OpenDNSSEC-signer  1.4.1
xfrd.c
Go to the documentation of this file.
1 /*
2  * $Id: xfrd.c 4958 2011-04-18 07:11:09Z matthijs $
3  *
4  * Copyright (c) 2011 NLNet Labs. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  */
28 
34 #include "config.h"
35 #include "daemon/engine.h"
36 #include "daemon/xfrhandler.h"
37 #include "shared/duration.h"
38 #include "shared/file.h"
39 #include "shared/log.h"
40 #include "shared/status.h"
41 #include "shared/util.h"
42 #include "signer/domain.h"
43 #include "signer/zone.h"
44 #include "wire/tcpset.h"
45 #include "wire/xfrd.h"
46 
47 #include <unistd.h>
48 #include <fcntl.h>
49 
50 #define XFRD_TSIG_MAX_UNSIGNED 100
51 
52 static const char* xfrd_str = "xfrd";
53 
54 static void xfrd_handle_zone(netio_type* netio,
55  netio_handler_type* handler, netio_events_type event_types);
56 static void xfrd_make_request(xfrd_type* xfrd);
57 
58 static socklen_t xfrd_acl_sockaddr(acl_type* acl, unsigned int port,
59  struct sockaddr_storage *sck);
60 
61 static void xfrd_write_soa(xfrd_type* xfrd, buffer_type* buffer);
62 static int xfrd_parse_soa(xfrd_type* xfrd, buffer_type* buffer,
63  unsigned rdata_only, unsigned update, uint32_t t,
64  uint32_t* serial);
65 static ods_status xfrd_parse_rrs(xfrd_type* xfrd, buffer_type* buffer,
66  uint16_t count, int* done);
67 static xfrd_pkt_status xfrd_parse_packet(xfrd_type* xfrd,
68  buffer_type* buffer);
69 static xfrd_pkt_status xfrd_handle_packet(xfrd_type* xfrd,
70  buffer_type* buffer);
71 
72 static void xfrd_tcp_obtain(xfrd_type* xfrd, tcp_set_type* set);
73 static void xfrd_tcp_read(xfrd_type* xfrd, tcp_set_type* set);
74 static void xfrd_tcp_release(xfrd_type* xfrd, tcp_set_type* set);
75 static void xfrd_tcp_write(xfrd_type* xfrd, tcp_set_type* set);
76 static void xfrd_tcp_xfr(xfrd_type* xfrd, tcp_set_type* set);
77 static int xfrd_tcp_open(xfrd_type* xfrd, tcp_set_type* set);
78 
79 static void xfrd_udp_obtain(xfrd_type* xfrd);
80 static void xfrd_udp_read(xfrd_type* xfrd);
81 static void xfrd_udp_release(xfrd_type* xfrd);
82 static int xfrd_udp_read_packet(xfrd_type* xfrd);
83 static int xfrd_udp_send(xfrd_type* xfrd, buffer_type* buffer);
84 static int xfrd_udp_send_request_ixfr(xfrd_type* xfrd);
85 
86 static time_t xfrd_time(xfrd_type* xfrd);
87 static void xfrd_set_timer(xfrd_type* xfrd, time_t t);
88 static void xfrd_set_timer_time(xfrd_type* xfrd, time_t t);
89 static void xfrd_unset_timer(xfrd_type* xfrd);
90 
91 
96 xfrd_type*
97 xfrd_create(void* xfrhandler, void* zone)
98 {
99  xfrd_type* xfrd = NULL;
100  allocator_type* allocator = NULL;
101  if (!xfrhandler || !zone) {
102  return NULL;
103  }
104  allocator = allocator_create(malloc, free);
105  if (!allocator) {
106  ods_log_error("[%s] unable to create zone xfr structure: "
107  "allocator_create() failed", xfrd_str);
108  return NULL;
109  }
110  xfrd = (xfrd_type*) allocator_alloc(allocator, sizeof(xfrd_type));
111  if (!xfrd) {
112  ods_log_error("[%s] unable to create zone xfr structure: "
113  " allocator_alloc() failed", xfrd_str);
114  allocator_cleanup(allocator);
115  return NULL;
116  }
118  lock_basic_init(&xfrd->rw_lock);
119 
120  xfrd->allocator = allocator;
121  xfrd->xfrhandler = xfrhandler;
122  xfrd->zone = zone;
123  xfrd->tcp_conn = -1;
124  xfrd->round_num = -1;
125  xfrd->master_num = 0;
126  xfrd->next_master = -1;
127  xfrd->master = NULL;
129  xfrd->serial_xfr = 0;
130  xfrd->serial_disk = 0;
131  xfrd->serial_notify = 0;
132  xfrd->serial_xfr_acquired = 0;
133  xfrd->serial_disk_acquired = 0;
134  xfrd->serial_notify_acquired = 0;
136  xfrd->query_id = 0;
137  xfrd->msg_seq_nr = 0;
138  xfrd->msg_rr_count = 0;
139  xfrd->msg_old_serial = 0;
140  xfrd->msg_new_serial = 0;
141  xfrd->msg_is_ixfr = 0;
142  xfrd->udp_waiting = 0;
143  xfrd->udp_waiting_next = NULL;
144  xfrd->tcp_waiting = 0;
145  xfrd->tcp_waiting_next = NULL;
146  xfrd->tsig_rr = tsig_rr_create(allocator);
147  if (!xfrd->tsig_rr) {
148  xfrd_cleanup(xfrd);
149  return NULL;
150  }
151  xfrd->soa.ttl = 0;
152  xfrd->soa.mname[0] = 1;
153  xfrd->soa.rname[0] = 1;
154  xfrd->soa.serial = 0;
155  xfrd->soa.refresh = 3600;
156  xfrd->soa.retry = 300;
157  xfrd->soa.expire = 604800;
158  xfrd->soa.minimum = 3600;
159  xfrd->handler.fd = -1;
160  xfrd->handler.user_data = (void*) xfrd;
161  xfrd->handler.timeout = 0;
162  xfrd->handler.event_types =
164  xfrd->handler.event_handler = xfrd_handle_zone;
165  xfrd_set_timer_time(xfrd, 0);
166  return xfrd;
167 }
168 
169 
174 static time_t
175 xfrd_time(xfrd_type* xfrd)
176 {
177  ods_log_assert(xfrd);
178  ods_log_assert(xfrd->xfrhandler);
179  return xfrhandler_time((xfrhandler_type*) xfrd->xfrhandler);
180 }
181 
182 
187 static void
188 xfrd_set_timer(xfrd_type* xfrd, time_t t)
189 {
190  if (!xfrd || !xfrd->xfrhandler) {
191  return;
192  }
197  if(t > xfrd_time(xfrd) + 10) {
198  time_t extra = t - xfrd_time(xfrd);
199  time_t base = extra*9/10;
200  t = xfrd_time(xfrd) + base +
201  random()%(extra-base);
202  }
203  xfrd->handler.timeout = &xfrd->timeout;
204  xfrd->timeout.tv_sec = t;
205  xfrd->timeout.tv_nsec = 0;
206  return;
207 }
208 
209 
214 static void
215 xfrd_unset_timer(xfrd_type* xfrd)
216 {
217  ods_log_assert(xfrd);
218  xfrd->handler.timeout = NULL;
219  return;
220 }
221 
222 
227 static void
228 xfrd_set_timer_time(xfrd_type* xfrd, time_t t)
229 {
230  ods_log_assert(xfrd);
231  xfrd_set_timer(xfrd, xfrd_time(xfrd) + t);
232  return;
233 }
234 
235 
240 void
242 {
243  zone_type* zone = NULL;
244  if (!xfrd || !xfrd->zone || !xfrd->xfrhandler) {
245  return;
246  }
247  zone = (zone_type*) xfrd->zone;
248  ods_log_debug("[%s] zone %s sets timer timeout now", xfrd_str,
249  zone->name);
250  xfrd_set_timer_time(xfrd, 0);
251  return;
252 }
253 
254 
259 void
261 {
262  zone_type* zone = NULL;
263  if (!xfrd || !xfrd->zone || !xfrd->xfrhandler) {
264  return;
265  }
266  zone = (zone_type*) xfrd->zone;
267  ods_log_debug("[%s] zone %s sets timer timeout retry %u", xfrd_str,
268  zone->name, (unsigned) xfrd->soa.retry);
269  xfrd_set_timer_time(xfrd, xfrd->soa.retry);
270  return;
271 }
272 
273 
278 void
280 {
281  zone_type* zone = NULL;
282  if (!xfrd || !xfrd->zone || !xfrd->xfrhandler) {
283  return;
284  }
285  zone = (zone_type*) xfrd->zone;
286  ods_log_debug("[%s] zone %s sets timer timeout refresh %u", xfrd_str,
