1 /* 2 * services/mesh.c - deal with mesh of query states and handle events for that. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains functions to assist in dealing with a mesh of 40 * query states. This mesh is supposed to be thread-specific. 41 * It consists of query states (per qname, qtype, qclass) and connections 42 * between query states and the super and subquery states, and replies to 43 * send back to clients. 44 */ 45 #include "config.h" 46 #include "services/mesh.h" 47 #include "services/outbound_list.h" 48 #include "services/cache/dns.h" 49 #include "services/cache/rrset.h" 50 #include "services/cache/infra.h" 51 #include "util/log.h" 52 #include "util/net_help.h" 53 #include "util/module.h" 54 #include "util/regional.h" 55 #include "util/data/msgencode.h" 56 #include "util/timehist.h" 57 #include "util/fptr_wlist.h" 58 #include "util/alloc.h" 59 #include "util/config_file.h" 60 #include "util/edns.h" 61 #include "sldns/sbuffer.h" 62 #include "sldns/wire2str.h" 63 #include "services/localzone.h" 64 #include "util/data/dname.h" 65 #include "respip/respip.h" 66 #include "services/listen_dnsport.h" 67 #include "util/timeval_func.h" 68 69 #ifdef CLIENT_SUBNET 70 #include "edns-subnet/subnetmod.h" 71 #include "edns-subnet/edns-subnet.h" 72 #endif 73 #ifdef HAVE_SYS_TYPES_H 74 # include <sys/types.h> 75 #endif 76 #ifdef HAVE_NETDB_H 77 #include <netdb.h> 78 #endif 79 80 /** Compare two views by name */ 81 static int 82 view_name_compare(const char* v_a, const char* v_b) 83 { 84 if(v_a == NULL && v_b == NULL) 85 return 0; 86 /* The NULL name is smaller than if the name is set. */ 87 if(v_a == NULL) 88 return -1; 89 if(v_b == NULL) 90 return 1; 91 return strcmp(v_a, v_b); 92 } 93 94 /** 95 * Compare two response-ip client info entries for the purpose of mesh state 96 * compare. It returns 0 if ci_a and ci_b are considered equal; otherwise 97 * 1 or -1 (they mean 'ci_a is larger/smaller than ci_b', respectively, but 98 * in practice it should be only used to mean they are different). 99 * We cannot share the mesh state for two queries if different response-ip 100 * actions can apply in the end, even if those queries are otherwise identical. 101 * For this purpose we compare tag lists and tag action lists; they should be 102 * identical to share the same state. 103 * For tag data, we don't look into the data content, as it can be 104 * expensive; unless tag data are not defined for both or they point to the 105 * exact same data in memory (i.e., they come from the same ACL entry), we 106 * consider these data different. 107 * Likewise, if the client info is associated with views, we don't look into 108 * the views. They are considered different unless they are exactly the same 109 * even if the views only differ in the names. 110 */ 111 static int 112 client_info_compare(const struct respip_client_info* ci_a, 113 const struct respip_client_info* ci_b) 114 { 115 int cmp; 116 117 if(!ci_a && !ci_b) 118 return 0; 119 if(ci_a && !ci_b) 120 return -1; 121 if(!ci_a && ci_b) 122 return 1; 123 if(ci_a->taglen != ci_b->taglen) 124 return (ci_a->taglen < ci_b->taglen) ? -1 : 1; 125 if(ci_a->taglist && !ci_b->taglist) 126 return -1; 127 if(!ci_a->taglist && ci_b->taglist) 128 return 1; 129 if(ci_a->taglist && ci_b->taglist) { 130 cmp = memcmp(ci_a->taglist, ci_b->taglist, ci_a->taglen); 131 if(cmp != 0) 132 return cmp; 133 } 134 if(ci_a->tag_actions_size != ci_b->tag_actions_size) 135 return (ci_a->tag_actions_size < ci_b->tag_actions_size) ? 136 -1 : 1; 137 if(ci_a->tag_actions && !ci_b->tag_actions) 138 return -1; 139 if(!ci_a->tag_actions && ci_b->tag_actions) 140 return 1; 141 if(ci_a->tag_actions && ci_b->tag_actions) { 142 cmp = memcmp(ci_a->tag_actions, ci_b->tag_actions, 143 ci_a->tag_actions_size); 144 if(cmp != 0) 145 return cmp; 146 } 147 if(ci_a->tag_datas != ci_b->tag_datas) 148 return ci_a->tag_datas < ci_b->tag_datas ? -1 : 1; 149 if(ci_a->view || ci_a->view_name || ci_b->view || ci_b->view_name) { 150 /* Compare the views by name. */ 151 cmp = view_name_compare( 152 (ci_a->view?ci_a->view->name:ci_a->view_name), 153 (ci_b->view?ci_b->view->name:ci_b->view_name)); 154 if(cmp != 0) 155 return cmp; 156 } 157 return 0; 158 } 159 160 int 161 mesh_state_compare(const void* ap, const void* bp) 162 { 163 struct mesh_state* a = (struct mesh_state*)ap; 164 struct mesh_state* b = (struct mesh_state*)bp; 165 int cmp; 166 167 if(a->unique < b->unique) 168 return -1; 169 if(a->unique > b->unique) 170 return 1; 171 172 if(a->s.is_priming && !b->s.is_priming) 173 return -1; 174 if(!a->s.is_priming && b->s.is_priming) 175 return 1; 176 177 if(a->s.is_valrec && !b->s.is_valrec) 178 return -1; 179 if(!a->s.is_valrec && b->s.is_valrec) 180 return 1; 181 182 if((a->s.query_flags&BIT_RD) && !(b->s.query_flags&BIT_RD)) 183 return -1; 184 if(!(a->s.query_flags&BIT_RD) && (b->s.query_flags&BIT_RD)) 185 return 1; 186 187 if((a->s.query_flags&BIT_CD) && !(b->s.query_flags&BIT_CD)) 188 return -1; 189 if(!(a->s.query_flags&BIT_CD) && (b->s.query_flags&BIT_CD)) 190 return 1; 191 192 cmp = query_info_compare(&a->s.qinfo, &b->s.qinfo); 193 if(cmp != 0) 194 return cmp; 195 return client_info_compare(a->s.client_info, b->s.client_info); 196 } 197 198 int 199 mesh_state_ref_compare(const void* ap, const void* bp) 200 { 201 struct mesh_state_ref* a = (struct mesh_state_ref*)ap; 202 struct mesh_state_ref* b = (struct mesh_state_ref*)bp; 203 return mesh_state_compare(a->s, b->s); 204 } 205 206 struct mesh_area* 207 mesh_create(struct module_stack* stack, struct module_env* env) 208 { 209 struct mesh_area* mesh = calloc(1, sizeof(struct mesh_area)); 210 if(!mesh) { 211 log_err("mesh area alloc: out of memory"); 212 return NULL; 213 } 214 mesh->histogram = timehist_setup(); 215 mesh->qbuf_bak = sldns_buffer_new(env->cfg->msg_buffer_size); 216 if(!mesh->histogram || !mesh->qbuf_bak) { 217 free(mesh); 218 log_err("mesh area alloc: out of memory"); 219 return NULL; 220 } 221 mesh->mods = *stack; 222 mesh->env = env; 223 rbtree_init(&mesh->run, &mesh_state_compare); 224 rbtree_init(&mesh->all, &mesh_state_compare); 225 mesh->num_reply_addrs = 0; 226 mesh->num_reply_states = 0; 227 mesh->num_detached_states = 0; 228 mesh->num_forever_states = 0; 229 mesh->stats_jostled = 0; 230 mesh->stats_dropped = 0; 231 mesh->ans_expired = 0; 232 mesh->ans_cachedb = 0; 233 mesh->num_queries_discard_timeout = 0; 234 mesh->num_queries_wait_limit = 0; 235 mesh->num_dns_error_reports = 0; 236 mesh->max_reply_states = env->cfg->num_queries_per_thread; 237 mesh->max_forever_states = (mesh->max_reply_states+1)/2; 238 #ifndef S_SPLINT_S 239 mesh->jostle_max.tv_sec = (time_t)(env->cfg->jostle_time / 1000); 240 mesh->jostle_max.tv_usec = (time_t)((env->cfg->jostle_time % 1000) 241 *1000); 242 #endif 243 return mesh; 244 } 245 246 /** help mesh delete delete mesh states */ 247 static void 248 mesh_delete_helper(rbnode_type* n) 249 { 250 struct mesh_state* mstate = (struct mesh_state*)n->key; 251 /* perform a full delete, not only 'cleanup' routine, 252 * because other callbacks expect a clean state in the mesh. 253 * For 're-entrant' calls */ 254 mesh_state_delete(&mstate->s); 255 /* but because these delete the items from the tree, postorder 256 * traversal and rbtree rebalancing do not work together */ 257 } 258 259 void 260 mesh_delete(struct mesh_area* mesh) 261 { 262 if(!mesh) 263 return; 264 /* free all query states */ 265 while(mesh->all.count) 266 mesh_delete_helper(mesh->all.root); 267 timehist_delete(mesh->histogram); 268 sldns_buffer_free(mesh->qbuf_bak); 269 free(mesh); 270 } 271 272 void 273 mesh_delete_all(struct mesh_area* mesh) 274 { 275 /* free all query states */ 276 while(mesh->all.count) 277 mesh_delete_helper(mesh->all.root); 278 mesh->stats_dropped += mesh->num_reply_addrs; 279 /* clear mesh area references */ 280 rbtree_init(&mesh->run, &mesh_state_compare); 281 rbtree_init(&mesh->all, &mesh_state_compare); 282 mesh->num_reply_addrs = 0; 283 mesh->num_reply_states = 0; 284 mesh->num_detached_states = 0; 285 mesh->num_forever_states = 0; 286 mesh->forever_first = NULL; 287 mesh->forever_last = NULL; 288 mesh->jostle_first = NULL; 289 mesh->jostle_last = NULL; 290 } 291 292 int mesh_make_new_space(struct mesh_area* mesh, sldns_buffer* qbuf) 293 { 294 struct mesh_state* m = mesh->jostle_first; 295 /* free space is available */ 296 if(mesh->num_reply_states < mesh->max_reply_states) 297 return 1; 298 /* try to kick out a jostle-list item */ 299 if(m && m->reply_list && m->list_select == mesh_jostle_list) { 300 /* how old is it? */ 301 struct timeval age; 302 timeval_subtract(&age, mesh->env->now_tv, 303 &m->reply_list->start_time); 304 if(timeval_smaller(&mesh->jostle_max, &age)) { 305 /* its a goner */ 306 log_nametypeclass(VERB_ALGO, "query jostled out to " 307 "make space for a new one", 308 m->s.qinfo.qname, m->s.qinfo.qtype, 309 m->s.qinfo.qclass); 310 /* backup the query */ 311 if(qbuf) sldns_buffer_copy(mesh->qbuf_bak, qbuf); 312 /* notify supers */ 313 if(m->super_set.count > 0) { 314 verbose(VERB_ALGO, "notify supers of failure"); 315 m->s.return_msg = NULL; 316 m->s.return_rcode = LDNS_RCODE_SERVFAIL; 317 mesh_walk_supers(mesh, m); 318 } 319 mesh->stats_jostled ++; 320 mesh_state_delete(&m->s); 321 /* restore the query - note that the qinfo ptr to 322 * the querybuffer is then correct again. */ 323 if(qbuf) sldns_buffer_copy(qbuf, mesh->qbuf_bak); 324 return 1; 325 } 326 } 327 /* no space for new item */ 328 return 0; 329 } 330 331 struct dns_msg* 332 mesh_serve_expired_lookup(struct module_qstate* qstate, 333 struct query_info* lookup_qinfo, int* is_expired) 334 { 335 hashvalue_type h; 336 struct lruhash_entry* e; 337 struct dns_msg* msg; 338 struct reply_info* data; 339 struct msgreply_entry* key; 340 time_t timenow = *qstate->env->now; 341 int must_validate = (!(qstate->query_flags&BIT_CD) 342 || qstate->env->cfg->ignore_cd) && qstate->env->need_to_validate; 343 *is_expired = 0; 344 /* Lookup cache */ 345 h = query_info_hash(lookup_qinfo, qstate->query_flags); 346 e = slabhash_lookup(qstate->env->msg_cache, h, lookup_qinfo, 0); 347 if(!e) return NULL; 348 349 key = (struct msgreply_entry*)e->key; 350 data = (struct reply_info*)e->data; 351 if(data->ttl < timenow) *is_expired = 1; 352 msg = tomsg(qstate->env, &key->key, data, qstate->region, timenow, 353 qstate->env->cfg->serve_expired, qstate->env->scratch); 354 if(!msg) 355 goto bail_out; 356 357 /* Check CNAME chain (if any) 358 * This is part of tomsg above; no need to check now. */ 359 360 /* Check security status of the cached answer. 