]>
git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/forward.c
1 /* dnsmasq is Copyright (c) 2000-2011 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 static struct frec
*lookup_frec(unsigned short id
, unsigned int crc
);
20 static struct frec
*lookup_frec_by_sender(unsigned short id
,
21 union mysockaddr
*addr
,
23 static unsigned short get_id(unsigned int crc
);
24 static void free_frec(struct frec
*f
);
25 static struct randfd
*allocate_rfd(int family
);
27 /* Send a UDP packet with its source address set as "source"
28 unless nowild is true, when we just send it with the kernel default */
29 static void send_from(int fd
, int nowild
, char *packet
, size_t len
,
30 union mysockaddr
*to
, struct all_addr
*source
,
36 struct cmsghdr align
; /* this ensures alignment */
37 #if defined(HAVE_LINUX_NETWORK)
38 char control
[CMSG_SPACE(sizeof(struct in_pktinfo
))];
39 #elif defined(IP_SENDSRCADDR)
40 char control
[CMSG_SPACE(sizeof(struct in_addr
))];
43 char control6
[CMSG_SPACE(sizeof(struct in6_pktinfo
))];
47 iov
[0].iov_base
= packet
;
50 msg
.msg_control
= NULL
;
51 msg
.msg_controllen
= 0;
54 msg
.msg_namelen
= sa_len(to
);
60 struct cmsghdr
*cmptr
;
61 msg
.msg_control
= &control_u
;
62 msg
.msg_controllen
= sizeof(control_u
);
63 cmptr
= CMSG_FIRSTHDR(&msg
);
65 if (to
->sa
.sa_family
== AF_INET
)
67 #if defined(HAVE_LINUX_NETWORK)
70 p
.ipi_spec_dst
= source
->addr
.addr4
;
71 memcpy(CMSG_DATA(cmptr
), &p
, sizeof(p
));
72 msg
.msg_controllen
= cmptr
->cmsg_len
= CMSG_LEN(sizeof(struct in_pktinfo
));
73 cmptr
->cmsg_level
= SOL_IP
;
74 cmptr
->cmsg_type
= IP_PKTINFO
;
75 #elif defined(IP_SENDSRCADDR)
76 memcpy(CMSG_DATA(cmptr
), &(source
->addr
.addr4
), sizeof(source
->addr
.addr4
));
77 msg
.msg_controllen
= cmptr
->cmsg_len
= CMSG_LEN(sizeof(struct in_addr
));
78 cmptr
->cmsg_level
= IPPROTO_IP
;
79 cmptr
->cmsg_type
= IP_SENDSRCADDR
;
86 p
.ipi6_ifindex
= iface
; /* Need iface for IPv6 to handle link-local addrs */
87 p
.ipi6_addr
= source
->addr
.addr6
;
88 memcpy(CMSG_DATA(cmptr
), &p
, sizeof(p
));
89 msg
.msg_controllen
= cmptr
->cmsg_len
= CMSG_LEN(sizeof(struct in6_pktinfo
));
90 cmptr
->cmsg_type
= daemon
->v6pktinfo
;
91 cmptr
->cmsg_level
= IPV6_LEVEL
;
94 iface
= 0; /* eliminate warning */
99 if (sendmsg(fd
, &msg
, 0) == -1)
101 /* certain Linux kernels seem to object to setting the source address in the IPv6 stack
102 by returning EINVAL from sendmsg. In that case, try again without setting the
103 source address, since it will nearly alway be correct anyway. IPv6 stinks. */
104 if (errno
== EINVAL
&& msg
.msg_controllen
)
106 msg
.msg_controllen
= 0;
114 static unsigned int search_servers(time_t now
, struct all_addr
**addrpp
,
115 unsigned int qtype
, char *qdomain
, int *type
, char **domain
, int *norebind
)
118 /* If the query ends in the domain in one of our servers, set
119 domain to point to that name. We find the largest match to allow both
120 domain.org and sub.domain.org to exist. */
122 unsigned int namelen
= strlen(qdomain
);
123 unsigned int matchlen
= 0;
125 unsigned int flags
= 0;
127 for (serv
= daemon
->servers
; serv
; serv
=serv
->next
)
128 /* domain matches take priority over NODOTS matches */
129 if ((serv
->flags
& SERV_FOR_NODOTS
) && *type
!= SERV_HAS_DOMAIN
&& !strchr(qdomain
, '.') && namelen
!= 0)
131 unsigned int sflag
= serv
->addr
.sa
.sa_family
== AF_INET
? F_IPV4
: F_IPV6
;
132 *type
= SERV_FOR_NODOTS
;
133 if (serv
->flags
& SERV_NO_ADDR
)
135 else if (serv
->flags
& SERV_LITERAL_ADDRESS
)
140 if (serv
->addr
.sa
.sa_family
== AF_INET
)
141 *addrpp
= (struct all_addr
*)&serv
->addr
.in
.sin_addr
;
144 *addrpp
= (struct all_addr
*)&serv
->addr
.in6
.sin6_addr
;
147 else if (!flags
|| (flags
& F_NXDOMAIN
))
151 else if (serv
->flags
& SERV_HAS_DOMAIN
)
153 unsigned int domainlen
= strlen(serv
->domain
);
154 char *matchstart
= qdomain
+ namelen
- domainlen
;
155 if (namelen
>= domainlen
&&
156 hostname_isequal(matchstart
, serv
->domain
) &&
157 (domainlen
== 0 || namelen
== domainlen
|| *(matchstart
-1) == '.' ))
159 if (serv
->flags
& SERV_NO_REBIND
)
163 unsigned int sflag
= serv
->addr
.sa
.sa_family
== AF_INET
? F_IPV4
: F_IPV6
;
164 /* implement priority rules for --address and --server for same domain.
