Mercurial > notdcc

comparison dccd/work.c @ 0:c7f6b056b673

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
First import of vendor version
author Peter Gervai <grin@grin.hu>
date Tue, 10 Mar 2009 13:49:58 +0100
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:c7f6b056b673
1 /* Distributed Checksum Clearinghouse
2 *
3 * work on a job in the server
4 *
5 * Copyright (c) 2008 by Rhyolite Software, LLC
6 *
7 * This agreement is not applicable to any entity which sells anti-spam
8 * solutions to others or provides an anti-spam solution as part of a
9 * security solution sold to other entities, or to a private network
10 * which employs the DCC or uses data provided by operation of the DCC
11 * but does not provide corresponding data to other users.
12 *
13 * Permission to use, copy, modify, and distribute this software without
14 * changes for any purpose with or without fee is hereby granted, provided
15 * that the above copyright notice and this permission notice appear in all
16 * copies and any distributed versions or copies are either unchanged
17 * or not called anything similar to "DCC" or "Distributed Checksum
18 * Clearinghouse".
19 *
20 * Parties not eligible to receive a license under this agreement can
21 * obtain a commercial license to use DCC by contacting Rhyolite Software
22 * at sales@rhyolite.com.
23 *
24 * A commercial license would be for Distributed Checksum and Reputation
25 * Clearinghouse software. That software includes additional features. This
26 * free license for Distributed ChecksumClearinghouse Software does not in any
27 * way grant permision to use Distributed Checksum and Reputation Clearinghouse
28 * software
29 *
30 * THE SOFTWARE IS PROVIDED "AS IS" AND RHYOLITE SOFTWARE, LLC DISCLAIMS ALL
31 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
32 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL RHYOLITE SOFTWARE, LLC
33 * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
34 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
35 * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
36 * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
37 * SOFTWARE.
38 *
39 * Rhyolite Software DCC 1.3.103-1.287 $Revision$
40 */
41
42 #include "dccd_defs.h"
43
44 typedef struct {
45 time_t us;
46 u_int ops;
47 } Q_DELAY_SEC;
48 static Q_DELAY_SEC q_delays[9];
49 static Q_DELAY_SEC q_delays_sum; /* sum of all but q_delays[0] */
50 static time_t q_delays_start; /* second for q_delayw[0] */
51
52 DCCD_STATS dccd_stats;
53
54 u_char query_only; /* 1=treat reports as queries */
55
56 u_char grey_weak_body; /* 1=ignore bodies for greylisting */
57 u_char grey_weak_ip; /* 1=a good triple whitelists addr */
58
59 static u_char ridc_get(QUEUE *);
60
61
62 /* report cache used to detect duplicate or retransmitted reports */
63 static RIDC *ridc_newest, *ridc_oldest;
64 static RIDC **ridc_hash;
65 static int ridc_hash_len;
66
67
68 static inline RIDC **
69 ridc_hash_fnc(DCC_HDR *hdr)
70 {
71 u_int32_t sum;
72
73 /* The client's (ID,RID,HID,PID) should be unique and constant for
74 * retransmissions of a single request. It should make a reasonable
75 * hash value. We cannot trust it entirely, if only because of
76 * anonymous clients */
77 sum = hdr->sender;
78 sum += hdr->op_nums.h;
79 sum += hdr->op_nums.p;
80 sum += hdr->op_nums.r;
81
82 return &ridc_hash[mhash(sum, ridc_hash_len)];
83 }
84
85
86
87 static void
88 ridc_ref(RIDC *ridc)
89 {
90 ridc->last_used = db_time.tv_sec;
91 if (!ridc->newer)
92 return; /* it's already newest */
93
94 ridc->newer->older = ridc->older;
95 if (ridc->older)
96 ridc->older->newer = ridc->newer;
97 else
98 ridc_oldest = ridc->newer;
99 ridc->older = ridc_newest;
100 ridc->newer = 0;
101 ridc_newest->newer = ridc;
102 ridc_newest = ridc;
103 }
104
105
106
107 /* get a free report cache block */
108 static RIDC *
109 ridc_get_free(void)
110 {
111 RIDC *ridc;
112 time_t stale = db_time.tv_sec - DCC_MAX_RETRANS_DELAY_SECS;
113
114 for (ridc = ridc_oldest; ridc != 0; ridc = ridc->newer) {
115 if (ridc->last_used < stale) {
116 /* found one, so recycle it */
117 if (ridc->fwd)
118 ridc->fwd->bak = ridc->bak;
119 if (ridc->bak)
120 ridc->bak->fwd = ridc->fwd;
121 else if (ridc->hash)
122 *ridc->hash = ridc->fwd;
123 ridc->bak = 0;
124 ridc_ref(ridc);
125 return ridc;
126 }
127 }
128
129 /* there are no free blocks that are old enough to recycle */
130 return 0;
131 }
132
133
134
135 /* make some (more) RID blocks and (re)build the hash table */
136 static void
137 ridc_make(void)
138 {
139 int new_len, old_len, j;
140 RIDC *ridc, *ridc2, **ridch, **old_ridc_hash;
141
142 new_len = queue_max;
143 ridc = dcc_malloc(new_len*sizeof(*ridc));
144 if (!ridc)
145 dcc_logbad(EX_OSERR, "malloc(%d RIDC blocks) failed",
146 new_len);
147 memset(ridc, 0, new_len*sizeof(*ridc));
148 for (j = 0; j < new_len; ++j, ++ridc) { /* make the new blocks oldest */
149 if (!ridc_oldest) {
150 ridc_oldest = ridc_newest = ridc;
151 } else {
152 ridc_oldest->older = ridc;
153 ridc->newer = ridc_oldest;
154 ridc_oldest = ridc;
155 }
156 }
157
158 /* rebuild and expand the hash table */
159 old_len = ridc_hash_len;
160 ridc_hash_len += new_len;
161 old_ridc_hash = ridc_hash;
162 ridc_hash = dcc_malloc(ridc_hash_len*sizeof(*ridch));
163 if (!ridc_hash)
164 dcc_logbad(EX_OSERR, "malloc(%d RIDC hash table) failed",
165 ridc_hash_len);
166 memset(ridc_hash, 0, ridc_hash_len*sizeof(*ridch));
167 if (old_len != 0) {
168 do {
169 for (ridc = old_ridc_hash[--old_len];
170 ridc != 0;
171 ridc = ridc2) {
172 ridch = ridc_hash_fnc(&ridc->hdr);
173 ridc2 = ridc->fwd;
174 ridc->bak = 0;
175 ridc->hash = ridch;
176 if ((ridc->fwd = *ridch) != 0)
177 ridc->fwd->bak = ridc;
178 *ridch = ridc;
179 }
180 } while (old_len != 0);
181 dcc_free(old_ridc_hash);
182 }
183 }
184
185
186
187 /* get the report cache block for an operation */
188 static u_char /* 0=new operation, 1=retransmission */
189 ridc_get(QUEUE *q)
190 {
191 RIDC *ridc, **ridch;
192
193 for (;;) {
194 if (ridc_hash) {
195 /* look for the existing report cache block */
196 ridch = ridc_hash_fnc(&q->pkt.hdr);
197 for (ridc = *ridch; ridc; ridc = ridc->fwd) {
198 /* Reports are relatively small, so we
199 * can afford to not trust the client's
200 * RID to be unique. Compare all but the
201 * client's transmission #.
202 * Also check client's UDP port # because
203 * it should be unchanged regardless of
204 * multi-homing. */
205 if (ridc->clnt_port == q->clnt_su.ipv4.sin_port
206 && !memcmp(&ridc->hdr, &q->pkt.hdr,
207 sizeof(ridc->hdr)
208 - sizeof(ridc->hdr.op_nums.t))) {
209 /* found it, so make it newest */
210 ridc_ref(ridc);
211 q->ridc = ridc;
212 return 1;
213 }
214 }
215
216 /* the block does not already exist, so create it */
217 ridc = ridc_get_free();
218 if (ridc)
219 break;
220 }
221 /* we are out of report cache blocks, so make more */
222 ridc_make();
223
224 /* re-hash because our previous pointer is invalid */
225 }
226
227 memcpy(&ridc->hdr, &q->pkt.hdr, sizeof(ridc->hdr));
228 ridc->clnt_port = q->clnt_su.ipv4.sin_port;
229 ridc->op = DCC_OP_INVALID;
230 ridc->bad = 1;
231 ridc->len = 0;
232 ridc->hash = ridch;
233 ridc->fwd = *ridch;
234 if (ridc->fwd)
235 ridc->fwd->bak = ridc;
236 *ridch = ridc;
237
238 q->ridc = ridc;
239 return 0;
240 }
241
242
243
244 #define RIDC_BAD(q) {if ((q)->ridc) (q)->ridc->bad = 1;}
245
246
247 /* update the average queue delay at the start of a new second */
248 static void
249 update_q_delay(void)
250 {
251 time_t secs;
252 Q_DELAY_SEC *src, *tgt;
253
254 secs = db_time.tv_sec - q_delays_start;
255 if (secs == 0)
256 return;
257
258 /* At the start of a new second,
259 * forget the delays for old seconds we no longer care about
260 * and start accumulating delays for the new second
261 * Slide accumulated delays and total operations previous seconds. */
262 q_delays_start = db_time.tv_sec;
263 q_delays_sum.us = 0;
264 q_delays_sum.ops = 0;
265 tgt = LAST(q_delays);
266 if (secs > 0 && secs < DIM(q_delays)) {
267 src = tgt - secs;
268 do {
269 q_delays_sum.us += (tgt->us = src->us);
270 q_delays_sum.ops += (tgt->ops = src->ops);
271 --tgt;
272 } while (src-- != &q_delays[0]);
273 }
274 memset(q_delays, 0, sizeof(q_delays[0]) * (tgt+1 - q_delays));
275 }
276
277
278
279 /* compute the average queue delay this client should see */
280 static u_int
281 avg_q_delay_ms(const QUEUE *q)
282 {
283 u_int ops;
284 time_t us;
285
286 /* get the average service delay excluding per-client-ID delays */
287 update_q_delay();
288 ops = q_delays[0].ops + q_delays_sum.ops;
289 if (ops == 0)
290 us = 0;
291 else
292 us = (q_delays[0].us + q_delays_sum.us + ops/2) / ops;
293
294 /* add the per-client-ID penalty */
295 us += q->delay_us;
296 return (us + 500) / 1000;
297 }
298
299
300
301 /* get a unique timestamp */
302 static void
303 get_ts(DCC_TS *ts) /* put it here */
304 {
305 static struct timeval prev_time;
306 static int faked;
307
308 /* if we have generated a lot of fake timestamps
309 * and our snapshot of the clock is old,
310 * then check the clock in the hope it has ticked */
311 if (db_time.tv_usec <= prev_time.tv_usec
312 && db_time.tv_sec == prev_time.tv_sec
313 && faked > 100) {
314 faked = 0;
315 gettimeofday(&db_time, 0);
316 }
317
318 /* Try to make the next timestamp unique, but only as long
319 * as time itself marches forward. This must work many times
320 * a second, or the resoltion of DCC timestaps.
321 * Worse, the increment can exhaust values from future seconds.
322 * Forget about it if the problem lasts for more than 5 minutes. */
323 if (db_time.tv_sec > prev_time.tv_sec
324 || (db_time.tv_sec == prev_time.tv_sec
325 && db_time.tv_usec > prev_time.tv_usec)
326 || db_time.tv_sec < prev_time.tv_sec-5*60) {
327 /* either the current time is good enough or we must
328 * give up and use it to make the timestamp */
329 prev_time = db_time;
330 faked = 0;
331
332 } else {
333 /* fudge the previous timestamp to make it good enough */
334 prev_time.tv_usec += DCC_TS_US_MULT;
335 if (prev_time.tv_usec >= DCC_US) {
336 prev_time.tv_usec -= DCC_US;
337 ++prev_time.tv_sec;
338 }
339 ++faked;
340 }
341
342 dcc_timeval2ts(ts, &prev_time, 0);
343 }
344
345
346
347 /* find database record for a server-ID
348 * use only db_sts.hash and db_sts.rcd2
349 * put the result in db_sts.rcd2 */
350 int /* -1=broken database 0=no record */
351 find_srvr_rcd(const DCC_SUM sum, const char *str)
352 {
353 DB_RCD_CK *found_ck;
354 DB_PTR prev;
355 int failsafe;
356
357 switch (db_lookup(dcc_emsg, DCC_CK_SRVR_ID, sum,
358 0, MAX_HASH_ENTRIES,
359 &db_sts.hash, &db_sts.rcd2, &found_ck)) {
360 case DB_FOUND_LATER:
361 case DB_FOUND_SYSERR:
362 DB_ERROR_MSG2(str, dcc_emsg);
363 return -1;
364 case DB_FOUND_IT:
365 /* look for a record that is neither obsolete nor deleted */
366 for (failsafe = 0; failsafe < 20; ++failsafe) {
367 if (!DB_CK_OBS(found_ck)
368 && DB_TGTS_RCD(db_sts.rcd2.d.r) != 0)
369 return 1;
370 prev = DB_PTR_EX(found_ck->prev);
371 if (prev == DB_PTR_NULL)
372 return 0;
373 found_ck = db_map_rcd_ck(dcc_emsg, &db_sts.rcd2, prev,
374 DCC_CK_SRVR_ID);
375 if (!found_ck) {
376 DB_ERROR_MSG2(str, dcc_emsg);
377 return -1;
378 }
379 }
380 break;
381 case DB_FOUND_EMPTY:
382 case DB_FOUND_CHAIN:
383 case DB_FOUND_INTRUDER:
384 break;
385 }
386 return 0;
387 }
388
389
390
391 /* find the database record of the type of a server
392 * use only db_sts.hash and db_sts.rcd2
393 * put the result in db_sts.rcd2 */
394 int /* -1=broken database 0=no record */
395 find_srvr_rcd_type(DCC_SRVR_ID tgt_id)
396 {
397 DCC_SUM srvr_id_sum;
398
399 if (db_failed_line)
400 return -1;
401 memset(srvr_id_sum, 0, sizeof(srvr_id_sum));
402 srvr_id_sum[0] = DCC_CK_SRVR_ID;
403 srvr_id_sum[1] = tgt_id >> 8;
404 srvr_id_sum[2] = tgt_id;
405 return find_srvr_rcd(srvr_id_sum, "checking server-ID state");
406 }
407
408
409
410 /* find the server type in the table of IDs */
411 ID_TBL *
412 find_srvr_type(DCC_SRVR_ID tgt_id)
413 {
414 ID_TBL *tp;
415 DCC_SRVR_ID srvr_type;
416
417 tp = find_id_tbl(tgt_id);
418 if (!tp) {
419 /* check the database if it is not in the table */
420 if (0 >= find_srvr_rcd_type(tgt_id)) {
421 /* assume it is a simple server if there is
422 * no declaration in the database */
423 srvr_type = DCC_ID_SRVR_SIMPLE;
424 } else {
425 srvr_type = DB_RCD_ID(db_sts.rcd2.d.r);
426 if (!DCC_ID_SRVR_TYPE(srvr_type))
427 srvr_type = DCC_ID_SRVR_SIMPLE;
428 /* the free code knows nothing about reputations */
429 if (srvr_type == DCC_ID_SRVR_REP_OK)
430 srvr_type = DCC_ID_SRVR_SIMPLE;
431 }
432 /* cache it in the table */
433 tp = add_id_tbl(tgt_id);
434 tp->srvr_type = srvr_type;
435 }
436 return tp;
437 }
438
439
440
441 /* refresh our claim to our server-ID or similar
442 * use only db_sts.hash and db_sts.rcd2 */
443 void
444 refresh_srvr_rcd(const DCC_SUM sum, DCC_SRVR_ID val, const char *str)
445 {
446 DCC_TS old;
447 DB_RCD rcd;
448 int i;
449
450 /* add a new record
451 * only if no recent record of the right value exists */
452 i = find_srvr_rcd(sum, str);
453 if (i < 0)
454 return; /* broken database */
455 if (i > 0
456 && DB_RCD_ID(db_sts.rcd2.d.r) == val) {
457 dcc_timeval2ts(&old, &db_time, -DCC_SRVR_ID_SECS/2);
458 if (!dcc_ts_older_ts(&db_sts.rcd2.d.r->ts, &old))
459 return;
460 }
461
462 memset(&rcd, 0, sizeof(rcd));
463 get_ts(&rcd.ts);
464 rcd.srvr_id_auth = val;
465 DB_TGTS_RCD_SET(&rcd, 1);
466 rcd.fgs_num_cks = 1;
467 rcd.cks[0].type_fgs = DCC_CK_SRVR_ID;
468 memcpy(rcd.cks[0].sum, sum, sizeof(DCC_SUM));
469 if (!db_add_rcd(dcc_emsg, &rcd))
470 DB_ERROR_MSG2(str, dcc_emsg);
471 }
472
473
474
475 static void
476 send_resp(const QUEUE *q,
477 DCC_HDR *hdr, /* length in host byte order */
478 u_char no_msg)
479 {
480 u_int save_len;
481 char ob[DCC_OPBUF];
482 int len, i;
483
484 len = hdr->len;
485 hdr->len = htons(len);
486 /* callers must have dealt with the variations due to versions */
487 if (q->pkt.hdr.pkt_vers < DCC_PKT_VERSION_MIN)
488 hdr->pkt_vers = DCC_PKT_VERSION_MIN;
489 else if (q->pkt.hdr.pkt_vers > DCC_PKT_VERSION_MAX)
490 hdr->pkt_vers = DCC_PKT_VERSION_MAX;
491 else
492 hdr->pkt_vers = q->pkt.hdr.pkt_vers;
493 hdr->sender = htonl(my_srvr_id);
494 hdr->op_nums = q->pkt.hdr.op_nums;
495 if (q->passwd[0] != '\0') {
496 /* sign with the password that authenticated the client */
497 dcc_sign(q->passwd, sizeof(q->passwd), hdr, len);
498 #ifdef DCC_PKT_VERSION8
499 } else if (q->pkt.hdr.pkt_vers <= DCC_PKT_VERSION8) {
500 /* Sign old protocol responses with the client's transaction
501 * numbers if we do not have a good password.
