xref: /freebsd/contrib/unbound/daemon/daemon.c (revision 031beb4e239bfce798af17f5fe8dba8bcaf13d99)
1 /*
2  * daemon/daemon.c - collection of workers that handles requests.
3  *
4  * Copyright (c) 2007, NLnet Labs. All rights reserved.
5  *
6  * This software is open source.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * Redistributions of source code must retain the above copyright notice,
13  * this list of conditions and the following disclaimer.
14  *
15  * Redistributions in binary form must reproduce the above copyright notice,
16  * this list of conditions and the following disclaimer in the documentation
17  * and/or other materials provided with the distribution.
18  *
19  * Neither the name of the NLNET LABS nor the names of its contributors may
20  * be used to endorse or promote products derived from this software without
21  * specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 
36 /**
37  * \file
38  *
39  * The daemon consists of global settings and a number of workers.
40  */
41 
42 #include "config.h"
43 #ifdef HAVE_OPENSSL_ERR_H
44 #include <openssl/err.h>
45 #endif
46 
47 #ifdef HAVE_OPENSSL_RAND_H
48 #include <openssl/rand.h>
49 #endif
50 
51 #ifdef HAVE_OPENSSL_CONF_H
52 #include <openssl/conf.h>
53 #endif
54 
55 #ifdef HAVE_OPENSSL_ENGINE_H
56 #include <openssl/engine.h>
57 #endif
58 
59 #ifdef HAVE_TIME_H
60 #include <time.h>
61 #endif
62 #include <sys/time.h>
63 
64 #ifdef HAVE_NSS
65 /* nss3 */
66 #include "nss.h"
67 #endif
68 
69 #include "daemon/daemon.h"
70 #include "daemon/worker.h"
71 #include "daemon/remote.h"
72 #include "daemon/acl_list.h"
73 #include "util/log.h"
74 #include "util/config_file.h"
75 #include "util/data/msgreply.h"
76 #include "util/shm_side/shm_main.h"
77 #include "util/storage/lookup3.h"
78 #include "util/storage/slabhash.h"
79 #include "util/tcp_conn_limit.h"
80 #include "util/edns.h"
81 #include "services/listen_dnsport.h"
82 #include "services/cache/rrset.h"
83 #include "services/cache/infra.h"
84 #include "services/localzone.h"
85 #include "services/view.h"
86 #include "services/modstack.h"
87 #include "services/authzone.h"
88 #include "util/module.h"
89 #include "util/random.h"
90 #include "util/tube.h"
91 #include "util/net_help.h"
92 #include "sldns/keyraw.h"
93 #include "respip/respip.h"
94 #include <signal.h>
95 
96 #ifdef HAVE_SYSTEMD
97 #include <systemd/sd-daemon.h>
98 #endif
99 #ifdef HAVE_NETDB_H
100 #include <netdb.h>
101 #endif
102 
103 /** How many quit requests happened. */
104 static int sig_record_quit = 0;
105 /** How many reload requests happened. */
106 static int sig_record_reload = 0;
107 
108 #if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
109 /** cleaner ssl memory freeup */
110 static void* comp_meth = NULL;
111 #endif
112 /** remove buffers for parsing and init */
113 int ub_c_lex_destroy(void);
114 
115 /** used when no other sighandling happens, so we don't die
116   * when multiple signals in quick succession are sent to us.
117   * @param sig: signal number.
118   * @return signal handler return type (void or int).
119   */
120 static RETSIGTYPE record_sigh(int sig)
121 {
122 #ifdef LIBEVENT_SIGNAL_PROBLEM
123 	/* cannot log, verbose here because locks may be held */
124 	/* quit on signal, no cleanup and statistics,
125 	   because installed libevent version is not threadsafe */
126 	exit(0);
127 #endif
128 	switch(sig)
129 	{
130 		case SIGTERM:
131 #ifdef SIGQUIT
132 		case SIGQUIT:
133 #endif
134 #ifdef SIGBREAK
135 		case SIGBREAK:
136 #endif
137 		case SIGINT:
138 			sig_record_quit++;
139 			break;
140 #ifdef SIGHUP
141 		case SIGHUP:
142 			sig_record_reload++;
143 			break;
144 #endif
145 #ifdef SIGPIPE
146 		case SIGPIPE:
147 			break;
148 #endif
149 		default:
150 			/* ignoring signal */
151 			break;
152 	}
153 }
154 
155 /**
156  * Signal handling during the time when netevent is disabled.
157  * Stores signals to replay later.