287  zone->name, (unsigned) xfrd->soa.refresh);
288  xfrd_set_timer_time(xfrd, xfrd->soa.refresh);
289  return;
290 }
291 
292 
297 static socklen_t
298 xfrd_acl_sockaddr(acl_type* acl, unsigned int port,
299  struct sockaddr_storage *sck)
300 {
301  ods_log_assert(acl);
302  ods_log_assert(sck);
303  ods_log_assert(port);
304  memset(sck, 0, sizeof(struct sockaddr_storage));
305  if (acl->family == AF_INET6) {
306  struct sockaddr_in6* sa = (struct sockaddr_in6*)sck;
307  sa->sin6_family = AF_INET6;
308  sa->sin6_port = htons(port);
309  sa->sin6_addr = acl->addr.addr6;
310  return sizeof(struct sockaddr_in6);
311  } else {
312  struct sockaddr_in* sa = (struct sockaddr_in*)sck;
313  sa->sin_family = AF_INET;
314  sa->sin_port = htons(port);
315  sa->sin_addr = acl->addr.addr;
316  return sizeof(struct sockaddr_in);
317  }
318  return 0;
319 }
320 
321 
326 socklen_t
327 xfrd_acl_sockaddr_to(acl_type* acl, struct sockaddr_storage *to)
328 {
329  unsigned int port = 0;
330  if (!acl || !to) {
331  return 0;
332  }
333  port = acl->port ? acl->port : (unsigned) atoi(DNS_PORT_STRING);
334  return xfrd_acl_sockaddr(acl, port, to);
335 }
336 
337 
342 static void
343 xfrd_tsig_sign(xfrd_type* xfrd, buffer_type* buffer)
344 {
345  tsig_algo_type* algo = NULL;
346  if (!xfrd || !xfrd->tsig_rr || !xfrd->master || !xfrd->master->tsig ||
347  !xfrd->master->tsig->key || !buffer) {
348  return; /* no tsig configured */
349  }
350  algo = tsig_lookup_algo(xfrd->master->tsig->algorithm);
351  if (!algo) {
352  ods_log_error("[%s] unable to sign request: tsig unknown algorithm "
353  "%s", xfrd_str, xfrd->master->tsig->algorithm);
354  return;
355  }
356  ods_log_assert(algo);
357  tsig_rr_reset(xfrd->tsig_rr, algo, xfrd->master->tsig->key);
358  xfrd->tsig_rr->original_query_id = buffer_pkt_id(buffer);
359  xfrd->tsig_rr->algo_name = ldns_rdf_clone(xfrd->tsig_rr->algo->wf_name);
360  xfrd->tsig_rr->key_name = ldns_rdf_clone(xfrd->tsig_rr->key->dname);
361  log_dname(xfrd->tsig_rr->key_name, "tsig sign query with key ", LOG_DEBUG);
362  log_dname(xfrd->tsig_rr->algo_name, "tsig sign query with algorithm ",
363  LOG_DEBUG);
364  tsig_rr_prepare(xfrd->tsig_rr);
365  tsig_rr_update(xfrd->tsig_rr, buffer, buffer_position(buffer));
366  tsig_rr_sign(xfrd->tsig_rr);
367  ods_log_debug("[%s] tsig append rr to request id=%u", xfrd_str,
368  buffer_pkt_id(buffer));
369  tsig_rr_append(xfrd->tsig_rr, buffer);
370  buffer_pkt_set_arcount(buffer, buffer_pkt_arcount(buffer)+1);
371  tsig_rr_prepare(xfrd->tsig_rr);
372  return;
373 }
374 
375 
380 static int
381 xfrd_tsig_process(xfrd_type* xfrd, buffer_type* buffer)
382 {
383  zone_type* zone = NULL;
384  int have_tsig = 0;
385  if (!xfrd || !xfrd->tsig_rr || !xfrd->master || !xfrd->master->tsig ||
386  !xfrd->master->tsig->key || !buffer) {
387  return 1; /* no tsig configured */
388  }
389  zone = (zone_type*) xfrd->zone;
390  ods_log_assert(zone);
391  ods_log_assert(zone->name);
392  ods_log_assert(xfrd->master->address);
393  if (!tsig_rr_find(xfrd->tsig_rr, buffer)) {
394  ods_log_error("[%s] unable to process tsig: xfr zone %s from %s "
395  "has malformed tsig rr", xfrd_str, zone->name,
396  xfrd->master->address);
397  return 0;
398  }
399  if (xfrd->tsig_rr->status == TSIG_OK) {
400  have_tsig = 1;
401  if (xfrd->tsig_rr->error_code != LDNS_RCODE_NOERROR) {
402  ods_log_error("[%s] zone %s, from %s has tsig error (%s)",
403  xfrd_str, zone->name, xfrd->master->address,
405  }
406  /* strip the TSIG resource record off... */
407  buffer_set_limit(buffer, xfrd->tsig_rr->position);
408  buffer_pkt_set_arcount(buffer, buffer_pkt_arcount(buffer)-1);
409  }
410  /* keep running the TSIG hash */
411  tsig_rr_update(xfrd->tsig_rr, buffer, buffer_limit(buffer));
412  if (have_tsig) {
413  if (!tsig_rr_verify(xfrd->tsig_rr)) {
414  ods_log_error("[%s] unable to process tsig: xfr zone %s from %s "
415  "has bad tsig signature", xfrd_str, zone->name,
416  xfrd->master->address);
417  return 0;
418  }
419  /* prepare for next tsigs */
420  tsig_rr_prepare(xfrd->tsig_rr);
421  } else if (xfrd->tsig_rr->update_since_last_prepare >
423  /* we allow a number of non-tsig signed packets */
424  ods_log_error("[%s] unable to process tsig: xfr zone %s, from %s "
425  "has too many consecutive packets without tsig", xfrd_str,
426  zone->name, xfrd->master->address);
427  return 0;
428  }
429  if (!have_tsig && xfrd->msg_seq_nr == 0) {
430  ods_log_error("[%s] unable to process tsig: xfr zone %s from %s "
431  "has no tsig in first packet of reply", xfrd_str,
432  zone->name, xfrd->master->address);
433  return 0;
434  }
435  /* process TSIG ok */
436  return 1;
437 }
438 
439 
444 static void
445 xfrd_commit_packet(xfrd_type* xfrd)
446 {
447  zone_type* zone = NULL;
448  char* xfrfile = NULL;
449  FILE* fd = NULL;
450  ods_log_assert(xfrd);
451  zone = (zone_type*) xfrd->zone;
452  xfrfile = ods_build_path(zone->name, ".xfrd", 0, 1);
453  if (!xfrfile) {
454  ods_log_crit("[%s] unable to commit xfr zone %s: build path failed",
455  xfrd_str, zone->name);
456  return;
457  }
458  ods_log_assert(zone);
459  ods_log_assert(zone->name);
460  lock_basic_lock(&zone->zone_lock);
461  lock_basic_lock(&xfrd->rw_lock);
463  /* mark end packet */
464  fd = ods_fopen(xfrfile, NULL, "a");
465  free((void*)xfrfile);
466  if (fd) {
467  fprintf(fd, ";;ENDPACKET\n");
468  ods_fclose(fd);
469  } else {
471  lock_basic_unlock(&xfrd->rw_lock);
473  ods_log_crit("[%s] unable to commit xfr zone %s: ods_fopen() failed "
474  "(%s)", xfrd_str, zone->name, strerror(errno));
475  return;
476  }
477  /* update soa serial management */
478  xfrd->serial_disk = xfrd->msg_new_serial;
479  xfrd->serial_disk_acquired = xfrd_time(xfrd);
480  xfrd->soa.serial = xfrd->serial_disk;
481  if (util_serial_gt(xfrd->serial_disk, xfrd->serial_xfr) &&
483  /* reschedule task */
484  int ret = 0;
485  xfrhandler_type* xfrhandler = (xfrhandler_type*) xfrd->xfrhandler;
486  engine_type* engine = (engine_type*) xfrhandler->engine;
487  ods_log_assert(xfrhandler);
488  ods_log_assert(engine);
489  ods_log_debug("[%s] reschedule task for zone %s: disk serial=%u "
490  "acquired=%u, memory serial=%u acquired=%u", xfrd_str,
491  zone->name, xfrd->serial_disk,
492  xfrd->serial_disk_acquired, xfrd->serial_xfr,
