search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dnsmasq: Update to v2.67test14.
[tomato.git] / release / src / router / dnsmasq / src / network.c
blob8e62538887562b75bceb20e8fad4f85006210fd4
1 /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 #include "dnsmasq.h"
18
19 #ifdef HAVE_LINUX_NETWORK
20
21 int indextoname(int fd, int index, char *name)
22 {
23 struct ifreq ifr;
24
25 if (index == 0)
26 return 0;
27
28 ifr.ifr_ifindex = index;
29 if (ioctl(fd, SIOCGIFNAME, &ifr) == -1)
30 return 0;
31
32 strncpy(name, ifr.ifr_name, IF_NAMESIZE);
33
34 return 1;
35 }
36
37
38 #elif defined(HAVE_SOLARIS_NETWORK)
39
40 #include <zone.h>
41 #include <alloca.h>
42 #ifndef LIFC_UNDER_IPMP
43 # define LIFC_UNDER_IPMP 0
44 #endif
45
46 int indextoname(int fd, int index, char *name)
47 {
48 int64_t lifc_flags;
49 struct lifnum lifn;
50 int numifs, bufsize, i;
51 struct lifconf lifc;
52 struct lifreq *lifrp;
53
54 if (index == 0)
55 return 0;
56
57 if (getzoneid() == GLOBAL_ZONEID)
58 {
59 if (!if_indextoname(index, name))
60 return 0;
61 return 1;
62 }
63
64 lifc_flags = LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES | LIFC_UNDER_IPMP;
65 lifn.lifn_family = AF_UNSPEC;
66 lifn.lifn_flags = lifc_flags;
67 if (ioctl(fd, SIOCGLIFNUM, &lifn) < 0)
68 return 0;
69
70 numifs = lifn.lifn_count;
71 bufsize = numifs * sizeof(struct lifreq);
72
73 lifc.lifc_family = AF_UNSPEC;
74 lifc.lifc_flags = lifc_flags;
75 lifc.lifc_len = bufsize;
76 lifc.lifc_buf = alloca(bufsize);
77
78 if (ioctl(fd, SIOCGLIFCONF, &lifc) < 0)
79 return 0;
80
81 lifrp = lifc.lifc_req;
82 for (i = lifc.lifc_len / sizeof(struct lifreq); i; i--, lifrp++)
83 {
84 struct lifreq lifr;
85 strncpy(lifr.lifr_name, lifrp->lifr_name, IF_NAMESIZE);
86 if (ioctl(fd, SIOCGLIFINDEX, &lifr) < 0)
87 return 0;
88
89 if (lifr.lifr_index == index) {
90 strncpy(name, lifr.lifr_name, IF_NAMESIZE);
91 return 1;
92 }
93 }
94 return 0;
95 }
96
97
98 #else
99
100 int indextoname(int fd, int index, char *name)
101 {
102 (void)fd;
103
104 if (index == 0 || !if_indextoname(index, name))
105 return 0;
106
107 return 1;
108 }
109
110 #endif
111
112 int iface_check(int family, struct all_addr *addr, char *name, int *auth)
113 {
114 struct iname *tmp;
115 int ret = 1, match_addr = 0;
116
117 /* Note: have to check all and not bail out early, so that we set the
118 "used" flags. */
119
120 if (auth)
121 *auth = 0;
122
123 if (daemon->if_names || daemon->if_addrs)
124 {
125 ret = 0;
126
127 for (tmp = daemon->if_names; tmp; tmp = tmp->next)
128 if (tmp->name && wildcard_match(tmp->name, name))
129 ret = tmp->used = 1;
130
131 if (addr)
132 for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
133 if (tmp->addr.sa.sa_family == family)
134 {
135 if (family == AF_INET &&
136 tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
137 ret = match_addr = tmp->used = 1;
138 #ifdef HAVE_IPV6
139 else if (family == AF_INET6 &&
140 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr,
141 &addr->addr.addr6))
142 ret = match_addr = tmp->used = 1;
143 #endif
144 }
145 }
146
147 if (!match_addr)
148 for (tmp = daemon->if_except; tmp; tmp = tmp->next)
149 if (tmp->name && wildcard_match(tmp->name, name))
150 ret = 0;
151
152
153 for (tmp = daemon->authinterface; tmp; tmp = tmp->next)
154 if (tmp->name)
155 {
156 if (strcmp(tmp->name, name) == 0)
157 break;
158 }
159 else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET &&
160 tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
161 break;
162 #ifdef HAVE_IPV6
163 else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 &&
164 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6))
165 break;
166 #endif
167
168 if (tmp && auth)
169 {
170 *auth = 1;
171 ret = 1;
172 }
173
174 return ret;
175 }
176
177
178 /* Fix for problem that the kernel sometimes reports the loopback inerface as the
179 arrival interface when a packet originates locally, even when sent to address of
180 an interface other than the loopback. Accept packet if it arrived via a loopback
181 interface, even when we're not accepting packets that way, as long as the destination
