1 /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 /* Declare static char *compiler_opts in config.h */
18 #define DNSMASQ_COMPILE_OPTS
22 struct daemon
*daemon
;
24 static volatile pid_t pid
= 0;
25 static volatile int pipewrite
;
27 static int set_dns_listeners(time_t now
, fd_set
*set
, int *maxfdp
);
28 static void check_dns_listeners(fd_set
*set
, time_t now
);
29 static void sig_handler(int sig
);
30 static void async_event(int pipe
, time_t now
);
31 static void fatal_event(struct event_desc
*ev
, char *msg
);
32 static int read_event(int fd
, struct event_desc
*evp
, char **msg
);
33 static void poll_resolv(int force
, int do_reload
, time_t now
);
35 int main (int argc
, char **argv
)
37 int bind_fallback
= 0;
39 struct sigaction sigact
;
41 int piperead
, pipefd
[2], err_pipe
[2];
42 struct passwd
*ent_pw
= NULL
;
43 #if defined(HAVE_SCRIPT)
47 struct group
*gp
= NULL
;
48 long i
, max_fd
= sysconf(_SC_OPEN_MAX
);
51 #if defined(HAVE_LINUX_NETWORK)
52 cap_user_header_t hdr
= NULL
;
53 cap_user_data_t data
= NULL
;
54 char *bound_device
= NULL
;
57 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
58 struct dhcp_context
*context
;
59 struct dhcp_relay
*relay
;
62 int tftp_prefix_missing
= 0;
66 setlocale(LC_ALL
, "");
67 bindtextdomain("dnsmasq", LOCALEDIR
);
68 textdomain("dnsmasq");
71 sigact
.sa_handler
= sig_handler
;
73 sigemptyset(&sigact
.sa_mask
);
74 sigaction(SIGUSR1
, &sigact
, NULL
);
75 sigaction(SIGUSR2
, &sigact
, NULL
);
76 sigaction(SIGHUP
, &sigact
, NULL
);
77 sigaction(SIGTERM
, &sigact
, NULL
);
78 sigaction(SIGALRM
, &sigact
, NULL
);
79 sigaction(SIGCHLD
, &sigact
, NULL
);
82 sigact
.sa_handler
= SIG_IGN
;
83 sigaction(SIGPIPE
, &sigact
, NULL
);
85 umask(022); /* known umask, create leases and pid files as 0644 */
87 rand_init(); /* Must precede read_opts() */
89 read_opts(argc
, argv
, compile_opts
);
91 if (daemon
->edns_pktsz
< PACKETSZ
)
92 daemon
->edns_pktsz
= PACKETSZ
;
94 daemon
->packet_buff_sz
= daemon
->edns_pktsz
> DNSMASQ_PACKETSZ
?
95 daemon
->edns_pktsz
: DNSMASQ_PACKETSZ
;
96 daemon
->packet
= safe_malloc(daemon
->packet_buff_sz
);
98 daemon
->addrbuff
= safe_malloc(ADDRSTRLEN
);
99 if (option_bool(OPT_EXTRALOG
))
100 daemon
->addrbuff2
= safe_malloc(ADDRSTRLEN
);
103 if (option_bool(OPT_DNSSEC_VALID
))
105 daemon
->keyname
= safe_malloc(MAXDNAME
);
106 daemon
->workspacename
= safe_malloc(MAXDNAME
);
111 if (!daemon
->lease_file
)
113 if (daemon
->dhcp
|| daemon
->dhcp6
)
114 daemon
->lease_file
= LEASEFILE
;
118 /* Close any file descriptors we inherited apart from std{in|out|err}
120 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
121 otherwise file descriptors we create can end up being 0, 1, or 2
122 and then get accidentally closed later when we make 0, 1, and 2
123 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
124 but it's not guaranteed. By opening /dev/null three times, we
125 ensure that we're not using those fds for real stuff. */
126 for (i
= 0; i
< max_fd
; i
++)
127 if (i
!= STDOUT_FILENO
&& i
!= STDERR_FILENO
&& i
!= STDIN_FILENO
)
130 open("/dev/null", O_RDWR
);
132 #ifndef HAVE_LINUX_NETWORK
133 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
134 if (!option_bool(OPT_NOWILD
))
137 set_option_bool(OPT_NOWILD
);
141 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
142 if (option_bool(OPT_CLEVERBIND
))
145 set_option_bool(OPT_NOWILD
);
146 reset_option_bool(OPT_CLEVERBIND
);
151 if (daemon
->dynamic_dirs
)
152 die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL
, EC_BADCONF
);
155 if (option_bool(OPT_DNSSEC_VALID
))
159 die(_("no trust anchors provided for DNSSEC"), NULL
, EC_BADCONF
);
161 if (daemon
->cachesize
< CACHESIZ
)
162 die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL
, EC_BADCONF
);
164 die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL
, EC_BADCONF
);
169 if (option_bool(OPT_TFTP
))
170 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL
, EC_BADCONF
);
173 #ifdef HAVE_CONNTRACK
174 if (option_bool(OPT_CONNTRACK
) && (daemon
->query_port
!= 0 || daemon
->osport
))
175 die (_("cannot use --conntrack AND --query-port"), NULL
, EC_BADCONF
);
177 if (option_bool(OPT_CONNTRACK
))
178 die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL
, EC_BADCONF
);
181 #ifdef HAVE_SOLARIS_NETWORK
182 if (daemon
->max_logs
!= 0)
183 die(_("asychronous logging is not available under Solaris"), NULL
, EC_BADCONF
);
187 if (daemon
->max_logs
!= 0)
188 die(_("asychronous logging is not available under Android"), NULL
, EC_BADCONF
);
192 if (daemon
->authserver
)
193 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL
, EC_BADCONF
);
197 if (option_bool(OPT_LOOP_DETECT
))
198 die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL
, EC_BADCONF
);
201 now
= dnsmasq_time();
203 /* Create a serial at startup if not configured. */
204 if (daemon
->authinterface
&& daemon
->soa_sn
== 0)
205 #ifdef HAVE_BROKEN_RTC
206 die(_("zone serial must be configured in --auth-soa"), NULL
