]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnsmasq.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix new poll() code for helper pipe. Removed CPU-spin.
[people/ms/dnsmasq.git] / src / dnsmasq.c
CommitLineData
aff33962 1/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
9e4abcb5
SK		 2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
824af85b
SK		 5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
9e4abcb5
SK		 8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
824af85b 12
73a08a24
SK		 13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
9e4abcb5
SK		 15*/
16
c72daea8
SK		 17/* Declare static char *compiler_opts in config.h */
18#define DNSMASQ_COMPILE_OPTS
19
9e4abcb5
SK		 20#include "dnsmasq.h"
21
5aabfc78
SK		 22struct daemon *daemon;
23
5aabfc78
SK		 24static volatile pid_t pid = 0;
25static volatile int pipewrite;
9e4abcb5 26
b842bc97
SK		 27static int set_dns_listeners(time_t now);
28static void check_dns_listeners(time_t now);
3be34541 29static void sig_handler(int sig);
5aabfc78 30static void async_event(int pipe, time_t now);
c72daea8
SK		 31static void fatal_event(struct event_desc *ev, char *msg);
32static int read_event(int fd, struct event_desc *evp, char **msg);
47a95169 33static void poll_resolv(int force, int do_reload, time_t now);
9e4abcb5
SK		 34
35int main (int argc, char **argv)
36{
de37951c 37 int bind_fallback = 0;
9009d746 38 time_t now;
9e4abcb5 39 struct sigaction sigact;
26128d27 40 struct iname *if_tmp;
1a6bca81
SK		 41 int piperead, pipefd[2], err_pipe[2];
42 struct passwd *ent_pw = NULL;
c72daea8 43#if defined(HAVE_SCRIPT)
1a6bca81
SK		 44 uid_t script_uid = 0;
45 gid_t script_gid = 0;
7622fc06
SK		 46#endif
47 struct group *gp = NULL;
5aabfc78 48 long i, max_fd = sysconf(_SC_OPEN_MAX);
1a6bca81
SK		 49 char *baduser = NULL;
50 int log_err;
51#if defined(HAVE_LINUX_NETWORK)
52 cap_user_header_t hdr = NULL;
53 cap_user_data_t data = NULL;
3b3f4411
SK		 54 char *bound_device = NULL;
55 int did_bind = 0;
1a6bca81 56#endif
408c368f 57#if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
1f776932 58 struct dhcp_context *context;
ff7eea27 59 struct dhcp_relay *relay;
408c368f 60#endif
30d0879e
ST		 61#ifdef HAVE_TFTP
62 int tftp_prefix_missing = 0;
63#endif
5aabfc78 64
824af85b 65#ifdef LOCALEDIR
b8187c80
SK		 66 setlocale(LC_ALL, "");
67 bindtextdomain("dnsmasq", LOCALEDIR);
68 textdomain("dnsmasq");
69#endif
70
9e4abcb5
SK		 71 sigact.sa_handler = sig_handler;
72 sigact.sa_flags = 0;
73 sigemptyset(&sigact.sa_mask);
74 sigaction(SIGUSR1, &sigact, NULL);
5aabfc78 75 sigaction(SIGUSR2, &sigact, NULL);
9e4abcb5
SK		 76 sigaction(SIGHUP, &sigact, NULL);
77 sigaction(SIGTERM, &sigact, NULL);
44a2a316 78 sigaction(SIGALRM, &sigact, NULL);
feba5c1d
SK		 79 sigaction(SIGCHLD, &sigact, NULL);
80
81 /* ignore SIGPIPE */
82 sigact.sa_handler = SIG_IGN;
83 sigaction(SIGPIPE, &sigact, NULL);
9e4abcb5 84
5aabfc78 85 umask(022); /* known umask, create leases and pid files as 0644 */
b5ea1cc2
SK		 86
87 rand_init(); /* Must precede read_opts() */
88
5aabfc78 89 read_opts(argc, argv, compile_opts);
c3e0b9b6 90
3be34541 91 if (daemon->edns_pktsz < PACKETSZ)
60b68069 92 daemon->edns_pktsz = PACKETSZ;
3ddacb86 93
0a852541
SK		 94 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
95 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
96 daemon->packet = safe_malloc(daemon->packet_buff_sz);
3ddacb86 97
c72daea8 98 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
25cf5e37
SK		 99 if (option_bool(OPT_EXTRALOG))
100 daemon->addrbuff2 = safe_malloc(ADDRSTRLEN);
3ddacb86
SK		 101
102#ifdef HAVE_DNSSEC
103 if (option_bool(OPT_DNSSEC_VALID))
5107ace1 104 {
cbe379ad
SK		 105 /* Note that both /000 and '.' are allowed within labels. These get
106 represented in presentation format using NAME_ESCAPE as an escape
107 character when in DNSSEC mode.
108 In theory, if all the characters in a name were /000 or
109 '.' or NAME_ESCAPE then all would have to be escaped, so the
110 presentation format would be twice as long as the spec.
111
112 daemon->namebuff was previously allocated by the option-reading
113 code before we knew if we're in DNSSEC mode, so reallocate here. */
114 free(daemon->namebuff);
115 daemon->namebuff = safe_malloc(MAXDNAME * 2);
116 daemon->keyname = safe_malloc(MAXDNAME * 2);
117 daemon->workspacename = safe_malloc(MAXDNAME * 2);
5107ace1 118 }
3ddacb86 119#endif
4f7b304f 120
7622fc06 121#ifdef HAVE_DHCP
3be34541 122 if (!daemon->lease_file)
9e4abcb5 123 {
52b92f4d 124 if (daemon->dhcp || daemon->dhcp6)
3be34541 125 daemon->lease_file = LEASEFILE;
9e4abcb5 126 }
7622fc06 127#endif
9e4abcb5 128
a2761754
SK		 129 /* Close any file descriptors we inherited apart from std{in|out|err}
130
131 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
132 otherwise file descriptors we create can end up being 0, 1, or 2
133 and then get accidentally closed later when we make 0, 1, and 2
134 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
135 but it's not guaranteed. By opening /dev/null three times, we
136 ensure that we're not using those fds for real stuff. */
5aabfc78
SK		 137 for (i = 0; i < max_fd; i++)
138 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
139 close(i);
a2761754
SK		 140 else
141 open("/dev/null", O_RDWR);
5aabfc78 142
801ca9a7
SK		 143#ifndef HAVE_LINUX_NETWORK
144# if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
28866e95 145 if (!option_bool(OPT_NOWILD))
de37951c
SK		 146 {
147 bind_fallback = 1;
28866e95 148 set_option_bool(OPT_NOWILD);
de37951c 149 }
801ca9a7 150# endif
2b5bae9a
SK		 151
152 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
54dd393f 153 if (option_bool(OPT_CLEVERBIND))
2b5bae9a
SK		 154 {
155 bind_fallback = 1;
156 set_option_bool(OPT_NOWILD);
236e072c 157 reset_option_bool(OPT_CLEVERBIND);
2b5bae9a 158 }
0491805d 159#endif
5f4dc5c6 160
0491805d 161#ifndef HAVE_INOTIFY
70d1873d
SK		 162 if (daemon->dynamic_dirs)
163 die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL, EC_BADCONF);
309331f5 164#endif
2b5bae9a 165
0744ca66
SK		 166 if (option_bool(OPT_DNSSEC_VALID))
167 {
3ddacb86 168#ifdef HAVE_DNSSEC
ee415867 169 if (!daemon->ds)
360f2513 170 die(_("no trust anchors provided for DNSSEC"), NULL, EC_BADCONF);
0744ca66
SK		 171
172 if (daemon->cachesize < CACHESIZ)
360f2513 173 die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
0744ca66
SK		 174#else
175 die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
3ddacb86 176#endif
0744ca66 177 }
3ddacb86 178
832af0ba 179#ifndef HAVE_TFTP
9b40cbf5 180 if (option_bool(OPT_TFTP))
5aabfc78 181 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
832af0ba
SK		 182#endif
183
7de060b0
SK		 184#ifdef HAVE_CONNTRACK
185 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
360f2513 186 die (_("cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
7de060b0
SK		 187#else
188 if (option_bool(OPT_CONNTRACK))
360f2513 189 die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
7de060b0
SK		 190#endif
191
824af85b
SK		 192#ifdef HAVE_SOLARIS_NETWORK
193 if (daemon->max_logs != 0)
194 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
195#endif
196
572b41eb
SK		 197#ifdef __ANDROID__
198 if (daemon->max_logs != 0)
199 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
200#endif
