]>
Commit | Line | Data |
---|---|---|
12471842 PL |
1 | /* |
2 | * This file is part of PowerDNS or dnsdist. | |
3 | * Copyright -- PowerDNS.COM B.V. and its contributors | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of version 2 of the GNU General Public License as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * In addition, for the avoidance of any doubt, permission is granted to | |
10 | * link this program with OpenSSL and to (re)distribute the binaries | |
11 | * produced as the result of such linking. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License | |
19 | * along with this program; if not, write to the Free Software | |
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
21 | */ | |
32cdc494 | 22 | #pragma once |
00a19ff7 | 23 | #include <string> |
aebb81e4 | 24 | #include <atomic> |
3897b9e1 | 25 | #include "utility.hh" |
00a19ff7 BH |
26 | #include "dns.hh" |
27 | #include "qtype.hh" | |
28 | #include <vector> | |
29 | #include <set> | |
9ea28e46 | 30 | #include <unordered_set> |
00a19ff7 | 31 | #include <map> |
eefd15f9 BH |
32 | #include <cmath> |
33 | #include <iostream> | |
34 | #include <utility> | |
c836dc19 | 35 | #include "misc.hh" |
00a19ff7 | 36 | #include "lwres.hh" |
4898a348 | 37 | #include <boost/optional.hpp> |
92011b8f | 38 | #include <boost/circular_buffer.hpp> |
d6d5dea7 | 39 | #include <boost/utility.hpp> |
1d5b3ce6 | 40 | #include "sstuff.hh" |
9fdf67d5 | 41 | #include "recursor_cache.hh" |
16beeaa4 | 42 | #include "recpacketcache.hh" |
1d5b3ce6 | 43 | #include <boost/tuple/tuple.hpp> |
71dea98d | 44 | #include <boost/optional.hpp> |
1d5b3ce6 BH |
45 | #include <boost/tuple/tuple_comparison.hpp> |
46 | #include "mtasker.hh" | |
a9af3782 | 47 | #include "iputils.hh" |
849fe8d2 | 48 | #include "validate.hh" |
b40562da | 49 | #include "ednssubnet.hh" |
644dd1da | 50 | #include "filterpo.hh" |
39ce10b2 | 51 | #include "negcache.hh" |
644dd1da | 52 | |
20642494 | 53 | #ifdef HAVE_CONFIG_H |
4898a348 | 54 | #include "config.h" |
20642494 PL |
55 | #endif |
56 | ||
4898a348 RG |
57 | #ifdef HAVE_PROTOBUF |
58 | #include <boost/uuid/uuid.hpp> | |
59 | #include <boost/uuid/uuid_generators.hpp> | |
60 | #endif | |
61 | ||
a3e7b735 | 62 | class RecursorLua4; |
620db2c8 | 63 | |
fa1b87ff PL |
64 | typedef map< |
65 | DNSName, | |
66 | pair< | |
67 | vector<ComboAddress>, | |
68 | bool | |
69 | > | |
70 | > NsSet; | |
49f076e8 | 71 | |
bb4bdbaf | 72 | template<class Thing> class Throttle : public boost::noncopyable |
49f076e8 BH |
73 | { |
74 | public: | |
8a70e507 | 75 | Throttle() : d_limit(3), d_ttl(60), d_last_clean(time(0)) |
49f076e8 | 76 | { |
49f076e8 | 77 | } |
96e2f64f | 78 | |
79 | struct entry | |
80 | { | |
81 | time_t ttd; | |
82 | unsigned int count; | |
83 | }; | |
84 | typedef map<Thing,entry> cont_t; | |
85 | ||
87da00e7 | 86 | bool shouldThrottle(time_t now, const Thing& t) |
49f076e8 | 87 | { |
cd7bf56b | 88 | if(now > d_last_clean + 300 ) { |
bb4bdbaf | 89 | |
49f076e8 | 90 | d_last_clean=now; |
594c2ee7 | 91 | for(typename cont_t::iterator i=d_cont.begin();i!=d_cont.end();) { |
4957a608 BH |
92 | if( i->second.ttd < now) { |
93 | d_cont.erase(i++); | |
94 | } | |
95 | else | |
96 | ++i; | |
594c2ee7 | 97 | } |
49f076e8 BH |
98 | } |
99 | ||
49f076e8 BH |
100 | typename cont_t::iterator i=d_cont.find(t); |
101 | if(i==d_cont.end()) | |
102 | return false; | |
ccb07d93 | 103 | if(now > i->second.ttd || i->second.count == 0) { |
49f076e8 | 104 | d_cont.erase(i); |
139c2911 | 105 | return false; |
49f076e8 | 106 | } |
ccb07d93 | 107 | i->second.count--; |
014c60c3 BH |
108 | |
109 | return true; // still listed, still blocked | |
49f076e8 | 110 | } |
3ddb9247 | 111 | void throttle(time_t now, const Thing& t, time_t ttl=0, unsigned int tries=0) |
49f076e8 BH |
112 | { |
113 | typename cont_t::iterator i=d_cont.find(t); | |
87da00e7 | 114 | entry e={ now+(ttl ? ttl : d_ttl), tries ? tries : d_limit}; |
49f076e8 | 115 | |
c214232f | 116 | if(i==d_cont.end()) { |
49f076e8 | 117 | d_cont[t]=e; |
3ddb9247 PD |
118 | } |
119 | else if(i->second.ttd > e.ttd || (i->second.count) < e.count) | |
c214232f | 120 | d_cont[t]=e; |
8a5602d4 | 121 | } |
3ddb9247 | 122 | |
30ee601a | 123 | unsigned int size() const |
8a5602d4 | 124 | { |
705f31ae | 125 | return (unsigned int)d_cont.size(); |
49f076e8 | 126 | } |
30ee601a | 127 | |
96e2f64f | 128 | const cont_t& getThrottleMap() const |
129 | { | |
130 | return d_cont; | |
c1e20fba | 131 | } |
132 | ||
30ee601a RG |
133 | void clear() |
134 | { | |
135 | d_cont.clear(); | |
136 | } | |
c1e20fba | 137 | |
49f076e8 | 138 | private: |
b747bce8 AT |
139 | unsigned int d_limit; |
140 | time_t d_ttl; | |
49f076e8 | 141 | time_t d_last_clean; |
49f076e8 BH |
142 | cont_t d_cont; |
143 | }; | |
144 | ||
145 | ||
eefd15f9 | 146 | /** Class that implements a decaying EWMA. |
36c5ee42 | 147 | This class keeps an exponentially weighted moving average which, additionally, decays over time. |
eefd15f9 BH |
148 | The decaying is only done on get. |
149 | */ | |
150 | class DecayingEwma | |
151 | { | |
152 | public: | |
3ddb9247 | 153 | DecayingEwma() : d_val(0.0) |
71dea98d BH |
154 | { |
155 | d_needinit=true; | |
118dcc93 | 156 | d_last.tv_sec = d_last.tv_usec = 0; |
71dea98d | 157 | d_lastget=d_last; |
36c5ee42 | 158 | } |
d6d5dea7 | 159 | |
