1 /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 /* Declare static char *compiler_opts in config.h */
18 #define DNSMASQ_COMPILE_OPTS
22 struct daemon
*daemon
;
24 static volatile pid_t pid
= 0;
25 static volatile int pipewrite
;
27 static int set_dns_listeners(time_t now
, fd_set
*set
, int *maxfdp
);
28 static void check_dns_listeners(fd_set
*set
, time_t now
);
29 static void sig_handler(int sig
);
30 static void async_event(int pipe
, time_t now
);
31 static void fatal_event(struct event_desc
*ev
, char *msg
);
32 static int read_event(int fd
, struct event_desc
*evp
, char **msg
);
33 static void poll_resolv(int force
, int do_reload
, time_t now
);
35 int main (int argc
, char **argv
)
37 int bind_fallback
= 0;
39 struct sigaction sigact
;
41 int piperead
, pipefd
[2], err_pipe
[2];
42 struct passwd
*ent_pw
= NULL
;
43 #if defined(HAVE_SCRIPT)
47 struct group
*gp
= NULL
;
48 long i
, max_fd
= sysconf(_SC_OPEN_MAX
);
51 #if defined(HAVE_LINUX_NETWORK)
52 cap_user_header_t hdr
= NULL
;
53 cap_user_data_t data
= NULL
;
54 char *bound_device
= NULL
;
57 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
58 struct dhcp_context
*context
;
59 struct dhcp_relay
*relay
;
63 setlocale(LC_ALL
, "");
64 bindtextdomain("dnsmasq", LOCALEDIR
);
65 textdomain("dnsmasq");
68 sigact
.sa_handler
= sig_handler
;
70 sigemptyset(&sigact
.sa_mask
);
71 sigaction(SIGUSR1
, &sigact
, NULL
);
72 sigaction(SIGUSR2
, &sigact
, NULL
);
73 sigaction(SIGHUP
, &sigact
, NULL
);
74 sigaction(SIGTERM
, &sigact
, NULL
);
75 sigaction(SIGALRM
, &sigact
, NULL
);
76 sigaction(SIGCHLD
, &sigact
, NULL
);
79 sigact
.sa_handler
= SIG_IGN
;
80 sigaction(SIGPIPE
, &sigact
, NULL
);
82 umask(022); /* known umask, create leases and pid files as 0644 */
84 rand_init(); /* Must precede read_opts() */
86 read_opts(argc
, argv
, compile_opts
);
88 if (daemon
->edns_pktsz
< PACKETSZ
)
89 daemon
->edns_pktsz
= PACKETSZ
;
91 daemon
->packet_buff_sz
= daemon
->edns_pktsz
> DNSMASQ_PACKETSZ
?
92 daemon
->edns_pktsz
: DNSMASQ_PACKETSZ
;
93 daemon
->packet
= safe_malloc(daemon
->packet_buff_sz
);
95 daemon
->addrbuff
= safe_malloc(ADDRSTRLEN
);
96 if (option_bool(OPT_EXTRALOG
))
97 daemon
->addrbuff2
= safe_malloc(ADDRSTRLEN
);
100 if (option_bool(OPT_DNSSEC_VALID
))
102 daemon
->keyname
= safe_malloc(MAXDNAME
);
103 daemon
->workspacename
= safe_malloc(MAXDNAME
);
108 if (!daemon
->lease_file
)
110 if (daemon
->dhcp
|| daemon
->dhcp6
)
111 daemon
->lease_file
= LEASEFILE
;
115 /* Close any file descriptors we inherited apart from std{in|out|err}
117 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
118 otherwise file descriptors we create can end up being 0, 1, or 2
119 and then get accidentally closed later when we make 0, 1, and 2
120 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
121 but it's not guaranteed. By opening /dev/null three times, we
122 ensure that we're not using those fds for real stuff. */
123 for (i
= 0; i
< max_fd
; i
++)
124 if (i
!= STDOUT_FILENO
&& i
!= STDERR_FILENO
&& i
!= STDIN_FILENO
)
127 open("/dev/null", O_RDWR
);
129 #ifndef HAVE_LINUX_NETWORK
130 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
131 if (!option_bool(OPT_NOWILD
))
134 set_option_bool(OPT_NOWILD
);
138 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
139 if (option_bool(OPT_CLEVERBIND
))
142 set_option_bool(OPT_NOWILD
);
143 reset_option_bool(OPT_CLEVERBIND
);
148 if (daemon
->dynamic_dirs
)
149 die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL
, EC_BADCONF
);
152 if (option_bool(OPT_DNSSEC_VALID
))
156 die(_("no trust anchors provided for DNSSEC"), NULL
, EC_BADCONF
);
158 if (daemon
->cachesize
< CACHESIZ
)
159 die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL
, EC_BADCONF
);
161 die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL
, EC_BADCONF
);
166 if (option_bool(OPT_TFTP
))
167 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL
, EC_BADCONF
);
170 #ifdef HAVE_CONNTRACK
171 if (option_bool(OPT_CONNTRACK
) && (daemon
->query_port
!= 0 || daemon
->osport
))
172 die (_("cannot use --conntrack AND --query-port"), NULL
, EC_BADCONF
);
174 if (option_bool(OPT_CONNTRACK
))
175 die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL
, EC_BADCONF
);
178 #ifdef HAVE_SOLARIS_NETWORK
179 if (daemon
->max_logs
!= 0)
180 die(_("asychronous logging is not available under Solaris"), NULL
, EC_BADCONF
);
184 if (daemon
->max_logs
!= 0)
185 die(_("asychronous logging is not available under Android"), NULL
, EC_BADCONF
);
189 if (daemon
->authserver
)
190 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL
, EC_BADCONF
);
194 if (option_bool(OPT_LOOP_DETECT
))
195 die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL
, EC_BADCONF
);
198 now
= dnsmasq_time();
200 /* Create a serial at startup if not configured. */
201 if (daemon
->authinterface
&& daemon
->soa_sn
== 0)
202 #ifdef HAVE_BROKEN_RTC
203 die(_("zone serial must be configured in --auth-soa"), NULL
, EC_BADCONF
);
