]>
Commit | Line | Data |
---|---|---|
12471842 PL |
1 | /* |
2 | * This file is part of PowerDNS or dnsdist. | |
3 | * Copyright -- PowerDNS.COM B.V. and its contributors | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of version 2 of the GNU General Public License as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * In addition, for the avoidance of any doubt, permission is granted to | |
10 | * link this program with OpenSSL and to (re)distribute the binaries | |
11 | * produced as the result of such linking. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License | |
19 | * along with this program; if not, write to the Free Software | |
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
21 | */ | |
df111b53 | 22 | #pragma once |
11e1e08b | 23 | #include "config.h" |
df111b53 | 24 | #include "ext/luawrapper/include/LuaContext.hpp" |
25 | #include <time.h> | |
26 | #include "misc.hh" | |
27 | #include "iputils.hh" | |
28 | #include "dnsname.hh" | |
29 | #include <atomic> | |
30 | #include <boost/circular_buffer.hpp> | |
e16fd59c | 31 | #include <boost/variant.hpp> |
df111b53 | 32 | #include <mutex> |
33 | #include <thread> | |
bffca8b9 | 34 | #include <unistd.h> |
ecbe9133 | 35 | #include "sholder.hh" |
11e1e08b | 36 | #include "dnscrypt.hh" |
886e2cf2 | 37 | #include "dnsdist-cache.hh" |
85c7ca75 | 38 | #include "gettime.hh" |
87b515ed RG |
39 | #include "dnsdist-dynbpf.hh" |
40 | #include "bpf-filter.hh" | |
1ea747c0 | 41 | |
d8c19b98 RG |
42 | #ifdef HAVE_PROTOBUF |
43 | #include <boost/uuid/uuid.hpp> | |
44 | #include <boost/uuid/uuid_generators.hpp> | |
45 | #endif | |
46 | ||
42fae326 | 47 | void* carbonDumpThread(); |
61d1b966 | 48 | uint64_t uptimeOfProcess(const std::string& str); |
bd1c631b | 49 | |
78ffa782 | 50 | struct DynBlock |
51 | { | |
52 | DynBlock& operator=(const DynBlock& rhs) | |
53 | { | |
54 | reason=rhs.reason; | |
55 | until=rhs.until; | |
71c94675 | 56 | domain=rhs.domain; |
78ffa782 | 57 | blocks.store(rhs.blocks); |
58 | return *this; | |
59 | } | |
71c94675 | 60 | |
78ffa782 | 61 | string reason; |
62 | struct timespec until; | |
71c94675 | 63 | DNSName domain; |
78ffa782 | 64 | mutable std::atomic<unsigned int> blocks; |
65 | }; | |
66 | ||
67 | extern GlobalStateHolder<NetmaskTree<DynBlock>> g_dynblockNMG; | |
f758857a | 68 | |
69 | extern vector<pair<struct timeval, std::string> > g_confDelta; | |
70 | ||
e48090d1 | 71 | struct DNSDistStats |
72 | { | |
6ad8b29a | 73 | using stat_t=std::atomic<uint64_t>; // aww yiss ;-) |
e48090d1 | 74 | stat_t responses{0}; |
75 | stat_t servfailResponses{0}; | |
76 | stat_t queries{0}; | |
e73ec7d3 | 77 | stat_t nonCompliantQueries{0}; |
d08b1cdf | 78 | stat_t nonCompliantResponses{0}; |
643a182a | 79 | stat_t rdQueries{0}; |
2efd427d | 80 | stat_t emptyQueries{0}; |
e48090d1 | 81 | stat_t aclDrops{0}; |
82 | stat_t blockFilter{0}; | |
bd1c631b | 83 | stat_t dynBlocked{0}; |
e48090d1 | 84 | stat_t ruleDrop{0}; |
85 | stat_t ruleNXDomain{0}; | |
dd46e5e3 | 86 | stat_t ruleRefused{0}; |
e48090d1 | 87 | stat_t selfAnswered{0}; |
88 | stat_t downstreamTimeouts{0}; | |
89 | stat_t downstreamSendErrors{0}; | |
6ad8b29a | 90 | stat_t truncFail{0}; |
b8bc7e61 | 91 | stat_t noPolicy{0}; |
886e2cf2 RG |
92 | stat_t cacheHits{0}; |
93 | stat_t cacheMisses{0}; | |
42fae326 | 94 | stat_t latency0_1{0}, latency1_10{0}, latency10_50{0}, latency50_100{0}, latency100_1000{0}, latencySlow{0}; |
e48090d1 | 95 | |
e16fd59c | 96 | double latencyAvg100{0}, latencyAvg1000{0}, latencyAvg10000{0}, latencyAvg1000000{0}; |
a1a787dc | 97 | typedef std::function<uint64_t(const std::string&)> statfunction_t; |
98 | typedef boost::variant<stat_t*, double*, statfunction_t> entry_t; | |
