diff options
Diffstat (limited to 'daemon')
| -rw-r--r-- | daemon/daemon.c | 18 | ||||
| -rw-r--r-- | daemon/remote.c | 34 | ||||
| -rw-r--r-- | daemon/stats.c | 2 | ||||
| -rw-r--r-- | daemon/unbound.c | 60 | ||||
| -rw-r--r-- | daemon/worker.c | 29 |
5 files changed, 80 insertions, 63 deletions
diff --git a/daemon/daemon.c b/daemon/daemon.c index 7461a26e2104..0b1200a2e00a 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -221,7 +221,9 @@ daemon_init(void) (void)sldns_key_EVP_load_gost_id(); # endif # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif # else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS @@ -248,8 +250,6 @@ daemon_init(void) /* init timezone info while we are not chrooted yet */ tzset(); #endif - /* open /dev/random if needed */ - ub_systemseed((unsigned)time(NULL)^(unsigned)getpid()^0xe67); daemon->need_to_exit = 0; modstack_init(&daemon->mods); if(!(daemon->env = (struct module_env*)calloc(1, @@ -427,9 +427,7 @@ daemon_create_workers(struct daemon* daemon) int* shufport; log_assert(daemon && daemon->cfg); if(!daemon->rand) { - unsigned int seed = (unsigned int)time(NULL) ^ - (unsigned int)getpid() ^ 0x438; - daemon->rand = ub_initstate(seed, NULL); + daemon->rand = ub_initstate(NULL); if(!daemon->rand) fatal_exit("could not init random generator"); hash_set_raninit((uint32_t)ub_random(daemon->rand)); @@ -575,6 +573,9 @@ void daemon_fork(struct daemon* daemon) { int have_view_respip_cfg = 0; +#ifdef HAVE_SYSTEMD + int ret; +#endif log_assert(daemon); if(!(daemon->views = views_create())) @@ -660,7 +661,12 @@ daemon_fork(struct daemon* daemon) /* Start resolver service on main thread. */ #ifdef HAVE_SYSTEMD - sd_notify(0, "READY=1"); + ret = sd_notify(0, "READY=1"); + if(ret <= 0 && getenv("NOTIFY_SOCKET")) + fatal_exit("sd_notify failed %s: %s. Make sure that unbound has " + "access/permission to use the socket presented by systemd.", + getenv("NOTIFY_SOCKET"), + (ret==0?"no $NOTIFY_SOCKET": strerror(-ret))); #endif log_info("start of service (%s).", PACKAGE_STRING); worker_work(daemon->workers[0]); diff --git a/daemon/remote.c b/daemon/remote.c index 1689154f5721..25547f5705d9 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -499,7 +499,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err, goto close_exit; } SSL_set_accept_state(n->ssl); - (void)SSL_set_mode(n->ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(n->ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(n->ssl, newfd)) { log_crypto_err("could not SSL_set_fd"); SSL_free(n->ssl); @@ -674,19 +674,19 @@ static void send_ok(RES* ssl) /** do the stop command */ static void -do_stop(RES* ssl, struct daemon_remote* rc) +do_stop(RES* ssl, struct worker* worker) { - rc->worker->need_to_exit = 1; - comm_base_exit(rc->worker->base); + worker->need_to_exit = 1; + comm_base_exit(worker->base); send_ok(ssl); } /** do the reload command */ static void -do_reload(RES* ssl, struct daemon_remote* rc) +do_reload(RES* ssl, struct worker* worker) { - rc->worker->need_to_exit = 0; - comm_base_exit(rc->worker->base); + worker->need_to_exit = 0; + comm_base_exit(worker->base); send_ok(ssl); } @@ -1070,9 +1070,9 @@ print_ext(RES* ssl, struct ub_stats_info* s) /** do the stats command */ static void -do_stats(RES* ssl, struct daemon_remote* rc, int reset) +do_stats(RES* ssl, struct worker* worker, int reset) { - struct daemon* daemon = rc->worker->daemon; + struct daemon* daemon = worker->daemon; struct ub_stats_info total; struct ub_stats_info s; int i; @@ -1080,7 +1080,7 @@ do_stats(RES* ssl, struct daemon_remote* rc, int reset) log_assert(daemon->num > 0); /* gather all thread statistics in one place */ for(i=0; i<daemon->num; i++) { - server_stats_obtain(rc->worker, daemon->workers[i], &s, reset); + server_stats_obtain(worker, daemon->workers[i], &s, reset); if(!print_thread_stats(ssl, i, &s)) return; if(i == 0) @@ -1091,10 +1091,10 @@ do_stats(RES* ssl, struct daemon_remote* rc, int reset) total.mesh_time_median /= (double)daemon->num; if(!print_stats(ssl, "total", &total)) return; - if(!print_uptime(ssl, rc->worker, reset)) + if(!print_uptime(ssl, worker, reset)) return; if(daemon->cfg->stat_extended) { - if(!print_mem(ssl, rc->worker, daemon, &total)) + if(!print_mem(ssl, worker, daemon, &total)) return; if(!print_hist(ssl, &total)) return; @@ -2851,16 +2851,16 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, char* p = skipwhite(cmd); /* compare command */ if(cmdcmp(p, "stop", 4)) { - do_stop(ssl, rc); + do_stop(ssl, worker); return; } else if(cmdcmp(p, "reload", 6)) { - do_reload(ssl, rc); + do_reload(ssl, worker); return; } else if(cmdcmp(p, "stats_noreset", 13)) { - do_stats(ssl, rc, 0); + do_stats(ssl, worker, 0); return; } else if(cmdcmp(p, "stats", 5)) { - do_stats(ssl, rc, 1); + do_stats(ssl, worker, 1); return; } else if(cmdcmp(p, "status", 6)) { do_status(ssl, worker); @@ -3125,7 +3125,7 @@ remote_handshake_later(struct daemon_remote* rc, struct rc_state* s, } else { if(r == 0) log_err("remote control connection closed prematurely"); - log_addr(1, "failed connection from", + log_addr(VERB_OPS, "failed connection from", &s->c->repinfo.addr, s->c->repinfo.addrlen); log_crypto_err("remote control failed ssl"); clean_point(rc, s); diff --git a/daemon/stats.c b/daemon/stats.c index 504b0efccc4a..a01fb6d342ca 100644 --- a/daemon/stats.c +++ b/daemon/stats.c @@ -77,7 +77,7 @@ stats_timeval_add(long long* d_sec, long long* d_usec, long long add_sec, long l #ifndef S_SPLINT_S (*d_sec) += add_sec; (*d_usec) += add_usec; - if((*d_usec) > 1000000) { + if((*d_usec) >= 1000000) { (*d_usec) -= 1000000; (*d_sec)++; } diff --git a/daemon/unbound.c b/daemon/unbound.c index 6cc8225f5d18..beffb57005fa 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -88,31 +88,20 @@ # include "nss.h" #endif -/** print usage. */ -static void usage(void) +/** print build options. */ +static void +print_build_options(void) { const char** m; const char *evnm="event", *evsys="", *evmethod=""; time_t t; struct timeval now; struct ub_event_base* base; - printf("usage: unbound [options]\n"); - printf(" start unbound daemon DNS resolver.\n"); - printf("-h this help\n"); - printf("-c file config file to read instead of %s\n", CONFIGFILE); - printf(" file format is described in unbound.conf(5).\n"); - printf("-d do not fork into the background.\n"); - printf("-p do not create a pidfile.\n"); - printf("-v verbose (more times to increase verbosity)\n"); -#ifdef UB_ON_WINDOWS - printf("-w opt windows option: \n"); - printf(" install, remove - manage the services entry\n"); - printf(" service - used to start from services control panel\n"); -#endif - printf("Version %s\n", PACKAGE_VERSION); + printf("Version %s\n\n", PACKAGE_VERSION); + printf("Configure line: %s\n", CONFCMDLINE); base = ub_default_event_base(0,&t,&now); ub_get_event_sys(base, &evnm, &evsys, &evmethod); - printf("linked libs: %s %s (it uses %s), %s\n", + printf("Linked libs: %s %s (it uses %s), %s\n", evnm, evsys, evmethod, #ifdef HAVE_SSL # ifdef SSLEAY_VERSION @@ -126,16 +115,42 @@ static void usage(void) "nettle" #endif ); - printf("linked modules:"); + printf("Linked modules:"); for(m = module_list_avail(); *m; m++) printf(" %s", *m); printf("\n"); #ifdef USE_DNSCRYPT printf("DNSCrypt feature available\n"); #endif +#ifdef USE_TCP_FASTOPEN + printf("TCP Fastopen feature available\n"); +#endif + ub_event_base_free(base); + printf("\nBSD licensed, see LICENSE in source package for details.\n"); + printf("Report bugs to %s\n", PACKAGE_BUGREPORT); +} + +/** print usage. */ +static void +usage(void) +{ + printf("usage: unbound [options]\n"); + printf(" start unbound daemon DNS resolver.\n"); + printf("-h this help.\n"); + printf("-c file config file to read instead of %s\n", CONFIGFILE); + printf(" file format is described in unbound.conf(5).\n"); + printf("-d do not fork into the background.\n"); + printf("-p do not create a pidfile.\n"); + printf("-v verbose (more times to increase verbosity).\n"); + printf("-V show version number and build options.\n"); +#ifdef UB_ON_WINDOWS + printf("-w opt windows option: \n"); + printf(" install, remove - manage the services entry\n"); + printf(" service - used to start from services control panel\n"); +#endif + printf("\nVersion %s\n", PACKAGE_VERSION); printf("BSD licensed, see LICENSE in source package for details.