search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dnsmasq: Update to v2.67test14.
[tomato.git] / release / src / router / dnsmasq / src / dnsmasq.c
blob5556fd6ee04a24a8a69f3aaeda2728cbd9bce9f1
1 /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16 /* Jon Zarate AFAIK wrote the original Tomato specific code, primarily to
17 support extra info in the GUI. Following is a vague clue as to how it
18 hangs together.
19
20 device list status is handled by www/devlist.c - this sends a SIGUSR2
21 to dnsmasq which causes the 'tomato_helper' function to execute in
22 addition to the normal dnsmasq SIGUSR2 code (Switch logfile, but since
23 Tomato not using that it doesn't matter) devlist.c waits up to 5 secs
24 for file '/var/tmp/dhcp/leases.!' to disappear before continuing
25 (Must be a better way to do this IPC stuff)
26
27 tomato_helper(lease.c) does a couple of things:
28
29 It looks for /var/tmp/dhcp/delete and deletes any known leases by IP
30 address found therein. It deletes /var/tmp/dhcp/delete when done.
31 This implements the 'delete lease' from GUI functionality.
32
33 It dumps the current dhcp leases into /var/tmp/dhcp/lease.! (tmp file)
34 subtracting the current time from the lease expiry time, thus producing
35 a 'lease remaining' time for the GUI.
36 The temp file is renamed to /var/tmp/dhcp/leases thus signalling devlist.c
37 that it may proceed. Finally when devlist.c is finished
38 /var/tmp/dhcp/leases is removed.
39
40 rfc2131.c implements a 'Quiet DHCP' option (don't log DHCP stuff) first
41 implemented by 'Teddy Bear'.
42
43 dnsmasq.c also intercepts SIGHUP so that it may flush the lease file.
44 This is so lease expiry times survive a process restart since dnsmasq
45 reads the lease file at start-up.
46
47 Finally(?) lease_update_file (lease.c) writes out the remaining lease
48 duration for each dhcp lease rather than lease expiry time (with RTC) or
49 lease length (no RTC) for dnsmasq's internal lease database.
50 asuswrt does a similar thing with lease durations though the code is
51 different. Ideally the code would be merged in such a way that Tomato
52 and asuswrt-merlin can code share without even thinking...another project!
53
54 dhcp lease file is /var/lib/misc/dnsmasq.leases
55
56 Above description K Darbyshire-Bryant 02/05/13 Hope it helps someone
57 */
58
59
60
61 /* Declare static char *compiler_opts in config.h */
62 #define DNSMASQ_COMPILE_OPTS
63
64 #include "dnsmasq.h"
65
66 struct daemon *daemon;
67
68 static volatile pid_t pid = 0;
69 static volatile int pipewrite;
70
71 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
72 static void check_dns_listeners(fd_set *set, time_t now);
73 static void sig_handler(int sig);
74 static void async_event(int pipe, time_t now);
75 static void fatal_event(struct event_desc *ev, char *msg);
76 static int read_event(int fd, struct event_desc *evp, char **msg);
77
78 int main (int argc, char **argv)
79 {
80 int bind_fallback = 0;
81 time_t now;
82 struct sigaction sigact;
83 struct iname *if_tmp;
84 int piperead, pipefd[2], err_pipe[2];
85 struct passwd *ent_pw = NULL;
86 #if defined(HAVE_SCRIPT)
87 uid_t script_uid = 0;
88 gid_t script_gid = 0;
89 #endif
90 struct group *gp = NULL;
91 long i, max_fd = sysconf(_SC_OPEN_MAX);
92 char *baduser = NULL;
93 int log_err;
94 #if defined(HAVE_LINUX_NETWORK)
95 cap_user_header_t hdr = NULL;
96 cap_user_data_t data = NULL;
97 #endif
98 struct dhcp_context *context;
99 struct dhcp_relay *relay;
100
101 #ifdef LOCALEDIR
102 setlocale(LC_ALL, "");
103 bindtextdomain("dnsmasq", LOCALEDIR);
104 textdomain("dnsmasq");
105 #endif
106
107 sigact.sa_handler = sig_handler;
108 sigact.sa_flags = 0;
109 sigemptyset(&sigact.sa_mask);
110 sigaction(SIGUSR1, &sigact, NULL);
111 sigaction(SIGUSR2, &sigact, NULL);
112 sigaction(SIGHUP, &sigact, NULL);
113 sigaction(SIGTERM, &sigact, NULL);
114 sigaction(SIGALRM, &sigact, NULL);
115 sigaction(SIGCHLD, &sigact, NULL);
116
117 /* ignore SIGPIPE */
118 sigact.sa_handler = SIG_IGN;
119 sigaction(SIGPIPE, &sigact, NULL);
120
121 umask(022); /* known umask, create leases and pid files as 0644 */
122
123 read_opts(argc, argv, compile_opts);
124
125 if (daemon->edns_pktsz < PACKETSZ)
126 daemon->edns_pktsz = PACKETSZ;
127 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
128 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
129 daemon->packet = safe_malloc(daemon->packet_buff_sz);
130
131 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
132
133
134 #ifdef HAVE_DHCP
135 if (!daemon->lease_file)
136 {
137 if (daemon->dhcp || daemon->dhcp6)
138 daemon->lease_file = LEASEFILE;
139 }
140 #endif
141
142 /* Close any file descriptors we inherited apart from std{in|out|err}
143
144 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
145 otherwise file descriptors we create can end up being 0, 1, or 2
146 and then get accidentally closed later when we make 0, 1, and 2
147 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
148 but it's not guaranteed. By opening /dev/null three times, we
149 ensure that we're not using those fds for real stuff. */
150 for (i = 0; i < max_fd; i++)
151 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
152 close(i);
153 else
154 open("/dev/null", O_RDWR);
155
156 #ifndef HAVE_LINUX_NETWORK
157 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
158 if (!option_bool(OPT_NOWILD))
159 {
160 bind_fallback = 1;
161 set_option_bool(OPT_NOWILD);
162 }
163 # endif
164
165 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
166 if (option_bool(OPT_CLEVERBIND))
167 {
168 bind_fallback = 1;
169 set_option_bool(OPT_NOWILD);
170 reset_option_bool(OPT_CLEVERBIND);
171 }
172 #endif
173
174 #ifndef HAVE_TFTP
175 if (option_bool(OPT_TFTP))
176 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
177 #endif
178
179 #ifdef HAVE_CONNTRACK
180 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
