]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/dnsmasq.c
projects / people / ms / dnsmasq.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
add --tftp-no-fail to ignore missing tftp root
[people/ms/dnsmasq.git] / src / dnsmasq.c
1 /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 /* Declare static char *compiler_opts in config.h */
18 #define DNSMASQ_COMPILE_OPTS
19
20 #include "dnsmasq.h"
21
22 struct daemon *daemon;
23
24 static volatile pid_t pid = 0;
25 static volatile int pipewrite;
26
27 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
28 static void check_dns_listeners(fd_set *set, time_t now);
29 static void sig_handler(int sig);
30 static void async_event(int pipe, time_t now);
31 static void fatal_event(struct event_desc *ev, char *msg);
32 static int read_event(int fd, struct event_desc *evp, char **msg);
33 static void poll_resolv(int force, int do_reload, time_t now);
34
35 int main (int argc, char **argv)
36 {
37 int bind_fallback = 0;
38 time_t now;
39 struct sigaction sigact;
40 struct iname *if_tmp;
41 int piperead, pipefd[2], err_pipe[2];
42 struct passwd *ent_pw = NULL;
43 #if defined(HAVE_SCRIPT)
44 uid_t script_uid = 0;
45 gid_t script_gid = 0;
46 #endif
47 struct group *gp = NULL;
48 long i, max_fd = sysconf(_SC_OPEN_MAX);
49 char *baduser = NULL;
50 int log_err;
51 #if defined(HAVE_LINUX_NETWORK)
52 cap_user_header_t hdr = NULL;
53 cap_user_data_t data = NULL;
54 char *bound_device = NULL;
55 int did_bind = 0;
56 #endif
57 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
58 struct dhcp_context *context;
59 struct dhcp_relay *relay;
60 #endif
61 #ifdef HAVE_TFTP
62 int tftp_prefix_missing = 0;
63 #endif
64
65 #ifdef LOCALEDIR
66 setlocale(LC_ALL, "");
67 bindtextdomain("dnsmasq", LOCALEDIR);
68 textdomain("dnsmasq");
69 #endif
70
71 sigact.sa_handler = sig_handler;
72 sigact.sa_flags = 0;
73 sigemptyset(&sigact.sa_mask);
74 sigaction(SIGUSR1, &sigact, NULL);
75 sigaction(SIGUSR2, &sigact, NULL);
76 sigaction(SIGHUP, &sigact, NULL);
77 sigaction(SIGTERM, &sigact, NULL);
78 sigaction(SIGALRM, &sigact, NULL);
79 sigaction(SIGCHLD, &sigact, NULL);
80
81 /* ignore SIGPIPE */
82 sigact.sa_handler = SIG_IGN;
83 sigaction(SIGPIPE, &sigact, NULL);
84
85 umask(022); /* known umask, create leases and pid files as 0644 */
86
87 rand_init(); /* Must precede read_opts() */
88
89 read_opts(argc, argv, compile_opts);
90
91 if (daemon->edns_pktsz < PACKETSZ)
92 daemon->edns_pktsz = PACKETSZ;
93
94 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
95 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
96 daemon->packet = safe_malloc(daemon->packet_buff_sz);
97
98 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
99 if (option_bool(OPT_EXTRALOG))
100 daemon->addrbuff2 = safe_malloc(ADDRSTRLEN);
101
102 #ifdef HAVE_DNSSEC
103 if (option_bool(OPT_DNSSEC_VALID))
104 {
105 daemon->keyname = safe_malloc(MAXDNAME);
106 daemon->workspacename = safe_malloc(MAXDNAME);
107 }
108 #endif
109
110 #ifdef HAVE_DHCP
111 if (!daemon->lease_file)
112 {
113 if (daemon->dhcp || daemon->dhcp6)
114 daemon->lease_file = LEASEFILE;
115 }
116 #endif
117
118 /* Close any file descriptors we inherited apart from std{in|out|err}
119
120 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
121 otherwise file descriptors we create can end up being 0, 1, or 2
122 and then get accidentally closed later when we make 0, 1, and 2
123 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
124 but it's not guaranteed. By opening /dev/null three times, we
125 ensure that we're not using those fds for real stuff. */
126 for (i = 0; i < max_fd; i++)
127 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
128 close(i);
129 else
130 open("/dev/null", O_RDWR);
131
132 #ifndef HAVE_LINUX_NETWORK
133 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
134 if (!option_bool(OPT_NOWILD))
135 {
136 bind_fallback = 1;
137 set_option_bool(OPT_NOWILD);
138 }
139 # endif
140
141 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
142 if (option_bool(OPT_CLEVERBIND))
143 {
144 bind_fallback = 1;
145 set_option_bool(OPT_NOWILD);
146 reset_option_bool(OPT_CLEVERBIND);
147 }
148 #endif
149
150 #ifndef HAVE_INOTIFY
151 if (daemon->dynamic_dirs)
152 die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL, EC_BADCONF);
153 #endif
154
155 if (option_bool(OPT_DNSSEC_VALID))
156 {
157 #ifdef HAVE_DNSSEC
158 if (!daemon->ds)
159 die(_("no trust anchors provided for DNSSEC"), NULL, EC_BADCONF);
160
161 if (daemon->cachesize < CACHESIZ)
162 die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
163 #else
164 die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
165 #endif
166 }
167
168 #ifndef HAVE_TFTP
169 if (option_bool(OPT_TFTP))
170 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
171 #endif
172
173 #ifdef HAVE_CONNTRACK
174 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
175 die (_("cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
176 #else
177 if (option_bool(OPT_CONNTRACK))
178 die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
179 #endif
180
181 #ifdef HAVE_SOLARIS_NETWORK
182 if (daemon->max_logs != 0)
183 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
184 #endif
185
186 #ifdef __ANDROID__
187 if (daemon->max_logs != 0)
188 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
189 #endif
190
191 #ifndef HAVE_AUTH
192 if (daemon->authserver)
193 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
194 #endif
195
196 #ifndef HAVE_LOOP
197 if (option_bool(OPT_LOOP_DETECT))
198 die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF);
199 #endif
200
201 now = dnsmasq_time();
202
203 /* Create a serial at startup if not configured. */
204 if (daemon->authinterface && daemon->soa_sn == 0)
205 #ifdef HAVE_BROKEN_RTC
206 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
207 #else
208 daemon->soa_sn = now;
209 #endif
210
211 #ifdef HAVE_DHCP6
212 if (daemon->dhcp6)
