Mercurial > notdcc
view dccd/work.c @ 2:f6716cb00029
Replace buggy stuff in deb dir, never make phone calls while working
author | Peter Gervai <grin@grin.hu> |
---|---|
date | Tue, 10 Mar 2009 14:29:12 +0100 |
parents | c7f6b056b673 |
children |
line wrap: on
line source
/* Distributed Checksum Clearinghouse * * work on a job in the server * * Copyright (c) 2008 by Rhyolite Software, LLC * * This agreement is not applicable to any entity which sells anti-spam * solutions to others or provides an anti-spam solution as part of a * security solution sold to other entities, or to a private network * which employs the DCC or uses data provided by operation of the DCC * but does not provide corresponding data to other users. * * Permission to use, copy, modify, and distribute this software without * changes for any purpose with or without fee is hereby granted, provided * that the above copyright notice and this permission notice appear in all * copies and any distributed versions or copies are either unchanged * or not called anything similar to "DCC" or "Distributed Checksum * Clearinghouse". * * Parties not eligible to receive a license under this agreement can * obtain a commercial license to use DCC by contacting Rhyolite Software * at sales@rhyolite.com. * * A commercial license would be for Distributed Checksum and Reputation * Clearinghouse software. That software includes additional features. This * free license for Distributed ChecksumClearinghouse Software does not in any * way grant permision to use Distributed Checksum and Reputation Clearinghouse * software * * THE SOFTWARE IS PROVIDED "AS IS" AND RHYOLITE SOFTWARE, LLC DISCLAIMS ALL * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL RHYOLITE SOFTWARE, LLC * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * * Rhyolite Software DCC 1.3.103-1.287 $Revision$ */ #include "dccd_defs.h" typedef struct { time_t us; u_int ops; } Q_DELAY_SEC; static Q_DELAY_SEC q_delays[9]; static Q_DELAY_SEC q_delays_sum; /* sum of all but q_delays[0] */ static time_t q_delays_start; /* second for q_delayw[0] */ DCCD_STATS dccd_stats; u_char query_only; /* 1=treat reports as queries */ u_char grey_weak_body; /* 1=ignore bodies for greylisting */ u_char grey_weak_ip; /* 1=a good triple whitelists addr */ static u_char ridc_get(QUEUE *); /* report cache used to detect duplicate or retransmitted reports */ static RIDC *ridc_newest, *ridc_oldest; static RIDC **ridc_hash; static int ridc_hash_len; static inline RIDC ** ridc_hash_fnc(DCC_HDR *hdr) { u_int32_t sum; /* The client's (ID,RID,HID,PID) should be unique and constant for * retransmissions of a single request. It should make a reasonable * hash value. We cannot trust it entirely, if only because of * anonymous clients */ sum = hdr->sender; sum += hdr->op_nums.h; sum += hdr->op_nums.p; sum += hdr->op_nums.r; return &ridc_hash[mhash(sum, ridc_hash_len)]; } static void ridc_ref(RIDC *ridc) { ridc->last_used = db_time.tv_sec; if (!ridc->newer) return; /* it's already newest */ ridc->newer->older = ridc->older; if (ridc->older) ridc->older->newer = ridc->newer; else ridc_oldest = ridc->newer; ridc->older = ridc_newest; ridc->newer = 0; ridc_newest->newer = ridc; ridc_newest = ridc; } /* get a free report cache block */ static RIDC * ridc_get_free(void) { RIDC *ridc; time_t stale = db_time.tv_sec - DCC_MAX_RETRANS_DELAY_SECS; for (ridc = ridc_oldest; ridc != 0; ridc = ridc->newer) { if (ridc->last_used < stale) { /* found one, so recycle it */ if (ridc->fwd) ridc->fwd->bak = ridc->bak; if (ridc->bak) ridc->bak->fwd = ridc->fwd; else if (ridc->hash) *ridc->hash = ridc->fwd; ridc->bak = 0; ridc_ref(ridc); return ridc; } } /* there are no free blocks that are old enough to recycle */ return 0; } /* make some (more) RID blocks and (re)build the hash table */ static void ridc_make(void) { int new_len, old_len, j; RIDC *ridc, *ridc2, **ridch, **old_ridc_hash; new_len = queue_max; ridc = dcc_malloc(new_len*sizeof(*ridc)); if (!ridc) dcc_logbad(EX_OSERR, "malloc(%d RIDC blocks) failed", new_len); memset(ridc, 0, new_len*sizeof(*ridc)); for (j = 0; j < new_len; ++j, ++ridc) { /* make the new blocks oldest */ if (!ridc_oldest) { ridc_oldest = ridc_newest = ridc; } else { ridc_oldest->older = ridc; ridc->newer = ridc_oldest; ridc_oldest = ridc; } } /* rebuild and expand the hash table */ old_len = ridc_hash_len; ridc_hash_len += new_len; old_ridc_hash = ridc_hash; ridc_hash = dcc_malloc(ridc_hash_len*sizeof(*ridch)); if (!ridc_hash) dcc_logbad(EX_OSERR, "malloc(%d RIDC hash table) failed", ridc_hash_len); memset(ridc_hash, 0, ridc_hash_len*sizeof(*ridch)); if (old_len != 0) { do { for (ridc = old_ridc_hash[--old_len]; ridc != 0; ridc = ridc2) { ridch = ridc_hash_fnc(&ridc->hdr); ridc2 = ridc->fwd; ridc->bak = 0; ridc->hash = ridch; if ((ridc->fwd = *ridch) != 0) ridc->fwd->bak = ridc; *ridch = ridc; } } while (old_len != 0); dcc_free(old_ridc_hash); } } /* get the report cache block for an operation */ static u_char /* 0=new operation, 1=retransmission */ ridc_get(QUEUE *q) { RIDC *ridc, **ridch; for (;;) { if (ridc_hash) { /* look for the existing report cache block */ ridch = ridc_hash_fnc(&q->pkt.hdr); for (ridc = *ridch; ridc; ridc = ridc->fwd) { /* Reports are relatively small, so we * can afford to not trust the client's * RID to be unique. Compare all but the * client's transmission #. * Also check client's UDP port # because * it should be unchanged regardless of * multi-homing. */ if (ridc->clnt_port == q->clnt_su.ipv4.sin_port && !memcmp(&ridc->hdr, &q->pkt.hdr, sizeof(ridc->hdr) - sizeof(ridc->hdr.op_nums.t))) { /* found it, so make it newest */ ridc_ref(ridc); q->ridc = ridc; return 1; } } /* the block does not already exist, so create it */ ridc = ridc_get_free(); if (ridc) break; } /* we are out of report cache blocks, so make more */ ridc_make(); /* re-hash because our previous pointer is invalid */ } memcpy(&ridc->hdr, &q->pkt.hdr, sizeof(ridc->hdr)); ridc->clnt_port = q->clnt_su.ipv4.sin_port; ridc->op = DCC_OP_INVALID; ridc->bad = 1; ridc->len = 0; ridc->hash = ridch; ridc->fwd = *ridch; if (ridc->fwd) ridc->fwd->bak = ridc; *ridch = ridc; q->ridc = ridc; return 0; } #define RIDC_BAD(q) {if ((q)->ridc) (q)->ridc->bad = 1;} /* update the average queue delay at the start of a new second */ static void update_q_delay(void) { time_t secs; Q_DELAY_SEC *src, *tgt; secs = db_time.tv_sec - q_delays_start; if (secs == 0) return; /* At the start of a new second, * forget the delays for old seconds we no longer care about * and start accumulating delays for the new second * Slide accumulated delays and total operations previous seconds. */ q_delays_start = db_time.tv_sec; q_delays_sum.us = 0; q_delays_sum.ops = 0; tgt = LAST(q_delays); if (secs > 0 && secs < DIM(q_delays)) { src = tgt - secs; do { q_delays_sum.us += (tgt->us = src->us); q_delays_sum.ops += (tgt->ops = src->ops); --tgt; } while (src-- != &q_delays[0]); } memset(q_delays, 0, sizeof(q_delays[0]) * (tgt+1 - q_delays)); } /* compute the average queue delay this client should see */ static u_int avg_q_delay_ms(const QUEUE *q) { u_int ops; time_t us; /* get the average service delay excluding per-client-ID delays */ update_q_delay(); ops = q_delays[0].ops + q_delays_sum.ops; if (ops == 0) us = 0; else us = (q_delays[0].us + q_delays_sum.us + ops/2) / ops; /* add the per-client-ID penalty */ us += q->delay_us; return (us + 500) / 1000; } /* get a unique timestamp */ static void get_ts(DCC_TS *ts) /* put it here */ { static struct timeval prev_time; static int faked; /* if we have generated a lot of fake timestamps * and our snapshot of the clock is old, * then check the clock in the hope it has ticked */ if (db_time.tv_usec <= prev_time.tv_usec && db_time.tv_sec == prev_time.tv_sec && faked > 100) { faked = 0; gettimeofday(&db_time, 0); } /* Try to make the next timestamp unique, but only as long * as time itself marches forward. This must work many times * a second, or the resoltion of DCC timestaps. * Worse, the increment can exhaust values from future seconds. * Forget about it if the problem lasts for more than 5 minutes. */ if (db_time.tv_sec > prev_time.tv_sec || (db_time.tv_sec == prev_time.tv_sec && db_time.tv_usec > prev_time.tv_usec) || db_time.tv_sec < prev_time.tv_sec-5*60) { /* either the current time is good enough or we must * give up and use it to make the timestamp */ prev_time = db_time; faked = 0; } else { /* fudge the previous timestamp to make it good enough */ prev_time.tv_usec += DCC_TS_US_MULT; if (prev_time.tv_usec >= DCC_US) { prev_time.tv_usec -= DCC_US; ++prev_time.tv_sec; } ++faked; } dcc_timeval2ts(ts, &prev_time, 0); } /* find database record for a server-ID * use only db_sts.hash and db_sts.rcd2 * put the result in db_sts.rcd2 */ int /* -1=broken database 0=no record */ find_srvr_rcd(const DCC_SUM sum, const char *str) { DB_RCD_CK *found_ck; DB_PTR prev; int failsafe; switch (db_lookup(dcc_emsg, DCC_CK_SRVR_ID, sum, 0, MAX_HASH_ENTRIES, &db_sts.hash, &db_sts.rcd2, &found_ck)) { case DB_FOUND_LATER: case DB_FOUND_SYSERR: DB_ERROR_MSG2(str, dcc_emsg); return -1; case DB_FOUND_IT: /* look for a record that is neither obsolete nor deleted */ for (failsafe = 0; failsafe < 20; ++failsafe) { if (!DB_CK_OBS(found_ck) && DB_TGTS_RCD(db_sts.rcd2.d.r) != 0) return 1; prev = DB_PTR_EX(found_ck->prev); if (prev == DB_PTR_NULL) return 0; found_ck = db_map_rcd_ck(dcc_emsg, &db_sts.rcd2, prev, DCC_CK_SRVR_ID); if (!found_ck) { DB_ERROR_MSG2(str, dcc_emsg); return -1; } } break; case DB_FOUND_EMPTY: case DB_FOUND_CHAIN: case DB_FOUND_INTRUDER: break; } return 0; } /* find the database record of the type of a server * use only db_sts.hash and db_sts.rcd2 * put the result in db_sts.rcd2 */ int /* -1=broken database 0=no record */ find_srvr_rcd_type(DCC_SRVR_ID tgt_id) { DCC_SUM srvr_id_sum; if (db_failed_line) return -1; memset(srvr_id_sum, 0, sizeof(srvr_id_sum)); srvr_id_sum[0] = DCC_CK_SRVR_ID; srvr_id_sum[1] = tgt_id >> 8; srvr_id_sum[2] = tgt_id; return find_srvr_rcd(srvr_id_sum, "checking server-ID state"); } /* find the server type in the table of IDs */ ID_TBL * find_srvr_type(DCC_SRVR_ID tgt_id) { ID_TBL *tp; DCC_SRVR_ID srvr_type; tp = find_id_tbl(tgt_id); if (!tp) { /* check the database if it is not in the table */ if (0 >= find_srvr_rcd_type(tgt_id)) { /* assume it is a simple server if there is * no declaration in the database */ srvr_type = DCC_ID_SRVR_SIMPLE; } else { srvr_type = DB_RCD_ID(db_sts.rcd2.d.r); if (!DCC_ID_SRVR_TYPE(srvr_type)) srvr_type = DCC_ID_SRVR_SIMPLE; /* the free code knows nothing about reputations */ if (srvr_type == DCC_ID_SRVR_REP_OK) srvr_type = DCC_ID_SRVR_SIMPLE; } /* cache it in the table */ tp = add_id_tbl(tgt_id); tp->srvr_type = srvr_type; } return tp; } /* refresh our claim to our server-ID or similar * use only db_sts.hash and db_sts.rcd2 */ void refresh_srvr_rcd(const DCC_SUM sum, DCC_SRVR_ID val, const char *str) { DCC_TS old; DB_RCD rcd; int i; /* add a new record * only if no recent record of the right value exists */ i = find_srvr_rcd(sum, str); if (i < 0) return; /* broken database */ if (i > 0 && DB_RCD_ID(db_sts.rcd2.d.r) == val) { dcc_timeval2ts(&old, &db_time, -DCC_SRVR_ID_SECS/2); if (!dcc_ts_older_ts(&db_sts.rcd2.d.r->ts, &old)) return; } memset(&rcd, 0, sizeof(rcd)); get_ts(&rcd.ts); rcd.srvr_id_auth = val; DB_TGTS_RCD_SET(&rcd, 1); rcd.fgs_num_cks = 1; rcd.cks[0].type_fgs = DCC_CK_SRVR_ID; memcpy(rcd.cks[0].sum, sum, sizeof(DCC_SUM)); if (!db_add_rcd(dcc_emsg, &rcd)) DB_ERROR_MSG2(str, dcc_emsg); } static void send_resp(const QUEUE *q, DCC_HDR *hdr, /* length in host byte order */ u_char no_msg) { u_int save_len; char ob[DCC_OPBUF]; int len, i; len = hdr->len; hdr->len = htons(len); /* callers must have dealt with the variations due to versions */ if (q->pkt.hdr.pkt_vers < DCC_PKT_VERSION_MIN) hdr->pkt_vers = DCC_PKT_VERSION_MIN; else if (q->pkt.hdr.pkt_vers > DCC_PKT_VERSION_MAX) hdr->pkt_vers = DCC_PKT_VERSION_MAX; else hdr->pkt_vers = q->pkt.hdr.pkt_vers; hdr->sender = htonl(my_srvr_id); hdr->op_nums = q->pkt.hdr.op_nums; if (q->passwd[0] != '\0') { /* sign with the password that authenticated the client */ dcc_sign(q->passwd, sizeof(q->passwd), hdr, len); #ifdef DCC_PKT_VERSION8 } else if (q->pkt.hdr.pkt_vers <= DCC_PKT_VERSION8) { /* Sign old protocol responses with the client's transaction * numbers if we do not have a good password. * This happens with anonymous clients */ dcc_sign((char *)&q->pkt.hdr.op_nums, sizeof(q->pkt.hdr.op_nums), hdr, len); #endif } else { memset((char *)hdr + (len-sizeof(DCC_SIGNATURE)), 0, sizeof(DCC_SIGNATURE)); } if (q->ridc) { save_len = len-sizeof(*hdr)-sizeof(DCC_SIGNATURE); if (save_len > ISZ(q->ridc->result)) { if (hdr->op == DCC_OP_ERROR) save_len = sizeof(q->ridc->result); else dcc_logbad(EX_SOFTWARE, "RIDC buffer overflow"); } q->ridc->len = save_len; memcpy(&q->ridc->result, hdr+1, save_len); q->ridc->op = hdr->op; q->ridc->bad = 0; } i = sendto(q->sp->udp, hdr, len, 0, &q->clnt_su.sa, DCC_SU_LEN(&q->clnt_su)); if (i < 0) { clnt_msg(q, "sendto(%s, %s): %s", dcc_hdr_op2str(ob, sizeof(ob), hdr), Q_CIP(q), ERROR_STR()); } else if (len != i) { clnt_msg(q, "sendto(%s, %s)=%d instead of %d", dcc_hdr_op2str(ob, sizeof(ob), hdr), Q_CIP(q), i, len); } else if (!no_msg && (dccd_tracemask & ((hdr->op == DCC_OP_ANSWER || hdr->op == DCC_OP_NOP) ? DCC_TRACE_QUERY_BIT : DCC_TRACE_ADMN_BIT))) { dcc_trace_msg("sent %s to %s for %s", dcc_hdr_op2str(ob, sizeof(ob), hdr), Q_CIP(q), qop2str(q)); } } /* do not send an error response to a client */ static void PATTRIB(2,3) forget_error(const QUEUE *q, const char *p, ...) { va_list args; RIDC_BAD(q); if ((!q->flags & Q_FG_BAD_PASSWD) && !(q->rl->d.flags & RL_FG_BLS)) { q->rl->d.flags |= RL_FG_BL_BAD; ++dccd_stats.bad_op; } va_start(args, p); vclnt_msg(q, p, args); va_end(args); } /* send an error response to a client */ static void send_error(const QUEUE *q, const char *p, ...) { DCC_ERROR buf; int slen; va_list args; /* build and log the message */ va_start(args, p); slen = vsnprintf(buf.msg, sizeof(buf.msg), p, args); if (slen > ISZ(buf.msg)-1) slen = ISZ(buf.msg)-1; va_end(args); clnt_msg(q, "\"%s\" sent to %s", buf.msg, Q_CIP(q)); /* send it */ buf.hdr.len = sizeof(buf)-sizeof(buf.msg)+slen+1; buf.hdr.op = DCC_OP_ERROR; send_resp(q, &buf.hdr, 1); ++dccd_stats.send_error; } #define NORESP_EMSG(q) noresp_emsg(q, __LINE__) static void noresp_emsg(const QUEUE *q, int linenum) { dcc_error_msg("error near line %d in "DCC_VERSION" "__FILE__, linenum); RIDC_BAD(q); } /* tell client that a NOP or an administrative request was ok */ static void send_ok(QUEUE *q) { DCC_OK buf; time_t us; memset(&buf, 0, sizeof(buf)); buf.max_pkt_vers = max(min(q->pkt.hdr.pkt_vers, DCC_PKT_VERSION_MAX), DCC_PKT_VERSION_MIN); us = (q->delay_us + 500) / 1000; buf.qdelay_ms = htons(us); strncpy(buf.brand, brand, sizeof(buf.brand)); buf.hdr.op = DCC_OP_OK; buf.hdr.len = sizeof(buf); send_resp(q, &buf.hdr, 0); } static void repeat_resp(QUEUE *q) { struct { DCC_HDR hdr; u_char b[sizeof(q->ridc->result)]; } buf; char ob[DCC_OPBUF]; ++dccd_stats.report_retrans; if (q->ridc->bad) { TMSG1(RIDC, "repeat drop of %s", from_id_ip(q, 1)); return; } memcpy(&buf.hdr+1, &q->ridc->result, q->ridc->len); buf.hdr.op = q->ridc->op; buf.hdr.len = htons(q->ridc->len + sizeof(buf.hdr) + sizeof(DCC_SIGNATURE)); TMSG2(RIDC, "repeat previous answer of %s for %s", dcc_hdr_op2str(ob, sizeof(ob), &buf.hdr), from_id_ip(q, 1)); buf.hdr.len = ntohs(buf.hdr.len); send_resp(q, &buf.hdr, 0); } /* find a checksum in the database * use only db_sts.hash and db_sts.rcd2 * put the result in db_sts.rcd2 */ static u_char /* 0=broken database */ get_ck_tgts(DCC_TGTS *tgtsp, const DB_RCD_CK **pfound_ck, u_char must_have_it, /* 1=database broken if cksum absent */ DCC_CK_TYPES type, const DCC_SUM sum) { DB_RCD_CK *found_ck; switch (db_lookup(dcc_emsg, type, sum, 0, MAX_HASH_ENTRIES, &db_sts.hash, &db_sts.rcd2, &found_ck)) { case DB_FOUND_LATER: case DB_FOUND_SYSERR: DB_ERROR_MSG(dcc_emsg); return 0; case DB_FOUND_IT: if (pfound_ck) *pfound_ck = found_ck; if (tgtsp) *tgtsp = DB_TGTS_CK(found_ck); break; case DB_FOUND_EMPTY: case DB_FOUND_CHAIN: case DB_FOUND_INTRUDER: if (must_have_it) { db_error_msg(__LINE__,__FILE__, "missing hash entry for %s %s ", DB_TYPE2STR(type), dcc_ck2str_err(type, sum, 0)); return 0; } if (pfound_ck) *pfound_ck = 0; if (tgtsp) *tgtsp = 0; break; } return 1; } /* see if a count just passed a multiple of a threshold and so is * worth flooding or summarizing */ static u_char /* 1=time to summarize this checksum */ quick_sum_thold(DCC_CK_TYPES type, DCC_TGTS rpt_tgts, /* targets in this report */ DCC_TGTS ck_tgts) /* grand total */ { static DCC_TGTS thold_mults[] = { 1, 2, 3, 5, 10 }; DCC_TGTS thold; DCC_TGTS mult, new_mult, old_mult; int i; thold = flod_tholds[type]; if (ck_tgts < thold || thold >= DCC_TGTS_TOO_MANY) return 0; if (thold == 0) return 1; new_mult = ck_tgts / thold; old_mult = (ck_tgts - rpt_tgts) / thold; for (i = 0; i < DIM(thold_mults); ++i) { mult = thold_mults[i]; if (old_mult < mult) return (new_mult >= mult); } return 0; } /* compute summarizable total for one checksum * use db_sts.hash, db_sts.rcd2, and *rcd_st */ static DCC_TGTS /* DCC_TGTS_INVALID=broken database */ sum_total(DCC_CK_TYPES type, /* look for this */ const DCC_SUM sum, u_char must_have_it, DB_STATE *rcd_st, /* starting here */ const DB_RCD_CK *found_ck, u_char *undelay_ok, /* 0=cannot undelay by clearing bit */ DB_PTR *sum_oldest) { DB_PTR prev; DCC_TGTS rcd_tgts, sub_total; int limit; if (!rcd_st) { if (!get_ck_tgts(0, &found_ck, must_have_it, type, sum)) return DCC_TGTS_INVALID; if (!found_ck) return 0; rcd_st = &db_sts.rcd2; } if (sum_oldest) *sum_oldest = DB_PTR_MAX; sub_total = 0; for (limit = 10000; limit >= 0; --limit) { /* stop adding reports at the first summary or * compressed record in the hash chain */ if (DB_RCD_SUMRY(rcd_st->d.r) || DB_RCD_ID(rcd_st->d.r) == DCC_ID_COMP) break; /* honor deletions */ rcd_tgts = DB_TGTS_RCD(rcd_st->d.r); if (rcd_tgts == 0) break; /* We can only summarize our own delayed reports * to keep loops in the flooding topology from * inflating totals. */ if (DB_RCD_DELAY(rcd_st->d.r) && DB_RCD_ID(rcd_st->d.r) == my_srvr_id) { if (sum_oldest) *sum_oldest = rcd_st->s.rptr; sub_total = db_sum_ck(sub_total, rcd_tgts, type); /* if we summarize more than one record, * then we cannot simply convert the record */ if (undelay_ok && db_sts.sumrcd.s.rptr != rcd_st->s.rptr) *undelay_ok = 0; } prev = DB_PTR_EX(found_ck->prev); if (prev == DB_PTR_NULL) break; rcd_st = &db_sts.rcd2; found_ck = db_map_rcd_ck(dcc_emsg, rcd_st, prev, type); if (!found_ck) { DB_ERROR_MSG(dcc_emsg); return 0; } } return sub_total; } /* generate a summary record of checksum counts * db_sts.sumrcd points to the record being summarize on entry * On exit db_sts.sumrcd points to the same record or the original * has been trashed and db_sts.sumrcd points to a moved copy. * Use db_sts.rcd, db_sts.hash, db_sts.rcd2, db_sts.free, db_sts.tmp */ static u_char /* 0=sick db, 1=ok, 2=moved rcd */ summarize_rcd(u_char dly) /* 1=working on delayed records */ { DB_RCD new; DCC_TGTS rcd_tgts, ck_tgts, new_tgts, sub_total; DCC_CK_TYPES type; DB_RCD_CK *cur_ck, *new_ck; int cur_num_cks; u_char ck_needed; /* 0=junk cksum, 2=needed in new rcd */ u_char rcd_needed; /* 1=have created rcd to add */ u_char undelay_ok; /* 1=ok to remove delay bit */ u_char move_ok; DB_PTR sum_oldest; DB_PTR rcd_pos; if (db_lock() < 0) return 0; /* For each checksum whose flooding was delayed but is now needed, * generate a fake record that will be flooded */ cur_num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r); cur_ck = db_sts.sumrcd.d.r->cks; new_tgts = 0; undelay_ok = (FLODS_OK() && (DB_RCD_ID(db_sts.sumrcd.d.r) == my_srvr_id)); move_ok = 1; rcd_needed = 0; new_ck = new.cks; do { /* Sum counts of all delayed reports for this checksum */ type = DB_CK_TYPE(cur_ck); if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type)) continue; ck_needed = DB_CK_OBS(cur_ck) ? 0 : 1; /* skip trudging through the hash table to find the * most recent instance of the checksum if we * are dealing with a new record and so already * have the most recent instance. */ sub_total = sum_total(type, cur_ck->sum, 1, !dly ? &db_sts.sumrcd : 0, cur_ck, &undelay_ok, &sum_oldest); if (sub_total == DCC_TGTS_INVALID) return 0; /* Deletions and summaries between our record and the start * of the hash chain remove the need to flood this checkusm */ if (sub_total == 0) { /* skipping a checksum in the original * record makes it impossible to move it */ move_ok = 0; continue; } if (ck_needed == 1) { ck_tgts = DB_TGTS_CK(cur_ck); if (dly) { /* Flood only 1 summary per delay period */ if ((flod_mmaps == 0 || sum_oldest <= flod_mmaps->delay_pos) && ck_tgts >= flod_tholds[type]) ck_needed = 2; } else { /* We are considering the need for a summary * based on a report just received from a client * or by flooding */ if (quick_sum_thold(type, sub_total, ck_tgts)) ck_needed = 2; } } if (new_ck != new.cks) { /* We have already begun a summary record. */ if (sub_total == new_tgts) { /* extend it with this checksum even if we do * not really need to flood this checksum */ new_ck->type_fgs = type; memcpy(new_ck->sum, cur_ck->sum, sizeof(new_ck->sum)); ++new.fgs_num_cks; ++new_ck; if (ck_needed == 2) rcd_needed = 1; continue; } /* We cannot extend the current summary record. */ /* If we don't really need the checksum, * then forget the checksum. */ if (ck_needed != 2) { /* skipping a checksum in the original * record makes it impossible to move */ move_ok = 0; continue; } /* Add the current summary record to the database if * it is needed. */ if (rcd_needed) { if (!db_add_rcd(dcc_emsg, &new)) { DB_ERROR_MSG(dcc_emsg); return 0; } } /* start a new summary with this checksum. */ rcd_needed = 0; /* having added one summary record, * we cannot undelay or move the original record */ undelay_ok = 0; } /* start a new summary record */ new.srvr_id_auth = my_srvr_id; get_ts(&new.ts); new_tgts = sub_total; DB_TGTS_RCD_SET(&new, new_tgts); new.fgs_num_cks = DB_RCD_FG_SUMRY+1; new_ck = new.cks; new_ck->type_fgs = type; memcpy(new_ck->sum, cur_ck->sum, sizeof(new_ck->sum)); ++new_ck; if (ck_needed == 2) rcd_needed = 1; } while (++cur_ck, --cur_num_cks > 0); /* finished if nothing more to summarize */ if (!rcd_needed) { return 1; } /* Add the last summary record */ if (undelay_ok) { /* If possible, instead of adding a new record, * change the preceding record to not be delayed * That is possible if the preceding record has * not yet been passed by the flooding */ if (db_sts.sumrcd.s.rptr >= oflods_max_cur_pos && oflods_max_cur_pos != 0) { db_sts.sumrcd.d.r->fgs_num_cks &= ~DB_RCD_FG_DELAY; SET_FLUSH_RCD_HDR(&db_sts.sumrcd, 1); return 1; } /* failing that, try to move the record by making a new copy * and deleting the original */ if (move_ok) { /* make the new record */ memcpy(&new, db_sts.sumrcd.d.r, DB_RCD_LEN(&new)); new.fgs_num_cks &= ~DB_RCD_FG_DELAY; /* delete the old record */ DB_TGTS_RCD_SET(db_sts.sumrcd.d.r, 0); /* adjust the totals in the old record so * that the totals in the new record will be right */ rcd_tgts = DB_TGTS_RCD(&new); cur_num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r); cur_ck = db_sts.sumrcd.d.r->cks; do { new_tgts = DB_TGTS_CK(cur_ck); if (new_tgts >= DCC_TGTS_TOO_MANY) continue; if (new_tgts != 0) new_tgts -= rcd_tgts; DB_TGTS_CK_SET(cur_ck, new_tgts); } while (++cur_ck, --cur_num_cks > 0); SET_FLUSH_RCD_HDR(&db_sts.sumrcd, 1); rcd_pos = db_add_rcd(dcc_emsg, &new); if (rcd_pos == DB_PTR_NULL) { DB_ERROR_MSG(dcc_emsg); return 0; } if (!db_map_rcd(dcc_emsg, &db_sts.sumrcd, rcd_pos, 0)) { DB_ERROR_MSG(dcc_emsg); return 0; } return 1; } } if (!db_add_rcd(dcc_emsg, &new)) { DB_ERROR_MSG(dcc_emsg); return 0; } return 1; } /* generate a delayed summary for checksums in a record if necessary * The target record is specified by db_sts.sumrcd. It might be changed * Use db_sts.hash and db_sts.rcd2 */ u_char summarize_dly(void) { DCC_CK_TYPES type; const DB_RCD_CK *cur_ck; int cur_num_cks; DCC_TGTS ck_tgts; /* look for a checksum that could be summarized */ cur_num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r); cur_ck = db_sts.sumrcd.d.r->cks; do { type = DB_CK_TYPE(cur_ck); if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type)) continue; if (!get_ck_tgts(&ck_tgts, 0, 1, type, cur_ck->sum)) return 0; /* nothing to do if the checksum has already been summarized */ if (DB_RCD_SUMRY(db_sts.rcd2.d.r)) continue; /* spam reports are ignored or not delayed */ if (ck_tgts == DCC_TGTS_TOO_MANY) continue; /* Generate a summary for a bulk checksum * Records that are marked "delayed" are not flooded. * If a summary record is not synthesized and if the delay * marking not removed (instead of synthesizing a summary), * then the counts for a checksum will not be flooded. */ if (ck_tgts >= flod_tholds[type]) return summarize_rcd(1); } while (++cur_ck, --cur_num_cks > 0); return 1; } /* See if passing on a flooded report would be worthwhile. It is worthwhile * to pass on reports of spam that have not been flooded recently * and of checksums that not yet or just barely reached spam. * * db_sts.sumrcd points to the new record */ static u_char /* 0=sick database */ flod_worth(u_char *pflod, /* set =1 if report should be flooded */ const DB_RCD_CK *ck, DCC_CK_TYPES type) { DCC_TS past; DCC_TGTS total; int limit; DB_PTR prev; /* if the total with the new report is small, * then we should flood it */ total = DB_TGTS_CK(ck); if (total < REFLOOD_THRESHOLD) { /* but only if it is not trivial. * our neighbors should not send trivial reports, * but bugs happen */ if (total >= BULK_THRESHOLD/2) *pflod = 1; return 1; } /* Look for a recent report for this checksum that has been * or will be flooded. If we find one, and if the total * including it is large enough, we may not need to flood * the incoming report. If the total is too small, we * must flood the report. */ dcc_timeval2ts(&past, &db_time, -summarize_delay_secs); for (limit = 20; limit >= 0; --limit) { prev = DB_PTR_EX(ck->prev); if (prev == DB_PTR_NULL) break; ck = db_map_rcd_ck(dcc_emsg, &db_sts.rcd2, prev, type); if (!ck) { DB_ERROR_MSG(dcc_emsg); return 0; } /* if the previous total was small, * then we must flood the new report */ total = DB_TGTS_CK(ck); if (total < REFLOOD_THRESHOLD*4) { *pflod = 1; return 1; } /* The old total is large. * If this found old report is not very old and good, * we will flood it and so the newest needed not be flooded * and can be marked obsolete. */ if (!DB_CK_OBS(ck) && dcc_ts_newer_ts(&db_sts.rcd2.d.r->ts, &past)) return 1; } /* flood this one if we can't find a recent preceding report */ *pflod = 1; return 1; } /* Add a record and deal with delaying its flooding. * We will delay flooding it if its totals are not interesting. * db_sts.sumrcd points to the new record on exit * Use db_sts.rcd, db_sts.hash, db_sts.rcd2, db_sts.free, db_sts.tmp * the database must be locked */ u_char /* 1=ok, delayed or not, 0=failure */ add_dly_rcd(DB_RCD *new_rcd, u_char flod_in) { DB_PTR rcd_pos; int num_cks; DB_RCD_CK *new_ck; DCC_CK_TYPES type; DCC_TGTS rpt_tgts, ck_tgts; u_char flod_out; /* 0=flooded in but not worth flooding out */ u_char useful = 0; /* 1=worth delaying */ u_char summarize = 0; /* put the record in the database */ rcd_pos = db_add_rcd(dcc_emsg, new_rcd); if (rcd_pos == DB_PTR_NULL) { DB_ERROR_MSG(dcc_emsg); return 0; } if (!db_map_rcd(dcc_emsg, &db_sts.sumrcd, rcd_pos, 0)) { DB_ERROR_MSG(dcc_emsg); return 0; } /* delete requests should not be delayed */ rpt_tgts = DB_TGTS_RCD_RAW(db_sts.sumrcd.d.r); if (rpt_tgts == DCC_TGTS_DEL) return 1; /* we always consider flooding our own reports * and the greylist thresholds are zilch */ flod_out = !flod_in || grey_on; for (num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r), new_ck = db_sts.sumrcd.d.r->cks; num_cks > 0; ++new_ck, --num_cks) { /* ingore already obsolete reports of spam */ if (DB_CK_OBS(new_ck)) continue; /* ignore checksums we won't keep and so won't be flooded */ type = DB_CK_TYPE(new_ck); if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type)) continue; /* Server-ID declarations cannot be summarized and should * not be delayed. */ if (type == DCC_CK_SRVR_ID) { flod_out = 1; break; } ck_tgts = DB_TGTS_CK(new_ck); if (ck_tgts == DCC_TGTS_TOO_MANY) { /* This checksum has a total of TOO_MANY and so * either the report has a target count of TOO_MANY * or is a report of a checksum already known to * be spam. Since this report of this checksum * was not marked obsolete as it was linked into the * database, it should not be delayed. */ if (rpt_tgts == DCC_TGTS_TOO_MANY) { /* if the report is of spam, then all of its * individual checksum totals will be * DCC_TGTS_TOO_MANY. The checksums will be * obsolete, not kept, or the same as this. * There will be no reputation checksums. */ return 1; } /* it is worth sending on even if was not ours */ flod_out = 1; continue; } /* This report has some potential value and should be delayed * instead of forgotten */ useful = 1; /* Summarize our records for the checksums in this record * if we just passed the threshold for one checksum. */ if (!summarize && quick_sum_thold(type, rpt_tgts, ck_tgts)) summarize = 1; /* If this is an incoming flooded checksum, * then pass it on if it is novel (has a low total) * or if we have not passed it on recently. */ if (!flod_out && !flod_worth(&flod_out, new_ck, type)) return 0; /* broken database */ } /* Reports that are reports of spam or "trimmed" or "obsolete" * noise should not be summarized or marked to be delayed. * They will be flooded or skipped by the flooder */ if (!useful) return 1; if (!flod_in) { /* Delay and sooner or later summarize our own * reports of non-spam */ db_sts.sumrcd.d.r->fgs_num_cks |= DB_RCD_FG_DELAY; } else if (!flod_out) { /* We are dealing with a report flooded in from another * server that is not (yet?) worth flooding out. * We can't delay it, because we can't delay reports from * other servers, because we cannot summarize them. * Summarizing other servers' reports would allow * loops in the flooding topology to inflate the totals. * So mark it to be expired but not delayed. */ for (num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r), new_ck = db_sts.sumrcd.d.r->cks; num_cks > 0; ++new_ck, --num_cks) { new_ck->type_fgs |= DB_CK_FG_OBS; } } /* If this record pushed us past a threshold for at least one * checksum, then try to generate a summary of our own previously * delayed reports even if this record was not our own. */ if (summarize && !summarize_rcd(0)) return 0; return 1; } /* the database must be locked */ static u_char add_del(const DCC_CK *del_ck) { DB_RCD del_rcd; memset(&del_rcd, 0, sizeof(del_rcd)); get_ts(&del_rcd.ts); DB_TGTS_RCD_SET(&del_rcd, DCC_TGTS_DEL); del_rcd.srvr_id_auth = my_srvr_id; del_rcd.fgs_num_cks = 1; del_rcd.cks[0].type_fgs = del_ck->type; memcpy(del_rcd.cks[0].sum, del_ck->sum, sizeof(del_rcd.cks[0].sum)); if (!db_add_rcd(dcc_emsg, &del_rcd)) { DB_ERROR_MSG2("add delete", dcc_emsg); return 0; } return 1; } static const DCC_CK * start_work(QUEUE *q) { const DCC_CK *ck, *ck_lim; DCC_CK_TYPES type, prev_type; int num_cks; num_cks = q->pkt_len - (sizeof(q->pkt.r) - sizeof(q->pkt.r.cks)); if (num_cks < 0 || num_cks > ISZ(q->pkt.r.cks) || num_cks % sizeof(DCC_CK) != 0) { forget_error(q, "packet length %d wrong for %s", q->pkt_len, from_id_ip(q, 1)); return 0; } num_cks /= sizeof(DCC_CK); /* send previous answer if this is a retransmission */ if (ridc_get(q)) { repeat_resp(q); return 0; } if (db_failed_line) /* be silent while database bad */ return 0; ck = q->pkt.r.cks; ck_lim = &q->pkt.r.cks[num_cks]; /* check each checksum */ for (prev_type = DCC_CK_INVALID; ck < ck_lim; ++ck, prev_type = type) { if (ck->len != sizeof(*ck)) { forget_error(q, "unknown checksum length %d%s", ck->len, from_id_ip(q, 0)); return 0; } /* requiring that the checksums be ordered makes it easy * to check for duplicates and for bogus long packets */ type = ck->type; if (!DCC_CK_OK_DCC_CLNT(grey_on, type)) { forget_error(q, "unknown checksum %s%s", DB_TYPE2STR(type), from_id_ip(q, 0)); return 0; } if (prev_type >= type) { forget_error(q, "out of order %s checksum%s", DB_TYPE2STR(ck->type), from_id_ip(q, 0)); return 0; } } if (db_lock() < 0) { NORESP_EMSG(q); return 0; } return ck_lim; } /* send the response and release q */ static void fin_work(const QUEUE *q, DCC_HDR *answer) { int delay_us; /* send the response */ answer->op = DCC_OP_ANSWER; send_resp(q, answer, 0); /* update the average queue delay, unless it is crazy */ gettimeofday(&db_time, 0); delay_us = tv_diff2us(&db_time, &q->answer); if (delay_us < 0) return; update_q_delay(); q_delays[0].us += delay_us; ++q_delays[0].ops; } /* use only db_sts.hash and db_sts.rcd2 * release q on failure */ static u_char make_answer(QUEUE *q, const DCC_CK *ck_lim, u_char have_rcd, /* db_sts.sumrcd.d.r is new record */ DCC_ANSWER *answer, DCC_TGTS gross_tgts, /* total for this report, maybe MANY */ DCC_TGTS* max_tgts) /* statistics */ { const DCC_CK *ck; DCC_TGTS c_tgts; /* current count with this report */ DCC_TGTS p_tgts; /* count before this report */ DCC_ANSWER_BODY_CKS *b; DCC_CK_TYPES type; const DB_RCD_CK *rcd_ck, *prev_rcd_ck; int num_rcd_cks; DB_PTR prev; *max_tgts = 0; if (have_rcd) { rcd_ck = db_sts.sumrcd.d.r->cks; num_rcd_cks = DB_NUM_CKS(db_sts.sumrcd.d.r); } else { num_rcd_cks = 0; rcd_ck = 0; } b = answer->b; for (ck = q->pkt.r.cks; ck < ck_lim; ++ck) { type = ck->type; if (num_rcd_cks > 0 && type == DB_CK_TYPE(rcd_ck)) { /* try to copy answer from report's new record */ c_tgts = DB_TGTS_CK(rcd_ck); if (c_tgts < DCC_TGTS_TOO_MANY) { p_tgts = c_tgts - gross_tgts; } else if (prev = DB_PTR_EX(rcd_ck->prev), prev == DB_PTR_NULL) { p_tgts = 0; } else { prev_rcd_ck = db_map_rcd_ck(dcc_emsg, &db_sts.rcd2, prev, type); if (!prev_rcd_ck) { DB_ERROR_MSG(dcc_emsg); RIDC_BAD(q); return 0; } p_tgts = DB_TGTS_CK(prev_rcd_ck); } --num_rcd_cks; ++rcd_ck; } else { if (!get_ck_tgts(&p_tgts, 0, 0, type, ck->sum)) { NORESP_EMSG(q); return 0; } if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type)) { /* uninteresting checksums have no value * unless they are whitelisted */ c_tgts = p_tgts; if (p_tgts == 0) p_tgts = DCC_TGTS_INVALID; } else { c_tgts = db_sum_ck(p_tgts, gross_tgts, type); } } b->c = htonl(c_tgts); b->p = htonl(p_tgts); #ifdef DCC_PKT_VERSION5 if (q->pkt.hdr.pkt_vers <= DCC_PKT_VERSION5) b = (DCC_ANSWER_BODY_CKS *)&b->p; else #endif ++b; if (*max_tgts < c_tgts && c_tgts <= DCC_TGTS_OK2) { *max_tgts = c_tgts; /* Complain about failures to whitelist by * trusted clients. The main use of this is * to detect whitelisting failures of IP addresses * such as 127.0.0.1 for reputations, and those * matter only for known clients. */ if ((p_tgts >= DCC_TGTS_OK) && !(q->flags & Q_FG_UNTRUSTED)) TMSG4(WLIST, "%s whitelisted %s %s%s", qop2str(q), DB_TYPE2STR(type), dcc_ck2str_err(type, ck->sum, 0), from_id_ip(q, 0)); } } answer->hdr.len = (sizeof(*answer) - sizeof(answer->b) + ((char *)b - (char *)answer->b)); return 1; } /* release q on failure * the database must be locked */ static u_char do_report(QUEUE *q, DCC_TGTS tgts0, const DCC_CK *ck_lim, DCC_ANSWER *answer, DCC_TGTS *max_tgts) { const DCC_CK *ck; DCC_TGTS tgts; DCC_TGTS gross_tgts; /* DCC_TGTS_TOO_MANY if spam */ DB_PTR rcd_pos; DB_RCD new; DB_RCD_CK *new_ck; DCC_CK_TYPES type; char tgts_buf[DCC_XHDR_MAX_TGTS_LEN]; tgts = tgts0; if (tgts & (DCC_TGTS_SPAM | DCC_TGTS_REP_SPAM)) { tgts &= DCC_TGTS_MASK; if (tgts == 0) tgts = 1; gross_tgts = DCC_TGTS_TOO_MANY; } else if (tgts == DCC_TGTS_TOO_MANY) { tgts = 1; gross_tgts = DCC_TGTS_TOO_MANY; } else if (tgts > DCC_TGTS_RPT_MAX) { forget_error(q, "bogus target count %s%s", dcc_tgts2str(tgts_buf, sizeof(tgts_buf), tgts, grey_on), from_id_ip(q, 0)); return 0; } else { gross_tgts = tgts; } if (gross_tgts < 10) { ; } else if (gross_tgts == DCC_TGTS_TOO_MANY) { ++dccd_stats.reportmany; } else if (gross_tgts > 1000) { ++dccd_stats.report1000; } else if (gross_tgts > 100) { ++dccd_stats.report100; } else if (gross_tgts > 10) { ++dccd_stats.report10; } /* Get ready to add the report to the database, * and as a side effect, find the data to answer the query. * Start by creating the record to add to the database. */ get_ts(&new.ts); new.srvr_id_auth = my_srvr_id; DB_TGTS_RCD_SET(&new, gross_tgts); /* copy checksums to the new record */ new.fgs_num_cks = 0; new_ck = new.cks; for (ck = q->pkt.r.cks; ck < ck_lim; ++ck) { type = ck->type; if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type)) continue; memcpy(new_ck->sum, ck->sum, sizeof(new_ck->sum)); new_ck->type_fgs = type; ++new_ck; ++new.fgs_num_cks; } if (!