From ffd68729961f7383f2e35494a03ccdef20f86c98 Mon Sep 17 00:00:00 2001 From: San Mehat Date: Wed, 20 Jan 2010 09:56:15 -0800 Subject: dnsmasq: Direct import of version 2.51 Signed-off-by: San Mehat --- CHANGELOG | 438 +++ CHANGELOG.archive | 2509 ++++++++++++++++ COPYING | 340 +++ COPYING-v3 | 674 +++++ FAQ | 471 +++ Makefile | 78 + bld/Makefile | 17 + bld/install-man | 9 + bld/install-mo | 9 + bld/pkg-wrapper | 11 + contrib/Solaris10/README | 28 + contrib/Solaris10/dnsmasq.xml | 65 + contrib/Suse/README | 6 + contrib/Suse/README.susefirewall | 27 + contrib/Suse/dnsmasq-SuSE.patch | 23 + contrib/Suse/dnsmasq-suse.spec | 111 + contrib/Suse/rc.dnsmasq-suse | 79 + contrib/dns-loc/README | 12 + contrib/dns-loc/dnsmasq2-loc-rfc1876.patch | 522 ++++ contrib/dnslist/dhcp.css | 57 + contrib/dnslist/dnslist.pl | 608 ++++ contrib/dnslist/dnslist.tt2 | 32 + contrib/dnsmasq_MacOSX/DNSmasq | 22 + contrib/dnsmasq_MacOSX/README.rtf | 42 + contrib/dnsmasq_MacOSX/StartupParameters.plist | 18 + contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl | 249 ++ contrib/lease-access/README | 20 + contrib/lease-access/lease.access.patch | 578 ++++ contrib/openvpn/README | 44 + contrib/openvpn/dhclient-enter-hooks | 30 + contrib/openvpn/dnsmasq.patch | 61 + contrib/port-forward/dnsmasq-portforward | 68 + contrib/port-forward/portforward | 28 + contrib/slackware-dnsmasq/dnsmasq.SlackBuild | 56 + contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz | Bin 0 -> 435 bytes contrib/slackware-dnsmasq/doinst.sh.gz | Bin 0 -> 302 bytes contrib/slackware-dnsmasq/rc.dnsmasq.gz | Bin 0 -> 265 bytes contrib/slackware-dnsmasq/slack-desc | 19 + contrib/try-all-ns/README | 19 + contrib/try-all-ns/README-2.47 | 11 + contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch | 61 + .../dnsmasq-2.47_no_nxdomain_until_end.patch | 17 + contrib/webmin/README | 54 + contrib/webmin/dnsmasq.wbm | Bin 0 -> 174080 bytes contrib/wrt/Makefile | 6 + contrib/wrt/README | 81 + contrib/wrt/dhcp_lease_time.c | 214 ++ contrib/wrt/dhcp_release.c | 331 +++ contrib/wrt/lease_update.sh | 54 + dbus/DBus-interface | 131 + dbus/dnsmasq.conf | 14 + dnsmasq.conf.example | 540 ++++ doc.html | 113 + man/dnsmasq.8 | 1290 +++++++++ man/es/dnsmasq.8 | 1310 +++++++++ man/fr/dnsmasq.8 | 1449 ++++++++++ po/de.po | 1462 ++++++++++ po/es.po | 1500 ++++++++++ po/fi.po | 1411 +++++++++ po/fr.po | 1504 ++++++++++ po/id.po | 1727 +++++++++++ po/it.po | 1411 +++++++++ po/no.po | 1508 ++++++++++ po/pl.po | 1420 ++++++++++ po/pt_BR.po | 1411 +++++++++ po/ro.po | 1503 ++++++++++ setup.html | 231 ++ src/bpf.c | 254 ++ src/cache.c | 1317 +++++++++ src/config.h | 293 ++ src/dbus.c | 436 +++ src/dhcp.c | 1002 +++++++ src/dnsmasq.c | 1287 +++++++++ src/dnsmasq.h | 885 ++++++ src/forward.c | 1094 +++++++ src/helper.c | 428 +++ src/lease.c | 622 ++++ src/log.c | 419 +++ src/netlink.c | 303 ++ src/network.c | 874 ++++++ src/option.c | 2990 ++++++++++++++++++++ src/rfc1035.c | 1604 +++++++++++ src/rfc2131.c | 2332 +++++++++++++++ src/tftp.c | 600 ++++ src/util.c | 514 ++++ 85 files changed, 45398 insertions(+) create mode 100755 CHANGELOG create mode 100755 CHANGELOG.archive create mode 100755 COPYING create mode 100755 COPYING-v3 create mode 100755 FAQ create mode 100755 Makefile create mode 100755 bld/Makefile create mode 100755 bld/install-man create mode 100755 bld/install-mo create mode 100755 bld/pkg-wrapper create mode 100755 contrib/Solaris10/README create mode 100755 contrib/Solaris10/dnsmasq.xml create mode 100755 contrib/Suse/README create mode 100755 contrib/Suse/README.susefirewall create mode 100755 contrib/Suse/dnsmasq-SuSE.patch create mode 100755 contrib/Suse/dnsmasq-suse.spec create mode 100755 contrib/Suse/rc.dnsmasq-suse create mode 100755 contrib/dns-loc/README create mode 100755 contrib/dns-loc/dnsmasq2-loc-rfc1876.patch create mode 100755 contrib/dnslist/dhcp.css create mode 100755 contrib/dnslist/dnslist.pl create mode 100755 contrib/dnslist/dnslist.tt2 create mode 100755 contrib/dnsmasq_MacOSX/DNSmasq create mode 100755 contrib/dnsmasq_MacOSX/README.rtf create mode 100755 contrib/dnsmasq_MacOSX/StartupParameters.plist create mode 100755 contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl create mode 100755 contrib/lease-access/README create mode 100755 contrib/lease-access/lease.access.patch create mode 100755 contrib/openvpn/README create mode 100755 contrib/openvpn/dhclient-enter-hooks create mode 100755 contrib/openvpn/dnsmasq.patch create mode 100755 contrib/port-forward/dnsmasq-portforward