Context Navigation

tcpreceiver.cc @ 1893

Visit:

Revision 1893, 22.4 KB (checked in by ahu, 2 years ago)
implement 'pdnssec set-presigned', allowing PowerDNSSEC to serve pre-signed zones. Rather experimental, but does appear to work
Property svn:eol-style set to `native` Property svn:keywords set to `author date id revision`

Line
1	/*
2	PowerDNS Versatile Database Driven Nameserver
3	Copyright (C) 2002-2011 PowerDNS.COM BV
4
5	This program is free software; you can redistribute it and/or modify
6	it under the terms of the GNU General Public License version 2
7	as published by the Free Software Foundation
8
9	This program is distributed in the hope that it will be useful,
10	but WITHOUT ANY WARRANTY; without even the implied warranty of
11	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12	GNU General Public License for more details.
13
14	You should have received a copy of the GNU General Public License
15	along with this program; if not, write to the Free Software
16	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17	*/
18	#include "packetcache.hh"
19	#include "utility.hh"
20	#include "dnssecinfra.hh"
21	#include "dnsseckeeper.hh"
22	#include <cstdio>
23	#include "base32.hh"
24	#include <cstring>
25	#include <cstdlib>
26	#include <sys/types.h>
27	#include <iostream>
28	#include <string>
29	#include "tcpreceiver.hh"
30	#include "sstuff.hh"
31	#include <boost/foreach.hpp>
32	#include <errno.h>
33	#include <signal.h>
34
35	#include "ueberbackend.hh"
36	#include "dnspacket.hh"
37	#include "nameserver.hh"
38	#include "distributor.hh"
39	#include "lock.hh"
40	#include "logger.hh"
41	#include "arguments.hh"
42
43	#include "packethandler.hh"
44	#include "statbag.hh"
45	#include "resolver.hh"
46	#include "communicator.hh"
47	#include "namespaces.hh"
48
49	extern PacketCache PC;
50	extern StatBag S;
51
52	/**
53	\file tcpreceiver.cc
54	\brief This file implements the tcpreceiver that receives and answers questions over TCP/IP
55	*/
56
57	pthread_mutex_t TCPNameserver::s_plock = PTHREAD_MUTEX_INITIALIZER;
58	Semaphore *TCPNameserver::d_connectionroom_sem;
59	PacketHandler *TCPNameserver::s_P;
60	int TCPNameserver::s_timeout;
61	NetmaskGroup TCPNameserver::d_ng;
62
63	void TCPNameserver::go()
64	{
65	L<<Logger::Error<<"Creating backend connection for TCP"<<endl;
66	s_P=0;
67	try {
68	s_P=new PacketHandler;
69	}
70	catch(AhuException &ae) {
71	L<<Logger::Error<<Logger::NTLog<<"TCP server is unable to launch backends - will try again when questions come in"<<endl;
72	L<<Logger::Error<<"TCP server is unable to launch backends - will try again when questions come in: "<<ae.reason<<endl;
73	}
74	pthread_create(&d_tid, 0, launcher, static_cast<void *>(this));
75	}
76
77	void TCPNameserver::launcher(void data)
78	{
79	static_cast<TCPNameserver *>(data)->thread();
80	return 0;
81	}
82
83	// throws AhuException if things didn't go according to plan, returns 0 if really 0 bytes were read
84	int readnWithTimeout(int fd, void* buffer, unsigned int n, bool throwOnEOF=true)
85	{
86	unsigned int bytes=n;
87	char ptr = (char)buffer;
88	int ret;
89	while(bytes) {
90	ret=read(fd, ptr, bytes);
91	if(ret < 0) {
92	if(errno==EAGAIN) {
93	ret=waitForData(fd, 5);
94	if(ret < 0)
