1 /* 2 * dnstap/unbound-dnstap-socket.c - debug program that listens for DNSTAP logs. 3 * 4 * Copyright (c) 2020, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This program listens on a DNSTAP socket for logged messages. 40 */ 41 #include "config.h" 42 #ifdef HAVE_GETOPT_H 43 #include <getopt.h> 44 #endif 45 #include <signal.h> 46 #include <stdlib.h> 47 #include <unistd.h> 48 #include <signal.h> 49 #include <ctype.h> 50 #ifdef HAVE_SYS_UN_H 51 #include <sys/un.h> 52 #endif 53 #include <openssl/ssl.h> 54 #include <openssl/rand.h> 55 #include <openssl/err.h> 56 #include "dnstap/dtstream.h" 57 #include "dnstap/dnstap_fstrm.h" 58 #include "util/log.h" 59 #include "util/ub_event.h" 60 #include "util/net_help.h" 61 #include "services/listen_dnsport.h" 62 #include "sldns/sbuffer.h" 63 #include "sldns/wire2str.h" 64 #include "sldns/pkthdr.h" 65 #ifdef USE_DNSTAP 66 #include <protobuf-c/protobuf-c.h> 67 #include "dnstap/dnstap.pb-c.h" 68 #endif /* USE_DNSTAP */ 69 #include "util/config_file.h" 70 71 /** listen backlog on TCP connections for dnstap logs */ 72 #define LISTEN_BACKLOG 16 73 74 /** usage information for streamtcp */ 75 static void usage(char* argv[]) 76 { 77 printf("usage: %s [options]\n", argv[0]); 78 printf(" Listen to dnstap messages\n"); 79 printf("stdout has dnstap log, stderr has verbose server log\n"); 80 printf("-u <socketpath> listen to unix socket with this file name\n"); 81 printf("-s <serverip[@port]> listen for TCP on the IP and port\n"); 82 printf("-t <serverip[@port]> listen for TLS on IP and port\n"); 83 printf("-x <server.key> server key file for TLS service\n"); 84 printf("-y <server.pem> server cert file for TLS service\n"); 85 printf("-z <verify.pem> cert file to verify client connections\n"); 86 printf("-l long format for DNS printout\n"); 87 printf("-v more verbose log output\n"); 88 printf("-h this help text\n"); 89 exit(1); 90 } 91 92 /** long format option, for multiline printout per message */ 93 static int longformat = 0; 94 95 struct tap_socket_list; 96 struct tap_socket; 97 /** main tap callback data */ 98 struct main_tap_data { 99 /** the event base (to loopexit) */ 100 struct ub_event_base* base; 101 /** the list of accept sockets */ 102 struct tap_socket_list* acceptlist; 103 }; 104 105 /** tap callback variables */ 106 struct tap_data { 107 /** the fd */ 108 int fd; 109 /** the ub event */ 110 struct ub_event* ev; 111 /** the SSL for TLS streams */ 112 SSL* ssl; 113 /** is the ssl handshake done */ 114 int ssl_handshake_done; 115 /** we are briefly waiting to write (in the struct event) */ 116 int ssl_brief_write; 117 /** string that identifies the socket (or NULL), like IP address */ 118 char* id; 119 /** have we read the length, and how many bytes of it */ 120 int len_done; 121 /** have we read the data, and how many bytes of it */ 122 size_t data_done; 123 /** are we reading a control frame */ 124 int control_frame; 125 /** are we bi-directional (if false, uni-directional) */ 126 int is_bidirectional; 127 /** data of the frame */ 128 uint8_t* frame; 129 /** length of this frame */ 130 size_t len; 131 }; 132 133 /** list of sockets */ 134 struct tap_socket_list { 135 /** next in list */ 136 struct tap_socket_list* next; 137 /** the socket */ 138 struct tap_socket* s; 139 }; 140 141 /** tap socket */ 142 struct tap_socket { 143 /** fd of socket */ 144 int fd; 145 /** the event for it */ 146 struct ub_event *ev; 147 /** has the event been added */ 148 int ev_added; 149 /** the callback, for the event, ev_cb(fd, bits, arg) */ 150 void (*ev_cb)(int, short, void*); 151 /** data element, (arg for the tap_socket struct) */ 152 void* data; 153 /** socketpath, if this is an AF_LOCAL socket */ 154 char* socketpath; 155 /** IP, if this is a TCP socket */ 156 char* ip; 157 /** for a TLS socket, the tls context */ 158 SSL_CTX* sslctx; 159 }; 160 161 /** del the tap event */ 162 static void tap_socket_delev(struct tap_socket* s) 163 { 164 if(!s) return; 165 if(!s->ev) return; 166 if(!s->ev_added) return; 167 ub_event_del(s->ev); 168 s->ev_added = 0; 169 } 170 171 /** close the tap socket */ 172 static void tap_socket_close(struct tap_socket* s) 173 { 174 if(!s) return; 175 if(s->fd == -1) return; 176 close(s->fd); 177 s->fd = -1; 178 } 179 180 /** delete tap socket */ 181 static void tap_socket_delete(struct tap_socket* s) 182 { 183 if(!s) return; 184 #ifdef HAVE_SSL 185 SSL_CTX_free(s->sslctx); 186 #endif 187 ub_event_free(s->ev); 188 free(s->socketpath); 189 free(s->ip); 190 free(s); 191 } 192 193 /** create new socket (unconnected, not base-added), or NULL malloc fail */ 194 static struct tap_socket* tap_socket_new_local(char* socketpath, 195 void (*ev_cb)(int, short, void*), void* data) 196 { 197 struct tap_socket* s = calloc(1, sizeof(*s)); 198 if(!s) { 199 log_err("malloc failure"); 200 return NULL; 201 } 202 s->socketpath = strdup(socketpath); 203 if(!s->socketpath) { 204 free(s); 205 log_err("malloc failure"); 206 return NULL; 207 } 208 s->fd = -1; 209 s->ev_cb = ev_cb; 210 s->data = data; 211 return s; 212 } 213 214 /** create new socket (unconnected, not base-added), or NULL malloc fail */ 215 static struct tap_socket* tap_socket_new_tcpaccept(char* ip, 216 void (*ev_cb)(int, short, void*), void* data) 217 { 218 struct tap_socket* s = calloc(1, sizeof(*s)); 219 if(!s) { 220 log_err("malloc failure"); 221 return NULL; 222 } 223 s->ip = strdup(ip); 224 if(!s->ip) { 225 free(s); 226 log_err("malloc failure"); 227 return NULL; 228 } 229 s->fd = -1; 230 s->ev_cb = ev_cb; 231 