create mode 100755 contrib/port-forward/portforward create mode 100755 contrib/slackware-dnsmasq/dnsmasq.SlackBuild create mode 100755 contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz create mode 100755 contrib/slackware-dnsmasq/doinst.sh.gz create mode 100755 contrib/slackware-dnsmasq/rc.dnsmasq.gz create mode 100755 contrib/slackware-dnsmasq/slack-desc create mode 100755 contrib/try-all-ns/README create mode 100755 contrib/try-all-ns/README-2.47 create mode 100755 contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch create mode 100755 contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch create mode 100755 contrib/webmin/README create mode 100755 contrib/webmin/dnsmasq.wbm create mode 100755 contrib/wrt/Makefile create mode 100755 contrib/wrt/README create mode 100755 contrib/wrt/dhcp_lease_time.c create mode 100755 contrib/wrt/dhcp_release.c create mode 100755 contrib/wrt/lease_update.sh create mode 100755 dbus/DBus-interface create mode 100755 dbus/dnsmasq.conf create mode 100755 dnsmasq.conf.example create mode 100755 doc.html create mode 100755 man/dnsmasq.8 create mode 100755 man/es/dnsmasq.8 create mode 100755 man/fr/dnsmasq.8 create mode 100755 po/de.po create mode 100755 po/es.po create mode 100755 po/fi.po create mode 100755 po/fr.po create mode 100755 po/id.po create mode 100755 po/it.po create mode 100755 po/no.po create mode 100755 po/pl.po create mode 100755 po/pt_BR.po create mode 100755 po/ro.po create mode 100755 setup.html create mode 100755 src/bpf.c create mode 100755 src/cache.c create mode 100755 src/config.h create mode 100755 src/dbus.c create mode 100755 src/dhcp.c create mode 100755 src/dnsmasq.c create mode 100755 src/dnsmasq.h create mode 100755 src/forward.c create mode 100755 src/helper.c create mode 100755 src/lease.c create mode 100755 src/log.c create mode 100755 src/netlink.c create mode 100755 src/network.c create mode 100755 src/option.c create mode 100755 src/rfc1035.c create mode 100755 src/rfc2131.c create mode 100755 src/tftp.c create mode 100755 src/util.c diff --git a/CHANGELOG b/CHANGELOG new file mode 100755 index 0000000..89209d5 --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,438 @@ +version 2.51 + Add support for internationalised DNS. Non-ASCII characters + in domain names found in /etc/hosts, /etc/ethers and + /etc/dnsmasq.conf will be correctly handled by translation to + punycode, as specified in RFC3490. This function is only + available if dnsmasq is compiled with internationalisation + support, and adds a dependency on GNU libidn. Without i18n + support, dnsmasq continues to be compilable with just + standard tools. Thanks to Yves Dorfsman for the + suggestion. + + Add two more environment variables for lease-change scripts: + First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname + supplied by a client, even if the actual hostname used is + over-ridden by dhcp-host or dhcp-ignore-names directives. + Also DNSMASQ_RELAY_ADDRESS which gives the address of + a DHCP relay, if used. + Suggestions from Michael Rack. + + Fix regression which broke echo of relay-agent + options. Thanks to Michael Rack for spotting this. + + Don't treat option 67 as being interchangeable with + dhcp-boot parameters if it's specified as + dhcp-option-force. + + Make the code to call scripts on lease-change compile-time + optional. It can be switched off by editing src/config.h + or building with "make COPTS=-DNO_SCRIPT". + + Make the TFTP server cope with filenames from Windows/DOS + which use '\' as pathname separator. Thanks to Ralf for + the patch. + + Updated Polish translation. Thanks to Jan Psota. + + Warn if an IP address is duplicated in /etc/ethers. Thanks + to Felix Schwarz for pointing this out. + + Teach --conf-dir to take an option list of file suffices + which will be ignored when scanning the directory. Useful + for backup files etc. Thanks to Helmut Hullen for the + suggestion. + + Add new DHCP option named tftpserver-address, which + corresponds to the third argument of dhcp-boot. This + allows the complete functionality of dhcp-boot to be + replicated with dhcp-option. Useful when using + dhcp-optsfile. + + Test which upstream nameserver to use every 10 seconds + or 50 queries and not just when a query times out and + is retried. This should improve performance when there + is a slow nameserver in the list. Thanks to Joe for the + suggestion. + + Don't do any PXE processing, even for clients with the + correct vendorclass, unless