181 die (_("Cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
182 #else
183 if (option_bool(OPT_CONNTRACK))
184 die(_("Conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
185 #endif
186
187 #ifdef HAVE_SOLARIS_NETWORK
188 if (daemon->max_logs != 0)
189 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
190 #endif
191
192 #ifdef __ANDROID__
193 if (daemon->max_logs != 0)
194 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
195 #endif
196
197 #ifndef HAVE_AUTH
198 if (daemon->authserver)
199 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
200 #endif
201
202 rand_init();
203
204 now = dnsmasq_time();
205
206 /* Create a serial at startup if not configured. */
207 if (daemon->authinterface && daemon->soa_sn == 0)
208 #ifdef HAVE_BROKEN_RTC
209 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
210 #else
211 daemon->soa_sn = now;
212 #endif
213
214 #ifdef HAVE_DHCP6
215 if (daemon->dhcp6)
216 {
217 daemon->doing_ra = option_bool(OPT_RA);
218
219 for (context = daemon->dhcp6; context; context = context->next)
220 {
221 if (context->flags & CONTEXT_DHCP)
222 daemon->doing_dhcp6 = 1;
223 if (context->flags & CONTEXT_RA)
224 daemon->doing_ra = 1;
225 #ifndef HAVE_LINUX_NETWORK
226 if (context->flags & CONTEXT_TEMPLATE)
227 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
228 #endif
229 }
230 }
231 #endif
232
233 #ifdef HAVE_DHCP
234 /* Note that order matters here, we must call lease_init before
235 creating any file descriptors which shouldn't be leaked
236 to the lease-script init process. We need to call common_init
237 before lease_init to allocate buffers it uses.*/
238 if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6)
239 {
240 dhcp_common_init();
241 if (daemon->dhcp || daemon->doing_dhcp6)
242 lease_init(now);
243 }
244
245 if (daemon->dhcp || daemon->relay4)
246 dhcp_init();
247
248 # ifdef HAVE_DHCP6
249 if (daemon->doing_ra)
250 ra_init(now);
251
252 if (daemon->doing_dhcp6 || daemon->relay6)
253 dhcp6_init();
254 # endif
255
256 #endif
257
258 #ifdef HAVE_IPSET
259 if (daemon->ipsets)
260 ipset_init();
261 #endif
262
263 #ifdef HAVE_LINUX_NETWORK
264 netlink_init();
265
266 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
267 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
268 #endif
269
270 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
271 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
272
273 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
274 {
275 create_bound_listeners(1);
276
277 if (!option_bool(OPT_CLEVERBIND))
278 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
279 if (if_tmp->name && !if_tmp->used)
280 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
281
282 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
283 /* after enumerate_interfaces() */
284 if (daemon->dhcp)
285 {
286 if (!daemon->relay4)
287 bindtodevice(daemon->dhcpfd);
288 if (daemon->enable_pxe)
289 bindtodevice(daemon->pxefd);
290 }
291 #endif
292
293 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
294 if (daemon->doing_dhcp6 && !daemon->relay6)
295 bindtodevice(daemon->dhcp6fd);
296 #endif
297 }
298 else
299 create_wildcard_listeners();
300
301 #ifdef HAVE_DHCP6
302 /* after enumerate_interfaces() */
303 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
304 join_multicast(1);
305 #endif
306
307 if (daemon->port != 0)
308 cache_init();
309
310 if (option_bool(OPT_DBUS))
311 #ifdef HAVE_DBUS
312 {
313 char *err;
314 daemon->dbus = NULL;
315 daemon->watches = NULL;
316 if ((err = dbus_init()))
317 die(_("DBus error: %s"), err, EC_MISC);
318 }
319 #else
320 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
321 #endif
322
323 if (daemon->port != 0)
324 pre_allocate_sfds();
325
326 #if defined(HAVE_SCRIPT)
327 /* Note getpwnam returns static storage */
328 if ((daemon->dhcp || daemon->dhcp6) &&
329 daemon->scriptuser &&
330 (daemon->lease_change_command || daemon->luascript))
331 {
332 if ((ent_pw = getpwnam(daemon->scriptuser)))
333 {
334 script_uid = ent_pw->pw_uid;
335 script_gid = ent_pw->pw_gid;
336 }
337 else
338 baduser = daemon->scriptuser;
339 }
340 #endif
341
342 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
343 baduser = daemon->username;
344 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
345 baduser = daemon->groupname;
346
347 if (baduser)
348 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
349
350 /* implement group defaults, "dip" if available, or group associated with uid */
351 if (!daemon->group_set && !gp)
352 {
353 if (!(gp = getgrnam(CHGRP)) && ent_pw)
354 gp = getgrgid(ent_pw->pw_gid);
355
356 /* for error message */
357 if (gp)
358 daemon->groupname = gp->gr_name;
359 }
360
361 #if defined(HAVE_LINUX_NETWORK)
362 /* determine capability API version here, while we can still
363 call safe_malloc */
364 if (ent_pw && ent_pw->pw_uid != 0)
365 {
366 int capsize = 1; /* for header version 1 */
367 hdr = safe_malloc(sizeof(*hdr));
368
369 /* find version supported by kernel */
370 memset(hdr, 0, sizeof(*hdr));
371 capget(hdr, NULL);
372
373 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
374 {
375 /* if unknown version, use largest supported version (3) */
376 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
377 hdr->version = LINUX_CAPABILITY_VERSION_3;
378 capsize = 2;
379 }
380
381 data = safe_malloc(sizeof(*data) * capsize);
382 memset(data, 0, sizeof(*data) * capsize);
383 }
384 #endif
385
386 /* Use a pipe to carry signals and other events back to the event loop
387 in a race-free manner and another to carry errors to daemon-invoking process */
388 safe_pipe(pipefd, 1);
389
390 piperead = pipefd[0];
391 pipewrite = pipefd[1];
392 /* prime the pipe to load stuff first time. */
393 send_event(pipewrite, EVENT_RELOAD, 0, NULL);
394
395 err_pipe[1] = -1;
396
397 if (!option_bool(OPT_DEBUG))
398 {
399 /* The following code "daemonizes" the process.