182 address is one we're believing. Interface list must be up-to-date before calling. */
183 int loopback_exception(int fd, int family, struct all_addr *addr, char *name)
184 {
185 struct ifreq ifr;
186 struct irec *iface;
187
188 strncpy(ifr.ifr_name, name, IF_NAMESIZE);
189 if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 &&
190 ifr.ifr_flags & IFF_LOOPBACK)
191 {
192 for (iface = daemon->interfaces; iface; iface = iface->next)
193 if (iface->addr.sa.sa_family == family)
194 {
195 if (family == AF_INET)
196 {
197 if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
198 return 1;
199 }
200 #ifdef HAVE_IPV6
201 else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6))
202 return 1;
203 #endif
204
205 }
206 }
207 return 0;
208 }
209
210 /* If we're configured with something like --interface=eth0:0 then we'll listen correctly
211 on the relevant address, but the name of the arrival interface, derived from the
212 index won't match the config. Check that we found an interface address for the arrival
213 interface: daemon->interfaces must be up-to-date. */
214 int label_exception(int index, int family, struct all_addr *addr)
215 {
216 struct irec *iface;
217
218 /* labels only supported on IPv4 addresses. */
219 if (family != AF_INET)
220 return 0;
221
222 for (iface = daemon->interfaces; iface; iface = iface->next)
223 if (iface->index == index && iface->addr.sa.sa_family == AF_INET &&
224 iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
225 return 1;
226
227 return 0;
228 }
229
230 struct iface_param {
231 struct addrlist *spare;
232 int fd;
233 };
234
235 static int iface_allowed(struct iface_param *param, int if_index, char *label,
236 union mysockaddr *addr, struct in_addr netmask, int dad)
237 {
238 struct irec *iface;
239 int mtu = 0, loopback;
240 struct ifreq ifr;
241 int tftp_ok = !!option_bool(OPT_TFTP);
242 int dhcp_ok = 1;
243 int auth_dns = 0;
244 #ifdef HAVE_DHCP
245 struct iname *tmp;
246 #endif
247
248 if (!indextoname(param->fd, if_index, ifr.ifr_name) ||
249 ioctl(param->fd, SIOCGIFFLAGS, &ifr) == -1)
250 return 0;
251
252 loopback = ifr.ifr_flags & IFF_LOOPBACK;
253
254 if (loopback)
255 dhcp_ok = 0;
256
257 if (ioctl(param->fd, SIOCGIFMTU, &ifr) != -1)
258 mtu = ifr.ifr_mtu;
259
260 if (!label)
261 label = ifr.ifr_name;
262
263
264 /* Update addresses from interface_names. These are a set independent
265 of the set we're listening on. */
266 #ifdef HAVE_IPV6
267 if (addr->sa.sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr))
268 #endif
269 {
270 struct interface_name *int_name;
271 struct addrlist *al;
272
273 for (int_name = daemon->int_names; int_name; int_name = int_name->next)
274 if (strncmp(label, int_name->intr, IF_NAMESIZE) == 0)
275 {
276 if (param->spare)
277 {
278 al = param->spare;
279 param->spare = al->next;
280 }
281 else
282 al = whine_malloc(sizeof(struct addrlist));
283
284 if (al)
285 {
286 if (addr->sa.sa_family == AF_INET)
287 {
288 al->addr.addr.addr4 = addr->in.sin_addr;
289 al->next = int_name->addr4;
290 int_name->addr4 = al;
291 }
292 #ifdef HAVE_IPV6
293 else
294 {
295 al->addr.addr.addr6 = addr->in6.sin6_addr;
296 al->next = int_name->addr6;
297 int_name->addr6 = al;
298 }
299 #endif
300 }
301 }
302 }
303
304 /* check whether the interface IP has been added already
305 we call this routine multiple times. */
306 for (iface = daemon->interfaces; iface; iface = iface->next)
307 if (sockaddr_isequal(&iface->addr, addr))
308 {
309 iface->dad = dad;
310 return 1;
311 }
312
313 /* If we are restricting the set of interfaces to use, make
314 sure that loopback interfaces are in that set. */
315 if (daemon->if_names && loopback)
316 {
317 struct iname *lo;
318 for (lo = daemon->if_names; lo; lo = lo->next)
319 if (lo->name && strcmp(lo->name, ifr.ifr_name) == 0)
320 break;
321
322 if (!lo && (lo = whine_malloc(sizeof(struct iname))))
323 {
324 if ((lo->name = whine_malloc(strlen(ifr.ifr_name)+1)))
325 {
326 strcpy(lo->name, ifr.ifr_name);
327 lo->used = 1;
328 lo->next = daemon->if_names;
329 daemon->if_names = lo;
330 }
331 else
332 free(lo);
333 }
334 }
335
336 if (addr->sa.sa_family == AF_INET &&
