1 /* 2 * daemon/daemon.c - collection of workers that handles requests. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * The daemon consists of global settings and a number of workers. 40 */ 41 42 #include "config.h" 43 #ifdef HAVE_OPENSSL_ERR_H 44 #include <openssl/err.h> 45 #endif 46 47 #ifdef HAVE_OPENSSL_RAND_H 48 #include <openssl/rand.h> 49 #endif 50 51 #ifdef HAVE_OPENSSL_CONF_H 52 #include <openssl/conf.h> 53 #endif 54 55 #ifdef HAVE_OPENSSL_ENGINE_H 56 #include <openssl/engine.h> 57 #endif 58 59 #ifdef HAVE_TIME_H 60 #include <time.h> 61 #endif 62 #include <sys/time.h> 63 64 #ifdef HAVE_NSS 65 /* nss3 */ 66 #include "nss.h" 67 #endif 68 69 #include "daemon/daemon.h" 70 #include "daemon/worker.h" 71 #include "daemon/remote.h" 72 #include "daemon/acl_list.h" 73 #include "util/log.h" 74 #include "util/config_file.h" 75 #include "util/data/msgreply.h" 76 #include "util/shm_side/shm_main.h" 77 #include "util/storage/lookup3.h" 78 #include "util/storage/slabhash.h" 79 #include "util/tcp_conn_limit.h" 80 #include "util/edns.h" 81 #include "services/listen_dnsport.h" 82 #include "services/cache/rrset.h" 83 #include "services/cache/infra.h" 84 #include "services/localzone.h" 85 #include "services/view.h" 86 #include "services/modstack.h" 87 #include "services/authzone.h" 88 #include "util/module.h" 89 #include "util/random.h" 90 #include "util/tube.h" 91 #include "util/net_help.h" 92 #include "sldns/keyraw.h" 93 #include "respip/respip.h" 94 #include <signal.h> 95 96 #ifdef HAVE_SYSTEMD 97 #include <systemd/sd-daemon.h> 98 #endif 99 #ifdef HAVE_NETDB_H 100 #include <netdb.h> 101 #endif 102 103 /** How many quit requests happened. */ 104 static int sig_record_quit = 0; 105 /** How many reload requests happened. */ 106 static int sig_record_reload = 0; 107 108 #if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS 109 /** cleaner ssl memory freeup */ 110 static void* comp_meth = NULL; 111 #endif 112 /** remove buffers for parsing and init */ 113 int ub_c_lex_destroy(void); 114 115 /** used when no other sighandling happens, so we don't die 116 * when multiple signals in quick succession are sent to us. 117 * @param sig: signal number. 118 * @return signal handler return type (void or int). 119 */ 120 static RETSIGTYPE record_sigh(int sig) 121 { 122 #ifdef LIBEVENT_SIGNAL_PROBLEM 123 /* cannot log, verbose here because locks may be held */ 124 /* quit on signal, no cleanup and statistics, 125 because installed libevent version is not threadsafe */ 126 exit(0); 127 #endif 128 switch(sig) 129 { 130 case SIGTERM: 131 #ifdef SIGQUIT 132 case SIGQUIT: 133 #endif 134 #ifdef SIGBREAK 135 case SIGBREAK: 136 #endif 137 case SIGINT: 138 sig_record_quit++; 139 break; 140 #ifdef SIGHUP 141 case SIGHUP: 142 sig_record_reload++; 143 break; 144 #endif 145 #ifdef SIGPIPE 146 case SIGPIPE: 147 break; 148 #endif 149 default: 150 /* ignoring signal */ 151 break; 152 } 153 } 154 155 /** 156 * Signal handling during the time when netevent is disabled. 157 * Stores signals to replay later. 158 */ 159 static void 160 signal_handling_record(void) 161 { 162 if( signal(SIGTERM, record_sigh) == SIG_ERR || 163 #ifdef SIGQUIT 164 signal(SIGQUIT, record_sigh) == SIG_ERR || 165 #endif 166 #ifdef SIGBREAK 167 signal(SIGBREAK, record_sigh) == SIG_ERR || 168 #endif 169 #ifdef SIGHUP 170 signal(SIGHUP, record_sigh) == SIG_ERR || 171 #endif 172 #ifdef SIGPIPE 173 signal(SIGPIPE, SIG_IGN) == SIG_ERR || 174 #endif 175 signal(SIGINT, record_sigh) == SIG_ERR 176 ) 177 log_err("install sighandler: %s", strerror(errno)); 178 } 179 180 /** 181 * Replay old signals. 182 * @param wrk: worker that handles signals. 