search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dnsmasq: v2.67test16 patch Sept.25th/2013.
[tomato.git] / release / src / router / dnsmasq / src / network.c
blobfc0346e146bd720e4ca17030537f5bb1c93ee5f2
1 /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 #include "dnsmasq.h"
18
19 #ifdef HAVE_LINUX_NETWORK
20
21 int indextoname(int fd, int index, char *name)
22 {
23 struct ifreq ifr;
24
25 if (index == 0)
26 return 0;
27
28 ifr.ifr_ifindex = index;
29 if (ioctl(fd, SIOCGIFNAME, &ifr) == -1)
30 return 0;
31
32 strncpy(name, ifr.ifr_name, IF_NAMESIZE);
33
34 return 1;
35 }
36
37
38 #elif defined(HAVE_SOLARIS_NETWORK)
39
40 #include <zone.h>
41 #include <alloca.h>
42 #ifndef LIFC_UNDER_IPMP
43 # define LIFC_UNDER_IPMP 0
44 #endif
45
46 int indextoname(int fd, int index, char *name)
47 {
48 int64_t lifc_flags;
49 struct lifnum lifn;
50 int numifs, bufsize, i;
51 struct lifconf lifc;
52 struct lifreq *lifrp;
53
54 if (index == 0)
55 return 0;
56
57 if (getzoneid() == GLOBAL_ZONEID)
58 {
59 if (!if_indextoname(index, name))
60 return 0;
61 return 1;
62 }
63
64 lifc_flags = LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES | LIFC_UNDER_IPMP;
65 lifn.lifn_family = AF_UNSPEC;
66 lifn.lifn_flags = lifc_flags;
67 if (ioctl(fd, SIOCGLIFNUM, &lifn) < 0)
68 return 0;
69
70 numifs = lifn.lifn_count;
71 bufsize = numifs * sizeof(struct lifreq);
72
73 lifc.lifc_family = AF_UNSPEC;
74 lifc.lifc_flags = lifc_flags;
75 lifc.lifc_len = bufsize;
76 lifc.lifc_buf = alloca(bufsize);
77
78 if (ioctl(fd, SIOCGLIFCONF, &lifc) < 0)
79 return 0;
80
81 lifrp = lifc.lifc_req;
82 for (i = lifc.lifc_len / sizeof(struct lifreq); i; i--, lifrp++)
83 {
84 struct lifreq lifr;
85 strncpy(lifr.lifr_name, lifrp->lifr_name, IF_NAMESIZE);
86 if (ioctl(fd, SIOCGLIFINDEX, &lifr) < 0)
87 return 0;
88
89 if (lifr.lifr_index == index) {
90 strncpy(name, lifr.lifr_name, IF_NAMESIZE);
91 return 1;
92 }
93 }
94 return 0;
95 }
96
97
98 #else
99
100 int indextoname(int fd, int index, char *name)
101 {
102 (void)fd;
103
104 if (index == 0 || !if_indextoname(index, name))
105 return 0;
106
107 return 1;
108 }
109
110 #endif
111
112 int iface_check(int family, struct all_addr *addr, char *name, int *auth)
113 {
114 struct iname *tmp;
115 int ret = 1, match_addr = 0;
116
117 /* Note: have to check all and not bail out early, so that we set the
118 "used" flags.
119
120 May be called with family == AF_LOCALto check interface by name only. */
121
122 if (auth)
123 *auth = 0;
124
125 if (daemon->if_names || daemon->if_addrs)
126 {
127 ret = 0;
128
129 for (tmp = daemon->if_names; tmp; tmp = tmp->next)
130 if (tmp->name && wildcard_match(tmp->name, name))
131 ret = tmp->used = 1;
132
133 if (addr)
134 for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
135 if (tmp->addr.sa.sa_family == family)
136 {
137 if (family == AF_INET &&
138 tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
139 ret = match_addr = tmp->used = 1;
140 #ifdef HAVE_IPV6
141 else if (family == AF_INET6 &&
142 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr,
143 &addr->addr.addr6))
144 ret = match_addr = tmp->used = 1;
145 #endif
146 }
147 }
148
149 if (!match_addr)
150 for (tmp = daemon->if_except; tmp; tmp = tmp->next)
151 if (tmp->name && wildcard_match(tmp->name, name))
152 ret = 0;
153
154
155 for (tmp = daemon->authinterface; tmp; tmp = tmp->next)
156 if (tmp->name)
157 {
158 if (strcmp(tmp->name, name) == 0)
159 break;
160 }
161 else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET &&
162 tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
163 break;
164 #ifdef HAVE_IPV6
165 else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 &&
166 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6))
167 break;
168 #endif
169
170 if (tmp && auth)
171 {
172 *auth = 1;
173 ret = 1;
174 }
175
176 return ret;
177 }
178
179
180 /* Fix for problem that the kernel sometimes reports the loopback inerface as the
181 arrival interface when a packet originates locally, even when sent to address of
182 an interface other than the loopback. Accept packet if it arrived via a loopback
183 interface, even when we're not accepting packets that way, as long as the destination
