Data Structures | Macros | Functions | Variables
net_help.c File Reference

Implementation of net_help.h. More...

#include "config.h"
#include "util/net_help.h"
#include "util/log.h"
#include "util/data/dname.h"
#include "util/module.h"
#include "util/regional.h"
#include "util/config_file.h"
#include "sldns/parseutil.h"
#include "sldns/wire2str.h"
#include "sldns/str2wire.h"
#include <fcntl.h>

Data Structures

struct  tls_session_ticket_key
 

Macros

#define MAX_ADDR_STRLEN   128 /* characters */
 max length of an IP address (the address portion) that we allow
 

Functions

int str_is_ip6 (const char *str)
 See if string is ip4 or ip6. More...
 
int fd_set_nonblock (int s)
 Set fd nonblocking. More...
 
int fd_set_block (int s)
 Set fd (back to) blocking. More...
 
int is_pow2 (size_t num)
 See if number is a power of 2. More...
 
void * memdup (void *data, size_t len)
 Allocate memory and copy over contents. More...
 
void log_addr (enum verbosity_value v, const char *str, struct sockaddr_storage *addr, socklen_t addrlen)
 Prints the sockaddr in readable format with log_info. More...
 
int extstrtoaddr (const char *str, struct sockaddr_storage *addr, socklen_t *addrlen, int port)
 Convert address string, with "@port" appendix, to sockaddr. More...
 
int ipstrtoaddr (const char *ip, int port, struct sockaddr_storage *addr, socklen_t *addrlen)
 Convert ip address string and port to sockaddr. More...
 
int netblockstrtoaddr (const char *str, int port, struct sockaddr_storage *addr, socklen_t *addrlen, int *net)
 Convert ip netblock (ip/netsize) string and port to sockaddr. More...
 
static int ipdnametoaddr (uint8_t *dname, size_t dnamelen, struct sockaddr_storage *addr, socklen_t *addrlen, int *af)
 
int netblockdnametoaddr (uint8_t *dname, size_t dnamelen, struct sockaddr_storage *addr, socklen_t *addrlen, int *net, int *af)
 RPZ format netblock to network byte order address and netblock example RPZ netblock format dnames: More...
 
int authextstrtoaddr (char *str, struct sockaddr_storage *addr, socklen_t *addrlen, char **auth_name)
 Convert address string, with "@port" appendix, to sockaddr. More...
 
uint8_t * authextstrtodname (char *str, int *port, char **auth_name)
 Convert domain string, with "@port" appendix, to dname. More...
 
void sockaddr_store_port (struct sockaddr_storage *addr, socklen_t addrlen, int port)
 store port number into sockaddr structure More...
 
void log_nametypeclass (enum verbosity_value v, const char *str, uint8_t *name, uint16_t type, uint16_t dclass)
 Print string with neat domain name, type and class. More...
 
void log_query_in (const char *str, uint8_t *name, uint16_t type, uint16_t dclass)
 Like log_nametypeclass, but logs with log_query for query logging.
 
void log_name_addr (enum verbosity_value v, const char *str, uint8_t *zone, struct sockaddr_storage *addr, socklen_t addrlen)
 Prints zone name and sockaddr in readable format with log_info. More...
 
void log_err_addr (const char *str, const char *err, struct sockaddr_storage *addr, socklen_t addrlen)
 Log errno and addr. More...
 
int sockaddr_cmp (struct sockaddr_storage *addr1, socklen_t len1, struct sockaddr_storage *addr2, socklen_t len2)
 Compare two sockaddrs. More...
 
int sockaddr_cmp_addr (struct sockaddr_storage *addr1, socklen_t len1, struct sockaddr_storage *addr2, socklen_t len2)
 Compare two sockaddrs. More...
 
int addr_is_ip6 (struct sockaddr_storage *addr, socklen_t len)
 Checkout address family. More...
 
void addr_mask (struct sockaddr_storage *addr, socklen_t len, int net)
 Make sure the sockaddr ends in zeroes. More...
 
int addr_in_common (struct sockaddr_storage *addr1, int net1, struct sockaddr_storage *addr2, int net2, socklen_t addrlen)
 See how many bits are shared, equal, between two addrs. More...
 
