aboutsummaryrefslogtreecommitdiff
path: root/external/unbound/daemon/daemon.c
diff options
context:
space:
mode:
Diffstat (limited to 'external/unbound/daemon/daemon.c')
-rw-r--r--external/unbound/daemon/daemon.c114
1 files changed, 105 insertions, 9 deletions
diff --git a/external/unbound/daemon/daemon.c b/external/unbound/daemon/daemon.c
index e763f724e..dad9f86b3 100644
--- a/external/unbound/daemon/daemon.c
+++ b/external/unbound/daemon/daemon.c
@@ -73,20 +73,27 @@
#include "util/log.h"
#include "util/config_file.h"
#include "util/data/msgreply.h"
+#include "util/shm_side/shm_main.h"
#include "util/storage/lookup3.h"
#include "util/storage/slabhash.h"
#include "services/listen_dnsport.h"
#include "services/cache/rrset.h"
#include "services/cache/infra.h"
#include "services/localzone.h"
+#include "services/view.h"
#include "services/modstack.h"
#include "util/module.h"
#include "util/random.h"
#include "util/tube.h"
#include "util/net_help.h"
#include "sldns/keyraw.h"
+#include "respip/respip.h"
#include <signal.h>
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
/** How many quit requests happened. */
static int sig_record_quit = 0;
/** How many reload requests happened. */
@@ -174,8 +181,15 @@ static void
signal_handling_playback(struct worker* wrk)
{
#ifdef SIGHUP
- if(sig_record_reload)
+ if(sig_record_reload) {
+# ifdef HAVE_SYSTEMD
+ sd_notify(0, "RELOADING=1");
+# endif
worker_sighandler(SIGHUP, wrk);
+# ifdef HAVE_SYSTEMD
+ sd_notify(0, "READY=1");
+# endif
+ }
#endif
if(sig_record_quit)
worker_sighandler(SIGTERM, wrk);
@@ -204,20 +218,29 @@ daemon_init(void)
signal_handling_record();
checklock_start();
#ifdef HAVE_SSL
+# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
ERR_load_crypto_strings();
- ERR_load_SSL_strings();
-# ifdef HAVE_OPENSSL_CONFIG
- OPENSSL_config("unbound");
# endif
+ ERR_load_SSL_strings();
# ifdef USE_GOST
(void)sldns_key_EVP_load_gost_id();
# endif
+# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
OpenSSL_add_all_algorithms();
+# else
+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
+ | OPENSSL_INIT_ADD_ALL_DIGESTS
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+# endif
# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
/* grab the COMP method ptr because openssl leaks it */
comp_meth = (void*)SSL_COMP_get_compression_methods();
# endif
+# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
+# else
+ (void)OPENSSL_init_ssl(0, NULL);
+# endif
# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
if(!ub_openssl_lock_init())
fatal_exit("could not init openssl locks");
@@ -239,9 +262,16 @@ daemon_init(void)
free(daemon);
return NULL;
}
+ /* init edns_known_options */
+ if(!edns_known_options_init(daemon->env)) {
+ free(daemon->env);
+ free(daemon);
+ return NULL;
+ }
alloc_init(&daemon->superalloc, NULL, 0);
daemon->acl = acl_list_create();
if(!daemon->acl) {
+ edns_known_options_delete(daemon->env);
free(daemon->env);
free(daemon);
return NULL;
@@ -338,6 +368,7 @@ static void daemon_setup_modules(struct daemon* daemon)
daemon->env)) {
fatal_exit("failed to setup modules");
}
+ log_edns_known_options(VERB_ALGO, daemon->env);
}
/**
@@ -407,6 +438,8 @@ daemon_create_workers(struct daemon* daemon)
}
daemon->workers = (struct worker**)calloc((size_t)daemon->num,
sizeof(struct worker*));
+ if(!daemon->workers)
+ fatal_exit("out of memory during daemon init");
if(daemon->cfg->dnstap) {
#ifdef USE_DNSTAP
daemon->dtenv = dt_create(daemon->cfg->dnstap_socket_path,
@@ -530,17 +563,55 @@ daemon_stop_others(struct daemon* daemon)
void
daemon_fork(struct daemon* daemon)
{
+ int have_view_respip_cfg = 0;
+
log_assert(daemon);
- if(!acl_list_apply_cfg(daemon->acl, daemon->cfg))
+ if(!(daemon->views = views_create()))
+ fatal_exit("Could not create views: out of memory");
+ /* create individual views and their localzone/data trees */
+ if(!views_apply_cfg(daemon->views, daemon->cfg))
+ fatal_exit("Could not set up views");
+
+ if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views))
fatal_exit("Could not setup access control list");
