1 /* 2 * dnstap/unbound-dnstap-socket.c - debug program that listens for DNSTAP logs. 3 * 4 * Copyright (c) 2020, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This program listens on a DNSTAP socket for logged messages. 40 */ 41 #include "config.h" 42 #ifdef HAVE_GETOPT_H 43 #include <getopt.h> 44 #endif 45 #include <signal.h> 46 #include <stdlib.h> 47 #include <unistd.h> 48 #include <signal.h> 49 #include <ctype.h> 50 #ifdef HAVE_SYS_UN_H 51 #include <sys/un.h> 52 #endif 53 #include <openssl/ssl.h> 54 #include <openssl/rand.h> 55 #include <openssl/err.h> 56 #include "dnstap/dtstream.h" 57 #include "dnstap/dnstap_fstrm.h" 58 #include "util/log.h" 59 #include "util/ub_event.h" 60 #include "util/net_help.h" 61 #include "services/listen_dnsport.h" 62 #include "sldns/sbuffer.h" 63 #include "sldns/wire2str.h" 64 #include "sldns/pkthdr.h" 65 #ifdef USE_DNSTAP 66 #include <protobuf-c/protobuf-c.h> 67 #include "dnstap/dnstap.pb-c.h" 68 #endif /* USE_DNSTAP */ 69 #include "util/config_file.h" 70 71 /** listen backlog on TCP connections for dnstap logs */ 72 #define LISTEN_BACKLOG 16 73 74 /** usage information for streamtcp */ 75 static void usage(char* argv[]) 76 { 77 printf("usage: %s [options]\n", argv[0]); 78 printf(" Listen to dnstap messages\n"); 79 printf("stdout has dnstap log, stderr has verbose server log\n"); 80 printf("-u <socketpath> listen to unix socket with this file name\n"); 81 printf("-s <serverip[@port]> listen for TCP on the IP and port\n"); 82 printf("-t <serverip[@port]> listen for TLS on IP and port\n"); 83 printf("-x <server.key> server key file for TLS service\n"); 84 printf("-y <server.pem> server cert file for TLS service\n"); 85 printf("-z <verify.pem> cert file to verify client connections\n"); 86 printf("-l long format for DNS printout\n"); 87 printf("-v more verbose log output\n"); 88 printf("-c internal unit test and exit\n"); 89 printf("-h this help text\n"); 90 exit(1); 91 } 92 93 /** long format option, for multiline printout per message */ 94 static int longformat = 0; 95 96 struct tap_socket_list; 97 struct tap_socket; 98 /** main tap callback data */ 99 struct main_tap_data { 100 /** the event base (to loopexit) */ 101 struct ub_event_base* base; 102 /** the list of accept sockets */ 103 struct tap_socket_list* acceptlist; 104 }; 105 106 /* list of data */ 107 struct tap_data_list { 108 /** next in list */ 109 struct tap_data_list* next; 110 /** the data */ 111 struct tap_data* d; 112 }; 113 114 /** tap callback variables */ 115 struct tap_data { 116 /** the fd */ 117 int fd; 118 /** the ub event */ 119 struct ub_event* ev; 120 /** the SSL for TLS streams */ 121 SSL* ssl; 122 /** is the ssl handshake done */ 123 int ssl_handshake_done; 124 /** we are briefly waiting to write (in the struct event) */ 125 int ssl_brief_write; 126 /** string that identifies the socket (or NULL), like IP address */ 127 char* id; 128 /** have we read the length, and how many bytes of it */ 129 int len_done; 130 /** have we read the data, and how many bytes of it */ 131 size_t data_done; 132 /** are we reading a control frame */ 133 int control_frame; 134 /** are we bi-directional (if false, uni-directional) */ 135 int is_bidirectional; 136 /** data of the frame */ 137 uint8_t* frame; 138 /** length of this frame */ 139 size_t len; 140 /** back pointer to the tap_data_list entry; 141 * used to NULL the forward pointer to this data 142 * when this data is freed. */ 143 struct tap_data_list* data_list; 144 }; 145 146 /** list of sockets */ 147 struct tap_socket_list { 148 /** next in list */ 149 struct tap_socket_list* next; 150 /** the socket */ 151 struct tap_socket* s; 152 }; 153 154 /** tap socket */ 155 struct tap_socket { 156 /** fd of socket */ 157 int fd; 158 /** the event for it */ 159 struct ub_event *ev; 160 /** has the event been added */ 161 int ev_added; 162 /** the callback, for the event, ev_cb(fd, bits, arg) */ 163 void (*ev_cb)(int, short, void*); 164 /** data element, (arg for the tap_socket struct) */ 165 void* data; 166 /** socketpath, if this is an AF_LOCAL socket */ 167 char* socketpath; 168 /** IP, if this is a TCP socket */ 169 char* ip; 170 /** for a TLS socket, the tls context */ 171 SSL_CTX* sslctx; 172 /** dumb way to deal with memory leaks: 173 * tap_data was only freed on errors and not during exit leading to 174 * false positives when testing for memory leaks. */ 175 struct tap_data_list* data_list; 176 }; 177 178 /** try to delete tail entries from the list if all of them have no data */ 179 static void tap_data_list_try_to_free_tail(struct tap_data_list* list) 180 { 181 struct tap_data_list* current = list; 182 log_assert(!list->d); 183 if(!list->next) /* we are the last, we can't remove ourselves */ 184 return; 185 list = list->next; 186 while(list) { 187 if(list->d) /* a tail entry still has data; return */ 188 return; 189 list = list->next; 190 } 191 /* keep the next */ 192 list = current->next; 193 /* the tail will be removed; but not ourselves */ 194 current->next = NULL; 195 while(list) { 196 current = list; 197 list = list->next; 198 free(current); 199 } 200 } 201 202 /** delete the tap structure */ 203 static void tap_data_free(struct tap_data* data, int free_tail) 204 { 205 if(!data) 206 return; 207 if(data->ev) { 208 ub_event_del(data->ev); 209 ub_event_free(data->ev); 210 } 211 #ifdef HAVE_SSL 212 SSL_free(data->ssl); 213 #endif 214 sock_close(data->fd); 215 free(data->id); 216 free(data->frame); 217 if(data->data_list) { 218 data->data_list->d = NULL; 219 if(free_tail) 220 tap_data_list_try_to_free_tail(data->data_list); 221 } 222 free(data); 223 } 224 225 /** insert tap_data in the tap_data_list */ 226 static int tap_data_list_insert(struct tap_data_list** liststart, 227 struct tap_data* d) 228 { 229 struct tap_data_list* entry = (struct tap_data_list*) 230 malloc(sizeof(*entry)); 231 if(!entry) 232 return 0; 233 entry->next = *liststart; 234 entry->d = d; 235 d->data_list = entry; 236 *liststart = entry; 237 return 1; 238 } 239 240 /** delete the tap_data_list and free any remaining tap_data */ 241 static void tap_data_list_delete(struct tap_data_list* list) 242 { 243 struct tap_data_list* e = list, *next; 244 while(e) { 245 next = e->next; 246 if(e->d) { 247 tap_data_free(e->d, 0); 248 e->d = NULL; 249 } 250 free(e); 251 e = next; 252 } 253 } 254 255 /** del the tap event */ 256 static void tap_socket_delev(struct tap_socket* s) 257 { 258 if(!s) return; 259 