1 /* 2 * services/listen_dnsport.h - listen on port 53 for incoming DNS queries. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file has functions to get queries from clients. 40 */ 41 42 #ifndef LISTEN_DNSPORT_H 43 #define LISTEN_DNSPORT_H 44 45 #include "util/netevent.h" 46 #include "util/rbtree.h" 47 #include "util/locks.h" 48 #include "daemon/acl_list.h" 49 #ifdef HAVE_NGHTTP2_NGHTTP2_H 50 #include <nghttp2/nghttp2.h> 51 #endif 52 #ifdef HAVE_NGTCP2 53 #include <ngtcp2/ngtcp2.h> 54 #include <ngtcp2/ngtcp2_crypto.h> 55 #ifdef USE_NGTCP2_CRYPTO_OSSL 56 struct ngtcp2_crypto_ossl_ctx; 57 #endif 58 #endif 59 struct listen_list; 60 struct config_file; 61 struct addrinfo; 62 struct sldns_buffer; 63 struct tcl_list; 64 65 /** 66 * Listening for queries structure. 67 * Contains list of query-listen sockets. 68 */ 69 struct listen_dnsport { 70 /** Base for select calls */ 71 struct comm_base* base; 72 73 /** buffer shared by UDP connections, since there is only one 74 datagram at any time. */ 75 struct sldns_buffer* udp_buff; 76 #ifdef USE_DNSCRYPT 77 struct sldns_buffer* dnscrypt_udp_buff; 78 #endif 79 /** list of comm points used to get incoming events */ 80 struct listen_list* cps; 81 }; 82 83 /** 84 * Single linked list to store event points. 85 */ 86 struct listen_list { 87 /** next in list */ 88 struct listen_list* next; 89 /** event info */ 90 struct comm_point* com; 91 }; 92 93 /** 94 * type of ports 95 */ 96 enum listen_type { 97 /** udp type */ 98 listen_type_udp, 99 /** tcp type */ 100 listen_type_tcp, 101 /** udp ipv6 (v4mapped) for use with ancillary data */ 102 listen_type_udpancil, 103 /** ssl over tcp type */ 104 listen_type_ssl, 105 /** udp type + dnscrypt*/ 106 listen_type_udp_dnscrypt, 107 /** tcp type + dnscrypt */ 108 listen_type_tcp_dnscrypt, 109 /** udp ipv6 (v4mapped) for use with ancillary data + dnscrypt*/ 110 listen_type_udpancil_dnscrypt, 111 /** HTTP(2) over TLS over TCP */ 112 listen_type_http, 113 /** DNS over QUIC */ 114 listen_type_doq 115 }; 116 117 /* 118 * socket properties (just like NSD nsd_socket structure definition) 119 */ 120 struct unbound_socket { 121 /** the address of the socket */ 122 struct sockaddr* addr; 123 /** length of the address */ 124 socklen_t addrlen; 125 /** socket descriptor returned by socket() syscall */ 126 int s; 127 /** address family (AF_INET/AF_INET6) */ 128 int fam; 129 /** ACL on the socket (listening interface) */ 130 struct acl_addr* acl; 131 }; 132 133 /** 134 * Single linked list to store shared ports that have been 135 * opened for use by all threads. 136 */ 137 struct listen_port { 138 /** next in list */ 139 struct listen_port* next; 140 /** file descriptor, open and ready for use */ 141 int fd; 142 /** type of file descriptor, udp or tcp */ 143 enum listen_type ftype; 144 /** if the port should support PROXYv2 */ 145 int pp2_enabled; 146 /** fill in unbound_socket structure for every opened socket at 147 * Unbound startup */ 148 struct unbound_socket* socket; 149 }; 150 151 /** 152 * Create shared listening ports 153 * Getaddrinfo, create socket, bind and listen to zero or more 154 * interfaces for IP4 and/or IP6, for UDP and/or TCP. 155 * On the given port number. It creates the sockets. 156 * @param cfg: settings on what ports to open. 157 * @param ifs: interfaces to open, array of IP addresses, "ip[@port]". 158 * @param num_ifs: length of ifs. 159 * @param reuseport: set to true if you want reuseport, or NULL to not have it, 160 * set to false on exit if reuseport failed to apply (because of no 161 * kernel support). 162 * @return: linked list of ports or NULL on error. 163 */ 164 struct listen_port* listening_ports_open(struct config_file* cfg, 165 char** ifs, int num_ifs, int* reuseport); 166 167 /** 168 * Close and delete the (list of) listening ports. 169 */ 170 void listening_ports_free(struct listen_port* list); 171 172 struct config_strlist; 173 /** 174 * Resolve interface names in config and store result IP addresses 175 * @param ifs: array of interfaces. The list of interface names, if not NULL. 176 * @param num_ifs: length of ifs array. 