1 /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 #ifdef HAVE_LINUX_NETWORK
21 int indextoname(int fd
, int index
, char *name
)
28 ifr
.ifr_ifindex
= index
;
29 if (ioctl(fd
, SIOCGIFNAME
, &ifr
) == -1)
32 strncpy(name
, ifr
.ifr_name
, IF_NAMESIZE
);
38 #elif defined(HAVE_SOLARIS_NETWORK)
42 #ifndef LIFC_UNDER_IPMP
43 # define LIFC_UNDER_IPMP 0
46 int indextoname(int fd
, int index
, char *name
)
50 int numifs
, bufsize
, i
;
57 if (getzoneid() == GLOBAL_ZONEID
)
59 if (!if_indextoname(index
, name
))
64 lifc_flags
= LIFC_NOXMIT
| LIFC_TEMPORARY
| LIFC_ALLZONES
| LIFC_UNDER_IPMP
;
65 lifn
.lifn_family
= AF_UNSPEC
;
66 lifn
.lifn_flags
= lifc_flags
;
67 if (ioctl(fd
, SIOCGLIFNUM
, &lifn
) < 0)
70 numifs
= lifn
.lifn_count
;
71 bufsize
= numifs
* sizeof(struct lifreq
);
73 lifc
.lifc_family
= AF_UNSPEC
;
74 lifc
.lifc_flags
= lifc_flags
;
75 lifc
.lifc_len
= bufsize
;
76 lifc
.lifc_buf
= alloca(bufsize
);
78 if (ioctl(fd
, SIOCGLIFCONF
, &lifc
) < 0)
81 lifrp
= lifc
.lifc_req
;
82 for (i
= lifc
.lifc_len
/ sizeof(struct lifreq
); i
; i
--, lifrp
++)
85 strncpy(lifr
.lifr_name
, lifrp
->lifr_name
, IF_NAMESIZE
);
86 if (ioctl(fd
, SIOCGLIFINDEX
, &lifr
) < 0)
89 if (lifr
.lifr_index
== index
) {
90 strncpy(name
, lifr
.lifr_name
, IF_NAMESIZE
);
100 int indextoname(int fd
, int index
, char *name
)
104 if (index
== 0 || !if_indextoname(index
, name
))
112 int iface_check(int family
, struct all_addr
*addr
, char *name
, int *auth
)
115 int ret
= 1, match_addr
= 0;
117 /* Note: have to check all and not bail out early, so that we set the
123 if (daemon
->if_names
|| daemon
->if_addrs
)
127 for (tmp
= daemon
->if_names
; tmp
; tmp
= tmp
->next
)
128 if (tmp
->name
&& wildcard_match(tmp
->name
, name
))
132 for (tmp
= daemon
->if_addrs
; tmp
; tmp
= tmp
->next
)
133 if (tmp
->addr
.sa
.sa_family
== family
)
135 if (family
== AF_INET
&&
136 tmp
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
137 ret
= match_addr
= tmp
->used
= 1;
139 else if (family
== AF_INET6
&&
140 IN6_ARE_ADDR_EQUAL(&tmp
->addr
.in6
.sin6_addr
,
142 ret
= match_addr
= tmp
->used
= 1;
148 for (tmp
= daemon
->if_except
; tmp
; tmp
= tmp
->next
)
149 if (tmp
->name
&& wildcard_match(tmp
->name
, name
))
153 for (tmp
= daemon
->authinterface
; tmp
; tmp
= tmp
->next
)
156 if (strcmp(tmp
->name
, name
) == 0)
159 else if (addr
&& tmp
->addr
.sa
.sa_family
== AF_INET
&& family
== AF_INET
&&
160 tmp
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
163 else if (addr
&& tmp
->addr
.sa
.sa_family
== AF_INET6
&& family
== AF_INET6
&&
164 IN6_ARE_ADDR_EQUAL(&tmp
->addr
.in6
.sin6_addr
, &addr
->addr
.addr6
))
178 /* Fix for problem that the kernel sometimes reports the loopback inerface as the
179 arrival interface when a packet originates locally, even when sent to address of
180 an interface other than the loopback. Accept packet if it arrived via a loopback
181 interface, even when we're not accepting packets that way, as long as the destination
182 address is one we're believing. Interface list must be up-to-date before calling. */
183 int loopback_exception(int fd
, int family
, struct all_addr
*addr
, char *name
)
188 strncpy(ifr