165 --address wins if the address is for the correct AF
166 --server wins otherwise. */
167 if (domainlen
!= 0 && domainlen
== matchlen
)
169 if ((serv
->flags
& SERV_LITERAL_ADDRESS
))
171 if (!(sflag
& qtype
) && flags
== 0)
176 if (flags
& (F_IPV4
| F_IPV6
))
181 if (domainlen
>= matchlen
)
183 *type
= serv
->flags
& (SERV_HAS_DOMAIN
| SERV_USE_RESOLV
| SERV_NO_REBIND
);
184 *domain
= serv
->domain
;
185 matchlen
= domainlen
;
186 if (serv
->flags
& SERV_NO_ADDR
)
188 else if (serv
->flags
& SERV_LITERAL_ADDRESS
)
193 if (serv
->addr
.sa
.sa_family
== AF_INET
)
194 *addrpp
= (struct all_addr
*)&serv
->addr
.in
.sin_addr
;
197 *addrpp
= (struct all_addr
*)&serv
->addr
.in6
.sin6_addr
;
200 else if (!flags
|| (flags
& F_NXDOMAIN
))
210 if (flags
== 0 && !(qtype
& F_NSRR
) &&
211 option_bool(OPT_NODOTS_LOCAL
) && !strchr(qdomain
, '.') && namelen
!= 0)
212 /* don't forward simple names, make exception for NS queries and empty name. */
215 if (flags
== F_NXDOMAIN
&& check_for_local_domain(qdomain
, now
))
222 if (flags
== F_NXDOMAIN
|| flags
== F_NOERR
)
223 logflags
= F_NEG
| qtype
;
225 log_query(logflags
| flags
| F_CONFIG
| F_FORWARD
, qdomain
, *addrpp
, NULL
);
227 else if ((*type
) & SERV_USE_RESOLV
)
229 *type
= 0; /* use normal servers for this domain */
235 static int forward_query(int udpfd
, union mysockaddr
*udpaddr
,
236 struct all_addr
*dst_addr
, unsigned int dst_iface
,
237 HEADER
*header
, size_t plen
, time_t now
, struct frec
*forward
)
240 int type
= 0, norebind
= 0;
241 struct all_addr
*addrp
= NULL
;
242 unsigned int crc
= questions_crc(header
, plen
, daemon
->namebuff
);
243 unsigned int flags
= 0;
244 unsigned int gotname
= extract_request(header
, plen
, daemon
->namebuff
, NULL
);
245 struct server
*start
= NULL
;
247 /* RFC 4035: sect 4.6 para 2 */
250 /* may be no servers available. */
251 if (!daemon
->servers
)
253 else if (forward
|| (forward
= lookup_frec_by_sender(ntohs(header
->id
), udpaddr
, crc
)))
255 /* retry on existing query, send to all available servers */
256 domain
= forward
->sentto
->domain
;
257 forward
->sentto
->failed_queries
++;
258 if (!option_bool(OPT_ORDER
))
260 forward
->forwardall
= 1;
261 daemon
->last_server
= NULL
;
263 type
= forward
->sentto
->flags
& SERV_TYPE
;
264 if (!(start
= forward
->sentto
->next
))
265 start
= daemon
->servers
; /* at end of list, recycle */
266 header
->id
= htons(forward
->new_id
);
271 flags
= search_servers(now
, &addrp
, gotname
, daemon
->namebuff
, &type
, &domain
, &norebind
);
273 if (!flags
&& !(forward
= get_new_frec(now
, NULL
)))
274 /* table full - server failure. */
279 forward
->source
= *udpaddr
;
280 forward
->dest
= *dst_addr
;
281 forward
->iface
= dst_iface
;
282 forward
->orig_id
= ntohs(header
->id
);
283 forward
->new_id
= get_id(crc
);
286 forward
->forwardall
= 0;
288 forward
->flags
|= FREC_NOREBIND
;
290 forward
->flags
|= FREC_CHECKING_DISABLED
;
292 header
->id
= htons(forward
->new_id
);
294 /* In strict_order mode, always try servers in the order
295 specified in resolv.conf, if a domain is given
296 always try all the available servers,
297 otherwise, use the one last known to work. */
301 if (option_bool(OPT_ORDER
))
302 start
= daemon
->servers
;
303 else if (!(start
= daemon
->last_server
) ||
304 daemon
->forwardcount
++ > FORWARD_TEST
||
305 difftime(now
, daemon
->forwardtime
) > FORWARD_TIME
)
307 start
= daemon
->servers
;
308 forward
->forwardall
= 1;
309 daemon
->forwardcount
= 0;
