]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/forward.c
projects / people / ms / dnsmasq.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
import of dnsmasq-2.34.tar.gz
[people/ms/dnsmasq.git] / src / forward.c
1 /* dnsmasq is Copyright (c) 2000 - 2005 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991.
6
7 This program is distributed in the hope that it will be useful,
8 but WITHOUT ANY WARRANTY; without even the implied warranty of
9 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 GNU General Public License for more details.
11 */
12
13 #include "dnsmasq.h"
14
15 static struct frec *frec_list = NULL;
16
17 static struct frec *lookup_frec(unsigned short id);
18 static struct frec *lookup_frec_by_sender(unsigned short id,
19 union mysockaddr *addr,
20 unsigned int crc);
21 static unsigned short get_id(void);
22
23
24 /* Send a UDP packet with it's source address set as "source"
25 unless nowild is true, when we just send it with the kernel default */
26 static void send_from(int fd, int nowild, char *packet, size_t len,
27 union mysockaddr *to, struct all_addr *source,
28 unsigned int iface)
29 {
30 struct msghdr msg;
31 struct iovec iov[1];
32 union {
33 struct cmsghdr align; /* this ensures alignment */
34 #if defined(HAVE_LINUX_NETWORK)
35 char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
36 #elif defined(IP_SENDSRCADDR)
37 char control[CMSG_SPACE(sizeof(struct in_addr))];
38 #endif
39 #ifdef HAVE_IPV6
40 char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
41 #endif
42 } control_u;
43
44 iov[0].iov_base = packet;
45 iov[0].iov_len = len;
46
47 msg.msg_control = NULL;
48 msg.msg_controllen = 0;
49 msg.msg_flags = 0;
50 msg.msg_name = to;
51 msg.msg_namelen = sa_len(to);
52 msg.msg_iov = iov;
53 msg.msg_iovlen = 1;
54
55 if (!nowild)
56 {
57 struct cmsghdr *cmptr;
58 msg.msg_control = &control_u;
59 msg.msg_controllen = sizeof(control_u);
60 cmptr = CMSG_FIRSTHDR(&msg);
61
62 if (to->sa.sa_family == AF_INET)
63 {
64 #if defined(HAVE_LINUX_NETWORK)
65 struct in_pktinfo *pkt = (struct in_pktinfo *)CMSG_DATA(cmptr);
66 pkt->ipi_ifindex = 0;
67 pkt->ipi_spec_dst = source->addr.addr4;
68 msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
69 cmptr->cmsg_level = SOL_IP;
70 cmptr->cmsg_type = IP_PKTINFO;
71 #elif defined(IP_SENDSRCADDR)
72 struct in_addr *a = (struct in_addr *)CMSG_DATA(cmptr);
73 *a = source->addr.addr4;
74 msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
75 cmptr->cmsg_level = IPPROTO_IP;
76 cmptr->cmsg_type = IP_SENDSRCADDR;
77 #endif
78 }
79 else
80 #ifdef HAVE_IPV6
81 {
82 struct in6_pktinfo *pkt = (struct in6_pktinfo *)CMSG_DATA(cmptr);
83 pkt->ipi6_ifindex = iface; /* Need iface for IPv6 to handle link-local addrs */
84 pkt->ipi6_addr = source->addr.addr6;
85 msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
86 cmptr->cmsg_type = IPV6_PKTINFO;
87 cmptr->cmsg_level = IPV6_LEVEL;
88 }
89 #else
90 iface = 0; /* eliminate warning */
91 #endif
92 }
93
94 retry:
95 if (sendmsg(fd, &msg, 0) == -1)
96 {
97 /* certain Linux kernels seem to object to setting the source address in the IPv6 stack
98 by returning EINVAL from sendmsg. In that case, try again without setting the
99 source address, since it will nearly alway be correct anyway. IPv6 stinks. */
100 if (errno == EINVAL && msg.msg_controllen)
101 {
102 msg.msg_controllen = 0;
103 goto retry;
104 }
105 if (retry_send())
106 goto retry;
107 }
108 }
109
110 static unsigned short search_servers(struct daemon *daemon, time_t now, struct all_addr **addrpp,
111 unsigned short qtype, char *qdomain, int *type, char **domain)
112
113 {
114 /* If the query ends in the domain in one of our servers, set