400 See Stevens section 12.4 */
401
402 if (chdir("/") != 0)
403 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
404
405 #ifndef NO_FORK
406 if (!option_bool(OPT_NO_FORK))
407 {
408 pid_t pid;
409
410 /* pipe to carry errors back to original process.
411 When startup is complete we close this and the process terminates. */
412 safe_pipe(err_pipe, 0);
413
414 if ((pid = fork()) == -1)
415 /* fd == -1 since we've not forked, never returns. */
416 send_event(-1, EVENT_FORK_ERR, errno, NULL);
417
418 if (pid != 0)
419 {
420 struct event_desc ev;
421 char *msg;
422
423 /* close our copy of write-end */
424 close(err_pipe[1]);
425
426 /* check for errors after the fork */
427 if (read_event(err_pipe[0], &ev, &msg))
428 fatal_event(&ev, msg);
429
430 _exit(EC_GOOD);
431 }
432
433 close(err_pipe[0]);
434
435 /* NO calls to die() from here on. */
436
437 setsid();
438
439 if ((pid = fork()) == -1)
440 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
441
442 if (pid != 0)
443 _exit(0);
444 }
445 #endif
446
447 /* write pidfile _after_ forking ! */
448 if (daemon->runfile)
449 {
450 int fd, err = 0;
451
452 sprintf(daemon->namebuff, "%d\n", (int) getpid());
453
454 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
455 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
456 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
457 extent that an attacker running as the unprivileged user could replace the pidfile with a
458 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
459
460 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
461 ensuring that the open() fails should there be any existing file (because the unlink() failed,
462 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
463 attack can succeed.
464
465 Any compromise of the non-privileged user still theoretically allows the pid-file to be
466 replaced whilst dnsmasq is running. The worst that could allow is that the usual
467 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
468
469 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
470 failure to write the pid-file.
471 */
472
473 unlink(daemon->runfile);
474
475 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
476 {
477 /* only complain if started as root */
478 if (getuid() == 0)
479 err = 1;
480 }
481 else
482 {
483 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
484 err = 1;
485
486 while (!err && close(fd) == -1)
487 if (!retry_send())
488 err = 1;
489 }
490
491 if (err)
492 {
493 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
494 _exit(0);
495 }
496 }
497 }
498
499 log_err = log_start(ent_pw, err_pipe[1]);
500
501 if (!option_bool(OPT_DEBUG))
502 {
503 /* open stdout etc to /dev/null */
504 int nullfd = open("/dev/null", O_RDWR);
505 dup2(nullfd, STDOUT_FILENO);
506 dup2(nullfd, STDERR_FILENO);
507 dup2(nullfd, STDIN_FILENO);
508 close(nullfd);
509 }
510
511 /* if we are to run scripts, we need to fork a helper before dropping root. */
512 daemon->helperfd = -1;
513 #ifdef HAVE_SCRIPT
514 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
515 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
516 #endif
517
518 if (!option_bool(OPT_DEBUG) && getuid() == 0)
519 {
520 int bad_capabilities = 0;
521 gid_t dummy;
522
523 /* remove all supplimentary groups */
524 if (gp &&
525 (setgroups(0, &dummy) == -1 ||
526 setgid(gp->gr_gid) == -1))
527 {
528 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
529 _exit(0);
530 }
531
532 if (ent_pw && ent_pw->pw_uid != 0)
533 {
534 #if defined(HAVE_LINUX_NETWORK)
535 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
536 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
537 ports because of DAD, or we're doing it dynamically,
538 we need CAP_NET_BIND_SERVICE too. */
539 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
540 data->effective = data->permitted = data->inheritable =
541 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
542 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
543 else
544 data->effective = data->permitted = data->inheritable =
545 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
546
547 /* Tell kernel to not clear capabilities when dropping root */
548 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
549 bad_capabilities = errno;
550
551 #elif defined(HAVE_SOLARIS_NETWORK)
552 /* http://developers.sun.com/solaris/articles/program_privileges.html */
553 priv_set_t *priv_set;
554
555 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
556 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
557 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
558 bad_capabilities = errno;
559
560 if (priv_set && bad_capabilities == 0)
561 {
562 priv_inverse(priv_set);
563
564 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
565 bad_capabilities = errno;
566 }
567
568 if (priv_set)
569 priv_freeset(priv_set);
570
571 #endif
572
573 if (bad_capabilities != 0)
574 {
575 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
576 _exit(0);
577 }
578
579 /* finally drop root */
580 if (setuid(ent_pw->pw_uid) == -1)
581 {
582 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
583 _exit(0);
584 }
585
586 #ifdef HAVE_LINUX_NETWORK
587 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
588 data->effective = data->permitted =
589 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
590 else
591 data->effective = data->permitted =
592 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
593 data->inheritable = 0;
594
