]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/network.c
projects / people / ms / dnsmasq.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Eliminate IPv6 privacy addresses from --interface-name answers.
[people/ms/dnsmasq.git] / src / network.c
1 /* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 #include "dnsmasq.h"
18
19 #ifdef HAVE_LINUX_NETWORK
20
21 int indextoname(int fd, int index, char *name)
22 {
23 struct ifreq ifr;
24
25 if (index == 0)
26 return 0;
27
28 ifr.ifr_ifindex = index;
29 if (ioctl(fd, SIOCGIFNAME, &ifr) == -1)
30 return 0;
31
32 strncpy(name, ifr.ifr_name, IF_NAMESIZE);
33
34 return 1;
35 }
36
37
38 #elif defined(HAVE_SOLARIS_NETWORK)
39
40 #include <zone.h>
41 #include <alloca.h>
42 #ifndef LIFC_UNDER_IPMP
43 # define LIFC_UNDER_IPMP 0
44 #endif
45
46 int indextoname(int fd, int index, char *name)
47 {
48 int64_t lifc_flags;
49 struct lifnum lifn;
50 int numifs, bufsize, i;
51 struct lifconf lifc;
52 struct lifreq *lifrp;
53
54 if (index == 0)
55 return 0;
56
57 if (getzoneid() == GLOBAL_ZONEID)
58 {
59 if (!if_indextoname(index, name))
60 return 0;
61 return 1;
62 }
63
64 lifc_flags = LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES | LIFC_UNDER_IPMP;
65 lifn.lifn_family = AF_UNSPEC;
66 lifn.lifn_flags = lifc_flags;
67 if (ioctl(fd, SIOCGLIFNUM, &lifn) < 0)
68 return 0;
69
70 numifs = lifn.lifn_count;
71 bufsize = numifs * sizeof(struct lifreq);
72
73 lifc.lifc_family = AF_UNSPEC;
74 lifc.lifc_flags = lifc_flags;
75 lifc.lifc_len = bufsize;
76 lifc.lifc_buf = alloca(bufsize);
77
78 if (ioctl(fd, SIOCGLIFCONF, &lifc) < 0)
79 return 0;
80
81 lifrp = lifc.lifc_req;
82 for (i = lifc.lifc_len / sizeof(struct lifreq); i; i--, lifrp++)
83 {
84 struct lifreq lifr;
85 strncpy(lifr.lifr_name, lifrp->lifr_name, IF_NAMESIZE);
86 if (ioctl(fd, SIOCGLIFINDEX, &lifr) < 0)
87 return 0;
88
89 if (lifr.lifr_index == index) {
90 strncpy(name, lifr.lifr_name, IF_NAMESIZE);
91 return 1;
92 }
93 }
94 return 0;
95 }
96
97
98 #else
99
100 int indextoname(int fd, int index, char *name)
101 {
102 (void)fd;
103
104 if (index == 0 || !if_indextoname(index, name))
105 return 0;
106
107 return 1;
108 }
109
110 #endif
111
112 int iface_check(int family, struct all_addr *addr, char *name, int *auth)
113 {
114 struct iname *tmp;
115 int ret = 1, match_addr = 0;
116
117 /* Note: have to check all and not bail out early, so that we set the
118 "used" flags.
119
120 May be called with family == AF_LOCALto check interface by name only. */
121
122 if (auth)
123 *auth = 0;
124
125 if (daemon->if_names || daemon->if_addrs)
126 {
127 ret = 0;
128
129 for (tmp = daemon->if_names; tmp; tmp = tmp->next)
130 if (tmp->name && wildcard_match(tmp->name, name))
131 ret = tmp->used = 1;
132
133 if (addr)
134 for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
135 if (tmp->addr.sa.sa_family == family)
136 {
137 if (family == AF_INET &&
138 tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
139 ret = match_addr = tmp->used = 1;
140 #ifdef HAVE_IPV6
141 else if (family == AF_INET6 &&
142 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr,
143 &addr->addr.addr6))
144 ret = match_addr = tmp->used = 1;
145 #endif
146 }
147 }
148
149 if (!match_addr)
150 for (tmp = daemon->if_except; tmp; tmp = tmp->next)
151 if (tmp->name && wildcard_match(tmp->name, name))
152 ret = 0;
153
154
155 for (tmp = daemon->authinterface; tmp; tmp = tmp->next)
156 if (tmp->name)
157 {
158 if (strcmp(tmp->name, name) == 0 &&
159 (tmp->addr.sa.sa_family == 0 || tmp->addr.sa.sa_family == family))
160 break;
161 }
162 else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET &&
163 tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
164 break;
165 #ifdef HAVE_IPV6
166 else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 &&
167 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6))
168 break;
169 #endif
170
171 if (tmp && auth)
172 {
173 *auth = 1;
174 ret = 1;
175 }
176
177 return ret;
178 }
179
180
181 /* Fix for problem that the kernel sometimes reports the loopback inerface as the
182 arrival interface when a packet originates locally, even when sent to address of
183 an interface other than the loopback. Accept packet if it arrived via a loopback
184 interface, even when we're not accepting packets that way, as long as the destination
185 address is one we're believing. Interface list must be up-to-date before calling. */
186 int loopback_exception(int fd, int family, struct all_addr *addr, char *name)
187 {
188 struct ifreq ifr;
189 struct irec *iface;
190
191 strncpy(ifr.ifr_name, name, IF_NAMESIZE);
192 if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 &&
193 ifr.ifr_flags & IFF_LOOPBACK)
194 {
195 for (iface = daemon->interfaces; iface; iface = iface->next)
196 if (iface->addr.sa.sa_family == family)
197 {
198 if (family == AF_INET)
199 {
200 if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
201 return 1;
202 }
203 #ifdef HAVE_IPV6
204 else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6))
205 return 1;
206 #endif
207
208 }
209 }
210 return 0;
211 }
212
213 /* If we're configured with something like --interface=eth0:0 then we'll listen correctly
214 on the relevant address, but the name of the arrival interface, derived from the
215 index won't match the config. Check that we found an interface address for the arrival
216 interface: daemon->interfaces must be up-to-date. */
