Lines Matching refs:client
67 * All client state changes, other than that from idle to listening, occur
71 * If a routine is ever created that allows someone other than the client's
72 * task to change the client, then the client will have to be locked.
77 #define CTRACE(m) ns_client_log(client, \
103 * client objects, since concurrent access to a shared context would cause
122 /*% nameserver client manager structure */
158 * states are generally "more active", meaning that the client can
163 * To force the client into a less active state, set client->newstate
170 * The client object no longer exists.
175 * The client object exists and has a task and timer.
177 * It is on the client manager's list of inactive clients.
183 * The client object is either a TCP or a UDP one, and
185 * client manager's list of active clients.
187 * If it is a TCP client object, it has a TCP listener socket
190 * If it is a UDP client object, it has a UDP listener socket
196 * The client object is a TCP client object that has received
199 * UDP client objects.
204 * The client object has received a request and is working
211 * The client object is recursing. It will be on the 'recursing'
217 * Sentinel value used to indicate "no state". When client->newstate
231 static void client_read(ns_client_t *client);
232 static void client_accept(ns_client_t *client);
233 static void client_udprecv(ns_client_t *client);
235 static isc_boolean_t exit_check(ns_client_t *client);
236 static void ns_client_endrequest(ns_client_t *client);
239 static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
247 static void compute_cookie(ns_client_t *client, isc_uint32_t when,
251 ns_client_recursing(ns_client_t *client) {
252 REQUIRE(NS_CLIENT_VALID(client));
253 REQUIRE(client->state == NS_CLIENTSTATE_WORKING);
255 LOCK(&client->manager->reclock);
256 client->newstate = client->state = NS_CLIENTSTATE_RECURSING;
257 ISC_LIST_APPEND(client->manager->recursing, client, rlink);
258 UNLOCK(&client->manager->reclock);
262 ns_client_killoldestquery(ns_client_t *client) {
264 REQUIRE(NS_CLIENT_VALID(client));
266 LOCK(&client->manager->reclock);
267 oldest = ISC_LIST_HEAD(client->manager->recursing);
269 ISC_LIST_UNLINK(client->manager->recursing, oldest, rlink);
270 UNLOCK(&client->manager->reclock);
273 UNLOCK(&client->manager->reclock);
277 ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
282 result = isc_timer_reset(client->timer, isc_timertype_once, NULL,
284 client->timerset = ISC_TRUE;
286 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
297 * the caller must no longer use the client object as it may have been
301 exit_check(ns_client_t *client) {
305 REQUIRE(NS_CLIENT_VALID(client));
306 manager = client->manager;
308 if (client->state <= client->newstate)
311 INSIST(client->newstate < NS_CLIENTSTATE_RECURSING);
319 * - The client does not detach from the view until references is zero
324 if (client->nupdates == 0 &&
325 client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL)
326 dns_view_detach(&client->view);
328 if (client->state == NS_CLIENTSTATE_WORKING ||
329 client->state == NS_CLIENTSTATE_RECURSING)
331 INSIST(client->newstate <= NS_CLIENTSTATE_READING);
335 if (client->nupdates > 0)
341 if (client->nsends > 0) {
343 if (TCP_CLIENT(client))
344 sock = client->tcpsocket;
346 sock = client->udpsocket;
347 isc_socket_cancel(sock, client->task,
351 if (! (client->nsends == 0 && client->nrecvs == 0 &&
352 client->references == 0))
364 * the client is no longer on the recursing list.
366 * We need to check whether the client is still linked,
370 if (client->state == NS_CLIENTSTATE_RECURSING) {
372 if (ISC_LINK_LINKED(client, rlink))
374 client, rlink);
377 ns_client_endrequest(client);
379 client->state = NS_CLIENTSTATE_READING;
380 INSIST(client->recursionquota == NULL);
382 if (NS_CLIENTSTATE_READING == client->newstate) {
383 if (!client->pipelined) {
384 client_read(client);
385 client->newstate = NS_CLIENTSTATE_MAX;
387 } else if (client->mortal) {
388 client->newstate = NS_CLIENTSTATE_INACTIVE;
394 if (client->state == NS_CLIENTSTATE_READING) {
399 INSIST(client->recursionquota == NULL);
400 INSIST(client->newstate <= NS_CLIENTSTATE_READY);
401 if (client->nreads > 0)
402 dns_tcpmsg_cancelread(&client->tcpmsg);
403 if (client->nreads != 0) {
408 if (client->tcpmsg_valid) {
409 dns_tcpmsg_invalidate(&client->tcpmsg);
410 client->tcpmsg_valid = ISC_FALSE;
412 if (client->tcpsocket != NULL) {
414 isc_socket_detach(&client->tcpsocket);
417 if (client->tcpquota != NULL)
418 isc_quota_detach(&client->tcpquota);
420 if (client->timerset) {
421 (void)isc_timer_reset(client->timer,
424 client->timerset = ISC_FALSE;
427 client->pipelined = ISC_FALSE;
429 client->peeraddr_valid = ISC_FALSE;
431 client->state = NS_CLIENTSTATE_READY;
432 INSIST(client->recursionquota == NULL);
435 * Now the client is ready to accept a new TCP connection
437 * that already. Check whether this client needs to remain
441 * may remain active if we have fewer active TCP client
444 if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
445 LOCK(&client->interface->lock);
446 if (client->interface->ntcpcurrent <
447 client->interface->ntcptarget)
448 client->mortal = ISC_FALSE;
449 UNLOCK(&client->interface->lock);
453 * We don't need the client; send it to the inactive
456 if (client->mortal) {
457 if (client->newstate > NS_CLIENTSTATE_INACTIVE)
458 client->newstate = NS_CLIENTSTATE_INACTIVE;
461 if (NS_CLIENTSTATE_READY == client->newstate) {
462 if (TCP_CLIENT(client)) {
463 client_accept(client);
465 client_udprecv(client);
466 client->newstate = NS_CLIENTSTATE_MAX;
471 if (client->state == NS_CLIENTSTATE_READY) {
472 INSIST(client->newstate <= NS_CLIENTSTATE_INACTIVE);
477 if (client->naccepts > 0)
478 isc_socket_cancel(client->tcplistener, client->task,
482 if (! (client->naccepts == 0))
486 if (client->nrecvs > 0)
487 isc_socket_cancel(client->udpsocket, client->task,
491 if (! (client->nrecvs == 0))
495 if (client->nctls > 0)
498 /* Deactivate the client. */
499 if (client->interface)
500 ns_interface_detach(&client->interface);
502 INSIST(client->naccepts == 0);
503 INSIST(client->recursionquota == NULL);
504 if (client->tcplistener != NULL)
505 isc_socket_detach(&client->tcplistener);
507 if (client->udpsocket != NULL)
508 isc_socket_detach(&client->udpsocket);
510 if (client->dispatch != NULL)
511 dns_dispatch_detach(&client->dispatch);
513 client->attributes = 0;
514 client->mortal = ISC_FALSE;
516 if (client->keytag != NULL) {
517 isc_mem_put(client->mctx, client->keytag,
518 client->keytag_len);
519 client->keytag_len = 0;
523 * Put the client on the inactive list. If we are aiming for
527 * the dying client inbetween.