at least one pxe-prompt or + pxe-service option is given. This stops dnsmasq + interfering with proxy PXE subsystems when it is just + the DHCP server. Thanks to Spencer Clark for spotting this. + + Limit the blocksize used for TFTP transfers to a value + which avoids packet fragmentation, based on the MTU of the + local interface. Many netboot ROMs can't cope with + fragmented packets. + + Honour dhcp-ignore configuration for PXE and proxy-PXE + requests. Thanks to Niels Basjes for the bug report. + + Updated French translation. Thanks to Gildas Le Nadan. + + +version 2.50 + Fix security problem which allowed any host permitted to + do TFTP to possibly compromise dnsmasq by remote buffer + overflow when TFTP enabled. Thanks to Core Security + Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro + Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and + Pablo Annetta. This problem has Bugtraq id: 36121 + and CVE: 2009-2957 + + Fix a problem which allowed a malicious TFTP client to + crash dnsmasq. Thanks to Steve Grubb at Red Hat for + spotting this. This problem has Bugtraq id: 36120 and + CVE: 2009-2958 + + +version 2.49 + Fix regression in 2.48 which disables the lease-change + script. Thanks to Jose Luis Duran for spotting this. + + Log TFTP "file not found" errors. These were not logged, + since a normal PXELinux boot generates many of them, but + the lack of the messages seems to be more confusing than + routinely seeing them when there is no real error. + + Update Spanish translation. Thanks to Chris Chatham. + + +version 2.48 + Archived the extensive, backwards, changelog to + CHANGELOG.archive. The current changelog now runs from + version 2.43 and runs conventionally. + + Fixed bug which broke binding of servers to physical + interfaces when interface names were longer than four + characters. Thanks to MURASE Katsunori for the patch. + + Fixed netlink code to check that messages come from the + correct source, and not another userspace process. Thanks + to Steve Grubb for the patch. + + Maintainability drive: removed bug and missing feature + workarounds for some old platforms. Solaris 9, OpenBSD + older than 4.1, Glibc older than 2.2, Linux 2.2.x and + DBus older than 1.1.x are no longer supported. + + Don't read included configuration files more than once: + allows complex configuration structures without problems. + + Mark log messages from the various subsystems in dnsmasq: + messages from the DHCP subsystem now have the ident string + "dnsmasq-dhcp" and messages from TFTP have ident + "dnsmasq-tftp". Thanks to Olaf Westrik for the patch. + + Fix possible infinite DHCP protocol loop when an IP + address nailed to a hostname (not a MAC address) and a + host sometimes provides the name, sometimes not. + + Allow --addn-hosts to take a directory: all the files + in the directory are read. Thanks to Phil Cornelius for + the suggestion. + + Support --bridge-interface on all platforms, not just BSD. + + Added support for advanced PXE functions. It's now + possible to define a prompt and menu options which will + be displayed when a client PXE boots. It's also possible to + hand-off booting to other boot servers. Proxy-DHCP, where + dnsmasq just supplies the PXE information and another DHCP + server does address allocation, is also allowed. See the + --pxe-prompt and --pxe-service keywords. Thanks to + Alkis Georgopoulos for the suggestion and Guilherme Moro + and Michael Brown for assistance. + + Improvements to DHCP logging. Thanks to Tom Metro for + useful suggestions. + + Add ability to build dnsmasq without DHCP support. To do + this, edit src/config.h or build with + "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch. + + Added --test command-line switch - syntax check + configuration files only. + + Updated French translation. Thanks to Gildas Le Nadan. + + +version 2.47 + Updated French translation. Thanks to Gildas Le Nadan. + + Fixed interface enumeration code to work on NetBSD + 5.0. Thanks to Roy Marples for the patch. + + Updated config.h to use the same location for the lease + file on NetBSD as the other *BSD variants. Also allow + LEASEFILE and CONFFILE symbols to be overriden in CFLAGS. + + Handle duplicate address detection on IPv6 more + intelligently. In IPv6, an interface can have an address + which is not usable, because it is still undergoing DAD + (such addresses are marked "tentative"). Attempting to + bind to an address in this state returns an error, + EADDRNOTAVAIL. Previously, on getting such an error, + dnsmasq would silently abandon the address, and never + listen on it. Now, it retries once per second for 20 + seconds before generating a fatal error. 