1 /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 /* Declare static char *compiler_opts in config.h */
18 #define DNSMASQ_COMPILE_OPTS
22 struct daemon
*daemon
;
24 static volatile pid_t pid
= 0;
25 static volatile int pipewrite
;
27 static int set_dns_listeners(time_t now
);
28 static void check_dns_listeners(time_t now
);
29 static void sig_handler(int sig
);
30 static void async_event(int pipe
, time_t now
);
31 static void fatal_event(struct event_desc
*ev
, char *msg
);
32 static int read_event(int fd
, struct event_desc
*evp
, char **msg
);
33 static void poll_resolv(int force
, int do_reload
, time_t now
);
35 int main (int argc
, char **argv
)
37 int bind_fallback
= 0;
39 struct sigaction sigact
;
41 int piperead
, pipefd
[2], err_pipe
[2];
42 struct passwd
*ent_pw
= NULL
;
43 #if defined(HAVE_SCRIPT)
47 struct group
*gp
= NULL
;
48 long i
, max_fd
= sysconf(_SC_OPEN_MAX
);
51 #if defined(HAVE_LINUX_NETWORK)
52 cap_user_header_t hdr
= NULL
;
53 cap_user_data_t data
= NULL
;
54 char *bound_device
= NULL
;
57 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
58 struct dhcp_context
*context
;
59 struct dhcp_relay
*relay
;
62 int tftp_prefix_missing
= 0;
66 setlocale(LC_ALL
, "");
67 bindtextdomain("dnsmasq", LOCALEDIR
);
68 textdomain("dnsmasq");
71 sigact
.sa_handler
= sig_handler
;
73 sigemptyset(&sigact
.sa_mask
);
74 sigaction(SIGUSR1
, &sigact
, NULL
);
75 sigaction(SIGUSR2
, &sigact
, NULL
);
76 sigaction(SIGHUP
, &sigact
, NULL
);
77 sigaction(SIGTERM
, &sigact
, NULL
);
78 sigaction(SIGALRM
, &sigact
, NULL
);
79 sigaction(SIGCHLD
, &sigact
, NULL
);
82 sigact
.sa_handler
= SIG_IGN
;
83 sigaction(SIGPIPE
, &sigact
, NULL
);
85 umask(022); /* known umask, create leases and pid files as 0644 */
87 rand_init(); /* Must precede read_opts() */
89 read_opts(argc
, argv
, compile_opts
);
91 if (daemon
->edns_pktsz
< PACKETSZ
)
92 daemon
->edns_pktsz
= PACKETSZ
;
94 daemon
->packet_buff_sz
= daemon
->edns_pktsz
> DNSMASQ_PACKETSZ
?
95 daemon
->edns_pktsz
: DNSMASQ_PACKETSZ
;
96 daemon
->packet
= safe_malloc(daemon
->packet_buff_sz
);
98 daemon
->addrbuff
= safe_malloc(ADDRSTRLEN
);
99 if (option_bool(OPT_EXTRALOG
))
100 daemon
->addrbuff2
= safe_malloc(ADDRSTRLEN
);
103 if (option_bool(OPT_DNSSEC_VALID
))
105 /* Note that both /000 and '.' are allowed within labels. These get
106 represented in presentation format using NAME_ESCAPE as an escape
107 character when in DNSSEC mode.
108 In theory, if all the characters in a name were /000 or
109 '.' or NAME_ESCAPE then all would have to be escaped, so the
110 presentation format would be twice as long as the spec.
112 daemon->namebuff was previously allocated by the option-reading
113 code before we knew if we're in DNSSEC mode, so reallocate here. */
114 free(daemon
->namebuff
);
115 daemon
->namebuff
= safe_malloc(MAXDNAME
* 2);
116 daemon
->keyname
= safe_malloc(MAXDNAME
* 2);
117 daemon
->workspacename
= safe_malloc(MAXDNAME
* 2);
122 if (!daemon
->lease_file
)
124 if (daemon
->dhcp
|| daemon
->dhcp6
)
125 daemon
->lease_file
= LEASEFILE
;
129 /* Close any file descriptors we inherited apart from std{in|out|err}
131 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
132 otherwise file descriptors we create can end up being 0, 1, or 2
133 and then get accidentally closed later when we make 0, 1, and 2
134 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
135 but it's not guaranteed. By opening /dev/null three times, we
136 ensure that we're not using those fds for real stuff. */
137 for (i
= 0; i
< max_fd
; i
++)
138 if (i
!= STDOUT_FILENO
&& i
!= STDERR_FILENO
&& i
!= STDIN_FILENO
)
141 open("/dev/null", O_RDWR
);
143 #ifndef HAVE_LINUX_NETWORK
144 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
145 if (!option_bool(OPT_NOWILD
))
148 set_option_bool(OPT_NOWILD
);
152 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
153 if (option_bool(OPT_CLEVERBIND
))
156 set_option_bool(OPT_NOWILD
);
157 reset_option_bool(OPT_CLEVERBIND
);
162 if (daemon
->dynamic_dirs
)
163 die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL
, EC_BADCONF
);
166 if (option_bool(OPT_DNSSEC_VALID
))
170 die(_("no trust anchors provided for DNSSEC"), NULL
, EC_BADCONF
);
172 if (daemon
->cachesize
< CACHESIZ
)
173 die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL
, EC_BADCONF
);
175 die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL
, EC_BADCONF
);
180 if (option_bool(OPT_TFTP
))
181 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL
, EC_BADCONF
);
184 #ifdef HAVE_CONNTRACK
185 if (option_bool(OPT_CONNTRACK
) && (daemon
->query_port
!= 0 || daemon
->osport
))
186 die (_("cannot use --conntrack AND --query-port"), NULL
, EC_BADCONF
);
188 if (option_bool(OPT_CONNTRACK
))
189 die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL
, EC_BADCONF
);
192 #ifdef HAVE_SOLARIS_NETWORK
193 if (daemon
->max_logs
!= 0)
194 die(_("asychronous logging is not available under Solaris"), NULL
, EC_BADCONF
);
198 if (daemon
->max_logs
!= 0)
199 die(_("asychronous logging is not available under Android"), NULL
, EC_BADCONF
);
203 if (daemon
->authserver
)
204 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL
, EC_BADCONF
);
208 if (option_bool(OPT_LOOP_DETECT
))
209 die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL
, EC_BADCONF
);
212 now
= dnsmasq_time();
214 /* Create a serial at startup if not configured. */
215 if (daemon
->authinterface
&& daemon
->soa_sn
== 0)
216 #ifdef HAVE_BROKEN_RTC
217 die(_("zone serial must be configured in --auth-soa"), NULL
, EC_BADCONF
);
219 daemon
->soa_sn
= now
;
225 daemon
->doing_ra
= option_bool(OPT_RA
);
227 for (context
= daemon
->dhcp6
; context
; context
= context
->next
)
229 if (context
->flags
& CONTEXT_DHCP
)
230 daemon
->doing_dhcp6
= 1;
231 if (context
->flags
& CONTEXT_RA
)
232 daemon
->doing_ra
= 1;
233 #if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK)
234 if (context
->flags
& CONTEXT_TEMPLATE
)
235 die (_("dhcp-range constructor not available on this platform"), NULL
, EC_BADCONF
);
242 /* Note that order matters here, we must call lease_init before
243 creating any file descriptors which shouldn't be leaked
244 to the lease-script init process. We need to call common_init
245 before lease_init to allocate buffers it uses.*/
246 if (daemon
->dhcp
|| daemon
->doing_dhcp6
|| daemon
->relay4
|| daemon
->relay6
)
249 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
253 if (daemon
->dhcp
|| daemon
->relay4
)
257 if (daemon
->doing_ra
|| daemon
->doing_dhcp6
|| daemon
->relay6
)
260 if (daemon
->doing_dhcp6
|| daemon
->relay6
)
271 #if defined(HAVE_LINUX_NETWORK)
273 #elif defined(HAVE_BSD_NETWORK)
277 if (option_bool(OPT_NOWILD
) && option_bool(OPT_CLEVERBIND
))
278 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL
, EC_BADCONF
);
280 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
281 die(_("failed to find list of interfaces: %s"), NULL
, EC_MISC
);
283 if (option_bool(OPT_NOWILD
) || option_bool(OPT_CLEVERBIND
))
285 create_bound_listeners(1);
287 if (!option_bool(OPT_CLEVERBIND
))
288 for (if_tmp
= daemon
->if_names
; if_tmp
; if_tmp
= if_tmp
->next
)
289 if (if_tmp
->name
&& !if_tmp
->used
)
290 die(_("unknown interface %s"), if_tmp
->name
, EC_BADNET
);
292 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
293 /* after enumerate_interfaces() */
294 bound_device
= whichdevice();
298 if (!daemon
->relay4
&& bound_device
)
300 bindtodevice(bound_device
, daemon
->dhcpfd
);
303 if (daemon
->enable_pxe
&& bound_device
)
305 bindtodevice(bound_device
, daemon
->pxefd
);
311 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
312 if (daemon
->doing_dhcp6
&& !daemon
->relay6
&& bound_device
)
314 bindtodevice(bound_device
, daemon
->dhcp6fd
);
320 create_wildcard_listeners();
323 /* after enumerate_interfaces() */
324 if (daemon
->doing_dhcp6
|| daemon
->relay6
|| daemon
->doing_ra
)
327 /* After netlink_init() and before create_helper() */
328 lease_make_duid(now
);
331 if (daemon
->port
!= 0)
341 if (daemon
->port
!= 0 || daemon
->dhcp
|| daemon
->doing_dhcp6
)
342 inotify_dnsmasq_init();
344 daemon
->inotifyfd
= -1;
347 if (option_bool(OPT_DBUS
))
352 daemon
->watches
= NULL
;
353 if ((err
= dbus_init()))
354 die(_("DBus error: %s"), err
, EC_MISC
);
357 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL
, EC_BADCONF
);
360 if (daemon
->port
!= 0)
363 #if defined(HAVE_SCRIPT)
364 /* Note getpwnam returns static storage */
365 if ((daemon
->dhcp
|| daemon
->dhcp6
) &&
366 daemon
->scriptuser
&&
367 (daemon
->lease_change_command
|| daemon
->luascript
))
369 if ((ent_pw
= getpwnam(daemon
->scriptuser
)))
371 script_uid
= ent_pw
->pw_uid
;
372 script_gid
= ent_pw
->pw_gid
;
375 baduser
= daemon
->scriptuser
;
379 if (daemon
->username
&& !(ent_pw
= getpwnam(daemon
->username
)))
380 baduser
= daemon
->username
;
381 else if (daemon
->groupname
&& !(gp
= getgrnam(daemon
->groupname
)))
382 baduser
= daemon
->groupname
;
385 die(_("unknown user or group: %s"), baduser
, EC_BADCONF
);
387 /* implement group defaults, "dip" if available, or group associated with uid */
388 if (!daemon
->group_set
&& !gp
)
390 if (!(gp
= getgrnam(CHGRP
)) && ent_pw
)
391 gp
= getgrgid(ent_pw
->pw_gid
);
393 /* for error message */
395 daemon
->groupname
= gp
->gr_name
;
398 #if defined(HAVE_LINUX_NETWORK)
399 /* determine capability API version here, while we can still
401 if (ent_pw
&& ent_pw
->pw_uid
!= 0)
403 int capsize
= 1; /* for header version 1 */
404 hdr
= safe_malloc(sizeof(*hdr
));
406 /* find version supported by kernel */
407 memset(hdr
, 0, sizeof(*hdr
));
410 if (hdr
->version
!= LINUX_CAPABILITY_VERSION_1
)
412 /* if unknown version, use largest supported version (3) */
413 if (hdr
->version
!= LINUX_CAPABILITY_VERSION_2
)
414 hdr
->version
= LINUX_CAPABILITY_VERSION_3
;
418 data
= safe_malloc(sizeof(*data
) * capsize
);
419 memset(data
, 0, sizeof(*data
) * capsize
);
423 /* Use a pipe to carry signals and other events back to the event loop
424 in a race-free manner and another to carry errors to daemon-invoking process */
425 safe_pipe(pipefd
, 1);
427 piperead
= pipefd
[0];
428 pipewrite
= pipefd
[1];
429 /* prime the pipe to load stuff first time. */
430 send_event(pipewrite
, EVENT_INIT
, 0, NULL
);
434 if (!option_bool(OPT_DEBUG
))
436 /* The following code "daemonizes" the process.
