1/* 2 * daemon/daemon.c - collection of workers that handles requests. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36/** 37 * \file 38 * 39 * The daemon consists of global settings and a number of workers. 40 */ 41 42#include "config.h" 43#ifdef HAVE_OPENSSL_ERR_H 44#include <openssl/err.h> 45#endif 46 47#ifdef HAVE_OPENSSL_RAND_H 48#include <openssl/rand.h> 49#endif 50 51#ifdef HAVE_OPENSSL_CONF_H 52#include <openssl/conf.h> 53#endif 54 55#ifdef HAVE_OPENSSL_ENGINE_H 56#include <openssl/engine.h> 57#endif 58 59#ifdef HAVE_TIME_H 60#include <time.h> 61#endif 62#include <sys/time.h> 63 64#ifdef HAVE_NSS 65/* nss3 */ 66#include "nss.h" 67#endif 68 69#include "daemon/daemon.h" 70#include "daemon/worker.h" 71#include "daemon/remote.h" 72#include "daemon/acl_list.h" 73#include "util/log.h" 74#include "util/config_file.h" 75#include "util/data/msgreply.h" 76#include "util/shm_side/shm_main.h" 77#include "util/storage/lookup3.h" 78#include "util/storage/slabhash.h" 79#include "util/tcp_conn_limit.h" 80#include "util/edns.h" 81#include "services/listen_dnsport.h" 82#include "services/cache/rrset.h" 83#include "services/cache/infra.h" 84#include "services/localzone.h" 85#include "services/view.h" 86#include "services/modstack.h" 87#include "services/authzone.h" 88#include "util/module.h" 89#include "util/random.h" 90#include "util/tube.h" 91#include "util/net_help.h" 92#include "sldns/keyraw.h" 93#include "respip/respip.h" 94#include "iterator/iter_fwd.h" 95#include "iterator/iter_hints.h" 96#include <signal.h> 97 98#ifdef HAVE_SYSTEMD 99#include <systemd/sd-daemon.h> 100#endif 101#ifdef HAVE_NETDB_H 102#include <netdb.h> 103#endif 104#ifdef USE_CACHEDB 105#include "cachedb/cachedb.h" 106#endif 107 108/** How many quit requests happened. */ 109static int sig_record_quit = 0; 110/** How many reload requests happened. */ 111static int sig_record_reload = 0; 112 113#if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS 114/** cleaner ssl memory freeup */ 115static void* comp_meth = NULL; 116#endif 117/** remove buffers for parsing and init */ 118int ub_c_lex_destroy(void); 119 120/** used when no other sighandling happens, so we don't die 121 * when multiple signals in quick succession are sent to us. 122 * @param sig: signal number. 123 * @return signal handler return type (void or int). 124 */ 125static RETSIGTYPE record_sigh(int sig) 126{ 127#ifdef LIBEVENT_SIGNAL_PROBLEM 128 /* cannot log, verbose here because locks may be held */ 129 /* quit on signal, no cleanup and statistics, 130 because installed libevent version is not threadsafe */ 131 exit(0); 132#endif 133 switch(sig) 134 { 135 case SIGTERM: 136#ifdef SIGQUIT 137 case SIGQUIT: 138#endif 139#ifdef SIGBREAK 140 case SIGBREAK: 141#endif 142 case SIGINT: 143 sig_record_quit++; 144 break; 145#ifdef SIGHUP 146 case SIGHUP: 147 sig_record_reload++; 148 break; 149#endif 150#ifdef SIGPIPE 151 case SIGPIPE: 152 break; 153#endif 154 default: 155 /* ignoring signal */ 156 break; 157 } 158} 159 160/** 161 * Signal handling during the time when netevent is disabled. 162 * Stores signals to replay later. 163 */ 164static void 165signal_handling_record(void) 166{ 167 if( signal(SIGTERM, record_sigh) == SIG_ERR || 168#ifdef SIGQUIT 169 signal(SIGQUIT, record_sigh) == SIG_ERR || 170#endif 171#ifdef SIGBREAK 172 signal(SIGBREAK, record_sigh) == SIG_ERR || 173#endif 174#ifdef SIGHUP 175 signal(SIGHUP, record_sigh) == SIG_ERR || 176#endif 177#ifdef SIGPIPE 178 signal(SIGPIPE, SIG_IGN) == SIG_ERR || 179#endif 180 signal(SIGINT, record_sigh) == SIG_ERR 181 ) 182 log_err("install sighandler: %s", strerror(errno)); 183} 184 185/** 186 * Replay old signals. 187 * @param wrk: worker that handles signals. 