search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Dnsmasq v2.68 rc4
[tomato.git] / release / src / router / dnsmasq / src / network.c
blobb9d724712738a5aec4cdcdb425fc1dcb93ec5060
1 /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 #include "dnsmasq.h"
18
19 #ifndef IN6_IS_ADDR_ULA
20 #define IN6_IS_ADDR_ULA(a) ((((__const uint32_t *) (a))[0] & htonl (0xfe00000)) == htonl (0xfc000000))
21 #endif
22
23 #ifdef HAVE_LINUX_NETWORK
24
25 int indextoname(int fd, int index, char *name)
26 {
27 struct ifreq ifr;
28
29 if (index == 0)
30 return 0;
31
32 ifr.ifr_ifindex = index;
33 if (ioctl(fd, SIOCGIFNAME, &ifr) == -1)
34 return 0;
35
36 strncpy(name, ifr.ifr_name, IF_NAMESIZE);
37
38 return 1;
39 }
40
41
42 #elif defined(HAVE_SOLARIS_NETWORK)
43
44 #include <zone.h>
45 #include <alloca.h>
46 #ifndef LIFC_UNDER_IPMP
47 # define LIFC_UNDER_IPMP 0
48 #endif
49
50 int indextoname(int fd, int index, char *name)
51 {
52 int64_t lifc_flags;
53 struct lifnum lifn;
54 int numifs, bufsize, i;
55 struct lifconf lifc;
56 struct lifreq *lifrp;
57
58 if (index == 0)
59 return 0;
60
61 if (getzoneid() == GLOBAL_ZONEID)
62 {
63 if (!if_indextoname(index, name))
64 return 0;
65 return 1;
66 }
67
68 lifc_flags = LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES | LIFC_UNDER_IPMP;
69 lifn.lifn_family = AF_UNSPEC;
70 lifn.lifn_flags = lifc_flags;
71 if (ioctl(fd, SIOCGLIFNUM, &lifn) < 0)
72 return 0;
73
74 numifs = lifn.lifn_count;
75 bufsize = numifs * sizeof(struct lifreq);
76
77 lifc.lifc_family = AF_UNSPEC;
78 lifc.lifc_flags = lifc_flags;
79 lifc.lifc_len = bufsize;
80 lifc.lifc_buf = alloca(bufsize);
81
82 if (ioctl(fd, SIOCGLIFCONF, &lifc) < 0)
83 return 0;
84
85 lifrp = lifc.lifc_req;
86 for (i = lifc.lifc_len / sizeof(struct lifreq); i; i--, lifrp++)
87 {
88 struct lifreq lifr;
89 strncpy(lifr.lifr_name, lifrp->lifr_name, IF_NAMESIZE);
90 if (ioctl(fd, SIOCGLIFINDEX, &lifr) < 0)
91 return 0;
92
93 if (lifr.lifr_index == index) {
94 strncpy(name, lifr.lifr_name, IF_NAMESIZE);
95 return 1;
96 }
97 }
98 return 0;
99 }
100
101
102 #else
103
104 int indextoname(int fd, int index, char *name)
105 {
106 (void)fd;
107
108 if (index == 0 || !if_indextoname(index, name))
109 return 0;
110
111 return 1;
112 }
113
114 #endif
115
116 int iface_check(int family, struct all_addr *addr, char *name, int *auth)
117 {
118 struct iname *tmp;
119 int ret = 1, match_addr = 0;
120
121 /* Note: have to check all and not bail out early, so that we set the
122 "used" flags.
123
124 May be called with family == AF_LOCALto check interface by name only. */
125
126 if (auth)
127 *auth = 0;
128
129 if (daemon->if_names || daemon->if_addrs)
130 {
131 ret = 0;
132
133 for (tmp = daemon->if_names; tmp; tmp = tmp->next)
134 if (tmp->name && wildcard_match(tmp->name, name))
135 ret = tmp->used = 1;
136
137 if (addr)
138 for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
139 if (tmp->addr.sa.sa_family == family)
140 {
141 if (family == AF_INET &&
142 tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
143 ret = match_addr = tmp->used = 1;
144 #ifdef HAVE_IPV6
145 else if (family == AF_INET6 &&
146 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr,
147 &addr->addr.addr6))
148 ret = match_addr = tmp->used = 1;
149 #endif
150 }
151 }
152
153 if (!match_addr)
154 for (tmp = daemon->if_except; tmp; tmp = tmp->next)
155 if (tmp->name && wildcard_match(tmp->name, name))
156 ret = 0;
157
158
159 for (tmp = daemon->authinterface; tmp; tmp = tmp->next)
160 if (tmp->name)
161 {
162 if (strcmp(tmp->name, name) == 0 &&
163 (tmp->addr.sa.sa_family == 0 || tmp->addr.sa.sa_family == family))
164 break;
165 }
166 else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET &&
167 tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
168 break;
169 #ifdef HAVE_IPV6
170 else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 &&
171 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6))
172 break;
173 #endif
174
175 if (tmp && auth)
176 {
177 *auth = 1;
178 ret = 1;
179 }
180
181 return ret;
182 }
183
184
185 /* Fix for problem that the kernel sometimes reports the loopback inerface as the
186 arrival interface when a packet originates locally, even when sent to address of
187 an interface other than the loopback. Accept packet if it arrived via a loopback
188 interface, even when we're not accepting packets that way, as long as the destination
189 address is one we're believing. Interface list must be up-to-date before calling. */
190 int loopback_exception(int fd, int family, struct all_addr *addr, char *name)
191 {
192 struct ifreq ifr;
193 struct irec *iface;
194
195 strncpy(ifr.ifr_name, name, IF_NAMESIZE);
196 if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 &&
197 ifr.ifr_flags & IFF_LOOPBACK)
198 {
199 for (iface = daemon->interfaces; iface; iface = iface->next)
200 if (iface->addr.sa.sa_family == family)
201 {
202 if (family == AF_INET)
203 {
204 if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
205 return 1;
206 }
207 #ifdef HAVE_IPV6
208 else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6))
209 return 1;
210 #endif
211
212 }
213 }
214 return 0;
215 }
216
217 /* If we're configured with something like --interface=eth0:0 then we'll listen correctly
218 on the relevant address, but the name of the arrival interface, derived from the
219 index won't match the config. Check that we found an interface address for the arrival
220 interface: daemon->interfaces must be up-to-date. */
221 int label_exception(int index, int family, struct all_addr *addr)
222 {
223 struct irec *iface;
224
225 /* labels only supported on IPv4 addresses. */
226 if (family != AF_INET)
227 return 0;
228
229 for (iface = daemon->interfaces; iface; iface = iface->next)
230 if (iface->index == index && iface->addr.sa.sa_family == AF_INET &&
231 iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
232 return 1;
233
234 return 0;
235 }
236
237 struct iface_param {
238 struct addrlist *spare;
239 int fd;
240 };
241
242 static int iface_allowed(struct iface_param *param, int if_index, char *label,
243 union mysockaddr *addr, struct in_addr netmask, int prefixlen, int dad)
244 {
245 struct irec *iface;
246 int mtu = 0, loopback;
247 struct ifreq ifr;
248 int tftp_ok = !!option_bool(OPT_TFTP);
249 int dhcp_ok = 1;
250 int auth_dns = 0;
251 #if defined(HAVE_DHCP) || defined(HAVE_TFTP)
252 struct iname *tmp;
253 #endif
254
255 (void)prefixlen;
256
257 if (!indextoname(param->fd, if_index, ifr.ifr_name) ||
258 ioctl(param->fd, SIOCGIFFLAGS, &ifr) == -1)
259 return 0;
260
261 loopback = ifr.ifr_flags & IFF_LOOPBACK;
262
263 if (loopback)
264 dhcp_ok = 0;
265
266 if (ioctl(param->fd, SIOCGIFMTU, &ifr) != -1)
267 mtu = ifr.ifr_mtu;
268
269 if (!label)
270 label = ifr.ifr_name;
271
272
273 #ifdef HAVE_IPV6
274 if (addr->sa.sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr))
275 #endif
276 {
277 struct interface_name *int_name;
278 struct addrlist *al;
279 #ifdef HAVE_AUTH
280 struct auth_zone *zone;
281 struct auth_name_list *name;
282
283 /* Find subnets in auth_zones */
284 for (zone = daemon->auth_zones; zone; zone = zone->next)
285 for (name = zone->interface_names; name; name = name->next)
286 if (wildcard_match(name->name, label))
287 {
288 if (addr->sa.sa_family == AF_INET && (name->flags & AUTH4))
289 {
290 if (param->spare)
291 {
292 al = param->spare;
293 param->spare = al->next;
294 }
295 else
296 al = whine_malloc(sizeof(struct addrlist));
297
298 if (al)
299 {
300 al->next = zone->subnet;
301 zone->subnet = al;
302 al->prefixlen = prefixlen;
303 al->addr.addr.addr4 = addr->in.sin_addr;
304 al->flags = 0;
305 }
306 }
307
308 #ifdef HAVE_IPV6
309 if (addr->sa.sa_family == AF_INET6 && (name->flags & AUTH6))
310 {
311 if (param->spare)
312 {
313 al = param->spare;
314 param->spare = al->next;
315 }
316 else
317 al = whine_malloc(sizeof(struct addrlist));
318
319 if (al)
320 {
321 al->next = zone->subnet;
322 zone->subnet = al;
323 al->prefixlen = prefixlen;
324 al->addr.addr.addr6 = addr->in6.sin6_addr;
325 al->flags = ADDRLIST_IPV6;
326 }
327 }
328 #endif
329
330 }
331 #endif
332
333 /* Update addresses from interface_names. These are a set independent
334 of the set we're listening on. */
335 for (int_name = daemon->int_names; int_name; int_name = int_name->next)
336 if (strncmp(label, int_name->intr, IF_NAMESIZE) == 0 &&
337 (addr->sa.sa_family == int_name->family || int_name->family == 0))
338 {
339 if (param->spare)
340 {
341 al = param->spare;
342 param->spare = al->next;
343 }
344 else
345 al = whine_malloc(sizeof(struct addrlist));
346
347 if (al)
348 {
349 al->next = int_name->addr;
350 int_name->addr = al;
351
352 if (addr->sa.sa_family == AF_INET)
353 {
354 al->addr.addr.addr4 = addr->in.sin_addr;
355 al->flags = 0;
356 }
357 #ifdef HAVE_IPV6
358 else
359 {
360 al->addr.addr.addr6 = addr->in6.sin6_addr;
361 al->flags = ADDRLIST_IPV6;
362 }
363 #endif
364 }
365 }
366 }
367
368 /* check whether the interface IP has been added already
369 we call this routine multiple times. */
370 for (iface = daemon->interfaces; iface; iface = iface->next)
371 if (sockaddr_isequal(&iface->addr, addr))
372 {
373 iface->dad = dad;
374 return 1;
375 }
376
377 /* If we are restricting the set of interfaces to use, make
378 sure that loopback interfaces are in that set. */
379 if (daemon->if_names && loopback)
380 {
381 struct iname *lo;
382 for (lo = daemon->if_names; lo; lo = lo->next)
383 if (lo->name && strcmp(lo->name, ifr.ifr_name) == 0)
384 break;
385
386 if (!lo && (lo = whine_malloc(sizeof(struct iname))))
387 {
388 if ((lo->name = whine_malloc(strlen(ifr.ifr_name)+1)))
389 {
390 strcpy(lo->name, ifr.ifr_name);
391 lo->used = 1;
392 lo->next = daemon->if_names;
393 daemon->if_names = lo;
394 }
395 else
396 free(lo);
397 }
398 }
399
400 if (addr->sa.sa_family == AF_INET &&
401 !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns))
402 return 1;
403
404 #ifdef HAVE_IPV6
405 if (addr->sa.sa_family == AF_INET6 &&
406 !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns))
407 return 1;
408 #endif
409
410 #ifdef HAVE_DHCP
411 /* No DHCP where we're doing auth DNS. */
412 if (auth_dns)
413 {
414 tftp_ok = 0;
415 dhcp_ok = 0;
416 }
417 else
418 for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
419 if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
420 {
421 tftp_ok = 0;
422 dhcp_ok = 0;
423 }
424 #endif
425
426
427 #ifdef HAVE_TFTP
428 if (daemon->tftp_interfaces)
429 {
430 /* dedicated tftp interface list */
431 tftp_ok = 0;
432 for (tmp = daemon->tftp_interfaces; tmp; tmp = tmp->next)
433 if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
434 tftp_ok = 1;
435 }
436 #endif
437
438 /* add to list */
439 if ((iface = whine_malloc(sizeof(struct irec))))
440 {
441 iface->addr = *addr;
442 iface->netmask = netmask;
443 iface->tftp_ok = tftp_ok;
444 iface->dhcp_ok = dhcp_ok;
445 iface->dns_auth = auth_dns;
446 iface->mtu = mtu;
447 iface->dad = dad;
448 iface->done = iface->multicast_done = iface->warned = 0;
449 iface->index = if_index;
450 if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1)))
451 {
452 strcpy(iface->name, ifr.ifr_name);
453 iface->next = daemon->interfaces;
454 daemon->interfaces = iface;
455 return 1;
456 }
457 free(iface);
458
459 }
460
461 errno = ENOMEM;
462 return 0;
463 }
464
465 #ifdef HAVE_IPV6
466 static int iface_allowed_v6(struct in6_addr *local, int prefix,
467 int scope, int if_index, int flags,
468 int preferred, int valid, void *vparam)
469 {
470 union mysockaddr addr;
471 struct in_addr netmask; /* dummy */
472 netmask.s_addr = 0;
473
474 (void)scope; /* warning */
475 (void)preferred;
476 (void)valid;
477
478 memset(&addr, 0, sizeof(addr));
479 #ifdef HAVE_SOCKADDR_SA_LEN
480 addr.in6.sin6_len = sizeof(addr.in6);
481 #endif
482 addr.in6.sin6_family = AF_INET6;
483 addr.in6.sin6_addr = *local;
484 addr.in6.sin6_port = htons(daemon->port);
485 addr.in6.sin6_scope_id = if_index;
486
487 return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, !!(flags & IFACE_TENTATIVE));
488 }
489 #endif
490
491 static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
492 struct in_addr netmask, struct in_addr broadcast, void *vparam)
493 {
494 union mysockaddr addr;
495 int prefix, bit;
496
497 memset(&addr, 0, sizeof(addr));
498 #ifdef HAVE_SOCKADDR_SA_LEN
499 addr.in.sin_len = sizeof(addr.in);
500 #endif
501 addr.in.sin_family = AF_INET;
502 addr.in.sin_addr = broadcast; /* warning */
503 addr.in.sin_addr = local;
504 addr.in.sin_port = htons(daemon->port);
505
506 /* determine prefix length from netmask */
507 for (prefix = 32, bit = 1; (bit & ntohl(netmask.s_addr)) == 0 && prefix != 0; bit = bit << 1, prefix--);
508
509 return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0);
510 }
511
512 int enumerate_interfaces(int reset)
513 {
514 static struct addrlist *spare = NULL;
515 static int done = 0, active = 0;
516 struct iface_param param;
517 int errsave, ret = 1;
518 struct addrlist *addr, *tmp;
519 struct interface_name *intname;
520 #ifdef HAVE_AUTH
521 struct auth_zone *zone;
522 #endif
523
524 /* Do this max once per select cycle - also inhibits netlink socket use
525 in TCP child processes. */
526
527 if (reset)
528 {
529 done = 0;
530 return 1;
531 }
532
533 if (done || active)
534 return 1;
535
536 done = 1;
537
538 /* protect against recusive calls from iface_enumerate(); */
539 active = 1;
540
541 if ((param.fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
542 return 0;
543
544 /* remove addresses stored against interface_names */
545 for (intname = daemon->int_names; intname; intname = intname->next)
546 {
547 for (addr = intname->addr; addr; addr = tmp)
548 {
549 tmp = addr->next;
550 addr->next = spare;
551 spare = addr;
552 }
553
554 intname->addr = NULL;
555 }
556
557 #ifdef HAVE_AUTH
558 /* remove addresses stored against auth_zone subnets, but not
559 ones configured as address literals */
560 for (zone = daemon->auth_zones; zone; zone = zone->next)
561 if (zone->interface_names)