493  xfrd->serial_xfr_acquired);
494  ret = zone_reschedule_task(zone, engine->taskq, TASK_READ);
495  if (ret != ODS_STATUS_OK) {
496  ods_log_crit("[%s] unable to reschedule task for zone %s: %s",
497  xfrd_str, zone->name, ods_status2str(ret));
498  } else {
499  engine_wakeup_workers(engine);
500  }
501  }
503  lock_basic_unlock(&xfrd->rw_lock);
505  return;
506 }
507 
508 
513 static void
514 xfrd_dump_packet(xfrd_type* xfrd, buffer_type* buffer)
515 {
516  zone_type* zone = NULL;
517  char* xfrfile = NULL;
518  FILE* fd = NULL;
519  ldns_pkt* pkt = NULL;
520  ldns_status status = LDNS_STATUS_OK;
521  ods_log_assert(buffer);
522  ods_log_assert(xfrd);
523  zone = (zone_type*) xfrd->zone;
524  ods_log_assert(zone);
525  ods_log_assert(zone->name);
526  status = ldns_wire2pkt(&pkt, buffer_begin(buffer), buffer_limit(buffer));
527  if (status != LDNS_STATUS_OK) {
528  ods_log_crit("[%s] unable to dump packet zone %s: ldns_wire2pkt() "
529  "failed (%s)", xfrd_str, zone->name,
530  ldns_get_errorstr_by_id(status));
531  return;
532  }
533  ods_log_assert(pkt);
534  xfrfile = ods_build_path(zone->name, ".xfrd", 0, 1);
535  if (!xfrfile) {
536  ods_log_crit("[%s] unable to dump packet zone %s: build path failed",
537  xfrd_str, zone->name);
538  return;
539  }
540  lock_basic_lock(&xfrd->rw_lock);
543 
544  fd = ods_fopen(xfrfile, NULL, "a");
545  free((void*) xfrfile);
546  if (!fd) {
547  ods_log_crit("[%s] unable to dump packet zone %s: ods_fopen() failed "
548  "(%s)", xfrd_str, zone->name, strerror(errno));
549  lock_basic_unlock(&xfrd->rw_lock);
550  return;
551  }
552  ods_log_assert(fd);
553  if (xfrd->msg_seq_nr == 0) {
554  fprintf(fd, ";;BEGINPACKET\n");
555  }
556  ldns_rr_list_print(fd, ldns_pkt_answer(pkt));
557  ods_fclose(fd);
558  lock_basic_unlock(&xfrd->rw_lock);
559  ldns_pkt_free(pkt);
560  return;
561 }
562 
563 
568 static void
569 xfrd_write_soa(xfrd_type* xfrd, buffer_type* buffer)
570 {
571  zone_type* zone = NULL;
572  size_t rdlength_pos = 0;
573  uint16_t rdlength = 0;
574  ods_log_assert(xfrd);
575  ods_log_assert(buffer);
576  zone = (zone_type*) xfrd->zone;
577  ods_log_assert(zone);
578  ods_log_assert(zone->apex);
579  buffer_write_rdf(buffer, zone->apex);
580  buffer_write_u16(buffer, (uint16_t) LDNS_RR_TYPE_SOA);
581  buffer_write_u16(buffer, (uint16_t) zone->klass);
582  buffer_write_u32(buffer, xfrd->soa.ttl);
583  rdlength_pos = buffer_position(buffer);
584  buffer_skip(buffer, sizeof(rdlength));
585  buffer_write(buffer, xfrd->soa.mname+1, xfrd->soa.mname[0]);
586  buffer_write(buffer, xfrd->soa.rname+1, xfrd->soa.rname[0]);
587  buffer_write_u32(buffer, xfrd->soa.serial);
588  buffer_write_u32(buffer, xfrd->soa.refresh);
589  buffer_write_u32(buffer, xfrd->soa.retry);
590  buffer_write_u32(buffer, xfrd->soa.expire);
591  buffer_write_u32(buffer, xfrd->soa.minimum);
592  rdlength = buffer_position(buffer) - rdlength_pos - sizeof(rdlength);
593  buffer_write_u16_at(buffer, rdlength_pos, rdlength);
594  return;
595 }
596 
597 
602 static void
603 xfrd_update_soa(xfrd_type* xfrd, buffer_type* buffer, uint32_t ttl,
604  uint16_t mname_pos, uint16_t rname_pos,
605  uint32_t refresh, uint32_t retry, uint32_t expire, uint32_t minimum)
606 {
607  zone_type* zone = NULL;
608  ods_log_assert(xfrd);
609  ods_log_assert(buffer);
610  zone = (zone_type*) xfrd->zone;
611  ods_log_assert(zone);
612  ods_log_assert(zone->apex);
613  xfrd->soa.ttl = ttl;
614  xfrd->soa.refresh = refresh;
615  xfrd->soa.retry = retry;
616  xfrd->soa.expire = expire;
617  xfrd->soa.minimum = minimum;
618  buffer_set_position(buffer, mname_pos);
619  if (!(xfrd->soa.mname[0] =
620  buffer_read_dname(buffer, xfrd->soa.mname+1, 1))) {
621  xfrd->soa.mname[0] = 1;
622  xfrd->soa.mname[1] = 0;
623  }
624  buffer_set_position(buffer, rname_pos);
625  if (!(xfrd->soa.rname[0] =
626  buffer_read_dname(buffer, xfrd->soa.rname+1, 1))) {
627  xfrd->soa.rname[0] = 1;
628  xfrd->soa.rname[1] = 0;
629  }
630  return;
631 }
632 
633 
638 static int
639 xfrd_parse_soa(xfrd_type* xfrd, buffer_type* buffer, unsigned rdata_only,
640  unsigned update, uint32_t t, uint32_t* soa_serial)
641 {
642  ldns_rr_type type = LDNS_RR_TYPE_SOA;
643  uint16_t mname_pos = 0;
644  uint16_t rname_pos = 0;
645  uint16_t pos = 0;
646  uint32_t serial = 0;
647  uint32_t refresh = 0;
648  uint32_t retry = 0;
649  uint32_t expire = 0;
650  uint32_t minimum = 0;
651  uint32_t ttl = t;
652  ods_log_assert(xfrd);
653  ods_log_assert(buffer);
654 
655  /* type class ttl */
656  if (!rdata_only) {
657  if (!buffer_available(buffer, 10)) {
658  ods_log_debug("[%s] unable to parse soa: rr too short",
659  xfrd_str);
660  return 0;
661  }
662  type = (ldns_rr_type) buffer_read_u16(buffer);
663  if (type != LDNS_RR_TYPE_SOA) {
664  ods_log_debug("[%s] unable to parse soa: rrtype %u != soa",
665  xfrd_str, (unsigned) type);
666  return 0;
667  }
668  (void)buffer_read_u16(buffer); /* class */
669  ttl = buffer_read_u32(buffer);
670  /* rdata length */
671  if (!buffer_available(buffer, buffer_read_u16(buffer))) {
672  ods_log_debug("[%s] unable to parse soa: rdata too short",
673  xfrd_str);
674  return 0;
675  }
676  }
677  /* MNAME */
678  mname_pos = buffer_position(buffer);
679  if (!buffer_skip_dname(buffer)) {
680  ods_log_debug("[%s] unable to parse soa: bad mname",
681  xfrd_str);
682  return 0;
683  }
684  /* RNAME */
685  rname_pos = buffer_position(buffer);
686  if (!buffer_skip_dname(buffer)) {
687  ods_log_debug("[%s] unable to parse soa: bad rname",
688  xfrd_str);
689  return 0;
690  }
691  serial = buffer_read_u32(buffer);
692  refresh = buffer_read_u32(buffer);
693  retry = buffer_read_u32(buffer);
694  expire = buffer_read_u32(buffer);
695  minimum = buffer_read_u32(buffer);
696  pos = buffer_position(buffer);
697  if (soa_serial) {
698  *soa_serial = serial;
699  }
700  if (update) {
701  xfrd_update_soa(xfrd, buffer, ttl, mname_pos, rname_pos,
702  refresh, retry, expire, minimum);
703  }
704  buffer_set_position(buffer, pos);
705  return 1;
706 }
707 
708 
713 static ods_status
714 xfrd_parse_rrs(xfrd_type* xfrd, buffer_type* buffer, uint16_t count,
715  int* done)
716 {
717  ldns_rr_type type = 0;
718  uint16_t rrlen = 0;
719  uint32_t ttl = 0;
720  uint32_t serial = 0;
721  size_t i = 0;
722  ods_log_assert(xfrd);
723  ods_log_assert(buffer);