502 * This happens with anonymous clients */
503 dcc_sign((char *)&q->pkt.hdr.op_nums,
504 sizeof(q->pkt.hdr.op_nums),
505 hdr, len);
506 #endif
507 } else {
508 memset((char *)hdr + (len-sizeof(DCC_SIGNATURE)), 0,
509 sizeof(DCC_SIGNATURE));
510 }
511
512 if (q->ridc) {
513 save_len = len-sizeof(*hdr)-sizeof(DCC_SIGNATURE);
514 if (save_len > ISZ(q->ridc->result)) {
515 if (hdr->op == DCC_OP_ERROR)
516 save_len = sizeof(q->ridc->result);
517 else
518 dcc_logbad(EX_SOFTWARE, "RIDC buffer overflow");
519 }
520 q->ridc->len = save_len;
521 memcpy(&q->ridc->result, hdr+1, save_len);
522 q->ridc->op = hdr->op;
523 q->ridc->bad = 0;
524 }
525
526 i = sendto(q->sp->udp, hdr, len, 0,
527 &q->clnt_su.sa, DCC_SU_LEN(&q->clnt_su));
528 if (i < 0) {
529 clnt_msg(q, "sendto(%s, %s): %s",
530 dcc_hdr_op2str(ob, sizeof(ob), hdr), Q_CIP(q),
531 ERROR_STR());
532 } else if (len != i) {
533 clnt_msg(q, "sendto(%s, %s)=%d instead of %d",
534 dcc_hdr_op2str(ob, sizeof(ob), hdr), Q_CIP(q),
535 i, len);
536 } else if (!no_msg
537 && (dccd_tracemask & ((hdr->op == DCC_OP_ANSWER
538 || hdr->op == DCC_OP_NOP)
539 ? DCC_TRACE_QUERY_BIT
540 : DCC_TRACE_ADMN_BIT))) {
541 dcc_trace_msg("sent %s to %s for %s",
542 dcc_hdr_op2str(ob, sizeof(ob), hdr),
543 Q_CIP(q), qop2str(q));
544 }
545
546 }
547
548
549
550 /* do not send an error response to a client */
551 static void PATTRIB(2,3)
552 forget_error(const QUEUE *q, const char *p, ...)
553 {
554 va_list args;
555
556 RIDC_BAD(q);
557
558 if ((!q->flags & Q_FG_BAD_PASSWD)
559 && !(q->rl->d.flags & RL_FG_BLS)) {
560 q->rl->d.flags |= RL_FG_BL_BAD;
561 ++dccd_stats.bad_op;
562 }
563
564 va_start(args, p);
565 vclnt_msg(q, p, args);
566 va_end(args);
567 }
568
569
570
571 /* send an error response to a client */
572 static void
573 send_error(const QUEUE *q, const char *p, ...)
574 {
575 DCC_ERROR buf;
576 int slen;
577 va_list args;
578
579
580 /* build and log the message */
581 va_start(args, p);
582 slen = vsnprintf(buf.msg, sizeof(buf.msg), p, args);
583 if (slen > ISZ(buf.msg)-1)
584 slen = ISZ(buf.msg)-1;
585 va_end(args);
586 clnt_msg(q, "\"%s\" sent to %s", buf.msg, Q_CIP(q));
587
588 /* send it */
589 buf.hdr.len = sizeof(buf)-sizeof(buf.msg)+slen+1;
590 buf.hdr.op = DCC_OP_ERROR;
591 send_resp(q, &buf.hdr, 1);
592
593 ++dccd_stats.send_error;
594 }
595
596
597
598 #define NORESP_EMSG(q) noresp_emsg(q, __LINE__)
599
600 static void
601 noresp_emsg(const QUEUE *q, int linenum)
602 {
603 dcc_error_msg("error near line %d in "DCC_VERSION" "__FILE__, linenum);
604 RIDC_BAD(q);
605 }
606
607
608
609 /* tell client that a NOP or an administrative request was ok */
610 static void
611 send_ok(QUEUE *q)
612 {
613 DCC_OK buf;
614 time_t us;
615
616 memset(&buf, 0, sizeof(buf));
617
618 buf.max_pkt_vers = max(min(q->pkt.hdr.pkt_vers, DCC_PKT_VERSION_MAX),
619 DCC_PKT_VERSION_MIN);
620 us = (q->delay_us + 500) / 1000;
621 buf.qdelay_ms = htons(us);
622 strncpy(buf.brand, brand, sizeof(buf.brand));
623 buf.hdr.op = DCC_OP_OK;
624 buf.hdr.len = sizeof(buf);
625
626 send_resp(q, &buf.hdr, 0);
627 }
628
629
630
631 static void
632 repeat_resp(QUEUE *q)
633 {
634 struct {
635 DCC_HDR hdr;
636 u_char b[sizeof(q->ridc->result)];
637 } buf;
638 char ob[DCC_OPBUF];
639
640 ++dccd_stats.report_retrans;
641
642 if (q->ridc->bad) {
643 TMSG1(RIDC, "repeat drop of %s", from_id_ip(q, 1));
644 return;
645 }
646
647 memcpy(&buf.hdr+1, &q->ridc->result, q->ridc->len);
648 buf.hdr.op = q->ridc->op;
649 buf.hdr.len = htons(q->ridc->len
650 + sizeof(buf.hdr) + sizeof(DCC_SIGNATURE));
651 TMSG2(RIDC, "repeat previous answer of %s for %s",
652 dcc_hdr_op2str(ob, sizeof(ob), &buf.hdr),
653 from_id_ip(q, 1));
654 buf.hdr.len = ntohs(buf.hdr.len);
655 send_resp(q, &buf.hdr, 0);
656 }
657
658
659
660 /* find a checksum in the database
661 * use only db_sts.hash and db_sts.rcd2
662 * put the result in db_sts.rcd2 */
663 static u_char /* 0=broken database */
664 get_ck_tgts(DCC_TGTS *tgtsp,
665 const DB_RCD_CK **pfound_ck,
666 u_char must_have_it, /* 1=database broken if cksum absent */
667 DCC_CK_TYPES type,
668 const DCC_SUM sum)
669 {
670 DB_RCD_CK *found_ck;
671
672 switch (db_lookup(dcc_emsg, type, sum, 0, MAX_HASH_ENTRIES,
673 &db_sts.hash, &db_sts.rcd2, &found_ck)) {
674 case DB_FOUND_LATER:
675 case DB_FOUND_SYSERR:
676 DB_ERROR_MSG(dcc_emsg);
677 return 0;
678 case DB_FOUND_IT:
679 if (pfound_ck)
680 *pfound_ck = found_ck;
681 if (tgtsp)
682 *tgtsp = DB_TGTS_CK(found_ck);
683 break;
684 case DB_FOUND_EMPTY:
685 case DB_FOUND_CHAIN:
686 case DB_FOUND_INTRUDER:
687 if (must_have_it) {
688 db_error_msg(__LINE__,__FILE__,
689 "missing hash entry for %s %s ",
690 DB_TYPE2STR(type),
691 dcc_ck2str_err(type, sum, 0));
692 return 0;
693 }
694 if (pfound_ck)
695 *pfound_ck = 0;
696 if (tgtsp)
697 *tgtsp = 0;
698 break;
699 }
700 return 1;
701 }
702
703
704
705 /* see if a count just passed a multiple of a threshold and so is
706 * worth flooding or summarizing */
707 static u_char /* 1=time to summarize this checksum */
708 quick_sum_thold(DCC_CK_TYPES type,
709 DCC_TGTS rpt_tgts, /* targets in this report */
710 DCC_TGTS ck_tgts) /* grand total */
711 {
712 static DCC_TGTS thold_mults[] = {
713 1, 2, 3, 5, 10
714 };
715 DCC_TGTS thold;
716 DCC_TGTS mult, new_mult, old_mult;
717 int i;
718
719 thold = flod_tholds[type];
720 if (ck_tgts < thold
721 || thold >= DCC_TGTS_TOO_MANY)
722 return 0;
723 if (thold == 0)
724 return 1;
725
726 new_mult = ck_tgts / thold;
727 old_mult = (ck_tgts - rpt_tgts) / thold;
728 for (i = 0; i < DIM(thold_mults); ++i) {
729 mult = thold_mults[i];
730 if (old_mult < mult)
731 return (new_mult >= mult);
732 }
733 return 0;
734 }
735
736
737
738 /* compute summarizable total for one checksum
739 * use db_sts.hash, db_sts.rcd2, and *rcd_st */
740 static DCC_TGTS /* DCC_TGTS_INVALID=broken database */
741 sum_total(DCC_CK_TYPES type, /* look for this */
742 const DCC_SUM sum,
743 u_char must_have_it,
744 DB_STATE *rcd_st, /* starting here */
745 const DB_RCD_CK *found_ck,
746 u_char *undelay_ok, /* 0=cannot undelay by clearing bit */
747 DB_PTR *sum_oldest)
748 {
749 DB_PTR prev;
750 DCC_TGTS rcd_tgts, sub_total;
751 int limit;
752
753 if (!rcd_st) {
754 if (!get_ck_tgts(0, &found_ck, must_have_it, type, sum))
755 return DCC_TGTS_INVALID;
756 if (!found_ck)
757 return 0;
758 rcd_st = &db_sts.rcd2;
759 }
760
761 if (sum_oldest)
762 *sum_oldest = DB_PTR_MAX;
763 sub_total = 0;
764 for (limit = 10000; limit >= 0; --limit) {
765 /* stop adding reports at the first summary or
766 * compressed record in the hash chain */
767 if (DB_RCD_SUMRY(rcd_st->d.r)
768 || DB_RCD_ID(rcd_st->d.r) == DCC_ID_COMP)
769 break;
770
771 /* honor deletions */
772 rcd_tgts = DB_TGTS_RCD(rcd_st->d.r);
773 if (rcd_tgts == 0)
774 break;
775
776 /* We can only summarize our own delayed reports
777 * to keep loops in the flooding topology from
778 * inflating totals. */
779 if (DB_RCD_DELAY(rcd_st->d.r)
780 && DB_RCD_ID(rcd_st->d.r) == my_srvr_id) {
781 if (sum_oldest)
782 *sum_oldest = rcd_st->s.rptr;
783 sub_total = db_sum_ck(sub_total, rcd_tgts, type);
784 /* if we summarize more than one record,
785 * then we cannot simply convert the record */
786 if (undelay_ok
787 && db_sts.sumrcd.s.rptr != rcd_st->s.rptr)
788 *undelay_ok = 0;
789 }
790 prev = DB_PTR_EX(found_ck->prev);
791 if (prev == DB_PTR_NULL)
792 break;
793 rcd_st = &db_sts.rcd2;
794 found_ck = db_map_rcd_ck(dcc_emsg, rcd_st, prev, type);
795 if (!found_ck) {
796 DB_ERROR_MSG(dcc_emsg);
797 return 0;
798 }
799 }
800
801 return sub_total;
802 }
803
804
805
806 /* generate a summary record of checksum counts
807 * db_sts.sumrcd points to the record being summarize on entry
808 * On exit db_sts.sumrcd points to the same record or the original
809 * has been trashed and db_sts.sumrcd points to a moved copy.
