]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/blob - contrib/unbound/dnstap/unbound-dnstap-socket.c
MFV 364468:
[FreeBSD/FreeBSD.git] / contrib / unbound / dnstap / unbound-dnstap-socket.c
1 /*
2  * dnstap/unbound-dnstap-socket.c - debug program that listens for DNSTAP logs.
3  *
4  * Copyright (c) 2020, NLnet Labs. All rights reserved.
5  *
6  * This software is open source.
7  * 
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 
12  * Redistributions of source code must retain the above copyright notice,
13  * this list of conditions and the following disclaimer.
14  * 
15  * Redistributions in binary form must reproduce the above copyright notice,
16  * this list of conditions and the following disclaimer in the documentation
17  * and/or other materials provided with the distribution.
18  * 
19  * Neither the name of the NLNET LABS nor the names of its contributors may
20  * be used to endorse or promote products derived from this software without
21  * specific prior written permission.
22  * 
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35
36 /**
37  * \file
38  *
39  * This program listens on a DNSTAP socket for logged messages.
40  */
41 #include "config.h"
42 #ifdef HAVE_GETOPT_H
43 #include <getopt.h>
44 #endif
45 #include <signal.h>
46 #include <stdlib.h>
47 #include <unistd.h>
48 #include <signal.h>
49 #include <ctype.h>
50 #ifdef HAVE_SYS_UN_H
51 #include <sys/un.h>
52 #endif
53 #include <openssl/ssl.h>
54 #include <openssl/rand.h>
55 #include <openssl/err.h>
56 #include "dnstap/dtstream.h"
57 #include "dnstap/dnstap_fstrm.h"
58 #include "util/log.h"
59 #include "util/ub_event.h"
60 #include "util/net_help.h"
61 #include "services/listen_dnsport.h"
62 #include "sldns/sbuffer.h"
63 #include "sldns/wire2str.h"
64 #ifdef USE_DNSTAP
65 #include <protobuf-c/protobuf-c.h>
66 #include "dnstap/dnstap.pb-c.h"
67 #endif /* USE_DNSTAP */
68 #include "util/config_file.h"
69
70 /** listen backlog on TCP connections for dnstap logs */
71 #define LISTEN_BACKLOG 16
72
73 /** usage information for streamtcp */
74 static void usage(char* argv[])
75 {
76         printf("usage: %s [options]\n", argv[0]);
77         printf("        Listen to dnstap messages\n");
78         printf("stdout has dnstap log, stderr has verbose server log\n");
79         printf("-u <socketpath> listen to unix socket with this file name\n");
80         printf("-s <serverip[@port]> listen for TCP on the IP and port\n");
81         printf("-t <serverip[@port]> listen for TLS on IP and port\n");
82         printf("-x <server.key> server key file for TLS service\n");
83         printf("-y <server.pem> server cert file for TLS service\n");
84         printf("-z <verify.pem> cert file to verify client connections\n");
85         printf("-l              long format for DNS printout\n");
86         printf("-v              more verbose log output\n");
87         printf("-h              this help text\n");
88         exit(1);
89 }
90
91 /** long format option, for multiline printout per message */
92 static int longformat = 0;
93
94 struct tap_socket_list;
95 struct tap_socket;
96 /** main tap callback data */
97 struct main_tap_data {
98         /** the event base (to loopexit) */
99         struct ub_event_base* base;
100         /** the list of accept sockets */
101         struct tap_socket_list* acceptlist;
102 };
103
104 /** tap callback variables */
105 struct tap_data {
106         /** the fd */
107         int fd;
108         /** the ub event */
109         struct ub_event* ev;
110         /** the SSL for TLS streams */
111         SSL* ssl;
112         /** is the ssl handshake done */
113         int ssl_handshake_done;
114         /** we are briefly waiting to write (in the struct event) */
115         int ssl_brief_write;
116         /** string that identifies the socket (or NULL), like IP address */
117         char* id;
118         /** have we read the length, and how many bytes of it */
119         int len_done;
120         /** have we read the data, and how many bytes of it */
121         size_t data_done;
122         /** are we reading a control frame */
123         int control_frame;
124         /** are we bi-directional (if false, uni-directional) */
125         int is_bidirectional;
126         /** data of the frame */
127         uint8_t* frame;
128         /** length of this frame */
129         size_t len;
130 };
131
132 /** list of sockets */
133 struct tap_socket_list {
134         /** next in list */
135         struct tap_socket_list* next;
136         /** the socket */
137         struct tap_socket* s;
138 };
139
140 /** tap socket */
141 struct tap_socket {
142         /** fd of socket */
143         int fd;
144         /** the event for it */
145         struct ub_event *ev;
146         /** has the event been added */
147         int ev_added;
148         /** the callback, for the event, ev_cb(fd, bits, arg) */
149         void (*ev_cb)(int, short, void*);
150         /** data element, (arg for the tap_socket struct) */
151         void* data;
152         /** socketpath, if this is an AF_LOCAL socket */
153         char* socketpath;
154         /** IP, if this is a TCP socket */
155         char* ip;
156         /** for a TLS socket, the tls context */
157         SSL_CTX* sslctx;
158 };
159
160 /** del the tap event */
161 static void tap_socket_delev(struct tap_socket* s)
162 {
163         if(!s) return;
164         if(!s->ev) return;
165         if(!s->ev_added) return;
166         ub_event_del(s->ev);
167         s->ev_added = 0;
168 }
169
170 /** close the tap socket */
171 static void tap_socket_close(struct tap_socket* s)
172 {
173         if(!s) return;
174         if(s->fd == -1) return;
175         close(s->fd);
176         s->fd = -1;
177 }
178
179 /** delete tap socket */
180 static void tap_socket_delete(struct tap_socket* s)
181 {
182         if(!s) return;
183 #ifdef HAVE_SSL
184         SSL_CTX_free(s->sslctx);
185 #endif
186         ub_event_free(s->ev);
187         free(s->socketpath);
188         free(s->ip);
189         free(s);
190 }
191
192 /** create new socket (unconnected, not base-added), or NULL malloc fail */
193 static struct tap_socket* tap_socket_new_local(char* socketpath,
194         void (*ev_cb)(int, short, void*), void* data)
195 {
196         struct tap_socket* s = calloc(1, sizeof(*s));
197         if(!s) {
198                 log_err("malloc failure");
199                 return NULL;
200         }
201         s->socketpath = strdup(socketpath);
202         if(!s->socketpath) {
203                 free(s);
204                 log_err("malloc failure");
205                 return NULL;
206         }
207         s->fd = -1;
208         s->ev_cb = ev_cb;
209         s->data = data;
210         return s;
211 }
212
213 /** create new socket (unconnected, not base-added), or NULL malloc fail */
214 static struct tap_socket* tap_socket_new_tcpaccept(char* ip,
215         void (*ev_cb)(int, short, void*), void* data)
216 {
217         struct tap_socket* s = calloc(1, sizeof(*s));
218         if(!s) {
219                 log_err("malloc failure");
220                 return NULL;
221         }
222         s->ip = strdup(ip);
223         if(!s->ip) {
224                 free(s);
225                 log_err("malloc failure");
226                 return NULL;
227         }
228         s->fd = -1;
229         s->ev_cb = ev_cb;
230         s->data = data;
231         return s;
232 }
233
234 /** create new socket (unconnected, not base-added), or NULL malloc fail */
235 static struct tap_socket* tap_socket_new_tlsaccept(char* ip,
236         void (*ev_cb)(int, short, void*), void* data, char* server_key,
