]>
Commit | Line | Data |
---|---|---|
aff33962 | 1 | /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley |
9e4abcb5 SK |
2 | |
3 | This program is free software; you can redistribute it and/or modify | |
4 | it under the terms of the GNU General Public License as published by | |
824af85b SK |
5 | the Free Software Foundation; version 2 dated June, 1991, or |
6 | (at your option) version 3 dated 29 June, 2007. | |
7 | ||
9e4abcb5 SK |
8 | This program is distributed in the hope that it will be useful, |
9 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
11 | GNU General Public License for more details. | |
824af85b | 12 | |
73a08a24 SK |
13 | You should have received a copy of the GNU General Public License |
14 | along with this program. If not, see <http://www.gnu.org/licenses/>. | |
9e4abcb5 SK |
15 | */ |
16 | ||
208b65c5 | 17 | #define FTABSIZ 150 /* max number of outstanding requests (default) */ |
feba5c1d SK |
18 | #define MAX_PROCS 20 /* max no children for TCP requests */ |
19 | #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */ | |
25cf5e37 | 20 | #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */ |
316e2730 | 21 | #define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */ |
a77cec8d | 22 | #define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */ |
f8b422a7 | 23 | #define KEYBLOCK_LEN 40 /* choose to mininise fragmentation when storing DNSSEC keys */ |
7fa836e1 | 24 | #define DNSSEC_WORK 50 /* Max number of queries to validate one question */ |
1697269c | 25 | #define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */ |
1f15b81d | 26 | #define FORWARD_TEST 50 /* try all servers every 50 queries */ |
28866e95 | 27 | #define FORWARD_TIME 20 /* or 20 seconds */ |
1a6bca81 | 28 | #define RANDOM_SOCKS 64 /* max simultaneous random ports */ |
cdeda28f | 29 | #define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */ |
9e4abcb5 | 30 | #define CACHESIZ 150 /* default cache size */ |
28de3876 | 31 | #define TTL_FLOOR_LIMIT 3600 /* don't allow --min-cache-ttl to raise TTL above this under any circumstances */ |
316e2730 | 32 | #define MAXLEASES 1000 /* maximum number of DHCP leases */ |
5e9e0efb SK |
33 | #define PING_WAIT 3 /* wait for ping address-in-use test */ |
34 | #define PING_CACHE_TIME 30 /* Ping test assumed to be valid this long. */ | |
849a8357 | 35 | #define DECLINE_BACKOFF 600 /* disable DECLINEd static addresses for this long */ |
5e9e0efb | 36 | #define DHCP_PACKET_MAX 16384 /* hard limit on DHCP packet size */ |
1fbe4d2f SK |
37 | #define SMALLDNAME 50 /* most domain names are smaller than this */ |
38 | #define CNAME_CHAIN 10 /* chains longer than this atr dropped for loop protection */ | |
9e4abcb5 | 39 | #define HOSTSFILE "/etc/hosts" |
44a2a316 | 40 | #define ETHERSFILE "/etc/ethers" |
9e4abcb5 SK |
41 | #define DEFLEASE 3600 /* default lease time, 1 hour */ |
42 | #define CHUSER "nobody" | |
43 | #define CHGRP "dip" | |
832af0ba | 44 | #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */ |
f2621c7f | 45 | #define LOG_MAX 5 /* log-queue length */ |
1a6bca81 | 46 | #define RANDFILE "/dev/urandom" |
ad094275 | 47 | #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" /* Default - may be overridden by config */ |
3d8df260 | 48 | #define DNSMASQ_PATH "/uk/org/thekelleys/dnsmasq" |
4f7b304f SK |
49 | #define AUTH_TTL 600 /* default TTL for auth DNS */ |
50 | #define SOA_REFRESH 1200 /* SOA refresh default */ | |
51 | #define SOA_RETRY 180 /* SOA retry default */ | |
52 | #define SOA_EXPIRY 1209600 /* SOA expiry default */ | |
b5ea1cc2 SK |
53 | #define LOOP_TEST_DOMAIN "test" /* domain for loop testing, "test" is reserved by RFC 2606 and won't therefore clash */ |
54 | #define LOOP_TEST_TYPE T_TXT | |
4f7b304f | 55 | |
c72daea8 SK |
56 | /* compile-time options: uncomment below to enable or do eg. |
57 | make COPTS=-DHAVE_BROKEN_RTC | |
824af85b | 58 | |
44a2a316 | 59 | HAVE_BROKEN_RTC |
5e9e0efb SK |
60 | define this on embedded systems which don't have an RTC |
61 | which keeps time over reboots. Causes dnsmasq to use uptime | |
62 | for timing, and keep lease lengths rather than expiry times | |
63 | in its leases file. This also make dnsmasq "flash disk friendly". | |
64 | Normally, dnsmasq tries very hard to keep the on-disk leases file | |
65 | up-to-date: rewriting it after every renewal. When HAVE_BROKEN_RTC | |
66 | is in effect, the lease file is only written when a new lease is | |
67 | created, or an old one destroyed. (Because those are the only times | |
68 | it changes.) This vastly reduces the number of file writes, and makes | |
69 | it viable to keep the lease file on a flash filesystem. | |
44a2a316 SK |
70 | NOTE: when enabling or disabling this, be sure to delete any old |
71 | leases file, otherwise dnsmasq may get very confused. | |
44a2a316 | 72 | |
832af0ba SK |
73 | HAVE_TFTP |
74 | define this to get dnsmasq's built-in TFTP server. | |
75 | ||
7622fc06 | 76 | HAVE_DHCP |
c72daea8 | 77 | define this to get dnsmasq's DHCPv4 server. |
1f15b81d | 78 | |
c72daea8 SK |
79 | HAVE_DHCP6 |
80 | define this to get dnsmasq's DHCPv6 server. (implies HAVE_DHCP). | |
9e4abcb5 | 81 | |
c72daea8 SK |
82 | HAVE_SCRIPT |
83 | define this to get the ability to call scripts on lease-change. | |
9e4abcb5 | 84 | |
c72daea8 SK |
85 | HAVE_LUASCRIPT |
86 | define this to get the ability to call Lua script on lease-change. (implies HAVE_SCRIPT) | |
9e4abcb5 | 87 | |
3d8df260 | 88 | HAVE_DBUS |
572b41eb SK |
89 | define this if you want to link against libdbus, and have dnsmasq |
90 | support some methods to allow (re)configuration of the upstream DNS | |
3d8df260 SK |
91 | servers via DBus. |
92 | ||
572b41eb SK |
93 | HAVE_IDN |
94 | define this if you want international domain name support. | |
95 | NOTE: for backwards compatibility, IDN support is automatically | |
96 | included when internationalisation support is built, using the | |
97 | *-i18n makefile targets, even if HAVE_IDN is not explicitly set. | |
98 | ||
7de060b0 SK |
99 | HAVE_CONNTRACK |