if(!s->ev) return; 260 if(!s->ev_added) return; 261 ub_event_del(s->ev); 262 s->ev_added = 0; 263 } 264 265 /** close the tap socket */ 266 static void tap_socket_close(struct tap_socket* s) 267 { 268 if(!s) return; 269 if(s->fd == -1) return; 270 sock_close(s->fd); 271 s->fd = -1; 272 } 273 274 /** delete tap socket */ 275 static void tap_socket_delete(struct tap_socket* s) 276 { 277 if(!s) return; 278 #ifdef HAVE_SSL 279 SSL_CTX_free(s->sslctx); 280 #endif 281 tap_data_list_delete(s->data_list); 282 ub_event_free(s->ev); 283 free(s->socketpath); 284 free(s->ip); 285 free(s); 286 } 287 288 /** create new socket (unconnected, not base-added), or NULL malloc fail */ 289 static struct tap_socket* tap_socket_new_local(char* socketpath, 290 void (*ev_cb)(int, short, void*), void* data) 291 { 292 struct tap_socket* s = calloc(1, sizeof(*s)); 293 if(!s) { 294 log_err("malloc failure"); 295 return NULL; 296 } 297 s->socketpath = strdup(socketpath); 298 if(!s->socketpath) { 299 free(s); 300 log_err("malloc failure"); 301 return NULL; 302 } 303 s->fd = -1; 304 s->ev_cb = ev_cb; 305 s->data = data; 306 return s; 307 } 308 309 /** create new socket (unconnected, not base-added), or NULL malloc fail */ 310 static struct tap_socket* tap_socket_new_tcpaccept(char* ip, 311 void (*ev_cb)(int, short, void*), void* data) 312 { 313 struct tap_socket* s = calloc(1, sizeof(*s)); 314 if(!s) { 315 log_err("malloc failure"); 316 return NULL; 317 } 318 s->ip = strdup(ip); 319 if(!s->ip) { 320 free(s); 321 log_err("malloc failure"); 322 return NULL; 323 } 324 s->fd = -1; 325 s->ev_cb = ev_cb; 326 s->data = data; 327 return s; 328 } 329 330 /** create new socket (unconnected, not base-added), or NULL malloc fail */ 331 static struct tap_socket* tap_socket_new_tlsaccept(char* ip, 332 void (*ev_cb)(int, short, void*), void* data, char* server_key, 333 char* server_cert, char* verifypem) 334 { 335 struct tap_socket* s = calloc(1, sizeof(*s)); 336 if(!s) { 337 log_err("malloc failure"); 338 return NULL; 339 } 340 s->ip = strdup(ip); 341 if(!s->ip) { 342 free(s); 343 log_err("malloc failure"); 344 return NULL; 345 } 346 s->fd = -1; 347 s->ev_cb = ev_cb; 348 s->data = data; 349 s->sslctx = listen_sslctx_create(server_key, server_cert, verifypem, 350 NULL, NULL, 0, 0, 0); 351 if(!s->sslctx) { 352 log_err("could not create ssl context"); 353 free(s->ip); 354 free(s); 355 return NULL; 356 } 357 return s; 358 } 359 360 /** setup tcp accept socket on IP string */ 361 static int make_tcp_accept(char* ip) 362 { 363 #ifdef SO_REUSEADDR 364 int on = 1; 365 #endif 366 struct sockaddr_storage addr; 367 socklen_t len; 368 int s; 369 370 memset(&addr, 0, sizeof(addr)); 371 len = (socklen_t)sizeof(addr); 372 if(!extstrtoaddr(ip, &addr, &len, UNBOUND_DNS_PORT)) { 373 log_err("could not parse IP '%s'", ip); 374 return -1; 375 } 376 377 if((s = socket(addr.ss_family, SOCK_STREAM, 0)) == -1) { 378 log_err("can't create socket: %s", sock_strerror(errno)); 379 return -1; 380 } 381 #ifdef SO_REUSEADDR 382 if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, 383 (socklen_t)sizeof(on)) < 0) { 384 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", 385 sock_strerror(errno)); 386 sock_close(s); 387 return -1; 388 } 389 #endif /* SO_REUSEADDR */ 390 if(bind(s, (struct sockaddr*)&addr, len) != 0) { 391 log_err_addr("can't bind socket", sock_strerror(errno), 392 &addr, len); 393 sock_close(s); 394 return -1; 395 } 396 if(!fd_set_nonblock(s)) { 397 sock_close(s); 398 return -1; 399 } 400 if(listen(s, LISTEN_BACKLOG) == -1) { 401 log_err("can't listen: %s", sock_strerror(errno)); 402 sock_close(s); 403 return -1; 404 } 405 return s; 406 } 407 408 /** setup socket on event base */ 409 static int tap_socket_setup(struct tap_socket* s, struct ub_event_base* base) 410 { 411 if(s->socketpath) { 412 /* AF_LOCAL accept socket */ 413 s->fd = create_local_accept_sock(s->socketpath, NULL, 0); 414 if(s->fd == -1) { 415 log_err("could not create local socket"); 416 return 0; 417 } 418 } else if(s->ip || s->sslctx) { 419 /* TCP accept socket */ 420 s->fd = make_tcp_accept(s->ip); 421 if(s->fd == -1) { 422 log_err("could not create tcp socket"); 423 return 0; 424 } 425 } 426 s->ev = ub_event_new(base, s->fd, UB_EV_READ | UB_EV_PERSIST, 427 s->ev_cb, s); 428 if(!s->ev) { 429 log_err("could not ub_event_new"); 430 return 0; 431 } 432 if(ub_event_add(s->ev, NULL) != 0) { 433 log_err("could not ub_event_add"); 434 return 0; 435 } 436 s->ev_added = 1; 437 return 1; 438 } 439 440 /** add tap socket to list */ 441 static int tap_socket_list_insert(struct tap_socket_list** liststart, 442 struct tap_socket* s) 443 { 444 struct tap_socket_list* entry = (struct tap_socket_list*) 445 malloc(sizeof(*entry)); 446 if(!entry) 447 return 0; 448 entry->next = *liststart; 449 entry->s = s; 450 *liststart = entry; 451 return 1; 452 } 453 454 /** delete the list */ 455 static void tap_socket_list_delete(struct tap_socket_list* list) 456 { 457 struct tap_socket_list* e = list, *next; 458 while(e) { 459 next = e->next; 460 tap_socket_delev(e->s); 461 tap_socket_close(e->s); 462 tap_socket_delete(e->s); 463 free(e); 464 e = next; 465 } 466 } 467 468 /** setup accept events */ 469 static int tap_socket_list_addevs(struct tap_socket_list* list, 470 struct ub_event_base* base) 471 { 472 struct tap_socket_list* entry; 473 for(entry = list; entry; entry = entry->next) { 474 if(!tap_socket_setup(entry->s, base)) { 475 log_err("could not setup socket"); 476 return 0; 477 } 478 } 479 return 1; 480 } 481 482 #ifdef USE_DNSTAP 483 /** log control frame contents */ 484 static void log_control_frame(uint8_t* pkt, size_t len) 485 { 486 char* desc; 487 if(verbosity == 0) return; 488 desc = fstrm_describe_control(pkt, len); 489 if(!desc) { 490 log_err("out of memory"); 491 return; 492 } 493 log_info("control frame %s", desc); 494 free(desc); 495 } 496 497 /** convert mtype to string */ 498 static const char* mtype_to_str(enum _Dnstap__Message__Type mtype) 499 { 500 switch(mtype) { 501 case DNSTAP__MESSAGE__TYPE__AUTH_QUERY: 502 return "AUTH_QUERY"; 503 case DNSTAP__MESSAGE__TYPE__AUTH_RESPONSE: 504 return "AUTH_RESPONSE"; 505 case DNSTAP__MESSAGE__TYPE__RESOLVER_QUERY: 506 return "RESOLVER_QUERY"; 507 case DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE: 508 return "RESOLVER_RESPONSE"; 509 case DNSTAP__MESSAGE__TYPE__CLIENT_QUERY: 510 return "CLIENT_QUERY"; 511 case DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE: 512 return "CLIENT_RESPONSE"; 513 case DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY: 514 return "FORWARDER_QUERY"; 515 case DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE: 516 return "FORWARDER_RESPONSE"; 517 case DNSTAP__MESSAGE__TYPE__STUB_QUERY: 518 return "STUB_QUERY"; 519 case DNSTAP__MESSAGE__TYPE__STUB_RESPONSE: 520 return "STUB_RESPONSE"; 521 default: break; 522 } 523 return "unknown_message_type"; 524 } 525 526 /** convert type address to a string ip4 or ip6, malloced or NULL on fail */ 527 static char* str_of_addr(ProtobufCBinaryData address) 528 { 529 char buf[64]; 530 socklen_t len = sizeof(buf); 531 if(address.len == 4) { 532 if(inet_ntop(AF_INET, address.data, buf, len)!