437 See Stevens section 12.4 */
440 die(_("cannot chdir to filesystem root: %s"), NULL
, EC_MISC
);
443 if (!option_bool(OPT_NO_FORK
))
447 /* pipe to carry errors back to original process.
448 When startup is complete we close this and the process terminates. */
449 safe_pipe(err_pipe
, 0);
451 if ((pid
= fork()) == -1)
452 /* fd == -1 since we've not forked, never returns. */
453 send_event(-1, EVENT_FORK_ERR
, errno
, NULL
);
457 struct event_desc ev
;
460 /* close our copy of write-end */
461 while (retry_send(close(err_pipe
[1])));
463 /* check for errors after the fork */
464 if (read_event(err_pipe
[0], &ev
, &msg
))
465 fatal_event(&ev
, msg
);
470 while (retry_send(close(err_pipe
[0])));
472 /* NO calls to die() from here on. */
476 if ((pid
= fork()) == -1)
477 send_event(err_pipe
[1], EVENT_FORK_ERR
, errno
, NULL
);
484 /* write pidfile _after_ forking ! */
489 sprintf(daemon
->namebuff
, "%d\n", (int) getpid());
491 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
492 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
493 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
494 extent that an attacker running as the unprivileged user could replace the pidfile with a
495 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
497 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
498 ensuring that the open() fails should there be any existing file (because the unlink() failed,
499 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
502 Any compromise of the non-privileged user still theoretically allows the pid-file to be
503 replaced whilst dnsmasq is running. The worst that could allow is that the usual
504 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
506 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
507 failure to write the pid-file.
510 unlink(daemon
->runfile
);
512 if ((fd
= open(daemon
->runfile
, O_WRONLY
|O_CREAT
|O_TRUNC
|O_EXCL
, S_IWUSR
|S_IRUSR
|S_IRGRP
|S_IROTH
)) == -1)
514 /* only complain if started as root */
520 if (!read_write(fd
, (unsigned char *)daemon
->namebuff
, strlen(daemon
->namebuff
), 0))
524 while (retry_send(close(fd
)));
532 send_event(err_pipe
[1], EVENT_PIDFILE
, errno
, daemon
->runfile
);
538 log_err
= log_start(ent_pw
, err_pipe
[1]);
540 if (!option_bool(OPT_DEBUG
))
542 /* open stdout etc to /dev/null */
543 int nullfd
= open("/dev/null", O_RDWR
);
544 dup2(nullfd
, STDOUT_FILENO
);
545 dup2(nullfd
, STDERR_FILENO
);
546 dup2(nullfd
, STDIN_FILENO
);
550 /* if we are to run scripts, we need to fork a helper before dropping root. */
551 daemon
->helperfd
= -1;
553 if ((daemon
->dhcp
|| daemon
->dhcp6
) && (daemon
->lease_change_command
|| daemon
->luascript
))
554 daemon
->helperfd
= create_helper(pipewrite
, err_pipe
[1], script_uid
, script_gid
, max_fd
);
557 if (!option_bool(OPT_DEBUG
) && getuid() == 0)
559 int bad_capabilities
= 0;
562 /* remove all supplimentary groups */
564 (setgroups(0, &dummy
) == -1 ||
565 setgid(gp
->gr_gid
) == -1))
567 send_event(err_pipe
[1], EVENT_GROUP_ERR
, errno
, daemon
->groupname
);
571 if (ent_pw
&& ent_pw
->pw_uid
!= 0)
573 #if defined(HAVE_LINUX_NETWORK)
574 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
575 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
576 ports because of DAD, or we're doing it dynamically,
577 we need CAP_NET_BIND_SERVICE too. */
578 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND
))
579 data
->effective
= data
->permitted
= data
->inheritable
=
580 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) |
581 (1 << CAP_SETUID
) | (1 << CAP_NET_BIND_SERVICE
);
583 data
->effective
= data
->permitted
= data
->inheritable
=
584 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) | (1 << CAP_SETUID
);
586 /* Tell kernel to not clear capabilities when dropping root */
587 if (capset(hdr
, data
) == -1 || prctl(PR_SET_KEEPCAPS
, 1, 0, 0, 0) == -1)
588 bad_capabilities
= errno
;
590 #elif defined(HAVE_SOLARIS_NETWORK)
591 /* http://developers.sun.com/solaris/articles/program_privileges.html */
592 priv_set_t
*priv_set
;
594 if (!(priv_set
= priv_str_to_set("basic", ",", NULL
)) ||
595 priv_addset(priv_set
, PRIV_NET_ICMPACCESS
) == -1 ||
596 priv_addset(priv_set
, PRIV_SYS_NET_CONFIG
) == -1)
597 bad_capabilities
= errno
;
599 if (priv_set
&& bad_capabilities
== 0)
601 priv_inverse(priv_set
);
603 if (setppriv(PRIV_OFF
, PRIV_LIMIT
, priv_set
) == -1)
604 bad_capabilities
= errno
;
608 priv_freeset(priv_set
);
612 if (bad_capabilities
!= 0)
614 send_event(err_pipe
[1], EVENT_CAP_ERR
, bad_capabilities
, NULL
);
618 /* finally drop root */
619 if (setuid(ent_pw
->pw_uid
) == -1)
621 send_event(err_pipe
[1], EVENT_USER_ERR
, errno
, daemon
->username
);
625 #ifdef HAVE_LINUX_NETWORK
626 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND
))
627 data
->effective
= data
->permitted
=
628 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) | (1 << CAP_NET_BIND_SERVICE
);
630 data
->effective
= data
->permitted
=
631 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
);
632 data
->inheritable
= 0;
634 /* lose the setuid and setgid capbilities */
635 if (capset(hdr
, data
) == -1)
637 send_event(err_pipe
[1], EVENT_CAP_ERR
, errno
, NULL
);
645 #ifdef HAVE_LINUX_NETWORK
648 if (option_bool(OPT_DEBUG
))
649 prctl(PR_SET_DUMPABLE
, 1, 0, 0, 0);
653 if (option_bool(OPT_TFTP
))
656 struct tftp_prefix
*p
;
658 if (daemon
->tftp_prefix
)
660 if (!((dir
= opendir(daemon
->tftp_prefix
))))
662 tftp_prefix_missing
= 1;
663 if (!option_bool(OPT_TFTP_NO_FAIL
))
665 send_event(err_pipe
[1], EVENT_TFTP_ERR
, errno
, daemon
->tftp_prefix
);
673 for (p
= daemon
->if_prefix
; p
; p
= p
->next
)
676 if (!((dir
= opendir(p
->prefix
))))
679 if (!option_bool(OPT_TFTP_NO_FAIL
))
681 send_event(err_pipe
[1], EVENT_TFTP_ERR
, errno
, p
->prefix
);
691 if (daemon
->port
== 0)
692 my_syslog(LOG_INFO
, _("started, version %s DNS disabled"), VERSION
);
693 else if (daemon
->cachesize
!= 0)
694 my_syslog(LOG_INFO
, _("started, version %s cachesize %d"), VERSION
, daemon
->cachesize
);
696 my_syslog(LOG_INFO
, _("started, version %s cache disabled"), VERSION
);
698 my_syslog(LOG_INFO
, _("compile time options: %s"), compile_opts
);
701 if (option_bool(OPT_DBUS
))
704 my_syslog(LOG_INFO
, _("DBus support enabled: connected to system bus"));
706 my_syslog(LOG_INFO
, _("DBus support enabled: bus connection pending"));
710 if (option_bool(OPT_LOCAL_SERVICE
))
711 my_syslog(LOG_INFO
, _("DNS service limited to local subnets"));
714 if (option_bool(OPT_DNSSEC_VALID
))
718 /* Delay creating the timestamp file until here, after we've changed user, so that
719 it has the correct owner to allow updating the mtime later.
