]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnsmasq.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Extend /4 and /6 syntax to --interface-name
[people/ms/dnsmasq.git] / src / dnsmasq.c
CommitLineData
61744359 1/* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
9e4abcb5
SK		 2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
824af85b
SK		 5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
9e4abcb5
SK		 8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
824af85b 12
73a08a24
SK		 13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
9e4abcb5
SK		 15*/
16
c72daea8
SK		 17/* Declare static char *compiler_opts in config.h */
18#define DNSMASQ_COMPILE_OPTS
19
9e4abcb5
SK		 20#include "dnsmasq.h"
21
5aabfc78
SK		 22struct daemon *daemon;
23
5aabfc78
SK		 24static volatile pid_t pid = 0;
25static volatile int pipewrite;
9e4abcb5 26
5aabfc78
SK		 27static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
28static void check_dns_listeners(fd_set *set, time_t now);
3be34541 29static void sig_handler(int sig);
5aabfc78 30static void async_event(int pipe, time_t now);
c72daea8
SK		 31static void fatal_event(struct event_desc *ev, char *msg);
32static int read_event(int fd, struct event_desc *evp, char **msg);
9e4abcb5
SK		 33
34int main (int argc, char **argv)
35{
de37951c 36 int bind_fallback = 0;
9009d746 37 time_t now;
9e4abcb5 38 struct sigaction sigact;
26128d27 39 struct iname *if_tmp;
1a6bca81
SK		 40 int piperead, pipefd[2], err_pipe[2];
41 struct passwd *ent_pw = NULL;
c72daea8 42#if defined(HAVE_SCRIPT)
1a6bca81
SK		 43 uid_t script_uid = 0;
44 gid_t script_gid = 0;
7622fc06
SK		 45#endif
46 struct group *gp = NULL;
5aabfc78 47 long i, max_fd = sysconf(_SC_OPEN_MAX);
1a6bca81
SK		 48 char *baduser = NULL;
49 int log_err;
50#if defined(HAVE_LINUX_NETWORK)
51 cap_user_header_t hdr = NULL;
52 cap_user_data_t data = NULL;
3b3f4411
SK		 53 char *bound_device = NULL;
54 int did_bind = 0;
1a6bca81 55#endif
408c368f 56#if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
1f776932 57 struct dhcp_context *context;
ff7eea27 58 struct dhcp_relay *relay;
408c368f 59#endif
5aabfc78 60
824af85b 61#ifdef LOCALEDIR
b8187c80
SK		 62 setlocale(LC_ALL, "");
63 bindtextdomain("dnsmasq", LOCALEDIR);
64 textdomain("dnsmasq");
65#endif
66
9e4abcb5
SK		 67 sigact.sa_handler = sig_handler;
68 sigact.sa_flags = 0;
69 sigemptyset(&sigact.sa_mask);
70 sigaction(SIGUSR1, &sigact, NULL);
5aabfc78 71 sigaction(SIGUSR2, &sigact, NULL);
9e4abcb5
SK		 72 sigaction(SIGHUP, &sigact, NULL);
73 sigaction(SIGTERM, &sigact, NULL);
44a2a316 74 sigaction(SIGALRM, &sigact, NULL);
feba5c1d
SK		 75 sigaction(SIGCHLD, &sigact, NULL);
76
77 /* ignore SIGPIPE */
78 sigact.sa_handler = SIG_IGN;
79 sigaction(SIGPIPE, &sigact, NULL);
9e4abcb5 80
5aabfc78
SK		 81 umask(022); /* known umask, create leases and pid files as 0644 */
82
83 read_opts(argc, argv, compile_opts);
84
3be34541
SK		 85 if (daemon->edns_pktsz < PACKETSZ)
86 daemon->edns_pktsz = PACKETSZ;
0a852541
SK		 87 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
88 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
89 daemon->packet = safe_malloc(daemon->packet_buff_sz);
1a6bca81 90
c72daea8
SK		 91 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
92
4f7b304f 93
7622fc06 94#ifdef HAVE_DHCP
3be34541 95 if (!daemon->lease_file)
9e4abcb5 96 {
52b92f4d 97 if (daemon->dhcp || daemon->dhcp6)
3be34541 98 daemon->lease_file = LEASEFILE;
9e4abcb5 99 }
7622fc06 100#endif
9e4abcb5 101
a2761754
SK		 102 /* Close any file descriptors we inherited apart from std{in|out|err}
103
104 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
105 otherwise file descriptors we create can end up being 0, 1, or 2
106 and then get accidentally closed later when we make 0, 1, and 2
107 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
108 but it's not guaranteed. By opening /dev/null three times, we
109 ensure that we're not using those fds for real stuff. */
5aabfc78
SK		 110 for (i = 0; i < max_fd; i++)
111 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
112 close(i);
a2761754
SK		 113 else
114 open("/dev/null", O_RDWR);
5aabfc78 115
801ca9a7
SK		 116#ifndef HAVE_LINUX_NETWORK
117# if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
28866e95 118 if (!option_bool(OPT_NOWILD))
de37951c
SK		 119 {
120 bind_fallback = 1;
28866e95 121 set_option_bool(OPT_NOWILD);
de37951c 122 }
801ca9a7 123# endif
2b5bae9a
SK		 124
125 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
54dd393f 126 if (option_bool(OPT_CLEVERBIND))
2b5bae9a
SK		 127 {
128 bind_fallback = 1;
129 set_option_bool(OPT_NOWILD);
236e072c 130 reset_option_bool(OPT_CLEVERBIND);
2b5bae9a 131 }
309331f5 132#endif
2b5bae9a 133
832af0ba 134#ifndef HAVE_TFTP
9b40cbf5 135 if (option_bool(OPT_TFTP))
5aabfc78 136 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
832af0ba
SK		 137#endif
138
7de060b0
SK		 139#ifdef HAVE_CONNTRACK
140 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
141 die (_("Cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
142#else
143 if (option_bool(OPT_CONNTRACK))
144 die(_("Conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
145#endif
146
824af85b
SK		 147#ifdef HAVE_SOLARIS_NETWORK
148 if (daemon->max_logs != 0)
149 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
150#endif
151
572b41eb
SK		 152#ifdef __ANDROID__
153 if (daemon->max_logs != 0)
154 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
155#endif
156
4820dce9
SK		 157#ifndef HAVE_AUTH
158 if (daemon->authserver)
159 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
160#endif
161
1a6bca81
SK		 162 rand_init();
163
5aabfc78 164 now = dnsmasq_time();
4f7b304f 165
b0ff858e 166 /* Create a serial at startup if not configured. */
4f7b304f
SK		 167 if (daemon->authinterface && daemon->soa_sn == 0)
168#ifdef HAVE_BROKEN_RTC
b0ff858e 169 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
4f7b304f
SK		 170#else
171 daemon->soa_sn = now;
172#endif
5aabfc78 173
ff7eea27
SK		 174#ifdef HAVE_DHCP6
175 if (daemon->dhcp6)
176 {
177 daemon->doing_ra = option_bool(OPT_RA);
1f776932 178
ff7eea27 179 for (context = daemon->dhcp6; context; context = context->next)
1f776932 180 {
ff7eea27
SK		 181 if (context->flags & CONTEXT_DHCP)