115 domain to point to that name. We find the largest match to allow both
116 domain.org and sub.domain.org to exist. */
117
118 unsigned int namelen = strlen(qdomain);
119 unsigned int matchlen = 0;
120 struct server *serv;
121 unsigned short flags = 0;
122
123 for (serv = daemon->servers; serv; serv=serv->next)
124 /* domain matches take priority over NODOTS matches */
125 if ((serv->flags & SERV_FOR_NODOTS) && *type != SERV_HAS_DOMAIN && !strchr(qdomain, '.') && namelen != 0)
126 {
127 unsigned short sflag = serv->addr.sa.sa_family == AF_INET ? F_IPV4 : F_IPV6;
128 *type = SERV_FOR_NODOTS;
129 if (serv->flags & SERV_NO_ADDR)
130 flags = F_NXDOMAIN;
131 else if (serv->flags & SERV_LITERAL_ADDRESS)
132 {
133 if (sflag & qtype)
134 {
135 flags = sflag;
136 if (serv->addr.sa.sa_family == AF_INET)
137 *addrpp = (struct all_addr *)&serv->addr.in.sin_addr;
138 #ifdef HAVE_IPV6
139 else
140 *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
141 #endif
142 }
143 else if (!flags)
144 flags = F_NOERR;
145 }
146 }
147 else if (serv->flags & SERV_HAS_DOMAIN)
148 {
149 unsigned int domainlen = strlen(serv->domain);
150 char *matchstart = qdomain + namelen - domainlen;
151 if (namelen >= domainlen &&
152 hostname_isequal(matchstart, serv->domain) &&
153 domainlen >= matchlen &&
154 (domainlen == 0 || namelen == domainlen || *(serv->domain) == '.' || *(matchstart-1) == '.' ))
155 {
156 unsigned short sflag = serv->addr.sa.sa_family == AF_INET ? F_IPV4 : F_IPV6;
157 *type = SERV_HAS_DOMAIN;
158 *domain = serv->domain;
159 matchlen = domainlen;
160 if (serv->flags & SERV_NO_ADDR)
161 flags = F_NXDOMAIN;
162 else if (serv->flags & SERV_LITERAL_ADDRESS)
163 {
164 if ((sflag | F_QUERY ) & qtype)
165 {
166 flags = qtype;
167 if (serv->addr.sa.sa_family == AF_INET)
168 *addrpp = (struct all_addr *)&serv->addr.in.sin_addr;
169 #ifdef HAVE_IPV6
170 else
171 *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
172 #endif
173 }
174 else if (!flags)
175 flags = F_NOERR;
176 }
177 }
178 }
179
180 if (flags & ~(F_NOERR | F_NXDOMAIN)) /* flags set here means a literal found */
181 {
182 if (flags & F_QUERY)
183 log_query(F_CONFIG | F_FORWARD | F_NEG, qdomain, NULL, 0, NULL, 0);
184 else
185 log_query(F_CONFIG | F_FORWARD | flags, qdomain, *addrpp, 0, NULL, 0);
186 }
187 else if (qtype && (daemon->options & OPT_NODOTS_LOCAL) && !strchr(qdomain, '.') && namelen != 0)
188 flags = F_NXDOMAIN;
189
190 if (flags == F_NXDOMAIN && check_for_local_domain(qdomain, now, daemon))
191 flags = F_NOERR;
192
193 if (flags == F_NXDOMAIN || flags == F_NOERR)
194 log_query(F_CONFIG | F_FORWARD | F_NEG | qtype | (flags & F_NXDOMAIN), qdomain, NULL, 0, NULL, 0);
195
196 return flags;
197 }
198
199 /* returns new last_server */
200 static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *udpaddr,
201 struct all_addr *dst_addr, unsigned int dst_iface,
202 HEADER *header, size_t plen, time_t now, struct frec *forward)
203 {
204 char *domain = NULL;
205 int type = 0;
206 struct all_addr *addrp = NULL;
207 unsigned int crc = questions_crc(header, plen, daemon->namebuff);
208 unsigned short flags = 0;
209 unsigned short gotname = extract_request(header, plen, daemon->namebuff, NULL);
210 struct server *start = NULL;
211
212 /* may be no servers available. */
213 if (!daemon->servers)
214 forward = NULL;
215 else if (forward || (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, crc)))
216 {
217 /* retry on existing query, send to all available servers */
218 domain = forward->sentto->domain;
219 if (!(daemon->options & OPT_ORDER))
220 {
221 forward->forwardall = 1;
222 daemon->last_server = NULL;
223 }
224 type = forward->sentto->flags & SERV_TYPE;
225 if (!(start = forward->sentto->next))