188 */ 189static void 190signal_handling_playback(struct worker* wrk) 191{ 192#ifdef SIGHUP 193 if(sig_record_reload) 194 worker_sighandler(SIGHUP, wrk); 195#endif 196 if(sig_record_quit) 197 worker_sighandler(SIGTERM, wrk); 198 sig_record_quit = 0; 199 sig_record_reload = 0; 200} 201 202struct daemon* 203daemon_init(void) 204{ 205 struct daemon* daemon = (struct daemon*)calloc(1, 206 sizeof(struct daemon)); 207#ifdef USE_WINSOCK 208 int r; 209 WSADATA wsa_data; 210#endif 211 if(!daemon) 212 return NULL; 213#ifdef USE_WINSOCK 214 r = WSAStartup(MAKEWORD(2,2), &wsa_data); 215 if(r != 0) { 216 fatal_exit("could not init winsock. WSAStartup: %s", 217 wsa_strerror(r)); 218 } 219#endif /* USE_WINSOCK */ 220 signal_handling_record(); 221#ifdef HAVE_SSL 222# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS 223 ERR_load_crypto_strings(); 224# endif 225#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 226 ERR_load_SSL_strings(); 227#endif 228# ifdef USE_GOST 229 (void)sldns_key_EVP_load_gost_id(); 230# endif 231# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) 232# ifndef S_SPLINT_S 233 OpenSSL_add_all_algorithms(); 234# endif 235# else 236 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS 237 | OPENSSL_INIT_ADD_ALL_DIGESTS 238 | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); 239# endif 240# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS 241 /* grab the COMP method ptr because openssl leaks it */ 242 comp_meth = (void*)SSL_COMP_get_compression_methods(); 243# endif 244# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 245 (void)SSL_library_init(); 246# else 247 (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); 248# endif 249# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) 250 if(!ub_openssl_lock_init()) 251 fatal_exit("could not init openssl locks"); 252# endif 253#elif defined(HAVE_NSS) 254 if(NSS_NoDB_Init(NULL) != SECSuccess) 255 fatal_exit("could not init NSS"); 256#endif /* HAVE_SSL or HAVE_NSS */ 257#ifdef HAVE_TZSET 258 /* init timezone info while we are not chrooted yet */ 259 tzset(); 260#endif 261 daemon->need_to_exit = 0; 262 modstack_init(&daemon->mods); 263 if(!(daemon->env = (struct module_env*)calloc(1, 264 sizeof(*daemon->env)))) { 265 free(daemon); 266 return NULL; 267 } 268 daemon->env->modstack = &daemon->mods; 269 /* init edns_known_options */ 270 if(!edns_known_options_init(daemon->env)) { 271 free(daemon->env); 272 free(daemon); 273 return NULL; 274 } 275 alloc_init(&daemon->superalloc, NULL, 0); 276 daemon->acl = acl_list_create(); 277 if(!daemon->acl) { 278 edns_known_options_delete(daemon->env); 279 free(daemon->env); 280 free(daemon); 281 return NULL; 282 } 283 daemon->acl_interface = acl_list_create(); 284 if(!daemon->acl_interface) { 285 acl_list_delete(daemon->acl); 286 edns_known_options_delete(daemon->env); 287 free(daemon->env); 288 free(daemon); 289 return NULL; 290 } 291 daemon->tcl = tcl_list_create(); 292 if(!daemon->tcl) { 293 acl_list_delete(daemon->acl_interface); 294 acl_list_delete(daemon->acl); 295 edns_known_options_delete(daemon->env); 296 free(daemon->env); 297 free(daemon); 298 return NULL; 299 } 300 listen_setup_locks(); 301 if(gettimeofday(&daemon->time_boot, NULL) < 0) 302 log_err("gettimeofday: %s", strerror(errno)); 303 daemon->time_last_stat = daemon->time_boot; 304 if((daemon->env->auth_zones = auth_zones_create()) == 0) { 305 acl_list_delete(daemon->acl_interface); 306 acl_list_delete(daemon->acl); 307 tcl_list_delete(daemon->tcl); 308 edns_known_options_delete(daemon->env); 309 free(daemon->env); 310 free(daemon); 311 return NULL; 312 } 313 if(!(daemon->env->edns_strings = edns_strings_create())) { 314 auth_zones_delete(daemon->env->auth_zones); 315 acl_list_delete(daemon->acl_interface); 316 acl_list_delete(daemon->acl); 317 tcl_list_delete(daemon->tcl); 318 edns_known_options_delete(daemon->env); 319 free(daemon->env); 320 free(daemon); 321 return NULL; 322 } 323 return daemon; 324} 325 326static int setup_acl_for_ports(struct acl_list* list, 327 struct listen_port* port_list) 328{ 329 struct acl_addr* acl_node; 330 for(; port_list; port_list=port_list->next) { 331 if(!port_list->socket) { 332 /* This is mainly for testbound where port_list is 333 * empty. */ 334 continue; 335 } 336 if(!