mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 22:57:08 +00:00
- auth xfer work on probe timer and lookup.
git-svn-id: file:///svn/unbound/trunk@4405 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
52aeaf4924
commit
975a7b1fc0
@ -1,6 +1,7 @@
|
||||
14 November 2017: Wouter
|
||||
- Fix #2882: Unbound behaviour changes (wrong) when domain-insecure is
|
||||
set for stub zone. It no longer searches for DNSSEC information.
|
||||
- auth xfer work on probe timer and lookup.
|
||||
|
||||
13 November 2017: Wouter
|
||||
- Fix #2801: Install libunbound.pc.
|
||||
|
@ -58,6 +58,7 @@
|
||||
#include "services/cache/dns.h"
|
||||
#include "services/outside_network.h"
|
||||
#include "services/listen_dnsport.h"
|
||||
#include "services/mesh.h"
|
||||
#include "sldns/rrdef.h"
|
||||
#include "sldns/pkthdr.h"
|
||||
#include "sldns/sbuffer.h"
|
||||
@ -71,6 +72,10 @@
|
||||
#define N3HASHBUFLEN 32
|
||||
/** max number of CNAMEs we are willing to follow (in one answer) */
|
||||
#define MAX_CNAME_CHAIN 8
|
||||
/** timeout for probe packets for SOA */
|
||||
#define AUTH_PROBE_TIMEOUT 100 /* msec */
|
||||
/** when to stop with SOA probes (when exponential timeouts exceed this) */
|
||||
#define AUTH_PROBE_TIMEOUT_STOP 1000 /* msec */
|
||||
|
||||
/** pick up nextprobe task to start waiting to perform transfer actions */
|
||||
static void xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env,
|
||||
@ -2863,8 +2868,7 @@ xfr_fd_for_master(struct module_env* env, struct auth_master* master)
|
||||
|
||||
/** create probe packet for xfr */
|
||||
static void
|
||||
xfr_create_probe_packet(struct auth_xfer* xfr, struct module_env* env,
|
||||
sldns_buffer* buf, int soa)
|
||||
xfr_create_probe_packet(struct auth_xfer* xfr, sldns_buffer* buf, int soa)
|
||||
{
|
||||
struct query_info qinfo;
|
||||
uint32_t serial;
|
||||
@ -2886,7 +2890,6 @@ xfr_create_probe_packet(struct auth_xfer* xfr, struct module_env* env,
|
||||
}
|
||||
qinfo.qclass = xfr->dclass;
|
||||
qinfo_query_encode(buf, &qinfo);
|
||||
xfr->task_probe->id = (uint16_t)(ub_random(env->rnd)&0xffff);
|
||||
sldns_buffer_write_at(buf, 0, &xfr->task_probe->id, 2);
|
||||
|
||||
/* append serial for IXFR */
|
||||
@ -3053,77 +3056,40 @@ xfr_start_transfer(struct auth_xfer* xfr, struct module_env* env,
|
||||
/* TODO initiate TCP, and set timeout on it */
|
||||
}
|
||||
|
||||
/** callback for task_probe udp packets */
|
||||
int
|
||||
auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err,
|
||||
struct comm_reply* repinfo)
|
||||
/** disown task_probe. caller must hold xfr.lock */
|
||||
static void
|
||||
xfr_probe_disown(struct auth_xfer* xfr)
|
||||
{
|
||||
struct auth_xfer* xfr = (struct auth_xfer*)arg;
|
||||
struct module_env* env;
|
||||
log_assert(xfr->task_probe);
|
||||
env = xfr->task_probe->env;
|
||||
|
||||
(void)repinfo;
|
||||
/* TODO need a comm_timer for a timeout too */
|
||||
/* TODO */
|
||||
|
||||
if(err == NETEVENT_NOERROR) {
|
||||
uint32_t serial = 0;
|
||||
if(check_packet_ok(c->buffer, LDNS_RR_TYPE_SOA, xfr,
|
||||
&serial)) {
|
||||
/* successful lookup */
|
||||
/* see if this serial indicates that the zone has
|
||||
* to be updated */
|
||||
lock_basic_lock(&xfr->lock);
|
||||
if(xfr_serial_means_update(xfr, serial)) {
|
||||
/* if updated, start the transfer task, if needed */
|
||||
if(xfr->task_transfer->worker == NULL) {
|
||||
xfr_start_transfer(xfr, env,
|
||||
(xfr->task_probe->scan_specific?xfr->task_probe->scan_specific:xfr->task_probe->scan_target));
|
||||
}
|
||||
} else {
|
||||
/* if zone not updated, start the wait timer again */
|
||||
if(xfr->task_nextprobe->worker == NULL)
|
||||
xfr_set_timeout(xfr, env, 0);
|
||||
}
|
||||
lock_basic_unlock(&xfr->lock);
|
||||
/* return, we don't sent a reply to this udp packet,
|
||||
* and we setup the tasks to do next */
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* failed lookup */