71dea98d | 160 | DecayingEwma(const DecayingEwma& orig) : d_last(orig.d_last), d_lastget(orig.d_lastget), d_val(orig.d_val), d_needinit(orig.d_needinit) |
eefd15f9 | 161 | { |
71dea98d | 162 | } |
d6d5dea7 | 163 | |
a712cb56 | 164 | void submit(int val, const struct timeval* tv) |
71dea98d | 165 | { |
a712cb56 | 166 | struct timeval now=*tv; |
71dea98d BH |
167 | |
168 | if(d_needinit) { | |
169 | d_last=now; | |
21f0f88b | 170 | d_lastget=now; |
71dea98d | 171 | d_needinit=false; |
21f0f88b | 172 | d_val = val; |
71dea98d | 173 | } |
21f0f88b BH |
174 | else { |
175 | float diff= makeFloat(d_last - now); | |
71dea98d | 176 | |
21f0f88b BH |
177 | d_last=now; |
178 | double factor=exp(diff)/2.0; // might be '0.5', or 0.0001 | |
3ddb9247 | 179 | d_val=(float)((1-factor)*val+ (float)factor*d_val); |
21f0f88b | 180 | } |
eefd15f9 | 181 | } |
d6d5dea7 | 182 | |
a712cb56 | 183 | double get(const struct timeval* tv) |
71dea98d | 184 | { |
a712cb56 | 185 | struct timeval now=*tv; |
71dea98d | 186 | float diff=makeFloat(d_lastget-now); |
36c5ee42 | 187 | d_lastget=now; |
705f31ae | 188 | float factor=exp(diff/60.0f); // is 1.0 or less |
eefd15f9 BH |
189 | return d_val*=factor; |
190 | } | |
191 | ||
30ee601a | 192 | double peek(void) const |
a82ce718 PD |
193 | { |
194 | return d_val; | |
195 | } | |
196 | ||
996c89cc | 197 | bool stale(time_t limit) const |
9fdf67d5 | 198 | { |
71dea98d | 199 | return limit > d_lastget.tv_sec; |
9fdf67d5 BH |
200 | } |
201 | ||
eefd15f9 | 202 | private: |
71dea98d BH |
203 | struct timeval d_last; // stores time |
204 | struct timeval d_lastget; // stores time | |
205 | float d_val; | |
206 | bool d_needinit; | |
207 | }; | |
208 | ||
628e2c7b PA |
209 | template<class Thing> class Counters : public boost::noncopyable |
210 | { | |
211 | public: | |
212 | Counters() | |
213 | { | |
214 | } | |
30ee601a | 215 | unsigned long value(const Thing& t) const |
628e2c7b | 216 | { |
30ee601a | 217 | typename cont_t::const_iterator i=d_cont.find(t); |
628e2c7b PA |
218 | |
219 | if(i==d_cont.end()) { | |
220 | return 0; | |
221 | } | |
222 | return (unsigned long)i->second; | |
223 | } | |
224 | unsigned long incr(const Thing& t) | |
225 | { | |
226 | typename cont_t::iterator i=d_cont.find(t); | |
227 | ||
228 | if(i==d_cont.end()) { | |
229 | d_cont[t]=1; | |
230 | return 1; | |
231 | } | |
232 | else { | |
233 | if (i->second < std::numeric_limits<unsigned long>::max()) | |
234 | i->second++; | |
235 | return (unsigned long)i->second; | |
236 | } | |
237 | } | |
238 | unsigned long decr(const Thing& t) | |
239 | { | |
240 | typename cont_t::iterator i=d_cont.find(t); | |
241 | ||
242 | if(i!=d_cont.end() && --i->second == 0) { | |
243 | d_cont.erase(i); | |
244 | return 0; | |
245 | } else | |
246 | return (unsigned long)i->second; | |
247 | } | |
248 | void clear(const Thing& t) | |
249 | { | |
250 | typename cont_t::iterator i=d_cont.find(t); | |
251 | ||
252 | if(i!=d_cont.end()) { | |
253 | d_cont.erase(i); | |
254 | } | |
255 | } | |
30ee601a RG |
256 | void clear() |
257 | { | |
258 | d_cont.clear(); | |
259 | } | |
260 | size_t size() const | |
406f46f9 | 261 | { |
262 | return d_cont.size(); | |
263 | } | |
628e2c7b PA |
264 | private: |
265 | typedef map<Thing,unsigned long> cont_t; | |
266 | cont_t d_cont; | |
267 | }; | |
268 | ||
71dea98d | 269 | |
bb4bdbaf | 270 | class SyncRes : public boost::noncopyable |
00a19ff7 BH |
271 | { |
272 | public: | |
3ddb9247 | 273 | enum LogMode { LogNone, Log, Store}; |
0bd2e252 | 274 | typedef std::function<int(const ComboAddress& ip, const DNSName& qdomain, int qtype, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, LWResult *lwr, bool* chained)> asyncresolve_t; |
77499b05 | 275 | |
a712cb56 RG |
276 | struct EDNSStatus |
277 | { | |
278 | EDNSStatus() : mode(UNKNOWN), modeSetAt(0) {} | |
279 | enum EDNSMode { UNKNOWN=0, EDNSOK=1, EDNSIGNORANT=2, NOEDNS=3 } mode; | |
280 | time_t modeSetAt; | |
281 | }; | |
282 | ||
283 | //! This represents a number of decaying Ewmas, used to store performance per nameserver-name. | |
284 | /** Modelled to work mostly like the underlying DecayingEwma. After you've called get, | |
285 | d_best is filled out with the best address for this collection */ | |
286 | struct DecayingEwmaCollection | |
287 | { | |
288 | void submit(const ComboAddress& remote, int usecs, const struct timeval* now) | |
289 | { | |
0e4675a9 | 290 | d_collection[remote].submit(usecs, now); |
a712cb56 RG |
291 | } |
292 | ||
293 | double get(const struct timeval* now) | |
294 | { | |
295 | if(d_collection.empty()) | |
296 | return 0; | |
297 | double ret=std::numeric_limits<double>::max(); | |
298 | double tmp; | |
0e4675a9 RG |
299 | for (auto& entry : d_collection) { |
300 | if((tmp = entry.second.get(now)) < ret) { | |
a712cb56 | 301 | ret=tmp; |
0e4675a9 | 302 | d_best=entry.first; |
a712cb56 RG |
303 | } |
304 | } | |
305 | ||
306 | return ret; | |
307 | } | |
308 | ||
309 | bool stale(time_t limit) const | |
310 | { | |
0e4675a9 RG |
311 | for(const auto& entry : d_collection) |
312 | if(!entry.second.stale(limit)) | |
a712cb56 RG |
313 | return false; |
314 | return true; | |
315 | } | |
316 | ||
0e4675a9 RG |
317 | void purge(const std::map<ComboAddress, double>& keep) |
318 | { | |
319 | for (auto iter = d_collection.begin(); iter != d_collection.end(); ) { | |
320 | if (keep.find(iter->first) != keep.end()) { | |
321 | ++iter; | |
322 | } | |