184 address is one we're believing. Interface list must be up-to-date before calling. */
185 int loopback_exception(int fd, int family, struct all_addr *addr, char *name)
186 {
187 struct ifreq ifr;
188 struct irec *iface;
189
190 strncpy(ifr.ifr_name, name, IF_NAMESIZE);
191 if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 &&
192 ifr.ifr_flags & IFF_LOOPBACK)
193 {
194 for (iface = daemon->interfaces; iface; iface = iface->next)
195 if (iface->addr.sa.sa_family == family)
196 {
197 if (family == AF_INET)
198 {
199 if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
200 return 1;
201 }
202 #ifdef HAVE_IPV6
203 else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6))
204 return 1;
205 #endif
206
207 }
208 }
209 return 0;
210 }
211
212 /* If we're configured with something like --interface=eth0:0 then we'll listen correctly
213 on the relevant address, but the name of the arrival interface, derived from the
214 index won't match the config. Check that we found an interface address for the arrival
215 interface: daemon->interfaces must be up-to-date. */
216 int label_exception(int index, int family, struct all_addr *addr)
217 {
218 struct irec *iface;
219
220 /* labels only supported on IPv4 addresses. */
221 if (family != AF_INET)
222 return 0;
223
224 for (iface = daemon->interfaces; iface; iface = iface->next)
225 if (iface->index == index && iface->addr.sa.sa_family == AF_INET &&
226 iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
227 return 1;
228
229 return 0;
230 }
231
232 struct iface_param {
233 struct addrlist *spare;
234 int fd;
235 };
236
237 static int iface_allowed(struct iface_param *param, int if_index, char *label,
238 union mysockaddr *addr, struct in_addr netmask, int dad)
239 {
240 struct irec *iface;
241 int mtu = 0, loopback;
242 struct ifreq ifr;
243 int tftp_ok = !!option_bool(OPT_TFTP);
244 int dhcp_ok = 1;
245 int auth_dns = 0;
246 #if defined(HAVE_DHCP) || defined(HAVE_TFTP)
247 struct iname *tmp;
248 #endif
249
250 if (!indextoname(param->fd, if_index, ifr.ifr_name) ||
251 ioctl(param->fd, SIOCGIFFLAGS, &ifr) == -1)
252 return 0;
253
254 loopback = ifr.ifr_flags & IFF_LOOPBACK;
255
256 if (loopback)
257 dhcp_ok = 0;
258
259 if (ioctl(param->fd, SIOCGIFMTU, &ifr) != -1)
260 mtu = ifr.ifr_mtu;
261
262 if (!label)
263 label = ifr.ifr_name;
264
265
266 /* Update addresses from interface_names. These are a set independent
267 of the set we're listening on. */
268 #ifdef HAVE_IPV6
269 if (addr->sa.sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr))
270 #endif
271 {
272 struct interface_name *int_name;
273 struct addrlist *al;
274
275 for (int_name = daemon->int_names; int_name; int_name = int_name->next)
276 if (strncmp(label, int_name->intr, IF_NAMESIZE) == 0)
277 {
278 if (param->spare)
279 {
280 al = param->spare;
281 param->spare = al->next;
282 }
283 else
284 al = whine_malloc(sizeof(struct addrlist));
285
286 if (al)
287 {
288 if (addr->sa.sa_family == AF_INET)
289 {
290 al->addr.addr.addr4 = addr->in.sin_addr;
291 al->next = int_name->addr4;
292 int_name->addr4 = al;
293 }
294 #ifdef HAVE_IPV6
295 else
296 {
297 al->addr.addr.addr6 = addr->in6.sin6_addr;
298 al->next = int_name->addr6;
299 int_name->addr6 = al;
300 }
301 #endif
302 }
303 }
304 }
305
306 /* check whether the interface IP has been added already
307 we call this routine multiple times. */
308 for (iface = daemon->interfaces; iface; iface = iface->next)
309 if (sockaddr_isequal(&iface->addr, addr))
310 {
311 iface->dad = dad;
312 return 1;
313 }
314
315 /* If we are restricting the set of interfaces to use, make
316 sure that loopback interfaces are in that set. */
317 if (daemon->if_names && loopback)
318 {
319 struct iname *lo;
320 for (lo = daemon->if_names; lo; lo = lo->next)
321 if (lo->name && strcmp(lo->name, ifr.ifr_name) == 0)
322 break;
323
324 if (!lo && (lo = whine_malloc(sizeof(struct iname))))
325 {
326 if ((lo->name = whine_malloc(strlen(ifr.ifr_name)+1)))
327 {
328 strcpy(lo->name, ifr.ifr_name);
329 lo->used = 1;
330 lo->next = daemon->if_names;
331 daemon->if_names = lo;
332 }
333 else
334 free(lo);
335 }
336 }
337
