]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnsmasq.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
add --tftp-no-fail to ignore missing tftp root
[people/ms/dnsmasq.git] / src / dnsmasq.c
CommitLineData
aff33962 1/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
9e4abcb5
SK		 2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
824af85b
SK		 5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
9e4abcb5
SK		 8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
824af85b 12
73a08a24
SK		 13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
9e4abcb5
SK		 15*/
16
c72daea8
SK		 17/* Declare static char *compiler_opts in config.h */
18#define DNSMASQ_COMPILE_OPTS
19
9e4abcb5
SK		 20#include "dnsmasq.h"
21
5aabfc78
SK		 22struct daemon *daemon;
23
5aabfc78
SK		 24static volatile pid_t pid = 0;
25static volatile int pipewrite;
9e4abcb5 26
5aabfc78
SK		 27static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
28static void check_dns_listeners(fd_set *set, time_t now);
3be34541 29static void sig_handler(int sig);
5aabfc78 30static void async_event(int pipe, time_t now);
c72daea8
SK		 31static void fatal_event(struct event_desc *ev, char *msg);
32static int read_event(int fd, struct event_desc *evp, char **msg);
47a95169 33static void poll_resolv(int force, int do_reload, time_t now);
9e4abcb5
SK		 34
35int main (int argc, char **argv)
36{
de37951c 37 int bind_fallback = 0;
9009d746 38 time_t now;
9e4abcb5 39 struct sigaction sigact;
26128d27 40 struct iname *if_tmp;
1a6bca81
SK		 41 int piperead, pipefd[2], err_pipe[2];
42 struct passwd *ent_pw = NULL;
c72daea8 43#if defined(HAVE_SCRIPT)
1a6bca81
SK		 44 uid_t script_uid = 0;
45 gid_t script_gid = 0;
7622fc06
SK		 46#endif
47 struct group *gp = NULL;
5aabfc78 48 long i, max_fd = sysconf(_SC_OPEN_MAX);
1a6bca81
SK		 49 char *baduser = NULL;
50 int log_err;
51#if defined(HAVE_LINUX_NETWORK)
52 cap_user_header_t hdr = NULL;
53 cap_user_data_t data = NULL;
3b3f4411
SK		 54 char *bound_device = NULL;
55 int did_bind = 0;
1a6bca81 56#endif
408c368f 57#if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
1f776932 58 struct dhcp_context *context;
ff7eea27 59 struct dhcp_relay *relay;
408c368f 60#endif
30d0879e
ST		 61#ifdef HAVE_TFTP
62 int tftp_prefix_missing = 0;
63#endif
5aabfc78 64
824af85b 65#ifdef LOCALEDIR
b8187c80
SK		 66 setlocale(LC_ALL, "");
67 bindtextdomain("dnsmasq", LOCALEDIR);
68 textdomain("dnsmasq");
69#endif
70
9e4abcb5
SK		 71 sigact.sa_handler = sig_handler;
72 sigact.sa_flags = 0;
73 sigemptyset(&sigact.sa_mask);
74 sigaction(SIGUSR1, &sigact, NULL);
5aabfc78 75 sigaction(SIGUSR2, &sigact, NULL);
9e4abcb5
SK		 76 sigaction(SIGHUP, &sigact, NULL);
77 sigaction(SIGTERM, &sigact, NULL);
44a2a316 78 sigaction(SIGALRM, &sigact, NULL);
feba5c1d
SK		 79 sigaction(SIGCHLD, &sigact, NULL);
80
81 /* ignore SIGPIPE */
82 sigact.sa_handler = SIG_IGN;
83 sigaction(SIGPIPE, &sigact, NULL);
9e4abcb5 84
5aabfc78 85 umask(022); /* known umask, create leases and pid files as 0644 */
b5ea1cc2
SK		 86
87 rand_init(); /* Must precede read_opts() */
88
5aabfc78 89 read_opts(argc, argv, compile_opts);
c3e0b9b6 90
3be34541 91 if (daemon->edns_pktsz < PACKETSZ)
60b68069 92 daemon->edns_pktsz = PACKETSZ;
3ddacb86 93
0a852541
SK		 94 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
95 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
96 daemon->packet = safe_malloc(daemon->packet_buff_sz);
3ddacb86 97
c72daea8 98 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
25cf5e37
SK		 99 if (option_bool(OPT_EXTRALOG))
100 daemon->addrbuff2 = safe_malloc(ADDRSTRLEN);
3ddacb86
SK		 101
102#ifdef HAVE_DNSSEC
103 if (option_bool(OPT_DNSSEC_VALID))
5107ace1
SK		 104 {
105 daemon->keyname = safe_malloc(MAXDNAME);
106 daemon->workspacename = safe_malloc(MAXDNAME);
107 }
3ddacb86 108#endif
4f7b304f 109
7622fc06 110#ifdef HAVE_DHCP
3be34541 111 if (!daemon->lease_file)
9e4abcb5 112 {
52b92f4d 113 if (daemon->dhcp || daemon->dhcp6)
3be34541 114 daemon->lease_file = LEASEFILE;
9e4abcb5 115 }
7622fc06 116#endif
9e4abcb5 117
a2761754
SK		 118 /* Close any file descriptors we inherited apart from std{in|out|err}
119
120 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
121 otherwise file descriptors we create can end up being 0, 1, or 2
122 and then get accidentally closed later when we make 0, 1, and 2
123 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
124 but it's not guaranteed. By opening /dev/null three times, we
125 ensure that we're not using those fds for real stuff. */
5aabfc78
SK		 126 for (i = 0; i < max_fd; i++)
127 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
128 close(i);
a2761754
SK		 129 else
130 open("/dev/null", O_RDWR);
5aabfc78 131
801ca9a7
SK		 132#ifndef HAVE_LINUX_NETWORK
133# if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
28866e95 134 if (!option_bool(OPT_NOWILD))
de37951c
SK		 135 {
136 bind_fallback = 1;
28866e95 137 set_option_bool(OPT_NOWILD);
de37951c 138 }
801ca9a7 139# endif
2b5bae9a
SK		 140
141 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
54dd393f 142 if (option_bool(OPT_CLEVERBIND))
2b5bae9a
SK		 143 {
144 bind_fallback = 1;
145 set_option_bool(OPT_NOWILD);
236e072c 146 reset_option_bool(OPT_CLEVERBIND);
2b5bae9a 147 }
0491805d 148#endif
5f4dc5c6 149
0491805d 150#ifndef HAVE_INOTIFY
70d1873d
SK		 151 if (daemon->dynamic_dirs)
152 die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL, EC_BADCONF);
309331f5 153#endif
2b5bae9a 154
0744ca66
SK		 155 if (option_bool(OPT_DNSSEC_VALID))
156 {
3ddacb86 157#ifdef HAVE_DNSSEC
ee415867 158 if (!daemon->ds)
360f2513 159 die(_("no trust anchors provided for DNSSEC"), NULL, EC_BADCONF);
0744ca66
SK		 160
161 if (daemon->cachesize < CACHESIZ)
360f2513 162 die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
0744ca66
SK		 163#else
164 die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
3ddacb86 165#endif
0744ca66 166 }
3ddacb86 167
832af0ba 168#ifndef HAVE_TFTP
9b40cbf5 169 if (option_bool(OPT_TFTP))
5aabfc78 170 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
832af0ba
SK		 171#endif
172
7de060b0
SK		 173#ifdef HAVE_CONNTRACK
174 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
360f2513 175 die (_("cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
7de060b0
SK		 176#else
177 if (option_bool(OPT_CONNTRACK))
360f2513 178 die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
7de060b0
SK		 179#endif
180
824af85b
SK		 181#ifdef HAVE_SOLARIS_NETWORK
182 if (daemon->max_logs != 0)
183 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
184#endif
185
572b41eb
SK		 186#ifdef __ANDROID__
187 if (daemon->max_logs != 0)
188 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
189#endif
190
4820dce9
SK		 191#ifndef HAVE_AUTH
192 if (daemon->authserver)
193 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
194#endif
195
b5ea1cc2
SK		 196#ifndef HAVE_LOOP
197 if (option_bool(OPT_LOOP_DETECT))
360f2513 198 die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF);
b5ea1cc2 199#endif
1a6bca81 200
5aabfc78 201 now = dnsmasq_time();
4f7b304f 202
b0ff858e 203 /* Create a serial at startup if not configured. */
4f7b304f
