1: /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2:
3: This program is free software; you can redistribute it and/or modify
4: it under the terms of the GNU General Public License as published by
5: the Free Software Foundation; version 2 dated June, 1991, or
6: (at your option) version 3 dated 29 June, 2007.
7:
8: This program is distributed in the hope that it will be useful,
9: but WITHOUT ANY WARRANTY; without even the implied warranty of
10: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11: GNU General Public License for more details.
12:
13: You should have received a copy of the GNU General Public License
14: along with this program. If not, see <http://www.gnu.org/licenses/>.
15: */
16:
17: /* Declare static char *compiler_opts in config.h */
18: #define DNSMASQ_COMPILE_OPTS
19:
20: #include "dnsmasq.h"
21:
22: struct daemon *daemon;
23:
24: static volatile pid_t pid = 0;
25: static volatile int pipewrite;
26:
27: static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
28: static void check_dns_listeners(fd_set *set, time_t now);
29: static void sig_handler(int sig);
30: static void async_event(int pipe, time_t now);
31: static void fatal_event(struct event_desc *ev, char *msg);
32: static int read_event(int fd, struct event_desc *evp, char **msg);
33:
34: int main (int argc, char **argv)
35: {
36: int bind_fallback = 0;
37: time_t now;
38: struct sigaction sigact;
39: struct iname *if_tmp;
40: int piperead, pipefd[2], err_pipe[2];
41: struct passwd *ent_pw = NULL;
42: #if defined(HAVE_SCRIPT)
43: uid_t script_uid = 0;
44: gid_t script_gid = 0;
45: #endif
46: struct group *gp = NULL;
47: long i, max_fd = sysconf(_SC_OPEN_MAX);
48: char *baduser = NULL;
49: int log_err;
50: #if defined(HAVE_LINUX_NETWORK)
51: cap_user_header_t hdr = NULL;
52: cap_user_data_t data = NULL;
53: #endif
54: struct dhcp_context *context;
55:
56: #ifdef LOCALEDIR
57: setlocale(LC_ALL, "");
58: bindtextdomain("dnsmasq", LOCALEDIR);
59: textdomain("dnsmasq");
60: #endif
61:
62: sigact.sa_handler = sig_handler;
63: sigact.sa_flags = 0;
64: sigemptyset(&sigact.sa_mask);
65: sigaction(SIGUSR1, &sigact, NULL);
66: sigaction(SIGUSR2, &sigact, NULL);
67: sigaction(SIGHUP, &sigact, NULL);
68: sigaction(SIGTERM, &sigact, NULL);
69: sigaction(SIGALRM, &sigact, NULL);
70: sigaction(SIGCHLD, &sigact, NULL);
71:
72: /* ignore SIGPIPE */
73: sigact.sa_handler = SIG_IGN;
74: sigaction(SIGPIPE, &sigact, NULL);
75:
76: umask(022); /* known umask, create leases and pid files as 0644 */
77:
78: read_opts(argc, argv, compile_opts);
79:
80: if (daemon->edns_pktsz < PACKETSZ)
81: daemon->edns_pktsz = PACKETSZ;
82: daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
83: daemon->edns_pktsz : DNSMASQ_PACKETSZ;
84: daemon->packet = safe_malloc(daemon->packet_buff_sz);
85:
86: daemon->addrbuff = safe_malloc(ADDRSTRLEN);
87:
88:
89: #ifdef HAVE_DHCP
90: if (!daemon->lease_file)
91: {
92: if (daemon->dhcp || daemon->dhcp6)
93: daemon->lease_file = LEASEFILE;
94: }
95: #endif
96:
97: /* Close any file descriptors we inherited apart from std{in|out|err}
98:
99: Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
100: otherwise file descriptors we create can end up being 0, 1, or 2
101: and then get accidentally closed later when we make 0, 1, and 2
102: open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
103: but it's not guaranteed. By opening /dev/null three times, we
104: ensure that we're not using those fds for real stuff. */
105: for (i = 0; i < max_fd; i++)
106: if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
107: close(i);
108: else
109: open("/dev/null", O_RDWR);
110:
111: #ifndef HAVE_LINUX_NETWORK
112: # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
113: if (!option_bool(OPT_NOWILD))
114: {
115: bind_fallback = 1;
116: set_option_bool(OPT_NOWILD);
117: }
118: # endif
119:
120: /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
121: if (option_bool(OPT_CLEVERBIND))
122: {
123: bind_fallback = 1;
124: set_option_bool(OPT_NOWILD);
125: reset_option_bool(OPT_CLEVERBIND);
126: }
127: #endif
128:
129: #ifndef HAVE_TFTP
130: if (option_bool(OPT_TFTP))
131: die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
132: #endif
133:
134: #ifdef HAVE_CONNTRACK
135: if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
136: die (_("Cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
137: #else
138: if (option_bool(OPT_CONNTRACK))
139: die(_("Conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
140: #endif
141:
142: #ifdef HAVE_SOLARIS_NETWORK
143: if (daemon->max_logs != 0)
144: die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
145: #endif
146:
147: #ifdef __ANDROID__
148: if (daemon->max_logs != 0)
149: die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
150: #endif
151:
152: #ifndef HAVE_AUTH
153: if (daemon->authserver)
154: die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
155: #endif
156:
157: rand_init();
158:
159: now = dnsmasq_time();
160:
161: /* Create a serial at startup if not configured. */
162: if (daemon->authinterface && daemon->soa_sn == 0)
163: #ifdef HAVE_BROKEN_RTC
164: die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
165: #else
166: daemon->soa_sn = now;
167: #endif
168:
169: #ifdef HAVE_DHCP
170: if (daemon->dhcp || daemon->dhcp6)
171: {
