]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/network.c
projects / people / ms / dnsmasq.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Provide independent control over which interfaces get TFTP.
[people/ms/dnsmasq.git] / src / network.c
1 /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 #include "dnsmasq.h"
18
19 #ifdef HAVE_LINUX_NETWORK
20
21 int indextoname(int fd, int index, char *name)
22 {
23 struct ifreq ifr;
24
25 if (index == 0)
26 return 0;
27
28 ifr.ifr_ifindex = index;
29 if (ioctl(fd, SIOCGIFNAME, &ifr) == -1)
30 return 0;
31
32 strncpy(name, ifr.ifr_name, IF_NAMESIZE);
33
34 return 1;
35 }
36
37
38 #elif defined(HAVE_SOLARIS_NETWORK)
39
40 #include <zone.h>
41 #include <alloca.h>
42 #ifndef LIFC_UNDER_IPMP
43 # define LIFC_UNDER_IPMP 0
44 #endif
45
46 int indextoname(int fd, int index, char *name)
47 {
48 int64_t lifc_flags;
49 struct lifnum lifn;
50 int numifs, bufsize, i;
51 struct lifconf lifc;
52 struct lifreq *lifrp;
53
54 if (index == 0)
55 return 0;
56
57 if (getzoneid() == GLOBAL_ZONEID)
58 {
59 if (!if_indextoname(index, name))
60 return 0;
61 return 1;
62 }
63
64 lifc_flags = LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES | LIFC_UNDER_IPMP;
65 lifn.lifn_family = AF_UNSPEC;
66 lifn.lifn_flags = lifc_flags;
67 if (ioctl(fd, SIOCGLIFNUM, &lifn) < 0)
68 return 0;
69
70 numifs = lifn.lifn_count;
71 bufsize = numifs * sizeof(struct lifreq);
72
73 lifc.lifc_family = AF_UNSPEC;
74 lifc.lifc_flags = lifc_flags;
75 lifc.lifc_len = bufsize;
76 lifc.lifc_buf = alloca(bufsize);
77
78 if (ioctl(fd, SIOCGLIFCONF, &lifc) < 0)
79 return 0;
80
81 lifrp = lifc.lifc_req;
82 for (i = lifc.lifc_len / sizeof(struct lifreq); i; i--, lifrp++)
83 {
84 struct lifreq lifr;
85 strncpy(lifr.lifr_name, lifrp->lifr_name, IF_NAMESIZE);
86 if (ioctl(fd, SIOCGLIFINDEX, &lifr) < 0)
87 return 0;
88
89 if (lifr.lifr_index == index) {
90 strncpy(name, lifr.lifr_name, IF_NAMESIZE);
91 return 1;
92 }
93 }
94 return 0;
95 }
96
97
98 #else
99
100 int indextoname(int fd, int index, char *name)
101 {
102 (void)fd;
103
104 if (index == 0 || !if_indextoname(index, name))
105 return 0;
106
107 return 1;
108 }
109
110 #endif
111
112 int iface_check(int family, struct all_addr *addr, char *name, int *auth)
113 {
114 struct iname *tmp;
115 int ret = 1, match_addr = 0;
116
117 /* Note: have to check all and not bail out early, so that we set the
118 "used" flags. */
119
120 if (auth)
121 *auth = 0;
122
123 if (daemon->if_names || daemon->if_addrs)
124 {
125 ret = 0;
126
127 for (tmp = daemon->if_names; tmp; tmp = tmp->next)
128 if (tmp->name && wildcard_match(tmp->name, name))
129 ret = tmp->used = 1;
130
131 if (addr)
132 for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
133 if (tmp->addr.sa.sa_family == family)
134 {
135 if (family == AF_INET &&
136 tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
137 ret = match_addr = tmp->used = 1;
138 #ifdef HAVE_IPV6
139 else if (family == AF_INET6 &&
140 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr,
141 &addr->addr.addr6))
142 ret = match_addr = tmp->used = 1;
143 #endif
144 }
145 }
146
147 if (!match_addr)
148 for (tmp = daemon->if_except; tmp; tmp = tmp->next)
149 if (tmp->name && wildcard_match(tmp->name, name))
150 ret = 0;
151
152
153 for (tmp = daemon->authinterface; tmp; tmp = tmp->next)
154 if (tmp->name)
155 {
156 if (strcmp(tmp->name, name) == 0)
157 break;
158 }
159 else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET &&
160 tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
161 break;
162 #ifdef HAVE_IPV6
163 else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 &&
164 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6))
165 break;
166 #endif
167
168 if (tmp && auth)
169 {
170 *auth = 1;
171 ret = 1;
172 }
173
174 return ret;
175 }
176
177
178 /* Fix for problem that the kernel sometimes reports the loopback inerface as the
179 arrival interface when a packet originates locally, even when sent to address of
180 an interface other than the loopback. Accept packet if it arrived via a loopback