810 * Use db_sts.rcd, db_sts.hash, db_sts.rcd2, db_sts.free, db_sts.tmp */
811 static u_char /* 0=sick db, 1=ok, 2=moved rcd */
812 summarize_rcd(u_char dly) /* 1=working on delayed records */
813 {
814 DB_RCD new;
815 DCC_TGTS rcd_tgts, ck_tgts, new_tgts, sub_total;
816 DCC_CK_TYPES type;
817 DB_RCD_CK *cur_ck, *new_ck;
818 int cur_num_cks;
819 u_char ck_needed; /* 0=junk cksum, 2=needed in new rcd */
820 u_char rcd_needed; /* 1=have created rcd to add */
821 u_char undelay_ok; /* 1=ok to remove delay bit */
822 u_char move_ok;
823 DB_PTR sum_oldest;
824 DB_PTR rcd_pos;
825
826 if (db_lock() < 0)
827 return 0;
828
829 /* For each checksum whose flooding was delayed but is now needed,
830 * generate a fake record that will be flooded */
831 cur_num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r);
832 cur_ck = db_sts.sumrcd.d.r->cks;
833 new_tgts = 0;
834 undelay_ok = (FLODS_OK()
835 && (DB_RCD_ID(db_sts.sumrcd.d.r) == my_srvr_id));
836 move_ok = 1;
837 rcd_needed = 0;
838 new_ck = new.cks;
839 do {
840 /* Sum counts of all delayed reports for this checksum */
841 type = DB_CK_TYPE(cur_ck);
842 if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type))
843 continue;
844
845 ck_needed = DB_CK_OBS(cur_ck) ? 0 : 1;
846
847 /* skip trudging through the hash table to find the
848 * most recent instance of the checksum if we
849 * are dealing with a new record and so already
850 * have the most recent instance. */
851 sub_total = sum_total(type, cur_ck->sum, 1,
852 !dly ? &db_sts.sumrcd : 0,
853 cur_ck, &undelay_ok, &sum_oldest);
854 if (sub_total == DCC_TGTS_INVALID)
855 return 0;
856
857 /* Deletions and summaries between our record and the start
858 * of the hash chain remove the need to flood this checkusm */
859 if (sub_total == 0) {
860 /* skipping a checksum in the original
861 * record makes it impossible to move it */
862 move_ok = 0;
863 continue;
864 }
865
866 if (ck_needed == 1) {
867 ck_tgts = DB_TGTS_CK(cur_ck);
868 if (dly) {
869 /* Flood only 1 summary per delay period */
870 if ((flod_mmaps == 0
871 || sum_oldest <= flod_mmaps->delay_pos)
872 && ck_tgts >= flod_tholds[type])
873 ck_needed = 2;
874 } else {
875 /* We are considering the need for a summary
876 * based on a report just received from a client
877 * or by flooding */
878 if (quick_sum_thold(type, sub_total, ck_tgts))
879 ck_needed = 2;
880 }
881 }
882
883 if (new_ck != new.cks) {
884 /* We have already begun a summary record. */
885
886 if (sub_total == new_tgts) {
887 /* extend it with this checksum even if we do
888 * not really need to flood this checksum */
889 new_ck->type_fgs = type;
890 memcpy(new_ck->sum, cur_ck->sum,
891 sizeof(new_ck->sum));
892 ++new.fgs_num_cks;
893 ++new_ck;
894 if (ck_needed == 2)
895 rcd_needed = 1;
896 continue;
897 }
898 /* We cannot extend the current summary record. */
899
900 /* If we don't really need the checksum,
901 * then forget the checksum. */
902 if (ck_needed != 2) {
903 /* skipping a checksum in the original
904 * record makes it impossible to move */
905 move_ok = 0;
906 continue;
907 }
908
909 /* Add the current summary record to the database if
910 * it is needed. */
911 if (rcd_needed) {
912 if (!db_add_rcd(dcc_emsg, &new)) {
913 DB_ERROR_MSG(dcc_emsg);
914 return 0;
915 }
916 }
917 /* start a new summary with this checksum. */
918 rcd_needed = 0;
919 /* having added one summary record,
920 * we cannot undelay or move the original record */
921 undelay_ok = 0;
922 }
923
924 /* start a new summary record */
925 new.srvr_id_auth = my_srvr_id;
926 get_ts(&new.ts);
927 new_tgts = sub_total;
928 DB_TGTS_RCD_SET(&new, new_tgts);
929 new.fgs_num_cks = DB_RCD_FG_SUMRY+1;
930 new_ck = new.cks;
931 new_ck->type_fgs = type;
932 memcpy(new_ck->sum, cur_ck->sum, sizeof(new_ck->sum));
933 ++new_ck;
934 if (ck_needed == 2)
935 rcd_needed = 1;
936 } while (++cur_ck, --cur_num_cks > 0);
937
938 /* finished if nothing more to summarize */
939 if (!rcd_needed) {
940 return 1;
941 }
942
943 /* Add the last summary record */
944 if (undelay_ok) {
945 /* If possible, instead of adding a new record,
946 * change the preceding record to not be delayed
947 * That is possible if the preceding record has
948 * not yet been passed by the flooding */
949 if (db_sts.sumrcd.s.rptr >= oflods_max_cur_pos
950 && oflods_max_cur_pos != 0) {
951 db_sts.sumrcd.d.r->fgs_num_cks &= ~DB_RCD_FG_DELAY;
952 SET_FLUSH_RCD_HDR(&db_sts.sumrcd, 1);
953 return 1;
954 }
955
956 /* failing that, try to move the record by making a new copy
957 * and deleting the original */
958 if (move_ok) {
959 /* make the new record */
960 memcpy(&new, db_sts.sumrcd.d.r, DB_RCD_LEN(&new));
961 new.fgs_num_cks &= ~DB_RCD_FG_DELAY;
962
963 /* delete the old record */
964 DB_TGTS_RCD_SET(db_sts.sumrcd.d.r, 0);
965
966 /* adjust the totals in the old record so
967 * that the totals in the new record will be right */
968 rcd_tgts = DB_TGTS_RCD(&new);
969 cur_num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r);
970 cur_ck = db_sts.sumrcd.d.r->cks;
971 do {
972 new_tgts = DB_TGTS_CK(cur_ck);
973 if (new_tgts >= DCC_TGTS_TOO_MANY)
974 continue;
975 if (new_tgts != 0)
976 new_tgts -= rcd_tgts;
977 DB_TGTS_CK_SET(cur_ck, new_tgts);
978 } while (++cur_ck, --cur_num_cks > 0);
979 SET_FLUSH_RCD_HDR(&db_sts.sumrcd, 1);
980
981 rcd_pos = db_add_rcd(dcc_emsg, &new);
982 if (rcd_pos == DB_PTR_NULL) {
983 DB_ERROR_MSG(dcc_emsg);
984 return 0;
985 }
986 if (!db_map_rcd(dcc_emsg, &db_sts.sumrcd, rcd_pos, 0)) {
987 DB_ERROR_MSG(dcc_emsg);
988 return 0;
989 }
990 return 1;
991 }
992 }
993
994 if (!db_add_rcd(dcc_emsg, &new)) {
995 DB_ERROR_MSG(dcc_emsg);
996 return 0;
997 }
998
999 return 1;
1000 }
1001
1002
1003
1004 /* generate a delayed summary for checksums in a record if necessary
1005 * The target record is specified by db_sts.sumrcd. It might be changed
1006 * Use db_sts.hash and db_sts.rcd2 */
1007 u_char
1008 summarize_dly(void)
1009 {
1010 DCC_CK_TYPES type;
1011 const DB_RCD_CK *cur_ck;
1012 int cur_num_cks;
1013 DCC_TGTS ck_tgts;
1014
1015 /* look for a checksum that could be summarized */
1016 cur_num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r);
1017 cur_ck = db_sts.sumrcd.d.r->cks;
1018 do {
1019 type = DB_CK_TYPE(cur_ck);
1020 if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type))
1021 continue;
1022
1023 if (!get_ck_tgts(&ck_tgts, 0, 1, type, cur_ck->sum))
1024 return 0;
1025
1026 /* nothing to do if the checksum has already been summarized */
1027 if (DB_RCD_SUMRY(db_sts.rcd2.d.r))
1028 continue;
1029
1030 /* spam reports are ignored or not delayed */
1031 if (ck_tgts == DCC_TGTS_TOO_MANY)
1032 continue;
1033
1034 /* Generate a summary for a bulk checksum
1035 * Records that are marked "delayed" are not flooded.
1036 * If a summary record is not synthesized and if the delay
1037 * marking not removed (instead of synthesizing a summary),
1038 * then the counts for a checksum will not be flooded. */
1039
1040 if (ck_tgts >= flod_tholds[type])
1041 return summarize_rcd(1);
1042 } while (++cur_ck, --cur_num_cks > 0);
1043
1044 return 1;
1045 }
1046
1047
1048
1049 /* See if passing on a flooded report would be worthwhile. It is worthwhile
1050 * to pass on reports of spam that have not been flooded recently
1051 * and of checksums that not yet or just barely reached spam.
1052 *
1053 * db_sts.sumrcd points to the new record */
1054 static u_char /* 0=sick database */
1055 flod_worth(u_char *pflod, /* set =1 if report should be flooded */
1056 const DB_RCD_CK *ck,
1057 DCC_CK_TYPES type)
1058 {
1059 DCC_TS past;
1060 DCC_TGTS total;
1061 int limit;
1062 DB_PTR prev;
1063
1064 /* if the total with the new report is small,
1065 * then we should flood it */
1066 total = DB_TGTS_CK(ck);
1067 if (total < REFLOOD_THRESHOLD) {
1068 /* but only if it is not trivial.
1069 * our neighbors should not send trivial reports,
1070 * but bugs happen */
1071 if (total >= BULK_THRESHOLD/2)
1072 *pflod = 1;
1073 return 1;
1074 }
1075
1076 /* Look for a recent report for this checksum that has been
1077 * or will be flooded. If we find one, and if the total
1078 * including it is large enough, we may not need to flood
1079 * the incoming report. If the total is too small, we
1080 * must flood the report. */
1081 dcc_timeval2ts(&past, &db_time, -summarize_delay_secs);
1082 for (limit = 20; limit >= 0; --limit) {
1083 prev = DB_PTR_EX(ck->prev);
1084 if (prev == DB_PTR_NULL)
1085 break;
1086 ck = db_map_rcd_ck(dcc_emsg, &db_sts.rcd2, prev, type);
1087 if (!ck) {
1088 DB_ERROR_MSG(dcc_emsg);
1089 return 0;
1090 }
1091
1092 /* if the previous total was small,
1093 * then we must flood the new report */
1094 total = DB_TGTS_CK(ck);
1095 if (total < REFLOOD_THRESHOLD*4) {
1096 *pflod = 1;
1097 return 1;
1098 }
1099
1100 /* The old total is large.
1101 * If this found old report is not very old and good,
1102 * we will flood it and so the newest needed not be flooded
1103 * and can be marked obsolete. */
1104 if (!DB_CK_OBS(ck)
1105 && dcc_ts_newer_ts(&db_sts.rcd2.d.r->ts, &past))
1106 return 1;
1107 }
1108
1109 /* flood this one if we can't find a recent preceding report */
1110 *pflod = 1;
1111 return 1;
1112 }
1113
1114
1115
1116 /* Add a record and deal with delaying its flooding.
1117 * We will delay flooding it if its totals are not interesting.
1118 * db_sts.sumrcd points to the new record on exit
1119 * Use db_sts.rcd, db_sts.hash, db_sts.rcd2, db_sts.free, db_sts.tmp
1120 * the database must be locked */
1121 u_char /* 1=ok, delayed or not, 0=failure */
1122 add_dly_rcd(DB_RCD *new_rcd, u_char flod_in)
1123 {
1124 DB_PTR rcd_pos;
1125 int num_cks;
1126 DB_RCD_CK *new_ck;
1127 DCC_CK_TYPES type;
1128 DCC_TGTS rpt_tgts, ck_tgts;
1129 u_char flod_out; /* 0=flooded in but not worth flooding out */
1130 u_char useful = 0; /* 1=worth delaying */
1131 u_char summarize = 0;
1132
1133 /* put the record in the database */
1134 rcd_pos = db_add_rcd(dcc_emsg, new_rcd);
1135 if (rcd_pos == DB_PTR_NULL) {
1136 DB_ERROR_MSG(dcc_emsg);
1137 return 0;
1138 }
1139 if (!db_map_rcd(dcc_emsg, &db_sts.sumrcd, rcd_pos, 0)) {
1140 DB_ERROR_MSG(dcc_emsg);
1141 return 0;
1142 }
1143
1144 /* delete requests should not be delayed */
1145 rpt_tgts = DB_TGTS_RCD_RAW(db_sts.sumrcd.d.r);
1146 if (rpt_tgts == DCC_TGTS_DEL)
1147 return 1;
1148
1149 /* we always consider flooding our own reports
1150 * and the greylist thresholds are zilch */
1151 flod_out = !flod_in || grey_on;
1152
1153 for (num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r),
1154 new_ck = db_sts.sumrcd.d.r->cks;
1155 num_cks > 0;
1156 ++new_ck, --num_cks) {
1157 /* ingore already obsolete reports of spam */
1158 if (DB_CK_OBS(new_ck))
1159 continue;
1160 /* ignore checksums we won't keep and so won't be flooded */
1161 type = DB_CK_TYPE(new_ck);
1162 if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type))
1163 continue;
1164
1165 /* Server-ID declarations cannot be summarized and should
1166 * not be delayed. */
1167 if (type == DCC_CK_SRVR_ID) {
1168 flod_out = 1;
1169 break;
1170 }
1171
1172 ck_tgts = DB_TGTS_CK(new_ck);
1173 if (ck_tgts == DCC_TGTS_TOO_MANY) {
1174 /* This checksum has a total of TOO_MANY and so
1175 * either the report has a target count of TOO_MANY
1176 * or is a report of a checksum already known to
1177 * be spam. Since this report of this checksum
1178 * was not marked obsolete as it was linked into the
1179 * database, it should not be delayed. */
1180 if (rpt_tgts == DCC_TGTS_TOO_MANY) {
1181 /* if the report is of spam, then all of its
1182 * individual checksum totals will be
1183 * DCC_TGTS_TOO_MANY. The checksums will be
1184 * obsolete, not kept, or the same as this.
1185 * There will be no reputation checksums. */
1186 return 1;
1187 }
1188 /* it is worth sending on even if was not ours */
1189 flod_out = 1;
1190 continue;
1191 }
1192
1193 /* This report has some potential value and should be delayed
1194 * instead of forgotten */
1195 useful = 1;
1196
1197 /* Summarize our records for the checksums in this record
1198 * if we just passed the threshold for one checksum. */
1199 if (!summarize
1200 && quick_sum_thold(type, rpt_tgts, ck_tgts))
1201 summarize = 1;
1202
1203 /* If this is an incoming flooded checksum,
1204 * then pass it on if it is novel (has a low total)
1205 * or if we have not passed it on recently. */
1206 if (!flod_out
1207 && !flod_worth(&flod_out, new_ck, type))
1208 return 0; /* broken database */
1209 }
1210
1211 /* Reports that are reports of spam or "trimmed" or "obsolete"
1212 * noise should not be summarized or marked to be delayed.