s->data = data; 232 return s; 233 } 234 235 /** create new socket (unconnected, not base-added), or NULL malloc fail */ 236 static struct tap_socket* tap_socket_new_tlsaccept(char* ip, 237 void (*ev_cb)(int, short, void*), void* data, char* server_key, 238 char* server_cert, char* verifypem) 239 { 240 struct tap_socket* s = calloc(1, sizeof(*s)); 241 if(!s) { 242 log_err("malloc failure"); 243 return NULL; 244 } 245 s->ip = strdup(ip); 246 if(!s->ip) { 247 free(s); 248 log_err("malloc failure"); 249 return NULL; 250 } 251 s->fd = -1; 252 s->ev_cb = ev_cb; 253 s->data = data; 254 s->sslctx = listen_sslctx_create(server_key, server_cert, verifypem); 255 if(!s->sslctx) { 256 log_err("could not create ssl context"); 257 free(s->ip); 258 free(s); 259 return NULL; 260 } 261 return s; 262 } 263 264 /** setup tcp accept socket on IP string */ 265 static int make_tcp_accept(char* ip) 266 { 267 #ifdef SO_REUSEADDR 268 int on = 1; 269 #endif 270 struct sockaddr_storage addr; 271 socklen_t len; 272 int s; 273 274 memset(&addr, 0, sizeof(addr)); 275 len = (socklen_t)sizeof(addr); 276 if(!extstrtoaddr(ip, &addr, &len, UNBOUND_DNS_PORT)) { 277 log_err("could not parse IP '%s'", ip); 278 return -1; 279 } 280 281 if((s = socket(addr.ss_family, SOCK_STREAM, 0)) == -1) { 282 log_err("can't create socket: %s", sock_strerror(errno)); 283 return -1; 284 } 285 #ifdef SO_REUSEADDR 286 if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, 287 (socklen_t)sizeof(on)) < 0) { 288 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", 289 sock_strerror(errno)); 290 sock_close(s); 291 return -1; 292 } 293 #endif /* SO_REUSEADDR */ 294 if(bind(s, (struct sockaddr*)&addr, len) != 0) { 295 log_err_addr("can't bind socket", sock_strerror(errno), 296 &addr, len); 297 sock_close(s); 298 return -1; 299 } 300 if(!fd_set_nonblock(s)) { 301 sock_close(s); 302 return -1; 303 } 304 if(listen(s, LISTEN_BACKLOG) == -1) { 305 log_err("can't listen: %s", sock_strerror(errno)); 306 sock_close(s); 307 return -1; 308 } 309 return s; 310 } 311 312 /** setup socket on event base */ 313 static int tap_socket_setup(struct tap_socket* s, struct ub_event_base* base) 314 { 315 if(s->socketpath) { 316 /* AF_LOCAL accept socket */ 317 s->fd = create_local_accept_sock(s->socketpath, NULL, 0); 318 if(s->fd == -1) { 319 log_err("could not create local socket"); 320 return 0; 321 } 322 } else if(s->ip || s->sslctx) { 323 /* TCP accept socket */ 324 s->fd = make_tcp_accept(s->ip); 325 if(s->fd == -1) { 326 log_err("could not create tcp socket"); 327 return 0; 328 } 329 } 330 s->ev = ub_event_new(base, s->fd, UB_EV_READ | UB_EV_PERSIST, 331 s->ev_cb, s); 332 if(!s->ev) { 333 log_err("could not ub_event_new"); 334 return 0; 335 } 336 if(ub_event_add(s->ev, NULL) != 0) { 337 log_err("could not ub_event_add"); 338 return 0; 339 } 340 s->ev_added = 1; 341 return 1; 342 } 343 344 /** add tap socket to list */ 345 static int tap_socket_list_insert(struct tap_socket_list** liststart, 346 struct tap_socket* s) 347 { 348 struct tap_socket_list* entry = (struct tap_socket_list*) 349 malloc(sizeof(*entry)); 350 if(!entry) 351 return 0; 352 entry->next = *liststart; 353 entry->s = s; 354 *liststart = entry; 355 return 1; 356 } 357 358 /** delete the list */ 359 static void tap_socket_list_delete(struct tap_socket_list* list) 360 { 361 struct tap_socket_list* e = list, *next; 362 while(e) { 363 next = e->next; 364 tap_socket_delev(e->s); 365 tap_socket_close(e->s); 366 tap_socket_delete(e->s); 367 free(e); 368 e = next; 369 } 370 } 371 372 /** setup accept events */ 373 static int tap_socket_list_addevs(struct tap_socket_list* list, 374 struct ub_event_base* base) 375 { 376 struct tap_socket_list* entry; 377 for(entry = list; entry; entry = entry->next) { 378 if(!tap_socket_setup(entry->s, base)) { 379 log_err("could not setup socket"); 380 return 0; 381 } 382 } 383 return 1; 384 } 385 386 #ifdef USE_DNSTAP 387 /** log control frame contents */ 388 static void log_control_frame(uint8_t* pkt, size_t len) 389 { 390 char* desc; 391 if(verbosity == 0) return; 392 desc = fstrm_describe_control(pkt, len); 393 if(!desc) { 394 log_err("out of memory"); 395 return; 396 } 397 log_info("control frame %s", desc); 398 free(desc); 399 } 400 401 /** convert mtype to string */ 402 static const char* mtype_to_str(enum _Dnstap__Message__Type mtype) 403 { 404 switch(mtype) { 405 case DNSTAP__MESSAGE__TYPE__AUTH_QUERY: 406 return "AUTH_QUERY"; 407 case DNSTAP__MESSAGE__TYPE__AUTH_RESPONSE: 408 return "AUTH_RESPONSE"; 409 case DNSTAP__MESSAGE__TYPE__RESOLVER_QUERY: 410 return "RESOLVER_QUERY"; 411 case DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE: 412 return "RESOLVER_RESPONSE"; 413 case DNSTAP__MESSAGE__TYPE__CLIENT_QUERY: 414 return "CLIENT_QUERY"; 415 case DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE: 416 return "CLIENT_RESPONSE"; 417 case DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY: 418 return "FORWARDER_QUERY"; 419 case DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE: 420 return "FORWARDER_RESPONSE"; 421 case DNSTAP__MESSAGE__TYPE__STUB_QUERY: 422 return "STUB_QUERY"; 423 case DNSTAP__MESSAGE__TYPE__STUB_RESPONSE: 424 return "STUB_RESPONSE"; 425 default: break; 426 } 427 return "unknown_message_type"; 428 } 429 430 /** convert type address to a string ip4 or ip6, malloced or NULL on fail */ 431 static char* str_of_addr(ProtobufCBinaryData address) 432 { 433 char buf[64]; 434 socklen_t len = sizeof(buf); 435 if(address.len == 4) { 436 if(inet_ntop(AF_INET, address.data, buf, len)!