[thirdparty/pdns.git] / pdns / nproxy.cc

/*
 * This file is part of PowerDNS or dnsdist.
 * Copyright -- PowerDNS.COM B.V. and its contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * In addition, for the avoidance of any doubt, permission is granted to
 * link this program with OpenSSL and to (re)distribute the binaries
 * produced as the result of such linking.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <bitset>
#include "dnsparser.hh"
#include "iputils.hh"
#include <boost/program_options.hpp>

#include <boost/format.hpp>
#include <boost/utility.hpp>
#include <boost/multi_index_container.hpp>
#include <boost/multi_index/ordered_index.hpp>
#include <boost/multi_index/key_extractors.hpp>
#include <boost/algorithm/string.hpp>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <grp.h>
#include <unistd.h>
#include "dnsrecords.hh"
#include "mplexer.hh"
#include "statbag.hh"

#include "namespaces.hh"
using namespace ::boost::multi_index;

namespace po = boost::program_options;
po::variables_map g_vm;

StatBag S;

FDMultiplexer* g_fdm;
int g_pdnssocket;
bool g_verbose;

struct NotificationInFlight
{
  ComboAddress source;
  time_t resentTime;
  DNSName domain;
  uint16_t origID, resentID;
  int origSocket;
};

typedef map<uint16_t, NotificationInFlight> nifs_t;
nifs_t g_nifs;

static void syslogFmt(const boost::format& fmt)
{
  cerr<<"nproxy: "<<fmt<<endl;
  syslog(LOG_WARNING, "%s", str(fmt).c_str());
}

static void handleOutsideUDPPacket(int fd, boost::any&)
try
{
  char buffer[1500];
  struct NotificationInFlight nif;
  /* make sure we report enough room for IPv6 */
  nif.source.sin4.sin_family = AF_INET6;
  nif.origSocket = fd;

  socklen_t socklen=nif.source.getSocklen();

  int res=recvfrom(fd, buffer, sizeof(buffer), 0, (struct sockaddr*)&nif.source, &socklen);
  if(!res)
    return;

  if(res < 0) 
    throw runtime_error("reading packet from remote: "+stringerror());
    
  MOADNSParser mdp(true, string(buffer,res));
  nif.domain = mdp.d_qname;
  nif.origID = mdp.d_header.id;


  if(mdp.d_header.opcode == Opcode::Query && !mdp.d_header.qr && mdp.d_answers.empty() && mdp.d_qname.toString() == "pdns.nproxy." && 
     (mdp.d_qtype == QType::TXT || mdp.d_qtype ==QType::A)) {
    vector<uint8_t> packet;
    DNSPacketWriter pw(packet, mdp.d_qname, mdp.d_qtype);
    pw.getHeader()->id = mdp.d_header.id;
    pw.getHeader()->rd = mdp.d_header.rd;
    pw.getHeader()->qr = 1;

    pw.startRecord(mdp.d_qname, mdp.d_qtype);
    if(mdp.d_qtype == QType::TXT) {
      TXTRecordContent trc("\"OK\"");
      trc.toPacket(pw);
    }
    else if(mdp.d_qtype == QType::A) {
      ARecordContent arc("1.2.3.4");
      arc.toPacket(pw);
    }
    pw.commit();

    if(sendto(fd, &packet[0], packet.size(), 0, (struct sockaddr*)&nif.source, socklen) < 0) {
      syslogFmt(boost::format("Unable to send health check response to external nameserver %s - %s") % nif.source.toStringWithPort() % stringerror());
    }
    return;
  }

  if(mdp.d_header.opcode != Opcode::Notify || mdp.d_qtype != QType::SOA) {
    syslogFmt(boost::format("Received non-notification packet for domain '%s' from external nameserver %s") % nif.domain.toString() % nif.source.toStringWithPort());
    return;
  }
  syslogFmt(boost::format("External notification received for domain '%s' from %s") % nif.domain.toString() % nif.source.toStringWithPort());  
  vector<uint8_t> outpacket;
  DNSPacketWriter pw(outpacket, mdp.d_qname, mdp.d_qtype, 1, Opcode::Notify);

  static uint16_t s_idpool;
  pw.getHeader()->id = nif.resentID = s_idpool++;
  
  if(send(g_pdnssocket, &outpacket[0], outpacket.size(), 0) < 0) {
    throw runtime_error("Unable to send notify to PowerDNS: "+stringerror());
  }
  nif.resentTime=time(0);
  g_nifs[nif.resentID] = nif;