e16fd59c | 99 | std::vector<std::pair<std::string, entry_t>> entries{ |
dd46e5e3 RG |
100 | {"responses", &responses}, |
101 | {"servfail-responses", &servfailResponses}, | |
102 | {"queries", &queries}, | |
103 | {"acl-drops", &aclDrops}, | |
104 | {"block-filter", &blockFilter}, | |
105 | {"rule-drop", &ruleDrop}, | |
106 | {"rule-nxdomain", &ruleNXDomain}, | |
107 | {"rule-refused", &ruleRefused}, | |
108 | {"self-answered", &selfAnswered}, | |
109 | {"downstream-timeouts", &downstreamTimeouts}, | |
110 | {"downstream-send-errors", &downstreamSendErrors}, | |
111 | {"trunc-failures", &truncFail}, | |
112 | {"no-policy", &noPolicy}, | |
113 | {"latency0-1", &latency0_1}, | |
114 | {"latency1-10", &latency1_10}, | |
115 | {"latency10-50", &latency10_50}, | |
116 | {"latency50-100", &latency50_100}, | |
117 | {"latency100-1000", &latency100_1000}, | |
118 | {"latency-slow", &latencySlow}, | |
119 | {"latency-avg100", &latencyAvg100}, | |
120 | {"latency-avg1000", &latencyAvg1000}, | |
121 | {"latency-avg10000", &latencyAvg10000}, | |
122 | {"latency-avg1000000", &latencyAvg1000000}, | |
61d1b966 | 123 | {"uptime", uptimeOfProcess}, |
a9b6db56 | 124 | {"real-memory-usage", getRealMemoryUsage}, |
a2aa00ed | 125 | {"noncompliant-queries", &nonCompliantQueries}, |
d08b1cdf | 126 | {"noncompliant-responses", &nonCompliantResponses}, |
643a182a | 127 | {"rdqueries", &rdQueries}, |
2efd427d | 128 | {"empty-queries", &emptyQueries}, |
886e2cf2 RG |
129 | {"cache-hits", &cacheHits}, |
130 | {"cache-misses", &cacheMisses}, | |
4f99f3d3 RG |
131 | {"cpu-user-msec", getCPUTimeUser}, |
132 | {"cpu-sys-msec", getCPUTimeSystem}, | |
dd46e5e3 RG |
133 | {"fd-usage", getOpenFileDescriptors}, |
134 | {"dyn-blocked", &dynBlocked}, | |
bd1c631b | 135 | {"dyn-block-nmg-size", [](const std::string&) { return g_dynblockNMG.getLocal()->size(); }} |
42fae326 | 136 | }; |
e48090d1 | 137 | }; |
138 | ||
e16fd59c | 139 | |
e48090d1 | 140 | extern struct DNSDistStats g_stats; |
141 | ||
638184e9 | 142 | |
df111b53 | 143 | struct StopWatch |
144 | { | |
58307a85 RG |
145 | StopWatch(bool realTime=false): d_needRealTime(realTime) |
146 | { | |
147 | } | |
df111b53 | 148 | struct timespec d_start{0,0}; |
58307a85 RG |
149 | bool d_needRealTime{false}; |
150 | ||
df111b53 | 151 | void start() { |
58307a85 | 152 | if(gettime(&d_start, d_needRealTime) < 0) |
df111b53 | 153 | unixDie("Getting timestamp"); |
154 | ||
155 | } | |
156 | ||
157 | double udiff() const { | |
158 | struct timespec now; | |
58307a85 | 159 | if(gettime(&now, d_needRealTime) < 0) |
df111b53 | 160 | unixDie("Getting timestamp"); |
161 | ||
162 | return 1000000.0*(now.tv_sec - d_start.tv_sec) + (now.tv_nsec - d_start.tv_nsec)/1000.0; | |
163 | } | |
164 | ||
165 | double udiffAndSet() { | |
166 | struct timespec now; | |
58307a85 | 167 | if(gettime(&now, d_needRealTime) < 0) |
df111b53 | 168 | unixDie("Getting timestamp"); |
169 | ||
170 | auto ret= 1000000.0*(now.tv_sec - d_start.tv_sec) + (now.tv_nsec - d_start.tv_nsec)/1000.0; | |
171 | d_start = now; | |
172 | return ret; | |
173 | } | |
174 | ||
175 | }; | |
176 | ||
177 | class QPSLimiter | |
178 | { | |
179 | public: | |
180 | QPSLimiter() | |
181 | { | |
182 | } | |
183 | ||
184 | QPSLimiter(unsigned int rate, unsigned int burst) : d_rate(rate), d_burst(burst), d_tokens(burst) | |
185 | { | |
186 | d_passthrough=false; | |
187 | d_prev.start(); | |
188 | } | |
189 | ||
190 | unsigned int getRate() const | |
191 | { | |
192 | return d_passthrough? 0 : d_rate; | |
193 | } | |
194 | ||
195 | int getPassed() const | |
196 | { | |
197 | return d_passed; | |
198 | } | |
199 | int getBlocked() const | |