1213 * They will be flooded or skipped by the flooder */
1214 if (!useful)
1215 return 1;
1216
1217 if (!flod_in) {
1218 /* Delay and sooner or later summarize our own
1219 * reports of non-spam */
1220 db_sts.sumrcd.d.r->fgs_num_cks |= DB_RCD_FG_DELAY;
1221
1222 } else if (!flod_out) {
1223 /* We are dealing with a report flooded in from another
1224 * server that is not (yet?) worth flooding out.
1225 * We can't delay it, because we can't delay reports from
1226 * other servers, because we cannot summarize them.
1227 * Summarizing other servers' reports would allow
1228 * loops in the flooding topology to inflate the totals.
1229 * So mark it to be expired but not delayed. */
1230 for (num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r),
1231 new_ck = db_sts.sumrcd.d.r->cks;
1232 num_cks > 0;
1233 ++new_ck, --num_cks) {
1234 new_ck->type_fgs |= DB_CK_FG_OBS;
1235 }
1236 }
1237
1238 /* If this record pushed us past a threshold for at least one
1239 * checksum, then try to generate a summary of our own previously
1240 * delayed reports even if this record was not our own. */
1241 if (summarize
1242 && !summarize_rcd(0))
1243 return 0;
1244
1245 return 1;
1246 }
1247
1248
1249
1250 /* the database must be locked */
1251 static u_char
1252 add_del(const DCC_CK *del_ck)
1253 {
1254 DB_RCD del_rcd;
1255
1256 memset(&del_rcd, 0, sizeof(del_rcd));
1257 get_ts(&del_rcd.ts);
1258 DB_TGTS_RCD_SET(&del_rcd, DCC_TGTS_DEL);
1259 del_rcd.srvr_id_auth = my_srvr_id;
1260 del_rcd.fgs_num_cks = 1;
1261 del_rcd.cks[0].type_fgs = del_ck->type;
1262 memcpy(del_rcd.cks[0].sum, del_ck->sum, sizeof(del_rcd.cks[0].sum));
1263 if (!db_add_rcd(dcc_emsg, &del_rcd)) {
1264 DB_ERROR_MSG2("add delete", dcc_emsg);
1265 return 0;
1266 }
1267
1268 return 1;
1269 }
1270
1271
1272
1273 static const DCC_CK *
1274 start_work(QUEUE *q)
1275 {
1276 const DCC_CK *ck, *ck_lim;
1277 DCC_CK_TYPES type, prev_type;
1278 int num_cks;
1279
1280 num_cks = q->pkt_len - (sizeof(q->pkt.r) - sizeof(q->pkt.r.cks));
1281 if (num_cks < 0
1282 || num_cks > ISZ(q->pkt.r.cks)
1283 || num_cks % sizeof(DCC_CK) != 0) {
1284 forget_error(q, "packet length %d wrong for %s",
1285 q->pkt_len, from_id_ip(q, 1));
1286 return 0;
1287 }
1288 num_cks /= sizeof(DCC_CK);
1289
1290 /* send previous answer if this is a retransmission */
1291 if (ridc_get(q)) {
1292 repeat_resp(q);
1293 return 0;
1294 }
1295
1296 if (db_failed_line) /* be silent while database bad */
1297 return 0;
1298
1299 ck = q->pkt.r.cks;
1300 ck_lim = &q->pkt.r.cks[num_cks];
1301
1302 /* check each checksum */
1303 for (prev_type = DCC_CK_INVALID; ck < ck_lim; ++ck, prev_type = type) {
1304 if (ck->len != sizeof(*ck)) {
1305 forget_error(q, "unknown checksum length %d%s",
1306 ck->len, from_id_ip(q, 0));
1307 return 0;
1308 }
1309 /* requiring that the checksums be ordered makes it easy
1310 * to check for duplicates and for bogus long packets */
1311 type = ck->type;
1312 if (!DCC_CK_OK_DCC_CLNT(grey_on, type)) {
1313 forget_error(q, "unknown checksum %s%s",
1314 DB_TYPE2STR(type), from_id_ip(q, 0));
1315 return 0;
1316 }
1317 if (prev_type >= type) {
1318 forget_error(q, "out of order %s checksum%s",
1319 DB_TYPE2STR(ck->type), from_id_ip(q, 0));
1320 return 0;
1321 }
1322 }
1323
1324 if (db_lock() < 0) {
1325 NORESP_EMSG(q);
1326 return 0;
1327 }
1328
1329 return ck_lim;
1330 }
1331
1332
1333
1334 /* send the response and release q */
1335 static void
1336 fin_work(const QUEUE *q, DCC_HDR *answer)
1337 {
1338 int delay_us;
1339
1340 /* send the response */
1341 answer->op = DCC_OP_ANSWER;
1342 send_resp(q, answer, 0);
1343
1344 /* update the average queue delay, unless it is crazy */
1345 gettimeofday(&db_time, 0);
1346 delay_us = tv_diff2us(&db_time, &q->answer);
1347 if (delay_us < 0)
1348 return;
1349
1350 update_q_delay();
1351 q_delays[0].us += delay_us;
1352 ++q_delays[0].ops;
1353 }
1354
1355
1356
1357 /* use only db_sts.hash and db_sts.rcd2
1358 * release q on failure */
1359 static u_char
1360 make_answer(QUEUE *q,
1361 const DCC_CK *ck_lim,
1362 u_char have_rcd, /* db_sts.sumrcd.d.r is new record */
1363 DCC_ANSWER *answer,
1364 DCC_TGTS gross_tgts, /* total for this report, maybe MANY */
1365 DCC_TGTS* max_tgts) /* statistics */
1366 {
1367 const DCC_CK *ck;
1368 DCC_TGTS c_tgts; /* current count with this report */
1369 DCC_TGTS p_tgts; /* count before this report */
1370 DCC_ANSWER_BODY_CKS *b;
1371 DCC_CK_TYPES type;
1372 const DB_RCD_CK *rcd_ck, *prev_rcd_ck;
1373 int num_rcd_cks;
1374 DB_PTR prev;
1375 *max_tgts = 0;
1376
1377 if (have_rcd) {
1378 rcd_ck = db_sts.sumrcd.d.r->cks;
1379 num_rcd_cks = DB_NUM_CKS(db_sts.sumrcd.d.r);
1380 } else {
1381 num_rcd_cks = 0;
1382 rcd_ck = 0;
1383 }
1384 b = answer->b;
1385 for (ck = q->pkt.r.cks; ck < ck_lim; ++ck) {
1386 type = ck->type;
1387 if (num_rcd_cks > 0
1388 && type == DB_CK_TYPE(rcd_ck)) {
1389 /* try to copy answer from report's new record */
1390 c_tgts = DB_TGTS_CK(rcd_ck);
1391 if (c_tgts < DCC_TGTS_TOO_MANY) {
1392 p_tgts = c_tgts - gross_tgts;
1393 } else if (prev = DB_PTR_EX(rcd_ck->prev),
1394 prev == DB_PTR_NULL) {
1395 p_tgts = 0;
1396 } else {
1397 prev_rcd_ck = db_map_rcd_ck(dcc_emsg,
1398 &db_sts.rcd2,
1399 prev, type);
1400 if (!prev_rcd_ck) {
1401 DB_ERROR_MSG(dcc_emsg);
1402 RIDC_BAD(q);
1403 return 0;
1404 }
1405 p_tgts = DB_TGTS_CK(prev_rcd_ck);
1406 }
1407 --num_rcd_cks;
1408 ++rcd_ck;
1409
1410 } else {
1411 if (!get_ck_tgts(&p_tgts, 0, 0, type, ck->sum)) {
1412 NORESP_EMSG(q);
1413 return 0;
1414 }
1415 if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type)) {
1416 /* uninteresting checksums have no value
1417 * unless they are whitelisted */
1418 c_tgts = p_tgts;
1419 if (p_tgts == 0)
1420 p_tgts = DCC_TGTS_INVALID;
1421 } else {
1422 c_tgts = db_sum_ck(p_tgts, gross_tgts, type);
1423 }
1424 }
1425
1426 b->c = htonl(c_tgts);
1427 b->p = htonl(p_tgts);
1428 #ifdef DCC_PKT_VERSION5
1429 if (q->pkt.hdr.pkt_vers <= DCC_PKT_VERSION5)
1430 b = (DCC_ANSWER_BODY_CKS *)&b->p;
1431 else
1432 #endif
1433 ++b;
1434
1435 if (*max_tgts < c_tgts
1436 && c_tgts <= DCC_TGTS_OK2) {
1437 *max_tgts = c_tgts;
1438 /* Complain about failures to whitelist by
1439 * trusted clients. The main use of this is
1440 * to detect whitelisting failures of IP addresses
1441 * such as 127.0.0.1 for reputations, and those
1442 * matter only for known clients. */
1443 if ((p_tgts >= DCC_TGTS_OK)
1444 && !(q->flags & Q_FG_UNTRUSTED))
1445 TMSG4(WLIST, "%s whitelisted %s %s%s",
1446 qop2str(q),
1447 DB_TYPE2STR(type),
1448 dcc_ck2str_err(type, ck->sum, 0),
1449 from_id_ip(q, 0));
1450 }
1451 }
1452 answer->hdr.len = (sizeof(*answer) - sizeof(answer->b)
1453 + ((char *)b - (char *)answer->b));
1454 return 1;
1455 }
1456
1457
1458
1459 /* release q on failure
1460 * the database must be locked */
1461 static u_char
1462 do_report(QUEUE *q,
1463 DCC_TGTS tgts0, const DCC_CK *ck_lim,
1464 DCC_ANSWER *answer,
1465 DCC_TGTS *max_tgts)
1466 {
1467 const DCC_CK *ck;
1468 DCC_TGTS tgts;
1469 DCC_TGTS gross_tgts; /* DCC_TGTS_TOO_MANY if spam */
1470 DB_PTR rcd_pos;
1471 DB_RCD new;
1472 DB_RCD_CK *new_ck;
1473 DCC_CK_TYPES type;
1474 char tgts_buf[DCC_XHDR_MAX_TGTS_LEN];
1475
1476 tgts = tgts0;
1477 if (tgts & (DCC_TGTS_SPAM | DCC_TGTS_REP_SPAM)) {
1478 tgts &= DCC_TGTS_MASK;
1479 if (tgts == 0)
1480 tgts = 1;
1481 gross_tgts = DCC_TGTS_TOO_MANY;
1482 } else if (tgts == DCC_TGTS_TOO_MANY) {
1483 tgts = 1;
1484 gross_tgts = DCC_TGTS_TOO_MANY;
1485 } else if (tgts > DCC_TGTS_RPT_MAX) {
1486 forget_error(q, "bogus target count %s%s",
1487 dcc_tgts2str(tgts_buf, sizeof(tgts_buf),
1488 tgts, grey_on),
1489 from_id_ip(q, 0));
1490 return 0;
1491 } else {
1492 gross_tgts = tgts;
1493 }
1494
1495 if (gross_tgts < 10) {
1496 ;
1497 } else if (gross_tgts == DCC_TGTS_TOO_MANY) {
1498 ++dccd_stats.reportmany;
1499 } else if (gross_tgts > 1000) {
1500 ++dccd_stats.report1000;
1501 } else if (gross_tgts > 100) {
1502 ++dccd_stats.report100;
1503 } else if (gross_tgts > 10) {
1504 ++dccd_stats.report10;
1505 }
1506
1507 /* Get ready to add the report to the database,
1508 * and as a side effect, find the data to answer the query.
1509 * Start by creating the record to add to the database. */
1510 get_ts(&new.ts);
1511 new.srvr_id_auth = my_srvr_id;
1512 DB_TGTS_RCD_SET(&new, gross_tgts);
1513
1514 /* copy checksums to the new record */
1515 new.fgs_num_cks = 0;
1516 new_ck = new.cks;
1517 for (ck = q->pkt.r.cks; ck < ck_lim; ++ck) {
1518 type = ck->type;
1519 if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type))
1520 continue;
1521 memcpy(new_ck->sum, ck->sum, sizeof(new_ck->sum));
1522 new_ck->type_fgs = type;
1523 ++new_ck;
1524 ++new.fgs_num_cks;
1525 }
1526
1527 if (!(q->flags & Q_FG_RPT_OK)) {
1528 /* finished if this is a query */
1529 return make_answer(q, ck_lim, 0, answer, gross_tgts,
1530 max_tgts);
1531 }
1532
1533 if (new.fgs_num_cks == 0) {
1534 rcd_pos = DB_PTR_NULL;
1535 } else {
1536 /* Add the record to the database.
1537 * That will update the totals for each checksum */
1538 if (!add_dly_rcd(&new, 0)) {
1539 NORESP_EMSG(q);
1540 return 0;
1541 }
1542 rcd_pos = db_sts.sumrcd.s.rptr;
1543 }
1544
1545 /* generate the response, perhaps from the new record */
1546 return make_answer(q, ck_lim, rcd_pos!=DB_PTR_NULL, answer, gross_tgts,
1547 max_tgts);
1548 }
1549
1550
1551
1552 /* process a single real request */
1553 void
1554 do_work(QUEUE *q)
1555 {
1556 const DCC_CK *ck_lim;
1557 DCC_ANSWER answer;
1558 DCC_TGTS max_tgts, tgts;
1559
1560 ck_lim = start_work(q);
1561 if (!ck_lim)
1562 return;
1563
1564 tgts = 0;
1565 switch (q->pkt.hdr.op) {
1566 case DCC_OP_QUERY:
1567 ++dccd_stats.queries;
1568 q->flags &= ~Q_FG_RPT_OK;
1569 break;
1570
1571 case DCC_OP_REPORT:
1572 if (!(q->flags & Q_FG_RPT_OK)) {
1573 ++dccd_stats.report_reject;
1574 clnt_msg(q, "treat %s as query", from_id_ip(q, 1));
1575 ++dccd_stats.queries;
1576 } else {
1577 tgts = ntohl(q->pkt.r.tgts);
1578 ++dccd_stats.reports;
1579 }
1580 break;
1581
1582 case DCC_OP_INVALID:
1583 case DCC_OP_NOP:
1584 case DCC_OP_ANSWER:
1585 case DCC_OP_ADMN:
1586 case DCC_OP_OK:
1587 case DCC_OP_ERROR:
1588 case DCC_OP_DELETE:
1589 case DCC_OP_GREY_REPORT:
1590 case DCC_OP_GREY_QUERY:
1591 case DCC_OP_GREY_SPAM:
1592 case DCC_OP_GREY_WHITE:
1593 dcc_logbad(EX_SOFTWARE, "impossible queued operation");
1594 break;
1595 }
1596
1597 if (!do_report(q, tgts, ck_lim, &answer,
1598 &max_tgts)) {
1599 /* ensure that the clock ticks so rate limits don't stick */
1600 gettimeofday(&db_time, 0);
1601 } else {
1602 /* notice the size of our answer */
1603 if (max_tgts == DCC_TGTS_OK || max_tgts == DCC_TGTS_OK2) {
1604 ++dccd_stats.respwhite;
1605 } else if (max_tgts == DCC_TGTS_TOO_MANY) {
1606 ++dccd_stats.respmany;
1607 } else if (max_tgts > 1000) {
1608 ++dccd_stats.resp1000;
1609 } else if (max_tgts > 100) {
1610 ++dccd_stats.resp100;
1611 } else if (max_tgts > 10) {
1612 ++dccd_stats.resp10;
1613 }
1614
1615 fin_work(q, &answer.hdr);
1616 }
1617 }
1618
1619
1620
1621 /* return 0 for a new embargo,
1622 * embargo count for an existing embargo,
1623 * DCC_TGTS_TOO_MANY no embargo
1624 * DCC_TGTS_OK a newly expired embargo
1625 * DCC_TGTS_INVALID broken database */
1626 static DCC_TGTS
1627 search_grey(const DCC_CK *req_ck3, /* triple checksum */
1628 const DCC_CK *req_ckb, /* body seen with it */
1629 u_char body_known)
1630 {
1631 DB_RCD_CK *ck3, *ckb;
1632 DB_PTR prev3;
1633 DCC_TS old_ts;
1634 DCC_TGTS result_tgts;
1635 int i;
1636
1637 /* look for the triple checksum */
1638 switch (db_lookup(dcc_emsg, DCC_CK_GREY3, req_ck3->sum,
1639 0, MAX_HASH_ENTRIES,
1640 &db_sts.hash, &db_sts.rcd, &ck3)) {
1641 case DB_FOUND_EMPTY:
1642 case DB_FOUND_CHAIN:
1643 case DB_FOUND_INTRUDER:
1644 return 0;
1645
1646 case DB_FOUND_IT:
1647 /* We found the triple checksum.
