1 /* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 #ifndef IN6_IS_ADDR_ULA
20 #define IN6_IS_ADDR_ULA(a) ((((__const uint32_t *) (a))[0] & htonl (0xfe00000)) == htonl (0xfc000000))
23 #ifdef HAVE_LINUX_NETWORK
25 int indextoname(int fd
, int index
, char *name
)
32 ifr
.ifr_ifindex
= index
;
33 if (ioctl(fd
, SIOCGIFNAME
, &ifr
) == -1)
36 strncpy(name
, ifr
.ifr_name
, IF_NAMESIZE
);
42 #elif defined(HAVE_SOLARIS_NETWORK)
46 #ifndef LIFC_UNDER_IPMP
47 # define LIFC_UNDER_IPMP 0
50 int indextoname(int fd
, int index
, char *name
)
54 int numifs
, bufsize
, i
;
61 if (getzoneid() == GLOBAL_ZONEID
)
63 if (!if_indextoname(index
, name
))
68 lifc_flags
= LIFC_NOXMIT
| LIFC_TEMPORARY
| LIFC_ALLZONES
| LIFC_UNDER_IPMP
;
69 lifn
.lifn_family
= AF_UNSPEC
;
70 lifn
.lifn_flags
= lifc_flags
;
71 if (ioctl(fd
, SIOCGLIFNUM
, &lifn
) < 0)
74 numifs
= lifn
.lifn_count
;
75 bufsize
= numifs
* sizeof(struct lifreq
);
77 lifc
.lifc_family
= AF_UNSPEC
;
78 lifc
.lifc_flags
= lifc_flags
;
79 lifc
.lifc_len
= bufsize
;
80 lifc
.lifc_buf
= alloca(bufsize
);
82 if (ioctl(fd
, SIOCGLIFCONF
, &lifc
) < 0)
85 lifrp
= lifc
.lifc_req
;
86 for (i
= lifc
.lifc_len
/ sizeof(struct lifreq
); i
; i
--, lifrp
++)
89 strncpy(lifr
.lifr_name
, lifrp
->lifr_name
, IF_NAMESIZE
);
90 if (ioctl(fd
, SIOCGLIFINDEX
, &lifr
) < 0)
93 if (lifr
.lifr_index
== index
) {
94 strncpy(name
, lifr
.lifr_name
, IF_NAMESIZE
);
104 int indextoname(int fd
, int index
, char *name
)
108 if (index
== 0 || !if_indextoname(index
, name
))
116 int iface_check(int family
, struct all_addr
*addr
, char *name
, int *auth
)
119 int ret
= 1, match_addr
= 0;
121 /* Note: have to check all and not bail out early, so that we set the
124 May be called with family == AF_LOCALto check interface by name only. */
129 if (daemon
->if_names
|| daemon
->if_addrs
)
133 for (tmp
= daemon
->if_names
; tmp
; tmp
= tmp
->next
)
134 if (tmp
->name
&& wildcard_match(tmp
->name
, name
))
138 for (tmp
= daemon
->if_addrs
; tmp
; tmp
= tmp
->next
)
139 if (tmp
->addr
.sa
.sa_family
== family
)
141 if (family
== AF_INET
&&
142 tmp
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
143 ret
= match_addr
= tmp
->used
= 1;
145 else if (family
== AF_INET6
&&
146 IN6_ARE_ADDR_EQUAL(&tmp
->addr
.in6
.sin6_addr
,
148 ret
= match_addr
= tmp
->used
= 1;
154 for (tmp
= daemon
->if_except
; tmp
; tmp
= tmp
->next
)
155 if (tmp
->name
&& wildcard_match(tmp
->name
, name
))
159 for (tmp
= daemon
->authinterface
; tmp
; tmp
= tmp
->next
)
162 if (strcmp(tmp
->name
, name
) == 0 &&
163 (tmp
->addr
.sa
.sa_family
== 0 || tmp
->addr
.sa
.sa_family
== family
))
166 else if (addr
&& tmp
->addr
.sa
.sa_family
== AF_INET
&& family
== AF_INET
&&
167 tmp
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
170 else if (addr
&& tmp
->addr
.sa
.sa_family
== AF_INET6
&& family
== AF_INET6
&&
171 IN6_ARE_ADDR_EQUAL(&tmp
->addr
.in6
.sin6_addr
, &addr
->addr
.addr6
))
185 /* Fix for problem that the kernel sometimes reports the loopback inerface as the
186 arrival interface when a packet originates locally, even when sent to address of
187 an interface other than the loopback. Accept packet if it arrived via a loopback
188 interface, even when we're not accepting packets that way, as long as the destination
189 address is one we're believing. Interface list must be up-to-date before calling. */
190 int loopback_exception(int fd
, int family
, struct all_addr
*addr
, char *name
)
195 strncpy(ifr
.ifr_name
, name
, IF_NAMESIZE
);
196 if (ioctl(fd
, SIOCGIFFLAGS
, &ifr
) != -1 &&
197 ifr
.ifr_flags
& IFF_LOOPBACK
)
199 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
200 if (iface
->addr
.sa
.sa_family
== family
)
202 if (family
== AF_INET
)
204 if (iface
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
208 else if (IN6_ARE_ADDR_EQUAL(&iface
->addr
.in6
.sin6_addr
, &addr
->addr
