]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/forward.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
import of dnsmasq-2.46.tar.gz
[people/ms/dnsmasq.git] / src / forward.c
CommitLineData
9009d746 1/* dnsmasq is Copyright (c) 2000-2008 Simon Kelley
9e4abcb5
SK		 2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
824af85b
SK		 5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
9e4abcb5
SK		 8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
824af85b
SK		 12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
9e4abcb5
SK		 15*/
16
9e4abcb5
SK		 17#include "dnsmasq.h"
18
832af0ba 19static struct frec *lookup_frec(unsigned short id, unsigned int crc);
9e4abcb5 20static struct frec *lookup_frec_by_sender(unsigned short id,
fd9fa481
SK		 21 union mysockaddr *addr,
22 unsigned int crc);
832af0ba 23static unsigned short get_id(int force, unsigned short force_id, unsigned int crc);
1a6bca81
SK		 24static void free_frec(struct frec *f);
25static struct randfd *allocate_rfd(int family);
9e4abcb5 26
824af85b 27/* Send a UDP packet with its source address set as "source"
44a2a316 28 unless nowild is true, when we just send it with the kernel default */
cdeda28f 29static void send_from(int fd, int nowild, char *packet, size_t len,
dfa666f2
SK		 30 union mysockaddr *to, struct all_addr *source,
31 unsigned int iface)
9e4abcb5 32{
44a2a316
SK		 33 struct msghdr msg;
34 struct iovec iov[1];
44a2a316
SK		 35 union {
36 struct cmsghdr align; /* this ensures alignment */
5e9e0efb 37#if defined(HAVE_LINUX_NETWORK)
44a2a316
SK		 38 char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
39#elif defined(IP_SENDSRCADDR)
40 char control[CMSG_SPACE(sizeof(struct in_addr))];
41#endif
42#ifdef HAVE_IPV6
43 char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
44#endif
45 } control_u;
feba5c1d 46
44a2a316
SK		 47 iov[0].iov_base = packet;
48 iov[0].iov_len = len;
49
feba5c1d
SK		 50 msg.msg_control = NULL;
51 msg.msg_controllen = 0;
44a2a316
SK		 52 msg.msg_flags = 0;
53 msg.msg_name = to;
54 msg.msg_namelen = sa_len(to);
55 msg.msg_iov = iov;
56 msg.msg_iovlen = 1;
feba5c1d 57
26128d27 58 if (!nowild)
44a2a316 59 {
26128d27 60 struct cmsghdr *cmptr;
feba5c1d
SK		 61 msg.msg_control = &control_u;
62 msg.msg_controllen = sizeof(control_u);
26128d27
SK		 63 cmptr = CMSG_FIRSTHDR(&msg);
64
65 if (to->sa.sa_family == AF_INET)
66 {
5e9e0efb 67#if defined(HAVE_LINUX_NETWORK)
26128d27
SK		 68 struct in_pktinfo *pkt = (struct in_pktinfo *)CMSG_DATA(cmptr);
69 pkt->ipi_ifindex = 0;
70 pkt->ipi_spec_dst = source->addr.addr4;
71 msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
72 cmptr->cmsg_level = SOL_IP;
73 cmptr->cmsg_type = IP_PKTINFO;
44a2a316 74#elif defined(IP_SENDSRCADDR)
26128d27
SK		 75 struct in_addr *a = (struct in_addr *)CMSG_DATA(cmptr);
76 *a = source->addr.addr4;
77 msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
78 cmptr->cmsg_level = IPPROTO_IP;
79 cmptr->cmsg_type = IP_SENDSRCADDR;
44a2a316 80#endif
26128d27 81 }
26128d27 82 else
b8187c80 83#ifdef HAVE_IPV6
26128d27
SK		 84 {
85 struct in6_pktinfo *pkt = (struct in6_pktinfo *)CMSG_DATA(cmptr);
86 pkt->ipi6_ifindex = iface; /* Need iface for IPv6 to handle link-local addrs */
87 pkt->ipi6_addr = source->addr.addr6;
88 msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
89 cmptr->cmsg_type = IPV6_PKTINFO;
90 cmptr->cmsg_level = IPV6_LEVEL;
91 }
3d8df260
SK		 92#else
93 iface = 0; /* eliminate warning */
44a2a316 94#endif
26128d27 95 }
feba5c1d 96
fd9fa481
SK		 97 retry:
98 if (sendmsg(fd, &msg, 0) == -1)
feba5c1d 99 {
fd9fa481
SK		 100 /* certain Linux kernels seem to object to setting the source address in the IPv6 stack
101 by returning EINVAL from sendmsg. In that case, try again without setting the
102 source address, since it will nearly alway be correct anyway. IPv6 stinks. */
103 if (errno == EINVAL && msg.msg_controllen)
104 {
105 msg.msg_controllen = 0;
106 goto retry;
107 }
108 if (retry_send())
109 goto retry;
feba5c1d 110 }
9e4abcb5 111}
44a2a316 112
5aabfc78 113static unsigned short search_servers(time_t now, struct all_addr **addrpp,
36717eee 114 unsigned short qtype, char *qdomain, int *type, char **domain)
feba5c1d
SK		 115
116{
117 /* If the query ends in the domain in one of our servers, set
118 domain to point to that name. We find the largest match to allow both
119 domain.org and sub.domain.org to exist. */
120
121 unsigned int namelen = strlen(qdomain);
122 unsigned int matchlen = 0;
123 struct server *serv;
124 unsigned short flags = 0;
125
3be34541 126 for (serv = daemon->servers; serv; serv=serv->next)
feba5c1d 127 /* domain matches take priority over NODOTS matches */
3d8df260 128 if ((serv->flags & SERV_FOR_NODOTS) && *type != SERV_HAS_DOMAIN && !strchr(qdomain, '.') && namelen != 0)
feba5c1d
SK		 129 {
130 unsigned short sflag = serv->addr.sa.sa_family == AF_INET ? F_IPV4 : F_IPV6;
131 *type = SERV_FOR_NODOTS;
feba5c1d 132 if (serv->flags & SERV_NO_ADDR)
36717eee
SK		 133 flags = F_NXDOMAIN;
134 else if (serv->flags & SERV_LITERAL_ADDRESS)
135 {
136 if (sflag & qtype)
137 {
138 flags = sflag;
139 if (serv->addr.sa.sa_family == AF_INET)
140 *addrpp = (struct all_addr *)&serv->addr.in.sin_addr;