595 /* lose the setuid and setgid capbilities */
596 if (capset(hdr, data) == -1)
597 {
598 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
599 _exit(0);
600 }
601 #endif
602
603 }
604 }
605
606 #ifdef HAVE_LINUX_NETWORK
607 if (option_bool(OPT_DEBUG))
608 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
609 #endif
610
611 #ifdef HAVE_TFTP
612 if (option_bool(OPT_TFTP))
613 {
614 DIR *dir;
615 struct tftp_prefix *p;
616
617 if (daemon->tftp_prefix)
618 {
619 if (!((dir = opendir(daemon->tftp_prefix))))
620 {
621 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
622 _exit(0);
623 }
624 closedir(dir);
625 }
626
627 for (p = daemon->if_prefix; p; p = p->next)
628 {
629 if (!((dir = opendir(p->prefix))))
630 {
631 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
632 _exit(0);
633 }
634 closedir(dir);
635 }
636 }
637 #endif
638
639 if (daemon->port == 0)
640 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
641 else if (daemon->cachesize != 0)
642 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
643 else
644 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
645
646 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
647
648 #ifdef HAVE_DBUS
649 if (option_bool(OPT_DBUS))
650 {
651 if (daemon->dbus)
652 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
653 else
654 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
655 }
656 #endif
657
658 if (log_err != 0)
659 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
660 daemon->log_file, strerror(log_err));
661
662 if (bind_fallback)
663 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
664
665 if (!option_bool(OPT_NOWILD))
666 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
667 if (if_tmp->name && !if_tmp->used)
668 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
669
670 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
671 {
672 if (daemon->resolv_files && !daemon->resolv_files->is_default)
673 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
674 daemon->resolv_files = NULL;
675 if (!daemon->servers)
676 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
677 }
678
679 if (daemon->max_logs != 0)
680 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
681
682
683 #ifdef HAVE_DHCP
684 for (context = daemon->dhcp; context; context = context->next)
685 log_context(AF_INET, context);
686
687 for (relay = daemon->relay4; relay; relay = relay->next)
688 log_relay(AF_INET, relay);
689
690 # ifdef HAVE_DHCP6
691 for (context = daemon->dhcp6; context; context = context->next)
692 log_context(AF_INET6, context);
693
694 for (relay = daemon->relay6; relay; relay = relay->next)
695 log_relay(AF_INET6, relay);
696
697 if (daemon->doing_dhcp6 || daemon->doing_ra)
698 dhcp_construct_contexts(now);
699
700 if (option_bool(OPT_RA))
701 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
702 # endif
703
704 /* after dhcp_contruct_contexts */
705 if (daemon->dhcp || daemon->doing_dhcp6)
706 lease_find_interfaces(now);
707 #endif
708
709 #ifdef HAVE_TFTP
710 if (option_bool(OPT_TFTP))
711 {
712 #ifdef FD_SETSIZE
713 if (FD_SETSIZE < (unsigned)max_fd)
714 max_fd = FD_SETSIZE;
715 #endif
716
717 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
718 daemon->tftp_prefix ? _("root is ") : _("enabled"),
719 daemon->tftp_prefix ? daemon->tftp_prefix: "",
720 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
721
722 /* This is a guess, it assumes that for small limits,
723 disjoint files might be served, but for large limits,
724 a single file will be sent to may clients (the file only needs
725 one fd). */
726
727 max_fd -= 30; /* use other than TFTP */
728
729 if (max_fd < 0)
730 max_fd = 5;
731 else if (max_fd < 100)
732 max_fd = max_fd/2;
733 else
734 max_fd = max_fd - 20;
735
736 /* if we have to use a limited range of ports,
737 that will limit the number of transfers */
738 if (daemon->start_tftp_port != 0 &&
739 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
740 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
741
742 if (daemon->tftp_max > max_fd)
743 {
744 daemon->tftp_max = max_fd;
745 my_syslog(MS_TFTP | LOG_WARNING,
746 _("restricting maximum simultaneous TFTP transfers to %d"),
747 daemon->tftp_max);
748 }
749 }
750 #endif
751
752 /* finished start-up - release original process */
753 if (err_pipe[1] != -1)
754 close(err_pipe[1]);
755
756 if (daemon->port != 0)
757 check_servers();
758
759 pid = getpid();
760
761 while (1)
762 {
763 int maxfd = -1;
764 struct timeval t, *tp = NULL;
765 fd_set rset, wset, eset;
766
767 FD_ZERO(&rset);
768 FD_ZERO(&wset);
769 FD_ZERO(&eset);
770
771 /* if we are out of resources, find how long we have to wait
772 for some to come free, we'll loop around then and restart
773 listening for queries */
774 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
775 {
776 t.tv_usec = 0;
777 tp = &t;
778 }
779
780 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
781 if (daemon->tftp_trans ||
782 (option_bool(OPT_DBUS) && !daemon->dbus))
783 {
784 t.tv_sec = 0;
785 t.tv_usec = 250000;
786 tp = &t;
787 }
788 /* Wake every second whilst waiting for DAD to complete */
789 else if (is_dad_listeners())
790 {
791 t.tv_sec = 1;
792 t.tv_usec = 0;
793 tp = &t;
794 }
795
796 #ifdef HAVE_DBUS
797 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
798 #endif
799
800 #ifdef HAVE_DHCP
801 if (daemon->dhcp || daemon->relay4)
802 {
803 FD_SET(daemon->dhcpfd, &rset);
804 bump_maxfd(daemon->dhcpfd, &maxfd);
805 if (daemon->pxefd != -1)