323 | else { | |
324 | iter = d_collection.erase(iter); | |
325 | } | |
326 | } | |
327 | } | |
328 | ||
329 | typedef std::map<ComboAddress, DecayingEwma> collection_t; | |
a712cb56 RG |
330 | collection_t d_collection; |
331 | ComboAddress d_best; | |
332 | }; | |
333 | ||
334 | typedef map<DNSName, DecayingEwmaCollection> nsspeeds_t; | |
335 | typedef map<ComboAddress, EDNSStatus> ednsstatus_t; | |
336 | ||
1e332f68 PL |
337 | vState getDSRecords(const DNSName& zone, dsmap_t& ds, bool onlyTA, unsigned int depth, bool bogusOnNXD=true, bool* foundCut=nullptr); |
338 | ||
3337c2f7 | 339 | class AuthDomain |
a712cb56 | 340 | { |
3337c2f7 | 341 | public: |
a712cb56 RG |
342 | typedef multi_index_container < |
343 | DNSRecord, | |
344 | indexed_by < | |
345 | ordered_non_unique< | |
346 | composite_key< DNSRecord, | |
347 | member<DNSRecord, DNSName, &DNSRecord::d_name>, | |
348 | member<DNSRecord, uint16_t, &DNSRecord::d_type> | |
349 | >, | |
350 | composite_key_compare<std::less<DNSName>, std::less<uint16_t> > | |
351 | > | |
352 | > | |
353 | > records_t; | |
3337c2f7 | 354 | |
a712cb56 | 355 | records_t d_records; |
3337c2f7 RG |
356 | vector<ComboAddress> d_servers; |
357 | DNSName d_name; | |
358 | bool d_rdForward{false}; | |
359 | ||
360 | int getRecords(const DNSName& qname, uint16_t qtype, std::vector<DNSRecord>& records) const; | |
361 | bool isAuth() const | |
362 | { | |
363 | return d_servers.empty(); | |
364 | } | |
365 | bool isForward() const | |
366 | { | |
367 | return !isAuth(); | |
368 | } | |
369 | bool shouldRecurse() const | |
370 | { | |
371 | return d_rdForward; | |
372 | } | |
373 | const DNSName& getName() const | |
374 | { | |
375 | return d_name; | |
376 | } | |
377 | ||
378 | private: | |
379 | void addSOA(std::vector<DNSRecord>& records) const; | |
a712cb56 RG |
380 | }; |
381 | ||
382 | typedef map<DNSName, AuthDomain> domainmap_t; | |
383 | typedef Throttle<boost::tuple<ComboAddress,DNSName,uint16_t> > throttle_t; | |
384 | typedef Counters<ComboAddress> fails_t; | |
385 | ||
386 | struct ThreadLocalStorage { | |
387 | NegCache negcache; | |
388 | nsspeeds_t nsSpeeds; | |
389 | throttle_t throttle; | |
390 | ednsstatus_t ednsstatus; | |
391 | fails_t fails; | |
392 | std::shared_ptr<domainmap_t> domainmap; | |
393 | }; | |
394 | ||
9065eb05 RG |
395 | static void setDefaultLogMode(LogMode lm) |
396 | { | |
397 | s_lm = lm; | |
398 | } | |
addde5c1 | 399 | static uint64_t doEDNSDump(int fd); |
9065eb05 | 400 | static uint64_t doDumpNSSpeeds(int fd); |
c1e20fba | 401 | static uint64_t doDumpThrottleMap(int fd); |
9065eb05 RG |
402 | static int getRootNS(struct timeval now, asyncresolve_t asyncCallback); |
403 | static void clearDelegationOnly() | |
404 | { | |
405 | s_delegationOnly.clear(); | |
406 | } | |
407 | static void addDelegationOnly(const DNSName& name) | |
408 | { | |
409 | s_delegationOnly.insert(name); | |
410 | } | |
411 | static void addDontQuery(const std::string& mask) | |
412 | { | |
413 | if (!s_dontQuery) | |
414 | s_dontQuery = std::unique_ptr<NetmaskGroup>(new NetmaskGroup()); | |
bb4bdbaf | 415 | |
9065eb05 RG |
416 | s_dontQuery->addMask(mask); |
417 | } | |
418 | static void addDontQuery(const Netmask& mask) | |
419 | { | |
420 | if (!s_dontQuery) | |
421 | s_dontQuery = std::unique_ptr<NetmaskGroup>(new NetmaskGroup()); | |
422 | ||
423 | s_dontQuery->addMask(mask); | |
424 | } | |
425 | static void clearDontQuery() | |
426 | { | |
427 | s_dontQuery = nullptr; | |
428 | } | |
429 | static void parseEDNSSubnetWhitelist(const std::string& wlist); | |
2fe3354d CH |
430 | static void parseEDNSSubnetAddFor(const std::string& subnetlist); |
431 | static void addEDNSLocalSubnet(const std::string& subnet) | |
9065eb05 | 432 | { |
2fe3354d CH |
433 | s_ednslocalsubnets.addMask(subnet); |
434 | } | |
435 | static void addEDNSRemoteSubnet(const std::string& subnet) | |
436 | { | |
437 | s_ednsremotesubnets.addMask(subnet); | |
9065eb05 RG |
438 | } |
439 | static void addEDNSDomain(const DNSName& domain) | |
440 | { | |
441 | s_ednsdomains.add(domain); | |
442 | } | |
2fe3354d | 443 | static void clearEDNSLocalSubnets() |
9065eb05 | 444 | { |
2fe3354d CH |
445 | s_ednslocalsubnets.clear(); |
446 | } | |
447 | static void clearEDNSRemoteSubnets() | |
448 | { | |
449 | s_ednsremotesubnets.clear(); | |
9065eb05 RG |
450 | } |
451 | static void clearEDNSDomains() | |
452 | { | |
453 | s_ednsdomains = SuffixMatchNode(); | |
454 | } | |
a712cb56 RG |
455 | static void pruneNSSpeeds(time_t limit) |
456 | { | |
457 | for(auto i = t_sstorage.nsSpeeds.begin(), end = t_sstorage.nsSpeeds.end(); i != end; ) { | |
458 | if(i->second.stale(limit)) { | |
459 | i = t_sstorage.nsSpeeds.erase(i); | |
460 | } | |
461 | else { | |
462 | ++i; | |
463 | } | |
464 | } | |
465 | } | |
466 | static uint64_t getNSSpeedsSize() | |
467 | { | |
468 | return t_sstorage.nsSpeeds.size(); | |
469 | } | |
470 | static void submitNSSpeed(const DNSName& server, const ComboAddress& ca, uint32_t usec, const struct timeval* now) | |
471 | { | |
472 | t_sstorage.nsSpeeds[server].submit(ca, usec, now); | |
473 | } | |
474 | static void clearNSSpeeds() | |
475 | { | |
476 | t_sstorage.nsSpeeds.clear(); | |
477 | } | |
478 | static EDNSStatus::EDNSMode getEDNSStatus(const ComboAddress& server) | |
479 | { | |
480 | const auto& it = t_sstorage.ednsstatus.find(server); | |