310 daemon
->forwardtime
= now
;
315 start
= daemon
->servers
;
316 if (!option_bool(OPT_ORDER
))
317 forward
->forwardall
= 1;
322 /* check for send errors here (no route to host)
323 if we fail to send to all nameservers, send back an error
324 packet straight away (helps modem users when offline) */
326 if (!flags
&& forward
)
328 struct server
*firstsentto
= start
;
331 if (udpaddr
&& option_bool(OPT_ADD_MAC
))
332 plen
= add_mac(header
, plen
, ((char *) header
) + PACKETSZ
, udpaddr
);
336 /* only send to servers dealing with our domain.
337 domain may be NULL, in which case server->domain
338 must be NULL also. */
340 if (type
== (start
->flags
& SERV_TYPE
) &&
341 (type
!= SERV_HAS_DOMAIN
|| hostname_isequal(domain
, start
->domain
)) &&
342 !(start
->flags
& SERV_LITERAL_ADDRESS
))
346 /* find server socket to use, may need to get random one. */
352 if (start
->addr
.sa
.sa_family
== AF_INET6
)
354 if (!forward
->rfd6
&&
355 !(forward
->rfd6
= allocate_rfd(AF_INET6
)))
357 daemon
->rfd_save
= forward
->rfd6
;
358 fd
= forward
->rfd6
->fd
;
363 if (!forward
->rfd4
&&
364 !(forward
->rfd4
= allocate_rfd(AF_INET
)))
366 daemon
->rfd_save
= forward
->rfd4
;
367 fd
= forward
->rfd4
->fd
;
371 if (sendto(fd
, (char *)header
, plen
, 0,
373 sa_len(&start
->addr
)) == -1)
380 /* Keep info in case we want to re-send this packet */
381 daemon
->srv_save
= start
;
382 daemon
->packet_len
= plen
;
385 strcpy(daemon
->namebuff
, "query");
386 if (start
->addr
.sa
.sa_family
== AF_INET
)
387 log_query(F_SERVER
| F_IPV4
| F_FORWARD
, daemon
->namebuff
,
388 (struct all_addr
*)&start
->addr
.in
.sin_addr
, NULL
);
391 log_query(F_SERVER
| F_IPV6
| F_FORWARD
, daemon
->namebuff
,
392 (struct all_addr
*)&start
->addr
.in6
.sin6_addr
, NULL
);
396 forward
->sentto
= start
;
397 if (!forward
->forwardall
)
399 forward
->forwardall
++;
403 if (!(start
= start
->next
))
404 start
= daemon
->servers
;
406 if (start
== firstsentto
)
413 /* could not send on, prepare to return */
414 header
->id
= htons(forward
->orig_id
);
415 free_frec(forward
); /* cancel */
418 /* could not send on, return empty answer or address if known for whole domain */
421 plen
= setup_reply(header
, plen
, addrp
, flags
, daemon
->local_ttl
);
422 send_from(udpfd
, option_bool(OPT_NOWILD
), (char *)header
, plen
, udpaddr
, dst_addr
, dst_iface
);
428 static size_t process_reply(HEADER
*header
, time_t now
,
429 struct server
*server
, size_t n
, int check_rebind
, int checking_disabled
)
431 unsigned char *pheader
, *sizep
;
432 int munged
= 0, is_sign
;
435 /* If upstream is advertising a larger UDP packet size
436 than we allow, trim it so that we don't get overlarge
437 requests for the client. We can't do this for signed packets. */
439 if ((pheader
= find_pseudoheader(header
, n
, &plen
, &sizep
, &is_sign
)) && !is_sign
)
441 unsigned short udpsz
;
442 unsigned char *psave
= sizep
;
444 GETSHORT(udpsz
, sizep
);
445 if (udpsz
> daemon
->edns_pktsz
)
446 PUTSHORT(daemon
->edns_pktsz
, psave
);
449 /* RFC 4035 sect 4.6 para 3 */
450 if (!is_sign
&& !option_bool(OPT_DNSSEC
))
453 if (header
->opcode
!= QUERY
|| (header
->rcode
!= NOERROR
&& header
->rcode
!= NXDOMAIN
))
456 /* Complain loudly if the upstream server is non-recursive. */
457 if (!header
->ra
&& header
->rcode
== NOERROR
&& ntohs(header
->ancount
) == 0 &&
458 server
&& !(server
->flags
& SERV_WARNED_RECURSIVE
))
460 prettyprint_addr(&server
->addr
, daemon
->namebuff
);