237         char* server_cert, char* verifypem)
238 {
239         struct tap_socket* s = calloc(1, sizeof(*s));
240         if(!s) {
241                 log_err("malloc failure");
242                 return NULL;
243         }
244         s->ip = strdup(ip);
245         if(!s->ip) {
246                 free(s);
247                 log_err("malloc failure");
248                 return NULL;
249         }
250         s->fd = -1;
251         s->ev_cb = ev_cb;
252         s->data = data;
253         s->sslctx = listen_sslctx_create(server_key, server_cert, verifypem);
254         if(!s->sslctx) {
255                 log_err("could not create ssl context");
256                 free(s->ip);
257                 free(s);
258                 return NULL;
259         }
260         return s;
261 }
262
263 /** setup tcp accept socket on IP string */
264 static int make_tcp_accept(char* ip)
265 {
266 #ifdef SO_REUSEADDR
267         int on = 1;
268 #endif
269         struct sockaddr_storage addr;
270         socklen_t len;
271         int s;
272
273         memset(&addr, 0, sizeof(addr));
274         len = (socklen_t)sizeof(addr);
275         if(!extstrtoaddr(ip, &addr, &len)) {
276                 log_err("could not parse IP '%s'", ip);
277                 return -1;
278         }
279
280         if((s = socket(addr.ss_family, SOCK_STREAM, 0)) == -1) {
281 #ifndef USE_WINSOCK
282                 log_err("can't create socket: %s", strerror(errno));
283 #else
284                 log_err("can't create socket: %s",
285                         wsa_strerror(WSAGetLastError()));
286 #endif
287                 return -1;
288         }
289 #ifdef SO_REUSEADDR
290         if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
291                 (socklen_t)sizeof(on)) < 0) {
292 #ifndef USE_WINSOCK
293                 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
294                         strerror(errno));
295                 close(s);
296 #else
297                 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
298                         wsa_strerror(WSAGetLastError()));
299                 closesocket(s);
300 #endif
301                 return -1;
302         }
303 #endif /* SO_REUSEADDR */
304         if(bind(s, (struct sockaddr*)&addr, len) != 0) {
305 #ifndef USE_WINSOCK
306                 log_err_addr("can't bind socket", strerror(errno),
307                         &addr, len);
308                 close(s);
309 #else
310                 log_err_addr("can't bind socket",
311                         wsa_strerror(WSAGetLastError()), &addr, len);
312                 closesocket(s);
313 #endif
314                 return -1;
315         }
316         if(!fd_set_nonblock(s)) {
317 #ifndef USE_WINSOCK
318                 close(s);
319 #else
320                 closesocket(s);
321 #endif
322                 return -1;
323         }
324         if(listen(s, LISTEN_BACKLOG) == -1) {
325 #ifndef USE_WINSOCK
326                 log_err("can't listen: %s", strerror(errno));
327                 close(s);
328 #else
329                 log_err("can't listen: %s", wsa_strerror(WSAGetLastError()));
330                 closesocket(s);
331 #endif
332                 return -1;
333         }
334         return s;
335 }
336
337 /** setup socket on event base */
338 static int tap_socket_setup(struct tap_socket* s, struct ub_event_base* base)
339 {
340         if(s->socketpath) {
341                 /* AF_LOCAL accept socket */
342                 s->fd = create_local_accept_sock(s->socketpath, NULL, 0);
343                 if(s->fd == -1) {
344                         log_err("could not create local socket");
345                         return 0;
346                 }
347         } else if(s->ip || s->sslctx) {
348                 /* TCP accept socket */
349                 s->fd = make_tcp_accept(s->ip);
350                 if(s->fd == -1) {
351                         log_err("could not create tcp socket");
352                         return 0;
353                 }
354         }
355         s->ev = ub_event_new(base, s->fd, UB_EV_READ | UB_EV_PERSIST,
356                 s->ev_cb, s);
357         if(!s->ev) {
358                 log_err("could not ub_event_new");
359                 return 0;
360         }
361         if(ub_event_add(s->ev, NULL) != 0) {
362                 log_err("could not ub_event_add");
363                 return 0;
364         }
365         s->ev_added = 1;
366         return 1;
367 }
368
369 /** add tap socket to list */
370 static int tap_socket_list_insert(struct tap_socket_list** liststart,
371         struct tap_socket* s)
372 {
373         struct tap_socket_list* entry = (struct tap_socket_list*)
374                 malloc(sizeof(*entry));
375         if(!entry)
376                 return 0;
377         entry->next = *liststart;
378         entry->s = s;
379         *liststart = entry;
380         return 1;
381 }
382
383 /** delete the list */
384 static void tap_socket_list_delete(struct tap_socket_list* list)
385 {
386         struct tap_socket_list* e = list, *next;
387         while(e) {
388                 next = e->next;
389                 tap_socket_delev(e->s);
390                 tap_socket_close(e->s);
391                 tap_socket_delete(e->s);
392                 free(e);
393                 e = next;
394         }
395 }
396
397 /** setup accept events */
398 static int tap_socket_list_addevs(struct tap_socket_list* list,
399         struct ub_event_base* base)
400 {
401         struct tap_socket_list* entry;
402         for(entry = list; entry; entry = entry->next) {
403                 if(!tap_socket_setup(entry->s, base)) {
404                         log_err("could not setup socket");
405                         return 0;
406                 }
407         }
408         return 1;
409 }
410
411 #ifdef USE_DNSTAP
412 /** log control frame contents */
413 static void log_control_frame(uint8_t* pkt, size_t len)
414 {
415         char* desc;
416         if(verbosity == 0) return;
417         desc = fstrm_describe_control(pkt, len);
418         if(!desc) {
419                 log_err("out of memory");
420                 return;
421         }
422         log_info("control frame %s", desc);
423         free(desc);
424 }
425
426 /** convert mtype to string */
427 static const char* mtype_to_str(enum _Dnstap__Message__Type mtype)
428 {
429         switch(mtype) {
430                 case DNSTAP__MESSAGE__TYPE__AUTH_QUERY:
431                         return "AUTH_QUERY";
432                 case DNSTAP__MESSAGE__TYPE__AUTH_RESPONSE:
433                         return "AUTH_RESPONSE";
434                 case DNSTAP__MESSAGE__TYPE__RESOLVER_QUERY:
435                         return "RESOLVER_QUERY";
436                 case DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE:
437                         return "RESOLVER_RESPONSE";
438                 case DNSTAP__MESSAGE__TYPE__CLIENT_QUERY:
439                         return "CLIENT_QUERY";
440                 case DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE:
441                         return "CLIENT_RESPONSE";
442                 case DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY:
443                         return "FORWARDER_QUERY";
444                 case DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE:
445                         return "FORWARDER_RESPONSE";
446                 case DNSTAP__MESSAGE__TYPE__STUB_QUERY:
447                         return "STUB_QUERY";
448                 case DNSTAP__MESSAGE__TYPE__STUB_RESPONSE:
449                         return "STUB_RESPONSE";