95	throw NetworkError("Waiting for data read");
96	if(!ret)
97	throw NetworkError("Timeout reading data");
98	continue;
99	}
100	else
101	throw NetworkError("Reading data: "+stringerror());
102	}
103	if(!ret) {
104	if(!throwOnEOF && n == bytes)
105	return 0;
106	else
107	throw NetworkError("Did not fulfill read from TCP due to EOF");
108	}
109
110	ptr += ret;
111	bytes -= ret;
112	}
113	return n;
114	}
115
116	// ditto
117	void writenWithTimeout(int fd, const void *buffer, unsigned int n)
118	{
119	unsigned int bytes=n;
120	const char ptr = (char)buffer;
121	int ret;
122	while(bytes) {
123	ret=write(fd, ptr, bytes);
124	if(ret < 0) {
125	if(errno==EAGAIN) {
126	ret=waitForRWData(fd, false, 5, 0);
127	if(ret < 0)
128	throw NetworkError("Waiting for data write");
129	if(!ret)
130	throw NetworkError("Timeout writing data");
131	continue;
132	}
133	else
134	throw NetworkError("Writing data: "+stringerror());
135	}
136	if(!ret) {
137	throw NetworkError("Did not fulfill TCP write due to EOF");
138	}
139
140	ptr += ret;
141	bytes -= ret;
142	}
143	}
144
145	void connectWithTimeout(int fd, struct sockaddr* remote, size_t socklen)
146	{
147	int err;
148	Utility::socklen_t len=sizeof(err);
149
150	#ifndef WIN32
151	if((err=connect(fd, remote, socklen))<0 && errno!=EINPROGRESS)
152	#else
153	if((err=connect(clisock, remote, socklen))<0 && WSAGetLastError() != WSAEWOULDBLOCK )
154	#endif // WIN32
155	throw NetworkError("connect: "+stringerror());
156
157	if(!err)
158	goto done;
159
160	err=waitForRWData(fd, false, 5, 0);
161	if(err == 0)
162	throw NetworkError("Timeout connecting to remote");
163	if(err < 0)
164	throw NetworkError("Error connecting to remote");
165
166	if(getsockopt(fd, SOL_SOCKET,SO_ERROR,(char *)&err,&len)<0)
167	throw NetworkError("Error connecting to remote: "+stringerror()); // Solaris
168
169	if(err)
170	throw NetworkError("Error connecting to remote: "+string(strerror(err)));
171
172	done:
173	;
174	}
175
176	void TCPNameserver::sendPacket(shared_ptr<DNSPacket> p, int outsock)
177	{
178	const char *buf=p->getData();
179	uint16_t len=htons(p->len);
180	writenWithTimeout(outsock, &len, 2);
181	writenWithTimeout(outsock, buf, p->len);
182	}
183
184
185	void TCPNameserver::getQuestion(int fd, char *mesg, int pktlen, const ComboAddress &remote)
186	try
187	{
188	readnWithTimeout(fd, mesg, pktlen);
189	}
190	catch(NetworkError& ae) {
191	throw NetworkError("Error reading DNS data from TCP client "+remote.toString()+": "+ae.what());
192	}
193
194	static void proxyQuestion(shared_ptr<DNSPacket> packet)
195	{
196	int sock=socket(AF_INET, SOCK_STREAM, 0);
197	if(sock < 0)
198	throw NetworkError("Error making TCP connection socket to recursor: "+stringerror());
199
200	Utility::setNonBlocking(sock);
201	ServiceTuple st;
202	st.port=53;
203	parseService(::arg()["recursor"],st);
204
205	try {
206	ComboAddress recursor(st.host, st.port);
207	connectWithTimeout(sock, (struct sockaddr*)&recursor, recursor.getSocklen());
208	const string &buffer=packet->getString();
209
210	uint16_t len=htons(buffer.length()), slen;
211
212	writenWithTimeout(sock, &len, 2);
213	writenWithTimeout(sock, buffer.c_str(), buffer.length());
214
215	int ret;
216
217	ret=readnWithTimeout(sock, &len, 2);