217 int label_exception(int index, int family, struct all_addr *addr)
218 {
219 struct irec *iface;
220
221 /* labels only supported on IPv4 addresses. */
222 if (family != AF_INET)
223 return 0;
224
225 for (iface = daemon->interfaces; iface; iface = iface->next)
226 if (iface->index == index && iface->addr.sa.sa_family == AF_INET &&
227 iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
228 return 1;
229
230 return 0;
231 }
232
233 struct iface_param {
234 struct addrlist *spare;
235 int fd;
236 };
237
238 static int iface_allowed(struct iface_param *param, int if_index, char *label,
239 union mysockaddr *addr, struct in_addr netmask, int prefixlen, int iface_flags)
240 {
241 struct irec *iface;
242 int mtu = 0, loopback;
243 struct ifreq ifr;
244 int tftp_ok = !!option_bool(OPT_TFTP);
245 int dhcp_ok = 1;
246 int auth_dns = 0;
247 #if defined(HAVE_DHCP) || defined(HAVE_TFTP)
248 struct iname *tmp;
249 #endif
250
251 (void)prefixlen;
252
253 if (!indextoname(param->fd, if_index, ifr.ifr_name) ||
254 ioctl(param->fd, SIOCGIFFLAGS, &ifr) == -1)
255 return 0;
256
257 loopback = ifr.ifr_flags & IFF_LOOPBACK;
258
259 if (loopback)
260 dhcp_ok = 0;
261
262 if (ioctl(param->fd, SIOCGIFMTU, &ifr) != -1)
263 mtu = ifr.ifr_mtu;
264
265 if (!label)
266 label = ifr.ifr_name;
267
268 /* maintain a list of all addresses on all interfaces for --local-service option */
269 if (option_bool(OPT_LOCAL_SERVICE))
270 {
271 struct addrlist *al;
272
273 if (param->spare)
274 {
275 al = param->spare;
276 param->spare = al->next;
277 }
278 else
279 al = whine_malloc(sizeof(struct addrlist));
280
281 if (al)
282 {
283 al->next = daemon->interface_addrs;
284 daemon->interface_addrs = al;
285 al->prefixlen = prefixlen;
286
287 if (addr->sa.sa_family == AF_INET)
288 {
289 al->addr.addr.addr4 = addr->in.sin_addr;
290 al->flags = 0;
291 }
292 #ifdef HAVE_IPV6
293 else
294 {
295 al->addr.addr.addr6 = addr->in6.sin6_addr;
296 al->flags = ADDRLIST_IPV6;
297 }
298 #endif
299 }
300 }
301
302 #ifdef HAVE_IPV6
303 if (addr->sa.sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr))
304 #endif
305 {
306 struct interface_name *int_name;
307 struct addrlist *al;
308 #ifdef HAVE_AUTH
309 struct auth_zone *zone;
310 struct auth_name_list *name;
311
312 /* Find subnets in auth_zones */
313 for (zone = daemon->auth_zones; zone; zone = zone->next)
314 for (name = zone->interface_names; name; name = name->next)
315 if (wildcard_match(name->name, label))
316 {
317 if (addr->sa.sa_family == AF_INET && (name->flags & AUTH4))
318 {
319 if (param->spare)
320 {
321 al = param->spare;
322 param->spare = al->next;
323 }
324 else
325 al = whine_malloc(sizeof(struct addrlist));
326
327 if (al)
328 {
329 al->next = zone->subnet;
330 zone->subnet = al;
331 al->prefixlen = prefixlen;
332 al->addr.addr.addr4 = addr->in.sin_addr;
333 al->flags = 0;
334 }
335 }
336
337 #ifdef HAVE_IPV6
338 if (addr->sa.sa_family == AF_INET6 && (name->flags & AUTH6))
339 {
340 if (param->spare)
341 {
342 al = param->spare;
343 param->spare = al->next;
344 }
345 else
346 al = whine_malloc(sizeof(struct addrlist));
347
348 if (al)
349 {
350 al->next = zone->subnet;
351 zone->subnet = al;
352 al->prefixlen = prefixlen;
353 al->addr.addr.addr6 = addr->in6.sin6_addr;
354 al->flags = ADDRLIST_IPV6;
355 }
356 }
357 #endif
358
359 }
360 #endif
361
362 /* Update addresses from interface_names. These are a set independent
363 of the set we're listening on. */
364 for (int_name = daemon->int_names; int_name; int_name = int_name->next)
365 if (strncmp(label, int_name->intr, IF_NAMESIZE) == 0 &&
366 (addr->sa.sa_family == int_name->family || int_name->family == 0))
367 {
368 if (param->spare)
369 {
370 al = param->spare;
371 param->spare = al->next;
372 }
373 else
374 al = whine_malloc(sizeof(struct addrlist));
375
376 if (al)
377 {
378 al->next = int_name->addr;
379 int_name->addr = al;
380
381 if (addr->sa.sa_family == AF_INET)
382 {
383 al->addr.addr.addr4 = addr->in.sin_addr;
384 al->flags = 0;
385 }
386 #ifdef HAVE_IPV6
387 else
388 {
389 al->addr.addr.addr6 = addr->in6.sin6_addr;
390 al->flags = ADDRLIST_IPV6;
391 /* Privacy addresses and addresses still undergoing DAD and deprecated addresses
392 don't appear in forward queries, but will in reverse ones. */
393 if (!(iface_flags & IFACE_PERMANENT) || (iface_flags & (IFACE_DEPRECATED | IFACE_TENTATIVE)))
394 al->flags |= ADDRLIST_REVONLY;
395 }
396 #endif
397 }
398 }
399 }
400
401 /* check whether the interface IP has been added already
402 we call this routine multiple times. */
403 for (iface = daemon->interfaces; iface; iface = iface->next)
404 if (sockaddr_isequal(&iface->addr, addr))
405 {
406 iface->dad = !!(iface_flags & IFACE_TENTATIVE);
407 iface->found = 1; /* for garbage collection */
408 return 1;
409 }
410
411 /* If we are restricting the set of interfaces to use, make
412 sure that loopback interfaces are in that set. */
413 if (daemon->if_names && loopback)
414 {
415 struct iname *lo;
416 for (lo = daemon->if_names; lo; lo = lo->next)
417 if (lo->name && strcmp(lo->name, ifr.ifr_name) == 0)
418 break;
419
420 if (!lo && (lo = whine_malloc(sizeof(struct iname))))
421 {
422 if ((lo->name = whine_malloc(strlen(ifr.ifr_name)+1)))
423 {
424 strcpy(lo->name, ifr.ifr_name);
425 lo->used = 1;
426 lo->next = daemon->if_names;
427 daemon->if_names = lo;
428 }
429 else
