2008-09-11 10:14:12 -04:00
|
|
|
/*
|
2021-04-13 07:58:53 -04:00
|
|
|
* smallapp/unbound-control.c - remote control utility for unbound.
|
2008-09-11 10:14:12 -04:00
|
|
|
*
|
|
|
|
|
* Copyright (c) 2008, NLnet Labs. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This software is open source.
|
2023-04-20 11:39:55 -04:00
|
|
|
*
|
2008-09-11 10:14:12 -04:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
2023-04-20 11:39:55 -04:00
|
|
|
*
|
2008-09-11 10:14:12 -04:00
|
|
|
* Redistributions of source code must retain the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer.
|
2023-04-20 11:39:55 -04:00
|
|
|
*
|
2008-09-11 10:14:12 -04:00
|
|
|
* Redistributions in binary form must reproduce the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
|
|
|
* and/or other materials provided with the distribution.
|
2023-04-20 11:39:55 -04:00
|
|
|
*
|
2008-09-11 10:14:12 -04:00
|
|
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
|
|
|
|
* be used to endorse or promote products derived from this software without
|
|
|
|
|
* specific prior written permission.
|
2023-04-20 11:39:55 -04:00
|
|
|
*
|
2008-09-11 10:14:12 -04:00
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
2014-02-07 08:28:39 -05:00
|
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
|
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
|
|
|
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
|
|
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
|
|
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
|
|
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2008-09-11 10:14:12 -04:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \file
|
|
|
|
|
*
|
|
|
|
|
* The remote control utility contacts the unbound server over ssl and
|
|
|
|
|
* sends the command, receives the answer, and displays the result
|
|
|
|
|
* from the commandline.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "config.h"
|
2010-03-12 10:17:48 -05:00
|
|
|
#ifdef HAVE_GETOPT_H
|
|
|
|
|
#include <getopt.h>
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_OPENSSL_SSL_H
|
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_OPENSSL_ERR_H
|
|
|
|
|
#include <openssl/err.h>
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_OPENSSL_RAND_H
|
|
|
|
|
#include <openssl/rand.h>
|
|
|
|
|
#endif
|
2008-09-11 10:14:12 -04:00
|
|
|
#include "util/log.h"
|
|
|
|
|
#include "util/config_file.h"
|
|
|
|
|
#include "util/locks.h"
|
|
|
|
|
#include "util/net_help.h"
|
2017-02-23 07:05:05 -05:00
|
|
|
#include "util/shm_side/shm_main.h"
|
2023-04-18 09:50:12 -04:00
|
|
|
#include "util/timeval_func.h"
|
2017-02-23 07:05:05 -05:00
|
|
|
#include "daemon/stats.h"
|
|
|
|
|
#include "sldns/wire2str.h"
|
|
|
|
|
#include "sldns/pkthdr.h"
|
2019-11-21 23:56:24 -05:00
|
|
|
#include "services/rpz.h"
|
2021-02-26 07:54:10 -05:00
|
|
|
#include "services/listen_dnsport.h"
|
2008-09-11 10:14:12 -04:00
|
|
|
|
2017-02-23 07:05:05 -05:00
|
|
|
#ifdef HAVE_SYS_IPC_H
|
|
|
|
|
#include "sys/ipc.h"
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_SYS_SHM_H
|
|
|
|
|
#include "sys/shm.h"
|
|
|
|
|
#endif
|
2015-01-06 09:12:59 -05:00
|
|
|
#ifdef HAVE_SYS_UN_H
|
|
|
|
|
#include <sys/un.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-03-17 06:32:13 -04:00
|
|
|
#ifdef HAVE_TARGETCONDITIONALS_H
|
|
|
|
|
#include <TargetConditionals.h>
|
2020-03-11 03:39:48 -04:00
|
|
|
#endif
|
|
|
|
|
|
2018-09-13 10:43:43 -04:00
|
|
|
static void usage(void) ATTR_NORETURN;
|
|
|
|
|
static void ssl_err(const char* s) ATTR_NORETURN;
|
|
|
|
|
static void ssl_path_err(const char* s, const char *path) ATTR_NORETURN;
|
|
|
|
|
|
2020-12-11 03:33:56 -05:00
|
|
|
/** timeout to wait for connection over stream, in msec */
|
|
|
|
|
#define UNBOUND_CONTROL_CONNECT_TIMEOUT 5000
|
|
|
|
|
|
2008-09-11 10:14:12 -04:00
|
|
|
/** Give unbound-control usage, and exit (1). */
|
|
|
|
|
static void
|
2016-09-05 03:23:23 -04:00
|
|
|
usage(void)
|
2008-09-11 10:14:12 -04:00
|
|
|
{
|
|
|
|
|
printf("Usage: unbound-control [options] command\n");
|
|
|
|
|
printf(" Remote control utility for unbound server.\n");
|
|
|
|
|
printf("Options:\n");
|
|
|
|
|
printf(" -c file config file, default is %s\n", CONFIGFILE);
|
|
|
|
|
printf(" -s ip[@port] server address, if omitted config is used.\n");
|
2012-09-27 05:32:35 -04:00
|
|
|
printf(" -q quiet (don't print anything if it works ok).\n");
|
2008-09-11 10:14:12 -04:00
|
|
|
printf(" -h show this usage help.\n");
|
|
|
|
|
printf("Commands:\n");
|
2008-09-26 09:02:34 -04:00
|
|
|
printf(" start start server; runs unbound(8)\n");
|
|
|
|
|
printf(" stop stops the server\n");
|
|
|
|
|
printf(" reload reloads the server\n");
|
2009-02-12 08:21:19 -05:00
|
|
|
printf(" (this flushes data, stats, requestlist)\n");
|
2022-12-14 10:33:28 -05:00
|
|
|
printf(" reload_keep_cache reloads the server but tries to\n");
|
|
|
|
|
printf(" keep the RRset and message cache\n");
|
|
|
|
|
printf(" if (re)configuration allows for it.\n");
|
|
|
|
|
printf(" That means the caches sizes and\n");
|
|
|
|
|
printf(" the number of threads must not\n");
|
|
|
|
|
printf(" change between reloads.\n");
|
Fast Reload Option (#1042)
* - fast-reload, add unbound-control fast_reload
* - fast-reload, make a thread to service the unbound-control command.
* - fast-reload, communication sockets for information transfer.
* - fast-reload, fix compile for unbound-dnstap-socket.
* - fast-reload, set nonblocking communication to keep the server thread
responding to DNS requests.
* - fast-reload, poll routine to test for readiness, timeout fails connection.
* - fast-reload, detect loop in sock_poll_timeout routine.
* - fast-reload, send done and exited notification.
* - fast-reload, defines for constants in ipc.
* - fast-reload, ipc socket recv and send resists partial reads and writes and
can continue byte by byte. Also it can continue after an interrupt.
* - fast-reload, send exit command to thread when done.
* - fast-reload, output strings for client on string list.
* - fast-reload, add newline to terminal output.
* - fast-reload, send client string to remote client.
* - fast-reload, better debug output.
* - fast-reload, print queue structure, for output to the remote client.
* - fast-reload, move print items to print queue from fast_reload_thread struct.
* - fast-reload, keep list of pending print queue items in daemon struct.
* - fast-reload, comment explains in_list for printq to print remainder.
* - fast-reload, unit test testdata/fast_reload_thread.tdir that tests the
thread output.
* - fast-reload, fix test link for fast_reload_printq_list_delete function.
* - fast-reload, reread config file from disk.
* - fast-reload, unshare forwards, making the structure locked, with an rwlock.
* - fast-reload, for nonthreaded, the unbound-control commands forward,
forward_add and forward_delete should be distributed to other processes,
but when threaded, they should not be distributed to other threads because
the structure is not thread specific any more.
* - fast-reload, unshared stub hints, making the structure locked, with an rwlock.
* - fast-reload, helpful comments for hints lookup function return value.
* - fast-reload, fix bug in fast reload printout, the strlist appendlist routine,
and printout time statistics after the reload is done.
* - fast-reload, keep track of reloadtime and deletestime and print them.
* - fast-reload, keep track of constructtime and print it.
* - fast-reload, construct new items.
* - fast-reload, better comment.
* - fast-reload, reload the config and swap trees for forwards and stub hints.
* - fast-reload, in forwards_swap_tree set protection of trees with locks.
* - fast-reload, in hints_swap_tree also swap the node count of the trees.
* - fast-reload, reload ipc to stop and start threads.
* - fast-reload, unused forward declarations removed.
* - fast-reload, unit test that fast reload works with forwards and stubs.
* - fast-reload, fix clang analyzer warnings.
* - fast-reload, small documentation entry in unbound-control -h output.
* - fast-reload, printout memory use by fast reload, in bytes.
* - fast-reload, compile without threads.
* - fast-reload, document fast_reload in man page.
* - fast-reload, print ok when done successfully.
* - fast-reload, option for fast-reload commandline, +v verbosity option,
with timing and memory use output.
* - fast-reload, option for fast-reload commandline, +p does not pause threads.
* - fast-reload, option for fast-reload commandline, +d drops mesh queries.
* - fast-reload, fix to poll every thread with nopause to make certain that
resources are not held by the threads and can be deleted.
* - fast-reload, fix to use atomic store for config variables with nopause.
* - fast-reload, reload views.
* - fast-reload, when tag defines are different, it drops the queries.
* - fast-reload, fix tag define check.
* - fast-reload, document that tag change causes drop of queries.
* - fast-reload, fix space in documentation man page.
* - fast-reload, copy respip client information to query state, put views tree
in module env for lookup.
* - fast-reload, nicer respip view comparison.
* - fast-reload, respip global set is in module env.
* - fast-reload, document that respip_client_info acl info is copied.
* - fast-reload, reload the respip_set.
* - fast-reload, document no pause and pick up of use_response_ip boolean.
* - fast-reload, fix test compile.
* - fast-reload, reload local zones.
* Update locking management for iter_fwd and iter_hints methods. (#1054)
fast reload, move most of the locking management to iter_fwd and
iter_hints methods. The caller still has the ability to handle its
own locking, if desired, for atomic operations on sets of different
structs.
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
* - fast-reload, reload access-control.
* - fast-reload, reload access control interface, such as interface-action.
* - fast-reload, reload tcp-connection-limit.
* - fast-reload, improve comments on acl_list and tcl_list swap tree.
* - fast-reload, fixup references to old tcp connection limits in open tcp
connections.
* - fast-reload, fixup to clean tcp connection also for different linked order.
* - fast-reload, if no tcp connection limits existed, no need to remove
references for that.
* - fast-reload, document more options that work and do not work.
* - fast-reload, reload auth_zone and rpz data.
* - fast-reload, fix auth_zones_get_mem.
* - fast-reload, fix compilation of testbound for the new comm_timer_get_mem
reference in remote control.
* - fast-reload, change use_rpz with reload.
* - fast-reload, list changes in auth zones and stop zonemd callbacks for
deleted auth zones.
* - fast-reload, note xtree is not swapped, and why it is not swapped.
* - fast-reload, for added auth zones, pick up zone transfer and zonemd tasks.
* - fast-reload, unlock xfr when done with transfer pick up.
* - fast-reload, unlock z when picking up the xfr for it during transfer task
pick up.
* - fast-reload, pick up task changes for added, deleted and modified auth zones.
* - fast-reload, remove xfr of auth zone deletion without tasks.
* - fast-reload, pick up zone transfer config.
* - fast-reload, the main worker thread picks up the transfer tasks and also
performs setup of the xfer struct.
* - fast-reload, keep writelock on newzone when auth zone changes.
* - fast-reload, change cachedb_enabled setting.
* - fast-reload, pick up edns-strings config.
* - fast-reload, note that settings are not updated.
* - fast-reload, pick up dnstap config.
* - fast-reload, dnstap options that need to be loaded without +p.
* - fast-reload, fix auth zone reload
* - fast-reload, remove debug for auth zone test.
* - fast-reload, fix auth zone reload with zone transfer.
* - fast-reload, fix auth zone reload lock order.
* - fast-reload, remove debug from fast reload test.
* - fast-reload, remove unused function.
* - fast-reload, fix the worker trust anchor probe timer lock acquisition in
the probe answer callback routine for trust anchor probes.
* - fast-reload, reload trust anchors.
* - fast-reload, fix trust anchor reload lock on autr global data and test
for trust anchor reload.
* - fast-reload, adjust cache sizes.
* - fast-reload, reload cache sizes when changed.
* - fast-reload, reload validator env changes.
* - fast-reload, reload mesh changes.
* - fast-reload, check for incompatible changes.
* - fast-reload, improve error text for incompatible change.
* - fast-reload, fix check config option compatibility.
* - fast-reload, improve error text for nopause change.
* - fast-reload, fix spelling of incompatible options.
* - fast-reload, reload target-fetch-policy, outbound-msg-retry, max-sent-count
and max-query-restarts.
* - fast-reload, check nopause config change for target-fetch-policy.
* - fast-reload, reload do-not-query-address, private-address and capt-exempt.
* - fast-reload, check nopause config change for do-not-query-address,
private-address and capt-exempt.
* - fast-reload, check fast reload not possible due to interface and
outgoing-interface changes.
* - fast-reload, reload nat64 settings.
* - fast-reload, reload settings stored in the infra structure.
* - fast-reload, fix modstack lookup and remove outgoing-range check.
* - fast-reload, more explanation for config parse failure.
* - fast-reload, reload worker outside network changes.
* - fast-reload, detect incompatible changes in network settings.
* fast-reload, commit test files.
* - fast-reload, fix warnings for call types in windows compile.