529 client->state = NS_CLIENTSTATE_INACTIVE;
530 INSIST(client->recursionquota == NULL);
532 if (client->state == client->newstate) {
533 client->newstate = NS_CLIENTSTATE_MAX;
536 ISC_QUEUE_PUSH(manager->inactive, client,
538 if (client->needshutdown)
539 isc_task_shutdown(client->task);
544 if (client->state == NS_CLIENTSTATE_INACTIVE) {
545 INSIST(client->newstate == NS_CLIENTSTATE_FREED);
547 * We are trying to free the client.
554 REQUIRE(client->state == NS_CLIENTSTATE_INACTIVE);
556 INSIST(client->recursionquota == NULL);
557 INSIST(!ISC_QLINK_LINKED(client, ilink));
561 ISC_LIST_UNLINK(manager->clients, client, link);
570 ns_query_free(client);
571 isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
572 isc_event_free((isc_event_t **)&client->sendevent);
573 isc_event_free((isc_event_t **)&client->recvevent);
574 isc_timer_detach(&client->timer);
575 if (client->delaytimer != NULL)
576 isc_timer_detach(&client->delaytimer);
578 if (client->tcpbuf != NULL)
579 isc_mem_put(client->mctx, client->tcpbuf,
581 if (client->opt != NULL) {
582 INSIST(dns_rdataset_isassociated(client->opt));
583 dns_rdataset_disassociate(client->opt);
584 dns_message_puttemprdataset(client->message,
585 &client->opt);
587 if (client->keytag != NULL) {
588 isc_mem_put(client->mctx, client->keytag,
589 client->keytag_len);
590 client->keytag_len = 0;
593 dns_message_destroy(&client->message);
598 * client->task.
600 if (client->task != NULL)
601 isc_task_detach(&client->task);
604 client->magic = 0;
610 if (ns_g_clienttest && isc_mem_references(client->mctx) != 1) {
611 isc_mem_stats(client->mctx, stderr);
619 DESTROYLOCK(&client->query.fetchlock);
621 isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
631 * The client's task has received the client's control event
636 ns_client_t *client = (ns_client_t *) event->ev_arg;
638 INSIST(task == client->task);
642 INSIST(client->nctls == 1);
643 client->nctls--;
645 if (exit_check(client))
648 if (TCP_CLIENT(client)) {
649 if (client->pipelined) {
650 client_read(client);
652 client_accept(client);
655 client_udprecv(client);
661 * The client's task has received a shutdown event.
665 ns_client_t *client;
669 client = event->ev_arg;
670 REQUIRE(NS_CLIENT_VALID(client));
671 REQUIRE(task == client->task);
679 if (client->shutdown != NULL) {
680 (client->shutdown)(client->shutdown_arg, ISC_R_SHUTTINGDOWN);
681 client->shutdown = NULL;
682 client->shutdown_arg = NULL;
685 if (ISC_QLINK_LINKED(client, ilink))
686 ISC_QUEUE_UNLINK(client->manager->inactive, client, ilink);
688 client->newstate = NS_CLIENTSTATE_FREED;
689 client->needshutdown = ISC_FALSE;
690 (void)exit_check(client);
694 ns_client_endrequest(ns_client_t *client) {
695 INSIST(client->naccepts == 0);
696 INSIST(client->nreads == 0);
697 INSIST(client->nsends == 0);
698 INSIST(client->nrecvs == 0);
699 INSIST(client->nupdates == 0);
700 INSIST(client->state == NS_CLIENTSTATE_WORKING ||
701 client->state == NS_CLIENTSTATE_RECURSING);
705 if (client->next != NULL) {
706 (client->next)(client);
707 client->next = NULL;
710 if (client->view != NULL) {
713 dns_cache_clean(client->view->cache, INT_MAX);
714 dns_adb_flush(client->view->adb);
717 dns_view_detach(&client->view);
719 if (client->opt != NULL) {
720 INSIST(dns_rdataset_isassociated(client->opt));
721 dns_rdataset_disassociate(client->opt);
722 dns_message_puttemprdataset(client->message, &client->opt);
725 client->signer = NULL;
726 client->udpsize = 512;
727 client->extflags = 0;
728 client->ednsversion = -1;
729 dns_message_reset(client->message, DNS_MESSAGE_INTENTPARSE);
731 if (client->recursionquota != NULL) {
732 isc_quota_detach(&client->recursionquota);
738 * Clear all client attributes that are specific to
741 client->attributes &= NS_CLIENTATTR_TCP;
753 ns_client_next(ns_client_t *client, isc_result_t result) {
756 REQUIRE(NS_CLIENT_VALID(client));
757 REQUIRE(client->state == NS_CLIENTSTATE_WORKING ||
758 client->state == NS_CLIENTSTATE_RECURSING ||
759 client->state == NS_CLIENTSTATE_READING);
764 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
773 if (result == ISC_R_SUCCESS && TCP_CLIENT(client))
778 if (client->newstate > newstate)
779 client->newstate = newstate;
780 (void)exit_check(client);
786 ns_client_t *client;
791 client = sevent->ev_arg;
792 REQUIRE(NS_CLIENT_VALID(client));
793 REQUIRE(task == client->task);
794 REQUIRE(sevent == client->sendevent);
801 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
806 INSIST(client->nsends > 0);
807 client->nsends--;
809 if (client->tcpbuf != NULL) {
810 INSIST(TCP_CLIENT(client));
811 isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
812 client->tcpbuf = NULL;
815 ns_client_next(client, ISC_R_SUCCESS);
827 client_allocsendbuf(ns_client_t *client, isc_buffer_t *buffer,
839 if (TCP_CLIENT(client)) {
840 INSIST(client->tcpbuf == NULL);
845 client->tcpbuf = isc_mem_get(client->mctx, TCP_BUFFER_SIZE);
846 if (client->tcpbuf == NULL) {
850 data = client->tcpbuf;