724  ods_log_assert(done);
725  for (i=0; i < count; ++i, ++xfrd->msg_rr_count) {
726  if (!buffer_skip_dname(buffer)) {
727  return ODS_STATUS_SKIPDNAME;
728  }
729  if (!buffer_available(buffer, 10)) {
730  return ODS_STATUS_BUFAVAIL;
731  }
732  (void)buffer_position(buffer);
733  type = (ldns_rr_type) buffer_read_u16(buffer);
734  (void)buffer_read_u16(buffer); /* class */
735  ttl = buffer_read_u32(buffer);
736  rrlen = buffer_read_u16(buffer);
737  if (!buffer_available(buffer, rrlen)) {
738  return ODS_STATUS_BUFAVAIL;
739  }
740  if (type == LDNS_RR_TYPE_SOA) {
741  if (!xfrd_parse_soa(xfrd, buffer, 1, 0, ttl, &serial)) {
742  return ODS_STATUS_PARSESOA;
743  }
744  if (xfrd->msg_rr_count == 1 && serial != xfrd->msg_new_serial) {
745  /* 2nd RR is SOA with different serial, this is an IXFR */
746  xfrd->msg_is_ixfr = 1;
748  if (!xfrd->serial_disk_acquired) {
750  /* got IXFR but need AXFR */
751  return ODS_STATUS_REQAXFR;
752  }
753  if (serial != xfrd->serial_disk) {
755  /* bad start serial in IXFR */
756  return ODS_STATUS_INSERIAL;
757  }
759  xfrd->msg_old_serial = serial;
760  } else if (serial == xfrd->msg_new_serial) {
761  /* saw another SOA of new serial. */
762  if (xfrd->msg_is_ixfr == 1) {
763  xfrd->msg_is_ixfr = 2; /* seen middle SOA in ixfr */
764  } else {
765  *done = 1; /* final axfr/ixfr soa */
766  }
767  }
768  } else {
769  buffer_skip(buffer, rrlen);
770  }
771  }
772  return ODS_STATUS_OK;
773 }
774 
775 
780 static xfrd_pkt_status
781 xfrd_parse_packet(xfrd_type* xfrd, buffer_type* buffer)
782 {
783  zone_type* zone = NULL;
784  uint16_t qdcount = 0;
785  uint16_t ancount = 0;
786  uint16_t ancount_todo = 0;
787  uint16_t rrcount = 0;
788  uint32_t serial = 0;
789  int done = 0;
790  ods_status status = ODS_STATUS_OK;
791  ods_log_assert(buffer);
792  ods_log_assert(xfrd);
793  ods_log_assert(xfrd->master);
794  ods_log_assert(xfrd->master->address);
795  zone = (zone_type*) xfrd->zone;
796  ods_log_assert(zone);
797  ods_log_assert(zone->name);
798  /* check packet size */
800  ods_log_error("[%s] unable to parse packet: zone %s received bad "
801  "packet from %s (too small)", xfrd_str, zone->name,
802  xfrd->master->address);
803  return XFRD_PKT_BAD;
804  }
805  /* check query id */
806  if (buffer_pkt_id(buffer) != xfrd->query_id) {
807  ods_log_error("[%s] bad packet: zone %s received bad query id "
808  "%u from %s (expected %u)", xfrd_str, zone->name,
809  buffer_pkt_id(buffer), xfrd->master->address, xfrd->query_id);
810  return XFRD_PKT_BAD;
811  }
812  /* check rcode */
813  if (buffer_pkt_rcode(buffer) != LDNS_RCODE_NOERROR) {
814  ods_log_error("[%s] bad packet: zone %s received error code %s from %s",
815  xfrd_str, zone->name, ldns_pkt_rcode2str(buffer_pkt_rcode(buffer)),
816  xfrd->master->address);
817  if (buffer_pkt_rcode(buffer) == LDNS_RCODE_NOTIMPL) {
818  return XFRD_PKT_NOTIMPL;
819  } else if (buffer_pkt_rcode(buffer) != LDNS_RCODE_NOTAUTH) {
820  return XFRD_PKT_BAD;
821  }
822  }
823  /* check tsig */
824  if (!xfrd_tsig_process(xfrd, buffer)) {
825  ods_log_error("[%s] bad packet: zone %s received bad tsig "
826  "from %s", xfrd_str, zone->name, xfrd->master->address);
827  return XFRD_PKT_BAD;
828  }
829  /* skip header and question section */
831  qdcount = buffer_pkt_qdcount(buffer);
832  for (rrcount = 0; rrcount < qdcount; rrcount++) {
833  if (!buffer_skip_rr(buffer, 1)) {
834  ods_log_error("[%s] bad packet: zone %s received bad "
835  "question section from %s (bad rr)", xfrd_str, zone->name,
836  xfrd->master->address);
837  return XFRD_PKT_BAD;
838  }
839  }
840  /* answer section */
841  ancount = buffer_pkt_ancount(buffer);
842  if (xfrd->msg_rr_count == 0 && ancount == 0) {
843  if (xfrd->tcp_conn == -1 && buffer_pkt_tc(buffer)) {
844  ods_log_debug("[%s] zone %s received tc from %s, retry tcp",
845  xfrd_str, zone->name, xfrd->master->address);
846  return XFRD_PKT_TC;
847  }
848  ods_log_error("[%s] bad packet: zone %s received bad xfr packet "
849  "from %s (nodata)", xfrd_str, zone->name, xfrd->master->address);
850  return XFRD_PKT_BAD;
851  }
852 
853  ancount_todo = ancount;
854  if (xfrd->msg_rr_count == 0) {
855  /* parse the first RR, see if it is a SOA */
856  if (!buffer_skip_dname(buffer) ||
857  !xfrd_parse_soa(xfrd, buffer, 0, 1, 0, &serial)) {
858  ods_log_error("[%s] bad packet: zone %s received bad xfr "
859  "packet from %s (bad soa)", xfrd_str, zone->name,
860  xfrd->master->address);
861  return XFRD_PKT_BAD;
862  }
863  /* check serial */
865  if (xfrd->serial_disk_acquired && xfrd->serial_disk == serial) {
866  ods_log_debug("[%s] zone %s got update indicating current "
867  "serial %u from %s", xfrd_str, zone->name, serial,
868  xfrd->master->address);
869  xfrd->serial_disk_acquired = xfrd_time(xfrd);
870  if (xfrd->serial_xfr == serial) {
872  if (!xfrd->serial_notify_acquired) {
873  /* not notified or anything, so stop asking around */
874  xfrd->round_num = -1; /* next try start a new round */
876  ods_log_debug("[%s] zone %s wait refresh time", xfrd_str,
877  zone->name);
879  return XFRD_PKT_NEWLEASE;
880  }
881  /* try next master */
882  ods_log_debug("[%s] zone %s try next master", xfrd_str,
883  zone->name);
885  return XFRD_PKT_BAD;
886  }
887  }
888  if (xfrd->serial_disk_acquired &&
889  !util_serial_gt(serial, xfrd->serial_disk)) {
890  ods_log_debug("[%s] zone %s ignoring old serial %u from %s "
891  "(have %u)", xfrd_str, zone->name, serial,
892  xfrd->master->address, xfrd->serial_disk);
894  return XFRD_PKT_BAD;
895  }
896 
897  xfrd->msg_new_serial = serial;
898  if (xfrd->serial_disk_acquired) {
899  xfrd->msg_old_serial = xfrd->serial_disk;
900  } else {
901  xfrd->msg_old_serial = 0;
902  }
903  /* update notify serial if this xfr is newer */
904  if (ancount > 1 && xfrd->serial_notify_acquired &&
905  util_serial_gt(serial, xfrd->serial_notify)) {
906  xfrd->serial_notify = serial;
907  }
909  xfrd->msg_rr_count = 1;
910  xfrd->msg_is_ixfr = 0;
911  ancount_todo = ancount - 1;
912  }
913  /* check tc bit */
914  if (xfrd->tcp_conn == -1 && buffer_pkt_tc(buffer)) {
915  ods_log_debug("[%s] zone %s received tc from %s, retry tcp",
916  xfrd_str, zone->name, xfrd->master->address);
917  return XFRD_PKT_TC;
918  }
919  if (xfrd->tcp_conn == -1 && ancount < 2) {
