client.c revision 925c021f1f7eca92078548f765fa3f7c14f4c8b5
/*
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.213 2002/10/28 02:35:36 marka Exp $ */
#include <config.h>
#include <isc/formatcheck.h>
#include <dns/dispatch.h>
#include <dns/rdataclass.h>
#include <dns/rdatalist.h>
#include <dns/rdataset.h>
#include <named/interfacemgr.h>
/***
*** Client
***/
/*
* Important note!
*
* All client state changes, other than that from idle to listening, occur
* as a result of events. This guarantees serialization and avoids the
* need for locking.
*
* If a routine is ever created that allows someone other than the client's
* task to change the client, then the client will have to be locked.
*/
#define NS_CLIENT_TRACE
#ifdef NS_CLIENT_TRACE
ISC_LOG_DEBUG(3), \
"%s", (m))
ISC_LOG_DEBUG(3), \
"clientmgr @%p: %s", manager, (m))
#else
#define CTRACE(m) ((void)(m))
#define MTRACE(m) ((void)(m))
#endif
#define SEND_BUFFER_SIZE 4096
#define RECV_BUFFER_SIZE 4096
struct ns_clientmgr {
/* Unlocked. */
unsigned int magic;
/* Locked by lock. */
};
/*
* Client object states. Ordering is significant: higher-numbered
* states are generally "more active", meaning that the client can
* have more dynamically allocated data, outstanding events, etc.
* In the list below, any such properties listed for state N
* also apply to any state > N.
*
* To force the client into a less active state, set client->newstate
* to that state and call exit_check(). This will cause any
* activities defined for higher-numbered states to be aborted.
*/
#define NS_CLIENTSTATE_FREED 0
/*
* The client object no longer exists.
*/
#define NS_CLIENTSTATE_INACTIVE 1
/*
* The client object exists and has a task and timer.
* Its "query" struct and sendbuf are initialized.
* It is on the client manager's list of inactive clients.
* It has a message and OPT, both in the reset state.
*/
#define NS_CLIENTSTATE_READY 2
/*
* The client object is either a TCP or a UDP one, and
* it is associated with a network interface. It is on the
* client manager's list of active clients.
*
* If it is a TCP client object, it has a TCP listener socket
* and an outstanding TCP listen request.
*
* If it is a UDP client object, it has a UDP listener socket
* and an outstanding UDP receive request.
*/
#define NS_CLIENTSTATE_READING 3
/*
* The client object is a TCP client object that has received
* a connection. It has a tcpsocket, tcpmsg, TCP quota, and an
* outstanding TCP read request. This state is not used for
* UDP client objects.
*/
#define NS_CLIENTSTATE_WORKING 4
/*
* The client object has received a request and is working
* on it. It has a view, and it may have any of a non-reset OPT,
* recursion quota, and an outstanding write request.
*/
#define NS_CLIENTSTATE_MAX 9
/*
* Sentinel value used to indicate "no state". When client->newstate
* has this value, we are not attempting to exit the current state.
* Must be greater than any valid state.
*/
void
if (killoldest) {
}
}
}
void
if (result != ISC_R_SUCCESS) {
"setting timeout: %s",
/* Continue anyway. */
}
}
/*
* Check for a deactivation or shutdown request and take appropriate
* action. Returns ISC_TRUE if either is in progress; in this case
* the caller must no longer use the client object as it may have been
* freed.
*/
static isc_boolean_t
return (ISC_FALSE); /* Business as usual. */
/*
* We need to detach from the view early when shutting down
* the server to break the following vicious circle:
*
* - The resolver will not shut down until the view refcount is zero
* - The view refcount does not go to zero until all clients detach
* - The client does not detach from the view until references is zero
* - references does not go to zero until the resolver has shut down
*
*/
/*
* We are trying to abort request processing.
*/
if (TCP_CLIENT(client))
else
}
client->references == 0))
{
/*
* Still waiting for I/O cancel completion.
* or lingering references.
*/
return (ISC_TRUE);
}
/*
* I/O cancel is complete. Burn down all state
* related to the current request.
*/
return (ISC_TRUE); /* We're done. */
}
}
/*
* We are trying to abort the current TCP connection,
* if any.
*/
/* Still waiting for read cancel completion. */
return (ISC_TRUE);
}
if (client->tcpmsg_valid) {
}
CTRACE("closetcp");
}
}
/*
* Now the client is ready to accept a new TCP connection
* or UDP request, but we may have enough clients doing
* that already. Check whether this client needs to remain
* active and force it to go inactive if not.
