]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/dnsmasq.c
projects / people / ms / dnsmasq.git / blob
? search:


e6dabbf556f76e0c58f7e3d0ab875c3a82eab88e
[people/ms/dnsmasq.git] / src / dnsmasq.c
1 /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 /* Declare static char *compiler_opts in config.h */
18 #define DNSMASQ_COMPILE_OPTS
19
20 #include "dnsmasq.h"
21
22 struct daemon *daemon;
23
24 static volatile pid_t pid = 0;
25 static volatile int pipewrite;
26
27 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
28 static void check_dns_listeners(fd_set *set, time_t now);
29 static void sig_handler(int sig);
30 static void async_event(int pipe, time_t now);
31 static void fatal_event(struct event_desc *ev, char *msg);
32 static int read_event(int fd, struct event_desc *evp, char **msg);
33 static void poll_resolv(int force, int do_reload, time_t now);
34
35 int main (int argc, char **argv)
36 {
37 int bind_fallback = 0;
38 time_t now;
39 struct sigaction sigact;
40 struct iname *if_tmp;
41 int piperead, pipefd[2], err_pipe[2];
42 struct passwd *ent_pw = NULL;
43 #if defined(HAVE_SCRIPT)
44 uid_t script_uid = 0;
45 gid_t script_gid = 0;
46 #endif
47 struct group *gp = NULL;
48 long i, max_fd = sysconf(_SC_OPEN_MAX);
49 char *baduser = NULL;
50 int log_err;
51 #if defined(HAVE_LINUX_NETWORK)
52 cap_user_header_t hdr = NULL;
53 cap_user_data_t data = NULL;
54 char *bound_device = NULL;
55 int did_bind = 0;
56 #endif
57 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
58 struct dhcp_context *context;
59 struct dhcp_relay *relay;
60 #endif
61
62 #ifdef LOCALEDIR
63 setlocale(LC_ALL, "");
64 bindtextdomain("dnsmasq", LOCALEDIR);
65 textdomain("dnsmasq");
66 #endif
67
68 sigact.sa_handler = sig_handler;
69 sigact.sa_flags = 0;
70 sigemptyset(&sigact.sa_mask);
71 sigaction(SIGUSR1, &sigact, NULL);
72 sigaction(SIGUSR2, &sigact, NULL);
73 sigaction(SIGHUP, &sigact, NULL);
74 sigaction(SIGTERM, &sigact, NULL);
75 sigaction(SIGALRM, &sigact, NULL);
76 sigaction(SIGCHLD, &sigact, NULL);
77
78 /* ignore SIGPIPE */
79 sigact.sa_handler = SIG_IGN;
80 sigaction(SIGPIPE, &sigact, NULL);
81
82 umask(022); /* known umask, create leases and pid files as 0644 */
83
84 rand_init(); /* Must precede read_opts() */
85
86 read_opts(argc, argv, compile_opts);
87
88 if (daemon->edns_pktsz < PACKETSZ)
89 daemon->edns_pktsz = PACKETSZ;
90
91 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
92 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
93 daemon->packet = safe_malloc(daemon->packet_buff_sz);
94
95 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
96 if (option_bool(OPT_EXTRALOG))
97 daemon->addrbuff2 = safe_malloc(ADDRSTRLEN);
98
99 #ifdef HAVE_DNSSEC
100 if (option_bool(OPT_DNSSEC_VALID))
101 {
102 daemon->keyname = safe_malloc(MAXDNAME);
103 daemon->workspacename = safe_malloc(MAXDNAME);
104 }
105 #endif
106
107 #ifdef HAVE_DHCP
108 if (!daemon->lease_file)
109 {
110 if (daemon->dhcp || daemon->dhcp6)
111 daemon->lease_file = LEASEFILE;
112 }
113 #endif
114
115 /* Close any file descriptors we inherited apart from std{in|out|err}
116
117 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
118 otherwise file descriptors we create can end up being 0, 1, or 2
119 and then get accidentally closed later when we make 0, 1, and 2
120 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
121 but it's not guaranteed. By opening /dev/null three times, we
122 ensure that we're not using those fds for real stuff. */
123 for (i = 0; i < max_fd; i++)
124 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
125 close(i);
126 else
127 open("/dev/null", O_RDWR);
128
129 #ifndef HAVE_LINUX_NETWORK
130 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
131 if (!option_bool(OPT_NOWILD))
132 {
133 bind_fallback = 1;
134 set_option_bool(OPT_NOWILD);
135 }
136 # endif
137
138 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
139 if (option_bool(OPT_CLEVERBIND))
140 {
141 bind_fallback = 1;
142 set_option_bool(OPT_NOWILD);
143 reset_option_bool(OPT_CLEVERBIND);
144 }
145 #endif
146
147 #ifndef HAVE_INOTIFY
148 if (daemon->dynamic_dirs)
149 die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL, EC_BADCONF);
150 #endif
151
152 if (option_bool(OPT_DNSSEC_VALID))
153 {
154 #ifdef HAVE_DNSSEC
155 if (!daemon->ds)
156 die(_("No trust anchors provided for DNSSEC"), NULL, EC_BADCONF);
157
158 if (daemon->cachesize < CACHESIZ)
159 die(_("Cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
160 #else
161 die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
162 #endif
163 }
164
165 #ifndef HAVE_TFTP
166 if (option_bool(OPT_TFTP))
167 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
168 #endif
169
170 #ifdef HAVE_CONNTRACK
171 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
172 die (_("Cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
173 #else
174 if (option_bool(OPT_CONNTRACK))
175 die(_("Conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
176 #endif
177
178 #ifdef HAVE_SOLARIS_NETWORK
179 if (daemon->max_logs != 0)
180 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
181 #endif
182
183 #ifdef __ANDROID__
184 if (daemon->max_logs != 0)
185 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
186 #endif
187
188 #ifndef HAVE_AUTH
189 if (daemon->authserver)
190 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
191 #endif
192
193 #ifndef HAVE_LOOP
194 if (option_bool(OPT_LOOP_DETECT))
195 die(_("Loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF);
196 #endif
197
198 now = dnsmasq_time();
199
200 /* Create a serial at startup if not configured. */
201 if (daemon->authinterface && daemon->soa_sn == 0)
202 #ifdef HAVE_BROKEN_RTC
203 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
204 #else
205 daemon->soa_sn = now;
206 #endif
207
208 #ifdef HAVE_DHCP6
209 if (daemon->dhcp6)
210 {
211 daemon->doing_ra = option_bool(OPT_RA);