1648 * If it is marked ok (MANY) or deleted,
1649 * then we have our answer */
1650 result_tgts = DB_TGTS_CK(ck3);
1651 if (result_tgts == DCC_TGTS_TOO_MANY || result_tgts == 0)
1652 return result_tgts;
1653
1654 /* Otherwise look for a report of the triple with
1655 * the right body checksum that is old enough. */
1656 result_tgts = 0;
1657 dcc_timeval2ts(&old_ts, &db_time, -grey_embargo);
1658 for (;;) {
1659 ckb = db_sts.rcd.d.r->cks;
1660 for (i = DB_NUM_CKS(db_sts.rcd.d.r);
1661 i > 0;
1662 --i, ++ckb) {
1663 /* try the next report in the database
1664 * if it has the wrong body checksum
1665 *
1666 * If we are weak on bodies,
1667 * act as if all reports of the triple checksums
1668 * are with the right body checksum. */
1669 if (!grey_weak_body && req_ckb) {
1670 if (DB_CK_TYPE(ckb) != DCC_CK_BODY)
1671 continue;
1672 if (memcmp(req_ckb->sum, ckb->sum,
1673 sizeof(DCC_SUM)))
1674 break;
1675 }
1676
1677 /* We found the right body checksum in
1678 * chain of the triple checksum
1679 * or we don't care.
1680 *
1681 * If the report is old enough, then
1682 * the embargo is over. */
1683 if (dcc_ts_newer_ts(&old_ts,
1684 &db_sts.rcd.d.r->ts))
1685 return DCC_TGTS_OK;
1686
1687 /* If it is not old enough,
1688 * then we know this is not a new embargo for
1689 * this body (i.e. the reported target count
1690 * will be >0) and we must keep looking for an
1691 * old enough report with the body checksum. */
1692 ++result_tgts;
1693 break;
1694 }
1695
1696 /* If we know the body checksum is not in the database,
1697 * then there is no profit in looking at other reports
1698 * of the triple checksum to try to find an old enough
1699 * report that is with the right body checksum.
1700 * We know this is a new embargo. */
1701 if (!body_known)
1702 return 0;
1703
1704 /* If we reach the end of the chain of the
1705 * triple checksum without finding an old
1706 * enough report for the right body,
1707 * then the embargo is not over. */
1708 prev3 = DB_PTR_EX(ck3->prev);
1709 if (prev3 == DB_PTR_NULL)
1710 return result_tgts;
1711
1712 /* examine the timestamp of the preceding report
1713 * of the triple */
1714 ck3 = db_map_rcd_ck(dcc_emsg, &db_sts.rcd,
1715 prev3, DCC_CK_GREY3);
1716 if (!ck3)
1717 return DCC_TGTS_INVALID;
1718 }
1719 break;
1720
1721 case DB_FOUND_LATER:
1722 case DB_FOUND_SYSERR:
1723 DB_ERROR_MSG(dcc_emsg);
1724 return DCC_TGTS_INVALID;
1725 }
1726 return DCC_TGTS_INVALID;
1727 }
1728
1729
1730
1731 void
1732 do_grey(QUEUE *q)
1733 {
1734 DCC_OPS op;
1735 DB_RCD new;
1736 const DCC_CK *req, *req_lim;
1737 const DCC_CK *req_ck_ip, *req_ck_triple, *req_ck_msg, *req_ck_body;
1738 u_char body_known;
1739 DB_RCD_CK *new_ck, *found_ck;
1740 DCC_GREY_ANSWER resp;
1741 DCC_TGTS tgts;
1742 DCC_TGTS ip_tgts; /* existing count for DCC_CK_IP */
1743 DCC_TGTS triple_tgts; /* " count for GREY_TRIPLE */
1744 DCC_TGTS msg_tgts; /* " count for GREY_MSG */
1745 DCC_TGTS eff_msg_tgts; /* effective value: 0=reported to DCC */
1746 DCC_TGTS new_msg_tgts; /* value after this */
1747 DCC_TGTS result_tgts; /* no embargo, ending, whitelist or # */
1748
1749 TMSG1(QUERY, "received %s", op_id_ip(q));
1750 if (!ck_clnt_id(q))
1751 return;
1752 if (q->flags & Q_FG_UNTRUSTED) {
1753 anon_msg("drop %s", from_id_ip(q, 1));
1754 return;
1755 }
1756
1757 /* an embargo of 0 seconds means we should only collect names */
1758 op = q->pkt.hdr.op;
1759 if (op == DCC_OP_GREY_REPORT && grey_embargo == 0)
1760 op = DCC_OP_GREY_WHITE;
1761
1762 req_lim = start_work(q);
1763 if (!req_lim)
1764 return;
1765
1766 /* Require
1767 * the body checksum,
1768 * the checksum of the (body,sender,target),
1769 * and the checksum of the (source,sender,target) triple.
1770 * Allow other checksums for whitelisting. */
1771 ip_tgts = 0;
1772 body_known = grey_weak_body;
1773 req_ck_ip = 0;
1774 req_ck_body = 0;
1775 req_ck_triple = 0;
1776 req_ck_msg = 0;
1777 msg_tgts = eff_msg_tgts = 0;
1778 for (req = q->pkt.r.cks; req < req_lim; ++req) {
1779 /* Note our main checksums of the greylist triple and
1780 * the message body. Search the database for it later */
1781 if (DCC_CK_IS_GREY_TRIPLE(1, req->type)) {
1782 req_ck_triple = req;
1783 continue;
1784 }
1785
1786 if (!DCC_CK_OK_GREY_CLNT(req->type))
1787 continue; /* ignore unknown checksums */
1788 switch (req->type) {
1789 case DCC_CK_IP:
1790 req_ck_ip = req;
1791 break;
1792 case DCC_CK_BODY:
1793 req_ck_body = req;
1794 break;
1795 case DCC_CK_GREY_MSG:
1796 req_ck_msg = req;
1797 break;
1798 }
1799 /* check for whitelisting and whether this is a new embargo */
1800 switch (db_lookup(dcc_emsg, req->type, req->sum,
1801 0, MAX_HASH_ENTRIES,
1802 &db_sts.hash, &db_sts.rcd, &found_ck)) {
1803 case DB_FOUND_LATER:
1804 case DB_FOUND_SYSERR:
1805 DB_ERROR_MSG(dcc_emsg);
1806 RIDC_BAD(q);
1807 return;
1808 case DB_FOUND_IT:
1809 /* ignore deleted checksums */
1810 tgts = DB_TGTS_CK(found_ck);
1811 if (tgts == 0)
1812 continue;
1813
1814 /* honor whitelisting */
1815 if (tgts == DCC_TGTS_GREY_WHITE
1816 && op != DCC_OP_GREY_WHITE) {
1817 op = DCC_OP_GREY_WHITE;
1818 ++dccd_stats.respwhite;
1819 }
1820
1821 switch (req->type) {
1822 case DCC_CK_BODY:
1823 /* notice if the target body exists at all */
1824 body_known = 1;
1825 break;
1826 case DCC_CK_GREY_MSG:
1827 msg_tgts = tgts;
1828 if (msg_tgts != DCC_TGTS_TOO_MANY) {
1829 /* this is an old embargo that has
1830 * already been reported by the client
1831 * to a normal DCC server */
1832 eff_msg_tgts = 1;
1833 }
1834 break;
1835 case DCC_CK_IP:
1836 ip_tgts = tgts;
1837 break;
1838 default:
1839 break;
1840 }
1841 break;
1842 case DB_FOUND_EMPTY:
1843 case DB_FOUND_CHAIN:
1844 case DB_FOUND_INTRUDER:
1845 break;
1846 }
1847 }
1848 if (!req_ck_triple) {
1849 send_error(q, "missing %s checksum for %s",
1850 DB_TYPE2STR(DCC_CK_GREY3), qop2str(q));
1851 return;
1852 }
1853 if (op == DCC_OP_GREY_REPORT && !grey_weak_body) {
1854 if (!req_ck_body) {
1855 send_error(q, "missing body checksum for %s",
1856 qop2str(q));
1857 return;
1858 }
1859 if (!req_ck_msg) {
1860 send_error(q, "missing %s checksum for %s",
1861 DB_TYPE2STR(DCC_CK_GREY_MSG), qop2str(q));
1862 return;
1863 }
1864 }
1865
1866 /* decide if the embargo should end */
1867 triple_tgts = search_grey(req_ck_triple, req_ck_body, body_known);
1868 if (triple_tgts == DCC_TGTS_INVALID) {
1869 NORESP_EMSG(q); /* broken database */
1870 return;
1871 }
1872 /* End existing embargo on a newly whitelisted sender so its
1873 * messages are logged.
1874 * Quietly prevent future embargos of whitelisted senders that have
1875 * not been greylisted.
1876 * Honor grey_weak_ip whitelisting even after it is turned off */
1877 if (triple_tgts >= DCC_TGTS_TOO_MANY) {
1878 result_tgts = triple_tgts;
1879 } else if (op == DCC_OP_GREY_WHITE) {
1880 result_tgts = eff_msg_tgts ? DCC_TGTS_OK : DCC_TGTS_TOO_MANY;
1881 } else if (ip_tgts == DCC_TGTS_TOO_MANY) {
1882 result_tgts = DCC_TGTS_TOO_MANY;
1883 } else {
1884 result_tgts = triple_tgts;
1885 }
1886
1887 if (op == DCC_OP_GREY_QUERY) {
1888 ++dccd_stats.queries;
1889
1890 } else if (!(q->flags & Q_FG_RPT_OK)) {
1891 ++dccd_stats.report_reject;
1892 clnt_msg(q, "treat %s as query", from_id_ip(q, 1));
1893 ++dccd_stats.queries;
1894
1895 } else {
1896 /* add a report for this message */
1897 ++dccd_stats.reports;
1898 new.srvr_id_auth = my_srvr_id;
1899 new_ck = new.cks;
1900 new.fgs_num_cks = 0;
1901 if (result_tgts < DCC_TGTS_TOO_MANY) {
1902 if (req_ck_body) {
1903 new_ck->type_fgs = DCC_CK_BODY;
1904 memcpy(new_ck->sum, req_ck_body->sum,
1905 sizeof(new_ck->sum));
1906 ++new.fgs_num_cks;
1907 ++new_ck;
1908 }
1909 new_msg_tgts = 1;
1910 DB_TGTS_RCD_SET(&new, 1);
1911 } else {
1912 /* embargo now ending (DCC_TGTS_TOO_OK)
1913 * or no embargo (DCC_TGTS_TOO_MANY) */
1914 if (grey_weak_ip && req_ck_ip) {
1915 new_ck->type_fgs = DCC_CK_IP;
1916 memcpy(new_ck->sum, req_ck_ip->sum,
1917 sizeof(new_ck->sum));
1918 ++new.fgs_num_cks;
1919 ++new_ck;
1920 }
1921 new_msg_tgts = 0;
1922 DB_TGTS_RCD_SET(&new, DCC_TGTS_TOO_MANY);
1923 }
1924
1925 /* Include the GREY_MSG checksum in the database
1926 * record for a new embargo.
1927 * The message checksum lets an SMTP server report an
1928 * embargoed message to the DCC before the embargo is over,
1929 * but not report it more than once even if more than one
1930 * SMTP client retransmits the message.
1931 *
1932 * If the GREY_MSG checksum does not exist in the
1933 * database, then tell the DCC client the message is new
1934 * and should be reported to the DCC server. We must put the
1935 * the _GREY_MSG into the database so we will recognize
1936 * the message as not new when it is retransmitted.
1937 *
1938 * If the GREY_MSG checksum exists and is not MANY,
1939 * then we may have a retransmission of the message
1940 * from another IP address.
1941 * We need to tell the DCC client to not report to the
1942 * DCC server. The new value for the CK_GREY_MSG checksum
1943 * should be whatever we are using for the triple checksum.
1944 *
1945 * If the existing count for the GREY_MSG checksum is
1946 * MANY, and the new value for triple checksum is not MANY,
1947 * then we have a new copy of the message and a new embargo.
1948 * We have a spammer with multiple senders instead of a
1949 * legitimate multihomed SMTP client. We need to tell the
1950 * DCC client to report to the DCC server. To remember
1951 * that we told the DCC client to report to the DCC server,
1952 * we must first delete the existing MANY report of the
1953 * GREY_MSG checksum. */
1954 if (eff_msg_tgts != new_msg_tgts
1955 && req_ck_msg) {
1956 if (msg_tgts == DCC_TGTS_TOO_MANY
1957 && !add_del(req_ck_msg)) {
1958 NORESP_EMSG(q);
1959 return;
1960 }
1961 new_ck->type_fgs = DCC_CK_GREY_MSG;
1962 memcpy(new_ck->sum, req_ck_msg->sum,
1963 sizeof(new_ck->sum));
1964 ++new.fgs_num_cks;
1965 ++new_ck;
1966 }
1967
1968 /* Add the triple checksum if we are not whitelisting
1969 * by the IP address
1970 * or triple checksum is not new.