.addr6
))
217 /* If we're configured with something like --interface=eth0:0 then we'll listen correctly
218 on the relevant address, but the name of the arrival interface, derived from the
219 index won't match the config. Check that we found an interface address for the arrival
220 interface: daemon->interfaces must be up-to-date. */
221 int label_exception(int index
, int family
, struct all_addr
*addr
)
225 /* labels only supported on IPv4 addresses. */
226 if (family
!= AF_INET
)
229 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
230 if (iface
->index
== index
&& iface
->addr
.sa
.sa_family
== AF_INET
&&
231 iface
->addr
.in
.sin_addr
.s_addr
== addr
->addr
.addr4
.s_addr
)
238 struct addrlist
*spare
;
242 static int iface_allowed(struct iface_param
*param
, int if_index
, char *label
,
243 union mysockaddr
*addr
, struct in_addr netmask
, int prefixlen
, int dad
)
246 int mtu
= 0, loopback
;
248 int tftp_ok
= !!option_bool(OPT_TFTP
);
251 #if defined(HAVE_DHCP) || defined(HAVE_TFTP)
257 if (!indextoname(param
->fd
, if_index
, ifr
.ifr_name
) ||
258 ioctl(param
->fd
, SIOCGIFFLAGS
, &ifr
) == -1)
261 loopback
= ifr
.ifr_flags
& IFF_LOOPBACK
;
266 if (ioctl(param
->fd
, SIOCGIFMTU
, &ifr
) != -1)
270 label
= ifr
.ifr_name
;
274 if (addr
->sa
.sa_family
!= AF_INET6
|| !IN6_IS_ADDR_LINKLOCAL(&addr
->in6
.sin6_addr
))
277 struct interface_name
*int_name
;
280 struct auth_zone
*zone
;
281 struct auth_name_list
*name
;
283 /* Find subnets in auth_zones */
284 for (zone
= daemon
->auth_zones
; zone
; zone
= zone
->next
)
285 for (name
= zone
->interface_names
; name
; name
= name
->next
)
286 if (wildcard_match(name
->name
, label
))
288 if (addr
->sa
.sa_family
== AF_INET
&& (name
->flags
& AUTH4
))
293 param
->spare
= al
->next
;
296 al
= whine_malloc(sizeof(struct addrlist
));
300 al
->next
= zone
->subnet
;
302 al
->prefixlen
= prefixlen
;
303 al
->addr
.addr
.addr4
= addr
->in
.sin_addr
;
309 if (addr
->sa
.sa_family
== AF_INET6
&& (name
->flags
& AUTH6
))
314 param
->spare
= al
->next
;
317 al
= whine_malloc(sizeof(struct addrlist
));
321 al
->next
= zone
->subnet
;
323 al
->prefixlen
= prefixlen
;
324 al
->addr
.addr
.addr6
= addr
->in6
.sin6_addr
;
325 al
->flags
= ADDRLIST_IPV6
;
333 /* Update addresses from interface_names. These are a set independent
334 of the set we're listening on. */
335 for (int_name
= daemon
->int_names
; int_name
; int_name
= int_name
->next
)
336 if (strncmp(label
, int_name
->intr
, IF_NAMESIZE
) == 0 &&
337 (addr
->sa
.sa_family
== int_name
->family
|| int_name
->family
== 0))
342 param
->spare
= al
->next
;
345 al
= whine_malloc(sizeof(struct addrlist
));
349 al
->next
= int_name
->addr
;
352 if (addr
->sa
.sa_family
== AF_INET
)
354 al
->addr
.addr
.addr4
= addr
->in
.sin_addr
;
360 al
->addr
.addr
.addr6
= addr
->in6
.sin6_addr
;
361 al
->flags
= ADDRLIST_IPV6
;
368 /* check whether the interface IP has been added already
369 we call this routine multiple times. */
370 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
371 if (sockaddr_isequal(&iface
->addr
, addr
))
374 iface
->found
= 1; /* for garbage collection */
378 /* If we are restricting the set of interfaces to use, make
379 sure that loopback interfaces are in that set. */
380 if (daemon
->if_names
&& loopback
)
383 for (lo
= daemon
->if_names
; lo
; lo
= lo
->next
)
384 if (lo
->name
&& strcmp(lo
->name
, ifr
.ifr_name
) == 0)
387 if (!lo
&& (lo
= whine_malloc(sizeof(struct iname
))))
389 if ((lo
->name
= whine_malloc(strlen(ifr
.ifr_name
)+1)))
391 strcpy(lo
->name
, ifr
.ifr_name
);
393 lo
->next
= daemon
->if_names
;
394 daemon
->if_names
= lo
;
401 if (addr
->sa
.sa_family
== AF_INET
&&
402 !iface_check(AF_INET
, (struct all_addr
*)&addr
->in
.sin_addr
, label
, &auth_dns
))
406 if (addr
->sa
.sa_family
== AF_INET6
&&
407 !iface_check(AF_INET6
, (struct all_addr
*)&addr
->in6