\n"); printf("Report bugs to %s\n", PACKAGE_BUGREPORT); - ub_event_base_free(base); } #ifndef unbound_testbound @@ -720,7 +735,7 @@ main(int argc, char* argv[]) log_ident_default = strrchr(argv[0],'/')?strrchr(argv[0],'/')+1:argv[0]; log_ident_set(log_ident_default); /* parse the options */ - while( (c=getopt(argc, argv, "c:dhpvw:")) != -1) { + while( (c=getopt(argc, argv, "c:dhpvw:V")) != -1) { switch(c) { case 'c': cfgfile = optarg; @@ -741,6 +756,9 @@ main(int argc, char* argv[]) case 'w': winopt = optarg; break; + case 'V': + print_build_options(); + return 0; case '?': case 'h': default: @@ -769,7 +787,7 @@ main(int argc, char* argv[]) log_init(NULL, 0, NULL); /* close logfile */ #ifndef unbound_testbound if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } #endif return 0; diff --git a/daemon/worker.c b/daemon/worker.c index 661f6967d41d..e2ce0e87009b 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -721,8 +721,6 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, if(encode_rep != rep) secure = 0; /* if rewritten, it can't be considered "secure" */ if(!encode_rep || *alias_rrset) { - sldns_buffer_clear(repinfo->c->buffer); - sldns_buffer_flip(repinfo->c->buffer); if(!encode_rep) *need_drop = 1; else { @@ -762,17 +760,14 @@ bail_out: return 0; } -/** Reply to client and perform prefetch to keep cache up to date. - * If the buffer for the reply is empty, it indicates that only prefetch is - * necessary and the reply should be suppressed (because it's dropped or - * being deferred). */ +/** Reply to client and perform prefetch to keep cache up to date. */ static void reply_and_prefetch(struct worker* worker, struct query_info* qinfo, - uint16_t flags, struct comm_reply* repinfo, time_t leeway) + uint16_t flags, struct comm_reply* repinfo, time_t leeway, int noreply) { /* first send answer to client to keep its latency * as small as a cachereply */ - if(sldns_buffer_limit(repinfo->c->buffer) != 0) { + if(!noreply) { if(repinfo->c->tcp_req_info) { sldns_buffer_copy( repinfo->c->tcp_req_info->spool_buffer, @@ -1100,7 +1095,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, struct respip_client_info* cinfo = NULL, cinfo_tmp; memset(&qinfo, 0, sizeof(qinfo)); - if(error != NETEVENT_NOERROR) { + if(error != NETEVENT_NOERROR || !repinfo) { /* some bad tcp query DNS formats give these error calls */ verbose(VERB_ALGO, "handle request called with err=%d", error); return 0; @@ -1484,7 +1479,8 @@ lookup_cache: lock_rw_unlock(&e->lock); reply_and_prefetch(worker, lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2), - repinfo, leeway); + repinfo, leeway, + (partial_rep || need_drop)); if(!partial_rep) { rc = 0; regional_free_all(worker->scratchpad); @@ -1566,16 +1562,17 @@ send_reply_rc: #endif if(worker->env.cfg->log_replies) { - struct timeval tv = {0, 0}; + struct timeval tv; + memset(&tv, 0, sizeof(tv)); if(qinfo.local_alias && qinfo.local_alias->rrset && qinfo.local_alias->rrset->rk.dname) { /* log original qname, before the local alias was * used to resolve that CNAME to something else */ qinfo.qname = qinfo.local_alias->rrset->rk.dname; - log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, + log_reply_info(NO_VERBOSE, &qinfo, &repinfo->addr, repinfo->addrlen, tv, 1, c->buffer); } else { - log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, + log_reply_info(NO_VERBOSE, &qinfo, &repinfo->addr, repinfo->addrlen, tv, 1, c->buffer); } } @@ -1684,11 +1681,7 @@ worker_create(struct daemon* daemon, int id, int* ports, int n) return NULL; } /* create random state here to avoid locking trouble in RAND_bytes */ - seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^ - (((unsigned int)worker->thread_num)<<17); - /* shift thread_num so it does not match out pid bits */ - if(!(worker->rndstate = ub_initstate(seed, daemon->rand))) { - explicit_bzero(&seed, sizeof(seed)); + if(!(worker->rndstate = ub_initstate(daemon->rand))) { log_err("could not init random numbers."); tube_delete(worker->cmd); free(worker->ports); |