183 */ 184 static void 185 signal_handling_playback(struct worker* wrk) 186 { 187 #ifdef SIGHUP 188 if(sig_record_reload) 189 worker_sighandler(SIGHUP, wrk); 190 #endif 191 if(sig_record_quit) 192 worker_sighandler(SIGTERM, wrk); 193 sig_record_quit = 0; 194 sig_record_reload = 0; 195 } 196 197 struct daemon* 198 daemon_init(void) 199 { 200 struct daemon* daemon = (struct daemon*)calloc(1, 201 sizeof(struct daemon)); 202 #ifdef USE_WINSOCK 203 int r; 204 WSADATA wsa_data; 205 #endif 206 if(!daemon) 207 return NULL; 208 #ifdef USE_WINSOCK 209 r = WSAStartup(MAKEWORD(2,2), &wsa_data); 210 if(r != 0) { 211 fatal_exit("could not init winsock. WSAStartup: %s", 212 wsa_strerror(r)); 213 } 214 #endif /* USE_WINSOCK */ 215 signal_handling_record(); 216 #ifdef HAVE_SSL 217 # ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS 218 ERR_load_crypto_strings(); 219 # endif 220 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 221 ERR_load_SSL_strings(); 222 #endif 223 # ifdef USE_GOST 224 (void)sldns_key_EVP_load_gost_id(); 225 # endif 226 # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) 227 # ifndef S_SPLINT_S 228 OpenSSL_add_all_algorithms(); 229 # endif 230 # else 231 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS 232 | OPENSSL_INIT_ADD_ALL_DIGESTS 233 | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); 234 # endif 235 # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS 236 /* grab the COMP method ptr because openssl leaks it */ 237 comp_meth = (void*)SSL_COMP_get_compression_methods(); 238 # endif 239 # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 240 (void)SSL_library_init(); 241 # else 242 (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); 243 # endif 244 # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) 245 if(!ub_openssl_lock_init()) 246 fatal_exit("could not init openssl locks"); 247 # endif 248 #elif defined(HAVE_NSS) 249 if(NSS_NoDB_Init(NULL) != SECSuccess) 250 fatal_exit("could not init NSS"); 251 #endif /* HAVE_SSL or HAVE_NSS */ 252 #ifdef HAVE_TZSET 253 /* init timezone info while we are not chrooted yet */ 254 tzset(); 255 #endif 256 daemon->need_to_exit = 0; 257 modstack_init(&daemon->mods); 258 if(!(daemon->env = (struct module_env*)calloc(1, 259 sizeof(*daemon->env)))) { 260 free(daemon); 261 return NULL; 262 } 263 /* init edns_known_options */ 264 if(!edns_known_options_init(daemon->env)) { 265 free(daemon->env); 266 free(daemon); 267 return NULL; 268 } 269 alloc_init(&daemon->superalloc, NULL, 0); 270 daemon->acl = acl_list_create(); 271 if(!daemon->acl) { 272 edns_known_options_delete(daemon->env); 273 free(daemon->env); 274 free(daemon); 275 return NULL; 276 } 277 daemon->acl_interface = acl_list_create(); 278 if(!daemon->acl_interface) { 279 acl_list_delete(daemon->acl); 280 edns_known_options_delete(daemon->env); 281 free(daemon->env); 282 free(daemon); 283 return NULL; 284 } 285 daemon->tcl = tcl_list_create(); 286 if(!daemon->tcl) { 287 acl_list_delete(daemon->acl_interface); 288 acl_list_delete(daemon->acl); 289 edns_known_options_delete(daemon->env); 290 free(daemon->env); 291 free(daemon); 292 return NULL; 293 } 294 listen_setup_locks(); 295 if(gettimeofday(&daemon->time_boot, NULL) < 0) 296 log_err("gettimeofday: %s", strerror(errno)); 297 daemon->time_last_stat = daemon->time_boot; 298 if((daemon->env->auth_zones = auth_zones_create()) == 0) { 299 acl_list_delete(daemon->acl_interface); 300 acl_list_delete(daemon->acl); 301 tcl_list_delete(daemon->tcl); 302 edns_known_options_delete(daemon->env); 303 free(daemon->env); 304 free(daemon); 305 return NULL; 306 } 307 if(!(daemon->env->edns_strings = edns_strings_create())) { 308 auth_zones_delete(daemon->env->auth_zones); 309 acl_list_delete(daemon->acl_interface); 310 acl_list_delete(daemon->acl); 311 tcl_list_delete(daemon->tcl); 312 edns_known_options_delete(daemon->env); 313 free(daemon->env); 314 free(daemon); 315 return NULL; 316 } 317 return daemon; 318 } 319 320 static int setup_acl_for_ports(struct acl_list* list, 321 struct listen_port* port_list) 322 { 323 struct acl_addr* acl_node; 324 struct addrinfo* addr; 325 for(; port_list; port_list=port_list->next) { 326 if(!port_list->socket) { 327 /* This is mainly for testbound where port_list is 328 * empty. */ 329 continue; 330 } 331 addr = port_list->socket->addr; 332 if(!