1 /* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 #ifndef IN6_IS_ADDR_ULA
20 #define IN6_IS_ADDR_ULA(a) ((((__const uint32_t *) (a))[0] & htonl (0xfe00000)) == htonl (0xfc000000))
23 #ifdef HAVE_LINUX_NETWORK
25 int indextoname(int fd
, int index
, char *name
)
32 ifr
.ifr_ifindex
= index
;
33 if (ioctl(fd
, SIOCGIFNAME
, &ifr
) == -1)
36 strncpy(name
, ifr
.ifr_name
, IF_NAMESIZE
);
42 #elif defined(HAVE_SOLARIS_NETWORK)
46 #ifndef LIFC_UNDER_IPMP
47 # define LIFC_UNDER_IPMP 0
50 int indextoname(int fd
, int index
, char *name
)
54 int numifs
, bufsize
, i
;
61 if (getzoneid() == GLOBAL_ZONEID
)
63 if (!if_indextoname(index
, name
))
68 lifc_flags
= LIFC_NOXMIT
| LIFC_TEMPORARY
| LIFC_ALLZONES
| LIFC_UNDER_IPMP
;
69 lifn
.lifn_family
= AF_UNSPEC
;
70 lifn
.lifn_flags
= lifc_flags
;
71 if (ioctl(fd
, SIOCGLIFNUM
, &lifn
) < 0)
74 numifs
= lifn
.lifn_count
;
75 bufsize
= numifs
* sizeof(struct lifreq
);
77 lifc
.lifc_family
= AF_UNSPEC
;
78 lifc
.lifc_flags
= lifc_flags
;
79 lifc
.lifc_len
= bufsize
;
80 lifc
.lifc_buf
= alloca(bufsize
);
82 if (ioctl(fd
, SIOCGLIFCONF
, &lifc
) < 0)
85 lifrp
= lifc
.lifc_req
;
86 for (i
= lifc
.lifc_len
/ sizeof(struct lifreq
); i
; i
--, lifrp
++)
89 strncpy(lifr
.lifr_name
, lifrp
->lifr_name
, IF_NAMESIZE
);
90 if (ioctl(fd
, SIOCGLIFINDEX
, &lifr
) < 0)
93 if (lifr
.lifr_index
== index
) {
94 strncpy(name
, lifr
.lifr_name
, IF_NAMESIZE
);
104 int indextoname(int fd
, int index
, char *name
)
108 if (index
== 0 || !if_indextoname(index
, name
))
116 int iface_check(int family
, struct all_addr
*addr
, char *name
, int *auth
)
119 int ret
= 1, match_addr
= 0;
121 /* Note: have to check all and not bail out early, so that we set the
124 May be called with family == AF_LOCALto check interface by name only. */
129 if (daemon
->if_names
|| daemon
->if_addrs
)
133 for (tmp
= daemon
->if_names
; tmp
; tmp
= tmp
->next
)
134 if (tmp
->name
&& wildcard_match(tmp
->name
, name
))
138 for (tmp
= daemon
->if_addrs
; tmp
; tmp
= tmp
->next
)
139 if (tmp
->addr
.sa
.sa_family
== family
)
141 if (family
== AF_INET
&&
142 tmp
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
143 ret
= match_addr
= tmp
->used
= 1;
145 else if (family
== AF_INET6
&&
146 IN6_ARE_ADDR_EQUAL(&tmp
->addr
.in6
.sin6_addr
,
148 ret
= match_addr
= tmp
->used
= 1;
154 for (tmp
= daemon
->if_except
; tmp
; tmp
= tmp
->next
)
155 if (tmp
->name
&& wildcard_match(tmp
->name
, name
))
159 for (tmp
= daemon
->authinterface
; tmp
; tmp
= tmp
->next
)
162 if (strcmp(tmp
->name
, name
) == 0 &&
163 (tmp
->addr
.sa
.sa_family
== 0 || tmp
->addr
.sa
.sa_family
== family
))
166 else if (addr
&& tmp
->addr
.sa
.sa_family
== AF_INET
&& family
== AF_INET
&&
167 tmp
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
170 else if (addr
&& tmp
->addr
.sa
.sa_family
== AF_INET6
&& family
== AF_INET6
&&
171 IN6_ARE_ADDR_EQUAL(&tmp
->addr
.in6
.sin6_addr
, &addr
->addr
.addr6
))
185 /* Fix for problem that the kernel sometimes reports the loopback inerface as the
186 arrival interface when a packet originates locally, even when sent to address of
187 an interface other than the loopback. Accept packet if it arrived via a loopback
188 interface, even when we're not accepting packets that way, as long as the destination
189 address is one we're believing. Interface list must be up-to-date before calling. */
190 int loopback_exception(int fd
, int family
, struct all_addr
*addr
, char *name
)
195 strncpy(ifr
.ifr_name
, name
, IF_NAMESIZE
);
196 if (ioctl(fd
, SIOCGIFFLAGS
, &ifr
) != -1 &&
197 ifr
.ifr_flags
& IFF_LOOPBACK
)
199 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
200 if (iface
->addr
.sa
.sa_family
== family
)
202 if (family
== AF_INET
)
204 if (iface
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
208 else if (IN6_ARE_ADDR_EQUAL(&iface
->addr
.in6
.sin6_addr
, &addr
->addr
.addr6
))
217 /* If we're configured with something like --interface=eth0:0 then we'll listen correctly
218 on the relevant address, but the name of the arrival interface, derived from the
