]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnsmasq.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Header-file dependency checking in Makefile.
[people/ms/dnsmasq.git] / src / dnsmasq.c
CommitLineData
59546085 1/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
9e4abcb5
SK		 2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
824af85b
SK		 5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
9e4abcb5
SK		 8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
824af85b 12
73a08a24
SK		 13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
9e4abcb5
SK		 15*/
16
c72daea8
SK		 17/* Declare static char *compiler_opts in config.h */
18#define DNSMASQ_COMPILE_OPTS
19
9e4abcb5
SK		 20#include "dnsmasq.h"
21
5aabfc78
SK		 22struct daemon *daemon;
23
5aabfc78
SK		 24static volatile pid_t pid = 0;
25static volatile int pipewrite;
9e4abcb5 26
5aabfc78
SK		 27static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
28static void check_dns_listeners(fd_set *set, time_t now);
3be34541 29static void sig_handler(int sig);
5aabfc78 30static void async_event(int pipe, time_t now);
c72daea8
SK		 31static void fatal_event(struct event_desc *ev, char *msg);
32static int read_event(int fd, struct event_desc *evp, char **msg);
9e4abcb5
SK		 33
34int main (int argc, char **argv)
35{
de37951c 36 int bind_fallback = 0;
9009d746 37 time_t now;
9e4abcb5 38 struct sigaction sigact;
26128d27 39 struct iname *if_tmp;
1a6bca81
SK		 40 int piperead, pipefd[2], err_pipe[2];
41 struct passwd *ent_pw = NULL;
c72daea8 42#if defined(HAVE_SCRIPT)
1a6bca81
SK		 43 uid_t script_uid = 0;
44 gid_t script_gid = 0;
7622fc06
SK		 45#endif
46 struct group *gp = NULL;
5aabfc78 47 long i, max_fd = sysconf(_SC_OPEN_MAX);
1a6bca81
SK		 48 char *baduser = NULL;
49 int log_err;
50#if defined(HAVE_LINUX_NETWORK)
51 cap_user_header_t hdr = NULL;
52 cap_user_data_t data = NULL;
53#endif
5aabfc78 54
824af85b 55#ifdef LOCALEDIR
b8187c80
SK		 56 setlocale(LC_ALL, "");
57 bindtextdomain("dnsmasq", LOCALEDIR);
58 textdomain("dnsmasq");
59#endif
60
9e4abcb5
SK		 61 sigact.sa_handler = sig_handler;
62 sigact.sa_flags = 0;
63 sigemptyset(&sigact.sa_mask);
64 sigaction(SIGUSR1, &sigact, NULL);
5aabfc78 65 sigaction(SIGUSR2, &sigact, NULL);
9e4abcb5
SK		 66 sigaction(SIGHUP, &sigact, NULL);
67 sigaction(SIGTERM, &sigact, NULL);
44a2a316 68 sigaction(SIGALRM, &sigact, NULL);
feba5c1d
SK		 69 sigaction(SIGCHLD, &sigact, NULL);
70
71 /* ignore SIGPIPE */
72 sigact.sa_handler = SIG_IGN;
73 sigaction(SIGPIPE, &sigact, NULL);
9e4abcb5 74
5aabfc78
SK		 75 umask(022); /* known umask, create leases and pid files as 0644 */
76
77 read_opts(argc, argv, compile_opts);
78
3be34541
SK		 79 if (daemon->edns_pktsz < PACKETSZ)
80 daemon->edns_pktsz = PACKETSZ;
0a852541
SK		 81 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
82 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
83 daemon->packet = safe_malloc(daemon->packet_buff_sz);
1a6bca81 84
c72daea8
SK		 85 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
86
7622fc06 87#ifdef HAVE_DHCP
3be34541 88 if (!daemon->lease_file)
9e4abcb5 89 {
52b92f4d 90 if (daemon->dhcp || daemon->dhcp6)
3be34541 91 daemon->lease_file = LEASEFILE;
9e4abcb5 92 }
7622fc06 93#endif
9e4abcb5 94
a2761754
SK		 95 /* Close any file descriptors we inherited apart from std{in|out|err}
96
97 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
98 otherwise file descriptors we create can end up being 0, 1, or 2
99 and then get accidentally closed later when we make 0, 1, and 2
100 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
101 but it's not guaranteed. By opening /dev/null three times, we
102 ensure that we're not using those fds for real stuff. */
5aabfc78
SK		 103 for (i = 0; i < max_fd; i++)
104 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
105 close(i);
a2761754
SK		 106 else
107 open("/dev/null", O_RDWR);
5aabfc78 108
801ca9a7
SK		 109#ifndef HAVE_LINUX_NETWORK
110# if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
28866e95 111 if (!option_bool(OPT_NOWILD))
de37951c
SK		 112 {
113 bind_fallback = 1;
28866e95 114 set_option_bool(OPT_NOWILD);
de37951c 115 }
801ca9a7 116# endif
2b5bae9a
SK		 117
118 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
54dd393f 119 if (option_bool(OPT_CLEVERBIND))
2b5bae9a
SK		 120 {
121 bind_fallback = 1;
122 set_option_bool(OPT_NOWILD);
236e072c 123 reset_option_bool(OPT_CLEVERBIND);
2b5bae9a 124 }
309331f5 125#endif
2b5bae9a 126
832af0ba 127#ifndef HAVE_TFTP
9b40cbf5 128 if (option_bool(OPT_TFTP))
5aabfc78 129 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
832af0ba
SK		 130#endif
131
7de060b0
SK		 132#ifdef HAVE_CONNTRACK
133 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
134 die (_("Cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
135#else
136 if (option_bool(OPT_CONNTRACK))
137 die(_("Conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
138#endif
139
824af85b
SK		 140#ifdef HAVE_SOLARIS_NETWORK
141 if (daemon->max_logs != 0)
142 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
143#endif
144
572b41eb
SK		 145#ifdef __ANDROID__
146 if (daemon->max_logs != 0)
147 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
148#endif
149
1a6bca81
SK		 150 rand_init();
151
5aabfc78
SK		 152 now = dnsmasq_time();
153
7622fc06 154#ifdef HAVE_DHCP
52b92f4d 155 if (daemon->dhcp || daemon->dhcp6)
5aabfc78 156 {
5aabfc78
SK		 157 /* Note that order matters here, we must call lease_init before
158 creating any file descriptors which shouldn't be leaked
4cb1b320
SK		 159 to the lease-script init process. We need to call common_init
160 before lease_init to allocate buffers it uses.*/
161 dhcp_common_init();
5aabfc78 162 lease_init(now);
843c96b4 163
52b92f4d
SK		 164 if (daemon->dhcp)
165 dhcp_init();
843c96b4
SK		 166 }
167
168# ifdef HAVE_DHCP6
169 /* Start RA subsystem if --enable-ra OR dhcp-range=<subnet>, ra-only */
170 if (daemon->ra_contexts || option_bool(OPT_RA))
171 {
172 /* link the DHCP6 contexts to the ra-only ones so we can traverse them all
173 from ->ra_contexts, but only the non-ra-onlies from ->dhcp6 */
174 struct dhcp_context *context;
175
176 if (!daemon->ra_contexts)
177 daemon->ra_contexts = daemon->dhcp6;
178 else
c5ad4e79 179 {
843c96b4
SK		 180 for (context = daemon->ra_contexts; context->next; context = context->next);
181 context->next = daemon->dhcp6;
c5ad4e79 182 }
843c96b4 183 ra_init(now);
5aabfc78 184 }
843c96b4
SK		 185
186 if (daemon->dhcp6)
187 dhcp6_init();
188
801ca9a7
