]>
Commit | Line | Data |
---|---|---|
12471842 PL |
1 | /* |
2 | * This file is part of PowerDNS or dnsdist. | |
3 | * Copyright -- PowerDNS.COM B.V. and its contributors | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of version 2 of the GNU General Public License as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * In addition, for the avoidance of any doubt, permission is granted to | |
10 | * link this program with OpenSSL and to (re)distribute the binaries | |
11 | * produced as the result of such linking. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License | |
19 | * along with this program; if not, write to the Free Software | |
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
21 | */ | |
df111b53 | 22 | #pragma once |
11e1e08b | 23 | #include "config.h" |
df111b53 | 24 | #include "ext/luawrapper/include/LuaContext.hpp" |
25 | #include <time.h> | |
26 | #include "misc.hh" | |
27 | #include "iputils.hh" | |
28 | #include "dnsname.hh" | |
29 | #include <atomic> | |
30 | #include <boost/circular_buffer.hpp> | |
e16fd59c | 31 | #include <boost/variant.hpp> |
df111b53 | 32 | #include <mutex> |
33 | #include <thread> | |
bffca8b9 | 34 | #include <unistd.h> |
ecbe9133 | 35 | #include "sholder.hh" |
11e1e08b | 36 | #include "dnscrypt.hh" |
886e2cf2 | 37 | #include "dnsdist-cache.hh" |
85c7ca75 | 38 | #include "gettime.hh" |
87b515ed RG |
39 | #include "dnsdist-dynbpf.hh" |
40 | #include "bpf-filter.hh" | |
26a6373d SO |
41 | #include <string> |
42 | #include <unordered_map> | |
26a6373d SO |
43 | |
44 | ||
d8c19b98 RG |
45 | #ifdef HAVE_PROTOBUF |
46 | #include <boost/uuid/uuid.hpp> | |
47 | #include <boost/uuid/uuid_generators.hpp> | |
48 | #endif | |
49 | ||
42fae326 | 50 | void* carbonDumpThread(); |
61d1b966 | 51 | uint64_t uptimeOfProcess(const std::string& str); |
bd1c631b | 52 | |
7b925432 RG |
53 | extern uint16_t g_ECSSourcePrefixV4; |
54 | extern uint16_t g_ECSSourcePrefixV6; | |
55 | extern bool g_ECSOverride; | |
56 | ||
26a6373d | 57 | |
26a6373d SO |
58 | class QTag |
59 | { | |
26a6373d | 60 | public: |
5b8255ba RG |
61 | QTag() |
62 | { | |
63 | } | |
26a6373d | 64 | |
5b8255ba RG |
65 | ~QTag() |
66 | { | |
67 | } | |
26a6373d | 68 | |
5b8255ba RG |
69 | void add(const std::string strLabel, const std::string strValue) |
70 | { | |
71 | tagData.insert( {strLabel, strValue}); | |
72 | return; | |
741ebe08 | 73 | } |
26a6373d | 74 | |
5b8255ba RG |
75 | std::string getMatch(const std::string& strLabel) const |
76 | { | |
77 | std::unordered_map<std::string, std::string>::const_iterator got =tagData.find (strLabel); | |
78 | if(got == tagData.end()) { | |
79 | return ""; | |
80 | } else { | |
81 | return got->second; | |
741ebe08 SO |
82 | } |
83 | } | |
e6956c91 | 84 | |
5b8255ba RG |
85 | std::string getEntry(size_t iEntry) const |
86 | { | |
87 | std::string strEntry; | |
88 | size_t iCounter = 0; | |
89 | ||
90 | for (const auto& itr : tagData) { | |
91 | iCounter++; | |
92 | if(iCounter == iEntry) { | |
93 | strEntry = itr.first; | |
94 | strEntry += strSep; | |
95 | strEntry += itr.second; | |
96 | break; | |
97 | } | |
98 | } | |
26a6373d | 99 | |
5b8255ba RG |
100 | return strEntry; |
101 | } | |
26a6373d | 102 | |
5b8255ba RG |
103 | size_t count() const |
104 | { | |
105 | return tagData.size(); | |
106 | } | |
26a6373d | 107 | |
5b8255ba RG |
108 | std::string dumpString() const |
109 | { | |
110 | std::string strRet; | |
e6956c91 | 111 | |
5b8255ba RG |
112 | for (const auto& itr : tagData) { |
113 | strRet += itr.first; | |
114 | strRet += strSep; | |
115 | strRet += itr.second; | |
116 | strRet += "\n"; | |
117 | } | |
118 | return strRet; | |
741ebe08 | 119 | } |
26a6373d | 120 | |
29cd61cc | 121 | std::unordered_map<std::string, std::string>tagData; |
26a6373d SO |
122 | |
123 | private: | |
c959e01a | 124 | static constexpr char const *strSep = "\t"; |
26a6373d SO |
125 | }; |
126 | ||
26a6373d | 127 | |
7b925432 RG |
128 | struct DNSQuestion |
129 | { | |
