]>
Commit | Line | Data |
---|---|---|
c47e3ba4 | 1 | /* dnsmasq is Copyright (c) 2000-2014 Simon Kelley |
9e4abcb5 SK |
2 | |
3 | This program is free software; you can redistribute it and/or modify | |
4 | it under the terms of the GNU General Public License as published by | |
824af85b SK |
5 | the Free Software Foundation; version 2 dated June, 1991, or |
6 | (at your option) version 3 dated 29 June, 2007. | |
7 | ||
9e4abcb5 SK |
8 | This program is distributed in the hope that it will be useful, |
9 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
11 | GNU General Public License for more details. | |
824af85b | 12 | |
73a08a24 SK |
13 | You should have received a copy of the GNU General Public License |
14 | along with this program. If not, see <http://www.gnu.org/licenses/>. | |
9e4abcb5 SK |
15 | */ |
16 | ||
208b65c5 | 17 | #define FTABSIZ 150 /* max number of outstanding requests (default) */ |
feba5c1d SK |
18 | #define MAX_PROCS 20 /* max no children for TCP requests */ |
19 | #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */ | |
25cf5e37 | 20 | #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */ |
316e2730 | 21 | #define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */ |
f8b422a7 | 22 | #define KEYBLOCK_LEN 40 /* choose to mininise fragmentation when storing DNSSEC keys */ |
7fa836e1 | 23 | #define DNSSEC_WORK 50 /* Max number of queries to validate one question */ |
1697269c | 24 | #define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */ |
1f15b81d | 25 | #define FORWARD_TEST 50 /* try all servers every 50 queries */ |
28866e95 | 26 | #define FORWARD_TIME 20 /* or 20 seconds */ |
1a6bca81 | 27 | #define RANDOM_SOCKS 64 /* max simultaneous random ports */ |
cdeda28f | 28 | #define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */ |
9e4abcb5 | 29 | #define CACHESIZ 150 /* default cache size */ |
28de3876 | 30 | #define TTL_FLOOR_LIMIT 3600 /* don't allow --min-cache-ttl to raise TTL above this under any circumstances */ |
316e2730 | 31 | #define MAXLEASES 1000 /* maximum number of DHCP leases */ |
5e9e0efb SK |
32 | #define PING_WAIT 3 /* wait for ping address-in-use test */ |
33 | #define PING_CACHE_TIME 30 /* Ping test assumed to be valid this long. */ | |
849a8357 | 34 | #define DECLINE_BACKOFF 600 /* disable DECLINEd static addresses for this long */ |
5e9e0efb | 35 | #define DHCP_PACKET_MAX 16384 /* hard limit on DHCP packet size */ |
1fbe4d2f SK |
36 | #define SMALLDNAME 50 /* most domain names are smaller than this */ |
37 | #define CNAME_CHAIN 10 /* chains longer than this atr dropped for loop protection */ | |
9e4abcb5 | 38 | #define HOSTSFILE "/etc/hosts" |
44a2a316 | 39 | #define ETHERSFILE "/etc/ethers" |
9e4abcb5 SK |
40 | #define DEFLEASE 3600 /* default lease time, 1 hour */ |
41 | #define CHUSER "nobody" | |
42 | #define CHGRP "dip" | |
832af0ba | 43 | #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */ |
f2621c7f | 44 | #define LOG_MAX 5 /* log-queue length */ |
1a6bca81 | 45 | #define RANDFILE "/dev/urandom" |
ad094275 | 46 | #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" /* Default - may be overridden by config */ |
3d8df260 | 47 | #define DNSMASQ_PATH "/uk/org/thekelleys/dnsmasq" |
4f7b304f SK |
48 | #define AUTH_TTL 600 /* default TTL for auth DNS */ |
49 | #define SOA_REFRESH 1200 /* SOA refresh default */ | |
50 | #define SOA_RETRY 180 /* SOA retry default */ | |
51 | #define SOA_EXPIRY 1209600 /* SOA expiry default */ | |
b5ea1cc2 SK |
52 | #define LOOP_TEST_DOMAIN "test" /* domain for loop testing, "test" is reserved by RFC 2606 and won't therefore clash */ |
53 | #define LOOP_TEST_TYPE T_TXT | |
4f7b304f | 54 | |
c72daea8 SK |
55 | /* compile-time options: uncomment below to enable or do eg. |
56 | make COPTS=-DHAVE_BROKEN_RTC | |
824af85b | 57 | |
44a2a316 | 58 | HAVE_BROKEN_RTC |
5e9e0efb SK |
59 | define this on embedded systems which don't have an RTC |
60 | which keeps time over reboots. Causes dnsmasq to use uptime | |
61 | for timing, and keep lease lengths rather than expiry times | |
62 | in its leases file. This also make dnsmasq "flash disk friendly". | |
63 | Normally, dnsmasq tries very hard to keep the on-disk leases file | |
64 | up-to-date: rewriting it after every renewal. When HAVE_BROKEN_RTC | |
65 | is in effect, the lease file is only written when a new lease is | |
66 | created, or an old one destroyed. (Because those are the only times | |
67 | it changes.) This vastly reduces the number of file writes, and makes | |
68 | it viable to keep the lease file on a flash filesystem. | |
44a2a316 SK |
69 | NOTE: when enabling or disabling this, be sure to delete any old |
70 | leases file, otherwise dnsmasq may get very confused. | |
44a2a316 | 71 | |
832af0ba SK |
72 | HAVE_TFTP |
73 | define this to get dnsmasq's built-in TFTP server. | |
74 | ||
7622fc06 | 75 | HAVE_DHCP |
c72daea8 | 76 | define this to get dnsmasq's DHCPv4 server. |
1f15b81d | 77 | |
c72daea8 SK |
78 | HAVE_DHCP6 |
79 | define this to get dnsmasq's DHCPv6 server. (implies HAVE_DHCP). | |
9e4abcb5 | 80 | |
c72daea8 SK |
81 | HAVE_SCRIPT |
82 | define this to get the ability to call scripts on lease-change. | |
9e4abcb5 | 83 | |
c72daea8 SK |
84 | HAVE_LUASCRIPT |
85 | define this to get the ability to call Lua script on lease-change. (implies HAVE_SCRIPT) | |
9e4abcb5 | 86 | |
3d8df260 | 87 | HAVE_DBUS |
572b41eb SK |
88 | define this if you want to link against libdbus, and have dnsmasq |
89 | support some methods to allow (re)configuration of the upstream DNS | |
3d8df260 SK |
90 | servers via DBus. |
91 | ||
572b41eb SK |
92 | HAVE_IDN |
93 | define this if you want international domain name support. | |
94 | NOTE: for backwards compatibility, IDN support is automatically | |
95 | included when internationalisation support is built, using the | |
96 | *-i18n makefile targets, even if HAVE_IDN is not explicitly set. | |