338 if (addr->sa.sa_family == AF_INET &&
339 !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns))
340 return 1;
341
342 #ifdef HAVE_IPV6
343 if (addr->sa.sa_family == AF_INET6 &&
344 !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns))
345 return 1;
346 #endif
347
348 #ifdef HAVE_DHCP
349 /* No DHCP where we're doing auth DNS. */
350 if (auth_dns)
351 {
352 tftp_ok = 0;
353 dhcp_ok = 0;
354 }
355 else
356 for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
357 if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
358 {
359 tftp_ok = 0;
360 dhcp_ok = 0;
361 }
362 #endif
363
364
365 #ifdef HAVE_TFTP
366 if (daemon->tftp_interfaces)
367 {
368 /* dedicated tftp interface list */
369 tftp_ok = 0;
370 for (tmp = daemon->tftp_interfaces; tmp; tmp = tmp->next)
371 if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
372 tftp_ok = 1;
373 }
374 #endif
375
376 /* add to list */
377 if ((iface = whine_malloc(sizeof(struct irec))))
378 {
379 iface->addr = *addr;
380 iface->netmask = netmask;
381 iface->tftp_ok = tftp_ok;
382 iface->dhcp_ok = dhcp_ok;
383 iface->dns_auth = auth_dns;
384 iface->mtu = mtu;
385 iface->dad = dad;
386 iface->done = iface->multicast_done = 0;
387 iface->index = if_index;
388 if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1)))
389 {
390 strcpy(iface->name, ifr.ifr_name);
391 iface->next = daemon->interfaces;
392 daemon->interfaces = iface;
393 return 1;
394 }
395 free(iface);
396
397 }
398
399 errno = ENOMEM;
400 return 0;
401 }
402
403 #ifdef HAVE_IPV6
404 static int iface_allowed_v6(struct in6_addr *local, int prefix,
405 int scope, int if_index, int flags,
406 int preferred, int valid, void *vparam)
407 {
408 union mysockaddr addr;
409 struct in_addr netmask; /* dummy */
410 netmask.s_addr = 0;
411
412 (void)prefix; /* warning */
413 (void)scope; /* warning */
414 (void)preferred;
415 (void)valid;
416
417 memset(&addr, 0, sizeof(addr));
418 #ifdef HAVE_SOCKADDR_SA_LEN
419 addr.in6.sin6_len = sizeof(addr.in6);
420 #endif
421 addr.in6.sin6_family = AF_INET6;
422 addr.in6.sin6_addr = *local;
423 addr.in6.sin6_port = htons(daemon->port);
424 addr.in6.sin6_scope_id = if_index;
425
426 return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, !!(flags & IFACE_TENTATIVE));
427 }
428 #endif
429
430 static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
431 struct in_addr netmask, struct in_addr broadcast, void *vparam)
432 {
433 union mysockaddr addr;
434
435 memset(&addr, 0, sizeof(addr));
436 #ifdef HAVE_SOCKADDR_SA_LEN
437 addr.in.sin_len = sizeof(addr.in);
438 #endif
439 addr.in.sin_family = AF_INET;
440 addr.in.sin_addr = broadcast; /* warning */
441 addr.in.sin_addr = local;
442 addr.in.sin_port = htons(daemon->port);
443
444 return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, 0);
445 }
446
447 int enumerate_interfaces(int reset)
448 {
449 static struct addrlist *spare = NULL;
450 static int done = 0, active = 0;
451 struct iface_param param;
452 int errsave, ret = 1;
453 struct addrlist *addr, *tmp;
454 struct interface_name *intname;
455
456 /* Do this max once per select cycle - also inhibits netlink socket use
457 in TCP child processes. */
458
459 if (reset)
460 {
461 done = 0;
462 return 1;
463 }
464
465 if (done || active)
466 return 1;
467
468 done = 1;
469
470 /* protect against recusive calls from iface_enumerate(); */
471 active = 1;
472
473 if ((param.fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
474 return 0;
475
476 /* remove addresses stored against interface_names */
477 for (intname = daemon->int_names; intname; intname = intname->next)
478 {
479 for (addr = intname->addr4; addr; addr = tmp)
480 {
481 tmp = addr->next;
482 addr->next = spare;
483 spare = addr;
484 }
485
486 intname->addr4 = NULL;
487
488 #ifdef HAVE_IPV6
489 for (addr = intname->addr6; addr; addr = tmp)
490 {
491 tmp = addr->next;
492 addr->next = spare;
493 spare = addr;
494 }
495
496 intname->addr6 = NULL;
497 #endif
498 }
499
500 param.spare = spare;
501
502 #ifdef HAVE_IPV6
503 ret = iface_enumerate(AF_INET6, &param, iface_allowed_v6);
504 #endif
505
506 if (ret)
507 ret = iface_enumerate(AF_INET, &param, iface_allowed_v4);
