Commit 62ec9fd1 authored by Mark Andrews's avatar Mark Andrews

3733. [func] Improve interface scanning support. Interface

                        information will be automatically updated if the
                        OS supports routing sockets.  Use
                        "automatic-interface-scan no;" to disable.

                        Add "rndc scan" to trigger a scan. [RT #23027]
parent 0584ab7e
3733. [func] Improve interface scanning support. Interface
information will be automatically updated if the
OS supports routing sockets. Use
"automatic-interface-scan no;" to disable.
Add "rndc scan" to trigger a scan. [RT #23027]
3732. [contrib] Fixed a type mismatch causing the ODBC DLZ
driver to dump core on 64-bit systems. [RT #35324]
......
......@@ -20,7 +20,7 @@
<!-- %Id: bind9.xsl,v 1.21 2009/01/27 23:47:54 tbox Exp % -->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" version="1.0">
<xsl:output method="html" indent="yes" version="4.0"/>
<xsl:template match="statistics[@version=&quot;3.4&quot;]">
<xsl:template match="statistics[@version=&quot;3.5&quot;]">
<html>
<head>
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
......
......@@ -25,7 +25,7 @@ static char xslmsg[] =
"<!-- \045Id: bind9.xsl,v 1.21 2009/01/27 23:47:54 tbox Exp \045 -->\n"
"<xsl:stylesheet xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns=\"http://www.w3.org/1999/xhtml\" version=\"1.0\">\n"
" <xsl:output method=\"html\" indent=\"yes\" version=\"4.0\"/>\n"
" <xsl:template match=\"statistics[@version=&quot;3.4&quot;]\">\n"
" <xsl:template match=\"statistics[@version=&quot;3.5&quot;]\">\n"
" <html>\n"
" <head>\n"
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
......
......@@ -52,6 +52,7 @@
/*% default configuration */
static char defaultconf[] = "\
options {\n\
automatic-interface-scan yes;\n\
# blackhole {none;};\n"
#ifndef WIN32
" coresize default;\n\
......
......@@ -186,6 +186,9 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
command_compare(command, NS_COMMAND_THAW)) {
result = ns_server_freeze(ns_g_server, ISC_FALSE, command,
text);
} else if (command_compare(command, NS_COMMAND_SCAN)) {
result = ISC_R_SUCCESS;
ns_server_scan_interfaces(ns_g_server);
} else if (command_compare(command, NS_COMMAND_SYNC)) {
result = ns_server_sync(ns_g_server, command, text);
} else if (command_compare(command, NS_COMMAND_RECURSING)) {
......
......@@ -59,6 +59,7 @@
#define NS_COMMAND_NULL "null"
#define NS_COMMAND_NOTIFY "notify"
#define NS_COMMAND_VALIDATION "validation"
#define NS_COMMAND_SCAN "scan"
#define NS_COMMAND_SIGN "sign"
#define NS_COMMAND_LOADKEYS "loadkeys"
#define NS_COMMAND_ADDZONE "addzone"
......
......@@ -37,6 +37,7 @@
#define NS_EVENTCLASS ISC_EVENTCLASS(0x4E43)
#define NS_EVENT_RELOAD (NS_EVENTCLASS + 0)
#define NS_EVENT_CLIENTCONTROL (NS_EVENTCLASS + 1)
#define NS_EVENT_IFSCAN (NS_EVENTCLASS + 2)
/*%
* Name server state. Better here than in lots of separate global variables.
......@@ -114,6 +115,7 @@ struct ns_server {
dns_name_t *session_keyname;
unsigned int session_keyalg;
isc_uint16_t session_keybits;
isc_boolean_t interface_auto;
};
#define NS_SERVER_MAGIC ISC_MAGIC('S','V','E','R')
......@@ -200,6 +202,12 @@ ns_server_reloadwanted(ns_server_t *server);
* is ignored.
*/
void
ns_server_scan_interfaces(ns_server_t *server);
/*%<
* Trigger a interface scan.
*/
void
ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush);
/*%<
......
