aboutsummaryrefslogtreecommitdiff
path: root/external/unbound/daemon/daemon.c
diff options
context:
space:
mode:
authorErik de Castro Lopo <erikd@mega-nerd.com>2017-06-16 20:16:05 +1000
committerErik de Castro Lopo <erikd@mega-nerd.com>2017-06-17 23:04:00 +1000
commita85b5759f34c0c4110a479a8b5fa606f15ed9b23 (patch)
tree518cb8346249a42fd2aa8a78c09c3631e14db6aa /external/unbound/daemon/daemon.c
parentMerge pull request #2059 (diff)
downloadmonero-a85b5759f34c0c4110a479a8b5fa606f15ed9b23.tar.xz
Upgrade unbound library
These files were pulled from the 1.6.3 release tarball. This new version builds against OpenSSL version 1.1 which will be the default in the new Debian Stable which is due to be released RealSoonNow (tm).
Diffstat (limited to '')
-rw-r--r--external/unbound/daemon/daemon.c114
1 files changed, 105 insertions, 9 deletions
diff --git a/external/unbound/daemon/daemon.c b/external/unbound/daemon/daemon.c
index e763f724e..dad9f86b3 100644
--- a/external/unbound/daemon/daemon.c
+++ b/external/unbound/daemon/daemon.c
@@ -73,20 +73,27 @@
#include "util/log.h"
#include "util/config_file.h"
#include "util/data/msgreply.h"
+#include "util/shm_side/shm_main.h"
#include "util/storage/lookup3.h"
#include "util/storage/slabhash.h"
#include "services/listen_dnsport.h"
#include "services/cache/rrset.h"
#include "services/cache/infra.h"
#include "services/localzone.h"
+#include "services/view.h"
#include "services/modstack.h"
#include "util/module.h"
#include "util/random.h"
#include "util/tube.h"
#include "util/net_help.h"
#include "sldns/keyraw.h"
+#include "respip/respip.h"
#include <signal.h>
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
/** How many quit requests happened. */
static int sig_record_quit = 0;
/** How many reload requests happened. */
@@ -174,8 +181,15 @@ static void
signal_handling_playback(struct worker* wrk)
{
#ifdef SIGHUP
- if(sig_record_reload)
+ if(sig_record_reload) {
+# ifdef HAVE_SYSTEMD
+ sd_notify(0, "RELOADING=1");
+# endif
worker_sighandler(SIGHUP, wrk);
+# ifdef HAVE_SYSTEMD
+ sd_notify(0, "READY=1");
+# endif
+ }
#endif
if(sig_record_quit)
worker_sighandler(SIGTERM, wrk);
@@ -204,20 +218,29 @@ daemon_init(void)
signal_handling_record();
checklock_start();
#ifdef HAVE_SSL
+# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
ERR_load_crypto_strings();
- ERR_load_SSL_strings();
-# ifdef HAVE_OPENSSL_CONFIG
- OPENSSL_config("unbound");
# endif
+ ERR_load_SSL_strings();
# ifdef USE_GOST
(void)sldns_key_EVP_load_gost_id();
# endif
+# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
OpenSSL_add_all_algorithms();
+# else
+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
+ | OPENSSL_INIT_ADD_ALL_DIGESTS
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+# endif
# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
/* grab the COMP method ptr because openssl leaks it */
comp_meth = (void*)SSL_COMP_get_compression_methods();
# endif
+# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
+# else
+ (void)OPENSSL_init_ssl(0, NULL);
+# endif
# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
if(!ub_openssl_lock_init())
fatal_exit("could not init openssl locks");
@@ -239,9 +262,16 @@ daemon_init(void)
free(daemon);
return NULL;
}
+ /* init edns_known_options */
+ if(!edns_known_options_init(daemon->env)) {
+ free(daemon->env);
+ free(daemon);
+ return NULL;
+ }
alloc_init(&daemon->superalloc, NULL, 0);
daemon->acl = acl_list_create();
if(!daemon->acl) {
+ edns_known_options_delete(daemon->env);
free(daemon->env);
free(daemon);
return NULL;
@@ -338,6 +368,7 @@ static void daemon_setup_modules(struct daemon* daemon)
daemon->env)) {
fatal_exit("failed to setup modules");
}
+ log_edns_known_options(VERB_ALGO, daemon->env);
}
/**
@@ -407,6 +438,8 @@ daemon_create_workers(struct daemon* daemon)
}
daemon->workers = (struct worker**)calloc((size_t)daemon->num,
sizeof(struct worker*));
+ if(!daemon->workers)
+ fatal_exit("out of memory during daemon init");
if(daemon->cfg->dnstap) {
#ifdef USE_DNSTAP
daemon->dtenv = dt_create(daemon->cfg->dnstap_socket_path,
@@ -530,17 +563,55 @@ daemon_stop_others(struct daemon* daemon)
void
daemon_fork(struct daemon* daemon)
{
+ int have_view_respip_cfg = 0;
+
log_assert(daemon);
- if(!acl_list_apply_cfg(daemon->acl, daemon->cfg))
+ if(!(daemon->views = views_create()))
+ fatal_exit("Could not create views: out of memory");