508
509 errsave = errno;
510 close(param.fd);
511 errno = errsave;
512
513 spare = param.spare;
514 active = 0;
515
516 return ret;
517 }
518
519 /* set NONBLOCK bit on fd: See Stevens 16.6 */
520 int fix_fd(int fd)
521 {
522 int flags;
523
524 if ((flags = fcntl(fd, F_GETFL)) == -1 ||
525 fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
526 return 0;
527
528 return 1;
529 }
530
531 static int make_sock(union mysockaddr *addr, int type, int dienow)
532 {
533 int family = addr->sa.sa_family;
534 int fd, rc, opt = 1;
535
536 if ((fd = socket(family, type, 0)) == -1)
537 {
538 int port;
539 char *s;
540
541 /* No error if the kernel just doesn't support this IP flavour */
542 if (errno == EPROTONOSUPPORT ||
543 errno == EAFNOSUPPORT ||
544 errno == EINVAL)
545 return -1;
546
547 err:
548 port = prettyprint_addr(addr, daemon->addrbuff);
549 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
550 sprintf(daemon->addrbuff, "port %d", port);
551 s = _("failed to create listening socket for %s: %s");
552
553 if (fd != -1)
554 close (fd);
555
556 if (dienow)
557 {
558 /* failure to bind addresses given by --listen-address at this point
559 is OK if we're doing bind-dynamic */
560 if (!option_bool(OPT_CLEVERBIND))
561 die(s, daemon->addrbuff, EC_BADNET);
562 }
563 else
564 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
565
566 return -1;
567 }
568
569 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd))
570 goto err;
571
572 #ifdef HAVE_IPV6
573 if (family == AF_INET6 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
574 goto err;
575 #endif
576
577 if ((rc = bind(fd, (struct sockaddr *)addr, sa_len(addr))) == -1)
578 goto err;
579
580 if (type == SOCK_STREAM)
581 {
582 if (listen(fd, 5) == -1)
583 goto err;
584 }
585 else if (!option_bool(OPT_NOWILD))
586 {
587 if (family == AF_INET)
588 {
589 #if defined(HAVE_LINUX_NETWORK)
590 if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1)
591 goto err;
592 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
593 if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 ||
594 setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1)
595 goto err;
596 #endif
597 }
598 #ifdef HAVE_IPV6
599 else if (!set_ipv6pktinfo(fd))
600 goto err;
601 #endif
602 }
603
604 return fd;
605 }
606
607 #ifdef HAVE_IPV6
608 int set_ipv6pktinfo(int fd)
609 {
610 int opt = 1;
611
612 /* The API changed around Linux 2.6.14 but the old ABI is still supported:
613 handle all combinations of headers and kernel.
614 OpenWrt note that this fixes the problem addressed by your very broken patch. */
615 daemon->v6pktinfo = IPV6_PKTINFO;
616
617 #ifdef IPV6_RECVPKTINFO
618 if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &opt, sizeof(opt)) != -1)
619 return 1;
620 # ifdef IPV6_2292PKTINFO
621 else if (errno == ENOPROTOOPT && setsockopt(fd, IPPROTO_IPV6, IPV6_2292PKTINFO, &opt, sizeof(opt)) != -1)
622 {
623 daemon->v6pktinfo = IPV6_2292PKTINFO;
624 return 1;
625 }
626 # endif
627 #else
628 if (setsockopt(fd, IPPROTO_IPV6, IPV6_PKTINFO, &opt, sizeof(opt)) != -1)
629 return 1;
630 #endif
631
632 return 0;
633 }
634 #endif
635
636
637 /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
638 int tcp_interface(int fd, int af)
639 {
640 int if_index = 0;
641
642 #ifdef HAVE_LINUX_NETWORK
643 int opt = 1;
644 struct cmsghdr *cmptr;
645 struct msghdr msg;
646
647 /* use mshdr do that the CMSDG_* macros are available */
648 msg.msg_control = daemon->packet;
649 msg.msg_controllen = daemon->packet_buff_sz;
650
651 /* we overwrote the buffer... */
652 daemon->srv_save = NULL;
653
654 if (af == AF_INET)
655 {
656 if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) != -1 &&
657 getsockopt(fd, IPPROTO_IP, IP_PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
658 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
659 if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
660 {
661 union {
662 unsigned char *c;
663 struct in_pktinfo *p;
664 } p;
665
666 p.c = CMSG_DATA(cmptr);
667 if_index = p.p->ipi_ifindex;
668 }
669 }
670 #ifdef HAVE_IPV6
671 else
672 {
673 /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
674 it was removed in RFC-3542 !!!!