361 * tomsg above has a subset of these checks, so we are leaving 362 * these as is. 363 * In case of bogus or revalidation we don't care to reply here. */ 364 if(must_validate && (msg->rep->security == sec_status_bogus || 365 msg->rep->security == sec_status_secure_sentinel_fail)) { 366 verbose(VERB_ALGO, "Serve expired: bogus answer found in cache"); 367 goto bail_out; 368 } else if(msg->rep->security == sec_status_unchecked && must_validate) { 369 verbose(VERB_ALGO, "Serve expired: unchecked entry needs " 370 "validation"); 371 goto bail_out; /* need to validate cache entry first */ 372 } else if(msg->rep->security == sec_status_secure && 373 !reply_all_rrsets_secure(msg->rep) && must_validate) { 374 verbose(VERB_ALGO, "Serve expired: secure entry" 375 " changed status"); 376 goto bail_out; /* rrset changed, re-verify */ 377 } 378 379 lock_rw_unlock(&e->lock); 380 return msg; 381 382 bail_out: 383 lock_rw_unlock(&e->lock); 384 return NULL; 385 } 386 387 388 /** Init the serve expired data structure */ 389 static int 390 mesh_serve_expired_init(struct mesh_state* mstate, int timeout) 391 { 392 struct timeval t; 393 394 /* Create serve_expired_data if not there yet */ 395 if(!mstate->s.serve_expired_data) { 396 mstate->s.serve_expired_data = (struct serve_expired_data*) 397 regional_alloc_zero( 398 mstate->s.region, sizeof(struct serve_expired_data)); 399 if(!mstate->s.serve_expired_data) 400 return 0; 401 } 402 403 /* Don't overwrite the function if already set */ 404 mstate->s.serve_expired_data->get_cached_answer = 405 mstate->s.serve_expired_data->get_cached_answer? 406 mstate->s.serve_expired_data->get_cached_answer: 407 &mesh_serve_expired_lookup; 408 409 /* In case this timer already popped, start it again */ 410 if(!mstate->s.serve_expired_data->timer && timeout != -1) { 411 mstate->s.serve_expired_data->timer = comm_timer_create( 412 mstate->s.env->worker_base, mesh_serve_expired_callback, mstate); 413 if(!mstate->s.serve_expired_data->timer) 414 return 0; 415 #ifndef S_SPLINT_S 416 t.tv_sec = timeout/1000; 417 t.tv_usec = (timeout%1000)*1000; 418 #endif 419 comm_timer_set(mstate->s.serve_expired_data->timer, &t); 420 } 421 return 1; 422 } 423 424 void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, 425 struct respip_client_info* cinfo, uint16_t qflags, 426 struct edns_data* edns, struct comm_reply* rep, uint16_t qid, 427 int rpz_passthru) 428 { 429 struct mesh_state* s = NULL; 430 int unique = unique_mesh_state(edns->opt_list_in, mesh->env); 431 int was_detached = 0; 432 int was_noreply = 0; 433 int added = 0; 434 int timeout = mesh->env->cfg->serve_expired? 435 mesh->env->cfg->serve_expired_client_timeout:0; 436 struct sldns_buffer* r_buffer = rep->c->buffer; 437 uint16_t mesh_flags = qflags&(BIT_RD|BIT_CD); 438 if(rep->c->tcp_req_info) { 439 r_buffer = rep->c->tcp_req_info->spool_buffer; 440 } 441 if(!infra_wait_limit_allowed(mesh->env->infra_cache, rep, 442 edns->cookie_valid, mesh->env->cfg)) { 443 verbose(VERB_ALGO, "Too many queries waiting from the IP. " 444 "dropping incoming query."); 445 comm_point_drop_reply(rep); 446 mesh->num_queries_wait_limit++; 447 return; 448 } 449 if(!unique) 450 s = mesh_area_find(mesh, cinfo, qinfo, mesh_flags, 0, 0); 451 /* does this create a new reply state? */ 452 if(!s || s->list_select == mesh_no_list) { 453 if(!mesh_make_new_space(mesh, rep->c->buffer)) { 454 verbose(VERB_ALGO, "Too many queries. dropping " 455 "incoming query."); 456 comm_point_drop_reply(rep); 457 mesh->stats_dropped++; 458 return; 459 } 460 /* for this new reply state, the reply address is free, 461 * so the limit of reply addresses does not stop reply states*/ 462 } else { 463 /* protect our memory usage from storing reply addresses */ 464 if(mesh->num_reply_addrs > mesh->max_reply_states*16) { 465 verbose(VERB_ALGO, "Too many requests queued. " 466 "dropping incoming query."); 467 comm_point_drop_reply(rep); 468 mesh->stats_dropped++; 469 return; 470 } 471 } 472 /* see if it already exists, if not, create one */ 473 if(!s) { 474 #ifdef UNBOUND_DEBUG 475 struct rbnode_type* n; 476 #endif 477 s = mesh_state_create(mesh->env, qinfo, cinfo, 478 mesh_flags, 0, 0); 479 if(!s) { 480 log_err("mesh_state_create: out of memory; SERVFAIL"); 481 if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, 482 LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) 483 edns->opt_list_inplace_cb_out = NULL; 484 error_encode(r_buffer, LDNS_RCODE_SERVFAIL, 485 qinfo, qid, qflags, edns); 486 comm_point_send_reply(rep); 487 return; 488 } 489 /* set detached (it is now) */ 490 mesh->num_detached_states++; 491 if(unique) 492 mesh_state_make_unique(s); 493 s->s.rpz_passthru = rpz_passthru; 494 /* copy the edns options we got from the front */ 495 if(edns->opt_list_in) { 496 s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list_in, 497 s->s.region); 498 if(!s->s.edns_opts_front_in) { 499 log_err("edns_opt_copy_region: out of memory; SERVFAIL"); 500 if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, 501 NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) 502 edns->opt_list_inplace_cb_out = NULL; 503 error_encode(r_buffer, LDNS_RCODE_SERVFAIL, 504 qinfo, qid, qflags, edns); 505 comm_point_send_reply(rep); 506 mesh_state_delete(&s->s); 507 return; 508 } 509 } 510 511 #ifdef UNBOUND_DEBUG 512 n = 513 #else 514 (void) 515 #endif 516 rbtree_insert(&mesh->all, &s->node); 517 log_assert(n != NULL); 518 added = 1; 519 } 520 if(!s->reply_list && !s->cb_list) { 521 was_noreply = 1; 522 if(s->super_set.count == 0) { 523 was_detached = 1; 524 } 525 } 526 /* add reply to s */ 527 if(!mesh_state_add_reply(s, edns, rep, qid, qflags, qinfo)) { 528 log_err("mesh_new_client: out of memory; SERVFAIL"); 529 goto servfail_mem; 530 } 531 if(rep->c->tcp_req_info) { 532 if(!tcp_req_info_add_meshstate(rep->c->tcp_req_info, mesh, s)) { 533 log_err("mesh_new_client: out of memory add tcpreqinfo"); 534 goto servfail_mem; 535 } 536 } 537 if(rep->c->use_h2) { 538 http2_stream_add_meshstate(rep->c->h2_stream, mesh, s); 539 } 540 /* add serve expired timer if required and not already there */ 541 if(timeout && !mesh_serve_expired_init(s, timeout)) { 542 log_err("mesh_new_client: out of memory initializing serve expired"); 543 goto servfail_mem; 544 } 545 #ifdef USE_CACHEDB 546 if(!timeout && mesh->env->cfg->serve_expired && 547 !mesh->env->cfg->serve_expired_client_timeout && 548 (mesh->env->cachedb_enabled && 549 mesh->env->cfg->cachedb_check_when_serve_expired)) { 550 if(!mesh_serve_expired_init(s, -1)) { 551 log_err("mesh_new_client: out of memory initializing serve expired"); 552 goto servfail_mem; 553 } 554 } 555 #endif 556 infra_wait_limit_inc(mesh->env->infra_cache, rep, *mesh->env->now, 557 mesh->env->cfg); 558 /* update statistics */ 559 if(was_detached) { 560 log_assert(mesh->num_detached_states > 0); 561 mesh->num_detached_states--; 562 } 563 if(was_noreply) { 564 mesh->num_reply_states ++; 565 } 566 mesh->num_reply_addrs++; 567 if(s->list_select == mesh_no_list) { 568 /* move to either the forever or the jostle_list */ 569 if(mesh->num_forever_states < mesh->max_forever_states) { 570 mesh->num_forever_states ++; 571 mesh_list_insert(s, &mesh->forever_first, 572 &mesh->forever_last); 573 s->list_select = mesh_forever_list; 574 } else { 575 mesh_list_insert(s, &mesh->jostle_first, 576 &mesh->jostle_last); 577 s->list_select = mesh_jostle_list; 578 } 579 } 580 if(added) 581 mesh_run(mesh, s, module_event_new, NULL); 582 return; 583 584 servfail_mem: 585 if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, &s->s, 586 NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) 587 edns->opt_list_inplace_cb_out = NULL; 588 error_encode(r_buffer, LDNS_RCODE_SERVFAIL, 589 qinfo, qid, qflags, edns); 590 if(rep->c->use_h2) 591 http2_stream_remove_mesh_state(rep->c->h2_stream); 592 comm_point_send_reply(rep); 593 if(added) 594 mesh_state_delete(&s->s); 595 return; 596 } 597 598 int 599 mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, 600 uint16_t qflags, struct edns_data* edns, sldns_buffer* buf, 601 uint16_t qid, mesh_cb_func_type cb, void* cb_arg, int rpz_passthru) 602 { 603 struct mesh_state* s = NULL; 604 int unique = unique_mesh_state(edns->opt_list_in, mesh->env); 605 int timeout = mesh->env->cfg->serve_expired? 606 mesh->env->cfg->serve_expired_client_timeout:0; 607 int was_detached = 0; 608 int was_noreply = 0; 609 int added = 0; 610 uint16_t mesh_flags = qflags&(BIT_RD|BIT_CD); 611 if(!unique) 612 s = mesh_area_find(mesh, NULL, qinfo, mesh_flags, 0, 0); 613 614 /* there are no limits on the number of callbacks */ 615 616 /* see if it already exists, if not, create one */ 617 if(!s) { 618 #ifdef UNBOUND_DEBUG 619 struct rbnode_type* n; 620 #endif 621 s = mesh_state_create(mesh->env, qinfo, NULL, 622 mesh_flags, 0, 0); 623 if(!s) { 624 return 0; 625 } 626 /* set detached (it is now) */ 627 mesh->num_detached_states++; 628 if(unique) 629 mesh_state_make_unique(s); 630 s->s.rpz_passthru = rpz_passthru; 631 if(edns->opt_list_in) { 632 s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list_in, 633 s->s.region); 634 if(!s->s.edns_opts_front_in) { 635 mesh_state_delete(&s->s); 636 return 0; 637 } 638 } 639 #ifdef UNBOUND_DEBUG 640 n = 641 #else 642 (void) 643 #endif 644 rbtree_insert(&mesh->all, &s->node); 645 log_assert(n != NULL); 646 added = 1; 647 } 648 if(!s->reply_list && !s->cb_list) { 649 was_noreply = 1; 650 if(s->super_set.count == 0) { 651 was_detached = 1; 652 } 653 } 654 /* add reply to s */ 655 if(!mesh_state_add_cb(s, edns, buf, cb, cb_arg, qid, qflags)) { 656 if(added) 657 mesh_state_delete(&s->s); 658 return 0; 659 } 660 /* add serve expired timer if not already there */ 661 if(timeout && !mesh_serve_expired_init(s, timeout)) { 662 if(added) 663 mesh_state_delete(&s->s); 664 return 0; 665 } 666 #ifdef USE_CACHEDB 667 if(!timeout && mesh->env->cfg->serve_expired && 668 !mesh->env->cfg->serve_expired_client_timeout && 669 (mesh->env->cachedb_enabled && 670 mesh->env->cfg->cachedb_check_when_serve_expired)) { 671 if(!mesh_serve_expired_init(s, -1)) { 672 if(added) 673 mesh_state_delete(&s->s); 674 return 0; 675 } 676 } 677 #endif 678 /* update statistics */ 679 if(was_detached) { 680 log_assert(mesh->num_detached_states > 0); 681 mesh->num_detached_states--; 682 } 683 if(was_noreply) { 684 mesh->num_reply_states ++; 685 } 686 mesh->num_reply_addrs++; 687 if(added) 688 mesh_run(mesh, s, module_event_new, NULL); 689 return 1; 690 } 691 692 /* Internal backend routine of mesh_new_prefetch(). It takes one additional 693 * parameter, 'run', which controls whether to run the prefetch state 694 * immediately. When this function is called internally 'run' could be 695 * 0 (false), in which case the new state is only made runnable so it 696 * will not be run recursively on top of the current state. */ 697 static void mesh_schedule_prefetch(struct mesh_area* mesh, 698 struct query_info* qinfo, uint16_t qflags, time_t leeway, int run, 699 int rpz_passthru) 700 { 701 /* Explicitly set the BIT_RD regardless of the client's flags. This is 702 * for a prefetch query (no client attached) but it needs to be treated 703 * as a recursion query. */ 704 uint16_t mesh_flags = BIT_RD|(qflags&BIT_CD); 705 struct mesh_state* s = mesh_area_find(mesh, NULL, qinfo, 706 mesh_flags, 0, 0); 707 #ifdef UNBOUND_DEBUG 708 struct rbnode_type* n; 709 #endif 710 /* already exists, and for a different purpose perhaps. 