feba5c1d 141#ifdef HAVE_IPV6
36717eee
SK		 142 else
143 *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
feba5c1d 144#endif
36717eee 145 }
824af85b 146 else if (!flags || (flags & F_NXDOMAIN))
36717eee
SK		 147 flags = F_NOERR;
148 }
feba5c1d
SK		 149 }
150 else if (serv->flags & SERV_HAS_DOMAIN)
151 {
152 unsigned int domainlen = strlen(serv->domain);
b8187c80 153 char *matchstart = qdomain + namelen - domainlen;
feba5c1d 154 if (namelen >= domainlen &&
b8187c80
SK		 155 hostname_isequal(matchstart, serv->domain) &&
156 domainlen >= matchlen &&
cdeda28f 157 (domainlen == 0 || namelen == domainlen || *(serv->domain) == '.' || *(matchstart-1) == '.' ))
feba5c1d
SK		 158 {
159 unsigned short sflag = serv->addr.sa.sa_family == AF_INET ? F_IPV4 : F_IPV6;
160 *type = SERV_HAS_DOMAIN;
161 *domain = serv->domain;
162 matchlen = domainlen;
feba5c1d 163 if (serv->flags & SERV_NO_ADDR)
36717eee
SK		 164 flags = F_NXDOMAIN;
165 else if (serv->flags & SERV_LITERAL_ADDRESS)
feba5c1d 166 {
824af85b 167 if (sflag & qtype)
36717eee 168 {
824af85b 169 flags = sflag;
36717eee
SK		 170 if (serv->addr.sa.sa_family == AF_INET)
171 *addrpp = (struct all_addr *)&serv->addr.in.sin_addr;
feba5c1d 172#ifdef HAVE_IPV6
36717eee
SK		 173 else
174 *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
feba5c1d 175#endif
36717eee 176 }
824af85b 177 else if (!flags || (flags & F_NXDOMAIN))
36717eee 178 flags = F_NOERR;
feba5c1d
SK		 179 }
180 }
181 }
182
824af85b
SK		 183 if (flags == 0 && !(qtype & F_BIGNAME) &&
184 (daemon->options & OPT_NODOTS_LOCAL) && !strchr(qdomain, '.') && namelen != 0)
185 /* don't forward simple names, make exception for NS queries and empty name. */
36717eee
SK		 186 flags = F_NXDOMAIN;
187
5aabfc78 188 if (flags == F_NXDOMAIN && check_for_local_domain(qdomain, now))
c1bb8504 189 flags = F_NOERR;
feba5c1d 190
824af85b
SK		 191 if (flags)
192 {
193 int logflags = 0;
194
195 if (flags == F_NXDOMAIN || flags == F_NOERR)
196 logflags = F_NEG | qtype;
197
1a6bca81 198 log_query(logflags | flags | F_CONFIG | F_FORWARD, qdomain, *addrpp, NULL);
824af85b 199 }
feba5c1d
SK		 200
201 return flags;
202}
44a2a316 203
824af85b
SK		 204static int forward_query(int udpfd, union mysockaddr *udpaddr,
205 struct all_addr *dst_addr, unsigned int dst_iface,
206 HEADER *header, size_t plen, time_t now, struct frec *forward)
9e4abcb5 207{
9e4abcb5 208 char *domain = NULL;
0a852541 209 int type = 0;
9e4abcb5 210 struct all_addr *addrp = NULL;
cdeda28f 211 unsigned int crc = questions_crc(header, plen, daemon->namebuff);
9e4abcb5 212 unsigned short flags = 0;
cdeda28f 213 unsigned short gotname = extract_request(header, plen, daemon->namebuff, NULL);
de37951c 214 struct server *start = NULL;
3d8df260
SK		 215
216 /* may be no servers available. */
217 if (!daemon->servers)
9e4abcb5 218 forward = NULL;
b8187c80 219 else if (forward || (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, crc)))
9e4abcb5 220 {
de37951c 221 /* retry on existing query, send to all available servers */
9e4abcb5 222 domain = forward->sentto->domain;
824af85b 223 forward->sentto->failed_queries++;
3be34541 224 if (!(daemon->options & OPT_ORDER))
de37951c 225 {
0a852541 226 forward->forwardall = 1;
3be34541 227 daemon->last_server = NULL;
de37951c 228 }
9e4abcb5 229 type = forward->sentto->flags & SERV_TYPE;
de37951c 230 if (!(start = forward->sentto->next))
3be34541 231 start = daemon->servers; /* at end of list, recycle */
9e4abcb5
SK		 232 header->id = htons(forward->new_id);
233 }
234 else
235 {
236 if (gotname)
5aabfc78 237 flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain);
9e4abcb5 238
5aabfc78 239 if (!flags && !(forward = get_new_frec(now, NULL)))
feba5c1d
SK		 240 /* table full - server failure. */
241 flags = F_NEG;
9e4abcb5
SK		 242
243 if (forward)
244 {
832af0ba
SK		 245 /* force unchanging id for signed packets */
246 int is_sign;
247 find_pseudoheader(header, plen, NULL, NULL, &is_sign);
248
0a852541
SK		 249 forward->source = *udpaddr;
250 forward->dest = *dst_addr;
251 forward->iface = dst_iface;
0a852541 252 forward->orig_id = ntohs(header->id);
832af0ba
SK		 253 forward->new_id = get_id(is_sign, forward->orig_id, crc);
254 forward->fd = udpfd;
0a852541
SK		 255 forward->crc = crc;
256 forward->forwardall = 0;
257 header->id = htons(forward->new_id);
258
9e4abcb5
SK		 259 /* In strict_order mode, or when using domain specific servers
260 always try servers in the order specified in resolv.conf,
261 otherwise, use the one last known to work. */
262
3be34541
SK		 263 if (type != 0 || (daemon->options & OPT_ORDER))
264 start = daemon->servers;
265 else if (!(start = daemon->last_server))
de37951c 266 {
3be34541 267 start = daemon->servers;
0a852541 268 forward->forwardall = 1;
de37951c 269 }
9e4abcb5
SK		 270 }
271 }
feba5c1d 272
9e4abcb5
SK		 273 /* check for send errors here (no route to host)
274 if we fail to send to all nameservers, send back an error
275 packet straight away (helps modem users when offline) */
276
277 if (!flags && forward)
278 {
de37951c
SK		 279 struct server *firstsentto = start;
280 int forwarded = 0;
281
9e4abcb5
SK		 282 while (1)
283 {
9e4abcb5
SK		 284 /* only send to servers dealing with our domain.