172:
173: # ifdef HAVE_DHCP6
174: if (daemon->dhcp6)
175: {
176: daemon->doing_ra = option_bool(OPT_RA);
177:
178: for (context = daemon->dhcp6; context; context = context->next)
179: {
180: if (context->flags & CONTEXT_DHCP)
181: daemon->doing_dhcp6 = 1;
182: if (context->flags & CONTEXT_RA)
183: daemon->doing_ra = 1;
184: #ifndef HAVE_LINUX_NETWORK
185: if (context->flags & CONTEXT_TEMPLATE)
186: die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
187: #endif
188: }
189: }
190: # endif
191:
192: /* Note that order matters here, we must call lease_init before
193: creating any file descriptors which shouldn't be leaked
194: to the lease-script init process. We need to call common_init
195: before lease_init to allocate buffers it uses.*/
196: if (daemon->dhcp || daemon->doing_dhcp6)
197: {
198: dhcp_common_init();
199: lease_init(now);
200: }
201:
202: if (daemon->dhcp)
203: dhcp_init();
204:
205: # ifdef HAVE_DHCP6
206: if (daemon->doing_ra)
207: ra_init(now);
208:
209: if (daemon->doing_dhcp6)
210: dhcp6_init();
211: # endif
212: }
213:
214: #endif
215:
216: #ifdef HAVE_IPSET
217: if (daemon->ipsets)
218: ipset_init();
219: #endif
220:
221: #ifdef HAVE_LINUX_NETWORK
222: netlink_init();
223:
224: if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
225: die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
226: #endif
227:
228: if (!enumerate_interfaces())
229: die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
230:
231: if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
232: {
233: create_bound_listeners(1);
234:
235: if (!option_bool(OPT_CLEVERBIND))
236: for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
237: if (if_tmp->name && !if_tmp->used)
238: die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
239:
240: #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
241: /* after enumerate_interfaces() */
242: if (daemon->dhcp)
243: {
244: bindtodevice(daemon->dhcpfd);
245: if (daemon->enable_pxe)
246: bindtodevice(daemon->pxefd);
247: }
248: #endif
249:
250: #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
251: if (daemon->dhcp6)
252: bindtodevice(daemon->dhcp6fd);
253: #endif
254: }
255: else
256: create_wildcard_listeners();
257:
258: #ifdef HAVE_DHCP6
259: /* after enumerate_interfaces() */
260: if (daemon->doing_dhcp6 || daemon->doing_ra)
261: join_multicast(1);
262: #endif
263:
264: if (daemon->port != 0)
265: cache_init();
266:
267: if (option_bool(OPT_DBUS))
268: #ifdef HAVE_DBUS
269: {
270: char *err;
271: daemon->dbus = NULL;
272: daemon->watches = NULL;
273: if ((err = dbus_init()))
274: die(_("DBus error: %s"), err, EC_MISC);
275: }
276: #else
277: die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
278: #endif
279:
280: if (daemon->port != 0)
281: pre_allocate_sfds();
282:
283: #if defined(HAVE_SCRIPT)
284: /* Note getpwnam returns static storage */
285: if ((daemon->dhcp || daemon->dhcp6) &&
286: daemon->scriptuser &&
287: (daemon->lease_change_command || daemon->luascript))
288: {
289: if ((ent_pw = getpwnam(daemon->scriptuser)))
290: {
291: script_uid = ent_pw->pw_uid;
292: script_gid = ent_pw->pw_gid;
293: }
294: else
295: baduser = daemon->scriptuser;
296: }
297: #endif
298:
299: if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
300: baduser = daemon->username;
301: else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
302: baduser = daemon->groupname;
303:
304: if (baduser)
305: die(_("unknown user or group: %s"), baduser, EC_BADCONF);
306:
307: /* implement group defaults, "dip" if available, or group associated with uid */
308: if (!daemon->group_set && !gp)
309: {
310: if (!(gp = getgrnam(CHGRP)) && ent_pw)
311: gp = getgrgid(ent_pw->pw_gid);
312:
313: /* for error message */
314: if (gp)
315: daemon->groupname = gp->gr_name;
316: }
317:
318: #if defined(HAVE_LINUX_NETWORK)
319: /* determine capability API version here, while we can still
320: call safe_malloc */
321: if (ent_pw && ent_pw->pw_uid != 0)
322: {
323: int capsize = 1; /* for header version 1 */
324: hdr = safe_malloc(sizeof(*hdr));
325:
326: /* find version supported by kernel */
327: memset(hdr, 0, sizeof(*hdr));
328: capget(hdr, NULL);
329:
330: if (hdr->version != LINUX_CAPABILITY_VERSION_1)
331: {
332: /* if unknown version, use largest supported version (3) */
333: if (hdr->version != LINUX_CAPABILITY_VERSION_2)
334: hdr->version = LINUX_CAPABILITY_VERSION_3;
335: capsize = 2;
336: }
337:
338: data = safe_malloc(sizeof(*data) * capsize);
339: memset(data, 0, sizeof(*data) * capsize);
340: }
341: #endif
342:
343: /* Use a pipe to carry signals and other events back to the event loop
344: in a race-free manner and another to carry errors to daemon-invoking process */
345: safe_pipe(pipefd, 1);
346:
347: piperead = pipefd[0];
348: pipewrite = pipefd[1];
349: /* prime the pipe to load stuff first time. */
350: send_event(pipewrite, EVENT_RELOAD, 0, NULL);
351:
352: err_pipe[1] = -1;
353:
354: if (!option_bool(OPT_DEBUG))
355: {
356: /* The following code "daemonizes" the process.
357: See Stevens section 12.4 */
358:
359: if (chdir("/") != 0)
360: die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
361:
362: #ifndef NO_FORK
363: if (!option_bool(OPT_NO_FORK))
364: {
365: pid_t pid;
366:
367: /* pipe to carry errors back to original process.