675
676 Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
677 uses the old ABI, and should work with pre- and post-3542 kernel headers */
678
679 #ifdef IPV6_2292PKTOPTIONS
680 # define PKTOPTIONS IPV6_2292PKTOPTIONS
681 #else
682 # define PKTOPTIONS IPV6_PKTOPTIONS
683 #endif
684
685 if (set_ipv6pktinfo(fd) &&
686 getsockopt(fd, IPPROTO_IPV6, PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
687 {
688 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
689 if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
690 {
691 union {
692 unsigned char *c;
693 struct in6_pktinfo *p;
694 } p;
695 p.c = CMSG_DATA(cmptr);
696
697 if_index = p.p->ipi6_ifindex;
698 }
699 }
700 }
701 #endif /* IPV6 */
702 #endif /* Linux */
703
704 return if_index;
705 }
706
707 static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, int dienow)
708 {
709 struct listener *l = NULL;
710 int fd = -1, tcpfd = -1, tftpfd = -1;
711
712 (void)do_tftp;
713
714 if (daemon->port != 0)
715 {
716 fd = make_sock(addr, SOCK_DGRAM, dienow);
717 tcpfd = make_sock(addr, SOCK_STREAM, dienow);
718 }
719
720 #ifdef HAVE_TFTP
721 if (do_tftp)
722 {
723 if (addr->sa.sa_family == AF_INET)
724 {
725 /* port must be restored to DNS port for TCP code */
726 short save = addr->in.sin_port;
727 addr->in.sin_port = htons(TFTP_PORT);
728 tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
729 addr->in.sin_port = save;
730 }
731 # ifdef HAVE_IPV6
732 else
733 {
734 short save = addr->in6.sin6_port;
735 addr->in6.sin6_port = htons(TFTP_PORT);
736 tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
737 addr->in6.sin6_port = save;
738 }
739 # endif
740 }
741 #endif
742
743 if (fd != -1 || tcpfd != -1 || tftpfd != -1)
744 {
745 l = safe_malloc(sizeof(struct listener));
746 l->next = NULL;
747 l->family = addr->sa.sa_family;
748 l->fd = fd;
749 l->tcpfd = tcpfd;
750 l->tftpfd = tftpfd;
751 }
752
753 return l;
754 }
755
756 void create_wildcard_listeners(void)
757 {
758 union mysockaddr addr;
759 struct listener *l, *l6;
760
761 memset(&addr, 0, sizeof(addr));
762 #ifdef HAVE_SOCKADDR_SA_LEN
763 addr.in.sin_len = sizeof(addr.in);
764 #endif
765 addr.in.sin_family = AF_INET;
766 addr.in.sin_addr.s_addr = INADDR_ANY;
767 addr.in.sin_port = htons(daemon->port);
768
769 l = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
770
771 #ifdef HAVE_IPV6
772 memset(&addr, 0, sizeof(addr));
773 # ifdef HAVE_SOCKADDR_SA_LEN
774 addr.in6.sin6_len = sizeof(addr.in6);
775 # endif
776 addr.in6.sin6_family = AF_INET6;
777 addr.in6.sin6_addr = in6addr_any;
778 addr.in6.sin6_port = htons(daemon->port);
779
780 l6 = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
781 if (l)
782 l->next = l6;
783 else
784 l = l6;
785 #endif
786
787 daemon->listeners = l;
788 }
789
790 void create_bound_listeners(int dienow)
791 {
792 struct listener *new;
793 struct irec *iface;
794 struct iname *if_tmp;
795
796 for (iface = daemon->interfaces; iface; iface = iface->next)
797 if (!iface->done && !iface->dad &&
798 (new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
799 {
800 new->iface = iface;
801 new->next = daemon->listeners;
802 daemon->listeners = new;
803 iface->done = 1;
804 }
805
806 /* Check for --listen-address options that haven't been used because there's
807 no interface with a matching address. These may be valid: eg it's possible
808 to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
809
810 If the address isn't valid the bind() will fail and we'll die()
811 (except in bind-dynamic mode, when we'll complain but keep trying.)