* - fast-reload, fix warnings and comm_point_internal for tcp wouldblock calls.
* - fast-reload, extend lock checks for repeat thread ids.
* - fast-reload, additional test cases, cache change and tag changes.
* - fast-reload, fix documentation for auth_zone_verify_zonemd_with_key.
* - fast-reload, fix copy_cfg type casts and memory leak on config parse failure.
* - fast-reload, fix use of WSAPoll.
* Review comments for the fast reload feature (#1259)
* - fast-reload review, respip set can be null from a view.
* - fast-reload review, typos.
* - fast-reload review, keep clang static analyzer happy.
* - fast-reload review, don't forget to copy tag_actions.
* - fast-reload review, less indentation.
* - fast-reload review, don't leak respip_actions when reloading.
* - fast-reload review, protect NULL pointer dereference in get_mem
functions.
* - fast-reload review, add fast_reload_most_options.tdir to test most
options with high verbosity when fast reloading.
* - fast-reload review, don't skip new line on long error printouts.
* - fast-reload review, typo.
* - fast-reload review, use new_z for consistency.
* - fast-reload review, nit for unlock ordering to make eye comparison
with the lock counterpart easier.
* - fast-reload review, in case of error the sockets are already closed.
* - fast-reload review, identation.
* - fast-reload review, add static keywords.
* - fast-reload review, update unbound-control usage text.
* - fast-reload review, updates to the man page.
* - fast-reload, the fast-reload command is experimental.
* - fast-reload, fix compile of doqclient for fast reload functions.
* Changelog comment for #1042
- Merge #1042: Fast Reload. The unbound-control fast_reload is added.
It reads changed config in a thread, then only briefly pauses the
service threads, that keep running. DNS service is only interrupted
briefly, less than a second.
---------
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
2025-03-31 09:25:24 -04:00
|
|
|
printf(" fast_reload [+dpv] reloads the server but only briefly stops\n");
|
|
|
|
|
printf(" server processing, keeps cache, and changes\n");
|
|
|
|
|
printf(" most options; check unbound-control(8).\n");
|
|
|
|
|
printf(" +d drops running queries to keep consistency\n");
|
|
|
|
|
printf(" on changed options while reloading.\n");
|
|
|
|
|
printf(" +p does not pause threads for even faster\n");
|
|
|
|
|
printf(" reload but less options are supported\n");
|
|
|
|
|
printf(" ; check unbound-control(8).\n");
|
|
|
|
|
printf(" +v verbose output, it will include duration needed.\n");
|
|
|
|
|
printf(" +vv more verbose output, it will include memory needed.\n");
|
2008-09-26 09:02:34 -04:00
|
|
|
printf(" stats print statistics\n");
|
2009-02-12 06:41:51 -05:00
|
|
|
printf(" stats_noreset peek at statistics\n");
|
2017-02-23 07:05:05 -05:00
|
|
|
#ifdef HAVE_SHMGET
|
|
|
|
|
printf(" stats_shm print statistics using shm\n");
|
|
|
|
|
#endif
|
2008-12-17 09:03:49 -05:00
|
|
|
printf(" status display status of server\n");
|
2009-11-19 05:01:42 -05:00
|
|
|
printf(" verbosity <number> change logging detail\n");
|
2010-02-18 11:40:22 -05:00
|
|
|
printf(" log_reopen close and open the logfile\n");
|
2009-11-19 05:01:42 -05:00
|
|
|
printf(" local_zone <name> <type> add new local zone\n");
|
|
|
|
|
printf(" local_zone_remove <name> remove local zone and its contents\n");
|
|
|
|
|
printf(" local_data <RR data...> add local data, for example\n");
|
2008-09-19 10:49:29 -04:00
|
|
|
printf(" local_data www.example.com A 192.0.2.1\n");
|
2009-11-19 05:01:42 -05:00
|
|
|
printf(" local_data_remove <name> remove local RR data from name\n");
|
2024-05-17 04:25:24 -04:00
|
|
|
printf(" local_zones,\n");
|
|
|
|
|
printf(" local_zones_remove,\n");
|
|
|
|
|
printf(" local_datas,\n");
|
|
|
|
|
printf(" local_datas_remove same, but read list from stdin\n");
|
2017-03-09 11:25:32 -05:00
|
|
|
printf(" (one entry per line).\n");
|
2008-09-22 11:20:18 -04:00
|
|
|
printf(" dump_cache print cache to stdout\n");
|
2024-05-17 04:25:24 -04:00
|
|
|
printf(" (not supported in remote unbounds in\n");
|
|
|
|
|
printf(" multi-process operation)\n");
|
2008-09-22 11:20:18 -04:00
|
|
|
printf(" load_cache load cache from stdin\n");
|
2024-05-17 04:25:24 -04:00
|
|
|
printf(" (not supported in remote unbounds in\n");
|
|
|
|
|
printf(" multi-process operation)\n");
|
2009-11-19 05:01:42 -05:00
|
|
|
printf(" lookup <name> print nameservers for name\n");
|
2024-05-16 10:56:58 -04:00
|
|
|
printf(" flush [+c] <name> flushes common types for name from cache\n");
|
2008-09-23 10:07:02 -04:00
|
|
|
printf(" types: A, AAAA, MX, PTR, NS,\n");
|
|
|
|
|
printf(" SOA, CNAME, DNAME, SRV, NAPTR\n");
|
2024-05-16 10:56:58 -04:00
|
|
|
printf(" flush_type [+c] <name> <type> flush name, type from cache\n");
|
|
|
|
|
printf(" +c remove from cachedb too\n");
|
|
|
|
|
printf(" flush_zone [+c] <name> flush everything at or under name\n");
|
2008-09-23 10:07:02 -04:00
|
|
|
printf(" from rr and dnssec caches\n");
|
2024-05-16 10:56:58 -04:00
|
|
|
printf(" flush_bogus [+c] flush all bogus data\n");
|
|
|
|
|
printf(" flush_negative [+c] flush all negative data\n");
|
2009-02-12 05:37:00 -05:00
|
|
|
printf(" flush_stats flush statistics, make zero\n");
|
2009-02-12 08:21:19 -05:00
|
|
|
printf(" flush_requestlist drop queries that are worked on\n");
|
2016-04-12 11:10:31 -04:00
|
|
|
printf(" dump_requestlist show what is worked on by first thread\n");
|
2010-10-26 05:08:33 -04:00
|
|
|
printf(" flush_infra [all | ip] remove ping, edns for one IP or all\n");
|
|
|
|
|
printf(" dump_infra show ping and edns entries\n");
|
2010-02-23 08:53:10 -05:00
|
|
|
printf(" set_option opt: val set option to value, no reload\n");
|
|
|
|
|
printf(" get_option opt get option value\n");
|
2010-02-26 11:14:00 -05:00
|
|
|
printf(" list_stubs list stub-zones and root hints in use\n");
|
|
|
|
|
printf(" list_forwards list forward-zones in use\n");
|
2015-04-07 09:50:09 -04:00
|
|
|
printf(" list_insecure list domain-insecure zones\n");
|
2010-02-26 11:14:00 -05:00
|
|
|
printf(" list_local_zones list local-zones in use\n");
|
|
|
|
|
printf(" list_local_data list local-data RRs in use\n");
|
2013-04-26 10:14:07 -04:00
|
|
|
printf(" insecure_add zone add domain-insecure zone\n");
|
|
|
|
|
printf(" insecure_remove zone remove domain-insecure zone\n");
|
2024-03-28 04:58:03 -04:00
|
|
|
printf(" forward_add [+it] zone addr.. add forward-zone with servers\n");
|
2012-02-15 09:35:28 -05:00
|
|
|
printf(" forward_remove [+i] zone remove forward zone\n");
|
2024-03-28 04:58:03 -04:00
|
|
|
printf(" stub_add [+ipt] zone addr.. add stub-zone with servers\n");
|
2012-02-15 09:35:28 -05:00
|
|
|
printf(" stub_remove [+i] zone remove stub zone\n");
|
|
|
|
|
printf(" +i also do dnssec insecure point\n");
|
|
|
|
|
printf(" +p set stub to use priming\n");
|
2024-03-28 04:58:03 -04:00
|
|
|
printf(" +t set to use tls upstream\n");
|
2009-02-13 10:26:37 -05:00
|
|
|
printf(" forward [off | addr ...] without arg show forward setup\n");
|
|
|
|
|
printf(" or off to turn off root forwarding\n");
|
|
|
|
|
printf(" or give list of ip addresses\n");
|
2015-04-10 08:13:59 -04:00
|
|
|
printf(" ratelimit_list [+a] list ratelimited domains\n");
|
2017-01-05 08:57:12 -05:00
|
|
|
printf(" ip_ratelimit_list [+a] list ratelimited ip addresses\n");
|
2015-04-10 08:13:59 -04:00
|
|
|
printf(" +a list all, also not ratelimited\n");
|
2022-05-15 15:49:03 -04:00
|
|
|
printf(" list_auth_zones list auth zones (includes RPZ zones)\n");
|
|
|
|
|
printf(" auth_zone_reload zone reload auth zone (or RPZ zone) from zonefile\n");
|
|
|
|
|
printf(" auth_zone_transfer zone transfer auth zone (or RPZ zone) from master\n");
|
2017-01-12 10:56:05 -05:00
|
|
|
printf(" view_list_local_zones view list local-zones in view\n");
|
|
|
|
|
printf(" view_list_local_data view list local-data RRs in view\n");
|
|
|
|
|
printf(" view_local_zone view name type add local-zone in view\n");
|
|
|
|
|
printf(" view_local_zone_remove view name remove local-zone in view\n");
|
2017-01-12 10:57:22 -05:00
|
|
|
printf(" view_local_data view RR... add local-data in view\n");
|
2018-11-26 08:37:23 -05:00
|
|
|
printf(" view_local_datas view add list of local-data to view\n");
|
|
|
|
|
printf(" one entry per line read from stdin\n");
|
2017-01-12 10:56:05 -05:00
|
|
|
printf(" view_local_data_remove view name remove local-data in view\n");
|
2020-01-28 20:28:00 -05:00
|
|
|
printf(" view_local_datas_remove view remove list of local-data from view\n");
|
|
|
|
|
printf(" one entry per line read from stdin\n");
|
2021-01-05 07:43:53 -05:00
|
|
|
printf(" rpz_enable zone Enable the RPZ zone if it had previously\n");
|
|
|
|
|
printf(" been disabled\n");
|
|
|
|
|
printf(" rpz_disable zone Disable the RPZ zone\n");
|
Cookie secret file (#1090)
* - cookie-secret-file, define struct.
* - cookie-secret-file, add config option, create, read and delete struct.
* - cookie-secret-file, check cookie secrets for cookie validation.
* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
activate_cookie_secret and print_cookie_secrets.
* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
staging cookies get a fresh cookie and spelling in error message.
* - cookie-secret-file, remove unused variable from cookie file unit test.
* Remove unshare and faketime dependencies for cookie_file test; documentation nits.