SK		 189# endif
190
191#endif
192
193#ifdef HAVE_LINUX_NETWORK
194 /* After lease_init */
195 netlink_init();
54dd393f
SK		 196
197 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
198 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
801ca9a7
SK		 199#endif
200
201#ifdef HAVE_DHCP6
202 /* after netlink_init */
843c96b4
SK		 203 if (daemon->ra_contexts || daemon->dhcp6)
204 join_multicast();
801ca9a7 205#endif
843c96b4 206
801ca9a7
SK		 207#ifdef HAVE_DHCP
208 /* after netlink_init */
209 if (daemon->dhcp || daemon->dhcp6)
8b372704 210 lease_find_interfaces(now);
7622fc06 211#endif
5aabfc78
SK		 212
213 if (!enumerate_interfaces())
214 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
843c96b4 215
54dd393f 216 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
de37951c 217 {
74c95c25 218 create_bound_listeners(1);
54dd393f
SK		 219
220 if (!option_bool(OPT_CLEVERBIND))
221 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
222 if (if_tmp->name && !if_tmp->used)
223 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
9380ba70
SK		 224
225#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
226 /* after enumerate_interfaces() */
227 if (daemon->dhcp)
228 {
229 bindtodevice(daemon->dhcpfd);
230 if (daemon->enable_pxe)
231 bindtodevice(daemon->pxefd);
232 }
233#endif
234
235#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
236 if (daemon->dhcp6)
237 bindtodevice(daemon->dhcp6fd);
238#endif
de37951c 239 }
28866e95 240 else
74c95c25 241 create_wildcard_listeners();
de37951c 242
824af85b
SK		 243 if (daemon->port != 0)
244 cache_init();
1a6bca81 245
28866e95 246 if (option_bool(OPT_DBUS))
3d8df260
SK		 247#ifdef HAVE_DBUS
248 {
249 char *err;
250 daemon->dbus = NULL;
251 daemon->watches = NULL;
5aabfc78
SK		 252 if ((err = dbus_init()))
253 die(_("DBus error: %s"), err, EC_MISC);
3d8df260
SK		 254 }
255#else
5aabfc78 256 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
3d8df260
SK		 257#endif
258
824af85b
SK		 259 if (daemon->port != 0)
260 pre_allocate_sfds();
1a6bca81 261
c72daea8 262#if defined(HAVE_SCRIPT)
1a6bca81 263 /* Note getpwnam returns static storage */
843c96b4
SK		 264 if ((daemon->dhcp || daemon->dhcp6) &&
265 daemon->scriptuser &&
c72daea8 266 (daemon->lease_change_command || daemon->luascript))
1a6bca81
SK		 267 {
268 if ((ent_pw = getpwnam(daemon->scriptuser)))
269 {
270 script_uid = ent_pw->pw_uid;
271 script_gid = ent_pw->pw_gid;
272 }
273 else
274 baduser = daemon->scriptuser;
275 }
7622fc06 276#endif
9e4abcb5 277
1a6bca81
SK		 278 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
279 baduser = daemon->username;
280 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
281 baduser = daemon->groupname;
282
283 if (baduser)
284 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
285
286 /* implement group defaults, "dip" if available, or group associated with uid */
287 if (!daemon->group_set && !gp)
288 {
289 if (!(gp = getgrnam(CHGRP)) && ent_pw)
290 gp = getgrgid(ent_pw->pw_gid);
291
292 /* for error message */
293 if (gp)
294 daemon->groupname = gp->gr_name;
295 }
296
297#if defined(HAVE_LINUX_NETWORK)
298 /* determine capability API version here, while we can still
299 call safe_malloc */
300 if (ent_pw && ent_pw->pw_uid != 0)
301 {
1a6bca81 302 int capsize = 1; /* for header version 1 */
3927da46
SK		 303 hdr = safe_malloc(sizeof(*hdr));
304
1a6bca81
SK		 305 /* find version supported by kernel */
306 memset(hdr, 0, sizeof(*hdr));
307 capget(hdr, NULL);
308
309 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
310 {
311 /* if unknown version, use largest supported version (3) */
312 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
313 hdr->version = LINUX_CAPABILITY_VERSION_3;
314 capsize = 2;
315 }
316
317 data = safe_malloc(sizeof(*data) * capsize);
318 memset(data, 0, sizeof(*data) * capsize);
319 }
320#endif
321
5aabfc78 322 /* Use a pipe to carry signals and other events back to the event loop
1a6bca81
SK		 323 in a race-free manner and another to carry errors to daemon-invoking process */
324 safe_pipe(pipefd, 1);
5e9e0efb
SK		 325
326 piperead = pipefd[0];
327 pipewrite = pipefd[1];
328 /* prime the pipe to load stuff first time. */
c72daea8 329 send_event(pipewrite, EVENT_RELOAD, 0, NULL);
1a6bca81
SK		 330
331 err_pipe[1] = -1;
1697269c 332
28866e95 333 if (!option_bool(OPT_DEBUG))
9e4abcb5 334 {
9e4abcb5
SK		 335 /* The following code "daemonizes" the process.
336 See Stevens section 12.4 */
1a6bca81 337
9e038946
SK		 338 if (chdir("/") != 0)
339 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
340
1697269c 341#ifndef NO_FORK
28866e95 342 if (!option_bool(OPT_NO_FORK))
3be34541 343 {
5aabfc78 344 pid_t pid;
3be34541 345
1a6bca81
SK		 346 /* pipe to carry errors back to original process.
347 When startup is complete we close this and the process terminates. */
348 safe_pipe(err_pipe, 0);
349
7622fc06
SK		 350 if ((pid = fork()) == -1)
351 /* fd == -1 since we've not forked, never returns. */
c72daea8 352 send_event(-1, EVENT_FORK_ERR, errno, NULL);
9e038946 353
5aabfc78 354 if (pid != 0)
1a6bca81
SK		 355 {
356 struct event_desc ev;
c72daea8
SK		 357 char *msg;
358
1a6bca81
SK		 359 /* close our copy of write-end */
360 close(err_pipe[1]);
361
362 /* check for errors after the fork */
c72daea8
SK		 363 if (read_event(err_pipe[0], &ev, &msg))
364 fatal_event(&ev, msg);
1a6bca81
SK		 365
366 _exit(EC_GOOD);
367 }
368
369 close(err_pipe[0]);
370
371 /* NO calls to die() from here on. */
3be34541 372
5aabfc78 373 setsid();
7622fc06
SK		 374
375 if ((pid = fork()) == -1)
c72daea8 376 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
7622fc06
SK		 377
378 if (pid != 0)
7cebd20f 379 _exit(0);
3be34541 380 }
9e4abcb5 381#endif
9e038946 382
9e4abcb5 383 /* write pidfile _after_ forking ! */
1a6bca81
SK		 384 if (daemon->runfile)
385 {
79cfefd8
SK		 386 int fd, err = 0;
387
388 sprintf(daemon->namebuff, "%d\n", (int) getpid());
389
390 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
391 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
392 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
393 extent that an attacker running as the unprivileged user could replace the pidfile with a
394 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
395
396 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
397 ensuring that the open() fails should there be any existing file (because the unlink() failed,
398 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
399 attack can succeed.