177 * @param list: if not NULL, this is used as the list of interface names. 178 * @param resif: string array (malloced array of malloced strings) with 179 * result. NULL if cfg has none. 180 * @param num_resif: length of resif. Zero if cfg has zero num_ifs. 181 * @return 0 on failure. 182 */ 183 int resolve_interface_names(char** ifs, int num_ifs, 184 struct config_strlist* list, char*** resif, int* num_resif); 185 186 /** 187 * Create commpoints with for this thread for the shared ports. 188 * @param base: the comm_base that provides event functionality. 189 * for default all ifs. 190 * @param ports: the list of shared ports. 191 * @param bufsize: size of datagram buffer. 192 * @param tcp_accept_count: max number of simultaneous TCP connections 193 * from clients. 194 * @param tcp_idle_timeout: idle timeout for TCP connections in msec. 195 * @param harden_large_queries: whether query size should be limited. 196 * @param http_max_streams: maximum number of HTTP/2 streams per connection. 197 * @param http_endpoint: HTTP endpoint to service queries on 198 * @param http_notls: no TLS for http downstream 199 * @param tcp_conn_limit: TCP connection limit info. 200 * @param dot_sslctx: nonNULL if dot ssl context. 201 * @param doh_sslctx: nonNULL if doh ssl context. 202 * @param quic_sslctx: nonNULL if quic ssl context. 203 * @param dtenv: nonNULL if dnstap enabled. 204 * @param doq_table: the doq connection table, with shared information. 205 * @param rnd: random state. 206 * @param cfg: config file struct. 207 * @param cb: callback function when a request arrives. It is passed 208 * the packet and user argument. Return true to send a reply. 209 * @param cb_arg: user data argument for callback function. 210 * @return: the malloced listening structure, ready for use. NULL on error. 211 */ 212 struct listen_dnsport* 213 listen_create(struct comm_base* base, struct listen_port* ports, 214 size_t bufsize, int tcp_accept_count, int tcp_idle_timeout, 215 int harden_large_queries, uint32_t http_max_streams, 216 char* http_endpoint, int http_notls, struct tcl_list* tcp_conn_limit, 217 void* dot_sslctx, void* doh_sslctx, void* quic_sslctx, 218 struct dt_env* dtenv, 219 struct doq_table* doq_table, 220 struct ub_randstate* rnd,struct config_file* cfg, 221 comm_point_callback_type* cb, void *cb_arg); 222 223 /** 224 * delete the listening structure 225 * @param listen: listening structure. 226 */ 227 void listen_delete(struct listen_dnsport* listen); 228 229 /** setup the locks for the listen ports */ 230 void listen_setup_locks(void); 231 /** desetup the locks for the listen ports */ 232 void listen_desetup_locks(void); 233 234 /** 235 * delete listen_list of commpoints. Calls commpointdelete() on items. 236 * This may close the fds or not depending on flags. 237 * @param list: to delete. 238 */ 239 void listen_list_delete(struct listen_list* list); 240 241 /** 242 * get memory size used by the listening structs 243 * @param listen: listening structure. 244 * @return: size in bytes. 245 */ 246 size_t listen_get_mem(struct listen_dnsport* listen); 247 248 /** 249 * stop accept handlers for TCP (until enabled again) 250 * @param listen: listening structure. 251 */ 252 void listen_stop_accept(struct listen_dnsport* listen); 253 254 /** 255 * start accept handlers for TCP (was stopped before) 256 * @param listen: listening structure. 257 */ 258 void listen_start_accept(struct listen_dnsport* listen); 259 260 /** 261 * Create and bind nonblocking UDP socket 262 * @param family: for socket call. 263 * @param socktype: for socket call. 264 * @param addr: for bind call. 265 * @param addrlen: for bind call. 266 * @param v6only: if enabled, IP6 sockets get IP6ONLY option set. 267 * if enabled with value 2 IP6ONLY option is disabled. 