218	len=ntohs(len);
219
220	char answer[len];
221	ret=readnWithTimeout(sock, answer, len);
222
223	slen=htons(len);
224	writenWithTimeout(packet->getSocket(), &slen, 2);
225
226	writenWithTimeout(packet->getSocket(), answer, len);
227	}
228	catch(NetworkError& ae) {
229	close(sock);
230	throw NetworkError("While proxying a question to recursor "+st.host+": " +ae.what());
231	}
232	close(sock);
233	return;
234	}
235
236	void TCPNameserver::doConnection(void data)
237	{
238	shared_ptr<DNSPacket> packet;
239	// Fix gcc-4.0 error (on AMD64)
240	int fd=(int)(long)data; // gotta love C (generates a harmless warning on opteron)
241	pthread_detach(pthread_self());
242	Utility::setNonBlocking(fd);
243	try {
244	char mesg[512];
245
246	DLOG(L<<"TCP Connection accepted on fd "<<fd<<endl);
247	bool logDNSDetails= ::arg().mustDo("log-dns-details");
248	for(;;) {
249	ComboAddress remote;
250	socklen_t remotelen=sizeof(remote);
251	if(getpeername(fd, (struct sockaddr *)&remote, &remotelen) < 0) {
252	L<<Logger::Error<<"Received question from socket which had no remote address, dropping ("<<stringerror()<<")"<<endl;
253	break;
254	}
255
256	uint16_t pktlen;
257	if(!readnWithTimeout(fd, &pktlen, 2, false))
258	break;
259	else
260	pktlen=ntohs(pktlen);
261
262	if(pktlen>511) {
263	L<<Logger::Error<<"Received an overly large question from "<<remote.toString()<<", dropping"<<endl;
264	break;
265	}
266
267	getQuestion(fd,mesg,pktlen,remote);
268	S.inc("tcp-queries");
269
270	packet=shared_ptr<DNSPacket>(new DNSPacket);
271	packet->setRemote(&remote);
272	packet->d_tcp=true;
273	packet->setSocket(fd);
274	if(packet->parse(mesg, pktlen)<0)
275	break;
276
277	if(packet->qtype.getCode()==QType::AXFR \|\| packet->qtype.getCode()==QType::IXFR ) {
278	if(doAXFR(packet->qdomain, packet, fd))
279	S.inc("tcp-answers");
280	continue;
281	}
282
283	shared_ptr<DNSPacket> reply;
284	shared_ptr<DNSPacket> cached= shared_ptr<DNSPacket>(new DNSPacket);
285	if(logDNSDetails)
286	L << Logger::Notice<<"TCP Remote "<< packet->remote.toString() <<" wants '" << packet->qdomain<<"\|"<<packet->qtype.getName() <<
287	"', do = " <<packet->d_dnssecOk <<", bufsize = "<< packet->getMaxReplyLen()<<": ";
288
289
290	if(!packet->d.rd && packet->couldBeCached() && PC.get(packet.get(), cached.get())) { // short circuit - does the PacketCache recognize this question?
291	if(logDNSDetails)
292	L<<"packetcache HIT"<<endl;
293	cached->setRemote(&packet->remote);
294	cached->d.id=packet->d.id;
295	cached->d.rd=packet->d.rd; // copy in recursion desired bit
296	cached->commitD(); // commit d to the packet inlined
297
298	sendPacket(cached, fd); // presigned, don't do it again
299	S.inc("tcp-answers");
300	continue;
301	}
302	if(logDNSDetails)
303	L<<"packetcache MISS"<<endl;
304	{
305	Lock l(&s_plock);
306	if(!s_P) {
307	L<<Logger::Error<<"TCP server is without backend connections, launching"<<endl;
308	s_P=new PacketHandler;
309	}
310	bool shouldRecurse;
311
312	reply=shared_ptr<DNSPacket>(s_P->questionOrRecurse(packet.get(), &shouldRecurse)); // we really need to ask the backend :-)
313
314	if(shouldRecurse) {
315	proxyQuestion(packet);
316	continue;
317	}
318	}
319
320	if(!reply) // unable to write an answer?