---------
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
2024-08-02 07:32:08 -04:00
|
|
|
printf(" add_cookie_secret <secret> add (or replace) a new cookie secret <secret>\n");
|
|
|
|
|
printf(" drop_cookie_secret drop a staging cookie secret\n");
|
|
|
|
|
printf(" activate_cookie_secret make a staging cookie secret active\n");
|
|
|
|
|
printf(" print_cookie_secrets show all cookie secrets with their status\n");
|
2008-09-11 10:14:12 -04:00
|
|
|
printf("Version %s\n", PACKAGE_VERSION);
|
|
|
|
|
printf("BSD licensed, see LICENSE in source package for details.\n");
|
|
|
|
|
printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-23 07:05:05 -05:00
|
|
|
#ifdef HAVE_SHMGET
|
|
|
|
|
/** what to put on statistics lines between var and value, ": " or "=" */
|
|
|
|
|
#define SQ "="
|
|
|
|
|
/** print unsigned long stats value */
|
|
|
|
|
#define PR_UL_NM(str, var) printf("%s."str SQ"%lu\n", nm, (unsigned long)(var));
|
|
|
|
|
#define PR_UL(str, var) printf(str SQ"%lu\n", (unsigned long)(var));
|
|
|
|
|
#define PR_UL_SUB(str, nm, var) printf(str".%s"SQ"%lu\n", nm, (unsigned long)(var));
|
|
|
|
|
#define PR_TIMEVAL(str, var) printf(str SQ ARG_LL "d.%6.6d\n", \
|
2017-02-23 09:17:58 -05:00
|
|
|
(long long)var.tv_sec, (int)var.tv_usec);
|
2017-04-13 08:47:29 -04:00
|
|
|
#define PR_STATSTIME(str, var) printf(str SQ ARG_LL "d.%6.6d\n", \
|
|
|
|
|
(long long)var ## _sec, (int)var ## _usec);
|
2017-02-23 07:05:05 -05:00
|
|
|
#define PR_LL(str, var) printf(str SQ ARG_LL"d\n", (long long)(var));
|
|
|
|
|
|
|
|
|
|
/** print stat block */
|
2017-04-13 08:47:29 -04:00
|
|
|
static void pr_stats(const char* nm, struct ub_stats_info* s)
|
2017-02-23 07:05:05 -05:00
|
|
|
{
|
2017-04-13 08:47:29 -04:00
|
|
|
struct timeval sumwait, avg;
|
2017-02-23 07:05:05 -05:00
|
|
|
PR_UL_NM("num.queries", s->svr.num_queries);
|
2023-04-20 11:39:55 -04:00
|
|
|
PR_UL_NM("num.queries_ip_ratelimited",
|
2017-02-23 07:05:05 -05:00
|
|
|
s->svr.num_queries_ip_ratelimited);
|
2023-08-08 09:19:56 -04:00
|
|
|
PR_UL_NM("num.queries_cookie_valid",
|
|
|
|
|
s->svr.num_queries_cookie_valid);
|
|
|
|
|
PR_UL_NM("num.queries_cookie_client",
|
|
|
|
|
s->svr.num_queries_cookie_client);
|
|
|
|
|
PR_UL_NM("num.queries_cookie_invalid",
|
|
|
|
|
s->svr.num_queries_cookie_invalid);
|
2024-11-01 10:52:58 -04:00
|
|
|
PR_UL_NM("num.queries_discard_timeout",
|
|
|
|
|
s->svr.num_queries_discard_timeout);
|
|
|
|
|
PR_UL_NM("num.queries_wait_limit", s->svr.num_queries_wait_limit);
|
2017-02-23 07:05:05 -05:00
|
|
|
PR_UL_NM("num.cachehits",
|
|
|
|
|
s->svr.num_queries - s->svr.num_queries_missed_cache);
|
|
|
|
|
PR_UL_NM("num.cachemiss", s->svr.num_queries_missed_cache);
|
|
|
|
|
PR_UL_NM("num.prefetch", s->svr.num_queries_prefetch);
|
2023-04-17 10:02:13 -04:00
|
|
|
PR_UL_NM("num.queries_timed_out", s->svr.num_queries_timed_out);
|
2023-04-21 12:23:21 -04:00
|
|
|
PR_UL_NM("query.queue_time_us.max", s->svr.max_query_time_us);
|
2020-02-05 08:20:27 -05:00
|
|
|
PR_UL_NM("num.expired", s->svr.ans_expired);
|
2017-02-23 07:05:05 -05:00
|
|
|
PR_UL_NM("num.recursivereplies", s->mesh_replies_sent);
|
2017-04-03 05:03:32 -04:00
|
|
|
#ifdef USE_DNSCRYPT
|
2025-04-07 04:25:10 -04:00
|
|
|
PR_UL_NM("num.dnscrypt.crypted", s->svr.num_query_dnscrypt_crypted);
|
|
|
|
|
PR_UL_NM("num.dnscrypt.cert", s->svr.num_query_dnscrypt_cert);
|
|
|
|
|
PR_UL_NM("num.dnscrypt.cleartext", s->svr.num_query_dnscrypt_cleartext);
|
|
|
|
|
PR_UL_NM("num.dnscrypt.malformed",
|
|
|
|
|
s->svr.num_query_dnscrypt_crypted_malformed);
|
2017-08-31 04:06:17 -04:00
|
|
|
#endif /* USE_DNSCRYPT */
|
2025-04-07 04:25:10 -04:00
|
|
|
PR_UL_NM("num.dns_error_reports", s->svr.num_dns_error_reports);
|
2017-02-23 07:05:05 -05:00
|
|
|
printf("%s.requestlist.avg"SQ"%g\n", nm,
|
|
|
|
|
(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
|
|
|
|
|
(double)s->svr.sum_query_list_size/
|
2017-04-13 09:11:54 -04:00
|
|
|
(double)(s->svr.num_queries_missed_cache+
|
2017-02-23 07:05:05 -05:00
|
|
|
s->svr.num_queries_prefetch) : 0.0);
|
|
|
|
|
PR_UL_NM("requestlist.max", s->svr.max_query_list_size);
|
|
|
|
|
PR_UL_NM("requestlist.overwritten", s->mesh_jostled);
|
|
|
|
|
PR_UL_NM("requestlist.exceeded", s->mesh_dropped);
|
|
|
|
|
PR_UL_NM("requestlist.current.all", s->mesh_num_states);
|
|
|
|
|
PR_UL_NM("requestlist.current.user", s->mesh_num_reply_states);
|
2017-04-13 09:17:51 -04:00
|
|
|
#ifndef S_SPLINT_S
|
|
|
|
|
sumwait.tv_sec = s->mesh_replies_sum_wait_sec;
|
|
|
|
|
sumwait.tv_usec = s->mesh_replies_sum_wait_usec;
|
|
|
|
|
#endif
|
2017-04-13 08:47:29 -04:00
|
|
|
timeval_divide(&avg, &sumwait, s->mesh_replies_sent);
|
2017-02-23 07:05:05 -05:00
|
|
|
printf("%s.", nm);
|
|
|
|
|
PR_TIMEVAL("recursion.time.avg", avg);
|
|
|
|
|
printf("%s.recursion.time.median"SQ"%g\n", nm, s->mesh_time_median);
|
|
|
|
|
PR_UL_NM("tcpusage", s->svr.tcp_accept_usage);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** print uptime */
|
2017-04-13 08:47:29 -04:00
|
|
|
static void print_uptime(struct ub_shm_stat_info* shm_stat)
|
2017-02-23 07:05:05 -05:00
|
|
|
{
|
2017-04-13 08:47:29 -04:00
|
|
|
PR_STATSTIME("time.now", shm_stat->time.now);
|
|
|
|
|
PR_STATSTIME("time.up", shm_stat->time.up);
|
|
|
|
|
PR_STATSTIME("time.elapsed", shm_stat->time.elapsed);
|
2017-02-23 07:05:05 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** print memory usage */
|
2019-01-22 08:20:06 -05:00
|
|
|
static void print_mem(struct ub_shm_stat_info* shm_stat,
|
|
|
|
|
struct ub_stats_info* s)
|
2017-02-23 07:05:05 -05:00
|
|
|
{
|
|
|
|
|
PR_LL("mem.cache.rrset", shm_stat->mem.rrset);
|
|
|
|
|
PR_LL("mem.cache.message", shm_stat->mem.msg);
|
2017-05-16 10:16:59 -04:00
|
|
|
PR_LL("mem.mod.iterator", shm_stat->mem.iter);
|
|
|
|
|
PR_LL("mem.mod.validator", shm_stat->mem.val);
|
|
|
|
|
PR_LL("mem.mod.respip", shm_stat->mem.respip);
|
2017-04-11 09:37:39 -04:00
|
|
|
#ifdef CLIENT_SUBNET
|
2017-05-16 10:16:59 -04:00
|
|
|
PR_LL("mem.mod.subnet", shm_stat->mem.subnet);
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef USE_IPSECMOD
|
|
|
|
|
PR_LL("mem.mod.ipsecmod", shm_stat->mem.ipsecmod);
|
2017-04-11 09:37:39 -04:00
|
|
|
#endif
|
2019-10-21 08:20:33 -04:00
|
|
|
#ifdef WITH_DYNLIBMODULE
|
|
|
|
|
PR_LL("mem.mod.dynlib", shm_stat->mem.dynlib);
|
|
|
|
|
#endif
|
2017-08-31 04:06:17 -04:00
|
|
|
#ifdef USE_DNSCRYPT
|
|
|
|
|
PR_LL("mem.cache.dnscrypt_shared_secret",
|
|
|
|
|
shm_stat->mem.dnscrypt_shared_secret);
|
2017-09-18 04:55:08 -04:00
|
|
|
PR_LL("mem.cache.dnscrypt_nonce",
|
|
|
|
|
shm_stat->mem.dnscrypt_nonce);
|
2017-08-31 04:06:17 -04:00
|
|
|
#endif
|
2019-01-22 08:20:06 -05:00
|
|
|
PR_LL("mem.streamwait", s->svr.mem_stream_wait);
|
2020-05-12 12:12:19 -04:00
|
|
|
PR_LL("mem.http.query_buffer", s->svr.mem_http2_query_buffer);
|
|
|
|
|
PR_LL("mem.http.response_buffer", s->svr.mem_http2_response_buffer);
|
DNSoverQUIC (#871)
* - dnsoverquic, configure --with-libngtcp2 option.
* - dnsoverquic, create comm_point for doq and receive cmsg local address.
* - dnsoverquic, less obtrusive debug.
* - dnsoverquic, log and fix local port number. Neater subroutines and ifdefs.
* - dnsoverquic, add testcode/doqclient.
* - dnsoverquic, review fixes on doqclient.
* - dnsoverquic, fix unit test testbound link.
* - dnsoverquic, parse query in doqclient.
* - dnsoverquic, link with libngtcp2_crypto_openssl and code for doqclient.
* - dnsoverquic, random routine for doqclient and fix ngaddr allocation, and
check ub_initstate return.
* - dnsoverquic, fix doqclient free of allocated ngaddr addresses.
* - dnsoverquic, enable debug output with -v for doqclient.
* - dnsoverquic, create and set TLS object and TLS context in doqclient.
* - dnsoverquic, work on quic tls context in doqclient.
* - dnsoverquic, set default dnsoverquic port to the standardized 853 port.
* - dnsoverquic, remove debug comment.
* - dnsoverquic, dns-over-quic quic-port: 853 config option.
* - dnsoverquic, log type of interface created at start of unbound.
* - dnsoverquic, log type of no tls https as https when interface is created.
* - dnsoverquic, setup client quic tls methods.
* - dnsoverquic, event work in doqclient.
* - dnsoverquic, explain in documentation that QUIC uses UDP.
* - dnsoverquic, make doqclient exit.
* - dnsoverquic, doqclient cleanup run routine.
* - dnsoverquic, doqclient code nicer.
* - dnsoverquic, doqclient read and timer.
* - dnsoverquic, doqclient write work.
* - dnsoverquic, review fixes.
* - dnsoverquic, detect openssl quic support at configure time.
* - dnsoverquic, do not allow QUIC on port 53 to stop confusion of DoQ and DNS.
* - dnsoverquic, in doqclient, when idle close is returned, drop the connection
without calling ngtcp2_conn_write_connection_close.
* - dnsoverquic, in doqclient, log callbacks.
* - dnsoverquic, in doqclient add extend_max_local_streams_bidi callback.
* - dnsoverquic, in doqclient add client query lists.
* - dnsoverquic, in doqclient, code cleaner, log text nicer.
* - dnsoverquic, in doqclient, work on write_streams.
* - dnsoverquic, in doqclient, use signed int for stream_id, work on the
ngtcp2_recv_stream_data callback.
* - dnsoverquic, in doqclient, print result and fixes for recv data.
* - dnsoverquic, in doqclient, add the event callbacks to fptr wlist.
* - dnsoverquic, in doqclient, when already expired, use zero timeout timer.
* - dnsoverquic, in doqclient, ignore unused return codes from
ngtcp2_conn_writev_stream.
* - dnsoverquic, add doqclient event functions to the unbound-dnstap-socket
test tool for linking.
* - dnsoverquic, in doqclient, fix multiple operands for the commandline.
neater dns message output.
* - dnsoverquic, in doqclient, store packet when write blocks and try later.
* - dnsoverquic, in doqclient, limit number of packets and number of bytes sent.
* - dnsoverquic, in doqclient, better size estimate for outgoing packet.
* - dnsoverquic, in doqclient, fix that already written next packet is not
counted for data length to send.
* - dnsoverquic, in doqclient, early data transmission and session resumption.
* - dnsoverquic, send version negotiation packet.
* - dnsoverquic, send retry and accept the connection.
* - dnsoverquic, storage structures.
* - dnsoverquic, doq connection setup.
* - dnsoverquic, neater code layout for new conn. Fix verbosity of log print.
* - dnsoverquic, doq conn callback functions.
* - dnsoverquic, doq_fill_rand routine in header file.
* - dnsoverquic, keep track of connection ids.
* - dnsoverquic, get_new_connection_id callback.
* - dnsoverquic, create doq_conid tree.
* - dnsoverquic, settings for server connection.
* - dnsoverquic, tls context.
* - dnsoverquic, sendmsg error handling.
* - dnsoverquic, neat code.
* - dnsoverquic, track doq connection last error.
* - dnsoverquic, neater packet address parameters.
* - dnsoverquic, fix uninitialized bytes in msg control in doq sendmsg, and
fix tree cleanup of conid tree.
* - dnsoverquic, better usage text for doqclient.
* - dnsoverquic, neat code.
* - dnsoverquic, connection receive packet handling.
* - dnsoverquic, debug output.
* - dnsoverquic, debug switched meaning of scid and dcid gives
ERR_TRANSPORT_PARAM.
* - dnsoverquic, remove debug output.
* - dnsoverquic, connection delete routine and error from connection read in
more detail with less clutter.
* - dnsoverquic, write to stream, and receive stream data, log packet.
* - dnsoverquic, alpn set up.
* - dnsoverquic, connection close.
* - dnsoverquic, doq_table and locks.
* - dnsoverquic, fix tests.
* - dnsoverquic, better locking.
* - dnsoverquic, doq_stream.
* - dnsoverquic, remove compile warning.
* - dnsoverquic, doq_stream receive data.
* - dnsoverquic, fixes for locks and keep length bytes allocated.
* - dnsoverquic, lock connection on initial insertion.
* - dnsoverquic, reply information, and reply buffer.
* - dnsoverquic, reply info from cache, local-zone and recursion lookups.
* - dnsoverquic, spelling in comment about buffer storage.
* - dnsoverquic, stream write list and doqclient fixes to exit and printout.
* - dnsoverquic, doqclient -q option for short printout.
* - dnsoverquic, unit test with local data reply.
* - dnsoverquic, write connection and write event is set.
* - dnsoverquic, neater logging for write event connection stream writes.
* - dnsoverquic, log remote connection when the streams are written for it.
* - dnsoverquic, better threaded use, threads can write to doq connections at
the same time.
* - dnsoverquic, unit test for the calculation of connection size with a query.
* - dnsoverquic, use less memory per connection.
* - dnsoverquic, remove unit test output.