182 daemon->doing_dhcp6 = 1;
183 if (context->flags & CONTEXT_RA)
184 daemon->doing_ra = 1;
bb86e858 185#ifndef HAVE_LINUX_NETWORK
ff7eea27
SK		 186 if (context->flags & CONTEXT_TEMPLATE)
187 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
bb86e858 188#endif
1f776932 189 }
ff7eea27
SK		 190 }
191#endif
192
193#ifdef HAVE_DHCP
194 /* Note that order matters here, we must call lease_init before
195 creating any file descriptors which shouldn't be leaked
196 to the lease-script init process. We need to call common_init
197 before lease_init to allocate buffers it uses.*/
198 if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6)
199 {
200 dhcp_common_init();
1f776932 201 if (daemon->dhcp || daemon->doing_dhcp6)
ff7eea27
SK		 202 lease_init(now);
203 }
204
205 if (daemon->dhcp || daemon->relay4)
206 dhcp_init();
207
843c96b4 208# ifdef HAVE_DHCP6
89500e31 209 if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6)
ff7eea27
SK		 210 ra_init(now);
211
212 if (daemon->doing_dhcp6 || daemon->relay6)
213 dhcp6_init();
801ca9a7
SK		 214# endif
215
216#endif
217
13d86c73
JD		 218#ifdef HAVE_IPSET
219 if (daemon->ipsets)
220 ipset_init();
221#endif
222
801ca9a7 223#ifdef HAVE_LINUX_NETWORK
801ca9a7 224 netlink_init();
8445f5d2 225
54dd393f
SK		 226 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
227 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
801ca9a7
SK		 228#endif
229
115ac3e4 230 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
5aabfc78 231 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
843c96b4 232
54dd393f 233 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
de37951c 234 {
74c95c25 235 create_bound_listeners(1);
54dd393f
SK		 236
237 if (!option_bool(OPT_CLEVERBIND))
238 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
239 if (if_tmp->name && !if_tmp->used)
240 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
9380ba70
SK		 241
242#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
243 /* after enumerate_interfaces() */
3b3f4411
SK		 244 bound_device = whichdevice();
245
10ae7b50 246 if (daemon->dhcp)
9380ba70 247 {
3b3f4411
SK		 248 if (!daemon->relay4 && bound_device)
249 {
250 bindtodevice(bound_device, daemon->dhcpfd);
251 did_bind = 1;
252 }
253 if (daemon->enable_pxe && bound_device)
254 {
255 bindtodevice(bound_device, daemon->pxefd);
256 did_bind = 1;
257 }
9380ba70
SK		 258 }
259#endif
260
261#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
3b3f4411
SK		 262 if (daemon->doing_dhcp6 && !daemon->relay6 && bound_device)
263 {
264 bindtodevice(bound_device, daemon->dhcp6fd);
265 did_bind = 1;
266 }
9380ba70 267#endif
de37951c 268 }
28866e95 269 else
74c95c25 270 create_wildcard_listeners();
5d162f20
SK		 271
272#ifdef HAVE_DHCP6
273 /* after enumerate_interfaces() */
ff7eea27 274 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
5d162f20 275 join_multicast(1);
3511a928
SK		 276
277 /* After netlink_init() and before create_helper() */
278 lease_make_duid(now);
5d162f20 279#endif
de37951c 280
824af85b
SK		 281 if (daemon->port != 0)
282 cache_init();
1a6bca81 283
28866e95 284 if (option_bool(OPT_DBUS))
3d8df260
SK		 285#ifdef HAVE_DBUS
286 {
287 char *err;
288 daemon->dbus = NULL;
289 daemon->watches = NULL;
5aabfc78
SK		 290 if ((err = dbus_init()))
291 die(_("DBus error: %s"), err, EC_MISC);
3d8df260
SK		 292 }
293#else
5aabfc78 294 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
3d8df260
SK		 295#endif
296
824af85b
SK		 297 if (daemon->port != 0)
298 pre_allocate_sfds();
1a6bca81 299
c72daea8 300#if defined(HAVE_SCRIPT)
1a6bca81 301 /* Note getpwnam returns static storage */
843c96b4
SK		 302 if ((daemon->dhcp || daemon->dhcp6) &&
303 daemon->scriptuser &&
c72daea8 304 (daemon->lease_change_command || daemon->luascript))
1a6bca81
SK		 305 {
306 if ((ent_pw = getpwnam(daemon->scriptuser)))
307 {
308 script_uid = ent_pw->pw_uid;
309 script_gid = ent_pw->pw_gid;
310 }
311 else
312 baduser = daemon->scriptuser;
313 }
7622fc06 314#endif
9e4abcb5 315
1a6bca81
SK		 316 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
317 baduser = daemon->username;
318 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
319 baduser = daemon->groupname;
320
321 if (baduser)
322 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
323
324 /* implement group defaults, "dip" if available, or group associated with uid */
325 if (!daemon->group_set && !gp)
326 {
327 if (!(gp = getgrnam(CHGRP)) && ent_pw)
328 gp = getgrgid(ent_pw->pw_gid);
329
330 /* for error message */
331 if (gp)
332 daemon->groupname = gp->gr_name;
333 }
334
335#if defined(HAVE_LINUX_NETWORK)
336 /* determine capability API version here, while we can still
337 call safe_malloc */
338 if (ent_pw && ent_pw->pw_uid != 0)
339 {
1a6bca81 340 int capsize = 1; /* for header version 1 */
3927da46
SK		 341 hdr = safe_malloc(sizeof(*hdr));
342
1a6bca81
SK		 343 /* find version supported by kernel */
344 memset(hdr, 0, sizeof(*hdr));
345 capget(hdr, NULL);
346
347 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
348 {
349 /* if unknown version, use largest supported version (3) */
350 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
351 hdr->version = LINUX_CAPABILITY_VERSION_3;
352 capsize = 2;
353 }
354
355 data = safe_malloc(sizeof(*data) * capsize);
356 memset(data, 0, sizeof(*data) * capsize);
357 }
358#endif
359
5aabfc78 360 /* Use a pipe to carry signals and other events back to the event loop
1a6bca81
SK		 361 in a race-free manner and another to carry errors to daemon-invoking process */
362 safe_pipe(pipefd, 1);
5e9e0efb
SK		 363
364 piperead = pipefd[0];
365 pipewrite = pipefd[1];
366 /* prime the pipe to load stuff first time. */
c72daea8 367 send_event(pipewrite, EVENT_RELOAD, 0, NULL);
1a6bca81
SK		 368
369 err_pipe[1] = -1;
1697269c 370
28866e95 371 if (!option_bool(OPT_DEBUG))
9e4abcb5 372 {
9e4abcb5
SK		 373 /* The following code "daemonizes" the process.
374 See Stevens section 12.4 */
1a6bca81 375
9e038946
SK		 376 if (chdir("/") != 0)
377 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
378
1697269c 379#ifndef NO_FORK
28866e95 380 if (!option_bool(OPT_NO_FORK))
3be34541 381 {
5aabfc78 382 pid_t pid;
3be34541 383
1a6bca81
SK		 384 /* pipe to carry errors back to original process.