213 {
214 daemon->doing_ra = option_bool(OPT_RA);
215
216 for (context = daemon->dhcp6; context; context = context->next)
217 {
218 if (context->flags & CONTEXT_DHCP)
219 daemon->doing_dhcp6 = 1;
220 if (context->flags & CONTEXT_RA)
221 daemon->doing_ra = 1;
222 #if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK)
223 if (context->flags & CONTEXT_TEMPLATE)
224 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
225 #endif
226 }
227 }
228 #endif
229
230 #ifdef HAVE_DHCP
231 /* Note that order matters here, we must call lease_init before
232 creating any file descriptors which shouldn't be leaked
233 to the lease-script init process. We need to call common_init
234 before lease_init to allocate buffers it uses.*/
235 if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6)
236 {
237 dhcp_common_init();
238 if (daemon->dhcp || daemon->doing_dhcp6)
239 lease_init(now);
240 }
241
242 if (daemon->dhcp || daemon->relay4)
243 dhcp_init();
244
245 # ifdef HAVE_DHCP6
246 if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6)
247 ra_init(now);
248
249 if (daemon->doing_dhcp6 || daemon->relay6)
250 dhcp6_init();
251 # endif
252
253 #endif
254
255 #ifdef HAVE_IPSET
256 if (daemon->ipsets)
257 ipset_init();
258 #endif
259
260 #if defined(HAVE_LINUX_NETWORK)
261 netlink_init();
262 #elif defined(HAVE_BSD_NETWORK)
263 route_init();
264 #endif
265
266 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
267 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
268
269 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
270 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
271
272 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
273 {
274 create_bound_listeners(1);
275
276 if (!option_bool(OPT_CLEVERBIND))
277 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
278 if (if_tmp->name && !if_tmp->used)
279 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
280
281 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
282 /* after enumerate_interfaces() */
283 bound_device = whichdevice();
284
285 if (daemon->dhcp)
286 {
287 if (!daemon->relay4 && bound_device)
288 {
289 bindtodevice(bound_device, daemon->dhcpfd);
290 did_bind = 1;
291 }
292 if (daemon->enable_pxe && bound_device)
293 {
294 bindtodevice(bound_device, daemon->pxefd);
295 did_bind = 1;
296 }
297 }
298 #endif
299
300 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
301 if (daemon->doing_dhcp6 && !daemon->relay6 && bound_device)
302 {
303 bindtodevice(bound_device, daemon->dhcp6fd);
304 did_bind = 1;
305 }
306 #endif
307 }
308 else
309 create_wildcard_listeners();
310
311 #ifdef HAVE_DHCP6
312 /* after enumerate_interfaces() */
313 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
314 join_multicast(1);
315
316 /* After netlink_init() and before create_helper() */
317 lease_make_duid(now);
318 #endif
319
320 if (daemon->port != 0)
321 {
322 cache_init();
323
324 #ifdef HAVE_DNSSEC
325 blockdata_init();
326 #endif
327 }
328
329 #ifdef HAVE_INOTIFY
330 if (daemon->port != 0 || daemon->dhcp || daemon->doing_dhcp6)
331 inotify_dnsmasq_init();
332 else
333 daemon->inotifyfd = -1;
334 #endif
335
336 if (option_bool(OPT_DBUS))
337 #ifdef HAVE_DBUS
338 {
339 char *err;
340 daemon->dbus = NULL;
341 daemon->watches = NULL;
342 if ((err = dbus_init()))
343 die(_("DBus error: %s"), err, EC_MISC);
344 }
345 #else
346 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
347 #endif
348
349 if (daemon->port != 0)
350 pre_allocate_sfds();
351
352 #if defined(HAVE_SCRIPT)
353 /* Note getpwnam returns static storage */
354 if ((daemon->dhcp || daemon->dhcp6) &&
355 daemon->scriptuser &&
356 (daemon->lease_change_command || daemon->luascript))
357 {
358 if ((ent_pw = getpwnam(daemon->scriptuser)))
359 {
360 script_uid = ent_pw->pw_uid;
361 script_gid = ent_pw->pw_gid;
362 }
363 else
364 baduser = daemon->scriptuser;
365 }
366 #endif
367
368 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
369 baduser = daemon->username;
370 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
371 baduser = daemon->groupname;
372
373 if (baduser)
374 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
375
376 /* implement group defaults, "dip" if available, or group associated with uid */
377 if (!daemon->group_set && !gp)
378 {
379 if (!(gp = getgrnam(CHGRP)) && ent_pw)
380 gp = getgrgid(ent_pw->pw_gid);
381
382 /* for error message */
383 if (gp)
384 daemon->groupname = gp->gr_name;
385 }
386
387 #if defined(HAVE_LINUX_NETWORK)
388 /* determine capability API version here, while we can still
389 call safe_malloc */
390 if (ent_pw && ent_pw->pw_uid != 0)
391 {
392 int capsize = 1; /* for header version 1 */
393 hdr = safe_malloc(sizeof(*hdr));
394
395 /* find version supported by kernel */
396 memset(hdr, 0, sizeof(*hdr));
397 capget(hdr, NULL);
398
399 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
400 {
401 /* if unknown version, use largest supported version (3) */
402 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
403 hdr->version = LINUX_CAPABILITY_VERSION_3;
404 capsize = 2;
405 }
406
407 data = safe_malloc(sizeof(*data) * capsize);
408 memset(data, 0, sizeof(*data) * capsize);
409 }
410 #endif
411
412 /* Use a pipe to carry signals and other events back to the event loop
413 in a race-free manner and another to carry errors to daemon-invoking process */
414 safe_pipe(pipefd, 1);
415
416 piperead = pipefd[0];
417 pipewrite = pipefd[1];
418 /* prime the pipe to load stuff first time. */
419 send_event(pipewrite, EVENT_INIT, 0, NULL);
420
421 err_pipe[1] = -1;
422
423 if (!option_bool(OPT_DEBUG))
424 {
425 /* The following code "daemonizes" the process.
426 See Stevens section 12.4 */
427
428 if (chdir("/") != 0)
429 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
430
431 #ifndef NO_FORK
432 if (!option_bool(OPT_NO_FORK))
433 {
434 pid_t pid;
435
436 /* pipe to carry errors back to original process.