void addr_to_str (struct sockaddr_storage *addr, socklen_t addrlen, char *buf, size_t len)
 Put address into string, works for IPv4 and IPv6. More...
 
int prefixnet_is_nat64 (int prefixnet)
 Check if the prefix network length is one of the allowed 32, 40, 48, 56, 64, or 96. More...
 
void addr_to_nat64 (const struct sockaddr_storage *addr, const struct sockaddr_storage *nat64_prefix, socklen_t nat64_prefixlen, int nat64_prefixnet, struct sockaddr_storage *nat64_addr, socklen_t *nat64_addrlen)
 Create a NAT64 address from a given address (needs to be IPv4) and a given NAT64 prefix. More...
 
int addr_is_ip4mapped (struct sockaddr_storage *addr, socklen_t addrlen)
 See if sockaddr is an ipv6 mapped ipv4 address, "::ffff:0.0.0.0". More...
 
int addr_is_broadcast (struct sockaddr_storage *addr, socklen_t addrlen)
 See if sockaddr is 255.255.255.255. More...
 
int addr_is_any (struct sockaddr_storage *addr, socklen_t addrlen)
 See if sockaddr is 0.0.0.0 or ::0. More...
 
void sock_list_insert (struct sock_list **list, struct sockaddr_storage *addr, socklen_t len, struct regional *region)
 Insert new socket list item. More...
 
void sock_list_prepend (struct sock_list **list, struct sock_list *add)
 Append one list to another. More...
 
int sock_list_find (struct sock_list *list, struct sockaddr_storage *addr, socklen_t len)
 Find addr in list. More...
 
void sock_list_merge (struct sock_list **list, struct regional *region, struct sock_list *add)
 Merge socklist into another socket list. More...
 
void log_crypto_err (const char *str)
 Log libcrypto error with descriptive string. More...
 
void log_crypto_err_code (const char *str, unsigned long err)
 Log libcrypto error from errcode with descriptive string, calls log_err. More...
 
void log_crypto_err_io (const char *str, int r)
 Log an error from libcrypto that came from SSL_write and so on, with a value from SSL_get_error, calls log_err. More...
 
void log_crypto_err_io_code (const char *str, int r, unsigned long err)
 Log an error from libcrypt that came from an I/O routine with the errcode from ERR_get_error. More...
 
int listen_sslctx_setup (void *ctxt)
 Set SSL_OP_NOxxx options on SSL context to disable bad crypto. More...
 
void listen_sslctx_setup_2 (void *ctxt)
 Further setup of listening SSL context, after keys loaded. More...
 
void * listen_sslctx_create (char *key, char *pem, char *verifypem)
 create SSL listen context More...
 
void * connect_sslctx_create (char *key, char *pem, char *verifypem, int wincert)
 create SSL connect context More...
 
void * incoming_ssl_fd (void *sslctx, int fd)
 accept a new fd and wrap it in a BIO in SSL More...
 
void * outgoing_ssl_fd (void *sslctx, int fd)
 connect a new fd and wrap it in a BIO in SSL More...
 
int check_auth_name_for_ssl (char *auth_name)
 check if authname SSL functionality is available, false if not More...
 
int set_auth_name_on_ssl (void *ssl, char *auth_name, int use_sni)
 set the authname on an SSL structure, SSL* ssl More...
 
int ub_openssl_lock_init (void)
 Initialize openssl locking for thread safety. More...
 
void ub_openssl_lock_delete (void)
 De-init the allocated openssl locks.
 
int listen_sslctx_setup_ticket_keys (void *sslctx, struct config_strlist *tls_session_ticket_keys)
 setup TLS session ticket More...
 
void listen_sslctx_delete_ticket_keys (void)
 Free memory used for TLS session ticket keys.
 
char * sock_strerror (int errn)
 Return strerror or wsastrerror for socket error printout.
 
void sock_close (int socket)
 close the socket with close, or wsa closesocket
 

Variables

uint16_t EDNS_ADVERTISED_SIZE = 4096
 default value for EDNS ADVERTISED size More...
 
int MINIMAL_RESPONSES = 0
 minimal responses when positive answer: default is no More...
 
int RRSET_ROUNDROBIN = 1
 rrset order roundrobin: default is yes More...
 
int LOG_TAG_QUERYREPLY = 0
 log tag queries with name instead of 'info' for filtering
 
static struct tls_session_ticket_keyticket_keys
 

Detailed Description

Implementation of net_help.h.