212
213 for (context = daemon->dhcp6; context; context = context->next)
214 {
215 if (context->flags & CONTEXT_DHCP)
216 daemon->doing_dhcp6 = 1;
217 if (context->flags & CONTEXT_RA)
218 daemon->doing_ra = 1;
219 #if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK)
220 if (context->flags & CONTEXT_TEMPLATE)
221 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
222 #endif
223 }
224 }
225 #endif
226
227 #ifdef HAVE_DHCP
228 /* Note that order matters here, we must call lease_init before
229 creating any file descriptors which shouldn't be leaked
230 to the lease-script init process. We need to call common_init
231 before lease_init to allocate buffers it uses.*/
232 if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6)
233 {
234 dhcp_common_init();
235 if (daemon->dhcp || daemon->doing_dhcp6)
236 lease_init(now);
237 }
238
239 if (daemon->dhcp || daemon->relay4)
240 dhcp_init();
241
242 # ifdef HAVE_DHCP6
243 if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6)
244 ra_init(now);
245
246 if (daemon->doing_dhcp6 || daemon->relay6)
247 dhcp6_init();
248 # endif
249
250 #endif
251
252 #ifdef HAVE_IPSET
253 if (daemon->ipsets)
254 ipset_init();
255 #endif
256
257 #if defined(HAVE_LINUX_NETWORK)
258 netlink_init();
259 #elif defined(HAVE_BSD_NETWORK)
260 route_init();
261 #endif
262
263 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
264 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
265
266 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
267 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
268
269 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
270 {
271 create_bound_listeners(1);
272
273 if (!option_bool(OPT_CLEVERBIND))
274 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
275 if (if_tmp->name && !if_tmp->used)
276 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
277
278 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
279 /* after enumerate_interfaces() */
280 bound_device = whichdevice();
281
282 if (daemon->dhcp)
283 {
284 if (!daemon->relay4 && bound_device)
285 {
286 bindtodevice(bound_device, daemon->dhcpfd);
287 did_bind = 1;
288 }
289 if (daemon->enable_pxe && bound_device)
290 {
291 bindtodevice(bound_device, daemon->pxefd);
292 did_bind = 1;
293 }
294 }
295 #endif
296
297 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
298 if (daemon->doing_dhcp6 && !daemon->relay6 && bound_device)
299 {
300 bindtodevice(bound_device, daemon->dhcp6fd);
301 did_bind = 1;
302 }
303 #endif
304 }
305 else
306 create_wildcard_listeners();
307
308 #ifdef HAVE_DHCP6
309 /* after enumerate_interfaces() */
310 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
311 join_multicast(1);
312
313 /* After netlink_init() and before create_helper() */
314 lease_make_duid(now);
315 #endif
316
317 if (daemon->port != 0)
318 {
319 cache_init();
320
321 #ifdef HAVE_DNSSEC
322 blockdata_init();
323 #endif
324 }
325
326 #ifdef HAVE_INOTIFY
327 if (daemon->port != 0 || daemon->dhcp || daemon->doing_dhcp6)
328 inotify_dnsmasq_init();
329 else
330 daemon->inotifyfd = -1;
331 #endif
332
333 if (option_bool(OPT_DBUS))
334 #ifdef HAVE_DBUS
335 {
336 char *err;
337 daemon->dbus = NULL;
338 daemon->watches = NULL;
339 if ((err = dbus_init()))
340 die(_("DBus error: %s"), err, EC_MISC);
341 }
342 #else
343 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
344 #endif
345
346 if (daemon->port != 0)
347 pre_allocate_sfds();
348
349 #if defined(HAVE_SCRIPT)
350 /* Note getpwnam returns static storage */
351 if ((daemon->dhcp || daemon->dhcp6) &&
352 daemon->scriptuser &&
353 (daemon->lease_change_command || daemon->luascript))
354 {
355 if ((ent_pw = getpwnam(daemon->scriptuser)))
356 {
357 script_uid = ent_pw->pw_uid;
358 script_gid = ent_pw->pw_gid;
359 }
360 else
361 baduser = daemon->scriptuser;
362 }
363 #endif
364
365 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
366 baduser = daemon->username;
367 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
368 baduser = daemon->groupname;
369
370 if (baduser)
371 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
372
373 /* implement group defaults, "dip" if available, or group associated with uid */
374 if (!daemon->group_set && !gp)
375 {
376 if (!(gp = getgrnam(CHGRP)) && ent_pw)
377 gp = getgrgid(ent_pw->pw_gid);
378
379 /* for error message */
380 if (gp)
381 daemon->groupname = gp->gr_name;
382 }
383
384 #if defined(HAVE_LINUX_NETWORK)
385 /* determine capability API version here, while we can still
386 call safe_malloc */
387 if (ent_pw && ent_pw->pw_uid != 0)
388 {
389 int capsize = 1; /* for header version 1 */
390 hdr = safe_malloc(sizeof(*hdr));
391
392 /* find version supported by kernel */
393 memset(hdr, 0, sizeof(*hdr));
394 capget(hdr, NULL);
395
396 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
397 {
398 /* if unknown version, use largest supported version (3) */
399 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
400 hdr->version = LINUX_CAPABILITY_VERSION_3;
401 capsize = 2;
402 }
403
404 data = safe_malloc(sizeof(*data) * capsize);
405 memset(data, 0, sizeof(*data) * capsize);
406 }
407 #endif
408
409 /* Use a pipe to carry signals and other events back to the event loop
410 in a race-free manner and another to carry errors to daemon-invoking process */
411 safe_pipe(pipefd, 1);
412
413 piperead = pipefd[0];
414 pipewrite = pipefd[1];
415 /* prime the pipe to load stuff first time. */
416 send_event(pipewrite, EVENT_INIT, 0, NULL);
417
418 err_pipe[1] = -1;
419
420 if (!option_bool(OPT_DEBUG))
421 {
422 /* The following code "daemonizes" the process.
423 See Stevens section 12.4 */
424
425 if (chdir("/") != 0)
426 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
427
428 #ifndef NO_FORK
429 if (!option_bool(OPT_NO_FORK))
430 {
431 pid_t pid;
432
433 /* pipe to carry errors back to original process.