.sin6_addr
, label
, &auth_dns
))
412 /* No DHCP where we're doing auth DNS. */
419 for (tmp
= daemon
->dhcp_except
; tmp
; tmp
= tmp
->next
)
420 if (tmp
->name
&& wildcard_match(tmp
->name
, ifr
.ifr_name
))
429 if (daemon
->tftp_interfaces
)
431 /* dedicated tftp interface list */
433 for (tmp
= daemon
->tftp_interfaces
; tmp
; tmp
= tmp
->next
)
434 if (tmp
->name
&& wildcard_match(tmp
->name
, ifr
.ifr_name
))
440 if ((iface
= whine_malloc(sizeof(struct irec
))))
443 iface
->netmask
= netmask
;
444 iface
->tftp_ok
= tftp_ok
;
445 iface
->dhcp_ok
= dhcp_ok
;
446 iface
->dns_auth
= auth_dns
;
450 iface
->done
= iface
->multicast_done
= iface
->warned
= 0;
451 iface
->index
= if_index
;
452 if ((iface
->name
= whine_malloc(strlen(ifr
.ifr_name
)+1)))
454 strcpy(iface
->name
, ifr
.ifr_name
);
455 iface
->next
= daemon
->interfaces
;
456 daemon
->interfaces
= iface
;
468 static int iface_allowed_v6(struct in6_addr
*local
, int prefix
,
469 int scope
, int if_index
, int flags
,
470 int preferred
, int valid
, void *vparam
)
472 union mysockaddr addr
;
473 struct in_addr netmask
; /* dummy */
476 (void)scope
; /* warning */
480 memset(&addr
, 0, sizeof(addr
));
481 #ifdef HAVE_SOCKADDR_SA_LEN
482 addr
.in6
.sin6_len
= sizeof(addr
.in6
);
484 addr
.in6
.sin6_family
= AF_INET6
;
485 addr
.in6
.sin6_addr
= *local
;
486 addr
.in6
.sin6_port
= htons(daemon
->port
);
487 /* FreeBSD insists this is zero for non-linklocal addresses */
488 if (IN6_IS_ADDR_LINKLOCAL(local
))
489 addr
.in6
.sin6_scope_id
= if_index
;
491 addr
.in6
.sin6_scope_id
= 0;
493 return iface_allowed((struct iface_param
*)vparam
, if_index
, NULL
, &addr
, netmask
, prefix
, !!(flags
& IFACE_TENTATIVE
));
497 static int iface_allowed_v4(struct in_addr local
, int if_index
, char *label
,
498 struct in_addr netmask
, struct in_addr broadcast
, void *vparam
)
500 union mysockaddr addr
;
503 memset(&addr
, 0, sizeof(addr
));
504 #ifdef HAVE_SOCKADDR_SA_LEN
505 addr
.in
.sin_len
= sizeof(addr
.in
);
507 addr
.in
.sin_family
= AF_INET
;
508 addr
.in
.sin_addr
= broadcast
; /* warning */
509 addr
.in
.sin_addr
= local
;
510 addr
.in
.sin_port
= htons(daemon
->port
);
512 /* determine prefix length from netmask */
513 for (prefix
= 32, bit
= 1; (bit
& ntohl(netmask
.s_addr
)) == 0 && prefix
!= 0; bit
= bit
<< 1, prefix
--);
515 return iface_allowed((struct iface_param
*)vparam
, if_index
, label
, &addr
, netmask
, prefix
, 0);
518 int enumerate_interfaces(int reset
)
520 static struct addrlist
*spare
= NULL
;
521 static int done
= 0, active
= 0;
522 struct iface_param param
;
523 int errsave
, ret
= 1;
524 struct addrlist
*addr
, *tmp
;
525 struct interface_name
*intname
;
528 struct auth_zone
*zone
;
531 /* Do this max once per select cycle - also inhibits netlink socket use
532 in TCP child processes. */
545 /* protect against recusive calls from iface_enumerate(); */
548 if ((param
.fd
= socket(PF_INET
, SOCK_DGRAM
, 0)) == -1)
551 /* Mark interfaces for garbage collection */
552 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
555 /* remove addresses stored against interface_names */
556 for (intname
= daemon
->int_names
; intname
; intname
= intname
->next
)
558 for (addr
= intname
->addr
; addr
; addr
= tmp
)
565 intname
->addr
= NULL
;
569 /* remove addresses stored against auth_zone subnets, but not
570 ones configured as address literals */
571 for (zone
= daemon
->auth_zones
; zone
; zone
= zone
->next
)
572 if (zone
->interface_names
)
574 struct addrlist
**up
;
575 for (up
= &zone
->subnet
, addr
= zone
->subnet
; addr
; addr
= tmp
)
578 if (addr
->flags
& ADDRLIST_LITERAL
)
593 ret
= iface_enumerate(AF_INET6
, ¶m
, iface_allowed_v6
);
597 ret
= iface_enumerate(AF_INET
, ¶m
, iface_allowed_v4
);
602 if (option_bool(OPT_CLEVERBIND
))
604 /* Garbage-collect listeners listening on addresses that no longer exist.
