search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Changes to update Tomato RAF.
[tomato.git] / release / src / router / dnsmasq / src / dnsmasq.c
bloba28e3518126e3b4ba55e65d822aeaca38df8a977
1 /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16 /* Jon Zarate AFAIK wrote the original Tomato specific code, primarily to
17 support extra info in the GUI. Following is a vague clue as to how it
18 hangs together.
19
20 device list status is handled by www/devlist.c - this sends a SIGUSR2
21 to dnsmasq which causes the 'tomato_helper' function to execute in
22 addition to the normal dnsmasq SIGUSR2 code (Switch logfile, but since
23 Tomato not using that it doesn't matter) devlist.c waits up to 5 secs
24 for file '/var/tmp/dhcp/leases.!' to disappear before continuing
25 (Must be a better way to do this IPC stuff)
26
27 tomato_helper(lease.c) does a couple of things:
28
29 It looks for /var/tmp/dhcp/delete and deletes any known leases by IP
30 address found therein. It deletes /var/tmp/dhcp/delete when done.
31 This implements the 'delete lease' from GUI functionality.
32
33 It dumps the current dhcp leases into /var/tmp/dhcp/lease.! (tmp file)
34 subtracting the current time from the lease expiry time, thus producing
35 a 'lease remaining' time for the GUI.
36 The temp file is renamed to /var/tmp/dhcp/leases thus signalling devlist.c
37 that it may proceed. Finally when devlist.c is finished
38 /var/tmp/dhcp/leases is removed.
39
40 rfc2131.c implements a 'Quiet DHCP' option (don't log DHCP stuff) first
41 implemented by 'Teddy Bear'.
42
43 dnsmasq.c also intercepts SIGHUP so that it may flush the lease file.
44 This is so lease expiry times survive a process restart since dnsmasq
45 reads the lease file at start-up.
46
47 Finally(?) lease_update_file (lease.c) writes out the remaining lease
48 duration for each dhcp lease rather than lease expiry time (with RTC) or
49 lease length (no RTC) for dnsmasq's internal lease database.
50 asuswrt does a similar thing with lease durations though the code is
51 different. Ideally the code would be merged in such a way that Tomato
52 and asuswrt-merlin can code share without even thinking...another project!
53
54 dhcp lease file is /var/lib/misc/dnsmasq.leases
55
56 Above description K Darbyshire-Bryant 02/05/13 Hope it helps someone
57 */
58
59
60
61 /* Declare static char *compiler_opts in config.h */
62 #define DNSMASQ_COMPILE_OPTS
63
64 #include "dnsmasq.h"
65
66 struct daemon *daemon;
67
68 static volatile pid_t pid = 0;
69 static volatile int pipewrite;
70
71 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
72 static void check_dns_listeners(fd_set *set, time_t now);
73 static void sig_handler(int sig);
74 static void async_event(int pipe, time_t now);
75 static void fatal_event(struct event_desc *ev, char *msg);
76 static int read_event(int fd, struct event_desc *evp, char **msg);
77
78
79 int main (int argc, char **argv)
80 {
81 int bind_fallback = 0;
82 time_t now;
83 struct sigaction sigact;
84 struct iname *if_tmp;
85 int piperead, pipefd[2], err_pipe[2];
86 struct passwd *ent_pw = NULL;
87 #if defined(HAVE_SCRIPT)
88 uid_t script_uid = 0;
89 gid_t script_gid = 0;
90 #endif
91 struct group *gp = NULL;
92 long i, max_fd = sysconf(_SC_OPEN_MAX);
93 char *baduser = NULL;
94 int log_err;
95 #if defined(HAVE_LINUX_NETWORK)
96 cap_user_header_t hdr = NULL;
97 cap_user_data_t data = NULL;
98 #endif
99 struct dhcp_context *context;
100
101 #ifdef LOCALEDIR
102 setlocale(LC_ALL, "");
103 bindtextdomain("dnsmasq", LOCALEDIR);
104 textdomain("dnsmasq");
105 #endif
106
107 sigact.sa_handler = sig_handler;
108 sigact.sa_flags = 0;
109 sigemptyset(&sigact.sa_mask);
110 sigaction(SIGUSR1, &sigact, NULL);
111 sigaction(SIGUSR2, &sigact, NULL);
112 sigaction(SIGHUP, &sigact, NULL);
113 sigaction(SIGTERM, &sigact, NULL);
114 sigaction(SIGALRM, &sigact, NULL);
115 sigaction(SIGCHLD, &sigact, NULL);
116
117 /* ignore SIGPIPE */
118 sigact.sa_handler = SIG_IGN;
119 sigaction(SIGPIPE, &sigact, NULL);
120
121 umask(022); /* known umask, create leases and pid files as 0644 */
122
123 read_opts(argc, argv, compile_opts);
124
125 if (daemon->edns_pktsz < PACKETSZ)
126 daemon->edns_pktsz = PACKETSZ;
127 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
128 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
129 daemon->packet = safe_malloc(daemon->packet_buff_sz);
130
131 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
132
133
134 #ifdef HAVE_DHCP
135 if (!daemon->lease_file)
136 {
137 if (daemon->dhcp || daemon->dhcp6)
138 daemon->lease_file = LEASEFILE;
139 }
140 #endif
141
142 /* Close any file descriptors we inherited apart from std{in|out|err}
143
144 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
145 otherwise file descriptors we create can end up being 0, 1, or 2
146 and then get accidentally closed later when we make 0, 1, and 2
147 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
148 but it's not guaranteed. By opening /dev/null three times, we
149 ensure that we're not using those fds for real stuff. */
150 for (i = 0; i < max_fd; i++)
151 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
152 close(i);
153 else
154 open("/dev/null", O_RDWR);
155
156 #ifndef HAVE_LINUX_NETWORK
157 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
158 if (!option_bool(OPT_NOWILD))
159 {
160 bind_fallback = 1;
161 set_option_bool(OPT_NOWILD);
162 }
163 # endif
164
165 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
166 if (option_bool(OPT_CLEVERBIND))
167 {
168 bind_fallback = 1;
169 set_option_bool(OPT_NOWILD);
170 reset_option_bool(OPT_CLEVERBIND);
171 }
172 #endif
173
174 #ifndef HAVE_TFTP
175 if (option_bool(OPT_TFTP))
176 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
177 #endif
178
179 #ifdef HAVE_CONNTRACK
