1: /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2:
3: This program is free software; you can redistribute it and/or modify
4: it under the terms of the GNU General Public License as published by
5: the Free Software Foundation; version 2 dated June, 1991, or
6: (at your option) version 3 dated 29 June, 2007.
7:
8: This program is distributed in the hope that it will be useful,
9: but WITHOUT ANY WARRANTY; without even the implied warranty of
10: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11: GNU General Public License for more details.
12:
13: You should have received a copy of the GNU General Public License
14: along with this program. If not, see <http://www.gnu.org/licenses/>.
15: */
16:
17: #include "dnsmasq.h"
18:
19: #ifdef HAVE_DHCP
20:
21: struct iface_param {
22: struct dhcp_context *current;
23: int ind;
24: };
25:
26: struct match_param {
27: int ind, matched;
28: struct in_addr netmask, broadcast, addr;
29: };
30:
31: static int complete_context(struct in_addr local, int if_index,
32: struct in_addr netmask, struct in_addr broadcast, void *vparam);
33: static int check_listen_addrs(struct in_addr local, int if_index,
34: struct in_addr netmask, struct in_addr broadcast, void *vparam);
35:
36: static int make_fd(int port)
37: {
38: int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
39: struct sockaddr_in saddr;
40: int oneopt = 1;
41: #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
42: int mtu = IP_PMTUDISC_DONT;
43: #endif
44: #if defined(IP_TOS) && defined(IPTOS_CLASS_CS6)
45: int tos = IPTOS_CLASS_CS6;
46: #endif
47:
48: if (fd == -1)
49: die (_("cannot create DHCP socket: %s"), NULL, EC_BADNET);
50:
51: if (!fix_fd(fd) ||
52: #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
53: setsockopt(fd, IPPROTO_IP, IP_MTU_DISCOVER, &mtu, sizeof(mtu)) == -1 ||
54: #endif
55: #if defined(IP_TOS) && defined(IPTOS_CLASS_CS6)
56: setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1 ||
57: #endif
58: #if defined(HAVE_LINUX_NETWORK)
59: setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &oneopt, sizeof(oneopt)) == -1 ||
60: #else
61: setsockopt(fd, IPPROTO_IP, IP_RECVIF, &oneopt, sizeof(oneopt)) == -1 ||
62: #endif
63: setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &oneopt, sizeof(oneopt)) == -1)
64: die(_("failed to set options on DHCP socket: %s"), NULL, EC_BADNET);
65:
66: /* When bind-interfaces is set, there might be more than one dnmsasq
67: instance binding port 67. That's OK if they serve different networks.
68: Need to set REUSEADDR|REUSEPORT to make this posible.
69: Handle the case that REUSEPORT is defined, but the kernel doesn't
70: support it. This handles the introduction of REUSEPORT on Linux. */
71: if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
72: {
73: int rc = -1, porterr = 0;
74:
75: #ifdef SO_REUSEPORT
76: if ((rc = setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &oneopt, sizeof(oneopt))) == -1 &&
77: errno != ENOPROTOOPT)
78: porterr = 1;
79: #endif
80:
81: if (rc == -1 && !porterr)
82: rc = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &oneopt, sizeof(oneopt));
83:
84: if (rc == -1)
85: die(_("failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"), NULL, EC_BADNET);
86: }
87:
88: memset(&saddr, 0, sizeof(saddr));
89: saddr.sin_family = AF_INET;
90: saddr.sin_port = htons(port);
91: saddr.sin_addr.s_addr = INADDR_ANY;
92: #ifdef HAVE_SOCKADDR_SA_LEN
93: saddr.sin_len = sizeof(struct sockaddr_in);
94: #endif
95:
96: if (bind(fd, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in)))
97: die(_("failed to bind DHCP server socket: %s"), NULL, EC_BADNET);
98:
99: return fd;
100: }
101:
102: void dhcp_init(void)
103: {
104: #if defined(HAVE_BSD_NETWORK)