920  /* too short to be a real ixfr/axfr data transfer */
921  ods_log_debug("[%s] zone %s received too short udp reply from %s, "
922  "retry tcp", xfrd_str, zone->name, xfrd->master->address);
923  return XFRD_PKT_TC;
924  }
925  status = xfrd_parse_rrs(xfrd, buffer, ancount_todo, &done);
926  if (status != ODS_STATUS_OK) {
927  ods_log_error("[%s] bad packet: zone %s received bad xfr packet "
928  "from %s (%s)", xfrd_str, zone->name, xfrd->master->address,
929  ods_status2str(status));
930  return XFRD_PKT_BAD;
931  }
932  if (xfrd->tcp_conn == -1 && !done) {
933  ods_log_error("[%s] bad packet: zone %s received bad xfr packet "
934  "(xfr over udp incomplete)", xfrd_str, zone->name,
935  xfrd->master->address);
936  return XFRD_PKT_BAD;
937  }
938  if (!done) {
939  return XFRD_PKT_MORE;
940  }
941  return XFRD_PKT_XFR;
942 }
943 
944 
949 static xfrd_pkt_status
950 xfrd_handle_packet(xfrd_type* xfrd, buffer_type* buffer)
951 {
953  zone_type* zone = NULL;
954  ods_log_assert(xfrd);
955  ods_log_assert(xfrd->master);
956  ods_log_assert(xfrd->master->address);
957  zone = (zone_type*) xfrd->zone;
958  ods_log_assert(zone);
959  ods_log_assert(zone->name);
960  res = xfrd_parse_packet(xfrd, buffer);
961  switch (res) {
962  case XFRD_PKT_MORE:
963  case XFRD_PKT_XFR:
964  /* continue with commit */
965  break;
966  case XFRD_PKT_NEWLEASE:
967  case XFRD_PKT_TC:
968  return res;
969  break;
970  case XFRD_PKT_NOTIMPL:
971  case XFRD_PKT_BAD:
972  default:
973  /* rollback */
974  if (xfrd->msg_seq_nr > 0) {
975  buffer_clear(buffer);
976  ods_log_info("[%s] zone %s xfr rollback", xfrd_str,
977  zone->name);
978  buffer_flip(buffer);
979  }
980  return res;
981  break;
982  }
983  /* dump reply on disk to diff file */
984  xfrd_dump_packet(xfrd, buffer);
985  /* more? */
986  xfrd->msg_seq_nr++;
987  if (res == XFRD_PKT_MORE) {
988  /* wait for more */
989  return XFRD_PKT_MORE;
990  }
991  /* done */
992  buffer_clear(buffer);
993  buffer_flip(buffer);
994  /* commit packet */
995  xfrd_commit_packet(xfrd);
996  /* next time */
998 
999  ods_log_debug("[%s] zone %s notify acquired %u, serial on disk %u, "
1000  "notify serial %u", xfrd_str, zone->name,
1001  xfrd->serial_notify_acquired, xfrd->serial_disk,
1002  xfrd->serial_notify);
1003 
1004  if (xfrd->serial_notify_acquired &&
1005  !util_serial_gt(xfrd->serial_notify, xfrd->serial_disk)) {
1006  ods_log_debug("[%s] zone %s reset notify acquired", xfrd_str,
1007  zone->name);
1008  xfrd->serial_notify_acquired = 0;
1009  }
1010  if (!xfrd->serial_notify_acquired) {
1011  ods_log_debug("[%s] zone %s xfr done", xfrd_str, zone->name);
1012  xfrd->round_num = -1; /* next try start anew */
1013  xfrd_set_timer_refresh(xfrd);
1015  return XFRD_PKT_XFR;
1016  }
1018  /* try to get an even newer serial */
1019  ods_log_debug("[%s] zone %s get newer serial", xfrd_str, zone->name);
1020  return XFRD_PKT_BAD;
1021 }
1022 
1023 
1031 static void
1032 xfrd_tcp_write(xfrd_type* xfrd, tcp_set_type* set)
1033 {
1034  zone_type* zone = NULL;
1035  tcp_conn_type* tcp = NULL;
1036  int ret = 0;
1037  int error = 0;
1038  socklen_t len = 0;
1039 
1040  ods_log_assert(set);
1041  ods_log_assert(xfrd);
1042  ods_log_assert(xfrd->tcp_conn != -1);
1043  zone = (zone_type*) xfrd->zone;
1044  ods_log_assert(zone);
1045  ods_log_assert(zone->name);
1046  tcp = set->tcp_conn[xfrd->tcp_conn];
1047  if (tcp->total_bytes == 0) {
1048  /* check for pending error from nonblocking connect */
1049  /* from Stevens, unix network programming, vol1, 3rd ed, p450 */
1050  len = sizeof(error);
1051  if (getsockopt(tcp->fd, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
1052  error = errno; /* on solaris errno is error */
1053  }
1054  if (error == EINPROGRESS || error == EWOULDBLOCK) {
1055  ods_log_debug("[%s] zone %s zero write, write again later (%s)",
1056  xfrd_str, zone->name, strerror(error));
1057  return; /* try again later */
1058  }
1059  if (error != 0) {
1060  ods_log_error("[%s] zone %s cannot tcp connect to %s: %s",
1061  xfrd_str, zone->name, xfrd->master->address, strerror(errno));
1062  xfrd_set_timer_now(xfrd);
1063  xfrd_tcp_release(xfrd, set);
1064  return;
1065  }
1066  }
1067  ret = tcp_conn_write(tcp);
1068  if(ret == -1) {
1069  ods_log_error("[%s] zone %s cannot tcp write to %s: %s",
1070  xfrd_str, zone->name, xfrd->master->address, strerror(errno));
1071  xfrd_set_timer_now(xfrd);
1072  xfrd_tcp_release(xfrd, set);
1073  return;
1074  }
1075  if (ret == 0) {
1076  ods_log_debug("[%s] zone %s zero write, write again later",
1077  xfrd_str, zone->name);
1078  return; /* write again later */
1079  }
1080  /* done writing, get ready for reading */
1081  ods_log_debug("[%s] zone %s done writing, get ready for reading",
1082  xfrd_str, zone->name);
1083  tcp->is_reading = 1;
1084  tcp_conn_ready(tcp);
1086  xfrd_tcp_read(xfrd, set);
1087  return;
1088 }
1089 
1090 
1095 static int
1096 xfrd_tcp_open(xfrd_type* xfrd, tcp_set_type* set)
1097 {
1098  int fd, family, conn;
1099  struct sockaddr_storage to;
1100  socklen_t to_len;
1101  zone_type* zone = NULL;
1102 
1103  ods_log_assert(set);
1104  ods_log_assert(xfrd);
1105  ods_log_assert(xfrd->tcp_conn != -1);
1106  ods_log_assert(xfrd->master);
1107  ods_log_assert(xfrd->master->address);
1108  zone = (zone_type*) xfrd->zone;
1109  ods_log_assert(zone);
1110  ods_log_assert(zone->name);
1111  ods_log_debug("[%s] zone %s open tcp connection to %s", xfrd_str,
1112  zone->name, xfrd->master->address);
1113  set->tcp_conn[xfrd->tcp_conn]->is_reading = 0;
1114  set->tcp_conn[xfrd->tcp_conn]->total_bytes = 0;
1115  set->tcp_conn[xfrd->tcp_conn]->msglen = 0;
1116  if (xfrd->master->family == AF_INET6) {
1117  family = PF_INET6;
1118  } else {
1119  family = PF_INET;
1120  }
1121  fd = socket(family, SOCK_STREAM, IPPROTO_TCP);
1122  set->tcp_conn[xfrd->tcp_conn]->fd = fd;
1123  if (fd == -1) {
1124  ods_log_error("[%s] zone %s cannot create tcp socket to %s: %s",
1125  xfrd_str, zone->name, xfrd->master->address, strerror(errno));
1126  xfrd_set_timer_now(xfrd);
1127  xfrd_tcp_release(xfrd, set);
1128  return 0;
1129  }
1130  if (fcntl(fd, F_SETFL, O_NONBLOCK) == -1) {
1131  ods_log_error("[%s] zone %s cannot fcntl tcp socket to %s: %s",
1132  xfrd_str, zone->name, xfrd->master->address, strerror(errno));
1133  xfrd_set_timer_now(xfrd);