812
813 The resulting listeners have the ->iface field NULL, and this has to be
814 handled by the DNS and TFTP code. It disables --localise-queries processing
815 (no netmask) and some MTU login the tftp code. */
816
817 for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
818 if (!if_tmp->used &&
819 (new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow)))
820 {
821 new->iface = NULL;
822 new->next = daemon->listeners;
823 daemon->listeners = new;
824 }
825 }
826
827 int is_dad_listeners(void)
828 {
829 struct irec *iface;
830
831 if (option_bool(OPT_NOWILD))
832 for (iface = daemon->interfaces; iface; iface = iface->next)
833 if (iface->dad && !iface->done)
834 return 1;
835
836 return 0;
837 }
838
839 #ifdef HAVE_DHCP6
840 void join_multicast(int dienow)
841 {
842 struct irec *iface, *tmp;
843
844 for (iface = daemon->interfaces; iface; iface = iface->next)
845 if (iface->addr.sa.sa_family == AF_INET6 && iface->dhcp_ok && !iface->multicast_done)
846 {
847 /* There's an irec per address but we only want to join for multicast
848 once per interface. Weed out duplicates. */
849 for (tmp = daemon->interfaces; tmp; tmp = tmp->next)
850 if (tmp->multicast_done && tmp->index == iface->index)
851 break;
852
853 iface->multicast_done = 1;
854
855 if (!tmp)
856 {
857 struct ipv6_mreq mreq;
858 int err = 0;
859
860 mreq.ipv6mr_interface = iface->index;
861
862 inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
863
864 if ((daemon->doing_dhcp6 || daemon->relay6) &&
865 setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
866 err = 1;
867
868 inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
869
870 if (daemon->doing_dhcp6 &&
871 setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
872 err = 1;
873
874 inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr);
875
876 if (daemon->doing_ra &&
877 setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
878 err = 1;
879
880 if (err)
881 {
882 char *s = _("interface %s failed to join DHCPv6 multicast group: %s");
883 if (dienow)
884 die(s, iface->name, EC_BADNET);
885 else
886 my_syslog(LOG_ERR, s, iface->name, strerror(errno));
887 }
888 }
889 }
890 }
891 #endif
892
893 /* return a UDP socket bound to a random port, have to cope with straying into
894 occupied port nos and reserved ones. */
895 int random_sock(int family)
896 {
897 int fd;
898
899 if ((fd = socket(family, SOCK_DGRAM, 0)) != -1)
900 {
901 union mysockaddr addr;
902 unsigned int ports_avail = 65536u - (unsigned short)daemon->min_port;
903 int tries = ports_avail < 30 ? 3 * ports_avail : 100;
904
905 memset(&addr, 0, sizeof(addr));
906 addr.sa.sa_family = family;
907
908 /* don't loop forever if all ports in use. */
909
910 if (fix_fd(fd))
911 while(tries--)
912 {
913 unsigned short port = rand16();
914
915 if (daemon->min_port != 0)
916 port = htons(daemon->min_port + (port % ((unsigned short)ports_avail)));
917
918 if (family == AF_INET)
919 {
920 addr.in.sin_addr.s_addr = INADDR_ANY;
921 addr.in.sin_port = port;
922 #ifdef HAVE_SOCKADDR_SA_LEN
923 addr.in.sin_len = sizeof(struct sockaddr_in);
924 #endif
925 }
926 #ifdef HAVE_IPV6
927 else
928 {
929 addr.in6.sin6_addr = in6addr_any;
930 addr.in6.sin6_port = port;
931 #ifdef HAVE_SOCKADDR_SA_LEN
932 addr.in6.sin6_len = sizeof(struct sockaddr_in6);
933 #endif
934 }
935 #endif
936
937 if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0)
938 return fd;
939
940 if (errno != EADDRINUSE && errno != EACCES)
941 break;
942 }
943
944 close(fd);
945 }
946
947 return -1;
948 }
949
950
951 int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp)
952 {
953 union mysockaddr addr_copy = *addr;
954
955 /* cannot set source _port_ for TCP connections. */
956 if (is_tcp)
957 {
958 if (addr_copy.sa.sa_family == AF_INET)
959 addr_copy.in.sin_port = 0;
960 #ifdef HAVE_IPV6
961 else
962 addr_copy.in6.sin6_port = 0;
963 #endif
964 }
965
966 if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) == -1)
967 return 0;
968
969 #if defined(SO_BINDTODEVICE)
970 if (intname[0] != 0 &&
971 setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, IF_NAMESIZE) == -1)
972 return 0;
973 #endif
974
975 return 1;
976 }
977
978 static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname)
979 {
980 struct serverfd *sfd;
981 int errsave;
982
983 /* when using random ports, servers which would otherwise use
984 the INADDR_ANY/port0 socket have sfd set to NULL */
985 if (!daemon->osport && intname[0] == 0)
986 {
987 errno = 0;
988
989 if (addr->sa.sa_family == AF_INET &&
990 addr->in.sin_addr.s_addr == INADDR_ANY &&
991 addr->in.sin_port == htons(0))
992 return NULL;
993
994 #ifdef HAVE_IPV6
995 if (addr->sa.sa_family == AF_INET6 &&
996 memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 &&
997 addr->in6.sin6_port == htons(0))