(acl_node = acl_interface_insert(list, 337 (struct sockaddr_storage*)port_list->socket->addr, 338 port_list->socket->addrlen, 339 acl_refuse))) { 340 return 0; 341 } 342 port_list->socket->acl = acl_node; 343 } 344 return 1; 345} 346 347int 348daemon_open_shared_ports(struct daemon* daemon) 349{ 350 log_assert(daemon); 351 if(daemon->cfg->port != daemon->listening_port) { 352 char** resif = NULL; 353 int num_resif = 0; 354 size_t i; 355 struct listen_port* p0; 356 daemon->reuseport = 0; 357 /* free and close old ports */ 358 if(daemon->ports != NULL) { 359 for(i=0; i<daemon->num_ports; i++) 360 listening_ports_free(daemon->ports[i]); 361 free(daemon->ports); 362 daemon->ports = NULL; 363 } 364 /* clean acl_interface */ 365 acl_interface_init(daemon->acl_interface); 366 if(!resolve_interface_names(daemon->cfg->ifs, 367 daemon->cfg->num_ifs, NULL, &resif, &num_resif)) 368 return 0; 369 /* see if we want to reuseport */ 370#ifdef SO_REUSEPORT 371 if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0) 372 daemon->reuseport = 1; 373#endif 374 /* try to use reuseport */ 375 p0 = listening_ports_open(daemon->cfg, resif, num_resif, 376 &daemon->reuseport); 377 if(!p0) { 378 listening_ports_free(p0); 379 config_del_strarray(resif, num_resif); 380 return 0; 381 } 382 if(daemon->reuseport) { 383 /* reuseport was successful, allocate for it */ 384 daemon->num_ports = (size_t)daemon->cfg->num_threads; 385 } else { 386 /* do the normal, singleportslist thing, 387 * reuseport not enabled or did not work */ 388 daemon->num_ports = 1; 389 } 390 if(!(daemon->ports = (struct listen_port**)calloc( 391 daemon->num_ports, sizeof(*daemon->ports)))) { 392 listening_ports_free(p0); 393 config_del_strarray(resif, num_resif); 394 return 0; 395 } 396 daemon->ports[0] = p0; 397 if(!setup_acl_for_ports(daemon->acl_interface, 398 daemon->ports[0])) { 399 listening_ports_free(p0); 400 config_del_strarray(resif, num_resif); 401 return 0; 402 } 403 if(daemon->reuseport) { 404 /* continue to use reuseport */ 405 for(i=1; i<daemon->num_ports; i++) { 406 if(!(daemon->ports[i]= 407 listening_ports_open(daemon->cfg, 408 resif, num_resif, 409 &daemon->reuseport)) 410 || !daemon->reuseport ) { 411 for(i=0; i<daemon->num_ports; i++) 412 listening_ports_free(daemon->ports[i]); 413 free(daemon->ports); 414 daemon->ports = NULL; 415 config_del_strarray(resif, num_resif); 416 return 0; 417 } 418 if(!setup_acl_for_ports(daemon->acl_interface, 419 daemon->ports[i])) { 420 for(i=0; i<daemon->num_ports; i++) 421 listening_ports_free(daemon->ports[i]); 422 free(daemon->ports); 423 daemon->ports = NULL; 424 config_del_strarray(resif, num_resif); 425 return 0; 426 } 427 } 428 } 429 config_del_strarray(resif, num_resif); 430 daemon->listening_port = daemon->cfg->port; 431 } 432 if(!daemon->cfg->remote_control_enable && daemon->rc_port) { 433 listening_ports_free(daemon->rc_ports); 434 daemon->rc_ports = NULL; 435 daemon->rc_port = 0; 436 } 437 if(daemon->cfg->remote_control_enable && 438 daemon->cfg->control_port != daemon->rc_port) { 439 listening_ports_free(daemon->rc_ports); 440 if(!(daemon->rc_ports=daemon_remote_open_ports(daemon->cfg))) 441 return 0; 442 daemon->rc_port = daemon->cfg->control_port; 443 } 444 return 1; 445} 446 447/** 448 * Setup modules. setup module stack. 449 * @param daemon: the daemon 450 */ 451static void daemon_setup_modules(struct daemon* daemon) 452{ 453 daemon->env->cfg = daemon->cfg; 454 daemon->env->alloc = &daemon->superalloc; 455 daemon->env->worker = NULL; 456 daemon->env->need_to_validate = 0; /* set by module init below */ 457 if(!modstack_setup(&daemon->mods, daemon->cfg->module_conf, 458 daemon->env)) { 459 fatal_exit("failed to setup modules"); 460 } 461 log_edns_known_options(VERB_ALGO, daemon->env); 462} 463 464/** 465 * Obtain allowed port numbers, concatenate the list, and shuffle them 466 * (ready to be handed out to threads). 