100 | define this to include code which propogates conntrack marks from | |
101 | incoming DNS queries to the corresponding upstream queries. This adds | |
102 | a build-dependency on libnetfilter_conntrack, but the resulting binary will | |
103 | still run happily on a kernel without conntrack support. | |
104 | ||
13d86c73 JD |
105 | HAVE_IPSET |
106 | define this to include the ability to selectively add resolved ip addresses | |
107 | to given ipsets. | |
108 | ||
4820dce9 SK |
109 | HAVE_AUTH |
110 | define this to include the facility to act as an authoritative DNS | |
111 | server for one or more zones. | |
112 | ||
063efb33 SK |
113 | HAVE_DNSSEC |
114 | include DNSSEC validator. | |
4820dce9 | 115 | |
b5ea1cc2 SK |
116 | HAVE_LOOP |
117 | include functionality to probe for and remove DNS forwarding loops. | |
118 | ||
0491805d SK |
119 | HAVE_INOTIFY |
120 | use the Linux inotify facility to efficiently re-read configuration files. | |
b5ea1cc2 | 121 | |
c72daea8 SK |
122 | NO_IPV6 |
123 | NO_TFTP | |
124 | NO_DHCP | |
125 | NO_DHCP6 | |
126 | NO_SCRIPT | |
127 | NO_LARGEFILE | |
4820dce9 | 128 | NO_AUTH |
0491805d | 129 | NO_INOTIFY |
c72daea8 SK |
130 | these are avilable to explictly disable compile time options which would |
131 | otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or | |
132 | which are enabled by default in the distributed source tree. Building dnsmasq | |
133 | with something like "make COPTS=-DNO_SCRIPT" will do the trick. | |
134 | ||
063efb33 SK |
135 | NO_NETTLE_ECC |
136 | Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions. | |
137 | NO_GMP | |
138 | Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp. | |
139 | ||
c72daea8 SK |
140 | LEASEFILE |
141 | CONFFILE | |
142 | RESOLVFILE | |
143 | the default locations of these files are determined below, but may be overridden | |
144 | in a build command line using COPTS. | |
9e4abcb5 SK |
145 | |
146 | */ | |
147 | ||
c979fa04 SK |
148 | /* Defining this builds a binary which handles time differently and works better on a system without a |
149 | stable RTC (it uses uptime, not epoch time) and writes the DHCP leases file less often to avoid flash wear. | |
150 | */ | |
151 | ||
152 | /* #define HAVE_BROKEN_RTC */ | |
c72daea8 SK |
153 | |
154 | /* The default set of options to build. Built with these options, dnsmasq | |
155 | has no library dependencies other than libc */ | |
156 | ||
7622fc06 | 157 | #define HAVE_DHCP |
0793380b | 158 | #define HAVE_DHCP6 |
832af0ba | 159 | #define HAVE_TFTP |
1f15b81d | 160 | #define HAVE_SCRIPT |
4820dce9 | 161 | #define HAVE_AUTH |
3ddad246 | 162 | #define HAVE_IPSET |
b5ea1cc2 | 163 | #define HAVE_LOOP |
c979fa04 SK |
164 | |
165 | /* Build options which require external libraries. | |
166 | ||
167 | Defining HAVE_<opt>_STATIC as _well_ as HAVE_<opt> will link the library statically. | |
168 | ||
169 | You can use "make COPTS=-DHAVE_<opt>" instead of editing these. | |
170 | */ | |
171 | ||
c72daea8 | 172 | /* #define HAVE_LUASCRIPT */ |