......@@ -33,6 +33,14 @@
#include <named/client.h>
#include <named/log.h>
#include <named/interfacemgr.h>
#include <named/server.h>
#ifdef HAVE_NET_ROUTE_H
#include <net/route.h>
#if defined(RTM_VERSION) && defined(RTM_NEWADDR) && defined(RTM_DELADDR)
#define USE_ROUTE_SOCKET 1
#endif
#endif
#define IFMGR_MAGIC ISC_MAGIC('I', 'F', 'M', 'G')
#define NS_INTERFACEMGR_VALID(t) ISC_MAGIC_VALID(t, IFMGR_MAGIC)
......@@ -55,6 +63,11 @@ struct ns_interfacemgr {
dns_aclenv_t aclenv; /*%< Localhost/localnets ACLs */
ISC_LIST(ns_interface_t) interfaces; /*%< List of interfaces. */
ISC_LIST(isc_sockaddr_t) listenon;
#ifdef USE_ROUTE_SOCKET
isc_task_t * task;
isc_socket_t * route;
unsigned char buf[2048];
#endif
};
static void
......@@ -63,6 +76,69 @@ purge_old_interfaces(ns_interfacemgr_t *mgr);
static void
clearlistenon(ns_interfacemgr_t *mgr);
#ifdef USE_ROUTE_SOCKET
static void
route_event(isc_task_t *task, isc_event_t *event) {
isc_socketevent_t *sevent = NULL;
ns_interfacemgr_t *mgr = NULL;
isc_region_t r;
isc_result_t result;
struct rt_msghdr *rtm;
UNUSED(task);
REQUIRE(event->ev_type == ISC_SOCKEVENT_RECVDONE);
mgr = event->ev_arg;
sevent = (isc_socketevent_t *)event;
if (sevent->result != ISC_R_SUCCESS) {
if (sevent->result != ISC_R_CANCELED)
isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
"automatic interface scanning "
"terminated: %s",
isc_result_totext(sevent->result));
ns_interfacemgr_detach(&mgr);
isc_event_free(&event);
return;
}
rtm = (struct rt_msghdr *)mgr->buf;
if (rtm->rtm_version != RTM_VERSION) {
isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
"automatic interface rescanning disabled: "
"rtm->rtm_version mismatch (%u != %u) "
"recompile required", rtm->rtm_version,
RTM_VERSION);
isc_task_detach(&mgr->task);
isc_socket_detach(&mgr->route);
ns_interfacemgr_detach(&mgr);
isc_event_free(&event);
return;
}
switch (rtm->rtm_type) {
case RTM_NEWADDR:
case RTM_DELADDR:
if (ns_g_server->interface_auto)
ns_server_scan_interfaces(ns_g_server);
break;
default:
break;
}
/*
* Look for next route event.
*/
r.base = mgr->buf;
r.length = sizeof(mgr->buf);
result = isc_socket_recv(mgr->route, &r, 1, mgr->task,
route_event, mgr);
if (result != ISC_R_SUCCESS)
ns_interfacemgr_detach(&mgr);
isc_event_free(&event);
}
#endif
isc_result_t
ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
isc_socketmgr_t *socketmgr,
......@@ -112,11 +188,51 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
mgr->aclenv.geoip = ns_g_geoip;
#endif
#ifdef USE_ROUTE_SOCKET
mgr->route = NULL;
result = isc_socket_create(mgr->socketmgr, PF_ROUTE,
isc_sockettype_raw, &mgr->route);
switch (result) {
case ISC_R_NOPERM:
case ISC_R_SUCCESS:
case ISC_R_NOTIMPLEMENTED:
break;
default:
goto cleanup_aclenv;
}
mgr->task = NULL;
if (mgr->route != NULL) {
result = isc_task_create(taskmgr, 0, &mgr->task);
if (result != ISC_R_SUCCESS)
goto cleanup_route;
}
mgr->references = (mgr->route != NULL) ? 2 : 1;
#else
mgr->references = 1;
#endif
mgr->magic = IFMGR_MAGIC;
*mgrp = mgr;
#ifdef USE_ROUTE_SOCKET
if (mgr->route != NULL) {
isc_region_t r = { mgr->buf, sizeof(mgr->buf) };
result = isc_socket_recv(mgr->route, &r, 1, mgr->task,
route_event, mgr);
if (result != ISC_R_SUCCESS)
ns_interfacemgr_detach(&mgr);
}
#endif
return (ISC_R_SUCCESS);
#ifdef USE_ROUTE_SOCKET
cleanup_route:
if (mgr->route != NULL)
isc_socket_detach(&mgr->route);
cleanup_aclenv:
#endif
dns_aclenv_destroy(&mgr->aclenv);
cleanup_listenon:
ns_listenlist_detach(&mgr->listenon4);
ns_listenlist_detach(&mgr->listenon6);
......@@ -128,6 +244,13 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
static void
ns_interfacemgr_destroy(ns_interfacemgr_t *mgr) {
REQUIRE(NS_INTERFACEMGR_VALID(mgr));
#ifdef USE_ROUTE_SOCKET
if (mgr->route != NULL)
isc_socket_detach(&mgr->route);
if (mgr->task != NULL)
isc_task_detach(&mgr->task);
#endif
dns_aclenv_destroy(&mgr->aclenv);
ns_listenlist_detach(&mgr->listenon4);
ns_listenlist_detach(&mgr->listenon6);
......@@ -179,6 +302,10 @@ ns_interfacemgr_shutdown(ns_interfacemgr_t *mgr) {
* consider all interfaces "old".