434 When startup is complete we close this and the process terminates. */
435 safe_pipe(err_pipe, 0);
436
437 if ((pid = fork()) == -1)
438 /* fd == -1 since we've not forked, never returns. */
439 send_event(-1, EVENT_FORK_ERR, errno, NULL);
440
441 if (pid != 0)
442 {
443 struct event_desc ev;
444 char *msg;
445
446 /* close our copy of write-end */
447 close(err_pipe[1]);
448
449 /* check for errors after the fork */
450 if (read_event(err_pipe[0], &ev, &msg))
451 fatal_event(&ev, msg);
452
453 _exit(EC_GOOD);
454 }
455
456 close(err_pipe[0]);
457
458 /* NO calls to die() from here on. */
459
460 setsid();
461
462 if ((pid = fork()) == -1)
463 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
464
465 if (pid != 0)
466 _exit(0);
467 }
468 #endif
469
470 /* write pidfile _after_ forking ! */
471 if (daemon->runfile)
472 {
473 int fd, err = 0;
474
475 sprintf(daemon->namebuff, "%d\n", (int) getpid());
476
477 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
478 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
479 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
480 extent that an attacker running as the unprivileged user could replace the pidfile with a
481 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
482
483 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
484 ensuring that the open() fails should there be any existing file (because the unlink() failed,
485 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
486 attack can succeed.
487
488 Any compromise of the non-privileged user still theoretically allows the pid-file to be
489 replaced whilst dnsmasq is running. The worst that could allow is that the usual
490 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
491
492 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
493 failure to write the pid-file.
494 */
495
496 unlink(daemon->runfile);
497
498 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
499 {
500 /* only complain if started as root */
501 if (getuid() == 0)
502 err = 1;
503 }
504 else
505 {
506 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
507 err = 1;
508
509 while (!err && close(fd) == -1)
510 if (!retry_send())
511 err = 1;
512 }
513
514 if (err)
515 {
516 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
517 _exit(0);
518 }
519 }
520 }
521
522 log_err = log_start(ent_pw, err_pipe[1]);
523
524 if (!option_bool(OPT_DEBUG))
525 {
526 /* open stdout etc to /dev/null */
527 int nullfd = open("/dev/null", O_RDWR);
528 dup2(nullfd, STDOUT_FILENO);
529 dup2(nullfd, STDERR_FILENO);
530 dup2(nullfd, STDIN_FILENO);
531 close(nullfd);
532 }
533
534 /* if we are to run scripts, we need to fork a helper before dropping root. */
535 daemon->helperfd = -1;
536 #ifdef HAVE_SCRIPT
537 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
538 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
539 #endif
540
541 if (!option_bool(OPT_DEBUG) && getuid() == 0)
542 {
543 int bad_capabilities = 0;
544 gid_t dummy;
545
546 /* remove all supplimentary groups */
547 if (gp &&
548 (setgroups(0, &dummy) == -1 ||
549 setgid(gp->gr_gid) == -1))
550 {
551 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
552 _exit(0);
553 }
554
555 if (ent_pw && ent_pw->pw_uid != 0)
556 {
557 #if defined(HAVE_LINUX_NETWORK)
558 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
559 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
560 ports because of DAD, or we're doing it dynamically,
561 we need CAP_NET_BIND_SERVICE too. */
562 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
563 data->effective = data->permitted = data->inheritable =
564 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
565 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
566 else
567 data->effective = data->permitted = data->inheritable =
568 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
569
570 /* Tell kernel to not clear capabilities when dropping root */
571 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
572 bad_capabilities = errno;
573
574 #elif defined(HAVE_SOLARIS_NETWORK)
575 /* http://developers.sun.com/solaris/articles/program_privileges.html */
576 priv_set_t *priv_set;
577
578 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
579 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
580 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
581 bad_capabilities = errno;
582
583 if (priv_set && bad_capabilities == 0)
584 {
585 priv_inverse(priv_set);
586
587 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
588 bad_capabilities = errno;
589 }
590
591 if (priv_set)
592 priv_freeset(priv_set);
593
594 #endif
595
596 if (bad_capabilities != 0)
597 {
598 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
599 _exit(0);
600 }
601
602 /* finally drop root */
603 if (setuid(ent_pw->pw_uid) == -1)
604 {
605 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
606 _exit(0);
607 }
608
609 #ifdef HAVE_LINUX_NETWORK
610 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
611 data->effective = data->permitted =
612 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
613 else
614 data->effective = data->permitted =
615 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
616 data->inheritable = 0;
617
618 /* lose the setuid and setgid capbilities */
619 if (capset(hdr, data) == -1)
620 {
621 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
622 _exit(0);
623 }
624 #endif
625
626 }
627 }
628
629 #ifdef HAVE_LINUX_NETWORK
630 free(hdr);
631 free(data);
632 if (option_bool(OPT_DEBUG))
633 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
634 #endif
635
636 #ifdef HAVE_TFTP
637 if (option_bool(OPT_TFTP))
638 {
639 DIR *dir;
640 struct tftp_prefix *p;
641
642 if (daemon->tftp_prefix)
643 {
644 if (!((dir = opendir(daemon->tftp_prefix))))