1134  xfrd_tcp_release(xfrd, set);
1135  return 0;
1136  }
1137  to_len = xfrd_acl_sockaddr_to(xfrd->master, &to);
1138  /* bind it? */
1139 
1140  conn = connect(fd, (struct sockaddr*)&to, to_len);
1141  if (conn == -1 && errno != EINPROGRESS) {
1142  ods_log_error("[%s] zone %s cannot connect tcp socket to %s: %s",
1143  xfrd_str, zone->name, xfrd->master->address, strerror(errno));
1144  xfrd_set_timer_now(xfrd);
1145  xfrd_tcp_release(xfrd, set);
1146  return 0;
1147  }
1148  xfrd->handler.fd = fd;
1150  xfrd_set_timer(xfrd, xfrd_time(xfrd) + XFRD_TCP_TIMEOUT);
1151  return 1;
1152 }
1153 
1154 
1159 static void
1160 xfrd_tcp_obtain(xfrd_type* xfrd, tcp_set_type* set)
1161 {
1162  int i = 0;
1163 
1164  ods_log_assert(set);
1165  ods_log_assert(xfrd);
1166  ods_log_assert(xfrd->tcp_conn == -1);
1167  ods_log_assert(xfrd->tcp_waiting == 0);
1168  if (set->tcp_count < TCPSET_MAX) {
1170  set->tcp_count ++;
1171  /* find a free tcp_buffer */
1172  for (i=0; i < TCPSET_MAX; i++) {
1173  if (set->tcp_conn[i]->fd == -1) {
1174  xfrd->tcp_conn = i;
1175  break;
1176  }
1177  }
1178  ods_log_assert(xfrd->tcp_conn != -1);
1179  xfrd->tcp_waiting = 0;
1180  /* stop udp use (if any) */
1181  if (xfrd->handler.fd != -1) {
1182  xfrd_udp_release(xfrd);
1183  }
1184  if (!xfrd_tcp_open(xfrd, set)) {
1185  return;
1186  }
1187  xfrd_tcp_xfr(xfrd, set);
1188  return;
1189  }
1190  /* wait, at end of line */
1191  ods_log_verbose("[%s] max number of tcp connections (%d) reached",
1192  xfrd_str, TCPSET_MAX);
1193  xfrd->tcp_waiting = 1;
1194  xfrd_unset_timer(xfrd);
1195  return;
1196 }
1197 
1198 
1203 static void
1204 xfrd_tcp_xfr(xfrd_type* xfrd, tcp_set_type* set)
1205 {
1206  tcp_conn_type* tcp = NULL;
1207  zone_type* zone = NULL;
1208 
1209  ods_log_assert(set);
1210  ods_log_assert(xfrd);
1211  zone = (zone_type*) xfrd->zone;
1212  ods_log_assert(zone);
1213  ods_log_assert(zone->name);
1214  ods_log_assert(xfrd->tcp_conn != -1);
1215  ods_log_assert(xfrd->tcp_waiting == 0);
1216  ods_log_assert(xfrd->master);
1217  ods_log_assert(xfrd->master->address);
1218  /* start AXFR or IXFR for the zone */
1219  tcp = set->tcp_conn[xfrd->tcp_conn];
1220 
1221  if (xfrd->serial_xfr_acquired <= 0 || xfrd->master->ixfr_disabled) {
1222  ods_log_debug("[%s] zone %s request axfr to %s", xfrd_str,
1223  zone->name, xfrd->master->address);
1224  buffer_pkt_query(tcp->packet, zone->apex, LDNS_RR_TYPE_AXFR,
1225  zone->klass);
1226  } else {
1227  ods_log_debug("[%s] zone %s request ixfr to %s", xfrd_str,
1228  zone->name, xfrd->master->address);
1229  buffer_pkt_query(tcp->packet, zone->apex, LDNS_RR_TYPE_IXFR,
1230  zone->klass);
1231  buffer_pkt_set_nscount(tcp->packet, 1);
1232  xfrd_write_soa(xfrd, tcp->packet);
1233  }
1234  /* make packet */
1235  xfrd->query_id = buffer_pkt_id(tcp->packet);
1236  xfrd->msg_seq_nr = 0;
1237  xfrd->msg_rr_count = 0;
1238  xfrd->msg_old_serial = 0;
1239  xfrd->msg_new_serial = 0;
1240  xfrd->msg_is_ixfr = 0;
1241  xfrd_tsig_sign(xfrd, tcp->packet);
1242  buffer_flip(tcp->packet);
1243  tcp->msglen = buffer_limit(tcp->packet);
1244  ods_log_debug("[%s] zone %s sending tcp query id=%d", xfrd_str,
1245  zone->name, xfrd->query_id);
1246  /* wait for select to complete connect before write */
1247  return;
1248 }
1249 
1250 
1255 static void
1256 xfrd_tcp_read(xfrd_type* xfrd, tcp_set_type* set)
1257 {
1258  tcp_conn_type* tcp = NULL;
1259  int ret = 0;
1260 
1261  ods_log_assert(set);
1262  ods_log_assert(xfrd);
1263  ods_log_assert(xfrd->tcp_conn != -1);
1264  tcp = set->tcp_conn[xfrd->tcp_conn];
1265  ret = tcp_conn_read(tcp);
1266  if (ret == -1) {
1267  xfrd_set_timer_now(xfrd);
1268  xfrd_tcp_release(xfrd, set);
1269  return;
1270  }
1271  if (ret == 0) {
1272  return;
1273  }
1274  /* completed msg */
1275  buffer_flip(tcp->packet);
1276  ret = xfrd_handle_packet(xfrd, tcp->packet);
1277  switch (ret) {
1278  case XFRD_PKT_MORE:
1279  tcp_conn_ready(tcp);
1280  break;
1281  case XFRD_PKT_XFR:
1282  case XFRD_PKT_NEWLEASE:
1283  ods_log_debug("[%s] tcp read %s: release connection", xfrd_str,
1284  XFRD_PKT_XFR?"xfr":"newlease");
1285  xfrd_tcp_release(xfrd, set);
1286  ods_log_assert(xfrd->round_num == -1);
1287  break;
1288  case XFRD_PKT_NOTIMPL:
1289  xfrd->master->ixfr_disabled = time_now();
1290  ods_log_debug("[%s] disable ixfr requests for %s from now (%u)",
1291  xfrd_str, xfrd->master->address, xfrd->master->ixfr_disabled);
1292  /* break; */
1293  case XFRD_PKT_BAD:
1294  default:
1295  ods_log_debug("[%s] tcp read %s: release connection", xfrd_str,
1296  ret==XFRD_PKT_BAD?"bad":"notimpl");
1297  xfrd_tcp_release(xfrd, set);
1298  xfrd_make_request(xfrd);
1299  break;
1300  }
1301  return;
1302 }
1303 
1304 
1309 static void
1310 xfrd_tcp_release(xfrd_type* xfrd, tcp_set_type* set)
1311 {
1312  int conn = 0;
1313  zone_type* zone = NULL;
1314 
1315  ods_log_assert(set);
1316  ods_log_assert(xfrd);
1317  ods_log_assert(xfrd->master);
1318  ods_log_assert(xfrd->master->address);
1319  ods_log_assert(xfrd->tcp_conn != -1);
1320  ods_log_assert(xfrd->tcp_waiting == 0);
1321  zone = (zone_type*) xfrd->zone;
1322  ods_log_debug("[%s] zone %s release tcp connection to %s", xfrd_str,
1323  zone->name, xfrd->master->address);
1324  conn = xfrd->tcp_conn;
1325  xfrd->tcp_conn = -1;
1326  xfrd->tcp_waiting = 0;
1327  xfrd->handler.fd = -1;
1329 
1330  if (set->tcp_conn[conn]->fd != -1) {
1331  close(set->tcp_conn[conn]->fd);
1332  }
1333  set->tcp_conn[conn]->fd = -1;
1334  set->tcp_count --;
1335  return;
1336 }
1337 
1338 
1346 static int
1347 xfrd_udp_send(xfrd_type* xfrd, buffer_type* buffer)
1348 {
1349  struct sockaddr_storage to;
1350  socklen_t to_len = 0;
1351  int fd = -1;
1352  int family = PF_INET;
1353  ssize_t nb = -1;
1354  ods_log_assert(buffer);
1355  ods_log_assert(xfrd);
1356  ods_log_assert(xfrd->master);
1357  ods_log_assert(xfrd->master->address);
1358  /* this will set the remote port to acl->port or TCP_PORT */
1359  to_len = xfrd_acl_sockaddr_to(xfrd->master, &to);
1360  /* get the address family of the remote host */
1361  if (xfrd->master->family == AF_INET6) {
1362  family = PF_INET6;
1363  }
1364  /* create socket */
1365  fd = socket(family, SOCK_DGRAM, IPPROTO_UDP);
1366  if (fd == -1) {
1367  ods_log_error("[%s] unable to send data over udp to %s: "