385 When startup is complete we close this and the process terminates. */
386 safe_pipe(err_pipe, 0);
387
7622fc06
SK		 388 if ((pid = fork()) == -1)
389 /* fd == -1 since we've not forked, never returns. */
c72daea8 390 send_event(-1, EVENT_FORK_ERR, errno, NULL);
9e038946 391
5aabfc78 392 if (pid != 0)
1a6bca81
SK		 393 {
394 struct event_desc ev;
c72daea8
SK		 395 char *msg;
396
1a6bca81
SK		 397 /* close our copy of write-end */
398 close(err_pipe[1]);
399
400 /* check for errors after the fork */
c72daea8
SK		 401 if (read_event(err_pipe[0], &ev, &msg))
402 fatal_event(&ev, msg);
1a6bca81
SK		 403
404 _exit(EC_GOOD);
405 }
406
407 close(err_pipe[0]);
408
409 /* NO calls to die() from here on. */
3be34541 410
5aabfc78 411 setsid();
7622fc06
SK		 412
413 if ((pid = fork()) == -1)
c72daea8 414 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
7622fc06
SK		 415
416 if (pid != 0)
7cebd20f 417 _exit(0);
3be34541 418 }
9e4abcb5 419#endif
9e038946 420
9e4abcb5 421 /* write pidfile _after_ forking ! */
1a6bca81
SK		 422 if (daemon->runfile)
423 {
79cfefd8
SK		 424 int fd, err = 0;
425
426 sprintf(daemon->namebuff, "%d\n", (int) getpid());
427
428 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
429 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
430 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
431 extent that an attacker running as the unprivileged user could replace the pidfile with a
432 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
433
434 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
435 ensuring that the open() fails should there be any existing file (because the unlink() failed,
436 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
437 attack can succeed.
438
439 Any compromise of the non-privileged user still theoretically allows the pid-file to be
440 replaced whilst dnsmasq is running. The worst that could allow is that the usual
441 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
442
443 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
444 failure to write the pid-file.
445 */
446
447 unlink(daemon->runfile);
1a6bca81 448
79cfefd8 449 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
1a6bca81 450 {
79cfefd8
SK		 451 /* only complain if started as root */
452 if (getuid() == 0)
453 err = 1;
1a6bca81 454 }
79cfefd8
SK		 455 else
456 {
457 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
458 err = 1;
459
460 while (!err && close(fd) == -1)
461 if (!retry_send())
462 err = 1;
463 }
464
465 if (err)
1a6bca81 466 {
c72daea8 467 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
1a6bca81
SK		 468 _exit(0);
469 }
9e4abcb5 470 }
1697269c
SK		 471 }
472
8ef5ada2
SK		 473 log_err = log_start(ent_pw, err_pipe[1]);
474
28866e95 475 if (!option_bool(OPT_DEBUG))
8ef5ada2
SK		 476 {
477 /* open stdout etc to /dev/null */
478 int nullfd = open("/dev/null", O_RDWR);
479 dup2(nullfd, STDOUT_FILENO);
480 dup2(nullfd, STDERR_FILENO);
481 dup2(nullfd, STDIN_FILENO);
482 close(nullfd);
483 }
1a6bca81
SK		 484
485 /* if we are to run scripts, we need to fork a helper before dropping root. */
486 daemon->helperfd = -1;
c72daea8 487#ifdef HAVE_SCRIPT
52b92f4d 488 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
1a6bca81 489 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
5aabfc78 490#endif
5aabfc78 491
28866e95 492 if (!option_bool(OPT_DEBUG) && getuid() == 0)
1697269c 493 {
1a6bca81
SK		 494 int bad_capabilities = 0;
495 gid_t dummy;
496
497 /* remove all supplimentary groups */
498 if (gp &&
499 (setgroups(0, &dummy) == -1 ||
500 setgid(gp->gr_gid) == -1))
9e4abcb5 501 {
c72daea8 502 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
1a6bca81 503 _exit(0);
7cebd20f 504 }
1a6bca81 505
7cebd20f 506 if (ent_pw && ent_pw->pw_uid != 0)
1697269c 507 {
74c95c25 508#if defined(HAVE_LINUX_NETWORK)
1697269c 509 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
74c95c25 510 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
54dd393f
SK		 511 ports because of DAD, or we're doing it dynamically,
512 we need CAP_NET_BIND_SERVICE too. */
513 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
74c95c25
SK		 514 data->effective = data->permitted = data->inheritable =
515 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
516 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
517 else
518 data->effective = data->permitted = data->inheritable =
519 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
5e9e0efb 520
1697269c 521 /* Tell kernel to not clear capabilities when dropping root */
572b41eb 522 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
1697269c 523 bad_capabilities = errno;
1a6bca81 524
7622fc06 525#elif defined(HAVE_SOLARIS_NETWORK)
824af85b
SK		 526 /* http://developers.sun.com/solaris/articles/program_privileges.html */
527 priv_set_t *priv_set;
528
529 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
530 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
531 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
532 bad_capabilities = errno;
533
534 if (priv_set && bad_capabilities == 0)
535 {
536 priv_inverse(priv_set);
537
538 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
539 bad_capabilities = errno;
540 }
541
542 if (priv_set)
543 priv_freeset(priv_set);
544
824af85b
SK		 545#endif
546
1a6bca81 547 if (bad_capabilities != 0)
1697269c 548 {
c72daea8 549 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
1a6bca81
SK		 550 _exit(0);
551 }
552
553 /* finally drop root */
554 if (setuid(ent_pw->pw_uid) == -1)
555 {
c72daea8 556 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
1a6bca81
SK		 557 _exit(0);
558 }
559
1697269c 560#ifdef HAVE_LINUX_NETWORK
54dd393f 561 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
74c95c25
SK		 562 data->effective = data->permitted =
563 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
564 else
565 data->effective = data->permitted =
566 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
1a6bca81
SK		 567 data->inheritable = 0;
568
569 /* lose the setuid and setgid capbilities */
570 if (capset(hdr, data) == -1)
571 {
c72daea8 572 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
1a6bca81 573 _exit(0);
1697269c 574 }
1a6bca81
SK		 575#endif
576
