1 /* 2 * daemon/daemon.h - collection of workers that handles requests. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * The daemon consists of global settings and a number of workers. 40 */ 41 42 #ifndef DAEMON_H 43 #define DAEMON_H 44 45 #include "util/locks.h" 46 #include "util/alloc.h" 47 #include "services/modstack.h" 48 struct config_file; 49 struct worker; 50 struct listen_port; 51 struct slabhash; 52 struct module_env; 53 struct rrset_cache; 54 struct acl_list; 55 struct local_zones; 56 struct views; 57 struct ub_randstate; 58 struct daemon_remote; 59 struct respip_set; 60 struct shm_main_info; 61 struct doq_table; 62 struct cookie_secrets; 63 struct fast_reload_thread; 64 struct fast_reload_printq; 65 66 #include "dnstap/dnstap_config.h" 67 #ifdef USE_DNSTAP 68 struct dt_env; 69 #endif 70 71 #include "dnscrypt/dnscrypt_config.h" 72 #ifdef USE_DNSCRYPT 73 struct dnsc_env; 74 #endif 75 76 /** 77 * Structure holding worker list. 78 * Holds globally visible information. 79 */ 80 struct daemon { 81 /** The config settings */ 82 struct config_file* cfg; 83 /** the chroot dir in use, NULL if none */ 84 char* chroot; 85 /** pidfile that is used */ 86 char* pidfile; 87 /** port number that has ports opened. */ 88 int listening_port; 89 /** array of listening ports, opened. Listening ports per worker, 90 * or just one element[0] shared by the worker threads. */ 91 struct listen_port** ports; 92 /** size of ports array */ 93 size_t num_ports; 94 /** reuseport is enabled if true */ 95 int reuseport; 96 /** port number for remote that has ports opened. */ 97 int rc_port; 98 /** listening ports for remote control */ 99 struct listen_port* rc_ports; 100 /** remote control connections management (for first worker) */ 101 struct daemon_remote* rc; 102 /** ssl context for listening to dnstcp over ssl */ 103 void* listen_dot_sslctx; 104 /** ssl context for connecting to dnstcp over ssl */ 105 void* connect_dot_sslctx; 106 /** ssl context for listening to DoH */ 107 void* listen_doh_sslctx; 108 /** ssl context for listening to quic */ 109 void* listen_quic_sslctx; 110 /** the file name that the ssl context is made with, private key. */ 111 char* ssl_service_key; 112 /** the file name that the ssl context is made with, certificate. */ 113 char* ssl_service_pem; 114 /** modification time for ssl_service_key, in sec and ns. Like 115 * in a struct timespec, but without that for portability. */ 116 time_t mtime_ssl_service_key; 117 long mtime_ns_ssl_service_key; 118 /** modification time for ssl_service_pem, in sec and ns. Like 119 * in a struct timespec, but without that for portability. */ 120 time_t mtime_ssl_service_pem; 121 long mtime_ns_ssl_service_pem; 122 /** num threads allocated */ 123 int num; 124 /** num threads allocated in the previous config or 0 at first */ 125 int old_num; 126 /** the worker entries */ 127 struct worker** workers; 128 /** per-worker allocation cache */ 129 struct alloc_cache **worker_allocs; 130 /** do we need to exit unbound (or is it only a reload?) */ 131 int need_to_exit; 132 /** master random table ; used for port div between threads on reload*/ 133 struct ub_randstate* rand; 134 /** master allocation cache */ 135 struct alloc_cache superalloc; 136 /** the module environment master value, copied and changed by threads*/ 137 struct module_env* env; 138 /** stack of module callbacks */ 139 struct module_stack mods; 140 /** The module stack has been inited */ 141 int mods_inited; 142 /** access control, which client IPs are allowed to connect */ 143 struct acl_list* acl; 144 /** access control, which interfaces are allowed to connect */ 145 struct acl_list* acl_interface; 146 /** TCP connection limit, limit connections from client IPs */ 147 struct tcl_list* tcl; 148 /** local authority zones */ 149 struct local_zones* local_zones; 150 /** last time of statistics printout */ 151 struct timeval time_last_stat; 152 /** time when daemon started */ 153 struct timeval time_boot; 154 #ifdef USE_DNSTAP 155 /** the dnstap environment master value, copied and changed by threads*/ 156 struct dt_env* dtenv; 157 #endif 158 /** The SHM info for shared memory stats. */ 159 struct shm_main_info* shm_info; 160 /** if the timeout for statistics is attempted at specific offset. 