861 if ((client->attributes & NS_CLIENTATTR_HAVECOOKIE) == 0) {
862 if (client->view != NULL)
863 bufsize = client->view->nocookieudp;
867 bufsize = client->udpsize;
868 if (bufsize > client->udpsize)
869 bufsize = client->udpsize;
886 client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
897 if (TCP_CLIENT(client)) {
898 sock = client->tcpsocket;
901 sock = client->udpsocket;
902 address = &client->peeraddr;
904 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
915 if ((client->attributes & NS_CLIENTATTR_PKTINFO) != 0 &&
916 (client->attributes & NS_CLIENTATTR_MULTICAST) == 0)
917 pktinfo = &client->pktinfo;
921 if (client->dispatch != NULL) {
922 dispdscp = dns_dispatch_getdscp(client->dispatch);
924 client->dscp = dispdscp;
927 if (client->dscp == -1) {
928 client->sendevent->attributes &= ~ISC_SOCKEVENTATTR_DSCP;
929 client->sendevent->dscp = 0;
931 client->sendevent->attributes |= ISC_SOCKEVENTATTR_DSCP;
932 client->sendevent->dscp = client->dscp;
938 * If this is a UDP client and the IPv6 packet can't be
943 client->sendevent->attributes &= ~ISC_SOCKEVENTATTR_USEMINMTU;
944 if (!TCP_CLIENT(client) && r.length > 1432)
945 client->sendevent->attributes |= ISC_SOCKEVENTATTR_USEMINMTU;
949 result = isc_socket_sendto2(sock, &r, client->task,
951 client->sendevent, sockflags);
953 client->nsends++;
955 client_senddone(client->task,
956 (isc_event_t *)client->sendevent);
963 ns_client_sendraw(ns_client_t *client, dns_message_t *message) {
971 REQUIRE(NS_CLIENT_VALID(client));
981 result = client_allocsendbuf(client, &buffer, NULL, mr->length,
993 r.base[0] = (client->message->id >> 8) & 0xff;
994 r.base[1] = client->message->id & 0xff;
996 result = client_sendpkg(client, &buffer);
1001 if (client->tcpbuf != NULL) {
1002 isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
1003 client->tcpbuf = NULL;
1005 ns_client_next(client, result);
1009 client_send(ns_client_t *client) {
1028 REQUIRE(NS_CLIENT_VALID(client));
1032 if (client->message->opcode == dns_opcode_query &&
1033 (client->attributes & NS_CLIENTATTR_RA) != 0)
1034 client->message->flags |= DNS_MESSAGEFLAG_RA;
1036 if ((client->attributes & NS_CLIENTATTR_WANTDNSSEC) != 0)
1042 if (client->view != NULL) {
1043 if (client->view->preferred_glue == dns_rdatatype_a)
1045 else if (client->view->preferred_glue == dns_rdatatype_aaaa)
1049 if (isc_sockaddr_pf(&client->peeraddr) == AF_INET)
1062 * and that we either have no signatures that the client wants
1067 if ((client->attributes & NS_CLIENTATTR_FILTER_AAAA) != 0) {
1077 if ((client->attributes & NS_CLIENTATTR_WANTOPT) != 0) {
1078 result = ns_client_addopt(client, client->message,
1079 &client->opt);
1087 result = client_allocsendbuf(client, &buffer, &tcpbuffer, 0,
1092 result = dns_compress_init(&cctx, -1, client->mctx);
1095 if (client->peeraddr_valid && client->view != NULL) {
1099 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
1100 if (client->message->tsigkey != NULL)
1101 name = &client->message->tsigkey->name;
1103 if (client->view->nocasecompress == NULL ||
1105 client->view->nocasecompress))
1110 if (client->view->msgcompression == ISC_FALSE) {
1116 result = dns_message_renderbegin(client->message, &cctx, &buffer);
1120 if (client->opt != NULL) {
1121 result = dns_message_setopt(client->message, client->opt);
1123 client->opt = NULL;
1127 result = dns_message_rendersection(client->message,
1130 client->message->flags |= DNS_MESSAGEFLAG_TC;
1138 if ((client->message->flags & DNS_MESSAGEFLAG_TC) != 0)
1140 result = dns_message_rendersection(client->message,
1145 client->message->flags |= DNS_MESSAGEFLAG_TC;
1150 result = dns_message_rendersection(client->message,
1155 client->message->flags |= DNS_MESSAGEFLAG_TC;
1160 result = dns_message_rendersection(client->message,
1166 result = dns_message_renderend(client->message);
1173 if (((client->message->flags & DNS_MESSAGEFLAG_AA) != 0) &&
1174 (client->query.authzone != NULL))
1178 dns_zone_getorigin(client->query.authzone);
1187 if ((client->message->flags & DNS_MESSAGEFLAG_RD) != 0)
1198 if (TCP_CLIENT(client)) {
1203 if (client->view != NULL) {
1204 dns_dt_send(client->view, dtmsgtype,
1205 &client->peeraddr, &client->interface->addr,
1206 ISC_TRUE, &zr, &client->requesttime, NULL,
1213 result = client_sendpkg(client, &tcpbuffer);
1215 switch (isc_sockaddr_pf(&client->peeraddr)) {
1230 result = client_sendpkg(client, &buffer);
1232 if (client->view != NULL) {
1233 dns_dt_send(client->view, dtmsgtype,
1234 &client->peeraddr,
1235 &client->interface->addr,
1237 &client->requesttime, NULL, &buffer);
1241 switch (isc_sockaddr_pf(&client->peeraddr)) {
1260 client->message->rcode);
1265 if (client->message->tsigkey != NULL) {
1269 if (client->message->sig0key != NULL) {
1273 if ((client->message->flags & DNS_MESSAGEFLAG_TC) != 0)
1281 if (client->tcpbuf != NULL) {
1282 isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
1283 client->tcpbuf = NULL;
1289 ns_client_next(client, result);
1293 * Completes the sending of a delayed client response.