711 * if mesh_no_list, keep it that way. */ 712 if(s) { 713 /* make it ignore the cache from now on */ 714 if(!s->s.blacklist) 715 sock_list_insert(&s->s.blacklist, NULL, 0, s->s.region); 716 if(s->s.prefetch_leeway < leeway) 717 s->s.prefetch_leeway = leeway; 718 return; 719 } 720 if(!mesh_make_new_space(mesh, NULL)) { 721 verbose(VERB_ALGO, "Too many queries. dropped prefetch."); 722 mesh->stats_dropped ++; 723 return; 724 } 725 726 s = mesh_state_create(mesh->env, qinfo, NULL, mesh_flags, 0, 0); 727 if(!s) { 728 log_err("prefetch mesh_state_create: out of memory"); 729 return; 730 } 731 #ifdef UNBOUND_DEBUG 732 n = 733 #else 734 (void) 735 #endif 736 rbtree_insert(&mesh->all, &s->node); 737 log_assert(n != NULL); 738 /* set detached (it is now) */ 739 mesh->num_detached_states++; 740 /* make it ignore the cache */ 741 sock_list_insert(&s->s.blacklist, NULL, 0, s->s.region); 742 s->s.prefetch_leeway = leeway; 743 744 if(s->list_select == mesh_no_list) { 745 /* move to either the forever or the jostle_list */ 746 if(mesh->num_forever_states < mesh->max_forever_states) { 747 mesh->num_forever_states ++; 748 mesh_list_insert(s, &mesh->forever_first, 749 &mesh->forever_last); 750 s->list_select = mesh_forever_list; 751 } else { 752 mesh_list_insert(s, &mesh->jostle_first, 753 &mesh->jostle_last); 754 s->list_select = mesh_jostle_list; 755 } 756 } 757 s->s.rpz_passthru = rpz_passthru; 758 759 if(!run) { 760 #ifdef UNBOUND_DEBUG 761 n = 762 #else 763 (void) 764 #endif 765 rbtree_insert(&mesh->run, &s->run_node); 766 log_assert(n != NULL); 767 return; 768 } 769 770 mesh_run(mesh, s, module_event_new, NULL); 771 } 772 773 #ifdef CLIENT_SUBNET 774 /* Same logic as mesh_schedule_prefetch but tailored to the subnet module logic 775 * like passing along the comm_reply info. This will be faked into an EDNS 776 * option for processing by the subnet module if the client has not already 777 * attached its own ECS data. */ 778 static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh, 779 struct query_info* qinfo, uint16_t qflags, time_t leeway, int run, 780 int rpz_passthru, struct sockaddr_storage* addr, struct edns_option* edns_list) 781 { 782 struct mesh_state* s = NULL; 783 struct edns_option* opt = NULL; 784 #ifdef UNBOUND_DEBUG 785 struct rbnode_type* n; 786 #endif 787 /* Explicitly set the BIT_RD regardless of the client's flags. This is 788 * for a prefetch query (no client attached) but it needs to be treated 789 * as a recursion query. */ 790 uint16_t mesh_flags = BIT_RD|(qflags&BIT_CD); 791 if(!mesh_make_new_space(mesh, NULL)) { 792 verbose(VERB_ALGO, "Too many queries. dropped prefetch."); 793 mesh->stats_dropped ++; 794 return; 795 } 796 797 s = mesh_state_create(mesh->env, qinfo, NULL, mesh_flags, 0, 0); 798 if(!s) { 799 log_err("prefetch_subnet mesh_state_create: out of memory"); 800 return; 801 } 802 mesh_state_make_unique(s); 803 804 opt = edns_opt_list_find(edns_list, mesh->env->cfg->client_subnet_opcode); 805 if(opt) { 806 /* Use the client's ECS data */ 807 if(!edns_opt_list_append(&s->s.edns_opts_front_in, opt->opt_code, 808 opt->opt_len, opt->opt_data, s->s.region)) { 809 log_err("prefetch_subnet edns_opt_list_append: out of memory"); 810 return; 811 } 812 } else { 813 /* Store the client's address. Later in the subnet module, 814 * it is decided whether to include an ECS option or not. 815 */ 816 s->s.client_addr = *addr; 817 } 818 #ifdef UNBOUND_DEBUG 819 n = 820 #else 821 (void) 822 #endif 823 rbtree_insert(&mesh->all, &s->node); 824 log_assert(n != NULL); 825 /* set detached (it is now) */ 826 mesh->num_detached_states++; 827 /* make it ignore the cache */ 828 sock_list_insert(&s->s.blacklist, NULL, 0, s->s.region); 829 s->s.prefetch_leeway = leeway; 830 831 if(s->list_select == mesh_no_list) { 832 /* move to either the forever or the jostle_list */ 833 if(mesh->num_forever_states < mesh->max_forever_states) { 834 mesh->num_forever_states ++; 835 mesh_list_insert(s, &mesh->forever_first, 836 &mesh->forever_last); 837 s->list_select = mesh_forever_list; 838 } else { 839 mesh_list_insert(s, &mesh->jostle_first, 840 &mesh->jostle_last); 841 s->list_select = mesh_jostle_list; 842 } 843 } 844 s->s.rpz_passthru = rpz_passthru; 845 846 if(!run) { 847 #ifdef UNBOUND_DEBUG 848 n = 849 #else 850 (void) 851 #endif 852 rbtree_insert(&mesh->run, &s->run_node); 853 log_assert(n != NULL); 854 return; 855 } 856 857 mesh_run(mesh, s, module_event_new, NULL); 858 } 859 #endif /* CLIENT_SUBNET */ 860 861 void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, 862 uint16_t qflags, time_t leeway, int rpz_passthru, 863 struct sockaddr_storage* addr, struct edns_option* opt_list) 864 { 865 (void)addr; 866 (void)opt_list; 867 #ifdef CLIENT_SUBNET 868 if(addr) 869 mesh_schedule_prefetch_subnet(mesh, qinfo, qflags, leeway, 1, 870 rpz_passthru, addr, opt_list); 871 else 872 #endif 873 mesh_schedule_prefetch(mesh, qinfo, qflags, leeway, 1, 874 rpz_passthru); 875 } 876 877 void mesh_report_reply(struct mesh_area* mesh, struct outbound_entry* e, 878 struct comm_reply* reply, int what) 879 { 880 enum module_ev event = module_event_reply; 881 e->qstate->reply = reply; 882 if(what != NETEVENT_NOERROR) { 883 event = module_event_noreply; 884 if(what == NETEVENT_CAPSFAIL) 885 event = module_event_capsfail; 886 } 887 mesh_run(mesh, e->qstate->mesh_info, event, e); 888 } 889 890 /** copy strlist to region */ 891 static struct config_strlist* 892 cfg_region_strlist_copy(struct regional* region, struct config_strlist* list) 893 { 894 struct config_strlist* result = NULL, *last = NULL, *s = list; 895 while(s) { 896 struct config_strlist* n = regional_alloc_zero(region, 897 sizeof(*n)); 898 if(!n) 899 return NULL; 900 n->str = regional_strdup(region, s->str); 901 if(!n->str) 902 return NULL; 903 if(last) 904 last->next = n; 905 else result = n; 906 last = n; 907 s = s->next; 908 } 909 return result; 910 } 911 912 /** Copy the client info to the query region. */ 913 static struct respip_client_info* 914 mesh_copy_client_info(struct regional* region, struct respip_client_info* cinfo) 915 { 916 size_t i; 917 struct respip_client_info* client_info; 918 client_info = regional_alloc_init(region, cinfo, sizeof(*cinfo)); 919 if(!client_info) 920 return NULL; 921 /* Copy the client_info so that if the configuration changes, 922 * then the data stays valid. */ 923 if(cinfo->taglist) { 924 client_info->taglist = regional_alloc_init(region, cinfo->taglist, 925 cinfo->taglen); 926 if(!client_info->taglist) 927 return NULL; 928 } 929 if(cinfo->tag_actions) { 930 client_info->tag_actions = regional_alloc_init(region, cinfo->tag_actions, 931 cinfo->tag_actions_size); 932 if(!client_info->tag_actions) 933 return NULL; 934 } 935 if(cinfo->tag_datas) { 936 client_info->tag_datas = regional_alloc_zero(region, 937 sizeof(struct config_strlist*)*cinfo->tag_datas_size); 938 if(!client_info->tag_datas) 939 return NULL; 940 for(i=0; i<cinfo->tag_datas_size; i++) { 941 if(cinfo->tag_datas[i]) { 942 client_info->tag_datas[i] = cfg_region_strlist_copy( 943 region, cinfo->tag_datas[i]); 944 if(!client_info->tag_datas[i]) 945 return NULL; 946 } 947 } 948 } 949 if(cinfo->view) { 950 /* Do not copy the view pointer but store a name instead. 951 * The name is looked up later when done, this means that 952 * the view tree can be changed, by reloads. */ 953 client_info->view = NULL; 954 client_info->view_name = regional_strdup(region, 955 cinfo->view->name); 956 if(!client_info->view_name) 957 return NULL; 958 } 959 return client_info; 960 } 961 962 struct mesh_state* 963 mesh_state_create(struct module_env* env, struct query_info* qinfo, 964 struct respip_client_info* cinfo, uint16_t qflags, int prime, 965 int valrec) 966 { 967 struct regional* region = alloc_reg_obtain(env->alloc); 968 struct mesh_state* mstate; 969 int i; 970 if(!region) 971 return NULL; 972 mstate = (struct mesh_state*)regional_alloc(region, 973 sizeof(struct mesh_state)); 974 if(!mstate) { 975 alloc_reg_release(env->alloc, region); 976 return NULL; 977 } 978 memset(mstate, 0, sizeof(*mstate)); 979 mstate->node = *RBTREE_NULL; 980 mstate->run_node = *RBTREE_NULL; 981 mstate->node.key = mstate; 982 mstate->run_node.key = mstate; 983 mstate->reply_list = NULL; 984 mstate->list_select = mesh_no_list; 985 mstate->replies_sent = 0; 986 rbtree_init(&mstate->super_set, &mesh_state_ref_compare); 987 rbtree_init(&mstate->sub_set, &mesh_state_ref_compare); 988 mstate->num_activated = 0; 989 mstate->unique = NULL; 990 /* init module qstate */ 991 mstate->s.qinfo.qtype = qinfo->qtype; 992 mstate->s.qinfo.qclass = qinfo->qclass; 993 mstate->s.qinfo.local_alias = NULL; 994 mstate->s.qinfo.qname_len = qinfo->qname_len; 995 mstate->s.qinfo.qname = regional_alloc_init(region, qinfo->qname, 996 qinfo->qname_len); 997 if(!mstate->s.qinfo.qname) { 998 alloc_reg_release(env->alloc, region); 999 return NULL; 1000 } 1001 if(cinfo) { 1002 mstate->s.client_info = mesh_copy_client_info(region, cinfo); 1003 if(!mstate->s.client_info) { 1004 alloc_reg_release(env->alloc, region); 1005 return NULL; 1006 } 1007 } 1008 /* remove all weird bits from qflags */ 1009 mstate->s.query_flags = (qflags & (BIT_RD|BIT_CD)); 1010 mstate->s.is_priming = prime; 1011 mstate->s.is_valrec = valrec; 1012 mstate->s.reply = NULL; 1013 mstate->s.region = region; 1014 mstate->s.curmod = 0; 1015 mstate->s.return_msg = 0; 1016 mstate->s.return_rcode = LDNS_RCODE_NOERROR; 1017 mstate->s.env = env; 1018 mstate->s.mesh_info = mstate; 1019 mstate->s.prefetch_leeway = 0; 1020 mstate->s.serve_expired_data = NULL; 1021 mstate->s.no_cache_lookup = 0; 1022 mstate->s.no_cache_store = 0; 1023 mstate->s.need_refetch = 0; 1024 mstate->s.was_ratelimited = 0; 1025 mstate->s.qstarttime = *env->now; 1026 1027 /* init modules */ 1028 for(i=0; i<env->mesh->mods.num; i++) { 1029 mstate->s.minfo[i] = NULL; 1030 mstate->s.ext_state[i] = module_state_initial; 1031 } 1032 /* init edns option lists */ 1033 mstate->s.edns_opts_front_in = NULL; 1034 mstate->s.edns_opts_back_out = NULL; 1035 mstate->s.edns_opts_back_in = NULL; 1036 mstate->s.edns_opts_front_out = NULL; 1037 1038 return mstate; 1039 } 1040 1041 void 1042 mesh_state_make_unique(struct mesh_state* mstate) 1043 { 1044 mstate->unique = mstate; 1045 } 1046 1047 void 1048 mesh_state_cleanup(struct mesh_state* mstate) 1049 { 1050 struct mesh_area* mesh; 1051 int i; 1052 if(!mstate) 1053 return; 1054 mesh = mstate->s.env->mesh; 1055 /* Stop and delete the serve expired timer */ 1056 if(mstate->s.serve_expired_data && mstate->s.serve_expired_data->timer) { 1057 comm_timer_delete(mstate->s.serve_expired_data->timer); 1058 mstate->s.serve_expired_data->timer = NULL; 1059 } 1060 /* drop unsent replies */ 1061 if(!mstate->replies_sent) { 1062 struct mesh_reply* rep = mstate->reply_list; 1063 struct mesh_cb* cb; 1064 /* in tcp_req_info, the mstates linked are removed, but 1065 * the reply_list is now NULL, so the remove-from-empty-list 1066 * takes no time and also it does not do the mesh accounting */ 1067 mstate->reply_list = NULL; 1068 for(; rep; rep=rep->next) { 1069 infra_wait_limit_dec(mesh->env->infra_cache, 1070 &rep->query_reply, mesh->env->cfg); 1071 if(rep->query_reply.c->use_h2) 1072 http2_stream_remove_mesh_state(rep->h2_stream); 1073 comm_point_drop_reply(&rep->query_reply); 1074 log_assert(mesh->num_reply_addrs > 0); 1075 mesh->num_reply_addrs--; 1076 } 1077 while((cb = mstate->cb_list)!