2 * services/listen_dnsport.c - listen on port 53 for incoming DNS queries.
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
6 * This software is open source.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 * This file has functions to get queries from clients.
42 #ifdef HAVE_SYS_TYPES_H
43 # include <sys/types.h>
46 #ifdef USE_TCP_FASTOPEN
47 #include <netinet/tcp.h>
49 #include "services/listen_dnsport.h"
50 #include "services/outside_network.h"
51 #include "util/netevent.h"
53 #include "util/config_file.h"
54 #include "util/net_help.h"
55 #include "sldns/sbuffer.h"
67 #include <systemd/sd-daemon.h>
70 /** number of queued TCP connections for listen() */
71 #define TCP_BACKLOG 256
74 * Debug print of the getaddrinfo returned address.
75 * @param addr: the address returned.
78 verbose_print_addr(struct addrinfo *addr)
80 if(verbosity >= VERB_ALGO) {
82 void* sinaddr = &((struct sockaddr_in*)addr->ai_addr)->sin_addr;
84 if(addr->ai_family == AF_INET6)
85 sinaddr = &((struct sockaddr_in6*)addr->ai_addr)->
88 if(inet_ntop(addr->ai_family, sinaddr, buf,
89 (socklen_t)sizeof(buf)) == 0) {
90 (void)strlcpy(buf, "(null)", sizeof(buf));
92 buf[sizeof(buf)-1] = 0;
93 verbose(VERB_ALGO, "creating %s%s socket %s %d",
94 addr->ai_socktype==SOCK_DGRAM?"udp":
95 addr->ai_socktype==SOCK_STREAM?"tcp":"otherproto",
96 addr->ai_family==AF_INET?"4":
97 addr->ai_family==AF_INET6?"6":
99 ntohs(((struct sockaddr_in*)addr->ai_addr)->sin_port));
105 systemd_get_activated(int family, int socktype, int listen,
106 struct sockaddr *addr, socklen_t addrlen,
112 const char* listen_pid, *listen_fds;
114 /* We should use "listen" option only for stream protocols. For UDP it should be -1 */
116 if((r = sd_booted()) < 1) {
118 log_warn("systemd is not running");
120 log_err("systemd sd_booted(): %s", strerror(-r));
124 listen_pid = getenv("LISTEN_PID");
125 listen_fds = getenv("LISTEN_FDS");
128 log_warn("Systemd mandatory ENV variable is not defined: LISTEN_PID");
133 log_warn("Systemd mandatory ENV variable is not defined: LISTEN_FDS");
137 if((r = sd_listen_fds(0)) < 1) {
139 log_warn("systemd: did not return socket, check unit configuration");
141 log_err("systemd sd_listen_fds(): %s", strerror(-r));
145 for(i = 0; i < r; i++) {
146 if(sd_is_socket(SD_LISTEN_FDS_START + i, family, socktype, listen)) {
147 s = SD_LISTEN_FDS_START + i;
153 log_err_addr("systemd sd_listen_fds()",
155 (struct sockaddr_storage *)addr, addrlen);
157 log_err("systemd sd_listen_fds(): %s", path);
164 create_udp_sock(int family, int socktype, struct sockaddr* addr,
165 socklen_t addrlen, int v6only, int* inuse, int* noproto,
166 int rcv, int snd, int listen, int* reuseport, int transparent,
167 int freebind, int use_systemd)
170 #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND)
174 int mtu = IPV6_MIN_MTU;
176 #if !defined(SO_RCVBUFFORCE) && !defined(SO_RCVBUF)
179 #if !defined(SO_SNDBUFFORCE) && !defined(SO_SNDBUF)
185 #if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY)
188 #if !defined(IP_FREEBIND)
192 int got_fd_from_systemd = 0;
196 && (s = systemd_get_activated(family, socktype, -1, addr,
197 addrlen, NULL)) == -1)) {
201 if((s = socket(family, socktype, 0)) == -1) {
204 if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) {
208 log_err("can't create socket: %s", strerror(errno));
210 if(WSAGetLastError() == WSAEAFNOSUPPORT ||
211 WSAGetLastError() == WSAEPROTONOSUPPORT) {
215 log_err("can't create socket: %s",
216 wsa_strerror(WSAGetLastError()));
223 got_fd_from_systemd = 1;
228 if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
229 (socklen_t)sizeof(on)) < 0) {
231 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
233 if(errno != ENOSYS) {
240 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
241 wsa_strerror(WSAGetLastError()));
248 #endif /* SO_REUSEADDR */
250 /* try to set SO_REUSEPORT so that incoming
251 * queries are distributed evenly among the receiving threads.