105: int oneopt = 1;
106: #endif
107:
108: daemon->dhcpfd = make_fd(daemon->dhcp_server_port);
109: if (daemon->enable_pxe)
110: daemon->pxefd = make_fd(PXE_PORT);
111: else
112: daemon->pxefd = -1;
113:
114: #if defined(HAVE_BSD_NETWORK)
115: /* When we're not using capabilities, we need to do this here before
116: we drop root. Also, set buffer size small, to avoid wasting
117: kernel buffers */
118:
119: if (option_bool(OPT_NO_PING))
120: daemon->dhcp_icmp_fd = -1;
121: else if ((daemon->dhcp_icmp_fd = make_icmp_sock()) == -1 ||
122: setsockopt(daemon->dhcp_icmp_fd, SOL_SOCKET, SO_RCVBUF, &oneopt, sizeof(oneopt)) == -1 )
123: die(_("cannot create ICMP raw socket: %s."), NULL, EC_BADNET);
124:
125: /* Make BPF raw send socket */
126: init_bpf();
127: #endif
128: }
129:
130: void dhcp_packet(time_t now, int pxe_fd)
131: {
132: int fd = pxe_fd ? daemon->pxefd : daemon->dhcpfd;
133: struct dhcp_packet *mess;
134: struct dhcp_context *context;
135: struct iname *tmp;
136: struct ifreq ifr;
137: struct msghdr msg;
138: struct sockaddr_in dest;
139: struct cmsghdr *cmptr;
140: struct iovec iov;
141: ssize_t sz;
142: int iface_index = 0, unicast_dest = 0, is_inform = 0;
143: struct in_addr iface_addr;
144: struct iface_param parm;
145: #ifdef HAVE_LINUX_NETWORK
146: struct arpreq arp_req;
147: #endif
148:
149: union {
150: struct cmsghdr align; /* this ensures alignment */
151: #if defined(HAVE_LINUX_NETWORK)
152: char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
153: #elif defined(HAVE_SOLARIS_NETWORK)
154: char control[CMSG_SPACE(sizeof(unsigned int))];
155: #elif defined(HAVE_BSD_NETWORK)
156: char control[CMSG_SPACE(sizeof(struct sockaddr_dl))];
157: #endif
158: } control_u;
159: struct dhcp_bridge *bridge, *alias;
160:
161: msg.msg_controllen = sizeof(control_u);
162: msg.msg_control = control_u.control;
163: msg.msg_name = &dest;
164: msg.msg_namelen = sizeof(dest);
165: msg.msg_iov = &daemon->dhcp_packet;
166: msg.msg_iovlen = 1;
167:
168: if ((sz = recv_dhcp_packet(fd, &msg)) == -1 ||
169: (sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options))))
170: return;
171:
172: #if defined (HAVE_LINUX_NETWORK)
173: if (msg.msg_controllen >= sizeof(struct cmsghdr))
174: for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
175: if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
176: {
177: union {
178: unsigned char *c;
179: struct in_pktinfo *p;
180: } p;
181: p.c = CMSG_DATA(cmptr);
182: iface_index = p.p->ipi_ifindex;
183: if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
184: unicast_dest = 1;
185: }
186:
187: #elif defined(HAVE_BSD_NETWORK)
188: if (msg.msg_controllen >= sizeof(struct cmsghdr))
189: for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
190: if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
191: {
192: union {
193: unsigned char *c;
194: struct sockaddr_dl *s;
195: } p;
196: p.c = CMSG_DATA(cmptr);
197: iface_index = p.s->sdl_index;
198: }
199:
200: #elif defined(HAVE_SOLARIS_NETWORK)
201: if (msg.msg_controllen >= sizeof(struct cmsghdr))
202: for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
203: if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
204: {
205: union {
206: unsigned char *c;
207: unsigned int *i;
208: } p;
209: p.c = CMSG_DATA(cmptr);
210: iface_index = *(p.i);
211: }
212: #endif
213:
214: if (!indextoname(daemon->dhcpfd, iface_index, ifr.ifr_name))
215: return;
216:
217: #ifdef HAVE_LINUX_NETWORK
218: /* ARP fiddling uses original interface even if we pretend to use a different one. */
219: strncpy(arp_req.arp_dev, ifr.ifr_name, 16);
220: #endif
221:
222: /* One form of bridging on BSD has the property that packets
223: can be recieved on bridge interfaces which do not have an IP address.