+ /* create individual views and their localzone/data trees */
+ if(!views_apply_cfg(daemon->views, daemon->cfg))
+ fatal_exit("Could not set up views");
+
+ if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views))
fatal_exit("Could not setup access control list");
+ if(daemon->cfg->dnscrypt) {
+#ifdef USE_DNSCRYPT
+ daemon->dnscenv = dnsc_create();
+ if (!daemon->dnscenv)
+ fatal_exit("dnsc_create failed");
+ dnsc_apply_cfg(daemon->dnscenv, daemon->cfg);
+#else
+ fatal_exit("dnscrypt enabled in config but unbound was not built with "
+ "dnscrypt support");
+#endif
+ }
+ /* create global local_zones */
if(!(daemon->local_zones = local_zones_create()))
fatal_exit("Could not create local zones: out of memory");
if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg))
fatal_exit("Could not set up local zones");
+ /* process raw response-ip configuration data */
+ if(!(daemon->respip_set = respip_set_create()))
+ fatal_exit("Could not create response IP set");
+ if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg))
+ fatal_exit("Could not set up response IP set");
+ if(!respip_views_apply_cfg(daemon->views, daemon->cfg,
+ &have_view_respip_cfg))
+ fatal_exit("Could not set up per-view response IP sets");
+ daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) ||
+ have_view_respip_cfg;
+
/* setup modules */
daemon_setup_modules(daemon);
+ /* response-ip-xxx options don't work as expected without the respip
+ * module. To avoid run-time operational surprise we reject such
+ * configuration. */
+ if(daemon->use_response_ip &&
+ modstack_find(&daemon->mods, "respip") < 0)
+ fatal_exit("response-ip options require respip module");
+
/* first create all the worker structures, so we can pass
* them to the newly created threads.
*/
@@ -567,14 +638,26 @@ daemon_fork(struct daemon* daemon)
#endif
signal_handling_playback(daemon->workers[0]);
+ if (!shm_main_init(daemon))
+ log_warn("SHM has failed");
+
/* Start resolver service on main thread. */
+#ifdef HAVE_SYSTEMD
+ sd_notify(0, "READY=1");
+#endif
log_info("start of service (%s).", PACKAGE_STRING);
worker_work(daemon->workers[0]);
+#ifdef HAVE_SYSTEMD
+ sd_notify(0, "STOPPING=1");
+#endif
log_info("service stopped (%s).", PACKAGE_STRING);
/* we exited! a signal happened! Stop other threads */
daemon_stop_others(daemon);
+ /* Shutdown SHM */
+ shm_main_shutdown(daemon);
+
daemon->need_to_exit = daemon->workers[0]->need_to_exit;
}
@@ -589,13 +672,16 @@ daemon_cleanup(struct daemon* daemon)
log_thread_set(NULL);
/* clean up caches because
* a) RRset IDs will be recycled after a reload, causing collisions
- * b) validation config can change, thus rrset, msg, keycache clear
- * The infra cache is kept, the timing and edns info is still valid */
+ * b) validation config can change, thus rrset, msg, keycache clear */
slabhash_clear(&daemon->env->rrset_cache->table);
slabhash_clear(daemon->env->msg_cache);
local_zones_delete(daemon->local_zones);
daemon->local_zones = NULL;
- /* key cache is cleared by module desetup during next daemon_init() */
+ respip_set_delete(daemon->respip_set);
+ daemon->respip_set = NULL;
+ views_delete(daemon->views);
+ daemon->views = NULL;
+ /* key cache is cleared by module desetup during next daemon_fork() */
daemon_remote_clear(daemon->rc);
for(i=0; i<daemon->num; i++)
worker_delete(daemon->workers[i]);
@@ -624,6 +710,7 @@ daemon_delete(struct daemon* daemon)
slabhash_delete(daemon->env->msg_cache);
rrset_cache_delete(daemon->env->rrset_cache);
infra_delete(daemon->env->infra_cache);
+ edns_known_options_delete(daemon->env);
}
ub_randfree(daemon->rand);
alloc_clear(&daemon->superalloc);
@@ -647,18 +734,27 @@ daemon_delete(struct daemon* daemon)
# endif
# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE
# ifndef S_SPLINT_S
+# if OPENSSL_VERSION_NUMBER < 0x10100000
sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free);
+# endif
# endif
# endif
# ifdef HAVE_OPENSSL_CONFIG
EVP_cleanup();
+# if OPENSSL_VERSION_NUMBER < 0x10100000
ENGINE_cleanup();
+# endif
CONF_modules_free();
# endif
+# ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */
- ERR_remove_state(0);
+# endif
+# ifdef HAVE_ERR_FREE_STRINGS
ERR_free_strings();
+# endif
+# if OPENSSL_VERSION_NUMBER < 0x10100000
RAND_cleanup();
+# endif
# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
ub_openssl_lock_delete();
# endif