309331f5 | 173 | /* #define HAVE_DBUS */ |
572b41eb | 174 | /* #define HAVE_IDN */ |
7de060b0 | 175 | /* #define HAVE_CONNTRACK */ |
65d1e3bb SK |
176 | /* #define HAVE_DNSSEC */ |
177 | ||
c72daea8 SK |
178 | |
179 | /* Default locations for important system files. */ | |
180 | ||
181 | #ifndef LEASEFILE | |
182 | # if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__) || defined(__NetBSD__) | |
183 | # define LEASEFILE "/var/db/dnsmasq.leases" | |
184 | # elif defined(__sun__) || defined (__sun) | |
185 | # define LEASEFILE "/var/cache/dnsmasq.leases" | |
186 | # elif defined(__ANDROID__) | |
187 | # define LEASEFILE "/data/misc/dhcp/dnsmasq.leases" | |
188 | # else | |
189 | # define LEASEFILE "/var/lib/misc/dnsmasq.leases" | |
190 | # endif | |
832af0ba SK |
191 | #endif |
192 | ||
c72daea8 SK |
193 | #ifndef CONFFILE |
194 | # if defined(__FreeBSD__) | |
195 | # define CONFFILE "/usr/local/etc/dnsmasq.conf" | |
196 | # else | |
197 | # define CONFFILE "/etc/dnsmasq.conf" | |
198 | # endif | |
7622fc06 SK |
199 | #endif |
200 | ||
c72daea8 SK |
201 | #ifndef RESOLVFILE |
202 | # if defined(__uClinux__) | |
203 | # define RESOLVFILE "/etc/config/resolv.conf" | |
204 | # else | |
205 | # define RESOLVFILE "/etc/resolv.conf" | |
206 | # endif | |
1f15b81d SK |
207 | #endif |
208 | ||
55d290a3 SK |
209 | #ifndef RUNFILE |
210 | # if defined(__ANDROID__) | |
211 | # define RUNFILE "/data/dnsmasq.pid" | |
212 | # else | |
213 | # define RUNFILE "/var/run/dnsmasq.pid" | |
214 | # endif | |
215 | #endif | |
1f15b81d | 216 | |
c72daea8 SK |
217 | /* platform dependent options: these are determined automatically below |
218 | ||
219 | HAVE_LINUX_NETWORK | |
220 | HAVE_BSD_NETWORK | |
221 | HAVE_SOLARIS_NETWORK | |
222 | define exactly one of these to alter interaction with kernel networking. | |
223 | ||
224 | HAVE_GETOPT_LONG | |
da632e7c | 225 | defined when GNU-style getopt_long available. |
c72daea8 | 226 | |
c72daea8 SK |
227 | HAVE_SOCKADDR_SA_LEN |
228 | defined if struct sockaddr has sa_len field (*BSD) | |
229 | */ | |
33820b7e | 230 | |
9e4abcb5 | 231 | /* Must preceed __linux__ since uClinux defines __linux__ too. */ |
e17fb629 | 232 | #if defined(__uClinux__) |
5e9e0efb | 233 | #define HAVE_LINUX_NETWORK |
9e4abcb5 | 234 | #define HAVE_GETOPT_LONG |
9e4abcb5 | 235 | #undef HAVE_SOCKADDR_SA_LEN |
59353a6b SK |
236 | /* Never use fork() on uClinux. Note that this is subtly different from the |
237 | --keep-in-foreground option, since it also suppresses forking new | |
5aabfc78 SK |
238 | processes for TCP connections and disables the call-a-script on leasechange |
239 | system. It's intended for use on MMU-less kernels. */ | |
e17fb629 SK |
240 | #define NO_FORK |
241 | ||
242 | #elif defined(__UCLIBC__) | |
5e9e0efb | 243 | #define HAVE_LINUX_NETWORK |
e17fb629 SK |
244 | #if defined(__UCLIBC_HAS_GNU_GETOPT__) || \ |
245 | ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21)) | |
246 | # define HAVE_GETOPT_LONG | |
5e9e0efb | 247 | #endif |