20 seconds should + be long enough for any DAD process to complete, but can be + adjusted in src/config.h if necessary. Thanks to Martin + Krafft for the bug report. + + Add DBus introspection. Patch from Jeremy Laine. + + Update Dbus configuration file. Patch from Colin Walters. + Fix for this bug: + http://bugs.freedesktop.org/show_bug.cgi?id=18961 + + Support arbitrarily encapsulated DHCP options, suggestion + and initial patch from Samium Gromoff. This is useful for + (eg) gPXE, which expect all its private options to be + encapsulated inside a single option 175. So, eg, + + dhcp-option = encap:175, 190, "iscsi-client0" + dhcp-option = encap:175, 191, "iscsi-client0-secret" + + will provide iSCSI parameters to gPXE. + + Enhance --dhcp-match to allow testing of the contents of a + client-sent option, as well as its presence. This + application in mind for this is RFC 4578 + client-architecture specifiers, but it's generally useful. + Joey Korkames suggested the enhancement. + + Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on + OpenSolaris. Thanks to Bastian Machek for the heads-up. + + No longer complain about blank lines in + /etc/ethers. Thanks to Jon Nelson for the patch. + + Fix binding of servers to physical devices, eg + --server=/domain/1.2.3.4@eth0 which was broken from 2.43 + onwards unless --query-port=0 set. Thanks to Peter Naulls + for the bug report. + + Reply to DHCPINFORM requests even when the supplied ciaddr + doesn't fall in any dhcp-range. In this case it's not + possible to supply a complete configuration, but + individually-configured options (eg PAC) may be useful. + + Allow the source address of an alias to be a range: + --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole + subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255, + as before. + --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 + maps only the 192.168.0.10->192.168.0.40 region. Thanks to + Ib Uhrskov for the suggestion. + + Don't dynamically allocate DHCP addresses which may break + Windows. Addresses which end in .255 or .0 are broken in + Windows even when using supernetting. + --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means + 192.168.0.255 is a valid IP address, but not for Windows. + See Microsoft KB281579. We therefore no longer allocate + these addresses to avoid hard-to-diagnose problems. + + Update Polish translation. Thanks to Jan Psota. + + Delete the PID-file when dnsmasq shuts down. Note that by + this time, dnsmasq is normally not running as root, so + this will fail if the PID-file is stored in a root-owned + directory; such failure is silently ignored. To take + advantage of this feature, the PID-file must be stored in a + directory owned and write-able by the user running + dnsmasq. + + +version 2.46 + Allow --bootp-dynamic to take a netid tag, so that it may + be selectively enabled. Thanks to Olaf Westrik for the + suggestion. + + Remove ISC-leasefile reading code. This has been + deprecated for a long time, and last time I removed it, it + ended up going back by request of one user. This time, + it's gone for good; otherwise it would need to be + re-worked to support multiple domains (see below). + + Support DHCP clients in multiple DNS domains. This is a + long-standing request. Clients are assigned to a domain + based in their IP address. + + Add --dhcp-fqdn flag, which changes behaviour if DNS names + assigned to DHCP clients. When this is set, there must be + a domain associated with each client, and only + fully-qualified domain names are added to the DNS. The + advantage is that the only the FQDN needs to be unique, + so that two or more DHCP clients can share a hostname, as + long as they are in different domains. + + Set environment variable DNSMASQ_DOMAIN when invoking + lease-change script. This may be useful information to + have now that it's variable. + + Tighten up data-checking code for DNS packet + handling. Thanks to Steve Dodd who found certain illegal + packets which could crash dnsmasq. No memory overwrite was + possible, so this is not a security issue beyond the DoS + potential. + + Update example config dhcp option 47, the previous + suggestion generated an illegal, zero-length, + option. Thanks to Matthias Andree for finding this. + + Rewrite hosts-file reading code to remove the