201
4820dce9
SK		 202#ifndef HAVE_AUTH
203 if (daemon->authserver)
204 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
205#endif
206
b5ea1cc2
SK		 207#ifndef HAVE_LOOP
208 if (option_bool(OPT_LOOP_DETECT))
360f2513 209 die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF);
b5ea1cc2 210#endif
1a6bca81 211
5aabfc78 212 now = dnsmasq_time();
4f7b304f 213
b0ff858e 214 /* Create a serial at startup if not configured. */
4f7b304f
SK		 215 if (daemon->authinterface && daemon->soa_sn == 0)
216#ifdef HAVE_BROKEN_RTC
b0ff858e 217 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
4f7b304f
SK		 218#else
219 daemon->soa_sn = now;
220#endif
5aabfc78 221
ff7eea27
SK		 222#ifdef HAVE_DHCP6
223 if (daemon->dhcp6)
224 {
225 daemon->doing_ra = option_bool(OPT_RA);
1f776932 226
ff7eea27 227 for (context = daemon->dhcp6; context; context = context->next)
1f776932 228 {
ff7eea27
SK		 229 if (context->flags & CONTEXT_DHCP)
230 daemon->doing_dhcp6 = 1;
231 if (context->flags & CONTEXT_RA)
232 daemon->doing_ra = 1;
1ee9be4c 233#if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK)
ff7eea27
SK		 234 if (context->flags & CONTEXT_TEMPLATE)
235 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
bb86e858 236#endif
1f776932 237 }
ff7eea27
SK		 238 }
239#endif
240
241#ifdef HAVE_DHCP
242 /* Note that order matters here, we must call lease_init before
243 creating any file descriptors which shouldn't be leaked
244 to the lease-script init process. We need to call common_init
245 before lease_init to allocate buffers it uses.*/
246 if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6)
247 {
248 dhcp_common_init();
1f776932 249 if (daemon->dhcp || daemon->doing_dhcp6)
ff7eea27
SK		 250 lease_init(now);
251 }
252
253 if (daemon->dhcp || daemon->relay4)
254 dhcp_init();
255
843c96b4 256# ifdef HAVE_DHCP6
89500e31 257 if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6)
ff7eea27
SK		 258 ra_init(now);
259
260 if (daemon->doing_dhcp6 || daemon->relay6)
261 dhcp6_init();
801ca9a7
SK		 262# endif
263
264#endif
265
13d86c73
JD		 266#ifdef HAVE_IPSET
267 if (daemon->ipsets)
268 ipset_init();
269#endif
270
1ee9be4c 271#if defined(HAVE_LINUX_NETWORK)
801ca9a7 272 netlink_init();
1ee9be4c
SK		 273#elif defined(HAVE_BSD_NETWORK)
274 route_init();
801ca9a7
SK		 275#endif
276
1ee9be4c
SK		 277 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
278 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
279
115ac3e4 280 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
5aabfc78 281 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
843c96b4 282
54dd393f 283 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
de37951c 284 {
74c95c25 285 create_bound_listeners(1);
54dd393f
SK		 286
287 if (!option_bool(OPT_CLEVERBIND))
288 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
289 if (if_tmp->name && !if_tmp->used)
290 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
9380ba70
SK		 291
292#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
293 /* after enumerate_interfaces() */
3b3f4411
SK		 294 bound_device = whichdevice();
295
9380ba70
SK		 296 if (daemon->dhcp)
297 {
3b3f4411
SK		 298 if (!daemon->relay4 && bound_device)
299 {
300 bindtodevice(bound_device, daemon->dhcpfd);
301 did_bind = 1;
302 }
303 if (daemon->enable_pxe && bound_device)
304 {
305 bindtodevice(bound_device, daemon->pxefd);
306 did_bind = 1;
307 }
9380ba70
SK		 308 }
309#endif
310
311#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
3b3f4411
SK		 312 if (daemon->doing_dhcp6 && !daemon->relay6 && bound_device)
313 {
314 bindtodevice(bound_device, daemon->dhcp6fd);
315 did_bind = 1;
316 }
9380ba70 317#endif
de37951c 318 }
28866e95 319 else
74c95c25 320 create_wildcard_listeners();
5d162f20
SK		 321
322#ifdef HAVE_DHCP6
323 /* after enumerate_interfaces() */
ff7eea27 324 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
5d162f20 325 join_multicast(1);
3511a928
SK		 326
327 /* After netlink_init() and before create_helper() */
328 lease_make_duid(now);
5d162f20 329#endif
de37951c 330
824af85b 331 if (daemon->port != 0)
82e3f45a
SK		 332 {
333 cache_init();
193de4ab 334
82e3f45a
SK		 335#ifdef HAVE_DNSSEC
336 blockdata_init();
337#endif
5f4dc5c6 338 }
193de4ab 339
0491805d 340#ifdef HAVE_INOTIFY
70d1873d 341 if (daemon->port != 0 || daemon->dhcp || daemon->doing_dhcp6)
5f4dc5c6
SK		 342 inotify_dnsmasq_init();
343 else
344 daemon->inotifyfd = -1;
193de4ab 345#endif
5f4dc5c6 346
28866e95 347 if (option_bool(OPT_DBUS))
3d8df260
SK		 348#ifdef HAVE_DBUS
349 {
350 char *err;
351 daemon->dbus = NULL;
352 daemon->watches = NULL;
5aabfc78
SK		 353 if ((err = dbus_init()))
354 die(_("DBus error: %s"), err, EC_MISC);
3d8df260
SK		 355 }
356#else
5aabfc78 357 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
3d8df260 358#endif
7aa970e2 359
824af85b
SK		 360 if (daemon->port != 0)
361 pre_allocate_sfds();
1a6bca81 362
c72daea8 363#if defined(HAVE_SCRIPT)
1a6bca81 364 /* Note getpwnam returns static storage */
843c96b4
SK		 365 if ((daemon->dhcp || daemon->dhcp6) &&
366 daemon->scriptuser &&
c72daea8 367 (daemon->lease_change_command || daemon->luascript))
1a6bca81
SK		 368 {
369 if ((ent_pw = getpwnam(daemon->scriptuser)))
370 {
371 script_uid = ent_pw->pw_uid;
372 script_gid = ent_pw->pw_gid;
373 }
374 else
375 baduser = daemon->scriptuser;
376 }
7622fc06 377#endif
9e4abcb5 378
1a6bca81
SK		 379 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
380 baduser = daemon->username;
381 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
382 baduser = daemon->groupname;
383
384 if (baduser)
385 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
f6e62e2a 386
1a6bca81
SK		 387 /* implement group defaults, "dip" if available, or group associated with uid */
388 if (!daemon->group_set && !gp)
389 {
390 if (!(gp = getgrnam(CHGRP)) && ent_pw)
391 gp = getgrgid(ent_pw->pw_gid);
392
393 /* for error message */
394 if (gp)
395 daemon->groupname = gp->gr_name;
396 }
397
398#if defined(HAVE_LINUX_NETWORK)
399 /* determine capability API version here, while we can still
400 call safe_malloc */
401 if (ent_pw && ent_pw->pw_uid != 0)
402 {
1a6bca81 403 int capsize = 1; /* for header version 1 */
3927da46
SK		 404 hdr = safe_malloc(sizeof(*hdr));
405
1a6bca81
SK		 406 /* find version supported by kernel */
407 memset(hdr, 0, sizeof(*hdr));
408 capget(hdr, NULL);
409
410 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
411 {
412 /* if unknown version, use largest supported version (3) */
413 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
414 hdr->version = LINUX_CAPABILITY_VERSION_3;
415 capsize = 2;
416 }
417
418 data = safe_malloc(sizeof(*data) * capsize);
419 memset(data, 0, sizeof(*data) * capsize);
420 }
421#endif
422
5aabfc78 423 /* Use a pipe to carry signals and other events back to the event loop
1a6bca81
SK		 424 in a race-free manner and another to carry errors to daemon-invoking process */
425 safe_pipe(pipefd, 1);
5e9e0efb
SK		 426
427 piperead = pipefd[0];
428 pipewrite = pipefd[1];
429 /* prime the pipe to load stuff first time. */
e98bd52e 430 send_event(pipewrite, EVENT_INIT, 0, NULL);
1a6bca81
SK		 431
432 err_pipe[1] = -1;
1697269c 433
28866e95 434 if (!option_bool(OPT_DEBUG))
9e4abcb5 435 {
9e4abcb5
SK		 436 /* The following code "daemonizes" the process.