=0) 437 return strdup(buf); 438 } else if(address.len == 16) { 439 if(inet_ntop(AF_INET6, address.data, buf, len)!=0) 440 return strdup(buf); 441 } 442 return NULL; 443 } 444 445 /** convert message buffer (of dns bytes) to the first qname, type, class, 446 * malloced or NULL on fail */ 447 static char* q_of_msg(ProtobufCBinaryData message) 448 { 449 char buf[300]; 450 /* header, name, type, class minimum to get the query tuple */ 451 if(message.len < 12 + 1 + 4 + 4) return NULL; 452 if(LDNS_QDCOUNT(message.data) < 1) return NULL; 453 if(sldns_wire2str_rrquestion_buf(message.data+12, message.len-12, 454 buf, sizeof(buf)) != 0) { 455 /* remove trailing newline, tabs to spaces */ 456 /* remove the newline: */ 457 if(buf[0] != 0) buf[strlen(buf)-1]=0; 458 /* remove first tab (before type) */ 459 if(strrchr(buf, '\t')) *strrchr(buf, '\t')=' '; 460 /* remove second tab (before class) */ 461 if(strrchr(buf, '\t')) *strrchr(buf, '\t')=' '; 462 return strdup(buf); 463 } 464 return NULL; 465 } 466 467 /** convert possible string or hex data to string. malloced or NULL */ 468 static char* possible_str(ProtobufCBinaryData str) 469 { 470 int is_str = 1; 471 size_t i; 472 for(i=0; i<str.len; i++) { 473 if(!isprint((unsigned char)str.data[i])) 474 is_str = 0; 475 } 476 if(is_str) { 477 char* res = malloc(str.len+1); 478 if(res) { 479 memmove(res, str.data, str.len); 480 res[str.len] = 0; 481 return res; 482 } 483 } else { 484 const char* hex = "0123456789ABCDEF"; 485 char* res = malloc(str.len*2+1); 486 if(res) { 487 for(i=0; i<str.len; i++) { 488 res[i*2] = hex[(str.data[i]&0xf0)>>4]; 489 res[i*2+1] = hex[str.data[i]&0x0f]; 490 } 491 res[str.len*2] = 0; 492 return res; 493 } 494 } 495 return NULL; 496 } 497 498 /** convert timeval to string, malloced or NULL */ 499 static char* tv_to_str(protobuf_c_boolean has_time_sec, uint64_t time_sec, 500 protobuf_c_boolean has_time_nsec, uint32_t time_nsec) 501 { 502 char buf[64], buf2[256]; 503 struct timeval tv; 504 time_t time_t_sec; 505 memset(&tv, 0, sizeof(tv)); 506 if(has_time_sec) tv.tv_sec = time_sec; 507 if(has_time_nsec) tv.tv_usec = time_nsec/1000; 508 509 buf[0]=0; 510 time_t_sec = tv.tv_sec; 511 (void)ctime_r(&time_t_sec, buf); 512 snprintf(buf2, sizeof(buf2), "%u.%9.9u %s", 513 (unsigned)time_sec, (unsigned)time_nsec, buf); 514 return strdup(buf2); 515 } 516 517 /** log data frame contents */ 518 static void log_data_frame(uint8_t* pkt, size_t len) 519 { 520 Dnstap__Dnstap* d = dnstap__dnstap__unpack(NULL, len, pkt); 521 const char* mtype = NULL; 522 char* maddr=NULL, *qinf=NULL; 523 if(!d) { 524 log_err("could not unpack"); 525 return; 526 } 527 if(d->base.descriptor != &dnstap__dnstap__descriptor) { 528 log_err("wrong base descriptor"); 529 dnstap__dnstap__free_unpacked(d, NULL); 530 return; 531 } 532 if(d->type != DNSTAP__DNSTAP__TYPE__MESSAGE) { 533 log_err("dnstap type not type_message"); 534 dnstap__dnstap__free_unpacked(d, NULL); 535 return; 536 } 537 if(d->message) { 538 mtype = mtype_to_str(d->message->type); 539 if(d->message->has_query_address) 540 maddr = str_of_addr(d->message->query_address); 541 else if(d->message->has_response_address) 542 maddr = str_of_addr(d->message->response_address); 543 if(d->message->has_query_message) 544 qinf = q_of_msg(d->message->query_message); 545 else if(d->message->has_response_message) 546 qinf = q_of_msg(d->message->response_message); 547 548 } else { 549 mtype = "nomessage"; 550 } 551 552 printf("%s%s%s%s%s\n", mtype, (maddr?" ":""), (maddr?maddr:""), 553 (qinf?" ":""), (qinf?qinf:"")); 554 free(maddr); 555 free(qinf); 556 557 if(longformat) { 558 char* id=NULL, *vs=NULL; 559 if(d->has_identity) { 560 id=possible_str(d->identity); 561 } 562 if(d->has_version) { 563 vs=possible_str(d->version); 564 } 565 if(id || vs) 566 printf("identity: %s%s%s\n", (id?id:""), 567 (id&&vs?" ":""), (vs?vs:"")); 568 free(id); 569 free(vs); 570 571 if(d->message && d->message->has_query_message && 572 d->message->query_message.data) { 573 char* qmsg = sldns_wire2str_pkt( 574 d->message->query_message.data, 575 d->message->query_message.len); 576 if(qmsg) { 577 printf("query_message:\n%s", qmsg); 578 free(qmsg); 579 } 580 } 581 if(d->message && d->message->has_query_time_sec) { 582 char* qtv = tv_to_str(d->message->has_query_time_sec, 583 d->message->query_time_sec, 584 d->message->has_query_time_nsec, 585 d->message->query_time_nsec); 586 if(qtv) { 587 printf("query_time: %s\n", qtv); 588 free(qtv); 589 } 590 } 591 if(d->message && d->message->has_response_message && 592 d->message->response_message.data) { 593 char* rmsg = sldns_wire2str_pkt( 594 d->message->response_message.data, 595 d->message->response_message.len); 596 if(rmsg) { 597 printf("response_message:\n%s", rmsg); 598 free(rmsg); 599 } 600 } 601 if(d->message && d->message->has_response_time_sec) { 602 char* rtv = tv_to_str(d->message->has_response_time_sec, 603 d->message->response_time_sec, 604 d->message->has_response_time_nsec, 605 d->message->response_time_nsec); 606 if(rtv) { 607 printf("response_time: %s\n", rtv); 608 free(rtv); 609 } 610 } 611 } 612 fflush(stdout); 613 dnstap__dnstap__free_unpacked(d, NULL); 614 } 615 #endif /* USE_DNSTAP */ 616 617 /** receive bytes from fd, prints errors if bad, 618 * returns 0: closed/error, -1: continue, >0 number of bytes */ 619 static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf, 620 size_t len) 621 { 622 ssize_t ret = recv(fd, buf, len, MSG_DONTWAIT); 623 if(ret == 0) { 624 /* closed */ 625 