diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2022-10-16 19:24:20 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2022-10-16 19:24:20 +0000 |
| commit | 643f9a0581e8aac7eb790ced1164748939829826 (patch) | |
| tree | 426d366252d838c8c61b439342ab32eccd181425 /daemon | |
| parent | 0dde6f4f8e604df8c6fbdab8b4aadb5ddf80c76f (diff) | |
Diffstat (limited to 'daemon')
| -rw-r--r-- | daemon/acl_list.c | 447 | ||||
| -rw-r--r-- | daemon/acl_list.h | 39 | ||||
| -rw-r--r-- | daemon/daemon.c | 61 | ||||
| -rw-r--r-- | daemon/daemon.h | 2 | ||||
| -rw-r--r-- | daemon/remote.c | 6 | ||||
| -rw-r--r-- | daemon/stats.c | 27 | ||||
| -rw-r--r-- | daemon/worker.c | 152 | ||||
| -rw-r--r-- | daemon/worker.h | 4 |
8 files changed, 599 insertions, 139 deletions
diff --git a/daemon/acl_list.c b/daemon/acl_list.c index aecb3e0c6437..f3961dbbb7ad 100644 --- a/daemon/acl_list.c +++ b/daemon/acl_list.c @@ -46,9 +46,10 @@ #include "util/config_file.h" #include "util/net_help.h" #include "services/localzone.h" +#include "services/listen_dnsport.h" #include "sldns/str2wire.h" -struct acl_list* +struct acl_list* acl_list_create(void) { struct acl_list* acl = (struct acl_list*)calloc(1, @@ -63,10 +64,10 @@ acl_list_create(void) return acl; } -void +void acl_list_delete(struct acl_list* acl) { - if(!acl) + if(!acl) return; regional_destroy(acl->region); free(acl); @@ -74,8 +75,8 @@ acl_list_delete(struct acl_list* acl) /** insert new address into acl_list structure */ static struct acl_addr* -acl_list_insert(struct acl_list* acl, struct sockaddr_storage* addr, - socklen_t addrlen, int net, enum acl_access control, +acl_list_insert(struct acl_list* acl, struct sockaddr_storage* addr, + socklen_t addrlen, int net, enum acl_access control, int complain_duplicates) { struct acl_addr* node = regional_alloc_zero(acl->region, @@ -90,6 +91,31 @@ acl_list_insert(struct acl_list* acl, struct sockaddr_storage* addr, return node; } +/** parse str to acl_access enum */ +static int +parse_acl_access(const char* str, enum acl_access* control) +{ + if(strcmp(str, "allow") == 0) + *control = acl_allow; + else if(strcmp(str, "deny") == 0) + *control = acl_deny; + else if(strcmp(str, "refuse") == 0) + *control = acl_refuse; + else if(strcmp(str, "deny_non_local") == 0) + *control = acl_deny_non_local; + else if(strcmp(str, "refuse_non_local") == 0) + *control = acl_refuse_non_local; + else if(strcmp(str, "allow_snoop") == 0) + *control = acl_allow_snoop; + else if(strcmp(str, "allow_setrd") == 0) + *control = acl_allow_setrd; + else { + log_err("access control type %s unknown", str); + return 0; + } + return 1; +} + /** apply acl_list string */ static int acl_list_str_cfg(struct acl_list* acl, const char* str, const char* s2, @@ -99,29 +125,14 @@ acl_list_str_cfg(struct acl_list* acl, const char* str, const char* s2, int net; socklen_t addrlen; enum acl_access control; - if(strcmp(s2, "allow") == 0) - control = acl_allow; - else if(strcmp(s2, "deny") == 0) - control = acl_deny; - else if(strcmp(s2, "refuse") == 0) - control = acl_refuse; - else if(strcmp(s2, "deny_non_local") == 0) - control = acl_deny_non_local; - else if(strcmp(s2, "refuse_non_local") == 0) - control = acl_refuse_non_local; - else if(strcmp(s2, "allow_snoop") == 0) - control = acl_allow_snoop; - else if(strcmp(s2, "allow_setrd") == 0) - control = acl_allow_setrd; - else { - log_err("access control type %s unknown", str); + if(!parse_acl_access(s2, &control)) { return 0; } if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { log_err("cannot parse access control: %s %s", str, s2); return 0; } - if(!acl_list_insert(acl, &addr, addrlen, net, control, + if(!acl_list_insert(acl, &addr, addrlen, net, control, complain_duplicates)) { log_err("out of memory"); return 0; @@ -131,19 +142,27 @@ acl_list_str_cfg(struct acl_list* acl, const char* str, const char* s2, /** find or create node (NULL on parse or error) */ static struct acl_addr* -acl_find_or_create(struct acl_list* acl, const char* str) +acl_find_or_create_str2addr(struct acl_list* acl, const char* str, + int is_interface, int port) { struct acl_addr* node; struct sockaddr_storage addr; - int net; socklen_t addrlen; - if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { - log_err("cannot parse netblock: %s", str); - return NULL; + int net = (str_is_ip6(str)?128:32); + if(is_interface) { + if(!extstrtoaddr(str, &addr, &addrlen, port)) { + log_err("cannot parse interface: %s", str); + return NULL; + } + } else { + if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { + log_err("cannot parse netblock: %s", str); + return NULL; + } } /* find or create node */ if(!(node=(struct acl_addr*)addr_tree_find(&acl->tree, &addr, - addrlen, net))) { + addrlen, net)) && !is_interface) { /* create node, type 'allow' since otherwise tags are * pointless, can override with specific access-control: cfg */ if(!(node=(struct acl_addr*)acl_list_insert(acl, &addr, @@ -155,14 +174,65 @@ acl_find_or_create(struct acl_list* acl, const char* str) return node; } +/** find or create node (NULL on error) */ +static struct acl_addr* +acl_find_or_create(struct acl_list* acl, struct sockaddr_storage* addr, + socklen_t addrlen, enum acl_access control) +{ + struct acl_addr* node; + int net = (addr_is_ip6(addr, addrlen)?128:32); + /* find or create node */ + if(!(node=(struct acl_addr*)addr_tree_find(&acl->tree, addr, + addrlen, net))) { + /* create node; + * can override with specific access-control: cfg */ + if(!