1 /* 2 * dnstap/unbound-dnstap-socket.c - debug program that listens for DNSTAP logs. 3 * 4 * Copyright (c) 2020, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This program listens on a DNSTAP socket for logged messages. 40 */ 41 #include "config.h" 42 #ifdef HAVE_GETOPT_H 43 #include <getopt.h> 44 #endif 45 #include <signal.h> 46 #include <stdlib.h> 47 #include <unistd.h> 48 #include <signal.h> 49 #include <ctype.h> 50 #ifdef HAVE_SYS_UN_H 51 #include <sys/un.h> 52 #endif 53 #include <openssl/ssl.h> 54 #include <openssl/rand.h> 55 #include <openssl/err.h> 56 #include "dnstap/dtstream.h" 57 #include "dnstap/dnstap_fstrm.h" 58 #include "util/log.h" 59 #include "util/ub_event.h" 60 #include "util/net_help.h" 61 #include "services/listen_dnsport.h" 62 #include "sldns/sbuffer.h" 63 #include "sldns/wire2str.h" 64 #include "sldns/pkthdr.h" 65 #ifdef USE_DNSTAP 66 #include <protobuf-c/protobuf-c.h> 67 #include "dnstap/dnstap.pb-c.h" 68 #endif /* USE_DNSTAP */ 69 #include "util/config_file.h" 70 71 /** listen backlog on TCP connections for dnstap logs */ 72 #define LISTEN_BACKLOG 16 73 74 /** usage information for streamtcp */ 75 static void usage(char* argv[]) 76 { 77 printf("usage: %s [options]\n", argv[0]); 78 printf(" Listen to dnstap messages\n"); 79 printf("stdout has dnstap log, stderr has verbose server log\n"); 80 printf("-u <socketpath> listen to unix socket with this file name\n"); 81 printf("-s <serverip[@port]> listen for TCP on the IP and port\n"); 82 printf("-t <serverip[@port]> listen for TLS on IP and port\n"); 83 printf("-x <server.key> server key file for TLS service\n"); 84 printf("-y <server.pem> server cert file for TLS service\n"); 85 printf("-z <verify.pem> cert file to verify client connections\n"); 86 printf("-l long format for DNS printout\n"); 87 printf("-v more verbose log output\n"); 88 printf("-c internal unit test and exit\n"); 89 printf("-h this help text\n"); 90 exit(1); 91 } 92 93 /** long format option, for multiline printout per message */ 94 static int longformat = 0; 95 96 struct tap_socket_list; 97 struct tap_socket; 98 /** main tap callback data */ 99 struct main_tap_data { 100 /** the event base (to loopexit) */ 101 struct ub_event_base* base; 102 /** the list of accept sockets */ 103 struct tap_socket_list* acceptlist; 104 }; 105 106 /* list of data */ 107 struct tap_data_list { 108 /** next in list */ 109 struct tap_data_list* next; 110 /** the data */ 111 struct tap_data* d; 112 }; 113 114 /** tap callback variables */ 115 struct tap_data { 116 /** the fd */ 117 int fd; 118 /** the ub event */ 119 struct ub_event* ev; 120 /** the SSL for TLS streams */ 121 SSL* ssl; 122 /** is the ssl handshake done */ 123 int ssl_handshake_done; 124 /** we are briefly waiting to write (in the struct event) */ 125 int ssl_brief_write; 126 /** string that identifies the socket (or NULL), like IP address */ 127 char* id; 128 /** have we read the length, and how many bytes of it */ 129 int len_done; 130 /** have we read the data, and how many bytes of it */ 131 size_t data_done; 132 /** are we reading a control frame */ 133 int control_frame; 134 /** are we bi-directional (if false, uni-directional) */ 135 int is_bidirectional; 136 /** data of the frame */ 137 uint8_t* frame; 138 /** length of this frame */ 139 size_t len; 140 /** back pointer to the tap_data_list entry; 141 * used to NULL the forward pointer to this data 142 * when this data is freed. */ 143 struct tap_data_list* data_list; 144 }; 145 146 /** list of sockets */ 147 struct tap_socket_list { 148 /** next in list */ 149 struct tap_socket_list* next; 150 /** the socket */ 151 struct tap_socket* s; 152 }; 153 154 /** tap socket */ 155 struct tap_socket { 156 /** fd of socket */ 157 int fd; 158 /** the event for it */ 159 struct ub_event *ev; 160 /** has the event been added */ 161 int ev_added; 162 /** the callback, for the event, ev_cb(fd, bits, arg) */ 163 void (*ev_cb)(int, short, void*); 164 /** data element, (arg for the tap_socket struct) */ 165 void* data; 166 /** socketpath, if this is an AF_LOCAL socket */ 167 char* socketpath; 168 /** IP, if this is a TCP socket */ 169 char* ip; 170 /** for a TLS socket, the tls context */ 171 SSL_CTX* sslctx; 172 /** dumb way to deal with memory leaks: 173 * tap_data was only freed on errors and not during exit leading to 174 * false positives when testing for memory leaks. */ 175 struct tap_data_list* data_list; 176 }; 177 178 /** try to delete tail entries from the list if all of them have no data */ 179 static void tap_data_list_try_to_free_tail(struct tap_data_list* list) 180 { 181 struct tap_data_list* current = list; 182 log_assert(!list->d); 183 if(!list->next) /* we are the last, we can't remove ourselves */ 184 return; 185 list = list->next; 186 while(list) { 187 if(list->d) /* a tail entry still has data; return */ 188 return; 189 list = list->next; 190 } 191 /* keep the next */ 192 list = current->next; 193 /* the tail will be removed; but not ourselves */ 194 current->next = NULL; 195 while(list) { 196 current = list; 197 list = list->next; 198 free(current); 199 } 200 } 201 202 /** delete the tap structure */ 203 static void tap_data_free(struct tap_data* data, int free_tail) 204 { 205 if(!data) 206 return; 207 if(data->ev) { 208 ub_event_del(data->ev); 209 ub_event_free(data->ev); 210 } 211 #ifdef HAVE_SSL 212 SSL_free(data->ssl); 213 #endif 214 sock_close(data->fd); 215 free(data->id); 216 free(data->frame); 217 if(data->data_list) { 218 data->data_list->d = NULL; 219 if(free_tail) 220 tap_data_list_try_to_free_tail(data->data_list); 221 } 222 free(data); 223 } 224 225 /** insert tap_data in the tap_data_list */ 226 static int tap_data_list_insert(struct tap_data_list** liststart, 227 struct tap_data* d) 228 { 229 struct tap_data_list* entry = (struct tap_data_list*) 230 malloc(sizeof(*entry)); 231 if(!entry) 232 return 0; 233 entry->next = *liststart; 234 entry->d = d; 235 d->data_list = entry; 236 *liststart = entry; 237 return 1; 238 } 239 240 /** delete the tap_data_list and free any remaining tap_data */ 241 static void tap_data_list_delete(struct tap_data_list* list) 242 { 243 struct tap_data_list* e = list, *next; 244 while(e) { 245 next = e->next; 246 if(e->d) { 247 tap_data_free(e->d, 0); 248 e->d = NULL; 249 } 250 free(e); 251 e = next; 252 } 253 } 254 255 /** del the tap event */ 256 static void tap_socket_delev(struct