481 | if (it == t_sstorage.ednsstatus.end()) | |
482 | return EDNSStatus::UNKNOWN; | |
483 | ||
484 | return it->second.mode; | |
485 | } | |
486 | static uint64_t getEDNSStatusesSize() | |
487 | { | |
488 | return t_sstorage.ednsstatus.size(); | |
489 | } | |
490 | static void clearEDNSStatuses() | |
491 | { | |
492 | t_sstorage.ednsstatus.clear(); | |
493 | } | |
494 | static uint64_t getThrottledServersSize() | |
495 | { | |
496 | return t_sstorage.throttle.size(); | |
497 | } | |
498 | static void clearThrottle() | |
499 | { | |
500 | t_sstorage.throttle.clear(); | |
501 | } | |
502 | static bool isThrottled(time_t now, const ComboAddress& server, const DNSName& target, uint16_t qtype) | |
503 | { | |
504 | return t_sstorage.throttle.shouldThrottle(now, boost::make_tuple(server, target, qtype)); | |
505 | } | |
506 | static bool isThrottled(time_t now, const ComboAddress& server) | |
507 | { | |
508 | return t_sstorage.throttle.shouldThrottle(now, boost::make_tuple(server, "", 0)); | |
509 | } | |
510 | static void doThrottle(time_t now, const ComboAddress& server, time_t duration, unsigned int tries) | |
511 | { | |
512 | t_sstorage.throttle.throttle(now, boost::make_tuple(server, "", 0), duration, tries); | |
513 | } | |
514 | static uint64_t getFailedServersSize() | |
515 | { | |
516 | return t_sstorage.fails.size(); | |
517 | } | |
518 | static void clearFailedServers() | |
519 | { | |
520 | t_sstorage.fails.clear(); | |
521 | } | |
522 | static unsigned long getServerFailsCount(const ComboAddress& server) | |
523 | { | |
524 | return t_sstorage.fails.value(server); | |
525 | } | |
526 | ||
527 | static void clearNegCache() | |
528 | { | |
529 | t_sstorage.negcache.clear(); | |
530 | } | |
531 | ||
532 | static uint64_t getNegCacheSize() | |
533 | { | |
534 | return t_sstorage.negcache.size(); | |
535 | } | |
536 | ||
537 | static void pruneNegCache(unsigned int maxEntries) | |
538 | { | |
539 | t_sstorage.negcache.prune(maxEntries); | |
540 | } | |
541 | ||
542 | static uint64_t wipeNegCache(const DNSName& name, bool subtree = false) | |
543 | { | |
544 | return t_sstorage.negcache.wipe(name, subtree); | |
545 | } | |
546 | ||
547 | static void setDomainMap(std::shared_ptr<domainmap_t> newMap) | |
548 | { | |
549 | t_sstorage.domainmap = newMap; | |
550 | } | |
551 | ||
552 | static const std::shared_ptr<domainmap_t> getDomainMap() | |
553 | { | |
554 | return t_sstorage.domainmap; | |
555 | } | |
9065eb05 | 556 | |
8a3a3822 RG |
557 | static void setECSScopeZeroAddress(const Netmask& scopeZeroMask) |
558 | { | |
559 | s_ecsScopeZero.source = scopeZeroMask; | |
560 | } | |
561 | ||
9065eb05 | 562 | explicit SyncRes(const struct timeval& now); |
30ee601a | 563 | |
e325f20c | 564 | int beginResolve(const DNSName &qname, const QType &qtype, uint16_t qclass, vector<DNSRecord>&ret); |
c836dc19 BH |
565 | void setId(int id) |
566 | { | |
77499b05 | 567 | if(doLog()) |
9fdf67d5 | 568 | d_prefix="["+itoa(id)+"] "; |
c836dc19 | 569 | } |
3ddb9247 PD |
570 | |
571 | void setLogMode(LogMode lm) | |
77499b05 BH |
572 | { |
573 | d_lm = lm; | |
574 | } | |
575 | ||
69cbdef9 | 576 | bool doLog() const |
c836dc19 | 577 | { |
3ddb9247 | 578 | return d_lm != LogNone; |
c836dc19 | 579 | } |
77499b05 | 580 | |
c836dc19 BH |
581 | void setCacheOnly(bool state=true) |
582 | { | |
583 | d_cacheonly=state; | |
584 | } | |
2188dcc3 BH |
585 | |
586 | void setDoEDNS0(bool state=true) | |
587 | { | |
588 | d_doEDNS0=state; | |
589 | } | |
590 | ||
30ee601a RG |
591 | void setDoDNSSEC(bool state=true) |
592 | { | |
593 | d_doDNSSEC=state; | |
594 | } | |
595 | ||
0c43f455 RG |
596 | void setDNSSECValidationRequested(bool requested=true) |
597 | { | |
598 | d_DNSSECValidationRequested = requested; | |
599 | } | |
600 | ||
601 | bool isDNSSECValidationRequested() const | |
602 | { | |
603 | return d_DNSSECValidationRequested; | |
604 | } | |
605 | ||
e1636f82 RG |
606 | bool shouldValidate() const |
607 | { | |
608 | return d_DNSSECValidationRequested && !d_wasOutOfBand; | |
609 | } | |
610 | ||
30ee601a RG |
611 | void setWantsRPZ(bool state=true) |
612 | { | |
613 | d_wantsRPZ=state; | |
614 | } | |
615 | ||
616 | bool getWantsRPZ() const | |
617 | { | |
618 | return d_wantsRPZ; | |
619 | } | |
620 | ||
77499b05 BH |
621 | string getTrace() const |
622 | { | |
623 | return d_trace.str(); | |
624 | } | |
625 | ||
a3e7b735 | 626 | void setLuaEngine(shared_ptr<RecursorLua4> pdl) |
3457a2a0 | 627 | { |
628 | d_pdl = pdl; | |
629 | } | |
630 | ||
3762e821 | 631 | bool wasVariable() const |
632 | { | |
633 | return d_wasVariable; | |
634 | } | |
3457a2a0 | 635 | |
9fc36e90 PL |
636 | bool wasOutOfBand() const |
637 | { | |
638 | return d_wasOutOfBand; | |
639 | } | |
640 | ||
30ee601a RG |
641 | struct timeval getNow() const |
642 | { | |
643 | return d_now; | |
644 | } | |
645 | ||
a672e9de PL |
646 | void setSkipCNAMECheck(bool skip = false) |
647 | { | |
648 | d_skipCNAMECheck = skip; | |
649 | } | |
650 | ||
2fe3354d | 651 | void setQuerySource(const ComboAddress& requestor, boost::optional<const EDNSSubnetOpts&> incomingECS); |
30ee601a RG |
652 | |
653 | #ifdef HAVE_PROTOBUF | |
654 | void setInitialRequestId(boost::optional<const boost::uuids::uuid&> initialRequestId) | |
655 | { | |
656 | d_initialRequestId = initialRequestId; | |
657 | } | |
63341e8d | 658 | |