97 | ||
7de060b0 SK |
98 | HAVE_CONNTRACK |
99 | define this to include code which propogates conntrack marks from | |
100 | incoming DNS queries to the corresponding upstream queries. This adds | |
101 | a build-dependency on libnetfilter_conntrack, but the resulting binary will | |
102 | still run happily on a kernel without conntrack support. | |
103 | ||
13d86c73 JD |
104 | HAVE_IPSET |
105 | define this to include the ability to selectively add resolved ip addresses | |
106 | to given ipsets. | |
107 | ||
4820dce9 SK |
108 | HAVE_AUTH |
109 | define this to include the facility to act as an authoritative DNS | |
110 | server for one or more zones. | |
111 | ||
063efb33 SK |
112 | HAVE_DNSSEC |
113 | include DNSSEC validator. | |
4820dce9 | 114 | |
b5ea1cc2 SK |
115 | HAVE_LOOP |
116 | include functionality to probe for and remove DNS forwarding loops. | |
117 | ||
118 | ||
c72daea8 SK |
119 | NO_IPV6 |
120 | NO_TFTP | |
121 | NO_DHCP | |
122 | NO_DHCP6 | |
123 | NO_SCRIPT | |
124 | NO_LARGEFILE | |
4820dce9 | 125 | NO_AUTH |
c72daea8 SK |
126 | these are avilable to explictly disable compile time options which would |
127 | otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or | |
128 | which are enabled by default in the distributed source tree. Building dnsmasq | |
129 | with something like "make COPTS=-DNO_SCRIPT" will do the trick. | |
130 | ||
063efb33 SK |
131 | NO_NETTLE_ECC |
132 | Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions. | |
133 | NO_GMP | |
134 | Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp. | |
135 | ||
c72daea8 SK |
136 | LEASEFILE |
137 | CONFFILE | |
138 | RESOLVFILE | |
139 | the default locations of these files are determined below, but may be overridden | |
140 | in a build command line using COPTS. | |
9e4abcb5 SK |
141 | |
142 | */ | |
143 | ||
c979fa04 SK |
144 | /* Defining this builds a binary which handles time differently and works better on a system without a |
145 | stable RTC (it uses uptime, not epoch time) and writes the DHCP leases file less often to avoid flash wear. | |
146 | */ | |
147 | ||
148 | /* #define HAVE_BROKEN_RTC */ | |
c72daea8 SK |
149 | |
150 | /* The default set of options to build. Built with these options, dnsmasq | |
151 | has no library dependencies other than libc */ | |
152 | ||
7622fc06 | 153 | #define HAVE_DHCP |
0793380b | 154 | #define HAVE_DHCP6 |
832af0ba | 155 | #define HAVE_TFTP |
1f15b81d | 156 | #define HAVE_SCRIPT |
4820dce9 | 157 | #define HAVE_AUTH |
3ddad246 | 158 | #define HAVE_IPSET |
b5ea1cc2 | 159 | #define HAVE_LOOP |
c979fa04 SK |
160 | |
161 | /* Build options which require external libraries. | |
162 | ||
163 | Defining HAVE_<opt>_STATIC as _well_ as HAVE_<opt> will link the library statically. | |
164 | ||
165 | You can use "make COPTS=-DHAVE_<opt>" instead of editing these. | |
166 | */ | |
167 | ||
c72daea8 | 168 | /* #define HAVE_LUASCRIPT */ |