=NULL) { 1078 mstate->cb_list = cb->next; 1079 fptr_ok(fptr_whitelist_mesh_cb(cb->cb)); 1080 (*cb->cb)(cb->cb_arg, LDNS_RCODE_SERVFAIL, NULL, 1081 sec_status_unchecked, NULL, 0); 1082 log_assert(mesh->num_reply_addrs > 0); 1083 mesh->num_reply_addrs--; 1084 } 1085 } 1086 1087 /* de-init modules */ 1088 for(i=0; i<mesh->mods.num; i++) { 1089 fptr_ok(fptr_whitelist_mod_clear(mesh->mods.mod[i]->clear)); 1090 (*mesh->mods.mod[i]->clear)(&mstate->s, i); 1091 mstate->s.minfo[i] = NULL; 1092 mstate->s.ext_state[i] = module_finished; 1093 } 1094 alloc_reg_release(mstate->s.env->alloc, mstate->s.region); 1095 } 1096 1097 void 1098 mesh_state_delete(struct module_qstate* qstate) 1099 { 1100 struct mesh_area* mesh; 1101 struct mesh_state_ref* super, ref; 1102 struct mesh_state* mstate; 1103 if(!qstate) 1104 return; 1105 mstate = qstate->mesh_info; 1106 mesh = mstate->s.env->mesh; 1107 mesh_detach_subs(&mstate->s); 1108 if(mstate->list_select == mesh_forever_list) { 1109 mesh->num_forever_states --; 1110 mesh_list_remove(mstate, &mesh->forever_first, 1111 &mesh->forever_last); 1112 } else if(mstate->list_select == mesh_jostle_list) { 1113 mesh_list_remove(mstate, &mesh->jostle_first, 1114 &mesh->jostle_last); 1115 } 1116 if(!mstate->reply_list && !mstate->cb_list 1117 && mstate->super_set.count == 0) { 1118 log_assert(mesh->num_detached_states > 0); 1119 mesh->num_detached_states--; 1120 } 1121 if(mstate->reply_list || mstate->cb_list) { 1122 log_assert(mesh->num_reply_states > 0); 1123 mesh->num_reply_states--; 1124 } 1125 ref.node.key = &ref; 1126 ref.s = mstate; 1127 RBTREE_FOR(super, struct mesh_state_ref*, &mstate->super_set) { 1128 (void)rbtree_delete(&super->s->sub_set, &ref); 1129 } 1130 (void)rbtree_delete(&mesh->run, mstate); 1131 (void)rbtree_delete(&mesh->all, mstate); 1132 mesh_state_cleanup(mstate); 1133 } 1134 1135 /** helper recursive rbtree find routine */ 1136 static int 1137 find_in_subsub(struct mesh_state* m, struct mesh_state* tofind, size_t *c) 1138 { 1139 struct mesh_state_ref* r; 1140 if((*c)++ > MESH_MAX_SUBSUB) 1141 return 1; 1142 RBTREE_FOR(r, struct mesh_state_ref*, &m->sub_set) { 1143 if(r->s == tofind || find_in_subsub(r->s, tofind, c)) 1144 return 1; 1145 } 1146 return 0; 1147 } 1148 1149 /** find cycle for already looked up mesh_state */ 1150 static int 1151 mesh_detect_cycle_found(struct module_qstate* qstate, struct mesh_state* dep_m) 1152 { 1153 struct mesh_state* cyc_m = qstate->mesh_info; 1154 size_t counter = 0; 1155 if(!dep_m) 1156 return 0; 1157 if(dep_m == cyc_m || find_in_subsub(dep_m, cyc_m, &counter)) { 1158 if(counter > MESH_MAX_SUBSUB) 1159 return 2; 1160 return 1; 1161 } 1162 return 0; 1163 } 1164 1165 void mesh_detach_subs(struct module_qstate* qstate) 1166 { 1167 struct mesh_area* mesh = qstate->env->mesh; 1168 struct mesh_state_ref* ref, lookup; 1169 #ifdef UNBOUND_DEBUG 1170 struct rbnode_type* n; 1171 #endif 1172 lookup.node.key = &lookup; 1173 lookup.s = qstate->mesh_info; 1174 RBTREE_FOR(ref, struct mesh_state_ref*, &qstate->mesh_info->sub_set) { 1175 #ifdef UNBOUND_DEBUG 1176 n = 1177 #else 1178 (void) 1179 #endif 1180 rbtree_delete(&ref->s->super_set, &lookup); 1181 log_assert(n != NULL); /* must have been present */ 1182 if(!ref->s->reply_list && !ref->s->cb_list 1183 && ref->s->super_set.count == 0) { 1184 mesh->num_detached_states++; 1185 log_assert(mesh->num_detached_states + 1186 mesh->num_reply_states <= mesh->all.count); 1187 } 1188 } 1189 rbtree_init(&qstate->mesh_info->sub_set, &mesh_state_ref_compare); 1190 } 1191 1192 int mesh_add_sub(struct module_qstate* qstate, struct query_info* qinfo, 1193 uint16_t qflags, int prime, int valrec, struct module_qstate** newq, 1194 struct mesh_state** sub) 1195 { 1196 /* find it, if not, create it */ 1197 struct mesh_area* mesh = qstate->env->mesh; 1198 *sub = mesh_area_find(mesh, NULL, qinfo, qflags, 1199 prime, valrec); 1200 if(mesh_detect_cycle_found(qstate, *sub)) { 1201 verbose(VERB_ALGO, "attach failed, cycle detected"); 1202 return 0; 1203 } 1204 if(!*sub) { 1205 #ifdef UNBOUND_DEBUG 1206 struct rbnode_type* n; 1207 #endif 1208 /* create a new one */ 1209 *sub = mesh_state_create(qstate->env, qinfo, NULL, qflags, prime, 1210 valrec); 1211 if(!*sub) { 1212 log_err("mesh_attach_sub: out of memory"); 1213 return 0; 1214 } 1215 #ifdef UNBOUND_DEBUG 1216 n = 1217 #else 1218 (void) 1219 #endif 1220 rbtree_insert(&mesh->all, &(*sub)->node); 1221 log_assert(n != NULL); 1222 /* set detached (it is now) */ 1223 mesh->num_detached_states++; 1224 /* set new query state to run */ 1225 #ifdef UNBOUND_DEBUG 1226 n = 1227 #else 1228 (void) 1229 #endif 1230 rbtree_insert(&mesh->run, &(*sub)->run_node); 1231 log_assert(n != NULL); 1232 *newq = &(*sub)->s; 1233 } else 1234 *newq = NULL; 1235 return 1; 1236 } 1237 1238 int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo, 1239 uint16_t qflags, int prime, int valrec, struct module_qstate** newq) 1240 { 1241 struct mesh_area* mesh = qstate->env->mesh; 1242 struct mesh_state* sub = NULL; 1243 int was_detached; 1244 if(!mesh_add_sub(qstate, qinfo, qflags, prime, valrec, newq, &sub)) 1245 return 0; 1246 was_detached = (sub->super_set.count == 0); 1247 if(!mesh_state_attachment(qstate->mesh_info, sub)) 1248 return 0; 1249 /* if it was a duplicate attachment, the count was not zero before */ 1250 if(!sub->reply_list && !sub->cb_list && was_detached && 1251 sub->super_set.count == 1) { 1252 /* it used to be detached, before this one got added */ 1253 log_assert(mesh->num_detached_states > 0); 1254 mesh->num_detached_states--; 1255 } 1256 /* *newq will be run when inited after the current module stops */ 1257 return 1; 1258 } 1259 1260 int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub) 1261 { 1262 #ifdef UNBOUND_DEBUG 1263 struct rbnode_type* n; 1264 #endif 1265 struct mesh_state_ref* subref; /* points to sub, inserted in super */ 1266 struct mesh_state_ref* superref; /* points to super, inserted in sub */ 1267 if( !(subref = regional_alloc(super->s.region, 1268 sizeof(struct mesh_state_ref))) || 1269 !(superref = regional_alloc(sub->s.region, 1270 sizeof(struct mesh_state_ref))) ) { 1271 log_err("mesh_state_attachment: out of memory"); 1272 return 0; 1273 } 1274 superref->node.key = superref; 1275 superref->s = super; 1276 subref->node.key = subref; 1277 subref->s = sub; 1278 if(!rbtree_insert(&sub->super_set, &superref->node)) { 1279 /* this should not happen, iterator and validator do not 1280 * attach subqueries that are identical. */ 1281 /* already attached, we are done, nothing todo. 1282 * since superref and subref already allocated in region, 1283 * we cannot free them */ 1284 return 1; 1285 } 1286 #ifdef UNBOUND_DEBUG 1287 n = 1288 #else 1289 (void) 1290 #endif 1291 rbtree_insert(&super->sub_set, &subref->node); 1292 log_assert(n != NULL); /* we checked above if statement, the reverse 1293 administration should not fail now, unless they are out of sync */ 1294 return 1; 1295 } 1296 1297 /** 1298 * callback results to mesh cb entry 1299 * @param m: mesh state to send it for. 1300 * @param rcode: if not 0, error code. 1301 * @param rep: reply to send (or NULL if rcode is set). 1302 * @param r: callback entry 1303 * @param start_time: the time to pass to callback functions, it is 0 or 1304 * a value from one of the packets if the mesh state had packets. 1305 */ 1306 static void 1307 mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, 1308 struct mesh_cb* r, struct timeval* start_time) 1309 { 1310 int secure; 1311 char* reason = NULL; 1312 int was_ratelimited = m->s.was_ratelimited; 1313 /* bogus messages are not made into servfail, sec_status passed 1314 * to the callback function */ 1315 if(rep && rep->security == sec_status_secure) 1316 secure = 1; 1317 else secure = 0; 1318 if(!rep && rcode == LDNS_RCODE_NOERROR) 1319 rcode = LDNS_RCODE_SERVFAIL; 1320 if(!rcode && rep && (rep->security == sec_status_bogus || 1321 rep->security == sec_status_secure_sentinel_fail)) { 1322 if(!(reason = errinf_to_str_bogus(&m->s, NULL))) 1323 rcode = LDNS_RCODE_SERVFAIL; 1324 } 1325 /* send the reply */ 1326 if(rcode) { 1327 if(rcode == LDNS_RCODE_SERVFAIL) { 1328 if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, 1329 rep, rcode, &r->edns, NULL, m->s.region, start_time)) 1330 r->edns.opt_list_inplace_cb_out = NULL; 1331 } else { 1332 if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, 1333 &r->edns, NULL, m->s.region, start_time)) 1334 r->edns.opt_list_inplace_cb_out = NULL; 1335 } 1336 fptr_ok(fptr_whitelist_mesh_cb(r->cb)); 1337 (*r->cb)(r->cb_arg, rcode, r->buf, sec_status_unchecked, NULL, 1338 was_ratelimited); 1339 } else { 1340 size_t udp_size = r->edns.udp_size; 1341 sldns_buffer_clear(r->buf); 1342 r->edns.edns_version = EDNS_ADVERTISED_VERSION; 1343 r->edns.udp_size = EDNS_ADVERTISED_SIZE; 1344 r->edns.ext_rcode = 0; 1345 r->edns.bits &= EDNS_DO; 1346 if(m->s.env->cfg->disable_edns_do && (r->edns.bits&EDNS_DO)) 1347 r->edns.edns_present = 0; 1348 1349 if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, 1350 LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region, start_time) || 1351 !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, 1352 r->qflags, r->buf, 0, 1, 1353 m->s.env->scratch, udp_size, &r->edns, 1354 (int)(r->edns.bits & EDNS_DO), secure)) 1355 { 1356 fptr_ok(fptr_whitelist_mesh_cb(r->cb)); 1357 (*r->cb)(r->cb_arg, LDNS_RCODE_SERVFAIL, r->buf, 1358 sec_status_unchecked, NULL, 0); 1359 } else { 1360 fptr_ok(fptr_whitelist_mesh_cb(r->cb)); 1361 (*r->cb)(r->cb_arg, LDNS_RCODE_NOERROR, r->buf, 1362 (rep?rep->security:sec_status_unchecked), 1363 reason, was_ratelimited); 1364 } 1365 } 1366 free(reason); 1367 log_assert(m->s.env->mesh->num_reply_addrs > 0); 1368 m->s.env->mesh->num_reply_addrs--; 1369 } 1370 1371 static inline int 1372 mesh_is_rpz_respip_tcponly_action(struct mesh_state const* m) 1373 { 1374 struct respip_action_info const* respip_info = m->s.respip_action_info; 1375 return (respip_info == NULL 1376 ? 0 1377 : (respip_info->rpz_used 1378 && !respip_info->rpz_disabled 1379 && respip_info->action == respip_truncate)) 1380 || m->s.tcp_required; 1381 } 1382 1383 static inline int 1384 mesh_is_udp(struct mesh_reply const* r) 1385 { 1386 return r->query_reply.c->type == comm_udp; 1387 } 1388 1389 static inline void 1390 mesh_find_and_attach_ede_and_reason(struct mesh_state* m, 1391 struct reply_info* rep, struct mesh_reply* r) 1392 { 1393 /* OLD note: 1394 * During validation the EDE code can be received via two 1395 * code paths. One code path fills the reply_info EDE, and 1396 * the other fills it in the errinf_strlist. These paths 1397 * intersect at some points, but where is opaque due to 1398 * the complexity of the validator. At the time of writing 1399 * we make the choice to prefer the EDE from errinf_strlist 1400 * but a compelling reason to do otherwise is just as valid 1401 * NEW note: 1402 * The compelling reason is that with caching support, the value 1403 * in the reply_info is cached. 1404 * The reason members of the reply_info struct should be 1405 * updated as they are already cached. No reason to 1406 * try and find the EDE information in errinf anymore. 