461 my_syslog(LOG_WARNING
, _("nameserver %s refused to do a recursive query"), daemon
->namebuff
);
462 if (!option_bool(OPT_LOG
))
463 server
->flags
|= SERV_WARNED_RECURSIVE
;
466 if (daemon
->bogus_addr
&& header
->rcode
!= NXDOMAIN
&&
467 check_for_bogus_wildcard(header
, n
, daemon
->namebuff
, daemon
->bogus_addr
, now
))
470 header
->rcode
= NXDOMAIN
;
475 if (header
->rcode
== NXDOMAIN
&&
476 extract_request(header
, n
, daemon
->namebuff
, NULL
) &&
477 check_for_local_domain(daemon
->namebuff
, now
))
479 /* if we forwarded a query for a locally known name (because it was for
480 an unknown type) and the answer is NXDOMAIN, convert that to NODATA,
481 since we know that the domain exists, even if upstream doesn't */
484 header
->rcode
= NOERROR
;
487 if (extract_addresses(header
, n
, daemon
->namebuff
, now
, is_sign
, check_rebind
, checking_disabled
))
489 my_syslog(LOG_WARNING
, _("possible DNS-rebind attack detected: %s"), daemon
->namebuff
);
494 /* do this after extract_addresses. Ensure NODATA reply and remove
499 header
->ancount
= htons(0);
500 header
->nscount
= htons(0);
501 header
->arcount
= htons(0);
504 /* the bogus-nxdomain stuff, doctor and NXDOMAIN->NODATA munging can all elide
505 sections of the packet. Find the new length here and put back pseudoheader
506 if it was removed. */
507 return resize_packet(header
, n
, pheader
, plen
);
510 /* sets new last_server */
511 void reply_query(int fd
, int family
, time_t now
)
513 /* packet from peer server, extract data for cache, and send to
514 original requester */
516 union mysockaddr serveraddr
;
517 struct frec
*forward
;
518 socklen_t addrlen
= sizeof(serveraddr
);
519 ssize_t n
= recvfrom(fd
, daemon
->packet
, daemon
->edns_pktsz
, 0, &serveraddr
.sa
, &addrlen
);
521 struct server
*server
;
523 /* packet buffer overwritten */
524 daemon
->srv_save
= NULL
;
526 /* Determine the address of the server replying so that we can mark that as good */
527 serveraddr
.sa
.sa_family
= family
;
529 if (serveraddr
.sa
.sa_family
== AF_INET6
)
530 serveraddr
.in6
.sin6_flowinfo
= 0;
533 /* spoof check: answer must come from known server, */
534 for (server
= daemon
->servers
; server
; server
= server
->next
)
535 if (!(server
->flags
& (SERV_LITERAL_ADDRESS
| SERV_NO_ADDR
)) &&
536 sockaddr_isequal(&server
->addr
, &serveraddr
))
539 header
= (HEADER
*)daemon
->packet
;
542 n
< (int)sizeof(HEADER
) || !header
->qr
||
543 !(forward
= lookup_frec(ntohs(header
->id
), questions_crc(header
, n
, daemon
->namebuff
))))
546 server
= forward
->sentto
;
548 if ((header
->rcode
== SERVFAIL
|| header
->rcode
== REFUSED
) &&
549 !option_bool(OPT_ORDER
) &&
550 forward
->forwardall
== 0)
551 /* for broken servers, attempt to send to another one. */
553 unsigned char *pheader
;
557 /* recreate query from reply */
558 pheader
= find_pseudoheader(header
, (size_t)n
, &plen
, NULL
, &is_sign
);
561 header
->ancount
= htons(0);
562 header
->nscount
= htons(0);
563 header
->arcount
= htons(0);
564 if ((nn
= resize_packet(header
, (size_t)n
, pheader
, plen
)))
568 forward_query(-1, NULL
, NULL
, 0, header
, nn
, now
, forward
);
574 if ((forward
->sentto
->flags
& SERV_TYPE
) == 0)
576 if (header
->rcode
== SERVFAIL
|| header
->rcode
== REFUSED
)
580 struct server
*last_server
;
582 /* find good server by address if possible, otherwise assume the last one we sent to */
583 for (last_server
= daemon
->servers
; last_server
; last_server
= last_server
->next
)
584 if (!(last_server