if(verbosity) log_info("dnstap client stream closed from %s", 626 (data->id?data->id:"")); 627 return 0; 628 } else if(ret == -1) { 629 /* error */ 630 #ifndef USE_WINSOCK 631 if(errno == EINTR || errno == EAGAIN) 632 return -1; 633 #else /* USE_WINSOCK */ 634 if(WSAGetLastError() == WSAEINPROGRESS) 635 return -1; 636 if(WSAGetLastError() == WSAEWOULDBLOCK) { 637 ub_winsock_tcp_wouldblock(data->ev, UB_EV_READ); 638 return -1; 639 } 640 #endif 641 log_err("could not recv: %s", sock_strerror(errno)); 642 if(verbosity) log_info("dnstap client stream closed from %s", 643 (data->id?data->id:"")); 644 return 0; 645 } 646 return ret; 647 } 648 649 /* define routine for have_ssl only to avoid unused function warning */ 650 #ifdef HAVE_SSL 651 /** set to wait briefly for a write event, for one event call */ 652 static void tap_enable_brief_write(struct tap_data* data) 653 { 654 ub_event_del(data->ev); 655 ub_event_del_bits(data->ev, UB_EV_READ); 656 ub_event_add_bits(data->ev, UB_EV_WRITE); 657 if(ub_event_add(data->ev, NULL) != 0) 658 log_err("could not ub_event_add in tap_enable_brief_write"); 659 data->ssl_brief_write = 1; 660 } 661 #endif /* HAVE_SSL */ 662 663 /* define routine for have_ssl only to avoid unused function warning */ 664 #ifdef HAVE_SSL 665 /** stop the brief wait for a write event. back to reading. */ 666 static void tap_disable_brief_write(struct tap_data* data) 667 { 668 ub_event_del(data->ev); 669 ub_event_del_bits(data->ev, UB_EV_WRITE); 670 ub_event_add_bits(data->ev, UB_EV_READ); 671 if(ub_event_add(data->ev, NULL) != 0) 672 log_err("could not ub_event_add in tap_disable_brief_write"); 673 data->ssl_brief_write = 0; 674 } 675 #endif /* HAVE_SSL */ 676 677 #ifdef HAVE_SSL 678 /** receive bytes over ssl stream, prints errors if bad, 679 * returns 0: closed/error, -1: continue, >0 number of bytes */ 680 static ssize_t ssl_read_bytes(struct tap_data* data, void* buf, size_t len) 681 { 682 int r; 683 ERR_clear_error(); 684 r = SSL_read(data->ssl, buf, len); 685 if(r <= 0) { 686 int want = SSL_get_error(data->ssl, r); 687 if(want == SSL_ERROR_ZERO_RETURN) { 688 /* closed */ 689 if(verbosity) log_info("dnstap client stream closed from %s", 690 (data->id?data->id:"")); 691 return 0; 692 } else if(want == SSL_ERROR_WANT_READ) { 693 /* continue later */ 694 return -1; 695 } else if(want == SSL_ERROR_WANT_WRITE) { 696 /* set to briefly write */ 697 tap_enable_brief_write(data); 698 return -1; 699 } else if(want == SSL_ERROR_SYSCALL) { 700 #ifdef ECONNRESET 701 if(errno == ECONNRESET && verbosity < 2) 702 return 0; /* silence reset by peer */ 703 #endif 704 if(errno != 0) 705 log_err("SSL_read syscall: %s", 706 strerror(errno)); 707 if(verbosity) log_info("dnstap client stream closed from %s", 708 (data->id?data->id:"")); 709 return 0; 710 } 711 log_crypto_err("could not SSL_read"); 712 if(verbosity) log_info("dnstap client stream closed from %s", 713 (data->id?data->id:"")); 714 return 0; 715 } 716 return r; 717 } 718 #endif /* HAVE_SSL */ 719 720 /** receive bytes on the tap connection, prints errors if bad, 721 * returns 0: closed/error, -1: continue, >0 number of bytes */ 722 static ssize_t tap_receive(struct tap_data* data, void* buf, size_t len) 723 { 724 #ifdef HAVE_SSL 725 if(data->ssl) 726 return ssl_read_bytes(data, buf, len); 727 #endif 728 return receive_bytes(data, data->fd, buf, len); 729 } 730 731 /** delete the tap structure */ 732 static void tap_data_free(struct tap_data* data) 733 { 734 ub_event_del(data->ev); 735 ub_event_free(data->ev); 736 #ifdef HAVE_SSL 737 SSL_free(data->ssl); 738 #endif 739 close(data->fd); 740 free(data->id); 741 free(data->frame); 742 free(data); 743 } 744 745 /** reply with ACCEPT control frame to bidirectional client, 746 * returns 0 on error */ 747 static int reply_with_accept(struct tap_data* data) 748 { 749 #ifdef USE_DNSTAP 750 /* len includes the escape and framelength */ 751 int r; 752 size_t len = 0; 753 void* acceptframe = fstrm_create_control_frame_accept( 754 DNSTAP_CONTENT_TYPE, &len); 755 if(!acceptframe) { 756 log_err("out of memory"); 757 return 0; 758 } 759 760 fd_set_block(data->fd); 761 if(data->ssl) { 762 if((r=SSL_write(data->ssl, acceptframe, len)) <= 0) { 763 if(SSL_get_error(data->ssl, r) == SSL_ERROR_ZERO_RETURN) 764 log_err("SSL_write, peer closed connection"); 765 else 766 log_err("could not SSL_write"); 767 fd_set_nonblock(data->fd); 768 free(acceptframe); 769 return 0; 770 } 771 } else { 772 if(send(data->fd, acceptframe, len, 0) == -1) { 773 log_err("send failed: %s", sock_strerror(errno)); 774 fd_set_nonblock(data->fd); 775 free(acceptframe); 776 return 0; 777 } 778 } 779 if(verbosity) log_info("sent control frame(accept) content-type:(%s)", 780 DNSTAP_CONTENT_TYPE); 781 782 fd_set_nonblock(data->fd); 783 free(acceptframe); 784 return 1; 785 #else 786 log_err("no dnstap compiled, no reply"); 787 (void)data; 788 return 0; 789 #endif 790 } 791 792 /** reply with FINISH control frame to bidirectional client, 793 * returns 0 on error */ 794 static int reply_with_finish(struct tap_data* data) 795 { 796 #ifdef USE_DNSTAP 797 size_t len = 0; 798 void* finishframe = fstrm_create_control_frame_finish(&len); 799 if(!finishframe) { 800 log_err("out of memory"); 801 return 0; 802 } 803 804 fd_set_block(data->fd); 805 if(data->ssl) { 806 int r; 807 if((r=SSL_write(data->ssl, finishframe, len)) <= 0) { 808 if(SSL_get_error(data->ssl, r) == SSL_ERROR_ZERO_RETURN) 809 log_err("SSL_write, peer closed connection"); 810 else 811 log_err("could not SSL_write"); 812 fd_set_nonblock(data->fd); 813 free(finishframe); 814 return 0; 815 } 816 } else { 817 if(send(data->fd, finishframe, len, 0) == -1) { 818 log_err("send failed: %s", sock_strerror(errno)); 819 fd_set_nonblock(data->fd); 820 free(finishframe); 821 return 0; 822 } 823 } 824 if(verbosity) log_info("sent control frame(finish)"); 825 826 fd_set_nonblock(data->fd); 827 free(finishframe); 828 return 1; 829 #else 830 log_err("no dnstap compiled, no reply"); 831 (void)data; 832 return 0; 833 #endif 834 } 835 836 #ifdef HAVE_SSL 837 /** check SSL peer certificate, return 0 on fail */ 838 static int tap_check_peer(struct tap_data* data) 839 { 840 if((SSL_get_verify_mode(data->ssl)&SSL_VERIFY_PEER)) { 841 /* verification */ 842 if(SSL_get_verify_result(data->ssl) == X509_V_OK) { 843 X509* x = SSL_get_peer_certificate(data->ssl); 844 if(!x) { 845 if(verbosity) log_info("SSL connection %s" 846 " failed no certificate", data->id); 847 return 0; 848 } 849 if(verbosity) 850 log_cert(VERB_ALGO, "peer certificate", x); 851 #ifdef HAVE_SSL_GET0_PEERNAME 852 if(SSL_get0_peername(data->ssl)) { 853 if(verbosity) log_info("SSL connection %s " 854 "to %s authenticated", data->id, 855 SSL_get0_peername(data->ssl)); 856 } else { 857 #endif 858 if(verbosity) log_info("SSL connection %s " 859 "authenticated", data->id); 860 #ifdef HAVE_SSL_GET0_PEERNAME 861 } 862 #endif 863 X509_free(x); 864 } else { 865 X509* x = SSL_get_peer_certificate(data->ssl); 866 if(x) { 867 if(verbosity) 868 log_cert(VERB_ALGO, "peer certificate", x); 869 X509_free(x); 870 } 871 if(verbosity) log_info("SSL connection %s failed: " 872 "failed to authenticate", data->id); 873 return 0; 874 } 875 } else { 876 /* unauthenticated, the verify peer flag was not set 877 * in ssl when the ssl object was created from ssl_ctx */ 878 if(verbosity) log_info("SSL connection %s", data->id); 879 } 880 return 1; 881 } 882 #endif /* HAVE_SSL */ 883 884 #ifdef HAVE_SSL 885 /** perform SSL handshake, return 0 to wait for events, 1 if done */ 886 static int tap_handshake(struct tap_data* data) 887 { 888 int r; 889 if(data->ssl_brief_write) { 890 /* write condition has been satisfied, back to reading */ 891 tap_disable_brief_write(data); 892 } 893 if(data->ssl_handshake_done) 894 return 1; 895 896 ERR_clear_error(); 897 r = SSL_do_handshake(data->ssl); 898 if(r != 1) { 899 int want = SSL_get_error(data->ssl, r); 900 if(want == SSL_ERROR_WANT_READ) { 901 return 0; 902 } else if(want == SSL_ERROR_WANT_WRITE) { 903 tap_enable_brief_write(data); 904 return 0; 905 } else if(r == 0) { 906 /* closed */ 907 tap_data_free(data); 908 return 0; 909 } else if(want == SSL_ERROR_SYSCALL) { 910 /* SYSCALL and errno==0 means closed uncleanly */ 911 int silent = 0; 912 #ifdef EPIPE 913 if(errno == EPIPE && verbosity < 2) 914 silent = 1; /* silence 'broken pipe' */ 915 #endif 916 #ifdef ECONNRESET 917 if(errno == ECONNRESET && verbosity < 2) 918 silent = 1; /* silence reset by peer */ 919 #endif 920 if(errno == 0) 921 silent = 1; 922 if(!silent) 923 log_err("SSL_handshake syscall: %s", 924 strerror(errno)); 925 tap_data_free(data); 926 return 0; 927 } else { 928 unsigned long err = ERR_get_error(); 929 if(!squelch_err_ssl_handshake(err)) { 930 log_crypto_err_code("ssl handshake failed", 931 err); 932 verbose(VERB_OPS, "ssl handshake failed " 933 "from %s", data->id); 934 } 935 tap_data_free(data); 936 return 0; 937 } 938 } 939 /* check peer verification */ 940 data->ssl_handshake_done = 1; 941 if(!tap_check_peer(data)) { 942 /* closed */ 943 tap_data_free(data); 944 return 0; 945 } 946 return 1; 947 } 948 #endif /* HAVE_SSL */ 949 950 /** callback for dnstap listener */ 951 void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(bits), void* arg) 952 { 953 struct tap_data* data = (struct tap_data*)arg; 954 if(verbosity>=3) log_info("tap callback"); 955 #ifdef HAVE_SSL 956 if(data->ssl && (!data->ssl_handshake_done || 957 data->ssl_brief_write)) { 958 if(!tap_handshake(data)) 959 return; 960 } 961 #endif 962 while(data->len_done < 4) { 963 uint32_t l = (uint32_t)data->len; 964 ssize_t ret = tap_receive(data, 965 ((uint8_t*)&l)+data->len_done, 4-data->len_done); 966 if(verbosity>=4) log_info("s recv %d", (int)ret); 967 if(ret == 0) { 968 /* closed or error */ 969 tap_data_free(data); 970 return; 971 } else if(ret == -1) { 972 /* continue later */ 973 return; 974 } 975 data->len_done += ret; 976 data->len = (size_t)l; 977 if(data->len_done < 4) 978 return; /* continue later */ 979 data->len = (size_t)(ntohl(l)); 980 if(verbosity>=3) log_info("length is %d", (int)data->len); 981 if(data->len == 0) { 982 /* it is a control frame */ 983 data->control_frame = 1; 984 /* read controlframelen */ 985 data->len_done = 0; 986 } else { 987 /* allocate frame size */ 988 data->frame = calloc(1, data->len); 989 if(!data->frame) { 990 log_err("out of memory"); 991 tap_data_free(data); 992 return; 993 } 994 } 995 } 996 997 /* we want to read the full length now */ 998 if(data->data_done < data->len) { 999 ssize_t r = tap_receive(data, data->frame + data->data_done, 1000 data->len - data->data_done); 1001 if(verbosity>=4) log_info("f recv %d", (int)r); 1002 if(r == 0) { 1003 /* closed or error */ 1004 tap_data_free(data); 1005 return; 1006 } else if(r == -1) { 1007 /* continue later */ 1008 return; 1009 } 1010 data->data_done += r; 1011 if(data->data_done < data->len) 1012 return; /* continue later */ 1013 } 1014 1015 /* we are done with a frame */ 1016 if(verbosity>=3) log_info("received %sframe len %d", 