400
401 Any compromise of the non-privileged user still theoretically allows the pid-file to be
402 replaced whilst dnsmasq is running. The worst that could allow is that the usual
403 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
404
405 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
406 failure to write the pid-file.
407 */
408
409 unlink(daemon->runfile);
1a6bca81 410
79cfefd8 411 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
1a6bca81 412 {
79cfefd8
SK		 413 /* only complain if started as root */
414 if (getuid() == 0)
415 err = 1;
1a6bca81 416 }
79cfefd8
SK		 417 else
418 {
419 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
420 err = 1;
421
422 while (!err && close(fd) == -1)
423 if (!retry_send())
424 err = 1;
425 }
426
427 if (err)
1a6bca81 428 {
c72daea8 429 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
1a6bca81
SK		 430 _exit(0);
431 }
9e4abcb5 432 }
1697269c
SK		 433 }
434
8ef5ada2
SK		 435 log_err = log_start(ent_pw, err_pipe[1]);
436
28866e95 437 if (!option_bool(OPT_DEBUG))
8ef5ada2
SK		 438 {
439 /* open stdout etc to /dev/null */
440 int nullfd = open("/dev/null", O_RDWR);
441 dup2(nullfd, STDOUT_FILENO);
442 dup2(nullfd, STDERR_FILENO);
443 dup2(nullfd, STDIN_FILENO);
444 close(nullfd);
445 }
1a6bca81
SK		 446
447 /* if we are to run scripts, we need to fork a helper before dropping root. */
448 daemon->helperfd = -1;
c72daea8 449#ifdef HAVE_SCRIPT
52b92f4d 450 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
1a6bca81 451 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
5aabfc78 452#endif
5aabfc78 453
28866e95 454 if (!option_bool(OPT_DEBUG) && getuid() == 0)
1697269c 455 {
1a6bca81
SK		 456 int bad_capabilities = 0;
457 gid_t dummy;
458
459 /* remove all supplimentary groups */
460 if (gp &&
461 (setgroups(0, &dummy) == -1 ||
462 setgid(gp->gr_gid) == -1))
9e4abcb5 463 {
c72daea8 464 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
1a6bca81 465 _exit(0);
7cebd20f 466 }
1a6bca81 467
7cebd20f 468 if (ent_pw && ent_pw->pw_uid != 0)
1697269c 469 {
74c95c25 470#if defined(HAVE_LINUX_NETWORK)
1697269c 471 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
74c95c25 472 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
54dd393f
SK		 473 ports because of DAD, or we're doing it dynamically,
474 we need CAP_NET_BIND_SERVICE too. */
475 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
74c95c25
SK		 476 data->effective = data->permitted = data->inheritable =
477 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
478 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
479 else
480 data->effective = data->permitted = data->inheritable =
481 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
5e9e0efb 482
1697269c 483 /* Tell kernel to not clear capabilities when dropping root */
572b41eb 484 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
1697269c 485 bad_capabilities = errno;
1a6bca81 486
7622fc06 487#elif defined(HAVE_SOLARIS_NETWORK)
824af85b
SK		 488 /* http://developers.sun.com/solaris/articles/program_privileges.html */
489 priv_set_t *priv_set;
490
491 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
492 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
493 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
494 bad_capabilities = errno;
495
496 if (priv_set && bad_capabilities == 0)
497 {
498 priv_inverse(priv_set);
499
500 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
501 bad_capabilities = errno;
502 }
503
504 if (priv_set)
505 priv_freeset(priv_set);
506
824af85b
SK		 507#endif
508
1a6bca81 509 if (bad_capabilities != 0)
1697269c 510 {
c72daea8 511 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
1a6bca81
SK		 512 _exit(0);
513 }
514
515 /* finally drop root */
516 if (setuid(ent_pw->pw_uid) == -1)
517 {
c72daea8 518 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
1a6bca81
SK		 519 _exit(0);
520 }
521
1697269c 522#ifdef HAVE_LINUX_NETWORK
54dd393f 523 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
74c95c25
SK		 524 data->effective = data->permitted =
525 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
526 else
527 data->effective = data->permitted =
528 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
1a6bca81
SK		 529 data->inheritable = 0;
530
531 /* lose the setuid and setgid capbilities */
532 if (capset(hdr, data) == -1)
533 {
c72daea8 534 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
1a6bca81 535 _exit(0);
1697269c 536 }
1a6bca81
SK		 537#endif
538
9e4abcb5
SK		 539 }
540 }
1697269c 541
1697269c 542#ifdef HAVE_LINUX_NETWORK
28866e95 543 if (option_bool(OPT_DEBUG))
572b41eb 544 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
1697269c 545#endif
9e4abcb5 546
8b3ae2fd 547#ifdef HAVE_TFTP
8bc4cece 548 if (option_bool(OPT_TFTP))
8b3ae2fd
SK		 549 {
550 DIR *dir;
551 struct tftp_prefix *p;
552
553 if (daemon->tftp_prefix)
554 {
555 if (!((dir = opendir(daemon->tftp_prefix))))
556 {
557 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
558 _exit(0);
559 }
560 closedir(dir);
561 }
562
563 for (p = daemon->if_prefix; p; p = p->next)
564 {
565 if (!((dir = opendir(p->prefix))))
566 {
567 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
568 _exit(0);
569 }
570 closedir(dir);
571 }
572 }
573#endif
574
824af85b
SK		 575 if (daemon->port == 0)
576 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
577 else if (daemon->cachesize != 0)
f2621c7f 578 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
9e4abcb5 579 else
f2621c7f 580 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
1697269c 581
f2621c7f 582 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
1697269c 583
3d8df260 584#ifdef HAVE_DBUS
28866e95 585 if (option_bool(OPT_DBUS))
3d8df260
SK		 586 {
587 if (daemon->dbus)
f2621c7f 588 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
3d8df260 589 else
f2621c7f 590 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
3d8df260
SK		 591 }
592#endif
593
1a6bca81
SK		 594 if (log_err != 0)
595 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
596 daemon->log_file, strerror(log_err));
597
de37951c 598 if (bind_fallback)
f2621c7f 599 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
de37951c 600
28866e95 601 if (!option_bool(OPT_NOWILD))
26128d27
SK		 602 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
603 if (if_tmp->name && !if_tmp->used)
f2621c7f 604 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
5e9e0efb 605
28866e95 606 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
208b65c5
SK		 607 {
608 if (daemon->resolv_files && !daemon->resolv_files->is_default)
f2621c7f 609 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
208b65c5 610 daemon->resolv_files = NULL;
1b7ecd11 611 if (!daemon->servers)
f2621c7f 612 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
208b65c5
SK		 613 }
614
f2621c7f
SK		 615 if (daemon->max_logs != 0)
616 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
c5ad4e79 617
843c96b4 618 if (daemon->ra_contexts)
c5ad4e79 619 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
f2621c7f 620
7622fc06 621#ifdef HAVE_DHCP
c8257540 622 if (daemon->dhcp || daemon->dhcp6 || daemon->ra_contexts)
9e4abcb5 623 {
3be34541 624 struct dhcp_context *dhcp_tmp;
52b92f4d
SK		 625 int family = AF_INET;
626 dhcp_tmp = daemon->dhcp;
627
3268e90f 628#ifdef HAVE_DHCP6
52b92f4d 629 again:
3268e90f 630#endif
52b92f4d 631 for (; dhcp_tmp; dhcp_tmp = dhcp_tmp->next)
feba5c1d 632 {
52b92f4d
SK		 633 void *start = &dhcp_tmp->start;
634 void *end = &dhcp_tmp->end;
c8257540 635
52b92f4d
SK		 636#ifdef HAVE_DHCP6
637 if (family == AF_INET6)
638 {
639 start = &dhcp_tmp->start6;
640 end = &dhcp_tmp->end6;
30cd9666
SK		 641 struct in6_addr subnet = dhcp_tmp->start6;
642 setaddr6part(&subnet, 0);
0c0d4793 643 inet_ntop(AF_INET6, &subnet, daemon->dhcp_buff2, 256);
52b92f4d
SK		 644 }
645#endif
646
c8257540
SK		 647 if (family != AF_INET && (dhcp_tmp->flags & CONTEXT_DEPRECATE))
648 strcpy(daemon->namebuff, _("prefix deprecated"));
649 else
650 {
651 char *p = daemon->namebuff;
652 p += sprintf(p, _("lease time "));
653 prettyprint_time(p, dhcp_tmp->lease_time);
654 }
655
0c0d4793
SK		 656 inet_ntop(family, start, daemon->dhcp_buff, 256);
657 inet_ntop(family, end, daemon->dhcp_buff3, 256);
30cd9666
SK		 658 if ((dhcp_tmp->flags & CONTEXT_DHCP) || family == AF_INET)
659 my_syslog(MS_DHCP | LOG_INFO,
30cd9666 660 (dhcp_tmp->flags & CONTEXT_RA_STATELESS) ?