.ifr_name
, name
, IF_NAMESIZE
);
189 if (ioctl(fd
, SIOCGIFFLAGS
, &ifr
) != -1 &&
190 ifr
.ifr_flags
& IFF_LOOPBACK
)
192 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
193 if (iface
->addr
.sa
.sa_family
== family
)
195 if (family
== AF_INET
)
197 if (iface
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
201 else if (IN6_ARE_ADDR_EQUAL(&iface
->addr
.in6
.sin6_addr
, &addr
->addr
.addr6
))
210 /* If we're configured with something like --interface=eth0:0 then we'll listen correctly
211 on the relevant address, but the name of the arrival interface, derived from the
212 index won't match the config. Check that we found an interface address for the arrival
213 interface: daemon->interfaces must be up-to-date. */
214 int label_exception(int index
, int family
, struct all_addr
*addr
)
218 /* labels only supported on IPv4 addresses. */
219 if (family
!= AF_INET
)
222 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
223 if (iface
->index
== index
&& iface
->addr
.sa
.sa_family
== AF_INET
&&
224 iface
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
231 struct addrlist
*spare
;
235 static int iface_allowed(struct iface_param
*param
, int if_index
, char *label
,
236 union mysockaddr
*addr
, struct in_addr netmask
, int dad
)
239 int mtu
= 0, loopback
;
241 int tftp_ok
= !!option_bool(OPT_TFTP
);
248 if (!indextoname(param
->fd
, if_index
, ifr
.ifr_name
) ||
249 ioctl(param
->fd
, SIOCGIFFLAGS
, &ifr
) == -1)
252 loopback
= ifr
.ifr_flags
& IFF_LOOPBACK
;
257 if (ioctl(param
->fd
, SIOCGIFMTU
, &ifr
) != -1)
261 label
= ifr
.ifr_name
;
264 /* Update addresses from interface_names. These are a set independent
265 of the set we're listening on. */
267 if (addr
->sa
.sa_family
!= AF_INET6
|| !IN6_IS_ADDR_LINKLOCAL(&addr
->in6
.sin6_addr
))
270 struct interface_name
*int_name
;
273 for (int_name
= daemon
->int_names
; int_name
; int_name
= int_name
->next
)
274 if (strncmp(label
, int_name
->intr
, IF_NAMESIZE
) == 0)
279 param
->spare
= al
->next
;
282 al
= whine_malloc(sizeof(struct addrlist
));
286 if (addr
->sa
.sa_family
== AF_INET
)
288 al
->addr
.addr
.addr4
= addr
->in
.sin_addr
;
289 al
->next
= int_name
->addr4
;
290 int_name
->addr4
= al
;
295 al
->addr
.addr
.addr6
= addr
->in6
.sin6_addr
;
296 al
->next
= int_name
->addr6
;
297 int_name
->addr6
= al
;
304 /* check whether the interface IP has been added already
305 we call this routine multiple times. */
306 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
307 if (sockaddr_isequal(&iface
->addr
, addr
))
313 /* If we are restricting the set of interfaces to use, make
314 sure that loopback interfaces are in that set. */
315 if (daemon
->if_names
&& loopback
)
318 for (lo
= daemon
->if_names
; lo
; lo
= lo
->next
)
319 if (lo
->name
&& strcmp(lo
->name
, ifr
.ifr_name
) == 0)
322 if (!lo
&& (lo
= whine_malloc(sizeof(struct iname
))))
324 if ((lo
->name
= whine_malloc(strlen(ifr
.ifr_name
)+1)))
326 strcpy(lo
->name
, ifr
.ifr_name
);
328 lo
->next
= daemon
->if_names
;
329 daemon
->if_names
= lo
;
336 if (addr
->sa
.sa_family
== AF_INET
&&
337 !iface_check(AF_INET
, (struct all_addr
*)&addr
->in
.sin_addr
, label
, &auth_dns
))
