summaryrefslogtreecommitdiffstats
path: root/src/dnsmasq.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/dnsmasq.c')
-rwxr-xr-xsrc/dnsmasq.c1287
1 files changed, 1287 insertions, 0 deletions
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
new file mode 100755
index 0000000..48e3ecf
--- /dev/null
+++ b/src/dnsmasq.c
@@ -0,0 +1,1287 @@
+/* dnsmasq is Copyright (c) 2000-2009 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 dated June, 1991, or
+ (at your option) version 3 dated 29 June, 2007.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+struct daemon *daemon;
+
+static char *compile_opts =
+#ifndef HAVE_IPV6
+"no-"
+#endif
+"IPv6 "
+#ifndef HAVE_GETOPT_LONG
+"no-"
+#endif
+"GNU-getopt "
+#ifdef HAVE_BROKEN_RTC
+"no-RTC "
+#endif
+#ifdef NO_FORK
+"no-MMU "
+#endif
+#ifndef HAVE_DBUS
+"no-"
+#endif
+"DBus "
+#ifndef LOCALEDIR
+"no-"
+#endif
+"I18N "
+#ifndef HAVE_DHCP
+"no-"
+#endif
+"DHCP "
+#if defined(HAVE_DHCP) && !defined(HAVE_SCRIPT)
+"no-scripts "
+#endif
+#ifndef HAVE_TFTP
+"no-"
+#endif
+"TFTP";
+
+
+
+static volatile pid_t pid = 0;
+static volatile int pipewrite;
+
+static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
+static void check_dns_listeners(fd_set *set, time_t now);
+static void sig_handler(int sig);
+static void async_event(int pipe, time_t now);
+static void fatal_event(struct event_desc *ev);
+static void poll_resolv(void);
+
+int main (int argc, char **argv)
+{
+ int bind_fallback = 0;
+ time_t now;
+ struct sigaction sigact;
+ struct iname *if_tmp;
+ int piperead, pipefd[2], err_pipe[2];
+ struct passwd *ent_pw = NULL;
+#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
+ uid_t script_uid = 0;
+ gid_t script_gid = 0;
+#endif
+ struct group *gp = NULL;
+ long i, max_fd = sysconf(_SC_OPEN_MAX);
+ char *baduser = NULL;
+ int log_err;
+#if defined(HAVE_LINUX_NETWORK)
+ cap_user_header_t hdr = NULL;
+ cap_user_data_t data = NULL;
+#endif
+
+#ifdef LOCALEDIR
+ setlocale(LC_ALL, "");
+ bindtextdomain("dnsmasq", LOCALEDIR);
+ textdomain("dnsmasq");
+#endif
+
+ sigact.sa_handler = sig_handler;
+ sigact.sa_flags = 0;
+ sigemptyset(&sigact.sa_mask);
+ sigaction(SIGUSR1, &sigact, NULL);
+ sigaction(SIGUSR2, &sigact, NULL);
+ sigaction(SIGHUP, &sigact, NULL);
+ sigaction(SIGTERM, &sigact, NULL);
+ sigaction(SIGALRM, &sigact, NULL);
+ sigaction(SIGCHLD, &sigact, NULL);
+
+ /* ignore SIGPIPE */
+ sigact.sa_handler = SIG_IGN;
+ sigaction(SIGPIPE, &sigact, NULL);
+
+ umask(022); /* known umask, create leases and pid files as 0644 */
+
+ read_opts(argc, argv, compile_opts);
+
+ if (daemon->edns_pktsz < PACKETSZ)
+ daemon->edns_pktsz = PACKETSZ;
+ daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
+ daemon->edns_pktsz : DNSMASQ_PACKETSZ;
+ daemon->packet = safe_malloc(daemon->packet_buff_sz);
+
+#ifdef HAVE_DHCP
+ if (!daemon->lease_file)
+ {
+ if (daemon->dhcp)
+ daemon->lease_file = LEASEFILE;
+ }
+#endif
+
+ /* Close any file descriptors we inherited apart from std{in|out|err} */
+ for (i = 0; i < max_fd; i++)
+ if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
+ close(i);
+
+#ifdef HAVE_LINUX_NETWORK
+ netlink_init();
+#elif !(defined(IP_RECVDSTADDR) && \
+ defined(IP_RECVIF) && \
+ defined(IP_SENDSRCADDR))
+ if (!(daemon->options & OPT_NOWILD))
+ {
+ bind_fallback = 1;
+ daemon->options |= OPT_NOWILD;
+ }
+#endif
+
+#ifndef HAVE_TFTP
+ if (daemon->options & OPT_TFTP)
+ die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
+#endif
+
+#ifdef HAVE_SOLARIS_NETWORK
+ if (daemon->max_logs != 0)
+ die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
+#endif
+
+ rand_init();
+
+ now = dnsmasq_time();