2b127a1e 661 _("%s stateless on %s%.0s%.0s") :
22407048 662 (dhcp_tmp->flags & CONTEXT_STATIC) ?
2b127a1e 663 _("%s, static leases only on %.0s%s, %s") :
30cd9666 664 (dhcp_tmp->flags & CONTEXT_PROXY) ?
2b127a1e
SK		 665 _("%s, proxy on subnet %.0s%s%.0s") :
666 _("%s, IP range %s -- %s, %s"),
667 (family != AF_INET) ? "DHCPv6" : "DHCP",
30cd9666 668 daemon->dhcp_buff, daemon->dhcp_buff3, daemon->namebuff);
c8257540 669
30cd9666 670 if (dhcp_tmp->flags & CONTEXT_RA_NAME)
c8257540 671 my_syslog(MS_DHCP | LOG_INFO, _("DHCPv4-derived IPv6 names on %s"),
0c0d4793 672 daemon->dhcp_buff2);
c8257540
SK		 673 if (dhcp_tmp->flags & (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS))
674 {
675 if (!(dhcp_tmp->flags & CONTEXT_DEPRECATE))
676 {
677 char *p = daemon->namebuff;
678 p += sprintf(p, _("prefix valid "));
679 prettyprint_time(p, dhcp_tmp->lease_time > 7200 ? dhcp_tmp->lease_time : 7200);
680 }
681 my_syslog(MS_DHCP | LOG_INFO, _("SLAAC on %s %s"),
0c0d4793 682 daemon->dhcp_buff2, daemon->namebuff);
c8257540 683 }
52b92f4d
SK		 684 }
685
686#ifdef HAVE_DHCP6
687 if (family == AF_INET)
688 {
689 family = AF_INET6;
c5ad4e79
SK		 690 if (daemon->ra_contexts)
691 dhcp_tmp = daemon->ra_contexts;
692 else
693 dhcp_tmp = daemon->dhcp6;
52b92f4d 694 goto again;
feba5c1d 695 }
52b92f4d
SK		 696#endif
697
26128d27 698 }
7622fc06 699#endif
26128d27 700
52b92f4d 701
832af0ba 702#ifdef HAVE_TFTP
8bc4cece 703 if (option_bool(OPT_TFTP))
832af0ba 704 {
832af0ba 705#ifdef FD_SETSIZE
5aabfc78 706 if (FD_SETSIZE < (unsigned)max_fd)
832af0ba
SK		 707 max_fd = FD_SETSIZE;
708#endif
709
7622fc06 710 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
f2621c7f
SK		 711 daemon->tftp_prefix ? _("root is ") : _("enabled"),
712 daemon->tftp_prefix ? daemon->tftp_prefix: "",
28866e95 713 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
f2621c7f 714
832af0ba 715 /* This is a guess, it assumes that for small limits,
f2621c7f 716 disjoint files might be served, but for large limits,
832af0ba
SK		 717 a single file will be sent to may clients (the file only needs
718 one fd). */
719
720 max_fd -= 30; /* use other than TFTP */
721
722 if (max_fd < 0)
723 max_fd = 5;
724 else if (max_fd < 100)
725 max_fd = max_fd/2;
726 else
727 max_fd = max_fd - 20;
824af85b
SK		 728
729 /* if we have to use a limited range of ports,
730 that will limit the number of transfers */
731 if (daemon->start_tftp_port != 0 &&
732 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
733 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
832af0ba
SK		 734
735 if (daemon->tftp_max > max_fd)
736 {
737 daemon->tftp_max = max_fd;
7622fc06 738 my_syslog(MS_TFTP | LOG_WARNING,
f2621c7f
SK		 739 _("restricting maximum simultaneous TFTP transfers to %d"),
740 daemon->tftp_max);
832af0ba
SK		 741 }
742 }
743#endif
744
1a6bca81
SK		 745 /* finished start-up - release original process */
746 if (err_pipe[1] != -1)
747 close(err_pipe[1]);
9e4abcb5 748
824af85b
SK		 749 if (daemon->port != 0)
750 check_servers();
751
7cebd20f
SK		 752 pid = getpid();
753
5e9e0efb 754 while (1)
9e4abcb5 755 {
1697269c 756 int maxfd = -1;
5e9e0efb 757 struct timeval t, *tp = NULL;
3d8df260 758 fd_set rset, wset, eset;
9e4abcb5
SK		 759
760 FD_ZERO(&rset);
3d8df260
SK		 761 FD_ZERO(&wset);
762 FD_ZERO(&eset);
9e4abcb5 763
1697269c
SK		 764 /* if we are out of resources, find how long we have to wait
765 for some to come free, we'll loop around then and restart
766 listening for queries */
5aabfc78 767 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
1697269c
SK		 768 {
769 t.tv_usec = 0;
770 tp = &t;
771 }
772
832af0ba
SK		 773 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
774 if (daemon->tftp_trans ||
28866e95 775 (option_bool(OPT_DBUS) && !daemon->dbus))
5e9e0efb 776 {
1697269c
SK		 777 t.tv_sec = 0;
778 t.tv_usec = 250000;
5e9e0efb 779 tp = &t;
5e9e0efb 780 }
74c95c25
SK		 781 /* Wake every second whilst waiting for DAD to complete */
782 else if (is_dad_listeners())
783 {
784 t.tv_sec = 1;
785 t.tv_usec = 0;
786 tp = &t;
787 }
44a2a316 788
832af0ba 789#ifdef HAVE_DBUS
5aabfc78 790 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
5e9e0efb
SK		 791#endif
792
7622fc06 793#ifdef HAVE_DHCP
5e9e0efb
SK		 794 if (daemon->dhcp)
795 {
796 FD_SET(daemon->dhcpfd, &rset);
1697269c 797 bump_maxfd(daemon->dhcpfd, &maxfd);
316e2730
SK		 798 if (daemon->pxefd != -1)
799 {
800 FD_SET(daemon->pxefd, &rset);
801 bump_maxfd(daemon->pxefd, &maxfd);
802 }
5e9e0efb 803 }
7622fc06 804#endif
cdeda28f 805
52b92f4d
SK		 806#ifdef HAVE_DHCP6
807 if (daemon->dhcp6)
808 {
809 FD_SET(daemon->dhcp6fd, &rset);
c5ad4e79 810 bump_maxfd(daemon->dhcp6fd, &maxfd);
5d71d834
SK		 811 }
812
813 if (daemon->ra_contexts)
814 {
815 FD_SET(daemon->icmp6fd, &rset);
816 bump_maxfd(daemon->icmp6fd, &maxfd);
52b92f4d
SK		 817 }
818#endif
819
5e9e0efb
SK		 820#ifdef HAVE_LINUX_NETWORK
821 FD_SET(daemon->netlinkfd, &rset);
1697269c 822 bump_maxfd(daemon->netlinkfd, &maxfd);
3d8df260 823#endif
3d8df260 824
5e9e0efb 825 FD_SET(piperead, &rset);
1697269c
SK		 826 bump_maxfd(piperead, &maxfd);
827
7622fc06 828#ifdef HAVE_DHCP
1f15b81d 829# ifdef HAVE_SCRIPT
5aabfc78 830 while (helper_buf_empty() && do_script_run(now));
1697269c 831
a9530964
SK		 832# ifdef HAVE_TFTP
833 while (helper_buf_empty() && do_tftp_script_run());
834# endif
835
1697269c
SK		 836 if (!helper_buf_empty())