437 See Stevens section 12.4 */
1a6bca81 438
9e038946
SK		 439 if (chdir("/") != 0)
440 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
441
1697269c 442#ifndef NO_FORK
28866e95 443 if (!option_bool(OPT_NO_FORK))
3be34541 444 {
5aabfc78 445 pid_t pid;
3be34541 446
1a6bca81
SK		 447 /* pipe to carry errors back to original process.
448 When startup is complete we close this and the process terminates. */
449 safe_pipe(err_pipe, 0);
450
7622fc06
SK		 451 if ((pid = fork()) == -1)
452 /* fd == -1 since we've not forked, never returns. */
c72daea8 453 send_event(-1, EVENT_FORK_ERR, errno, NULL);
9e038946 454
5aabfc78 455 if (pid != 0)
1a6bca81
SK		 456 {
457 struct event_desc ev;
c72daea8
SK		 458 char *msg;
459
1a6bca81 460 /* close our copy of write-end */
ff841ebf 461 while (retry_send(close(err_pipe[1])));
1a6bca81
SK		 462
463 /* check for errors after the fork */
c72daea8
SK		 464 if (read_event(err_pipe[0], &ev, &msg))
465 fatal_event(&ev, msg);
1a6bca81
SK		 466
467 _exit(EC_GOOD);
468 }
469
ff841ebf 470 while (retry_send(close(err_pipe[0])));
1a6bca81
SK		 471
472 /* NO calls to die() from here on. */
3be34541 473
5aabfc78 474 setsid();
7622fc06
SK		 475
476 if ((pid = fork()) == -1)
c72daea8 477 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
7622fc06
SK		 478
479 if (pid != 0)
7cebd20f 480 _exit(0);
3be34541 481 }
9e4abcb5 482#endif
9e038946 483
9e4abcb5 484 /* write pidfile _after_ forking ! */
1a6bca81
SK		 485 if (daemon->runfile)
486 {
79cfefd8
SK		 487 int fd, err = 0;
488
489 sprintf(daemon->namebuff, "%d\n", (int) getpid());
490
491 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
492 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
493 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
494 extent that an attacker running as the unprivileged user could replace the pidfile with a
495 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
496
497 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
498 ensuring that the open() fails should there be any existing file (because the unlink() failed,
499 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
500 attack can succeed.
501
502 Any compromise of the non-privileged user still theoretically allows the pid-file to be
503 replaced whilst dnsmasq is running. The worst that could allow is that the usual
504 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
505
506 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
507 failure to write the pid-file.
508 */
509
510 unlink(daemon->runfile);
1a6bca81 511
79cfefd8 512 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
1a6bca81 513 {
79cfefd8
SK		 514 /* only complain if started as root */
515 if (getuid() == 0)
516 err = 1;
1a6bca81 517 }
79cfefd8
SK		 518 else
519 {
520 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
521 err = 1;
ff841ebf
SK		 522 else
523 {
524 while (retry_send(close(fd)));
525 if (errno != 0)
526 err = 1;
527 }
79cfefd8
SK		 528 }
529
530 if (err)
1a6bca81 531 {
c72daea8 532 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
1a6bca81
SK		 533 _exit(0);
534 }
9e4abcb5 535 }
1697269c
SK		 536 }
537
8ef5ada2
SK		 538 log_err = log_start(ent_pw, err_pipe[1]);
539
28866e95 540 if (!option_bool(OPT_DEBUG))
8ef5ada2
SK		 541 {
542 /* open stdout etc to /dev/null */
543 int nullfd = open("/dev/null", O_RDWR);
544 dup2(nullfd, STDOUT_FILENO);
545 dup2(nullfd, STDERR_FILENO);
546 dup2(nullfd, STDIN_FILENO);
547 close(nullfd);
548 }
1a6bca81
SK		 549
550 /* if we are to run scripts, we need to fork a helper before dropping root. */
551 daemon->helperfd = -1;
c72daea8 552#ifdef HAVE_SCRIPT
52b92f4d 553 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
1a6bca81 554 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
5aabfc78 555#endif
5aabfc78 556
28866e95 557 if (!option_bool(OPT_DEBUG) && getuid() == 0)
1697269c 558 {
1a6bca81
SK		 559 int bad_capabilities = 0;
560 gid_t dummy;
561
562 /* remove all supplimentary groups */
563 if (gp &&
564 (setgroups(0, &dummy) == -1 ||
565 setgid(gp->gr_gid) == -1))
9e4abcb5 566 {
c72daea8 567 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
1a6bca81 568 _exit(0);
7cebd20f 569 }
1a6bca81 570
7cebd20f 571 if (ent_pw && ent_pw->pw_uid != 0)
1697269c 572 {
74c95c25 573#if defined(HAVE_LINUX_NETWORK)
1697269c 574 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
74c95c25 575 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
54dd393f
SK		 576 ports because of DAD, or we're doing it dynamically,
577 we need CAP_NET_BIND_SERVICE too. */
578 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
74c95c25
SK		 579 data->effective = data->permitted = data->inheritable =
580 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
581 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
582 else
583 data->effective = data->permitted = data->inheritable =
584 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
5e9e0efb 585
1697269c 586 /* Tell kernel to not clear capabilities when dropping root */
572b41eb 587 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
1697269c 588 bad_capabilities = errno;
1a6bca81 589
7622fc06 590#elif defined(HAVE_SOLARIS_NETWORK)
824af85b
SK		 591 /* http://developers.sun.com/solaris/articles/program_privileges.html */
592 priv_set_t *priv_set;
593
594 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
595 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
596 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
597 bad_capabilities = errno;
598
599 if (priv_set && bad_capabilities == 0)
600 {
601 priv_inverse(priv_set);
602
603 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
604 bad_capabilities = errno;
605 }
606
607 if (priv_set)
608 priv_freeset(priv_set);
609
824af85b
SK		 610#endif
611
1a6bca81 612 if (bad_capabilities != 0)
1697269c 613 {
c72daea8 614 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
1a6bca81
SK		 615 _exit(0);
616 }
617
618 /* finally drop root */
619 if (setuid(ent_pw->pw_uid) == -1)
620 {
c72daea8 621 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
1a6bca81
SK		 622 _exit(0);
623 }
624
1697269c 625#ifdef HAVE_LINUX_NETWORK
54dd393f 626 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
74c95c25
SK		 627 data->effective = data->permitted =
628 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
629 else
630 data->effective = data->permitted =
631 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
1a6bca81
SK		 632 data->inheritable = 0;
633
634 /* lose the setuid and setgid capbilities */
635 if (capset(hdr, data) == -1)
636 {
c72daea8 637 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
1a6bca81 638 _exit(0);
1697269c 639 }
1a6bca81
SK		 640#endif
641
9e4abcb5
SK		 642 }
643 }
1697269c 644
1697269c 645#ifdef HAVE_LINUX_NETWORK
28b879ac
CW		 646 free(hdr);
647 free(data);
28866e95 648 if (option_bool(OPT_DEBUG))
572b41eb 649 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
1697269c 650#endif
9e4abcb5 651
8b3ae2fd 652#ifdef HAVE_TFTP
30d0879e 653 if (option_bool(OPT_TFTP))
8b3ae2fd
SK		 654 {
655 DIR *dir;
656 struct tftp_prefix *p;
657
658 if (daemon->tftp_prefix)
659 {
660 if (!((dir = opendir(daemon->tftp_prefix))))
661 {
30d0879e
ST		 662 tftp_prefix_missing = 1;
663 if (!option_bool(OPT_TFTP_NO_FAIL))
664 {
665 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
666 _exit(0);
667 }
8b3ae2fd 668 }
b4c0f092
ST		 669 else
670 closedir(dir);
8b3ae2fd 671 }
7aa970e2 672
8b3ae2fd
SK		 673 for (p = daemon->if_prefix; p; p = p->next)
674 {
30d0879e 675 p->missing = 0;
8b3ae2fd 676 if (!((dir = opendir(p->prefix))))
30d0879e
ST		 677 {
678 p->missing = 1;
679 if (!option_bool(OPT_TFTP_NO_FAIL))
680 {
681 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
682 _exit(0);
683 }
7aa970e2 684 }
b4c0f092
ST		 685 else
686 closedir(dir);
8b3ae2fd
SK		 687 }
688 }
689#endif
7aa970e2 690
824af85b
SK		 691 if (daemon->port == 0)
692 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
693 else if (daemon->cachesize != 0)
f2621c7f 694 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
9e4abcb5 695 else
f2621c7f 696 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
1697269c 697
f2621c7f 698 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
1697269c 699
3d8df260 700#ifdef HAVE_DBUS
28866e95 701 if (option_bool(OPT_DBUS))
3d8df260
SK		 702 {
703 if (daemon->dbus)
f2621c7f 704 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
3d8df260 705 else
f2621c7f 706 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
3d8df260
SK		 707 }
708#endif
1a9a3489
SK		 709
710 if (option_bool(OPT_LOCAL_SERVICE))
711 my_syslog(LOG_INFO, _("DNS service limited to local subnets"));
db737466 712
1d97ac4f 713#ifdef HAVE_DNSSEC
db737466 714 if (option_bool(OPT_DNSSEC_VALID))
e98bd52e 715 {
360f2513
SK		 716 int rc;
717
718 /* Delay creating the timestamp file until here, after we've changed user, so that
719 it has the correct owner to allow updating the mtime later.