430 free(lo);
431 }
432 }
433
434 if (addr->sa.sa_family == AF_INET &&
435 !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns))
436 return 1;
437
438 #ifdef HAVE_IPV6
439 if (addr->sa.sa_family == AF_INET6 &&
440 !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns))
441 return 1;
442 #endif
443
444 #ifdef HAVE_DHCP
445 /* No DHCP where we're doing auth DNS. */
446 if (auth_dns)
447 {
448 tftp_ok = 0;
449 dhcp_ok = 0;
450 }
451 else
452 for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
453 if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
454 {
455 tftp_ok = 0;
456 dhcp_ok = 0;
457 }
458 #endif
459
460
461 #ifdef HAVE_TFTP
462 if (daemon->tftp_interfaces)
463 {
464 /* dedicated tftp interface list */
465 tftp_ok = 0;
466 for (tmp = daemon->tftp_interfaces; tmp; tmp = tmp->next)
467 if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
468 tftp_ok = 1;
469 }
470 #endif
471
472 /* add to list */
473 if ((iface = whine_malloc(sizeof(struct irec))))
474 {
475 iface->addr = *addr;
476 iface->netmask = netmask;
477 iface->tftp_ok = tftp_ok;
478 iface->dhcp_ok = dhcp_ok;
479 iface->dns_auth = auth_dns;
480 iface->mtu = mtu;
481 iface->dad = !!(iface_flags & IFACE_TENTATIVE);
482 iface->found = 1;
483 iface->done = iface->multicast_done = iface->warned = 0;
484 iface->index = if_index;
485 if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1)))
486 {
487 strcpy(iface->name, ifr.ifr_name);
488 iface->next = daemon->interfaces;
489 daemon->interfaces = iface;
490 return 1;
491 }
492 free(iface);
493
494 }
495
496 errno = ENOMEM;
497 return 0;
498 }
499
500 #ifdef HAVE_IPV6
501 static int iface_allowed_v6(struct in6_addr *local, int prefix,
502 int scope, int if_index, int flags,
503 int preferred, int valid, void *vparam)
504 {
505 union mysockaddr addr;
506 struct in_addr netmask; /* dummy */
507 netmask.s_addr = 0;
508
509 (void)scope; /* warning */
510 (void)preferred;
511 (void)valid;
512
513 memset(&addr, 0, sizeof(addr));
514 #ifdef HAVE_SOCKADDR_SA_LEN
515 addr.in6.sin6_len = sizeof(addr.in6);
516 #endif
517 addr.in6.sin6_family = AF_INET6;
518 addr.in6.sin6_addr = *local;
519 addr.in6.sin6_port = htons(daemon->port);
520 /* FreeBSD insists this is zero for non-linklocal addresses */
521 if (IN6_IS_ADDR_LINKLOCAL(local))
522 addr.in6.sin6_scope_id = if_index;
523 else
524 addr.in6.sin6_scope_id = 0;
525
526 return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, flags);
527 }
528 #endif
529
530 static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
531 struct in_addr netmask, struct in_addr broadcast, void *vparam)
532 {
533 union mysockaddr addr;
534 int prefix, bit;
535
536 memset(&addr, 0, sizeof(addr));
537 #ifdef HAVE_SOCKADDR_SA_LEN
538 addr.in.sin_len = sizeof(addr.in);
539 #endif
540 addr.in.sin_family = AF_INET;
541 addr.in.sin_addr = broadcast; /* warning */
542 addr.in.sin_addr = local;
543 addr.in.sin_port = htons(daemon->port);
544
545 /* determine prefix length from netmask */
546 for (prefix = 32, bit = 1; (bit & ntohl(netmask.s_addr)) == 0 && prefix != 0; bit = bit << 1, prefix--);
547
548 return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0);
549 }
550
551 int enumerate_interfaces(int reset)
552 {
553 static struct addrlist *spare = NULL;
554 static int done = 0;
555 struct iface_param param;
556 int errsave, ret = 1;
557 struct addrlist *addr, *tmp;
558 struct interface_name *intname;
559 struct irec *iface;
560 #ifdef HAVE_AUTH
561 struct auth_zone *zone;
562 #endif
563
564 /* Do this max once per select cycle - also inhibits netlink socket use
565 in TCP child processes. */
566
567 if (reset)
568 {
569 done = 0;
570 return 1;
571 }
572
573 if (done)
574 return 1;
575
576 done = 1;
577
578 if ((param.fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
579 return 0;
580
581 /* Mark interfaces for garbage collection */
582 for (iface = daemon->interfaces; iface; iface = iface->next)
583 iface->found = 0;
584
585 /* remove addresses stored against interface_names */
586 for (intname = daemon->int_names; intname; intname = intname->next)
587 {
588 for (addr = intname->addr; addr; addr = tmp)
589 {
590 tmp = addr->next;
591 addr->next = spare;
592 spare = addr;
593 }
594
595 intname->addr = NULL;
596 }
597
598 /* Remove list of addresses of local interfaces */
599 for (addr = daemon->interface_addrs; addr; addr = tmp)
600 {
601 tmp = addr->next;
602 addr->next = spare;
603 spare = addr;
604 }
605 daemon->interface_addrs = NULL;
606
607 #ifdef HAVE_AUTH
608 /* remove addresses stored against auth_zone subnets, but not
609 ones configured as address literals */
610 for (zone = daemon->auth_zones; zone; zone = zone->next)
611 if (zone->interface_names)
612 {
613 struct addrlist **up;
614 for (up = &zone->subnet, addr = zone->subnet; addr; addr = tmp)
615 {
616 tmp = addr->next;
617 if (addr->flags & ADDRLIST_LITERAL)
618 up = &addr->next;
619 else
620 {
621 *up = addr->next;
622 addr->next = spare;
623 spare = addr;
624 }
625 }
626 }
627 #endif
628
629 param.spare = spare;
630
631 #ifdef HAVE_IPV6
632 ret = iface_enumerate(AF_INET6, &param, iface_allowed_v6);
633 #endif
634
635 if (ret)
636 ret = iface_enumerate(AF_INET, &param, iface_allowed_v4);
637
638 errsave = errno;
639 close(param.fd);
640
641 if (option_bool(OPT_CLEVERBIND))
642 {
643 /* Garbage-collect listeners listening on addresses that no longer exist.