224: We allow these to be treated as aliases of another interface which does have
225: an IP address with --dhcp-bridge=interface,alias,alias */
226: for (bridge = daemon->bridges; bridge; bridge = bridge->next)
227: {
228: for (alias = bridge->alias; alias; alias = alias->next)
229: if (strncmp(ifr.ifr_name, alias->iface, IF_NAMESIZE) == 0)
230: {
231: if (!(iface_index = if_nametoindex(bridge->iface)))
232: {
233: my_syslog(LOG_WARNING, _("unknown interface %s in bridge-interface"), ifr.ifr_name);
234: return;
235: }
236: else
237: {
238: strncpy(ifr.ifr_name, bridge->iface, IF_NAMESIZE);
239: break;
240: }
241: }
242:
243: if (alias)
244: break;
245: }
246:
247: #ifdef MSG_BCAST
248: /* OpenBSD tells us when a packet was broadcast */
249: if (!(msg.msg_flags & MSG_BCAST))
250: unicast_dest = 1;
251: #endif
252:
253: ifr.ifr_addr.sa_family = AF_INET;
254: if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 )
255: iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
256: else
257: {
258: my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name);
259: return;
260: }
261:
262: for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
263: if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
264: return;
265:
266: /* unlinked contexts are marked by context->current == context */
267: for (context = daemon->dhcp; context; context = context->next)
268: context->current = context;
269:
270: parm.current = NULL;
271: parm.ind = iface_index;
272:
273: if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL))
274: {
275: /* If we failed to match the primary address of the interface, see if we've got a --listen-address
276: for a secondary */
277: struct match_param match;
278:
279: match.matched = 0;
280: match.ind = iface_index;
281:
282: if (!daemon->if_addrs ||
283: !iface_enumerate(AF_INET, &match, check_listen_addrs) ||
284: !match.matched)
285: return;
286:
287: iface_addr = match.addr;
288: /* make sure secondary address gets priority in case
289: there is more than one address on the interface in the same subnet */
290: complete_context(match.addr, iface_index, match.netmask, match.broadcast, &parm);
291: }
292:
293: if (!iface_enumerate(AF_INET, &parm, complete_context))
294: return;
295:
296: lease_prune(NULL, now); /* lose any expired leases */
297: iov.iov_len = dhcp_reply(parm.current, ifr.ifr_name, iface_index, (size_t)sz,
298: now, unicast_dest, &is_inform, pxe_fd, iface_addr);
299: lease_update_file(now);
300: lease_update_dns(0);
301:
302: if (iov.iov_len == 0)
303: return;
304:
305: msg.msg_name = &dest;
306: msg.msg_namelen = sizeof(dest);
307: msg.msg_control = NULL;
308: msg.msg_controllen = 0;
309: msg.msg_iov = &iov;
310: iov.iov_base = daemon->dhcp_packet.iov_base;
311:
312: /* packet buffer may have moved */
313: mess = (struct dhcp_packet *)daemon->dhcp_packet.iov_base;
314:
315: #ifdef HAVE_SOCKADDR_SA_LEN
316: dest.sin_len = sizeof(struct sockaddr_in);
317: #endif
318:
319: if (pxe_fd)
320: {
321: if (mess->ciaddr.s_addr != 0)
322: dest.sin_addr = mess->ciaddr;
323: }
324: else if (mess->giaddr.s_addr)
325: {
326: /* Send to BOOTP relay */
327: dest.sin_port = htons(daemon->dhcp_server_port);
328: dest.sin_addr = mess->giaddr;
329: }
330: else if (mess->ciaddr.s_addr)
331: {
332: /* If the client's idea of its own address tallys with
333: the source address in the request packet, we believe the
334: source port too, and send back to that. If we're replying
335: to a DHCPINFORM, trust the source address always. */
336: if ((!is_inform && dest.sin_addr.s_addr != mess->ciaddr.s_addr) ||
337: dest.sin_port == 0 || dest.sin_addr.s_addr == 0)
338: {
339: dest.sin_port = htons(daemon->dhcp_client_port);
340: dest.sin_addr = mess->ciaddr;
341: }
342: }
343: #if defined(HAVE_LINUX_NETWORK)
344: else if ((ntohs(mess->flags) & 0x8000) || mess->hlen == 0 ||
345: mess->hlen > sizeof(ifr.ifr_addr.sa_data) || mess->htype == 0)
346: {
347: /* broadcast to 255.255.255.255 (or mac address invalid) */
348: struct in_pktinfo *pkt;
349: msg.msg_control = control_u.control;
350: msg.msg_controllen = sizeof(control_u);
351: cmptr = CMSG_FIRSTHDR(&msg);
352: pkt = (struct in_pktinfo *)CMSG_DATA(cmptr);
353: pkt->ipi_ifindex = iface_index;
354: pkt->ipi_spec_dst.s_addr = 0;
355: msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
356: cmptr->cmsg_level = IPPROTO_IP;
357: cmptr->cmsg_type = IP_PKTINFO;
358: dest.sin_addr.s_addr = INADDR_BROADCAST;
359: dest.sin_port = htons(daemon->dhcp_client_port);
360: }
361: else
362: {
363: /* unicast to unconfigured client. Inject mac address direct into ARP cache.