limit of + 1024 characters per line. John C Meuser found this. + + Create a net-id tag with the name of the interface on + which the DHCP request was received. + + Fixed minor memory leak in DBus code, thanks to Jeremy + Laine for the patch. + + Emit DBus signals as the DHCP lease database + changes. Thanks to Jeremy Laine for the patch. + + Allow for more that one MAC address in a dhcp-host + line. This configuration tells dnsmasq that it's OK to + abandon a DHCP lease of the fixed address to one MAC + address, if another MAC address in the dhcp-host statement + asks for an address. This is useful to give a fixed + address to a host which has two network interfaces + (say, a laptop with wired and wireless interfaces.) + It's very important to ensure that only one interface + at a time is up, since dnsmasq abandons the first lease + and re-uses the address before the leased time has + elapsed. John Gray suggested this. + + Tweak the response to a DHCP request packet with a wrong + server-id when --dhcp-authoritative is set; dnsmasq now + returns a DHCPNAK, rather than silently ignoring the + packet. Thanks to Chris Marget for spotting this + improvement. + + Add --cname option. This provides a limited alias + function, usable for DHCP names. Thanks to AJ Weber for + suggestions on this. + + Updated contrib/webmin with latest version from Neil + Fisher. + + Updated Polish translation. Thanks to Jan Psota. + + Correct the text names for DHCP options 64 and 65 to be + "nis+-domain" and "nis+-servers". + + Updated Spanish translation. Thanks to Chris Chatham. + + Force re-reading of /etc/resolv.conf when an "interface + up" event occurs. + + +version 2.45 + Fix total DNS failure in release 2.44 unless --min-port + specified. Thanks to Steven Barth and Grant Coady for + bugreport. Also reject out-of-range port spec, which could + break things too: suggestion from Gilles Espinasse. + + +version 2.44 + Fix crash when unknown client attempts to renew a DHCP + lease, problem introduced in version 2.43. Thanks to + Carlos Carvalho for help chasing this down. + + Fix potential crash when a host which doesn't have a lease + does DHCPINFORM. Again introduced in 2.43. This bug has + never been reported in the wild. + + Fix crash in netlink code introduced in 2.43. Thanks to + Jean Wolter for finding this. + + Change implementation of min_port to work even if min-port + is large. + + Patch to enable compilation of latest Mac OS X. Thanks to + David Gilman. + + Update Spanish translation. Thanks to Christopher Chatham. + + +version 2.43 + Updated Polish translation. Thanks to Jan Psota. + + Flag errors when configuration options are repeated + illegally. + + Further tweaks for GNU/kFreeBSD + + Add --no-wrap to msgmerge call - provides nicer .po file + format. + + Honour lease-time spec in dhcp-host lines even for + BOOTP. The user is assumed to known what they are doing in + this case. (Hosts without the time spec still get infinite + leases for BOOTP, over-riding the default in the + dhcp-range.) Thanks to Peter Katzmann for uncovering this. + + Fix problem matching relay-agent ids. Thanks to Michael + Rack for the bug report. + + Add --naptr-record option. Suggestion from Johan + Bergquist. + + Implement RFC 5107 server-id-override DHCP relay agent + option. + + Apply patches from Stefan Kruger for compilation on + Solaris 10 under Sun studio. + + Yet more tweaking of Linux capability code, to suppress + pointless wingeing from kernel 2.6.25 and above. + + Improve error checking during startup. Previously, some + errors which occurred during startup would be worked + around, with dnsmasq still starting up. Some were logged, + some silent. Now, they all cause a fatal error and dnsmasq + terminates with a non-zero exit code. The errors are those + associated with changing uid and gid, setting process + capabilities and writing the pidfile. Thanks to Uwe + Gansert and the Suse security team for pointing out + this improvement, and Bill Reimers for good implementation + suggestions. + + Provide NO_LARGEFILE compile option to switch off largefile + support when compiling against versions of uclibc which + don't support it. Thanks to Stephane Billiart for the patch. + + Implement random source ports for interactions with + upstream nameservers. New spoofing attacks have been found + against nameservers which do not do this, though it is not + clear if dnsmasq is vulnerable, since to doesn't implement + recursion. By default dnsmasq will now use a