, EC_BADCONF
);
208 daemon
->soa_sn
= now
;
214 daemon
->doing_ra
= option_bool(OPT_RA
);
216 for (context
= daemon
->dhcp6
; context
; context
= context
->next
)
218 if (context
->flags
& CONTEXT_DHCP
)
219 daemon
->doing_dhcp6
= 1;
220 if (context
->flags
& CONTEXT_RA
)
221 daemon
->doing_ra
= 1;
222 #if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK)
223 if (context
->flags
& CONTEXT_TEMPLATE
)
224 die (_("dhcp-range constructor not available on this platform"), NULL
, EC_BADCONF
);
231 /* Note that order matters here, we must call lease_init before
232 creating any file descriptors which shouldn't be leaked
233 to the lease-script init process. We need to call common_init
234 before lease_init to allocate buffers it uses.*/
235 if (daemon
->dhcp
|| daemon
->doing_dhcp6
|| daemon
->relay4
|| daemon
->relay6
)
238 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
242 if (daemon
->dhcp
|| daemon
->relay4
)
246 if (daemon
->doing_ra
|| daemon
->doing_dhcp6
|| daemon
->relay6
)
249 if (daemon
->doing_dhcp6
|| daemon
->relay6
)
260 #if defined(HAVE_LINUX_NETWORK)
262 #elif defined(HAVE_BSD_NETWORK)
266 if (option_bool(OPT_NOWILD
) && option_bool(OPT_CLEVERBIND
))
267 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL
, EC_BADCONF
);
269 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
270 die(_("failed to find list of interfaces: %s"), NULL
, EC_MISC
);
272 if (option_bool(OPT_NOWILD
) || option_bool(OPT_CLEVERBIND
))
274 create_bound_listeners(1);
276 if (!option_bool(OPT_CLEVERBIND
))
277 for (if_tmp
= daemon
->if_names
; if_tmp
; if_tmp
= if_tmp
->next
)
278 if (if_tmp
->name
&& !if_tmp
->used
)
279 die(_("unknown interface %s"), if_tmp
->name
, EC_BADNET
);
281 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
282 /* after enumerate_interfaces() */
283 bound_device
= whichdevice();
287 if (!daemon
->relay4
&& bound_device
)
289 bindtodevice(bound_device
, daemon
->dhcpfd
);
292 if (daemon
->enable_pxe
&& bound_device
)
294 bindtodevice(bound_device
, daemon
->pxefd
);
300 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
301 if (daemon
->doing_dhcp6
&& !daemon
->relay6
&& bound_device
)
303 bindtodevice(bound_device
, daemon
->dhcp6fd
);
309 create_wildcard_listeners();
312 /* after enumerate_interfaces() */
313 if (daemon
->doing_dhcp6
|| daemon
->relay6
|| daemon
->doing_ra
)
316 /* After netlink_init() and before create_helper() */
317 lease_make_duid(now
);
320 if (daemon
->port
!= 0)
330 if (daemon
->port
!= 0 || daemon
->dhcp
|| daemon
->doing_dhcp6
)
331 inotify_dnsmasq_init();
333 daemon
->inotifyfd
= -1;
336 if (option_bool(OPT_DBUS
))
341 daemon
->watches
= NULL
;
342 if ((err
= dbus_init()))
343 die(_("DBus error: %s"), err
, EC_MISC
);
346 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL
, EC_BADCONF
);
349 if (daemon
->port
!= 0)
352 #if defined(HAVE_SCRIPT)
353 /* Note getpwnam returns static storage */
354 if ((daemon
->dhcp
|| daemon
->dhcp6
) &&
355 daemon
->scriptuser
&&
356 (daemon
->lease_change_command
|| daemon
->luascript
))
358 if ((ent_pw
= getpwnam(daemon
->scriptuser
)))
360 script_uid
= ent_pw
->pw_uid
;
361 script_gid
= ent_pw
->pw_gid
;
364 baduser
= daemon
->scriptuser
;
368 if (daemon
->username
&& !(ent_pw
= getpwnam(daemon
->username
)))
369 baduser
= daemon
->username
;
370 else if (daemon
->groupname
&& !(gp
= getgrnam(daemon
->groupname
)))
371 baduser
= daemon
->groupname
;
374 die(_("unknown user or group: %s"), baduser
, EC_BADCONF
);
376 /* implement group defaults, "dip" if available, or group associated with uid */
377 if (!daemon
->group_set
&& !gp
)
379 if (!(gp
= getgrnam(CHGRP
)) && ent_pw
)
380 gp
= getgrgid(ent_pw
->pw_gid
);
382 /* for error message */
384 daemon
->groupname
= gp
->gr_name
;
387 #if defined(HAVE_LINUX_NETWORK)
388 /* determine capability API version here, while we can still
390 if (ent_pw
&& ent_pw
->pw_uid
!= 0)
392 int capsize
= 1; /* for header version 1 */
393 hdr
= safe_malloc(sizeof(*hdr
));
395 /* find version supported by kernel */
396 memset(hdr
, 0, sizeof(*hdr
));
399 if (hdr
->version
!= LINUX_CAPABILITY_VERSION_1
)
401 /* if unknown version, use largest supported version (3) */
402 if (hdr
->version
!= LINUX_CAPABILITY_VERSION_2
)
403 hdr
->version
= LINUX_CAPABILITY_VERSION_3
;
407 data
= safe_malloc(sizeof(*data
) * capsize
);
408 memset(data
, 0, sizeof(*data
) * capsize
);
412 /* Use a pipe to carry signals and other events back to the event loop
413 in a race-free manner and another to carry errors to daemon-invoking process */
414 safe_pipe(pipefd
, 1);
416 piperead
= pipefd
[0];
417 pipewrite
= pipefd
[1];
418 /* prime the pipe to load stuff first time. */
419 send_event(pipewrite
, EVENT_INIT
, 0, NULL
);
423 if (!option_bool(OPT_DEBUG
))
425 /* The following code "daemonizes" the process.
426 See Stevens section 12.4 */
429 die(_("cannot chdir to filesystem root: %s"), NULL
, EC_MISC
);
432 if (!option_bool(OPT_NO_FORK
))
436 /* pipe to carry errors back to original process.