+
+#ifdef HAVE_DHCP
+ if (daemon->dhcp)
+ {
+ /* Note that order matters here, we must call lease_init before
+ creating any file descriptors which shouldn't be leaked
+ to the lease-script init process. */
+ lease_init(now);
+ dhcp_init();
+ }
+#endif
+
+ if (!enumerate_interfaces())
+ die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
+
+ if (daemon->options & OPT_NOWILD)
+ {
+ daemon->listeners = create_bound_listeners();
+
+ for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
+ if (if_tmp->name && !if_tmp->used)
+ die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
+
+ for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
+ if (!if_tmp->used)
+ {
+ prettyprint_addr(&if_tmp->addr, daemon->namebuff);
+ die(_("no interface with address %s"), daemon->namebuff, EC_BADNET);
+ }
+ }
+ else if ((daemon->port != 0 || (daemon->options & OPT_TFTP)) &&
+ !(daemon->listeners = create_wildcard_listeners()))
+ die(_("failed to create listening socket: %s"), NULL, EC_BADNET);
+
+ if (daemon->port != 0)
+ cache_init();
+
+ if (daemon->options & OPT_DBUS)
+#ifdef HAVE_DBUS
+ {
+ char *err;
+ daemon->dbus = NULL;
+ daemon->watches = NULL;
+ if ((err = dbus_init()))
+ die(_("DBus error: %s"), err, EC_MISC);
+ }
+#else
+ die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
+#endif
+
+ if (daemon->port != 0)
+ pre_allocate_sfds();
+
+#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
+ /* Note getpwnam returns static storage */
+ if (daemon->dhcp && daemon->lease_change_command && daemon->scriptuser)
+ {
+ if ((ent_pw = getpwnam(daemon->scriptuser)))
+ {
+ script_uid = ent_pw->pw_uid;
+ script_gid = ent_pw->pw_gid;
+ }
+ else
+ baduser = daemon->scriptuser;
+ }
+#endif
+
+ if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
+ baduser = daemon->username;
+ else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
+ baduser = daemon->groupname;
+
+ if (baduser)
+ die(_("unknown user or group: %s"), baduser, EC_BADCONF);
+
+ /* implement group defaults, "dip" if available, or group associated with uid */
+ if (!daemon->group_set && !gp)
+ {
+ if (!(gp = getgrnam(CHGRP)) && ent_pw)
+ gp = getgrgid(ent_pw->pw_gid);
+
+ /* for error message */
+ if (gp)
+ daemon->groupname = gp->gr_name;
+ }
+
+#if defined(HAVE_LINUX_NETWORK)
+ /* determine capability API version here, while we can still
+ call safe_malloc */
+ if (ent_pw && ent_pw->pw_uid != 0)
+ {
+ int capsize = 1; /* for header version 1 */
+ hdr = safe_malloc(sizeof(*hdr));
+
+ /* find version supported by kernel */
+ memset(hdr, 0, sizeof(*hdr));
+ capget(hdr, NULL);
+
+ if (hdr->version != LINUX_CAPABILITY_VERSION_1)
+ {
+ /* if unknown version, use largest supported version (3) */
+ if (hdr->version != LINUX_CAPABILITY_VERSION_2)
+ hdr->version = LINUX_CAPABILITY_VERSION_3;
+ capsize = 2;
+ }
+
+ data = safe_malloc(sizeof(*data) * capsize);
+ memset(data, 0, sizeof(*data) * capsize);
+ }
+#endif
+
+ /* Use a pipe to carry signals and other events back to the event loop
+ in a race-free manner and another to carry errors to daemon-invoking process */
+ safe_pipe(pipefd, 1);
+
+ piperead = pipefd[0];
+ pipewrite = pipefd[1];
+ /* prime the pipe to load stuff first time. */
+ send_event(pipewrite, EVENT_RELOAD, 0);
+
+ err_pipe[1] = -1;
+
+ if (!(daemon->options & OPT_DEBUG))
+ {
+ int nullfd;
+
+ /* The following code "daemonizes" the process.
+ See Stevens section 12.4 */
+
+ if (chdir("/") != 0)
+ die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
+
+#ifndef NO_FORK
+ if (!(daemon->options & OPT_NO_FORK))
+ {
+ pid_t pid;
+
+ /* pipe to carry errors back to original process.