1407 */ 1408 if(rep->reason_bogus != LDNS_EDE_NONE) { 1409 edns_opt_list_append_ede(&r->edns.opt_list_out, 1410 m->s.region, rep->reason_bogus, rep->reason_bogus_str); 1411 } 1412 } 1413 1414 /** 1415 * Send reply to mesh reply entry 1416 * @param m: mesh state to send it for. 1417 * @param rcode: if not 0, error code. 1418 * @param rep: reply to send (or NULL if rcode is set). 1419 * @param r: reply entry 1420 * @param r_buffer: buffer to use for reply entry. 1421 * @param prev: previous reply, already has its answer encoded in buffer. 1422 * @param prev_buffer: buffer for previous reply. 1423 */ 1424 static void 1425 mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, 1426 struct mesh_reply* r, struct sldns_buffer* r_buffer, 1427 struct mesh_reply* prev, struct sldns_buffer* prev_buffer) 1428 { 1429 struct timeval end_time; 1430 struct timeval duration; 1431 int secure; 1432 /* briefly set the replylist to null in case the 1433 * meshsendreply calls tcpreqinfo sendreply that 1434 * comm_point_drops because of size, and then the 1435 * null stops the mesh state remove and thus 1436 * reply_list modification and accounting */ 1437 struct mesh_reply* rlist = m->reply_list; 1438 1439 /* rpz: apply actions */ 1440 rcode = mesh_is_udp(r) && mesh_is_rpz_respip_tcponly_action(m) 1441 ? (rcode|BIT_TC) : rcode; 1442 1443 /* examine security status */ 1444 if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) || 1445 m->s.env->cfg->ignore_cd) && rep && 1446 (rep->security <= sec_status_bogus || 1447 rep->security == sec_status_secure_sentinel_fail)) { 1448 rcode = LDNS_RCODE_SERVFAIL; 1449 if(m->s.env->cfg->stat_extended) 1450 m->s.env->mesh->ans_bogus++; 1451 } 1452 if(rep && rep->security == sec_status_secure) 1453 secure = 1; 1454 else secure = 0; 1455 if(!rep && rcode == LDNS_RCODE_NOERROR) 1456 rcode = LDNS_RCODE_SERVFAIL; 1457 if(r->query_reply.c->use_h2) { 1458 r->query_reply.c->h2_stream = r->h2_stream; 1459 /* Mesh reply won't exist for long anymore. Make it impossible 1460 * for HTTP/2 stream to refer to mesh state, in case 1461 * connection gets cleanup before HTTP/2 stream close. */ 1462 r->h2_stream->mesh_state = NULL; 1463 } 1464 /* send the reply */ 1465 /* We don't reuse the encoded answer if: 1466 * - either the previous or current response has a local alias. We could 1467 * compare the alias records and still reuse the previous answer if they 1468 * are the same, but that would be complicated and error prone for the 1469 * relatively minor case. So we err on the side of safety. 1470 * - there are registered callback functions for the given rcode, as these 1471 * need to be called for each reply. */ 1472 if(((rcode != LDNS_RCODE_SERVFAIL && 1473 !m->s.env->inplace_cb_lists[inplace_cb_reply]) || 1474 (rcode == LDNS_RCODE_SERVFAIL && 1475 !m->s.env->inplace_cb_lists[inplace_cb_reply_servfail])) && 1476 prev && prev_buffer && prev->qflags == r->qflags && 1477 !prev->local_alias && !r->local_alias && 1478 prev->edns.edns_present == r->edns.edns_present && 1479 prev->edns.bits == r->edns.bits && 1480 prev->edns.udp_size == r->edns.udp_size && 1481 edns_opt_list_compare(prev->edns.opt_list_out, r->edns.opt_list_out) == 0 && 1482 edns_opt_list_compare(prev->edns.opt_list_inplace_cb_out, r->edns.opt_list_inplace_cb_out) == 0 1483 ) { 1484 /* if the previous reply is identical to this one, fix ID */ 1485 if(prev_buffer != r_buffer) 1486 sldns_buffer_copy(r_buffer, prev_buffer); 1487 sldns_buffer_write_at(r_buffer, 0, &r->qid, sizeof(uint16_t)); 1488 sldns_buffer_write_at(r_buffer, 12, r->qname, 1489 m->s.qinfo.qname_len); 1490 m->reply_list = NULL; 1491 comm_point_send_reply(&r->query_reply); 1492 m->reply_list = rlist; 1493 } else if(rcode) { 1494 m->s.qinfo.qname = r->qname; 1495 m->s.qinfo.local_alias = r->local_alias; 1496 if(rcode == LDNS_RCODE_SERVFAIL) { 1497 if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, 1498 rep, rcode, &r->edns, &r->query_reply, m->s.region, &r->start_time)) 1499 r->edns.opt_list_inplace_cb_out = NULL; 1500 } else { 1501 if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, 1502 &r->edns, &r->query_reply, m->s.region, &r->start_time)) 1503 r->edns.opt_list_inplace_cb_out = NULL; 1504 } 1505 /* Send along EDE EDNS0 option when SERVFAILing; usually 1506 * DNSSEC validation failures */ 1507 /* Since we are SERVFAILing here, CD bit and rep->security 1508 * is already handled. */ 1509 if(m->s.env->cfg->ede && rep) { 1510 mesh_find_and_attach_ede_and_reason(m, rep, r); 1511 } 1512 error_encode(r_buffer, rcode, &m->s.qinfo, r->qid, 1513 r->qflags, &r->edns); 1514 m->reply_list = NULL; 1515 comm_point_send_reply(&r->query_reply); 1516 m->reply_list = rlist; 1517 } else { 1518 size_t udp_size = r->edns.udp_size; 1519 r->edns.edns_version = EDNS_ADVERTISED_VERSION; 1520 r->edns.udp_size = EDNS_ADVERTISED_SIZE; 1521 r->edns.ext_rcode = 0; 1522 r->edns.bits &= EDNS_DO; 1523 if(m->s.env->cfg->disable_edns_do && (r->edns.bits&EDNS_DO)) 1524 r->edns.edns_present = 0; 1525 m->s.qinfo.qname = r->qname; 1526 m->s.qinfo.local_alias = r->local_alias; 1527 1528 /* Attach EDE without SERVFAIL if the validation failed. 1529 * Need to explicitly check for rep->security otherwise failed 1530 * validation paths may attach to a secure answer. */ 1531 if(m->s.env->cfg->ede && rep && 1532 (rep->security <= sec_status_bogus || 1533 rep->security == sec_status_secure_sentinel_fail)) { 1534 mesh_find_and_attach_ede_and_reason(m, rep, r); 1535 } 1536 1537 if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, 1538 LDNS_RCODE_NOERROR, &r->edns, &r->query_reply, m->s.region, &r->start_time) || 1539 !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, 1540 r->qflags, r_buffer, 0, 1, m->s.env->scratch, 1541 udp_size, &r->edns, (int)(r->edns.bits & EDNS_DO), 1542 secure)) 1543 { 1544 if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, 1545 rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region, &r->start_time)) 1546 r->edns.opt_list_inplace_cb_out = NULL; 1547 /* internal server error (probably malloc failure) so no 1548 * EDE (RFC8914) needed */ 1549 error_encode(r_buffer, LDNS_RCODE_SERVFAIL, 1550 &m->s.qinfo, r->qid, r->qflags, &r->edns); 1551 } 1552 m->reply_list = NULL; 1553 comm_point_send_reply(&r->query_reply); 1554 m->reply_list = rlist; 1555 } 1556 infra_wait_limit_dec(m->s.env->infra_cache, &r->query_reply, 1557 m->s.env->cfg); 1558 /* account */ 1559 log_assert(m->s.env->mesh->num_reply_addrs > 0); 1560 m->s.env->mesh->num_reply_addrs--; 1561 end_time = *m->s.env->now_tv; 1562 timeval_subtract(&duration, &end_time, &r->start_time); 1563 verbose(VERB_ALGO, "query took " ARG_LL "d.%6.6d sec", 1564 (long long)duration.tv_sec, (int)duration.tv_usec); 1565 m->s.env->mesh->replies_sent++; 1566 timeval_add(&m->s.env->mesh->replies_sum_wait, &duration); 1567 timehist_insert(m->s.env->mesh->histogram, &duration); 1568 if(m->s.env->cfg->stat_extended) { 1569 uint16_t rc = FLAGS_GET_RCODE(sldns_buffer_read_u16_at( 1570 r_buffer, 2)); 1571 if(secure) m->s.env->mesh->ans_secure++; 1572 m->s.env->mesh->ans_rcode[ rc ] ++; 1573 if(rc == 0 && LDNS_ANCOUNT(sldns_buffer_begin(r_buffer)) == 0) 1574 m->s.env->mesh->ans_nodata++; 1575 } 1576 /* Log reply sent */ 1577 if(m->s.env->cfg->log_replies) { 1578 log_reply_info(NO_VERBOSE, &m->s.qinfo, 1579 &r->query_reply.client_addr, 1580 r->query_reply.client_addrlen, duration, 0, r_buffer, 1581 (m->s.env->cfg->log_destaddr?(void*)r->query_reply.c->socket->addr:NULL), 1582 r->query_reply.c->type, r->query_reply.c->ssl); 1583 } 1584 } 1585 1586 /** 1587 * Generate the DNS Error Report (RFC9567). 1588 * If there is an EDE attached for this reply and there was a Report-Channel 1589 * EDNS0 option from the upstream, fire up a report query. 1590 * @param qstate: module qstate. 1591 * @param rep: prepared reply to be sent. 1592 */ 1593 static void dns_error_reporting(struct module_qstate* qstate, 1594 struct reply_info* rep) 1595 { 1596 struct query_info qinfo; 1597 struct mesh_state* sub; 1598 struct module_qstate* newq; 1599 uint8_t buf[LDNS_MAX_DOMAINLEN]; 1600 size_t count = 0; 1601 int written; 1602 size_t expected_length; 1603 struct edns_option* opt; 1604 sldns_ede_code reason_bogus = LDNS_EDE_NONE; 1605 sldns_rr_type qtype = qstate->qinfo.qtype; 1606 uint8_t* qname = qstate->qinfo.qname; 1607 size_t qname_len = qstate->qinfo.qname_len-1; /* skip the trailing \0 */ 1608 uint8_t* agent_domain; 1609 size_t agent_domain_len; 1610 1611 /* We need a valid reporting agent; 1612 * this is based on qstate->edns_opts_back_in that will probably have 1613 * the latest reporting agent we found while iterating */ 1614 opt = edns_opt_list_find(qstate->edns_opts_back_in, 1615 LDNS_EDNS_REPORT_CHANNEL); 1616 if(!opt) return; 1617 agent_domain_len = opt->opt_len; 1618 agent_domain = opt->opt_data; 1619 if(dname_valid(agent_domain, agent_domain_len) < 3) { 1620 /* The agent domain needs to be a valid dname that is not the 1621 * root; from RFC9567. */ 1622 return; 1623 } 1624 1625 /* Get the EDE generated from the mesh state, these are mostly 1626 * validator errors. If other errors are produced in the future (e.g., 1627 * RPZ) we would not want them to result in error reports. */ 1628 reason_bogus = errinf_to_reason_bogus(qstate); 1629 if(rep && ((reason_bogus == LDNS_EDE_DNSSEC_BOGUS && 1630 rep->reason_bogus != LDNS_EDE_NONE) || 1631 reason_bogus == LDNS_EDE_NONE)) { 1632 reason_bogus = rep->reason_bogus; 1633 } 1634 if(reason_bogus == LDNS_EDE_NONE || 1635 /* other, does not make sense without the text that comes 1636 * with it */ 1637 reason_bogus == LDNS_EDE_OTHER) return; 1638 1639 /* Synthesize the error report query in the format: 1640 * "_er.$qtype.$qname.$ede._er.$reporting-agent-domain" */ 1641 /* First check if the static length parts fit in the buffer. 