806 {
807 FD_SET(daemon->pxefd, &rset);
808 bump_maxfd(daemon->pxefd, &maxfd);
809 }
810 }
811 #endif
812
813 #ifdef HAVE_DHCP6
814 if (daemon->doing_dhcp6 || daemon->relay6)
815 {
816 FD_SET(daemon->dhcp6fd, &rset);
817 bump_maxfd(daemon->dhcp6fd, &maxfd);
818 }
819
820 if (daemon->doing_ra)
821 {
822 FD_SET(daemon->icmp6fd, &rset);
823 bump_maxfd(daemon->icmp6fd, &maxfd);
824 }
825 #endif
826
827 #ifdef HAVE_LINUX_NETWORK
828 FD_SET(daemon->netlinkfd, &rset);
829 bump_maxfd(daemon->netlinkfd, &maxfd);
830 #endif
831
832 FD_SET(piperead, &rset);
833 bump_maxfd(piperead, &maxfd);
834
835 #ifdef HAVE_DHCP
836 # ifdef HAVE_SCRIPT
837 while (helper_buf_empty() && do_script_run(now));
838
839 # ifdef HAVE_TFTP
840 while (helper_buf_empty() && do_tftp_script_run());
841 # endif
842
843 if (!helper_buf_empty())
844 {
845 FD_SET(daemon->helperfd, &wset);
846 bump_maxfd(daemon->helperfd, &maxfd);
847 }
848 # else
849 /* need this for other side-effects */
850 while (do_script_run(now));
851
852 # ifdef HAVE_TFTP
853 while (do_tftp_script_run());
854 # endif
855
856 # endif
857 #endif
858
859 /* must do this just before select(), when we know no
860 more calls to my_syslog() can occur */
861 set_log_writer(&wset, &maxfd);
862
863 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
864 {
865 /* otherwise undefined after error */
866 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
867 }
868
869 now = dnsmasq_time();
870
871 check_log_writer(&wset);
872
873 /* prime. */
874 enumerate_interfaces(1);
875
876 /* Check the interfaces to see if any have exited DAD state
877 and if so, bind the address. */
878 if (is_dad_listeners())
879 {
880 enumerate_interfaces(0);
881 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
882 create_bound_listeners(0);
883 }
884
885 #ifdef HAVE_LINUX_NETWORK
886 if (FD_ISSET(daemon->netlinkfd, &rset))
887 netlink_multicast(now);
888 #endif
889
890 /* Check for changes to resolv files once per second max. */
891 /* Don't go silent for long periods if the clock goes backwards. */
892 if (daemon->last_resolv == 0 ||
893 difftime(now, daemon->last_resolv) > 1.0 ||
894 difftime(now, daemon->last_resolv) < -1.0)
895 {
896 /* poll_resolv doesn't need to reload first time through, since
897 that's queued anyway. */
898
899 poll_resolv(0, daemon->last_resolv != 0, now);
900 daemon->last_resolv = now;
901 }
902
903 if (FD_ISSET(piperead, &rset))
904 async_event(piperead, now);
905
906 #ifdef HAVE_DBUS
907 /* if we didn't create a DBus connection, retry now. */
908 if (option_bool(OPT_DBUS) && !daemon->dbus)
909 {
910 char *err;
911 if ((err = dbus_init()))
912 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
913 if (daemon->dbus)
914 my_syslog(LOG_INFO, _("connected to system DBus"));
915 }
916 check_dbus_listeners(&rset, &wset, &eset);
917 #endif
918
919 check_dns_listeners(&rset, now);
920
921 #ifdef HAVE_TFTP
922 check_tftp_listeners(&rset, now);
923 #endif
924
925 #ifdef HAVE_DHCP
926 if (daemon->dhcp || daemon->relay4)
927 {
928 if (FD_ISSET(daemon->dhcpfd, &rset))
929 dhcp_packet(now, 0);
930 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
931 dhcp_packet(now, 1);
932 }
933
934 #ifdef HAVE_DHCP6
935 if ((daemon->doing_dhcp6 || daemon->relay6) && FD_ISSET(daemon->dhcp6fd, &rset))
936 dhcp6_packet(now);
937
938 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
939 icmp6_packet(now);
940 #endif
941
942 # ifdef HAVE_SCRIPT
943 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
944 helper_write();
945 # endif
946 #endif
947
948 }
949 }
950
951 static void sig_handler(int sig)
952 {
953 if (pid == 0)
954 {
955 /* ignore anything other than TERM during startup
956 and in helper proc. (helper ignore TERM too) */
957 if (sig == SIGTERM)
958 exit(EC_MISC);
959 }
960 else if (pid != getpid())
961 {
962 /* alarm is used to kill TCP children after a fixed time. */
963 if (sig == SIGALRM)
964 _exit(0);
965 }
966 else
967 {
968 /* master process */
969 int event, errsave = errno;
970
971 if (sig == SIGHUP)
972 event = EVENT_RELOAD;
973 else if (sig == SIGCHLD)
974 event = EVENT_CHILD;
975 else if (sig == SIGALRM)
976 event = EVENT_ALARM;
977 else if (sig == SIGTERM)
978 event = EVENT_TERM;
979 else if (sig == SIGUSR1)
980 event = EVENT_DUMP;
981 else if (sig == SIGUSR2)
982 event = EVENT_REOPEN;
983 else
984 return;
985
986 send_event(pipewrite, event, 0, NULL);
987 errno = errsave;
988 }
989 }
990
991 /* now == 0 -> queue immediate callback */
992 void send_alarm(time_t event, time_t now)
993 {
994 if (now == 0 || event != 0)
995 {
996 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
997 if ((now == 0 || difftime(event, now) <= 0.0))
998 send_event(pipewrite, EVENT_ALARM, 0, NULL);
999 else
1000 alarm((unsigned)difftime(event, now));
1001 }
1002 }
1003
1004 void send_event(int fd, int event, int data, char *msg)
1005 {
1006 struct event_desc ev;
1007 struct iovec iov[2];
1008
1009 ev.event = event;
1010 ev.data = data;
1011 ev.msg_sz = msg ? strlen(msg) : 0;
1012
1013 iov[0].iov_base = &ev;
1014 iov[0].iov_len = sizeof(ev);
1015 iov[1].iov_base = msg;
1016 iov[1].iov_len = ev.msg_sz;
1017
1018 /* error pipe, debug mode. */
1019 if (fd == -1)
1020 fatal_event(&ev, msg);
1021 else
1022 /* pipe is non-blocking and struct event_desc is smaller than
1023 PIPE_BUF, so this either fails or writes everything */
1024 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
1025 }
1026