(q->flags & Q_FG_RPT_OK)) { /* finished if this is a query */ return make_answer(q, ck_lim, 0, answer, gross_tgts, max_tgts); } if (new.fgs_num_cks == 0) { rcd_pos = DB_PTR_NULL; } else { /* Add the record to the database. * That will update the totals for each checksum */ if (!add_dly_rcd(&new, 0)) { NORESP_EMSG(q); return 0; } rcd_pos = db_sts.sumrcd.s.rptr; } /* generate the response, perhaps from the new record */ return make_answer(q, ck_lim, rcd_pos!=DB_PTR_NULL, answer, gross_tgts, max_tgts); } /* process a single real request */ void do_work(QUEUE *q) { const DCC_CK *ck_lim; DCC_ANSWER answer; DCC_TGTS max_tgts, tgts; ck_lim = start_work(q); if (!ck_lim) return; tgts = 0; switch (q->pkt.hdr.op) { case DCC_OP_QUERY: ++dccd_stats.queries; q->flags &= ~Q_FG_RPT_OK; break; case DCC_OP_REPORT: if (!(q->flags & Q_FG_RPT_OK)) { ++dccd_stats.report_reject; clnt_msg(q, "treat %s as query", from_id_ip(q, 1)); ++dccd_stats.queries; } else { tgts = ntohl(q->pkt.r.tgts); ++dccd_stats.reports; } break; case DCC_OP_INVALID: case DCC_OP_NOP: case DCC_OP_ANSWER: case DCC_OP_ADMN: case DCC_OP_OK: case DCC_OP_ERROR: case DCC_OP_DELETE: case DCC_OP_GREY_REPORT: case DCC_OP_GREY_QUERY: case DCC_OP_GREY_SPAM: case DCC_OP_GREY_WHITE: dcc_logbad(EX_SOFTWARE, "impossible queued operation"); break; } if (!do_report(q, tgts, ck_lim, &answer, &max_tgts)) { /* ensure that the clock ticks so rate limits don't stick */ gettimeofday(&db_time, 0); } else { /* notice the size of our answer */ if (max_tgts == DCC_TGTS_OK || max_tgts == DCC_TGTS_OK2) { ++dccd_stats.respwhite; } else if (max_tgts == DCC_TGTS_TOO_MANY) { ++dccd_stats.respmany; } else if (max_tgts > 1000) { ++dccd_stats.resp1000; } else if (max_tgts > 100) { ++dccd_stats.resp100; } else if (max_tgts > 10) { ++dccd_stats.resp10; } fin_work(q, &answer.hdr); } } /* return 0 for a new embargo, * embargo count for an existing embargo, * DCC_TGTS_TOO_MANY no embargo * DCC_TGTS_OK a newly expired embargo * DCC_TGTS_INVALID broken database */ static DCC_TGTS search_grey(const DCC_CK *req_ck3, /* triple checksum */ const DCC_CK *req_ckb, /* body seen with it */ u_char body_known) { DB_RCD_CK *ck3, *ckb; DB_PTR prev3; DCC_TS old_ts; DCC_TGTS result_tgts; int i; /* look for the triple checksum */ switch (db_lookup(dcc_emsg, DCC_CK_GREY3, req_ck3->sum, 0, MAX_HASH_ENTRIES, &db_sts.hash, &db_sts.rcd, &ck3)) { case DB_FOUND_EMPTY: case DB_FOUND_CHAIN: case DB_FOUND_INTRUDER: return 0; case DB_FOUND_IT: /* We found the triple checksum. * If it is marked ok (MANY) or deleted, * then we have our answer */ result_tgts = DB_TGTS_CK(ck3); if (result_tgts == DCC_TGTS_TOO_MANY || result_tgts == 0) return result_tgts; /* Otherwise look for a report of the triple with * the right body checksum that is old enough. */ result_tgts = 0; dcc_timeval2ts(&old_ts, &db_time, -grey_embargo); for (;;) { ckb = db_sts.rcd.d.r->cks; for (i = DB_NUM_CKS(db_sts.rcd.d.r); i > 0; --i, ++ckb) { /* try the next report in the database * if it has the wrong body checksum * * If we are weak on bodies, * act as if all reports of the triple checksums * are with the right body checksum. */ if (!grey_weak_body && req_ckb) { if (DB_CK_TYPE(ckb) != DCC_CK_BODY) continue; if (memcmp(req_ckb->sum, ckb->sum, sizeof(DCC_SUM))) break; } /* We found the right body checksum in * chain of the triple checksum * or we don't care. * * If the report is old enough, then * the embargo is over. */ if (dcc_ts_newer_ts(&old_ts, &db_sts.rcd.d.r->ts)) return DCC_TGTS_OK; /* If it is not old enough, * then we know this is not a new embargo for * this body (i.e. the reported target count * will be >0) and we must keep looking for an * old enough report with the body checksum. */ ++result_tgts; break; } /* If we know the body checksum is not in the database, * then there is no profit in looking at other reports * of the triple checksum to try to find an old enough * report that is with the right body checksum. * We know this is a new embargo. */ if (!body_known) return 0; /* If we reach the end of the chain of the * triple checksum without finding an old * enough report for the right body, * then the embargo is not over. */ prev3 = DB_PTR_EX(ck3->prev); if (prev3 == DB_PTR_NULL) return result_tgts; /* examine the timestamp of the preceding report * of the triple */ ck3 = db_map_rcd_ck(dcc_emsg, &db_sts.rcd, prev3, DCC_CK_GREY3); if (!ck3) return DCC_TGTS_INVALID; } break; case DB_FOUND_LATER: case DB_FOUND_SYSERR: DB_ERROR_MSG(dcc_emsg); return DCC_TGTS_INVALID; } return DCC_TGTS_INVALID; } void do_grey(QUEUE *q) { DCC_OPS op; DB_RCD new; const DCC_CK *req, *req_lim; const DCC_CK *req_ck_ip, *req_ck_triple, *req_ck_msg, *req_ck_body; u_char body_known; DB_RCD_CK *new_ck, *found_ck; DCC_GREY_ANSWER resp; DCC_TGTS tgts; DCC_TGTS ip_tgts; /* existing count for DCC_CK_IP */ DCC_TGTS triple_tgts; /* " count for GREY_TRIPLE */ DCC_TGTS msg_tgts; /* " count for GREY_MSG */ DCC_TGTS eff_msg_tgts; /* effective value: 0=reported to DCC */ DCC_TGTS new_msg_tgts; /* value after this */ DCC_TGTS result_tgts; /* no embargo, ending, whitelist or # */ TMSG1(QUERY, "received %s", op_id_ip(q)); if (!ck_clnt_id(q)) return; if (q->flags & Q_FG_UNTRUSTED) { anon_msg("drop %s", from_id_ip(q, 1)); return; } /* an embargo of 0 seconds means we should only collect names */ op = q->pkt.hdr.op; if (op == DCC_OP_GREY_REPORT && grey_embargo == 0) op = DCC_OP_GREY_WHITE; req_lim = start_work(q); if (!req_lim) return; /* Require * the body checksum, * the checksum of the (body,sender,target), * and the checksum of the (source,sender,target) triple. * Allow other checksums for whitelisting. */ ip_tgts = 0; body_known = grey_weak_body; req_ck_ip = 0; req_ck_body = 0; req_ck_triple = 0; req_ck_msg = 0; msg_tgts = eff_msg_tgts = 0; for (req = q->pkt.r.cks; req < req_lim; ++req) { /* Note our main checksums of the greylist triple and * the message body. Search the database for it later */ if (DCC_CK_IS_GREY_TRIPLE(1, req->type)) { req_ck_triple = req; continue; } if (!DCC_CK_OK_GREY_CLNT(req->type)) continue; /* ignore unknown checksums */ switch (req->type) { case DCC_CK_IP: req_ck_ip = req; break; case DCC_CK_BODY: req_ck_body = req; break; case DCC_CK_GREY_MSG: req_ck_msg = req; break; } /* check for whitelisting and whether this is a new embargo */ switch (db_lookup(dcc_emsg, req->type, req->sum, 0, MAX_HASH_ENTRIES, &db_sts.hash, &db_sts.rcd, &found_ck)) { case DB_FOUND_LATER: case DB_FOUND_SYSERR: DB_ERROR_MSG(dcc_emsg); RIDC_BAD(q); return; case DB_FOUND_IT: /* ignore deleted checksums */ tgts = DB_TGTS_CK(found_ck); if (tgts == 0) continue; /* honor whitelisting */ if (tgts == DCC_TGTS_GREY_WHITE && op != DCC_OP_GREY_WHITE) { op = DCC_OP_GREY_WHITE; ++dccd_stats.respwhite; } switch (req->type) { case DCC_CK_BODY: /* notice if the target body exists at all */ body_known = 1; break; case DCC_CK_GREY_MSG: msg_tgts = tgts; if (msg_tgts != DCC_TGTS_TOO_MANY) { /* this is an old embargo that has * already been reported by the client * to a normal DCC server */ eff_msg_tgts = 1; } break; case DCC_CK_IP: ip_tgts = tgts; break; default: break; } break; case DB_FOUND_EMPTY: case DB_FOUND_CHAIN: case DB_FOUND_INTRUDER: break; } } if (!req_ck_triple) { send_error(q, "missing %s checksum for %s", DB_TYPE2STR(DCC_CK_GREY3), qop2str(q)); return; } if (op == DCC_OP_GREY_REPORT && !grey_weak_body) { if (!req_ck_body) { send_error(q, "missing body checksum for %s", qop2str(q)); return; } if (!req_ck_msg) { send_error(q, "missing %s checksum for %s", DB_TYPE2STR(DCC_CK_GREY_MSG), qop2str(q)); return; } } /* decide if the embargo should end */ triple_tgts = search_grey(req_ck_triple, req_ck_body, body_known); if (triple_tgts == DCC_TGTS_INVALID) { NORESP_EMSG(q); /* broken database */ return; } /* End existing embargo on a newly whitelisted sender so its * messages are logged. * Quietly prevent future embargos of whitelisted senders that have * not been greylisted. * Honor grey_weak_ip whitelisting even after it is turned off */ if (triple_tgts >= DCC_TGTS_TOO_MANY) { result_tgts = triple_tgts; } else if (op == DCC_OP_GREY_WHITE) { result_tgts = eff_msg_tgts ? DCC_TGTS_OK : DCC_TGTS_TOO_MANY; } else if (ip_tgts == DCC_TGTS_TOO_MANY) { result_tgts = DCC_TGTS_TOO_MANY; } else { result_tgts = triple_tgts; } if (op == DCC_OP_GREY_QUERY) { ++dccd_stats.queries; } else if (!