2 * daemon/daemon.c - collection of workers that handles requests.
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
6 * This software is open source.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 * The daemon consists of global settings and a number of workers.
43 #ifdef HAVE_OPENSSL_ERR_H
44 #include <openssl/err.h>
47 #ifdef HAVE_OPENSSL_RAND_H
48 #include <openssl/rand.h>
51 #ifdef HAVE_OPENSSL_CONF_H
52 #include <openssl/conf.h>
55 #ifdef HAVE_OPENSSL_ENGINE_H
56 #include <openssl/engine.h>
69 #include "daemon/daemon.h"
70 #include "daemon/worker.h"
71 #include "daemon/remote.h"
72 #include "daemon/acl_list.h"
74 #include "util/config_file.h"
75 #include "util/data/msgreply.h"
76 #include "util/storage/lookup3.h"
77 #include "util/storage/slabhash.h"
78 #include "services/listen_dnsport.h"
79 #include "services/cache/rrset.h"
80 #include "services/cache/infra.h"
81 #include "services/localzone.h"
82 #include "services/modstack.h"
83 #include "util/module.h"
84 #include "util/random.h"
85 #include "util/tube.h"
86 #include "util/net_help.h"
87 #include "sldns/keyraw.h"
90 /** How many quit requests happened. */
91 static int sig_record_quit = 0;
92 /** How many reload requests happened. */
93 static int sig_record_reload = 0;
95 #if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
96 /** cleaner ssl memory freeup */
97 static void* comp_meth = NULL;
99 #ifdef LEX_HAS_YYLEX_DESTROY
100 /** remove buffers for parsing and init */
101 int ub_c_lex_destroy(void);
104 /** used when no other sighandling happens, so we don't die
105 * when multiple signals in quick succession are sent to us.
106 * @param sig: signal number.
107 * @return signal handler return type (void or int).
109 static RETSIGTYPE record_sigh(int sig)
111 #ifdef LIBEVENT_SIGNAL_PROBLEM
112 /* cannot log, verbose here because locks may be held */
113 /* quit on signal, no cleanup and statistics,
114 because installed libevent version is not threadsafe */
139 /* ignoring signal */
145 * Signal handling during the time when netevent is disabled.
146 * Stores signals to replay later.
149 signal_handling_record(void)
151 if( signal(SIGTERM, record_sigh) == SIG_ERR ||
153 signal(SIGQUIT, record_sigh) == SIG_ERR ||
156 signal(SIGBREAK, record_sigh) == SIG_ERR ||
159 signal(SIGHUP, record_sigh) == SIG_ERR ||
162 signal(SIGPIPE, SIG_IGN) == SIG_ERR ||
164 signal(SIGINT, record_sigh) == SIG_ERR
166 log_err("install sighandler: %s", strerror(errno));
170 * Replay old signals.
171 * @param wrk: worker that handles signals.
174 signal_handling_playback(struct worker* wrk)
177 if(sig_record_reload)
178 worker_sighandler(SIGHUP, wrk);
181 worker_sighandler(SIGTERM, wrk);
183 sig_record_reload = 0;
189 struct daemon* daemon = (struct daemon*)calloc(1,
190 sizeof(struct daemon));
198 r = WSAStartup(MAKEWORD(2,2), &wsa_data);
200 fatal_exit("could not init winsock. WSAStartup: %s",
203 #endif /* USE_WINSOCK */
204 signal_handling_record();
207 # ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
208 ERR_load_crypto_strings();
210 ERR_load_SSL_strings();
212 (void)sldns_key_EVP_load_gost_id();
214 # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
215 OpenSSL_add_all_algorithms();
217 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
218 | OPENSSL_INIT_ADD_ALL_DIGESTS
219 | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
221 # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
222 /* grab the COMP method ptr because openssl leaks it */
223 comp_meth = (void*)SSL_COMP_get_compression_methods();
225 # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
226 (void)SSL_library_init();
228 (void)OPENSSL_init_ssl(0, NULL);
230 # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
231 if(!ub_openssl_lock_init())
232 fatal_exit("could not init openssl locks");
234 #elif defined(HAVE_NSS)