226 start = daemon->servers; /* at end of list, recycle */
227 header->id = htons(forward->new_id);
228 }
229 else
230 {
231 if (gotname)
232 flags = search_servers(daemon, now, &addrp, gotname, daemon->namebuff, &type, &domain);
233
234 if (!flags && !(forward = get_new_frec(daemon, now, NULL)))
235 /* table full - server failure. */
236 flags = F_NEG;
237
238 if (forward)
239 {
240 forward->source = *udpaddr;
241 forward->dest = *dst_addr;
242 forward->iface = dst_iface;
243 forward->new_id = get_id();
244 forward->fd = udpfd;
245 forward->orig_id = ntohs(header->id);
246 forward->crc = crc;
247 forward->forwardall = 0;
248 header->id = htons(forward->new_id);
249
250 /* In strict_order mode, or when using domain specific servers
251 always try servers in the order specified in resolv.conf,
252 otherwise, use the one last known to work. */
253
254 if (type != 0 || (daemon->options & OPT_ORDER))
255 start = daemon->servers;
256 else if (!(start = daemon->last_server))
257 {
258 start = daemon->servers;
259 forward->forwardall = 1;
260 }
261 }
262 }
263
264 /* check for send errors here (no route to host)
265 if we fail to send to all nameservers, send back an error
266 packet straight away (helps modem users when offline) */
267
268 if (!flags && forward)
269 {
270 struct server *firstsentto = start;
271 int forwarded = 0;
272
273 while (1)
274 {
275 /* only send to servers dealing with our domain.
276 domain may be NULL, in which case server->domain
277 must be NULL also. */
278
279 if (type == (start->flags & SERV_TYPE) &&
280 (type != SERV_HAS_DOMAIN || hostname_isequal(domain, start->domain)) &&
281 !(start->flags & SERV_LITERAL_ADDRESS))
282 {
283 if (sendto(start->sfd->fd, (char *)header, plen, 0,
284 &start->addr.sa,
285 sa_len(&start->addr)) == -1)
286 {
287 if (retry_send())
288 continue;
289 }
290 else
291 {
292 /* Keep info in case we want to re-send this packet */
293 daemon->srv_save = start;
294 daemon->packet_len = plen;
295
296 if (!gotname)
297 strcpy(daemon->namebuff, "query");
298 if (start->addr.sa.sa_family == AF_INET)
299 log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff,
300 (struct all_addr *)&start->addr.in.sin_addr, 0,
301 NULL, 0);
302 #ifdef HAVE_IPV6
303 else
304 log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff,
305 (struct all_addr *)&start->addr.in6.sin6_addr, 0,
306 NULL, 0);
307 #endif
308 forwarded = 1;
309 forward->sentto = start;
310 if (!forward->forwardall)
311 break;
312 forward->forwardall++;
313 }
314 }
315
316 if (!(start = start->next))
317 start = daemon->servers;
318
319 if (start == firstsentto)
320 break;
321 }
322
323 if (forwarded)
324 return;
325
326 /* could not send on, prepare to return */
327 header->id = htons(forward->orig_id);
328 forward->new_id = 0; /* cancel */
329 }
330
331 /* could not send on, return empty answer or address if known for whole domain */
332 if (udpfd != -1)
333 {
334 plen = setup_reply(header, plen, addrp, flags, daemon->local_ttl);
335 send_from(udpfd, daemon->options & OPT_NOWILD, (char *)header, plen, udpaddr, dst_addr, dst_iface);
336 }
337
338 return;
339 }
340
341 static size_t process_reply(struct daemon *daemon, HEADER *header, time_t now,
342 unsigned int query_crc, struct server *server, size_t n)
343 {
344 unsigned char *pheader, *sizep;
345 int munged = 0;
346 size_t plen;
347
348 /* If upstream is advertising a larger UDP packet size
349 than we allow, trim it so that we don't get overlarge
350 requests for the client. */
351
352 if ((pheader = find_pseudoheader(header, n, &plen, &sizep)))
353 {
354 unsigned short udpsz;
355 unsigned char *psave = sizep;
356
357 GETSHORT(udpsz, sizep);
358 if (udpsz > daemon->edns_pktsz)