437 When startup is complete we close this and the process terminates. */
438 safe_pipe(err_pipe
, 0);
440 if ((pid
= fork()) == -1)
441 /* fd == -1 since we've not forked, never returns. */
442 send_event(-1, EVENT_FORK_ERR
, errno
, NULL
);
446 struct event_desc ev
;
449 /* close our copy of write-end */
450 while (retry_send(close(err_pipe
[1])));
452 /* check for errors after the fork */
453 if (read_event(err_pipe
[0], &ev
, &msg
))
454 fatal_event(&ev
, msg
);
459 while (retry_send(close(err_pipe
[0])));
461 /* NO calls to die() from here on. */
465 if ((pid
= fork()) == -1)
466 send_event(err_pipe
[1], EVENT_FORK_ERR
, errno
, NULL
);
473 /* write pidfile _after_ forking ! */
478 sprintf(daemon
->namebuff
, "%d\n", (int) getpid());
480 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
481 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
482 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
483 extent that an attacker running as the unprivileged user could replace the pidfile with a
484 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
486 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
487 ensuring that the open() fails should there be any existing file (because the unlink() failed,
488 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
491 Any compromise of the non-privileged user still theoretically allows the pid-file to be
492 replaced whilst dnsmasq is running. The worst that could allow is that the usual
493 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
495 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
496 failure to write the pid-file.
499 unlink(daemon
->runfile
);
501 if ((fd
= open(daemon
->runfile
, O_WRONLY
|O_CREAT
|O_TRUNC
|O_EXCL
, S_IWUSR
|S_IRUSR
|S_IRGRP
|S_IROTH
)) == -1)
503 /* only complain if started as root */
509 if (!read_write(fd
, (unsigned char *)daemon
->namebuff
, strlen(daemon
->namebuff
), 0))
513 while (retry_send(close(fd
)));
521 send_event(err_pipe
[1], EVENT_PIDFILE
, errno
, daemon
->runfile
);
527 log_err
= log_start(ent_pw
, err_pipe
[1]);
529 if (!option_bool(OPT_DEBUG
))
531 /* open stdout etc to /dev/null */
532 int nullfd
= open("/dev/null", O_RDWR
);
533 dup2(nullfd
, STDOUT_FILENO
);
534 dup2(nullfd
, STDERR_FILENO
);
535 dup2(nullfd
, STDIN_FILENO
);
539 /* if we are to run scripts, we need to fork a helper before dropping root. */
540 daemon
->helperfd
= -1;
542 if ((daemon
->dhcp
|| daemon
->dhcp6
) && (daemon
->lease_change_command
|| daemon
->luascript
))
543 daemon
->helperfd
= create_helper(pipewrite
, err_pipe
[1], script_uid
, script_gid
, max_fd
);
546 if (!option_bool(OPT_DEBUG
) && getuid() == 0)
548 int bad_capabilities
= 0;
551 /* remove all supplimentary groups */
553 (setgroups(0, &dummy
) == -1 ||
554 setgid(gp
->gr_gid
) == -1))
556 send_event(err_pipe
[1], EVENT_GROUP_ERR
, errno
, daemon
->groupname
);
560 if (ent_pw
&& ent_pw
->pw_uid
!= 0)
562 #if defined(HAVE_LINUX_NETWORK)
563 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
564 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
565 ports because of DAD, or we're doing it dynamically,
566 we need CAP_NET_BIND_SERVICE too. */
567 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND
))
568 data
->effective
= data
->permitted
= data
->inheritable
=
569 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) |
570 (1 << CAP_SETUID
) | (1 << CAP_NET_BIND_SERVICE
);
572 data
->effective
= data
->permitted
= data
->inheritable
=
573 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) | (1 << CAP_SETUID
);
575 /* Tell kernel to not clear capabilities when dropping root */
576 if (capset(hdr
, data
) == -1 || prctl(PR_SET_KEEPCAPS
, 1, 0, 0, 0) == -1)
577 bad_capabilities
= errno
;
579 #elif defined(HAVE_SOLARIS_NETWORK)
580 /* http://developers.sun.com/solaris/articles/program_privileges.html */
581 priv_set_t
*priv_set
;
583 if (!(priv_set
= priv_str_to_set("basic", ",", NULL
)) ||
584 priv_addset(priv_set
, PRIV_NET_ICMPACCESS
) == -1 ||
585 priv_addset(priv_set
, PRIV_SYS_NET_CONFIG
) == -1)
586 bad_capabilities
= errno
;
588 if (priv_set
&& bad_capabilities
== 0)
590 priv_inverse(priv_set
);
592 if (setppriv(PRIV_OFF
, PRIV_LIMIT
, priv_set
) == -1)
593 bad_capabilities
= errno
;
597 priv_freeset(priv_set
);
601 if (bad_capabilities
!= 0)
603 send_event(err_pipe
[1], EVENT_CAP_ERR
, bad_capabilities
, NULL
);
607 /* finally drop root */
608 if (setuid(ent_pw
->pw_uid
) == -1)
610 send_event(err_pipe
[1], EVENT_USER_ERR
, errno
, daemon
->username
);
614 #ifdef HAVE_LINUX_NETWORK
615 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND
))
616 data
->effective
= data
->permitted
=
617 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
) | (1 << CAP_NET_BIND_SERVICE
);
619 data
->effective
= data
->permitted
=
620 (1 << CAP_NET_ADMIN
) | (1 << CAP_NET_RAW
);
621 data
->inheritable
= 0;
623 /* lose the setuid and setgid capbilities */
624 if (capset(hdr
, data
) == -1)
626 send_event(err_pipe
[1], EVENT_CAP_ERR
, errno
, NULL
);
634 #ifdef HAVE_LINUX_NETWORK
637 if (option_bool(OPT_DEBUG
))
638 prctl(PR_SET_DUMPABLE
, 1, 0, 0, 0);
642 if (option_bool(OPT_TFTP
))
645 struct tftp_prefix
*p
;
647 if (daemon
->tftp_prefix
)
649 if (!((dir
= opendir(daemon
->tftp_prefix
))))
651 tftp_prefix_missing
= 1;
652 if (!option_bool(OPT_TFTP_NO_FAIL
))
654 send_event(err_pipe
[1], EVENT_TFTP_ERR
, errno
, daemon
->tftp_prefix
);
661 for (p
= daemon
->if_prefix
; p
; p
= p
->next
)
664 if (!((dir
= opendir(p
->prefix
))))
667 if (!option_bool(OPT_TFTP_NO_FAIL
))
669 send_event(err_pipe
[1], EVENT_TFTP_ERR
, errno
, p
->prefix
);
678 if (daemon
->port
== 0)
679 my_syslog(LOG_INFO
, _("started, version %s DNS disabled"), VERSION
);
680 else if (daemon
->cachesize
!= 0)
681 my_syslog(LOG_INFO
, _("started, version %s cachesize %d"), VERSION
, daemon
->cachesize
);
683 my_syslog(LOG_INFO
, _("started, version %s cache disabled"), VERSION
);
685 my_syslog(LOG_INFO
, _("compile time options: %s"), compile_opts
);
688 if (option_bool(OPT_DBUS
))
691 my_syslog(LOG_INFO
, _("DBus support enabled: connected to system bus"));
693 my_syslog(LOG_INFO
, _("DBus support enabled: bus connection pending"));
697 if (option_bool(OPT_LOCAL_SERVICE
))
698 my_syslog(LOG_INFO
, _("DNS service limited to local subnets"));
701 if (option_bool(OPT_DNSSEC_VALID
))
705 /* Delay creating the timestamp file until here, after we've changed user, so that
706 it has the correct owner to allow updating the mtime later.