different + source port (and socket) for each query it sends + upstream. This behaviour can suppressed using the + --query-port option, and the old default behaviour + restored using --query-port=0. Explicit source-port + specifications in --server configs are still honoured. + + Replace the random number generator, for better + security. On most BSD systems, dnsmasq uses the + arc4random() RNG, which is secure, but on other platforms, + it relied on the C-library RNG, which may be + guessable and therefore allow spoofing. This release + replaces the libc RNG with the SURF RNG, from Daniel + J. Berstein's DJBDNS package. + + Don't attempt to change user or group or set capabilities + if dnsmasq is run as a non-root user. Without this, the + change from soft to hard errors when these fail causes + problems for non-root daemons listening on high + ports. Thanks to Patrick McLean for spotting this. + + Updated French translation. Thanks to Gildas Le Nadan. + + +version 2.42 + The changelog for version 2.42 and earlier is + available in CHANGELOG.archive. diff --git a/CHANGELOG.archive b/CHANGELOG.archive new file mode 100755 index 0000000..c9973cc --- /dev/null +++ b/CHANGELOG.archive @@ -0,0 +1,2509 @@ +release 0.4 - initial public release + +release 0.5 - added caching, removed compiler warning on linux PPC + +release 0.6 - TCP handling: close socket and return to connect state if we + can't read the first byte. This corrects a problem seen very + occasionally where dnsmasq would loop using all available CPU. + + Added a patch from Cris Bailiff + to set SO_REUSEADDR on the tcp socket which stops problems when + dnsmasq is restarted and old connections still exist. + + Stopped claiming in doc.html that smail is the default Debian + mailer, since it isn't any longer. (Pointed out by + David Karlin ) + +release 0.7 Create a pidfile at /var/run/dnsmasq.pid + + Extensive armouring against "poison packets" courtesy of + Thomas Moestl + + Set sockaddr.sa_family on outgoing address, patch from + David Symonds + + Patch to clear cache on SIGHUP + from Jason L. Wagner + + Fix bad bug resulting from not initialising value-result + address-length parameter to recvfrom() and accept() - it + worked by luck before! + +release 0.95 Major rewrite: remove calls to gethostbyname() and talk + directly to the upstream server(s) instead. + This has many advantages. + (1) Dnsmasq no longer blocks during long lookups. + (2) All query types are handled now, (eg MX) not just internet + address queries. Addresses are cached, all other + queries are forwarded directly. + (3) Time-to-live data from upstream server is read and + used by dnsmasq to purge entries from the cache. + (4) /etc/hosts is still read and its contents served (unless + the -h option is given). + (5) Dnsmasq can get its upstream servers from + a file other than /etc/resolv.conf (-r option) this allows + dnsmasq to serve names to the machine it is running + on (put nameserver 127.0.0.1 in /etc/resolv.conf and + give dnsmasq the option -r /etc/resolv.dnsmasq) + (6) Dnsmasq will re-read its servers if the + modification time of resolv.conf changes. Along with + 4 above this allows nameservers to be set + automatically by ppp or dhcp. + + A really clever NAT-like technique allows the daemon to have lots + of queries in progress, but still remain very lightweight. + Dnsmasq has a small footprint and normally doesn't allocate + any more memory after start-up. The NAT-like forwarding was + inspired by a suggestion from Eli Chen + +release 0.96 Fixed embarrasing thinko in cache linked-list code. + +release 0.98 Some enhancements and bug-fixes. + Thanks to "Denis Carre" and Martin + Otte + + (1) Dnsmasq now always sets the IP source address + of its replies correctly. Older versions would not always + do this on multi-homed and IP aliased hosts, which violates + the RFC. + (2) Dnsmasq no longer crashes if a server loop is created + (ie dnsmasq is told to use itself as an upstream server.) + Now it just logs the problem and doesn't use the bad + server address. + (3) Dnsmasq should now forward (but not cache) inverse queries + and server status queries; this feature has not been tested. + (4) Don't write the pid file when in non-daemon mode. + (5) Create the pid file mode 644, rather then 666 (!). + (6) Generate queries to upstream nameservers with unpredictable + ids, to thwart DNS spoofers. + (7) Dnsmasq no longer forwards queries when the + "recursion desired" bit is not set in the header. + (8) Fixed