}
catch(std::exception &e)
{
  syslogFmt(boost::format("Error parsing packet from external nameserver: %s") % e.what());
}


static void handleInsideUDPPacket(int fd, boost::any&)
try
{
  char buffer[1500];
  struct NotificationInFlight nif;
  /* make sure we report enough room for IPv6 */
  nif.source.sin4.sin_family = AF_INET6;

  socklen_t socklen=nif.source.getSocklen();

  int len=recvfrom(fd, buffer, sizeof(buffer), 0, (struct sockaddr*)&nif.source, &socklen);
  if(!len)
    return;

  if(len < 0) 
    throw runtime_error("reading packet from remote: "+stringerror());
    
  string packet(buffer, len);
  MOADNSParser mdp(false, packet);

  //  cerr<<"Inside notification response for: "<<mdp.d_qname<<endl;

  if(!g_nifs.count(mdp.d_header.id)) {
    syslogFmt(boost::format("Response from inner PowerDNS with unknown ID %1%") % (uint16_t)mdp.d_header.id);
    return;
  }
  
  nif=g_nifs[mdp.d_header.id];

  if(nif.domain != mdp.d_qname) {
    syslogFmt(boost::format("Response from inner nameserver for different domain '%s' than original notification '%s'") % mdp.d_qname.toString() % nif.domain.toString());
  } else {
    if(sendto(nif.origSocket, buffer, len, 0, (sockaddr*) &nif.source, nif.source.getSocklen()) < 0) {
      syslogFmt(boost::format("Unable to send notification response to external nameserver %s - %s") % nif.source.toStringWithPort() % stringerror());
    }
    else
      syslogFmt(boost::format("Sent notification response to external nameserver %s for domain '%s'") % nif.source.toStringWithPort() % nif.domain.toString());
  }
  g_nifs.erase(mdp.d_header.id);

}
catch(std::exception &e)
{
  syslogFmt(boost::format("Error parsing packet from internal nameserver: %s") % e.what());
}

static void expireOldNotifications()
{
  time_t limit = time(0) - 10;
  for(nifs_t::iterator iter = g_nifs.begin(); iter != g_nifs.end(); ) {
    if(iter->second.resentTime < limit) {
      syslogFmt(boost::format("Notification for domain '%s' was sent to inner nameserver, but no response within 10 seconds") % iter->second.domain.toString());
      g_nifs.erase(iter++);
    }
    else
      ++iter;
  }
}

static void daemonize(int null_fd)
{
  if(fork())
    exit(0); // bye bye

  setsid();

  dup2(null_fd,0); /* stdin */
  dup2(null_fd,1); /* stderr */
  dup2(null_fd,2); /* stderr */
}

static void usage(po::options_description &desc) {
  cerr<<"nproxy"<<endl;
  cerr<<desc<<endl;
}

int main(int argc, char** argv)
try
{
  reportAllTypes();
  openlog("nproxy", LOG_NDELAY | LOG_PID, LOG_DAEMON);

  g_fdm = FDMultiplexer::getMultiplexerSilent();
  if(!g_fdm) {
    throw std::runtime_error("Could not enable a multiplexer");
  }
  
  po::options_description desc("Allowed options");
  desc.add_options()
    ("help,h", "produce help message")
    ("version", "print the version")
    ("powerdns-address", po::value<string>(), "IP address of PowerDNS server")
    ("chroot", po::value<string>(), "chroot to this directory for additional security")
    ("setuid", po::value<int>(), "setuid to this numerical user id")
    ("setgid", po::value<int>(), "setgid to this numerical user id")
    ("origin-address", po::value<string>()->default_value("::"), "Source address for notifications to PowerDNS")
    ("listen-address", po::value<vector<string> >(), "IP addresses to listen on")
    ("listen-port", po::value<int>()->default_value(53), "Source port to listen on")
    ("daemon,d", po::value<bool>()->default_value(true), "operate in the background")
    ("verbose,v", "be verbose");