181 interface, even when we're not accepting packets that way, as long as the destination
182 address is one we're believing. Interface list must be up-to-date before calling. */
183 int loopback_exception(int fd, int family, struct all_addr *addr, char *name)
184 {
185 struct ifreq ifr;
186 struct irec *iface;
187
188 strncpy(ifr.ifr_name, name, IF_NAMESIZE);
189 if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 &&
190 ifr.ifr_flags & IFF_LOOPBACK)
191 {
192 for (iface = daemon->interfaces; iface; iface = iface->next)
193 if (iface->addr.sa.sa_family == family)
194 {
195 if (family == AF_INET)
196 {
197 if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
198 return 1;
199 }
200 #ifdef HAVE_IPV6
201 else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6))
202 return 1;
203 #endif
204
205 }
206 }
207 return 0;
208 }
209
210 /* If we're configured with something like --interface=eth0:0 then we'll listen correctly
211 on the relevant address, but the name of the arrival interface, derived from the
212 index won't match the config. Check that we found an interface address for the arrival
213 interface: daemon->interfaces must be up-to-date. */
214 int label_exception(int index, int family, struct all_addr *addr)
215 {
216 struct irec *iface;
217
218 /* labels only supported on IPv4 addresses. */
219 if (family != AF_INET)
220 return 0;
221
222 for (iface = daemon->interfaces; iface; iface = iface->next)
223 if (iface->index == index && iface->addr.sa.sa_family == AF_INET &&
224 iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
225 return 1;
226
227 return 0;
228 }
229
230 struct iface_param {
231 struct addrlist *spare;
232 int fd;
233 };
234
235 static int iface_allowed(struct iface_param *param, int if_index, char *label,
236 union mysockaddr *addr, struct in_addr netmask, int dad)
237 {
238 struct irec *iface;
239 int mtu = 0, loopback;
240 struct ifreq ifr;
241 int tftp_ok = !!option_bool(OPT_TFTP);
242 int dhcp_ok = 1;
243 int auth_dns = 0;
244 #ifdef HAVE_DHCP
245 struct iname *tmp;
246 #endif
247
248 if (!indextoname(param->fd, if_index, ifr.ifr_name) ||
249 ioctl(param->fd, SIOCGIFFLAGS, &ifr) == -1)
250 return 0;
251
252 loopback = ifr.ifr_flags & IFF_LOOPBACK;
253
254 if (loopback)
255 dhcp_ok = 0;
256
257 if (ioctl(param->fd, SIOCGIFMTU, &ifr) != -1)
258 mtu = ifr.ifr_mtu;
259
260 if (!label)
261 label = ifr.ifr_name;
262
263
264 /* Update addresses from interface_names. These are a set independent
265 of the set we're listening on. */
266 #ifdef HAVE_IPV6
267 if (addr->sa.sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr))
268 #endif
269 {
270 struct interface_name *int_name;
271 struct addrlist *al;
272
273 for (int_name = daemon->int_names; int_name; int_name = int_name->next)
274 if (strncmp(label, int_name->intr, IF_NAMESIZE) == 0)
275 {
276 if (param->spare)
277 {
278 al = param->spare;
279 param->spare = al->next;
280 }
281 else
282 al = whine_malloc(sizeof(struct addrlist));
283
284 if (al)
285 {
286 if (addr->sa.sa_family == AF_INET)
287 {
288 al->addr.addr.addr4 = addr->in.sin_addr;
289 al->next = int_name->addr4;
290 int_name->addr4 = al;
291 }
292 #ifdef HAVE_IPV6
293 else
294 {
295 al->addr.addr.addr6 = addr->in6.sin6_addr;
296 al->next = int_name->addr6;
297 int_name->addr6 = al;
298 }
299 #endif
300 }
301 }
302 }
303
304 /* check whether the interface IP has been added already
305 we call this routine multiple times. */
306 for (iface = daemon->interfaces; iface; iface = iface->next)
307 if (sockaddr_isequal(&iface->addr, addr))
308 {
309 iface->dad = dad;
310 return 1;
311 }
312
313 /* If we are restricting the set of interfaces to use, make
314 sure that loopback interfaces are in that set. */
315 if (daemon->if_names && loopback)
316 {
317 struct iname *lo;
318 for (lo = daemon->if_names; lo; lo = lo->next)
319 if (lo->name && strcmp(lo->name, ifr.ifr_name) == 0)
320 break;
321
322 if (!lo && (lo = whine_malloc(sizeof(struct iname))))
323 {
324 if ((lo->name = whine_malloc(strlen(ifr.ifr_name)+1)))
325 {
326 strcpy(lo->name, ifr.ifr_name);
327 lo->used = 1;
328 lo->next = daemon->if_names;
329 daemon->if_names = lo;