268 * @param inuse: on error, this is set true if the port was in use. 269 * @param noproto: on error, this is set true if cause is that the 270 IPv6 proto (family) is not available. 271 * @param rcv: set size on rcvbuf with socket option, if 0 it is not set. 272 * @param snd: set size on sndbuf with socket option, if 0 it is not set. 273 * @param listen: if true, this is a listening UDP port, eg port 53, and 274 * set SO_REUSEADDR on it. 275 * @param reuseport: if nonNULL and true, try to set SO_REUSEPORT on 276 * listening UDP port. Set to false on return if it failed to do so. 277 * @param transparent: set IP_TRANSPARENT socket option. 278 * @param freebind: set IP_FREEBIND socket option. 279 * @param use_systemd: if true, fetch sockets from systemd. 280 * @param dscp: DSCP to use. 281 * @return: the socket. -1 on error. 282 */ 283 int create_udp_sock(int family, int socktype, struct sockaddr* addr, 284 socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv, 285 int snd, int listen, int* reuseport, int transparent, int freebind, int use_systemd, int dscp); 286 287 /** 288 * Create and bind TCP listening socket 289 * @param addr: address info ready to make socket. 290 * @param v6only: enable ip6 only flag on ip6 sockets. 291 * @param noproto: if error caused by lack of protocol support. 292 * @param reuseport: if nonNULL and true, try to set SO_REUSEPORT on 293 * listening UDP port. Set to false on return if it failed to do so. 294 * @param transparent: set IP_TRANSPARENT socket option. 295 * @param mss: maximum segment size of the socket. if zero, leaves the default. 296 * @param nodelay: if true set TCP_NODELAY and TCP_QUICKACK socket options. 297 * @param freebind: set IP_FREEBIND socket option. 298 * @param use_systemd: if true, fetch sockets from systemd. 299 * @param dscp: DSCP to use. 300 * @param additional: additional log information for the socket type. 301 * @return: the socket. -1 on error. 302 */ 303 int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, 304 int* reuseport, int transparent, int mss, int nodelay, int freebind, 305 int use_systemd, int dscp, const char* additional); 306 307 /** 308 * Create and bind local listening socket 309 * @param path: path to the socket. 310 * @param noproto: on error, this is set true if cause is that local sockets 311 * are not supported. 312 * @param use_systemd: if true, fetch sockets from systemd. 313 * @return: the socket. -1 on error. 314 */ 315 int create_local_accept_sock(const char* path, int* noproto, int use_systemd); 316 317 /** 318 * TCP request info. List of requests outstanding on the channel, that 319 * are asked for but not yet answered back. 320 */ 321 struct tcp_req_info { 322 /** the TCP comm point for this. Its buffer is used for read/write */ 323 struct comm_point* cp; 324 /** the buffer to use to spool reply from mesh into, 325 * it can then be copied to the result list and written. 326 * it is a pointer to the shared udp buffer. */ 327 struct sldns_buffer* spool_buffer; 328 /** are we in worker_handle function call (for recursion callback)*/ 329 int in_worker_handle; 330 /** is the comm point dropped (by worker handle). 331 * That means we have to disconnect the channel. */ 332 int is_drop; 333 /** is the comm point set to send_reply (by mesh new client in worker 334 * handle), if so answer is available in c.buffer */ 335 int is_reply; 336 /** read channel has closed, just write pending results */ 337 int read_is_closed; 338 /** read again */ 339 int read_again; 340 /** number of outstanding requests */ 341 int num_open_req; 342 /** list of outstanding requests */ 343 struct tcp_req_open_item* open_req_list; 344 /** number of pending writeable results */ 345 int num_done_req; 346 /** list of pending writable result packets, malloced one at a time */ 347 struct tcp_req_done_item* done_req_list; 348 }; 349 350 /** 351 * List of open items in TCP channel 352 */ 353 struct tcp_req_open_item { 354 /** next in list */ 355 struct tcp_req_open_item* next; 356 /** the mesh area of the mesh_state */ 357 struct mesh_area* mesh; 358 /** the mesh state */ 359 struct mesh_state* mesh_state; 360 }; 361 362 /** 363 * List of done items in TCP channel 364 */ 365 struct tcp_req_done_item { 366 /** next in list */ 367 struct tcp_req_done_item* next; 368 /** the buffer with packet contents */ 369 uint8_t* buf; 370 /** length of the buffer */ 371 size_t len; 372 }; 373 374 /** 375 * Create tcp request info structure that keeps track of open 376 * requests on the TCP channel that are resolved at the same time, 377 * and the pending results that have to get written back to that client. 