720 This means we have to report fatal errors via the pipe. */
721 if ((rc
= setup_timestamp()) == -1)
723 send_event(err_pipe
[1], EVENT_TIME_ERR
, errno
, daemon
->timestamp_file
);
727 my_syslog(LOG_INFO
, _("DNSSEC validation enabled"));
729 if (option_bool(OPT_DNSSEC_TIME
))
730 my_syslog(LOG_INFO
, _("DNSSEC signature timestamps not checked until first cache reload"));
733 my_syslog(LOG_INFO
, _("DNSSEC signature timestamps not checked until system time valid"));
738 my_syslog(LOG_WARNING
, _("warning: failed to change owner of %s: %s"),
739 daemon
->log_file
, strerror(log_err
));
742 my_syslog(LOG_WARNING
, _("setting --bind-interfaces option because of OS limitations"));
744 if (option_bool(OPT_NOWILD
))
745 warn_bound_listeners();
749 if (!option_bool(OPT_NOWILD
))
750 for (if_tmp
= daemon
->if_names
; if_tmp
; if_tmp
= if_tmp
->next
)
751 if (if_tmp
->name
&& !if_tmp
->used
)
752 my_syslog(LOG_WARNING
, _("warning: interface %s does not currently exist"), if_tmp
->name
);
754 if (daemon
->port
!= 0 && option_bool(OPT_NO_RESOLV
))
756 if (daemon
->resolv_files
&& !daemon
->resolv_files
->is_default
)
757 my_syslog(LOG_WARNING
, _("warning: ignoring resolv-file flag because no-resolv is set"));
758 daemon
->resolv_files
= NULL
;
759 if (!daemon
->servers
)
760 my_syslog(LOG_WARNING
, _("warning: no upstream servers configured"));
763 if (daemon
->max_logs
!= 0)
764 my_syslog(LOG_INFO
, _("asynchronous logging enabled, queue limit is %d messages"), daemon
->max_logs
);
768 for (context
= daemon
->dhcp
; context
; context
= context
->next
)
769 log_context(AF_INET
, context
);
771 for (relay
= daemon
->relay4
; relay
; relay
= relay
->next
)
772 log_relay(AF_INET
, relay
);
775 for (context
= daemon
->dhcp6
; context
; context
= context
->next
)
776 log_context(AF_INET6
, context
);
778 for (relay
= daemon
->relay6
; relay
; relay
= relay
->next
)
779 log_relay(AF_INET6
, relay
);
781 if (daemon
->doing_dhcp6
|| daemon
->doing_ra
)
782 dhcp_construct_contexts(now
);
784 if (option_bool(OPT_RA
))
785 my_syslog(MS_DHCP
| LOG_INFO
, _("IPv6 router advertisement enabled"));
788 # ifdef HAVE_LINUX_NETWORK
790 my_syslog(MS_DHCP
| LOG_INFO
, _("DHCP, sockets bound exclusively to interface %s"), bound_device
);
793 /* after dhcp_contruct_contexts */
794 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
795 lease_find_interfaces(now
);
799 if (option_bool(OPT_TFTP
))
801 struct tftp_prefix
*p
;
803 my_syslog(MS_TFTP
| LOG_INFO
, "TFTP %s%s %s",
804 daemon
->tftp_prefix
? _("root is ") : _("enabled"),
805 daemon
->tftp_prefix
? daemon
->tftp_prefix
: "",
806 option_bool(OPT_TFTP_SECURE
) ? _("secure mode") : "");
808 if (tftp_prefix_missing
)
809 my_syslog(MS_TFTP
| LOG_WARNING
, _("warning: %s inaccessible"), daemon
->tftp_prefix
);
811 for (p
= daemon
->if_prefix
; p
; p
= p
->next
)
813 my_syslog(MS_TFTP
| LOG_WARNING
, _("warning: TFTP directory %s inaccessible"), p
->prefix
);
815 /* This is a guess, it assumes that for small limits,
816 disjoint files might be served, but for large limits,
817 a single file will be sent to may clients (the file only needs
820 max_fd
-= 30; /* use other than TFTP */
824 else if (max_fd
< 100)
827 max_fd
= max_fd
- 20;
829 /* if we have to use a limited range of ports,
830 that will limit the number of transfers */
831 if (daemon
->start_tftp_port
!= 0 &&
832 daemon
->end_tftp_port
- daemon
->start_tftp_port
+ 1 < max_fd
)
833 max_fd
= daemon
->end_tftp_port
- daemon
->start_tftp_port
+ 1;
835 if (daemon
->tftp_max
> max_fd
)
837 daemon
->tftp_max
= max_fd
;
838 my_syslog(MS_TFTP
| LOG_WARNING
,
839 _("restricting maximum simultaneous TFTP transfers to %d"),
845 /* finished start-up - release original process */
846 if (err_pipe
[1] != -1)
847 while (retry_send(close(err_pipe
[1])));
849 if (daemon
->port
!= 0)
855 /* Using inotify, have to select a resolv file at startup */
856 poll_resolv(1, 0, now
);
865 /* if we are out of resources, find how long we have to wait
866 for some to come free, we'll loop around then and restart
867 listening for queries */
868 if ((t
= set_dns_listeners(now
)) != 0)
871 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
872 if (daemon
->tftp_trans
||
873 (option_bool(OPT_DBUS
) && !daemon
->dbus
))
876 /* Wake every second whilst waiting for DAD to complete */
877 else if (is_dad_listeners())
881 set_dbus_listeners();
885 if (daemon
->dhcp
|| daemon
->relay4
)
887 poll_listen(daemon
->dhcpfd
, POLLIN
);
888 if (daemon
->pxefd