330 }
331 else
332 free(lo);
333 }
334 }
335
336 if (addr->sa.sa_family == AF_INET &&
337 !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns))
338 return 1;
339
340 #ifdef HAVE_IPV6
341 if (addr->sa.sa_family == AF_INET6 &&
342 !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns))
343 return 1;
344 #endif
345
346 #ifdef HAVE_DHCP
347 /* No DHCP where we're doing auth DNS. */
348 if (auth_dns)
349 {
350 tftp_ok = 0;
351 dhcp_ok = 0;
352 }
353 else
354 for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
355 if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
356 {
357 tftp_ok = 0;
358 dhcp_ok = 0;
359 }
360 #endif
361
362
363 if (daemon->tftp_interfaces)
364 {
365 /* dedicated tftp interface list */
366 tftp_ok = 0;
367 for (tmp = daemon->tftp_interfaces; tmp; tmp = tmp->next)
368 if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
369 tftp_ok = 1;
370 }
371
372 /* add to list */
373 if ((iface = whine_malloc(sizeof(struct irec))))
374 {
375 iface->addr = *addr;
376 iface->netmask = netmask;
377 iface->tftp_ok = tftp_ok;
378 iface->dhcp_ok = dhcp_ok;
379 iface->dns_auth = auth_dns;
380 iface->mtu = mtu;
381 iface->dad = dad;
382 iface->done = iface->multicast_done = 0;
383 iface->index = if_index;
384 if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1)))
385 {
386 strcpy(iface->name, ifr.ifr_name);
387 iface->next = daemon->interfaces;
388 daemon->interfaces = iface;
389 return 1;
390 }
391 free(iface);
392
393 }
394
395 errno = ENOMEM;
396 return 0;
397 }
398
399 #ifdef HAVE_IPV6
400 static int iface_allowed_v6(struct in6_addr *local, int prefix,
401 int scope, int if_index, int flags,
402 int preferred, int valid, void *vparam)
403 {
404 union mysockaddr addr;
405 struct in_addr netmask; /* dummy */
406 netmask.s_addr = 0;
407
408 (void)prefix; /* warning */
409 (void)scope; /* warning */
410 (void)preferred;
411 (void)valid;
412
413 memset(&addr, 0, sizeof(addr));
414 #ifdef HAVE_SOCKADDR_SA_LEN
415 addr.in6.sin6_len = sizeof(addr.in6);
416 #endif
417 addr.in6.sin6_family = AF_INET6;
418 addr.in6.sin6_addr = *local;
419 addr.in6.sin6_port = htons(daemon->port);
420 addr.in6.sin6_scope_id = if_index;
421
422 return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, !!(flags & IFACE_TENTATIVE));
423 }
424 #endif
425
426 static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
427 struct in_addr netmask, struct in_addr broadcast, void *vparam)
428 {
429 union mysockaddr addr;
430
431 memset(&addr, 0, sizeof(addr));
432 #ifdef HAVE_SOCKADDR_SA_LEN
433 addr.in.sin_len = sizeof(addr.in);
434 #endif
435 addr.in.sin_family = AF_INET;
436 addr.in.sin_addr = broadcast; /* warning */
437 addr.in.sin_addr = local;
438 addr.in.sin_port = htons(daemon->port);
439
440 return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, 0);
441 }
442
443 int enumerate_interfaces(int reset)
444 {
445 static struct addrlist *spare = NULL;
446 static int done = 0;
447 struct iface_param param;
448 int errsave, ret = 1;
449 struct addrlist *addr, *tmp;
450 struct interface_name *intname;
451
452 /* Do this max once per select cycle - also inhibits netlink socket use
453 in TCP child processes. */
454
455 if (reset)
456 {
457 done = 0;
458 return 1;
459 }
460
461 if (done)
462 return 1;
463
464 done = 1;
465
466 if ((param.fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
467 return 0;
468
469 /* remove addresses stored against interface_names */
470 for (intname = daemon->int_names; intname; intname = intname->next)
471 {
472 for (addr = intname->addr4; addr; addr = tmp)
473 {
474 tmp = addr->next;
475 addr->next = spare;
476 spare = addr;
477 }
478
479 intname->addr4 = NULL;
480
481 #ifdef HAVE_IPV6
482 for (addr = intname->addr6; addr; addr = tmp)
483 {
484 tmp = addr->next;
485 addr->next = spare;
486 spare = addr;
487 }
488
489 intname->addr6 = NULL;
490 #endif
491 }
492
493 param.spare = spare;
494
495 #ifdef HAVE_IPV6
496 ret = iface_enumerate(AF_INET6, &param, iface_allowed_v6);
497 #endif
498
499 if (ret)
500 ret = iface_enumerate(AF_INET, &param, iface_allowed_v4);
501
502 errsave = errno;
503 close(param.fd);