309331f5 | 169 | /* #define HAVE_DBUS */ |
572b41eb | 170 | /* #define HAVE_IDN */ |
7de060b0 | 171 | /* #define HAVE_CONNTRACK */ |
65d1e3bb SK |
172 | /* #define HAVE_DNSSEC */ |
173 | ||
c72daea8 SK |
174 | |
175 | /* Default locations for important system files. */ | |
176 | ||
177 | #ifndef LEASEFILE | |
178 | # if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__) || defined(__NetBSD__) | |
179 | # define LEASEFILE "/var/db/dnsmasq.leases" | |
180 | # elif defined(__sun__) || defined (__sun) | |
181 | # define LEASEFILE "/var/cache/dnsmasq.leases" | |
182 | # elif defined(__ANDROID__) | |
183 | # define LEASEFILE "/data/misc/dhcp/dnsmasq.leases" | |
184 | # else | |
185 | # define LEASEFILE "/var/lib/misc/dnsmasq.leases" | |
186 | # endif | |
832af0ba SK |
187 | #endif |
188 | ||
c72daea8 SK |
189 | #ifndef CONFFILE |
190 | # if defined(__FreeBSD__) | |
191 | # define CONFFILE "/usr/local/etc/dnsmasq.conf" | |
192 | # else | |
193 | # define CONFFILE "/etc/dnsmasq.conf" | |
194 | # endif | |
7622fc06 SK |
195 | #endif |
196 | ||
c72daea8 SK |
197 | #ifndef RESOLVFILE |
198 | # if defined(__uClinux__) | |
199 | # define RESOLVFILE "/etc/config/resolv.conf" | |
200 | # else | |
201 | # define RESOLVFILE "/etc/resolv.conf" | |
202 | # endif | |
1f15b81d SK |
203 | #endif |
204 | ||
55d290a3 SK |
205 | #ifndef RUNFILE |
206 | # if defined(__ANDROID__) | |
207 | # define RUNFILE "/data/dnsmasq.pid" | |
208 | # else | |
209 | # define RUNFILE "/var/run/dnsmasq.pid" | |
210 | # endif | |
211 | #endif | |
1f15b81d | 212 | |
c72daea8 SK |
213 | /* platform dependent options: these are determined automatically below |
214 | ||
215 | HAVE_LINUX_NETWORK | |
216 | HAVE_BSD_NETWORK | |
217 | HAVE_SOLARIS_NETWORK | |
218 | define exactly one of these to alter interaction with kernel networking. | |
219 | ||
220 | HAVE_GETOPT_LONG | |
da632e7c | 221 | defined when GNU-style getopt_long available. |
c72daea8 | 222 | |
c72daea8 SK |
223 | HAVE_SOCKADDR_SA_LEN |
224 | defined if struct sockaddr has sa_len field (*BSD) | |
225 | */ | |
33820b7e | 226 | |
9e4abcb5 | 227 | /* Must preceed __linux__ since uClinux defines __linux__ too. */ |
e17fb629 | 228 | #if defined(__uClinux__) |
5e9e0efb | 229 | #define HAVE_LINUX_NETWORK |
9e4abcb5 | 230 | #define HAVE_GETOPT_LONG |
9e4abcb5 | 231 | #undef HAVE_SOCKADDR_SA_LEN |
59353a6b SK |
232 | /* Never use fork() on uClinux. Note that this is subtly different from the |
233 | --keep-in-foreground option, since it also suppresses forking new | |
5aabfc78 SK |
234 | processes for TCP connections and disables the call-a-script on leasechange |
235 | system. It's intended for use on MMU-less kernels. */ | |
e17fb629 SK |
236 | #define NO_FORK |
237 | ||
238 | #elif defined(__UCLIBC__) | |
5e9e0efb | 239 | #define HAVE_LINUX_NETWORK |
e17fb629 SK |
240 | #if defined(__UCLIBC_HAS_GNU_GETOPT__) || \ |
241 | ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21)) | |