364: struct sockaddr limits size to 14 bytes. */
365: dest.sin_addr = mess->yiaddr;
366: dest.sin_port = htons(daemon->dhcp_client_port);
367: memcpy(&arp_req.arp_pa, &dest, sizeof(struct sockaddr_in));
368: arp_req.arp_ha.sa_family = mess->htype;
369: memcpy(arp_req.arp_ha.sa_data, mess->chaddr, mess->hlen);
370: /* interface name already copied in */
371: arp_req.arp_flags = ATF_COM;
372: ioctl(daemon->dhcpfd, SIOCSARP, &arp_req);
373: }
374: #elif defined(HAVE_SOLARIS_NETWORK)
375: else if ((ntohs(mess->flags) & 0x8000) || mess->hlen != ETHER_ADDR_LEN || mess->htype != ARPHRD_ETHER)
376: {
377: /* broadcast to 255.255.255.255 (or mac address invalid) */
378: dest.sin_addr.s_addr = INADDR_BROADCAST;
379: dest.sin_port = htons(daemon->dhcp_client_port);
380: /* note that we don't specify the interface here: that's done by the
381: IP_BOUND_IF sockopt lower down. */
382: }
383: else
384: {
385: /* unicast to unconfigured client. Inject mac address direct into ARP cache.
386: Note that this only works for ethernet on solaris, because we use SIOCSARP
387: and not SIOCSXARP, which would be perfect, except that it returns ENXIO
388: mysteriously. Bah. Fall back to broadcast for other net types. */
389: struct arpreq req;
390: dest.sin_addr = mess->yiaddr;
391: dest.sin_port = htons(daemon->dhcp_client_port);
392: *((struct sockaddr_in *)&req.arp_pa) = dest;
393: req.arp_ha.sa_family = AF_UNSPEC;
394: memcpy(req.arp_ha.sa_data, mess->chaddr, mess->hlen);
395: req.arp_flags = ATF_COM;
396: ioctl(daemon->dhcpfd, SIOCSARP, &req);
397: }
398: #elif defined(HAVE_BSD_NETWORK)
399: else
400: {
401: send_via_bpf(mess, iov.iov_len, iface_addr, &ifr);
402: return;
403: }
404: #endif
405:
406: #ifdef HAVE_SOLARIS_NETWORK
407: setsockopt(fd, IPPROTO_IP, IP_BOUND_IF, &iface_index, sizeof(iface_index));
408: #endif
409:
410: while(sendmsg(fd, &msg, 0) == -1 && retry_send());
411: }
412:
413: /* check against secondary interface addresses */
414: static int check_listen_addrs(struct in_addr local, int if_index,
415: struct in_addr netmask, struct in_addr broadcast, void *vparam)
416: {
417: struct match_param *param = vparam;
418: struct iname *tmp;
419:
420: if (if_index == param->ind)
421: {
422: for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
423: if ( tmp->addr.sa.sa_family == AF_INET &&
424: tmp->addr.in.sin_addr.s_addr == local.s_addr)
425: {
426: param->matched = 1;
427: param->addr = local;
428: param->netmask = netmask;
429: param->broadcast = broadcast;
430: break;
431: }
432: }
433:
434: return 1;
435: }
436:
437: /* This is a complex routine: it gets called with each (address,netmask,broadcast) triple
438: of each interface (and any relay address) and does the following things:
439:
440: 1) Discards stuff for interfaces other than the one on which a DHCP packet just arrived.
441: 2) Fills in any netmask and broadcast addresses which have not been explicitly configured.
442: 3) Fills in local (this host) and router (this host or relay) addresses.
443: 4) Links contexts which are valid for hosts directly connected to the arrival interface on ->current.