getopt code to work on compliers with unsigned char. + +release 0.991 Added -b flag: when set causes dnsmasq to always answer + reverse queries on the RFC 1918 private IP space itself and + never forward them to an upstream server. If the name is not in + /etc/hosts, dnsmasq replies with the dotted-quad address. + + Fixed a bug which stopped dnsmasq working on a box with + two or more interfaces with the same IP address. + + Fixed cacheing of CNAMEs. Previously, a CNAME which pointed + to a name with many A records would not have all the addresses + returned when being answered from the cache. + + Thanks to "Steve Hardy" for his input + on these fixes. + + Fixed race which could cause dnsmasq to miss the second of + two closely-spaced updates of resolv.conf (Thanks to Eli Chen + for pointing this out.) + + Fixed a bug which could cause dnsmasq to fail to cache some + dns names. + +release 0.992 Small change to memory allocation so that names in /etc/hosts + don't use cache slots. Also make "-c 0" flag meaningfully + disable caching completely. + +release 0.993 Return only the first (canonical) name from an entry in + /etc/hosts as reply to reverse query. + + Handle wildcard queries for names/addresses in /etc/hosts + this is mainly to allow reverse lookups by dig to succeed. + (Bug reported by Simon J. Rowe" ) + + Subtle change to the logic which selects which of multiple + upstream servers we send queries to. This fixes a problem + where dnsmasq continuously sends queries to a server which + is returning error codes and ignores one which is working. + +release 0.994 Fixed bug which broke lookup of names in /etc/hosts + which have upper-case letters in them. Thanks for Joao Clemente + for spotting that one. + + Output cache statistics on receipt of SIGUSR1. These go + to syslog except in debug (-d) mode, when a complete cache + dump goes to stdout. Suggestion from Joao Clemente, code + based in John Volpe's. + + Accept GNU long options on the command line. Code from + John Volpe for this. + + Split source code into multiple files and produced + a proper makefile. + + Included code from John Volpe to parse dhcp.leases file + written by ISC dhcpd. The hostnames in the leases file are + added to the cache and updated as dhcpd updates the + leases file. The code has been heavily re-worked by me, + so any bugs are probably mine. + +release 0.995 Small tidy-ups to signal handling and cache code. + +release 0.996 Added negative caching: If dnsmasq gets a "no such domain" reply + from an upstream nameserver, it will cache that information + for a time specified by the SOA RR in the reply. See RFC 2308 + for details. This is useful with resolver libraries + which append assorted suffices to non-FQDN in an attempt to + resolve them, causing useless cache misses. + + Added -i flag, which restricts dnsmasq to offering name service + only on specified interfaces. + +release 0.997 Deleted INSTALL script and added "install" target to makefile. + + Stopped distributing binaries in the tarball to avoid + libc version clashes. + + Fixed interface detection code to + remove spurious startup errors in rare circumstances. + + Dnsmasq now changes its uid, irrevocably, to nobody after + startup for security reasons. Thanks to Peter Bailey for + this patch. + + Cope with infinite DHCP leases. Patch thanks to + Yaacov Akiba Slama. + + Added rpm control files to .tar.gz distribution. Thanks to + Peter Baldwin at ClarkConnect for those. + + Improved startup script for rpms. Thanks to Yaacov Akiba Slama. + +release 1.0 Stable release: dnsmasq is now considered feature-complete + and stable. + +release 1.1 Added --user argument to allow user to change to + a different userid. + + Added --mx-target argument to allow mail to be delivered + away from the gateway machine running dnsmasq. + + Fixed highly obscure bug with wildcard queries for + DHCP lease derived names. + + Moved manpage from section 1 to section 8. + + Added --no-poll option. + Added Suse-rpm support. + Thanks to Joerg Mayer for the last two. + +release 1.2 Added IPv6 DNS record support. AAAA records are cached + and read from /etc/hosts. Reverse-lookups in the + ip6.int and ip6.arpa domains are suppored. Dnsmasq can + talk to upstream servers via IPv6 if it finds IP6 addresses + in /etc/resolv.conf and it offers DNS service automatically + if IPv6 support is present in the kernel. + + Extended negative caching to NODATA replies. + + Re-vamped CNAME processing to cope with RFC 2317's