=0) 533 return strdup(buf); 534 } else if(address.len == 16) { 535 if(inet_ntop(AF_INET6, address.data, buf, len)!=0) 536 return strdup(buf); 537 } 538 return NULL; 539 } 540 541 /** convert message buffer (of dns bytes) to the first qname, type, class, 542 * malloced or NULL on fail */ 543 static char* q_of_msg(ProtobufCBinaryData message) 544 { 545 char buf[300]; 546 /* header, name, type, class minimum to get the query tuple */ 547 if(message.len < 12 + 1 + 4 + 4) return NULL; 548 if(LDNS_QDCOUNT(message.data) < 1) return NULL; 549 if(sldns_wire2str_rrquestion_buf(message.data+12, message.len-12, 550 buf, sizeof(buf)) != 0) { 551 /* remove trailing newline, tabs to spaces */ 552 /* remove the newline: */ 553 if(buf[0] != 0) buf[strlen(buf)-1]=0; 554 /* remove first tab (before type) */ 555 if(strrchr(buf, '\t')) *strrchr(buf, '\t')=' '; 556 /* remove second tab (before class) */ 557 if(strrchr(buf, '\t')) *strrchr(buf, '\t')=' '; 558 return strdup(buf); 559 } 560 return NULL; 561 } 562 563 /** convert possible string or hex data to string. malloced or NULL */ 564 static char* possible_str(ProtobufCBinaryData str) 565 { 566 int is_str = 1; 567 size_t i; 568 for(i=0; i<str.len; i++) { 569 if(!isprint((unsigned char)str.data[i])) 570 is_str = 0; 571 } 572 if(is_str) { 573 char* res = malloc(str.len+1); 574 if(res) { 575 memmove(res, str.data, str.len); 576 res[str.len] = 0; 577 return res; 578 } 579 } else { 580 const char* hex = "0123456789ABCDEF"; 581 char* res = malloc(str.len*2+1); 582 if(res) { 583 for(i=0; i<str.len; i++) { 584 res[i*2] = hex[(str.data[i]&0xf0)>>4]; 585 res[i*2+1] = hex[str.data[i]&0x0f]; 586 } 587 res[str.len*2] = 0; 588 return res; 589 } 590 } 591 return NULL; 592 } 593 594 /** convert timeval to string, malloced or NULL */ 595 static char* tv_to_str(protobuf_c_boolean has_time_sec, uint64_t time_sec, 596 protobuf_c_boolean has_time_nsec, uint32_t time_nsec) 597 { 598 char buf[64], buf2[256]; 599 struct timeval tv; 600 time_t time_t_sec; 601 memset(&tv, 0, sizeof(tv)); 602 if(has_time_sec) tv.tv_sec = time_sec; 603 if(has_time_nsec) tv.tv_usec = time_nsec/1000; 604 605 buf[0]=0; 606 time_t_sec = tv.tv_sec; 607 (void)ctime_r(&time_t_sec, buf); 608 snprintf(buf2, sizeof(buf2), "%u.%9.9u %s", 609 (unsigned)time_sec, (unsigned)time_nsec, buf); 610 return strdup(buf2); 611 } 612 613 /** log data frame contents */ 614 static void log_data_frame(uint8_t* pkt, size_t len) 615 { 616 Dnstap__Dnstap* d = dnstap__dnstap__unpack(NULL, len, pkt); 617 const char* mtype = NULL; 618 char* maddr=NULL, *qinf=NULL; 619 if(!d) { 620 log_err("could not unpack"); 621 return; 622 } 623 if(d->base.descriptor != &dnstap__dnstap__descriptor) { 624 log_err("wrong base descriptor"); 625 dnstap__dnstap__free_unpacked(d, NULL); 626 return; 627 } 628 if(d->type != DNSTAP__DNSTAP__TYPE__MESSAGE) { 629 log_err("dnstap type not type_message"); 630 dnstap__dnstap__free_unpacked(d, NULL); 631 return; 632 } 633 if(d->message) { 634 mtype = mtype_to_str(d->message->type); 635 if(d->message->has_query_address) 636 maddr = str_of_addr(d->message->query_address); 637 else if(d->message->has_response_address) 638 maddr = str_of_addr(d->message->response_address); 639 if(d->message->has_query_message) 640 qinf = q_of_msg(d->message->query_message); 641 else if(d->message->has_response_message) 642 qinf = q_of_msg(d->message->response_message); 643 644 } else { 645 mtype = "nomessage"; 646 } 647 648 printf("%s%s%s%s%s\n", mtype, (maddr?" ":""), (maddr?maddr:""), 649 (qinf?" ":""), (qinf?qinf:"")); 650 free(maddr); 651 free(qinf); 652 653 if(longformat) { 654 char* id=NULL, *vs=NULL; 655 if(d->has_identity) { 656 id=possible_str(d->identity); 657 } 658 if(d->has_version) { 659 vs=possible_str(d->version); 660 } 661 if(id || vs) 662 printf("identity: %s%s%s\n", (id?id:""), 663 (id&&vs?" ":""), (vs?vs:"")); 664 free(id); 665 free(vs); 666 667 if(d->message && d->message->has_query_message && 668 d->message->query_message.data) { 669 char* qmsg = sldns_wire2str_pkt( 670 d->message->query_message.data, 671 d->message->query_message.len); 672 if(qmsg) { 673 printf("query_message:\n%s", qmsg); 674 free(qmsg); 675 } 676 } 677 if(d->message && d->message->has_query_time_sec) { 678 char* qtv = tv_to_str(d->message->has_query_time_sec, 679 d->message->query_time_sec, 680 d->message->has_query_time_nsec, 681 d->message->query_time_nsec); 682 if(qtv) { 683 printf("query_time: %s\n", qtv); 684 free(qtv); 685 } 686 } 687 if(d->message && d->message->has_response_message && 688 d->message->response_message.data) { 689 char* rmsg = sldns_wire2str_pkt( 690 d->message->response_message.data, 691 d->message->response_message.len); 692 if(rmsg) { 693 printf("response_message:\n%s", rmsg); 694 free(rmsg); 695 } 696 } 697 if(d->message && d->message->has_response_time_sec) { 698 char* rtv = tv_to_str(d->message->has_response_time_sec, 699 d->message->response_time_sec, 700 d->message->has_response_time_nsec, 701 d->message->response_time_nsec); 702 if(rtv) { 703 printf("response_time: %s\n", rtv); 704 free(rtv); 705 } 706 } 707 } 708 fflush(stdout); 709 dnstap__dnstap__free_unpacked(d, NULL); 710 } 711 #endif /* USE_DNSTAP */ 712 713 /** receive bytes from fd, prints errors if bad, 714 * returns 0: closed/error, -1: continue, >0 number of bytes */ 715 static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf, 716 size_t len) 717 { 718 ssize_t ret = recv(fd, buf, len, MSG_DONTWAIT); 719 if(ret == 0) { 720 /* closed */ 721 if(verbosity) log_info("dnstap client stream closed from %s", 722 (data->id?data->id:"")); 723 return 0; 724 } else if(ret == -1) { 725 /* error */ 726 #ifndef USE_WINSOCK 727 if(errno == EINTR || errno == EAGAIN) 728 return -1; 729 #else /* USE_WINSOCK */ 730 if(WSAGetLastError() == WSAEINPROGRESS) 731 return -1; 732 if(WSAGetLastError() == WSAEWOULDBLOCK) { 733 ub_winsock_tcp_wouldblock(data->ev, UB_EV_READ); 734 return -1; 735 } 736 #endif 737 log_err("could not recv: %s", sock_strerror(errno)); 738 if(verbosity) log_info("dnstap client stream closed from %s", 739 (data->id?data->id:"")); 740 return 0; 741 } 742 return ret; 743 } 744 745 /* define routine for have_ssl only to avoid unused function warning */ 746 #ifdef HAVE_SSL 747 /** set to wait briefly for a write event, for one event call */ 748 static void tap_enable_brief_write(struct tap_data* data) 749 { 750 ub_event_del(data->ev); 751 ub_event_del_bits(data->ev, UB_EV_READ); 752 ub_event_add_bits(data->ev, UB_EV_WRITE); 753 if(ub_event_add(data->ev, NULL) != 0) 754 log_err("could not ub_event_add in tap_enable_brief_write"); 755 data->ssl_brief_write = 1; 756 } 757 #endif /* HAVE_SSL */ 758 759 /* define routine for have_ssl only to avoid unused function warning */ 760 #ifdef HAVE_SSL 761 /** stop the brief wait for a write event. back to reading. */ 762 static void tap_disable_brief_write(struct tap_data* data) 763 { 764 ub_event_del(data->ev); 765 ub_event_del_bits(data->ev, UB_EV_WRITE); 766 ub_event_add_bits(data->ev, UB_EV_READ); 767 if(ub_event_add(data->ev, NULL) != 0) 768 log_err("could not ub_event_add in tap_disable_brief_write"); 769 data->ssl_brief_write = 0; 770 } 771 #endif /* HAVE_SSL */ 772 773 #ifdef HAVE_SSL 774 /** receive bytes over ssl stream, prints errors if bad, 775 * returns 0: closed/error, -1: continue, >0 number of bytes */ 776 static ssize_t ssl_read_bytes(struct tap_data* data, void* buf, size_t len) 777 { 778 int r; 779 ERR_clear_error(); 780 r = SSL_read(data->ssl, buf, len); 781 if(r <= 0) { 782 int want = SSL_get_error(data->ssl, r); 783 if(want == SSL_ERROR_ZERO_RETURN) { 784 /* closed */ 785 if(verbosity) log_info("dnstap client stream closed from %s", 786 (data->id?data->id:"")); 787 return 0; 788 } else if(want == SSL_ERROR_WANT_READ) { 789 /* continue later */ 790 return -1; 791 } else if(want == SSL_ERROR_WANT_WRITE) { 792 /* set to briefly write */ 793 tap_enable_brief_write(data); 794 return -1; 795 } else if(want == SSL_ERROR_SYSCALL) { 796 #ifdef ECONNRESET 797 if(errno == ECONNRESET && verbosity < 2) 798 return 0; /* silence reset by peer */ 799 #endif 800 if(errno != 0) 801 log_err("SSL_read syscall: %s", 802 strerror(errno)); 803 if(verbosity) log_info("dnstap client stream closed from %s", 804 (data->id?data->id:"")); 805 return 0; 806 } 807 log_crypto_err_io("could not SSL_read", want); 808 if(verbosity) log_info("dnstap client stream closed from %s", 809 (data->id?data->id:"")); 810 return 0; 811 } 812 return r; 813 } 814 #endif /* HAVE_SSL */ 815 816 /** receive bytes on the tap connection, prints errors if bad, 817 * returns 0: closed/error, -1: continue, >0 number of bytes */ 818 static ssize_t tap_receive(struct tap_data* data, void* buf, size_t len) 819 { 820 #ifdef HAVE_SSL 821 if(data->ssl) 822 return ssl_read_bytes(data, buf, len); 823 #endif 824 return receive_bytes(data, data->fd, buf, len); 825 } 826 827 /** reply with ACCEPT control frame to bidirectional client, 828 * returns 0 on error */ 829 static int reply_with_accept(struct tap_data* data) 830 { 831 #ifdef USE_DNSTAP 832 /* len includes the escape and framelength */ 833 size_t len = 0; 834 void* acceptframe = fstrm_create_control_frame_accept( 835 DNSTAP_CONTENT_TYPE, &len); 836 if(!acceptframe) { 837 log_err("out of memory"); 838 return 0; 839 } 840 841 fd_set_block(data->fd); 842 if(data->ssl) { 843 #ifdef HAVE_SSL 844 int r; 845 if((r=SSL_write(data->ssl, acceptframe, len)) <= 0) { 846 int r2; 847 if((r2=SSL_get_error(data->ssl, r)) == SSL_ERROR_ZERO_RETURN) 848 log_err("SSL_write, peer closed connection"); 849 else 850 log_crypto_err_io("could not SSL_write", r2); 851 fd_set_nonblock(data->fd); 852 free(acceptframe); 853 return 0; 854 } 855 #endif 856 } else { 857 if(send(data->fd, acceptframe, len, 0) == -1) { 858 log_err("send failed: %s", sock_strerror(errno)); 859 fd_set_nonblock(data->fd); 860 free(acceptframe); 861 return 0; 862 } 863 } 864 if(verbosity) log_info("sent control frame(accept) content-type:(%s)", 865 DNSTAP_CONTENT_TYPE); 866 867 fd_set_nonblock(data->fd); 868 free(acceptframe); 869 return 1; 870 #else 871 log_err("no dnstap compiled, no reply"); 872 (void)data; 873 return 0; 874 #endif 875 } 876 877 /** reply with FINISH control frame to bidirectional client, 878 * returns 0 on error */ 879 static int reply_with_finish(struct tap_data* data) 880 { 881 #ifdef USE_DNSTAP 882 size_t len = 0; 883 void* finishframe = fstrm_create_control_frame_finish(&len); 884 if(!finishframe) { 885 log_err("out of memory"); 886 return 0; 887 } 888 889 fd_set_block(data->fd); 890 if(data->ssl) { 891 #ifdef HAVE_SSL 892 int r; 893 if((r=SSL_write(data->ssl, finishframe, len)) <= 0) { 894 int r2; 895 if((r2=SSL_get_error(data->ssl, r)) == SSL_ERROR_ZERO_RETURN) 896 log_err("SSL_write, peer closed connection"); 897 else 898 log_crypto_err_io("could not SSL_write", r2); 899 fd_set_nonblock(data->fd); 900 free(finishframe); 901 return 0; 902 } 903 #endif 904 } else { 905 if(send(data->fd, finishframe, len, 0) == -1) { 906 log_err("send failed: %s", sock_strerror(errno)); 907 fd_set_nonblock(data->fd); 908 free(finishframe); 909 return 0; 910 } 911 } 912 if(verbosity) log_info("sent control frame(finish)"); 913 914 fd_set_nonblock(data->fd); 915 free(finishframe); 916 return 1; 917 #else 918 log_err("no dnstap compiled, no reply"); 919 (void)data; 920 return 0; 921 #endif 922 } 923 924 #ifdef HAVE_SSL 925 /** check SSL peer certificate, return 0 on fail */ 926 static int tap_check_peer(struct tap_data* data) 927 { 928 if((SSL_get_verify_mode(data->ssl)&SSL_VERIFY_PEER)) { 929 /* verification */ 930 if(SSL_get_verify_result(data->ssl) == X509_V_OK) { 931 #ifdef HAVE_SSL_GET1_PEER_CERTIFICATE 932 X509* x = SSL_get1_peer_certificate(data->ssl); 933 #else 934 X509* x = SSL_get_peer_certificate(data->ssl); 935 #endif 936 if(!x) { 937 if(verbosity) log_info("SSL connection %s" 938 " failed no certificate", data->id); 939 return 0; 940 } 941 if(verbosity) 942 log_cert(VERB_ALGO, "peer certificate", x); 943 #ifdef HAVE_SSL_GET0_PEERNAME 944 if(SSL_get0_peername(data->ssl)) { 945 if(verbosity) log_info("SSL connection %s " 946 "to %s authenticated", data->id, 947 SSL_get0_peername(data->ssl)); 948 } else { 949 #endif 950 if(verbosity) log_info("SSL connection %s " 951 "authenticated", data->id); 952 #ifdef HAVE_SSL_GET0_PEERNAME 953 } 954 #endif 955 X509_free(x); 956 } else { 957 #ifdef HAVE_SSL_GET1_PEER_CERTIFICATE 958 X509* x = SSL_get1_peer_certificate(data->ssl); 959 #else 960 X509* x = SSL_get_peer_certificate(data->ssl); 961 #endif 962 if(x) { 963 if(verbosity) 964 log_cert(VERB_ALGO, "peer certificate", x); 965 X509_free(x); 966 } 967 if(verbosity) log_info("SSL connection %s failed: " 968 "failed to authenticate", data->id); 969 return 0; 970 } 971 } else { 972 /* unauthenticated, the verify peer flag was not set 973 * in ssl when the ssl object was created from ssl_ctx */ 974 if(verbosity) log_info("SSL connection %s", data->id); 975 } 976 return 1; 977 } 978 #endif /* HAVE_SSL */ 979 980 #ifdef HAVE_SSL 981 /** perform SSL handshake, return 0 to wait for events, 1 if done */ 982 static int tap_handshake(struct tap_data* data) 983 { 984 int r; 985 if(data->ssl_brief_write) { 986 /* write condition has been satisfied, back to reading */ 987 tap_disable_brief_write(data); 988 } 989 if(data->ssl_handshake_done) 990 return 1; 991 992 ERR_clear_error(); 993 r = SSL_do_handshake(data->ssl); 994 if(r != 1) { 995 int want = SSL_get_error(data->ssl, r); 996 if(want == SSL_ERROR_WANT_READ) { 997 return 0; 998 } else if(want == SSL_ERROR_WANT_WRITE) { 999 tap_enable_brief_write(data); 1000 return 0; 1001 } else if(r == 0) { 1002 /* closed */ 1003 tap_data_free(data, 1); 1004 return 0; 1005 } else if(want == SSL_ERROR_SYSCALL) { 1006 /* SYSCALL and errno==0 means closed uncleanly */ 1007 int silent = 0; 1008 #ifdef EPIPE 1009 if(errno == EPIPE && verbosity < 2) 1010 silent = 1; /* silence 'broken pipe' */ 1011 #endif 1012 #ifdef ECONNRESET 1013 if(errno == ECONNRESET && verbosity < 2) 1014 silent = 1; /* silence reset by peer */ 1015 #endif 1016 if(errno == 0) 1017 silent = 1; 1018 if(!silent) 1019 log_err("SSL_handshake syscall: %s", 1020 strerror(errno)); 1021 tap_data_free(data, 1); 1022 return 0; 1023 } else { 1024 unsigned long err = ERR_get_error(); 1025 if(!squelch_err_ssl_handshake(err)) { 1026 log_crypto_err_code("ssl handshake failed", 1027 err); 1028 verbose(VERB_OPS, "ssl handshake failed " 1029 "from %s", data->id); 1030 } 1031 tap_data_free(data, 1); 1032 return 0; 1033 } 1034 } 1035 /* check peer verification */ 1036 data->ssl_handshake_done = 1; 1037 if(!tap_check_peer(data)) { 1038 /* closed */ 1039 tap_data_free(data, 1); 1040 return 0; 1041 } 1042 return 1; 1043 } 1044 #endif /* HAVE_SSL */ 1045 1046 /** callback for dnstap listener */ 1047 void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(bits), void* arg) 1048 { 1049 struct tap_data* data = (struct tap_data*)arg; 1050 if(verbosity>=3) log_info("tap callback"); 1051 #ifdef HAVE_SSL 1052 if(data->ssl && (!data->ssl_handshake_done || 1053 data->ssl_brief_write)) { 1054 if(!tap_handshake(data)) 1055 return; 1056 } 1057 #endif 1058 while(data->len_done < 4) { 1059 uint32_t l = (uint32_t)data->len; 1060 ssize_t ret = tap_receive(data, 1061 ((uint8_t*)&l)+data->len_done, 4-data->len_done); 1062 if(verbosity>=4) log_info("s recv %d", (int)ret); 1063 if(ret == 0) { 1064 /* closed or error */ 1065 tap_data_free(data, 1); 1066 return; 1067 } else if(ret == -1) { 1068 /* continue later */ 1069 return; 1070 } 1071 data->len_done += ret; 1072 data->len = (size_t)l; 1073 if(data->len_done < 4) 1074 return; /* continue later */ 1075 data->len = (size_t)(ntohl(l)); 1076 if(verbosity>=3) log_info("length is %d", (int)data->len); 1077 if(data->len == 0) { 1078 /* it is a control frame */ 1079 data->control_frame = 1; 1080 /* read controlframelen */ 1081 data->len_done = 0; 1082 } else { 1083 /* allocate frame size */ 1084 data->frame = calloc(1, data->len); 1085 if(!data->frame) { 1086 log_err("out of memory"); 1087 tap_data_free(data, 1); 1088 return; 1089 } 1090 } 1091 } 1092 1093 /* we want to read the full length now */ 1094 if(data->data_done < data->len) { 1095 ssize_t r = tap_receive(data, data->frame + data->data_done, 1096 data->len - data->data_done); 1097 if(verbosity>=4) log_info("f recv %d", (int)r); 1098 if(r == 0) { 1099 /* closed or error */ 1100 tap_data_free(data, 1); 1101 return; 1102 } else if(r == -1) { 1103 /* continue later */ 1104 return; 1105 } 1106 data->data_done += r; 1107 if(data->data_done < data->len) 1108 return; /* continue later */ 1109 } 1110 1111 /* we are done with a frame */ 1112 if(verbosity>=3) log_info("received %sframe len %d", 1113 (data->control_frame?"control ":""), (int)data->len); 1114 #ifdef USE_DNSTAP 1115 if(data->control_frame) 1116 log_control_frame(data->frame, data->len); 1117 else log_data_frame(data->frame, data->len); 1118 #endif 1119 1120 if(data->len >= 4 && sldns_read_uint32(data->frame) == 1121 FSTRM_CONTROL_FRAME_READY) { 1122 data->is_bidirectional = 1; 1123 if(verbosity) log_info("bidirectional stream"); 1124 if(!reply_with_accept(data)) { 1125 tap_data_free(data, 1); 1126 return; 1127 } 1128 } else if(data->len >= 4 && sldns_read_uint32(data->frame) == 1129 FSTRM_CONTROL_FRAME_STOP && data->is_bidirectional) { 1130 if(!reply_with_finish(data)) { 1131 tap_data_free(data, 1); 1132 return; 1133 } 1134 } 1135 1136 /* prepare for next frame */ 1137 free(data->frame); 1138 data->frame = NULL; 1139 data->control_frame = 0; 1140 data->len = 0; 1141 data->len_done = 0; 1142 data->data_done = 0; 1143 } 1144 1145 /** callback for main listening file descriptor */ 1146 void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg) 1147 { 1148 struct tap_socket* tap_sock = (struct tap_socket*)arg; 1149 struct main_tap_data* maindata = (struct main_tap_data*) 1150 tap_sock->data; 1151 struct tap_data* data; 1152 char* id = NULL; 1153 struct sockaddr_storage addr; 1154 socklen_t addrlen = (socklen_t)sizeof(addr); 1155 int s; 1156 memset(&addr, 0, sizeof(addr)); 1157 s = accept(fd, (struct sockaddr*)&addr, &addrlen); 1158 if(s == -1) { 1159 #ifndef USE_WINSOCK 1160 /* EINTR is signal interrupt. others are closed connection. */ 1161 if( errno == EINTR || errno == EAGAIN 1162 #ifdef EWOULDBLOCK 1163 || errno == EWOULDBLOCK 1164 #endif 1165 #ifdef ECONNABORTED 1166 || errno == ECONNABORTED 1167 #endif 1168 #ifdef EPROTO 1169 || errno == EPROTO 1170 #endif /* EPROTO */ 1171 ) 1172 return; 1173 #else /* USE_WINSOCK */ 1174 if(WSAGetLastError() == WSAEINPROGRESS || 1175 WSAGetLastError() == WSAECONNRESET) 