645 {
646 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
647 _exit(0);
648 }
649 closedir(dir);
650 }
651
652 for (p = daemon->if_prefix; p; p = p->next)
653 {
654 if (!((dir = opendir(p->prefix))))
655 {
656 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
657 _exit(0);
658 }
659 closedir(dir);
660 }
661 }
662 #endif
663
664 if (daemon->port == 0)
665 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
666 else if (daemon->cachesize != 0)
667 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
668 else
669 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
670
671 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
672
673 #ifdef HAVE_DBUS
674 if (option_bool(OPT_DBUS))
675 {
676 if (daemon->dbus)
677 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
678 else
679 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
680 }
681 #endif
682
683 if (option_bool(OPT_LOCAL_SERVICE))
684 my_syslog(LOG_INFO, _("DNS service limited to local subnets"));
685
686 #ifdef HAVE_DNSSEC
687 if (option_bool(OPT_DNSSEC_VALID))
688 {
689 my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
690 if (option_bool(OPT_DNSSEC_TIME))
691 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
692 }
693 #endif
694
695 if (log_err != 0)
696 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
697 daemon->log_file, strerror(log_err));
698
699 if (bind_fallback)
700 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
701
702 if (option_bool(OPT_NOWILD))
703 warn_bound_listeners();
704
705 warn_int_names();
706
707 if (!option_bool(OPT_NOWILD))
708 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
709 if (if_tmp->name && !if_tmp->used)
710 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
711
712 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
713 {
714 if (daemon->resolv_files && !daemon->resolv_files->is_default)
715 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
716 daemon->resolv_files = NULL;
717 if (!daemon->servers)
718 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
719 }
720
721 if (daemon->max_logs != 0)
722 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
723
724
725 #ifdef HAVE_DHCP
726 for (context = daemon->dhcp; context; context = context->next)
727 log_context(AF_INET, context);
728
729 for (relay = daemon->relay4; relay; relay = relay->next)
730 log_relay(AF_INET, relay);
731
732 # ifdef HAVE_DHCP6
733 for (context = daemon->dhcp6; context; context = context->next)
734 log_context(AF_INET6, context);
735
736 for (relay = daemon->relay6; relay; relay = relay->next)
737 log_relay(AF_INET6, relay);
738
739 if (daemon->doing_dhcp6 || daemon->doing_ra)
740 dhcp_construct_contexts(now);
741
742 if (option_bool(OPT_RA))
743 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
744 # endif
745
746 # ifdef HAVE_LINUX_NETWORK
747 if (did_bind)
748 my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device);
749 # endif
750
751 /* after dhcp_contruct_contexts */
752 if (daemon->dhcp || daemon->doing_dhcp6)
753 lease_find_interfaces(now);
754 #endif
755
756 #ifdef HAVE_TFTP
757 if (option_bool(OPT_TFTP))
758 {
759 #ifdef FD_SETSIZE
760 if (FD_SETSIZE < (unsigned)max_fd)
761 max_fd = FD_SETSIZE;
762 #endif
763
764 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
765 daemon->tftp_prefix ? _("root is ") : _("enabled"),
766 daemon->tftp_prefix ? daemon->tftp_prefix: "",
767 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
768
769 /* This is a guess, it assumes that for small limits,
770 disjoint files might be served, but for large limits,
771 a single file will be sent to may clients (the file only needs
772 one fd). */
773
774 max_fd -= 30; /* use other than TFTP */
775
776 if (max_fd < 0)
777 max_fd = 5;
778 else if (max_fd < 100)
779 max_fd = max_fd/2;
780 else
781 max_fd = max_fd - 20;
782
783 /* if we have to use a limited range of ports,
784 that will limit the number of transfers */
785 if (daemon->start_tftp_port != 0 &&
786 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
787 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
788
789 if (daemon->tftp_max > max_fd)
790 {
791 daemon->tftp_max = max_fd;
792 my_syslog(MS_TFTP | LOG_WARNING,
793 _("restricting maximum simultaneous TFTP transfers to %d"),
794 daemon->tftp_max);
795 }
796 }
797 #endif
798
799 /* finished start-up - release original process */
800 if (err_pipe[1] != -1)
801 close(err_pipe[1]);
802
803 if (daemon->port != 0)
804 check_servers();
805
806 pid = getpid();
807
808 #ifdef HAVE_INOTIFY
809 /* Using inotify, have to select a resolv file at startup */
810 poll_resolv(1, 0, now);
811 #endif
812
813 while (1)
814 {
815 int maxfd = -1;
816 struct timeval t, *tp = NULL;
817 fd_set rset, wset, eset;
818
819 FD_ZERO(&rset);
820 FD_ZERO(&wset);
821 FD_ZERO(&eset);
822
823 /* if we are out of resources, find how long we have to wait
824 for some to come free, we'll loop around then and restart
825 listening for queries */
826 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
827 {
828 t.tv_usec = 0;
829 tp = &t;
830 }
831
832 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
833 if (daemon->tftp_trans ||
834 (option_bool(OPT_DBUS) && !daemon->dbus))
835 {
836 t.tv_sec = 0;
837 t.tv_usec = 250000;
838 tp = &t;
839 }
840 /* Wake every second whilst waiting for DAD to complete */
841 else if (is_dad_listeners())
842 {
843 t.tv_sec = 1;
844 t.tv_usec = 0;
845 tp = &t;
846 }
847
848 #ifdef HAVE_DBUS
849 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
850 #endif
851
852 #ifdef HAVE_DHCP
853 if (daemon->dhcp || daemon->relay4)
854 {
855 FD_SET(daemon->dhcpfd, &rset);
856 bump_maxfd(daemon->dhcpfd, &maxfd);
857 if (daemon->pxefd != -1)
858 {
859 FD_SET(daemon->pxefd, &rset);
860 bump_maxfd(daemon->pxefd, &maxfd);
861 }