SK		 204 if (daemon->authinterface && daemon->soa_sn == 0)
205#ifdef HAVE_BROKEN_RTC
b0ff858e 206 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
4f7b304f
SK		 207#else
208 daemon->soa_sn = now;
209#endif
5aabfc78 210
ff7eea27
SK		 211#ifdef HAVE_DHCP6
212 if (daemon->dhcp6)
213 {
214 daemon->doing_ra = option_bool(OPT_RA);
1f776932 215
ff7eea27 216 for (context = daemon->dhcp6; context; context = context->next)
1f776932 217 {
ff7eea27
SK		 218 if (context->flags & CONTEXT_DHCP)
219 daemon->doing_dhcp6 = 1;
220 if (context->flags & CONTEXT_RA)
221 daemon->doing_ra = 1;
1ee9be4c 222#if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK)
ff7eea27
SK		 223 if (context->flags & CONTEXT_TEMPLATE)
224 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
bb86e858 225#endif
1f776932 226 }
ff7eea27
SK		 227 }
228#endif
229
230#ifdef HAVE_DHCP
231 /* Note that order matters here, we must call lease_init before
232 creating any file descriptors which shouldn't be leaked
233 to the lease-script init process. We need to call common_init
234 before lease_init to allocate buffers it uses.*/
235 if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6)
236 {
237 dhcp_common_init();
1f776932 238 if (daemon->dhcp || daemon->doing_dhcp6)
ff7eea27
SK		 239 lease_init(now);
240 }
241
242 if (daemon->dhcp || daemon->relay4)
243 dhcp_init();
244
843c96b4 245# ifdef HAVE_DHCP6
89500e31 246 if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6)
ff7eea27
SK		 247 ra_init(now);
248
249 if (daemon->doing_dhcp6 || daemon->relay6)
250 dhcp6_init();
801ca9a7
SK		 251# endif
252
253#endif
254
13d86c73
JD		 255#ifdef HAVE_IPSET
256 if (daemon->ipsets)
257 ipset_init();
258#endif
259
1ee9be4c 260#if defined(HAVE_LINUX_NETWORK)
801ca9a7 261 netlink_init();
1ee9be4c
SK		 262#elif defined(HAVE_BSD_NETWORK)
263 route_init();
801ca9a7
SK		 264#endif
265
1ee9be4c
SK		 266 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
267 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
268
115ac3e4 269 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
5aabfc78 270 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
843c96b4 271
54dd393f 272 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
de37951c 273 {
74c95c25 274 create_bound_listeners(1);
54dd393f
SK		 275
276 if (!option_bool(OPT_CLEVERBIND))
277 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
278 if (if_tmp->name && !if_tmp->used)
279 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
9380ba70
SK		 280
281#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
282 /* after enumerate_interfaces() */
3b3f4411
SK		 283 bound_device = whichdevice();
284
9380ba70
SK		 285 if (daemon->dhcp)
286 {
3b3f4411
SK		 287 if (!daemon->relay4 && bound_device)
288 {
289 bindtodevice(bound_device, daemon->dhcpfd);
290 did_bind = 1;
291 }
292 if (daemon->enable_pxe && bound_device)
293 {
294 bindtodevice(bound_device, daemon->pxefd);
295 did_bind = 1;
296 }
9380ba70
SK		 297 }
298#endif
299
300#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
3b3f4411
SK		 301 if (daemon->doing_dhcp6 && !daemon->relay6 && bound_device)
302 {
303 bindtodevice(bound_device, daemon->dhcp6fd);
304 did_bind = 1;
305 }
9380ba70 306#endif
de37951c 307 }
28866e95 308 else
74c95c25 309 create_wildcard_listeners();
5d162f20
SK		 310
311#ifdef HAVE_DHCP6
312 /* after enumerate_interfaces() */
ff7eea27 313 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
5d162f20 314 join_multicast(1);
3511a928
SK		 315
316 /* After netlink_init() and before create_helper() */
317 lease_make_duid(now);
5d162f20 318#endif
de37951c 319
824af85b 320 if (daemon->port != 0)
82e3f45a
SK		 321 {
322 cache_init();
193de4ab 323
82e3f45a
SK		 324#ifdef HAVE_DNSSEC
325 blockdata_init();
326#endif
5f4dc5c6 327 }
193de4ab 328
0491805d 329#ifdef HAVE_INOTIFY
70d1873d 330 if (daemon->port != 0 || daemon->dhcp || daemon->doing_dhcp6)
5f4dc5c6
SK		 331 inotify_dnsmasq_init();
332 else
333 daemon->inotifyfd = -1;
193de4ab 334#endif
5f4dc5c6 335
28866e95 336 if (option_bool(OPT_DBUS))
3d8df260
SK		 337#ifdef HAVE_DBUS
338 {
339 char *err;
340 daemon->dbus = NULL;
341 daemon->watches = NULL;
5aabfc78
SK		 342 if ((err = dbus_init()))
343 die(_("DBus error: %s"), err, EC_MISC);
3d8df260
SK		 344 }
345#else
5aabfc78 346 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
3d8df260
SK		 347#endif
348
824af85b
SK		 349 if (daemon->port != 0)
350 pre_allocate_sfds();
1a6bca81 351
c72daea8 352#if defined(HAVE_SCRIPT)
1a6bca81 353 /* Note getpwnam returns static storage */
843c96b4
SK		 354 if ((daemon->dhcp || daemon->dhcp6) &&
355 daemon->scriptuser &&
c72daea8 356 (daemon->lease_change_command || daemon->luascript))
1a6bca81
SK		 357 {
358 if ((ent_pw = getpwnam(daemon->scriptuser)))
359 {
360 script_uid = ent_pw->pw_uid;
361 script_gid = ent_pw->pw_gid;
362 }
363 else
364 baduser = daemon->scriptuser;
365 }
7622fc06 366#endif
9e4abcb5 367
1a6bca81
SK		 368 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
369 baduser = daemon->username;
370 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
371 baduser = daemon->groupname;
372
373 if (baduser)
374 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
f6e62e2a 375
1a6bca81
SK		 376 /* implement group defaults, "dip" if available, or group associated with uid */
377 if (!daemon->group_set && !gp)
378 {
379 if (!(gp = getgrnam(CHGRP)) && ent_pw)
380 gp = getgrgid(ent_pw->pw_gid);
381
382 /* for error message */
383 if (gp)
384 daemon->groupname = gp->gr_name;
385 }
386
387#if defined(HAVE_LINUX_NETWORK)
388 /* determine capability API version here, while we can still
389 call safe_malloc */
390 if (ent_pw && ent_pw->pw_uid != 0)
391 {
1a6bca81 392 int capsize = 1; /* for header version 1 */
3927da46
SK		 393 hdr = safe_malloc(sizeof(*hdr));
394
1a6bca81
SK		 395 /* find version supported by kernel */
396 memset(hdr, 0, sizeof(*hdr));
397 capget(hdr, NULL);
398
399 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
400 {
401 /* if unknown version, use largest supported version (3) */
402 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
403 hdr->version = LINUX_CAPABILITY_VERSION_3;
404 capsize = 2;
405 }
406
407 data = safe_malloc(sizeof(*data) * capsize);
408 memset(data, 0, sizeof(*data) * capsize);
409 }
410#endif
411
5aabfc78 412 /* Use a pipe to carry signals and other events back to the event loop
1a6bca81
SK		 413 in a race-free manner and another to carry errors to daemon-invoking process */
414 safe_pipe(pipefd, 1);
5e9e0efb
SK		 415
416 piperead = pipefd[0];
417 pipewrite = pipefd[1];
418 /* prime the pipe to load stuff first time. */
e98bd52e 419 send_event(pipewrite, EVENT_INIT, 0, NULL);
1a6bca81
SK		 420
421 err_pipe[1] = -1;
1697269c 422
28866e95 423 if (!option_bool(OPT_DEBUG))
9e4abcb5 424 {
9e4abcb5
SK		 425 /* The following code "daemonizes" the process.
426 See Stevens section 12.4 */
1a6bca81 427
9e038946
SK		 428 if (chdir("/") != 0)
429 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
430
1697269c 431#ifndef NO_FORK
28866e95 432 if (!option_bool(OPT_NO_FORK))
3be34541 433 {
5aabfc78 434 pid_t pid;
3be34541 435
1a6bca81
SK		 436 /* pipe to carry errors back to original process.
