/*

 * services/outside_network.c - implement sending of queries and wait answer.

 *

 * Copyright (c) 2007, NLnet Labs. All rights reserved.

 *

 * This software is open source.

 * 

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 

 * Redistributions of source code must retain the above copyright notice,

 * this list of conditions and the following disclaimer.

 * 

 * Redistributions in binary form must reproduce the above copyright notice,

 * this list of conditions and the following disclaimer in the documentation

 * and/or other materials provided with the distribution.

 * 

 * Neither the name of the NLNET LABS nor the names of its contributors may

 * be used to endorse or promote products derived from this software without

 * specific prior written permission.

 * 

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED

 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

/**

 * \file

 *

 * This file has functions to send queries to authoritative servers and

 * wait for the pending answer events.

 */

#include "config.h"

#include <ctype.h>

#ifdef HAVE_SYS_TYPES_H

#  include <sys/types.h>

#endif

#include <sys/time.h>

#include "services/outside_network.h"

#include "services/listen_dnsport.h"

#include "services/cache/infra.h"

#include "iterator/iterator.h"

#include "util/data/msgparse.h"

#include "util/data/msgreply.h"

#include "util/data/msgencode.h"

#include "util/data/dname.h"

#include "util/netevent.h"

#include "util/log.h"

#include "util/net_help.h"

#include "util/random.h"

#include "util/fptr_wlist.h"

#include "util/edns.h"

#include "sldns/sbuffer.h"

#include "dnstap/dnstap.h"

#ifdef HAVE_OPENSSL_SSL_H

#include <openssl/ssl.h>

#endif

#ifdef HAVE_X509_VERIFY_PARAM_SET1_HOST

#include <openssl/x509v3.h>

#endif

#ifdef HAVE_NETDB_H

#include <netdb.h>

#endif

#include <fcntl.h>

/** number of times to retry making a random ID that is unique. */

#define MAX_ID_RETRY 1000

/** number of times to retry finding interface, port that can be opened. */

#define MAX_PORT_RETRY 10000

/** number of retries on outgoing UDP queries */

#define OUTBOUND_UDP_RETRY 1

/** initiate TCP transaction for serviced query */

static void serviced_tcp_initiate(struct serviced_query* sq, sldns_buffer* buff);

/** with a fd available, randomize and send UDP */

static int randomize_and_send_udp(struct pending* pend, sldns_buffer* packet,

  int timeout);

/** select a DNS ID for a TCP stream */

static uint16_t tcp_select_id(struct outside_network* outnet,

  struct reuse_tcp* reuse);

/** Perform serviced query UDP sending operation */

static int serviced_udp_send(struct serviced_query* sq, sldns_buffer* buff);

/** Send serviced query over TCP return false on initial failure */

static int serviced_tcp_send(struct serviced_query* sq, sldns_buffer* buff);

/** call the callbacks for a serviced query */

static void serviced_callbacks(struct serviced_query* sq, int error,

  struct comm_point* c, struct comm_reply* rep);

int 

pending_cmp(const void* key1, const void* key2)

{

  struct pending *p1 = (struct pending*)key1;

  struct pending *p2 = (struct pending*)key2;

  if(p1->id < p2->id)

    return -1;

  if(p1->id > p2->id)

    return 1;

  log_assert(p1->id == p2->id);

  return sockaddr_cmp(&p1->addr, p1->addrlen, &p2->addr, p2->addrlen);

}

int 

serviced_cmp(const void* key1, const void* key2)

{

  struct serviced_query* q1 = (struct serviced_query*)key1;

  struct serviced_query* q2 = (struct serviced_query*)key2;

  int r;

  if(q1->qbuflen < q2->qbuflen)

    return -1;

  if(q1->qbuflen > q2->qbuflen)

    return 1;

  log_assert(q1->qbuflen == q2->qbuflen);

  log_assert(q1->qbuflen >= 15 /* 10 header, root, type, class */);

  /* alternate casing of qname is still the same query */

  if((r = memcmp(q1->qbuf, q2->qbuf, 10)) != 0)

    return r;

  if((r = memcmp(q1->qbuf+q1->qbuflen-4, q2->qbuf+q2->qbuflen-4, 4)) != 0)

    return r;

  if(q1->dnssec != q2->dnssec) {

    if(q1->dnssec < q2->dnssec)

      return -1;

    return 1;

  }

  if((r = query_dname_compare(q1->qbuf+10, q2->qbuf+10)) != 0)

    return r;

  if((r = edns_opt_list_compare(q1->opt_list, q2->opt_list)) != 0)

    return r;

  return sockaddr_cmp(&q1->addr, q1->addrlen, &q2->addr, q2->addrlen);

}

/** compare if the reuse element has the same address, port and same ssl-is

 * used-for-it characteristic */

static int

reuse_cmp_addrportssl(const void* key1, const void* key2)

{

  struct reuse_tcp* r1 = (struct reuse_tcp*)key1;

  struct reuse_tcp* r2 = (struct reuse_tcp*)key2;

  int r;

  /* compare address and port */

  r = sockaddr_cmp(&r1->addr, r1->addrlen, &r2->addr, r2->addrlen);

  if(r != 0)

    return r;

  /* compare if SSL-enabled */

  if(r1->is_ssl && !r2->is_ssl)

    return 1;

  if(!r1->is_ssl && r2->is_ssl)

    return -1;

  return 0;

}

int

reuse_cmp(const void* key1, const void* key2)

{

  int r;

  r = reuse_cmp_addrportssl(key1, key2);

  if(r != 0)

    return r;

  /* compare ptr value */

  if(key1 < key2) return -1;

  if(key1 > key2) return 1;

  return 0;

}

int reuse_id_cmp(const void* key1, const void* key2)

{

  struct waiting_tcp* w1 = (struct waiting_tcp*)key1;

  struct waiting_tcp* w2 = (struct waiting_tcp*)key2;

  if(w1->id < w2->id)

    return -1;

  if(w1->id > w2->id)

    return 1;

  return 0;

}

/** delete waiting_tcp entry. Does not unlink from waiting list. 

 * @param w: to delete.

 */

static void

waiting_tcp_delete(struct waiting_tcp* w)

{

  if(!w) return;

  if(w->timer)

    comm_timer_delete(w->timer);

  free(w);

}

/** 

 * Pick random outgoing-interface of that family, and bind it.

 * port set to 0 so OS picks a port number for us.

 * if it is the ANY address, do not bind.

 * @param pend: pending tcp structure, for storing the local address choice.

 * @param w: tcp structure with destination address.

 * @param s: socket fd.

 * @return false on error, socket closed.

 */

static int

pick_outgoing_tcp(struct pending_tcp* pend, struct waiting_tcp* w, int s)

{

  struct port_if* pi = NULL;

  int num;

  pend->pi = NULL;

#ifdef INET6

  if(addr_is_ip6(&w->addr, w->addrlen))

    num = w->outnet->num_ip6;

  else

#endif

    num = w->outnet->num_ip4;

  if(num == 0) {

    log_err("no TCP outgoing interfaces of family");

    log_addr(VERB_OPS, "for addr", &w->addr, w->addrlen);

    sock_close(s);

    return 0;

  }

#ifdef INET6

  if(addr_is_ip6(&w->addr, w->addrlen))

    pi = &w->outnet->ip6_ifs[ub_random_max(w->outnet->rnd, num)];

  else

#endif

    pi = &w->outnet->ip4_ifs[ub_random_max(w->outnet->rnd, num)];

  log_assert(pi);

  pend->pi = pi;

  if(addr_is_any(&pi->addr, pi->addrlen)) {

    /* binding to the ANY interface is for listening sockets */

    return 1;

  }

  /* set port to 0 */

  if(addr_is_ip6(&pi->addr, pi->addrlen))

    ((struct sockaddr_in6*)&pi->addr)->sin6_port = 0;

  else  ((struct sockaddr_in*)&pi->addr)->sin_port = 0;

  if(bind(s, (struct sockaddr*)&pi->addr, pi->addrlen) != 0) {

#ifndef USE_WINSOCK

#ifdef EADDRNOTAVAIL

    if(!(verbosity < 4 && errno == EADDRNOTAVAIL))

#endif

#else /* USE_WINSOCK */

    if(!(verbosity < 4 && WSAGetLastError() == WSAEADDRNOTAVAIL))

#endif

        log_err("outgoing tcp: bind: %s", sock_strerror(errno));

    sock_close(s);

    return 0;

  }

  log_addr(VERB_ALGO, "tcp bound to src", &pi->addr, pi->addrlen);

  return 1;

}

/** get TCP file descriptor for address, returns -1 on failure,

 * tcp_mss is 0 or maxseg size to set for TCP packets. */

int

outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen,

  int tcp_mss, int dscp, int nodelay)

{

  int s;

  int af;

  char* err;

#if defined(SO_REUSEADDR) || defined(IP_BIND_ADDRESS_NO_PORT) \

  || defined(TCP_NODELAY)

  int on = 1;

#endif

#ifdef INET6

  if(addr_is_ip6(addr, addrlen)){

    s = socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP);

    af = AF_INET6;

  } else {

#else

  {

#endif

    af = AF_INET;

    s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);

  }

  if(s == -1) {

    log_err_addr("outgoing tcp: socket", sock_strerror(errno),

      addr, addrlen);

    return -1;

  }

#ifdef SO_REUSEADDR

  if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,

    (socklen_t)sizeof(on)) < 0) {

    verbose(VERB_ALGO, "outgoing tcp:"

      " setsockopt(.. SO_REUSEADDR ..) failed");

  }

#endif

  err = set_ip_dscp(s, af, dscp);

  if(err != NULL) {

    verbose(VERB_ALGO, "outgoing tcp:"

      "error setting IP DiffServ codepoint on socket");

  }

  if(tcp_mss > 0) {

#if defined(IPPROTO_TCP) && defined(TCP_MAXSEG)

    if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG,

      (void*)&tcp_mss, (socklen_t)sizeof(tcp_mss)) < 0) {

      verbose(VERB_ALGO, "outgoing tcp:"

        " setsockopt(.. TCP_MAXSEG ..) failed");

    }

#else

    verbose(VERB_ALGO, "outgoing tcp:"

      " setsockopt(TCP_MAXSEG) unsupported");

#endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */

  }

#ifdef IP_BIND_ADDRESS_NO_PORT

  if(setsockopt(s, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, (void*)&on,

    (socklen_t)sizeof(on)) < 0) {

    verbose(VERB_ALGO, "outgoing tcp:"

      " setsockopt(.. IP_BIND_ADDRESS_NO_PORT ..) failed");

  }

#endif /* IP_BIND_ADDRESS_NO_PORT */

  if(nodelay) {

#if defined(IPPROTO_TCP) && defined(TCP_NODELAY)

    if(setsockopt(s, IPPROTO_TCP, TCP_NODELAY, (void*)&on,

      (socklen_t)sizeof(on)) < 0) {

      verbose(VERB_ALGO, "outgoing tcp:"

        " setsockopt(.. TCP_NODELAY ..) failed");

    }

#else

    verbose(VERB_ALGO, "outgoing tcp:"

      " setsockopt(.. TCP_NODELAY ..) unsupported");

#endif /* defined(IPPROTO_TCP) && defined(TCP_NODELAY) */

  }

  return s;

}

/** connect tcp connection to addr, 0 on failure */

int

outnet_tcp_connect(int s, struct sockaddr_storage* addr, socklen_t addrlen)

{

  if(connect(s, (struct sockaddr*)addr, addrlen) == -1) {

#ifndef USE_WINSOCK

#ifdef EINPROGRESS

    if(errno != EINPROGRESS) {

#endif

      if(tcp_connect_errno_needs_log(

        (struct sockaddr*)addr, addrlen))

        log_err_addr("outgoing tcp: connect",

          strerror(errno), addr, addrlen);

      close(s);

      return 0;

#ifdef EINPROGRESS

    }

#endif

#else /* USE_WINSOCK */

    if(WSAGetLastError() != WSAEINPROGRESS &&

      WSAGetLastError() != WSAEWOULDBLOCK) {

      closesocket(s);

      return 0;

    }

#endif

  }

  return 1;

}

/** log reuse item addr and ptr with message */

static void

log_reuse_tcp(enum verbosity_value v, const char* msg, struct reuse_tcp* reuse)

{

  uint16_t port;

  char addrbuf[128];

  if(verbosity < v) return;

  if(!reuse || !reuse->pending || !reuse->pending->c)

    return;

  addr_to_str(&reuse->addr, reuse->addrlen, addrbuf, sizeof(addrbuf));

  port = ntohs(((struct sockaddr_in*)&reuse->addr)->sin_port);

  verbose(v, "%s %s#%u fd %d", msg, addrbuf, (unsigned)port,

    reuse->pending->c->fd);

}

/** pop the first element from the writewait list */

struct waiting_tcp*

reuse_write_wait_pop(struct reuse_tcp* reuse)

{

  struct waiting_tcp* w = reuse->write_wait_first;

  if(!w)

    return NULL;

  log_assert(w->write_wait_queued);

  log_assert(!w->write_wait_prev);

  reuse->write_wait_first = w->write_wait_next;

  if(w->write_wait_next)

    w->write_wait_next->write_wait_prev = NULL;

  else  reuse->write_wait_last = NULL;

  w->write_wait_queued = 0;

  w->write_wait_next = NULL;

  w->write_wait_prev = NULL;

  return w;

}

/** remove the element from the writewait list */

void

reuse_write_wait_remove(struct reuse_tcp* reuse, struct waiting_tcp* w)

{

  log_assert(w);

  log_assert(w->write_wait_queued);

  if(!w)

    return;

  if(!w->write_wait_queued)

    return;

  if(w->write_wait_prev)

    w->write_wait_prev->write_wait_next = w->write_wait_next;

  else  reuse->write_wait_first = w->write_wait_next;

  log_assert(!w->write_wait_prev ||

    w->write_wait_prev->write_wait_next != w->write_wait_prev);

  if(w->write_wait_next)

    w->write_wait_next->write_wait_prev = w->write_wait_prev;

  else  reuse->write_wait_last = w->write_wait_prev;

  log_assert(!w->write_wait_next

    || w->write_wait_next->write_wait_prev != w->write_wait_next);

  w->write_wait_queued = 0;

  w->write_wait_next = NULL;

  w->write_wait_prev = NULL;

}

/** push the element after the last on the writewait list */

void

reuse_write_wait_push_back(struct reuse_tcp* reuse, struct waiting_tcp* w)

{

  if(!w) return;

  log_assert(!w->write_wait_queued);

  if(reuse->write_wait_last) {

    reuse->write_wait_last->write_wait_next = w;

    log_assert(reuse->write_wait_last->write_wait_next !=

      reuse->write_wait_last);

    w->write_wait_prev = reuse->write_wait_last;

  } else {

    reuse->write_wait_first = w;

    w->write_wait_prev = NULL;

  }

  w->write_wait_next = NULL;

  reuse->write_wait_last = w;

  w->write_wait_queued = 1;

}

/** insert element in tree by id */

void

reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w)

{

#ifdef UNBOUND_DEBUG

  rbnode_type* added;

#endif

  log_assert(w->id_node.key == NULL);

  w->id_node.key = w;

#ifdef UNBOUND_DEBUG

  added =

#else

  (void)

#endif

  rbtree_insert(&reuse->tree_by_id, &w->id_node);

  log_assert(added);  /* should have been added */

}

/** find element in tree by id */

struct waiting_tcp*

reuse_tcp_by_id_find(struct reuse_tcp* reuse, uint16_t id)

{

  struct waiting_tcp key_w;

  rbnode_type* n;

  memset(&key_w, 0, sizeof(key_w));

  key_w.id_node.key = &key_w;

  key_w.id = id;

  n = rbtree_search(&reuse->tree_by_id, &key_w);

  if(!n) return NULL;

  return (struct waiting_tcp*)n->key;

}

/** return ID value of rbnode in tree_by_id */

static uint16_t

tree_by_id_get_id(rbnode_type* node)

{

  struct waiting_tcp* w = (struct waiting_tcp*)node->key;

  return w->id;

}

/** insert into reuse tcp tree and LRU, false on failure (duplicate) */

int

reuse_tcp_insert(struct outside_network* outnet, struct pending_tcp* pend_tcp)

{

  log_reuse_tcp(VERB_CLIENT, "reuse_tcp_insert", &pend_tcp->reuse);

  if(pend_tcp->reuse.item_on_lru_list) {

    if(!pend_tcp->reuse.node.key)

      log_err("internal error: reuse_tcp_insert: "

        "in lru list without key");

    return 1;

  }

  pend_tcp->reuse.node.key = &pend_tcp->reuse;

  pend_tcp->reuse.pending = pend_tcp;

  if(!rbtree_insert(&outnet->tcp_reuse, &pend_tcp->reuse.node)) {

    /* We are not in the LRU list but we are already in the

     * tcp_reuse tree, strange.

     * Continue to add ourselves to the LRU list. */

    log_err("internal error: reuse_tcp_insert: in lru list but "

      "not in the tree");

  }

  /* insert into LRU, first is newest */

  pend_tcp->reuse.lru_prev = NULL;

  if(outnet->tcp_reuse_first) {

    pend_tcp->reuse.lru_next = outnet->tcp_reuse_first;

    log_assert(pend_tcp->reuse.lru_next != &pend_tcp->reuse);

    outnet->tcp_reuse_first->lru_prev = &pend_tcp->reuse;

    log_assert(outnet->tcp_reuse_first->lru_prev !=

      outnet->tcp_reuse_first);

  } else {

    pend_tcp->reuse.lru_next = NULL;

    outnet->tcp_reuse_last = &pend_tcp->reuse;

  }

  outnet->tcp_reuse_first = &pend_tcp->reuse;

  pend_tcp->reuse.item_on_lru_list = 1;

  log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||

    (outnet->tcp_reuse_first && outnet->tcp_reuse_last));

  log_assert(outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_next &&

    outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_prev);

  log_assert(outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_next &&

    outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_prev);

  return 1;

}

/** find reuse tcp stream to destination for query, or NULL if none */

static struct reuse_tcp*

reuse_tcp_find(struct outside_network* outnet, struct sockaddr_storage* addr,

  socklen_t addrlen, int use_ssl)

{

  struct waiting_tcp key_w;

  struct pending_tcp key_p;

  struct comm_point c;

  rbnode_type* result = NULL, *prev;

  verbose(VERB_CLIENT, "reuse_tcp_find");

  memset(&key_w, 0, sizeof(key_w));

  memset(&key_p, 0, sizeof(key_p));

  memset(&c, 0, sizeof(c));

  key_p.query = &key_w;

  key_p.c = &c;

  key_p.reuse.pending = &key_p;

  key_p.reuse.node.key = &key_p.reuse;

  if(use_ssl)

    key_p.reuse.is_ssl = 1;

  if(addrlen > (socklen_t)sizeof(key_p.reuse.addr))

    return NULL;

  memmove(&key_p.reuse.addr, addr, addrlen);

  key_p.reuse.addrlen = addrlen;

  verbose(VERB_CLIENT, "reuse_tcp_find: num reuse streams %u",

    (unsigned)outnet->tcp_reuse.count);

  if(outnet->tcp_reuse.root == NULL ||

    outnet->tcp_reuse.root == RBTREE_NULL)

    return NULL;

  if(rbtree_find_less_equal(&outnet->tcp_reuse, &key_p.reuse,

    &result)) {

    /* exact match */

    /* but the key is on stack, and ptr is compared, impossible */

    log_assert(&key_p.reuse != (struct reuse_tcp*)result);

    log_assert(&key_p != ((struct reuse_tcp*)result)->pending);

  }

  /* It is possible that we search for something before the first element

   * in the tree. Replace a null pointer with the first element.

   */

  if (!result) {

    verbose(VERB_CLIENT, "reuse_tcp_find: taking first");

    result = rbtree_first(&outnet->tcp_reuse);

  }

  /* not found, return null */

  if(!result || result == RBTREE_NULL)

    return NULL;

  /* It is possible that we got the previous address, but that the

   * address we are looking for is in the tree. If the address we got

   * is less than the address we are looking, then take the next entry.

   */

  if (reuse_cmp_addrportssl(result->key, &key_p.reuse) < 0) {

    verbose(VERB_CLIENT, "reuse_tcp_find: key too low");

    result = rbtree_next(result);

  }

  verbose(VERB_CLIENT, "reuse_tcp_find check inexact match");

  /* inexact match, find one of possibly several connections to the

   * same destination address, with the correct port, ssl, and

   * also less than max number of open queries, or else, fail to open

   * a new one */

  /* rewind to start of sequence of same address,port,ssl */

  prev = rbtree_previous(result);

  while(prev && prev != RBTREE_NULL &&

    reuse_cmp_addrportssl(prev->key, &key_p.reuse) == 0) {

    result = prev;

    prev = rbtree_previous(result);

  }

  /* loop to find first one that has correct characteristics */

  while(result && result != RBTREE_NULL &&

    reuse_cmp_addrportssl(result->key, &key_p.reuse) == 0) {

    if(((struct reuse_tcp*)result)->tree_by_id.count <

      outnet->max_reuse_tcp_queries) {

      /* same address, port, ssl-yes-or-no, and has

       * space for another query */

      return (struct reuse_tcp*)result;

    }

    result = rbtree_next(result);

  }

  return NULL;

}

/** use the buffer to setup writing the query */

static void

outnet_tcp_take_query_setup(int s, struct pending_tcp* pend,

  struct waiting_tcp* w)

{

  struct timeval tv;

  verbose(VERB_CLIENT, "outnet_tcp_take_query_setup: setup packet to write "

    "len %d timeout %d msec",

    (int)w->pkt_len, w->timeout);

  pend->c->tcp_write_pkt = w->pkt;

  pend->c->tcp_write_pkt_len = w->pkt_len;

  pend->c->tcp_write_and_read = 1;

  pend->c->tcp_write_byte_count = 0;

  pend->c->tcp_is_reading = 0;

  comm_point_start_listening(pend->c, s, -1);

  /* set timer on the waiting_tcp entry, this is the write timeout

   * for the written packet.  The timer on pend->c is the timer

   * for when there is no written packet and we have readtimeouts */

#ifndef S_SPLINT_S

  tv.tv_sec = w->timeout/1000;

  tv.tv_usec = (w->timeout%1000)*1000;

#endif

  /* if the waiting_tcp was previously waiting for a buffer in the

   * outside_network.tcpwaitlist, then the timer is reset now that

   * we start writing it */

  comm_timer_set(w->timer, &tv);

}

/** use next free buffer to service a tcp query */

static int

outnet_tcp_take_into_use(struct waiting_tcp* w)

{

  struct pending_tcp* pend = w->outnet->tcp_free;

  int s;

  log_assert(pend);

  log_assert(w->pkt);

  log_assert(w->pkt_len > 0);

  log_assert(w->addrlen > 0);

  pend->c->tcp_do_toggle_rw = 0;

  pend->c->tcp_do_close = 0;

  /* Consistency check, if we have ssl_upstream but no sslctx, then

   * log an error and return failure.

   */

  if (w->ssl_upstream && !w->outnet->sslctx) {

    log_err("SSL upstream requested but no SSL context");

    return 0;

  }

  /* open socket */

  s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss,

    w->outnet->ip_dscp, w->ssl_upstream);

  if(s == -1)

    return 0;

  if(!pick_outgoing_tcp(pend, w, s))

    return 0;

  fd_set_nonblock(s);

#ifdef USE_OSX_MSG_FASTOPEN

  /* API for fast open is different here. We use a connectx() function and 

     then writes can happen as normal even using SSL.*/

  /* connectx requires that the len be set in the sockaddr struct*/

  struct sockaddr_in *addr_in = (struct sockaddr_in *)&w->addr;

  addr_in->sin_len = w->addrlen;

  sa_endpoints_t endpoints;

  endpoints.sae_srcif = 0;

  endpoints.sae_srcaddr = NULL;

  endpoints.sae_srcaddrlen = 0;

  endpoints.sae_dstaddr = (struct sockaddr *)&w->addr;

  endpoints.sae_dstaddrlen = w->addrlen;

  if (connectx(s, &endpoints, SAE_ASSOCID_ANY,  

               CONNECT_DATA_IDEMPOTENT | CONNECT_RESUME_ON_READ_WRITE,

               NULL, 0, NULL, NULL) == -1) {

    /* if fails, failover to connect for OSX 10.10 */

#ifdef EINPROGRESS

    if(errno != EINPROGRESS) {

#else

    if(1) {

#endif

      if(connect(s, (struct sockaddr*)&w->addr, w->addrlen) == -1) {

#else /* USE_OSX_MSG_FASTOPEN*/

#ifdef USE_MSG_FASTOPEN

  pend->c->tcp_do_fastopen = 1;

  /* Only do TFO for TCP in which case no connect() is required here.

     Don't combine client TFO with SSL, since OpenSSL can't 

     currently support doing a handshake on fd that already isn't connected*/

  if (w->outnet->sslctx && w->ssl_upstream) {

    if(connect(s, (struct sockaddr*)&w->addr, w->addrlen) == -1) {

#else /* USE_MSG_FASTOPEN*/

  if(connect(s, (struct sockaddr*)&w->addr, w->addrlen) == -1) {

#endif /* USE_MSG_FASTOPEN*/

#endif /* USE_OSX_MSG_FASTOPEN*/

#ifndef USE_WINSOCK

#ifdef EINPROGRESS

    if(errno != EINPROGRESS) {

#else

    if(1) {

#endif

      if(tcp_connect_errno_needs_log(

        (struct sockaddr*)&w->addr, w->addrlen))

        log_err_addr("outgoing tcp: connect",

          strerror(errno), &w->addr, w->addrlen);

      close(s);

#else /* USE_WINSOCK */

    if(WSAGetLastError() != WSAEINPROGRESS &&

      WSAGetLastError() != WSAEWOULDBLOCK) {

      closesocket(s);

#endif

      return 0;

    }

  }

#ifdef USE_MSG_FASTOPEN

  }

#endif /* USE_MSG_FASTOPEN */

#ifdef USE_OSX_MSG_FASTOPEN

    }

  }

#endif /* USE_OSX_MSG_FASTOPEN */

  if(w->outnet->sslctx && w->ssl_upstream) {

    pend->c->ssl = outgoing_ssl_fd(w->outnet->sslctx, s);

    if(!pend->c->ssl) {

      pend->c->fd = s;

      comm_point_close(pend->c);

      return 0;

    }

    verbose(VERB_ALGO, "the query is using TLS encryption, for %s",

      (w->tls_auth_name?w->tls_auth_name:"an unauthenticated connection"));

#ifdef USE_WINSOCK

    comm_point_tcp_win_bio_cb(pend->c, pend->c->ssl);

#endif

    pend->c->ssl_shake_state = comm_ssl_shake_write;

    if(!set_auth_name_on_ssl(pend->c->ssl, w->tls_auth_name,

      w->outnet->tls_use_sni)) {

      pend->c->fd = s;

#ifdef HAVE_SSL

      SSL_free(pend->c->ssl);

#endif

      pend->c->ssl = NULL;

      comm_point_close(pend->c);

      return 0;

    }

  }

  w->next_waiting = (void*)pend;

  w->outnet->num_tcp_outgoing++;

  w->outnet->tcp_free = pend->next_free;

  pend->next_free = NULL;

  pend->query = w;

  pend->reuse.outnet = w->outnet;

  pend->c->repinfo.remote_addrlen = w->addrlen;

  pend->c->tcp_more_read_again = &pend->reuse.cp_more_read_again;

  pend->c->tcp_more_write_again = &pend->reuse.cp_more_write_again;

  pend->reuse.cp_more_read_again = 0;

  pend->reuse.cp_more_write_again = 0;

  memcpy(&pend->c->repinfo.remote_addr, &w->addr, w->addrlen);

  pend->reuse.pending = pend;

  /* Remove from tree in case the is_ssl will be different and causes the

   * identity of the reuse_tcp to change; could result in nodes not being

   * deleted from the tree (because the new identity does not match the

   * previous node) but their ->key would be changed to NULL. */

  if(pend->reuse.node.key)

    reuse_tcp_remove_tree_list(w->outnet, &pend->reuse);

  if(pend->c->ssl)

    pend->reuse.is_ssl = 1;

  else  pend->reuse.is_ssl = 0;

  /* insert in reuse by address tree if not already inserted there */

  (void)reuse_tcp_insert(w->outnet, pend);

  reuse_tree_by_id_insert(&pend->reuse, w);

  outnet_tcp_take_query_setup(s, pend, w);

  return 1;

}

/** Touch the lru of a reuse_tcp element, it is in use.

 * This moves it to the front of the list, where it is not likely to

 * be closed.  Items at the back of the list are closed to make space. */

void

reuse_tcp_lru_touch(struct outside_network* outnet, struct reuse_tcp* reuse)

{

  if(!reuse->item_on_lru_list) {

    log_err("internal error: we need to touch the lru_list but item not in list");

    return; /* not on the list, no lru to modify */

  }

  log_assert(reuse->lru_prev ||

    (!reuse->lru_prev && outnet->tcp_reuse_first == reuse));

  if(!reuse->lru_prev)

    return; /* already first in the list */

  /* remove at current position */

  /* since it is not first, there is a previous element */

  reuse->lru_prev->lru_next = reuse->lru_next;

  log_assert(reuse->lru_prev->lru_next != reuse->lru_prev);

  if(reuse->lru_next)

    reuse->lru_next->lru_prev = reuse->lru_prev;

  else  outnet->tcp_reuse_last = reuse->lru_prev;

  log_assert(!reuse->lru_next || reuse->lru_next->lru_prev != reuse->lru_next);

  log_assert(outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_next &&

    outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_prev);

  /* insert at the front */

  reuse->lru_prev = NULL;

  reuse->lru_next = outnet->tcp_reuse_first;

  if(outnet->tcp_reuse_first) {

    outnet->tcp_reuse_first->lru_prev = reuse;

  }

  log_assert(reuse->lru_next != reuse);

  /* since it is not first, it is not the only element and

   * lru_next is thus not NULL and thus reuse is now not the last in

   * the list, so outnet->tcp_reuse_last does not need to be modified */

  outnet->tcp_reuse_first = reuse;

  log_assert(outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_next &&

    outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_prev);

  log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||

    (outnet->tcp_reuse_first && outnet->tcp_reuse_last));

}

/** Snip the last reuse_tcp element off of the LRU list */

struct reuse_tcp*

reuse_tcp_lru_snip(struct outside_network* outnet)

{

  struct reuse_tcp* reuse = outnet->tcp_reuse_last;

  if(!reuse) return NULL;

  /* snip off of LRU */

  log_assert(reuse->lru_next == NULL);

  if(reuse->lru_prev) {

    outnet->tcp_reuse_last = reuse->lru_prev;

    reuse->lru_prev->lru_next = NULL;

  } else {

    outnet->tcp_reuse_last = NULL;

    outnet->tcp_reuse_first = NULL;

  }

  log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||

    (outnet->tcp_reuse_first && outnet->tcp_reuse_last));

  reuse->item_on_lru_list = 0;

  reuse->lru_next = NULL;

  reuse->lru_prev = NULL;

  return reuse;

}

/** remove waiting tcp from the outnet waiting list */

void

outnet_waiting_tcp_list_remove(struct outside_network* outnet, struct waiting_tcp* w)

{

  struct waiting_tcp* p = outnet->tcp_wait_first, *prev = NULL;

  w->on_tcp_waiting_list = 0;

  while(p) {

    if(p == w) {

      /* remove w */

      if(prev)

        prev->next_waiting = w->next_waiting;

      else  outnet->tcp_wait_first = w->next_waiting;

      if(outnet->tcp_wait_last == w)

        outnet->tcp_wait_last = prev;

      w->next_waiting = NULL;

      return;

    }

    prev = p;

    p = p->next_waiting;

  }

  /* outnet_waiting_tcp_list_remove is currently called only with items

   * that are already in the waiting list. */

  log_assert(0);

}

/** pop the first waiting tcp from the outnet waiting list */

struct waiting_tcp*

outnet_waiting_tcp_list_pop(struct outside_network* outnet)

{

  struct waiting_tcp* w = outnet->tcp_wait_first;

  if(!outnet->tcp_wait_first) return NULL;

  log_assert(w->on_tcp_waiting_list);

  outnet->tcp_wait_first = w->next_waiting;

  if(outnet->tcp_wait_last == w)

    outnet->tcp_wait_last = NULL;

  w->on_tcp_waiting_list = 0;

  w->next_waiting = NULL;

  return w;

}

/** add waiting_tcp element to the outnet tcp waiting list */

void

outnet_waiting_tcp_list_add(struct outside_network* outnet,

  struct waiting_tcp* w, int set_timer)

{

  struct timeval tv;

  log_assert(!w->on_tcp_waiting_list);

  if(w->on_tcp_waiting_list)

    return;

  w->next_waiting = NULL;

  if(outnet->tcp_wait_last)

    outnet->tcp_wait_last->next_waiting = w;

  else  outnet->tcp_wait_first = w;

  outnet->tcp_wait_last = w;

  w->on_tcp_waiting_list = 1;

  if(set_timer) {

#ifndef S_SPLINT_S

    tv.tv_sec = w->timeout/1000;

    tv.tv_usec = (w->timeout%1000)*1000;