3fe06137 | 659 | void setOutgoingProtobufServers(std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& servers) |
63341e8d | 660 | { |
b773359c | 661 | d_outgoingProtobufServers = servers; |
63341e8d | 662 | } |
30ee601a RG |
663 | #endif |
664 | ||
665 | void setAsyncCallback(asyncresolve_t func) | |
666 | { | |
667 | d_asyncResolve = func; | |
668 | } | |
3ddb9247 | 669 | |
4d2be65d RG |
670 | vState getValidationState() const |
671 | { | |
672 | return d_queryValidationState; | |
673 | } | |
674 | ||
a712cb56 RG |
675 | static thread_local ThreadLocalStorage t_sstorage; |
676 | ||
aebb81e4 | 677 | static std::atomic<uint64_t> s_queries; |
678 | static std::atomic<uint64_t> s_outgoingtimeouts; | |
679 | static std::atomic<uint64_t> s_outgoing4timeouts; | |
680 | static std::atomic<uint64_t> s_outgoing6timeouts; | |
681 | static std::atomic<uint64_t> s_throttledqueries; | |
682 | static std::atomic<uint64_t> s_dontqueries; | |
e9a628a2 | 683 | static std::atomic<uint64_t> s_authzonequeries; |
aebb81e4 | 684 | static std::atomic<uint64_t> s_outqueries; |
685 | static std::atomic<uint64_t> s_tcpoutqueries; | |
686 | static std::atomic<uint64_t> s_nodelegated; | |
687 | static std::atomic<uint64_t> s_unreachables; | |
d6923beb | 688 | static std::atomic<uint64_t> s_ecsqueries; |
689 | static std::atomic<uint64_t> s_ecsresponses; | |
9065eb05 | 690 | |
9065eb05 RG |
691 | static string s_serverID; |
692 | static unsigned int s_minimumTTL; | |
693 | static unsigned int s_maxqperq; | |
694 | static unsigned int s_maxtotusec; | |
695 | static unsigned int s_maxdepth; | |
a9af3782 | 696 | static unsigned int s_maxnegttl; |
c3e753c7 | 697 | static unsigned int s_maxcachettl; |
1051f8a9 BH |
698 | static unsigned int s_packetcachettl; |
699 | static unsigned int s_packetcacheservfailttl; | |
628e2c7b PA |
700 | static unsigned int s_serverdownmaxfails; |
701 | static unsigned int s_serverdownthrottletime; | |
e9f9b8ec RG |
702 | static uint8_t s_ecsipv4limit; |
703 | static uint8_t s_ecsipv6limit; | |
9065eb05 RG |
704 | static bool s_doIPv6; |
705 | static bool s_noEDNSPing; | |
706 | static bool s_noEDNS; | |
707 | static bool s_rootNXTrust; | |
1051f8a9 | 708 | static bool s_nopacketcache; |
3ddb9247 | 709 | |
a712cb56 RG |
710 | std::unordered_map<std::string,bool> d_discardedPolicies; |
711 | DNSFilterEngine::Policy d_appliedPolicy; | |
f7b8cffa | 712 | unsigned int d_authzonequeries; |
a712cb56 RG |
713 | unsigned int d_outqueries; |
714 | unsigned int d_tcpoutqueries; | |
715 | unsigned int d_throttledqueries; | |
716 | unsigned int d_timeouts; | |
717 | unsigned int d_unreachables; | |
718 | unsigned int d_totUsec; | |
49a699c4 | 719 | |
00a19ff7 | 720 | private: |
2fe3354d CH |
721 | ComboAddress d_requestor; |
722 | ComboAddress d_cacheRemote; | |
a712cb56 | 723 | |
9065eb05 | 724 | static std::unordered_set<DNSName> s_delegationOnly; |
2fe3354d CH |
725 | static NetmaskGroup s_ednslocalsubnets; |
726 | static NetmaskGroup s_ednsremotesubnets; | |
9065eb05 | 727 | static SuffixMatchNode s_ednsdomains; |
8a3a3822 | 728 | static EDNSSubnetOpts s_ecsScopeZero; |
9065eb05 RG |
729 | static LogMode s_lm; |
730 | static std::unique_ptr<NetmaskGroup> s_dontQuery; | |
731 | ||
732 | struct GetBestNSAnswer | |
733 | { | |
734 | DNSName qname; | |
735 | set<pair<DNSName,DNSName> > bestns; | |
736 | uint8_t qtype; // only A and AAAA anyhow | |
737 | bool operator<(const GetBestNSAnswer &b) const | |
738 | { | |
739 | return boost::tie(qname, qtype, bestns) < | |
740 | boost::tie(b.qname, b.qtype, b.bestns); | |
741 | } | |
742 | }; | |
743 | ||
70b3fe7a RG |
744 | typedef std::map<DNSName,vState> zonesStates_t; |
745 | ||
fa1b87ff | 746 | int doResolveAt(NsSet &nameservers, DNSName auth, bool flawedNSSet, const DNSName &qname, const QType &qtype, vector<DNSRecord>&ret, |
51b6b728 | 747 | unsigned int depth, set<GetBestNSAnswer>&beenthere, vState& state); |
6dfff36f | 748 | bool doResolveAtThisIP(const std::string& prefix, const DNSName& qname, const QType& qtype, LWResult& lwr, boost::optional<Netmask>& ednsmask, const DNSName& auth, bool const sendRDQuery, const DNSName& nsName, const ComboAddress& remoteIP, bool doTCP, bool* truncated); |
51b6b728 | 749 | bool processAnswer(unsigned int depth, LWResult& lwr, const DNSName& qname, const QType& qtype, DNSName& auth, bool wasForwarded, const boost::optional<Netmask> ednsmask, bool sendRDQuery, NsSet &nameservers, std::vector<DNSRecord>& ret, const DNSFilterEngine& dfe, bool* gotNewServers, int* rcode, vState& state); |
6dfff36f | 750 | |
51b6b728 | 751 | int doResolve(const DNSName &qname, const QType &qtype, vector<DNSRecord>&ret, unsigned int depth, set<GetBestNSAnswer>& beenthere, vState& state); |
f7b8cffa | 752 | bool doOOBResolve(const AuthDomain& domain, const DNSName &qname, const QType &qtype, vector<DNSRecord>&ret, int& res); |
7c3398aa | 753 | bool doOOBResolve(const DNSName &qname, const QType &qtype, vector<DNSRecord>&ret, unsigned int depth, int &res); |
69cbdef9 | 754 | domainmap_t::const_iterator getBestAuthZone(DNSName* qname) const; |
ad797d94 RG |
755 | bool doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector<DNSRecord>&ret, unsigned int depth, int &res, vState& state, bool wasAuthZone, bool wasForwardRecurse); |
756 | bool doCacheCheck(const DNSName &qname, const DNSName& authname, bool wasForwardedOrAuthZone, bool wasAuthZone, bool wasForwardRecurse, const QType &qtype, vector<DNSRecord>&ret, unsigned int depth, int &res, vState& state); | |