1017 (data->control_frame?"control ":""), (int)data->len); 1018 #ifdef USE_DNSTAP 1019 if(data->control_frame) 1020 log_control_frame(data->frame, data->len); 1021 else log_data_frame(data->frame, data->len); 1022 #endif 1023 1024 if(data->len >= 4 && sldns_read_uint32(data->frame) == 1025 FSTRM_CONTROL_FRAME_READY) { 1026 data->is_bidirectional = 1; 1027 if(verbosity) log_info("bidirectional stream"); 1028 if(!reply_with_accept(data)) { 1029 tap_data_free(data); 1030 return; 1031 } 1032 } else if(data->len >= 4 && sldns_read_uint32(data->frame) == 1033 FSTRM_CONTROL_FRAME_STOP && data->is_bidirectional) { 1034 if(!reply_with_finish(data)) { 1035 tap_data_free(data); 1036 return; 1037 } 1038 } 1039 1040 /* prepare for next frame */ 1041 free(data->frame); 1042 data->frame = NULL; 1043 data->control_frame = 0; 1044 data->len = 0; 1045 data->len_done = 0; 1046 data->data_done = 0; 1047 1048 } 1049 1050 /** callback for main listening file descriptor */ 1051 void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg) 1052 { 1053 struct tap_socket* tap_sock = (struct tap_socket*)arg; 1054 struct main_tap_data* maindata = (struct main_tap_data*) 1055 tap_sock->data; 1056 struct tap_data* data; 1057 char* id = NULL; 1058 struct sockaddr_storage addr; 1059 socklen_t addrlen = (socklen_t)sizeof(addr); 1060 int s = accept(fd, (struct sockaddr*)&addr, &addrlen); 1061 if(s == -1) { 1062 #ifndef USE_WINSOCK 1063 /* EINTR is signal interrupt. others are closed connection. */ 1064 if( errno == EINTR || errno == EAGAIN 1065 #ifdef EWOULDBLOCK 1066 || errno == EWOULDBLOCK 1067 #endif 1068 #ifdef ECONNABORTED 1069 || errno == ECONNABORTED 1070 #endif 1071 #ifdef EPROTO 1072 || errno == EPROTO 1073 #endif /* EPROTO */ 1074 ) 1075 return; 1076 #else /* USE_WINSOCK */ 1077 if(WSAGetLastError() == WSAEINPROGRESS || 1078 WSAGetLastError() == WSAECONNRESET) 1079 return; 1080 if(WSAGetLastError() == WSAEWOULDBLOCK) { 1081 ub_winsock_tcp_wouldblock(maindata->ev, UB_EV_READ); 1082 return; 1083 } 1084 #endif 1085 log_err_addr("accept failed", sock_strerror(errno), &addr, 1086 addrlen); 1087 return; 1088 } 1089 fd_set_nonblock(s); 1090 if(verbosity) { 1091 if(addr.ss_family == AF_LOCAL) { 1092 #ifdef HAVE_SYS_UN_H 1093 struct sockaddr_un* usock = calloc(1, sizeof(struct sockaddr_un) + 1); 1094 if(usock) { 1095 socklen_t ulen = sizeof(struct sockaddr_un); 1096 if(getsockname(fd, (struct sockaddr*)usock, &ulen) != -1) { 1097 log_info("accepted new dnstap client from %s", usock->sun_path); 1098 id = strdup(usock->sun_path); 1099 } else { 1100 log_info("accepted new dnstap client"); 1101 } 1102 free(usock); 1103 } else { 1104 log_info("accepted new dnstap client"); 1105 } 1106 #endif /* HAVE_SYS_UN_H */ 1107 } else if(addr.ss_family == AF_INET || 1108 addr.ss_family == AF_INET6) { 1109 char ip[256]; 1110 addr_to_str(&addr, addrlen, ip, sizeof(ip)); 1111 log_info("accepted new dnstap client from %s", ip); 1112 id = strdup(ip); 1113 } else { 1114 log_info("accepted new dnstap client"); 1115 } 1116 } 1117 1118 data = calloc(1, sizeof(*data)); 1119 if(!data) fatal_exit("out of memory"); 1120 data->fd = s; 1121 data->id = id; 1122 if(tap_sock->sslctx) { 1123 data->ssl = incoming_ssl_fd(tap_sock->sslctx, data->fd); 1124 if(!data->ssl) fatal_exit("could not SSL_new"); 1125 } 1126 data->ev = ub_event_new(maindata->base, s, UB_EV_READ | UB_EV_PERSIST, 1127 &dtio_tap_callback, data); 1128 if(!data->ev) fatal_exit("could not ub_event_new"); 1129 if(ub_event_add(data->ev, NULL) != 0) fatal_exit("could not ub_event_add"); 1130 } 1131 1132 /** setup local accept sockets */ 1133 static void setup_local_list(struct main_tap_data* maindata, 1134 struct config_strlist_head* local_list) 1135 { 1136 struct config_strlist* item; 1137 for(item = local_list->first; item; item = item->next) { 1138 struct tap_socket* s; 1139 s = tap_socket_new_local(item->str, &dtio_mainfdcallback, 1140 maindata); 1141 if(!s) fatal_exit("out of memory"); 1142 if(!tap_socket_list_insert(&maindata->acceptlist, s)) 1143 fatal_exit("out of memory"); 1144 } 1145 } 1146 1147 /** setup tcp accept sockets */ 1148 static void setup_tcp_list(struct main_tap_data* maindata, 1149 struct config_strlist_head* tcp_list) 1150 { 1151 struct config_strlist* item; 1152 for(item = tcp_list->first; item; item = item->next) { 1153 struct tap_socket* s; 1154 s = tap_socket_new_tcpaccept(item->str, &dtio_mainfdcallback, 1155 maindata); 1156 if(!s) fatal_exit("out of memory"); 1157 if(!tap_socket_list_insert(&maindata->acceptlist, s)) 1158 fatal_exit("out of memory"); 1159 } 1160 } 1161 1162 /** setup tls accept sockets */ 1163 static void setup_tls_list(struct main_tap_data* maindata, 1164 struct config_strlist_head* tls_list, char* server_key, 1165 char* server_cert, char* verifypem) 1166 { 1167 struct config_strlist* item; 1168 for(item = tls_list->first; item; item = item->next) { 1169 struct tap_socket* s; 1170 s = tap_socket_new_tlsaccept(item->str, &dtio_mainfdcallback, 1171 maindata, server_key, server_cert, verifypem); 1172 if(!s) fatal_exit("out of memory"); 1173 if(!tap_socket_list_insert(&maindata->acceptlist, s)) 1174 fatal_exit("out of memory"); 1175 } 1176 } 1177 1178 /** signal variable */ 1179 static struct ub_event_base* sig_base = NULL; 1180 /** do we have to quit */ 1181 int sig_quit = 0; 1182 /** signal handler for user quit */ 1183 static RETSIGTYPE main_sigh(int sig) 1184 { 1185 if(!sig_quit) { 1186 char str[] = "exit on signal \n"; 1187 str[15] = '0' + (sig/10)%10; 1188 str[16] = '0' + sig%10; 