720 This means we have to report fatal errors via the pipe. */
721 if ((rc = setup_timestamp()) == -1)
722 {
723 send_event(err_pipe[1], EVENT_TIME_ERR, errno, daemon->timestamp_file);
724 _exit(0);
725 }
726
e98bd52e 727 my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
360f2513 728
e98bd52e
SK		 729 if (option_bool(OPT_DNSSEC_TIME))
730 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
360f2513
SK		 731
732 if (rc == 1)
f6e62e2a 733 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid"));
e98bd52e 734 }
db737466 735#endif
3d8df260 736
1a6bca81
SK		 737 if (log_err != 0)
738 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
739 daemon->log_file, strerror(log_err));
db737466 740
de37951c 741 if (bind_fallback)
f2621c7f 742 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
dc27e148 743
f7029f5c
SK		 744 if (option_bool(OPT_NOWILD))
745 warn_bound_listeners();
746
747 warn_int_names();
de37951c 748
28866e95 749 if (!option_bool(OPT_NOWILD))
26128d27
SK		 750 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
751 if (if_tmp->name && !if_tmp->used)
f2621c7f 752 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
5e9e0efb 753
28866e95 754 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
208b65c5
SK		 755 {
756 if (daemon->resolv_files && !daemon->resolv_files->is_default)
f2621c7f 757 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
208b65c5 758 daemon->resolv_files = NULL;
1b7ecd11 759 if (!daemon->servers)
f2621c7f 760 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
208b65c5
SK		 761 }
762
f2621c7f
SK		 763 if (daemon->max_logs != 0)
764 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
1f776932 765
f2621c7f 766
7622fc06 767#ifdef HAVE_DHCP
1f776932
SK		 768 for (context = daemon->dhcp; context; context = context->next)
769 log_context(AF_INET, context);
52b92f4d 770
ff7eea27
SK		 771 for (relay = daemon->relay4; relay; relay = relay->next)
772 log_relay(AF_INET, relay);
773
1f776932
SK		 774# ifdef HAVE_DHCP6
775 for (context = daemon->dhcp6; context; context = context->next)
776 log_context(AF_INET6, context);
777
ff7eea27
SK		 778 for (relay = daemon->relay6; relay; relay = relay->next)
779 log_relay(AF_INET6, relay);
780
1f776932
SK		 781 if (daemon->doing_dhcp6 || daemon->doing_ra)
782 dhcp_construct_contexts(now);
783
784 if (option_bool(OPT_RA))
785 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
786# endif
26128d27 787
3b3f4411
SK		 788# ifdef HAVE_LINUX_NETWORK
789 if (did_bind)
790 my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device);
791# endif
792
8445f5d2
SK		 793 /* after dhcp_contruct_contexts */
794 if (daemon->dhcp || daemon->doing_dhcp6)
795 lease_find_interfaces(now);
1f776932 796#endif
52b92f4d 797
832af0ba 798#ifdef HAVE_TFTP
5f4dc5c6 799 if (option_bool(OPT_TFTP))
7aa970e2 800 {
30d0879e 801 struct tftp_prefix *p;
832af0ba 802
7622fc06 803 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
f2621c7f
SK		 804 daemon->tftp_prefix ? _("root is ") : _("enabled"),
805 daemon->tftp_prefix ? daemon->tftp_prefix: "",
28866e95 806 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
7aa970e2 807
30d0879e
ST		 808 if (tftp_prefix_missing)
809 my_syslog(MS_TFTP | LOG_WARNING, _("warning: %s inaccessible"), daemon->tftp_prefix);
7aa970e2 810
30d0879e
ST		 811 for (p = daemon->if_prefix; p; p = p->next)
812 if (p->missing)
813 my_syslog(MS_TFTP | LOG_WARNING, _("warning: TFTP directory %s inaccessible"), p->prefix);
814
832af0ba 815 /* This is a guess, it assumes that for small limits,
f2621c7f 816 disjoint files might be served, but for large limits,
832af0ba
SK		 817 a single file will be sent to may clients (the file only needs
818 one fd). */
819
820 max_fd -= 30; /* use other than TFTP */
821
822 if (max_fd < 0)
823 max_fd = 5;
824 else if (max_fd < 100)
825 max_fd = max_fd/2;
826 else
827 max_fd = max_fd - 20;
824af85b
SK		 828
829 /* if we have to use a limited range of ports,
830 that will limit the number of transfers */
831 if (daemon->start_tftp_port != 0 &&
832 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
833 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
832af0ba
SK		 834
835 if (daemon->tftp_max > max_fd)
836 {
837 daemon->tftp_max = max_fd;
7622fc06 838 my_syslog(MS_TFTP | LOG_WARNING,
f2621c7f
SK		 839 _("restricting maximum simultaneous TFTP transfers to %d"),
840 daemon->tftp_max);
832af0ba
SK		 841 }
842 }
843#endif
844
1a6bca81
SK		 845 /* finished start-up - release original process */
846 if (err_pipe[1] != -1)
ff841ebf 847 while (retry_send(close(err_pipe[1])));
9e4abcb5 848
824af85b
SK		 849 if (daemon->port != 0)
850 check_servers();
851
7cebd20f
SK		 852 pid = getpid();
853
0491805d 854#ifdef HAVE_INOTIFY
193de4ab
SK		 855 /* Using inotify, have to select a resolv file at startup */
856 poll_resolv(1, 0, now);
857#endif
858
5e9e0efb 859 while (1)
9e4abcb5 860 {
b842bc97 861 int t, timeout = -1;
9e4abcb5 862
b842bc97 863 poll_reset();
9e4abcb5 864
1697269c
SK		 865 /* if we are out of resources, find how long we have to wait
866 for some to come free, we'll loop around then and restart
867 listening for queries */
b842bc97
SK		 868 if ((t = set_dns_listeners(now)) != 0)
869 timeout = t * 1000;
1697269c 870
832af0ba
SK		 871 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
872 if (daemon->tftp_trans ||
28866e95 873 (option_bool(OPT_DBUS) && !daemon->dbus))
b842bc97
SK		 874 timeout = 250;
875
74c95c25
SK		 876 /* Wake every second whilst waiting for DAD to complete */
877 else if (is_dad_listeners())
b842bc97 878 timeout = 1000;
44a2a316 879
832af0ba 880#ifdef HAVE_DBUS
b842bc97 881 set_dbus_listeners();
5e9e0efb
SK		 882#endif
883
7622fc06 884#ifdef HAVE_DHCP
ff7eea27 885 if (daemon->dhcp || daemon->relay4)
5e9e0efb 886 {
b842bc97 887 poll_listen(daemon->dhcpfd, POLLIN);
316e2730 888 if (daemon->pxefd != -1)
b842bc97 889 poll_listen(daemon->pxefd, POLLIN);
5e9e0efb 890 }
7622fc06 891#endif
cdeda28f 892
52b92f4d 893#ifdef HAVE_DHCP6
ff7eea27 894 if (daemon->doing_dhcp6 || daemon->relay6)
b842bc97 895 poll_listen(daemon->dhcp6fd, POLLIN);
f6d69562 896
1f776932 897 if (daemon->doing_ra)
b842bc97 898 poll_listen(daemon->icmp6fd, POLLIN);
52b92f4d 899#endif
0491805d
SK		 900
901#ifdef HAVE_INOTIFY
5f4dc5c6 902 if (daemon->inotifyfd != -1)
b842bc97 903 poll_listen(daemon->inotifyfd, POLLIN);
0491805d
SK		 904#endif
905
906#if defined(HAVE_LINUX_NETWORK)
b842bc97 907 poll_listen(daemon->netlinkfd, POLLIN);
1ee9be4c 908#elif defined(HAVE_BSD_NETWORK)
b842bc97 909 poll_listen(daemon->routefd, POLLIN);