337 !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns))
338 return 1;
339
340 #ifdef HAVE_IPV6
341 if (addr->sa.sa_family == AF_INET6 &&
342 !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns))
343 return 1;
344 #endif
345
346 #ifdef HAVE_DHCP
347 /* No DHCP where we're doing auth DNS. */
348 if (auth_dns)
349 {
350 tftp_ok = 0;
351 dhcp_ok = 0;
352 }
353 else
354 for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
355 if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
356 {
357 tftp_ok = 0;
358 dhcp_ok = 0;
359 }
360 #endif
361
362
363 if (daemon->tftp_interfaces)
364 {
365 /* dedicated tftp interface list */
366 tftp_ok = 0;
367 for (tmp = daemon->tftp_interfaces; tmp; tmp = tmp->next)
368 if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
369 tftp_ok = 1;
370 }
371
372 /* add to list */
373 if ((iface = whine_malloc(sizeof(struct irec))))
374 {
375 iface->addr = *addr;
376 iface->netmask = netmask;
377 iface->tftp_ok = tftp_ok;
378 iface->dhcp_ok = dhcp_ok;
379 iface->dns_auth = auth_dns;
380 iface->mtu = mtu;
381 iface->dad = dad;
382 iface->done = iface->multicast_done = 0;
383 iface->index = if_index;
384 if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1)))
385 {
386 strcpy(iface->name, ifr.ifr_name);
387 iface->next = daemon->interfaces;
388 daemon->interfaces = iface;
389 return 1;
390 }
391 free(iface);
392
393 }
394
395 errno = ENOMEM;
396 return 0;
397 }
398
399 #ifdef HAVE_IPV6
400 static int iface_allowed_v6(struct in6_addr *local, int prefix,
401 int scope, int if_index, int flags,
402 int preferred, int valid, void *vparam)
403 {
404 union mysockaddr addr;
405 struct in_addr netmask; /* dummy */
406 netmask.s_addr = 0;
407
408 (void)prefix; /* warning */
409 (void)scope; /* warning */
410 (void)preferred;
411 (void)valid;
412
413 memset(&addr, 0, sizeof(addr));
414 #ifdef HAVE_SOCKADDR_SA_LEN
415 addr.in6.sin6_len = sizeof(addr.in6);
416 #endif
417 addr.in6.sin6_family = AF_INET6;
418 addr.in6.sin6_addr = *local;
419 addr.in6.sin6_port = htons(daemon->port);
420 addr.in6.sin6_scope_id = if_index;
421
422 return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, !!(flags & IFACE_TENTATIVE));
423 }
424 #endif
425
426 static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
427 struct in_addr netmask, struct in_addr broadcast, void *vparam)
428 {
429 union mysockaddr addr;
430
431 memset(&addr, 0, sizeof(addr));
432 #ifdef HAVE_SOCKADDR_SA_LEN
433 addr.in.sin_len = sizeof(addr.in);
434 #endif
435 addr.in.sin_family = AF_INET;
436 addr.in.sin_addr = broadcast; /* warning */
437 addr.in.sin_addr = local;
438 addr.in.sin_port = htons(daemon->port);
439
440 return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, 0);
441 }
442
443 int enumerate_interfaces(int reset)
444 {
445 static struct addrlist *spare = NULL;
446 static int done = 0, active = 0;
447 struct iface_param param;
448 int errsave, ret = 1;
449 struct addrlist *addr, *tmp;
450 struct interface_name *intname;
451
452 /* Do this max once per select cycle - also inhibits netlink socket use
453 in TCP child processes. */
454
455 if (reset)
456 {
457 done = 0;
458 return 1;
459 }
460
461 if (done || active)
462 return 1;
463
464 done = 1;
465
466 /* protect against recusive calls from iface_enumerate(); */
467 active = 1;
468
469 if ((param.fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
470 return 0;
471
472 /* remove addresses stored against interface_names */
473 for (intname = daemon->int_names; intname; intname = intname->next)
474 {
475 for (addr = intname->addr4; addr; addr = tmp)
476 {
477 tmp = addr->next;
478 addr->next = spare;
479 spare = addr;
480 }
481
482 intname->addr4 = NULL;
483
484 #ifdef HAVE_IPV6
485 for (addr = intname->addr6; addr; addr = tmp)
486 {
487 tmp = addr->next;
488 addr->next = spare;
489 spare = addr;
490 }
491
492 intname->addr6 = NULL;
493 #endif
494 }
495
496 param.spare = spare;
497
498 #ifdef HAVE_IPV6
499 ret = iface_enumerate(AF_INET6, &param, iface_allowed_v6);
500 #endif
501
502 if (ret)
503 ret = iface_enumerate(AF_INET, &param, iface_allowed_v4);
504
505 errsave = errno;
506 close(param.fd);