1368  "socket() failed (%s)", xfrd_str, xfrd->master->address,
1369  strerror(errno));
1370  return -1;
1371  }
1372  /* bind it? */
1373 
1374  /* send it (udp) */
1375  ods_log_deeebug("[%s] send %d bytes over udp to %s", xfrd_str,
1376  buffer_remaining(buffer), xfrd->master->address);
1377  nb = sendto(fd, buffer_current(buffer), buffer_remaining(buffer), 0,
1378  (struct sockaddr*)&to, to_len);
1379  if (nb == -1) {
1380  ods_log_error("[%s] unable to send data over udp to %s: "
1381  "sendto() failed (%s)", xfrd_str, xfrd->master->address,
1382  strerror(errno));
1383  close(fd);
1384  return -1;
1385  }
1386  return fd;
1387 }
1388 
1389 
1394 static int
1395 xfrd_udp_send_request_ixfr(xfrd_type* xfrd)
1396 {
1397  int fd;
1398  xfrhandler_type* xfrhandler = NULL;
1399  zone_type* zone = NULL;
1400  ods_log_assert(xfrd);
1401  ods_log_assert(xfrd->master);
1402  ods_log_assert(xfrd->master->address);
1403  zone = (zone_type*) xfrd->zone;
1404  ods_log_assert(zone);
1405  ods_log_assert(zone->name);
1406  if (xfrd->tcp_conn != -1) {
1407  /* tcp is using the handler.fd */
1408  ods_log_error("[%s] unable to transfer zone %s: tried to send "
1409  "udp while tcp obtained", xfrd_str, zone->name);
1410  return -1;
1411  }
1412  /* make packet */
1413  xfrhandler = (xfrhandler_type*) xfrd->xfrhandler;
1414  ods_log_assert(xfrhandler);
1415  buffer_pkt_query(xfrhandler->packet, zone->apex, LDNS_RR_TYPE_IXFR,
1416  zone->klass);
1417  xfrd->query_id = buffer_pkt_id(xfrhandler->packet);
1418  xfrd->msg_seq_nr = 0;
1419  xfrd->msg_rr_count = 0;
1420  xfrd->msg_old_serial = 0;
1421  xfrd->msg_new_serial = 0;
1422  xfrd->msg_is_ixfr = 0;
1423  buffer_pkt_set_nscount(xfrhandler->packet, 1);
1424  xfrd_write_soa(xfrd, xfrhandler->packet);
1425  xfrd_tsig_sign(xfrd, xfrhandler->packet);
1426  buffer_flip(xfrhandler->packet);
1427  xfrd_set_timer(xfrd, xfrd_time(xfrd) + XFRD_UDP_TIMEOUT);
1428  ods_log_debug("[%s] zone %s sending udp query id=%d qtype=IXFR to %s",
1429  xfrd_str, zone->name, xfrd->query_id, xfrd->master->address);
1430  if((fd = xfrd_udp_send(xfrd, xfrhandler->packet)) == -1) {
1431  return -1;
1432  }
1433  return fd;
1434 }
1435 
1440 static void
1441 xfrd_udp_obtain(xfrd_type* xfrd)
1442 {
1443  xfrhandler_type* xfrhandler = NULL;
1444  ods_log_assert(xfrd);
1445  ods_log_assert(xfrd->xfrhandler);
1446  ods_log_assert(xfrd->udp_waiting == 0);
1447  xfrhandler = (void*) xfrd->xfrhandler;
1448  if (xfrd->tcp_conn != -1) {
1449  /* no tcp and udp at the same time */
1450  xfrd_tcp_release(xfrd, xfrhandler->tcp_set);
1451  }
1452  if (xfrhandler->udp_use_num < XFRD_MAX_UDP) {
1453  xfrhandler->udp_use_num++;
1454  xfrd->handler.fd = xfrd_udp_send_request_ixfr(xfrd);
1455  if (xfrd->handler.fd == -1) {
1456  xfrhandler->udp_use_num--;
1457  }
1458  return;
1459  }
1460  /* queue the zone as last */
1461  xfrd->udp_waiting = 1;
1462  xfrd->udp_waiting_next = NULL;
1463  if (!xfrhandler->udp_waiting_first) {
1464  xfrhandler->udp_waiting_first = xfrd;
1465  }
1466  if (xfrhandler->udp_waiting_last) {
1467  xfrhandler->udp_waiting_last->udp_waiting_next = xfrd;
1468  }
1469  xfrhandler->udp_waiting_last = xfrd;
1470  xfrd_unset_timer(xfrd);
1471  return;
1472 }
1473 
1474 
1479 static int
1480 xfrd_udp_read_packet(xfrd_type* xfrd)
1481 {
1482  xfrhandler_type* xfrhandler = NULL;
1483  ssize_t received = 0;
1484  ods_log_assert(xfrd);
1485  xfrhandler = (xfrhandler_type*) xfrd->xfrhandler;
1486  ods_log_assert(xfrhandler);
1487  /* read the data */
1488  buffer_clear(xfrhandler->packet);
1489  received = recvfrom(xfrd->handler.fd, buffer_begin(xfrhandler->packet),
1490  buffer_remaining(xfrhandler->packet), 0, NULL, NULL);
1491  if (received == -1) {
1492  ods_log_error("[%s] unable to read packet: recvfrom() failed fd %d "
1493  "(%s)", xfrd_str, xfrd->handler.fd, strerror(errno));
1494  return 0;
1495  }
1496  buffer_set_limit(xfrhandler->packet, received);
1497  return 1;
1498 }
1499 
1500 
1505 static void
1506 xfrd_udp_read(xfrd_type* xfrd)
1507 {
1508  xfrhandler_type* xfrhandler = NULL;
1509  zone_type* zone = NULL;
1511  ods_log_assert(xfrd);
1512  zone = (zone_type*) xfrd->zone;
1513  ods_log_assert(zone);
1514  ods_log_assert(zone->name);
1515  ods_log_debug("[%s] zone %s read data from udp", xfrd_str,
1516  zone->name);
1517  if (!xfrd_udp_read_packet(xfrd)) {
1518  ods_log_error("[%s] unable to read data from udp zone %s: "
1519  "xfrd_udp_read_packet() failed", xfrd_str, zone->name);
1520  xfrd_udp_release(xfrd);
1521  return;
1522  }
1523  xfrhandler = (xfrhandler_type*) xfrd->xfrhandler;
1524  ods_log_assert(xfrhandler);
1525  res = xfrd_handle_packet(xfrd, xfrhandler->packet);
1526  switch (res) {
1527  case XFRD_PKT_TC:
1528  ods_log_debug("[%s] truncation from %s",
1529  xfrd_str, xfrd->master->address);
1530  xfrd_udp_release(xfrd);
1531  xfrd_set_timer(xfrd, xfrd_time(xfrd) + XFRD_TCP_TIMEOUT);
1532  xfrd_tcp_obtain(xfrd, xfrhandler->tcp_set);
1533  break;
1534  case XFRD_PKT_XFR:
1535  case XFRD_PKT_NEWLEASE:
1536  ods_log_debug("[%s] xfr/newlease from %s",
1537  xfrd_str, xfrd->master->address);
1538  /* nothing more to do */
1539  ods_log_assert(xfrd->round_num == -1);
1540  xfrd_udp_release(xfrd);
1541  break;
1542  case XFRD_PKT_NOTIMPL:
1543  xfrd->master->ixfr_disabled = time_now();
1544  ods_log_debug("[%s] disable ixfr requests for %s from now (%u)",
1545  xfrd_str, xfrd->master->address, xfrd->master->ixfr_disabled);
1546  /* break; */
1547  case XFRD_PKT_BAD:
1548  default:
1549  ods_log_debug("[%s] bad ixfr packet from %s",
1550  xfrd_str, xfrd->master->address);
1551  xfrd_udp_release(xfrd);
1552  xfrd_make_request(xfrd);
1553  break;
1554  }
1555  return;
1556 }
1557 
1558 
1563 static void
1564 xfrd_udp_release(xfrd_type* xfrd)
1565 {
1566  xfrhandler_type* xfrhandler = NULL;
1567 
1568  ods_log_assert(xfrd);
1569  ods_log_assert(xfrd->udp_waiting == 0);
1570  if(xfrd->handler.fd != -1)
1571  close(xfrd->handler.fd);
1572  xfrd->handler.fd = -1;
1573  xfrhandler = (xfrhandler_type*) xfrd->xfrhandler;
1574  ods_log_assert(xfrhandler);
1575  /* see if there are waiting zones */
1576  if (xfrhandler->udp_use_num == XFRD_MAX_UDP) {
1577  while (xfrhandler->udp_waiting_first) {
1578  /* snip off waiting list */
1579  xfrd_type* wf = xfrhandler->udp_waiting_first;
1581  wf->udp_waiting = 0;