450                 default: break;
451         }
452         return "unknown_message_type";
453 }
454
455 /** convert type address to a string ip4 or ip6, malloced or NULL on fail */
456 static char* str_of_addr(ProtobufCBinaryData address)
457 {
458         char buf[64];
459         socklen_t len = sizeof(buf);
460         if(address.len == 4) {
461                 if(inet_ntop(AF_INET, address.data, buf, len)!=0)
462                         return strdup(buf);
463         } else if(address.len == 16) {
464                 if(inet_ntop(AF_INET6, address.data, buf, len)!=0)
465                         return strdup(buf);
466         }
467         return NULL;
468 }
469
470 /** convert message buffer (of dns bytes) to the first qname, type, class,
471  * malloced or NULL on fail */
472 static char* q_of_msg(ProtobufCBinaryData message)
473 {
474         char buf[300];
475         /* header, name, type, class minimum to get the query tuple */
476         if(message.len < 12 + 1 + 4 + 4) return NULL;
477         if(sldns_wire2str_rrquestion_buf(message.data+12, message.len-12,
478                 buf, sizeof(buf)) != 0) {
479                 /* remove trailing newline, tabs to spaces */
480                 /* remove the newline: */
481                 if(buf[0] != 0) buf[strlen(buf)-1]=0;
482                 /* remove first tab (before type) */
483                 if(strrchr(buf, '\t')) *strrchr(buf, '\t')=' ';
484                 /* remove second tab (before class) */
485                 if(strrchr(buf, '\t')) *strrchr(buf, '\t')=' ';
486                 return strdup(buf);
487         }
488         return NULL;
489 }
490
491 /** convert possible string or hex data to string. malloced or NULL */
492 static char* possible_str(ProtobufCBinaryData str)
493 {
494         int is_str = 1;
495         size_t i;
496         for(i=0; i<str.len; i++) {
497                 if(!isprint((unsigned char)str.data[i]))
498                         is_str = 0;
499         }
500         if(is_str) {
501                 char* res = malloc(str.len+1);
502                 if(res) {
503                         memmove(res, str.data, str.len);
504                         res[str.len] = 0;
505                         return res;
506                 }
507         } else {
508                 const char* hex = "0123456789ABCDEF";
509                 char* res = malloc(str.len*2+1);
510                 if(res) {
511                         for(i=0; i<str.len; i++) {
512                                 res[i*2] = hex[(str.data[i]&0xf0)>>4];
513                                 res[i*2+1] = hex[str.data[i]&0x0f];
514                         }
515                         res[str.len*2] = 0;
516                         return res;
517                 }
518         }
519         return NULL;
520 }
521
522 /** convert timeval to string, malloced or NULL */
523 static char* tv_to_str(protobuf_c_boolean has_time_sec, uint64_t time_sec,
524         protobuf_c_boolean has_time_nsec, uint32_t time_nsec)
525 {
526         char buf[64], buf2[256];
527         struct timeval tv;
528         time_t time_t_sec;
529         memset(&tv, 0, sizeof(tv));
530         if(has_time_sec) tv.tv_sec = time_sec;
531         if(has_time_nsec) tv.tv_usec = time_nsec;
532
533         buf[0]=0;
534         time_t_sec = tv.tv_sec;
535         (void)ctime_r(&time_t_sec, buf);
536         snprintf(buf2, sizeof(buf2), "%u.%9.9u %s",
537                 (unsigned)time_sec, (unsigned)time_nsec, buf);
538         return strdup(buf2);
539 }
540
541 /** log data frame contents */
542 static void log_data_frame(uint8_t* pkt, size_t len)
543 {
544         Dnstap__Dnstap* d = dnstap__dnstap__unpack(NULL, len, pkt);
545         const char* mtype = NULL;
546         char* maddr=NULL, *qinf=NULL;
547         if(!d) {
548                 log_err("could not unpack");
549                 return;
550         }
551         if(d->base.descriptor != &dnstap__dnstap__descriptor) {
552                 log_err("wrong base descriptor");
553                 dnstap__dnstap__free_unpacked(d, NULL);
554                 return;
555         }
556         if(d->type != DNSTAP__DNSTAP__TYPE__MESSAGE) {
557                 log_err("dnstap type not type_message");
558                 dnstap__dnstap__free_unpacked(d, NULL);
559                 return;
560         }
561         if(d->message) {
562                 mtype = mtype_to_str(d->message->type);
563                 if(d->message->has_query_address)
564                         maddr = str_of_addr(d->message->query_address);
565                 else if(d->message->has_response_address)
566                         maddr = str_of_addr(d->message->response_address);
567                 if(d->message->has_query_message)
568                         qinf = q_of_msg(d->message->query_message);
569                 else if(d->message->has_response_message)
570                         qinf = q_of_msg(d->message->response_message);
571
572         } else {
573                 mtype = "nomessage";
574         }
575         
576         printf("%s%s%s%s%s\n", mtype, (maddr?" ":""), (maddr?maddr:""),
577                 (qinf?" ":""), (qinf?qinf:""));
578         free(maddr);
579         free(qinf);
580
581         if(longformat) {
582                 char* id=NULL, *vs=NULL;
583                 if(d->has_identity) {
584                         id=possible_str(d->identity);
585                 }
586                 if(d->has_version) {
587                         vs=possible_str(d->version);
588                 }
589                 if(id || vs)
590                         printf("identity: %s%s%s\n", (id?id:""),
591                                 (id&&vs?" ":""), (vs?vs:""));
592                 free(id);
593                 free(vs);
594
595                 if(d->message && d->message->has_query_message &&
596                         d->message->query_message.data) {
597                         char* qmsg = sldns_wire2str_pkt(
598                                 d->message->query_message.data,
599                                 d->message->query_message.len);
600                         if(qmsg) {
601                                 printf("query_message:\n%s", qmsg);
602                                 free(qmsg);
603                         }
604                 }
605                 if(d->message && d->message->has_query_time_sec) {
606                         char* qtv = tv_to_str(d->message->has_query_time_sec,
607                                 d->message->query_time_sec,
608                                 d->message->has_query_time_nsec,
609                                 d->message->query_time_nsec);
610                         if(qtv) {
611                                 printf("query_time: %s\n", qtv);
612                                 free(qtv);
613                         }
614                 }
615                 if(d->message && d->message->has_response_message &&
616                         d->message->response_message.data) {
617                         char* rmsg = sldns_wire2str_pkt(
618                                 d->message->response_message.data,
619                                 d->message->response_message.len);
620                         if(rmsg) {
621                                 printf("response_message:\n%s", rmsg);
622                                 free(rmsg);
623                         }
624                 }
625                 if(d->message && d->message->has_response_time_sec) {
626                         char* rtv = tv_to_str(d->message->has_response_time_sec,