7c3398aa RG |
757 | void getBestNSFromCache(const DNSName &qname, const QType &qtype, vector<DNSRecord>&bestns, bool* flawedNSSet, unsigned int depth, set<GetBestNSAnswer>& beenthere); |
758 | DNSName getBestNSNamesFromCache(const DNSName &qname, const QType &qtype, NsSet& nsset, bool* flawedNSSet, unsigned int depth, set<GetBestNSAnswer>&beenthere); | |
c5c066bf | 759 | |
fa1b87ff | 760 | inline vector<DNSName> shuffleInSpeedOrder(NsSet &nameservers, const string &prefix); |
cc11d7f4 | 761 | inline vector<ComboAddress> shuffleForwardSpeed(const vector<ComboAddress> &rnameservers, const string &prefix, const bool wasRd); |
69cbdef9 | 762 | bool moreSpecificThan(const DNSName& a, const DNSName &b) const; |
b4c8789a | 763 | vector<ComboAddress> getAddrs(const DNSName &qname, unsigned int depth, set<GetBestNSAnswer>& beenthere, bool cacheOnly); |
26ca3513 | 764 | |
69cbdef9 RG |
765 | bool nameserversBlockedByRPZ(const DNSFilterEngine& dfe, const NsSet& nameservers); |
766 | bool nameserverIPBlockedByRPZ(const DNSFilterEngine& dfe, const ComboAddress&); | |
26ca3513 RG |
767 | bool throttledOrBlocked(const std::string& prefix, const ComboAddress& remoteIP, const DNSName& qname, const QType& qtype, bool pierceDontQuery); |
768 | ||
b4c8789a | 769 | vector<ComboAddress> retrieveAddressesForNS(const std::string& prefix, const DNSName& qname, vector<DNSName >::const_iterator& tns, const unsigned int depth, set<GetBestNSAnswer>& beenthere, const vector<DNSName >& rnameservers, NsSet& nameservers, bool& sendRDQuery, bool& pierceDontQuery, bool& flawedNSSet, bool cacheOnly); |
e4894ce0 RG |
770 | RCode::rcodes_ updateCacheFromRecords(unsigned int depth, LWResult& lwr, const DNSName& qname, const QType& qtype, const DNSName& auth, bool wasForwarded, const boost::optional<Netmask>, vState& state, bool& needWildcardProof, unsigned int& wildcardLabelsCount); |
771 | bool processRecords(const std::string& prefix, const DNSName& qname, const QType& qtype, const DNSName& auth, LWResult& lwr, const bool sendRDQuery, vector<DNSRecord>& ret, set<DNSName>& nsset, DNSName& newtarget, DNSName& newauth, bool& realreferral, bool& negindic, vState& state, const bool needWildcardProof, const unsigned int wildcardLabelsCount); | |
26ca3513 | 772 | |
6dfff36f | 773 | bool doSpecialNamesResolve(const DNSName &qname, const QType &qtype, const uint16_t qclass, vector<DNSRecord> &ret); |
db50a7f4 | 774 | |
deca7d8f | 775 | int asyncresolveWrapper(const ComboAddress& ip, bool ednsMANDATORY, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, struct timeval* now, boost::optional<Netmask>& srcmask, LWResult* res, bool* chained) const; |
30ee601a | 776 | |
2fe3354d | 777 | boost::optional<Netmask> getEDNSSubnetMask(const DNSName&dn, const ComboAddress& rem); |
e9f9b8ec | 778 | |
4d2be65d | 779 | bool validationEnabled() const; |
4d2be65d RG |
780 | uint32_t computeLowestTTD(const std::vector<DNSRecord>& records, const std::vector<std::shared_ptr<RRSIGRecordContent> >& signatures, uint32_t signaturesTTL) const; |
781 | void updateValidationState(vState& state, const vState stateUpdate); | |
51b6b728 RG |
782 | vState validateRecordsWithSigs(unsigned int depth, const DNSName& qname, const QType& qtype, const DNSName& name, const std::vector<DNSRecord>& records, const std::vector<std::shared_ptr<RRSIGRecordContent> >& signatures); |
783 | vState validateDNSKeys(const DNSName& zone, const std::vector<DNSRecord>& dnskeys, const std::vector<std::shared_ptr<RRSIGRecordContent> >& signatures, unsigned int depth); | |
51b6b728 | 784 | vState getDNSKeys(const DNSName& signer, skeyset_t& keys, unsigned int depth); |
28364e4b RG |
785 | dState getDenialValidationState(const NegCache::NegCacheEntry& ne, const vState state, const dState expectedState, bool referralToUnsigned); |
786 | void updateDenialValidationState(vState& neValidationState, const DNSName& neName, vState& state, const dState denialState, const dState expectedState, bool allowOptOut); | |
787 | void computeNegCacheValidationStatus(const NegCache::NegCacheEntry* ne, const DNSName& qname, const QType& qtype, const int res, vState& state, unsigned int depth); | |
4d2be65d | 788 | vState getTA(const DNSName& zone, dsmap_t& ds); |
0735b60f | 789 | bool haveExactValidationStatus(const DNSName& domain); |
5374b03b | 790 | vState getValidationStatus(const DNSName& subdomain, bool allowIndeterminate=true); |
70b3fe7a | 791 | |
c405e222 | 792 | bool lookForCut(const DNSName& qname, unsigned int depth, const vState existingState, vState& newState); |
51b6b728 | 793 | void computeZoneCuts(const DNSName& begin, const DNSName& end, unsigned int depth); |
4d2be65d | 794 | |
0b29b9c5 RG |
795 | void setUpdatingRootNS() |
796 | { | |
797 | d_updatingRootNS = true; | |
798 | } | |
799 | ||
51b6b728 | 800 | zonesStates_t d_cutStates; |
77499b05 | 801 | ostringstream d_trace; |
a3e7b735 | 802 | shared_ptr<RecursorLua4> d_pdl; |
2fe3354d | 803 | boost::optional<Netmask> d_outgoingECSNetwork; |
3fe06137 | 804 | std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>> d_outgoingProtobufServers{nullptr}; |
30ee601a RG |
805 | #ifdef HAVE_PROTOBUF |
806 | boost::optional<const boost::uuids::uuid&> d_initialRequestId; | |
807 | #endif | |
808 | asyncresolve_t d_asyncResolve{nullptr}; | |
809 | struct timeval d_now; | |