3d8df260 910#endif
193de4ab 911
b842bc97 912 poll_listen(piperead, POLLIN);
1697269c 913
7622fc06 914#ifdef HAVE_DHCP
1f15b81d 915# ifdef HAVE_SCRIPT
5aabfc78 916 while (helper_buf_empty() && do_script_run(now));
1697269c 917
a9530964
SK		 918# ifdef HAVE_TFTP
919 while (helper_buf_empty() && do_tftp_script_run());
920# endif
921
1697269c 922 if (!helper_buf_empty())
b842bc97 923 poll_listen(daemon->helperfd, POLLOUT);
7622fc06 924# else
5aabfc78
SK		 925 /* need this for other side-effects */
926 while (do_script_run(now));
a9530964
SK		 927
928# ifdef HAVE_TFTP
929 while (do_tftp_script_run());
930# endif
931
7622fc06 932# endif
5aabfc78 933#endif
7622fc06 934
f2621c7f
SK		 935 /* must do this just before select(), when we know no
936 more calls to my_syslog() can occur */
b842bc97
SK		 937 set_log_writer();
938
939 if (do_poll(timeout) < 0)
940 continue;
f2621c7f 941
5e9e0efb 942 now = dnsmasq_time();
9e4abcb5 943
b842bc97 944 check_log_writer(0);
115ac3e4
SK		 945
946 /* prime. */
947 enumerate_interfaces(1);
948
74c95c25
SK		 949 /* Check the interfaces to see if any have exited DAD state
950 and if so, bind the address. */
951 if (is_dad_listeners())
952 {
115ac3e4 953 enumerate_interfaces(0);
74c95c25
SK		 954 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
955 create_bound_listeners(0);
dc27e148 956 warn_bound_listeners();
74c95c25 957 }
f2621c7f 958
1ee9be4c 959#if defined(HAVE_LINUX_NETWORK)
b842bc97 960 if (poll_check(daemon->netlinkfd, POLLIN))
a0358e5d 961 netlink_multicast();
1ee9be4c 962#elif defined(HAVE_BSD_NETWORK)
b842bc97 963 if (poll_check(daemon->routefd, POLLIN))
a0358e5d 964 route_sock();
c52e1897
SK		 965#endif
966
0491805d 967#ifdef HAVE_INOTIFY
b842bc97 968 if (daemon->inotifyfd != -1 && poll_check(daemon->inotifyfd, POLLIN) && inotify_check(now))
5f4dc5c6
SK		 969 {
970 if (daemon->port != 0 && !option_bool(OPT_NO_POLL))
971 poll_resolv(1, 1, now);
972 }
193de4ab 973#else
9e4abcb5 974 /* Check for changes to resolv files once per second max. */
3d8df260 975 /* Don't go silent for long periods if the clock goes backwards. */
9009d746
SK		 976 if (daemon->last_resolv == 0 ||
977 difftime(now, daemon->last_resolv) > 1.0 ||
978 difftime(now, daemon->last_resolv) < -1.0)
9e4abcb5 979 {
8ef5ada2
SK		 980 /* poll_resolv doesn't need to reload first time through, since
981 that's queued anyway. */
33820b7e 982
8ef5ada2
SK		 983 poll_resolv(0, daemon->last_resolv != 0, now);
984 daemon->last_resolv = now;
9e4abcb5 985 }
193de4ab
SK		 986#endif
987
b842bc97 988 if (poll_check(piperead, POLLIN))
5aabfc78 989 async_event(piperead, now);
7cebd20f 990
3d8df260
SK		 991#ifdef HAVE_DBUS
992 /* if we didn't create a DBus connection, retry now. */
28866e95 993 if (option_bool(OPT_DBUS) && !daemon->dbus)
3d8df260
SK		 994 {
995 char *err;
5aabfc78 996 if ((err = dbus_init()))
f2621c7f 997 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
3d8df260 998 if (daemon->dbus)
f2621c7f 999 my_syslog(LOG_INFO, _("connected to system DBus"));
3d8df260 1000 }
b842bc97 1001 check_dbus_listeners();
3d8df260 1002#endif
824af85b 1003
b842bc97 1004 check_dns_listeners(now);
832af0ba
SK		 1005
1006#ifdef HAVE_TFTP
b842bc97 1007 check_tftp_listeners(now);
832af0ba
SK		 1008#endif
1009
7622fc06 1010#ifdef HAVE_DHCP
ff7eea27 1011 if (daemon->dhcp || daemon->relay4)
316e2730 1012 {
b842bc97 1013 if (poll_check(daemon->dhcpfd, POLLIN))
316e2730 1014 dhcp_packet(now, 0);
b842bc97 1015 if (daemon->pxefd != -1 && poll_check(daemon->pxefd, POLLIN))
316e2730
SK		 1016 dhcp_packet(now, 1);
1017 }
1697269c 1018
52b92f4d 1019#ifdef HAVE_DHCP6
b842bc97 1020 if ((daemon->doing_dhcp6 || daemon->relay6) && poll_check(daemon->dhcp6fd, POLLIN))
18c63eff 1021 dhcp6_packet(now);
c5ad4e79 1022
b842bc97 1023 if (daemon->doing_ra && poll_check(daemon->icmp6fd, POLLIN))
1f776932 1024 icmp6_packet(now);
52b92f4d
SK		 1025#endif
1026
1f15b81d 1027# ifdef HAVE_SCRIPT
63ec5d12 1028 if (daemon->helperfd != -1 && poll_check(daemon->helperfd, POLLOUT))
5aabfc78 1029 helper_write();
7622fc06 1030# endif
5aabfc78
SK		 1031#endif
1032
9e4abcb5 1033 }
9e4abcb5
SK		 1034}
1035
3be34541
SK		 1036static void sig_handler(int sig)
1037{
5e9e0efb 1038 if (pid == 0)
3be34541 1039 {
1697269c
SK		 1040 /* ignore anything other than TERM during startup
1041 and in helper proc. (helper ignore TERM too) */
5e9e0efb 1042 if (sig == SIGTERM)
5aabfc78 1043 exit(EC_MISC);
3be34541 1044 }
5aabfc78 1045 else if (pid != getpid())
5e9e0efb 1046 {
1697269c 1047 /* alarm is used to kill TCP children after a fixed time. */
5e9e0efb 1048 if (sig == SIGALRM)
7cebd20f 1049 _exit(0);
3be34541 1050 }
5aabfc78
SK		 1051 else
1052 {
1053 /* master process */
1054 int event, errsave = errno;
1055
1056 if (sig == SIGHUP)
1057 event = EVENT_RELOAD;
1058 else if (sig == SIGCHLD)
1059 event = EVENT_CHILD;
1060 else if (sig == SIGALRM)
1061 event = EVENT_ALARM;
1062 else if (sig == SIGTERM)
1063 event = EVENT_TERM;
1064 else if (sig == SIGUSR1)
1065 event = EVENT_DUMP;
1066 else if (sig == SIGUSR2)
1067 event = EVENT_REOPEN;
1068 else
1069 return;
1070
c72daea8 1071 send_event(pipewrite, event, 0, NULL);
5aabfc78
SK		 1072 errno = errsave;
1073 }
1074}
1075
353ae4d2
SK		 1076/* now == 0 -> queue immediate callback */
1077void send_alarm(time_t event, time_t now)
741c2952 1078{
884a6dfe 1079 if (now == 0 || event != 0)
353ae4d2 1080 {
884a6dfe
SK		 1081 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1082 if ((now == 0 || difftime(event, now) <= 0.0))
1083 send_event(pipewrite, EVENT_ALARM, 0, NULL);
1084 else
1085 alarm((unsigned)difftime(event, now));
353ae4d2 1086 }
741c2952
SK		 1087}
1088
47a95169 1089void queue_event(int event)
a0358e5d 1090{
47a95169 1091 send_event(pipewrite, event, 0, NULL);
a0358e5d
SK		 1092}
1093
c72daea8 1094void send_event(int fd, int event, int data, char *msg)
5aabfc78
SK		 1095{
1096 struct event_desc ev;
c72daea8
SK		 1097 struct iovec iov[2];
1098
5aabfc78
SK		 1099 ev.event = event;
1100 ev.data = data;
c72daea8
SK		 1101 ev.msg_sz = msg ? strlen(msg) : 0;
1102
1103 iov[0].iov_base = &ev;
1104 iov[0].iov_len = sizeof(ev);
1105 iov[1].iov_base = msg;
1106 iov[1].iov_len = ev.msg_sz;
1a6bca81
SK		 1107
1108 /* error pipe, debug mode. */
1109 if (fd == -1)
c72daea8 1110 fatal_event(&ev, msg);
1a6bca81
SK		 1111 else
1112 /* pipe is non-blocking and struct event_desc is smaller than
1113 PIPE_BUF, so this either fails or writes everything */
c72daea8 1114 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
5aabfc78
SK		 1115}
1116
c72daea8