  po::store(po::command_line_parser(argc, argv).options(desc).run(), g_vm);
  po::notify(g_vm);

  if (g_vm.count("help")) {
    usage(desc);
    return EXIT_SUCCESS;
  }

  if (g_vm.count("version")) {
    cerr << "nproxy " << VERSION << endl;
    return EXIT_SUCCESS;
  }

  if(!g_vm.count("powerdns-address")) {
    cerr<<"Mandatory setting 'powerdns-address' unset:\n"<<endl;
    usage(desc);
    return EXIT_FAILURE;
  }

  if(!g_vm.count("verbose")) {
    g_verbose=true;
  }
  
  vector<string> addresses;
  if(g_vm.count("listen-address"))
    addresses=g_vm["listen-address"].as<vector<string> >();
  else
    addresses.push_back("::");

  // create sockets to listen on
  
  syslogFmt(boost::format("Starting up"));
  for(vector<string>::const_iterator address = addresses.begin(); address != addresses.end(); ++address) {
    ComboAddress local(*address, g_vm["listen-port"].as<int>());
    int sock = socket(local.sin4.sin_family, SOCK_DGRAM, 0);
    if(sock < 0)
      throw runtime_error("Creating socket for incoming packets: "+stringerror());

    if(::bind(sock,(sockaddr*) &local, local.getSocklen()) < 0)
      throw runtime_error("Binding socket for incoming packets to '"+ local.toStringWithPort()+"': "+stringerror());

    g_fdm->addReadFD(sock, handleOutsideUDPPacket); // add to fdmultiplexer for each socket
    syslogFmt(boost::format("Listening for external notifications on address %s") % local.toStringWithPort());
  }

  // create socket that talks to inner PowerDNS
  ComboAddress originAddress(g_vm["origin-address"].as<string>(), 0);
  g_pdnssocket=socket(originAddress.sin4.sin_family, SOCK_DGRAM, 0);
  if(g_pdnssocket < 0)
    throw runtime_error("Creating socket for packets to PowerDNS: "+stringerror());

  
  if(::bind(g_pdnssocket,(sockaddr*) &originAddress, originAddress.getSocklen()) < 0)
      throw runtime_error("Binding local address of inward socket to '"+ originAddress.toStringWithPort()+"': "+stringerror());
  

  ComboAddress pdns(g_vm["powerdns-address"].as<string>(), 53);
  if(connect(g_pdnssocket, (struct sockaddr*) &pdns, pdns.getSocklen()) < 0) 
    throw runtime_error("Failed to connect PowerDNS socket to address "+pdns.toStringWithPort()+": "+stringerror());

  syslogFmt(boost::format("Sending notifications from %s to internal address %s") % originAddress.toString() % pdns.toStringWithPort());

  g_fdm->addReadFD(g_pdnssocket, handleInsideUDPPacket);

  int null_fd=open("/dev/null",O_RDWR); /* open stdin */
  if(null_fd < 0)
    throw runtime_error("Unable to open /dev/null: "+stringerror());

  if(g_vm.count("chroot")) {
    if(chroot(g_vm["chroot"].as<string>().c_str()) < 0 || chdir("/") < 0)
      throw runtime_error("while chrooting to "+g_vm["chroot"].as<string>());
    syslogFmt(boost::format("Changed root to directory '%s'") % g_vm["chroot"].as<string>());
  }

  if(g_vm.count("setgid")) {
    if(setgid(g_vm["setgid"].as<int>()) < 0)
      throw runtime_error("while changing gid to "+std::to_string(g_vm["setgid"].as<int>()));
    syslogFmt(boost::format("Changed gid to %d") % g_vm["setgid"].as<int>());
    if(setgroups(0, NULL) < 0)
      throw runtime_error("while dropping supplementary groups");
  }