444:
445: Note that the current chain may be superceded later for configured hosts or those coming via gateways. */
446:
447: static int complete_context(struct in_addr local, int if_index,
448: struct in_addr netmask, struct in_addr broadcast, void *vparam)
449: {
450: struct dhcp_context *context;
451: struct iface_param *param = vparam;
452:
453: for (context = daemon->dhcp; context; context = context->next)
454: {
455: if (!(context->flags & CONTEXT_NETMASK) &&
456: (is_same_net(local, context->start, netmask) ||
457: is_same_net(local, context->end, netmask)))
458: {
459: if (context->netmask.s_addr != netmask.s_addr &&
460: !(is_same_net(local, context->start, netmask) &&
461: is_same_net(local, context->end, netmask)))
462: {
463: strcpy(daemon->dhcp_buff, inet_ntoa(context->start));
464: strcpy(daemon->dhcp_buff2, inet_ntoa(context->end));
465: my_syslog(MS_DHCP | LOG_WARNING, _("DHCP range %s -- %s is not consistent with netmask %s"),
466: daemon->dhcp_buff, daemon->dhcp_buff2, inet_ntoa(netmask));
467: }
468: context->netmask = netmask;
469: }
470:
471: if (context->netmask.s_addr != 0 &&
472: is_same_net(local, context->start, context->netmask) &&
473: is_same_net(local, context->end, context->netmask))
474: {
475: /* link it onto the current chain if we've not seen it before */
476: if (if_index == param->ind && context->current == context)
477: {
478: context->router = local;
479: context->local = local;
480: context->current = param->current;
481: param->current = context;
482: }
483:
484: if (!(context->flags & CONTEXT_BRDCAST))
485: {
486: if (is_same_net(broadcast, context->start, context->netmask))
487: context->broadcast = broadcast;
488: else
489: context->broadcast.s_addr = context->start.s_addr | ~context->netmask.s_addr;
490: }
491: }
492: }
493:
494: return 1;
495: }
496:
497: struct dhcp_context *address_available(struct dhcp_context *context,
498: struct in_addr taddr,
499: struct dhcp_netid *netids)
500: {
501: /* Check is an address is OK for this network, check all
502: possible ranges. Make sure that the address isn't in use
503: by the server itself. */
504:
505: unsigned int start, end, addr = ntohl(taddr.s_addr);
506: struct dhcp_context *tmp;
507:
508: for (tmp = context; tmp; tmp = tmp->current)
509: if (taddr.s_addr == context->router.s_addr)
510: return NULL;
511:
512: for (tmp = context; tmp; tmp = tmp->current)
513: {
514: start = ntohl(tmp->start.s_addr);
515: end = ntohl(tmp->end.s_addr);
516:
517: if (!(tmp->flags & (CONTEXT_STATIC | CONTEXT_PROXY)) &&
518: addr >= start &&
519: addr <= end &&
520: match_netid(tmp->filter, netids, 1))
521: return tmp;
522: }
523:
524: return NULL;
525: }
526:
527: struct dhcp_context *narrow_context(struct dhcp_context *context,
528: struct in_addr taddr,
529: struct dhcp_netid *netids)
530: {
531: /* We start of with a set of possible contexts, all on the current physical interface.
532: These are chained on ->current.
533: Here we have an address, and return the actual context correponding to that
534: address. Note that none may fit, if the address came a dhcp-host and is outside
535: any dhcp-range. In that case we return a static range if possible, or failing that,
536: any context on the correct subnet. (If there's more than one, this is a dodgy
537: configuration: maybe there should be a warning.) */
538:
539: struct dhcp_context *tmp;
540:
541: if (!(tmp = address_available(context, taddr, netids)))
542: {
543: for (tmp = context; tmp; tmp = tmp->current)
544: if (match_netid(tmp->filter, netids, 1) &&
545: is_same_net(taddr, tmp->start, tmp->netmask) &&
546: (tmp->flags & CONTEXT_STATIC))
547: break;
548:
549: if (!tmp)
550: for (tmp = context; tmp; tmp = tmp->current)
551: if (match_netid(tmp->filter, netids, 1) &&
552: is_same_net(taddr, tmp->start, tmp->netmask) &&
553: !(tmp->flags & CONTEXT_PROXY))
554: break;
555: }
556:
557: /* Only one context allowed now */
558: if (tmp)
559: tmp->current = NULL;
560:
561: return tmp;
562: }
563:
564: struct dhcp_config *config_find_by_address(struct dhcp_config *configs, struct in_addr addr)
565: {
566: struct dhcp_config *config;
567:
568: for (config = configs; config; config = config->next)
569: if ((config->flags & CONFIG_ADDR) && config->addr.s_addr == addr.s_addr)
570: return config;
571:
572: return NULL;
573: }
574:
575: int address_allocate(struct dhcp_context *context,
576: struct in_addr *addrp, unsigned char *hwaddr, int hw_len,
577: struct dhcp_netid *netids, time_t now)
578: {
579: /* Find a free address: exclude anything in use and anything allocated to
580: a particular hwaddr/clientid/hostname in our configuration.