627                                 d->message->response_time_sec,
628                                 d->message->has_response_time_nsec,
629                                 d->message->response_time_nsec);
630                         if(rtv) {
631                                 printf("response_time: %s\n", rtv);
632                                 free(rtv);
633                         }
634                 }
635         }
636         fflush(stdout);
637         dnstap__dnstap__free_unpacked(d, NULL);
638 }
639 #endif /* USE_DNSTAP */
640
641 /** receive bytes from fd, prints errors if bad,
642  * returns 0: closed/error, -1: continue, >0 number of bytes */
643 static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf,
644         size_t len)
645 {
646         ssize_t ret = recv(fd, buf, len, 0);
647         if(ret == 0) {
648                 /* closed */
649                 if(verbosity) log_info("dnstap client stream closed from %s",
650                         (data->id?data->id:""));
651                 return 0;
652         } else if(ret == -1) {
653                 /* error */
654 #ifndef USE_WINSOCK
655                 if(errno == EINTR || errno == EAGAIN)
656                         return -1;
657                 log_err("could not recv: %s", strerror(errno));
658 #else /* USE_WINSOCK */
659                 if(WSAGetLastError() == WSAEINPROGRESS)
660                         return -1;
661                 if(WSAGetLastError() == WSAEWOULDBLOCK) {
662                         ub_winsock_tcp_wouldblock(data->ev, UB_EV_READ);
663                         return -1;
664                 }
665                 log_err("could not recv: %s",
666                         wsa_strerror(WSAGetLastError()));
667 #endif
668                 if(verbosity) log_info("dnstap client stream closed from %s",
669                         (data->id?data->id:""));
670                 return 0;
671         }
672         return ret;
673 }
674
675 /* define routine for have_ssl only to avoid unused function warning */
676 #ifdef HAVE_SSL
677 /** set to wait briefly for a write event, for one event call */
678 static void tap_enable_brief_write(struct tap_data* data)
679 {
680         ub_event_del(data->ev);
681         ub_event_del_bits(data->ev, UB_EV_READ);
682         ub_event_add_bits(data->ev, UB_EV_WRITE);
683         if(ub_event_add(data->ev, NULL) != 0)
684                 log_err("could not ub_event_add in tap_enable_brief_write");
685         data->ssl_brief_write = 1;
686 }
687 #endif /* HAVE_SSL */
688
689 /* define routine for have_ssl only to avoid unused function warning */
690 #ifdef HAVE_SSL
691 /** stop the brief wait for a write event. back to reading. */
692 static void tap_disable_brief_write(struct tap_data* data)
693 {
694         ub_event_del(data->ev);
695         ub_event_del_bits(data->ev, UB_EV_WRITE);
696         ub_event_add_bits(data->ev, UB_EV_READ);
697         if(ub_event_add(data->ev, NULL) != 0)
698                 log_err("could not ub_event_add in tap_disable_brief_write");
699         data->ssl_brief_write = 0;
700 }
701 #endif /* HAVE_SSL */
702
703 #ifdef HAVE_SSL
704 /** receive bytes over ssl stream, prints errors if bad,
705  * returns 0: closed/error, -1: continue, >0 number of bytes */
706 static ssize_t ssl_read_bytes(struct tap_data* data, void* buf, size_t len)
707 {
708         int r;
709         ERR_clear_error();
710         r = SSL_read(data->ssl, buf, len);
711         if(r <= 0) {
712                 int want = SSL_get_error(data->ssl, r);
713                 if(want == SSL_ERROR_ZERO_RETURN) {
714                         /* closed */
715                         if(verbosity) log_info("dnstap client stream closed from %s",
716                                 (data->id?data->id:""));
717                         return 0;
718                 } else if(want == SSL_ERROR_WANT_READ) {
719                         /* continue later */
720                         return -1;
721                 } else if(want == SSL_ERROR_WANT_WRITE) {
722                         /* set to briefly write */
723                         tap_enable_brief_write(data);
724                         return -1;
725                 } else if(want == SSL_ERROR_SYSCALL) {
726 #ifdef ECONNRESET
727                         if(errno == ECONNRESET && verbosity < 2)
728                                 return 0; /* silence reset by peer */
729 #endif
730                         if(errno != 0)
731                                 log_err("SSL_read syscall: %s",
732                                         strerror(errno));
733                         if(verbosity) log_info("dnstap client stream closed from %s",
734                                 (data->id?data->id:""));
735                         return 0;
736                 }
737                 log_crypto_err("could not SSL_read");
738                 if(verbosity) log_info("dnstap client stream closed from %s",
739                         (data->id?data->id:""));
740                 return 0;
741         }
742         return r;
743 }
744 #endif /* HAVE_SSL */
745
746 /** receive bytes on the tap connection, prints errors if bad,
747  * returns 0: closed/error, -1: continue, >0 number of bytes */
748 static ssize_t tap_receive(struct tap_data* data, void* buf, size_t len)
749 {
750 #ifdef HAVE_SSL
751         if(data->ssl)
752                 return ssl_read_bytes(data, buf, len);
753 #endif
754         return receive_bytes(data, data->fd, buf, len);
755 }
756
757 /** delete the tap structure */
758 void tap_data_free(struct tap_data* data)
759 {
760         ub_event_del(data->ev);
761         ub_event_free(data->ev);
762 #ifdef HAVE_SSL
763         SSL_free(data->ssl);
764 #endif
765         close(data->fd);
766         free(data->id);
767         free(data->frame);
768         free(data);
769 }
770
771 /** reply with ACCEPT control frame to bidirectional client,
772  * returns 0 on error */
773 static int reply_with_accept(struct tap_data* data)
774 {
775 #ifdef USE_DNSTAP
776         /* len includes the escape and framelength */
777         int r;
778         size_t len = 0;
779         void* acceptframe = fstrm_create_control_frame_accept(
780                 DNSTAP_CONTENT_TYPE, &len);
781         if(!acceptframe) {
782                 log_err("out of memory");
783                 return 0;
784         }
785
786         fd_set_block(data->fd);
787         if(data->ssl) {
788                 if((r=SSL_write(data->ssl, acceptframe, len)) <= 0) {
789                         if(SSL_get_error(data->ssl, r) == SSL_ERROR_ZERO_RETURN)
790                                 log_err("SSL_write, peer closed connection");
791                         else
792                                 log_err("could not SSL_write");
793                         fd_set_nonblock(data->fd);
794                         free(acceptframe);
795                         return 0;
796                 }
797         } else {
798                 if(send(data->fd, acceptframe, len, 0) == -1) {
799 #ifndef USE_WINSOCK
800                         log_err("send failed: %s", strerror(errno));
801 #else
802                         log_err("send failed: %s",
803                                 wsa_strerror(WSAGetLastError()));
804 #endif
805                         fd_set_nonblock(data->fd);
806                         free(acceptframe);
807                         return 0;
808                 }
809         }
810         if(verbosity) log_info("sent control frame(accept) content-type:(%s)",
811                         DNSTAP_CONTENT_TYPE);
812
813         fd_set_nonblock(data->fd);
814         free(acceptframe);
815         return 1;