504 errno = errsave;
505
506 spare = param.spare;
507
508 return ret;
509 }
510
511 /* set NONBLOCK bit on fd: See Stevens 16.6 */
512 int fix_fd(int fd)
513 {
514 int flags;
515
516 if ((flags = fcntl(fd, F_GETFL)) == -1 ||
517 fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
518 return 0;
519
520 return 1;
521 }
522
523 static int make_sock(union mysockaddr *addr, int type, int dienow)
524 {
525 int family = addr->sa.sa_family;
526 int fd, rc, opt = 1;
527
528 if ((fd = socket(family, type, 0)) == -1)
529 {
530 int port;
531 char *s;
532
533 /* No error if the kernel just doesn't support this IP flavour */
534 if (errno == EPROTONOSUPPORT ||
535 errno == EAFNOSUPPORT ||
536 errno == EINVAL)
537 return -1;
538
539 err:
540 port = prettyprint_addr(addr, daemon->addrbuff);
541 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
542 sprintf(daemon->addrbuff, "port %d", port);
543 s = _("failed to create listening socket for %s: %s");
544
545 if (fd != -1)
546 close (fd);
547
548 if (dienow)
549 {
550 /* failure to bind addresses given by --listen-address at this point
551 is OK if we're doing bind-dynamic */
552 if (!option_bool(OPT_CLEVERBIND))
553 die(s, daemon->addrbuff, EC_BADNET);
554 }
555 else
556 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
557
558 return -1;
559 }
560
561 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd))
562 goto err;
563
564 #ifdef HAVE_IPV6
565 if (family == AF_INET6 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
566 goto err;
567 #endif
568
569 if ((rc = bind(fd, (struct sockaddr *)addr, sa_len(addr))) == -1)
570 goto err;
571
572 if (type == SOCK_STREAM)
573 {
574 if (listen(fd, 5) == -1)
575 goto err;
576 }
577 else if (!option_bool(OPT_NOWILD))
578 {
579 if (family == AF_INET)
580 {
581 #if defined(HAVE_LINUX_NETWORK)
582 if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1)
583 goto err;
584 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
585 if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 ||
586 setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1)
587 goto err;
588 #endif
589 }
590 #ifdef HAVE_IPV6
591 else if (!set_ipv6pktinfo(fd))
592 goto err;
593 #endif
594 }
595
596 return fd;
597 }
598
599 #ifdef HAVE_IPV6
600 int set_ipv6pktinfo(int fd)
601 {
602 int opt = 1;
603
604 /* The API changed around Linux 2.6.14 but the old ABI is still supported:
605 handle all combinations of headers and kernel.
606 OpenWrt note that this fixes the problem addressed by your very broken patch. */
607 daemon->v6pktinfo = IPV6_PKTINFO;
608
609 #ifdef IPV6_RECVPKTINFO
610 if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &opt, sizeof(opt)) != -1)
611 return 1;
612 # ifdef IPV6_2292PKTINFO
613 else if (errno == ENOPROTOOPT && setsockopt(fd, IPPROTO_IPV6, IPV6_2292PKTINFO, &opt, sizeof(opt)) != -1)
614 {
615 daemon->v6pktinfo = IPV6_2292PKTINFO;
616 return 1;
617 }
618 # endif
619 #else
620 if (setsockopt(fd, IPPROTO_IPV6, IPV6_PKTINFO, &opt, sizeof(opt)) != -1)
621 return 1;
622 #endif
623
624 return 0;
625 }
626 #endif
627
628
629 /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
630 int tcp_interface(int fd, int af)
631 {
632 int if_index = 0;
633
634 #ifdef HAVE_LINUX_NETWORK
635 int opt = 1;
636 struct cmsghdr *cmptr;
637 struct msghdr msg;
638
639 /* use mshdr do that the CMSDG_* macros are available */
640 msg.msg_control = daemon->packet;
641 msg.msg_controllen = daemon->packet_buff_sz;
642
643 /* we overwrote the buffer... */
644 daemon->srv_save = NULL;
645
646 if (af == AF_INET)
647 {
648 if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) != -1 &&
649 getsockopt(fd, IPPROTO_IP, IP_PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
650 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
651 if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
652 {
653 union {
654 unsigned char *c;
655 struct in_pktinfo *p;
656 } p;
657
658 p.c = CMSG_DATA(cmptr);
659 if_index = p.p->ipi_ifindex;
660 }
661 }
662 #ifdef HAVE_IPV6
663 else
664 {
665 /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
666 it was removed in RFC-3542 !!!!