1297 ns_client_t *client;
1302 client = event->ev_arg;
1303 REQUIRE(NS_CLIENT_VALID(client));
1304 REQUIRE(task == client->task);
1305 REQUIRE(client->delaytimer != NULL);
1312 isc_timer_detach(&client->delaytimer);
1314 client_send(client);
1315 ns_client_detach(&client);
1319 ns_client_send(ns_client_t *client) {
1332 if (!client->mortal) {
1333 result = ns_client_replace(client);
1338 ns_client_attach(client, &dummy);
1344 result = isc_timer_create(client->manager->timermgr,
1346 client->task, client_delay,
1347 client, &client->delaytimer);
1355 client_send(client);
1387 ns_client_error(ns_client_t *client, isc_result_t result) {
1391 REQUIRE(NS_CLIENT_VALID(client));
1395 message = client->message;
1403 ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) !=
1411 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1415 ns_client_next(client, ISC_R_SUCCESS);
1423 if (client->view != NULL && client->view->rrl != NULL) {
1436 rrl_result = dns_rrl(client->view, &client->peeraddr,
1437 TCP_CLIENT(client),
1439 NULL, result, client->now,
1449 ns_client_log(client,
1459 if (!client->view->rrl->log_only) {
1464 ns_client_next(client, DNS_R_DROP);
1489 ns_client_next(client, result);
1498 * with the same ID to the same client less than two
1505 if (isc_sockaddr_equal(&client->peeraddr,
1506 &client->formerrcache.addr) &&
1507 message->id == client->formerrcache.id &&
1508 (isc_time_seconds(&client->requesttime) -
1509 client->formerrcache.time) < 2)
1512 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1516 ns_client_next(client, result);
1519 client->formerrcache.addr = client->peeraddr;
1520 client->formerrcache.time =
1521 isc_time_seconds(&client->requesttime);
1522 client->formerrcache.id = message->id;
1523 } else if (rcode == dns_rcode_servfail && client->query.qname != NULL &&
1524 client->view != NULL && client->view->fail_ttl != 0 &&
1525 ((client->attributes & NS_CLIENTATTR_NOSETFC) == 0))
1537 isc_interval_set(&i, client->view->fail_ttl, 0);
1540 dns_badcache_add(client->view->failcache,
1541 client->query.qname,
1542 client->query.qtype,
1545 ns_client_send(client);
1549 ns_client_addopt(ns_client_t *client, dns_message_t *message,
1564 REQUIRE(NS_CLIENT_VALID(client));
1568 view = client->view;
1575 flags = client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE;
1578 if (WANTNSID(client) &&
1597 if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) {
1606 compute_cookie(client, now, nonce, &buf);
1614 if ((client->attributes & NS_CLIENTATTR_HAVEEXPIRE) != 0) {
1620 isc_buffer_putuint32(&buf, client->expire);
1626 if (((client->attributes & NS_CLIENTATTR_HAVEECS) != 0) &&
1627 (client->ecs_addr.family == AF_INET ||
1628 client->ecs_addr.family == AF_INET6 ||
1629 client->ecs_addr.family == AF_UNSPEC))
1638 plen = client->ecs_addrlen;
1643 switch (client->ecs_addr.family) {
1651 memmove(addr, &client->ecs_addr.type, addrl);
1656 memmove(addr, &client->ecs_addr.type, addrl);
1666 isc_buffer_putuint8(&buf, client->ecs_addrlen);
1668 isc_buffer_putuint8(&buf, client->ecs_scope);
1775 compute_cookie(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
1789 isc_buffer_putmem(buf, client->cookie, 8);
1796 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
1829 isc_buffer_putmem(buf, client->cookie, 8);
1837 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
1851 isc_hmacsha1_update(&hmacsha1, client->cookie,
1852 sizeof(client->cookie));
1867 isc_buffer_putmem(buf, client->cookie, 8);
1875 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
1889 isc_hmacsha256_update(&hmacsha256, client->cookie,
1890 sizeof(client->cookie));
1902 process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
1913 if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) {
1918 client->attributes |= NS_CLIENTATTR_WANTCOOKIE;
1927 memmove(client->cookie, isc_buffer_current(buf), 8);
1943 memmove(client->cookie, old, 8);
1951 * Only accept COOKIE if we have talked to the client in the last hour.
1962 compute_cookie(client, when, nonce, &db);
1972 client->attributes |= NS_CLIENTATTR_HAVECOOKIE;
1976 process_ecs(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
1984 if ((client->attributes & NS_CLIENTATTR_HAVEECS) != 0) {
1996 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1998 "EDNS client-subnet option too short");
2008 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2010 "EDNS client-subnet option: invalid scope");
2024 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2026 "EDNS client-subnet option: invalid "
2035 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2037 "EDNS client-subnet option: invalid "
2046 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2048 "EDNS client-subnet option: invalid "
2056 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2058 "EDNS client-subnet option: invalid family");
2064 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2066 "EDNS client-subnet option: address too short");
2084 memmove(&client->ecs_addr, &caddr, sizeof(caddr));
2085 client->ecs_addrlen = addrlen;
2086 client->ecs_scope = 0;
2087 client->attributes |= NS_CLIENTATTR_HAVEECS;
2094 process_keytag(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
2101 client->keytag = isc_mem_get(client->mctx, optlen);
2102 if (client->keytag != NULL) {
2103 client->keytag_len = (isc_uint16_t)optlen;
2104 memmove(client->keytag, isc_buffer_current(buf), optlen);
2111 process_opt(ns_client_t *client, dns_rdataset_t *opt) {
2119 * Set the client's UDP buffer size.