368: When startup is complete we close this and the process terminates. */
369: safe_pipe(err_pipe, 0);
370:
371: if ((pid = fork()) == -1)
372: /* fd == -1 since we've not forked, never returns. */
373: send_event(-1, EVENT_FORK_ERR, errno, NULL);
374:
375: if (pid != 0)
376: {
377: struct event_desc ev;
378: char *msg;
379:
380: /* close our copy of write-end */
381: close(err_pipe[1]);
382:
383: /* check for errors after the fork */
384: if (read_event(err_pipe[0], &ev, &msg))
385: fatal_event(&ev, msg);
386:
387: _exit(EC_GOOD);
388: }
389:
390: close(err_pipe[0]);
391:
392: /* NO calls to die() from here on. */
393:
394: setsid();
395:
396: if ((pid = fork()) == -1)
397: send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
398:
399: if (pid != 0)
400: _exit(0);
401: }
402: #endif
403:
404: /* write pidfile _after_ forking ! */
405: if (daemon->runfile)
406: {
407: int fd, err = 0;
408:
409: sprintf(daemon->namebuff, "%d\n", (int) getpid());
410:
411: /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
412: in a directory which is writable by the non-privileged user that dnsmasq runs as. This
413: allows the daemon to delete the file as part of its shutdown. This is a security hole to the
414: extent that an attacker running as the unprivileged user could replace the pidfile with a
415: symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
416:
417: The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
418: ensuring that the open() fails should there be any existing file (because the unlink() failed,
419: or an attacker exploited the race between unlink() and open()). This ensures that no symlink
420: attack can succeed.
421:
422: Any compromise of the non-privileged user still theoretically allows the pid-file to be
423: replaced whilst dnsmasq is running. The worst that could allow is that the usual
424: "shutdown dnsmasq" shell command could be tricked into stopping any other process.
425:
426: Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
427: failure to write the pid-file.
428: */
429:
430: unlink(daemon->runfile);
431:
432: if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
433: {
434: /* only complain if started as root */
435: if (getuid() == 0)
436: err = 1;
437: }
438: else
439: {
440: if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
441: err = 1;
442:
443: while (!err && close(fd) == -1)
444: if (!retry_send())
445: err = 1;
446: }
447:
448: if (err)
449: {
450: send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
451: _exit(0);
452: }
453: }
454: }
455:
456: log_err = log_start(ent_pw, err_pipe[1]);
457:
458: if (!option_bool(OPT_DEBUG))
459: {
460: /* open stdout etc to /dev/null */
461: int nullfd = open("/dev/null", O_RDWR);
462: dup2(nullfd, STDOUT_FILENO);
463: dup2(nullfd, STDERR_FILENO);
464: dup2(nullfd, STDIN_FILENO);
465: close(nullfd);
466: }
467:
468: /* if we are to run scripts, we need to fork a helper before dropping root. */
469: daemon->helperfd = -1;
470: #ifdef HAVE_SCRIPT
471: if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
472: daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
473: #endif
474:
475: if (!option_bool(OPT_DEBUG) && getuid() == 0)
476: {
477: int bad_capabilities = 0;
478: gid_t dummy;
479:
480: /* remove all supplimentary groups */
481: if (gp &&
482: (setgroups(0, &dummy) == -1 ||
483: setgid(gp->gr_gid) == -1))
484: {
485: send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
486: _exit(0);
487: }
488:
489: if (ent_pw && ent_pw->pw_uid != 0)
490: {
491: #if defined(HAVE_LINUX_NETWORK)
492: /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
493: CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
494: ports because of DAD, or we're doing it dynamically,
495: we need CAP_NET_BIND_SERVICE too. */
496: if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
497: data->effective = data->permitted = data->inheritable =
498: (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
499: (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
500: else
501: data->effective = data->permitted = data->inheritable =
502: (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
503:
504: /* Tell kernel to not clear capabilities when dropping root */
505: if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
506: bad_capabilities = errno;
507:
508: #elif defined(HAVE_SOLARIS_NETWORK)
509: /* http://developers.sun.com/solaris/articles/program_privileges.html */
510: priv_set_t *priv_set;
511:
512: if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
513: priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
514: priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
515: bad_capabilities = errno;
516:
517: if (priv_set && bad_capabilities == 0)
518: {
519: priv_inverse(priv_set);
520:
521: if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
522: bad_capabilities = errno;
523: }
524:
525: if (priv_set)
526: priv_freeset(priv_set);
527:
528: #endif
529:
530: if (bad_capabilities != 0)
531: {
532: send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
533: _exit(0);
534: }
535:
536: /* finally drop root */
537: if (setuid(ent_pw->pw_uid) == -1)
538: {
539: send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
540: _exit(0);
541: }
542:
543: #ifdef HAVE_LINUX_NETWORK
544: if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
545: data->effective = data->permitted =
546: (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