242 | # define HAVE_GETOPT_LONG | |
5e9e0efb | 243 | #endif |
e17fb629 | 244 | #undef HAVE_SOCKADDR_SA_LEN |
7cebd20f | 245 | #if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__) |
9e4abcb5 SK |
246 | # define NO_FORK |
247 | #endif | |
7cebd20f SK |
248 | #if defined(__UCLIBC_HAS_IPV6__) |
249 | # ifndef IPV6_V6ONLY | |
250 | # define IPV6_V6ONLY 26 | |
251 | # endif | |
e17fb629 | 252 | #endif |
9e4abcb5 | 253 | |
9e4abcb5 SK |
254 | /* This is for glibc 2.x */ |
255 | #elif defined(__linux__) | |
5e9e0efb | 256 | #define HAVE_LINUX_NETWORK |
9e4abcb5 | 257 | #define HAVE_GETOPT_LONG |
9e4abcb5 | 258 | #undef HAVE_SOCKADDR_SA_LEN |
9e4abcb5 | 259 | |
9e038946 SK |
260 | #elif defined(__FreeBSD__) || \ |
261 | defined(__OpenBSD__) || \ | |
262 | defined(__DragonFly__) || \ | |
8ef5ada2 | 263 | defined(__FreeBSD_kernel__) |
824af85b | 264 | #define HAVE_BSD_NETWORK |
59353a6b SK |
265 | /* Later verions of FreeBSD have getopt_long() */ |
266 | #if defined(optional_argument) && defined(required_argument) | |
267 | # define HAVE_GETOPT_LONG | |
59353a6b | 268 | #endif |
9e4abcb5 | 269 | #define HAVE_SOCKADDR_SA_LEN |
9e4abcb5 SK |
270 | |
271 | #elif defined(__APPLE__) | |
824af85b | 272 | #define HAVE_BSD_NETWORK |
316e2730 | 273 | #define HAVE_GETOPT_LONG |
9e4abcb5 | 274 | #define HAVE_SOCKADDR_SA_LEN |
9e4abcb5 SK |
275 | /* Define before sys/socket.h is included so we get socklen_t */ |
276 | #define _BSD_SOCKLEN_T_ | |
6dbdc972 SK |
277 | /* Select the RFC_3542 version of the IPv6 socket API. |
278 | Define before netinet6/in6.h is included. */ | |
279 | #define __APPLE_USE_RFC_3542 | |
993f8cbb | 280 | #define NO_IPSET |
6dbdc972 | 281 | |
9e4abcb5 | 282 | #elif defined(__NetBSD__) |
824af85b | 283 | #define HAVE_BSD_NETWORK |
fd9fa481 | 284 | #define HAVE_GETOPT_LONG |
9e4abcb5 | 285 | #define HAVE_SOCKADDR_SA_LEN |
824af85b SK |
286 | |
287 | #elif defined(__sun) || defined(__sun__) | |
288 | #define HAVE_SOLARIS_NETWORK | |
7622fc06 | 289 | #define HAVE_GETOPT_LONG |
824af85b | 290 | #undef HAVE_SOCKADDR_SA_LEN |
7622fc06 SK |
291 | #define ETHER_ADDR_LEN 6 |
292 | ||
824af85b SK |
293 | #endif |
294 | ||
e17fb629 SK |
295 | /* Decide if we're going to support IPv6 */ |
296 | /* We assume that systems which don't have IPv6 | |
297 | headers don't have ntop and pton either */ | |
298 | ||
c72daea8 | 299 | #if defined(INET6_ADDRSTRLEN) && defined(IPV6_V6ONLY) |
e17fb629 SK |
300 | # define HAVE_IPV6 |
301 | # define ADDRSTRLEN INET6_ADDRSTRLEN | |
e17fb629 | 302 | #else |
b5a7ff42 SK |
303 | # if !defined(INET_ADDRSTRLEN) |
304 | # define INET_ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */ | |
305 | # endif | |
e17fb629 | 306 | # undef HAVE_IPV6 |
b5a7ff42 | 307 | # define ADDRSTRLEN INET_ADDRSTRLEN |
e17fb629 SK |
308 | #endif |
309 | ||
c72daea8 SK |
310 | |
311 | /* rules to implement compile-time option dependencies and | |
312 | the NO_XXX flags */ | |
313 | ||
314 | #ifdef NO_IPV6 | |