SK		 1117/* NOTE: the memory used to return msg is leaked: use msgs in events only
1118 to describe fatal errors. */
1119static int read_event(int fd, struct event_desc *evp, char **msg)
1120{
1121 char *buf;
1122
1123 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1124 return 0;
1125
1126 *msg = NULL;
1127
1128 if (evp->msg_sz != 0 &&
1129 (buf = malloc(evp->msg_sz + 1)) &&
1130 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1131 {
1132 buf[evp->msg_sz] = 0;
1133 *msg = buf;
1134 }
1135
1136 return 1;
1137}
1138
1139static void fatal_event(struct event_desc *ev, char *msg)
1a6bca81
SK		 1140{
1141 errno = ev->data;
1142
1143 switch (ev->event)
1144 {
1145 case EVENT_DIE:
1146 exit(0);
7622fc06
SK		 1147
1148 case EVENT_FORK_ERR:
1149 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1a6bca81
SK		 1150
1151 case EVENT_PIPE_ERR:
1152 die(_("failed to create helper: %s"), NULL, EC_MISC);
1153
1154 case EVENT_CAP_ERR:
1155 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1156
1157 case EVENT_USER_ERR:
c72daea8 1158 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1a6bca81
SK		 1159
1160 case EVENT_GROUP_ERR:
c72daea8 1161 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1a6bca81
SK		 1162
1163 case EVENT_PIDFILE:
c72daea8 1164 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1a6bca81
SK		 1165
1166 case EVENT_LOG_ERR:
c72daea8
SK		 1167 die(_("cannot open log %s: %s"), msg, EC_FILE);
1168
1169 case EVENT_LUA_ERR:
1170 die(_("failed to load Lua script: %s"), msg, EC_MISC);
8b3ae2fd
SK		 1171
1172 case EVENT_TFTP_ERR:
1173 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
360f2513
SK		 1174
1175 case EVENT_TIME_ERR:
1176 die(_("cannot create timestamp file %s: %s" ), msg, EC_BADCONF);
1a6bca81
SK		 1177 }
1178}
1179
5aabfc78
SK		 1180static void async_event(int pipe, time_t now)
1181{
1182 pid_t p;
1183 struct event_desc ev;
7b1eae4f 1184 int i, check = 0;
c72daea8
SK		 1185 char *msg;
1186
1187 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1188 to describe fatal errors. */
1189
1190 if (read_event(pipe, &ev, &msg))
5aabfc78
SK		 1191 switch (ev.event)
1192 {
1193 case EVENT_RELOAD:
e98bd52e
SK		 1194#ifdef HAVE_DNSSEC
1195 if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
1196 {
1197 my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
1198 reset_option_bool(OPT_DNSSEC_TIME);
1199 }
1200#endif
1201 /* fall through */
1202
1203 case EVENT_INIT:
5aabfc78 1204 clear_cache_and_reload(now);
e98bd52e 1205
7b1eae4f 1206 if (daemon->port != 0)
5aabfc78 1207 {
7b1eae4f
SK		 1208 if (daemon->resolv_files && option_bool(OPT_NO_POLL))
1209 {
1210 reload_servers(daemon->resolv_files->name);
1211 check = 1;
1212 }
1213
1214 if (daemon->servers_file)
1215 {
1216 read_servers_file();
1217 check = 1;
1218 }
1219
1220 if (check)
1221 check_servers();
5aabfc78 1222 }
7b1eae4f 1223
7622fc06 1224#ifdef HAVE_DHCP
5aabfc78 1225 rerun_scripts();
7622fc06 1226#endif
5aabfc78
SK		 1227 break;
1228
1229 case EVENT_DUMP:
824af85b
SK		 1230 if (daemon->port != 0)
1231 dump_cache(now);
5aabfc78
SK		 1232 break;
1233
1234 case EVENT_ALARM:
7622fc06 1235#ifdef HAVE_DHCP
1f776932 1236 if (daemon->dhcp || daemon->doing_dhcp6)
5aabfc78
SK		 1237 {
1238 lease_prune(NULL, now);
1239 lease_update_file(now);
1240 }
843c96b4 1241#ifdef HAVE_DHCP6
1f776932 1242 else if (daemon->doing_ra)
353ae4d2
SK		 1243 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1244 send_alarm(periodic_ra(now), now);
843c96b4 1245#endif
7622fc06 1246#endif
5aabfc78
SK		 1247 break;
1248
1249 case EVENT_CHILD:
1250 /* See Stevens 5.10 */
1251 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1252 if (p == -1)
1253 {
1254 if (errno != EINTR)
1255 break;
1256 }
1257 else
1258 for (i = 0 ; i < MAX_PROCS; i++)
1259 if (daemon->tcp_pids[i] == p)
1260 daemon->tcp_pids[i] = 0;
1261 break;
1262
1263 case EVENT_KILLED:
c72daea8 1264 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
5aabfc78
SK		 1265 break;
1266
1267 case EVENT_EXITED:
c72daea8 1268 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
5aabfc78
SK		 1269 break;
1270
1271 case EVENT_EXEC_ERR:
9e038946
SK		 1272 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1273 daemon->lease_change_command, strerror(ev.data));
5aabfc78
SK		 1274 break;
1275
1a6bca81 1276 /* necessary for fatal errors in helper */
c72daea8 1277 case EVENT_USER_ERR:
1a6bca81 1278 case EVENT_DIE:
c72daea8
SK		 1279 case EVENT_LUA_ERR:
1280 fatal_event(&ev, msg);
9e038946
SK		 1281 break;
1282
5aabfc78
SK		 1283 case EVENT_REOPEN:
1284 /* Note: this may leave TCP-handling processes with the old file still open.
1285 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1286 we leave them logging to the old file. */
1287 if (daemon->log_file != NULL)
1288 log_reopen(daemon->log_file);
1289 break;
a0358e5d
SK		 1290
1291 case EVENT_NEWADDR:
1292 newaddress(now);
1293 break;
47a95169
SK		 1294
1295 case EVENT_NEWROUTE:
1296 resend_query();
1297 /* Force re-reading resolv file right now, for luck. */
1298 poll_resolv(0, 1, now);
1299 break;
1300
5aabfc78
SK		 1301 case EVENT_TERM:
1302 /* Knock all our children on the head. */
1303 for (i = 0; i < MAX_PROCS; i++)
1304 if (daemon->tcp_pids[i] != 0)
1305 kill(daemon->tcp_pids[i], SIGALRM);
1306
c72daea8 1307#if defined(HAVE_SCRIPT)
5aabfc78
SK		 1308 /* handle pending lease transitions */
1309 if (daemon->helperfd != -1)
1310 {
1311 /* block in writes until all done */
1312 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1313 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1314 do {
1315 helper_write();
1316 } while (!helper_buf_empty() || do_script_run(now));
ff841ebf 1317 while (retry_send(close(daemon->helperfd)));
5aabfc78
SK		 1318 }
1319#endif
1320
1321 if (daemon->lease_stream)
1322 fclose(daemon->lease_stream);
73a08a24 1323
34b5d194
KDB		 1324#ifdef HAVE_DNSSEC
1325 /* update timestamp file on TERM if time is considered valid */
1326 if (daemon->back_to_the_future)
1327 {
1328 if (utime(daemon->timestamp_file, NULL) == -1)
1329 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
1330 }
1331#endif
1332
73a08a24
SK		 1333 if (daemon->runfile)
1334 unlink(daemon->runfile);
5aabfc78
SK		 1335
1336 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1337 flush_log();
1338 exit(EC_GOOD);
1339 }
3be34541
SK		 1340}
1341
47a95169 1342static void poll_resolv(int force, int do_reload, time_t now)
5aabfc78
SK		 1343{
1344 struct resolvc *res, *latest;
1345 struct stat statbuf;
1346 time_t last_change = 0;
1347 /* There may be more than one possible file.