816 #else
817         log_err("no dnstap compiled, no reply");
818         (void)data;
819         return 0;
820 #endif
821 }
822
823 /** reply with FINISH control frame to bidirectional client,
824  * returns 0 on error */
825 static int reply_with_finish(int fd)
826 {
827 #ifdef USE_DNSTAP
828         size_t len = 0;
829         void* finishframe = fstrm_create_control_frame_finish(&len);
830         if(!finishframe) {
831                 log_err("out of memory");
832                 return 0;
833         }
834
835         fd_set_block(fd);
836         if(send(fd, finishframe, len, 0) == -1) {
837 #ifndef USE_WINSOCK
838                 log_err("send failed: %s", strerror(errno));
839 #else
840                 log_err("send failed: %s", wsa_strerror(WSAGetLastError()));
841 #endif
842                 fd_set_nonblock(fd);
843                 free(finishframe);
844                 return 0;
845         }
846         if(verbosity) log_info("sent control frame(finish)");
847
848         fd_set_nonblock(fd);
849         free(finishframe);
850         return 1;
851 #else
852         log_err("no dnstap compiled, no reply");
853         (void)fd;
854         return 0;
855 #endif
856 }
857
858 #ifdef HAVE_SSL
859 /** check SSL peer certificate, return 0 on fail */
860 static int tap_check_peer(struct tap_data* data)
861 {
862         if((SSL_get_verify_mode(data->ssl)&SSL_VERIFY_PEER)) {
863                 /* verification */
864                 if(SSL_get_verify_result(data->ssl) == X509_V_OK) {
865                         X509* x = SSL_get_peer_certificate(data->ssl);
866                         if(!x) {
867                                 if(verbosity) log_info("SSL connection %s"
868                                         " failed no certificate", data->id);
869                                 return 0;
870                         }
871                         if(verbosity)
872                                 log_cert(VERB_ALGO, "peer certificate", x);
873 #ifdef HAVE_SSL_GET0_PEERNAME
874                         if(SSL_get0_peername(data->ssl)) {
875                                 if(verbosity) log_info("SSL connection %s "
876                                         "to %s authenticated", data->id,
877                                         SSL_get0_peername(data->ssl));
878                         } else {
879 #endif
880                                 if(verbosity) log_info("SSL connection %s "
881                                         "authenticated", data->id);
882 #ifdef HAVE_SSL_GET0_PEERNAME
883                         }
884 #endif
885                         X509_free(x);
886                 } else {
887                         X509* x = SSL_get_peer_certificate(data->ssl);
888                         if(x) {
889                                 if(verbosity)
890                                         log_cert(VERB_ALGO, "peer certificate", x);
891                                 X509_free(x);
892                         }
893                         if(verbosity) log_info("SSL connection %s failed: "
894                                 "failed to authenticate", data->id);
895                         return 0;
896                 }
897         } else {
898                 /* unauthenticated, the verify peer flag was not set
899                  * in ssl when the ssl object was created from ssl_ctx */
900                 if(verbosity) log_info("SSL connection %s", data->id);
901         }
902         return 1;
903 }
904 #endif /* HAVE_SSL */
905
906 #ifdef HAVE_SSL
907 /** perform SSL handshake, return 0 to wait for events, 1 if done */
908 static int tap_handshake(struct tap_data* data)
909 {
910         int r;
911         if(data->ssl_brief_write) {
912                 /* write condition has been satisfied, back to reading */
913                 tap_disable_brief_write(data);
914         }
915         if(data->ssl_handshake_done)
916                 return 1;
917
918         ERR_clear_error();
919         r = SSL_do_handshake(data->ssl);
920         if(r != 1) {
921                 int want = SSL_get_error(data->ssl, r);
922                 if(want == SSL_ERROR_WANT_READ) {
923                         return 0;
924                 } else if(want == SSL_ERROR_WANT_WRITE) {
925                         tap_enable_brief_write(data);
926                         return 0;
927                 } else if(r == 0) {
928                         /* closed */
929                         tap_data_free(data);
930                         return 0;
931                 } else if(want == SSL_ERROR_SYSCALL) {
932                         /* SYSCALL and errno==0 means closed uncleanly */
933                         int silent = 0;
934 #ifdef EPIPE
935                         if(errno == EPIPE && verbosity < 2)
936                                 silent = 1; /* silence 'broken pipe' */
937 #endif
938 #ifdef ECONNRESET
939                         if(errno == ECONNRESET && verbosity < 2)
940                                 silent = 1; /* silence reset by peer */
941 #endif
942                         if(errno == 0)
943                                 silent = 1;
944                         if(!silent)
945                                 log_err("SSL_handshake syscall: %s",
946                                         strerror(errno));
947                         tap_data_free(data);
948                         return 0;
949                 } else {
950                         unsigned long err = ERR_get_error();
951                         if(!squelch_err_ssl_handshake(err)) {
952                                 log_crypto_err_code("ssl handshake failed",
953                                         err);
954                                 verbose(VERB_OPS, "ssl handshake failed "
955                                         "from %s", data->id);
956                         }
957                         tap_data_free(data);
958                         return 0;
959                 }
960         }
961         /* check peer verification */
962         data->ssl_handshake_done = 1;
963         if(!tap_check_peer(data)) {
964                 /* closed */
965                 tap_data_free(data);
966                 return 0;
967         }
968         return 1;
969 }
970 #endif /* HAVE_SSL */
971
972 /** callback for dnstap listener */
973 void dtio_tap_callback(int fd, short ATTR_UNUSED(bits), void* arg)
974 {
975         struct tap_data* data = (struct tap_data*)arg;
976         if(verbosity>=3) log_info("tap callback");
977 #ifdef HAVE_SSL
978         if(data->ssl && (!data->ssl_handshake_done ||
979                 data->ssl_brief_write)) {
980                 if(!tap_handshake(data))
981                         return;
982         }
983 #endif
984         while(data->len_done < 4) {
985                 uint32_t l = (uint32_t)data->len;
986                 ssize_t ret = tap_receive(data,
987                         ((uint8_t*)&l)+data->len_done, 4-data->len_done);
988                 if(verbosity>=4) log_info("s recv %d", (int)ret);
989                 if(ret == 0) {
990                         /* closed or error */
991                         tap_data_free(data);
992                         return;
993                 } else if(ret == -1) {
994                         /* continue later */
995                         return;
996                 }
997                 data->len_done += ret;
998                 data->len = (size_t)l;
999                 if(data->len_done < 4)
1000                         return; /* continue later */
1001                 data->len = (size_t)(ntohl(l));
1002                 if(verbosity>=3) log_info("length is %d", (int)data->len);