!= -1)
889 poll_listen(daemon
->pxefd
, POLLIN
);
894 if (daemon
->doing_dhcp6
|| daemon
->relay6
)
895 poll_listen(daemon
->dhcp6fd
, POLLIN
);
897 if (daemon
->doing_ra
)
898 poll_listen(daemon
->icmp6fd
, POLLIN
);
902 if (daemon
->inotifyfd
!= -1)
903 poll_listen(daemon
->inotifyfd
, POLLIN
);
906 #if defined(HAVE_LINUX_NETWORK)
907 poll_listen(daemon
->netlinkfd
, POLLIN
);
908 #elif defined(HAVE_BSD_NETWORK)
909 poll_listen(daemon
->routefd
, POLLIN
);
912 poll_listen(piperead
, POLLIN
);
916 while (helper_buf_empty() && do_script_run(now
));
919 while (helper_buf_empty() && do_tftp_script_run());
922 if (!helper_buf_empty())
923 poll_listen(daemon
->helperfd
, POLLOUT
);
925 /* need this for other side-effects */
926 while (do_script_run(now
));
929 while (do_tftp_script_run());
935 /* must do this just before select(), when we know no
936 more calls to my_syslog() can occur */
939 if (do_poll(timeout
) < 0)
942 now
= dnsmasq_time();
947 enumerate_interfaces(1);
949 /* Check the interfaces to see if any have exited DAD state
950 and if so, bind the address. */
951 if (is_dad_listeners())
953 enumerate_interfaces(0);
954 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
955 create_bound_listeners(0);
956 warn_bound_listeners();
959 #if defined(HAVE_LINUX_NETWORK)
960 if (poll_check(daemon
->netlinkfd
, POLLIN
))
962 #elif defined(HAVE_BSD_NETWORK)
963 if (poll_check(daemon
->routefd
, POLLIN
))
968 if (daemon
->inotifyfd
!= -1 && poll_check(daemon
->inotifyfd
, POLLIN
) && inotify_check(now
))
970 if (daemon
->port
!= 0 && !option_bool(OPT_NO_POLL
))
971 poll_resolv(1, 1, now
);
974 /* Check for changes to resolv files once per second max. */
975 /* Don't go silent for long periods if the clock goes backwards. */
976 if (daemon
->last_resolv
== 0 ||
977 difftime(now
, daemon
->last_resolv
) > 1.0 ||
978 difftime(now
, daemon
->last_resolv
) < -1.0)
980 /* poll_resolv doesn't need to reload first time through, since
981 that's queued anyway. */
983 poll_resolv(0, daemon
->last_resolv
!= 0, now
);
984 daemon
->last_resolv
= now
;
988 if (poll_check(piperead
, POLLIN
))
989 async_event(piperead
, now
);
992 /* if we didn't create a DBus connection, retry now. */
993 if (option_bool(OPT_DBUS
) && !daemon
->dbus
)
996 if ((err
= dbus_init()))
997 my_syslog(LOG_WARNING
, _("DBus error: %s"), err
);
999 my_syslog(LOG_INFO
, _("connected to system DBus"));
1001 check_dbus_listeners();
1004 check_dns_listeners(now
);
1007 check_tftp_listeners(now
);
1011 if (daemon
->dhcp
|| daemon
->relay4
)
1013 if (poll_check(daemon
->dhcpfd
, POLLIN
))
1014 dhcp_packet(now
, 0);
1015 if (daemon
->pxefd
!= -1 && poll_check(daemon
->pxefd
, POLLIN
))
1016 dhcp_packet(now
, 1);
1020 if ((daemon
->doing_dhcp6
|| daemon
->relay6
) && poll_check(daemon
->dhcp6fd
, POLLIN
))
1023 if (daemon
->doing_ra
&& poll_check(daemon
->icmp6fd
, POLLIN
))
1028 if (daemon
->helperfd
!= -1 && poll_check(daemon
->helperfd
, POLLOUT
))
1036 static void sig_handler(int sig
)
1040 /* ignore anything other than TERM during startup
1041 and in helper proc. (helper ignore TERM too) */
1045 else if (pid
!= getpid())
1047 /* alarm is used to kill TCP children after a fixed time. */
1053 /* master process */
1054 int event
, errsave
= errno
;
1057 event
= EVENT_RELOAD
;
1058 else if (sig
== SIGCHLD
)
1059 event
= EVENT_CHILD
;
1060 else if (sig
== SIGALRM
)
1061 event
= EVENT_ALARM
;
1062 else if (sig
== SIGTERM
)
1064 else if (sig
== SIGUSR1
)
1066 else if (sig
== SIGUSR2
)
1067 event
= EVENT_REOPEN
;
1071 send_event(pipewrite
, event
, 0, NULL
);
1076 /* now == 0 -> queue immediate callback */
1077 void send_alarm(time_t event
, time_t now
)
1079 if (now
== 0 || event
!= 0)
1081 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1082 if ((now
== 0 || difftime(event
, now
) <= 0.0))
1083 send_event(pipewrite
, EVENT_ALARM
, 0, NULL
);
1085 alarm((unsigned)difftime(event
, now
));
1089 void queue_event(int event
)
1091 send_event(pipewrite
, event
, 0, NULL
);
1094 void send_event(int fd
, int event
, int data
, char *msg
)
1096 struct event_desc ev
;
1097 struct iovec iov
[2];
1101 ev
.msg_sz
= msg
? strlen(msg
) : 0;
1103 iov
[0].iov_base
= &ev
;
1104 iov
[0].iov_len
= sizeof(ev
);
1105 iov
[1].iov_base
= msg
;
1106 iov
[1].iov_len
= ev
.msg_sz
;
1108 /* error pipe, debug mode. */
1110 fatal_event(&ev
, msg
);
1112 /* pipe is non-blocking and struct event_desc is smaller than
1113 PIPE_BUF, so this either fails or writes everything */