437 When startup is complete we close this and the process terminates. */
438 safe_pipe(err_pipe, 0);
439
7622fc06
SK		 440 if ((pid = fork()) == -1)
441 /* fd == -1 since we've not forked, never returns. */
c72daea8 442 send_event(-1, EVENT_FORK_ERR, errno, NULL);
9e038946 443
5aabfc78 444 if (pid != 0)
1a6bca81
SK		 445 {
446 struct event_desc ev;
c72daea8
SK		 447 char *msg;
448
1a6bca81 449 /* close our copy of write-end */
ff841ebf 450 while (retry_send(close(err_pipe[1])));
1a6bca81
SK		 451
452 /* check for errors after the fork */
c72daea8
SK		 453 if (read_event(err_pipe[0], &ev, &msg))
454 fatal_event(&ev, msg);
1a6bca81
SK		 455
456 _exit(EC_GOOD);
457 }
458
ff841ebf 459 while (retry_send(close(err_pipe[0])));
1a6bca81
SK		 460
461 /* NO calls to die() from here on. */
3be34541 462
5aabfc78 463 setsid();
7622fc06
SK		 464
465 if ((pid = fork()) == -1)
c72daea8 466 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
7622fc06
SK		 467
468 if (pid != 0)
7cebd20f 469 _exit(0);
3be34541 470 }
9e4abcb5 471#endif
9e038946 472
9e4abcb5 473 /* write pidfile _after_ forking ! */
1a6bca81
SK		 474 if (daemon->runfile)
475 {
79cfefd8
SK		 476 int fd, err = 0;
477
478 sprintf(daemon->namebuff, "%d\n", (int) getpid());
479
480 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
481 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
482 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
483 extent that an attacker running as the unprivileged user could replace the pidfile with a
484 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
485
486 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
487 ensuring that the open() fails should there be any existing file (because the unlink() failed,
488 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
489 attack can succeed.
490
491 Any compromise of the non-privileged user still theoretically allows the pid-file to be
492 replaced whilst dnsmasq is running. The worst that could allow is that the usual
493 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
494
495 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
496 failure to write the pid-file.
497 */
498
499 unlink(daemon->runfile);
1a6bca81 500
79cfefd8 501 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
1a6bca81 502 {
79cfefd8
SK		 503 /* only complain if started as root */
504 if (getuid() == 0)
505 err = 1;
1a6bca81 506 }
79cfefd8
SK		 507 else
508 {
509 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
510 err = 1;
ff841ebf
SK		 511 else
512 {
513 while (retry_send(close(fd)));
514 if (errno != 0)
515 err = 1;
516 }
79cfefd8
SK		 517 }
518
519 if (err)
1a6bca81 520 {
c72daea8 521 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
1a6bca81
SK		 522 _exit(0);
523 }
9e4abcb5 524 }
1697269c
SK		 525 }
526
8ef5ada2
SK		 527 log_err = log_start(ent_pw, err_pipe[1]);
528
28866e95 529 if (!option_bool(OPT_DEBUG))
8ef5ada2
SK		 530 {
531 /* open stdout etc to /dev/null */
532 int nullfd = open("/dev/null", O_RDWR);
533 dup2(nullfd, STDOUT_FILENO);
534 dup2(nullfd, STDERR_FILENO);
535 dup2(nullfd, STDIN_FILENO);
536 close(nullfd);
537 }
1a6bca81
SK		 538
539 /* if we are to run scripts, we need to fork a helper before dropping root. */
540 daemon->helperfd = -1;
c72daea8 541#ifdef HAVE_SCRIPT
52b92f4d 542 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
1a6bca81 543 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
5aabfc78 544#endif
5aabfc78 545
28866e95 546 if (!option_bool(OPT_DEBUG) && getuid() == 0)
1697269c 547 {
1a6bca81
SK		 548 int bad_capabilities = 0;
549 gid_t dummy;
550
551 /* remove all supplimentary groups */
552 if (gp &&
553 (setgroups(0, &dummy) == -1 ||
554 setgid(gp->gr_gid) == -1))
9e4abcb5 555 {
c72daea8 556 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
1a6bca81 557 _exit(0);
7cebd20f 558 }
1a6bca81 559
7cebd20f 560 if (ent_pw && ent_pw->pw_uid != 0)
1697269c 561 {
74c95c25 562#if defined(HAVE_LINUX_NETWORK)
1697269c 563 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
74c95c25 564 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
54dd393f
SK		 565 ports because of DAD, or we're doing it dynamically,
566 we need CAP_NET_BIND_SERVICE too. */
567 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
74c95c25
SK		 568 data->effective = data->permitted = data->inheritable =
569 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
570 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
571 else
572 data->effective = data->permitted = data->inheritable =
573 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
5e9e0efb 574
1697269c 575 /* Tell kernel to not clear capabilities when dropping root */
572b41eb 576 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
1697269c 577 bad_capabilities = errno;
1a6bca81 578
7622fc06 579#elif defined(HAVE_SOLARIS_NETWORK)
824af85b
SK		 580 /* http://developers.sun.com/solaris/articles/program_privileges.html */
581 priv_set_t *priv_set;
582
583 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
584 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
585 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
586 bad_capabilities = errno;
587
588 if (priv_set && bad_capabilities == 0)
589 {
590 priv_inverse(priv_set);
591
592 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
593 bad_capabilities = errno;
594 }
595
596 if (priv_set)
597 priv_freeset(priv_set);
598
824af85b
SK		 599#endif
600
1a6bca81 601 if (bad_capabilities != 0)
1697269c 602 {
c72daea8 603 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
1a6bca81
SK		 604 _exit(0);
605 }
606
607 /* finally drop root */
608 if (setuid(ent_pw->pw_uid) == -1)
609 {
c72daea8 610 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
1a6bca81
SK		 611 _exit(0);
612 }
613
1697269c 614#ifdef HAVE_LINUX_NETWORK
54dd393f 615 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
74c95c25
SK		 616 data->effective = data->permitted =
617 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
618 else
619 data->effective = data->permitted =
620 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
1a6bca81
SK		 621 data->inheritable = 0;
622
623 /* lose the setuid and setgid capbilities */
624 if (capset(hdr, data) == -1)
625 {
c72daea8 626 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
1a6bca81 627 _exit(0);
1697269c 628 }
1a6bca81
SK		 629#endif
630
9e4abcb5
SK		 631 }
632 }
1697269c 633
1697269c 634#ifdef HAVE_LINUX_NETWORK
28b879ac
CW		 635 free(hdr);
636 free(data);
28866e95 637 if (option_bool(OPT_DEBUG))
572b41eb 638 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
1697269c 639#endif
9e4abcb5 640
8b3ae2fd 641#ifdef HAVE_TFTP
30d0879e 642 if (option_bool(OPT_TFTP))
8b3ae2fd
SK		 643 {
644 DIR *dir;
645 struct tftp_prefix *p;
646
647 if (daemon->tftp_prefix)
648 {
649 if (!((dir = opendir(daemon->tftp_prefix))))
650 {
30d0879e
ST		 651 tftp_prefix_missing = 1;
652 if (!option_bool(OPT_TFTP_NO_FAIL))
653 {
654 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
655 _exit(0);
656 }
8b3ae2fd
SK		 657 }
658 closedir(dir);
659 }
30d0879e 660
8b3ae2fd
SK		 661 for (p = daemon->if_prefix; p; p = p->next)
662 {
30d0879e 663 p->missing = 0;
8b3ae2fd 664 if (!((dir = opendir(p->prefix))))
30d0879e
ST		 665 {
666 p->missing = 1;
667 if (!option_bool(OPT_TFTP_NO_FAIL))
668 {
669 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
670 _exit(0);
671 }
672 }
8b3ae2fd
SK		 673 closedir(dir);
674 }
675 }
676#endif
30d0879e 677
824af85b
SK		 678 if (daemon->port == 0)
679 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
680 else if (daemon->cachesize != 0)
f2621c7f 681 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
9e4abcb5 682 else
f2621c7f 683 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
1697269c 684
f2621c7f 685 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
1697269c 686
3d8df260 687#ifdef HAVE_DBUS
28866e95 688 if (option_bool(OPT_DBUS))
3d8df260
SK		 689 {
690 if (daemon->dbus)
f2621c7f 691 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
3d8df260 692 else
f2621c7f 693 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
3d8df260
SK		 694 }
695#endif
1a9a3489
SK		 696
697 if (option_bool(OPT_LOCAL_SERVICE))
698 my_syslog(LOG_INFO, _("DNS service limited to local subnets"));
db737466 699
1d97ac4f 700#ifdef HAVE_DNSSEC
db737466 701 if (option_bool(OPT_DNSSEC_VALID))
e98bd52e 702 {
360f2513
SK		 703 int rc;
704
705 /* Delay creating the timestamp file until here, after we've changed user, so that
706 it has the correct owner to allow updating the mtime later.