|
||||
/* remove timer (from this worker's event base) */
|
||||
comm_timer_delete(xfr->task_probe->timer);
|
||||
xfr->task_probe->timer = NULL;
|
||||
/* remove the commpoint */
|
||||
comm_point_delete(c);
|
||||
comm_point_delete(xfr->task_probe->cp);
|
||||
xfr->task_probe->cp = NULL;
|
||||
/* the comm_point_udp_callback is in a for loop for NUM_UDP_PER_SELECT
|
||||
* and we set rep.c=NULL to stop if from looking inside the commpoint*/
|
||||
repinfo->c = NULL;
|
||||
|
||||
/* create a new commpoint (new fd, address), for next packet, maybe */
|
||||
/* this, if the result was not a successfull probe, we need
|
||||
* to send the next one */
|
||||
xfr_probe_send_or_end(xfr, env);
|
||||
return 0;
|
||||
/* we don't own this item anymore */
|
||||
xfr->task_probe->worker = NULL;
|
||||
xfr->task_probe->env = NULL;
|
||||
}
|
||||
|
||||
/** send the UDP probe to the master, this is part of task_probe */
|
||||
static int
|
||||
xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env)
|
||||
xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env,
|
||||
int timeout)
|
||||
{
|
||||
struct sockaddr_storage addr;
|
||||
socklen_t addrlen = 0;
|
||||
struct timeval t;
|
||||
/* pick master */
|
||||
struct auth_master* master = xfr->task_probe->scan_specific;
|
||||
if(!master) master = xfr->task_probe->scan_target;
|
||||
if(!master) return 0;
|
||||
|
||||
/* TODO: use mesh_new_callback to probe for non-addr hosts,
|
||||
* and then wait for them to be looked up (in cache, or query) */
|
||||
|
||||
/* create packet */
|
||||
xfr_create_probe_packet(xfr, env, env->scratch_buffer, 1);
|
||||
/* create new ID for new probes, but not on timeout retries,
|
||||
* this means we'll accept replies to previous retries to same ip */
|
||||
if(timeout == AUTH_PROBE_TIMEOUT)
|
||||
xfr->task_probe->id = (uint16_t)(ub_random(env->rnd)&0xffff);
|
||||
xfr_create_probe_packet(xfr, env->scratch_buffer, 1);
|
||||
if(!xfr->task_probe->cp) {
|
||||
int fd = xfr_fd_for_master(env, master);
|
||||
if(fd == -1) {
|
||||
@ -3142,6 +3108,14 @@ xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env)
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if(!xfr->task_probe->timer) {
|
||||
xfr->task_probe->timer = comm_timer_create(env->worker_base,
|
||||
auth_xfer_probe_timer_callback, xfr);
|
||||
if(!xfr->task_probe->timer) {
|
||||
log_err("malloc failure");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* get master addr */
|
||||
if(!extstrtoaddr(master->host, &addr, &addrlen)) {
|
||||
@ -3158,16 +3132,156 @@ xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env)
|
||||
zname, master->host);
|
||||
return 0;
|
||||
}
|
||||
xfr->task_probe->timeout = timeout;
|
||||
t.tv_sec = timeout/1000;
|
||||
t.tv_usec = (timeout%1000)*1000;
|
||||
comm_timer_set(xfr->task_probe->timer, &t);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** callback for task_probe timer */
|
||||
void
|
||||
auth_xfer_probe_timer_callback(void* arg)
|
||||
{
|
||||
struct auth_xfer* xfr = (struct auth_xfer*)arg;
|
||||
struct module_env* env;
|
||||
log_assert(xfr->task_probe);
|
||||
env = xfr->task_probe->env;
|
||||
|
||||
if(xfr->task_probe->timeout <= AUTH_PROBE_TIMEOUT_STOP) {
|
||||
/* try again with bigger timeout */
|
||||
if(xfr_probe_send_probe(xfr, env, xfr->task_probe->timeout*2)) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
/* delete commpoint so a new one is created, with a fresh port nr */
|
||||
comm_point_delete(xfr->task_probe->cp);
|
||||
xfr->task_probe->cp = NULL;
|
||||
|
||||
/* too many timeouts (or fail to send), move to next or end */
|
||||
xfr_probe_send_or_end(xfr, env);
|
||||
}
|
||||
|
||||
/** callback for task_probe udp packets */
|
||||
int
|
||||
auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err,
|
||||
struct comm_reply* repinfo)
|
||||
{
|
||||
struct auth_xfer* xfr = (struct auth_xfer*)arg;
|
||||