467 * @param daemon: the daemon. Uses rand and cfg. 468 * @param shufport: the portlist output. 469 * @return number of ports available. 470 */ 471static int daemon_get_shufport(struct daemon* daemon, int* shufport) 472{ 473 int i, n, k, temp; 474 int avail = 0; 475 for(i=0; i<65536; i++) { 476 if(daemon->cfg->outgoing_avail_ports[i]) { 477 shufport[avail++] = daemon->cfg-> 478 outgoing_avail_ports[i]; 479 } 480 } 481 if(avail == 0) 482 fatal_exit("no ports are permitted for UDP, add " 483 "with outgoing-port-permit"); 484 /* Knuth shuffle */ 485 n = avail; 486 while(--n > 0) { 487 k = ub_random_max(daemon->rand, n+1); /* 0<= k<= n */ 488 temp = shufport[k]; 489 shufport[k] = shufport[n]; 490 shufport[n] = temp; 491 } 492 return avail; 493} 494 495/** 496 * Clear and delete per-worker alloc caches, and free memory maintained in 497 * superalloc. 498 * The rrset and message caches must be empty at the time of call. 499 * @param daemon: the daemon that maintains the alloc caches to be cleared. 500 */ 501static void 502daemon_clear_allocs(struct daemon* daemon) 503{ 504 int i; 505 506 for(i=0; i<daemon->num; i++) { 507 alloc_clear(daemon->worker_allocs[i]); 508 free(daemon->worker_allocs[i]); 509 } 510 free(daemon->worker_allocs); 511 daemon->worker_allocs = NULL; 512 513 alloc_clear_special(&daemon->superalloc); 514} 515 516/** 517 * Allocate empty worker structures. With backptr and thread-number, 518 * from 0..numthread initialised. Used as user arguments to new threads. 519 * Creates the daemon random generator if it does not exist yet. 520 * The random generator stays existing between reloads with a unique state. 521 * @param daemon: the daemon with (new) config settings. 522 */ 523static void 524daemon_create_workers(struct daemon* daemon) 525{ 526 int i, numport; 527 int* shufport; 528 log_assert(daemon && daemon->cfg); 529 if(!daemon->rand) { 530 daemon->rand = ub_initstate(NULL); 531 if(!daemon->rand) 532 fatal_exit("could not init random generator"); 533 hash_set_raninit((uint32_t)ub_random(daemon->rand)); 534 } 535 shufport = (int*)calloc(65536, sizeof(int)); 536 if(!shufport) 537 fatal_exit("out of memory during daemon init"); 538 numport = daemon_get_shufport(daemon, shufport); 539 verbose(VERB_ALGO, "total of %d outgoing ports available", numport); 540 541 daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1); 542 if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) { 543 log_warn("cannot reduce num-threads to %d because so-reuseport " 544 "so continuing with %d threads.", (int)daemon->num, 545 (int)daemon->num_ports); 546 daemon->num = (int)daemon->num_ports; 547 } 548 daemon->workers = (struct worker**)calloc((size_t)daemon->num, 549 sizeof(struct worker*)); 550 if(!daemon->workers) 551 fatal_exit("out of memory during daemon init"); 552 if(daemon->cfg->dnstap) { 553#ifdef USE_DNSTAP 554 daemon->dtenv = dt_create(daemon->cfg); 555 if (!daemon->dtenv) 556 fatal_exit("dt_create failed"); 557#else 558 fatal_exit("dnstap enabled in config but not built with dnstap support"); 559#endif 560 } 561 for(i=0; i<daemon->num; i++) { 562 if(!(daemon->workers[i] = worker_create(daemon, i, 563 shufport+numport*i/daemon->num, 564 numport*(i+1)/daemon->num - numport*i/daemon->num))) 565 /* the above is not ports/numthr, due to rounding */ 566 fatal_exit("could not create worker"); 567 } 568 /* create per-worker alloc caches if not reusing existing ones. */ 569 if(!daemon->worker_allocs) { 570 daemon->worker_allocs = (struct alloc_cache**)calloc( 571 (size_t)daemon->num, sizeof(struct alloc_cache*)); 572 if(!daemon->worker_allocs) 573 fatal_exit("could not allocate worker allocs"); 574 for(i=0; i<daemon->num; i++) { 575 struct alloc_cache* alloc = calloc(1, 576 sizeof(struct alloc_cache)); 577 if (!alloc) 578 fatal_exit("could not allocate worker alloc"); 579 alloc_init(alloc, &daemon->superalloc, i); 580 daemon->worker_allocs[i] = alloc; 581 } 582 } 583 free(shufport); 584} 585 586#ifdef THREADS_DISABLED 587/** 588 * Close all pipes except for the numbered thread. 