378 * @param spoolbuf: shared buffer 379 * @return new structure or NULL on alloc failure. 380 */ 381 struct tcp_req_info* tcp_req_info_create(struct sldns_buffer* spoolbuf); 382 383 /** 384 * Delete tcp request structure. Called by owning commpoint. 385 * Removes mesh entry references and stored results from the lists. 386 * @param req: the tcp request info 387 */ 388 void tcp_req_info_delete(struct tcp_req_info* req); 389 390 /** 391 * Clear tcp request structure. Removes list entries, sets it up ready 392 * for the next connection. 393 * @param req: tcp request info structure. 394 */ 395 void tcp_req_info_clear(struct tcp_req_info* req); 396 397 /** 398 * Remove mesh state entry from list in tcp_req_info. 399 * caller has to manage the mesh state reply entry in the mesh state. 400 * @param req: the tcp req info that has the entry removed from the list. 401 * @param m: the state removed from the list. 402 */ 403 void tcp_req_info_remove_mesh_state(struct tcp_req_info* req, 404 struct mesh_state* m); 405 406 /** 407 * Handle write done of the last result packet 408 * @param req: the tcp req info. 409 */ 410 void tcp_req_info_handle_writedone(struct tcp_req_info* req); 411 412 /** 413 * Handle read done of a new request from the client 414 * @param req: the tcp req info. 415 */ 416 void tcp_req_info_handle_readdone(struct tcp_req_info* req); 417 418 /** 419 * Add mesh state to the tcp req list of open requests. 420 * So the comm_reply can be removed off the mesh reply list when 421 * the tcp channel has to be closed (for other reasons then that that 422 * request was done, eg. channel closed by client or some format error). 423 * @param req: tcp req info structure. It keeps track of the simultaneous 424 * requests and results on a tcp (or TLS) channel. 425 * @param mesh: mesh area for the state. 426 * @param m: mesh state to add. 427 * @return 0 on failure (malloc failure). 428 */ 429 int tcp_req_info_add_meshstate(struct tcp_req_info* req, 430 struct mesh_area* mesh, struct mesh_state* m); 431 432 /** 433 * Send reply on tcp simultaneous answer channel. May queue it up. 434 * @param req: request info structure. 435 */ 436 void tcp_req_info_send_reply(struct tcp_req_info* req); 437 438 /** the read channel has closed 439 * @param req: request. remaining queries are looked up and answered. 440 * @return zero if nothing to do, just close the tcp. 441 */ 442 int tcp_req_info_handle_read_close(struct tcp_req_info* req); 443 444 /** get the size of currently used tcp stream wait buffers (in bytes) */ 445 size_t tcp_req_info_get_stream_buffer_size(void); 446 447 /** get the size of currently used HTTP2 query buffers (in bytes) */ 448 size_t http2_get_query_buffer_size(void); 449 /** get the size of currently used HTTP2 response buffers (in bytes) */ 450 size_t http2_get_response_buffer_size(void); 451 452 #ifdef HAVE_NGHTTP2 453 /** 454 * Create nghttp2 callbacks to handle HTTP2 requests. 