(q->flags & Q_FG_RPT_OK)) { ++dccd_stats.report_reject; clnt_msg(q, "treat %s as query", from_id_ip(q, 1)); ++dccd_stats.queries; } else { /* add a report for this message */ ++dccd_stats.reports; new.srvr_id_auth = my_srvr_id; new_ck = new.cks; new.fgs_num_cks = 0; if (result_tgts < DCC_TGTS_TOO_MANY) { if (req_ck_body) { new_ck->type_fgs = DCC_CK_BODY; memcpy(new_ck->sum, req_ck_body->sum, sizeof(new_ck->sum)); ++new.fgs_num_cks; ++new_ck; } new_msg_tgts = 1; DB_TGTS_RCD_SET(&new, 1); } else { /* embargo now ending (DCC_TGTS_TOO_OK) * or no embargo (DCC_TGTS_TOO_MANY) */ if (grey_weak_ip && req_ck_ip) { new_ck->type_fgs = DCC_CK_IP; memcpy(new_ck->sum, req_ck_ip->sum, sizeof(new_ck->sum)); ++new.fgs_num_cks; ++new_ck; } new_msg_tgts = 0; DB_TGTS_RCD_SET(&new, DCC_TGTS_TOO_MANY); } /* Include the GREY_MSG checksum in the database * record for a new embargo. * The message checksum lets an SMTP server report an * embargoed message to the DCC before the embargo is over, * but not report it more than once even if more than one * SMTP client retransmits the message. * * If the GREY_MSG checksum does not exist in the * database, then tell the DCC client the message is new * and should be reported to the DCC server. We must put the * the _GREY_MSG into the database so we will recognize * the message as not new when it is retransmitted. * * If the GREY_MSG checksum exists and is not MANY, * then we may have a retransmission of the message * from another IP address. * We need to tell the DCC client to not report to the * DCC server. The new value for the CK_GREY_MSG checksum * should be whatever we are using for the triple checksum. * * If the existing count for the GREY_MSG checksum is * MANY, and the new value for triple checksum is not MANY, * then we have a new copy of the message and a new embargo. * We have a spammer with multiple senders instead of a * legitimate multihomed SMTP client. We need to tell the * DCC client to report to the DCC server. To remember * that we told the DCC client to report to the DCC server, * we must first delete the existing MANY report of the * GREY_MSG checksum. */ if (eff_msg_tgts != new_msg_tgts && req_ck_msg) { if (msg_tgts == DCC_TGTS_TOO_MANY && !add_del(req_ck_msg)) { NORESP_EMSG(q); return; } new_ck->type_fgs = DCC_CK_GREY_MSG; memcpy(new_ck->sum, req_ck_msg->sum, sizeof(new_ck->sum)); ++new.fgs_num_cks; ++new_ck; } /* Add the triple checksum if we are not whitelisting * by the IP address * or triple checksum is not new. * We do not want to leave any dangling triples in the * database */ if (!(grey_weak_ip && req_ck_ip) || result_tgts != DCC_TGTS_TOO_MANY) { new_ck->type_fgs = DCC_CK_GREY3; memcpy(new_ck->sum, req_ck_triple->sum, sizeof(new_ck->sum)); ++new.fgs_num_cks; } get_ts(&new.ts); if (!db_add_rcd(dcc_emsg, &new)) { DB_ERROR_MSG(dcc_emsg); RIDC_BAD(q); return; } } /* In the result sent to the DCC client, * the triple checksum is preceeded by the message checksum * with a count of 0 if this is a new embargo. * Targets of messages of new embargos should be counted among * total targets in reports sent to DCC servers. After they * have been included in such an early report to a DCC server, * they should never be included again, except for bad reputations. */ resp.msg = htonl(eff_msg_tgts); /* Answer SMTP DATA command greylist operations with the target * count of the triple checksum: * DCC_TGTS_OK if the embargo is just now being removed * DCC_TGTS_TOO_MANY if there is no current embargo * DCC_TGTS_GREY_WHITE if whitelisted. * embargo # otherwise */ resp.triple = htonl(result_tgts); resp.hdr.len = sizeof(resp); fin_work(q, &resp.hdr); } static time_t picky_time(const QUEUE *q) { time_t ts, delta; /* If the request arrived while we were asleep, then the client's * timestamp ought to be smaller than when select() finished and * we think the request arrived. */ ts = ntohl(q->pkt.d.date); delta = ts - q->answer.tv_sec; if (delta <= 0) return delta; /* If the request arrived while we were handling some other request, * then its timestamp can be larger than the select() wake-up time * but should not be in the future. */ delta = ts - db_time.tv_sec; if (delta < 0) delta = 0; return delta; } static u_char /* 0=refuse the bad guy, 1=continue */ picky_admn(const QUEUE *q, u_char any_id, u_char any_time) { time_t delta; if ((q->flags & Q_FG_UNTRUSTED) || (q->clnt_id != my_srvr_id && !any_id)) { forget_error(q, "drop %s", from_id_ip(q, 1)); return 0; } if (any_id && any_time) return 1; /* Demand a current timestamp to guard against replay attacks. * This requires that administrators have clocks close to servers', * and that network and server delays be reasonable. */ delta = picky_time(q); if (delta < -MAX_CMD_CLOCK_SKEW || delta > MAX_CMD_CLOCK_SKEW) { send_error(q, "drop %s; timestamp off by %d seconds", qop2str(q), (int)delta); return 0; } return 1; } /* the database must be locked */ static u_char /* 1=ok, 0=error sent to client */ delete_sub(QUEUE *q, DCC_CK *del_ck, u_char grey_spam) { DB_RCD_CK *rcd_ck; char buf[80]; DB_PTR prev; DCC_TGTS tgts; buf[0] = '\0'; switch (db_lookup(dcc_emsg, del_ck->type, del_ck->sum, 0, MAX_HASH_ENTRIES, &db_sts.hash, &db_sts.rcd, &rcd_ck)) { case DB_FOUND_EMPTY: case DB_FOUND_CHAIN: case DB_FOUND_INTRUDER: /* finished if we have not greylisted the spammer */ if (grey_spam) return 1; /* ordinary deletions need a delete request added * to the database and flooded */ snprintf(buf, sizeof(buf), "\"%s %s\" not found to delete", DB_TYPE2STR(del_ck->type), dcc_ck2str_err(del_ck->type, del_ck->sum, 0)); if (del_ck->type == DCC_CK_SRVR_ID) { send_error(q, "%s", buf); return 0; } break; case DB_FOUND_IT: tgts = DB_TGTS_CK(rcd_ck); /* handle an ordinary delete request */ if (!grey_spam) { if (tgts == 0) snprintf(buf, sizeof(buf), "%s %s already deleted", DB_TYPE2STR(del_ck->type), dcc_ck2str_err(del_ck->type, del_ck->sum, 0)); break; } /* We are deleting a greylist checksum. * If we are deleting very new greylist records, * we can cheat and avoid adding to the database * by scribbling over the records. * If there is an older record that might have been flooded, * we must add a delete request to the database * that will itself be flooded. */ for (;;) { /* finished if the target has already been deleted */ if (tgts == 0) return 1; if (db_sts.rcd.s.rptr < oflods_max_cur_pos || oflods_max_cur_pos == 0) { /* We need to add a delete request, because * the record might have been flooded */ break; } prev = DB_PTR_EX(rcd_ck->prev); /* try to delete the entire greylist entry * starting with the target triple checksum */ do { /* only if the embargo is not over */ if (DB_TGTS_CK(rcd_ck) >= DCC_TGTS_TOO_MANY) goto need_rcd; DB_TGTS_CK_SET(rcd_ck, 0); } while (--rcd_ck >= db_sts.rcd.d.r->cks); DB_TGTS_RCD_SET(db_sts.rcd.d.r, 0); SET_FLUSH_RCD_HDR(&db_sts.rcd, 1); /* stop after the last record */ if (prev == DB_PTR_NULL) return 1; rcd_ck = db_map_rcd_ck(dcc_emsg, &db_sts.rcd, prev, del_ck->type); if (!rcd_ck) { NORESP_EMSG(q); return 0; } tgts = DB_TGTS_CK(rcd_ck); } need_rcd:; break; case DB_FOUND_LATER: case DB_FOUND_SYSERR: DB_ERROR_MSG(dcc_emsg); RIDC_BAD(q); return 0; } /* Add the delete request to the database even if the * checksum seems deleted or absent so that we will * flood the delete request. This is required to ensure that * records get deleted when they are created at one DCC server * and deleted at another. */ if (!add_del(del_ck)) BUFCPY(buf, dcc_emsg); if (buf[0] != '\0') { send_error(q, "%s", buf); return 0; } TMSG3(ADMN, "deleted %s %s%s", DB_TYPE2STR(del_ck->type), dcc_ck2str_err(del_ck->type, del_ck->sum, 0), from_id_ip(q, 0)); return 1; } void do_delete(QUEUE *q) { if (!ck_clnt_srvr_id(q)) return; if (!picky_admn(q, 0, 0)) return; /* if we've already answered, then just repeat ourselves */ if (ridc_get(q)) { repeat_resp(q); return; } dcc_error_msg("received %s", op_id_ip(q)); ++dccd_stats.admin; if (q->pkt_len != sizeof(q->pkt.d)) { send_error(q, "wrong packet length %d for %s", q->pkt_len, qop2str(q)); return; } if (q->pkt.d.ck.len != sizeof(q->pkt.d.ck)) { send_error(q, "unknown checksum length %d", q->pkt.d.ck.len); return; } if (!DCC_CK_OK_DB(grey_on, q->pkt.d.ck.type)) { send_error(q, "unknown checkksum type %d", q->pkt.d.ck.type); return; } if (db_lock() < 0) { NORESP_EMSG(q); return; } if (delete_sub(q, &q->pkt.d.ck, 0)) { /* We need to clean the database after a deletion * to correct the totals of other checksums. * Don't bother for reputations or server-ID declarations. */ if (!DCC_CK_IS_REP_CMN(grey_on, q->pkt.d.ck.type) && q->pkt.d.ck.type != DCC_CK_SRVR_ID) need_del_dbclean = "checksum deleted"; send_ok(q); } } /* restore the embargo against a sender of spam */ void do_grey_spam(QUEUE *q) { TMSG1(QUERY, "received %s", op_id_ip(q)); if (!ck_clnt_id(q)) return; if (q->flags & Q_FG_UNTRUSTED) { anon_msg("drop %s", from_id_ip(q, 1)); return; } /* require the checksum of the (source,sender,target) triple */ if (q->pkt_len != sizeof(q->pkt.gs)) { send_error(q, "wrong packet length %d for %s", q->pkt_len, qop2str(q)); return; } if (q->pkt.gs.triple.type != DCC_CK_GREY3) { send_error(q, "%s instead of %s for %s", DB_TYPE2STR(q->pkt.gs.msg.type), DB_TYPE2STR(DCC_CK_GREY3), qop2str(q)); return; } if (q->pkt.gs.triple.len != sizeof(q->pkt.gs.triple)) { send_error(q, "unknown triple checksum length %d", q->pkt.gs.ip.len); return; } if (q->pkt.gs.msg.type != DCC_CK_GREY_MSG) { send_error(q, "%s instead of %s for %s", DB_TYPE2STR(q->pkt.gs.msg.type), DB_TYPE2STR(DCC_CK_GREY_MSG), qop2str(q)); return; } if (q->pkt.gs.msg.len != sizeof(q->pkt.gs.msg)) { send_error(q, "unknown msg checksum length %d", q->pkt.gs.ip.len); return; } if (q->pkt.gs.ip.type != DCC_CK_IP) { send_error(q, "%s instead of %s for %s", DB_TYPE2STR(q->pkt.gs.msg.type), DB_TYPE2STR(DCC_CK_IP), qop2str(q)); return; } if (q->pkt.gs.ip.len != sizeof(q->pkt.gs.ip)) { send_error(q, "unknown IP checksum length %d", q->pkt.gs.ip.len); return; } if (db_lock() < 0) { NORESP_EMSG(q); return; } if (delete_sub(q, &q->pkt.gs.ip, 1) && delete_sub(q, &q->pkt.gs.triple, 1) && delete_sub(q, &q->pkt.gs.msg, 1)) send_ok(q); } static void do_flod(QUEUE *q) { DCC_ADMN_RESP check; int print_len; u_int32_t val, arg; DCC_AOP_FLODS fop; FLOD_MMAP *mp; OFLOD_INFO *ofp; u_char loaded, found_it; val = ntohl(q->pkt.ad.val1); fop = val % 256; arg = val / 256; if (fop != DCC_AOP_FLOD_LIST) { if (!picky_admn(q, fop == DCC_AOP_FLOD_STATS, 0)) return; } switch (fop) { case DCC_AOP_FLOD_CHECK: /* `cdcc "flood check"` forces occasional defenses of * our server-ID */ if (host_id_next > db_time.tv_sec + 60) host_id_next = db_time.tv_sec; next_flods_ck = 0; if (0 >= check_load_ids(0)) { dcc_error_msg("%s", dcc_emsg); send_error(q, "%s", dcc_emsg); return; } flod_stats_printf(check.val.string, sizeof(check.val.string), (!FLODS_OK() || flods_st == FLODS_ST_OFF) ? 