->flags
& (SERV_LITERAL_ADDRESS
| SERV_HAS_DOMAIN
| SERV_FOR_NODOTS
| SERV_NO_ADDR
)) &&
585 sockaddr_isequal(&last_server
->addr
, &serveraddr
))
587 server
= last_server
;
591 if (!option_bool(OPT_ALL_SERVERS
))
592 daemon
->last_server
= server
;
595 /* If the answer is an error, keep the forward record in place in case
596 we get a good reply from another server. Kill it when we've
597 had replies from all to avoid filling the forwarding table when
598 everything is broken */
599 if (forward
->forwardall
== 0 || --forward
->forwardall
== 1 ||
600 (header
->rcode
!= REFUSED
&& header
->rcode
!= SERVFAIL
))
602 int check_rebind
= !(forward
->flags
& FREC_NOREBIND
);
604 if (!option_bool(OPT_NO_REBIND
))
607 if ((nn
= process_reply(header
, now
, server
, (size_t)n
, check_rebind
, forward
->flags
& FREC_CHECKING_DISABLED
)))
609 header
->id
= htons(forward
->orig_id
);
610 header
->ra
= 1; /* recursion if available */
611 send_from(forward
->fd
, option_bool(OPT_NOWILD
), daemon
->packet
, nn
,
612 &forward
->source
, &forward
->dest
, forward
->iface
);
614 free_frec(forward
); /* cancel */
619 void receive_query(struct listener
*listen
, time_t now
)
621 HEADER
*header
= (HEADER
*)daemon
->packet
;
622 union mysockaddr source_addr
;
624 struct all_addr dst_addr
;
625 struct in_addr netmask
, dst_addr_4
;
631 struct cmsghdr
*cmptr
;
633 struct cmsghdr align
; /* this ensures alignment */
635 char control6
[CMSG_SPACE(sizeof(struct in6_pktinfo
))];
637 #if defined(HAVE_LINUX_NETWORK)
638 char control
[CMSG_SPACE(sizeof(struct in_pktinfo
))];
639 #elif defined(IP_RECVDSTADDR) && defined(HAVE_SOLARIS_NETWORK)
640 char control
[CMSG_SPACE(sizeof(struct in_addr
)) +
641 CMSG_SPACE(sizeof(unsigned int))];
642 #elif defined(IP_RECVDSTADDR)
643 char control
[CMSG_SPACE(sizeof(struct in_addr
)) +
644 CMSG_SPACE(sizeof(struct sockaddr_dl
))];
648 /* packet buffer overwritten */
649 daemon
->srv_save
= NULL
;
651 if (listen
->family
== AF_INET
&& option_bool(OPT_NOWILD
))
653 dst_addr_4
= listen
->iface
->addr
.in
.sin_addr
;
654 netmask
= listen
->iface
->netmask
;
658 dst_addr_4
.s_addr
= 0;
662 iov
[0].iov_base
= daemon
->packet
;
663 iov
[0].iov_len
= daemon
->edns_pktsz
;
665 msg
.msg_control
= control_u
.control
;
666 msg
.msg_controllen
= sizeof(control_u
);
668 msg
.msg_name
= &source_addr
;
669 msg
.msg_namelen
= sizeof(source_addr
);
673 if ((n
= recvmsg(listen
->fd
, &msg
, 0)) == -1)
676 if (n
< (int)sizeof(HEADER
) ||
677 (msg
.msg_flags
& MSG_TRUNC
) ||
681 source_addr
.sa
.sa_family
= listen
->family
;
683 if (listen
->family
== AF_INET6
)
684 source_addr
.in6
.sin6_flowinfo
= 0;
687 if (!option_bool(OPT_NOWILD
))
691 if (msg
.msg_controllen
< sizeof(struct cmsghdr
))
694 #if defined(HAVE_LINUX_NETWORK)
695 if (listen
->family
== AF_INET
)
696 for (cmptr
= CMSG_FIRSTHDR(&msg
); cmptr
; cmptr
= CMSG_NXTHDR(&msg
, cmptr
))
697 if (cmptr
->cmsg_level
== SOL_IP
&& cmptr
->cmsg_type
== IP_PKTINFO
)
701 struct in_pktinfo
*p
;
703 p
.c
= CMSG_DATA(cmptr
);
704 dst_addr_4
= dst_addr
.addr
.addr4
= p
.p
->ipi_spec_dst
;
705 if_index
= p
.p
->ipi_ifindex
;
707 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
708 if (listen
->family
== AF_INET
)
710 for (cmptr
= CMSG_FIRSTHDR(&msg
); cmptr
; cmptr
= CMSG_NXTHDR(&msg
, cmptr
))
716 #ifndef HAVE_SOLARIS_NETWORK
717 struct sockaddr_dl
*s
;
720 p
.c
= CMSG_DATA(cmptr
);
721 if (cmptr
->cmsg_level
== IPPROTO_IP
&& cmptr
->cmsg_type
== IP_RECVDSTADDR
)