455 * @return malloc'ed struct, NULL on failure 456 */ 457 nghttp2_session_callbacks* http2_req_callbacks_create(void); 458 459 /** Free http2 stream buffers and decrease buffer counters */ 460 void http2_req_stream_clear(struct http2_stream* h2_stream); 461 462 /** 463 * DNS response ready to be submitted to nghttp2, to be prepared for sending 464 * out. Response is stored in c->buffer. Copy to rbuffer because the c->buffer 465 * might be used before this will be send out. 466 * @param h2_session: http2 session, containing c->buffer which contains answer 467 * @param h2_stream: http2 stream, containing buffer to store answer in 468 * @return 0 on error, 1 otherwise 469 */ 470 int http2_submit_dns_response(struct http2_session* h2_session); 471 #else 472 int http2_submit_dns_response(void* v); 473 #endif /* HAVE_NGHTTP2 */ 474 475 #ifdef HAVE_NGTCP2 476 struct doq_conid; 477 struct doq_server_socket; 478 479 /** 480 * DoQ shared connection table. This is the connections for the host. 481 * And some config parameter values for connections. The host has to 482 * respond on that ip,port for those connections, so they are shared 483 * between threads. 484 */ 485 struct doq_table { 486 /** the lock on the tree and config elements. insert and deletion, 487 * also lookup in the tree needs to hold the lock. */ 488 lock_rw_type lock; 489 /** rbtree of doq_conn, the connections to different destination 490 * addresses, and can be found by dcid. */ 491 struct rbtree_type* conn_tree; 492 /** lock for the conid tree, needed for the conid tree and also 493 * the conid elements */ 494 lock_rw_type conid_lock; 495 /** rbtree of doq_conid, connections can be found by their 496 * connection ids. Lookup by connection id, finds doq_conn. */ 497 struct rbtree_type* conid_tree; 498 /** the server scid length */ 499 int sv_scidlen; 500 /** the static secret for the server */ 501 uint8_t* static_secret; 502 /** length of the static secret */ 503 size_t static_secret_len; 504 /** the idle timeout in nanoseconds */ 505 uint64_t idle_timeout; 506 /** the list of write interested connections, hold the doq_table.lock 507 * to change them */ 508 struct doq_conn* write_list_first, *write_list_last; 509 /** rbtree of doq_timer. */ 510 struct rbtree_type* timer_tree; 511 /** lock on the current_size counter. */ 512 lock_basic_type size_lock; 513 /** current use, in bytes, of QUIC buffers. 514 * The doq_conn ngtcp2_conn structure, SSL structure and conid structs 515 * are not counted. */ 516 size_t current_size; 517 }; 518 519 /** 520 * create SSL context for QUIC 521 * @param key: private key file. 522 * @param pem: public key cert. 523 * @param verifypem: if nonNULL, verifylocation file. 524 * return SSL_CTX* or NULL on failure (logged). 525 */ 526 void* quic_sslctx_create(char* key, char* pem, char* verifypem); 527 528 /** create doq table */ 529 struct doq_table* doq_table_create(struct config_file* cfg, 530 struct ub_randstate* rnd); 531 532 /** delete doq table */ 533 void doq_table_delete(struct doq_table* table); 534 535 /** 536 * Timer information for doq timer. 537 */ 538 struct doq_timer { 539 /** The rbnode in the tree sorted by timeout value. Key this struct. */ 540 struct rbnode_type node; 541 /** The timeout value. Absolute time value. */ 542 struct timeval time; 543 /** If the timer is in the time tree, with the node. */ 544 int timer_in_tree; 545 /** If there are more timers with the exact same timeout value, 546 * they form a set of timers. The rbnode timer has a link to the list 547 * with the other timers in the set. The rbnode timer is not a 548 * member of the list with the other timers. The other timers are not 549 * linked into the tree. */ 550 struct doq_timer* setlist_first, *setlist_last; 551 /** If the timer is on the setlist. */ 552 int timer_in_list; 553 /** If in the setlist, the next and prev element. */ 554 struct doq_timer* setlist_next, *setlist_prev; 555 /** The connection that is timeouted. */ 556 struct doq_conn* conn; 557 /** The worker that is waiting for the timeout event. 558 * Set for the rbnode tree linked element. If a worker is waiting 559 * for the event. If NULL, no worker is waiting for this timeout. */ 560 struct doq_server_socket* worker_doq_socket; 561 }; 562 563 /** 564 * Key information that makes a doq_conn node in the tree lookup. 