130 | DNSQuestion(const DNSName* name, uint16_t type, uint16_t class_, const ComboAddress* lc, const ComboAddress* rem, struct dnsheader* header, size_t bufferSize, uint16_t queryLen, bool isTcp): qname(name), qtype(type), qclass(class_), local(lc), remote(rem), dh(header), size(bufferSize), len(queryLen), ecsPrefixLength(rem->sin4.sin_family == AF_INET ? g_ECSSourcePrefixV4 : g_ECSSourcePrefixV6), tcp(isTcp), ecsOverride(g_ECSOverride) { } | |
131 | ||
132 | #ifdef HAVE_PROTOBUF | |
133 | boost::uuids::uuid uniqueId; | |
134 | #endif | |
135 | const DNSName* qname; | |
136 | const uint16_t qtype; | |
137 | const uint16_t qclass; | |
138 | const ComboAddress* local; | |
139 | const ComboAddress* remote; | |
e6956c91 | 140 | std::shared_ptr<QTag> qTag; |
7b925432 RG |
141 | struct dnsheader* dh; |
142 | size_t size; | |
143 | uint16_t len; | |
144 | uint16_t ecsPrefixLength; | |
145 | const bool tcp; | |
146 | bool skipCache{false}; | |
147 | bool ecsOverride; | |
5b8255ba | 148 | bool useECS{true}; |
7b925432 RG |
149 | }; |
150 | ||
151 | struct DNSResponse : DNSQuestion | |
152 | { | |
2b3eefc3 | 153 | DNSResponse(const DNSName* name, uint16_t type, uint16_t class_, const ComboAddress* lc, const ComboAddress* rem, struct dnsheader* header, size_t bufferSize, uint16_t responseLen, bool isTcp, const struct timespec* queryTime_): DNSQuestion(name, type, class_, lc, rem, header, bufferSize, responseLen, isTcp), queryTime(queryTime_) { } |
7b925432 RG |
154 | |
155 | const struct timespec* queryTime; | |
156 | }; | |
157 | ||
158 | /* so what could you do: | |
159 | drop, | |
160 | fake up nxdomain, | |
161 | provide actual answer, | |
162 | allow & and stop processing, | |
163 | continue processing, | |
164 | modify header: (servfail|refused|notimp), set TC=1, | |
165 | send to pool */ | |
166 | ||
167 | class DNSAction | |
168 | { | |
169 | public: | |
c4f5aeff | 170 | enum class Action { Drop, Nxdomain, Refused, Spoof, Allow, HeaderModify, Pool, Delay, Truncate, None}; |
7b925432 | 171 | virtual Action operator()(DNSQuestion*, string* ruleresult) const =0; |
205f2081 RG |
172 | virtual ~DNSAction() |
173 | { | |
174 | } | |
7b925432 RG |
175 | virtual string toString() const = 0; |
176 | virtual std::unordered_map<string, double> getStats() const | |
177 | { | |
178 | return {{}}; | |
179 | } | |
180 | }; | |
181 | ||
182 | class DNSResponseAction | |
183 | { | |
184 | public: | |
185 | enum class Action { Allow, Delay, Drop, HeaderModify, None }; | |
186 | virtual Action operator()(DNSResponse*, string* ruleresult) const =0; | |
205f2081 RG |
187 | virtual ~DNSResponseAction() |
188 | { | |
189 | } | |
7b925432 RG |
190 | virtual string toString() const = 0; |
191 | }; | |
192 | ||
78ffa782 | 193 | struct DynBlock |
194 | { | |
195 | DynBlock& operator=(const DynBlock& rhs) | |
196 | { | |
197 | reason=rhs.reason; | |
198 | until=rhs.until; | |
71c94675 | 199 | domain=rhs.domain; |
7b925432 | 200 | action=rhs.action; |
78ffa782 | 201 | blocks.store(rhs.blocks); |
202 | return *this; | |
203 | } | |
71c94675 | 204 | |
78ffa782 | 205 | string reason; |
206 | struct timespec until; | |
71c94675 | 207 | DNSName domain; |
7b925432 | 208 | DNSAction::Action action; |
78ffa782 | 209 | mutable std::atomic<unsigned int> blocks; |
210 | }; | |
211 | ||
212 | extern GlobalStateHolder<NetmaskTree<DynBlock>> g_dynblockNMG; | |
f758857a | 213 | |
214 | extern vector<pair<struct timeval, std::string> > g_confDelta; | |
215 | ||
e48090d1 | 216 | struct DNSDistStats |
217 | { | |
6ad8b29a | 218 | using stat_t=std::atomic<uint64_t>; // aww yiss ;-) |
e48090d1 | 219 | stat_t responses{0}; |
220 | stat_t servfailResponses{0}; | |
221 | stat_t queries{0}; | |
e73ec7d3 | 222 | stat_t nonCompliantQueries{0}; |
d08b1cdf | 223 | stat_t nonCompliantResponses{0}; |
643a182a | 224 | stat_t rdQueries{0}; |
2efd427d | 225 | stat_t emptyQueries{0}; |
e48090d1 | 226 | stat_t aclDrops{0}; |
bd1c631b | 227 | stat_t dynBlocked{0}; |
e48090d1 | 228 | stat_t ruleDrop{0}; |
229 | stat_t ruleNXDomain{0}; | |
dd46e5e3 | 230 | stat_t ruleRefused{0}; |
e48090d1 | 231 | stat_t selfAnswered{0}; |
232 | stat_t downstreamTimeouts{0}; | |
233 | stat_t downstreamSendErrors{0}; | |
6ad8b29a | 234 | stat_t truncFail{0}; |
b8bc7e61 | 235 | stat_t noPolicy{0}; |
886e2cf2 RG |
236 | stat_t cacheHits{0}; |
237 | stat_t cacheMisses{0}; | |