437 When startup is complete we close this and the process terminates. */
438 safe_pipe(err_pipe, 0);
439
440 if ((pid = fork()) == -1)
441 /* fd == -1 since we've not forked, never returns. */
442 send_event(-1, EVENT_FORK_ERR, errno, NULL);
443
444 if (pid != 0)
445 {
446 struct event_desc ev;
447 char *msg;
448
449 /* close our copy of write-end */
450 while (retry_send(close(err_pipe[1])));
451
452 /* check for errors after the fork */
453 if (read_event(err_pipe[0], &ev, &msg))
454 fatal_event(&ev, msg);
455
456 _exit(EC_GOOD);
457 }
458
459 while (retry_send(close(err_pipe[0])));
460
461 /* NO calls to die() from here on. */
462
463 setsid();
464
465 if ((pid = fork()) == -1)
466 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
467
468 if (pid != 0)
469 _exit(0);
470 }
471 #endif
472
473 /* write pidfile _after_ forking ! */
474 if (daemon->runfile)
475 {
476 int fd, err = 0;
477
478 sprintf(daemon->namebuff, "%d\n", (int) getpid());
479
480 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
481 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
482 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
483 extent that an attacker running as the unprivileged user could replace the pidfile with a
484 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
485
486 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
487 ensuring that the open() fails should there be any existing file (because the unlink() failed,
488 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
489 attack can succeed.
490
491 Any compromise of the non-privileged user still theoretically allows the pid-file to be
492 replaced whilst dnsmasq is running. The worst that could allow is that the usual
493 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
494
495 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
496 failure to write the pid-file.
497 */
498
499 unlink(daemon->runfile);
500
501 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
502 {
503 /* only complain if started as root */
504 if (getuid() == 0)
505 err = 1;
506 }
507 else
508 {
509 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
510 err = 1;
511 else
512 {
513 while (retry_send(close(fd)));
514 if (errno != 0)
515 err = 1;
516 }
517 }
518
519 if (err)
520 {
521 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
522 _exit(0);
523 }
524 }
525 }
526
527 log_err = log_start(ent_pw, err_pipe[1]);
528
529 if (!option_bool(OPT_DEBUG))
530 {
531 /* open stdout etc to /dev/null */
532 int nullfd = open("/dev/null", O_RDWR);
533 dup2(nullfd, STDOUT_FILENO);
534 dup2(nullfd, STDERR_FILENO);
535 dup2(nullfd, STDIN_FILENO);
536 close(nullfd);
537 }
538
539 /* if we are to run scripts, we need to fork a helper before dropping root. */
540 daemon->helperfd = -1;
541 #ifdef HAVE_SCRIPT
542 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
543 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
544 #endif
545
546 if (!option_bool(OPT_DEBUG) && getuid() == 0)
547 {
548 int bad_capabilities = 0;
549 gid_t dummy;
550
551 /* remove all supplimentary groups */
552 if (gp &&
553 (setgroups(0, &dummy) == -1 ||
554 setgid(gp->gr_gid) == -1))
555 {
556 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
557 _exit(0);
558 }
559
560 if (ent_pw && ent_pw->pw_uid != 0)
561 {
562 #if defined(HAVE_LINUX_NETWORK)
563 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
564 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
565 ports because of DAD, or we're doing it dynamically,
566 we need CAP_NET_BIND_SERVICE too. */
567 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
568 data->effective = data->permitted = data->inheritable =
569 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
570 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
571 else
572 data->effective = data->permitted = data->inheritable =
573 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
574
575 /* Tell kernel to not clear capabilities when dropping root */
576 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
577 bad_capabilities = errno;
578
579 #elif defined(HAVE_SOLARIS_NETWORK)
580 /* http://developers.sun.com/solaris/articles/program_privileges.html */
581 priv_set_t *priv_set;
582
583 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
584 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
585 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
586 bad_capabilities = errno;
587
588 if (priv_set && bad_capabilities == 0)
589 {
590 priv_inverse(priv_set);
591
592 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
593 bad_capabilities = errno;
594 }
595
596 if (priv_set)
597 priv_freeset(priv_set);
598
599 #endif
600
601 if (bad_capabilities != 0)
602 {
603 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
604 _exit(0);
605 }
606
607 /* finally drop root */
608 if (setuid(ent_pw->pw_uid) == -1)
609 {
610 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
611 _exit(0);
612 }
613
614 #ifdef HAVE_LINUX_NETWORK
615 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
616 data->effective = data->permitted =
617 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
618 else
619 data->effective = data->permitted =
620 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
621 data->inheritable = 0;
622
623 /* lose the setuid and setgid capbilities */
624 if (capset(hdr, data) == -1)
625 {
626 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
627 _exit(0);
628 }
629 #endif
630
631 }
632 }
633
634 #ifdef HAVE_LINUX_NETWORK
635 free(hdr);
636 free(data);
637 if (option_bool(OPT_DEBUG))
638 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
639 #endif
640
641 #ifdef HAVE_TFTP
642 if (option_bool(OPT_TFTP))
643 {
644 DIR *dir;
645 struct tftp_prefix *p;
646
647 if (daemon->tftp_prefix)
648 {
649 if (!((dir = opendir(daemon->tftp_prefix))))
650 {
651 tftp_prefix_missing = 1;
652 if (!option_bool(OPT_TFTP_NO_FAIL))
653 {
654 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
655 _exit(0);
656 }
657 }
658 closedir(dir);
659 }
660
661 for (p = daemon->if_prefix; p; p = p->next)
662 {
663 p->missing = 0;
664 if (!((dir = opendir(p->prefix))))
665 {
666 p->missing = 1;
667 if (!option_bool(OPT_TFTP_NO_FAIL))
668 {
669 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
670 _exit(0);
671 }
672 }
673 closedir(dir);
674 }
675 }
676 #endif
677
678 if (daemon->port == 0)
679 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
680 else if (daemon->cachesize != 0)
681 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
682 else
683 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
684
685 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
686
687 #ifdef HAVE_DBUS
688 if (option_bool(OPT_DBUS))
689 {
690 if (daemon->dbus)
691 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
692 else
693 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
694 }
695 #endif
696
697 if (option_bool(OPT_LOCAL_SERVICE))
698 my_syslog(LOG_INFO, _("DNS service limited to local subnets"));
699
700 #ifdef HAVE_DNSSEC
701 if (option_bool(OPT_DNSSEC_VALID))
702 {
703 int rc;
704
705 /* Delay creating the timestamp file until here, after we've changed user, so that
706 it has the correct owner to allow updating the mtime later.