1027 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1028 to describe fatal errors. */
1029 static int read_event(int fd, struct event_desc *evp, char **msg)
1030 {
1031 char *buf;
1032
1033 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1034 return 0;
1035
1036 *msg = NULL;
1037
1038 if (evp->msg_sz != 0 &&
1039 (buf = malloc(evp->msg_sz + 1)) &&
1040 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1041 {
1042 buf[evp->msg_sz] = 0;
1043 *msg = buf;
1044 }
1045
1046 return 1;
1047 }
1048
1049 static void fatal_event(struct event_desc *ev, char *msg)
1050 {
1051 errno = ev->data;
1052
1053 switch (ev->event)
1054 {
1055 case EVENT_DIE:
1056 exit(0);
1057
1058 case EVENT_FORK_ERR:
1059 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1060
1061 case EVENT_PIPE_ERR:
1062 die(_("failed to create helper: %s"), NULL, EC_MISC);
1063
1064 case EVENT_CAP_ERR:
1065 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1066
1067 case EVENT_USER_ERR:
1068 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1069
1070 case EVENT_GROUP_ERR:
1071 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1072
1073 case EVENT_PIDFILE:
1074 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1075
1076 case EVENT_LOG_ERR:
1077 die(_("cannot open log %s: %s"), msg, EC_FILE);
1078
1079 case EVENT_LUA_ERR:
1080 die(_("failed to load Lua script: %s"), msg, EC_MISC);
1081
1082 case EVENT_TFTP_ERR:
1083 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1084 }
1085 }
1086
1087 static void async_event(int pipe, time_t now)
1088 {
1089 pid_t p;
1090 struct event_desc ev;
1091 int i;
1092 char *msg;
1093
1094 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1095 to describe fatal errors. */
1096
1097 if (read_event(pipe, &ev, &msg))
1098 switch (ev.event)
1099 {
1100 case EVENT_RELOAD:
1101 clear_cache_and_reload(now);
1102 if (daemon->port != 0 && daemon->resolv_files && option_bool(OPT_NO_POLL))
1103 {
1104 reload_servers(daemon->resolv_files->name);
1105 check_servers();
1106 }
1107 #ifdef HAVE_DHCP
1108 rerun_scripts();
1109 #endif
1110 break;
1111
1112 case EVENT_DUMP:
1113 if (daemon->port != 0)
1114 dump_cache(now);
1115 break;
1116
1117 case EVENT_ALARM:
1118 #ifdef HAVE_DHCP
1119 if (daemon->dhcp || daemon->doing_dhcp6)
1120 {
1121 lease_prune(NULL, now);
1122 lease_update_file(now);
1123 }
1124 #ifdef HAVE_DHCP6
1125 else if (daemon->doing_ra)
1126 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1127 send_alarm(periodic_ra(now), now);
1128 #endif
1129 #endif
1130 break;
1131
1132 case EVENT_CHILD:
1133 /* See Stevens 5.10 */
1134 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1135 if (p == -1)
1136 {
1137 if (errno != EINTR)
1138 break;
1139 }
1140 else
1141 for (i = 0 ; i < MAX_PROCS; i++)
1142 if (daemon->tcp_pids[i] == p)
1143 daemon->tcp_pids[i] = 0;
1144 break;
1145
1146 case EVENT_KILLED:
1147 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
1148 break;
1149
1150 case EVENT_EXITED:
1151 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
1152 break;
1153
1154 case EVENT_EXEC_ERR:
1155 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1156 daemon->lease_change_command, strerror(ev.data));
1157 break;
1158
1159 /* necessary for fatal errors in helper */
1160 case EVENT_USER_ERR:
1161 case EVENT_DIE:
1162 case EVENT_LUA_ERR:
1163 fatal_event(&ev, msg);
1164 break;
1165
1166 case EVENT_REOPEN:
1167 /* Note: this may leave TCP-handling processes with the old file still open.
1168 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1169 we leave them logging to the old file. */
1170 if (daemon->log_file != NULL)
1171 log_reopen(daemon->log_file);
1172
1173 #ifdef HAVE_TOMATO
1174 tomato_helper(now); //possibly delete & write out leases for tomato
1175 #endif //TOMATO
1176 /* following is Asus tweak. Interestingly Asus read the dnsmasq leases db
1177 directly. They signal dnsmasq to update via SIGUSR2 and wait 1 second
1178 assuming the file will be complete by the time they come to parse it.
1179 Race conditions anyone? What if dnsmasq happens to be updating the
1180 file anyway? */
1181 #if defined(HAVE_DHCP) && defined(HAVE_LEASEFILE_EXPIRE) && !defined(HAVE_TOMATO)
1182 if (daemon->dhcp || daemon->dhcp6)
1183 flush_lease_file(now);
1184 #endif
1185 break;
1186
1187 case EVENT_TERM:
1188 /* Knock all our children on the head. */
1189 for (i = 0; i < MAX_PROCS; i++)
1190 if (daemon->tcp_pids[i] != 0)
1191 kill(daemon->tcp_pids[i], SIGALRM);
1192
1193 #if defined(HAVE_SCRIPT)
1194 /* handle pending lease transitions */
1195 if (daemon->helperfd != -1)
1196 {
1197 /* block in writes until all done */
1198 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1199 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1200 do {
1201 helper_write();
1202 } while (!helper_buf_empty() || do_script_run(now));
1203 close(daemon->helperfd);
1204 }
1205 #endif
1206
1207 //Originally TOMATO tweak
1208 #if defined(HAVE_DHCP) && defined(HAVE_LEASEFILE_EXPIRE)
1209 if (daemon->dhcp || daemon->dhcp6)
1210 flush_lease_file(now);
1211 #endif
1212
1213 if (daemon->lease_stream)
1214 fclose(daemon->lease_stream);
1215
1216 if (daemon->runfile)
1217 unlink(daemon->runfile);
1218
1219 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1220 flush_log();
1221 exit(EC_GOOD);
1222 }
1223 }
1224
1225 void poll_resolv(int force, int do_reload, time_t now)
1226 {
1227 struct resolvc *res, *latest;
1228 struct stat statbuf;
1229 time_t last_change = 0;
1230 /* There may be more than one possible file.