42fae326 | 238 | stat_t latency0_1{0}, latency1_10{0}, latency10_50{0}, latency50_100{0}, latency100_1000{0}, latencySlow{0}; |
e48090d1 | 239 | |
e16fd59c | 240 | double latencyAvg100{0}, latencyAvg1000{0}, latencyAvg10000{0}, latencyAvg1000000{0}; |
a1a787dc | 241 | typedef std::function<uint64_t(const std::string&)> statfunction_t; |
242 | typedef boost::variant<stat_t*, double*, statfunction_t> entry_t; | |
e16fd59c | 243 | std::vector<std::pair<std::string, entry_t>> entries{ |
dd46e5e3 RG |
244 | {"responses", &responses}, |
245 | {"servfail-responses", &servfailResponses}, | |
246 | {"queries", &queries}, | |
247 | {"acl-drops", &aclDrops}, | |
dd46e5e3 RG |
248 | {"rule-drop", &ruleDrop}, |
249 | {"rule-nxdomain", &ruleNXDomain}, | |
250 | {"rule-refused", &ruleRefused}, | |
251 | {"self-answered", &selfAnswered}, | |
252 | {"downstream-timeouts", &downstreamTimeouts}, | |
253 | {"downstream-send-errors", &downstreamSendErrors}, | |
254 | {"trunc-failures", &truncFail}, | |
255 | {"no-policy", &noPolicy}, | |
256 | {"latency0-1", &latency0_1}, | |
257 | {"latency1-10", &latency1_10}, | |
258 | {"latency10-50", &latency10_50}, | |
259 | {"latency50-100", &latency50_100}, | |
260 | {"latency100-1000", &latency100_1000}, | |
261 | {"latency-slow", &latencySlow}, | |
262 | {"latency-avg100", &latencyAvg100}, | |
263 | {"latency-avg1000", &latencyAvg1000}, | |
264 | {"latency-avg10000", &latencyAvg10000}, | |
265 | {"latency-avg1000000", &latencyAvg1000000}, | |
61d1b966 | 266 | {"uptime", uptimeOfProcess}, |
a9b6db56 | 267 | {"real-memory-usage", getRealMemoryUsage}, |
a2aa00ed | 268 | {"noncompliant-queries", &nonCompliantQueries}, |
d08b1cdf | 269 | {"noncompliant-responses", &nonCompliantResponses}, |
643a182a | 270 | {"rdqueries", &rdQueries}, |
2efd427d | 271 | {"empty-queries", &emptyQueries}, |
886e2cf2 RG |
272 | {"cache-hits", &cacheHits}, |
273 | {"cache-misses", &cacheMisses}, | |
4f99f3d3 RG |
274 | {"cpu-user-msec", getCPUTimeUser}, |
275 | {"cpu-sys-msec", getCPUTimeSystem}, | |
dd46e5e3 RG |
276 | {"fd-usage", getOpenFileDescriptors}, |
277 | {"dyn-blocked", &dynBlocked}, | |
bd1c631b | 278 | {"dyn-block-nmg-size", [](const std::string&) { return g_dynblockNMG.getLocal()->size(); }} |
42fae326 | 279 | }; |
e48090d1 | 280 | }; |
281 | ||
e16fd59c | 282 | |
e48090d1 | 283 | extern struct DNSDistStats g_stats; |
284 | ||
638184e9 | 285 | |
df111b53 | 286 | struct StopWatch |
287 | { | |
58307a85 RG |
288 | StopWatch(bool realTime=false): d_needRealTime(realTime) |
289 | { | |
290 | } | |
df111b53 | 291 | struct timespec d_start{0,0}; |
58307a85 RG |
292 | bool d_needRealTime{false}; |
293 | ||
df111b53 | 294 | void start() { |
58307a85 | 295 | if(gettime(&d_start, d_needRealTime) < 0) |
df111b53 | 296 | unixDie("Getting timestamp"); |
297 | ||
298 | } | |
cf48b0ce RG |
299 | |
300 | void set(const struct timespec& from) { | |
301 | d_start = from; | |
302 | } | |
df111b53 | 303 | |
304 | double udiff() const { | |
305 | struct timespec now; | |
58307a85 | 306 | if(gettime(&now, d_needRealTime) < 0) |
df111b53 | 307 | unixDie("Getting timestamp"); |
308 | ||
309 | return 1000000.0*(now.tv_sec - d_start.tv_sec) + (now.tv_nsec - d_start.tv_nsec)/1000.0; | |
310 | } | |
311 | ||
312 | double udiffAndSet() { | |
313 | struct timespec now; | |
58307a85 | 314 | if(gettime(&now, d_needRealTime) < 0) |
df111b53 | 315 | unixDie("Getting timestamp"); |
316 | ||
317 | auto ret= 1000000.0*(now.tv_sec - d_start.tv_sec) + (now.tv_nsec - d_start.tv_nsec)/1000.0; | |
318 | d_start = now; | |
319 | return ret; | |
320 | } | |
321 | ||
322 | }; | |
323 | ||
324 | class QPSLimiter | |
325 | { | |
326 | public: | |
327 | QPSLimiter() | |
328 | { | |
329 | } | |
330 | ||
331 | QPSLimiter(unsigned int rate, unsigned int burst) : d_rate(rate), d_burst(burst), d_tokens(burst) | |
332 | { | |
333 | d_passthrough=false; | |
334 | d_prev.start(); | |
335 | } | |
336 | ||
337 | unsigned int getRate() const | |
338 | { | |
339 | return d_passthrough? 0 : d_rate; | |
340 | } | |
341 | ||
342 | int getPassed() const | |
343 | { | |
344 | return d_passed; | |
345 | } | |
346 | int getBlocked() const | |
347 | { | |
348 | return d_blocked; | |
349 | } | |
350 | ||
ecbe9133 | 351 | bool check() const // this is not quite fair |