Function Documentation

◆ str_is_ip6()

int str_is_ip6 ( const char *  str)

See if string is ip4 or ip6.

Parameters
strIP specification.
Returns
: true if string addr is an ip6 specced address.

Referenced by calc_num46(), ipstrtoaddr(), listening_ports_open(), net_test(), and ub_ctx_hosts().

◆ fd_set_nonblock()

int fd_set_nonblock ( int  s)

Set fd nonblocking.

Parameters
sfile descriptor.
Returns
: 0 on error (error is printed to log).

References log_err().

Referenced by comm_point_perform_accept(), create_local_accept_sock(), dtio_open_output_local(), dtio_open_output_tcp(), dtio_setup_cmd(), make_tcp_accept(), outnet_comm_point_for_http(), outnet_comm_point_for_tcp(), outnet_tcp_take_into_use(), reply_with_accept(), reply_with_finish(), tube_create(), tube_read_msg(), and tube_write_msg().

◆ fd_set_block()

int fd_set_block ( int  s)

Set fd (back to) blocking.

Parameters
sfile descriptor.
Returns
: 0 on error (error is printed to log).

References log_err(), and verbosity.

Referenced by handle_req(), reply_with_accept(), reply_with_finish(), tube_read_msg(), and tube_write_msg().

◆ is_pow2()

int is_pow2 ( size_t  num)

See if number is a power of 2.

Parameters
numthe value.
Returns
: true if the number is a power of 2.

Referenced by net_test().

◆ memdup()

void* memdup ( void *  data,
size_t  len 
)

Allocate memory and copy over contents.

Parameters
datawhat to copy over.
lenlength of data.
Returns
: NULL on malloc failure, or newly malloced data.

Referenced by add_bg_result(), anchor_new_ta(), anchor_new_ta_key(), assemble_it(), auth_addr_list_copy(), auth_master_copy(), auth_xfer_new(), auth_zone_create(), autr_tp_create(), az_domain_create(), comm_point_send_reply(), delegpt_add_ns_mlc(), delegpt_create_mlc(), delegpt_set_name_mlc(), dns_cache_store(), edns_opt_copy_alloc(), fill_res(), find_match(), forwards_insert_data(), infra_create_ratedata(), key_entry_copy(), lz_enter_zone_tag(), lz_setup_implicit(), match_all(), match_answer(), match_question(), move_into_cache(), neg_setup_data_node(), neg_setup_zone_node(), new_entry(), packed_rrset_copy_alloc(), pending_udp_query(), qlist_add_line(), repinfo_copy_rrsets(), rrset_cache_update_wildcard(), setup_if(), tcp_relay_read(), tcp_req_info_add_result(), ub_packed_rrset_heap_key(), worker_create(), and xfer_link_data().

◆ log_addr()

void log_addr ( enum verbosity_value  v,
const char *  str,
struct sockaddr_storage *  addr,
socklen_t  addrlen 
)

Prints the sockaddr in readable format with log_info.

Debug helper.

Parameters
vat what verbosity level to print this.
strdescriptive string printed with it.
addrthe sockaddr to print. Can be ip4 or ip6.
addrlenlength of addr.

Referenced by comm_point_send_udp_msg(), comm_point_send_udp_msg_if(), do_proxy(), iter_filter_unsuitable(), iter_merge_retry_counts(), pending_find_match(), pick_outgoing_tcp(), remote_handshake_later(), service_tcp_relay(), serviced_tcp_callback(), sock_list_logentry(), and tcp_proxy_delete().

◆ extstrtoaddr()

int extstrtoaddr ( const char *  str,
struct sockaddr_storage *  addr,
socklen_t *  addrlen,
int  port 
)

Convert address string, with "@port" appendix, to sockaddr.

Uses DNS port by default.

Parameters
strthe string
addrwhere to store sockaddr.
addrlenlength of stored sockaddr is returned.
portdefault port.
Returns
0 on error.

