search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dnsmasq: v2.67test16 patch Sept.25th/2013.
[tomato.git] / release / src / router / dnsmasq / src / dnsmasq.c
blobb3c20c0777373aed86ad340d782cb3d024a75b67
1 /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16 /* Jon Zarate AFAIK wrote the original Tomato specific code, primarily to
17 support extra info in the GUI. Following is a vague clue as to how it
18 hangs together.
19
20 device list status is handled by www/devlist.c - this sends a SIGUSR2
21 to dnsmasq which causes the 'tomato_helper' function to execute in
22 addition to the normal dnsmasq SIGUSR2 code (Switch logfile, but since
23 Tomato not using that it doesn't matter) devlist.c waits up to 5 secs
24 for file '/var/tmp/dhcp/leases.!' to disappear before continuing
25 (Must be a better way to do this IPC stuff)
26
27 tomato_helper(lease.c) does a couple of things:
28
29 It looks for /var/tmp/dhcp/delete and deletes any known leases by IP
30 address found therein. It deletes /var/tmp/dhcp/delete when done.
31 This implements the 'delete lease' from GUI functionality.
32
33 It dumps the current dhcp leases into /var/tmp/dhcp/lease.! (tmp file)
34 subtracting the current time from the lease expiry time, thus producing
35 a 'lease remaining' time for the GUI.
36 The temp file is renamed to /var/tmp/dhcp/leases thus signalling devlist.c
37 that it may proceed. Finally when devlist.c is finished
38 /var/tmp/dhcp/leases is removed.
39
40 rfc2131.c implements a 'Quiet DHCP' option (don't log DHCP stuff) first
41 implemented by 'Teddy Bear'.
42
43 dnsmasq.c also intercepts SIGHUP so that it may flush the lease file.
44 This is so lease expiry times survive a process restart since dnsmasq
45 reads the lease file at start-up.
46
47 Finally(?) lease_update_file (lease.c) writes out the remaining lease
48 duration for each dhcp lease rather than lease expiry time (with RTC) or
49 lease length (no RTC) for dnsmasq's internal lease database.
50 asuswrt does a similar thing with lease durations though the code is
51 different. Ideally the code would be merged in such a way that Tomato
52 and asuswrt-merlin can code share without even thinking...another project!
53
54 dhcp lease file is /var/lib/misc/dnsmasq.leases
55
56 Above description K Darbyshire-Bryant 02/05/13 Hope it helps someone
57 */
58
59
60
61 /* Declare static char *compiler_opts in config.h */
62 #define DNSMASQ_COMPILE_OPTS
63
64 #include "dnsmasq.h"
65
66 struct daemon *daemon;
67
68 static volatile pid_t pid = 0;
69 static volatile int pipewrite;
70
71 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
72 static void check_dns_listeners(fd_set *set, time_t now);
73 static void sig_handler(int sig);
74 static void async_event(int pipe, time_t now);
75 static void fatal_event(struct event_desc *ev, char *msg);
76 static int read_event(int fd, struct event_desc *evp, char **msg);
77
78 int main (int argc, char **argv)
79 {
80 int bind_fallback = 0;
81 time_t now;
82 struct sigaction sigact;
83 struct iname *if_tmp;
84 int piperead, pipefd[2], err_pipe[2];
85 struct passwd *ent_pw = NULL;
86 #if defined(HAVE_SCRIPT)
87 uid_t script_uid = 0;
88 gid_t script_gid = 0;
89 #endif
90 struct group *gp = NULL;
91 long i, max_fd = sysconf(_SC_OPEN_MAX);
92 char *baduser = NULL;
93 int log_err;
94 #if defined(HAVE_LINUX_NETWORK)
95 cap_user_header_t hdr = NULL;
96 cap_user_data_t data = NULL;
97 #endif
98 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
99 struct dhcp_context *context;
100 struct dhcp_relay *relay;
101 #endif
102
103 #ifdef LOCALEDIR
104 setlocale(LC_ALL, "");
105 bindtextdomain("dnsmasq", LOCALEDIR);
106 textdomain("dnsmasq");
107 #endif
108
109 sigact.sa_handler = sig_handler;
110 sigact.sa_flags = 0;
111 sigemptyset(&sigact.sa_mask);
112 sigaction(SIGUSR1, &sigact, NULL);
113 sigaction(SIGUSR2, &sigact, NULL);
114 sigaction(SIGHUP, &sigact, NULL);
115 sigaction(SIGTERM, &sigact, NULL);
116 sigaction(SIGALRM, &sigact, NULL);
117 sigaction(SIGCHLD, &sigact, NULL);
118
119 /* ignore SIGPIPE */
120 sigact.sa_handler = SIG_IGN;
121 sigaction(SIGPIPE, &sigact, NULL);
122
123 umask(022); /* known umask, create leases and pid files as 0644 */
124
125 read_opts(argc, argv, compile_opts);
126
127 if (daemon->edns_pktsz < PACKETSZ)
128 daemon->edns_pktsz = PACKETSZ;
129 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
130 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
131 daemon->packet = safe_malloc(daemon->packet_buff_sz);
132
133 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
134
135
136 #ifdef HAVE_DHCP
137 if (!daemon->lease_file)
138 {
139 if (daemon->dhcp || daemon->dhcp6)
140 daemon->lease_file = LEASEFILE;
141 }
142 #endif
143
144 /* Close any file descriptors we inherited apart from std{in|out|err}
145
146 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
147 otherwise file descriptors we create can end up being 0, 1, or 2
148 and then get accidentally closed later when we make 0, 1, and 2
149 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
150 but it's not guaranteed. By opening /dev/null three times, we
151 ensure that we're not using those fds for real stuff. */
152 for (i = 0; i < max_fd; i++)
153 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
154 close(i);
155 else
156 open("/dev/null", O_RDWR);
157
158 #ifndef HAVE_LINUX_NETWORK
159 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
160 if (!option_bool(OPT_NOWILD))
161 {
162 bind_fallback = 1;
163 set_option_bool(OPT_NOWILD);
164 }
165 # endif
166
167 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
168 if (option_bool(OPT_CLEVERBIND))
169 {
170 bind_fallback = 1;
171 set_option_bool(OPT_NOWILD);
172 reset_option_bool(OPT_CLEVERBIND);
173 }
174 #endif
175
176 #ifndef HAVE_TFTP
177 if (option_bool(OPT_TFTP))
178 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
179 #endif
180
181 #ifdef HAVE_CONNTRACK
182 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
183 die (_("Cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
184 #else
185 if (option_bool(OPT_CONNTRACK))
186 die(_("Conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
187 #endif
188
189 #ifdef HAVE_SOLARIS_NETWORK
190 if (daemon->max_logs != 0)
191 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
192 #endif
193
194 #ifdef __ANDROID__
195 if (daemon->max_logs != 0)
196 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
197 #endif
198
199 #ifndef HAVE_AUTH
200 if (daemon->authserver)
201 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
202 #endif
203
204 rand_init();
205
206 now = dnsmasq_time();
207
208 /* Create a serial at startup if not configured. */
209 if (daemon->authinterface && daemon->soa_sn == 0)
210 #ifdef HAVE_BROKEN_RTC
211 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
212 #else
213 daemon->soa_sn = now;
214 #endif
215
216 #ifdef HAVE_DHCP6
217 if (daemon->dhcp6)
218 {
219 daemon->doing_ra = option_bool(OPT_RA);
220
221 for (context = daemon->dhcp6; context; context = context->next)
222 {
223 if (context->flags & CONTEXT_DHCP)
224 daemon->doing_dhcp6 = 1;
225 if (context->flags & CONTEXT_RA)
226 daemon->doing_ra = 1;
227 #ifndef HAVE_LINUX_NETWORK
228 if (context->flags & CONTEXT_TEMPLATE)
229 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
230 #endif
231 }
232 }
233 #endif
234
235 #ifdef HAVE_DHCP
236 /* Note that order matters here, we must call lease_init before
237 creating any file descriptors which shouldn't be leaked
238 to the lease-script init process. We need to call common_init
239 before lease_init to allocate buffers it uses.*/
240 if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6)
241 {
242 dhcp_common_init();
243 if (daemon->dhcp || daemon->doing_dhcp6)
244 lease_init(now);
245 }
246
247 if (daemon->dhcp || daemon->relay4)
248 dhcp_init();
249
250 # ifdef HAVE_DHCP6
251 if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6)
252 ra_init(now);
253
254 if (daemon->doing_dhcp6 || daemon->relay6)
255 dhcp6_init();
256 # endif
257
258 #endif
259
260 #ifdef HAVE_IPSET
261 if (daemon->ipsets)
262 ipset_init();
263 #endif
264
265 #ifdef HAVE_LINUX_NETWORK
266 netlink_init();
267
268 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
269 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
270 #endif
271
272 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
273 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
274
275 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
276 {
277 create_bound_listeners(1);
278
279 if (!option_bool(OPT_CLEVERBIND))
280 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
281 if (if_tmp->name && !if_tmp->used)
282 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
283
284 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
285 /* after enumerate_interfaces() */
286 if (daemon->dhcp)
287 {
288 if (!daemon->relay4)
289 bindtodevice(daemon->dhcpfd);
290 if (daemon->enable_pxe)
291 bindtodevice(daemon->pxefd);
292 }
293 #endif
294
295 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
296 if (daemon->doing_dhcp6 && !daemon->relay6)
297 bindtodevice(daemon->dhcp6fd);
298 #endif
299 }
300 else
301 create_wildcard_listeners();
302
303 #ifdef HAVE_DHCP6
304 /* after enumerate_interfaces() */
305 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
306 join_multicast(1);
307 #endif
308
309 if (daemon->port != 0)
310 cache_init();
311
312 if (option_bool(OPT_DBUS))
313 #ifdef HAVE_DBUS
314 {
315 char *err;
316 daemon->dbus = NULL;
317 daemon->watches = NULL;
318 if ((err = dbus_init()))
319 die(_("DBus error: %s"), err, EC_MISC);
320 }
321 #else
322 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
323 #endif
324
325 if (daemon->port != 0)
326 pre_allocate_sfds();
327
328 #if defined(HAVE_SCRIPT)
329 /* Note getpwnam returns static storage */
330 if ((daemon->dhcp || daemon->dhcp6) &&
331 daemon->scriptuser &&
332 (daemon->lease_change_command || daemon->luascript))
333 {
334 if ((ent_pw = getpwnam(daemon->scriptuser)))
335 {
336 script_uid = ent_pw->pw_uid;
337 script_gid = ent_pw->pw_gid;
338 }
339 else
340 baduser = daemon->scriptuser;
341 }
342 #endif
343
344 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
345 baduser = daemon->username;
346 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
347 baduser = daemon->groupname;
348
349 if (baduser)
350 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
351
352 /* implement group defaults, "dip" if available, or group associated with uid */
353 if (!daemon->group_set && !gp)
354 {
355 if (!(gp = getgrnam(CHGRP)) && ent_pw)
356 gp = getgrgid(ent_pw->pw_gid);
357
358 /* for error message */
359 if (gp)
360 daemon->groupname = gp->gr_name;
361 }
362
363 #if defined(HAVE_LINUX_NETWORK)
364 /* determine capability API version here, while we can still
365 call safe_malloc */
366 if (ent_pw && ent_pw->pw_uid != 0)
367 {
368 int capsize = 1; /* for header version 1 */
369 hdr = safe_malloc(sizeof(*hdr));
370
371 /* find version supported by kernel */
372 memset(hdr, 0, sizeof(*hdr));
373 capget(hdr, NULL);
374
375 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
376 {
377 /* if unknown version, use largest supported version (3) */
378 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
379 hdr->version = LINUX_CAPABILITY_VERSION_3;
380 capsize = 2;
381 }
382
383 data = safe_malloc(sizeof(*data) * capsize);
384 memset(data, 0, sizeof(*data) * capsize);
385 }
386 #endif
387
388 /* Use a pipe to carry signals and other events back to the event loop
389 in a race-free manner and another to carry errors to daemon-invoking process */
390 safe_pipe(pipefd, 1);
391
392 piperead = pipefd[0];
393 pipewrite = pipefd[1];
394 /* prime the pipe to load stuff first time. */
395 send_event(pipewrite, EVENT_RELOAD, 0, NULL);
396
397 err_pipe[1] = -1;
398
399 if (!option_bool(OPT_DEBUG))
400 {
401 /* The following code "daemonizes" the process.
402 See Stevens section 12.4 */
403
404 if (chdir("/") != 0)
405 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
406
407 #ifndef NO_FORK
408 if (!option_bool(OPT_NO_FORK))
409 {
410 pid_t pid;
411
412 /* pipe to carry errors back to original process.
413 When startup is complete we close this and the process terminates. */
414 safe_pipe(err_pipe, 0);
415
416 if ((pid = fork()) == -1)
417 /* fd == -1 since we've not forked, never returns. */
418 send_event(-1, EVENT_FORK_ERR, errno, NULL);
419
420 if (pid != 0)
421 {
422 struct event_desc ev;
423 char *msg;
424
425 /* close our copy of write-end */
426 close(err_pipe[1]);
427
428 /* check for errors after the fork */
429 if (read_event(err_pipe[0], &ev, &msg))
430 fatal_event(&ev, msg);
431
432 _exit(EC_GOOD);
433 }
434
435 close(err_pipe[0]);
436
437 /* NO calls to die() from here on. */
438
439 setsid();
440
441 if ((pid = fork()) == -1)
442 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
443
444 if (pid != 0)
445 _exit(0);
446 }
447 #endif
448
449 /* write pidfile _after_ forking ! */
450 if (daemon->runfile)
451 {
452 int fd, err = 0;
453
454 sprintf(daemon->namebuff, "%d\n", (int) getpid());
455
456 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
457 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
458 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
459 extent that an attacker running as the unprivileged user could replace the pidfile with a
460 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
461
462 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
463 ensuring that the open() fails should there be any existing file (because the unlink() failed,
464 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
465 attack can succeed.
466
467 Any compromise of the non-privileged user still theoretically allows the pid-file to be
468 replaced whilst dnsmasq is running. The worst that could allow is that the usual
469 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
470
471 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
472 failure to write the pid-file.
473 */
474
475 unlink(daemon->runfile);
476
477 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
478 {
479 /* only complain if started as root */
480 if (getuid() == 0)
481 err = 1;
482 }
483 else
484 {
485 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
486 err = 1;
487
488 while (!err && close(fd) == -1)
489 if (!retry_send())
490 err = 1;
491 }
492
493 if (err)
494 {
495 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
496 _exit(0);
497 }
498 }
499 }
500
501 log_err = log_start(ent_pw, err_pipe[1]);
502
503 if (!option_bool(OPT_DEBUG))
504 {
505 /* open stdout etc to /dev/null */
506 int nullfd = open("/dev/null", O_RDWR);
507 dup2(nullfd, STDOUT_FILENO);
508 dup2(nullfd, STDERR_FILENO);
509 dup2(nullfd, STDIN_FILENO);
510 close(nullfd);
511 }
512
513 /* if we are to run scripts, we need to fork a helper before dropping root. */
514 daemon->helperfd = -1;
515 #ifdef HAVE_SCRIPT
516 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
517 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
518 #endif
519
520 if (!option_bool(OPT_DEBUG) && getuid() == 0)
521 {
522 int bad_capabilities = 0;
523 gid_t dummy;
524
525 /* remove all supplimentary groups */
526 if (gp &&
527 (setgroups(0, &dummy) == -1 ||
528 setgid(gp->gr_gid) == -1))
529 {
530 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
531 _exit(0);
532 }
533
534 if (ent_pw && ent_pw->pw_uid != 0)
535 {
536 #if defined(HAVE_LINUX_NETWORK)
537 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
538 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
539 ports because of DAD, or we're doing it dynamically,
540 we need CAP_NET_BIND_SERVICE too. */
541 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
542 data->effective = data->permitted = data->inheritable =
543 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
544 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
545 else
546 data->effective = data->permitted = data->inheritable =
547 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
548
549 /* Tell kernel to not clear capabilities when dropping root */
550 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
551 bad_capabilities = errno;
552
553 #elif defined(HAVE_SOLARIS_NETWORK)
554 /* http://developers.sun.com/solaris/articles/program_privileges.html */
555 priv_set_t *priv_set;
556
557 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
558 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
559 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
560 bad_capabilities = errno;
561
562 if (priv_set && bad_capabilities == 0)
563 {
564 priv_inverse(priv_set);
565
566 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
567 bad_capabilities = errno;
568 }
569
570 if (priv_set)
571 priv_freeset(priv_set);
572
573 #endif
574
575 if (bad_capabilities != 0)
576 {
577 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
578 _exit(0);
579 }
580
581 /* finally drop root */
582 if (setuid(ent_pw->pw_uid) == -1)
583 {
584 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
585 _exit(0);
586 }
587
588 #ifdef HAVE_LINUX_NETWORK
589 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
590 data->effective = data->permitted =
591 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
592 else
593 data->effective = data->permitted =
594 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
595 data->inheritable = 0;
596
597 /* lose the setuid and setgid capbilities */
598 if (capset(hdr, data) == -1)
599 {
600 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
601 _exit(0);
602 }
603 #endif
604
605 }
606 }
607
608 #ifdef HAVE_LINUX_NETWORK
609 if (option_bool(OPT_DEBUG))
610 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
611 #endif
612
613 #ifdef HAVE_TFTP
614 if (option_bool(OPT_TFTP))
615 {
616 DIR *dir;
617 struct tftp_prefix *p;
618
619 if (daemon->tftp_prefix)
620 {
621 if (!((dir = opendir(daemon->tftp_prefix))))
622 {
623 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
624 _exit(0);
625 }
626 closedir(dir);
627 }
628
629 for (p = daemon->if_prefix; p; p = p->next)
630 {
631 if (!((dir = opendir(p->prefix))))
632 {
633 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
634 _exit(0);
635 }
636 closedir(dir);
637 }
638 }
639 #endif
640
641 if (daemon->port == 0)
642 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
643 else if (daemon->cachesize != 0)
644 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
645 else
646 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
647
648 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
649
650 #ifdef HAVE_DBUS
651 if (option_bool(OPT_DBUS))
652 {
653 if (daemon->dbus)
654 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
655 else
656 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
657 }
658 #endif
659
660 if (log_err != 0)
661 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
662 daemon->log_file, strerror(log_err));
663
664 if (bind_fallback)
665 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
666
667 if (!option_bool(OPT_NOWILD))
668 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
669 if (if_tmp->name && !if_tmp->used)
670 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
671
672 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
673 {
674 if (daemon->resolv_files && !daemon->resolv_files->is_default)
675 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
676 daemon->resolv_files = NULL;
677 if (!daemon->servers)
678 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
679 }
680
681 if (daemon->max_logs != 0)
682 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
683
684
685 #ifdef HAVE_DHCP
686 for (context = daemon->dhcp; context; context = context->next)
687 log_context(AF_INET, context);
688
689 for (relay = daemon->relay4; relay; relay = relay->next)
690 log_relay(AF_INET, relay);
691
692 # ifdef HAVE_DHCP6
693 for (context = daemon->dhcp6; context; context = context->next)
694 log_context(AF_INET6, context);
695
696 for (relay = daemon->relay6; relay; relay = relay->next)
697 log_relay(AF_INET6, relay);
698
699 if (daemon->doing_dhcp6 || daemon->doing_ra)
700 dhcp_construct_contexts(now);
701
702 if (option_bool(OPT_RA))
703 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
704 # endif
705
706 /* after dhcp_contruct_contexts */
707 if (daemon->dhcp || daemon->doing_dhcp6)
708 lease_find_interfaces(now);
709 #endif
710
711 #ifdef HAVE_TFTP
712 if (option_bool(OPT_TFTP))
713 {
714 #ifdef FD_SETSIZE
715 if (FD_SETSIZE < (unsigned)max_fd)
716 max_fd = FD_SETSIZE;
717 #endif
718
719 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
720 daemon->tftp_prefix ? _("root is ") : _("enabled"),
721 daemon->tftp_prefix ? daemon->tftp_prefix: "",
722 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
723
724 /* This is a guess, it assumes that for small limits,
725 disjoint files might be served, but for large limits,
726 a single file will be sent to may clients (the file only needs
727 one fd). */
728
729 max_fd -= 30; /* use other than TFTP */
730
731 if (max_fd < 0)
732 max_fd = 5;
733 else if (max_fd < 100)
734 max_fd = max_fd/2;
735 else
736 max_fd = max_fd - 20;
737
738 /* if we have to use a limited range of ports,
739 that will limit the number of transfers */
740 if (daemon->start_tftp_port != 0 &&
741 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
742 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
743
744 if (daemon->tftp_max > max_fd)
745 {
746 daemon->tftp_max = max_fd;
747 my_syslog(MS_TFTP | LOG_WARNING,
748 _("restricting maximum simultaneous TFTP transfers to %d"),
749 daemon->tftp_max);
750 }
751 }
752 #endif
753
754 /* finished start-up - release original process */
755 if (err_pipe[1] != -1)
756 close(err_pipe[1]);
757
758 if (daemon->port != 0)
759 check_servers();
760
761 pid = getpid();
762
763 while (1)
764 {
765 int maxfd = -1;
766 struct timeval t, *tp = NULL;
767 fd_set rset, wset, eset;
768
769 FD_ZERO(&rset);
770 FD_ZERO(&wset);
771 FD_ZERO(&eset);
772
773 /* if we are out of resources, find how long we have to wait
774 for some to come free, we'll loop around then and restart
775 listening for queries */
776 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
777 {
778 t.tv_usec = 0;
779 tp = &t;
780 }
781
782 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
783 if (daemon->tftp_trans ||
784 (option_bool(OPT_DBUS) && !daemon->dbus))
785 {
786 t.tv_sec = 0;
787 t.tv_usec = 250000;
788 tp = &t;
789 }
790 /* Wake every second whilst waiting for DAD to complete */
791 else if (is_dad_listeners())
792 {
793 t.tv_sec = 1;
794 t.tv_usec = 0;
795 tp = &t;
796 }
797
798 #ifdef HAVE_DBUS
799 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
800 #endif
801
802 #ifdef HAVE_DHCP
803 if (daemon->dhcp || daemon->relay4)
804 {
805 FD_SET(daemon->dhcpfd, &rset);
806 bump_maxfd(daemon->dhcpfd, &maxfd);
807 if (daemon->pxefd != -1)
808 {
809 FD_SET(daemon->pxefd, &rset);
810 bump_maxfd(daemon->pxefd, &maxfd);
811 }
812 }
813 #endif
814
815 #ifdef HAVE_DHCP6
816 if (daemon->doing_dhcp6 || daemon->relay6)
817 {
818 FD_SET(daemon->dhcp6fd, &rset);
819 bump_maxfd(daemon->dhcp6fd, &maxfd);
820 }
821
822 if (daemon->doing_ra)
823 {
824 FD_SET(daemon->icmp6fd, &rset);
825 bump_maxfd(daemon->icmp6fd, &maxfd);
826 }
827 #endif
828
829 #ifdef HAVE_LINUX_NETWORK
830 FD_SET(daemon->netlinkfd, &rset);
831 bump_maxfd(daemon->netlinkfd, &maxfd);
832 #endif
833
834 FD_SET(piperead, &rset);
835 bump_maxfd(piperead, &maxfd);
836
837 #ifdef HAVE_DHCP
838 # ifdef HAVE_SCRIPT
839 while (helper_buf_empty() && do_script_run(now));
840
841 # ifdef HAVE_TFTP
842 while (helper_buf_empty() && do_tftp_script_run());
843 # endif
844
845 if (!helper_buf_empty())
846 {
847 FD_SET(daemon->helperfd, &wset);
848 bump_maxfd(daemon->helperfd, &maxfd);
849 }
850 # else
851 /* need this for other side-effects */
852 while (do_script_run(now));
853
854 # ifdef HAVE_TFTP
855 while (do_tftp_script_run());
856 # endif
857
858 # endif
859 #endif
860
861 /* must do this just before select(), when we know no
862 more calls to my_syslog() can occur */
863 set_log_writer(&wset, &maxfd);
864
865 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
866 {
867 /* otherwise undefined after error */
868 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
869 }
870
871 now = dnsmasq_time();
872
873 check_log_writer(&wset);
874
875 /* prime. */
876 enumerate_interfaces(1);
877
878 /* Check the interfaces to see if any have exited DAD state
879 and if so, bind the address. */
880 if (is_dad_listeners())
881 {
882 enumerate_interfaces(0);
883 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
884 create_bound_listeners(0);
885 }
886
887 #ifdef HAVE_LINUX_NETWORK
888 if (FD_ISSET(daemon->netlinkfd, &rset))
889 netlink_multicast(now);
890 #endif
891
892 /* Check for changes to resolv files once per second max. */
893 /* Don't go silent for long periods if the clock goes backwards. */
894 if (daemon->last_resolv == 0 ||
895 difftime(now, daemon->last_resolv) > 1.0 ||
896 difftime(now, daemon->last_resolv) < -1.0)
897 {
898 /* poll_resolv doesn't need to reload first time through, since
899 that's queued anyway. */
900
901 poll_resolv(0, daemon->last_resolv != 0, now);
902 daemon->last_resolv = now;
903 }
904
905 if (FD_ISSET(piperead, &rset))
906 async_event(piperead, now);
907
908 #ifdef HAVE_DBUS
909 /* if we didn't create a DBus connection, retry now. */
910 if (option_bool(OPT_DBUS) && !daemon->dbus)
911 {
912 char *err;
913 if ((err = dbus_init()))
914 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
915 if (daemon->dbus)
916 my_syslog(LOG_INFO, _("connected to system DBus"));
917 }
918 check_dbus_listeners(&rset, &wset, &eset);
919 #endif
920
921 check_dns_listeners(&rset, now);
922
923 #ifdef HAVE_TFTP
924 check_tftp_listeners(&rset, now);
925 #endif
926
927 #ifdef HAVE_DHCP
928 if (daemon->dhcp || daemon->relay4)
929 {
930 if (FD_ISSET(daemon->dhcpfd, &rset))
931 dhcp_packet(now, 0);
932 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
933 dhcp_packet(now, 1);
934 }
935
936 #ifdef HAVE_DHCP6
937 if ((daemon->doing_dhcp6 || daemon->relay6) && FD_ISSET(daemon->dhcp6fd, &rset))
938 dhcp6_packet(now);
939
940 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
941 icmp6_packet(now);
942 #endif
943
944 # ifdef HAVE_SCRIPT
945 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
946 helper_write();
947 # endif
948 #endif
949
950 }
951 }
952
953 static void sig_handler(int sig)
954 {
955 if (pid == 0)
956 {
957 /* ignore anything other than TERM during startup
958 and in helper proc. (helper ignore TERM too) */
959 if (sig == SIGTERM)
960 exit(EC_MISC);
961 }
962 else if (pid != getpid())
963 {
964 /* alarm is used to kill TCP children after a fixed time. */
965 if (sig == SIGALRM)
966 _exit(0);
967 }
968 else
969 {
970 /* master process */
971 int event, errsave = errno;
972
973 if (sig == SIGHUP)
974 event = EVENT_RELOAD;
975 else if (sig == SIGCHLD)
976 event = EVENT_CHILD;
977 else if (sig == SIGALRM)
978 event = EVENT_ALARM;
979 else if (sig == SIGTERM)
980 event = EVENT_TERM;
981 else if (sig == SIGUSR1)
982 event = EVENT_DUMP;
983 else if (sig == SIGUSR2)
984 event = EVENT_REOPEN;
985 else
986 return;
987
988 send_event(pipewrite, event, 0, NULL);
989 errno = errsave;
990 }
991 }
992
993 /* now == 0 -> queue immediate callback */
994 void send_alarm(time_t event, time_t now)
995 {
996 if (now == 0 || event != 0)
997 {
998 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
999 if ((now == 0 || difftime(event, now) <= 0.0))
1000 send_event(pipewrite, EVENT_ALARM, 0, NULL);
1001 else
1002 alarm((unsigned)difftime(event, now));
1003 }
1004 }
1005
1006 void send_event(int fd, int event, int data, char *msg)
1007 {
1008 struct event_desc ev;
1009 struct iovec iov[2];
1010
1011 ev.event = event;
1012 ev.data = data;
1013 ev.msg_sz = msg ? strlen(msg) : 0;
1014
1015 iov[0].iov_base = &ev;
1016 iov[0].iov_len = sizeof(ev);
1017 iov[1].iov_base = msg;
1018 iov[1].iov_len = ev.msg_sz;
1019
1020 /* error pipe, debug mode. */
1021 if (fd == -1)
1022 fatal_event(&ev, msg);
1023 else
1024 /* pipe is non-blocking and struct event_desc is smaller than
1025 PIPE_BUF, so this either fails or writes everything */
1026 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
1027 }
1028
1029 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1030 to describe fatal errors. */
1031 static int read_event(int fd, struct event_desc *evp, char **msg)
1032 {
1033 char *buf;
1034
1035 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1036 return 0;
1037
1038 *msg = NULL;
1039
1040 if (evp->msg_sz != 0 &&
1041 (buf = malloc(evp->msg_sz + 1)) &&
1042 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1043 {
1044 buf[evp->msg_sz] = 0;
1045 *msg = buf;
1046 }
1047
1048 return 1;
1049 }
1050
1051 static void fatal_event(struct event_desc *ev, char *msg)
1052 {
1053 errno = ev->data;
1054
1055 switch (ev->event)
1056 {
1057 case EVENT_DIE:
1058 exit(0);
1059
1060 case EVENT_FORK_ERR:
1061 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1062
1063 case EVENT_PIPE_ERR:
1064 die(_("failed to create helper: %s"), NULL, EC_MISC);
1065
1066 case EVENT_CAP_ERR:
1067 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1068
1069 case EVENT_USER_ERR:
1070 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1071
1072 case EVENT_GROUP_ERR:
1073 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1074
1075 case EVENT_PIDFILE:
1076 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1077
1078 case EVENT_LOG_ERR:
1079 die(_("cannot open log %s: %s"), msg, EC_FILE);
1080
1081 case EVENT_LUA_ERR:
1082 die(_("failed to load Lua script: %s"), msg, EC_MISC);
1083
1084 case EVENT_TFTP_ERR:
1085 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1086 }
1087 }
1088
1089 static void async_event(int pipe, time_t now)
1090 {
1091 pid_t p;
1092 struct event_desc ev;
1093 int i;
1094 char *msg;
1095
1096 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1097 to describe fatal errors. */
1098
1099 if (read_event(pipe, &ev, &msg))
1100 switch (ev.event)
1101 {
1102 case EVENT_RELOAD:
1103 clear_cache_and_reload(now);
1104 if (daemon->port != 0 && daemon->resolv_files && option_bool(OPT_NO_POLL))
1105 {
1106 reload_servers(daemon->resolv_files->name);
1107 check_servers();
1108 }
1109 #ifdef HAVE_DHCP
1110 rerun_scripts();
1111 #endif
1112 break;
1113
1114 case EVENT_DUMP:
1115 if (daemon->port != 0)
1116 dump_cache(now);
1117 break;
1118
1119 case EVENT_ALARM:
1120 #ifdef HAVE_DHCP
1121 if (daemon->dhcp || daemon->doing_dhcp6)
1122 {
1123 lease_prune(NULL, now);
1124 lease_update_file(now);
1125 }
1126 #ifdef HAVE_DHCP6
1127 else if (daemon->doing_ra)
1128 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1129 send_alarm(periodic_ra(now), now);
1130 #endif
1131 #endif
1132 break;
1133
1134 case EVENT_CHILD:
1135 /* See Stevens 5.10 */
1136 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1137 if (p == -1)
1138 {
1139 if (errno != EINTR)
1140 break;
1141 }
1142 else
1143 for (i = 0 ; i < MAX_PROCS; i++)
1144 if (daemon->tcp_pids[i] == p)
1145 daemon->tcp_pids[i] = 0;
1146 break;
1147
1148 case EVENT_KILLED:
1149 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
1150 break;
1151
1152 case EVENT_EXITED:
1153 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
1154 break;
1155
1156 case EVENT_EXEC_ERR:
1157 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1158 daemon->lease_change_command, strerror(ev.data));
1159 break;
1160
1161 /* necessary for fatal errors in helper */
1162 case EVENT_USER_ERR:
1163 case EVENT_DIE:
1164 case EVENT_LUA_ERR:
1165 fatal_event(&ev, msg);
1166 break;
1167
1168 case EVENT_REOPEN:
1169 /* Note: this may leave TCP-handling processes with the old file still open.
1170 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1171 we leave them logging to the old file. */
1172 if (daemon->log_file != NULL)
1173 log_reopen(daemon->log_file);
1174
1175 #ifdef HAVE_TOMATO
1176 tomato_helper(now); //possibly delete & write out leases for tomato
1177 #endif //TOMATO
1178 /* following is Asus tweak. Interestingly Asus read the dnsmasq leases db
1179 directly. They signal dnsmasq to update via SIGUSR2 and wait 1 second
1180 assuming the file will be complete by the time they come to parse it.
1181 Race conditions anyone? What if dnsmasq happens to be updating the
1182 file anyway? */
1183 #if defined(HAVE_DHCP) && defined(HAVE_LEASEFILE_EXPIRE) && !defined(HAVE_TOMATO)
1184 if (daemon->dhcp || daemon->dhcp6)
1185 flush_lease_file(now);
1186 #endif
1187 break;
1188
1189 case EVENT_TERM:
1190 /* Knock all our children on the head. */
1191 for (i = 0; i < MAX_PROCS; i++)
1192 if (daemon->tcp_pids[i] != 0)
1193 kill(daemon->tcp_pids[i], SIGALRM);
1194
1195 #if defined(HAVE_SCRIPT)
1196 /* handle pending lease transitions */
1197 if (daemon->helperfd != -1)
1198 {
1199 /* block in writes until all done */
1200 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1201 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1202 do {
1203 helper_write();
1204 } while (!helper_buf_empty() || do_script_run(now));
1205 close(daemon->helperfd);
1206 }
1207 #endif
1208
1209 //Originally TOMATO tweak
1210 #if defined(HAVE_DHCP) && defined(HAVE_LEASEFILE_EXPIRE)
1211 if (daemon->dhcp || daemon->dhcp6)
1212 flush_lease_file(now);
1213 #endif
1214
1215 if (daemon->lease_stream)
1216 fclose(daemon->lease_stream);
1217
1218 if (daemon->runfile)
1219 unlink(daemon->runfile);
1220
1221 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1222 flush_log();
1223 exit(EC_GOOD);
1224 }
1225 }
1226
1227 void poll_resolv(int force, int do_reload, time_t now)
1228 {
1229 struct resolvc *res, *latest;
1230 struct stat statbuf;
1231 time_t last_change = 0;
1232 /* There may be more than one possible file.
1233 Go through and find the one which changed _last_.
1234 Warn of any which can't be read. */
1235
1236 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
1237 return;
1238
1239 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1240 if (stat(res->name, &statbuf) == -1)
1241 {
1242 if (force)
1243 {
1244 res->mtime = 0;
1245 continue;
1246 }
1247
1248 if (!res->logged)
1249 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1250 res->logged = 1;
1251
1252 if (res->mtime != 0)
1253 {
1254 /* existing file evaporated, force selection of the latest
1255 file even if its mtime hasn't changed since we last looked */
1256 poll_resolv(1, do_reload, now);
1257 return;
1258 }
1259 }
1260 else
1261 {
1262 res->logged = 0;
1263 if (force || (statbuf.st_mtime != res->mtime))
1264 {
1265 res->mtime = statbuf.st_mtime;
1266 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1267 {
1268 last_change = statbuf.st_mtime;
1269 latest = res;
1270 }
1271 }
1272 }
1273
1274 if (latest)
1275 {
1276 static int warned = 0;
1277 if (reload_servers(latest->name))
1278 {
1279 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1280 warned = 0;
1281 check_servers();
1282 if (option_bool(OPT_RELOAD) && do_reload)
1283 clear_cache_and_reload(now);
1284 }
1285 else
1286 {
1287 latest->mtime = 0;
1288 if (!warned)
1289 {
1290 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1291 warned = 1;
1292 }
1293 }
1294 }
1295 }
1296
1297 void clear_cache_and_reload(time_t now)
1298 {
1299 (void)now;
1300
1301 if (daemon->port != 0)
1302 cache_reload();
1303
1304 #ifdef HAVE_DHCP
1305 if (daemon->dhcp || daemon->doing_dhcp6)
1306 {
1307 if (option_bool(OPT_ETHERS))
1308 dhcp_read_ethers();
1309 reread_dhcp();
1310 dhcp_update_configs(daemon->dhcp_conf);
1311 lease_update_from_configs();
1312 lease_update_file(now);
1313 lease_update_dns(1);
1314 }
1315 #ifdef HAVE_DHCP6
1316 else if (daemon->doing_ra)
1317 /* Not doing DHCP, so no lease system, manage
1318 alarms for ra only */
1319 send_alarm(periodic_ra(now), now);
1320 #endif
1321 #endif
1322 }
1323
1324 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1325 {
1326 struct serverfd *serverfdp;
1327 struct listener *listener;
1328 int wait = 0, i;
1329
1330 #ifdef HAVE_TFTP
1331 int tftp = 0;
1332 struct tftp_transfer *transfer;
1333 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1334 {
1335 tftp++;
1336 FD_SET(transfer->sockfd, set);
1337 bump_maxfd(transfer->sockfd, maxfdp);
1338 }
1339 #endif
1340
1341 /* will we be able to get memory? */
1342 if (daemon->port != 0)
1343 get_new_frec(now, &wait);
1344
1345 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1346 {
1347 FD_SET(serverfdp->fd, set);
1348 bump_maxfd(serverfdp->fd, maxfdp);
1349 }
1350
1351 if (daemon->port != 0 && !daemon->osport)
1352 for (i = 0; i < RANDOM_SOCKS; i++)
1353 if (daemon->randomsocks[i].refcount != 0)
1354 {
1355 FD_SET(daemon->randomsocks[i].fd, set);
1356 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1357 }
1358
1359 for (listener = daemon->listeners; listener; listener = listener->next)
1360 {
1361 /* only listen for queries if we have resources */
1362 if (listener->fd != -1 && wait == 0)
1363 {
1364 FD_SET(listener->fd, set);
1365 bump_maxfd(listener->fd, maxfdp);
1366 }
1367
1368 /* death of a child goes through the select loop, so
1369 we don't need to explicitly arrange to wake up here */
1370 if (listener->tcpfd != -1)
1371 for (i = 0; i < MAX_PROCS; i++)
1372 if (daemon->tcp_pids[i] == 0)
1373 {
1374 FD_SET(listener->tcpfd, set);
1375 bump_maxfd(listener->tcpfd, maxfdp);
1376 break;
1377 }
1378
1379 #ifdef HAVE_TFTP
1380 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1381 {
1382 FD_SET(listener->tftpfd, set);
1383 bump_maxfd(listener->tftpfd, maxfdp);
1384 }
1385 #endif
1386
1387 }
1388
1389 return wait;
1390 }
1391
1392 static void check_dns_listeners(fd_set *set, time_t now)
1393 {
1394 struct serverfd *serverfdp;
1395 struct listener *listener;
1396 int i;
1397
1398 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1399 if (FD_ISSET(serverfdp->fd, set))
1400 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1401
1402 if (daemon->port != 0 && !daemon->osport)
1403 for (i = 0; i < RANDOM_SOCKS; i++)
1404 if (daemon->randomsocks[i].refcount != 0 &&
1405 FD_ISSET(daemon->randomsocks[i].fd, set))
1406 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1407
1408 for (listener = daemon->listeners; listener; listener = listener->next)
1409 {
1410 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1411 receive_query(listener, now);
1412
1413 #ifdef HAVE_TFTP
1414 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1415 tftp_request(listener, now);
1416 #endif
1417
1418 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1419 {
1420 int confd, client_ok = 1;
1421 struct irec *iface = NULL;
1422 pid_t p;
1423 union mysockaddr tcp_addr;
1424 socklen_t tcp_len = sizeof(union mysockaddr);
1425
1426 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1427
1428 if (confd == -1)
1429 continue;
1430
1431 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1432 {
1433 close(confd);
1434 continue;
1435 }
1436
1437 /* Make sure that the interface list is up-to-date.
1438
1439 We do this here as we may need the results below, and
1440 the DNS code needs them for --interface-name stuff.
1441
1442 Multiple calls to enumerate_interfaces() per select loop are
1443 inhibited, so calls to it in the child process (which doesn't select())
1444 have no effect. This avoids two processes reading from the same
1445 netlink fd and screwing the pooch entirely.
1446 */
1447
1448 enumerate_interfaces(0);
1449
1450 if (option_bool(OPT_NOWILD))
1451 iface = listener->iface; /* May be NULL */
1452 else
1453 {
1454 int if_index;
1455 char intr_name[IF_NAMESIZE];
1456
1457 /* if we can find the arrival interface, check it's one that's allowed */
1458 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1459 indextoname(listener->tcpfd, if_index, intr_name))
1460 {
1461 struct all_addr addr;
1462 addr.addr.addr4 = tcp_addr.in.sin_addr;
1463 #ifdef HAVE_IPV6
1464 if (tcp_addr.sa.sa_family == AF_INET6)
1465 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
1466 #endif
1467
1468 for (iface = daemon->interfaces; iface; iface = iface->next)
1469 if (iface->index == if_index)
1470 break;
1471
1472 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1473 client_ok = 0;
1474 }
1475
1476 if (option_bool(OPT_CLEVERBIND))
1477 iface = listener->iface; /* May be NULL */
1478 else
1479 {
1480 /* Check for allowed interfaces when binding the wildcard address:
1481 we do this by looking for an interface with the same address as
1482 the local address of the TCP connection, then looking to see if that's
1483 an allowed interface. As a side effect, we get the netmask of the
1484 interface too, for localisation. */
1485
1486 for (iface = daemon->interfaces; iface; iface = iface->next)
1487 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1488 break;
1489
1490 if (!iface)
1491 client_ok = 0;
1492 }
1493 }
1494
1495 if (!client_ok)
1496 {
1497 shutdown(confd, SHUT_RDWR);
1498 close(confd);
1499 }
1500 #ifndef NO_FORK
1501 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
1502 {
1503 if (p != -1)
1504 {
1505 int i;
1506 for (i = 0; i < MAX_PROCS; i++)
1507 if (daemon->tcp_pids[i] == 0)
1508 {
1509 daemon->tcp_pids[i] = p;
1510 break;
1511 }
1512 }
1513 close(confd);
1514 }
1515 #endif
1516 else
1517 {
1518 unsigned char *buff;
1519 struct server *s;
1520 int flags;
1521 struct in_addr netmask;
1522 int auth_dns;
1523
1524 if (iface)
1525 {
1526 netmask = iface->netmask;
1527 auth_dns = iface->dns_auth;
1528 }
1529 else
1530 {
1531 netmask.s_addr = 0;
1532 auth_dns = 0;
1533 }
1534
1535 #ifndef NO_FORK
1536 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1537 terminate the process. */
1538 if (!option_bool(OPT_DEBUG))
1539 alarm(CHILD_LIFETIME);
1540 #endif
1541
1542 /* start with no upstream connections. */
1543 for (s = daemon->servers; s; s = s->next)
1544 s->tcpfd = -1;
1545
1546 /* The connected socket inherits non-blocking
1547 attribute from the listening socket.
1548 Reset that here. */
1549 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1550 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1551
1552 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
1553
1554 shutdown(confd, SHUT_RDWR);
1555 close(confd);
1556
1557 if (buff)
1558 free(buff);
1559
1560 for (s = daemon->servers; s; s = s->next)
1561 if (s->tcpfd != -1)
1562 {
1563 shutdown(s->tcpfd, SHUT_RDWR);
1564 close(s->tcpfd);
1565 }
1566 #ifndef NO_FORK
1567 if (!option_bool(OPT_DEBUG))
1568 {
1569 flush_log();
1570 _exit(0);
1571 }
1572 #endif
1573 }
1574 }
1575 }
1576 }
1577
1578 #ifdef HAVE_DHCP
1579 int make_icmp_sock(void)
1580 {
1581 int fd;
1582 int zeroopt = 0;
1583
1584 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1585 {
1586 if (!fix_fd(fd) ||
1587 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1588 {
1589 close(fd);
1590 fd = -1;
1591 }
1592 }
1593
1594 return fd;
1595 }
1596
1597 int icmp_ping(struct in_addr addr)
1598 {
1599 /* Try and get an ICMP echo from a machine. */
1600
1601 /* Note that whilst in the three second wait, we check for
1602 (and service) events on the DNS and TFTP sockets, (so doing that
1603 better not use any resources our caller has in use...)
1604 but we remain deaf to signals or further DHCP packets. */
1605
1606 int fd;
1607 struct sockaddr_in saddr;
1608 struct {
1609 struct ip ip;
1610 struct icmp icmp;
1611 } packet;
1612 unsigned short id = rand16();
1613 unsigned int i, j;
1614 int gotreply = 0;
1615 time_t start, now;
1616
1617 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1618 if ((fd = make_icmp_sock()) == -1)
1619 return 0;
1620 #else
1621 int opt = 2000;
1622 fd = daemon->dhcp_icmp_fd;
1623 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1624 #endif
1625
1626 saddr.sin_family = AF_INET;
1627 saddr.sin_port = 0;
1628 saddr.sin_addr = addr;
1629 #ifdef HAVE_SOCKADDR_SA_LEN
1630 saddr.sin_len = sizeof(struct sockaddr_in);
1631 #endif
1632
1633 memset(&packet.icmp, 0, sizeof(packet.icmp));
1634 packet.icmp.icmp_type = ICMP_ECHO;
1635 packet.icmp.icmp_id = id;
1636 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1637 j += ((u16 *)&packet.icmp)[i];
1638 while (j>>16)
1639 j = (j & 0xffff) + (j >> 16);
1640 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1641
1642 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1643 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1644 retry_send());
1645
1646 for (now = start = dnsmasq_time();
1647 difftime(now, start) < (float)PING_WAIT;)
1648 {
1649 struct timeval tv;
1650 fd_set rset, wset;
1651 struct sockaddr_in faddr;
1652 int maxfd = fd;
1653 socklen_t len = sizeof(faddr);
1654
1655 tv.tv_usec = 250000;
1656 tv.tv_sec = 0;
1657
1658 FD_ZERO(&rset);
1659 FD_ZERO(&wset);
1660 FD_SET(fd, &rset);
1661 set_dns_listeners(now, &rset, &maxfd);
1662 set_log_writer(&wset, &maxfd);
1663
1664 #ifdef HAVE_DHCP6
1665 if (daemon->doing_ra)
1666 {
1667 FD_SET(daemon->icmp6fd, &rset);
1668 bump_maxfd(daemon->icmp6fd, &maxfd);
1669 }
1670 #endif
1671
1672 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1673 {
1674 FD_ZERO(&rset);
1675 FD_ZERO(&wset);
1676 }
1677
1678 now = dnsmasq_time();
1679
1680 check_log_writer(&wset);
1681 check_dns_listeners(&rset, now);
1682
1683 #ifdef HAVE_DHCP6
1684 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1685 icmp6_packet(now);
1686 #endif
1687
1688 #ifdef HAVE_TFTP
1689 check_tftp_listeners(&rset, now);
1690 #endif
1691
1692 if (FD_ISSET(fd, &rset) &&
1693 recvfrom(fd, &packet, sizeof(packet), 0,
1694 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1695 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1696 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1697 packet.icmp.icmp_seq == 0 &&
1698 packet.icmp.icmp_id == id)
1699 {
1700 gotreply = 1;
1701 break;
1702 }
1703 }
1704
1705 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1706 close(fd);
1707 #else
1708 opt = 1;
1709 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1710 #endif
1711
1712 return gotreply;
1713 }
1714 #endif
1715
1716
Tomato firmware and modifications.