285 domain may be NULL, in which case server->domain
286 must be NULL also. */
287
de37951c 288 if (type == (start->flags & SERV_TYPE) &&
fd9fa481
SK		 289 (type != SERV_HAS_DOMAIN || hostname_isequal(domain, start->domain)) &&
290 !(start->flags & SERV_LITERAL_ADDRESS))
9e4abcb5 291 {
1a6bca81
SK		 292 int fd;
293
294 /* find server socket to use, may need to get random one. */
295 if (start->sfd)
296 fd = start->sfd->fd;
297 else
298 {
299#ifdef HAVE_IPV6
300 if (start->addr.sa.sa_family == AF_INET6)
301 {
302 if (!forward->rfd6 &&
303 !(forward->rfd6 = allocate_rfd(AF_INET6)))
304 break;
3927da46 305 daemon->rfd_save = forward->rfd6;
1a6bca81
SK		 306 fd = forward->rfd6->fd;
307 }
308 else
309#endif
310 {
311 if (!forward->rfd4 &&
312 !(forward->rfd4 = allocate_rfd(AF_INET)))
313 break;
3927da46 314 daemon->rfd_save = forward->rfd4;
1a6bca81
SK		 315 fd = forward->rfd4->fd;
316 }
317 }
318
319 if (sendto(fd, (char *)header, plen, 0,
feba5c1d 320 &start->addr.sa,
fd9fa481
SK		 321 sa_len(&start->addr)) == -1)
322 {
323 if (retry_send())
324 continue;
325 }
326 else
9e4abcb5 327 {
cdeda28f
SK		 328 /* Keep info in case we want to re-send this packet */
329 daemon->srv_save = start;
330 daemon->packet_len = plen;
331
de37951c 332 if (!gotname)
3be34541 333 strcpy(daemon->namebuff, "query");
de37951c 334 if (start->addr.sa.sa_family == AF_INET)
3be34541 335 log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff,
1a6bca81 336 (struct all_addr *)&start->addr.in.sin_addr, NULL);
de37951c
SK		 337#ifdef HAVE_IPV6
338 else
3be34541 339 log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff,
1a6bca81 340 (struct all_addr *)&start->addr.in6.sin6_addr, NULL);
de37951c 341#endif
824af85b 342 start->queries++;
de37951c
SK		 343 forwarded = 1;
344 forward->sentto = start;
0a852541 345 if (!forward->forwardall)
de37951c 346 break;
0a852541 347 forward->forwardall++;
9e4abcb5
SK		 348 }
349 }
350
de37951c 351 if (!(start = start->next))
3be34541 352 start = daemon->servers;
9e4abcb5 353
de37951c 354 if (start == firstsentto)
9e4abcb5
SK		 355 break;
356 }
357
de37951c 358 if (forwarded)
824af85b 359 return 1;
de37951c 360
9e4abcb5
SK		 361 /* could not send on, prepare to return */
362 header->id = htons(forward->orig_id);
1a6bca81 363 free_frec(forward); /* cancel */
9e4abcb5
SK		 364 }
365
366 /* could not send on, return empty answer or address if known for whole domain */
b8187c80
SK		 367 if (udpfd != -1)
368 {
cdeda28f 369 plen = setup_reply(header, plen, addrp, flags, daemon->local_ttl);
b8187c80
SK		 370 send_from(udpfd, daemon->options & OPT_NOWILD, (char *)header, plen, udpaddr, dst_addr, dst_iface);
371 }
372
824af85b 373 return 0;
9e4abcb5
SK		 374}
375
5aabfc78 376static size_t process_reply(HEADER *header, time_t now,
832af0ba 377 struct server *server, size_t n)
feba5c1d 378{
36717eee 379 unsigned char *pheader, *sizep;
832af0ba 380 int munged = 0, is_sign;
cdeda28f
SK		 381 size_t plen;
382
feba5c1d 383 /* If upstream is advertising a larger UDP packet size
9009d746
SK		 384 than we allow, trim it so that we don't get overlarge
385 requests for the client. We can't do this for signed packets. */
feba5c1d 386
832af0ba 387 if ((pheader = find_pseudoheader(header, n, &plen, &sizep, &is_sign)) && !is_sign)
feba5c1d
SK		 388 {
389 unsigned short udpsz;
36717eee 390 unsigned char *psave = sizep;
feba5c1d 391
36717eee 392 GETSHORT(udpsz, sizep);
3be34541
SK		 393 if (udpsz > daemon->edns_pktsz)
394 PUTSHORT(daemon->edns_pktsz, psave);
feba5c1d
SK		 395 }
396
1b7ecd11 397 if (header->opcode != QUERY || (header->rcode != NOERROR && header->rcode != NXDOMAIN))
0a852541
SK		 398 return n;
399
feba5c1d 400 /* Complain loudly if the upstream server is non-recursive. */
0a852541
SK		 401 if (!header->ra && header->rcode == NOERROR && ntohs(header->ancount) == 0 &&
402 server && !(server->flags & SERV_WARNED_RECURSIVE))
feba5c1d 403 {
3d8df260 404 prettyprint_addr(&server->addr, daemon->namebuff);
f2621c7f 405 my_syslog(LOG_WARNING, _("nameserver %s refused to do a recursive query"), daemon->namebuff);
0a852541
SK		 406 if (!(daemon->options & OPT_LOG))
407 server->flags |= SERV_WARNED_RECURSIVE;
408 }
409
fd9fa481
SK		 410 if (daemon->bogus_addr && header->rcode != NXDOMAIN &&
411 check_for_bogus_wildcard(header, n, daemon->namebuff, daemon->bogus_addr, now))
feba5c1d 412 {
fd9fa481
SK		 413 munged = 1;
414 header->rcode = NXDOMAIN;
415 header->aa = 0;
36717eee 416 }
fd9fa481 417 else
36717eee 418 {
fd9fa481