Referenced by addr_matches_master(), ah(), contact_server(), dtio_open_output_tcp(), make_tcp_accept(), open_svr(), replay_moment_read(), replay_range_read(), service(), ub_ctx_set_fwd(), ub_ctx_set_stub(), warn_hosts(), xfr_probe_lookup_host(), and xfr_transfer_lookup_host().

◆ ipstrtoaddr()

int ipstrtoaddr ( const char *  ip,
int  port,
struct sockaddr_storage *  addr,
socklen_t *  addrlen 
)

Convert ip address string and port to sockaddr.

Parameters
ipip4 or ip6 address string.
portport number, host format.
addrwhere to store sockaddr.
addrlenlength of stored sockaddr is returned.
Returns
0 on error.

References MAX_ADDR_STRLEN, and str_is_ip6().

Referenced by do_flush_infra(), net_test(), and setup_if().

◆ netblockstrtoaddr()

int netblockstrtoaddr ( const char *  ip,
int  port,
struct sockaddr_storage *  addr,
socklen_t *  addrlen,
int *  net 
)

Convert ip netblock (ip/netsize) string and port to sockaddr.

performs a copy internally to avoid writing over 'ip' string.

Parameters
ipip4 or ip6 address string.
portport number, host format.
addrwhere to store sockaddr.
addrlenlength of stored sockaddr is returned.
netnetblock size is returned.
Returns
0 on error.

Referenced by acl_view_tag_checks(), aclchecks(), addr_matches_master(), dns64_apply_cfg(), edns_strings_apply_cfg(), iter_apply_cfg(), lz_enter_override(), read_addrs(), respip_find_or_create(), setup_if(), tcpconnlimitchecks(), verify_respip_set_actions(), and verify_rrset().

◆ netblockdnametoaddr()

int netblockdnametoaddr ( uint8_t *  dname,
size_t  dnamelen,
struct sockaddr_storage *  addr,
socklen_t *  addrlen,
int *  net,
int *  af 
)

RPZ format netblock to network byte order address and netblock example RPZ netblock format dnames:

  • 24.10.100.51.198.rpz-ip -> 198.51.100.10/24
  • 32.10.zz.db8.2001.rpz-ip -> 2001:db8:0:0:0:0:0:10/32
    Parameters
    dnamethe dname containing RPZ format netblock
    dnamelenlength of dname
    addrwhere to store sockaddr.
    addrlenlength of stored sockaddr is returned.
    netwhere to store netmask
    afwhere to store address family.
    Returns
    0 on error.

◆ authextstrtoaddr()

int authextstrtoaddr ( char *  str,
struct sockaddr_storage *  addr,
socklen_t *  addrlen,
char **  auth_name 
)

Convert address string, with "@port" appendix, to sockaddr.

It can also have an "#tls-auth-name" appendix (after the port). The returned auth_name string is a pointer into the input string. Uses DNS port by default; TLS port when a "#tls-auth-name" is configured.

Parameters
strthe string
addrwhere to store sockaddr.
addrlenlength of stored sockaddr is returned.
auth_namereturned pointer to tls_auth_name, or NULL if none.
Returns
0 on error.

Referenced by parse_delegpt(), read_fwds_addr(), read_stubs_addr(), xfr_probe_send_probe(), and xfr_transfer_init_fetch().

◆ authextstrtodname()

uint8_t* authextstrtodname ( char *  str,
int *  port,
char **  auth_name 
)

Convert domain string, with "@port" appendix, to dname.

It can also have an "#tls-auth-name" appendix (after the port). The return port is the parsed port. Uses DNS port by default; TLS port when a "#tls-auth-name" is configured. The returned auth_name string is a pointer into the input string.

Parameters
strthe string
portpointer to be assigned the parsed port value.
auth_namereturned pointer to tls_auth_name, or NULL if none.
Returns
pointer to the dname.

Referenced by parse_delegpt(), read_fwds_host(), and read_stubs_host().

◆ sockaddr_store_port()

void sockaddr_store_port ( struct sockaddr_storage *  addr,
socklen_t  addrlen,
int  port 
)

store port number into sockaddr structure

Store port number into sockaddr structure.

References addr_is_ip6().