359 PUTSHORT(daemon->edns_pktsz, psave);
360 }
361
362 if (header->opcode != QUERY || (header->rcode != NOERROR && header->rcode != NXDOMAIN))
363 return n;
364
365 /* Complain loudly if the upstream server is non-recursive. */
366 if (!header->ra && header->rcode == NOERROR && ntohs(header->ancount) == 0 &&
367 server && !(server->flags & SERV_WARNED_RECURSIVE))
368 {
369 prettyprint_addr(&server->addr, daemon->namebuff);
370 syslog(LOG_WARNING, _("nameserver %s refused to do a recursive query"), daemon->namebuff);
371 if (!(daemon->options & OPT_LOG))
372 server->flags |= SERV_WARNED_RECURSIVE;
373 }
374
375 if (daemon->bogus_addr && header->rcode != NXDOMAIN &&
376 check_for_bogus_wildcard(header, n, daemon->namebuff, daemon->bogus_addr, now))
377 {
378 munged = 1;
379 header->rcode = NXDOMAIN;
380 header->aa = 0;
381 }
382 else
383 {
384 if (header->rcode == NXDOMAIN &&
385 extract_request(header, n, daemon->namebuff, NULL) &&
386 check_for_local_domain(daemon->namebuff, now, daemon))
387 {
388 /* if we forwarded a query for a locally known name (because it was for
389 an unknown type) and the answer is NXDOMAIN, convert that to NODATA,
390 since we know that the domain exists, even if upstream doesn't */
391 munged = 1;
392 header->aa = 1;
393 header->rcode = NOERROR;
394 }
395
396 /* If the crc of the question section doesn't match the crc we sent, then
397 someone might be attempting to insert bogus values into the cache by
398 sending replies containing questions and bogus answers. */
399 if (query_crc == questions_crc(header, n, daemon->namebuff))
400 extract_addresses(header, n, daemon->namebuff, now, daemon);
401 }
402
403 /* do this after extract_addresses. Ensure NODATA reply and remove
404 nameserver info. */
405
406 if (munged)
407 {
408 header->ancount = htons(0);
409 header->nscount = htons(0);
410 header->arcount = htons(0);
411 }
412
413 /* the bogus-nxdomain stuff, doctor and NXDOMAIN->NODATA munging can all elide
414 sections of the packet. Find the new length here and put back pseudoheader
415 if it was removed. */
416 return resize_packet(header, n, pheader, plen);
417 }
418
419 /* sets new last_server */
420 void reply_query(struct serverfd *sfd, struct daemon *daemon, time_t now)
421 {
422 /* packet from peer server, extract data for cache, and send to
423 original requester */
424 struct frec *forward;
425 HEADER *header;
426 union mysockaddr serveraddr;
427 socklen_t addrlen = sizeof(serveraddr);
428 ssize_t n = recvfrom(sfd->fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen);
429 size_t nn;
430
431 /* packet buffer overwritten */
432 daemon->srv_save = NULL;
433
434 /* Determine the address of the server replying so that we can mark that as good */
435 serveraddr.sa.sa_family = sfd->source_addr.sa.sa_family;
436 #ifdef HAVE_IPV6
437 if (serveraddr.sa.sa_family == AF_INET6)
438 serveraddr.in6.sin6_flowinfo = 0;
439 #endif
440
441 header = (HEADER *)daemon->packet;
442 forward = lookup_frec(ntohs(header->id));
443
444 if (n >= (int)sizeof(HEADER) && header->qr && forward)
445 {
446 struct server *server = forward->sentto;
447
448 if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && forward->forwardall == 0)
449 /* for broken servers, attempt to send to another one. */
450 {
451 unsigned char *pheader;
452 size_t plen;
453
454 /* recreate query from reply */
455 pheader = find_pseudoheader(header, (size_t)n, &plen, NULL);
456 header->ancount = htons(0);
457 header->nscount = htons(0);
458 header->arcount = htons(0);
459 if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
460 {
461 header->qr = 0;
462 header->tc = 0;
463 forward_query(daemon, -1, NULL, NULL, 0, header, nn, now, forward);