9e4abcb5
SK		 577 }
578 }
1697269c 579
1697269c 580#ifdef HAVE_LINUX_NETWORK
28866e95 581 if (option_bool(OPT_DEBUG))
572b41eb 582 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
1697269c 583#endif
9e4abcb5 584
8b3ae2fd 585#ifdef HAVE_TFTP
8bc4cece 586 if (option_bool(OPT_TFTP))
8b3ae2fd
SK		 587 {
588 DIR *dir;
589 struct tftp_prefix *p;
590
591 if (daemon->tftp_prefix)
592 {
593 if (!((dir = opendir(daemon->tftp_prefix))))
594 {
595 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
596 _exit(0);
597 }
598 closedir(dir);
599 }
600
601 for (p = daemon->if_prefix; p; p = p->next)
602 {
603 if (!((dir = opendir(p->prefix))))
604 {
605 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
606 _exit(0);
607 }
608 closedir(dir);
609 }
610 }
611#endif
612
824af85b
SK		 613 if (daemon->port == 0)
614 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
615 else if (daemon->cachesize != 0)
f2621c7f 616 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
9e4abcb5 617 else
f2621c7f 618 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
1697269c 619
f2621c7f 620 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
1697269c 621
3d8df260 622#ifdef HAVE_DBUS
28866e95 623 if (option_bool(OPT_DBUS))
3d8df260
SK		 624 {
625 if (daemon->dbus)
f2621c7f 626 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
3d8df260 627 else
f2621c7f 628 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
3d8df260
SK		 629 }
630#endif
631
1a6bca81
SK		 632 if (log_err != 0)
633 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
634 daemon->log_file, strerror(log_err));
635
de37951c 636 if (bind_fallback)
f2621c7f 637 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
dc27e148 638
f7029f5c
SK		 639 if (option_bool(OPT_NOWILD))
640 warn_bound_listeners();
641
642 warn_int_names();
de37951c 643
28866e95 644 if (!option_bool(OPT_NOWILD))
26128d27
SK		 645 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
646 if (if_tmp->name && !if_tmp->used)
f2621c7f 647 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
5e9e0efb 648
28866e95 649 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
208b65c5
SK		 650 {
651 if (daemon->resolv_files && !daemon->resolv_files->is_default)
f2621c7f 652 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
208b65c5 653 daemon->resolv_files = NULL;
1b7ecd11 654 if (!daemon->servers)
f2621c7f 655 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
208b65c5
SK		 656 }
657
f2621c7f
SK		 658 if (daemon->max_logs != 0)
659 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
1f776932 660
f2621c7f 661
7622fc06 662#ifdef HAVE_DHCP
1f776932
SK		 663 for (context = daemon->dhcp; context; context = context->next)
664 log_context(AF_INET, context);
52b92f4d 665
ff7eea27
SK		 666 for (relay = daemon->relay4; relay; relay = relay->next)
667 log_relay(AF_INET, relay);
668
1f776932
SK		 669# ifdef HAVE_DHCP6
670 for (context = daemon->dhcp6; context; context = context->next)
671 log_context(AF_INET6, context);
672
ff7eea27
SK		 673 for (relay = daemon->relay6; relay; relay = relay->next)
674 log_relay(AF_INET6, relay);
675
1f776932
SK		 676 if (daemon->doing_dhcp6 || daemon->doing_ra)
677 dhcp_construct_contexts(now);
678
679 if (option_bool(OPT_RA))
680 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
681# endif
26128d27 682
3b3f4411
SK		 683# ifdef HAVE_LINUX_NETWORK
684 if (did_bind)
685 my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device);
686# endif
687
8445f5d2
SK		 688 /* after dhcp_contruct_contexts */
689 if (daemon->dhcp || daemon->doing_dhcp6)
690 lease_find_interfaces(now);
1f776932 691#endif
52b92f4d 692
832af0ba 693#ifdef HAVE_TFTP
8bc4cece 694 if (option_bool(OPT_TFTP))
832af0ba 695 {
832af0ba 696#ifdef FD_SETSIZE
5aabfc78 697 if (FD_SETSIZE < (unsigned)max_fd)
832af0ba
SK		 698 max_fd = FD_SETSIZE;
699#endif
700
7622fc06 701 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
f2621c7f
SK		 702 daemon->tftp_prefix ? _("root is ") : _("enabled"),
703 daemon->tftp_prefix ? daemon->tftp_prefix: "",
28866e95 704 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
f2621c7f 705
832af0ba 706 /* This is a guess, it assumes that for small limits,
f2621c7f 707 disjoint files might be served, but for large limits,
832af0ba
SK		 708 a single file will be sent to may clients (the file only needs
709 one fd). */
710
711 max_fd -= 30; /* use other than TFTP */
712
713 if (max_fd < 0)
714 max_fd = 5;
715 else if (max_fd < 100)
716 max_fd = max_fd/2;
717 else
718 max_fd = max_fd - 20;
824af85b
SK		 719
720 /* if we have to use a limited range of ports,
721 that will limit the number of transfers */
722 if (daemon->start_tftp_port != 0 &&
723 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
724 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
832af0ba
SK		 725
726 if (daemon->tftp_max > max_fd)
727 {
728 daemon->tftp_max = max_fd;
7622fc06 729 my_syslog(MS_TFTP | LOG_WARNING,
f2621c7f
SK		 730 _("restricting maximum simultaneous TFTP transfers to %d"),
731 daemon->tftp_max);
832af0ba
SK		 732 }
733 }
734#endif
735
1a6bca81
SK		 736 /* finished start-up - release original process */
737 if (err_pipe[1] != -1)
738 close(err_pipe[1]);
9e4abcb5 739
824af85b
SK		 740 if (daemon->port != 0)
741 check_servers();
742
7cebd20f
SK		 743 pid = getpid();
744
5e9e0efb 745 while (1)
9e4abcb5 746 {
1697269c 747 int maxfd = -1;
5e9e0efb 748 struct timeval t, *tp = NULL;
3d8df260 749 fd_set rset, wset, eset;
9e4abcb5
SK		 750
751 FD_ZERO(&rset);
3d8df260
SK		 752 FD_ZERO(&wset);
753 FD_ZERO(&eset);
9e4abcb5 754
1697269c
SK		 755 /* if we are out of resources, find how long we have to wait
756 for some to come free, we'll loop around then and restart
757 listening for queries */
5aabfc78 758 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
1697269c
SK		 759 {
760 t.tv_usec = 0;
761 tp = &t;
762 }
763
832af0ba
SK		 764 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
765 if (daemon->tftp_trans ||
28866e95 766 (option_bool(OPT_DBUS) && !daemon->dbus))
5e9e0efb 767 {
1697269c
SK		 768 t.tv_sec = 0;
769 t.tv_usec = 250000;
5e9e0efb 770 tp = &t;
5e9e0efb 771 }
74c95c25
SK		 772 /* Wake every second whilst waiting for DAD to complete */
773 else if (is_dad_listeners())
774 {