Referenced by delegpt_add_addr(), and delegpt_add_addr_mlc().

◆ log_nametypeclass()

void log_nametypeclass ( enum verbosity_value  v,
const char *  str,
uint8_t *  name,
uint16_t  type,
uint16_t  dclass 
)

Print string with neat domain name, type and class.

Parameters
vat what verbosity level to print this.
strstring of message.
namedomain name uncompressed wireformat.
typehost format RR type.
dclasshost format RR class.

Referenced by add_item(), anchor_store_new_rr(), anchors_assemble_rrsets(), autr_process_prime(), autr_tp_remove(), check_zone_invariants(), find_closest_of_type(), generate_a_aaaa_check(), generate_ns_check(), generate_parentside_target_query(), generate_target_query(), get_random_data(), iter_mark_cycle_targets(), iter_mark_pside_cycle_targets(), iter_scrub_ds(), local_data_find_tag_action(), local_zone_out(), log_rpz_apply(), lz_setup_implicit(), mesh_make_new_space(), neg_insert_data(), outnet_serviced_query(), processCollectClass(), processValidate(), remove_item(), rrset_expired_above(), scrub_message(), val_check_nonsecure(), val_neg_addreferral(), val_neg_addreply(), validate_cname_response(), validate_positive_response(), and verifytest_rrset().

◆ log_name_addr()

void log_name_addr ( enum verbosity_value  v,
const char *  str,
uint8_t *  zone,
struct sockaddr_storage *  addr,
socklen_t  addrlen 
)

Prints zone name and sockaddr in readable format with log_info.

Debug.

Parameters
vat what verbosity level to print this.
strdescriptive string printed with it.
zoneDNS domain name, uncompressed wireformat.
addrthe sockaddr to print. Can be ip4 or ip6.
addrlenlength of addr.

◆ log_err_addr()

void log_err_addr ( const char *  str,
const char *  err,
struct sockaddr_storage *  addr,
socklen_t  addrlen 
)

Log errno and addr.

Parameters
strdescriptive string printed with it.
errerrno string to print, i.e. strerror(errno).
addrthe sockaddr to print. Can be ip4 or ip6.
addrlenlength of addr.

Referenced by checkconnecterr(), comm_point_perform_accept(), comm_point_tcp_handle_read(), comm_point_tcp_handle_write(), http_check_connect(), http_read_more(), http_write_more(), make_tcp_accept(), outnet_get_tcp_fd(), select_ifport(), and ssl_handle_read().

◆ sockaddr_cmp()

int sockaddr_cmp ( struct sockaddr_storage *  addr1,
socklen_t  len1,
struct sockaddr_storage *  addr2,
socklen_t  len2 
)

Compare two sockaddrs.

Imposes an ordering on the addresses. Compares address and port.

Parameters
addr1address 1.
len1lengths of addr1.
addr2address 2.
len2lengths of addr2.
Returns
: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger.

References INET6_SIZE, INET_SIZE, and log_assert.

Referenced by acl_interface_compare(), addr_tree_addrport_compare(), find_create_proxy(), infra_compfunc(), infra_del_host(), pending_cmp(), pending_find_match(), pending_matches_current(), reuse_cmp_addrportssl(), and serviced_cmp().

◆ sockaddr_cmp_addr()

int sockaddr_cmp_addr ( struct sockaddr_storage *  addr1,
socklen_t  len1,
struct sockaddr_storage *  addr2,
socklen_t  len2 
)

Compare two sockaddrs.

Compares address, not the port.

Parameters
addr1address 1.
len1lengths of addr1.
addr2address 2.
len2lengths of addr2.
Returns
: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger.

References INET6_SIZE, INET_SIZE, and log_assert.

Referenced by addr_in_list(), addr_matches_master(), addr_tree_compare(), delegpt_find_addr(), net_test(), and sock_list_find().

◆ addr_is_ip6()

int addr_is_ip6 ( struct sockaddr_storage *  addr,
socklen_t  len 
)

Checkout address family.

Parameters
addrthe sockaddr to examine.
lenthe length of addr.
Returns
: true if sockaddr is ip6.

Referenced by acl_find_or_create(), addr_in_common(), addr_is_ip4mapped(), addr_mask(), addr_matches_master(), addr_to_str(), addr_tree_lookup(), delegpt_add_target(), delegpt_add_target_mlc(), dns64_apply_cfg(), fd_for_dest(), hash_addr(), iter_apply_cfg(), iter_dp_is_useless(), iter_filter_unsuitable(), open_svr(), outnet_get_tcp_fd(), pick_outgoing_tcp(), proxy_list_clear(), randomize_and_send_udp(), sockaddr_store_port(), udp_sockport(), warn_hosts(), and xfr_probe_send_probe().

◆ addr_mask()

void addr_mask ( struct sockaddr_storage *  addr,
socklen_t  len,
int  net 
)

Make sure the sockaddr ends in zeroes.

For tree insertion and subsequent comparison.

Parameters
addrthe ip4 or ip6 addr.
lenlength of addr.
netnumber of bits to leave untouched, the rest of the netblock address is zeroed.

References addr_is_ip6().

Referenced by net_test().

◆ addr_in_common()

int addr_in_common ( struct sockaddr_storage *  addr1,
int  net1,
struct sockaddr_storage *  addr2,
int  net2,
socklen_t  addrlen 
)

See how many bits are shared, equal, between two addrs.

Parameters
addr1first addr.
net1netblock size of first addr.
addr2second addr.
net2netblock size of second addr.
addrlenlength of first addr and of second addr. They must be of the same length (i.e. same type IP4, IP6).
Returns
: number of bits the same.

References addr_is_ip6(), log_assert, and match().

Referenced by addr_matches_master(), addr_tree_init_parents_node(), addr_tree_lookup(), and net_test().

◆ addr_to_str()

void addr_to_str ( struct sockaddr_storage *  addr,
socklen_t  addrlen,
char *  buf,
size_t  len 
)

Put address into string, works for IPv4 and IPv6.

Parameters
addraddress
addrlenlength of address
bufresult string stored here
lenlength of buf. On failure a string with "error" is stored inside.

References addr_is_ip6().

Referenced by dump_infra_host(), errinf_origin(), errinf_reply(), fd_for_dest(), get_mesh_status(), infra_ratelimit_inc(), local_data_find_tag_action(), log_reply_info(), log_reuse_tcp(), log_rpz_apply(), print_dp_details(), respip_inform_print(), reuse_tcp_remove_tree_list(), xfr_master_add_addrs(), and xfr_probe_send_probe().

◆ prefixnet_is_nat64()

int prefixnet_is_nat64 ( int  prefixnet)

Check if the prefix network length is one of the allowed 32, 40, 48, 56, 64, or 96.

Parameters
prefixnetprefix network length to check.
Returns
1 on success, 0 on failure.

Referenced by addr_to_nat64(), and iter_apply_cfg().

◆ addr_to_nat64()

void addr_to_nat64 ( const struct sockaddr_storage *  addr,
const struct sockaddr_storage *  nat64_prefix,
socklen_t  nat64_prefixlen,
int  nat64_prefixnet,
struct sockaddr_storage *  nat64_addr,
socklen_t *  nat64_addrlen 
)

Create a NAT64 address from a given address (needs to be IPv4) and a given NAT64 prefix.

The NAT64 prefix net needs to be one of 32, 40, 48, 56, 64, 96.

Parameters
addrIPv4 address.
nat64_prefixNAT64 prefix.
nat64_prefixlenNAT64 prefix len.
nat64_prefixnetNAT64 prefix mask.
nat64_addrthe resulting NAT64 address.
nat64_addrlenthe resulting NAT64 address length.

References log_assert, and prefixnet_is_nat64().

◆ addr_is_ip4mapped()

int addr_is_ip4mapped ( struct sockaddr_storage *  addr,
socklen_t  addrlen 
)

See if sockaddr is an ipv6 mapped ipv4 address, "::ffff:0.0.0.0".

Parameters
addraddress
addrlenlength of address
Returns
true if so

References addr_is_ip6().

Referenced by net_test(), and udp_send_errno_needs_log().

◆ addr_is_broadcast()

int addr_is_broadcast ( struct sockaddr_storage *  addr,
socklen_t  addrlen 
)

See if sockaddr is 255.255.255.255.

