1 /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 /* Declare static char *compiler_opts in config.h */
18 #define DNSMASQ_COMPILE_OPTS
22 struct daemon
*daemon
;
24 static volatile pid_t pid
= 0;
25 static volatile int pipewrite
;
27 static int set_dns_listeners(time_t now
, fd_set
*set
, int *maxfdp
);
28 static void check_dns_listeners(fd_set
*set
, time_t now
);
29 static void sig_handler(int sig
);
30 static void async_event(int pipe
, time_t now
);
31 static void fatal_event(struct event_desc
*ev
, char *msg
);
32 static int read_event(int fd
, struct event_desc
*evp
, char **msg
);
33 static void poll_resolv(int force
, int do_reload
, time_t now
);
35 int main (int argc
, char **argv
)
37 int bind_fallback
= 0;
39 struct sigaction sigact
;
41 int piperead
, pipefd
[2], err_pipe
[2];
42 struct passwd
*ent_pw
= NULL
;
43 #if defined(HAVE_SCRIPT)
47 struct group
*gp
= NULL
;
48 long i
, max_fd
= sysconf(_SC_OPEN_MAX
);
51 #if defined(HAVE_LINUX_NETWORK)
52 cap_user_header_t hdr
= NULL
;
53 cap_user_data_t data
= NULL
;
54 char *bound_device
= NULL
;
57 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
58 struct dhcp_context
*context
;
59 struct dhcp_relay
*relay
;
62 int tftp_prefix_missing
= 0;
66 setlocale(LC_ALL
, "");
67 bindtextdomain("dnsmasq", LOCALEDIR
);
68 textdomain("dnsmasq");
71 sigact
.sa_handler
= sig_handler
;
73 sigemptyset(&sigact
.sa_mask
);
74 sigaction(SIGUSR1
, &sigact
, NULL
);
75 sigaction(SIGUSR2
, &sigact
, NULL
);
76 sigaction(SIGHUP
, &sigact
, NULL
);
77 sigaction(SIGTERM
, &sigact
, NULL
);
78 sigaction(SIGALRM
, &sigact
, NULL
);
79 sigaction(SIGCHLD
, &sigact
, NULL
);
82 sigact
.sa_handler
= SIG_IGN
;
83 sigaction(SIGPIPE
, &sigact
, NULL
);
85 umask(022); /* known umask, create leases and pid files as 0644 */
87 rand_init(); /* Must precede read_opts() */
89 read_opts(argc
, argv
, compile_opts
);
91 if (daemon
->edns_pktsz
< PACKETSZ
)
92 daemon
->edns_pktsz
= PACKETSZ
;
94 daemon
->packet_buff_sz
= daemon
->edns_pktsz
> DNSMASQ_PACKETSZ
?
95 daemon
->edns_pktsz
: DNSMASQ_PACKETSZ
;
96 daemon
->packet
= safe_malloc(daemon
->packet_buff_sz
);
98 daemon
->addrbuff
= safe_malloc(ADDRSTRLEN
);
99 if (option_bool(OPT_EXTRALOG
))
100 daemon
->addrbuff2
= safe_malloc(ADDRSTRLEN
);
103 if (option_bool(OPT_DNSSEC_VALID
))
105 daemon
->keyname
= safe_malloc(MAXDNAME
);
106 daemon
->workspacename
= safe_malloc(MAXDNAME
);
111 if (!daemon
->lease_file
)
113 if (daemon
->dhcp
|| daemon
->dhcp6
)
114 daemon
->lease_file
= LEASEFILE
;
118 /* Close any file descriptors we inherited apart from std{in|out|err}
120 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
121 otherwise file descriptors we create can end up being 0, 1, or 2
122 and then get accidentally closed later when we make 0, 1, and 2
123 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
124 but it's not guaranteed. By opening /dev/null three times, we
125 ensure that we're not using those fds for real stuff. */
126 for (i
= 0; i
< max_fd
; i
++)
127 if (i
!= STDOUT_FILENO
&& i
!= STDERR_FILENO
&& i
!= STDIN_FILENO
)
130 open("/dev/null", O_RDWR
);
132 #ifndef HAVE_LINUX_NETWORK
133 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
134 if (!option_bool(OPT_NOWILD
))
137 set_option_bool(OPT_NOWILD
);
141 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
142 if (option_bool(OPT_CLEVERBIND
))
145 set_option_bool(OPT_NOWILD
);
146 reset_option_bool(OPT_CLEVERBIND
);
151 if (daemon
->dynamic_dirs
)
152 die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL
, EC_BADCONF
);
155 if (option_bool(OPT_DNSSEC_VALID
))
159 die(_("no trust anchors provided for DNSSEC"), NULL
, EC_BADCONF
);
161 if (daemon
->cachesize
< CACHESIZ
)
162 die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL
, EC_BADCONF
);
164 die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL
, EC_BADCONF
);
169 if (option_bool(OPT_TFTP
))
170 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL
, EC_BADCONF
);
173 #ifdef HAVE_CONNTRACK
174 if (option_bool(OPT_CONNTRACK
) && (daemon
->query_port
!= 0 || daemon
->osport
))
175 die (_("cannot use --conntrack AND --query-port"), NULL
, EC_BADCONF
);
177 if (option_bool(OPT_CONNTRACK
))
178 die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL
, EC_BADCONF
);
181 #ifdef HAVE_SOLARIS_NETWORK
182 if (daemon
->max_logs
!= 0)
183 die(_("asychronous logging is not available under Solaris"), NULL
, EC_BADCONF
);
187 if (daemon
->max_logs
!= 0)
188 die(_("asychronous logging is not available under Android"), NULL
, EC_BADCONF
);
192 if (daemon
->authserver
)
193 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL
, EC_BADCONF
);
197 if (option_bool(OPT_LOOP_DETECT
))
198 die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL
, EC_BADCONF
);
201 now
= dnsmasq_time();
203 /* Create a serial at startup if not configured. */
204 if (daemon
->authinterface
&& daemon
->soa_sn
== 0)
205 #ifdef HAVE_BROKEN_RTC
206 die(_("zone serial must be configured in --auth-soa"), NULL