341 if (addr
->sa
.sa_family
== AF_INET6
&&
342 !iface_check(AF_INET6
, (struct all_addr
*)&addr
->in6
.sin6_addr
, label
, &auth_dns
))
347 /* No DHCP where we're doing auth DNS. */
354 for (tmp
= daemon
->dhcp_except
; tmp
; tmp
= tmp
->next
)
355 if (tmp
->name
&& wildcard_match(tmp
->name
, ifr
.ifr_name
))
363 if (daemon
->tftp_interfaces
)
365 /* dedicated tftp interface list */
367 for (tmp
= daemon
->tftp_interfaces
; tmp
; tmp
= tmp
->next
)
368 if (tmp
->name
&& wildcard_match(tmp
->name
, ifr
.ifr_name
))
373 if ((iface
= whine_malloc(sizeof(struct irec
))))
376 iface
->netmask
= netmask
;
377 iface
->tftp_ok
= tftp_ok
;
378 iface
->dhcp_ok
= dhcp_ok
;
379 iface
->dns_auth
= auth_dns
;
382 iface
->done
= iface
->multicast_done
= 0;
383 iface
->index
= if_index
;
384 if ((iface
->name
= whine_malloc(strlen(ifr
.ifr_name
)+1)))
386 strcpy(iface
->name
, ifr
.ifr_name
);
387 iface
->next
= daemon
->interfaces
;
388 daemon
->interfaces
= iface
;
400 static int iface_allowed_v6(struct in6_addr
*local
, int prefix
,
401 int scope
, int if_index
, int flags
,
402 int preferred
, int valid
, void *vparam
)
404 union mysockaddr addr
;
405 struct in_addr netmask
; /* dummy */
408 (void)prefix
; /* warning */
409 (void)scope
; /* warning */
413 memset(&addr
, 0, sizeof(addr
));
414 #ifdef HAVE_SOCKADDR_SA_LEN
415 addr
.in6
.sin6_len
= sizeof(addr
.in6
);
417 addr
.in6
.sin6_family
= AF_INET6
;
418 addr
.in6
.sin6_addr
= *local
;
419 addr
.in6
.sin6_port
= htons(daemon
->port
);
420 addr
.in6
.sin6_scope_id
= if_index
;
422 return iface_allowed((struct iface_param
*)vparam
, if_index
, NULL
, &addr
, netmask
, !!(flags
& IFACE_TENTATIVE
));
426 static int iface_allowed_v4(struct in_addr local
, int if_index
, char *label
,
427 struct in_addr netmask
, struct in_addr broadcast
, void *vparam
)
429 union mysockaddr addr
;
431 memset(&addr
, 0, sizeof(addr
));
432 #ifdef HAVE_SOCKADDR_SA_LEN
433 addr
.in
.sin_len
= sizeof(addr
.in
);
435 addr
.in
.sin_family
= AF_INET
;
436 addr
.in
.sin_addr
= broadcast
; /* warning */
437 addr
.in
.sin_addr
= local
;
438 addr
.in
.sin_port
= htons(daemon
->port
);
440 return iface_allowed((struct iface_param
*)vparam
, if_index
, label
, &addr
, netmask
, 0);
443 int enumerate_interfaces(int reset
)
445 static struct addrlist
*spare
= NULL
;
447 struct iface_param param
;
448 int errsave
, ret
= 1;
449 struct addrlist
*addr
, *tmp
;
450 struct interface_name
*intname
;
452 /* Do this max once per select cycle - also inhibits netlink socket use
453 in TCP child processes. */
466 if ((param
.fd
= socket(PF_INET
, SOCK_DGRAM
, 0)) == -1)
469 /* remove addresses stored against interface_names */
470 for (intname
= daemon
->int_names
; intname
; intname
= intname
->next
)
472 for (addr
= intname
->addr4
; addr
; addr
= tmp
)
479 intname
->addr4
= NULL
;
482 for (addr
= intname
->addr6
; addr
; addr
= tmp
)
489 intname
->addr6
= NULL
;
496 ret
= iface_enumerate(AF_INET6
, ¶m
, iface_allowed_v6
);
500 ret
= iface_enumerate(AF_INET
, ¶m
, iface_allowed_v4
);
511 /* set NONBLOCK bit on fd: See Stevens 16.6 */
516 if ((flags
= fcntl(fd
, F_GETFL
)) == -1 ||
517 fcntl(fd
, F_SETFL
, flags
| O_NONBLOCK