(node=(struct acl_addr*)acl_list_insert(acl, addr, + addrlen, net, control, 1))) { + log_err("out of memory"); + return NULL; + } + } + return node; +} + +/** apply acl_interface string */ +static int +acl_interface_str_cfg(struct acl_list* acl_interface, const char* iface, + const char* s2, int port) +{ + struct acl_addr* node; + enum acl_access control; + if(!parse_acl_access(s2, &control)) { + return 0; + } + if(!(node=acl_find_or_create_str2addr(acl_interface, iface, 1, port))) { + log_err("cannot update ACL on non-configured interface: %s %d", + iface, port); + return 0; + } + node->control = control; + return 1; +} + +struct acl_addr* +acl_interface_insert(struct acl_list* acl_interface, + struct sockaddr_storage* addr, socklen_t addrlen, + enum acl_access control) +{ + return acl_find_or_create(acl_interface, addr, addrlen, control); +} + /** apply acl_tag string */ static int acl_list_tags_cfg(struct acl_list* acl, const char* str, uint8_t* bitmap, - size_t bitmaplen) + size_t bitmaplen, int is_interface, int port) { struct acl_addr* node; - if(!(node=acl_find_or_create(acl, str))) + if(!(node=acl_find_or_create_str2addr(acl, str, is_interface, port))) { + if(is_interface) + log_err("non-configured interface: %s", str); return 0; + } node->taglen = bitmaplen; node->taglist = regional_alloc_init(acl->region, bitmap, bitmaplen); if(!node->taglist) { @@ -175,11 +245,14 @@ acl_list_tags_cfg(struct acl_list* acl, const char* str, uint8_t* bitmap, /** apply acl_view string */ static int acl_list_view_cfg(struct acl_list* acl, const char* str, const char* str2, - struct views* vs) + struct views* vs, int is_interface, int port) { struct acl_addr* node; - if(!(node=acl_find_or_create(acl, str))) + if(!(node=acl_find_or_create_str2addr(acl, str, is_interface, port))) { + if(is_interface) + log_err("non-configured interface: %s", str); return 0; + } node->view = views_find_view(vs, str2, 0 /* get read lock*/); if(!node->view) { log_err("no view with name: %s", str2); @@ -192,13 +265,17 @@ acl_list_view_cfg(struct acl_list* acl, const char* str, const char* str2, /** apply acl_tag_action string */ static int acl_list_tag_action_cfg(struct acl_list* acl, struct config_file* cfg, - const char* str, const char* tag, const char* action) + const char* str, const char* tag, const char* action, + int is_interface, int port) { struct acl_addr* node; int tagid; enum localzone_type t; - if(!(node=acl_find_or_create(acl, str))) + if(!(node=acl_find_or_create_str2addr(acl, str, is_interface, port))) { + if(is_interface) + log_err("non-configured interface: %s", str); return 0; + } /* allocate array if not yet */ if(!node->tag_actions) { node->tag_actions = (uint8_t*)regional_alloc_zero(acl->region, @@ -281,13 +358,17 @@ check_data(const char* data, const struct config_strlist* head) /** apply acl_tag_data string */ static int acl_list_tag_data_cfg(struct acl_list* acl, struct config_file* cfg, - const char* str, const char* tag, const char* data) + const char* str, const char* tag, const char* data, + int is_interface, int port) { struct acl_addr* node; int tagid; char* dupdata; - if(!(node=acl_find_or_create(acl, str))) + if(!(node=acl_find_or_create_str2addr(acl, str, is_interface, port))) { + if(is_interface) + log_err("non-configured interface: %s", str); return 0; + } /* allocate array if not yet */ if(!node->tag_datas) { node->tag_datas = (struct config_strlist**)regional_alloc_zero( @@ -329,11 +410,11 @@ acl_list_tag_data_cfg(struct acl_list* acl, struct config_file* cfg, } /** read acl_list config */ -static int -read_acl_list(struct acl_list* acl, struct config_file* cfg) +static int +read_acl_list(struct acl_list* acl, struct config_str2list* acls) { struct config_str2list* p; - for(p = cfg->acls; p; p = p->next) { + for(p = acls; p; p = p->next) { log_assert(p->str && p->str2); if(!acl_list_str_cfg(acl, p->str, p->str2, 1)) return 0; @@ -341,16 +422,17 @@ read_acl_list(struct acl_list* acl, struct config_file* cfg) return 1; } -/** read acl tags config */ -static int -read_acl_tags(struct acl_list* acl, struct config_file* cfg) +/** read acl view config */ +static int +read_acl_view(struct acl_list* acl, struct config_str2list** acl_view, + struct views* v) { - struct config_strbytelist* np, *p = cfg->acl_tags; - cfg->acl_tags = NULL; + struct config_str2list* np, *p = *acl_view; + *acl_view = NULL; while(p) { log_assert(p->str && p->str2); - if(!acl_list_tags_cfg(acl, p->str, p->str2, p->str2len)) { - config_del_strbytelist(p); + if(!acl_list_view_cfg(acl, p->str, p->str2, v, 0, 0)) { + config_deldblstrlist(p); return 0; } /* free the items as we go to free up memory */ @@ -363,15 +445,16 @@ read_acl_tags(struct acl_list* acl, struct config_file* cfg) return 1; } -/** read acl view config */ -static int -read_acl_view(struct acl_list* acl, struct config_file* cfg, struct views* v) +/** read acl tags config */ +static int +read_acl_tags(struct acl_list* acl, struct config_strbytelist** acl_tags) { - struct config_str2list* np, *p = cfg->acl_view; - cfg->acl_view = NULL; + struct config_strbytelist* np, *p = *acl_tags; + *acl_tags = NULL; while(p) { log_assert(p->str && p->str2); - if(!acl_list_view_cfg(acl, p->str, p->str2, v)) { + if(!acl_list_tags_cfg(acl, p->str, p->str2, p->str2len, 0, 0)) { + config_del_strbytelist(p); return 0; } /* free the items as we go to free up memory */ @@ -385,16 +468,17 @@ read_acl_view(struct acl_list* acl, struct config_file* cfg, struct views* v) } /** read acl tag actions config */ -static int -read_acl_tag_actions(struct