667
668 Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
669 uses the old ABI, and should work with pre- and post-3542 kernel headers */
670
671 #ifdef IPV6_2292PKTOPTIONS
672 # define PKTOPTIONS IPV6_2292PKTOPTIONS
673 #else
674 # define PKTOPTIONS IPV6_PKTOPTIONS
675 #endif
676
677 if (set_ipv6pktinfo(fd) &&
678 getsockopt(fd, IPPROTO_IPV6, PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
679 {
680 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
681 if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
682 {
683 union {
684 unsigned char *c;
685 struct in6_pktinfo *p;
686 } p;
687 p.c = CMSG_DATA(cmptr);
688
689 if_index = p.p->ipi6_ifindex;
690 }
691 }
692 }
693 #endif /* IPV6 */
694 #endif /* Linux */
695
696 return if_index;
697 }
698
699 static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, int dienow)
700 {
701 struct listener *l = NULL;
702 int fd = -1, tcpfd = -1, tftpfd = -1;
703
704 if (daemon->port != 0)
705 {
706 fd = make_sock(addr, SOCK_DGRAM, dienow);
707 tcpfd = make_sock(addr, SOCK_STREAM, dienow);
708 }
709
710 #ifdef HAVE_TFTP
711 if (do_tftp)
712 {
713 if (addr->sa.sa_family == AF_INET)
714 {
715 /* port must be restored to DNS port for TCP code */
716 short save = addr->in.sin_port;
717 addr->in.sin_port = htons(TFTP_PORT);
718 tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
719 addr->in.sin_port = save;
720 }
721 # ifdef HAVE_IPV6
722 else
723 {
724 short save = addr->in6.sin6_port;
725 addr->in6.sin6_port = htons(TFTP_PORT);
726 tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
727 addr->in6.sin6_port = save;
728 }
729 # endif
730 }
731 #endif
732
733 if (fd != -1 || tcpfd != -1 || tftpfd != -1)
734 {
735 l = safe_malloc(sizeof(struct listener));
736 l->next = NULL;
737 l->family = addr->sa.sa_family;
738 l->fd = fd;
739 l->tcpfd = tcpfd;
740 l->tftpfd = tftpfd;
741 }
742
743 return l;
744 }
745
746 void create_wildcard_listeners(void)
747 {
748 union mysockaddr addr;
749 struct listener *l, *l6;
750
751 memset(&addr, 0, sizeof(addr));
752 #ifdef HAVE_SOCKADDR_SA_LEN
753 addr.in.sin_len = sizeof(addr.in);
754 #endif
755 addr.in.sin_family = AF_INET;
756 addr.in.sin_addr.s_addr = INADDR_ANY;
757 addr.in.sin_port = htons(daemon->port);
758
759 l = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
760
761 #ifdef HAVE_IPV6
762 memset(&addr, 0, sizeof(addr));
763 # ifdef HAVE_SOCKADDR_SA_LEN
764 addr.in6.sin6_len = sizeof(addr.in6);
765 # endif
766 addr.in6.sin6_family = AF_INET6;
767 addr.in6.sin6_addr = in6addr_any;
768 addr.in6.sin6_port = htons(daemon->port);
769
770 l6 = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
771 if (l)
772 l->next = l6;
773 else
774 l = l6;
775 #endif
776
777 daemon->listeners = l;
778 }
779
780 void create_bound_listeners(int dienow)
781 {
782 struct listener *new;
783 struct irec *iface;
784 struct iname *if_tmp;
785
786 for (iface = daemon->interfaces; iface; iface = iface->next)
787 if (!iface->done && !iface->dad &&
788 (new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
789 {
790 new->iface = iface;
791 new->next = daemon->listeners;
792 daemon->listeners = new;
793 iface->done = 1;
794 }
795
796 /* Check for --listen-address options that haven't been used because there's
797 no interface with a matching address. These may be valid: eg it's possible
798 to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
799
800 If the address isn't valid the bind() will fail and we'll die()
801 (except in bind-dynamic mode, when we'll complain but keep trying.)