707 This means we have to report fatal errors via the pipe. */
708 if ((rc = setup_timestamp()) == -1)
709 {
710 send_event(err_pipe[1], EVENT_TIME_ERR, errno, daemon->timestamp_file);
711 _exit(0);
712 }
713
e98bd52e 714 my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
360f2513 715
e98bd52e
SK		 716 if (option_bool(OPT_DNSSEC_TIME))
717 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
360f2513
SK		 718
719 if (rc == 1)
f6e62e2a 720 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid"));
e98bd52e 721 }
db737466 722#endif
3d8df260 723
1a6bca81
SK		 724 if (log_err != 0)
725 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
726 daemon->log_file, strerror(log_err));
db737466 727
de37951c 728 if (bind_fallback)
f2621c7f 729 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
dc27e148 730
f7029f5c
SK		 731 if (option_bool(OPT_NOWILD))
732 warn_bound_listeners();
733
734 warn_int_names();
de37951c 735
28866e95 736 if (!option_bool(OPT_NOWILD))
26128d27
SK		 737 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
738 if (if_tmp->name && !if_tmp->used)
f2621c7f 739 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
5e9e0efb 740
28866e95 741 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
208b65c5
SK		 742 {
743 if (daemon->resolv_files && !daemon->resolv_files->is_default)
f2621c7f 744 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
208b65c5 745 daemon->resolv_files = NULL;
1b7ecd11 746 if (!daemon->servers)
f2621c7f 747 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
208b65c5
SK		 748 }
749
f2621c7f
SK		 750 if (daemon->max_logs != 0)
751 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
1f776932 752
f2621c7f 753
7622fc06 754#ifdef HAVE_DHCP
1f776932
SK		 755 for (context = daemon->dhcp; context; context = context->next)
756 log_context(AF_INET, context);
52b92f4d 757
ff7eea27
SK		 758 for (relay = daemon->relay4; relay; relay = relay->next)
759 log_relay(AF_INET, relay);
760
1f776932
SK		 761# ifdef HAVE_DHCP6
762 for (context = daemon->dhcp6; context; context = context->next)
763 log_context(AF_INET6, context);
764
ff7eea27
SK		 765 for (relay = daemon->relay6; relay; relay = relay->next)
766 log_relay(AF_INET6, relay);
767
1f776932
SK		 768 if (daemon->doing_dhcp6 || daemon->doing_ra)
769 dhcp_construct_contexts(now);
770
771 if (option_bool(OPT_RA))
772 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
773# endif
26128d27 774
3b3f4411
SK		 775# ifdef HAVE_LINUX_NETWORK
776 if (did_bind)
777 my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device);
778# endif
779
8445f5d2
SK		 780 /* after dhcp_contruct_contexts */
781 if (daemon->dhcp || daemon->doing_dhcp6)
782 lease_find_interfaces(now);
1f776932 783#endif
52b92f4d 784
832af0ba 785#ifdef HAVE_TFTP
5f4dc5c6 786 if (option_bool(OPT_TFTP))
30d0879e
ST		 787 {
788 struct tftp_prefix *p;
832af0ba 789#ifdef FD_SETSIZE
5aabfc78 790 if (FD_SETSIZE < (unsigned)max_fd)
832af0ba
SK		 791 max_fd = FD_SETSIZE;
792#endif
793
7622fc06 794 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
f2621c7f
SK		 795 daemon->tftp_prefix ? _("root is ") : _("enabled"),
796 daemon->tftp_prefix ? daemon->tftp_prefix: "",
28866e95 797 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
30d0879e
ST		 798
799 if (tftp_prefix_missing)
800 my_syslog(MS_TFTP | LOG_WARNING, _("warning: %s inaccessible"), daemon->tftp_prefix);
f2621c7f 801
30d0879e
ST		 802 for (p = daemon->if_prefix; p; p = p->next)
803 if (p->missing)
804 my_syslog(MS_TFTP | LOG_WARNING, _("warning: TFTP directory %s inaccessible"), p->prefix);
805
832af0ba 806 /* This is a guess, it assumes that for small limits,
f2621c7f 807 disjoint files might be served, but for large limits,
832af0ba
SK		 808 a single file will be sent to may clients (the file only needs
809 one fd). */
810
811 max_fd -= 30; /* use other than TFTP */
812
813 if (max_fd < 0)
814 max_fd = 5;
815 else if (max_fd < 100)
816 max_fd = max_fd/2;
817 else
818 max_fd = max_fd - 20;
824af85b
SK		 819
820 /* if we have to use a limited range of ports,
821 that will limit the number of transfers */
822 if (daemon->start_tftp_port != 0 &&
823 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
824 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
832af0ba
SK		 825
826 if (daemon->tftp_max > max_fd)
827 {
828 daemon->tftp_max = max_fd;
7622fc06 829 my_syslog(MS_TFTP | LOG_WARNING,
f2621c7f
SK		 830 _("restricting maximum simultaneous TFTP transfers to %d"),
831 daemon->tftp_max);
832af0ba
SK		 832 }
833 }
834#endif
835
1a6bca81
SK		 836 /* finished start-up - release original process */
837 if (err_pipe[1] != -1)
ff841ebf 838 while (retry_send(close(err_pipe[1])));
9e4abcb5 839
824af85b
SK		 840 if (daemon->port != 0)
841 check_servers();
842
7cebd20f
SK		 843 pid = getpid();
844
0491805d 845#ifdef HAVE_INOTIFY
193de4ab
SK		 846 /* Using inotify, have to select a resolv file at startup */
847 poll_resolv(1, 0, now);
848#endif
849
5e9e0efb 850 while (1)
9e4abcb5 851 {
1697269c 852 int maxfd = -1;
5e9e0efb 853 struct timeval t, *tp = NULL;
3d8df260 854 fd_set rset, wset, eset;
9e4abcb5
SK		 855
856 FD_ZERO(&rset);
3d8df260
SK		 857 FD_ZERO(&wset);
858 FD_ZERO(&eset);
9e4abcb5 859
1697269c
SK		 860 /* if we are out of resources, find how long we have to wait
861 for some to come free, we'll loop around then and restart
862 listening for queries */
5aabfc78 863 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
1697269c
SK		 864 {
865 t.tv_usec = 0;
866 tp = &t;
867 }
868
832af0ba
SK		 869 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
870 if (daemon->tftp_trans ||
28866e95 871 (option_bool(OPT_DBUS) && !daemon->dbus))
5e9e0efb 872 {
1697269c
SK		 873 t.tv_sec = 0;
874 t.tv_usec = 250000;
5e9e0efb 875 tp = &t;
5e9e0efb 876 }
74c95c25
SK		 877 /* Wake every second whilst waiting for DAD to complete */
878 else if (is_dad_listeners())
879 {
880 t.tv_sec = 1;
881 t.tv_usec = 0;
882 tp = &t;
883 }
44a2a316 884
832af0ba 885#ifdef HAVE_DBUS
5aabfc78 886 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
5e9e0efb
SK		 887#endif
888
7622fc06 889#ifdef HAVE_DHCP
ff7eea27 890 if (daemon->dhcp || daemon->relay4)
5e9e0efb
SK		 891 {
892 FD_SET(daemon->dhcpfd, &rset);
1697269c 893 bump_maxfd(daemon->dhcpfd, &maxfd);
316e2730
SK		 894 if (daemon->pxefd != -1)
895 {
896 FD_SET(daemon->pxefd, &rset);
897 bump_maxfd(daemon->pxefd, &maxfd);
898 }
5e9e0efb 899 }
7622fc06 900#endif
cdeda28f 901
52b92f4d 902#ifdef HAVE_DHCP6
ff7eea27 903 if (daemon->doing_dhcp6 || daemon->relay6)
52b92f4d
SK		 904 {
905 FD_SET(daemon->dhcp6fd, &rset);
c5ad4e79 906 bump_maxfd(daemon->dhcp6fd, &maxfd);
5d71d834
SK		 907 }
908
1f776932 909 if (daemon->doing_ra)
5d71d834
SK		 910 {
911 FD_SET(daemon->icmp6fd, &rset);