581: Try to return from contexts which match netids first. */
582:
583: struct in_addr start, addr;
584: struct dhcp_context *c, *d;
585: int i, pass;
586: unsigned int j;
587:
588: /* hash hwaddr: use the SDBM hashing algorithm. Seems to give good
589: dispersal even with similarly-valued "strings". */
590: for (j = 0, i = 0; i < hw_len; i++)
591: j += hwaddr[i] + (j << 6) + (j << 16) - j;
592:
593: for (pass = 0; pass <= 1; pass++)
594: for (c = context; c; c = c->current)
595: if (c->flags & (CONTEXT_STATIC | CONTEXT_PROXY))
596: continue;
597: else if (!match_netid(c->filter, netids, pass))
598: continue;
599: else
600: {
601: if (option_bool(OPT_CONSEC_ADDR))
602: /* seed is largest extant lease addr in this context */
603: start = lease_find_max_addr(c);
604: else
605: /* pick a seed based on hwaddr */
606: start.s_addr = htonl(ntohl(c->start.s_addr) +
607: ((j + c->addr_epoch) % (1 + ntohl(c->end.s_addr) - ntohl(c->start.s_addr))));
608:
609: /* iterate until we find a free address. */
610: addr = start;
611:
612: do {
613: /* eliminate addresses in use by the server. */
614: for (d = context; d; d = d->current)
615: if (addr.s_addr == d->router.s_addr)
616: break;
617:
618: /* Addresses which end in .255 and .0 are broken in Windows even when using
619: supernetting. ie dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0
620: then 192.168.0.255 is a valid IP address, but not for Windows as it's
621: in the class C range. See KB281579. We therefore don't allocate these
622: addresses to avoid hard-to-diagnose problems. Thanks Bill. */
623: if (!d &&
624: !lease_find_by_addr(addr) &&
625: !config_find_by_address(daemon->dhcp_conf, addr) &&
626: (!IN_CLASSC(ntohl(addr.s_addr)) ||
627: ((ntohl(addr.s_addr) & 0xff) != 0xff && ((ntohl(addr.s_addr) & 0xff) != 0x0))))
628: {
629: struct ping_result *r, *victim = NULL;
630: int count, max = (int)(0.6 * (((float)PING_CACHE_TIME)/
631: ((float)PING_WAIT)));
632:
633: *addrp = addr;
634:
635: /* check if we failed to ping addr sometime in the last
636: PING_CACHE_TIME seconds. If so, assume the same situation still exists.
637: This avoids problems when a stupid client bangs
638: on us repeatedly. As a final check, if we did more
639: than 60% of the possible ping checks in the last
640: PING_CACHE_TIME, we are in high-load mode, so don't do any more. */
641: for (count = 0, r = daemon->ping_results; r; r = r->next)
642: if (difftime(now, r->time) > (float)PING_CACHE_TIME)
643: victim = r; /* old record */
644: else
645: {
646: count++;
647: if (r->addr.s_addr == addr.s_addr)
648: {
649: /* consec-ip mode: we offered this address for another client
650: (different hash) recently, don't offer it to this one. */
651: if (option_bool(OPT_CONSEC_ADDR) && r->hash != j)
652: break;
653:
654: return 1;
655: }
656: }
657:
658: if (!r)
659: {
660: if ((count < max) && !option_bool(OPT_NO_PING) && icmp_ping(addr))
661: {
662: /* address in use: perturb address selection so that we are
663: less likely to try this address again. */
664: if (!option_bool(OPT_CONSEC_ADDR))
665: c->addr_epoch++;
666: }
667: else
668: {
669: /* at this point victim may hold an expired record */
670: if (!victim)
671: {
672: if ((victim = whine_malloc(sizeof(struct ping_result))))
673: {
674: victim->next = daemon->ping_results;
675: daemon->ping_results = victim;
676: }
677: }
678:
679: /* record that this address is OK for 30s
680: without more ping checks */
681: if (victim)
682: {
683: victim->addr = addr;
684: victim->time = now;
685: victim->hash = j;
686: }
687: return 1;
688: }
689: }
690: }
691:
692: addr.s_addr = htonl(ntohl(addr.s_addr) + 1);
693:
694: if (addr.s_addr == htonl(ntohl(c->end.s_addr) + 1))
695: addr = c->start;
696:
697: } while (addr.s_addr != start.s_addr);
698: }
699:
700: return 0;
701: }
702:
703: static int is_addr_in_context(struct dhcp_context *context, struct dhcp_config *config)
704: {
705: if (!context) /* called via find_config() from lease_update_from_configs() */
706: return 1;
707: if (!(config->flags & CONFIG_ADDR))
708: return 1;
709: for (; context; context = context->current)