*/
if (TCP_CLIENT(client)) {
} else
return (ISC_TRUE);
}
}
/*
* We are trying to enter the inactive state.
*/
/* Still waiting for accept cancel completion. */
return (ISC_TRUE);
}
/* Accept cancel is complete. */
/* Still waiting for recv cancel completion. */
return (ISC_TRUE);
}
/* Recv cancel is complete. */
/* Still waiting for control event to be delivered */
return (ISC_TRUE);
}
/* Deactivate the client. */
client->attributes = 0;
/*
* Put the client on the inactive list. If we are aiming for
* the "freed" state, it will be removed from the inactive
* list shortly, and we need to keep the manager locked until
* that has been done, lest the manager decide to reactivate
* the dying client inbetween.
*/
goto unlock;
}
}
/*
* We are trying to free the client.
*
* When "shuttingdown" is true, either the task has received
* its shutdown event or no shutdown event has ever been
* set up. Thus, we have no outstanding shutdown
* event at this point.
*/
}
if (locked_manager == NULL) {
}
}
/*
* Detaching the task must be done after unlinking from
* the manager's lists because the manager accesses
* client->task.
*/
CTRACE("free");
goto unlock;
}
if (locked_manager != NULL) {
}
/*
* Only now is it safe to destroy the client manager (if needed),
* because we have accessed its lock for the last time.
*/
if (destroy_manager != NULL)
return (ISC_TRUE);
}
/*
* The client's task has received the client's control event
* as part of the startup process.
*/
static void
if (exit_check(client))
return;
if (TCP_CLIENT(client)) {
} else {
}
}
/*
* The client's task has received a shutdown event.
*/
static void
CTRACE("shutdown");
}
(void)exit_check(client);
}
static void
CTRACE("endrequest");
}
}
/*
* Clear all client attributes that are specific to
* the request; that's all except the TCP flag.
*/
}
static void
/*
* This client object should normally go inactive
* at this point, but if we have fewer active client
* objects than desired due to earlier quota exhaustion,
* keep it active to make up for the shortage.
*/
if (TCP_CLIENT(client)) {
} else {
/*
* The UDP client quota is enforced by making
* requests fail rather than by not listening
* for new ones. Therefore, there is always a
* full set of UDP clients listening.
*/
}
if (! need_another_client) {
/*
* We don't need this client object. Recycle it.
*/
}
}
}
void
int newstate;
CTRACE("next");
if (result != ISC_R_SUCCESS)
/*
* An error processing a TCP request may have left
* the connection out of sync. To be safe, we always
* sever the connection when result != ISC_R_SUCCESS.
*/
else
(void)exit_check(client);
}
static void
CTRACE("senddone");
"error sending response: %s",
}
if (exit_check(client))
return;
}
/*
* We only want to fail with ISC_R_NOSPACE when called from
* ns_client_sendraw() and not when called from ns_client_send(),
* tcpbuffer is NULL when called from ns_client_sendraw() and
* length != 0. tcpbuffer != NULL when called from ns_client_send()
* and length == 0.
*/
static isc_result_t
{
unsigned char *data;
if (TCP_CLIENT(client)) {
goto done;
}
goto done;
}
} else {
}
} else {
else
goto done;
}
}
done:
return (result);
}
static isc_result_t
struct in6_pktinfo *pktinfo;
isc_region_t r;
int match;
unsigned int sockflags = ISC_SOCKFLAG_IMMEDIATE;
if (TCP_CLIENT(client)) {
} else {
match > 0)
return (DNS_R_BLACKHOLED);
}
else
isc_buffer_usedregion(buffer, &r);
CTRACE("sendto");
if (result == ISC_R_SUCCESS)
}
return (result);
}
void
unsigned char *data;
isc_region_t r;
unsigned char sendbuf[SEND_BUFFER_SIZE];
CTRACE("sendraw");
goto done;
}
if (result != ISC_R_SUCCESS)
goto done;
/*
* Copy message to buffer and fixup id.
*/
isc_buffer_availableregion(&buffer, &r);
if (result != ISC_R_SUCCESS)
goto done;
if (result == ISC_R_SUCCESS)
return;
done:
}
}
void
unsigned char *data;
isc_region_t r;
unsigned char sendbuf[SEND_BUFFER_SIZE];
unsigned int dnssec_opts;
unsigned int preferred_glue;
CTRACE("send");
dnssec_opts = 0;
else
preferred_glue = 0;
}
/*
* XXXRTH The following doesn't deal with TCP buffer resizing.