862 }
863 #endif
864
865 #ifdef HAVE_DHCP6
866 if (daemon->doing_dhcp6 || daemon->relay6)
867 {
868 FD_SET(daemon->dhcp6fd, &rset);
869 bump_maxfd(daemon->dhcp6fd, &maxfd);
870 }
871
872 if (daemon->doing_ra)
873 {
874 FD_SET(daemon->icmp6fd, &rset);
875 bump_maxfd(daemon->icmp6fd, &maxfd);
876 }
877 #endif
878
879 #ifdef HAVE_INOTIFY
880 if (daemon->inotifyfd != -1)
881 {
882 FD_SET(daemon->inotifyfd, &rset);
883 bump_maxfd(daemon->inotifyfd, &maxfd);
884 }
885 #endif
886
887 #if defined(HAVE_LINUX_NETWORK)
888 FD_SET(daemon->netlinkfd, &rset);
889 bump_maxfd(daemon->netlinkfd, &maxfd);
890 #elif defined(HAVE_BSD_NETWORK)
891 FD_SET(daemon->routefd, &rset);
892 bump_maxfd(daemon->routefd, &maxfd);
893 #endif
894
895 FD_SET(piperead, &rset);
896 bump_maxfd(piperead, &maxfd);
897
898 #ifdef HAVE_DHCP
899 # ifdef HAVE_SCRIPT
900 while (helper_buf_empty() && do_script_run(now));
901
902 # ifdef HAVE_TFTP
903 while (helper_buf_empty() && do_tftp_script_run());
904 # endif
905
906 if (!helper_buf_empty())
907 {
908 FD_SET(daemon->helperfd, &wset);
909 bump_maxfd(daemon->helperfd, &maxfd);
910 }
911 # else
912 /* need this for other side-effects */
913 while (do_script_run(now));
914
915 # ifdef HAVE_TFTP
916 while (do_tftp_script_run());
917 # endif
918
919 # endif
920 #endif
921
922 /* must do this just before select(), when we know no
923 more calls to my_syslog() can occur */
924 set_log_writer(&wset, &maxfd);
925
926 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
927 {
928 /* otherwise undefined after error */
929 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
930 }
931
932 now = dnsmasq_time();
933
934 check_log_writer(&wset);
935
936 /* prime. */
937 enumerate_interfaces(1);
938
939 /* Check the interfaces to see if any have exited DAD state
940 and if so, bind the address. */
941 if (is_dad_listeners())
942 {
943 enumerate_interfaces(0);
944 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
945 create_bound_listeners(0);
946 warn_bound_listeners();
947 }
948
949 #if defined(HAVE_LINUX_NETWORK)
950 if (FD_ISSET(daemon->netlinkfd, &rset))
951 netlink_multicast();
952 #elif defined(HAVE_BSD_NETWORK)
953 if (FD_ISSET(daemon->routefd, &rset))
954 route_sock();
955 #endif
956
957 #ifdef HAVE_INOTIFY
958 if (daemon->inotifyfd != -1 && FD_ISSET(daemon->inotifyfd, &rset) && inotify_check(now))
959 {
960 if (daemon->port != 0 && !option_bool(OPT_NO_POLL))
961 poll_resolv(1, 1, now);
962 }
963 #else
964 /* Check for changes to resolv files once per second max. */
965 /* Don't go silent for long periods if the clock goes backwards. */
966 if (daemon->last_resolv == 0 ||
967 difftime(now, daemon->last_resolv) > 1.0 ||
968 difftime(now, daemon->last_resolv) < -1.0)
969 {
970 /* poll_resolv doesn't need to reload first time through, since
971 that's queued anyway. */
972
973 poll_resolv(0, daemon->last_resolv != 0, now);
974 daemon->last_resolv = now;
975 }
976 #endif
977
978 if (FD_ISSET(piperead, &rset))
979 async_event(piperead, now);
980
981 #ifdef HAVE_DBUS
982 /* if we didn't create a DBus connection, retry now. */
983 if (option_bool(OPT_DBUS) && !daemon->dbus)
984 {
985 char *err;
986 if ((err = dbus_init()))
987 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
988 if (daemon->dbus)
989 my_syslog(LOG_INFO, _("connected to system DBus"));
990 }
991 check_dbus_listeners(&rset, &wset, &eset);
992 #endif
993
994 check_dns_listeners(&rset, now);
995
996 #ifdef HAVE_TFTP
997 check_tftp_listeners(&rset, now);
998 #endif
999
1000 #ifdef HAVE_DHCP
1001 if (daemon->dhcp || daemon->relay4)
1002 {
1003 if (FD_ISSET(daemon->dhcpfd, &rset))
1004 dhcp_packet(now, 0);
1005 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
1006 dhcp_packet(now, 1);
1007 }
1008
1009 #ifdef HAVE_DHCP6
1010 if ((daemon->doing_dhcp6 || daemon->relay6) && FD_ISSET(daemon->dhcp6fd, &rset))
1011 dhcp6_packet(now);
1012
1013 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1014 icmp6_packet(now);
1015 #endif
1016
1017 # ifdef HAVE_SCRIPT
1018 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
1019 helper_write();
1020 # endif
1021 #endif
1022
1023 }
1024 }
1025
1026 static void sig_handler(int sig)
1027 {
1028 if (pid == 0)
1029 {
1030 /* ignore anything other than TERM during startup
1031 and in helper proc. (helper ignore TERM too) */
1032 if (sig == SIGTERM)
1033 exit(EC_MISC);
1034 }
1035 else if (pid != getpid())
1036 {
1037 /* alarm is used to kill TCP children after a fixed time. */
1038 if (sig == SIGALRM)
1039 _exit(0);
1040 }
1041 else
1042 {
1043 /* master process */
1044 int event, errsave = errno;
1045
1046 if (sig == SIGHUP)
1047 event = EVENT_RELOAD;
1048 else if (sig == SIGCHLD)
1049 event = EVENT_CHILD;
1050 else if (sig == SIGALRM)
1051 event = EVENT_ALARM;
1052 else if (sig == SIGTERM)
1053 event = EVENT_TERM;
1054 else if (sig == SIGUSR1)
1055 event = EVENT_DUMP;
1056 else if (sig == SIGUSR2)
1057 event = EVENT_REOPEN;
1058 else
1059 return;
1060
1061 send_event(pipewrite, event, 0, NULL);
1062 errno = errsave;
1063 }
1064 }
1065
1066 /* now == 0 -> queue immediate callback */
1067 void send_alarm(time_t event, time_t now)
1068 {
1069 if (now == 0 || event != 0)
1070 {
1071 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1072 if ((now == 0 || difftime(event, now) <= 0.0))
1073 send_event(pipewrite, EVENT_ALARM, 0, NULL);
1074 else
1075 alarm((unsigned)difftime(event, now));
1076 }
1077 }
1078
1079 void queue_event(int event)
1080 {
1081 send_event(pipewrite, event, 0, NULL);
1082 }
1083
1084 void send_event(int fd, int event, int data, char *msg)
1085 {
1086 struct event_desc ev;
1087 struct iovec iov[2];
1088
1089 ev.event = event;
1090 ev.data = data;
1091 ev.msg_sz = msg ? strlen(msg) : 0;
1092
1093 iov[0].iov_base = &ev;