tap_socket* s) 257 { 258 if(!s) return; 259 if(!s->ev) return; 260 if(!s->ev_added) return; 261 ub_event_del(s->ev); 262 s->ev_added = 0; 263 } 264 265 /** close the tap socket */ 266 static void tap_socket_close(struct tap_socket* s) 267 { 268 if(!s) return; 269 if(s->fd == -1) return; 270 sock_close(s->fd); 271 s->fd = -1; 272 } 273 274 /** delete tap socket */ 275 static void tap_socket_delete(struct tap_socket* s) 276 { 277 if(!s) return; 278 #ifdef HAVE_SSL 279 SSL_CTX_free(s->sslctx); 280 #endif 281 tap_data_list_delete(s->data_list); 282 ub_event_free(s->ev); 283 free(s->socketpath); 284 free(s->ip); 285 free(s); 286 } 287 288 /** create new socket (unconnected, not base-added), or NULL malloc fail */ 289 static struct tap_socket* tap_socket_new_local(char* socketpath, 290 void (*ev_cb)(int, short, void*), void* data) 291 { 292 struct tap_socket* s = calloc(1, sizeof(*s)); 293 if(!s) { 294 log_err("malloc failure"); 295 return NULL; 296 } 297 s->socketpath = strdup(socketpath); 298 if(!s->socketpath) { 299 free(s); 300 log_err("malloc failure"); 301 return NULL; 302 } 303 s->fd = -1; 304 s->ev_cb = ev_cb; 305 s->data = data; 306 return s; 307 } 308 309 /** create new socket (unconnected, not base-added), or NULL malloc fail */ 310 static struct tap_socket* tap_socket_new_tcpaccept(char* ip, 311 void (*ev_cb)(int, short, void*), void* data) 312 { 313 struct tap_socket* s = calloc(1, sizeof(*s)); 314 if(!s) { 315 log_err("malloc failure"); 316 return NULL; 317 } 318 s->ip = strdup(ip); 319 if(!s->ip) { 320 free(s); 321 log_err("malloc failure"); 322 return NULL; 323 } 324 s->fd = -1; 325 s->ev_cb = ev_cb; 326 s->data = data; 327 return s; 328 } 329 330 /** create new socket (unconnected, not base-added), or NULL malloc fail */ 331 static struct tap_socket* tap_socket_new_tlsaccept(char* ip, 332 void (*ev_cb)(int, short, void*), void* data, char* server_key, 333 char* server_cert, char* verifypem) 334 { 335 struct tap_socket* s = calloc(1, sizeof(*s)); 336 if(!s) { 337 log_err("malloc failure"); 338 return NULL; 339 } 340 s->ip = strdup(ip); 341 if(!s->ip) { 342 free(s); 343 log_err("malloc failure"); 344 return NULL; 345 } 346 s->fd = -1; 347 s->ev_cb = ev_cb; 348 s->data = data; 349 s->sslctx = listen_sslctx_create(server_key, server_cert, verifypem); 350 if(!s->sslctx) { 351 log_err("could not create ssl context"); 352 free(s->ip); 353 free(s); 354 return NULL; 355 } 356 return s; 357 } 358 359 /** setup tcp accept socket on IP string */ 360 static int make_tcp_accept(char* ip) 361 { 362 #ifdef SO_REUSEADDR 363 int on = 1; 364 #endif 365 struct sockaddr_storage addr; 366 socklen_t len; 367 int s; 368 369 memset(&addr, 0, sizeof(addr)); 370 len = (socklen_t)sizeof(addr); 371 if(!extstrtoaddr(ip, &addr, &len, UNBOUND_DNS_PORT)) { 372 log_err("could not parse IP '%s'", ip); 373 return -1; 374 } 375 376 if((s = socket(addr.ss_family, SOCK_STREAM, 0)) == -1) { 377 log_err("can't create socket: %s", sock_strerror(errno)); 378 return -1; 379 } 380 #ifdef SO_REUSEADDR 381 if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, 382 (socklen_t)sizeof(on)) < 0) { 383 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", 384 sock_strerror(errno)); 385 sock_close(s); 386 return -1; 387 } 388 #endif /* SO_REUSEADDR */ 389 if(bind(s, (struct sockaddr*)&addr, len) != 0) { 390 log_err_addr("can't bind socket", sock_strerror(errno), 391 &addr, len); 392 sock_close(s); 393 return -1; 394 } 395 if(!fd_set_nonblock(s)) { 396 sock_close(s); 397 return -1; 398 } 399 if(listen(s, LISTEN_BACKLOG) == -1) { 400 log_err("can't listen: %s", sock_strerror(errno)); 401 sock_close(s); 402 return -1; 403 } 404 return s; 405 } 406 407 /** setup socket on event base */ 408 static int tap_socket_setup(struct tap_socket* s, struct ub_event_base* base) 409 { 410 if(s->socketpath) { 411 /* AF_LOCAL accept socket */ 412 s->fd = create_local_accept_sock(s->socketpath, NULL, 0); 413 if(s->fd == -1) { 414 log_err("could not create local socket"); 415 return 0; 416 } 417 } else if(s->ip || s->sslctx) { 418 /* TCP accept socket */ 419 s->fd = make_tcp_accept(s->ip); 420 if(s->fd == -1) { 421 log_err("could not create tcp socket"); 422 return 0; 423 } 424 } 425 s->ev = ub_event_new(base, s->fd, UB_EV_READ | UB_EV_PERSIST, 426 s->ev_cb, s); 427 if(!s->ev) { 428 log_err("could not ub_event_new"); 429 return 0; 430 } 431 if(ub_event_add(s->ev, NULL) != 0) { 432 log_err("could not ub_event_add"); 433 return 0; 434 } 435 s->ev_added = 1; 436 return 1; 437 } 438 439 /** add tap socket to list */ 440 static int tap_socket_list_insert(struct tap_socket_list** liststart, 441 struct tap_socket* s) 442 { 443 struct tap_socket_list* entry = (struct tap_socket_list*) 444 malloc(sizeof(*entry)); 445 if(!entry) 446 return 0; 447 entry->next = *liststart; 448 entry->s = s; 449 *liststart = entry; 450 return 1; 451 } 452 453 /** delete the list */ 454 static void tap_socket_list_delete(struct tap_socket_list* list) 455 { 456 struct tap_socket_list* e = list, *next; 457 while(e) { 458 next = e->next; 459 tap_socket_delev(e->s); 460 tap_socket_close(e->s); 461 tap_socket_delete(e->s); 462 free(e); 463 e = next; 464 } 465 } 466 467 /** setup accept events */ 468 static int tap_socket_list_addevs(struct tap_socket_list* list, 469 struct ub_event_base* base) 470 { 471 struct tap_socket_list* entry; 472 for(entry = list; entry; entry = entry->next) { 473 if(!tap_socket_setup(entry->s, base)) { 474 log_err("could not setup socket"); 475 return 0; 476 } 477 } 478 return 1; 479 } 480 481 #ifdef USE_DNSTAP 482 /** log control frame contents */ 483 static void log_control_frame(uint8_t* pkt, size_t len) 484 { 485 char* desc; 486 if(verbosity == 0) return; 487 desc = fstrm_describe_control(pkt, len); 488 if(!desc) { 489 log_err("out of memory"); 490 return; 491 } 492 log_info("control frame %s", desc); 493 free(desc); 494 } 495 496 /** convert mtype to string */ 497 static const char* mtype_to_str(enum _Dnstap__Message__Type mtype) 498 { 499 switch(mtype) { 500 case DNSTAP__MESSAGE__TYPE__AUTH_QUERY: 501 return "AUTH_QUERY"; 502 case DNSTAP__MESSAGE__TYPE__AUTH_RESPONSE: 503 return "AUTH_RESPONSE"; 504 case DNSTAP__MESSAGE__TYPE__RESOLVER_QUERY: 505 return "RESOLVER_QUERY"; 506 case DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE: 507 return "RESOLVER_RESPONSE"; 508 case DNSTAP__MESSAGE__TYPE__CLIENT_QUERY: 509 return "CLIENT_QUERY"; 510 case DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE: 511 return "CLIENT_RESPONSE"; 512 case DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY: 513 return "FORWARDER_QUERY"; 514 case DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE: 515 return "FORWARDER_RESPONSE"; 516 case DNSTAP__MESSAGE__TYPE__STUB_QUERY: 517 return "STUB_QUERY"; 518 case DNSTAP__MESSAGE__TYPE__STUB_RESPONSE: 519 return "STUB_RESPONSE"; 520 default: break; 521 } 522 return "unknown_message_type"; 523 } 524 525 /** convert type address to a string ip4 or ip6, malloced or NULL on fail */ 526 static char* str_of_addr(ProtobufCBinaryData address) 527 { 528 char buf[64]; 529 socklen_t len = sizeof(buf); 530 if(address.len == 4) { 531 if(inet_ntop(AF_INET, address.data, buf, len)!