158  */
159 static void
160 signal_handling_record(void)
161 {
162 	if( signal(SIGTERM, record_sigh) == SIG_ERR ||
163 #ifdef SIGQUIT
164 		signal(SIGQUIT, record_sigh) == SIG_ERR ||
165 #endif
166 #ifdef SIGBREAK
167 		signal(SIGBREAK, record_sigh) == SIG_ERR ||
168 #endif
169 #ifdef SIGHUP
170 		signal(SIGHUP, record_sigh) == SIG_ERR ||
171 #endif
172 #ifdef SIGPIPE
173 		signal(SIGPIPE, SIG_IGN) == SIG_ERR ||
174 #endif
175 		signal(SIGINT, record_sigh) == SIG_ERR
176 		)
177 		log_err("install sighandler: %s", strerror(errno));
178 }
179 
180 /**
181  * Replay old signals.
182  * @param wrk: worker that handles signals.
183  */
184 static void
185 signal_handling_playback(struct worker* wrk)
186 {
187 #ifdef SIGHUP
188 	if(sig_record_reload)
189 		worker_sighandler(SIGHUP, wrk);
190 #endif
191 	if(sig_record_quit)
192 		worker_sighandler(SIGTERM, wrk);
193 	sig_record_quit = 0;
194 	sig_record_reload = 0;
195 }
196 
197 struct daemon*
198 daemon_init(void)
199 {
200 	struct daemon* daemon = (struct daemon*)calloc(1,
201 		sizeof(struct daemon));
202 #ifdef USE_WINSOCK
203 	int r;
204 	WSADATA wsa_data;
205 #endif
206 	if(!daemon)
207 		return NULL;
208 #ifdef USE_WINSOCK
209 	r = WSAStartup(MAKEWORD(2,2), &wsa_data);
210 	if(r != 0) {
211 		fatal_exit("could not init winsock. WSAStartup: %s",
212 			wsa_strerror(r));
213 	}
214 #endif /* USE_WINSOCK */
215 	signal_handling_record();
216 #ifdef HAVE_SSL
217 #  ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
218 	ERR_load_crypto_strings();
219 #  endif
220 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
221 	ERR_load_SSL_strings();
222 #endif
223 #  ifdef USE_GOST
224 	(void)sldns_key_EVP_load_gost_id();
225 #  endif
226 #  if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
227 #    ifndef S_SPLINT_S
228 	OpenSSL_add_all_algorithms();
229 #    endif
230 #  else
231 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
232 		| OPENSSL_INIT_ADD_ALL_DIGESTS
233 		| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
234 #  endif
235 #  if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
236 	/* grab the COMP method ptr because openssl leaks it */
237 	comp_meth = (void*)SSL_COMP_get_compression_methods();
238 #  endif
239 #  if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
240 	(void)SSL_library_init();
241 #  else
242 	(void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
243 #  endif
244 #  if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
245 	if(!ub_openssl_lock_init())
246 		fatal_exit("could not init openssl locks");
247 #  endif
248 #elif defined(HAVE_NSS)
249 	if(NSS_NoDB_Init(NULL) != SECSuccess)
250 		fatal_exit("could not init NSS");
251 #endif /* HAVE_SSL or HAVE_NSS */
252 #ifdef HAVE_TZSET
253 	/* init timezone info while we are not chrooted yet */
254 	tzset();
255 #endif
256 	daemon->need_to_exit = 0;
257 	modstack_init(&daemon->mods);
258 	if(!(daemon->env = (struct module_env*)calloc(1,
259 		sizeof(*daemon->env)))) {
260 		free(daemon);
261 		return NULL;
262 	}
263 	/* init edns_known_options */
264 	if(!edns_known_options_init(daemon->env)) {
265 		free(daemon->env);
266 		free(daemon);
267 		return NULL;
268 	}
269 	alloc_init(&daemon->superalloc, NULL, 0);
270 	daemon->acl = acl_list_create();
271 	if(!daemon->acl) {
272 		edns_known_options_delete(daemon->env);
273 		free(daemon->env);
274 		free(daemon);
275 		return NULL;
276 	}
277 	daemon->acl_interface = acl_list_create();
278 	if(!daemon->acl_interface) {
279 		acl_list_delete(daemon->acl);
280 		edns_known_options_delete(daemon->env);
281 		free(daemon->env);
282 		free(daemon);
283 		return NULL;
284 	}
285 	daemon->tcl = tcl_list_create();
286 	if(!daemon->tcl) {
287 		acl_list_delete(daemon->acl_interface);
288 		acl_list_delete(daemon->acl);
289 		edns_known_options_delete(daemon->env);
290 		free(daemon->env);
291 		free(daemon);
292 		return NULL;
293 	}
294 	listen_setup_locks();
295 	if(gettimeofday(&daemon->time_boot, NULL) < 0)
296 		log_err("gettimeofday: %s", strerror(errno));
297 	daemon->time_last_stat = daemon->time_boot;
298 	if((daemon->env->auth_zones = auth_zones_create()) == 0) {
299 		acl_list_delete(daemon->acl_interface);
300 		acl_list_delete(daemon->acl);
301 		tcl_list_delete(daemon->tcl);
302 		edns_known_options_delete(daemon->env);
303 		free(daemon->env);
304 		free(daemon);
305 		return NULL;