507 errno = errsave;
508
509 spare = param.spare;
510 active = 0;
511
512 return ret;
513 }
514
515 /* set NONBLOCK bit on fd: See Stevens 16.6 */
516 int fix_fd(int fd)
517 {
518 int flags;
519
520 if ((flags = fcntl(fd, F_GETFL)) == -1 ||
521 fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
522 return 0;
523
524 return 1;
525 }
526
527 static int make_sock(union mysockaddr *addr, int type, int dienow)
528 {
529 int family = addr->sa.sa_family;
530 int fd, rc, opt = 1;
531
532 if ((fd = socket(family, type, 0)) == -1)
533 {
534 int port;
535 char *s;
536
537 /* No error if the kernel just doesn't support this IP flavour */
538 if (errno == EPROTONOSUPPORT ||
539 errno == EAFNOSUPPORT ||
540 errno == EINVAL)
541 return -1;
542
543 err:
544 port = prettyprint_addr(addr, daemon->addrbuff);
545 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
546 sprintf(daemon->addrbuff, "port %d", port);
547 s = _("failed to create listening socket for %s: %s");
548
549 if (fd != -1)
550 close (fd);
551
552 if (dienow)
553 {
554 /* failure to bind addresses given by --listen-address at this point
555 is OK if we're doing bind-dynamic */
556 if (!option_bool(OPT_CLEVERBIND))
557 die(s, daemon->addrbuff, EC_BADNET);
558 }
559 else
560 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
561
562 return -1;
563 }
564
565 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd))
566 goto err;
567
568 #ifdef HAVE_IPV6
569 if (family == AF_INET6 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
570 goto err;
571 #endif
572
573 if ((rc = bind(fd, (struct sockaddr *)addr, sa_len(addr))) == -1)
574 goto err;
575
576 if (type == SOCK_STREAM)
577 {
578 if (listen(fd, 5) == -1)
579 goto err;
580 }
581 else if (!option_bool(OPT_NOWILD))
582 {
583 if (family == AF_INET)
584 {
585 #if defined(HAVE_LINUX_NETWORK)
586 if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1)
587 goto err;
588 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
589 if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 ||
590 setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1)
591 goto err;
592 #endif
593 }
594 #ifdef HAVE_IPV6
595 else if (!set_ipv6pktinfo(fd))
596 goto err;
597 #endif
598 }
599
600 return fd;
601 }
602
603 #ifdef HAVE_IPV6
604 int set_ipv6pktinfo(int fd)
605 {
606 int opt = 1;
607
608 /* The API changed around Linux 2.6.14 but the old ABI is still supported:
609 handle all combinations of headers and kernel.
610 OpenWrt note that this fixes the problem addressed by your very broken patch. */
611 daemon->v6pktinfo = IPV6_PKTINFO;
612
613 #ifdef IPV6_RECVPKTINFO
614 if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &opt, sizeof(opt)) != -1)
615 return 1;
616 # ifdef IPV6_2292PKTINFO
617 else if (errno == ENOPROTOOPT && setsockopt(fd, IPPROTO_IPV6, IPV6_2292PKTINFO, &opt, sizeof(opt)) != -1)
618 {
619 daemon->v6pktinfo = IPV6_2292PKTINFO;
620 return 1;
621 }
622 # endif
623 #else
624 if (setsockopt(fd, IPPROTO_IPV6, IPV6_PKTINFO, &opt, sizeof(opt)) != -1)
625 return 1;
626 #endif
627
628 return 0;
629 }
630 #endif
631
632
633 /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
634 int tcp_interface(int fd, int af)
635 {
636 int if_index = 0;
637
638 #ifdef HAVE_LINUX_NETWORK
639 int opt = 1;
640 struct cmsghdr *cmptr;
641 struct msghdr msg;
642
643 /* use mshdr do that the CMSDG_* macros are available */
644 msg.msg_control = daemon->packet;
645 msg.msg_controllen = daemon->packet_buff_sz;
646
647 /* we overwrote the buffer... */
648 daemon->srv_save = NULL;
649
650 if (af == AF_INET)
651 {
652 if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) != -1 &&
653 getsockopt(fd, IPPROTO_IP, IP_PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
654 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
655 if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
656 {
657 union {
658 unsigned char *c;
659 struct in_pktinfo *p;
660 } p;
661
662 p.c = CMSG_DATA(cmptr);
663 if_index = p.p->ipi_ifindex;
664 }
665 }
666 #ifdef HAVE_IPV6
667 else
668 {
669 /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
670 it was removed in RFC-3542 !!!!