321	break;
322
323	S.inc("tcp-answers");
324	sendPacket(reply, fd);
325	}
326	}
327	catch(DBException &e) {
328	Lock l(&s_plock);
329	delete s_P;
330	s_P = 0;
331
332	L<<Logger::Error<<"TCP Connection Thread unable to answer a question because of a backend error, cycling"<<endl;
333	}
334	catch(AhuException &ae) {
335	Lock l(&s_plock);
336	delete s_P;
337	s_P = 0; // on next call, backend will be recycled
338	L<<Logger::Error<<"TCP nameserver had error, cycling backend: "<<ae.reason<<endl;
339	}
340	catch(NetworkError &e) {
341	L<<Logger::Info<<"TCP Connection Thread died because of STL error: "<<e.what()<<endl;
342	}
343
344	catch(std::exception &e) {
345	L<<Logger::Error<<"TCP Connection Thread died because of STL error: "<<e.what()<<endl;
346	}
347	catch( ... )
348	{
349	L << Logger::Error << "TCP Connection Thread caught unknown exception." << endl;
350	}
351	d_connectionroom_sem->post();
352	Utility::closesocket(fd);
353
354	return 0;
355	}
356
357	bool TCPNameserver::canDoAXFR(shared_ptr<DNSPacket> q)
358	{
359	if(::arg().mustDo("disable-axfr"))
360	return false;
361
362	if(!::arg().mustDo("per-zone-axfr-acls") && (::arg()["allow-axfr-ips"].empty() \|\| d_ng.match( (ComboAddress *) &q->remote )))
363	return true;
364
365	if(::arg().mustDo("per-zone-axfr-acls")) {
366	SOAData sd;
367	sd.db=(DNSBackend *)-1;
368	if(s_P->getBackend()->getSOA(q->qdomain,sd)) {
369	DNSBackend *B=sd.db;
370	if (B->checkACL(string("allow-axfr"), q->qdomain, q->getRemote())) {
371	return true;
372	}
373	}
374	}
375
376	extern CommunicatorClass Communicator;
377
378	if(Communicator.justNotified(q->qdomain, q->getRemote())) { // we just notified this ip
379	L<<Logger::Warning<<"Approved AXFR of '"<<q->qdomain<<"' from recently notified slave "<<q->getRemote()<<endl;
380	return true;
381	}
382
383	return false;
384	}
385
386	namespace {
387	struct NSECXEntry
388	{
389	set<uint16_t> d_set;
390	unsigned int d_ttl;
391	};
392	}
393	/** do the actual zone transfer. Return 0 in case of error, 1 in case of success */
394	int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int outsock)
395	{
396	shared_ptr<DNSPacket> outpacket;
397	DNSSECKeeper dk;
398	bool noAXFRBecauseOfNSEC3Narrow=false;
399	NSEC3PARAMRecordContent ns3pr;
400	bool narrow;
401	bool NSEC3Zone=false;
402	if(dk.getNSEC3PARAM(target, &ns3pr, &narrow)) {
403	NSEC3Zone=true;
404	if(narrow) {
405	L<<Logger::Error<<"Not doing AXFR of an NSEC3 narrow zone.."<<endl;
406	noAXFRBecauseOfNSEC3Narrow=true;
407	}
408	}
409
410	if(!canDoAXFR(q) \|\| noAXFRBecauseOfNSEC3Narrow) {
411	L<<Logger::Error<<"AXFR of domain '"<<target<<"' denied to "<<q->getRemote()<<endl;
412
413	outpacket=shared_ptr<DNSPacket>(q->replyPacket());
414	outpacket->setRcode(RCode::Refused);
415	// FIXME: should actually figure out if we are auth over a zone, and send out 9 if we aren't
416	sendPacket(outpacket,outsock);
417	return 0;
418	}
419
420	L<<Logger::Error<<"AXFR of domain '"<<target<<"' initiated by "<<q->getRemote()<<endl;
421	outpacket=shared_ptr<DNSPacket>(q->replyPacket());
422
423	DNSResourceRecord soa;
424	DNSResourceRecord rr;
425
426	SOAData sd;
427	sd.db=(DNSBackend *)-1; // force uncached answer
428	{
429	Lock l(&s_plock);
430
431	// find domain_id via SOA and list complete domain. No SOA, no AXFR
432
433	DLOG(L<<"Looking for SOA"<<endl);
434	if(!s_P) {
435	L<<Logger::Error<<"TCP server is without backend connections in doAXFR, launching"<<endl;
436	s_P=new PacketHandler;
437	}
438
439	if(!s_P->getBackend()->getSOA(target, sd)) {