837 {
838 FD_SET(daemon->helperfd, &wset);
839 bump_maxfd(daemon->helperfd, &maxfd);
840 }
7622fc06 841# else
5aabfc78
SK		 842 /* need this for other side-effects */
843 while (do_script_run(now));
a9530964
SK		 844
845# ifdef HAVE_TFTP
846 while (do_tftp_script_run());
847# endif
848
7622fc06 849# endif
5aabfc78 850#endif
7622fc06 851
f2621c7f
SK		 852 /* must do this just before select(), when we know no
853 more calls to my_syslog() can occur */
854 set_log_writer(&wset, &maxfd);
855
5e9e0efb
SK		 856 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
857 {
858 /* otherwise undefined after error */
859 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
860 }
861
862 now = dnsmasq_time();
9e4abcb5 863
f2621c7f 864 check_log_writer(&wset);
74c95c25
SK		 865
866 /* Check the interfaces to see if any have exited DAD state
867 and if so, bind the address. */
868 if (is_dad_listeners())
869 {
870 enumerate_interfaces();
871 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
872 create_bound_listeners(0);
873 }
f2621c7f 874
c52e1897
SK		 875#ifdef HAVE_LINUX_NETWORK
876 if (FD_ISSET(daemon->netlinkfd, &rset))
877 netlink_multicast();
878#endif
879
9e4abcb5 880 /* Check for changes to resolv files once per second max. */
3d8df260 881 /* Don't go silent for long periods if the clock goes backwards. */
9009d746
SK		 882 if (daemon->last_resolv == 0 ||
883 difftime(now, daemon->last_resolv) > 1.0 ||
884 difftime(now, daemon->last_resolv) < -1.0)
9e4abcb5 885 {
8ef5ada2
SK		 886 /* poll_resolv doesn't need to reload first time through, since
887 that's queued anyway. */
33820b7e 888
8ef5ada2
SK		 889 poll_resolv(0, daemon->last_resolv != 0, now);
890 daemon->last_resolv = now;
9e4abcb5 891 }
5aabfc78 892
5e9e0efb 893 if (FD_ISSET(piperead, &rset))
5aabfc78 894 async_event(piperead, now);
7cebd20f 895
3d8df260
SK		 896#ifdef HAVE_DBUS
897 /* if we didn't create a DBus connection, retry now. */
28866e95 898 if (option_bool(OPT_DBUS) && !daemon->dbus)
3d8df260
SK		 899 {
900 char *err;
5aabfc78 901 if ((err = dbus_init()))
f2621c7f 902 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
3d8df260 903 if (daemon->dbus)
f2621c7f 904 my_syslog(LOG_INFO, _("connected to system DBus"));
3d8df260 905 }
5aabfc78 906 check_dbus_listeners(&rset, &wset, &eset);
3d8df260 907#endif
824af85b 908
5aabfc78 909 check_dns_listeners(&rset, now);
832af0ba
SK		 910
911#ifdef HAVE_TFTP
5aabfc78 912 check_tftp_listeners(&rset, now);
832af0ba
SK		 913#endif
914
7622fc06 915#ifdef HAVE_DHCP
316e2730
SK		 916 if (daemon->dhcp)
917 {
918 if (FD_ISSET(daemon->dhcpfd, &rset))
919 dhcp_packet(now, 0);
920 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
921 dhcp_packet(now, 1);
922 }
1697269c 923
52b92f4d 924#ifdef HAVE_DHCP6
18c63eff
SK		 925 if (daemon->dhcp6 && FD_ISSET(daemon->dhcp6fd, &rset))
926 dhcp6_packet(now);
c5ad4e79 927
18c63eff
SK		 928 if (daemon->ra_contexts && FD_ISSET(daemon->icmp6fd, &rset))
929 icmp6_packet();
52b92f4d
SK		 930#endif
931
1f15b81d 932# ifdef HAVE_SCRIPT
1697269c 933 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
5aabfc78 934 helper_write();
7622fc06 935# endif
5aabfc78
SK		 936#endif
937
9e4abcb5 938 }
9e4abcb5
SK		 939}
940
3be34541
SK		 941static void sig_handler(int sig)
942{
5e9e0efb 943 if (pid == 0)
3be34541 944 {
1697269c
SK		 945 /* ignore anything other than TERM during startup
946 and in helper proc. (helper ignore TERM too) */
5e9e0efb 947 if (sig == SIGTERM)
5aabfc78 948 exit(EC_MISC);
3be34541 949 }
5aabfc78 950 else if (pid != getpid())
5e9e0efb 951 {
1697269c 952 /* alarm is used to kill TCP children after a fixed time. */
5e9e0efb 953 if (sig == SIGALRM)
7cebd20f 954 _exit(0);
3be34541 955 }
5aabfc78
SK		 956 else
957 {
958 /* master process */
959 int event, errsave = errno;
960
961 if (sig == SIGHUP)
962 event = EVENT_RELOAD;
963 else if (sig == SIGCHLD)
964 event = EVENT_CHILD;
965 else if (sig == SIGALRM)
966 event = EVENT_ALARM;
967 else if (sig == SIGTERM)
968 event = EVENT_TERM;
969 else if (sig == SIGUSR1)
970 event = EVENT_DUMP;
971 else if (sig == SIGUSR2)
972 event = EVENT_REOPEN;
973 else
974 return;
975
c72daea8 976 send_event(pipewrite, event, 0, NULL);
5aabfc78
SK		 977 errno = errsave;
978 }
979}
980
353ae4d2
SK		 981/* now == 0 -> queue immediate callback */
982void send_alarm(time_t event, time_t now)
741c2952 983{
884a6dfe 984 if (now == 0 || event != 0)
353ae4d2 985 {
884a6dfe
SK		 986 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
987 if ((now == 0 || difftime(event, now) <= 0.0))
988 send_event(pipewrite, EVENT_ALARM, 0, NULL);
989 else
990 alarm((unsigned)difftime(event, now));
353ae4d2 991 }
741c2952
SK		 992}
993
c72daea8 994void send_event(int fd, int event, int data, char *msg)
5aabfc78
SK		 995{
996 struct event_desc ev;
c72daea8
SK		 997 struct iovec iov[2];
998
5aabfc78
SK		 999 ev.event = event;
1000 ev.data = data;
c72daea8
SK		 1001 ev.msg_sz = msg ? strlen(msg) : 0;
1002
1003 iov[0].iov_base = &ev;
1004 iov[0].iov_len = sizeof(ev);
1005 iov[1].iov_base = msg;
1006 iov[1].iov_len = ev.msg_sz;
1a6bca81
SK		 1007
1008 /* error pipe, debug mode. */
1009 if (fd == -1)
c72daea8 1010 fatal_event(&ev, msg);
1a6bca81
SK		 1011 else
1012 /* pipe is non-blocking and struct event_desc is smaller than
1013 PIPE_BUF, so this either fails or writes everything */
c72daea8 1014 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
5aabfc78
SK		 1015}
1016
c72daea8
SK		 1017/* NOTE: the memory used to return msg is leaked: use msgs in events only
1018 to describe fatal errors. */
1019static int read_event(int fd, struct event_desc *evp, char **msg)
1020{
1021 char *buf;
1022
1023 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1024 return 0;
1025
1026 *msg = NULL;
1027
1028 if (evp->msg_sz != 0 &&
1029 (buf = malloc(evp->msg_sz + 1)) &&
1030 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1031 {
1032 buf[evp->msg_sz] = 0;
1033 *msg = buf;
1034 }
1035
1036 return 1;
1037}
1038
1039static void fatal_event(struct event_desc *ev, char *msg)
1a6bca81
SK		 1040{
1041 errno = ev->data;
1042
1043 switch (ev->event)
1044 {
1045 case EVENT_DIE:
1046 exit(0);
7622fc06
SK		 1047
1048 case EVENT_FORK_ERR:
1049 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1a6bca81
SK		 1050
1051 case EVENT_PIPE_ERR:
1052 die(_("failed to create helper: %s"), NULL, EC_MISC);
1053
1054 case EVENT_CAP_ERR:
1055 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1056
1057 case EVENT_USER_ERR:
c72daea8 1058 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1a6bca81
SK		 1059
1060 case EVENT_GROUP_ERR:
c72daea8 1061 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1a6bca81
SK		 1062
1063 case EVENT_PIDFILE:
c72daea8 1064 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1a6bca81
SK		 1065
1066 case EVENT_LOG_ERR:
c72daea8
SK		 1067 die(_("cannot open log %s: %s"), msg, EC_FILE);
1068
1069 case EVENT_LUA_ERR:
1070 die(_("failed to load Lua script: %s"), msg, EC_MISC);
8b3ae2fd
SK		 1071
1072 case EVENT_TFTP_ERR:
1073 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1a6bca81
SK		 1074 }
1075}
1076
5aabfc78
SK		 1077static void async_event(int pipe, time_t now)
1078{
1079 pid_t p;
1080 struct event_desc ev;
1081 int i;
c72daea8
SK		 1082 char *msg;
1083
1084 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1085 to describe fatal errors. */
1086
1087 if (read_event(pipe, &ev, &msg))
5aabfc78
SK		 1088 switch (ev.event)
1089 {
1090 case EVENT_RELOAD:
1091 clear_cache_and_reload(now);
28866e95 1092 if (daemon->port != 0 && daemon->resolv_files && option_bool(OPT_NO_POLL))
5aabfc78
SK		 1093 {
1094 reload_servers(daemon->resolv_files->name);
1095 check_servers();
1096 }
7622fc06 1097#ifdef HAVE_DHCP
5aabfc78 1098 rerun_scripts();
7622fc06 1099#endif
5aabfc78
SK		 1100 break;
1101
1102 case EVENT_DUMP:
824af85b
SK		 1103 if (daemon->port != 0)
1104 dump_cache(now);
5aabfc78
SK		 1105 break;
1106
1107 case EVENT_ALARM:
7622fc06 1108#ifdef HAVE_DHCP
52b92f4d 1109 if (daemon->dhcp || daemon->dhcp6)
5aabfc78
SK		 1110 {
1111 lease_prune(NULL, now);
1112 lease_update_file(now);
1113 }
843c96b4
SK		 1114#ifdef HAVE_DHCP6
1115 else if (daemon->ra_contexts)
353ae4d2
SK		 1116 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1117 send_alarm(periodic_ra(now), now);
843c96b4 1118#endif
7622fc06 1119#endif
5aabfc78
SK		 1120 break;
1121
1122 case EVENT_CHILD:
1123 /* See Stevens 5.10 */
1124 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1125 if (p == -1)
1126 {
1127 if (errno != EINTR)
1128 break;
1129 }
1130 else
1131 for (i = 0 ; i < MAX_PROCS; i++)
1132 if (daemon->tcp_pids[i] == p)
1133 daemon->tcp_pids[i] = 0;
1134 break;
1135
1136 case EVENT_KILLED:
c72daea8 1137 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
5aabfc78
SK		 1138 break;
1139
1140 case EVENT_EXITED:
c72daea8 1141 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
5aabfc78
SK		 1142 break;
1143
1144 case EVENT_EXEC_ERR:
9e038946
SK		 1145 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1146 daemon->lease_change_command, strerror(ev.data));
5aabfc78
SK		 1147 break;
1148
1a6bca81 1149 /* necessary for fatal errors in helper */
c72daea8 1150 case EVENT_USER_ERR:
1a6bca81 1151 case EVENT_DIE:
c72daea8
SK		 1152 case EVENT_LUA_ERR:
1153 fatal_event(&ev, msg);
9e038946
SK		 1154 break;
1155
5aabfc78
SK		 1156 case EVENT_REOPEN:
1157 /* Note: this may leave TCP-handling processes with the old file still open.
1158 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1159 we leave them logging to the old file. */
1160 if (daemon->log_file != NULL)
1161 log_reopen(daemon->log_file);
1162 break;
1163
1164 case EVENT_TERM:
1165 /* Knock all our children on the head. */
1166 for (i = 0; i < MAX_PROCS; i++)
1167 if (daemon->tcp_pids[i] != 0)
1168 kill(daemon->tcp_pids[i], SIGALRM);
1169
c72daea8 1170#if defined(HAVE_SCRIPT)
5aabfc78
SK		 1171 /* handle pending lease transitions */
1172 if (daemon->helperfd != -1)
1173 {
1174 /* block in writes until all done */
1175 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1176 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1177 do {
1178 helper_write();
1179 } while (!helper_buf_empty() || do_script_run(now));
1180 close(daemon->helperfd);
1181 }
1182#endif
1183
1184 if (daemon->lease_stream)
1185 fclose(daemon->lease_stream);
73a08a24
SK		 1186
1187 if (daemon->runfile)
1188 unlink(daemon->runfile);
5aabfc78
SK		 1189
1190 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1191 flush_log();
1192 exit(EC_GOOD);
1193 }
3be34541
SK		 1194}
1195
8ef5ada2 1196void poll_resolv(int force, int do_reload, time_t now)
5aabfc78
SK		 1197{
1198 struct resolvc *res, *latest;
1199 struct stat statbuf;
1200 time_t last_change = 0;
1201 /* There may be more than one possible file.
1202 Go through and find the one which changed _last_.
1203 Warn of any which can't be read. */
8ef5ada2 1204
28866e95 1205 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
8ef5ada2
SK		 1206 return;
1207
5aabfc78
SK		 1208 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1209 if (stat(res->name, &statbuf) == -1)
1210 {
8ef5ada2
SK		 1211 if (force)
1212 {
1213 res->mtime = 0;
1214 continue;
1215 }
1216
5aabfc78
SK		 1217 if (!res->logged)
1218 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1219 res->logged = 1;
8ef5ada2
SK		 1220
1221 if (res->mtime != 0)
1222 {
1223 /* existing file evaporated, force selection of the latest
1224 file even if its mtime hasn't changed since we last looked */
1225 poll_resolv(1, do_reload, now);
1226 return;
1227 }
5aabfc78
SK		 1228 }
1229 else
1230 {
1231 res->logged = 0;
8ef5ada2
SK		 1232 if (force || (statbuf.st_mtime != res->mtime))
1233 {
1234 res->mtime = statbuf.st_mtime;
5aabfc78
SK		 1235 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1236 {
1237 last_change = statbuf.st_mtime;
1238 latest = res;
1239 }
1240 }
1241 }
1242
1243 if (latest)
1244 {
1245 static int warned = 0;
1246 if (reload_servers(latest->name))
1247 {
1248 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1249 warned = 0;
1250 check_servers();
28866e95 1251 if (option_bool(OPT_RELOAD) && do_reload)
8ef5ada2 1252 clear_cache_and_reload(now);
5aabfc78
SK		 1253 }
1254 else
1255 {
1256 latest->mtime = 0;
1257 if (!warned)
1258 {
1259 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1260 warned = 1;
1261 }
1262 }
1263 }
1264}
3d8df260 1265
5aabfc78 1266void clear_cache_and_reload(time_t now)
3d8df260 1267{
824af85b 1268 if (daemon->port != 0)
7622fc06 1269 cache_reload();
824af85b 1270
7622fc06 1271#ifdef HAVE_DHCP
52b92f4d 1272 if (daemon->dhcp || daemon->dhcp6)
3d8df260 1273 {
28866e95 1274 if (option_bool(OPT_ETHERS))
5aabfc78 1275 dhcp_read_ethers();
824af85b 1276 reread_dhcp();
3d8df260 1277 dhcp_update_configs(daemon->dhcp_conf);
5aabfc78
SK		 1278 lease_update_from_configs();
1279 lease_update_file(now);
353ae4d2 1280 lease_update_dns(1);
3d8df260 1281 }
843c96b4
SK		 1282#ifdef HAVE_DHCP6
1283 else if (daemon->ra_contexts)
2021c662
SK		 1284 /* Not doing DHCP, so no lease system, manage
1285 alarms for ra only */
1286 send_alarm(periodic_ra(now), now);
843c96b4 1287#endif
7622fc06 1288#endif
3d8df260
SK		 1289}
1290
5aabfc78 1291static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
3be34541
SK		 1292{
1293 struct serverfd *serverfdp;
1294 struct listener *listener;
824af85b 1295 int wait = 0, i;
832af0ba
SK		 1296
1297#ifdef HAVE_TFTP
1298 int tftp = 0;
1299 struct tftp_transfer *transfer;
1300 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1301 {
1302 tftp++;
1303 FD_SET(transfer->sockfd, set);
1304 bump_maxfd(transfer->sockfd, maxfdp);
1305 }
1306#endif
1307
1697269c 1308 /* will we be able to get memory? */
824af85b
SK		 1309 if (daemon->port != 0)
1310 get_new_frec(now, &wait);
1697269c 1311
3be34541
SK		 1312 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1313 {
1314 FD_SET(serverfdp->fd, set);
1697269c 1315 bump_maxfd(serverfdp->fd, maxfdp);
3be34541 1316 }
1a6bca81
SK		 1317
1318 if (daemon->port != 0 && !daemon->osport)
1319 for (i = 0; i < RANDOM_SOCKS; i++)
1320 if (daemon->randomsocks[i].refcount != 0)
1321 {
1322 FD_SET(daemon->randomsocks[i].fd, set);
1323 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1324 }
1325
3be34541
SK		 1326 for (listener = daemon->listeners; listener; listener = listener->next)
1327 {
1697269c 1328 /* only listen for queries if we have resources */
824af85b 1329 if (listener->fd != -1 && wait == 0)
1697269c
SK		 1330 {
1331 FD_SET(listener->fd, set);
1332 bump_maxfd(listener->fd, maxfdp);
1333 }
1334
1335 /* death of a child goes through the select loop, so
1336 we don't need to explicitly arrange to wake up here */
824af85b
SK		 1337 if (listener->tcpfd != -1)
1338 for (i = 0; i < MAX_PROCS; i++)
1339 if (daemon->tcp_pids[i] == 0)
1340 {
1341 FD_SET(listener->tcpfd, set);
1342 bump_maxfd(listener->tcpfd, maxfdp);
1343 break;
1344 }
9e4abcb5 1345
832af0ba
SK		 1346#ifdef HAVE_TFTP
1347 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1348 {
1349 FD_SET(listener->tftpfd, set);
1350 bump_maxfd(listener->tftpfd, maxfdp);
1351 }
1352#endif
1353
1354 }
1355
1697269c 1356 return wait;
3be34541 1357}
9e4abcb5 1358
5aabfc78 1359static void check_dns_listeners(fd_set *set, time_t now)
3be34541
SK		 1360{
1361 struct serverfd *serverfdp;
1a6bca81
SK		 1362 struct listener *listener;
1363 int i;
1364
832af0ba
SK		 1365 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1366 if (FD_ISSET(serverfdp->fd, set))
1a6bca81
SK		 1367 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1368
1369 if (daemon->port != 0 && !daemon->osport)
1370 for (i = 0; i < RANDOM_SOCKS; i++)
1371 if (daemon->randomsocks[i].refcount != 0 &&
1372 FD_ISSET(daemon->randomsocks[i].fd, set))
1373 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
832af0ba
SK		 1374
1375 for (listener = daemon->listeners; listener; listener = listener->next)
1376 {
824af85b 1377 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
5aabfc78 1378 receive_query(listener, now);
1a6bca81 1379
832af0ba
SK		 1380#ifdef HAVE_TFTP
1381 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
5aabfc78 1382 tftp_request(listener, now);
832af0ba 1383#endif
3be34541 1384
824af85b 1385 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
832af0ba
SK		 1386 {
1387 int confd;
1388 struct irec *iface = NULL;
1389 pid_t p;
52d4abf2
SK		 1390 union mysockaddr tcp_addr;
1391 socklen_t tcp_len = sizeof(union mysockaddr);
1392
1393 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
832af0ba 1394
52d4abf2
SK		 1395 if (confd == -1 ||
1396 getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
832af0ba
SK		 1397 continue;
1398
54dd393f 1399 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
52d4abf2 1400 iface = listener->iface; /* May be NULL */
832af0ba
SK		 1401 else
1402 {
832af0ba
SK		 1403 /* Check for allowed interfaces when binding the wildcard address:
1404 we do this by looking for an interface with the same address as
1405 the local address of the TCP connection, then looking to see if that's
1406 an allowed interface. As a side effect, we get the netmask of the
1407 interface too, for localisation. */
3be34541 1408
832af0ba 1409 /* interface may be new since startup */
52d4abf2 1410 if (enumerate_interfaces())
832af0ba
SK		 1411 for (iface = daemon->interfaces; iface; iface = iface->next)
1412 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1413 break;
1414 }
1415
54dd393f 1416 if (!iface && !(option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)))
832af0ba
SK		 1417 {
1418 shutdown(confd, SHUT_RDWR);
1419 close(confd);
1420 }
59353a6b 1421#ifndef NO_FORK
28866e95 1422 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
832af0ba
SK		 1423 {
1424 if (p != -1)
1425 {
1426 int i;
1427 for (i = 0; i < MAX_PROCS; i++)
1428 if (daemon->tcp_pids[i] == 0)
1429 {
1430 daemon->tcp_pids[i] = p;
1431 break;
1432 }
1433 }
1434 close(confd);
1435 }
1436#endif
1437 else
1438 {
1439 unsigned char *buff;
1440 struct server *s;
1441 int flags;
52d4abf2
SK		 1442 struct in_addr netmask;
1443
1444 if (iface)
1445 netmask = iface->netmask;
1446 else
1447 netmask.s_addr = 0;
1448
8ef5ada2
SK		 1449#ifndef NO_FORK
1450 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1451 terminate the process. */
28866e95 1452 if (!option_bool(OPT_DEBUG))
832af0ba 1453 alarm(CHILD_LIFETIME);
8ef5ada2
SK		 1454#endif
1455
832af0ba
SK		 1456 /* start with no upstream connections. */
1457 for (s = daemon->servers; s; s = s->next)
7cebd20f 1458 s->tcpfd = -1;
832af0ba
SK		 1459
1460 /* The connected socket inherits non-blocking
1461 attribute from the listening socket.