252 * Each thread must have its own socket bound to the same port,
253 * with SO_REUSEPORT set on each socket.
255 if (reuseport && *reuseport &&
256 setsockopt(s, SOL_SOCKET, SO_REUSEPORT, (void*)&on,
257 (socklen_t)sizeof(on)) < 0) {
259 if(errno != ENOPROTOOPT || verbosity >= 3)
260 log_warn("setsockopt(.. SO_REUSEPORT ..) failed: %s",
263 /* this option is not essential, we can continue */
268 #endif /* defined(SO_REUSEPORT) */
269 #ifdef IP_TRANSPARENT
271 setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on,
272 (socklen_t)sizeof(on)) < 0) {
273 log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s",
276 #elif defined(IP_BINDANY)
278 setsockopt(s, (family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP),
279 (family == AF_INET6? IPV6_BINDANY:IP_BINDANY),
280 (void*)&on, (socklen_t)sizeof(on)) < 0) {
281 log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s",
282 (family==AF_INET6?"V6":""), strerror(errno));
284 #endif /* IP_TRANSPARENT || IP_BINDANY */
288 setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on,
289 (socklen_t)sizeof(on)) < 0) {
290 log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s",
293 #endif /* IP_FREEBIND */
297 socklen_t slen = (socklen_t)sizeof(got);
298 # ifdef SO_RCVBUFFORCE
299 /* Linux specific: try to use root permission to override
300 * system limits on rcvbuf. The limit is stored in
301 * /proc/sys/net/core/rmem_max or sysctl net.core.rmem_max */
302 if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv,
303 (socklen_t)sizeof(rcv)) < 0) {
306 log_err("setsockopt(..., SO_RCVBUFFORCE, "
307 "...) failed: %s", strerror(errno));
310 log_err("setsockopt(..., SO_RCVBUFFORCE, "
312 wsa_strerror(WSAGetLastError()));
319 # endif /* SO_RCVBUFFORCE */
320 if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv,
321 (socklen_t)sizeof(rcv)) < 0) {
323 log_err("setsockopt(..., SO_RCVBUF, "
324 "...) failed: %s", strerror(errno));
327 log_err("setsockopt(..., SO_RCVBUF, "
329 wsa_strerror(WSAGetLastError()));
336 /* check if we got the right thing or if system
337 * reduced to some system max. Warn if so */
338 if(getsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&got,
339 &slen) >= 0 && got < rcv/2) {
340 log_warn("so-rcvbuf %u was not granted. "
341 "Got %u. To fix: start with "
342 "root permissions(linux) or sysctl "
343 "bigger net.core.rmem_max(linux) or "
344 "kern.ipc.maxsockbuf(bsd) values.",
345 (unsigned)rcv, (unsigned)got);
347 # ifdef SO_RCVBUFFORCE
350 #endif /* SO_RCVBUF */
352 /* first do RCVBUF as the receive buffer is more important */
356 socklen_t slen = (socklen_t)sizeof(got);
357 # ifdef SO_SNDBUFFORCE
358 /* Linux specific: try to use root permission to override
359 * system limits on sndbuf. The limit is stored in
360 * /proc/sys/net/core/wmem_max or sysctl net.core.wmem_max */
361 if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd,
362 (socklen_t)sizeof(snd)) < 0) {
365 log_err("setsockopt(..., SO_SNDBUFFORCE, "
366 "...) failed: %s", strerror(errno));
369 log_err("setsockopt(..., SO_SNDBUFFORCE, "
371 wsa_strerror(WSAGetLastError()));
378 # endif /* SO_SNDBUFFORCE */
379 if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd,
380 (socklen_t)sizeof(snd)) < 0) {
382 log_err("setsockopt(..., SO_SNDBUF, "
383 "...) failed: %s", strerror(errno));
386 log_err("setsockopt(..., SO_SNDBUF, "
388 wsa_strerror(WSAGetLastError()));
395 /* check if we got the right thing or if system
396 * reduced to some system max. Warn if so */
397 if(getsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&got,
398 &slen) >= 0 && got < snd/2) {
399 log_warn("so-sndbuf %u was not granted. "
400 "Got %u. To fix: start with "
401 "root permissions(linux) or sysctl "
402 "bigger net.core.wmem_max(linux) or "
403 "kern.ipc.maxsockbuf(bsd) values.",
404 (unsigned)snd, (unsigned)got);
406 # ifdef SO_SNDBUFFORCE
409 #endif /* SO_SNDBUF */
411 if(family == AF_INET6) {
412 # if defined(IPV6_V6ONLY)
414 int val=(v6only==2)?0:1;
415 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
416 (void*)&val, (socklen_t)sizeof(val)) < 0) {
418 log_err("setsockopt(..., IPV6_V6ONLY"
419 ", ...) failed: %s", strerror(errno));
422 log_err("setsockopt(..., IPV6_V6ONLY"
424 wsa_strerror(WSAGetLastError()));
433 # if defined(IPV6_USE_MIN_MTU)
435 * There is no fragmentation of IPv6 datagrams
436 * during forwarding in the network. Therefore
437 * we do not send UDP datagrams larger than
438 * the minimum IPv6 MTU of 1280 octets. The
439 * EDNS0 message length can be larger if the
440 * network stack supports IPV6_USE_MIN_MTU.