1971 * We do not want to leave any dangling triples in the
1972 * database */
1973 if (!(grey_weak_ip && req_ck_ip)
1974 || result_tgts != DCC_TGTS_TOO_MANY) {
1975 new_ck->type_fgs = DCC_CK_GREY3;
1976 memcpy(new_ck->sum, req_ck_triple->sum,
1977 sizeof(new_ck->sum));
1978 ++new.fgs_num_cks;
1979 }
1980
1981 get_ts(&new.ts);
1982 if (!db_add_rcd(dcc_emsg, &new)) {
1983 DB_ERROR_MSG(dcc_emsg);
1984 RIDC_BAD(q);
1985 return;
1986 }
1987 }
1988
1989 /* In the result sent to the DCC client,
1990 * the triple checksum is preceeded by the message checksum
1991 * with a count of 0 if this is a new embargo.
1992 * Targets of messages of new embargos should be counted among
1993 * total targets in reports sent to DCC servers. After they
1994 * have been included in such an early report to a DCC server,
1995 * they should never be included again, except for bad reputations. */
1996 resp.msg = htonl(eff_msg_tgts);
1997
1998 /* Answer SMTP DATA command greylist operations with the target
1999 * count of the triple checksum:
2000 * DCC_TGTS_OK if the embargo is just now being removed
2001 * DCC_TGTS_TOO_MANY if there is no current embargo
2002 * DCC_TGTS_GREY_WHITE if whitelisted.
2003 * embargo # otherwise */
2004 resp.triple = htonl(result_tgts);
2005 resp.hdr.len = sizeof(resp);
2006
2007 fin_work(q, &resp.hdr);
2008 }
2009
2010
2011
2012 static time_t
2013 picky_time(const QUEUE *q)
2014 {
2015 time_t ts, delta;
2016
2017 /* If the request arrived while we were asleep, then the client's
2018 * timestamp ought to be smaller than when select() finished and
2019 * we think the request arrived. */
2020 ts = ntohl(q->pkt.d.date);
2021 delta = ts - q->answer.tv_sec;
2022 if (delta <= 0)
2023 return delta;
2024
2025 /* If the request arrived while we were handling some other request,
2026 * then its timestamp can be larger than the select() wake-up time
2027 * but should not be in the future. */
2028 delta = ts - db_time.tv_sec;
2029 if (delta < 0)
2030 delta = 0;
2031 return delta;
2032 }
2033
2034
2035
2036 static u_char /* 0=refuse the bad guy, 1=continue */
2037 picky_admn(const QUEUE *q, u_char any_id, u_char any_time)
2038 {
2039 time_t delta;
2040
2041 if ((q->flags & Q_FG_UNTRUSTED)
2042 || (q->clnt_id != my_srvr_id && !any_id)) {
2043 forget_error(q, "drop %s", from_id_ip(q, 1));
2044 return 0;
2045 }
2046
2047 if (any_id && any_time)
2048 return 1;
2049
2050 /* Demand a current timestamp to guard against replay attacks.
2051 * This requires that administrators have clocks close to servers',
2052 * and that network and server delays be reasonable. */
2053 delta = picky_time(q);
2054 if (delta < -MAX_CMD_CLOCK_SKEW || delta > MAX_CMD_CLOCK_SKEW) {
2055 send_error(q, "drop %s; timestamp off by %d seconds",
2056 qop2str(q), (int)delta);
2057 return 0;
2058 }
2059
2060 return 1;
2061 }
2062
2063
2064
2065 /* the database must be locked */
2066 static u_char /* 1=ok, 0=error sent to client */
2067 delete_sub(QUEUE *q, DCC_CK *del_ck,
2068 u_char grey_spam)
2069 {
2070 DB_RCD_CK *rcd_ck;
2071 char buf[80];
2072 DB_PTR prev;
2073 DCC_TGTS tgts;
2074
2075 buf[0] = '\0';
2076 switch (db_lookup(dcc_emsg, del_ck->type, del_ck->sum,
2077 0, MAX_HASH_ENTRIES,
2078 &db_sts.hash, &db_sts.rcd, &rcd_ck)) {
2079 case DB_FOUND_EMPTY:
2080 case DB_FOUND_CHAIN:
2081 case DB_FOUND_INTRUDER:
2082 /* finished if we have not greylisted the spammer */
2083 if (grey_spam)
2084 return 1;
2085
2086 /* ordinary deletions need a delete request added
2087 * to the database and flooded */
2088 snprintf(buf, sizeof(buf), "\"%s %s\" not found to delete",
2089 DB_TYPE2STR(del_ck->type),
2090 dcc_ck2str_err(del_ck->type, del_ck->sum, 0));
2091
2092 if (del_ck->type == DCC_CK_SRVR_ID) {
2093 send_error(q, "%s", buf);
2094 return 0;
2095 }
2096 break;
2097
2098 case DB_FOUND_IT:
2099 tgts = DB_TGTS_CK(rcd_ck);
2100 /* handle an ordinary delete request */
2101 if (!grey_spam) {
2102 if (tgts == 0)
2103 snprintf(buf, sizeof(buf),
2104 "%s %s already deleted",
2105 DB_TYPE2STR(del_ck->type),
2106 dcc_ck2str_err(del_ck->type,
2107 del_ck->sum, 0));
2108 break;
2109 }
2110 /* We are deleting a greylist checksum.
2111 * If we are deleting very new greylist records,
2112 * we can cheat and avoid adding to the database
2113 * by scribbling over the records.
2114 * If there is an older record that might have been flooded,
2115 * we must add a delete request to the database
2116 * that will itself be flooded. */
2117 for (;;) {
2118 /* finished if the target has already been deleted */
2119 if (tgts == 0)
2120 return 1;
2121 if (db_sts.rcd.s.rptr < oflods_max_cur_pos
2122 || oflods_max_cur_pos == 0) {
2123 /* We need to add a delete request, because
2124 * the record might have been flooded */
2125 break;
2126 }
2127 prev = DB_PTR_EX(rcd_ck->prev);
2128 /* try to delete the entire greylist entry
2129 * starting with the target triple checksum */
2130 do {
2131 /* only if the embargo is not over */
2132 if (DB_TGTS_CK(rcd_ck) >= DCC_TGTS_TOO_MANY)
2133 goto need_rcd;
2134 DB_TGTS_CK_SET(rcd_ck, 0);
2135 } while (--rcd_ck >= db_sts.rcd.d.r->cks);
2136 DB_TGTS_RCD_SET(db_sts.rcd.d.r, 0);
2137 SET_FLUSH_RCD_HDR(&db_sts.rcd, 1);
2138
2139 /* stop after the last record */
2140 if (prev == DB_PTR_NULL)
2141 return 1;
2142
2143 rcd_ck = db_map_rcd_ck(dcc_emsg, &db_sts.rcd,
2144 prev, del_ck->type);
2145 if (!rcd_ck) {
2146 NORESP_EMSG(q);
2147 return 0;
2148 }
2149 tgts = DB_TGTS_CK(rcd_ck);
2150 }
2151 need_rcd:;
2152 break;
2153
2154 case DB_FOUND_LATER:
2155 case DB_FOUND_SYSERR:
2156 DB_ERROR_MSG(dcc_emsg);
2157 RIDC_BAD(q);
2158 return 0;
2159 }
2160
2161 /* Add the delete request to the database even if the
2162 * checksum seems deleted or absent so that we will
2163 * flood the delete request. This is required to ensure that
2164 * records get deleted when they are created at one DCC server
2165 * and deleted at another. */
2166 if (!add_del(del_ck))
2167 BUFCPY(buf, dcc_emsg);
2168
2169 if (buf[0] != '\0') {
2170 send_error(q, "%s", buf);
2171 return 0;
2172 }
2173
2174 TMSG3(ADMN, "deleted %s %s%s",
2175 DB_TYPE2STR(del_ck->type),
2176 dcc_ck2str_err(del_ck->type, del_ck->sum, 0),
2177 from_id_ip(q, 0));
2178 return 1;
2179 }
2180
2181
2182
2183 void
2184 do_delete(QUEUE *q)
2185 {
2186 if (!ck_clnt_srvr_id(q))
2187 return;
2188 if (!picky_admn(q, 0, 0))
2189 return;
2190 /* if we've already answered, then just repeat ourselves */
2191 if (ridc_get(q)) {
2192 repeat_resp(q);
2193 return;
2194 }
2195
2196 dcc_error_msg("received %s", op_id_ip(q));
2197 ++dccd_stats.admin;
2198
2199 if (q->pkt_len != sizeof(q->pkt.d)) {
2200 send_error(q, "wrong packet length %d for %s",
2201 q->pkt_len, qop2str(q));
2202 return;
2203 }
2204 if (q->pkt.d.ck.len != sizeof(q->pkt.d.ck)) {
2205 send_error(q, "unknown checksum length %d", q->pkt.d.ck.len);
2206 return;
2207 }
2208 if (!DCC_CK_OK_DB(grey_on, q->pkt.d.ck.type)) {
2209 send_error(q, "unknown checkksum type %d", q->pkt.d.ck.type);
2210 return;
2211 }
2212
2213 if (db_lock() < 0) {
2214 NORESP_EMSG(q);
2215 return;
2216 }
2217 if (delete_sub(q, &q->pkt.d.ck, 0)) {
2218 /* We need to clean the database after a deletion
2219 * to correct the totals of other checksums.
2220 * Don't bother for reputations or server-ID declarations. */
2221 if (!DCC_CK_IS_REP_CMN(grey_on, q->pkt.d.ck.type)
2222 && q->pkt.d.ck.type != DCC_CK_SRVR_ID)
2223 need_del_dbclean = "checksum deleted";
2224
2225 send_ok(q);
2226 }
2227 }
2228
2229
2230
2231 /* restore the embargo against a sender of spam */
2232 void
2233 do_grey_spam(QUEUE *q)
2234 {
2235 TMSG1(QUERY, "received %s", op_id_ip(q));
2236 if (!ck_clnt_id(q))
2237 return;
2238 if (q->flags & Q_FG_UNTRUSTED) {
2239 anon_msg("drop %s", from_id_ip(q, 1));
2240 return;
2241 }
2242
2243 /* require the checksum of the (source,sender,target) triple */
2244 if (q->pkt_len != sizeof(q->pkt.gs)) {
2245 send_error(q, "wrong packet length %d for %s",
2246 q->pkt_len, qop2str(q));
2247 return;
2248 }
2249 if (q->pkt.gs.triple.type != DCC_CK_GREY3) {
2250 send_error(q, "%s instead of %s for %s",
2251 DB_TYPE2STR(q->pkt.gs.msg.type),
2252 DB_TYPE2STR(DCC_CK_GREY3),
2253 qop2str(q));
2254 return;
2255 }
2256 if (q->pkt.gs.triple.len != sizeof(q->pkt.gs.triple)) {
2257 send_error(q, "unknown triple checksum length %d",
2258 q->pkt.gs.ip.len);
2259 return;
2260 }
2261 if (q->pkt.gs.msg.type != DCC_CK_GREY_MSG) {
2262 send_error(q, "%s instead of %s for %s",
2263 DB_TYPE2STR(q->pkt.gs.msg.type),
2264 DB_TYPE2STR(DCC_CK_GREY_MSG),
2265 qop2str(q));
2266 return;
2267 }
2268 if (q->pkt.gs.msg.len != sizeof(q->pkt.gs.msg)) {
2269 send_error(q, "unknown msg checksum length %d",
2270 q->pkt.gs.ip.len);
2271 return;
2272 }
2273 if (q->pkt.gs.ip.type != DCC_CK_IP) {
2274 send_error(q, "%s instead of %s for %s",
2275 DB_TYPE2STR(q->pkt.gs.msg.type),
2276 DB_TYPE2STR(DCC_CK_IP),
2277 qop2str(q));
2278 return;
2279 }
2280 if (q->pkt.gs.ip.len != sizeof(q->pkt.gs.ip)) {
2281 send_error(q, "unknown IP checksum length %d",
2282 q->pkt.gs.ip.len);
2283 return;
2284 }
2285
2286 if (db_lock() < 0) {
2287 NORESP_EMSG(q);
2288 return;
2289 }
2290 if (delete_sub(q, &q->pkt.gs.ip, 1)
2291 && delete_sub(q, &q->pkt.gs.triple, 1)
2292 && delete_sub(q, &q->pkt.gs.msg, 1))
2293 send_ok(q);
2294 }
2295
2296
2297
2298 static void
2299 do_flod(QUEUE *q)
2300 {
2301 DCC_ADMN_RESP check;
2302 int print_len;
2303 u_int32_t val, arg;
2304 DCC_AOP_FLODS fop;
2305 FLOD_MMAP *mp;
2306 OFLOD_INFO *ofp;
2307 u_char loaded, found_it;
2308
2309 val = ntohl(q->pkt.ad.val1);
2310 fop = val % 256;
2311 arg = val / 256;
2312
2313 if (fop != DCC_AOP_FLOD_LIST) {
2314 if (!picky_admn(q, fop == DCC_AOP_FLOD_STATS, 0))
2315 return;
2316 }
2317
2318 switch (fop) {
2319 case DCC_AOP_FLOD_CHECK:
2320 /* `cdcc "flood check"` forces occasional defenses of
2321 * our server-ID */
2322 if (host_id_next > db_time.tv_sec + 60)
2323 host_id_next = db_time.tv_sec;
2324
2325 next_flods_ck = 0;
2326 if (0 >= check_load_ids(0)) {
2327 dcc_error_msg("%s", dcc_emsg);
2328 send_error(q, "%s", dcc_emsg);
2329 return;
2330 }
2331 flod_stats_printf(check.val.string, sizeof(check.val.string),
2332 (!FLODS_OK() || flods_st == FLODS_ST_OFF)
2333 ? 0
2334 : (flods_st != FLODS_ST_ON) ? 1
2335 : 2,
2336 oflods.total, oflods.open, iflods.open);
2337 check.hdr.len = (strlen(check.val.string)
2338 + sizeof(check)-sizeof(check.val));
2339 check.hdr.op = DCC_OP_ADMN;
2340 send_resp(q, &check.hdr, 0);
2341 flods_ck(1);
2342 check_blacklist_file();
2343 return;
2344
2345 case DCC_AOP_FLOD_SHUTDOWN:
2346 if (ridc_get(q)) {