SK		 419 if (header->rcode == NXDOMAIN &&
420 extract_request(header, n, daemon->namebuff, NULL) &&
5aabfc78 421 check_for_local_domain(daemon->namebuff, now))
36717eee
SK		 422 {
423 /* if we forwarded a query for a locally known name (because it was for
424 an unknown type) and the answer is NXDOMAIN, convert that to NODATA,
425 since we know that the domain exists, even if upstream doesn't */
fd9fa481
SK		 426 munged = 1;
427 header->aa = 1;
428 header->rcode = NOERROR;
feba5c1d 429 }
832af0ba 430
824af85b
SK		 431 if (extract_addresses(header, n, daemon->namebuff, now))
432 {
433 my_syslog(LOG_WARNING, _("possible DNS-rebind attack detected"));
434 munged = 1;
435 }
feba5c1d 436 }
fd9fa481
SK		 437
438 /* do this after extract_addresses. Ensure NODATA reply and remove
439 nameserver info. */
440
441 if (munged)
442 {
443 header->ancount = htons(0);
444 header->nscount = htons(0);
445 header->arcount = htons(0);
446 }
447
36717eee
SK		 448 /* the bogus-nxdomain stuff, doctor and NXDOMAIN->NODATA munging can all elide
449 sections of the packet. Find the new length here and put back pseudoheader
450 if it was removed. */
451 return resize_packet(header, n, pheader, plen);
feba5c1d
SK		 452}
453
3be34541 454/* sets new last_server */
1a6bca81 455void reply_query(int fd, int family, time_t now)
9e4abcb5
SK		 456{
457 /* packet from peer server, extract data for cache, and send to
458 original requester */
9e4abcb5 459 HEADER *header;
de37951c 460 union mysockaddr serveraddr;
832af0ba 461 struct frec *forward;
de37951c 462 socklen_t addrlen = sizeof(serveraddr);
1a6bca81 463 ssize_t n = recvfrom(fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen);
cdeda28f 464 size_t nn;
1a6bca81
SK		 465 struct server *server;
466
cdeda28f
SK		 467 /* packet buffer overwritten */
468 daemon->srv_save = NULL;
832af0ba 469
de37951c 470 /* Determine the address of the server replying so that we can mark that as good */
1a6bca81 471 serveraddr.sa.sa_family = family;
de37951c
SK		 472#ifdef HAVE_IPV6
473 if (serveraddr.sa.sa_family == AF_INET6)
5e9e0efb 474 serveraddr.in6.sin6_flowinfo = 0;
de37951c 475#endif
9e4abcb5 476
1a6bca81
SK		 477 /* spoof check: answer must come from known server, */
478 for (server = daemon->servers; server; server = server->next)
479 if (!(server->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) &&
480 sockaddr_isequal(&server->addr, &serveraddr))
481 break;
482
3be34541 483 header = (HEADER *)daemon->packet;
fd9fa481 484
1a6bca81
SK		 485 if (!server ||
486 n < (int)sizeof(HEADER) || !header->qr ||
487 !(forward = lookup_frec(ntohs(header->id), questions_crc(header, n, daemon->namebuff))))
488 return;
489
490 server = forward->sentto;
491
492 if ((header->rcode == SERVFAIL || header->rcode == REFUSED) &&
493 !(daemon->options & OPT_ORDER) &&
494 forward->forwardall == 0)
495 /* for broken servers, attempt to send to another one. */
9e4abcb5 496 {
1a6bca81
SK		 497 unsigned char *pheader;
498 size_t plen;
499 int is_sign;
832af0ba 500
1a6bca81
SK		 501 /* recreate query from reply */
502 pheader = find_pseudoheader(header, (size_t)n, &plen, NULL, &is_sign);
503 if (!is_sign)
832af0ba 504 {
1a6bca81
SK		 505 header->ancount = htons(0);
506 header->nscount = htons(0);
507 header->arcount = htons(0);
508 if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
832af0ba 509 {
1a6bca81
SK		 510 header->qr = 0;
511 header->tc = 0;
512 forward_query(-1, NULL, NULL, 0, header, nn, now, forward);
513 return;
832af0ba 514 }
832af0ba 515 }
1a6bca81
SK		 516 }
517
518 if ((forward->sentto->flags & SERV_TYPE) == 0)
519 {
520 if (header->rcode == SERVFAIL || header->rcode == REFUSED)
521 server = NULL;
522 else
b8187c80 523 {
1a6bca81
SK		 524 struct server *last_server;
525
526 /* find good server by address if possible, otherwise assume the last one we sent to */
527 for (last_server = daemon->servers; last_server; last_server = last_server->next)
528 if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) &&
529 sockaddr_isequal(&last_server->addr, &serveraddr))
530 {
531 server = last_server;
532 break;
533 }
534 }
535 if (!(daemon->options & OPT_ALL_SERVERS))
536 daemon->last_server = server;
537 }
538
539 /* If the answer is an error, keep the forward record in place in case
540 we get a good reply from another server. Kill it when we've
541 had replies from all to avoid filling the forwarding table when
542 everything is broken */
543 if (forward->forwardall == 0 || --forward->forwardall == 1 ||
544 (header->rcode != REFUSED && header->rcode != SERVFAIL))
545 {
546 if ((nn = process_reply(header, now, server, (size_t)n)))
547 {
548 header->id = htons(forward->orig_id);
549 header->ra = 1; /* recursion if available */
550 send_from(forward->fd, daemon->options & OPT_NOWILD, daemon->packet, nn,
551 &forward->source, &forward->dest, forward->iface);
b8187c80 552 }
1a6bca81 553 free_frec(forward); /* cancel */
9e4abcb5 554 }
9e4abcb5 555}
44a2a316 556
1a6bca81 557
5aabfc78 558void receive_query(struct listener *listen, time_t now)
44a2a316 559{
3be34541 560 HEADER *header = (HEADER *)daemon->packet;
44a2a316 561 union mysockaddr source_addr;
c1bb8504 562 unsigned short type;
44a2a316 563 struct all_addr dst_addr;
f6b7dc47 564 struct in_addr netmask, dst_addr_4;
cdeda28f
SK		 565 size_t m;
566 ssize_t n;
567 int if_index = 0;
44a2a316
SK		 568 struct iovec iov[1];
569 struct msghdr msg;
570 struct cmsghdr *cmptr;
44a2a316
SK		 571 union {
572 struct cmsghdr align; /* this ensures alignment */
573#ifdef HAVE_IPV6
574 char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
575#endif
5e9e0efb 576#if defined(HAVE_LINUX_NETWORK)
44a2a316 577 char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
824af85b
SK		 578#elif defined(IP_RECVDSTADDR) && defined(HAVE_SOLARIS_NETWORK)
579 char control[CMSG_SPACE(sizeof(struct in_addr)) +
580 CMSG_SPACE(sizeof(unsigned int))];
44a2a316
SK		 581#elif defined(IP_RECVDSTADDR)
582 char control[CMSG_SPACE(sizeof(struct in_addr)) +
583 CMSG_SPACE(sizeof(struct sockaddr_dl))];
584#endif
585 } control_u;
586
cdeda28f
SK		 587 /* packet buffer overwritten */
588 daemon->srv_save = NULL;
589
f6b7dc47
SK		 590 if (listen->family == AF_INET && (daemon->options & OPT_NOWILD))
591 {
592 dst_addr_4 = listen->iface->addr.in.sin_addr;
593 netmask = listen->iface->netmask;
594 }
595 else
3d8df260
SK		 596 {
597 dst_addr_4.s_addr = 0;
598 netmask.s_addr = 0;
599 }
f6b7dc47 600
3be34541
SK		 601 iov[0].iov_base = daemon->packet;
602 iov[0].iov_len = daemon->edns_pktsz;
44a2a316
SK		 603
604 msg.msg_control = control_u.control;
605 msg.msg_controllen = sizeof(control_u);
606 msg.msg_flags = 0;
607 msg.msg_name = &source_addr;
608 msg.msg_namelen = sizeof(source_addr);
609 msg.msg_iov = iov;
610 msg.msg_iovlen = 1;
611
de37951c 612 if ((n = recvmsg(listen->fd, &msg, 0)) == -1)
3be34541 613 return;
44a2a316 614
5e9e0efb
SK		 615 if (n < (int)sizeof(HEADER) ||
616 (msg.msg_flags & MSG_TRUNC) ||
617 header->qr)
26128d27
SK		 618 return;
619
44a2a316
SK		 620 source_addr.sa.sa_family = listen->family;
621#ifdef HAVE_IPV6
622 if (listen->family == AF_INET6)
5e9e0efb 623 source_addr.in6.sin6_flowinfo = 0;
44a2a316
SK		 624#endif
625
26128d27
SK		 626 if (!(daemon->options & OPT_NOWILD))
627 {
628 struct ifreq ifr;
629
630 if (msg.msg_controllen < sizeof(struct cmsghdr))
631 return;
44a2a316 632
5e9e0efb 633#if defined(HAVE_LINUX_NETWORK)
26128d27
SK		 634 if (listen->family == AF_INET)
635 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
636 if (cmptr->cmsg_level == SOL_IP && cmptr->cmsg_type == IP_PKTINFO)
637 {
f6b7dc47 638 dst_addr_4 = dst_addr.addr.addr4 = ((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_spec_dst;
26128d27
SK		 639 if_index = ((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_ifindex;
640 }
641#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
642 if (listen->family == AF_INET)
44a2a316 643 {
26128d27
SK		 644 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
645 if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVDSTADDR)
f6b7dc47 646 dst_addr_4 = dst_addr.addr.addr4 = *((struct in_addr *)CMSG_DATA(cmptr));
26128d27 647 else if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
824af85b
SK		 648#ifdef HAVE_SOLARIS_NETWORK
649 if_index = *((unsigned int *)CMSG_DATA(cmptr));
650#else
26128d27 651 if_index = ((struct sockaddr_dl *)CMSG_DATA(cmptr))->sdl_index;
824af85b 652#endif
44a2a316 653 }
44a2a316 654#endif
26128d27 655
44a2a316 656#ifdef HAVE_IPV6
26128d27
SK		 657 if (listen->family == AF_INET6)
658 {
659 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
660 if (cmptr->cmsg_level == IPV6_LEVEL && cmptr->cmsg_type == IPV6_PKTINFO)
661 {
662 dst_addr.addr.addr6 = ((struct in6_pktinfo *)CMSG_DATA(cmptr))->ipi6_addr;
663 if_index =((struct in6_pktinfo *)CMSG_DATA(cmptr))->ipi6_ifindex;
664 }
665 }
44a2a316 666#endif
26128d27
SK		 667
668 /* enforce available interface configuration */
669
8a911ccc 670 if (if_index == 0)
3be34541 671 return;
44a2a316 672
8a911ccc 673#ifdef SIOCGIFNAME
832af0ba
SK		 674 ifr.ifr_ifindex = if_index;
675 if (ioctl(listen->fd, SIOCGIFNAME, &ifr) == -1)
676 return;
8a911ccc 677#else
832af0ba
SK		 678 if (!if_indextoname(if_index, ifr.ifr_name))
679 return;
8a911ccc 680#endif
832af0ba 681
5aabfc78 682 if (!iface_check(listen->family, &dst_addr, &ifr, &if_index))
5e9e0efb 683 return;
832af0ba
SK		 684
685 if (listen->family == AF_INET &&
686 (daemon->options & OPT_LOCALISE) &&
687 ioctl(listen->fd, SIOCGIFNETMASK, &ifr) == -1)
688 return;
689
690 netmask = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
44a2a316
SK		 691 }
692
cdeda28f 693 if (extract_request(header, (size_t)n, daemon->namebuff, &type))
44a2a316 694 {
1a6bca81
SK		 695 char types[20];
696
697 querystr(types, type);
698
44a2a316 699 if (listen->family == AF_INET)
3be34541 700 log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
1a6bca81 701 (struct all_addr *)&source_addr.in.sin_addr, types);
44a2a316
SK		 702#ifdef HAVE_IPV6
703 else
3be34541 704 log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff,
1a6bca81 705 (struct all_addr *)&source_addr.in6.sin6_addr, types);
44a2a316
SK		 706#endif
707 }
708
5aabfc78 709 m = answer_request (header, ((char *) header) + PACKETSZ, (size_t)n,
f6b7dc47 710 dst_addr_4, netmask, now);
44a2a316 711 if (m >= 1)
824af85b
SK		 712 {
713 send_from(listen->fd, daemon->options & OPT_NOWILD, (char *)header,
714 m, &source_addr, &dst_addr, if_index);
715 daemon->local_answer++;
716 }
717 else if (forward_query(listen->fd, &source_addr, &dst_addr, if_index,
718 header, (size_t)n, now, NULL))
719 daemon->queries_forwarded++;
44a2a316 720 else
824af85b 721 daemon->local_answer++;
44a2a316
SK		 722}
723
feba5c1d
SK		 724/* The daemon forks before calling this: it should deal with one connection,
725 blocking as neccessary, and then return. Note, need to be a bit careful
726 about resources for debug mode, when the fork is suppressed: that's
727 done by the caller. */
5aabfc78 728unsigned char *tcp_request(int confd, time_t now,
3d8df260 729 struct in_addr local_addr, struct in_addr netmask)
feba5c1d 730{
cdeda28f
SK		 731 int size = 0;
732 size_t m;
c1bb8504 733 unsigned short qtype, gotname;
feba5c1d
SK		 734 unsigned char c1, c2;
735 /* Max TCP packet + slop */
5aabfc78 736 unsigned char *packet = whine_malloc(65536 + MAXDNAME + RRFIXEDSZ);
feba5c1d 737 HEADER *header;
3be34541
SK		 738 struct server *last_server;
739
feba5c1d
SK		 740 while (1)
741 {
742 if (!packet ||
743 !read_write(confd, &c1, 1, 1) || !read_write(confd, &c2, 1, 1) ||
744 !(size = c1 << 8 | c2) ||
745 !read_write(confd, packet, size, 1))
746 return packet;
747
748 if (size < (int)sizeof(HEADER))
749 continue;
750
751 header = (HEADER *)packet;
752
3be34541 753 if ((gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype)))
feba5c1d
SK		 754 {
755 union mysockaddr peer_addr;
756 socklen_t peer_len = sizeof(union mysockaddr);
757
758 if (getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) != -1)
759 {
1a6bca81
SK		 760 char types[20];
761
762 querystr(types, qtype);
763
feba5c1d 764 if (peer_addr.sa.sa_family == AF_INET)
3be34541 765 log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
1a6bca81 766 (struct all_addr *)&peer_addr.in.sin_addr, types);
feba5c1d
SK		 767#ifdef HAVE_IPV6
768 else
3be34541 769 log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff,
1a6bca81 770 (struct all_addr *)&peer_addr.in6.sin6_addr, types);
feba5c1d
SK		 771#endif
772 }
773 }
774
775 /* m > 0 if answered from cache */
5aabfc78 776 m = answer_request(header, ((char *) header) + 65536, (unsigned int)size,
f6b7dc47 777 local_addr, netmask, now);
5aabfc78
SK		 778
779 /* Do this by steam now we're not in the select() loop */
780 check_log_writer(NULL);
feba5c1d
SK		 781
782 if (m == 0)
783 {
784 unsigned short flags = 0;
feba5c1d
SK		 785 struct all_addr *addrp = NULL;
786 int type = 0;
787 char *domain = NULL;
788
789 if (gotname)
5aabfc78 790 flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain);
feba5c1d 791
3be34541
SK		 792 if (type != 0 || (daemon->options & OPT_ORDER) || !daemon->last_server)
793 last_server = daemon->servers;
794 else
795 last_server = daemon->last_server;
feba5c1d
SK		 796
797 if (!flags && last_server)
798 {
799 struct server *firstsendto = NULL;
0a852541
SK		 800 unsigned int crc = questions_crc(header, (unsigned int)size, daemon->namebuff);
801
feba5c1d
SK		 802 /* Loop round available servers until we succeed in connecting to one.
803 Note that this code subtley ensures that consecutive queries on this connection
804 which can go to the same server, do so. */
805 while (1)
806 {
807 if (!firstsendto)
808 firstsendto = last_server;
809 else
810 {
811 if (!(last_server = last_server->next))
3be34541 812 last_server = daemon->servers;
feba5c1d
SK		 813
814 if (last_server == firstsendto)
815 break;
816 }
817
818 /* server for wrong domain */
819 if (type != (last_server->flags & SERV_TYPE) ||
820 (type == SERV_HAS_DOMAIN && !hostname_isequal(domain, last_server->domain)))
821 continue;
822
823 if ((last_server->tcpfd == -1) &&
824 (last_server->tcpfd = socket(last_server->addr.sa.sa_family, SOCK_STREAM, 0)) != -1 &&
824af85b
SK		 825 (!local_bind(last_server->tcpfd, &last_server->source_addr, last_server->interface, 1) ||
826 connect(last_server->tcpfd, &last_server->addr.sa, sa_len(&last_server->addr)) == -1))
feba5c1d
SK		 827 {
828 close(last_server->tcpfd);
829 last_server->tcpfd = -1;
830 }
831
832 if (last_server->tcpfd == -1)
833 continue;
824af85b 834
feba5c1d
SK		 835 c1 = size >> 8;
836 c2 = size;
837
838 if (!read_write(last_server->tcpfd, &c1, 1, 0) ||
839 !read_write(last_server->tcpfd, &c2, 1, 0) ||
840 !read_write(last_server->tcpfd, packet, size, 0) ||
841 !read_write(last_server->tcpfd, &c1, 1, 1) ||
842 !read_write(last_server->tcpfd, &c2, 1, 1))
843 {
844 close(last_server->tcpfd);
845 last_server->tcpfd = -1;
846 continue;
847 }
824af85b 848
feba5c1d
SK		 849 m = (c1 << 8) | c2;
850 if (!read_write(last_server->tcpfd, packet, m, 1))
851 return packet;
852
853 if (!gotname)
3be34541 854 strcpy(daemon->namebuff, "query");
feba5c1d 855 if (last_server->addr.sa.sa_family == AF_INET)
3be34541 856 log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff,
1a6bca81 857 (struct all_addr *)&last_server->addr.in.sin_addr, NULL);
feba5c1d
SK		 858#ifdef HAVE_IPV6
859 else
3be34541 860 log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff,
1a6bca81 861 (struct all_addr *)&last_server->addr.in6.sin6_addr, NULL);
feba5c1d
SK		 862#endif
863
864 /* There's no point in updating the cache, since this process will exit and
832af0ba 865 lose the information after a few queries. We make this call for the alias and
feba5c1d 866 bogus-nxdomain side-effects. */
832af0ba
SK		 867 /* If the crc of the question section doesn't match the crc we sent, then
868 someone might be attempting to insert bogus values into the cache by
869 sending replies containing questions and bogus answers. */
870 if (crc == questions_crc(header, (unsigned int)m, daemon->namebuff))
5aabfc78 871 m = process_reply(header, now, last_server, (unsigned int)m);
feba5c1d
SK		 872
873 break;
874 }
875 }
876
877 /* In case of local answer or no connections made. */
878 if (m == 0)
3be34541 879 m = setup_reply(header, (unsigned int)size, addrp, flags, daemon->local_ttl);
feba5c1d 880 }
5aabfc78
SK		 881
882 check_log_writer(NULL);
feba5c1d
SK		 883
884 c1 = m>>8;
885 c2 = m;
886 if (!read_write(confd, &c1, 1, 0) ||
887 !read_write(confd, &c2, 1, 0) ||
888 !read_write(confd, packet, m, 0))
889 return packet;
890 }
891}
892
1697269c 893static struct frec *allocate_frec(time_t now)
9e4abcb5 894{
1697269c
SK		 895 struct frec *f;
896
5aabfc78 897 if ((f = (struct frec *)whine_malloc(sizeof(struct frec))))
9e4abcb5 898 {
1a6bca81 899 f->next = daemon->frec_list;
1697269c 900 f->time = now;
832af0ba 901 f->sentto = NULL;
1a6bca81
SK		 902 f->rfd4 = NULL;
903#ifdef HAVE_IPV6
904 f->rfd6 = NULL;
905#endif
906 daemon->frec_list = f;
1697269c 907 }
9e4abcb5 908
1697269c
SK		 909 return f;
910}
9e4abcb5 911
1a6bca81
SK		 912static struct randfd *allocate_rfd(int family)
913{
914 static int finger = 0;
915 int i;
916
917 /* limit the number of sockets we have open to avoid starvation of
918 (eg) TFTP. Once we have a reasonable number, randomness should be OK */
919
920 for (i = 0; i < RANDOM_SOCKS; i++)
9009d746 921 if (daemon->randomsocks[i].refcount == 0)
1a6bca81 922 {
9009d746
SK		 923 if ((daemon->randomsocks[i].fd = random_sock(family)) == -1)
924 break;
925
1a6bca81
SK		 926 daemon->randomsocks[i].refcount = 1;
927 daemon->randomsocks[i].family = family;
928 return &daemon->randomsocks[i];
929 }
930
9009d746 931 /* No free ones or cannot get new socket, grab an existing one */
1a6bca81
SK		 932 for (i = 0; i < RANDOM_SOCKS; i++)
933 {
934 int j = (i+finger) % RANDOM_SOCKS;
9009d746
SK		 935 if (daemon->randomsocks[j].refcount != 0 &&
936 daemon->randomsocks[j].family == family &&
937 daemon->randomsocks[j].refcount != 0xffff)
1a6bca81
SK		 938 {
939 finger = j;
940 daemon->randomsocks[j].refcount++;
941 return &daemon->randomsocks[j];
942 }
943 }
944
945 return NULL; /* doom */
946}
947
948static void free_frec(struct frec *f)
949{
950 if (f->rfd4 && --(f->rfd4->refcount) == 0)
951 close(f->rfd4->fd);
952
953 f->rfd4 = NULL;
954 f->sentto = NULL;
955
956#ifdef HAVE_IPV6
957 if (f->rfd6 && --(f->rfd6->refcount) == 0)
958 close(f->rfd6->fd);
959
960 f->rfd6 = NULL;
961#endif
962}
963
1697269c
SK		 964/* if wait==NULL return a free or older than TIMEOUT record.