442 if (setsockopt(s, IPPROTO_IPV6, IPV6_USE_MIN_MTU,
443 (void*)&on, (socklen_t)sizeof(on)) < 0) {
445 log_err("setsockopt(..., IPV6_USE_MIN_MTU, "
446 "...) failed: %s", strerror(errno));
449 log_err("setsockopt(..., IPV6_USE_MIN_MTU, "
451 wsa_strerror(WSAGetLastError()));
458 # elif defined(IPV6_MTU)
460 * On Linux, to send no larger than 1280, the PMTUD is
461 * disabled by default for datagrams anyway, so we set
464 if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU,
465 (void*)&mtu, (socklen_t)sizeof(mtu)) < 0) {
467 log_err("setsockopt(..., IPV6_MTU, ...) failed: %s",
471 log_err("setsockopt(..., IPV6_MTU, ...) failed: %s",
472 wsa_strerror(WSAGetLastError()));
479 # endif /* IPv6 MTU */
480 } else if(family == AF_INET) {
481 # if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
482 /* linux 3.15 has IP_PMTUDISC_OMIT, Hannes Frederic Sowa made it so that
483 * PMTU information is not accepted, but fragmentation is allowed
484 * if and only if the packet size exceeds the outgoing interface MTU
485 * (and also uses the interface mtu to determine the size of the packets).
486 * So there won't be any EMSGSIZE error. Against DNS fragmentation attacks.
487 * FreeBSD already has same semantics without setting the option. */
490 # if defined(IP_PMTUDISC_OMIT)
491 action = IP_PMTUDISC_OMIT;
492 if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
493 &action, (socklen_t)sizeof(action)) < 0) {
495 if (errno != EINVAL) {
496 log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s",
515 action = IP_PMTUDISC_DONT;
516 if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
517 &action, (socklen_t)sizeof(action)) < 0) {
518 log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s",
530 # elif defined(IP_DONTFRAG)
532 if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG,
533 &off, (socklen_t)sizeof(off)) < 0) {
534 log_err("setsockopt(..., IP_DONTFRAG, ...) failed: %s",
545 # endif /* IPv4 MTU */
549 !got_fd_from_systemd &&
551 bind(s, (struct sockaddr*)addr, addrlen) != 0) {
556 *inuse = (errno == EADDRINUSE);
557 /* detect freebsd jail with no ipv6 permission */
558 if(family==AF_INET6 && errno==EINVAL)
560 else if(errno != EADDRINUSE) {
561 log_err_addr("can't bind socket", strerror(errno),
562 (struct sockaddr_storage*)addr, addrlen);
564 #endif /* EADDRINUSE */
566 #else /* USE_WINSOCK */
567 if(WSAGetLastError() != WSAEADDRINUSE &&
568 WSAGetLastError() != WSAEADDRNOTAVAIL) {
569 log_err_addr("can't bind socket",
570 wsa_strerror(WSAGetLastError()),
571 (struct sockaddr_storage*)addr, addrlen);
574 #endif /* USE_WINSOCK */
577 if(!fd_set_nonblock(s)) {
591 create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
592 int* reuseport, int transparent, int mss, int freebind, int use_systemd)
595 #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND)
599 int got_fd_from_systemd = 0;
601 #ifdef USE_TCP_FASTOPEN
604 #if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY)
607 #if !defined(IP_FREEBIND)
610 verbose_print_addr(addr);
615 && (s = systemd_get_activated(addr->ai_family, addr->ai_socktype, 1,
616 addr->ai_addr, addr->ai_addrlen,
621 if((s = socket(addr->ai_family, addr->ai_socktype, 0)) == -1) {
623 if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) {
627 log_err("can't create socket: %s", strerror(errno));
629 if(WSAGetLastError() == WSAEAFNOSUPPORT ||
630 WSAGetLastError() == WSAEPROTONOSUPPORT) {
634 log_err("can't create socket: %s",
635 wsa_strerror(WSAGetLastError()));
640 #if defined(IPPROTO_TCP) && defined(TCP_MAXSEG)
641 if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, (void*)&mss,
