]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/dnsmasq.c
projects / people / ms / dnsmasq.git / blob
? search:


b784951950d400745bce96bfee04bdd0c11737a1
[people/ms/dnsmasq.git] / src / dnsmasq.c
1 /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 /* Declare static char *compiler_opts in config.h */
18 #define DNSMASQ_COMPILE_OPTS
19
20 #include "dnsmasq.h"
21
22 struct daemon *daemon;
23
24 static volatile pid_t pid = 0;
25 static volatile int pipewrite;
26
27 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
28 static void check_dns_listeners(fd_set *set, time_t now);
29 static void sig_handler(int sig);
30 static void async_event(int pipe, time_t now);
31 static void fatal_event(struct event_desc *ev, char *msg);
32 static int read_event(int fd, struct event_desc *evp, char **msg);
33 static void poll_resolv(int force, int do_reload, time_t now);
34
35 int main (int argc, char **argv)
36 {
37 int bind_fallback = 0;
38 time_t now;
39 struct sigaction sigact;
40 struct iname *if_tmp;
41 int piperead, pipefd[2], err_pipe[2];
42 struct passwd *ent_pw = NULL;
43 #if defined(HAVE_SCRIPT)
44 uid_t script_uid = 0;
45 gid_t script_gid = 0;
46 #endif
47 struct group *gp = NULL;
48 long i, max_fd = sysconf(_SC_OPEN_MAX);
49 char *baduser = NULL;
50 int log_err;
51 #if defined(HAVE_LINUX_NETWORK)
52 cap_user_header_t hdr = NULL;
53 cap_user_data_t data = NULL;
54 char *bound_device = NULL;
55 int did_bind = 0;
56 #endif
57 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
58 struct dhcp_context *context;
59 struct dhcp_relay *relay;
60 #endif
61
62 #ifdef LOCALEDIR
63 setlocale(LC_ALL, "");
64 bindtextdomain("dnsmasq", LOCALEDIR);
65 textdomain("dnsmasq");
66 #endif
67
68 sigact.sa_handler = sig_handler;
69 sigact.sa_flags = 0;
70 sigemptyset(&sigact.sa_mask);
71 sigaction(SIGUSR1, &sigact, NULL);
72 sigaction(SIGUSR2, &sigact, NULL);
73 sigaction(SIGHUP, &sigact, NULL);
74 sigaction(SIGTERM, &sigact, NULL);
75 sigaction(SIGALRM, &sigact, NULL);
76 sigaction(SIGCHLD, &sigact, NULL);
77
78 /* ignore SIGPIPE */
79 sigact.sa_handler = SIG_IGN;
80 sigaction(SIGPIPE, &sigact, NULL);
81
82 umask(022); /* known umask, create leases and pid files as 0644 */
83
84 rand_init(); /* Must precede read_opts() */
85
86 read_opts(argc, argv, compile_opts);
87
88 if (daemon->edns_pktsz < PACKETSZ)
89 daemon->edns_pktsz = PACKETSZ;
90
91 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
92 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
93 daemon->packet = safe_malloc(daemon->packet_buff_sz);
94
95 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
96 if (option_bool(OPT_EXTRALOG))
97 daemon->addrbuff2 = safe_malloc(ADDRSTRLEN);
98
99 #ifdef HAVE_DNSSEC
100 if (option_bool(OPT_DNSSEC_VALID))
101 {
102 daemon->keyname = safe_malloc(MAXDNAME);
103 daemon->workspacename = safe_malloc(MAXDNAME);
104 }
105 #endif
106
107 #ifdef HAVE_DHCP
108 if (!daemon->lease_file)
109 {
110 if (daemon->dhcp || daemon->dhcp6)
111 daemon->lease_file = LEASEFILE;
112 }
113 #endif
114
115 /* Close any file descriptors we inherited apart from std{in|out|err}
116
117 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
118 otherwise file descriptors we create can end up being 0, 1, or 2
119 and then get accidentally closed later when we make 0, 1, and 2
120 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
121 but it's not guaranteed. By opening /dev/null three times, we
122 ensure that we're not using those fds for real stuff. */
123 for (i = 0; i < max_fd; i++)
124 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
125 close(i);
126 else
127 open("/dev/null", O_RDWR);
128
129 #ifndef HAVE_LINUX_NETWORK
130 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
131 if (!option_bool(OPT_NOWILD))
132 {
133 bind_fallback = 1;
134 set_option_bool(OPT_NOWILD);
135 }
136 # endif
137
138 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
139 if (option_bool(OPT_CLEVERBIND))
140 {
141 bind_fallback = 1;
142 set_option_bool(OPT_NOWILD);
143 reset_option_bool(OPT_CLEVERBIND);
144 }
145 #endif
146
147 #ifndef HAVE_INOTIFY
148 if (daemon->dynamic_dirs)
149 die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL, EC_BADCONF);
150 #endif
151
152 if (option_bool(OPT_DNSSEC_VALID))
153 {
154 #ifdef HAVE_DNSSEC
155 if (!daemon->ds)
156 die(_("no trust anchors provided for DNSSEC"), NULL, EC_BADCONF);
157
158 if (daemon->cachesize < CACHESIZ)
159 die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
160 #else
161 die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
162 #endif
163 }
164
165 #ifndef HAVE_TFTP
166 if (option_bool(OPT_TFTP))
167 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
168 #endif
169
170 #ifdef HAVE_CONNTRACK
171 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
172 die (_("cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
173 #else
174 if (option_bool(OPT_CONNTRACK))
175 die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
176 #endif
177
178 #ifdef HAVE_SOLARIS_NETWORK
179 if (daemon->max_logs != 0)
180 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
181 #endif
182
183 #ifdef __ANDROID__
184 if (daemon->max_logs != 0)
185 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
186 #endif
187
188 #ifndef HAVE_AUTH
189 if (daemon->authserver)
190 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
191 #endif
192
193 #ifndef HAVE_LOOP
194 if (option_bool(OPT_LOOP_DETECT))
195 die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF);
196 #endif
197
198 now = dnsmasq_time();
199
200 /* Create a serial at startup if not configured. */
201 if (daemon->authinterface && daemon->soa_sn == 0)
202 #ifdef HAVE_BROKEN_RTC
203 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
204 #else
205 daemon->soa_sn = now;
206 #endif
207
208 #ifdef HAVE_DHCP6
209 if (daemon->dhcp6)
210 {
211 daemon->doing_ra = option_bool(OPT_RA);