605 Does nothing when not binding interfaces or for listeners on localhost,
606 since the ->iface field is NULL. Note that this needs the protections
607 against re-entrancy, hence it's here. It also means there's a possibility,
608 in OPT_CLEVERBIND mode, that at listener will just disappear after
609 a call to enumerate_interfaces, this is checked OK on all calls. */
610 struct listener
*l
, *tmp
, **up
;
612 for (up
= &daemon
->listeners
, l
= daemon
->listeners
; l
; l
= tmp
)
616 if (!l
->iface
|| l
->iface
->found
)
622 /* In case it ever returns */
645 /* set NONBLOCK bit on fd: See Stevens 16.6 */
650 if ((flags
= fcntl(fd
, F_GETFL
)) == -1 ||
651 fcntl(fd
, F_SETFL
, flags
| O_NONBLOCK
) == -1)
657 static int make_sock(union mysockaddr
*addr
, int type
, int dienow
)
659 int family
= addr
->sa
.sa_family
;
662 if ((fd
= socket(family
, type
, 0)) == -1)
667 /* No error if the kernel just doesn't support this IP flavour */
668 if (errno
== EPROTONOSUPPORT
||
669 errno
== EAFNOSUPPORT
||
675 port
= prettyprint_addr(addr
, daemon
->addrbuff
);
676 if (!option_bool(OPT_NOWILD
) && !option_bool(OPT_CLEVERBIND
))
677 sprintf(daemon
->addrbuff
, "port %d", port
);
678 s
= _("failed to create listening socket for %s: %s");
687 /* failure to bind addresses given by --listen-address at this point
688 is OK if we're doing bind-dynamic */
689 if (!option_bool(OPT_CLEVERBIND
))
690 die(s
, daemon
->addrbuff
, EC_BADNET
);
693 my_syslog(LOG_WARNING
, s
, daemon
->addrbuff
, strerror(errno
));
698 if (setsockopt(fd
, SOL_SOCKET
, SO_REUSEADDR
, &opt
, sizeof(opt
)) == -1 || !fix_fd(fd
))
702 if (family
== AF_INET6
&& setsockopt(fd
, IPPROTO_IPV6
, IPV6_V6ONLY
, &opt
, sizeof(opt
)) == -1)
706 if ((rc
= bind(fd
, (struct sockaddr
*)addr
, sa_len(addr
))) == -1)
709 if (type
== SOCK_STREAM
)
711 if (listen(fd
, 5) == -1)
714 else if (family
== AF_INET
)
716 if (!option_bool(OPT_NOWILD
))
718 #if defined(HAVE_LINUX_NETWORK)
719 if (setsockopt(fd
, IPPROTO_IP
, IP_PKTINFO
, &opt
, sizeof(opt
)) == -1)
721 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
722 if (setsockopt(fd
, IPPROTO_IP
, IP_RECVDSTADDR
, &opt
, sizeof(opt
)) == -1 ||
723 setsockopt(fd
, IPPROTO_IP
, IP_RECVIF
, &opt
, sizeof(opt
)) == -1)
729 else if (!set_ipv6pktinfo(fd
))
737 int set_ipv6pktinfo(int fd
)
741 /* The API changed around Linux 2.6.14 but the old ABI is still supported:
742 handle all combinations of headers and kernel.
743 OpenWrt note that this fixes the problem addressed by your very broken patch. */
744 daemon
->v6pktinfo
= IPV6_PKTINFO
;
746 #ifdef IPV6_RECVPKTINFO
747 if (setsockopt(fd
, IPPROTO_IPV6
, IPV6_RECVPKTINFO
, &opt
, sizeof(opt
)) != -1)
749 # ifdef IPV6_2292PKTINFO
750 else if (errno
== ENOPROTOOPT
&& setsockopt(fd
, IPPROTO_IPV6
, IPV6_2292PKTINFO
, &opt
, sizeof(opt
)) != -1)
752 daemon
->v6pktinfo
= IPV6_2292PKTINFO
;
757 if (setsockopt(fd
, IPPROTO_IPV6
, IPV6_PKTINFO
, &opt
, sizeof(opt
)) != -1)
766 /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
767 int tcp_interface(int fd
, int af
)
771 #ifdef HAVE_LINUX_NETWORK
773 struct cmsghdr
*cmptr
;
776 /* use mshdr do that the CMSDG_* macros are available */
777 msg
.msg_control
= daemon
->packet
;
778 msg
.msg_controllen
= daemon
->packet_buff_sz
;
780 /* we overwrote the buffer... */
781 daemon
->srv_save
= NULL
;
785 if (setsockopt(fd
, IPPROTO_IP
, IP_PKTINFO
, &opt
, sizeof(opt
)) != -1 &&
786 getsockopt(fd
, IPPROTO_IP
, IP_PKTOPTIONS
, msg
.msg_control
, (socklen_t
*)&msg
.msg_controllen
) != -1)
787 for (cmptr
= CMSG_FIRSTHDR(&msg
); cmptr
; cmptr
= CMSG_NXTHDR(&msg
, cmptr
))
788 if (cmptr
->cmsg_level
== IPPROTO_IP
&& cmptr
->cmsg_type
== IP_PKTINFO
)
792 struct in_pktinfo
*p
;
795 p
.c
= CMSG_DATA(cmptr
);
796 if_index
= p
.p
->ipi_ifindex
;
802 /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
803 it was removed in RFC-3542 !!!!