306 	}
307 	if(!(daemon->env->edns_strings = edns_strings_create())) {
308 		auth_zones_delete(daemon->env->auth_zones);
309 		acl_list_delete(daemon->acl_interface);
310 		acl_list_delete(daemon->acl);
311 		tcl_list_delete(daemon->tcl);
312 		edns_known_options_delete(daemon->env);
313 		free(daemon->env);
314 		free(daemon);
315 		return NULL;
316 	}
317 	return daemon;
318 }
319 
320 static int setup_acl_for_ports(struct acl_list* list,
321 	struct listen_port* port_list)
322 {
323 	struct acl_addr* acl_node;
324 	struct addrinfo* addr;
325 	for(; port_list; port_list=port_list->next) {
326 		if(!port_list->socket) {
327 			/* This is mainly for testbound where port_list is
328 			 * empty. */
329 			continue;
330 		}
331 		addr = port_list->socket->addr;
332 		if(!(acl_node = acl_interface_insert(list,
333 			(struct sockaddr_storage*)addr->ai_addr,
334 			(socklen_t)addr->ai_addrlen,
335 			acl_refuse))) {
336 			return 0;
337 		}
338 		port_list->socket->acl = acl_node;
339 	}
340 	return 1;
341 }
342 
343 int
344 daemon_open_shared_ports(struct daemon* daemon)
345 {
346 	log_assert(daemon);
347 	if(daemon->cfg->port != daemon->listening_port) {
348 		char** resif = NULL;
349 		int num_resif = 0;
350 		size_t i;
351 		struct listen_port* p0;
352 		daemon->reuseport = 0;
353 		/* free and close old ports */
354 		if(daemon->ports != NULL) {
355 			for(i=0; i<daemon->num_ports; i++)
356 				listening_ports_free(daemon->ports[i]);
357 			free(daemon->ports);
358 			daemon->ports = NULL;
359 		}
360 		/* clean acl_interface */
361 		acl_interface_init(daemon->acl_interface);
362 		if(!resolve_interface_names(daemon->cfg->ifs,
363 			daemon->cfg->num_ifs, NULL, &resif, &num_resif))
364 			return 0;
365 		/* see if we want to reuseport */
366 #ifdef SO_REUSEPORT
367 		if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0)
368 			daemon->reuseport = 1;
369 #endif
370 		/* try to use reuseport */
371 		p0 = listening_ports_open(daemon->cfg, resif, num_resif,
372 			&daemon->reuseport);
373 		if(!p0) {
374 			listening_ports_free(p0);
375 			config_del_strarray(resif, num_resif);
376 			return 0;
377 		}
378 		if(daemon->reuseport) {
379 			/* reuseport was successful, allocate for it */
380 			daemon->num_ports = (size_t)daemon->cfg->num_threads;
381 		} else {
382 			/* do the normal, singleportslist thing,
383 			 * reuseport not enabled or did not work */
384 			daemon->num_ports = 1;
385 		}
386 		if(!(daemon->ports = (struct listen_port**)calloc(
387 			daemon->num_ports, sizeof(*daemon->ports)))) {
388 			listening_ports_free(p0);
389 			config_del_strarray(resif, num_resif);
390 			return 0;
391 		}
392 		daemon->ports[0] = p0;
393 		if(!setup_acl_for_ports(daemon->acl_interface,
394 		    daemon->ports[0])) {
395 			listening_ports_free(p0);
396 			config_del_strarray(resif, num_resif);
397 			return 0;
398 		}
399 		if(daemon->reuseport) {
400 			/* continue to use reuseport */
401 			for(i=1; i<daemon->num_ports; i++) {
402 				if(!(daemon->ports[i]=
403 					listening_ports_open(daemon->cfg,
404 						resif, num_resif,
405 						&daemon->reuseport))
406 					|| !daemon->reuseport ) {
407 					for(i=0; i<daemon->num_ports; i++)
408 						listening_ports_free(daemon->ports[i]);
409 					free(daemon->ports);
410 					daemon->ports = NULL;
411 					config_del_strarray(resif, num_resif);
412 					return 0;
413 				}
414 				if(!setup_acl_for_ports(daemon->acl_interface,
415 					daemon->ports[i])) {
416 					for(i=0; i<daemon->num_ports; i++)
417 						listening_ports_free(daemon->ports[i]);
418 					free(daemon->ports);
419 					daemon->ports = NULL;
420 					config_del_strarray(resif, num_resif);
421 					return 0;
422 				}
423 			}
424 		}
425 		config_del_strarray(resif, num_resif);
426 		daemon->listening_port = daemon->cfg->port;
427 	}
428 	if(!daemon->cfg->remote_control_enable && daemon->rc_port) {
429 		listening_ports_free(daemon->rc_ports);
430 		daemon->rc_ports = NULL;
431 		daemon->rc_port = 0;
432 	}
433 	if(daemon->cfg->remote_control_enable &&
434 		daemon->cfg->control_port != daemon->rc_port) {
435 		listening_ports_free(daemon->rc_ports);
436 		if(!(daemon->rc_ports=daemon_remote_open_ports(daemon->cfg)))
437 			return 0;
438 		daemon->rc_port = daemon->cfg->control_port;
439 	}
440 	return 1;
441 }
442 
443 /**
444  * Setup modules. setup module stack.