df111b53 | 352 | { |
353 | if(d_passthrough) | |
354 | return true; | |
355 | auto delta = d_prev.udiffAndSet(); | |
356 | ||
357 | d_tokens += 1.0*d_rate * (delta/1000000.0); | |
358 | ||
359 | if(d_tokens > d_burst) | |
360 | d_tokens = d_burst; | |
361 | ||
362 | bool ret=false; | |
363 | if(d_tokens >= 1.0) { // we need this because burst=1 is weird otherwise | |
364 | ret=true; | |
365 | --d_tokens; | |
366 | d_passed++; | |
367 | } | |
368 | else | |
369 | d_blocked++; | |
370 | ||
371 | return ret; | |
372 | } | |
373 | private: | |
374 | bool d_passthrough{true}; | |
375 | unsigned int d_rate; | |
376 | unsigned int d_burst; | |
ecbe9133 | 377 | mutable double d_tokens; |
378 | mutable StopWatch d_prev; | |
379 | mutable unsigned int d_passed{0}; | |
380 | mutable unsigned int d_blocked{0}; | |
df111b53 | 381 | }; |
382 | ||
b5b93e0b RG |
383 | struct ClientState; |
384 | ||
df111b53 | 385 | struct IDState |
386 | { | |
58307a85 | 387 | IDState() : origFD(-1), sentTime(true), delayMsec(0) { origDest.sin4.sin_family = 0;} |
df111b53 | 388 | IDState(const IDState& orig) |
389 | { | |
390 | origFD = orig.origFD; | |
391 | origID = orig.origID; | |
392 | origRemote = orig.origRemote; | |
549d63c9 | 393 | origDest = orig.origDest; |
7b3865cd | 394 | delayMsec = orig.delayMsec; |
df111b53 | 395 | age.store(orig.age.load()); |
396 | } | |
397 | ||
2bf26975 | 398 | int origFD; // set to <0 to indicate this state is empty // 4 |
399 | ||
400 | ComboAddress origRemote; // 28 | |
549d63c9 | 401 | ComboAddress origDest; // 28 |
2bf26975 | 402 | StopWatch sentTime; // 16 |
403 | DNSName qname; // 80 | |
11e1e08b RG |
404 | #ifdef HAVE_DNSCRYPT |
405 | std::shared_ptr<DnsCryptQuery> dnsCryptQuery{0}; | |
d8c19b98 RG |
406 | #endif |
407 | #ifdef HAVE_PROTOBUF | |
408 | boost::uuids::uuid uniqueId; | |
11e1e08b | 409 | #endif |
886e2cf2 | 410 | std::shared_ptr<DNSDistPacketCache> packetCache{nullptr}; |
b5b93e0b | 411 | const ClientState* cs{nullptr}; |
886e2cf2 | 412 | uint32_t cacheKey; // 8 |
2bf26975 | 413 | std::atomic<uint16_t> age; // 4 |
414 | uint16_t qtype; // 2 | |
886e2cf2 | 415 | uint16_t qclass; // 2 |
2bf26975 | 416 | uint16_t origID; // 2 |
aeb36780 | 417 | uint16_t origFlags; // 2 |
7b3865cd | 418 | int delayMsec; |
ca404e94 | 419 | bool ednsAdded{false}; |
ff73f02b | 420 | bool ecsAdded{false}; |
886e2cf2 | 421 | bool skipCache{false}; |
7cea4e39 | 422 | bool destHarvested{false}; // if true, origDest holds the original dest addr, otherwise the listening addr |
df111b53 | 423 | }; |
424 | ||
425 | struct Rings { | |
e4c24bb3 | 426 | Rings(size_t capacity=10000) |
df111b53 | 427 | { |
e4c24bb3 RG |
428 | queryRing.set_capacity(capacity); |
429 | respRing.set_capacity(capacity); | |
0e41337b | 430 | pthread_rwlock_init(&queryLock, 0); |
df111b53 | 431 | } |
0ba5eecf | 432 | struct Query |
433 | { | |
434 | struct timespec when; | |
435 | ComboAddress requestor; | |
436 | DNSName name; | |
03ebf8b2 | 437 | uint16_t size; |
0ba5eecf | 438 | uint16_t qtype; |
3fcaeeac | 439 | struct dnsheader dh; |
0ba5eecf | 440 | }; |
441 | boost::circular_buffer<Query> queryRing; | |
df111b53 | 442 | struct Response |
443 | { | |
80a216c9 | 444 | struct timespec when; |
445 | ComboAddress requestor; | |
df111b53 | 446 | DNSName name; |
447 | uint16_t qtype; | |
df111b53 | 448 | unsigned int usec; |
80a216c9 | 449 | unsigned int size; |
3fcaeeac | 450 | struct dnsheader dh; |
2d11d1b2 | 451 | ComboAddress ds; // who handled it |
df111b53 | 452 | }; |
453 | boost::circular_buffer<Response> respRing; | |
454 | std::mutex respMutex; | |
0e41337b | 455 | pthread_rwlock_t queryLock; |
03ebf8b2 | 456 | |
7fc00937 | 457 | std::unordered_map<int, vector<boost::variant<string,double> > > getTopBandwidth(unsigned int numentries); |
a683e8bd | 458 | size_t numDistinctRequestors(); |
e4c24bb3 RG |
459 | void setCapacity(size_t newCapacity) |
460 | { | |
461 | { | |
462 | WriteLock wl(&queryLock); | |
463 | queryRing.set_capacity(newCapacity); | |
464 | } | |
465 | { | |
466 | std::lock_guard<std::mutex> lock(respMutex); | |
467 | respRing.set_capacity(newCapacity); | |
468 | } | |
469 | } | |
df111b53 | 470 | }; |