Parameters
addraddress
addrlenlength of address
Returns
true if so

Referenced by udp_send_errno_needs_log().

◆ addr_is_any()

int addr_is_any ( struct sockaddr_storage *  addr,
socklen_t  addrlen 
)

See if sockaddr is 0.0.0.0 or ::0.

Parameters
addraddress
addrlenlength of address
Returns
true if so

Referenced by net_test(), and pick_outgoing_tcp().

◆ sock_list_insert()

void sock_list_insert ( struct sock_list **  list,
struct sockaddr_storage *  addr,
socklen_t  len,
struct regional region 
)

Insert new socket list item.

If fails logs error.

Parameters
listpointer to pointer to first item.
addraddress or NULL if 'cache'.
lenlength of addr, or 0 if 'cache'.
regionwhere to allocate

References sock_list::addr, sock_list::len, log_assert, log_err(), sock_list::next, and regional_alloc().

Referenced by generate_parentside_target_query(), processInitRequest3(), sock_list_merge(), and val_blacklist().

◆ sock_list_prepend()

void sock_list_prepend ( struct sock_list **  list,
struct sock_list add 
)

Append one list to another.

Must both be from same qstate(regional).

Parameters
listpointer to result list that is modified.
additem(s) to add. They are prepended to list.

References sock_list::next.

Referenced by val_blacklist().

◆ sock_list_find()

int sock_list_find ( struct sock_list list,
struct sockaddr_storage *  addr,
socklen_t  len 
)

Find addr in list.

Parameters
listto search in
addraddress to look for.
lenlength. Can be 0, look for 'cache entry'.
Returns
true if found.

References sock_list::addr, sock_list::len, sock_list::next, and sockaddr_cmp_addr().

Referenced by iter_fill_rtt(), and sock_list_merge().

◆ sock_list_merge()

void sock_list_merge ( struct sock_list **  list,
struct regional region,
struct sock_list add 
)

Merge socklist into another socket list.

Allocates the new entries freshly and copies them over, so also performs a region switchover. Allocation failures are logged.

Parameters
listthe destination list (checked for duplicates)
regionwhere to allocate
addthe list of entries to add.

References sock_list::addr, sock_list::len, sock_list::next, sock_list_find(), and sock_list_insert().

Referenced by generate_request(), and val_blacklist().

◆ log_crypto_err()

void log_crypto_err ( const char *  str)

Log libcrypto error with descriptive string.

Calls log_err().

Parameters
strwhat failed.

Referenced by connect_sslctx_create(), incoming_ssl_fd(), listen_sslctx_create(), listen_sslctx_setup(), listen_sslctx_setup_2(), outgoing_ssl_fd(), and recv_one().

◆ log_crypto_err_code()

void log_crypto_err_code ( const char *  str,
unsigned long  err 
)

Log libcrypto error from errcode with descriptive string, calls log_err.

Parameters
strwhat failed.
errerror code from ERR_get_error.

◆ log_crypto_err_io()

void log_crypto_err_io ( const char *  str,
int  r 
)

Log an error from libcrypto that came from SSL_write and so on, with a value from SSL_get_error, calls log_err.

If that fails it logs with log_crypto_err.

Parameters
strwhat failed
routput of SSL_get_error on the I/O operation result.

Referenced by handle_req(), remote_handshake_later(), reply_with_accept(), reply_with_finish(), ssl_handle_read(), ssl_handle_write(), ssl_http_read_more(), and ssl_http_write_more().

◆ log_crypto_err_io_code()

void log_crypto_err_io_code ( const char *  str,
int  r,
unsigned long  err 
)

Log an error from libcrypt that came from an I/O routine with the errcode from ERR_get_error.

Calls log_err() and log_crypto_err_code.

Parameters
strwhat failed
routput of SSL_get_error on the I/O operation result.
errerror code from ERR_get_error

◆ listen_sslctx_setup()

int listen_sslctx_setup ( void *  ctxt)

Set SSL_OP_NOxxx options on SSL context to disable bad crypto.

Parameters
ctxtSSL_CTX*
Returns
false on failure.

References log_crypto_err().

Referenced by listen_sslctx_create().