642 (socklen_t)sizeof(mss)) < 0) {
644 log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s",
647 log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s",
648 wsa_strerror(WSAGetLastError()));
652 " tcp socket mss set to %d", mss);
655 log_warn(" setsockopt(TCP_MAXSEG) unsupported");
656 #endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */
660 got_fd_from_systemd = 1;
664 if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
665 (socklen_t)sizeof(on)) < 0) {
667 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
671 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
672 wsa_strerror(WSAGetLastError()));
677 #endif /* SO_REUSEADDR */
679 if (freebind && setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on,
680 (socklen_t)sizeof(on)) < 0) {
681 log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s",
684 #endif /* IP_FREEBIND */
686 /* try to set SO_REUSEPORT so that incoming
687 * connections are distributed evenly among the receiving threads.
688 * Each thread must have its own socket bound to the same port,
689 * with SO_REUSEPORT set on each socket.
691 if (reuseport && *reuseport &&
692 setsockopt(s, SOL_SOCKET, SO_REUSEPORT, (void*)&on,
693 (socklen_t)sizeof(on)) < 0) {
695 if(errno != ENOPROTOOPT || verbosity >= 3)
696 log_warn("setsockopt(.. SO_REUSEPORT ..) failed: %s",
699 /* this option is not essential, we can continue */
704 #endif /* defined(SO_REUSEPORT) */
705 #if defined(IPV6_V6ONLY)
706 if(addr->ai_family == AF_INET6 && v6only) {
707 if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
708 (void*)&on, (socklen_t)sizeof(on)) < 0) {
710 log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s",
714 log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s",
715 wsa_strerror(WSAGetLastError()));
723 #endif /* IPV6_V6ONLY */
724 #ifdef IP_TRANSPARENT
726 setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on,
727 (socklen_t)sizeof(on)) < 0) {
728 log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s",
731 #elif defined(IP_BINDANY)
733 setsockopt(s, (addr->ai_family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP),
734 (addr->ai_family == AF_INET6? IPV6_BINDANY:IP_BINDANY),
735 (void*)&on, (socklen_t)sizeof(on)) < 0) {
736 log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s",
737 (addr->ai_family==AF_INET6?"V6":""), strerror(errno));
739 #endif /* IP_TRANSPARENT || IP_BINDANY */
742 !got_fd_from_systemd &&
744 bind(s, addr->ai_addr, addr->ai_addrlen) != 0) {
746 /* detect freebsd jail with no ipv6 permission */
747 if(addr->ai_family==AF_INET6 && errno==EINVAL)
750 log_err_addr("can't bind socket", strerror(errno),
751 (struct sockaddr_storage*)addr->ai_addr,
756 log_err_addr("can't bind socket",
757 wsa_strerror(WSAGetLastError()),
758 (struct sockaddr_storage*)addr->ai_addr,
764 if(!fd_set_nonblock(s)) {
772 if(listen(s, TCP_BACKLOG) == -1) {
774 log_err("can't listen: %s", strerror(errno));
777 log_err("can't listen: %s", wsa_strerror(WSAGetLastError()));
782 #ifdef USE_TCP_FASTOPEN
783 /* qlen specifies how many outstanding TFO requests to allow. Limit is a defense
784 against IP spoofing attacks as suggested in RFC7413 */
786 /* OS X implementation only supports qlen of 1 via this call. Actual
787 value is configured by the net.inet.tcp.fastopen_backlog kernel parm. */
790 /* 5 is recommended on linux */
793 if ((setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &qlen,
794 sizeof(qlen))) == -1 ) {
796 /* squelch ENOPROTOOPT: freebsd server mode with kernel support
797 disabled, except when verbosity enabled for debugging */
798 if(errno != ENOPROTOOPT || verbosity >= 3)