445  * @param daemon: the daemon
446  */
447 static void daemon_setup_modules(struct daemon* daemon)
448 {
449 	daemon->env->cfg = daemon->cfg;
450 	daemon->env->alloc = &daemon->superalloc;
451 	daemon->env->worker = NULL;
452 	daemon->env->need_to_validate = 0; /* set by module init below */
453 	if(!modstack_setup(&daemon->mods, daemon->cfg->module_conf,
454 		daemon->env)) {
455 		fatal_exit("failed to setup modules");
456 	}
457 	log_edns_known_options(VERB_ALGO, daemon->env);
458 }
459 
460 /**
461  * Obtain allowed port numbers, concatenate the list, and shuffle them
462  * (ready to be handed out to threads).
463  * @param daemon: the daemon. Uses rand and cfg.
464  * @param shufport: the portlist output.
465  * @return number of ports available.
466  */
467 static int daemon_get_shufport(struct daemon* daemon, int* shufport)
468 {
469 	int i, n, k, temp;
470 	int avail = 0;
471 	for(i=0; i<65536; i++) {
472 		if(daemon->cfg->outgoing_avail_ports[i]) {
473 			shufport[avail++] = daemon->cfg->
474 				outgoing_avail_ports[i];
475 		}
476 	}
477 	if(avail == 0)
478 		fatal_exit("no ports are permitted for UDP, add "
479 			"with outgoing-port-permit");
480         /* Knuth shuffle */
481 	n = avail;
482 	while(--n > 0) {
483 		k = ub_random_max(daemon->rand, n+1); /* 0<= k<= n */
484 		temp = shufport[k];
485 		shufport[k] = shufport[n];
486 		shufport[n] = temp;
487 	}
488 	return avail;
489 }
490 
491 /**
492  * Clear and delete per-worker alloc caches, and free memory maintained in
493  * superalloc.
494  * The rrset and message caches must be empty at the time of call.
495  * @param daemon: the daemon that maintains the alloc caches to be cleared.
496  */
497 static void
498 daemon_clear_allocs(struct daemon* daemon)
499 {
500 	int i;
501 
502 	for(i=0; i<daemon->num; i++) {
503 		alloc_clear(daemon->worker_allocs[i]);
504 		free(daemon->worker_allocs[i]);
505 	}
506 	free(daemon->worker_allocs);
507 	daemon->worker_allocs = NULL;
508 
509 	alloc_clear_special(&daemon->superalloc);
510 }
511 
512 /**
513  * Allocate empty worker structures. With backptr and thread-number,
514  * from 0..numthread initialised. Used as user arguments to new threads.
515  * Creates the daemon random generator if it does not exist yet.
516  * The random generator stays existing between reloads with a unique state.
517  * @param daemon: the daemon with (new) config settings.