440	L<<Logger::Error<<"AXFR of domain '"<<target<<"' failed: not authoritative"<<endl;
441	outpacket->setRcode(9); // 'NOTAUTH'
442	sendPacket(outpacket,outsock);
443	return 0;
444	}
445
446	}
447	PacketHandler P; // now open up a database connection, we'll need it
448
449	sd.db=(DNSBackend *)-1; // force uncached answer
450	if(!P.getBackend()->getSOA(target, sd)) {
451	L<<Logger::Error<<"AXFR of domain '"<<target<<"' failed: not authoritative in second instance"<<endl;
452	outpacket->setRcode(9); // 'NOTAUTH'
453	sendPacket(outpacket,outsock);
454	return 0;
455	}
456
457	soa.qname=target;
458	soa.qtype=QType::SOA;
459	soa.content=serializeSOAData(sd);
460	soa.ttl=sd.ttl;
461	soa.domain_id=sd.domain_id;
462	soa.auth = true;
463	soa.d_place=DNSResourceRecord::ANSWER;
464
465	if(!sd.db \|\| sd.db==(DNSBackend *)-1) {
466	L<<Logger::Error<<"Error determining backend for domain '"<<target<<"' trying to serve an AXFR"<<endl;
467	outpacket->setRcode(RCode::ServFail);
468	sendPacket(outpacket,outsock);
469	return 0;
470	}
471
472	DLOG(L<<"Issuing list command - opening dedicated database connection"<<endl);
473
474	DNSBackend *B=sd.db; // get the RIGHT backend
475
476	// now list zone
477	if(!(B->list(target, sd.domain_id))) {
478	L<<Logger::Error<<"Backend signals error condition"<<endl;
479	outpacket->setRcode(2); // 'SERVFAIL'
480	sendPacket(outpacket,outsock);
481	return 0;
482	}
483	/* write first part of answer */
484
485	DLOG(L<<"Sending out SOA"<<endl);
486	outpacket=shared_ptr<DNSPacket>(q->replyPacket());
487	outpacket->addRecord(soa); // AXFR format begins and ends with a SOA record, so we add one
488	// sendPacket(outpacket, outsock);
489	typedef map<string, NSECXEntry, CanonicalCompare> nsecxrepo_t;
490	nsecxrepo_t nsecxrepo;
491
492	// this is where the DNSKEYs go in
493
494	DNSSECKeeper::keyset_t keys = dk.getKeys(target);
495	BOOST_FOREACH(const DNSSECKeeper::keyset_t::value_type& value, keys) {
496	rr.qname = target;
497	rr.qtype = QType(QType::DNSKEY);
498	rr.ttl = sd.default_ttl;
499	rr.content = value.first.getDNSKEY().getZoneRepresentation();
500	string keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : rr.qname;
501	NSECXEntry& ne = nsecxrepo[keyname];
502
503	ne.d_set.insert(rr.qtype.getCode());
504	ne.d_ttl = rr.ttl;
505	outpacket->addRecord(rr);
506	}
507	/* now write all other records */
508
509	int count=0;
510	int chunk=100; // FIXME: this should probably be autosizing
511	if(::arg().mustDo("strict-rfc-axfrs"))
512	chunk=1;
513
514	outpacket->setCompress(false);
515	outpacket->d_dnssecOk=true; // WRONG
516	string keyname;
517	while(B->get(rr)) {
518	if(rr.auth \|\| rr.qtype.getCode() == QType::NS \|\| rr.qtype.getCode() == QType::DS) {
519	keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : rr.qname;
520	NSECXEntry& ne = nsecxrepo[keyname];
521	ne.d_set.insert(rr.qtype.getCode());
522	ne.d_ttl = rr.ttl;
523	}
524	if(rr.qtype.getCode() == QType::SOA)
525	continue; // skip SOA - would indicate end of AXFR
526
527	if(rr.qtype.getCode() == QType::NS) {
528	// cerr<<rr.qname<<" NS, auth="<<rr.auth<<endl;
529	}
530
531	outpacket->addRecord(rr);
532
533	if(!((++count)%chunk)) {
534	count=0;
535	addRRSigs(dk, sd.qname, *outpacket);
536	sendPacket(outpacket, outsock);
537
538	outpacket=shared_ptr<DNSPacket>(q->replyPacket());
539	outpacket->setCompress(false);
540	outpacket->d_dnssecOk=true; // WRONG
541	// FIXME: Subsequent messages SHOULD NOT have a question section, though the final message MAY.