562 {
563 struct addrlist **up;
564 for (up = &zone->subnet, addr = zone->subnet; addr; addr = tmp)
565 {
566 tmp = addr->next;
567 if (addr->flags & ADDRLIST_LITERAL)
568 up = &addr->next;
569 else
570 {
571 *up = addr->next;
572 addr->next = spare;
573 spare = addr;
574 }
575 }
576 }
577 #endif
578
579 param.spare = spare;
580
581 #ifdef HAVE_IPV6
582 ret = iface_enumerate(AF_INET6, &param, iface_allowed_v6);
583 #endif
584
585 if (ret)
586 ret = iface_enumerate(AF_INET, &param, iface_allowed_v4);
587
588 errsave = errno;
589 close(param.fd);
590 errno = errsave;
591
592 spare = param.spare;
593 active = 0;
594
595 return ret;
596 }
597
598 /* set NONBLOCK bit on fd: See Stevens 16.6 */
599 int fix_fd(int fd)
600 {
601 int flags;
602
603 if ((flags = fcntl(fd, F_GETFL)) == -1 ||
604 fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
605 return 0;
606
607 return 1;
608 }
609
610 static int make_sock(union mysockaddr *addr, int type, int dienow)
611 {
612 int family = addr->sa.sa_family;
613 int fd, rc, opt = 1;
614
615 if ((fd = socket(family, type, 0)) == -1)
616 {
617 int port;
618 char *s;
619
620 /* No error if the kernel just doesn't support this IP flavour */
621 if (errno == EPROTONOSUPPORT ||
622 errno == EAFNOSUPPORT ||
623 errno == EINVAL)
624 return -1;
625
626 err:
627 port = prettyprint_addr(addr, daemon->addrbuff);
628 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
629 sprintf(daemon->addrbuff, "port %d", port);
630 s = _("failed to create listening socket for %s: %s");
631
632 if (fd != -1)
633 close (fd);
634
635 if (dienow)
636 {
637 /* failure to bind addresses given by --listen-address at this point
638 is OK if we're doing bind-dynamic */
639 if (!option_bool(OPT_CLEVERBIND))
640 die(s, daemon->addrbuff, EC_BADNET);
641 }
642 else
643 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
644
645 return -1;
646 }
647
648 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd))
649 goto err;
650
651 #ifdef HAVE_IPV6
652 if (family == AF_INET6 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
653 goto err;
654 #endif
655
656 if ((rc = bind(fd, (struct sockaddr *)addr, sa_len(addr))) == -1)
657 goto err;
658
659 if (type == SOCK_STREAM)
660 {
661 if (listen(fd, 5) == -1)
662 goto err;
663 }
664 else if (!option_bool(OPT_NOWILD))
665 {
666 if (family == AF_INET)
667 {
668 #if defined(HAVE_LINUX_NETWORK)
669 if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1)
670 goto err;
671 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
672 if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 ||
673 setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1)
674 goto err;
675 #endif
676 }
677 #ifdef HAVE_IPV6
678 else if (!set_ipv6pktinfo(fd))
679 goto err;
680 #endif
681 }
682
683 return fd;
684 }
685
686 #ifdef HAVE_IPV6
687 int set_ipv6pktinfo(int fd)
688 {
689 int opt = 1;
690
691 /* The API changed around Linux 2.6.14 but the old ABI is still supported:
692 handle all combinations of headers and kernel.
693 OpenWrt note that this fixes the problem addressed by your very broken patch. */
694 daemon->v6pktinfo = IPV6_PKTINFO;
695
696 #ifdef IPV6_RECVPKTINFO
697 if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &opt, sizeof(opt)) != -1)
698 return 1;
699 # ifdef IPV6_2292PKTINFO
700 else if (errno == ENOPROTOOPT && setsockopt(fd, IPPROTO_IPV6, IPV6_2292PKTINFO, &opt, sizeof(opt)) != -1)
701 {
702 daemon->v6pktinfo = IPV6_2292PKTINFO;
703 return 1;
704 }
705 # endif
706 #else
707 if (setsockopt(fd, IPPROTO_IPV6, IPV6_PKTINFO, &opt, sizeof(opt)) != -1)
708 return 1;
709 #endif
710
711 return 0;
712 }
713 #endif
714
715
716 /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
717 int tcp_interface(int fd, int af)
718 {
719 int if_index = 0;
720
721 #ifdef HAVE_LINUX_NETWORK
722 int opt = 1;
723 struct cmsghdr *cmptr;
724 struct msghdr msg;
725
726 /* use mshdr do that the CMSDG_* macros are available */
727 msg.msg_control = daemon->packet;
728 msg.msg_controllen = daemon->packet_buff_sz;
729
730 /* we overwrote the buffer... */
731 daemon->srv_save = NULL;
732
733 if (af == AF_INET)
734 {
735 if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) != -1 &&
736 getsockopt(fd, IPPROTO_IP, IP_PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
737 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
738 if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
739 {
740 union {
741 unsigned char *c;
742 struct in_pktinfo *p;
743 } p;
744
745 p.c = CMSG_DATA(cmptr);
746 if_index = p.p->ipi_ifindex;
747 }
748 }
749 #ifdef HAVE_IPV6
750 else
751 {
752 /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
753 it was removed in RFC-3542 !!!!
754
755 Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
756 uses the old ABI, and should work with pre- and post-3542 kernel headers */
757
758 #ifdef IPV6_2292PKTOPTIONS
759 # define PKTOPTIONS IPV6_2292PKTOPTIONS
760 #else
761 # define PKTOPTIONS IPV6_PKTOPTIONS
762 #endif
763
764 if (set_ipv6pktinfo(fd) &&
765 getsockopt(fd, IPPROTO_IPV6, PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
766 {
767 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
768 if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
769 {
770 union {
771 unsigned char *c;
772 struct in6_pktinfo *p;
773 } p;
774 p.c = CMSG_DATA(cmptr);
775
776 if_index = p.p->ipi6_ifindex;
777 }
778 }
779 }
780 #endif /* IPV6 */
781 #endif /* Linux */
782
783 return if_index;
784 }
785
786 static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, int dienow)
787 {
788 struct listener *l = NULL;
789 int fd = -1, tcpfd = -1, tftpfd = -1;
790
791 (void)do_tftp;
792
793 if (daemon->port != 0)
794 {
795 fd = make_sock(addr, SOCK_DGRAM, dienow);
796 tcpfd = make_sock(addr, SOCK_STREAM, dienow);
797 }
798
799 #ifdef HAVE_TFTP
800 if (do_tftp)
801 {
802 if (addr->sa.sa_family == AF_INET)
803 {
804 /* port must be restored to DNS port for TCP code */
805 short save = addr->in.sin_port;
806 addr->in.sin_port = htons(TFTP_PORT);
807 tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
808 addr->in.sin_port = save;
809 }
810 # ifdef HAVE_IPV6
811 else
812 {
813 short save = addr->in6.sin6_port;
814 addr->in6.sin6_port = htons(TFTP_PORT);
815 tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
816 addr->in6.sin6_port = save;
817 }
818 # endif
819 }
820 #endif
821
822 if (fd != -1 || tcpfd != -1 || tftpfd != -1)
823 {
824 l = safe_malloc(sizeof(struct listener));
825 l->next = NULL;
826 l->family = addr->sa.sa_family;
827 l->fd = fd;
828 l->tcpfd = tcpfd;
829 l->tftpfd = tftpfd;
830 }
831
832 return l;
833 }
834
835 void create_wildcard_listeners(void)
836 {
837 union mysockaddr addr;
838 struct listener *l, *l6;
839
840 memset(&addr, 0, sizeof(addr));
841 #ifdef HAVE_SOCKADDR_SA_LEN
842 addr.in.sin_len = sizeof(addr.in);
843 #endif
844 addr.in.sin_family = AF_INET;
845 addr.in.sin_addr.s_addr = INADDR_ANY;
846 addr.in.sin_port = htons(daemon->port);
847
848 l = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
849
850 #ifdef HAVE_IPV6
851 memset(&addr, 0, sizeof(addr));
852 # ifdef HAVE_SOCKADDR_SA_LEN
853 addr.in6.sin6_len = sizeof(addr.in6);
854 # endif
855 addr.in6.sin6_family = AF_INET6;
856 addr.in6.sin6_addr = in6addr_any;
857 addr.in6.sin6_port = htons(daemon->port);
858
859 l6 = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
860 if (l)
861 l->next = l6;
862 else
863 l = l6;
864 #endif
865
866 daemon->listeners = l;
867 }
868
869 void create_bound_listeners(int dienow)
870 {
871 struct listener *new;
872 struct irec *iface;
873 struct iname *if_tmp;
874
875 for (iface = daemon->interfaces; iface; iface = iface->next)
876 if (!iface->done && !iface->dad &&
877 (new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
878 {
879 new->iface = iface;
880 new->next = daemon->listeners;
881 daemon->listeners = new;
882 iface->done = 1;
883 }
884
885 /* Check for --listen-address options that haven't been used because there's
886 no interface with a matching address. These may be valid: eg it's possible
887 to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
888
889 If the address isn't valid the bind() will fail and we'll die()
890 (except in bind-dynamic mode, when we'll complain but keep trying.)
891
892 The resulting listeners have the ->iface field NULL, and this has to be
893 handled by the DNS and TFTP code. It disables --localise-queries processing
894 (no netmask) and some MTU login the tftp code. */
895
896 for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
897 if (!if_tmp->used &&
898 (new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow)))
899 {
900 new->iface = NULL;
901 new->next = daemon->listeners;
902 daemon->listeners = new;
903 }
904 }
905
906 /* In --bind-interfaces, the only access control is the addresses we're listening on.
907 There's nothing to avoid a query to the address of an internal interface arriving via
908 an external interface where we don't want to accept queries, except that in the usual
909 case the addresses of internal interfaces are RFC1918. When bind-interfaces in use,
910 and we listen on an address that looks like it's probably globally routeable, shout.
911
912 The fix is to use --bind-dynamic, which actually checks the arrival interface too.
913 Tough if your platform doesn't support this.
914 */
915
916 void warn_bound_listeners(void)
917 {
918 struct irec *iface;
919 int advice = 0;
920
921 for (iface = daemon->interfaces; iface; iface = iface->next)
922 if (!iface->dns_auth)
923 {
924 int warn = 0;
925 if (iface->addr.sa.sa_family == AF_INET)
926 {
927 if (!private_net(iface->addr.in.sin_addr, 1))
928 {
929 inet_ntop(AF_INET, &iface->addr.in.sin_addr, daemon->addrbuff, ADDRSTRLEN);
930 warn = 1;
931 }
932 }
933 #ifdef HAVE_IPV6
934 else
935 {
936 if (!IN6_IS_ADDR_LINKLOCAL(&iface->addr.in6.sin6_addr) &&
937 !IN6_IS_ADDR_SITELOCAL(&iface->addr.in6.sin6_addr) &&
938 !IN6_IS_ADDR_ULA(&iface->addr.in6.sin6_addr) &&
939 !IN6_IS_ADDR_LOOPBACK(&iface->addr.in6.sin6_addr))
940 {
941 inet_ntop(AF_INET6, &iface->addr.in6.sin6_addr, daemon->addrbuff, ADDRSTRLEN);
942 warn = 1;
943 }
944 }
945 #endif
946 if (warn)
947 {
948 iface->warned = advice = 1;
949 my_syslog(LOG_WARNING,
950 _("LOUD WARNING: listening on %s may accept requests via interfaces other than %s"),
951 daemon->addrbuff, iface->name);
952 }
953 }
954
955 if (advice)
956 my_syslog(LOG_WARNING, _("LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"));
957 }
958
959 void warn_int_names(void)
960 {
961 struct interface_name *intname;
962
963 for (intname = daemon->int_names; intname; intname = intname->next)
964 if (!intname->addr)
965 my_syslog(LOG_WARNING, _("warning: no addresses found for interface %s"), intname->intr);
966 }
967
968 int is_dad_listeners(void)
969 {
970 struct irec *iface;
971
972 if (option_bool(OPT_NOWILD))
973 for (iface = daemon->interfaces; iface; iface = iface->next)
974 if (iface->dad && !iface->done)
975 return 1;
976
977 return 0;
978 }
979
980 #ifdef HAVE_DHCP6
981 void join_multicast(int dienow)
982 {
983 struct irec *iface, *tmp;
984
985 for (iface = daemon->interfaces; iface; iface = iface->next)
986 if (iface->addr.sa.sa_family == AF_INET6 && iface->dhcp_ok && !iface->multicast_done)
987 {
988 /* There's an irec per address but we only want to join for multicast
989 once per interface. Weed out duplicates. */
990 for (tmp = daemon->interfaces; tmp; tmp = tmp->next)
991 if (tmp->multicast_done && tmp->index == iface->index)
992 break;
993
994 iface->multicast_done = 1;
995
996 if (!tmp)
997 {
998 struct ipv6_mreq mreq;
999 int err = 0;
1000
1001 mreq.ipv6mr_interface = iface->index;
1002
1003 inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
1004
1005 if ((daemon->doing_dhcp6 || daemon->relay6) &&
1006 setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
1007 err = 1;
1008
1009 inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
1010
1011 if (daemon->doing_dhcp6 &&
1012 setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
1013 err = 1;
1014
1015 inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr);
1016
1017 if (daemon->doing_ra &&
1018 setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
1019 err = 1;
1020
1021 if (err)
1022 {
1023 char *s = _("interface %s failed to join DHCPv6 multicast group: %s");
1024 if (dienow)
1025 die(s, iface->name, EC_BADNET);
1026 else
1027 my_syslog(LOG_ERR, s, iface->name, strerror(errno));
1028 }
1029 }
1030 }
1031 }
1032 #endif
1033
1034 /* return a UDP socket bound to a random port, have to cope with straying into
1035 occupied port nos and reserved ones. */
1036 int random_sock(int family)
1037 {
1038 int fd;
1039
1040 if ((fd = socket(family, SOCK_DGRAM, 0)) != -1)
1041 {
1042 union mysockaddr addr;
1043 unsigned int ports_avail = 65536u - (unsigned short)daemon->min_port;
1044 int tries = ports_avail < 30 ? 3 * ports_avail : 100;
1045
1046 memset(&addr, 0, sizeof(addr));
1047 addr.sa.sa_family = family;
1048
1049 /* don't loop forever if all ports in use. */
1050
1051 if (fix_fd(fd))
1052 while(tries--)
1053 {
1054 unsigned short port = rand16();
1055
1056 if (daemon->min_port != 0)
1057 port = htons(daemon->min_port + (port % ((unsigned short)ports_avail)));
1058
1059 if (family == AF_INET)
1060 {
1061 addr.in.sin_addr.s_addr = INADDR_ANY;
1062 addr.in.sin_port = port;
1063 #ifdef HAVE_SOCKADDR_SA_LEN
1064 addr.in.sin_len = sizeof(struct sockaddr_in);
1065 #endif
1066 }
1067 #ifdef HAVE_IPV6
1068 else
1069 {
1070 addr.in6.sin6_addr = in6addr_any;
1071 addr.in6.sin6_port = port;
1072 #ifdef HAVE_SOCKADDR_SA_LEN
1073 addr.in6.sin6_len = sizeof(struct sockaddr_in6);
1074 #endif
1075 }
1076 #endif
1077
1078 if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0)
1079 return fd;
1080
1081 if (errno != EADDRINUSE && errno != EACCES)
1082 break;
1083 }
1084
1085 close(fd);
1086 }
1087
1088 return -1;
1089 }
1090
1091
1092 int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp)
1093 {
1094 union mysockaddr addr_copy = *addr;
1095
1096 /* cannot set source _port_ for TCP connections. */
1097 if (is_tcp)
1098 {
1099 if (addr_copy.sa.sa_family == AF_INET)
1100 addr_copy.in.sin_port = 0;
1101 #ifdef HAVE_IPV6
1102 else
1103 addr_copy.in6.sin6_port = 0;
1104 #endif
1105 }
1106
1107 if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) == -1)
1108 return 0;
1109
1110 #if defined(SO_BINDTODEVICE)
1111 if (intname[0] != 0 &&
1112 setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, IF_NAMESIZE) == -1)
1113 return 0;
1114 #endif
1115
1116 return 1;
1117 }
1118