722 dst_addr_4
= dst_addr
.addr
.addr4
= *(p
.a
);
723 else if (cmptr
->cmsg_level
== IPPROTO_IP
&& cmptr
->cmsg_type
== IP_RECVIF
)
724 #ifdef HAVE_SOLARIS_NETWORK
727 if_index
= p
.s
->sdl_index
;
734 if (listen
->family
== AF_INET6
)
736 for (cmptr
= CMSG_FIRSTHDR(&msg
); cmptr
; cmptr
= CMSG_NXTHDR(&msg
, cmptr
))
737 if (cmptr
->cmsg_level
== IPV6_LEVEL
&& cmptr
->cmsg_type
== daemon
->v6pktinfo
)
741 struct in6_pktinfo
*p
;
743 p
.c
= CMSG_DATA(cmptr
);
745 dst_addr
.addr
.addr6
= p
.p
->ipi6_addr
;
746 if_index
= p
.p
->ipi6_ifindex
;
751 /* enforce available interface configuration */
753 if (!indextoname(listen
->fd
, if_index
, ifr
.ifr_name
) ||
754 !iface_check(listen
->family
, &dst_addr
, ifr
.ifr_name
, &if_index
))
757 if (listen
->family
== AF_INET
&&
758 option_bool(OPT_LOCALISE
) &&
759 ioctl(listen
->fd
, SIOCGIFNETMASK
, &ifr
) == -1)
762 netmask
= ((struct sockaddr_in
*) &ifr
.ifr_addr
)->sin_addr
;
765 if (extract_request(header
, (size_t)n
, daemon
->namebuff
, &type
))
769 querystr(types
, type
);
771 if (listen
->family
== AF_INET
)
772 log_query(F_QUERY
| F_IPV4
| F_FORWARD
, daemon
->namebuff
,
773 (struct all_addr
*)&source_addr
.in
.sin_addr
, types
);
776 log_query(F_QUERY
| F_IPV6
| F_FORWARD
, daemon
->namebuff
,
777 (struct all_addr
*)&source_addr
.in6
.sin6_addr
, types
);
781 m
= answer_request (header
, ((char *) header
) + PACKETSZ
, (size_t)n
,
782 dst_addr_4
, netmask
, now
);
785 send_from(listen
->fd
, option_bool(OPT_NOWILD
), (char *)header
,
786 m
, &source_addr
, &dst_addr
, if_index
);
787 daemon
->local_answer
++;
789 else if (forward_query(listen
->fd
, &source_addr
, &dst_addr
, if_index
,
790 header
, (size_t)n
, now
, NULL
))
791 daemon
->queries_forwarded
++;
793 daemon
->local_answer
++;
796 /* The daemon forks before calling this: it should deal with one connection,
797 blocking as neccessary, and then return. Note, need to be a bit careful
798 about resources for debug mode, when the fork is suppressed: that's
799 done by the caller. */
800 unsigned char *tcp_request(int confd
, time_t now
,
801 struct in_addr local_addr
, struct in_addr netmask
)
805 int checking_disabled
;
807 unsigned short qtype
, gotname
;
808 unsigned char c1
, c2
;
809 /* Max TCP packet + slop */
810 unsigned char *packet
= whine_malloc(65536 + MAXDNAME
+ RRFIXEDSZ
);
812 struct server
*last_server
;
817 !read_write(confd
, &c1
, 1, 1) || !read_write(confd
, &c2
, 1, 1) ||
818 !(size
= c1
<< 8 | c2
) ||
819 !read_write(confd
, packet
, size
, 1))
822 if (size
< (int)sizeof(HEADER
))
825 header
= (HEADER
*)packet
;
827 /* save state of "cd" flag in query */
828 checking_disabled
= header
->cd
;
830 /* RFC 4035: sect 4.6 para 2 */
833 if ((gotname
= extract_request(header
, (unsigned int)size
, daemon
->namebuff
, &qtype
)))
835 union mysockaddr peer_addr
;
836 socklen_t peer_len
= sizeof(union mysockaddr
);
838 if (getpeername(confd
, (struct sockaddr
*)&peer_addr
, &peer_len
) != -1)
842 querystr(types
, qtype
);
844 if (peer_addr
.sa
.sa_family
== AF_INET
)
845 log_query(F_QUERY
| F_IPV4
| F_FORWARD
, daemon
->namebuff
,
846 (struct all_addr
*)&peer_addr
.in
.sin_addr
, types
);
849 log_query(F_QUERY
| F_IPV6
| F_FORWARD
, daemon
->namebuff
,
850 (struct all_addr
*)&peer_addr
.in6
.sin6_addr
, types
);
855 /* m > 0 if answered from cache */
856 m
= answer_request(header
, ((char *) header
) + 65536, (unsigned int)size
,
857 local_addr
, netmask
, now
);
859 /* Do this by steam now we're not in the select() loop */
