|
version 1.1.1.1, 2013/07/29 19:37:40
|
version 1.1.1.5, 2023/09/27 11:02:07
|
|
Line 1
|
Line 1
|
| /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley | /* dnsmasq is Copyright (c) 2000-2022 Simon Kelley |
| |
|
| This program is free software; you can redistribute it and/or modify |
This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
it under the terms of the GNU General Public License as published by |
|
Line 29 int indextoname(int fd, int index, char *name)
|
Line 29 int indextoname(int fd, int index, char *name)
|
| if (ioctl(fd, SIOCGIFNAME, &ifr) == -1) |
if (ioctl(fd, SIOCGIFNAME, &ifr) == -1) |
| return 0; |
return 0; |
| |
|
| strncpy(name, ifr.ifr_name, IF_NAMESIZE); | safe_strncpy(name, ifr.ifr_name, IF_NAMESIZE); |
| |
|
| return 1; | return 1; |
| } |
} |
| |
|
| |
|
|
Line 82 int indextoname(int fd, int index, char *name)
|
Line 82 int indextoname(int fd, int index, char *name)
|
| for (i = lifc.lifc_len / sizeof(struct lifreq); i; i--, lifrp++) |
for (i = lifc.lifc_len / sizeof(struct lifreq); i; i--, lifrp++) |
| { |
{ |
| struct lifreq lifr; |
struct lifreq lifr; |
| strncpy(lifr.lifr_name, lifrp->lifr_name, IF_NAMESIZE); | safe_strncpy(lifr.lifr_name, lifrp->lifr_name, IF_NAMESIZE); |
| if (ioctl(fd, SIOCGLIFINDEX, &lifr) < 0) |
if (ioctl(fd, SIOCGLIFINDEX, &lifr) < 0) |
| return 0; |
return 0; |
| |
|
| if (lifr.lifr_index == index) { |
if (lifr.lifr_index == index) { |
| strncpy(name, lifr.lifr_name, IF_NAMESIZE); | safe_strncpy(name, lifr.lifr_name, IF_NAMESIZE); |
| return 1; |
return 1; |
| } |
} |
| } |
} |
|
Line 99 int indextoname(int fd, int index, char *name)
|
Line 99 int indextoname(int fd, int index, char *name)
|
| |
|
| int indextoname(int fd, int index, char *name) |
int indextoname(int fd, int index, char *name) |
| { |
{ |
| |
(void)fd; |
| |
|
| if (index == 0 || !if_indextoname(index, name)) |
if (index == 0 || !if_indextoname(index, name)) |
| return 0; |
return 0; |
| |
|
|
Line 107 int indextoname(int fd, int index, char *name)
|
Line 109 int indextoname(int fd, int index, char *name)
|
| |
|
| #endif |
#endif |
| |
|
| int iface_check(int family, struct all_addr *addr, char *name, int *auth) | int iface_check(int family, union all_addr *addr, char *name, int *auth) |
| { |
{ |
| struct iname *tmp; |
struct iname *tmp; |
| int ret = 1; | int ret = 1, match_addr = 0; |
| |
|
| /* Note: have to check all and not bail out early, so that we set the | /* Note: have to check all and not bail out early, so that we set the "used" flags. |
| "used" flags. */ | May be called with family == AF_LOCAL to check interface by name only. */ |
| |
|
| if (auth) |
|
| *auth = 0; |
|
| |
|
| if (daemon->if_names || daemon->if_addrs) |
if (daemon->if_names || daemon->if_addrs) |
| { |
{ |
| ret = 0; |
ret = 0; |
|
Line 131 int iface_check(int family, struct all_addr *addr, cha
|
Line 130 int iface_check(int family, struct all_addr *addr, cha
|
| if (tmp->addr.sa.sa_family == family) |
if (tmp->addr.sa.sa_family == family) |
| { |
{ |
| if (family == AF_INET && |
if (family == AF_INET && |
| tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) | tmp->addr.in.sin_addr.s_addr == addr->addr4.s_addr) |
| ret = tmp->used = 1; | ret = match_addr = tmp->used = 1; |
| #ifdef HAVE_IPV6 | |
| else if (family == AF_INET6 && |
else if (family == AF_INET6 && |
| IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, |
IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, |
| &addr->addr.addr6)) | &addr->addr6)) |
| ret = tmp->used = 1; | ret = match_addr = tmp->used = 1; |
| #endif | |
| } |
} |
| } |
} |
| |
|
| for (tmp = daemon->if_except; tmp; tmp = tmp->next) | if (!match_addr) |
| if (tmp->name && wildcard_match(tmp->name, name)) | for (tmp = daemon->if_except; tmp; tmp = tmp->next) |
| ret = 0; | if (tmp->name && wildcard_match(tmp->name, name)) |
| | ret = 0; |
| |
|
| |
if (auth) |
| |
{ |
| |
*auth = 0; |
| |
|
| for (tmp = daemon->authinterface; tmp; tmp = tmp->next) | for (tmp = daemon->authinterface; tmp; tmp = tmp->next) |
| if (tmp->name) | if (tmp->name) |
| { | { |
| if (strcmp(tmp->name, name) == 0) | if (strcmp(tmp->name, name) == 0 && |
| | (tmp->addr.sa.sa_family == 0 || tmp->addr.sa.sa_family == family)) |
| | break; |
| | } |
| | else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET && |
| | tmp->addr.in.sin_addr.s_addr == addr->addr4.s_addr) |
| break; |
break; |
| } | else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 && |
| else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET && | IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr6)) |
| tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) | break; |
| break; | |
| #ifdef HAVE_IPV6 | if (tmp) |
| else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 && | { |
| IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6)) | *auth = 1; |
| break; | ret = 1; |
| #endif | } |
| |
| if (tmp && auth) | |
| { | |
| *auth = 1; | |
| ret = 1; | |
| } |
} |
| |
|
| return ret; |
return ret; |
| } |
} |
| |
|
| |
|
| /* Fix for problem that the kernel sometimes reports the loopback inerface as the | /* Fix for problem that the kernel sometimes reports the loopback interface as the |
| arrival interface when a packet originates locally, even when sent to address of |
arrival interface when a packet originates locally, even when sent to address of |
| an interface other than the loopback. Accept packet if it arrived via a loopback |
an interface other than the loopback. Accept packet if it arrived via a loopback |
| interface, even when we're not accepting packets that way, as long as the destination |
interface, even when we're not accepting packets that way, as long as the destination |
| address is one we're believing. Interface list must be up-to-date before calling. */ |
address is one we're believing. Interface list must be up-to-date before calling. */ |
| int loopback_exception(int fd, int family, struct all_addr *addr, char *name) | int loopback_exception(int fd, int family, union all_addr *addr, char *name) |
| { |
{ |
| struct ifreq ifr; |
struct ifreq ifr; |
| struct irec *iface; |
struct irec *iface; |
| |
|
| strncpy(ifr.ifr_name, name, IF_NAMESIZE); | safe_strncpy(ifr.ifr_name, name, IF_NAMESIZE); |
| if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 && |
if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 && |
| ifr.ifr_flags & IFF_LOOPBACK) |
ifr.ifr_flags & IFF_LOOPBACK) |
| { |
{ |
|
Line 191 int loopback_exception(int fd, int family, struct all_
|
Line 192 int loopback_exception(int fd, int family, struct all_
|
| { |
{ |
| if (family == AF_INET) |
if (family == AF_INET) |
| { |
{ |
| if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) | if (iface->addr.in.sin_addr.s_addr == addr->addr4.s_addr) |
| return 1; |
return 1; |
| } |
} |
| #ifdef HAVE_IPV6 | else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr6)) |
| else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6)) | |
| return 1; |
return 1; |
| #endif |
|
| |
|
| } |
} |
| } |
} |
| return 0; |
return 0; |
| } |
} |
| |
|
| static int iface_allowed(struct irec **irecp, int if_index, | /* If we're configured with something like --interface=eth0:0 then we'll listen correctly |
| union mysockaddr *addr, struct in_addr netmask, int dad) | on the relevant address, but the name of the arrival interface, derived from the |
| | index won't match the config. Check that we found an interface address for the arrival |
| | interface: daemon->interfaces must be up-to-date. */ |
| | int label_exception(int index, int family, union all_addr *addr) |
| { |
{ |
| struct irec *iface; |
struct irec *iface; |
| int fd, mtu = 0, loopback; | |
| | /* labels only supported on IPv4 addresses. */ |
| | if (family != AF_INET) |
| | return 0; |
| | |
| | for (iface = daemon->interfaces; iface; iface = iface->next) |
| | if (iface->index == index && iface->addr.sa.sa_family == AF_INET && |
| | iface->addr.in.sin_addr.s_addr == addr->addr4.s_addr) |
| | return 1; |
| | |
| | return 0; |
| | } |
| | |
| | struct iface_param { |
| | struct addrlist *spare; |
| | int fd; |
| | }; |
| | |
| | static int iface_allowed(struct iface_param *param, int if_index, char *label, |
| | union mysockaddr *addr, struct in_addr netmask, int prefixlen, int iface_flags) |
| | { |
| | struct irec *iface; |
| | struct cond_domain *cond; |
| | int loopback; |
| struct ifreq ifr; |
struct ifreq ifr; |
| int tftp_ok = !!option_bool(OPT_TFTP); |
int tftp_ok = !!option_bool(OPT_TFTP); |
| int dhcp_ok = 1; |
int dhcp_ok = 1; |
| int auth_dns = 0; |
int auth_dns = 0; |
| #ifdef HAVE_DHCP | int is_label = 0; |
| | #if defined(HAVE_DHCP) || defined(HAVE_TFTP) |
| struct iname *tmp; |
struct iname *tmp; |
| #endif |
#endif |
| |
|
| /* check whether the interface IP has been added already | (void)prefixlen; |
| we call this routine multiple times. */ | |
| for (iface = *irecp; iface; iface = iface->next) | |
| if (sockaddr_isequal(&iface->addr, addr)) | |
| { | |
| iface->dad = dad; | |
| return 1; | |
| } | |
| |
|
| if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1 || | if (!indextoname(param->fd, if_index, ifr.ifr_name) || |
| !indextoname(fd, if_index, ifr.ifr_name) || | ioctl(param->fd, SIOCGIFFLAGS, &ifr) == -1) |
| ioctl(fd, SIOCGIFFLAGS, &ifr) == -1) | return 0; |
| | |
| | loopback = ifr.ifr_flags & IFF_LOOPBACK; |
| | |
| | if (loopback) |
| | dhcp_ok = 0; |
| | |
| | if (!label) |
| | label = ifr.ifr_name; |
| | else |
| | is_label = strcmp(label, ifr.ifr_name); |
| | |
| | /* maintain a list of all addresses on all interfaces for --local-service option */ |
| | if (option_bool(OPT_LOCAL_SERVICE)) |
| { |
{ |
| if (fd != -1) | struct addrlist *al; |
| | |
| | if (param->spare) |
| { |
{ |
| int errsave = errno; | al = param->spare; |
| close(fd); | param->spare = al->next; |
| errno = errsave; | |
| } |
} |
| return 0; | else |
| | al = whine_malloc(sizeof(struct addrlist)); |
| | |
| | if (al) |
| | { |
| | al->next = daemon->interface_addrs; |
| | daemon->interface_addrs = al; |
| | al->prefixlen = prefixlen; |
| | |
| | if (addr->sa.sa_family == AF_INET) |
| | { |
| | al->addr.addr4 = addr->in.sin_addr; |
| | al->flags = 0; |
| | } |
| | else |
| | { |
| | al->addr.addr6 = addr->in6.sin6_addr; |
| | al->flags = ADDRLIST_IPV6; |
| | } |
| | } |
| } |
} |
| |
|
| loopback = ifr.ifr_flags & IFF_LOOPBACK; |
|
| |
|
| if (loopback) | if (addr->sa.sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr)) |
| dhcp_ok = 0; | { |
| | struct interface_name *int_name; |
| | struct addrlist *al; |
| | #ifdef HAVE_AUTH |
| | struct auth_zone *zone; |
| | struct auth_name_list *name; |
| |
|
| if (ioctl(fd, SIOCGIFMTU, &ifr) != -1) | /* Find subnets in auth_zones */ |
| mtu = ifr.ifr_mtu; | for (zone = daemon->auth_zones; zone; zone = zone->next) |
| | for (name = zone->interface_names; name; name = name->next) |
| | if (wildcard_match(name->name, label)) |
| | { |
| | if (addr->sa.sa_family == AF_INET && (name->flags & AUTH4)) |
| | { |
| | if (param->spare) |
| | { |
| | al = param->spare; |
| | param->spare = al->next; |
| | } |
| | else |
| | al = whine_malloc(sizeof(struct addrlist)); |
| | |
| | if (al) |
| | { |
| | al->next = zone->subnet; |
| | zone->subnet = al; |
| | al->prefixlen = prefixlen; |
| | al->addr.addr4 = addr->in.sin_addr; |
| | al->flags = 0; |
| | } |
| | } |
| | |
| | if (addr->sa.sa_family == AF_INET6 && (name->flags & AUTH6)) |
| | { |
| | if (param->spare) |
| | { |
| | al = param->spare; |
| | param->spare = al->next; |
| | } |
| | else |
| | al = whine_malloc(sizeof(struct addrlist)); |
| | |
| | if (al) |
| | { |
| | al->next = zone->subnet; |
| | zone->subnet = al; |
| | al->prefixlen = prefixlen; |
| | al->addr.addr6 = addr->in6.sin6_addr; |
| | al->flags = ADDRLIST_IPV6; |
| | } |
| | } |
| | } |
| | #endif |
| | |
| | /* Update addresses from interface_names. These are a set independent |
| | of the set we're listening on. */ |
| | for (int_name = daemon->int_names; int_name; int_name = int_name->next) |
| | if (strncmp(label, int_name->intr, IF_NAMESIZE) == 0) |
| | { |
| | struct addrlist *lp; |
| | |
| | al = NULL; |
| | |
| | if (addr->sa.sa_family == AF_INET && (int_name->flags & (IN4 | INP4))) |
| | { |
| | struct in_addr newaddr = addr->in.sin_addr; |
| | |
| | if (int_name->flags & INP4) |
| | { |
| | if (netmask.s_addr == 0xffffffff) |
| | continue; |
| | |
| | newaddr.s_addr = (addr->in.sin_addr.s_addr & netmask.s_addr) | |
| | (int_name->proto4.s_addr & ~netmask.s_addr); |
| | } |
| | |
| | /* check for duplicates. */ |
| | for (lp = int_name->addr; lp; lp = lp->next) |
| | if (lp->flags == 0 && lp->addr.addr4.s_addr == newaddr.s_addr) |
| | break; |
| | |
| | if (!lp) |
| | { |
| | if (param->spare) |
| | { |
| | al = param->spare; |
| | param->spare = al->next; |
| | } |
| | else |
| | al = whine_malloc(sizeof(struct addrlist)); |
| | |
| | if (al) |
| | { |
| | al->flags = 0; |
| | al->addr.addr4 = newaddr; |
| | } |
| | } |
| | } |
| | |
| | if (addr->sa.sa_family == AF_INET6 && (int_name->flags & (IN6 | INP6))) |
| | { |
| | struct in6_addr newaddr = addr->in6.sin6_addr; |
| | |
| | if (int_name->flags & INP6) |
| | { |
| | int i; |
| | |
| | /* No sense in doing /128. */ |
| | if (prefixlen == 128) |
| | continue; |
| | |
| | for (i = 0; i < 16; i++) |
| | { |
| | int bits = ((i+1)*8) - prefixlen; |
| | |
| | if (bits >= 8) |
| | newaddr.s6_addr[i] = int_name->proto6.s6_addr[i]; |
| | else if (bits >= 0) |
| | { |
| | unsigned char mask = 0xff << bits; |
| | newaddr.s6_addr[i] = |
| | (addr->in6.sin6_addr.s6_addr[i] & mask) | |
| | (int_name->proto6.s6_addr[i] & ~mask); |
| | } |
| | } |
| | } |
| | |
| | /* check for duplicates. */ |
| | for (lp = int_name->addr; lp; lp = lp->next) |
| | if ((lp->flags & ADDRLIST_IPV6) && |
| | IN6_ARE_ADDR_EQUAL(&lp->addr.addr6, &newaddr)) |
| | break; |
| | |
| | if (!lp) |
| | { |
| | if (param->spare) |
| | { |
| | al = param->spare; |
| | param->spare = al->next; |
| | } |
| | else |
| | al = whine_malloc(sizeof(struct addrlist)); |
| | |
| | if (al) |
| | { |
| | al->flags = ADDRLIST_IPV6; |
| | al->addr.addr6 = newaddr; |
| | |
| | /* Privacy addresses and addresses still undergoing DAD and deprecated addresses |
| | don't appear in forward queries, but will in reverse ones. */ |
| | if (!(iface_flags & IFACE_PERMANENT) || (iface_flags & (IFACE_DEPRECATED | IFACE_TENTATIVE))) |
| | al->flags |= ADDRLIST_REVONLY; |
| | } |
| | } |
| | } |
| | |
| | if (al) |
| | { |
| | al->next = int_name->addr; |
| | int_name->addr = al; |
| | } |
| | } |
| | } |
| | |
| | /* Update addresses for domain=<domain>,<interface> */ |
| | for (cond = daemon->cond_domain; cond; cond = cond->next) |
| | if (cond->interface && strncmp(label, cond->interface, IF_NAMESIZE) == 0) |
| | { |
| | struct addrlist *al; |
| | |
| | if (param->spare) |
| | { |
| | al = param->spare; |
| | param->spare = al->next; |
| | } |
| | else |
| | al = whine_malloc(sizeof(struct addrlist)); |
| | |
| | if (addr->sa.sa_family == AF_INET) |
| | { |
| | al->addr.addr4 = addr->in.sin_addr; |
| | al->flags = 0; |
| | } |
| | else |
| | { |
| | al->addr.addr6 = addr->in6.sin6_addr; |
| | al->flags = ADDRLIST_IPV6; |
| | } |
| | |
| | al->prefixlen = prefixlen; |
| | al->next = cond->al; |
| | cond->al = al; |
| | } |
| |
|
| close(fd); | /* check whether the interface IP has been added already |
| | we call this routine multiple times. */ |
| /* If we are restricting the set of interfaces to use, make | for (iface = daemon->interfaces; iface; iface = iface->next) |
| | if (sockaddr_isequal(&iface->addr, addr) && iface->index == if_index) |
| | { |
| | iface->dad = !!(iface_flags & IFACE_TENTATIVE); |
| | iface->found = 1; /* for garbage collection */ |
| | iface->netmask = netmask; |
| | return 1; |
| | } |
| | |
| | /* If we are restricting the set of interfaces to use, make |
| sure that loopback interfaces are in that set. */ |
sure that loopback interfaces are in that set. */ |
| if (daemon->if_names && loopback) |
if (daemon->if_names && loopback) |
| { |
{ |
|
Line 273 static int iface_allowed(struct irec **irecp, int if_i
|
Line 520 static int iface_allowed(struct irec **irecp, int if_i
|
| } |
} |
| |
|
| if (addr->sa.sa_family == AF_INET && |
if (addr->sa.sa_family == AF_INET && |
| !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, ifr.ifr_name, &auth_dns)) | !iface_check(AF_INET, (union all_addr *)&addr->in.sin_addr, label, &auth_dns)) |
| return 1; |
return 1; |
| |
|
| #ifdef HAVE_IPV6 |
|
| if (addr->sa.sa_family == AF_INET6 && |
if (addr->sa.sa_family == AF_INET6 && |
| !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, ifr.ifr_name, &auth_dns)) | !iface_check(AF_INET6, (union all_addr *)&addr->in6.sin6_addr, label, &auth_dns)) |
| return 1; |
return 1; |
| #endif |
|
| |
|
| #ifdef HAVE_DHCP |
#ifdef HAVE_DHCP |
| /* No DHCP where we're doing auth DNS. */ |
/* No DHCP where we're doing auth DNS. */ |
|
Line 298 static int iface_allowed(struct irec **irecp, int if_i
|
Line 543 static int iface_allowed(struct irec **irecp, int if_i
|
| } |
} |
| #endif |
#endif |
| |
|
| |
|
| |
#ifdef HAVE_TFTP |
| |
if (daemon->tftp_interfaces) |
| |
{ |
| |
/* dedicated tftp interface list */ |
| |
tftp_ok = 0; |
| |
for (tmp = daemon->tftp_interfaces; tmp; tmp = tmp->next) |
| |
if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name)) |
| |
tftp_ok = 1; |
| |
} |
| |
#endif |
| |
|
| /* add to list */ |
/* add to list */ |
| if ((iface = whine_malloc(sizeof(struct irec)))) |
if ((iface = whine_malloc(sizeof(struct irec)))) |
| { |
{ |
| |
int mtu = 0; |
| |
|
| |
if (ioctl(param->fd, SIOCGIFMTU, &ifr) != -1) |
| |
mtu = ifr.ifr_mtu; |
| |
|
| iface->addr = *addr; |
iface->addr = *addr; |
| iface->netmask = netmask; |
iface->netmask = netmask; |
| iface->tftp_ok = tftp_ok; |
iface->tftp_ok = tftp_ok; |
| iface->dhcp_ok = dhcp_ok; |
iface->dhcp_ok = dhcp_ok; |
| iface->dns_auth = auth_dns; |
iface->dns_auth = auth_dns; |
| iface->mtu = mtu; |
iface->mtu = mtu; |
| iface->dad = dad; | iface->dad = !!(iface_flags & IFACE_TENTATIVE); |
| iface->done = iface->multicast_done = 0; | iface->found = 1; |
| | iface->done = iface->multicast_done = iface->warned = 0; |
| iface->index = if_index; |
iface->index = if_index; |
| |
iface->label = is_label; |
| if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1))) |
if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1))) |
| { |
{ |
| strcpy(iface->name, ifr.ifr_name); |
strcpy(iface->name, ifr.ifr_name); |
| iface->next = *irecp; | iface->next = daemon->interfaces; |
| *irecp = iface; | daemon->interfaces = iface; |
| return 1; |
return 1; |
| } |
} |
| free(iface); |
free(iface); |
|
Line 325 static int iface_allowed(struct irec **irecp, int if_i
|
Line 589 static int iface_allowed(struct irec **irecp, int if_i
|
| return 0; |
return 0; |
| } |
} |
| |
|
| #ifdef HAVE_IPV6 |
|
| static int iface_allowed_v6(struct in6_addr *local, int prefix, |
static int iface_allowed_v6(struct in6_addr *local, int prefix, |
| int scope, int if_index, int flags, |
int scope, int if_index, int flags, |
| int preferred, int valid, void *vparam) |
int preferred, int valid, void *vparam) |
|
Line 334 static int iface_allowed_v6(struct in6_addr *local, in
|
Line 597 static int iface_allowed_v6(struct in6_addr *local, in
|
| struct in_addr netmask; /* dummy */ |
struct in_addr netmask; /* dummy */ |
| netmask.s_addr = 0; |
netmask.s_addr = 0; |
| |
|
| (void)prefix; /* warning */ |
|
| (void)scope; /* warning */ |
(void)scope; /* warning */ |
| (void)preferred; |
(void)preferred; |
| (void)valid; |
(void)valid; |
|
Line 346 static int iface_allowed_v6(struct in6_addr *local, in
|
Line 608 static int iface_allowed_v6(struct in6_addr *local, in
|
| addr.in6.sin6_family = AF_INET6; |
addr.in6.sin6_family = AF_INET6; |
| addr.in6.sin6_addr = *local; |
addr.in6.sin6_addr = *local; |
| addr.in6.sin6_port = htons(daemon->port); |
addr.in6.sin6_port = htons(daemon->port); |
| addr.in6.sin6_scope_id = if_index; | /* FreeBSD insists this is zero for non-linklocal addresses */ |
| | if (IN6_IS_ADDR_LINKLOCAL(local)) |
| | addr.in6.sin6_scope_id = if_index; |
| | else |
| | addr.in6.sin6_scope_id = 0; |
| |
|
| return iface_allowed((struct irec **)vparam, if_index, &addr, netmask, !!(flags & IFACE_TENTATIVE)); | return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, flags); |
| } |
} |
| #endif |
|
| |
|
| static int iface_allowed_v4(struct in_addr local, int if_index, | static int iface_allowed_v4(struct in_addr local, int if_index, char *label, |
| struct in_addr netmask, struct in_addr broadcast, void *vparam) |
struct in_addr netmask, struct in_addr broadcast, void *vparam) |
| { |
{ |
| union mysockaddr addr; |
union mysockaddr addr; |
| |
int prefix, bit; |
| |
|
| |
(void)broadcast; /* warning */ |
| |
|
| memset(&addr, 0, sizeof(addr)); |
memset(&addr, 0, sizeof(addr)); |
| #ifdef HAVE_SOCKADDR_SA_LEN |
#ifdef HAVE_SOCKADDR_SA_LEN |
| addr.in.sin_len = sizeof(addr.in); |
addr.in.sin_len = sizeof(addr.in); |
| #endif |
#endif |
| addr.in.sin_family = AF_INET; |
addr.in.sin_family = AF_INET; |
| addr.in.sin_addr = broadcast; /* warning */ |
|
| addr.in.sin_addr = local; |
addr.in.sin_addr = local; |
| addr.in.sin_port = htons(daemon->port); |
addr.in.sin_port = htons(daemon->port); |
| |
|
| return iface_allowed((struct irec **)vparam, if_index, &addr, netmask, 0); | /* determine prefix length from netmask */ |
| | for (prefix = 32, bit = 1; (bit & ntohl(netmask.s_addr)) == 0 && prefix != 0; bit = bit << 1, prefix--); |
| | |
| | return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0); |
| } |
} |
| | |
| int enumerate_interfaces(void) | /* |
| | * Clean old interfaces no longer found. |
| | */ |
| | static void clean_interfaces() |
| { |
{ |
| #ifdef HAVE_IPV6 | struct irec *iface; |
| if (!iface_enumerate(AF_INET6, &daemon->interfaces, iface_allowed_v6)) | struct irec **up = &daemon->interfaces; |
| return 0; | |
| | for (iface = *up; iface; iface = *up) |
| | { |
| | if (!iface->found && !iface->done) |
| | { |
| | *up = iface->next; |
| | free(iface->name); |
| | free(iface); |
| | } |
| | else |
| | { |
| | up = &iface->next; |
| | } |
| | } |
| | } |
| | |
| | /** Release listener if no other interface needs it. |
| | * |
| | * @return 1 if released, 0 if still required |
| | */ |
| | static int release_listener(struct listener *l) |
| | { |
| | if (l->used > 1) |
| | { |
| | struct irec *iface; |
| | for (iface = daemon->interfaces; iface; iface = iface->next) |
| | if (iface->done && sockaddr_isequal(&l->addr, &iface->addr)) |
| | { |
| | if (iface->found) |
| | { |
| | /* update listener to point to active interface instead */ |
| | if (!l->iface->found) |
| | l->iface = iface; |
| | } |
| | else |
| | { |
| | l->used--; |
| | iface->done = 0; |
| | } |
| | } |
| | |
| | /* Someone is still using this listener, skip its deletion */ |
| | if (l->used > 0) |
| | return 0; |
| | } |
| | |
| | if (l->iface->done) |
| | { |
| | int port; |
| | |
| | port = prettyprint_addr(&l->iface->addr, daemon->addrbuff); |
| | my_syslog(LOG_DEBUG|MS_DEBUG, _("stopped listening on %s(#%d): %s port %d"), |
| | l->iface->name, l->iface->index, daemon->addrbuff, port); |
| | /* In case it ever returns */ |
| | l->iface->done = 0; |
| | } |
| | |
| | if (l->fd != -1) |
| | close(l->fd); |
| | if (l->tcpfd != -1) |
| | close(l->tcpfd); |
| | if (l->tftpfd != -1) |
| | close(l->tftpfd); |
| | |
| | free(l); |
| | return 1; |
| | } |
| | |
| | int enumerate_interfaces(int reset) |
| | { |
| | static struct addrlist *spare = NULL; |
| | static int done = 0; |
| | struct iface_param param; |
| | int errsave, ret = 1; |
| | struct addrlist *addr, *tmp; |
| | struct interface_name *intname; |
| | struct cond_domain *cond; |
| | struct irec *iface; |
| | #ifdef HAVE_AUTH |
| | struct auth_zone *zone; |
| #endif |
#endif |
| |
struct server *serv; |
| |
|
| |
/* Do this max once per select cycle - also inhibits netlink socket use |
| |
in TCP child processes. */ |
| |
|
| return iface_enumerate(AF_INET, &daemon->interfaces, iface_allowed_v4); | if (reset) |
| | { |
| | done = 0; |
| | return 1; |
| | } |
| | |
| | if (done) |
| | return 1; |
| | |
| | done = 1; |
| | |
| | if ((param.fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1) |
| | return 0; |
| | |
| | /* iface indexes can change when interfaces are created/destroyed. |
| | We use them in the main forwarding control path, when the path |
| | to a server is specified by an interface, so cache them. |
| | Update the cache here. */ |
| | for (serv = daemon->servers; serv; serv = serv->next) |
| | if (serv->interface[0] != 0) |
| | { |
| | #ifdef HAVE_LINUX_NETWORK |
| | struct ifreq ifr; |
| | |
| | safe_strncpy(ifr.ifr_name, serv->interface, IF_NAMESIZE); |
| | if (ioctl(param.fd, SIOCGIFINDEX, &ifr) != -1) |
| | serv->ifindex = ifr.ifr_ifindex; |
| | #else |
| | serv->ifindex = if_nametoindex(serv->interface); |
| | #endif |
| | } |
| | |
| | again: |
| | /* Mark interfaces for garbage collection */ |
| | for (iface = daemon->interfaces; iface; iface = iface->next) |
| | iface->found = 0; |
| | |
| | /* remove addresses stored against interface_names */ |
| | for (intname = daemon->int_names; intname; intname = intname->next) |
| | { |
| | for (addr = intname->addr; addr; addr = tmp) |
| | { |
| | tmp = addr->next; |
| | addr->next = spare; |
| | spare = addr; |
| | } |
| | |
| | intname->addr = NULL; |
| | } |
| | |
| | /* remove addresses stored against cond-domains. */ |
| | for (cond = daemon->cond_domain; cond; cond = cond->next) |
| | { |
| | for (addr = cond->al; addr; addr = tmp) |
| | { |
| | tmp = addr->next; |
| | addr->next = spare; |
| | spare = addr; |
| | } |
| | |
| | cond->al = NULL; |
| | } |
| | |
| | /* Remove list of addresses of local interfaces */ |
| | for (addr = daemon->interface_addrs; addr; addr = tmp) |
| | { |
| | tmp = addr->next; |
| | addr->next = spare; |
| | spare = addr; |
| | } |
| | daemon->interface_addrs = NULL; |
| | |
| | #ifdef HAVE_AUTH |
| | /* remove addresses stored against auth_zone subnets, but not |
| | ones configured as address literals */ |
| | for (zone = daemon->auth_zones; zone; zone = zone->next) |
| | if (zone->interface_names) |
| | { |
| | struct addrlist **up; |
| | for (up = &zone->subnet, addr = zone->subnet; addr; addr = tmp) |
| | { |
| | tmp = addr->next; |
| | if (addr->flags & ADDRLIST_LITERAL) |
| | up = &addr->next; |
| | else |
| | { |
| | *up = addr->next; |
| | addr->next = spare; |
| | spare = addr; |
| | } |
| | } |
| | } |
| | #endif |
| | |
| | param.spare = spare; |
| | |
| | ret = iface_enumerate(AF_INET6, ¶m, iface_allowed_v6); |
| | if (ret < 0) |
| | goto again; |
| | else if (ret) |
| | { |
| | ret = iface_enumerate(AF_INET, ¶m, iface_allowed_v4); |
| | if (ret < 0) |
| | goto again; |
| | } |
| | |
| | errsave = errno; |
| | close(param.fd); |
| | |
| | if (option_bool(OPT_CLEVERBIND)) |
| | { |
| | /* Garbage-collect listeners listening on addresses that no longer exist. |
| | Does nothing when not binding interfaces or for listeners on localhost, |
| | since the ->iface field is NULL. Note that this needs the protections |
| | against reentrancy, hence it's here. It also means there's a possibility, |
| | in OPT_CLEVERBIND mode, that at listener will just disappear after |
| | a call to enumerate_interfaces, this is checked OK on all calls. */ |
| | struct listener *l, *tmp, **up; |
| | int freed = 0; |
| | |
| | for (up = &daemon->listeners, l = daemon->listeners; l; l = tmp) |
| | { |
| | tmp = l->next; |
| | |
| | if (!l->iface || l->iface->found) |
| | up = &l->next; |
| | else if (release_listener(l)) |
| | { |
| | *up = tmp; |
| | freed = 1; |
| | } |
| | } |
| | |
| | if (freed) |
| | clean_interfaces(); |
| | } |
| | |
| | errno = errsave; |
| | spare = param.spare; |
| | |
| | return ret; |
| } |
} |
| |
|
| /* set NONBLOCK bit on fd: See Stevens 16.6 */ |
/* set NONBLOCK bit on fd: See Stevens 16.6 */ |
|
Line 398 static int make_sock(union mysockaddr *addr, int type,
|
Line 894 static int make_sock(union mysockaddr *addr, int type,
|
| |
|
| if ((fd = socket(family, type, 0)) == -1) |
if ((fd = socket(family, type, 0)) == -1) |
| { |
{ |
| int port; | int port, errsave; |
| char *s; |
char *s; |
| |
|
| /* No error if the kernel just doesn't support this IP flavour */ |
/* No error if the kernel just doesn't support this IP flavour */ |
|
Line 408 static int make_sock(union mysockaddr *addr, int type,
|
Line 904 static int make_sock(union mysockaddr *addr, int type,
|
| return -1; |
return -1; |
| |
|
| err: |
err: |
| |
errsave = errno; |
| port = prettyprint_addr(addr, daemon->addrbuff); |
port = prettyprint_addr(addr, daemon->addrbuff); |
| if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) |
if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) |
| sprintf(daemon->addrbuff, "port %d", port); |
sprintf(daemon->addrbuff, "port %d", port); |
|
Line 415 static int make_sock(union mysockaddr *addr, int type,
|
Line 912 static int make_sock(union mysockaddr *addr, int type,
|
| |
|
| if (fd != -1) |
if (fd != -1) |
| close (fd); |
close (fd); |
| | |
| | errno = errsave; |
| | |
| if (dienow) |
if (dienow) |
| { |
{ |
| /* failure to bind addresses given by --listen-address at this point |
/* failure to bind addresses given by --listen-address at this point |
|
Line 432 static int make_sock(union mysockaddr *addr, int type,
|
Line 931 static int make_sock(union mysockaddr *addr, int type,
|
| if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd)) |
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd)) |
| goto err; |
goto err; |
| |
|
| #ifdef HAVE_IPV6 |
|
| if (family == AF_INET6 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1) |
if (family == AF_INET6 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1) |
| goto err; |
goto err; |
| #endif |
|
| |
|
| if ((rc = bind(fd, (struct sockaddr *)addr, sa_len(addr))) == -1) |
if ((rc = bind(fd, (struct sockaddr *)addr, sa_len(addr))) == -1) |
| goto err; |
goto err; |
| |
|
| if (type == SOCK_STREAM) |
if (type == SOCK_STREAM) |
| { |
{ |
| if (listen(fd, 5) == -1) | #ifdef TCP_FASTOPEN |
| | int qlen = 5; |
| | setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, &qlen, sizeof(qlen)); |
| | #endif |
| | |
| | if (listen(fd, TCP_BACKLOG) == -1) |
| goto err; |
goto err; |
| } |
} |
| else if (!option_bool(OPT_NOWILD)) | else if (family == AF_INET) |
| { |
{ |
| if (family == AF_INET) | if (!option_bool(OPT_NOWILD)) |
| { |
{ |
| #if defined(HAVE_LINUX_NETWORK) |
#if defined(HAVE_LINUX_NETWORK) |
| if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1) |
if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1) |
|
Line 458 static int make_sock(union mysockaddr *addr, int type,
|
Line 960 static int make_sock(union mysockaddr *addr, int type,
|
| goto err; |
goto err; |
| #endif |
#endif |
| } |
} |
| #ifdef HAVE_IPV6 |
|
| else if (!set_ipv6pktinfo(fd)) |
|
| goto err; |
|
| #endif |
|
| } |
} |
| |
else if (!set_ipv6pktinfo(fd)) |
| |
goto err; |
| |
|
| return fd; |
return fd; |
| } |
} |
| |
|
| #ifdef HAVE_IPV6 |
|
| int set_ipv6pktinfo(int fd) |
int set_ipv6pktinfo(int fd) |
| { |
{ |
| int opt = 1; |
int opt = 1; |
|
Line 494 int set_ipv6pktinfo(int fd)
|
Line 993 int set_ipv6pktinfo(int fd)
|
| |
|
| return 0; |
return 0; |
| } |
} |
| #endif |
|
| |
|
| |
|
| /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */ |
/* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */ |
| int tcp_interface(int fd, int af) |
int tcp_interface(int fd, int af) |
| { |
{ |
| |
(void)fd; /* suppress potential unused warning */ |
| |
(void)af; /* suppress potential unused warning */ |
| int if_index = 0; |
int if_index = 0; |
| |
|
| #ifdef HAVE_LINUX_NETWORK |
#ifdef HAVE_LINUX_NETWORK |
| int opt = 1; |
int opt = 1; |
| struct cmsghdr *cmptr; |
struct cmsghdr *cmptr; |
| struct msghdr msg; |
struct msghdr msg; |
| |
socklen_t len; |
| |
|
| /* use mshdr do that the CMSDG_* macros are available */ | /* use mshdr so that the CMSDG_* macros are available */ |
| msg.msg_control = daemon->packet; |
msg.msg_control = daemon->packet; |
| msg.msg_controllen = daemon->packet_buff_sz; | msg.msg_controllen = len = daemon->packet_buff_sz; |
| | |
| /* we overwrote the buffer... */ |
/* we overwrote the buffer... */ |
| daemon->srv_save = NULL; | daemon->srv_save = NULL; |
| | |
| if (af == AF_INET) |
if (af == AF_INET) |
| { |
{ |
| if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) != -1 && |
if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) != -1 && |
| getsockopt(fd, IPPROTO_IP, IP_PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1) | getsockopt(fd, IPPROTO_IP, IP_PKTOPTIONS, msg.msg_control, &len) != -1) |
| for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) | { |
| if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) | msg.msg_controllen = len; |
| { | for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) |
| union { | if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) |
| unsigned char *c; | { |
| struct in_pktinfo *p; | union { |
| } p; | unsigned char *c; |
| | struct in_pktinfo *p; |
| p.c = CMSG_DATA(cmptr); | } p; |
| if_index = p.p->ipi_ifindex; | |
| } | p.c = CMSG_DATA(cmptr); |
| | if_index = p.p->ipi_ifindex; |
| | } |
| | } |
| } |
} |
| #ifdef HAVE_IPV6 |
|
| else |
else |
| { |
{ |
| /* Only the RFC-2292 API has the ability to find the interface for TCP connections, |
/* Only the RFC-2292 API has the ability to find the interface for TCP connections, |
|
Line 546 int tcp_interface(int fd, int af)
|
Line 1049 int tcp_interface(int fd, int af)
|
| #endif |
#endif |
| |
|
| if (set_ipv6pktinfo(fd) && |
if (set_ipv6pktinfo(fd) && |
| getsockopt(fd, IPPROTO_IPV6, PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1) | getsockopt(fd, IPPROTO_IPV6, PKTOPTIONS, msg.msg_control, &len) != -1) |
| { |
{ |
| for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) | msg.msg_controllen = len; |
| | for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) |
| if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo) |
if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo) |
| { |
{ |
| union { |
union { |
|
Line 561 int tcp_interface(int fd, int af)
|
Line 1065 int tcp_interface(int fd, int af)
|
| } |
} |
| } |
} |
| } |
} |
| #endif /* IPV6 */ |
|
| #endif /* Linux */ |
#endif /* Linux */ |
| |
|
| return if_index; |
return if_index; |
|
Line 572 static struct listener *create_listeners(union mysocka
|
Line 1075 static struct listener *create_listeners(union mysocka
|
| struct listener *l = NULL; |
struct listener *l = NULL; |
| int fd = -1, tcpfd = -1, tftpfd = -1; |
int fd = -1, tcpfd = -1, tftpfd = -1; |
| |
|
| |
(void)do_tftp; |
| |
|
| if (daemon->port != 0) |
if (daemon->port != 0) |
| { |
{ |
| fd = make_sock(addr, SOCK_DGRAM, dienow); |
fd = make_sock(addr, SOCK_DGRAM, dienow); |
|
Line 589 static struct listener *create_listeners(union mysocka
|
Line 1094 static struct listener *create_listeners(union mysocka
|
| tftpfd = make_sock(addr, SOCK_DGRAM, dienow); |
tftpfd = make_sock(addr, SOCK_DGRAM, dienow); |
| addr->in.sin_port = save; |
addr->in.sin_port = save; |
| } |
} |
| # ifdef HAVE_IPV6 |
|
| else |
else |
| { |
{ |
| short save = addr->in6.sin6_port; |
short save = addr->in6.sin6_port; |
|
Line 597 static struct listener *create_listeners(union mysocka
|
Line 1101 static struct listener *create_listeners(union mysocka
|
| tftpfd = make_sock(addr, SOCK_DGRAM, dienow); |
tftpfd = make_sock(addr, SOCK_DGRAM, dienow); |
| addr->in6.sin6_port = save; |
addr->in6.sin6_port = save; |
| } |
} |
| # endif |
|
| } |
} |
| #endif |
#endif |
| |
|
|
Line 605 static struct listener *create_listeners(union mysocka
|
Line 1108 static struct listener *create_listeners(union mysocka
|
| { |
{ |
| l = safe_malloc(sizeof(struct listener)); |
l = safe_malloc(sizeof(struct listener)); |
| l->next = NULL; |
l->next = NULL; |
| l->family = addr->sa.sa_family; |
|
| l->fd = fd; |
l->fd = fd; |
| l->tcpfd = tcpfd; |
l->tcpfd = tcpfd; |
| l->tftpfd = tftpfd; |
l->tftpfd = tftpfd; |
| |
l->addr = *addr; |
| |
l->used = 1; |
| |
l->iface = NULL; |
| } |
} |
| |
|
| return l; |
return l; |
|
Line 629 void create_wildcard_listeners(void)
|
Line 1134 void create_wildcard_listeners(void)
|
| |
|
| l = create_listeners(&addr, !!option_bool(OPT_TFTP), 1); |
l = create_listeners(&addr, !!option_bool(OPT_TFTP), 1); |
| |
|
| #ifdef HAVE_IPV6 |
|
| memset(&addr, 0, sizeof(addr)); |
memset(&addr, 0, sizeof(addr)); |
| # ifdef HAVE_SOCKADDR_SA_LEN | #ifdef HAVE_SOCKADDR_SA_LEN |
| addr.in6.sin6_len = sizeof(addr.in6); |
addr.in6.sin6_len = sizeof(addr.in6); |
| # endif | #endif |
| addr.in6.sin6_family = AF_INET6; |
addr.in6.sin6_family = AF_INET6; |
| addr.in6.sin6_addr = in6addr_any; |
addr.in6.sin6_addr = in6addr_any; |
| addr.in6.sin6_port = htons(daemon->port); |
addr.in6.sin6_port = htons(daemon->port); |
|
Line 643 void create_wildcard_listeners(void)
|
Line 1147 void create_wildcard_listeners(void)
|
| l->next = l6; |
l->next = l6; |
| else |
else |
| l = l6; |
l = l6; |
| #endif |
|
| |
|
| daemon->listeners = l; |
daemon->listeners = l; |
| } |
} |
| |
|
| |
static struct listener *find_listener(union mysockaddr *addr) |
| |
{ |
| |
struct listener *l; |
| |
for (l = daemon->listeners; l; l = l->next) |
| |
if (sockaddr_isequal(&l->addr, addr)) |
| |
return l; |
| |
return NULL; |
| |
} |
| |
|
| void create_bound_listeners(int dienow) |
void create_bound_listeners(int dienow) |
| { |
{ |
| struct listener *new; |
struct listener *new; |
| struct irec *iface; |
struct irec *iface; |
| struct iname *if_tmp; |
struct iname *if_tmp; |
| |
struct listener *existing; |
| |
|
| for (iface = daemon->interfaces; iface; iface = iface->next) |
for (iface = daemon->interfaces; iface; iface = iface->next) |
| if (!iface->done && !iface->dad && | if (!iface->done && !iface->dad && iface->found) |
| (new = create_listeners(&iface->addr, iface->tftp_ok, dienow))) | |
| { |
{ |
| new->iface = iface; | existing = find_listener(&iface->addr); |
| new->next = daemon->listeners; | if (existing) |
| daemon->listeners = new; | { |
| iface->done = 1; | iface->done = 1; |
| | existing->used++; /* increase usage counter */ |
| | } |
| | else if ((new = create_listeners(&iface->addr, iface->tftp_ok, dienow))) |
| | { |
| | new->iface = iface; |
| | new->next = daemon->listeners; |
| | daemon->listeners = new; |
| | iface->done = 1; |
| | |
| | /* Don't log the initial set of listen addresses created |
| | at startup, since this is happening before the logging |
| | system is initialised and the sign-on printed. */ |
| | if (!dienow) |
| | { |
| | int port = prettyprint_addr(&iface->addr, daemon->addrbuff); |
| | my_syslog(LOG_DEBUG|MS_DEBUG, _("listening on %s(#%d): %s port %d"), |
| | iface->name, iface->index, daemon->addrbuff, port); |
| | } |
| | } |
| } |
} |
| |
|
| /* Check for --listen-address options that haven't been used because there's |
/* Check for --listen-address options that haven't been used because there's |
|
Line 679 void create_bound_listeners(int dienow)
|
Line 1210 void create_bound_listeners(int dienow)
|
| if (!if_tmp->used && |
if (!if_tmp->used && |
| (new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow))) |
(new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow))) |
| { |
{ |
| new->iface = NULL; |
|
| new->next = daemon->listeners; |
new->next = daemon->listeners; |
| daemon->listeners = new; |
daemon->listeners = new; |
| |
|
| |
if (!dienow) |
| |
{ |
| |
int port = prettyprint_addr(&if_tmp->addr, daemon->addrbuff); |
| |
my_syslog(LOG_DEBUG|MS_DEBUG, _("listening on %s port %d"), daemon->addrbuff, port); |
| |
} |
| } |
} |
| } |
} |
| |
|
| |
/* In --bind-interfaces, the only access control is the addresses we're listening on. |
| |
There's nothing to avoid a query to the address of an internal interface arriving via |
| |
an external interface where we don't want to accept queries, except that in the usual |
| |
case the addresses of internal interfaces are RFC1918. When bind-interfaces in use, |
| |
and we listen on an address that looks like it's probably globally routeable, shout. |
| |
|
| |
The fix is to use --bind-dynamic, which actually checks the arrival interface too. |
| |
Tough if your platform doesn't support this. |
| |
|
| |
Note that checking the arrival interface is supported in the standard IPv6 API and |
| |
always done, so we don't warn about any IPv6 addresses here. |
| |
*/ |
| |
|
| |
void warn_bound_listeners(void) |
| |
{ |
| |
struct irec *iface; |
| |
int advice = 0; |
| |
|
| |
for (iface = daemon->interfaces; iface; iface = iface->next) |
| |
if (!iface->dns_auth) |
| |
{ |
| |
if (iface->addr.sa.sa_family == AF_INET) |
| |
{ |
| |
if (!private_net(iface->addr.in.sin_addr, 1)) |
| |
{ |
| |
inet_ntop(AF_INET, &iface->addr.in.sin_addr, daemon->addrbuff, ADDRSTRLEN); |
| |
iface->warned = advice = 1; |
| |
my_syslog(LOG_WARNING, |
| |
_("LOUD WARNING: listening on %s may accept requests via interfaces other than %s"), |
| |
daemon->addrbuff, iface->name); |
| |
} |
| |
} |
| |
} |
| |
|
| |
if (advice) |
| |
my_syslog(LOG_WARNING, _("LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)")); |
| |
} |
| |
|
| |
void warn_wild_labels(void) |
| |
{ |
| |
struct irec *iface; |
| |
|
| |
for (iface = daemon->interfaces; iface; iface = iface->next) |
| |
if (iface->found && iface->name && iface->label) |
| |
my_syslog(LOG_WARNING, _("warning: using interface %s instead"), iface->name); |
| |
} |
| |
|
| |
void warn_int_names(void) |
| |
{ |
| |
struct interface_name *intname; |
| |
|
| |
for (intname = daemon->int_names; intname; intname = intname->next) |
| |
if (!intname->addr) |
| |
my_syslog(LOG_WARNING, _("warning: no addresses found for interface %s"), intname->intr); |
| |
} |
| |
|
| int is_dad_listeners(void) |
int is_dad_listeners(void) |
| { |
{ |
| struct irec *iface; |
struct irec *iface; |
|
Line 722 void join_multicast(int dienow)
|
Line 1314 void join_multicast(int dienow)
|
| |
|
| inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr); |
inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr); |
| |
|
| if (daemon->doing_dhcp6 && | if ((daemon->doing_dhcp6 || daemon->relay6) && |
| setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1) |
setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1) |
| err = 1; | err = errno; |
| |
|
| inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr); |
inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr); |
| |
|
| if (daemon->doing_dhcp6 && |
if (daemon->doing_dhcp6 && |
| setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1) |
setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1) |
| err = 1; | err = errno; |
| |
|
| inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr); |
inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr); |
| |
|
| if (daemon->doing_ra && |
if (daemon->doing_ra && |
| setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1) |
setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1) |
| err = 1; | err = errno; |
| |
|
| if (err) |
if (err) |
| { |
{ |
| char *s = _("interface %s failed to join DHCPv6 multicast group: %s"); |
char *s = _("interface %s failed to join DHCPv6 multicast group: %s"); |
| |
errno = err; |
| |
|
| |
#ifdef HAVE_LINUX_NETWORK |
| |
if (errno == ENOMEM) |
| |
my_syslog(LOG_ERR, _("try increasing /proc/sys/net/core/optmem_max")); |
| |
#endif |
| |
|
| if (dienow) |
if (dienow) |
| die(s, iface->name, EC_BADNET); |
die(s, iface->name, EC_BADNET); |
| else |
else |
|
Line 751 void join_multicast(int dienow)
|
Line 1350 void join_multicast(int dienow)
|
| } |
} |
| #endif |
#endif |
| |
|
| /* return a UDP socket bound to a random port, have to cope with straying into | int local_bind(int fd, union mysockaddr *addr, char *intname, unsigned int ifindex, int is_tcp) |
| occupied port nos and reserved ones. */ | |
| int random_sock(int family) | |
| { |
{ |
| int fd; | union mysockaddr addr_copy = *addr; |
| | unsigned short port; |
| | int tries = 1; |
| | unsigned short ports_avail = 1; |
| |
|
| if ((fd = socket(family, SOCK_DGRAM, 0)) != -1) | if (addr_copy.sa.sa_family == AF_INET) |
| { | port = addr_copy.in.sin_port; |
| union mysockaddr addr; | else |
| unsigned int ports_avail = 65536u - (unsigned short)daemon->min_port; | port = addr_copy.in6.sin6_port; |
| int tries = ports_avail < 30 ? 3 * ports_avail : 100; | |
| |
|
| memset(&addr, 0, sizeof(addr)); | /* cannot set source _port_ for TCP connections. */ |
| addr.sa.sa_family = family; | if (is_tcp) |
| port = 0; |
| /* don't loop forever if all ports in use. */ | else if (port == 0 && daemon->max_port != 0) |
| { |
| if (fix_fd(fd)) | /* Bind a random port within the range given by min-port and max-port if either |
| while(tries--) | or both are set. Otherwise use the OS's random ephemeral port allocation by |
| { | leaving port == 0 and tries == 1 */ |
| unsigned short port = rand16(); | ports_avail = daemon->max_port - daemon->min_port + 1; |
| | tries = (ports_avail < SMALL_PORT_RANGE) ? ports_avail : 100; |
| if (daemon->min_port != 0) | port = htons(daemon->min_port + (rand16() % ports_avail)); |
| port = htons(daemon->min_port + (port % ((unsigned short)ports_avail))); | |
| | |
| if (family == AF_INET) | |
| { | |
| addr.in.sin_addr.s_addr = INADDR_ANY; | |
| addr.in.sin_port = port; | |
| #ifdef HAVE_SOCKADDR_SA_LEN | |
| addr.in.sin_len = sizeof(struct sockaddr_in); | |
| #endif | |
| } | |
| #ifdef HAVE_IPV6 | |
| else | |
| { | |
| addr.in6.sin6_addr = in6addr_any; | |
| addr.in6.sin6_port = port; | |
| #ifdef HAVE_SOCKADDR_SA_LEN | |
| addr.in6.sin6_len = sizeof(struct sockaddr_in6); | |
| #endif | |
| } | |
| #endif | |
| | |
| if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0) | |
| return fd; | |
| | |
| if (errno != EADDRINUSE && errno != EACCES) | |
| break; | |
| } | |
| |
| close(fd); | |
| } |
} |
| |
|
| return -1; |
|
| } |
|
| |
|
| |
while (1) |
| |
{ |
| |
/* elide bind() call if it's to port 0, address 0 */ |
| |
if (addr_copy.sa.sa_family == AF_INET) |
| |
{ |
| |
if (port == 0 && addr_copy.in.sin_addr.s_addr == 0) |
| |
break; |
| |
addr_copy.in.sin_port = port; |
| |
} |
| |
else |
| |
{ |
| |
if (port == 0 && IN6_IS_ADDR_UNSPECIFIED(&addr_copy.in6.sin6_addr)) |
| |
break; |
| |
addr_copy.in6.sin6_port = port; |
| |
} |
| |
|
| |
if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) != -1) |
| |
break; |
| |
|
| |
if (errno != EADDRINUSE && errno != EACCES) |
| |
return 0; |
| |
|
| int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp) | if (--tries == 0) |
| { | return 0; |
| union mysockaddr addr_copy = *addr; | |
| |
|
| /* cannot set source _port_ for TCP connections. */ | /* For small ranges, do a systematic search, not a random one. */ |
| if (is_tcp) | if (ports_avail < SMALL_PORT_RANGE) |
| | { |
| | unsigned short hport = ntohs(port); |
| | if (hport++ == daemon->max_port) |
| | hport = daemon->min_port; |
| | port = htons(hport); |
| | } |
| | else |
| | port = htons(daemon->min_port + (rand16() % ports_avail)); |
| | } |
| | |
| | if (!is_tcp && ifindex > 0) |
| { |
{ |
| |
#if defined(IP_UNICAST_IF) |
| if (addr_copy.sa.sa_family == AF_INET) |
if (addr_copy.sa.sa_family == AF_INET) |
| addr_copy.in.sin_port = 0; | { |
| #ifdef HAVE_IPV6 | uint32_t ifindex_opt = htonl(ifindex); |
| else | return setsockopt(fd, IPPROTO_IP, IP_UNICAST_IF, &ifindex_opt, sizeof(ifindex_opt)) == 0; |
| addr_copy.in6.sin6_port = 0; | } |
| #endif |
#endif |
| |
#if defined (IPV6_UNICAST_IF) |
| |
if (addr_copy.sa.sa_family == AF_INET6) |
| |
{ |
| |
uint32_t ifindex_opt = htonl(ifindex); |
| |
return setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_IF, &ifindex_opt, sizeof(ifindex_opt)) == 0; |
| |
} |
| |
#endif |
| } |
} |
| | |
| if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) == -1) | (void)intname; /* suppress potential unused warning */ |
| return 0; | |
| | |
| #if defined(SO_BINDTODEVICE) |
#if defined(SO_BINDTODEVICE) |
| if (intname[0] != 0 && |
if (intname[0] != 0 && |
| setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, IF_NAMESIZE) == -1) |
setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, IF_NAMESIZE) == -1) |
|
Line 836 int local_bind(int fd, union mysockaddr *addr, char *i
|
Line 1440 int local_bind(int fd, union mysockaddr *addr, char *i
|
| return 1; |
return 1; |
| } |
} |
| |
|
| static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname) | static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname, unsigned int ifindex) |
| { |
{ |
| struct serverfd *sfd; |
struct serverfd *sfd; |
| int errsave; |
int errsave; |
| int opt = 1; |
| | |
| /* when using random ports, servers which would otherwise use |
/* when using random ports, servers which would otherwise use |
| the INADDR_ANY/port0 socket have sfd set to NULL */ | the INADDR_ANY/port0 socket have sfd set to NULL, this is |
| if (!daemon->osport && intname[0] == 0) | anything without an explictly set source port. */ |
| | if (!daemon->osport) |
| { |
{ |
| errno = 0; |
errno = 0; |
| |
|
| if (addr->sa.sa_family == AF_INET && |
if (addr->sa.sa_family == AF_INET && |
| addr->in.sin_addr.s_addr == INADDR_ANY && |
|
| addr->in.sin_port == htons(0)) |
addr->in.sin_port == htons(0)) |
| return NULL; |
return NULL; |
| |
|
| #ifdef HAVE_IPV6 |
|
| if (addr->sa.sa_family == AF_INET6 && |
if (addr->sa.sa_family == AF_INET6 && |
| memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 && |
|
| addr->in6.sin6_port == htons(0)) |
addr->in6.sin6_port == htons(0)) |
| return NULL; |
return NULL; |
| #endif |
|
| } |
} |
| | |
| /* may have a suitable one already */ |
/* may have a suitable one already */ |
| for (sfd = daemon->sfds; sfd; sfd = sfd->next ) |
for (sfd = daemon->sfds; sfd; sfd = sfd->next ) |
| if (sockaddr_isequal(&sfd->source_addr, addr) && | if (ifindex == sfd->ifindex && |
| | sockaddr_isequal(&sfd->source_addr, addr) && |
| strcmp(intname, sfd->interface) == 0) |
strcmp(intname, sfd->interface) == 0) |
| return sfd; |
return sfd; |
| |
|
|
Line 876 static struct serverfd *allocate_sfd(union mysockaddr
|
Line 1479 static struct serverfd *allocate_sfd(union mysockaddr
|
| free(sfd); |
free(sfd); |
| return NULL; |
return NULL; |
| } |
} |
| | |
| if (!local_bind(sfd->fd, addr, intname, 0) || !fix_fd(sfd->fd)) | if ((addr->sa.sa_family == AF_INET6 && setsockopt(sfd->fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1) || |
| | !local_bind(sfd->fd, addr, intname, ifindex, 0) || !fix_fd(sfd->fd)) |
| { |
{ |
| errsave = errno; /* save error from bind. */ | errsave = errno; /* save error from bind/setsockopt. */ |
| close(sfd->fd); |
close(sfd->fd); |
| free(sfd); |
free(sfd); |
| errno = errsave; |
errno = errsave; |
| return NULL; |
return NULL; |
| } |
} |
| | |
| strcpy(sfd->interface, intname); | safe_strncpy(sfd->interface, intname, sizeof(sfd->interface)); |
| sfd->source_addr = *addr; |
sfd->source_addr = *addr; |
| sfd->next = daemon->sfds; |
sfd->next = daemon->sfds; |
| |
sfd->ifindex = ifindex; |
| |
sfd->preallocated = 0; |
| daemon->sfds = sfd; |
daemon->sfds = sfd; |
| |
|
| return sfd; |
return sfd; |
| } |
} |
| |
|
|
Line 898 static struct serverfd *allocate_sfd(union mysockaddr
|
Line 1505 static struct serverfd *allocate_sfd(union mysockaddr
|
| void pre_allocate_sfds(void) |
void pre_allocate_sfds(void) |
| { |
{ |
| struct server *srv; |
struct server *srv; |
| |
struct serverfd *sfd; |
| |
|
| if (daemon->query_port != 0) |
if (daemon->query_port != 0) |
| { |
{ |
|
Line 909 void pre_allocate_sfds(void)
|
Line 1517 void pre_allocate_sfds(void)
|
| #ifdef HAVE_SOCKADDR_SA_LEN |
#ifdef HAVE_SOCKADDR_SA_LEN |
| addr.in.sin_len = sizeof(struct sockaddr_in); |
addr.in.sin_len = sizeof(struct sockaddr_in); |
| #endif |
#endif |
| allocate_sfd(&addr, ""); | if ((sfd = allocate_sfd(&addr, "", 0))) |
| #ifdef HAVE_IPV6 | sfd->preallocated = 1; |
| | |
| memset(&addr, 0, sizeof(addr)); |
memset(&addr, 0, sizeof(addr)); |
| addr.in6.sin6_family = AF_INET6; |
addr.in6.sin6_family = AF_INET6; |
| addr.in6.sin6_addr = in6addr_any; |
addr.in6.sin6_addr = in6addr_any; |
|
Line 918 void pre_allocate_sfds(void)
|
Line 1527 void pre_allocate_sfds(void)
|
| #ifdef HAVE_SOCKADDR_SA_LEN |
#ifdef HAVE_SOCKADDR_SA_LEN |
| addr.in6.sin6_len = sizeof(struct sockaddr_in6); |
addr.in6.sin6_len = sizeof(struct sockaddr_in6); |
| #endif |
#endif |
| allocate_sfd(&addr, ""); | if ((sfd = allocate_sfd(&addr, "", 0))) |
| #endif | sfd->preallocated = 1; |
| } |
} |
| |
|
| for (srv = daemon->servers; srv; srv = srv->next) |
for (srv = daemon->servers; srv; srv = srv->next) |
| if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)) && | if (!allocate_sfd(&srv->source_addr, srv->interface, srv->ifindex) && |
| !allocate_sfd(&srv->source_addr, srv->interface) && | |
| errno != 0 && |
errno != 0 && |
| option_bool(OPT_NOWILD)) |
option_bool(OPT_NOWILD)) |
| { |
{ |
| prettyprint_addr(&srv->source_addr, daemon->namebuff); | (void)prettyprint_addr(&srv->source_addr, daemon->namebuff); |
| if (srv->interface[0] != 0) |
if (srv->interface[0] != 0) |
| { |
{ |
| strcat(daemon->namebuff, " "); |
strcat(daemon->namebuff, " "); |
|
Line 939 void pre_allocate_sfds(void)
|
Line 1547 void pre_allocate_sfds(void)
|
| } |
} |
| } |
} |
| |
|
| void check_servers(int no_loop_check) |
| void check_servers(void) | |
| { |
{ |
| struct irec *iface; |
struct irec *iface; |
| struct server *new, *tmp, *ret = NULL; | struct server *serv; |
| int port = 0; | struct serverfd *sfd, *tmp, **up; |
| | int port = 0, count; |
| | int locals = 0; |
| | |
| | #ifdef HAVE_LOOP |
| | if (!no_loop_check) |
| | loop_send_probes(); |
| | #endif |
| |
|
| /* interface may be new since startup */ | /* clear all marks. */ |
| if (!option_bool(OPT_NOWILD)) | mark_servers(0); |
| enumerate_interfaces(); | |
| |
|
| for (new = daemon->servers; new; new = tmp) | /* interface may be new since startup */ |
| { | if (!option_bool(OPT_NOWILD)) |
| tmp = new->next; | enumerate_interfaces(0); |
| | |
| if (!(new->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND))) | |
| { | |
| port = prettyprint_addr(&new->addr, daemon->namebuff); | |
| |
|
| /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */ | /* don't garbage collect pre-allocated sfds. */ |
| if (new->addr.sa.sa_family == AF_INET && | for (sfd = daemon->sfds; sfd; sfd = sfd->next) |
| new->addr.in.sin_addr.s_addr == 0) | sfd->used = sfd->preallocated; |
| { | |
| free(new); | |
| continue; | |
| } | |
| |
|
| for (iface = daemon->interfaces; iface; iface = iface->next) | for (count = 0, serv = daemon->servers; serv; serv = serv->next) |
| if (sockaddr_isequal(&new->addr, &iface->addr)) | { |
| break; | /* Init edns_pktsz for newly created server records. */ |
| if (iface) | if (serv->edns_pktsz == 0) |
| { | serv->edns_pktsz = daemon->edns_pktsz; |
| my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff); | |
| free(new); | #ifdef HAVE_DNSSEC |
| continue; | if (option_bool(OPT_DNSSEC_VALID)) |
| } | { |
| | if (!(serv->flags & SERV_FOR_NODOTS)) |
| | serv->flags |= SERV_DO_DNSSEC; |
| |
|
| /* Do we need a socket set? */ | /* Disable DNSSEC validation when using server=/domain/.... servers |
| if (!new->sfd && | unless there's a configured trust anchor. */ |
| !(new->sfd = allocate_sfd(&new->source_addr, new->interface)) && | if (strlen(serv->domain) != 0) |
| errno != 0) | |
| { |
{ |
| my_syslog(LOG_WARNING, | struct ds_config *ds; |
| _("ignoring nameserver %s - cannot make/bind socket: %s"), | char *domain = serv->domain; |
| daemon->namebuff, strerror(errno)); | |
| free(new); | /* .example.com is valid */ |
| continue; | while (*domain == '.') |
| | domain++; |
| | |
| | for (ds = daemon->ds; ds; ds = ds->next) |
| | if (ds->name[0] != 0 && hostname_isequal(domain, ds->name)) |
| | break; |
| | |
| | if (!ds) |
| | serv->flags &= ~SERV_DO_DNSSEC; |
| } |
} |
| } |
} |
| |
#endif |
| |
|
| /* reverse order - gets it right. */ | port = prettyprint_addr(&serv->addr, daemon->namebuff); |
| new->next = ret; | |
| ret = new; | |
| |
|
| if (!(new->flags & SERV_NO_REBIND)) | /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */ |
| | if (serv->addr.sa.sa_family == AF_INET && |
| | serv->addr.in.sin_addr.s_addr == 0) |
| { |
{ |
| if (new->flags & (SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_USE_RESOLV)) | serv->flags |= SERV_MARK; |
| { | continue; |
| char *s1, *s2; | } |
| if (!(new->flags & SERV_HAS_DOMAIN)) | |
| s1 = _("unqualified"), s2 = _("names"); | for (iface = daemon->interfaces; iface; iface = iface->next) |
| else if (strlen(new->domain) == 0) | if (sockaddr_isequal(&serv->addr, &iface->addr)) |
| s1 = _("default"), s2 = ""; | break; |
| else | if (iface) |
| s1 = _("domain"), s2 = new->domain; | { |
| | my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff); |
| if (new->flags & SERV_NO_ADDR) | serv->flags |= SERV_MARK; |
| my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2); | continue; |
| else if (new->flags & SERV_USE_RESOLV) | } |
| my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2); | |
| else if (!(new->flags & SERV_LITERAL_ADDRESS)) | /* Do we need a socket set? */ |
| my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2); | if (!serv->sfd && |
| } | !(serv->sfd = allocate_sfd(&serv->source_addr, serv->interface, serv->ifindex)) && |
| else if (new->interface[0] != 0) | errno != 0) |
| my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port, new->interface); | { |
| | my_syslog(LOG_WARNING, |