219 index won't match the config. Check that we found an interface address for the arrival
220 interface: daemon->interfaces must be up-to-date. */
221 int label_exception(int index
, int family
, struct all_addr
*addr
)
225 /* labels only supported on IPv4 addresses. */
226 if (family
!= AF_INET
)
229 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
230 if (iface
->index
== index
&& iface
->addr
.sa
.sa_family
== AF_INET
&&
231 iface
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
238 struct addrlist
*spare
;
242 static int iface_allowed(struct iface_param
*param
, int if_index
, char *label
,
243 union mysockaddr
*addr
, struct in_addr netmask
, int prefixlen
, int dad
)
246 int mtu
= 0, loopback
;
248 int tftp_ok
= !!option_bool(OPT_TFTP
);
251 #if defined(HAVE_DHCP) || defined(HAVE_TFTP)
257 if (!indextoname(param
->fd
, if_index
, ifr
.ifr_name
) ||
258 ioctl(param
->fd
, SIOCGIFFLAGS
, &ifr
) == -1)
261 loopback
= ifr
.ifr_flags
& IFF_LOOPBACK
;
266 if (ioctl(param
->fd
, SIOCGIFMTU
, &ifr
) != -1)
270 label
= ifr
.ifr_name
;
272 /* maintain a list of all addresses on all interfaces for --local-service option */
273 if (option_bool(OPT_LOCAL_SERVICE
))
280 param
->spare
= al
->next
;
283 al
= whine_malloc(sizeof(struct addrlist
));
287 al
->next
= daemon
->interface_addrs
;
288 daemon
->interface_addrs
= al
;
289 al
->prefixlen
= prefixlen
;
291 if (addr
->sa
.sa_family
== AF_INET
)
293 al
->addr
.addr
.addr4
= addr
->in
.sin_addr
;
299 al
->addr
.addr
.addr6
= addr
->in6
.sin6_addr
;
300 al
->flags
= ADDRLIST_IPV6
;
307 if (addr
->sa
.sa_family
!= AF_INET6
|| !IN6_IS_ADDR_LINKLOCAL(&addr
->in6
.sin6_addr
))
310 struct interface_name
*int_name
;
313 struct auth_zone
*zone
;
314 struct auth_name_list
*name
;
316 /* Find subnets in auth_zones */
317 for (zone
= daemon
->auth_zones
; zone
; zone
= zone
->next
)
318 for (name
= zone
->interface_names
; name
; name
= name
->next
)
319 if (wildcard_match(name
->name
, label
))
321 if (addr
->sa
.sa_family
== AF_INET
&& (name
->flags
& AUTH4
))
326 param
->spare
= al
->next
;
329 al
= whine_malloc(sizeof(struct addrlist
));
333 al
->next
= zone
->subnet
;
335 al
->prefixlen
= prefixlen
;
336 al
->addr
.addr
.addr4
= addr
->in
.sin_addr
;
342 if (addr
->sa
.sa_family
== AF_INET6
&& (name
->flags
& AUTH6
))
347 param
->spare
= al
->next
;
350 al
= whine_malloc(sizeof(struct addrlist
));
354 al
->next
= zone
->subnet
;
356 al
->prefixlen
= prefixlen
;
357 al
->addr
.addr
.addr6
= addr
->in6
.sin6_addr
;
358 al
->flags
= ADDRLIST_IPV6
;
366 /* Update addresses from interface_names. These are a set independent
367 of the set we're listening on. */
368 for (int_name
= daemon
->int_names
; int_name
; int_name
= int_name
->next
)
369 if (strncmp(label
, int_name
->intr
, IF_NAMESIZE
) == 0 &&
370 (addr
->sa
.sa_family
== int_name
->family
|| int_name
->family
== 0))
375 param
->spare
= al
->next
;
378 al
= whine_malloc(sizeof(struct addrlist
));
382 al
->next
= int_name
->addr
;
385 if (addr
->sa
.sa_family
== AF_INET
)
387 al
->addr
.addr
.addr4
= addr
->in
.sin_addr
;
393 al
->addr
.addr
.addr6
= addr
->in6
.sin6_addr
;
394 al
->flags
= ADDRLIST_IPV6
;
401 /* check whether the interface IP has been added already
402 we call this routine multiple times. */
403 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
404 if (sockaddr_isequal(&iface
->addr
, addr
))
407 iface
->found
= 1; /* for garbage collection */
411 /* If we are restricting the set of interfaces to use, make
412 sure that loopback interfaces are in that set. */
413 if (daemon
->if_names
&& loopback
)
416 for (lo
= daemon
->if_names
; lo
; lo
= lo
->next
)
417 if (lo
->name
&& strcmp(lo
->name
, ifr
.ifr_name
) == 0)
420 if (!lo
&& (lo
= whine_malloc(sizeof(struct iname
))))
422 if ((lo
->name
= whine_malloc(strlen(ifr
.ifr_name
)+1)))
424 strcpy(lo
->name
, ifr
.ifr_name
);
426 lo
->next
= daemon
->if_names
;
427 daemon
->if_names
= lo
;
434 if (addr
->sa
.sa_family
== AF_INET
&&
435 !iface_check(AF_INET
, (struct all_addr
*)&addr
->in
.sin_addr
, label
, &auth_dns
))
439 if (addr
->sa
.sa_family
== AF_INET6