471 | ||
0e41337b | 472 | extern Rings g_rings; |
df111b53 | 473 | |
786e4d8c RS |
474 | typedef std::unordered_map<string, unsigned int> QueryCountRecords; |
475 | typedef std::function<std::tuple<bool, string>(DNSQuestion dq)> QueryCountFilter; | |
476 | struct QueryCount { | |
477 | QueryCount() | |
478 | { | |
479 | pthread_rwlock_init(&queryLock, 0); | |
480 | } | |
481 | QueryCountRecords records; | |
482 | QueryCountFilter filter; | |
483 | pthread_rwlock_t queryLock; | |
484 | bool enabled{false}; | |
485 | }; | |
486 | ||
487 | extern QueryCount g_qcount; | |
488 | ||
8a5d5053 | 489 | struct ClientState |
490 | { | |
491 | ComboAddress local; | |
11e1e08b RG |
492 | #ifdef HAVE_DNSCRYPT |
493 | DnsCryptContext* dnscryptCtx{0}; | |
494 | #endif | |
963bef8d | 495 | std::atomic<uint64_t> queries{0}; |
a36ce055 RG |
496 | int udpFD{-1}; |
497 | int tcpFD{-1}; | |
b5b93e0b | 498 | bool muted{false}; |
8429ad04 RG |
499 | |
500 | int getSocket() const | |
501 | { | |
502 | return udpFD != -1 ? udpFD : tcpFD; | |
503 | } | |
504 | ||
505 | #ifdef HAVE_EBPF | |
506 | shared_ptr<BPFFilter> d_filter; | |
507 | ||
508 | void detachFilter() | |
509 | { | |
510 | if (d_filter) { | |
511 | d_filter->removeSocket(getSocket()); | |
512 | d_filter = nullptr; | |
513 | } | |
514 | } | |
515 | ||
516 | void attachFilter(shared_ptr<BPFFilter> bpf) | |
517 | { | |
518 | detachFilter(); | |
519 | ||
520 | bpf->addSocket(getSocket()); | |
521 | d_filter = bpf; | |
522 | } | |
523 | #endif /* HAVE_EBPF */ | |
8a5d5053 | 524 | }; |
525 | ||
526 | class TCPClientCollection { | |
527 | std::vector<int> d_tcpclientthreads; | |
ded1985a | 528 | std::atomic<uint64_t> d_numthreads{0}; |
a9bf3ec4 | 529 | std::atomic<uint64_t> d_pos{0}; |
ded1985a | 530 | std::atomic<uint64_t> d_queued{0}; |
6c1ca990 | 531 | uint64_t d_maxthreads{0}; |
ded1985a | 532 | std::mutex d_mutex; |
edbda1ad RG |
533 | int d_singlePipe[2]; |
534 | bool d_useSinglePipe; | |
ded1985a | 535 | public: |
8a5d5053 | 536 | |
b79e4996 RG |
537 | TCPClientCollection(size_t maxThreads, bool useSinglePipe=false): d_maxthreads(maxThreads), d_singlePipe{-1,-1}, d_useSinglePipe(useSinglePipe) |
538 | ||
8a5d5053 | 539 | { |
a9bf3ec4 | 540 | d_tcpclientthreads.reserve(maxThreads); |
edbda1ad RG |
541 | |
542 | if (d_useSinglePipe) { | |
543 | if (pipe(d_singlePipe) < 0) { | |
544 | throw std::runtime_error("Error creating the TCP single communication pipe: " + string(strerror(errno))); | |
545 | } | |
546 | if (!setNonBlocking(d_singlePipe[1])) { | |
547 | int err = errno; | |
548 | close(d_singlePipe[0]); | |
549 | close(d_singlePipe[1]); | |
550 | throw std::runtime_error("Error setting the TCP single communication pipe non-blocking: " + string(strerror(err))); | |
551 | } | |
552 | } | |
8a5d5053 | 553 | } |
a9bf3ec4 | 554 | int getThread() |
8a5d5053 | 555 | { |
6c1ca990 | 556 | uint64_t pos = d_pos++; |
8a5d5053 | 557 | ++d_queued; |
558 | return d_tcpclientthreads[pos % d_numthreads]; | |
559 | } | |
ded1985a RG |
560 | bool hasReachedMaxThreads() const |
561 | { | |
562 | return d_numthreads >= d_maxthreads; | |
563 | } | |
564 | uint64_t getThreadsCount() const | |
565 | { | |
566 | return d_numthreads; | |
567 | } | |
568 | uint64_t getQueuedCount() const | |
569 | { | |
570 | return d_queued; | |
571 | } | |
572 | void decrementQueuedCount() | |
573 | { | |
574 | --d_queued; | |
575 | } | |
8a5d5053 | 576 | void addTCPClientThread(); |
577 | }; | |
578 | ||
a9bf3ec4 | 579 | extern std::shared_ptr<TCPClientCollection> g_tcpclientthreads; |
8a5d5053 | 580 | |
df111b53 | 581 | struct DownstreamState |
582 | { | |
fbe2a2e0 RG |
583 | DownstreamState(const ComboAddress& remote_, const ComboAddress& sourceAddr_, unsigned int sourceItf); |
584 | DownstreamState(const ComboAddress& remote_): DownstreamState(remote_, ComboAddress(), 0) {} | |
6a62c0e3 RG |
585 | ~DownstreamState() |
586 | { | |
587 | if (fd >= 0) | |
588 | close(fd); | |
589 | } | |
df111b53 | 590 | |
f99e3aaf | 591 | int fd{-1}; |
df111b53 | 592 | std::thread tid; |
593 | ComboAddress remote; | |
594 | QPSLimiter qps; | |
595 | vector<IDState> idStates; | |
fbe2a2e0 RG |
596 | ComboAddress sourceAddr; |