(acl_node = acl_interface_insert(list, 333 (struct sockaddr_storage*)addr->ai_addr, 334 (socklen_t)addr->ai_addrlen, 335 acl_refuse))) { 336 return 0; 337 } 338 port_list->socket->acl = acl_node; 339 } 340 return 1; 341 } 342 343 int 344 daemon_open_shared_ports(struct daemon* daemon) 345 { 346 log_assert(daemon); 347 if(daemon->cfg->port != daemon->listening_port) { 348 char** resif = NULL; 349 int num_resif = 0; 350 size_t i; 351 struct listen_port* p0; 352 daemon->reuseport = 0; 353 /* free and close old ports */ 354 if(daemon->ports != NULL) { 355 for(i=0; i<daemon->num_ports; i++) 356 listening_ports_free(daemon->ports[i]); 357 free(daemon->ports); 358 daemon->ports = NULL; 359 } 360 /* clean acl_interface */ 361 acl_interface_init(daemon->acl_interface); 362 if(!resolve_interface_names(daemon->cfg->ifs, 363 daemon->cfg->num_ifs, NULL, &resif, &num_resif)) 364 return 0; 365 /* see if we want to reuseport */ 366 #ifdef SO_REUSEPORT 367 if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0) 368 daemon->reuseport = 1; 369 #endif 370 /* try to use reuseport */ 371 p0 = listening_ports_open(daemon->cfg, resif, num_resif, 372 &daemon->reuseport); 373 if(!p0) { 374 listening_ports_free(p0); 375 config_del_strarray(resif, num_resif); 376 return 0; 377 } 378 if(daemon->reuseport) { 379 /* reuseport was successful, allocate for it */ 380 daemon->num_ports = (size_t)daemon->cfg->num_threads; 381 } else { 382 /* do the normal, singleportslist thing, 383 * reuseport not enabled or did not work */ 384 daemon->num_ports = 1; 385 } 386 if(!(daemon->ports = (struct listen_port**)calloc( 387 daemon->num_ports, sizeof(*daemon->ports)))) { 388 listening_ports_free(p0); 389 config_del_strarray(resif, num_resif); 390 return 0; 391 } 392 daemon->ports[0] = p0; 393 if(!setup_acl_for_ports(daemon->acl_interface, 394 daemon->ports[0])) { 395 listening_ports_free(p0); 396 config_del_strarray(resif, num_resif); 397 return 0; 398 } 399 if(daemon->reuseport) { 400 /* continue to use reuseport */ 401 for(i=1; i<daemon->num_ports; i++) { 402 if(!(daemon->ports[i]= 403 listening_ports_open(daemon->cfg, 404 resif, num_resif, 405 &daemon->reuseport)) 406 || !daemon->reuseport ) { 407 for(i=0; i<daemon->num_ports; i++) 408 listening_ports_free(daemon->ports[i]); 409 free(daemon->ports); 410 daemon->ports = NULL; 411 config_del_strarray(resif, num_resif); 412 return 0; 413 } 414 if(!setup_acl_for_ports(daemon->acl_interface, 415 daemon->ports[i])) { 416 for(i=0; i<daemon->num_ports; i++) 417 listening_ports_free(daemon->ports[i]); 418 free(daemon->ports); 419 daemon->ports = NULL; 420 config_del_strarray(resif, num_resif); 421 return 0; 422 } 423 } 424 } 425 config_del_strarray(resif, num_resif); 426 daemon->listening_port = daemon->cfg->port; 427 } 428 if(!daemon->cfg->remote_control_enable && daemon->rc_port) { 429 listening_ports_free(daemon->rc_ports); 430 daemon->rc_ports = NULL; 431 daemon->rc_port = 0; 432 } 433 if(daemon->cfg->remote_control_enable && 434 daemon->cfg->control_port != daemon->rc_port) { 435 listening_ports_free(daemon->rc_ports); 436 if(!(daemon->rc_ports=daemon_remote_open_ports(daemon->cfg))) 437 return 0; 438 daemon->rc_port = daemon->cfg->control_port; 439 } 440 return 1; 441 } 442 443 /** 444 * Setup modules. setup module stack. 