565 */ 566 struct doq_conn_key { 567 /** the remote endpoint and local endpoint and ifindex */ 568 struct doq_pkt_addr paddr; 569 /** the doq connection dcid */ 570 uint8_t* dcid; 571 /** length of dcid */ 572 size_t dcidlen; 573 }; 574 575 /** 576 * DoQ connection, for DNS over QUIC. One connection to a remote endpoint 577 * with a number of streams in it. Every stream is like a tcp stream with 578 * a uint16_t length, query read, and a uint16_t length and answer written. 579 */ 580 struct doq_conn { 581 /** rbtree node, key is addresses and dcid */ 582 struct rbnode_type node; 583 /** lock on the connection */ 584 lock_basic_type lock; 585 /** the key information, with dcid and address endpoint */ 586 struct doq_conn_key key; 587 /** the doq server socket for inside callbacks */ 588 struct doq_server_socket* doq_socket; 589 /** the doq table this connection is part of */ 590 struct doq_table* table; 591 /** if the connection is about to be deleted. */ 592 uint8_t is_deleted; 593 /** the version, the client chosen version of QUIC */ 594 uint32_t version; 595 /** the ngtcp2 connection, a server connection */ 596 struct ngtcp2_conn* conn; 597 /** the connection ids that are associated with this doq_conn. 598 * There can be a number, that can change. They are linked here, 599 * so that upon removal, the list of actually associated conid 600 * elements can be removed as well. */ 601 struct doq_conid* conid_list; 602 /** the ngtcp2 last error for the connection */ 603 #ifdef HAVE_NGTCP2_CCERR_DEFAULT 604 struct ngtcp2_ccerr ccerr; 605 #else 606 struct ngtcp2_connection_close_error last_error; 607 #endif 608 /** the recent tls alert error code */ 609 uint8_t tls_alert; 610 /** the ssl context, SSL* */ 611 void* ssl; 612 #if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT) 613 /** the connection reference for ngtcp2_conn and userdata in ssl */ 614 struct ngtcp2_crypto_conn_ref conn_ref; 615 #endif 616 #ifdef USE_NGTCP2_CRYPTO_OSSL 617 /** the per-connection state for ngtcp2_crypto_ossl */ 618 struct ngtcp2_crypto_ossl_ctx* ossl_ctx; 619 #endif 620 /** closure packet, if any */ 621 uint8_t* close_pkt; 622 /** length of closure packet. */ 623 size_t close_pkt_len; 624 /** closure ecn */ 625 uint32_t close_ecn; 626 /** the streams for this connection, of type doq_stream */ 627 struct rbtree_type stream_tree; 628 /** the streams that want write, they have something to write. 629 * The list is ordered, the last have to wait for the first to 630 * get their data written. */ 631 struct doq_stream* stream_write_first, *stream_write_last; 632 /** the conn has write interest if true, no write interest if false. */ 633 uint8_t write_interest; 634 /** if the conn is on the connection write list */ 635 uint8_t on_write_list; 636 /** the connection write list prev and next, if on the write list */ 637 struct doq_conn* write_prev, *write_next; 638 /** The timer for the connection. If unused, it is not in the tree 639 * and not in the list. It is alloced here, so that it is prealloced. 640 * It has to be set after every read and write on the connection, so 641 * this improves performance, but also the allocation does not fail. */ 642 struct doq_timer timer; 643 }; 644 645 /** 646 * Connection ID and the doq_conn that is that connection. A connection 647 * has an original dcid, and then more connection ids associated. 648 */ 649 struct doq_conid { 650 /** rbtree node, key is the connection id. */ 651 struct rbnode_type node; 652 /** the next and prev in the list of conids for the doq_conn */ 653 struct doq_conid* next, *prev; 654 /** key to the doq_conn that is the connection */ 655 struct doq_conn_key key; 656 /** the connection id, byte string */ 657 uint8_t* cid; 658 /** the length of cid */ 659 size_t cidlen; 660 }; 661 662 /** 663 * DoQ stream, for DNS over QUIC. 664 */ 665 struct doq_stream { 666 /** the rbtree node for the stream, key is the stream_id */ 667 rbnode_type node; 668 /** the stream id */ 669 int64_t stream_id; 670 /** if the stream is closed */ 671 uint8_t is_closed; 672 /** if the query is complete */ 673 uint8_t