2347 repeat_resp(q);
2348 return;
2349 }
2350 ++flods_off;
2351 flods_stop("shutdown flooding", 0);
2352 send_ok(q);
2353 return;
2354
2355 case DCC_AOP_FLOD_HALT:
2356 if (ridc_get(q)) {
2357 repeat_resp(q);
2358 return;
2359 }
2360 ++flods_off;
2361 flods_stop("stop flooding", 1);
2362 send_ok(q);
2363 return;
2364
2365 case DCC_AOP_FLOD_RESUME:
2366 if (ridc_get(q)) {
2367 repeat_resp(q);
2368 return;
2369 }
2370 if (0 >= check_load_ids(0)) {
2371 dcc_error_msg("%s", dcc_emsg);
2372 send_error(q, "%s", dcc_emsg);
2373 return;
2374 }
2375 if (flods_off) {
2376 flods_off = 0;
2377 flods_restart("resume flooding", 0);
2378 }
2379 send_ok(q);
2380 flods_ck(0);
2381 return;
2382
2383 case DCC_AOP_FLOD_REWIND:
2384 if (ridc_get(q)) {
2385 repeat_resp(q);
2386 return;
2387 }
2388 if (flod_mmaps) {
2389 loaded = 0;
2390 } else if (!load_flod(0)) {
2391 send_error(q, "too busy to rewind floods");
2392 return;
2393 } else {
2394 loaded = 1;
2395 }
2396 found_it = (arg == DCC_ID_INVALID);
2397 for (mp = flod_mmaps->mmaps;
2398 mp <= LAST(flod_mmaps->mmaps);
2399 ++mp) {
2400 if (arg == DCC_ID_INVALID
2401 || mp->rem_id == arg) {
2402 mp->flags |= FLODMAP_FG_NEED_REWIND;
2403 mp->flags &= ~FLODMAP_FG_FFWD_IN;
2404 dcc_trace_msg("rewind flood from server-ID %d",
2405 arg);
2406 found_it = 1;
2407 }
2408 }
2409 if (!found_it) {
2410 send_error(q, "unknown server-ID %d for %s",
2411 arg, qop2str(q));
2412 } else {
2413 send_ok(q);
2414 flods_ck(0);
2415 }
2416 if (loaded)
2417 oflods_clear();
2418 return;
2419
2420 case DCC_AOP_FLOD_LIST:
2421 loaded = !flod_mmaps && load_flod(0);
2422 if (flod_mmaps) {
2423 print_len = flods_list(check.val.string,
2424 sizeof(check.val.string),
2425 (q->flags & Q_FG_UNTRUSTED)!=0);
2426 } else {
2427 /* it is not an error if map is locked, because
2428 * dbclean uses this operation to see if we are
2429 * listening */
2430 print_len = snprintf(check.val.string,
2431 ISZ(check.val.string),
2432 "too busy to list floods");
2433 if (print_len > ISZ(check.val.string))
2434 print_len = ISZ(check.val.string);
2435 }
2436 check.hdr.len = (print_len
2437 + sizeof(check)-sizeof(check.val));
2438 check.hdr.op = DCC_OP_ADMN;
2439 send_resp(q, &check.hdr, 0);
2440 if (loaded)
2441 oflods_clear();
2442 return;
2443
2444 case DCC_AOP_FLOD_STATS:
2445 case DCC_AOP_FLOD_STATS_CLEAR:
2446 print_len = flod_stats(check.val.string,
2447 sizeof(check.val.string),
2448 arg,
2449 fop == DCC_AOP_FLOD_STATS_CLEAR);
2450 if (print_len < 0) {
2451 send_error(q, "too busy to find flood stats");
2452 return;
2453 }
2454 check.hdr.len = print_len + sizeof(check)-sizeof(check.val);
2455 check.hdr.op = DCC_OP_ADMN;
2456 send_resp(q, &check.hdr, 0);
2457 flods_ck(0);
2458 return;
2459
2460 case DCC_AOP_FLOD_FFWD_IN:
2461 case DCC_AOP_FLOD_FFWD_OUT:
2462 if (ridc_get(q)) {
2463 repeat_resp(q);
2464 return;
2465 }
2466 if (flod_mmaps) {
2467 loaded = 0;
2468 } else if (!load_flod(0)) {
2469 send_error(q, "too busy to fast-forward floods");
2470 return;
2471 } else {
2472 loaded = 1;
2473 }
2474 ofp = oflods.infos;
2475 for (;;) {
2476 mp = ofp->mp;
2477 if (mp->rem_id == arg) {
2478 /* found the target */
2479 if (fop == DCC_AOP_FLOD_FFWD_OUT) {
2480 ofp->cur_pos = db_csize;
2481 if (ofp->soc < 0)
2482 mp->confirm_pos = db_csize;
2483 dcc_trace_msg("fast forward flood to"
2484 " server-ID %d",
2485 arg);
2486 } else {
2487 mp->flags |= FLODMAP_FG_FFWD_IN;
2488 mp->flags &= ~FLODMAP_FG_NEED_REWIND;
2489 }
2490 send_ok(q);
2491 if (!loaded)
2492 flods_ck(0);
2493 break;
2494 }
2495 if (++ofp > LAST(oflods.infos)) {
2496 send_error(q, "unknown server-ID %d for %s",
2497 arg, qop2str(q));
2498 break;
2499 }
2500 }
2501 if (loaded)
2502 oflods_clear();
2503 return;
2504 }
2505
2506 send_error(q, "unrecognized %s value %d", qop2str(q), fop);
2507 }
2508
2509
2510
2511 void
2512 stats_clear(void)
2513 {
2514 OFLOD_INFO *ofp;
2515
2516 memset(&dccd_stats, 0, sizeof(dccd_stats));
2517 for (ofp = oflods.infos; ofp <= LAST(oflods.infos); ++ofp) {
2518 if (ofp->rem_hostname[0] == '\0')
2519 continue;
2520
2521 /* The counts reported to `cdcc stats` are sums
2522 * of the dccd_stats and ofp->cnts values. Bias
2523 * the dccd_stats values by the current ofp->cnts values
2524 * so the reported counts will be zero. When the flooding
2525 * connection is closed, the ofp->cnts values will be added
2526 * to the dccd_stats values. */
2527 dccd_stats.iflod_total -= ofp->cnts.total;
2528 dccd_stats.iflod_accepted -= ofp->cnts.accepted;
2529 dccd_stats.iflod_stale -= ofp->lc.stale.cur;
2530 dccd_stats.iflod_dup -= ofp->lc.dup.cur;
2531 dccd_stats.iflod_wlist -= ofp->lc.wlist.cur;
2532 dccd_stats.iflod_not_deleted -= ofp->lc.not_deleted.cur;
2533 }
2534
2535 q_delays_start = 0;
2536
2537 memset(&db_stats, 0, sizeof(db_stats));
2538 dccd_stats.reset = db_time;
2539 }
2540
2541
2542
2543 static u_char /* 1=sent 0=something wrong */
2544 stats_send(QUEUE *q)
2545 {
2546 DCC_ADMN_RESP stats;
2547 char tbuf[80];
2548 OFLOD_INFO *ofp;
2549 IFLOD_INFO *ifp;
2550 int oflods_connecting, iflods_connecting;
2551 SCNTR iflod_total, iflod_accepted, iflod_stale;
2552 SCNTR iflod_dup, iflod_wlist, iflod_not_deleted;
2553 char flod_buf[60];
2554 char clients_reset[40], reset_buf[36], now_buf[20];
2555 int clients;
2556 int age;
2557 const char *client_ovf;
2558 int blen, plen, len;
2559
2560 tbuf[0] = '\0';
2561 if (dccd_tracemask & DCC_TRACE_ADMN_BIT)
2562 strcat(tbuf, "ADMN ");
2563 if (dccd_tracemask & DCC_TRACE_ANON_BIT)
2564 strcat(tbuf, "ANON ");
2565 if (dccd_tracemask & DCC_TRACE_CLNT_BIT)
2566 strcat(tbuf, "CLNT ");
2567 if (dccd_tracemask & DCC_TRACE_RLIM_BIT)
2568 strcat(tbuf, "RLIM ");
2569 if (dccd_tracemask & DCC_TRACE_QUERY_BIT)
2570 strcat(tbuf, "QUERY ");
2571 if (dccd_tracemask & DCC_TRACE_RIDC_BIT)
2572 strcat(tbuf, "RIDC ");
2573 if (dccd_tracemask & DCC_TRACE_FLOD_BIT)
2574 strcat(tbuf, "FLOOD ");
2575 if (dccd_tracemask & DCC_TRACE_FLOD2_BIT)
2576 strcat(tbuf, "FLOOD2 ");
2577 if (dccd_tracemask & DCC_TRACE_IDS_BIT)
2578 strcat(tbuf, "IDS ");
2579 if (dccd_tracemask & DCC_TRACE_BL_BIT)
2580 strcat(tbuf, "BL ");
2581 if (dccd_tracemask & DCC_TRACE_DB_BIT)
2582 strcat(tbuf, "DB ");
2583 if (dccd_tracemask & DCC_TRACE_WLIST_BIT)
2584 strcat(tbuf, "WLIST ");
2585
2586 clients = clients_get(0, 0, 0, 0, 0, 0, 0);
2587 if (clients >= 0) {
2588 client_ovf = "";
2589 } else {
2590 client_ovf = ">";
2591 clients = -clients;
2592 }
2593 age = db_time.tv_sec - clients_cleared;
2594 if (age <= 24*60*60) {
2595 dcc_time2str(clients_reset, sizeof(clients_reset),
2596 "since %X", clients_cleared);
2597 } else if (age <= 3*24*60*60) {
2598 snprintf(clients_reset, sizeof(clients_reset),
2599 "in %d hours", (age + 60*60/2) / (60*60));
2600 } else {
2601 snprintf(clients_reset, sizeof(clients_reset),
2602 "in %d days", (age + 24*60*60/2) / (24*60*60));
2603 }
2604
2605 oflods_connecting = 0;
2606 iflod_total = dccd_stats.iflod_total;
2607 iflod_accepted = dccd_stats.iflod_accepted;
2608 iflod_stale = dccd_stats.iflod_stale;
2609 iflod_dup = dccd_stats.iflod_dup;
2610 iflod_wlist = dccd_stats.iflod_wlist;
2611 iflod_not_deleted = dccd_stats.iflod_not_deleted;
2612 for (ofp = oflods.infos; ofp <= LAST(oflods.infos); ++ofp) {
2613 if (ofp->soc >= 0 && !(ofp->flags & OFLOD_FG_CONNECTED))
2614 ++oflods_connecting;
2615 iflod_total += ofp->cnts.total;
2616 iflod_accepted += ofp->cnts.accepted;
2617 iflod_stale += ofp->lc.stale.cur;
2618 iflod_dup += ofp->lc.dup.cur;
2619 iflod_wlist += ofp->lc.wlist.cur;
2620 iflod_not_deleted += ofp->lc.not_deleted.cur;
2621 }
2622 iflods_connecting = 0;
2623 for (ifp = iflods.infos; ifp <= LAST(iflods.infos); ++ifp) {
2624 if (ifp->soc >= 0 && !(ifp->flags & IFLOD_FG_VERS_CK))
2625 ++iflods_connecting;
2626 }
2627 dcc_time2str(reset_buf, sizeof(reset_buf),"%b %d %X",
2628 dccd_stats.reset.tv_sec);
2629 dcc_time2str(now_buf, sizeof(now_buf), "%b %d %X %Z",
2630 db_time.tv_sec);
2631
2632 blen = min(sizeof(stats.val.string), ntohl(q->pkt.ad.val1));
2633 plen = snprintf(stats.val.string, blen,
2634 " version "DCC_VERSION" %s%s%stracing %s\n"
2635 "%7d hash entries %6d used "L_DWPAT(9)" DB bytes\n"
2636 "%5d ms delay "L_DPAT" NOPs "L_DPAT""
2637 " ADMN "L_DPAT" query %s%d clients %s\n",
2638
2639 db_minimum_map ? "DB UNLOCKED " : "",
2640 query_only ? "Q-mode " : "",
2641 grey_on ? "greylist " : "",
2642 tbuf[0] ? tbuf : "nothing",
2643
2644 HADDR2LEN(db_hash_len), HADDR2LEN(db_hash_used), db_csize,
2645
2646 avg_q_delay_ms(q),
2647
2648 dccd_stats.nops, dccd_stats.admin, dccd_stats.queries,
2649 client_ovf, clients, clients_reset);
2650 if (plen >= blen)
2651 plen = blen-1;
2652 blen -= plen;
2653
2654 if (grey_on) {
2655 len = snprintf(&stats.val.string[plen], blen,
2656 L_DWPAT(7)" reports "L_DWPAT(2)" whitelisted\n",
2657
2658 dccd_stats.reports,
2659 dccd_stats.respwhite);
2660
2661 } else {
2662 len = snprintf(&stats.val.string[plen], blen,
2663 L_DWPAT(8)" reports "
2664 L_DWPAT(7)">10 "
2665 L_DWPAT(7)">100 "
2666 L_DWPAT(7)">1000 "
2667 L_DWPAT(7)" many\n"
2668 " answers "L_DWPAT(7)">10 "
2669 L_DWPAT(7)">100 "
2670 L_DWPAT(7)">1000 "
2671 L_DWPAT(7)" many\n",
2672
2673 dccd_stats.reports,
2674 (dccd_stats.report10 + dccd_stats.report100
2675 + dccd_stats.report1000 + dccd_stats.reportmany),
2676 (dccd_stats.report100 + dccd_stats.report1000
2677 + dccd_stats.reportmany),
2678 dccd_stats.report1000 + dccd_stats.reportmany,
2679 dccd_stats.reportmany,
2680
2681 (dccd_stats.resp10 + dccd_stats.resp100
2682 + dccd_stats.resp1000 + dccd_stats.respmany),
2683 dccd_stats.resp100 + dccd_stats.resp1000 + dccd_stats.respmany,
2684 dccd_stats.resp1000 + dccd_stats.respmany,
2685 dccd_stats.respmany);
2686 }
2687 if (len >= blen)
2688 len = blen-1;
2689 blen -= len;
2690 plen += len;
2691
2692 len = snprintf(&stats.val.string[plen], blen,
2693 L_DWPAT(8)" bad op "
2694 L_DWPAT(4)" passwd "
2695 L_DWPAT(6)" blist "
2696 L_DWPAT(4)" reject "
2697 L_DWPAT(6)" retrans\n",
2698 dccd_stats.bad_op, dccd_stats.bad_passwd, dccd_stats.blist,
2699 dccd_stats.send_error, dccd_stats.report_retrans);
2700 if (len >= blen)
2701 len = blen-1;
2702 blen -= len;
2703 plen += len;
2704
2705 if (!grey_on) {
2706 len = snprintf(&stats.val.string[plen], blen,
2707 L_DWPAT(8)" answers rate-limited "
2708 L_DWPAT(4)" anon "
2709 L_DWPAT(5)" reports rejected\n",
2710 dccd_stats.rl, dccd_stats.anon_rl, dccd_stats.report_reject);
2711 if (len >= blen)
2712 len = blen-1;
2713 blen -= len;
2714 plen += len;
2715 }
2716
2717 len = snprintf(&stats.val.string[plen], blen,
2718 " %s "
