
| 2128 | dest = querystr(NULL, addr->rrdata.rrtype); |
| 2129 | } |
| 2130 | else if (flags & F_KEYTAG) |
| 2131 | sprintf(daemon->addrbuff, arg, addr->log.keytag, addr->log.algo, addr->log.digest); |
| 2132 | else if (flags & F_RCODE) |
| 2133 | { |
| 2134 | unsigned int rcode = addr->log.rcode; |
| 2135 | |
| 2136 | if (rcode == SERVFAIL) |
| 2137 | dest = "SERVFAIL"; |
| 2138 | else if (rcode == REFUSED) |
| 2139 | dest = "REFUSED"; |
| 2140 | else if (rcode == NOTIMP) |
| 2141 | dest = "not implemented"; |
| 2142 | else |
| 2143 | sprintf(daemon->addrbuff, "%u", rcode); |
| 2144 | |
| 2145 | if (addr->log.ede != EDE_UNSET) |
| 2146 | { |
| 2147 | extra = daemon->addrbuff; |
| 2148 | sprintf(extra, " (EDE: %s)", edestr(addr->log.ede)); |
| 2149 | } |
| 2150 | } |
| 2151 | else if (flags & (F_IPV4 | F_IPV6)) |
| 2152 | { |
| 2153 | inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6, |
| 2154 | addr, daemon->addrbuff, ADDRSTRLEN); |
| 2155 | if ((flags & F_SERVER) && type != NAMESERVER_PORT) |
| 2156 | { |
| 2157 | extra = portstring; |
| 2158 | sprintf(portstring, "#%u", type); |
| 2159 | } |
| 2160 | } |
| 2161 | else |
| 2162 | dest = arg; |
| 2163 | } |
| 2164 | |
| 2165 | if (flags & F_REVERSE) |
| 2166 | { |
| 2167 | dest = name; |
| 2168 | name = daemon->addrbuff; |
| 2169 | } |
| 2170 | |
| 2171 | if (flags & F_NEG) |
| 2172 | { |
| 2173 | if (flags & F_NXDOMAIN) |
| 2174 | dest = "NXDOMAIN"; |
| 2175 | else |
| 2176 | { |
| 2177 | if (flags & F_IPV4) |
| 2178 | dest = "NODATA-IPv4"; |
| 2179 | else if (flags & F_IPV6) |
| 2180 | dest = "NODATA-IPv6"; |
| 2181 | else |
| 2182 | dest = "NODATA"; |
| 2183 | } |
| 2184 | } |
| 2185 | else if (flags & F_CNAME) |
| 2186 | dest = "<CNAME>"; |
| 2187 | else if (flags & F_RRNAME) |
| 2188 | dest = arg; |
| 2189 | |
| 2190 | if (flags & F_CONFIG) |
| 2191 | source = "config"; |
| 2192 | else if (flags & F_DHCP) |
| 2193 | source = "DHCP"; |
| 2194 | else if (flags & F_HOSTS) |
| 2195 | source = arg; |
| 2196 | else if (flags & F_UPSTREAM) |
| 2197 | source = "reply"; |
| 2198 | else if (flags & F_SECSTAT) |
| 2199 | { |
| 2200 | if (addr && addr->log.ede != EDE_UNSET && option_bool(OPT_EXTRALOG)) |
| 2201 | { |
| 2202 | extra = daemon->addrbuff; |
| 2203 | sprintf(extra, " (EDE: %s)", edestr(addr->log.ede)); |
| 2204 | } |
| 2205 | source = "validation"; |
| 2206 | dest = arg; |
| 2207 | } |
| 2208 | else if (flags & F_AUTH) |
| 2209 | source = "auth"; |
| 2210 | else if (flags & F_DNSSEC) |
| 2211 | { |
| 2212 | source = arg; |
| 2213 | verb = "to"; |
| 2214 | } |
| 2215 | else if (flags & F_SERVER) |
| 2216 | { |
| 2217 | source = "forwarded"; |
| 2218 | verb = "to"; |
| 2219 | } |
| 2220 | else if (flags & F_QUERY) |
| 2221 | { |
| 2222 | source = arg; |
| 2223 | verb = "from"; |
| 2224 | } |
| 2225 | else if (flags & F_IPSET) |
| 2226 | { |
| 2227 | source = type ? "ipset add" : "nftset add"; |
| 2228 | dest = name; |
| 2229 | name = arg; |
| 2230 | verb = daemon->addrbuff; |
| 2231 | } |
| 2232 | else if (flags & F_STALE) |
| 2233 | source = "cached-stale"; |
| 2234 | else |
| 2235 | source = "cached"; |
| 2236 | |
| 2237 | if (!name) |
| 2238 | gap = name = ""; |
| 2239 | else if (!name[0]) |
| 2240 | name = "."; |
| 2241 | |
| 2242 | if (option_bool(OPT_EXTRALOG)) |
| 2243 | { |
| 2244 | if (flags & F_NOEXTRA) |
| 2245 | my_syslog(LOG_INFO, "%u %s %s%s%s %s%s", daemon->log_display_id, source, name, gap, verb, dest, extra); |
| 2246 | else |
| 2247 | { |
| 2248 | int port = prettyprint_addr(daemon->log_source_addr, daemon->addrbuff2); |
| 2249 | my_syslog(LOG_INFO, "%u %s/%u %s %s%s%s %s%s", daemon->log_display_id, daemon->addrbuff2, port, source, name, gap, verb, dest, extra); |
| 2250 | } |
| 2251 | } |
| 2252 | else |
| 2253 | my_syslog(LOG_INFO, "%s %s%s%s %s%s", source, name, gap, verb, dest, extra); |
| 2254 | } |