*/
if (result != ISC_R_SUCCESS)
goto done;
if (result != ISC_R_SUCCESS)
goto done;
if (result != ISC_R_SUCCESS)
goto done;
/*
* XXXRTH dns_message_setopt() should probably do this...
*/
if (result != ISC_R_SUCCESS)
goto done;
}
DNS_SECTION_QUESTION, 0);
if (result == ISC_R_NOSPACE) {
goto renderend;
}
if (result != ISC_R_SUCCESS)
goto done;
if (result == ISC_R_NOSPACE) {
goto renderend;
}
if (result != ISC_R_SUCCESS)
goto done;
if (result == ISC_R_NOSPACE) {
goto renderend;
}
if (result != ISC_R_SUCCESS)
goto done;
goto done;
if (result != ISC_R_SUCCESS)
goto done;
if (cleanup_cctx) {
}
if (TCP_CLIENT(client)) {
isc_buffer_usedregion(&buffer, &r);
} else
if (result == ISC_R_SUCCESS)
return;
done:
}
if (cleanup_cctx)
}
void
CTRACE("error");
/*
* Message may be an in-progress reply that we had trouble
* with, in which case QR will be set. We need to clear QR before
* calling dns_message_reply() to avoid triggering an assertion.
*/
/*
* AA and AD shouldn't be set.
*/
if (result != ISC_R_SUCCESS) {
/*
* It could be that we've got a query with a good header,
* but a bad question section, so we try again with
* want_question_section set to ISC_FALSE.
*/
if (result != ISC_R_SUCCESS) {
return;
}
}
/*
* FORMERR loop avoidance: If we sent a FORMERR message
* with the same ID to the same client less than two
* seconds ago, assume that we are in an infinite error
* packet dialog with a server for some protocol whose
* error responses look enough like DNS queries to
* elicit a FORMERR response. Drop a packet to break
* the loop.
*/
if (rcode == dns_rcode_formerr) {
/* Drop packet. */
"possible error packet loop, "
"FORMERR dropped");
return;
}
}
}
static inline isc_result_t
if (result != ISC_R_SUCCESS)
return (result);
if (result != ISC_R_SUCCESS)
return (result);
if (result != ISC_R_SUCCESS)
return (result);
/*
* Set the maximum UDP buffer size.
*/
/*
* Set EXTENDED-RCODE, VERSION and Z to 0.
*/
/*
* No ENDS options in the default case.
*/
== ISC_R_SUCCESS);
return (ISC_R_SUCCESS);
}
static inline isc_boolean_t
int match;
return (ISC_TRUE);
return (ISC_TRUE);
return (ISC_FALSE);
}
/*
* Handle an incoming request event from the socket (UDP case)
* or tcpmsg (TCP case).
*/
static void
int match;
unsigned int flags;
TCP_CLIENT(client) ?
if (result == ISC_R_SUCCESS) {
}
}
} else {
/*
* client->peeraddr was set when the connection was accepted.
*/
}
if (exit_check(client))
goto cleanup;
if (result != ISC_R_SUCCESS) {
if (TCP_CLIENT(client)) {
} else {
if (result != ISC_R_CANCELED)
"UDP client handler shutting "
"down due to fatal receive "
"error: %s",
}
goto cleanup;
}
"%s request",
/*
* Check the blackhole ACL for UDP only, since TCP is done in
* client_newconn.
*/
if (!TCP_CLIENT(client)) {
match > 0)
{
"blackholed UDP datagram");
goto cleanup;
}
}
/*
* Silently drop multicast requests for the present.
*/
"dropping multicast request");
}
if (result != ISC_R_SUCCESS) {
/*
* There isn't enough header to determine whether
* this was a request or a response. Drop it.
*/
goto cleanup;
}
/*
* The client object handles requests, not responses.
* If this is a UDP response, forward it to the dispatcher.
* If it's a TCP response, discard it here.
*/
if ((flags & DNS_MESSAGEFLAG_QR) != 0) {
if (TCP_CLIENT(client)) {
CTRACE("unexpected response");
goto cleanup;
} else {
goto cleanup;
}
}
/*
* It's a request. Parse it.
*/
if (result != ISC_R_SUCCESS) {
/*
* Parsing the request failed. Send a response
* (typically FORMERR or SERVFAIL).
*/
goto cleanup;
}
case dns_opcode_query:
case dns_opcode_update:
case dns_opcode_notify:
break;
case dns_opcode_iquery:
default:
break;
}
/* RFC1123 section 6.1.3.2 */
/*
* Deal with EDNS.