205 daemon
->soa_sn
= now
;
211 daemon
->doing_ra
= option_bool(OPT_RA
);
213 for (context
= daemon
->dhcp6
; context
; context
= context
->next
)
215 if (context
->flags
& CONTEXT_DHCP
)
216 daemon
->doing_dhcp6
= 1;
217 if (context
->flags
& CONTEXT_RA
)
218 daemon
->doing_ra
= 1;
219 #if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK)
220 if (context
->flags
& CONTEXT_TEMPLATE
)
221 die (_("dhcp-range constructor not available on this platform"), NULL
, EC_BADCONF
);
228 /* Note that order matters here, we must call lease_init before
229 creating any file descriptors which shouldn't be leaked
230 to the lease-script init process. We need to call common_init
231 before lease_init to allocate buffers it uses.*/
232 if (daemon
->dhcp
|| daemon
->doing_dhcp6
|| daemon
->relay4
|| daemon
->relay6
)
235 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
239 if (daemon
->dhcp
|| daemon
->relay4
)
243 if (daemon
->doing_ra
|| daemon
->doing_dhcp6
|| daemon
->relay6
)
246 if (daemon
->doing_dhcp6
|| daemon
->relay6
)
257 #if defined(HAVE_LINUX_NETWORK)
259 #elif defined(HAVE_BSD_NETWORK)
263 if (option_bool(OPT_NOWILD
) && option_bool(OPT_CLEVERBIND
))
264 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL
, EC_BADCONF
);
266 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
267 die(_("failed to find list of interfaces: %s"), NULL
, EC_MISC
);
269 if (option_bool(OPT_NOWILD
) || option_bool(OPT_CLEVERBIND
))
271 create_bound_listeners(1);
273 if (!option_bool(OPT_CLEVERBIND
))
274 for (if_tmp
= daemon
->if_names
; if_tmp
; if_tmp
= if_tmp
->next
)
275 if (if_tmp
->name
&& !if_tmp
->used
)
276 die(_("unknown interface %s"), if_tmp
->name
, EC_BADNET
);
278 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
279 /* after enumerate_interfaces() */
280 bound_device
= whichdevice();
284 if (!daemon
->relay4
&& bound_device
)
286 bindtodevice(bound_device
, daemon
->dhcpfd
);
289 if (daemon
->enable_pxe
&& bound_device
)
291 bindtodevice(bound_device
, daemon
->pxefd
);
297 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
298 if (daemon
->doing_dhcp6
&& !daemon
->relay6
&& bound_device
)
300 bindtodevice(bound_device
, daemon
->dhcp6fd
);
306 create_wildcard_listeners();
309 /* after enumerate_interfaces() */
310 if (daemon
->doing_dhcp6
|| daemon
->relay6
|| daemon
->doing_ra
)
313 /* After netlink_init() and before create_helper() */
314 lease_make_duid(now
);
317 if (daemon
->port
!= 0)
327 if (daemon
->port
!= 0 || daemon
->dhcp
|| daemon
->doing_dhcp6
)
328 inotify_dnsmasq_init();
330 daemon
->inotifyfd
= -1;
333 if (option_bool(OPT_DBUS
))
338 daemon
->watches
= NULL
;
339 if ((err
= dbus_init()))
340 die(_("DBus error: %s"), err
, EC_MISC
);
343 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL
, EC_BADCONF
);
346 if (daemon
->port
!= 0)
349 #if defined(HAVE_SCRIPT)
350 /* Note getpwnam returns static storage */
351 if ((daemon
->dhcp
|| daemon
->dhcp6
) &&
352 daemon
->scriptuser
&&
353 (daemon
->lease_change_command
|| daemon
->luascript
))
355 if ((ent_pw
= getpwnam(daemon
->scriptuser
)))
357 script_uid
= ent_pw
->pw_uid
;
358 script_gid
= ent_pw
->pw_gid
;
361 baduser
= daemon
->scriptuser
;
365 if (daemon
->username
&& !(ent_pw
= getpwnam(daemon
->username
)))
366 baduser
= daemon
->username
;
367 else if (daemon
->groupname
&& !(gp
= getgrnam(daemon
->groupname
)))
368 baduser
= daemon
->groupname
;
371 die(_("unknown user or group: %s"), baduser
, EC_BADCONF
);
373 /* implement group defaults, "dip" if available, or group associated with uid */
374 if (!daemon
->group_set
&& !gp
)
376 if (!(gp
= getgrnam(CHGRP
)) && ent_pw
)
377 gp
= getgrgid(ent_pw
->pw_gid
);
379 /* for error message */
381 daemon
->groupname
= gp
->gr_name
;
384 #if defined(HAVE_LINUX_NETWORK)
385 /* determine capability API version here, while we can still
387 if (ent_pw
&& ent_pw
->pw_uid
!= 0)
389 int capsize
= 1; /* for header version 1 */
390 hdr
= safe_malloc(sizeof(*hdr
));
392 /* find version supported by kernel */
393 memset(hdr
, 0, sizeof(*hdr
));
396 if (hdr
->version
!= LINUX_CAPABILITY_VERSION_1
)
398 /* if unknown version, use largest supported version (3) */
399 if (hdr
->version
!= LINUX_CAPABILITY_VERSION_2
)
400 hdr
->version
= LINUX_CAPABILITY_VERSION_3
;
404 data
= safe_malloc(sizeof(*data
) * capsize
);
405 memset(data
, 0, sizeof(*data
) * capsize
);
409 /* Use a pipe to carry signals and other events back to the event loop
410 in a race-free manner and another to carry errors to daemon-invoking process */
411 safe_pipe(pipefd
, 1);
413 piperead
= pipefd
[0];
414 pipewrite
= pipefd
[1];
415 /* prime the pipe to load stuff first time. */
416 send_event(pipewrite
, EVENT_INIT
, 0, NULL
);
420 if (!option_bool(OPT_DEBUG
))
422 /* The following code "daemonizes" the process.
423 See Stevens section 12.4 */
426 die(_("cannot chdir to filesystem root: %s"), NULL
, EC_MISC
);
429 if (!option_bool(OPT_NO_FORK
))
433 /* pipe to carry errors back to original process.