1176 return; 1177 if(WSAGetLastError() == WSAEWOULDBLOCK) { 1178 ub_winsock_tcp_wouldblock(maindata->ev, UB_EV_READ); 1179 return; 1180 } 1181 #endif 1182 log_err_addr("accept failed", sock_strerror(errno), &addr, 1183 addrlen); 1184 return; 1185 } 1186 fd_set_nonblock(s); 1187 if(verbosity) { 1188 if(addr.ss_family == AF_LOCAL) { 1189 #ifdef HAVE_SYS_UN_H 1190 struct sockaddr_un* usock = calloc(1, sizeof(struct sockaddr_un) + 1); 1191 if(usock) { 1192 socklen_t ulen = sizeof(struct sockaddr_un); 1193 if(getsockname(fd, (struct sockaddr*)usock, &ulen) != -1) { 1194 log_info("accepted new dnstap client from %s", usock->sun_path); 1195 id = strdup(usock->sun_path); 1196 } else { 1197 log_info("accepted new dnstap client"); 1198 } 1199 free(usock); 1200 } else { 1201 log_info("accepted new dnstap client"); 1202 } 1203 #endif /* HAVE_SYS_UN_H */ 1204 } else if(addr.ss_family == AF_INET || 1205 addr.ss_family == AF_INET6) { 1206 char ip[256]; 1207 addr_to_str(&addr, addrlen, ip, sizeof(ip)); 1208 log_info("accepted new dnstap client from %s", ip); 1209 id = strdup(ip); 1210 } else { 1211 log_info("accepted new dnstap client"); 1212 } 1213 } 1214 1215 data = calloc(1, sizeof(*data)); 1216 if(!data) fatal_exit("out of memory"); 1217 data->fd = s; 1218 data->id = id; 1219 if(tap_sock->sslctx) { 1220 data->ssl = incoming_ssl_fd(tap_sock->sslctx, data->fd); 1221 if(!data->ssl) fatal_exit("could not SSL_new"); 1222 } 1223 data->ev = ub_event_new(maindata->base, s, UB_EV_READ | UB_EV_PERSIST, 1224 &dtio_tap_callback, data); 1225 if(!data->ev) fatal_exit("could not ub_event_new"); 1226 if(ub_event_add(data->ev, NULL) != 0) fatal_exit("could not ub_event_add"); 1227 if(!tap_data_list_insert(&tap_sock->data_list, data)) 1228 fatal_exit("could not tap_data_list_insert"); 1229 } 1230 1231 /** setup local accept sockets */ 1232 static void setup_local_list(struct main_tap_data* maindata, 1233 struct config_strlist_head* local_list) 1234 { 1235 struct config_strlist* item; 1236 for(item = local_list->first; item; item = item->next) { 1237 struct tap_socket* s; 1238 s = tap_socket_new_local(item->str, &dtio_mainfdcallback, 1239 maindata); 1240 if(!s) fatal_exit("out of memory"); 1241 if(!tap_socket_list_insert(&maindata->acceptlist, s)) 1242 fatal_exit("out of memory"); 1243 } 1244 } 1245 1246 /** setup tcp accept sockets */ 1247 static void setup_tcp_list(struct main_tap_data* maindata, 1248 struct config_strlist_head* tcp_list) 1249 { 1250 struct config_strlist* item; 1251 for(item = tcp_list->first; item; item = item->next) { 1252 struct tap_socket* s; 1253 s = tap_socket_new_tcpaccept(item->str, &dtio_mainfdcallback, 1254 maindata); 1255 if(!s) fatal_exit("out of memory"); 1256 if(!tap_socket_list_insert(&maindata->acceptlist, s)) 1257 fatal_exit("out of memory"); 1258 } 1259 } 1260 1261 /** setup tls accept sockets */ 1262 static void setup_tls_list(struct main_tap_data* maindata, 1263 struct config_strlist_head* tls_list, char* server_key, 1264 char* server_cert, char* verifypem) 1265 { 1266 struct config_strlist* item; 1267 for(item = tls_list->first; item; item = item->next) { 1268 struct tap_socket* s; 1269 s = tap_socket_new_tlsaccept(item->str, &dtio_mainfdcallback, 1270 maindata, server_key, server_cert, verifypem); 1271 if(!s) fatal_exit("out of memory"); 1272 if(!tap_socket_list_insert(&maindata->acceptlist, s)) 1273 fatal_exit("out of memory"); 1274 } 1275 } 1276 1277 /** signal variable */ 1278 static struct ub_event_base* sig_base = NULL; 1279 /** do we have to quit */ 1280 int sig_quit = 0; 1281 /** signal handler for user quit */ 1282 static RETSIGTYPE main_sigh(int sig) 1283 { 1284 if(!sig_quit) { 1285 char str[] = "exit on signal \n"; 1286 str[15] = '0' + (sig/10)%10; 1287 str[16] = '0' + sig%10; 1288 /* simple cast to void will not silence Wunused-result */ 1289 (void)!write(STDERR_FILENO, str, strlen(str)); 1290 } 1291 if(sig_base) { 1292 ub_event_base_loopexit(sig_base); 1293 sig_base = NULL; 1294 } 1295 sig_quit = 1; 1296 } 1297 1298 /** setup and run the server to listen to DNSTAP messages */ 1299 static void 1300 setup_and_run(struct config_strlist_head* local_list, 1301 struct config_strlist_head* tcp_list, 1302 struct config_strlist_head* tls_list, char* server_key, 1303 char* server_cert, char* verifypem) 1304 { 1305 time_t secs = 0; 1306 struct timeval now; 1307 struct main_tap_data* maindata; 1308 struct ub_event_base* base; 1309 const char *evnm="event", *evsys="", *evmethod=""; 1310 1311 maindata = calloc(1, sizeof(*maindata)); 1312 if(!maindata) fatal_exit("out of memory"); 1313 memset(&now, 0, sizeof(now)); 1314 base = ub_default_event_base(1, &secs, &now); 1315 if(!base) fatal_exit("could not create ub_event base"); 1316 maindata->base = base; 1317 sig_base = base; 1318 if(sig_quit) { 1319 ub_event_base_free(base); 1320 free(maindata); 1321 return; 1322 } 1323 ub_get_event_sys(base, &evnm, &evsys, &evmethod); 1324 if(verbosity) log_info("%s %s uses %s method", evnm, evsys, evmethod); 1325 1326 setup_local_list(maindata, local_list); 1327 setup_tcp_list(maindata, tcp_list); 1328 setup_tls_list(maindata, tls_list, server_key, server_cert, 1329 verifypem); 1330 if(!tap_socket_list_addevs(maindata->acceptlist, base)) 1331 fatal_exit("could not setup accept events"); 1332 if(verbosity) log_info("start of service"); 1333 1334 ub_event_base_dispatch(base); 1335 sig_base = NULL; 1336 1337 if(verbosity) log_info("end of service"); 1338 tap_socket_list_delete(maindata->acceptlist); 1339 ub_event_base_free(base); 1340 free(maindata); 1341 } 1342 1343 /* internal unit tests */ 1344 static int internal_unittest() 1345 { 1346 /* unit test tap_data_list_try_to_free_tail() */ 1347 #define unit_tap_datas_max 5 1348 struct tap_data* datas[unit_tap_datas_max]; 1349 struct tap_data_list* list; 1350 struct tap_socket* socket = calloc(1, sizeof(*socket)); 1351 size_t i = 0; 1352 log_assert(socket); 1353 log_assert(unit_tap_datas_max>2); /* needed for the test */ 1354 for(i=0; i<unit_tap_datas_max; i++) { 1355 datas[i] = calloc(1, sizeof(struct tap_data)); 1356 log_assert(datas[i]); 1357 log_assert(tap_data_list_insert(&socket->data_list, datas[i])); 1358 } 1359 /* sanity base check */ 1360 list = socket->data_list; 1361 for(i=0; list; i++) list = list->next; 1362 log_assert(i==unit_tap_datas_max); 1363 1364 /* Free the last data, tail cannot be erased */ 1365 list = socket->data_list; 1366 while(list->next) list = list->next; 1367 free(list->d); 1368 list->d = NULL; 1369 tap_data_list_try_to_free_tail(list); 1370 list = socket->data_list; 1371 for(i=0; list; i++) list = list->next; 1372 log_assert(i==unit_tap_datas_max); 1373 1374 /* Free the third to last data, tail cannot be erased */ 1375 list = socket->data_list; 1376 for(i=0; i<unit_tap_datas_max-3; i++) list = list->next; 1377 free(list->d); 1378 list->d = NULL; 1379 tap_data_list_try_to_free_tail(list); 1380 list = socket->data_list; 1381 for(i=0; list; i++) list = list->next; 1382 log_assert(i==unit_tap_datas_max); 1383 1384 /* Free the second to last data, try to remove tail from the third 1385 * again, tail (last 2) should be removed */ 1386 list = socket->data_list; 1387 for(i=0; i<unit_tap_datas_max-2; i++) list = list->next; 1388 free(list->d); 1389 list->d = NULL; 1390 list = socket->data_list; 1391 while(list->d) list = list->next; 1392 tap_data_list_try_to_free_tail(list); 1393 list = socket->data_list; 1394 for(i=0; list; i++) list = list->next; 1395 log_assert(i==unit_tap_datas_max-2); 1396 1397 /* Free all the remaining data, try to remove tail from the start, 1398 * only the start should remain */ 1399 list = socket->data_list; 1400 while(list) { 1401 free(list->d); 1402 list->d = NULL; 1403 list = list->next; 1404 } 1405 tap_data_list_try_to_free_tail(socket->data_list); 1406 list = socket->data_list; 1407 for(i=0; list; i++) list = list->next; 1408 log_assert(i==1); 1409 1410 /* clean up */ 1411 tap_data_list_delete(socket->data_list); 1412 free(socket); 1413 1414 /* Start again. Add two elements */ 1415 socket = calloc(1, sizeof(*socket)); 1416 log_assert(socket); 1417 for(i=0; i<2; i++) { 1418 datas[i] = calloc(1, sizeof(struct tap_data)); 1419 log_assert(datas[i]); 1420 log_assert(tap_data_list_insert(&socket->data_list, datas[i])); 1421 } 1422 /* sanity base check */ 1423 list = socket->data_list; 1424 for(i=0; list; i++) list = list->next; 1425 log_assert(i==2); 1426 1427 /* Free the last data, tail cannot be erased */ 1428 list = socket->data_list; 1429 while(list->next) list = list->next; 1430 free(list->d); 1431 list->d = NULL; 1432 tap_data_list_try_to_free_tail(list); 1433 list = socket->data_list; 1434 for(i=0; list; i++) list = list->next; 1435 log_assert(i==2); 1436 1437 /* clean up */ 1438 tap_data_list_delete(socket->data_list); 1439 free(socket); 1440 1441 if(log_get_lock()) { 1442 lock_basic_destroy((lock_basic_type*)log_get_lock()); 1443 } 1444 checklock_stop(); 1445 #ifdef USE_WINSOCK 1446 WSACleanup(); 1447 #endif 1448 return 0; 1449 } 1450 1451 /** getopt global, in case header files fail to declare it. */ 1452 extern int optind; 1453 /** getopt global, in case header files fail to declare it. */ 1454 extern char* optarg; 1455 1456 /** main program for streamtcp */ 1457 int main(int argc, char** argv) 1458 { 1459 int c; 1460 int usessl = 0; 1461 struct config_strlist_head local_list; 1462 struct config_strlist_head tcp_list; 1463 struct config_strlist_head tls_list; 1464 char* server_key = NULL, *server_cert = NULL, *verifypem = NULL; 1465 #ifdef USE_WINSOCK 1466 WSADATA wsa_data; 1467 if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) { 1468 printf("WSAStartup failed\n"); 1469 return 1; 1470 } 1471 #endif 1472 if(signal(SIGINT, main_sigh) == SIG_ERR || 1473 #ifdef SIGQUIT 1474 signal(SIGQUIT, main_sigh) == SIG_ERR || 1475 #endif 1476 #ifdef SIGHUP 1477 signal(SIGHUP, main_sigh) == SIG_ERR || 1478 #endif 1479 #ifdef SIGBREAK 1480 signal(SIGBREAK, main_sigh) == SIG_ERR || 1481 #endif 1482 signal(SIGTERM, main_sigh) == SIG_ERR) 1483 fatal_exit("could not bind to signal"); 1484 memset(&local_list, 0, sizeof(local_list)); 1485 memset(&tcp_list, 0, sizeof(tcp_list)); 1486 memset(&tls_list, 0, sizeof(tls_list)); 1487 1488 /* lock debug start (if any) */ 1489 checklock_start(); 1490 log_ident_set("unbound-dnstap-socket"); 1491 log_init(0, 0, 0); 1492 1493 #ifdef SIGPIPE 1494 if(signal(SIGPIPE, SIG_IGN) == SIG_ERR) { 1495 perror("could not install signal handler for SIGPIPE"); 1496 return 1; 1497 } 1498 #endif 1499 1500 /* command line options */ 1501 while( (c=getopt(argc, argv, "hcls:t:u:vx:y:z:")) != -1) { 1502 switch(c) { 1503 case 'u': 1504 if(!cfg_strlist_append(&local_list, 1505 strdup(optarg))) 1506 fatal_exit("out of memory"); 1507 break; 1508 case 's': 1509 if(!cfg_strlist_append(&tcp_list, 1510 strdup(optarg))) 1511 fatal_exit("out of memory"); 1512 break; 1513 case 't': 1514 if(!cfg_strlist_append(&tls_list, 1515 strdup(optarg))) 1516 fatal_exit("out of memory"); 1517 usessl = 1; 1518 break; 1519 case 'x': 1520 server_key = optarg; 1521 usessl = 1; 1522 break; 1523 case 'y': 1524 server_cert = optarg; 1525 usessl = 1; 1526 break; 1527 case 'z': 1528 verifypem = optarg; 1529 usessl = 1; 1530 break; 1531 case 'l': 1532 longformat = 1; 1533 break; 1534 case 'v': 1535 verbosity++; 1536 break; 1537 case 'c': 1538 #ifndef UNBOUND_DEBUG 1539 fatal_exit("-c option needs compilation with " 1540 "--enable-debug"); 1541 #endif 1542 return internal_unittest(); 1543 case 'h': 1544 case '?': 1545 default: 1546 usage(argv); 1547 } 1548 } 1549 /* argc -= optind; not using further arguments */ 1550 /* argv += optind; not using further arguments */ 1551 1552 if(usessl) { 1553 #ifdef HAVE_SSL 1554 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 1555 ERR_load_SSL_strings(); 1556 #endif 1557 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) 1558 # ifndef S_SPLINT_S 1559 OpenSSL_add_all_algorithms(); 1560 # endif 1561 #else 1562 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS 1563 | OPENSSL_INIT_ADD_ALL_DIGESTS 1564 | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); 1565 #endif 1566 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 1567 (void)SSL_library_init(); 1568 #else 1569 (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); 1570 #endif 1571 #endif /* HAVE_SSL */ 1572 } 1573 setup_and_run(&local_list, &tcp_list, &tls_list, server_key, 1574 server_cert, verifypem); 1575 config_delstrlist(local_list.first); 1576 config_delstrlist(tcp_list.first); 1577 config_delstrlist(tls_list.first); 1578 1579 if(log_get_lock()) { 1580 lock_basic_destroy((lock_basic_type*)log_get_lock()); 1581 } 1582 checklock_stop(); 1583 #ifdef USE_WINSOCK 1584 WSACleanup(); 1585 #endif 1586 return 0; 1587 } 1588 1589 /***--- definitions to make fptr_wlist work. ---***/ 1590 /* These are callbacks, similar to smallapp callbacks, except the