707 This means we have to report fatal errors via the pipe. */
708 if ((rc
= setup_timestamp()) == -1)
710 send_event(err_pipe
[1], EVENT_TIME_ERR
, errno
, daemon
->timestamp_file
);
714 my_syslog(LOG_INFO
, _("DNSSEC validation enabled"));
716 if (option_bool(OPT_DNSSEC_TIME
))
717 my_syslog(LOG_INFO
, _("DNSSEC signature timestamps not checked until first cache reload"));
720 my_syslog(LOG_INFO
, _("DNSSEC signature timestamps not checked until system time valid"));
725 my_syslog(LOG_WARNING
, _("warning: failed to change owner of %s: %s"),
726 daemon
->log_file
, strerror(log_err
));
729 my_syslog(LOG_WARNING
, _("setting --bind-interfaces option because of OS limitations"));
731 if (option_bool(OPT_NOWILD
))
732 warn_bound_listeners();
736 if (!option_bool(OPT_NOWILD
))
737 for (if_tmp
= daemon
->if_names
; if_tmp
; if_tmp
= if_tmp
->next
)
738 if (if_tmp
->name
&& !if_tmp
->used
)
739 my_syslog(LOG_WARNING
, _("warning: interface %s does not currently exist"), if_tmp
->name
);
741 if (daemon
->port
!= 0 && option_bool(OPT_NO_RESOLV
))
743 if (daemon
->resolv_files
&& !daemon
->resolv_files
->is_default
)
744 my_syslog(LOG_WARNING
, _("warning: ignoring resolv-file flag because no-resolv is set"));
745 daemon
->resolv_files
= NULL
;
746 if (!daemon
->servers
)
747 my_syslog(LOG_WARNING
, _("warning: no upstream servers configured"));
750 if (daemon
->max_logs
!= 0)
751 my_syslog(LOG_INFO
, _("asynchronous logging enabled, queue limit is %d messages"), daemon
->max_logs
);
755 for (context
= daemon
->dhcp
; context
; context
= context
->next
)
756 log_context(AF_INET
, context
);
758 for (relay
= daemon
->relay4
; relay
; relay
= relay
->next
)
759 log_relay(AF_INET
, relay
);
762 for (context
= daemon
->dhcp6
; context
; context
= context
->next
)
763 log_context(AF_INET6
, context
);
765 for (relay
= daemon
->relay6
; relay
; relay
= relay
->next
)
766 log_relay(AF_INET6
, relay
);
768 if (daemon
->doing_dhcp6
|| daemon
->doing_ra
)
769 dhcp_construct_contexts(now
);
771 if (option_bool(OPT_RA
))
772 my_syslog(MS_DHCP
| LOG_INFO
, _("IPv6 router advertisement enabled"));
775 # ifdef HAVE_LINUX_NETWORK
777 my_syslog(MS_DHCP
| LOG_INFO
, _("DHCP, sockets bound exclusively to interface %s"), bound_device
);
780 /* after dhcp_contruct_contexts */
781 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
782 lease_find_interfaces(now
);
786 if (option_bool(OPT_TFTP
))
788 struct tftp_prefix
*p
;
790 if (FD_SETSIZE
< (unsigned)max_fd
)
794 my_syslog(MS_TFTP
| LOG_INFO
, "TFTP %s%s %s",
795 daemon
->tftp_prefix
? _("root is ") : _("enabled"),
796 daemon
->tftp_prefix
? daemon
->tftp_prefix
: "",
797 option_bool(OPT_TFTP_SECURE
) ? _("secure mode") : "");
799 if (tftp_prefix_missing
)
800 my_syslog(MS_TFTP
| LOG_WARNING
, _("warning: %s inaccessible"), daemon
->tftp_prefix
);
802 for (p
= daemon
->if_prefix
; p
; p
= p
->next
)
804 my_syslog(MS_TFTP
| LOG_WARNING
, _("warning: TFTP directory %s inaccessible"), p
->prefix
);
806 /* This is a guess, it assumes that for small limits,
807 disjoint files might be served, but for large limits,
808 a single file will be sent to may clients (the file only needs
811 max_fd
-= 30; /* use other than TFTP */
815 else if (max_fd
< 100)
818 max_fd
= max_fd
- 20;
820 /* if we have to use a limited range of ports,
821 that will limit the number of transfers */
822 if (daemon
->start_tftp_port
!= 0 &&
823 daemon
->end_tftp_port
- daemon
->start_tftp_port
+ 1 < max_fd
)
824 max_fd
= daemon
->end_tftp_port
- daemon
->start_tftp_port
+ 1;
826 if (daemon
->tftp_max
> max_fd
)
828 daemon
->tftp_max
= max_fd
;
829 my_syslog(MS_TFTP
| LOG_WARNING
,
830 _("restricting maximum simultaneous TFTP transfers to %d"),
836 /* finished start-up - release original process */
837 if (err_pipe
[1] != -1)
838 while (retry_send(close(err_pipe
[1])));
840 if (daemon
->port
!= 0)
846 /* Using inotify, have to select a resolv file at startup */
847 poll_resolv(1, 0, now
);
853 struct timeval t
, *tp
= NULL
;
854 fd_set rset
, wset
, eset
;
860 /* if we are out of resources, find how long we have to wait
861 for some to come free, we'll loop around then and restart
862 listening for queries */
863 if ((t
.tv_sec
= set_dns_listeners(now
, &rset
, &maxfd
)) != 0)
869 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
870 if (daemon
->tftp_trans
||
871 (option_bool(OPT_DBUS
) && !daemon
->dbus
))
877 /* Wake every second whilst waiting for DAD to complete */
878 else if (is_dad_listeners())
886 set_dbus_listeners(&maxfd
, &rset
, &wset
, &eset
);
890 if (daemon
->dhcp
|| daemon
->relay4
)
892 FD_SET(daemon
->dhcpfd
, &rset
);
893 bump_maxfd(daemon