) == -1)
523 static int make_sock(union mysockaddr
*addr
, int type
, int dienow
)
525 int family
= addr
->sa
.sa_family
;
528 if ((fd
= socket(family
, type
, 0)) == -1)
533 /* No error if the kernel just doesn't support this IP flavour */
534 if (errno
== EPROTONOSUPPORT
||
535 errno
== EAFNOSUPPORT
||
540 port
= prettyprint_addr(addr
, daemon
->addrbuff
);
541 if (!option_bool(OPT_NOWILD
) && !option_bool(OPT_CLEVERBIND
))
542 sprintf(daemon
->addrbuff
, "port %d", port
);
543 s
= _("failed to create listening socket for %s: %s");
550 /* failure to bind addresses given by --listen-address at this point
551 is OK if we're doing bind-dynamic */
552 if (!option_bool(OPT_CLEVERBIND
))
553 die(s
, daemon
->addrbuff
, EC_BADNET
);
556 my_syslog(LOG_WARNING
, s
, daemon
->addrbuff
, strerror(errno
));
561 if (setsockopt(fd
, SOL_SOCKET
, SO_REUSEADDR
, &opt
, sizeof(opt
)) == -1 || !fix_fd(fd
))
565 if (family
== AF_INET6
&& setsockopt(fd
, IPPROTO_IPV6
, IPV6_V6ONLY
, &opt
, sizeof(opt
)) == -1)
569 if ((rc
= bind(fd
, (struct sockaddr
*)addr
, sa_len(addr
))) == -1)
572 if (type
== SOCK_STREAM
)
574 if (listen(fd
, 5) == -1)
577 else if (!option_bool(OPT_NOWILD
))
579 if (family
== AF_INET
)
581 #if defined(HAVE_LINUX_NETWORK)
582 if (setsockopt(fd
, IPPROTO_IP
, IP_PKTINFO
, &opt
, sizeof(opt
)) == -1)
584 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
585 if (setsockopt(fd
, IPPROTO_IP
, IP_RECVDSTADDR
, &opt
, sizeof(opt
)) == -1 ||
586 setsockopt(fd
, IPPROTO_IP
, IP_RECVIF
, &opt
, sizeof(opt
)) == -1)
591 else if (!set_ipv6pktinfo(fd
))
600 int set_ipv6pktinfo(int fd
)
604 /* The API changed around Linux 2.6.14 but the old ABI is still supported:
605 handle all combinations of headers and kernel.
606 OpenWrt note that this fixes the problem addressed by your very broken patch. */
607 daemon
->v6pktinfo
= IPV6_PKTINFO
;
609 #ifdef IPV6_RECVPKTINFO
610 if (setsockopt(fd
, IPPROTO_IPV6
, IPV6_RECVPKTINFO
, &opt
, sizeof(opt
)) != -1)
612 # ifdef IPV6_2292PKTINFO
613 else if (errno
== ENOPROTOOPT
&& setsockopt(fd
, IPPROTO_IPV6
, IPV6_2292PKTINFO
, &opt
, sizeof(opt
)) != -1)
615 daemon
->v6pktinfo
= IPV6_2292PKTINFO
;
620 if (setsockopt(fd
, IPPROTO_IPV6
, IPV6_PKTINFO
, &opt
, sizeof(opt
)) != -1)
629 /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
630 int tcp_interface(int fd
, int af
)
634 #ifdef HAVE_LINUX_NETWORK
636 struct cmsghdr
*cmptr
;
639 /* use mshdr do that the CMSDG_* macros are available */
640 msg
.msg_control
= daemon
->packet
;
641 msg
.msg_controllen
= daemon
->packet_buff_sz
;
643 /* we overwrote the buffer... */
644 daemon
->srv_save
= NULL
;
648 if (setsockopt(fd
, IPPROTO_IP
, IP_PKTINFO
, &opt
, sizeof(opt
)) != -1 &&
649 getsockopt(fd
, IPPROTO_IP
, IP_PKTOPTIONS
, msg
.msg_control
, (socklen_t
*)&msg
.msg_controllen
) != -1)
650 for (cmptr
= CMSG_FIRSTHDR(&msg
); cmptr
; cmptr
= CMSG_NXTHDR(&msg
, cmptr
))
651 if (cmptr
->cmsg_level
== IPPROTO_IP
&& cmptr
->cmsg_type
== IP_PKTINFO
)
655 struct in_pktinfo
*p
;
658 p
.c
= CMSG_DATA(cmptr
);
659 if_index
= p
.p
->ipi_ifindex
;
665 /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
666 it was removed in RFC-3542 !!!!