debug 1591 * tool callbacks are not in it */ 1592 struct tube; 1593 struct query_info; 1594 #include "util/data/packed_rrset.h" 1595 #include "daemon/worker.h" 1596 #include "daemon/remote.h" 1597 #include "util/fptr_wlist.h" 1598 #include "libunbound/context.h" 1599 1600 void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), 1601 uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), 1602 int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) 1603 { 1604 log_assert(0); 1605 } 1606 1607 int worker_handle_request(struct comm_point* ATTR_UNUSED(c), 1608 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1609 struct comm_reply* ATTR_UNUSED(repinfo)) 1610 { 1611 log_assert(0); 1612 return 0; 1613 } 1614 1615 int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), 1616 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1617 struct comm_reply* ATTR_UNUSED(reply_info)) 1618 { 1619 log_assert(0); 1620 return 0; 1621 } 1622 1623 int remote_accept_callback(struct comm_point* ATTR_UNUSED(c), 1624 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1625 struct comm_reply* ATTR_UNUSED(repinfo)) 1626 { 1627 log_assert(0); 1628 return 0; 1629 } 1630 1631 int remote_control_callback(struct comm_point* ATTR_UNUSED(c), 1632 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1633 struct comm_reply* ATTR_UNUSED(repinfo)) 1634 { 1635 log_assert(0); 1636 return 0; 1637 } 1638 1639 void worker_sighandler(int ATTR_UNUSED(sig), void* ATTR_UNUSED(arg)) 1640 { 1641 log_assert(0); 1642 } 1643 1644 struct outbound_entry* worker_send_query( 1645 struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), 1646 int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), 1647 int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit), 1648 struct sockaddr_storage* ATTR_UNUSED(addr), 1649 socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), 1650 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream), 1651 int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name), 1652 struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited)) 1653 { 1654 log_assert(0); 1655 return 0; 1656 } 1657 1658 #ifdef UB_ON_WINDOWS 1659 void 1660 worker_win_stop_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), void* 1661 ATTR_UNUSED(arg)) { 1662 log_assert(0); 1663 } 1664 1665 void 1666 wsvc_cron_cb(void* ATTR_UNUSED(arg)) 1667 { 1668 log_assert(0); 1669 } 1670 #endif /* UB_ON_WINDOWS */ 1671 1672 void 1673 worker_alloc_cleanup(void* ATTR_UNUSED(arg)) 1674 { 1675 log_assert(0); 1676 } 1677 1678 struct outbound_entry* libworker_send_query( 1679 struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), 1680 int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), 1681 int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit), 1682 struct sockaddr_storage* ATTR_UNUSED(addr), 1683 socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), 1684 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream), 1685 int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name), 1686 struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited)) 1687 { 1688 log_assert(0); 1689 return 0; 1690 } 1691 1692 int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), 1693 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1694 struct comm_reply* ATTR_UNUSED(reply_info)) 1695 { 1696 log_assert(0); 1697 return 0; 1698 } 1699 1700 void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), 1701 uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), 1702 int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) 1703 { 1704 log_assert(0); 1705 } 1706 1707 void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 1708 struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), 1709 char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) 1710 { 1711 log_assert(0); 1712 } 1713 1714 void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 1715 struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), 1716 char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) 1717 { 1718 log_assert(0); 1719 } 1720 1721 void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 1722 struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), 1723 char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) 1724 { 1725 log_assert(0); 1726 } 1727 1728 int context_query_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) 1729 { 1730 log_assert(0); 1731 return 0; 1732 } 1733 1734 void worker_stat_timer_cb(void* ATTR_UNUSED(arg)) 1735 { 1736 log_assert(0); 1737 } 1738 1739 void worker_probe_timer_cb(void* ATTR_UNUSED(arg)) 1740 { 1741 log_assert(0); 1742 } 1743 1744 void worker_start_accept(void* ATTR_UNUSED(arg)) 1745 { 1746 log_assert(0); 1747 } 1748 1749 void worker_stop_accept(void* ATTR_UNUSED(arg)) 1750 { 1751 log_assert(0); 1752 } 1753 1754 /** keep track of lock id in lock-verify application */ 1755 struct order_id { 1756 /** the thread id that created it */ 1757 int thr; 1758 /** the instance number of creation */ 1759 int instance; 1760 }; 1761 1762 int order_lock_cmp(const void* e1, const void* e2) 1763 { 1764 const struct order_id* o1 = e1; 1765 const struct order_id* o2 = e2; 1766 if(o1->thr < o2->thr) return -1; 1767 if(o1->thr > o2->thr) return 1; 1768 if(o1->instance < o2->instance) return -1; 1769 if(o1->instance > o2->instance) return 1; 1770 return 0; 1771 } 1772 1773 int 1774 codeline_cmp(const void* a, const void* b) 1775 { 1776 return strcmp(a, b); 1777 } 1778 1779 int replay_var_compare(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) 1780 { 1781 log_assert(0); 1782 return 0; 1783 } 1784 1785 void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg)) 1786 { 1787 log_assert(0); 1788 } 1789 1790 void fast_reload_service_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), 1791 void* ATTR_UNUSED(arg)) 1792 { 1793 log_assert(0); 1794 } 1795 1796 int fast_reload_client_callback(struct comm_point* ATTR_UNUSED(c), 1797 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1798 struct comm_reply* ATTR_UNUSED(repinfo)) 1799 { 1800 log_assert(0); 1801 return 0; 1802 } 1803 1804 #ifdef HAVE_NGTCP2 1805 void doq_client_event_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), 1806 void* ATTR_UNUSED(arg)) 1807 { 1808 log_assert(0); 1809 } 1810 #endif 1811 1812 #ifdef HAVE_NGTCP2 1813 void doq_client_timer_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), 1814 void* ATTR_UNUSED(arg)) 1815 { 1816 log_assert(0); 1817 } 1818 #endif 1819