802
803 The resulting listeners have the ->iface field NULL, and this has to be
804 handled by the DNS and TFTP code. It disables --localise-queries processing
805 (no netmask) and some MTU login the tftp code. */
806
807 for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
808 if (!if_tmp->used &&
809 (new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow)))
810 {
811 new->iface = NULL;
812 new->next = daemon->listeners;
813 daemon->listeners = new;
814 }
815 }
816
817 int is_dad_listeners(void)
818 {
819 struct irec *iface;
820
821 if (option_bool(OPT_NOWILD))
822 for (iface = daemon->interfaces; iface; iface = iface->next)
823 if (iface->dad && !iface->done)
824 return 1;
825
826 return 0;
827 }
828
829 #ifdef HAVE_DHCP6
830 void join_multicast(int dienow)
831 {
832 struct irec *iface, *tmp;
833
834 for (iface = daemon->interfaces; iface; iface = iface->next)
835 if (iface->addr.sa.sa_family == AF_INET6 && iface->dhcp_ok && !iface->multicast_done)
836 {
837 /* There's an irec per address but we only want to join for multicast
838 once per interface. Weed out duplicates. */
839 for (tmp = daemon->interfaces; tmp; tmp = tmp->next)
840 if (tmp->multicast_done && tmp->index == iface->index)
841 break;
842
843 iface->multicast_done = 1;
844
845 if (!tmp)
846 {
847 struct ipv6_mreq mreq;
848 int err = 0;
849
850 mreq.ipv6mr_interface = iface->index;
851
852 inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
853
854 if (daemon->doing_dhcp6 &&
855 setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
856 err = 1;
857
858 inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
859
860 if (daemon->doing_dhcp6 &&
861 setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
862 err = 1;
863
864 inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr);
865
866 if (daemon->doing_ra &&
867 setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
868 err = 1;
869
870 if (err)
871 {
872 char *s = _("interface %s failed to join DHCPv6 multicast group: %s");
873 if (dienow)
874 die(s, iface->name, EC_BADNET);
875 else
876 my_syslog(LOG_ERR, s, iface->name, strerror(errno));
877 }
878 }
879 }
880 }
881 #endif
882
883 /* return a UDP socket bound to a random port, have to cope with straying into
884 occupied port nos and reserved ones. */
885 int random_sock(int family)
886 {
887 int fd;
888
889 if ((fd = socket(family, SOCK_DGRAM, 0)) != -1)
890 {
891 union mysockaddr addr;
892 unsigned int ports_avail = 65536u - (unsigned short)daemon->min_port;
893 int tries = ports_avail < 30 ? 3 * ports_avail : 100;
894
895 memset(&addr, 0, sizeof(addr));
896 addr.sa.sa_family = family;
897
898 /* don't loop forever if all ports in use. */
899
900 if (fix_fd(fd))
901 while(tries--)
902 {
903 unsigned short port = rand16();
904
905 if (daemon->min_port != 0)
906 port = htons(daemon->min_port + (port % ((unsigned short)ports_avail)));
907
908 if (family == AF_INET)
909 {
910 addr.in.sin_addr.s_addr = INADDR_ANY;
911 addr.in.sin_port = port;
912 #ifdef HAVE_SOCKADDR_SA_LEN
913 addr.in.sin_len = sizeof(struct sockaddr_in);
914 #endif
915 }
916 #ifdef HAVE_IPV6
917 else
918 {
919 addr.in6.sin6_addr = in6addr_any;
920 addr.in6.sin6_port = port;
921 #ifdef HAVE_SOCKADDR_SA_LEN
922 addr.in6.sin6_len = sizeof(struct sockaddr_in6);
923 #endif
924 }
925 #endif
926
927 if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0)
928 return fd;
929
930 if (errno != EADDRINUSE && errno != EACCES)
931 break;
932 }
933
934 close(fd);
935 }
936
937 return -1;
938 }
939
940
941 int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp)
942 {
943 union mysockaddr addr_copy = *addr;
944
945 /* cannot set source _port_ for TCP connections. */
946 if (is_tcp)
947 {
948 if (addr_copy.sa.sa_family == AF_INET)
949 addr_copy.in.sin_port = 0;
950 #ifdef HAVE_IPV6
951 else
952 addr_copy.in6.sin6_port = 0;
953 #endif
954 }
955
956 if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) == -1)
957 return 0;
958
959 #if defined(SO_BINDTODEVICE)
960 if (intname[0] != 0 &&
961 setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, IF_NAMESIZE) == -1)
962 return 0;
963 #endif
964
965 return 1;
966 }
967
968 static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname)
969 {
970 struct serverfd *sfd;
971 int errsave;
972
973 /* when using random ports, servers which would otherwise use
974 the INADDR_ANY/port0 socket have sfd set to NULL */
975 if (!daemon->osport && intname[0] == 0)
976 {
977 errno = 0;
978
979 if (addr->sa.sa_family == AF_INET &&
980 addr->in.sin_addr.s_addr == INADDR_ANY &&
981 addr->in.sin_port == htons(0))
982 return NULL;
983
984 #ifdef HAVE_IPV6
985 if (addr->sa.sa_family == AF_INET6 &&
986 memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 &&
987 addr->in6.sin6_port == htons(0))