800 log_err("Setting TCP Fast Open as server failed: %s", strerror(errno));
807 create_local_accept_sock(const char *path, int* noproto, int use_systemd)
812 if (use_systemd && (ret = systemd_get_activated(AF_LOCAL, SOCK_STREAM, 1, NULL, 0, path)) != -1)
818 struct sockaddr_un usock;
823 verbose(VERB_ALGO, "creating unix socket %s", path);
824 #ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
825 /* this member exists on BSDs, not Linux */
826 usock.sun_len = (unsigned)sizeof(usock);
828 usock.sun_family = AF_LOCAL;
829 /* length is 92-108, 104 on FreeBSD */
830 (void)strlcpy(usock.sun_path, path, sizeof(usock.sun_path));
832 if ((s = socket(AF_LOCAL, SOCK_STREAM, 0)) == -1) {
833 log_err("Cannot create local socket %s (%s)",
834 path, strerror(errno));
838 if (unlink(path) && errno != ENOENT) {
839 /* The socket already exists and cannot be removed */
840 log_err("Cannot remove old local socket %s (%s)",
841 path, strerror(errno));
845 if (bind(s, (struct sockaddr *)&usock,
846 (socklen_t)sizeof(struct sockaddr_un)) == -1) {
847 log_err("Cannot bind local socket %s (%s)",
848 path, strerror(errno));
852 if (!fd_set_nonblock(s)) {
853 log_err("Cannot set non-blocking mode");
857 if (listen(s, TCP_BACKLOG) == -1) {
858 log_err("can't listen: %s", strerror(errno));
862 (void)noproto; /*unused*/
879 log_err("Local sockets are not supported");
887 * Create socket from getaddrinfo results
890 make_sock(int stype, const char* ifname, const char* port,
891 struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd,
892 int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd)
894 struct addrinfo *res = NULL;
895 int r, s, inuse, noproto;
896 hints->ai_socktype = stype;
898 if((r=getaddrinfo(ifname, port, hints, &res)) != 0 || !res) {
900 if(r == EAI_NONAME && hints->ai_family == AF_INET6){
901 *noip6 = 1; /* 'Host not found' for IP6 on winXP */
905 log_err("node %s:%s getaddrinfo: %s %s",
906 ifname?ifname:"default", port, gai_strerror(r),
908 r==EAI_SYSTEM?(char*)strerror(errno):""
915 if(stype == SOCK_DGRAM) {
916 verbose_print_addr(res);
917 s = create_udp_sock(res->ai_family, res->ai_socktype,
918 (struct sockaddr*)res->ai_addr, res->ai_addrlen,
919 v6only, &inuse, &noproto, (int)rcv, (int)snd, 1,
920 reuseport, transparent, freebind, use_systemd);
921 if(s == -1 && inuse) {
922 log_err("bind: address already in use");
923 } else if(s == -1 && noproto && hints->ai_family == AF_INET6){
927 s = create_tcp_accept_sock(res, v6only, &noproto, reuseport,
928 transparent, tcp_mss, freebind, use_systemd);
929 if(s == -1 && noproto && hints->ai_family == AF_INET6){
937 /** make socket and first see if ifname contains port override info */
939 make_sock_port(int stype, const char* ifname, const char* port,
940 struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd,
941 int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd)
943 char* s = strchr(ifname, '@');
945 /* override port with ifspec@port */
948 if((size_t)(s-ifname) >= sizeof(newif)) {
949 log_err("ifname too long: %s", ifname);
953 if(strlen(s+1) >= sizeof(p)) {
954 log_err("portnumber too long: %s", ifname);
958 (void)strlcpy(newif, ifname, sizeof(newif));
960 (void)strlcpy(p, s+1, sizeof(p));
962 return make_sock(stype, newif, p, hints, v6only, noip6,
963 rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd);
965 return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd,
966 reuseport, transparent, tcp_mss, freebind, use_systemd);
970 * Add port to open ports list.
971 * @param list: list head. changed.
973 * @param ftype: if fd is UDP.
974 * @return false on failure. list in unchanged then.