&&
440 !iface_check(AF_INET6
, (struct all_addr
*)&addr
->in6
.sin6_addr
, label
, &auth_dns
))
445 /* No DHCP where we're doing auth DNS. */
452 for (tmp
= daemon
->dhcp_except
; tmp
; tmp
= tmp
->next
)
453 if (tmp
->name
&& wildcard_match(tmp
->name
, ifr
.ifr_name
))
462 if (daemon
->tftp_interfaces
)
464 /* dedicated tftp interface list */
466 for (tmp
= daemon
->tftp_interfaces
; tmp
; tmp
= tmp
->next
)
467 if (tmp
->name
&& wildcard_match(tmp
->name
, ifr
.ifr_name
))
473 if ((iface
= whine_malloc(sizeof(struct irec
))))
476 iface
->netmask
= netmask
;
477 iface
->tftp_ok
= tftp_ok
;
478 iface
->dhcp_ok
= dhcp_ok
;
479 iface
->dns_auth
= auth_dns
;
483 iface
->done
= iface
->multicast_done
= iface
->warned
= 0;
484 iface
->index
= if_index
;
485 if ((iface
->name
= whine_malloc(strlen(ifr
.ifr_name
)+1)))
487 strcpy(iface
->name
, ifr
.ifr_name
);
488 iface
->next
= daemon
->interfaces
;
489 daemon
->interfaces
= iface
;
501 static int iface_allowed_v6(struct in6_addr
*local
, int prefix
,
502 int scope
, int if_index
, int flags
,
503 int preferred
, int valid
, void *vparam
)
505 union mysockaddr addr
;
506 struct in_addr netmask
; /* dummy */
509 (void)scope
; /* warning */
513 memset(&addr
, 0, sizeof(addr
));
514 #ifdef HAVE_SOCKADDR_SA_LEN
515 addr
.in6
.sin6_len
= sizeof(addr
.in6
);
517 addr
.in6
.sin6_family
= AF_INET6
;
518 addr
.in6
.sin6_addr
= *local
;
519 addr
.in6
.sin6_port
= htons(daemon
->port
);
520 /* FreeBSD insists this is zero for non-linklocal addresses */
521 if (IN6_IS_ADDR_LINKLOCAL(local
))
522 addr
.in6
.sin6_scope_id
= if_index
;
524 addr
.in6
.sin6_scope_id
= 0;
526 return iface_allowed((struct iface_param
*)vparam
, if_index
, NULL
, &addr
, netmask
, prefix
, !!(flags
& IFACE_TENTATIVE
));
530 static int iface_allowed_v4(struct in_addr local
, int if_index
, char *label
,
531 struct in_addr netmask
, struct in_addr broadcast
, void *vparam
)
533 union mysockaddr addr
;
536 memset(&addr
, 0, sizeof(addr
));
537 #ifdef HAVE_SOCKADDR_SA_LEN
538 addr
.in
.sin_len
= sizeof(addr
.in
);
540 addr
.in
.sin_family
= AF_INET
;
541 addr
.in
.sin_addr
= broadcast
; /* warning */
542 addr
.in
.sin_addr
= local
;
543 addr
.in
.sin_port
= htons(daemon
->port
);
545 /* determine prefix length from netmask */
546 for (prefix
= 32, bit
= 1; (bit
& ntohl(netmask
.s_addr
)) == 0 && prefix
!= 0; bit
= bit
<< 1, prefix
--);
548 return iface_allowed((struct iface_param
*)vparam
, if_index
, label
, &addr
, netmask
, prefix
, 0);
551 int enumerate_interfaces(int reset
)
553 static struct addrlist
*spare
= NULL
;
554 static int done
= 0, active
= 0;
555 struct iface_param param
;
556 int errsave
, ret
= 1;
557 struct addrlist
*addr
, *tmp
;
558 struct interface_name
*intname
;
561 struct auth_zone
*zone
;
564 /* Do this max once per select cycle - also inhibits netlink socket use
565 in TCP child processes. */
578 /* protect against recusive calls from iface_enumerate(); */
581 if ((param
.fd
= socket(PF_INET
, SOCK_DGRAM
, 0)) == -1)
584 /* Mark interfaces for garbage collection */
585 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
588 /* remove addresses stored against interface_names */
589 for (intname
= daemon
->int_names
; intname
; intname
= intname
->next
)
591 for (addr
= intname
->addr
; addr
; addr
= tmp
)
598 intname
->addr
= NULL
;
601 /* Remove list of addresses of local interfaces */
602 for (addr
= daemon
->interface_addrs
; addr
; addr
= tmp
)
608 daemon
->interface_addrs
= NULL
;
611 /* remove addresses stored against auth_zone subnets, but not
612 ones configured as address literals */
613 for (zone
= daemon
->auth_zones
; zone
; zone
= zone
->next
)
614 if (zone
->interface_names
)
616 struct addrlist
**up
;
617 for (up
= &zone
->subnet
, addr
= zone
->subnet
; addr
; addr
= tmp
)
620 if (addr
->flags
& ADDRLIST_LITERAL
)
635 ret
= iface_enumerate(AF_INET6
, ¶m
, iface_allowed_v6
);
639 ret
= iface_enumerate(AF_INET
, ¶m
, iface_allowed_v4
);
644 if (option_bool(OPT_CLEVERBIND
))
646 /* Garbage-collect listeners listening on addresses that no longer exist.