1003                 if(data->len == 0) {
1004                         /* it is a control frame */
1005                         data->control_frame = 1;
1006                         /* read controlframelen */
1007                         data->len_done = 0;
1008                 } else {
1009                         /* allocate frame size */
1010                         data->frame = calloc(1, data->len);
1011                         if(!data->frame) {
1012                                 log_err("out of memory");
1013                                 tap_data_free(data);
1014                                 return;
1015                         }
1016                 }
1017         }
1018
1019         /* we want to read the full length now */
1020         if(data->data_done < data->len) {
1021                 ssize_t r = tap_receive(data, data->frame + data->data_done,
1022                         data->len - data->data_done);
1023                 if(verbosity>=4) log_info("f recv %d", (int)r);
1024                 if(r == 0) {
1025                         /* closed or error */
1026                         tap_data_free(data);
1027                         return;
1028                 } else if(r == -1) {
1029                         /* continue later */
1030                         return;
1031                 }
1032                 data->data_done += r;
1033                 if(data->data_done < data->len)
1034                         return; /* continue later */
1035         }
1036
1037         /* we are done with a frame */
1038         if(verbosity>=3) log_info("received %sframe len %d",
1039                 (data->control_frame?"control ":""), (int)data->len);
1040 #ifdef USE_DNSTAP
1041         if(data->control_frame)
1042                 log_control_frame(data->frame, data->len);
1043         else    log_data_frame(data->frame, data->len);
1044 #endif
1045
1046         if(data->len >= 4 && sldns_read_uint32(data->frame) ==
1047                 FSTRM_CONTROL_FRAME_READY) {
1048                 data->is_bidirectional = 1;
1049                 if(verbosity) log_info("bidirectional stream");
1050                 if(!reply_with_accept(data)) {
1051                         tap_data_free(data);
1052                 }
1053         } else if(data->len >= 4 && sldns_read_uint32(data->frame) ==
1054                 FSTRM_CONTROL_FRAME_STOP && data->is_bidirectional) {
1055                 if(!reply_with_finish(fd)) {
1056                         tap_data_free(data);
1057                         return;
1058                 }
1059         }
1060
1061         /* prepare for next frame */
1062         free(data->frame);
1063         data->frame = NULL;
1064         data->control_frame = 0;
1065         data->len = 0;
1066         data->len_done = 0;
1067         data->data_done = 0;
1068
1069 }
1070
1071 /** callback for main listening file descriptor */
1072 void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg)
1073 {
1074         struct tap_socket* tap_sock = (struct tap_socket*)arg;
1075         struct main_tap_data* maindata = (struct main_tap_data*)
1076                 tap_sock->data;
1077         struct tap_data* data;
1078         char* id = NULL;
1079         struct sockaddr_storage addr;
1080         socklen_t addrlen = (socklen_t)sizeof(addr);
1081         int s = accept(fd, (struct sockaddr*)&addr, &addrlen);
1082         if(s == -1) {
1083 #ifndef USE_WINSOCK
1084                 /* EINTR is signal interrupt. others are closed connection. */
1085                 if(     errno == EINTR || errno == EAGAIN
1086 #ifdef EWOULDBLOCK
1087                         || errno == EWOULDBLOCK
1088 #endif
1089 #ifdef ECONNABORTED
1090                         || errno == ECONNABORTED
1091 #endif
1092 #ifdef EPROTO
1093                         || errno == EPROTO
1094 #endif /* EPROTO */
1095                         )
1096                         return;
1097                 log_err_addr("accept failed", strerror(errno), &addr, addrlen);
1098 #else /* USE_WINSOCK */
1099                 if(WSAGetLastError() == WSAEINPROGRESS ||
1100                         WSAGetLastError() == WSAECONNRESET)
1101                         return;
1102                 if(WSAGetLastError() == WSAEWOULDBLOCK) {
1103                         ub_winsock_tcp_wouldblock(maindata->ev, UB_EV_READ);
1104                         return;
1105                 }
1106                 log_err_addr("accept failed", wsa_strerror(WSAGetLastError()),
1107                         &addr, addrlen);
1108 #endif
1109                 return;
1110         }
1111         fd_set_nonblock(s);
1112         if(verbosity) {
1113                 if(addr.ss_family == AF_LOCAL) {
1114 #ifdef HAVE_SYS_UN_H
1115                         struct sockaddr_un* usock = calloc(1, sizeof(struct sockaddr_un) + 1);
1116                         if(usock) {
1117                                 socklen_t ulen = sizeof(struct sockaddr_un);
1118                                 if(getsockname(fd, (struct sockaddr*)usock, &ulen) != -1) {
1119                                         log_info("accepted new dnstap client from %s", usock->sun_path);
1120                                         id = strdup(usock->sun_path);
1121                                 } else {
1122                                         log_info("accepted new dnstap client");
1123                                 }
1124                                 free(usock);
1125                         } else {
1126                                 log_info("accepted new dnstap client");
1127                         }
1128 #endif /* HAVE_SYS_UN_H */
1129                 } else if(addr.ss_family == AF_INET ||
1130                         addr.ss_family == AF_INET6) {
1131                         char ip[256];
1132                         addr_to_str(&addr, addrlen, ip, sizeof(ip));
1133                         log_info("accepted new dnstap client from %s", ip);
1134                         id = strdup(ip);
1135                 } else {
1136                         log_info("accepted new dnstap client");
1137                 }
1138         }
1139         
1140         data = calloc(1, sizeof(*data));
1141         if(!data) fatal_exit("out of memory");
1142         data->fd = s;
1143         data->id = id;
1144         if(tap_sock->sslctx) {
1145                 data->ssl = incoming_ssl_fd(tap_sock->sslctx, data->fd);
1146                 if(!data->ssl) fatal_exit("could not SSL_new");
1147         }
1148         data->ev = ub_event_new(maindata->base, s, UB_EV_READ | UB_EV_PERSIST,
1149                 &dtio_tap_callback, data);
1150         if(!data->ev) fatal_exit("could not ub_event_new");
1151         if(ub_event_add(data->ev, NULL) != 0) fatal_exit("could not ub_event_add");
1152 }
1153
1154 /** setup local accept sockets */
1155 static void setup_local_list(struct main_tap_data* maindata,
1156         struct config_strlist_head* local_list)
1157 {
1158         struct config_strlist* item;
1159         for(item = local_list->first; item; item = item->next) {
1160                 struct tap_socket* s;
1161                 s = tap_socket_new_local(item->str, &dtio_mainfdcallback,
1162                         maindata);
1163                 if(!s) fatal_exit("out of memory");
1164                 if(!tap_socket_list_insert(&maindata->acceptlist, s))
1165                         fatal_exit("out of memory");
1166         }
1167 }
1168
1169 /** setup tcp accept sockets */
1170 static void setup_tcp_list(struct main_tap_data* maindata,
1171         struct config_strlist_head* tcp_list)
1172 {