200 | { | |
201 | return d_blocked; | |
202 | } | |
203 | ||
ecbe9133 | 204 | bool check() const // this is not quite fair |
df111b53 | 205 | { |
206 | if(d_passthrough) | |
207 | return true; | |
208 | auto delta = d_prev.udiffAndSet(); | |
209 | ||
210 | d_tokens += 1.0*d_rate * (delta/1000000.0); | |
211 | ||
212 | if(d_tokens > d_burst) | |
213 | d_tokens = d_burst; | |
214 | ||
215 | bool ret=false; | |
216 | if(d_tokens >= 1.0) { // we need this because burst=1 is weird otherwise | |
217 | ret=true; | |
218 | --d_tokens; | |
219 | d_passed++; | |
220 | } | |
221 | else | |
222 | d_blocked++; | |
223 | ||
224 | return ret; | |
225 | } | |
226 | private: | |
227 | bool d_passthrough{true}; | |
228 | unsigned int d_rate; | |
229 | unsigned int d_burst; | |
ecbe9133 | 230 | mutable double d_tokens; |
231 | mutable StopWatch d_prev; | |
232 | mutable unsigned int d_passed{0}; | |
233 | mutable unsigned int d_blocked{0}; | |
df111b53 | 234 | }; |
235 | ||
b5b93e0b RG |
236 | struct ClientState; |
237 | ||
df111b53 | 238 | struct IDState |
239 | { | |
58307a85 | 240 | IDState() : origFD(-1), sentTime(true), delayMsec(0) { origDest.sin4.sin_family = 0;} |
df111b53 | 241 | IDState(const IDState& orig) |
242 | { | |
243 | origFD = orig.origFD; | |
244 | origID = orig.origID; | |
245 | origRemote = orig.origRemote; | |
549d63c9 | 246 | origDest = orig.origDest; |
7b3865cd | 247 | delayMsec = orig.delayMsec; |
df111b53 | 248 | age.store(orig.age.load()); |
249 | } | |
250 | ||
2bf26975 | 251 | int origFD; // set to <0 to indicate this state is empty // 4 |
252 | ||
253 | ComboAddress origRemote; // 28 | |
549d63c9 | 254 | ComboAddress origDest; // 28 |
2bf26975 | 255 | StopWatch sentTime; // 16 |
256 | DNSName qname; // 80 | |
11e1e08b RG |
257 | #ifdef HAVE_DNSCRYPT |
258 | std::shared_ptr<DnsCryptQuery> dnsCryptQuery{0}; | |
d8c19b98 RG |
259 | #endif |
260 | #ifdef HAVE_PROTOBUF | |
261 | boost::uuids::uuid uniqueId; | |
11e1e08b | 262 | #endif |
886e2cf2 | 263 | std::shared_ptr<DNSDistPacketCache> packetCache{nullptr}; |
b5b93e0b | 264 | const ClientState* cs{nullptr}; |
886e2cf2 | 265 | uint32_t cacheKey; // 8 |
2bf26975 | 266 | std::atomic<uint16_t> age; // 4 |
267 | uint16_t qtype; // 2 | |
886e2cf2 | 268 | uint16_t qclass; // 2 |
2bf26975 | 269 | uint16_t origID; // 2 |
aeb36780 | 270 | uint16_t origFlags; // 2 |
7b3865cd | 271 | int delayMsec; |
ca404e94 | 272 | bool ednsAdded{false}; |
ff73f02b | 273 | bool ecsAdded{false}; |
886e2cf2 | 274 | bool skipCache{false}; |
7cea4e39 | 275 | bool destHarvested{false}; // if true, origDest holds the original dest addr, otherwise the listening addr |
df111b53 | 276 | }; |
277 | ||
278 | struct Rings { | |
e4c24bb3 | 279 | Rings(size_t capacity=10000) |
df111b53 | 280 | { |
e4c24bb3 RG |
281 | queryRing.set_capacity(capacity); |
282 | respRing.set_capacity(capacity); | |
0e41337b | 283 | pthread_rwlock_init(&queryLock, 0); |
df111b53 | 284 | } |
0ba5eecf | 285 | struct Query |
286 | { | |
287 | struct timespec when; | |
288 | ComboAddress requestor; | |
289 | DNSName name; | |
03ebf8b2 | 290 | uint16_t size; |
0ba5eecf | 291 | uint16_t qtype; |
3fcaeeac | 292 | struct dnsheader dh; |
0ba5eecf | 293 | }; |
294 | boost::circular_buffer<Query> queryRing; | |
df111b53 | 295 | struct Response |
296 | { | |
80a216c9 | 297 | struct timespec when; |
298 | ComboAddress requestor; | |
df111b53 | 299 | DNSName name; |
300 | uint16_t qtype; | |
df111b53 | 301 | unsigned int usec; |
80a216c9 | 302 | unsigned int size; |
3fcaeeac | 303 | struct dnsheader dh; |
2d11d1b2 | 304 | ComboAddress ds; // who handled it |
df111b53 | 305 | }; |
306 | boost::circular_buffer<Response> respRing; | |