547: else
548: data->effective = data->permitted =
549: (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
550: data->inheritable = 0;
551:
552: /* lose the setuid and setgid capbilities */
553: if (capset(hdr, data) == -1)
554: {
555: send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
556: _exit(0);
557: }
558: #endif
559:
560: }
561: }
562:
563: #ifdef HAVE_LINUX_NETWORK
564: if (option_bool(OPT_DEBUG))
565: prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
566: #endif
567:
568: #ifdef HAVE_TFTP
569: if (option_bool(OPT_TFTP))
570: {
571: DIR *dir;
572: struct tftp_prefix *p;
573:
574: if (daemon->tftp_prefix)
575: {
576: if (!((dir = opendir(daemon->tftp_prefix))))
577: {
578: send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
579: _exit(0);
580: }
581: closedir(dir);
582: }
583:
584: for (p = daemon->if_prefix; p; p = p->next)
585: {
586: if (!((dir = opendir(p->prefix))))
587: {
588: send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
589: _exit(0);
590: }
591: closedir(dir);
592: }
593: }
594: #endif
595:
596: if (daemon->port == 0)
597: my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
598: else if (daemon->cachesize != 0)
599: my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
600: else
601: my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
602:
603: my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
604:
605: #ifdef HAVE_DBUS
606: if (option_bool(OPT_DBUS))
607: {
608: if (daemon->dbus)
609: my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
610: else
611: my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
612: }
613: #endif
614:
615: if (log_err != 0)
616: my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
617: daemon->log_file, strerror(log_err));
618:
619: if (bind_fallback)
620: my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
621:
622: if (!option_bool(OPT_NOWILD))
623: for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
624: if (if_tmp->name && !if_tmp->used)
625: my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
626:
627: if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
628: {
629: if (daemon->resolv_files && !daemon->resolv_files->is_default)
630: my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
631: daemon->resolv_files = NULL;
632: if (!daemon->servers)
633: my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
634: }
635:
636: if (daemon->max_logs != 0)
637: my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
638:
639:
640: #ifdef HAVE_DHCP
641: for (context = daemon->dhcp; context; context = context->next)
642: log_context(AF_INET, context);
643:
644: # ifdef HAVE_DHCP6
645: for (context = daemon->dhcp6; context; context = context->next)
646: log_context(AF_INET6, context);
647:
648: if (daemon->doing_dhcp6 || daemon->doing_ra)
649: dhcp_construct_contexts(now);
650:
651: if (option_bool(OPT_RA))
652: my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
653: # endif
654:
655: /* after dhcp_contruct_contexts */
656: if (daemon->dhcp || daemon->doing_dhcp6)
657: lease_find_interfaces(now);
658: #endif
659:
660: #ifdef HAVE_TFTP
661: if (option_bool(OPT_TFTP))
662: {
663: #ifdef FD_SETSIZE
664: if (FD_SETSIZE < (unsigned)max_fd)
665: max_fd = FD_SETSIZE;
666: #endif
667:
668: my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
669: daemon->tftp_prefix ? _("root is ") : _("enabled"),
670: daemon->tftp_prefix ? daemon->tftp_prefix: "",
671: option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
672:
673: /* This is a guess, it assumes that for small limits,
674: disjoint files might be served, but for large limits,
675: a single file will be sent to may clients (the file only needs
676: one fd). */
677:
678: max_fd -= 30; /* use other than TFTP */
679:
680: if (max_fd < 0)
681: max_fd = 5;
682: else if (max_fd < 100)
683: max_fd = max_fd/2;
684: else
685: max_fd = max_fd - 20;
686:
687: /* if we have to use a limited range of ports,
688: that will limit the number of transfers */
689: if (daemon->start_tftp_port != 0 &&
690: daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
691: max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
692:
693: if (daemon->tftp_max > max_fd)
694: {
695: daemon->tftp_max = max_fd;
696: my_syslog(MS_TFTP | LOG_WARNING,
697: _("restricting maximum simultaneous TFTP transfers to %d"),
698: daemon->tftp_max);
699: }
700: }
701: #endif
702:
703: /* finished start-up - release original process */
704: if (err_pipe[1] != -1)
705: close(err_pipe[1]);
706:
707: if (daemon->port != 0)
708: check_servers();
709:
710: pid = getpid();
711:
712: while (1)
713: {
714: int maxfd = -1;
715: struct timeval t, *tp = NULL;
716: fd_set rset, wset, eset;
717:
718: FD_ZERO(&rset);
719: FD_ZERO(&wset);
720: FD_ZERO(&eset);
721:
722: /* if we are out of resources, find how long we have to wait
723: for some to come free, we'll loop around then and restart
724: listening for queries */
725: if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
726: {
727: t.tv_usec = 0;
728: tp = &t;
729: }
730:
731: /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
732: if (daemon->tftp_trans ||
733: (option_bool(OPT_DBUS) && !daemon->dbus))
734: {
735: t.tv_sec = 0;
736: t.tv_usec = 250000;
737: tp = &t;
738: }
739: /* Wake every second whilst waiting for DAD to complete */
740: else if (is_dad_listeners())
741: {
742: t.tv_sec = 1;
743: t.tv_usec = 0;