  if(g_vm.count("setuid")) {
    if(setuid(g_vm["setuid"].as<int>()) < 0)
      throw runtime_error("while changing uid to "+std::to_string(g_vm["setuid"].as<int>()));
    syslogFmt(boost::format("Changed uid to %d") % g_vm["setuid"].as<int>());
  }

  if(g_vm["daemon"].as<bool>()) {
    syslogFmt(boost::format("Daemonizing"));
    daemonize(null_fd);
  }
  close(null_fd);
  syslogFmt(boost::format("Program operational"));


  // start loop
  struct timeval now;
  for(;;) {
    gettimeofday(&now, 0);
    g_fdm->run(&now);
    // check for notifications that have been outstanding for more than 10 seconds
    expireOldNotifications();
  }
}
catch(boost::program_options::error& e) 
{
  syslogFmt(boost::format("Error parsing command line options: %s") % e.what());
}
catch(std::exception& e)
{
  syslogFmt(boost::format("Fatal: %s") % e.what());
}
catch(PDNSException& e)
{
  syslogFmt(boost::format("Fatal: %s") % e.reason);
}
Commit	Line	Data
12471842 PL	1	/*
	2	* This file is part of PowerDNS or dnsdist.
	3	* Copyright -- PowerDNS.COM B.V. and its contributors
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of version 2 of the GNU General Public License as
	7	* published by the Free Software Foundation.
	8	*
	9	* In addition, for the avoidance of any doubt, permission is granted to
	10	* link this program with OpenSSL and to (re)distribute the binaries
	11	* produced as the result of such linking.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License
	19	* along with this program; if not, write to the Free Software
	20	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	21	*/
870a0fe4 AT	22	#ifdef HAVE_CONFIG_H
	23	#include "config.h"
	24	#endif
0efda032 BH	25	#include <bitset>
	26	#include "dnsparser.hh"
	27	#include "iputils.hh"
0efda032 BH	28	#include <boost/program_options.hpp>
	29
	30	#include <boost/format.hpp>
	31	#include <boost/utility.hpp>
	32	#include <boost/multi_index_container.hpp>
	33	#include <boost/multi_index/ordered_index.hpp>
	34	#include <boost/multi_index/key_extractors.hpp>
8472da1b BH	35	#include <boost/algorithm/string.hpp>
	36	#include <sys/types.h>
	37	#include <sys/stat.h>
	38	#include <fcntl.h>
2d21c5cd	39	#include <grp.h>
17d38f8d	40	#include <unistd.h>
df62aa1d	41	#include "dnsrecords.hh"
0efda032	42	#include "mplexer.hh"
8bc03e7e	43	#include "statbag.hh"
0efda032	44
61b26744	45	#include "namespaces.hh"
0efda032	46	using namespace ::boost::multi_index;
0efda032 BH	47
	48	namespace po = boost::program_options;
	49	po::variables_map g_vm;
	50
8bc03e7e BH	51	StatBag S;
8bc03e7e BH	52
4226cfd0	53	FDMultiplexer* g_fdm;
0efda032	54	int g_pdnssocket;
8472da1b	55	bool g_verbose;
0efda032 BH	56
	57	struct NotificationInFlight
	58	{
	59	ComboAddress source;
33ecb315	60	time_t resentTime;
5ab019ac	61	DNSName domain;
33ecb315 BH	62	uint16_t origID, resentID;
33ecb315 BH	63	int origSocket;
0efda032 BH	64	};
0efda032 BH	65
8472da1b BH	66	typedef map<uint16_t, NotificationInFlight> nifs_t;
8472da1b BH	67	nifs_t g_nifs;
33ecb315	68
050e6877	69	static void syslogFmt(const boost::format& fmt)
c37f5e15 BH	70	{