c836dc19 | 810 | string d_prefix; |
4d2be65d | 811 | vState d_queryValidationState{Indeterminate}; |
b88526ce PL |
812 | |
813 | /* When d_cacheonly is set to true, we will only check the cache. | |
814 | * This is set when the RD bit is unset in the incoming query | |
815 | */ | |
c836dc19 | 816 | bool d_cacheonly; |
30ee601a | 817 | bool d_doDNSSEC; |
0c43f455 | 818 | bool d_DNSSECValidationRequested{false}; |
30ee601a | 819 | bool d_doEDNS0{true}; |
24bb9b58 | 820 | bool d_requireAuthData{true}; |
30ee601a | 821 | bool d_skipCNAMECheck{false}; |
0b29b9c5 | 822 | bool d_updatingRootNS{false}; |
30ee601a RG |
823 | bool d_wantsRPZ{true}; |
824 | bool d_wasOutOfBand{false}; | |
825 | bool d_wasVariable{false}; | |
57769f13 | 826 | |
77499b05 | 827 | LogMode d_lm; |
00a19ff7 | 828 | }; |
ac0e821b | 829 | |
5c633640 | 830 | class Socket; |
a9af3782 | 831 | /* external functions, opaque to us */ |
5c633640 | 832 | int asendtcp(const string& data, Socket* sock); |
a683e8bd | 833 | int arecvtcp(string& data, size_t len, Socket* sock, bool incompleteOkay); |
1d5b3ce6 BH |
834 | |
835 | ||
836 | struct PacketID | |
837 | { | |
825fa717 | 838 | PacketID() : id(0), type(0), sock(0), inNeeded(0), inIncompleteOkay(false), outPos(0), nearMisses(0), fd(-1) |
67770277 | 839 | { |
d38e2ba9 | 840 | remote.reset(); |
67770277 | 841 | } |
1d5b3ce6 BH |
842 | |
843 | uint16_t id; // wait for a specific id/remote pair | |
91ffe057 | 844 | uint16_t type; // and this is its type |
996c89cc | 845 | ComboAddress remote; // this is the remote |
3ddb9247 | 846 | DNSName domain; // this is the question |
1d5b3ce6 BH |
847 | |
848 | Socket* sock; // or wait for an event on a TCP fd | |
1d5b3ce6 | 849 | string inMSG; // they'll go here |
a683e8bd | 850 | size_t inNeeded; // if this is set, we'll read until inNeeded bytes are read |
825fa717 | 851 | bool inIncompleteOkay; |
1d5b3ce6 BH |
852 | |
853 | string outMSG; // the outgoing message that needs to be sent | |
854 | string::size_type outPos; // how far we are along in the outMSG | |
855 | ||
96f81a93 BH |
856 | typedef set<uint16_t > chain_t; |
857 | mutable chain_t chain; | |
91ffe057 | 858 | mutable uint32_t nearMisses; // number of near misses - host correct, id wrong |
4ef015cd | 859 | int fd; |
35ce8576 | 860 | |
1d5b3ce6 BH |
861 | bool operator<(const PacketID& b) const |
862 | { | |
863 | int ourSock= sock ? sock->getHandle() : 0; | |
864 | int bSock = b.sock ? b.sock->getHandle() : 0; | |
787e5eab | 865 | if( tie(remote, ourSock, type) < tie(b.remote, bSock, b.type)) |
0d5f0a9f | 866 | return true; |
787e5eab | 867 | if( tie(remote, ourSock, type) > tie(b.remote, bSock, b.type)) |
0d5f0a9f BH |
868 | return false; |
869 | ||
c5c066bf | 870 | return tie(domain, fd, id) < tie(b.domain, b.fd, b.id); |
1d5b3ce6 BH |
871 | } |
872 | }; | |
873 | ||
3ddb9247 | 874 | struct PacketIDBirthdayCompare: public std::binary_function<PacketID, PacketID, bool> |
96f81a93 BH |
875 | { |
876 | bool operator()(const PacketID& a, const PacketID& b) const | |
877 | { | |
878 | int ourSock= a.sock ? a.sock->getHandle() : 0; | |
879 | int bSock = b.sock ? b.sock->getHandle() : 0; | |
787e5eab | 880 | if( tie(a.remote, ourSock, a.type) < tie(b.remote, bSock, b.type)) |
96f81a93 | 881 | return true; |
787e5eab | 882 | if( tie(a.remote, ourSock, a.type) > tie(b.remote, bSock, b.type)) |
96f81a93 BH |
883 | return false; |
884 | ||
72849e12 | 885 | return a.domain < b.domain; |
96f81a93 BH |
886 | } |
887 | }; | |
f26bf547 RG |
888 | extern thread_local std::unique_ptr<MemRecursorCache> t_RC; |
889 | extern thread_local std::unique_ptr<RecursorPacketCache> t_packetCache; | |
d2392145 | 890 | typedef MTasker<PacketID,string> MT_t; |
f165a1f4 | 891 | MT_t* getMT(); |
1d5b3ce6 BH |
892 | |
893 | struct RecursorStats | |
894 | { | |
aebb81e4 | 895 | std::atomic<uint64_t> servFails; |
896 | std::atomic<uint64_t> nxDomains; | |
897 | std::atomic<uint64_t> noErrors; | |
898 | std::atomic<uint64_t> answers0_1, answers1_10, answers10_100, answers100_1000, answersSlow; | |
899 | std::atomic<uint64_t> auth4Answers0_1, auth4Answers1_10, auth4Answers10_100, auth4Answers100_1000, auth4AnswersSlow; | |
900 | std::atomic<uint64_t> auth6Answers0_1, auth6Answers1_10, auth6Answers10_100, auth6Answers100_1000, auth6AnswersSlow; | |
19178da9 | 901 | std::atomic<uint64_t> ourtime0_1, ourtime1_2, ourtime2_4, ourtime4_8, ourtime8_16, ourtime16_32, ourtimeSlow; |
902 | double avgLatencyUsec{0}; | |
903 | double avgLatencyOursUsec{0}; | |
aebb81e4 | 904 | std::atomic<uint64_t> qcounter; // not increased for unauth packets |
905 | std::atomic<uint64_t> ipv6qcounter; | |
906 | std::atomic<uint64_t> tcpqcounter; | |
907 | std::atomic<uint64_t> unauthorizedUDP; // when this is increased, qcounter isn't | |
908 | std::atomic<uint64_t> unauthorizedTCP; // when this is increased, qcounter isn't | |
909 | std::atomic<uint64_t> policyDrops; | |
910 | std::atomic<uint64_t> tcpClientOverflow; | |
911 | std::atomic<uint64_t> clientParseError; | |
912 | std::atomic<uint64_t> serverParseError; | |
913 | std::atomic<uint64_t> tooOldDrops; | |
ba892c7f | 914 | std::atomic<uint64_t> truncatedDrops; |
cf8cda18 | 915 | std::atomic<uint64_t> queryPipeFullDrops; |
aebb81e4 | 916 | std::atomic<uint64_t> unexpectedCount; |
917 | std::atomic<uint64_t> caseMismatchCount; | |
918 | std::atomic<uint64_t> spoofCount; | |