*/
mgr->generation++;
#ifdef USE_ROUTE_SOCKET
if (mgr->route != NULL)
isc_socket_cancel(mgr->route, mgr->task, ISC_SOCKCANCEL_RECV);
#endif
purge_old_interfaces(mgr);
}
......
......@@ -4741,16 +4741,25 @@ adjust_interfaces(ns_server_t *server, isc_mem_t *mctx) {
}
/*
* This event callback is invoked to do periodic network
* interface scanning.
* This event callback is invoked to do periodic network interface
* scanning. It is also called by ns_server_scan_interfaces(),
* invoked by "rndc scan"
*/
static void
interface_timer_tick(isc_task_t *task, isc_event_t *event) {
isc_result_t result;
ns_server_t *server = (ns_server_t *) event->ev_arg;
INSIST(task == server->task);
UNUSED(task);
if (event->ev_type == NS_EVENT_IFSCAN)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1),
"automatic interface rescan");
isc_event_free(&event);
/*
* XXX should scan interfaces unlocked and get exclusive access
* only to replace ACLs.
......@@ -5676,6 +5685,14 @@ load_configuration(const char *filename, ns_server_t *server,
}
server->interface_interval = interface_interval;
/*
* Enable automatic interface scans.
*/
obj = NULL;
result = ns_config_get(maps, "automatic-interface-scan", &obj);
INSIST(result == ISC_R_SUCCESS);
server->interface_auto = cfg_obj_asboolean(obj);
/*
* Configure the dialup heartbeat timer.
*/
......@@ -6902,6 +6919,17 @@ ns_server_reloadwanted(ns_server_t *server) {
UNLOCK(&server->reload_event_lock);
}
void
ns_server_scan_interfaces(ns_server_t *server) {
isc_event_t *event;
event = isc_event_allocate(ns_g_mctx, server, NS_EVENT_IFSCAN,
interface_timer_tick, server,
sizeof(isc_event_t));
if (event != NULL)
isc_task_send(server->task, &event);
}
static char *
next_token(char **stringp, const char *delim) {
char *res;
......
......@@ -372,6 +372,7 @@ init_desc(void) {
SET_SOCKSTATDESC(tcp4open, "TCP/IPv4 sockets opened", "TCP4Open");
SET_SOCKSTATDESC(tcp6open, "TCP/IPv6 sockets opened", "TCP6Open");
SET_SOCKSTATDESC(unixopen, "Unix domain sockets opened", "UnixOpen");
SET_SOCKSTATDESC(rawopen, "Raw sockets opened", "RawOpen");
SET_SOCKSTATDESC(udp4openfail, "UDP/IPv4 socket open failures",
"UDP4OpenFail");
SET_SOCKSTATDESC(udp6openfail, "UDP/IPv6 socket open failures",
......@@ -382,6 +383,8 @@ init_desc(void) {
"TCP6OpenFail");
SET_SOCKSTATDESC(unixopenfail, "Unix domain socket open failures",
"UnixOpenFail");
SET_SOCKSTATDESC(rawopenfail, "Raw socket open failures",
"RawOpenFail");
SET_SOCKSTATDESC(udp4close, "UDP/IPv4 sockets closed", "UDP4Close");
SET_SOCKSTATDESC(udp6close, "UDP/IPv6 sockets closed", "UDP6Close");
SET_SOCKSTATDESC(tcp4close, "TCP/IPv4 sockets closed", "TCP4Close");
......@@ -389,6 +392,7 @@ init_desc(void) {
SET_SOCKSTATDESC(unixclose, "Unix domain sockets closed", "UnixClose");
SET_SOCKSTATDESC(fdwatchclose, "FDwatch sockets closed",
"FDWatchClose");
SET_SOCKSTATDESC(rawclose, "Raw sockets closed", "RawClose");
SET_SOCKSTATDESC(udp4bindfail, "UDP/IPv4 socket bind failures",
"UDP4BindFail");
SET_SOCKSTATDESC(udp6bindfail, "UDP/IPv6 socket bind failures",
......@@ -455,12 +459,14 @@ init_desc(void) {
"UnixRecvErr");
SET_SOCKSTATDESC(fdwatchrecvfail, "FDwatch recv errors",
"FDwatchRecvErr");
SET_SOCKSTATDESC(rawrecvfail, "Raw recv errors", "RawRecvErr");
SET_SOCKSTATDESC(udp4active, "UDP/IPv4 sockets active", "UDP4Active");
SET_SOCKSTATDESC(udp6active, "UDP/IPv6 sockets active", "UDP6Active");