775 t.tv_sec = 1;
776 t.tv_usec = 0;
777 tp = &t;
778 }
44a2a316 779
832af0ba 780#ifdef HAVE_DBUS
5aabfc78 781 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
5e9e0efb
SK		 782#endif
783
7622fc06 784#ifdef HAVE_DHCP
ff7eea27 785 if (daemon->dhcp || daemon->relay4)
5e9e0efb
SK		 786 {
787 FD_SET(daemon->dhcpfd, &rset);
1697269c 788 bump_maxfd(daemon->dhcpfd, &maxfd);
316e2730
SK		 789 if (daemon->pxefd != -1)
790 {
791 FD_SET(daemon->pxefd, &rset);
792 bump_maxfd(daemon->pxefd, &maxfd);
793 }
5e9e0efb 794 }
7622fc06 795#endif
cdeda28f 796
52b92f4d 797#ifdef HAVE_DHCP6
ff7eea27 798 if (daemon->doing_dhcp6 || daemon->relay6)
52b92f4d
SK		 799 {
800 FD_SET(daemon->dhcp6fd, &rset);
c5ad4e79 801 bump_maxfd(daemon->dhcp6fd, &maxfd);
5d71d834
SK		 802 }
803
1f776932 804 if (daemon->doing_ra)
5d71d834
SK		 805 {
806 FD_SET(daemon->icmp6fd, &rset);
807 bump_maxfd(daemon->icmp6fd, &maxfd);
52b92f4d
SK		 808 }
809#endif
810
5e9e0efb
SK		 811#ifdef HAVE_LINUX_NETWORK
812 FD_SET(daemon->netlinkfd, &rset);
1697269c 813 bump_maxfd(daemon->netlinkfd, &maxfd);
3d8df260 814#endif
3d8df260 815
5e9e0efb 816 FD_SET(piperead, &rset);
1697269c
SK		 817 bump_maxfd(piperead, &maxfd);
818
7622fc06 819#ifdef HAVE_DHCP
1f15b81d 820# ifdef HAVE_SCRIPT
5aabfc78 821 while (helper_buf_empty() && do_script_run(now));
1697269c 822
a9530964
SK		 823# ifdef HAVE_TFTP
824 while (helper_buf_empty() && do_tftp_script_run());
825# endif
826
1697269c
SK		 827 if (!helper_buf_empty())
828 {
829 FD_SET(daemon->helperfd, &wset);
830 bump_maxfd(daemon->helperfd, &maxfd);
831 }
7622fc06 832# else
5aabfc78
SK		 833 /* need this for other side-effects */
834 while (do_script_run(now));
a9530964
SK		 835
836# ifdef HAVE_TFTP
837 while (do_tftp_script_run());
838# endif
839
7622fc06 840# endif
5aabfc78 841#endif
7622fc06 842
f2621c7f
SK		 843 /* must do this just before select(), when we know no
844 more calls to my_syslog() can occur */
845 set_log_writer(&wset, &maxfd);
846
5e9e0efb
SK		 847 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
848 {
849 /* otherwise undefined after error */
850 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
851 }
852
853 now = dnsmasq_time();
9e4abcb5 854
f2621c7f 855 check_log_writer(&wset);
115ac3e4
SK		 856
857 /* prime. */
858 enumerate_interfaces(1);
859
74c95c25
SK		 860 /* Check the interfaces to see if any have exited DAD state
861 and if so, bind the address. */
862 if (is_dad_listeners())
863 {
115ac3e4 864 enumerate_interfaces(0);
74c95c25
SK		 865 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
866 create_bound_listeners(0);
dc27e148 867 warn_bound_listeners();
74c95c25 868 }
f2621c7f 869
c52e1897
SK		 870#ifdef HAVE_LINUX_NETWORK
871 if (FD_ISSET(daemon->netlinkfd, &rset))
1f776932 872 netlink_multicast(now);
c52e1897
SK		 873#endif
874
9e4abcb5 875 /* Check for changes to resolv files once per second max. */
3d8df260 876 /* Don't go silent for long periods if the clock goes backwards. */
9009d746
SK		 877 if (daemon->last_resolv == 0 ||
878 difftime(now, daemon->last_resolv) > 1.0 ||
879 difftime(now, daemon->last_resolv) < -1.0)
9e4abcb5 880 {
8ef5ada2
SK		 881 /* poll_resolv doesn't need to reload first time through, since
882 that's queued anyway. */
33820b7e 883
8ef5ada2
SK		 884 poll_resolv(0, daemon->last_resolv != 0, now);
885 daemon->last_resolv = now;
9e4abcb5 886 }
5aabfc78 887
5e9e0efb 888 if (FD_ISSET(piperead, &rset))
5aabfc78 889 async_event(piperead, now);
7cebd20f 890
3d8df260
SK		 891#ifdef HAVE_DBUS
892 /* if we didn't create a DBus connection, retry now. */
28866e95 893 if (option_bool(OPT_DBUS) && !daemon->dbus)
3d8df260
SK		 894 {
895 char *err;
5aabfc78 896 if ((err = dbus_init()))
f2621c7f 897 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
3d8df260 898 if (daemon->dbus)
f2621c7f 899 my_syslog(LOG_INFO, _("connected to system DBus"));
3d8df260 900 }
5aabfc78 901 check_dbus_listeners(&rset, &wset, &eset);
3d8df260 902#endif
824af85b 903
5aabfc78 904 check_dns_listeners(&rset, now);
832af0ba
SK		 905
906#ifdef HAVE_TFTP
5aabfc78 907 check_tftp_listeners(&rset, now);
832af0ba
SK		 908#endif
909
7622fc06 910#ifdef HAVE_DHCP
ff7eea27 911 if (daemon->dhcp || daemon->relay4)
316e2730
SK		 912 {
913 if (FD_ISSET(daemon->dhcpfd, &rset))
914 dhcp_packet(now, 0);
915 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
916 dhcp_packet(now, 1);
917 }
1697269c 918
52b92f4d 919#ifdef HAVE_DHCP6
ff7eea27 920 if ((daemon->doing_dhcp6 || daemon->relay6) && FD_ISSET(daemon->dhcp6fd, &rset))
18c63eff 921 dhcp6_packet(now);
c5ad4e79 922
1f776932
SK		 923 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
924 icmp6_packet(now);
52b92f4d
SK		 925#endif
926
1f15b81d 927# ifdef HAVE_SCRIPT
1697269c 928 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
5aabfc78 929 helper_write();
7622fc06 930# endif
5aabfc78
SK		 931#endif
932
9e4abcb5 933 }
9e4abcb5
SK		 934}
935
3be34541
SK		 936static void sig_handler(int sig)
937{
5e9e0efb 938 if (pid == 0)
3be34541 939 {
1697269c
SK		 940 /* ignore anything other than TERM during startup
941 and in helper proc. (helper ignore TERM too) */
5e9e0efb 942 if (sig == SIGTERM)
5aabfc78 943 exit(EC_MISC);
3be34541 944 }
5aabfc78 945 else if (pid != getpid())
5e9e0efb 946 {
1697269c 947 /* alarm is used to kill TCP children after a fixed time. */
5e9e0efb 948 if (sig == SIGALRM)
7cebd20f 949 _exit(0);
3be34541 950 }
5aabfc78
SK		 951 else
952 {
953 /* master process */
954 int event, errsave = errno;
955
956 if (sig == SIGHUP)
957 event = EVENT_RELOAD;
958 else if (sig == SIGCHLD)
959 event = EVENT_CHILD;
960 else if (sig == SIGALRM)
961 event = EVENT_ALARM;
962 else if (sig == SIGTERM)
963 event = EVENT_TERM;
964 else if (sig == SIGUSR1)
965 event = EVENT_DUMP;
966 else if (sig == SIGUSR2)
967 event = EVENT_REOPEN;
968 else
969 return;
970
c72daea8 971 send_event(pipewrite, event, 0, NULL);
5aabfc78
SK		 972 errno = errsave;
973 }
974}
975
353ae4d2
SK		 976/* now == 0 -> queue immediate callback */
977void send_alarm(time_t event, time_t now)
741c2952 978{
884a6dfe 979 if (now == 0 || event != 0)
353ae4d2 980 {
884a6dfe
SK		 981 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
982 if ((now == 0 || difftime(event, now) <= 0.0))