998 return NULL;
999 #endif
1000 }
1001
1002 /* may have a suitable one already */
1003 for (sfd = daemon->sfds; sfd; sfd = sfd->next )
1004 if (sockaddr_isequal(&sfd->source_addr, addr) &&
1005 strcmp(intname, sfd->interface) == 0)
1006 return sfd;
1007
1008 /* need to make a new one. */
1009 errno = ENOMEM; /* in case malloc fails. */
1010 if (!(sfd = whine_malloc(sizeof(struct serverfd))))
1011 return NULL;
1012
1013 if ((sfd->fd = socket(addr->sa.sa_family, SOCK_DGRAM, 0)) == -1)
1014 {
1015 free(sfd);
1016 return NULL;
1017 }
1018
1019 if (!local_bind(sfd->fd, addr, intname, 0) || !fix_fd(sfd->fd))
1020 {
1021 errsave = errno; /* save error from bind. */
1022 close(sfd->fd);
1023 free(sfd);
1024 errno = errsave;
1025 return NULL;
1026 }
1027
1028 strcpy(sfd->interface, intname);
1029 sfd->source_addr = *addr;
1030 sfd->next = daemon->sfds;
1031 daemon->sfds = sfd;
1032 return sfd;
1033 }
1034
1035 /* create upstream sockets during startup, before root is dropped which may be needed
1036 this allows query_port to be a low port and interface binding */
1037 void pre_allocate_sfds(void)
1038 {
1039 struct server *srv;
1040
1041 if (daemon->query_port != 0)
1042 {
1043 union mysockaddr addr;
1044 memset(&addr, 0, sizeof(addr));
1045 addr.in.sin_family = AF_INET;
1046 addr.in.sin_addr.s_addr = INADDR_ANY;
1047 addr.in.sin_port = htons(daemon->query_port);
1048 #ifdef HAVE_SOCKADDR_SA_LEN
1049 addr.in.sin_len = sizeof(struct sockaddr_in);
1050 #endif
1051 allocate_sfd(&addr, "");
1052 #ifdef HAVE_IPV6
1053 memset(&addr, 0, sizeof(addr));
1054 addr.in6.sin6_family = AF_INET6;
1055 addr.in6.sin6_addr = in6addr_any;
1056 addr.in6.sin6_port = htons(daemon->query_port);
1057 #ifdef HAVE_SOCKADDR_SA_LEN
1058 addr.in6.sin6_len = sizeof(struct sockaddr_in6);
1059 #endif
1060 allocate_sfd(&addr, "");
1061 #endif
1062 }
1063
1064 for (srv = daemon->servers; srv; srv = srv->next)
1065 if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)) &&
1066 !allocate_sfd(&srv->source_addr, srv->interface) &&
1067 errno != 0 &&
1068 option_bool(OPT_NOWILD))
1069 {
1070 prettyprint_addr(&srv->source_addr, daemon->namebuff);
1071 if (srv->interface[0] != 0)
1072 {
1073 strcat(daemon->namebuff, " ");
1074 strcat(daemon->namebuff, srv->interface);
1075 }
1076 die(_("failed to bind server socket for %s: %s"),
1077 daemon->namebuff, EC_BADNET);
1078 }
1079 }
1080
1081
1082 void check_servers(void)
1083 {
1084 struct irec *iface;
1085 struct server *new, *tmp, *ret = NULL;
1086 int port = 0;
1087
1088 /* interface may be new since startup */
1089 if (!option_bool(OPT_NOWILD))
1090 enumerate_interfaces(0);
1091
1092 for (new = daemon->servers; new; new = tmp)
1093 {
1094 tmp = new->next;
1095
1096 if (!(new->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)))
1097 {
1098 port = prettyprint_addr(&new->addr, daemon->namebuff);
1099
1100 /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
1101 if (new->addr.sa.sa_family == AF_INET &&
1102 new->addr.in.sin_addr.s_addr == 0)
1103 {
1104 free(new);
1105 continue;
1106 }
1107
1108 for (iface = daemon->interfaces; iface; iface = iface->next)
1109 if (sockaddr_isequal(&new->addr, &iface->addr))
1110 break;
1111 if (iface)
1112 {
1113 my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff);
1114 free(new);
1115 continue;
1116 }
1117
1118 /* Do we need a socket set? */
1119 if (!new->sfd &&
1120 !(new->sfd = allocate_sfd(&new->source_addr, new->interface)) &&
1121 errno != 0)
1122 {
1123 my_syslog(LOG_WARNING,
1124 _("ignoring nameserver %s - cannot make/bind socket: %s"),
1125 daemon->namebuff, strerror(errno));
1126 free(new);
1127 continue;
1128 }
1129 }
1130
1131 /* reverse order - gets it right. */
1132 new->next = ret;
1133 ret = new;
1134
1135 if (!(new->flags & SERV_NO_REBIND))
1136 {
1137 if (new->flags & (SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_USE_RESOLV))
1138 {
1139 char *s1, *s2;
1140 if (!(new->flags & SERV_HAS_DOMAIN))
1141 s1 = _("unqualified"), s2 = _("names");
1142 else if (strlen(new->domain) == 0)
1143 s1 = _("default"), s2 = "";
1144 else
1145 s1 = _("domain"), s2 = new->domain;
1146
1147 if (new->flags & SERV_NO_ADDR)
1148 my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
1149 else if (new->flags & SERV_USE_RESOLV)
1150 my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2);
1151 else if (!(new->flags & SERV_LITERAL_ADDRESS))
1152 my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2);
1153 }
1154 else if (new->interface[0] != 0)
1155 my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port, new->interface);
1156 else
1157 my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port);
1158 }
1159 }
1160
1161 daemon->servers = ret;
1162 }
1163
1164 /* Return zero if no servers found, in that case we keep polling.
