]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/dnsmasq.c
projects / people / ms / dnsmasq.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add --dnssec-timestamp option and facility.
[people/ms/dnsmasq.git] / src / dnsmasq.c
1 /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 /* Declare static char *compiler_opts in config.h */
18 #define DNSMASQ_COMPILE_OPTS
19
20 #include "dnsmasq.h"
21
22 struct daemon *daemon;
23
24 static volatile pid_t pid = 0;
25 static volatile int pipewrite;
26
27 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
28 static void check_dns_listeners(fd_set *set, time_t now);
29 static void sig_handler(int sig);
30 static void async_event(int pipe, time_t now);
31 static void fatal_event(struct event_desc *ev, char *msg);
32 static int read_event(int fd, struct event_desc *evp, char **msg);
33 static void poll_resolv(int force, int do_reload, time_t now);
34
35 int main (int argc, char **argv)
36 {
37 int bind_fallback = 0;
38 time_t now;
39 struct sigaction sigact;
40 struct iname *if_tmp;
41 int piperead, pipefd[2], err_pipe[2];
42 struct passwd *ent_pw = NULL;
43 #if defined(HAVE_SCRIPT)
44 uid_t script_uid = 0;
45 gid_t script_gid = 0;
46 #endif
47 struct group *gp = NULL;
48 long i, max_fd = sysconf(_SC_OPEN_MAX);
49 char *baduser = NULL;
50 int log_err;
51 #if defined(HAVE_LINUX_NETWORK)
52 cap_user_header_t hdr = NULL;
53 cap_user_data_t data = NULL;
54 char *bound_device = NULL;
55 int did_bind = 0;
56 #endif
57 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
58 struct dhcp_context *context;
59 struct dhcp_relay *relay;
60 #endif
61 #ifdef HAVE_DNSSEC
62 int badtime;
63 #endif
64
65 #ifdef LOCALEDIR
66 setlocale(LC_ALL, "");
67 bindtextdomain("dnsmasq", LOCALEDIR);
68 textdomain("dnsmasq");
69 #endif
70
71 sigact.sa_handler = sig_handler;
72 sigact.sa_flags = 0;
73 sigemptyset(&sigact.sa_mask);
74 sigaction(SIGUSR1, &sigact, NULL);
75 sigaction(SIGUSR2, &sigact, NULL);
76 sigaction(SIGHUP, &sigact, NULL);
77 sigaction(SIGTERM, &sigact, NULL);
78 sigaction(SIGALRM, &sigact, NULL);
79 sigaction(SIGCHLD, &sigact, NULL);
80
81 /* ignore SIGPIPE */
82 sigact.sa_handler = SIG_IGN;
83 sigaction(SIGPIPE, &sigact, NULL);
84
85 umask(022); /* known umask, create leases and pid files as 0644 */
86
87 rand_init(); /* Must precede read_opts() */
88
89 read_opts(argc, argv, compile_opts);
90
91 if (daemon->edns_pktsz < PACKETSZ)
92 daemon->edns_pktsz = PACKETSZ;
93
94 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
95 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
96 daemon->packet = safe_malloc(daemon->packet_buff_sz);
97
98 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
99 if (option_bool(OPT_EXTRALOG))
100 daemon->addrbuff2 = safe_malloc(ADDRSTRLEN);
101
102 #ifdef HAVE_DNSSEC
103 if (option_bool(OPT_DNSSEC_VALID))
104 {
105 daemon->keyname = safe_malloc(MAXDNAME);
106 daemon->workspacename = safe_malloc(MAXDNAME);
107 }
108 #endif
109
110 #ifdef HAVE_DHCP
111 if (!daemon->lease_file)
112 {
113 if (daemon->dhcp || daemon->dhcp6)
114 daemon->lease_file = LEASEFILE;
115 }
116 #endif
117
118 /* Close any file descriptors we inherited apart from std{in|out|err}
119
120 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
121 otherwise file descriptors we create can end up being 0, 1, or 2
122 and then get accidentally closed later when we make 0, 1, and 2
123 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
124 but it's not guaranteed. By opening /dev/null three times, we
125 ensure that we're not using those fds for real stuff. */
126 for (i = 0; i < max_fd; i++)
127 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
128 close(i);
129 else
130 open("/dev/null", O_RDWR);
131
132 #ifndef HAVE_LINUX_NETWORK
133 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
134 if (!option_bool(OPT_NOWILD))
135 {
136 bind_fallback = 1;
137 set_option_bool(OPT_NOWILD);
138 }
139 # endif
140
141 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
142 if (option_bool(OPT_CLEVERBIND))
143 {
144 bind_fallback = 1;
145 set_option_bool(OPT_NOWILD);
146 reset_option_bool(OPT_CLEVERBIND);
147 }
148 #endif
149
150 #ifndef HAVE_INOTIFY
151 if (daemon->dynamic_dirs)
152 die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL, EC_BADCONF);
153 #endif
154
155 if (option_bool(OPT_DNSSEC_VALID))
156 {
157 #ifdef HAVE_DNSSEC
158 if (!daemon->ds)
159 die(_("No trust anchors provided for DNSSEC"), NULL, EC_BADCONF);
160
161 if (daemon->cachesize < CACHESIZ)
162 die(_("Cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
163 #else
164 die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
165 #endif
166 }
167
168 #ifndef HAVE_TFTP
169 if (option_bool(OPT_TFTP))
170 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
171 #endif
172
173 #ifdef HAVE_CONNTRACK
174 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
175 die (_("Cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
176 #else
177 if (option_bool(OPT_CONNTRACK))
178 die(_("Conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
179 #endif
180
181 #ifdef HAVE_SOLARIS_NETWORK
182 if (daemon->max_logs != 0)
183 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
184 #endif
185
186 #ifdef __ANDROID__
187 if (daemon->max_logs != 0)
188 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
189 #endif
190
191 #ifndef HAVE_AUTH
192 if (daemon->authserver)
193 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
194 #endif
195
196 #ifndef HAVE_LOOP
197 if (option_bool(OPT_LOOP_DETECT))
198 die(_("Loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF);
199 #endif
200
201 now = dnsmasq_time();
202
203 /* Create a serial at startup if not configured. */
204 if (daemon->authinterface && daemon->soa_sn == 0)
205 #ifdef HAVE_BROKEN_RTC
206 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
207 #else
208 daemon->soa_sn = now;
209 #endif
210
211 #ifdef HAVE_DHCP6
212 if (daemon->dhcp6)
213 {
214 daemon->doing_ra = option_bool(OPT_RA);