707 This means we have to report fatal errors via the pipe. */
708 if ((rc = setup_timestamp()) == -1)
709 {
710 send_event(err_pipe[1], EVENT_TIME_ERR, errno, daemon->timestamp_file);
711 _exit(0);
712 }
713
714 my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
715
716 if (option_bool(OPT_DNSSEC_TIME))
717 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
718
719 if (rc == 1)
720 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid"));
721 }
722 #endif
723
724 if (log_err != 0)
725 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
726 daemon->log_file, strerror(log_err));
727
728 if (bind_fallback)
729 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
730
731 if (option_bool(OPT_NOWILD))
732 warn_bound_listeners();
733
734 warn_int_names();
735
736 if (!option_bool(OPT_NOWILD))
737 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
738 if (if_tmp->name && !if_tmp->used)
739 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
740
741 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
742 {
743 if (daemon->resolv_files && !daemon->resolv_files->is_default)
744 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
745 daemon->resolv_files = NULL;
746 if (!daemon->servers)
747 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
748 }
749
750 if (daemon->max_logs != 0)
751 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
752
753
754 #ifdef HAVE_DHCP
755 for (context = daemon->dhcp; context; context = context->next)
756 log_context(AF_INET, context);
757
758 for (relay = daemon->relay4; relay; relay = relay->next)
759 log_relay(AF_INET, relay);
760
761 # ifdef HAVE_DHCP6
762 for (context = daemon->dhcp6; context; context = context->next)
763 log_context(AF_INET6, context);
764
765 for (relay = daemon->relay6; relay; relay = relay->next)
766 log_relay(AF_INET6, relay);
767
768 if (daemon->doing_dhcp6 || daemon->doing_ra)
769 dhcp_construct_contexts(now);
770
771 if (option_bool(OPT_RA))
772 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
773 # endif
774
775 # ifdef HAVE_LINUX_NETWORK
776 if (did_bind)
777 my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device);
778 # endif
779
780 /* after dhcp_contruct_contexts */
781 if (daemon->dhcp || daemon->doing_dhcp6)
782 lease_find_interfaces(now);
783 #endif
784
785 #ifdef HAVE_TFTP
786 if (option_bool(OPT_TFTP))
787 {
788 struct tftp_prefix *p;
789 #ifdef FD_SETSIZE
790 if (FD_SETSIZE < (unsigned)max_fd)
791 max_fd = FD_SETSIZE;
792 #endif
793
794 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
795 daemon->tftp_prefix ? _("root is ") : _("enabled"),
796 daemon->tftp_prefix ? daemon->tftp_prefix: "",
797 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
798
799 if (tftp_prefix_missing)
800 my_syslog(MS_TFTP | LOG_WARNING, _("warning: %s inaccessible"), daemon->tftp_prefix);
801
802 for (p = daemon->if_prefix; p; p = p->next)
803 if (p->missing)
804 my_syslog(MS_TFTP | LOG_WARNING, _("warning: TFTP directory %s inaccessible"), p->prefix);
805
806 /* This is a guess, it assumes that for small limits,
807 disjoint files might be served, but for large limits,
808 a single file will be sent to may clients (the file only needs
809 one fd). */
810
811 max_fd -= 30; /* use other than TFTP */
812
813 if (max_fd < 0)
814 max_fd = 5;
815 else if (max_fd < 100)
816 max_fd = max_fd/2;
817 else
818 max_fd = max_fd - 20;
819
820 /* if we have to use a limited range of ports,
821 that will limit the number of transfers */
822 if (daemon->start_tftp_port != 0 &&
823 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
824 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
825
826 if (daemon->tftp_max > max_fd)
827 {
828 daemon->tftp_max = max_fd;
829 my_syslog(MS_TFTP | LOG_WARNING,
830 _("restricting maximum simultaneous TFTP transfers to %d"),
831 daemon->tftp_max);
832 }
833 }
834 #endif
835
836 /* finished start-up - release original process */
837 if (err_pipe[1] != -1)
838 while (retry_send(close(err_pipe[1])));
839
840 if (daemon->port != 0)
841 check_servers();
842
843 pid = getpid();
844
845 #ifdef HAVE_INOTIFY
846 /* Using inotify, have to select a resolv file at startup */
847 poll_resolv(1, 0, now);
848 #endif
849
850 while (1)
851 {
852 int maxfd = -1;
853 struct timeval t, *tp = NULL;
854 fd_set rset, wset, eset;
855
856 FD_ZERO(&rset);
857 FD_ZERO(&wset);
858 FD_ZERO(&eset);
859
860 /* if we are out of resources, find how long we have to wait
861 for some to come free, we'll loop around then and restart
862 listening for queries */
863 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
864 {
865 t.tv_usec = 0;
866 tp = &t;
867 }
868
869 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
870 if (daemon->tftp_trans ||
871 (option_bool(OPT_DBUS) && !daemon->dbus))
872 {
873 t.tv_sec = 0;
874 t.tv_usec = 250000;
875 tp = &t;
876 }
877 /* Wake every second whilst waiting for DAD to complete */
878 else if (is_dad_listeners())
879 {
880 t.tv_sec = 1;
881 t.tv_usec = 0;
882 tp = &t;
883 }
884
885 #ifdef HAVE_DBUS
886 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
887 #endif
888
889 #ifdef HAVE_DHCP
890 if (daemon->dhcp || daemon->relay4)
891 {
892 FD_SET(daemon->dhcpfd, &rset);
893 bump_maxfd(daemon->dhcpfd, &maxfd);
894 if (daemon->pxefd != -1)
895 {
896 FD_SET(daemon->pxefd, &rset);
897 bump_maxfd(daemon->pxefd, &maxfd);
898 }
899 }
900 #endif
901
902 #ifdef HAVE_DHCP6
903 if (daemon->doing_dhcp6 || daemon->relay6)
904 {
905 FD_SET(daemon->dhcp6fd, &rset);
906 bump_maxfd(daemon->dhcp6fd, &maxfd);
907 }
908
909 if (daemon->doing_ra)
910 {
911 FD_SET(daemon->icmp6fd, &rset);
912 bump_maxfd(daemon->icmp6fd, &maxfd);
913 }
914 #endif
915
916 #ifdef HAVE_INOTIFY