983 send_event(pipewrite, EVENT_ALARM, 0, NULL);
984 else
985 alarm((unsigned)difftime(event, now));
353ae4d2 986 }
741c2952
SK		 987}
988
c72daea8 989void send_event(int fd, int event, int data, char *msg)
5aabfc78
SK		 990{
991 struct event_desc ev;
c72daea8
SK		 992 struct iovec iov[2];
993
5aabfc78
SK		 994 ev.event = event;
995 ev.data = data;
c72daea8
SK		 996 ev.msg_sz = msg ? strlen(msg) : 0;
997
998 iov[0].iov_base = &ev;
999 iov[0].iov_len = sizeof(ev);
1000 iov[1].iov_base = msg;
1001 iov[1].iov_len = ev.msg_sz;
1a6bca81
SK		 1002
1003 /* error pipe, debug mode. */
1004 if (fd == -1)
c72daea8 1005 fatal_event(&ev, msg);
1a6bca81
SK		 1006 else
1007 /* pipe is non-blocking and struct event_desc is smaller than
1008 PIPE_BUF, so this either fails or writes everything */
c72daea8 1009 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
5aabfc78
SK		 1010}
1011
c72daea8
SK		 1012/* NOTE: the memory used to return msg is leaked: use msgs in events only
1013 to describe fatal errors. */
1014static int read_event(int fd, struct event_desc *evp, char **msg)
1015{
1016 char *buf;
1017
1018 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1019 return 0;
1020
1021 *msg = NULL;
1022
1023 if (evp->msg_sz != 0 &&
1024 (buf = malloc(evp->msg_sz + 1)) &&
1025 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1026 {
1027 buf[evp->msg_sz] = 0;
1028 *msg = buf;
1029 }
1030
1031 return 1;
1032}
1033
1034static void fatal_event(struct event_desc *ev, char *msg)
1a6bca81
SK		 1035{
1036 errno = ev->data;
1037
1038 switch (ev->event)
1039 {
1040 case EVENT_DIE:
1041 exit(0);
7622fc06
SK		 1042
1043 case EVENT_FORK_ERR:
1044 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1a6bca81
SK		 1045
1046 case EVENT_PIPE_ERR:
1047 die(_("failed to create helper: %s"), NULL, EC_MISC);
1048
1049 case EVENT_CAP_ERR:
1050 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1051
1052 case EVENT_USER_ERR:
c72daea8 1053 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1a6bca81
SK		 1054
1055 case EVENT_GROUP_ERR:
c72daea8 1056 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1a6bca81
SK		 1057
1058 case EVENT_PIDFILE:
c72daea8 1059 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1a6bca81
SK		 1060
1061 case EVENT_LOG_ERR:
c72daea8
SK		 1062 die(_("cannot open log %s: %s"), msg, EC_FILE);
1063
1064 case EVENT_LUA_ERR:
1065 die(_("failed to load Lua script: %s"), msg, EC_MISC);
8b3ae2fd
SK		 1066
1067 case EVENT_TFTP_ERR:
1068 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1a6bca81
SK		 1069 }
1070}
1071
5aabfc78
SK		 1072static void async_event(int pipe, time_t now)
1073{
1074 pid_t p;
1075 struct event_desc ev;
1076 int i;
c72daea8
SK		 1077 char *msg;
1078
1079 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1080 to describe fatal errors. */
1081
1082 if (read_event(pipe, &ev, &msg))
5aabfc78
SK		 1083 switch (ev.event)
1084 {
1085 case EVENT_RELOAD:
1086 clear_cache_and_reload(now);
28866e95 1087 if (daemon->port != 0 && daemon->resolv_files && option_bool(OPT_NO_POLL))
5aabfc78
SK		 1088 {
1089 reload_servers(daemon->resolv_files->name);
1090 check_servers();
1091 }
7622fc06 1092#ifdef HAVE_DHCP
5aabfc78 1093 rerun_scripts();
7622fc06 1094#endif
5aabfc78
SK		 1095 break;
1096
1097 case EVENT_DUMP:
824af85b
SK		 1098 if (daemon->port != 0)
1099 dump_cache(now);
5aabfc78
SK		 1100 break;
1101
1102 case EVENT_ALARM:
7622fc06 1103#ifdef HAVE_DHCP
1f776932 1104 if (daemon->dhcp || daemon->doing_dhcp6)
5aabfc78
SK		 1105 {
1106 lease_prune(NULL, now);
1107 lease_update_file(now);
1108 }
843c96b4 1109#ifdef HAVE_DHCP6
1f776932 1110 else if (daemon->doing_ra)
353ae4d2
SK		 1111 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1112 send_alarm(periodic_ra(now), now);
843c96b4 1113#endif
7622fc06 1114#endif
5aabfc78
SK		 1115 break;
1116
1117 case EVENT_CHILD:
1118 /* See Stevens 5.10 */
1119 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1120 if (p == -1)
1121 {
1122 if (errno != EINTR)
1123 break;
1124 }
1125 else
1126 for (i = 0 ; i < MAX_PROCS; i++)
1127 if (daemon->tcp_pids[i] == p)
1128 daemon->tcp_pids[i] = 0;
1129 break;
1130
1131 case EVENT_KILLED:
c72daea8 1132 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
5aabfc78
SK		 1133 break;
1134
1135 case EVENT_EXITED:
c72daea8 1136 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
5aabfc78
SK		 1137 break;
1138
1139 case EVENT_EXEC_ERR:
9e038946
SK		 1140 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1141 daemon->lease_change_command, strerror(ev.data));
5aabfc78
SK		 1142 break;
1143
1a6bca81 1144 /* necessary for fatal errors in helper */
c72daea8 1145 case EVENT_USER_ERR:
1a6bca81 1146 case EVENT_DIE:
c72daea8
SK		 1147 case EVENT_LUA_ERR:
1148 fatal_event(&ev, msg);
9e038946
SK		 1149 break;
1150
5aabfc78
SK		 1151 case EVENT_REOPEN:
1152 /* Note: this may leave TCP-handling processes with the old file still open.
1153 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1154 we leave them logging to the old file. */
1155 if (daemon->log_file != NULL)
1156 log_reopen(daemon->log_file);
1157 break;
1158
1159 case EVENT_TERM:
1160 /* Knock all our children on the head. */
1161 for (i = 0; i < MAX_PROCS; i++)
1162 if (daemon->tcp_pids[i] != 0)
1163 kill(daemon->tcp_pids[i], SIGALRM);
1164
c72daea8 1165#if defined(HAVE_SCRIPT)
5aabfc78
SK		 1166 /* handle pending lease transitions */
1167 if (daemon->helperfd != -1)
1168 {
1169 /* block in writes until all done */
1170 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1171 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1172 do {
1173 helper_write();
1174 } while (!helper_buf_empty() || do_script_run(now));
1175 close(daemon->helperfd);
1176 }
1177#endif
1178
1179 if (daemon->lease_stream)
1180 fclose(daemon->lease_stream);
73a08a24
SK		 1181
1182 if (daemon->runfile)
1183 unlink(daemon->runfile);
5aabfc78
SK		 1184
1185 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1186 flush_log();
1187 exit(EC_GOOD);
1188 }
3be34541
SK		 1189}
1190
8ef5ada2 1191void poll_resolv(int force, int do_reload, time_t now)
5aabfc78
SK		 1192{
1193 struct resolvc *res, *latest;
1194 struct stat statbuf;
1195 time_t last_change = 0;
1196 /* There may be more than one possible file.