671
672 Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
673 uses the old ABI, and should work with pre- and post-3542 kernel headers */
674
675 #ifdef IPV6_2292PKTOPTIONS
676 # define PKTOPTIONS IPV6_2292PKTOPTIONS
677 #else
678 # define PKTOPTIONS IPV6_PKTOPTIONS
679 #endif
680
681 if (set_ipv6pktinfo(fd) &&
682 getsockopt(fd, IPPROTO_IPV6, PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
683 {
684 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
685 if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
686 {
687 union {
688 unsigned char *c;
689 struct in6_pktinfo *p;
690 } p;
691 p.c = CMSG_DATA(cmptr);
692
693 if_index = p.p->ipi6_ifindex;
694 }
695 }
696 }
697 #endif /* IPV6 */
698 #endif /* Linux */
699
700 return if_index;
701 }
702
703 static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, int dienow)
704 {
705 struct listener *l = NULL;
706 int fd = -1, tcpfd = -1, tftpfd = -1;
707
708 if (daemon->port != 0)
709 {
710 fd = make_sock(addr, SOCK_DGRAM, dienow);
711 tcpfd = make_sock(addr, SOCK_STREAM, dienow);
712 }
713
714 #ifdef HAVE_TFTP
715 if (do_tftp)
716 {
717 if (addr->sa.sa_family == AF_INET)
718 {
719 /* port must be restored to DNS port for TCP code */
720 short save = addr->in.sin_port;
721 addr->in.sin_port = htons(TFTP_PORT);
722 tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
723 addr->in.sin_port = save;
724 }
725 # ifdef HAVE_IPV6
726 else
727 {
728 short save = addr->in6.sin6_port;
729 addr->in6.sin6_port = htons(TFTP_PORT);
730 tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
731 addr->in6.sin6_port = save;
732 }
733 # endif
734 }
735 #endif
736
737 if (fd != -1 || tcpfd != -1 || tftpfd != -1)
738 {
739 l = safe_malloc(sizeof(struct listener));
740 l->next = NULL;
741 l->family = addr->sa.sa_family;
742 l->fd = fd;
743 l->tcpfd = tcpfd;
744 l->tftpfd = tftpfd;
745 }
746
747 return l;
748 }
749
750 void create_wildcard_listeners(void)
751 {
752 union mysockaddr addr;
753 struct listener *l, *l6;
754
755 memset(&addr, 0, sizeof(addr));
756 #ifdef HAVE_SOCKADDR_SA_LEN
757 addr.in.sin_len = sizeof(addr.in);
758 #endif
759 addr.in.sin_family = AF_INET;
760 addr.in.sin_addr.s_addr = INADDR_ANY;
761 addr.in.sin_port = htons(daemon->port);
762
763 l = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
764
765 #ifdef HAVE_IPV6
766 memset(&addr, 0, sizeof(addr));
767 # ifdef HAVE_SOCKADDR_SA_LEN
768 addr.in6.sin6_len = sizeof(addr.in6);
769 # endif
770 addr.in6.sin6_family = AF_INET6;
771 addr.in6.sin6_addr = in6addr_any;
772 addr.in6.sin6_port = htons(daemon->port);
773
774 l6 = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
775 if (l)
776 l->next = l6;
777 else
778 l = l6;
779 #endif
780
781 daemon->listeners = l;
782 }
783
784 void create_bound_listeners(int dienow)
785 {
786 struct listener *new;
787 struct irec *iface;
788 struct iname *if_tmp;
789
790 for (iface = daemon->interfaces; iface; iface = iface->next)
791 if (!iface->done && !iface->dad &&
792 (new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
793 {
794 new->iface = iface;
795 new->next = daemon->listeners;
796 daemon->listeners = new;
797 iface->done = 1;
798 }
799
800 /* Check for --listen-address options that haven't been used because there's
801 no interface with a matching address. These may be valid: eg it's possible
802 to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
803
804 If the address isn't valid the bind() will fail and we'll die()
805 (except in bind-dynamic mode, when we'll complain but keep trying.)