+ When startup is complete we close this and the process terminates. */
+ safe_pipe(err_pipe, 0);
+
+ if ((pid = fork()) == -1)
+ /* fd == -1 since we've not forked, never returns. */
+ send_event(-1, EVENT_FORK_ERR, errno);
+
+ if (pid != 0)
+ {
+ struct event_desc ev;
+
+ /* close our copy of write-end */
+ close(err_pipe[1]);
+
+ /* check for errors after the fork */
+ if (read_write(err_pipe[0], (unsigned char *)&ev, sizeof(ev), 1))
+ fatal_event(&ev);
+
+ _exit(EC_GOOD);
+ }
+
+ close(err_pipe[0]);
+
+ /* NO calls to die() from here on. */
+
+ setsid();
+
+ if ((pid = fork()) == -1)
+ send_event(err_pipe[1], EVENT_FORK_ERR, errno);
+
+ if (pid != 0)
+ _exit(0);
+ }
+#endif
+
+ /* write pidfile _after_ forking ! */
+ if (daemon->runfile)
+ {
+ FILE *pidfile;
+
+ /* only complain if started as root */
+ if ((pidfile = fopen(daemon->runfile, "w")))
+ {
+ fprintf(pidfile, "%d\n", (int) getpid());
+ fclose(pidfile);
+ }
+ else if (getuid() == 0)
+ {
+ send_event(err_pipe[1], EVENT_PIDFILE, errno);
+ _exit(0);
+ }
+ }
+
+ /* open stdout etc to /dev/null */
+ nullfd = open("/dev/null", O_RDWR);
+ dup2(nullfd, STDOUT_FILENO);
+ dup2(nullfd, STDERR_FILENO);
+ dup2(nullfd, STDIN_FILENO);
+ close(nullfd);
+ }
+
+ log_err = log_start(ent_pw, err_pipe[1]);
+
+ /* if we are to run scripts, we need to fork a helper before dropping root. */
+ daemon->helperfd = -1;
+#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
+ if (daemon->dhcp && daemon->lease_change_command)
+ daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
+#endif
+
+ if (!(daemon->options & OPT_DEBUG) && getuid() == 0)
+ {
+ int bad_capabilities = 0;
+ gid_t dummy;
+
+ /* remove all supplimentary groups */
+ if (gp &&
+ (setgroups(0, &dummy) == -1 ||
+ setgid(gp->gr_gid) == -1))
+ {
+ send_event(err_pipe[1], EVENT_GROUP_ERR, errno);
+ _exit(0);
+ }
+
+ if (ent_pw && ent_pw->pw_uid != 0)
+ {
+#if defined(HAVE_LINUX_NETWORK)
+ /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
+ CAP_NET_RAW (for icmp) if we're doing dhcp */
+ data->effective = data->permitted = data->inheritable =
+ (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
+
+ /* Tell kernel to not clear capabilities when dropping root */
+ if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1) == -1)
+ bad_capabilities = errno;
+
+#elif defined(HAVE_SOLARIS_NETWORK)
+ /* http://developers.sun.com/solaris/articles/program_privileges.html */
+ priv_set_t *priv_set;
+
+ if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
+ priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
+ priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
+ bad_capabilities = errno;
+
+ if (priv_set && bad_capabilities == 0)
+ {
+ priv_inverse(priv_set);
+
+ if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
+ bad_capabilities = errno;
+ }
+
+ if (priv_set)
+ priv_freeset(priv_set);
+
+#endif
+
+ if (bad_capabilities != 0)
+ {
+ send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities);
+ _exit(0);
+ }
+
+ /* finally drop root */
+ if (setuid(ent_pw->pw_uid) == -1)
+ {
+ send_event(err_pipe[1], EVENT_USER_ERR, errno);
+ _exit(0);
+ }
+
+#ifdef HAVE_LINUX_NETWORK
+ data->effective = data->permitted =
+ (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
+ data->inheritable = 0;
+
+ /* lose the setuid and setgid capbilities */
+ if (capset(hdr, data) == -1)
+ {
+ send_event(err_pipe[1], EVENT_CAP_ERR, errno);
+ _exit(0);
+ }
+#endif
+
+ }
+ }
+
+#ifdef HAVE_LINUX_NETWORK
+ if (daemon->options & OPT_DEBUG)
+ prctl(PR_SET_DUMPABLE, 1);
+#endif
+
+ if (daemon->port == 0)
+ my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
+ else if (daemon->cachesize != 0)
+ my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
+ else
+ my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
+
+ my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
+
+#ifdef HAVE_DBUS
+ if (daemon->options & OPT_DBUS)
+ {
+ if (daemon->dbus)
+ my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
+ else
+ my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
+ }
+#endif
+
+ if (log_err != 0)
+ my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
+ daemon->log_file, strerror(log_err));
+
+ if (bind_fallback)
+ my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
+
+ if (!(daemon->options & OPT_NOWILD))
+ for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
+ if (if_tmp->name && !if_tmp->used)
+ my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
+
+ if (daemon->port != 0 && (daemon->options & OPT_NO_RESOLV))
+ {
+ if (daemon->resolv_files && !daemon->resolv_files->is_default)
+ my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
+ daemon->resolv_files = NULL;
+ if (!daemon->servers)
+ my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
+ }
+
+ if (daemon->max_logs != 0)
+ my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
+
+#ifdef HAVE_DHCP
+ if (daemon->dhcp)
+ {
+ struct dhcp_context *dhcp_tmp;
+
+ for (dhcp_tmp = daemon->dhcp; dhcp_tmp; dhcp_tmp = dhcp_tmp->next)
+ {
+ prettyprint_time(daemon->dhcp_buff2, dhcp_tmp->lease_time);
+ strcpy(daemon->dhcp_buff, inet_ntoa(dhcp_tmp->start));
+ my_syslog(MS_DHCP | LOG_INFO,
+ (dhcp_tmp->flags & CONTEXT_STATIC) ?