860 check_log_writer(NULL
);
864 unsigned int flags
= 0;
865 struct all_addr
*addrp
= NULL
;
869 if (option_bool(OPT_ADD_MAC
))
871 union mysockaddr peer_addr
;
872 socklen_t peer_len
= sizeof(union mysockaddr
);
874 if (getpeername(confd
, (struct sockaddr
*)&peer_addr
, &peer_len
) != -1)
875 size
= add_mac(header
, size
, ((char *) header
) + 65536, &peer_addr
);
879 flags
= search_servers(now
, &addrp
, gotname
, daemon
->namebuff
, &type
, &domain
, &norebind
);
881 if (type
!= 0 || option_bool(OPT_ORDER
) || !daemon
->last_server
)
882 last_server
= daemon
->servers
;
884 last_server
= daemon
->last_server
;
886 if (!flags
&& last_server
)
888 struct server
*firstsendto
= NULL
;
889 unsigned int crc
= questions_crc(header
, (unsigned int)size
, daemon
->namebuff
);
891 /* Loop round available servers until we succeed in connecting to one.
892 Note that this code subtley ensures that consecutive queries on this connection
893 which can go to the same server, do so. */
897 firstsendto
= last_server
;
900 if (!(last_server
= last_server
->next
))
901 last_server
= daemon
->servers
;
903 if (last_server
== firstsendto
)
907 /* server for wrong domain */
908 if (type
!= (last_server
->flags
& SERV_TYPE
) ||
909 (type
== SERV_HAS_DOMAIN
&& !hostname_isequal(domain
, last_server
->domain
)))
912 if ((last_server
->tcpfd
== -1) &&
913 (last_server
->tcpfd
= socket(last_server
->addr
.sa
.sa_family
, SOCK_STREAM
, 0)) != -1 &&
914 (!local_bind(last_server
->tcpfd
, &last_server
->source_addr
, last_server
->interface
, 1) ||
915 connect(last_server
->tcpfd
, &last_server
->addr
.sa
, sa_len(&last_server
->addr
)) == -1))
917 close(last_server
->tcpfd
);
918 last_server
->tcpfd
= -1;
921 if (last_server
->tcpfd
== -1)
927 if (!read_write(last_server
->tcpfd
, &c1
, 1, 0) ||
928 !read_write(last_server
->tcpfd
, &c2
, 1, 0) ||
929 !read_write(last_server
->tcpfd
, packet
, size
, 0) ||
930 !read_write(last_server
->tcpfd
, &c1
, 1, 1) ||
931 !read_write(last_server
->tcpfd
, &c2
, 1, 1))
933 close(last_server
->tcpfd
);
934 last_server
->tcpfd
= -1;
939 if (!read_write(last_server
->tcpfd
, packet
, m
, 1))
943 strcpy(daemon
->namebuff
, "query");
944 if (last_server
->addr
.sa
.sa_family
== AF_INET
)
945 log_query(F_SERVER
| F_IPV4
| F_FORWARD
, daemon
->namebuff
,
946 (struct all_addr
*)&last_server
->addr
.in
.sin_addr
, NULL
);
949 log_query(F_SERVER
| F_IPV6
| F_FORWARD
, daemon
->namebuff
,
950 (struct all_addr
*)&last_server
->addr
.in6
.sin6_addr
, NULL
);
953 /* There's no point in updating the cache, since this process will exit and
954 lose the information after a few queries. We make this call for the alias and
955 bogus-nxdomain side-effects. */
956 /* If the crc of the question section doesn't match the crc we sent, then
957 someone might be attempting to insert bogus values into the cache by
958 sending replies containing questions and bogus answers. */
959 if (crc
== questions_crc(header
, (unsigned int)m
, daemon
->namebuff
))
960 m
= process_reply(header
, now
, last_server
, (unsigned int)m
,
961 option_bool(OPT_NO_REBIND
) && !norebind
, checking_disabled
);
967 /* In case of local answer or no connections made. */
969 m
= setup_reply(header
, (unsigned int)size
, addrp
, flags
, daemon
->local_ttl
);
972 check_log_writer(NULL
);
976 if (!read_write(confd
, &c1
, 1, 0) ||
977 !read_write(confd
, &c2
, 1, 0) ||
978 !read_write(confd
, packet
, m
, 0))
983 static struct frec