235 if(NSS_NoDB_Init(NULL) != SECSuccess)
236 fatal_exit("could not init NSS");
237 #endif /* HAVE_SSL or HAVE_NSS */
239 /* init timezone info while we are not chrooted yet */
242 /* open /dev/random if needed */
243 ub_systemseed((unsigned)time(NULL)^(unsigned)getpid()^0xe67);
244 daemon->need_to_exit = 0;
245 modstack_init(&daemon->mods);
246 if(!(daemon->env = (struct module_env*)calloc(1,
247 sizeof(*daemon->env)))) {
251 alloc_init(&daemon->superalloc, NULL, 0);
252 daemon->acl = acl_list_create();
258 if(gettimeofday(&daemon->time_boot, NULL) < 0)
259 log_err("gettimeofday: %s", strerror(errno));
260 daemon->time_last_stat = daemon->time_boot;
265 daemon_open_shared_ports(struct daemon* daemon)
268 if(daemon->cfg->port != daemon->listening_port) {
270 struct listen_port* p0;
271 daemon->reuseport = 0;
272 /* free and close old ports */
273 if(daemon->ports != NULL) {
274 for(i=0; i<daemon->num_ports; i++)
275 listening_ports_free(daemon->ports[i]);
277 daemon->ports = NULL;
279 /* see if we want to reuseport */
281 if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0)
282 daemon->reuseport = 1;
284 /* try to use reuseport */
285 p0 = listening_ports_open(daemon->cfg, &daemon->reuseport);
287 listening_ports_free(p0);
290 if(daemon->reuseport) {
291 /* reuseport was successful, allocate for it */
292 daemon->num_ports = (size_t)daemon->cfg->num_threads;
294 /* do the normal, singleportslist thing,
295 * reuseport not enabled or did not work */
296 daemon->num_ports = 1;
298 if(!(daemon->ports = (struct listen_port**)calloc(
299 daemon->num_ports, sizeof(*daemon->ports)))) {
300 listening_ports_free(p0);
303 daemon->ports[0] = p0;
304 if(daemon->reuseport) {
305 /* continue to use reuseport */
306 for(i=1; i<daemon->num_ports; i++) {
307 if(!(daemon->ports[i]=
308 listening_ports_open(daemon->cfg,
310 || !daemon->reuseport ) {
311 for(i=0; i<daemon->num_ports; i++)
312 listening_ports_free(daemon->ports[i]);
314 daemon->ports = NULL;
319 daemon->listening_port = daemon->cfg->port;
321 if(!daemon->cfg->remote_control_enable && daemon->rc_port) {
322 listening_ports_free(daemon->rc_ports);
323 daemon->rc_ports = NULL;
326 if(daemon->cfg->remote_control_enable &&
327 daemon->cfg->control_port != daemon->rc_port) {
328 listening_ports_free(daemon->rc_ports);
329 if(!(daemon->rc_ports=daemon_remote_open_ports(daemon->cfg)))
331 daemon->rc_port = daemon->cfg->control_port;
337 * Setup modules. setup module stack.
338 * @param daemon: the daemon
340 static void daemon_setup_modules(struct daemon* daemon)
342 daemon->env->cfg = daemon->cfg;
343 daemon->env->alloc = &daemon->superalloc;
344 daemon->env->worker = NULL;
345 daemon->env->need_to_validate = 0; /* set by module init below */
346 if(!modstack_setup(&daemon->mods, daemon->cfg->module_conf,
348 fatal_exit("failed to setup modules");
353 * Obtain allowed port numbers, concatenate the list, and shuffle them
354 * (ready to be handed out to threads).
355 * @param daemon: the daemon. Uses rand and cfg.
356 * @param shufport: the portlist output.
357 * @return number of ports available.
359 static int daemon_get_shufport(struct daemon* daemon, int* shufport)
363 for(i=0; i<65536; i++) {
364 if(daemon->cfg->outgoing_avail_ports[i]) {
365 shufport[avail++] = daemon->cfg->
366 outgoing_avail_ports[i];
370 fatal_exit("no ports are permitted for UDP, add "
371 "with outgoing-port-permit");
375 k = ub_random_max(daemon->rand, n+1); /* 0<= k<= n */
377 shufport[k] = shufport[n];
384 * Allocate empty worker structures. With backptr and thread-number,
385 * from 0..numthread initialised. Used as user arguments to new threads.
386 * Creates the daemon random generator if it does not exist yet.
387 * The random generator stays existing between reloads with a unique state.
388 * @param daemon: the daemon with (new) config settings.