434 When startup is complete we close this and the process terminates. */
435 safe_pipe(err_pipe
, 0);
437 if ((pid
= fork()) == -1)
438 /* fd == -1 since we've not forked, never returns. */
439 send_event(-1, EVENT_FORK_ERR
, errno
, NULL
);
443 struct event_desc ev
;
446 /* close our copy of write-end */
447 while (retry_send(close(err_pipe
[1])));
449 /* check for errors after the fork */
450 if (read_event(err_pipe
[0], &ev
, &msg
))
451 fatal_event(&ev
, msg
);
456 while (retry_send(close(err_pipe
[0])));
458 /* NO calls to die() from here on. */
462 if ((pid
= fork()) == -1)
463 send_event(err_pipe
[1], EVENT_FORK_ERR
, errno
, NULL
);
470 /* write pidfile _after_ forking ! */
475 sprintf(daemon
->namebuff
, "%d\n", (int) getpid());
477 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
478 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
479 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
480 extent that an attacker running as the unprivileged user could replace the pidfile with a
481 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
483 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
484 ensuring that the open() fails should there be any existing file (because the unlink() failed,
485 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
488 Any compromise of the non-privileged user still theoretically allows the pid-file to be
489 replaced whilst dnsmasq is running. The worst that could allow is that the usual
490 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
492 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
493 failure to write the pid-file.
496 unlink(daemon
->runfile
);
498 if ((fd
= open(daemon
->runfile
, O_WRONLY
|O_CREAT
|O_TRUNC
|O_EXCL
, S_IWUSR
|S_IRUSR
|S_IRGRP
|S_IROTH
)) == -1)
500 /* only complain if started as root */
506 if (!read_write(fd
, (unsigned char *)daemon
->namebuff
, strlen(daemon
->namebuff
), 0))
510 while (retry_send(close(fd
)));
518 send_event(err_pipe
[1], EVENT_PIDFILE
, errno
, daemon
->runfile
);
524 log_err
= log_start(ent_pw
, err_pipe
[1]);
526 if (!option_bool(OPT_DEBUG
))
528 /* open stdout etc to /dev/null */
529 int nullfd
= open("/dev/null", O_RDWR
);
530 dup2(nullfd
, STDOUT_FILENO
);
531 dup2(nullfd
, STDERR_FILENO
);
532 dup2(nullfd
, STDIN_FILENO
);
536 /* if we are to run scripts, we need to fork a helper before dropping root. */
537 daemon
->helperfd
= -1;
539 if ((daemon
->dhcp
|| daemon
->dhcp6
) && (daemon
->lease_change_command
|| daemon
->luascript
))
540 daemon
->helperfd
= create_helper(pipewrite
, err_pipe
[1], script_uid
, script_gid
, max_fd
);
543 if (!option_bool(OPT_DEBUG
) && getuid() == 0)
545 int bad_capabilities
= 0;
548 /* remove all supplimentary groups */
550 (setgroups(0, &dummy
) == -1 ||
551 setgid(gp
->gr_gid
) == -1))
553 send_event(err_pipe
[1], EVENT_GROUP_ERR
, errno
, daemon
->groupname
);
557 if (ent_pw
&& ent_pw
->pw_uid
!= 0)
559 #if defined(HAVE_LINUX_NETWORK)
560 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
561 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
562 ports because of DAD, or we're doing it dynamically,
563 we need CAP_NET_BIND_SERVICE too. */
564 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND
))
565 data
->effective
= data
->permitted
= data
->inheritable
=
566 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) |
567 (1 << CAP_SETUID
) | (1 << CAP_NET_BIND_SERVICE
);
569 data
->effective
= data
->permitted
= data
->inheritable
=
570 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) | (1 << CAP_SETUID
);
572 /* Tell kernel to not clear capabilities when dropping root */
573 if (capset(hdr
, data
) == -1 || prctl(PR_SET_KEEPCAPS
, 1, 0, 0, 0) == -1)
574 bad_capabilities
= errno
;
576 #elif defined(HAVE_SOLARIS_NETWORK)
577 /* http://developers.sun.com/solaris/articles/program_privileges.html */
578 priv_set_t
*priv_set
;
580 if (!(priv_set
= priv_str_to_set("basic", ",", NULL
)) ||
581 priv_addset(priv_set
, PRIV_NET_ICMPACCESS
) == -1 ||
582 priv_addset(priv_set
, PRIV_SYS_NET_CONFIG
) == -1)
583 bad_capabilities
= errno
;
585 if (priv_set
&& bad_capabilities
== 0)
587 priv_inverse(priv_set
);
589 if (setppriv(PRIV_OFF
, PRIV_LIMIT
, priv_set
) == -1)
590 bad_capabilities
= errno
;
594 priv_freeset(priv_set
);
598 if (bad_capabilities
!= 0)
600 send_event(err_pipe
[1], EVENT_CAP_ERR
, bad_capabilities
, NULL
);
604 /* finally drop root */
605 if (setuid(ent_pw
->pw_uid
) == -1)
607 send_event(err_pipe
[1], EVENT_USER_ERR
, errno
, daemon
->username
);
611 #ifdef HAVE_LINUX_NETWORK
612 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND
))
613 data
->effective
= data
->permitted
=
614 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) | (1 << CAP_NET_BIND_SERVICE
);
616 data
->effective
= data
->permitted
=
617 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
);
618 data
->inheritable
= 0;
620 /* lose the setuid and setgid capbilities */
621 if (capset(hdr
, data
) == -1)
623 send_event(err_pipe
[1], EVENT_CAP_ERR
, errno
, NULL
);
631 #ifdef HAVE_LINUX_NETWORK
634 if (option_bool(OPT_DEBUG
))
635 prctl(PR_SET_DUMPABLE
, 1, 0, 0, 0);
639 if (option_bool(OPT_TFTP
))
642 struct tftp_prefix
*p
;
644 if (daemon
->tftp_prefix
)
646 if (!((dir
= opendir(daemon
->tftp_prefix
))))
648 send_event(err_pipe
[1], EVENT_TFTP_ERR
, errno
, daemon
->tftp_prefix
);
654 for (p
= daemon
->if_prefix
; p
; p
= p
->next
)
656 if (!((dir
= opendir(p
->prefix
))))
658 send_event(err_pipe
[1], EVENT_TFTP_ERR
, errno
, p
->prefix
);
666 if (daemon
->port
== 0)
667 my_syslog(LOG_INFO
, _("started, version %s DNS disabled"), VERSION
);
668 else if (daemon
->cachesize
!= 0)
669 my_syslog(LOG_INFO
, _("started, version %s cachesize %d"), VERSION
, daemon
->cachesize
);
671 my_syslog(LOG_INFO
, _("started, version %s cache disabled"), VERSION
);
673 my_syslog(LOG_INFO
, _("compile time options: %s"), compile_opts
);
676 if (option_bool(OPT_DBUS
))
679 my_syslog(LOG_INFO
, _("DBus support enabled: connected to system bus"));
681 my_syslog(LOG_INFO
, _("DBus support enabled: bus connection pending"));
685 if (option_bool(OPT_LOCAL_SERVICE
))
686 my_syslog(LOG_INFO
, _("DNS service limited to local subnets"));
689 if (option_bool(OPT_DNSSEC_VALID
))
693 /* Delay creating the timestamp file until here, after we've changed user, so that
694 it has the correct owner to allow updating the mtime later.