744: tp = &t;
745: }
746:
747: #ifdef HAVE_DBUS
748: set_dbus_listeners(&maxfd, &rset, &wset, &eset);
749: #endif
750:
751: #ifdef HAVE_DHCP
752: if (daemon->dhcp)
753: {
754: FD_SET(daemon->dhcpfd, &rset);
755: bump_maxfd(daemon->dhcpfd, &maxfd);
756: if (daemon->pxefd != -1)
757: {
758: FD_SET(daemon->pxefd, &rset);
759: bump_maxfd(daemon->pxefd, &maxfd);
760: }
761: }
762: #endif
763:
764: #ifdef HAVE_DHCP6
765: if (daemon->doing_dhcp6)
766: {
767: FD_SET(daemon->dhcp6fd, &rset);
768: bump_maxfd(daemon->dhcp6fd, &maxfd);
769: }
770:
771: if (daemon->doing_ra)
772: {
773: FD_SET(daemon->icmp6fd, &rset);
774: bump_maxfd(daemon->icmp6fd, &maxfd);
775: }
776: #endif
777:
778: #ifdef HAVE_LINUX_NETWORK
779: FD_SET(daemon->netlinkfd, &rset);
780: bump_maxfd(daemon->netlinkfd, &maxfd);
781: #endif
782:
783: FD_SET(piperead, &rset);
784: bump_maxfd(piperead, &maxfd);
785:
786: #ifdef HAVE_DHCP
787: # ifdef HAVE_SCRIPT
788: while (helper_buf_empty() && do_script_run(now));
789:
790: # ifdef HAVE_TFTP
791: while (helper_buf_empty() && do_tftp_script_run());
792: # endif
793:
794: if (!helper_buf_empty())
795: {
796: FD_SET(daemon->helperfd, &wset);
797: bump_maxfd(daemon->helperfd, &maxfd);
798: }
799: # else
800: /* need this for other side-effects */
801: while (do_script_run(now));
802:
803: # ifdef HAVE_TFTP
804: while (do_tftp_script_run());
805: # endif
806:
807: # endif
808: #endif
809:
810: /* must do this just before select(), when we know no
811: more calls to my_syslog() can occur */
812: set_log_writer(&wset, &maxfd);
813:
814: if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
815: {
816: /* otherwise undefined after error */
817: FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
818: }
819:
820: now = dnsmasq_time();
821:
822: check_log_writer(&wset);
823:
824: /* Check the interfaces to see if any have exited DAD state
825: and if so, bind the address. */
826: if (is_dad_listeners())
827: {
828: enumerate_interfaces();
829: /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
830: create_bound_listeners(0);
831: }
832:
833: #ifdef HAVE_LINUX_NETWORK
834: if (FD_ISSET(daemon->netlinkfd, &rset))
835: netlink_multicast(now);
836: #endif
837:
838: /* Check for changes to resolv files once per second max. */
839: /* Don't go silent for long periods if the clock goes backwards. */
840: if (daemon->last_resolv == 0 ||
841: difftime(now, daemon->last_resolv) > 1.0 ||
842: difftime(now, daemon->last_resolv) < -1.0)
843: {
844: /* poll_resolv doesn't need to reload first time through, since
845: that's queued anyway. */
846:
847: poll_resolv(0, daemon->last_resolv != 0, now);
848: daemon->last_resolv = now;
849: }
850:
851: if (FD_ISSET(piperead, &rset))
852: async_event(piperead, now);
853:
854: #ifdef HAVE_DBUS
855: /* if we didn't create a DBus connection, retry now. */
856: if (option_bool(OPT_DBUS) && !daemon->dbus)
857: {
858: char *err;
859: if ((err = dbus_init()))
860: my_syslog(LOG_WARNING, _("DBus error: %s"), err);
861: if (daemon->dbus)
862: my_syslog(LOG_INFO, _("connected to system DBus"));
863: }
864: check_dbus_listeners(&rset, &wset, &eset);
865: #endif
866:
867: check_dns_listeners(&rset, now);
868:
869: #ifdef HAVE_TFTP
870: check_tftp_listeners(&rset, now);
871: #endif
872:
873: #ifdef HAVE_DHCP
874: if (daemon->dhcp)
875: {
876: if (FD_ISSET(daemon->dhcpfd, &rset))
877: dhcp_packet(now, 0);
878: if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
879: dhcp_packet(now, 1);
880: }
881:
882: #ifdef HAVE_DHCP6
883: if (daemon->doing_dhcp6 && FD_ISSET(daemon->dhcp6fd, &rset))
884: dhcp6_packet(now);
885:
886: if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
887: icmp6_packet(now);
888: #endif
889:
890: # ifdef HAVE_SCRIPT
891: if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
892: helper_write();
893: # endif
894: #endif
895:
896: }
897: }
898:
899: static void sig_handler(int sig)
900: {
901: if (pid == 0)
902: {
903: /* ignore anything other than TERM during startup
904: and in helper proc. (helper ignore TERM too) */
905: if (sig == SIGTERM)
906: exit(EC_MISC);
907: }
908: else if (pid != getpid())
909: {
910: /* alarm is used to kill TCP children after a fixed time. */
911: if (sig == SIGALRM)
912: _exit(0);
913: }
914: else
915: {
916: /* master process */
917: int event, errsave = errno;
918:
919: if (sig == SIGHUP)
920: event = EVENT_RELOAD;
921: else if (sig == SIGCHLD)
922: event = EVENT_CHILD;
923: else if (sig == SIGALRM)
924: event = EVENT_ALARM;
925: else if (sig == SIGTERM)
926: event = EVENT_TERM;
927: else if (sig == SIGUSR1)
928: event = EVENT_DUMP;
929: else if (sig == SIGUSR2)
930: event = EVENT_REOPEN;
931: else
932: return;
933:
934: send_event(pipewrite, event, 0, NULL);
935: errno = errsave;
936: }
937: }
938:
939: /* now == 0 -> queue immediate callback */
940: void send_alarm(time_t event, time_t now)
941: {
942: if (now == 0 || event != 0)
943: {
944: /* alarm(0) or alarm(-ve) doesn't do what we want.... */
945: if ((now == 0 || difftime(event, now) <= 0.0))
946: send_event(pipewrite, EVENT_ALARM, 0, NULL);
947: else
948: alarm((unsigned)difftime(event, now));
949: }
950: }
951:
952: void send_event(int fd, int event, int data, char *msg)
953: {
954: struct event_desc ev;
955: struct iovec iov[2];
956:
957: ev.event = event;
958: ev.data = data;
959: ev.msg_sz = msg ? strlen(msg) : 0;
960:
961: iov[0].iov_base = &ev;
962: iov[0].iov_len = sizeof(ev);