acl_list* acl, struct config_file* cfg) +static int +read_acl_tag_actions(struct acl_list* acl, struct config_file* cfg, + struct config_str3list** acl_tag_actions) { struct config_str3list* p, *np; - p = cfg->acl_tag_actions; - cfg->acl_tag_actions = NULL; + p = *acl_tag_actions; + *acl_tag_actions = NULL; while(p) { log_assert(p->str && p->str2 && p->str3); if(!acl_list_tag_action_cfg(acl, cfg, p->str, p->str2, - p->str3)) { + p->str3, 0, 0)) { config_deltrplstrlist(p); return 0; } @@ -410,15 +494,17 @@ read_acl_tag_actions(struct acl_list* acl, struct config_file* cfg) } /** read acl tag datas config */ -static int -read_acl_tag_datas(struct acl_list* acl, struct config_file* cfg) +static int +read_acl_tag_datas(struct acl_list* acl, struct config_file* cfg, + struct config_str3list** acl_tag_datas) { struct config_str3list* p, *np; - p = cfg->acl_tag_datas; - cfg->acl_tag_datas = NULL; + p = *acl_tag_datas; + *acl_tag_datas = NULL; while(p) { log_assert(p->str && p->str2 && p->str3); - if(!acl_list_tag_data_cfg(acl, cfg, p->str, p->str2, p->str3)) { + if(!acl_list_tag_data_cfg(acl, cfg, p->str, p->str2, p->str3, + 0, 0)) { config_deltrplstrlist(p); return 0; } @@ -433,30 +519,27 @@ read_acl_tag_datas(struct acl_list* acl, struct config_file* cfg) return 1; } -int +int acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg, struct views* v) { regional_free_all(acl->region); addr_tree_init(&acl->tree); - if(!read_acl_list(acl, cfg)) + if(!read_acl_list(acl, cfg->acls)) return 0; - if(!read_acl_view(acl, cfg, v)) + if(!read_acl_view(acl, &cfg->acl_view, v)) return 0; - if(!read_acl_tags(acl, cfg)) + if(!read_acl_tags(acl, &cfg->acl_tags)) return 0; - if(!read_acl_tag_actions(acl, cfg)) + if(!read_acl_tag_actions(acl, cfg, &cfg->acl_tag_actions)) return 0; - if(!read_acl_tag_datas(acl, cfg)) + if(!read_acl_tag_datas(acl, cfg, &cfg->acl_tag_datas)) return 0; /* insert defaults, with '0' to ignore them if they are duplicates */ - if(!acl_list_str_cfg(acl, "0.0.0.0/0", "refuse", 0)) - return 0; + /* the 'refuse' defaults for /0 are now done per interface instead */ if(!acl_list_str_cfg(acl, "127.0.0.0/8", "allow", 0)) return 0; if(cfg->do_ip6) { - if(!acl_list_str_cfg(acl, "::0/0", "refuse", 0)) - return 0; if(!acl_list_str_cfg(acl, "::1", "allow", 0)) return 0; if(!acl_list_str_cfg(acl, "::ffff:127.0.0.1", "allow", 0)) @@ -466,7 +549,223 @@ acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg, return 1; } -enum acl_access +int +acl_interface_compare(const void* k1, const void* k2) +{ + struct addr_tree_node* n1 = (struct addr_tree_node*)k1; + struct addr_tree_node* n2 = (struct addr_tree_node*)k2; + return sockaddr_cmp(&n1->addr, n1->addrlen, &n2->addr, + n2->addrlen); + /* We don't care about comparing node->net. All addresses in the + * acl_interface tree have either 32 (ipv4) or 128 (ipv6). */ +} + +void +acl_interface_init(struct acl_list* acl_interface) +{ + regional_free_all(acl_interface->region); + /* We want comparison in the tree to include only address and port. + * We don't care about comparing node->net. All addresses in the + * acl_interface->tree should have either 32 (ipv4) or 128 (ipv6). + * Initialise with the appropriate compare function but keep treating + * it as an addr_tree. */ + addr_tree_addrport_init(&acl_interface->tree); +} + +static int +read_acl_interface_action(struct acl_list* acl_interface, + struct config_str2list* acls, int port) +{ + struct config_str2list* p; + for(p = acls; p; p = p->next) { + char** resif = NULL; + int num_resif = 0; + int i; + log_assert(p->str && p->str2); + if(!resolve_interface_names(&p->str, 1, NULL, &resif, &num_resif)) + return 0; + for(i = 0; i<num_resif; i++) { + if(!acl_interface_str_cfg(acl_interface, resif[i], p->str2, port)){ + config_del_strarray(resif, num_resif); + return 0; + } + } + config_del_strarray(resif, num_resif); + } + return 1; +} + +/** read acl view config for interface */ +static int +read_acl_interface_view(struct acl_list* acl_interface, + struct config_str2list** acl_view, + struct views* v, int port) +{ + struct config_str2list* np, *p = *acl_view; + *acl_view = NULL; + while(p) { + char** resif = NULL; + int num_resif = 0; + int i; + log_assert(p->str && p->str2); + if(!resolve_interface_names(&p->str, 1, NULL, &resif, &num_resif)) { + config_deldblstrlist(p); + return 0; + } + for(i = 0; i<num_resif; i++) { + if(!acl_list_view_cfg(acl_interface, resif[i], p->str2, + v, 1, port)) { + config_del_strarray(resif, num_resif); + config_deldblstrlist(p); + return 0; + } + } + config_del_strarray(resif, num_resif); + /* free the items as we go to free up memory */ + np = p->next; + free(p->str); + free(p->str2); + free(p); + p = np; + } + return 1; +} + +/** read acl tags config for interface */ +static int +read_acl_interface_tags(struct acl_list* acl_interface, + struct config_strbytelist** acl_tags, int port) +{ + struct config_strbytelist* np, *p = *acl_tags; + *acl_tags = NULL; + while(p) { + char** resif = NULL; + int num_resif = 0; + int i; + log_assert(p->str && p->str2); + if(!resolve_interface_names(&p->str, 1, NULL, &resif, &num_resif)) { + config_del_strbytelist(p); + return 0; + } + for(i = 0; i<num_resif; i++) { + if(!acl_list_tags_cfg(acl_interface, resif[i], p->str2, + p->str2len, 1, port)) { + config_del_strbytelist(p); + config_del_strarray(resif, num_resif); + return 0; + } + } + config_del_strarray(resif, num_resif); + /* free the items as we go to free up memory */ + np = p->next; + free(p->str); + free(p->str2); + free(p); + p = np; + } + return 1; +} + +/** read acl tag actions config for interface*/ +static int +read_acl_interface_tag_actions(struct acl_list* acl_interface, + struct config_file* cfg, + struct config_str3list** acl_tag_actions, int port) +{ + struct config_str3list* p, *np; + p = *acl_tag_actions; + *acl_tag_actions = NULL; + while(p) { + char** resif = NULL; + int num_resif = 0; + int i; + log_assert(p->str && p->str2 && p->str3); + if(!resolve_interface_names(&p->str, 1, NULL, &resif, &num_resif)) { + config_deltrplstrlist(p); + return 0; + } + for(i = 0; i<num_resif; i++) { + if(!acl_list_tag_action_cfg(acl_interface, cfg, + resif[i], p->str2, p->str3, 1, port)) { + config_deltrplstrlist(p); + config_del_strarray(resif, num_resif); + return 0; + } + } + config_del_strarray(resif, num_resif); + /* free the items as we go to free up memory */ + np = p->next; + free(p->str); + free(p->str2); + free(p->str3); + free(p); + p = np; + } + return 1; +} + +/** read acl tag datas config for interface */ +static int +read_acl_interface_tag_datas(struct acl_list* acl_interface, + struct config_file* cfg, + struct config_str3list** acl_tag_datas, int port) +{ + struct config_str3list* p, *np; + p = *acl_tag_datas; + *acl_tag_datas = NULL; + while(p) { + char** resif = NULL; + int num_resif = 0; + int i; + log_assert(p->str && p->str2 && p->str3); + if(!resolve_interface_names(&p->str, 1, NULL, &resif, &num_resif)) { + config_deltrplstrlist(p); + return 0; + } + for(i = 0; i<num_resif; i++) { + if(!acl_list_tag_data_cfg(acl_interface, cfg, + resif[i], p->str2, p->str3, 1, port)) { + config_deltrplstrlist(p); + config_del_strarray(resif, num_resif); + return 0; + } + } + config_del_strarray(resif, num_resif); + /* free the items as we go to free up memory */ + np = p->next; + free(p->str); + free(p->str2); + free(p->str3); + free(p); + p = np; + } + return 1; +} + +int +acl_interface_apply_cfg(struct acl_list* acl_interface, struct config_file* cfg, + struct views* v) +{ + if(!read_acl_interface_action(acl_interface, cfg->interface_actions, + cfg->port)) + return 0; + if(!read_acl_interface_view(acl_interface, &cfg->interface_view, v, + cfg->port)) + return 0; + if(!read_acl_interface_tags(acl_interface, &cfg->interface_tags, + cfg->port)) + return 0; + if(!read_acl_interface_tag_actions(acl_interface, cfg, + &cfg->interface_tag_actions, cfg->port)) + return 0; + if(!read_acl_interface_tag_datas(acl_interface, cfg, + &cfg->interface_tag_datas, cfg->port)) + return 0; + addr_tree_init_parents(&acl_interface->tree); + return 1; +} + +enum acl_access acl_get_control(struct acl_addr* acl) { if(acl) return acl->control; @@ -481,7 +780,7 @@ acl_addr_lookup(struct acl_list* acl, struct sockaddr_storage* addr, addr, addrlen); } -size_t +size_t acl_list_get_mem(struct acl_list* acl) { if(!acl) return 0; diff --git a/daemon/acl_list.h b/daemon/acl_list.h index c09e832a1def..c717179baf5e 100644 --- a/daemon/acl_list.h +++ b/daemon/acl_list.h @@ -36,7 +36,7 @@ /** * \file * - * This file keeps track of the list of clients that are allowed to + * This file keeps track of the list of clients that are allowed to * access the server. */ @@ -74,7 +74,7 @@ enum acl_access { struct acl_list { /** regional for allocation */ struct regional* region; - /** + /** * Tree of the addresses that are allowed/blocked. * contents of type acl_addr. */ @@ -108,7 +108,7 @@ struct acl_addr { }; /** - * Create acl structure + * Create acl structure * @return new structure or NULL on error. */ struct acl_list* acl_list_create(void); @@ -120,6 +120,20 @@ struct acl_list* acl_list_create(void); void acl_list_delete(struct acl_list* acl); /** + * Insert interface in the acl_list. This should happen when the listening + * interface is setup. + * @param acl_interface: acl_list to insert to. + * @param addr: interface IP. + * @param addrlen: length of the interface IP. + * @param control: acl_access. + * @return new structure or NULL on error. + */ +struct acl_addr* +acl_interface_insert(struct acl_list* acl_interface, + struct sockaddr_storage* addr, socklen_t addrlen, + enum acl_access control); + +/** * Process access control config. * @param acl: where to store. * @param cfg: config options. @@ -129,6 +143,25 @@ void acl_list_delete(struct acl_list* acl); int acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg, struct views* v); +/** compare ACL interface "addr_tree" nodes (+port) */ +int acl_interface_compare(const void* k1, const void* k2); + +/** + * Initialise (also clean) the acl_interface struct. + * @param acl_interface: where to store. + */ +void acl_interface_init(struct acl_list* acl_interface); + +/** + * Process interface control config. + * @param acl_interface: where to store. + * @param cfg: config options. + * @param v: views structure + * @return 0 on error. + */ +int acl_interface_apply_cfg(struct acl_list* acl_interface, struct config_file* cfg, + struct views* v); + /** * Lookup access control status for acl structure. * @param acl: structure for acl storage. diff --git a/daemon/daemon.c b/daemon/daemon.c index 4ed531855ee6..71091133a487 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -96,6 +96,9 @@ #ifdef HAVE_SYSTEMD #include <systemd/sd-daemon.h> #endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif /** How many quit requests happened. */ static int sig_record_quit = 0; @@ -271,8 +274,17 @@ daemon_init(void) free(daemon); return NULL; } + daemon->acl_interface = acl_list_create(); + if(!daemon->acl_interface) { + acl_list_delete(daemon->acl); + edns_known_options_delete(daemon->env); + free(daemon->env); + free(daemon); + return NULL; + } daemon->tcl = tcl_list_create(); if(!daemon->tcl) { + acl_list_delete(daemon->acl_interface); acl_list_delete(daemon->acl); edns_known_options_delete(daemon->env); free(daemon->env); @@ -284,6 +296,7 @@ daemon_init(void) log_err("gettimeofday: %s", strerror(errno)); daemon->time_last_stat = daemon->time_boot; if((daemon->env->auth_zones = auth_zones_create()) == 0) { + acl_list_delete(daemon->acl_interface); acl_list_delete(daemon->acl); tcl_list_delete(daemon->tcl); edns_known_options_delete(daemon->env); @@ -293,6 +306,7 @@ daemon_init(void) } if(!