695 This means we have to report fatal errors via the pipe. */
696 if ((rc
= setup_timestamp()) == -1)
698 send_event(err_pipe
[1], EVENT_TIME_ERR
, errno
, daemon
->timestamp_file
);
702 my_syslog(LOG_INFO
, _("DNSSEC validation enabled"));
704 if (option_bool(OPT_DNSSEC_TIME
))
705 my_syslog(LOG_INFO
, _("DNSSEC signature timestamps not checked until first cache reload"));
708 my_syslog(LOG_INFO
, _("DNSSEC signature timestamps not checked until system time valid"));
713 my_syslog(LOG_WARNING
, _("warning: failed to change owner of %s: %s"),
714 daemon
->log_file
, strerror(log_err
));
717 my_syslog(LOG_WARNING
, _("setting --bind-interfaces option because of OS limitations"));
719 if (option_bool(OPT_NOWILD
))
720 warn_bound_listeners();
724 if (!option_bool(OPT_NOWILD
))
725 for (if_tmp
= daemon
->if_names
; if_tmp
; if_tmp
= if_tmp
->next
)
726 if (if_tmp
->name
&& !if_tmp
->used
)
727 my_syslog(LOG_WARNING
, _("warning: interface %s does not currently exist"), if_tmp
->name
);
729 if (daemon
->port
!= 0 && option_bool(OPT_NO_RESOLV
))
731 if (daemon
->resolv_files
&& !daemon
->resolv_files
->is_default
)
732 my_syslog(LOG_WARNING
, _("warning: ignoring resolv-file flag because no-resolv is set"));
733 daemon
->resolv_files
= NULL
;
734 if (!daemon
->servers
)
735 my_syslog(LOG_WARNING
, _("warning: no upstream servers configured"));
738 if (daemon
->max_logs
!= 0)
739 my_syslog(LOG_INFO
, _("asynchronous logging enabled, queue limit is %d messages"), daemon
->max_logs
);
743 for (context
= daemon
->dhcp
; context
; context
= context
->next
)
744 log_context(AF_INET
, context
);
746 for (relay
= daemon
->relay4
; relay
; relay
= relay
->next
)
747 log_relay(AF_INET
, relay
);
750 for (context
= daemon
->dhcp6
; context
; context
= context
->next
)
751 log_context(AF_INET6
, context
);
753 for (relay
= daemon
->relay6
; relay
; relay
= relay
->next
)
754 log_relay(AF_INET6
, relay
);
756 if (daemon
->doing_dhcp6
|| daemon
->doing_ra
)
757 dhcp_construct_contexts(now
);
759 if (option_bool(OPT_RA
))
760 my_syslog(MS_DHCP
| LOG_INFO
, _("IPv6 router advertisement enabled"));
763 # ifdef HAVE_LINUX_NETWORK
765 my_syslog(MS_DHCP
| LOG_INFO
, _("DHCP, sockets bound exclusively to interface %s"), bound_device
);
768 /* after dhcp_contruct_contexts */
769 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
770 lease_find_interfaces(now
);
774 if (option_bool(OPT_TFTP
))
777 if (FD_SETSIZE
< (unsigned)max_fd
)
781 my_syslog(MS_TFTP
| LOG_INFO
, "TFTP %s%s %s",
782 daemon
->tftp_prefix
? _("root is ") : _("enabled"),
783 daemon
->tftp_prefix
? daemon
->tftp_prefix
: "",
784 option_bool(OPT_TFTP_SECURE
) ? _("secure mode") : "");
786 /* This is a guess, it assumes that for small limits,
787 disjoint files might be served, but for large limits,
788 a single file will be sent to may clients (the file only needs
791 max_fd
-= 30; /* use other than TFTP */
795 else if (max_fd
< 100)
798 max_fd
= max_fd
- 20;
800 /* if we have to use a limited range of ports,
801 that will limit the number of transfers */
802 if (daemon
->start_tftp_port
!= 0 &&
803 daemon
->end_tftp_port
- daemon
->start_tftp_port
+ 1 < max_fd
)
804 max_fd
= daemon
->end_tftp_port
- daemon
->start_tftp_port
+ 1;
806 if (daemon
->tftp_max
> max_fd
)
808 daemon
->tftp_max
= max_fd
;
809 my_syslog(MS_TFTP
| LOG_WARNING
,
810 _("restricting maximum simultaneous TFTP transfers to %d"),
816 /* finished start-up - release original process */
817 if (err_pipe
[1] != -1)
818 while (retry_send(close(err_pipe
[1])));
820 if (daemon
->port
!= 0)
826 /* Using inotify, have to select a resolv file at startup */
827 poll_resolv(1, 0, now
);
833 struct timeval t
, *tp
= NULL
;
834 fd_set rset
, wset
, eset
;
840 /* if we are out of resources, find how long we have to wait
841 for some to come free, we'll loop around then and restart
842 listening for queries */
843 if ((t
.tv_sec
= set_dns_listeners(now
, &rset
, &maxfd
)) != 0)
849 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
850 if (daemon
->tftp_trans
||
851 (option_bool(OPT_DBUS
) && !daemon
->dbus
))
857 /* Wake every second whilst waiting for DAD to complete */
858 else if (is_dad_listeners())
866 set_dbus_listeners(&maxfd
, &rset
, &wset
, &eset
);
870 if (daemon
->dhcp
|| daemon
->relay4
)
872 FD_SET(daemon
->dhcpfd
, &rset
);
873 bump_maxfd(daemon
->dhcpfd
, &maxfd
);
874 if (daemon
->pxefd
!= -1)
876 FD_SET(daemon
->pxefd
, &rset
);
877 bump_maxfd(daemon
->pxefd
, &maxfd
);
883 if (daemon
->doing_dhcp6
|| daemon
->relay6
)