0 : (flods_st != FLODS_ST_ON) ? 1 : 2, oflods.total, oflods.open, iflods.open); check.hdr.len = (strlen(check.val.string) + sizeof(check)-sizeof(check.val)); check.hdr.op = DCC_OP_ADMN; send_resp(q, &check.hdr, 0); flods_ck(1); check_blacklist_file(); return; case DCC_AOP_FLOD_SHUTDOWN: if (ridc_get(q)) { repeat_resp(q); return; } ++flods_off; flods_stop("shutdown flooding", 0); send_ok(q); return; case DCC_AOP_FLOD_HALT: if (ridc_get(q)) { repeat_resp(q); return; } ++flods_off; flods_stop("stop flooding", 1); send_ok(q); return; case DCC_AOP_FLOD_RESUME: if (ridc_get(q)) { repeat_resp(q); return; } if (0 >= check_load_ids(0)) { dcc_error_msg("%s", dcc_emsg); send_error(q, "%s", dcc_emsg); return; } if (flods_off) { flods_off = 0; flods_restart("resume flooding", 0); } send_ok(q); flods_ck(0); return; case DCC_AOP_FLOD_REWIND: if (ridc_get(q)) { repeat_resp(q); return; } if (flod_mmaps) { loaded = 0; } else if (!load_flod(0)) { send_error(q, "too busy to rewind floods"); return; } else { loaded = 1; } found_it = (arg == DCC_ID_INVALID); for (mp = flod_mmaps->mmaps; mp <= LAST(flod_mmaps->mmaps); ++mp) { if (arg == DCC_ID_INVALID || mp->rem_id == arg) { mp->flags |= FLODMAP_FG_NEED_REWIND; mp->flags &= ~FLODMAP_FG_FFWD_IN; dcc_trace_msg("rewind flood from server-ID %d", arg); found_it = 1; } } if (!found_it) { send_error(q, "unknown server-ID %d for %s", arg, qop2str(q)); } else { send_ok(q); flods_ck(0); } if (loaded) oflods_clear(); return; case DCC_AOP_FLOD_LIST: loaded = !flod_mmaps && load_flod(0); if (flod_mmaps) { print_len = flods_list(check.val.string, sizeof(check.val.string), (q->flags & Q_FG_UNTRUSTED)!=0); } else { /* it is not an error if map is locked, because * dbclean uses this operation to see if we are * listening */ print_len = snprintf(check.val.string, ISZ(check.val.string), "too busy to list floods"); if (print_len > ISZ(check.val.string)) print_len = ISZ(check.val.string); } check.hdr.len = (print_len + sizeof(check)-sizeof(check.val)); check.hdr.op = DCC_OP_ADMN; send_resp(q, &check.hdr, 0); if (loaded) oflods_clear(); return; case DCC_AOP_FLOD_STATS: case DCC_AOP_FLOD_STATS_CLEAR: print_len = flod_stats(check.val.string, sizeof(check.val.string), arg, fop == DCC_AOP_FLOD_STATS_CLEAR); if (print_len < 0) { send_error(q, "too busy to find flood stats"); return; } check.hdr.len = print_len + sizeof(check)-sizeof(check.val); check.hdr.op = DCC_OP_ADMN; send_resp(q, &check.hdr, 0); flods_ck(0); return; case DCC_AOP_FLOD_FFWD_IN: case DCC_AOP_FLOD_FFWD_OUT: if (ridc_get(q)) { repeat_resp(q); return; } if (flod_mmaps) { loaded = 0; } else if (!load_flod(0)) { send_error(q, "too busy to fast-forward floods"); return; } else { loaded = 1; } ofp = oflods.infos; for (;;) { mp = ofp->mp; if (mp->rem_id == arg) { /* found the target */ if (fop == DCC_AOP_FLOD_FFWD_OUT) { ofp->cur_pos = db_csize; if (ofp->soc < 0) mp->confirm_pos = db_csize; dcc_trace_msg("fast forward flood to" " server-ID %d", arg); } else { mp->flags |= FLODMAP_FG_FFWD_IN; mp->flags &= ~FLODMAP_FG_NEED_REWIND; } send_ok(q); if (!loaded) flods_ck(0); break; } if (++ofp > LAST(oflods.infos)) { send_error(q, "unknown server-ID %d for %s", arg, qop2str(q)); break; } } if (loaded) oflods_clear(); return; } send_error(q, "unrecognized %s value %d", qop2str(q), fop); } void stats_clear(void) { OFLOD_INFO *ofp; memset(&dccd_stats, 0, sizeof(dccd_stats)); for (ofp = oflods.infos; ofp <= LAST(oflods.infos); ++ofp) { if (ofp->rem_hostname[0] == '\0') continue; /* The counts reported to `cdcc stats` are sums * of the dccd_stats and ofp->cnts values. Bias * the dccd_stats values by the current ofp->cnts values * so the reported counts will be zero. When the flooding * connection is closed, the ofp->cnts values will be added * to the dccd_stats values. */ dccd_stats.iflod_total -= ofp->cnts.total; dccd_stats.iflod_accepted -= ofp->cnts.accepted; dccd_stats.iflod_stale -= ofp->lc.stale.cur; dccd_stats.iflod_dup -= ofp->lc.dup.cur; dccd_stats.iflod_wlist -= ofp->lc.wlist.cur; dccd_stats.iflod_not_deleted -= ofp->lc.not_deleted.cur; } q_delays_start = 0; memset(&db_stats, 0, sizeof(db_stats)); dccd_stats.reset = db_time; } static u_char /* 1=sent 0=something wrong */ stats_send(QUEUE *q) { DCC_ADMN_RESP stats; char tbuf[80]; OFLOD_INFO *ofp; IFLOD_INFO *ifp; int oflods_connecting, iflods_connecting; SCNTR iflod_total, iflod_accepted, iflod_stale; SCNTR iflod_dup, iflod_wlist, iflod_not_deleted; char flod_buf[60]; char clients_reset[40], reset_buf[36], now_buf[20]; int clients; int age; const char *client_ovf; int blen, plen, len; tbuf[0] = '\0'; if (dccd_tracemask & DCC_TRACE_ADMN_BIT) strcat(tbuf, "ADMN "); if (dccd_tracemask & DCC_TRACE_ANON_BIT) strcat(tbuf, "ANON "); if (dccd_tracemask & DCC_TRACE_CLNT_BIT) strcat(tbuf, "CLNT "); if (dccd_tracemask & DCC_TRACE_RLIM_BIT) strcat(tbuf, "RLIM "); if (dccd_tracemask & DCC_TRACE_QUERY_BIT) strcat(tbuf, "QUERY "); if (dccd_tracemask & DCC_TRACE_RIDC_BIT) strcat(tbuf, "RIDC "); if (dccd_tracemask & DCC_TRACE_FLOD_BIT) strcat(tbuf, "FLOOD "); if (dccd_tracemask & DCC_TRACE_FLOD2_BIT) strcat(tbuf, "FLOOD2 "); if (dccd_tracemask & DCC_TRACE_IDS_BIT) strcat(tbuf, "IDS "); if (dccd_tracemask & DCC_TRACE_BL_BIT) strcat(tbuf, "BL "); if (dccd_tracemask & DCC_TRACE_DB_BIT) strcat(tbuf, "DB "); if (dccd_tracemask & DCC_TRACE_WLIST_BIT) strcat(tbuf, "WLIST "); clients = clients_get(0, 0, 0, 0, 0, 0, 0); if (clients >= 0) { client_ovf = ""; } else { client_ovf = ">"; clients = -clients; } age = db_time.tv_sec - clients_cleared; if (age <= 24*60*60) { dcc_time2str(clients_reset, sizeof(clients_reset), "since %X", clients_cleared); } else if (age <= 3*24*60*60) { snprintf(clients_reset, sizeof(clients_reset), "in %d hours", (age + 60*60/2) / (60*60)); } else { snprintf(clients_reset, sizeof(clients_reset), "in %d days", (age + 24*60*60/2) / (24*60*60)); } oflods_connecting = 0; iflod_total = dccd_stats.iflod_total; iflod_accepted = dccd_stats.iflod_accepted; iflod_stale = dccd_stats.iflod_stale; iflod_dup = dccd_stats.iflod_dup; iflod_wlist = dccd_stats.iflod_wlist; iflod_not_deleted = dccd_stats.iflod_not_deleted; for (ofp = oflods.infos; ofp <= LAST(oflods.infos); ++ofp) { if (ofp->soc >= 0 && !(ofp->flags & OFLOD_FG_CONNECTED)) ++oflods_connecting; iflod_total += ofp->cnts.total; iflod_accepted += ofp->cnts.accepted; iflod_stale += ofp->lc.stale.cur; iflod_dup += ofp->lc.dup.cur; iflod_wlist += ofp->lc.wlist.cur; iflod_not_deleted += ofp->lc.not_deleted.cur; } iflods_connecting = 0; for (ifp = iflods.infos; ifp <= LAST(iflods.infos); ++ifp) { if (ifp->soc >= 0 && !(ifp->flags & IFLOD_FG_VERS_CK)) ++iflods_connecting; } dcc_time2str(reset_buf, sizeof(reset_buf),"%b %d %X", dccd_stats.reset.tv_sec); dcc_time2str(now_buf, sizeof(now_buf), "%b %d %X %Z", db_time.tv_sec); blen = min(sizeof(stats.val.string), ntohl(q->pkt.ad.val1)); plen = snprintf(stats.val.string, blen, " version "DCC_VERSION" %s%s%stracing %s\n" "%7d hash entries %6d used "L_DWPAT(9)" DB bytes\n" "%5d ms delay "L_DPAT" NOPs "L_DPAT"" " ADMN "L_DPAT" query %s%d clients %s\n", db_minimum_map ? "DB UNLOCKED " : "", query_only ? "Q-mode " : "", grey_on ? "greylist " : "", tbuf[0] ? tbuf : "nothing", HADDR2LEN(db_hash_len), HADDR2LEN(db_hash_used), db_csize, avg_q_delay_ms(q), dccd_stats.nops, dccd_stats.admin, dccd_stats.queries, client_ovf, clients, clients_reset); if (plen >= blen) plen = blen-1; blen -= plen; if (grey_on) { len = snprintf(&stats.val.string[plen], blen, L_DWPAT(7)" reports "L_DWPAT(2)" whitelisted\n", dccd_stats.reports, dccd_stats.respwhite); } else { len = snprintf(&stats.val.string[plen], blen, L_DWPAT(8)" reports " L_DWPAT(7)">10 " L_DWPAT(7)">100 " L_DWPAT(7)">1000 " L_DWPAT(7)" many\n" " answers "L_DWPAT(7)">10 " L_DWPAT(7)">100 " L_DWPAT(7)">1000 " L_DWPAT(7)" many\n", dccd_stats.reports, (dccd_stats.report10 + dccd_stats.report100 + dccd_stats.report1000 + dccd_stats.reportmany), (dccd_stats.report100 + dccd_stats.report1000 + dccd_stats.reportmany), dccd_stats.report1000 + dccd_stats.reportmany, dccd_stats.reportmany, (dccd_stats.resp10 + dccd_stats.resp100 + dccd_stats.resp1000 + dccd_stats.respmany), dccd_stats.resp100 + dccd_stats.resp1000 + dccd_stats.respmany, dccd_stats.resp1000 + dccd_stats.respmany, dccd_stats.respmany); } if (len >= blen) len = blen-1; blen -= len; plen += len; len = snprintf(&stats.val.string[plen], blen, L_DWPAT(8)" bad op " L_DWPAT(4)" passwd " L_DWPAT(6)" blist " L_DWPAT(4)" reject " L_DWPAT(6)" retrans\n", dccd_stats.bad_op, dccd_stats.bad_passwd, dccd_stats.blist, dccd_stats.send_error, dccd_stats.report_retrans); if (len >= blen) len = blen-1; blen -= len; plen += len; if (!grey_on) { len = snprintf(&stats.val.string[plen], blen, L_DWPAT(8)" answers rate-limited " L_DWPAT(4)" anon " L_DWPAT(5)" reports rejected\n", dccd_stats.rl, dccd_stats.anon_rl, dccd_stats.report_reject); if (len >= blen) len = blen-1; blen -= len; plen += len; } len = snprintf(&stats.val.string[plen], blen, " %s " L_DWPAT(8)" total flooded in\n" L_DWPAT(8)" accepted " L_DWPAT(6)" stale " L_DWPAT(8)" dup " L_DWPAT(5)" white " L_DPAT" delete\n" L_DWPAT(8)" reports added between %s and %s", flod_stats_printf(flod_buf, sizeof(flod_buf), (db_minimum_map || flods_st == FLODS_ST_OFF) ? 