644 Does nothing when not binding interfaces or for listeners on localhost,
645 since the ->iface field is NULL. Note that this needs the protections
646 against re-entrancy, hence it's here. It also means there's a possibility,
647 in OPT_CLEVERBIND mode, that at listener will just disappear after
648 a call to enumerate_interfaces, this is checked OK on all calls. */
649 struct listener *l, *tmp, **up;
650
651 for (up = &daemon->listeners, l = daemon->listeners; l; l = tmp)
652 {
653 tmp = l->next;
654
655 if (!l->iface || l->iface->found)
656 up = &l->next;
657 else
658 {
659 *up = l->next;
660
661 /* In case it ever returns */
662 l->iface->done = 0;
663
664 if (l->fd != -1)
665 close(l->fd);
666 if (l->tcpfd != -1)
667 close(l->tcpfd);
668 if (l->tftpfd != -1)
669 close(l->tftpfd);
670
671 free(l);
672 }
673 }
674 }
675
676 errno = errsave;
677 spare = param.spare;
678
679 return ret;
680 }
681
682 /* set NONBLOCK bit on fd: See Stevens 16.6 */
683 int fix_fd(int fd)
684 {
685 int flags;
686
687 if ((flags = fcntl(fd, F_GETFL)) == -1 ||
688 fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
689 return 0;
690
691 return 1;
692 }
693
694 static int make_sock(union mysockaddr *addr, int type, int dienow)
695 {
696 int family = addr->sa.sa_family;
697 int fd, rc, opt = 1;
698
699 if ((fd = socket(family, type, 0)) == -1)
700 {
701 int port, errsav;
702 char *s;
703
704 /* No error if the kernel just doesn't support this IP flavour */
705 if (errno == EPROTONOSUPPORT ||
706 errno == EAFNOSUPPORT ||
707 errno == EINVAL)
708 return -1;
709
710 err:
711 errsav = errno;
712 port = prettyprint_addr(addr, daemon->addrbuff);
713 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
714 sprintf(daemon->addrbuff, "port %d", port);
715 s = _("failed to create listening socket for %s: %s");
716
717 if (fd != -1)
718 close (fd);
719
720 errno = errsav;
721
722 if (dienow)
723 {
724 /* failure to bind addresses given by --listen-address at this point
725 is OK if we're doing bind-dynamic */
726 if (!option_bool(OPT_CLEVERBIND))
727 die(s, daemon->addrbuff, EC_BADNET);
728 }
729 else
730 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
731
732 return -1;
733 }
734
735 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd))
736 goto err;
737
738 #ifdef HAVE_IPV6
739 if (family == AF_INET6 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
740 goto err;
741 #endif
742
743 if ((rc = bind(fd, (struct sockaddr *)addr, sa_len(addr))) == -1)
744 goto err;
745
746 if (type == SOCK_STREAM)
747 {
748 if (listen(fd, 5) == -1)
749 goto err;
750 }
751 else if (family == AF_INET)
752 {
753 if (!option_bool(OPT_NOWILD))
754 {
755 #if defined(HAVE_LINUX_NETWORK)
756 if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1)
757 goto err;
758 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
759 if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 ||
760 setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1)
761 goto err;
762 #endif
763 }
764 }
765 #ifdef HAVE_IPV6
766 else if (!set_ipv6pktinfo(fd))
767 goto err;
768 #endif
769
770 return fd;
771 }
772
773 #ifdef HAVE_IPV6
774 int set_ipv6pktinfo(int fd)
775 {
776 int opt = 1;
777
778 /* The API changed around Linux 2.6.14 but the old ABI is still supported:
779 handle all combinations of headers and kernel.
780 OpenWrt note that this fixes the problem addressed by your very broken patch. */
781 daemon->v6pktinfo = IPV6_PKTINFO;
782
783 #ifdef IPV6_RECVPKTINFO
784 if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &opt, sizeof(opt)) != -1)
785 return 1;
786 # ifdef IPV6_2292PKTINFO
787 else if (errno == ENOPROTOOPT && setsockopt(fd, IPPROTO_IPV6, IPV6_2292PKTINFO, &opt, sizeof(opt)) != -1)
788 {
789 daemon->v6pktinfo = IPV6_2292PKTINFO;
790 return 1;
791 }
792 # endif
793 #else
794 if (setsockopt(fd, IPPROTO_IPV6, IPV6_PKTINFO, &opt, sizeof(opt)) != -1)
795 return 1;
796 #endif
797
798 return 0;
799 }
800 #endif
801
802
803 /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
804 int tcp_interface(int fd, int af)
805 {
806 int if_index = 0;
807
808 #ifdef HAVE_LINUX_NETWORK
809 int opt = 1;
810 struct cmsghdr *cmptr;
811 struct msghdr msg;
812
813 /* use mshdr do that the CMSDG_* macros are available */
814 msg.msg_control = daemon->packet;
815 msg.msg_controllen = daemon->packet_buff_sz;
816
817 /* we overwrote the buffer... */
818 daemon->srv_save = NULL;
819
820 if (af == AF_INET)
821 {
822 if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) != -1 &&
823 getsockopt(fd, IPPROTO_IP, IP_PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
824 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
825 if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
826 {
827 union {
828 unsigned char *c;
829 struct in_pktinfo *p;
830 } p;
831
832 p.c = CMSG_DATA(cmptr);
833 if_index = p.p->ipi_ifindex;
834 }
835 }
836 #ifdef HAVE_IPV6
837 else
838 {
839 /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
840 it was removed in RFC-3542 !!!!