* - dnsoverquic, add MSG_DONTWAIT so that there is no mistakenly blocking
socket operations.
* - dnsoverquic, doqclient logs address on connection failures.
* - dnsoverquic, compat code for clock get time routine.
* - dnsoverquic, use skip_test for doq unit test.
* - dnsoverquic, fixes for proxyprotocol, use remote_addr and set proxyprotocol
disabled on the doq connection.
* - dnsoverquic, doqclient sets log identity to its name, instead of "unbound".
* - dnsoverquic, handle blocked udp packet writes.
* - dnsoverquic, fix function documentation for verbose_print_addr from
services/listen_dnsport.c.
* - dnsoverquic, fix doq_conn lock protection. The checklock allows to set
the output file name, and doqclient uses that. Print place of lock_protect.
* - dnsoverquic, neater buffer clear when write of blocked packet fails, make
sure that memory area does not overlap for blocked packet addresses when
write of blocked packet fails, and size blocked packet buffer to the pkt buf.
* - dnsoverquic, move lock check after the test to test script in doq test.
* - dnsoverquic, the doq test uses valgrind when enabled.
* - dnsoverquic, git ignore the doqclient test.
* - dnsoverquic, limit the buffer for packets to max packet size with some more.
* - dnsoverquic, spelling fix.
* - dnsoverquic, timer work, structure and adds and deletes.
* - dnsoverquic, timer_tree uses table.lock.
* - dnsoverquic, fix timer tree remove and spelling in header file comment.
* - dnsoverquic, fix testbound for timer compare function linkage.
* - dnsoverquic, timer set add debug output.
* - dnsoverquic, doq_conn_check_timer function.
* - dnsoverquic, doq_done_setup_timer_and_write function.
* - dnsoverquic, fix that doq conn is not deleted whilst editing write and timer.
* - dnsoverquic, Fix #861 make ERROR netevent.h:1073:32: error: field 'blocked_pkt_pi' has incomplete type
* - dnsoverquic, timer element has timeout setup when socket callback complete.
* - dnsoverquic, fix unit test compile.
* - dnsoverquic, timer callback routine, handle timeout and close and delete the
connection if necessary.
* - dnsoverquic, timer pickup stops at current time.
* - dnsoverquic, timer comparable with the event base time.
* - dnsoverquic, erase marked time when timer disabled.
* - dnsoverquic, fix timer to set correctly and lock popped write connection
early, before it is modified.
* - dnsoverquic, fix to unlock connection lock when it is unlinked and deleted.
* - dnsoverquic, fix to unlock connection lock when it is deleted because it is
a duplicate connection.
* - dnsoverquic, fix that doq timer is not disabled when not set.
* - dnsoverquic, quic-size: 8m maximum number of bytes for QUIC buffers.
* - dnsoverquic, flex and bison.
* - dnsoverquic, quic-size turn away new connections when full.
* - dnsoverquic, doqclient outputs stream reset information.
* - dnsoverquic, detect stream close and reset.
* - dnsoverquic, free stream buffers when data is acked and stream is closed.
* - dnsoverquic, delete stream when closed. Unlink it. Allow stream_id 4 as first.
* - dnsoverquic, stats output for mem.quic and num.query.quic.
* - dnsoverquic, review fix.
* - dnsoverquic, fix when compiled without ngtcp2.
* - dnsoverquic, fix to detect ngtcp2_crypto_quictls for openssl crypto, after
change in libngtcp2.
* - dnsoverquic, fix for newer ngtcp2 versions. detect ngtcp2_ccerr_default,
ngtcp2/ngtcp2_crypto_quictls.h, struct ngtcp2_pkt_hd.tokenlen,
struct ngtcp2_settings.tokenlen and struct ngtcp2_version_cid.
* - dnsoverquic, fix for newer ngtcp2 version, detect number of arguments for
ngtcp2_conn_shutdown_stream.
* - dnsoverquic, fix for newer ngtcp2.
* - dnsoverquic, use the functions from util/timeval_func.h.
* - dnsoverquic, fix in doqclient only write transport parameters once.
* - dnsoverquic, debug log output removed.
* - dnsoverquic, fix in doqclient to work with renamed NGTCP2_CC_ALGO_BBR_V2
from ngtcp2.
* - dnsoverquic, fix to check in doq_server_socket_create that tls-service-key
and tls-service-pem have a value.
* - dnsoverquic, fix to error when doq_server_socket_create fails.
* - dnsoverquic, improve linebreaks in configparser additions.
* - dnsoverquic, fix port from interface pickup after main branch change.
* Fix getting user data from SSL, fix calloc warning.
* Fix fwrite return value check in doqclient
* - timeval_substruct from timeval_func.h
- lock_protect also for HAVE_NGTCP2_CCERR_DEFAULT
- fix doq logging for inet_ntop failures
* - memset for consistency
- no value returned from msghdr_get_ecn when S_SPLINT_S is defined
* - dnsoverquic, rerun autoconf.
---------
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
2024-10-09 04:32:03 -04:00
|
|
|
#ifdef HAVE_NGTCP2
|
|
|
|
|
PR_LL("mem.quic", s->svr.mem_quic);
|
|
|
|
|
#endif
|
2017-02-23 07:05:05 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** print histogram */
|
2017-04-13 08:47:29 -04:00
|
|
|
static void print_hist(struct ub_stats_info* s)
|
2017-02-23 07:05:05 -05:00
|
|
|
{
|
|
|
|
|
struct timehist* hist;
|
|
|
|
|
size_t i;
|
|
|
|
|
hist = timehist_setup();
|
|
|
|
|
if(!hist)
|
|
|
|
|
fatal_exit("out of memory");
|
|
|
|
|
timehist_import(hist, s->svr.hist, NUM_BUCKETS_HIST);
|
|
|
|
|
for(i=0; i<hist->num; i++) {
|
|
|
|
|
printf("histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%lu\n",
|
|
|
|
|
(int)hist->buckets[i].lower.tv_sec,
|
|
|
|
|
(int)hist->buckets[i].lower.tv_usec,
|
|
|
|
|
(int)hist->buckets[i].upper.tv_sec,
|
|
|
|
|
(int)hist->buckets[i].upper.tv_usec,
|
|
|
|
|
(unsigned long)hist->buckets[i].count);
|
|
|
|
|
}
|
|
|
|
|
timehist_delete(hist);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** print extended */
|
2022-12-13 04:04:06 -05:00
|
|
|
static void print_extended(struct ub_stats_info* s, int inhibit_zero)
|
2017-02-23 07:05:05 -05:00
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
char nm[16];
|
|
|
|
|
|
|
|
|
|
/* TYPE */
|
2017-04-13 08:47:29 -04:00
|
|
|
for(i=0; i<UB_STATS_QTYPE_NUM; i++) {
|
2017-02-23 07:05:05 -05:00
|
|
|
if(inhibit_zero && s->svr.qtype[i] == 0)
|
|
|
|
|
continue;
|
2017-02-23 09:17:58 -05:00
|
|
|
sldns_wire2str_type_buf((uint16_t)i, nm, sizeof(nm));
|
2017-02-23 07:05:05 -05:00
|
|
|
PR_UL_SUB("num.query.type", nm, s->svr.qtype[i]);
|
|
|
|
|
}
|
|
|
|
|
if(!inhibit_zero || s->svr.qtype_big) {
|
|
|
|
|
PR_UL("num.query.type.other", s->svr.qtype_big);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* CLASS */
|
2017-04-13 08:47:29 -04:00
|
|
|
for(i=0; i<UB_STATS_QCLASS_NUM; i++) {
|
2017-02-23 07:05:05 -05:00
|
|
|
if(inhibit_zero && s->svr.qclass[i] == 0)
|
|
|
|
|
continue;
|
2017-02-23 09:17:58 -05:00
|
|
|
sldns_wire2str_class_buf((uint16_t)i, nm, sizeof(nm));
|
2017-02-23 07:05:05 -05:00
|
|
|
PR_UL_SUB("num.query.class", nm, s->svr.qclass[i]);
|
|
|
|
|
}
|
|
|
|
|
if(!inhibit_zero || s->svr.qclass_big) {
|
|
|
|
|
PR_UL("num.query.class.other", s->svr.qclass_big);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* OPCODE */
|
2017-04-13 08:47:29 -04:00
|
|
|
for(i=0; i<UB_STATS_OPCODE_NUM; i++) {
|
2017-02-23 07:05:05 -05:00
|
|
|
if(inhibit_zero && s->svr.qopcode[i] == 0)
|
|
|
|
|
continue;
|
|
|
|
|
sldns_wire2str_opcode_buf(i, nm, sizeof(nm));
|
|
|
|
|
PR_UL_SUB("num.query.opcode", nm, s->svr.qopcode[i]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* transport */
|
|
|
|
|
PR_UL("num.query.tcp", s->svr.qtcp);
|
|
|
|
|
PR_UL("num.query.tcpout", s->svr.qtcp_outgoing);
|
2022-06-29 04:51:54 -04:00
|
|
|
PR_UL("num.query.udpout", s->svr.qudp_outgoing);
|
2018-06-28 04:15:47 -04:00
|
|
|
PR_UL("num.query.tls", s->svr.qtls);
|
2019-01-23 04:35:52 -05:00
|
|
|
PR_UL("num.query.tls_resume", s->svr.qtls_resume);
|
2017-02-23 07:05:05 -05:00
|
|
|
PR_UL("num.query.ipv6", s->svr.qipv6);
|
2020-08-27 06:28:17 -04:00
|
|
|
PR_UL("num.query.https", s->svr.qhttps);
|
DNSoverQUIC (#871)
* - dnsoverquic, configure --with-libngtcp2 option.
* - dnsoverquic, create comm_point for doq and receive cmsg local address.
* - dnsoverquic, less obtrusive debug.
* - dnsoverquic, log and fix local port number. Neater subroutines and ifdefs.
* - dnsoverquic, add testcode/doqclient.
* - dnsoverquic, review fixes on doqclient.
* - dnsoverquic, fix unit test testbound link.
* - dnsoverquic, parse query in doqclient.
* - dnsoverquic, link with libngtcp2_crypto_openssl and code for doqclient.
* - dnsoverquic, random routine for doqclient and fix ngaddr allocation, and
check ub_initstate return.
* - dnsoverquic, fix doqclient free of allocated ngaddr addresses.
* - dnsoverquic, enable debug output with -v for doqclient.
* - dnsoverquic, create and set TLS object and TLS context in doqclient.
* - dnsoverquic, work on quic tls context in doqclient.
* - dnsoverquic, set default dnsoverquic port to the standardized 853 port.
* - dnsoverquic, remove debug comment.
* - dnsoverquic, dns-over-quic quic-port: 853 config option.
* - dnsoverquic, log type of interface created at start of unbound.
* - dnsoverquic, log type of no tls https as https when interface is created.
* - dnsoverquic, setup client quic tls methods.
* - dnsoverquic, event work in doqclient.
* - dnsoverquic, explain in documentation that QUIC uses UDP.
* - dnsoverquic, make doqclient exit.
* - dnsoverquic, doqclient cleanup run routine.
* - dnsoverquic, doqclient code nicer.
* - dnsoverquic, doqclient read and timer.
* - dnsoverquic, doqclient write work.
* - dnsoverquic, review fixes.
* - dnsoverquic, detect openssl quic support at configure time.
* - dnsoverquic, do not allow QUIC on port 53 to stop confusion of DoQ and DNS.
* - dnsoverquic, in doqclient, when idle close is returned, drop the connection
without calling ngtcp2_conn_write_connection_close.
* - dnsoverquic, in doqclient, log callbacks.
* - dnsoverquic, in doqclient add extend_max_local_streams_bidi callback.
* - dnsoverquic, in doqclient add client query lists.
* - dnsoverquic, in doqclient, code cleaner, log text nicer.
* - dnsoverquic, in doqclient, work on write_streams.
* - dnsoverquic, in doqclient, use signed int for stream_id, work on the
ngtcp2_recv_stream_data callback.
* - dnsoverquic, in doqclient, print result and fixes for recv data.
* - dnsoverquic, in doqclient, add the event callbacks to fptr wlist.
* - dnsoverquic, in doqclient, when already expired, use zero timeout timer.
* - dnsoverquic, in doqclient, ignore unused return codes from
ngtcp2_conn_writev_stream.
* - dnsoverquic, add doqclient event functions to the unbound-dnstap-socket
test tool for linking.
* - dnsoverquic, in doqclient, fix multiple operands for the commandline.
neater dns message output.
* - dnsoverquic, in doqclient, store packet when write blocks and try later.
* - dnsoverquic, in doqclient, limit number of packets and number of bytes sent.
* - dnsoverquic, in doqclient, better size estimate for outgoing packet.
* - dnsoverquic, in doqclient, fix that already written next packet is not
counted for data length to send.
* - dnsoverquic, in doqclient, early data transmission and session resumption.
* - dnsoverquic, send version negotiation packet.
* - dnsoverquic, send retry and accept the connection.
* - dnsoverquic, storage structures.
* - dnsoverquic, doq connection setup.
* - dnsoverquic, neater code layout for new conn. Fix verbosity of log print.
* - dnsoverquic, doq conn callback functions.
* - dnsoverquic, doq_fill_rand routine in header file.
* - dnsoverquic, keep track of connection ids.
* - dnsoverquic, get_new_connection_id callback.
* - dnsoverquic, create doq_conid tree.
* - dnsoverquic, settings for server connection.
* - dnsoverquic, tls context.
* - dnsoverquic, sendmsg error handling.
* - dnsoverquic, neat code.
* - dnsoverquic, track doq connection last error.