->dhcpfd
, &maxfd
);
894 if (daemon
->pxefd
!= -1)
896 FD_SET(daemon
->pxefd
, &rset
);
897 bump_maxfd(daemon
->pxefd
, &maxfd
);
903 if (daemon
->doing_dhcp6
|| daemon
->relay6
)
905 FD_SET(daemon
->dhcp6fd
, &rset
);
906 bump_maxfd(daemon
->dhcp6fd
, &maxfd
);
909 if (daemon
->doing_ra
)
911 FD_SET(daemon
->icmp6fd
, &rset
);
912 bump_maxfd(daemon
->icmp6fd
, &maxfd
);
917 if (daemon
->inotifyfd
!= -1)
919 FD_SET(daemon
->inotifyfd
, &rset
);
920 bump_maxfd(daemon
->inotifyfd
, &maxfd
);
924 #if defined(HAVE_LINUX_NETWORK)
925 FD_SET(daemon
->netlinkfd
, &rset
);
926 bump_maxfd(daemon
->netlinkfd
, &maxfd
);
927 #elif defined(HAVE_BSD_NETWORK)
928 FD_SET(daemon
->routefd
, &rset
);
929 bump_maxfd(daemon
->routefd
, &maxfd
);
932 FD_SET(piperead
, &rset
);
933 bump_maxfd(piperead
, &maxfd
);
937 while (helper_buf_empty() && do_script_run(now
));
940 while (helper_buf_empty() && do_tftp_script_run());
943 if (!helper_buf_empty())
945 FD_SET(daemon
->helperfd
, &wset
);
946 bump_maxfd(daemon
->helperfd
, &maxfd
);
949 /* need this for other side-effects */
950 while (do_script_run(now
));
953 while (do_tftp_script_run());
959 /* must do this just before select(), when we know no
960 more calls to my_syslog() can occur */
961 set_log_writer(&wset
, &maxfd
);
963 if (select(maxfd
+1, &rset
, &wset
, &eset
, tp
) < 0)
965 /* otherwise undefined after error */
966 FD_ZERO(&rset
); FD_ZERO(&wset
); FD_ZERO(&eset
);
969 now
= dnsmasq_time();
971 check_log_writer(&wset
);
974 enumerate_interfaces(1);
976 /* Check the interfaces to see if any have exited DAD state
977 and if so, bind the address. */
978 if (is_dad_listeners())
980 enumerate_interfaces(0);
981 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
982 create_bound_listeners(0);
983 warn_bound_listeners();
986 #if defined(HAVE_LINUX_NETWORK)
987 if (FD_ISSET(daemon
->netlinkfd
, &rset
))
989 #elif defined(HAVE_BSD_NETWORK)
990 if (FD_ISSET(daemon
->routefd
, &rset
))
995 if (daemon
->inotifyfd
!= -1 && FD_ISSET(daemon
->inotifyfd
, &rset
) && inotify_check(now
))
997 if (daemon
->port
!= 0 && !option_bool(OPT_NO_POLL
))
998 poll_resolv(1, 1, now
);
1001 /* Check for changes to resolv files once per second max. */
1002 /* Don't go silent for long periods if the clock goes backwards. */
1003 if (daemon
->last_resolv
== 0 ||
1004 difftime(now
, daemon
->last_resolv
) > 1.0 ||
1005 difftime(now
, daemon
->last_resolv
) < -1.0)
1007 /* poll_resolv doesn't need to reload first time through, since
1008 that's queued anyway. */
1010 poll_resolv(0, daemon
->last_resolv
!= 0, now
);
1011 daemon
->last_resolv
= now
;
1015 if (FD_ISSET(piperead
, &rset
))
1016 async_event(piperead
, now
);
1019 /* if we didn't create a DBus connection, retry now. */
1020 if (option_bool(OPT_DBUS
) && !daemon
->dbus
)
1023 if ((err
= dbus_init()))
1024 my_syslog(LOG_WARNING
, _("DBus error: %s"), err
);
1026 my_syslog(LOG_INFO
, _("connected to system DBus"));
1028 check_dbus_listeners(&rset
, &wset
, &eset
);
1031 check_dns_listeners(&rset
, now
);
1034 check_tftp_listeners(&rset
, now
);
1038 if (daemon
->dhcp
|| daemon
->relay4
)
1040 if (FD_ISSET(daemon
->dhcpfd
, &rset
))
1041 dhcp_packet(now
, 0);
1042 if (daemon
->pxefd
!= -1 && FD_ISSET(daemon
->pxefd
, &rset
))
1043 dhcp_packet(now
, 1);
1047 if ((daemon
->doing_dhcp6
|| daemon
->relay6
) && FD_ISSET(daemon
->dhcp6fd
, &rset
))
1050 if (daemon
->doing_ra
&& FD_ISSET(daemon
->icmp6fd
, &rset
))
1055 if (daemon
->helperfd
!= -1 && FD_ISSET(daemon
->helperfd
, &wset
))
1063 static void sig_handler(int sig
)
1067 /* ignore anything other than TERM during startup
1068 and in helper proc. (helper ignore TERM too) */
1072 else if (pid
!= getpid())
1074 /* alarm is used to kill TCP children after a fixed time. */
1080 /* master process */
1081 int event
, errsave
= errno
;
1084 event
= EVENT_RELOAD
;
1085 else if (sig
== SIGCHLD
)
1086 event
= EVENT_CHILD
;
1087 else if (sig
== SIGALRM
)
1088 event
= EVENT_ALARM
;
1089 else if (sig
== SIGTERM
)
1091 else if (sig
== SIGUSR1
)
1093 else if (sig
== SIGUSR2
)
1094 event
= EVENT_REOPEN
;
1098 send_event(pipewrite
, event
, 0, NULL
);
1103 /* now == 0 -> queue immediate callback */
1104 void send_alarm(time_t event
, time_t now
)
1106 if (now
== 0 || event
!= 0)
1108 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1109 if ((now
== 0 || difftime(event
, now
) <= 0.0))
1110 send_event(pipewrite
, EVENT_ALARM
, 0, NULL
);
1112 alarm((unsigned)difftime(event
, now
));
1116 void queue_event(int event
)
1118 send_event(pipewrite
, event
, 0, NULL
);
1121 void send_event(int fd
, int event
, int data
, char *msg
)