841
842 Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
843 uses the old ABI, and should work with pre- and post-3542 kernel headers */
844
845 #ifdef IPV6_2292PKTOPTIONS
846 # define PKTOPTIONS IPV6_2292PKTOPTIONS
847 #else
848 # define PKTOPTIONS IPV6_PKTOPTIONS
849 #endif
850
851 if (set_ipv6pktinfo(fd) &&
852 getsockopt(fd, IPPROTO_IPV6, PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
853 {
854 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
855 if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
856 {
857 union {
858 unsigned char *c;
859 struct in6_pktinfo *p;
860 } p;
861 p.c = CMSG_DATA(cmptr);
862
863 if_index = p.p->ipi6_ifindex;
864 }
865 }
866 }
867 #endif /* IPV6 */
868 #endif /* Linux */
869
870 return if_index;
871 }
872
873 static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, int dienow)
874 {
875 struct listener *l = NULL;
876 int fd = -1, tcpfd = -1, tftpfd = -1;
877
878 (void)do_tftp;
879
880 if (daemon->port != 0)
881 {
882 fd = make_sock(addr, SOCK_DGRAM, dienow);
883 tcpfd = make_sock(addr, SOCK_STREAM, dienow);
884 }
885
886 #ifdef HAVE_TFTP
887 if (do_tftp)
888 {
889 if (addr->sa.sa_family == AF_INET)
890 {
891 /* port must be restored to DNS port for TCP code */
892 short save = addr->in.sin_port;
893 addr->in.sin_port = htons(TFTP_PORT);
894 tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
895 addr->in.sin_port = save;
896 }
897 # ifdef HAVE_IPV6
898 else
899 {
900 short save = addr->in6.sin6_port;
901 addr->in6.sin6_port = htons(TFTP_PORT);
902 tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
903 addr->in6.sin6_port = save;
904 }
905 # endif
906 }
907 #endif
908
909 if (fd != -1 || tcpfd != -1 || tftpfd != -1)
910 {
911 l = safe_malloc(sizeof(struct listener));
912 l->next = NULL;
913 l->family = addr->sa.sa_family;
914 l->fd = fd;
915 l->tcpfd = tcpfd;
916 l->tftpfd = tftpfd;
917 l->iface = NULL;
918 }
919
920 return l;
921 }
922
923 void create_wildcard_listeners(void)
924 {
925 union mysockaddr addr;
926 struct listener *l, *l6;
927
928 memset(&addr, 0, sizeof(addr));
929 #ifdef HAVE_SOCKADDR_SA_LEN
930 addr.in.sin_len = sizeof(addr.in);
931 #endif
932 addr.in.sin_family = AF_INET;
933 addr.in.sin_addr.s_addr = INADDR_ANY;
934 addr.in.sin_port = htons(daemon->port);
935
936 l = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
937
938 #ifdef HAVE_IPV6
939 memset(&addr, 0, sizeof(addr));
940 # ifdef HAVE_SOCKADDR_SA_LEN
941 addr.in6.sin6_len = sizeof(addr.in6);
942 # endif
943 addr.in6.sin6_family = AF_INET6;
944 addr.in6.sin6_addr = in6addr_any;
945 addr.in6.sin6_port = htons(daemon->port);
946
947 l6 = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
948 if (l)
949 l->next = l6;
950 else
951 l = l6;
952 #endif
953
954 daemon->listeners = l;
955 }
956
957 void create_bound_listeners(int dienow)
958 {
959 struct listener *new;
960 struct irec *iface;
961 struct iname *if_tmp;
962
963 for (iface = daemon->interfaces; iface; iface = iface->next)
964 if (!iface->done && !iface->dad && iface->found &&
965 (new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
966 {
967 new->iface = iface;
968 new->next = daemon->listeners;
969 daemon->listeners = new;
970 iface->done = 1;
971 }
972
973 /* Check for --listen-address options that haven't been used because there's
974 no interface with a matching address. These may be valid: eg it's possible
975 to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
976
977 If the address isn't valid the bind() will fail and we'll die()
978 (except in bind-dynamic mode, when we'll complain but keep trying.)
979
980 The resulting listeners have the ->iface field NULL, and this has to be
981 handled by the DNS and TFTP code. It disables --localise-queries processing
982 (no netmask) and some MTU login the tftp code. */
983
984 for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
985 if (!if_tmp->used &&
986 (new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow)))
987 {
988 new->next = daemon->listeners;
989 daemon->listeners = new;
990 }
991 }
992
993 /* In --bind-interfaces, the only access control is the addresses we're listening on.
994 There's nothing to avoid a query to the address of an internal interface arriving via
995 an external interface where we don't want to accept queries, except that in the usual
996 case the addresses of internal interfaces are RFC1918. When bind-interfaces in use,
997 and we listen on an address that looks like it's probably globally routeable, shout.
998
999 The fix is to use --bind-dynamic, which actually checks the arrival interface too.
1000 Tough if your platform doesn't support this.
1001
1002 Note that checking the arrival interface is supported in the standard IPv6 API and
1003 always done, so we don't warn about any IPv6 addresses here.