*allocate_frec(time_t now
)
987 if ((f
= (struct frec
*)whine_malloc(sizeof(struct frec
))))
989 f
->next
= daemon
->frec_list
;
997 daemon
->frec_list
= f
;
1003 static struct randfd
*allocate_rfd(int family
)
1005 static int finger
= 0;
1008 /* limit the number of sockets we have open to avoid starvation of
1009 (eg) TFTP. Once we have a reasonable number, randomness should be OK */
1011 for (i
= 0; i
< RANDOM_SOCKS
; i
++)
1012 if (daemon
->randomsocks
[i
].refcount
== 0)
1014 if ((daemon
->randomsocks
[i
].fd
= random_sock(family
)) == -1)
1017 daemon
->randomsocks
[i
].refcount
= 1;
1018 daemon
->randomsocks
[i
].family
= family
;
1019 return &daemon
->randomsocks
[i
];
1022 /* No free ones or cannot get new socket, grab an existing one */
1023 for (i
= 0; i
< RANDOM_SOCKS
; i
++)
1025 int j
= (i
+finger
) % RANDOM_SOCKS
;
1026 if (daemon
->randomsocks
[j
].refcount
!= 0 &&
1027 daemon
->randomsocks
[j
].family
== family
&&
1028 daemon
->randomsocks
[j
].refcount
!= 0xffff)
1031 daemon
->randomsocks
[j
].refcount
++;
1032 return &daemon
->randomsocks
[j
];
1036 return NULL
; /* doom */
1039 static void free_frec(struct frec
*f
)
1041 if (f
->rfd4
&& --(f
->rfd4
->refcount
) == 0)
1049 if (f
->rfd6
&& --(f
->rfd6
->refcount
) == 0)
1056 /* if wait==NULL return a free or older than TIMEOUT record.
1057 else return *wait zero if one available, or *wait is delay to
1058 when the oldest in-use record will expire. Impose an absolute
1059 limit of 4*TIMEOUT before we wipe things (for random sockets) */
1060 struct frec
*get_new_frec(time_t now
, int *wait
)
1062 struct frec
*f
, *oldest
, *target
;
1068 for (f
= daemon
->frec_list
, oldest
= NULL
, target
= NULL
, count
= 0; f
; f
= f
->next
, count
++)
1073 if (difftime(now
, f
->time
) >= 4*TIMEOUT
)
1079 if (!oldest
|| difftime(f
->time
, oldest
->time
) <= 0)
1089 /* can't find empty one, use oldest if there is one
1090 and it's older than timeout */
1091 if (oldest
&& ((int)difftime(now
, oldest
->time
)) >= TIMEOUT
)
1093 /* keep stuff for twice timeout if we can by allocating a new
1095 if (difftime(now
, oldest
->time
) < 2*TIMEOUT
&&
1096 count
<= daemon
->ftabsize
&&
1097 (f
= allocate_frec(now
)))
1108 /* none available, calculate time 'till oldest record expires */
1109 if (count
> daemon
->ftabsize
)
1112 *wait
= oldest
->time
+ (time_t)TIMEOUT
- now
;
1116 if (!(f
= allocate_frec(now
)) && wait
)
1117 /* wait one second on malloc failure */
1120 return f
; /* OK if malloc fails and this is NULL */
1123 /* crc is all-ones if not known. */
1124 static struct frec
*lookup_frec(unsigned short id
, unsigned int crc
)
1128 for(f
= daemon
->frec_list
; f
; f
= f
->next
)
1129 if (f
->sentto
&& f
->new_id
== id
&&
1130 (f
->crc
== crc
|| crc
== 0xffffffff))
1136 static struct frec
*lookup_frec_by_sender(unsigned short id
,
1137 union mysockaddr
*addr
,
1142 for(f
= daemon
->frec_list
; f
; f
= f
->next
)
1146 sockaddr_isequal(&f
->source
, addr
))
1152 /* A server record is going away, remove references to it */
1153 void server_gone(struct server
*server
)
1157 for (f
= daemon
->frec_list
; f
; f
= f
->next
)
1158 if (f
->sentto
&& f
->sentto
== server
)
1161 if (daemon
->last_server
== server
)
1162 daemon
->last_server
= NULL
;
1164 if (daemon
->srv_save
== server
)
1165 daemon
->srv_save
= NULL
;
1168 /* return unique random ids. */
1169 static unsigned short get_id(unsigned int crc
)
1171 unsigned short ret
= 0;
1175 while (lookup_frec(ret
, crc
));