518  */
519 static void
520 daemon_create_workers(struct daemon* daemon)
521 {
522 	int i, numport;
523 	int* shufport;
524 	log_assert(daemon && daemon->cfg);
525 	if(!daemon->rand) {
526 		daemon->rand = ub_initstate(NULL);
527 		if(!daemon->rand)
528 			fatal_exit("could not init random generator");
529 		hash_set_raninit((uint32_t)ub_random(daemon->rand));
530 	}
531 	shufport = (int*)calloc(65536, sizeof(int));
532 	if(!shufport)
533 		fatal_exit("out of memory during daemon init");
534 	numport = daemon_get_shufport(daemon, shufport);
535 	verbose(VERB_ALGO, "total of %d outgoing ports available", numport);
536 
537 	daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1);
538 	if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) {
539 		log_warn("cannot reduce num-threads to %d because so-reuseport "
540 			"so continuing with %d threads.", (int)daemon->num,
541 			(int)daemon->num_ports);
542 		daemon->num = (int)daemon->num_ports;
543 	}
544 	daemon->workers = (struct worker**)calloc((size_t)daemon->num,
545 		sizeof(struct worker*));
546 	if(!daemon->workers)
547 		fatal_exit("out of memory during daemon init");
548 	if(daemon->cfg->dnstap) {
549 #ifdef USE_DNSTAP
550 		daemon->dtenv = dt_create(daemon->cfg);
551 		if (!daemon->dtenv)
552 			fatal_exit("dt_create failed");
553 #else
554 		fatal_exit("dnstap enabled in config but not built with dnstap support");
555 #endif
556 	}
557 	for(i=0; i<daemon->num; i++) {
558 		if(!(daemon->workers[i] = worker_create(daemon, i,
559 			shufport+numport*i/daemon->num,
560 			numport*(i+1)/daemon->num - numport*i/daemon->num)))
561 			/* the above is not ports/numthr, due to rounding */
562 			fatal_exit("could not create worker");
563 	}
564 	/* create per-worker alloc caches if not reusing existing ones. */
565 	if(!daemon->worker_allocs) {
566 		daemon->worker_allocs = (struct alloc_cache**)calloc(
567 			(size_t)daemon->num, sizeof(struct alloc_cache*));
568 		if(!daemon->worker_allocs)
569 			fatal_exit("could not allocate worker allocs");
570 		for(i=0; i<daemon->num; i++) {
571 			struct alloc_cache* alloc = calloc(1,
572 				sizeof(struct alloc_cache));
573 			if (!alloc)
574 				fatal_exit("could not allocate worker alloc");
575 			alloc_init(alloc, &daemon->superalloc, i);
576 			daemon->worker_allocs[i] = alloc;
577 		}
578 	}
579 	free(shufport);
580 }
581 
582 #ifdef THREADS_DISABLED
583 /**
584  * Close all pipes except for the numbered thread.
585  * @param daemon: daemon to close pipes in.
586  * @param thr: thread number 0..num-1 of thread to skip.
587  */
588 static void close_other_pipes(struct daemon* daemon, int thr)
589 {
590 	int i;
591 	for(i=0; i<daemon->num; i++)
592 		if(i!=thr) {
593 			if(i==0) {
594 				/* only close read part, need to write stats */
595 				tube_close_read(daemon->workers[i]->cmd);
596 			} else {
597 				/* complete close channel to others */
598 				tube_delete(daemon->workers[i]->cmd);
599 				daemon->workers[i]->cmd = NULL;
600 			}
601 		}
602 }
603 #endif /* THREADS_DISABLED */
604 
605 /**
606  * Function to start one thread.
607  * @param arg: user argument.
608  * @return: void* user return value could be used for thread_join results.
609  */
610 static void*
611 thread_start(void* arg)
612 {
613 	struct worker* worker = (struct worker*)arg;
614 	int port_num = 0;
615 	log_thread_set(&worker->thread_num);
616 	ub_thread_blocksigs();
617 #ifdef THREADS_DISABLED
618 	/* close pipe ends used by main */
619 	tube_close_write(worker->cmd);
620 	close_other_pipes(worker->daemon, worker->thread_num);
621 #endif
622 #ifdef SO_REUSEPORT
623 	if(worker->daemon->cfg->so_reuseport)
624 		port_num = worker->thread_num % worker->daemon->num_ports;
625 	else
626 		port_num = 0;
627 #endif
628 	if(!worker_init(worker, worker->daemon->cfg,
629 			worker->daemon->ports[port_num], 0))
630 		fatal_exit("Could not initialize thread");
631 
632 	worker_work(worker);
633 	return NULL;
634 }
635 
636 /**
637  * Fork and init the other threads. Main thread returns for special handling.
638  * @param daemon: the daemon with other threads to fork.
639  */
640 static void
641 daemon_start_others(struct daemon* daemon)
642 {
643 	int i;
644 	log_assert(daemon);
645 	verbose(VERB_ALGO, "start threads");
646 	/* skip i=0, is this thread */
647 	for(i=1; i<daemon->num; i++) {
648 		ub_thread_create(&daemon->workers[i]->thr_id,
649 			thread_start, daemon->workers[i]);
650 #ifdef THREADS_DISABLED
651 		/* close pipe end of child */
652 		tube_close_read(daemon->workers[i]->cmd);
653 #endif /* no threads */
654 	}
655 }
656 
657 /**
658  * Stop the other threads.
659  * @param daemon: the daemon with other threads.