2121 client->udpsize = opt->rdclass;
2127 if (client->udpsize < 512)
2128 client->udpsize = 512;
2133 client->extflags = (isc_uint16_t)(opt->ttl & 0xFFFF);
2140 client->ednsversion = (opt->ttl & 0x00FF0000) >> 16;
2141 if (client->ednsversion > DNS_EDNS_VERSION) {
2144 result = ns_client_addopt(client, client->message,
2145 &client->opt);
2148 ns_client_error(client, result);
2164 if (!WANTNSID(client))
2168 client->attributes |= NS_CLIENTATTR_WANTNSID;
2172 process_cookie(client, &optbuf, optlen);
2175 if (!WANTEXPIRE(client))
2179 client->attributes |= NS_CLIENTATTR_WANTEXPIRE;
2183 result = process_ecs(client, &optbuf, optlen);
2185 ns_client_error(client, result);
2192 result = process_keytag(client, &optbuf,
2195 ns_client_error(client, result);
2211 client->attributes |= NS_CLIENTATTR_WANTOPT;
2223 ns_client_t *client;
2244 client = event->ev_arg;
2245 REQUIRE(NS_CLIENT_VALID(client));
2246 REQUIRE(task == client->task);
2248 INSIST(client->recursionquota == NULL);
2250 INSIST(client->state == (TCP_CLIENT(client) ?
2257 INSIST(!TCP_CLIENT(client));
2259 REQUIRE(sevent == client->recvevent);
2265 client->peeraddr = sevent->address;
2266 client->peeraddr_valid = ISC_TRUE;
2269 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2272 if (client->dscp == -1)
2273 client->dscp = sevent->dscp;
2276 client->attributes |= NS_CLIENTATTR_PKTINFO;
2277 client->pktinfo = sevent->pktinfo;
2280 client->attributes |= NS_CLIENTATTR_MULTICAST;
2281 client->nrecvs--;
2283 INSIST(TCP_CLIENT(client));
2285 REQUIRE(event->ev_sender == &client->tcpmsg);
2286 buffer = &client->tcpmsg.buffer;
2287 result = client->tcpmsg.result;
2288 INSIST(client->nreads == 1);
2290 * client->peeraddr was set when the connection was accepted.
2292 client->nreads--;
2297 if (TCP_CLIENT(client))
2300 if (exit_check(client))
2302 client->state = client->newstate = NS_CLIENTSTATE_WORKING;
2304 isc_task_getcurrenttimex(task, &client->requesttime);
2305 client->tnow = client->requesttime;
2306 client->now = isc_time_seconds(&client->tnow);
2309 if (TCP_CLIENT(client)) {
2310 ns_client_next(client, result);
2316 "UDP client handler shutting "
2320 isc_task_shutdown(client->task);
2325 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
2328 if (ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) ==
2330 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2333 ns_client_next(client, ISC_R_SUCCESS);
2338 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2341 TCP_CLIENT(client) ? "TCP" : "UDP");
2347 if (!TCP_CLIENT(client)) {
2354 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2357 ns_client_next(client, ISC_R_SUCCESS);
2366 if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0) {
2367 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2370 ns_client_next(client, DNS_R_REFUSED);
2380 ns_client_next(client, result);
2385 * The client object handles requests, not responses.
2390 if (TCP_CLIENT(client)) {
2392 ns_client_next(client, DNS_R_FORMERR);
2395 dns_dispatch_importrecv(client->dispatch, event);
2396 ns_client_next(client, ISC_R_SUCCESS);
2404 if (isc_sockaddr_pf(&client->peeraddr) == PF_INET) {
2411 if (TCP_CLIENT(client)) {
2414 switch (isc_sockaddr_pf(&client->peeraddr)) {
2428 switch (isc_sockaddr_pf(&client->peeraddr)) {
2446 result = dns_message_parse(client->message, buffer, 0);
2453 (void)ns_client_addopt(client, client->message,
2454 &client->opt);
2456 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2460 ns_client_error(client, result);
2467 if (client->message->opcode != dns_opcode_query)
2468 client->pipelined = ISC_FALSE;
2469 if (TCP_CLIENT(client) && client->pipelined) {
2472 result = ns_client_replace(client);
2474 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2478 client->pipelined = ISC_FALSE;
2483 client->message->opcode);
2484 switch (client->message->opcode) {
2496 client->message->rcode = dns_rcode_noerror;
2499 if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0)
2500 client->message->flags &= ~DNS_MESSAGEFLAG_RD;
2508 opt = dns_message_getopt(client->message);
2510 client->ecs_addrlen = 0;
2511 client->ecs_scope = 0;
2518 ns_client_next(client, ISC_R_SUCCESS);
2521 result = process_opt(client, opt);
2526 if (client->message->rdclass == 0) {
2527 if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0 ||
2528 (client->message->opcode == dns_opcode_query &&
2529 client->message->counts[DNS_SECTION_QUESTION] == 0U)) {
2530 result = dns_message_reply(client->message, ISC_TRUE);
2532 ns_client_error(client, result);
2536 client->message->rcode = dns_rcode_notimp;
2537 ns_client_send(client);
2540 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2543 ns_client_dumpmessage(client,
2545 ns_client_error(client, notimp ? DNS_R_NOTIMP : DNS_R_FORMERR);
2560 if ((client->interface->flags & NS_INTERFACEFLAG_ANYADDR) == 0)
2561 isc_netaddr_fromsockaddr(&client->destaddr,
2562 &client->interface->addr);
2567 if (TCP_CLIENT(client))
2568 result = isc_socket_getsockname(client->tcpsocket,
2571 isc_netaddr_fromsockaddr(&client->destaddr, &sockaddr);
2573 client->interface->addr.type.sa.sa_family == AF_INET6 &&
2574 (client->attributes & NS_CLIENTATTR_PKTINFO) != 0) {
2583 isc_netaddr_fromin6(&client->destaddr,
2584 &client->pktinfo.ipi6_addr);
2585 if (IN6_IS_ADDR_LINKLOCAL(&client->pktinfo.ipi6_addr))
2586 isc_netaddr_setzone(&client->destaddr,
2587 client->pktinfo.ipi6_ifindex);
2595 ns_client_next(client, ISC_R_SUCCESS);
2600 isc_sockaddr_fromnetaddr(&client->destsockaddr, &client->destaddr, 0);
2603 * Find a view that matches the client's source address.
