diff options
Diffstat (limited to 'external/unbound/daemon/daemon.c')
-rw-r--r-- | external/unbound/daemon/daemon.c | 114 |
1 files changed, 105 insertions, 9 deletions
diff --git a/external/unbound/daemon/daemon.c b/external/unbound/daemon/daemon.c index e763f724e..dad9f86b3 100644 --- a/external/unbound/daemon/daemon.c +++ b/external/unbound/daemon/daemon.c @@ -73,20 +73,27 @@ #include "util/log.h" #include "util/config_file.h" #include "util/data/msgreply.h" +#include "util/shm_side/shm_main.h" #include "util/storage/lookup3.h" #include "util/storage/slabhash.h" #include "services/listen_dnsport.h" #include "services/cache/rrset.h" #include "services/cache/infra.h" #include "services/localzone.h" +#include "services/view.h" #include "services/modstack.h" #include "util/module.h" #include "util/random.h" #include "util/tube.h" #include "util/net_help.h" #include "sldns/keyraw.h" +#include "respip/respip.h" #include <signal.h> +#ifdef HAVE_SYSTEMD +#include <systemd/sd-daemon.h> +#endif + /** How many quit requests happened. */ static int sig_record_quit = 0; /** How many reload requests happened. */ @@ -174,8 +181,15 @@ static void signal_handling_playback(struct worker* wrk) { #ifdef SIGHUP - if(sig_record_reload) + if(sig_record_reload) { +# ifdef HAVE_SYSTEMD + sd_notify(0, "RELOADING=1"); +# endif worker_sighandler(SIGHUP, wrk); +# ifdef HAVE_SYSTEMD + sd_notify(0, "READY=1"); +# endif + } #endif if(sig_record_quit) worker_sighandler(SIGTERM, wrk); @@ -204,20 +218,29 @@ daemon_init(void) signal_handling_record(); checklock_start(); #ifdef HAVE_SSL +# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); - ERR_load_SSL_strings(); -# ifdef HAVE_OPENSSL_CONFIG - OPENSSL_config("unbound"); # endif + ERR_load_SSL_strings(); # ifdef USE_GOST (void)sldns_key_EVP_load_gost_id(); # endif +# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) OpenSSL_add_all_algorithms(); +# else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); +# endif # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS /* grab the COMP method ptr because openssl leaks it */ comp_meth = (void*)SSL_COMP_get_compression_methods(); # endif +# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) (void)SSL_library_init(); +# else + (void)OPENSSL_init_ssl(0, NULL); +# endif # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) if(!ub_openssl_lock_init()) fatal_exit("could not init openssl locks"); @@ -239,9 +262,16 @@ daemon_init(void) free(daemon); return NULL; } + /* init edns_known_options */ + if(!edns_known_options_init(daemon->env)) { + free(daemon->env); + free(daemon); + return NULL; + } alloc_init(&daemon->superalloc, NULL, 0); daemon->acl = acl_list_create(); if(!daemon->acl) { + edns_known_options_delete(daemon->env); free(daemon->env); free(daemon); return NULL; @@ -338,6 +368,7 @@ static void daemon_setup_modules(struct daemon* daemon) daemon->env)) { fatal_exit("failed to setup modules"); } + log_edns_known_options(VERB_ALGO, daemon->env); } /** @@ -407,6 +438,8 @@ daemon_create_workers(struct daemon* daemon) } daemon->workers = (struct worker**)calloc((size_t)daemon->num, sizeof(struct worker*)); + if(!daemon->workers) + fatal_exit("out of memory during daemon init"); if(daemon->cfg->dnstap) { #ifdef USE_DNSTAP daemon->dtenv = dt_create(daemon->cfg->dnstap_socket_path, @@ -530,17 +563,55 @@ daemon_stop_others(struct daemon* daemon) void daemon_fork(struct daemon* daemon) { + int have_view_respip_cfg = 0; + log_assert(daemon); - if(!acl_list_apply_cfg(daemon->acl, daemon->cfg)) + if(!(daemon->views = views_create())) + fatal_exit("Could not create views: out of memory"); + /* create individual views and their localzone/data trees */ + if(!views_apply_cfg(daemon->views, daemon->cfg)) + fatal_exit("Could not set up views"); + + if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views)) fatal_exit("Could not setup access control list"); + if(daemon->cfg->dnscrypt) { +#ifdef USE_DNSCRYPT + daemon->dnscenv = dnsc_create(); + if (!daemon->dnscenv) + fatal_exit("dnsc_create failed"); + dnsc_apply_cfg(daemon->dnscenv, daemon->cfg); +#else + fatal_exit("dnscrypt enabled in config but unbound was not built with " + "dnscrypt support"); +#endif + } + /* create global local_zones */ if(!