597 | DNSName checkName{"a.root-servers.net."}; | |
598 | QType checkType{QType::A}; | |
df111b53 | 599 | std::atomic<uint64_t> idOffset{0}; |
600 | std::atomic<uint64_t> sendErrors{0}; | |
601 | std::atomic<uint64_t> outstanding{0}; | |
602 | std::atomic<uint64_t> reuseds{0}; | |
603 | std::atomic<uint64_t> queries{0}; | |
604 | struct { | |
605 | std::atomic<uint64_t> sendErrors{0}; | |
606 | std::atomic<uint64_t> reuseds{0}; | |
607 | std::atomic<uint64_t> queries{0}; | |
608 | } prev; | |
18eeccc9 | 609 | string name; |
df111b53 | 610 | double queryLoad{0.0}; |
611 | double dropRate{0.0}; | |
612 | double latencyUsec{0.0}; | |
613 | int order{1}; | |
614 | int weight{1}; | |
b40cffe7 | 615 | int tcpConnectTimeout{5}; |
3f6d07a4 RG |
616 | int tcpRecvTimeout{30}; |
617 | int tcpSendTimeout{30}; | |
fbe2a2e0 | 618 | unsigned int sourceItf{0}; |
3f6d07a4 | 619 | uint16_t retries{5}; |
9e87dcb8 RG |
620 | uint8_t currentCheckFailures{0}; |
621 | uint8_t maxCheckFailures{1}; | |
df111b53 | 622 | StopWatch sw; |
623 | set<string> pools; | |
624 | enum class Availability { Up, Down, Auto} availability{Availability::Auto}; | |
fbe2a2e0 | 625 | bool mustResolve{false}; |
df111b53 | 626 | bool upStatus{false}; |
ca404e94 | 627 | bool useECS{false}; |
21830638 | 628 | bool setCD{false}; |
7565f4e6 | 629 | std::atomic<bool> connected{false}; |
284d460c | 630 | bool tcpFastOpen{false}; |
df111b53 | 631 | bool isUp() const |
632 | { | |
633 | if(availability == Availability::Down) | |
634 | return false; | |
635 | if(availability == Availability::Up) | |
636 | return true; | |
637 | return upStatus; | |
638 | } | |
639 | void setUp() { availability = Availability::Up; } | |
640 | void setDown() { availability = Availability::Down; } | |
641 | void setAuto() { availability = Availability::Auto; } | |
18eeccc9 RG |
642 | string getName() const { |
643 | if (name.empty()) { | |
644 | return remote.toStringWithPort(); | |
645 | } | |
646 | return name; | |
647 | } | |
a7940c06 | 648 | string getNameWithAddr() const { |
649 | if (name.empty()) { | |
650 | return remote.toStringWithPort(); | |
651 | } | |
652 | return name + " (" + remote.toStringWithPort()+ ")"; | |
653 | } | |
9f4eb5cc RG |
654 | string getStatus() const |
655 | { | |
656 | string status; | |
657 | if(availability == DownstreamState::Availability::Up) | |
658 | status = "UP"; | |
659 | else if(availability == DownstreamState::Availability::Down) | |
660 | status = "DOWN"; | |
661 | else | |
662 | status = (upStatus ? "up" : "down"); | |
663 | return status; | |
664 | } | |
b58f08e5 | 665 | void reconnect(); |
df111b53 | 666 | }; |
667 | using servers_t =vector<std::shared_ptr<DownstreamState>>; | |
df111b53 | 668 | |
da4e7813 | 669 | template <class T> using NumberedVector = std::vector<std::pair<unsigned int, T> >; |
670 | ||
671 | void* responderThread(std::shared_ptr<DownstreamState> state); | |
672 | extern std::mutex g_luamutex; | |
673 | extern LuaContext g_lua; | |
674 | extern std::string g_outputBuffer; // locking for this is ok, as locked by g_luamutex | |
675 | ||
0940e4eb | 676 | class DNSRule |
677 | { | |
678 | public: | |
205f2081 RG |
679 | virtual ~DNSRule () |
680 | { | |
681 | } | |
497a6e3a | 682 | virtual bool matches(const DNSQuestion* dq) const =0; |
0940e4eb | 683 | virtual string toString() const = 0; |
684 | mutable std::atomic<uint64_t> d_matches{0}; | |
685 | }; | |
686 | ||
da4e7813 | 687 | using NumberedServerVector = NumberedVector<shared_ptr<DownstreamState>>; |
497a6e3a | 688 | typedef std::function<shared_ptr<DownstreamState>(const NumberedServerVector& servers, const DNSQuestion*)> policyfunc_t; |
df111b53 | 689 | |
690 | struct ServerPolicy | |
691 | { | |
692 | string name; | |
70a57b05 | 693 | policyfunc_t policy; |
df111b53 | 694 | }; |
695 | ||
886e2cf2 RG |
696 | struct ServerPool |
697 | { | |
698 | const std::shared_ptr<DNSDistPacketCache> getCache() const { return packetCache; }; | |
699 | ||
700 | NumberedVector<shared_ptr<DownstreamState>> servers; | |
701 | std::shared_ptr<DNSDistPacketCache> packetCache{nullptr}; | |
b9f8a6c8 | 702 | std::shared_ptr<ServerPolicy> policy{nullptr}; |
886e2cf2 RG |
703 | }; |
704 | using pools_t=map<std::string,std::shared_ptr<ServerPool>>; | |