589 * @param daemon: daemon to close pipes in. 590 * @param thr: thread number 0..num-1 of thread to skip. 591 */ 592static void close_other_pipes(struct daemon* daemon, int thr) 593{ 594 int i; 595 for(i=0; i<daemon->num; i++) 596 if(i!=thr) { 597 if(i==0) { 598 /* only close read part, need to write stats */ 599 tube_close_read(daemon->workers[i]->cmd); 600 } else { 601 /* complete close channel to others */ 602 tube_delete(daemon->workers[i]->cmd); 603 daemon->workers[i]->cmd = NULL; 604 } 605 } 606} 607#endif /* THREADS_DISABLED */ 608 609/** 610 * Function to start one thread. 611 * @param arg: user argument. 612 * @return: void* user return value could be used for thread_join results. 613 */ 614static void* 615thread_start(void* arg) 616{ 617 struct worker* worker = (struct worker*)arg; 618 int port_num = 0; 619 log_thread_set(&worker->thread_num); 620 ub_thread_blocksigs(); 621#ifdef THREADS_DISABLED 622 /* close pipe ends used by main */ 623 tube_close_write(worker->cmd); 624 close_other_pipes(worker->daemon, worker->thread_num); 625#endif 626#ifdef SO_REUSEPORT 627 if(worker->daemon->cfg->so_reuseport) 628 port_num = worker->thread_num % worker->daemon->num_ports; 629 else 630 port_num = 0; 631#endif 632 if(!worker_init(worker, worker->daemon->cfg, 633 worker->daemon->ports[port_num], 0)) 634 fatal_exit("Could not initialize thread"); 635 636 worker_work(worker); 637 return NULL; 638} 639 640/** 641 * Fork and init the other threads. Main thread returns for special handling. 642 * @param daemon: the daemon with other threads to fork. 643 */ 644static void 645daemon_start_others(struct daemon* daemon) 646{ 647 int i; 648 log_assert(daemon); 649 verbose(VERB_ALGO, "start threads"); 650 /* skip i=0, is this thread */ 651 for(i=1; i<daemon->num; i++) { 652 ub_thread_create(&daemon->workers[i]->thr_id, 653 thread_start, daemon->workers[i]); 654#ifdef THREADS_DISABLED 655 /* close pipe end of child */ 656 tube_close_read(daemon->workers[i]->cmd); 657#endif /* no threads */ 658 } 659} 660 661/** 662 * Stop the other threads. 663 * @param daemon: the daemon with other threads. 664 */ 665static void 666daemon_stop_others(struct daemon* daemon) 667{ 668 int i; 669 log_assert(daemon); 670 verbose(VERB_ALGO, "stop threads"); 671 /* skip i=0, is this thread */ 672 /* use i=0 buffer for sending cmds; because we are #0 */ 673 for(i=1; i<daemon->num; i++) { 674 worker_send_cmd(daemon->workers[i], worker_cmd_quit); 675 } 676 /* wait for them to quit */ 677 for(i=1; i<daemon->num; i++) { 678 /* join it to make sure its dead */ 679 verbose(VERB_ALGO, "join %d", i); 680 ub_thread_join(daemon->workers[i]->thr_id); 681 verbose(VERB_ALGO, "join success %d", i); 682 } 683} 684 685void 686daemon_fork(struct daemon* daemon) 687{ 688 int have_view_respip_cfg = 0; 689#ifdef HAVE_SYSTEMD 690 int ret; 691#endif 692 693 log_assert(daemon); 694 if(!(daemon->views = views_create())) 695 fatal_exit("Could not create views: out of memory"); 696 /* create individual views and their localzone/data trees */ 697 if(!views_apply_cfg(daemon->views, daemon->cfg)) 698 fatal_exit("Could not set up views"); 699 700 if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views)) 701 fatal_exit("Could not setup access control list"); 702 if(!acl_interface_apply_cfg(daemon->acl_interface, daemon->cfg, 703 daemon->views)) 704 fatal_exit("Could not setup interface control list"); 705 if(!tcl_list_apply_cfg(daemon->tcl, daemon->cfg)) 706 fatal_exit("Could not setup TCP connection limits"); 707 if(daemon->cfg->dnscrypt) { 708#ifdef USE_DNSCRYPT 709 daemon->dnscenv = dnsc_create(); 710 if (!daemon->dnscenv) 711 fatal_exit("dnsc_create failed"); 712 dnsc_apply_cfg(daemon->dnscenv, daemon->cfg); 713#else 714 fatal_exit("dnscrypt enabled in config but unbound was not built with " 715 "dnscrypt support"); 716#endif 717 } 718 /* create global local_zones */ 719 if(!