SET_SOCKSTATDESC(tcp4active, "TCP/IPv4 sockets active", "TCP4Active");
SET_SOCKSTATDESC(tcp6active, "TCP/IPv6 sockets active", "TCP6Active");
SET_SOCKSTATDESC(unixactive, "Unix domain sockets active",
"UnixActive");
SET_SOCKSTATDESC(rawactive, "Raw sockets active", "RawActive");
INSIST(i == isc_sockstatscounter_max);
/* Initialize DNSSEC statistics */
......@@ -985,7 +991,7 @@ generatexml(ns_server_t *server, isc_uint32_t flags,
ISC_XMLCHAR "type=\"text/xsl\" href=\"/bind9.xsl\""));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "statistics"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "version",
ISC_XMLCHAR "3.4"));
ISC_XMLCHAR "3.5"));
/* Set common fields for statistics dump */
dumparg.type = isc_statsformat_xml;
......
......@@ -163,6 +163,7 @@ command is one of the following:\n\
Add zone to given view. Requires new-zone-file option.\n\
delzone [-clean] zone [class [view]]\n\
Removes zone from given view. Requires new-zone-file option.\n\
scan Scan available network interfaces for changes.\n\
signing -list zone [class [view]]\n\
List the private records showing the state of DNSSEC\n\
signing in the given zone.\n\
......
......@@ -339,6 +339,18 @@
</listitem>
</varlistentry>
<varlistentry>
<term><userinput>scan</userinput></term>
<listitem>
<para>
Scan the list of available network interfaces
for changes, without performing a full
<command>reconfig</command> or waiting for the
<command>interface-interval</command> timer.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><userinput>sync <optional>-clean</optional> <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
<listitem>
......
/* config.h.in. Generated from configure.in by autoheader. */
/*
* Copyright (C) 2004, 2005, 2007, 2008, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2008, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
......@@ -305,6 +305,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <net/if6.h> header file. */
#undef HAVE_NET_IF6_H
/* Define to 1 if you have the <net/route.h> header file. */
#undef HAVE_NET_ROUTE_H
/* Define if your OpenSSL version supports ECDSA. */
#undef HAVE_OPENSSL_ECDSA
......@@ -383,6 +386,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H
/* Define to 1 if you have the <sys/socket.h> header file. */
#undef HAVE_SYS_SOCKET_H
/* Define to 1 if you have the <sys/sockio.h> header file. */
#undef HAVE_SYS_SOCKIO_H
......
......@@ -12544,13 +12544,16 @@ $as_echo "#define STDC_HEADERS 1" >>confdefs.h
fi
for ac_header in fcntl.h regex.h sys/time.h unistd.h sys/mman.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h
for ac_header in fcntl.h regex.h sys/time.h unistd.h sys/mman.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h sys/socket.h net/route.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
#ifdef HAVE_SYS_PARAM_H
# include <sys/param.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif
"
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
......
......@@ -366,11 +366,14 @@ fi
AC_HEADER_STDC
AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/mman.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/mman.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h sys/socket.h net/route.h,,,
[$ac_includes_default
#ifdef HAVE_SYS_PARAM_H
# include <sys/param.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif
])
AC_C_CONST
......