1114 while (writev(fd
, iov
, msg
? 2 : 1) == -1 && errno
== EINTR
);
1117 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1118 to describe fatal errors. */
1119 static int read_event(int fd
, struct event_desc
*evp
, char **msg
)
1123 if (!read_write(fd
, (unsigned char *)evp
, sizeof(struct event_desc
), 1))
1128 if (evp
->msg_sz
!= 0 &&
1129 (buf
= malloc(evp
->msg_sz
+ 1)) &&
1130 read_write(fd
, (unsigned char *)buf
, evp
->msg_sz
, 1))
1132 buf
[evp
->msg_sz
] = 0;
1139 static void fatal_event(struct event_desc
*ev
, char *msg
)
1148 case EVENT_FORK_ERR
:
1149 die(_("cannot fork into background: %s"), NULL
, EC_MISC
);
1151 case EVENT_PIPE_ERR
:
1152 die(_("failed to create helper: %s"), NULL
, EC_MISC
);
1155 die(_("setting capabilities failed: %s"), NULL
, EC_MISC
);
1157 case EVENT_USER_ERR
:
1158 die(_("failed to change user-id to %s: %s"), msg
, EC_MISC
);
1160 case EVENT_GROUP_ERR
:
1161 die(_("failed to change group-id to %s: %s"), msg
, EC_MISC
);
1164 die(_("failed to open pidfile %s: %s"), msg
, EC_FILE
);
1167 die(_("cannot open log %s: %s"), msg
, EC_FILE
);
1170 die(_("failed to load Lua script: %s"), msg
, EC_MISC
);
1172 case EVENT_TFTP_ERR
:
1173 die(_("TFTP directory %s inaccessible: %s"), msg
, EC_FILE
);
1175 case EVENT_TIME_ERR
:
1176 die(_("cannot create timestamp file %s: %s" ), msg
, EC_BADCONF
);
1180 static void async_event(int pipe
, time_t now
)
1183 struct event_desc ev
;
1187 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1188 to describe fatal errors. */
1190 if (read_event(pipe
, &ev
, &msg
))
1195 if (option_bool(OPT_DNSSEC_VALID
) && option_bool(OPT_DNSSEC_TIME
))
1197 my_syslog(LOG_INFO
, _("now checking DNSSEC signature timestamps"));
1198 reset_option_bool(OPT_DNSSEC_TIME
);
1204 clear_cache_and_reload(now
);
1206 if (daemon
->port
!= 0)
1208 if (daemon
->resolv_files
&& option_bool(OPT_NO_POLL
))
1210 reload_servers(daemon
->resolv_files
->name
);
1214 if (daemon
->servers_file
)
1216 read_servers_file();
1230 if (daemon
->port
!= 0)
1236 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
1238 lease_prune(NULL
, now
);
1239 lease_update_file(now
);
1242 else if (daemon
->doing_ra
)
1243 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1244 send_alarm(periodic_ra(now
), now
);
1250 /* See Stevens 5.10 */
1251 while ((p
= waitpid(-1, NULL
, WNOHANG
)) != 0)
1258 for (i
= 0 ; i
< MAX_PROCS
; i
++)
1259 if (daemon
->tcp_pids
[i
] == p
)
1260 daemon
->tcp_pids
[i
] = 0;
1264 my_syslog(LOG_WARNING
, _("script process killed by signal %d"), ev
.data
);
1268 my_syslog(LOG_WARNING
, _("script process exited with status %d"), ev
.data
);
1271 case EVENT_EXEC_ERR
:
1272 my_syslog(LOG_ERR
, _("failed to execute %s: %s"),
1273 daemon
->lease_change_command
, strerror(ev
.data
));
1276 /* necessary for fatal errors in helper */
1277 case EVENT_USER_ERR
:
1280 fatal_event(&ev
, msg
);
1284 /* Note: this may leave TCP-handling processes with the old file still open.
1285 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1286 we leave them logging to the old file. */
1287 if (daemon
->log_file
!= NULL
)
1288 log_reopen(daemon
->log_file
);
1295 case EVENT_NEWROUTE
:
1297 /* Force re-reading resolv file right now, for luck. */
1298 poll_resolv(0, 1, now
);
1302 /* Knock all our children on the head. */
1303 for (i
= 0; i
< MAX_PROCS
; i
++)
1304 if (daemon
->tcp_pids
[i
] != 0)
1305 kill(daemon
->tcp_pids
[i
], SIGALRM
);
1307 #if defined(HAVE_SCRIPT)
1308 /* handle pending lease transitions */
1309 if (daemon
->helperfd
!= -1)
1311 /* block in writes until all done */
1312 if ((i
= fcntl(daemon
->helperfd
, F_GETFL
)) != -1)
1313 fcntl(daemon
->helperfd
, F_SETFL
, i
& ~O_NONBLOCK
);
1316 } while (!helper_buf_empty() || do_script_run(now
));
1317 while (retry_send(close(daemon
->helperfd
)));
1321 if (daemon
->lease_stream
)
1322 fclose(daemon
->lease_stream
);
1325 /* update timestamp file on TERM if time is considered valid */
1326 if (daemon
->back_to_the_future
)
1328 if (utime(daemon
->timestamp_file
, NULL
) == -1)
1329 my_syslog(LOG_ERR
, _("failed to update mtime on %s: %s"), daemon
->timestamp_file
, strerror(errno
));
1333 if (daemon
->runfile
)
1334 unlink(daemon
->runfile
);
1336 my_syslog(LOG_INFO
, _("exiting on receipt of SIGTERM"));
1342 static void poll_resolv(int force
, int do_reload
, time_t now
)
1344 struct resolvc
*res
, *latest
;
1345 struct stat statbuf
;
1346 time_t last_change
= 0;
1347 /* There may be more than one possible file.