445 * @param daemon: the daemon 446 */ 447 static void daemon_setup_modules(struct daemon* daemon) 448 { 449 daemon->env->cfg = daemon->cfg; 450 daemon->env->alloc = &daemon->superalloc; 451 daemon->env->worker = NULL; 452 daemon->env->need_to_validate = 0; /* set by module init below */ 453 if(!modstack_setup(&daemon->mods, daemon->cfg->module_conf, 454 daemon->env)) { 455 fatal_exit("failed to setup modules"); 456 } 457 log_edns_known_options(VERB_ALGO, daemon->env); 458 } 459 460 /** 461 * Obtain allowed port numbers, concatenate the list, and shuffle them 462 * (ready to be handed out to threads). 463 * @param daemon: the daemon. Uses rand and cfg. 464 * @param shufport: the portlist output. 465 * @return number of ports available. 466 */ 467 static int daemon_get_shufport(struct daemon* daemon, int* shufport) 468 { 469 int i, n, k, temp; 470 int avail = 0; 471 for(i=0; i<65536; i++) { 472 if(daemon->cfg->outgoing_avail_ports[i]) { 473 shufport[avail++] = daemon->cfg-> 474 outgoing_avail_ports[i]; 475 } 476 } 477 if(avail == 0) 478 fatal_exit("no ports are permitted for UDP, add " 479 "with outgoing-port-permit"); 480 /* Knuth shuffle */ 481 n = avail; 482 while(--n > 0) { 483 k = ub_random_max(daemon->rand, n+1); /* 0<= k<= n */ 484 temp = shufport[k]; 485 shufport[k] = shufport[n]; 486 shufport[n] = temp; 487 } 488 return avail; 489 } 490 491 /** 492 * Clear and delete per-worker alloc caches, and free memory maintained in 493 * superalloc. 494 * The rrset and message caches must be empty at the time of call. 495 * @param daemon: the daemon that maintains the alloc caches to be cleared. 496 */ 497 static void 498 daemon_clear_allocs(struct daemon* daemon) 499 { 500 int i; 501 502 for(i=0; i<daemon->num; i++) { 503 alloc_clear(daemon->worker_allocs[i]); 504 free(daemon->worker_allocs[i]); 505 } 506 free(daemon->worker_allocs); 507 daemon->worker_allocs = NULL; 508 509 alloc_clear_special(&daemon->superalloc); 510 } 511 512 /** 513 * Allocate empty worker structures. With backptr and thread-number, 514 * from 0..numthread initialised. Used as user arguments to new threads. 515 * Creates the daemon random generator if it does not exist yet. 516 * The random generator stays existing between reloads with a unique state. 517 * @param daemon: the daemon with (new) config settings. 518 */ 519 static void 520 daemon_create_workers(struct daemon* daemon) 521 { 522 int i, numport; 523 int* shufport; 524 log_assert(daemon && daemon->cfg); 525 if(!daemon->rand) { 526 daemon->rand = ub_initstate(NULL); 527 if(!daemon->rand) 528 fatal_exit("could not init random generator"); 529 hash_set_raninit((uint32_t)ub_random(daemon->rand)); 530 } 531 shufport = (int*)calloc(65536, sizeof(int)); 532 if(!shufport) 533 fatal_exit("out of memory during daemon init"); 534 numport = daemon_get_shufport(daemon, shufport); 535 verbose(VERB_ALGO, "total of %d outgoing ports available", numport); 536 537 daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1); 538 if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) { 539 log_warn("cannot reduce num-threads to %d because so-reuseport " 540 "so continuing with %d threads.", (int)daemon->num, 541 (int)daemon->num_ports); 542 daemon->num = (int)daemon->num_ports; 543 } 544 daemon->workers = (struct worker**)calloc((size_t)daemon->num, 545 sizeof(struct worker*)); 546 if(!daemon->workers) 547 fatal_exit("out of memory during daemon init"); 548 if(daemon->cfg->dnstap) { 549 #ifdef USE_DNSTAP 550 daemon->dtenv = dt_create(daemon->cfg); 551 if (!daemon->dtenv) 552 fatal_exit("dt_create failed"); 553 #else 554 fatal_exit("dnstap enabled in config but not built with dnstap support"); 555 #endif 556 } 557 for(i=0; i<daemon->num; i++) { 558 if(!