, EC_BADCONF
);
208 daemon
->soa_sn
= now
;
214 daemon
->doing_ra
= option_bool(OPT_RA
);
216 for (context
= daemon
->dhcp6
; context
; context
= context
->next
)
218 if (context
->flags
& CONTEXT_DHCP
)
219 daemon
->doing_dhcp6
= 1;
220 if (context
->flags
& CONTEXT_RA
)
221 daemon
->doing_ra
= 1;
222 #if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK)
223 if (context
->flags
& CONTEXT_TEMPLATE
)
224 die (_("dhcp-range constructor not available on this platform"), NULL
, EC_BADCONF
);
231 /* Note that order matters here, we must call lease_init before
232 creating any file descriptors which shouldn't be leaked
233 to the lease-script init process. We need to call common_init
234 before lease_init to allocate buffers it uses.*/
235 if (daemon
->dhcp
|| daemon
->doing_dhcp6
|| daemon
->relay4
|| daemon
->relay6
)
238 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
242 if (daemon
->dhcp
|| daemon
->relay4
)
246 if (daemon
->doing_ra
|| daemon
->doing_dhcp6
|| daemon
->relay6
)
249 if (daemon
->doing_dhcp6
|| daemon
->relay6
)
260 #if defined(HAVE_LINUX_NETWORK)
262 #elif defined(HAVE_BSD_NETWORK)
266 if (option_bool(OPT_NOWILD
) && option_bool(OPT_CLEVERBIND
))
267 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL
, EC_BADCONF
);
269 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
270 die(_("failed to find list of interfaces: %s"), NULL
, EC_MISC
);
272 if (option_bool(OPT_NOWILD
) || option_bool(OPT_CLEVERBIND
))
274 create_bound_listeners(1);
276 if (!option_bool(OPT_CLEVERBIND
))
277 for (if_tmp
= daemon
->if_names
; if_tmp
; if_tmp
= if_tmp
->next
)
278 if (if_tmp
->name
&& !if_tmp
->used
)
279 die(_("unknown interface %s"), if_tmp
->name
, EC_BADNET
);
281 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
282 /* after enumerate_interfaces() */
283 bound_device
= whichdevice();
287 if (!daemon
->relay4
&& bound_device
)
289 bindtodevice(bound_device
, daemon
->dhcpfd
);
292 if (daemon
->enable_pxe
&& bound_device
)
294 bindtodevice(bound_device
, daemon
->pxefd
);
300 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
301 if (daemon
->doing_dhcp6
&& !daemon
->relay6
&& bound_device
)
303 bindtodevice(bound_device
, daemon
->dhcp6fd
);
309 create_wildcard_listeners();
312 /* after enumerate_interfaces() */
313 if (daemon
->doing_dhcp6
|| daemon
->relay6
|| daemon
->doing_ra
)
316 /* After netlink_init() and before create_helper() */
317 lease_make_duid(now
);
320 if (daemon
->port
!= 0)
330 if (daemon
->port
!= 0 || daemon
->dhcp
|| daemon
->doing_dhcp6
)
331 inotify_dnsmasq_init();
333 daemon
->inotifyfd
= -1;
336 if (option_bool(OPT_DBUS
))
341 daemon
->watches
= NULL
;
342 if ((err
= dbus_init()))
343 die(_("DBus error: %s"), err
, EC_MISC
);
346 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL
, EC_BADCONF
);
349 if (daemon
->port
!= 0)
352 #if defined(HAVE_SCRIPT)
353 /* Note getpwnam returns static storage */
354 if ((daemon
->dhcp
|| daemon
->dhcp6
) &&
355 daemon
->scriptuser
&&
356 (daemon
->lease_change_command
|| daemon
->luascript
))
358 if ((ent_pw
= getpwnam(daemon
->scriptuser
)))
360 script_uid
= ent_pw
->pw_uid
;
361 script_gid
= ent_pw
->pw_gid
;
364 baduser
= daemon
->scriptuser
;
368 if (daemon
->username
&& !(ent_pw
= getpwnam(daemon
->username
)))
369 baduser
= daemon
->username
;
370 else if (daemon
->groupname
&& !(gp
= getgrnam(daemon
->groupname
)))
371 baduser
= daemon
->groupname
;
374 die(_("unknown user or group: %s"), baduser
, EC_BADCONF
);
376 /* implement group defaults, "dip" if available, or group associated with uid */
377 if (!daemon
->group_set
&& !gp
)
379 if (!(gp
= getgrnam(CHGRP
)) && ent_pw
)
380 gp
= getgrgid(ent_pw
->pw_gid
);
382 /* for error message */
384 daemon
->groupname
= gp
->gr_name
;
387 #if defined(HAVE_LINUX_NETWORK)
388 /* determine capability API version here, while we can still
390 if (ent_pw
&& ent_pw
->pw_uid
!= 0)
392 int capsize
= 1; /* for header version 1 */
393 hdr
= safe_malloc(sizeof(*hdr
));
395 /* find version supported by kernel */
396 memset(hdr
, 0, sizeof(*hdr
));
399 if (hdr
->version
!= LINUX_CAPABILITY_VERSION_1
)
401 /* if unknown version, use largest supported version (3) */
402 if (hdr
->version
!= LINUX_CAPABILITY_VERSION_2
)
403 hdr
->version
= LINUX_CAPABILITY_VERSION_3
;
407 data
= safe_malloc(sizeof(*data
) * capsize
);
408 memset(data
, 0, sizeof(*data
) * capsize
);
412 /* Use a pipe to carry signals and other events back to the event loop
413 in a race-free manner and another to carry errors to daemon-invoking process */
414 safe_pipe(pipefd
, 1);
416 piperead
= pipefd
[0];
417 pipewrite
= pipefd
[1];
418 /* prime the pipe to load stuff first time. */
419 send_event(pipewrite
, EVENT_INIT
, 0, NULL
);
423 if (!option_bool(OPT_DEBUG
))
425 /* The following code "daemonizes" the process.
426 See Stevens section 12.4 */
429 die(_("cannot chdir to filesystem root: %s"), NULL
, EC_MISC
);
432 if (!option_bool(OPT_NO_FORK
))
436 /* pipe to carry errors back to original process.
437 When startup is complete we close this and the process terminates. */
438 safe_pipe(err_pipe
, 0);
440 if ((pid
= fork()) == -1)
441 /* fd == -1 since we've not forked, never returns. */
442 send_event(-1, EVENT_FORK_ERR
, errno
, NULL
);
446 struct event_desc ev
;
449 /* close our copy of write-end */
450 while (retry_send(close(err_pipe
[1])));
452 /* check for errors after the fork */
453 if (read_event(err_pipe
[0], &ev
, &msg
))
454 fatal_event(&ev
, msg
);
459 while (retry_send(close(err_pipe
[0])));
461 /* NO calls to die() from here on. */
465 if ((pid
= fork()) == -1)
466 send_event(err_pipe
[1], EVENT_FORK_ERR
, errno
, NULL
);
473 /* write pidfile _after_ forking ! */
478 sprintf(daemon
->namebuff
, "%d\n", (int) getpid());
480 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
481 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
482 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
483 extent that an attacker running as the unprivileged user could replace the pidfile with a
484 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
486 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
487 ensuring that the open() fails should there be any existing file (because the unlink() failed,
488 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
491 Any compromise of the non-privileged user still theoretically allows the pid-file to be
492 replaced whilst dnsmasq is running. The worst that could allow is that the usual
493 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
495 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
496 failure to write the pid-file.
499 unlink(daemon
->runfile
);
501 if ((fd
= open(daemon
->runfile
, O_WRONLY
|O_CREAT
|O_TRUNC
|O_EXCL
, S_IWUSR
|S_IRUSR
|S_IRGRP
|S_IROTH
)) == -1)
503 /* only complain if started as root */
509 if (!read_write(fd
, (unsigned char *)daemon
->namebuff
, strlen(daemon
->namebuff
), 0))
513 while (retry_send(close(fd
)));
521 send_event(err_pipe
[1], EVENT_PIDFILE
, errno
, daemon
->runfile
);
527 log_err
= log_start(ent_pw
, err_pipe
[1]);
529 if (!option_bool(OPT_DEBUG
))
531 /* open stdout etc to /dev/null */
532 int nullfd
= open("/dev/null", O_RDWR
);
533 dup2(nullfd
, STDOUT_FILENO
);
534 dup2(nullfd
, STDERR_FILENO
);
535 dup2(nullfd
, STDIN_FILENO
);
539 /* if we are to run scripts, we need to fork a helper before dropping root. */
540 daemon
->helperfd
= -1;
542 if ((daemon
->dhcp
|| daemon
->dhcp6
) && (daemon
->lease_change_command
|| daemon
->luascript
))
543 daemon
->helperfd
= create_helper(pipewrite
, err_pipe
[1], script_uid
, script_gid
, max_fd
);
546 if (!option_bool(OPT_DEBUG
) && getuid() == 0)
548 int bad_capabilities
= 0;
551 /* remove all supplimentary groups */
553 (setgroups(0, &dummy
) == -1 ||
554 setgid(gp
->gr_gid
) == -1))
556 send_event(err_pipe
[1], EVENT_GROUP_ERR
, errno
, daemon
->groupname
);
560 if (ent_pw
&& ent_pw
->pw_uid
!= 0)
562 #if defined(HAVE_LINUX_NETWORK)
563 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
564 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
565 ports because of DAD, or we're doing it dynamically,
566 we need CAP_NET_BIND_SERVICE too. */
567 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND
))
568 data
->effective
= data
->permitted
= data
->inheritable
=
569 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) |
570 (1 << CAP_SETUID
) | (1 << CAP_NET_BIND_SERVICE
);
572 data
->effective
= data
->permitted
= data
->inheritable
=
573 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) | (1 << CAP_SETUID
);
575 /* Tell kernel to not clear capabilities when dropping root */
576 if (capset(hdr
, data
) == -1 || prctl(PR_SET_KEEPCAPS
, 1, 0, 0, 0) == -1)
577 bad_capabilities
= errno
;
579 #elif defined(HAVE_SOLARIS_NETWORK)
580 /* http://developers.sun.com/solaris/articles/program_privileges.html */
581 priv_set_t
*priv_set
;
583 if (!(priv_set
= priv_str_to_set("basic", ",", NULL
)) ||
584 priv_addset(priv_set
, PRIV_NET_ICMPACCESS
) == -1 ||
585 priv_addset(priv_set
, PRIV_SYS_NET_CONFIG
) == -1)
586 bad_capabilities
= errno
;
588 if (priv_set
&& bad_capabilities
== 0)
590 priv_inverse(priv_set
);
592 if (setppriv(PRIV_OFF
, PRIV_LIMIT
, priv_set
) == -1)
593 bad_capabilities
= errno
;
597 priv_freeset(priv_set
);
601 if (bad_capabilities
!= 0)
603 send_event(err_pipe
[1], EVENT_CAP_ERR
, bad_capabilities
, NULL
);
607 /* finally drop root */
608 if (setuid(ent_pw
->pw_uid
) == -1)
610 send_event(err_pipe
[1], EVENT_USER_ERR
, errno
, daemon
->username
);
614 #ifdef HAVE_LINUX_NETWORK
615 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND
))
616 data
->effective
= data
->permitted
=
617 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) | (1 << CAP_NET_BIND_SERVICE
);
619 data
->effective
= data
->permitted
=
620 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
);
621 data
->inheritable
= 0;
623 /* lose the setuid and setgid capbilities */
624 if (capset(hdr
, data
) == -1)
626 send_event(err_pipe
[1], EVENT_CAP_ERR
, errno
, NULL
);
634 #ifdef HAVE_LINUX_NETWORK
637 if (option_bool(OPT_DEBUG
))
638 prctl(PR_SET_DUMPABLE
, 1, 0, 0, 0);
642 if (option_bool(OPT_TFTP
))
645 struct tftp_prefix
*p
;
647 if (daemon
->tftp_prefix
)
649 if (!((dir
= opendir(daemon
->tftp_prefix
))))
651 tftp_prefix_missing
= 1;
652 if (!option_bool(OPT_TFTP_NO_FAIL
))
654 send_event(err_pipe
[1], EVENT_TFTP_ERR
, errno
, daemon
->tftp_prefix
);
662 for (p
= daemon
->if_prefix
; p
; p
= p
->next
)
665 if (!((dir
= opendir(p
->prefix
))))
668 if (!option_bool(OPT_TFTP_NO_FAIL
))
670 send_event(err_pipe
[1], EVENT_TFTP_ERR
, errno
, p
->prefix
);
680 if (daemon
->port
== 0)
681 my_syslog(LOG_INFO
, _("started, version %s DNS disabled"), VERSION
);
682 else if (daemon
->cachesize
!= 0)
683 my_syslog(LOG_INFO
, _("started, version %s cachesize %d"), VERSION
, daemon
->cachesize
);
685 my_syslog(LOG_INFO
, _("started, version %s cache disabled"), VERSION
);
687 my_syslog(LOG_INFO
, _("compile time options: %s"), compile_opts
);
690 if (option_bool(OPT_DBUS
))
693 my_syslog(LOG_INFO
, _("DBus support enabled: connected to system bus"));
695 my_syslog(LOG_INFO
, _("DBus support enabled: bus connection pending"));
699 if (option_bool(OPT_LOCAL_SERVICE
))
700 my_syslog(LOG_INFO
, _("DNS service limited to local subnets"));
703 if (option_bool(OPT_DNSSEC_VALID
))
707 /* Delay creating the timestamp file until here, after we've changed user, so that
708 it has the correct owner to allow updating the mtime later.
709 This means we have to report fatal errors via the pipe. */
710 if ((rc
= setup_timestamp()) == -1)
712 send_event(err_pipe
[1], EVENT_TIME_ERR
, errno
, daemon
->timestamp_file
);
716 my_syslog(LOG_INFO
, _("DNSSEC validation enabled"));
718 if (option_bool(OPT_DNSSEC_TIME
))
719 my_syslog(LOG_INFO
, _("DNSSEC signature timestamps not checked until first cache reload"));
722 my_syslog(LOG_INFO
, _("DNSSEC signature timestamps not checked until system time valid"));
727 my_syslog(LOG_WARNING
, _("warning: failed to change owner of %s: %s"),
728 daemon
->log_file
, strerror(log_err
));
731 my_syslog(LOG_WARNING
, _("setting --bind-interfaces option because of OS limitations"));
733 if (option_bool(OPT_NOWILD
))
734 warn_bound_listeners();
738 if (!option_bool(OPT_NOWILD
))
739 for (if_tmp
= daemon
->if_names
; if_tmp
; if_tmp
= if_tmp
->next
)
740 if (if_tmp
->name
&& !if_tmp
->used
)
741 my_syslog(LOG_WARNING
, _("warning: interface %s does not currently exist"), if_tmp
->name
);
743 if (daemon
->port
!= 0 && option_bool(OPT_NO_RESOLV
))
745 if (daemon
->resolv_files
&& !daemon
->resolv_files
->is_default
)
746 my_syslog(LOG_WARNING
, _("warning: ignoring resolv-file flag because no-resolv is set"));
747 daemon
->resolv_files
= NULL
;
748 if (!daemon
->servers
)
749 my_syslog(LOG_WARNING
, _("warning: no upstream servers configured"));
752 if (daemon
->max_logs
!= 0)
753 my_syslog(LOG_INFO
, _("asynchronous logging enabled, queue limit is %d messages"), daemon
->max_logs
);
757 for (context
= daemon
->dhcp
; context
; context
= context
->next
)
758 log_context(AF_INET
, context
);
760 for (relay
= daemon
->relay4
; relay
; relay
= relay
->next
)
761 log_relay(AF_INET
, relay
);
764 for (context
= daemon
->dhcp6
; context
; context
= context
->next
)
765 log_context(AF_INET6
, context
);
767 for (relay
= daemon
->relay6
; relay
; relay
= relay
->next
)
768 log_relay(AF_INET6
, relay
);
770 if (daemon
->doing_dhcp6
|| daemon
->doing_ra
)
771 dhcp_construct_contexts(now
);
773 if (option_bool(OPT_RA
))
774 my_syslog(MS_DHCP
| LOG_INFO
, _("IPv6 router advertisement enabled"));
777 # ifdef HAVE_LINUX_NETWORK
779 my_syslog(MS_DHCP
| LOG_INFO
, _("DHCP, sockets bound exclusively to interface %s"), bound_device
);
782 /* after dhcp_contruct_contexts */
783 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
784 lease_find_interfaces(now
);
788 if (option_bool(OPT_TFTP
))
790 struct tftp_prefix
*p
;
792 if (FD_SETSIZE
< (unsigned)max_fd
)
796 my_syslog(MS_TFTP
| LOG_INFO
, "TFTP %s%s %s",
797 daemon
->tftp_prefix
? _("root is ") : _("enabled"),
798 daemon
->tftp_prefix
? daemon
->tftp_prefix
: "",
799 option_bool(OPT_TFTP_SECURE
) ? _("secure mode") : "");
801 if (tftp_prefix_missing
)
802 my_syslog(MS_TFTP
| LOG_WARNING
, _("warning: %s inaccessible"), daemon
->tftp_prefix
);
804 for (p
= daemon
->if_prefix
; p
; p
= p
->next
)
806 my_syslog(MS_TFTP
| LOG_WARNING
, _("warning: TFTP directory %s inaccessible"), p
->prefix
);
808 /* This is a guess, it assumes that for small limits,
809 disjoint files might be served, but for large limits,
810 a single file will be sent to may clients (the file only needs
813 max_fd
-= 30; /* use other than TFTP */
817 else if (max_fd
< 100)
820 max_fd
= max_fd
- 20;
822 /* if we have to use a limited range of ports,
823 that will limit the number of transfers */
824 if (daemon
->start_tftp_port
!= 0 &&
825 daemon
->end_tftp_port
- daemon
->start_tftp_port
+ 1 < max_fd
)
826 max_fd
= daemon
->end_tftp_port
- daemon
->start_tftp_port
+ 1;
828 if (daemon
->tftp_max
> max_fd
)
830 daemon
->tftp_max
= max_fd
;
831 my_syslog(MS_TFTP
| LOG_WARNING
,
832 _("restricting maximum simultaneous TFTP transfers to %d"),
838 /* finished start-up - release original process */
839 if (err_pipe
[1] != -1)
840 while (retry_send(close(err_pipe
[1])));
842 if (daemon
->port
!= 0)
848 /* Using inotify, have to select a resolv file at startup */
849 poll_resolv(1, 0, now
);
855 struct timeval t
, *tp
= NULL
;
856 fd_set rset
, wset
, eset
;
862 /* if we are out of resources, find how long we have to wait
863 for some to come free, we'll loop around then and restart
864 listening for queries */
865 if ((t
.tv_sec
= set_dns_listeners(now
, &rset
, &maxfd
)) != 0)
871 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
872 if (daemon
->tftp_trans
||
873 (option_bool(OPT_DBUS
) && !daemon
->dbus
))
879 /* Wake every second whilst waiting for DAD to complete */
880 else if (is_dad_listeners())
888 set_dbus_listeners(&maxfd
, &rset
, &wset
, &eset
);
892 if (daemon
->dhcp
|| daemon
->relay4
)
894 FD_SET(daemon
->dhcpfd
, &rset
);
895 bump_maxfd(daemon