668 Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
669 uses the old ABI, and should work with pre- and post-3542 kernel headers */
671 #ifdef IPV6_2292PKTOPTIONS
672 # define PKTOPTIONS IPV6_2292PKTOPTIONS
674 # define PKTOPTIONS IPV6_PKTOPTIONS
677 if (set_ipv6pktinfo(fd
) &&
678 getsockopt(fd
, IPPROTO_IPV6
, PKTOPTIONS
, msg
.msg_control
, (socklen_t
*)&msg
.msg_controllen
) != -1)
680 for (cmptr
= CMSG_FIRSTHDR(&msg
); cmptr
; cmptr
= CMSG_NXTHDR(&msg
, cmptr
))
681 if (cmptr
->cmsg_level
== IPPROTO_IPV6
&& cmptr
->cmsg_type
== daemon
->v6pktinfo
)
685 struct in6_pktinfo
*p
;
687 p
.c
= CMSG_DATA(cmptr
);
689 if_index
= p
.p
->ipi6_ifindex
;
699 static struct listener
*create_listeners(union mysockaddr
*addr
, int do_tftp
, int dienow
)
701 struct listener
*l
= NULL
;
702 int fd
= -1, tcpfd
= -1, tftpfd
= -1;
704 if (daemon
->port
!= 0)
706 fd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
707 tcpfd
= make_sock(addr
, SOCK_STREAM
, dienow
);
713 if (addr
->sa
.sa_family
== AF_INET
)
715 /* port must be restored to DNS port for TCP code */
716 short save
= addr
->in
.sin_port
;
717 addr
->in
.sin_port
= htons(TFTP_PORT
);
718 tftpfd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
719 addr
->in
.sin_port
= save
;
724 short save
= addr
->in6
.sin6_port
;
725 addr
->in6
.sin6_port
= htons(TFTP_PORT
);
726 tftpfd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
727 addr
->in6
.sin6_port
= save
;
733 if (fd
!= -1 || tcpfd
!= -1 || tftpfd
!= -1)
735 l
= safe_malloc(sizeof(struct listener
));
737 l
->family
= addr
->sa
.sa_family
;
746 void create_wildcard_listeners(void)
748 union mysockaddr addr
;
749 struct listener
*l
, *l6
;
751 memset(&addr
, 0, sizeof(addr
));
752 #ifdef HAVE_SOCKADDR_SA_LEN
753 addr
.in
.sin_len
= sizeof(addr
.in
);
755 addr
.in
.sin_family
= AF_INET
;
756 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
757 addr
.in
.sin_port
= htons(daemon
->port
);
759 l
= create_listeners(&addr
, !!option_bool(OPT_TFTP
), 1);
762 memset(&addr
, 0, sizeof(addr
));
763 # ifdef HAVE_SOCKADDR_SA_LEN
764 addr
.in6
.sin6_len
= sizeof(addr
.in6
);
766 addr
.in6
.sin6_family
= AF_INET6
;
767 addr
.in6
.sin6_addr
= in6addr_any
;
768 addr
.in6
.sin6_port
= htons(daemon
->port
);
770 l6
= create_listeners(&addr
, !!option_bool(OPT_TFTP
), 1);
777 daemon
->listeners
= l
;
780 void create_bound_listeners(int dienow
)
782 struct listener
*new;
784 struct iname
*if_tmp
;
786 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
787 if (!iface
->done
&& !iface
->dad
&&
788 (new = create_listeners(&iface
->addr
, iface
->tftp_ok
, dienow
)))
791 new->next
= daemon
->listeners
;
792 daemon
->listeners
= new;
796 /* Check for --listen-address options that haven't been used because there's
797 no interface with a matching address. These may be valid: eg it's possible
798 to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
800 If the address isn't valid the bind() will fail and we'll die()
801 (except in bind-dynamic mode, when we'll complain but keep trying.)