1231 Go through and find the one which changed _last_.
1232 Warn of any which can't be read. */
1233
1234 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
1235 return;
1236
1237 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1238 if (stat(res->name, &statbuf) == -1)
1239 {
1240 if (force)
1241 {
1242 res->mtime = 0;
1243 continue;
1244 }
1245
1246 if (!res->logged)
1247 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1248 res->logged = 1;
1249
1250 if (res->mtime != 0)
1251 {
1252 /* existing file evaporated, force selection of the latest
1253 file even if its mtime hasn't changed since we last looked */
1254 poll_resolv(1, do_reload, now);
1255 return;
1256 }
1257 }
1258 else
1259 {
1260 res->logged = 0;
1261 if (force || (statbuf.st_mtime != res->mtime))
1262 {
1263 res->mtime = statbuf.st_mtime;
1264 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1265 {
1266 last_change = statbuf.st_mtime;
1267 latest = res;
1268 }
1269 }
1270 }
1271
1272 if (latest)
1273 {
1274 static int warned = 0;
1275 if (reload_servers(latest->name))
1276 {
1277 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1278 warned = 0;
1279 check_servers();
1280 if (option_bool(OPT_RELOAD) && do_reload)
1281 clear_cache_and_reload(now);
1282 }
1283 else
1284 {
1285 latest->mtime = 0;
1286 if (!warned)
1287 {
1288 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1289 warned = 1;
1290 }
1291 }
1292 }
1293 }
1294
1295 void clear_cache_and_reload(time_t now)
1296 {
1297 if (daemon->port != 0)
1298 cache_reload();
1299
1300 #ifdef HAVE_DHCP
1301 if (daemon->dhcp || daemon->doing_dhcp6)
1302 {
1303 if (option_bool(OPT_ETHERS))
1304 dhcp_read_ethers();
1305 reread_dhcp();
1306 dhcp_update_configs(daemon->dhcp_conf);
1307 lease_update_from_configs();
1308 lease_update_file(now);
1309 lease_update_dns(1);
1310 }
1311 #ifdef HAVE_DHCP6
1312 else if (daemon->doing_ra)
1313 /* Not doing DHCP, so no lease system, manage
1314 alarms for ra only */
1315 send_alarm(periodic_ra(now), now);
1316 #endif
1317 #endif
1318 }
1319
1320 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1321 {
1322 struct serverfd *serverfdp;
1323 struct listener *listener;
1324 int wait = 0, i;
1325
1326 #ifdef HAVE_TFTP
1327 int tftp = 0;
1328 struct tftp_transfer *transfer;
1329 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1330 {
1331 tftp++;
1332 FD_SET(transfer->sockfd, set);
1333 bump_maxfd(transfer->sockfd, maxfdp);
1334 }
1335 #endif
1336
1337 /* will we be able to get memory? */
1338 if (daemon->port != 0)
1339 get_new_frec(now, &wait);
1340
1341 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1342 {
1343 FD_SET(serverfdp->fd, set);
1344 bump_maxfd(serverfdp->fd, maxfdp);
1345 }
1346
1347 if (daemon->port != 0 && !daemon->osport)
1348 for (i = 0; i < RANDOM_SOCKS; i++)
1349 if (daemon->randomsocks[i].refcount != 0)
1350 {
1351 FD_SET(daemon->randomsocks[i].fd, set);
1352 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1353 }
1354
1355 for (listener = daemon->listeners; listener; listener = listener->next)
1356 {
1357 /* only listen for queries if we have resources */
1358 if (listener->fd != -1 && wait == 0)
1359 {
1360 FD_SET(listener->fd, set);
1361 bump_maxfd(listener->fd, maxfdp);
1362 }
1363
1364 /* death of a child goes through the select loop, so
1365 we don't need to explicitly arrange to wake up here */
1366 if (listener->tcpfd != -1)
1367 for (i = 0; i < MAX_PROCS; i++)
1368 if (daemon->tcp_pids[i] == 0)
1369 {
1370 FD_SET(listener->tcpfd, set);
1371 bump_maxfd(listener->tcpfd, maxfdp);
1372 break;
1373 }
1374
1375 #ifdef HAVE_TFTP
1376 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1377 {
1378 FD_SET(listener->tftpfd, set);
1379 bump_maxfd(listener->tftpfd, maxfdp);
1380 }
1381 #endif
1382
1383 }
1384
1385 return wait;
1386 }
1387
1388 static void check_dns_listeners(fd_set *set, time_t now)
1389 {
1390 struct serverfd *serverfdp;
1391 struct listener *listener;
1392 int i;
1393
1394 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1395 if (FD_ISSET(serverfdp->fd, set))
1396 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1397
1398 if (daemon->port != 0 && !daemon->osport)
1399 for (i = 0; i < RANDOM_SOCKS; i++)
1400 if (daemon->randomsocks[i].refcount != 0 &&
1401 FD_ISSET(daemon->randomsocks[i].fd, set))
1402 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1403
1404 for (listener = daemon->listeners; listener; listener = listener->next)
1405 {
1406 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1407 receive_query(listener, now);
1408
1409 #ifdef HAVE_TFTP
1410 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1411 tftp_request(listener, now);
1412 #endif
1413
1414 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1415 {
1416 int confd, client_ok = 1;
1417 struct irec *iface = NULL;
1418 pid_t p;
1419 union mysockaddr tcp_addr;
1420 socklen_t tcp_len = sizeof(union mysockaddr);
1421
1422 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1423
1424 if (confd == -1)
1425 continue;
1426
1427 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1428 {
1429 close(confd);
1430 continue;
1431 }
1432
1433 /* Make sure that the interface list is up-to-date.
1434
1435 We do this here as we may need the results below, and
1436 the DNS code needs them for --interface-name stuff.
1437
1438 Multiple calls to enumerate_interfaces() per select loop are
1439 inhibited, so calls to it in the child process (which doesn't select())
1440 have no effect. This avoids two processes reading from the same
1441 netlink fd and screwing the pooch entirely.