742c079a | 705 | void setPoolPolicy(pools_t& pools, const string& poolName, std::shared_ptr<ServerPolicy> policy); |
886e2cf2 RG |
706 | void addServerToPool(pools_t& pools, const string& poolName, std::shared_ptr<DownstreamState> server); |
707 | void removeServerFromPool(pools_t& pools, const string& poolName, std::shared_ptr<DownstreamState> server); | |
708 | ||
42fae326 | 709 | struct CarbonConfig |
710 | { | |
d617b22c | 711 | ComboAddress server; |
42fae326 | 712 | std::string ourname; |
d617b22c | 713 | unsigned int interval; |
42fae326 | 714 | }; |
715 | ||
ca404e94 RG |
716 | enum ednsHeaderFlags { |
717 | EDNS_HEADER_FLAG_NONE = 0, | |
718 | EDNS_HEADER_FLAG_DO = 32768 | |
719 | }; | |
720 | ||
71c94675 | 721 | extern GlobalStateHolder<SuffixMatchTree<DynBlock>> g_dynblockSMT; |
dd46e5e3 | 722 | extern DNSAction::Action g_dynBlockAction; |
71c94675 | 723 | |
d617b22c | 724 | extern GlobalStateHolder<vector<CarbonConfig> > g_carbon; |
ecbe9133 | 725 | extern GlobalStateHolder<ServerPolicy> g_policy; |
726 | extern GlobalStateHolder<servers_t> g_dstates; | |
886e2cf2 | 727 | extern GlobalStateHolder<pools_t> g_pools; |
0940e4eb | 728 | extern GlobalStateHolder<vector<pair<std::shared_ptr<DNSRule>, std::shared_ptr<DNSAction> > > > g_rulactions; |
8146444b | 729 | extern GlobalStateHolder<vector<pair<std::shared_ptr<DNSRule>, std::shared_ptr<DNSResponseAction> > > > g_resprulactions; |
cf48b0ce | 730 | extern GlobalStateHolder<vector<pair<std::shared_ptr<DNSRule>, std::shared_ptr<DNSResponseAction> > > > g_cachehitresprulactions; |
638184e9 | 731 | extern GlobalStateHolder<NetmaskGroup> g_ACL; |
2e72cc0e | 732 | |
ecbe9133 | 733 | extern ComboAddress g_serverControl; // not changed during runtime |
734 | ||
9f67b883 | 735 | extern std::vector<std::tuple<ComboAddress, bool, bool, int, std::string>> g_locals; // not changed at runtime (we hope XXX) |
963bef8d | 736 | extern vector<ClientState*> g_frontends; |
ecbe9133 | 737 | extern std::string g_key; // in theory needs locking |
6ad8b29a | 738 | extern bool g_truncateTC; |
b29edbee | 739 | extern bool g_fixupCase; |
3f6d07a4 RG |
740 | extern int g_tcpRecvTimeout; |
741 | extern int g_tcpSendTimeout; | |
e0b5e49d | 742 | extern int g_udpTimeout; |
e41f8165 RG |
743 | extern uint16_t g_maxOutstanding; |
744 | extern std::atomic<bool> g_configurationDone; | |
6c1ca990 RG |
745 | extern uint64_t g_maxTCPClientThreads; |
746 | extern uint64_t g_maxTCPQueuedConnections; | |
9396d955 RG |
747 | extern size_t g_maxTCPQueriesPerConn; |
748 | extern size_t g_maxTCPConnectionDuration; | |
749 | extern size_t g_maxTCPConnectionsPerClient; | |
886e2cf2 | 750 | extern std::atomic<uint16_t> g_cacheCleaningDelay; |
f65ea0c2 | 751 | extern std::atomic<uint16_t> g_cacheCleaningPercentage; |
9e87dcb8 | 752 | extern bool g_verboseHealthChecks; |
1ea747c0 | 753 | extern uint32_t g_staleCacheEntriesTTL; |
56d68fad RG |
754 | extern bool g_apiReadWrite; |
755 | extern std::string g_apiConfigDirectory; | |
26a3cdb7 | 756 | extern bool g_servFailOnNoPolicy; |
36e763fa | 757 | extern uint32_t g_hashperturb; |
edbda1ad | 758 | extern bool g_useTCPSinglePipe; |
840ed663 | 759 | extern std::atomic<uint16_t> g_downstreamTCPCleanupInterval; |
ca404e94 | 760 | |
ca4252e0 RG |
761 | struct ConsoleKeyword { |
762 | std::string name; | |
763 | bool function; | |
764 | std::string parameters; | |
765 | std::string description; | |
766 | std::string toString() const | |
767 | { | |
768 | std::string res(name); | |
769 | if (function) { | |
770 | res += "(" + parameters + ")"; | |
771 | } | |
772 | res += ": "; | |
773 | res += description; | |
774 | return res; | |
775 | } | |
776 | }; | |
777 | extern const std::vector<ConsoleKeyword> g_consoleKeywords; | |
506bb661 | 778 | extern bool g_logConsoleConnections; |
ca4252e0 | 779 | |
87b515ed RG |
780 | #ifdef HAVE_EBPF |
781 | extern shared_ptr<BPFFilter> g_defaultBPFFilter; | |
8429ad04 | 782 | extern std::vector<std::shared_ptr<DynBPFFilter> > g_dynBPFFilters; |
87b515ed RG |
783 | #endif /* HAVE_EBPF */ |
784 | ||
ecbe9133 | 785 | struct dnsheader; |
786 | ||
787 | void controlThread(int fd, ComboAddress local); | |