803 The resulting listeners have the ->iface field NULL, and this has to be
804 handled by the DNS and TFTP code. It disables --localise-queries processing
805 (no netmask) and some MTU login the tftp code. */
807 for (if_tmp
= daemon
->if_addrs
; if_tmp
; if_tmp
= if_tmp
->next
)
809 (new = create_listeners(&if_tmp
->addr
, !!option_bool(OPT_TFTP
), dienow
)))
812 new->next
= daemon
->listeners
;
813 daemon
->listeners
= new;
817 int is_dad_listeners(void)
821 if (option_bool(OPT_NOWILD
))
822 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
823 if (iface
->dad
&& !iface
->done
)
830 void join_multicast(int dienow
)
832 struct irec
*iface
, *tmp
;
834 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
835 if (iface
->addr
.sa
.sa_family
== AF_INET6
&& iface
->dhcp_ok
&& !iface
->multicast_done
)
837 /* There's an irec per address but we only want to join for multicast
838 once per interface. Weed out duplicates. */
839 for (tmp
= daemon
->interfaces
; tmp
; tmp
= tmp
->next
)
840 if (tmp
->multicast_done
&& tmp
->index
== iface
->index
)
843 iface
->multicast_done
= 1;
847 struct ipv6_mreq mreq
;
850 mreq
.ipv6mr_interface
= iface
->index
;
852 inet_pton(AF_INET6
, ALL_RELAY_AGENTS_AND_SERVERS
, &mreq
.ipv6mr_multiaddr
);
854 if (daemon
->doing_dhcp6
&&
855 setsockopt(daemon
->dhcp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
858 inet_pton(AF_INET6
, ALL_SERVERS
, &mreq
.ipv6mr_multiaddr
);
860 if (daemon
->doing_dhcp6
&&
861 setsockopt(daemon
->dhcp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
864 inet_pton(AF_INET6
, ALL_ROUTERS
, &mreq
.ipv6mr_multiaddr
);
866 if (daemon
->doing_ra
&&
867 setsockopt(daemon
->icmp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
872 char *s
= _("interface %s failed to join DHCPv6 multicast group: %s");
874 die(s
, iface
->name
, EC_BADNET
);
876 my_syslog(LOG_ERR
, s
, iface
->name
, strerror(errno
));
883 /* return a UDP socket bound to a random port, have to cope with straying into
884 occupied port nos and reserved ones. */
885 int random_sock(int family
)
889 if ((fd
= socket(family
, SOCK_DGRAM
, 0)) != -1)
891 union mysockaddr addr
;
892 unsigned int ports_avail
= 65536u - (unsigned short)daemon
->min_port
;
893 int tries
= ports_avail
< 30 ? 3 * ports_avail
: 100;
895 memset(&addr
, 0, sizeof(addr
));
896 addr
.sa
.sa_family
= family
;
898 /* don't loop forever if all ports in use. */
903 unsigned short port
= rand16();
905 if (daemon
->min_port
!= 0)
906 port
= htons(daemon
->min_port
+ (port
% ((unsigned short)ports_avail
)));
908 if (family
== AF_INET
)
910 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
911 addr
.in
.sin_port
= port
;
912 #ifdef HAVE_SOCKADDR_SA_LEN
913 addr
.in
.sin_len
= sizeof(struct sockaddr_in
);
919 addr
.in6
.sin6_addr
= in6addr_any
;
920 addr
.in6
.sin6_port
= port
;
921 #ifdef HAVE_SOCKADDR_SA_LEN
922 addr
.in6
.sin6_len
= sizeof(struct sockaddr_in6
);
927 if (bind(fd
, (struct sockaddr
*)&addr
, sa_len(&addr
)) == 0)
930 if (errno
!= EADDRINUSE
&& errno
!= EACCES
)
941 int local_bind(int fd
, union mysockaddr
*addr
, char *intname
, int is_tcp
)
943 union mysockaddr addr_copy
= *addr
;
945 /* cannot set source _port_ for TCP connections. */
948 if (addr_copy
.sa
.sa_family
== AF_INET
)
949 addr_copy
.in
.sin_port
= 0;
952 addr_copy
.in6
.sin6_port
= 0;
956 if (bind(fd
, (struct sockaddr
*)&addr_copy
, sa_len(&addr_copy
)) == -1)
959 #if defined(SO_BINDTODEVICE)
960 if (intname
[0] != 0 &&
961 setsockopt(fd
, SOL_SOCKET
, SO_BINDTODEVICE
, intname
, IF_NAMESIZE
) == -1)
968 static struct serverfd
*allocate_sfd(union mysockaddr
*addr
, char *intname
)
970 struct serverfd
*sfd
;
973 /* when using random ports, servers which would otherwise use
974 the INADDR_ANY/port0 socket have sfd set to NULL */
975 if (!daemon
->osport
&& intname
[0] == 0)
979 if (addr
->sa
.sa_family
== AF_INET
&&
980 addr
->in
.sin_addr
.s_addr
== INADDR_ANY
&&
981 addr
->in
.sin_port
== htons(0))
985 if (addr
->sa
.sa_family
== AF_INET6
&&
986 memcmp(&addr
->in6
.sin6_addr
, &in6addr_any
, sizeof(in6addr_any
)) == 0 &&
987 addr
->in6
.sin6_port
== htons(0))
992 /* may have a suitable one already */