988 return NULL;
989 #endif
990 }
991
992 /* may have a suitable one already */
993 for (sfd = daemon->sfds; sfd; sfd = sfd->next )
994 if (sockaddr_isequal(&sfd->source_addr, addr) &&
995 strcmp(intname, sfd->interface) == 0)
996 return sfd;
997
998 /* need to make a new one. */
999 errno = ENOMEM; /* in case malloc fails. */
1000 if (!(sfd = whine_malloc(sizeof(struct serverfd))))
1001 return NULL;
1002
1003 if ((sfd->fd = socket(addr->sa.sa_family, SOCK_DGRAM, 0)) == -1)
1004 {
1005 free(sfd);
1006 return NULL;
1007 }
1008
1009 if (!local_bind(sfd->fd, addr, intname, 0) || !fix_fd(sfd->fd))
1010 {
1011 errsave = errno; /* save error from bind. */
1012 close(sfd->fd);
1013 free(sfd);
1014 errno = errsave;
1015 return NULL;
1016 }
1017
1018 strcpy(sfd->interface, intname);
1019 sfd->source_addr = *addr;
1020 sfd->next = daemon->sfds;
1021 daemon->sfds = sfd;
1022 return sfd;
1023 }
1024
1025 /* create upstream sockets during startup, before root is dropped which may be needed
1026 this allows query_port to be a low port and interface binding */
1027 void pre_allocate_sfds(void)
1028 {
1029 struct server *srv;
1030
1031 if (daemon->query_port != 0)
1032 {
1033 union mysockaddr addr;
1034 memset(&addr, 0, sizeof(addr));
1035 addr.in.sin_family = AF_INET;
1036 addr.in.sin_addr.s_addr = INADDR_ANY;
1037 addr.in.sin_port = htons(daemon->query_port);
1038 #ifdef HAVE_SOCKADDR_SA_LEN
1039 addr.in.sin_len = sizeof(struct sockaddr_in);
1040 #endif
1041 allocate_sfd(&addr, "");
1042 #ifdef HAVE_IPV6
1043 memset(&addr, 0, sizeof(addr));
1044 addr.in6.sin6_family = AF_INET6;
1045 addr.in6.sin6_addr = in6addr_any;
1046 addr.in6.sin6_port = htons(daemon->query_port);
1047 #ifdef HAVE_SOCKADDR_SA_LEN
1048 addr.in6.sin6_len = sizeof(struct sockaddr_in6);
1049 #endif
1050 allocate_sfd(&addr, "");
1051 #endif
1052 }
1053
1054 for (srv = daemon->servers; srv; srv = srv->next)
1055 if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)) &&
1056 !allocate_sfd(&srv->source_addr, srv->interface) &&
1057 errno != 0 &&
1058 option_bool(OPT_NOWILD))
1059 {
1060 prettyprint_addr(&srv->source_addr, daemon->namebuff);
1061 if (srv->interface[0] != 0)
1062 {
1063 strcat(daemon->namebuff, " ");
1064 strcat(daemon->namebuff, srv->interface);
1065 }
1066 die(_("failed to bind server socket for %s: %s"),
1067 daemon->namebuff, EC_BADNET);
1068 }
1069 }
1070
1071
1072 void check_servers(void)
1073 {
1074 struct irec *iface;
1075 struct server *new, *tmp, *ret = NULL;
1076 int port = 0;
1077
1078 /* interface may be new since startup */
1079 if (!option_bool(OPT_NOWILD))
1080 enumerate_interfaces(0);
1081
1082 for (new = daemon->servers; new; new = tmp)
1083 {
1084 tmp = new->next;
1085
1086 if (!(new->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)))
1087 {
1088 port = prettyprint_addr(&new->addr, daemon->namebuff);
1089
1090 /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
1091 if (new->addr.sa.sa_family == AF_INET &&
1092 new->addr.in.sin_addr.s_addr == 0)
1093 {
1094 free(new);
1095 continue;
1096 }
1097
1098 for (iface = daemon->interfaces; iface; iface = iface->next)
1099 if (sockaddr_isequal(&new->addr, &iface->addr))
1100 break;
1101 if (iface)
1102 {
1103 my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff);
1104 free(new);
1105 continue;
1106 }
1107
1108 /* Do we need a socket set? */
1109 if (!new->sfd &&
1110 !(new->sfd = allocate_sfd(&new->source_addr, new->interface)) &&
1111 errno != 0)
1112 {
1113 my_syslog(LOG_WARNING,
1114 _("ignoring nameserver %s - cannot make/bind socket: %s"),
1115 daemon->namebuff, strerror(errno));
1116 free(new);
1117 continue;
1118 }
1119 }
1120
1121 /* reverse order - gets it right. */
1122 new->next = ret;
1123 ret = new;
1124
1125 if (!(new->flags & SERV_NO_REBIND))
1126 {
1127 if (new->flags & (SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_USE_RESOLV))
1128 {
1129 char *s1, *s2;
1130 if (!(new->flags & SERV_HAS_DOMAIN))
1131 s1 = _("unqualified"), s2 = _("names");
1132 else if (strlen(new->domain) == 0)
1133 s1 = _("default"), s2 = "";
1134 else
1135 s1 = _("domain"), s2 = new->domain;
1136
1137 if (new->flags & SERV_NO_ADDR)
1138 my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
1139 else if (new->flags & SERV_USE_RESOLV)
1140 my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2);
1141 else if (!(new->flags & SERV_LITERAL_ADDRESS))
1142 my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2);
1143 }
1144 else if (new->interface[0] != 0)
1145 my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port, new->interface);
1146 else
1147 my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port);
1148 }
1149 }
1150
1151 daemon->servers = ret;
1152 }
1153
1154 /* Return zero if no servers found, in that case we keep polling.