647 Does nothing when not binding interfaces or for listeners on localhost,
648 since the ->iface field is NULL. Note that this needs the protections
649 against re-entrancy, hence it's here. It also means there's a possibility,
650 in OPT_CLEVERBIND mode, that at listener will just disappear after
651 a call to enumerate_interfaces, this is checked OK on all calls. */
652 struct listener
*l
, *tmp
, **up
;
654 for (up
= &daemon
->listeners
, l
= daemon
->listeners
; l
; l
= tmp
)
658 if (!l
->iface
|| l
->iface
->found
)
664 /* In case it ever returns */
687 /* set NONBLOCK bit on fd: See Stevens 16.6 */
692 if ((flags
= fcntl(fd
, F_GETFL
)) == -1 ||
693 fcntl(fd
, F_SETFL
, flags
| O_NONBLOCK
) == -1)
699 static int make_sock(union mysockaddr
*addr
, int type
, int dienow
)
701 int family
= addr
->sa
.sa_family
;
704 if ((fd
= socket(family
, type
, 0)) == -1)
709 /* No error if the kernel just doesn't support this IP flavour */
710 if (errno
== EPROTONOSUPPORT
||
711 errno
== EAFNOSUPPORT
||
717 port
= prettyprint_addr(addr
, daemon
->addrbuff
);
718 if (!option_bool(OPT_NOWILD
) && !option_bool(OPT_CLEVERBIND
))
719 sprintf(daemon
->addrbuff
, "port %d", port
);
720 s
= _("failed to create listening socket for %s: %s");
729 /* failure to bind addresses given by --listen-address at this point
730 is OK if we're doing bind-dynamic */
731 if (!option_bool(OPT_CLEVERBIND
))
732 die(s
, daemon
->addrbuff
, EC_BADNET
);
735 my_syslog(LOG_WARNING
, s
, daemon
->addrbuff
, strerror(errno
));
740 if (setsockopt(fd
, SOL_SOCKET
, SO_REUSEADDR
, &opt
, sizeof(opt
)) == -1 || !fix_fd(fd
))
744 if (family
== AF_INET6
&& setsockopt(fd
, IPPROTO_IPV6
, IPV6_V6ONLY
, &opt
, sizeof(opt
)) == -1)
748 if ((rc
= bind(fd
, (struct sockaddr
*)addr
, sa_len(addr
))) == -1)
751 if (type
== SOCK_STREAM
)
753 if (listen(fd
, 5) == -1)
756 else if (family
== AF_INET
)
758 if (!option_bool(OPT_NOWILD
))
760 #if defined(HAVE_LINUX_NETWORK)
761 if (setsockopt(fd
, IPPROTO_IP
, IP_PKTINFO
, &opt
, sizeof(opt
)) == -1)
763 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
764 if (setsockopt(fd
, IPPROTO_IP
, IP_RECVDSTADDR
, &opt
, sizeof(opt
)) == -1 ||
765 setsockopt(fd
, IPPROTO_IP
, IP_RECVIF
, &opt
, sizeof(opt
)) == -1)
771 else if (!set_ipv6pktinfo(fd
))
779 int set_ipv6pktinfo(int fd
)
783 /* The API changed around Linux 2.6.14 but the old ABI is still supported:
784 handle all combinations of headers and kernel.
785 OpenWrt note that this fixes the problem addressed by your very broken patch. */
786 daemon
->v6pktinfo
= IPV6_PKTINFO
;
788 #ifdef IPV6_RECVPKTINFO
789 if (setsockopt(fd
, IPPROTO_IPV6
, IPV6_RECVPKTINFO
, &opt
, sizeof(opt
)) != -1)
791 # ifdef IPV6_2292PKTINFO
792 else if (errno
== ENOPROTOOPT
&& setsockopt(fd
, IPPROTO_IPV6
, IPV6_2292PKTINFO
, &opt
, sizeof(opt
)) != -1)
794 daemon
->v6pktinfo
= IPV6_2292PKTINFO
;
799 if (setsockopt(fd
, IPPROTO_IPV6
, IPV6_PKTINFO
, &opt
, sizeof(opt
)) != -1)
808 /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
809 int tcp_interface(int fd
, int af
)
813 #ifdef HAVE_LINUX_NETWORK
815 struct cmsghdr
*cmptr
;
818 /* use mshdr do that the CMSDG_* macros are available */
819 msg
.msg_control
= daemon
->packet
;
820 msg
.msg_controllen
= daemon
->packet_buff_sz
;
822 /* we overwrote the buffer... */
823 daemon
->srv_save
= NULL
;
827 if (setsockopt(fd
, IPPROTO_IP
, IP_PKTINFO
, &opt
, sizeof(opt
)) != -1 &&
828 getsockopt(fd
, IPPROTO_IP
, IP_PKTOPTIONS
, msg
.msg_control
, (socklen_t
*)&msg
.msg_controllen
) != -1)
829 for (cmptr
= CMSG_FIRSTHDR(&msg
); cmptr
; cmptr
= CMSG_NXTHDR(&msg
, cmptr
))
830 if (cmptr
->cmsg_level
== IPPROTO_IP
&& cmptr
->cmsg_type
== IP_PKTINFO
)
834 struct in_pktinfo
*p
;
837 p
.c
= CMSG_DATA(cmptr
);
838 if_index
= p
.p
->ipi_ifindex
;
844 /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
845 it was removed in RFC-3542 !!!!