1462 Reset that here. */
1463 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1464 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1465
52d4abf2 1466 buff = tcp_request(confd, now, &tcp_addr, netmask);
7cebd20f 1467
832af0ba
SK		 1468 shutdown(confd, SHUT_RDWR);
1469 close(confd);
1470
1471 if (buff)
1472 free(buff);
1473
1474 for (s = daemon->servers; s; s = s->next)
1475 if (s->tcpfd != -1)
1476 {
1477 shutdown(s->tcpfd, SHUT_RDWR);
1478 close(s->tcpfd);
1479 }
7cebd20f 1480#ifndef NO_FORK
28866e95 1481 if (!option_bool(OPT_DEBUG))
5aabfc78
SK		 1482 {
1483 flush_log();
1484 _exit(0);
1485 }
59353a6b 1486#endif
832af0ba
SK		 1487 }
1488 }
1489 }
3be34541
SK		 1490}
1491
7622fc06 1492#ifdef HAVE_DHCP
5e9e0efb
SK		 1493int make_icmp_sock(void)
1494{
7cebd20f 1495 int fd;
5e9e0efb
SK		 1496 int zeroopt = 0;
1497
1498 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1499 {
7cebd20f 1500 if (!fix_fd(fd) ||
5e9e0efb
SK		 1501 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1502 {
1503 close(fd);
1504 fd = -1;
1505 }
1506 }
1507
1508 return fd;
1509}
1510
5aabfc78 1511int icmp_ping(struct in_addr addr)
3be34541 1512{
5e9e0efb 1513 /* Try and get an ICMP echo from a machine. */
3be34541
SK		 1514
1515 /* Note that whilst in the three second wait, we check for
832af0ba 1516 (and service) events on the DNS and TFTP sockets, (so doing that
3be34541
SK		 1517 better not use any resources our caller has in use...)
1518 but we remain deaf to signals or further DHCP packets. */
1519
5e9e0efb 1520 int fd;
3be34541
SK		 1521 struct sockaddr_in saddr;
1522 struct {
1523 struct ip ip;
1524 struct icmp icmp;
1525 } packet;
1526 unsigned short id = rand16();
1527 unsigned int i, j;
5e9e0efb 1528 int gotreply = 0;
3be34541 1529 time_t start, now;
5e9e0efb 1530
824af85b 1531#if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
5e9e0efb
SK		 1532 if ((fd = make_icmp_sock()) == -1)
1533 return 0;
1534#else
1535 int opt = 2000;
1536 fd = daemon->dhcp_icmp_fd;
1537 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1538#endif
1539
3be34541
SK		 1540 saddr.sin_family = AF_INET;
1541 saddr.sin_port = 0;
1542 saddr.sin_addr = addr;
1543#ifdef HAVE_SOCKADDR_SA_LEN
1544 saddr.sin_len = sizeof(struct sockaddr_in);
1545#endif
1546
1547 memset(&packet.icmp, 0, sizeof(packet.icmp));
1548 packet.icmp.icmp_type = ICMP_ECHO;
1549 packet.icmp.icmp_id = id;
1550 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1551 j += ((u16 *)&packet.icmp)[i];
1552 while (j>>16)
1553 j = (j & 0xffff) + (j >> 16);
1554 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1555
5e9e0efb 1556 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
fd9fa481
SK		 1557 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1558 retry_send());
1559
5e9e0efb
SK		 1560 for (now = start = dnsmasq_time();
1561 difftime(now, start) < (float)PING_WAIT;)
fd9fa481
SK		 1562 {
1563 struct timeval tv;
f2621c7f 1564 fd_set rset, wset;
fd9fa481 1565 struct sockaddr_in faddr;
1697269c 1566 int maxfd = fd;
3d8df260 1567 socklen_t len = sizeof(faddr);
fd9fa481
SK		 1568
1569 tv.tv_usec = 250000;
1570 tv.tv_sec = 0;
1571
1572 FD_ZERO(&rset);
f2621c7f 1573 FD_ZERO(&wset);
5e9e0efb 1574 FD_SET(fd, &rset);
5aabfc78 1575 set_dns_listeners(now, &rset, &maxfd);
f2621c7f 1576 set_log_writer(&wset, &maxfd);
c5ad4e79
SK		 1577
1578#ifdef HAVE_DHCP6
843c96b4 1579 if (daemon->ra_contexts)
c5ad4e79
SK		 1580 {
1581 FD_SET(daemon->icmp6fd, &rset);
1582 bump_maxfd(daemon->icmp6fd, &maxfd);
1583 }
1584#endif
1585
f2621c7f
SK		 1586 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1587 {
1588 FD_ZERO(&rset);
1589 FD_ZERO(&wset);
1590 }
1591
5e9e0efb 1592 now = dnsmasq_time();
f2621c7f
SK		 1593
1594 check_log_writer(&wset);
5aabfc78 1595 check_dns_listeners(&rset, now);
832af0ba 1596
c5ad4e79 1597#ifdef HAVE_DHCP6
843c96b4 1598 if (daemon->ra_contexts && FD_ISSET(daemon->icmp6fd, &rset))
c5ad4e79
SK		 1599 icmp6_packet();
1600#endif
1601
832af0ba 1602#ifdef HAVE_TFTP
5aabfc78 1603 check_tftp_listeners(&rset, now);
832af0ba
SK		 1604#endif
1605
5e9e0efb
SK		 1606 if (FD_ISSET(fd, &rset) &&
1607 recvfrom(fd, &packet, sizeof(packet), 0,
fd9fa481
SK		 1608 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1609 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1610 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1611 packet.icmp.icmp_seq == 0 &&
1612 packet.icmp.icmp_id == id)
1613 {
1614 gotreply = 1;
1615 break;
1616 }
1617 }
1618
824af85b 1619#if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
5e9e0efb
SK		 1620 close(fd);
1621#else
3be34541 1622 opt = 1;
5e9e0efb
SK		 1623 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1624#endif
1625
3be34541
SK		 1626 return gotreply;
1627}
7622fc06 1628#endif
0a852541
SK		 1629
1630
Michael's tree of dnsmasq.