391 daemon_create_workers(struct daemon* daemon)
395 log_assert(daemon && daemon->cfg);
397 unsigned int seed = (unsigned int)time(NULL) ^
398 (unsigned int)getpid() ^ 0x438;
399 daemon->rand = ub_initstate(seed, NULL);
401 fatal_exit("could not init random generator");
403 hash_set_raninit((uint32_t)ub_random(daemon->rand));
404 shufport = (int*)calloc(65536, sizeof(int));
406 fatal_exit("out of memory during daemon init");
407 numport = daemon_get_shufport(daemon, shufport);
408 verbose(VERB_ALGO, "total of %d outgoing ports available", numport);
410 daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1);
411 if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) {
412 log_warn("cannot reduce num-threads to %d because so-reuseport "
413 "so continuing with %d threads.", (int)daemon->num,
414 (int)daemon->num_ports);
415 daemon->num = (int)daemon->num_ports;
417 daemon->workers = (struct worker**)calloc((size_t)daemon->num,
418 sizeof(struct worker*));
420 fatal_exit("out of memory during daemon init");
421 if(daemon->cfg->dnstap) {
423 daemon->dtenv = dt_create(daemon->cfg->dnstap_socket_path,
424 (unsigned int)daemon->num);
426 fatal_exit("dt_create failed");
427 dt_apply_cfg(daemon->dtenv, daemon->cfg);
429 fatal_exit("dnstap enabled in config but not built with dnstap support");
432 for(i=0; i<daemon->num; i++) {
433 if(!(daemon->workers[i] = worker_create(daemon, i,
434 shufport+numport*i/daemon->num,
435 numport*(i+1)/daemon->num - numport*i/daemon->num)))
436 /* the above is not ports/numthr, due to rounding */
437 fatal_exit("could not create worker");
442 #ifdef THREADS_DISABLED
444 * Close all pipes except for the numbered thread.
445 * @param daemon: daemon to close pipes in.
446 * @param thr: thread number 0..num-1 of thread to skip.
448 static void close_other_pipes(struct daemon* daemon, int thr)
451 for(i=0; i<daemon->num; i++)
454 /* only close read part, need to write stats */
455 tube_close_read(daemon->workers[i]->cmd);
457 /* complete close channel to others */
458 tube_delete(daemon->workers[i]->cmd);
459 daemon->workers[i]->cmd = NULL;
463 #endif /* THREADS_DISABLED */
466 * Function to start one thread.
467 * @param arg: user argument.
468 * @return: void* user return value could be used for thread_join results.
471 thread_start(void* arg)
473 struct worker* worker = (struct worker*)arg;
475 log_thread_set(&worker->thread_num);
476 ub_thread_blocksigs();
477 #ifdef THREADS_DISABLED
478 /* close pipe ends used by main */
479 tube_close_write(worker->cmd);
480 close_other_pipes(worker->daemon, worker->thread_num);
483 if(worker->daemon->cfg->so_reuseport)
484 port_num = worker->thread_num % worker->daemon->num_ports;
488 if(!worker_init(worker, worker->daemon->cfg,
489 worker->daemon->ports[port_num], 0))
490 fatal_exit("Could not initialize thread");
497 * Fork and init the other threads. Main thread returns for special handling.
498 * @param daemon: the daemon with other threads to fork.
501 daemon_start_others(struct daemon* daemon)
505 verbose(VERB_ALGO, "start threads");
506 /* skip i=0, is this thread */
507 for(i=1; i<daemon->num; i++) {
508 ub_thread_create(&daemon->workers[i]->thr_id,
509 thread_start, daemon->workers[i]);
510 #ifdef THREADS_DISABLED
511 /* close pipe end of child */
512 tube_close_read(daemon->workers[i]->cmd);
513 #endif /* no threads */
518 * Stop the other threads.
519 * @param daemon: the daemon with other threads.
522 daemon_stop_others(struct daemon* daemon)
526 verbose(VERB_ALGO, "stop threads");
527 /* skip i=0, is this thread */
528 /* use i=0 buffer for sending cmds; because we are #0 */
529 for(i=1; i<daemon->num; i++) {
530 worker_send_cmd(daemon->workers[i], worker_cmd_quit);
532 /* wait for them to quit */
533 for(i=1; i<daemon->num; i++) {
534 /* join it to make sure its dead */
535 verbose(VERB_ALGO, "join %d", i);
536 ub_thread_join(daemon->workers[i]->thr_id);
537 verbose(VERB_ALGO, "join success %d", i);
542 daemon_fork(struct daemon* daemon)
545 if(!acl_list_apply_cfg(daemon->acl, daemon->cfg))
546 fatal_exit("Could not setup access control list");
547 if(!(daemon->local_zones = local_zones_create()))
548 fatal_exit("Could not create local zones: out of memory");
549 if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg))
550 fatal_exit("Could not set up local zones");
553 daemon_setup_modules(daemon);
555 /* first create all the worker structures, so we can pass
556 * them to the newly created threads.
558 daemon_create_workers(daemon);
560 #if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)
561 /* in libev the first inited base gets signals */
562 if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1))
563 fatal_exit("Could not initialize main thread");
566 /* Now create the threads and init the workers.