2608 if (client->message->rdclass == view->rdclass ||
2609 client->message->rdclass == dns_rdataclass_any)
2615 sigresult = dns_message_rechecksig(client->message,
2620 tsigkey = client->message->tsigkey;
2624 if ((client->attributes & NS_CLIENTATTR_HAVEECS) != 0) {
2625 addr = &client->ecs_addr;
2626 scope = &client->ecs_scope;
2629 if (allowed(&netaddr, tsig, addr, client->ecs_addrlen,
2631 allowed(&client->destaddr, tsig, NULL,
2634 (client->message->flags & DNS_MESSAGEFLAG_RD) == 0))
2636 dns_view_attach(view, &client->view);
2653 dns_message_resetsig(client->message);
2655 r = dns_message_getrawmessage(client->message);
2658 (void)dns_tsig_verify(&b, client->message, NULL, NULL);
2660 dns_rdataclass_format(client->message->rdclass, classname,
2662 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2665 ns_client_dumpmessage(client, "no matching view in class");
2666 ns_client_error(client, notimp ? DNS_R_NOTIMP : DNS_R_REFUSED);
2670 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2680 client->signer = NULL;
2681 dns_name_init(&client->signername, NULL);
2682 result = dns_message_signer(client->message, &client->signername);
2685 if (dns_message_gettsig(client->message, &signame) != NULL) {
2696 dns_name_format(&client->signername, namebuf, sizeof(namebuf));
2697 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2700 client->signer = &client->signername;
2702 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2706 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2719 if (dns_message_gettsig(client->message, &signame) != NULL) {
2723 status = client->message->tsigstatus;
2728 if (client->message->tsigkey->generated) {
2729 dns_name_format(client->message->tsigkey->creator,
2731 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2740 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2749 status = client->message->sig0status;
2754 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2764 if (!(client->message->tsigstatus == dns_tsigerror_badkey &&
2765 client->message->opcode == dns_opcode_update)) {
2766 ns_client_error(client, sigresult);
2772 * Decide whether recursive service is available to this client.
2779 if (client->view->resolver != NULL &&
2780 client->view->recursion == ISC_TRUE &&
2781 ns_client_checkaclsilent(client, NULL,
2782 client->view->recursionacl,
2784 ns_client_checkaclsilent(client, NULL,
2785 client->view->cacheacl,
2787 ns_client_checkaclsilent(client, &client->destaddr,
2788 client->view->recursiononacl,
2790 ns_client_checkaclsilent(client, &client->destaddr,
2791 client->view->cacheonacl,
2796 client->attributes |= NS_CLIENTATTR_RA;
2798 ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
2803 * Adjust maximum UDP response size for this client.
2805 if (client->udpsize > 512) {
2811 if (client->udpsize > udpsize)
2812 client->udpsize = udpsize;
2818 switch (client->message->opcode) {
2822 if ((client->message->flags & DNS_MESSAGEFLAG_RD) != 0)
2827 dns_dt_send(view, dtmsgtype, &client->peeraddr,
2828 &client->interface->addr, TCP_CLIENT(client), NULL,
2829 &client->requesttime, NULL, buffer);
2832 ns_query_start(client);
2836 ns_client_settimeout(client, 60);
2837 ns_update_start(client, sigresult);
2841 ns_client_settimeout(client, 60);
2842 ns_notify_start(client);
2846 ns_client_error(client, DNS_R_NOTIMP);
2850 ns_client_error(client, DNS_R_NOTIMP);
2859 ns_client_t *client;
2864 client = event->ev_arg;
2865 REQUIRE(NS_CLIENT_VALID(client));
2866 REQUIRE(task == client->task);
2867 REQUIRE(client->timer != NULL);
2875 if (client->shutdown != NULL) {
2876 (client->shutdown)(client->shutdown_arg, ISC_R_TIMEDOUT);
2877 client->shutdown = NULL;
2878 client->shutdown_arg = NULL;
2881 if (client->newstate > NS_CLIENTSTATE_READY)
2882 client->newstate = NS_CLIENTSTATE_READY;
2883 (void)exit_check(client);
2902 isc_mem_setname(*mctxp, "client", NULL);
2917 isc_mem_setname(clientmctx, "client", NULL);
2932 ns_client_t *client;
2939 * Note: creating a client does not add the client to the
2940 * manager's client list or set the client's manager pointer.
2950 client = isc_mem_get(mctx, sizeof(*client));
2951 if (client == NULL) {
2955 client->mctx = mctx;
2957 client->task = NULL;
2958 result = isc_task_create(manager->taskmgr, 0, &client->task);
2961 isc_task_setname(client->task, "client", client);
2963 client->timer = NULL;
2965 NULL, NULL, client->task, client_timeout,
2966 client, &client->timer);
2969 client->timerset = ISC_FALSE;
2971 client->delaytimer = NULL;
2973 client->message = NULL;
2974 result = dns_message_create(client->mctx, DNS_MESSAGE_INTENTPARSE,
2975 &client->message);
2981 client->sendevent = isc_socket_socketevent(client->mctx, client,
2983 client_senddone, client);
2984 if (client->sendevent == NULL) {
2989 client->recvbuf = isc_mem_get(client->mctx, RECV_BUFFER_SIZE);
2990 if (client->recvbuf == NULL) {
2995 client->recvevent = isc_socket_socketevent(client->mctx, client,
2997 client_request, client);
2998 if (client->recvevent == NULL) {
3003 client->magic = NS_CLIENT_MAGIC;
3004 client->manager = NULL;
3005 client->state = NS_CLIENTSTATE_INACTIVE;
3006 client->newstate = NS_CLIENTSTATE_MAX;
3007 client->naccepts = 0;
3008 client->nreads = 0;
3009 client->nsends = 0;
3010 client->nrecvs = 0;
3011 client->nupdates = 0;
3012 client->nctls = 0;
3013 client->references = 0;
3014 client->attributes = 0;
3015 client->view = NULL;
3016 client->dispatch = NULL;
3017 client->udpsocket = NULL;
3018 client->tcplistener = NULL;
3019 client->tcpsocket = NULL;
3020 client->tcpmsg_valid = ISC_FALSE;
3021 client->tcpbuf = NULL;
3022 client->opt = NULL;
3023 client->udpsize = 512;
3024 client->dscp = -1;
3025 client->extflags = 0;
3026 client->ednsversion = -1;
3027 client->next = NULL;
3028 client->shutdown = NULL;
3029 client->shutdown_arg = NULL;
3030 client->signer = NULL;
3031 dns_name_init(&client->signername, NULL);
3032 client->mortal = ISC_FALSE;
3033 client->pipelined = ISC_FALSE;
3034 client->tcpquota = NULL;
3035 client->recursionquota = NULL;
3036 client->interface = NULL;
3037 client->peeraddr_valid = ISC_FALSE;
3038 client->ecs_addrlen = 0;
3039 client->ecs_scope = 0;
3041 client->filter_aaaa = dns_aaaa_ok;
3043 client->needshutdown = ns_g_clienttest;
3045 ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
3046 NS_EVENT_CLIENTCONTROL, client_start, client, client,
3052 isc_sockaddr_any(&client->formerrcache.addr);
3053 client->formerrcache.time = 0;
3054 client->formerrcache.id = 0;
3055 ISC_LINK_INIT(client, link);
3056 ISC_LINK_INIT(client, rlink);
3057 ISC_QLINK_INIT(client, ilink);
3058 client->keytag = NULL;
3059 client->keytag_len = 0;
3062 * We call the init routines for the various kinds of client here,
3063 * after we have created an otherwise valid client, because some
3064 * of them call routines that REQUIRE(NS_CLIENT_VALID(client)).