1123 struct event_desc ev
;
1124 struct iovec iov
[2];
1128 ev
.msg_sz
= msg
? strlen(msg
) : 0;
1130 iov
[0].iov_base
= &ev
;
1131 iov
[0].iov_len
= sizeof(ev
);
1132 iov
[1].iov_base
= msg
;
1133 iov
[1].iov_len
= ev
.msg_sz
;
1135 /* error pipe, debug mode. */
1137 fatal_event(&ev
, msg
);
1139 /* pipe is non-blocking and struct event_desc is smaller than
1140 PIPE_BUF, so this either fails or writes everything */
1141 while (writev(fd
, iov
, msg
? 2 : 1) == -1 && errno
== EINTR
);
1144 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1145 to describe fatal errors. */
1146 static int read_event(int fd
, struct event_desc
*evp
, char **msg
)
1150 if (!read_write(fd
, (unsigned char *)evp
, sizeof(struct event_desc
), 1))
1155 if (evp
->msg_sz
!= 0 &&
1156 (buf
= malloc(evp
->msg_sz
+ 1)) &&
1157 read_write(fd
, (unsigned char *)buf
, evp
->msg_sz
, 1))
1159 buf
[evp
->msg_sz
] = 0;
1166 static void fatal_event(struct event_desc
*ev
, char *msg
)
1175 case EVENT_FORK_ERR
:
1176 die(_("cannot fork into background: %s"), NULL
, EC_MISC
);
1178 case EVENT_PIPE_ERR
:
1179 die(_("failed to create helper: %s"), NULL
, EC_MISC
);
1182 die(_("setting capabilities failed: %s"), NULL
, EC_MISC
);
1184 case EVENT_USER_ERR
:
1185 die(_("failed to change user-id to %s: %s"), msg
, EC_MISC
);
1187 case EVENT_GROUP_ERR
:
1188 die(_("failed to change group-id to %s: %s"), msg
, EC_MISC
);
1191 die(_("failed to open pidfile %s: %s"), msg
, EC_FILE
);
1194 die(_("cannot open log %s: %s"), msg
, EC_FILE
);
1197 die(_("failed to load Lua script: %s"), msg
, EC_MISC
);
1199 case EVENT_TFTP_ERR
:
1200 die(_("TFTP directory %s inaccessible: %s"), msg
, EC_FILE
);
1202 case EVENT_TIME_ERR
:
1203 die(_("cannot create timestamp file %s: %s" ), msg
, EC_BADCONF
);
1207 static void async_event(int pipe
, time_t now
)
1210 struct event_desc ev
;
1214 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1215 to describe fatal errors. */
1217 if (read_event(pipe
, &ev
, &msg
))
1222 if (option_bool(OPT_DNSSEC_VALID
) && option_bool(OPT_DNSSEC_TIME
))
1224 my_syslog(LOG_INFO
, _("now checking DNSSEC signature timestamps"));
1225 reset_option_bool(OPT_DNSSEC_TIME
);
1231 clear_cache_and_reload(now
);
1233 if (daemon
->port
!= 0)
1235 if (daemon
->resolv_files
&& option_bool(OPT_NO_POLL
))
1237 reload_servers(daemon
->resolv_files
->name
);
1241 if (daemon
->servers_file
)
1243 read_servers_file();
1257 if (daemon
->port
!= 0)
1263 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
1265 lease_prune(NULL
, now
);
1266 lease_update_file(now
);
1269 else if (daemon
->doing_ra
)
1270 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1271 send_alarm(periodic_ra(now
), now
);
1277 /* See Stevens 5.10 */
1278 while ((p
= waitpid(-1, NULL
, WNOHANG
)) != 0)
1285 for (i
= 0 ; i
< MAX_PROCS
; i
++)
1286 if (daemon
->tcp_pids
[i
] == p
)
1287 daemon
->tcp_pids
[i
] = 0;
1291 my_syslog(LOG_WARNING
, _("script process killed by signal %d"), ev
.data
);
1295 my_syslog(LOG_WARNING
, _("script process exited with status %d"), ev
.data
);
1298 case EVENT_EXEC_ERR
:
1299 my_syslog(LOG_ERR
, _("failed to execute %s: %s"),
1300 daemon
->lease_change_command
, strerror(ev
.data
));
1303 /* necessary for fatal errors in helper */
1304 case EVENT_USER_ERR
:
1307 fatal_event(&ev
, msg
);
1311 /* Note: this may leave TCP-handling processes with the old file still open.
1312 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1313 we leave them logging to the old file. */
1314 if (daemon
->log_file
!= NULL
)
1315 log_reopen(daemon
->log_file
);
1322 case EVENT_NEWROUTE
:
1324 /* Force re-reading resolv file right now, for luck. */
1325 poll_resolv(0, 1, now
);
1329 /* Knock all our children on the head. */
1330 for (i
= 0; i
< MAX_PROCS
; i
++)
1331 if (daemon
->tcp_pids
[i
] != 0)
1332 kill(daemon
->tcp_pids
[i
], SIGALRM
);
1334 #if defined(HAVE_SCRIPT)
1335 /* handle pending lease transitions */
1336 if (daemon
->helperfd
!= -1)
1338 /* block in writes until all done */
1339 if ((i
= fcntl(daemon
->helperfd
, F_GETFL
)) != -1)
1340 fcntl(daemon
->helperfd
, F_SETFL
, i
& ~O_NONBLOCK
);
1343 } while (!helper_buf_empty() || do_script_run(now
));
1344 while (retry_send(close(daemon
->helperfd
)));
1348 if (daemon
->lease_stream
)
1349 fclose(daemon
->lease_stream
);
1351 if (daemon
->runfile
)
1352 unlink(daemon
->runfile
);
1354 my_syslog(LOG_INFO
, _("exiting on receipt of SIGTERM"));
1360 static void poll_resolv(int force
, int do_reload
, time_t now
)
1362 struct resolvc
*res
, *latest
;
1363 struct stat statbuf
;
1364 time_t last_change
= 0;
1365 /* There may be more than one possible file.