->dhcpfd
, &maxfd
);
896 if (daemon
->pxefd
!= -1)
898 FD_SET(daemon
->pxefd
, &rset
);
899 bump_maxfd(daemon
->pxefd
, &maxfd
);
905 if (daemon
->doing_dhcp6
|| daemon
->relay6
)
907 FD_SET(daemon
->dhcp6fd
, &rset
);
908 bump_maxfd(daemon
->dhcp6fd
, &maxfd
);
911 if (daemon
->doing_ra
)
913 FD_SET(daemon
->icmp6fd
, &rset
);
914 bump_maxfd(daemon
->icmp6fd
, &maxfd
);
919 if (daemon
->inotifyfd
!= -1)
921 FD_SET(daemon
->inotifyfd
, &rset
);
922 bump_maxfd(daemon
->inotifyfd
, &maxfd
);
926 #if defined(HAVE_LINUX_NETWORK)
927 FD_SET(daemon
->netlinkfd
, &rset
);
928 bump_maxfd(daemon
->netlinkfd
, &maxfd
);
929 #elif defined(HAVE_BSD_NETWORK)
930 FD_SET(daemon
->routefd
, &rset
);
931 bump_maxfd(daemon
->routefd
, &maxfd
);
934 FD_SET(piperead
, &rset
);
935 bump_maxfd(piperead
, &maxfd
);
939 while (helper_buf_empty() && do_script_run(now
));
942 while (helper_buf_empty() && do_tftp_script_run());
945 if (!helper_buf_empty())
947 FD_SET(daemon
->helperfd
, &wset
);
948 bump_maxfd(daemon
->helperfd
, &maxfd
);
951 /* need this for other side-effects */
952 while (do_script_run(now
));
955 while (do_tftp_script_run());
961 /* must do this just before select(), when we know no
962 more calls to my_syslog() can occur */
963 set_log_writer(&wset
, &maxfd
);
965 if (select(maxfd
+1, &rset
, &wset
, &eset
, tp
) < 0)
967 /* otherwise undefined after error */
968 FD_ZERO(&rset
); FD_ZERO(&wset
); FD_ZERO(&eset
);
971 now
= dnsmasq_time();
973 check_log_writer(&wset
);
976 enumerate_interfaces(1);
978 /* Check the interfaces to see if any have exited DAD state
979 and if so, bind the address. */
980 if (is_dad_listeners())
982 enumerate_interfaces(0);
983 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
984 create_bound_listeners(0);
985 warn_bound_listeners();
988 #if defined(HAVE_LINUX_NETWORK)
989 if (FD_ISSET(daemon
->netlinkfd
, &rset
))
991 #elif defined(HAVE_BSD_NETWORK)
992 if (FD_ISSET(daemon
->routefd
, &rset
))
997 if (daemon
->inotifyfd
!= -1 && FD_ISSET(daemon
->inotifyfd
, &rset
) && inotify_check(now
))
999 if (daemon
->port
!= 0 && !option_bool(OPT_NO_POLL
))
1000 poll_resolv(1, 1, now
);
1003 /* Check for changes to resolv files once per second max. */
1004 /* Don't go silent for long periods if the clock goes backwards. */
1005 if (daemon
->last_resolv
== 0 ||
1006 difftime(now
, daemon
->last_resolv
) > 1.0 ||
1007 difftime(now
, daemon
->last_resolv
) < -1.0)
1009 /* poll_resolv doesn't need to reload first time through, since
1010 that's queued anyway. */
1012 poll_resolv(0, daemon
->last_resolv
!= 0, now
);
1013 daemon
->last_resolv
= now
;
1017 if (FD_ISSET(piperead
, &rset
))
1018 async_event(piperead
, now
);
1021 /* if we didn't create a DBus connection, retry now. */
1022 if (option_bool(OPT_DBUS
) && !daemon
->dbus
)
1025 if ((err
= dbus_init()))
1026 my_syslog(LOG_WARNING
, _("DBus error: %s"), err
);
1028 my_syslog(LOG_INFO
, _("connected to system DBus"));
1030 check_dbus_listeners(&rset
, &wset
, &eset
);
1033 check_dns_listeners(&rset
, now
);
1036 check_tftp_listeners(&rset
, now
);
1040 if (daemon
->dhcp
|| daemon
->relay4
)
1042 if (FD_ISSET(daemon
->dhcpfd
, &rset
))
1043 dhcp_packet(now
, 0);
1044 if (daemon
->pxefd
!= -1 && FD_ISSET(daemon
->pxefd
, &rset
))
1045 dhcp_packet(now
, 1);
1049 if ((daemon
->doing_dhcp6
|| daemon
->relay6
) && FD_ISSET(daemon
->dhcp6fd
, &rset
))
1052 if (daemon
->doing_ra
&& FD_ISSET(daemon
->icmp6fd
, &rset
))
1057 if (daemon
->helperfd
!= -1 && FD_ISSET(daemon
->helperfd
, &wset
))
1065 static void sig_handler(int sig
)
1069 /* ignore anything other than TERM during startup
1070 and in helper proc. (helper ignore TERM too) */
1074 else if (pid
!= getpid())
1076 /* alarm is used to kill TCP children after a fixed time. */
1082 /* master process */
1083 int event
, errsave
= errno
;
1086 event
= EVENT_RELOAD
;
1087 else if (sig
== SIGCHLD
)
1088 event
= EVENT_CHILD
;
1089 else if (sig
== SIGALRM
)
1090 event
= EVENT_ALARM
;
1091 else if (sig
== SIGTERM
)
1093 else if (sig
== SIGUSR1
)
1095 else if (sig
== SIGUSR2
)
1096 event
= EVENT_REOPEN
;
1100 send_event(pipewrite
, event
, 0, NULL
);
1105 /* now == 0 -> queue immediate callback */
1106 void send_alarm(time_t event
, time_t now
)
1108 if (now
== 0 || event
!= 0)
1110 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1111 if ((now
== 0 || difftime(event
, now
) <= 0.0))
1112 send_event(pipewrite
, EVENT_ALARM
, 0, NULL
);
1114 alarm((unsigned)difftime(event
, now
));
1118 void queue_event(int event
)
1120 send_event(pipewrite
, event
, 0, NULL
);
1123 void send_event(int fd
, int event
, int data
, char *msg
)