1348 Go through and find the one which changed _last_.
1349 Warn of any which can't be read. */
1351 if (daemon
->port
== 0 || option_bool(OPT_NO_POLL
))
1354 for (latest
= NULL
, res
= daemon
->resolv_files
; res
; res
= res
->next
)
1355 if (stat(res
->name
, &statbuf
) == -1)
1364 my_syslog(LOG_WARNING
, _("failed to access %s: %s"), res
->name
, strerror(errno
));
1367 if (res
->mtime
!= 0)
1369 /* existing file evaporated, force selection of the latest
1370 file even if its mtime hasn't changed since we last looked */
1371 poll_resolv(1, do_reload
, now
);
1378 if (force
|| (statbuf
.st_mtime
!= res
->mtime
))
1380 res
->mtime
= statbuf
.st_mtime
;
1381 if (difftime(statbuf
.st_mtime
, last_change
) > 0.0)
1383 last_change
= statbuf
.st_mtime
;
1391 static int warned
= 0;
1392 if (reload_servers(latest
->name
))
1394 my_syslog(LOG_INFO
, _("reading %s"), latest
->name
);
1397 if (option_bool(OPT_RELOAD
) && do_reload
)
1398 clear_cache_and_reload(now
);
1405 my_syslog(LOG_WARNING
, _("no servers found in %s, will retry"), latest
->name
);
1412 void clear_cache_and_reload(time_t now
)
1416 if (daemon
->port
!= 0)
1420 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
1422 if (option_bool(OPT_ETHERS
))
1426 set_dynamic_inotify(AH_DHCP_HST
| AH_DHCP_OPT
, 0, NULL
, 0);
1428 dhcp_update_configs(daemon
->dhcp_conf
);
1429 lease_update_from_configs();
1430 lease_update_file(now
);
1431 lease_update_dns(1);
1434 else if (daemon
->doing_ra
)
1435 /* Not doing DHCP, so no lease system, manage
1436 alarms for ra only */
1437 send_alarm(periodic_ra(now
), now
);
1442 static int set_dns_listeners(time_t now
)
1444 struct serverfd
*serverfdp
;
1445 struct listener
*listener
;
1450 struct tftp_transfer
*transfer
;
1451 for (transfer
= daemon
->tftp_trans
; transfer
; transfer
= transfer
->next
)
1454 poll_listen(transfer
->sockfd
, POLLIN
);
1458 /* will we be able to get memory? */
1459 if (daemon
->port
!= 0)
1460 get_new_frec(now
, &wait
, 0);
1462 for (serverfdp
= daemon
->sfds
; serverfdp
; serverfdp
= serverfdp
->next
)
1463 poll_listen(serverfdp
->fd
, POLLIN
);
1465 if (daemon
->port
!= 0 && !daemon
->osport
)
1466 for (i
= 0; i
< RANDOM_SOCKS
; i
++)
1467 if (daemon
->randomsocks
[i
].refcount
!= 0)
1468 poll_listen(daemon
->randomsocks
[i
].fd
, POLLIN
);
1470 for (listener
= daemon
->listeners
; listener
; listener
= listener
->next
)
1472 /* only listen for queries if we have resources */
1473 if (listener
->fd
!= -1 && wait
== 0)
1474 poll_listen(listener
->fd
, POLLIN
);
1476 /* death of a child goes through the select loop, so
1477 we don't need to explicitly arrange to wake up here */
1478 if (listener
->tcpfd
!= -1)
1479 for (i
= 0; i
< MAX_PROCS
; i
++)
1480 if (daemon
->tcp_pids
[i
] == 0)
1482 poll_listen(listener
->tcpfd
, POLLIN
);
1487 if (tftp
<= daemon
->tftp_max
&& listener
->tftpfd
!= -1)
1488 poll_listen(listener
->tftpfd
, POLLIN
);
1496 static void check_dns_listeners(time_t now
)
1498 struct serverfd
*serverfdp
;
1499 struct listener
*listener
;
1502 for (serverfdp
= daemon
->sfds
; serverfdp
; serverfdp
= serverfdp
->next
)
1503 if (poll_check(serverfdp
->fd
, POLLIN
))
1504 reply_query(serverfdp
->fd
, serverfdp
->source_addr
.sa
.sa_family
, now
);
1506 if (daemon
->port
!= 0 && !daemon
->osport
)
1507 for (i
= 0; i
< RANDOM_SOCKS
; i
++)
1508 if (daemon
->randomsocks
[i
].refcount
!= 0 &&
1509 poll_check(daemon
->randomsocks
[i
].fd
, POLLIN
))
1510 reply_query(daemon
->randomsocks
[i
].fd
, daemon
->randomsocks
[i
].family
, now
);
1512 for (listener
= daemon
->listeners
; listener
; listener
= listener
->next
)
1514 if (listener
->fd
!= -1 && poll_check(listener
->fd
, POLLIN
))
1515 receive_query(listener
, now
);
1518 if (listener
->tftpfd
!= -1 && poll_check(listener
->tftpfd
, POLLIN
))
1519 tftp_request(listener
, now
);
1522 if (listener
->tcpfd
!= -1 && poll_check(listener
->tcpfd
, POLLIN
))
1524 int confd
, client_ok
= 1;
1525 struct irec
*iface
= NULL
;
1527 union mysockaddr tcp_addr
;
1528 socklen_t tcp_len
= sizeof(union mysockaddr
);
1530 while ((confd
= accept(listener
->tcpfd
, NULL
, NULL
)) == -1 && errno
== EINTR
);
1535 if (getsockname(confd
, (struct sockaddr
*)&tcp_addr
, &tcp_len
) == -1)
1537 while (retry_send(close(confd
)));
1541 /* Make sure that the interface list is up-to-date.
1543 We do this here as we may need the results below, and
1544 the DNS code needs them for --interface-name stuff.
1546 Multiple calls to enumerate_interfaces() per select loop are
1547 inhibited, so calls to it in the child process (which doesn't select())
1548 have no effect. This avoids two processes reading from the same
1549 netlink fd and screwing the pooch entirely.