(daemon->local_zones = local_zones_create())) fatal_exit("Could not create local zones: out of memory"); if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg)) fatal_exit("Could not set up local zones"); + /* process raw response-ip configuration data */ + if(!(daemon->respip_set = respip_set_create())) + fatal_exit("Could not create response IP set"); + if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg)) + fatal_exit("Could not set up response IP set"); + if(!respip_views_apply_cfg(daemon->views, daemon->cfg, + &have_view_respip_cfg)) + fatal_exit("Could not set up per-view response IP sets"); + daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) || + have_view_respip_cfg; + /* setup modules */ daemon_setup_modules(daemon); + /* response-ip-xxx options don't work as expected without the respip + * module. To avoid run-time operational surprise we reject such + * configuration. */ + if(daemon->use_response_ip && + modstack_find(&daemon->mods, "respip") < 0) + fatal_exit("response-ip options require respip module"); + /* first create all the worker structures, so we can pass * them to the newly created threads. */ @@ -567,14 +638,26 @@ daemon_fork(struct daemon* daemon) #endif signal_handling_playback(daemon->workers[0]); + if (!shm_main_init(daemon)) + log_warn("SHM has failed"); + /* Start resolver service on main thread. */ +#ifdef HAVE_SYSTEMD + sd_notify(0, "READY=1"); +#endif log_info("start of service (%s).", PACKAGE_STRING); worker_work(daemon->workers[0]); +#ifdef HAVE_SYSTEMD + sd_notify(0, "STOPPING=1"); +#endif log_info("service stopped (%s).", PACKAGE_STRING); /* we exited! a signal happened! Stop other threads */ daemon_stop_others(daemon); + /* Shutdown SHM */ + shm_main_shutdown(daemon); + daemon->need_to_exit = daemon->workers[0]->need_to_exit; } @@ -589,13 +672,16 @@ daemon_cleanup(struct daemon* daemon) log_thread_set(NULL); /* clean up caches because * a) RRset IDs will be recycled after a reload, causing collisions - * b) validation config can change, thus rrset, msg, keycache clear - * The infra cache is kept, the timing and edns info is still valid */ + * b) validation config can change, thus rrset, msg, keycache clear */ slabhash_clear(&daemon->env->rrset_cache->table); slabhash_clear(daemon->env->msg_cache); local_zones_delete(daemon->local_zones); daemon->local_zones = NULL; - /* key cache is cleared by module desetup during next daemon_init() */ + respip_set_delete(daemon->respip_set); + daemon->respip_set = NULL; + views_delete(daemon->views); + daemon->views = NULL; + /* key cache is cleared by module desetup during next daemon_fork() */ daemon_remote_clear(daemon->rc); for(i=0; i<daemon->num; i++) worker_delete(daemon->workers[i]); @@ -624,6 +710,7 @@ daemon_delete(struct daemon* daemon) slabhash_delete(daemon->env->msg_cache); rrset_cache_delete(daemon->env->rrset_cache); infra_delete(daemon->env->infra_cache); + edns_known_options_delete(daemon->env); } ub_randfree(daemon->rand); alloc_clear(&daemon->superalloc); @@ -647,18 +734,27 @@ daemon_delete(struct daemon* daemon) # endif # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE # ifndef S_SPLINT_S +# if OPENSSL_VERSION_NUMBER < 0x10100000 sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free); +# endif # endif # endif # ifdef HAVE_OPENSSL_CONFIG EVP_cleanup(); +# if OPENSSL_VERSION_NUMBER < 0x10100000 ENGINE_cleanup(); +# endif CONF_modules_free(); # endif +# ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */ - ERR_remove_state(0); +# endif +# ifdef HAVE_ERR_FREE_STRINGS ERR_free_strings(); +# endif +# if OPENSSL_VERSION_NUMBER < 0x10100000 RAND_cleanup(); +# endif # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) ub_openssl_lock_delete(); # endif |