963: iov[1].iov_base = msg;
964: iov[1].iov_len = ev.msg_sz;
965:
966: /* error pipe, debug mode. */
967: if (fd == -1)
968: fatal_event(&ev, msg);
969: else
970: /* pipe is non-blocking and struct event_desc is smaller than
971: PIPE_BUF, so this either fails or writes everything */
972: while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
973: }
974:
975: /* NOTE: the memory used to return msg is leaked: use msgs in events only
976: to describe fatal errors. */
977: static int read_event(int fd, struct event_desc *evp, char **msg)
978: {
979: char *buf;
980:
981: if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
982: return 0;
983:
984: *msg = NULL;
985:
986: if (evp->msg_sz != 0 &&
987: (buf = malloc(evp->msg_sz + 1)) &&
988: read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
989: {
990: buf[evp->msg_sz] = 0;
991: *msg = buf;
992: }
993:
994: return 1;
995: }
996:
997: static void fatal_event(struct event_desc *ev, char *msg)
998: {
999: errno = ev->data;
1000:
1001: switch (ev->event)
1002: {
1003: case EVENT_DIE:
1004: exit(0);
1005:
1006: case EVENT_FORK_ERR:
1007: die(_("cannot fork into background: %s"), NULL, EC_MISC);
1008:
1009: case EVENT_PIPE_ERR:
1010: die(_("failed to create helper: %s"), NULL, EC_MISC);
1011:
1012: case EVENT_CAP_ERR:
1013: die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1014:
1015: case EVENT_USER_ERR:
1016: die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1017:
1018: case EVENT_GROUP_ERR:
1019: die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1020:
1021: case EVENT_PIDFILE:
1022: die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1023:
1024: case EVENT_LOG_ERR:
1025: die(_("cannot open log %s: %s"), msg, EC_FILE);
1026:
1027: case EVENT_LUA_ERR:
1028: die(_("failed to load Lua script: %s"), msg, EC_MISC);
1029:
1030: case EVENT_TFTP_ERR:
1031: die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1032: }
1033: }
1034:
1035: static void async_event(int pipe, time_t now)
1036: {
1037: pid_t p;
1038: struct event_desc ev;
1039: int i;
1040: char *msg;
1041:
1042: /* NOTE: the memory used to return msg is leaked: use msgs in events only
1043: to describe fatal errors. */
1044:
1045: if (read_event(pipe, &ev, &msg))
1046: switch (ev.event)
1047: {
1048: case EVENT_RELOAD:
1049: clear_cache_and_reload(now);
1050: if (daemon->port != 0 && daemon->resolv_files && option_bool(OPT_NO_POLL))
1051: {
1052: reload_servers(daemon->resolv_files->name);
1053: check_servers();
1054: }
1055: #ifdef HAVE_DHCP
1056: rerun_scripts();
1057: #endif
1058: break;
1059:
1060: case EVENT_DUMP:
1061: if (daemon->port != 0)
1062: dump_cache(now);
1063: break;
1064:
1065: case EVENT_ALARM:
1066: #ifdef HAVE_DHCP
1067: if (daemon->dhcp || daemon->doing_dhcp6)
1068: {
1069: lease_prune(NULL, now);
1070: lease_update_file(now);
1071: }
1072: #ifdef HAVE_DHCP6
1073: else if (daemon->doing_ra)
1074: /* Not doing DHCP, so no lease system, manage alarms for ra only */
1075: send_alarm(periodic_ra(now), now);
1076: #endif
1077: #endif
1078: break;
1079:
1080: case EVENT_CHILD:
1081: /* See Stevens 5.10 */
1082: while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1083: if (p == -1)
1084: {
1085: if (errno != EINTR)
1086: break;
1087: }
1088: else
1089: for (i = 0 ; i < MAX_PROCS; i++)
1090: if (daemon->tcp_pids[i] == p)
1091: daemon->tcp_pids[i] = 0;
1092: break;
1093:
1094: case EVENT_KILLED:
1095: my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
1096: break;
1097:
1098: case EVENT_EXITED:
1099: my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
1100: break;
1101:
1102: case EVENT_EXEC_ERR:
1103: my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1104: daemon->lease_change_command, strerror(ev.data));
1105: break;
1106:
1107: /* necessary for fatal errors in helper */
1108: case EVENT_USER_ERR:
1109: case EVENT_DIE:
1110: case EVENT_LUA_ERR:
1111: fatal_event(&ev, msg);
1112: break;
1113:
1114: case EVENT_REOPEN:
1115: /* Note: this may leave TCP-handling processes with the old file still open.
1116: Since any such process will die in CHILD_LIFETIME or probably much sooner,
1117: we leave them logging to the old file. */
1118: if (daemon->log_file != NULL)
1119: log_reopen(daemon->log_file);
1120: break;
1121:
1122: case EVENT_TERM:
1123: /* Knock all our children on the head. */
1124: for (i = 0; i < MAX_PROCS; i++)
1125: if (daemon->tcp_pids[i] != 0)
1126: kill(daemon->tcp_pids[i], SIGALRM);
1127:
1128: #if defined(HAVE_SCRIPT)
1129: /* handle pending lease transitions */
1130: if (daemon->helperfd != -1)
1131: {
1132: /* block in writes until all done */
1133: if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1134: fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1135: do {
1136: helper_write();
1137: } while (!helper_buf_empty() || do_script_run(now));
1138: close(daemon->helperfd);
1139: }
1140: #endif
1141:
1142: if (daemon->lease_stream)
1143: fclose(daemon->lease_stream);
1144:
1145: if (daemon->runfile)
1146: unlink(daemon->runfile);
1147:
1148: my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1149: flush_log();
1150: exit(EC_GOOD);
1151: }
1152: }
1153:
1154: void poll_resolv(int force, int do_reload, time_t now)
1155: {
1156: struct resolvc *res, *latest;
1157: struct stat statbuf;
1158: time_t last_change = 0;
1159: /* There may be more than one possible file.
1160: Go through and find the one which changed _last_.