0 : (flods_st != FLODS_ST_ON) ? 1 : 2, oflods.total, oflods.open - oflods_connecting, iflods.open - iflods_connecting), iflod_total, iflod_accepted, iflod_stale, iflod_dup, iflod_wlist, iflod_not_deleted, dccd_stats.adds+db_stats.adds, reset_buf, now_buf); if (len >= blen) len = blen-1; blen -= len; plen += len; stats.hdr.len = plen + sizeof(stats)-sizeof(stats.val); stats.hdr.op = DCC_OP_ADMN; send_resp(q, &stats.hdr, 0); return 1; } void timestamp_send(const QUEUE *q) { time_t delta; DCC_ADMN_RESP msg; int blen, plen; delta = picky_time(q); blen = min(sizeof(msg.val.string), ntohl(q->pkt.ad.val1)); if (delta < -MAX_CMD_CLOCK_SKEW || delta > MAX_CMD_CLOCK_SKEW) { if (delta < -MAX_FLOD_CLOCK_SKEW || delta > MAX_FLOD_CLOCK_SKEW) { plen = snprintf(msg.val.string, blen, " clocks differ by about %d seconds" "\n which is more than the" " maximum allowed for flooding, %d", (int)delta, MAX_FLOD_CLOCK_SKEW); } else { plen = snprintf(msg.val.string, blen, " clocks differ by about %d seconds" "\n which is more than the" " maximum allowed for commands, %d", (int)delta, MAX_CMD_CLOCK_SKEW); } } else { plen = snprintf(msg.val.string, blen, " clocks differ by about %d seconds", (int)delta); } msg.hdr.len = plen + sizeof(msg)-sizeof(msg.val); msg.hdr.op = DCC_OP_ADMN; send_resp(q, &msg.hdr, 0); } void do_nop(QUEUE *q) { /* respond immediately to even anonymous NOPs so that clients * that are confused about passwords and whether they are anonymous * do not retransmit unnecessarily */ TMSG1(ADMN, "received %s", op_id_ip(q)); ++dccd_stats.nops; if (!ck_clnt_srvr_id(q)) { ++q->rl->d.nops; return; } ++q->rl->d.nops; send_ok(q); } /* deal with an adminstative request */ void do_admn(QUEUE *q) { u_int32_t val1; DCC_ADMN_RESP resp; int len, offset; u_int32_t adelay_ms; struct in6_addr addr6, mask6; const struct in6_addr *addr6p, *mask6p; val1 = ntohl(q->pkt.ad.val1); TMSG3(ADMN, "received val2=%#x val3=%#x in %s", q->pkt.ad.val2, q->pkt.ad.val3, op_id_ip(q)); ++dccd_stats.admin; if (!ck_clnt_srvr_id(q)) return; if (q->pkt_len != DCC_ADMN_REQ_MIN_SIZE && (q->pkt_len != (DCC_ADMN_REQ_MIN_SIZE + sizeof(DCC_AOP_CLIENTS_CIDR)) || (q->pkt.ad.aop != DCC_AOP_CLIENTS && q->pkt.ad.aop != DCC_AOP_CLIENTS_ID))) { send_error(q, "%s size = %d", qop2str(q), q->pkt_len); return; } switch ((DCC_AOPS)q->pkt.ad.aop) { case DCC_AOP_STOP: /* stop gracefully */ if (!picky_admn(q, 0, 0)) return; if (ridc_get(q)) { repeat_resp(q); return; } if (!stopint) { stopint = -1; next_flods_ck = 0; } send_ok(q); /* fsync() or let the database be wrong if asked */ if (val1 != 0) stop_mode = val1; return; case DCC_AOP_DB_UNLOAD: if (!picky_admn(q, 0, 0)) return; /* repeat previous answer to repeated question */ if (ridc_get(q)) { repeat_resp(q); return; } /* unlike dbclean, dblist starts looking at the data * immediately, so we cannot answer before flushing */ if (val1 == 0) { dcc_trace_msg("database flush started"); rel_db_states(); db_minimum_map = 1; db_unload(0, 0); dcc_trace_msg("database flushed; buffering off"); } else { db_minimum_map = 0; dcc_trace_msg("database buffering on"); } send_ok(q); return; case DCC_AOP_FLOD: /* control flooding */ do_flod(q); return; case DCC_AOP_DB_CLEAN: /* start switch to new database */ if (!picky_admn(q, 0, 0)) return; /* repeat previous answer to repeated question */ if (ridc_get(q)) { repeat_resp(q); return; } if (!flods_off || oflods.total != 0) { send_error(q, "flooding not stopped before %s", qop2str(q)); return; } send_ok(q); /* asnwer now before we stall */ dcc_trace_msg("database cleaning begun"); next_flods_ck = 0; /* don't start our own cleaning */ del_dbclean_next = db_time.tv_sec + DEL_DBCLEAN_SECS; dbclean_limit = db_time.tv_sec + dbclean_limit_secs; /* Dbclean expects us to remove its separate hold on flooding * so that it will not need to talk to us after telling us * to close the old database. This because we might stall * on some systems with lame mmap() support including BSD/OS, * for minutes in close(). * It might be nice to be able to turn off flooding before * dbclean is run and have it remain off when dbclean * finishes. However, the need for that that is very rare * and there are mysterious cases where flooding gets * turned off by dbclean and never restored. */ flods_off = 0; /* release and unmap buffers, possibly stalling */ db_minimum_map = 1; rel_db_states(); db_unload(0, 0); return; case DCC_AOP_DB_NEW: /* finish switch to new database */ if (!picky_admn(q, 0, 0)) return; if (ridc_get(q)) { repeat_resp(q); return; } if (!db_minimum_map) { send_error(q, "%s received before %s", qop2str(q), dcc_aop2str(0, 0, DCC_AOP_DB_CLEAN, 0)); return; } /* send "ok" now because we may stall waiting to reopen */ send_ok(q); db_close(1); dccd_stats.adds += db_stats.adds; if (!dccd_db_open(DB_OPEN_LOCK_WAIT)) dcc_logbad(dcc_ex_code, "could not restart database %s: %s", db_nm, dcc_emsg); dcc_trace_msg(DCC_VERSION" database %s reopened with %s", db_nm, db_window_size_str); flods_off = 0; flods_restart("database reopened", 0); next_flods_ck = 0; /* possibly reap dbclean child */ if (0 >= check_load_ids(2)) dcc_error_msg("%s", dcc_emsg); return; case DCC_AOP_STATS: /* return counters */ /* we cannot just repeat ourselves for retransmissions, * because the answer is too big to save */ stats_send(q); return; case DCC_AOP_STATS_CLEAR: /* return and then zero counters */ if (!picky_admn(q, 0, 0)) return; /* we cannot just repeat ourselves for retransmissions, * because the answer is too big to save */ if (stats_send(q)) { clients_clear(); stats_clear(); } return; case DCC_AOP_TRACE_ON: case DCC_AOP_TRACE_OFF: if (!picky_admn(q, 0, 0)) return; /* it is idempotent, but suppress duplicate trace messages */ if (ridc_get(q)) { repeat_resp(q); return; } /* log trace changes even when tracing is off */ if (!(DCC_TRACE_ADMN_BIT & dccd_tracemask)) dcc_trace_msg("received %s", op_id_ip(q)); if ((val1 & ~DCC_TRACE_BITS) != 0 || val1 == 0) { send_error(q, "invalid trace bits %#x", val1); return; } if (q->pkt.ad.aop == DCC_AOP_TRACE_OFF) { dccd_tracemask &= ~val1; } else { dccd_tracemask |= val1; /* do not suppress the next duplicated flood message */ if (val1 & DCC_TRACE_FLOD_BIT) flod_trace_gen = db_time.tv_sec; } send_ok(q); return; case DCC_AOP_CLIENTS: case DCC_AOP_CLIENTS_ID: if (!picky_admn(q, 1, 1)) return; /* we cannot just repeat ourselves for retransmissions, * because the answer is too big to save */ offset = (val1 >> 16) + (((u_int)q->pkt.ad.val4) << 16); val1 &= 0xffff; len = q->pkt.ad.val2; if (q->pkt_len == (DCC_ADMN_REQ_MIN_SIZE + sizeof(DCC_AOP_CLIENTS_CIDR))) { memcpy(&addr6, &q->pkt.ad.val5[0], sizeof(addr6)); dcc_bits2mask(&mask6, q->pkt.ad.val5[sizeof(addr6)]); addr6p = &addr6; mask6p = &mask6; } else { mask6p = 0; addr6p = 0; } if (q->pkt.ad.aop == DCC_AOP_CLIENTS) clients_get(&resp.val, &len, offset, val1, q->pkt.ad.val3, addr6p, mask6p); else clients_get_id(&resp.val, &len, offset, val1, q->pkt.ad.val3, addr6p, mask6p); resp.hdr.len = len + sizeof(resp)-sizeof(resp.val); resp.hdr.op = DCC_OP_ADMN; send_resp(q, &resp.hdr, 0); return; case DCC_AOP_ANON_DELAY: /* get and set the anonymous client delay * * repeat answer to identical question */ if (ridc_get(q)) { repeat_resp(q); return; } if (anon_off) adelay_ms = DCC_ANON_DELAY_FOREVER; else adelay_ms = anon_delay_us/1000; resp.val.anon_delay.delay[0] = adelay_ms>>8; resp.val.anon_delay.delay[1] = adelay_ms; if (anon_delay_inflate == DCC_ANON_INFLATE_OFF) { resp.val.anon_delay.inflate[0] = 0; resp.val.anon_delay.inflate[1] = 0; resp.val.anon_delay.inflate[2] = 0; resp.val.anon_delay.inflate[3] = 0; } else { resp.val.anon_delay.inflate[0] = anon_delay_inflate>>24; resp.val.anon_delay.inflate[1] = anon_delay_inflate>>16; resp.val.anon_delay.inflate[2] = anon_delay_inflate>>8; resp.val.anon_delay.inflate[3] = anon_delay_inflate; } adelay_ms = (q->pkt.ad.val2<<8) + q->pkt.ad.val3; if (adelay_ms != DCC_NO_ANON_DELAY && picky_admn(q, 0, 0)) { if (adelay_ms == DCC_ANON_DELAY_FOREVER) { anon_off = 1; } else { anon_off = 0; if (adelay_ms > DCC_ANON_DELAY_MAX/1000) adelay_ms = DCC_ANON_DELAY_MAX/1000; anon_delay_us = adelay_ms*1000; if (val1 == 0) val1 = DCC_ANON_INFLATE_OFF; anon_delay_inflate = val1; } } resp.hdr.len = (sizeof(resp)-sizeof(resp.val) + sizeof(resp.val.anon_delay)); resp.hdr.op = DCC_OP_ADMN; send_resp(q, &resp.hdr, 0); return; case DCC_AOP_CLOCK_CHECK: timestamp_send(q); return; case DCC_AOP_OK: case DCC_AOP_unused1: default: break; } send_error(q, "invalid %s", qop2str(q)); }