2
* Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
2
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
3
3
* Copyright (C) 1999-2003 Internet Software Consortium.
5
* Permission to use, copy, modify, and distribute this software for any
5
* Permission to use, copy, modify, and/or distribute this software for any
6
6
* purpose with or without fee is hereby granted, provided that the above
7
7
* copyright notice and this permission notice appear in all copies.
44
43
* fully handled (which can be much later), the ns_client_t must be
45
44
* notified of this by calling one of the following functions
46
45
* exactly once in the context of its task:
48
47
* ns_client_send() (sending a non-error response)
49
48
* ns_client_sendraw() (sending a raw response)
50
49
* ns_client_error() (sending an error response)
51
50
* ns_client_next() (sending no response)
53
52
* This will release any resources used by the request and
54
53
* and allow the ns_client_t to listen for the next request.
116
116
dns_rdataset_t * opt;
117
117
isc_uint16_t udpsize;
118
118
isc_uint16_t extflags;
119
isc_int16_t ednsversion; /* -1 noedns */
119
120
void (*next)(ns_client_t *);
120
121
void (*shutdown)(void *arg, isc_result_t result);
121
122
void *shutdown_arg;
122
123
ns_query_t query;
123
124
isc_stdtime_t requesttime;
124
125
isc_stdtime_t now;
125
dns_name_t signername; /* [T]SIG key name */
126
dns_name_t * signer; /* NULL if not valid sig */
127
isc_boolean_t mortal; /* Die after handling request */
126
dns_name_t signername; /*%< [T]SIG key name */
127
dns_name_t * signer; /*%< NULL if not valid sig */
128
isc_boolean_t mortal; /*%< Die after handling request */
128
129
isc_quota_t *tcpquota;
129
130
isc_quota_t *recursionquota;
130
131
ns_interface_t *interface;
154
155
#define NS_CLIENT_VALID(c) ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC)
156
157
#define NS_CLIENTATTR_TCP 0x01
157
#define NS_CLIENTATTR_RA 0x02 /* Client gets recusive service */
158
#define NS_CLIENTATTR_PKTINFO 0x04 /* pktinfo is valid */
159
#define NS_CLIENTATTR_MULTICAST 0x08 /* recv'd from multicast */
160
#define NS_CLIENTATTR_WANTDNSSEC 0x10 /* include dnssec records */
158
#define NS_CLIENTATTR_RA 0x02 /*%< Client gets recusive service */
159
#define NS_CLIENTATTR_PKTINFO 0x04 /*%< pktinfo is valid */
160
#define NS_CLIENTATTR_MULTICAST 0x08 /*%< recv'd from multicast */
161
#define NS_CLIENTATTR_WANTDNSSEC 0x10 /*%< include dnssec records */
162
#define NS_CLIENTATTR_WANTNSID 0x20 /*%< include nameserver ID */
164
extern unsigned int ns_client_requests;
168
171
* Note! These ns_client_ routines MUST be called ONLY from the client's
169
172
* task in order to ensure synchronization.
173
176
ns_client_send(ns_client_t *client);
175
178
* Finish processing the current client request and
176
179
* send client->message as a response.
181
* Note! These ns_client_ routines MUST be called ONLY from the client's
182
* task in order to ensure synchronization.
180
186
ns_client_sendraw(ns_client_t *client, dns_message_t *msg);
182
188
* Finish processing the current client request and
183
189
* send msg as a response using client->message->id for the id.
187
193
ns_client_error(ns_client_t *client, isc_result_t result);
189
195
* Finish processing the current client request and return
190
196
* an error response to the client. The error response
191
197
* will have an RCODE determined by 'result'.
195
201
ns_client_next(ns_client_t *client, isc_result_t result);
197
203
* Finish processing the current client request,
198
204
* return no response to the client.
202
208
ns_client_shuttingdown(ns_client_t *client);
204
210
* Return ISC_TRUE iff the client is currently shutting down.
208
214
ns_client_attach(ns_client_t *source, ns_client_t **target);
210
216
* Attach '*targetp' to 'source'.
214
220
ns_client_detach(ns_client_t **clientp);
216
222
* Detach '*clientp' from its client.
220
226
ns_client_replace(ns_client_t *client);
222
228
* Try to replace the current client with a new one, so that the
223
229
* current one can go off and do some lengthy work without
224
230
* leaving the dispatch/socket without service.
228
234
ns_client_settimeout(ns_client_t *client, unsigned int seconds);
230
236
* Set a timer in the client to go off in the specified amount of time.
234
240
ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
235
241
isc_timermgr_t *timermgr, ns_clientmgr_t **managerp);
237
243
* Create a client manager.
241
247
ns_clientmgr_destroy(ns_clientmgr_t **managerp);
243
249
* Destroy a client manager and all ns_client_t objects
257
263
ns_client_getsockaddr(ns_client_t *client);
259
265
* Get the socket address of the client whose request is
260
266
* currently being processed.
264
ns_client_checkaclsilent(ns_client_t *client,dns_acl_t *acl,
270
ns_client_checkaclsilent(ns_client_t *client,
271
isc_sockaddr_t *sockaddr,
265
273
isc_boolean_t default_allow);
268
276
* Convenience function for client request ACL checking.
270
278
* Check the current client request against 'acl'. If 'acl'
271
279
* is NULL, allow the request iff 'default_allow' is ISC_TRUE.
280
* If netaddr is NULL, check the ACL against client->peeraddr;
281
* otherwise check it against netaddr.
274
* This is appropriate for checking allow-update,
284
*\li This is appropriate for checking allow-update,
275
285
* allow-query, allow-transfer, etc. It is not appropriate
276
286
* for checking the blackhole list because we treat positive
277
287
* matches as "allow" and negative matches as "deny"; in
278
288
* the case of the blackhole list this would be backwards.
281
* 'client' points to a valid client.
282
* 'acl' points to a valid ACL, or is NULL.
291
*\li 'client' points to a valid client.
292
*\li 'sockaddr' points to a valid address, or is NULL.
293
*\li 'acl' points to a valid ACL, or is NULL.
285
* ISC_R_SUCCESS if the request should be allowed
286
* ISC_R_REFUSED if the request should be denied
287
* No other return values are possible.
296
*\li ISC_R_SUCCESS if the request should be allowed
297
* \li ISC_R_REFUSED if the request should be denied
298
*\li No other return values are possible.
291
302
ns_client_checkacl(ns_client_t *client,
303
isc_sockaddr_t *sockaddr,
292
304
const char *opname, dns_acl_t *acl,
293
305
isc_boolean_t default_allow,
296
* Like ns_client_checkacl, but also logs the outcome of the
297
* check at log level 'log_level' if denied, and at debug 3
298
* if approved. Log messages will refer to the request as
299
* an 'opname' request.
308
* Like ns_client_checkaclsilent, except the outcome of the check is
309
* logged at log level 'log_level' if denied, and at debug 3 if approved.
310
* Log messages will refer to the request as an 'opname' request.
302
* Those of ns_client_checkaclsilent(), and:
304
* 'opname' points to a null-terminated string.
313
*\li 'client' points to a valid client.
314
*\li 'sockaddr' points to a valid address, or is NULL.
315
*\li 'acl' points to a valid ACL, or is NULL.
316
*\li 'opname' points to a null-terminated string.
338
349
ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager);
340
351
* Dump the outstanding recursive queries to 'f'.
355
ns_client_qnamereplace(ns_client_t *client, dns_name_t *name);
361
ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
362
isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr,
363
dns_rdataclass_t rdclass, void *arg);
343
368
#endif /* NAMED_CLIENT_H */