1125 struct event_desc ev
;
1126 struct iovec iov
[2];
1130 ev
.msg_sz
= msg
? strlen(msg
) : 0;
1132 iov
[0].iov_base
= &ev
;
1133 iov
[0].iov_len
= sizeof(ev
);
1134 iov
[1].iov_base
= msg
;
1135 iov
[1].iov_len
= ev
.msg_sz
;
1137 /* error pipe, debug mode. */
1139 fatal_event(&ev
, msg
);
1141 /* pipe is non-blocking and struct event_desc is smaller than
1142 PIPE_BUF, so this either fails or writes everything */
1143 while (writev(fd
, iov
, msg
? 2 : 1) == -1 && errno
== EINTR
);
1146 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1147 to describe fatal errors. */
1148 static int read_event(int fd
, struct event_desc
*evp
, char **msg
)
1152 if (!read_write(fd
, (unsigned char *)evp
, sizeof(struct event_desc
), 1))
1157 if (evp
->msg_sz
!= 0 &&
1158 (buf
= malloc(evp
->msg_sz
+ 1)) &&
1159 read_write(fd
, (unsigned char *)buf
, evp
->msg_sz
, 1))
1161 buf
[evp
->msg_sz
] = 0;
1168 static void fatal_event(struct event_desc
*ev
, char *msg
)
1177 case EVENT_FORK_ERR
:
1178 die(_("cannot fork into background: %s"), NULL
, EC_MISC
);
1180 case EVENT_PIPE_ERR
:
1181 die(_("failed to create helper: %s"), NULL
, EC_MISC
);
1184 die(_("setting capabilities failed: %s"), NULL
, EC_MISC
);
1186 case EVENT_USER_ERR
:
1187 die(_("failed to change user-id to %s: %s"), msg
, EC_MISC
);
1189 case EVENT_GROUP_ERR
:
1190 die(_("failed to change group-id to %s: %s"), msg
, EC_MISC
);
1193 die(_("failed to open pidfile %s: %s"), msg
, EC_FILE
);
1196 die(_("cannot open log %s: %s"), msg
, EC_FILE
);
1199 die(_("failed to load Lua script: %s"), msg
, EC_MISC
);
1201 case EVENT_TFTP_ERR
:
1202 die(_("TFTP directory %s inaccessible: %s"), msg
, EC_FILE
);
1204 case EVENT_TIME_ERR
:
1205 die(_("cannot create timestamp file %s: %s" ), msg
, EC_BADCONF
);
1209 static void async_event(int pipe
, time_t now
)
1212 struct event_desc ev
;
1216 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1217 to describe fatal errors. */
1219 if (read_event(pipe
, &ev
, &msg
))
1224 if (option_bool(OPT_DNSSEC_VALID
) && option_bool(OPT_DNSSEC_TIME
))
1226 my_syslog(LOG_INFO
, _("now checking DNSSEC signature timestamps"));
1227 reset_option_bool(OPT_DNSSEC_TIME
);
1233 clear_cache_and_reload(now
);
1235 if (daemon
->port
!= 0)
1237 if (daemon
->resolv_files
&& option_bool(OPT_NO_POLL
))
1239 reload_servers(daemon
->resolv_files
->name
);
1243 if (daemon
->servers_file
)
1245 read_servers_file();
1259 if (daemon
->port
!= 0)
1265 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
1267 lease_prune(NULL
, now
);
1268 lease_update_file(now
);
1271 else if (daemon
->doing_ra
)
1272 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1273 send_alarm(periodic_ra(now
), now
);
1279 /* See Stevens 5.10 */
1280 while ((p
= waitpid(-1, NULL
, WNOHANG
)) != 0)
1287 for (i
= 0 ; i
< MAX_PROCS
; i
++)
1288 if (daemon
->tcp_pids
[i
] == p
)
1289 daemon
->tcp_pids
[i
] = 0;
1293 my_syslog(LOG_WARNING
, _("script process killed by signal %d"), ev
.data
);
1297 my_syslog(LOG_WARNING
, _("script process exited with status %d"), ev
.data
);
1300 case EVENT_EXEC_ERR
:
1301 my_syslog(LOG_ERR
, _("failed to execute %s: %s"),
1302 daemon
->lease_change_command
, strerror(ev
.data
));
1305 /* necessary for fatal errors in helper */
1306 case EVENT_USER_ERR
:
1309 fatal_event(&ev
, msg
);
1313 /* Note: this may leave TCP-handling processes with the old file still open.
1314 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1315 we leave them logging to the old file. */
1316 if (daemon
->log_file
!= NULL
)
1317 log_reopen(daemon
->log_file
);
1324 case EVENT_NEWROUTE
:
1326 /* Force re-reading resolv file right now, for luck. */
1327 poll_resolv(0, 1, now
);
1331 /* Knock all our children on the head. */
1332 for (i
= 0; i
< MAX_PROCS
; i
++)
1333 if (daemon
->tcp_pids
[i
] != 0)
1334 kill(daemon
->tcp_pids
[i
], SIGALRM
);
1336 #if defined(HAVE_SCRIPT)
1337 /* handle pending lease transitions */
1338 if (daemon
->helperfd
!= -1)
1340 /* block in writes until all done */
1341 if ((i
= fcntl(daemon
->helperfd
, F_GETFL
)) != -1)
1342 fcntl(daemon
->helperfd
, F_SETFL
, i
& ~O_NONBLOCK
);
1345 } while (!helper_buf_empty() || do_script_run(now
));
1346 while (retry_send(close(daemon
->helperfd
)));
1350 if (daemon
->lease_stream
)
1351 fclose(daemon
->lease_stream
);
1353 if (daemon
->runfile
)
1354 unlink(daemon
->runfile
);
1356 my_syslog(LOG_INFO
, _("exiting on receipt of SIGTERM"));
1362 static void poll_resolv(int force
, int do_reload
, time_t now
)
1364 struct resolvc
*res
, *latest
;
1365 struct stat statbuf
;
1366 time_t last_change
= 0;
1367 /* There may be more than one possible file.