161 * If it is true, the stat timeout is the interval+offset, and that 162 * picks (roughly) the same time offset every time period. */ 163 int stat_time_specific; 164 /** if the timeout is specific, what offset in the period. */ 165 int stat_time_offset; 166 /** some response-ip tags or actions are configured if true */ 167 int use_response_ip; 168 /** some RPZ policies are configured */ 169 int use_rpz; 170 #ifdef USE_DNSCRYPT 171 /** the dnscrypt environment */ 172 struct dnsc_env* dnscenv; 173 #endif 174 /** the doq connection table */ 175 struct doq_table* doq_table; 176 /** reuse existing cache on reload if other conditions allow it. */ 177 int reuse_cache; 178 /** the EDNS cookie secrets from the cookie-secret-file */ 179 struct cookie_secrets* cookie_secrets; 180 /** the fast reload thread, or NULL */ 181 struct fast_reload_thread* fast_reload_thread; 182 /** the fast reload printq list */ 183 struct fast_reload_printq* fast_reload_printq_list; 184 /** the fast reload option to drop mesh queries, true if so. */ 185 int fast_reload_drop_mesh; 186 /** for fast reload, if the tcl, tcp connection limits, has 187 * changes for workers */ 188 int fast_reload_tcl_has_changes; 189 /** config file name */ 190 char* cfgfile; 191 }; 192 193 /** 194 * Initialize daemon structure. 195 * @return: The daemon structure, or NULL on error. 196 */ 197 struct daemon* daemon_init(void); 198 199 /** 200 * Open shared listening ports (if needed). 201 * The cfg member pointer must have been set for the daemon. 202 * @param daemon: the daemon. 203 * @return: false on error. 204 */ 205 int daemon_open_shared_ports(struct daemon* daemon); 206 207 /** 208 * Do daemon setup that needs privileges 209 * like opening privileged ports or opening device files. 210 * The cfg member pointer must have been set for the daemon. 211 * @param daemon: the daemon. 212 * @return: false on error. 213 */ 214 int daemon_privileged(struct daemon* daemon); 215 216 /** 217 * Fork workers and start service. 218 * When the routine exits, it is no longer forked. 219 * @param daemon: the daemon. 220 */ 221 void daemon_fork(struct daemon* daemon); 222 223 /** 224 * Close off the worker thread information. 225 * Bring the daemon back into state ready for daemon_fork again. 226 * @param daemon: the daemon. 227 */ 228 void daemon_cleanup(struct daemon* daemon); 229 230 /** 231 * Delete workers, close listening ports. 232 * @param daemon: the daemon. 233 */ 234 void daemon_delete(struct daemon* daemon); 235 236 /** 237 * Apply config settings. 238 * @param daemon: the daemon. 239 * @param cfg: new config settings. 240 */ 241 void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg); 242 243 /** 244 * Setup acl list to have entries for the port list. 245 * @param list: the acl interface 246 * @param port_list: list of open ports, or none. 247 * @return false on failure 248 */ 249 int setup_acl_for_ports(struct acl_list* list, struct listen_port* port_list); 250 251 /* setups the needed ssl contexts, fatal_exit() on any failure */ 252 void daemon_setup_sslctxs(struct daemon* daemon, struct config_file* cfg); 253 254 /** See if the SSL cert files have changed */ 255 int ssl_cert_changed(struct daemon* daemon, struct config_file* cfg); 256 257 /** Setup the listening DoT SSL_CTX, returns the ssl ctx. */ 258 void* daemon_setup_listen_dot_sslctx(struct daemon* daemon, 259 struct config_file* cfg); 260 261 /** Setup the listening DoH SSL_CTX, returns the ssl ctx. */ 262 void* daemon_setup_listen_doh_sslctx(struct daemon* daemon, 263 struct config_file* cfg); 264 265 /** Setup the listening Quic SSL_CTX, returns the ssl ctx */ 266 void* daemon_setup_listen_quic_sslctx(struct daemon* daemon, 267 struct config_file* cfg); 268 269 /** Setup the connect DoT SSL_CTX, returns the ssl ctx */ 270 void* daemon_setup_connect_dot_sslctx(struct daemon* daemon, 271 struct config_file* cfg); 272 273 #endif /* DAEMON_H */ 274