885 FD_SET(daemon
->dhcp6fd
, &rset
);
886 bump_maxfd(daemon
->dhcp6fd
, &maxfd
);
889 if (daemon
->doing_ra
)
891 FD_SET(daemon
->icmp6fd
, &rset
);
892 bump_maxfd(daemon
->icmp6fd
, &maxfd
);
897 if (daemon
->inotifyfd
!= -1)
899 FD_SET(daemon
->inotifyfd
, &rset
);
900 bump_maxfd(daemon
->inotifyfd
, &maxfd
);
904 #if defined(HAVE_LINUX_NETWORK)
905 FD_SET(daemon
->netlinkfd
, &rset
);
906 bump_maxfd(daemon
->netlinkfd
, &maxfd
);
907 #elif defined(HAVE_BSD_NETWORK)
908 FD_SET(daemon
->routefd
, &rset
);
909 bump_maxfd(daemon
->routefd
, &maxfd
);
912 FD_SET(piperead
, &rset
);
913 bump_maxfd(piperead
, &maxfd
);
917 while (helper_buf_empty() && do_script_run(now
));
920 while (helper_buf_empty() && do_tftp_script_run());
923 if (!helper_buf_empty())
925 FD_SET(daemon
->helperfd
, &wset
);
926 bump_maxfd(daemon
->helperfd
, &maxfd
);
929 /* need this for other side-effects */
930 while (do_script_run(now
));
933 while (do_tftp_script_run());
939 /* must do this just before select(), when we know no
940 more calls to my_syslog() can occur */
941 set_log_writer(&wset
, &maxfd
);
943 if (select(maxfd
+1, &rset
, &wset
, &eset
, tp
) < 0)
945 /* otherwise undefined after error */
946 FD_ZERO(&rset
); FD_ZERO(&wset
); FD_ZERO(&eset
);
949 now
= dnsmasq_time();
951 check_log_writer(&wset
);
954 enumerate_interfaces(1);
956 /* Check the interfaces to see if any have exited DAD state
957 and if so, bind the address. */
958 if (is_dad_listeners())
960 enumerate_interfaces(0);
961 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
962 create_bound_listeners(0);
963 warn_bound_listeners();
966 #if defined(HAVE_LINUX_NETWORK)
967 if (FD_ISSET(daemon
->netlinkfd
, &rset
))
969 #elif defined(HAVE_BSD_NETWORK)
970 if (FD_ISSET(daemon
->routefd
, &rset
))
975 if (daemon
->inotifyfd
!= -1 && FD_ISSET(daemon
->inotifyfd
, &rset
) && inotify_check(now
))
977 if (daemon
->port
!= 0 && !option_bool(OPT_NO_POLL
))
978 poll_resolv(1, 1, now
);
981 /* Check for changes to resolv files once per second max. */
982 /* Don't go silent for long periods if the clock goes backwards. */
983 if (daemon
->last_resolv
== 0 ||
984 difftime(now
, daemon
->last_resolv
) > 1.0 ||
985 difftime(now
, daemon
->last_resolv
) < -1.0)
987 /* poll_resolv doesn't need to reload first time through, since
988 that's queued anyway. */
990 poll_resolv(0, daemon
->last_resolv
!= 0, now
);
991 daemon
->last_resolv
= now
;
995 if (FD_ISSET(piperead
, &rset
))
996 async_event(piperead
, now
);
999 /* if we didn't create a DBus connection, retry now. */
1000 if (option_bool(OPT_DBUS
) && !daemon
->dbus
)
1003 if ((err
= dbus_init()))
1004 my_syslog(LOG_WARNING
, _("DBus error: %s"), err
);
1006 my_syslog(LOG_INFO
, _("connected to system DBus"));
1008 check_dbus_listeners(&rset
, &wset
, &eset
);
1011 check_dns_listeners(&rset
, now
);
1014 check_tftp_listeners(&rset
, now
);
1018 if (daemon
->dhcp
|| daemon
->relay4
)
1020 if (FD_ISSET(daemon
->dhcpfd
, &rset
))
1021 dhcp_packet(now
, 0);
1022 if (daemon
->pxefd
!= -1 && FD_ISSET(daemon
->pxefd
, &rset
))
1023 dhcp_packet(now
, 1);
1027 if ((daemon
->doing_dhcp6
|| daemon
->relay6
) && FD_ISSET(daemon
->dhcp6fd
, &rset
))
1030 if (daemon
->doing_ra
&& FD_ISSET(daemon
->icmp6fd
, &rset
))
1035 if (daemon
->helperfd
!= -1 && FD_ISSET(daemon
->helperfd
, &wset
))
1043 static void sig_handler(int sig
)
1047 /* ignore anything other than TERM during startup
1048 and in helper proc. (helper ignore TERM too) */
1052 else if (pid
!= getpid())
1054 /* alarm is used to kill TCP children after a fixed time. */
1060 /* master process */
1061 int event
, errsave
= errno
;
1064 event
= EVENT_RELOAD
;
1065 else if (sig
== SIGCHLD
)
1066 event
= EVENT_CHILD
;
1067 else if (sig
== SIGALRM
)
1068 event
= EVENT_ALARM
;
1069 else if (sig
== SIGTERM
)
1071 else if (sig
== SIGUSR1
)
1073 else if (sig
== SIGUSR2
)
1074 event
= EVENT_REOPEN
;
1078 send_event(pipewrite
, event
, 0, NULL
);
1083 /* now == 0 -> queue immediate callback */
1084 void send_alarm(time_t event
, time_t now
)
1086 if (now
== 0 || event
!= 0)
1088 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1089 if ((now
== 0 || difftime(event
, now
) <= 0.0))
1090 send_event(pipewrite
, EVENT_ALARM
, 0, NULL
);
1092 alarm((unsigned)difftime(event
, now
));
1096 void queue_event(int event
)
1098 send_event(pipewrite
, event
, 0, NULL
);
1101 void send_event(int fd
, int event
, int data
, char *msg
)
1103 struct event_desc ev
;
1104 struct iovec iov
[2];
1108 ev
.msg_sz
= msg
? strlen(msg
) : 0;
1110 iov
[0].iov_base
= &ev
;
1111 iov
[0].iov_len
= sizeof(ev
);
1112 iov
[1].iov_base
= msg
;
1113 iov
[1].iov_len
= ev
.msg_sz
;
1115 /* error pipe, debug mode. */
1117 fatal_event(&ev
, msg
);
1119 /* pipe is non-blocking and struct event_desc is smaller than
1120 PIPE_BUF, so this either fails or writes everything */
1121 while (writev(fd
, iov
, msg
? 2 : 1) == -1 && errno
== EINTR
);
1124 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1125 to describe fatal errors. */
1126 static int read_event(int fd
, struct event_desc
*evp
, char **msg
)
1130 if (!read_write(fd
, (unsigned char *)evp
, sizeof(struct event_desc
), 1))
1135 if (evp
->msg_sz
!= 0 &&
1136 (buf
= malloc(evp
->msg_sz
+ 1)) &&
1137 read_write(fd
, (unsigned char *)buf
, evp
->msg_sz
, 1))
1139 buf
[evp
->msg_sz
] = 0;
1146 static void fatal_event(struct event_desc
*ev
, char *msg
)
1155 case EVENT_FORK_ERR
:
1156 die(_("cannot fork into background: %s"), NULL
, EC_MISC
);
1158 case EVENT_PIPE_ERR
:
1159 die(_("failed to create helper: %s"), NULL
, EC_MISC
);
1162 die(_("setting capabilities failed: %s"), NULL
, EC_MISC
);
1164 case EVENT_USER_ERR
:
1165 die(_("failed to change user-id to %s: %s"), msg
, EC_MISC
);
1167 case EVENT_GROUP_ERR
:
1168 die(_("failed to change group-id to %s: %s"), msg
, EC_MISC
);
1171 die(_("failed to open pidfile %s: %s"), msg
, EC_FILE
);
1174 die(_("cannot open log %s: %s"), msg
, EC_FILE
);
1177 die(_("failed to load Lua script: %s"), msg
, EC_MISC
);
1179 case EVENT_TFTP_ERR
:
1180 die(_("TFTP directory %s inaccessible: %s"), msg
, EC_FILE
);
1182 case EVENT_TIME_ERR
:
1183 die(_("cannot create timestamp file %s: %s" ), msg
, EC_BADCONF
);
1187 static void async_event(int pipe
, time_t now
)
1190 struct event_desc ev
;
1194 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1195 to describe fatal errors. */
1197 if (read_event(pipe
, &ev
, &msg
))
1202 if (option_bool(OPT_DNSSEC_VALID
) && option_bool(OPT_DNSSEC_TIME
))
1204 my_syslog(LOG_INFO
, _("now checking DNSSEC signature timestamps"));
1205 reset_option_bool(OPT_DNSSEC_TIME
);
1211 clear_cache_and_reload(now
);
1213 if (daemon
->port
!= 0)
1215 if (daemon
->resolv_files
&& option_bool(OPT_NO_POLL
))
1217 reload_servers(daemon
->resolv_files
->name
);
1221 if (daemon
->servers_file
)
1223 read_servers_file();
1237 if (daemon
->port
!= 0)
1243 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
1245 lease_prune(NULL
, now
);
1246 lease_update_file(now
);
1249 else if (daemon
->doing_ra
)
1250 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1251 send_alarm(periodic_ra(now
), now
);
1257 /* See Stevens 5.10 */
1258 while ((p
= waitpid(-1, NULL
, WNOHANG
)) != 0)
1265 for (i
= 0 ; i
< MAX_PROCS
; i
++)
1266 if (daemon
->tcp_pids
[i
] == p
)
1267 daemon
->tcp_pids
[i
] = 0;
1271 my_syslog(LOG_WARNING
, _("script process killed by signal %d"), ev
.data
);
1275 my_syslog(LOG_WARNING
, _("script process exited with status %d"), ev
.data
);
1278 case EVENT_EXEC_ERR
:
1279 my_syslog(LOG_ERR
, _("failed to execute %s: %s"),
1280 daemon
->lease_change_command
, strerror(ev
.data
));
1283 /* necessary for fatal errors in helper */
1284 case EVENT_USER_ERR
:
1287 fatal_event(&ev
, msg
);
1291 /* Note: this may leave TCP-handling processes with the old file still open.
1292 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1293 we leave them logging to the old file. */
1294 if (daemon
->log_file
!= NULL
)
1295 log_reopen(daemon
->log_file
);
1302 case EVENT_NEWROUTE
:
1304 /* Force re-reading resolv file right now, for luck. */
1305 poll_resolv(0, 1, now
);
1309 /* Knock all our children on the head. */
1310 for (i
= 0; i
< MAX_PROCS
; i
++)
1311 if (daemon
->tcp_pids
[i
] != 0)
1312 kill(daemon
->tcp_pids
[i
], SIGALRM
);
1314 #if defined(HAVE_SCRIPT)
1315 /* handle pending lease transitions */
1316 if (daemon
->helperfd
!= -1)
1318 /* block in writes until all done */
1319 if ((i
= fcntl(daemon
->helperfd
, F_GETFL
)) != -1)
1320 fcntl(daemon
->helperfd
, F_SETFL
, i
& ~O_NONBLOCK
);
1323 } while (!helper_buf_empty() || do_script_run(now
));
1324 while (retry_send(close(daemon
->helperfd
)));
1328 if (daemon
->lease_stream
)
1329 fclose(daemon
->lease_stream
);
1331 if (daemon
->runfile
)
1332 unlink(daemon
->runfile
);
1334 my_syslog(LOG_INFO
, _("exiting on receipt of SIGTERM"));
1340 static void poll_resolv(int force
, int do_reload
, time_t now
)
1342 struct resolvc
*res
, *latest
;
1343 struct stat statbuf
;
1344 time_t last_change
= 0;
1345 /* There may be more than one possible file.