1165 This is a protection against an update-time/write race on resolv.conf */
1166 int reload_servers(char *fname)
1167 {
1168 FILE *f;
1169 char *line;
1170 struct server *old_servers = NULL;
1171 struct server *new_servers = NULL;
1172 struct server *serv;
1173 int gotone = 0;
1174
1175 /* buff happens to be MAXDNAME long... */
1176 if (!(f = fopen(fname, "r")))
1177 {
1178 my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno));
1179 return 0;
1180 }
1181
1182 /* move old servers to free list - we can reuse the memory
1183 and not risk malloc if there are the same or fewer new servers.
1184 Servers which were specced on the command line go to the new list. */
1185 for (serv = daemon->servers; serv;)
1186 {
1187 struct server *tmp = serv->next;
1188 if (serv->flags & SERV_FROM_RESOLV)
1189 {
1190 serv->next = old_servers;
1191 old_servers = serv;
1192 /* forward table rules reference servers, so have to blow them away */
1193 server_gone(serv);
1194 }
1195 else
1196 {
1197 serv->next = new_servers;
1198 new_servers = serv;
1199 }
1200 serv = tmp;
1201 }
1202
1203 while ((line = fgets(daemon->namebuff, MAXDNAME, f)))
1204 {
1205 union mysockaddr addr, source_addr;
1206 char *token = strtok(line, " \t\n\r");
1207
1208 if (!token)
1209 continue;
1210 if (strcmp(token, "nameserver") != 0 && strcmp(token, "server") != 0)
1211 continue;
1212 if (!(token = strtok(NULL, " \t\n\r")))
1213 continue;
1214
1215 memset(&addr, 0, sizeof(addr));
1216 memset(&source_addr, 0, sizeof(source_addr));
1217
1218 if ((addr.in.sin_addr.s_addr = inet_addr(token)) != (in_addr_t) -1)
1219 {
1220 #ifdef HAVE_SOCKADDR_SA_LEN
1221 source_addr.in.sin_len = addr.in.sin_len = sizeof(source_addr.in);
1222 #endif
1223 source_addr.in.sin_family = addr.in.sin_family = AF_INET;
1224 addr.in.sin_port = htons(NAMESERVER_PORT);
1225 source_addr.in.sin_addr.s_addr = INADDR_ANY;
1226 source_addr.in.sin_port = htons(daemon->query_port);
1227 }
1228 #ifdef HAVE_IPV6
1229 else
1230 {
1231 int scope_index = 0;
1232 char *scope_id = strchr(token, '%');
1233
1234 if (scope_id)
1235 {
1236 *(scope_id++) = 0;
1237 scope_index = if_nametoindex(scope_id);
1238 }
1239
1240 if (inet_pton(AF_INET6, token, &addr.in6.sin6_addr) > 0)
1241 {
1242 #ifdef HAVE_SOCKADDR_SA_LEN
1243 source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(source_addr.in6);
1244 #endif
1245 source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
1246 source_addr.in6.sin6_flowinfo = addr.in6.sin6_flowinfo = 0;
1247 addr.in6.sin6_port = htons(NAMESERVER_PORT);
1248 addr.in6.sin6_scope_id = scope_index;
1249 source_addr.in6.sin6_addr = in6addr_any;
1250 source_addr.in6.sin6_port = htons(daemon->query_port);
1251 source_addr.in6.sin6_scope_id = 0;
1252 }
1253 else
1254 continue;
1255 }
1256 #else /* IPV6 */
1257 else
1258 continue;
1259 #endif
1260
1261 if (old_servers)
1262 {
1263 serv = old_servers;
1264 old_servers = old_servers->next;
1265 }
1266 else if (!(serv = whine_malloc(sizeof (struct server))))
1267 continue;
1268
1269 /* this list is reverse ordered:
1270 it gets reversed again in check_servers */
1271 serv->next = new_servers;
1272 new_servers = serv;
1273 serv->addr = addr;
1274 serv->source_addr = source_addr;
1275 serv->domain = NULL;
1276 serv->interface[0] = 0;
1277 serv->sfd = NULL;
1278 serv->flags = SERV_FROM_RESOLV;
1279 serv->queries = serv->failed_queries = 0;
1280 gotone = 1;
1281 }
1282
1283 /* Free any memory not used. */
1284 while (old_servers)
1285 {
1286 struct server *tmp = old_servers->next;
1287 free(old_servers);
1288 old_servers = tmp;
1289 }
1290
1291 daemon->servers = new_servers;
1292 fclose(f);
1293
1294 return gotone;
1295 }
1296
1297
1298
1299
1300
1301
Tomato firmware and modifications.