965 else return *wait zero if one available, or *wait is delay to
1a6bca81
SK		 966 when the oldest in-use record will expire. Impose an absolute
967 limit of 4*TIMEOUT before we wipe things (for random sockets) */
5aabfc78 968struct frec *get_new_frec(time_t now, int *wait)
1697269c 969{
1a6bca81 970 struct frec *f, *oldest, *target;
1697269c
SK		 971 int count;
972
973 if (wait)
974 *wait = 0;
975
1a6bca81 976 for (f = daemon->frec_list, oldest = NULL, target = NULL, count = 0; f; f = f->next, count++)
832af0ba 977 if (!f->sentto)
1a6bca81
SK		 978 target = f;
979 else
1697269c 980 {
1a6bca81
SK		 981 if (difftime(now, f->time) >= 4*TIMEOUT)
982 {
983 free_frec(f);
984 target = f;
985 }
986
987 if (!oldest || difftime(f->time, oldest->time) <= 0)
988 oldest = f;
1697269c 989 }
1a6bca81
SK		 990
991 if (target)
992 {
993 target->time = now;
994 return target;
995 }
9e4abcb5
SK		 996
997 /* can't find empty one, use oldest if there is one
998 and it's older than timeout */
1697269c 999 if (oldest && ((int)difftime(now, oldest->time)) >= TIMEOUT)
9e4abcb5 1000 {
1697269c
SK		 1001 /* keep stuff for twice timeout if we can by allocating a new
1002 record instead */
1003 if (difftime(now, oldest->time) < 2*TIMEOUT &&
1004 count <= daemon->ftabsize &&
1005 (f = allocate_frec(now)))
1006 return f;
1007
1008 if (!wait)
1009 {
1a6bca81 1010 free_frec(oldest);
1697269c
SK		 1011 oldest->time = now;
1012 }
9e4abcb5
SK		 1013 return oldest;
1014 }
1015
1697269c 1016 /* none available, calculate time 'till oldest record expires */
208b65c5 1017 if (count > daemon->ftabsize)
1697269c
SK		 1018 {
1019 if (oldest && wait)
1020 *wait = oldest->time + (time_t)TIMEOUT - now;
9e4abcb5
SK		 1021 return NULL;
1022 }
1697269c
SK		 1023
1024 if (!(f = allocate_frec(now)) && wait)
1025 /* wait one second on malloc failure */
1026 *wait = 1;
9e4abcb5 1027
9e4abcb5
SK		 1028 return f; /* OK if malloc fails and this is NULL */
1029}
1030
832af0ba
SK		 1031/* crc is all-ones if not known. */
1032static struct frec *lookup_frec(unsigned short id, unsigned int crc)
9e4abcb5
SK		 1033{
1034 struct frec *f;
1035
1a6bca81 1036 for(f = daemon->frec_list; f; f = f->next)
832af0ba
SK		 1037 if (f->sentto && f->new_id == id &&
1038 (f->crc == crc || crc == 0xffffffff))
9e4abcb5
SK		 1039 return f;
1040
1041 return NULL;
1042}
1043
1044static struct frec *lookup_frec_by_sender(unsigned short id,
fd9fa481
SK		 1045 union mysockaddr *addr,
1046 unsigned int crc)
9e4abcb5 1047{
feba5c1d
SK		 1048 struct frec *f;
1049
1a6bca81 1050 for(f = daemon->frec_list; f; f = f->next)
832af0ba 1051 if (f->sentto &&
9e4abcb5 1052 f->orig_id == id &&
fd9fa481 1053 f->crc == crc &&
9e4abcb5
SK		 1054 sockaddr_isequal(&f->source, addr))
1055 return f;
1056
1057 return NULL;
1058}
1059
849a8357 1060/* A server record is going away, remove references to it */
5aabfc78 1061void server_gone(struct server *server)
849a8357
SK		 1062{
1063 struct frec *f;
1064
1a6bca81 1065 for (f = daemon->frec_list; f; f = f->next)
832af0ba 1066 if (f->sentto && f->sentto == server)
1a6bca81 1067 free_frec(f);
849a8357
SK		 1068
1069 if (daemon->last_server == server)
1070 daemon->last_server = NULL;
1071
1072 if (daemon->srv_save == server)
1073 daemon->srv_save = NULL;
1074}
9e4abcb5 1075
832af0ba
SK		 1076/* return unique random ids.
1077 For signed packets we can't change the ID without breaking the
1078 signing, so we keep the same one. In this case force is set, and this
1079 routine degenerates into killing any conflicting forward record. */
1080static unsigned short get_id(int force, unsigned short force_id, unsigned int crc)
9e4abcb5
SK		 1081{
1082 unsigned short ret = 0;
832af0ba
SK		 1083
1084 if (force)
9e4abcb5 1085 {
832af0ba
SK		 1086 struct frec *f = lookup_frec(force_id, crc);
1087 if (f)
1a6bca81 1088 free_frec(f); /* free */
832af0ba 1089 ret = force_id;
9e4abcb5 1090 }
832af0ba
SK		 1091 else do
1092 ret = rand16();
1093 while (lookup_frec(ret, crc));
1094
9e4abcb5
SK		 1095 return ret;
1096}
1097
1098
1099
1100
1101
Michael's tree of dnsmasq.