180 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
181 die (_("Cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
182 #else
183 if (option_bool(OPT_CONNTRACK))
184 die(_("Conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
185 #endif
186
187 #ifdef HAVE_SOLARIS_NETWORK
188 if (daemon->max_logs != 0)
189 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
190 #endif
191
192 #ifdef __ANDROID__
193 if (daemon->max_logs != 0)
194 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
195 #endif
196
197 #ifndef HAVE_AUTH
198 if (daemon->authserver)
199 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
200 #endif
201
202 rand_init();
203
204 now = dnsmasq_time();
205
206 /* Create a serial at startup if not configured. */
207 if (daemon->authinterface && daemon->soa_sn == 0)
208 #ifdef HAVE_BROKEN_RTC
209 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
210 #else
211 daemon->soa_sn = now;
212 #endif
213
214 #ifdef HAVE_DHCP
215 if (daemon->dhcp || daemon->dhcp6)
216 {
217
218 # ifdef HAVE_DHCP6
219 if (daemon->dhcp6)
220 {
221 daemon->doing_ra = option_bool(OPT_RA);
222
223 for (context = daemon->dhcp6; context; context = context->next)
224 {
225 if (context->flags & CONTEXT_DHCP)
226 daemon->doing_dhcp6 = 1;
227 if (context->flags & CONTEXT_RA)
228 daemon->doing_ra = 1;
229 #ifndef HAVE_LINUX_NETWORK
230 if (context->flags & CONTEXT_TEMPLATE)
231 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
232 #endif
233 }
234 }
235 # endif
236
237 /* Note that order matters here, we must call lease_init before
238 creating any file descriptors which shouldn't be leaked
239 to the lease-script init process. We need to call common_init
240 before lease_init to allocate buffers it uses.*/
241 if (daemon->dhcp || daemon->doing_dhcp6)
242 {
243 dhcp_common_init();
244 lease_init(now);
245 }
246
247 if (daemon->dhcp)
248 dhcp_init();
249
250 # ifdef HAVE_DHCP6
251 if (daemon->doing_ra)
252 ra_init(now);
253
254 if (daemon->doing_dhcp6)
255 dhcp6_init();
256 # endif
257 }
258
259 #endif
260
261 #ifdef HAVE_IPSET
262 if (daemon->ipsets)
263 ipset_init();
264 #endif
265
266 #ifdef HAVE_LINUX_NETWORK
267 netlink_init();
268
269 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
270 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
271 #endif
272
273 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
274 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
275
276 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
277 {
278 create_bound_listeners(1);
279
280 if (!option_bool(OPT_CLEVERBIND))
281 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
282 if (if_tmp->name && !if_tmp->used)
283 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
284
285 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
286 /* after enumerate_interfaces() */
287 if (daemon->dhcp)
288 {
289 bindtodevice(daemon->dhcpfd);
290 if (daemon->enable_pxe)
291 bindtodevice(daemon->pxefd);
292 }
293 #endif
294
295 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
296 if (daemon->doing_dhcp6)
297 bindtodevice(daemon->dhcp6fd);
298 #endif
299 }
300 else
301 create_wildcard_listeners();
302
303 #ifdef HAVE_DHCP6
304 /* after enumerate_interfaces() */
305 if (daemon->doing_dhcp6 || daemon->doing_ra)
306 join_multicast(1);
307 #endif
308
309 if (daemon->port != 0)
310 cache_init();
311
312 if (option_bool(OPT_DBUS))
313 #ifdef HAVE_DBUS
314 {
315 char *err;
316 daemon->dbus = NULL;
317 daemon->watches = NULL;
318 if ((err = dbus_init()))
319 die(_("DBus error: %s"), err, EC_MISC);
320 }
321 #else
322 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
323 #endif
324
325 if (daemon->port != 0)
326 pre_allocate_sfds();
327
328 #if defined(HAVE_SCRIPT)
329 /* Note getpwnam returns static storage */
330 if ((daemon->dhcp || daemon->dhcp6) &&
331 daemon->scriptuser &&
332 (daemon->lease_change_command || daemon->luascript))
333 {
334 if ((ent_pw = getpwnam(daemon->scriptuser)))
335 {
336 script_uid = ent_pw->pw_uid;
337 script_gid = ent_pw->pw_gid;
338 }
339 else
340 baduser = daemon->scriptuser;
341 }
342 #endif
343
344 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
345 baduser = daemon->username;
346 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
347 baduser = daemon->groupname;
348
349 if (baduser)
350 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
351
352 /* implement group defaults, "dip" if available, or group associated with uid */
353 if (!daemon->group_set && !gp)
354 {
355 if (!(gp = getgrnam(CHGRP)) && ent_pw)
356 gp = getgrgid(ent_pw->pw_gid);
357
358 /* for error message */
359 if (gp)
360 daemon->groupname = gp->gr_name;
361 }
362
363 #if defined(HAVE_LINUX_NETWORK)
364 /* determine capability API version here, while we can still
365 call safe_malloc */
366 if (ent_pw && ent_pw->pw_uid != 0)
367 {
368 int capsize = 1; /* for header version 1 */
369 hdr = safe_malloc(sizeof(*hdr));
370
371 /* find version supported by kernel */
372 memset(hdr, 0, sizeof(*hdr));
373 capget(hdr, NULL);
374
375 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
376 {
377 /* if unknown version, use largest supported version (3) */
378 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
379 hdr->version = LINUX_CAPABILITY_VERSION_3;
380 capsize = 2;
381 }
382
383 data = safe_malloc(sizeof(*data) * capsize);
384 memset(data, 0, sizeof(*data) * capsize);
385 }
386 #endif
387
388 /* Use a pipe to carry signals and other events back to the event loop
389 in a race-free manner and another to carry errors to daemon-invoking process */
390 safe_pipe(pipefd, 1);
391
392 piperead = pipefd[0];
393 pipewrite = pipefd[1];
394 /* prime the pipe to load stuff first time. */
395 send_event(pipewrite, EVENT_RELOAD, 0, NULL);
396
397 err_pipe[1] = -1;
398
399 if (!option_bool(OPT_DEBUG))
400 {
401 /* The following code "daemonizes" the process.
402 See Stevens section 12.4 */
403
404 if (chdir("/") != 0)
405 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
406
407 #ifndef NO_FORK
408 if (!option_bool(OPT_NO_FORK))
409 {
410 pid_t pid;
411
412 /* pipe to carry errors back to original process.
413 When startup is complete we close this and the process terminates. */
414 safe_pipe(err_pipe, 0);
415
416 if ((pid = fork()) == -1)
417 /* fd == -1 since we've not forked, never returns. */
418 send_event(-1, EVENT_FORK_ERR, errno, NULL);
419
420 if (pid != 0)
421 {
422 struct event_desc ev;
423 char *msg;
424
425 /* close our copy of write-end */
426 close(err_pipe[1]);
427
428 /* check for errors after the fork */
429 if (read_event(err_pipe[0], &ev, &msg))
430 fatal_event(&ev, msg);
431
432 _exit(EC_GOOD);
433 }
434
435 close(err_pipe[0]);
436
437 /* NO calls to die() from here on. */
438
439 setsid();
440
441 if ((pid = fork()) == -1)
442 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
443
444 if (pid != 0)
445 _exit(0);
446 }
447 #endif
448
449 /* write pidfile _after_ forking ! */
450 if (daemon->runfile)
451 {
452 int fd, err = 0;
453
454 sprintf(daemon->namebuff, "%d\n", (int) getpid());
455
456 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
457 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
458 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
459 extent that an attacker running as the unprivileged user could replace the pidfile with a
460 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
461
462 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
463 ensuring that the open() fails should there be any existing file (because the unlink() failed,
464 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
465 attack can succeed.
466
467 Any compromise of the non-privileged user still theoretically allows the pid-file to be
468 replaced whilst dnsmasq is running. The worst that could allow is that the usual
469 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
470
471 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
472 failure to write the pid-file.
473 */
474
475 unlink(daemon->runfile);
476
477 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
478 {
479 /* only complain if started as root */
480 if (getuid() == 0)
481 err = 1;
482 }
483 else
484 {
485 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
486 err = 1;
487
488 while (!err && close(fd) == -1)
489 if (!retry_send())
490 err = 1;
491 }
492
493 if (err)
494 {
495 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
496 _exit(0);
497 }
498 }
499 }
500
501 log_err = log_start(ent_pw, err_pipe[1]);
502
503 if (!option_bool(OPT_DEBUG))
504 {
505 /* open stdout etc to /dev/null */
506 int nullfd = open("/dev/null", O_RDWR);
507 dup2(nullfd, STDOUT_FILENO);
508 dup2(nullfd, STDERR_FILENO);
509 dup2(nullfd, STDIN_FILENO);
510 close(nullfd);
511 }
512
513 /* if we are to run scripts, we need to fork a helper before dropping root. */
514 daemon->helperfd = -1;
515 #ifdef HAVE_SCRIPT
516 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
517 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
518 #endif
519
520 if (!option_bool(OPT_DEBUG) && getuid() == 0)
521 {
522 int bad_capabilities = 0;
523 gid_t dummy;
524
525 /* remove all supplimentary groups */
526 if (gp &&
527 (setgroups(0, &dummy) == -1 ||
528 setgid(gp->gr_gid) == -1))
529 {
530 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
531 _exit(0);
532 }
533
534 if (ent_pw && ent_pw->pw_uid != 0)
535 {
536 #if defined(HAVE_LINUX_NETWORK)
537 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
538 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
539 ports because of DAD, or we're doing it dynamically,
540 we need CAP_NET_BIND_SERVICE too. */
541 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
542 data->effective = data->permitted = data->inheritable =
543 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
544 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
545 else
546 data->effective = data->permitted = data->inheritable =
547 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
548
549 /* Tell kernel to not clear capabilities when dropping root */
550 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
551 bad_capabilities = errno;
552
553 #elif defined(HAVE_SOLARIS_NETWORK)
554 /* http://developers.sun.com/solaris/articles/program_privileges.html */
555 priv_set_t *priv_set;
556
557 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
558 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
559 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
560 bad_capabilities = errno;
561
562 if (priv_set && bad_capabilities == 0)
563 {
564 priv_inverse(priv_set);
565
566 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
567 bad_capabilities = errno;
568 }
569
570 if (priv_set)
571 priv_freeset(priv_set);
572
573 #endif
574
575 if (bad_capabilities != 0)
576 {
577 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
578 _exit(0);
579 }
580
581 /* finally drop root */
582 if (setuid(ent_pw->pw_uid) == -1)
583 {
584 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
585 _exit(0);
586 }
587
588 #ifdef HAVE_LINUX_NETWORK
589 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
590 data->effective = data->permitted =
591 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
592 else
593 data->effective = data->permitted =
594 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
595 data->inheritable = 0;
596
597 /* lose the setuid and setgid capbilities */
598 if (capset(hdr, data) == -1)
599 {
600 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
601 _exit(0);
602 }
603 #endif
604
605 }
606 }
607
608 #ifdef HAVE_LINUX_NETWORK
609 if (option_bool(OPT_DEBUG))
610 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
611 #endif
612
613 #ifdef HAVE_TFTP
614 if (option_bool(OPT_TFTP))
615 {
616 DIR *dir;
617 struct tftp_prefix *p;
618
619 if (daemon->tftp_prefix)
620 {
621 if (!((dir = opendir(daemon->tftp_prefix))))
622 {
623 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
624 _exit(0);
625 }
626 closedir(dir);
627 }
628
629 for (p = daemon->if_prefix; p; p = p->next)
630 {
631 if (!((dir = opendir(p->prefix))))
632 {
633 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
634 _exit(0);
635 }
636 closedir(dir);
637 }
638 }
639 #endif
640
641 if (daemon->port == 0)
642 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
643 else if (daemon->cachesize != 0)
644 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
645 else
646 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
647
648 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
649
650 #ifdef HAVE_DBUS
651 if (option_bool(OPT_DBUS))
652 {
653 if (daemon->dbus)
654 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
655 else
656 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
657 }
658 #endif
659
660 if (log_err != 0)
661 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
662 daemon->log_file, strerror(log_err));
663
664 if (bind_fallback)
665 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
666
667 if (!option_bool(OPT_NOWILD))
668 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
669 if (if_tmp->name && !if_tmp->used)
670 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
671
672 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
673 {
674 if (daemon->resolv_files && !daemon->resolv_files->is_default)
675 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
676 daemon->resolv_files = NULL;
677 if (!daemon->servers)
678 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
679 }
680
681 if (daemon->max_logs != 0)
682 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
683
684
685 #ifdef HAVE_DHCP
686 for (context = daemon->dhcp; context; context = context->next)
687 log_context(AF_INET, context);
688
689 # ifdef HAVE_DHCP6
690 for (context = daemon->dhcp6; context; context = context->next)
691 log_context(AF_INET6, context);
692
693 if (daemon->doing_dhcp6 || daemon->doing_ra)
694 dhcp_construct_contexts(now);
695
696 if (option_bool(OPT_RA))
697 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
698 # endif
699
700 /* after dhcp_contruct_contexts */
701 if (daemon->dhcp || daemon->doing_dhcp6)
702 lease_find_interfaces(now);
703 #endif
704
705 #ifdef HAVE_TFTP
706 if (option_bool(OPT_TFTP))
707 {
708 #ifdef FD_SETSIZE
709 if (FD_SETSIZE < (unsigned)max_fd)
710 max_fd = FD_SETSIZE;
711 #endif
712
713 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
714 daemon->tftp_prefix ? _("root is ") : _("enabled"),
715 daemon->tftp_prefix ? daemon->tftp_prefix: "",
716 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
717
718 /* This is a guess, it assumes that for small limits,
719 disjoint files might be served, but for large limits,
720 a single file will be sent to may clients (the file only needs
721 one fd). */
722
723 max_fd -= 30; /* use other than TFTP */
724
725 if (max_fd < 0)
726 max_fd = 5;
727 else if (max_fd < 100)
728 max_fd = max_fd/2;
729 else
730 max_fd = max_fd - 20;
731
732 /* if we have to use a limited range of ports,
733 that will limit the number of transfers */
734 if (daemon->start_tftp_port != 0 &&
735 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
736 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
737
738 if (daemon->tftp_max > max_fd)
739 {
740 daemon->tftp_max = max_fd;
741 my_syslog(MS_TFTP | LOG_WARNING,
742 _("restricting maximum simultaneous TFTP transfers to %d"),
743 daemon->tftp_max);
744 }
745 }
746 #endif
747
748 /* finished start-up - release original process */
749 if (err_pipe[1] != -1)
750 close(err_pipe[1]);
751
752 if (daemon->port != 0)
753 check_servers();
754
755 pid = getpid();
756
757 while (1)
758 {
759 int maxfd = -1;
760 struct timeval t, *tp = NULL;
761 fd_set rset, wset, eset;
762
763 FD_ZERO(&rset);
764 FD_ZERO(&wset);
765 FD_ZERO(&eset);
766
767 /* if we are out of resources, find how long we have to wait
768 for some to come free, we'll loop around then and restart
769 listening for queries */
770 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
771 {
772 t.tv_usec = 0;
773 tp = &t;
774 }
775
776 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
777 if (daemon->tftp_trans ||
778 (option_bool(OPT_DBUS) && !daemon->dbus))
779 {
780 t.tv_sec = 0;
781 t.tv_usec = 250000;
782 tp = &t;
783 }
784 /* Wake every second whilst waiting for DAD to complete */
785 else if (is_dad_listeners())
786 {
787 t.tv_sec = 1;
788 t.tv_usec = 0;
789 tp = &t;
790 }
791
792 #ifdef HAVE_DBUS
793 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
794 #endif
795
796 #ifdef HAVE_DHCP
797 if (daemon->dhcp)
798 {
799 FD_SET(daemon->dhcpfd, &rset);
800 bump_maxfd(daemon->dhcpfd, &maxfd);
801 if (daemon->pxefd != -1)
802 {
803 FD_SET(daemon->pxefd, &rset);
804 bump_maxfd(daemon->pxefd, &maxfd);
805 }
806 }
807 #endif
808
809 #ifdef HAVE_DHCP6
810 if (daemon->doing_dhcp6)
811 {
812 FD_SET(daemon->dhcp6fd, &rset);
813 bump_maxfd(daemon->dhcp6fd, &maxfd);
814 }
815
816 if (daemon->doing_ra)
817 {
818 FD_SET(daemon->icmp6fd, &rset);
819 bump_maxfd(daemon->icmp6fd, &maxfd);
820 }
821 #endif
822
823 #ifdef HAVE_LINUX_NETWORK
824 FD_SET(daemon->netlinkfd, &rset);
825 bump_maxfd(daemon->netlinkfd, &maxfd);
826 #endif
827
828 FD_SET(piperead, &rset);
829 bump_maxfd(piperead, &maxfd);
830
831 #ifdef HAVE_DHCP
832 # ifdef HAVE_SCRIPT
833 while (helper_buf_empty() && do_script_run(now));
834
835 # ifdef HAVE_TFTP
836 while (helper_buf_empty() && do_tftp_script_run());
837 # endif
838
839 if (!helper_buf_empty())
840 {
841 FD_SET(daemon->helperfd, &wset);
842 bump_maxfd(daemon->helperfd, &maxfd);
843 }
844 # else
845 /* need this for other side-effects */
846 while (do_script_run(now));
847
848 # ifdef HAVE_TFTP
849 while (do_tftp_script_run());
850 # endif
851
852 # endif
853 #endif
854
855 /* must do this just before select(), when we know no
856 more calls to my_syslog() can occur */
857 set_log_writer(&wset, &maxfd);
858
859 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
860 {
861 /* otherwise undefined after error */
862 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
863 }
864
865 now = dnsmasq_time();
866
867 check_log_writer(&wset);
868
869 /* prime. */
870 enumerate_interfaces(1);
871
872 /* Check the interfaces to see if any have exited DAD state
873 and if so, bind the address. */
874 if (is_dad_listeners())
875 {
876 enumerate_interfaces(0);
877 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
878 create_bound_listeners(0);
879 }
880
881 #ifdef HAVE_LINUX_NETWORK
882 if (FD_ISSET(daemon->netlinkfd, &rset))
883 netlink_multicast(now);
884 #endif
885
886 /* Check for changes to resolv files once per second max. */
887 /* Don't go silent for long periods if the clock goes backwards. */
888 if (daemon->last_resolv == 0 ||
889 difftime(now, daemon->last_resolv) > 1.0 ||
890 difftime(now, daemon->last_resolv) < -1.0)
891 {
892 /* poll_resolv doesn't need to reload first time through, since
893 that's queued anyway. */
894
895 poll_resolv(0, daemon->last_resolv != 0, now);
896 daemon->last_resolv = now;
897 }
898
899 if (FD_ISSET(piperead, &rset))
900 async_event(piperead, now);
901
902 #ifdef HAVE_DBUS
903 /* if we didn't create a DBus connection, retry now. */
904 if (option_bool(OPT_DBUS) && !daemon->dbus)
905 {
906 char *err;
907 if ((err = dbus_init()))
908 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
909 if (daemon->dbus)
910 my_syslog(LOG_INFO, _("connected to system DBus"));
911 }
912 check_dbus_listeners(&rset, &wset, &eset);
913 #endif
914
915 check_dns_listeners(&rset, now);
916
917 #ifdef HAVE_TFTP
918 check_tftp_listeners(&rset, now);
919 #endif
920
921 #ifdef HAVE_DHCP
922 if (daemon->dhcp)
923 {
924 if (FD_ISSET(daemon->dhcpfd, &rset))
925 dhcp_packet(now, 0);
926 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
927 dhcp_packet(now, 1);
928 }
929
930 #ifdef HAVE_DHCP6
931 if (daemon->doing_dhcp6 && FD_ISSET(daemon->dhcp6fd, &rset))
932 dhcp6_packet(now);
933
934 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
935 icmp6_packet(now);
936 #endif
937
938 # ifdef HAVE_SCRIPT
939 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
940 helper_write();
941 # endif
942 #endif
943
944 }
945 }
946
947 static void sig_handler(int sig)
948 {
949 if (pid == 0)
950 {
951 /* ignore anything other than TERM during startup
952 and in helper proc. (helper ignore TERM too) */
953 if (sig == SIGTERM)
954 exit(EC_MISC);
955 }
956 else if (pid != getpid())
957 {
958 /* alarm is used to kill TCP children after a fixed time. */
959 if (sig == SIGALRM)
960 _exit(0);
961 }
962 else
963 {
964 /* master process */
965 int event, errsave = errno;
966
967 if (sig == SIGHUP)
968 event = EVENT_RELOAD;
969 else if (sig == SIGCHLD)
970 event = EVENT_CHILD;
971 else if (sig == SIGALRM)
972 event = EVENT_ALARM;
973 else if (sig == SIGTERM)
974 event = EVENT_TERM;
975 else if (sig == SIGUSR1)
976 event = EVENT_DUMP;
977 else if (sig == SIGUSR2)
978 event = EVENT_REOPEN;
979 else
980 return;
981
982 send_event(pipewrite, event, 0, NULL);
983 errno = errsave;
984 }
985 }
986
987 /* now == 0 -> queue immediate callback */
988 void send_alarm(time_t event, time_t now)
989 {
990 if (now == 0 || event != 0)
991 {
992 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
993 if ((now == 0 || difftime(event, now) <= 0.0))
994 send_event(pipewrite, EVENT_ALARM, 0, NULL);
995 else
996 alarm((unsigned)difftime(event, now));
997 }
998 }
999
1000 void send_event(int fd, int event, int data, char *msg)
1001 {
1002 struct event_desc ev;
1003 struct iovec iov[2];
1004
1005 ev.event = event;
1006 ev.data = data;
1007 ev.msg_sz = msg ? strlen(msg) : 0;
1008
1009 iov[0].iov_base = &ev;
1010 iov[0].iov_len = sizeof(ev);
1011 iov[1].iov_base = msg;
1012 iov[1].iov_len = ev.msg_sz;
1013
1014 /* error pipe, debug mode. */
1015 if (fd == -1)
1016 fatal_event(&ev, msg);
1017 else
1018 /* pipe is non-blocking and struct event_desc is smaller than
1019 PIPE_BUF, so this either fails or writes everything */
1020 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
1021 }
1022
1023 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1024 to describe fatal errors. */
1025 static int read_event(int fd, struct event_desc *evp, char **msg)
1026 {
1027 char *buf;
1028
1029 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1030 return 0;
1031
1032 *msg = NULL;
1033
1034 if (evp->msg_sz != 0 &&
1035 (buf = malloc(evp->msg_sz + 1)) &&
1036 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1037 {
1038 buf[evp->msg_sz] = 0;
1039 *msg = buf;
1040 }
1041
1042 return 1;
1043 }
1044
1045 static void fatal_event(struct event_desc *ev, char *msg)
1046 {
1047 errno = ev->data;
1048
1049 switch (ev->event)
1050 {
1051 case EVENT_DIE:
1052 exit(0);
1053
1054 case EVENT_FORK_ERR:
1055 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1056
1057 case EVENT_PIPE_ERR:
1058 die(_("failed to create helper: %s"), NULL, EC_MISC);
1059
1060 case EVENT_CAP_ERR:
1061 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1062
1063 case EVENT_USER_ERR:
1064 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1065
1066 case EVENT_GROUP_ERR:
1067 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1068
1069 case EVENT_PIDFILE:
1070 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1071
1072 case EVENT_LOG_ERR:
1073 die(_("cannot open log %s: %s"), msg, EC_FILE);
1074
1075 case EVENT_LUA_ERR:
1076 die(_("failed to load Lua script: %s"), msg, EC_MISC);
1077
1078 case EVENT_TFTP_ERR:
1079 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1080 }
1081 }
1082
1083 static void async_event(int pipe, time_t now)
1084 {
1085 pid_t p;
1086 struct event_desc ev;
1087 int i;
1088 char *msg;
1089
1090 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1091 to describe fatal errors. */
1092
1093 if (read_event(pipe, &ev, &msg))
1094 switch (ev.event)
1095 {
1096 case EVENT_RELOAD:
1097 clear_cache_and_reload(now);
1098 if (daemon->port != 0 && daemon->resolv_files && option_bool(OPT_NO_POLL))
1099 {
1100 reload_servers(daemon->resolv_files->name);
1101 check_servers();
1102 }
1103 #ifdef HAVE_DHCP
1104 rerun_scripts();
1105 #endif
1106 break;
1107
1108 case EVENT_DUMP:
1109 if (daemon->port != 0)
1110 dump_cache(now);
1111 break;
1112
1113 case EVENT_ALARM:
1114 #ifdef HAVE_DHCP
1115 if (daemon->dhcp || daemon->doing_dhcp6)
1116 {
1117 lease_prune(NULL, now);
1118 lease_update_file(now);
1119 }
1120 #ifdef HAVE_DHCP6
1121 else if (daemon->doing_ra)
1122 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1123 send_alarm(periodic_ra(now), now);
1124 #endif
1125 #endif
1126 break;
1127
1128 case EVENT_CHILD:
1129 /* See Stevens 5.10 */
1130 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1131 if (p == -1)
1132 {
1133 if (errno != EINTR)
1134 break;
1135 }
1136 else
1137 for (i = 0 ; i < MAX_PROCS; i++)
1138 if (daemon->tcp_pids[i] == p)
1139 daemon->tcp_pids[i] = 0;
1140 break;
1141
1142 case EVENT_KILLED:
1143 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
1144 break;
1145
1146 case EVENT_EXITED:
1147 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
1148 break;
1149
1150 case EVENT_EXEC_ERR:
1151 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1152 daemon->lease_change_command, strerror(ev.data));
1153 break;
1154
1155 /* necessary for fatal errors in helper */
1156 case EVENT_USER_ERR:
1157 case EVENT_DIE:
1158 case EVENT_LUA_ERR:
1159 fatal_event(&ev, msg);
1160 break;
1161
1162 case EVENT_REOPEN:
1163 /* Note: this may leave TCP-handling processes with the old file still open.
1164 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1165 we leave them logging to the old file. */
1166
1167 if (daemon->log_file != NULL)
1168 log_reopen(daemon->log_file);
1169
1170 #ifdef HAVE_TOMATO
1171 tomato_helper(now); //possibly delete & write out leases for tomato
1172 #endif //TOMATO
1173 /* following is Asus tweak. Interestingly Asus read the dnsmasq leases db
1174 directly. They signal dnsmasq to update via SIGUSR2 and wait 1 second
1175 assuming the file will be complete by the time they come to parse it.
1176 Race conditions anyone? What if dnsmasq happens to be updating the
1177 file anyway? */
1178 #if defined(HAVE_DHCP) && defined(HAVE_LEASEFILE_EXPIRE) && !defined(HAVE_TOMATO)
1179 if (daemon->dhcp || daemon->dhcp6)
1180 flush_lease_file(now);
1181 #endif
1182 break;
1183
1184 case EVENT_TERM:
1185 /* Knock all our children on the head. */
1186 for (i = 0; i < MAX_PROCS; i++)
1187 if (daemon->tcp_pids[i] != 0)
1188 kill(daemon->tcp_pids[i], SIGALRM);
1189
1190 #if defined(HAVE_SCRIPT)
1191 /* handle pending lease transitions */
1192 if (daemon->helperfd != -1)
1193 {
1194 /* block in writes until all done */
1195 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1196 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1197 do {
1198 helper_write();
1199 } while (!helper_buf_empty() || do_script_run(now));
1200 close(daemon->helperfd);
1201 }
1202 #endif
1203
1204 //Originally TOMATO tweak
1205 #if defined(HAVE_DHCP) && defined(HAVE_LEASEFILE_EXPIRE)
1206 if (daemon->dhcp || daemon->dhcp6)
1207 flush_lease_file(now);
1208 #endif
1209
1210 if (daemon->lease_stream)
1211 fclose(daemon->lease_stream);
1212
1213 if (daemon->runfile)
1214 unlink(daemon->runfile);
1215
1216 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1217 flush_log();
1218 exit(EC_GOOD);
1219 }
1220 }
1221
1222 void poll_resolv(int force, int do_reload, time_t now)
1223 {
1224 struct resolvc *res, *latest;
1225 struct stat statbuf;
1226 time_t last_change = 0;
1227 /* There may be more than one possible file.
1228 Go through and find the one which changed _last_.
1229 Warn of any which can't be read. */
1230
1231 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
1232 return;
1233
1234 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1235 if (stat(res->name, &statbuf) == -1)
1236 {
1237 if (force)
1238 {
1239 res->mtime = 0;
1240 continue;
1241 }
1242
1243 if (!res->logged)
1244 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1245 res->logged = 1;
1246
1247 if (res->mtime != 0)
1248 {
1249 /* existing file evaporated, force selection of the latest
1250 file even if its mtime hasn't changed since we last looked */
1251 poll_resolv(1, do_reload, now);
1252 return;
1253 }
1254 }
1255 else
1256 {
1257 res->logged = 0;
1258 if (force || (statbuf.st_mtime != res->mtime))
1259 {
1260 res->mtime = statbuf.st_mtime;
1261 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1262 {
1263 last_change = statbuf.st_mtime;
1264 latest = res;
1265 /* This is now commented out
1266 #ifdef HAVE_TOMATO
1267 break;
1268 #endif //TOMATO - Really don't understand what this break is trying to acheive/avoid
1269 */
1270 }
1271 }
1272 }
1273
1274 if (latest)
1275 {
1276 static int warned = 0;
1277 if (reload_servers(latest->name))
1278 {
1279 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1280 warned = 0;
1281 check_servers();
1282 if (option_bool(OPT_RELOAD) && do_reload)
1283 clear_cache_and_reload(now);
1284 }
1285 else
1286 {
1287 latest->mtime = 0;
1288 if (!warned)
1289 {
1290 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1291 warned = 1;
1292 }
1293 }
1294 }
1295 }
1296
1297 void clear_cache_and_reload(time_t now)
1298 {
1299 if (daemon->port != 0)
1300 cache_reload();
1301
1302 #ifdef HAVE_DHCP
1303 if (daemon->dhcp || daemon->doing_dhcp6)
1304 {
1305 if (option_bool(OPT_ETHERS))
1306 dhcp_read_ethers();
1307 reread_dhcp();
1308 dhcp_update_configs(daemon->dhcp_conf);
1309 lease_update_from_configs();
1310 lease_update_file(now);
1311 lease_update_dns(1);
1312 }
1313 #ifdef HAVE_DHCP6
1314 else if (daemon->doing_ra)
1315 /* Not doing DHCP, so no lease system, manage
1316 alarms for ra only */
1317 send_alarm(periodic_ra(now), now);
1318 #endif
1319 #endif
1320 }
1321
1322 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1323 {
1324 struct serverfd *serverfdp;
1325 struct listener *listener;
1326 int wait = 0, i;
1327
1328 #ifdef HAVE_TFTP
1329 int tftp = 0;
1330 struct tftp_transfer *transfer;
1331 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1332 {
1333 tftp++;
1334 FD_SET(transfer->sockfd, set);
1335 bump_maxfd(transfer->sockfd, maxfdp);
1336 }
1337 #endif
1338
1339 /* will we be able to get memory? */
1340 if (daemon->port != 0)
1341 get_new_frec(now, &wait);
1342
1343 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1344 {
1345 FD_SET(serverfdp->fd, set);
1346 bump_maxfd(serverfdp->fd, maxfdp);
1347 }
1348
1349 if (daemon->port != 0 && !daemon->osport)
1350 for (i = 0; i < RANDOM_SOCKS; i++)
1351 if (daemon->randomsocks[i].refcount != 0)
1352 {
1353 FD_SET(daemon->randomsocks[i].fd, set);
1354 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1355 }
1356
1357 for (listener = daemon->listeners; listener; listener = listener->next)
1358 {
1359 /* only listen for queries if we have resources */
1360 if (listener->fd != -1 && wait == 0)
1361 {
1362 FD_SET(listener->fd, set);
1363 bump_maxfd(listener->fd, maxfdp);
1364 }
1365
1366 /* death of a child goes through the select loop, so
1367 we don't need to explicitly arrange to wake up here */
1368 if (listener->tcpfd != -1)
1369 for (i = 0; i < MAX_PROCS; i++)
1370 if (daemon->tcp_pids[i] == 0)
1371 {
1372 FD_SET(listener->tcpfd, set);
1373 bump_maxfd(listener->tcpfd, maxfdp);
1374 break;
1375 }
1376
1377 #ifdef HAVE_TFTP
1378 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1379 {
1380 FD_SET(listener->tftpfd, set);
1381 bump_maxfd(listener->tftpfd, maxfdp);
1382 }
1383 #endif
1384
1385 }
1386
1387 return wait;
1388 }
1389
1390 static void check_dns_listeners(fd_set *set, time_t now)
1391 {
1392 struct serverfd *serverfdp;
1393 struct listener *listener;
1394 int i;
1395
1396 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1397 if (FD_ISSET(serverfdp->fd, set))
1398 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1399
1400 if (daemon->port != 0 && !daemon->osport)
1401 for (i = 0; i < RANDOM_SOCKS; i++)
1402 if (daemon->randomsocks[i].refcount != 0 &&
1403 FD_ISSET(daemon->randomsocks[i].fd, set))
1404 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1405
1406 for (listener = daemon->listeners; listener; listener = listener->next)
1407 {
1408 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1409 receive_query(listener, now);
1410
1411 #ifdef HAVE_TFTP
1412 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1413 tftp_request(listener, now);
1414 #endif
1415
1416 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1417 {
1418 int confd, client_ok = 1;
1419 struct irec *iface = NULL;
1420 pid_t p;
1421 union mysockaddr tcp_addr;
1422 socklen_t tcp_len = sizeof(union mysockaddr);
1423
1424 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1425
1426 if (confd == -1)
1427 continue;
1428
1429 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1430 {
1431 close(confd);
1432 continue;
1433 }
1434
1435 /* Make sure that the interface list is up-to-date.
1436
1437 We do this here as we may need the results below, and
1438 the DNS code needs them for --interface-name stuff.
1439
1440 Multiple calls to enumerate_interfaces() per select loop are
1441 inhibited, so calls to it in the child process (which doesn't select())
1442 have no effect. This avoids two processes reading from the same
1443 netlink fd and screwing the pooch entirely.