215
216 for (context = daemon->dhcp6; context; context = context->next)
217 {
218 if (context->flags & CONTEXT_DHCP)
219 daemon->doing_dhcp6 = 1;
220 if (context->flags & CONTEXT_RA)
221 daemon->doing_ra = 1;
222 #if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK)
223 if (context->flags & CONTEXT_TEMPLATE)
224 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
225 #endif
226 }
227 }
228 #endif
229
230 #ifdef HAVE_DHCP
231 /* Note that order matters here, we must call lease_init before
232 creating any file descriptors which shouldn't be leaked
233 to the lease-script init process. We need to call common_init
234 before lease_init to allocate buffers it uses.*/
235 if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6)
236 {
237 dhcp_common_init();
238 if (daemon->dhcp || daemon->doing_dhcp6)
239 lease_init(now);
240 }
241
242 if (daemon->dhcp || daemon->relay4)
243 dhcp_init();
244
245 # ifdef HAVE_DHCP6
246 if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6)
247 ra_init(now);
248
249 if (daemon->doing_dhcp6 || daemon->relay6)
250 dhcp6_init();
251 # endif
252
253 #endif
254
255 #ifdef HAVE_IPSET
256 if (daemon->ipsets)
257 ipset_init();
258 #endif
259
260 #if defined(HAVE_LINUX_NETWORK)
261 netlink_init();
262 #elif defined(HAVE_BSD_NETWORK)
263 route_init();
264 #endif
265
266 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
267 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
268
269 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
270 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
271
272 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
273 {
274 create_bound_listeners(1);
275
276 if (!option_bool(OPT_CLEVERBIND))
277 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
278 if (if_tmp->name && !if_tmp->used)
279 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
280
281 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
282 /* after enumerate_interfaces() */
283 bound_device = whichdevice();
284
285 if (daemon->dhcp)
286 {
287 if (!daemon->relay4 && bound_device)
288 {
289 bindtodevice(bound_device, daemon->dhcpfd);
290 did_bind = 1;
291 }
292 if (daemon->enable_pxe && bound_device)
293 {
294 bindtodevice(bound_device, daemon->pxefd);
295 did_bind = 1;
296 }
297 }
298 #endif
299
300 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
301 if (daemon->doing_dhcp6 && !daemon->relay6 && bound_device)
302 {
303 bindtodevice(bound_device, daemon->dhcp6fd);
304 did_bind = 1;
305 }
306 #endif
307 }
308 else
309 create_wildcard_listeners();
310
311 #ifdef HAVE_DHCP6
312 /* after enumerate_interfaces() */
313 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
314 join_multicast(1);
315
316 /* After netlink_init() and before create_helper() */
317 lease_make_duid(now);
318 #endif
319
320 if (daemon->port != 0)
321 {
322 cache_init();
323
324 #ifdef HAVE_DNSSEC
325 blockdata_init();
326 #endif
327 }
328
329 #ifdef HAVE_INOTIFY
330 if (daemon->port != 0 || daemon->dhcp || daemon->doing_dhcp6)
331 inotify_dnsmasq_init();
332 else
333 daemon->inotifyfd = -1;
334 #endif
335
336 if (option_bool(OPT_DBUS))
337 #ifdef HAVE_DBUS
338 {
339 char *err;
340 daemon->dbus = NULL;
341 daemon->watches = NULL;
342 if ((err = dbus_init()))
343 die(_("DBus error: %s"), err, EC_MISC);
344 }
345 #else
346 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
347 #endif
348
349 if (daemon->port != 0)
350 pre_allocate_sfds();
351
352 #if defined(HAVE_SCRIPT)
353 /* Note getpwnam returns static storage */
354 if ((daemon->dhcp || daemon->dhcp6) &&
355 daemon->scriptuser &&
356 (daemon->lease_change_command || daemon->luascript))
357 {
358 if ((ent_pw = getpwnam(daemon->scriptuser)))
359 {
360 script_uid = ent_pw->pw_uid;
361 script_gid = ent_pw->pw_gid;
362 }
363 else
364 baduser = daemon->scriptuser;
365 }
366 #endif
367
368 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
369 baduser = daemon->username;
370 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
371 baduser = daemon->groupname;
372
373 if (baduser)
374 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
375
376 #ifdef HAVE_DNSSEC
377 badtime = setup_timestamp(ent_pw->pw_uid);
378 #endif
379
380 /* implement group defaults, "dip" if available, or group associated with uid */
381 if (!daemon->group_set && !gp)
382 {
383 if (!(gp = getgrnam(CHGRP)) && ent_pw)
384 gp = getgrgid(ent_pw->pw_gid);
385
386 /* for error message */
387 if (gp)
388 daemon->groupname = gp->gr_name;
389 }
390
391 #if defined(HAVE_LINUX_NETWORK)
392 /* determine capability API version here, while we can still
393 call safe_malloc */
394 if (ent_pw && ent_pw->pw_uid != 0)
395 {
396 int capsize = 1; /* for header version 1 */
397 hdr = safe_malloc(sizeof(*hdr));
398
399 /* find version supported by kernel */
400 memset(hdr, 0, sizeof(*hdr));
401 capget(hdr, NULL);
402
403 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
404 {
405 /* if unknown version, use largest supported version (3) */
406 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
407 hdr->version = LINUX_CAPABILITY_VERSION_3;
408 capsize = 2;
409 }
410
411 data = safe_malloc(sizeof(*data) * capsize);
412 memset(data, 0, sizeof(*data) * capsize);
413 }
414 #endif
415
416 /* Use a pipe to carry signals and other events back to the event loop
417 in a race-free manner and another to carry errors to daemon-invoking process */
418 safe_pipe(pipefd, 1);
419
420 piperead = pipefd[0];
421 pipewrite = pipefd[1];
422 /* prime the pipe to load stuff first time. */
423 send_event(pipewrite, EVENT_INIT, 0, NULL);
424
425 err_pipe[1] = -1;
426
427 if (!option_bool(OPT_DEBUG))
428 {
429 /* The following code "daemonizes" the process.
430 See Stevens section 12.4 */
431
432 if (chdir("/") != 0)
433 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
434
435 #ifndef NO_FORK
436 if (!option_bool(OPT_NO_FORK))
437 {
438 pid_t pid;
439
440 /* pipe to carry errors back to original process.
441 When startup is complete we close this and the process terminates. */
442 safe_pipe(err_pipe, 0);
443
444 if ((pid = fork()) == -1)
445 /* fd == -1 since we've not forked, never returns. */
446 send_event(-1, EVENT_FORK_ERR, errno, NULL);
447
448 if (pid != 0)
449 {
450 struct event_desc ev;
451 char *msg;
452
453 /* close our copy of write-end */
454 close(err_pipe[1]);
455
456 /* check for errors after the fork */
457 if (read_event(err_pipe[0], &ev, &msg))
458 fatal_event(&ev, msg);
459
460 _exit(EC_GOOD);
461 }
462
463 close(err_pipe[0]);
464
465 /* NO calls to die() from here on. */
466
467 setsid();
468
469 if ((pid = fork()) == -1)
470 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
471
472 if (pid != 0)
473 _exit(0);
474 }
475 #endif
476
477 /* write pidfile _after_ forking ! */
478 if (daemon->runfile)
479 {
480 int fd, err = 0;
481
482 sprintf(daemon->namebuff, "%d\n", (int) getpid());
483
484 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
485 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
486 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
487 extent that an attacker running as the unprivileged user could replace the pidfile with a
488 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
489
490 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
491 ensuring that the open() fails should there be any existing file (because the unlink() failed,
492 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
493 attack can succeed.
494
495 Any compromise of the non-privileged user still theoretically allows the pid-file to be
496 replaced whilst dnsmasq is running. The worst that could allow is that the usual
497 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
498
499 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
500 failure to write the pid-file.
501 */
502
503 unlink(daemon->runfile);
504
505 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
506 {
507 /* only complain if started as root */
508 if (getuid() == 0)
509 err = 1;
510 }
511 else
512 {
513 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
514 err = 1;
515
516 while (!err && close(fd) == -1)
517 if (!retry_send())
518 err = 1;
519 }
520
521 if (err)
522 {
523 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
524 _exit(0);
525 }
526 }
527 }
528
529 log_err = log_start(ent_pw, err_pipe[1]);
530
531 if (!option_bool(OPT_DEBUG))
532 {
533 /* open stdout etc to /dev/null */
534 int nullfd = open("/dev/null", O_RDWR);
535 dup2(nullfd, STDOUT_FILENO);
536 dup2(nullfd, STDERR_FILENO);
537 dup2(nullfd, STDIN_FILENO);
538 close(nullfd);
539 }
540
541 /* if we are to run scripts, we need to fork a helper before dropping root. */
542 daemon->helperfd = -1;
543 #ifdef HAVE_SCRIPT
544 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
545 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
546 #endif
547
548 if (!option_bool(OPT_DEBUG) && getuid() == 0)
549 {
550 int bad_capabilities = 0;
551 gid_t dummy;
552
553 /* remove all supplimentary groups */
554 if (gp &&
555 (setgroups(0, &dummy) == -1 ||
556 setgid(gp->gr_gid) == -1))
557 {
558 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
559 _exit(0);
560 }
561
562 if (ent_pw && ent_pw->pw_uid != 0)
563 {
564 #if defined(HAVE_LINUX_NETWORK)
565 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
566 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
567 ports because of DAD, or we're doing it dynamically,
568 we need CAP_NET_BIND_SERVICE too. */
569 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
570 data->effective = data->permitted = data->inheritable =
571 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
572 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
573 else
574 data->effective = data->permitted = data->inheritable =
575 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
576
577 /* Tell kernel to not clear capabilities when dropping root */
578 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
579 bad_capabilities = errno;
580
581 #elif defined(HAVE_SOLARIS_NETWORK)
582 /* http://developers.sun.com/solaris/articles/program_privileges.html */
583 priv_set_t *priv_set;
584
585 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
586 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
587 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
588 bad_capabilities = errno;
589
590 if (priv_set && bad_capabilities == 0)
591 {
592 priv_inverse(priv_set);
593
594 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
595 bad_capabilities = errno;
596 }
597
598 if (priv_set)
599 priv_freeset(priv_set);
600
601 #endif
602
603 if (bad_capabilities != 0)
604 {
605 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
606 _exit(0);
607 }
608
609 /* finally drop root */
610 if (setuid(ent_pw->pw_uid) == -1)
611 {
612 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
613 _exit(0);
614 }
615
616 #ifdef HAVE_LINUX_NETWORK
617 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
618 data->effective = data->permitted =
619 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
620 else
621 data->effective = data->permitted =
622 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
623 data->inheritable = 0;
624
625 /* lose the setuid and setgid capbilities */
626 if (capset(hdr, data) == -1)
627 {
628 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
629 _exit(0);
630 }
631 #endif
632
633 }
634 }
635
636 #ifdef HAVE_LINUX_NETWORK
637 free(hdr);
638 free(data);
639 if (option_bool(OPT_DEBUG))
640 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
641 #endif
642
643 #ifdef HAVE_TFTP
644 if (option_bool(OPT_TFTP))
645 {
646 DIR *dir;
647 struct tftp_prefix *p;
648
649 if (daemon->tftp_prefix)
650 {
651 if (!((dir = opendir(daemon->tftp_prefix))))
652 {
653 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
654 _exit(0);
655 }
656 closedir(dir);
657 }
658
659 for (p = daemon->if_prefix; p; p = p->next)
660 {
661 if (!((dir = opendir(p->prefix))))
662 {
663 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
664 _exit(0);
665 }
666 closedir(dir);
667 }
668 }
669 #endif
670
671 if (daemon->port == 0)
672 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
673 else if (daemon->cachesize != 0)
674 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
675 else
676 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
677
678 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
679
680 #ifdef HAVE_DBUS
681 if (option_bool(OPT_DBUS))
682 {
683 if (daemon->dbus)
684 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
685 else
686 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
687 }
688 #endif
689
690 if (option_bool(OPT_LOCAL_SERVICE))
691 my_syslog(LOG_INFO, _("DNS service limited to local subnets"));
692
693 #ifdef HAVE_DNSSEC
694 if (option_bool(OPT_DNSSEC_VALID))
695 {
696 my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
697 if (option_bool(OPT_DNSSEC_TIME))
698 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
699 if (badtime)
700 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid"));
701 }
702 #endif
703
704 if (log_err != 0)
705 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
706 daemon->log_file, strerror(log_err));
707
708 if (bind_fallback)
709 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
710
711 if (option_bool(OPT_NOWILD))
712 warn_bound_listeners();
713
714 warn_int_names();
715
716 if (!option_bool(OPT_NOWILD))
717 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
718 if (if_tmp->name && !if_tmp->used)
719 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
720
721 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
722 {
723 if (daemon->resolv_files && !daemon->resolv_files->is_default)
724 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
725 daemon->resolv_files = NULL;
726 if (!daemon->servers)
727 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
728 }
729
730 if (daemon->max_logs != 0)
731 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
732
733
734 #ifdef HAVE_DHCP
735 for (context = daemon->dhcp; context; context = context->next)
736 log_context(AF_INET, context);
737
738 for (relay = daemon->relay4; relay; relay = relay->next)
739 log_relay(AF_INET, relay);
740
741 # ifdef HAVE_DHCP6
742 for (context = daemon->dhcp6; context; context = context->next)
743 log_context(AF_INET6, context);
744
745 for (relay = daemon->relay6; relay; relay = relay->next)
746 log_relay(AF_INET6, relay);
747
748 if (daemon->doing_dhcp6 || daemon->doing_ra)
749 dhcp_construct_contexts(now);
750
751 if (option_bool(OPT_RA))
752 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
753 # endif
754
755 # ifdef HAVE_LINUX_NETWORK
756 if (did_bind)
757 my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device);
758 # endif
759
760 /* after dhcp_contruct_contexts */
761 if (daemon->dhcp || daemon->doing_dhcp6)
762 lease_find_interfaces(now);
763 #endif
764
765 #ifdef HAVE_TFTP
766 if (option_bool(OPT_TFTP))
767 {
768 #ifdef FD_SETSIZE
769 if (FD_SETSIZE < (unsigned)max_fd)
770 max_fd = FD_SETSIZE;
771 #endif
772
773 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
774 daemon->tftp_prefix ? _("root is ") : _("enabled"),
775 daemon->tftp_prefix ? daemon->tftp_prefix: "",
776 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
777
778 /* This is a guess, it assumes that for small limits,
779 disjoint files might be served, but for large limits,
780 a single file will be sent to may clients (the file only needs
781 one fd). */
782
783 max_fd -= 30; /* use other than TFTP */
784
785 if (max_fd < 0)
786 max_fd = 5;
787 else if (max_fd < 100)
788 max_fd = max_fd/2;
789 else
790 max_fd = max_fd - 20;
791
792 /* if we have to use a limited range of ports,
793 that will limit the number of transfers */
794 if (daemon->start_tftp_port != 0 &&
795 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
796 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
797
798 if (daemon->tftp_max > max_fd)
799 {
800 daemon->tftp_max = max_fd;
801 my_syslog(MS_TFTP | LOG_WARNING,
802 _("restricting maximum simultaneous TFTP transfers to %d"),
803 daemon->tftp_max);
804 }
805 }
806 #endif
807
808 /* finished start-up - release original process */
809 if (err_pipe[1] != -1)
810 close(err_pipe[1]);
811
812 if (daemon->port != 0)
813 check_servers();
814
815 pid = getpid();
816
817 #ifdef HAVE_INOTIFY
818 /* Using inotify, have to select a resolv file at startup */
819 poll_resolv(1, 0, now);
820 #endif
821
822 while (1)
823 {
824 int maxfd = -1;
825 struct timeval t, *tp = NULL;
826 fd_set rset, wset, eset;
827
828 FD_ZERO(&rset);
829 FD_ZERO(&wset);
830 FD_ZERO(&eset);
831
832 /* if we are out of resources, find how long we have to wait
833 for some to come free, we'll loop around then and restart
834 listening for queries */
835 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
836 {
837 t.tv_usec = 0;
838 tp = &t;
839 }
840
841 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
842 if (daemon->tftp_trans ||
843 (option_bool(OPT_DBUS) && !daemon->dbus))
844 {
845 t.tv_sec = 0;
846 t.tv_usec = 250000;
847 tp = &t;
848 }
849 /* Wake every second whilst waiting for DAD to complete */
850 else if (is_dad_listeners())
851 {
852 t.tv_sec = 1;
853 t.tv_usec = 0;
854 tp = &t;
855 }
856
857 #ifdef HAVE_DBUS
858 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
859 #endif
860
861 #ifdef HAVE_DHCP
862 if (daemon->dhcp || daemon->relay4)
863 {
864 FD_SET(daemon->dhcpfd, &rset);
865 bump_maxfd(daemon->dhcpfd, &maxfd);
866 if (daemon->pxefd != -1)
867 {
868 FD_SET(daemon->pxefd, &rset);
869 bump_maxfd(daemon->pxefd, &maxfd);
870 }
871 }
872 #endif
873
874 #ifdef HAVE_DHCP6
875 if (daemon->doing_dhcp6 || daemon->relay6)
876 {
877 FD_SET(daemon->dhcp6fd, &rset);
878 bump_maxfd(daemon->dhcp6fd, &maxfd);
879 }
880
881 if (daemon->doing_ra)
882 {
883 FD_SET(daemon->icmp6fd, &rset);
884 bump_maxfd(daemon->icmp6fd, &maxfd);
885 }
886 #endif
887
888 #ifdef HAVE_INOTIFY
889 if (daemon->inotifyfd != -1)
890 {
891 FD_SET(daemon->inotifyfd, &rset);
892 bump_maxfd(daemon->inotifyfd, &maxfd);
893 }
894 #endif
895
896 #if defined(HAVE_LINUX_NETWORK)
897 FD_SET(daemon->netlinkfd, &rset);
898 bump_maxfd(daemon->netlinkfd, &maxfd);
899 #elif defined(HAVE_BSD_NETWORK)
900 FD_SET(daemon->routefd, &rset);
901 bump_maxfd(daemon->routefd, &maxfd);
902 #endif
903
904 FD_SET(piperead, &rset);
905 bump_maxfd(piperead, &maxfd);
906
907 #ifdef HAVE_DHCP
908 # ifdef HAVE_SCRIPT
909 while (helper_buf_empty() && do_script_run(now));
910
911 # ifdef HAVE_TFTP
912 while (helper_buf_empty() && do_tftp_script_run());
913 # endif
914
915 if (!helper_buf_empty())
916 {
917 FD_SET(daemon->helperfd, &wset);
918 bump_maxfd(daemon->helperfd, &maxfd);
919 }
920 # else
921 /* need this for other side-effects */
922 while (do_script_run(now));
923
924 # ifdef HAVE_TFTP
925 while (do_tftp_script_run());
926 # endif
927
928 # endif
929 #endif
930
931 /* must do this just before select(), when we know no
932 more calls to my_syslog() can occur */
933 set_log_writer(&wset, &maxfd);
934
935 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
936 {
937 /* otherwise undefined after error */
938 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
939 }
940
941 now = dnsmasq_time();
942
943 check_log_writer(&wset);
944
945 /* prime. */
946 enumerate_interfaces(1);
947
948 /* Check the interfaces to see if any have exited DAD state
949 and if so, bind the address. */
950 if (is_dad_listeners())
951 {
952 enumerate_interfaces(0);
953 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
954 create_bound_listeners(0);
955 warn_bound_listeners();
956 }
957
958 #if defined(HAVE_LINUX_NETWORK)
959 if (FD_ISSET(daemon->netlinkfd, &rset))
960 netlink_multicast();
961 #elif defined(HAVE_BSD_NETWORK)
962 if (FD_ISSET(daemon->routefd, &rset))
963 route_sock();
964 #endif
965
966 #ifdef HAVE_INOTIFY
967 if (daemon->inotifyfd != -1 && FD_ISSET(daemon->inotifyfd, &rset) && inotify_check(now))
968 {
969 if (daemon->port != 0 && !option_bool(OPT_NO_POLL))
970 poll_resolv(1, 1, now);
971 }
972 #else
973 /* Check for changes to resolv files once per second max. */
974 /* Don't go silent for long periods if the clock goes backwards. */
975 if (daemon->last_resolv == 0 ||
976 difftime(now, daemon->last_resolv) > 1.0 ||
977 difftime(now, daemon->last_resolv) < -1.0)
978 {
979 /* poll_resolv doesn't need to reload first time through, since
980 that's queued anyway. */
981
982 poll_resolv(0, daemon->last_resolv != 0, now);
983 daemon->last_resolv = now;
984 }
985 #endif
986
987 if (FD_ISSET(piperead, &rset))
988 async_event(piperead, now);
989
990 #ifdef HAVE_DBUS
991 /* if we didn't create a DBus connection, retry now. */
992 if (option_bool(OPT_DBUS) && !daemon->dbus)
993 {
994 char *err;
995 if ((err = dbus_init()))
996 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
997 if (daemon->dbus)
998 my_syslog(LOG_INFO, _("connected to system DBus"));
999 }
1000 check_dbus_listeners(&rset, &wset, &eset);
1001 #endif
1002
1003 check_dns_listeners(&rset, now);
1004
1005 #ifdef HAVE_TFTP
1006 check_tftp_listeners(&rset, now);
1007 #endif
1008
1009 #ifdef HAVE_DHCP
1010 if (daemon->dhcp || daemon->relay4)
1011 {
1012 if (FD_ISSET(daemon->dhcpfd, &rset))
1013 dhcp_packet(now, 0);
1014 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
1015 dhcp_packet(now, 1);
1016 }
1017
1018 #ifdef HAVE_DHCP6
1019 if ((daemon->doing_dhcp6 || daemon->relay6) && FD_ISSET(daemon->dhcp6fd, &rset))
1020 dhcp6_packet(now);
1021
1022 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1023 icmp6_packet(now);
1024 #endif
1025
1026 # ifdef HAVE_SCRIPT
1027 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
1028 helper_write();
1029 # endif
1030 #endif
1031
1032 }
1033 }
1034
1035 static void sig_handler(int sig)
1036 {
1037 if (pid == 0)
1038 {
1039 /* ignore anything other than TERM during startup
1040 and in helper proc. (helper ignore TERM too) */
1041 if (sig == SIGTERM)
1042 exit(EC_MISC);
1043 }
1044 else if (pid != getpid())
1045 {
1046 /* alarm is used to kill TCP children after a fixed time. */
1047 if (sig == SIGALRM)
1048 _exit(0);
1049 }
1050 else
1051 {
1052 /* master process */
1053 int event, errsave = errno;
1054
1055 if (sig == SIGHUP)
1056 event = EVENT_RELOAD;
1057 else if (sig == SIGCHLD)
1058 event = EVENT_CHILD;
1059 else if (sig == SIGALRM)
1060 event = EVENT_ALARM;
1061 else if (sig == SIGTERM)
1062 event = EVENT_TERM;
1063 else if (sig == SIGUSR1)
1064 event = EVENT_DUMP;
1065 else if (sig == SIGUSR2)
1066 event = EVENT_REOPEN;
1067 else
1068 return;
1069
1070 send_event(pipewrite, event, 0, NULL);
1071 errno = errsave;
1072 }
1073 }
1074
1075 /* now == 0 -> queue immediate callback */
1076 void send_alarm(time_t event, time_t now)
1077 {
1078 if (now == 0 || event != 0)
1079 {
1080 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1081 if ((now == 0 || difftime(event, now) <= 0.0))
1082 send_event(pipewrite, EVENT_ALARM, 0, NULL);
1083 else
1084 alarm((unsigned)difftime(event, now));
1085 }
1086 }
1087
1088 void queue_event(int event)
1089 {
1090 send_event(pipewrite, event, 0, NULL);
1091 }
1092
1093 void send_event(int fd, int event, int data, char *msg)
1094 {
1095 struct event_desc ev;
1096 struct iovec iov[2];
1097
1098 ev.event = event;
1099 ev.data = data;
1100 ev.msg_sz = msg ? strlen(msg) : 0;
1101
1102 iov[0].iov_base = &ev;
1103 iov[0].iov_len = sizeof(ev);
1104 iov[1].iov_base = msg;
1105 iov[1].iov_len = ev.msg_sz;
1106
1107 /* error pipe, debug mode. */
1108 if (fd == -1)
1109 fatal_event(&ev, msg);
1110 else
1111 /* pipe is non-blocking and struct event_desc is smaller than
1112 PIPE_BUF, so this either fails or writes everything */
1113 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
1114 }
1115
1116 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1117 to describe fatal errors. */
1118 static int read_event(int fd, struct event_desc *evp, char **msg)
1119 {
1120 char *buf;
1121
1122 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1123 return 0;
1124
1125 *msg = NULL;
1126
1127 if (evp->msg_sz != 0 &&
1128 (buf = malloc(evp->msg_sz + 1)) &&
1129 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1130 {
1131 buf[evp->msg_sz] = 0;
1132 *msg = buf;
1133 }
1134
1135 return 1;
1136 }
1137
1138 static void fatal_event(struct event_desc *ev, char *msg)
1139 {
1140 errno = ev->data;
1141
1142 switch (ev->event)
1143 {
1144 case EVENT_DIE:
1145 exit(0);
1146
1147 case EVENT_FORK_ERR:
1148 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1149
1150 case EVENT_PIPE_ERR:
1151 die(_("failed to create helper: %s"), NULL, EC_MISC);
1152
1153 case EVENT_CAP_ERR:
1154 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1155
1156 case EVENT_USER_ERR:
1157 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1158
1159 case EVENT_GROUP_ERR:
1160 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1161
1162 case EVENT_PIDFILE:
1163 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1164
1165 case EVENT_LOG_ERR:
1166 die(_("cannot open log %s: %s"), msg, EC_FILE);
1167
1168 case EVENT_LUA_ERR:
1169 die(_("failed to load Lua script: %s"), msg, EC_MISC);
1170
1171 case EVENT_TFTP_ERR:
1172 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1173 }
1174 }
1175
1176 static void async_event(int pipe, time_t now)
1177 {
1178 pid_t p;
1179 struct event_desc ev;
1180 int i, check = 0;
1181 char *msg;
1182
1183 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1184 to describe fatal errors. */
1185
1186 if (read_event(pipe, &ev, &msg))
1187 switch (ev.event)
1188 {
1189 case EVENT_RELOAD:
1190 #ifdef HAVE_DNSSEC
1191 if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
1192 {
1193 my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
1194 reset_option_bool(OPT_DNSSEC_TIME);
1195 }
1196 #endif
1197 /* fall through */
1198
1199 case EVENT_INIT:
1200 clear_cache_and_reload(now);
1201
1202 if (daemon->port != 0)
1203 {
1204 if (daemon->resolv_files && option_bool(OPT_NO_POLL))
1205 {
1206 reload_servers(daemon->resolv_files->name);
1207 check = 1;
1208 }
1209
1210 if (daemon->servers_file)
1211 {
1212 read_servers_file();
1213 check = 1;
1214 }
1215
1216 if (check)
1217 check_servers();
1218 }
1219
1220 #ifdef HAVE_DHCP
1221 rerun_scripts();
1222 #endif
1223 break;
1224
1225 case EVENT_DUMP:
1226 if (daemon->port != 0)
1227 dump_cache(now);
1228 break;
1229
1230 case EVENT_ALARM:
1231 #ifdef HAVE_DHCP
1232 if (daemon->dhcp || daemon->doing_dhcp6)
1233 {
1234 lease_prune(NULL, now);
1235 lease_update_file(now);
1236 }
1237 #ifdef HAVE_DHCP6
1238 else if (daemon->doing_ra)
1239 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1240 send_alarm(periodic_ra(now), now);
1241 #endif
1242 #endif
1243 break;
1244
1245 case EVENT_CHILD:
1246 /* See Stevens 5.10 */
1247 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1248 if (p == -1)
1249 {
1250 if (errno != EINTR)
1251 break;
1252 }
1253 else
1254 for (i = 0 ; i < MAX_PROCS; i++)
1255 if (daemon->tcp_pids[i] == p)
1256 daemon->tcp_pids[i] = 0;
1257 break;
1258
1259 case EVENT_KILLED:
1260 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
1261 break;
1262
1263 case EVENT_EXITED:
1264 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
1265 break;
1266
1267 case EVENT_EXEC_ERR:
1268 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1269 daemon->lease_change_command, strerror(ev.data));
1270 break;
1271
1272 /* necessary for fatal errors in helper */
1273 case EVENT_USER_ERR:
1274 case EVENT_DIE:
1275 case EVENT_LUA_ERR:
1276 fatal_event(&ev, msg);
1277 break;
1278
1279 case EVENT_REOPEN:
1280 /* Note: this may leave TCP-handling processes with the old file still open.
1281 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1282 we leave them logging to the old file. */
1283 if (daemon->log_file != NULL)
1284 log_reopen(daemon->log_file);
1285 break;
1286
1287 case EVENT_NEWADDR:
1288 newaddress(now);
1289 break;
1290
1291 case EVENT_NEWROUTE:
1292 resend_query();
1293 /* Force re-reading resolv file right now, for luck. */
1294 poll_resolv(0, 1, now);
1295 break;
1296
1297 case EVENT_TERM:
1298 /* Knock all our children on the head. */
1299 for (i = 0; i < MAX_PROCS; i++)
1300 if (daemon->tcp_pids[i] != 0)
1301 kill(daemon->tcp_pids[i], SIGALRM);
1302
1303 #if defined(HAVE_SCRIPT)
1304 /* handle pending lease transitions */
1305 if (daemon->helperfd != -1)
1306 {
1307 /* block in writes until all done */
1308 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1309 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1310 do {
1311 helper_write();
1312 } while (!helper_buf_empty() || do_script_run(now));
1313 close(daemon->helperfd);
1314 }
1315 #endif
1316
1317 if (daemon->lease_stream)
1318 fclose(daemon->lease_stream);
1319
1320 if (daemon->runfile)
1321 unlink(daemon->runfile);
1322
1323 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1324 flush_log();
1325 exit(EC_GOOD);
1326 }
1327 }
1328
1329 static void poll_resolv(int force, int do_reload, time_t now)
1330 {
1331 struct resolvc *res, *latest;
1332 struct stat statbuf;
1333 time_t last_change = 0;
1334 /* There may be more than one possible file.
1335 Go through and find the one which changed _last_.
1336 Warn of any which can't be read. */
1337
1338 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
1339 return;
1340
1341 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1342 if (stat(res->name, &statbuf) == -1)
1343 {
1344 if (force)
1345 {
1346 res->mtime = 0;
1347 continue;
1348 }
1349
1350 if (!res->logged)
1351 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1352 res->logged = 1;
1353
1354 if (res->mtime != 0)
1355 {
1356 /* existing file evaporated, force selection of the latest
1357 file even if its mtime hasn't changed since we last looked */
1358 poll_resolv(1, do_reload, now);
1359 return;
1360 }
1361 }
1362 else
1363 {
1364 res->logged = 0;
1365 if (force || (statbuf.st_mtime != res->mtime))
1366 {
1367 res->mtime = statbuf.st_mtime;
1368 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1369 {
1370 last_change = statbuf.st_mtime;
1371 latest = res;
1372 }
1373 }
1374 }
1375
1376 if (latest)
1377 {
1378 static int warned = 0;
1379 if (reload_servers(latest->name))
1380 {
1381 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1382 warned = 0;
1383 check_servers();
1384 if (option_bool(OPT_RELOAD) && do_reload)
1385 clear_cache_and_reload(now);
1386 }
1387 else
1388 {
1389 latest->mtime = 0;
1390 if (!warned)
1391 {
1392 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1393 warned = 1;
1394 }
1395 }
1396 }
1397 }
1398
1399 void clear_cache_and_reload(time_t now)
1400 {
1401 (void)now;
1402
1403 if (daemon->port != 0)
1404 cache_reload();
1405
1406 #ifdef HAVE_DHCP
1407 if (daemon->dhcp || daemon->doing_dhcp6)
1408 {
1409 if (option_bool(OPT_ETHERS))
1410 dhcp_read_ethers();
1411 reread_dhcp();
1412 #ifdef HAVE_INOTIFY
1413 set_dynamic_inotify(AH_DHCP_HST | AH_DHCP_OPT, 0, NULL, 0);
1414 #endif
1415 dhcp_update_configs(daemon->dhcp_conf);
1416 lease_update_from_configs();
1417 lease_update_file(now);
1418 lease_update_dns(1);
1419 }
1420 #ifdef HAVE_DHCP6
1421 else if (daemon->doing_ra)
1422 /* Not doing DHCP, so no lease system, manage
1423 alarms for ra only */
1424 send_alarm(periodic_ra(now), now);
1425 #endif
1426 #endif
1427 }
1428
1429 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1430 {
1431 struct serverfd *serverfdp;
1432 struct listener *listener;
1433 int wait = 0, i;
1434
1435 #ifdef HAVE_TFTP
1436 int tftp = 0;
1437 struct tftp_transfer *transfer;
1438 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1439 {
1440 tftp++;
1441 FD_SET(transfer->sockfd, set);
1442 bump_maxfd(transfer->sockfd, maxfdp);
1443 }
1444 #endif
1445
1446 /* will we be able to get memory? */
1447 if (daemon->port != 0)
1448 get_new_frec(now, &wait, 0);
1449
1450 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1451 {
1452 FD_SET(serverfdp->fd, set);
1453 bump_maxfd(serverfdp->fd, maxfdp);
1454 }
1455
1456 if (daemon->port != 0 && !daemon->osport)
1457 for (i = 0; i < RANDOM_SOCKS; i++)
1458 if (daemon->randomsocks[i].refcount != 0)
1459 {
1460 FD_SET(daemon->randomsocks[i].fd, set);
1461 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1462 }
1463
1464 for (listener = daemon->listeners; listener; listener = listener->next)
1465 {
1466 /* only listen for queries if we have resources */
1467 if (listener->fd != -1 && wait == 0)
1468 {
1469 FD_SET(listener->fd, set);
1470 bump_maxfd(listener->fd, maxfdp);
1471 }
1472
1473 /* death of a child goes through the select loop, so
1474 we don't need to explicitly arrange to wake up here */
1475 if (listener->tcpfd != -1)
1476 for (i = 0; i < MAX_PROCS; i++)
1477 if (daemon->tcp_pids[i] == 0)
1478 {
1479 FD_SET(listener->tcpfd, set);
1480 bump_maxfd(listener->tcpfd, maxfdp);
1481 break;
1482 }
1483
1484 #ifdef HAVE_TFTP
1485 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1486 {
1487 FD_SET(listener->tftpfd, set);
1488 bump_maxfd(listener->tftpfd, maxfdp);
1489 }
1490 #endif
1491
1492 }
1493
1494 return wait;
1495 }
1496
1497 static void check_dns_listeners(fd_set *set, time_t now)
1498 {
1499 struct serverfd *serverfdp;
1500 struct listener *listener;
1501 int i;
1502
1503 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1504 if (FD_ISSET(serverfdp->fd, set))
1505 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1506
1507 if (daemon->port != 0 && !daemon->osport)
1508 for (i = 0; i < RANDOM_SOCKS; i++)
1509 if (daemon->randomsocks[i].refcount != 0 &&
1510 FD_ISSET(daemon->randomsocks[i].fd, set))
1511 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1512
1513 for (listener = daemon->listeners; listener; listener = listener->next)
1514 {
1515 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1516 receive_query(listener, now);
1517
1518 #ifdef HAVE_TFTP
1519 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1520 tftp_request(listener, now);
1521 #endif
1522
1523 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1524 {
1525 int confd, client_ok = 1;
1526 struct irec *iface = NULL;
1527 pid_t p;
1528 union mysockaddr tcp_addr;
1529 socklen_t tcp_len = sizeof(union mysockaddr);
1530
1531 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1532
1533 if (confd == -1)
1534 continue;
1535
1536 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1537 {
1538 close(confd);
1539 continue;
1540 }
1541
1542 /* Make sure that the interface list is up-to-date.
1543
1544 We do this here as we may need the results below, and
1545 the DNS code needs them for --interface-name stuff.
1546
1547 Multiple calls to enumerate_interfaces() per select loop are
1548 inhibited, so calls to it in the child process (which doesn't select())
1549 have no effect. This avoids two processes reading from the same
1550 netlink fd and screwing the pooch entirely.