660  */
661 static void
662 daemon_stop_others(struct daemon* daemon)
663 {
664 	int i;
665 	log_assert(daemon);
666 	verbose(VERB_ALGO, "stop threads");
667 	/* skip i=0, is this thread */
668 	/* use i=0 buffer for sending cmds; because we are #0 */
669 	for(i=1; i<daemon->num; i++) {
670 		worker_send_cmd(daemon->workers[i], worker_cmd_quit);
671 	}
672 	/* wait for them to quit */
673 	for(i=1; i<daemon->num; i++) {
674 		/* join it to make sure its dead */
675 		verbose(VERB_ALGO, "join %d", i);
676 		ub_thread_join(daemon->workers[i]->thr_id);
677 		verbose(VERB_ALGO, "join success %d", i);
678 	}
679 }
680 
681 void
682 daemon_fork(struct daemon* daemon)
683 {
684 	int have_view_respip_cfg = 0;
685 #ifdef HAVE_SYSTEMD
686 	int ret;
687 #endif
688 
689 	log_assert(daemon);
690 	if(!(daemon->views = views_create()))
691 		fatal_exit("Could not create views: out of memory");
692 	/* create individual views and their localzone/data trees */
693 	if(!views_apply_cfg(daemon->views, daemon->cfg))
694 		fatal_exit("Could not set up views");
695 
696 	if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views))
697 		fatal_exit("Could not setup access control list");
698 	if(!acl_interface_apply_cfg(daemon->acl_interface, daemon->cfg,
699 		daemon->views))
700 		fatal_exit("Could not setup interface control list");
701 	if(!tcl_list_apply_cfg(daemon->tcl, daemon->cfg))
702 		fatal_exit("Could not setup TCP connection limits");
703 	if(daemon->cfg->dnscrypt) {
704 #ifdef USE_DNSCRYPT
705 		daemon->dnscenv = dnsc_create();
706 		if (!daemon->dnscenv)
707 			fatal_exit("dnsc_create failed");
708 		dnsc_apply_cfg(daemon->dnscenv, daemon->cfg);
709 #else
710 		fatal_exit("dnscrypt enabled in config but unbound was not built with "
711 				   "dnscrypt support");
712 #endif
713 	}
714 	/* create global local_zones */
715 	if(!(daemon->local_zones = local_zones_create()))
716 		fatal_exit("Could not create local zones: out of memory");
717 	if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg))
718 		fatal_exit("Could not set up local zones");
719 
720 	/* process raw response-ip configuration data */
721 	if(!(daemon->respip_set = respip_set_create()))
722 		fatal_exit("Could not create response IP set");
723 	if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg))
724 		fatal_exit("Could not set up response IP set");
725 	if(!respip_views_apply_cfg(daemon->views, daemon->cfg,
726 		&have_view_respip_cfg))
727 		fatal_exit("Could not set up per-view response IP sets");
728 	daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) ||
729 		have_view_respip_cfg;
730 
731 	/* setup modules */
732 	daemon_setup_modules(daemon);
733 
734 	/* read auth zonefiles */
735 	if(!auth_zones_apply_cfg(daemon->env->auth_zones, daemon->cfg, 1,
736 		&daemon->use_rpz, daemon->env, &daemon->mods))
737 		fatal_exit("auth_zones could not be setup");
738 
739 	/* Set-up EDNS strings */
740 	if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg))
741 		fatal_exit("Could not set up EDNS strings");
742 
743 	/* response-ip-xxx options don't work as expected without the respip
744 	 * module.  To avoid run-time operational surprise we reject such
745 	 * configuration. */
746 	if(daemon->use_response_ip &&
747 		modstack_find(&daemon->mods, "respip") < 0)
748 		fatal_exit("response-ip options require respip module");
749 	/* RPZ response ip triggers don't work as expected without the respip
750 	 * module.  To avoid run-time operational surprise we reject such
751 	 * configuration. */
752 	if(daemon->use_rpz &&
753 		modstack_find(&daemon->mods, "respip") < 0)
754 		fatal_exit("RPZ requires the respip module");
755 
756 	/* first create all the worker structures, so we can pass
757 	 * them to the newly created threads.
758 	 */
759 	daemon_create_workers(daemon);
760 
761 #if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)
762 	/* in libev the first inited base gets signals */
763 	if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1))
764 		fatal_exit("Could not initialize main thread");
765 #endif
766 
767 	/* Now create the threads and init the workers.
768 	 * By the way, this is thread #0 (the main thread).
769 	 */
770 	daemon_start_others(daemon);
771 
772 	/* Special handling for the main thread. This is the thread
773 	 * that handles signals and remote control.