| | _("ignoring nameserver %s - cannot make/bind socket: %s"), |
| | daemon->namebuff, strerror(errno)); |
| | serv->flags |= SERV_MARK; |
| | continue; |
| | } |
| | |
| | if (serv->sfd) |
| | serv->sfd->used = 1; |
| | |
| | if (count == SERVERS_LOGGED) |
| | my_syslog(LOG_INFO, _("more servers are defined but not logged")); |
| | |
| | if (++count > SERVERS_LOGGED) |
| | continue; |
| | |
| | if (strlen(serv->domain) != 0 || (serv->flags & SERV_FOR_NODOTS)) |
| | { |
| | char *s1, *s2, *s3 = "", *s4 = ""; |
| | |
| | #ifdef HAVE_DNSSEC |
| | if (option_bool(OPT_DNSSEC_VALID) && !(serv->flags & SERV_DO_DNSSEC)) |
| | s3 = _("(no DNSSEC)"); |
| | #endif |
| | if (serv->flags & SERV_FOR_NODOTS) |
| | s1 = _("unqualified"), s2 = _("names"); |
| | else if (strlen(serv->domain) == 0) |
| | s1 = _("default"), s2 = ""; |
| else |
else |
| my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port); | s1 = _("domain"), s2 = serv->domain, s4 = (serv->flags & SERV_WILDCARD) ? "*" : ""; |
| | |
| | my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s%s %s"), daemon->namebuff, port, s1, s4, s2, s3); |
| } |
} |
| |
#ifdef HAVE_LOOP |
| |
else if (serv->flags & SERV_LOOP) |
| |
my_syslog(LOG_INFO, _("NOT using nameserver %s#%d - query loop detected"), daemon->namebuff, port); |
| |
#endif |
| |
else if (serv->interface[0] != 0) |
| |
my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port, serv->interface); |
| |
else |
| |
my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port); |
| |
|
| } |
} |
| |
|
| daemon->servers = ret; | for (count = 0, serv = daemon->local_domains; serv; serv = serv->next) |
| | { |
| | if (++count > SERVERS_LOGGED) |
| | continue; |
| | |
| | if ((serv->flags & SERV_LITERAL_ADDRESS) && |
| | !(serv->flags & (SERV_6ADDR | SERV_4ADDR | SERV_ALL_ZEROS)) && |
| | strlen(serv->domain)) |
| | { |
| | count--; |
| | if (++locals <= LOCALS_LOGGED) |
| | my_syslog(LOG_INFO, _("using only locally-known addresses for %s"), serv->domain); |
| | } |
| | else if (serv->flags & SERV_USE_RESOLV) |
| | my_syslog(LOG_INFO, _("using standard nameservers for %s"), serv->domain); |
| | } |
| | |
| | if (locals > LOCALS_LOGGED) |
| | my_syslog(LOG_INFO, _("using %d more local addresses"), locals - LOCALS_LOGGED); |
| | if (count - 1 > SERVERS_LOGGED) |
| | my_syslog(LOG_INFO, _("using %d more nameservers"), count - SERVERS_LOGGED - 1); |
| | |
| | /* Remove unused sfds */ |
| | for (sfd = daemon->sfds, up = &daemon->sfds; sfd; sfd = tmp) |
| | { |
| | tmp = sfd->next; |
| | if (!sfd->used) |
| | { |
| | *up = sfd->next; |
| | close(sfd->fd); |
| | free(sfd); |
| | } |
| | else |
| | up = &sfd->next; |
| | } |
| | |
| | cleanup_servers(); /* remove servers we just deleted. */ |
| | build_server_array(); |
| } |
} |
| |
|
| /* Return zero if no servers found, in that case we keep polling. |
/* Return zero if no servers found, in that case we keep polling. |
|
Line 1028 int reload_servers(char *fname)
|
Line 1719 int reload_servers(char *fname)
|
| { |
{ |
| FILE *f; |
FILE *f; |
| char *line; |
char *line; |
| struct server *old_servers = NULL; |
|
| struct server *new_servers = NULL; |
|
| struct server *serv; |
|
| int gotone = 0; |
int gotone = 0; |
| |
|
| /* buff happens to be MAXDNAME long... */ |
/* buff happens to be MAXDNAME long... */ |
|
Line 1039 int reload_servers(char *fname)
|
Line 1727 int reload_servers(char *fname)
|
| my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno)); |
my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno)); |
| return 0; |
return 0; |
| } |
} |
| | |
| /* move old servers to free list - we can reuse the memory | mark_servers(SERV_FROM_RESOLV); |
| and not risk malloc if there are the same or fewer new servers. | |
| Servers which were specced on the command line go to the new list. */ | |
| for (serv = daemon->servers; serv;) | |
| { | |
| struct server *tmp = serv->next; | |
| if (serv->flags & SERV_FROM_RESOLV) | |
| { | |
| serv->next = old_servers; | |
| old_servers = serv; | |
| /* forward table rules reference servers, so have to blow them away */ | |
| server_gone(serv); | |
| } | |
| else | |
| { | |
| serv->next = new_servers; | |
| new_servers = serv; | |
| } | |
| serv = tmp; | |
| } | |
| | |
| while ((line = fgets(daemon->namebuff, MAXDNAME, f))) |
while ((line = fgets(daemon->namebuff, MAXDNAME, f))) |
| { |
{ |
| union mysockaddr addr, source_addr; |
union mysockaddr addr, source_addr; |
|
Line 1076 int reload_servers(char *fname)
|
Line 1745 int reload_servers(char *fname)
|
| memset(&addr, 0, sizeof(addr)); |
memset(&addr, 0, sizeof(addr)); |
| memset(&source_addr, 0, sizeof(source_addr)); |
memset(&source_addr, 0, sizeof(source_addr)); |
| |
|
| if ((addr.in.sin_addr.s_addr = inet_addr(token)) != (in_addr_t) -1) | if (inet_pton(AF_INET, token, &addr.in.sin_addr) > 0) |
| { |
{ |
| #ifdef HAVE_SOCKADDR_SA_LEN |
#ifdef HAVE_SOCKADDR_SA_LEN |
| source_addr.in.sin_len = addr.in.sin_len = sizeof(source_addr.in); |
source_addr.in.sin_len = addr.in.sin_len = sizeof(source_addr.in); |
|
Line 1086 int reload_servers(char *fname)
|
Line 1755 int reload_servers(char *fname)
|
| source_addr.in.sin_addr.s_addr = INADDR_ANY; |
source_addr.in.sin_addr.s_addr = INADDR_ANY; |
| source_addr.in.sin_port = htons(daemon->query_port); |
source_addr.in.sin_port = htons(daemon->query_port); |
| } |
} |
| #ifdef HAVE_IPV6 |
|
| else |
else |
| { |
{ |
| int scope_index = 0; |
int scope_index = 0; |
|
Line 1114 int reload_servers(char *fname)
|
Line 1782 int reload_servers(char *fname)
|
| else |
else |
| continue; |
continue; |
| } |
} |
| #else /* IPV6 */ |
|
| else |
|
| continue; |
|
| #endif |
|
| |
|
| if (old_servers) | add_update_server(SERV_FROM_RESOLV, &addr, &source_addr, NULL, NULL, NULL); |
| { | |
| serv = old_servers; | |
| old_servers = old_servers->next; | |
| } | |
| else if (!(serv = whine_malloc(sizeof (struct server)))) | |
| continue; | |
| | |
| /* this list is reverse ordered: | |
| it gets reversed again in check_servers */ | |
| serv->next = new_servers; | |
| new_servers = serv; | |
| serv->addr = addr; | |
| serv->source_addr = source_addr; | |
| serv->domain = NULL; | |
| serv->interface[0] = 0; | |
| serv->sfd = NULL; | |
| serv->flags = SERV_FROM_RESOLV; | |
| serv->queries = serv->failed_queries = 0; | |
| gotone = 1; |
gotone = 1; |
| } |
} |
| |
|
| /* Free any memory not used. */ |
|
| while (old_servers) |
|
| { |
|
| struct server *tmp = old_servers->next; |
|
| free(old_servers); |
|
| old_servers = tmp; |
|
| } |
|
| |
|
| daemon->servers = new_servers; |
|
| fclose(f); |
fclose(f); |
| |
cleanup_servers(); |
| |
|
| return gotone; |
return gotone; |
| } |
} |
| |
|
| /* Called when addresses are added or deleted from an interface */ |
| /* Use an IPv4 listener socket for ioctling */ | void newaddress(time_t now) |
| struct in_addr get_ifaddr(char *intr) | |
| { |
{ |
| struct listener *l; | struct dhcp_relay *relay; |
| struct ifreq ifr; | |
| struct sockaddr_in ret; | (void)now; |
| |
|
| ret.sin_addr.s_addr = -1; | if (option_bool(OPT_CLEVERBIND) || option_bool(OPT_LOCAL_SERVICE) || |
| | daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra) |
| | enumerate_interfaces(0); |
| | |
| | if (option_bool(OPT_CLEVERBIND)) |
| | create_bound_listeners(0); |
| |
|
| for (l = daemon->listeners; | #ifdef HAVE_DHCP |
| l && (l->family != AF_INET || l->fd == -1); | /* clear cache of subnet->relay index */ |
| l = l->next); | for (relay = daemon->relay4; relay; relay = relay->next) |
| | relay->iface_index = 0; |
| | #endif |
| |
|
| strncpy(ifr.ifr_name, intr, IF_NAMESIZE); | #ifdef HAVE_DHCP6 |
| ifr.ifr_addr.sa_family = AF_INET; | if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra) |
| | join_multicast(0); |
| |
|
| if (l && ioctl(l->fd, SIOCGIFADDR, &ifr) != -1) | if (daemon->doing_dhcp6 || daemon->doing_ra) |
| memcpy(&ret, &ifr.ifr_addr, sizeof(ret)); | dhcp_construct_contexts(now); |
| |
|
| return ret.sin_addr; | if (daemon->doing_dhcp6) |
| } | lease_find_interfaces(now); |
| |
|
| for (relay = daemon->relay6; relay; relay = relay->next) |
| relay->iface_index = 0; |
| | #endif |
| | } |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to network.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src