1161: Warn of any which can't be read. */
1162:
1163: if (daemon->port == 0 || option_bool(OPT_NO_POLL))
1164: return;
1165:
1166: for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1167: if (stat(res->name, &statbuf) == -1)
1168: {
1169: if (force)
1170: {
1171: res->mtime = 0;
1172: continue;
1173: }
1174:
1175: if (!res->logged)
1176: my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1177: res->logged = 1;
1178:
1179: if (res->mtime != 0)
1180: {
1181: /* existing file evaporated, force selection of the latest
1182: file even if its mtime hasn't changed since we last looked */
1183: poll_resolv(1, do_reload, now);
1184: return;
1185: }
1186: }
1187: else
1188: {
1189: res->logged = 0;
1190: if (force || (statbuf.st_mtime != res->mtime))
1191: {
1192: res->mtime = statbuf.st_mtime;
1193: if (difftime(statbuf.st_mtime, last_change) > 0.0)
1194: {
1195: last_change = statbuf.st_mtime;
1196: latest = res;
1197: }
1198: }
1199: }
1200:
1201: if (latest)
1202: {
1203: static int warned = 0;
1204: if (reload_servers(latest->name))
1205: {
1206: my_syslog(LOG_INFO, _("reading %s"), latest->name);
1207: warned = 0;
1208: check_servers();
1209: if (option_bool(OPT_RELOAD) && do_reload)
1210: clear_cache_and_reload(now);
1211: }
1212: else
1213: {
1214: latest->mtime = 0;
1215: if (!warned)
1216: {
1217: my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1218: warned = 1;
1219: }
1220: }
1221: }
1222: }
1223:
1224: void clear_cache_and_reload(time_t now)
1225: {
1226: if (daemon->port != 0)
1227: cache_reload();
1228:
1229: #ifdef HAVE_DHCP
1230: if (daemon->dhcp || daemon->doing_dhcp6)
1231: {
1232: if (option_bool(OPT_ETHERS))
1233: dhcp_read_ethers();
1234: reread_dhcp();
1235: dhcp_update_configs(daemon->dhcp_conf);
1236: lease_update_from_configs();
1237: lease_update_file(now);
1238: lease_update_dns(1);
1239: }
1240: #ifdef HAVE_DHCP6
1241: else if (daemon->doing_ra)
1242: /* Not doing DHCP, so no lease system, manage
1243: alarms for ra only */
1244: send_alarm(periodic_ra(now), now);
1245: #endif
1246: #endif
1247: }
1248:
1249: static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1250: {
1251: struct serverfd *serverfdp;
1252: struct listener *listener;
1253: int wait = 0, i;
1254:
1255: #ifdef HAVE_TFTP
1256: int tftp = 0;
1257: struct tftp_transfer *transfer;
1258: for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1259: {
1260: tftp++;
1261: FD_SET(transfer->sockfd, set);
1262: bump_maxfd(transfer->sockfd, maxfdp);
1263: }
1264: #endif
1265:
1266: /* will we be able to get memory? */
1267: if (daemon->port != 0)
1268: get_new_frec(now, &wait);
1269:
1270: for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1271: {
1272: FD_SET(serverfdp->fd, set);
1273: bump_maxfd(serverfdp->fd, maxfdp);
1274: }
1275:
1276: if (daemon->port != 0 && !daemon->osport)
1277: for (i = 0; i < RANDOM_SOCKS; i++)
1278: if (daemon->randomsocks[i].refcount != 0)
1279: {
1280: FD_SET(daemon->randomsocks[i].fd, set);
1281: bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1282: }
1283:
1284: for (listener = daemon->listeners; listener; listener = listener->next)
1285: {
1286: /* only listen for queries if we have resources */
1287: if (listener->fd != -1 && wait == 0)
1288: {
1289: FD_SET(listener->fd, set);
1290: bump_maxfd(listener->fd, maxfdp);
1291: }
1292:
1293: /* death of a child goes through the select loop, so
1294: we don't need to explicitly arrange to wake up here */
1295: if (listener->tcpfd != -1)
1296: for (i = 0; i < MAX_PROCS; i++)
1297: if (daemon->tcp_pids[i] == 0)
1298: {
1299: FD_SET(listener->tcpfd, set);
1300: bump_maxfd(listener->tcpfd, maxfdp);
1301: break;
1302: }
1303:
1304: #ifdef HAVE_TFTP
1305: if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1306: {
1307: FD_SET(listener->tftpfd, set);
1308: bump_maxfd(listener->tftpfd, maxfdp);
1309: }
1310: #endif
1311:
1312: }
1313:
1314: return wait;
1315: }
1316:
1317: static void check_dns_listeners(fd_set *set, time_t now)
1318: {
1319: struct serverfd *serverfdp;
1320: struct listener *listener;
1321: int i;
1322:
1323: for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1324: if (FD_ISSET(serverfdp->fd, set))
1325: reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1326:
1327: if (daemon->port != 0 && !daemon->osport)
1328: for (i = 0; i < RANDOM_SOCKS; i++)
1329: if (daemon->randomsocks[i].refcount != 0 &&
1330: FD_ISSET(daemon->randomsocks[i].fd, set))
1331: reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1332:
1333: for (listener = daemon->listeners; listener; listener = listener->next)
1334: {
1335: if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1336: receive_query(listener, now);
1337:
1338: #ifdef HAVE_TFTP
1339: if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1340: tftp_request(listener, now);
1341: #endif
1342:
1343: if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1344: {
1345: int confd, client_ok = 1;
1346: struct irec *iface = NULL;
1347: pid_t p;
1348: union mysockaddr tcp_addr;
1349: socklen_t tcp_len = sizeof(union mysockaddr);
1350:
1351: while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1352:
1353: if (confd == -1)
1354: continue;
1355:
1356: if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1357: {
1358: close(confd);
1359: continue;
1360: }
1361:
1362: if (option_bool(OPT_NOWILD))
1363: iface = listener->iface; /* May be NULL */
1364: else
1365: {
1366: int if_index;
1367: char intr_name[IF_NAMESIZE];
1368:
1369: /* In full wildcard mode, need to refresh interface list.
1370: This happens automagically in CLEVERBIND */
1371: if (!option_bool(OPT_CLEVERBIND))
1372: enumerate_interfaces();
1373:
1374: /* if we can find the arrival interface, check it's one that's allowed */
1375: if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1376: indextoname(listener->tcpfd, if_index, intr_name))
1377: {
1378: struct all_addr addr;
1379: addr.addr.addr4 = tcp_addr.in.sin_addr;
1380: #ifdef HAVE_IPV6
1381: if (tcp_addr.sa.sa_family == AF_INET6)
1382: addr.addr.addr6 = tcp_addr.in6.sin6_addr;
1383: #endif
1384:
1385: for (iface = daemon->interfaces; iface; iface = iface->next)
1386: if (iface->index == if_index)
1387: break;
1388:
1389: if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1390: client_ok = 0;
1391: }
1392:
1393: if (option_bool(OPT_CLEVERBIND))
1394: iface = listener->iface; /* May be NULL */
1395: else
1396: {
1397: /* Check for allowed interfaces when binding the wildcard address:
1398: we do this by looking for an interface with the same address as
1399: the local address of the TCP connection, then looking to see if that's
1400: an allowed interface. As a side effect, we get the netmask of the
1401: interface too, for localisation. */
1402:
1403: for (iface = daemon->interfaces; iface; iface = iface->next)
1404: if (sockaddr_isequal(&iface->addr, &tcp_addr))
1405: break;
1406:
1407: if (!iface)
1408: client_ok = 0;
1409: }
1410: }
1411:
1412: if (!client_ok)
1413: {
1414: shutdown(confd, SHUT_RDWR);
1415: close(confd);
1416: }
1417: #ifndef NO_FORK
1418: else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
1419: {
1420: if (p != -1)
1421: {
1422: int i;
1423: for (i = 0; i < MAX_PROCS; i++)
1424: if (daemon->tcp_pids[i] == 0)
1425: {
1426: daemon->tcp_pids[i] = p;
1427: break;
1428: }
1429: }
1430: close(confd);
1431: }
1432: #endif
1433: else
1434: {
1435: unsigned char *buff;
1436: struct server *s;
1437: int flags;
1438: struct in_addr netmask;
1439: int auth_dns;
1440:
1441: if (iface)
1442: {
1443: netmask = iface->netmask;
1444: auth_dns = iface->dns_auth;
1445: }
1446: else
1447: {
1448: netmask.s_addr = 0;
1449: auth_dns = 0;
1450: }
1451:
1452: #ifndef NO_FORK
1453: /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1454: terminate the process. */
1455: if (!option_bool(OPT_DEBUG))
1456: alarm(CHILD_LIFETIME);
1457: #endif
1458:
1459: /* start with no upstream connections. */
1460: for (s = daemon->servers; s; s = s->next)
1461: s->tcpfd = -1;
1462:
1463: /* The connected socket inherits non-blocking
1464: attribute from the listening socket.