1189 /* simple cast to void will not silence Wunused-result */ 1190 (void)!write(STDERR_FILENO, str, strlen(str)); 1191 } 1192 if(sig_base) { 1193 ub_event_base_loopexit(sig_base); 1194 sig_base = NULL; 1195 } 1196 sig_quit = 1; 1197 } 1198 1199 /** setup and run the server to listen to DNSTAP messages */ 1200 static void 1201 setup_and_run(struct config_strlist_head* local_list, 1202 struct config_strlist_head* tcp_list, 1203 struct config_strlist_head* tls_list, char* server_key, 1204 char* server_cert, char* verifypem) 1205 { 1206 time_t secs = 0; 1207 struct timeval now; 1208 struct main_tap_data* maindata; 1209 struct ub_event_base* base; 1210 const char *evnm="event", *evsys="", *evmethod=""; 1211 1212 maindata = calloc(1, sizeof(*maindata)); 1213 if(!maindata) fatal_exit("out of memory"); 1214 memset(&now, 0, sizeof(now)); 1215 base = ub_default_event_base(1, &secs, &now); 1216 if(!base) fatal_exit("could not create ub_event base"); 1217 maindata->base = base; 1218 sig_base = base; 1219 if(sig_quit) { 1220 ub_event_base_free(base); 1221 free(maindata); 1222 return; 1223 } 1224 ub_get_event_sys(base, &evnm, &evsys, &evmethod); 1225 if(verbosity) log_info("%s %s uses %s method", evnm, evsys, evmethod); 1226 1227 setup_local_list(maindata, local_list); 1228 setup_tcp_list(maindata, tcp_list); 1229 setup_tls_list(maindata, tls_list, server_key, server_cert, 1230 verifypem); 1231 if(!tap_socket_list_addevs(maindata->acceptlist, base)) 1232 fatal_exit("could not setup accept events"); 1233 if(verbosity) log_info("start of service"); 1234 1235 ub_event_base_dispatch(base); 1236 sig_base = NULL; 1237 1238 if(verbosity) log_info("end of service"); 1239 tap_socket_list_delete(maindata->acceptlist); 1240 ub_event_base_free(base); 1241 free(maindata); 1242 } 1243 1244 /** getopt global, in case header files fail to declare it. */ 1245 extern int optind; 1246 /** getopt global, in case header files fail to declare it. */ 1247 extern char* optarg; 1248 1249 /** main program for streamtcp */ 1250 int main(int argc, char** argv) 1251 { 1252 int c; 1253 int usessl = 0; 1254 struct config_strlist_head local_list; 1255 struct config_strlist_head tcp_list; 1256 struct config_strlist_head tls_list; 1257 char* server_key = NULL, *server_cert = NULL, *verifypem = NULL; 1258 #ifdef USE_WINSOCK 1259 WSADATA wsa_data; 1260 if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) { 1261 printf("WSAStartup failed\n"); 1262 return 1; 1263 } 1264 #endif 1265 if(signal(SIGINT, main_sigh) == SIG_ERR || 1266 #ifdef SIGQUIT 1267 signal(SIGQUIT, main_sigh) == SIG_ERR || 1268 #endif 1269 #ifdef SIGHUP 1270 signal(SIGHUP, main_sigh) == SIG_ERR || 1271 #endif 1272 #ifdef SIGBREAK 1273 signal(SIGBREAK, main_sigh) == SIG_ERR || 1274 #endif 1275 signal(SIGTERM, main_sigh) == SIG_ERR) 1276 fatal_exit("could not bind to signal"); 1277 memset(&local_list, 0, sizeof(local_list)); 1278 memset(&tcp_list, 0, sizeof(tcp_list)); 1279 memset(&tls_list, 0, sizeof(tls_list)); 1280 1281 /* lock debug start (if any) */ 1282 checklock_start(); 1283 log_ident_set("unbound-dnstap-socket"); 1284 log_init(0, 0, 0); 1285 1286 #ifdef SIGPIPE 1287 if(signal(SIGPIPE, SIG_IGN) == SIG_ERR) { 1288 perror("could not install signal handler for SIGPIPE"); 1289 return 1; 1290 } 1291 #endif 1292 1293 /* command line options */ 1294 while( (c=getopt(argc, argv, "hls:t:u:vx:y:z:")) != -1) { 1295 switch(c) { 1296 case 'u': 1297 if(!cfg_strlist_append(&local_list, 1298 strdup(optarg))) 1299 fatal_exit("out of memory"); 1300 break; 1301 case 's': 1302 if(!cfg_strlist_append(&tcp_list, 1303 strdup(optarg))) 1304 fatal_exit("out of memory"); 1305 break; 1306 case 't': 1307 if(!cfg_strlist_append(&tls_list, 1308 strdup(optarg))) 1309 fatal_exit("out of memory"); 1310 usessl = 1; 1311 break; 1312 case 'x': 1313 server_key = optarg; 1314 usessl = 1; 1315 break; 1316 case 'y': 1317 server_cert = optarg; 1318 usessl = 1; 1319 break; 1320 case 'z': 1321 verifypem = optarg; 1322 usessl = 1; 1323 break; 1324 case 'l': 1325 longformat = 1; 1326 break; 1327 case 'v': 1328 verbosity++; 1329 break; 1330 case 'h': 1331 case '?': 1332 default: 1333 usage(argv); 1334 } 1335 } 1336 argc -= optind; 1337 argv += optind; 1338 1339 if(usessl) { 1340 #ifdef HAVE_SSL 1341 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 1342 ERR_load_SSL_strings(); 1343 #endif 1344 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) 1345 # ifndef S_SPLINT_S 1346 OpenSSL_add_all_algorithms(); 1347 # endif 1348 #else 1349 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS 1350 | OPENSSL_INIT_ADD_ALL_DIGESTS 1351 | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); 1352 #endif 1353 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 1354 (void)SSL_library_init(); 1355 #else 1356 (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); 1357 #endif 1358 #endif /* HAVE_SSL */ 1359 } 1360 setup_and_run(&local_list, &tcp_list, &tls_list, server_key, 1361 server_cert, verifypem); 1362 config_delstrlist(local_list.first); 1363 config_delstrlist(tcp_list.first); 1364 config_delstrlist(tls_list.first); 1365 1366 checklock_stop(); 1367 #ifdef USE_WINSOCK 1368 WSACleanup(); 1369 #endif 1370 return 0; 1371 } 1372 1373 /***--- definitions to make fptr_wlist work. ---***/ 1374 /* These are callbacks, similar to smallapp callbacks, except the debug 1375 * tool callbacks are not in it */ 1376 struct tube; 1377 struct query_info; 1378 #include "util/data/packed_rrset.h" 1379 #include "daemon/worker.h" 1380 #include "daemon/remote.h" 1381 #include "util/fptr_wlist.h" 1382 #include "libunbound/context.h" 1383 1384 void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), 1385 uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), 1386 int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) 1387 { 1388 log_assert(0); 1389 } 1390 1391 int worker_handle_request(struct comm_point* ATTR_UNUSED(c), 1392 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1393 struct comm_reply* ATTR_UNUSED(repinfo)) 1394 { 1395 log_assert(0); 1396 return 0; 1397 } 1398 1399 int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), 1400 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1401 struct comm_reply* ATTR_UNUSED(reply_info)) 1402 { 1403 log_assert(0); 1404 return 0; 1405 } 1406 1407 int remote_accept_callback(struct comm_point* ATTR_UNUSED(c), 1408 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1409 struct comm_reply* ATTR_UNUSED(repinfo)) 1410 { 1411 log_assert(0); 1412 return 0; 1413 } 1414 1415 int remote_control_callback(struct comm_point* ATTR_UNUSED(c), 1416 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1417 struct comm_reply* ATTR_UNUSED(repinfo)) 1418 { 1419 log_assert(0); 1420 return 0; 1421 } 1422 1423 void worker_sighandler(int ATTR_UNUSED(sig), void* ATTR_UNUSED(arg)) 1424 { 1425 log_assert(0); 1426 } 1427 1428 struct outbound_entry* worker_send_query( 1429 struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), 1430 int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), 1431 int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit), 1432 struct sockaddr_storage* ATTR_UNUSED(addr), 1433 socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), 1434 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream), 1435 int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name), 1436 struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited)) 1437 { 1438 log_assert(0); 1439 return 0; 1440 } 1441 1442 #ifdef UB_ON_WINDOWS 1443 void 1444 worker_win_stop_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), void* 1445 ATTR_UNUSED(arg)) { 1446 log_assert(0); 1447 } 1448 1449 void 1450 wsvc_cron_cb(void* ATTR_UNUSED(arg)) 1451 { 1452 log_assert(0); 1453 } 1454 #endif /* UB_ON_WINDOWS */ 1455 1456 void 1457 worker_alloc_cleanup(void* ATTR_UNUSED(arg)) 1458 { 1459 log_assert(0); 1460 } 1461 1462 struct outbound_entry* libworker_send_query( 1463 struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), 1464 int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), 1465 int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit), 1466 struct sockaddr_storage* ATTR_UNUSED(addr), 1467 socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), 1468 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream), 1469 int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name), 1470 struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited)) 1471 { 1472 log_assert(0); 1473 return 0; 1474 } 1475 1476 int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), 1477 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1478 struct comm_reply* ATTR_UNUSED(reply_info)) 1479 { 1480 log_assert(0); 1481 return 0; 1482 } 1483 1484 void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), 1485 uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), 1486 int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) 1487 { 1488 log_assert(0); 1489 } 1490 1491 void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 1492 struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), 1493 char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) 1494 { 1495 log_assert(0); 1496 } 1497 1498 void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 1499 struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), 1500 char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) 1501 { 1502 log_assert(0); 1503 } 1504 1505 void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 1506 struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), 1507 char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) 1508 { 1509 log_assert(0); 1510 } 1511 1512 int context_query_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) 1513 { 1514 log_assert(0); 1515 return 0; 1516 } 1517 1518 void worker_stat_timer_cb(void* ATTR_UNUSED(arg)) 1519 { 1520 log_assert(0); 1521 } 1522 1523 void worker_probe_timer_cb(void* ATTR_UNUSED(arg)) 1524 { 1525 log_assert(0); 1526 } 1527 1528 void worker_start_accept(void* ATTR_UNUSED(arg)) 1529 { 1530 log_assert(0); 1531 } 1532 1533 void worker_stop_accept(void* ATTR_UNUSED(arg)) 1534 { 1535 log_assert(0); 1536 } 1537 1538 /** keep track of lock id in lock-verify application */ 1539 struct order_id { 1540 /** the thread id that created it */ 1541 int thr; 1542 /** the instance number of creation */ 1543 int instance; 1544 }; 1545 1546 int order_lock_cmp(const void* e1, const void* e2) 1547 { 1548 const struct order_id* o1 = e1; 1549 const struct order_id* o2 = e2; 1550 if(o1->thr < o2->thr) return -1; 1551 if(o1->thr > o2->thr) return 1; 1552 if(o1->instance < o2->instance) return -1; 1553 if(o1->instance > o2->instance) return 1; 1554 return 0; 1555 } 1556 1557 int 1558 codeline_cmp(const void* a, const void* b) 1559 { 1560 return strcmp(a, b); 1561 } 1562 1563 int replay_var_compare(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) 1564 { 1565 log_assert(0); 1566 return 0; 1567 } 1568 1569 void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg)) 1570 { 1571 log_assert(0); 1572 } 1573