774 	 */
775 #if !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP))
776 	/* libevent has the last inited base get signals (or any base) */
777 	if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1))
778 		fatal_exit("Could not initialize main thread");
779 #endif
780 	signal_handling_playback(daemon->workers[0]);
781 
782 	if (!shm_main_init(daemon))
783 		log_warn("SHM has failed");
784 
785 	/* Start resolver service on main thread. */
786 #ifdef HAVE_SYSTEMD
787 	ret = sd_notify(0, "READY=1");
788 	if(ret <= 0 && getenv("NOTIFY_SOCKET"))
789 		fatal_exit("sd_notify failed %s: %s. Make sure that unbound has "
790 				"access/permission to use the socket presented by systemd.",
791 				getenv("NOTIFY_SOCKET"),
792 				(ret==0?"no $NOTIFY_SOCKET": strerror(-ret)));
793 #endif
794 	log_info("start of service (%s).", PACKAGE_STRING);
795 	worker_work(daemon->workers[0]);
796 #ifdef HAVE_SYSTEMD
797 	if (daemon->workers[0]->need_to_exit)
798 		sd_notify(0, "STOPPING=1");
799 	else
800 		sd_notify(0, "RELOADING=1");
801 #endif
802 	log_info("service stopped (%s).", PACKAGE_STRING);
803 
804 	/* we exited! a signal happened! Stop other threads */
805 	daemon_stop_others(daemon);
806 
807 	/* Shutdown SHM */
808 	shm_main_shutdown(daemon);
809 
810 	daemon->reuse_cache = daemon->workers[0]->reuse_cache;
811 	daemon->need_to_exit = daemon->workers[0]->need_to_exit;
812 }
813 
814 void
815 daemon_cleanup(struct daemon* daemon)
816 {
817 	int i;
818 	log_assert(daemon);
819 	/* before stopping main worker, handle signals ourselves, so we
820 	   don't die on multiple reload signals for example. */
821 	signal_handling_record();
822 	log_thread_set(NULL);
823 	/* clean up caches because
824 	 * a) RRset IDs will be recycled after a reload, causing collisions
825 	 * b) validation config can change, thus rrset, msg, keycache clear
826 	 *
827 	 * If we are trying to keep the cache as long as possible, we should
828 	 * defer the cleanup until we know whether the new configuration allows
829 	 * the reuse.  (If we're exiting, cleanup should be done here). */
830 	if(!daemon->reuse_cache || daemon->need_to_exit) {
831 		slabhash_clear(&daemon->env->rrset_cache->table);
832 		slabhash_clear(daemon->env->msg_cache);
833 	}
834 	daemon->old_num = daemon->num; /* save the current num */
835 	local_zones_delete(daemon->local_zones);
836 	daemon->local_zones = NULL;
837 	respip_set_delete(daemon->respip_set);
838 	daemon->respip_set = NULL;
839 	views_delete(daemon->views);
840 	daemon->views = NULL;
841 	if(daemon->env->auth_zones)
842 		auth_zones_cleanup(daemon->env->auth_zones);
843 	/* key cache is cleared by module desetup during next daemon_fork() */
844 	daemon_remote_clear(daemon->rc);
845 	for(i=0; i<daemon->num; i++)
846 		worker_delete(daemon->workers[i]);
847 	free(daemon->workers);
848 	daemon->workers = NULL;
849 	/* Unless we're trying to keep the cache, worker alloc_caches should be
850 	 * cleared and freed here. We do this after deleting workers to
851 	 * guarantee that the alloc caches are valid throughout the lifetime
852 	 * of workers. */
853 	if(!daemon->reuse_cache || daemon->need_to_exit)
854 		daemon_clear_allocs(daemon);
855 	daemon->num = 0;
856 #ifdef USE_DNSTAP
857 	dt_delete(daemon->dtenv);
858 	daemon->dtenv = NULL;
859 #endif
860 #ifdef USE_DNSCRYPT
861 	dnsc_delete(daemon->dnscenv);
862 	daemon->dnscenv = NULL;
863 #endif
864 	daemon->cfg = NULL;
865 }
866 
867 void
868 daemon_delete(struct daemon* daemon)
869 {
870 	size_t i;
871 	if(!daemon)
872 		return;
873 	modstack_desetup(&daemon->mods, daemon->env);
874 	daemon_remote_delete(daemon->rc);
875 	for(i = 0; i < daemon->num_ports; i++)
876 		listening_ports_free(daemon->ports[i]);
877 	free(daemon->ports);
878 	listening_ports_free(daemon->rc_ports);
879 	if(daemon->env) {
880 		slabhash_delete(daemon->env->msg_cache);
881 		rrset_cache_delete(daemon->env->rrset_cache);
882 		infra_delete(daemon->env->infra_cache);
883 		edns_known_options_delete(daemon->env);
884 		edns_strings_delete(daemon->env->edns_strings);
885 		auth_zones_delete(daemon->env->auth_zones);
886 	}
887 	ub_randfree(daemon->rand);
888 	alloc_clear(&daemon->superalloc);
889 	acl_list_delete(daemon->acl);
890 	acl_list_delete(daemon->acl_interface);
891 	tcl_list_delete(daemon->tcl);
892 	listen_desetup_locks();
893 	free(daemon->chroot);