1197 Go through and find the one which changed _last_.
1198 Warn of any which can't be read. */
8ef5ada2 1199
28866e95 1200 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
8ef5ada2
SK		 1201 return;
1202
5aabfc78
SK		 1203 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1204 if (stat(res->name, &statbuf) == -1)
1205 {
8ef5ada2
SK		 1206 if (force)
1207 {
1208 res->mtime = 0;
1209 continue;
1210 }
1211
5aabfc78
SK		 1212 if (!res->logged)
1213 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1214 res->logged = 1;
8ef5ada2
SK		 1215
1216 if (res->mtime != 0)
1217 {
1218 /* existing file evaporated, force selection of the latest
1219 file even if its mtime hasn't changed since we last looked */
1220 poll_resolv(1, do_reload, now);
1221 return;
1222 }
5aabfc78
SK		 1223 }
1224 else
1225 {
1226 res->logged = 0;
8ef5ada2
SK		 1227 if (force || (statbuf.st_mtime != res->mtime))
1228 {
1229 res->mtime = statbuf.st_mtime;
5aabfc78
SK		 1230 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1231 {
1232 last_change = statbuf.st_mtime;
1233 latest = res;
1234 }
1235 }
1236 }
1237
1238 if (latest)
1239 {
1240 static int warned = 0;
1241 if (reload_servers(latest->name))
1242 {
1243 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1244 warned = 0;
1245 check_servers();
28866e95 1246 if (option_bool(OPT_RELOAD) && do_reload)
8ef5ada2 1247 clear_cache_and_reload(now);
5aabfc78
SK		 1248 }
1249 else
1250 {
1251 latest->mtime = 0;
1252 if (!warned)
1253 {
1254 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1255 warned = 1;
1256 }
1257 }
1258 }
1259}
3d8df260 1260
5aabfc78 1261void clear_cache_and_reload(time_t now)
3d8df260 1262{
408c368f
VG		 1263 (void)now;
1264
824af85b 1265 if (daemon->port != 0)
7622fc06 1266 cache_reload();
824af85b 1267
7622fc06 1268#ifdef HAVE_DHCP
1f776932 1269 if (daemon->dhcp || daemon->doing_dhcp6)
3d8df260 1270 {
28866e95 1271 if (option_bool(OPT_ETHERS))
5aabfc78 1272 dhcp_read_ethers();
824af85b 1273 reread_dhcp();
3d8df260 1274 dhcp_update_configs(daemon->dhcp_conf);
5aabfc78
SK		 1275 lease_update_from_configs();
1276 lease_update_file(now);
353ae4d2 1277 lease_update_dns(1);
3d8df260 1278 }
843c96b4 1279#ifdef HAVE_DHCP6
1f776932 1280 else if (daemon->doing_ra)
2021c662
SK		 1281 /* Not doing DHCP, so no lease system, manage
1282 alarms for ra only */
1283 send_alarm(periodic_ra(now), now);
843c96b4 1284#endif
7622fc06 1285#endif
3d8df260
SK		 1286}
1287
5aabfc78 1288static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
3be34541
SK		 1289{
1290 struct serverfd *serverfdp;
1291 struct listener *listener;
824af85b 1292 int wait = 0, i;
832af0ba
SK		 1293
1294#ifdef HAVE_TFTP
1295 int tftp = 0;
1296 struct tftp_transfer *transfer;
1297 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1298 {
1299 tftp++;
1300 FD_SET(transfer->sockfd, set);
1301 bump_maxfd(transfer->sockfd, maxfdp);
1302 }
1303#endif
1304
1697269c 1305 /* will we be able to get memory? */
824af85b
SK		 1306 if (daemon->port != 0)
1307 get_new_frec(now, &wait);
1697269c 1308
3be34541
SK		 1309 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1310 {
1311 FD_SET(serverfdp->fd, set);
1697269c 1312 bump_maxfd(serverfdp->fd, maxfdp);
3be34541 1313 }
1a6bca81
SK		 1314
1315 if (daemon->port != 0 && !daemon->osport)
1316 for (i = 0; i < RANDOM_SOCKS; i++)
1317 if (daemon->randomsocks[i].refcount != 0)
1318 {
1319 FD_SET(daemon->randomsocks[i].fd, set);
1320 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1321 }
1322
3be34541
SK		 1323 for (listener = daemon->listeners; listener; listener = listener->next)
1324 {
1697269c 1325 /* only listen for queries if we have resources */
824af85b 1326 if (listener->fd != -1 && wait == 0)
1697269c
SK		 1327 {
1328 FD_SET(listener->fd, set);
1329 bump_maxfd(listener->fd, maxfdp);
1330 }
1331
1332 /* death of a child goes through the select loop, so
1333 we don't need to explicitly arrange to wake up here */
824af85b
SK		 1334 if (listener->tcpfd != -1)
1335 for (i = 0; i < MAX_PROCS; i++)
1336 if (daemon->tcp_pids[i] == 0)
1337 {
1338 FD_SET(listener->tcpfd, set);
1339 bump_maxfd(listener->tcpfd, maxfdp);
1340 break;
1341 }
9e4abcb5 1342
832af0ba
SK		 1343#ifdef HAVE_TFTP
1344 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1345 {
1346 FD_SET(listener->tftpfd, set);
1347 bump_maxfd(listener->tftpfd, maxfdp);
1348 }
1349#endif
1350
1351 }
1352
1697269c 1353 return wait;
3be34541 1354}
9e4abcb5 1355
5aabfc78 1356static void check_dns_listeners(fd_set *set, time_t now)
3be34541
SK		 1357{
1358 struct serverfd *serverfdp;
1a6bca81
SK		 1359 struct listener *listener;
1360 int i;
1361
832af0ba
SK		 1362 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1363 if (FD_ISSET(serverfdp->fd, set))
1a6bca81
SK		 1364 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1365
1366 if (daemon->port != 0 && !daemon->osport)
1367 for (i = 0; i < RANDOM_SOCKS; i++)
1368 if (daemon->randomsocks[i].refcount != 0 &&
1369 FD_ISSET(daemon->randomsocks[i].fd, set))
1370 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
832af0ba
SK		 1371
1372 for (listener = daemon->listeners; listener; listener = listener->next)
1373 {
824af85b 1374 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
5aabfc78 1375 receive_query(listener, now);
1a6bca81 1376
832af0ba
SK		 1377#ifdef HAVE_TFTP
1378 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
5aabfc78 1379 tftp_request(listener, now);
832af0ba 1380#endif
3be34541 1381
824af85b 1382 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
832af0ba 1383 {
22ce550e 1384 int confd, client_ok = 1;
832af0ba
SK		 1385 struct irec *iface = NULL;
1386 pid_t p;
52d4abf2
SK		 1387 union mysockaddr tcp_addr;
1388 socklen_t tcp_len = sizeof(union mysockaddr);
1389
1390 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
832af0ba 1391
46b06656 1392 if (confd == -1)
832af0ba 1393 continue;
76dd75de 1394
46b06656
SK		 1395 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1396 {
1397 close(confd);
1398 continue;
1399 }
76dd75de
SK		 1400
1401 /* Make sure that the interface list is up-to-date.
1402
1403 We do this here as we may need the results below, and
1404 the DNS code needs them for --interface-name stuff.
1405
1406 Multiple calls to enumerate_interfaces() per select loop are
1407 inhibited, so calls to it in the child process (which doesn't select())
1408 have no effect. This avoids two processes reading from the same
1409 netlink fd and screwing the pooch entirely.
1410 */
e25db1f2 1411
76dd75de
SK		 1412 enumerate_interfaces(0);
1413
1414 if (option_bool(OPT_NOWILD))
1415 iface = listener->iface; /* May be NULL */
1416 else
1417 {
1418 int if_index;
1419 char intr_name[IF_NAMESIZE];
1420
1421 /* if we can find the arrival interface, check it's one that's allowed */
1422 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1423 indextoname(listener->tcpfd, if_index, intr_name))
1424 {
1425 struct all_addr addr;
1426 addr.addr.addr4 = tcp_addr.in.sin_addr;
e25db1f2 1427#ifdef HAVE_IPV6
76dd75de
SK		 1428 if (tcp_addr.sa.sa_family == AF_INET6)
1429 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
e25db1f2 1430#endif
76dd75de
SK		 1431
1432 for (iface = daemon->interfaces; iface; iface = iface->next)
1433 if (iface->index == if_index)
1434 break;
1435
1436 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1437 client_ok = 0;
1438 }
1439
1440 if (option_bool(OPT_CLEVERBIND))
1441 iface = listener->iface; /* May be NULL */
1442 else
1443 {
1444 /* Check for allowed interfaces when binding the wildcard address:
1445 we do this by looking for an interface with the same address as
1446 the local address of the TCP connection, then looking to see if that's
1447 an allowed interface. As a side effect, we get the netmask of the
1448 interface too, for localisation. */
1449
1450 for (iface = daemon->interfaces; iface; iface = iface->next)
1451 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1452 break;
1453
1454 if (!iface)
1455 client_ok = 0;
1456 }
1457 }
1458
22ce550e 1459 if (!client_ok)
832af0ba
SK		 1460 {
1461 shutdown(confd, SHUT_RDWR);
1462 close(confd);
1463 }
59353a6b 1464#ifndef NO_FORK
28866e95 1465 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
832af0ba
SK		 1466 {
1467 if (p != -1)
1468 {
1469 int i;
1470 for (i = 0; i < MAX_PROCS; i++)
1471 if (daemon->tcp_pids[i] == 0)
1472 {
1473 daemon->tcp_pids[i] = p;
1474 break;
1475 }
1476 }
1477 close(confd);
1478 }
1479#endif
1480 else
1481 {
1482 unsigned char *buff;
1483 struct server *s;
1484 int flags;
52d4abf2 1485 struct in_addr netmask;
4f7b304f 1486 int auth_dns;
52d4abf2
SK		 1487
1488 if (iface)
4f7b304f
SK		 1489 {
1490 netmask = iface->netmask;
1491 auth_dns = iface->dns_auth;
1492 }
52d4abf2 1493 else
4f7b304f
SK		 1494 {
1495 netmask.s_addr = 0;
1496 auth_dns = 0;
1497 }
52d4abf2 1498
8ef5ada2
SK		 1499#ifndef NO_FORK
1500 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1501 terminate the process. */
28866e95 1502 if (!option_bool(OPT_DEBUG))
832af0ba 1503 alarm(CHILD_LIFETIME);
8ef5ada2
SK		 1504#endif
1505
832af0ba
SK		 1506 /* start with no upstream connections. */
1507 for (s = daemon->servers; s; s = s->next)
7cebd20f 1508 s->tcpfd = -1;
832af0ba
SK		 1509
1510 /* The connected socket inherits non-blocking
1511 attribute from the listening socket.