1366 Go through and find the one which changed _last_.
1367 Warn of any which can't be read. */
1369 if (daemon
->port
== 0 || option_bool(OPT_NO_POLL
))
1372 for (latest
= NULL
, res
= daemon
->resolv_files
; res
; res
= res
->next
)
1373 if (stat(res
->name
, &statbuf
) == -1)
1382 my_syslog(LOG_WARNING
, _("failed to access %s: %s"), res
->name
, strerror(errno
));
1385 if (res
->mtime
!= 0)
1387 /* existing file evaporated, force selection of the latest
1388 file even if its mtime hasn't changed since we last looked */
1389 poll_resolv(1, do_reload
, now
);
1396 if (force
|| (statbuf
.st_mtime
!= res
->mtime
))
1398 res
->mtime
= statbuf
.st_mtime
;
1399 if (difftime(statbuf
.st_mtime
, last_change
) > 0.0)
1401 last_change
= statbuf
.st_mtime
;
1409 static int warned
= 0;
1410 if (reload_servers(latest
->name
))
1412 my_syslog(LOG_INFO
, _("reading %s"), latest
->name
);
1415 if (option_bool(OPT_RELOAD
) && do_reload
)
1416 clear_cache_and_reload(now
);
1423 my_syslog(LOG_WARNING
, _("no servers found in %s, will retry"), latest
->name
);
1430 void clear_cache_and_reload(time_t now
)
1434 if (daemon
->port
!= 0)
1438 if (daemon
->dhcp
|| daemon
->doing_dhcp6
)
1440 if (option_bool(OPT_ETHERS
))
1444 set_dynamic_inotify(AH_DHCP_HST
| AH_DHCP_OPT
, 0, NULL
, 0);
1446 dhcp_update_configs(daemon
->dhcp_conf
);
1447 lease_update_from_configs();
1448 lease_update_file(now
);
1449 lease_update_dns(1);
1452 else if (daemon
->doing_ra
)
1453 /* Not doing DHCP, so no lease system, manage
1454 alarms for ra only */
1455 send_alarm(periodic_ra(now
), now
);
1460 static int set_dns_listeners(time_t now
, fd_set
*set
, int *maxfdp
)
1462 struct serverfd
*serverfdp
;
1463 struct listener
*listener
;
1468 struct tftp_transfer
*transfer
;
1469 for (transfer
= daemon
->tftp_trans
; transfer
; transfer
= transfer
->next
)
1472 FD_SET(transfer
->sockfd
, set
);
1473 bump_maxfd(transfer
->sockfd
, maxfdp
);
1477 /* will we be able to get memory? */
1478 if (daemon
->port
!= 0)
1479 get_new_frec(now
, &wait
, 0);
1481 for (serverfdp
= daemon
->sfds
; serverfdp
; serverfdp
= serverfdp
->next
)
1483 FD_SET(serverfdp
->fd
, set
);
1484 bump_maxfd(serverfdp
->fd
, maxfdp
);
1487 if (daemon
->port
!= 0 && !daemon
->osport
)
1488 for (i
= 0; i
< RANDOM_SOCKS
; i
++)
1489 if (daemon
->randomsocks
[i
].refcount
!= 0)
1491 FD_SET(daemon
->randomsocks
[i
].fd
, set
);
1492 bump_maxfd(daemon
->randomsocks
[i
].fd
, maxfdp
);
1495 for (listener
= daemon
->listeners
; listener
; listener
= listener
->next
)
1497 /* only listen for queries if we have resources */
1498 if (listener
->fd
!= -1 && wait
== 0)
1500 FD_SET(listener
->fd
, set
);
1501 bump_maxfd(listener
->fd
, maxfdp
);
1504 /* death of a child goes through the select loop, so
1505 we don't need to explicitly arrange to wake up here */
1506 if (listener
->tcpfd
!= -1)
1507 for (i
= 0; i
< MAX_PROCS
; i
++)
1508 if (daemon
->tcp_pids
[i
] == 0)
1510 FD_SET(listener
->tcpfd
, set
);
1511 bump_maxfd(listener
->tcpfd
, maxfdp
);
1516 if (tftp
<= daemon
->tftp_max
&& listener
->tftpfd
!= -1)
1518 FD_SET(listener
->tftpfd
, set
);
1519 bump_maxfd(listener
->tftpfd
, maxfdp
);
1528 static void check_dns_listeners(fd_set
*set
, time_t now
)
1530 struct serverfd
*serverfdp
;
1531 struct listener
*listener
;
1534 for (serverfdp
= daemon
->sfds
; serverfdp
; serverfdp
= serverfdp
->next
)
1535 if (FD_ISSET(serverfdp
->fd
, set
))
1536 reply_query(serverfdp
->fd
, serverfdp
->source_addr
.sa
.sa_family
, now
);
1538 if (daemon
->port
!= 0 && !daemon
->osport
)
1539 for (i
= 0; i
< RANDOM_SOCKS
; i
++)
1540 if (daemon
->randomsocks
[i
].refcount
!= 0 &&
1541 FD_ISSET(daemon
->randomsocks
[i
].fd
, set
))
1542 reply_query(daemon
->randomsocks
[i
].fd
, daemon
->randomsocks
[i
].family
, now
);
1544 for (listener
= daemon
->listeners
; listener
; listener
= listener
->next
)
1546 if (listener
->fd
!= -1 && FD_ISSET(listener
->fd
, set
))
1547 receive_query(listener
, now
);
1550 if (listener
->tftpfd
!= -1 && FD_ISSET(listener
->tftpfd
, set
))
1551 tftp_request(listener
, now
);
1554 if (listener
->tcpfd
!= -1 && FD_ISSET(listener
->tcpfd
, set
))
1556 int confd
, client_ok
= 1;
1557 struct irec
*iface
= NULL
;
1559 union mysockaddr tcp_addr
;
1560 socklen_t tcp_len
= sizeof(union mysockaddr
);
1562 while ((confd
= accept(listener
->tcpfd
, NULL
, NULL
)) == -1 && errno
== EINTR
);
1567 if (getsockname(confd
, (struct sockaddr
*)&tcp_addr
, &tcp_len
) == -1)
1569 while (retry_send(close(confd
)));
1573 /* Make sure that the interface list is up-to-date.
1575 We do this here as we may need the results below, and
1576 the DNS code needs them for --interface-name stuff.
1578 Multiple calls to enumerate_interfaces() per select loop are
1579 inhibited, so calls to it in the child process (which doesn't select())
1580 have no effect. This avoids two processes reading from the same
1581 netlink fd and screwing the pooch entirely.