977 port_insert(struct listen_port** list, int s, enum listen_type ftype)
979 struct listen_port* item = (struct listen_port*)malloc(
980 sizeof(struct listen_port));
990 /** set fd to receive source address packet info */
992 set_recvpktinfo(int s, int family)
994 #if defined(IPV6_RECVPKTINFO) || defined(IPV6_PKTINFO) || (defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR)) || defined(IP_PKTINFO)
999 if(family == AF_INET6) {
1000 # ifdef IPV6_RECVPKTINFO
1001 if(setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO,
1002 (void*)&on, (socklen_t)sizeof(on)) < 0) {
1003 log_err("setsockopt(..., IPV6_RECVPKTINFO, ...) failed: %s",
1007 # elif defined(IPV6_PKTINFO)
1008 if(setsockopt(s, IPPROTO_IPV6, IPV6_PKTINFO,
1009 (void*)&on, (socklen_t)sizeof(on)) < 0) {
1010 log_err("setsockopt(..., IPV6_PKTINFO, ...) failed: %s",
1015 log_err("no IPV6_RECVPKTINFO and no IPV6_PKTINFO option, please "
1016 "disable interface-automatic or do-ip6 in config");
1018 # endif /* defined IPV6_RECVPKTINFO */
1020 } else if(family == AF_INET) {
1022 if(setsockopt(s, IPPROTO_IP, IP_PKTINFO,
1023 (void*)&on, (socklen_t)sizeof(on)) < 0) {
1024 log_err("setsockopt(..., IP_PKTINFO, ...) failed: %s",
1028 # elif defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR)
1029 if(setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR,
1030 (void*)&on, (socklen_t)sizeof(on)) < 0) {
1031 log_err("setsockopt(..., IP_RECVDSTADDR, ...) failed: %s",
1036 log_err("no IP_SENDSRCADDR or IP_PKTINFO option, please disable "
1037 "interface-automatic or do-ip4 in config");
1039 # endif /* IP_PKTINFO */
1046 * Helper for ports_open. Creates one interface (or NULL for default).
1047 * @param ifname: The interface ip address.
1048 * @param do_auto: use automatic interface detection.
1049 * If enabled, then ifname must be the wildcard name.
1050 * @param do_udp: if udp should be used.
1051 * @param do_tcp: if udp should be used.
1052 * @param hints: for getaddrinfo. family and flags have to be set by caller.
1053 * @param port: Port number to use (as string).
1054 * @param list: list of open ports, appended to, changed to point to list head.
1055 * @param rcv: receive buffer size for UDP
1056 * @param snd: send buffer size for UDP
1057 * @param ssl_port: ssl service port number
1058 * @param reuseport: try to set SO_REUSEPORT if nonNULL and true.
1059 * set to false on exit if reuseport failed due to no kernel support.
1060 * @param transparent: set IP_TRANSPARENT socket option.
1061 * @param tcp_mss: maximum segment size of tcp socket. default if zero.
1062 * @param freebind: set IP_FREEBIND socket option.
1063 * @param use_systemd: if true, fetch sockets from systemd.
1064 * @param dnscrypt_port: dnscrypt service port number
1065 * @return: returns false on error.
1068 ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
1069 struct addrinfo *hints, const char* port, struct listen_port** list,
1070 size_t rcv, size_t snd, int ssl_port, int* reuseport, int transparent,
1071 int tcp_mss, int freebind, int use_systemd, int dnscrypt_port)
1075 int is_dnscrypt = ((strchr(ifname, '@') &&
1076 atoi(strchr(ifname, '@')+1) == dnscrypt_port) ||
1077 (!strchr(ifname, '@') && atoi(port) == dnscrypt_port));
1079 int is_dnscrypt = 0;
1080 (void)dnscrypt_port;
1083 if(!do_udp && !do_tcp)
1086 if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1,
1087 &noip6, rcv, snd, reuseport, transparent,
1088 tcp_mss, freebind, use_systemd)) == -1) {
1090 log_warn("IPv6 protocol not available");
1095 /* getting source addr packet info is highly non-portable */
1096 if(!set_recvpktinfo(s, hints->ai_family)) {
1104 if(!port_insert(list, s,
1105 is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) {
1114 /* regular udp socket */
1115 if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1,
1116 &noip6, rcv, snd, reuseport, transparent,
1117 tcp_mss, freebind, use_systemd)) == -1) {
1119 log_warn("IPv6 protocol not available");
1124 if(!port_insert(list, s,
1125 is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) {
1135 int is_ssl = ((strchr(ifname, '@') &&
1136 atoi(strchr(ifname, '@')+1) == ssl_port) ||
1137 (!strchr(ifname, '@') && atoi(port) == ssl_port));
1138 if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1,
1139 &noip6, 0, 0, reuseport, transparent, tcp_mss,
1140 freebind, use_systemd)) == -1) {
1142 /*log_warn("IPv6 protocol not available");*/
1148 verbose(VERB_ALGO, "setup TCP for SSL service");
1149 if(!port_insert(list, s, is_ssl?listen_type_ssl:
1150 (is_dnscrypt?listen_type_tcp_dnscrypt:listen_type_tcp))) {
1163 * Add items to commpoint list in front.