1368 Go through and find the one which changed _last_.
1369 Warn of any which can't be read. */
1371 if (daemon
->port
== 0 || option_bool(OPT_NO_POLL
))
1374 for (latest
= NULL
, res
= daemon
->resolv_files
; res
; res
= res
->next
)
1375 if (stat(res
->name
, &statbuf
) == -1)
1384 my_syslog(LOG_WARNING
, _("failed to access %s: %s"), res
->name
, strerror(errno
));
1387 if (res
->mtime
!= 0)
1389 /* existing file evaporated, force selection of the latest
1390 file even if its mtime hasn't changed since we last looked */
1391 poll_resolv(1, do_reload
, now
);
1398 if (force
|| (statbuf
.st_mtime
!= res
->mtime
))
1400 res
->mtime
= statbuf
.st_mtime
;
1401 if (difftime(statbuf
.st_mtime
, last_change
) > 0.0)
1403 last_change
= statbuf
.st_mtime
;
1411 static int warned
= 0;
1412 if (reload_servers(latest
->name
))
1414 my_syslog(LOG_INFO
, _("reading %s"), latest
->name
);
1417 if (option_bool(OPT_RELOAD
) && do_reload
)
1418 clear_cache_and_reload(now
);
1425 my_syslog(LOG_WARNING
, _("no servers found in %s, will retry"), latest
->name
);
1432 void clear_cache_and_reload(time_t now
)
1436 if (daemon
->port
!= 0)
1440 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
1442 if (option_bool(OPT_ETHERS
))
1446 set_dynamic_inotify(AH_DHCP_HST
| AH_DHCP_OPT
, 0, NULL
, 0);
1448 dhcp_update_configs(daemon
->dhcp_conf
);
1449 lease_update_from_configs();
1450 lease_update_file(now
);
1451 lease_update_dns(1);
1454 else if (daemon
->doing_ra
)
1455 /* Not doing DHCP, so no lease system, manage
1456 alarms for ra only */
1457 send_alarm(periodic_ra(now
), now
);
1462 static int set_dns_listeners(time_t now
, fd_set
*set
, int *maxfdp
)
1464 struct serverfd
*serverfdp
;
1465 struct listener
*listener
;
1470 struct tftp_transfer
*transfer
;
1471 for (transfer
= daemon
->tftp_trans
; transfer
; transfer
= transfer
->next
)
1474 FD_SET(transfer
->sockfd
, set
);
1475 bump_maxfd(transfer
->sockfd
, maxfdp
);
1479 /* will we be able to get memory? */
1480 if (daemon
->port
!= 0)
1481 get_new_frec(now
, &wait
, 0);
1483 for (serverfdp
= daemon
->sfds
; serverfdp
; serverfdp
= serverfdp
->next
)
1485 FD_SET(serverfdp
->fd
, set
);
1486 bump_maxfd(serverfdp
->fd
, maxfdp
);
1489 if (daemon
->port
!= 0 && !daemon
->osport
)
1490 for (i
= 0; i
< RANDOM_SOCKS
; i
++)
1491 if (daemon
->randomsocks
[i
].refcount
!= 0)
1493 FD_SET(daemon
->randomsocks
[i
].fd
, set
);
1494 bump_maxfd(daemon
->randomsocks
[i
].fd
, maxfdp
);
1497 for (listener
= daemon
->listeners
; listener
; listener
= listener
->next
)
1499 /* only listen for queries if we have resources */
1500 if (listener
->fd
!= -1 && wait
== 0)
1502 FD_SET(listener
->fd
, set
);
1503 bump_maxfd(listener
->fd
, maxfdp
);
1506 /* death of a child goes through the select loop, so
1507 we don't need to explicitly arrange to wake up here */
1508 if (listener
->tcpfd
!= -1)
1509 for (i
= 0; i
< MAX_PROCS
; i
++)
1510 if (daemon
->tcp_pids
[i
] == 0)
1512 FD_SET(listener
->tcpfd
, set
);
1513 bump_maxfd(listener
->tcpfd
, maxfdp
);
1518 if (tftp
<= daemon
->tftp_max
&& listener
->tftpfd
!= -1)
1520 FD_SET(listener
->tftpfd
, set
);
1521 bump_maxfd(listener
->tftpfd
, maxfdp
);
1530 static void check_dns_listeners(fd_set
*set
, time_t now
)
1532 struct serverfd
*serverfdp
;
1533 struct listener
*listener
;
1536 for (serverfdp
= daemon
->sfds
; serverfdp
; serverfdp
= serverfdp
->next
)
1537 if (FD_ISSET(serverfdp
->fd
, set
))
1538 reply_query(serverfdp
->fd
, serverfdp
->source_addr
.sa
.sa_family
, now
);
1540 if (daemon
->port
!= 0 && !daemon
->osport
)
1541 for (i
= 0; i
< RANDOM_SOCKS
; i
++)
1542 if (daemon
->randomsocks
[i
].refcount
!= 0 &&
1543 FD_ISSET(daemon
->randomsocks
[i
].fd
, set
))
1544 reply_query(daemon
->randomsocks
[i
].fd
, daemon
->randomsocks
[i
].family
, now
);
1546 for (listener
= daemon
->listeners
; listener
; listener
= listener
->next
)
1548 if (listener
->fd
!= -1 && FD_ISSET(listener
->fd
, set
))
1549 receive_query(listener
, now
);
1552 if (listener
->tftpfd
!= -1 && FD_ISSET(listener
->tftpfd
, set
))
1553 tftp_request(listener
, now
);
1556 if (listener
->tcpfd
!= -1 && FD_ISSET(listener
->tcpfd
, set
))
1558 int confd
, client_ok
= 1;
1559 struct irec
*iface
= NULL
;
1561 union mysockaddr tcp_addr
;
1562 socklen_t tcp_len
= sizeof(union mysockaddr
);
1564 while ((confd
= accept(listener
->tcpfd
, NULL
, NULL
)) == -1 && errno
== EINTR
);
1569 if (getsockname(confd
, (struct sockaddr
*)&tcp_addr
, &tcp_len
) == -1)
1571 while (retry_send(close(confd
)));
1575 /* Make sure that the interface list is up-to-date.
1577 We do this here as we may need the results below, and
1578 the DNS code needs them for --interface-name stuff.
1580 Multiple calls to enumerate_interfaces() per select loop are
1581 inhibited, so calls to it in the child process (which doesn't select())
1582 have no effect. This avoids two processes reading from the same
1583 netlink fd and screwing the pooch entirely.