=0) 532 return strdup(buf); 533 } else if(address.len == 16) { 534 if(inet_ntop(AF_INET6, address.data, buf, len)!=0) 535 return strdup(buf); 536 } 537 return NULL; 538 } 539 540 /** convert message buffer (of dns bytes) to the first qname, type, class, 541 * malloced or NULL on fail */ 542 static char* q_of_msg(ProtobufCBinaryData message) 543 { 544 char buf[300]; 545 /* header, name, type, class minimum to get the query tuple */ 546 if(message.len < 12 + 1 + 4 + 4) return NULL; 547 if(LDNS_QDCOUNT(message.data) < 1) return NULL; 548 if(sldns_wire2str_rrquestion_buf(message.data+12, message.len-12, 549 buf, sizeof(buf)) != 0) { 550 /* remove trailing newline, tabs to spaces */ 551 /* remove the newline: */ 552 if(buf[0] != 0) buf[strlen(buf)-1]=0; 553 /* remove first tab (before type) */ 554 if(strrchr(buf, '\t')) *strrchr(buf, '\t')=' '; 555 /* remove second tab (before class) */ 556 if(strrchr(buf, '\t')) *strrchr(buf, '\t')=' '; 557 return strdup(buf); 558 } 559 return NULL; 560 } 561 562 /** convert possible string or hex data to string. malloced or NULL */ 563 static char* possible_str(ProtobufCBinaryData str) 564 { 565 int is_str = 1; 566 size_t i; 567 for(i=0; i<str.len; i++) { 568 if(!isprint((unsigned char)str.data[i])) 569 is_str = 0; 570 } 571 if(is_str) { 572 char* res = malloc(str.len+1); 573 if(res) { 574 memmove(res, str.data, str.len); 575 res[str.len] = 0; 576 return res; 577 } 578 } else { 579 const char* hex = "0123456789ABCDEF"; 580 char* res = malloc(str.len*2+1); 581 if(res) { 582 for(i=0; i<str.len; i++) { 583 res[i*2] = hex[(str.data[i]&0xf0)>>4]; 584 res[i*2+1] = hex[str.data[i]&0x0f]; 585 } 586 res[str.len*2] = 0; 587 return res; 588 } 589 } 590 return NULL; 591 } 592 593 /** convert timeval to string, malloced or NULL */ 594 static char* tv_to_str(protobuf_c_boolean has_time_sec, uint64_t time_sec, 595 protobuf_c_boolean has_time_nsec, uint32_t time_nsec) 596 { 597 char buf[64], buf2[256]; 598 struct timeval tv; 599 time_t time_t_sec; 600 memset(&tv, 0, sizeof(tv)); 601 if(has_time_sec) tv.tv_sec = time_sec; 602 if(has_time_nsec) tv.tv_usec = time_nsec/1000; 603 604 buf[0]=0; 605 time_t_sec = tv.tv_sec; 606 (void)ctime_r(&time_t_sec, buf); 607 snprintf(buf2, sizeof(buf2), "%u.%9.9u %s", 608 (unsigned)time_sec, (unsigned)time_nsec, buf); 609 return strdup(buf2); 610 } 611 612 /** log data frame contents */ 613 static void log_data_frame(uint8_t* pkt, size_t len) 614 { 615 Dnstap__Dnstap* d = dnstap__dnstap__unpack(NULL, len, pkt); 616 const char* mtype = NULL; 617 char* maddr=NULL, *qinf=NULL; 618 if(!d) { 619 log_err("could not unpack"); 620 return; 621 } 622 if(d->base.descriptor != &dnstap__dnstap__descriptor) { 623 log_err("wrong base descriptor"); 624 dnstap__dnstap__free_unpacked(d, NULL); 625 return; 626 } 627 if(d->type != DNSTAP__DNSTAP__TYPE__MESSAGE) { 628 log_err("dnstap type not type_message"); 629 dnstap__dnstap__free_unpacked(d, NULL); 630 return; 631 } 632 if(d->message) { 633 mtype = mtype_to_str(d->message->type); 634 if(d->message->has_query_address) 635 maddr = str_of_addr(d->message->query_address); 636 else if(d->message->has_response_address) 637 maddr = str_of_addr(d->message->response_address); 638 if(d->message->has_query_message) 639 qinf = q_of_msg(d->message->query_message); 640 else if(d->message->has_response_message) 641 qinf = q_of_msg(d->message->response_message); 642 643 } else { 644 mtype = "nomessage"; 645 } 646 647 printf("%s%s%s%s%s\n", mtype, (maddr?" ":""), (maddr?maddr:""), 648 (qinf?" ":""), (qinf?qinf:"")); 649 free(maddr); 650 free(qinf); 651 652 if(longformat) { 653 char* id=NULL, *vs=NULL; 654 if(d->has_identity) { 655 id=possible_str(d->identity); 656 } 657 if(d->has_version) { 658 vs=possible_str(d->version); 659 } 660 if(id || vs) 661 printf("identity: %s%s%s\n", (id?id:""), 662 (id&&vs?" ":""), (vs?vs:"")); 663 free(id); 664 free(vs); 665 666 if(d->message && d->message->has_query_message && 667 d->message->query_message.data) { 668 char* qmsg = sldns_wire2str_pkt( 669 d->message->query_message.data, 670 d->message->query_message.len); 671 if(qmsg) { 672 printf("query_message:\n%s", qmsg); 673 free(qmsg); 674 } 675 } 676 if(d->message && d->message->has_query_time_sec) { 677 char* qtv = tv_to_str(d->message->has_query_time_sec, 678 d->message->query_time_sec, 679 d->message->has_query_time_nsec, 680 d->message->query_time_nsec); 681 if(qtv) { 682 printf("query_time: %s\n", qtv); 683 free(qtv); 684 } 685 } 686 if(d->message && d->message->has_response_message && 687 d->message->response_message.data) { 688 char* rmsg = sldns_wire2str_pkt( 689 d->message->response_message.data, 690 d->message->response_message.len); 691 if(rmsg) { 692 printf("response_message:\n%s", rmsg); 693 free(rmsg); 694 } 695 } 696 if(d->message && d->message->has_response_time_sec) { 697 char* rtv = tv_to_str(d->message->has_response_time_sec, 698 d->message->response_time_sec, 699 d->message->has_response_time_nsec, 700 d->message->response_time_nsec); 701 if(rtv) { 702 printf("response_time: %s\n", rtv); 703 free(rtv); 704 } 705 } 706 } 707 fflush(stdout); 708 dnstap__dnstap__free_unpacked(d, NULL); 709 } 710 #endif /* USE_DNSTAP */ 711 712 /** receive bytes from fd, prints errors if bad, 713 * returns 0: closed/error, -1: continue, >0 number of bytes */ 714 static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf, 715 size_t len) 716 { 717 ssize_t ret = recv(fd, buf, len, MSG_DONTWAIT); 718 if(ret == 0) { 719 /* closed */ 720 if(verbosity) log_info("dnstap client stream closed from %s", 721 (data->id?data->id:"")); 722 return 0; 