894 	free(daemon->pidfile);
895 	free(daemon->env);
896 #ifdef HAVE_SSL
897 	listen_sslctx_delete_ticket_keys();
898 	SSL_CTX_free((SSL_CTX*)daemon->listen_sslctx);
899 	SSL_CTX_free((SSL_CTX*)daemon->connect_sslctx);
900 #endif
901 	free(daemon);
902 	/* lex cleanup */
903 	ub_c_lex_destroy();
904 	/* libcrypto cleanup */
905 #ifdef HAVE_SSL
906 #  if defined(USE_GOST)
907 	sldns_key_EVP_unload_gost();
908 #  endif
909 #  if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE
910 #    ifndef S_SPLINT_S
911 #      if OPENSSL_VERSION_NUMBER < 0x10100000
912 	sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free);
913 #      endif
914 #    endif
915 #  endif
916 #  ifdef HAVE_OPENSSL_CONFIG
917 	EVP_cleanup();
918 #  if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) && defined(HAVE_ENGINE_CLEANUP)
919 	ENGINE_cleanup();
920 #  endif
921 	CONF_modules_free();
922 #  endif
923 #  ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
924 	CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */
925 #  endif
926 #  ifdef HAVE_ERR_FREE_STRINGS
927 	ERR_free_strings();
928 #  endif
929 #  if OPENSSL_VERSION_NUMBER < 0x10100000
930 	RAND_cleanup();
931 #  endif
932 #  if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
933 	ub_openssl_lock_delete();
934 #  endif
935 #ifndef HAVE_ARC4RANDOM
936 	_ARC4_LOCK_DESTROY();
937 #endif
938 #elif defined(HAVE_NSS)
939 	NSS_Shutdown();
940 #endif /* HAVE_SSL or HAVE_NSS */
941 	checklock_stop();
942 #ifdef USE_WINSOCK
943 	if(WSACleanup() != 0) {
944 		log_err("Could not WSACleanup: %s",
945 			wsa_strerror(WSAGetLastError()));
946 	}
947 #endif
948 }
949 
950 void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg)
951 {
952 	int new_num = cfg->num_threads?cfg->num_threads:1;
953 
954         daemon->cfg = cfg;
955 	config_apply(cfg);
956 
957 	/* If this is a reload and we deferred the decision on whether to
958 	 * reuse the alloc, RRset, and message caches, then check to see if
959 	 * it's safe to keep the caches:
960 	 * - changing the number of threads is obviously incompatible with
961 	 *   keeping the per-thread alloc caches. It also means we have to
962 	 *   clear RRset and message caches. (note that 'new_num' may be
963 	 *   adjusted in daemon_create_workers, but for our purpose we can
964 	 *   simply compare it with 'old_num'; if they are equal here,
965 	 *   'new_num' won't be adjusted to a different value than 'old_num').
966 	 * - changing RRset cache size effectively clears any remaining cache
967 	 *   entries. We could keep their keys in alloc caches, but it would
968 	 *   be more consistent with the sense of the change to clear allocs
969 	 *   and free memory. To do so we also have to clear message cache.
970 	 * - only changing message cache size does not necessarily affect
971 	 *   RRset or alloc cache. But almost all new subsequent queries will
972 	 *   require recursive resolution anyway, so it doesn't help much to
973 	 *   just keep RRset and alloc caches. For simplicity we clear/free
974 	 *   the other two, too. */
975 	if(daemon->worker_allocs &&
976 		(new_num != daemon->old_num ||
977 		 !slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
978 			cfg->msg_cache_slabs) ||
979 		 !slabhash_is_size(&daemon->env->rrset_cache->table,
980 			cfg->rrset_cache_size, cfg->rrset_cache_slabs)))
981 	{
982 		log_warn("cannot reuse caches due to critical config change");
983 		slabhash_clear(&daemon->env->rrset_cache->table);
984 		slabhash_clear(daemon->env->msg_cache);
985 		daemon_clear_allocs(daemon);
986 	}
987 
988 	if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
989 	   	cfg->msg_cache_slabs)) {
990 		slabhash_delete(daemon->env->msg_cache);
991 		daemon->env->msg_cache = slabhash_create(cfg->msg_cache_slabs,
992 			HASH_DEFAULT_STARTARRAY, cfg->msg_cache_size,
993 			msgreply_sizefunc, query_info_compare,
994 			query_entry_delete, reply_info_delete, NULL);
995 		if(!daemon->env->msg_cache) {
996 			fatal_exit("malloc failure updating config settings");
997 		}
998 	}
999 	if((daemon->env->rrset_cache = rrset_cache_adjust(
1000 		daemon->env->rrset_cache, cfg, &daemon->superalloc)) == 0)
1001 		fatal_exit("malloc failure updating config settings");
1002 	if((daemon->env->infra_cache = infra_adjust(daemon->env->infra_cache,
1003 		cfg))==0)
1004 		fatal_exit("malloc failure updating config settings");
1005 }
1006