* - dnsoverquic, neater packet address parameters.
* - dnsoverquic, fix uninitialized bytes in msg control in doq sendmsg, and
fix tree cleanup of conid tree.
* - dnsoverquic, better usage text for doqclient.
* - dnsoverquic, neat code.
* - dnsoverquic, connection receive packet handling.
* - dnsoverquic, debug output.
* - dnsoverquic, debug switched meaning of scid and dcid gives
ERR_TRANSPORT_PARAM.
* - dnsoverquic, remove debug output.
* - dnsoverquic, connection delete routine and error from connection read in
more detail with less clutter.
* - dnsoverquic, write to stream, and receive stream data, log packet.
* - dnsoverquic, alpn set up.
* - dnsoverquic, connection close.
* - dnsoverquic, doq_table and locks.
* - dnsoverquic, fix tests.
* - dnsoverquic, better locking.
* - dnsoverquic, doq_stream.
* - dnsoverquic, remove compile warning.
* - dnsoverquic, doq_stream receive data.
* - dnsoverquic, fixes for locks and keep length bytes allocated.
* - dnsoverquic, lock connection on initial insertion.
* - dnsoverquic, reply information, and reply buffer.
* - dnsoverquic, reply info from cache, local-zone and recursion lookups.
* - dnsoverquic, spelling in comment about buffer storage.
* - dnsoverquic, stream write list and doqclient fixes to exit and printout.
* - dnsoverquic, doqclient -q option for short printout.
* - dnsoverquic, unit test with local data reply.
* - dnsoverquic, write connection and write event is set.
* - dnsoverquic, neater logging for write event connection stream writes.
* - dnsoverquic, log remote connection when the streams are written for it.
* - dnsoverquic, better threaded use, threads can write to doq connections at
the same time.
* - dnsoverquic, unit test for the calculation of connection size with a query.
* - dnsoverquic, use less memory per connection.
* - dnsoverquic, remove unit test output.
* - dnsoverquic, add MSG_DONTWAIT so that there is no mistakenly blocking
socket operations.
* - dnsoverquic, doqclient logs address on connection failures.
* - dnsoverquic, compat code for clock get time routine.
* - dnsoverquic, use skip_test for doq unit test.
* - dnsoverquic, fixes for proxyprotocol, use remote_addr and set proxyprotocol
disabled on the doq connection.
* - dnsoverquic, doqclient sets log identity to its name, instead of "unbound".
* - dnsoverquic, handle blocked udp packet writes.
* - dnsoverquic, fix function documentation for verbose_print_addr from
services/listen_dnsport.c.
* - dnsoverquic, fix doq_conn lock protection. The checklock allows to set
the output file name, and doqclient uses that. Print place of lock_protect.
* - dnsoverquic, neater buffer clear when write of blocked packet fails, make
sure that memory area does not overlap for blocked packet addresses when
write of blocked packet fails, and size blocked packet buffer to the pkt buf.
* - dnsoverquic, move lock check after the test to test script in doq test.
* - dnsoverquic, the doq test uses valgrind when enabled.
* - dnsoverquic, git ignore the doqclient test.
* - dnsoverquic, limit the buffer for packets to max packet size with some more.
* - dnsoverquic, spelling fix.
* - dnsoverquic, timer work, structure and adds and deletes.
* - dnsoverquic, timer_tree uses table.lock.
* - dnsoverquic, fix timer tree remove and spelling in header file comment.
* - dnsoverquic, fix testbound for timer compare function linkage.
* - dnsoverquic, timer set add debug output.
* - dnsoverquic, doq_conn_check_timer function.
* - dnsoverquic, doq_done_setup_timer_and_write function.
* - dnsoverquic, fix that doq conn is not deleted whilst editing write and timer.
* - dnsoverquic, Fix #861 make ERROR netevent.h:1073:32: error: field 'blocked_pkt_pi' has incomplete type
* - dnsoverquic, timer element has timeout setup when socket callback complete.
* - dnsoverquic, fix unit test compile.
* - dnsoverquic, timer callback routine, handle timeout and close and delete the
connection if necessary.
* - dnsoverquic, timer pickup stops at current time.
* - dnsoverquic, timer comparable with the event base time.
* - dnsoverquic, erase marked time when timer disabled.
* - dnsoverquic, fix timer to set correctly and lock popped write connection
early, before it is modified.
* - dnsoverquic, fix to unlock connection lock when it is unlinked and deleted.
* - dnsoverquic, fix to unlock connection lock when it is deleted because it is
a duplicate connection.
* - dnsoverquic, fix that doq timer is not disabled when not set.
* - dnsoverquic, quic-size: 8m maximum number of bytes for QUIC buffers.
* - dnsoverquic, flex and bison.
* - dnsoverquic, quic-size turn away new connections when full.
* - dnsoverquic, doqclient outputs stream reset information.
* - dnsoverquic, detect stream close and reset.
* - dnsoverquic, free stream buffers when data is acked and stream is closed.
* - dnsoverquic, delete stream when closed. Unlink it. Allow stream_id 4 as first.
* - dnsoverquic, stats output for mem.quic and num.query.quic.
* - dnsoverquic, review fix.
* - dnsoverquic, fix when compiled without ngtcp2.
* - dnsoverquic, fix to detect ngtcp2_crypto_quictls for openssl crypto, after
change in libngtcp2.
* - dnsoverquic, fix for newer ngtcp2 versions. detect ngtcp2_ccerr_default,
ngtcp2/ngtcp2_crypto_quictls.h, struct ngtcp2_pkt_hd.tokenlen,
struct ngtcp2_settings.tokenlen and struct ngtcp2_version_cid.
* - dnsoverquic, fix for newer ngtcp2 version, detect number of arguments for
ngtcp2_conn_shutdown_stream.
* - dnsoverquic, fix for newer ngtcp2.
* - dnsoverquic, use the functions from util/timeval_func.h.
* - dnsoverquic, fix in doqclient only write transport parameters once.
* - dnsoverquic, debug log output removed.
* - dnsoverquic, fix in doqclient to work with renamed NGTCP2_CC_ALGO_BBR_V2
from ngtcp2.
* - dnsoverquic, fix to check in doq_server_socket_create that tls-service-key
and tls-service-pem have a value.
* - dnsoverquic, fix to error when doq_server_socket_create fails.
* - dnsoverquic, improve linebreaks in configparser additions.
* - dnsoverquic, fix port from interface pickup after main branch change.
* Fix getting user data from SSL, fix calloc warning.
* Fix fwrite return value check in doqclient
* - timeval_substruct from timeval_func.h
- lock_protect also for HAVE_NGTCP2_CCERR_DEFAULT
- fix doq logging for inet_ntop failures
* - memset for consistency
- no value returned from msghdr_get_ecn when S_SPLINT_S is defined
* - dnsoverquic, rerun autoconf.
---------
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
2024-10-09 04:32:03 -04:00
|
|
|
#ifdef HAVE_NGTCP2
|
|
|
|
|
PR_UL("num.query.quic", s->svr.qquic);
|
|
|
|
|
#endif
|
2017-02-23 07:05:05 -05:00
|
|
|
|
|
|
|
|
/* flags */
|
|
|
|
|
PR_UL("num.query.flags.QR", s->svr.qbit_QR);
|
|
|
|
|
PR_UL("num.query.flags.AA", s->svr.qbit_AA);
|
|
|
|
|
PR_UL("num.query.flags.TC", s->svr.qbit_TC);
|
|
|
|
|
PR_UL("num.query.flags.RD", s->svr.qbit_RD);
|
|
|
|
|
PR_UL("num.query.flags.RA", s->svr.qbit_RA);
|
|
|
|
|
PR_UL("num.query.flags.Z", s->svr.qbit_Z);
|
|
|
|
|
PR_UL("num.query.flags.AD", s->svr.qbit_AD);
|
|
|
|
|
PR_UL("num.query.flags.CD", s->svr.qbit_CD);
|
|
|
|
|
PR_UL("num.query.edns.present", s->svr.qEDNS);
|
|
|
|
|
PR_UL("num.query.edns.DO", s->svr.qEDNS_DO);
|
|
|
|
|
|
|
|
|
|
/* RCODE */
|
2017-04-13 08:47:29 -04:00
|
|
|
for(i=0; i<UB_STATS_RCODE_NUM; i++) {
|
2017-02-23 07:05:05 -05:00
|
|
|
/* Always include RCODEs 0-5 */
|
|
|
|
|
if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0)
|
|
|
|
|
continue;
|
|
|
|
|
sldns_wire2str_rcode_buf(i, nm, sizeof(nm));
|
|
|
|
|
PR_UL_SUB("num.answer.rcode", nm, s->svr.ans_rcode[i]);
|
|
|
|
|
}
|
|
|
|
|
if(!inhibit_zero || s->svr.ans_rcode_nodata) {
|
|
|
|
|
PR_UL("num.answer.rcode.nodata", s->svr.ans_rcode_nodata);
|
|
|
|
|
}
|
2017-08-03 08:52:33 -04:00
|
|
|
/* iteration */
|
|
|
|
|
PR_UL("num.query.ratelimited", s->svr.queries_ratelimited);
|
2017-02-23 07:05:05 -05:00
|
|
|
/* validation */
|
|
|
|
|
PR_UL("num.answer.secure", s->svr.ans_secure);
|
|
|
|
|
PR_UL("num.answer.bogus", s->svr.ans_bogus);
|
|
|
|
|
PR_UL("num.rrset.bogus", s->svr.rrset_bogus);
|
2018-04-10 07:39:23 -04:00
|
|
|
PR_UL("num.query.aggressive.NOERROR", s->svr.num_neg_cache_noerror);
|
|
|
|
|
PR_UL("num.query.aggressive.NXDOMAIN", s->svr.num_neg_cache_nxdomain);
|
2017-02-23 07:05:05 -05:00
|
|
|
/* threat detection */
|
|
|
|
|
PR_UL("unwanted.queries", s->svr.unwanted_queries);
|
|
|
|
|
PR_UL("unwanted.replies", s->svr.unwanted_replies);
|
|
|
|
|
/* cache counts */
|
|
|
|
|
PR_UL("msg.cache.count", s->svr.msg_cache_count);
|
|
|
|
|
PR_UL("rrset.cache.count", s->svr.rrset_cache_count);
|
|
|
|
|
PR_UL("infra.cache.count", s->svr.infra_cache_count);
|
|
|
|
|
PR_UL("key.cache.count", s->svr.key_cache_count);
|
2023-01-13 01:33:38 -05:00
|
|
|
/* max collisions */
|
|
|
|
|
PR_UL("msg.cache.max_collisions", s->svr.msg_cache_max_collisions);
|
|
|
|
|
PR_UL("rrset.cache.max_collisions", s->svr.rrset_cache_max_collisions);
|
2019-11-21 23:56:24 -05:00
|
|
|
/* applied RPZ actions */
|
|
|
|
|
for(i=0; i<UB_STATS_RPZ_ACTION_NUM; i++) {
|
2020-01-30 08:05:56 -05:00
|
|
|
if(i == RPZ_NO_OVERRIDE_ACTION)
|
2019-11-21 23:56:24 -05:00
|
|
|
continue;
|
|
|
|
|
if(inhibit_zero && s->svr.rpz_action[i] == 0)
|
|
|
|
|
continue;
|
|
|
|
|
PR_UL_SUB("num.rpz.action", rpz_action_to_string(i), s->svr.rpz_action[i]);
|
|
|
|
|
}
|
2017-08-31 04:06:17 -04:00
|
|
|
#ifdef USE_DNSCRYPT
|
|
|
|
|
PR_UL("dnscrypt_shared_secret.cache.count",
|
|
|
|
|
s->svr.shared_secret_cache_count);
|
|
|
|
|
PR_UL("num.query.dnscrypt.shared_secret.cachemiss",
|
|
|
|
|
s->svr.num_query_dnscrypt_secret_missed_cache);
|