1552 enumerate_interfaces(0);
1554 if (option_bool(OPT_NOWILD
))
1555 iface
= listener
->iface
; /* May be NULL */
1559 char intr_name
[IF_NAMESIZE
];
1561 /* if we can find the arrival interface, check it's one that's allowed */
1562 if ((if_index
= tcp_interface(confd
, tcp_addr
.sa
.sa_family
)) != 0 &&
1563 indextoname(listener
->tcpfd
, if_index
, intr_name
))
1565 struct all_addr addr
;
1566 addr
.addr
.addr4
= tcp_addr
.in
.sin_addr
;
1568 if (tcp_addr
.sa
.sa_family
== AF_INET6
)
1569 addr
.addr
.addr6
= tcp_addr
.in6
.sin6_addr
;
1572 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1573 if (iface
->index
== if_index
)
1576 if (!iface
&& !loopback_exception(listener
->tcpfd
, tcp_addr
.sa
.sa_family
, &addr
, intr_name
))
1580 if (option_bool(OPT_CLEVERBIND
))
1581 iface
= listener
->iface
; /* May be NULL */
1584 /* Check for allowed interfaces when binding the wildcard address:
1585 we do this by looking for an interface with the same address as
1586 the local address of the TCP connection, then looking to see if that's
1587 an allowed interface. As a side effect, we get the netmask of the
1588 interface too, for localisation. */
1590 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1591 if (sockaddr_isequal(&iface
->addr
, &tcp_addr
))
1601 shutdown(confd
, SHUT_RDWR
);
1602 while (retry_send(close(confd
)));
1605 else if (!option_bool(OPT_DEBUG
) && (p
= fork()) != 0)
1610 for (i
= 0; i
< MAX_PROCS
; i
++)
1611 if (daemon
->tcp_pids
[i
] == 0)
1613 daemon
->tcp_pids
[i
] = p
;
1617 while (retry_send(close(confd
)));
1619 /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
1620 daemon
->log_id
+= TCP_MAX_QUERIES
;
1625 unsigned char *buff
;
1628 struct in_addr netmask
;
1633 netmask
= iface
->netmask
;
1634 auth_dns
= iface
->dns_auth
;
1643 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1644 terminate the process. */
1645 if (!option_bool(OPT_DEBUG
))
1646 alarm(CHILD_LIFETIME
);
1649 /* start with no upstream connections. */
1650 for (s
= daemon
->servers
; s
; s
= s
->next
)
1653 /* The connected socket inherits non-blocking
1654 attribute from the listening socket.
1656 if ((flags
= fcntl(confd
, F_GETFL
, 0)) != -1)
1657 fcntl(confd
, F_SETFL
, flags
& ~O_NONBLOCK
);
1659 buff
= tcp_request(confd
, now
, &tcp_addr
, netmask
, auth_dns
);
1661 shutdown(confd
, SHUT_RDWR
);
1662 while (retry_send(close(confd
)));
1667 for (s
= daemon
->servers
; s
; s
= s
->next
)
1670 shutdown(s
->tcpfd
, SHUT_RDWR
);
1671 while (retry_send(close(s
->tcpfd
)));
1674 if (!option_bool(OPT_DEBUG
))
1686 int make_icmp_sock(void)
1691 if ((fd
= socket (AF_INET
, SOCK_RAW
, IPPROTO_ICMP
)) != -1)
1694 setsockopt(fd
, SOL_SOCKET
, SO_DONTROUTE
, &zeroopt
, sizeof(zeroopt
)) == -1)
1704 int icmp_ping(struct in_addr addr
)
1706 /* Try and get an ICMP echo from a machine. */
1708 /* Note that whilst in the three second wait, we check for
1709 (and service) events on the DNS and TFTP sockets, (so doing that
1710 better not use any resources our caller has in use...)
1711 but we remain deaf to signals or further DHCP packets. */
1713 /* There can be a problem using dnsmasq_time() to end the loop, since
1714 it's not monotonic, and can go backwards if the system clock is
1715 tweaked, leading to the code getting stuck in this loop and
1716 ignoring DHCP requests. To fix this, we check to see if select returned
1717 as a result of a timeout rather than a socket becoming available. We
1718 only allow this to happen as many times as it takes to get to the wait time
1719 in quarter-second chunks. This provides a fallback way to end loop. */
1722 struct sockaddr_in saddr
;
1727 unsigned short id
= rand16();
1728 unsigned int i
, j
, timeout_count
;
1732 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1733 if ((fd
= make_icmp_sock()) == -1)
1737 fd
= daemon
->dhcp_icmp_fd
;
1738 setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &opt
, sizeof(opt
));
1741 saddr
.sin_family
= AF_INET
;
1743 saddr
.sin_addr
= addr
;
1744 #ifdef HAVE_SOCKADDR_SA_LEN
1745 saddr
.sin_len
= sizeof(struct sockaddr_in
);
1748 memset(&packet
.icmp
, 0, sizeof(packet
.icmp
));
1749 packet
.icmp
.icmp_type
= ICMP_ECHO
;
1750 packet
.icmp
.icmp_id
= id
;
1751 for (j
= 0, i
= 0; i
< sizeof(struct icmp
) / 2; i
++)
1752 j
+= ((u16
*)&packet
.icmp
)[i
];
1754 j
= (j
& 0xffff) + (j
>> 16);
1755 packet
.icmp
.icmp_cksum
= (j
== 0xffff) ? j
: ~j
;
1757 while (retry_send(sendto(fd
, (char *)&packet
.icmp
, sizeof(struct icmp
), 0,
1758 (struct sockaddr
*)&saddr
, sizeof(saddr
))));
1760 for (now
= start
= dnsmasq_time(), timeout_count
= 0;
1761 (difftime(now
, start
) < (float)PING_WAIT
) && (timeout_count
< PING_WAIT
* 4);)
1763 struct sockaddr_in faddr
;
1764 socklen_t len
= sizeof(faddr
);
1767 poll_listen(fd
, POLLIN
);
1768 set_dns_listeners(now
);
1772 if (daemon
->doing_ra
)
1773 poll_listen(daemon
->icmp6fd
, POLLIN
);
1783 now
= dnsmasq_time();
1785 check_log_writer(0);
1786 check_dns_listeners(now
);
1789 if (daemon
->doing_ra
&& poll_check(daemon
->icmp6fd
, POLLIN
))
1794 check_tftp_listeners(now
);
1797 if (poll_check(fd
, POLLIN
) &&
1798 recvfrom(fd
, &packet
, sizeof(packet
), 0,
1799 (struct sockaddr
*)&faddr
, &len
) == sizeof(packet
) &&
1800 saddr
.sin_addr
.s_addr
== faddr
.sin_addr
.s_addr
&&
1801 packet
.icmp
.icmp_type
== ICMP_ECHOREPLY
&&
1802 packet
.icmp
.icmp_seq
== 0 &&
1803 packet
.icmp
.icmp_id
== id
)
1810 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1811 while (retry_send(close(fd
)));
1814 setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &opt
, sizeof(opt
));