919 | std::atomic<uint64_t> resourceLimits; | |
920 | std::atomic<uint64_t> overCapacityDrops; | |
921 | std::atomic<uint64_t> ipv6queries; | |
922 | std::atomic<uint64_t> chainResends; | |
923 | std::atomic<uint64_t> nsSetInvalidations; | |
924 | std::atomic<uint64_t> ednsPingMatches; | |
925 | std::atomic<uint64_t> ednsPingMismatches; | |
926 | std::atomic<uint64_t> noPingOutQueries, noEdnsOutQueries; | |
927 | std::atomic<uint64_t> packetCacheHits; | |
928 | std::atomic<uint64_t> noPacketError; | |
929 | std::atomic<uint64_t> ignoredCount; | |
c0f9be19 | 930 | std::atomic<uint64_t> emptyQueriesCount; |
5e3de507 | 931 | time_t startupTime; |
aebb81e4 | 932 | std::atomic<uint64_t> dnssecQueries; |
ec6eacbc | 933 | unsigned int maxMThreadStackUsage; |
849fe8d2 PL |
934 | std::atomic<uint64_t> dnssecValidations; // should be the sum of all dnssecResult* stats |
935 | std::map<vState, std::atomic<uint64_t> > dnssecResults; | |
7a25883a | 936 | std::map<DNSFilterEngine::PolicyKind, std::atomic<uint64_t> > policyResults; |
b3b5459d | 937 | }; |
996c89cc | 938 | |
0e408828 | 939 | //! represents a running TCP/IP client session |
cd989c87 | 940 | class TCPConnection : public boost::noncopyable |
0e408828 | 941 | { |
50a5ef72 | 942 | public: |
cd989c87 BH |
943 | TCPConnection(int fd, const ComboAddress& addr); |
944 | ~TCPConnection(); | |
3ddb9247 | 945 | |
30ee601a | 946 | int getFD() const |
cd989c87 BH |
947 | { |
948 | return d_fd; | |
949 | } | |
2749c3fe RG |
950 | |
951 | std::string data; | |
952 | const ComboAddress d_remote; | |
953 | size_t queriesCount{0}; | |
b841314c RG |
954 | enum stateenum {BYTE0, BYTE1, GETQUESTION, DONE} state{BYTE0}; |
955 | uint16_t qlen{0}; | |
956 | uint16_t bytesread{0}; | |
0e408828 | 957 | |
50a5ef72 | 958 | static unsigned int getCurrentConnections() { return s_currentConnections; } |
50a5ef72 | 959 | private: |
cd989c87 | 960 | const int d_fd; |
1bc9e6bd | 961 | static AtomicCounter s_currentConnections; //!< total number of current TCP connections |
0e408828 BH |
962 | }; |
963 | ||
44971ca0 PD |
964 | class ImmediateServFailException |
965 | { | |
966 | public: | |
8a70e507 | 967 | ImmediateServFailException(string r) : reason(r) {}; |
44971ca0 PD |
968 | |
969 | string reason; //! Print this to tell the user what went wrong | |
970 | }; | |
0e408828 | 971 | |
f635ed7b | 972 | typedef boost::circular_buffer<ComboAddress> addrringbuf_t; |
621ccf89 | 973 | extern thread_local std::unique_ptr<addrringbuf_t> t_servfailremotes, t_largeanswerremotes, t_remotes, t_bogusremotes, t_timeouts; |
a9af3782 | 974 | |
66f2e6ad | 975 | extern thread_local std::unique_ptr<boost::circular_buffer<pair<DNSName,uint16_t> > > t_queryring, t_servfailqueryring, t_bogusqueryring; |
f26bf547 | 976 | extern thread_local std::shared_ptr<NetmaskGroup> t_allowFrom; |
674cf0f6 | 977 | string doQueueReloadLuaScript(vector<string>::const_iterator begin, vector<string>::const_iterator end); |
77499b05 | 978 | string doTraceRegex(vector<string>::const_iterator begin, vector<string>::const_iterator end); |
18af64a8 | 979 | void parseACLs(); |
1d5b3ce6 | 980 | extern RecursorStats g_stats; |
a512e3d1 | 981 | extern unsigned int g_networkTimeoutMsec; |
c3828c03 | 982 | extern unsigned int g_numThreads; |
b33c2462 | 983 | extern uint16_t g_outgoingEDNSBufsize; |
a6f7f5fe | 984 | extern std::atomic<uint32_t> g_maxCacheEntries, g_maxPacketCacheEntries; |
c1c29961 | 985 | extern bool g_lowercaseOutgoing; |
12ce523e | 986 | |
987 | ||
ee1ada80 | 988 | std::string reloadAuthAndForwards(); |
c1d73d94 | 989 | ComboAddress parseIPAndPort(const std::string& input, uint16_t port); |
1652a63e | 990 | ComboAddress getQueryLocalAddress(int family, uint16_t port); |
3427fa8a | 991 | typedef boost::function<void*(void)> pipefunc_t; |
b4e76a18 | 992 | void broadcastFunction(const pipefunc_t& func); |
8171ab83 | 993 | void distributeAsyncFunction(const std::string& question, const pipefunc_t& func); |
3427fa8a | 994 | |
e325f20c | 995 | int directResolve(const DNSName& qname, const QType& qtype, int qclass, vector<DNSRecord>& ret); |
3427fa8a | 996 | |
b4e76a18 | 997 | template<class T> T broadcastAccFunction(const boost::function<T*()>& func); |
3427fa8a | 998 | |
9065eb05 | 999 | std::shared_ptr<SyncRes::domainmap_t> parseAuthAndForwards(); |
13034931 BH |
1000 | uint64_t* pleaseGetNsSpeedsSize(); |
1001 | uint64_t* pleaseGetCacheSize(); | |
1002 | uint64_t* pleaseGetNegCacheSize(); | |
1003 | uint64_t* pleaseGetCacheHits(); | |
1004 | uint64_t* pleaseGetCacheMisses(); | |
1005 | uint64_t* pleaseGetConcurrentQueries(); | |
1006 | uint64_t* pleaseGetThrottleSize(); | |
16beeaa4 BH |
1007 | uint64_t* pleaseGetPacketCacheHits(); |
1008 | uint64_t* pleaseGetPacketCacheSize(); | |
86f3ca51 | 1009 | uint64_t* pleaseWipeCache(const DNSName& canon, bool subtree=false); |
1010 | uint64_t* pleaseWipePacketCache(const DNSName& canon, bool subtree); | |
1011 | uint64_t* pleaseWipeAndCountNegCache(const DNSName& canon, bool subtree=false); | |
2c78bd57 | 1012 | void doCarbonDump(void*); |
9065eb05 | 1013 | void primeHints(void); |
795215f2 | 1014 | |
f703f766 | 1015 | extern __thread struct timeval g_now; |
f3d6a5c5 | 1016 | |
4898a348 | 1017 | #ifdef HAVE_PROTOBUF |
f26bf547 | 1018 | extern thread_local std::unique_ptr<boost::uuids::random_generator> t_uuidGenerator; |
4898a348 | 1019 | #endif |