1155 This is a protection against an update-time/write race on resolv.conf */
1156 int reload_servers(char *fname)
1157 {
1158 FILE *f;
1159 char *line;
1160 struct server *old_servers = NULL;
1161 struct server *new_servers = NULL;
1162 struct server *serv;
1163 int gotone = 0;
1164
1165 /* buff happens to be MAXDNAME long... */
1166 if (!(f = fopen(fname, "r")))
1167 {
1168 my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno));
1169 return 0;
1170 }
1171
1172 /* move old servers to free list - we can reuse the memory
1173 and not risk malloc if there are the same or fewer new servers.
1174 Servers which were specced on the command line go to the new list. */
1175 for (serv = daemon->servers; serv;)
1176 {
1177 struct server *tmp = serv->next;
1178 if (serv->flags & SERV_FROM_RESOLV)
1179 {
1180 serv->next = old_servers;
1181 old_servers = serv;
1182 /* forward table rules reference servers, so have to blow them away */
1183 server_gone(serv);
1184 }
1185 else
1186 {
1187 serv->next = new_servers;
1188 new_servers = serv;
1189 }
1190 serv = tmp;
1191 }
1192
1193 while ((line = fgets(daemon->namebuff, MAXDNAME, f)))
1194 {
1195 union mysockaddr addr, source_addr;
1196 char *token = strtok(line, " \t\n\r");
1197
1198 if (!token)
1199 continue;
1200 if (strcmp(token, "nameserver") != 0 && strcmp(token, "server") != 0)
1201 continue;
1202 if (!(token = strtok(NULL, " \t\n\r")))
1203 continue;
1204
1205 memset(&addr, 0, sizeof(addr));
1206 memset(&source_addr, 0, sizeof(source_addr));
1207
1208 if ((addr.in.sin_addr.s_addr = inet_addr(token)) != (in_addr_t) -1)
1209 {
1210 #ifdef HAVE_SOCKADDR_SA_LEN
1211 source_addr.in.sin_len = addr.in.sin_len = sizeof(source_addr.in);
1212 #endif
1213 source_addr.in.sin_family = addr.in.sin_family = AF_INET;
1214 addr.in.sin_port = htons(NAMESERVER_PORT);
1215 source_addr.in.sin_addr.s_addr = INADDR_ANY;
1216 source_addr.in.sin_port = htons(daemon->query_port);
1217 }
1218 #ifdef HAVE_IPV6
1219 else
1220 {
1221 int scope_index = 0;
1222 char *scope_id = strchr(token, '%');
1223
1224 if (scope_id)
1225 {
1226 *(scope_id++) = 0;
1227 scope_index = if_nametoindex(scope_id);
1228 }
1229
1230 if (inet_pton(AF_INET6, token, &addr.in6.sin6_addr) > 0)
1231 {
1232 #ifdef HAVE_SOCKADDR_SA_LEN
1233 source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(source_addr.in6);
1234 #endif
1235 source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
1236 source_addr.in6.sin6_flowinfo = addr.in6.sin6_flowinfo = 0;
1237 addr.in6.sin6_port = htons(NAMESERVER_PORT);
1238 addr.in6.sin6_scope_id = scope_index;
1239 source_addr.in6.sin6_addr = in6addr_any;
1240 source_addr.in6.sin6_port = htons(daemon->query_port);
1241 source_addr.in6.sin6_scope_id = 0;
1242 }
1243 else
1244 continue;
1245 }
1246 #else /* IPV6 */
1247 else
1248 continue;
1249 #endif
1250
1251 if (old_servers)
1252 {
1253 serv = old_servers;
1254 old_servers = old_servers->next;
1255 }
1256 else if (!(serv = whine_malloc(sizeof (struct server))))
1257 continue;
1258
1259 /* this list is reverse ordered:
1260 it gets reversed again in check_servers */
1261 serv->next = new_servers;
1262 new_servers = serv;
1263 serv->addr = addr;
1264 serv->source_addr = source_addr;
1265 serv->domain = NULL;
1266 serv->interface[0] = 0;
1267 serv->sfd = NULL;
1268 serv->flags = SERV_FROM_RESOLV;
1269 serv->queries = serv->failed_queries = 0;
1270 gotone = 1;
1271 }
1272
1273 /* Free any memory not used. */
1274 while (old_servers)
1275 {
1276 struct server *tmp = old_servers->next;
1277 free(old_servers);
1278 old_servers = tmp;
1279 }
1280
1281 daemon->servers = new_servers;
1282 fclose(f);
1283
1284 return gotone;
1285 }
1286
1287
1288
1289
1290
1291
Michael's tree of dnsmasq.