1642 * That is everything except for qtype and ede that need to be 1643 * converted to decimal and checked further on. */ 1644 expected_length = 4/*_er*/+qname_len+4/*_er*/+agent_domain_len; 1645 if(expected_length > LDNS_MAX_DOMAINLEN) goto skip; 1646 1647 memmove(buf+count, "\3_er", 4); 1648 count += 4; 1649 1650 written = snprintf((char*)buf+count, LDNS_MAX_DOMAINLEN-count, 1651 "X%d", qtype); 1652 expected_length += written; 1653 /* Skip on error, truncation or long expected length */ 1654 if(written < 0 || (size_t)written >= LDNS_MAX_DOMAINLEN-count || 1655 expected_length > LDNS_MAX_DOMAINLEN ) goto skip; 1656 /* Put in the label length */ 1657 *(buf+count) = (char)(written - 1); 1658 count += written; 1659 1660 memmove(buf+count, qname, qname_len); 1661 count += qname_len; 1662 1663 written = snprintf((char*)buf+count, LDNS_MAX_DOMAINLEN-count, 1664 "X%d", reason_bogus); 1665 expected_length += written; 1666 /* Skip on error, truncation or long expected length */ 1667 if(written < 0 || (size_t)written >= LDNS_MAX_DOMAINLEN-count || 1668 expected_length > LDNS_MAX_DOMAINLEN ) goto skip; 1669 *(buf+count) = (char)(written - 1); 1670 count += written; 1671 1672 memmove(buf+count, "\3_er", 4); 1673 count += 4; 1674 1675 /* Copy the agent domain */ 1676 memmove(buf+count, agent_domain, agent_domain_len); 1677 count += agent_domain_len; 1678 1679 qinfo.qname = buf; 1680 qinfo.qname_len = count; 1681 qinfo.qtype = LDNS_RR_TYPE_TXT; 1682 qinfo.qclass = qstate->qinfo.qclass; 1683 qinfo.local_alias = NULL; 1684 1685 log_query_info(VERB_ALGO, "DNS Error Reporting: generating report " 1686 "query for", &qinfo); 1687 if(mesh_add_sub(qstate, &qinfo, BIT_RD, 0, 0, &newq, &sub)) { 1688 qstate->env->mesh->num_dns_error_reports++; 1689 } 1690 return; 1691 skip: 1692 verbose(VERB_ALGO, "DNS Error Reporting: report query qname too long; " 1693 "skip"); 1694 return; 1695 } 1696 1697 void mesh_query_done(struct mesh_state* mstate) 1698 { 1699 struct mesh_reply* r; 1700 struct mesh_reply* prev = NULL; 1701 struct sldns_buffer* prev_buffer = NULL; 1702 struct mesh_cb* c; 1703 struct reply_info* rep = (mstate->s.return_msg? 1704 mstate->s.return_msg->rep:NULL); 1705 struct timeval tv = {0, 0}; 1706 int i = 0; 1707 /* No need for the serve expired timer anymore; we are going to reply. */ 1708 if(mstate->s.serve_expired_data) { 1709 comm_timer_delete(mstate->s.serve_expired_data->timer); 1710 mstate->s.serve_expired_data->timer = NULL; 1711 } 1712 if(mstate->s.return_rcode == LDNS_RCODE_SERVFAIL || 1713 (rep && FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_SERVFAIL)) { 1714 if(mstate->s.env->cfg->serve_expired) { 1715 /* we are SERVFAILing; check for expired answer here */ 1716 mesh_respond_serve_expired(mstate); 1717 } 1718 if((mstate->reply_list || mstate->cb_list) 1719 && mstate->s.env->cfg->log_servfail 1720 && !mstate->s.env->cfg->val_log_squelch) { 1721 char* err = errinf_to_str_servfail(&mstate->s); 1722 if(err) { log_err("%s", err); } 1723 } 1724 } 1725 1726 if(mstate->reply_list && mstate->s.env->cfg->dns_error_reporting) 1727 dns_error_reporting(&mstate->s, rep); 1728 1729 for(r = mstate->reply_list; r; r = r->next) { 1730 struct timeval old; 1731 timeval_subtract(&old, mstate->s.env->now_tv, &r->start_time); 1732 if(mstate->s.env->cfg->discard_timeout != 0 && 1733 ((int)old.tv_sec)*1000+((int)old.tv_usec)/1000 > 1734 mstate->s.env->cfg->discard_timeout) { 1735 /* Drop the reply, it is too old */ 1736 /* briefly set the reply_list to NULL, so that the 1737 * tcp req info cleanup routine that calls the mesh 1738 * to deregister the meshstate for it is not done 1739 * because the list is NULL and also accounting is not 1740 * done there, but instead we do that here. */ 1741 struct mesh_reply* reply_list = mstate->reply_list; 1742 verbose(VERB_ALGO, "drop reply, it is older than discard-timeout"); 1743 infra_wait_limit_dec(mstate->s.env->infra_cache, 1744 &r->query_reply, mstate->s.env->cfg); 1745 mstate->reply_list = NULL; 1746 if(r->query_reply.c->use_h2) 1747 http2_stream_remove_mesh_state(r->h2_stream); 1748 comm_point_drop_reply(&r->query_reply); 1749 mstate->reply_list = reply_list; 1750 mstate->s.env->mesh->num_queries_discard_timeout++; 1751 continue; 1752 } 1753 1754 i++; 1755 tv = r->start_time; 1756 1757 /* if a response-ip address block has been stored the 1758 * information should be logged for each client. */ 1759 if(mstate->s.respip_action_info && 1760 mstate->s.respip_action_info->addrinfo) { 1761 respip_inform_print(mstate->s.respip_action_info, 1762 r->qname, mstate->s.qinfo.qtype, 1763 mstate->s.qinfo.qclass, r->local_alias, 1764 &r->query_reply.client_addr, 1765 r->query_reply.client_addrlen); 1766 } 1767 1768 /* if this query is determined to be dropped during the 1769 * mesh processing, this is the point to take that action. */ 1770 if(mstate->s.is_drop) { 1771 /* briefly set the reply_list to NULL, so that the 1772 * tcp req info cleanup routine that calls the mesh 1773 * to deregister the meshstate for it is not done 1774 * because the list is NULL and also accounting is not 1775 * done there, but instead we do that here. */ 1776 struct mesh_reply* reply_list = mstate->reply_list; 1777 infra_wait_limit_dec(mstate->s.env->infra_cache, 1778 &r->query_reply, mstate->s.env->cfg); 1779 mstate->reply_list = NULL; 1780 if(r->query_reply.c->use_h2) { 1781 http2_stream_remove_mesh_state(r->h2_stream); 1782 } 1783 comm_point_drop_reply(&r->query_reply); 1784 mstate->reply_list = reply_list; 1785 } else { 1786 struct sldns_buffer* r_buffer = r->query_reply.c->buffer; 1787 if(r->query_reply.c->tcp_req_info) { 1788 r_buffer = r->query_reply.c->tcp_req_info->spool_buffer; 1789 prev_buffer = NULL; 1790 } 1791 mesh_send_reply(mstate, mstate->s.return_rcode, rep, 1792 r, r_buffer, prev, prev_buffer); 1793 if(r->query_reply.c->tcp_req_info) { 1794 tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); 1795 r_buffer = NULL; 1796 } 1797 /* mesh_send_reply removed mesh state from 1798 * http2_stream. */ 1799 prev = r; 1800 prev_buffer = r_buffer; 1801 } 1802 } 1803 /* Account for each reply sent. */ 1804 if(i > 0 && mstate->s.respip_action_info && 1805 mstate->s.respip_action_info->addrinfo && 1806 mstate->s.env->cfg->stat_extended && 1807 mstate->s.respip_action_info->rpz_used) { 1808 if(mstate->s.respip_action_info->rpz_disabled) 1809 mstate->s.env->mesh->rpz_action[RPZ_DISABLED_ACTION] += i; 1810 if(mstate->s.respip_action_info->rpz_cname_override) 1811 mstate->s.env->mesh->rpz_action[RPZ_CNAME_OVERRIDE_ACTION] += i; 1812 else 1813 mstate->s.env->mesh->rpz_action[respip_action_to_rpz_action( 1814 mstate->s.respip_action_info->action)] += i; 1815 } 1816 if(!mstate->s.is_drop && i > 0) { 1817 if(mstate->s.env->cfg->stat_extended 1818 && mstate->s.is_cachedb_answer) { 1819 mstate->s.env->mesh->ans_cachedb += i; 1820 } 1821 } 1822 1823 /* Mesh area accounting */ 1824 if(mstate->reply_list) { 1825 mstate->reply_list = NULL; 1826 if(!mstate->reply_list && !mstate->cb_list) { 1827 /* was a reply state, not anymore */ 1828 log_assert(mstate->s.env->mesh->num_reply_states > 0); 1829 mstate->s.env->mesh->num_reply_states--; 1830 } 1831 if(!mstate->reply_list && !mstate->cb_list && 1832 mstate->super_set.count == 0) 1833 mstate->s.env->mesh->num_detached_states++; 1834 } 1835 mstate->replies_sent = 1; 1836 1837 while((c = mstate->cb_list) != NULL) { 1838 /* take this cb off the list; so that the list can be 1839 * changed, eg. by adds from the callback routine */ 1840 if(!mstate->reply_list && mstate->cb_list && !c->next) { 1841 /* was a reply state, not anymore */ 1842 log_assert(mstate->s.env->mesh->num_reply_states > 0); 1843 mstate->s.env->mesh->num_reply_states--; 1844 } 1845 mstate->cb_list = c->next; 1846 if(!mstate->reply_list && !mstate->cb_list && 1847 mstate->super_set.count == 0) 1848 mstate->s.env->mesh->num_detached_states++; 1849 mesh_do_callback(mstate, mstate->s.return_rcode, rep, c, &tv); 1850 } 1851 } 1852 1853 void mesh_walk_supers(struct mesh_area* mesh, struct mesh_state* mstate) 1854 { 1855 struct mesh_state_ref* ref; 1856 RBTREE_FOR(ref, struct mesh_state_ref*, &mstate->super_set) 1857 { 1858 /* make super runnable */ 1859 (void)rbtree_insert(&mesh->run, &ref->s->run_node); 1860 /* callback the function to inform super of result */ 1861 fptr_ok(fptr_whitelist_mod_inform_super( 1862 mesh->mods.mod[ref->s->s.curmod]->inform_super)); 1863 (*mesh->mods.mod[ref->s->s.curmod]->inform_super)(&mstate->s, 1864 ref->s->s.curmod, &ref->s->s); 1865 /* copy state that is always relevant to super */ 1866 copy_state_to_super(&mstate->s, ref->s->s.curmod, &ref->s->s); 1867 } 1868 } 1869 1870 struct mesh_state* mesh_area_find(struct mesh_area* mesh, 1871 struct respip_client_info* cinfo, struct query_info* qinfo, 1872 uint16_t qflags, int prime, int valrec) 1873 { 1874 struct mesh_state key; 1875 struct mesh_state* result; 1876 1877 key.node.key = &key; 1878 key.s.is_priming = prime; 1879 key.s.is_valrec = valrec; 1880 key.s.qinfo = *qinfo; 1881 key.s.query_flags = qflags; 1882 /* We are searching for a similar mesh state when we DO want to 1883 * aggregate the state. Thus unique is set to NULL. (default when we 1884 * desire aggregation).*/ 1885 key.unique = NULL; 1886 key.s.client_info = cinfo; 1887 1888 result = (struct mesh_state*)rbtree_search(&mesh->all, &key); 1889 return result; 1890 } 1891 1892 /** remove mesh state callback */ 1893 int mesh_state_del_cb(struct mesh_state* s, mesh_cb_func_type cb, void* cb_arg) 1894 { 1895 struct mesh_cb* r, *prev = NULL; 1896 r = s->cb_list; 1897 while(r) { 1898 if(r->cb == cb && r->cb_arg == cb_arg) { 1899 /* Delete this entry. */ 1900 /* It was allocated in the s.region, so no free. */ 1901 if(prev) prev->next = r->next; 1902 else s->cb_list = r->next; 1903 return 1; 1904 } 1905 prev = r; 1906 r = r->next; 1907 } 1908 return 0; 1909 } 1910 1911 int mesh_state_add_cb(struct mesh_state* s, struct edns_data* edns, 1912 sldns_buffer* buf, mesh_cb_func_type cb, void* cb_arg, 1913 uint16_t qid, uint16_t qflags) 1914 { 1915 struct mesh_cb* r = regional_alloc(s->s.region, 1916 sizeof(struct mesh_cb)); 1917 if(!r) 1918 return 0; 1919 r->buf = buf; 1920 log_assert(fptr_whitelist_mesh_cb(cb)); /* early failure ifmissing*/ 1921 r->cb = cb; 1922 r->cb_arg = cb_arg; 1923 r->edns = *edns; 1924 if(edns->opt_list_in && !(r->edns.opt_list_in = 1925 edns_opt_copy_region(edns->opt_list_in, s->s.region))) 1926 return 0; 1927 if(edns->opt_list_out && !(r->edns.opt_list_out = 1928 edns_opt_copy_region(edns->opt_list_out, s->s.region))) 1929 return 0; 1930 if(edns->opt_list_inplace_cb_out && !(r->edns.opt_list_inplace_cb_out = 1931 edns_opt_copy_region(edns->opt_list_inplace_cb_out, s->s.region))) 1932 return 0; 1933 r->qid = qid; 1934 r->qflags = qflags; 1935 r->next = s->cb_list; 1936 s->cb_list = r; 1937 return 1; 1938 1939 } 1940 1941 int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, 1942 struct comm_reply* rep, uint16_t qid, uint16_t qflags, 1943 const struct query_info* qinfo) 1944 { 1945 struct mesh_reply* r = regional_alloc(s->s.region, 1946 sizeof(struct mesh_reply)); 1947 if(!r) 1948 return 0; 1949 r->query_reply = *rep; 1950 r->edns = *edns; 1951 if(edns->opt_list_in && !(r->edns.opt_list_in = 1952 edns_opt_copy_region(edns->opt_list_in, s->s.region))) 1953 return 0; 1954 if(edns->opt_list_out && !(r->edns.opt_list_out = 1955 edns_opt_copy_region(edns->opt_list_out, s->s.region))) 1956 return 0; 1957 if(edns->opt_list_inplace_cb_out && !