1004 */
1005
1006 void warn_bound_listeners(void)
1007 {
1008 struct irec *iface;
1009 int advice = 0;
1010
1011 for (iface = daemon->interfaces; iface; iface = iface->next)
1012 if (!iface->dns_auth)
1013 {
1014 if (iface->addr.sa.sa_family == AF_INET)
1015 {
1016 if (!private_net(iface->addr.in.sin_addr, 1))
1017 {
1018 inet_ntop(AF_INET, &iface->addr.in.sin_addr, daemon->addrbuff, ADDRSTRLEN);
1019 iface->warned = advice = 1;
1020 my_syslog(LOG_WARNING,
1021 _("LOUD WARNING: listening on %s may accept requests via interfaces other than %s"),
1022 daemon->addrbuff, iface->name);
1023 }
1024 }
1025 }
1026
1027 if (advice)
1028 my_syslog(LOG_WARNING, _("LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"));
1029 }
1030
1031 void warn_int_names(void)
1032 {
1033 struct interface_name *intname;
1034
1035 for (intname = daemon->int_names; intname; intname = intname->next)
1036 if (!intname->addr)
1037 my_syslog(LOG_WARNING, _("warning: no addresses found for interface %s"), intname->intr);
1038 }
1039
1040 int is_dad_listeners(void)
1041 {
1042 struct irec *iface;
1043
1044 if (option_bool(OPT_NOWILD))
1045 for (iface = daemon->interfaces; iface; iface = iface->next)
1046 if (iface->dad && !iface->done)
1047 return 1;
1048
1049 return 0;
1050 }
1051
1052 #ifdef HAVE_DHCP6
1053 void join_multicast(int dienow)
1054 {
1055 struct irec *iface, *tmp;
1056
1057 for (iface = daemon->interfaces; iface; iface = iface->next)
1058 if (iface->addr.sa.sa_family == AF_INET6 && iface->dhcp_ok && !iface->multicast_done)
1059 {
1060 /* There's an irec per address but we only want to join for multicast
1061 once per interface. Weed out duplicates. */
1062 for (tmp = daemon->interfaces; tmp; tmp = tmp->next)
1063 if (tmp->multicast_done && tmp->index == iface->index)
1064 break;
1065
1066 iface->multicast_done = 1;
1067
1068 if (!tmp)
1069 {
1070 struct ipv6_mreq mreq;
1071 int err = 0;
1072
1073 mreq.ipv6mr_interface = iface->index;
1074
1075 inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
1076
1077 if ((daemon->doing_dhcp6 || daemon->relay6) &&
1078 setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
1079 err = 1;
1080
1081 inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
1082
1083 if (daemon->doing_dhcp6 &&
1084 setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
1085 err = 1;
1086
1087 inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr);
1088
1089 if (daemon->doing_ra &&
1090 setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
1091 err = 1;
1092
1093 if (err)
1094 {
1095 char *s = _("interface %s failed to join DHCPv6 multicast group: %s");
1096 if (dienow)
1097 die(s, iface->name, EC_BADNET);
1098 else
1099 my_syslog(LOG_ERR, s, iface->name, strerror(errno));
1100 }
1101 }
1102 }
1103 }
1104 #endif
1105
1106 /* return a UDP socket bound to a random port, have to cope with straying into
1107 occupied port nos and reserved ones. */
1108 int random_sock(int family)
1109 {
1110 int fd;
1111
1112 if ((fd = socket(family, SOCK_DGRAM, 0)) != -1)
1113 {
1114 union mysockaddr addr;
1115 unsigned int ports_avail = 65536u - (unsigned short)daemon->min_port;
1116 int tries = ports_avail < 30 ? 3 * ports_avail : 100;
1117
1118 memset(&addr, 0, sizeof(addr));
1119 addr.sa.sa_family = family;
1120
1121 /* don't loop forever if all ports in use. */
1122
1123 if (fix_fd(fd))
1124 while(tries--)
1125 {
1126 unsigned short port = rand16();
1127
1128 if (daemon->min_port != 0)
1129 port = htons(daemon->min_port + (port % ((unsigned short)ports_avail)));
1130
1131 if (family == AF_INET)
1132 {
1133 addr.in.sin_addr.s_addr = INADDR_ANY;
1134 addr.in.sin_port = port;
1135 #ifdef HAVE_SOCKADDR_SA_LEN
1136 addr.in.sin_len = sizeof(struct sockaddr_in);
1137 #endif
1138 }
1139 #ifdef HAVE_IPV6
1140 else
1141 {
1142 addr.in6.sin6_addr = in6addr_any;
1143 addr.in6.sin6_port = port;
1144 #ifdef HAVE_SOCKADDR_SA_LEN
1145 addr.in6.sin6_len = sizeof(struct sockaddr_in6);
1146 #endif
1147 }
1148 #endif
1149
1150 if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0)
1151 return fd;
1152
1153 if (errno != EADDRINUSE && errno != EACCES)
1154 break;
1155 }
1156
1157 close(fd);
1158 }
1159
1160 return -1;
1161 }
1162
1163
1164 int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp)
1165 {
1166 union mysockaddr addr_copy = *addr;
1167
1168 /* cannot set source _port_ for TCP connections. */
1169 if (is_tcp)
1170 {
1171 if (addr_copy.sa.sa_family == AF_INET)
1172 addr_copy.in.sin_port = 0;
1173 #ifdef HAVE_IPV6
1174 else
1175 addr_copy.in6.sin6_port = 0;
1176 #endif
1177 }
1178
1179 if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) == -1)
1180 return 0;
1181
1182 #if defined(SO_BINDTODEVICE)
1183 if (intname[0] != 0 &&
1184 setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, IF_NAMESIZE) == -1)
1185 return 0;
1186 #endif
1187
1188 return 1;
1189 }
1190
1191 static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname)
1192 {
1193 struct serverfd *sfd;
1194 int errsave;
1195
1196 /* when using random ports, servers which would otherwise use
1197 the INADDR_ANY/port0 socket have sfd set to NULL */
1198 if (!daemon->osport && intname[0] == 0)
1199 {
1200 errno = 0;
1201
1202 if (addr->sa.sa_family == AF_INET &&
1203 addr->in.sin_addr.s_addr == INADDR_ANY &&
1204 addr->in.sin_port == htons(0))
1205 return NULL;
1206
1207 #ifdef HAVE_IPV6
1208 if (addr->sa.sa_family == AF_INET6 &&