307 | std::mutex respMutex; | |
0e41337b | 308 | pthread_rwlock_t queryLock; |
03ebf8b2 | 309 | |
7fc00937 | 310 | std::unordered_map<int, vector<boost::variant<string,double> > > getTopBandwidth(unsigned int numentries); |
a683e8bd | 311 | size_t numDistinctRequestors(); |
e4c24bb3 RG |
312 | void setCapacity(size_t newCapacity) |
313 | { | |
314 | { | |
315 | WriteLock wl(&queryLock); | |
316 | queryRing.set_capacity(newCapacity); | |
317 | } | |
318 | { | |
319 | std::lock_guard<std::mutex> lock(respMutex); | |
320 | respRing.set_capacity(newCapacity); | |
321 | } | |
322 | } | |
df111b53 | 323 | }; |
324 | ||
0e41337b | 325 | extern Rings g_rings; |
df111b53 | 326 | |
786e4d8c RS |
327 | typedef std::unordered_map<string, unsigned int> QueryCountRecords; |
328 | typedef std::function<std::tuple<bool, string>(DNSQuestion dq)> QueryCountFilter; | |
329 | struct QueryCount { | |
330 | QueryCount() | |
331 | { | |
332 | pthread_rwlock_init(&queryLock, 0); | |
333 | } | |
334 | QueryCountRecords records; | |
335 | QueryCountFilter filter; | |
336 | pthread_rwlock_t queryLock; | |
337 | bool enabled{false}; | |
338 | }; | |
339 | ||
340 | extern QueryCount g_qcount; | |
341 | ||
8a5d5053 | 342 | struct ClientState |
343 | { | |
344 | ComboAddress local; | |
11e1e08b RG |
345 | #ifdef HAVE_DNSCRYPT |
346 | DnsCryptContext* dnscryptCtx{0}; | |
347 | #endif | |
963bef8d | 348 | std::atomic<uint64_t> queries{0}; |
a36ce055 RG |
349 | int udpFD{-1}; |
350 | int tcpFD{-1}; | |
b5b93e0b | 351 | bool muted{false}; |
8429ad04 RG |
352 | |
353 | int getSocket() const | |
354 | { | |
355 | return udpFD != -1 ? udpFD : tcpFD; | |
356 | } | |
357 | ||
358 | #ifdef HAVE_EBPF | |
359 | shared_ptr<BPFFilter> d_filter; | |
360 | ||
361 | void detachFilter() | |
362 | { | |
363 | if (d_filter) { | |
364 | d_filter->removeSocket(getSocket()); | |
365 | d_filter = nullptr; | |
366 | } | |
367 | } | |
368 | ||
369 | void attachFilter(shared_ptr<BPFFilter> bpf) | |
370 | { | |
371 | detachFilter(); | |
372 | ||
373 | bpf->addSocket(getSocket()); | |
374 | d_filter = bpf; | |
375 | } | |
376 | #endif /* HAVE_EBPF */ | |
8a5d5053 | 377 | }; |
378 | ||
379 | class TCPClientCollection { | |
380 | std::vector<int> d_tcpclientthreads; | |
ded1985a | 381 | std::atomic<uint64_t> d_numthreads{0}; |
a9bf3ec4 | 382 | std::atomic<uint64_t> d_pos{0}; |
ded1985a | 383 | std::atomic<uint64_t> d_queued{0}; |
6c1ca990 | 384 | uint64_t d_maxthreads{0}; |
ded1985a RG |
385 | std::mutex d_mutex; |
386 | public: | |
8a5d5053 | 387 | |
a9bf3ec4 | 388 | TCPClientCollection(size_t maxThreads) |
8a5d5053 | 389 | { |
6c1ca990 | 390 | d_maxthreads = maxThreads; |
a9bf3ec4 | 391 | d_tcpclientthreads.reserve(maxThreads); |
8a5d5053 | 392 | } |
a9bf3ec4 | 393 | int getThread() |
8a5d5053 | 394 | { |
6c1ca990 | 395 | uint64_t pos = d_pos++; |
8a5d5053 | 396 | ++d_queued; |
397 | return d_tcpclientthreads[pos % d_numthreads]; | |
398 | } | |
ded1985a RG |
399 | bool hasReachedMaxThreads() const |
400 | { | |
401 | return d_numthreads >= d_maxthreads; | |
402 | } | |
403 | uint64_t getThreadsCount() const | |
404 | { | |
405 | return d_numthreads; | |
406 | } | |
407 | uint64_t getQueuedCount() const | |
408 | { | |
409 | return d_queued; | |
410 | } | |
411 | void decrementQueuedCount() | |
412 | { | |
413 | --d_queued; | |
414 | } | |
8a5d5053 | 415 | void addTCPClientThread(); |
416 | }; | |
417 | ||
a9bf3ec4 | 418 | extern std::shared_ptr<TCPClientCollection> g_tcpclientthreads; |
8a5d5053 | 419 | |
df111b53 | 420 | struct DownstreamState |
421 | { | |
fbe2a2e0 RG |
422 | DownstreamState(const ComboAddress& remote_, const ComboAddress& sourceAddr_, unsigned int sourceItf); |