1346 Go through and find the one which changed _last_.
1347 Warn of any which can't be read. */
1349 if (daemon
->port
== 0 || option_bool(OPT_NO_POLL
))
1352 for (latest
= NULL
, res
= daemon
->resolv_files
; res
; res
= res
->next
)
1353 if (stat(res
->name
, &statbuf
) == -1)
1362 my_syslog(LOG_WARNING
, _("failed to access %s: %s"), res
->name
, strerror(errno
));
1365 if (res
->mtime
!= 0)
1367 /* existing file evaporated, force selection of the latest
1368 file even if its mtime hasn't changed since we last looked */
1369 poll_resolv(1, do_reload
, now
);
1376 if (force
|| (statbuf
.st_mtime
!= res
->mtime
))
1378 res
->mtime
= statbuf
.st_mtime
;
1379 if (difftime(statbuf
.st_mtime
, last_change
) > 0.0)
1381 last_change
= statbuf
.st_mtime
;
1389 static int warned
= 0;
1390 if (reload_servers(latest
->name
))
1392 my_syslog(LOG_INFO
, _("reading %s"), latest
->name
);
1395 if (option_bool(OPT_RELOAD
) && do_reload
)
1396 clear_cache_and_reload(now
);
1403 my_syslog(LOG_WARNING
, _("no servers found in %s, will retry"), latest
->name
);
1410 void clear_cache_and_reload(time_t now
)
1414 if (daemon
->port
!= 0)
1418 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
1420 if (option_bool(OPT_ETHERS
))
1424 set_dynamic_inotify(AH_DHCP_HST
| AH_DHCP_OPT
, 0, NULL
, 0);
1426 dhcp_update_configs(daemon
->dhcp_conf
);
1427 lease_update_from_configs();
1428 lease_update_file(now
);
1429 lease_update_dns(1);
1432 else if (daemon
->doing_ra
)
1433 /* Not doing DHCP, so no lease system, manage
1434 alarms for ra only */
1435 send_alarm(periodic_ra(now
), now
);
1440 static int set_dns_listeners(time_t now
, fd_set
*set
, int *maxfdp
)
1442 struct serverfd
*serverfdp
;
1443 struct listener
*listener
;
1448 struct tftp_transfer
*transfer
;
1449 for (transfer
= daemon
->tftp_trans
; transfer
; transfer
= transfer
->next
)
1452 FD_SET(transfer
->sockfd
, set
);
1453 bump_maxfd(transfer
->sockfd
, maxfdp
);
1457 /* will we be able to get memory? */
1458 if (daemon
->port
!= 0)
1459 get_new_frec(now
, &wait
, 0);
1461 for (serverfdp
= daemon
->sfds
; serverfdp
; serverfdp
= serverfdp
->next
)
1463 FD_SET(serverfdp
->fd
, set
);
1464 bump_maxfd(serverfdp
->fd
, maxfdp
);
1467 if (daemon
->port
!= 0 && !daemon
->osport
)
1468 for (i
= 0; i
< RANDOM_SOCKS
; i
++)
1469 if (daemon
->randomsocks
[i
].refcount
!= 0)
1471 FD_SET(daemon
->randomsocks
[i
].fd
, set
);
1472 bump_maxfd(daemon
->randomsocks
[i
].fd
, maxfdp
);
1475 for (listener
= daemon
->listeners
; listener
; listener
= listener
->next
)
1477 /* only listen for queries if we have resources */
1478 if (listener
->fd
!= -1 && wait
== 0)
1480 FD_SET(listener
->fd
, set
);
1481 bump_maxfd(listener
->fd
, maxfdp
);
1484 /* death of a child goes through the select loop, so
1485 we don't need to explicitly arrange to wake up here */
1486 if (listener
->tcpfd
!= -1)
1487 for (i
= 0; i
< MAX_PROCS
; i
++)
1488 if (daemon
->tcp_pids
[i
] == 0)
1490 FD_SET(listener
->tcpfd
, set
);
1491 bump_maxfd(listener
->tcpfd
, maxfdp
);
1496 if (tftp
<= daemon
->tftp_max
&& listener
->tftpfd
!= -1)
1498 FD_SET(listener
->tftpfd
, set
);
1499 bump_maxfd(listener
->tftpfd
, maxfdp
);
1508 static void check_dns_listeners(fd_set
*set
, time_t now
)
1510 struct serverfd
*serverfdp
;
1511 struct listener
*listener
;
1514 for (serverfdp
= daemon
->sfds
; serverfdp
; serverfdp
= serverfdp
->next
)
1515 if (FD_ISSET(serverfdp
->fd
, set
))
1516 reply_query(serverfdp
->fd
, serverfdp
->source_addr
.sa
.sa_family
, now
);
1518 if (daemon
->port
!= 0 && !daemon
->osport
)
1519 for (i
= 0; i
< RANDOM_SOCKS
; i
++)
1520 if (daemon
->randomsocks
[i
].refcount
!= 0 &&
1521 FD_ISSET(daemon
->randomsocks
[i
].fd
, set
))
1522 reply_query(daemon
->randomsocks
[i
].fd
, daemon
->randomsocks
[i
].family
, now
);
1524 for (listener
= daemon
->listeners
; listener
; listener
= listener
->next
)
1526 if (listener
->fd
!= -1 && FD_ISSET(listener
->fd
, set
))
1527 receive_query(listener
, now
);
1530 if (listener
->tftpfd
!= -1 && FD_ISSET(listener
->tftpfd
, set
))
1531 tftp_request(listener
, now
);
1534 if (listener
->tcpfd
!= -1 && FD_ISSET(listener
->tcpfd
, set
))
1536 int confd
, client_ok
= 1;
1537 struct irec
*iface
= NULL
;
1539 union mysockaddr tcp_addr
;
1540 socklen_t tcp_len
= sizeof(union mysockaddr
);
1542 while ((confd
= accept(listener
->tcpfd
, NULL
, NULL
)) == -1 && errno
== EINTR
);
1547 if (getsockname(confd
, (struct sockaddr
*)&tcp_addr
, &tcp_len
) == -1)
1549 while (retry_send(close(confd
)));
1553 /* Make sure that the interface list is up-to-date.
1555 We do this here as we may need the results below, and
1556 the DNS code needs them for --interface-name stuff.
1558 Multiple calls to enumerate_interfaces() per select loop are
1559 inhibited, so calls to it in the child process (which doesn't select())
1560 have no effect. This avoids two processes reading from the same
1561 netlink fd and screwing the pooch entirely.