1348 Go through and find the one which changed _last_.
1349 Warn of any which can't be read. */
8ef5ada2 1350
28866e95 1351 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
8ef5ada2
SK		 1352 return;
1353
5aabfc78
SK		 1354 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1355 if (stat(res->name, &statbuf) == -1)
1356 {
8ef5ada2
SK		 1357 if (force)
1358 {
1359 res->mtime = 0;
1360 continue;
1361 }
1362
5aabfc78
SK		 1363 if (!res->logged)
1364 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1365 res->logged = 1;
8ef5ada2
SK		 1366
1367 if (res->mtime != 0)
1368 {
1369 /* existing file evaporated, force selection of the latest
1370 file even if its mtime hasn't changed since we last looked */
1371 poll_resolv(1, do_reload, now);
1372 return;
1373 }
5aabfc78
SK		 1374 }
1375 else
1376 {
1377 res->logged = 0;
8ef5ada2
SK		 1378 if (force || (statbuf.st_mtime != res->mtime))
1379 {
1380 res->mtime = statbuf.st_mtime;
5aabfc78
SK		 1381 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1382 {
1383 last_change = statbuf.st_mtime;
1384 latest = res;
1385 }
1386 }
1387 }
1388
1389 if (latest)
1390 {
1391 static int warned = 0;
1392 if (reload_servers(latest->name))
1393 {
1394 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1395 warned = 0;
1396 check_servers();
28866e95 1397 if (option_bool(OPT_RELOAD) && do_reload)
8ef5ada2 1398 clear_cache_and_reload(now);
5aabfc78
SK		 1399 }
1400 else
1401 {
1402 latest->mtime = 0;
1403 if (!warned)
1404 {
1405 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1406 warned = 1;
1407 }
1408 }
1409 }
1410}
3d8df260 1411
5aabfc78 1412void clear_cache_and_reload(time_t now)
3d8df260 1413{
408c368f
VG		 1414 (void)now;
1415
824af85b 1416 if (daemon->port != 0)
7622fc06 1417 cache_reload();
824af85b 1418
7622fc06 1419#ifdef HAVE_DHCP
1f776932 1420 if (daemon->dhcp || daemon->doing_dhcp6)
3d8df260 1421 {
28866e95 1422 if (option_bool(OPT_ETHERS))
5aabfc78 1423 dhcp_read_ethers();
824af85b 1424 reread_dhcp();
0491805d 1425#ifdef HAVE_INOTIFY
70d1873d 1426 set_dynamic_inotify(AH_DHCP_HST | AH_DHCP_OPT, 0, NULL, 0);
5f4dc5c6 1427#endif
3d8df260 1428 dhcp_update_configs(daemon->dhcp_conf);
5aabfc78
SK		 1429 lease_update_from_configs();
1430 lease_update_file(now);
353ae4d2 1431 lease_update_dns(1);
3d8df260 1432 }
843c96b4 1433#ifdef HAVE_DHCP6
1f776932 1434 else if (daemon->doing_ra)
2021c662
SK		 1435 /* Not doing DHCP, so no lease system, manage
1436 alarms for ra only */
1437 send_alarm(periodic_ra(now), now);
843c96b4 1438#endif
7622fc06 1439#endif
3d8df260
SK		 1440}
1441
b842bc97 1442static int set_dns_listeners(time_t now)
3be34541
SK		 1443{
1444 struct serverfd *serverfdp;
1445 struct listener *listener;
824af85b 1446 int wait = 0, i;
832af0ba
SK		 1447
1448#ifdef HAVE_TFTP
1449 int tftp = 0;
1450 struct tftp_transfer *transfer;
1451 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1452 {
1453 tftp++;
b842bc97 1454 poll_listen(transfer->sockfd, POLLIN);
832af0ba
SK		 1455 }
1456#endif
1457
1697269c 1458 /* will we be able to get memory? */
824af85b 1459 if (daemon->port != 0)
3a237152 1460 get_new_frec(now, &wait, 0);
1697269c 1461
3be34541 1462 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
b842bc97 1463 poll_listen(serverfdp->fd, POLLIN);
f6d69562 1464
1a6bca81
SK		 1465 if (daemon->port != 0 && !daemon->osport)
1466 for (i = 0; i < RANDOM_SOCKS; i++)
1467 if (daemon->randomsocks[i].refcount != 0)
b842bc97 1468 poll_listen(daemon->randomsocks[i].fd, POLLIN);
f6d69562 1469
3be34541
SK		 1470 for (listener = daemon->listeners; listener; listener = listener->next)
1471 {
1697269c 1472 /* only listen for queries if we have resources */
824af85b 1473 if (listener->fd != -1 && wait == 0)
b842bc97 1474 poll_listen(listener->fd, POLLIN);
f6d69562 1475
1697269c
SK		 1476 /* death of a child goes through the select loop, so
1477 we don't need to explicitly arrange to wake up here */
824af85b
SK		 1478 if (listener->tcpfd != -1)
1479 for (i = 0; i < MAX_PROCS; i++)
1480 if (daemon->tcp_pids[i] == 0)
1481 {
b842bc97 1482 poll_listen(listener->tcpfd, POLLIN);
824af85b
SK		 1483 break;
1484 }
9e4abcb5 1485
832af0ba
SK		 1486#ifdef HAVE_TFTP
1487 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
b842bc97 1488 poll_listen(listener->tftpfd, POLLIN);
832af0ba
SK		 1489#endif
1490
1491 }
1492
1697269c 1493 return wait;
3be34541 1494}
9e4abcb5 1495
b842bc97 1496static void check_dns_listeners(time_t now)
3be34541
SK		 1497{
1498 struct serverfd *serverfdp;
1a6bca81
SK		 1499 struct listener *listener;
1500 int i;
1501
832af0ba 1502 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
b842bc97 1503 if (poll_check(serverfdp->fd, POLLIN))
1a6bca81
SK		 1504 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1505
1506 if (daemon->port != 0 && !daemon->osport)
1507 for (i = 0; i < RANDOM_SOCKS; i++)
1508 if (daemon->randomsocks[i].refcount != 0 &&
b842bc97 1509 poll_check(daemon->randomsocks[i].fd, POLLIN))
1a6bca81 1510 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
832af0ba
SK		 1511
1512 for (listener = daemon->listeners; listener; listener = listener->next)
1513 {
b842bc97 1514 if (listener->fd != -1 && poll_check(listener->fd, POLLIN))
5aabfc78 1515 receive_query(listener, now);
1a6bca81 1516
832af0ba 1517#ifdef HAVE_TFTP
b842bc97 1518 if (listener->tftpfd != -1 && poll_check(listener->tftpfd, POLLIN))
5aabfc78 1519 tftp_request(listener, now);
832af0ba 1520#endif
3be34541 1521
b842bc97 1522 if (listener->tcpfd != -1 && poll_check(listener->tcpfd, POLLIN))
832af0ba 1523 {
22ce550e 1524 int confd, client_ok = 1;
832af0ba
SK		 1525 struct irec *iface = NULL;
1526 pid_t p;
52d4abf2
SK		 1527 union mysockaddr tcp_addr;
1528 socklen_t tcp_len = sizeof(union mysockaddr);
1529
1530 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
832af0ba 1531
46b06656 1532 if (confd == -1)
832af0ba 1533 continue;
76dd75de 1534
46b06656
SK		 1535 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1536 {
ff841ebf 1537 while (retry_send(close(confd)));
46b06656
SK		 1538 continue;
1539 }
76dd75de
SK		 1540
1541 /* Make sure that the interface list is up-to-date.
1542
1543 We do this here as we may need the results below, and
1544 the DNS code needs them for --interface-name stuff.
1545
1546 Multiple calls to enumerate_interfaces() per select loop are
1547 inhibited, so calls to it in the child process (which doesn't select())
1548 have no effect. This avoids two processes reading from the same
1549 netlink fd and screwing the pooch entirely.