542	}
543	}
544
545	if(dk.isSecuredZone(target)) {
546
547	if(NSEC3Zone) {
548	for(nsecxrepo_t::const_iterator iter = nsecxrepo.begin(); iter != nsecxrepo.end(); ++iter) {
549	NSEC3RecordContent n3rc;
550	n3rc.d_set = iter->second.d_set;
551	n3rc.d_set.insert(QType::RRSIG);
552	n3rc.d_salt=ns3pr.d_salt;
553	n3rc.d_flags = 0;
554	n3rc.d_iterations = ns3pr.d_iterations;
555	n3rc.d_algorithm = 1; // SHA1, fixed in PowerDNS for now
556	if(boost::next(iter) != nsecxrepo.end()) {
557	n3rc.d_nexthash = boost::next(iter)->first;
558	}
559	else
560	n3rc.d_nexthash=nsecxrepo.begin()->first;
561
562	rr.qname = dotConcat(toLower(toBase32Hex(iter->first)), sd.qname);
563
564	rr.ttl = iter->second.d_ttl;
565	rr.content = n3rc.getZoneRepresentation();
566	rr.qtype = QType::NSEC3;
567	rr.d_place = DNSResourceRecord::ANSWER;
568	rr.auth=true;
569	outpacket->addRecord(rr);
570	count++;
571	}
572	}
573	else for(nsecxrepo_t::const_iterator iter = nsecxrepo.begin(); iter != nsecxrepo.end(); ++iter) {
574	NSECRecordContent nrc;
575	nrc.d_set = iter->second.d_set;
576	nrc.d_set.insert(QType::RRSIG);
577	nrc.d_set.insert(QType::NSEC);
578	if(boost::next(iter) != nsecxrepo.end()) {
579	nrc.d_next = boost::next(iter)->first;
580	}
581	else
582	nrc.d_next=nsecxrepo.begin()->first;
583
584	rr.qname = iter->first;
585
586	rr.ttl = iter->second.d_ttl;
587	rr.content = nrc.getZoneRepresentation();
588	rr.qtype = QType::NSEC;
589	rr.d_place = DNSResourceRecord::ANSWER;
590	rr.auth=true;
591	outpacket->addRecord(rr);
592	count++;
593	}
594	}
595
596	if(count) {
597	addRRSigs(dk, sd.qname, *outpacket);
598	sendPacket(outpacket, outsock);
599	}
600
601	DLOG(L<<"Done writing out records"<<endl);
602	/* and terminate with yet again the SOA record */
603	outpacket=shared_ptr<DNSPacket>(q->replyPacket());
604
605	addRRSigs(dk, sd.qname, *outpacket); // don't sign the SOA!
606	outpacket->addRecord(soa);
607	sendPacket(outpacket, outsock);
608	DLOG(L<<"last packet - close"<<endl);
609	L<<Logger::Error<<"AXFR of domain '"<<target<<"' to "<<q->getRemote()<<" finished"<<endl;
610
611	return 1;
612	}
613
614	TCPNameserver::~TCPNameserver()
615	{
616	delete d_connectionroom_sem;
617	}
618
619	TCPNameserver::TCPNameserver()
620	{
621	// sem_init(&d_connectionroom_sem,0,::arg().asNum("max-tcp-connections"));
622	d_connectionroom_sem = new Semaphore( ::arg().asNum( "max-tcp-connections" ));
623
624	s_timeout=10;
625	vector<string>locals;
626	stringtok(locals,::arg()["local-address"]," ,");
627
628	vector<string>locals6;
629	stringtok(locals6,::arg()["local-ipv6"]," ,");
630
631	if(locals.empty() && locals6.empty())
632	throw AhuException("No local address specified");
633
634	d_highfd=0;
635
636	vector<string> parts;
637	stringtok( parts, ::arg()["allow-axfr-ips"], ", \t" ); // is this IP on the guestlist?