	71	cerr<<"nproxy: "<<fmt<<endl;
	72	syslog(LOG_WARNING, "%s", str(fmt).c_str());
	73	}
	74
050e6877	75	static void handleOutsideUDPPacket(int fd, boost::any&)
0efda032 BH	76	try
	77	{
	78	char buffer[1500];
	79	struct NotificationInFlight nif;
d7c676a5 RG	80	/* make sure we report enough room for IPv6 */
d7c676a5 RG	81	nif.source.sin4.sin_family = AF_INET6;
33ecb315	82	nif.origSocket = fd;
0efda032	83
d7c676a5	84	socklen_t socklen=nif.source.getSocklen();
0efda032 BH	85
	86	int res=recvfrom(fd, buffer, sizeof(buffer), 0, (struct sockaddr*)&nif.source, &socklen);
	87	if(!res)
	88	return;
	89
	90	if(res < 0)
	91	throw runtime_error("reading packet from remote: "+stringerror());
	92
2010ac95	93	MOADNSParser mdp(true, string(buffer,res));
33ecb315 BH	94	nif.domain = mdp.d_qname;
33ecb315 BH	95	nif.origID = mdp.d_header.id;
0efda032	96
c37f5e15	97
5ab019ac	98	if(mdp.d_header.opcode == Opcode::Query && !mdp.d_header.qr && mdp.d_answers.empty() && mdp.d_qname.toString() == "pdns.nproxy." &&
8825be6b	99	(mdp.d_qtype == QType::TXT \|\| mdp.d_qtype ==QType::A)) {
df62aa1d BH	100	vector<uint8_t> packet;
	101	DNSPacketWriter pw(packet, mdp.d_qname, mdp.d_qtype);
	102	pw.getHeader()->id = mdp.d_header.id;
	103	pw.getHeader()->rd = mdp.d_header.rd;
	104	pw.getHeader()->qr = 1;
	105
8825be6b BH	106	pw.startRecord(mdp.d_qname, mdp.d_qtype);
	107	if(mdp.d_qtype == QType::TXT) {
	108	TXTRecordContent trc("\"OK\"");
	109	trc.toPacket(pw);
	110	}
	111	else if(mdp.d_qtype == QType::A) {
	112	ARecordContent arc("1.2.3.4");
	113	arc.toPacket(pw);
	114	}
df62aa1d	115	pw.commit();
0d502f42 BH	116
	117	if(sendto(fd, &packet[0], packet.size(), 0, (struct sockaddr*)&nif.source, socklen) < 0) {
	118	syslogFmt(boost::format("Unable to send health check response to external nameserver %s - %s") % nif.source.toStringWithPort() % stringerror());
	119	}
df62aa1d BH	120	return;
df62aa1d BH	121	}
0efda032 BH	122
0efda032 BH	123	if(mdp.d_header.opcode != Opcode::Notify \|\| mdp.d_qtype != QType::SOA) {
5ab019ac	124	syslogFmt(boost::format("Received non-notification packet for domain '%s' from external nameserver %s") % nif.domain.toString() % nif.source.toStringWithPort());
0efda032 BH	125	return;
0efda032 BH	126	}
5ab019ac	127	syslogFmt(boost::format("External notification received for domain '%s' from %s") % nif.domain.toString() % nif.source.toStringWithPort());
0efda032 BH	128	vector<uint8_t> outpacket;
0efda032 BH	129	DNSPacketWriter pw(outpacket, mdp.d_qname, mdp.d_qtype, 1, Opcode::Notify);
33ecb315 BH	130
	131	static uint16_t s_idpool;
	132	pw.getHeader()->id = nif.resentID = s_idpool++;
	133
	134	if(send(g_pdnssocket, &outpacket[0], outpacket.size(), 0) < 0) {
	135	throw runtime_error("Unable to send notify to PowerDNS: "+stringerror());
	136	}
	137	nif.resentTime=time(0);
	138	g_nifs[nif.resentID] = nif;
	139
	140	}
adc10f99	141	catch(std::exception &e)
33ecb315	142	{
c37f5e15	143	syslogFmt(boost::format("Error parsing packet from external nameserver: %s") % e.what());
33ecb315 BH	144	}
	145
	146
050e6877	147	static void handleInsideUDPPacket(int fd, boost::any&)
33ecb315 BH	148	try