1584 enumerate_interfaces(0);
1586 if (option_bool(OPT_NOWILD
))
1587 iface
= listener
->iface
; /* May be NULL */
1591 char intr_name
[IF_NAMESIZE
];
1593 /* if we can find the arrival interface, check it's one that's allowed */
1594 if ((if_index
= tcp_interface(confd
, tcp_addr
.sa
.sa_family
)) != 0 &&
1595 indextoname(listener
->tcpfd
, if_index
, intr_name
))
1597 struct all_addr addr
;
1598 addr
.addr
.addr4
= tcp_addr
.in
.sin_addr
;
1600 if (tcp_addr
.sa
.sa_family
== AF_INET6
)
1601 addr
.addr
.addr6
= tcp_addr
.in6
.sin6_addr
;
1604 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1605 if (iface
->index
== if_index
)
1608 if (!iface
&& !loopback_exception(listener
->tcpfd
, tcp_addr
.sa
.sa_family
, &addr
, intr_name
))
1612 if (option_bool(OPT_CLEVERBIND
))
1613 iface
= listener
->iface
; /* May be NULL */
1616 /* Check for allowed interfaces when binding the wildcard address:
1617 we do this by looking for an interface with the same address as
1618 the local address of the TCP connection, then looking to see if that's
1619 an allowed interface. As a side effect, we get the netmask of the
1620 interface too, for localisation. */
1622 for (iface
= daemon
->interfaces
; iface
; iface
= iface
->next
)
1623 if (sockaddr_isequal(&iface
->addr
, &tcp_addr
))
1633 shutdown(confd
, SHUT_RDWR
);
1634 while (retry_send(close(confd
)));
1637 else if (!option_bool(OPT_DEBUG
) && (p
= fork()) != 0)
1642 for (i
= 0; i
< MAX_PROCS
; i
++)
1643 if (daemon
->tcp_pids
[i
] == 0)
1645 daemon
->tcp_pids
[i
] = p
;
1649 while (retry_send(close(confd
)));
1651 /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
1652 daemon
->log_id
+= TCP_MAX_QUERIES
;
1657 unsigned char *buff
;
1660 struct in_addr netmask
;
1665 netmask
= iface
->netmask
;
1666 auth_dns
= iface
->dns_auth
;
1675 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1676 terminate the process. */
1677 if (!option_bool(OPT_DEBUG
))
1678 alarm(CHILD_LIFETIME
);
1681 /* start with no upstream connections. */
1682 for (s
= daemon
->servers
; s
; s
= s
->next
)
1685 /* The connected socket inherits non-blocking
1686 attribute from the listening socket.
1688 if ((flags
= fcntl(confd
, F_GETFL
, 0)) != -1)
1689 fcntl(confd
, F_SETFL
, flags
& ~O_NONBLOCK
);
1691 buff
= tcp_request(confd
, now
, &tcp_addr
, netmask
, auth_dns
);
1693 shutdown(confd
, SHUT_RDWR
);
1694 while (retry_send(close(confd
)));
1699 for (s
= daemon
->servers
; s
; s
= s
->next
)
1702 shutdown(s
->tcpfd
, SHUT_RDWR
);
1703 while (retry_send(close(s
->tcpfd
)));
1706 if (!option_bool(OPT_DEBUG
))
1718 int make_icmp_sock(void)
1723 if ((fd
= socket (AF_INET
, SOCK_RAW
, IPPROTO_ICMP
)) != -1)
1726 setsockopt(fd
, SOL_SOCKET
, SO_DONTROUTE
, &zeroopt
, sizeof(zeroopt
)) == -1)
1736 int icmp_ping(struct in_addr addr
)
1738 /* Try and get an ICMP echo from a machine. */
1740 /* Note that whilst in the three second wait, we check for
1741 (and service) events on the DNS and TFTP sockets, (so doing that
1742 better not use any resources our caller has in use...)
1743 but we remain deaf to signals or further DHCP packets. */
1746 struct sockaddr_in saddr
;
1751 unsigned short id
= rand16();
1756 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1757 if ((fd
= make_icmp_sock()) == -1)
1761 fd
= daemon
->dhcp_icmp_fd
;
1762 setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &opt
, sizeof(opt
));
1765 saddr
.sin_family
= AF_INET
;
1767 saddr
.sin_addr
= addr
;
1768 #ifdef HAVE_SOCKADDR_SA_LEN
1769 saddr
.sin_len
= sizeof(struct sockaddr_in
);
1772 memset(&packet
.icmp
, 0, sizeof(packet
.icmp
));
1773 packet
.icmp
.icmp_type
= ICMP_ECHO
;
1774 packet
.icmp
.icmp_id
= id
;
1775 for (j
= 0, i
= 0; i
< sizeof(struct icmp
) / 2; i
++)
1776 j
+= ((u16
*)&packet
.icmp
)[i
];
1778 j
= (j
& 0xffff) + (j
>> 16);
1779 packet
.icmp
.icmp_cksum
= (j
== 0xffff) ? j
: ~j
;
1781 while (retry_send(sendto(fd
, (char *)&packet
.icmp
, sizeof(struct icmp
), 0,
1782 (struct sockaddr
*)&saddr
, sizeof(saddr
))));
1784 for (now
= start
= dnsmasq_time();
1785 difftime(now
, start
) < (float)PING_WAIT
;)
1789 struct sockaddr_in faddr
;
1791 socklen_t len
= sizeof(faddr
);
1793 tv
.tv_usec
= 250000;
1799 set_dns_listeners(now
, &rset
, &maxfd
);
1800 set_log_writer(&wset
, &maxfd
);
1803 if (daemon
->doing_ra
)
1805 FD_SET(daemon
->icmp6fd
, &rset
);
1806 bump_maxfd(daemon
->icmp6fd
, &maxfd
);
1810 if (select(maxfd
+1, &rset
, &wset
, NULL
, &tv
) < 0)
1816 now
= dnsmasq_time();
1818 check_log_writer(&wset
);
1819 check_dns_listeners(&rset
, now
);
1822 if (daemon
->doing_ra
&& FD_ISSET(daemon
->icmp6fd
, &rset
))
1827 check_tftp_listeners(&rset
, now
);
1830 if (FD_ISSET(fd
, &rset
) &&
1831 recvfrom(fd
, &packet
, sizeof(packet
), 0,
1832 (struct sockaddr
*)&faddr
, &len
) == sizeof(packet
) &&
1833 saddr
.sin_addr
.s_addr
== faddr
.sin_addr
.s_addr
&&
1834 packet
.icmp
.icmp_type
== ICMP_ECHOREPLY
&&
1835 packet
.icmp
.icmp_seq
== 0 &&
1836 packet
.icmp
.icmp_id
== id
)
1843 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1844 while (retry_send(close(fd
)));
1847 setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &opt
, sizeof(opt
));