1164 * @param c: commpoint to add.
1165 * @param front: listen struct.
1166 * @return: false on failure.
1169 listen_cp_insert(struct comm_point* c, struct listen_dnsport* front)
1171 struct listen_list* item = (struct listen_list*)malloc(
1172 sizeof(struct listen_list));
1176 item->next = front->cps;
1181 struct listen_dnsport*
1182 listen_create(struct comm_base* base, struct listen_port* ports,
1183 size_t bufsize, int tcp_accept_count, void* sslctx,
1184 struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg)
1186 struct listen_dnsport* front = (struct listen_dnsport*)
1187 malloc(sizeof(struct listen_dnsport));
1191 front->udp_buff = sldns_buffer_new(bufsize);
1193 front->dnscrypt_udp_buff = NULL;
1195 if(!front->udp_buff) {
1200 /* create comm points as needed */
1202 struct comm_point* cp = NULL;
1203 if(ports->ftype == listen_type_udp ||
1204 ports->ftype == listen_type_udp_dnscrypt)
1205 cp = comm_point_create_udp(base, ports->fd,
1206 front->udp_buff, cb, cb_arg);
1207 else if(ports->ftype == listen_type_tcp ||
1208 ports->ftype == listen_type_tcp_dnscrypt)
1209 cp = comm_point_create_tcp(base, ports->fd,
1210 tcp_accept_count, bufsize, cb, cb_arg);
1211 else if(ports->ftype == listen_type_ssl) {
1212 cp = comm_point_create_tcp(base, ports->fd,
1213 tcp_accept_count, bufsize, cb, cb_arg);
1215 } else if(ports->ftype == listen_type_udpancil ||
1216 ports->ftype == listen_type_udpancil_dnscrypt)
1217 cp = comm_point_create_udp_ancil(base, ports->fd,
1218 front->udp_buff, cb, cb_arg);
1220 log_err("can't create commpoint");
1221 listen_delete(front);
1225 cp->do_not_close = 1;
1227 if (ports->ftype == listen_type_udp_dnscrypt ||
1228 ports->ftype == listen_type_tcp_dnscrypt ||
1229 ports->ftype == listen_type_udpancil_dnscrypt) {
1231 cp->dnscrypt_buffer = sldns_buffer_new(bufsize);
1232 if(!cp->dnscrypt_buffer) {
1233 log_err("can't alloc dnscrypt_buffer");
1234 comm_point_delete(cp);
1235 listen_delete(front);
1238 front->dnscrypt_udp_buff = cp->dnscrypt_buffer;
1241 if(!listen_cp_insert(cp, front)) {
1242 log_err("malloc failed");
1243 comm_point_delete(cp);
1244 listen_delete(front);
1247 ports = ports->next;
1250 log_err("Could not open sockets to accept queries.");
1251 listen_delete(front);
1259 listen_list_delete(struct listen_list* list)
1261 struct listen_list *p = list, *pn;
1264 comm_point_delete(p->com);
1271 listen_delete(struct listen_dnsport* front)
1275 listen_list_delete(front->cps);
1277 if(front->dnscrypt_udp_buff &&
1278 front->udp_buff != front->dnscrypt_udp_buff) {
1279 sldns_buffer_free(front->dnscrypt_udp_buff);
1282 sldns_buffer_free(front->udp_buff);
1287 listening_ports_open(struct config_file* cfg, int* reuseport)
1289 struct listen_port* list = NULL;
1290 struct addrinfo hints;
1291 int i, do_ip4, do_ip6;
1292 int do_tcp, do_auto;
1294 snprintf(portbuf, sizeof(portbuf), "%d", cfg->port);
1295 do_ip4 = cfg->do_ip4;
1296 do_ip6 = cfg->do_ip6;
1297 do_tcp = cfg->do_tcp;
1298 do_auto = cfg->if_automatic && cfg->do_udp;
1299 if(cfg->incoming_num_tcp == 0)
1303 memset(&hints, 0, sizeof(hints));
1304 hints.ai_flags = AI_PASSIVE;