(daemon->workers[i] = worker_create(daemon, i, 559 shufport+numport*i/daemon->num, 560 numport*(i+1)/daemon->num - numport*i/daemon->num))) 561 /* the above is not ports/numthr, due to rounding */ 562 fatal_exit("could not create worker"); 563 } 564 /* create per-worker alloc caches if not reusing existing ones. */ 565 if(!daemon->worker_allocs) { 566 daemon->worker_allocs = (struct alloc_cache**)calloc( 567 (size_t)daemon->num, sizeof(struct alloc_cache*)); 568 if(!daemon->worker_allocs) 569 fatal_exit("could not allocate worker allocs"); 570 for(i=0; i<daemon->num; i++) { 571 struct alloc_cache* alloc = calloc(1, 572 sizeof(struct alloc_cache)); 573 if (!alloc) 574 fatal_exit("could not allocate worker alloc"); 575 alloc_init(alloc, &daemon->superalloc, i); 576 daemon->worker_allocs[i] = alloc; 577 } 578 } 579 free(shufport); 580 } 581 582 #ifdef THREADS_DISABLED 583 /** 584 * Close all pipes except for the numbered thread. 585 * @param daemon: daemon to close pipes in. 586 * @param thr: thread number 0..num-1 of thread to skip. 587 */ 588 static void close_other_pipes(struct daemon* daemon, int thr) 589 { 590 int i; 591 for(i=0; i<daemon->num; i++) 592 if(i!=thr) { 593 if(i==0) { 594 /* only close read part, need to write stats */ 595 tube_close_read(daemon->workers[i]->cmd); 596 } else { 597 /* complete close channel to others */ 598 tube_delete(daemon->workers[i]->cmd); 599 daemon->workers[i]->cmd = NULL; 600 } 601 } 602 } 603 #endif /* THREADS_DISABLED */ 604 605 /** 606 * Function to start one thread. 607 * @param arg: user argument. 608 * @return: void* user return value could be used for thread_join results. 609 */ 610 static void* 611 thread_start(void* arg) 612 { 613 struct worker* worker = (struct worker*)arg; 614 int port_num = 0; 615 log_thread_set(&worker->thread_num); 616 ub_thread_blocksigs(); 617 #ifdef THREADS_DISABLED 618 /* close pipe ends used by main */ 619 tube_close_write(worker->cmd); 620 close_other_pipes(worker->daemon, worker->thread_num); 621 #endif 622 #ifdef SO_REUSEPORT 623 if(worker->daemon->cfg->so_reuseport) 624 port_num = worker->thread_num % worker->daemon->num_ports; 625 else 626 port_num = 0; 627 #endif 628 if(!worker_init(worker, worker->daemon->cfg, 629 worker->daemon->ports[port_num], 0)) 630 fatal_exit("Could not initialize thread"); 631 632 worker_work(worker); 633 return NULL; 634 } 635 636 /** 637 * Fork and init the other threads. Main thread returns for special handling. 638 * @param daemon: the daemon with other threads to fork. 639 */ 640 static void 641 daemon_start_others(struct daemon* daemon) 642 { 643 int i; 644 log_assert(daemon); 645 verbose(VERB_ALGO, "start threads"); 646 /* skip i=0, is this thread */ 647 for(i=1; i<daemon->num; i++) { 648 ub_thread_create(&daemon->workers[i]->thr_id, 649 thread_start, daemon->workers[i]); 650 #ifdef THREADS_DISABLED 651 /* close pipe end of child */ 652 tube_close_read(daemon->workers[i]->cmd); 653 #endif /* no threads */ 654 } 655 } 656 657 /** 658 * Stop the other threads. 659 * @param daemon: the daemon with other threads. 660 */ 661 static void 662 daemon_stop_others(struct daemon* daemon) 663 { 664 int i; 665 log_assert(daemon); 666 verbose(VERB_ALGO, "stop threads"); 667 /* skip i=0, is this thread */ 668 /* use i=0 buffer for sending cmds; because we are #0 */ 669 for(i=1; i<daemon->num; i++) { 670 worker_send_cmd(daemon->workers[i], worker_cmd_quit); 671 } 672 /* wait for them to quit */ 673 for(i=1; i<daemon->num; i++) { 674 /* join it to make sure its dead */ 675 verbose(VERB_ALGO, "join %d", i); 676 ub_thread_join(daemon->workers[i]->thr_id); 677 verbose(VERB_ALGO, "join success %d", i); 678 } 679 } 680 681 void 682 daemon_fork(struct daemon* daemon) 683 { 684 int have_view_respip_cfg = 0; 685 #ifdef HAVE_SYSTEMD 686 int ret; 687 #endif 688 689 log_assert(daemon); 690 if(!