3066 result = ns_query_init(client);
3070 result = isc_task_onshutdown(client->task, client_shutdown, client);
3076 *clientp = client;
3081 ns_query_free(client);
3084 isc_event_free((isc_event_t **)&client->recvevent);
3087 isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
3090 isc_event_free((isc_event_t **)&client->sendevent);
3092 client->magic = 0;
3095 dns_message_destroy(&client->message);
3098 isc_timer_detach(&client->timer);
3101 isc_task_detach(&client->task);
3104 isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
3110 client_read(ns_client_t *client) {
3115 result = dns_tcpmsg_readmessage(&client->tcpmsg, client->task,
3116 client_request, client);
3124 ns_client_settimeout(client, 30);
3126 client->state = client->newstate = NS_CLIENTSTATE_READING;
3127 INSIST(client->nreads == 0);
3128 INSIST(client->recursionquota == NULL);
3129 client->nreads++;
3133 ns_client_next(client, result);
3138 ns_client_t *client = event->ev_arg;
3143 REQUIRE(NS_CLIENT_VALID(client));
3144 REQUIRE(client->task == task);
3148 INSIST(client->state == NS_CLIENTSTATE_READY);
3150 INSIST(client->naccepts == 1);
3151 client->naccepts--;
3153 LOCK(&client->interface->lock);
3154 INSIST(client->interface->ntcpcurrent > 0);
3155 client->interface->ntcpcurrent--;
3156 UNLOCK(&client->interface->lock);
3163 client->tcpsocket = nevent->newsocket;
3164 isc_socket_setname(client->tcpsocket, "client-tcp", NULL);
3165 client->state = NS_CLIENTSTATE_READING;
3166 INSIST(client->recursionquota == NULL);
3168 (void)isc_socket_getpeername(client->tcpsocket,
3169 &client->peeraddr);
3170 client->peeraddr_valid = ISC_TRUE;
3171 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
3185 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
3191 if (exit_check(client))
3198 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
3207 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
3210 client->newstate = NS_CLIENTSTATE_READY;
3211 (void)exit_check(client);
3215 INSIST(client->tcpmsg_valid == ISC_FALSE);
3216 dns_tcpmsg_init(client->mctx, client->tcpsocket,
3217 &client->tcpmsg);
3218 client->tcpmsg_valid = ISC_TRUE;
3221 * Let a new client take our place immediately, before
3226 client->pipelined = ISC_FALSE;
3228 &client->tcpquota);
3230 result = ns_client_replace(client);
3232 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
3239 client->pipelined = ISC_TRUE;
3242 client_read(client);
3250 client_accept(ns_client_t *client) {
3255 result = isc_socket_accept(client->tcplistener, client->task,
3256 client_newconn, client);
3270 INSIST(client->naccepts == 0);
3271 client->naccepts++;
3272 LOCK(&client->interface->lock);
3273 client->interface->ntcpcurrent++;
3274 UNLOCK(&client->interface->lock);
3278 client_udprecv(ns_client_t *client) {
3284 r.base = client->recvbuf;
3286 result = isc_socket_recv2(client->udpsocket, &r, 1,
3287 client->task, client->recvevent, 0);
3300 INSIST(client->nrecvs == 0);
3301 client->nrecvs++;
3318 ns_client_t *client = *clientp;
3320 client->references--;
3321 INSIST(client->references >= 0);
3323 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
3325 "ns_client_detach: ref = %d", client->references);
3326 (void)exit_check(client);
3330 ns_client_shuttingdown(ns_client_t *client) {
3331 return (ISC_TF(client->newstate == NS_CLIENTSTATE_FREED));
3335 ns_client_replace(ns_client_t *client) {
3341 REQUIRE(client != NULL);
3342 REQUIRE(client->manager != NULL);
3344 tcp = TCP_CLIENT(client);
3345 if (tcp && client->pipelined) {
3346 result = get_worker(client->manager, client->interface,
3347 client->tcpsocket);
3349 result = get_client(client->manager, client->interface,
3350 client->dispatch, tcp);
3357 * transferred to the new client. Therefore, the old client
3360 client->mortal = ISC_TRUE;
3456 ns_client_t *client;
3476 for (client = ISC_LIST_HEAD(manager->clients);
3477 client != NULL;
3478 client = ISC_LIST_NEXT(client, link))
3479 isc_task_shutdown(client->task);
3499 ns_client_t *client;
3500 MTRACE("get client");
3508 * Allocate a client. First try to get a recycled one;
3511 client = NULL;
3513 ISC_QUEUE_POP(manager->inactive, ilink, client);
3515 if (client != NULL)
3521 result = client_create(manager, &client);
3527 ISC_LIST_APPEND(manager->clients, client, link);
3531 client->manager = manager;
3532 ns_interface_attach(ifp, &client->interface);
3533 client->state = NS_CLIENTSTATE_READY;
3534 INSIST(client->recursionquota == NULL);
3536 client->dscp = ifp->dscp;
3539 client->attributes |= NS_CLIENTATTR_TCP;
3541 &client->tcplistener);
3545 dns_dispatch_attach(disp, &client->dispatch);
3546 sock = dns_dispatch_getsocket(client->dispatch);
3547 isc_socket_attach(sock, &client->udpsocket);
3550 INSIST(client->nctls == 0);
3551 client->nctls++;
3552 ev = &client->ctlevent;
3553 isc_task_send(client->task, &ev);