◆ listen_sslctx_setup_2()

void listen_sslctx_setup_2 ( void *  ctxt)

Further setup of listening SSL context, after keys loaded.

Parameters
ctxtSSL_CTX*

References log_crypto_err().

Referenced by listen_sslctx_create().

◆ listen_sslctx_create()

void* listen_sslctx_create ( char *  key,
char *  pem,
char *  verifypem 
)

create SSL listen context

Parameters
keyprivate key file.
pempublic key cert.
verifypemif nonNULL, verifylocation file. return SSL_CTX* or NULL on failure (logged).

References listen_sslctx_setup(), listen_sslctx_setup_2(), log_crypto_err(), and log_err().

Referenced by tap_socket_new_tlsaccept().

◆ connect_sslctx_create()

void* connect_sslctx_create ( char *  key,
char *  pem,
char *  verifypem,
int  wincert 
)

create SSL connect context

Parameters
keyif nonNULL (also pem nonNULL), the client private key.
pemclient public key (or NULL if key is NULL).
verifypemif nonNULL used for verifylocation file.
wincertadd system certificate store to ctx (add to verifypem ca certs).
Returns
SSL_CTX* or NULL on failure (logged).

References log_crypto_err(), and log_err().

Referenced by dt_io_thread_apply_cfg(), and libworker_setup().

◆ incoming_ssl_fd()

void* incoming_ssl_fd ( void *  sslctx,
int  fd 
)

accept a new fd and wrap it in a BIO in SSL

Parameters
sslctxthe SSL_CTX to use (from listen_sslctx_create()).
fdfrom accept, nonblocking.
Returns
SSL or NULL on alloc failure.

References log_crypto_err().

Referenced by comm_point_tcp_accept_callback().

◆ outgoing_ssl_fd()

void* outgoing_ssl_fd ( void *  sslctx,
int  fd 
)

connect a new fd and wrap it in a BIO in SSL

Parameters
sslctxthe SSL_CTX to use (from connect_sslctx_create())
fdfrom connect.
Returns
SSL or NULL on alloc failure

References log_crypto_err().

Referenced by dtio_setup_ssl(), and setup_comm_ssl().

◆ check_auth_name_for_ssl()

int check_auth_name_for_ssl ( char *  auth_name)

check if authname SSL functionality is available, false if not

Parameters
auth_namethe name for the remote server, used for error print.
Returns
false if SSL functionality to check the SSL name is not available.

References log_err().

Referenced by dt_io_thread_apply_cfg().

◆ set_auth_name_on_ssl()

int set_auth_name_on_ssl ( void *  ssl,
char *  auth_name,
int  use_sni 
)

set the authname on an SSL structure, SSL* ssl

set auth name on SSL for verification

References log_err(), VERB_ALGO, and verbose().

Referenced by dtio_setup_ssl().

◆ ub_openssl_lock_init()

int ub_openssl_lock_init ( void  )

Initialize openssl locking for thread safety.

Returns
false on failure (alloc failure).

◆ listen_sslctx_setup_ticket_keys()

int listen_sslctx_setup_ticket_keys ( void *  sslctx,
struct config_strlist tls_session_ticket_keys 
)

setup TLS session ticket

Parameters
sslctxthe SSL_CTX to use (from connect_sslctx_create())
tls_session_ticket_keysTLS ticket secret filenames
Returns
false on failure (alloc failure).

References config_strlist::next.

Variable Documentation

◆ EDNS_ADVERTISED_SIZE

uint16_t EDNS_ADVERTISED_SIZE = 4096

default value for EDNS ADVERTISED size

Advertised size of EDNS capabilities.

Referenced by answer_norec_from_cache(), auth_answer_encode(), auth_error_encode(), config_apply(), extended_error_encode(), local_error_encode(), and rpz_local_encode().

◆ MINIMAL_RESPONSES

int MINIMAL_RESPONSES = 0

minimal responses when positive answer: default is no

minimal responses when positive answer

Referenced by config_apply().

◆ RRSET_ROUNDROBIN

int RRSET_ROUNDROBIN = 1

rrset order roundrobin: default is yes

rrset order roundrobin

Referenced by config_apply(), and main().