(daemon->local_zones = local_zones_create())) 720 fatal_exit("Could not create local zones: out of memory"); 721 if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg)) 722 fatal_exit("Could not set up local zones"); 723 if(!(daemon->env->fwds = forwards_create()) || 724 !forwards_apply_cfg(daemon->env->fwds, daemon->cfg)) 725 fatal_exit("Could not set forward zones"); 726 if(!(daemon->env->hints = hints_create()) || 727 !hints_apply_cfg(daemon->env->hints, daemon->cfg)) 728 fatal_exit("Could not set root or stub hints"); 729 730 /* process raw response-ip configuration data */ 731 if(!(daemon->respip_set = respip_set_create())) 732 fatal_exit("Could not create response IP set"); 733 if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg)) 734 fatal_exit("Could not set up response IP set"); 735 if(!respip_views_apply_cfg(daemon->views, daemon->cfg, 736 &have_view_respip_cfg)) 737 fatal_exit("Could not set up per-view response IP sets"); 738 daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) || 739 have_view_respip_cfg; 740 741 /* setup modules */ 742 daemon_setup_modules(daemon); 743 744 /* read auth zonefiles */ 745 if(!auth_zones_apply_cfg(daemon->env->auth_zones, daemon->cfg, 1, 746 &daemon->use_rpz, daemon->env, &daemon->mods)) 747 fatal_exit("auth_zones could not be setup"); 748 749 /* Set-up EDNS strings */ 750 if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg)) 751 fatal_exit("Could not set up EDNS strings"); 752 753#ifdef USE_CACHEDB 754 daemon->env->cachedb_enabled = cachedb_is_enabled(&daemon->mods, 755 daemon->env); 756#endif 757 /* response-ip-xxx options don't work as expected without the respip 758 * module. To avoid run-time operational surprise we reject such 759 * configuration. */ 760 if(daemon->use_response_ip && 761 modstack_find(&daemon->mods, "respip") < 0) 762 fatal_exit("response-ip options require respip module"); 763 /* RPZ response ip triggers don't work as expected without the respip 764 * module. To avoid run-time operational surprise we reject such 765 * configuration. */ 766 if(daemon->use_rpz && 767 modstack_find(&daemon->mods, "respip") < 0) 768 fatal_exit("RPZ requires the respip module"); 769 770 /* first create all the worker structures, so we can pass 771 * them to the newly created threads. 772 */ 773 daemon_create_workers(daemon); 774 775#if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) 776 /* in libev the first inited base gets signals */ 777 if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1)) 778 fatal_exit("Could not initialize main thread"); 779#endif 780 781 /* Now create the threads and init the workers. 782 * By the way, this is thread #0 (the main thread). 783 */ 784 daemon_start_others(daemon); 785 786 /* Special handling for the main thread. This is the thread 787 * that handles signals and remote control. 788 */ 789#if !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) 790 /* libevent has the last inited base get signals (or any base) */ 791 if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1)) 792 fatal_exit("Could not initialize main thread"); 793#endif 794 signal_handling_playback(daemon->workers[0]); 795 796 if (!shm_main_init(daemon)) 797 log_warn("SHM has failed"); 798 799 /* Start resolver service on main thread. */ 800#ifdef HAVE_SYSTEMD 801 ret = sd_notify(0, "READY=1"); 802 if(ret <= 0 && getenv("NOTIFY_SOCKET")) 803 fatal_exit("sd_notify failed %s: %s. Make sure that unbound has " 804 "access/permission to use the socket presented by systemd.", 805 getenv("NOTIFY_SOCKET"), 806 (ret==0?"no $NOTIFY_SOCKET": strerror(-ret))); 