917 if (daemon->inotifyfd != -1)
918 {
919 FD_SET(daemon->inotifyfd, &rset);
920 bump_maxfd(daemon->inotifyfd, &maxfd);
921 }
922 #endif
923
924 #if defined(HAVE_LINUX_NETWORK)
925 FD_SET(daemon->netlinkfd, &rset);
926 bump_maxfd(daemon->netlinkfd, &maxfd);
927 #elif defined(HAVE_BSD_NETWORK)
928 FD_SET(daemon->routefd, &rset);
929 bump_maxfd(daemon->routefd, &maxfd);
930 #endif
931
932 FD_SET(piperead, &rset);
933 bump_maxfd(piperead, &maxfd);
934
935 #ifdef HAVE_DHCP
936 # ifdef HAVE_SCRIPT
937 while (helper_buf_empty() && do_script_run(now));
938
939 # ifdef HAVE_TFTP
940 while (helper_buf_empty() && do_tftp_script_run());
941 # endif
942
943 if (!helper_buf_empty())
944 {
945 FD_SET(daemon->helperfd, &wset);
946 bump_maxfd(daemon->helperfd, &maxfd);
947 }
948 # else
949 /* need this for other side-effects */
950 while (do_script_run(now));
951
952 # ifdef HAVE_TFTP
953 while (do_tftp_script_run());
954 # endif
955
956 # endif
957 #endif
958
959 /* must do this just before select(), when we know no
960 more calls to my_syslog() can occur */
961 set_log_writer(&wset, &maxfd);
962
963 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
964 {
965 /* otherwise undefined after error */
966 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
967 }
968
969 now = dnsmasq_time();
970
971 check_log_writer(&wset);
972
973 /* prime. */
974 enumerate_interfaces(1);
975
976 /* Check the interfaces to see if any have exited DAD state
977 and if so, bind the address. */
978 if (is_dad_listeners())
979 {
980 enumerate_interfaces(0);
981 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
982 create_bound_listeners(0);
983 warn_bound_listeners();
984 }
985
986 #if defined(HAVE_LINUX_NETWORK)
987 if (FD_ISSET(daemon->netlinkfd, &rset))
988 netlink_multicast();
989 #elif defined(HAVE_BSD_NETWORK)
990 if (FD_ISSET(daemon->routefd, &rset))
991 route_sock();
992 #endif
993
994 #ifdef HAVE_INOTIFY
995 if (daemon->inotifyfd != -1 && FD_ISSET(daemon->inotifyfd, &rset) && inotify_check(now))
996 {
997 if (daemon->port != 0 && !option_bool(OPT_NO_POLL))
998 poll_resolv(1, 1, now);
999 }
1000 #else
1001 /* Check for changes to resolv files once per second max. */
1002 /* Don't go silent for long periods if the clock goes backwards. */
1003 if (daemon->last_resolv == 0 ||
1004 difftime(now, daemon->last_resolv) > 1.0 ||
1005 difftime(now, daemon->last_resolv) < -1.0)
1006 {
1007 /* poll_resolv doesn't need to reload first time through, since
1008 that's queued anyway. */
1009
1010 poll_resolv(0, daemon->last_resolv != 0, now);
1011 daemon->last_resolv = now;
1012 }
1013 #endif
1014
1015 if (FD_ISSET(piperead, &rset))
1016 async_event(piperead, now);
1017
1018 #ifdef HAVE_DBUS
1019 /* if we didn't create a DBus connection, retry now. */
1020 if (option_bool(OPT_DBUS) && !daemon->dbus)
1021 {
1022 char *err;
1023 if ((err = dbus_init()))
1024 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
1025 if (daemon->dbus)
1026 my_syslog(LOG_INFO, _("connected to system DBus"));
1027 }
1028 check_dbus_listeners(&rset, &wset, &eset);
1029 #endif
1030
1031 check_dns_listeners(&rset, now);
1032
1033 #ifdef HAVE_TFTP
1034 check_tftp_listeners(&rset, now);
1035 #endif
1036
1037 #ifdef HAVE_DHCP
1038 if (daemon->dhcp || daemon->relay4)
1039 {
1040 if (FD_ISSET(daemon->dhcpfd, &rset))
1041 dhcp_packet(now, 0);
1042 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
1043 dhcp_packet(now, 1);
1044 }
1045
1046 #ifdef HAVE_DHCP6
1047 if ((daemon->doing_dhcp6 || daemon->relay6) && FD_ISSET(daemon->dhcp6fd, &rset))
1048 dhcp6_packet(now);
1049
1050 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1051 icmp6_packet(now);
1052 #endif
1053
1054 # ifdef HAVE_SCRIPT
1055 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
1056 helper_write();
1057 # endif
1058 #endif
1059
1060 }
1061 }
1062
1063 static void sig_handler(int sig)
1064 {
1065 if (pid == 0)
1066 {
1067 /* ignore anything other than TERM during startup
1068 and in helper proc. (helper ignore TERM too) */
1069 if (sig == SIGTERM)
1070 exit(EC_MISC);
1071 }
1072 else if (pid != getpid())
1073 {
1074 /* alarm is used to kill TCP children after a fixed time. */
1075 if (sig == SIGALRM)
1076 _exit(0);
1077 }
1078 else
1079 {
1080 /* master process */
1081 int event, errsave = errno;
1082
1083 if (sig == SIGHUP)
1084 event = EVENT_RELOAD;
1085 else if (sig == SIGCHLD)
1086 event = EVENT_CHILD;
1087 else if (sig == SIGALRM)
1088 event = EVENT_ALARM;
1089 else if (sig == SIGTERM)
1090 event = EVENT_TERM;
1091 else if (sig == SIGUSR1)
1092 event = EVENT_DUMP;
1093 else if (sig == SIGUSR2)
1094 event = EVENT_REOPEN;
1095 else
1096 return;
1097
1098 send_event(pipewrite, event, 0, NULL);
1099 errno = errsave;
1100 }
1101 }
1102
1103 /* now == 0 -> queue immediate callback */
1104 void send_alarm(time_t event, time_t now)
1105 {
1106 if (now == 0 || event != 0)
1107 {
1108 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1109 if ((now == 0 || difftime(event, now) <= 0.0))
1110 send_event(pipewrite, EVENT_ALARM, 0, NULL);
1111 else
1112 alarm((unsigned)difftime(event, now));
1113 }
1114 }
1115
1116 void queue_event(int event)
1117 {
1118 send_event(pipewrite, event, 0, NULL);
1119 }
1120
1121 void send_event(int fd, int event, int data, char *msg)
1122 {
1123 struct event_desc ev;
1124 struct iovec iov[2];
1125
1126 ev.event = event;
1127 ev.data = data;
1128 ev.msg_sz = msg ? strlen(msg) : 0;
1129
1130 iov[0].iov_base = &ev;
1131 iov[0].iov_len = sizeof(ev);
1132 iov[1].iov_base = msg;
1133 iov[1].iov_len = ev.msg_sz;
1134
1135 /* error pipe, debug mode. */
1136 if (fd == -1)
1137 fatal_event(&ev, msg);
1138 else