(daemon->env->edns_strings = edns_strings_create())) { auth_zones_delete(daemon->env->auth_zones); + acl_list_delete(daemon->acl_interface); acl_list_delete(daemon->acl); tcl_list_delete(daemon->tcl); edns_known_options_delete(daemon->env); @@ -303,6 +317,29 @@ daemon_init(void) return daemon; } +static int setup_acl_for_ports(struct acl_list* list, + struct listen_port* port_list) +{ + struct acl_addr* acl_node; + struct addrinfo* addr; + for(; port_list; port_list=port_list->next) { + if(!port_list->socket) { + /* This is mainly for testbound where port_list is + * empty. */ + continue; + } + addr = port_list->socket->addr; + if(!(acl_node = acl_interface_insert(list, + (struct sockaddr_storage*)addr->ai_addr, + (socklen_t)addr->ai_addrlen, + acl_refuse))) { + return 0; + } + port_list->socket->acl = acl_node; + } + return 1; +} + int daemon_open_shared_ports(struct daemon* daemon) { @@ -320,6 +357,8 @@ daemon_open_shared_ports(struct daemon* daemon) free(daemon->ports); daemon->ports = NULL; } + /* clean acl_interface */ + acl_interface_init(daemon->acl_interface); if(!resolve_interface_names(daemon->cfg->ifs, daemon->cfg->num_ifs, NULL, &resif, &num_resif)) return 0; @@ -329,7 +368,8 @@ daemon_open_shared_ports(struct daemon* daemon) daemon->reuseport = 1; #endif /* try to use reuseport */ - p0 = listening_ports_open(daemon->cfg, resif, num_resif, &daemon->reuseport); + p0 = listening_ports_open(daemon->cfg, resif, num_resif, + &daemon->reuseport); if(!p0) { listening_ports_free(p0); config_del_strarray(resif, num_resif); @@ -350,6 +390,12 @@ daemon_open_shared_ports(struct daemon* daemon) return 0; } daemon->ports[0] = p0; + if(!setup_acl_for_ports(daemon->acl_interface, + daemon->ports[0])) { + listening_ports_free(p0); + config_del_strarray(resif, num_resif); + return 0; + } if(daemon->reuseport) { /* continue to use reuseport */ for(i=1; i<daemon->num_ports; i++) { @@ -365,6 +411,15 @@ daemon_open_shared_ports(struct daemon* daemon) config_del_strarray(resif, num_resif); return 0; } + if(!setup_acl_for_ports(daemon->acl_interface, + daemon->ports[i])) { + for(i=0; i<daemon->num_ports; i++) + listening_ports_free(daemon->ports[i]); + free(daemon->ports); + daemon->ports = NULL; + config_del_strarray(resif, num_resif); + return 0; + } } } config_del_strarray(resif, num_resif); @@ -604,6 +659,9 @@ daemon_fork(struct daemon* daemon) if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views)) fatal_exit("Could not setup access control list"); + if(!acl_interface_apply_cfg(daemon->acl_interface, daemon->cfg, + daemon->views)) + fatal_exit("Could not setup interface control list"); if(!tcl_list_apply_cfg(daemon->tcl, daemon->cfg)) fatal_exit("Could not setup TCP connection limits"); if(daemon->cfg->dnscrypt) { @@ -780,6 +838,7 @@ daemon_delete(struct daemon* daemon) ub_randfree(daemon->rand); alloc_clear(&daemon->superalloc); acl_list_delete(daemon->acl); + acl_list_delete(daemon->acl_interface); tcl_list_delete(daemon->tcl); listen_desetup_locks(); free(daemon->chroot); diff --git a/daemon/daemon.h b/daemon/daemon.h index 3effbafb7918..58713e9ce466 100644 --- a/daemon/daemon.h +++ b/daemon/daemon.h @@ -113,6 +113,8 @@ struct daemon { struct module_stack mods; /** access control, which client IPs are allowed to connect */ struct acl_list* acl; + /** access control, which interfaces are allowed to connect */ + struct acl_list* acl_interface; /** TCP connection limit, limit connections from client IPs */ struct tcl_list* tcl; /** local authority zones */ diff --git a/daemon/remote.c b/daemon/remote.c index ec7a4d5d93f4..7d4a414002ac 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -494,8 +494,8 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err, n->c->do_not_close = 0; comm_point_stop_listening(n->c); comm_point_start_listening(n->c, -1, REMOTE_CONTROL_TCP_TIMEOUT); - memcpy(&n->c->repinfo.addr, &addr, addrlen); - n->c->repinfo.addrlen = addrlen; + memcpy(&n->c->repinfo.remote_addr, &addr, addrlen); + n->c->repinfo.remote_addrlen = addrlen; if(rc->use_cert) { n->shake_state = rc_hs_read; n->ssl = SSL_new(rc->ctx); @@ -3304,7 +3304,7 @@ remote_handshake_later(struct daemon_remote* rc, struct rc_state* s, if(r == 0) log_err("remote control connection closed prematurely"); log_addr(VERB_OPS, "failed connection from", - &s->c->repinfo.addr, s->c->repinfo.addrlen); + &s->c->repinfo.remote_addr, s->c->repinfo.remote_addrlen); log_crypto_err("remote control failed ssl"); clean_point(rc, s); } diff --git a/daemon/stats.c b/daemon/stats.c index 57c42827161c..6b3834977844 100644 --- a/daemon/stats.c +++ b/daemon/stats.c @@ -70,6 +70,9 @@ #include <openssl/ssl.h> #endif +/** How long to wait for threads to transmit statistics, in msec. */ +#define STATS_THREAD_WAIT 60000 + /** add timers and the values do not overflow or become negative */ static