1512 Reset that here. */
1513 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1514 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1515
4f7b304f 1516 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
7cebd20f 1517
832af0ba
SK		 1518 shutdown(confd, SHUT_RDWR);
1519 close(confd);
1520
1521 if (buff)
1522 free(buff);
1523
1524 for (s = daemon->servers; s; s = s->next)
1525 if (s->tcpfd != -1)
1526 {
1527 shutdown(s->tcpfd, SHUT_RDWR);
1528 close(s->tcpfd);
1529 }
7cebd20f 1530#ifndef NO_FORK
28866e95 1531 if (!option_bool(OPT_DEBUG))
5aabfc78
SK		 1532 {
1533 flush_log();
1534 _exit(0);
1535 }
59353a6b 1536#endif
832af0ba
SK		 1537 }
1538 }
1539 }
3be34541
SK		 1540}
1541
7622fc06 1542#ifdef HAVE_DHCP
5e9e0efb
SK		 1543int make_icmp_sock(void)
1544{
7cebd20f 1545 int fd;
5e9e0efb
SK		 1546 int zeroopt = 0;
1547
1548 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1549 {
7cebd20f 1550 if (!fix_fd(fd) ||
5e9e0efb
SK		 1551 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1552 {
1553 close(fd);
1554 fd = -1;
1555 }
1556 }
1557
1558 return fd;
1559}
1560
5aabfc78 1561int icmp_ping(struct in_addr addr)
3be34541 1562{
5e9e0efb 1563 /* Try and get an ICMP echo from a machine. */
3be34541
SK		 1564
1565 /* Note that whilst in the three second wait, we check for
832af0ba 1566 (and service) events on the DNS and TFTP sockets, (so doing that
3be34541
SK		 1567 better not use any resources our caller has in use...)
1568 but we remain deaf to signals or further DHCP packets. */
1569
5e9e0efb 1570 int fd;
3be34541
SK		 1571 struct sockaddr_in saddr;
1572 struct {
1573 struct ip ip;
1574 struct icmp icmp;
1575 } packet;
1576 unsigned short id = rand16();
1577 unsigned int i, j;
5e9e0efb 1578 int gotreply = 0;
3be34541 1579 time_t start, now;
5e9e0efb 1580
824af85b 1581#if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
5e9e0efb
SK		 1582 if ((fd = make_icmp_sock()) == -1)
1583 return 0;
1584#else
1585 int opt = 2000;
1586 fd = daemon->dhcp_icmp_fd;
1587 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1588#endif
1589
3be34541
SK		 1590 saddr.sin_family = AF_INET;
1591 saddr.sin_port = 0;
1592 saddr.sin_addr = addr;
1593#ifdef HAVE_SOCKADDR_SA_LEN
1594 saddr.sin_len = sizeof(struct sockaddr_in);
1595#endif
1596
1597 memset(&packet.icmp, 0, sizeof(packet.icmp));
1598 packet.icmp.icmp_type = ICMP_ECHO;
1599 packet.icmp.icmp_id = id;
1600 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1601 j += ((u16 *)&packet.icmp)[i];
1602 while (j>>16)
1603 j = (j & 0xffff) + (j >> 16);
1604 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1605
5e9e0efb 1606 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
fd9fa481
SK		 1607 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1608 retry_send());
1609
5e9e0efb
SK		 1610 for (now = start = dnsmasq_time();
1611 difftime(now, start) < (float)PING_WAIT;)
fd9fa481
SK		 1612 {
1613 struct timeval tv;
f2621c7f 1614 fd_set rset, wset;
fd9fa481 1615 struct sockaddr_in faddr;
1697269c 1616 int maxfd = fd;
3d8df260 1617 socklen_t len = sizeof(faddr);
fd9fa481
SK		 1618
1619 tv.tv_usec = 250000;
1620 tv.tv_sec = 0;
1621
1622 FD_ZERO(&rset);
f2621c7f 1623 FD_ZERO(&wset);
5e9e0efb 1624 FD_SET(fd, &rset);
5aabfc78 1625 set_dns_listeners(now, &rset, &maxfd);
f2621c7f 1626 set_log_writer(&wset, &maxfd);
c5ad4e79
SK		 1627
1628#ifdef HAVE_DHCP6
1f776932 1629 if (daemon->doing_ra)
c5ad4e79
SK		 1630 {
1631 FD_SET(daemon->icmp6fd, &rset);
1632 bump_maxfd(daemon->icmp6fd, &maxfd);
1633 }
1634#endif
1635
f2621c7f
SK		 1636 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1637 {
1638 FD_ZERO(&rset);
1639 FD_ZERO(&wset);
1640 }
1641
5e9e0efb 1642 now = dnsmasq_time();
f2621c7f
SK		 1643
1644 check_log_writer(&wset);
5aabfc78 1645 check_dns_listeners(&rset, now);
832af0ba 1646
c5ad4e79 1647#ifdef HAVE_DHCP6
1f776932
SK		 1648 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1649 icmp6_packet(now);
c5ad4e79
SK		 1650#endif
1651
832af0ba 1652#ifdef HAVE_TFTP
5aabfc78 1653 check_tftp_listeners(&rset, now);
832af0ba
SK		 1654#endif
1655
5e9e0efb
SK		 1656 if (FD_ISSET(fd, &rset) &&
1657 recvfrom(fd, &packet, sizeof(packet), 0,
fd9fa481
SK		 1658 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1659 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1660 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1661 packet.icmp.icmp_seq == 0 &&
1662 packet.icmp.icmp_id == id)
1663 {
1664 gotreply = 1;
1665 break;
1666 }
1667 }
1668
824af85b 1669#if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
5e9e0efb
SK		 1670 close(fd);
1671#else
3be34541 1672 opt = 1;
5e9e0efb
SK		 1673 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1674#endif
1675
3be34541
SK		 1676 return gotreply;
1677}
7622fc06 1678#endif
0a852541
SK		 1679
1680
Michael's tree of dnsmasq.