(r->edns.opt_list_inplace_cb_out = 1958 edns_opt_copy_region(edns->opt_list_inplace_cb_out, s->s.region))) 1959 return 0; 1960 r->qid = qid; 1961 r->qflags = qflags; 1962 r->start_time = *s->s.env->now_tv; 1963 r->next = s->reply_list; 1964 r->qname = regional_alloc_init(s->s.region, qinfo->qname, 1965 s->s.qinfo.qname_len); 1966 if(!r->qname) 1967 return 0; 1968 if(rep->c->use_h2) 1969 r->h2_stream = rep->c->h2_stream; 1970 else r->h2_stream = NULL; 1971 1972 /* Data related to local alias stored in 'qinfo' (if any) is ephemeral 1973 * and can be different for different original queries (even if the 1974 * replaced query name is the same). So we need to make a deep copy 1975 * and store the copy for each reply info. */ 1976 if(qinfo->local_alias) { 1977 struct packed_rrset_data* d; 1978 struct packed_rrset_data* dsrc; 1979 r->local_alias = regional_alloc_zero(s->s.region, 1980 sizeof(*qinfo->local_alias)); 1981 if(!r->local_alias) 1982 return 0; 1983 r->local_alias->rrset = regional_alloc_init(s->s.region, 1984 qinfo->local_alias->rrset, 1985 sizeof(*qinfo->local_alias->rrset)); 1986 if(!r->local_alias->rrset) 1987 return 0; 1988 dsrc = qinfo->local_alias->rrset->entry.data; 1989 1990 /* In the current implementation, a local alias must be 1991 * a single CNAME RR (see worker_handle_request()). */ 1992 log_assert(!qinfo->local_alias->next && dsrc->count == 1 && 1993 qinfo->local_alias->rrset->rk.type == 1994 htons(LDNS_RR_TYPE_CNAME)); 1995 /* we should make a local copy for the owner name of 1996 * the RRset */ 1997 r->local_alias->rrset->rk.dname_len = 1998 qinfo->local_alias->rrset->rk.dname_len; 1999 r->local_alias->rrset->rk.dname = regional_alloc_init( 2000 s->s.region, qinfo->local_alias->rrset->rk.dname, 2001 qinfo->local_alias->rrset->rk.dname_len); 2002 if(!r->local_alias->rrset->rk.dname) 2003 return 0; 2004 2005 /* the rrset is not packed, like in the cache, but it is 2006 * individually allocated with an allocator from localzone. */ 2007 d = regional_alloc_zero(s->s.region, sizeof(*d)); 2008 if(!d) 2009 return 0; 2010 r->local_alias->rrset->entry.data = d; 2011 if(!rrset_insert_rr(s->s.region, d, dsrc->rr_data[0], 2012 dsrc->rr_len[0], dsrc->rr_ttl[0], "CNAME local alias")) 2013 return 0; 2014 } else 2015 r->local_alias = NULL; 2016 2017 s->reply_list = r; 2018 return 1; 2019 } 2020 2021 /* Extract the query info and flags from 'mstate' into '*qinfop' and '*qflags'. 2022 * Since this is only used for internal refetch of otherwise-expired answer, 2023 * we simply ignore the rare failure mode when memory allocation fails. */ 2024 static void 2025 mesh_copy_qinfo(struct mesh_state* mstate, struct query_info** qinfop, 2026 uint16_t* qflags) 2027 { 2028 struct regional* region = mstate->s.env->scratch; 2029 struct query_info* qinfo; 2030 2031 qinfo = regional_alloc_init(region, &mstate->s.qinfo, sizeof(*qinfo)); 2032 if(!qinfo) 2033 return; 2034 qinfo->qname = regional_alloc_init(region, qinfo->qname, 2035 qinfo->qname_len); 2036 if(!qinfo->qname) 2037 return; 2038 *qinfop = qinfo; 2039 *qflags = mstate->s.query_flags; 2040 } 2041 2042 /** 2043 * Continue processing the mesh state at another module. 2044 * Handles module to modules transfer of control. 2045 * Handles module finished. 2046 * @param mesh: the mesh area. 2047 * @param mstate: currently active mesh state. 2048 * Deleted if finished, calls _done and _supers to 2049 * send replies to clients and inform other mesh states. 2050 * This in turn may create additional runnable mesh states. 2051 * @param s: state at which the current module exited. 2052 * @param ev: the event sent to the module. 2053 * returned is the event to send to the next module. 2054 * @return true if continue processing at the new module. 2055 * false if not continued processing is needed. 2056 */ 2057 static int 2058 mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate, 2059 enum module_ext_state s, enum module_ev* ev) 2060 { 2061 mstate->num_activated++; 2062 if(mstate->num_activated > MESH_MAX_ACTIVATION) { 2063 /* module is looping. Stop it. */ 2064 log_err("internal error: looping module (%s) stopped", 2065 mesh->mods.mod[mstate->s.curmod]->name); 2066 log_query_info(NO_VERBOSE, "pass error for qstate", 2067 &mstate->s.qinfo); 2068 s = module_error; 2069 } 2070 if(s == module_wait_module || s == module_restart_next) { 2071 /* start next module */ 2072 mstate->s.curmod++; 2073 if(mesh->mods.num == mstate->s.curmod) { 2074 log_err("Cannot pass to next module; at last module"); 2075 log_query_info(VERB_QUERY, "pass error for qstate", 2076 &mstate->s.qinfo); 2077 mstate->s.curmod--; 2078 return mesh_continue(mesh, mstate, module_error, ev); 2079 } 2080 if(s == module_restart_next) { 2081 int curmod = mstate->s.curmod; 2082 for(; mstate->s.curmod < mesh->mods.num; 2083 mstate->s.curmod++) { 2084 fptr_ok(fptr_whitelist_mod_clear( 2085 mesh->mods.mod[mstate->s.curmod]->clear)); 2086 (*mesh->mods.mod[mstate->s.curmod]->clear) 2087 (&mstate->s, mstate->s.curmod); 2088 mstate->s.minfo[mstate->s.curmod] = NULL; 2089 } 2090 mstate->s.curmod = curmod; 2091 } 2092 *ev = module_event_pass; 2093 return 1; 2094 } 2095 if(s == module_wait_subquery && mstate->sub_set.count == 0) { 2096 log_err("module cannot wait for subquery, subquery list empty"); 2097 log_query_info(VERB_QUERY, "pass error for qstate", 2098 &mstate->s.qinfo); 2099 s = module_error; 2100 } 2101 if(s == module_error && mstate->s.return_rcode == LDNS_RCODE_NOERROR) { 2102 /* error is bad, handle pass back up below */ 2103 mstate->s.return_rcode = LDNS_RCODE_SERVFAIL; 2104 } 2105 if(s == module_error) { 2106 mesh_query_done(mstate); 2107 mesh_walk_supers(mesh, mstate); 2108 mesh_state_delete(&mstate->s); 2109 return 0; 2110 } 2111 if(s == module_finished) { 2112 if(mstate->s.curmod == 0) { 2113 struct query_info* qinfo = NULL; 2114 struct edns_option* opt_list = NULL; 2115 struct sockaddr_storage addr; 2116 uint16_t qflags; 2117 int rpz_p = 0; 2118 2119 #ifdef CLIENT_SUBNET 2120 struct edns_option* ecs; 2121 if(mstate->s.need_refetch && mstate->reply_list && 2122 modstack_find(&mesh->mods, "subnetcache") != -1 && 2123 mstate->s.env->unique_mesh) { 2124 addr = mstate->reply_list->query_reply.client_addr; 2125 } else 2126 #endif 2127 memset(&addr, 0, sizeof(addr)); 2128 2129 mesh_query_done(mstate); 2130 mesh_walk_supers(mesh, mstate); 2131 2132 /* If the answer to the query needs to be refetched 2133 * from an external DNS server, we'll need to schedule 2134 * a prefetch after removing the current state, so 2135 * we need to make a copy of the query info here. */ 2136 if(mstate->s.need_refetch) { 2137 mesh_copy_qinfo(mstate, &qinfo, &qflags); 2138 #ifdef CLIENT_SUBNET 2139 /* Make also a copy of the ecs option if any */ 2140 if((ecs = edns_opt_list_find( 2141 mstate->s.edns_opts_front_in, 2142 mstate->s.env->cfg->client_subnet_opcode)) != NULL) { 2143 (void)edns_opt_list_append(&opt_list, 2144 ecs->opt_code, ecs->opt_len, 2145 ecs->opt_data, 2146 mstate->s.env->scratch); 2147 } 2148 #endif 2149 rpz_p = mstate->s.rpz_passthru; 2150 } 2151 2152 if(qinfo) { 2153 mesh_state_delete(&mstate->s); 2154 mesh_new_prefetch(mesh, qinfo, qflags, 0, 2155 rpz_p, 2156 addr.ss_family!=AF_UNSPEC?&addr:NULL, 2157 opt_list); 2158 } else { 2159 mesh_state_delete(&mstate->s); 2160 } 2161 return 0; 2162 } 2163 /* pass along the locus of control */ 2164 mstate->s.curmod --; 2165 *ev = module_event_moddone; 2166 return 1; 2167 } 2168 return 0; 2169 } 2170 2171 void mesh_run(struct mesh_area* mesh, struct mesh_state* mstate, 2172 enum module_ev ev, struct outbound_entry* e) 2173 { 2174 enum module_ext_state s; 2175 verbose(VERB_ALGO, "mesh_run: start"); 2176 while(mstate) { 2177 /* run the module */ 2178 fptr_ok(fptr_whitelist_mod_operate( 2179 mesh->mods.mod[mstate->s.curmod]->operate)); 2180 (*mesh->mods.mod[mstate->s.curmod]->operate) 2181 (&mstate->s, ev, mstate->s.curmod, e); 2182 2183 /* examine results */ 2184 mstate->s.reply = NULL; 2185 regional_free_all(mstate->s.env->scratch); 2186 s = mstate->s.ext_state[mstate->s.curmod]; 2187 verbose(VERB_ALGO, "mesh_run: %s module exit state is %s", 2188 mesh->mods.mod[mstate->s.curmod]->name, strextstate(s)); 2189 e = NULL; 2190 if(mesh_continue(mesh, mstate, s, &ev)) 2191 continue; 2192 2193 /* run more modules */ 2194 ev = module_event_pass; 2195 if(mesh->run.count > 0) { 2196 /* pop random element off the runnable tree */ 2197 mstate = (struct mesh_state*)mesh->run.root->key; 2198 (void)rbtree_delete(&mesh->run, mstate); 2199 } else mstate = NULL; 2200 } 2201 if(verbosity >= VERB_ALGO) { 2202 mesh_stats(mesh, "mesh_run: end"); 2203 mesh_log_list(mesh); 2204 } 2205 } 2206 2207 void 2208 mesh_log_list(struct mesh_area* mesh) 2209 { 2210 char buf[30]; 2211 struct mesh_state* m; 2212 int num = 0; 2213 RBTREE_FOR(m, struct mesh_state*, &mesh->all) { 2214 snprintf(buf, sizeof(buf), "%d%s%s%s%s%s%s mod%d %s%s", 2215 num++, (m->s.is_priming)?"p":"", /* prime */ 2216 (m->s.is_valrec)?"v":"", /* prime */ 2217 (m->s.query_flags&BIT_RD)?"RD":"", 2218 (m->s.query_flags&BIT_CD)?"CD":"", 2219 (m->super_set.count==0)?"d":"", /* detached */ 2220 (m->sub_set.count!=0)?"c":"", /* children */ 2221 m->s.curmod, (m->reply_list)?"rep":"", /*hasreply*/ 2222 (m->cb_list)?"cb":"" /* callbacks */ 2223 ); 2224 log_query_info(VERB_ALGO, buf, &m->s.qinfo); 2225 } 2226 } 2227 2228 void 2229 mesh_stats(struct mesh_area* mesh, const char* str) 2230 { 2231 verbose(VERB_DETAIL, "%s %u recursion states (%u with reply, " 2232 "%u detached), %u waiting replies, %u recursion replies " 2233 "sent, %d replies dropped, %d states jostled out", 2234 str, (unsigned)mesh->all.count, 2235 (unsigned)mesh->num_reply_states, 2236 (unsigned)mesh->num_detached_states, 2237 (unsigned)mesh->num_reply_addrs, 2238 (unsigned)mesh->replies_sent, 2239 (unsigned)mesh->stats_dropped, 2240 (unsigned)mesh->stats_jostled); 2241 if(mesh->replies_sent > 0) { 2242 struct timeval avg; 2243 timeval_divide(&avg, &mesh->replies_sum_wait, 2244 mesh->replies_sent); 2245 log_info("average recursion processing time " 2246 ARG_LL "d.%6.6d sec", 2247 (long long)avg.tv_sec, (int)avg.tv_usec); 2248 log_info("histogram of recursion processing times"); 2249 timehist_log(mesh->histogram, "recursions"); 2250 } 2251 } 2252 2253 void 2254 mesh_stats_clear(struct mesh_area* mesh) 2255 { 2256 if(!mesh) 2257 return; 2258 mesh->num_query_authzone_up = 0; 2259 mesh->num_query_authzone_down = 0; 2260 mesh->replies_sent = 0; 2261 mesh->replies_sum_wait.tv_sec = 0; 2262 mesh->replies_sum_wait.tv_usec = 0; 2263 mesh->stats_jostled = 0; 2264 mesh->stats_dropped = 0; 2265 timehist_clear(mesh->histogram); 2266 mesh->ans_secure = 0; 2267 mesh->ans_bogus = 0; 2268 mesh->ans_expired = 0; 2269 mesh->ans_cachedb = 0; 2270 memset(&mesh->ans_rcode[0], 0, sizeof(size_t)*UB_STATS_RCODE_NUM); 2271 memset(&mesh->rpz_action[0], 0, sizeof(size_t)*UB_STATS_RPZ_ACTION_NUM); 2272 mesh->ans_nodata = 0; 2273 mesh->num_queries_discard_timeout = 0; 2274 mesh->num_queries_wait_limit = 0; 2275 mesh->num_dns_error_reports = 0; 2276 } 2277 2278 size_t 2279 mesh_get_mem(struct mesh_area* mesh) 2280 { 2281 struct mesh_state* m; 2282 size_t s = sizeof(*mesh) + sizeof(struct timehist) + 2283 sizeof(struct th_buck)*mesh->histogram->num + 2284 sizeof(sldns_buffer) + sldns_buffer_capacity(mesh->qbuf_bak); 2285 RBTREE_FOR(m, struct mesh_state*, &mesh->all) { 2286 /* all, including m itself allocated in qstate region */ 2287 s += regional_get_mem(m->s.region); 2288 } 2289 return s; 2290 } 2291 2292 int 2293 mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo, 2294 uint16_t flags, int prime, int valrec) 2295 { 2296 struct mesh_area* mesh = qstate->env->mesh; 2297 struct mesh_state* dep_m = NULL; 2298 dep_m = mesh_area_find(mesh, NULL, qinfo, flags, prime, valrec); 2299 return mesh_detect_cycle_found(qstate, dep_m); 2300 } 2301 2302 void mesh_list_insert(struct mesh_state* m, struct mesh_state** fp, 2303 struct mesh_state** lp) 2304 { 2305 /* insert as last element */ 2306 m->prev = *lp; 2307 m->next = NULL; 2308 if(*lp) 2309 (*lp)->next = m; 2310 else *fp = m; 2311 *lp = m; 2312 } 2313 2314 void mesh_list_remove(struct mesh_state* m, struct mesh_state** fp, 2315 struct mesh_state** lp) 2316 { 2317 if(m->next) 2318 