638	for( vector<string>::const_iterator i = parts.begin(); i != parts.end(); ++i ) {
639	d_ng.addMask( *i );
640	}
641
642	#ifndef WIN32
643	signal(SIGPIPE,SIG_IGN);
644	#endif // WIN32
645
646	for(vector<string>::const_iterator laddr=locals.begin();laddr!=locals.end();++laddr) {
647	int s=socket(AF_INET,SOCK_STREAM,0);
648
649	if(s<0)
650	throw AhuException("Unable to acquire TCP socket: "+stringerror());
651
652	ComboAddress local(*laddr, ::arg().asNum("local-port"));
653
654	int tmp=1;
655	if(setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char*)&tmp,sizeof tmp)<0) {
656	L<<Logger::Error<<"Setsockopt failed"<<endl;
657	exit(1);
658	}
659
660	if(::bind(s, (sockaddr*)&local, local.getSocklen())<0) {
661	L<<Logger::Error<<"binding to TCP socket: "<<strerror(errno)<<endl;
662	throw AhuException("Unable to bind to TCP socket");
663	}
664
665	listen(s,128);
666	L<<Logger::Error<<"TCP server bound to "<<local.toStringWithPort()<<endl;
667	d_sockets.push_back(s);
668	struct pollfd pfd;
669	memset(&pfd, 0, sizeof(pfd));
670	pfd.fd = s;
671	pfd.events = POLLIN;
672
673	d_prfds.push_back(pfd);
674
675	d_highfd=max(s,d_highfd);
676	}
677
678	#if !WIN32 && HAVE_IPV6
679	for(vector<string>::const_iterator laddr=locals6.begin();laddr!=locals6.end();++laddr) {
680	int s=socket(AF_INET6,SOCK_STREAM,0);
681
682	if(s<0)
683	throw AhuException("Unable to acquire TCPv6 socket: "+stringerror());
684
685	ComboAddress local(*laddr, ::arg().asNum("local-port"));
686
687	int tmp=1;
688	if(setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char*)&tmp,sizeof tmp)<0) {
689	L<<Logger::Error<<"Setsockopt failed"<<endl;
690	exit(1);
691	}
692
693	if(bind(s, (const sockaddr*)&local, local.getSocklen())<0) {
694	L<<Logger::Error<<"binding to TCP socket: "<<strerror(errno)<<endl;
695	throw AhuException("Unable to bind to TCPv6 socket");
696	}
697
698	listen(s,128);
699	L<<Logger::Error<<"TCPv6 server bound to "<<local.toStringWithPort()<<endl;
700	d_sockets.push_back(s);
701
702	struct pollfd pfd;
703	memset(&pfd, 0, sizeof(pfd));
704	pfd.fd = s;
705	pfd.events = POLLIN;
706
707	d_prfds.push_back(pfd);
708	d_highfd=max(s, d_highfd);
709	}
710	#endif // WIN32
711	}
712
713
714	//! Start of TCP operations thread, we launch a new thread for each incoming TCP question
715	void TCPNameserver::thread()
716	{
717	struct timeval tv;
718	tv.tv_sec=1;
719	tv.tv_usec=0;
720	try {
721	for(;;) {
722	int fd;
723	struct sockaddr_in remote;
724	Utility::socklen_t addrlen=sizeof(remote);
725
726	int ret=poll(&d_prfds[0], d_prfds.size(), -1); // blocks, forever if need be
727	if(ret <= 0)
728	continue;
729
730	int sock=-1;
731	BOOST_FOREACH(const struct pollfd& pfd, d_prfds) {
732	if(pfd.revents == POLLIN) {
733	sock = pfd.fd;
734	addrlen=sizeof(remote);
735
736	if((fd=accept(sock, (sockaddr*)&remote, &addrlen))<0) {
737	L<<Logger::Error<<"TCP question accept error: "<<strerror(errno)<<endl;
738
739	if(errno==EMFILE) {
740	L<<Logger::Error<<Logger::NTLog<<"TCP handler out of filedescriptors, exiting, won't recover from this"<<endl;
741	exit(1);
742	}
743	}
744	else {
745	pthread_t tid;
746	d_connectionroom_sem->wait(); // blocks if no connections are available
747
748	int room;
749	d_connectionroom_sem->getValue( &room);
750	if(room<1)
751	L<<Logger::Warning<<Logger::NTLog<<"Limit of simultaneous TCP connections reached - raise max-tcp-connections"<<endl;
752
753	if(pthread_create(&tid, 0, &doConnection, (void *)fd)) {
754	L<<Logger::Error<<"Error creating thread: "<<stringerror()<<endl;
755	d_connectionroom_sem->post();
756	}
757	}
758	}
759	}
760	}
761	}
762	catch(AhuException &AE) {
763	L<<Logger::Error<<"TCP Namerserver thread dying because of fatal error: "<<AE.reason<<endl;
764	}
765	catch(...) {
766	L<<Logger::Error<<"TCPNameserver dying because of an unexpected fatal error"<<endl;
767	}
768	exit(1); // take rest of server with us
769	}
770
771

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/pdns/pdns/tcpreceiver.cc @ 1893

Download in other formats: