1 /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 #ifdef HAVE_LINUX_NETWORK
21 int indextoname(int fd
, int index
, char *name
)
28 ifr
.ifr_ifindex
= index
;
29 if (ioctl(fd
, SIOCGIFNAME
, &ifr
) == -1)
32 strncpy(name
, ifr
.ifr_name
, IF_NAMESIZE
);
38 #elif defined(HAVE_SOLARIS_NETWORK)
42 #ifndef LIFC_UNDER_IPMP
43 # define LIFC_UNDER_IPMP 0
46 int indextoname(int fd
, int index
, char *name
)
50 int numifs
, bufsize
, i
;
57 if (getzoneid() == GLOBAL_ZONEID
)
59 if (!if_indextoname(index
, name
))
64 lifc_flags
= LIFC_NOXMIT
| LIFC_TEMPORARY
| LIFC_ALLZONES
| LIFC_UNDER_IPMP
;
65 lifn
.lifn_family
= AF_UNSPEC
;
66 lifn
.lifn_flags
= lifc_flags
;
67 if (ioctl(fd
, SIOCGLIFNUM
, &lifn
) < 0)
70 numifs
= lifn
.lifn_count
;
71 bufsize
= numifs
* sizeof(struct lifreq
);
73 lifc
.lifc_family
= AF_UNSPEC
;
74 lifc
.lifc_flags
= lifc_flags
;
75 lifc
.lifc_len
= bufsize
;
76 lifc
.lifc_buf
= alloca(bufsize
);
78 if (ioctl(fd
, SIOCGLIFCONF
, &lifc
) < 0)
81 lifrp
= lifc
.lifc_req
;
82 for (i
= lifc
.lifc_len
/ sizeof(struct lifreq
); i
; i
--, lifrp
++)
85 strncpy(lifr
.lifr_name
, lifrp
->lifr_name
, IF_NAMESIZE
);
86 if (ioctl(fd
, SIOCGLIFINDEX
, &lifr
) < 0)
89 if (lifr
.lifr_index
== index
) {
90 strncpy(name
, lifr
.lifr_name
, IF_NAMESIZE
);
100 int indextoname(int fd
, int index
, char *name
)
104 if (index
== 0 || !if_indextoname(index
, name
))
112 int iface_check(int family
, struct all_addr
*addr
, char *name
, int *auth
)
115 int ret
= 1, match_addr
= 0;
117 /* Note: have to check all and not bail out early, so that we set the
120 May be called with family == AF_LOCALto check interface by name only. */
125 if (daemon
->if_names
|| daemon
->if_addrs
)
129 for (tmp
= daemon
->if_names
; tmp
; tmp
= tmp
->next
)
130 if (tmp
->name
&& wildcard_match(tmp
->name
, name
))
134 for (tmp
= daemon
->if_addrs
; tmp
; tmp
= tmp
->next
)
135 if (tmp
->addr
.sa
.sa_family
== family
)
137 if (family
== AF_INET
&&
138 tmp
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
139 ret
= match_addr
= tmp
->used
= 1;
141 else if (family
== AF_INET6
&&
142 IN6_ARE_ADDR_EQUAL(&tmp
->addr
.in6
.sin6_addr
,
144 ret
= match_addr
= tmp
->used
= 1;
150 for (tmp
= daemon
->if_except
; tmp
; tmp
= tmp
->next
)
151 if (tmp
->name
&& wildcard_match(tmp
->name
, name
))
155 for (tmp
= daemon
->authinterface
; tmp
; tmp
= tmp
->next
)
158 if (strcmp(tmp
->name
, name
) == 0)
161 else if (addr
&& tmp
->addr
.sa
.sa_family
== AF_INET
&& family
== AF_INET
&&
162 tmp
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
165 else if (addr
&& tmp
->addr
.sa
.sa_family
== AF_INET6
&& family
== AF_INET6
&&
166 IN6_ARE_ADDR_EQUAL(&tmp
->addr
.in6
.sin6_addr
, &addr
->addr
.addr6
))
180 /* Fix for problem that the kernel sometimes reports the loopback inerface as the
181 arrival interface when a packet originates locally, even when sent to address of
182 an interface other than the loopback. Accept packet if it arrived via a loopback
183 interface, even when we're not accepting packets that way, as long as the destination
184 address is one we're believing. Interface list must be up-to-date before calling. */
185 int loopback_exception(int fd
, int family
, struct all_addr
*addr
, char *name
)
190 strncpy(ifr
.ifr_name
, name
, IF_NAMESIZE
);
191 if (ioctl(fd
, SIOCGIFFLAGS
, &ifr
) != -1 &&
192 ifr
.ifr_flags
& IFF_LOOPBACK
)
194 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
195 if (iface
->addr
.sa
.sa_family
== family
)
197 if (family
== AF_INET
)
199 if (iface
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
203 else if (IN6_ARE_ADDR_EQUAL(&iface
->addr
.in6
.sin6_addr
, &addr
->addr
.addr6
))
212 /* If we're configured with something like --interface=eth0:0 then we'll listen correctly
213 on the relevant address, but the name of the arrival interface, derived from the
214 index won't match the config. Check that we found an interface address for the arrival
215 interface: daemon->interfaces must be up-to-date. */
216 int label_exception(int index
, int family
, struct all_addr
*addr
)
220 /* labels only supported on IPv4 addresses. */
221 if (family
!= AF_INET
)
224 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
225 if (iface
->index
== index
&& iface
->addr
.sa
.sa_family
== AF_INET
&&
226 iface
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
233 struct addrlist
*spare
;
237 static int iface_allowed(struct iface_param
*param
, int if_index
, char *label
,
238 union mysockaddr
*addr
, struct in_addr netmask
, int dad
)
241 int mtu
= 0, loopback
;
243 int tftp_ok
= !!option_bool(OPT_TFTP
);
246 #if defined(HAVE_DHCP) || defined(HAVE_TFTP)
250 if (!indextoname(param
->fd
, if_index
, ifr
.ifr_name
) ||
251 ioctl(param
->fd
, SIOCGIFFLAGS
, &ifr
) == -1)
254 loopback
= ifr
.ifr_flags
& IFF_LOOPBACK
;
259 if (ioctl(param
->fd
, SIOCGIFMTU
, &ifr
) != -1)
263 label
= ifr
.ifr_name
;
266 /* Update addresses from interface_names. These are a set independent
267 of the set we're listening on. */
269 if (addr
->sa
.sa_family
!= AF_INET6
|| !IN6_IS_ADDR_LINKLOCAL(&addr
->in6
.sin6_addr
))
272 struct interface_name
*int_name
;
275 for (int_name
= daemon
->int_names
; int_name
; int_name
= int_name
->next
)
276 if (strncmp(label
, int_name
->intr
, IF_NAMESIZE
) == 0)
281 param
->spare
= al
->next
;
284 al
= whine_malloc(sizeof(struct addrlist
));
288 if (addr
->sa
.sa_family
== AF_INET
)
290 al
->addr
.addr
.addr4
= addr
->in
.sin_addr
;
291 al
->next
= int_name
->addr4
;
292 int_name
->addr4
= al
;
297 al
->addr
.addr
.addr6
= addr
->in6
.sin6_addr
;
298 al
->next
= int_name
->addr6
;
299 int_name
->addr6
= al
;
306 /* check whether the interface IP has been added already
307 we call this routine multiple times. */
308 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
309 if (sockaddr_isequal(&iface
->addr
, addr
))
315 /* If we are restricting the set of interfaces to use, make
316 sure that loopback interfaces are in that set. */
317 if (daemon
->if_names
&& loopback
)
320 for (lo
= daemon
->if_names
; lo
; lo
= lo
->next
)
321 if (lo
->name
&& strcmp(lo
->name
, ifr
.ifr_name
) == 0)
324 if (!lo
&& (lo
= whine_malloc(sizeof(struct iname
))))
326 if ((lo
->name
= whine_malloc(strlen(ifr
.ifr_name
)+1)))
328 strcpy(lo
->name
, ifr
.ifr_name
);
330 lo
->next
= daemon
->if_names
;
331 daemon
->if_names
= lo
;
338 if (addr
->sa
.sa_family
== AF_INET
&&
339 !iface_check(AF_INET
, (struct all_addr
*)&addr
->in
.sin_addr
, label
, &auth_dns
))
343 if (addr
->sa
.sa_family
== AF_INET6
&&
344 !iface_check(AF_INET6
, (struct all_addr
*)&addr
->in6
.sin6_addr
, label
, &auth_dns
))
349 /* No DHCP where we're doing auth DNS. */
356 for (tmp
= daemon
->dhcp_except
; tmp
; tmp
= tmp
->next
)
357 if (tmp
->name
&& wildcard_match(tmp
->name
, ifr
.ifr_name
))
366 if (daemon
->tftp_interfaces
)
368 /* dedicated tftp interface list */
370 for (tmp
= daemon
->tftp_interfaces
; tmp
; tmp
= tmp
->next
)
371 if (tmp
->name
&& wildcard_match(tmp
->name
, ifr
.ifr_name
))
377 if ((iface
= whine_malloc(sizeof(struct irec
))))
380 iface
->netmask
= netmask
;
381 iface
->tftp_ok
= tftp_ok
;
382 iface
->dhcp_ok
= dhcp_ok
;
383 iface
->dns_auth
= auth_dns
;
386 iface
->done
= iface
->multicast_done
= 0;
387 iface
->index
= if_index
;
388 if ((iface
->name
= whine_malloc(strlen(ifr
.ifr_name
)+1)))
390 strcpy(iface
->name
, ifr
.ifr_name
);
391 iface
->next
= daemon
->interfaces
;
392 daemon
->interfaces
= iface
;
404 static int iface_allowed_v6(struct in6_addr
*local
, int prefix
,
405 int scope
, int if_index
, int flags
,
406 int preferred
, int valid
, void *vparam
)
408 union mysockaddr addr
;
409 struct in_addr netmask
; /* dummy */
412 (void)prefix
; /* warning */
413 (void)scope
; /* warning */
417 memset(&addr
, 0, sizeof(addr
));
418 #ifdef HAVE_SOCKADDR_SA_LEN
419 addr
.in6
.sin6_len
= sizeof(addr
.in6
);
421 addr
.in6
.sin6_family
= AF_INET6
;
422 addr
.in6
.sin6_addr
= *local
;
423 addr
.in6
.sin6_port
= htons(daemon
->port
);
424 addr
.in6
.sin6_scope_id
= if_index
;
426 return iface_allowed((struct iface_param
*)vparam
, if_index
, NULL
, &addr
, netmask
, !!(flags
& IFACE_TENTATIVE
));
430 static int iface_allowed_v4(struct in_addr local
, int if_index
, char *label
,
431 struct in_addr netmask
, struct in_addr broadcast
, void *vparam
)
433 union mysockaddr addr
;
435 memset(&addr
, 0, sizeof(addr
));
436 #ifdef HAVE_SOCKADDR_SA_LEN
437 addr
.in
.sin_len
= sizeof(addr
.in
);
439 addr
.in
.sin_family
= AF_INET
;
440 addr
.in
.sin_addr
= broadcast
; /* warning */
441 addr
.in
.sin_addr
= local
;
442 addr
.in
.sin_port
= htons(daemon
->port
);
444 return iface_allowed((struct iface_param
*)vparam
, if_index
, label
, &addr
, netmask
, 0);
447 int enumerate_interfaces(int reset
)
449 static struct addrlist
*spare
= NULL
;
450 static int done
= 0, active
= 0;
451 struct iface_param param
;
452 int errsave
, ret
= 1;
453 struct addrlist
*addr
, *tmp
;
454 struct interface_name
*intname
;
456 /* Do this max once per select cycle - also inhibits netlink socket use
457 in TCP child processes. */
470 /* protect against recusive calls from iface_enumerate(); */
473 if ((param
.fd
= socket(PF_INET
, SOCK_DGRAM
, 0)) == -1)
476 /* remove addresses stored against interface_names */
477 for (intname
= daemon
->int_names
; intname
; intname
= intname
->next
)
479 for (addr
= intname
->addr4
; addr
; addr
= tmp
)
486 intname
->addr4
= NULL
;
489 for (addr
= intname
->addr6
; addr
; addr
= tmp
)
496 intname
->addr6
= NULL
;
503 ret
= iface_enumerate(AF_INET6
, ¶m
, iface_allowed_v6
);
507 ret
= iface_enumerate(AF_INET
, ¶m
, iface_allowed_v4
);
519 /* set NONBLOCK bit on fd: See Stevens 16.6 */
524 if ((flags
= fcntl(fd
, F_GETFL
)) == -1 ||
525 fcntl(fd
, F_SETFL
, flags
| O_NONBLOCK
) == -1)
531 static int make_sock(union mysockaddr
*addr
, int type
, int dienow
)
533 int family
= addr
->sa
.sa_family
;
536 if ((fd
= socket(family
, type
, 0)) == -1)
541 /* No error if the kernel just doesn't support this IP flavour */
542 if (errno
== EPROTONOSUPPORT
||
543 errno
== EAFNOSUPPORT
||
548 port
= prettyprint_addr(addr
, daemon
->addrbuff
);
549 if (!option_bool(OPT_NOWILD
) && !option_bool(OPT_CLEVERBIND
))
550 sprintf(daemon
->addrbuff
, "port %d", port
);
551 s
= _("failed to create listening socket for %s: %s");
558 /* failure to bind addresses given by --listen-address at this point
559 is OK if we're doing bind-dynamic */
560 if (!option_bool(OPT_CLEVERBIND
))
561 die(s
, daemon
->addrbuff
, EC_BADNET
);
564 my_syslog(LOG_WARNING
, s
, daemon
->addrbuff
, strerror(errno
));
569 if (setsockopt(fd
, SOL_SOCKET
, SO_REUSEADDR
, &opt
, sizeof(opt
)) == -1 || !fix_fd(fd
))
573 if (family
== AF_INET6
&& setsockopt(fd
, IPPROTO_IPV6
, IPV6_V6ONLY
, &opt
, sizeof(opt
)) == -1)
577 if ((rc
= bind(fd
, (struct sockaddr
*)addr
, sa_len(addr
))) == -1)
580 if (type
== SOCK_STREAM
)
582 if (listen(fd
, 5) == -1)
585 else if (!option_bool(OPT_NOWILD
))
587 if (family
== AF_INET
)
589 #if defined(HAVE_LINUX_NETWORK)
590 if (setsockopt(fd
, IPPROTO_IP
, IP_PKTINFO
, &opt
, sizeof(opt
)) == -1)
592 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
593 if (setsockopt(fd
, IPPROTO_IP
, IP_RECVDSTADDR
, &opt
, sizeof(opt
)) == -1 ||
594 setsockopt(fd
, IPPROTO_IP
, IP_RECVIF
, &opt
, sizeof(opt
)) == -1)
599 else if (!set_ipv6pktinfo(fd
))
608 int set_ipv6pktinfo(int fd
)
612 /* The API changed around Linux 2.6.14 but the old ABI is still supported:
613 handle all combinations of headers and kernel.
614 OpenWrt note that this fixes the problem addressed by your very broken patch. */
615 daemon
->v6pktinfo
= IPV6_PKTINFO
;
617 #ifdef IPV6_RECVPKTINFO
618 if (setsockopt(fd
, IPPROTO_IPV6
, IPV6_RECVPKTINFO
, &opt
, sizeof(opt
)) != -1)
620 # ifdef IPV6_2292PKTINFO
621 else if (errno
== ENOPROTOOPT
&& setsockopt(fd
, IPPROTO_IPV6
, IPV6_2292PKTINFO
, &opt
, sizeof(opt
)) != -1)
623 daemon
->v6pktinfo
= IPV6_2292PKTINFO
;
628 if (setsockopt(fd
, IPPROTO_IPV6
, IPV6_PKTINFO
, &opt
, sizeof(opt
)) != -1)
637 /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
638 int tcp_interface(int fd
, int af
)
642 #ifdef HAVE_LINUX_NETWORK
644 struct cmsghdr
*cmptr
;
647 /* use mshdr do that the CMSDG_* macros are available */
648 msg
.msg_control
= daemon
->packet
;
649 msg
.msg_controllen
= daemon
->packet_buff_sz
;
651 /* we overwrote the buffer... */
652 daemon
->srv_save
= NULL
;
656 if (setsockopt(fd
, IPPROTO_IP
, IP_PKTINFO
, &opt
, sizeof(opt
)) != -1 &&
657 getsockopt(fd
, IPPROTO_IP
, IP_PKTOPTIONS
, msg
.msg_control
, (socklen_t
*)&msg
.msg_controllen
) != -1)
658 for (cmptr
= CMSG_FIRSTHDR(&msg
); cmptr
; cmptr
= CMSG_NXTHDR(&msg
, cmptr
))
659 if (cmptr
->cmsg_level
== IPPROTO_IP
&& cmptr
->cmsg_type
== IP_PKTINFO
)
663 struct in_pktinfo
*p
;
666 p
.c
= CMSG_DATA(cmptr
);
667 if_index
= p
.p
->ipi_ifindex
;
673 /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
674 it was removed in RFC-3542 !!!!
676 Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
677 uses the old ABI, and should work with pre- and post-3542 kernel headers */
679 #ifdef IPV6_2292PKTOPTIONS
680 # define PKTOPTIONS IPV6_2292PKTOPTIONS
682 # define PKTOPTIONS IPV6_PKTOPTIONS
685 if (set_ipv6pktinfo(fd
) &&
686 getsockopt(fd
, IPPROTO_IPV6
, PKTOPTIONS
, msg
.msg_control
, (socklen_t
*)&msg
.msg_controllen
) != -1)
688 for (cmptr
= CMSG_FIRSTHDR(&msg
); cmptr
; cmptr
= CMSG_NXTHDR(&msg
, cmptr
))
689 if (cmptr
->cmsg_level
== IPPROTO_IPV6
&& cmptr
->cmsg_type
== daemon
->v6pktinfo
)
693 struct in6_pktinfo
*p
;
695 p
.c
= CMSG_DATA(cmptr
);
697 if_index
= p
.p
->ipi6_ifindex
;
707 static struct listener
*create_listeners(union mysockaddr
*addr
, int do_tftp
, int dienow
)
709 struct listener
*l
= NULL
;
710 int fd
= -1, tcpfd
= -1, tftpfd
= -1;
714 if (daemon
->port
!= 0)
716 fd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
717 tcpfd
= make_sock(addr
, SOCK_STREAM
, dienow
);
723 if (addr
->sa
.sa_family
== AF_INET
)
725 /* port must be restored to DNS port for TCP code */
726 short save
= addr
->in
.sin_port
;
727 addr
->in
.sin_port
= htons(TFTP_PORT
);
728 tftpfd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
729 addr
->in
.sin_port
= save
;
734 short save
= addr
->in6
.sin6_port
;
735 addr
->in6
.sin6_port
= htons(TFTP_PORT
);
736 tftpfd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
737 addr
->in6
.sin6_port
= save
;
743 if (fd
!= -1 || tcpfd
!= -1 || tftpfd
!= -1)
745 l
= safe_malloc(sizeof(struct listener
));
747 l
->family
= addr
->sa
.sa_family
;
756 void create_wildcard_listeners(void)
758 union mysockaddr addr
;
759 struct listener
*l
, *l6
;
761 memset(&addr
, 0, sizeof(addr
));
762 #ifdef HAVE_SOCKADDR_SA_LEN
763 addr
.in
.sin_len
= sizeof(addr
.in
);
765 addr
.in
.sin_family
= AF_INET
;
766 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
767 addr
.in
.sin_port
= htons(daemon
->port
);
769 l
= create_listeners(&addr
, !!option_bool(OPT_TFTP
), 1);
772 memset(&addr
, 0, sizeof(addr
));
773 # ifdef HAVE_SOCKADDR_SA_LEN
774 addr
.in6
.sin6_len
= sizeof(addr
.in6
);
776 addr
.in6
.sin6_family
= AF_INET6
;
777 addr
.in6
.sin6_addr
= in6addr_any
;
778 addr
.in6
.sin6_port
= htons(daemon
->port
);
780 l6
= create_listeners(&addr
, !!option_bool(OPT_TFTP
), 1);
787 daemon
->listeners
= l
;
790 void create_bound_listeners(int dienow
)
792 struct listener
*new;
794 struct iname
*if_tmp
;
796 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
797 if (!iface
->done
&& !iface
->dad
&&
798 (new = create_listeners(&iface
->addr
, iface
->tftp_ok
, dienow
)))
801 new->next
= daemon
->listeners
;
802 daemon
->listeners
= new;
806 /* Check for --listen-address options that haven't been used because there's
807 no interface with a matching address. These may be valid: eg it's possible
808 to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
810 If the address isn't valid the bind() will fail and we'll die()
811 (except in bind-dynamic mode, when we'll complain but keep trying.)
813 The resulting listeners have the ->iface field NULL, and this has to be
814 handled by the DNS and TFTP code. It disables --localise-queries processing
815 (no netmask) and some MTU login the tftp code. */
817 for (if_tmp
= daemon
->if_addrs
; if_tmp
; if_tmp
= if_tmp
->next
)
819 (new = create_listeners(&if_tmp
->addr
, !!option_bool(OPT_TFTP
), dienow
)))
822 new->next
= daemon
->listeners
;
823 daemon
->listeners
= new;
827 int is_dad_listeners(void)
831 if (option_bool(OPT_NOWILD
))
832 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
833 if (iface
->dad
&& !iface
->done
)
840 void join_multicast(int dienow
)
842 struct irec
*iface
, *tmp
;
844 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
845 if (iface
->addr
.sa
.sa_family
== AF_INET6
&& iface
->dhcp_ok
&& !iface
->multicast_done
)
847 /* There's an irec per address but we only want to join for multicast
848 once per interface. Weed out duplicates. */
849 for (tmp
= daemon
->interfaces
; tmp
; tmp
= tmp
->next
)
850 if (tmp
->multicast_done
&& tmp
->index
== iface
->index
)
853 iface
->multicast_done
= 1;
857 struct ipv6_mreq mreq
;
860 mreq
.ipv6mr_interface
= iface
->index
;
862 inet_pton(AF_INET6
, ALL_RELAY_AGENTS_AND_SERVERS
, &mreq
.ipv6mr_multiaddr
);
864 if ((daemon
->doing_dhcp6
|| daemon
->relay6
) &&
865 setsockopt(daemon
->dhcp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
868 inet_pton(AF_INET6
, ALL_SERVERS
, &mreq
.ipv6mr_multiaddr
);
870 if (daemon
->doing_dhcp6
&&
871 setsockopt(daemon
->dhcp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
874 inet_pton(AF_INET6
, ALL_ROUTERS
, &mreq
.ipv6mr_multiaddr
);
876 if (daemon
->doing_ra
&&
877 setsockopt(daemon
->icmp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
882 char *s
= _("interface %s failed to join DHCPv6 multicast group: %s");
884 die(s
, iface
->name
, EC_BADNET
);
886 my_syslog(LOG_ERR
, s
, iface
->name
, strerror(errno
));
893 /* return a UDP socket bound to a random port, have to cope with straying into
894 occupied port nos and reserved ones. */
895 int random_sock(int family
)
899 if ((fd
= socket(family
, SOCK_DGRAM
, 0)) != -1)
901 union mysockaddr addr
;
902 unsigned int ports_avail
= 65536u - (unsigned short)daemon
->min_port
;
903 int tries
= ports_avail
< 30 ? 3 * ports_avail
: 100;
905 memset(&addr
, 0, sizeof(addr
));
906 addr
.sa
.sa_family
= family
;
908 /* don't loop forever if all ports in use. */
913 unsigned short port
= rand16();
915 if (daemon
->min_port
!= 0)
916 port
= htons(daemon
->min_port
+ (port
% ((unsigned short)ports_avail
)));
918 if (family
== AF_INET
)
920 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
921 addr
.in
.sin_port
= port
;
922 #ifdef HAVE_SOCKADDR_SA_LEN
923 addr
.in
.sin_len
= sizeof(struct sockaddr_in
);
929 addr
.in6
.sin6_addr
= in6addr_any
;
930 addr
.in6
.sin6_port
= port
;
931 #ifdef HAVE_SOCKADDR_SA_LEN
932 addr
.in6
.sin6_len
= sizeof(struct sockaddr_in6
);
937 if (bind(fd
, (struct sockaddr
*)&addr
, sa_len(&addr
)) == 0)
940 if (errno
!= EADDRINUSE
&& errno
!= EACCES
)
951 int local_bind(int fd
, union mysockaddr
*addr
, char *intname
, int is_tcp
)
953 union mysockaddr addr_copy
= *addr
;
955 /* cannot set source _port_ for TCP connections. */
958 if (addr_copy
.sa
.sa_family
== AF_INET
)
959 addr_copy
.in
.sin_port
= 0;
962 addr_copy
.in6
.sin6_port
= 0;
966 if (bind(fd
, (struct sockaddr
*)&addr_copy
, sa_len(&addr_copy
)) == -1)
969 #if defined(SO_BINDTODEVICE)
970 if (intname
[0] != 0 &&
971 setsockopt(fd
, SOL_SOCKET
, SO_BINDTODEVICE
, intname
, IF_NAMESIZE
) == -1)
978 static struct serverfd
*allocate_sfd(union mysockaddr
*addr
, char *intname
)
980 struct serverfd
*sfd
;
983 /* when using random ports, servers which would otherwise use
984 the INADDR_ANY/port0 socket have sfd set to NULL */
985 if (!daemon
->osport
&& intname
[0] == 0)
989 if (addr
->sa
.sa_family
== AF_INET
&&
990 addr
->in
.sin_addr
.s_addr
== INADDR_ANY
&&
991 addr
->in
.sin_port
== htons(0))
995 if (addr
->sa
.sa_family
== AF_INET6
&&
996 memcmp(&addr
->in6
.sin6_addr
, &in6addr_any
, sizeof(in6addr_any
)) == 0 &&
997 addr
->in6
.sin6_port
== htons(0))
1002 /* may have a suitable one already */
1003 for (sfd
= daemon
->sfds
; sfd
; sfd
= sfd
->next
)
1004 if (sockaddr_isequal(&sfd
->source_addr
, addr
) &&
1005 strcmp(intname
, sfd
->interface
) == 0)
1008 /* need to make a new one. */
1009 errno
= ENOMEM
; /* in case malloc fails. */
1010 if (!(sfd
= whine_malloc(sizeof(struct serverfd
))))
1013 if ((sfd
->fd
= socket(addr
->sa
.sa_family
, SOCK_DGRAM
, 0)) == -1)
1019 if (!local_bind(sfd
->fd
, addr
, intname
, 0) || !fix_fd(sfd
->fd
))
1021 errsave
= errno
; /* save error from bind. */
1028 strcpy(sfd
->interface
, intname
);
1029 sfd
->source_addr
= *addr
;
1030 sfd
->next
= daemon
->sfds
;
1035 /* create upstream sockets during startup, before root is dropped which may be needed
1036 this allows query_port to be a low port and interface binding */
1037 void pre_allocate_sfds(void)
1041 if (daemon
->query_port
!= 0)
1043 union mysockaddr addr
;
1044 memset(&addr
, 0, sizeof(addr
));
1045 addr
.in
.sin_family
= AF_INET
;
1046 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
1047 addr
.in
.sin_port
= htons(daemon
->query_port
);
1048 #ifdef HAVE_SOCKADDR_SA_LEN
1049 addr
.in
.sin_len
= sizeof(struct sockaddr_in
);
1051 allocate_sfd(&addr
, "");
1053 memset(&addr
, 0, sizeof(addr
));
1054 addr
.in6
.sin6_family
= AF_INET6
;
1055 addr
.in6
.sin6_addr
= in6addr_any
;
1056 addr
.in6
.sin6_port
= htons(daemon
->query_port
);
1057 #ifdef HAVE_SOCKADDR_SA_LEN
1058 addr
.in6
.sin6_len
= sizeof(struct sockaddr_in6
);
1060 allocate_sfd(&addr
, "");
1064 for (srv
= daemon
->servers
; srv
; srv
= srv
->next
)
1065 if (!(srv
->flags
& (SERV_LITERAL_ADDRESS
| SERV_NO_ADDR
| SERV_USE_RESOLV
| SERV_NO_REBIND
)) &&
1066 !allocate_sfd(&srv
->source_addr
, srv
->interface
) &&
1068 option_bool(OPT_NOWILD
))
1070 prettyprint_addr(&srv
->source_addr
, daemon
->namebuff
);
1071 if (srv
->interface
[0] != 0)
1073 strcat(daemon
->namebuff
, " ");
1074 strcat(daemon
->namebuff
, srv
->interface
);
1076 die(_("failed to bind server socket for %s: %s"),
1077 daemon
->namebuff
, EC_BADNET
);
1082 void check_servers(void)
1085 struct server
*new, *tmp
, *ret
= NULL
;
1088 /* interface may be new since startup */
1089 if (!option_bool(OPT_NOWILD
))
1090 enumerate_interfaces(0);
1092 for (new = daemon
->servers
; new; new = tmp
)
1096 if (!(new->flags
& (SERV_LITERAL_ADDRESS
| SERV_NO_ADDR
| SERV_USE_RESOLV
| SERV_NO_REBIND
)))
1098 port
= prettyprint_addr(&new->addr
, daemon
->namebuff
);
1100 /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
1101 if (new->addr
.sa
.sa_family
== AF_INET
&&
1102 new->addr
.in
.sin_addr
.s_addr
== 0)
1108 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1109 if (sockaddr_isequal(&new->addr
, &iface
->addr
))
1113 my_syslog(LOG_WARNING
, _("ignoring nameserver %s - local interface"), daemon
->namebuff
);
1118 /* Do we need a socket set? */
1120 !(new->sfd
= allocate_sfd(&new->source_addr
, new->interface
)) &&
1123 my_syslog(LOG_WARNING
,
1124 _("ignoring nameserver %s - cannot make/bind socket: %s"),
1125 daemon
->namebuff
, strerror(errno
));
1131 /* reverse order - gets it right. */
1135 if (!(new->flags
& SERV_NO_REBIND
))
1137 if (new->flags
& (SERV_HAS_DOMAIN
| SERV_FOR_NODOTS
| SERV_USE_RESOLV
))
1140 if (!(new->flags
& SERV_HAS_DOMAIN
))
1141 s1
= _("unqualified"), s2
= _("names");
1142 else if (strlen(new->domain
) == 0)
1143 s1
= _("default"), s2
= "";
1145 s1
= _("domain"), s2
= new->domain
;
1147 if (new->flags
& SERV_NO_ADDR
)
1148 my_syslog(LOG_INFO
, _("using local addresses only for %s %s"), s1
, s2
);
1149 else if (new->flags
& SERV_USE_RESOLV
)
1150 my_syslog(LOG_INFO
, _("using standard nameservers for %s %s"), s1
, s2
);
1151 else if (!(new->flags
& SERV_LITERAL_ADDRESS
))
1152 my_syslog(LOG_INFO
, _("using nameserver %s#%d for %s %s"), daemon
->namebuff
, port
, s1
, s2
);
1154 else if (new->interface
[0] != 0)
1155 my_syslog(LOG_INFO
, _("using nameserver %s#%d(via %s)"), daemon
->namebuff
, port
, new->interface
);
1157 my_syslog(LOG_INFO
, _("using nameserver %s#%d"), daemon
->namebuff
, port
);
1161 daemon
->servers
= ret
;
1164 /* Return zero if no servers found, in that case we keep polling.
1165 This is a protection against an update-time/write race on resolv.conf */
1166 int reload_servers(char *fname
)
1170 struct server
*old_servers
= NULL
;
1171 struct server
*new_servers
= NULL
;
1172 struct server
*serv
;
1175 /* buff happens to be MAXDNAME long... */
1176 if (!(f
= fopen(fname
, "r")))
1178 my_syslog(LOG_ERR
, _("failed to read %s: %s"), fname
, strerror(errno
));
1182 /* move old servers to free list - we can reuse the memory
1183 and not risk malloc if there are the same or fewer new servers.
1184 Servers which were specced on the command line go to the new list. */
1185 for (serv
= daemon
->servers
; serv
;)
1187 struct server
*tmp
= serv
->next
;
1188 if (serv
->flags
& SERV_FROM_RESOLV
)
1190 serv
->next
= old_servers
;
1192 /* forward table rules reference servers, so have to blow them away */
1197 serv
->next
= new_servers
;
1203 while ((line
= fgets(daemon
->namebuff
, MAXDNAME
, f
)))
1205 union mysockaddr addr
, source_addr
;
1206 char *token
= strtok(line
, " \t\n\r");
1210 if (strcmp(token
, "nameserver") != 0 && strcmp(token
, "server") != 0)
1212 if (!(token
= strtok(NULL
, " \t\n\r")))
1215 memset(&addr
, 0, sizeof(addr
));
1216 memset(&source_addr
, 0, sizeof(source_addr
));
1218 if ((addr
.in
.sin_addr
.s_addr
= inet_addr(token
)) != (in_addr_t
) -1)
1220 #ifdef HAVE_SOCKADDR_SA_LEN
1221 source_addr
.in
.sin_len
= addr
.in
.sin_len
= sizeof(source_addr
.in
);
1223 source_addr
.in
.sin_family
= addr
.in
.sin_family
= AF_INET
;
1224 addr
.in
.sin_port
= htons(NAMESERVER_PORT
);
1225 source_addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
1226 source_addr
.in
.sin_port
= htons(daemon
->query_port
);
1231 int scope_index
= 0;
1232 char *scope_id
= strchr(token
, '%');
1237 scope_index
= if_nametoindex(scope_id
);
1240 if (inet_pton(AF_INET6
, token
, &addr
.in6
.sin6_addr
) > 0)
1242 #ifdef HAVE_SOCKADDR_SA_LEN
1243 source_addr
.in6
.sin6_len
= addr
.in6
.sin6_len
= sizeof(source_addr
.in6
);
1245 source_addr
.in6
.sin6_family
= addr
.in6
.sin6_family
= AF_INET6
;
1246 source_addr
.in6
.sin6_flowinfo
= addr
.in6
.sin6_flowinfo
= 0;
1247 addr
.in6
.sin6_port
= htons(NAMESERVER_PORT
);
1248 addr
.in6
.sin6_scope_id
= scope_index
;
1249 source_addr
.in6
.sin6_addr
= in6addr_any
;
1250 source_addr
.in6
.sin6_port
= htons(daemon
->query_port
);
1251 source_addr
.in6
.sin6_scope_id
= 0;
1264 old_servers
= old_servers
->next
;
1266 else if (!(serv
= whine_malloc(sizeof (struct server
))))
1269 /* this list is reverse ordered:
1270 it gets reversed again in check_servers */
1271 serv
->next
= new_servers
;
1274 serv
->source_addr
= source_addr
;
1275 serv
->domain
= NULL
;
1276 serv
->interface
[0] = 0;
1278 serv
->flags
= SERV_FROM_RESOLV
;
1279 serv
->queries
= serv
->failed_queries
= 0;
1283 /* Free any memory not used. */
1286 struct server
*tmp
= old_servers
->next
;
1291 daemon
->servers
= new_servers
;