806
807 The resulting listeners have the ->iface field NULL, and this has to be
808 handled by the DNS and TFTP code. It disables --localise-queries processing
809 (no netmask) and some MTU login the tftp code. */
810
811 for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
812 if (!if_tmp->used &&
813 (new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow)))
814 {
815 new->iface = NULL;
816 new->next = daemon->listeners;
817 daemon->listeners = new;
818 }
819 }
820
821 int is_dad_listeners(void)
822 {
823 struct irec *iface;
824
825 if (option_bool(OPT_NOWILD))
826 for (iface = daemon->interfaces; iface; iface = iface->next)
827 if (iface->dad && !iface->done)
828 return 1;
829
830 return 0;
831 }
832
833 #ifdef HAVE_DHCP6
834 void join_multicast(int dienow)
835 {
836 struct irec *iface, *tmp;
837
838 for (iface = daemon->interfaces; iface; iface = iface->next)
839 if (iface->addr.sa.sa_family == AF_INET6 && iface->dhcp_ok && !iface->multicast_done)
840 {
841 /* There's an irec per address but we only want to join for multicast
842 once per interface. Weed out duplicates. */
843 for (tmp = daemon->interfaces; tmp; tmp = tmp->next)
844 if (tmp->multicast_done && tmp->index == iface->index)
845 break;
846
847 iface->multicast_done = 1;
848
849 if (!tmp)
850 {
851 struct ipv6_mreq mreq;
852 int err = 0;
853
854 mreq.ipv6mr_interface = iface->index;
855
856 inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
857
858 if ((daemon->doing_dhcp6 || daemon->relay6) &&
859 setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
860 err = 1;
861
862 inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
863
864 if (daemon->doing_dhcp6 &&
865 setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
866 err = 1;
867
868 inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr);
869
870 if (daemon->doing_ra &&
871 setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
872 err = 1;
873
874 if (err)
875 {
876 char *s = _("interface %s failed to join DHCPv6 multicast group: %s");
877 if (dienow)
878 die(s, iface->name, EC_BADNET);
879 else
880 my_syslog(LOG_ERR, s, iface->name, strerror(errno));
881 }
882 }
883 }
884 }
885 #endif
886
887 /* return a UDP socket bound to a random port, have to cope with straying into
888 occupied port nos and reserved ones. */
889 int random_sock(int family)
890 {
891 int fd;
892
893 if ((fd = socket(family, SOCK_DGRAM, 0)) != -1)
894 {
895 union mysockaddr addr;
896 unsigned int ports_avail = 65536u - (unsigned short)daemon->min_port;
897 int tries = ports_avail < 30 ? 3 * ports_avail : 100;
898
899 memset(&addr, 0, sizeof(addr));
900 addr.sa.sa_family = family;
901
902 /* don't loop forever if all ports in use. */
903
904 if (fix_fd(fd))
905 while(tries--)
906 {
907 unsigned short port = rand16();
908
909 if (daemon->min_port != 0)
910 port = htons(daemon->min_port + (port % ((unsigned short)ports_avail)));
911
912 if (family == AF_INET)
913 {
914 addr.in.sin_addr.s_addr = INADDR_ANY;
915 addr.in.sin_port = port;
916 #ifdef HAVE_SOCKADDR_SA_LEN
917 addr.in.sin_len = sizeof(struct sockaddr_in);
918 #endif
919 }
920 #ifdef HAVE_IPV6
921 else
922 {
923 addr.in6.sin6_addr = in6addr_any;
924 addr.in6.sin6_port = port;
925 #ifdef HAVE_SOCKADDR_SA_LEN
926 addr.in6.sin6_len = sizeof(struct sockaddr_in6);
927 #endif
928 }
929 #endif
930
931 if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0)
932 return fd;
933
934 if (errno != EADDRINUSE && errno != EACCES)
935 break;
936 }
937
938 close(fd);
939 }
940
941 return -1;
942 }
943
944
945 int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp)
946 {
947 union mysockaddr addr_copy = *addr;
948
949 /* cannot set source _port_ for TCP connections. */
950 if (is_tcp)
951 {
952 if (addr_copy.sa.sa_family == AF_INET)
953 addr_copy.in.sin_port = 0;
954 #ifdef HAVE_IPV6
955 else
956 addr_copy.in6.sin6_port = 0;
957 #endif
958 }
959
960 if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) == -1)
961 return 0;
962
963 #if defined(SO_BINDTODEVICE)
964 if (intname[0] != 0 &&
965 setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, IF_NAMESIZE) == -1)
966 return 0;
967 #endif
968
969 return 1;
970 }
971
972 static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname)
973 {
974 struct serverfd *sfd;
975 int errsave;
976
977 /* when using random ports, servers which would otherwise use
978 the INADDR_ANY/port0 socket have sfd set to NULL */
979 if (!daemon->osport && intname[0] == 0)
980 {
981 errno = 0;
982
983 if (addr->sa.sa_family == AF_INET &&
984 addr->in.sin_addr.s_addr == INADDR_ANY &&
985 addr->in.sin_port == htons(0))
986 return NULL;
987
988 #ifdef HAVE_IPV6
989 if (addr->sa.sa_family == AF_INET6 &&
990 memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 &&
991 addr->in6.sin6_port == htons(0))