(daemon->views = views_create())) 691 fatal_exit("Could not create views: out of memory"); 692 /* create individual views and their localzone/data trees */ 693 if(!views_apply_cfg(daemon->views, daemon->cfg)) 694 fatal_exit("Could not set up views"); 695 696 if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views)) 697 fatal_exit("Could not setup access control list"); 698 if(!acl_interface_apply_cfg(daemon->acl_interface, daemon->cfg, 699 daemon->views)) 700 fatal_exit("Could not setup interface control list"); 701 if(!tcl_list_apply_cfg(daemon->tcl, daemon->cfg)) 702 fatal_exit("Could not setup TCP connection limits"); 703 if(daemon->cfg->dnscrypt) { 704 #ifdef USE_DNSCRYPT 705 daemon->dnscenv = dnsc_create(); 706 if (!daemon->dnscenv) 707 fatal_exit("dnsc_create failed"); 708 dnsc_apply_cfg(daemon->dnscenv, daemon->cfg); 709 #else 710 fatal_exit("dnscrypt enabled in config but unbound was not built with " 711 "dnscrypt support"); 712 #endif 713 } 714 /* create global local_zones */ 715 if(!(daemon->local_zones = local_zones_create())) 716 fatal_exit("Could not create local zones: out of memory"); 717 if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg)) 718 fatal_exit("Could not set up local zones"); 719 720 /* process raw response-ip configuration data */ 721 if(!(daemon->respip_set = respip_set_create())) 722 fatal_exit("Could not create response IP set"); 723 if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg)) 724 fatal_exit("Could not set up response IP set"); 725 if(!respip_views_apply_cfg(daemon->views, daemon->cfg, 726 &have_view_respip_cfg)) 727 fatal_exit("Could not set up per-view response IP sets"); 728 daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) || 729 have_view_respip_cfg; 730 731 /* setup modules */ 732 daemon_setup_modules(daemon); 733 734 /* read auth zonefiles */ 735 if(!auth_zones_apply_cfg(daemon->env->auth_zones, daemon->cfg, 1, 736 &daemon->use_rpz, daemon->env, &daemon->mods)) 737 fatal_exit("auth_zones could not be setup"); 738 739 /* Set-up EDNS strings */ 740 if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg)) 741 fatal_exit("Could not set up EDNS strings"); 742 743 /* response-ip-xxx options don't work as expected without the respip 744 * module. To avoid run-time operational surprise we reject such 745 * configuration. */ 746 if(daemon->use_response_ip && 747 modstack_find(&daemon->mods, "respip") < 0) 748 fatal_exit("response-ip options require respip module"); 749 /* RPZ response ip triggers don't work as expected without the respip 750 * module. To avoid run-time operational surprise we reject such 751 * configuration. */ 752 if(daemon->use_rpz && 753 modstack_find(&daemon->mods, "respip") < 0) 754 fatal_exit("RPZ requires the respip module"); 755 756 /* first create all the worker structures, so we can pass 757 * them to the newly created threads. 758 */ 759 daemon_create_workers(daemon); 760 761 #if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) 762 /* in libev the first inited base gets signals */ 763 if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1)) 764 fatal_exit("Could not initialize main thread"); 765 #endif 766 767 /* Now create the threads and init the workers. 768 * By the way, this is thread #0 (the main thread). 769 */ 770 daemon_start_others(daemon); 771 772 /* Special handling for the main thread. This is the thread 773 * that handles signals and remote control. 774 */ 775 #if !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) 776 /* libevent has the last inited base get signals (or any base) */ 777 if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1)) 778 fatal_exit("Could not initialize main thread"); 779 #endif 780 signal_handling_playback(daemon->workers[0]); 781 782 if (!shm_main_init(daemon)) 783 log_warn("SHM has failed"); 784 785 /* Start resolver service on main thread. */ 786 #ifdef HAVE_SYSTEMD 787 ret = sd_notify(0, "READY=1"); 788 if(ret <= 0 && getenv("NOTIFY_SOCKET")) 789 fatal_exit("sd_notify failed %s: %s. Make sure that unbound has " 790 "access/permission to use the socket presented by systemd.", 791 getenv("NOTIFY_SOCKET"), 792 (ret==0?"no $NOTIFY_SOCKET": strerror(-ret))); 