912 bump_maxfd(daemon->icmp6fd, &maxfd);
52b92f4d
SK		 913 }
914#endif
0491805d
SK		 915
916#ifdef HAVE_INOTIFY
5f4dc5c6 917 if (daemon->inotifyfd != -1)
193de4ab
SK		 918 {
919 FD_SET(daemon->inotifyfd, &rset);
920 bump_maxfd(daemon->inotifyfd, &maxfd);
921 }
0491805d
SK		 922#endif
923
924#if defined(HAVE_LINUX_NETWORK)
925 FD_SET(daemon->netlinkfd, &rset);
926 bump_maxfd(daemon->netlinkfd, &maxfd);
1ee9be4c
SK		 927#elif defined(HAVE_BSD_NETWORK)
928 FD_SET(daemon->routefd, &rset);
929 bump_maxfd(daemon->routefd, &maxfd);
3d8df260 930#endif
193de4ab 931
5e9e0efb 932 FD_SET(piperead, &rset);
1697269c
SK		 933 bump_maxfd(piperead, &maxfd);
934
7622fc06 935#ifdef HAVE_DHCP
1f15b81d 936# ifdef HAVE_SCRIPT
5aabfc78 937 while (helper_buf_empty() && do_script_run(now));
1697269c 938
a9530964
SK		 939# ifdef HAVE_TFTP
940 while (helper_buf_empty() && do_tftp_script_run());
941# endif
942
1697269c
SK		 943 if (!helper_buf_empty())
944 {
945 FD_SET(daemon->helperfd, &wset);
946 bump_maxfd(daemon->helperfd, &maxfd);
947 }
7622fc06 948# else
5aabfc78
SK		 949 /* need this for other side-effects */
950 while (do_script_run(now));
a9530964
SK		 951
952# ifdef HAVE_TFTP
953 while (do_tftp_script_run());
954# endif
955
7622fc06 956# endif
5aabfc78 957#endif
7622fc06 958
f2621c7f
SK		 959 /* must do this just before select(), when we know no
960 more calls to my_syslog() can occur */
961 set_log_writer(&wset, &maxfd);
962
5e9e0efb
SK		 963 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
964 {
965 /* otherwise undefined after error */
966 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
967 }
968
969 now = dnsmasq_time();
9e4abcb5 970
f2621c7f 971 check_log_writer(&wset);
115ac3e4
SK		 972
973 /* prime. */
974 enumerate_interfaces(1);
975
74c95c25
SK		 976 /* Check the interfaces to see if any have exited DAD state
977 and if so, bind the address. */
978 if (is_dad_listeners())
979 {
115ac3e4 980 enumerate_interfaces(0);
74c95c25
SK		 981 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
982 create_bound_listeners(0);
dc27e148 983 warn_bound_listeners();
74c95c25 984 }
f2621c7f 985
1ee9be4c 986#if defined(HAVE_LINUX_NETWORK)
c52e1897 987 if (FD_ISSET(daemon->netlinkfd, &rset))
a0358e5d 988 netlink_multicast();
1ee9be4c
SK		 989#elif defined(HAVE_BSD_NETWORK)
990 if (FD_ISSET(daemon->routefd, &rset))
a0358e5d 991 route_sock();
c52e1897
SK		 992#endif
993
0491805d 994#ifdef HAVE_INOTIFY
5f4dc5c6
SK		 995 if (daemon->inotifyfd != -1 && FD_ISSET(daemon->inotifyfd, &rset) && inotify_check(now))
996 {
997 if (daemon->port != 0 && !option_bool(OPT_NO_POLL))
998 poll_resolv(1, 1, now);
999 }
193de4ab 1000#else
9e4abcb5 1001 /* Check for changes to resolv files once per second max. */
3d8df260 1002 /* Don't go silent for long periods if the clock goes backwards. */
9009d746
SK		 1003 if (daemon->last_resolv == 0 ||
1004 difftime(now, daemon->last_resolv) > 1.0 ||
1005 difftime(now, daemon->last_resolv) < -1.0)
9e4abcb5 1006 {
8ef5ada2
SK		 1007 /* poll_resolv doesn't need to reload first time through, since
1008 that's queued anyway. */
33820b7e 1009
8ef5ada2
SK		 1010 poll_resolv(0, daemon->last_resolv != 0, now);
1011 daemon->last_resolv = now;
9e4abcb5 1012 }
193de4ab
SK		 1013#endif
1014
5e9e0efb 1015 if (FD_ISSET(piperead, &rset))
5aabfc78 1016 async_event(piperead, now);
7cebd20f 1017
3d8df260
SK		 1018#ifdef HAVE_DBUS
1019 /* if we didn't create a DBus connection, retry now. */
28866e95 1020 if (option_bool(OPT_DBUS) && !daemon->dbus)
3d8df260
SK		 1021 {
1022 char *err;
5aabfc78 1023 if ((err = dbus_init()))
f2621c7f 1024 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
3d8df260 1025 if (daemon->dbus)
f2621c7f 1026 my_syslog(LOG_INFO, _("connected to system DBus"));
3d8df260 1027 }
5aabfc78 1028 check_dbus_listeners(&rset, &wset, &eset);
3d8df260 1029#endif
824af85b 1030
5aabfc78 1031 check_dns_listeners(&rset, now);
832af0ba
SK		 1032
1033#ifdef HAVE_TFTP
5aabfc78 1034 check_tftp_listeners(&rset, now);
832af0ba
SK		 1035#endif
1036
7622fc06 1037#ifdef HAVE_DHCP
ff7eea27 1038 if (daemon->dhcp || daemon->relay4)
316e2730
SK		 1039 {
1040 if (FD_ISSET(daemon->dhcpfd, &rset))
1041 dhcp_packet(now, 0);
1042 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
1043 dhcp_packet(now, 1);
1044 }
1697269c 1045
52b92f4d 1046#ifdef HAVE_DHCP6
ff7eea27 1047 if ((daemon->doing_dhcp6 || daemon->relay6) && FD_ISSET(daemon->dhcp6fd, &rset))
18c63eff 1048 dhcp6_packet(now);
c5ad4e79 1049
1f776932
SK		 1050 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1051 icmp6_packet(now);
52b92f4d
SK		 1052#endif
1053
1f15b81d 1054# ifdef HAVE_SCRIPT
1697269c 1055 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
5aabfc78 1056 helper_write();
7622fc06 1057# endif
5aabfc78
SK		 1058#endif
1059
9e4abcb5 1060 }
9e4abcb5
SK		 1061}
1062
3be34541
SK		 1063static void sig_handler(int sig)
1064{
5e9e0efb 1065 if (pid == 0)
3be34541 1066 {
1697269c
SK		 1067 /* ignore anything other than TERM during startup
1068 and in helper proc. (helper ignore TERM too) */
5e9e0efb 1069 if (sig == SIGTERM)
5aabfc78 1070 exit(EC_MISC);
3be34541 1071 }
5aabfc78 1072 else if (pid != getpid())
5e9e0efb 1073 {
1697269c 1074 /* alarm is used to kill TCP children after a fixed time. */
5e9e0efb 1075 if (sig == SIGALRM)
7cebd20f 1076 _exit(0);
3be34541 1077 }
5aabfc78
SK		 1078 else
1079 {
1080 /* master process */
1081 int event, errsave = errno;
1082
1083 if (sig == SIGHUP)
1084 event = EVENT_RELOAD;
1085 else if (sig == SIGCHLD)
1086 event = EVENT_CHILD;
1087 else if (sig == SIGALRM)
1088 event = EVENT_ALARM;
1089 else if (sig == SIGTERM)
1090 event = EVENT_TERM;
1091 else if (sig == SIGUSR1)
1092 event = EVENT_DUMP;
1093 else if (sig == SIGUSR2)
1094 event = EVENT_REOPEN;
1095 else
1096 return;
1097
c72daea8 1098 send_event(pipewrite, event, 0, NULL);
5aabfc78
SK		 1099 errno = errsave;
1100 }
1101}
1102
353ae4d2
SK		 1103/* now == 0 -> queue immediate callback */
1104void send_alarm(time_t event, time_t now)
741c2952 1105{
884a6dfe 1106 if (now == 0 || event != 0)
353ae4d2 1107 {
884a6dfe
SK		 1108 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1109 if ((now == 0 || difftime(event, now) <= 0.0))
1110 send_event(pipewrite, EVENT_ALARM, 0, NULL);
1111 else
1112 alarm((unsigned)difftime(event, now));
353ae4d2 1113 }
741c2952
SK		 1114}
1115
47a95169 1116void queue_event(int event)
a0358e5d 1117{
47a95169 1118 send_event(pipewrite, event, 0, NULL);
a0358e5d
SK		 1119}
1120
c72daea8 1121void send_event(int fd, int event, int data, char *msg)
5aabfc78
SK		 1122{
1123 struct event_desc ev;
c72daea8
SK		 1124 struct iovec iov[2];
1125
5aabfc78
SK		 1126 ev.event = event;
1127 ev.data = data;
c72daea8
SK		 1128 ev.msg_sz = msg ? strlen(msg) : 0;
1129
1130 iov[0].iov_base = &ev;
1131 iov[0].iov_len = sizeof(ev);
1132 iov[1].iov_base = msg;
1133 iov[1].iov_len = ev.msg_sz;
1a6bca81
SK		 1134
1135 /* error pipe, debug mode. */
1136 if (fd == -1)
c72daea8 1137 fatal_event(&ev, msg);
1a6bca81
SK		 1138 else
1139 /* pipe is non-blocking and struct event_desc is smaller than
1140 PIPE_BUF, so this either fails or writes everything */
c72daea8 1141 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
5aabfc78
SK		 1142}
1143
c72daea8
SK		 1144/* NOTE: the memory used to return msg is leaked: use msgs in events only
1145 to describe fatal errors. */
1146static int read_event(int fd, struct event_desc *evp, char **msg)
1147{
1148 char *buf;
1149
1150 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1151 return 0;
1152
1153 *msg = NULL;
1154
1155 if (evp->msg_sz != 0 &&
1156 (buf = malloc(evp->msg_sz + 1)) &&
1157 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1158 {
1159 buf[evp->msg_sz] = 0;
1160 *msg = buf;
1161 }
1162
1163 return 1;
1164}
1165
1166static void fatal_event(struct event_desc *ev, char *msg)
1a6bca81
SK		 1167{
1168 errno = ev->data;
1169
1170 switch (ev->event)
1171 {
1172 case EVENT_DIE:
1173 exit(0);
7622fc06
SK		 1174
1175 case EVENT_FORK_ERR:
1176 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1a6bca81
SK		 1177
1178 case EVENT_PIPE_ERR:
1179 die(_("failed to create helper: %s"), NULL, EC_MISC);
1180
1181 case EVENT_CAP_ERR:
1182 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1183
1184 case EVENT_USER_ERR:
c72daea8 1185 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1a6bca81
SK		 1186
1187 case EVENT_GROUP_ERR:
c72daea8 1188 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1a6bca81
SK		 1189
1190 case EVENT_PIDFILE:
c72daea8 1191 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1a6bca81
SK		 1192
1193 case EVENT_LOG_ERR:
c72daea8
SK		 1194 die(_("cannot open log %s: %s"), msg, EC_FILE);
1195
1196 case EVENT_LUA_ERR:
1197 die(_("failed to load Lua script: %s"), msg, EC_MISC);
8b3ae2fd
SK		 1198
1199 case EVENT_TFTP_ERR:
1200 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
360f2513
SK		 1201
1202 case EVENT_TIME_ERR:
1203 die(_("cannot create timestamp file %s: %s" ), msg, EC_BADCONF);
1a6bca81
SK		 1204 }
1205}
1206
5aabfc78
SK		 1207static void async_event(int pipe, time_t now)
1208{
1209 pid_t p;
1210 struct event_desc ev;
7b1eae4f 1211 int i, check = 0;
c72daea8
SK		 1212 char *msg;
1213
1214 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1215 to describe fatal errors. */
1216
1217 if (read_event(pipe, &ev, &msg))
5aabfc78
SK		 1218 switch (ev.event)
1219 {
1220 case EVENT_RELOAD:
e98bd52e
SK		 1221#ifdef HAVE_DNSSEC
1222 if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
1223 {
1224 my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
1225 reset_option_bool(OPT_DNSSEC_TIME);
1226 }
1227#endif
1228 /* fall through */
1229
1230 case EVENT_INIT:
5aabfc78 1231 clear_cache_and_reload(now);
e98bd52e 1232
7b1eae4f 1233 if (daemon->port != 0)
5aabfc78 1234 {
7b1eae4f
SK		 1235 if (daemon->resolv_files && option_bool(OPT_NO_POLL))
1236 {
1237 reload_servers(daemon->resolv_files->name);
1238 check = 1;
1239 }
1240
1241 if (daemon->servers_file)
1242 {
1243 read_servers_file();
1244 check = 1;
1245 }
1246
1247 if (check)
1248 check_servers();
5aabfc78 1249 }
7b1eae4f 1250
7622fc06 1251#ifdef HAVE_DHCP
5aabfc78 1252 rerun_scripts();
7622fc06 1253#endif
5aabfc78
SK		 1254 break;
1255
1256 case EVENT_DUMP:
824af85b
SK		 1257 if (daemon->port != 0)
1258 dump_cache(now);
5aabfc78
SK		 1259 break;
1260
1261 case EVENT_ALARM:
7622fc06 1262#ifdef HAVE_DHCP
1f776932 1263 if (daemon->dhcp || daemon->doing_dhcp6)
5aabfc78
SK		 1264 {
1265 lease_prune(NULL, now);
1266 lease_update_file(now);
1267 }
843c96b4 1268#ifdef HAVE_DHCP6
1f776932 1269 else if (daemon->doing_ra)
353ae4d2
SK		 1270 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1271 send_alarm(periodic_ra(now), now);
843c96b4 1272#endif
7622fc06 1273#endif
5aabfc78
SK		 1274 break;
1275
1276 case EVENT_CHILD:
1277 /* See Stevens 5.10 */
1278 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1279 if (p == -1)
1280 {
1281 if (errno != EINTR)
1282 break;
1283 }
1284 else
1285 for (i = 0 ; i < MAX_PROCS; i++)
1286 if (daemon->tcp_pids[i] == p)
1287 daemon->tcp_pids[i] = 0;
1288 break;
1289
1290 case EVENT_KILLED:
c72daea8 1291 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
5aabfc78
SK		 1292 break;
1293
1294 case EVENT_EXITED:
c72daea8 1295 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
5aabfc78
SK		 1296 break;
1297
1298 case EVENT_EXEC_ERR:
9e038946
SK		 1299 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1300 daemon->lease_change_command, strerror(ev.data));
5aabfc78
SK		 1301 break;
1302
1a6bca81 1303 /* necessary for fatal errors in helper */
c72daea8 1304 case EVENT_USER_ERR:
1a6bca81 1305 case EVENT_DIE:
c72daea8
SK		 1306 case EVENT_LUA_ERR:
1307 fatal_event(&ev, msg);
9e038946
SK		 1308 break;
1309
5aabfc78
SK		 1310 case EVENT_REOPEN:
1311 /* Note: this may leave TCP-handling processes with the old file still open.
1312 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1313 we leave them logging to the old file. */
1314 if (daemon->log_file != NULL)
1315 log_reopen(daemon->log_file);
1316 break;
a0358e5d
SK		 1317
1318 case EVENT_NEWADDR:
1319 newaddress(now);
1320 break;
47a95169
SK		 1321
1322 case EVENT_NEWROUTE:
1323 resend_query();
1324 /* Force re-reading resolv file right now, for luck. */
1325 poll_resolv(0, 1, now);
1326 break;
1327
5aabfc78
SK		 1328 case EVENT_TERM:
1329 /* Knock all our children on the head. */
1330 for (i = 0; i < MAX_PROCS; i++)
1331 if (daemon->tcp_pids[i] != 0)
1332 kill(daemon->tcp_pids[i], SIGALRM);
1333
c72daea8 1334#if defined(HAVE_SCRIPT)
5aabfc78
SK		 1335 /* handle pending lease transitions */
1336 if (daemon->helperfd != -1)
1337 {
1338 /* block in writes until all done */
1339 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1340 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1341 do {
1342 helper_write();
1343 } while (!helper_buf_empty() || do_script_run(now));
ff841ebf 1344 while (retry_send(close(daemon->helperfd)));
5aabfc78
SK		 1345 }
1346#endif
1347
1348 if (daemon->lease_stream)
1349 fclose(daemon->lease_stream);
73a08a24
SK		 1350
1351 if (daemon->runfile)
1352 unlink(daemon->runfile);
5aabfc78
SK		 1353
1354 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1355 flush_log();
1356 exit(EC_GOOD);
1357 }
3be34541
SK		 1358}
1359
47a95169 1360static void poll_resolv(int force, int do_reload, time_t now)
5aabfc78
SK		 1361{
1362 struct resolvc *res, *latest;
1363 struct stat statbuf;
1364 time_t last_change = 0;
1365 /* There may be more than one possible file.
1366 Go through and find the one which changed _last_.
1367 Warn of any which can't be read. */
8ef5ada2 1368
28866e95 1369 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
8ef5ada2
SK		 1370 return;
1371
5aabfc78
SK		 1372 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1373 if (stat(res->name, &statbuf) == -1)
1374 {
8ef5ada2
SK		 1375 if (force)
1376 {
1377 res->mtime = 0;
1378 continue;
1379 }
1380
5aabfc78
SK		 1381 if (!res->logged)
1382 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1383 res->logged = 1;
8ef5ada2
SK		 1384
1385 if (res->mtime != 0)
1386 {
1387 /* existing file evaporated, force selection of the latest
1388 file even if its mtime hasn't changed since we last looked */
1389 poll_resolv(1, do_reload, now);
1390 return;
1391 }
5aabfc78
SK		 1392 }
1393 else
1394 {
1395 res->logged = 0;
8ef5ada2
SK		 1396 if (force || (statbuf.st_mtime != res->mtime))
1397 {
1398 res->mtime = statbuf.st_mtime;
5aabfc78
SK		 1399 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1400 {
1401 last_change = statbuf.st_mtime;
1402 latest = res;
1403 }
1404 }
1405 }
1406
1407 if (latest)
1408 {
1409 static int warned = 0;
1410 if (reload_servers(latest->name))
1411 {
1412 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1413 warned = 0;
1414 check_servers();
28866e95 1415 if (option_bool(OPT_RELOAD) && do_reload)
8ef5ada2 1416 clear_cache_and_reload(now);
5aabfc78
SK		 1417 }
1418 else
1419 {
1420 latest->mtime = 0;
1421 if (!warned)
1422 {
1423 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1424 warned = 1;
1425 }
1426 }
1427 }
1428}
3d8df260 1429
5aabfc78 1430void clear_cache_and_reload(time_t now)
3d8df260 1431{
408c368f
VG		 1432 (void)now;
1433
824af85b 1434 if (daemon->port != 0)
7622fc06 1435 cache_reload();
824af85b 1436
7622fc06 1437#ifdef HAVE_DHCP
1f776932 1438 if (daemon->dhcp || daemon->doing_dhcp6)
3d8df260 1439 {
28866e95 1440 if (option_bool(OPT_ETHERS))
5aabfc78 1441 dhcp_read_ethers();
824af85b 1442 reread_dhcp();
0491805d 1443#ifdef HAVE_INOTIFY
70d1873d 1444 set_dynamic_inotify(AH_DHCP_HST | AH_DHCP_OPT, 0, NULL, 0);
5f4dc5c6 1445#endif
3d8df260 1446 dhcp_update_configs(daemon->dhcp_conf);
5aabfc78
SK		 1447 lease_update_from_configs();
1448 lease_update_file(now);
353ae4d2 1449 lease_update_dns(1);
3d8df260 1450 }
843c96b4 1451#ifdef HAVE_DHCP6
1f776932 1452 else if (daemon->doing_ra)
2021c662
SK		 1453 /* Not doing DHCP, so no lease system, manage
1454 alarms for ra only */
1455 send_alarm(periodic_ra(now), now);
843c96b4 1456#endif
7622fc06 1457#endif
3d8df260
SK		 1458}
1459
5aabfc78 1460static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
3be34541
SK		 1461{
1462 struct serverfd *serverfdp;
1463 struct listener *listener;
824af85b 1464 int wait = 0, i;
832af0ba
SK		 1465
1466#ifdef HAVE_TFTP
1467 int tftp = 0;
1468 struct tftp_transfer *transfer;
1469 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1470 {
1471 tftp++;
1472 FD_SET(transfer->sockfd, set);
1473 bump_maxfd(transfer->sockfd, maxfdp);
1474 }
1475#endif
1476
1697269c 1477 /* will we be able to get memory? */
824af85b 1478 if (daemon->port != 0)
3a237152 1479 get_new_frec(now, &wait, 0);
1697269c 1480
3be34541
SK		 1481 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1482 {
1483 FD_SET(serverfdp->fd, set);
1697269c 1484 bump_maxfd(serverfdp->fd, maxfdp);
3be34541 1485 }
1a6bca81
SK		 1486
1487 if (daemon->port != 0 && !daemon->osport)
1488 for (i = 0; i < RANDOM_SOCKS; i++)
1489 if (daemon->randomsocks[i].refcount != 0)
1490 {
1491 FD_SET(daemon->randomsocks[i].fd, set);
1492 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1493 }
1494
3be34541
SK		 1495 for (listener = daemon->listeners; listener; listener = listener->next)
1496 {
1697269c 1497 /* only listen for queries if we have resources */
824af85b 1498 if (listener->fd != -1 && wait == 0)
1697269c
SK		 1499 {
1500 FD_SET(listener->fd, set);
1501 bump_maxfd(listener->fd, maxfdp);
1502 }
1503
1504 /* death of a child goes through the select loop, so
1505 we don't need to explicitly arrange to wake up here */
824af85b
SK		 1506 if (listener->tcpfd != -1)
1507 for (i = 0; i < MAX_PROCS; i++)
1508 if (daemon->tcp_pids[i] == 0)
1509 {
1510 FD_SET(listener->tcpfd, set);
1511 bump_maxfd(listener->tcpfd, maxfdp);
1512 break;
1513 }
9e4abcb5 1514
832af0ba
SK		 1515#ifdef HAVE_TFTP
1516 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1517 {
1518 FD_SET(listener->tftpfd, set);
1519 bump_maxfd(listener->tftpfd, maxfdp);
1520 }
1521#endif
1522
1523 }
1524
1697269c 1525 return wait;
3be34541 1526}
9e4abcb5 1527
5aabfc78 1528static void check_dns_listeners(fd_set *set, time_t now)
3be34541
SK		 1529{
1530 struct serverfd *serverfdp;
1a6bca81
SK		 1531 struct listener *listener;
1532 int i;
1533
832af0ba
SK		 1534 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1535 if (FD_ISSET(serverfdp->fd, set))
1a6bca81
SK		 1536 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1537
1538 if (daemon->port != 0 && !daemon->osport)
1539 for (i = 0; i < RANDOM_SOCKS; i++)
1540 if (daemon->randomsocks[i].refcount != 0 &&
1541 FD_ISSET(daemon->randomsocks[i].fd, set))
1542 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
832af0ba
SK		 1543
1544 for (listener = daemon->listeners; listener; listener = listener->next)
1545 {
824af85b 1546 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
5aabfc78 1547 receive_query(listener, now);
1a6bca81 1548
832af0ba
SK		 1549#ifdef HAVE_TFTP
1550 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
5aabfc78 1551 tftp_request(listener, now);
832af0ba 1552#endif
3be34541 1553
824af85b 1554 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
832af0ba 1555 {
22ce550e 1556 int confd, client_ok = 1;
832af0ba
SK		 1557 struct irec *iface = NULL;
1558 pid_t p;
52d4abf2
SK		 1559 union mysockaddr tcp_addr;
1560 socklen_t tcp_len = sizeof(union mysockaddr);
1561
1562 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
832af0ba 1563
46b06656 1564 if (confd == -1)
832af0ba 1565 continue;
76dd75de 1566
46b06656
SK		 1567 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1568 {
ff841ebf 1569 while (retry_send(close(confd)));
46b06656
SK		 1570 continue;
1571 }
76dd75de
SK		 1572
1573 /* Make sure that the interface list is up-to-date.
1574
1575 We do this here as we may need the results below, and
1576 the DNS code needs them for --interface-name stuff.
1577
1578 Multiple calls to enumerate_interfaces() per select loop are
1579 inhibited, so calls to it in the child process (which doesn't select())
1580 have no effect. This avoids two processes reading from the same
1581 netlink fd and screwing the pooch entirely.