+ if(daemon->cfg->dnscrypt) {
+#ifdef USE_DNSCRYPT
+ daemon->dnscenv = dnsc_create();
+ if (!daemon->dnscenv)
+ fatal_exit("dnsc_create failed");
+ dnsc_apply_cfg(daemon->dnscenv, daemon->cfg);
+#else
+ fatal_exit("dnscrypt enabled in config but unbound was not built with "
+ "dnscrypt support");
+#endif
+ }
+ /* create global local_zones */
if(!(daemon->local_zones = local_zones_create()))
fatal_exit("Could not create local zones: out of memory");
if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg))
fatal_exit("Could not set up local zones");
+ /* process raw response-ip configuration data */
+ if(!(daemon->respip_set = respip_set_create()))
+ fatal_exit("Could not create response IP set");
+ if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg))
+ fatal_exit("Could not set up response IP set");
+ if(!respip_views_apply_cfg(daemon->views, daemon->cfg,
+ &have_view_respip_cfg))
+ fatal_exit("Could not set up per-view response IP sets");
+ daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) ||
+ have_view_respip_cfg;
+
/* setup modules */
daemon_setup_modules(daemon);
+ /* response-ip-xxx options don't work as expected without the respip
+ * module. To avoid run-time operational surprise we reject such
+ * configuration. */
+ if(daemon->use_response_ip &&
+ modstack_find(&daemon->mods, "respip") < 0)
+ fatal_exit("response-ip options require respip module");
+
/* first create all the worker structures, so we can pass
* them to the newly created threads.
*/
@@ -567,14 +638,26 @@ daemon_fork(struct daemon* daemon)
#endif
signal_handling_playback(daemon->workers[0]);
+ if (!shm_main_init(daemon))
+ log_warn("SHM has failed");
+
/* Start resolver service on main thread. */
+#ifdef HAVE_SYSTEMD
+ sd_notify(0, "READY=1");
+#endif
log_info("start of service (%s).", PACKAGE_STRING);
worker_work(daemon->workers[0]);
+#ifdef HAVE_SYSTEMD
+ sd_notify(0, "STOPPING=1");
+#endif
log_info("service stopped (%s).", PACKAGE_STRING);
/* we exited! a signal happened! Stop other threads */
daemon_stop_others(daemon);
+ /* Shutdown SHM */
+ shm_main_shutdown(daemon);
+
daemon->need_to_exit = daemon->workers[0]->need_to_exit;
}
@@ -589,13 +672,16 @@ daemon_cleanup(struct daemon* daemon)
log_thread_set(NULL);
/* clean up caches because
* a) RRset IDs will be recycled after a reload, causing collisions
- * b) validation config can change, thus rrset, msg, keycache clear
- * The infra cache is kept, the timing and edns info is still valid */
+ * b) validation config can change, thus rrset, msg, keycache clear */
slabhash_clear(&daemon->env->rrset_cache->table);
slabhash_clear(daemon->env->msg_cache);
local_zones_delete(daemon->local_zones);
daemon->local_zones = NULL;
- /* key cache is cleared by module desetup during next daemon_init() */
+ respip_set_delete(daemon->respip_set);
+ daemon->respip_set = NULL;
+ views_delete(daemon->views);
+ daemon->views = NULL;
+ /* key cache is cleared by module desetup during next daemon_fork() */
daemon_remote_clear(daemon->rc);
for(i=0; i<daemon->num; i++)
worker_delete(daemon->workers[i]);
@@ -624,6 +710,7 @@ daemon_delete(struct daemon* daemon)
slabhash_delete(daemon->env->msg_cache);
rrset_cache_delete(daemon->env->rrset_cache);
infra_delete(daemon->env->infra_cache);
+ edns_known_options_delete(daemon->env);
}
ub_randfree(daemon->rand);
alloc_clear(&daemon->superalloc);
@@ -647,18 +734,27 @@ daemon_delete(struct daemon* daemon)
# endif
# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE
# ifndef S_SPLINT_S
+# if OPENSSL_VERSION_NUMBER < 0x10100000
sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free);
+# endif
# endif
# endif
# ifdef HAVE_OPENSSL_CONFIG
EVP_cleanup();
+# if OPENSSL_VERSION_NUMBER < 0x10100000
ENGINE_cleanup();
+# endif
CONF_modules_free();
# endif
+# ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */
- ERR_remove_state(0);
+# endif
+# ifdef HAVE_ERR_FREE_STRINGS
ERR_free_strings();
+# endif
+# if OPENSSL_VERSION_NUMBER < 0x10100000
RAND_cleanup();
+# endif
# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
ub_openssl_lock_delete();
# endif