723 } else if(ret == -1) { 724 /* error */ 725 #ifndef USE_WINSOCK 726 if(errno == EINTR || errno == EAGAIN) 727 return -1; 728 #else /* USE_WINSOCK */ 729 if(WSAGetLastError() == WSAEINPROGRESS) 730 return -1; 731 if(WSAGetLastError() == WSAEWOULDBLOCK) { 732 ub_winsock_tcp_wouldblock(data->ev, UB_EV_READ); 733 return -1; 734 } 735 #endif 736 log_err("could not recv: %s", sock_strerror(errno)); 737 if(verbosity) log_info("dnstap client stream closed from %s", 738 (data->id?data->id:"")); 739 return 0; 740 } 741 return ret; 742 } 743 744 /* define routine for have_ssl only to avoid unused function warning */ 745 #ifdef HAVE_SSL 746 /** set to wait briefly for a write event, for one event call */ 747 static void tap_enable_brief_write(struct tap_data* data) 748 { 749 ub_event_del(data->ev); 750 ub_event_del_bits(data->ev, UB_EV_READ); 751 ub_event_add_bits(data->ev, UB_EV_WRITE); 752 if(ub_event_add(data->ev, NULL) != 0) 753 log_err("could not ub_event_add in tap_enable_brief_write"); 754 data->ssl_brief_write = 1; 755 } 756 #endif /* HAVE_SSL */ 757 758 /* define routine for have_ssl only to avoid unused function warning */ 759 #ifdef HAVE_SSL 760 /** stop the brief wait for a write event. back to reading. */ 761 static void tap_disable_brief_write(struct tap_data* data) 762 { 763 ub_event_del(data->ev); 764 ub_event_del_bits(data->ev, UB_EV_WRITE); 765 ub_event_add_bits(data->ev, UB_EV_READ); 766 if(ub_event_add(data->ev, NULL) != 0) 767 log_err("could not ub_event_add in tap_disable_brief_write"); 768 data->ssl_brief_write = 0; 769 } 770 #endif /* HAVE_SSL */ 771 772 #ifdef HAVE_SSL 773 /** receive bytes over ssl stream, prints errors if bad, 774 * returns 0: closed/error, -1: continue, >0 number of bytes */ 775 static ssize_t ssl_read_bytes(struct tap_data* data, void* buf, size_t len) 776 { 777 int r; 778 ERR_clear_error(); 779 r = SSL_read(data->ssl, buf, len); 780 if(r <= 0) { 781 int want = SSL_get_error(data->ssl, r); 782 if(want == SSL_ERROR_ZERO_RETURN) { 783 /* closed */ 784 if(verbosity) log_info("dnstap client stream closed from %s", 785 (data->id?data->id:"")); 786 return 0; 787 } else if(want == SSL_ERROR_WANT_READ) { 788 /* continue later */ 789 return -1; 790 } else if(want == SSL_ERROR_WANT_WRITE) { 791 /* set to briefly write */ 792 tap_enable_brief_write(data); 793 return -1; 794 } else if(want == SSL_ERROR_SYSCALL) { 795 #ifdef ECONNRESET 796 if(errno == ECONNRESET && verbosity < 2) 797 return 0; /* silence reset by peer */ 798 #endif 799 if(errno != 0) 800 log_err("SSL_read syscall: %s", 801 strerror(errno)); 802 if(verbosity) log_info("dnstap client stream closed from %s", 803 (data->id?data->id:"")); 804 return 0; 805 } 806 log_crypto_err_io("could not SSL_read", want); 807 if(verbosity) log_info("dnstap client stream closed from %s", 808 (data->id?data->id:"")); 809 return 0; 810 } 811 return r; 812 } 813 #endif /* HAVE_SSL */ 814 815 /** receive bytes on the tap connection, prints errors if bad, 816 * returns 0: closed/error, -1: continue, >0 number of bytes */ 817 static ssize_t tap_receive(struct tap_data* data, void* buf, size_t len) 818 { 819 #ifdef HAVE_SSL 820 if(data->ssl) 821 return ssl_read_bytes(data, buf, len); 822 #endif 823 return receive_bytes(data, data->fd, buf, len); 824 } 825 826 /** reply with ACCEPT control frame to bidirectional client, 827 * returns 0 on error */ 828 static int reply_with_accept(struct tap_data* data) 829 { 830 #ifdef USE_DNSTAP 831 /* len includes the escape and framelength */ 832 size_t len = 0; 833 void* acceptframe = fstrm_create_control_frame_accept( 834 DNSTAP_CONTENT_TYPE, &len); 835 if(!acceptframe) { 836 log_err("out of memory"); 837 return 0; 838 } 839 840 fd_set_block(data->fd); 841 if(data->ssl) { 842 #ifdef HAVE_SSL 843 int r; 844 if((r=SSL_write(data->ssl, acceptframe, len)) <= 0) { 845 int r2; 846 if((r2=SSL_get_error(data->ssl, r)) == SSL_ERROR_ZERO_RETURN) 847 log_err("SSL_write, peer closed connection"); 848 else 849 log_crypto_err_io("could not SSL_write", r2); 850 fd_set_nonblock(data->fd); 851 free(acceptframe); 852 return 0; 853 } 854 #endif 855 } else { 856 if(send(data->fd, acceptframe, len, 0) == -1) { 857 log_err("send failed: %s", sock_strerror(errno)); 858 fd_set_nonblock(data->fd); 859 free(acceptframe); 860 return 0; 861 } 862 } 863 if(verbosity) log_info("sent control frame(accept) content-type:(%s)", 864 DNSTAP_CONTENT_TYPE); 865 866 fd_set_nonblock(data->fd); 867 free(acceptframe); 868 return 1; 869 #else 870 log_err("no dnstap compiled, no reply"); 871 (void)data; 872 return 0; 873 #endif 874 } 875 876 /** reply with FINISH control frame to bidirectional client, 877 * returns 0 on error */ 878 static int reply_with_finish(struct tap_data* data) 879 { 880 #ifdef USE_DNSTAP 881 size_t len = 0; 882 void* finishframe = fstrm_create_control_frame_finish(&len); 883 if(!finishframe) { 884 log_err("out of memory"); 885 return 0; 886 } 887 888 fd_set_block(data->fd); 889 if(data->ssl) { 890 #ifdef HAVE_SSL 891 int r; 892 if((r=SSL_write(data->ssl, finishframe, len)) <= 0) { 893 int r2; 894 if((r2=SSL_get_error(data->ssl, r)) == SSL_ERROR_ZERO_RETURN) 895 log_err("SSL_write, peer closed connection"); 896 else 897 log_crypto_err_io("could not SSL_write", r2); 898 fd_set_nonblock(data->fd); 899 free(finishframe); 900 return 0; 901 } 902 #endif 903 } else { 904 if(send(data->fd, finishframe, len, 0) == -1) { 905 log_err("send failed: %s", sock_strerror(errno)); 906 fd_set_nonblock(data->fd); 907 free(finishframe); 908 return 0; 909 } 910 } 911 if(verbosity) log_info("sent control frame(finish)"); 912 913 fd_set_nonblock(data->fd); 914 free(finishframe); 915 return 1; 916 #else 917 log_err("no dnstap compiled, no reply"); 918 (void)data; 919 return 0; 920 #endif 921 } 922 923 #ifdef HAVE_SSL 924 /** check SSL peer certificate, return 0 on fail */ 925 static int tap_check_peer(struct tap_data* data) 926 { 927 if((SSL_get_verify_mode(data->ssl)&SSL_VERIFY_PEER)) { 928 /* verification */ 929 if(SSL_get_verify_result(data->ssl) == X509_V_OK) { 930 #ifdef HAVE_SSL_GET1_PEER_CERTIFICATE 931 X509* x = SSL_get1_peer_certificate(data->ssl); 932 #else 933 X509* x = SSL_get_peer_certificate(data->ssl); 934 #endif 935 if(!x) { 936 if(verbosity) log_info("SSL connection %s" 937 " failed no certificate", data->id); 938 return 0; 939 } 940 if(verbosity) 941 log_cert(VERB_ALGO, "peer certificate", x); 