423 | DownstreamState(const ComboAddress& remote_): DownstreamState(remote_, ComboAddress(), 0) {} | |
6a62c0e3 RG |
424 | ~DownstreamState() |
425 | { | |
426 | if (fd >= 0) | |
427 | close(fd); | |
428 | } | |
df111b53 | 429 | |
f99e3aaf | 430 | int fd{-1}; |
df111b53 | 431 | std::thread tid; |
432 | ComboAddress remote; | |
433 | QPSLimiter qps; | |
434 | vector<IDState> idStates; | |
fbe2a2e0 RG |
435 | ComboAddress sourceAddr; |
436 | DNSName checkName{"a.root-servers.net."}; | |
437 | QType checkType{QType::A}; | |
df111b53 | 438 | std::atomic<uint64_t> idOffset{0}; |
439 | std::atomic<uint64_t> sendErrors{0}; | |
440 | std::atomic<uint64_t> outstanding{0}; | |
441 | std::atomic<uint64_t> reuseds{0}; | |
442 | std::atomic<uint64_t> queries{0}; | |
443 | struct { | |
444 | std::atomic<uint64_t> sendErrors{0}; | |
445 | std::atomic<uint64_t> reuseds{0}; | |
446 | std::atomic<uint64_t> queries{0}; | |
447 | } prev; | |
18eeccc9 | 448 | string name; |
df111b53 | 449 | double queryLoad{0.0}; |
450 | double dropRate{0.0}; | |
451 | double latencyUsec{0.0}; | |
452 | int order{1}; | |
453 | int weight{1}; | |
3f6d07a4 RG |
454 | int tcpRecvTimeout{30}; |
455 | int tcpSendTimeout{30}; | |
fbe2a2e0 | 456 | unsigned int sourceItf{0}; |
3f6d07a4 | 457 | uint16_t retries{5}; |
9e87dcb8 RG |
458 | uint8_t currentCheckFailures{0}; |
459 | uint8_t maxCheckFailures{1}; | |
df111b53 | 460 | StopWatch sw; |
461 | set<string> pools; | |
462 | enum class Availability { Up, Down, Auto} availability{Availability::Auto}; | |
fbe2a2e0 | 463 | bool mustResolve{false}; |
df111b53 | 464 | bool upStatus{false}; |
ca404e94 | 465 | bool useECS{false}; |
21830638 | 466 | bool setCD{false}; |
7565f4e6 | 467 | std::atomic<bool> connected{false}; |
df111b53 | 468 | bool isUp() const |
469 | { | |
470 | if(availability == Availability::Down) | |
471 | return false; | |
472 | if(availability == Availability::Up) | |
473 | return true; | |
474 | return upStatus; | |
475 | } | |
476 | void setUp() { availability = Availability::Up; } | |
477 | void setDown() { availability = Availability::Down; } | |
478 | void setAuto() { availability = Availability::Auto; } | |
18eeccc9 RG |
479 | string getName() const { |
480 | if (name.empty()) { | |
481 | return remote.toStringWithPort(); | |
482 | } | |
483 | return name; | |
484 | } | |
a7940c06 | 485 | string getNameWithAddr() const { |
486 | if (name.empty()) { | |
487 | return remote.toStringWithPort(); | |
488 | } | |
489 | return name + " (" + remote.toStringWithPort()+ ")"; | |
490 | } | |
b58f08e5 | 491 | void reconnect(); |
df111b53 | 492 | }; |
493 | using servers_t =vector<std::shared_ptr<DownstreamState>>; | |
df111b53 | 494 | |
ff0902ec RG |
495 | extern uint16_t g_ECSSourcePrefixV4; |
496 | extern uint16_t g_ECSSourcePrefixV6; | |
497 | extern bool g_ECSOverride; | |
498 | ||
497a6e3a RG |
499 | struct DNSQuestion |
500 | { | |
ff0902ec | 501 | DNSQuestion(const DNSName* name, uint16_t type, uint16_t class_, const ComboAddress* lc, const ComboAddress* rem, struct dnsheader* header, size_t bufferSize, uint16_t queryLen, bool isTcp): qname(name), qtype(type), qclass(class_), local(lc), remote(rem), dh(header), size(bufferSize), len(queryLen), ecsPrefixLength(rem->sin4.sin_family == AF_INET ? g_ECSSourcePrefixV4 : g_ECSSourcePrefixV6), tcp(isTcp), ecsOverride(g_ECSOverride) { } |
497a6e3a | 502 | |
d8c19b98 RG |
503 | #ifdef HAVE_PROTOBUF |
504 | boost::uuids::uuid uniqueId; | |
505 | #endif | |
497a6e3a RG |
506 | const DNSName* qname; |
507 | const uint16_t qtype; | |
cec47783 | 508 | const uint16_t qclass; |
497a6e3a RG |
509 | const ComboAddress* local; |
510 | const ComboAddress* remote; | |