805 Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
806 uses the old ABI, and should work with pre- and post-3542 kernel headers */
808 #ifdef IPV6_2292PKTOPTIONS
809 # define PKTOPTIONS IPV6_2292PKTOPTIONS
811 # define PKTOPTIONS IPV6_PKTOPTIONS
814 if (set_ipv6pktinfo(fd
) &&
815 getsockopt(fd
, IPPROTO_IPV6
, PKTOPTIONS
, msg
.msg_control
, (socklen_t
*)&msg
.msg_controllen
) != -1)
817 for (cmptr
= CMSG_FIRSTHDR(&msg
); cmptr
; cmptr
= CMSG_NXTHDR(&msg
, cmptr
))
818 if (cmptr
->cmsg_level
== IPPROTO_IPV6
&& cmptr
->cmsg_type
== daemon
->v6pktinfo
)
822 struct in6_pktinfo
*p
;
824 p
.c
= CMSG_DATA(cmptr
);
826 if_index
= p
.p
->ipi6_ifindex
;
836 static struct listener
*create_listeners(union mysockaddr
*addr
, int do_tftp
, int dienow
)
838 struct listener
*l
= NULL
;
839 int fd
= -1, tcpfd
= -1, tftpfd
= -1;
843 if (daemon
->port
!= 0)
845 fd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
846 tcpfd
= make_sock(addr
, SOCK_STREAM
, dienow
);
852 if (addr
->sa
.sa_family
== AF_INET
)
854 /* port must be restored to DNS port for TCP code */
855 short save
= addr
->in
.sin_port
;
856 addr
->in
.sin_port
= htons(TFTP_PORT
);
857 tftpfd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
858 addr
->in
.sin_port
= save
;
863 short save
= addr
->in6
.sin6_port
;
864 addr
->in6
.sin6_port
= htons(TFTP_PORT
);
865 tftpfd
= make_sock(addr
, SOCK_DGRAM
, dienow
);
866 addr
->in6
.sin6_port
= save
;
872 if (fd
!= -1 || tcpfd
!= -1 || tftpfd
!= -1)
874 l
= safe_malloc(sizeof(struct listener
));
876 l
->family
= addr
->sa
.sa_family
;
886 void create_wildcard_listeners(void)
888 union mysockaddr addr
;
889 struct listener
*l
, *l6
;
891 memset(&addr
, 0, sizeof(addr
));
892 #ifdef HAVE_SOCKADDR_SA_LEN
893 addr
.in
.sin_len
= sizeof(addr
.in
);
895 addr
.in
.sin_family
= AF_INET
;
896 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
897 addr
.in
.sin_port
= htons(daemon
->port
);
899 l
= create_listeners(&addr
, !!option_bool(OPT_TFTP
), 1);
902 memset(&addr
, 0, sizeof(addr
));
903 # ifdef HAVE_SOCKADDR_SA_LEN
904 addr
.in6
.sin6_len
= sizeof(addr
.in6
);
906 addr
.in6
.sin6_family
= AF_INET6
;
907 addr
.in6
.sin6_addr
= in6addr_any
;
908 addr
.in6
.sin6_port
= htons(daemon
->port
);
910 l6
= create_listeners(&addr
, !!option_bool(OPT_TFTP
), 1);
917 daemon
->listeners
= l
;
920 void create_bound_listeners(int dienow
)
922 struct listener
*new;
924 struct iname
*if_tmp
;
926 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
927 if (!iface
->done
&& !iface
->dad
&& iface
->found
&&
928 (new = create_listeners(&iface
->addr
, iface
->tftp_ok
, dienow
)))
931 new->next
= daemon
->listeners
;
932 daemon
->listeners
= new;
936 /* Check for --listen-address options that haven't been used because there's
937 no interface with a matching address. These may be valid: eg it's possible
938 to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
940 If the address isn't valid the bind() will fail and we'll die()
941 (except in bind-dynamic mode, when we'll complain but keep trying.)
943 The resulting listeners have the ->iface field NULL, and this has to be
944 handled by the DNS and TFTP code. It disables --localise-queries processing
945 (no netmask) and some MTU login the tftp code. */
947 for (if_tmp
= daemon
->if_addrs
; if_tmp
; if_tmp
= if_tmp
->next
)
949 (new = create_listeners(&if_tmp
->addr
, !!option_bool(OPT_TFTP
), dienow
)))
951 new->next
= daemon
->listeners
;
952 daemon
->listeners
= new;
956 /* In --bind-interfaces, the only access control is the addresses we're listening on.
957 There's nothing to avoid a query to the address of an internal interface arriving via
958 an external interface where we don't want to accept queries, except that in the usual
959 case the addresses of internal interfaces are RFC1918. When bind-interfaces in use,
960 and we listen on an address that looks like it's probably globally routeable, shout.
962 The fix is to use --bind-dynamic, which actually checks the arrival interface too.
963 Tough if your platform doesn't support this.
965 Note that checking the arrival interface is supported in the standard IPv6 API and
966 always done, so we don't warn about any IPv6 addresses here.