void stats_timeval_add(long long* d_sec, long long* d_usec, long long add_sec, long long add_usec) @@ -380,6 +383,28 @@ void server_stats_obtain(struct worker* worker, struct worker* who, worker_send_cmd(who, worker_cmd_stats); else worker_send_cmd(who, worker_cmd_stats_noreset); verbose(VERB_ALGO, "wait for stats reply"); + if(tube_wait_timeout(worker->cmd, STATS_THREAD_WAIT) == 0) { + verbose(VERB_OPS, "no response from thread %d" +#ifdef HAVE_GETTID + " LWP %u" +#endif +#if defined(HAVE_PTHREAD) && defined(SIZEOF_PTHREAD_T) && defined(SIZEOF_UNSIGNED_LONG) +# if SIZEOF_PTHREAD_T == SIZEOF_UNSIGNED_LONG + " pthread 0x%lx" +# endif +#endif + , + who->thread_num +#ifdef HAVE_GETTID + , (unsigned)who->thread_tid +#endif +#if defined(HAVE_PTHREAD) && defined(SIZEOF_PTHREAD_T) && defined(SIZEOF_UNSIGNED_LONG) +# if SIZEOF_PTHREAD_T == SIZEOF_UNSIGNED_LONG + , (unsigned long)*((unsigned long*)&who->thr_id) +# endif +#endif + ); + } if(!tube_read_msg(worker->cmd, &reply, &len, 0)) fatal_exit("failed to read stats over cmd channel"); if(len != (uint32_t)sizeof(*s)) @@ -496,7 +521,7 @@ void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c, stats->qhttps++; } } - if(repinfo && addr_is_ip6(&repinfo->addr, repinfo->addrlen)) + if(repinfo && addr_is_ip6(&repinfo->remote_addr, repinfo->remote_addrlen)) stats->qipv6++; if( (flags&BIT_QR) ) stats->qbit_QR++; diff --git a/daemon/worker.c b/daemon/worker.c index 010c4dc0a281..caefad621409 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -547,7 +547,8 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, static int apply_respip_action(struct worker* worker, const struct query_info* qinfo, struct respip_client_info* cinfo, struct reply_info* rep, - struct comm_reply* repinfo, struct ub_packed_rrset_key** alias_rrset, + struct sockaddr_storage* addr, socklen_t addrlen, + struct ub_packed_rrset_key** alias_rrset, struct reply_info** encode_repp, struct auth_zones* az) { struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL}; @@ -574,7 +575,7 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo, if(actinfo.addrinfo) { respip_inform_print(&actinfo, qinfo->qname, qinfo->qtype, qinfo->qclass, qinfo->local_alias, - repinfo); + addr, addrlen); if(worker->stats.extended && actinfo.rpz_used) { if(actinfo.rpz_disabled) @@ -703,7 +704,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, *alias_rrset = NULL; /* avoid confusion if caller set it to non-NULL */ if((worker->daemon->use_response_ip || worker->daemon->use_rpz) && !partial_rep && !apply_respip_action(worker, qinfo, cinfo, rep, - repinfo, alias_rrset, + &repinfo->client_addr, repinfo->client_addrlen, alias_rrset, &encode_rep, worker->env.auth_zones)) { goto bail_out; } else if(partial_rep && @@ -991,12 +992,14 @@ answer_chaos(struct worker* w, struct query_info* qinfo, * @param w: worker * @param qinfo: query info. Pointer into packet buffer. * @param edns: edns info from query. - * @param repinfo: reply info with source address. + * @param addr: client address. + * @param addrlen: client address length. * @param pkt: packet buffer. */ static void -answer_notify(struct worker* w, struct query_info* qinfo, - struct edns_data* edns, sldns_buffer* pkt, struct comm_reply* repinfo) +answer_notify(struct worker* w, struct query_info* qinfo, + struct edns_data* edns, sldns_buffer* pkt, + struct sockaddr_storage* addr, socklen_t addrlen) { int refused = 0; int rcode = LDNS_RCODE_NOERROR; @@ -1005,8 +1008,8 @@ answer_notify(struct worker* w, struct query_info* qinfo, if(!w->env.auth_zones) return; has_serial = auth_zone_parse_notify_serial(pkt, &serial); if(auth_zones_notify(w->env.auth_zones, &w->env, qinfo->qname, - qinfo->qname_len, qinfo->qclass, &repinfo->addr, - repinfo->addrlen, has_serial, serial, &refused)) { + qinfo->qname_len, qinfo->qclass, addr, + addrlen, has_serial, serial, &refused)) { rcode = LDNS_RCODE_NOERROR; } else { if(refused) @@ -1031,7 +1034,7 @@ answer_notify(struct worker* w, struct query_info* qinfo, "servfail for NOTIFY %sfor %s from", sr, zname); else snprintf(buf, sizeof(buf), "received NOTIFY %sfor %s from", sr, zname); - log_addr(VERB_DETAIL, buf, &repinfo->addr, repinfo->addrlen); + log_addr(VERB_DETAIL, buf, addr, addrlen); } edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; @@ -1051,8 +1054,8 @@ deny_refuse(struct comm_point* c, enum acl_access acl, { if(acl == deny) { if(verbosity >= VERB_ALGO) { - log_acl_action("dropped", &repinfo->addr, - repinfo->addrlen, acl, acladdr); + log_acl_action("dropped", &repinfo->client_addr, + repinfo->client_addrlen, acl, acladdr); log_buf(VERB_ALGO, "dropped", c->buffer); } comm_point_drop_reply(repinfo); @@ -1063,8 +1066,8 @@ deny_refuse(struct comm_point* c, enum acl_access acl, size_t opt_rr_mark; if(verbosity >= VERB_ALGO) { - log_acl_action("refused", &repinfo->addr, - repinfo->addrlen, acl, acladdr); + log_acl_action("refused", &repinfo->client_addr, + repinfo->client_addrlen, acl, acladdr); log_buf(VERB_ALGO, "refuse", c->buffer); } @@ -1224,12 +1227,24 @@ deny_refuse(struct comm_point* c, enum acl_access acl, } static int -deny_refuse_all(struct comm_point* c, enum acl_access acl, +deny_refuse_all(struct comm_point* c, enum acl_access* acl, struct worker* worker, struct comm_reply* repinfo, - struct acl_addr* acladdr, int ede) + struct acl_addr** acladdr, int ede, int check_proxy) { - return deny_refuse(c, acl, acl_deny, acl_refuse, worker, repinfo, - acladdr, ede); + if(check_proxy) { + *acladdr = acl_addr_lookup(worker->daemon->acl, + &repinfo->remote_addr, repinfo->remote_addrlen); + } else { + *acladdr = acl_addr_lookup(worker->daemon->acl, + &repinfo->client_addr, repinfo->client_addrlen); + } + /* If there is no ACL based on client IP use the interface ACL. */ + if(!