*/
unsigned int version;
/*
* Set the client's UDP buffer size.
*/
/*
* If the requested UDP buffer size is less than 512,
* ignore it and use 512.
*/
/*
* Get the flags out of the OPT record.
*/
/*
* Create an OPT for our reply.
*/
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
/*
* Do we understand this version of ENDS?
*
* XXXRTH need library support for this!
*/
if (version != 0) {
goto cleanup;
}
}
"message class could not be determined");
"message class could not be determined");
goto cleanup;
}
/*
* Determine the destination address. For IPv6, we get this from the
* pktinfo structure (if supported). For IPv4, we have to make do with
* the address of the interface where the request was received.
*/
isc_uint32_t zone = 0;
/*
* XXXJT technically, we should convert the receiving
* interface ID to a proper scope zone ID. However,
* due to the fact there is no standard API for this,
* we only handle link-local addresses and use the
* interface index as link ID. Despite the assumption,
* it should cover most typical cases.
*/
} else
} else {
}
/*
* Find a view that matches the client's source address.
*/
{
view);
if (sigresult == ISC_R_SUCCESS)
== 0 && view->matchrecursiveonly))
{
break;
}
}
}
/*
* Do a dummy TSIG verification attempt so that the
* response will have a TSIG if the query did, as
* required by RFC2845.
*/
isc_buffer_t b;
isc_region_t *r;
isc_buffer_add(&b, r->length);
sizeof(classname));
"no matching view in class '%s'", classname);
goto cleanup;
}
/*
* Check for a signature. We log bad signatures regardless of
* whether they ultimately cause the request to be rejected or
* not. We do not log the lack of a signature unless we are
* debugging.
*/
if (result == ISC_R_SUCCESS) {
"request has valid signature");
} else if (result == ISC_R_NOTFOUND) {
"request is not signed");
} else if (result == DNS_R_NOIDENTITY) {
"request is signed by a nonauthoritative key");
} else {
char tsigrcode[64];
isc_buffer_t b;
&b) == ISC_R_SUCCESS);
/* There is a signature, but it is bad. */
"request has invalid signature: %s (%s)",
/*
* Accept update messages signed by unknown keys so that
* update forwarding works transparently through slaves
* that don't have all the same keys as the master.
*/
goto cleanup;
}
}
/*
* Decide whether recursive service is available to this client.
* We do this here rather than in the query code so that we can
* set the RA bit correctly on all kinds of responses, not just
* responses to ordinary queries.
*/
ISC_TRUE) == ISC_R_SUCCESS)
"recursion not available");
/*
* Dispatch the request.
*/
case dns_opcode_query:
CTRACE("query");
break;
case dns_opcode_update:
CTRACE("update");
break;
case dns_opcode_notify:
CTRACE("notify");
break;
case dns_opcode_iquery:
CTRACE("iquery");
break;
default:
CTRACE("unknown opcode");
}
return;
}
static void
CTRACE("timeout");
}
(void)exit_check(client);
}
static isc_result_t
{
/*
* Caller must be holding the manager lock.
*
* Note: creating a client does not add the client to the
* manager's client list or set the client's manager pointer.
* The caller is responsible for that.
*/
return (ISC_R_NOMEMORY);
if (result != ISC_R_SUCCESS)
goto cleanup_client;
if (result != ISC_R_SUCCESS)
goto cleanup_task;
if (result != ISC_R_SUCCESS)
goto cleanup_timer;
/* XXXRTH Hardwired constants */
sizeof(isc_socketevent_t));
goto cleanup_message;
}
goto cleanup_sendevent;
}
sizeof(isc_socketevent_t));
goto cleanup_recvbuf;
}
client->references = 0;
client->attributes = 0;
/*
* Initialize FORMERR cache to sentinel value that will not match
* any actual FORMERR response.
*/
/*
* We call the init routines for the various kinds of client here,
* after we have created an otherwise valid client, because some
* of them call routines that REQUIRE(NS_CLIENT_VALID(client)).
*/
if (result != ISC_R_SUCCESS)
goto cleanup_recvevent;
if (result != ISC_R_SUCCESS)
goto cleanup_query;
CTRACE("create");
return (ISC_R_SUCCESS);
return (result);
}
static void
CTRACE("read");
if (result != ISC_R_SUCCESS)
goto fail;
/*
* Set a timeout to limit the amount of time we will wait
* for a request on this TCP connection.