567 * By the way, this is thread #0 (the main thread).
569 daemon_start_others(daemon);
571 /* Special handling for the main thread. This is the thread
572 * that handles signals and remote control.
574 #if !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP))
575 /* libevent has the last inited base get signals (or any base) */
576 if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1))
577 fatal_exit("Could not initialize main thread");
579 signal_handling_playback(daemon->workers[0]);
581 /* Start resolver service on main thread. */
582 log_info("start of service (%s).", PACKAGE_STRING);
583 worker_work(daemon->workers[0]);
584 log_info("service stopped (%s).", PACKAGE_STRING);
586 /* we exited! a signal happened! Stop other threads */
587 daemon_stop_others(daemon);
589 daemon->need_to_exit = daemon->workers[0]->need_to_exit;
593 daemon_cleanup(struct daemon* daemon)
597 /* before stopping main worker, handle signals ourselves, so we
598 don't die on multiple reload signals for example. */
599 signal_handling_record();
600 log_thread_set(NULL);
601 /* clean up caches because
602 * a) RRset IDs will be recycled after a reload, causing collisions
603 * b) validation config can change, thus rrset, msg, keycache clear */
604 slabhash_clear(&daemon->env->rrset_cache->table);
605 slabhash_clear(daemon->env->msg_cache);
606 local_zones_delete(daemon->local_zones);
607 daemon->local_zones = NULL;
608 /* key cache is cleared by module desetup during next daemon_fork() */
609 daemon_remote_clear(daemon->rc);
610 for(i=0; i<daemon->num; i++)
611 worker_delete(daemon->workers[i]);
612 free(daemon->workers);
613 daemon->workers = NULL;
616 dt_delete(daemon->dtenv);
622 daemon_delete(struct daemon* daemon)
627 modstack_desetup(&daemon->mods, daemon->env);
628 daemon_remote_delete(daemon->rc);
629 for(i = 0; i < daemon->num_ports; i++)
630 listening_ports_free(daemon->ports[i]);
632 listening_ports_free(daemon->rc_ports);
634 slabhash_delete(daemon->env->msg_cache);
635 rrset_cache_delete(daemon->env->rrset_cache);
636 infra_delete(daemon->env->infra_cache);
638 ub_randfree(daemon->rand);
639 alloc_clear(&daemon->superalloc);
640 acl_list_delete(daemon->acl);
641 free(daemon->chroot);
642 free(daemon->pidfile);
645 SSL_CTX_free((SSL_CTX*)daemon->listen_sslctx);
646 SSL_CTX_free((SSL_CTX*)daemon->connect_sslctx);
649 #ifdef LEX_HAS_YYLEX_DESTROY
653 /* libcrypto cleanup */
655 # if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST)
656 sldns_key_EVP_unload_gost();
658 # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE
660 # if OPENSSL_VERSION_NUMBER < 0x10100000
661 sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free);
665 # ifdef HAVE_OPENSSL_CONFIG
667 # if OPENSSL_VERSION_NUMBER < 0x10100000
672 # ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
673 CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */
675 # ifdef HAVE_ERR_FREE_STRINGS
678 # if OPENSSL_VERSION_NUMBER < 0x10100000
681 # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
682 ub_openssl_lock_delete();
684 #elif defined(HAVE_NSS)
686 #endif /* HAVE_SSL or HAVE_NSS */
689 if(WSACleanup() != 0) {
690 log_err("Could not WSACleanup: %s",
691 wsa_strerror(WSAGetLastError()));
696 void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg)
700 if(!daemon->env->msg_cache ||
701 cfg->msg_cache_size != slabhash_get_size(daemon->env->msg_cache) ||
702 cfg->msg_cache_slabs != daemon->env->msg_cache->size) {
703 slabhash_delete(daemon->env->msg_cache);
704 daemon->env->msg_cache = slabhash_create(cfg->msg_cache_slabs,
705 HASH_DEFAULT_STARTARRAY, cfg->msg_cache_size,
706 msgreply_sizefunc, query_info_compare,
707 query_entry_delete, reply_info_delete, NULL);
708 if(!daemon->env->msg_cache) {
709 fatal_exit("malloc failure updating config settings");
712 if((daemon->env->rrset_cache = rrset_cache_adjust(
713 daemon->env->rrset_cache, cfg, &daemon->superalloc)) == 0)
714 fatal_exit("malloc failure updating config settings");
715 if((daemon->env->infra_cache = infra_adjust(daemon->env->infra_cache,
717 fatal_exit("malloc failure updating config settings");