1094 iov[0].iov_len = sizeof(ev);
1095 iov[1].iov_base = msg;
1096 iov[1].iov_len = ev.msg_sz;
1097
1098 /* error pipe, debug mode. */
1099 if (fd == -1)
1100 fatal_event(&ev, msg);
1101 else
1102 /* pipe is non-blocking and struct event_desc is smaller than
1103 PIPE_BUF, so this either fails or writes everything */
1104 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
1105 }
1106
1107 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1108 to describe fatal errors. */
1109 static int read_event(int fd, struct event_desc *evp, char **msg)
1110 {
1111 char *buf;
1112
1113 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1114 return 0;
1115
1116 *msg = NULL;
1117
1118 if (evp->msg_sz != 0 &&
1119 (buf = malloc(evp->msg_sz + 1)) &&
1120 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1121 {
1122 buf[evp->msg_sz] = 0;
1123 *msg = buf;
1124 }
1125
1126 return 1;
1127 }
1128
1129 static void fatal_event(struct event_desc *ev, char *msg)
1130 {
1131 errno = ev->data;
1132
1133 switch (ev->event)
1134 {
1135 case EVENT_DIE:
1136 exit(0);
1137
1138 case EVENT_FORK_ERR:
1139 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1140
1141 case EVENT_PIPE_ERR:
1142 die(_("failed to create helper: %s"), NULL, EC_MISC);
1143
1144 case EVENT_CAP_ERR:
1145 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1146
1147 case EVENT_USER_ERR:
1148 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1149
1150 case EVENT_GROUP_ERR:
1151 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1152
1153 case EVENT_PIDFILE:
1154 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1155
1156 case EVENT_LOG_ERR:
1157 die(_("cannot open log %s: %s"), msg, EC_FILE);
1158
1159 case EVENT_LUA_ERR:
1160 die(_("failed to load Lua script: %s"), msg, EC_MISC);
1161
1162 case EVENT_TFTP_ERR:
1163 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1164 }
1165 }
1166
1167 static void async_event(int pipe, time_t now)
1168 {
1169 pid_t p;
1170 struct event_desc ev;
1171 int i, check = 0;
1172 char *msg;
1173
1174 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1175 to describe fatal errors. */
1176
1177 if (read_event(pipe, &ev, &msg))
1178 switch (ev.event)
1179 {
1180 case EVENT_RELOAD:
1181 #ifdef HAVE_DNSSEC
1182 if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
1183 {
1184 my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
1185 reset_option_bool(OPT_DNSSEC_TIME);
1186 }
1187 #endif
1188 /* fall through */
1189
1190 case EVENT_INIT:
1191 clear_cache_and_reload(now);
1192
1193 if (daemon->port != 0)
1194 {
1195 if (daemon->resolv_files && option_bool(OPT_NO_POLL))
1196 {
1197 reload_servers(daemon->resolv_files->name);
1198 check = 1;
1199 }
1200
1201 if (daemon->servers_file)
1202 {
1203 read_servers_file();
1204 check = 1;
1205 }
1206
1207 if (check)
1208 check_servers();
1209 }
1210
1211 #ifdef HAVE_DHCP
1212 rerun_scripts();
1213 #endif
1214 break;
1215
1216 case EVENT_DUMP:
1217 if (daemon->port != 0)
1218 dump_cache(now);
1219 break;
1220
1221 case EVENT_ALARM:
1222 #ifdef HAVE_DHCP
1223 if (daemon->dhcp || daemon->doing_dhcp6)
1224 {
1225 lease_prune(NULL, now);
1226 lease_update_file(now);
1227 }
1228 #ifdef HAVE_DHCP6
1229 else if (daemon->doing_ra)
1230 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1231 send_alarm(periodic_ra(now), now);
1232 #endif
1233 #endif
1234 break;
1235
1236 case EVENT_CHILD:
1237 /* See Stevens 5.10 */
1238 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1239 if (p == -1)
1240 {
1241 if (errno != EINTR)
1242 break;
1243 }
1244 else
1245 for (i = 0 ; i < MAX_PROCS; i++)
1246 if (daemon->tcp_pids[i] == p)
1247 daemon->tcp_pids[i] = 0;
1248 break;
1249
1250 case EVENT_KILLED:
1251 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
1252 break;
1253
1254 case EVENT_EXITED:
1255 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
1256 break;
1257
1258 case EVENT_EXEC_ERR:
1259 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1260 daemon->lease_change_command, strerror(ev.data));
1261 break;
1262
1263 /* necessary for fatal errors in helper */
1264 case EVENT_USER_ERR:
1265 case EVENT_DIE:
1266 case EVENT_LUA_ERR:
1267 fatal_event(&ev, msg);
1268 break;
1269
1270 case EVENT_REOPEN:
1271 /* Note: this may leave TCP-handling processes with the old file still open.
1272 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1273 we leave them logging to the old file. */
1274 if (daemon->log_file != NULL)
1275 log_reopen(daemon->log_file);
1276 break;
1277
1278 case EVENT_NEWADDR:
1279 newaddress(now);
1280 break;
1281
1282 case EVENT_NEWROUTE:
1283 resend_query();
1284 /* Force re-reading resolv file right now, for luck. */
1285 poll_resolv(0, 1, now);
1286 break;
1287
1288 case EVENT_TERM:
1289 /* Knock all our children on the head. */
1290 for (i = 0; i < MAX_PROCS; i++)
1291 if (daemon->tcp_pids[i] != 0)
1292 kill(daemon->tcp_pids[i], SIGALRM);
1293
1294 #if defined(HAVE_SCRIPT)
1295 /* handle pending lease transitions */
1296 if (daemon->helperfd != -1)
1297 {
1298 /* block in writes until all done */
1299 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1300 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1301 do {
1302 helper_write();
1303 } while (!helper_buf_empty() || do_script_run(now));
1304 close(daemon->helperfd);
1305 }
1306 #endif
1307
1308 if (daemon->lease_stream)
1309 fclose(daemon->lease_stream);
1310
1311 if (daemon->runfile)
1312 unlink(daemon->runfile);
1313
1314 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1315 flush_log();
1316 exit(EC_GOOD);
1317 }
1318 }
1319
1320 static void poll_resolv(int force, int do_reload, time_t now)
1321 {
1322 struct resolvc *res, *latest;
1323 struct stat statbuf;
1324 time_t last_change = 0;
1325 /* There may be more than one possible file.