1173         struct config_strlist* item;
1174         for(item = tcp_list->first; item; item = item->next) {
1175                 struct tap_socket* s;
1176                 s = tap_socket_new_tcpaccept(item->str, &dtio_mainfdcallback,
1177                         maindata);
1178                 if(!s) fatal_exit("out of memory");
1179                 if(!tap_socket_list_insert(&maindata->acceptlist, s))
1180                         fatal_exit("out of memory");
1181         }
1182 }
1183
1184 /** setup tls accept sockets */
1185 static void setup_tls_list(struct main_tap_data* maindata,
1186         struct config_strlist_head* tls_list, char* server_key,
1187         char* server_cert, char* verifypem)
1188 {
1189         struct config_strlist* item;
1190         for(item = tls_list->first; item; item = item->next) {
1191                 struct tap_socket* s;
1192                 s = tap_socket_new_tlsaccept(item->str, &dtio_mainfdcallback,
1193                         maindata, server_key, server_cert, verifypem);
1194                 if(!s) fatal_exit("out of memory");
1195                 if(!tap_socket_list_insert(&maindata->acceptlist, s))
1196                         fatal_exit("out of memory");
1197         }
1198 }
1199
1200 /** signal variable */
1201 static struct ub_event_base* sig_base = NULL;
1202 /** do we have to quit */
1203 int sig_quit = 0;
1204 /** signal handler for user quit */
1205 static RETSIGTYPE main_sigh(int sig)
1206 {
1207         verbose(VERB_ALGO, "exit on signal %d\n", sig);
1208         if(sig_base)
1209                 ub_event_base_loopexit(sig_base);
1210         sig_quit = 1;
1211 }
1212
1213 /** setup and run the server to listen to DNSTAP messages */
1214 static void
1215 setup_and_run(struct config_strlist_head* local_list,
1216         struct config_strlist_head* tcp_list,
1217         struct config_strlist_head* tls_list, char* server_key,
1218         char* server_cert, char* verifypem)
1219 {
1220         time_t secs = 0;
1221         struct timeval now;
1222         struct main_tap_data* maindata;
1223         struct ub_event_base* base;
1224         const char *evnm="event", *evsys="", *evmethod="";
1225
1226         maindata = calloc(1, sizeof(*maindata));
1227         if(!maindata) fatal_exit("out of memory");
1228         memset(&now, 0, sizeof(now));
1229         base = ub_default_event_base(1, &secs, &now);
1230         if(!base) fatal_exit("could not create ub_event base");
1231         maindata->base = base;
1232         sig_base = base;
1233         if(sig_quit) {
1234                 ub_event_base_free(base);
1235                 free(maindata);
1236                 return;
1237         }
1238         ub_get_event_sys(base, &evnm, &evsys, &evmethod);
1239         if(verbosity) log_info("%s %s uses %s method", evnm, evsys, evmethod);
1240
1241         setup_local_list(maindata, local_list);
1242         setup_tcp_list(maindata, tcp_list);
1243         setup_tls_list(maindata, tls_list, server_key, server_cert,
1244                 verifypem);
1245         if(!tap_socket_list_addevs(maindata->acceptlist, base))
1246                 fatal_exit("could not setup accept events");
1247         if(verbosity) log_info("start of service");
1248
1249         ub_event_base_dispatch(base);
1250
1251         if(verbosity) log_info("end of service");
1252         sig_base = NULL;
1253         tap_socket_list_delete(maindata->acceptlist);
1254         ub_event_base_free(base);
1255         free(maindata);
1256 }
1257
1258 /** getopt global, in case header files fail to declare it. */
1259 extern int optind;
1260 /** getopt global, in case header files fail to declare it. */
1261 extern char* optarg;
1262
1263 /** main program for streamtcp */
1264 int main(int argc, char** argv) 
1265 {
1266         int c;
1267         int usessl = 0;
1268         struct config_strlist_head local_list;
1269         struct config_strlist_head tcp_list;
1270         struct config_strlist_head tls_list;
1271         char* server_key = NULL, *server_cert = NULL, *verifypem = NULL;
1272 #ifdef USE_WINSOCK
1273         WSADATA wsa_data;
1274         if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) {
1275                 printf("WSAStartup failed\n");
1276                 return 1;
1277         }
1278 #endif
1279         if(signal(SIGINT, main_sigh) == SIG_ERR ||
1280 #ifdef SIGQUIT
1281                 signal(SIGQUIT, main_sigh) == SIG_ERR ||
1282 #endif
1283 #ifdef SIGHUP
1284                 signal(SIGHUP, main_sigh) == SIG_ERR ||
1285 #endif
1286 #ifdef SIGBREAK
1287                 signal(SIGBREAK, main_sigh) == SIG_ERR ||
1288 #endif
1289                 signal(SIGTERM, main_sigh) == SIG_ERR)
1290                 fatal_exit("could not bind to signal");
1291         memset(&local_list, 0, sizeof(local_list));
1292         memset(&tcp_list, 0, sizeof(tcp_list));
1293         memset(&tls_list, 0, sizeof(tls_list));
1294
1295         /* lock debug start (if any) */
1296         log_ident_set("unbound-dnstap-socket");
1297         log_init(0, 0, 0);
1298         checklock_start();
1299
1300 #ifdef SIGPIPE
1301         if(signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
1302                 perror("could not install signal handler for SIGPIPE");
1303                 return 1;
1304         }
1305 #endif
1306
1307         /* command line options */
1308         while( (c=getopt(argc, argv, "hls:t:u:vx:y:z:")) != -1) {
1309                 switch(c) {
1310                         case 'u':
1311                                 if(!cfg_strlist_append(&local_list,
1312                                         strdup(optarg)))
1313                                         fatal_exit("out of memory");
1314                                 break;
1315                         case 's':
1316                                 if(!cfg_strlist_append(&tcp_list,
1317                                         strdup(optarg)))
1318                                         fatal_exit("out of memory");
1319                                 break;
1320                         case 't':
1321                                 if(!cfg_strlist_append(&tls_list,
1322                                         strdup(optarg)))
1323                                         fatal_exit("out of memory");
1324                                 usessl = 1;
1325                                 break;
1326                         case 'x':
1327                                 server_key = optarg;
1328                                 usessl = 1;
1329                                 break;
1330                         case 'y':
1331                                 server_cert = optarg;
1332                                 usessl = 1;
1333                                 break;
1334                         case 'z':
1335                                 verifypem = optarg;
1336                                 usessl = 1;
1337                                 break;
1338                         case 'l':
1339                                 longformat = 1;
1340                                 break;
1341                         case 'v':
1342                                 verbosity++;
1343                                 break;
1344                         case 'h':
1345                         case '?':
1346                         default:
1347                                 usage(argv);
1348                 }
1349         }
1350         argc -= optind;
1351         argv += optind;
1352
1353         if(usessl) {
1354 #ifdef HAVE_SSL
1355 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
1356                 ERR_load_SSL_strings();