1465: Reset that here. */
1466: if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1467: fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1468:
1469: buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
1470:
1471: shutdown(confd, SHUT_RDWR);
1472: close(confd);
1473:
1474: if (buff)
1475: free(buff);
1476:
1477: for (s = daemon->servers; s; s = s->next)
1478: if (s->tcpfd != -1)
1479: {
1480: shutdown(s->tcpfd, SHUT_RDWR);
1481: close(s->tcpfd);
1482: }
1483: #ifndef NO_FORK
1484: if (!option_bool(OPT_DEBUG))
1485: {
1486: flush_log();
1487: _exit(0);
1488: }
1489: #endif
1490: }
1491: }
1492: }
1493: }
1494:
1495: #ifdef HAVE_DHCP
1496: int make_icmp_sock(void)
1497: {
1498: int fd;
1499: int zeroopt = 0;
1500:
1501: if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1502: {
1503: if (!fix_fd(fd) ||
1504: setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1505: {
1506: close(fd);
1507: fd = -1;
1508: }
1509: }
1510:
1511: return fd;
1512: }
1513:
1514: int icmp_ping(struct in_addr addr)
1515: {
1516: /* Try and get an ICMP echo from a machine. */
1517:
1518: /* Note that whilst in the three second wait, we check for
1519: (and service) events on the DNS and TFTP sockets, (so doing that
1520: better not use any resources our caller has in use...)
1521: but we remain deaf to signals or further DHCP packets. */
1522:
1523: int fd;
1524: struct sockaddr_in saddr;
1525: struct {
1526: struct ip ip;
1527: struct icmp icmp;
1528: } packet;
1529: unsigned short id = rand16();
1530: unsigned int i, j;
1531: int gotreply = 0;
1532: time_t start, now;
1533:
1534: #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1535: if ((fd = make_icmp_sock()) == -1)
1536: return 0;
1537: #else
1538: int opt = 2000;
1539: fd = daemon->dhcp_icmp_fd;
1540: setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1541: #endif
1542:
1543: saddr.sin_family = AF_INET;
1544: saddr.sin_port = 0;
1545: saddr.sin_addr = addr;
1546: #ifdef HAVE_SOCKADDR_SA_LEN
1547: saddr.sin_len = sizeof(struct sockaddr_in);
1548: #endif
1549:
1550: memset(&packet.icmp, 0, sizeof(packet.icmp));
1551: packet.icmp.icmp_type = ICMP_ECHO;
1552: packet.icmp.icmp_id = id;
1553: for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1554: j += ((u16 *)&packet.icmp)[i];
1555: while (j>>16)
1556: j = (j & 0xffff) + (j >> 16);
1557: packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1558:
1559: while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1560: (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1561: retry_send());
1562:
1563: for (now = start = dnsmasq_time();
1564: difftime(now, start) < (float)PING_WAIT;)
1565: {
1566: struct timeval tv;
1567: fd_set rset, wset;
1568: struct sockaddr_in faddr;
1569: int maxfd = fd;
1570: socklen_t len = sizeof(faddr);
1571:
1572: tv.tv_usec = 250000;
1573: tv.tv_sec = 0;
1574:
1575: FD_ZERO(&rset);
1576: FD_ZERO(&wset);
1577: FD_SET(fd, &rset);
1578: set_dns_listeners(now, &rset, &maxfd);
1579: set_log_writer(&wset, &maxfd);
1580:
1581: #ifdef HAVE_DHCP6
1582: if (daemon->doing_ra)
1583: {
1584: FD_SET(daemon->icmp6fd, &rset);
1585: bump_maxfd(daemon->icmp6fd, &maxfd);
1586: }
1587: #endif
1588:
1589: if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1590: {
1591: FD_ZERO(&rset);
1592: FD_ZERO(&wset);
1593: }
1594:
1595: now = dnsmasq_time();
1596:
1597: check_log_writer(&wset);
1598: check_dns_listeners(&rset, now);
1599:
1600: #ifdef HAVE_DHCP6
1601: if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1602: icmp6_packet(now);
1603: #endif
1604:
1605: #ifdef HAVE_TFTP
1606: check_tftp_listeners(&rset, now);
1607: #endif
1608:
1609: if (FD_ISSET(fd, &rset) &&
1610: recvfrom(fd, &packet, sizeof(packet), 0,
1611: (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1612: saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1613: packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1614: packet.icmp.icmp_seq == 0 &&
1615: packet.icmp.icmp_id == id)
1616: {
1617: gotreply = 1;
1618: break;
1619: }
1620: }
1621:
1622: #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1623: close(fd);
1624: #else
1625: opt = 1;
1626: setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1627: #endif
1628:
1629: return gotreply;
1630: }
1631: #endif
1632:
1633:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dnsmasq.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src