1209 memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 &&
1210 addr->in6.sin6_port == htons(0))
1211 return NULL;
1212 #endif
1213 }
1214
1215 /* may have a suitable one already */
1216 for (sfd = daemon->sfds; sfd; sfd = sfd->next )
1217 if (sockaddr_isequal(&sfd->source_addr, addr) &&
1218 strcmp(intname, sfd->interface) == 0)
1219 return sfd;
1220
1221 /* need to make a new one. */
1222 errno = ENOMEM; /* in case malloc fails. */
1223 if (!(sfd = whine_malloc(sizeof(struct serverfd))))
1224 return NULL;
1225
1226 if ((sfd->fd = socket(addr->sa.sa_family, SOCK_DGRAM, 0)) == -1)
1227 {
1228 free(sfd);
1229 return NULL;
1230 }
1231
1232 if (!local_bind(sfd->fd, addr, intname, 0) || !fix_fd(sfd->fd))
1233 {
1234 errsave = errno; /* save error from bind. */
1235 close(sfd->fd);
1236 free(sfd);
1237 errno = errsave;
1238 return NULL;
1239 }
1240
1241 strcpy(sfd->interface, intname);
1242 sfd->source_addr = *addr;
1243 sfd->next = daemon->sfds;
1244 daemon->sfds = sfd;
1245 return sfd;
1246 }
1247
1248 /* create upstream sockets during startup, before root is dropped which may be needed
1249 this allows query_port to be a low port and interface binding */
1250 void pre_allocate_sfds(void)
1251 {
1252 struct server *srv;
1253
1254 if (daemon->query_port != 0)
1255 {
1256 union mysockaddr addr;
1257 memset(&addr, 0, sizeof(addr));
1258 addr.in.sin_family = AF_INET;
1259 addr.in.sin_addr.s_addr = INADDR_ANY;
1260 addr.in.sin_port = htons(daemon->query_port);
1261 #ifdef HAVE_SOCKADDR_SA_LEN
1262 addr.in.sin_len = sizeof(struct sockaddr_in);
1263 #endif
1264 allocate_sfd(&addr, "");
1265 #ifdef HAVE_IPV6
1266 memset(&addr, 0, sizeof(addr));
1267 addr.in6.sin6_family = AF_INET6;
1268 addr.in6.sin6_addr = in6addr_any;
1269 addr.in6.sin6_port = htons(daemon->query_port);
1270 #ifdef HAVE_SOCKADDR_SA_LEN
1271 addr.in6.sin6_len = sizeof(struct sockaddr_in6);
1272 #endif
1273 allocate_sfd(&addr, "");
1274 #endif
1275 }
1276
1277 for (srv = daemon->servers; srv; srv = srv->next)
1278 if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)) &&
1279 !allocate_sfd(&srv->source_addr, srv->interface) &&
1280 errno != 0 &&
1281 option_bool(OPT_NOWILD))
1282 {
1283 prettyprint_addr(&srv->source_addr, daemon->namebuff);
1284 if (srv->interface[0] != 0)
1285 {
1286 strcat(daemon->namebuff, " ");
1287 strcat(daemon->namebuff, srv->interface);
1288 }
1289 die(_("failed to bind server socket for %s: %s"),
1290 daemon->namebuff, EC_BADNET);
1291 }
1292 }
1293
1294 void mark_servers(int flag)
1295 {
1296 struct server *serv;
1297
1298 /* mark everything with argument flag */
1299 for (serv = daemon->servers; serv; serv = serv->next)
1300 {
1301 if (serv->flags & flag)
1302 serv->flags |= SERV_MARK;
1303 #ifdef HAVE_LOOP
1304 /* Give looped servers another chance */
1305 serv->flags &= ~SERV_LOOP;
1306 #endif
1307 }
1308 }
1309
1310 void cleanup_servers(void)
1311 {
1312 struct server *serv, *tmp, **up;
1313
1314 /* unlink and free anything still marked. */
1315 for (serv = daemon->servers, up = &daemon->servers; serv; serv = tmp)
1316 {
1317 tmp = serv->next;
1318 if (serv->flags & SERV_MARK)
1319 {
1320 server_gone(serv);
1321 *up = serv->next;
1322 if (serv->domain)
1323 free(serv->domain);
1324 free(serv);
1325 }
1326 else
1327 up = &serv->next;
1328 }
1329
1330 #ifdef HAVE_LOOP
1331 /* Now we have a new set of servers, test for loops. */
1332 loop_send_probes();
1333 #endif
1334 }
1335
1336 void add_update_server(int flags,
1337 union mysockaddr *addr,
1338 union mysockaddr *source_addr,
1339 const char *interface,
1340 const char *domain)
1341 {
1342 struct server *serv, *next = NULL;
1343 char *domain_str = NULL;
1344
1345 /* See if there is a suitable candidate, and unmark */
1346 for (serv = daemon->servers; serv; serv = serv->next)
1347 if (serv->flags & SERV_MARK)
1348 {
1349 if (domain)
1350 {
1351 if (!(serv->flags & SERV_HAS_DOMAIN) || !hostname_isequal(domain, serv->domain))
1352 continue;
1353 }
1354 else
1355 {
1356 if (serv->flags & SERV_HAS_DOMAIN)
1357 continue;
1358 }
1359
1360 break;
1361 }
1362
1363 if (serv)
1364 {
1365 domain_str = serv->domain;
1366 next = serv->next;
1367 }
1368 else if ((serv = whine_malloc(sizeof (struct server))))
1369 {
1370 /* Not found, create a new one. */
1371 if (domain && !(domain_str = whine_malloc(strlen(domain)+1)))
1372 {
1373 free(serv);
1374 serv = NULL;
1375 }
1376 else
1377 {
1378 struct server *s;
1379 /* Add to the end of the chain, for order */
1380 if (!daemon->servers)
1381 daemon->servers = serv;
1382 else
1383 {
1384 for (s = daemon->servers; s->next; s = s->next);
1385 s->next = serv;
1386 }
1387 if (domain)
1388 strcpy(domain_str, domain);
1389 }
1390 }
1391
1392 if (serv)
1393 {
1394 memset(serv, 0, sizeof(struct server));
1395 serv->flags = flags;
1396 serv->domain = domain_str;
1397 serv->next = next;
1398 serv->queries = serv->failed_queries = 0;
1399 #ifdef HAVE_LOOP
1400 serv->uid = rand32();
1401 #endif
1402
1403 if (domain)
1404 serv->flags |= SERV_HAS_DOMAIN;
1405
1406 if (interface)
1407 strcpy(serv->interface, interface);
1408 if (addr)
1409 serv->addr = *addr;
1410 if (source_addr)
1411 serv->source_addr = *source_addr;
1412 }
1413 }
1414
1415 void check_servers(void)
1416 {
1417 struct irec *iface;
1418 struct server *serv;
1419 int port = 0;
1420
1421 /* interface may be new since startup */