1119 static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname)
1120 {
1121 struct serverfd *sfd;
1122 int errsave;
1123
1124 /* when using random ports, servers which would otherwise use
1125 the INADDR_ANY/port0 socket have sfd set to NULL */
1126 if (!daemon->osport && intname[0] == 0)
1127 {
1128 errno = 0;
1129
1130 if (addr->sa.sa_family == AF_INET &&
1131 addr->in.sin_addr.s_addr == INADDR_ANY &&
1132 addr->in.sin_port == htons(0))
1133 return NULL;
1134
1135 #ifdef HAVE_IPV6
1136 if (addr->sa.sa_family == AF_INET6 &&
1137 memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 &&
1138 addr->in6.sin6_port == htons(0))
1139 return NULL;
1140 #endif
1141 }
1142
1143 /* may have a suitable one already */
1144 for (sfd = daemon->sfds; sfd; sfd = sfd->next )
1145 if (sockaddr_isequal(&sfd->source_addr, addr) &&
1146 strcmp(intname, sfd->interface) == 0)
1147 return sfd;
1148
1149 /* need to make a new one. */
1150 errno = ENOMEM; /* in case malloc fails. */
1151 if (!(sfd = whine_malloc(sizeof(struct serverfd))))
1152 return NULL;
1153
1154 if ((sfd->fd = socket(addr->sa.sa_family, SOCK_DGRAM, 0)) == -1)
1155 {
1156 free(sfd);
1157 return NULL;
1158 }
1159
1160 if (!local_bind(sfd->fd, addr, intname, 0) || !fix_fd(sfd->fd))
1161 {
1162 errsave = errno; /* save error from bind. */
1163 close(sfd->fd);
1164 free(sfd);
1165 errno = errsave;
1166 return NULL;
1167 }
1168
1169 strcpy(sfd->interface, intname);
1170 sfd->source_addr = *addr;
1171 sfd->next = daemon->sfds;
1172 daemon->sfds = sfd;
1173 return sfd;
1174 }
1175
1176 /* create upstream sockets during startup, before root is dropped which may be needed
1177 this allows query_port to be a low port and interface binding */
1178 void pre_allocate_sfds(void)
1179 {
1180 struct server *srv;
1181
1182 if (daemon->query_port != 0)
1183 {
1184 union mysockaddr addr;
1185 memset(&addr, 0, sizeof(addr));
1186 addr.in.sin_family = AF_INET;
1187 addr.in.sin_addr.s_addr = INADDR_ANY;
1188 addr.in.sin_port = htons(daemon->query_port);
1189 #ifdef HAVE_SOCKADDR_SA_LEN
1190 addr.in.sin_len = sizeof(struct sockaddr_in);
1191 #endif
1192 allocate_sfd(&addr, "");
1193 #ifdef HAVE_IPV6
1194 memset(&addr, 0, sizeof(addr));
1195 addr.in6.sin6_family = AF_INET6;
1196 addr.in6.sin6_addr = in6addr_any;
1197 addr.in6.sin6_port = htons(daemon->query_port);
1198 #ifdef HAVE_SOCKADDR_SA_LEN
1199 addr.in6.sin6_len = sizeof(struct sockaddr_in6);
1200 #endif
1201 allocate_sfd(&addr, "");
1202 #endif
1203 }
1204
1205 for (srv = daemon->servers; srv; srv = srv->next)
1206 if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)) &&
1207 !allocate_sfd(&srv->source_addr, srv->interface) &&
1208 errno != 0 &&
1209 option_bool(OPT_NOWILD))
1210 {
1211 prettyprint_addr(&srv->source_addr, daemon->namebuff);
1212 if (srv->interface[0] != 0)
1213 {
1214 strcat(daemon->namebuff, " ");
1215 strcat(daemon->namebuff, srv->interface);
1216 }
1217 die(_("failed to bind server socket for %s: %s"),
1218 daemon->namebuff, EC_BADNET);
1219 }
1220 }
1221
1222
1223 void check_servers(void)
1224 {
1225 struct irec *iface;
1226 struct server *new, *tmp, *ret = NULL;
1227 int port = 0;
1228
1229 /* interface may be new since startup */
1230 if (!option_bool(OPT_NOWILD))
1231 enumerate_interfaces(0);
1232
1233 for (new = daemon->servers; new; new = tmp)
1234 {
1235 tmp = new->next;
1236
1237 if (!(new->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)))
1238 {
1239 port = prettyprint_addr(&new->addr, daemon->namebuff);
1240
1241 /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
1242 if (new->addr.sa.sa_family == AF_INET &&
1243 new->addr.in.sin_addr.s_addr == 0)
1244 {
1245 free(new);
1246 continue;
1247 }
1248
1249 for (iface = daemon->interfaces; iface; iface = iface->next)
1250 if (sockaddr_isequal(&new->addr, &iface->addr))
1251 break;
1252 if (iface)
1253 {
1254 my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff);
1255 free(new);
1256 continue;
1257 }
1258
1259 /* Do we need a socket set? */
1260 if (!new->sfd &&
1261 !(new->sfd = allocate_sfd(&new->source_addr, new->interface)) &&
1262 errno != 0)
1263 {
1264 my_syslog(LOG_WARNING,
1265 _("ignoring nameserver %s - cannot make/bind socket: %s"),
1266 daemon->namebuff, strerror(errno));
1267 free(new);
1268 continue;
1269 }
1270 }
1271
1272 /* reverse order - gets it right. */
1273 new->next = ret;
1274 ret = new;
1275
1276 if (!(new->flags & SERV_NO_REBIND))
1277 {
1278 if (new->flags & (SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_USE_RESOLV))
1279 {
1280 char *s1, *s2;
1281 if (!(new->flags & SERV_HAS_DOMAIN))
1282 s1 = _("unqualified"), s2 = _("names");
1283 else if (strlen(new->domain) == 0)
1284 s1 = _("default"), s2 = "";
1285 else
1286 s1 = _("domain"), s2 = new->domain;
1287
1288 if (new->flags & SERV_NO_ADDR)
1289 my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
1290 else if (new->flags & SERV_USE_RESOLV)
1291 my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2);
1292 else if (!(new->flags & SERV_LITERAL_ADDRESS))
1293 my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2);
1294 }
1295 else if (new->interface[0] != 0)
1296 my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port, new->interface);
1297 else
1298 my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port);
1299 }
1300 }
1301
1302 daemon->servers = ret;
1303 }
1304
1305 /* Return zero if no servers found, in that case we keep polling.