(*acladdr) && c->socket) { + *acladdr = c->socket->acl; + } + *acl = acl_get_control(*acladdr); + return deny_refuse(c, *acl, acl_deny, acl_refuse, worker, repinfo, + *acladdr, ede); } static int @@ -1241,7 +1256,7 @@ deny_refuse_non_local(struct comm_point* c, enum acl_access acl, worker, repinfo, acladdr, ede); } -int +int worker_handle_request(struct comm_point* c, void* arg, int error, struct comm_reply* repinfo) { @@ -1286,16 +1301,16 @@ worker_handle_request(struct comm_point* c, void* arg, int error, if(worker_check_request(c->buffer, worker) != 0) { verbose(VERB_ALGO, "dnscrypt: worker check request: bad query."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, - repinfo->addrlen); + log_addr(VERB_CLIENT,"from",&repinfo->client_addr, + repinfo->client_addrlen); comm_point_drop_reply(repinfo); return 0; } if(!query_info_parse(&qinfo, c->buffer)) { verbose(VERB_ALGO, "dnscrypt: worker parse request: formerror."); - log_addr(VERB_CLIENT, "from", &repinfo->addr, - repinfo->addrlen); + log_addr(VERB_CLIENT, "from", &repinfo->client_addr, + repinfo->client_addrlen); comm_point_drop_reply(repinfo); return 0; } @@ -1323,25 +1338,30 @@ worker_handle_request(struct comm_point* c, void* arg, int error, * sending src (client)/dst (local service) addresses over DNSTAP from incoming request handler */ if(worker->dtenv.log_client_query_messages) { - log_addr(VERB_ALGO, "request from client", &repinfo->addr, repinfo->addrlen); + log_addr(VERB_ALGO, "request from client", &repinfo->client_addr, repinfo->client_addrlen); log_addr(VERB_ALGO, "to local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); - dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer); + dt_msg_send_client_query(&worker->dtenv, &repinfo->client_addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer); } #endif - acladdr = acl_addr_lookup(worker->daemon->acl, &repinfo->addr, - repinfo->addrlen); - acl = acl_get_control(acladdr); - - if((ret=deny_refuse_all(c, acl, worker, repinfo, acladdr, - worker->env.cfg->ede)) != -1) - { + /* Check deny/refuse ACLs */ + if(repinfo->is_proxied) { + if((ret=deny_refuse_all(c, &acl, worker, repinfo, &acladdr, + worker->env.cfg->ede, 1)) != -1) { + if(ret == 1) + goto send_reply; + return ret; + } + } + if((ret=deny_refuse_all(c, &acl, worker, repinfo, &acladdr, + worker->env.cfg->ede, 0)) != -1) { if(ret == 1) goto send_reply; return ret; } + if((ret=worker_check_request(c->buffer, worker)) != 0) { verbose(VERB_ALGO, "worker check request: bad query."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); + log_addr(VERB_CLIENT,"from",&repinfo->client_addr, repinfo->client_addrlen); if(ret != -1) { LDNS_QR_SET(sldns_buffer_begin(c->buffer)); LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), ret); @@ -1353,20 +1373,24 @@ worker_handle_request(struct comm_point* c, void* arg, int error, worker->stats.num_queries++; - /* check if this query should be dropped based on source ip rate limiting */ - if(!infra_ip_ratelimit_inc(worker->env.infra_cache, repinfo, + /* check if this query should be dropped based on source ip rate limiting + * NOTE: we always check the repinfo->client_address. IP ratelimiting is + * implicitly disabled for proxies. */ + if(!infra_ip_ratelimit_inc(worker->env.infra_cache, + &repinfo->client_addr, repinfo->client_addrlen, *worker->env.now, worker->env.cfg->ip_ratelimit_backoff, c->buffer)) { /* See if we are passed through with slip factor */ if(worker->env.cfg->ip_ratelimit_factor != 0 && ub_random_max(worker->env.rnd, - worker->env.cfg->ip_ratelimit_factor) == 0) { - + worker->env.cfg->ip_ratelimit_factor) == 0) { char addrbuf[128]; - addr_to_str(&repinfo->addr, repinfo->addrlen, - addrbuf, sizeof(addrbuf)); - verbose(VERB_QUERY, "ip_ratelimit allowed through for ip address %s because of slip in ip_ratelimit_factor", - addrbuf); + addr_to_str(&repinfo->client_addr, + repinfo->client_addrlen, addrbuf, + sizeof(addrbuf)); + verbose(VERB_QUERY, "ip_ratelimit allowed through for " + "ip address %s because of slip in " + "ip_ratelimit_factor", addrbuf); } else { worker->stats.num_queries_ip_ratelimited++; comm_point_drop_reply(repinfo); @@ -1377,7 +1401,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, /* see if query is in the cache */ if(!query_info_parse(&qinfo, c->buffer)) { verbose(VERB_ALGO, "worker parse request: formerror."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); + log_addr(VERB_CLIENT, "from", &repinfo->client_addr, + repinfo->client_addrlen); memset(&qinfo, 0, sizeof(qinfo)); /* zero qinfo.qname */ if(worker_err_ratelimit(worker, LDNS_RCODE_FORMERR) == -1) { comm_point_drop_reply(repinfo); @@ -1391,13 +1416,14 @@ worker_handle_request(struct comm_point* c, void* arg, int error, } if(worker->env.cfg->log_queries) { char ip[128]; - addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); + addr_to_str(&repinfo->client_addr, repinfo->client_addrlen, ip, sizeof(ip)); log_query_in(ip, qinfo.qname, qinfo.qtype, qinfo.qclass); } if(qinfo.qtype == LDNS_RR_TYPE_AXFR || qinfo.qtype == LDNS_RR_TYPE_IXFR) { verbose(VERB_ALGO, "worker request: refused zone transfer."