807#endif 808 log_info("start of service (%s).", PACKAGE_STRING); 809 worker_work(daemon->workers[0]); 810#ifdef HAVE_SYSTEMD 811 if (daemon->workers[0]->need_to_exit) 812 sd_notify(0, "STOPPING=1"); 813 else 814 sd_notify(0, "RELOADING=1"); 815#endif 816 log_info("service stopped (%s).", PACKAGE_STRING); 817 818 /* we exited! a signal happened! Stop other threads */ 819 daemon_stop_others(daemon); 820 821 /* Shutdown SHM */ 822 shm_main_shutdown(daemon); 823 824 daemon->reuse_cache = daemon->workers[0]->reuse_cache; 825 daemon->need_to_exit = daemon->workers[0]->need_to_exit; 826} 827 828void 829daemon_cleanup(struct daemon* daemon) 830{ 831 int i; 832 log_assert(daemon); 833 /* before stopping main worker, handle signals ourselves, so we 834 don't die on multiple reload signals for example. */ 835 signal_handling_record(); 836 log_thread_set(NULL); 837 /* clean up caches because 838 * a) RRset IDs will be recycled after a reload, causing collisions 839 * b) validation config can change, thus rrset, msg, keycache clear 840 * 841 * If we are trying to keep the cache as long as possible, we should 842 * defer the cleanup until we know whether the new configuration allows 843 * the reuse. (If we're exiting, cleanup should be done here). */ 844 if(!daemon->reuse_cache || daemon->need_to_exit) { 845 slabhash_clear(&daemon->env->rrset_cache->table); 846 slabhash_clear(daemon->env->msg_cache); 847 } 848 daemon->old_num = daemon->num; /* save the current num */ 849 forwards_delete(daemon->env->fwds); 850 daemon->env->fwds = NULL; 851 hints_delete(daemon->env->hints); 852 daemon->env->hints = NULL; 853 local_zones_delete(daemon->local_zones); 854 daemon->local_zones = NULL; 855 respip_set_delete(daemon->respip_set); 856 daemon->respip_set = NULL; 857 views_delete(daemon->views); 858 daemon->views = NULL; 859 if(daemon->env->auth_zones) 860 auth_zones_cleanup(daemon->env->auth_zones); 861 /* key cache is cleared by module desetup during next daemon_fork() */ 862 daemon_remote_clear(daemon->rc); 863 for(i=0; i<daemon->num; i++) 864 worker_delete(daemon->workers[i]); 865 free(daemon->workers); 866 daemon->workers = NULL; 867 /* Unless we're trying to keep the cache, worker alloc_caches should be 868 * cleared and freed here. We do this after deleting workers to 869 * guarantee that the alloc caches are valid throughout the lifetime 870 * of workers. */ 871 if(!daemon->reuse_cache || daemon->need_to_exit) 872 daemon_clear_allocs(daemon); 873 daemon->num = 0; 874#ifdef USE_DNSTAP 875 dt_delete(daemon->dtenv); 876 daemon->dtenv = NULL; 877#endif 878#ifdef USE_DNSCRYPT 879 dnsc_delete(daemon->dnscenv); 880 daemon->dnscenv = NULL; 881#endif 882 daemon->cfg = NULL; 883} 884 885void 886daemon_delete(struct daemon* daemon) 887{ 888 size_t i; 889 if(!daemon) 890 return; 891 modstack_desetup(&daemon->mods, daemon->env); 892 daemon_remote_delete(daemon->rc); 893 for(i = 0; i < daemon->num_ports; i++) 894 listening_ports_free(daemon->ports[i]); 895 free(daemon->ports); 896 listening_ports_free(daemon->rc_ports); 897 if(daemon->env) { 898 slabhash_delete(daemon->env->msg_cache); 899 rrset_cache_delete(daemon->env->rrset_cache); 900 infra_delete(daemon->env->infra_cache); 901 edns_known_options_delete(daemon->env); 902 edns_strings_delete(daemon->env->edns_strings); 903 auth_zones_delete(daemon->env->auth_zones); 904 } 905 ub_randfree(daemon->rand); 906 alloc_clear(&daemon->superalloc); 907 acl_list_delete(daemon->acl); 908 acl_list_delete(daemon->acl_interface); 909 tcl_list_delete(daemon->tcl); 910 listen_desetup_locks(); 911 free(daemon->chroot); 912 free(daemon->pidfile); 913 free(daemon->env); 914#ifdef HAVE_SSL 915 listen_sslctx_delete_ticket_keys(); 916 SSL_CTX_free((SSL_CTX*)daemon->listen_sslctx); 917 SSL_CTX_free((SSL_CTX*)daemon->connect_sslctx); 918#endif 919 free(daemon); 920 /* lex cleanup */ 921 ub_c_lex_destroy(); 922 /* libcrypto cleanup */ 923#ifdef HAVE_SSL 924# if defined(USE_GOST) 925 sldns_key_EVP_unload_gost(); 926# endif 927# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE 928# ifndef S_SPLINT_S 929# if OPENSSL_VERSION_NUMBER < 0x10100000 930 sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free); 931# endif 932# endif 933# endif 934# ifdef HAVE_OPENSSL_CONFIG 935 EVP_cleanup(); 936# if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) && defined(HAVE_ENGINE_CLEANUP) 937 ENGINE_cleanup(); 938# endif 939 CONF_modules_free(); 940# endif 941# ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 942 CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */ 943# endif 944# ifdef HAVE_ERR_FREE_STRINGS 945 ERR_free_strings(); 946# endif 947# if OPENSSL_VERSION_NUMBER < 0x10100000 948 RAND_cleanup(); 949# endif 950# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) 951 ub_openssl_lock_delete(); 952# endif 953#ifndef HAVE_ARC4RANDOM 954 _ARC4_LOCK_DESTROY(); 955#endif 956#elif defined(HAVE_NSS) 957 NSS_Shutdown(); 958#endif /* HAVE_SSL or HAVE_NSS */ 959 checklock_stop(); 960#ifdef USE_WINSOCK 961 if(WSACleanup() != 0) { 962 log_err("Could not WSACleanup: %s", 963 wsa_strerror(WSAGetLastError())); 964 } 965#endif 966} 967 968void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg) 969{ 970 int new_num = cfg->num_threads?cfg->num_threads:1; 971 972 daemon->cfg = cfg; 973 config_apply(cfg); 974 975 /* If this is a reload and we deferred the decision on whether to 976 * reuse the alloc, RRset, and message caches, then check to see if 977 * it's safe to keep the caches: 978 * - changing the number of threads is obviously incompatible with 979 * keeping the per-thread alloc caches. It also means we have to 980 * clear RRset and message caches. (note that 'new_num' may be 981 * adjusted in daemon_create_workers, but for our purpose we can 982 * simply compare it with 'old_num'; if they are equal here, 983 * 'new_num' won't be adjusted to a different value than 'old_num'). 984 * - changing RRset cache size effectively clears any remaining cache 985 * entries. We could keep their keys in alloc caches, but it would 986 * be more consistent with the sense of the change to clear allocs 987 * and free memory. To do so we also have to clear message cache. 988 * - only changing message cache size does not necessarily affect 989 * RRset or alloc cache. But almost all new subsequent queries will 990 * require recursive resolution anyway, so it doesn't help much to 991 * just keep RRset and alloc caches. For simplicity we clear/free 992 * the other two, too. */ 993 if(daemon->worker_allocs && 994 (new_num != daemon->old_num || 995 !slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size, 996 cfg->msg_cache_slabs) || 997 !slabhash_is_size(&daemon->env->rrset_cache->table, 998 cfg->rrset_cache_size, cfg->rrset_cache_slabs))) 999 { 1000 log_warn("cannot reuse caches due to critical config change"); 1001 slabhash_clear(&daemon->env->rrset_cache->table); 1002 slabhash_clear(daemon->env->msg_cache); 1003 daemon_clear_allocs(daemon); 1004 } 1005 1006 if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size, 1007 cfg->msg_cache_slabs)) { 1008 slabhash_delete(daemon->env->msg_cache); 1009 daemon->env->msg_cache = slabhash_create(cfg->msg_cache_slabs, 1010 HASH_DEFAULT_STARTARRAY, cfg->msg_cache_size, 1011 msgreply_sizefunc, query_info_compare, 1012 query_entry_delete, reply_info_delete, NULL); 1013 if(!daemon->env->msg_cache) { 1014 fatal_exit("malloc failure updating config settings"); 1015 } 1016 } 1017 if((daemon->env->rrset_cache = rrset_cache_adjust( 1018 daemon->env->rrset_cache, cfg, &daemon->superalloc)) == 0) 1019 fatal_exit("malloc failure updating config settings"); 1020 if((daemon->env->infra_cache = infra_adjust(daemon->env->infra_cache, 1021 cfg))==0) 1022 fatal_exit("malloc failure updating config settings"); 1023} 1024