847 Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
848 uses the old ABI, and should work with pre- and post-3542 kernel headers */
850 #ifdef IPV6_2292PKTOPTIONS
851 # define PKTOPTIONS IPV6_2292PKTOPTIONS
853 # define PKTOPTIONS IPV6_PKTOPTIONS
856 if (set_ipv6pktinfo(fd
) &&
857 getsockopt(fd
, IPPROTO_IPV6
, PKTOPTIONS
, msg
.msg_control
, (socklen_t
*)&msg
.msg_controllen
) != -1)
859 for (cmptr
= CMSG_FIRSTHDR(&msg
); cmptr
; cmptr
= CMSG_NXTHDR(&msg
, cmptr
))
860 if (cmptr
->cmsg_level
== IPPROTO_IPV6
&& cmptr
->cmsg_type
== daemon
->v6pktinfo
)
864 struct in6_pktinfo
*p
;
866 p
.c
= CMSG_DATA(cmptr
);
868 if_index
= p
.p
->ipi6_ifindex
;
878 static struct listener
*create_listeners(union mysockaddr
*addr
, int do_tftp
, int dienow
)
880 struct listener
*l
= NULL
;
881 int fd
= -1, tcpfd
= -1, tftpfd
= -1;
885 if (daemon
->port
!= 0)
887 fd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
888 tcpfd
= make_sock(addr
, SOCK_STREAM
, dienow
);
894 if (addr
->sa
.sa_family
== AF_INET
)
896 /* port must be restored to DNS port for TCP code */
897 short save
= addr
->in
.sin_port
;
898 addr
->in
.sin_port
= htons(TFTP_PORT
);
899 tftpfd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
900 addr
->in
.sin_port
= save
;
905 short save
= addr
->in6
.sin6_port
;
906 addr
->in6
.sin6_port
= htons(TFTP_PORT
);
907 tftpfd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
908 addr
->in6
.sin6_port
= save
;
914 if (fd
!= -1 || tcpfd
!= -1 || tftpfd
!= -1)
916 l
= safe_malloc(sizeof(struct listener
));
918 l
->family
= addr
->sa
.sa_family
;
928 void create_wildcard_listeners(void)
930 union mysockaddr addr
;
931 struct listener
*l
, *l6
;
933 memset(&addr
, 0, sizeof(addr
));
934 #ifdef HAVE_SOCKADDR_SA_LEN
935 addr
.in
.sin_len
= sizeof(addr
.in
);
937 addr
.in
.sin_family
= AF_INET
;
938 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
939 addr
.in
.sin_port
= htons(daemon
->port
);
941 l
= create_listeners(&addr
, !!option_bool(OPT_TFTP
), 1);
944 memset(&addr
, 0, sizeof(addr
));
945 # ifdef HAVE_SOCKADDR_SA_LEN
946 addr
.in6
.sin6_len
= sizeof(addr
.in6
);
948 addr
.in6
.sin6_family
= AF_INET6
;
949 addr
.in6
.sin6_addr
= in6addr_any
;
950 addr
.in6
.sin6_port
= htons(daemon
->port
);
952 l6
= create_listeners(&addr
, !!option_bool(OPT_TFTP
), 1);
959 daemon
->listeners
= l
;
962 void create_bound_listeners(int dienow
)
964 struct listener
*new;
966 struct iname
*if_tmp
;
968 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
969 if (!iface
->done
&& !iface
->dad
&& iface
->found
&&
970 (new = create_listeners(&iface
->addr
, iface
->tftp_ok
, dienow
)))
973 new->next
= daemon
->listeners
;
974 daemon
->listeners
= new;
978 /* Check for --listen-address options that haven't been used because there's
979 no interface with a matching address. These may be valid: eg it's possible
980 to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
982 If the address isn't valid the bind() will fail and we'll die()
983 (except in bind-dynamic mode, when we'll complain but keep trying.)
985 The resulting listeners have the ->iface field NULL, and this has to be
986 handled by the DNS and TFTP code. It disables --localise-queries processing
987 (no netmask) and some MTU login the tftp code. */
989 for (if_tmp
= daemon
->if_addrs
; if_tmp
; if_tmp
= if_tmp
->next
)
991 (new = create_listeners(&if_tmp
->addr
, !!option_bool(OPT_TFTP
), dienow
)))
993 new->next
= daemon
->listeners
;
994 daemon
->listeners
= new;
998 /* In --bind-interfaces, the only access control is the addresses we're listening on.
999 There's nothing to avoid a query to the address of an internal interface arriving via
1000 an external interface where we don't want to accept queries, except that in the usual
1001 case the addresses of internal interfaces are RFC1918. When bind-interfaces in use,
1002 and we listen on an address that looks like it's probably globally routeable, shout.
1004 The fix is to use --bind-dynamic, which actually checks the arrival interface too.
1005 Tough if your platform doesn't support this.
1007 Note that checking the arrival interface is supported in the standard IPv6 API and
1008 always done, so we don't warn about any IPv6 addresses here.