839f3021 | 788 | vector<std::function<void(void)>> setupLua(bool client, const std::string& config); |
886e2cf2 RG |
789 | std::shared_ptr<ServerPool> getPool(const pools_t& pools, const std::string& poolName); |
790 | std::shared_ptr<ServerPool> createPoolIfNotExists(pools_t& pools, const string& poolName); | |
791 | const NumberedServerVector& getDownstreamCandidates(const pools_t& pools, const std::string& poolName); | |
da4e7813 | 792 | |
497a6e3a | 793 | std::shared_ptr<DownstreamState> firstAvailable(const NumberedServerVector& servers, const DNSQuestion* dq); |
ecbe9133 | 794 | |
497a6e3a RG |
795 | std::shared_ptr<DownstreamState> leastOutstanding(const NumberedServerVector& servers, const DNSQuestion* dq); |
796 | std::shared_ptr<DownstreamState> wrandom(const NumberedServerVector& servers, const DNSQuestion* dq); | |
797 | std::shared_ptr<DownstreamState> whashed(const NumberedServerVector& servers, const DNSQuestion* dq); | |
798 | std::shared_ptr<DownstreamState> roundrobin(const NumberedServerVector& servers, const DNSQuestion* dq); | |
520eb5a0 | 799 | int getEDNSZ(const char* packet, unsigned int len); |
ca404e94 | 800 | uint16_t getEDNSOptionCode(const char * packet, size_t len); |
002decab | 801 | void dnsdistWebserverThread(int sock, const ComboAddress& local, const string& password, const string& apiKey, const boost::optional<std::map<std::string, std::string> >&); |
6885d4bf | 802 | bool getMsgLen32(int fd, uint32_t* len); |
803 | bool putMsgLen32(int fd, uint32_t len); | |
d8d85a30 | 804 | void* tcpAcceptorThread(void* p); |
80a216c9 | 805 | |
886e2cf2 | 806 | void moreLua(bool client); |
ffb07158 | 807 | void doClient(ComboAddress server, const std::string& command); |
808 | void doConsole(); | |
809 | void controlClientThread(int fd, ComboAddress client); | |
810 | extern "C" { | |
811 | char** my_completion( const char * text , int start, int end); | |
812 | } | |
f758857a | 813 | void setLuaNoSideEffect(); // if nothing has been declared, set that there are no side effects |
814 | void setLuaSideEffect(); // set to report a side effect, cancelling all _no_ side effect calls | |
815 | bool getLuaNoSideEffect(); // set if there were only explicit declarations of _no_ side effect | |
816 | void resetLuaSideEffect(); // reset to indeterminate state | |
11e1e08b | 817 | |
fcffc585 | 818 | bool responseContentMatches(const char* response, const uint16_t responseLen, const DNSName& qname, const uint16_t qtype, const uint16_t qclass, const ComboAddress& remote); |
71c94675 | 819 | bool processQuery(LocalStateHolder<NetmaskTree<DynBlock> >& localDynBlockNMG, |
0c369ddc | 820 | LocalStateHolder<SuffixMatchTree<DynBlock> >& localDynBlockSMT, LocalStateHolder<vector<pair<std::shared_ptr<DNSRule>, std::shared_ptr<DNSAction> > > >& localRulactions, DNSQuestion& dq, string& poolname, int* delayMsec, const struct timespec& now); |
788c3243 | 821 | bool processResponse(LocalStateHolder<vector<pair<std::shared_ptr<DNSRule>, std::shared_ptr<DNSResponseAction> > > >& localRespRulactions, DNSResponse& dr, int* delayMsec); |
ff73f02b | 822 | bool fixUpResponse(char** response, uint16_t* responseLen, size_t* responseSize, const DNSName& qname, uint16_t origFlags, bool ednsAdded, bool ecsAdded, std::vector<uint8_t>& rewrittenResponse, uint16_t addRoom); |
0f72fd5c | 823 | void restoreFlags(struct dnsheader* dh, uint16_t origFlags); |
fcffc585 | 824 | |
11e1e08b | 825 | #ifdef HAVE_DNSCRYPT |
9f67b883 | 826 | extern std::vector<std::tuple<ComboAddress,DnsCryptContext,bool,int, std::string>> g_dnsCryptLocals; |
11e1e08b | 827 | |
3596a52b | 828 | int handleDnsCryptQuery(DnsCryptContext* ctx, char* packet, uint16_t len, std::shared_ptr<DnsCryptQuery>& query, uint16_t* decryptedQueryLen, bool tcp, std::vector<uint8_t>& response); |
57847d65 | 829 | bool encryptResponse(char* response, uint16_t* responseLen, size_t responseSize, bool tcp, std::shared_ptr<DnsCryptQuery> dnsCryptQuery, dnsheader** dh, dnsheader* dhCopy); |
11e1e08b | 830 | #endif |
9f4eb5cc RG |
831 | |
832 | #include "dnsdist-snmp.hh" | |
833 | ||
834 | extern bool g_snmpEnabled; | |
835 | extern bool g_snmpTrapsEnabled; | |
836 | extern DNSDistSNMPAgent* g_snmpAgent; |