464 return;
465 }
466 }
467
468 if ((forward->sentto->flags & SERV_TYPE) == 0)
469 {
470 if (header->rcode == SERVFAIL || header->rcode == REFUSED)
471 server = NULL;
472 else
473 {
474 struct server *last_server;
475 /* find good server by address if possible, otherwise assume the last one we sent to */
476 for (last_server = daemon->servers; last_server; last_server = last_server->next)
477 if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) &&
478 sockaddr_isequal(&last_server->addr, &serveraddr))
479 {
480 server = last_server;
481 break;
482 }
483 }
484 daemon->last_server = server;
485 }
486
487 /* If the answer is an error, keep the forward record in place in case
488 we get a good reply from another server. Kill it when we've
489 had replies from all to avoid filling the forwarding table when
490 everything is broken */
491 if (forward->forwardall == 0 || --forward->forwardall == 1 ||
492 (header->rcode != REFUSED && header->rcode != SERVFAIL))
493 {
494 if ((nn = process_reply(daemon, header, now, forward->crc, server, (size_t)n)))
495 {
496 header->id = htons(forward->orig_id);
497 header->ra = 1; /* recursion if available */
498 send_from(forward->fd, daemon->options & OPT_NOWILD, daemon->packet, nn,
499 &forward->source, &forward->dest, forward->iface);
500 }
501 forward->new_id = 0; /* cancel */
502 }
503 }
504 }
505
506 void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
507 {
508 HEADER *header = (HEADER *)daemon->packet;
509 union mysockaddr source_addr;
510 unsigned short type;
511 struct all_addr dst_addr;
512 struct in_addr netmask, dst_addr_4;
513 size_t m;
514 ssize_t n;
515 int if_index = 0;
516 struct iovec iov[1];
517 struct msghdr msg;
518 struct cmsghdr *cmptr;
519 union {
520 struct cmsghdr align; /* this ensures alignment */
521 #ifdef HAVE_IPV6
522 char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
523 #endif
524 #if defined(HAVE_LINUX_NETWORK)
525 char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
526 #elif defined(IP_RECVDSTADDR)
527 char control[CMSG_SPACE(sizeof(struct in_addr)) +
528 CMSG_SPACE(sizeof(struct sockaddr_dl))];
529 #endif
530 } control_u;
531
532 /* packet buffer overwritten */
533 daemon->srv_save = NULL;
534
535 if (listen->family == AF_INET && (daemon->options & OPT_NOWILD))
536 {
537 dst_addr_4 = listen->iface->addr.in.sin_addr;
538 netmask = listen->iface->netmask;
539 }
540 else
541 {
542 dst_addr_4.s_addr = 0;
543 netmask.s_addr = 0;
544 }
545
546 iov[0].iov_base = daemon->packet;
547 iov[0].iov_len = daemon->edns_pktsz;
548
549 msg.msg_control = control_u.control;
550 msg.msg_controllen = sizeof(control_u);
551 msg.msg_flags = 0;
552 msg.msg_name = &source_addr;
553 msg.msg_namelen = sizeof(source_addr);
554 msg.msg_iov = iov;
555 msg.msg_iovlen = 1;
556
557 if ((n = recvmsg(listen->fd, &msg, 0)) == -1)
558 return;
559
560 if (n < (int)sizeof(HEADER) ||
561 (msg.msg_flags & MSG_TRUNC) ||
562 header->qr)
563 return;
564
565 source_addr.sa.sa_family = listen->family;
566 #ifdef HAVE_IPV6
567 if (listen->family == AF_INET6)
568 source_addr.in6.sin6_flowinfo = 0;
569 #endif
570
571 if (!(daemon->options & OPT_NOWILD))
572 {
573 struct ifreq ifr;
574
575 if (msg.msg_controllen < sizeof(struct cmsghdr))
576 return;
577
578 #if defined(HAVE_LINUX_NETWORK)
579 if (listen->family == AF_INET)
580 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
581 if (cmptr->cmsg_level == SOL_IP && cmptr->cmsg_type == IP_PKTINFO)
582 {
583 dst_addr_4 = dst_addr.addr.addr4 = ((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_spec_dst;
584 if_index = ((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_ifindex;
585 }
586 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