993 for (sfd
= daemon
->sfds
; sfd
; sfd
= sfd
->next
)
994 if (sockaddr_isequal(&sfd
->source_addr
, addr
) &&
995 strcmp(intname
, sfd
->interface
) == 0)
998 /* need to make a new one. */
999 errno
= ENOMEM
; /* in case malloc fails. */
1000 if (!(sfd
= whine_malloc(sizeof(struct serverfd
))))
1003 if ((sfd
->fd
= socket(addr
->sa
.sa_family
, SOCK_DGRAM
, 0)) == -1)
1009 if (!local_bind(sfd
->fd
, addr
, intname
, 0) || !fix_fd(sfd
->fd
))
1011 errsave
= errno
; /* save error from bind. */
1018 strcpy(sfd
->interface
, intname
);
1019 sfd
->source_addr
= *addr
;
1020 sfd
->next
= daemon
->sfds
;
1025 /* create upstream sockets during startup, before root is dropped which may be needed
1026 this allows query_port to be a low port and interface binding */
1027 void pre_allocate_sfds(void)
1031 if (daemon
->query_port
!= 0)
1033 union mysockaddr addr
;
1034 memset(&addr
, 0, sizeof(addr
));
1035 addr
.in
.sin_family
= AF_INET
;
1036 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
1037 addr
.in
.sin_port
= htons(daemon
->query_port
);
1038 #ifdef HAVE_SOCKADDR_SA_LEN
1039 addr
.in
.sin_len
= sizeof(struct sockaddr_in
);
1041 allocate_sfd(&addr
, "");
1043 memset(&addr
, 0, sizeof(addr
));
1044 addr
.in6
.sin6_family
= AF_INET6
;
1045 addr
.in6
.sin6_addr
= in6addr_any
;
1046 addr
.in6
.sin6_port
= htons(daemon
->query_port
);
1047 #ifdef HAVE_SOCKADDR_SA_LEN
1048 addr
.in6
.sin6_len
= sizeof(struct sockaddr_in6
);
1050 allocate_sfd(&addr
, "");
1054 for (srv
= daemon
->servers
; srv
; srv
= srv
->next
)
1055 if (!(srv
->flags
& (SERV_LITERAL_ADDRESS
| SERV_NO_ADDR
| SERV_USE_RESOLV
| SERV_NO_REBIND
)) &&
1056 !allocate_sfd(&srv
->source_addr
, srv
->interface
) &&
1058 option_bool(OPT_NOWILD
))
1060 prettyprint_addr(&srv
->source_addr
, daemon
->namebuff
);
1061 if (srv
->interface
[0] != 0)
1063 strcat(daemon
->namebuff
, " ");
1064 strcat(daemon
->namebuff
, srv
->interface
);
1066 die(_("failed to bind server socket for %s: %s"),
1067 daemon
->namebuff
, EC_BADNET
);
1072 void check_servers(void)
1075 struct server
*new, *tmp
, *ret
= NULL
;
1078 /* interface may be new since startup */
1079 if (!option_bool(OPT_NOWILD
))
1080 enumerate_interfaces(0);
1082 for (new = daemon
->servers
; new; new = tmp
)
1086 if (!(new->flags
& (SERV_LITERAL_ADDRESS
| SERV_NO_ADDR
| SERV_USE_RESOLV
| SERV_NO_REBIND
)))
1088 port
= prettyprint_addr(&new->addr
, daemon
->namebuff
);
1090 /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
1091 if (new->addr
.sa
.sa_family
== AF_INET
&&
1092 new->addr
.in
.sin_addr
.s_addr
== 0)
1098 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1099 if (sockaddr_isequal(&new->addr
, &iface
->addr
))
1103 my_syslog(LOG_WARNING
, _("ignoring nameserver %s - local interface"), daemon
->namebuff
);
1108 /* Do we need a socket set? */
1110 !(new->sfd
= allocate_sfd(&new->source_addr
, new->interface
)) &&
1113 my_syslog(LOG_WARNING
,
1114 _("ignoring nameserver %s - cannot make/bind socket: %s"),
1115 daemon
->namebuff
, strerror(errno
));
1121 /* reverse order - gets it right. */
1125 if (!(new->flags
& SERV_NO_REBIND
))
1127 if (new->flags
& (SERV_HAS_DOMAIN
| SERV_FOR_NODOTS
| SERV_USE_RESOLV
))
1130 if (!(new->flags
& SERV_HAS_DOMAIN
))
1131 s1
= _("unqualified"), s2
= _("names");
1132 else if (strlen(new->domain
) == 0)
1133 s1
= _("default"), s2
= "";
1135 s1
= _("domain"), s2
= new->domain
;
1137 if (new->flags
& SERV_NO_ADDR
)
1138 my_syslog(LOG_INFO
, _("using local addresses only for %s %s"), s1
, s2
);
1139 else if (new->flags
& SERV_USE_RESOLV
)
1140 my_syslog(LOG_INFO
, _("using standard nameservers for %s %s"), s1
, s2
);
1141 else if (!(new->flags
& SERV_LITERAL_ADDRESS
))
1142 my_syslog(LOG_INFO
, _("using nameserver %s#%d for %s %s"), daemon
->namebuff
, port
, s1
, s2
);
1144 else if (new->interface
[0] != 0)
1145 my_syslog(LOG_INFO
, _("using nameserver %s#%d(via %s)"), daemon
->namebuff
, port
, new->interface
);
1147 my_syslog(LOG_INFO
, _("using nameserver %s#%d"), daemon
->namebuff
, port
);
1151 daemon
->servers
= ret
;
1154 /* Return zero if no servers found, in that case we keep polling.