942 #ifdef HAVE_SSL_GET0_PEERNAME 943 if(SSL_get0_peername(data->ssl)) { 944 if(verbosity) log_info("SSL connection %s " 945 "to %s authenticated", data->id, 946 SSL_get0_peername(data->ssl)); 947 } else { 948 #endif 949 if(verbosity) log_info("SSL connection %s " 950 "authenticated", data->id); 951 #ifdef HAVE_SSL_GET0_PEERNAME 952 } 953 #endif 954 X509_free(x); 955 } else { 956 #ifdef HAVE_SSL_GET1_PEER_CERTIFICATE 957 X509* x = SSL_get1_peer_certificate(data->ssl); 958 #else 959 X509* x = SSL_get_peer_certificate(data->ssl); 960 #endif 961 if(x) { 962 if(verbosity) 963 log_cert(VERB_ALGO, "peer certificate", x); 964 X509_free(x); 965 } 966 if(verbosity) log_info("SSL connection %s failed: " 967 "failed to authenticate", data->id); 968 return 0; 969 } 970 } else { 971 /* unauthenticated, the verify peer flag was not set 972 * in ssl when the ssl object was created from ssl_ctx */ 973 if(verbosity) log_info("SSL connection %s", data->id); 974 } 975 return 1; 976 } 977 #endif /* HAVE_SSL */ 978 979 #ifdef HAVE_SSL 980 /** perform SSL handshake, return 0 to wait for events, 1 if done */ 981 static int tap_handshake(struct tap_data* data) 982 { 983 int r; 984 if(data->ssl_brief_write) { 985 /* write condition has been satisfied, back to reading */ 986 tap_disable_brief_write(data); 987 } 988 if(data->ssl_handshake_done) 989 return 1; 990 991 ERR_clear_error(); 992 r = SSL_do_handshake(data->ssl); 993 if(r != 1) { 994 int want = SSL_get_error(data->ssl, r); 995 if(want == SSL_ERROR_WANT_READ) { 996 return 0; 997 } else if(want == SSL_ERROR_WANT_WRITE) { 998 tap_enable_brief_write(data); 999 return 0; 1000 } else if(r == 0) { 1001 /* closed */ 1002 tap_data_free(data, 1); 1003 return 0; 1004 } else if(want == SSL_ERROR_SYSCALL) { 1005 /* SYSCALL and errno==0 means closed uncleanly */ 1006 int silent = 0; 1007 #ifdef EPIPE 1008 if(errno == EPIPE && verbosity < 2) 1009 silent = 1; /* silence 'broken pipe' */ 1010 #endif 1011 #ifdef ECONNRESET 1012 if(errno == ECONNRESET && verbosity < 2) 1013 silent = 1; /* silence reset by peer */ 1014 #endif 1015 if(errno == 0) 1016 silent = 1; 1017 if(!silent) 1018 log_err("SSL_handshake syscall: %s", 1019 strerror(errno)); 1020 tap_data_free(data, 1); 1021 return 0; 1022 } else { 1023 unsigned long err = ERR_get_error(); 1024 if(!squelch_err_ssl_handshake(err)) { 1025 log_crypto_err_code("ssl handshake failed", 1026 err); 1027 verbose(VERB_OPS, "ssl handshake failed " 1028 "from %s", data->id); 1029 } 1030 tap_data_free(data, 1); 1031 return 0; 1032 } 1033 } 1034 /* check peer verification */ 1035 data->ssl_handshake_done = 1; 1036 if(!tap_check_peer(data)) { 1037 /* closed */ 1038 tap_data_free(data, 1); 1039 return 0; 1040 } 1041 return 1; 1042 } 1043 #endif /* HAVE_SSL */ 1044 1045 /** callback for dnstap listener */ 1046 void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(bits), void* arg) 1047 { 1048 struct tap_data* data = (struct tap_data*)arg; 1049 if(verbosity>=3) log_info("tap callback"); 1050 #ifdef HAVE_SSL 1051 if(data->ssl && (!data->ssl_handshake_done || 1052 data->ssl_brief_write)) { 1053 if(!tap_handshake(data)) 1054 return; 1055 } 1056 #endif 1057 while(data->len_done < 4) { 1058 uint32_t l = (uint32_t)data->len; 1059 ssize_t ret = tap_receive(data, 1060 ((uint8_t*)&l)+data->len_done, 4-data->len_done); 1061 if(verbosity>=4) log_info("s recv %d", (int)ret); 1062 if(ret == 0) { 1063 /* closed or error */ 1064 tap_data_free(data, 1); 1065 return; 1066 } else if(ret == -1) { 1067 /* continue later */ 1068 return; 1069 } 1070 data->len_done += ret; 1071 data->len = (size_t)l; 1072 if(data->len_done < 4) 1073 return; /* continue later */ 1074 data->len = (size_t)(ntohl(l)); 1075 if(verbosity>=3) log_info("length is %d", (int)data->len); 1076 if(data->len == 0) { 1077 /* it is a control frame */ 1078 data->control_frame = 1; 1079 /* read controlframelen */ 1080 data->len_done = 0; 1081 } else { 1082 /* allocate frame size */ 1083 data->frame = calloc(1, data->len); 1084 if(!data->frame) { 1085 log_err("out of memory"); 1086 tap_data_free(data, 1); 1087 return; 1088 } 1089 } 1090 } 1091 1092 /* we want to read the full length now */ 1093 if(data->data_done < data->len) { 1094 ssize_t r = tap_receive(data, data->frame + data->data_done, 1095 data->len - data->data_done); 1096 if(verbosity>=4) log_info("f recv %d", (int)r); 1097 if(r == 0) { 1098 /* closed or error */ 1099 tap_data_free(data, 1); 1100 return; 1101 } else if(r == -1) { 1102 /* continue later */ 1103 return; 1104 } 1105 data->data_done += r; 1106 if(data->data_done < data->len) 1107 return; /* continue later */ 1108 } 1109 1110 /* we are done with a frame */ 1111 if(verbosity>=3) log_info("received %sframe len %d", 1112 (data->control_frame?"control ":""), (int)data->len); 1113 #ifdef USE_DNSTAP 1114 if(data->control_frame) 1115 log_control_frame(data->frame, data->len); 1116 else log_data_frame(data->frame, data->len); 1117 #endif 1118 1119 if(data->len >= 4 && sldns_read_uint32(data->frame) == 1120 FSTRM_CONTROL_FRAME_READY) { 1121 data->is_bidirectional = 1; 1122 if(verbosity) log_info("bidirectional stream"); 1123 if(!reply_with_accept(data)) { 1124 tap_data_free(data, 1); 1125 return; 1126 } 1127 } else if(data->len >= 4 && sldns_read_uint32(data->frame) == 1128 FSTRM_CONTROL_FRAME_STOP && data->is_bidirectional) { 1129 if(!reply_with_finish(data)) { 1130 tap_data_free(data, 1); 1131 return; 1132 } 1133 } 1134 1135 /* prepare for next frame */ 1136 free(data->frame); 1137 data->frame = NULL; 1138 data->control_frame = 0; 1139 data->len = 0; 1140 data->len_done = 0; 1141 data->data_done = 0; 1142 } 1143 1144 /** callback for main listening file descriptor */ 1145 void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg) 1146 { 1147 struct tap_socket* tap_sock = (struct tap_socket*)arg; 1148 struct main_tap_data* maindata = (struct main_tap_data*) 1149 tap_sock->data; 1150 struct tap_data* data; 1151 char* id = NULL; 1152 struct sockaddr_storage addr; 1153 socklen_t addrlen = (socklen_t)sizeof(addr); 1154 int s; 1155 memset(&addr, 0, sizeof(addr)); 1156 s = accept(fd, (struct sockaddr*)&addr, &addrlen); 1157 if(s == -1) { 1158 #ifndef USE_WINSOCK 1159 /* EINTR is signal interrupt. others are closed connection. */ 1160 if( errno == EINTR || errno == EAGAIN 1161 #ifdef EWOULDBLOCK 1162 || errno == EWOULDBLOCK 1163 #endif 1164 #ifdef ECONNABORTED 1165 || errno == ECONNABORTED 1166 #endif 1167 #ifdef EPROTO 1168 || errno == EPROTO 1169 #endif /* EPROTO */ 1170 ) 1171 return; 1172 #else /* USE_WINSOCK */ 1173 if(WSAGetLastError() == WSAEINPROGRESS || 1174 WSAGetLastError() == WSAECONNRESET) 1175 return; 1176 if(WSAGetLastError() == WSAEWOULDBLOCK) { 1177 ub_winsock_tcp_wouldblock(maindata->ev, UB_EV_READ); 1178 return; 1179 } 1180 #endif 1181 log_err_addr("accept failed", sock_strerror(errno), &addr, 1182 addrlen); 1183 return; 1184 } 1185 fd_set_nonblock(s); 1186 if(verbosity) { 1187 if(addr.ss_family == AF_LOCAL) { 1188 #ifdef HAVE_SYS_UN_H 1189 struct sockaddr_un* usock = calloc(1, sizeof(struct sockaddr_un) + 1); 1190 if(usock) { 1191 socklen_t ulen = sizeof(struct sockaddr_un); 1192 if(getsockname(fd, (struct sockaddr*)usock, &ulen) != -1) { 1193 log_info("accepted new dnstap client from %s", usock->sun_path); 1194 id = strdup(usock->sun_path); 1195 } else { 1196 log_info("accepted new dnstap client"); 1197 } 1198 free(usock); 1199 } else { 1200 log_info("accepted new dnstap client"); 1201 } 1202 #endif /* HAVE_SYS_UN_H */ 1203 } else if(addr.ss_family == AF_INET || 1204 addr.ss_family == AF_INET6) { 1205 char ip[256]; 1206 addr_to_str(&addr, addrlen, ip, sizeof(ip)); 1207 log_info("accepted new dnstap client from %s", ip); 1208 id = strdup(ip); 1209 } else { 1210 log_info("accepted new dnstap client"); 1211 } 1212 } 1213 1214 data = calloc(1, sizeof(*data)); 1215 if(!data) fatal_exit("out of memory"); 1216 data->fd = s; 1217 data->id = id; 1218 if(tap_sock->sslctx) { 1219 data->ssl = incoming_ssl_fd(tap_sock->sslctx, data->fd); 1220 if(!data->ssl) fatal_exit("could not SSL_new"); 1221 } 1222 data->ev = ub_event_new(maindata->base, s, UB_EV_READ | UB_EV_PERSIST, 1223 &dtio_tap_callback, data); 1224 if(!data->ev) fatal_exit("could not ub_event_new"); 1225 if(ub_event_add(data->ev, NULL) != 0) fatal_exit("could not ub_event_add"); 1226 if(!tap_data_list_insert(&tap_sock->data_list, data)) 1227 fatal_exit("could not tap_data_list_insert"); 1228 } 1229 1230 /** setup local accept sockets */ 1231 static void setup_local_list(struct main_tap_data* maindata, 1232 struct config_strlist_head* local_list) 1233 { 1234 struct config_strlist* item; 1235 for(item = local_list->first; item; item = item->next) { 1236 struct tap_socket* s; 1237 s = tap_socket_new_local(item->str, &dtio_mainfdcallback, 1238 maindata); 1239 if(!s) fatal_exit("out of memory"); 1240 if(!tap_socket_list_insert(&maindata->acceptlist, s)) 1241 fatal_exit("out of memory"); 1242 } 1243 } 1244 1245 /** setup tcp accept sockets */ 1246 static void setup_tcp_list(struct main_tap_data* maindata, 1247 struct config_strlist_head* tcp_list) 1248 { 1249 struct config_strlist* item; 1250 for(item = tcp_list->first; item; item = item->next) { 1251 struct tap_socket* s; 1252 s = tap_socket_new_tcpaccept(item->str, &dtio_mainfdcallback, 1253 maindata); 1254 if(!s) fatal_exit("out of memory"); 1255 if(!tap_socket_list_insert(&maindata->acceptlist, s)) 1256 fatal_exit("out of memory"); 1257 } 1258 } 1259 1260 /** setup tls accept sockets */ 1261 static void setup_tls_list(struct main_tap_data* maindata, 1262 struct config_strlist_head* tls_list, char* server_key, 1263 char* server_cert, char* verifypem) 1264 { 1265 struct config_strlist* item; 1266 for(item = tls_list->first; item; item = item->next) { 1267 struct tap_socket* s; 1268 s = tap_socket_new_tlsaccept(item->str, &dtio_mainfdcallback, 1269 maindata, server_key, server_cert, verifypem); 1270 if(!s) fatal_exit("out of memory"); 1271 if(!tap_socket_list_insert(&maindata->acceptlist, s)) 1272 fatal_exit("out of memory"); 1273 } 1274 } 1275 1276 /** signal variable */ 1277 static struct ub_event_base* sig_base = NULL; 1278 /** do we have to quit */ 1279 int sig_quit = 0; 1280 /** signal handler for user quit */ 1281 static RETSIGTYPE main_sigh(int sig) 1282 { 1283 if(!sig_quit) { 1284 char str[] = "exit on signal \n"; 1285 str[15] = '0' + (sig/10)%10; 1286 str[16] = '0' + sig%10; 1287 /* simple cast to void will not silence Wunused-result */ 1288 (void)!write(STDERR_FILENO, str, strlen(str)); 1289 } 1290 if(sig_base) { 1291 ub_event_base_loopexit(sig_base); 1292 sig_base = NULL; 1293 } 1294 sig_quit = 1; 1295 } 1296 1297 /** setup and run the server to listen to DNSTAP messages */ 1298 static void 1299 setup_and_run(struct config_strlist_head* local_list, 1300 struct config_strlist_head* tcp_list, 1301 struct config_strlist_head* tls_list, char* server_key, 1302 char* server_cert, char* verifypem) 1303 { 1304 time_t secs = 0; 1305 struct timeval now; 1306 struct main_tap_data* maindata; 1307 struct ub_event_base* base; 1308 const char *evnm="event", *evsys="", *evmethod=""; 1309 1310 maindata = calloc(1, sizeof(*maindata)); 1311 if(!maindata) fatal_exit("out of memory"); 1312 memset(&now, 0, sizeof(now)); 1313 base = ub_default_event_base(1, &secs, &now); 1314 if(!base) fatal_exit("could not create ub_event base"); 1315 maindata->base = base; 1316 sig_base = base; 1317 if(sig_quit) { 1318 ub_event_base_free(base); 1319 free(maindata); 1320 return; 1321 } 1322 ub_get_event_sys(base, &evnm, &evsys, &evmethod); 1323 if(verbosity) log_info("%s %s uses %s method", evnm, evsys, evmethod); 1324 1325 setup_local_list(maindata, local_list); 1326 setup_tcp_list(maindata, tcp_list); 1327 setup_tls_list(maindata, tls_list, server_key, server_cert, 1328 verifypem); 1329 if(!tap_socket_list_addevs(maindata->acceptlist, base)) 1330 fatal_exit("could not setup accept events"); 1331 if(verbosity) log_info("start of service"); 1332 1333 ub_event_base_dispatch(base); 1334 sig_base = NULL; 1335 1336 if(verbosity) log_info("end of service"); 1337 tap_socket_list_delete(maindata->acceptlist); 1338 ub_event_base_free(base); 1339 free(maindata); 1340 } 1341 1342 /* internal unit tests */ 1343 static int internal_unittest() 1344 { 1345 /* unit test tap_data_list_try_to_free_tail() */ 1346 #define unit_tap_datas_max 5 1347 struct tap_data* datas[unit_tap_datas_max]; 1348 struct tap_data_list* list; 1349 struct tap_socket* socket = calloc(1, sizeof(*socket)); 1350 size_t i = 0; 1351 log_assert(socket); 1352 log_assert(unit_tap_datas_max>2); /* needed for the test */ 1353 for(i=0; i<unit_tap_datas_max; i++) { 1354 datas[i] = calloc(1, sizeof(struct tap_data)); 1355 log_assert(datas[i]); 1356 log_assert(tap_data_list_insert(&socket->data_list, datas[i])); 