......@@ -5734,6 +5734,23 @@ options {
<variablelist>
<varlistentry>
<term><command>automatic-interface-scan</command></term>
<listitem>
<para>
If <userinput>yes</userinput> and supported by the OS,
automatically rescan network interfaces when the interface
addresses are added or removed. The default is
<userinput>yes</userinput>.
</para>
<para>
Currently the OS needs to support routing sockets for
<command>automatic-interface-scan</command> to be
supported.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>allow-new-zones</command></term>
<listitem>
......
......@@ -206,7 +206,13 @@ enum {
isc_sockstatscounter_tcp6active = 55,
isc_sockstatscounter_unixactive = 56,
isc_sockstatscounter_max = 57
isc_sockstatscounter_rawopen = 57,
isc_sockstatscounter_rawopenfail = 58,
isc_sockstatscounter_rawclose = 59,
isc_sockstatscounter_rawrecvfail = 60,
isc_sockstatscounter_rawactive = 61,
isc_sockstatscounter_max = 62
};
/***
......@@ -280,7 +286,8 @@ typedef enum {
isc_sockettype_udp = 1,
isc_sockettype_tcp = 2,
isc_sockettype_unix = 3,
isc_sockettype_fdwatch = 4
isc_sockettype_fdwatch = 4,
isc_sockettype_raw = 5
} isc_sockettype_t;
/*@{*/
......
......@@ -737,6 +737,19 @@ static const isc_statscounter_t fdwatchstatsindex[] = {
isc_sockstatscounter_fdwatchrecvfail,
-1
};
static const isc_statscounter_t rawstatsindex[] = {
isc_sockstatscounter_rawopen,
isc_sockstatscounter_rawopenfail,
isc_sockstatscounter_rawclose,
-1,
-1,
-1,
-1,
-1,
-1,
isc_sockstatscounter_rawrecvfail,
isc_sockstatscounter_rawactive
};
#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL) || \
defined(USE_WATCHER_THREAD)
......@@ -1884,6 +1897,7 @@ doio_recv(isc__socket_t *sock, isc_socketevent_t *dev) {
return (DOIO_EOF);
break;
case isc_sockettype_udp:
case isc_sockettype_raw:
break;
case isc_sockettype_fdwatch:
default:
......@@ -2462,6 +2476,11 @@ opensocket(isc__socketmgr_t *manager, isc__socket_t *sock,
case isc_sockettype_unix:
sock->fd = socket(sock->pf, SOCK_STREAM, 0);
break;
case isc_sockettype_raw:
sock->fd = socket(sock->pf, SOCK_RAW, 0);
if (sock->pf == PF_ROUTE)
sock->bound = 1;
break;
case isc_sockettype_fdwatch:
/*
* We should not be called for isc_sockettype_fdwatch
......@@ -2796,6 +2815,9 @@ socket_create(isc_socketmgr_t *manager0, int pf, isc_sockettype_t type,
case isc_sockettype_unix:
sock->statsindex = unixstatsindex;
break;
case isc_sockettype_raw:
sock->statsindex = rawstatsindex;
break;
default:
INSIST(0);
}
......
......@@ -1672,6 +1672,11 @@ socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
if (dup_socket != NULL)
return (ISC_R_NOTIMPLEMENTED);
#ifndef SOCK_RAW
if (type == isc_sockettype_raw)
return (ISC_R_NOTIMPLEMENTED);
#endif
result = allocate_socket(manager, type, &sock);
if (result != ISC_R_SUCCESS)
return (result);
......@@ -1704,6 +1709,13 @@ socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
case isc_sockettype_tcp:
sock->fd = socket(pf, SOCK_STREAM, IPPROTO_TCP);
break;
#ifdef SOCK_RAW
case isc_sockettype_raw:
sock->fd = socket(pf, SOCK_RAW, 0);
if (pf == PF_ROUTE)
sock->bound = 1;
break;
#endif
}
#if 0
} else {
......
......@@ -952,6 +952,7 @@ bindkeys_clauses[] = {
*/
static cfg_clausedef_t
options_clauses[] = {
{ "automatic-interface-scan", &cfg_type_boolean, 0 },
{ "avoid-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
{ "avoid-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },
{ "bindkeys-file", &cfg_type_qstring, 0 },
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment