source-git / dnssec-trigger

Clone
Source Code
GIT

Files

  1.   3df83db6eb2213edbd68089aa9d97cbd0191eac5
  2.   riggerd
  3.   svr.h
Blob Blame History Raw 
/*
 * svr.h - dnssec-trigger server
 *
 * Copyright (c) 2011, NLnet Labs. All rights reserved.
 *
 * This software is open source.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 * Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 * 
 * Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 * 
 * Neither the name of the NLNET LABS nor the names of its contributors may
 * be used to endorse or promote products derived from this software without
 * specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/**
 * \file
 *
 * This file contains the server definition.
 */

#ifndef SVR_H
#define SVR_H
struct cfg;
struct comm_base;
struct comm_reply;
struct comm_timer;
struct sslconn;
struct listen_list;
struct comm_point;
struct ldns_struct_buffer;
struct probe_ip;
struct http_general;
struct selfupdate;

/**
 * The server
 */
struct svr {
	struct cfg* cfg;
	struct comm_base* base;

	/** SSL context with keys */
	SSL_CTX* ctx;
	/** number of active commpoints that are handling remote control */
	int active;
	/** max active commpoints */
	int max_active;
	/** commpoints for accepting remote control connections */
	struct listen_list* listen;
	/** busy commpoints */
	struct sslconn* busy_list;

	/** udp buffer */
	struct ldns_struct_buffer* udp_buffer;

	/** probes for the IP addresses */
	struct probe_ip* probes;
	/** numprobes in list */
	int num_probes;
	/** number done */
	int num_probes_done;
	/** number of probes to cache servers (i.e. number of DHCP IPs) */
	int num_probes_to_cache;
	/** saw the first working probe */
	int saw_first_working;
	/** saw direct work */
	int saw_direct_work;
	/** saw dnstcp work */
	int saw_dnstcp_work;
	/** attempt to access DNS authority servers directly */
	int probe_direct;
	/** attempt to probe open resolvers on tcp on 80 and 443 ports */
	int probe_dnstcp;
	/** time of probe */
	time_t probetime;

	/** probe retry timer */
	struct comm_timer* retry_timer;
	/** if retry timer is turned on */
	int retry_timer_enabled;
	/** what is the current time for exponential backoff of timer, sec. */
	int retry_timer_timeout;
	/** count of 10-second retries */
	int retry_timer_count;

	/** tcp retry timer */
	struct comm_timer* tcp_timer;
	/** tcp timer was used last time? */
	int tcp_timer_used;

	/** http lookup structure; or NULL if no urlprobe configured or done */
	struct http_general* http;

	/** self update structure; or NULL if no selfupdate */
	struct selfupdate* update;
	/** do we want to check for updates (when dnssec is available) */
	int update_desired;

	/** result of probes */
	enum res_state { 
		/** to authority servers */
		res_auth,
		/** to DHCP-advertised cache on local network */
		res_cache,
		/** to TCP open resolver */
		res_tcp,
		/** to SSL open resolver */
		res_ssl,
		/** no DNSSEC */
		res_dark,
		/** disconnected from the network */
		res_disconn} res_state;
	/* insecure state entered */
	int insecure_state;
	/* forced insecure (for hotspot signon) */
	int forced_insecure;
	/* http insecure (http probe failed, hotspot signon needed perhaps */
	int http_insecure;
	/* skip http probe part (ignore failure until it works again) */
	int skip_http;
};

/** retry timer start (sec.) */
#define RETRY_TIMER_START 10
/** retry timer max value (sec.) */
#define RETRY_TIMER_MAX 86400
/** retrey timer max count (number of 'START' retries for http insecure) */
#define RETRY_TIMER_COUNT_MAX 30
/** timer for tcp state to try again once (sec.) */
#define SVR_TCP_RETRY 20

/** list of commpoints */
struct listen_list {
	struct listen_list* next;
	struct comm_point* c;
};

/** busy ssl connection */
struct sslconn {
	/** the next item in list */
	struct sslconn* next;
	/** the commpoint */
	struct comm_point* c;
	/** in the handshake part */
	enum { rc_hs_none, rc_hs_read, rc_hs_write, rc_hs_want_write,
		rc_hs_want_read, rc_hs_shutdown } shake_state;
	/** the ssl state */
	SSL* ssl;
	/** line state: read or write */
	enum { command_read, persist_read, persist_write,
		persist_write_checkclose } line_state;
	/** buffer with info to send or receive */
	struct ldns_struct_buffer* buffer;
	/** have to fetch another status update right away */
	int fetch_another_update;
	/** close after writing one set of results */
	int close_me;
};

extern struct svr* global_svr;

/** create server */
struct svr* svr_create(struct cfg* cfg);
/** delete server */
void svr_delete(struct svr* svr);
/** perform the service */
void svr_service(struct svr* svr);
/** send results to clients */
void svr_send_results(struct svr* svr);
/** timeouts of retry timer */
void svr_retry_callback(void* arg);
/** timeouts of tcp timer */
void svr_tcp_callback(void* arg);

/** start or enable next timeout on the retry timer */
void svr_retry_timer_next(int http_mode);
/** stop retry timeouts */
void svr_retry_timer_stop(void);
/** set tcp retry timer */
void svr_tcp_timer_enable(void);
/** stop tcp retry timer timeouts */
void svr_tcp_timer_stop(void);

/** perform a reprobe */
void cmd_reprobe(void);
/** check if software updates have to be performed */
void svr_check_update(struct svr* svr);
/** signal update to panels over commandchannel */
void svr_signal_update(struct svr* svr, char* version_available);

int handle_ssl_accept(struct comm_point* c, void* arg, int error,
        struct comm_reply* reply_info);
int control_callback(struct comm_point* c, void* arg, int error,
        struct comm_reply* reply_info);

#endif /* SVR_H */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation