search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Dnsmasq v2.68 rc4
[tomato.git] / release / src / router / dnsmasq / src / dnsmasq.c
blobf7828e4d6ce7fdec689479fcd2a2340e6798bbf8
1 /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16 /* Jon Zarate AFAIK wrote the original Tomato specific code, primarily to
17 support extra info in the GUI. Following is a vague clue as to how it
18 hangs together.
19
20 device list status is handled by www/devlist.c - this sends a SIGUSR2
21 to dnsmasq which causes the 'tomato_helper' function to execute in
22 addition to the normal dnsmasq SIGUSR2 code (Switch logfile, but since
23 Tomato not using that it doesn't matter) devlist.c waits up to 5 secs
24 for file '/var/tmp/dhcp/leases.!' to disappear before continuing
25 (Must be a better way to do this IPC stuff)
26
27 tomato_helper(lease.c) does a couple of things:
28
29 It looks for /var/tmp/dhcp/delete and deletes any known leases by IP
30 address found therein. It deletes /var/tmp/dhcp/delete when done.
31 This implements the 'delete lease' from GUI functionality.
32
33 It dumps the current dhcp leases into /var/tmp/dhcp/lease.! (tmp file)
34 subtracting the current time from the lease expiry time, thus producing
35 a 'lease remaining' time for the GUI.
36 The temp file is renamed to /var/tmp/dhcp/leases thus signalling devlist.c
37 that it may proceed. Finally when devlist.c is finished
38 /var/tmp/dhcp/leases is removed.
39
40 rfc2131.c implements a 'Quiet DHCP' option (don't log DHCP stuff) first
41 implemented by 'Teddy Bear'.
42
43 dnsmasq.c also intercepts SIGHUP so that it may flush the lease file.
44 This is so lease expiry times survive a process restart since dnsmasq
45 reads the lease file at start-up.
46
47 Finally(?) lease_update_file (lease.c) writes out the remaining lease
48 duration for each dhcp lease rather than lease expiry time (with RTC) or
49 lease length (no RTC) for dnsmasq's internal lease database.
50 asuswrt does a similar thing with lease durations though the code is
51 different. Ideally the code would be merged in such a way that Tomato
52 and asuswrt-merlin can code share without even thinking...another project!
53
54 dhcp lease file is /var/lib/misc/dnsmasq.leases
55
56 Above description K Darbyshire-Bryant 02/05/13 Hope it helps someone
57 */
58
59
60
61 /* Declare static char *compiler_opts in config.h */
62 #define DNSMASQ_COMPILE_OPTS
63
64 #include "dnsmasq.h"
65
66 struct daemon *daemon;
67
68 static volatile pid_t pid = 0;
69 static volatile int pipewrite;
70
71 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
72 static void check_dns_listeners(fd_set *set, time_t now);
73 static void sig_handler(int sig);
74 static void async_event(int pipe, time_t now);
75 static void fatal_event(struct event_desc *ev, char *msg);
76 static int read_event(int fd, struct event_desc *evp, char **msg);
77
78
79 int main (int argc, char **argv)
80 {
81 int bind_fallback = 0;
82 time_t now;
83 struct sigaction sigact;
84 struct iname *if_tmp;
85 int piperead, pipefd[2], err_pipe[2];
86 struct passwd *ent_pw = NULL;
87 #if defined(HAVE_SCRIPT)
88 uid_t script_uid = 0;
89 gid_t script_gid = 0;
90 #endif
91 struct group *gp = NULL;
92 long i, max_fd = sysconf(_SC_OPEN_MAX);
93 char *baduser = NULL;
94 int log_err;
95 #if defined(HAVE_LINUX_NETWORK)
96 cap_user_header_t hdr = NULL;
97 cap_user_data_t data = NULL;
98 char *bound_device = NULL;
99 int did_bind = 0;
100 #endif
101 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
102 struct dhcp_context *context;
103 struct dhcp_relay *relay;
104 #endif
105
106 #ifdef LOCALEDIR
107 setlocale(LC_ALL, "");
108 bindtextdomain("dnsmasq", LOCALEDIR);
109 textdomain("dnsmasq");
110 #endif
111
112 sigact.sa_handler = sig_handler;
113 sigact.sa_flags = 0;
114 sigemptyset(&sigact.sa_mask);
115 sigaction(SIGUSR1, &sigact, NULL);
116 sigaction(SIGUSR2, &sigact, NULL);
117 sigaction(SIGHUP, &sigact, NULL);
118 sigaction(SIGTERM, &sigact, NULL);
119 sigaction(SIGALRM, &sigact, NULL);
120 sigaction(SIGCHLD, &sigact, NULL);
121
122 /* ignore SIGPIPE */
123 sigact.sa_handler = SIG_IGN;
124 sigaction(SIGPIPE, &sigact, NULL);
125
126 umask(022); /* known umask, create leases and pid files as 0644 */
127
128 read_opts(argc, argv, compile_opts);
129
130 if (daemon->edns_pktsz < PACKETSZ)
131 daemon->edns_pktsz = PACKETSZ;
132 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
133 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
134 daemon->packet = safe_malloc(daemon->packet_buff_sz);
135
136 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
137
138
139 #ifdef HAVE_DHCP
140 if (!daemon->lease_file)
141 {
142 if (daemon->dhcp || daemon->dhcp6)
143 daemon->lease_file = LEASEFILE;
144 }
145 #endif
146
147 /* Close any file descriptors we inherited apart from std{in|out|err}
148
149 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
150 otherwise file descriptors we create can end up being 0, 1, or 2
151 and then get accidentally closed later when we make 0, 1, and 2
152 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
153 but it's not guaranteed. By opening /dev/null three times, we
154 ensure that we're not using those fds for real stuff. */
155 for (i = 0; i < max_fd; i++)
156 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
157 close(i);
158 else
159 open("/dev/null", O_RDWR);
160
161 #ifndef HAVE_LINUX_NETWORK
162 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
163 if (!option_bool(OPT_NOWILD))
164 {
165 bind_fallback = 1;
166 set_option_bool(OPT_NOWILD);
167 }
168 # endif
169
170 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
171 if (option_bool(OPT_CLEVERBIND))
172 {
173 bind_fallback = 1;
174 set_option_bool(OPT_NOWILD);
175 reset_option_bool(OPT_CLEVERBIND);
176 }
177 #endif
178
179 #ifndef HAVE_TFTP
180 if (option_bool(OPT_TFTP))
181 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
182 #endif
183
184 #ifdef HAVE_CONNTRACK
185 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
186 die (_("Cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
187 #else
188 if (option_bool(OPT_CONNTRACK))
189 die(_("Conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
190 #endif
191
192 #ifdef HAVE_SOLARIS_NETWORK
193 if (daemon->max_logs != 0)
194 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
195 #endif
196
197 #ifdef __ANDROID__
198 if (daemon->max_logs != 0)
199 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
200 #endif
201
202 #ifndef HAVE_AUTH
203 if (daemon->authserver)
204 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
205 #endif
206
207 rand_init();
208
209 now = dnsmasq_time();
210
211 /* Create a serial at startup if not configured. */
212 if (daemon->authinterface && daemon->soa_sn == 0)
213 #ifdef HAVE_BROKEN_RTC
214 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
215 #else
216 daemon->soa_sn = now;
217 #endif
218
219 #ifdef HAVE_DHCP6
220 if (daemon->dhcp6)
221 {
222 daemon->doing_ra = option_bool(OPT_RA);
223
224 for (context = daemon->dhcp6; context; context = context->next)
225 {
226 if (context->flags & CONTEXT_DHCP)
227 daemon->doing_dhcp6 = 1;
228 if (context->flags & CONTEXT_RA)
229 daemon->doing_ra = 1;
230 #ifndef HAVE_LINUX_NETWORK
231 if (context->flags & CONTEXT_TEMPLATE)
232 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
233 #endif
234 }
235 }
236 #endif
237
238 #ifdef HAVE_DHCP
239 /* Note that order matters here, we must call lease_init before
240 creating any file descriptors which shouldn't be leaked
241 to the lease-script init process. We need to call common_init
242 before lease_init to allocate buffers it uses.*/
243 if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6)
244 {
245 dhcp_common_init();
246 if (daemon->dhcp || daemon->doing_dhcp6)
247 lease_init(now);
248 }
249
250 if (daemon->dhcp || daemon->relay4)
251 dhcp_init();
252
253 # ifdef HAVE_DHCP6
254 if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6)
255 ra_init(now);
256
257 if (daemon->doing_dhcp6 || daemon->relay6)
258 dhcp6_init();
259 # endif
260
261 #endif
262
263 #ifdef HAVE_IPSET
264 if (daemon->ipsets)
265 ipset_init();
266 #endif
267
268 #ifdef HAVE_LINUX_NETWORK
269 netlink_init();
270
271 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
272 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
273 #endif
274
275 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
276 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
277
278 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
279 {
280 create_bound_listeners(1);
281
282 if (!option_bool(OPT_CLEVERBIND))
283 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
284 if (if_tmp->name && !if_tmp->used)
285 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
286
287 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
288 /* after enumerate_interfaces() */
289 bound_device = whichdevice();
290
291 if (daemon->dhcp)
292 {
293 if (!daemon->relay4 && bound_device)
294 {
295 bindtodevice(bound_device, daemon->dhcpfd);
296 did_bind = 1;
297 }
298 if (daemon->enable_pxe && bound_device)
299 {
300 bindtodevice(bound_device, daemon->pxefd);
301 did_bind = 1;
302 }
303 }
304 #endif
305
306 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
307 if (daemon->doing_dhcp6 && !daemon->relay6 && bound_device)
308 {
309 bindtodevice(bound_device, daemon->dhcp6fd);
310 did_bind = 1;
311 }
312 #endif
313 }
314 else
315 create_wildcard_listeners();
316
317 #ifdef HAVE_DHCP6
318 /* after enumerate_interfaces() */
319 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
320 join_multicast(1);
321
322 /* After netlink_init() and before create_helper() */
323 lease_make_duid(now);
324 #endif
325
326 if (daemon->port != 0)
327 cache_init();
328
329 if (option_bool(OPT_DBUS))
330 #ifdef HAVE_DBUS
331 {
332 char *err;
333 daemon->dbus = NULL;
334 daemon->watches = NULL;
335 if ((err = dbus_init()))
336 die(_("DBus error: %s"), err, EC_MISC);
337 }
338 #else
339 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
340 #endif
341
342 if (daemon->port != 0)
343 pre_allocate_sfds();
344
345 #if defined(HAVE_SCRIPT)
346 /* Note getpwnam returns static storage */
347 if ((daemon->dhcp || daemon->dhcp6) &&
348 daemon->scriptuser &&
349 (daemon->lease_change_command || daemon->luascript))
350 {
351 if ((ent_pw = getpwnam(daemon->scriptuser)))
352 {
353 script_uid = ent_pw->pw_uid;
354 script_gid = ent_pw->pw_gid;
355 }
356 else
357 baduser = daemon->scriptuser;
358 }
359 #endif
360
361 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
362 baduser = daemon->username;
363 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
364 baduser = daemon->groupname;
365
366 if (baduser)
367 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
368
369 /* implement group defaults, "dip" if available, or group associated with uid */
370 if (!daemon->group_set && !gp)
371 {
372 if (!(gp = getgrnam(CHGRP)) && ent_pw)
373 gp = getgrgid(ent_pw->pw_gid);
374
375 /* for error message */
376 if (gp)
377 daemon->groupname = gp->gr_name;
378 }
379
380 #if defined(HAVE_LINUX_NETWORK)
381 /* determine capability API version here, while we can still
382 call safe_malloc */
383 if (ent_pw && ent_pw->pw_uid != 0)
384 {
385 int capsize = 1; /* for header version 1 */
386 hdr = safe_malloc(sizeof(*hdr));
387
388 /* find version supported by kernel */
389 memset(hdr, 0, sizeof(*hdr));
390 capget(hdr, NULL);
391
392 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
393 {
394 /* if unknown version, use largest supported version (3) */
395 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
396 hdr->version = LINUX_CAPABILITY_VERSION_3;
397 capsize = 2;
398 }
399
400 data = safe_malloc(sizeof(*data) * capsize);
401 memset(data, 0, sizeof(*data) * capsize);
402 }
403 #endif
404
405 /* Use a pipe to carry signals and other events back to the event loop
406 in a race-free manner and another to carry errors to daemon-invoking process */
407 safe_pipe(pipefd, 1);
408
409 piperead = pipefd[0];
410 pipewrite = pipefd[1];
411 /* prime the pipe to load stuff first time. */
412 send_event(pipewrite, EVENT_RELOAD, 0, NULL);
413
414 err_pipe[1] = -1;
415
416 if (!option_bool(OPT_DEBUG))
417 {
418 /* The following code "daemonizes" the process.
419 See Stevens section 12.4 */
420
421 if (chdir("/") != 0)
422 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
423
424 #ifndef NO_FORK
425 if (!option_bool(OPT_NO_FORK))
426 {
427 pid_t pid;
428
429 /* pipe to carry errors back to original process.
430 When startup is complete we close this and the process terminates. */
431 safe_pipe(err_pipe, 0);
432
433 if ((pid = fork()) == -1)
434 /* fd == -1 since we've not forked, never returns. */
435 send_event(-1, EVENT_FORK_ERR, errno, NULL);
436
437 if (pid != 0)
438 {
439 struct event_desc ev;
440 char *msg;
441
442 /* close our copy of write-end */
443 close(err_pipe[1]);
444
445 /* check for errors after the fork */
446 if (read_event(err_pipe[0], &ev, &msg))
447 fatal_event(&ev, msg);
448
449 _exit(EC_GOOD);
450 }
451
452 close(err_pipe[0]);
453
454 /* NO calls to die() from here on. */
455
456 setsid();
457
458 if ((pid = fork()) == -1)
459 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
460
461 if (pid != 0)
462 _exit(0);
463 }
464 #endif
465
466 /* write pidfile _after_ forking ! */
467 if (daemon->runfile)
468 {
469 int fd, err = 0;
470
471 sprintf(daemon->namebuff, "%d\n", (int) getpid());
472
473 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
474 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
475 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
476 extent that an attacker running as the unprivileged user could replace the pidfile with a
477 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
478
479 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
480 ensuring that the open() fails should there be any existing file (because the unlink() failed,
481 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
482 attack can succeed.
483
484 Any compromise of the non-privileged user still theoretically allows the pid-file to be
485 replaced whilst dnsmasq is running. The worst that could allow is that the usual
486 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
487
488 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
489 failure to write the pid-file.
490 */
491
492 unlink(daemon->runfile);
493
494 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
495 {
496 /* only complain if started as root */
497 if (getuid() == 0)
498 err = 1;
499 }
500 else
501 {
502 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
503 err = 1;
504
505 while (!err && close(fd) == -1)
506 if (!retry_send())
507 err = 1;
508 }
509
510 if (err)
511 {
512 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
513 _exit(0);
514 }
515 }
516 }
517
518 log_err = log_start(ent_pw, err_pipe[1]);
519
520 if (!option_bool(OPT_DEBUG))
521 {
522 /* open stdout etc to /dev/null */
523 int nullfd = open("/dev/null", O_RDWR);
524 dup2(nullfd, STDOUT_FILENO);
525 dup2(nullfd, STDERR_FILENO);
526 dup2(nullfd, STDIN_FILENO);
527 close(nullfd);
528 }
529
530 /* if we are to run scripts, we need to fork a helper before dropping root. */
531 daemon->helperfd = -1;
532 #ifdef HAVE_SCRIPT
533 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
534 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
535 #endif
536
537 if (!option_bool(OPT_DEBUG) && getuid() == 0)
538 {
539 int bad_capabilities = 0;
540 gid_t dummy;
541
542 /* remove all supplimentary groups */
543 if (gp &&
544 (setgroups(0, &dummy) == -1 ||
545 setgid(gp->gr_gid) == -1))
546 {
547 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
548 _exit(0);
549 }
550
551 if (ent_pw && ent_pw->pw_uid != 0)
552 {
553 #if defined(HAVE_LINUX_NETWORK)
554 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
555 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
556 ports because of DAD, or we're doing it dynamically,
557 we need CAP_NET_BIND_SERVICE too. */
558 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
559 data->effective = data->permitted = data->inheritable =
560 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
561 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
562 else
563 data->effective = data->permitted = data->inheritable =
564 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
565
566 /* Tell kernel to not clear capabilities when dropping root */
567 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
568 bad_capabilities = errno;
569
570 #elif defined(HAVE_SOLARIS_NETWORK)
571 /* http://developers.sun.com/solaris/articles/program_privileges.html */
572 priv_set_t *priv_set;
573
574 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
575 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
576 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
577 bad_capabilities = errno;
578
579 if (priv_set && bad_capabilities == 0)
580 {
581 priv_inverse(priv_set);
582
583 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
584 bad_capabilities = errno;
585 }
586
587 if (priv_set)
588 priv_freeset(priv_set);
589
590 #endif
591
592 if (bad_capabilities != 0)
593 {
594 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
595 _exit(0);
596 }
597
598 /* finally drop root */
599 if (setuid(ent_pw->pw_uid) == -1)
600 {
601 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
602 _exit(0);
603 }
604
605 #ifdef HAVE_LINUX_NETWORK
606 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
607 data->effective = data->permitted =
608 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
609 else
610 data->effective = data->permitted =
611 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
612 data->inheritable = 0;
613
614 /* lose the setuid and setgid capbilities */
615 if (capset(hdr, data) == -1)
616 {
617 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
618 _exit(0);
619 }
620 #endif
621
622 }
623 }
624
625 #ifdef HAVE_LINUX_NETWORK
626 if (option_bool(OPT_DEBUG))
627 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
628 #endif
629
630 #ifdef HAVE_TFTP
631 if (option_bool(OPT_TFTP))
632 {
633 DIR *dir;
634 struct tftp_prefix *p;
635
636 if (daemon->tftp_prefix)
637 {
638 if (!((dir = opendir(daemon->tftp_prefix))))
639 {
640 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
641 _exit(0);
642 }
643 closedir(dir);
644 }
645
646 for (p = daemon->if_prefix; p; p = p->next)
647 {
648 if (!((dir = opendir(p->prefix))))
649 {
650 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
651 _exit(0);
652 }
653 closedir(dir);
654 }
655 }
656 #endif
657
658 if (daemon->port == 0)
659 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
660 else if (daemon->cachesize != 0)
661 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
662 else
663 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
664
665 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
666
667 #ifdef HAVE_DBUS
668 if (option_bool(OPT_DBUS))
669 {
670 if (daemon->dbus)
671 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
672 else
673 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
674 }
675 #endif
676
677 if (log_err != 0)
678 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
679 daemon->log_file, strerror(log_err));
680
681 if (bind_fallback)
682 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
683
684 if (option_bool(OPT_NOWILD))
685 warn_bound_listeners();
686
687 warn_int_names();
688
689 if (!option_bool(OPT_NOWILD))
690 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
691 if (if_tmp->name && !if_tmp->used)
692 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
693
694 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
695 {
696 if (daemon->resolv_files && !daemon->resolv_files->is_default)
697 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
698 daemon->resolv_files = NULL;
699 if (!daemon->servers)
700 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
701 }
702
703 if (daemon->max_logs != 0)
704 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
705
706
707 #ifdef HAVE_DHCP
708 for (context = daemon->dhcp; context; context = context->next)
709 log_context(AF_INET, context);
710
711 for (relay = daemon->relay4; relay; relay = relay->next)
712 log_relay(AF_INET, relay);
713
714 # ifdef HAVE_DHCP6
715 for (context = daemon->dhcp6; context; context = context->next)
716 log_context(AF_INET6, context);
717
718 for (relay = daemon->relay6; relay; relay = relay->next)
719 log_relay(AF_INET6, relay);
720
721 if (daemon->doing_dhcp6 || daemon->doing_ra)
722 dhcp_construct_contexts(now);
723
724 if (option_bool(OPT_RA))
725 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
726 # endif
727
728 # ifdef HAVE_LINUX_NETWORK
729 if (did_bind)
730 my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device);
731 # endif
732
733 /* after dhcp_contruct_contexts */
734 if (daemon->dhcp || daemon->doing_dhcp6)
735 lease_find_interfaces(now);
736 #endif
737
738 #ifdef HAVE_TFTP
739 if (option_bool(OPT_TFTP))
740 {
741 #ifdef FD_SETSIZE
742 if (FD_SETSIZE < (unsigned)max_fd)
743 max_fd = FD_SETSIZE;
744 #endif
745
746 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
747 daemon->tftp_prefix ? _("root is ") : _("enabled"),
748 daemon->tftp_prefix ? daemon->tftp_prefix: "",
749 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
750
751 /* This is a guess, it assumes that for small limits,
752 disjoint files might be served, but for large limits,
753 a single file will be sent to may clients (the file only needs
754 one fd). */
755
756 max_fd -= 30; /* use other than TFTP */
757
758 if (max_fd < 0)
759 max_fd = 5;
760 else if (max_fd < 100)
761 max_fd = max_fd/2;
762 else
763 max_fd = max_fd - 20;
764
765 /* if we have to use a limited range of ports,
766 that will limit the number of transfers */
767 if (daemon->start_tftp_port != 0 &&
768 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
769 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
770
771 if (daemon->tftp_max > max_fd)
772 {
773 daemon->tftp_max = max_fd;
774 my_syslog(MS_TFTP | LOG_WARNING,
775 _("restricting maximum simultaneous TFTP transfers to %d"),
776 daemon->tftp_max);
777 }
778 }
779 #endif
780
781 /* finished start-up - release original process */
782 if (err_pipe[1] != -1)
783 close(err_pipe[1]);
784
785 if (daemon->port != 0)
786 check_servers();
787
788 pid = getpid();
789
790 while (1)
791 {
792 int maxfd = -1;
793 struct timeval t, *tp = NULL;
794 fd_set rset, wset, eset;
795
796 FD_ZERO(&rset);
797 FD_ZERO(&wset);
798 FD_ZERO(&eset);
799
800 /* if we are out of resources, find how long we have to wait
801 for some to come free, we'll loop around then and restart
802 listening for queries */
803 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
804 {
805 t.tv_usec = 0;
806 tp = &t;
807 }
808
809 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
810 if (daemon->tftp_trans ||
811 (option_bool(OPT_DBUS) && !daemon->dbus))
812 {
813 t.tv_sec = 0;
814 t.tv_usec = 250000;
815 tp = &t;
816 }
817 /* Wake every second whilst waiting for DAD to complete */
818 else if (is_dad_listeners())
819 {
820 t.tv_sec = 1;
821 t.tv_usec = 0;
822 tp = &t;
823 }
824
825 #ifdef HAVE_DBUS
826 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
827 #endif
828
829 #ifdef HAVE_DHCP
830 if (daemon->dhcp || daemon->relay4)
831 {
832 FD_SET(daemon->dhcpfd, &rset);
833 bump_maxfd(daemon->dhcpfd, &maxfd);
834 if (daemon->pxefd != -1)
835 {
836 FD_SET(daemon->pxefd, &rset);
837 bump_maxfd(daemon->pxefd, &maxfd);
838 }
839 }
840 #endif
841
842 #ifdef HAVE_DHCP6
843 if (daemon->doing_dhcp6 || daemon->relay6)
844 {
845 FD_SET(daemon->dhcp6fd, &rset);
846 bump_maxfd(daemon->dhcp6fd, &maxfd);
847 }
848
849 if (daemon->doing_ra)
850 {
851 FD_SET(daemon->icmp6fd, &rset);
852 bump_maxfd(daemon->icmp6fd, &maxfd);
853 }
854 #endif
855
856 #ifdef HAVE_LINUX_NETWORK
857 FD_SET(daemon->netlinkfd, &rset);
858 bump_maxfd(daemon->netlinkfd, &maxfd);
859 #endif
860
861 FD_SET(piperead, &rset);
862 bump_maxfd(piperead, &maxfd);
863
864 #ifdef HAVE_DHCP
865 # ifdef HAVE_SCRIPT
866 while (helper_buf_empty() && do_script_run(now));
867
868 # ifdef HAVE_TFTP
869 while (helper_buf_empty() && do_tftp_script_run());
870 # endif
871
872 if (!helper_buf_empty())
873 {
874 FD_SET(daemon->helperfd, &wset);
875 bump_maxfd(daemon->helperfd, &maxfd);
876 }
877 # else
878 /* need this for other side-effects */
879 while (do_script_run(now));
880
881 # ifdef HAVE_TFTP
882 while (do_tftp_script_run());
883 # endif
884
885 # endif
886 #endif
887
888 /* must do this just before select(), when we know no
889 more calls to my_syslog() can occur */
890 set_log_writer(&wset, &maxfd);
891
892 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
893 {
894 /* otherwise undefined after error */
895 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
896 }
897
898 now = dnsmasq_time();
899
900 check_log_writer(&wset);
901
902 /* prime. */
903 enumerate_interfaces(1);
904
905 /* Check the interfaces to see if any have exited DAD state
906 and if so, bind the address. */
907 if (is_dad_listeners())
908 {
909 enumerate_interfaces(0);
910 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
911 create_bound_listeners(0);
912 warn_bound_listeners();
913 }
914
915 #ifdef HAVE_LINUX_NETWORK
916 if (FD_ISSET(daemon->netlinkfd, &rset))
917 netlink_multicast(now);
918 #endif
919
920 /* Check for changes to resolv files once per second max. */
921 /* Don't go silent for long periods if the clock goes backwards. */
922 if (daemon->last_resolv == 0 ||
923 difftime(now, daemon->last_resolv) > 1.0 ||
924 difftime(now, daemon->last_resolv) < -1.0)
925 {
926 /* poll_resolv doesn't need to reload first time through, since
927 that's queued anyway. */
928
929 poll_resolv(0, daemon->last_resolv != 0, now);
930 daemon->last_resolv = now;
931 }
932
933 if (FD_ISSET(piperead, &rset))
934 async_event(piperead, now);
935
936 #ifdef HAVE_DBUS
937 /* if we didn't create a DBus connection, retry now. */
938 if (option_bool(OPT_DBUS) && !daemon->dbus)
939 {
940 char *err;
941 if ((err = dbus_init()))
942 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
943 if (daemon->dbus)
944 my_syslog(LOG_INFO, _("connected to system DBus"));
945 }
946 check_dbus_listeners(&rset, &wset, &eset);
947 #endif
948
949 check_dns_listeners(&rset, now);
950
951 #ifdef HAVE_TFTP
952 check_tftp_listeners(&rset, now);
953 #endif
954
955 #ifdef HAVE_DHCP
956 if (daemon->dhcp || daemon->relay4)
957 {
958 if (FD_ISSET(daemon->dhcpfd, &rset))
959 dhcp_packet(now, 0);
960 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
961 dhcp_packet(now, 1);
962 }
963
964 #ifdef HAVE_DHCP6
965 if ((daemon->doing_dhcp6 || daemon->relay6) && FD_ISSET(daemon->dhcp6fd, &rset))
966 dhcp6_packet(now);
967
968 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
969 icmp6_packet(now);
970 #endif
971
972 # ifdef HAVE_SCRIPT
973 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
974 helper_write();
975 # endif
976 #endif
977
978 }
979 }
980
981 static void sig_handler(int sig)
982 {
983 if (pid == 0)
984 {
985 /* ignore anything other than TERM during startup
986 and in helper proc. (helper ignore TERM too) */
987 if (sig == SIGTERM)
988 exit(EC_MISC);
989 }
990 else if (pid != getpid())
991 {
992 /* alarm is used to kill TCP children after a fixed time. */
993 if (sig == SIGALRM)
994 _exit(0);
995 }
996 else
997 {
998 /* master process */
999 int event, errsave = errno;
1000
1001 if (sig == SIGHUP)
1002 event = EVENT_RELOAD;
1003 else if (sig == SIGCHLD)
1004 event = EVENT_CHILD;
1005 else if (sig == SIGALRM)
1006 event = EVENT_ALARM;
1007 else if (sig == SIGTERM)
1008 event = EVENT_TERM;
1009 else if (sig == SIGUSR1)
1010 event = EVENT_DUMP;
1011 else if (sig == SIGUSR2)
1012 event = EVENT_REOPEN;
1013 else
1014 return;
1015
1016 send_event(pipewrite, event, 0, NULL);
1017 errno = errsave;
1018 }
1019 }
1020
1021 /* now == 0 -> queue immediate callback */
1022 void send_alarm(time_t event, time_t now)
1023 {
1024 if (now == 0 || event != 0)
1025 {
1026 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1027 if ((now == 0 || difftime(event, now) <= 0.0))
1028 send_event(pipewrite, EVENT_ALARM, 0, NULL);
1029 else
1030 alarm((unsigned)difftime(event, now));
1031 }
1032 }
1033
1034 void send_event(int fd, int event, int data, char *msg)
1035 {
1036 struct event_desc ev;
1037 struct iovec iov[2];
1038
1039 ev.event = event;
1040 ev.data = data;
1041 ev.msg_sz = msg ? strlen(msg) : 0;
1042
1043 iov[0].iov_base = &ev;
1044 iov[0].iov_len = sizeof(ev);
1045 iov[1].iov_base = msg;
1046 iov[1].iov_len = ev.msg_sz;
1047
1048 /* error pipe, debug mode. */
1049 if (fd == -1)
1050 fatal_event(&ev, msg);
1051 else
1052 /* pipe is non-blocking and struct event_desc is smaller than
1053 PIPE_BUF, so this either fails or writes everything */
1054 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
1055 }
1056
1057 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1058 to describe fatal errors. */
1059 static int read_event(int fd, struct event_desc *evp, char **msg)
1060 {
1061 char *buf;
1062
1063 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1064 return 0;
1065
1066 *msg = NULL;
1067
1068 if (evp->msg_sz != 0 &&
1069 (buf = malloc(evp->msg_sz + 1)) &&
1070 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1071 {
1072 buf[evp->msg_sz] = 0;
1073 *msg = buf;
1074 }
1075
1076 return 1;
1077 }
1078
1079 static void fatal_event(struct event_desc *ev, char *msg)
1080 {
1081 errno = ev->data;
1082
1083 switch (ev->event)
1084 {
1085 case EVENT_DIE:
1086 exit(0);
1087
1088 case EVENT_FORK_ERR:
1089 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1090
1091 case EVENT_PIPE_ERR:
1092 die(_("failed to create helper: %s"), NULL, EC_MISC);
1093
1094 case EVENT_CAP_ERR:
1095 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1096
1097 case EVENT_USER_ERR:
1098 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1099
1100 case EVENT_GROUP_ERR:
1101 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1102
1103 case EVENT_PIDFILE:
1104 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1105
1106 case EVENT_LOG_ERR:
1107 die(_("cannot open log %s: %s"), msg, EC_FILE);
1108
1109 case EVENT_LUA_ERR:
1110 die(_("failed to load Lua script: %s"), msg, EC_MISC);
1111
1112 case EVENT_TFTP_ERR:
1113 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1114 }
1115 }
1116
1117 static void async_event(int pipe, time_t now)
1118 {
1119 pid_t p;
1120 struct event_desc ev;
1121 int i;
1122 char *msg;
1123
1124 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1125 to describe fatal errors. */
1126
1127 if (read_event(pipe, &ev, &msg))
1128 switch (ev.event)
1129 {
1130 case EVENT_RELOAD:
1131 clear_cache_and_reload(now);
1132 if (daemon->port != 0 && daemon->resolv_files && option_bool(OPT_NO_POLL))
1133 {
1134 reload_servers(daemon->resolv_files->name);
1135 check_servers();
1136 }
1137 #ifdef HAVE_DHCP
1138 rerun_scripts();
1139 #endif
1140 break;
1141
1142 case EVENT_DUMP:
1143 if (daemon->port != 0)
1144 dump_cache(now);
1145 break;
1146
1147 case EVENT_ALARM:
1148 #ifdef HAVE_DHCP
1149 if (daemon->dhcp || daemon->doing_dhcp6)
1150 {
1151 lease_prune(NULL, now);
1152 lease_update_file(now);
1153 }
1154 #ifdef HAVE_DHCP6
1155 else if (daemon->doing_ra)
1156 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1157 send_alarm(periodic_ra(now), now);
1158 #endif
1159 #endif
1160 break;
1161
1162 case EVENT_CHILD:
1163 /* See Stevens 5.10 */
1164 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1165 if (p == -1)
1166 {
1167 if (errno != EINTR)
1168 break;
1169 }
1170 else
1171 for (i = 0 ; i < MAX_PROCS; i++)
1172 if (daemon->tcp_pids[i] == p)
1173 daemon->tcp_pids[i] = 0;
1174 break;
1175
1176 case EVENT_KILLED:
1177 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
1178 break;
1179
1180 case EVENT_EXITED:
1181 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
1182 break;
1183
1184 case EVENT_EXEC_ERR:
1185 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1186 daemon->lease_change_command, strerror(ev.data));
1187 break;
1188
1189 /* necessary for fatal errors in helper */
1190 case EVENT_USER_ERR:
1191 case EVENT_DIE:
1192 case EVENT_LUA_ERR:
1193 fatal_event(&ev, msg);
1194 break;
1195
1196 case EVENT_REOPEN:
1197 /* Note: this may leave TCP-handling processes with the old file still open.
1198 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1199 we leave them logging to the old file. */
1200
1201 if (daemon->log_file != NULL)
1202 log_reopen(daemon->log_file);
1203
1204 #ifdef HAVE_TOMATO
1205 tomato_helper(now); //possibly delete & write out leases for tomato
1206 #endif //TOMATO
1207 /* following is Asus tweak. Interestingly Asus read the dnsmasq leases db
1208 directly. They signal dnsmasq to update via SIGUSR2 and wait 1 second
1209 assuming the file will be complete by the time they come to parse it.
1210 Race conditions anyone? What if dnsmasq happens to be updating the
1211 file anyway? */
1212 #if defined(HAVE_DHCP) && defined(HAVE_LEASEFILE_EXPIRE) && !defined(HAVE_TOMATO)
1213 if (daemon->dhcp || daemon->dhcp6)
1214 flush_lease_file(now);
1215 #endif
1216 break;
1217
1218 case EVENT_TERM:
1219 /* Knock all our children on the head. */
1220 for (i = 0; i < MAX_PROCS; i++)
1221 if (daemon->tcp_pids[i] != 0)
1222 kill(daemon->tcp_pids[i], SIGALRM);
1223
1224 #if defined(HAVE_SCRIPT)
1225 /* handle pending lease transitions */
1226 if (daemon->helperfd != -1)
1227 {
1228 /* block in writes until all done */
1229 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1230 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1231 do {
1232 helper_write();
1233 } while (!helper_buf_empty() || do_script_run(now));
1234 close(daemon->helperfd);
1235 }
1236 #endif
1237
1238 //Originally TOMATO tweak
1239 #if defined(HAVE_DHCP) && defined(HAVE_LEASEFILE_EXPIRE)
1240 if (daemon->dhcp || daemon->dhcp6)
1241 flush_lease_file(now);
1242 #endif
1243
1244 if (daemon->lease_stream)
1245 fclose(daemon->lease_stream);
1246
1247 if (daemon->runfile)
1248 unlink(daemon->runfile);
1249
1250 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1251 flush_log();
1252 exit(EC_GOOD);
1253 }
1254 }
1255
1256 void poll_resolv(int force, int do_reload, time_t now)
1257 {
1258 struct resolvc *res, *latest;
1259 struct stat statbuf;
1260 time_t last_change = 0;
1261 /* There may be more than one possible file.
1262 Go through and find the one which changed _last_.
1263 Warn of any which can't be read. */
1264
1265 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
1266 return;
1267
1268 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1269 if (stat(res->name, &statbuf) == -1)
1270 {
1271 if (force)
1272 {
1273 res->mtime = 0;
1274 continue;
1275 }
1276
1277 if (!res->logged)
1278 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1279 res->logged = 1;
1280
1281 if (res->mtime != 0)
1282 {
1283 /* existing file evaporated, force selection of the latest
1284 file even if its mtime hasn't changed since we last looked */
1285 poll_resolv(1, do_reload, now);
1286 return;
1287 }
1288 }
1289 else
1290 {
1291 res->logged = 0;
1292 if (force || (statbuf.st_mtime != res->mtime))
1293 {
1294 res->mtime = statbuf.st_mtime;
1295 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1296 {
1297 last_change = statbuf.st_mtime;
1298 latest = res;
1299 /* This is now commented out
1300 #ifdef HAVE_TOMATO
1301 break;
1302 #endif //TOMATO - Really don't understand what this break is trying to acheive/avoid
1303 */
1304 }
1305 }
1306 }
1307
1308 if (latest)
1309 {
1310 static int warned = 0;
1311 if (reload_servers(latest->name))
1312 {
1313 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1314 warned = 0;
1315 check_servers();
1316 if (option_bool(OPT_RELOAD) && do_reload)
1317 clear_cache_and_reload(now);
1318 }
1319 else
1320 {
1321 latest->mtime = 0;
1322 if (!warned)
1323 {
1324 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1325 warned = 1;
1326 }
1327 }
1328 }
1329 }
1330
1331 void clear_cache_and_reload(time_t now)
1332 {
1333 (void)now;
1334
1335 if (daemon->port != 0)
1336 cache_reload();
1337
1338 #ifdef HAVE_DHCP
1339 if (daemon->dhcp || daemon->doing_dhcp6)
1340 {
1341 if (option_bool(OPT_ETHERS))
1342 dhcp_read_ethers();
1343 reread_dhcp();
1344 dhcp_update_configs(daemon->dhcp_conf);
1345 lease_update_from_configs();
1346 lease_update_file(now);
1347 lease_update_dns(1);
1348 }
1349 #ifdef HAVE_DHCP6
1350 else if (daemon->doing_ra)
1351 /* Not doing DHCP, so no lease system, manage
1352 alarms for ra only */
1353 send_alarm(periodic_ra(now), now);
1354 #endif
1355 #endif
1356 }
1357
1358 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1359 {
1360 struct serverfd *serverfdp;
1361 struct listener *listener;
1362 int wait = 0, i;
1363
1364 #ifdef HAVE_TFTP
1365 int tftp = 0;
1366 struct tftp_transfer *transfer;
1367 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1368 {
1369 tftp++;
1370 FD_SET(transfer->sockfd, set);
1371 bump_maxfd(transfer->sockfd, maxfdp);
1372 }
1373 #endif
1374
1375 /* will we be able to get memory? */
1376 if (daemon->port != 0)
1377 get_new_frec(now, &wait);
1378
1379 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1380 {
1381 FD_SET(serverfdp->fd, set);
1382 bump_maxfd(serverfdp->fd, maxfdp);
1383 }
1384
1385 if (daemon->port != 0 && !daemon->osport)
1386 for (i = 0; i < RANDOM_SOCKS; i++)
1387 if (daemon->randomsocks[i].refcount != 0)
1388 {
1389 FD_SET(daemon->randomsocks[i].fd, set);
1390 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1391 }
1392
1393 for (listener = daemon->listeners; listener; listener = listener->next)
1394 {
1395 /* only listen for queries if we have resources */
1396 if (listener->fd != -1 && wait == 0)
1397 {
1398 FD_SET(listener->fd, set);
1399 bump_maxfd(listener->fd, maxfdp);
1400 }
1401
1402 /* death of a child goes through the select loop, so
1403 we don't need to explicitly arrange to wake up here */
1404 if (listener->tcpfd != -1)
1405 for (i = 0; i < MAX_PROCS; i++)
1406 if (daemon->tcp_pids[i] == 0)
1407 {
1408 FD_SET(listener->tcpfd, set);
1409 bump_maxfd(listener->tcpfd, maxfdp);
1410 break;
1411 }
1412
1413 #ifdef HAVE_TFTP
1414 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1415 {
1416 FD_SET(listener->tftpfd, set);
1417 bump_maxfd(listener->tftpfd, maxfdp);
1418 }
1419 #endif
1420
1421 }
1422
1423 return wait;
1424 }
1425
1426 static void check_dns_listeners(fd_set *set, time_t now)
1427 {
1428 struct serverfd *serverfdp;
1429 struct listener *listener;
1430 int i;
1431
1432 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1433 if (FD_ISSET(serverfdp->fd, set))
1434 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1435
1436 if (daemon->port != 0 && !daemon->osport)
1437 for (i = 0; i < RANDOM_SOCKS; i++)
1438 if (daemon->randomsocks[i].refcount != 0 &&
1439 FD_ISSET(daemon->randomsocks[i].fd, set))
1440 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1441
1442 for (listener = daemon->listeners; listener; listener = listener->next)
1443 {
1444 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1445 receive_query(listener, now);
1446
1447 #ifdef HAVE_TFTP
1448 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1449 tftp_request(listener, now);
1450 #endif
1451
1452 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1453 {
1454 int confd, client_ok = 1;
1455 struct irec *iface = NULL;
1456 pid_t p;
1457 union mysockaddr tcp_addr;
1458 socklen_t tcp_len = sizeof(union mysockaddr);
1459
1460 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1461
1462 if (confd == -1)
1463 continue;
1464
1465 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1466 {
1467 close(confd);
1468 continue;
1469 }
1470
1471 /* Make sure that the interface list is up-to-date.
1472
1473 We do this here as we may need the results below, and
1474 the DNS code needs them for --interface-name stuff.
1475
1476 Multiple calls to enumerate_interfaces() per select loop are
1477 inhibited, so calls to it in the child process (which doesn't select())
1478 have no effect. This avoids two processes reading from the same
1479 netlink fd and screwing the pooch entirely.
1480 */
1481
1482 enumerate_interfaces(0);
1483
1484 if (option_bool(OPT_NOWILD))
1485 iface = listener->iface; /* May be NULL */
1486 else
1487 {
1488 int if_index;
1489 char intr_name[IF_NAMESIZE];
1490
1491 /* if we can find the arrival interface, check it's one that's allowed */
1492 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1493 indextoname(listener->tcpfd, if_index, intr_name))
1494 {
1495 struct all_addr addr;
1496 addr.addr.addr4 = tcp_addr.in.sin_addr;
1497 #ifdef HAVE_IPV6
1498 if (tcp_addr.sa.sa_family == AF_INET6)
1499 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
1500 #endif
1501
1502 for (iface = daemon->interfaces; iface; iface = iface->next)
1503 if (iface->index == if_index)
1504 break;
1505
1506 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1507 client_ok = 0;
1508 }
1509
1510 if (option_bool(OPT_CLEVERBIND))
1511 iface = listener->iface; /* May be NULL */
1512 else
1513 {
1514 /* Check for allowed interfaces when binding the wildcard address:
1515 we do this by looking for an interface with the same address as
1516 the local address of the TCP connection, then looking to see if that's
1517 an allowed interface. As a side effect, we get the netmask of the
1518 interface too, for localisation. */
1519
1520 for (iface = daemon->interfaces; iface; iface = iface->next)
1521 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1522 break;
1523
1524 if (!iface)
1525 client_ok = 0;
1526 }
1527 }
1528
1529 if (!client_ok)
1530 {
1531 shutdown(confd, SHUT_RDWR);
1532 close(confd);
1533 }
1534 #ifndef NO_FORK
1535 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
1536 {
1537 if (p != -1)
1538 {
1539 int i;
1540 for (i = 0; i < MAX_PROCS; i++)
1541 if (daemon->tcp_pids[i] == 0)
1542 {
1543 daemon->tcp_pids[i] = p;
1544 break;
1545 }
1546 }
1547 close(confd);
1548 }
1549 #endif
1550 else
1551 {
1552 unsigned char *buff;
1553 struct server *s;
1554 int flags;
1555 struct in_addr netmask;
1556 int auth_dns;
1557
1558 if (iface)
1559 {
1560 netmask = iface->netmask;
1561 auth_dns = iface->dns_auth;
1562 }
1563 else
1564 {
1565 netmask.s_addr = 0;
1566 auth_dns = 0;
1567 }
1568
1569 #ifndef NO_FORK
1570 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1571 terminate the process. */
1572 if (!option_bool(OPT_DEBUG))
1573 alarm(CHILD_LIFETIME);
1574 #endif
1575
1576 /* start with no upstream connections. */
1577 for (s = daemon->servers; s; s = s->next)
1578 s->tcpfd = -1;
1579
1580 /* The connected socket inherits non-blocking
1581 attribute from the listening socket.
1582 Reset that here. */
1583 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1584 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1585
1586 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
1587
1588 shutdown(confd, SHUT_RDWR);
1589 close(confd);
1590
1591 if (buff)
1592 free(buff);
1593
1594 for (s = daemon->servers; s; s = s->next)
1595 if (s->tcpfd != -1)
1596 {
1597 shutdown(s->tcpfd, SHUT_RDWR);
1598 close(s->tcpfd);
1599 }
1600 #ifndef NO_FORK
1601 if (!option_bool(OPT_DEBUG))
1602 {
1603 flush_log();
1604 _exit(0);
1605 }
1606 #endif
1607 }
1608 }
1609 }
1610 }
1611
1612 #ifdef HAVE_DHCP
1613 int make_icmp_sock(void)
1614 {
1615 int fd;
1616 int zeroopt = 0;
1617
1618 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1619 {
1620 if (!fix_fd(fd) ||
1621 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1622 {
1623 close(fd);
1624 fd = -1;
1625 }
1626 }
1627
1628 return fd;
1629 }
1630
1631 int icmp_ping(struct in_addr addr)
1632 {
1633 /* Try and get an ICMP echo from a machine. */
1634
1635 /* Note that whilst in the three second wait, we check for
1636 (and service) events on the DNS and TFTP sockets, (so doing that
1637 better not use any resources our caller has in use...)
1638 but we remain deaf to signals or further DHCP packets. */
1639
1640 int fd;
1641 struct sockaddr_in saddr;
1642 struct {
1643 struct ip ip;
1644 struct icmp icmp;
1645 } packet;
1646 unsigned short id = rand16();
1647 unsigned int i, j;
1648 int gotreply = 0;
1649 time_t start, now;
1650
1651 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1652 if ((fd = make_icmp_sock()) == -1)
1653 return 0;
1654 #else
1655 int opt = 2000;
1656 fd = daemon->dhcp_icmp_fd;
1657 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1658 #endif
1659
1660 saddr.sin_family = AF_INET;
1661 saddr.sin_port = 0;
1662 saddr.sin_addr = addr;
1663 #ifdef HAVE_SOCKADDR_SA_LEN
1664 saddr.sin_len = sizeof(struct sockaddr_in);
1665 #endif
1666
1667 memset(&packet.icmp, 0, sizeof(packet.icmp));
1668 packet.icmp.icmp_type = ICMP_ECHO;
1669 packet.icmp.icmp_id = id;
1670 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1671 j += ((u16 *)&packet.icmp)[i];
1672 while (j>>16)
1673 j = (j & 0xffff) + (j >> 16);
1674 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1675
1676 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1677 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1678 retry_send());
1679
1680 for (now = start = dnsmasq_time();
1681 difftime(now, start) < (float)PING_WAIT;)
1682 {
1683 struct timeval tv;
1684 fd_set rset, wset;
1685 struct sockaddr_in faddr;
1686 int maxfd = fd;
1687 socklen_t len = sizeof(faddr);
1688
1689 tv.tv_usec = 250000;
1690 tv.tv_sec = 0;
1691
1692 FD_ZERO(&rset);
1693 FD_ZERO(&wset);
1694 FD_SET(fd, &rset);
1695 set_dns_listeners(now, &rset, &maxfd);
1696 set_log_writer(&wset, &maxfd);
1697
1698 #ifdef HAVE_DHCP6
1699 if (daemon->doing_ra)
1700 {
1701 FD_SET(daemon->icmp6fd, &rset);
1702 bump_maxfd(daemon->icmp6fd, &maxfd);
1703 }
1704 #endif
1705
1706 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1707 {
1708 FD_ZERO(&rset);
1709 FD_ZERO(&wset);
1710 }
1711
1712 now = dnsmasq_time();
1713
1714 check_log_writer(&wset);
1715 check_dns_listeners(&rset, now);
1716
1717 #ifdef HAVE_DHCP6
1718 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1719 icmp6_packet(now);
1720 #endif
1721
1722 #ifdef HAVE_TFTP
1723 check_tftp_listeners(&rset, now);
1724 #endif
1725
1726 if (FD_ISSET(fd, &rset) &&
1727 recvfrom(fd, &packet, sizeof(packet), 0,
1728 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1729 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1730 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1731 packet.icmp.icmp_seq == 0 &&
1732 packet.icmp.icmp_id == id)
1733 {
1734 gotreply = 1;
1735 break;
1736 }
1737 }
1738
1739 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1740 close(fd);
1741 #else
1742 opt = 1;
1743 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1744 #endif
1745
1746 return gotreply;
1747 }
1748 #endif
1749
1750
Tomato firmware and modifications.