m->next->prev = m->prev; 2319 else *lp = m->prev; 2320 if(m->prev) 2321 m->prev->next = m->next; 2322 else *fp = m->next; 2323 } 2324 2325 void mesh_state_remove_reply(struct mesh_area* mesh, struct mesh_state* m, 2326 struct comm_point* cp) 2327 { 2328 struct mesh_reply* n, *prev = NULL; 2329 n = m->reply_list; 2330 /* when in mesh_cleanup, it sets the reply_list to NULL, so that 2331 * there is no accounting twice */ 2332 if(!n) return; /* nothing to remove, also no accounting needed */ 2333 while(n) { 2334 if(n->query_reply.c == cp) { 2335 /* unlink it */ 2336 if(prev) prev->next = n->next; 2337 else m->reply_list = n->next; 2338 /* delete it, but allocated in m region */ 2339 log_assert(mesh->num_reply_addrs > 0); 2340 mesh->num_reply_addrs--; 2341 infra_wait_limit_dec(mesh->env->infra_cache, 2342 &n->query_reply, mesh->env->cfg); 2343 2344 /* prev = prev; */ 2345 n = n->next; 2346 continue; 2347 } 2348 prev = n; 2349 n = n->next; 2350 } 2351 /* it was not detached (because it had a reply list), could be now */ 2352 if(!m->reply_list && !m->cb_list 2353 && m->super_set.count == 0) { 2354 mesh->num_detached_states++; 2355 } 2356 /* if not replies any more in mstate, it is no longer a reply_state */ 2357 if(!m->reply_list && !m->cb_list) { 2358 log_assert(mesh->num_reply_states > 0); 2359 mesh->num_reply_states--; 2360 } 2361 } 2362 2363 2364 static int 2365 apply_respip_action(struct module_qstate* qstate, 2366 const struct query_info* qinfo, struct respip_client_info* cinfo, 2367 struct respip_action_info* actinfo, struct reply_info* rep, 2368 struct ub_packed_rrset_key** alias_rrset, 2369 struct reply_info** encode_repp, struct auth_zones* az) 2370 { 2371 if(qinfo->qtype != LDNS_RR_TYPE_A && 2372 qinfo->qtype != LDNS_RR_TYPE_AAAA && 2373 qinfo->qtype != LDNS_RR_TYPE_ANY) 2374 return 1; 2375 2376 if(!respip_rewrite_reply(qinfo, cinfo, rep, encode_repp, actinfo, 2377 alias_rrset, 0, qstate->region, az, NULL, qstate->env->views, 2378 qstate->env->respip_set)) 2379 return 0; 2380 2381 /* xxx_deny actions mean dropping the reply, unless the original reply 2382 * was redirected to response-ip data. */ 2383 if((actinfo->action == respip_deny || 2384 actinfo->action == respip_inform_deny) && 2385 *encode_repp == rep) 2386 *encode_repp = NULL; 2387 2388 return 1; 2389 } 2390 2391 void 2392 mesh_serve_expired_callback(void* arg) 2393 { 2394 struct mesh_state* mstate = (struct mesh_state*) arg; 2395 struct module_qstate* qstate = &mstate->s; 2396 struct mesh_reply* r; 2397 struct mesh_area* mesh = qstate->env->mesh; 2398 struct dns_msg* msg; 2399 struct mesh_cb* c; 2400 struct mesh_reply* prev = NULL; 2401 struct sldns_buffer* prev_buffer = NULL; 2402 struct sldns_buffer* r_buffer = NULL; 2403 struct reply_info* partial_rep = NULL; 2404 struct ub_packed_rrset_key* alias_rrset = NULL; 2405 struct reply_info* encode_rep = NULL; 2406 struct respip_action_info actinfo; 2407 struct query_info* lookup_qinfo = &qstate->qinfo; 2408 struct query_info qinfo_tmp; 2409 struct timeval tv = {0, 0}; 2410 int must_validate = (!(qstate->query_flags&BIT_CD) 2411 || qstate->env->cfg->ignore_cd) && qstate->env->need_to_validate; 2412 int i = 0, for_count; 2413 int is_expired; 2414 if(!qstate->serve_expired_data) return; 2415 verbose(VERB_ALGO, "Serve expired: Trying to reply with expired data"); 2416 comm_timer_delete(qstate->serve_expired_data->timer); 2417 qstate->serve_expired_data->timer = NULL; 2418 /* If is_drop or no_cache_lookup (modules that handle their own cache e.g., 2419 * subnetmod) ignore stale data from the main cache. */ 2420 if(qstate->no_cache_lookup || qstate->is_drop) { 2421 verbose(VERB_ALGO, 2422 "Serve expired: Not allowed to look into cache for stale"); 2423 return; 2424 } 2425 /* The following for is used instead of the `goto lookup_cache` 2426 * like in the worker. This loop should get max 2 passes if we need to 2427 * do any aliasing. */ 2428 for(for_count = 0; for_count < 2; for_count++) { 2429 fptr_ok(fptr_whitelist_serve_expired_lookup( 2430 qstate->serve_expired_data->get_cached_answer)); 2431 msg = (*qstate->serve_expired_data->get_cached_answer)(qstate, 2432 lookup_qinfo, &is_expired); 2433 if(!msg || (FLAGS_GET_RCODE(msg->rep->flags) != LDNS_RCODE_NOERROR 2434 && FLAGS_GET_RCODE(msg->rep->flags) != LDNS_RCODE_NXDOMAIN 2435 && FLAGS_GET_RCODE(msg->rep->flags) != LDNS_RCODE_YXDOMAIN)) { 2436 /* We don't care for cached failure answers at this 2437 * stage. */ 2438 return; 2439 } 2440 /* Reset these in case we pass a second time from here. */ 2441 encode_rep = msg->rep; 2442 memset(&actinfo, 0, sizeof(actinfo)); 2443 actinfo.action = respip_none; 2444 alias_rrset = NULL; 2445 if((mesh->use_response_ip || mesh->use_rpz) && 2446 !partial_rep && !apply_respip_action(qstate, &qstate->qinfo, 2447 qstate->client_info, &actinfo, msg->rep, &alias_rrset, &encode_rep, 2448 qstate->env->auth_zones)) { 2449 return; 2450 } else if(partial_rep && 2451 !respip_merge_cname(partial_rep, &qstate->qinfo, msg->rep, 2452 qstate->client_info, must_validate, &encode_rep, qstate->region, 2453 qstate->env->auth_zones, qstate->env->views, 2454 qstate->env->respip_set)) { 2455 return; 2456 } 2457 if(!encode_rep || alias_rrset) { 2458 if(!encode_rep) { 2459 /* Needs drop */ 2460 return; 2461 } else { 2462 /* A partial CNAME chain is found. */ 2463 partial_rep = encode_rep; 2464 } 2465 } 2466 /* We've found a partial reply ending with an 2467 * alias. Replace the lookup qinfo for the 2468 * alias target and lookup the cache again to 2469 * (possibly) complete the reply. As we're 2470 * passing the "base" reply, there will be no 2471 * more alias chasing. */ 2472 if(partial_rep) { 2473 memset(&qinfo_tmp, 0, sizeof(qinfo_tmp)); 2474 get_cname_target(alias_rrset, &qinfo_tmp.qname, 2475 &qinfo_tmp.qname_len); 2476 if(!qinfo_tmp.qname) { 2477 log_err("Serve expired: unexpected: invalid answer alias"); 2478 return; 2479 } 2480 qinfo_tmp.qtype = qstate->qinfo.qtype; 2481 qinfo_tmp.qclass = qstate->qinfo.qclass; 2482 lookup_qinfo = &qinfo_tmp; 2483 continue; 2484 } 2485 break; 2486 } 2487 2488 if(verbosity >= VERB_ALGO) 2489 log_dns_msg("Serve expired lookup", &qstate->qinfo, msg->rep); 2490 2491 for(r = mstate->reply_list; r; r = r->next) { 2492 struct timeval old; 2493 timeval_subtract(&old, mstate->s.env->now_tv, &r->start_time); 2494 if(mstate->s.env->cfg->discard_timeout != 0 && 2495 ((int)old.tv_sec)*1000+((int)old.tv_usec)/1000 > 2496 mstate->s.env->cfg->discard_timeout) { 2497 /* Drop the reply, it is too old */ 2498 /* briefly set the reply_list to NULL, so that the 2499 * tcp req info cleanup routine that calls the mesh 2500 * to deregister the meshstate for it is not done 2501 * because the list is NULL and also accounting is not 2502 * done there, but instead we do that here. */ 2503 struct mesh_reply* reply_list = mstate->reply_list; 2504 verbose(VERB_ALGO, "drop reply, it is older than discard-timeout"); 2505 infra_wait_limit_dec(mstate->s.env->infra_cache, 2506 &r->query_reply, mstate->s.env->cfg); 2507 mstate->reply_list = NULL; 2508 if(r->query_reply.c->use_h2) 2509 http2_stream_remove_mesh_state(r->h2_stream); 2510 comm_point_drop_reply(&r->query_reply); 2511 mstate->reply_list = reply_list; 2512 mstate->s.env->mesh->num_queries_discard_timeout++; 2513 continue; 2514 } 2515 2516 i++; 2517 tv = r->start_time; 2518 2519 /* If address info is returned, it means the action should be an 2520 * 'inform' variant and the information should be logged. */ 2521 if(actinfo.addrinfo) { 2522 respip_inform_print(&actinfo, r->qname, 2523 qstate->qinfo.qtype, qstate->qinfo.qclass, 2524 r->local_alias, &r->query_reply.client_addr, 2525 r->query_reply.client_addrlen); 2526 } 2527 2528 /* Add EDE Stale Answer (RCF8914). Ignore global ede as this is 2529 * warning instead of an error */ 2530 if(r->edns.edns_present && 2531 qstate->env->cfg->ede_serve_expired && 2532 qstate->env->cfg->ede && 2533 is_expired) { 2534 edns_opt_list_append_ede(&r->edns.opt_list_out, 2535 mstate->s.region, LDNS_EDE_STALE_ANSWER, NULL); 2536 } 2537 2538 r_buffer = r->query_reply.c->buffer; 2539 if(r->query_reply.c->tcp_req_info) 2540 r_buffer = r->query_reply.c->tcp_req_info->spool_buffer; 2541 mesh_send_reply(mstate, LDNS_RCODE_NOERROR, msg->rep, 2542 r, r_buffer, prev, prev_buffer); 2543 if(r->query_reply.c->tcp_req_info) 2544 tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); 2545 /* mesh_send_reply removed mesh state from http2_stream. */ 2546 infra_wait_limit_dec(mstate->s.env->infra_cache, 2547 &r->query_reply, mstate->s.env->cfg); 2548 prev = r; 2549 prev_buffer = r_buffer; 2550 } 2551 /* Account for each reply sent. */ 2552 if(i > 0) { 2553 mesh->ans_expired += i; 2554 if(actinfo.addrinfo && qstate->env->cfg->stat_extended && 2555 actinfo.rpz_used) { 2556 if(actinfo.rpz_disabled) 2557 qstate->env->mesh->rpz_action[RPZ_DISABLED_ACTION] += i; 2558 if(actinfo.rpz_cname_override) 2559 qstate->env->mesh->rpz_action[RPZ_CNAME_OVERRIDE_ACTION] += i; 2560 else 2561 qstate->env->mesh->rpz_action[ 2562 respip_action_to_rpz_action(actinfo.action)] += i; 2563 } 2564 } 2565 2566 /* Mesh area accounting */ 2567 if(mstate->reply_list) { 2568 mstate->reply_list = NULL; 2569 if(!mstate->reply_list && !mstate->cb_list) { 2570 log_assert(mesh->num_reply_states > 0); 2571 mesh->num_reply_states--; 2572 if(mstate->super_set.count == 0) { 2573 mesh->num_detached_states++; 2574 } 2575 } 2576 } 2577 2578 while((c = mstate->cb_list) != NULL) { 2579 /* take this cb off the list; so that the list can be 2580 * changed, eg. by adds from the callback routine */ 2581 if(!mstate->reply_list && mstate->cb_list && !c->next) { 2582 /* was a reply state, not anymore */ 2583 log_assert(qstate->env->mesh->num_reply_states > 0); 2584 qstate->env->mesh->num_reply_states--; 2585 } 2586 mstate->cb_list = c->next; 2587 if(!mstate->reply_list && !mstate->cb_list && 2588 mstate->super_set.count == 0) 2589 qstate->env->mesh->num_detached_states++; 2590 mesh_do_callback(mstate, LDNS_RCODE_NOERROR, msg->rep, c, &tv); 2591 } 2592 } 2593 2594 void 2595 mesh_respond_serve_expired(struct mesh_state* mstate) 2596 { 2597 if(!mstate->s.serve_expired_data) 2598 mesh_serve_expired_init(mstate, -1); 2599 mesh_serve_expired_callback(mstate); 2600 } 2601 2602 int mesh_jostle_exceeded(struct mesh_area* mesh) 2603 { 2604 if(mesh->all.count < mesh->max_reply_states) 2605 return 0; 2606 return 1; 2607 } 2608 2609 void mesh_remove_callback(struct mesh_area* mesh, struct query_info* qinfo, 2610 uint16_t qflags, mesh_cb_func_type cb, void* cb_arg) 2611 { 2612 struct mesh_state* s = NULL; 2613 s = mesh_area_find(mesh, NULL, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); 2614 if(!s) return; 2615 if(!mesh_state_del_cb(s, cb, cb_arg)) return; 2616 2617 /* It was in the list and removed. */ 2618 log_assert(mesh->num_reply_addrs > 0); 2619 mesh->num_reply_addrs--; 2620 if(!s->reply_list && !s->cb_list) { 2621 /* was a reply state, not anymore */ 2622 log_assert(mesh->num_reply_states > 0); 2623 mesh->num_reply_states--; 2624 } 2625 if(!s->reply_list && !s->cb_list && 2626 s->super_set.count == 0) { 2627 mesh->num_detached_states++; 2628 } 2629 } 2630