1586 enumerate_interfaces(0);
1588 if (option_bool(OPT_NOWILD
))
1589 iface
= listener
->iface
; /* May be NULL */
1593 char intr_name
[IF_NAMESIZE
];
1595 /* if we can find the arrival interface, check it's one that's allowed */
1596 if ((if_index
= tcp_interface(confd
, tcp_addr
.sa
.sa_family
)) != 0 &&
1597 indextoname(listener
->tcpfd
, if_index
, intr_name
))
1599 struct all_addr addr
;
1600 addr
.addr
.addr4
= tcp_addr
.in
.sin_addr
;
1602 if (tcp_addr
.sa
.sa_family
== AF_INET6
)
1603 addr
.addr
.addr6
= tcp_addr
.in6
.sin6_addr
;
1606 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1607 if (iface
->index
== if_index
)
1610 if (!iface
&& !loopback_exception(listener
->tcpfd
, tcp_addr
.sa
.sa_family
, &addr
, intr_name
))
1614 if (option_bool(OPT_CLEVERBIND
))
1615 iface
= listener
->iface
; /* May be NULL */
1618 /* Check for allowed interfaces when binding the wildcard address:
1619 we do this by looking for an interface with the same address as
1620 the local address of the TCP connection, then looking to see if that's
1621 an allowed interface. As a side effect, we get the netmask of the
1622 interface too, for localisation. */
1624 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1625 if (sockaddr_isequal(&iface
->addr
, &tcp_addr
))
1635 shutdown(confd
, SHUT_RDWR
);
1636 while (retry_send(close(confd
)));
1639 else if (!option_bool(OPT_DEBUG
) && (p
= fork()) != 0)
1644 for (i
= 0; i
< MAX_PROCS
; i
++)
1645 if (daemon
->tcp_pids
[i
] == 0)
1647 daemon
->tcp_pids
[i
] = p
;
1651 while (retry_send(close(confd
)));
1653 /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
1654 daemon
->log_id
+= TCP_MAX_QUERIES
;
1659 unsigned char *buff
;
1662 struct in_addr netmask
;
1667 netmask
= iface
->netmask
;
1668 auth_dns
= iface
->dns_auth
;
1677 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1678 terminate the process. */
1679 if (!option_bool(OPT_DEBUG
))
1680 alarm(CHILD_LIFETIME
);
1683 /* start with no upstream connections. */
1684 for (s
= daemon
->servers
; s
; s
= s
->next
)
1687 /* The connected socket inherits non-blocking
1688 attribute from the listening socket.
1690 if ((flags
= fcntl(confd
, F_GETFL
, 0)) != -1)
1691 fcntl(confd
, F_SETFL
, flags
& ~O_NONBLOCK
);
1693 buff
= tcp_request(confd
, now
, &tcp_addr
, netmask
, auth_dns
);
1695 shutdown(confd
, SHUT_RDWR
);
1696 while (retry_send(close(confd
)));
1701 for (s
= daemon
->servers
; s
; s
= s
->next
)
1704 shutdown(s
->tcpfd
, SHUT_RDWR
);
1705 while (retry_send(close(s
->tcpfd
)));
1708 if (!option_bool(OPT_DEBUG
))
1720 int make_icmp_sock(void)
1725 if ((fd
= socket (AF_INET
, SOCK_RAW
, IPPROTO_ICMP
)) != -1)
1728 setsockopt(fd
, SOL_SOCKET
, SO_DONTROUTE
, &zeroopt
, sizeof(zeroopt
)) == -1)
1738 int icmp_ping(struct in_addr addr
)
1740 /* Try and get an ICMP echo from a machine. */
1742 /* Note that whilst in the three second wait, we check for
1743 (and service) events on the DNS and TFTP sockets, (so doing that
1744 better not use any resources our caller has in use...)
1745 but we remain deaf to signals or further DHCP packets. */
1748 struct sockaddr_in saddr
;
1753 unsigned short id
= rand16();
1758 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1759 if ((fd
= make_icmp_sock()) == -1)
1763 fd
= daemon
->dhcp_icmp_fd
;
1764 setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &opt
, sizeof(opt
));
1767 saddr
.sin_family
= AF_INET
;
1769 saddr
.sin_addr
= addr
;
1770 #ifdef HAVE_SOCKADDR_SA_LEN
1771 saddr
.sin_len
= sizeof(struct sockaddr_in
);
1774 memset(&packet
.icmp
, 0, sizeof(packet
.icmp
));
1775 packet
.icmp
.icmp_type
= ICMP_ECHO
;
1776 packet
.icmp
.icmp_id
= id
;
1777 for (j
= 0, i
= 0; i
< sizeof(struct icmp
) / 2; i
++)
1778 j
+= ((u16
*)&packet
.icmp
)[i
];
1780 j
= (j
& 0xffff) + (j
>> 16);
1781 packet
.icmp
.icmp_cksum
= (j
== 0xffff) ? j
: ~j
;
1783 while (retry_send(sendto(fd
, (char *)&packet
.icmp
, sizeof(struct icmp
), 0,
1784 (struct sockaddr
*)&saddr
, sizeof(saddr
))));
1786 for (now
= start
= dnsmasq_time();
1787 difftime(now
, start
) < (float)PING_WAIT
;)
1791 struct sockaddr_in faddr
;
1793 socklen_t len
= sizeof(faddr
);
1795 tv
.tv_usec
= 250000;
1801 set_dns_listeners(now
, &rset
, &maxfd
);
1802 set_log_writer(&wset
, &maxfd
);
1805 if (daemon
->doing_ra
)
1807 FD_SET(daemon
->icmp6fd
, &rset
);
1808 bump_maxfd(daemon
->icmp6fd
, &maxfd
);
1812 if (select(maxfd
+1, &rset
, &wset
, NULL
, &tv
) < 0)
1818 now
= dnsmasq_time();
1820 check_log_writer(&wset
);
1821 check_dns_listeners(&rset
, now
);
1824 if (daemon
->doing_ra
&& FD_ISSET(daemon
->icmp6fd
, &rset
))
1829 check_tftp_listeners(&rset
, now
);
1832 if (FD_ISSET(fd
, &rset
) &&
1833 recvfrom(fd
, &packet
, sizeof(packet
), 0,
1834 (struct sockaddr
*)&faddr
, &len
) == sizeof(packet
) &&
1835 saddr
.sin_addr
.s_addr
== faddr
.sin_addr
.s_addr
&&
1836 packet
.icmp
.icmp_type
== ICMP_ECHOREPLY
&&
1837 packet
.icmp
.icmp_seq
== 0 &&
1838 packet
.icmp
.icmp_id
== id
)
1845 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1846 while (retry_send(close(fd
)));
1849 setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &opt
, sizeof(opt
));