3563 ns_client_t *client;
3572 * Allocate a client. First try to get a recycled one;
3575 client = NULL;
3577 ISC_QUEUE_POP(manager->inactive, ilink, client);
3579 if (client != NULL)
3585 result = client_create(manager, &client);
3591 ISC_LIST_APPEND(manager->clients, client, link);
3595 client->manager = manager;
3596 ns_interface_attach(ifp, &client->interface);
3597 client->newstate = client->state = NS_CLIENTSTATE_WORKING;
3598 INSIST(client->recursionquota == NULL);
3599 client->tcpquota = &ns_g_server->tcpquota;
3601 client->dscp = ifp->dscp;
3603 client->attributes |= NS_CLIENTATTR_TCP;
3604 client->pipelined = ISC_TRUE;
3605 client->mortal = ISC_TRUE;
3607 isc_socket_attach(ifp->tcpsocket, &client->tcplistener);
3608 isc_socket_attach(sock, &client->tcpsocket);
3609 isc_socket_setname(client->tcpsocket, "worker-tcp", NULL);
3610 (void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr);
3611 client->peeraddr_valid = ISC_TRUE;
3613 INSIST(client->tcpmsg_valid == ISC_FALSE);
3614 dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg);
3615 client->tcpmsg_valid = ISC_TRUE;
3617 INSIST(client->nctls == 0);
3618 client->nctls++;
3619 ev = &client->ctlevent;
3620 isc_task_send(client->task, &ev);
3647 ns_client_getsockaddr(ns_client_t *client) {
3648 return (&client->peeraddr);
3652 ns_client_getdestaddr(ns_client_t *client) {
3653 return (&client->destsockaddr);
3657 ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr,
3674 isc_netaddr_fromsockaddr(&tmpnetaddr, &client->peeraddr);
3678 if ((client->attributes & NS_CLIENTATTR_HAVEECS) != 0) {
3679 ecs_addr = &client->ecs_addr;
3680 ecs_addrlen = client->ecs_addrlen;
3683 result = dns_acl_match2(netaddr, client->signer,
3702 ns_client_checkacl(ns_client_t *client, isc_sockaddr_t *sockaddr,
3712 result = ns_client_checkaclsilent(client, sockaddr ? &netaddr : NULL,
3716 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
3720 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
3727 ns_client_name(ns_client_t *client, char *peerbuf, size_t len) {
3728 if (client->peeraddr_valid)
3729 isc_sockaddr_format(&client->peeraddr, peerbuf,
3732 snprintf(peerbuf, len, "@%p", client);
3736 ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
3749 if (client->signer != NULL) {
3750 dns_name_format(client->signer, signerbuf, sizeof(signerbuf));
3755 q = client->query.origqname != NULL
3756 ? client->query.origqname : client->query.qname;
3764 if (client->view != NULL && strcmp(client->view->name, "_bind") != 0 &&
3765 strcmp(client->view->name, "_default") != 0) {
3767 viewname = client->view->name;
3770 if (client->peeraddr_valid) {
3771 isc_sockaddr_format(&client->peeraddr,
3778 "client @%p %s%s%s%s%s%s%s%s: %s",
3779 client, peerbuf, sep1, signer, sep2, qname, sep3,
3784 ns_client_log(ns_client_t *client, isc_logcategory_t *category,
3793 ns_client_logv(client, category, module, level, fmt, ap);
3813 ns_client_dumpmessage(ns_client_t *client, const char *reason) {
3828 buf = isc_mem_get(client->mctx, len);
3832 result = dns_message_totext(client->message,
3836 isc_mem_put(client->mctx, buf, len);
3839 ns_client_log(client, NS_LOGCATEGORY_UNMATCHED,
3847 isc_mem_put(client->mctx, buf, len);
3852 ns_client_t *client;
3866 client = ISC_LIST_HEAD(manager->recursing);
3867 while (client != NULL) {
3868 INSIST(client->state == NS_CLIENTSTATE_RECURSING);
3870 ns_client_name(client, peerbuf, sizeof(peerbuf));
3871 if (client->view != NULL &&
3872 strcmp(client->view->name, "_bind") != 0 &&
3873 strcmp(client->view->name, "_default") != 0) {
3874 name = client->view->name;
3881 LOCK(&client->query.fetchlock);
3882 INSIST(client->query.qname != NULL);
3883 dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
3884 if (client->query.qname != client->query.origqname &&
3885 client->query.origqname != NULL) {
3887 dns_name_format(client->query.origqname, original,
3893 rdataset = ISC_LIST_HEAD(client->query.qname->list);
3894 if (rdataset == NULL && client->query.origqname != NULL)
3895 rdataset = ISC_LIST_HEAD(client->query.origqname->list);
3905 UNLOCK(&client->query.fetchlock);
3906 fprintf(f, "; client %s%s%s: id %u '%s/%s/%s'%s%s "
3908 client->message->id, namebuf, typebuf, classbuf,
3910 isc_time_seconds(&client->requesttime));
3911 client = ISC_LIST_NEXT(client, rlink);
3917 ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) {
3918 LOCK(&client->query.fetchlock);
3919 if (client->query.restarts > 0) {
3921 * client->query.qname was dynamically allocated.
3923 dns_message_puttempname(client->message,
3924 &client->query.qname);
3926 client->query.qname = name;
3927 client->query.attributes &= ~NS_QUERYATTR_REDIRECT;
3928 UNLOCK(&client->query.fetchlock);
3933 ns_client_t *client = (ns_client_t *) ci->data;
3935 REQUIRE(NS_CLIENT_VALID(client));
3938 *addrp = &client->peeraddr;