1357 #endif
1358 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
1359 #  ifndef S_SPLINT_S
1360                 OpenSSL_add_all_algorithms();
1361 #  endif
1362 #else
1363                 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
1364                         | OPENSSL_INIT_ADD_ALL_DIGESTS
1365                         | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
1366 #endif
1367 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
1368                 (void)SSL_library_init();
1369 #else
1370                 (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
1371 #endif
1372 #endif /* HAVE_SSL */
1373         }
1374         setup_and_run(&local_list, &tcp_list, &tls_list, server_key,
1375                 server_cert, verifypem);
1376         config_delstrlist(local_list.first);
1377         config_delstrlist(tcp_list.first);
1378         config_delstrlist(tls_list.first);
1379
1380         checklock_stop();
1381 #ifdef USE_WINSOCK
1382         WSACleanup();
1383 #endif
1384         return 0;
1385 }
1386
1387 /***--- definitions to make fptr_wlist work. ---***/
1388 /* These are callbacks, similar to smallapp callbacks, except the debug
1389  * tool callbacks are not in it */
1390 struct tube;
1391 struct query_info;
1392 #include "util/data/packed_rrset.h"
1393
1394 void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
1395         uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len),
1396         int ATTR_UNUSED(error), void* ATTR_UNUSED(arg))
1397 {
1398         log_assert(0);
1399 }
1400
1401 int worker_handle_request(struct comm_point* ATTR_UNUSED(c), 
1402         void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
1403         struct comm_reply* ATTR_UNUSED(repinfo))
1404 {
1405         log_assert(0);
1406         return 0;
1407 }
1408
1409 int worker_handle_reply(struct comm_point* ATTR_UNUSED(c), 
1410         void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
1411         struct comm_reply* ATTR_UNUSED(reply_info))
1412 {
1413         log_assert(0);
1414         return 0;
1415 }
1416
1417 int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), 
1418         void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
1419         struct comm_reply* ATTR_UNUSED(reply_info))
1420 {
1421         log_assert(0);
1422         return 0;
1423 }
1424
1425 int remote_accept_callback(struct comm_point* ATTR_UNUSED(c), 
1426         void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
1427         struct comm_reply* ATTR_UNUSED(repinfo))
1428 {
1429         log_assert(0);
1430         return 0;
1431 }
1432
1433 int remote_control_callback(struct comm_point* ATTR_UNUSED(c), 
1434         void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
1435         struct comm_reply* ATTR_UNUSED(repinfo))
1436 {
1437         log_assert(0);
1438         return 0;
1439 }
1440
1441 void worker_sighandler(int ATTR_UNUSED(sig), void* ATTR_UNUSED(arg))
1442 {
1443         log_assert(0);
1444 }
1445
1446 struct outbound_entry* worker_send_query(
1447         struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags),
1448         int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
1449         int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr),
1450         socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
1451         size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream),
1452         char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q))
1453 {
1454         log_assert(0);
1455         return 0;
1456 }
1457
1458 #ifdef UB_ON_WINDOWS
1459 void
1460 worker_win_stop_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), void* 
1461         ATTR_UNUSED(arg)) {
1462         log_assert(0);
1463 }
1464
1465 void
1466 wsvc_cron_cb(void* ATTR_UNUSED(arg))
1467 {
1468         log_assert(0);
1469 }
1470 #endif /* UB_ON_WINDOWS */
1471
1472 void 
1473 worker_alloc_cleanup(void* ATTR_UNUSED(arg))
1474 {
1475         log_assert(0);
1476 }
1477
1478 struct outbound_entry* libworker_send_query(
1479         struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags),
1480         int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
1481         int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr),
1482         socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
1483         size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream),
1484         char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q))
1485 {
1486         log_assert(0);
1487         return 0;
1488 }
1489
1490 int libworker_handle_reply(struct comm_point* ATTR_UNUSED(c), 
1491         void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
1492         struct comm_reply* ATTR_UNUSED(reply_info))
1493 {
1494         log_assert(0);
1495         return 0;
1496 }
1497
1498 int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), 
1499         void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
1500         struct comm_reply* ATTR_UNUSED(reply_info))
1501 {
1502         log_assert(0);
1503         return 0;
1504 }
1505
1506 void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
1507         uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len),
1508         int ATTR_UNUSED(error), void* ATTR_UNUSED(arg))
1509 {
1510         log_assert(0);
1511 }
1512
1513 void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 
1514         struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
1515         char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
1516 {
1517         log_assert(0);
1518 }
1519
1520 void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 
1521         struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
1522         char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
1523 {
1524         log_assert(0);
1525 }
1526
1527 void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 
1528         struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
1529         char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
1530 {
1531         log_assert(0);
1532 }
1533
1534 int context_query_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b))
1535 {
1536         log_assert(0);
1537         return 0;
1538 }
1539
1540 void worker_stat_timer_cb(void* ATTR_UNUSED(arg))
1541 {
1542         log_assert(0);
1543 }
1544
1545 void worker_probe_timer_cb(void* ATTR_UNUSED(arg))
1546 {
1547         log_assert(0);
1548 }
1549
1550 void worker_start_accept(void* ATTR_UNUSED(arg))
1551 {
1552         log_assert(0);
1553 }
1554
1555 void worker_stop_accept(void* ATTR_UNUSED(arg))
1556 {
1557         log_assert(0);
1558 }
1559
1560 /** keep track of lock id in lock-verify application */
1561 struct order_id {
1562         /** the thread id that created it */
1563         int thr;
1564         /** the instance number of creation */
1565         int instance;
1566 };
1567
1568 int order_lock_cmp(const void* e1, const void* e2)
1569 {
1570         const struct order_id* o1 = e1;
1571         const struct order_id* o2 = e2;
1572         if(o1->thr < o2->thr) return -1;
1573         if(o1->thr > o2->thr) return 1;
1574         if(o1->instance < o2->instance) return -1;
1575         if(o1->instance > o2->instance) return 1;
1576         return 0;
1577 }
1578
1579 int
1580 codeline_cmp(const void* a, const void* b)
1581 {
1582         return strcmp(a, b);
1583 }
1584
1585 int replay_var_compare(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b))
1586 {
1587         log_assert(0);
1588         return 0;
1589 }
1590
1591 void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg))
1592 {
1593         log_assert(0);
1594 }