1155 This is a protection against an update-time/write race on resolv.conf */
1156 int reload_servers(char *fname
)
1160 struct server
*old_servers
= NULL
;
1161 struct server
*new_servers
= NULL
;
1162 struct server
*serv
;
1165 /* buff happens to be MAXDNAME long... */
1166 if (!(f
= fopen(fname
, "r")))
1168 my_syslog(LOG_ERR
, _("failed to read %s: %s"), fname
, strerror(errno
));
1172 /* move old servers to free list - we can reuse the memory
1173 and not risk malloc if there are the same or fewer new servers.
1174 Servers which were specced on the command line go to the new list. */
1175 for (serv
= daemon
->servers
; serv
;)
1177 struct server
*tmp
= serv
->next
;
1178 if (serv
->flags
& SERV_FROM_RESOLV
)
1180 serv
->next
= old_servers
;
1182 /* forward table rules reference servers, so have to blow them away */
1187 serv
->next
= new_servers
;
1193 while ((line
= fgets(daemon
->namebuff
, MAXDNAME
, f
)))
1195 union mysockaddr addr
, source_addr
;
1196 char *token
= strtok(line
, " \t\n\r");
1200 if (strcmp(token
, "nameserver") != 0 && strcmp(token
, "server") != 0)
1202 if (!(token
= strtok(NULL
, " \t\n\r")))
1205 memset(&addr
, 0, sizeof(addr
));
1206 memset(&source_addr
, 0, sizeof(source_addr
));
1208 if ((addr
.in
.sin_addr
.s_addr
= inet_addr(token
)) != (in_addr_t
) -1)
1210 #ifdef HAVE_SOCKADDR_SA_LEN
1211 source_addr
.in
.sin_len
= addr
.in
.sin_len
= sizeof(source_addr
.in
);
1213 source_addr
.in
.sin_family
= addr
.in
.sin_family
= AF_INET
;
1214 addr
.in
.sin_port
= htons(NAMESERVER_PORT
);
1215 source_addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
1216 source_addr
.in
.sin_port
= htons(daemon
->query_port
);
1221 int scope_index
= 0;
1222 char *scope_id
= strchr(token
, '%');
1227 scope_index
= if_nametoindex(scope_id
);
1230 if (inet_pton(AF_INET6
, token
, &addr
.in6
.sin6_addr
) > 0)
1232 #ifdef HAVE_SOCKADDR_SA_LEN
1233 source_addr
.in6
.sin6_len
= addr
.in6
.sin6_len
= sizeof(source_addr
.in6
);
1235 source_addr
.in6
.sin6_family
= addr
.in6
.sin6_family
= AF_INET6
;
1236 source_addr
.in6
.sin6_flowinfo
= addr
.in6
.sin6_flowinfo
= 0;
1237 addr
.in6
.sin6_port
= htons(NAMESERVER_PORT
);
1238 addr
.in6
.sin6_scope_id
= scope_index
;
1239 source_addr
.in6
.sin6_addr
= in6addr_any
;
1240 source_addr
.in6
.sin6_port
= htons(daemon
->query_port
);
1241 source_addr
.in6
.sin6_scope_id
= 0;
1254 old_servers
= old_servers
->next
;
1256 else if (!(serv
= whine_malloc(sizeof (struct server
))))
1259 /* this list is reverse ordered:
1260 it gets reversed again in check_servers */
1261 serv
->next
= new_servers
;
1264 serv
->source_addr
= source_addr
;
1265 serv
->domain
= NULL
;
1266 serv
->interface
[0] = 0;
1268 serv
->flags
= SERV_FROM_RESOLV
;
1269 serv
->queries
= serv
->failed_queries
= 0;
1273 /* Free any memory not used. */
1276 struct server
*tmp
= old_servers
->next
;
1281 daemon
->servers
= new_servers
;