1139 /* pipe is non-blocking and struct event_desc is smaller than
1140 PIPE_BUF, so this either fails or writes everything */
1141 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
1142 }
1143
1144 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1145 to describe fatal errors. */
1146 static int read_event(int fd, struct event_desc *evp, char **msg)
1147 {
1148 char *buf;
1149
1150 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1151 return 0;
1152
1153 *msg = NULL;
1154
1155 if (evp->msg_sz != 0 &&
1156 (buf = malloc(evp->msg_sz + 1)) &&
1157 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1158 {
1159 buf[evp->msg_sz] = 0;
1160 *msg = buf;
1161 }
1162
1163 return 1;
1164 }
1165
1166 static void fatal_event(struct event_desc *ev, char *msg)
1167 {
1168 errno = ev->data;
1169
1170 switch (ev->event)
1171 {
1172 case EVENT_DIE:
1173 exit(0);
1174
1175 case EVENT_FORK_ERR:
1176 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1177
1178 case EVENT_PIPE_ERR:
1179 die(_("failed to create helper: %s"), NULL, EC_MISC);
1180
1181 case EVENT_CAP_ERR:
1182 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1183
1184 case EVENT_USER_ERR:
1185 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1186
1187 case EVENT_GROUP_ERR:
1188 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1189
1190 case EVENT_PIDFILE:
1191 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1192
1193 case EVENT_LOG_ERR:
1194 die(_("cannot open log %s: %s"), msg, EC_FILE);
1195
1196 case EVENT_LUA_ERR:
1197 die(_("failed to load Lua script: %s"), msg, EC_MISC);
1198
1199 case EVENT_TFTP_ERR:
1200 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1201
1202 case EVENT_TIME_ERR:
1203 die(_("cannot create timestamp file %s: %s" ), msg, EC_BADCONF);
1204 }
1205 }
1206
1207 static void async_event(int pipe, time_t now)
1208 {
1209 pid_t p;
1210 struct event_desc ev;
1211 int i, check = 0;
1212 char *msg;
1213
1214 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1215 to describe fatal errors. */
1216
1217 if (read_event(pipe, &ev, &msg))
1218 switch (ev.event)
1219 {
1220 case EVENT_RELOAD:
1221 #ifdef HAVE_DNSSEC
1222 if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
1223 {
1224 my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
1225 reset_option_bool(OPT_DNSSEC_TIME);
1226 }
1227 #endif
1228 /* fall through */
1229
1230 case EVENT_INIT:
1231 clear_cache_and_reload(now);
1232
1233 if (daemon->port != 0)
1234 {
1235 if (daemon->resolv_files && option_bool(OPT_NO_POLL))
1236 {
1237 reload_servers(daemon->resolv_files->name);
1238 check = 1;
1239 }
1240
1241 if (daemon->servers_file)
1242 {
1243 read_servers_file();
1244 check = 1;
1245 }
1246
1247 if (check)
1248 check_servers();
1249 }
1250
1251 #ifdef HAVE_DHCP
1252 rerun_scripts();
1253 #endif
1254 break;
1255
1256 case EVENT_DUMP:
1257 if (daemon->port != 0)
1258 dump_cache(now);
1259 break;
1260
1261 case EVENT_ALARM:
1262 #ifdef HAVE_DHCP
1263 if (daemon->dhcp || daemon->doing_dhcp6)
1264 {
1265 lease_prune(NULL, now);
1266 lease_update_file(now);
1267 }
1268 #ifdef HAVE_DHCP6
1269 else if (daemon->doing_ra)
1270 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1271 send_alarm(periodic_ra(now), now);
1272 #endif
1273 #endif
1274 break;
1275
1276 case EVENT_CHILD:
1277 /* See Stevens 5.10 */
1278 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1279 if (p == -1)
1280 {
1281 if (errno != EINTR)
1282 break;
1283 }
1284 else
1285 for (i = 0 ; i < MAX_PROCS; i++)
1286 if (daemon->tcp_pids[i] == p)
1287 daemon->tcp_pids[i] = 0;
1288 break;
1289
1290 case EVENT_KILLED:
1291 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
1292 break;
1293
1294 case EVENT_EXITED:
1295 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
1296 break;
1297
1298 case EVENT_EXEC_ERR:
1299 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1300 daemon->lease_change_command, strerror(ev.data));
1301 break;
1302
1303 /* necessary for fatal errors in helper */
1304 case EVENT_USER_ERR:
1305 case EVENT_DIE:
1306 case EVENT_LUA_ERR:
1307 fatal_event(&ev, msg);
1308 break;
1309
1310 case EVENT_REOPEN:
1311 /* Note: this may leave TCP-handling processes with the old file still open.
1312 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1313 we leave them logging to the old file. */
1314 if (daemon->log_file != NULL)
1315 log_reopen(daemon->log_file);
1316 break;
1317
1318 case EVENT_NEWADDR:
1319 newaddress(now);
1320 break;
1321
1322 case EVENT_NEWROUTE:
1323 resend_query();
1324 /* Force re-reading resolv file right now, for luck. */
1325 poll_resolv(0, 1, now);
1326 break;
1327
1328 case EVENT_TERM:
1329 /* Knock all our children on the head. */
1330 for (i = 0; i < MAX_PROCS; i++)
1331 if (daemon->tcp_pids[i] != 0)
1332 kill(daemon->tcp_pids[i], SIGALRM);
1333
1334 #if defined(HAVE_SCRIPT)
1335 /* handle pending lease transitions */
1336 if (daemon->helperfd != -1)
1337 {
1338 /* block in writes until all done */
1339 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1340 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1341 do {
1342 helper_write();
1343 } while (!helper_buf_empty() || do_script_run(now));
1344 while (retry_send(close(daemon->helperfd)));
1345 }
1346 #endif
1347
1348 if (daemon->lease_stream)
1349 fclose(daemon->lease_stream);
1350
1351 if (daemon->runfile)
1352 unlink(daemon->runfile);
1353
1354 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1355 flush_log();
1356 exit(EC_GOOD);
1357 }
1358 }
1359
1360 static void poll_resolv(int force, int do_reload, time_t now)
1361 {
1362 struct resolvc *res, *latest;
1363 struct stat statbuf;
1364 time_t last_change = 0;
1365 /* There may be more than one possible file.