1422 if (!option_bool(OPT_NOWILD))
1423 enumerate_interfaces(0);
1424
1425 for (serv = daemon->servers; serv; serv = serv->next)
1426 {
1427 if (!(serv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)))
1428 {
1429 port = prettyprint_addr(&serv->addr, daemon->namebuff);
1430
1431 /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
1432 if (serv->addr.sa.sa_family == AF_INET &&
1433 serv->addr.in.sin_addr.s_addr == 0)
1434 {
1435 serv->flags |= SERV_MARK;
1436 continue;
1437 }
1438
1439 for (iface = daemon->interfaces; iface; iface = iface->next)
1440 if (sockaddr_isequal(&serv->addr, &iface->addr))
1441 break;
1442 if (iface)
1443 {
1444 my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff);
1445 serv->flags |= SERV_MARK;
1446 continue;
1447 }
1448
1449 /* Do we need a socket set? */
1450 if (!serv->sfd &&
1451 !(serv->sfd = allocate_sfd(&serv->source_addr, serv->interface)) &&
1452 errno != 0)
1453 {
1454 my_syslog(LOG_WARNING,
1455 _("ignoring nameserver %s - cannot make/bind socket: %s"),
1456 daemon->namebuff, strerror(errno));
1457 serv->flags |= SERV_MARK;
1458 continue;
1459 }
1460 }
1461
1462 if (!(serv->flags & SERV_NO_REBIND))
1463 {
1464 if (serv->flags & (SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_USE_RESOLV))
1465 {
1466 char *s1, *s2;
1467 if (!(serv->flags & SERV_HAS_DOMAIN))
1468 s1 = _("unqualified"), s2 = _("names");
1469 else if (strlen(serv->domain) == 0)
1470 s1 = _("default"), s2 = "";
1471 else
1472 s1 = _("domain"), s2 = serv->domain;
1473
1474 if (serv->flags & SERV_NO_ADDR)
1475 my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
1476 else if (serv->flags & SERV_USE_RESOLV)
1477 my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2);
1478 else if (!(serv->flags & SERV_LITERAL_ADDRESS))
1479 my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2);
1480 }
1481 #ifdef HAVE_LOOP
1482 else if (serv->flags & SERV_LOOP)
1483 my_syslog(LOG_INFO, _("NOT using nameserver %s#%d - query loop detected"), daemon->namebuff, port);
1484 #endif
1485 else if (serv->interface[0] != 0)
1486 my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port, serv->interface);
1487 else
1488 my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port);
1489 }
1490 }
1491
1492 cleanup_servers();
1493 }
1494
1495 /* Return zero if no servers found, in that case we keep polling.
1496 This is a protection against an update-time/write race on resolv.conf */
1497 int reload_servers(char *fname)
1498 {
1499 FILE *f;
1500 char *line;
1501 int gotone = 0;
1502
1503 /* buff happens to be MAXDNAME long... */
1504 if (!(f = fopen(fname, "r")))
1505 {
1506 my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno));
1507 return 0;
1508 }
1509
1510 mark_servers(SERV_FROM_RESOLV);
1511
1512 while ((line = fgets(daemon->namebuff, MAXDNAME, f)))
1513 {
1514 union mysockaddr addr, source_addr;
1515 char *token = strtok(line, " \t\n\r");
1516
1517 if (!token)
1518 continue;
1519 if (strcmp(token, "nameserver") != 0 && strcmp(token, "server") != 0)
1520 continue;
1521 if (!(token = strtok(NULL, " \t\n\r")))
1522 continue;
1523
1524 memset(&addr, 0, sizeof(addr));
1525 memset(&source_addr, 0, sizeof(source_addr));
1526
1527 if ((addr.in.sin_addr.s_addr = inet_addr(token)) != (in_addr_t) -1)
1528 {
1529 #ifdef HAVE_SOCKADDR_SA_LEN
1530 source_addr.in.sin_len = addr.in.sin_len = sizeof(source_addr.in);
1531 #endif
1532 source_addr.in.sin_family = addr.in.sin_family = AF_INET;
1533 addr.in.sin_port = htons(NAMESERVER_PORT);
1534 source_addr.in.sin_addr.s_addr = INADDR_ANY;
1535 source_addr.in.sin_port = htons(daemon->query_port);
1536 }
1537 #ifdef HAVE_IPV6
1538 else
1539 {
1540 int scope_index = 0;
1541 char *scope_id = strchr(token, '%');
1542
1543 if (scope_id)
1544 {
1545 *(scope_id++) = 0;
1546 scope_index = if_nametoindex(scope_id);
1547 }
1548
1549 if (inet_pton(AF_INET6, token, &addr.in6.sin6_addr) > 0)
1550 {
1551 #ifdef HAVE_SOCKADDR_SA_LEN
1552 source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(source_addr.in6);
1553 #endif
1554 source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
1555 source_addr.in6.sin6_flowinfo = addr.in6.sin6_flowinfo = 0;
1556 addr.in6.sin6_port = htons(NAMESERVER_PORT);
1557 addr.in6.sin6_scope_id = scope_index;
1558 source_addr.in6.sin6_addr = in6addr_any;
1559 source_addr.in6.sin6_port = htons(daemon->query_port);
1560 source_addr.in6.sin6_scope_id = 0;
1561 }
1562 else
1563 continue;
1564 }
1565 #else /* IPV6 */
1566 else
1567 continue;
1568 #endif
1569
1570 add_update_server(SERV_FROM_RESOLV, &addr, &source_addr, NULL, NULL);
1571 gotone = 1;
1572 }
1573
1574 fclose(f);
1575 cleanup_servers();
1576
1577 return gotone;
1578 }
1579
1580 /* Called when addresses are added or deleted from an interface */
1581 void newaddress(time_t now)
1582 {
1583 (void)now;
1584
1585 if (option_bool(OPT_CLEVERBIND) || option_bool(OPT_LOCAL_SERVICE) ||
1586 daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
1587 enumerate_interfaces(0);
1588
1589 if (option_bool(OPT_CLEVERBIND))
1590 create_bound_listeners(0);
1591
1592 #ifdef HAVE_DHCP6
1593 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
1594 join_multicast(0);
1595
1596 if (daemon->doing_dhcp6 || daemon->doing_ra)
1597 dhcp_construct_contexts(now);
1598
1599 if (daemon->doing_dhcp6)
1600 lease_find_interfaces(now);
1601 #endif
1602 }
1603
1604
1605
1606
1607
Michael's tree of dnsmasq.