1564 enumerate_interfaces(0);
1566 if (option_bool(OPT_NOWILD
))
1567 iface
= listener
->iface
; /* May be NULL */
1571 char intr_name
[IF_NAMESIZE
];
1573 /* if we can find the arrival interface, check it's one that's allowed */
1574 if ((if_index
= tcp_interface(confd
, tcp_addr
.sa
.sa_family
)) != 0 &&
1575 indextoname(listener
->tcpfd
, if_index
, intr_name
))
1577 struct all_addr addr
;
1578 addr
.addr
.addr4
= tcp_addr
.in
.sin_addr
;
1580 if (tcp_addr
.sa
.sa_family
== AF_INET6
)
1581 addr
.addr
.addr6
= tcp_addr
.in6
.sin6_addr
;
1584 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1585 if (iface
->index
== if_index
)
1588 if (!iface
&& !loopback_exception(listener
->tcpfd
, tcp_addr
.sa
.sa_family
, &addr
, intr_name
))
1592 if (option_bool(OPT_CLEVERBIND
))
1593 iface
= listener
->iface
; /* May be NULL */
1596 /* Check for allowed interfaces when binding the wildcard address:
1597 we do this by looking for an interface with the same address as
1598 the local address of the TCP connection, then looking to see if that's
1599 an allowed interface. As a side effect, we get the netmask of the
1600 interface too, for localisation. */
1602 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1603 if (sockaddr_isequal(&iface
->addr
, &tcp_addr
))
1613 shutdown(confd
, SHUT_RDWR
);
1614 while (retry_send(close(confd
)));
1617 else if (!option_bool(OPT_DEBUG
) && (p
= fork()) != 0)
1622 for (i
= 0; i
< MAX_PROCS
; i
++)
1623 if (daemon
->tcp_pids
[i
] == 0)
1625 daemon
->tcp_pids
[i
] = p
;
1629 while (retry_send(close(confd
)));
1631 /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
1632 daemon
->log_id
+= TCP_MAX_QUERIES
;
1637 unsigned char *buff
;
1640 struct in_addr netmask
;
1645 netmask
= iface
->netmask
;
1646 auth_dns
= iface
->dns_auth
;
1655 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1656 terminate the process. */
1657 if (!option_bool(OPT_DEBUG
))
1658 alarm(CHILD_LIFETIME
);
1661 /* start with no upstream connections. */
1662 for (s
= daemon
->servers
; s
; s
= s
->next
)
1665 /* The connected socket inherits non-blocking
1666 attribute from the listening socket.
1668 if ((flags
= fcntl(confd
, F_GETFL
, 0)) != -1)
1669 fcntl(confd
, F_SETFL
, flags
& ~O_NONBLOCK
);
1671 buff
= tcp_request(confd
, now
, &tcp_addr
, netmask
, auth_dns
);
1673 shutdown(confd
, SHUT_RDWR
);
1674 while (retry_send(close(confd
)));
1679 for (s
= daemon
->servers
; s
; s
= s
->next
)
1682 shutdown(s
->tcpfd
, SHUT_RDWR
);
1683 while (retry_send(close(s
->tcpfd
)));
1686 if (!option_bool(OPT_DEBUG
))
1698 int make_icmp_sock(void)
1703 if ((fd
= socket (AF_INET
, SOCK_RAW
, IPPROTO_ICMP
)) != -1)
1706 setsockopt(fd
, SOL_SOCKET
, SO_DONTROUTE
, &zeroopt
, sizeof(zeroopt
)) == -1)
1716 int icmp_ping(struct in_addr addr
)
1718 /* Try and get an ICMP echo from a machine. */
1720 /* Note that whilst in the three second wait, we check for
1721 (and service) events on the DNS and TFTP sockets, (so doing that
1722 better not use any resources our caller has in use...)
1723 but we remain deaf to signals or further DHCP packets. */
1726 struct sockaddr_in saddr
;
1731 unsigned short id
= rand16();
1736 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1737 if ((fd
= make_icmp_sock()) == -1)
1741 fd
= daemon
->dhcp_icmp_fd
;
1742 setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &opt
, sizeof(opt
));
1745 saddr
.sin_family
= AF_INET
;
1747 saddr
.sin_addr
= addr
;
1748 #ifdef HAVE_SOCKADDR_SA_LEN
1749 saddr
.sin_len
= sizeof(struct sockaddr_in
);
1752 memset(&packet
.icmp
, 0, sizeof(packet
.icmp
));
1753 packet
.icmp
.icmp_type
= ICMP_ECHO
;
1754 packet
.icmp
.icmp_id
= id
;
1755 for (j
= 0, i
= 0; i
< sizeof(struct icmp
) / 2; i
++)
1756 j
+= ((u16
*)&packet
.icmp
)[i
];
1758 j
= (j
& 0xffff) + (j
>> 16);
1759 packet
.icmp
.icmp_cksum
= (j
== 0xffff) ? j
: ~j
;
1761 while (retry_send(sendto(fd
, (char *)&packet
.icmp
, sizeof(struct icmp
), 0,
1762 (struct sockaddr
*)&saddr
, sizeof(saddr
))));
1764 for (now
= start
= dnsmasq_time();
1765 difftime(now
, start
) < (float)PING_WAIT
;)
1769 struct sockaddr_in faddr
;
1771 socklen_t len
= sizeof(faddr
);
1773 tv
.tv_usec
= 250000;
1779 set_dns_listeners(now
, &rset
, &maxfd
);
1780 set_log_writer(&wset
, &maxfd
);
1783 if (daemon
->doing_ra
)
1785 FD_SET(daemon
->icmp6fd
, &rset
);
1786 bump_maxfd(daemon
->icmp6fd
, &maxfd
);
1790 if (select(maxfd
+1, &rset
, &wset
, NULL
, &tv
) < 0)
1796 now
= dnsmasq_time();
1798 check_log_writer(&wset
);
1799 check_dns_listeners(&rset
, now
);
1802 if (daemon
->doing_ra
&& FD_ISSET(daemon
->icmp6fd
, &rset
))
1807 check_tftp_listeners(&rset
, now
);
1810 if (FD_ISSET(fd
, &rset
) &&
1811 recvfrom(fd
, &packet
, sizeof(packet
), 0,
1812 (struct sockaddr
*)&faddr
, &len
) == sizeof(packet
) &&
1813 saddr
.sin_addr
.s_addr
== faddr
.sin_addr
.s_addr
&&
1814 packet
.icmp
.icmp_type
== ICMP_ECHOREPLY
&&
1815 packet
.icmp
.icmp_seq
== 0 &&
1816 packet
.icmp
.icmp_id
== id
)
1823 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1824 while (retry_send(close(fd
)));
1827 setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &opt
, sizeof(opt
));