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); + log_addr(VERB_CLIENT, "from", &repinfo->client_addr, + repinfo->client_addrlen); sldns_buffer_rewind(c->buffer); LDNS_QR_SET(sldns_buffer_begin(c->buffer)); LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), @@ -1414,7 +1440,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, qinfo.qtype == LDNS_RR_TYPE_MAILB || (qinfo.qtype >= 128 && qinfo.qtype <= 248)) { verbose(VERB_ALGO, "worker request: formerror for meta-type."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); + log_addr(VERB_CLIENT, "from", &repinfo->client_addr, + repinfo->client_addrlen); if(worker_err_ratelimit(worker, LDNS_RCODE_FORMERR) == -1) { comm_point_drop_reply(repinfo); return 0; @@ -1432,7 +1459,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, worker->scratchpad)) != 0) { struct edns_data reply_edns; verbose(VERB_ALGO, "worker parse edns: formerror."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); + log_addr(VERB_CLIENT, "from", &repinfo->client_addr, + repinfo->client_addrlen); memset(&reply_edns, 0, sizeof(reply_edns)); reply_edns.edns_present = 1; reply_edns.udp_size = EDNS_ADVERTISED_SIZE; @@ -1454,7 +1482,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, edns.opt_list_inplace_cb_out = NULL; edns.padding_block_size = 0; verbose(VERB_ALGO, "query with bad edns version."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); + log_addr(VERB_CLIENT, "from", &repinfo->client_addr, + repinfo->client_addrlen); error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), NULL); @@ -1468,7 +1497,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, worker->daemon->cfg->harden_short_bufsize) { verbose(VERB_QUERY, "worker request: EDNS bufsize %d ignored", (int)edns.udp_size); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); + log_addr(VERB_CLIENT, "from", &repinfo->client_addr, + repinfo->client_addrlen); edns.udp_size = NORMAL_UDP_SIZE; } } @@ -1477,12 +1507,14 @@ worker_handle_request(struct comm_point* c, void* arg, int error, verbose(VERB_QUERY, "worker request: max UDP reply size modified" " (%d to max-udp-size)", (int)edns.udp_size); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); + log_addr(VERB_CLIENT, "from", &repinfo->client_addr, + repinfo->client_addrlen); edns.udp_size = worker->daemon->cfg->max_udp_size; } if(edns.udp_size < LDNS_HEADER_SIZE) { verbose(VERB_ALGO, "worker request: edns is too small."); - log_addr(VERB_CLIENT, "from", &repinfo->addr, repinfo->addrlen); + log_addr(VERB_CLIENT, "from", &repinfo->client_addr, + repinfo->client_addrlen); LDNS_QR_SET(sldns_buffer_begin(c->buffer)); LDNS_TC_SET(sldns_buffer_begin(c->buffer)); LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), @@ -1506,7 +1538,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, } if(LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) == LDNS_PACKET_NOTIFY) { - answer_notify(worker, &qinfo, &edns, c->buffer, repinfo); + answer_notify(worker, &qinfo, &edns, c->buffer, + &repinfo->client_addr, repinfo->client_addrlen); regional_free_all(worker->scratchpad); goto send_reply; } @@ -1582,7 +1615,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, sldns_buffer_read_u16_at(c->buffer, 2), &edns); regional_free_all(worker->scratchpad); log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", - &repinfo->addr, repinfo->addrlen); + &repinfo->client_addr, repinfo->client_addrlen); goto send_reply; } @@ -1722,9 +1755,9 @@ lookup_cache: if(verbosity >= VERB_CLIENT) { if(c->type == comm_udp) log_addr(VERB_CLIENT, "udp request from", - &repinfo->addr, repinfo->addrlen); + &repinfo->client_addr, repinfo->client_addrlen); else log_addr(VERB_CLIENT, "tcp request from", - &repinfo->addr, repinfo->addrlen); + &repinfo->client_addr, repinfo->client_addrlen); } /* grab a work request structure for this new request */ @@ -1756,8 +1789,8 @@ send_reply_rc: */ if(worker->dtenv.log_client_response_messages) { log_addr(VERB_ALGO, "from local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); - log_addr(VERB_ALGO, "response to client", &repinfo->addr, repinfo->addrlen); - dt_msg_send_client_response(&worker->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer); + log_addr(VERB_ALGO, "response to client", &repinfo->client_addr, repinfo->client_addrlen); + dt_msg_send_client_response(&worker->dtenv, &repinfo->client_addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer); } #endif if(worker->env.cfg->log_replies) @@ -1769,10 +1802,12 @@ send_reply_rc: /* log original qname, before the local alias was * used to resolve that CNAME to something else */ qinfo.qname = qinfo.local_alias->rrset->rk.dname; - log_reply_info(NO_VERBOSE, &qinfo, &repinfo->addr, repinfo->addrlen, + log_reply_info(NO_VERBOSE, &qinfo, + &repinfo->client_addr, repinfo->client_addrlen, tv, 1, c->buffer); } else { - log_reply_info(NO_VERBOSE, &qinfo, &repinfo->addr, repinfo->addrlen, + log_reply_info(NO_VERBOSE, &qinfo, + &repinfo->client_addr, repinfo->client_addrlen, tv, 1, c->buffer); } } @@ -1904,6 +1939,9 @@ worker_init(struct worker* worker, struct config_file *cfg, #else void* dtenv = NULL; #endif +#ifdef HAVE_GETTID + worker->thread_tid = gettid(); +#endif worker->need_to_exit = 0; worker->base = comm_base_create(do_sigs); if(!worker->base) { diff --git a/daemon/worker.h b/daemon/worker.h index 3887d0405ae6..3fb52abd9d87 100644 --- a/daemon/worker.h +++ b/daemon/worker.h @@ -86,6 +86,10 @@ struct worker { struct daemon* daemon; /** thread id */ ub_thread_type thr_id; +#ifdef HAVE_GETTID + /** thread tid, the LWP id. */ + pid_t thread_tid; +#endif /** pipe, for commands for this worker */ struct tube* cmd; /** the event base this worker works with */ |