	149	{
	150	char buffer[1500];
	151	struct NotificationInFlight nif;
d7c676a5 RG	152	/* make sure we report enough room for IPv6 */
d7c676a5 RG	153	nif.source.sin4.sin_family = AF_INET6;
33ecb315	154
d7c676a5	155	socklen_t socklen=nif.source.getSocklen();
33ecb315	156
8472da1b BH	157	int len=recvfrom(fd, buffer, sizeof(buffer), 0, (struct sockaddr*)&nif.source, &socklen);
8472da1b BH	158	if(!len)
33ecb315 BH	159	return;
33ecb315 BH	160
8472da1b	161	if(len < 0)
33ecb315 BH	162	throw runtime_error("reading packet from remote: "+stringerror());
33ecb315 BH	163
8472da1b	164	string packet(buffer, len);
27c0050c	165	MOADNSParser mdp(false, packet);
33ecb315	166
c37f5e15	167	// cerr<<"Inside notification response for: "<<mdp.d_qname<<endl;
33ecb315 BH	168
33ecb315 BH	169	if(!g_nifs.count(mdp.d_header.id)) {
73367b2e	170	syslogFmt(boost::format("Response from inner PowerDNS with unknown ID %1%") % (uint16_t)mdp.d_header.id);
33ecb315 BH	171	return;
	172	}
	173
	174	nif=g_nifs[mdp.d_header.id];
	175
5ab019ac PL	176	if(nif.domain != mdp.d_qname) {
5ab019ac PL	177	syslogFmt(boost::format("Response from inner nameserver for different domain '%s' than original notification '%s'") % mdp.d_qname.toString() % nif.domain.toString());
8472da1b	178	} else {
8472da1b	179	if(sendto(nif.origSocket, buffer, len, 0, (sockaddr*) &nif.source, nif.source.getSocklen()) < 0) {
c37f5e15	180	syslogFmt(boost::format("Unable to send notification response to external nameserver %s - %s") % nif.source.toStringWithPort() % stringerror());
8472da1b	181	}
c37f5e15	182	else
5ab019ac	183	syslogFmt(boost::format("Sent notification response to external nameserver %s for domain '%s'") % nif.source.toStringWithPort() % nif.domain.toString());
0efda032	184	}
8472da1b	185	g_nifs.erase(mdp.d_header.id);
0efda032 BH	186
0efda032 BH	187	}
adc10f99	188	catch(std::exception &e)
0efda032	189	{
c37f5e15	190	syslogFmt(boost::format("Error parsing packet from internal nameserver: %s") % e.what());
0efda032 BH	191	}
0efda032 BH	192
050e6877	193	static void expireOldNotifications()
8472da1b BH	194	{
	195	time_t limit = time(0) - 10;
	196	for(nifs_t::iterator iter = g_nifs.begin(); iter != g_nifs.end(); ) {
	197	if(iter->second.resentTime < limit) {
5ab019ac	198	syslogFmt(boost::format("Notification for domain '%s' was sent to inner nameserver, but no response within 10 seconds") % iter->second.domain.toString());
8472da1b BH	199	g_nifs.erase(iter++);
	200	}
	201	else
	202	++iter;
	203	}
	204	}
33ecb315	205
050e6877 RG	206	static void daemonize(int null_fd)
	207	{
	208	if(fork())
	209	exit(0); // bye bye
33ecb315	210
050e6877 RG	211	setsid();
	212
	213	dup2(null_fd,0); /* stdin */
	214	dup2(null_fd,1); /* stderr */
	215	dup2(null_fd,2); /* stderr */
	216	}
	217
	218	static void usage(po::options_description &desc) {
f5df3c78 PL	219	cerr<<"nproxy"<<endl;
	220	cerr<<desc<<endl;
	221	}
	222
0efda032 BH	223	int main(int argc, char** argv)
	224	try
	225	{
df62aa1d	226	reportAllTypes();
c37f5e15 BH	227	openlog("nproxy", LOG_NDELAY \| LOG_PID, LOG_DAEMON);
c37f5e15 BH	228
4226cfd0	229	g_fdm = FDMultiplexer::getMultiplexerSilent();