1011 void warn_bound_listeners(void)
1016 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1017 if (!iface
->dns_auth
)
1019 if (iface
->addr
.sa
.sa_family
== AF_INET
)
1021 if (!private_net(iface
->addr
.in
.sin_addr
, 1))
1023 inet_ntop(AF_INET
, &iface
->addr
.in
.sin_addr
, daemon
->addrbuff
, ADDRSTRLEN
);
1024 iface
->warned
= advice
= 1;
1025 my_syslog(LOG_WARNING
,
1026 _("LOUD WARNING: listening on %s may accept requests via interfaces other than %s"),
1027 daemon
->addrbuff
, iface
->name
);
1033 my_syslog(LOG_WARNING
, _("LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"));
1036 void warn_int_names(void)
1038 struct interface_name
*intname
;
1040 for (intname
= daemon
->int_names
; intname
; intname
= intname
->next
)
1042 my_syslog(LOG_WARNING
, _("warning: no addresses found for interface %s"), intname
->intr
);
1045 int is_dad_listeners(void)
1049 if (option_bool(OPT_NOWILD
))
1050 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1051 if (iface
->dad
&& !iface
->done
)
1058 void join_multicast(int dienow
)
1060 struct irec
*iface
, *tmp
;
1062 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1063 if (iface
->addr
.sa
.sa_family
== AF_INET6
&& iface
->dhcp_ok
&& !iface
->multicast_done
)
1065 /* There's an irec per address but we only want to join for multicast
1066 once per interface. Weed out duplicates. */
1067 for (tmp
= daemon
->interfaces
; tmp
; tmp
= tmp
->next
)
1068 if (tmp
->multicast_done
&& tmp
->index
== iface
->index
)
1071 iface
->multicast_done
= 1;
1075 struct ipv6_mreq mreq
;
1078 mreq
.ipv6mr_interface
= iface
->index
;
1080 inet_pton(AF_INET6
, ALL_RELAY_AGENTS_AND_SERVERS
, &mreq
.ipv6mr_multiaddr
);
1082 if ((daemon
->doing_dhcp6
|| daemon
->relay6
) &&
1083 setsockopt(daemon
->dhcp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
1086 inet_pton(AF_INET6
, ALL_SERVERS
, &mreq
.ipv6mr_multiaddr
);
1088 if (daemon
->doing_dhcp6
&&
1089 setsockopt(daemon
->dhcp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
1092 inet_pton(AF_INET6
, ALL_ROUTERS
, &mreq
.ipv6mr_multiaddr
);
1094 if (daemon
->doing_ra
&&
1095 setsockopt(daemon
->icmp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
1100 char *s
= _("interface %s failed to join DHCPv6 multicast group: %s");
1102 die(s
, iface
->name
, EC_BADNET
);
1104 my_syslog(LOG_ERR
, s
, iface
->name
, strerror(errno
));
1111 /* return a UDP socket bound to a random port, have to cope with straying into
1112 occupied port nos and reserved ones. */
1113 int random_sock(int family
)
1117 if ((fd
= socket(family
, SOCK_DGRAM
, 0)) != -1)
1119 union mysockaddr addr
;
1120 unsigned int ports_avail
= 65536u - (unsigned short)daemon
->min_port
;
1121 int tries
= ports_avail
< 30 ? 3 * ports_avail
: 100;
1123 memset(&addr
, 0, sizeof(addr
));
1124 addr
.sa
.sa_family
= family
;
1126 /* don't loop forever if all ports in use. */
1131 unsigned short port
= rand16();
1133 if (daemon
->min_port
!= 0)
1134 port
= htons(daemon
->min_port
+ (port
% ((unsigned short)ports_avail
)));
1136 if (family
== AF_INET
)
1138 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
1139 addr
.in
.sin_port
= port
;
1140 #ifdef HAVE_SOCKADDR_SA_LEN
1141 addr
.in
.sin_len
= sizeof(struct sockaddr_in
);
1147 addr
.in6
.sin6_addr
= in6addr_any
;
1148 addr
.in6
.sin6_port
= port
;
1149 #ifdef HAVE_SOCKADDR_SA_LEN
1150 addr
.in6
.sin6_len
= sizeof(struct sockaddr_in6
);
1155 if (bind(fd
, (struct sockaddr
*)&addr
, sa_len(&addr
)) == 0)
1158 if (errno
!= EADDRINUSE
&& errno
!= EACCES
)
1169 int local_bind(int fd
, union mysockaddr
*addr
, char *intname
, int is_tcp
)
1171 union mysockaddr addr_copy
= *addr
;
1173 /* cannot set source _port_ for TCP connections. */
1176 if (addr_copy
.sa
.sa_family
== AF_INET
)
1177 addr_copy
.in
.sin_port
= 0;
1180 addr_copy
.in6
.sin6_port
= 0;
1184 if (bind(fd
, (struct sockaddr
*)&addr_copy
, sa_len(&addr_copy
)) == -1)
1187 #if defined(SO_BINDTODEVICE)
1188 if (intname
[0] != 0 &&
1189 setsockopt(fd
, SOL_SOCKET
, SO_BINDTODEVICE
, intname
, IF_NAMESIZE
) == -1)
1196 static struct serverfd
*allocate_sfd(union mysockaddr
*addr
, char *intname
)
1198 struct serverfd
*sfd
;
1201 /* when using random ports, servers which would otherwise use
1202 the INADDR_ANY/port0 socket have sfd set to NULL */
1203 if (!daemon
->osport
&& intname
[0] == 0)
1207 if (addr
->sa
.sa_family