1326 Go through and find the one which changed _last_.
1327 Warn of any which can't be read. */
1328
1329 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
1330 return;
1331
1332 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1333 if (stat(res->name, &statbuf) == -1)
1334 {
1335 if (force)
1336 {
1337 res->mtime = 0;
1338 continue;
1339 }
1340
1341 if (!res->logged)
1342 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1343 res->logged = 1;
1344
1345 if (res->mtime != 0)
1346 {
1347 /* existing file evaporated, force selection of the latest
1348 file even if its mtime hasn't changed since we last looked */
1349 poll_resolv(1, do_reload, now);
1350 return;
1351 }
1352 }
1353 else
1354 {
1355 res->logged = 0;
1356 if (force || (statbuf.st_mtime != res->mtime))
1357 {
1358 res->mtime = statbuf.st_mtime;
1359 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1360 {
1361 last_change = statbuf.st_mtime;
1362 latest = res;
1363 }
1364 }
1365 }
1366
1367 if (latest)
1368 {
1369 static int warned = 0;
1370 if (reload_servers(latest->name))
1371 {
1372 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1373 warned = 0;
1374 check_servers();
1375 if (option_bool(OPT_RELOAD) && do_reload)
1376 clear_cache_and_reload(now);
1377 }
1378 else
1379 {
1380 latest->mtime = 0;
1381 if (!warned)
1382 {
1383 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1384 warned = 1;
1385 }
1386 }
1387 }
1388 }
1389
1390 void clear_cache_and_reload(time_t now)
1391 {
1392 (void)now;
1393
1394 if (daemon->port != 0)
1395 cache_reload();
1396
1397 #ifdef HAVE_DHCP
1398 if (daemon->dhcp || daemon->doing_dhcp6)
1399 {
1400 if (option_bool(OPT_ETHERS))
1401 dhcp_read_ethers();
1402 reread_dhcp();
1403 #ifdef HAVE_INOTIFY
1404 set_dynamic_inotify(AH_DHCP_HST | AH_DHCP_OPT, 0, NULL, 0);
1405 #endif
1406 dhcp_update_configs(daemon->dhcp_conf);
1407 lease_update_from_configs();
1408 lease_update_file(now);
1409 lease_update_dns(1);
1410 }
1411 #ifdef HAVE_DHCP6
1412 else if (daemon->doing_ra)
1413 /* Not doing DHCP, so no lease system, manage
1414 alarms for ra only */
1415 send_alarm(periodic_ra(now), now);
1416 #endif
1417 #endif
1418 }
1419
1420 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1421 {
1422 struct serverfd *serverfdp;
1423 struct listener *listener;
1424 int wait = 0, i;
1425
1426 #ifdef HAVE_TFTP
1427 int tftp = 0;
1428 struct tftp_transfer *transfer;
1429 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1430 {
1431 tftp++;
1432 FD_SET(transfer->sockfd, set);
1433 bump_maxfd(transfer->sockfd, maxfdp);
1434 }
1435 #endif
1436
1437 /* will we be able to get memory? */
1438 if (daemon->port != 0)
1439 get_new_frec(now, &wait, 0);
1440
1441 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1442 {
1443 FD_SET(serverfdp->fd, set);
1444 bump_maxfd(serverfdp->fd, maxfdp);
1445 }
1446
1447 if (daemon->port != 0 && !daemon->osport)
1448 for (i = 0; i < RANDOM_SOCKS; i++)
1449 if (daemon->randomsocks[i].refcount != 0)
1450 {
1451 FD_SET(daemon->randomsocks[i].fd, set);
1452 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1453 }
1454
1455 for (listener = daemon->listeners; listener; listener = listener->next)
1456 {
1457 /* only listen for queries if we have resources */
1458 if (listener->fd != -1 && wait == 0)
1459 {
1460 FD_SET(listener->fd, set);
1461 bump_maxfd(listener->fd, maxfdp);
1462 }
1463
1464 /* death of a child goes through the select loop, so
1465 we don't need to explicitly arrange to wake up here */
1466 if (listener->tcpfd != -1)
1467 for (i = 0; i < MAX_PROCS; i++)
1468 if (daemon->tcp_pids[i] == 0)
1469 {
1470 FD_SET(listener->tcpfd, set);
1471 bump_maxfd(listener->tcpfd, maxfdp);
1472 break;
1473 }
1474
1475 #ifdef HAVE_TFTP
1476 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1477 {
1478 FD_SET(listener->tftpfd, set);
1479 bump_maxfd(listener->tftpfd, maxfdp);
1480 }
1481 #endif
1482
1483 }
1484
1485 return wait;
1486 }
1487
1488 static void check_dns_listeners(fd_set *set, time_t now)
1489 {
1490 struct serverfd *serverfdp;
1491 struct listener *listener;
1492 int i;
1493
1494 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1495 if (FD_ISSET(serverfdp->fd, set))
1496 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1497
1498 if (daemon->port != 0 && !daemon->osport)
1499 for (i = 0; i < RANDOM_SOCKS; i++)
1500 if (daemon->randomsocks[i].refcount != 0 &&
1501 FD_ISSET(daemon->randomsocks[i].fd, set))
1502 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1503
1504 for (listener = daemon->listeners; listener; listener = listener->next)
1505 {
1506 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1507 receive_query(listener, now);
1508
1509 #ifdef HAVE_TFTP
1510 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1511 tftp_request(listener, now);
1512 #endif
1513
1514 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1515 {
1516 int confd, client_ok = 1;
1517 struct irec *iface = NULL;
1518 pid_t p;
1519 union mysockaddr tcp_addr;
1520 socklen_t tcp_len = sizeof(union mysockaddr);
1521
1522 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1523
1524 if (confd == -1)
1525 continue;
1526
1527 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1528 {
1529 close(confd);
1530 continue;
1531 }
1532
1533 /* Make sure that the interface list is up-to-date.
1534
1535 We do this here as we may need the results below, and
1536 the DNS code needs them for --interface-name stuff.
1537
1538 Multiple calls to enumerate_interfaces() per select loop are
1539 inhibited, so calls to it in the child process (which doesn't select())
1540 have no effect. This avoids two processes reading from the same
1541 netlink fd and screwing the pooch entirely.