793 #endif 794 log_info("start of service (%s).", PACKAGE_STRING); 795 worker_work(daemon->workers[0]); 796 #ifdef HAVE_SYSTEMD 797 if (daemon->workers[0]->need_to_exit) 798 sd_notify(0, "STOPPING=1"); 799 else 800 sd_notify(0, "RELOADING=1"); 801 #endif 802 log_info("service stopped (%s).", PACKAGE_STRING); 803 804 /* we exited! a signal happened! Stop other threads */ 805 daemon_stop_others(daemon); 806 807 /* Shutdown SHM */ 808 shm_main_shutdown(daemon); 809 810 daemon->reuse_cache = daemon->workers[0]->reuse_cache; 811 daemon->need_to_exit = daemon->workers[0]->need_to_exit; 812 } 813 814 void 815 daemon_cleanup(struct daemon* daemon) 816 { 817 int i; 818 log_assert(daemon); 819 /* before stopping main worker, handle signals ourselves, so we 820 don't die on multiple reload signals for example. */ 821 signal_handling_record(); 822 log_thread_set(NULL); 823 /* clean up caches because 824 * a) RRset IDs will be recycled after a reload, causing collisions 825 * b) validation config can change, thus rrset, msg, keycache clear 826 * 827 * If we are trying to keep the cache as long as possible, we should 828 * defer the cleanup until we know whether the new configuration allows 829 * the reuse. (If we're exiting, cleanup should be done here). */ 830 if(!daemon->reuse_cache || daemon->need_to_exit) { 831 slabhash_clear(&daemon->env->rrset_cache->table); 832 slabhash_clear(daemon->env->msg_cache); 833 } 834 daemon->old_num = daemon->num; /* save the current num */ 835 local_zones_delete(daemon->local_zones); 836 daemon->local_zones = NULL; 837 respip_set_delete(daemon->respip_set); 838 daemon->respip_set = NULL; 839 views_delete(daemon->views); 840 daemon->views = NULL; 841 if(daemon->env->auth_zones) 842 auth_zones_cleanup(daemon->env->auth_zones); 843 /* key cache is cleared by module desetup during next daemon_fork() */ 844 daemon_remote_clear(daemon->rc); 845 for(i=0; i<daemon->num; i++) 846 worker_delete(daemon->workers[i]); 847 free(daemon->workers); 848 daemon->workers = NULL; 849 /* Unless we're trying to keep the cache, worker alloc_caches should be 850 * cleared and freed here. We do this after deleting workers to 851 * guarantee that the alloc caches are valid throughout the lifetime 852 * of workers. */ 853 if(!daemon->reuse_cache || daemon->need_to_exit) 854 daemon_clear_allocs(daemon); 855 daemon->num = 0; 856 #ifdef USE_DNSTAP 857 dt_delete(daemon->dtenv); 858 daemon->dtenv = NULL; 859 #endif 860 #ifdef USE_DNSCRYPT 861 dnsc_delete(daemon->dnscenv); 862 daemon->dnscenv = NULL; 863 #endif 864 daemon->cfg = NULL; 865 } 866 867 void 868 daemon_delete(struct daemon* daemon) 869 { 870 size_t i; 871 if(!daemon) 872 return; 873 modstack_desetup(&daemon->mods, daemon->env); 874 daemon_remote_delete(daemon->rc); 875 for(i = 0; i < daemon->num_ports; i++) 876 listening_ports_free(daemon->ports[i]); 877 free(daemon->ports); 878 listening_ports_free(daemon->rc_ports); 879 if(daemon->env) { 880 slabhash_delete(daemon->env->msg_cache); 881 rrset_cache_delete(daemon->env->rrset_cache); 882 infra_delete(daemon->env->infra_cache); 883 edns_known_options_delete(daemon->env); 884 edns_strings_delete(daemon->env->edns_strings); 885 auth_zones_delete(daemon->env->auth_zones); 886 } 887 ub_randfree(daemon->rand); 888 alloc_clear(&daemon->superalloc); 889 acl_list_delete(daemon->acl); 890 acl_list_delete(daemon->acl_interface); 891 tcl_list_delete(daemon->tcl); 892 listen_desetup_locks(); 893 free(daemon->chroot); 894 free(daemon->pidfile); 895 free(daemon->env); 896 #ifdef HAVE_SSL 897 listen_sslctx_delete_ticket_keys(); 898 SSL_CTX_free((SSL_CTX*)daemon->listen_sslctx); 899 SSL_CTX_free((SSL_CTX*)daemon->connect_sslctx); 900 #endif 901 free(daemon); 902 /* lex cleanup */ 903 ub_c_lex_destroy(); 904 /* libcrypto cleanup */ 905 #ifdef HAVE_SSL 906 # if defined(USE_GOST) 