212
213 for (context = daemon->dhcp6; context; context = context->next)
214 {
215 if (context->flags & CONTEXT_DHCP)
216 daemon->doing_dhcp6 = 1;
217 if (context->flags & CONTEXT_RA)
218 daemon->doing_ra = 1;
219 #if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK)
220 if (context->flags & CONTEXT_TEMPLATE)
221 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
222 #endif
223 }
224 }
225 #endif
226
227 #ifdef HAVE_DHCP
228 /* Note that order matters here, we must call lease_init before
229 creating any file descriptors which shouldn't be leaked
230 to the lease-script init process. We need to call common_init
231 before lease_init to allocate buffers it uses.*/
232 if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6)
233 {
234 dhcp_common_init();
235 if (daemon->dhcp || daemon->doing_dhcp6)
236 lease_init(now);
237 }
238
239 if (daemon->dhcp || daemon->relay4)
240 dhcp_init();
241
242 # ifdef HAVE_DHCP6
243 if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6)
244 ra_init(now);
245
246 if (daemon->doing_dhcp6 || daemon->relay6)
247 dhcp6_init();
248 # endif
249
250 #endif
251
252 #ifdef HAVE_IPSET
253 if (daemon->ipsets)
254 ipset_init();
255 #endif
256
257 #if defined(HAVE_LINUX_NETWORK)
258 netlink_init();
259 #elif defined(HAVE_BSD_NETWORK)
260 route_init();
261 #endif
262
263 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
264 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
265
266 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
267 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
268
269 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
270 {
271 create_bound_listeners(1);
272
273 if (!option_bool(OPT_CLEVERBIND))
274 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
275 if (if_tmp->name && !if_tmp->used)
276 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
277
278 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
279 /* after enumerate_interfaces() */
280 bound_device = whichdevice();
281
282 if (daemon->dhcp)
283 {
284 if (!daemon->relay4 && bound_device)
285 {
286 bindtodevice(bound_device, daemon->dhcpfd);
287 did_bind = 1;
288 }
289 if (daemon->enable_pxe && bound_device)
290 {
291 bindtodevice(bound_device, daemon->pxefd);
292 did_bind = 1;
293 }
294 }
295 #endif
296
297 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
298 if (daemon->doing_dhcp6 && !daemon->relay6 && bound_device)
299 {
300 bindtodevice(bound_device, daemon->dhcp6fd);
301 did_bind = 1;
302 }
303 #endif
304 }
305 else
306 create_wildcard_listeners();
307
308 #ifdef HAVE_DHCP6
309 /* after enumerate_interfaces() */
310 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
311 join_multicast(1);
312
313 /* After netlink_init() and before create_helper() */
314 lease_make_duid(now);
315 #endif
316
317 if (daemon->port != 0)
318 {
319 cache_init();
320
321 #ifdef HAVE_DNSSEC
322 blockdata_init();
323 #endif
324 }
325
326 #ifdef HAVE_INOTIFY
327 if (daemon->port != 0 || daemon->dhcp || daemon->doing_dhcp6)
328 inotify_dnsmasq_init();
329 else
330 daemon->inotifyfd = -1;
331 #endif
332
333 if (option_bool(OPT_DBUS))
334 #ifdef HAVE_DBUS
335 {
336 char *err;
337 daemon->dbus = NULL;
338 daemon->watches = NULL;
339 if ((err = dbus_init()))
340 die(_("DBus error: %s"), err, EC_MISC);
341 }
342 #else
343 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
344 #endif
345
346 if (daemon->port != 0)
347 pre_allocate_sfds();
348
349 #if defined(HAVE_SCRIPT)
350 /* Note getpwnam returns static storage */
351 if ((daemon->dhcp || daemon->dhcp6) &&
352 daemon->scriptuser &&
353 (daemon->lease_change_command || daemon->luascript))
354 {
355 if ((ent_pw = getpwnam(daemon->scriptuser)))
356 {
357 script_uid = ent_pw->pw_uid;
358 script_gid = ent_pw->pw_gid;
359 }
360 else
361 baduser = daemon->scriptuser;
362 }
363 #endif
364
365 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
366 baduser = daemon->username;
367 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
368 baduser = daemon->groupname;
369
370 if (baduser)
371 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
372
373 /* implement group defaults, "dip" if available, or group associated with uid */
374 if (!daemon->group_set && !gp)
375 {
376 if (!(gp = getgrnam(CHGRP)) && ent_pw)
377 gp = getgrgid(ent_pw->pw_gid);
378
379 /* for error message */
380 if (gp)
381 daemon->groupname = gp->gr_name;
382 }
383
384 #if defined(HAVE_LINUX_NETWORK)
385 /* determine capability API version here, while we can still
386 call safe_malloc */
387 if (ent_pw && ent_pw->pw_uid != 0)
388 {
389 int capsize = 1; /* for header version 1 */
390 hdr = safe_malloc(sizeof(*hdr));
391
392 /* find version supported by kernel */
393 memset(hdr, 0, sizeof(*hdr));
394 capget(hdr, NULL);
395
396 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
397 {
398 /* if unknown version, use largest supported version (3) */
399 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
400 hdr->version = LINUX_CAPABILITY_VERSION_3;
401 capsize = 2;
402 }
403
404 data = safe_malloc(sizeof(*data) * capsize);
405 memset(data, 0, sizeof(*data) * capsize);
406 }
407 #endif
408
409 /* Use a pipe to carry signals and other events back to the event loop
410 in a race-free manner and another to carry errors to daemon-invoking process */
411 safe_pipe(pipefd, 1);
412
413 piperead = pipefd[0];
414 pipewrite = pipefd[1];
415 /* prime the pipe to load stuff first time. */
416 send_event(pipewrite, EVENT_INIT, 0, NULL);
417
418 err_pipe[1] = -1;
419
420 if (!option_bool(OPT_DEBUG))
421 {
422 /* The following code "daemonizes" the process.
423 See Stevens section 12.4 */
424
425 if (chdir("/") != 0)
426 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
427
428 #ifndef NO_FORK
429 if (!option_bool(OPT_NO_FORK))
430 {
431 pid_t pid;
432
433 /* pipe to carry errors back to original process.
434 When startup is complete we close this and the process terminates. */
435 safe_pipe(err_pipe, 0);
436
437 if ((pid = fork()) == -1)
438 /* fd == -1 since we've not forked, never returns. */
439 send_event(-1, EVENT_FORK_ERR, errno, NULL);
440
441 if (pid != 0)
442 {
443 struct event_desc ev;
444 char *msg;
445
446 /* close our copy of write-end */
447 while (retry_send(close(err_pipe[1])));
448
449 /* check for errors after the fork */
450 if (read_event(err_pipe[0], &ev, &msg))
451 fatal_event(&ev, msg);
452
453 _exit(EC_GOOD);
454 }
455
456 while (retry_send(close(err_pipe[0])));
457
458 /* NO calls to die() from here on. */
459
460 setsid();
461
462 if ((pid = fork()) == -1)
463 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
464
465 if (pid != 0)
466 _exit(0);
467 }
468 #endif
469
470 /* write pidfile _after_ forking ! */
471 if (daemon->runfile)
472 {
473 int fd, err = 0;
474
475 sprintf(daemon->namebuff, "%d\n", (int) getpid());
476
477 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
478 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
479 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
480 extent that an attacker running as the unprivileged user could replace the pidfile with a
481 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
482
483 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
484 ensuring that the open() fails should there be any existing file (because the unlink() failed,
485 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
486 attack can succeed.
487
488 Any compromise of the non-privileged user still theoretically allows the pid-file to be
489 replaced whilst dnsmasq is running. The worst that could allow is that the usual
490 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
491
492 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
493 failure to write the pid-file.
494 */
495
496 unlink(daemon->runfile);
497
498 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
499 {
500 /* only complain if started as root */
501 if (getuid() == 0)
502 err = 1;
503 }
504 else
505 {
506 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
507 err = 1;
508 else
509 {
510 while (retry_send(close(fd)));
511 if (errno != 0)
512 err = 1;
513 }
514 }
515
516 if (err)
517 {
518 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
519 _exit(0);
520 }
521 }
522 }
523
524 log_err = log_start(ent_pw, err_pipe[1]);
525
526 if (!option_bool(OPT_DEBUG))
527 {
528 /* open stdout etc to /dev/null */
529 int nullfd = open("/dev/null", O_RDWR);
530 dup2(nullfd, STDOUT_FILENO);
531 dup2(nullfd, STDERR_FILENO);
532 dup2(nullfd, STDIN_FILENO);
533 close(nullfd);
534 }
535
536 /* if we are to run scripts, we need to fork a helper before dropping root. */
537 daemon->helperfd = -1;
538 #ifdef HAVE_SCRIPT
539 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
540 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
541 #endif
542
543 if (!option_bool(OPT_DEBUG) && getuid() == 0)
544 {
545 int bad_capabilities = 0;
546 gid_t dummy;
547
548 /* remove all supplimentary groups */
549 if (gp &&
550 (setgroups(0, &dummy) == -1 ||
551 setgid(gp->gr_gid) == -1))
552 {
553 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
554 _exit(0);
555 }
556
557 if (ent_pw && ent_pw->pw_uid != 0)
558 {
559 #if defined(HAVE_LINUX_NETWORK)
560 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
561 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
562 ports because of DAD, or we're doing it dynamically,
563 we need CAP_NET_BIND_SERVICE too. */
564 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
565 data->effective = data->permitted = data->inheritable =
566 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
567 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
568 else
569 data->effective = data->permitted = data->inheritable =
570 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
571
572 /* Tell kernel to not clear capabilities when dropping root */
573 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
574 bad_capabilities = errno;
575
576 #elif defined(HAVE_SOLARIS_NETWORK)
577 /* http://developers.sun.com/solaris/articles/program_privileges.html */
578 priv_set_t *priv_set;
579
580 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
581 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
582 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
583 bad_capabilities = errno;
584
585 if (priv_set && bad_capabilities == 0)
586 {
587 priv_inverse(priv_set);
588
589 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
590 bad_capabilities = errno;
591 }
592
593 if (priv_set)
594 priv_freeset(priv_set);
595
596 #endif
597
598 if (bad_capabilities != 0)
599 {
600 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
601 _exit(0);
602 }
603
604 /* finally drop root */
605 if (setuid(ent_pw->pw_uid) == -1)
606 {
607 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
608 _exit(0);
609 }
610
611 #ifdef HAVE_LINUX_NETWORK
612 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
613 data->effective = data->permitted =
614 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
615 else
616 data->effective = data->permitted =
617 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
618 data->inheritable = 0;
619
620 /* lose the setuid and setgid capbilities */
621 if (capset(hdr, data) == -1)
622 {
623 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
624 _exit(0);
625 }
626 #endif
627
628 }
629 }
630
631 #ifdef HAVE_LINUX_NETWORK
632 free(hdr);
633 free(data);
634 if (option_bool(OPT_DEBUG))
635 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
636 #endif
637
638 #ifdef HAVE_TFTP
639 if (option_bool(OPT_TFTP))
640 {
641 DIR *dir;
642 struct tftp_prefix *p;
643
644 if (daemon->tftp_prefix)
645 {
646 if (!((dir = opendir(daemon->tftp_prefix))))
647 {
648 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
649 _exit(0);
650 }
651 closedir(dir);
652 }
653
654 for (p = daemon->if_prefix; p; p = p->next)
655 {
656 if (!((dir = opendir(p->prefix))))
657 {
658 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
659 _exit(0);
660 }
661 closedir(dir);
662 }
663 }
664 #endif
665
666 if (daemon->port == 0)
667 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
668 else if (daemon->cachesize != 0)
669 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
670 else
671 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
672
673 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
674
675 #ifdef HAVE_DBUS
676 if (option_bool(OPT_DBUS))
677 {
678 if (daemon->dbus)
679 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
680 else
681 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
682 }
683 #endif
684
685 if (option_bool(OPT_LOCAL_SERVICE))
686 my_syslog(LOG_INFO, _("DNS service limited to local subnets"));
687
688 #ifdef HAVE_DNSSEC
689 if (option_bool(OPT_DNSSEC_VALID))
690 {
691 int rc;
692
693 /* Delay creating the timestamp file until here, after we've changed user, so that
694 it has the correct owner to allow updating the mtime later.
695 This means we have to report fatal errors via the pipe. */
696 if ((rc = setup_timestamp()) == -1)
697 {
698 send_event(err_pipe[1], EVENT_TIME_ERR, errno, daemon->timestamp_file);
699 _exit(0);
700 }
701
702 my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
703
704 if (option_bool(OPT_DNSSEC_TIME))
705 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
706
707 if (rc == 1)
708 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid"));
709 }
710 #endif
711
712 if (log_err != 0)
713 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
714 daemon->log_file, strerror(log_err));
715
716 if (bind_fallback)
717 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
718
719 if (option_bool(OPT_NOWILD))
720 warn_bound_listeners();
721
722 warn_int_names();
723
724 if (!option_bool(OPT_NOWILD))
725 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
726 if (if_tmp->name && !if_tmp->used)
727 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
728
729 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
730 {
731 if (daemon->resolv_files && !daemon->resolv_files->is_default)
732 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
733 daemon->resolv_files = NULL;
734 if (!daemon->servers)
735 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
736 }
737
738 if (daemon->max_logs != 0)
739 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
740
741
742 #ifdef HAVE_DHCP
743 for (context = daemon->dhcp; context; context = context->next)
744 log_context(AF_INET, context);
745
746 for (relay = daemon->relay4; relay; relay = relay->next)
747 log_relay(AF_INET, relay);
748
749 # ifdef HAVE_DHCP6
750 for (context = daemon->dhcp6; context; context = context->next)
751 log_context(AF_INET6, context);
752
753 for (relay = daemon->relay6; relay; relay = relay->next)
754 log_relay(AF_INET6, relay);
755
756 if (daemon->doing_dhcp6 || daemon->doing_ra)
757 dhcp_construct_contexts(now);
758
759 if (option_bool(OPT_RA))
760 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
761 # endif
762
763 # ifdef HAVE_LINUX_NETWORK
764 if (did_bind)
765 my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device);
766 # endif
767
768 /* after dhcp_contruct_contexts */
769 if (daemon->dhcp || daemon->doing_dhcp6)
770 lease_find_interfaces(now);
771 #endif
772
773 #ifdef HAVE_TFTP
774 if (option_bool(OPT_TFTP))
775 {
776 #ifdef FD_SETSIZE
777 if (FD_SETSIZE < (unsigned)max_fd)
778 max_fd = FD_SETSIZE;
779 #endif
780
781 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
782 daemon->tftp_prefix ? _("root is ") : _("enabled"),
783 daemon->tftp_prefix ? daemon->tftp_prefix: "",
784 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
785
786 /* This is a guess, it assumes that for small limits,
787 disjoint files might be served, but for large limits,
788 a single file will be sent to may clients (the file only needs
789 one fd). */
790
791 max_fd -= 30; /* use other than TFTP */
792
793 if (max_fd < 0)
794 max_fd = 5;
795 else if (max_fd < 100)
796 max_fd = max_fd/2;
797 else
798 max_fd = max_fd - 20;
799
800 /* if we have to use a limited range of ports,
801 that will limit the number of transfers */
802 if (daemon->start_tftp_port != 0 &&
803 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
804 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
805
806 if (daemon->tftp_max > max_fd)
807 {
808 daemon->tftp_max = max_fd;
809 my_syslog(MS_TFTP | LOG_WARNING,
810 _("restricting maximum simultaneous TFTP transfers to %d"),
811 daemon->tftp_max);
812 }
813 }
814 #endif
815
816 /* finished start-up - release original process */
817 if (err_pipe[1] != -1)
818 while (retry_send(close(err_pipe[1])));
819
820 if (daemon->port != 0)
821 check_servers();
822
823 pid = getpid();
824
825 #ifdef HAVE_INOTIFY
826 /* Using inotify, have to select a resolv file at startup */
827 poll_resolv(1, 0, now);
828 #endif
829
830 while (1)
831 {
832 int maxfd = -1;
833 struct timeval t, *tp = NULL;
834 fd_set rset, wset, eset;
835
836 FD_ZERO(&rset);
837 FD_ZERO(&wset);
838 FD_ZERO(&eset);
839
840 /* if we are out of resources, find how long we have to wait
841 for some to come free, we'll loop around then and restart
842 listening for queries */
843 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
844 {
845 t.tv_usec = 0;
846 tp = &t;
847 }
848
849 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
850 if (daemon->tftp_trans ||
851 (option_bool(OPT_DBUS) && !daemon->dbus))
852 {
853 t.tv_sec = 0;
854 t.tv_usec = 250000;
855 tp = &t;
856 }
857 /* Wake every second whilst waiting for DAD to complete */
858 else if (is_dad_listeners())
859 {
860 t.tv_sec = 1;
861 t.tv_usec = 0;
862 tp = &t;
863 }
864
865 #ifdef HAVE_DBUS
866 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
867 #endif
868
869 #ifdef HAVE_DHCP
870 if (daemon->dhcp || daemon->relay4)
871 {
872 FD_SET(daemon->dhcpfd, &rset);
873 bump_maxfd(daemon->dhcpfd, &maxfd);
874 if (daemon->pxefd != -1)
875 {
876 FD_SET(daemon->pxefd, &rset);
877 bump_maxfd(daemon->pxefd, &maxfd);
878 }
879 }
880 #endif
881
882 #ifdef HAVE_DHCP6
883 if (daemon->doing_dhcp6 || daemon->relay6)
884 {
885 FD_SET(daemon->dhcp6fd, &rset);
886 bump_maxfd(daemon->dhcp6fd, &maxfd);
887 }
888
889 if (daemon->doing_ra)
890 {
891 FD_SET(daemon->icmp6fd, &rset);
892 bump_maxfd(daemon->icmp6fd, &maxfd);
893 }
894 #endif
895
896 #ifdef HAVE_INOTIFY
897 if (daemon->inotifyfd != -1)
898 {
899 FD_SET(daemon->inotifyfd, &rset);
900 bump_maxfd(daemon->inotifyfd, &maxfd);
901 }
902 #endif
903
904 #if defined(HAVE_LINUX_NETWORK)
905 FD_SET(daemon->netlinkfd, &rset);
906 bump_maxfd(daemon->netlinkfd, &maxfd);
907 #elif defined(HAVE_BSD_NETWORK)
908 FD_SET(daemon->routefd, &rset);
909 bump_maxfd(daemon->routefd, &maxfd);
910 #endif
911
912 FD_SET(piperead, &rset);
913 bump_maxfd(piperead, &maxfd);
914
915 #ifdef HAVE_DHCP
916 # ifdef HAVE_SCRIPT
917 while (helper_buf_empty() && do_script_run(now));
918
919 # ifdef HAVE_TFTP
920 while (helper_buf_empty() && do_tftp_script_run());
921 # endif
922
923 if (!helper_buf_empty())
924 {
925 FD_SET(daemon->helperfd, &wset);
926 bump_maxfd(daemon->helperfd, &maxfd);
927 }
928 # else
929 /* need this for other side-effects */
930 while (do_script_run(now));
931
932 # ifdef HAVE_TFTP
933 while (do_tftp_script_run());
934 # endif
935
936 # endif
937 #endif
938
939 /* must do this just before select(), when we know no
940 more calls to my_syslog() can occur */
941 set_log_writer(&wset, &maxfd);
942
943 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
944 {
945 /* otherwise undefined after error */
946 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
947 }
948
949 now = dnsmasq_time();
950
951 check_log_writer(&wset);
952
953 /* prime. */
954 enumerate_interfaces(1);
955
956 /* Check the interfaces to see if any have exited DAD state
957 and if so, bind the address. */
958 if (is_dad_listeners())
959 {
960 enumerate_interfaces(0);
961 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
962 create_bound_listeners(0);
963 warn_bound_listeners();
964 }
965
966 #if defined(HAVE_LINUX_NETWORK)
967 if (FD_ISSET(daemon->netlinkfd, &rset))
968 netlink_multicast();
969 #elif defined(HAVE_BSD_NETWORK)
970 if (FD_ISSET(daemon->routefd, &rset))
971 route_sock();
972 #endif
973
974 #ifdef HAVE_INOTIFY
975 if (daemon->inotifyfd != -1 && FD_ISSET(daemon->inotifyfd, &rset) && inotify_check(now))
976 {
977 if (daemon->port != 0 && !option_bool(OPT_NO_POLL))
978 poll_resolv(1, 1, now);
979 }
980 #else
981 /* Check for changes to resolv files once per second max. */
982 /* Don't go silent for long periods if the clock goes backwards. */
983 if (daemon->last_resolv == 0 ||
984 difftime(now, daemon->last_resolv) > 1.0 ||
985 difftime(now, daemon->last_resolv) < -1.0)
986 {
987 /* poll_resolv doesn't need to reload first time through, since
988 that's queued anyway. */
989
990 poll_resolv(0, daemon->last_resolv != 0, now);
991 daemon->last_resolv = now;
992 }
993 #endif
994
995 if (FD_ISSET(piperead, &rset))
996 async_event(piperead, now);
997
998 #ifdef HAVE_DBUS
999 /* if we didn't create a DBus connection, retry now. */
1000 if (option_bool(OPT_DBUS) && !daemon->dbus)
1001 {
1002 char *err;
1003 if ((err = dbus_init()))
1004 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
1005 if (daemon->dbus)
1006 my_syslog(LOG_INFO, _("connected to system DBus"));
1007 }
1008 check_dbus_listeners(&rset, &wset, &eset);
1009 #endif
1010
1011 check_dns_listeners(&rset, now);
1012
1013 #ifdef HAVE_TFTP
1014 check_tftp_listeners(&rset, now);
1015 #endif
1016
1017 #ifdef HAVE_DHCP
1018 if (daemon->dhcp || daemon->relay4)
1019 {
1020 if (FD_ISSET(daemon->dhcpfd, &rset))
1021 dhcp_packet(now, 0);
1022 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
1023 dhcp_packet(now, 1);
1024 }
1025
1026 #ifdef HAVE_DHCP6
1027 if ((daemon->doing_dhcp6 || daemon->relay6) && FD_ISSET(daemon->dhcp6fd, &rset))
1028 dhcp6_packet(now);
1029
1030 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1031 icmp6_packet(now);
1032 #endif
1033
1034 # ifdef HAVE_SCRIPT
1035 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
1036 helper_write();
1037 # endif
1038 #endif
1039
1040 }
1041 }
1042
1043 static void sig_handler(int sig)
1044 {
1045 if (pid == 0)
1046 {
1047 /* ignore anything other than TERM during startup
1048 and in helper proc. (helper ignore TERM too) */
1049 if (sig == SIGTERM)
1050 exit(EC_MISC);
1051 }
1052 else if (pid != getpid())
1053 {
1054 /* alarm is used to kill TCP children after a fixed time. */
1055 if (sig == SIGALRM)
1056 _exit(0);
1057 }
1058 else
1059 {
1060 /* master process */
1061 int event, errsave = errno;
1062
1063 if (sig == SIGHUP)
1064 event = EVENT_RELOAD;
1065 else if (sig == SIGCHLD)
1066 event = EVENT_CHILD;
1067 else if (sig == SIGALRM)
1068 event = EVENT_ALARM;
1069 else if (sig == SIGTERM)
1070 event = EVENT_TERM;
1071 else if (sig == SIGUSR1)
1072 event = EVENT_DUMP;
1073 else if (sig == SIGUSR2)
1074 event = EVENT_REOPEN;
1075 else
1076 return;
1077
1078 send_event(pipewrite, event, 0, NULL);
1079 errno = errsave;
1080 }
1081 }
1082
1083 /* now == 0 -> queue immediate callback */
1084 void send_alarm(time_t event, time_t now)
1085 {
1086 if (now == 0 || event != 0)
1087 {
1088 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1089 if ((now == 0 || difftime(event, now) <= 0.0))
1090 send_event(pipewrite, EVENT_ALARM, 0, NULL);
1091 else
1092 alarm((unsigned)difftime(event, now));
1093 }
1094 }
1095
1096 void queue_event(int event)
1097 {
1098 send_event(pipewrite, event, 0, NULL);
1099 }
1100
1101 void send_event(int fd, int event, int data, char *msg)
1102 {
1103 struct event_desc ev;
1104 struct iovec iov[2];
1105
1106 ev.event = event;
1107 ev.data = data;
1108 ev.msg_sz = msg ? strlen(msg) : 0;
1109
1110 iov[0].iov_base = &ev;
1111 iov[0].iov_len = sizeof(ev);
1112 iov[1].iov_base = msg;
1113 iov[1].iov_len = ev.msg_sz;
1114
1115 /* error pipe, debug mode. */
1116 if (fd == -1)
1117 fatal_event(&ev, msg);
1118 else
1119 /* pipe is non-blocking and struct event_desc is smaller than
1120 PIPE_BUF, so this either fails or writes everything */
1121 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
1122 }
1123
1124 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1125 to describe fatal errors. */
1126 static int read_event(int fd, struct event_desc *evp, char **msg)
1127 {
1128 char *buf;
1129
1130 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1131 return 0;
1132
1133 *msg = NULL;
1134
1135 if (evp->msg_sz != 0 &&
1136 (buf = malloc(evp->msg_sz + 1)) &&
1137 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1138 {
1139 buf[evp->msg_sz] = 0;
1140 *msg = buf;
1141 }
1142
1143 return 1;
1144 }
1145
1146 static void fatal_event(struct event_desc *ev, char *msg)
1147 {
1148 errno = ev->data;
1149
1150 switch (ev->event)
1151 {
1152 case EVENT_DIE:
1153 exit(0);
1154
1155 case EVENT_FORK_ERR:
1156 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1157
1158 case EVENT_PIPE_ERR:
1159 die(_("failed to create helper: %s"), NULL, EC_MISC);
1160
1161 case EVENT_CAP_ERR:
1162 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1163
1164 case EVENT_USER_ERR:
1165 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1166
1167 case EVENT_GROUP_ERR:
1168 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1169
1170 case EVENT_PIDFILE:
1171 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1172
1173 case EVENT_LOG_ERR:
1174 die(_("cannot open log %s: %s"), msg, EC_FILE);
1175
1176 case EVENT_LUA_ERR:
1177 die(_("failed to load Lua script: %s"), msg, EC_MISC);
1178
1179 case EVENT_TFTP_ERR:
1180 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1181
1182 case EVENT_TIME_ERR:
1183 die(_("cannot create timestamp file %s: %s" ), msg, EC_BADCONF);
1184 }
1185 }
1186
1187 static void async_event(int pipe, time_t now)
1188 {
1189 pid_t p;
1190 struct event_desc ev;
1191 int i, check = 0;
1192 char *msg;
1193
1194 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1195 to describe fatal errors. */
1196
1197 if (read_event(pipe, &ev, &msg))
1198 switch (ev.event)
1199 {
1200 case EVENT_RELOAD:
1201 #ifdef HAVE_DNSSEC
1202 if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
1203 {
1204 my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
1205 reset_option_bool(OPT_DNSSEC_TIME);
1206 }
1207 #endif
1208 /* fall through */
1209
1210 case EVENT_INIT:
1211 clear_cache_and_reload(now);
1212
1213 if (daemon->port != 0)
1214 {
1215 if (daemon->resolv_files && option_bool(OPT_NO_POLL))
1216 {
1217 reload_servers(daemon->resolv_files->name);
1218 check = 1;
1219 }
1220
1221 if (daemon->servers_file)
1222 {
1223 read_servers_file();
1224 check = 1;
1225 }
1226
1227 if (check)
1228 check_servers();
1229 }
1230
1231 #ifdef HAVE_DHCP
1232 rerun_scripts();
1233 #endif
1234 break;
1235
1236 case EVENT_DUMP:
1237 if (daemon->port != 0)
1238 dump_cache(now);
1239 break;
1240
1241 case EVENT_ALARM:
1242 #ifdef HAVE_DHCP
1243 if (daemon->dhcp || daemon->doing_dhcp6)
1244 {
1245 lease_prune(NULL, now);
1246 lease_update_file(now);
1247 }
1248 #ifdef HAVE_DHCP6
1249 else if (daemon->doing_ra)
1250 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1251 send_alarm(periodic_ra(now), now);
1252 #endif
1253 #endif
1254 break;
1255
1256 case EVENT_CHILD:
1257 /* See Stevens 5.10 */
1258 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1259 if (p == -1)
1260 {
1261 if (errno != EINTR)
1262 break;
1263 }
1264 else
1265 for (i = 0 ; i < MAX_PROCS; i++)
1266 if (daemon->tcp_pids[i] == p)
1267 daemon->tcp_pids[i] = 0;
1268 break;
1269
1270 case EVENT_KILLED:
1271 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
1272 break;
1273
1274 case EVENT_EXITED:
1275 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
1276 break;
1277
1278 case EVENT_EXEC_ERR:
1279 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1280 daemon->lease_change_command, strerror(ev.data));
1281 break;
1282
1283 /* necessary for fatal errors in helper */
1284 case EVENT_USER_ERR:
1285 case EVENT_DIE:
1286 case EVENT_LUA_ERR:
1287 fatal_event(&ev, msg);
1288 break;
1289
1290 case EVENT_REOPEN:
1291 /* Note: this may leave TCP-handling processes with the old file still open.
1292 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1293 we leave them logging to the old file. */
1294 if (daemon->log_file != NULL)
1295 log_reopen(daemon->log_file);
1296 break;
1297
1298 case EVENT_NEWADDR:
1299 newaddress(now);
1300 break;
1301
1302 case EVENT_NEWROUTE:
1303 resend_query();
1304 /* Force re-reading resolv file right now, for luck. */
1305 poll_resolv(0, 1, now);
1306 break;
1307
1308 case EVENT_TERM:
1309 /* Knock all our children on the head. */
1310 for (i = 0; i < MAX_PROCS; i++)
1311 if (daemon->tcp_pids[i] != 0)
1312 kill(daemon->tcp_pids[i], SIGALRM);
1313
1314 #if defined(HAVE_SCRIPT)
1315 /* handle pending lease transitions */
1316 if (daemon->helperfd != -1)
1317 {
1318 /* block in writes until all done */
1319 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1320 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1321 do {
1322 helper_write();
1323 } while (!helper_buf_empty() || do_script_run(now));
1324 while (retry_send(close(daemon->helperfd)));
1325 }
1326 #endif
1327
1328 if (daemon->lease_stream)
1329 fclose(daemon->lease_stream);
1330
1331 if (daemon->runfile)
1332 unlink(daemon->runfile);
1333
1334 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1335 flush_log();
1336 exit(EC_GOOD);
1337 }
1338 }
1339
1340 static void poll_resolv(int force, int do_reload, time_t now)
1341 {
1342 struct resolvc *res, *latest;
1343 struct stat statbuf;
1344 time_t last_change = 0;
1345 /* There may be more than one possible file.
1346 Go through and find the one which changed _last_.
1347 Warn of any which can't be read. */
1348
1349 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
1350 return;
1351
1352 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1353 if (stat(res->name, &statbuf) == -1)
1354 {
1355 if (force)
1356 {
1357 res->mtime = 0;
1358 continue;
1359 }
1360
1361 if (!res->logged)
1362 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1363 res->logged = 1;
1364
1365 if (res->mtime != 0)
1366 {
1367 /* existing file evaporated, force selection of the latest
1368 file even if its mtime hasn't changed since we last looked */
1369 poll_resolv(1, do_reload, now);
1370 return;
1371 }
1372 }
1373 else
1374 {
1375 res->logged = 0;
1376 if (force || (statbuf.st_mtime != res->mtime))
1377 {
1378 res->mtime = statbuf.st_mtime;
1379 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1380 {
1381 last_change = statbuf.st_mtime;
1382 latest = res;
1383 }
1384 }
1385 }
1386
1387 if (latest)
1388 {
1389 static int warned = 0;
1390 if (reload_servers(latest->name))
1391 {
1392 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1393 warned = 0;
1394 check_servers();
1395 if (option_bool(OPT_RELOAD) && do_reload)
1396 clear_cache_and_reload(now);
1397 }
1398 else
1399 {
1400 latest->mtime = 0;
1401 if (!warned)
1402 {
1403 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1404 warned = 1;
1405 }
1406 }
1407 }
1408 }
1409
1410 void clear_cache_and_reload(time_t now)
1411 {
1412 (void)now;
1413
1414 if (daemon->port != 0)
1415 cache_reload();
1416
1417 #ifdef HAVE_DHCP
1418 if (daemon->dhcp || daemon->doing_dhcp6)
1419 {
1420 if (option_bool(OPT_ETHERS))
1421 dhcp_read_ethers();
1422 reread_dhcp();
1423 #ifdef HAVE_INOTIFY
1424 set_dynamic_inotify(AH_DHCP_HST | AH_DHCP_OPT, 0, NULL, 0);
1425 #endif
1426 dhcp_update_configs(daemon->dhcp_conf);
1427 lease_update_from_configs();
1428 lease_update_file(now);
1429 lease_update_dns(1);
1430 }
1431 #ifdef HAVE_DHCP6
1432 else if (daemon->doing_ra)
1433 /* Not doing DHCP, so no lease system, manage
1434 alarms for ra only */
1435 send_alarm(periodic_ra(now), now);
1436 #endif
1437 #endif
1438 }
1439
1440 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1441 {
1442 struct serverfd *serverfdp;
1443 struct listener *listener;
1444 int wait = 0, i;
1445
1446 #ifdef HAVE_TFTP
1447 int tftp = 0;
1448 struct tftp_transfer *transfer;
1449 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1450 {
1451 tftp++;
1452 FD_SET(transfer->sockfd, set);
1453 bump_maxfd(transfer->sockfd, maxfdp);
1454 }
1455 #endif
1456
1457 /* will we be able to get memory? */
1458 if (daemon->port != 0)
1459 get_new_frec(now, &wait, 0);
1460
1461 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1462 {
1463 FD_SET(serverfdp->fd, set);
1464 bump_maxfd(serverfdp->fd, maxfdp);
1465 }
1466
1467 if (daemon->port != 0 && !daemon->osport)
1468 for (i = 0; i < RANDOM_SOCKS; i++)
1469 if (daemon->randomsocks[i].refcount != 0)
1470 {
1471 FD_SET(daemon->randomsocks[i].fd, set);
1472 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1473 }
1474
1475 for (listener = daemon->listeners; listener; listener = listener->next)
1476 {
1477 /* only listen for queries if we have resources */
1478 if (listener->fd != -1 && wait == 0)
1479 {
1480 FD_SET(listener->fd, set);
1481 bump_maxfd(listener->fd, maxfdp);
1482 }
1483
1484 /* death of a child goes through the select loop, so
1485 we don't need to explicitly arrange to wake up here */
1486 if (listener->tcpfd != -1)
1487 for (i = 0; i < MAX_PROCS; i++)
1488 if (daemon->tcp_pids[i] == 0)
1489 {
1490 FD_SET(listener->tcpfd, set);
1491 bump_maxfd(listener->tcpfd, maxfdp);
1492 break;
1493 }
1494
1495 #ifdef HAVE_TFTP
1496 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1497 {
1498 FD_SET(listener->tftpfd, set);
1499 bump_maxfd(listener->tftpfd, maxfdp);
1500 }
1501 #endif
1502
1503 }
1504
1505 return wait;
1506 }
1507
1508 static void check_dns_listeners(fd_set *set, time_t now)
1509 {
1510 struct serverfd *serverfdp;
1511 struct listener *listener;
1512 int i;
1513
1514 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1515 if (FD_ISSET(serverfdp->fd, set))
1516 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1517
1518 if (daemon->port != 0 && !daemon->osport)
1519 for (i = 0; i < RANDOM_SOCKS; i++)
1520 if (daemon->randomsocks[i].refcount != 0 &&
1521 FD_ISSET(daemon->randomsocks[i].fd, set))
1522 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1523
1524 for (listener = daemon->listeners; listener; listener = listener->next)
1525 {
1526 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1527 receive_query(listener, now);
1528
1529 #ifdef HAVE_TFTP
1530 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1531 tftp_request(listener, now);
1532 #endif
1533
1534 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1535 {
1536 int confd, client_ok = 1;
1537 struct irec *iface = NULL;
1538 pid_t p;
1539 union mysockaddr tcp_addr;
1540 socklen_t tcp_len = sizeof(union mysockaddr);
1541
1542 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1543
1544 if (confd == -1)
1545 continue;
1546
1547 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1548 {
1549 while (retry_send(close(confd)));
1550 continue;
1551 }
1552
1553 /* Make sure that the interface list is up-to-date.
1554
1555 We do this here as we may need the results below, and
1556 the DNS code needs them for --interface-name stuff.
1557
1558 Multiple calls to enumerate_interfaces() per select loop are
1559 inhibited, so calls to it in the child process (which doesn't select())
1560 have no effect. This avoids two processes reading from the same
1561 netlink fd and screwing the pooch entirely.