315 | #undef HAVE_IPV6 | |
316 | #endif | |
317 | ||
318 | #ifdef NO_TFTP | |
319 | #undef HAVE_TFTP | |
320 | #endif | |
321 | ||
322 | #ifdef NO_DHCP | |
323 | #undef HAVE_DHCP | |
324 | #undef HAVE_DHCP6 | |
325 | #endif | |
326 | ||
327 | #if defined(NO_DHCP6) || !defined(HAVE_IPV6) | |
328 | #undef HAVE_DHCP6 | |
329 | #endif | |
330 | ||
331 | /* DHCP6 needs DHCP too */ | |
332 | #ifdef HAVE_DHCP6 | |
333 | #define HAVE_DHCP | |
334 | #endif | |
335 | ||
336 | #if defined(NO_SCRIPT) || !defined(HAVE_DHCP) || defined(NO_FORK) | |
337 | #undef HAVE_SCRIPT | |
338 | #undef HAVE_LUASCRIPT | |
339 | #endif | |
340 | ||
341 | /* Must HAVE_SCRIPT to HAVE_LUASCRIPT */ | |
342 | #ifdef HAVE_LUASCRIPT | |
343 | #define HAVE_SCRIPT | |
344 | #endif | |
345 | ||
4820dce9 SK |
346 | #ifdef NO_AUTH |
347 | #undef HAVE_AUTH | |
348 | #endif | |
c72daea8 | 349 | |
c4a09376 | 350 | #if defined(NO_IPSET) |
13d86c73 JD |
351 | #undef HAVE_IPSET |
352 | #endif | |
353 | ||
b5ea1cc2 SK |
354 | #ifdef NO_LOOP |
355 | #undef HAVE_LOOP | |
356 | #endif | |
357 | ||
c72daea8 SK |
358 | /* Define a string indicating which options are in use. |
359 | DNSMASQP_COMPILE_OPTS is only defined in dnsmasq.c */ | |
360 | ||
361 | #ifdef DNSMASQ_COMPILE_OPTS | |
362 | ||
363 | static char *compile_opts = | |
364 | #ifndef HAVE_IPV6 | |
365 | "no-" | |
366 | #endif | |
367 | "IPv6 " | |
368 | #ifndef HAVE_GETOPT_LONG | |
369 | "no-" | |
370 | #endif | |
371 | "GNU-getopt " | |
372 | #ifdef HAVE_BROKEN_RTC | |
373 | "no-RTC " | |
374 | #endif | |
375 | #ifdef NO_FORK | |
376 | "no-MMU " | |
377 | #endif | |
378 | #ifndef HAVE_DBUS | |
379 | "no-" | |
380 | #endif | |
381 | "DBus " | |
382 | #ifndef LOCALEDIR | |
383 | "no-" | |
384 | #endif | |
385 | "i18n " | |
386 | #if !defined(LOCALEDIR) && !defined(HAVE_IDN) | |
387 | "no-" | |
388 | #endif | |
389 | "IDN " | |
390 | #ifndef HAVE_DHCP | |
391 | "no-" | |
392 | #endif | |
393 | "DHCP " | |
394 | #if defined(HAVE_DHCP) | |
395 | # if !defined (HAVE_DHCP6) | |
396 | "no-" | |
397 | # endif | |
398 | "DHCPv6 " | |
399 | # if !defined(HAVE_SCRIPT) | |
400 | "no-scripts " | |
401 | # else | |
402 | # if !defined(HAVE_LUASCRIPT) | |
403 | "no-" | |
404 | # endif | |
405 | "Lua " | |
406 | # endif | |
407 | #endif | |
408 | #ifndef HAVE_TFTP | |
409 | "no-" | |
410 | #endif | |
411 | "TFTP " | |
412 | #ifndef HAVE_CONNTRACK | |
413 | "no-" | |
414 | #endif | |
4820dce9 | 415 | "conntrack " |
13d86c73 JD |
416 | #ifndef HAVE_IPSET |
417 | "no-" | |
418 | #endif | |
419 | "ipset " | |
4820dce9 SK |
420 | #ifndef HAVE_AUTH |
421 | "no-" | |
422 | #endif | |
0fc2f313 SK |
423 | "auth " |
424 | #ifndef HAVE_DNSSEC | |
425 | "no-" | |
426 | #endif | |
b5ea1cc2 SK |
427 | "DNSSEC " |
428 | #ifndef HAVE_LOOP | |
429 | "no-" | |
430 | #endif | |
431 | "loop-detect"; | |
0fc2f313 | 432 | |
c72daea8 | 433 | |
1f15b81d SK |
434 | #endif |
435 | ||
c72daea8 SK |
436 | |
437 |