e17fb629 | 248 | #undef HAVE_SOCKADDR_SA_LEN |
7cebd20f | 249 | #if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__) |
9e4abcb5 SK |
250 | # define NO_FORK |
251 | #endif | |
7cebd20f SK |
252 | #if defined(__UCLIBC_HAS_IPV6__) |
253 | # ifndef IPV6_V6ONLY | |
254 | # define IPV6_V6ONLY 26 | |
255 | # endif | |
e17fb629 | 256 | #endif |
9e4abcb5 | 257 | |
9e4abcb5 SK |
258 | /* This is for glibc 2.x */ |
259 | #elif defined(__linux__) | |
5e9e0efb | 260 | #define HAVE_LINUX_NETWORK |
9e4abcb5 | 261 | #define HAVE_GETOPT_LONG |
9e4abcb5 | 262 | #undef HAVE_SOCKADDR_SA_LEN |
9e4abcb5 | 263 | |
9e038946 SK |
264 | #elif defined(__FreeBSD__) || \ |
265 | defined(__OpenBSD__) || \ | |
266 | defined(__DragonFly__) || \ | |
8ef5ada2 | 267 | defined(__FreeBSD_kernel__) |
824af85b | 268 | #define HAVE_BSD_NETWORK |
59353a6b SK |
269 | /* Later verions of FreeBSD have getopt_long() */ |
270 | #if defined(optional_argument) && defined(required_argument) | |
271 | # define HAVE_GETOPT_LONG | |
59353a6b | 272 | #endif |
9e4abcb5 | 273 | #define HAVE_SOCKADDR_SA_LEN |
9e4abcb5 SK |
274 | |
275 | #elif defined(__APPLE__) | |
824af85b | 276 | #define HAVE_BSD_NETWORK |
316e2730 | 277 | #define HAVE_GETOPT_LONG |
9e4abcb5 | 278 | #define HAVE_SOCKADDR_SA_LEN |
9e4abcb5 SK |
279 | /* Define before sys/socket.h is included so we get socklen_t */ |
280 | #define _BSD_SOCKLEN_T_ | |
6dbdc972 SK |
281 | /* Select the RFC_3542 version of the IPv6 socket API. |
282 | Define before netinet6/in6.h is included. */ | |
283 | #define __APPLE_USE_RFC_3542 | |
993f8cbb | 284 | #define NO_IPSET |
6dbdc972 | 285 | |
9e4abcb5 | 286 | #elif defined(__NetBSD__) |
824af85b | 287 | #define HAVE_BSD_NETWORK |
fd9fa481 | 288 | #define HAVE_GETOPT_LONG |
9e4abcb5 | 289 | #define HAVE_SOCKADDR_SA_LEN |
824af85b SK |
290 | |
291 | #elif defined(__sun) || defined(__sun__) | |
292 | #define HAVE_SOLARIS_NETWORK | |
7622fc06 | 293 | #define HAVE_GETOPT_LONG |
824af85b | 294 | #undef HAVE_SOCKADDR_SA_LEN |
7622fc06 SK |
295 | #define ETHER_ADDR_LEN 6 |
296 | ||
824af85b SK |
297 | #endif |
298 | ||
e17fb629 SK |
299 | /* Decide if we're going to support IPv6 */ |
300 | /* We assume that systems which don't have IPv6 | |
301 | headers don't have ntop and pton either */ | |
302 | ||
c72daea8 | 303 | #if defined(INET6_ADDRSTRLEN) && defined(IPV6_V6ONLY) |
e17fb629 SK |
304 | # define HAVE_IPV6 |
305 | # define ADDRSTRLEN INET6_ADDRSTRLEN | |
e17fb629 | 306 | #else |
b5a7ff42 SK |
307 | # if !defined(INET_ADDRSTRLEN) |
308 | # define INET_ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */ | |
309 | # endif | |
e17fb629 | 310 | # undef HAVE_IPV6 |
b5a7ff42 | 311 | # define ADDRSTRLEN INET_ADDRSTRLEN |
e17fb629 SK |
312 | #endif |
313 | ||
c72daea8 SK |
314 | |
315 | /* rules to implement compile-time option dependencies and | |
316 | the NO_XXX flags */ | |
317 | ||
318 | #ifdef NO_IPV6 | |
319 | #undef HAVE_IPV6 | |
320 | #endif | |
321 | ||
322 | #ifdef NO_TFTP | |
323 | #undef HAVE_TFTP | |
324 | #endif | |
325 | ||