1551 */
1552
1553 enumerate_interfaces(0);
1554
1555 if (option_bool(OPT_NOWILD))
1556 iface = listener->iface; /* May be NULL */
1557 else
1558 {
1559 int if_index;
1560 char intr_name[IF_NAMESIZE];
1561
1562 /* if we can find the arrival interface, check it's one that's allowed */
1563 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1564 indextoname(listener->tcpfd, if_index, intr_name))
1565 {
1566 struct all_addr addr;
1567 addr.addr.addr4 = tcp_addr.in.sin_addr;
1568 #ifdef HAVE_IPV6
1569 if (tcp_addr.sa.sa_family == AF_INET6)
1570 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
1571 #endif
1572
1573 for (iface = daemon->interfaces; iface; iface = iface->next)
1574 if (iface->index == if_index)
1575 break;
1576
1577 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1578 client_ok = 0;
1579 }
1580
1581 if (option_bool(OPT_CLEVERBIND))
1582 iface = listener->iface; /* May be NULL */
1583 else
1584 {
1585 /* Check for allowed interfaces when binding the wildcard address:
1586 we do this by looking for an interface with the same address as
1587 the local address of the TCP connection, then looking to see if that's
1588 an allowed interface. As a side effect, we get the netmask of the
1589 interface too, for localisation. */
1590
1591 for (iface = daemon->interfaces; iface; iface = iface->next)
1592 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1593 break;
1594
1595 if (!iface)
1596 client_ok = 0;
1597 }
1598 }
1599
1600 if (!client_ok)
1601 {
1602 shutdown(confd, SHUT_RDWR);
1603 close(confd);
1604 }
1605 #ifndef NO_FORK
1606 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
1607 {
1608 if (p != -1)
1609 {
1610 int i;
1611 for (i = 0; i < MAX_PROCS; i++)
1612 if (daemon->tcp_pids[i] == 0)
1613 {
1614 daemon->tcp_pids[i] = p;
1615 break;
1616 }
1617 }
1618 close(confd);
1619
1620 /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
1621 daemon->log_id += TCP_MAX_QUERIES;
1622 }
1623 #endif
1624 else
1625 {
1626 unsigned char *buff;
1627 struct server *s;
1628 int flags;
1629 struct in_addr netmask;
1630 int auth_dns;
1631
1632 if (iface)
1633 {
1634 netmask = iface->netmask;
1635 auth_dns = iface->dns_auth;
1636 }
1637 else
1638 {
1639 netmask.s_addr = 0;
1640 auth_dns = 0;
1641 }
1642
1643 #ifndef NO_FORK
1644 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1645 terminate the process. */
1646 if (!option_bool(OPT_DEBUG))
1647 alarm(CHILD_LIFETIME);
1648 #endif
1649
1650 /* start with no upstream connections. */
1651 for (s = daemon->servers; s; s = s->next)
1652 s->tcpfd = -1;
1653
1654 /* The connected socket inherits non-blocking
1655 attribute from the listening socket.
1656 Reset that here. */
1657 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1658 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1659
1660 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
1661
1662 shutdown(confd, SHUT_RDWR);
1663 close(confd);
1664
1665 if (buff)
1666 free(buff);
1667
1668 for (s = daemon->servers; s; s = s->next)
1669 if (s->tcpfd != -1)
1670 {
1671 shutdown(s->tcpfd, SHUT_RDWR);
1672 close(s->tcpfd);
1673 }
1674 #ifndef NO_FORK
1675 if (!option_bool(OPT_DEBUG))
1676 {
1677 flush_log();
1678 _exit(0);
1679 }
1680 #endif
1681 }
1682 }
1683 }
1684 }
1685
1686 #ifdef HAVE_DHCP
1687 int make_icmp_sock(void)
1688 {
1689 int fd;
1690 int zeroopt = 0;
1691
1692 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1693 {
1694 if (!fix_fd(fd) ||
1695 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1696 {
1697 close(fd);
1698 fd = -1;
1699 }
1700 }
1701
1702 return fd;
1703 }
1704
1705 int icmp_ping(struct in_addr addr)
1706 {
1707 /* Try and get an ICMP echo from a machine. */
1708
1709 /* Note that whilst in the three second wait, we check for
1710 (and service) events on the DNS and TFTP sockets, (so doing that
1711 better not use any resources our caller has in use...)
1712 but we remain deaf to signals or further DHCP packets. */
1713
1714 int fd;
1715 struct sockaddr_in saddr;
1716 struct {
1717 struct ip ip;
1718 struct icmp icmp;
1719 } packet;
1720 unsigned short id = rand16();
1721 unsigned int i, j;
1722 int gotreply = 0;
1723 time_t start, now;
1724
1725 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1726 if ((fd = make_icmp_sock()) == -1)
1727 return 0;
1728 #else
1729 int opt = 2000;
1730 fd = daemon->dhcp_icmp_fd;
1731 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1732 #endif
1733
1734 saddr.sin_family = AF_INET;
1735 saddr.sin_port = 0;
1736 saddr.sin_addr = addr;
1737 #ifdef HAVE_SOCKADDR_SA_LEN
1738 saddr.sin_len = sizeof(struct sockaddr_in);
1739 #endif
1740
1741 memset(&packet.icmp, 0, sizeof(packet.icmp));
1742 packet.icmp.icmp_type = ICMP_ECHO;
1743 packet.icmp.icmp_id = id;
1744 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1745 j += ((u16 *)&packet.icmp)[i];
1746 while (j>>16)
1747 j = (j & 0xffff) + (j >> 16);
1748 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1749
1750 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1751 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1752 retry_send());
1753
1754 for (now = start = dnsmasq_time();
1755 difftime(now, start) < (float)PING_WAIT;)
1756 {
1757 struct timeval tv;
1758 fd_set rset, wset;
1759 struct sockaddr_in faddr;
1760 int maxfd = fd;
1761 socklen_t len = sizeof(faddr);
1762
1763 tv.tv_usec = 250000;
1764 tv.tv_sec = 0;
1765
1766 FD_ZERO(&rset);
1767 FD_ZERO(&wset);
1768 FD_SET(fd, &rset);
1769 set_dns_listeners(now, &rset, &maxfd);
1770 set_log_writer(&wset, &maxfd);
1771
1772 #ifdef HAVE_DHCP6
1773 if (daemon->doing_ra)
1774 {
1775 FD_SET(daemon->icmp6fd, &rset);
1776 bump_maxfd(daemon->icmp6fd, &maxfd);
1777 }
1778 #endif
1779
1780 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1781 {
1782 FD_ZERO(&rset);
1783 FD_ZERO(&wset);
1784 }
1785
1786 now = dnsmasq_time();
1787
1788 check_log_writer(&wset);
1789 check_dns_listeners(&rset, now);
1790
1791 #ifdef HAVE_DHCP6
1792 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1793 icmp6_packet(now);
1794 #endif
1795
1796 #ifdef HAVE_TFTP
1797 check_tftp_listeners(&rset, now);
1798 #endif
1799
1800 if (FD_ISSET(fd, &rset) &&
1801 recvfrom(fd, &packet, sizeof(packet), 0,
1802 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1803 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1804 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1805 packet.icmp.icmp_seq == 0 &&
1806 packet.icmp.icmp_id == id)
1807 {
1808 gotreply = 1;
1809 break;
1810 }
1811 }
1812
1813 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1814 close(fd);
1815 #else
1816 opt = 1;
1817 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1818 #endif
1819
1820 return gotreply;
1821 }
1822 #endif
1823
1824
Michael's tree of dnsmasq.