587 if (listen->family == AF_INET)
588 {
589 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
590 if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVDSTADDR)
591 dst_addr_4 = dst_addr.addr.addr4 = *((struct in_addr *)CMSG_DATA(cmptr));
592 else if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
593 if_index = ((struct sockaddr_dl *)CMSG_DATA(cmptr))->sdl_index;
594 }
595 #endif
596
597 #ifdef HAVE_IPV6
598 if (listen->family == AF_INET6)
599 {
600 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
601 if (cmptr->cmsg_level == IPV6_LEVEL && cmptr->cmsg_type == IPV6_PKTINFO)
602 {
603 dst_addr.addr.addr6 = ((struct in6_pktinfo *)CMSG_DATA(cmptr))->ipi6_addr;
604 if_index =((struct in6_pktinfo *)CMSG_DATA(cmptr))->ipi6_ifindex;
605 }
606 }
607 #endif
608
609 /* enforce available interface configuration */
610
611 if (if_index == 0)
612 return;
613
614 if (daemon->if_except || daemon->if_names || (daemon->options & OPT_LOCALISE))
615 {
616 #ifdef SIOCGIFNAME
617 ifr.ifr_ifindex = if_index;
618 if (ioctl(listen->fd, SIOCGIFNAME, &ifr) == -1)
619 return;
620 #else
621 if (!if_indextoname(if_index, ifr.ifr_name))
622 return;
623 #endif
624
625 if (listen->family == AF_INET &&
626 (daemon->options & OPT_LOCALISE) &&
627 ioctl(listen->fd, SIOCGIFNETMASK, &ifr) == -1)
628 return;
629
630 netmask = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
631 }
632
633 if (!iface_check(daemon, listen->family, &dst_addr, ifr.ifr_name))
634 return;
635 }
636
637 if (extract_request(header, (size_t)n, daemon->namebuff, &type))
638 {
639 if (listen->family == AF_INET)
640 log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
641 (struct all_addr *)&source_addr.in.sin_addr, type, NULL, 0);
642 #ifdef HAVE_IPV6
643 else
644 log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff,
645 (struct all_addr *)&source_addr.in6.sin6_addr, type, NULL, 0);
646 #endif
647 }
648
649 m = answer_request (header, ((char *) header) + PACKETSZ, (size_t)n, daemon,
650 dst_addr_4, netmask, now);
651 if (m >= 1)
652 send_from(listen->fd, daemon->options & OPT_NOWILD, (char *)header, m, &source_addr, &dst_addr, if_index);
653 else
654 forward_query(daemon, listen->fd, &source_addr, &dst_addr, if_index,
655 header, (size_t)n, now, NULL);
656 }
657
658 /* The daemon forks before calling this: it should deal with one connection,
659 blocking as neccessary, and then return. Note, need to be a bit careful
660 about resources for debug mode, when the fork is suppressed: that's
661 done by the caller. */
662 unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
663 struct in_addr local_addr, struct in_addr netmask)
664 {
665 int size = 0;
666 size_t m;
667 unsigned short qtype, gotname;
668 unsigned char c1, c2;
669 /* Max TCP packet + slop */
670 unsigned char *packet = malloc(65536 + MAXDNAME + RRFIXEDSZ);
671 HEADER *header;
672 struct server *last_server;
673
674 while (1)
675 {
676 if (!packet ||
677 !read_write(confd, &c1, 1, 1) || !read_write(confd, &c2, 1, 1) ||
678 !(size = c1 << 8 | c2) ||
679 !read_write(confd, packet, size, 1))
680 return packet;
681
682 if (size < (int)sizeof(HEADER))
683 continue;
684
685 header = (HEADER *)packet;
686
687 if ((gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype)))
688 {
689 union mysockaddr peer_addr;
690 socklen_t peer_len = sizeof(union mysockaddr);
691
692 if (getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) != -1)
693 {
694 if (peer_addr.sa.sa_family == AF_INET)
695 log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
696 (struct all_addr *)&peer_addr.in.sin_addr, qtype, NULL, 0);
697 #ifdef HAVE_IPV6
698 else
699 log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff,