710: if (is_same_net(config->addr, context->start, context->netmask))
711: return 1;
712:
713: return 0;
714: }
715:
716: int config_has_mac(struct dhcp_config *config, unsigned char *hwaddr, int len, int type)
717: {
718: struct hwaddr_config *conf_addr;
719:
720: for (conf_addr = config->hwaddr; conf_addr; conf_addr = conf_addr->next)
721: if (conf_addr->wildcard_mask == 0 &&
722: conf_addr->hwaddr_len == len &&
723: (conf_addr->hwaddr_type == type || conf_addr->hwaddr_type == 0) &&
724: memcmp(conf_addr->hwaddr, hwaddr, len) == 0)
725: return 1;
726:
727: return 0;
728: }
729:
730: struct dhcp_config *find_config(struct dhcp_config *configs,
731: struct dhcp_context *context,
732: unsigned char *clid, int clid_len,
733: unsigned char *hwaddr, int hw_len,
734: int hw_type, char *hostname)
735: {
736: int count, new;
737: struct dhcp_config *config, *candidate;
738: struct hwaddr_config *conf_addr;
739:
740: if (clid)
741: for (config = configs; config; config = config->next)
742: if (config->flags & CONFIG_CLID)
743: {
744: if (config->clid_len == clid_len &&
745: memcmp(config->clid, clid, clid_len) == 0 &&
746: is_addr_in_context(context, config))
747: return config;
748:
749: /* dhcpcd prefixes ASCII client IDs by zero which is wrong, but we try and
750: cope with that here */
751: if (*clid == 0 && config->clid_len == clid_len-1 &&
752: memcmp(config->clid, clid+1, clid_len-1) == 0 &&
753: is_addr_in_context(context, config))
754: return config;
755: }
756:
757:
758: for (config = configs; config; config = config->next)
759: if (config_has_mac(config, hwaddr, hw_len, hw_type) &&
760: is_addr_in_context(context, config))
761: return config;
762:
763: if (hostname && context)
764: for (config = configs; config; config = config->next)
765: if ((config->flags & CONFIG_NAME) &&
766: hostname_isequal(config->hostname, hostname) &&
767: is_addr_in_context(context, config))
768: return config;
769:
770: /* use match with fewest wildcard octets */
771: for (candidate = NULL, count = 0, config = configs; config; config = config->next)
772: if (is_addr_in_context(context, config))
773: for (conf_addr = config->hwaddr; conf_addr; conf_addr = conf_addr->next)
774: if (conf_addr->wildcard_mask != 0 &&
775: conf_addr->hwaddr_len == hw_len &&
776: (conf_addr->hwaddr_type == hw_type || conf_addr->hwaddr_type == 0) &&
777: (new = memcmp_masked(conf_addr->hwaddr, hwaddr, hw_len, conf_addr->wildcard_mask)) > count)
778: {
779: count = new;
780: candidate = config;
781: }
782:
783: return candidate;
784: }
785:
786: void dhcp_read_ethers(void)
787: {
788: FILE *f = fopen(ETHERSFILE, "r");
789: unsigned int flags;
790: char *buff = daemon->namebuff;
791: char *ip, *cp;
792: struct in_addr addr;
793: unsigned char hwaddr[ETHER_ADDR_LEN];
794: struct dhcp_config **up, *tmp;
795: struct dhcp_config *config;
796: int count = 0, lineno = 0;
797:
798: addr.s_addr = 0; /* eliminate warning */
799:
800: if (!f)
801: {
802: my_syslog(MS_DHCP | LOG_ERR, _("failed to read %s: %s"), ETHERSFILE, strerror(errno));
803: return;
804: }
805:
806: /* This can be called again on SIGHUP, so remove entries created last time round. */
807: for (up = &daemon->dhcp_conf, config = daemon->dhcp_conf; config; config = tmp)
808: {
809: tmp = config->next;
810: if (config->flags & CONFIG_FROM_ETHERS)
811: {
812: *up = tmp;
813: /* cannot have a clid */
814: if (config->flags & CONFIG_NAME)
815: free(config->hostname);
816: free(config->hwaddr);
817: free(config);
818: }
819: else
820: up = &config->next;
821: }
822:
823: while (fgets(buff, MAXDNAME, f))
824: {
825: char *host = NULL;
826:
827: lineno++;
828:
829: while (strlen(buff) > 0 && isspace((int)buff[strlen(buff)-1]))
830: buff[strlen(buff)-1] = 0;
831:
832: if ((*buff == '#') || (*buff == '+') || (*buff == 0))
833: continue;
834:
835: for (ip = buff; *ip && !isspace((int)*ip); ip++);
836: for(; *ip && isspace((int)*ip); ip++)
837: *ip = 0;
838: if (!*ip || parse_hex(buff, hwaddr, ETHER_ADDR_LEN, NULL, NULL) != ETHER_ADDR_LEN)
839: {
840: my_syslog(MS_DHCP | LOG_ERR, _("bad line at %s line %d"), ETHERSFILE, lineno);
841: continue;