+ _("DHCP, static leases only on %.0s%s, lease time %s") :
+ (dhcp_tmp->flags & CONTEXT_PROXY) ?
+ _("DHCP, proxy on subnet %.0s%s%.0s") :
+ _("DHCP, IP range %s -- %s, lease time %s"),
+ daemon->dhcp_buff, inet_ntoa(dhcp_tmp->end), daemon->dhcp_buff2);
+ }
+ }
+#endif
+
+#ifdef HAVE_TFTP
+ if (daemon->options & OPT_TFTP)
+ {
+#ifdef FD_SETSIZE
+ if (FD_SETSIZE < (unsigned)max_fd)
+ max_fd = FD_SETSIZE;
+#endif
+
+ my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
+ daemon->tftp_prefix ? _("root is ") : _("enabled"),
+ daemon->tftp_prefix ? daemon->tftp_prefix: "",
+ daemon->options & OPT_TFTP_SECURE ? _("secure mode") : "");
+
+ /* This is a guess, it assumes that for small limits,
+ disjoint files might be served, but for large limits,
+ a single file will be sent to may clients (the file only needs
+ one fd). */
+
+ max_fd -= 30; /* use other than TFTP */
+
+ if (max_fd < 0)
+ max_fd = 5;
+ else if (max_fd < 100)
+ max_fd = max_fd/2;
+ else
+ max_fd = max_fd - 20;
+
+ /* if we have to use a limited range of ports,
+ that will limit the number of transfers */
+ if (daemon->start_tftp_port != 0 &&
+ daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
+ max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
+
+ if (daemon->tftp_max > max_fd)
+ {
+ daemon->tftp_max = max_fd;
+ my_syslog(MS_TFTP | LOG_WARNING,
+ _("restricting maximum simultaneous TFTP transfers to %d"),
+ daemon->tftp_max);
+ }
+ }
+#endif
+
+ /* finished start-up - release original process */
+ if (err_pipe[1] != -1)
+ close(err_pipe[1]);
+
+ if (daemon->port != 0)
+ check_servers();
+
+ pid = getpid();
+
+ while (1)
+ {
+ int maxfd = -1;
+ struct timeval t, *tp = NULL;
+ fd_set rset, wset, eset;
+
+ FD_ZERO(&rset);
+ FD_ZERO(&wset);
+ FD_ZERO(&eset);
+
+ /* if we are out of resources, find how long we have to wait
+ for some to come free, we'll loop around then and restart
+ listening for queries */
+ if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
+ {
+ t.tv_usec = 0;
+ tp = &t;
+ }
+
+ /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
+ if (daemon->tftp_trans ||
+ ((daemon->options & OPT_DBUS) && !daemon->dbus))
+ {
+ t.tv_sec = 0;
+ t.tv_usec = 250000;
+ tp = &t;
+ }
+
+#ifdef HAVE_DBUS
+ set_dbus_listeners(&maxfd, &rset, &wset, &eset);
+#endif
+
+#ifdef HAVE_DHCP
+ if (daemon->dhcp)
+ {
+ FD_SET(daemon->dhcpfd, &rset);
+ bump_maxfd(daemon->dhcpfd, &maxfd);
+ }
+#endif
+
+#ifdef HAVE_LINUX_NETWORK
+ FD_SET(daemon->netlinkfd, &rset);
+ bump_maxfd(daemon->netlinkfd, &maxfd);
+#endif
+
+ FD_SET(piperead, &rset);
+ bump_maxfd(piperead, &maxfd);
+
+#ifdef HAVE_DHCP
+# ifdef HAVE_SCRIPT
+ while (helper_buf_empty() && do_script_run(now));
+
+ if (!helper_buf_empty())
+ {
+ FD_SET(daemon->helperfd, &wset);
+ bump_maxfd(daemon->helperfd, &maxfd);
+ }
+# else
+ /* need this for other side-effects */
+ while (do_script_run(now));
+# endif
+#endif
+
+ /* must do this just before select(), when we know no
+ more calls to my_syslog() can occur */
+ set_log_writer(&wset, &maxfd);
+
+ if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