700 (struct all_addr *)&peer_addr.in6.sin6_addr, qtype, NULL, 0);
701 #endif
702 }
703 }
704
705 /* m > 0 if answered from cache */
706 m = answer_request(header, ((char *) header) + 65536, (unsigned int)size, daemon,
707 local_addr, netmask, now);
708
709 if (m == 0)
710 {
711 unsigned short flags = 0;
712 struct all_addr *addrp = NULL;
713 int type = 0;
714 char *domain = NULL;
715
716 if (gotname)
717 flags = search_servers(daemon, now, &addrp, gotname, daemon->namebuff, &type, &domain);
718
719 if (type != 0 || (daemon->options & OPT_ORDER) || !daemon->last_server)
720 last_server = daemon->servers;
721 else
722 last_server = daemon->last_server;
723
724 if (!flags && last_server)
725 {
726 struct server *firstsendto = NULL;
727 unsigned int crc = questions_crc(header, (unsigned int)size, daemon->namebuff);
728
729 /* Loop round available servers until we succeed in connecting to one.
730 Note that this code subtley ensures that consecutive queries on this connection
731 which can go to the same server, do so. */
732 while (1)
733 {
734 if (!firstsendto)
735 firstsendto = last_server;
736 else
737 {
738 if (!(last_server = last_server->next))
739 last_server = daemon->servers;
740
741 if (last_server == firstsendto)
742 break;
743 }
744
745 /* server for wrong domain */
746 if (type != (last_server->flags & SERV_TYPE) ||
747 (type == SERV_HAS_DOMAIN && !hostname_isequal(domain, last_server->domain)))
748 continue;
749
750 if ((last_server->tcpfd == -1) &&
751 (last_server->tcpfd = socket(last_server->addr.sa.sa_family, SOCK_STREAM, 0)) != -1 &&
752 connect(last_server->tcpfd, &last_server->addr.sa, sa_len(&last_server->addr)) == -1)
753 {
754 close(last_server->tcpfd);
755 last_server->tcpfd = -1;
756 }
757
758 if (last_server->tcpfd == -1)
759 continue;
760
761 c1 = size >> 8;
762 c2 = size;
763
764 if (!read_write(last_server->tcpfd, &c1, 1, 0) ||
765 !read_write(last_server->tcpfd, &c2, 1, 0) ||
766 !read_write(last_server->tcpfd, packet, size, 0) ||
767 !read_write(last_server->tcpfd, &c1, 1, 1) ||
768 !read_write(last_server->tcpfd, &c2, 1, 1))
769 {
770 close(last_server->tcpfd);
771 last_server->tcpfd = -1;
772 continue;
773 }
774
775 m = (c1 << 8) | c2;
776 if (!read_write(last_server->tcpfd, packet, m, 1))
777 return packet;
778
779 if (!gotname)
780 strcpy(daemon->namebuff, "query");
781 if (last_server->addr.sa.sa_family == AF_INET)
782 log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff,
783 (struct all_addr *)&last_server->addr.in.sin_addr, 0, NULL, 0);
784 #ifdef HAVE_IPV6
785 else
786 log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff,
787 (struct all_addr *)&last_server->addr.in6.sin6_addr, 0, NULL, 0);
788 #endif
789
790 /* There's no point in updating the cache, since this process will exit and
791 lose the information after one query. We make this call for the alias and
792 bogus-nxdomain side-effects. */
793 m = process_reply(daemon, header, now, crc, last_server, (unsigned int)m);
794
795 break;
796 }
797 }
798
799 /* In case of local answer or no connections made. */
800 if (m == 0)
801 m = setup_reply(header, (unsigned int)size, addrp, flags, daemon->local_ttl);
802 }
803
804 c1 = m>>8;
805 c2 = m;
806 if (!read_write(confd, &c1, 1, 0) ||
807 !read_write(confd, &c2, 1, 0) ||
808 !read_write(confd, packet, m, 0))
809 return packet;
810 }
811 }
812
813 static struct frec *allocate_frec(time_t now)
814 {
815 struct frec *f;
816
817 if ((f = (struct frec *)malloc(sizeof(struct frec))))
818 {
819 f->next = frec_list;
820 f->time = now;
821 f->new_id = 0;
822 frec_list = f;
823 }
824
825 return f;
826 }
827
828 /* if wait==NULL return a free or older than TIMEOUT record.