1357 } 1358 /* sanity base check */ 1359 list = socket->data_list; 1360 for(i=0; list; i++) list = list->next; 1361 log_assert(i==unit_tap_datas_max); 1362 1363 /* Free the last data, tail cannot be erased */ 1364 list = socket->data_list; 1365 while(list->next) list = list->next; 1366 free(list->d); 1367 list->d = NULL; 1368 tap_data_list_try_to_free_tail(list); 1369 list = socket->data_list; 1370 for(i=0; list; i++) list = list->next; 1371 log_assert(i==unit_tap_datas_max); 1372 1373 /* Free the third to last data, tail cannot be erased */ 1374 list = socket->data_list; 1375 for(i=0; i<unit_tap_datas_max-3; i++) list = list->next; 1376 free(list->d); 1377 list->d = NULL; 1378 tap_data_list_try_to_free_tail(list); 1379 list = socket->data_list; 1380 for(i=0; list; i++) list = list->next; 1381 log_assert(i==unit_tap_datas_max); 1382 1383 /* Free the second to last data, try to remove tail from the third 1384 * again, tail (last 2) should be removed */ 1385 list = socket->data_list; 1386 for(i=0; i<unit_tap_datas_max-2; i++) list = list->next; 1387 free(list->d); 1388 list->d = NULL; 1389 list = socket->data_list; 1390 while(list->d) list = list->next; 1391 tap_data_list_try_to_free_tail(list); 1392 list = socket->data_list; 1393 for(i=0; list; i++) list = list->next; 1394 log_assert(i==unit_tap_datas_max-2); 1395 1396 /* Free all the remaining data, try to remove tail from the start, 1397 * only the start should remain */ 1398 list = socket->data_list; 1399 while(list) { 1400 free(list->d); 1401 list->d = NULL; 1402 list = list->next; 1403 } 1404 tap_data_list_try_to_free_tail(socket->data_list); 1405 list = socket->data_list; 1406 for(i=0; list; i++) list = list->next; 1407 log_assert(i==1); 1408 1409 /* clean up */ 1410 tap_data_list_delete(socket->data_list); 1411 free(socket); 1412 1413 /* Start again. Add two elements */ 1414 socket = calloc(1, sizeof(*socket)); 1415 log_assert(socket); 1416 for(i=0; i<2; i++) { 1417 datas[i] = calloc(1, sizeof(struct tap_data)); 1418 log_assert(datas[i]); 1419 log_assert(tap_data_list_insert(&socket->data_list, datas[i])); 1420 } 1421 /* sanity base check */ 1422 list = socket->data_list; 1423 for(i=0; list; i++) list = list->next; 1424 log_assert(i==2); 1425 1426 /* Free the last data, tail cannot be erased */ 1427 list = socket->data_list; 1428 while(list->next) list = list->next; 1429 free(list->d); 1430 list->d = NULL; 1431 tap_data_list_try_to_free_tail(list); 1432 list = socket->data_list; 1433 for(i=0; list; i++) list = list->next; 1434 log_assert(i==2); 1435 1436 /* clean up */ 1437 tap_data_list_delete(socket->data_list); 1438 free(socket); 1439 1440 if(log_get_lock()) { 1441 lock_basic_destroy((lock_basic_type*)log_get_lock()); 1442 } 1443 checklock_stop(); 1444 #ifdef USE_WINSOCK 1445 WSACleanup(); 1446 #endif 1447 return 0; 1448 } 1449 1450 /** getopt global, in case header files fail to declare it. */ 1451 extern int optind; 1452 /** getopt global, in case header files fail to declare it. */ 1453 extern char* optarg; 1454 1455 /** main program for streamtcp */ 1456 int main(int argc, char** argv) 1457 { 1458 int c; 1459 int usessl = 0; 1460 struct config_strlist_head local_list; 1461 struct config_strlist_head tcp_list; 1462 struct config_strlist_head tls_list; 1463 char* server_key = NULL, *server_cert = NULL, *verifypem = NULL; 1464 #ifdef USE_WINSOCK 1465 WSADATA wsa_data; 1466 if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) { 1467 printf("WSAStartup failed\n"); 1468 return 1; 1469 } 1470 #endif 1471 if(signal(SIGINT, main_sigh) == SIG_ERR || 1472 #ifdef SIGQUIT 1473 signal(SIGQUIT, main_sigh) == SIG_ERR || 1474 #endif 1475 #ifdef SIGHUP 1476 signal(SIGHUP, main_sigh) == SIG_ERR || 1477 #endif 1478 #ifdef SIGBREAK 1479 signal(SIGBREAK, main_sigh) == SIG_ERR || 1480 #endif 1481 signal(SIGTERM, main_sigh) == SIG_ERR) 1482 fatal_exit("could not bind to signal"); 1483 memset(&local_list, 0, sizeof(local_list)); 1484 memset(&tcp_list, 0, sizeof(tcp_list)); 1485 memset(&tls_list, 0, sizeof(tls_list)); 1486 1487 /* lock debug start (if any) */ 1488 checklock_start(); 1489 log_ident_set("unbound-dnstap-socket"); 1490 log_init(0, 0, 0); 1491 1492 #ifdef SIGPIPE 1493 if(signal(SIGPIPE, SIG_IGN) == SIG_ERR) { 1494 perror("could not install signal handler for SIGPIPE"); 1495 return 1; 1496 } 1497 #endif 1498 1499 /* command line options */ 1500 while( (c=getopt(argc, argv, "hcls:t:u:vx:y:z:")) != -1) { 1501 switch(c) { 1502 case 'u': 1503 if(!cfg_strlist_append(&local_list, 1504 strdup(optarg))) 1505 fatal_exit("out of memory"); 1506 break; 1507 case 's': 1508 if(!cfg_strlist_append(&tcp_list, 1509 strdup(optarg))) 1510 fatal_exit("out of memory"); 1511 break; 1512 case 't': 1513 if(!cfg_strlist_append(&tls_list, 1514 strdup(optarg))) 1515 fatal_exit("out of memory"); 1516 usessl = 1; 1517 break; 1518 case 'x': 1519 server_key = optarg; 1520 usessl = 1; 1521 break; 1522 case 'y': 1523 server_cert = optarg; 1524 usessl = 1; 1525 break; 1526 case 'z': 1527 verifypem = optarg; 1528 usessl = 1; 1529 break; 1530 case 'l': 1531 longformat = 1; 1532 break; 1533 case 'v': 1534 verbosity++; 1535 break; 1536 case 'c': 1537 #ifndef UNBOUND_DEBUG 1538 fatal_exit("-c option needs compilation with " 1539 "--enable-debug"); 1540 #endif 1541 return internal_unittest(); 1542 case 'h': 1543 case '?': 1544 default: 1545 usage(argv); 1546 } 1547 } 1548 /* argc -= optind; not using further arguments */ 1549 /* argv += optind; not using further arguments */ 1550 1551 if(usessl) { 1552 #ifdef HAVE_SSL 1553 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 1554 ERR_load_SSL_strings(); 1555 #endif 1556 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) 1557 # ifndef S_SPLINT_S 1558 OpenSSL_add_all_algorithms(); 1559 # endif 1560 #else 1561 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS 1562 | OPENSSL_INIT_ADD_ALL_DIGESTS 1563 | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); 1564 #endif 1565 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 1566 (void)SSL_library_init(); 1567 #else 1568 (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); 1569 #endif 1570 #endif /* HAVE_SSL */ 1571 } 1572 setup_and_run(&local_list, &tcp_list, &tls_list, server_key, 1573 server_cert, verifypem); 1574 config_delstrlist(local_list.first); 1575 config_delstrlist(tcp_list.first); 1576 config_delstrlist(tls_list.first); 