2017-09-18 04:55:08 -04:00
|
|
|
PR_UL("dnscrypt_nonce.cache.count", s->svr.nonce_cache_count);
|
|
|
|
|
PR_UL("num.query.dnscrypt.replay",
|
|
|
|
|
s->svr.num_query_dnscrypt_replay);
|
2017-08-31 04:06:17 -04:00
|
|
|
#endif /* USE_DNSCRYPT */
|
2018-04-09 06:15:06 -04:00
|
|
|
PR_UL("num.query.authzone.up", s->svr.num_query_authzone_up);
|
|
|
|
|
PR_UL("num.query.authzone.down", s->svr.num_query_authzone_down);
|
2018-08-21 10:14:28 -04:00
|
|
|
#ifdef CLIENT_SUBNET
|
|
|
|
|
PR_UL("num.query.subnet", s->svr.num_query_subnet);
|
|
|
|
|
PR_UL("num.query.subnet_cache", s->svr.num_query_subnet_cache);
|
|
|
|
|
#endif
|
2023-05-30 11:49:50 -04:00
|
|
|
#ifdef USE_CACHEDB
|
|
|
|
|
PR_UL("num.query.cachedb", s->svr.num_query_cachedb);
|
|
|
|
|
#endif
|
2017-02-23 07:05:05 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** print statistics out of memory structures */
|
2017-04-13 08:47:29 -04:00
|
|
|
static void do_stats_shm(struct config_file* cfg, struct ub_stats_info* stats,
|
|
|
|
|
struct ub_shm_stat_info* shm_stat)
|
2017-02-23 07:05:05 -05:00
|
|
|
{
|
|
|
|
|
int i;
|
2017-07-24 05:04:18 -04:00
|
|
|
char nm[32];
|
2017-02-23 07:05:05 -05:00
|
|
|
for(i=0; i<cfg->num_threads; i++) {
|
|
|
|
|
snprintf(nm, sizeof(nm), "thread%d", i);
|
|
|
|
|
pr_stats(nm, &stats[i+1]);
|
|
|
|
|
}
|
|
|
|
|
pr_stats("total", &stats[0]);
|
|
|
|
|
print_uptime(shm_stat);
|
|
|
|
|
if(cfg->stat_extended) {
|
2019-01-22 08:20:06 -05:00
|
|
|
print_mem(shm_stat, &stats[0]);
|
2017-02-23 07:05:05 -05:00
|
|
|
print_hist(stats);
|
2022-12-13 04:04:06 -05:00
|
|
|
print_extended(stats, cfg->stat_inhibit_zero);
|
2017-02-23 07:05:05 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif /* HAVE_SHMGET */
|
|
|
|
|
|
|
|
|
|
/** print statistics from shm memory segment */
|
2022-03-18 07:08:02 -04:00
|
|
|
static void print_stats_shm(const char* cfgfile, int quiet)
|
2017-02-23 07:05:05 -05:00
|
|
|
{
|
|
|
|
|
#ifdef HAVE_SHMGET
|
|
|
|
|
struct config_file* cfg;
|
2017-04-13 08:47:29 -04:00
|
|
|
struct ub_stats_info* stats;
|
|
|
|
|
struct ub_shm_stat_info* shm_stat;
|
2017-02-23 07:05:05 -05:00
|
|
|
int id_ctl, id_arr;
|
|
|
|
|
/* read config */
|
|
|
|
|
if(!(cfg = config_create()))
|
|
|
|
|
fatal_exit("out of memory");
|
|
|
|
|
if(!config_read(cfg, cfgfile, NULL))
|
|
|
|
|
fatal_exit("could not read config file");
|
|
|
|
|
/* get shm segments */
|
2019-11-20 05:18:03 -05:00
|
|
|
id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R);
|
2017-02-23 07:05:05 -05:00
|
|
|
if(id_ctl == -1) {
|
|
|
|
|
fatal_exit("shmget(%d): %s", cfg->shm_key, strerror(errno));
|
|
|
|
|
}
|
2019-11-20 05:18:03 -05:00
|
|
|
id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R);
|
2017-02-23 07:05:05 -05:00
|
|
|
if(id_arr == -1) {
|
|
|
|
|
fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno));
|
|
|
|
|
}
|
2019-11-20 05:18:03 -05:00
|
|
|
shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, SHM_RDONLY);
|
2017-02-23 07:05:05 -05:00
|
|
|
if(shm_stat == (void*)-1) {
|
|
|
|
|
fatal_exit("shmat(%d): %s", id_ctl, strerror(errno));
|
|
|
|
|
}
|
2019-11-20 05:18:03 -05:00
|
|
|
stats = (struct ub_stats_info*)shmat(id_arr, NULL, SHM_RDONLY);
|
2017-02-23 07:05:05 -05:00
|
|
|
if(stats == (void*)-1) {
|
|
|
|
|
fatal_exit("shmat(%d): %s", id_arr, strerror(errno));
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-18 07:08:02 -04:00
|
|
|
|
2022-03-18 10:04:16 -04:00
|
|
|
if(!quiet) {
|
2022-03-18 07:08:02 -04:00
|
|
|
/* print the stats */
|
|
|
|
|
do_stats_shm(cfg, stats, shm_stat);
|
|
|
|
|
}
|
2017-02-23 07:05:05 -05:00
|
|
|
|
|
|
|
|
/* shutdown */
|
|
|
|
|
shmdt(shm_stat);
|
|
|
|
|
shmdt(stats);
|
|
|
|
|
config_delete(cfg);
|
|
|
|
|
#else
|
|
|
|
|
(void)cfgfile;
|
2022-06-29 06:00:44 -04:00
|
|
|
(void)quiet;
|
2017-02-23 07:05:05 -05:00
|
|
|
#endif /* HAVE_SHMGET */
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-11 10:14:12 -04:00
|
|
|
/** exit with ssl error */
|
|
|
|
|
static void ssl_err(const char* s)
|
|
|
|
|
{
|
|
|
|
|
fprintf(stderr, "error: %s\n", s);
|
|
|
|
|
ERR_print_errors_fp(stderr);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-19 02:22:11 -04:00
|
|
|
/** exit with ssl error related to a file path */
|
|
|
|
|
static void ssl_path_err(const char* s, const char *path)
|
|
|
|
|
{
|
|
|
|
|
unsigned long err;
|
|
|
|
|
err = ERR_peek_error();
|
2022-03-18 10:04:16 -04:00
|
|
|
if(ERR_GET_LIB(err) == ERR_LIB_SYS) {
|
2018-07-19 02:22:11 -04:00
|
|
|
fprintf(stderr, "error: %s\n%s: %s\n",
|
|
|
|
|
s, path, ERR_reason_error_string(err));
|
|
|
|
|
exit(1);
|
|
|
|
|
} else {
|
|
|
|
|
ssl_err(s);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-11 10:14:12 -04:00
|
|
|
/** setup SSL context */
|
|
|
|
|
static SSL_CTX*
|
|
|
|
|
setup_ctx(struct config_file* cfg)
|
|
|
|
|
{
|
2015-01-06 09:12:59 -05:00
|
|
|
char* s_cert=NULL, *c_key=NULL, *c_cert=NULL;
|
2008-09-11 10:14:12 -04:00
|
|
|
SSL_CTX* ctx;
|
|
|
|
|
|
2018-06-18 05:04:35 -04:00
|
|
|
if(!(options_remote_is_address(cfg) && cfg->control_use_cert))
|
2018-06-12 03:43:52 -04:00
|
|
|
return NULL;
|
|
|
|
|
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
|
|
|
|
|
c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
|
|
|
|
|
c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
|
|
|
|
|
if(!s_cert || !c_key || !c_cert)
|
|
|
|
|
fatal_exit("out of memory");
|
2017-02-23 07:05:05 -05:00
|
|
|
ctx = SSL_CTX_new(SSLv23_client_method());
|
2008-09-11 10:14:12 -04:00
|
|
|
if(!ctx)
|
|
|
|
|
ssl_err("could not allocate SSL_CTX pointer");
|
2020-01-10 05:28:01 -05:00
|
|
|
#if SSL_OP_NO_SSLv2 != 0
|
2017-02-23 07:05:05 -05:00
|
|
|
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
|
2015-10-29 04:32:58 -04:00
|
|
|
!= SSL_OP_NO_SSLv2)
|
2008-09-11 10:14:12 -04:00
|
|
|
ssl_err("could not set SSL_OP_NO_SSLv2");
|
2020-01-10 05:28:01 -05:00
|
|
|
#endif
|
2018-06-12 03:43:52 -04:00
|
|
|
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
|
|
|
|
|
!= SSL_OP_NO_SSLv3)
|
2019-07-19 06:51:37 -04:00
|
|
|
ssl_err("could not set SSL_OP_NO_SSLv3");
|
2019-07-19 02:18:06 -04:00
|
|
|
#if defined(SSL_OP_NO_RENEGOTIATION)
|
|
|
|
|
/* disable client renegotiation */
|
|
|
|
|
if((SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION) &
|
|
|
|
|
SSL_OP_NO_RENEGOTIATION) != SSL_OP_NO_RENEGOTIATION)
|
|
|
|
|
ssl_err("could not set SSL_OP_NO_RENEGOTIATION");
|
|
|
|
|
#endif
|
2018-07-19 02:22:11 -04:00
|
|
|
if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert))
|
|
|
|
|
ssl_path_err("Error setting up SSL_CTX client cert", c_cert);
|
2022-03-18 10:04:16 -04:00
|
|
|
if(!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM))
|
2018-07-19 02:22:11 -04:00
|
|
|
ssl_path_err("Error setting up SSL_CTX client key", c_key);
|
2022-03-18 10:04:16 -04:00
|
|
|
if(!SSL_CTX_check_private_key(ctx))
|
2018-07-19 02:22:11 -04:00
|
|
|
ssl_err("Error setting up SSL_CTX client key");
|
2022-03-18 10:04:16 -04:00
|
|
|
if(SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
|
2018-07-19 02:22:11 -04:00
|
|
|
ssl_path_err("Error setting up SSL_CTX verify, server cert",
|
|
|
|
|
s_cert);
|
2018-06-12 03:43:52 -04:00
|
|
|
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
|
|
|
|
|
|
|
|
|
free(s_cert);
|
|
|
|
|
free(c_key);
|
|
|
|
|
free(c_cert);
|
2008-09-11 10:14:12 -04:00
|
|
|
return ctx;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-11 03:33:56 -05:00
|
|
|
/** check connect error */
|
|
|
|
|
static void
|
|
|
|
|
checkconnecterr(int err, const char* svr, struct sockaddr_storage* addr,
|
|
|
|
|
socklen_t addrlen, int statuscmd, int useport)
|
|
|
|
|
{
|
|
|
|
|
#ifndef USE_WINSOCK
|
|
|
|
|
if(!useport) log_err("connect: %s for %s", strerror(err), svr);
|
|
|
|
|
else log_err_addr("connect", strerror(err), addr, addrlen);
|
|
|
|
|
if(err == ECONNREFUSED && statuscmd) {
|
|
|
|
|
printf("unbound is stopped\n");
|
|
|
|
|
exit(3);
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
int wsaerr = err;
|
|
|
|
|
if(!useport) log_err("connect: %s for %s", wsa_strerror(wsaerr), svr);
|
|
|
|
|
else log_err_addr("connect", wsa_strerror(wsaerr), addr, addrlen);
|
|
|
|
|
if(wsaerr == WSAECONNREFUSED && statuscmd) {
|
|
|
|
|
printf("unbound is stopped\n");
|
|
|
|
|
exit(3);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-11 10:14:12 -04:00
|
|
|
/** contact the server with TCP connect */
|
|
|
|
|
static int
|
2008-12-17 09:03:49 -05:00
|
|
|
contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
2008-09-11 10:14:12 -04:00
|
|
|
{
|
|
|
|
|
struct sockaddr_storage addr;
|
|
|
|
|
socklen_t addrlen;
|
2018-06-19 05:40:59 -04:00
|
|
|
int addrfamily = 0, proto = IPPROTO_TCP;
|
2018-06-12 04:15:44 -04:00
|
|
|
int fd, useport = 1;
|
2021-02-26 07:54:10 -05:00
|
|
|
char** rcif = NULL;
|
|
|
|
|
int num_rcif = 0;
|
2008-09-11 10:14:12 -04:00
|
|
|
/* use svr or the first config entry */
|
|
|
|
|
if(!svr) {
|
2018-06-14 04:14:43 -04:00
|
|
|
if(cfg->control_ifs.first) {
|
2021-02-26 07:54:10 -05:00
|
|
|
struct sockaddr_storage addr2;
|
|
|
|
|
socklen_t addrlen2;
|
|
|
|
|
if(extstrtoaddr(cfg->control_ifs.first->str, &addr2,
|
2021-08-19 10:12:19 -04:00
|
|
|
&addrlen2, UNBOUND_DNS_PORT)) {
|
2021-02-26 07:54:10 -05:00
|
|
|
svr = cfg->control_ifs.first->str;
|
|
|
|
|
} else {
|
|
|
|
|
if(!resolve_interface_names(NULL, 0,
|
|
|
|
|
cfg->control_ifs.first, &rcif,
|
|
|
|
|
&num_rcif)) {
|
|
|
|
|
fatal_exit("could not resolve interface names");
|
|
|
|
|
}
|
|
|
|
|
if(rcif == NULL || num_rcif == 0) {
|
|
|
|
|
fatal_exit("no control interfaces");
|
|
|
|
|
}
|
|
|
|
|
svr = rcif[0];
|
|
|
|
|
}
|
2016-12-13 09:21:15 -05:00
|
|
|
} else if(cfg->do_ip4) {