1366 Go through and find the one which changed _last_.
1367 Warn of any which can't be read. */
1368
1369 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
1370 return;
1371
1372 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1373 if (stat(res->name, &statbuf) == -1)
1374 {
1375 if (force)
1376 {
1377 res->mtime = 0;
1378 continue;
1379 }
1380
1381 if (!res->logged)
1382 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1383 res->logged = 1;
1384
1385 if (res->mtime != 0)
1386 {
1387 /* existing file evaporated, force selection of the latest
1388 file even if its mtime hasn't changed since we last looked */
1389 poll_resolv(1, do_reload, now);
1390 return;
1391 }
1392 }
1393 else
1394 {
1395 res->logged = 0;
1396 if (force || (statbuf.st_mtime != res->mtime))
1397 {
1398 res->mtime = statbuf.st_mtime;
1399 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1400 {
1401 last_change = statbuf.st_mtime;
1402 latest = res;
1403 }
1404 }
1405 }
1406
1407 if (latest)
1408 {
1409 static int warned = 0;
1410 if (reload_servers(latest->name))
1411 {
1412 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1413 warned = 0;
1414 check_servers();
1415 if (option_bool(OPT_RELOAD) && do_reload)
1416 clear_cache_and_reload(now);
1417 }
1418 else
1419 {
1420 latest->mtime = 0;
1421 if (!warned)
1422 {
1423 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1424 warned = 1;
1425 }
1426 }
1427 }
1428 }
1429
1430 void clear_cache_and_reload(time_t now)
1431 {
1432 (void)now;
1433
1434 if (daemon->port != 0)
1435 cache_reload();
1436
1437 #ifdef HAVE_DHCP
1438 if (daemon->dhcp || daemon->doing_dhcp6)
1439 {
1440 if (option_bool(OPT_ETHERS))
1441 dhcp_read_ethers();
1442 reread_dhcp();
1443 #ifdef HAVE_INOTIFY
1444 set_dynamic_inotify(AH_DHCP_HST | AH_DHCP_OPT, 0, NULL, 0);
1445 #endif
1446 dhcp_update_configs(daemon->dhcp_conf);
1447 lease_update_from_configs();
1448 lease_update_file(now);
1449 lease_update_dns(1);
1450 }
1451 #ifdef HAVE_DHCP6
1452 else if (daemon->doing_ra)
1453 /* Not doing DHCP, so no lease system, manage
1454 alarms for ra only */
1455 send_alarm(periodic_ra(now), now);
1456 #endif
1457 #endif
1458 }
1459
1460 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1461 {
1462 struct serverfd *serverfdp;
1463 struct listener *listener;
1464 int wait = 0, i;
1465
1466 #ifdef HAVE_TFTP
1467 int tftp = 0;
1468 struct tftp_transfer *transfer;
1469 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1470 {
1471 tftp++;
1472 FD_SET(transfer->sockfd, set);
1473 bump_maxfd(transfer->sockfd, maxfdp);
1474 }
1475 #endif
1476
1477 /* will we be able to get memory? */
1478 if (daemon->port != 0)
1479 get_new_frec(now, &wait, 0);
1480
1481 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1482 {
1483 FD_SET(serverfdp->fd, set);
1484 bump_maxfd(serverfdp->fd, maxfdp);
1485 }
1486
1487 if (daemon->port != 0 && !daemon->osport)
1488 for (i = 0; i < RANDOM_SOCKS; i++)
1489 if (daemon->randomsocks[i].refcount != 0)
1490 {
1491 FD_SET(daemon->randomsocks[i].fd, set);
1492 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1493 }
1494
1495 for (listener = daemon->listeners; listener; listener = listener->next)
1496 {
1497 /* only listen for queries if we have resources */
1498 if (listener->fd != -1 && wait == 0)
1499 {
1500 FD_SET(listener->fd, set);
1501 bump_maxfd(listener->fd, maxfdp);
1502 }
1503
1504 /* death of a child goes through the select loop, so
1505 we don't need to explicitly arrange to wake up here */
1506 if (listener->tcpfd != -1)
1507 for (i = 0; i < MAX_PROCS; i++)
1508 if (daemon->tcp_pids[i] == 0)
1509 {
1510 FD_SET(listener->tcpfd, set);
1511 bump_maxfd(listener->tcpfd, maxfdp);
1512 break;
1513 }
1514
1515 #ifdef HAVE_TFTP
1516 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1517 {
1518 FD_SET(listener->tftpfd, set);
1519 bump_maxfd(listener->tftpfd, maxfdp);
1520 }
1521 #endif
1522
1523 }
1524
1525 return wait;
1526 }
1527
1528 static void check_dns_listeners(fd_set *set, time_t now)
1529 {
1530 struct serverfd *serverfdp;
1531 struct listener *listener;
1532 int i;
1533
1534 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1535 if (FD_ISSET(serverfdp->fd, set))
1536 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1537
1538 if (daemon->port != 0 && !daemon->osport)
1539 for (i = 0; i < RANDOM_SOCKS; i++)
1540 if (daemon->randomsocks[i].refcount != 0 &&
1541 FD_ISSET(daemon->randomsocks[i].fd, set))
1542 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1543
1544 for (listener = daemon->listeners; listener; listener = listener->next)
1545 {
1546 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1547 receive_query(listener, now);
1548
1549 #ifdef HAVE_TFTP
1550 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1551 tftp_request(listener, now);
1552 #endif
1553
1554 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1555 {
1556 int confd, client_ok = 1;
1557 struct irec *iface = NULL;
1558 pid_t p;
1559 union mysockaddr tcp_addr;
1560 socklen_t tcp_len = sizeof(union mysockaddr);
1561
1562 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1563
1564 if (confd == -1)
1565 continue;
1566
1567 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1568 {
1569 while (retry_send(close(confd)));
1570 continue;
1571 }
1572
1573 /* Make sure that the interface list is up-to-date.
1574
1575 We do this here as we may need the results below, and
1576 the DNS code needs them for --interface-name stuff.
1577
1578 Multiple calls to enumerate_interfaces() per select loop are
1579 inhibited, so calls to it in the child process (which doesn't select())
1580 have no effect. This avoids two processes reading from the same
1581 netlink fd and screwing the pooch entirely.