992 return NULL;
993 #endif
994 }
995
996 /* may have a suitable one already */
997 for (sfd = daemon->sfds; sfd; sfd = sfd->next )
998 if (sockaddr_isequal(&sfd->source_addr, addr) &&
999 strcmp(intname, sfd->interface) == 0)
1000 return sfd;
1001
1002 /* need to make a new one. */
1003 errno = ENOMEM; /* in case malloc fails. */
1004 if (!(sfd = whine_malloc(sizeof(struct serverfd))))
1005 return NULL;
1006
1007 if ((sfd->fd = socket(addr->sa.sa_family, SOCK_DGRAM, 0)) == -1)
1008 {
1009 free(sfd);
1010 return NULL;
1011 }
1012
1013 if (!local_bind(sfd->fd, addr, intname, 0) || !fix_fd(sfd->fd))
1014 {
1015 errsave = errno; /* save error from bind. */
1016 close(sfd->fd);
1017 free(sfd);
1018 errno = errsave;
1019 return NULL;
1020 }
1021
1022 strcpy(sfd->interface, intname);
1023 sfd->source_addr = *addr;
1024 sfd->next = daemon->sfds;
1025 daemon->sfds = sfd;
1026 return sfd;
1027 }
1028
1029 /* create upstream sockets during startup, before root is dropped which may be needed
1030 this allows query_port to be a low port and interface binding */
1031 void pre_allocate_sfds(void)
1032 {
1033 struct server *srv;
1034
1035 if (daemon->query_port != 0)
1036 {
1037 union mysockaddr addr;
1038 memset(&addr, 0, sizeof(addr));
1039 addr.in.sin_family = AF_INET;
1040 addr.in.sin_addr.s_addr = INADDR_ANY;
1041 addr.in.sin_port = htons(daemon->query_port);
1042 #ifdef HAVE_SOCKADDR_SA_LEN
1043 addr.in.sin_len = sizeof(struct sockaddr_in);
1044 #endif
1045 allocate_sfd(&addr, "");
1046 #ifdef HAVE_IPV6
1047 memset(&addr, 0, sizeof(addr));
1048 addr.in6.sin6_family = AF_INET6;
1049 addr.in6.sin6_addr = in6addr_any;
1050 addr.in6.sin6_port = htons(daemon->query_port);
1051 #ifdef HAVE_SOCKADDR_SA_LEN
1052 addr.in6.sin6_len = sizeof(struct sockaddr_in6);
1053 #endif
1054 allocate_sfd(&addr, "");
1055 #endif
1056 }
1057
1058 for (srv = daemon->servers; srv; srv = srv->next)
1059 if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)) &&
1060 !allocate_sfd(&srv->source_addr, srv->interface) &&
1061 errno != 0 &&
1062 option_bool(OPT_NOWILD))
1063 {
1064 prettyprint_addr(&srv->source_addr, daemon->namebuff);
1065 if (srv->interface[0] != 0)
1066 {
1067 strcat(daemon->namebuff, " ");
1068 strcat(daemon->namebuff, srv->interface);
1069 }
1070 die(_("failed to bind server socket for %s: %s"),
1071 daemon->namebuff, EC_BADNET);
1072 }
1073 }
1074
1075
1076 void check_servers(void)
1077 {
1078 struct irec *iface;
1079 struct server *new, *tmp, *ret = NULL;
1080 int port = 0;
1081
1082 /* interface may be new since startup */
1083 if (!option_bool(OPT_NOWILD))
1084 enumerate_interfaces(0);
1085
1086 for (new = daemon->servers; new; new = tmp)
1087 {
1088 tmp = new->next;
1089
1090 if (!(new->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)))
1091 {
1092 port = prettyprint_addr(&new->addr, daemon->namebuff);
1093
1094 /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
1095 if (new->addr.sa.sa_family == AF_INET &&
1096 new->addr.in.sin_addr.s_addr == 0)
1097 {
1098 free(new);
1099 continue;
1100 }
1101
1102 for (iface = daemon->interfaces; iface; iface = iface->next)
1103 if (sockaddr_isequal(&new->addr, &iface->addr))
1104 break;
1105 if (iface)
1106 {
1107 my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff);
1108 free(new);
1109 continue;
1110 }
1111
1112 /* Do we need a socket set? */
1113 if (!new->sfd &&
1114 !(new->sfd = allocate_sfd(&new->source_addr, new->interface)) &&
1115 errno != 0)
1116 {
1117 my_syslog(LOG_WARNING,
1118 _("ignoring nameserver %s - cannot make/bind socket: %s"),
1119 daemon->namebuff, strerror(errno));
1120 free(new);
1121 continue;
1122 }
1123 }
1124
1125 /* reverse order - gets it right. */
1126 new->next = ret;
1127 ret = new;
1128
1129 if (!(new->flags & SERV_NO_REBIND))
1130 {
1131 if (new->flags & (SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_USE_RESOLV))
1132 {
1133 char *s1, *s2;
1134 if (!(new->flags & SERV_HAS_DOMAIN))
1135 s1 = _("unqualified"), s2 = _("names");
1136 else if (strlen(new->domain) == 0)
1137 s1 = _("default"), s2 = "";
1138 else
1139 s1 = _("domain"), s2 = new->domain;
1140
1141 if (new->flags & SERV_NO_ADDR)
1142 my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
1143 else if (new->flags & SERV_USE_RESOLV)
1144 my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2);
1145 else if (!(new->flags & SERV_LITERAL_ADDRESS))
1146 my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2);
1147 }
1148 else if (new->interface[0] != 0)
1149 my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port, new->interface);
1150 else
1151 my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port);
1152 }
1153 }
1154
1155 daemon->servers = ret;
1156 }
1157
1158 /* Return zero if no servers found, in that case we keep polling.