969 void warn_bound_listeners(void)
974 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
975 if (!iface
->dns_auth
)
977 if (iface
->addr
.sa
.sa_family
== AF_INET
)
979 if (!private_net(iface
->addr
.in
.sin_addr
, 1))
981 inet_ntop(AF_INET
, &iface
->addr
.in
.sin_addr
, daemon
->addrbuff
, ADDRSTRLEN
);
982 iface
->warned
= advice
= 1;
983 my_syslog(LOG_WARNING
,
984 _("LOUD WARNING: listening on %s may accept requests via interfaces other than %s"),
985 daemon
->addrbuff
, iface
->name
);
991 my_syslog(LOG_WARNING
, _("LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"));
994 void warn_int_names(void)
996 struct interface_name
*intname
;
998 for (intname
= daemon
->int_names
; intname
; intname
= intname
->next
)
1000 my_syslog(LOG_WARNING
, _("warning: no addresses found for interface %s"), intname
->intr
);
1003 int is_dad_listeners(void)
1007 if (option_bool(OPT_NOWILD
))
1008 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1009 if (iface
->dad
&& !iface
->done
)
1016 void join_multicast(int dienow
)
1018 struct irec
*iface
, *tmp
;
1020 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1021 if (iface
->addr
.sa
.sa_family
== AF_INET6
&& iface
->dhcp_ok
&& !iface
->multicast_done
)
1023 /* There's an irec per address but we only want to join for multicast
1024 once per interface. Weed out duplicates. */
1025 for (tmp
= daemon
->interfaces
; tmp
; tmp
= tmp
->next
)
1026 if (tmp
->multicast_done
&& tmp
->index
== iface
->index
)
1029 iface
->multicast_done
= 1;
1033 struct ipv6_mreq mreq
;
1036 mreq
.ipv6mr_interface
= iface
->index
;
1038 inet_pton(AF_INET6
, ALL_RELAY_AGENTS_AND_SERVERS
, &mreq
.ipv6mr_multiaddr
);
1040 if ((daemon
->doing_dhcp6
|| daemon
->relay6
) &&
1041 setsockopt(daemon
->dhcp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
1044 inet_pton(AF_INET6
, ALL_SERVERS
, &mreq
.ipv6mr_multiaddr
);
1046 if (daemon
->doing_dhcp6
&&
1047 setsockopt(daemon
->dhcp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
1050 inet_pton(AF_INET6
, ALL_ROUTERS
, &mreq
.ipv6mr_multiaddr
);
1052 if (daemon
->doing_ra
&&
1053 setsockopt(daemon
->icmp6fd
, IPPROTO_IPV6
, IPV6_JOIN_GROUP
, &mreq
, sizeof(mreq
)) == -1)
1058 char *s
= _("interface %s failed to join DHCPv6 multicast group: %s");
1060 die(s
, iface
->name
, EC_BADNET
);
1062 my_syslog(LOG_ERR
, s
, iface
->name
, strerror(errno
));
1069 /* return a UDP socket bound to a random port, have to cope with straying into
1070 occupied port nos and reserved ones. */
1071 int random_sock(int family
)
1075 if ((fd
= socket(family
, SOCK_DGRAM
, 0)) != -1)
1077 union mysockaddr addr
;
1078 unsigned int ports_avail
= 65536u - (unsigned short)daemon
->min_port
;
1079 int tries
= ports_avail
< 30 ? 3 * ports_avail
: 100;
1081 memset(&addr
, 0, sizeof(addr
));
1082 addr
.sa
.sa_family
= family
;
1084 /* don't loop forever if all ports in use. */
1089 unsigned short port
= rand16();
1091 if (daemon
->min_port
!= 0)
1092 port
= htons(daemon
->min_port
+ (port
% ((unsigned short)ports_avail
)));
1094 if (family
== AF_INET
)
1096 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
1097 addr
.in
.sin_port
= port
;
1098 #ifdef HAVE_SOCKADDR_SA_LEN
1099 addr
.in
.sin_len
= sizeof(struct sockaddr_in
);
1105 addr
.in6
.sin6_addr
= in6addr_any
;
1106 addr
.in6
.sin6_port
= port
;
1107 #ifdef HAVE_SOCKADDR_SA_LEN
1108 addr
.in6
.sin6_len
= sizeof(struct sockaddr_in6
);
1113 if (bind(fd
, (struct sockaddr
*)&addr
, sa_len(&addr
)) == 0)
1116 if (errno
!= EADDRINUSE
&& errno
!= EACCES
)
1127 int local_bind(int fd
, union mysockaddr
*addr
, char *intname
, int is_tcp
)
1129 union mysockaddr addr_copy
= *addr
;
1131 /* cannot set source _port_ for TCP connections. */
1134 if (addr_copy
.sa
.sa_family
== AF_INET
)
1135 addr_copy
.in
.sin_port
= 0;
1138 addr_copy
.in6
.sin6_port
= 0;
1142 if (bind(fd
, (struct sockaddr
*)&addr_copy
, sa_len(&addr_copy
)) == -1)
1145 #if defined(SO_BINDTODEVICE)
1146 if (intname
[0] != 0 &&
1147 setsockopt(fd
, SOL_SOCKET
, SO_BINDTODEVICE
, intname
, IF_NAMESIZE
) == -1)
1154 static struct serverfd
*allocate_sfd(union mysockaddr
*addr
, char *intname
)
1156 struct serverfd
*sfd
;
1159 /* when using random ports, servers which would otherwise use
1160 the INADDR_ANY/port0 socket have sfd set to NULL */
1161 if (!daemon
->osport
&& intname
[0] == 0)
1165 if (addr
->sa
.sa_family
== AF_INET
&&
1166 addr
->in
.sin_addr