== AF_INET
&&
1208 addr
->in
.sin_addr
.s_addr
== INADDR_ANY
&&
1209 addr
->in
.sin_port
== htons(0))
1213 if (addr
->sa
.sa_family
== AF_INET6
&&
1214 memcmp(&addr
->in6
.sin6_addr
, &in6addr_any
, sizeof(in6addr_any
)) == 0 &&
1215 addr
->in6
.sin6_port
== htons(0))
1220 /* may have a suitable one already */
1221 for (sfd
= daemon
->sfds
; sfd
; sfd
= sfd
->next
)
1222 if (sockaddr_isequal(&sfd
->source_addr
, addr
) &&
1223 strcmp(intname
, sfd
->interface
) == 0)
1226 /* need to make a new one. */
1227 errno
= ENOMEM
; /* in case malloc fails. */
1228 if (!(sfd
= whine_malloc(sizeof(struct serverfd
))))
1231 if ((sfd
->fd
= socket(addr
->sa
.sa_family
, SOCK_DGRAM
, 0)) == -1)
1237 if (!local_bind(sfd
->fd
, addr
, intname
, 0) || !fix_fd(sfd
->fd
))
1239 errsave
= errno
; /* save error from bind. */
1246 strcpy(sfd
->interface
, intname
);
1247 sfd
->source_addr
= *addr
;
1248 sfd
->next
= daemon
->sfds
;
1253 /* create upstream sockets during startup, before root is dropped which may be needed
1254 this allows query_port to be a low port and interface binding */
1255 void pre_allocate_sfds(void)
1259 if (daemon
->query_port
!= 0)
1261 union mysockaddr addr
;
1262 memset(&addr
, 0, sizeof(addr
));
1263 addr
.in
.sin_family
= AF_INET
;
1264 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
1265 addr
.in
.sin_port
= htons(daemon
->query_port
);
1266 #ifdef HAVE_SOCKADDR_SA_LEN
1267 addr
.in
.sin_len
= sizeof(struct sockaddr_in
);
1269 allocate_sfd(&addr
, "");
1271 memset(&addr
, 0, sizeof(addr
));
1272 addr
.in6
.sin6_family
= AF_INET6
;
1273 addr
.in6
.sin6_addr
= in6addr_any
;
1274 addr
.in6
.sin6_port
= htons(daemon
->query_port
);
1275 #ifdef HAVE_SOCKADDR_SA_LEN
1276 addr
.in6
.sin6_len
= sizeof(struct sockaddr_in6
);
1278 allocate_sfd(&addr
, "");
1282 for (srv
= daemon
->servers
; srv
; srv
= srv
->next
)
1283 if (!(srv
->flags
& (SERV_LITERAL_ADDRESS
| SERV_NO_ADDR
| SERV_USE_RESOLV
| SERV_NO_REBIND
)) &&
1284 !allocate_sfd(&srv
->source_addr
, srv
->interface
) &&
1286 option_bool(OPT_NOWILD
))
1288 prettyprint_addr(&srv
->source_addr
, daemon
->namebuff
);
1289 if (srv
->interface
[0] != 0)
1291 strcat(daemon
->namebuff
, " ");
1292 strcat(daemon
->namebuff
, srv
->interface
);
1294 die(_("failed to bind server socket for %s: %s"),
1295 daemon
->namebuff
, EC_BADNET
);
1299 void mark_servers(int flag
)
1301 struct server
*serv
;
1303 /* mark everything with argument flag */
1304 for (serv
= daemon
->servers
; serv
; serv
= serv
->next
)
1305 if (serv
->flags
& flag
)
1306 serv
->flags
|= SERV_MARK
;
1309 void cleanup_servers(void)
1311 struct server
*serv
, *tmp
, **up
;
1313 /* unlink and free anything still marked. */
1314 for (serv
= daemon
->servers
, up
= &daemon
->servers
; serv
; serv
= tmp
)
1317 if (serv
->flags
& SERV_MARK
)
1330 void add_update_server(int flags
,
1331 union mysockaddr
*addr
,
1332 union mysockaddr
*source_addr
,
1333 const char *interface
,
1336 struct server
*serv
, *next
= NULL
;
1337 char *domain_str
= NULL
;
1339 /* See if there is a suitable candidate, and unmark */
1340 for (serv
= daemon
->servers
; serv
; serv
= serv
->next
)
1341 if (serv
->flags
& SERV_MARK
)
1345 if (!(serv
->flags
& SERV_HAS_DOMAIN
) || !hostname_isequal(domain
, serv
->domain
))
1350 if (serv
->flags
& SERV_HAS_DOMAIN
)
1359 domain_str
= serv
->domain
;
1362 else if ((serv
= whine_malloc(sizeof (struct server
))))
1364 /* Not found, create a new one. */
1365 if (domain
&& !(domain_str
= whine_malloc(strlen(domain
)+1)))
1373 /* Add to the end of the chain, for order */
1374 if (!daemon
->servers
)
1375 daemon
->servers
= serv
;
1378 for (s
= daemon
->servers
; s
->next
; s
= s
->next
);
1382 strcpy(domain_str
, domain
);
1388 memset(serv
, 0, sizeof(struct server
));
1389 serv
->flags
= flags
;
1390 serv
->domain
= domain_str
;
1392 serv
->queries
= serv
->failed_queries
= 0;
1395 serv
->flags
|= SERV_HAS_DOMAIN
;
1398 strcpy(serv
->interface
, interface
);
1402 serv
->source_addr
= *source_addr
;
1406 void check_servers(void)
1409 struct server
*serv
;
1412 /* interface may be new since startup */
1413 if (!option_bool(OPT_NOWILD
))
1414 enumerate_interfaces(0);
1416 for (serv
= daemon
->servers
; serv
; serv
= serv
->next
)
1418 if (!(serv
->flags
& (SERV_LITERAL_ADDRESS
| SERV_NO_ADDR
| SERV_USE_RESOLV
| SERV_NO_REBIND
)))
1420 port