1577 1578 if(log_get_lock()) { 1579 lock_basic_destroy((lock_basic_type*)log_get_lock()); 1580 } 1581 checklock_stop(); 1582 #ifdef USE_WINSOCK 1583 WSACleanup(); 1584 #endif 1585 return 0; 1586 } 1587 1588 /***--- definitions to make fptr_wlist work. ---***/ 1589 /* These are callbacks, similar to smallapp callbacks, except the debug 1590 * tool callbacks are not in it */ 1591 struct tube; 1592 struct query_info; 1593 #include "util/data/packed_rrset.h" 1594 #include "daemon/worker.h" 1595 #include "daemon/remote.h" 1596 #include "util/fptr_wlist.h" 1597 #include "libunbound/context.h" 1598 1599 void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), 1600 uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), 1601 int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) 1602 { 1603 log_assert(0); 1604 } 1605 1606 int worker_handle_request(struct comm_point* ATTR_UNUSED(c), 1607 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1608 struct comm_reply* ATTR_UNUSED(repinfo)) 1609 { 1610 log_assert(0); 1611 return 0; 1612 } 1613 1614 int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), 1615 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1616 struct comm_reply* ATTR_UNUSED(reply_info)) 1617 { 1618 log_assert(0); 1619 return 0; 1620 } 1621 1622 int remote_accept_callback(struct comm_point* ATTR_UNUSED(c), 1623 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1624 struct comm_reply* ATTR_UNUSED(repinfo)) 1625 { 1626 log_assert(0); 1627 return 0; 1628 } 1629 1630 int remote_control_callback(struct comm_point* ATTR_UNUSED(c), 1631 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1632 struct comm_reply* ATTR_UNUSED(repinfo)) 1633 { 1634 log_assert(0); 1635 return 0; 1636 } 1637 1638 void worker_sighandler(int ATTR_UNUSED(sig), void* ATTR_UNUSED(arg)) 1639 { 1640 log_assert(0); 1641 } 1642 1643 struct outbound_entry* worker_send_query( 1644 struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), 1645 int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), 1646 int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit), 1647 struct sockaddr_storage* ATTR_UNUSED(addr), 1648 socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), 1649 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream), 1650 int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name), 1651 struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited)) 1652 { 1653 log_assert(0); 1654 return 0; 1655 } 1656 1657 #ifdef UB_ON_WINDOWS 1658 void 1659 worker_win_stop_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), void* 1660 ATTR_UNUSED(arg)) { 1661 log_assert(0); 1662 } 1663 1664 void 1665 wsvc_cron_cb(void* ATTR_UNUSED(arg)) 1666 { 1667 log_assert(0); 1668 } 1669 #endif /* UB_ON_WINDOWS */ 1670 1671 void 1672 worker_alloc_cleanup(void* ATTR_UNUSED(arg)) 1673 { 1674 log_assert(0); 1675 } 1676 1677 struct outbound_entry* libworker_send_query( 1678 struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), 1679 int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), 1680 int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit), 1681 struct sockaddr_storage* ATTR_UNUSED(addr), 1682 socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), 1683 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream), 1684 int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name), 1685 struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited)) 1686 { 1687 log_assert(0); 1688 return 0; 1689 } 1690 1691 int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), 1692 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), 1693 struct comm_reply* ATTR_UNUSED(reply_info)) 1694 { 1695 log_assert(0); 1696 return 0; 1697 } 1698 1699 void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), 1700 uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), 1701 int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) 1702 { 1703 log_assert(0); 1704 } 1705 1706 void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 1707 struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), 1708 char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) 1709 { 1710 log_assert(0); 1711 } 1712 1713 void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 1714 struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), 1715 char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) 1716 { 1717 log_assert(0); 1718 } 1719 1720 void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 1721 struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), 1722 char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) 1723 { 1724 log_assert(0); 1725 } 1726 1727 int context_query_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) 1728 { 1729 log_assert(0); 1730 return 0; 1731 } 1732 1733 void worker_stat_timer_cb(void* ATTR_UNUSED(arg)) 1734 { 1735 log_assert(0); 1736 } 1737 1738 void worker_probe_timer_cb(void* ATTR_UNUSED(arg)) 1739 { 1740 log_assert(0); 1741 } 1742 1743 void worker_start_accept(void* ATTR_UNUSED(arg)) 1744 { 1745 log_assert(0); 1746 } 1747 1748 void worker_stop_accept(void* ATTR_UNUSED(arg)) 1749 { 1750 log_assert(0); 1751 } 1752 1753 /** keep track of lock id in lock-verify application */ 1754 struct order_id { 1755 /** the thread id that created it */ 1756 int thr; 1757 /** the instance number of creation */ 1758 int instance; 1759 }; 1760 1761 int order_lock_cmp(const void* e1, const void* e2) 1762 { 1763 const struct order_id* o1 = e1; 1764 const struct order_id* o2 = e2; 1765 if(o1->thr < o2->thr) return -1; 1766 if(o1->thr > o2->thr) return 1; 1767 if(o1->instance < o2->instance) return -1; 1768 if(o1->instance > o2->instance) return 1; 1769 return 0; 1770 } 1771 1772 int 1773 codeline_cmp(const void* a, const void* b) 1774 { 1775 return strcmp(a, b); 1776 } 1777 1778 int replay_var_compare(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) 1779 { 1780 log_assert(0); 1781 return 0; 1782 } 1783 1784 void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg)) 1785 { 1786 log_assert(0); 1787 } 1788 1789 #ifdef HAVE_NGTCP2 1790 void doq_client_event_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), 1791 void* ATTR_UNUSED(arg)) 1792 { 1793 log_assert(0); 1794 } 1795 #endif 1796 1797 #ifdef HAVE_NGTCP2 1798 void doq_client_timer_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), 1799 void* ATTR_UNUSED(arg)) 1800 { 1801 log_assert(0); 1802 } 1803 #endif 1804