1444 */
1445
1446 enumerate_interfaces(0);
1447
1448 if (option_bool(OPT_NOWILD))
1449 iface = listener->iface; /* May be NULL */
1450 else
1451 {
1452 int if_index;
1453 char intr_name[IF_NAMESIZE];
1454
1455 /* if we can find the arrival interface, check it's one that's allowed */
1456 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1457 indextoname(listener->tcpfd, if_index, intr_name))
1458 {
1459 struct all_addr addr;
1460 addr.addr.addr4 = tcp_addr.in.sin_addr;
1461 #ifdef HAVE_IPV6
1462 if (tcp_addr.sa.sa_family == AF_INET6)
1463 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
1464 #endif
1465
1466 for (iface = daemon->interfaces; iface; iface = iface->next)
1467 if (iface->index == if_index)
1468 break;
1469
1470 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1471 client_ok = 0;
1472 }
1473
1474 if (option_bool(OPT_CLEVERBIND))
1475 iface = listener->iface; /* May be NULL */
1476 else
1477 {
1478 /* Check for allowed interfaces when binding the wildcard address:
1479 we do this by looking for an interface with the same address as
1480 the local address of the TCP connection, then looking to see if that's
1481 an allowed interface. As a side effect, we get the netmask of the
1482 interface too, for localisation. */
1483
1484 for (iface = daemon->interfaces; iface; iface = iface->next)
1485 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1486 break;
1487
1488 if (!iface)
1489 client_ok = 0;
1490 }
1491 }
1492
1493 if (!client_ok)
1494 {
1495 shutdown(confd, SHUT_RDWR);
1496 close(confd);
1497 }
1498 #ifndef NO_FORK
1499 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
1500 {
1501 if (p != -1)
1502 {
1503 int i;
1504 for (i = 0; i < MAX_PROCS; i++)
1505 if (daemon->tcp_pids[i] == 0)
1506 {
1507 daemon->tcp_pids[i] = p;
1508 break;
1509 }
1510 }
1511 close(confd);
1512 }
1513 #endif
1514 else
1515 {
1516 unsigned char *buff;
1517 struct server *s;
1518 int flags;
1519 struct in_addr netmask;
1520 int auth_dns;
1521
1522 if (iface)
1523 {
1524 netmask = iface->netmask;
1525 auth_dns = iface->dns_auth;
1526 }
1527 else
1528 {
1529 netmask.s_addr = 0;
1530 auth_dns = 0;
1531 }
1532
1533 #ifndef NO_FORK
1534 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1535 terminate the process. */
1536 if (!option_bool(OPT_DEBUG))
1537 alarm(CHILD_LIFETIME);
1538 #endif
1539
1540 /* start with no upstream connections. */
1541 for (s = daemon->servers; s; s = s->next)
1542 s->tcpfd = -1;
1543
1544 /* The connected socket inherits non-blocking
1545 attribute from the listening socket.
1546 Reset that here. */
1547 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1548 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1549
1550 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
1551
1552 shutdown(confd, SHUT_RDWR);
1553 close(confd);
1554
1555 if (buff)
1556 free(buff);
1557
1558 for (s = daemon->servers; s; s = s->next)
1559 if (s->tcpfd != -1)
1560 {
1561 shutdown(s->tcpfd, SHUT_RDWR);
1562 close(s->tcpfd);
1563 }
1564 #ifndef NO_FORK
1565 if (!option_bool(OPT_DEBUG))
1566 {
1567 flush_log();
1568 _exit(0);
1569 }
1570 #endif
1571 }
1572 }
1573 }
1574 }
1575
1576 #ifdef HAVE_DHCP
1577 int make_icmp_sock(void)
1578 {
1579 int fd;
1580 int zeroopt = 0;
1581
1582 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1583 {
1584 if (!fix_fd(fd) ||
1585 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1586 {
1587 close(fd);
1588 fd = -1;
1589 }
1590 }
1591
1592 return fd;
1593 }
1594
1595 int icmp_ping(struct in_addr addr)
1596 {
1597 /* Try and get an ICMP echo from a machine. */
1598
1599 /* Note that whilst in the three second wait, we check for
1600 (and service) events on the DNS and TFTP sockets, (so doing that
1601 better not use any resources our caller has in use...)
1602 but we remain deaf to signals or further DHCP packets. */
1603
1604 int fd;
1605 struct sockaddr_in saddr;
1606 struct {
1607 struct ip ip;
1608 struct icmp icmp;
1609 } packet;
1610 unsigned short id = rand16();
1611 unsigned int i, j;
1612 int gotreply = 0;
1613 time_t start, now;
1614
1615 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1616 if ((fd = make_icmp_sock()) == -1)
1617 return 0;
1618 #else
1619 int opt = 2000;
1620 fd = daemon->dhcp_icmp_fd;
1621 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1622 #endif
1623
1624 saddr.sin_family = AF_INET;
1625 saddr.sin_port = 0;
1626 saddr.sin_addr = addr;
1627 #ifdef HAVE_SOCKADDR_SA_LEN
1628 saddr.sin_len = sizeof(struct sockaddr_in);
1629 #endif
1630
1631 memset(&packet.icmp, 0, sizeof(packet.icmp));
1632 packet.icmp.icmp_type = ICMP_ECHO;
1633 packet.icmp.icmp_id = id;
1634 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1635 j += ((u16 *)&packet.icmp)[i];
1636 while (j>>16)
1637 j = (j & 0xffff) + (j >> 16);
1638 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1639
1640 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1641 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1642 retry_send());
1643
1644 for (now = start = dnsmasq_time();
1645 difftime(now, start) < (float)PING_WAIT;)
1646 {
1647 struct timeval tv;
1648 fd_set rset, wset;
1649 struct sockaddr_in faddr;
1650 int maxfd = fd;
1651 socklen_t len = sizeof(faddr);
1652
1653 tv.tv_usec = 250000;
1654 tv.tv_sec = 0;
1655
1656 FD_ZERO(&rset);
1657 FD_ZERO(&wset);
1658 FD_SET(fd, &rset);
1659 set_dns_listeners(now, &rset, &maxfd);
1660 set_log_writer(&wset, &maxfd);
1661
1662 #ifdef HAVE_DHCP6
1663 if (daemon->doing_ra)
1664 {
1665 FD_SET(daemon->icmp6fd, &rset);
1666 bump_maxfd(daemon->icmp6fd, &maxfd);
1667 }
1668 #endif
1669
1670 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1671 {
1672 FD_ZERO(&rset);
1673 FD_ZERO(&wset);
1674 }
1675
1676 now = dnsmasq_time();
1677
1678 check_log_writer(&wset);
1679 check_dns_listeners(&rset, now);
1680
1681 #ifdef HAVE_DHCP6
1682 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1683 icmp6_packet(now);
1684 #endif
1685
1686 #ifdef HAVE_TFTP
1687 check_tftp_listeners(&rset, now);
1688 #endif
1689
1690 if (FD_ISSET(fd, &rset) &&
1691 recvfrom(fd, &packet, sizeof(packet), 0,
1692 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1693 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1694 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1695 packet.icmp.icmp_seq == 0 &&
1696 packet.icmp.icmp_id == id)
1697 {
1698 gotreply = 1;
1699 break;
1700 }
1701 }
1702
1703 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1704 close(fd);
1705 #else
1706 opt = 1;
1707 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1708 #endif
1709
1710 return gotreply;
1711 }
1712 #endif
1713
1714
Tomato firmware and modifications.