.s_addr
== INADDR_ANY
&&
1167 addr
->in
.sin_port
== htons(0))
1171 if (addr
->sa
.sa_family
== AF_INET6
&&
1172 memcmp(&addr
->in6
.sin6_addr
, &in6addr_any
, sizeof(in6addr_any
)) == 0 &&
1173 addr
->in6
.sin6_port
== htons(0))
1178 /* may have a suitable one already */
1179 for (sfd
= daemon
->sfds
; sfd
; sfd
= sfd
->next
)
1180 if (sockaddr_isequal(&sfd
->source_addr
, addr
) &&
1181 strcmp(intname
, sfd
->interface
) == 0)
1184 /* need to make a new one. */
1185 errno
= ENOMEM
; /* in case malloc fails. */
1186 if (!(sfd
= whine_malloc(sizeof(struct serverfd
))))
1189 if ((sfd
->fd
= socket(addr
->sa
.sa_family
, SOCK_DGRAM
, 0)) == -1)
1195 if (!local_bind(sfd
->fd
, addr
, intname
, 0) || !fix_fd(sfd
->fd
))
1197 errsave
= errno
; /* save error from bind. */
1204 strcpy(sfd
->interface
, intname
);
1205 sfd
->source_addr
= *addr
;
1206 sfd
->next
= daemon
->sfds
;
1211 /* create upstream sockets during startup, before root is dropped which may be needed
1212 this allows query_port to be a low port and interface binding */
1213 void pre_allocate_sfds(void)
1217 if (daemon
->query_port
!= 0)
1219 union mysockaddr addr
;
1220 memset(&addr
, 0, sizeof(addr
));
1221 addr
.in
.sin_family
= AF_INET
;
1222 addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
1223 addr
.in
.sin_port
= htons(daemon
->query_port
);
1224 #ifdef HAVE_SOCKADDR_SA_LEN
1225 addr
.in
.sin_len
= sizeof(struct sockaddr_in
);
1227 allocate_sfd(&addr
, "");
1229 memset(&addr
, 0, sizeof(addr
));
1230 addr
.in6
.sin6_family
= AF_INET6
;
1231 addr
.in6
.sin6_addr
= in6addr_any
;
1232 addr
.in6
.sin6_port
= htons(daemon
->query_port
);
1233 #ifdef HAVE_SOCKADDR_SA_LEN
1234 addr
.in6
.sin6_len
= sizeof(struct sockaddr_in6
);
1236 allocate_sfd(&addr
, "");
1240 for (srv
= daemon
->servers
; srv
; srv
= srv
->next
)
1241 if (!(srv
->flags
& (SERV_LITERAL_ADDRESS
| SERV_NO_ADDR
| SERV_USE_RESOLV
| SERV_NO_REBIND
)) &&
1242 !allocate_sfd(&srv
->source_addr
, srv
->interface
) &&
1244 option_bool(OPT_NOWILD
))
1246 prettyprint_addr(&srv
->source_addr
, daemon
->namebuff
);
1247 if (srv
->interface
[0] != 0)
1249 strcat(daemon
->namebuff
, " ");
1250 strcat(daemon
->namebuff
, srv
->interface
);
1252 die(_("failed to bind server socket for %s: %s"),
1253 daemon
->namebuff
, EC_BADNET
);
1258 void check_servers(void)
1261 struct server
*new, *tmp
, *ret
= NULL
;
1264 /* interface may be new since startup */
1265 if (!option_bool(OPT_NOWILD
))
1266 enumerate_interfaces(0);
1268 for (new = daemon
->servers
; new; new = tmp
)
1272 if (!(new->flags
& (SERV_LITERAL_ADDRESS
| SERV_NO_ADDR
| SERV_USE_RESOLV
| SERV_NO_REBIND
)))
1274 port
= prettyprint_addr(&new->addr
, daemon
->namebuff
);
1276 /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
1277 if (new->addr
.sa
.sa_family
== AF_INET
&&
1278 new->addr
.in
.sin_addr
.s_addr
== 0)
1284 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1285 if (sockaddr_isequal(&new->addr
, &iface
->addr
))
1289 my_syslog(LOG_WARNING
, _("ignoring nameserver %s - local interface"), daemon
->namebuff
);
1294 /* Do we need a socket set? */
1296 !(new->sfd
= allocate_sfd(&new->source_addr
, new->interface
)) &&
1299 my_syslog(LOG_WARNING
,
1300 _("ignoring nameserver %s - cannot make/bind socket: %s"),
1301 daemon
->namebuff
, strerror(errno
));
1307 /* reverse order - gets it right. */
1311 if (!(new->flags
& SERV_NO_REBIND
))
1313 if (new->flags
& (SERV_HAS_DOMAIN
| SERV_FOR_NODOTS
| SERV_USE_RESOLV
))
1316 if (!(new->flags
& SERV_HAS_DOMAIN
))
1317 s1
= _("unqualified"), s2
= _("names");
1318 else if (strlen(new->domain
) == 0)
1319 s1
= _("default"), s2
= "";
1321 s1
= _("domain"), s2
= new->domain
;
1323 if (new->flags
& SERV_NO_ADDR
)
1324 my_syslog(LOG_INFO
, _("using local addresses only for %s %s"), s1
, s2
);
1325 else if (new->flags
& SERV_USE_RESOLV
)
1326 my_syslog(LOG_INFO
, _("using standard nameservers for %s %s"), s1
, s2
);
1327 else if (!(new->flags
& SERV_LITERAL_ADDRESS
))
1328 my_syslog(LOG_INFO
, _("using nameserver %s#%d for %s %s"), daemon
->namebuff
, port
, s1
, s2
);
1330 else if (new->interface
[0] != 0)
1331 my_syslog(LOG_INFO
, _("using nameserver %s#%d(via %s)"), daemon
->namebuff
, port
, new->interface
);
1333 my_syslog(LOG_INFO
, _("using nameserver %s#%d"), daemon
->namebuff
, port
);
1337 daemon
->servers
= ret
;
1340 /* Return zero if no servers found, in that case we keep polling.