1442 */
1443
1444 enumerate_interfaces(0);
1445
1446 if (option_bool(OPT_NOWILD))
1447 iface = listener->iface; /* May be NULL */
1448 else
1449 {
1450 int if_index;
1451 char intr_name[IF_NAMESIZE];
1452
1453 /* if we can find the arrival interface, check it's one that's allowed */
1454 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1455 indextoname(listener->tcpfd, if_index, intr_name))
1456 {
1457 struct all_addr addr;
1458 addr.addr.addr4 = tcp_addr.in.sin_addr;
1459 #ifdef HAVE_IPV6
1460 if (tcp_addr.sa.sa_family == AF_INET6)
1461 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
1462 #endif
1463
1464 for (iface = daemon->interfaces; iface; iface = iface->next)
1465 if (iface->index == if_index)
1466 break;
1467
1468 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1469 client_ok = 0;
1470 }
1471
1472 if (option_bool(OPT_CLEVERBIND))
1473 iface = listener->iface; /* May be NULL */
1474 else
1475 {
1476 /* Check for allowed interfaces when binding the wildcard address:
1477 we do this by looking for an interface with the same address as
1478 the local address of the TCP connection, then looking to see if that's
1479 an allowed interface. As a side effect, we get the netmask of the
1480 interface too, for localisation. */
1481
1482 for (iface = daemon->interfaces; iface; iface = iface->next)
1483 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1484 break;
1485
1486 if (!iface)
1487 client_ok = 0;
1488 }
1489 }
1490
1491 if (!client_ok)
1492 {
1493 shutdown(confd, SHUT_RDWR);
1494 close(confd);
1495 }
1496 #ifndef NO_FORK
1497 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
1498 {
1499 if (p != -1)
1500 {
1501 int i;
1502 for (i = 0; i < MAX_PROCS; i++)
1503 if (daemon->tcp_pids[i] == 0)
1504 {
1505 daemon->tcp_pids[i] = p;
1506 break;
1507 }
1508 }
1509 close(confd);
1510 }
1511 #endif
1512 else
1513 {
1514 unsigned char *buff;
1515 struct server *s;
1516 int flags;
1517 struct in_addr netmask;
1518 int auth_dns;
1519
1520 if (iface)
1521 {
1522 netmask = iface->netmask;
1523 auth_dns = iface->dns_auth;
1524 }
1525 else
1526 {
1527 netmask.s_addr = 0;
1528 auth_dns = 0;
1529 }
1530
1531 #ifndef NO_FORK
1532 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1533 terminate the process. */
1534 if (!option_bool(OPT_DEBUG))
1535 alarm(CHILD_LIFETIME);
1536 #endif
1537
1538 /* start with no upstream connections. */
1539 for (s = daemon->servers; s; s = s->next)
1540 s->tcpfd = -1;
1541
1542 /* The connected socket inherits non-blocking
1543 attribute from the listening socket.
1544 Reset that here. */
1545 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1546 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1547
1548 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
1549
1550 shutdown(confd, SHUT_RDWR);
1551 close(confd);
1552
1553 if (buff)
1554 free(buff);
1555
1556 for (s = daemon->servers; s; s = s->next)
1557 if (s->tcpfd != -1)
1558 {
1559 shutdown(s->tcpfd, SHUT_RDWR);
1560 close(s->tcpfd);
1561 }
1562 #ifndef NO_FORK
1563 if (!option_bool(OPT_DEBUG))
1564 {
1565 flush_log();
1566 _exit(0);
1567 }
1568 #endif
1569 }
1570 }
1571 }
1572 }
1573
1574 #ifdef HAVE_DHCP
1575 int make_icmp_sock(void)
1576 {
1577 int fd;
1578 int zeroopt = 0;
1579
1580 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1581 {
1582 if (!fix_fd(fd) ||
1583 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1584 {
1585 close(fd);
1586 fd = -1;
1587 }
1588 }
1589
1590 return fd;
1591 }
1592
1593 int icmp_ping(struct in_addr addr)
1594 {
1595 /* Try and get an ICMP echo from a machine. */
1596
1597 /* Note that whilst in the three second wait, we check for
1598 (and service) events on the DNS and TFTP sockets, (so doing that
1599 better not use any resources our caller has in use...)
1600 but we remain deaf to signals or further DHCP packets. */
1601
1602 int fd;
1603 struct sockaddr_in saddr;
1604 struct {
1605 struct ip ip;
1606 struct icmp icmp;
1607 } packet;
1608 unsigned short id = rand16();
1609 unsigned int i, j;
1610 int gotreply = 0;
1611 time_t start, now;
1612
1613 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1614 if ((fd = make_icmp_sock()) == -1)
1615 return 0;
1616 #else
1617 int opt = 2000;
1618 fd = daemon->dhcp_icmp_fd;
1619 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1620 #endif
1621
1622 saddr.sin_family = AF_INET;
1623 saddr.sin_port = 0;
1624 saddr.sin_addr = addr;
1625 #ifdef HAVE_SOCKADDR_SA_LEN
1626 saddr.sin_len = sizeof(struct sockaddr_in);
1627 #endif
1628
1629 memset(&packet.icmp, 0, sizeof(packet.icmp));
1630 packet.icmp.icmp_type = ICMP_ECHO;
1631 packet.icmp.icmp_id = id;
1632 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1633 j += ((u16 *)&packet.icmp)[i];
1634 while (j>>16)
1635 j = (j & 0xffff) + (j >> 16);
1636 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1637
1638 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1639 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1640 retry_send());
1641
1642 for (now = start = dnsmasq_time();
1643 difftime(now, start) < (float)PING_WAIT;)
1644 {
1645 struct timeval tv;
1646 fd_set rset, wset;
1647 struct sockaddr_in faddr;
1648 int maxfd = fd;
1649 socklen_t len = sizeof(faddr);
1650
1651 tv.tv_usec = 250000;
1652 tv.tv_sec = 0;
1653
1654 FD_ZERO(&rset);
1655 FD_ZERO(&wset);
1656 FD_SET(fd, &rset);
1657 set_dns_listeners(now, &rset, &maxfd);
1658 set_log_writer(&wset, &maxfd);
1659
1660 #ifdef HAVE_DHCP6
1661 if (daemon->doing_ra)
1662 {
1663 FD_SET(daemon->icmp6fd, &rset);
1664 bump_maxfd(daemon->icmp6fd, &maxfd);
1665 }
1666 #endif
1667
1668 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1669 {
1670 FD_ZERO(&rset);
1671 FD_ZERO(&wset);
1672 }
1673
1674 now = dnsmasq_time();
1675
1676 check_log_writer(&wset);
1677 check_dns_listeners(&rset, now);
1678
1679 #ifdef HAVE_DHCP6
1680 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1681 icmp6_packet(now);
1682 #endif
1683
1684 #ifdef HAVE_TFTP
1685 check_tftp_listeners(&rset, now);
1686 #endif
1687
1688 if (FD_ISSET(fd, &rset) &&
1689 recvfrom(fd, &packet, sizeof(packet), 0,
1690 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1691 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1692 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1693 packet.icmp.icmp_seq == 0 &&
1694 packet.icmp.icmp_id == id)
1695 {
1696 gotreply = 1;
1697 break;
1698 }
1699 }
1700
1701 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1702 close(fd);
1703 #else
1704 opt = 1;
1705 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1706 #endif
1707
1708 return gotreply;
1709 }
1710 #endif
1711
1712
Tomato firmware and modifications.