struct module_env* env;
|
||||
log_assert(xfr->task_probe);
|
||||
env = xfr->task_probe->env;
|
||||
|
||||
/* the comm_point_udp_callback is in a for loop for NUM_UDP_PER_SELECT
|
||||
* and we set rep.c=NULL to stop if from looking inside the commpoint*/
|
||||
repinfo->c = NULL;
|
||||
/* stop the timer */
|
||||
comm_timer_disable(xfr->task_probe->timer);
|
||||
|
||||
/* see if we got a packet and what that means */
|
||||
if(err == NETEVENT_NOERROR) {
|
||||
uint32_t serial = 0;
|
||||
if(check_packet_ok(c->buffer, LDNS_RR_TYPE_SOA, xfr,
|
||||
&serial)) {
|
||||
/* successful lookup */
|
||||
/* see if this serial indicates that the zone has
|
||||
* to be updated */
|
||||
lock_basic_lock(&xfr->lock);
|
||||
if(xfr_serial_means_update(xfr, serial)) {
|
||||
/* if updated, start the transfer task, if needed */
|
||||
if(xfr->task_transfer->worker == NULL) {
|
||||
xfr_start_transfer(xfr, env,
|
||||
(xfr->task_probe->scan_specific?xfr->task_probe->scan_specific:xfr->task_probe->scan_target));
|
||||
}
|
||||
} else {
|
||||
/* if zone not updated, start the wait timer again */
|
||||
if(xfr->task_nextprobe->worker == NULL)
|
||||
xfr_set_timeout(xfr, env, 0);
|
||||
}
|
||||
/* other tasks are running, we don't do this anymore */
|
||||
xfr_probe_disown(xfr);
|
||||
lock_basic_unlock(&xfr->lock);
|
||||
/* return, we don't sent a reply to this udp packet,
|
||||
* and we setup the tasks to do next */
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* failed lookup */
|
||||
/* delete commpoint so a new one is created, with a fresh port nr */
|
||||
comm_point_delete(xfr->task_probe->cp);
|
||||
xfr->task_probe->cp = NULL;
|
||||
|
||||
/* if the result was not a successfull probe, we need
|
||||
* to send the next one */
|
||||
xfr_probe_send_or_end(xfr, env);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** lookup a host name for its addresses, if needed */
|
||||
static int
|
||||
xfr_probe_lookup_host(struct auth_xfer* xfr, struct module_env* env)
|
||||
{
|
||||
struct sockaddr_storage addr;
|
||||
socklen_t addrlen = 0;
|
||||
struct auth_master* master = xfr->task_probe->scan_specific;
|
||||
struct query_info qinfo;
|
||||
uint16_t qflags = BIT_RD;
|
||||
uint8_t dname[LDNS_MAX_DOMAINLEN+1];
|
||||
struct edns_data edns;
|
||||
sldns_buffer* buf = env->scratch_buffer;
|
||||
if(!master) master = xfr->task_probe->scan_target;
|
||||
if(!master) return 0;
|
||||
if(extstrtoaddr(master->host, &addr, &addrlen)) {
|
||||
/* not needed, host is in IP addr format */
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* use mesh_new_callback to probe for non-addr hosts,
|
||||
* and then wait for them to be looked up (in cache, or query) */
|
||||
qinfo.qname_len = sizeof(dname);
|
||||
if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len)
|
||||
!= 0) {
|
||||
log_err("cannot parse host name of master %s", master->host);
|
||||
return 0;
|
||||
}
|
||||
qinfo.qname = dname;
|
||||
qinfo.qclass = xfr->dclass;
|
||||
qinfo.qtype = LDNS_RR_TYPE_A;
|
||||
if(!env->cfg->do_ip4) qinfo.qtype = LDNS_RR_TYPE_AAAA;
|
||||
qinfo.local_alias = NULL;
|
||||
log_query_info(VERB_ALGO, "auth xfer master lookup", &qinfo);
|
||||
edns.edns_present = 1;
|
||||
edns.ext_rcode = 0;
|
||||
edns.edns_version = 0;
|
||||
edns.bits = EDNS_DO;
|
||||
edns.opt_list = NULL;
|
||||
if(sldns_buffer_capacity(buf) < 65535)
|
||||
edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
|
||||
else edns.udp_size = 65535;
|
||||
|
||||
if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
|
||||
&auth_xfer_probe_lookup_callback, xfr)) {
|
||||
log_err("out of memory lookup up master %s", master->host);
|
||||
free(qinfo.qname);
|
||||
return 0;
|
||||
}
|
||||
free(qinfo.qname);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** move to sending the probe packets, next if fails. task_probe */
|
||||
static void
|
||||
xfr_probe_send_or_end(struct auth_xfer* xfr, struct module_env* env)
|
||||
{
|
||||
while(!xfr_probe_end_of_list(xfr)) {
|
||||
if(xfr_probe_send_probe(xfr, env)) {
|
||||
if(xfr_probe_lookup_host(xfr, env)) {
|
||||
/* wait for lookup to finish */
|
||||
return;
|
||||
}
|
||||
|
||||
if(xfr_probe_send_probe(xfr, env, AUTH_PROBE_TIMEOUT)) {
|
||||
/* successfully sent probe, wait for callback */
|
||||
return;
|
||||
}
|
||||
@ -3180,17 +3294,35 @@ xfr_probe_send_or_end(struct auth_xfer* xfr, struct module_env* env)
|
||||
lock_basic_lock(&xfr->lock);
|
||||
/* we failed to send this as well, move to the wait task,
|
||||
* use the shorter retry timeout */
|
||||
comm_point_delete(xfr->task_probe->cp);
|
||||
xfr->task_probe->cp = NULL;
|
||||
/* we don't own this item anymore */
|
||||
xfr->task_probe->worker = NULL;
|
||||
xfr->task_probe->env = NULL;
|
||||
xfr_probe_disown(xfr);
|
||||
|
||||
/* pick up the nextprobe task and wait */
|
||||
xfr_set_timeout(xfr, env, 1);
|
||||
lock_basic_unlock(&xfr->lock);
|
||||
}
|
||||
|
||||
/** callback for task_probe lookup of host name, of A or AAAA */
|
||||
void auth_xfer_probe_lookup_callback(void* arg, int ATTR_UNUSED(rcode),
|
||||
sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(sec),
|
||||
char* ATTR_UNUSED(why_bogus))
|
||||
{
|
||||
struct auth_xfer* xfr = (struct auth_xfer*)arg;
|
||||
struct module_env* env;
|
||||
log_assert(xfr->task_probe);
|
||||
env = xfr->task_probe->env;
|
||||
|
||||
/* TODO process result */
|
||||
|
||||
/* setup timestamp of result to remove when expired */
|
||||
/* TODO: remove expired results from list of addrs, before scan */
|
||||
|
||||
/* TODO setup lookup of AAAA (unless this was the AAAA, or no ip6) */
|
||||
|
||||
/* if finished, resume send_or_end, set it to not start this again */
|
||||
/* TODO: set send_or_end to not call lookups on this master */
|
||||
xfr_probe_send_or_end(xfr, env);
|
||||
}
|
||||
|
||||
/** xfer nextprobe timeout callback, this is part of task_nextprobe */
|
||||
void
|
||||
auth_xfer_timer(void* arg)
|
||||
|
@ -45,6 +45,7 @@
|
||||
#define SERVICES_AUTHZONE_H
|
||||
#include "util/rbtree.h"
|
||||
#include "util/locks.h"
|
||||
#include "services/mesh.h"
|
||||
struct ub_packed_rrset_key;
|
||||
struct regional;
|
||||
struct config_file;
|
||||
@ -296,6 +297,11 @@ struct auth_probe {
|
||||
/** the SOA probe udp event.
|
||||
* on the workers event base. */
|
||||
struct comm_point* cp;
|
||||
/** timeout for packets.
|
||||
* on the workers event base. */
|
||||
struct comm_timer* timer;
|
||||
/** timeout in msec */
|
||||
int timeout;
|
||||
};
|
||||
|
||||
/**
|
||||
@ -498,6 +504,11 @@ void auth_xfer_timer(void* arg);
|
||||
/** callback for commpoint udp replies to task_probe */
|
||||
int auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err,
|
||||
struct comm_reply* repinfo);
|
||||
/** xfer probe timeout callback, part of task_probe */
|
||||
void auth_xfer_probe_timer_callback(void* arg);
|
||||
/** mesh callback for task_probe on lookup of host names */
|
||||
void auth_xfer_probe_lookup_callback(void* arg, int rcode,
|
||||
struct sldns_buffer* buf, enum sec_status sec, char* why_bogus);
|
||||
|
||||
/*
|
||||
* Compares two 32-bit serial numbers as defined in RFC1982. Returns
|
||||
|
@ -124,6 +124,7 @@ fptr_whitelist_comm_timer(void (*fptr)(void*))
|
||||
else if(fptr == &wsvc_cron_cb) return 1;
|
||||
#endif
|
||||
else if(fptr == &auth_xfer_timer) return 1;
|
||||
else if(fptr == &auth_xfer_probe_timer_callback) return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -512,6 +513,7 @@ int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr)
|
||||
else if(fptr == &libworker_bg_done_cb) return 1;
|
||||
else if(fptr == &libworker_event_done_cb) return 1;
|
||||
else if(fptr == &probe_answer_cb) return 1;
|
||||
else if(fptr == &auth_xfer_probe_lookup_callback) return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user