1550 */
e25db1f2 1551
76dd75de
SK		 1552 enumerate_interfaces(0);
1553
1554 if (option_bool(OPT_NOWILD))
1555 iface = listener->iface; /* May be NULL */
1556 else
1557 {
1558 int if_index;
1559 char intr_name[IF_NAMESIZE];
1560
1561 /* if we can find the arrival interface, check it's one that's allowed */
1562 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1563 indextoname(listener->tcpfd, if_index, intr_name))
1564 {
1565 struct all_addr addr;
1566 addr.addr.addr4 = tcp_addr.in.sin_addr;
e25db1f2 1567#ifdef HAVE_IPV6
76dd75de
SK		 1568 if (tcp_addr.sa.sa_family == AF_INET6)
1569 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
e25db1f2 1570#endif
76dd75de
SK		 1571
1572 for (iface = daemon->interfaces; iface; iface = iface->next)
1573 if (iface->index == if_index)
1574 break;
1575
1576 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1577 client_ok = 0;
1578 }
1579
1580 if (option_bool(OPT_CLEVERBIND))
1581 iface = listener->iface; /* May be NULL */
1582 else
1583 {
1584 /* Check for allowed interfaces when binding the wildcard address:
1585 we do this by looking for an interface with the same address as
1586 the local address of the TCP connection, then looking to see if that's
1587 an allowed interface. As a side effect, we get the netmask of the
1588 interface too, for localisation. */
1589
1590 for (iface = daemon->interfaces; iface; iface = iface->next)
1591 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1592 break;
1593
1594 if (!iface)
1595 client_ok = 0;
1596 }
1597 }
1598
22ce550e 1599 if (!client_ok)
832af0ba
SK		 1600 {
1601 shutdown(confd, SHUT_RDWR);
ff841ebf 1602 while (retry_send(close(confd)));
832af0ba 1603 }
59353a6b 1604#ifndef NO_FORK
28866e95 1605 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
832af0ba
SK		 1606 {
1607 if (p != -1)
1608 {
1609 int i;
1610 for (i = 0; i < MAX_PROCS; i++)
1611 if (daemon->tcp_pids[i] == 0)
1612 {
1613 daemon->tcp_pids[i] = p;
1614 break;
1615 }
1616 }
ff841ebf 1617 while (retry_send(close(confd)));
25cf5e37
SK		 1618
1619 /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
1620 daemon->log_id += TCP_MAX_QUERIES;
832af0ba
SK		 1621 }
1622#endif
1623 else
1624 {
1625 unsigned char *buff;
1626 struct server *s;
1627 int flags;
52d4abf2 1628 struct in_addr netmask;
4f7b304f 1629 int auth_dns;
52d4abf2
SK		 1630
1631 if (iface)
4f7b304f
SK		 1632 {
1633 netmask = iface->netmask;
1634 auth_dns = iface->dns_auth;
1635 }
52d4abf2 1636 else
4f7b304f
SK		 1637 {
1638 netmask.s_addr = 0;
1639 auth_dns = 0;
1640 }
52d4abf2 1641
8ef5ada2
SK		 1642#ifndef NO_FORK
1643 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1644 terminate the process. */
28866e95 1645 if (!option_bool(OPT_DEBUG))
832af0ba 1646 alarm(CHILD_LIFETIME);
8ef5ada2
SK		 1647#endif
1648
832af0ba
SK		 1649 /* start with no upstream connections. */
1650 for (s = daemon->servers; s; s = s->next)
7cebd20f 1651 s->tcpfd = -1;
832af0ba
SK		 1652
1653 /* The connected socket inherits non-blocking
1654 attribute from the listening socket.
1655 Reset that here. */
1656 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1657 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1658
4f7b304f 1659 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
7cebd20f 1660
832af0ba 1661 shutdown(confd, SHUT_RDWR);
ff841ebf 1662 while (retry_send(close(confd)));
832af0ba
SK		 1663
1664 if (buff)
1665 free(buff);
1666
1667 for (s = daemon->servers; s; s = s->next)
1668 if (s->tcpfd != -1)
1669 {
1670 shutdown(s->tcpfd, SHUT_RDWR);
ff841ebf 1671 while (retry_send(close(s->tcpfd)));
832af0ba 1672 }
7cebd20f 1673#ifndef NO_FORK
28866e95 1674 if (!option_bool(OPT_DEBUG))
5aabfc78
SK		 1675 {
1676 flush_log();
1677 _exit(0);
1678 }
59353a6b 1679#endif
832af0ba
SK		 1680 }
1681 }
1682 }
3be34541
SK		 1683}
1684
7622fc06 1685#ifdef HAVE_DHCP
5e9e0efb
SK		 1686int make_icmp_sock(void)
1687{
7cebd20f 1688 int fd;
5e9e0efb
SK		 1689 int zeroopt = 0;
1690
1691 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1692 {
7cebd20f 1693 if (!fix_fd(fd) ||
5e9e0efb
SK		 1694 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1695 {
1696 close(fd);
1697 fd = -1;
1698 }
1699 }
1700
1701 return fd;
1702}
1703
5aabfc78 1704int icmp_ping(struct in_addr addr)
3be34541 1705{
5e9e0efb 1706 /* Try and get an ICMP echo from a machine. */
3be34541
SK		 1707
1708 /* Note that whilst in the three second wait, we check for
832af0ba 1709 (and service) events on the DNS and TFTP sockets, (so doing that
3be34541
SK		 1710 better not use any resources our caller has in use...)
1711 but we remain deaf to signals or further DHCP packets. */
1712
5e95a552
SK		 1713 /* There can be a problem using dnsmasq_time() to end the loop, since
1714 it's not monotonic, and can go backwards if the system clock is
1715 tweaked, leading to the code getting stuck in this loop and
1716 ignoring DHCP requests. To fix this, we check to see if select returned
1717 as a result of a timeout rather than a socket becoming available. We
1718 only allow this to happen as many times as it takes to get to the wait time
1719 in quarter-second chunks. This provides a fallback way to end loop. */
1720
1721 int fd, rc;
3be34541
SK		 1722 struct sockaddr_in saddr;
1723 struct {
1724 struct ip ip;
1725 struct icmp icmp;
1726 } packet;
1727 unsigned short id = rand16();
5e95a552 1728 unsigned int i, j, timeout_count;
5e9e0efb 1729 int gotreply = 0;
3be34541 1730 time_t start, now;
5e9e0efb 1731
824af85b 1732#if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
5e9e0efb
SK		 1733 if ((fd = make_icmp_sock()) == -1)
1734 return 0;
1735#else
1736 int opt = 2000;
1737 fd = daemon->dhcp_icmp_fd;
1738 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1739#endif
1740
3be34541
SK		 1741 saddr.sin_family = AF_INET;
1742 saddr.sin_port = 0;
1743 saddr.sin_addr = addr;
1744#ifdef HAVE_SOCKADDR_SA_LEN
1745 saddr.sin_len = sizeof(struct sockaddr_in);
1746#endif
1747
1748 memset(&packet.icmp, 0, sizeof(packet.icmp));
1749 packet.icmp.icmp_type = ICMP_ECHO;
1750 packet.icmp.icmp_id = id;
1751 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1752 j += ((u16 *)&packet.icmp)[i];
1753 while (j>>16)
1754 j = (j & 0xffff) + (j >> 16);
1755 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1756
ff841ebf
SK		 1757 while (retry_send(sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1758 (struct sockaddr *)&saddr, sizeof(saddr))));
fd9fa481 1759
5e95a552
SK		 1760 for (now = start = dnsmasq_time(), timeout_count = 0;
1761 (difftime(now, start) < (float)PING_WAIT) && (timeout_count < PING_WAIT * 4);)
fd9fa481 1762 {
fd9fa481 1763 struct sockaddr_in faddr;
3d8df260 1764 socklen_t len = sizeof(faddr);
fd9fa481 1765
b842bc97
SK		 1766 poll_reset();
1767 poll_listen(fd, POLLIN);
1768 set_dns_listeners(now);
1769 set_log_writer();
c5ad4e79
SK		 1770
1771#ifdef HAVE_DHCP6
1f776932 1772 if (daemon->doing_ra)
b842bc97 1773 poll_listen(daemon->icmp6fd, POLLIN);
c5ad4e79
SK		 1774#endif
1775
b842bc97 1776 rc = do_poll(250);
5e95a552
SK		 1777
1778 if (rc < 0)
b842bc97 1779 continue;
5e95a552
SK		 1780 else if (rc == 0)
1781 timeout_count++;
f2621c7f 1782
5e9e0efb 1783 now = dnsmasq_time();
f2621c7f 1784
b842bc97
SK		 1785 check_log_writer(0);
1786 check_dns_listeners(now);
832af0ba 1787
c5ad4e79 1788#ifdef HAVE_DHCP6
b842bc97 1789 if (daemon->doing_ra && poll_check(daemon->icmp6fd, POLLIN))
1f776932 1790 icmp6_packet(now);
c5ad4e79
SK		 1791#endif
1792
832af0ba 1793#ifdef HAVE_TFTP
b842bc97 1794 check_tftp_listeners(now);
832af0ba
SK		 1795#endif
1796
b842bc97 1797 if (poll_check(fd, POLLIN) &&
5e9e0efb 1798 recvfrom(fd, &packet, sizeof(packet), 0,
fd9fa481
SK		 1799 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1800 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1801 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1802 packet.icmp.icmp_seq == 0 &&
1803 packet.icmp.icmp_id == id)
1804 {
1805 gotreply = 1;
1806 break;
1807 }
1808 }
1809
824af85b 1810#if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
ff841ebf 1811 while (retry_send(close(fd)));
5e9e0efb 1812#else
3be34541 1813 opt = 1;
5e9e0efb
SK		 1814 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1815#endif
1816
3be34541
SK		 1817 return gotreply;
1818}
7622fc06 1819#endif
0a852541
SK		 1820
1821
Michael's tree of dnsmasq.