1341 This is a protection against an update-time/write race on resolv.conf */
1342 int reload_servers(char *fname
)
1346 struct server
*old_servers
= NULL
;
1347 struct server
*new_servers
= NULL
;
1348 struct server
*serv
;
1351 /* buff happens to be MAXDNAME long... */
1352 if (!(f
= fopen(fname
, "r")))
1354 my_syslog(LOG_ERR
, _("failed to read %s: %s"), fname
, strerror(errno
));
1358 /* move old servers to free list - we can reuse the memory
1359 and not risk malloc if there are the same or fewer new servers.
1360 Servers which were specced on the command line go to the new list. */
1361 for (serv
= daemon
->servers
; serv
;)
1363 struct server
*tmp
= serv
->next
;
1364 if (serv
->flags
& SERV_FROM_RESOLV
)
1366 serv
->next
= old_servers
;
1368 /* forward table rules reference servers, so have to blow them away */
1373 serv
->next
= new_servers
;
1379 while ((line
= fgets(daemon
->namebuff
, MAXDNAME
, f
)))
1381 union mysockaddr addr
, source_addr
;
1382 char *token
= strtok(line
, " \t\n\r");
1386 if (strcmp(token
, "nameserver") != 0 && strcmp(token
, "server") != 0)
1388 if (!(token
= strtok(NULL
, " \t\n\r")))
1391 memset(&addr
, 0, sizeof(addr
));
1392 memset(&source_addr
, 0, sizeof(source_addr
));
1394 if ((addr
.in
.sin_addr
.s_addr
= inet_addr(token
)) != (in_addr_t
) -1)
1396 #ifdef HAVE_SOCKADDR_SA_LEN
1397 source_addr
.in
.sin_len
= addr
.in
.sin_len
= sizeof(source_addr
.in
);
1399 source_addr
.in
.sin_family
= addr
.in
.sin_family
= AF_INET
;
1400 addr
.in
.sin_port
= htons(NAMESERVER_PORT
);
1401 source_addr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
1402 source_addr
.in
.sin_port
= htons(daemon
->query_port
);
1407 int scope_index
= 0;
1408 char *scope_id
= strchr(token
, '%');
1413 scope_index
= if_nametoindex(scope_id
);
1416 if (inet_pton(AF_INET6
, token
, &addr
.in6
.sin6_addr
) > 0)
1418 #ifdef HAVE_SOCKADDR_SA_LEN
1419 source_addr
.in6
.sin6_len
= addr
.in6
.sin6_len
= sizeof(source_addr
.in6
);
1421 source_addr
.in6
.sin6_family
= addr
.in6
.sin6_family
= AF_INET6
;
1422 source_addr
.in6
.sin6_flowinfo
= addr
.in6
.sin6_flowinfo
= 0;
1423 addr
.in6
.sin6_port
= htons(NAMESERVER_PORT
);
1424 addr
.in6
.sin6_scope_id
= scope_index
;
1425 source_addr
.in6
.sin6_addr
= in6addr_any
;
1426 source_addr
.in6
.sin6_port
= htons(daemon
->query_port
);
1427 source_addr
.in6
.sin6_scope_id
= 0;
1440 old_servers
= old_servers
->next
;
1442 else if (!(serv
= whine_malloc(sizeof (struct server
))))
1445 /* this list is reverse ordered:
1446 it gets reversed again in check_servers */
1447 serv
->next
= new_servers
;
1450 serv
->source_addr
= source_addr
;
1451 serv
->domain
= NULL
;
1452 serv
->interface
[0] = 0;
1454 serv
->flags
= SERV_FROM_RESOLV
;
1455 serv
->queries
= serv
->failed_queries
= 0;
1459 /* Free any memory not used. */
1462 struct server
*tmp
= old_servers
->next
;
1467 daemon
->servers
= new_servers
;
1473 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_BSD_NETWORK)
1474 /* Called when addresses are added or deleted from an interface */
1475 void newaddress(time_t now
)
1479 if (option_bool(OPT_CLEVERBIND
) || daemon
->doing_dhcp6
|| daemon
->relay6
|| daemon
->doing_ra
)
1480 enumerate_interfaces(0);
1482 if (option_bool(OPT_CLEVERBIND
))
1483 create_bound_listeners(0);
1486 if (daemon
->doing_dhcp6
|| daemon
->relay6
|| daemon
->doing_ra
)
1489 if (daemon
->doing_dhcp6
|| daemon
->doing_ra
)
1490 dhcp_construct_contexts(now
);
1492 if (daemon
->doing_dhcp6
)
1493 lease_find_interfaces(now
);