1305 /* no name lookups on our listening ports */
1306 if(cfg->num_ifs > 0)
1307 hints.ai_flags |= AI_NUMERICHOST;
1308 hints.ai_family = AF_UNSPEC;
1312 if(!do_ip4 && !do_ip6) {
1315 /* create ip4 and ip6 ports so that return addresses are nice. */
1316 if(do_auto || cfg->num_ifs == 0) {
1318 hints.ai_family = AF_INET6;
1319 if(!ports_create_if(do_auto?"::0":"::1",
1320 do_auto, cfg->do_udp, do_tcp,
1321 &hints, portbuf, &list,
1322 cfg->so_rcvbuf, cfg->so_sndbuf,
1323 cfg->ssl_port, reuseport,
1324 cfg->ip_transparent,
1325 cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
1326 cfg->dnscrypt_port)) {
1327 listening_ports_free(list);
1332 hints.ai_family = AF_INET;
1333 if(!ports_create_if(do_auto?"0.0.0.0":"127.0.0.1",
1334 do_auto, cfg->do_udp, do_tcp,
1335 &hints, portbuf, &list,
1336 cfg->so_rcvbuf, cfg->so_sndbuf,
1337 cfg->ssl_port, reuseport,
1338 cfg->ip_transparent,
1339 cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
1340 cfg->dnscrypt_port)) {
1341 listening_ports_free(list);
1345 } else for(i = 0; i<cfg->num_ifs; i++) {
1346 if(str_is_ip6(cfg->ifs[i])) {
1349 hints.ai_family = AF_INET6;
1350 if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
1351 do_tcp, &hints, portbuf, &list,
1352 cfg->so_rcvbuf, cfg->so_sndbuf,
1353 cfg->ssl_port, reuseport,
1354 cfg->ip_transparent,
1355 cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
1356 cfg->dnscrypt_port)) {
1357 listening_ports_free(list);
1363 hints.ai_family = AF_INET;
1364 if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
1365 do_tcp, &hints, portbuf, &list,
1366 cfg->so_rcvbuf, cfg->so_sndbuf,
1367 cfg->ssl_port, reuseport,
1368 cfg->ip_transparent,
1369 cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
1370 cfg->dnscrypt_port)) {
1371 listening_ports_free(list);
1379 void listening_ports_free(struct listen_port* list)
1381 struct listen_port* nx;
1384 if(list->fd != -1) {
1388 closesocket(list->fd);
1396 size_t listen_get_mem(struct listen_dnsport* listen)
1398 struct listen_list* p;
1399 size_t s = sizeof(*listen) + sizeof(*listen->base) +
1400 sizeof(*listen->udp_buff) +
1401 sldns_buffer_capacity(listen->udp_buff);
1403 s += sizeof(*listen->dnscrypt_udp_buff);
1404 if(listen->udp_buff != listen->dnscrypt_udp_buff){
1405 s += sldns_buffer_capacity(listen->dnscrypt_udp_buff);
1408 for(p = listen->cps; p; p = p->next) {
1410 s += comm_point_get_mem(p->com);
1415 void listen_stop_accept(struct listen_dnsport* listen)
1417 /* do not stop the ones that have no tcp_free list
1418 * (they have already stopped listening) */
1419 struct listen_list* p;
1420 for(p=listen->cps; p; p=p->next) {
1421 if(p->com->type == comm_tcp_accept &&
1422 p->com->tcp_free != NULL) {
1423 comm_point_stop_listening(p->com);
1428 void listen_start_accept(struct listen_dnsport* listen)
1430 /* do not start the ones that have no tcp_free list, it is no
1431 * use to listen to them because they have no free tcp handlers */
1432 struct listen_list* p;
1433 for(p=listen->cps; p; p=p->next) {
1434 if(p->com->type == comm_tcp_accept &&
1435 p->com->tcp_free != NULL) {
1436 comm_point_start_listening(p->com, -1, -1);