|
|
|
|
|
svr = "127.0.0.1";
|
|
|
|
|
} else {
|
|
|
|
|
svr = "::1";
|
|
|
|
|
}
|
2008-09-15 10:19:41 -04:00
|
|
|
/* config 0 addr (everything), means ask localhost */
|
|
|
|
|
if(strcmp(svr, "0.0.0.0") == 0)
|
|
|
|
|
svr = "127.0.0.1";
|
|
|
|
|
else if(strcmp(svr, "::0") == 0 ||
|
|
|
|
|
strcmp(svr, "0::0") == 0 ||
|
|
|
|
|
strcmp(svr, "0::") == 0 ||
|
|
|
|
|
strcmp(svr, "::") == 0)
|
|
|
|
|
svr = "::1";
|
2008-09-11 10:14:12 -04:00
|
|
|
}
|
|
|
|
|
if(strchr(svr, '@')) {
|
2021-08-19 10:12:19 -04:00
|
|
|
if(!extstrtoaddr(svr, &addr, &addrlen, UNBOUND_DNS_PORT))
|
2008-09-11 10:14:12 -04:00
|
|
|
fatal_exit("could not parse IP@port: %s", svr);
|
2015-01-06 09:12:59 -05:00
|
|
|
#ifdef HAVE_SYS_UN_H
|
|
|
|
|
} else if(svr[0] == '/') {
|
2015-01-30 10:34:27 -05:00
|
|
|
struct sockaddr_un* usock = (struct sockaddr_un *) &addr;
|
|
|
|
|
usock->sun_family = AF_LOCAL;
|
2015-01-06 09:12:59 -05:00
|
|
|
#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
|
2016-09-13 07:38:16 -04:00
|
|
|
usock->sun_len = (unsigned)sizeof(usock);
|
2015-01-06 09:12:59 -05:00
|
|
|
#endif
|
2015-01-30 10:34:27 -05:00
|
|
|
(void)strlcpy(usock->sun_path, svr, sizeof(usock->sun_path));
|
2015-01-06 09:18:03 -05:00
|
|
|
addrlen = (socklen_t)sizeof(struct sockaddr_un);
|
2015-01-06 09:12:59 -05:00
|
|
|
addrfamily = AF_LOCAL;
|
2018-06-12 04:15:44 -04:00
|
|
|
useport = 0;
|
2018-06-19 05:40:59 -04:00
|
|
|
proto = 0;
|
2015-01-06 09:12:59 -05:00
|
|
|
#endif
|
2008-09-11 10:14:12 -04:00
|
|
|
} else {
|
|
|
|
|
if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen))
|
|
|
|
|
fatal_exit("could not parse IP: %s", svr);
|
|
|
|
|
}
|
2015-01-06 09:12:59 -05:00
|
|
|
|
|
|
|
|
if(addrfamily == 0)
|
2018-06-19 05:40:59 -04:00
|
|
|
addrfamily = addr_is_ip6(&addr, addrlen)?PF_INET6:PF_INET;
|
|
|
|
|
fd = socket(addrfamily, SOCK_STREAM, proto);
|
2008-09-11 10:14:12 -04:00
|
|
|
if(fd == -1) {
|
2020-08-31 03:12:01 -04:00
|
|
|
fatal_exit("socket: %s", sock_strerror(errno));
|
2008-09-11 10:14:12 -04:00
|
|
|
}
|
2020-12-11 03:33:56 -05:00
|
|
|
fd_set_nonblock(fd);
|
2008-09-11 10:14:12 -04:00
|
|
|
if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) {
|
|
|
|
|
#ifndef USE_WINSOCK
|
2020-12-11 03:33:56 -05:00
|
|
|
#ifdef EINPROGRESS
|
|
|
|
|
if(errno != EINPROGRESS) {
|
|
|
|
|
checkconnecterr(errno, svr, &addr,
|
|
|
|
|
addrlen, statuscmd, useport);
|
2008-12-17 09:03:49 -05:00
|
|
|
}
|
2020-12-11 03:33:56 -05:00
|
|
|
#endif
|
2008-09-11 10:14:12 -04:00
|
|
|
#else
|
2020-12-11 03:33:56 -05:00
|
|
|
if(WSAGetLastError() != WSAEINPROGRESS &&
|
|
|
|
|
WSAGetLastError() != WSAEWOULDBLOCK) {
|
|
|
|
|
checkconnecterr(WSAGetLastError(), svr, &addr,
|
|
|
|
|
addrlen, statuscmd, useport);
|
2008-12-17 09:03:49 -05:00
|
|
|
}
|
2008-09-11 10:14:12 -04:00
|
|
|
#endif
|
|
|
|
|
}
|
2020-12-11 03:33:56 -05:00
|
|
|
while(1) {
|
|
|
|
|
fd_set rset, wset, eset;
|
|
|
|
|
struct timeval tv;
|
|
|
|
|
FD_ZERO(&rset);
|
|
|
|
|
FD_SET(FD_SET_T fd, &rset);
|
|
|
|
|
FD_ZERO(&wset);
|
|
|
|
|
FD_SET(FD_SET_T fd, &wset);
|
|
|
|
|
FD_ZERO(&eset);
|
|
|
|
|
FD_SET(FD_SET_T fd, &eset);
|
|
|
|
|
tv.tv_sec = UNBOUND_CONTROL_CONNECT_TIMEOUT/1000;
|
|
|
|
|
tv.tv_usec= (UNBOUND_CONTROL_CONNECT_TIMEOUT%1000)*1000;
|
|
|
|
|
if(select(fd+1, &rset, &wset, &eset, &tv) == -1) {
|
|
|
|
|
fatal_exit("select: %s", sock_strerror(errno));
|
|
|
|
|
}
|
|
|
|
|
if(!FD_ISSET(fd, &rset) && !FD_ISSET(fd, &wset) &&
|
|
|
|
|
!FD_ISSET(fd, &eset)) {
|
|
|
|
|
fatal_exit("timeout: could not connect to server");
|
|
|
|
|
} else {
|
|
|
|
|
/* check nonblocking connect error */
|
|
|
|
|
int error = 0;
|
|
|
|
|
socklen_t len = (socklen_t)sizeof(error);
|
|
|
|
|
if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error,
|
|
|
|
|
&len) < 0) {
|
|
|
|
|
#ifndef USE_WINSOCK
|
|
|
|
|
error = errno; /* on solaris errno is error */
|
|
|
|
|
#else
|
|
|
|
|
error = WSAGetLastError();
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
if(error != 0) {
|
|
|
|
|
#ifndef USE_WINSOCK
|
|
|
|
|
#ifdef EINPROGRESS
|
|
|
|
|
if(error == EINPROGRESS)
|
|
|
|
|
continue; /* try again later */
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef EWOULDBLOCK
|
|
|
|
|
if(error == EWOULDBLOCK)
|
|
|
|
|
continue; /* try again later */
|
|
|
|
|
#endif
|
|
|
|
|
#else
|
|
|
|
|
if(error == WSAEINPROGRESS)
|
|
|
|
|
continue; /* try again later */
|
|
|
|
|
if(error == WSAEWOULDBLOCK)
|
|
|
|
|
continue; /* try again later */
|
|
|
|
|
#endif
|
|
|
|
|
checkconnecterr(error, svr, &addr, addrlen,
|
|
|
|
|
statuscmd, useport);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
fd_set_block(fd);
|
2021-02-26 07:54:10 -05:00
|
|
|
config_del_strarray(rcif, num_rcif);
|
2008-09-11 10:14:12 -04:00
|
|
|
return fd;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** setup SSL on the connection */
|
|
|
|
|
static SSL*
|
2018-06-12 03:43:52 -04:00
|
|
|
setup_ssl(SSL_CTX* ctx, int fd)
|
2008-09-11 10:14:12 -04:00
|
|
|
{
|
|
|
|
|
SSL* ssl;
|
|
|
|
|
X509* x;
|
|
|
|
|
int r;
|
|
|
|
|
|
2018-06-12 03:43:52 -04:00
|
|
|
if(!ctx) return NULL;
|
2008-09-11 10:14:12 -04:00
|
|
|
ssl = SSL_new(ctx);
|
|
|
|
|
if(!ssl)
|
|
|
|
|
ssl_err("could not SSL_new");
|
|
|
|
|
SSL_set_connect_state(ssl);
|
2019-11-13 09:16:27 -05:00
|
|
|
(void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY);
|
2008-09-11 10:14:12 -04:00
|
|
|
if(!SSL_set_fd(ssl, fd))
|
|
|
|
|
ssl_err("could not SSL_set_fd");
|
|
|
|
|
while(1) {
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
if( (r=SSL_do_handshake(ssl)) == 1)
|
|
|
|
|
break;
|
|
|
|
|
r = SSL_get_error(ssl, r);
|
|
|
|
|
if(r != SSL_ERROR_WANT_READ && r != SSL_ERROR_WANT_WRITE)
|
|
|
|
|
ssl_err("SSL handshake failed");
|
|
|
|
|
/* wants to be called again */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* check authenticity of server */
|
|
|
|
|
if(SSL_get_verify_result(ssl) != X509_V_OK)
|
|
|
|
|
ssl_err("SSL verification failed");
|
2024-06-17 06:28:45 -04:00
|
|
|
#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
|
|
|
|
|
x = SSL_get1_peer_certificate(ssl);
|
|
|
|
|
#else
|
2018-06-12 03:43:52 -04:00
|
|
|
x = SSL_get_peer_certificate(ssl);
|
2024-06-17 06:28:45 -04:00
|
|
|
#endif
|
2018-06-12 03:43:52 -04:00
|
|
|
if(!x)
|
|
|
|
|
ssl_err("Server presented no peer certificate");
|
|
|
|
|
X509_free(x);
|
2015-01-06 09:12:59 -05:00
|
|
|
|
2008-09-11 10:14:12 -04:00
|
|
|
return ssl;
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-12 03:43:52 -04:00
|
|
|
/** read from ssl or fd, fatalexit on error, 0 EOF, 1 success */
|
|
|
|
|
static int
|
|
|
|
|
remote_read(SSL* ssl, int fd, char* buf, size_t len)
|
|
|
|
|
{
|
|
|
|
|
if(ssl) {
|
|
|
|
|
int r;
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
if((r = SSL_read(ssl, buf, (int)len-1)) <= 0) {
|
|
|
|
|
if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
|
|
|
|
|
/* EOF */
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
ssl_err("could not SSL_read");
|
|
|
|
|
}
|
|
|
|
|
buf[r] = 0;
|
|
|
|
|
} else {
|
2018-06-19 09:13:35 -04:00
|
|
|
ssize_t rr = recv(fd, buf, len-1, 0);
|
2018-06-12 03:43:52 -04:00
|
|
|
if(rr <= 0) {
|
|
|
|
|
if(rr == 0) {
|
|
|
|
|
/* EOF */
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2020-08-31 03:12:01 -04:00
|
|
|
fatal_exit("could not recv: %s", sock_strerror(errno));
|
2018-06-12 03:43:52 -04:00
|
|
|
}
|
|
|
|
|
buf[rr] = 0;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** write to ssl or fd, fatalexit on error */
|
|
|
|
|
static void
|
|
|
|
|
remote_write(SSL* ssl, int fd, const char* buf, size_t len)
|
|
|
|
|
{
|
|
|
|
|
if(ssl) {
|
|
|
|
|
if(SSL_write(ssl, buf, (int)len) <= 0)
|
|
|
|
|
ssl_err("could not SSL_write");
|
|
|
|
|
} else {
|
2018-06-19 09:13:35 -04:00
|
|
|
if(send(fd, buf, len, 0) < (ssize_t)len) {
|
2020-08-31 03:12:01 -04:00
|
|
|
fatal_exit("could not send: %s", sock_strerror(errno));
|
2018-06-19 09:13:35 -04:00
|
|
|
}
|
2018-06-12 03:43:52 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-11 06:02:51 -05:00
|
|
|
/** check args, to see if too many args. Because when a file is sent it
|
|
|
|
|
* would wait for the terminal, and we can check for too many arguments,
|
|
|
|
|
* eg. user put arguments on the commandline. */
|
|
|
|
|
static void
|
|
|
|
|
check_args_for_listcmd(int argc, char* argv[])
|
|
|
|
|
{
|
|
|
|
|
if(argc >= 1 && (strcmp(argv[0], "local_zones") == 0 ||
|
|
|
|
|
strcmp(argv[0], "local_zones_remove") == 0 ||
|
|
|
|
|
strcmp(argv[0], "local_datas") == 0 ||
|
|
|
|
|
strcmp(argv[0], "local_datas_remove") == 0) &&
|
|
|
|
|
argc >= 2) {
|
|
|
|
|
fatal_exit("too many arguments for command '%s', "
|
|
|
|
|
"content is piped in from stdin", argv[0]);
|
|
|
|
|
}
|
2020-01-28 20:28:00 -05:00
|
|
|
if(argc >= 1 && (strcmp(argv[0], "view_local_datas") == 0 ||
|
|
|
|
|
strcmp(argv[0], "view_local_datas_remove") == 0) &&
|
2019-11-11 06:02:51 -05:00
|
|
|
argc >= 3) {
|
|
|
|
|
fatal_exit("too many arguments for command '%s', "
|
|
|
|
|
"content is piped in from stdin", argv[0]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-22 11:20:18 -04:00
|
|
|
/** send stdin to server */
|
|
|
|
|
static void
|
2018-06-12 03:43:52 -04:00
|
|
|
send_file(SSL* ssl, int fd, FILE* in, char* buf, size_t sz)
|
2008-09-22 11:20:18 -04:00
|
|
|
{
|
2008-09-23 05:23:38 -04:00
|
|
|
while(fgets(buf, (int)sz, in)) {
|
2018-06-12 03:43:52 -04:00
|
|
|
remote_write(ssl, fd, buf, strlen(buf));
|
2008-09-22 11:20:18 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-30 06:22:29 -05:00
|
|
|
/** send end-of-file marker to server */
|
|
|
|
|
static void
|
2018-06-12 03:43:52 -04:00
|
|
|
send_eof(SSL* ssl, int fd)