326 | #ifdef NO_DHCP | |
327 | #undef HAVE_DHCP | |
328 | #undef HAVE_DHCP6 | |
329 | #endif | |
330 | ||
331 | #if defined(NO_DHCP6) || !defined(HAVE_IPV6) | |
332 | #undef HAVE_DHCP6 | |
333 | #endif | |
334 | ||
335 | /* DHCP6 needs DHCP too */ | |
336 | #ifdef HAVE_DHCP6 | |
337 | #define HAVE_DHCP | |
338 | #endif | |
339 | ||
340 | #if defined(NO_SCRIPT) || !defined(HAVE_DHCP) || defined(NO_FORK) | |
341 | #undef HAVE_SCRIPT | |
342 | #undef HAVE_LUASCRIPT | |
343 | #endif | |
344 | ||
345 | /* Must HAVE_SCRIPT to HAVE_LUASCRIPT */ | |
346 | #ifdef HAVE_LUASCRIPT | |
347 | #define HAVE_SCRIPT | |
348 | #endif | |
349 | ||
4820dce9 SK |
350 | #ifdef NO_AUTH |
351 | #undef HAVE_AUTH | |
352 | #endif | |
c72daea8 | 353 | |
c4a09376 | 354 | #if defined(NO_IPSET) |
13d86c73 JD |
355 | #undef HAVE_IPSET |
356 | #endif | |
357 | ||
b5ea1cc2 SK |
358 | #ifdef NO_LOOP |
359 | #undef HAVE_LOOP | |
360 | #endif | |
361 | ||
0491805d SK |
362 | #if defined (HAVE_LINUX_NETWORK) && !defined(NO_INOTIFY) |
363 | #define HAVE_INOTIFY | |
364 | #endif | |
365 | ||
c72daea8 SK |
366 | /* Define a string indicating which options are in use. |
367 | DNSMASQP_COMPILE_OPTS is only defined in dnsmasq.c */ | |
368 | ||
369 | #ifdef DNSMASQ_COMPILE_OPTS | |
370 | ||
371 | static char *compile_opts = | |
372 | #ifndef HAVE_IPV6 | |
373 | "no-" | |
374 | #endif | |
375 | "IPv6 " | |
376 | #ifndef HAVE_GETOPT_LONG | |
377 | "no-" | |
378 | #endif | |
379 | "GNU-getopt " | |
380 | #ifdef HAVE_BROKEN_RTC | |
381 | "no-RTC " | |
382 | #endif | |
383 | #ifdef NO_FORK | |
384 | "no-MMU " | |
385 | #endif | |
386 | #ifndef HAVE_DBUS | |
387 | "no-" | |
388 | #endif | |
389 | "DBus " | |
390 | #ifndef LOCALEDIR | |
391 | "no-" | |
392 | #endif | |
393 | "i18n " | |
394 | #if !defined(LOCALEDIR) && !defined(HAVE_IDN) | |
395 | "no-" | |
396 | #endif | |
397 | "IDN " | |
398 | #ifndef HAVE_DHCP | |
399 | "no-" | |
400 | #endif | |
401 | "DHCP " | |
402 | #if defined(HAVE_DHCP) | |
403 | # if !defined (HAVE_DHCP6) | |
404 | "no-" | |
405 | # endif | |
406 | "DHCPv6 " | |
407 | # if !defined(HAVE_SCRIPT) | |
408 | "no-scripts " | |
409 | # else | |
410 | # if !defined(HAVE_LUASCRIPT) | |
411 | "no-" | |
412 | # endif | |
413 | "Lua " | |
414 | # endif | |
415 | #endif | |
416 | #ifndef HAVE_TFTP | |
417 | "no-" | |
418 | #endif | |
419 | "TFTP " | |
420 | #ifndef HAVE_CONNTRACK | |
421 | "no-" | |
422 | #endif | |
4820dce9 | 423 | "conntrack " |
13d86c73 JD |
424 | #ifndef HAVE_IPSET |
425 | "no-" | |
426 | #endif | |
427 | "ipset " | |
4820dce9 SK |
428 | #ifndef HAVE_AUTH |
429 | "no-" | |
430 | #endif | |
0fc2f313 SK |
431 | "auth " |
432 | #ifndef HAVE_DNSSEC | |
433 | "no-" | |
434 | #endif | |
b5ea1cc2 SK |
435 | "DNSSEC " |
436 | #ifndef HAVE_LOOP | |
437 | "no-" | |
438 | #endif | |
0491805d SK |
439 | "loop-detect " |
440 | #ifndef HAVE_INOTIFY | |
441 | "no-" | |
442 | #endif | |
443 | "inotify"; | |
0fc2f313 | 444 | |
c72daea8 | 445 | |
1f15b81d SK |
446 | #endif |
447 | ||
c72daea8 SK |
448 | |
449 |