is_query_complete; 674 /** the number of bytes read on the stream, up to querylen+2. */ 675 size_t nread; 676 /** the length of the input query bytes */ 677 size_t inlen; 678 /** the input bytes */ 679 uint8_t* in; 680 /** does the stream have an answer to send */ 681 uint8_t is_answer_available; 682 /** the answer bytes sent, up to outlen+2. */ 683 size_t nwrite; 684 /** the length of the output answer bytes */ 685 size_t outlen; 686 /** the output length in network wireformat */ 687 uint16_t outlen_wire; 688 /** the output packet bytes */ 689 uint8_t* out; 690 /** if the stream is on the write list */ 691 uint8_t on_write_list; 692 /** the prev and next on the write list, if on the list */ 693 struct doq_stream* write_prev, *write_next; 694 }; 695 696 /** doq application error code that is sent when a stream is closed */ 697 #define DOQ_APP_ERROR_CODE 1 698 699 /** 700 * Create the doq connection. 701 * @param c: the comm point for the listening doq socket. 702 * @param paddr: with remote and local address and ifindex for the 703 * connection destination. This is where packets are sent. 704 * @param dcid: the dcid, Destination Connection ID. 705 * @param dcidlen: length of dcid. 706 * @param version: client chosen version. 707 * @return new doq connection or NULL on allocation failure. 708 */ 709 struct doq_conn* doq_conn_create(struct comm_point* c, 710 struct doq_pkt_addr* paddr, const uint8_t* dcid, size_t dcidlen, 711 uint32_t version); 712 713 /** 714 * Delete the doq connection structure. 715 * @param conn: to delete. 716 * @param table: with memory size. 717 */ 718 void doq_conn_delete(struct doq_conn* conn, struct doq_table* table); 719 720 /** compare function of doq_conn */ 721 int doq_conn_cmp(const void* key1, const void* key2); 722 723 /** compare function of doq_conid */ 724 int doq_conid_cmp(const void* key1, const void* key2); 725 726 /** compare function of doq_timer */ 727 int doq_timer_cmp(const void* key1, const void* key2); 728 729 /** compare function of doq_stream */ 730 int doq_stream_cmp(const void* key1, const void* key2); 731 732 /** setup the doq connection callbacks, and settings. */ 733 int doq_conn_setup(struct doq_conn* conn, uint8_t* scid, size_t scidlen, 734 uint8_t* ocid, size_t ocidlen, const uint8_t* token, size_t tokenlen); 735 736 /** fill a buffer with random data */ 737 void doq_fill_rand(struct ub_randstate* rnd, uint8_t* buf, size_t len); 738 739 /** delete a doq_conid */ 740 void doq_conid_delete(struct doq_conid* conid); 741 742 /** add a connection id to the doq_conn. 743 * caller must hold doq_table.conid_lock. */ 744 int doq_conn_associate_conid(struct doq_conn* conn, uint8_t* data, 745 size_t datalen); 746 747 /** remove a connection id from the doq_conn. 748 * caller must hold doq_table.conid_lock. */ 749 void doq_conn_dissociate_conid(struct doq_conn* conn, const uint8_t* data, 750 size_t datalen); 751 752 /** initial setup to link current connection ids to the doq_conn */ 753 int doq_conn_setup_conids(struct doq_conn* conn); 754 755 /** remove the connection ids from the doq_conn. 756 * caller must hold doq_table.conid_lock. */ 757 void doq_conn_clear_conids(struct doq_conn* conn); 758 759 /** find a conid in the doq_conn connection. 760 * caller must hold table.conid_lock. */ 761 struct doq_conid* doq_conid_find(struct doq_table* doq_table, 762 const uint8_t* data, size_t datalen); 763 764 /** receive a packet for a connection */ 765 int doq_conn_recv(struct comm_point* c, struct doq_pkt_addr* paddr, 766 struct doq_conn* conn, struct ngtcp2_pkt_info* pi, int* err_retry, 767 int* err_drop); 768 769 /** send packets for a connection */ 770 int doq_conn_write_streams(struct comm_point* c, struct doq_conn* conn, 771 int* err_drop); 772 773 /** send the close packet for the connection, perhaps again. */ 774 int doq_conn_send_close(struct comm_point* c, struct doq_conn* conn); 775 776 /** delete doq stream */ 777 void doq_stream_delete(struct doq_stream* stream); 778 