	230	if(!g_fdm) {
	231	throw std::runtime_error("Could not enable a multiplexer");
	232	}
	233
0efda032 BH	234	po::options_description desc("Allowed options");
	235	desc.add_options()
	236	("help,h", "produce help message")
f5df3c78	237	("version", "print the version")
8472da1b	238	("powerdns-address", po::value<string>(), "IP address of PowerDNS server")
c37f5e15 BH	239	("chroot", po::value<string>(), "chroot to this directory for additional security")
	240	("setuid", po::value<int>(), "setuid to this numerical user id")
	241	("setgid", po::value<int>(), "setgid to this numerical user id")
8472da1b BH	242	("origin-address", po::value<string>()->default_value("::"), "Source address for notifications to PowerDNS")
8472da1b BH	243	("listen-address", po::value<vector<string> >(), "IP addresses to listen on")
b4e82077	244	("listen-port", po::value<int>()->default_value(53), "Source port to listen on")
8472da1b BH	245	("daemon,d", po::value<bool>()->default_value(true), "operate in the background")
8472da1b BH	246	("verbose,v", "be verbose");
0efda032 BH	247
	248	po::store(po::command_line_parser(argc, argv).options(desc).run(), g_vm);
	249	po::notify(g_vm);
	250
	251	if (g_vm.count("help")) {
f5df3c78 PL	252	usage(desc);
	253	return EXIT_SUCCESS;
	254	}
	255
	256	if (g_vm.count("version")) {
	257	cerr << "nproxy " << VERSION << endl;
0efda032 BH	258	return EXIT_SUCCESS;
	259	}
	260
8472da1b	261	if(!g_vm.count("powerdns-address")) {
f5df3c78 PL	262	cerr<<"Mandatory setting 'powerdns-address' unset:\n"<<endl;
f5df3c78 PL	263	usage(desc);
0efda032 BH	264	return EXIT_FAILURE;
0efda032 BH	265	}
8472da1b BH	266
	267	if(!g_vm.count("verbose")) {
	268	g_verbose=true;
	269	}
0efda032 BH	270
0efda032 BH	271	vector<string> addresses;
8472da1b BH	272	if(g_vm.count("listen-address"))
8472da1b BH	273	addresses=g_vm["listen-address"].as<vector<string> >();
0efda032 BH	274	else
	275	addresses.push_back("::");
	276
	277	// create sockets to listen on
	278
c37f5e15	279	syslogFmt(boost::format("Starting up"));
0efda032	280	for(vector<string>::const_iterator address = addresses.begin(); address != addresses.end(); ++address) {
b4e82077	281	ComboAddress local(*address, g_vm["listen-port"].as<int>());
0efda032 BH	282	int sock = socket(local.sin4.sin_family, SOCK_DGRAM, 0);
	283	if(sock < 0)
	284	throw runtime_error("Creating socket for incoming packets: "+stringerror());
	285
	286	if(::bind(sock,(sockaddr*) &local, local.getSocklen()) < 0)
8472da1b	287	throw runtime_error("Binding socket for incoming packets to '"+ local.toStringWithPort()+"': "+stringerror());
0efda032	288
4226cfd0	289	g_fdm->addReadFD(sock, handleOutsideUDPPacket); // add to fdmultiplexer for each socket
c37f5e15	290	syslogFmt(boost::format("Listening for external notifications on address %s") % local.toStringWithPort());
0efda032 BH	291	}
0efda032 BH	292
33ecb315	293	// create socket that talks to inner PowerDNS
b4e82077 BH	294	ComboAddress originAddress(g_vm["origin-address"].as<string>(), 0);
b4e82077 BH	295	g_pdnssocket=socket(originAddress.sin4.sin_family, SOCK_DGRAM, 0);