511 | struct dnsheader* dh; | |
512 | size_t size; | |
513 | uint16_t len; | |
ff0902ec | 514 | uint16_t ecsPrefixLength; |
497a6e3a | 515 | const bool tcp; |
886e2cf2 | 516 | bool skipCache{false}; |
ff0902ec RG |
517 | bool ecsOverride; |
518 | bool useECS{true}; | |
497a6e3a RG |
519 | }; |
520 | ||
58307a85 RG |
521 | struct DNSResponse : DNSQuestion |
522 | { | |
523 | DNSResponse(const DNSName* name, uint16_t type, uint16_t class_, const ComboAddress* lc, const ComboAddress* rem, struct dnsheader* header, size_t bufferSize, uint16_t queryLen, bool isTcp, const struct timespec* queryTime_): DNSQuestion(name, type, class_, lc, rem, header, bufferSize, queryLen, isTcp), queryTime(queryTime_) { } | |
524 | ||
525 | const struct timespec* queryTime; | |
526 | }; | |
527 | ||
e91084ce | 528 | typedef std::function<bool(const DNSQuestion*)> blockfilter_t; |
da4e7813 | 529 | template <class T> using NumberedVector = std::vector<std::pair<unsigned int, T> >; |
530 | ||
531 | void* responderThread(std::shared_ptr<DownstreamState> state); | |
532 | extern std::mutex g_luamutex; | |
533 | extern LuaContext g_lua; | |
534 | extern std::string g_outputBuffer; // locking for this is ok, as locked by g_luamutex | |
535 | ||
0940e4eb | 536 | class DNSRule |
537 | { | |
538 | public: | |
497a6e3a | 539 | virtual bool matches(const DNSQuestion* dq) const =0; |
0940e4eb | 540 | virtual string toString() const = 0; |
541 | mutable std::atomic<uint64_t> d_matches{0}; | |
542 | }; | |
543 | ||
544 | /* so what could you do: | |
545 | drop, | |
546 | fake up nxdomain, | |
547 | provide actual answer, | |
548 | allow & and stop processing, | |
549 | continue processing, | |
550 | modify header: (servfail|refused|notimp), set TC=1, | |
551 | send to pool */ | |
552 | ||
553 | class DNSAction | |
554 | { | |
555 | public: | |
dd46e5e3 | 556 | enum class Action { Drop, Nxdomain, Refused, Spoof, Allow, HeaderModify, Pool, Delay, None}; |
497a6e3a | 557 | virtual Action operator()(DNSQuestion*, string* ruleresult) const =0; |
0940e4eb | 558 | virtual string toString() const = 0; |
cf6874ba | 559 | virtual std::unordered_map<string, double> getStats() const |
560 | { | |
561 | return {{}}; | |
562 | } | |
0940e4eb | 563 | }; |
564 | ||
8146444b RG |
565 | class DNSResponseAction |
566 | { | |
567 | public: | |
788c3243 | 568 | enum class Action { Allow, Delay, Drop, HeaderModify, None }; |
58307a85 | 569 | virtual Action operator()(DNSResponse*, string* ruleresult) const =0; |
8146444b RG |
570 | virtual string toString() const = 0; |
571 | }; | |
572 | ||
da4e7813 | 573 | using NumberedServerVector = NumberedVector<shared_ptr<DownstreamState>>; |
497a6e3a | 574 | typedef std::function<shared_ptr<DownstreamState>(const NumberedServerVector& servers, const DNSQuestion*)> policyfunc_t; |
df111b53 | 575 | |
576 | struct ServerPolicy | |
577 | { | |
578 | string name; | |
70a57b05 | 579 | policyfunc_t policy; |
df111b53 | 580 | }; |
581 | ||
886e2cf2 RG |
582 | struct ServerPool |
583 | { | |
584 | const std::shared_ptr<DNSDistPacketCache> getCache() const { return packetCache; }; | |
585 | ||
586 | NumberedVector<shared_ptr<DownstreamState>> servers; | |
587 | std::shared_ptr<DNSDistPacketCache> packetCache{nullptr}; | |
588 | }; | |
589 | using pools_t=map<std::string,std::shared_ptr<ServerPool>>; | |
590 | void addServerToPool(pools_t& pools, const string& poolName, std::shared_ptr<DownstreamState> server); | |
591 | void removeServerFromPool(pools_t& pools, const string& poolName, std::shared_ptr<DownstreamState> server); | |
592 | ||
42fae326 | 593 | struct CarbonConfig |
594 | { | |
d617b22c | 595 | ComboAddress server; |