1159 This is a protection against an update-time/write race on resolv.conf */
1160 int reload_servers(char *fname)
1161 {
1162 FILE *f;
1163 char *line;
1164 struct server *old_servers = NULL;
1165 struct server *new_servers = NULL;
1166 struct server *serv;
1167 int gotone = 0;
1168
1169 /* buff happens to be MAXDNAME long... */
1170 if (!(f = fopen(fname, "r")))
1171 {
1172 my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno));
1173 return 0;
1174 }
1175
1176 /* move old servers to free list - we can reuse the memory
1177 and not risk malloc if there are the same or fewer new servers.
1178 Servers which were specced on the command line go to the new list. */
1179 for (serv = daemon->servers; serv;)
1180 {
1181 struct server *tmp = serv->next;
1182 if (serv->flags & SERV_FROM_RESOLV)
1183 {
1184 serv->next = old_servers;
1185 old_servers = serv;
1186 /* forward table rules reference servers, so have to blow them away */
1187 server_gone(serv);
1188 }
1189 else
1190 {
1191 serv->next = new_servers;
1192 new_servers = serv;
1193 }
1194 serv = tmp;
1195 }
1196
1197 while ((line = fgets(daemon->namebuff, MAXDNAME, f)))
1198 {
1199 union mysockaddr addr, source_addr;
1200 char *token = strtok(line, " \t\n\r");
1201
1202 if (!token)
1203 continue;
1204 if (strcmp(token, "nameserver") != 0 && strcmp(token, "server") != 0)
1205 continue;
1206 if (!(token = strtok(NULL, " \t\n\r")))
1207 continue;
1208
1209 memset(&addr, 0, sizeof(addr));
1210 memset(&source_addr, 0, sizeof(source_addr));
1211
1212 if ((addr.in.sin_addr.s_addr = inet_addr(token)) != (in_addr_t) -1)
1213 {
1214 #ifdef HAVE_SOCKADDR_SA_LEN
1215 source_addr.in.sin_len = addr.in.sin_len = sizeof(source_addr.in);
1216 #endif
1217 source_addr.in.sin_family = addr.in.sin_family = AF_INET;
1218 addr.in.sin_port = htons(NAMESERVER_PORT);
1219 source_addr.in.sin_addr.s_addr = INADDR_ANY;
1220 source_addr.in.sin_port = htons(daemon->query_port);
1221 }
1222 #ifdef HAVE_IPV6
1223 else
1224 {
1225 int scope_index = 0;
1226 char *scope_id = strchr(token, '%');
1227
1228 if (scope_id)
1229 {
1230 *(scope_id++) = 0;
1231 scope_index = if_nametoindex(scope_id);
1232 }
1233
1234 if (inet_pton(AF_INET6, token, &addr.in6.sin6_addr) > 0)
1235 {
1236 #ifdef HAVE_SOCKADDR_SA_LEN
1237 source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(source_addr.in6);
1238 #endif
1239 source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
1240 source_addr.in6.sin6_flowinfo = addr.in6.sin6_flowinfo = 0;
1241 addr.in6.sin6_port = htons(NAMESERVER_PORT);
1242 addr.in6.sin6_scope_id = scope_index;
1243 source_addr.in6.sin6_addr = in6addr_any;
1244 source_addr.in6.sin6_port = htons(daemon->query_port);
1245 source_addr.in6.sin6_scope_id = 0;
1246 }
1247 else
1248 continue;
1249 }
1250 #else /* IPV6 */
1251 else
1252 continue;
1253 #endif
1254
1255 if (old_servers)
1256 {
1257 serv = old_servers;
1258 old_servers = old_servers->next;
1259 }
1260 else if (!(serv = whine_malloc(sizeof (struct server))))
1261 continue;
1262
1263 /* this list is reverse ordered:
1264 it gets reversed again in check_servers */
1265 serv->next = new_servers;
1266 new_servers = serv;
1267 serv->addr = addr;
1268 serv->source_addr = source_addr;
1269 serv->domain = NULL;
1270 serv->interface[0] = 0;
1271 serv->sfd = NULL;
1272 serv->flags = SERV_FROM_RESOLV;
1273 serv->queries = serv->failed_queries = 0;
1274 gotone = 1;
1275 }
1276
1277 /* Free any memory not used. */
1278 while (old_servers)
1279 {
1280 struct server *tmp = old_servers->next;
1281 free(old_servers);
1282 old_servers = tmp;
1283 }
1284
1285 daemon->servers = new_servers;
1286 fclose(f);
1287
1288 return gotone;
1289 }
1290
1291
1292
1293
1294
1295
Tomato firmware and modifications.