1582 */
e25db1f2 1583
76dd75de
SK		 1584 enumerate_interfaces(0);
1585
1586 if (option_bool(OPT_NOWILD))
1587 iface = listener->iface; /* May be NULL */
1588 else
1589 {
1590 int if_index;
1591 char intr_name[IF_NAMESIZE];
1592
1593 /* if we can find the arrival interface, check it's one that's allowed */
1594 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1595 indextoname(listener->tcpfd, if_index, intr_name))
1596 {
1597 struct all_addr addr;
1598 addr.addr.addr4 = tcp_addr.in.sin_addr;
e25db1f2 1599#ifdef HAVE_IPV6
76dd75de
SK		 1600 if (tcp_addr.sa.sa_family == AF_INET6)
1601 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
e25db1f2 1602#endif
76dd75de
SK		 1603
1604 for (iface = daemon->interfaces; iface; iface = iface->next)
1605 if (iface->index == if_index)
1606 break;
1607
1608 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1609 client_ok = 0;
1610 }
1611
1612 if (option_bool(OPT_CLEVERBIND))
1613 iface = listener->iface; /* May be NULL */
1614 else
1615 {
1616 /* Check for allowed interfaces when binding the wildcard address:
1617 we do this by looking for an interface with the same address as
1618 the local address of the TCP connection, then looking to see if that's
1619 an allowed interface. As a side effect, we get the netmask of the
1620 interface too, for localisation. */
1621
1622 for (iface = daemon->interfaces; iface; iface = iface->next)
1623 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1624 break;
1625
1626 if (!iface)
1627 client_ok = 0;
1628 }
1629 }
1630
22ce550e 1631 if (!client_ok)
832af0ba
SK		 1632 {
1633 shutdown(confd, SHUT_RDWR);
ff841ebf 1634 while (retry_send(close(confd)));
832af0ba 1635 }
59353a6b 1636#ifndef NO_FORK
28866e95 1637 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
832af0ba
SK		 1638 {
1639 if (p != -1)
1640 {
1641 int i;
1642 for (i = 0; i < MAX_PROCS; i++)
1643 if (daemon->tcp_pids[i] == 0)
1644 {
1645 daemon->tcp_pids[i] = p;
1646 break;
1647 }
1648 }
ff841ebf 1649 while (retry_send(close(confd)));
25cf5e37
SK		 1650
1651 /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
1652 daemon->log_id += TCP_MAX_QUERIES;
832af0ba
SK		 1653 }
1654#endif
1655 else
1656 {
1657 unsigned char *buff;
1658 struct server *s;
1659 int flags;
52d4abf2 1660 struct in_addr netmask;
4f7b304f 1661 int auth_dns;
52d4abf2
SK		 1662
1663 if (iface)
4f7b304f
SK		 1664 {
1665 netmask = iface->netmask;
1666 auth_dns = iface->dns_auth;
1667 }
52d4abf2 1668 else
4f7b304f
SK		 1669 {
1670 netmask.s_addr = 0;
1671 auth_dns = 0;
1672 }
52d4abf2 1673
8ef5ada2
SK		 1674#ifndef NO_FORK
1675 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1676 terminate the process. */
28866e95 1677 if (!option_bool(OPT_DEBUG))
832af0ba 1678 alarm(CHILD_LIFETIME);
8ef5ada2
SK		 1679#endif
1680
832af0ba
SK		 1681 /* start with no upstream connections. */
1682 for (s = daemon->servers; s; s = s->next)
7cebd20f 1683 s->tcpfd = -1;
832af0ba
SK		 1684
1685 /* The connected socket inherits non-blocking
1686 attribute from the listening socket.
1687 Reset that here. */
1688 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1689 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1690
4f7b304f 1691 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
7cebd20f 1692
832af0ba 1693 shutdown(confd, SHUT_RDWR);
ff841ebf 1694 while (retry_send(close(confd)));
832af0ba
SK		 1695
1696 if (buff)
1697 free(buff);
1698
1699 for (s = daemon->servers; s; s = s->next)
1700 if (s->tcpfd != -1)
1701 {
1702 shutdown(s->tcpfd, SHUT_RDWR);
ff841ebf 1703 while (retry_send(close(s->tcpfd)));
832af0ba 1704 }
7cebd20f 1705#ifndef NO_FORK
28866e95 1706 if (!option_bool(OPT_DEBUG))
5aabfc78
SK		 1707 {
1708 flush_log();
1709 _exit(0);
1710 }
59353a6b 1711#endif
832af0ba
SK		 1712 }
1713 }
1714 }
3be34541
SK		 1715}
1716
7622fc06 1717#ifdef HAVE_DHCP
5e9e0efb
SK		 1718int make_icmp_sock(void)
1719{
7cebd20f 1720 int fd;
5e9e0efb
SK		 1721 int zeroopt = 0;
1722
1723 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1724 {
7cebd20f 1725 if (!fix_fd(fd) ||
5e9e0efb
SK		 1726 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1727 {
1728 close(fd);
1729 fd = -1;
1730 }
1731 }
1732
1733 return fd;
1734}
1735
5aabfc78 1736int icmp_ping(struct in_addr addr)
3be34541 1737{
5e9e0efb 1738 /* Try and get an ICMP echo from a machine. */
3be34541
SK		 1739
1740 /* Note that whilst in the three second wait, we check for
832af0ba 1741 (and service) events on the DNS and TFTP sockets, (so doing that
3be34541
SK		 1742 better not use any resources our caller has in use...)
1743 but we remain deaf to signals or further DHCP packets. */
1744
5e9e0efb 1745 int fd;
3be34541
SK		 1746 struct sockaddr_in saddr;
1747 struct {
1748 struct ip ip;
1749 struct icmp icmp;
1750 } packet;
1751 unsigned short id = rand16();
1752 unsigned int i, j;
5e9e0efb 1753 int gotreply = 0;
3be34541 1754 time_t start, now;
5e9e0efb 1755
824af85b 1756#if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
5e9e0efb
SK		 1757 if ((fd = make_icmp_sock()) == -1)
1758 return 0;
1759#else
1760 int opt = 2000;
1761 fd = daemon->dhcp_icmp_fd;
1762 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1763#endif
1764
3be34541
SK		 1765 saddr.sin_family = AF_INET;
1766 saddr.sin_port = 0;
1767 saddr.sin_addr = addr;
1768#ifdef HAVE_SOCKADDR_SA_LEN
1769 saddr.sin_len = sizeof(struct sockaddr_in);
1770#endif
1771
1772 memset(&packet.icmp, 0, sizeof(packet.icmp));
1773 packet.icmp.icmp_type = ICMP_ECHO;
1774 packet.icmp.icmp_id = id;
1775 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1776 j += ((u16 *)&packet.icmp)[i];
1777 while (j>>16)
1778 j = (j & 0xffff) + (j >> 16);
1779 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1780
ff841ebf
SK		 1781 while (retry_send(sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1782 (struct sockaddr *)&saddr, sizeof(saddr))));
fd9fa481 1783
5e9e0efb
SK		 1784 for (now = start = dnsmasq_time();
1785 difftime(now, start) < (float)PING_WAIT;)
fd9fa481
SK		 1786 {
1787 struct timeval tv;
f2621c7f 1788 fd_set rset, wset;
fd9fa481 1789 struct sockaddr_in faddr;
1697269c 1790 int maxfd = fd;
3d8df260 1791 socklen_t len = sizeof(faddr);
fd9fa481
SK		 1792
1793 tv.tv_usec = 250000;
1794 tv.tv_sec = 0;
1795
1796 FD_ZERO(&rset);
f2621c7f 1797 FD_ZERO(&wset);
5e9e0efb 1798 FD_SET(fd, &rset);
5aabfc78 1799 set_dns_listeners(now, &rset, &maxfd);
f2621c7f 1800 set_log_writer(&wset, &maxfd);
c5ad4e79
SK		 1801
1802#ifdef HAVE_DHCP6
1f776932 1803 if (daemon->doing_ra)
c5ad4e79
SK		 1804 {
1805 FD_SET(daemon->icmp6fd, &rset);
1806 bump_maxfd(daemon->icmp6fd, &maxfd);
1807 }
1808#endif
1809
f2621c7f
SK		 1810 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1811 {
1812 FD_ZERO(&rset);
1813 FD_ZERO(&wset);
1814 }
1815
5e9e0efb 1816 now = dnsmasq_time();
f2621c7f
SK		 1817
1818 check_log_writer(&wset);
5aabfc78 1819 check_dns_listeners(&rset, now);
832af0ba 1820
c5ad4e79 1821#ifdef HAVE_DHCP6
1f776932
SK		 1822 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1823 icmp6_packet(now);
c5ad4e79
SK		 1824#endif
1825
832af0ba 1826#ifdef HAVE_TFTP
5aabfc78 1827 check_tftp_listeners(&rset, now);
832af0ba
SK		 1828#endif
1829
5e9e0efb
SK		 1830 if (FD_ISSET(fd, &rset) &&
1831 recvfrom(fd, &packet, sizeof(packet), 0,
fd9fa481
SK		 1832 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1833 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1834 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1835 packet.icmp.icmp_seq == 0 &&
1836 packet.icmp.icmp_id == id)
1837 {
1838 gotreply = 1;
1839 break;
1840 }
1841 }
1842
824af85b 1843#if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
ff841ebf 1844 while (retry_send(close(fd)));
5e9e0efb 1845#else
3be34541 1846 opt = 1;
5e9e0efb
SK		 1847 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1848#endif
1849
3be34541
SK		 1850 return gotreply;
1851}
7622fc06 1852#endif
0a852541
SK		 1853
1854
Michael's tree of dnsmasq.