+ {
+ /* otherwise undefined after error */
+ FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
+ }
+
+ now = dnsmasq_time();
+
+ check_log_writer(&wset);
+
+ /* Check for changes to resolv files once per second max. */
+ /* Don't go silent for long periods if the clock goes backwards. */
+ if (daemon->last_resolv == 0 ||
+ difftime(now, daemon->last_resolv) > 1.0 ||
+ difftime(now, daemon->last_resolv) < -1.0)
+ {
+ daemon->last_resolv = now;
+
+ if (daemon->port != 0 && !(daemon->options & OPT_NO_POLL))
+ poll_resolv();
+ }
+
+ if (FD_ISSET(piperead, &rset))
+ async_event(piperead, now);
+
+#ifdef HAVE_LINUX_NETWORK
+ if (FD_ISSET(daemon->netlinkfd, &rset))
+ netlink_multicast();
+#endif
+
+#ifdef HAVE_DBUS
+ /* if we didn't create a DBus connection, retry now. */
+ if ((daemon->options & OPT_DBUS) && !daemon->dbus)
+ {
+ char *err;
+ if ((err = dbus_init()))
+ my_syslog(LOG_WARNING, _("DBus error: %s"), err);
+ if (daemon->dbus)
+ my_syslog(LOG_INFO, _("connected to system DBus"));
+ }
+ check_dbus_listeners(&rset, &wset, &eset);
+#endif
+
+ check_dns_listeners(&rset, now);
+
+#ifdef HAVE_TFTP
+ check_tftp_listeners(&rset, now);
+#endif
+
+#ifdef HAVE_DHCP
+ if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset))
+ dhcp_packet(now);
+
+# ifdef HAVE_SCRIPT
+ if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
+ helper_write();
+# endif
+#endif
+
+ }
+}
+
+static void sig_handler(int sig)
+{
+ if (pid == 0)
+ {
+ /* ignore anything other than TERM during startup
+ and in helper proc. (helper ignore TERM too) */
+ if (sig == SIGTERM)
+ exit(EC_MISC);
+ }
+ else if (pid != getpid())
+ {
+ /* alarm is used to kill TCP children after a fixed time. */
+ if (sig == SIGALRM)
+ _exit(0);
+ }
+ else
+ {
+ /* master process */
+ int event, errsave = errno;
+
+ if (sig == SIGHUP)
+ event = EVENT_RELOAD;
+ else if (sig == SIGCHLD)
+ event = EVENT_CHILD;
+ else if (sig == SIGALRM)
+ event = EVENT_ALARM;
+ else if (sig == SIGTERM)
+ event = EVENT_TERM;
+ else if (sig == SIGUSR1)
+ event = EVENT_DUMP;
+ else if (sig == SIGUSR2)
+ event = EVENT_REOPEN;
+ else
+ return;
+
+ send_event(pipewrite, event, 0);
+ errno = errsave;
+ }
+}
+
+void send_event(int fd, int event, int data)
+{
+ struct event_desc ev;
+
+ ev.event = event;
+ ev.data = data;
+
+ /* error pipe, debug mode. */
+ if (fd == -1)
+ fatal_event(&ev);
+ else
+ /* pipe is non-blocking and struct event_desc is smaller than
+ PIPE_BUF, so this either fails or writes everything */
+ while (write(fd, &ev, sizeof(ev)) == -1 && errno == EINTR);
+}
+
+static void fatal_event(struct event_desc *ev)
+{
+ errno = ev->data;
+
+ switch (ev->event)
+ {
+ case EVENT_DIE:
+ exit(0);
+
+ case EVENT_FORK_ERR:
+ die(_("cannot fork into background: %s"), NULL, EC_MISC);
+
+ case EVENT_PIPE_ERR:
+ die(_("failed to create helper: %s"), NULL, EC_MISC);
+
+ case EVENT_CAP_ERR:
+ die(_("setting capabilities failed: %s"), NULL, EC_MISC);
+
+ case EVENT_USER_ERR:
+ case EVENT_HUSER_ERR:
+ die(_("failed to change user-id to %s: %s"),
+ ev->event == EVENT_USER_ERR ? daemon->username : daemon->scriptuser,
+ EC_MISC);
+
+ case EVENT_GROUP_ERR:
+ die(_("failed to change group-id to %s: %s"), daemon->groupname, EC_MISC);
+
+ case EVENT_PIDFILE:
+ die(_("failed to open pidfile %s: %s"), daemon->runfile, EC_FILE);
+
+ case EVENT_LOG_ERR:
+ die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE);
+ }
+}
+
+static void async_event(int pipe, time_t now)
+{
+ pid_t p;
+ struct event_desc ev;
+ int i;
+
+ if (read_write(pipe, (unsigned char *)&ev, sizeof(ev), 1))
+ switch (ev.event)
+ {
+ case EVENT_RELOAD:
+ clear_cache_and_reload(now);
+ if (daemon->port != 0 && daemon->resolv_files && (daemon->options & OPT_NO_POLL))
+ {
+ reload_servers(daemon->resolv_files->name);
+ check_servers();
+ }
+#ifdef HAVE_DHCP
+ rerun_scripts();
+#endif
+ break;
+
+ case EVENT_DUMP:
+ if (daemon->port != 0)
+ dump_cache(now);
+ break;
+
+ case EVENT_ALARM:
+#ifdef HAVE_DHCP
+ if (daemon->dhcp)
+ {
+ lease_prune(NULL, now);
+ lease_update_file(now);
+ }
+#endif
+ break;
+
+ case EVENT_CHILD:
+ /* See Stevens 5.10 */
+ while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
+ if (p == -1)
+ {
+ if (errno != EINTR)
+ break;
+ }
+ else
+ for (i = 0 ; i < MAX_PROCS; i++)
+ if (daemon->tcp_pids[i] == p)
+ daemon->tcp_pids[i] = 0;
+ break;
+
+ case EVENT_KILLED:
+ my_syslog(LOG_WARNING, _("child process killed by signal %d"), ev.data);
+ break;
+
+ case EVENT_EXITED:
+ my_syslog(LOG_WARNING, _("child process exited with status %d"), ev.data);
+ break;
+
+ case EVENT_EXEC_ERR:
+ my_syslog(LOG_ERR, _("failed to execute %s: %s"),
+ daemon->lease_change_command, strerror(ev.data));
+ break;
+
+ /* necessary for fatal errors in helper */
+ case EVENT_HUSER_ERR:
+ case EVENT_DIE:
+ fatal_event(&ev);
+ break;
+
+ case EVENT_REOPEN:
+ /* Note: this may leave TCP-handling processes with the old file still open.
+ Since any such process will die in CHILD_LIFETIME or probably much sooner,
+ we leave them logging to the old file. */
+ if (daemon->log_file != NULL)
+ log_reopen(daemon->log_file);
+ break;
+
+ case EVENT_TERM:
+ /* Knock all our children on the head. */
+ for (i = 0; i < MAX_PROCS; i++)
+ if (daemon->tcp_pids[i] != 0)
+ kill(daemon->tcp_pids[i], SIGALRM);
+
+#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
+ /* handle pending lease transitions */
+ if (daemon->helperfd != -1)
+ {
+ /* block in writes until all done */
+ if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
+ fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
+ do {
+ helper_write();
+ } while (!helper_buf_empty() || do_script_run(now));
+ close(daemon->helperfd);
+ }
+#endif
+
+ if (daemon->lease_stream)
+ fclose(daemon->lease_stream);
+
+ if (daemon->runfile)
+ unlink(daemon->runfile);
+
+ my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
+ flush_log();
+ exit(EC_GOOD);
+ }
+}
+
+static void poll_resolv()
+{
+ struct resolvc *res, *latest;
+ struct stat statbuf;
+ time_t last_change = 0;
+ /* There may be more than one possible file.
+ Go through and find the one which changed _last_.
+ Warn of any which can't be read. */
+ for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
+ if (stat(res->name, &statbuf) == -1)
+ {
+ if (!res->logged)
+ my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
+ res->logged = 1;
+ }
+ else
+ {
+ res->logged = 0;
+ if (statbuf.st_mtime != res->mtime)
+ {
+ res->mtime = statbuf.st_mtime;
+ if (difftime(statbuf.st_mtime, last_change) > 0.0)
+ {
+ last_change = statbuf.st_mtime;
+ latest = res;
+ }
+ }
+ }
+
+ if (latest)
+ {
+ static int warned = 0;
+ if (reload_servers(latest->name))
+ {
+ my_syslog(LOG_INFO, _("reading %s"), latest->name);
+ warned = 0;
+ check_servers();
+ if (daemon->options & OPT_RELOAD)
+ cache_reload();
+ }
+ else
+ {
+ latest->mtime = 0;
+ if (!warned)
+ {
+ my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
+ warned = 1;
+ }
+ }
+ }
+}
+
+void clear_cache_and_reload(time_t now)
+{
+ if (daemon->port != 0)
+ cache_reload();
+
+#ifdef HAVE_DHCP
+ if (daemon->dhcp)
+ {
+ if (daemon->options & OPT_ETHERS)
+ dhcp_read_ethers();
+ reread_dhcp();
+ dhcp_update_configs(daemon->dhcp_conf);
+ check_dhcp_hosts(0);
+ lease_update_from_configs();
+ lease_update_file(now);
+ lease_update_dns();
+ }
+#endif
+}
+
+static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
+{
+ struct serverfd *serverfdp;
+ struct listener *listener;
+ int wait = 0, i;
+
+#ifdef HAVE_TFTP
+ int tftp = 0;
+ struct tftp_transfer *transfer;
+ for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
+ {
+ tftp++;
+ FD_SET(transfer->sockfd, set);
+ bump_maxfd(transfer->sockfd, maxfdp);
+ }
+#endif
+
+ /* will we be able to get memory? */
+ if (daemon->port != 0)
+ get_new_frec(now, &wait);
+
+ for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
+ {
+ FD_SET(serverfdp->fd, set);
+ bump_maxfd(serverfdp->fd, maxfdp);
+ }
+
+ if (daemon->port != 0 && !daemon->osport)
+ for (i = 0; i < RANDOM_SOCKS; i++)
+ if (daemon->randomsocks[i].refcount != 0)
+ {
+ FD_SET(daemon->randomsocks[i].fd, set);
+ bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
+ }
+
+ for (listener = daemon->listeners; listener; listener = listener->next)
+ {
+ /* only listen for queries if we have resources */
+ if (listener->fd != -1 && wait == 0)
+ {
+ FD_SET(listener->fd, set);
+ bump_maxfd(listener->fd, maxfdp);
+ }
+
+ /* death of a child goes through the select loop, so
+ we don't need to explicitly arrange to wake up here */
+ if (listener->tcpfd != -1)
+ for (i = 0; i < MAX_PROCS; i++)
+ if (daemon->tcp_pids[i] == 0)
+ {
+ FD_SET(listener->tcpfd, set);
+ bump_maxfd(listener->tcpfd, maxfdp);
+ break;
+ }
+
+#ifdef HAVE_TFTP
+ if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
+ {
+ FD_SET(listener->tftpfd, set);
+ bump_maxfd(listener->tftpfd, maxfdp);
+ }
+#endif
+
+ }
+
+ return wait;
+}
+
+static void check_dns_listeners(fd_set *set, time_t now)
+{
+ struct serverfd *serverfdp;
+ struct listener *listener;
+ int i;
+
+ for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
+ if (FD_ISSET(serverfdp->fd, set))
+ reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
+
+ if (daemon->port != 0 && !daemon->osport)
+ for (i = 0; i < RANDOM_SOCKS; i++)
+ if (daemon->randomsocks[i].refcount != 0 &&
+ FD_ISSET(daemon->randomsocks[i].fd, set))
+ reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
+
+ for (listener = daemon->listeners; listener; listener = listener->next)
+ {
+ if (listener->fd != -1 && FD_ISSET(listener->fd, set))
+ receive_query(listener, now);
+
+#ifdef HAVE_TFTP
+ if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
+ tftp_request(listener, now);
+#endif
+
+ if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
+ {
+ int confd;
+ struct irec *iface = NULL;
+ pid_t p;
+
+ while((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
+
+ if (confd == -1)
+ continue;
+
+ if (daemon->options & OPT_NOWILD)
+ iface = listener->iface;
+ else
+ {
+ union mysockaddr tcp_addr;
+ socklen_t tcp_len = sizeof(union mysockaddr);
+ /* Check for allowed interfaces when binding the wildcard address:
+ we do this by looking for an interface with the same address as
+ the local address of the TCP connection, then looking to see if that's
+ an allowed interface. As a side effect, we get the netmask of the
+ interface too, for localisation. */
+
+ /* interface may be new since startup */
+ if (enumerate_interfaces() &&
+ getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) != -1)
+ for (iface = daemon->interfaces; iface; iface = iface->next)
+ if (sockaddr_isequal(&iface->addr, &tcp_addr))
+ break;
+ }
+
+ if (!iface)
+ {
+ shutdown(confd, SHUT_RDWR);
+ close(confd);
+ }
+#ifndef NO_FORK
+ else if (!(daemon->options & OPT_DEBUG) && (p = fork()) != 0)
+ {
+ if (p != -1)
+ {
+ int i;
+ for (i = 0; i < MAX_PROCS; i++)
+ if (daemon->tcp_pids[i] == 0)
+ {
+ daemon->tcp_pids[i] = p;
+ break;
+ }
+ }
+ close(confd);
+ }
+#endif
+ else
+ {
+ unsigned char *buff;
+ struct server *s;
+ int flags;
+ struct in_addr dst_addr_4;
+
+ dst_addr_4.s_addr = 0;
+
+ /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
+ terminate the process. */
+ if (!(daemon->options & OPT_DEBUG))
+ alarm(CHILD_LIFETIME);
+
+ /* start with no upstream connections. */
+ for (s = daemon->servers; s; s = s->next)
+ s->tcpfd = -1;
+
+ /* The connected socket inherits non-blocking
+ attribute from the listening socket.