42fae326 | 596 | std::string ourname; |
d617b22c | 597 | unsigned int interval; |
42fae326 | 598 | }; |
599 | ||
ca404e94 RG |
600 | enum ednsHeaderFlags { |
601 | EDNS_HEADER_FLAG_NONE = 0, | |
602 | EDNS_HEADER_FLAG_DO = 32768 | |
603 | }; | |
604 | ||
71c94675 | 605 | extern GlobalStateHolder<SuffixMatchTree<DynBlock>> g_dynblockSMT; |
dd46e5e3 | 606 | extern DNSAction::Action g_dynBlockAction; |
71c94675 | 607 | |
d617b22c | 608 | extern GlobalStateHolder<vector<CarbonConfig> > g_carbon; |
ecbe9133 | 609 | extern GlobalStateHolder<ServerPolicy> g_policy; |
610 | extern GlobalStateHolder<servers_t> g_dstates; | |
886e2cf2 | 611 | extern GlobalStateHolder<pools_t> g_pools; |
0940e4eb | 612 | extern GlobalStateHolder<vector<pair<std::shared_ptr<DNSRule>, std::shared_ptr<DNSAction> > > > g_rulactions; |
8146444b | 613 | extern GlobalStateHolder<vector<pair<std::shared_ptr<DNSRule>, std::shared_ptr<DNSResponseAction> > > > g_resprulactions; |
638184e9 | 614 | extern GlobalStateHolder<NetmaskGroup> g_ACL; |
2e72cc0e | 615 | |
ecbe9133 | 616 | extern ComboAddress g_serverControl; // not changed during runtime |
617 | ||
9e284f31 | 618 | extern std::vector<std::tuple<ComboAddress, bool, bool, int>> g_locals; // not changed at runtime (we hope XXX) |
963bef8d | 619 | extern vector<ClientState*> g_frontends; |
ecbe9133 | 620 | extern std::string g_key; // in theory needs locking |
6ad8b29a | 621 | extern bool g_truncateTC; |
b29edbee | 622 | extern bool g_fixupCase; |
3f6d07a4 RG |
623 | extern int g_tcpRecvTimeout; |
624 | extern int g_tcpSendTimeout; | |
e0b5e49d | 625 | extern int g_udpTimeout; |
e41f8165 RG |
626 | extern uint16_t g_maxOutstanding; |
627 | extern std::atomic<bool> g_configurationDone; | |
6c1ca990 RG |
628 | extern uint64_t g_maxTCPClientThreads; |
629 | extern uint64_t g_maxTCPQueuedConnections; | |
9396d955 RG |
630 | extern size_t g_maxTCPQueriesPerConn; |
631 | extern size_t g_maxTCPConnectionDuration; | |
632 | extern size_t g_maxTCPConnectionsPerClient; | |
886e2cf2 | 633 | extern std::atomic<uint16_t> g_cacheCleaningDelay; |
f65ea0c2 | 634 | extern std::atomic<uint16_t> g_cacheCleaningPercentage; |
9e87dcb8 | 635 | extern bool g_verboseHealthChecks; |
1ea747c0 | 636 | extern uint32_t g_staleCacheEntriesTTL; |
56d68fad RG |
637 | extern bool g_apiReadWrite; |
638 | extern std::string g_apiConfigDirectory; | |
26a3cdb7 | 639 | extern bool g_servFailOnNoPolicy; |
ca404e94 | 640 | |
ca4252e0 RG |
641 | struct ConsoleKeyword { |
642 | std::string name; | |
643 | bool function; | |
644 | std::string parameters; | |
645 | std::string description; | |
646 | std::string toString() const | |
647 | { | |
648 | std::string res(name); | |
649 | if (function) { | |
650 | res += "(" + parameters + ")"; | |
651 | } | |
652 | res += ": "; | |
653 | res += description; | |
654 | return res; | |
655 | } | |
656 | }; | |
657 | extern const std::vector<ConsoleKeyword> g_consoleKeywords; | |
658 | ||
87b515ed RG |
659 | #ifdef HAVE_EBPF |
660 | extern shared_ptr<BPFFilter> g_defaultBPFFilter; | |
8429ad04 | 661 | extern std::vector<std::shared_ptr<DynBPFFilter> > g_dynBPFFilters; |
87b515ed RG |
662 | #endif /* HAVE_EBPF */ |
663 | ||
ecbe9133 | 664 | struct dnsheader; |
665 | ||
666 | void controlThread(int fd, ComboAddress local); | |
839f3021 | 667 | vector<std::function<void(void)>> setupLua(bool client, const std::string& config); |
886e2cf2 RG |
668 | std::shared_ptr<ServerPool> getPool(const pools_t& pools, const std::string& poolName); |
669 | std::shared_ptr<ServerPool> createPoolIfNotExists(pools_t& pools, const string& poolName); | |
670 | const NumberedServerVector& getDownstreamCandidates(const pools_t& pools, const std::string& poolName); | |