2719 L_DWPAT(8)" total flooded in\n"
2720 L_DWPAT(8)" accepted "
2721 L_DWPAT(6)" stale "
2722 L_DWPAT(8)" dup "
2723 L_DWPAT(5)" white "
2724 L_DPAT" delete\n"
2725 L_DWPAT(8)" reports added between %s and %s",
2726 flod_stats_printf(flod_buf, sizeof(flod_buf),
2727 (db_minimum_map || flods_st == FLODS_ST_OFF) ? 0
2728 : (flods_st != FLODS_ST_ON) ? 1
2729 : 2,
2730 oflods.total,
2731 oflods.open - oflods_connecting,
2732 iflods.open - iflods_connecting),
2733 iflod_total,
2734 iflod_accepted, iflod_stale, iflod_dup,
2735 iflod_wlist, iflod_not_deleted,
2736
2737 dccd_stats.adds+db_stats.adds, reset_buf, now_buf);
2738 if (len >= blen)
2739 len = blen-1;
2740 blen -= len;
2741 plen += len;
2742
2743 stats.hdr.len = plen + sizeof(stats)-sizeof(stats.val);
2744 stats.hdr.op = DCC_OP_ADMN;
2745 send_resp(q, &stats.hdr, 0);
2746 return 1;
2747 }
2748
2749
2750
2751 void
2752 timestamp_send(const QUEUE *q)
2753 {
2754 time_t delta;
2755 DCC_ADMN_RESP msg;
2756 int blen, plen;
2757
2758 delta = picky_time(q);
2759
2760 blen = min(sizeof(msg.val.string), ntohl(q->pkt.ad.val1));
2761 if (delta < -MAX_CMD_CLOCK_SKEW || delta > MAX_CMD_CLOCK_SKEW) {
2762 if (delta < -MAX_FLOD_CLOCK_SKEW
2763 || delta > MAX_FLOD_CLOCK_SKEW) {
2764 plen = snprintf(msg.val.string, blen,
2765 " clocks differ by about %d seconds"
2766 "\n which is more than the"
2767 " maximum allowed for flooding, %d",
2768 (int)delta, MAX_FLOD_CLOCK_SKEW);
2769 } else {
2770 plen = snprintf(msg.val.string, blen,
2771 " clocks differ by about %d seconds"
2772 "\n which is more than the"
2773 " maximum allowed for commands, %d",
2774 (int)delta, MAX_CMD_CLOCK_SKEW);
2775 }
2776 } else {
2777 plen = snprintf(msg.val.string, blen,
2778 " clocks differ by about %d seconds",
2779 (int)delta);
2780 }
2781
2782 msg.hdr.len = plen + sizeof(msg)-sizeof(msg.val);
2783 msg.hdr.op = DCC_OP_ADMN;
2784 send_resp(q, &msg.hdr, 0);
2785 }
2786
2787
2788
2789 void
2790 do_nop(QUEUE *q)
2791 {
2792 /* respond immediately to even anonymous NOPs so that clients
2793 * that are confused about passwords and whether they are anonymous
2794 * do not retransmit unnecessarily */
2795 TMSG1(ADMN, "received %s", op_id_ip(q));
2796 ++dccd_stats.nops;
2797
2798 if (!ck_clnt_srvr_id(q)) {
2799 ++q->rl->d.nops;
2800 return;
2801 }
2802
2803 ++q->rl->d.nops;
2804 send_ok(q);
2805 }
2806
2807
2808
2809 /* deal with an adminstative request */
2810 void
2811 do_admn(QUEUE *q)
2812 {
2813 u_int32_t val1;
2814 DCC_ADMN_RESP resp;
2815 int len, offset;
2816 u_int32_t adelay_ms;
2817 struct in6_addr addr6, mask6;
2818 const struct in6_addr *addr6p, *mask6p;
2819
2820 val1 = ntohl(q->pkt.ad.val1);
2821 TMSG3(ADMN, "received val2=%#x val3=%#x in %s",
2822 q->pkt.ad.val2, q->pkt.ad.val3, op_id_ip(q));
2823 ++dccd_stats.admin;
2824
2825 if (!ck_clnt_srvr_id(q))
2826 return;
2827
2828 if (q->pkt_len != DCC_ADMN_REQ_MIN_SIZE
2829 && (q->pkt_len != (DCC_ADMN_REQ_MIN_SIZE
2830 + sizeof(DCC_AOP_CLIENTS_CIDR))
2831 || (q->pkt.ad.aop != DCC_AOP_CLIENTS
2832 && q->pkt.ad.aop != DCC_AOP_CLIENTS_ID))) {
2833 send_error(q, "%s size = %d", qop2str(q), q->pkt_len);
2834 return;
2835 }
2836
2837 switch ((DCC_AOPS)q->pkt.ad.aop) {
2838 case DCC_AOP_STOP: /* stop gracefully */
2839 if (!picky_admn(q, 0, 0))
2840 return;
2841 if (ridc_get(q)) {
2842 repeat_resp(q);
2843 return;
2844 }
2845 if (!stopint) {
2846 stopint = -1;
2847 next_flods_ck = 0;
2848 }
2849 send_ok(q);
2850 /* fsync() or let the database be wrong if asked */
2851 if (val1 != 0)
2852 stop_mode = val1;
2853 return;
2854
2855 case DCC_AOP_DB_UNLOAD:
2856 if (!picky_admn(q, 0, 0))
2857 return;
2858 /* repeat previous answer to repeated question */
2859 if (ridc_get(q)) {
2860 repeat_resp(q);
2861 return;
2862 }
2863 /* unlike dbclean, dblist starts looking at the data
2864 * immediately, so we cannot answer before flushing */
2865 if (val1 == 0) {
2866 dcc_trace_msg("database flush started");
2867 rel_db_states();
2868 db_minimum_map = 1;
2869 db_unload(0, 0);
2870 dcc_trace_msg("database flushed; buffering off");
2871 } else {
2872 db_minimum_map = 0;
2873 dcc_trace_msg("database buffering on");
2874 }
2875 send_ok(q);
2876 return;
2877
2878 case DCC_AOP_FLOD: /* control flooding */
2879 do_flod(q);
2880 return;
2881
2882 case DCC_AOP_DB_CLEAN: /* start switch to new database */
2883 if (!picky_admn(q, 0, 0))
2884 return;
2885 /* repeat previous answer to repeated question */
2886 if (ridc_get(q)) {
2887 repeat_resp(q);
2888 return;
2889 }
2890 if (!flods_off || oflods.total != 0) {
2891 send_error(q, "flooding not stopped before %s",
2892 qop2str(q));
2893 return;
2894 }
2895 send_ok(q); /* asnwer now before we stall */
2896 dcc_trace_msg("database cleaning begun");
2897 next_flods_ck = 0;
2898 /* don't start our own cleaning */
2899 del_dbclean_next = db_time.tv_sec + DEL_DBCLEAN_SECS;
2900 dbclean_limit = db_time.tv_sec + dbclean_limit_secs;
2901 /* Dbclean expects us to remove its separate hold on flooding
2902 * so that it will not need to talk to us after telling us
2903 * to close the old database. This because we might stall
2904 * on some systems with lame mmap() support including BSD/OS,
2905 * for minutes in close().
2906 * It might be nice to be able to turn off flooding before
2907 * dbclean is run and have it remain off when dbclean
2908 * finishes. However, the need for that that is very rare
2909 * and there are mysterious cases where flooding gets
2910 * turned off by dbclean and never restored. */
2911 flods_off = 0;
2912 /* release and unmap buffers, possibly stalling */
2913 db_minimum_map = 1;
2914 rel_db_states();
2915 db_unload(0, 0);
2916 return;
2917
2918 case DCC_AOP_DB_NEW: /* finish switch to new database */
2919 if (!picky_admn(q, 0, 0))
2920 return;
2921 if (ridc_get(q)) {
2922 repeat_resp(q);
2923 return;
2924 }
2925 if (!db_minimum_map) {
2926 send_error(q, "%s received before %s",
2927 qop2str(q),
2928 dcc_aop2str(0, 0, DCC_AOP_DB_CLEAN, 0));
2929 return;
2930 }
2931 /* send "ok" now because we may stall waiting to reopen */
2932 send_ok(q);
2933 db_close(1);
2934 dccd_stats.adds += db_stats.adds;
2935 if (!dccd_db_open(DB_OPEN_LOCK_WAIT))
2936 dcc_logbad(dcc_ex_code,
2937 "could not restart database %s: %s",
2938 db_nm, dcc_emsg);
2939 dcc_trace_msg(DCC_VERSION" database %s reopened with %s",
2940 db_nm, db_window_size_str);
2941 flods_off = 0;
2942 flods_restart("database reopened", 0);
2943 next_flods_ck = 0; /* possibly reap dbclean child */
2944 if (0 >= check_load_ids(2))
2945 dcc_error_msg("%s", dcc_emsg);
2946 return;
2947
2948 case DCC_AOP_STATS: /* return counters */
2949 /* we cannot just repeat ourselves for retransmissions,
2950 * because the answer is too big to save */
2951 stats_send(q);
2952 return;
2953
2954 case DCC_AOP_STATS_CLEAR: /* return and then zero counters */
2955 if (!picky_admn(q, 0, 0))
2956 return;
2957 /* we cannot just repeat ourselves for retransmissions,
2958 * because the answer is too big to save */
2959 if (stats_send(q)) {
2960 clients_clear();
2961 stats_clear();
2962 }
2963 return;
2964
2965 case DCC_AOP_TRACE_ON:
2966 case DCC_AOP_TRACE_OFF:
2967 if (!picky_admn(q, 0, 0))
2968 return;
2969 /* it is idempotent, but suppress duplicate trace messages */
2970 if (ridc_get(q)) {
2971 repeat_resp(q);
2972 return;
2973 }
2974 /* log trace changes even when tracing is off */
2975 if (!(DCC_TRACE_ADMN_BIT & dccd_tracemask))
2976 dcc_trace_msg("received %s", op_id_ip(q));
2977 if ((val1 & ~DCC_TRACE_BITS) != 0 || val1 == 0) {
2978 send_error(q, "invalid trace bits %#x", val1);
2979 return;
2980 }
2981 if (q->pkt.ad.aop == DCC_AOP_TRACE_OFF) {
2982 dccd_tracemask &= ~val1;
2983 } else {
2984 dccd_tracemask |= val1;
2985 /* do not suppress the next duplicated flood message */
2986 if (val1 & DCC_TRACE_FLOD_BIT)
2987 flod_trace_gen = db_time.tv_sec;
2988 }
2989 send_ok(q);
2990 return;
2991
2992 case DCC_AOP_CLIENTS:
2993 case DCC_AOP_CLIENTS_ID:
2994 if (!picky_admn(q, 1, 1))
2995 return;
2996 /* we cannot just repeat ourselves for retransmissions,
2997 * because the answer is too big to save */
2998 offset = (val1 >> 16) + (((u_int)q->pkt.ad.val4) << 16);
2999 val1 &= 0xffff;
3000 len = q->pkt.ad.val2;
3001 if (q->pkt_len == (DCC_ADMN_REQ_MIN_SIZE
3002 + sizeof(DCC_AOP_CLIENTS_CIDR))) {
3003 memcpy(&addr6, &q->pkt.ad.val5[0], sizeof(addr6));
3004 dcc_bits2mask(&mask6, q->pkt.ad.val5[sizeof(addr6)]);
3005 addr6p = &addr6;
3006 mask6p = &mask6;
3007 } else {
3008 mask6p = 0;
3009 addr6p = 0;
3010 }
3011 if (q->pkt.ad.aop == DCC_AOP_CLIENTS)
3012 clients_get(&resp.val, &len, offset,
3013 val1, q->pkt.ad.val3, addr6p, mask6p);
3014 else
3015 clients_get_id(&resp.val, &len, offset,
3016 val1, q->pkt.ad.val3, addr6p, mask6p);
3017 resp.hdr.len = len + sizeof(resp)-sizeof(resp.val);
3018 resp.hdr.op = DCC_OP_ADMN;
3019 send_resp(q, &resp.hdr, 0);
3020 return;
3021
3022 case DCC_AOP_ANON_DELAY:
3023 /* get and set the anonymous client delay
3024 *
3025 * repeat answer to identical question */
3026 if (ridc_get(q)) {
3027 repeat_resp(q);
3028 return;
3029 }
3030 if (anon_off)
3031 adelay_ms = DCC_ANON_DELAY_FOREVER;
3032 else
3033 adelay_ms = anon_delay_us/1000;
3034 resp.val.anon_delay.delay[0] = adelay_ms>>8;
3035 resp.val.anon_delay.delay[1] = adelay_ms;
3036 if (anon_delay_inflate == DCC_ANON_INFLATE_OFF) {
3037 resp.val.anon_delay.inflate[0] = 0;
3038 resp.val.anon_delay.inflate[1] = 0;
3039 resp.val.anon_delay.inflate[2] = 0;
3040 resp.val.anon_delay.inflate[3] = 0;
3041 } else {
3042 resp.val.anon_delay.inflate[0] = anon_delay_inflate>>24;
3043 resp.val.anon_delay.inflate[1] = anon_delay_inflate>>16;
3044 resp.val.anon_delay.inflate[2] = anon_delay_inflate>>8;
3045 resp.val.anon_delay.inflate[3] = anon_delay_inflate;
3046 }
3047 adelay_ms = (q->pkt.ad.val2<<8) + q->pkt.ad.val3;
3048 if (adelay_ms != DCC_NO_ANON_DELAY
3049 && picky_admn(q, 0, 0)) {
3050 if (adelay_ms == DCC_ANON_DELAY_FOREVER) {
3051 anon_off = 1;
3052 } else {
3053 anon_off = 0;
3054 if (adelay_ms > DCC_ANON_DELAY_MAX/1000)
3055 adelay_ms = DCC_ANON_DELAY_MAX/1000;
3056 anon_delay_us = adelay_ms*1000;
3057 if (val1 == 0)
3058 val1 = DCC_ANON_INFLATE_OFF;
3059 anon_delay_inflate = val1;
3060 }
3061 }
3062 resp.hdr.len = (sizeof(resp)-sizeof(resp.val)
3063 + sizeof(resp.val.anon_delay));
3064 resp.hdr.op = DCC_OP_ADMN;
3065 send_resp(q, &resp.hdr, 0);
3066 return;
3067
3068 case DCC_AOP_CLOCK_CHECK:
3069 timestamp_send(q);
3070 return;
3071
3072 case DCC_AOP_OK:
3073 case DCC_AOP_unused1:
3074 default:
3075 break;
3076 }
3077
3078 send_error(q, "invalid %s", qop2str(q));
3079 }