1582  xfrhandler->udp_waiting_first = wf->udp_waiting_next;
1583  if (xfrhandler->udp_waiting_last == wf) {
1584  xfrhandler->udp_waiting_last = NULL;
1585  }
1586  /* see if this zone needs udp connection */
1587  if (wf->tcp_conn == -1) {
1588  wf->handler.fd = xfrd_udp_send_request_ixfr(wf);
1589  if (wf->handler.fd != -1) {
1590  return;
1591  }
1592  }
1593  }
1594  }
1595  /* no waiting zones */
1596  if (xfrhandler->udp_use_num > 0) {
1597  xfrhandler->udp_use_num --;
1598  }
1599  return;
1600 }
1601 
1602 
1607 static void
1608 xfrd_make_request(xfrd_type* xfrd)
1609 {
1610  zone_type* zone = NULL;
1611  dnsin_type* dnsin = NULL;
1612  if (!xfrd || !xfrd->xfrhandler) {
1613  return;
1614  }
1615  zone = (zone_type*) xfrd->zone;
1616  ods_log_assert(zone);
1617  ods_log_assert(zone->name);
1618  ods_log_assert(zone->adinbound);
1621 
1622  dnsin = (dnsin_type*) zone->adinbound->config;
1623  if (xfrd->next_master != -1) {
1624  /* we are told to use this next master */
1625  xfrd->master_num = xfrd->next_master;
1626  xfrd->master = NULL; /* acl_find_num(...) */
1627  /* if there is no next master, fallback to use the first one */
1628  if (!xfrd->master) {
1629  xfrd->master = dnsin->request_xfr;
1630  xfrd->master_num = 0;
1631  }
1632  /* fallback to cycle master */
1633  xfrd->next_master = -1;
1634  xfrd->round_num = 0; /* fresh set of retries after notify */
1635  } else {
1636  /* cycle master */
1637  if (xfrd->round_num != -1 && xfrd->master &&
1638  xfrd->master->next) {
1639  /* try the next master */
1640  xfrd->master = xfrd->master->next;
1641  xfrd->master_num++;
1642  } else {
1643  /* start a new round */
1644  xfrd->master = dnsin->request_xfr;
1645  xfrd->master_num = 0;
1646  xfrd->round_num++;
1647  }
1648  if (xfrd->round_num >= XFRD_MAX_ROUNDS) {
1649  /* tried all servers that many times, wait */
1650  xfrd->round_num = -1;
1651  xfrd_set_timer_retry(xfrd);
1652  ods_log_verbose("[%s] zone %s make request wait retry",
1653  xfrd_str, zone->name);
1654  return;
1655  }
1656  }
1657  if (!xfrd->master) {
1658  ods_log_debug("[%s] unable to make request for zone %s: no master",
1659  xfrd_str, zone->name);
1660  xfrd->round_num = -1;
1661  xfrd_set_timer_retry(xfrd);
1662  return;
1663  }
1664  /* cache ixfr_disabled only for XFRD_NO_IXFR_CACHE time */
1665  if (xfrd->master->ixfr_disabled &&
1667  xfrd_time(xfrd)) {
1668  ods_log_verbose("[%s] clear negative caching ixfr disabled for "
1669  "master %s", xfrd_str, xfrd->master->address);
1670  ods_log_debug("[%s] clear negative caching calc: %u + %u <= %u",
1671  xfrd_str, xfrd->master->ixfr_disabled, XFRD_NO_IXFR_CACHE,
1672  xfrd_time(xfrd));
1673  xfrd->master->ixfr_disabled = 0;
1674  }
1675  /* perform xfr request */
1676  ods_log_debug("[%s] zone %s make request round %d master %s:%u",
1677  xfrd_str, zone->name, xfrd->round_num, xfrd->master->address,
1678  xfrd->master->port);
1679  if (xfrd->serial_xfr_acquired && !xfrd->master->ixfr_disabled) {
1680  xfrd_set_timer(xfrd, xfrd_time(xfrd) + XFRD_UDP_TIMEOUT);
1681  xfrd_udp_obtain(xfrd);
1682  } else if (xfrd->serial_xfr_acquired <= 0 ||
1683  xfrd->master->ixfr_disabled) {
1684  xfrhandler_type* xfrhandler = (xfrhandler_type*) xfrd->xfrhandler;
1685  ods_log_assert(xfrhandler);
1686  xfrd_set_timer(xfrd, xfrd_time(xfrd) + XFRD_TCP_TIMEOUT);
1687  xfrd_tcp_obtain(xfrd, xfrhandler->tcp_set);
1688  }
1689  return;
1690 }
1691 
1692 
1697 static void
1698 xfrd_handle_zone(netio_type* ATTR_UNUSED(netio),
1699  netio_handler_type* handler, netio_events_type event_types)
1700 {
1701  xfrd_type* xfrd = NULL;
1702  zone_type* zone = NULL;
1703 
1704  if (!handler) {
1705  return;
1706  }
1707  xfrd = (xfrd_type*) handler->user_data;
1708  ods_log_assert(xfrd);
1709  zone = (zone_type*) xfrd->zone;
1710  ods_log_assert(zone);
1711  ods_log_assert(zone->name);
1712 
1713  if (xfrd->tcp_conn != -1) {
1714  /* busy in tcp transaction */
1715  xfrhandler_type* xfrhandler = (xfrhandler_type*) xfrd->xfrhandler;
1716  ods_log_assert(xfrhandler);
1717  if (event_types & NETIO_EVENT_READ) {
1718  ods_log_deeebug("[%s] zone %s event tcp read", xfrd_str, zone->name);
1719  xfrd_set_timer(xfrd, xfrd_time(xfrd) + XFRD_TCP_TIMEOUT);
1720  xfrd_tcp_read(xfrd, xfrhandler->tcp_set);
1721  return;
1722  } else if (event_types & NETIO_EVENT_WRITE) {
1723  ods_log_deeebug("[%s] zone %s event tcp write", xfrd_str,
1724  zone->name);
1725  xfrd_set_timer(xfrd, xfrd_time(xfrd) + XFRD_TCP_TIMEOUT);
1726  xfrd_tcp_write(xfrd, xfrhandler->tcp_set);
1727  return;
1728  } else if (event_types & NETIO_EVENT_TIMEOUT) {
1729  /* tcp connection timed out. Stop it. */
1730  ods_log_deeebug("[%s] zone %s event tcp timeout", xfrd_str,
1731  zone->name);
1732  xfrd_tcp_release(xfrd, xfrhandler->tcp_set);
1733  /* continue to retry; as if a timeout happened */
1734  event_types = NETIO_EVENT_TIMEOUT;
1735  }
1736  }
1737 
1738  if (event_types & NETIO_EVENT_READ) {
1739  /* busy in udp transaction */
1740  ods_log_deeebug("[%s] zone %s event udp read", xfrd_str,
1741  zone->name);
1742  xfrd_set_timer_now(xfrd);
1743  xfrd_udp_read(xfrd);
1744  return;
1745  }
1746 
1747  /* timeout */
1748  ods_log_deeebug("[%s] zone %s timeout", xfrd_str, zone->name);
1749  if (handler->fd != -1) {
1750  ods_log_assert(xfrd->tcp_conn == -1);
1751  xfrd_udp_release(xfrd);
1752  }
1753  if (xfrd->tcp_waiting) {
1754  ods_log_deeebug("[%s] zone %s skips retry: tcp connections full",
1755  xfrd_str, zone->name);
1756  xfrd_unset_timer(xfrd);
1757  return;
1758  }
1759  if (xfrd->udp_waiting) {
1760  ods_log_deeebug("[%s] zone %s skips retry: udp connections full",
1761  xfrd_str, zone->name);
1762  xfrd_unset_timer(xfrd);
1763  return;
1764  }
1765  /* make a new request */
1766  xfrd_make_request(xfrd);
1767  return;
1768 }
1769 
1770 
1775 void
1777 {
1778  allocator_type* allocator = NULL;
1779  lock_basic_type serial_lock;
1780  lock_basic_type rw_lock;
1781  if (!xfrd) {
1782  return;
1783  }
1784  allocator = xfrd->allocator;
1785  serial_lock = xfrd->serial_lock;
1786  rw_lock = xfrd->rw_lock;
1787  tsig_rr_cleanup(xfrd->tsig_rr);
1788  allocator_deallocate(allocator, (void*) xfrd);
1789  allocator_cleanup(allocator);
1790  lock_basic_destroy(&serial_lock);
1791  lock_basic_destroy(&rw_lock);
1792  return;
1793 }
1794