*/
return;
fail:
}
static void
/*
* We must take ownership of the new socket before the exit
* check to make sure it gets destroyed if we decide to exit.
*/
"new TCP connection");
} else {
/*
* XXXRTH What should we do? We're trying to accept but
* it didn't work. If we just give up, then TCP
* service may eventually stop.
*
* For now, we just go idle.
*
* Going idle is probably the right thing if the
* I/O was canceled.
*/
"accept failed: %s",
}
if (exit_check(client))
goto freeevent;
int match;
match > 0)
{
"blackholed connection attempt");
(void)exit_check(client);
goto freeevent;
}
/*
* Let a new client take our place immediately, before
* we wait for a request packet. If we don't,
* telnetting to port 53 (once per CPU) will
* deny service to legititmate TCP clients.
*/
if (result == ISC_R_SUCCESS)
if (result != ISC_R_SUCCESS) {
"no more TCP clients: %s",
}
}
}
static void
CTRACE("accept");
if (result != ISC_R_SUCCESS) {
"isc_socket_accept() failed: %s",
/*
* XXXRTH What should we do? We're trying to accept but
* it didn't work. If we just give up, then TCP
* service may eventually stop.
*
* For now, we just go idle.
*/
return;
}
}
static void
isc_region_t r;
CTRACE("udprecv");
r.length = RECV_BUFFER_SIZE;
if (result != ISC_R_SUCCESS) {
"isc_socket_recv() failed: %s",
/*
* This cannot happen in the current implementation, since
* isc_socket_recv2() cannot fail if flags == 0.
*
* If this does fail, we just go idle.
*/
return;
}
}
void
source->references++;
}
void
client->references--;
(void)exit_check(client);
}
}
CTRACE("replace");
(TCP_CLIENT(client) ?
if (result != ISC_R_SUCCESS)
return (result);
/*
* The responsibility for listening for new requests is hereby
* transferred to the new client. Therefore, the old client
* should refrain from listening for any more requests.
*/
return (ISC_R_SUCCESS);
}
/***
*** Client Manager
***/
static void
MTRACE("clientmgr_destroy");
}
{
return (ISC_R_NOMEMORY);
if (result != ISC_R_SUCCESS)
goto cleanup_manager;
MTRACE("create");
return (ISC_R_SUCCESS);
return (result);
}
void
MTRACE("destroy");
if (need_destroy)
}
{
unsigned int i;
REQUIRE(n > 0);
MTRACE("createclients");
/*
* We MUST lock the manager lock for the entire client creation
* process. If we didn't do this, then a client could get a
* shutdown event and disappear out from under us.
*/
for (i = 0; i < n; i++) {
/*
* Allocate a client. First try to get a recycled one;
* if that fails, make a new one.
*/
MTRACE("recycle");
} else {
MTRACE("create new");
if (result != ISC_R_SUCCESS)
break;
}
if (tcp) {
&client->tcplistener);
} else {
}
}
if (i != 0) {
/*
* We managed to create at least one client, so we
* declare victory.
*/
}
return (result);
}
}
{
int match;
if (default_allow)
goto allow;
else
goto deny;
}
if (result != ISC_R_SUCCESS)
goto deny; /* Internal error, already logged. */
if (match > 0)
goto allow;
goto deny; /* Negative match or no match. */
return (ISC_R_SUCCESS);
deny:
return (DNS_R_REFUSED);
}
{
if (result == ISC_R_SUCCESS)
"%s approved", opname);
else
return (result);
}
static void
if (client->peeraddr_valid)
else
}
void
{
char msgbuf[2048];
char peerbuf[ISC_SOCKADDR_FORMATSIZE];
const char *name = "";
const char *sep = "";
sep = ": view ";
}
}
void
{
return;
}
void
{
char namebuf[DNS_NAME_FORMATSIZE];
}
static void
int len = 1024;
/*
* Note that these are multiline debug messages. We want a newline
* to appear in the log after each message.
*/
do {
break;
0, &buffer);
if (result == ISC_R_NOSPACE) {
len += 1024;
} else if (result == ISC_R_SUCCESS)
"%s\n%.*s", reason,
(int)isc_buffer_usedlength(&buffer),
buf);
} while (result == ISC_R_NOSPACE);
}
void
char namebuf[DNS_NAME_FORMATSIZE];
char peerbuf[ISC_SOCKADDR_FORMATSIZE];
const char *name;
const char *sep;
sep = ": view ";
} else {
name = "";
sep = "";
}
fprintf(f, "; client %s%s%s: '%s' requesttime %d\n",
}
}