842: }
843:
844: /* check for name or dotted-quad */
845: for (cp = ip; *cp; cp++)
846: if (!(*cp == '.' || (*cp >='0' && *cp <= '9')))
847: break;
848:
849: if (!*cp)
850: {
851: if ((addr.s_addr = inet_addr(ip)) == (in_addr_t)-1)
852: {
853: my_syslog(MS_DHCP | LOG_ERR, _("bad address at %s line %d"), ETHERSFILE, lineno);
854: continue;
855: }
856:
857: flags = CONFIG_ADDR;
858:
859: for (config = daemon->dhcp_conf; config; config = config->next)
860: if ((config->flags & CONFIG_ADDR) && config->addr.s_addr == addr.s_addr)
861: break;
862: }
863: else
864: {
865: int nomem;
866: if (!(host = canonicalise(ip, &nomem)) || !legal_hostname(host))
867: {
868: if (!nomem)
869: my_syslog(MS_DHCP | LOG_ERR, _("bad name at %s line %d"), ETHERSFILE, lineno);
870: free(host);
871: continue;
872: }
873:
874: flags = CONFIG_NAME;
875:
876: for (config = daemon->dhcp_conf; config; config = config->next)
877: if ((config->flags & CONFIG_NAME) && hostname_isequal(config->hostname, host))
878: break;
879: }
880:
881: if (config && (config->flags & CONFIG_FROM_ETHERS))
882: {
883: my_syslog(MS_DHCP | LOG_ERR, _("ignoring %s line %d, duplicate name or IP address"), ETHERSFILE, lineno);
884: continue;
885: }
886:
887: if (!config)
888: {
889: for (config = daemon->dhcp_conf; config; config = config->next)
890: {
891: struct hwaddr_config *conf_addr = config->hwaddr;
892: if (conf_addr &&
893: conf_addr->next == NULL &&
894: conf_addr->wildcard_mask == 0 &&
895: conf_addr->hwaddr_len == ETHER_ADDR_LEN &&
896: (conf_addr->hwaddr_type == ARPHRD_ETHER || conf_addr->hwaddr_type == 0) &&
897: memcmp(conf_addr->hwaddr, hwaddr, ETHER_ADDR_LEN) == 0)
898: break;
899: }
900:
901: if (!config)
902: {
903: if (!(config = whine_malloc(sizeof(struct dhcp_config))))
904: continue;
905: config->flags = CONFIG_FROM_ETHERS;
906: config->hwaddr = NULL;
907: config->domain = NULL;
908: config->netid = NULL;
909: config->next = daemon->dhcp_conf;
910: daemon->dhcp_conf = config;
911: }
912:
913: config->flags |= flags;
914:
915: if (flags & CONFIG_NAME)
916: {
917: config->hostname = host;
918: host = NULL;
919: }
920:
921: if (flags & CONFIG_ADDR)
922: config->addr = addr;
923: }
924:
925: config->flags |= CONFIG_NOCLID;
926: if (!config->hwaddr)
927: config->hwaddr = whine_malloc(sizeof(struct hwaddr_config));
928: if (config->hwaddr)
929: {
930: memcpy(config->hwaddr->hwaddr, hwaddr, ETHER_ADDR_LEN);
931: config->hwaddr->hwaddr_len = ETHER_ADDR_LEN;
932: config->hwaddr->hwaddr_type = ARPHRD_ETHER;
933: config->hwaddr->wildcard_mask = 0;
934: config->hwaddr->next = NULL;
935: }
936: count++;
937:
938: free(host);
939:
940: }
941:
942: fclose(f);
943:
944: my_syslog(MS_DHCP | LOG_INFO, _("read %s - %d addresses"), ETHERSFILE, count);
945: }
946:
947:
948: /* If we've not found a hostname any other way, try and see if there's one in /etc/hosts
949: for this address. If it has a domain part, that must match the set domain and
950: it gets stripped. The set of legal domain names is bigger than the set of legal hostnames
951: so check here that the domain name is legal as a hostname.
952: NOTE: we're only allowed to overwrite daemon->dhcp_buff if we succeed. */
953: char *host_from_dns(struct in_addr addr)
954: {
955: struct crec *lookup;
956:
957: if (daemon->port == 0)
958: return NULL; /* DNS disabled. */
959:
960: lookup = cache_find_by_addr(NULL, (struct all_addr *)&addr, 0, F_IPV4);
961:
962: if (lookup && (lookup->flags & F_HOSTS))
963: {
964: char *dot, *hostname = cache_get_name(lookup);
965: dot = strchr(hostname, '.');
966:
967: if (dot && strlen(dot+1) != 0)
968: {
969: char *d2 = get_domain(addr);
970: if (!d2 || !hostname_isequal(dot+1, d2))
971: return NULL; /* wrong domain */
972: }
973:
974: if (!legal_hostname(hostname))
975: return NULL;
976:
977: strncpy(daemon->dhcp_buff, hostname, 256);
978: daemon->dhcp_buff[255] = 0;
979: strip_hostname(daemon->dhcp_buff);
980:
981: return daemon->dhcp_buff;
982: }
983:
984: return NULL;
985: }
986:
987: #endif
988:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dhcp.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src