= prettyprint_addr(&serv
->addr
, daemon
->namebuff
);
1422 /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
1423 if (serv
->addr
.sa
.sa_family
== AF_INET
&&
1424 serv
->addr
.in
.sin_addr
.s_addr
== 0)
1426 serv
->flags
|= SERV_MARK
;
1430 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1431 if (sockaddr_isequal(&serv
->addr
, &iface
->addr
))
1435 my_syslog(LOG_WARNING
, _("ignoring nameserver %s - local interface"), daemon
->namebuff
);
1436 serv
->flags
|= SERV_MARK
;
1440 /* Do we need a socket set? */
1442 !(serv
->sfd
= allocate_sfd(&serv
->source_addr
, serv
->interface
)) &&
1445 my_syslog(LOG_WARNING
,
1446 _("ignoring nameserver %s - cannot make/bind socket: %s"),
1447 daemon
->namebuff
, strerror(errno
));
1448 serv
->flags
|= SERV_MARK
;
1453 if (!(serv
->flags
& SERV_NO_REBIND
))
1455 if (serv
->flags
& (SERV_HAS_DOMAIN
| SERV_FOR_NODOTS
| SERV_USE_RESOLV
))
1458 if (!(serv
->flags
& SERV_HAS_DOMAIN
))
1459 s1
= _("unqualified"), s2
= _("names");
1460 else if (strlen(serv
->domain
) == 0)
1461 s1
= _("default"), s2
= "";
1463 s1
= _("domain"), s2
= serv
->domain
;
1465 if (serv
->flags
& SERV_NO_ADDR
)
1466 my_syslog(LOG_INFO
, _("using local addresses only for %s %s"), s1
, s2
);
1467 else if (serv
->flags
& SERV_USE_RESOLV
)
1468 my_syslog(LOG_INFO
, _("using standard nameservers for %s %s"), s1
, s2
);
1469 else if (!(serv
->flags
& SERV_LITERAL_ADDRESS
))
1470 my_syslog(LOG_INFO
, _("using nameserver %s#%d for %s %s"), daemon
->namebuff
, port
, s1
, s2
);
1472 else if (serv
->interface
[0] != 0)
1473 my_syslog(LOG_INFO
, _("using nameserver %s#%d(via %s)"), daemon
->namebuff
, port
, serv
->interface
);
1475 my_syslog(LOG_INFO
, _("using nameserver %s#%d"), daemon
->namebuff
, port
);
1482 /* Return zero if no servers found, in that case we keep polling.
1483 This is a protection against an update-time/write race on resolv.conf */
1484 int reload_servers(char *fname
)
1490 /* buff happens to be MAXDNAME long... */
1491 if (!(f
= fopen(fname
, "r")))
1493 my_syslog(LOG_ERR
, _("failed to read %s: %s"), fname
, strerror(errno
));
1497 mark_servers(SERV_FROM_RESOLV
);
1499 while ((line
= fgets(daemon
->namebuff
, MAXDNAME
, f
)))
1501 union mysockaddr addr
, source_addr
;
1502 char *token
= strtok(line
, " \t\n\r");
1506 if (strcmp(token
, "nameserver") != 0 && strcmp(token
, "server") != 0)
1508 if (!(token
= strtok(NULL
, " \t\n\r")))
1511 memset(&addr
, 0, sizeof(addr
));
1512 memset(&source_addr
, 0, sizeof(source_addr
));
1514 if ((addr
.in
.sin_addr
.s_addr
= inet_addr(token
)) != (in_addr_t
) -1)
1516 #ifdef HAVE_SOCKADDR_SA_LEN
1517 source_addr
.in
.sin_len
= addr
.in
.sin_len
= sizeof(source_addr
.in
);
1519 source_addr
.in
.sin_family
= addr
.in
.sin_family
= AF_INET
;
1520 addr
.in
.sin_port
= htons(NAMESERVER_PORT
);
1521 source_addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
1522 source_addr
.in
.sin_port
= htons(daemon
->query_port
);
1527 int scope_index
= 0;
1528 char *scope_id
= strchr(token
, '%');
1533 scope_index
= if_nametoindex(scope_id
);
1536 if (inet_pton(AF_INET6
, token
, &addr
.in6
.sin6_addr
) > 0)
1538 #ifdef HAVE_SOCKADDR_SA_LEN
1539 source_addr
.in6
.sin6_len
= addr
.in6
.sin6_len
= sizeof(source_addr
.in6
);
1541 source_addr
.in6
.sin6_family
= addr
.in6
.sin6_family
= AF_INET6
;
1542 source_addr
.in6
.sin6_flowinfo
= addr
.in6
.sin6_flowinfo
= 0;
1543 addr
.in6
.sin6_port
= htons(NAMESERVER_PORT
);
1544 addr
.in6
.sin6_scope_id
= scope_index
;
1545 source_addr
.in6
.sin6_addr
= in6addr_any
;
1546 source_addr
.in6
.sin6_port
= htons(daemon
->query_port
);
1547 source_addr
.in6
.sin6_scope_id
= 0;
1557 add_update_server(SERV_FROM_RESOLV
, &addr
, &source_addr
, NULL
, NULL
);
1567 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_BSD_NETWORK)
1568 /* Called when addresses are added or deleted from an interface */
1569 void newaddress(time_t now
)
1573 if (option_bool(OPT_CLEVERBIND
) || option_bool(OPT_LOCAL_SERVICE
) ||
1574 daemon
->doing_dhcp6
|| daemon
->relay6
|| daemon
->doing_ra
)
1575 enumerate_interfaces(0);
1577 if (option_bool(OPT_CLEVERBIND
))
1578 create_bound_listeners(0);
1581 if (daemon
->doing_dhcp6
|| daemon
->relay6
|| daemon
->doing_ra
)
1584 if (daemon
->doing_dhcp6
|| daemon
->doing_ra
)
1585 dhcp_construct_contexts(now
);
1587 if (daemon
->doing_dhcp6
)
1588 lease_find_interfaces(now
);