|
2016-11-30 06:22:29 -05:00
|
|
|
{
|
|
|
|
|
char e[] = {0x04, 0x0a};
|
2018-06-12 03:43:52 -04:00
|
|
|
remote_write(ssl, fd, e, sizeof(e));
|
2016-11-30 06:22:29 -05:00
|
|
|
}
|
|
|
|
|
|
2008-09-11 10:14:12 -04:00
|
|
|
/** send command and display result */
|
2008-09-15 06:36:13 -04:00
|
|
|
static int
|
2018-06-12 03:43:52 -04:00
|
|
|
go_cmd(SSL* ssl, int fd, int quiet, int argc, char* argv[])
|
2008-09-11 10:14:12 -04:00
|
|
|
{
|
2011-06-10 06:11:38 -04:00
|
|
|
char pre[10];
|
2008-11-04 09:53:50 -05:00
|
|
|
const char* space=" ";
|
|
|
|
|
const char* newline="\n";
|
2008-09-15 06:36:13 -04:00
|
|
|
int was_error = 0, first_line = 1;
|
2018-06-12 03:43:52 -04:00
|
|
|
int i;
|
2008-09-11 10:14:12 -04:00
|
|
|
char buf[1024];
|
2011-06-10 06:11:38 -04:00
|
|
|
snprintf(pre, sizeof(pre), "UBCT%d ", UNBOUND_CONTROL_VERSION);
|
2018-06-12 03:43:52 -04:00
|
|
|
remote_write(ssl, fd, pre, strlen(pre));
|
2008-09-12 09:01:20 -04:00
|
|
|
for(i=0; i<argc; i++) {
|
2018-06-12 03:43:52 -04:00
|
|
|
remote_write(ssl, fd, space, strlen(space));
|
|
|
|
|
remote_write(ssl, fd, argv[i], strlen(argv[i]));
|
2008-09-12 09:01:20 -04:00
|
|
|
}
|
2018-06-12 03:43:52 -04:00
|
|
|
remote_write(ssl, fd, newline, strlen(newline));
|
2008-09-22 11:20:18 -04:00
|
|
|
|
|
|
|
|
if(argc == 1 && strcmp(argv[0], "load_cache") == 0) {
|
2018-06-12 03:43:52 -04:00
|
|
|
send_file(ssl, fd, stdin, buf, sizeof(buf));
|
2008-09-22 11:20:18 -04:00
|
|
|
}
|
2018-11-26 08:55:36 -05:00
|
|
|
else if(argc >= 1 && (strcmp(argv[0], "local_zones") == 0 ||
|
2016-11-30 06:22:29 -05:00
|
|
|
strcmp(argv[0], "local_zones_remove") == 0 ||
|
|
|
|
|
strcmp(argv[0], "local_datas") == 0 ||
|
2018-11-26 08:55:36 -05:00
|
|
|
strcmp(argv[0], "view_local_datas") == 0 ||
|
2020-01-29 10:32:03 -05:00
|
|
|
strcmp(argv[0], "local_datas_remove") == 0 ||
|
|
|
|
|
strcmp(argv[0], "view_local_datas_remove") == 0)) {
|
2018-06-12 03:43:52 -04:00
|
|
|
send_file(ssl, fd, stdin, buf, sizeof(buf));
|
|
|
|
|
send_eof(ssl, fd);
|
2016-11-30 06:22:29 -05:00
|
|
|
}
|
2008-09-22 11:20:18 -04:00
|
|
|
|
2008-09-11 10:14:12 -04:00
|
|
|
while(1) {
|
2018-06-12 03:43:52 -04:00
|
|
|
if(remote_read(ssl, fd, buf, sizeof(buf)) == 0) {
|
|
|
|
|
break; /* EOF */
|
2008-09-11 10:14:12 -04:00
|
|
|
}
|
2012-09-27 05:32:35 -04:00
|
|
|
if(first_line && strncmp(buf, "error", 5) == 0) {
|
|
|
|
|
printf("%s", buf);
|
2008-09-15 06:36:13 -04:00
|
|
|
was_error = 1;
|
2022-03-18 10:04:16 -04:00
|
|
|
} else if(!quiet) {
|
2012-09-27 05:32:35 -04:00
|
|
|
printf("%s", buf);
|
2022-03-18 10:04:16 -04:00
|
|
|
}
|
2012-09-27 05:32:35 -04:00
|
|
|
|
2008-09-15 06:36:13 -04:00
|
|
|
first_line = 0;
|
2008-09-11 10:14:12 -04:00
|
|
|
}
|
2008-09-15 06:36:13 -04:00
|
|
|
return was_error;
|
2008-09-11 10:14:12 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** go ahead and read config, contact server and perform command and display */
|
2008-09-15 06:36:13 -04:00
|
|
|
static int
|
2012-09-27 05:32:35 -04:00
|
|
|
go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[])
|
2008-09-11 10:14:12 -04:00
|
|
|
{
|
|
|
|
|
struct config_file* cfg;
|
2008-09-15 06:36:13 -04:00
|
|
|
int fd, ret;
|
2008-09-11 10:14:12 -04:00
|
|
|
SSL_CTX* ctx;
|
|
|
|
|
SSL* ssl;
|
|
|
|
|
|
|
|
|
|
/* read config */
|
|
|
|
|
if(!(cfg = config_create()))
|
|
|
|
|
fatal_exit("out of memory");
|
2009-01-06 10:47:15 -05:00
|
|
|
if(!config_read(cfg, cfgfile, NULL))
|
2008-09-11 10:14:12 -04:00
|
|
|
fatal_exit("could not read config file");
|
|
|
|
|
if(!cfg->remote_control_enable)
|
|
|
|
|
log_warn("control-enable is 'no' in the config file.");
|
2015-12-08 03:15:55 -05:00
|
|
|
#ifdef UB_ON_WINDOWS
|
|
|
|
|
w_config_adjust_directory(cfg);
|
|
|
|
|
#endif
|
2008-09-11 10:14:12 -04:00
|
|
|
ctx = setup_ctx(cfg);
|
2015-01-06 09:12:59 -05:00
|
|
|
|
2008-09-11 10:14:12 -04:00
|
|
|
/* contact server */
|
2008-12-17 09:03:49 -05:00
|
|
|
fd = contact_server(svr, cfg, argc>0&&strcmp(argv[0],"status")==0);
|
2018-06-12 03:43:52 -04:00
|
|
|
ssl = setup_ssl(ctx, fd);
|
2015-01-06 09:12:59 -05:00
|
|
|
|
2008-09-11 10:14:12 -04:00
|
|
|
/* send command */
|
2018-06-12 03:43:52 -04:00
|
|
|
ret = go_cmd(ssl, fd, quiet, argc, argv);
|
2008-09-11 10:14:12 -04:00
|
|
|
|
2018-06-12 03:43:52 -04:00
|
|
|
if(ssl) SSL_free(ssl);
|
2020-08-31 02:41:34 -04:00
|
|
|
sock_close(fd);
|
2018-06-12 03:43:52 -04:00
|
|
|
if(ctx) SSL_CTX_free(ctx);
|
2008-09-11 10:14:12 -04:00
|
|
|
config_delete(cfg);
|
2008-09-15 06:36:13 -04:00
|
|
|
return ret;
|
2008-09-11 10:14:12 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** getopt global, in case header files fail to declare it. */
|
|
|
|
|
extern int optind;
|
|
|
|
|
/** getopt global, in case header files fail to declare it. */
|
|
|
|
|
extern char* optarg;
|
|
|
|
|
|
|
|
|
|
/** Main routine for unbound-control */
|
|
|
|
|
int main(int argc, char* argv[])
|
|
|
|
|
{
|
2008-09-15 06:36:13 -04:00
|
|
|
int c, ret;
|
2012-09-27 05:32:35 -04:00
|
|
|
int quiet = 0;
|
2008-11-04 09:53:50 -05:00
|
|
|
const char* cfgfile = CONFIGFILE;
|
2008-09-11 10:14:12 -04:00
|
|
|
char* svr = NULL;
|
2008-10-20 11:41:12 -04:00
|
|
|
#ifdef USE_WINSOCK
|
|
|
|
|
int r;
|
|
|
|
|
WSADATA wsa_data;
|
|
|
|
|
#endif
|
2008-09-26 09:02:34 -04:00
|
|
|
#ifdef USE_THREAD_DEBUG
|
2017-09-15 10:29:28 -04:00
|
|
|
/* stop the file output from unbound-control, overwrites the servers */
|
2008-09-26 09:02:34 -04:00
|
|
|
extern int check_locking_order;
|
|
|
|
|
check_locking_order = 0;
|
|
|
|
|
#endif /* USE_THREAD_DEBUG */
|
2021-09-10 09:11:30 -04:00
|
|
|
checklock_start();
|
2008-09-11 10:14:12 -04:00
|
|
|
log_ident_set("unbound-control");
|
|
|
|
|
log_init(NULL, 0, NULL);
|
|
|
|
|
#ifdef USE_WINSOCK
|
2012-02-27 08:20:29 -05:00
|
|
|
/* use registry config file in preference to compiletime location */
|
|
|
|
|
if(!(cfgfile=w_lookup_reg_str("Software\\Unbound", "ConfigFile")))
|
|
|
|
|
cfgfile = CONFIGFILE;
|
2008-09-11 10:14:12 -04:00
|
|
|
#endif
|
|
|
|
|
/* parse the options */
|
2012-09-27 05:32:35 -04:00
|
|
|
while( (c=getopt(argc, argv, "c:s:qh")) != -1) {
|
2008-09-11 10:14:12 -04:00
|
|
|
switch(c) {
|
|
|
|
|
case 'c':
|
|
|
|
|
cfgfile = optarg;
|
|
|
|
|
break;
|
|
|
|
|
case 's':
|
|
|
|
|
svr = optarg;
|
|
|
|
|
break;
|
2012-09-27 05:32:35 -04:00
|
|
|
case 'q':
|
|
|
|
|
quiet = 1;
|
|
|
|
|
break;
|
2008-09-11 10:14:12 -04:00
|
|
|
case '?':
|
|
|
|
|
case 'h':
|
|
|
|
|
default:
|
|
|
|
|
usage();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
argc -= optind;
|
|
|
|
|
argv += optind;
|
|
|
|
|
if(argc == 0)
|
|
|
|
|
usage();
|
2008-09-15 04:35:45 -04:00
|
|
|
if(argc >= 1 && strcmp(argv[0], "start")==0) {
|
2020-08-03 14:37:00 -04:00
|
|
|
#if (defined(TARGET_OS_TV) && TARGET_OS_TV) || (defined(TARGET_OS_WATCH) && TARGET_OS_WATCH)
|
2020-03-17 06:32:13 -04:00
|
|
|
fatal_exit("could not exec unbound: %s",
|
|
|
|
|
strerror(ENOSYS));
|
2020-03-11 03:39:48 -04:00
|
|
|
#else
|
2023-04-20 11:39:55 -04:00
|
|
|
if(execlp("unbound", "unbound", "-c", cfgfile,
|
2008-09-11 10:14:12 -04:00
|
|
|
(char*)NULL) < 0) {
|
|
|
|
|
fatal_exit("could not exec unbound: %s",
|
|
|
|
|
strerror(errno));
|
|
|
|
|
}
|
2020-03-11 03:39:48 -04:00
|
|
|
#endif
|
2008-09-11 10:14:12 -04:00
|
|
|
}
|
2017-02-23 07:05:05 -05:00
|
|
|
if(argc >= 1 && strcmp(argv[0], "stats_shm")==0) {
|
2022-03-18 07:08:02 -04:00
|
|
|
print_stats_shm(cfgfile, quiet);
|
2017-02-23 07:05:05 -05:00
|
|
|
return 0;
|
|
|
|
|
}
|
2019-11-11 06:02:51 -05:00
|
|
|
check_args_for_listcmd(argc, argv);
|
2017-02-23 07:05:05 -05:00
|
|
|
|
|
|
|
|
#ifdef USE_WINSOCK
|
|
|
|
|
if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0)
|
|
|
|
|
fatal_exit("WSAStartup failed: %s", wsa_strerror(r));
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
|
|
|
|
|
ERR_load_crypto_strings();
|
|
|
|
|
#endif
|
2017-07-03 09:37:37 -04:00
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
|
2017-02-23 07:05:05 -05:00
|
|
|
ERR_load_SSL_strings();
|
2017-07-03 09:37:37 -04:00
|
|
|
#endif
|
2017-02-23 07:05:05 -05:00
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
|
2019-11-13 09:16:27 -05:00
|
|
|
# ifndef S_SPLINT_S
|
2017-02-23 07:05:05 -05:00
|
|
|
OpenSSL_add_all_algorithms();
|
2019-11-13 09:16:27 -05:00
|
|
|
# endif
|
2017-02-23 07:05:05 -05:00
|
|
|
#else
|
|
|
|
|
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
|
|
|
|
|
| OPENSSL_INIT_ADD_ALL_DIGESTS
|
|
|
|
|
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
|
|
|
|
|
#endif
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
|
|
|
|
|
(void)SSL_library_init();
|
|
|
|
|
#else
|
2017-07-03 09:37:37 -04:00
|
|
|
(void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
|
2017-02-23 07:05:05 -05:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if(!RAND_status()) {
|
|
|
|
|
/* try to seed it */
|
|
|
|
|
unsigned char buf[256];
|
|
|
|
|
unsigned int seed=(unsigned)time(NULL) ^ (unsigned)getpid();
|
|
|
|
|
unsigned int v = seed;
|
|
|
|
|
size_t i;
|
|
|
|
|
for(i=0; i<256/sizeof(v); i++) {
|
|
|
|
|
memmove(buf+i*sizeof(v), &v, sizeof(v));
|
|
|
|
|
v = v*seed + (unsigned int)i;
|
|
|
|
|
}
|
|
|
|
|
RAND_seed(buf, 256);
|
|
|
|
|
log_warn("no entropy, seeding openssl PRNG with time\n");
|
|
|
|
|
}
|
2008-09-11 10:14:12 -04:00
|
|
|
|
2012-09-27 05:32:35 -04:00
|
|
|
ret = go(cfgfile, svr, quiet, argc, argv);
|
2008-09-11 10:14:12 -04:00
|
|
|
|
|
|
|
|
#ifdef USE_WINSOCK
|
2017-02-23 07:05:05 -05:00
|
|
|
WSACleanup();
|
2008-09-11 10:14:12 -04:00
|
|
|
#endif
|
|
|
|
|
checklock_stop();
|
2008-09-15 06:36:13 -04:00
|
|
|
return ret;
|
2008-09-11 10:14:12 -04:00
|
|
|
}
|