907 sldns_key_EVP_unload_gost(); 908 # endif 909 # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE 910 # ifndef S_SPLINT_S 911 # if OPENSSL_VERSION_NUMBER < 0x10100000 912 sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free); 913 # endif 914 # endif 915 # endif 916 # ifdef HAVE_OPENSSL_CONFIG 917 EVP_cleanup(); 918 # if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) && defined(HAVE_ENGINE_CLEANUP) 919 ENGINE_cleanup(); 920 # endif 921 CONF_modules_free(); 922 # endif 923 # ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 924 CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */ 925 # endif 926 # ifdef HAVE_ERR_FREE_STRINGS 927 ERR_free_strings(); 928 # endif 929 # if OPENSSL_VERSION_NUMBER < 0x10100000 930 RAND_cleanup(); 931 # endif 932 # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) 933 ub_openssl_lock_delete(); 934 # endif 935 #ifndef HAVE_ARC4RANDOM 936 _ARC4_LOCK_DESTROY(); 937 #endif 938 #elif defined(HAVE_NSS) 939 NSS_Shutdown(); 940 #endif /* HAVE_SSL or HAVE_NSS */ 941 checklock_stop(); 942 #ifdef USE_WINSOCK 943 if(WSACleanup() != 0) { 944 log_err("Could not WSACleanup: %s", 945 wsa_strerror(WSAGetLastError())); 946 } 947 #endif 948 } 949 950 void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg) 951 { 952 int new_num = cfg->num_threads?cfg->num_threads:1; 953 954 daemon->cfg = cfg; 955 config_apply(cfg); 956 957 /* If this is a reload and we deferred the decision on whether to 958 * reuse the alloc, RRset, and message caches, then check to see if 959 * it's safe to keep the caches: 960 * - changing the number of threads is obviously incompatible with 961 * keeping the per-thread alloc caches. It also means we have to 962 * clear RRset and message caches. (note that 'new_num' may be 963 * adjusted in daemon_create_workers, but for our purpose we can 964 * simply compare it with 'old_num'; if they are equal here, 965 * 'new_num' won't be adjusted to a different value than 'old_num'). 966 * - changing RRset cache size effectively clears any remaining cache 967 * entries. We could keep their keys in alloc caches, but it would 968 * be more consistent with the sense of the change to clear allocs 969 * and free memory. To do so we also have to clear message cache. 970 * - only changing message cache size does not necessarily affect 971 * RRset or alloc cache. But almost all new subsequent queries will 972 * require recursive resolution anyway, so it doesn't help much to 973 * just keep RRset and alloc caches. For simplicity we clear/free 974 * the other two, too. */ 975 if(daemon->worker_allocs && 976 (new_num != daemon->old_num || 977 !slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size, 978 cfg->msg_cache_slabs) || 979 !slabhash_is_size(&daemon->env->rrset_cache->table, 980 cfg->rrset_cache_size, cfg->rrset_cache_slabs))) 981 { 982 log_warn("cannot reuse caches due to critical config change"); 983 slabhash_clear(&daemon->env->rrset_cache->table); 984 slabhash_clear(daemon->env->msg_cache); 985 daemon_clear_allocs(daemon); 986 } 987 988 if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size, 989 cfg->msg_cache_slabs)) { 990 slabhash_delete(daemon->env->msg_cache); 991 daemon->env->msg_cache = slabhash_create(cfg->msg_cache_slabs, 992 HASH_DEFAULT_STARTARRAY, cfg->msg_cache_size, 993 msgreply_sizefunc, query_info_compare, 994 query_entry_delete, reply_info_delete, NULL); 995 if(!daemon->env->msg_cache) { 996 fatal_exit("malloc failure updating config settings"); 997 } 998 } 999 if((daemon->env->rrset_cache = rrset_cache_adjust( 1000 daemon->env->rrset_cache, cfg, &daemon->superalloc)) == 0) 1001 fatal_exit("malloc failure updating config settings"); 1002 if((daemon->env->infra_cache = infra_adjust(daemon->env->infra_cache, 1003 cfg))==0) 1004 fatal_exit("malloc failure updating config settings"); 1005 } 1006