779 /** doq read a connection key from repinfo. It is not malloced, but points 780 * into the repinfo for the dcid. */ 781 void doq_conn_key_from_repinfo(struct doq_conn_key* key, 782 struct comm_reply* repinfo); 783 784 /** doq find a stream in the connection */ 785 struct doq_stream* doq_stream_find(struct doq_conn* conn, int64_t stream_id); 786 787 /** doq shutdown the stream. */ 788 int doq_stream_close(struct doq_conn* conn, struct doq_stream* stream, 789 int send_shutdown); 790 791 /** send reply for a connection */ 792 int doq_stream_send_reply(struct doq_conn* conn, struct doq_stream* stream, 793 struct sldns_buffer* buf); 794 795 /** the connection has write interest, wants to write packets */ 796 void doq_conn_write_enable(struct doq_conn* conn); 797 798 /** the connection has no write interest, does not want to write packets */ 799 void doq_conn_write_disable(struct doq_conn* conn); 800 801 /** set the connection on or off the write list, depending on write interest */ 802 void doq_conn_set_write_list(struct doq_table* table, struct doq_conn* conn); 803 804 /** doq remove the connection from the write list */ 805 void doq_conn_write_list_remove(struct doq_table* table, 806 struct doq_conn* conn); 807 808 /** doq get the first conn from the write list, if any, popped from list. 809 * Locks the conn that is returned. */ 810 struct doq_conn* doq_table_pop_first(struct doq_table* table); 811 812 /** 813 * doq check if the timer for the conn needs to be changed. 814 * @param conn: connection, caller must hold lock on it. 815 * @param tv: time value, absolute time, returned. 816 * @return true if timer needs to be set to tv, false if no change is needed 817 * to the timer. The timer is already set to the right time in that case. 818 */ 819 int doq_conn_check_timer(struct doq_conn* conn, struct timeval* tv); 820 821 /** doq remove timer from tree */ 822 void doq_timer_tree_remove(struct doq_table* table, struct doq_timer* timer); 823 824 /** doq remove timer from list */ 825 void doq_timer_list_remove(struct doq_table* table, struct doq_timer* timer); 826 827 /** doq unset the timer if it was set. */ 828 void doq_timer_unset(struct doq_table* table, struct doq_timer* timer); 829 830 /** doq set the timer and add it. */ 831 void doq_timer_set(struct doq_table* table, struct doq_timer* timer, 832 struct doq_server_socket* worker_doq_socket, struct timeval* tv); 833 834 /** doq find a timeout in the timer tree */ 835 struct doq_timer* doq_timer_find_time(struct doq_table* table, 836 struct timeval* tv); 837 838 /** doq handle timeout for a connection. Pass conn locked. Returns false for 839 * deletion. */ 840 int doq_conn_handle_timeout(struct doq_conn* conn); 841 842 /** doq add size to the current quic buffer counter */ 843 void doq_table_quic_size_add(struct doq_table* table, size_t add); 844 845 /** doq subtract size from the current quic buffer counter */ 846 void doq_table_quic_size_subtract(struct doq_table* table, size_t subtract); 847 848 /** doq check if mem is available for quic. */ 849 int doq_table_quic_size_available(struct doq_table* table, 850 struct config_file* cfg, size_t mem); 851 852 /** doq get the quic size value */ 853 size_t doq_table_quic_size_get(struct doq_table* table); 854 #endif /* HAVE_NGTCP2 */ 855 856 char* set_ip_dscp(int socket, int addrfamily, int ds); 857 858 /** for debug and profiling purposes only 859 * @param ub_sock: the structure containing created socket info we want to print or log for 860 */ 861 void verbose_print_unbound_socket(struct unbound_socket* ub_sock); 862 863 /** event callback for testcode/doqclient */ 864 void doq_client_event_cb(int fd, short event, void* arg); 865 866 /** timer event callback for testcode/doqclient */ 867 void doq_client_timer_cb(int fd, short event, void* arg); 868 869 #ifdef HAVE_NGTCP2 870 /** get a timestamp in nanoseconds */ 871 ngtcp2_tstamp doq_get_timestamp_nanosec(void); 872 #endif 873 #endif /* LISTEN_DNSPORT_H */ 874