829 else return *wait zero if one available, or *wait is delay to
830 when the oldest in-use record will expire. */
831 struct frec *get_new_frec(struct daemon *daemon, time_t now, int *wait)
832 {
833 struct frec *f, *oldest;
834 int count;
835
836 if (wait)
837 *wait = 0;
838
839 for (f = frec_list, oldest = NULL, count = 0; f; f = f->next, count++)
840 if (f->new_id == 0)
841 {
842 f->time = now;
843 return f;
844 }
845 else if (!oldest || difftime(f->time, oldest->time) <= 0)
846 oldest = f;
847
848 /* can't find empty one, use oldest if there is one
849 and it's older than timeout */
850 if (oldest && ((int)difftime(now, oldest->time)) >= TIMEOUT)
851 {
852 /* keep stuff for twice timeout if we can by allocating a new
853 record instead */
854 if (difftime(now, oldest->time) < 2*TIMEOUT &&
855 count <= daemon->ftabsize &&
856 (f = allocate_frec(now)))
857 return f;
858
859 if (!wait)
860 {
861 oldest->new_id = 0;
862 oldest->time = now;
863 }
864 return oldest;
865 }
866
867 /* none available, calculate time 'till oldest record expires */
868 if (count > daemon->ftabsize)
869 {
870 if (oldest && wait)
871 *wait = oldest->time + (time_t)TIMEOUT - now;
872 return NULL;
873 }
874
875 if (!(f = allocate_frec(now)) && wait)
876 /* wait one second on malloc failure */
877 *wait = 1;
878
879 return f; /* OK if malloc fails and this is NULL */
880 }
881
882 static struct frec *lookup_frec(unsigned short id)
883 {
884 struct frec *f;
885
886 for(f = frec_list; f; f = f->next)
887 if (f->new_id == id)
888 return f;
889
890 return NULL;
891 }
892
893 static struct frec *lookup_frec_by_sender(unsigned short id,
894 union mysockaddr *addr,
895 unsigned int crc)
896 {
897 struct frec *f;
898
899 for(f = frec_list; f; f = f->next)
900 if (f->new_id &&
901 f->orig_id == id &&
902 f->crc == crc &&
903 sockaddr_isequal(&f->source, addr))
904 return f;
905
906 return NULL;
907 }
908
909 /* A server record is going away, remove references to it */
910 void server_gone(struct daemon *daemon, struct server *server)
911 {
912 struct frec *f;
913
914 for (f = frec_list; f; f = f->next)
915 if (f->new_id != 0 && f->sentto == server)
916 f->new_id = 0;
917
918 if (daemon->last_server == server)
919 daemon->last_server = NULL;
920
921 if (daemon->srv_save == server)
922 daemon->srv_save = NULL;
923 }
924
925 /* return unique random ids between 1 and 65535 */
926 static unsigned short get_id(void)
927 {
928 unsigned short ret = 0;
929
930 while (ret == 0)
931 {
932 ret = rand16();
933
934 /* scrap ids already in use */
935 if ((ret != 0) && lookup_frec(ret))
936 ret = 0;
937 }
938
939 return ret;
940 }
941
942
943
944
945
Michael's tree of dnsmasq.