1542 */
1543
1544 enumerate_interfaces(0);
1545
1546 if (option_bool(OPT_NOWILD))
1547 iface = listener->iface; /* May be NULL */
1548 else
1549 {
1550 int if_index;
1551 char intr_name[IF_NAMESIZE];
1552
1553 /* if we can find the arrival interface, check it's one that's allowed */
1554 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1555 indextoname(listener->tcpfd, if_index, intr_name))
1556 {
1557 struct all_addr addr;
1558 addr.addr.addr4 = tcp_addr.in.sin_addr;
1559 #ifdef HAVE_IPV6
1560 if (tcp_addr.sa.sa_family == AF_INET6)
1561 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
1562 #endif
1563
1564 for (iface = daemon->interfaces; iface; iface = iface->next)
1565 if (iface->index == if_index)
1566 break;
1567
1568 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1569 client_ok = 0;
1570 }
1571
1572 if (option_bool(OPT_CLEVERBIND))
1573 iface = listener->iface; /* May be NULL */
1574 else
1575 {
1576 /* Check for allowed interfaces when binding the wildcard address:
1577 we do this by looking for an interface with the same address as
1578 the local address of the TCP connection, then looking to see if that's
1579 an allowed interface. As a side effect, we get the netmask of the
1580 interface too, for localisation. */
1581
1582 for (iface = daemon->interfaces; iface; iface = iface->next)
1583 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1584 break;
1585
1586 if (!iface)
1587 client_ok = 0;
1588 }
1589 }
1590
1591 if (!client_ok)
1592 {
1593 shutdown(confd, SHUT_RDWR);
1594 close(confd);
1595 }
1596 #ifndef NO_FORK
1597 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
1598 {
1599 if (p != -1)
1600 {
1601 int i;
1602 for (i = 0; i < MAX_PROCS; i++)
1603 if (daemon->tcp_pids[i] == 0)
1604 {
1605 daemon->tcp_pids[i] = p;
1606 break;
1607 }
1608 }
1609 close(confd);
1610
1611 /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
1612 daemon->log_id += TCP_MAX_QUERIES;
1613 }
1614 #endif
1615 else
1616 {
1617 unsigned char *buff;
1618 struct server *s;
1619 int flags;
1620 struct in_addr netmask;
1621 int auth_dns;
1622
1623 if (iface)
1624 {
1625 netmask = iface->netmask;
1626 auth_dns = iface->dns_auth;
1627 }
1628 else
1629 {
1630 netmask.s_addr = 0;
1631 auth_dns = 0;
1632 }
1633
1634 #ifndef NO_FORK
1635 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1636 terminate the process. */
1637 if (!option_bool(OPT_DEBUG))
1638 alarm(CHILD_LIFETIME);
1639 #endif
1640
1641 /* start with no upstream connections. */
1642 for (s = daemon->servers; s; s = s->next)
1643 s->tcpfd = -1;
1644
1645 /* The connected socket inherits non-blocking
1646 attribute from the listening socket.
1647 Reset that here. */
1648 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1649 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1650
1651 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
1652
1653 shutdown(confd, SHUT_RDWR);
1654 close(confd);
1655
1656 if (buff)
1657 free(buff);
1658
1659 for (s = daemon->servers; s; s = s->next)
1660 if (s->tcpfd != -1)
1661 {
1662 shutdown(s->tcpfd, SHUT_RDWR);
1663 close(s->tcpfd);
1664 }
1665 #ifndef NO_FORK
1666 if (!option_bool(OPT_DEBUG))
1667 {
1668 flush_log();
1669 _exit(0);
1670 }
1671 #endif
1672 }
1673 }
1674 }
1675 }
1676
1677 #ifdef HAVE_DHCP
1678 int make_icmp_sock(void)
1679 {
1680 int fd;
1681 int zeroopt = 0;
1682
1683 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1684 {
1685 if (!fix_fd(fd) ||
1686 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1687 {
1688 close(fd);
1689 fd = -1;
1690 }
1691 }
1692
1693 return fd;
1694 }
1695
1696 int icmp_ping(struct in_addr addr)
1697 {
1698 /* Try and get an ICMP echo from a machine. */
1699
1700 /* Note that whilst in the three second wait, we check for
1701 (and service) events on the DNS and TFTP sockets, (so doing that
1702 better not use any resources our caller has in use...)
1703 but we remain deaf to signals or further DHCP packets. */
1704
1705 int fd;
1706 struct sockaddr_in saddr;
1707 struct {
1708 struct ip ip;
1709 struct icmp icmp;
1710 } packet;
1711 unsigned short id = rand16();
1712 unsigned int i, j;
1713 int gotreply = 0;
1714 time_t start, now;
1715
1716 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1717 if ((fd = make_icmp_sock()) == -1)
1718 return 0;
1719 #else
1720 int opt = 2000;
1721 fd = daemon->dhcp_icmp_fd;
1722 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1723 #endif
1724
1725 saddr.sin_family = AF_INET;
1726 saddr.sin_port = 0;
1727 saddr.sin_addr = addr;
1728 #ifdef HAVE_SOCKADDR_SA_LEN
1729 saddr.sin_len = sizeof(struct sockaddr_in);
1730 #endif
1731
1732 memset(&packet.icmp, 0, sizeof(packet.icmp));
1733 packet.icmp.icmp_type = ICMP_ECHO;
1734 packet.icmp.icmp_id = id;
1735 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1736 j += ((u16 *)&packet.icmp)[i];
1737 while (j>>16)
1738 j = (j & 0xffff) + (j >> 16);
1739 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1740
1741 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1742 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1743 retry_send());
1744
1745 for (now = start = dnsmasq_time();
1746 difftime(now, start) < (float)PING_WAIT;)
1747 {
1748 struct timeval tv;
1749 fd_set rset, wset;
1750 struct sockaddr_in faddr;
1751 int maxfd = fd;
1752 socklen_t len = sizeof(faddr);
1753
1754 tv.tv_usec = 250000;
1755 tv.tv_sec = 0;
1756
1757 FD_ZERO(&rset);
1758 FD_ZERO(&wset);
1759 FD_SET(fd, &rset);
1760 set_dns_listeners(now, &rset, &maxfd);
1761 set_log_writer(&wset, &maxfd);
1762
1763 #ifdef HAVE_DHCP6
1764 if (daemon->doing_ra)
1765 {
1766 FD_SET(daemon->icmp6fd, &rset);
1767 bump_maxfd(daemon->icmp6fd, &maxfd);
1768 }
1769 #endif
1770
1771 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1772 {
1773 FD_ZERO(&rset);
1774 FD_ZERO(&wset);
1775 }
1776
1777 now = dnsmasq_time();
1778
1779 check_log_writer(&wset);
1780 check_dns_listeners(&rset, now);
1781
1782 #ifdef HAVE_DHCP6
1783 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1784 icmp6_packet(now);
1785 #endif
1786
1787 #ifdef HAVE_TFTP
1788 check_tftp_listeners(&rset, now);
1789 #endif
1790
1791 if (FD_ISSET(fd, &rset) &&
1792 recvfrom(fd, &packet, sizeof(packet), 0,
1793 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1794 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1795 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1796 packet.icmp.icmp_seq == 0 &&
1797 packet.icmp.icmp_id == id)
1798 {
1799 gotreply = 1;
1800 break;
1801 }
1802 }
1803
1804 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1805 close(fd);
1806 #else
1807 opt = 1;
1808 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1809 #endif
1810
1811 return gotreply;
1812 }
1813 #endif
1814
1815
Michael's tree of dnsmasq.