1562 */
1563
1564 enumerate_interfaces(0);
1565
1566 if (option_bool(OPT_NOWILD))
1567 iface = listener->iface; /* May be NULL */
1568 else
1569 {
1570 int if_index;
1571 char intr_name[IF_NAMESIZE];
1572
1573 /* if we can find the arrival interface, check it's one that's allowed */
1574 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1575 indextoname(listener->tcpfd, if_index, intr_name))
1576 {
1577 struct all_addr addr;
1578 addr.addr.addr4 = tcp_addr.in.sin_addr;
1579 #ifdef HAVE_IPV6
1580 if (tcp_addr.sa.sa_family == AF_INET6)
1581 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
1582 #endif
1583
1584 for (iface = daemon->interfaces; iface; iface = iface->next)
1585 if (iface->index == if_index)
1586 break;
1587
1588 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1589 client_ok = 0;
1590 }
1591
1592 if (option_bool(OPT_CLEVERBIND))
1593 iface = listener->iface; /* May be NULL */
1594 else
1595 {
1596 /* Check for allowed interfaces when binding the wildcard address:
1597 we do this by looking for an interface with the same address as
1598 the local address of the TCP connection, then looking to see if that's
1599 an allowed interface. As a side effect, we get the netmask of the
1600 interface too, for localisation. */
1601
1602 for (iface = daemon->interfaces; iface; iface = iface->next)
1603 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1604 break;
1605
1606 if (!iface)
1607 client_ok = 0;
1608 }
1609 }
1610
1611 if (!client_ok)
1612 {
1613 shutdown(confd, SHUT_RDWR);
1614 while (retry_send(close(confd)));
1615 }
1616 #ifndef NO_FORK
1617 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
1618 {
1619 if (p != -1)
1620 {
1621 int i;
1622 for (i = 0; i < MAX_PROCS; i++)
1623 if (daemon->tcp_pids[i] == 0)
1624 {
1625 daemon->tcp_pids[i] = p;
1626 break;
1627 }
1628 }
1629 while (retry_send(close(confd)));
1630
1631 /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
1632 daemon->log_id += TCP_MAX_QUERIES;
1633 }
1634 #endif
1635 else
1636 {
1637 unsigned char *buff;
1638 struct server *s;
1639 int flags;
1640 struct in_addr netmask;
1641 int auth_dns;
1642
1643 if (iface)
1644 {
1645 netmask = iface->netmask;
1646 auth_dns = iface->dns_auth;
1647 }
1648 else
1649 {
1650 netmask.s_addr = 0;
1651 auth_dns = 0;
1652 }
1653
1654 #ifndef NO_FORK
1655 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1656 terminate the process. */
1657 if (!option_bool(OPT_DEBUG))
1658 alarm(CHILD_LIFETIME);
1659 #endif
1660
1661 /* start with no upstream connections. */
1662 for (s = daemon->servers; s; s = s->next)
1663 s->tcpfd = -1;
1664
1665 /* The connected socket inherits non-blocking
1666 attribute from the listening socket.
1667 Reset that here. */
1668 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1669 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1670
1671 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
1672
1673 shutdown(confd, SHUT_RDWR);
1674 while (retry_send(close(confd)));
1675
1676 if (buff)
1677 free(buff);
1678
1679 for (s = daemon->servers; s; s = s->next)
1680 if (s->tcpfd != -1)
1681 {
1682 shutdown(s->tcpfd, SHUT_RDWR);
1683 while (retry_send(close(s->tcpfd)));
1684 }
1685 #ifndef NO_FORK
1686 if (!option_bool(OPT_DEBUG))
1687 {
1688 flush_log();
1689 _exit(0);
1690 }
1691 #endif
1692 }
1693 }
1694 }
1695 }
1696
1697 #ifdef HAVE_DHCP
1698 int make_icmp_sock(void)
1699 {
1700 int fd;
1701 int zeroopt = 0;
1702
1703 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1704 {
1705 if (!fix_fd(fd) ||
1706 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1707 {
1708 close(fd);
1709 fd = -1;
1710 }
1711 }
1712
1713 return fd;
1714 }
1715
1716 int icmp_ping(struct in_addr addr)
1717 {
1718 /* Try and get an ICMP echo from a machine. */
1719
1720 /* Note that whilst in the three second wait, we check for
1721 (and service) events on the DNS and TFTP sockets, (so doing that
1722 better not use any resources our caller has in use...)
1723 but we remain deaf to signals or further DHCP packets. */
1724
1725 int fd;
1726 struct sockaddr_in saddr;
1727 struct {
1728 struct ip ip;
1729 struct icmp icmp;
1730 } packet;
1731 unsigned short id = rand16();
1732 unsigned int i, j;
1733 int gotreply = 0;
1734 time_t start, now;
1735
1736 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1737 if ((fd = make_icmp_sock()) == -1)
1738 return 0;
1739 #else
1740 int opt = 2000;
1741 fd = daemon->dhcp_icmp_fd;
1742 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1743 #endif
1744
1745 saddr.sin_family = AF_INET;
1746 saddr.sin_port = 0;
1747 saddr.sin_addr = addr;
1748 #ifdef HAVE_SOCKADDR_SA_LEN
1749 saddr.sin_len = sizeof(struct sockaddr_in);
1750 #endif
1751
1752 memset(&packet.icmp, 0, sizeof(packet.icmp));
1753 packet.icmp.icmp_type = ICMP_ECHO;
1754 packet.icmp.icmp_id = id;
1755 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1756 j += ((u16 *)&packet.icmp)[i];
1757 while (j>>16)
1758 j = (j & 0xffff) + (j >> 16);
1759 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1760
1761 while (retry_send(sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1762 (struct sockaddr *)&saddr, sizeof(saddr))));
1763
1764 for (now = start = dnsmasq_time();
1765 difftime(now, start) < (float)PING_WAIT;)
1766 {
1767 struct timeval tv;
1768 fd_set rset, wset;
1769 struct sockaddr_in faddr;
1770 int maxfd = fd;
1771 socklen_t len = sizeof(faddr);
1772
1773 tv.tv_usec = 250000;
1774 tv.tv_sec = 0;
1775
1776 FD_ZERO(&rset);
1777 FD_ZERO(&wset);
1778 FD_SET(fd, &rset);
1779 set_dns_listeners(now, &rset, &maxfd);
1780 set_log_writer(&wset, &maxfd);
1781
1782 #ifdef HAVE_DHCP6
1783 if (daemon->doing_ra)
1784 {
1785 FD_SET(daemon->icmp6fd, &rset);
1786 bump_maxfd(daemon->icmp6fd, &maxfd);
1787 }
1788 #endif
1789
1790 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1791 {
1792 FD_ZERO(&rset);
1793 FD_ZERO(&wset);
1794 }
1795
1796 now = dnsmasq_time();
1797
1798 check_log_writer(&wset);
1799 check_dns_listeners(&rset, now);
1800
1801 #ifdef HAVE_DHCP6
1802 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1803 icmp6_packet(now);
1804 #endif
1805
1806 #ifdef HAVE_TFTP
1807 check_tftp_listeners(&rset, now);
1808 #endif
1809
1810 if (FD_ISSET(fd, &rset) &&
1811 recvfrom(fd, &packet, sizeof(packet), 0,
1812 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1813 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1814 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1815 packet.icmp.icmp_seq == 0 &&
1816 packet.icmp.icmp_id == id)
1817 {
1818 gotreply = 1;
1819 break;
1820 }
1821 }
1822
1823 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1824 while (retry_send(close(fd)));
1825 #else
1826 opt = 1;
1827 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1828 #endif
1829
1830 return gotreply;
1831 }
1832 #endif
1833
1834
Michael's tree of dnsmasq.