0efda032 BH	296	if(g_pdnssocket < 0)
	297	throw runtime_error("Creating socket for packets to PowerDNS: "+stringerror());
	298
b4e82077	299
8472da1b BH	300	if(::bind(g_pdnssocket,(sockaddr*) &originAddress, originAddress.getSocklen()) < 0)
	301	throw runtime_error("Binding local address of inward socket to '"+ originAddress.toStringWithPort()+"': "+stringerror());
	302
	303
	304	ComboAddress pdns(g_vm["powerdns-address"].as<string>(), 53);
0efda032	305	if(connect(g_pdnssocket, (struct sockaddr*) &pdns, pdns.getSocklen()) < 0)
c37f5e15 BH	306	throw runtime_error("Failed to connect PowerDNS socket to address "+pdns.toStringWithPort()+": "+stringerror());
c37f5e15 BH	307
f7fb7022	308	syslogFmt(boost::format("Sending notifications from %s to internal address %s") % originAddress.toString() % pdns.toStringWithPort());
0efda032	309
4226cfd0	310	g_fdm->addReadFD(g_pdnssocket, handleInsideUDPPacket);
33ecb315	311
4c89ccef CH	312	int null_fd=open("/dev/null",O_RDWR); /* open stdin */
	313	if(null_fd < 0)
	314	throw runtime_error("Unable to open /dev/null: "+stringerror());
	315
0efda032	316	if(g_vm.count("chroot")) {
4c89ccef	317	if(chroot(g_vm["chroot"].as<string>().c_str()) < 0 \|\| chdir("/") < 0)
0efda032	318	throw runtime_error("while chrooting to "+g_vm["chroot"].as<string>());
c37f5e15 BH	319	syslogFmt(boost::format("Changed root to directory '%s'") % g_vm["chroot"].as<string>());
	320	}
	321
fe97f596 PD	322	if(g_vm.count("setgid")) {
fe97f596 PD	323	if(setgid(g_vm["setgid"].as<int>()) < 0)
335da0ba	324	throw runtime_error("while changing gid to "+std::to_string(g_vm["setgid"].as<int>()));
fe97f596 PD	325	syslogFmt(boost::format("Changed gid to %d") % g_vm["setgid"].as<int>());
	326	if(setgroups(0, NULL) < 0)
	327	throw runtime_error("while dropping supplementary groups");
	328	}
	329
c37f5e15 BH	330	if(g_vm.count("setuid")) {
c37f5e15 BH	331	if(setuid(g_vm["setuid"].as<int>()) < 0)
335da0ba	332	throw runtime_error("while changing uid to "+std::to_string(g_vm["setuid"].as<int>()));
c37f5e15 BH	333	syslogFmt(boost::format("Changed uid to %d") % g_vm["setuid"].as<int>());
	334	}
	335
8472da1b	336	if(g_vm["daemon"].as<bool>()) {
c37f5e15	337	syslogFmt(boost::format("Daemonizing"));
4c89ccef	338	daemonize(null_fd);
8472da1b	339	}
4c89ccef	340	close(null_fd);
c37f5e15	341	syslogFmt(boost::format("Program operational"));
8472da1b BH	342
8472da1b BH	343
0efda032 BH	344	// start loop
	345	struct timeval now;
	346	for(;;) {
	347	gettimeofday(&now, 0);
4226cfd0	348	g_fdm->run(&now);
0efda032	349	// check for notifications that have been outstanding for more than 10 seconds
8472da1b	350	expireOldNotifications();
0efda032	351	}
0efda032	352	}
c37f5e15 BH	353	catch(boost::program_options::error& e)
	354	{
	355	syslogFmt(boost::format("Error parsing command line options: %s") % e.what());
	356	}
adc10f99	357	catch(std::exception& e)
0efda032	358	{
c37f5e15	359	syslogFmt(boost::format("Fatal: %s") % e.what());
0efda032	360	}
3f81d239	361	catch(PDNSException& e)
8472da1b	362	{
c37f5e15	363	syslogFmt(boost::format("Fatal: %s") % e.reason);
8472da1b	364	}