1306 This is a protection against an update-time/write race on resolv.conf */
1307 int reload_servers(char *fname)
1308 {
1309 FILE *f;
1310 char *line;
1311 struct server *old_servers = NULL;
1312 struct server *new_servers = NULL;
1313 struct server *serv;
1314 int gotone = 0;
1315
1316 /* buff happens to be MAXDNAME long... */
1317 if (!(f = fopen(fname, "r")))
1318 {
1319 my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno));
1320 return 0;
1321 }
1322
1323 /* move old servers to free list - we can reuse the memory
1324 and not risk malloc if there are the same or fewer new servers.
1325 Servers which were specced on the command line go to the new list. */
1326 for (serv = daemon->servers; serv;)
1327 {
1328 struct server *tmp = serv->next;
1329 if (serv->flags & SERV_FROM_RESOLV)
1330 {
1331 serv->next = old_servers;
1332 old_servers = serv;
1333 /* forward table rules reference servers, so have to blow them away */
1334 server_gone(serv);
1335 }
1336 else
1337 {
1338 serv->next = new_servers;
1339 new_servers = serv;
1340 }
1341 serv = tmp;
1342 }
1343
1344 while ((line = fgets(daemon->namebuff, MAXDNAME, f)))
1345 {
1346 union mysockaddr addr, source_addr;
1347 char *token = strtok(line, " \t\n\r");
1348
1349 if (!token)
1350 continue;
1351 if (strcmp(token, "nameserver") != 0 && strcmp(token, "server") != 0)
1352 continue;
1353 if (!(token = strtok(NULL, " \t\n\r")))
1354 continue;
1355
1356 memset(&addr, 0, sizeof(addr));
1357 memset(&source_addr, 0, sizeof(source_addr));
1358
1359 if ((addr.in.sin_addr.s_addr = inet_addr(token)) != (in_addr_t) -1)
1360 {
1361 #ifdef HAVE_SOCKADDR_SA_LEN
1362 source_addr.in.sin_len = addr.in.sin_len = sizeof(source_addr.in);
1363 #endif
1364 source_addr.in.sin_family = addr.in.sin_family = AF_INET;
1365 addr.in.sin_port = htons(NAMESERVER_PORT);
1366 source_addr.in.sin_addr.s_addr = INADDR_ANY;
1367 source_addr.in.sin_port = htons(daemon->query_port);
1368 }
1369 #ifdef HAVE_IPV6
1370 else
1371 {
1372 int scope_index = 0;
1373 char *scope_id = strchr(token, '%');
1374
1375 if (scope_id)
1376 {
1377 *(scope_id++) = 0;
1378 scope_index = if_nametoindex(scope_id);
1379 }
1380
1381 if (inet_pton(AF_INET6, token, &addr.in6.sin6_addr) > 0)
1382 {
1383 #ifdef HAVE_SOCKADDR_SA_LEN
1384 source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(source_addr.in6);
1385 #endif
1386 source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
1387 source_addr.in6.sin6_flowinfo = addr.in6.sin6_flowinfo = 0;
1388 addr.in6.sin6_port = htons(NAMESERVER_PORT);
1389 addr.in6.sin6_scope_id = scope_index;
1390 source_addr.in6.sin6_addr = in6addr_any;
1391 source_addr.in6.sin6_port = htons(daemon->query_port);
1392 source_addr.in6.sin6_scope_id = 0;
1393 }
1394 else
1395 continue;
1396 }
1397 #else /* IPV6 */
1398 else
1399 continue;
1400 #endif
1401
1402 if (old_servers)
1403 {
1404 serv = old_servers;
1405 old_servers = old_servers->next;
1406 }
1407 else if (!(serv = whine_malloc(sizeof (struct server))))
1408 continue;
1409
1410 /* this list is reverse ordered:
1411 it gets reversed again in check_servers */
1412 serv->next = new_servers;
1413 new_servers = serv;
1414 serv->addr = addr;
1415 serv->source_addr = source_addr;
1416 serv->domain = NULL;
1417 serv->interface[0] = 0;
1418 serv->sfd = NULL;
1419 serv->flags = SERV_FROM_RESOLV;
1420 serv->queries = serv->failed_queries = 0;
1421 gotone = 1;
1422 }
1423
1424 /* Free any memory not used. */
1425 while (old_servers)
1426 {
1427 struct server *tmp = old_servers->next;
1428 free(old_servers);
1429 old_servers = tmp;
1430 }
1431
1432 daemon->servers = new_servers;
1433 fclose(f);
1434
1435 return gotone;
1436 }
1437
1438
1439
1440
1441
1442
Tomato firmware and modifications.