1582 */
1583
1584 enumerate_interfaces(0);
1585
1586 if (option_bool(OPT_NOWILD))
1587 iface = listener->iface; /* May be NULL */
1588 else
1589 {
1590 int if_index;
1591 char intr_name[IF_NAMESIZE];
1592
1593 /* if we can find the arrival interface, check it's one that's allowed */
1594 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1595 indextoname(listener->tcpfd, if_index, intr_name))
1596 {
1597 struct all_addr addr;
1598 addr.addr.addr4 = tcp_addr.in.sin_addr;
1599 #ifdef HAVE_IPV6
1600 if (tcp_addr.sa.sa_family == AF_INET6)
1601 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
1602 #endif
1603
1604 for (iface = daemon->interfaces; iface; iface = iface->next)
1605 if (iface->index == if_index)
1606 break;
1607
1608 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1609 client_ok = 0;
1610 }
1611
1612 if (option_bool(OPT_CLEVERBIND))
1613 iface = listener->iface; /* May be NULL */
1614 else
1615 {
1616 /* Check for allowed interfaces when binding the wildcard address:
1617 we do this by looking for an interface with the same address as
1618 the local address of the TCP connection, then looking to see if that's
1619 an allowed interface. As a side effect, we get the netmask of the
1620 interface too, for localisation. */
1621
1622 for (iface = daemon->interfaces; iface; iface = iface->next)
1623 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1624 break;
1625
1626 if (!iface)
1627 client_ok = 0;
1628 }
1629 }
1630
1631 if (!client_ok)
1632 {
1633 shutdown(confd, SHUT_RDWR);
1634 while (retry_send(close(confd)));
1635 }
1636 #ifndef NO_FORK
1637 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
1638 {
1639 if (p != -1)
1640 {
1641 int i;
1642 for (i = 0; i < MAX_PROCS; i++)
1643 if (daemon->tcp_pids[i] == 0)
1644 {
1645 daemon->tcp_pids[i] = p;
1646 break;
1647 }
1648 }
1649 while (retry_send(close(confd)));
1650
1651 /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
1652 daemon->log_id += TCP_MAX_QUERIES;
1653 }
1654 #endif
1655 else
1656 {
1657 unsigned char *buff;
1658 struct server *s;
1659 int flags;
1660 struct in_addr netmask;
1661 int auth_dns;
1662
1663 if (iface)
1664 {
1665 netmask = iface->netmask;
1666 auth_dns = iface->dns_auth;
1667 }
1668 else
1669 {
1670 netmask.s_addr = 0;
1671 auth_dns = 0;
1672 }
1673
1674 #ifndef NO_FORK
1675 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1676 terminate the process. */
1677 if (!option_bool(OPT_DEBUG))
1678 alarm(CHILD_LIFETIME);
1679 #endif
1680
1681 /* start with no upstream connections. */
1682 for (s = daemon->servers; s; s = s->next)
1683 s->tcpfd = -1;
1684
1685 /* The connected socket inherits non-blocking
1686 attribute from the listening socket.
1687 Reset that here. */
1688 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1689 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1690
1691 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
1692
1693 shutdown(confd, SHUT_RDWR);
1694 while (retry_send(close(confd)));
1695
1696 if (buff)
1697 free(buff);
1698
1699 for (s = daemon->servers; s; s = s->next)
1700 if (s->tcpfd != -1)
1701 {
1702 shutdown(s->tcpfd, SHUT_RDWR);
1703 while (retry_send(close(s->tcpfd)));
1704 }
1705 #ifndef NO_FORK
1706 if (!option_bool(OPT_DEBUG))
1707 {
1708 flush_log();
1709 _exit(0);
1710 }
1711 #endif
1712 }
1713 }
1714 }
1715 }
1716
1717 #ifdef HAVE_DHCP
1718 int make_icmp_sock(void)
1719 {
1720 int fd;
1721 int zeroopt = 0;
1722
1723 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1724 {
1725 if (!fix_fd(fd) ||
1726 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1727 {
1728 close(fd);
1729 fd = -1;
1730 }
1731 }
1732
1733 return fd;
1734 }
1735
1736 int icmp_ping(struct in_addr addr)
1737 {
1738 /* Try and get an ICMP echo from a machine. */
1739
1740 /* Note that whilst in the three second wait, we check for
1741 (and service) events on the DNS and TFTP sockets, (so doing that
1742 better not use any resources our caller has in use...)
1743 but we remain deaf to signals or further DHCP packets. */
1744
1745 int fd;
1746 struct sockaddr_in saddr;
1747 struct {
1748 struct ip ip;
1749 struct icmp icmp;
1750 } packet;
1751 unsigned short id = rand16();
1752 unsigned int i, j;
1753 int gotreply = 0;
1754 time_t start, now;
1755
1756 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1757 if ((fd = make_icmp_sock()) == -1)
1758 return 0;
1759 #else
1760 int opt = 2000;
1761 fd = daemon->dhcp_icmp_fd;
1762 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1763 #endif
1764
1765 saddr.sin_family = AF_INET;
1766 saddr.sin_port = 0;
1767 saddr.sin_addr = addr;
1768 #ifdef HAVE_SOCKADDR_SA_LEN
1769 saddr.sin_len = sizeof(struct sockaddr_in);
1770 #endif
1771
1772 memset(&packet.icmp, 0, sizeof(packet.icmp));
1773 packet.icmp.icmp_type = ICMP_ECHO;
1774 packet.icmp.icmp_id = id;
1775 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1776 j += ((u16 *)&packet.icmp)[i];
1777 while (j>>16)
1778 j = (j & 0xffff) + (j >> 16);
1779 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1780
1781 while (retry_send(sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1782 (struct sockaddr *)&saddr, sizeof(saddr))));
1783
1784 for (now = start = dnsmasq_time();
1785 difftime(now, start) < (float)PING_WAIT;)
1786 {
1787 struct timeval tv;
1788 fd_set rset, wset;
1789 struct sockaddr_in faddr;
1790 int maxfd = fd;
1791 socklen_t len = sizeof(faddr);
1792
1793 tv.tv_usec = 250000;
1794 tv.tv_sec = 0;
1795
1796 FD_ZERO(&rset);
1797 FD_ZERO(&wset);
1798 FD_SET(fd, &rset);
1799 set_dns_listeners(now, &rset, &maxfd);
1800 set_log_writer(&wset, &maxfd);
1801
1802 #ifdef HAVE_DHCP6
1803 if (daemon->doing_ra)
1804 {
1805 FD_SET(daemon->icmp6fd, &rset);
1806 bump_maxfd(daemon->icmp6fd, &maxfd);
1807 }
1808 #endif
1809
1810 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1811 {
1812 FD_ZERO(&rset);
1813 FD_ZERO(&wset);
1814 }
1815
1816 now = dnsmasq_time();
1817
1818 check_log_writer(&wset);
1819 check_dns_listeners(&rset, now);
1820
1821 #ifdef HAVE_DHCP6
1822 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1823 icmp6_packet(now);
1824 #endif
1825
1826 #ifdef HAVE_TFTP
1827 check_tftp_listeners(&rset, now);
1828 #endif
1829
1830 if (FD_ISSET(fd, &rset) &&
1831 recvfrom(fd, &packet, sizeof(packet), 0,
1832 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1833 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1834 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1835 packet.icmp.icmp_seq == 0 &&
1836 packet.icmp.icmp_id == id)
1837 {
1838 gotreply = 1;
1839 break;
1840 }
1841 }
1842
1843 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1844 while (retry_send(close(fd)));
1845 #else
1846 opt = 1;
1847 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1848 #endif
1849
1850 return gotreply;
1851 }
1852 #endif
1853
1854
Michael's tree of dnsmasq.