+ Reset that here. */
+ if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
+ fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
+
+ if (listener->family == AF_INET)
+ dst_addr_4 = iface->addr.in.sin_addr;
+
+ buff = tcp_request(confd, now, dst_addr_4, iface->netmask);
+
+ shutdown(confd, SHUT_RDWR);
+ close(confd);
+
+ if (buff)
+ free(buff);
+
+ for (s = daemon->servers; s; s = s->next)
+ if (s->tcpfd != -1)
+ {
+ shutdown(s->tcpfd, SHUT_RDWR);
+ close(s->tcpfd);
+ }
+#ifndef NO_FORK
+ if (!(daemon->options & OPT_DEBUG))
+ {
+ flush_log();
+ _exit(0);
+ }
+#endif
+ }
+ }
+ }
+}
+
+#ifdef HAVE_DHCP
+int make_icmp_sock(void)
+{
+ int fd;
+ int zeroopt = 0;
+
+ if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
+ {
+ if (!fix_fd(fd) ||
+ setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
+ {
+ close(fd);
+ fd = -1;
+ }
+ }
+
+ return fd;
+}
+
+int icmp_ping(struct in_addr addr)
+{
+ /* Try and get an ICMP echo from a machine. */
+
+ /* Note that whilst in the three second wait, we check for
+ (and service) events on the DNS and TFTP sockets, (so doing that
+ better not use any resources our caller has in use...)
+ but we remain deaf to signals or further DHCP packets. */
+
+ int fd;
+ struct sockaddr_in saddr;
+ struct {
+ struct ip ip;
+ struct icmp icmp;
+ } packet;
+ unsigned short id = rand16();
+ unsigned int i, j;
+ int gotreply = 0;
+ time_t start, now;
+
+#if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
+ if ((fd = make_icmp_sock()) == -1)
+ return 0;
+#else
+ int opt = 2000;
+ fd = daemon->dhcp_icmp_fd;
+ setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
+#endif
+
+ saddr.sin_family = AF_INET;
+ saddr.sin_port = 0;
+ saddr.sin_addr = addr;
+#ifdef HAVE_SOCKADDR_SA_LEN
+ saddr.sin_len = sizeof(struct sockaddr_in);
+#endif
+
+ memset(&packet.icmp, 0, sizeof(packet.icmp));
+ packet.icmp.icmp_type = ICMP_ECHO;
+ packet.icmp.icmp_id = id;
+ for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
+ j += ((u16 *)&packet.icmp)[i];
+ while (j>>16)
+ j = (j & 0xffff) + (j >> 16);
+ packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
+
+ while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
+ (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
+ retry_send());
+
+ for (now = start = dnsmasq_time();
+ difftime(now, start) < (float)PING_WAIT;)
+ {
+ struct timeval tv;
+ fd_set rset, wset;
+ struct sockaddr_in faddr;
+ int maxfd = fd;
+ socklen_t len = sizeof(faddr);
+
+ tv.tv_usec = 250000;
+ tv.tv_sec = 0;
+
+ FD_ZERO(&rset);
+ FD_ZERO(&wset);
+ FD_SET(fd, &rset);
+ set_dns_listeners(now, &rset, &maxfd);
+ set_log_writer(&wset, &maxfd);
+
+ if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
+ {
+ FD_ZERO(&rset);
+ FD_ZERO(&wset);
+ }
+
+ now = dnsmasq_time();
+
+ check_log_writer(&wset);
+ check_dns_listeners(&rset, now);
+
+#ifdef HAVE_TFTP
+ check_tftp_listeners(&rset, now);
+#endif
+
+ if (FD_ISSET(fd, &rset) &&
+ recvfrom(fd, &packet, sizeof(packet), 0,
+ (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
+ saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
+ packet.icmp.icmp_type == ICMP_ECHOREPLY &&
+ packet.icmp.icmp_seq == 0 &&
+ packet.icmp.icmp_id == id)
+ {
+ gotreply = 1;
+ break;
+ }
+ }
+
+#if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
+ close(fd);
+#else
+ opt = 1;
+ setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
+#endif
+
+ return gotreply;
+}
+#endif
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 13:05:13 +0000