da4e7813 | 671 | |
497a6e3a | 672 | std::shared_ptr<DownstreamState> firstAvailable(const NumberedServerVector& servers, const DNSQuestion* dq); |
ecbe9133 | 673 | |
497a6e3a RG |
674 | std::shared_ptr<DownstreamState> leastOutstanding(const NumberedServerVector& servers, const DNSQuestion* dq); |
675 | std::shared_ptr<DownstreamState> wrandom(const NumberedServerVector& servers, const DNSQuestion* dq); | |
676 | std::shared_ptr<DownstreamState> whashed(const NumberedServerVector& servers, const DNSQuestion* dq); | |
677 | std::shared_ptr<DownstreamState> roundrobin(const NumberedServerVector& servers, const DNSQuestion* dq); | |
520eb5a0 | 678 | int getEDNSZ(const char* packet, unsigned int len); |
6ca7a40a | 679 | void spoofResponseFromString(DNSQuestion& dq, const string& spoofContent); |
ca404e94 | 680 | uint16_t getEDNSOptionCode(const char * packet, size_t len); |
002decab | 681 | void dnsdistWebserverThread(int sock, const ComboAddress& local, const string& password, const string& apiKey, const boost::optional<std::map<std::string, std::string> >&); |
6885d4bf | 682 | bool getMsgLen32(int fd, uint32_t* len); |
683 | bool putMsgLen32(int fd, uint32_t len); | |
d8d85a30 | 684 | void* tcpAcceptorThread(void* p); |
80a216c9 | 685 | |
886e2cf2 | 686 | void moreLua(bool client); |
ffb07158 | 687 | void doClient(ComboAddress server, const std::string& command); |
688 | void doConsole(); | |
689 | void controlClientThread(int fd, ComboAddress client); | |
690 | extern "C" { | |
691 | char** my_completion( const char * text , int start, int end); | |
692 | } | |
f758857a | 693 | void setLuaNoSideEffect(); // if nothing has been declared, set that there are no side effects |
694 | void setLuaSideEffect(); // set to report a side effect, cancelling all _no_ side effect calls | |
695 | bool getLuaNoSideEffect(); // set if there were only explicit declarations of _no_ side effect | |
696 | void resetLuaSideEffect(); // reset to indeterminate state | |
11e1e08b | 697 | |
fcffc585 | 698 | bool responseContentMatches(const char* response, const uint16_t responseLen, const DNSName& qname, const uint16_t qtype, const uint16_t qclass, const ComboAddress& remote); |
71c94675 | 699 | bool processQuery(LocalStateHolder<NetmaskTree<DynBlock> >& localDynBlockNMG, |
700 | LocalStateHolder<SuffixMatchTree<DynBlock> >& localDynBlockSMT, LocalStateHolder<vector<pair<std::shared_ptr<DNSRule>, std::shared_ptr<DNSAction> > > >& localRulactions, blockfilter_t blockFilter, DNSQuestion& dq, string& poolname, int* delayMsec, const struct timespec& now); | |
788c3243 | 701 | bool processResponse(LocalStateHolder<vector<pair<std::shared_ptr<DNSRule>, std::shared_ptr<DNSResponseAction> > > >& localRespRulactions, DNSResponse& dr, int* delayMsec); |
ff73f02b | 702 | bool fixUpResponse(char** response, uint16_t* responseLen, size_t* responseSize, const DNSName& qname, uint16_t origFlags, bool ednsAdded, bool ecsAdded, std::vector<uint8_t>& rewrittenResponse, uint16_t addRoom); |
0f72fd5c | 703 | void restoreFlags(struct dnsheader* dh, uint16_t origFlags); |
fcffc585 | 704 | |
11e1e08b | 705 | #ifdef HAVE_DNSCRYPT |
9e284f31 | 706 | extern std::vector<std::tuple<ComboAddress,DnsCryptContext,bool,int>> g_dnsCryptLocals; |
11e1e08b RG |
707 | |
708 | int handleDnsCryptQuery(DnsCryptContext* ctx, char* packet, uint16_t len, std::shared_ptr<DnsCryptQuery>& query, uint16_t* decryptedQueryLen, bool tcp, std::vector<uint8_t>& reponse); | |
0f72fd5c | 709 | bool encryptResponse(char* response, uint16_t* responseLen, size_t responseSize, bool tcp, std::shared_ptr<DnsCryptQuery> dnsCryptQuery); |
11e1e08b | 710 | #endif |