use of + CNAMES to PTR RRs in CIDR. + + Added config.h and a couple of symbols to aid + compilation on non-linux systems. + +release 1.3 Some versions of the Linux kernel return EINVAL rather + then ENPROTONOSUPPORT when IPv6 is not available, + causing dnsmasq to bomb out. This release fixes that. + Thanks to Steve Davis for pointing this one out. + + Trivial change to startup logic so that dnsmasq logs + its stuff and reads config files straight away on + starting, rather than after the first query - principle + of least surprise applies here. + +release 1.4 Fix a bug with DHPC lease parsing which broke in + non-UTC timezones. Thanks to Mark Wormgoor for + spotting and diagnosing this. Fixed versions in + the .spec files this time. Fixed bug in Suse startup + script. Thanks to Didi Niklaus for pointing this out. + +release 1.5 Added --filterwin2k option which stops dnsmasq from forwarding + "spam" queries from win2k boxes. This is useful to stop spurious + connections over dial-on-demand links. Thanks to Steve Hardy + for this code. + + Clear "truncated" bit in replies we return from upstream. This + stops resolvers from switching to TCP, which is pointless since + dnsmasq doesn't support TCP. This should solve problems + in resolving hotmail.com domains. + + Don't include getopt.h when Gnu-long-options are disabled - + hopefully this will allow compilation on FreeBSD. + + Added the --listen-address and --pid-file flags. + + Fixed a bug which caused old entries in the DHCP leases file + to be used in preference to current ones under certain + circumstances. + +release 1.6 If a machine gets named via DHCP and the DHCP name doesn't have + a domain part and domain suffix is set using the -s flag, then + that machine has two names with the same address, with and + without the domain suffix. When doing a _reverse_ lookup to + get the name, the "without suffix" name used to be returned, + now the "with suffix" one gets returned instead. This change + suggested by Arnold Schulz. + + Fixed assorted typos in the documentation. Thanks + to David Kimdon. + + Subtle rearrangement to the downloadable tarball, and stopped + distributing .debs, since dnsmasq is now an official Debian + package. + +release 1.7 Fix a problem with cache not clearing properly + on receipt of SIGHUP. Bug spotted by Sat Deshpande. + + In group-id changing code: + 1) Drop supplimentary groups. + 2) Change gid before dropping root (patch from Soewono Effendi.) + 3) Change group to "dip" if it exists, to allow access + to /etc/ppp/resolv.conf (suggestion from Jorg Sommer.) + Update docs to reflect above changes. + + Other documentation changes from David Miller. + Added suggested script fragment for dhcpcd.exe. + +release 1.8 Fix unsafe use of tolower() macro - allows linking against + ulibc. (Patches from Soewono Effendi and Bjorn Andersson.) + + Fix typo in usage string. + + Added advice about RedHat PPP configuration to + documentation. (Thanks to C. Lee Taylor.) + + Patches to fix problems on BSD systems from Marc Huber + and Can Erkin Acar. These add the options + HAVE_ARC4RANDOM and HAVE_SOCKADDR_SA_LEN to config.h. + Elaborated config.h - should really use autoconf. + + Fix time-to-live calculation when chasing CNAMEs. + + Fix use-after-free and missing initialisation bugs in + the cache code. (Thanks to Marc Huber.) + + Builds on Solaris 9. (Thanks to Marc Huber.) + +release 1.9 Fixes to rpm .spec files. + + Don't put expired DHCP entries into the cache only to + throw them away again. + + Put dnsmasq on a severe memory diet: this reduces both + the amount of heap space used and the stack size + required. The difference is not really visible with + bloated libcs like glibc, but should dramatically reduce + memory requirements when linked against ulibc for use on + embeded routers, and that's the point really. Thanks to + Matthew Natalier for prompting this. + + Changed debug mode (-d) so that all logging appears on + stderr as well as going to syslogd. + + Added HAVE_IPV6 config symbol to allow compilation + against a libc which doesn't have IPv6 support. + + Added a facility to log all queries, enabled with -q flag. + + Fixed packet size checking bug in address extraction code. + + Halved default cache size - 300 was way OTT in typical use. + + Added self-MX function, enabled by -e flag. Thanks to + Lyonel Vincent for the patch. + + Added HAVE_FORK config symbol and stuff to support + uClinux. Thanks to Matthew Natalier for uClinux stuff. + +release 1.10 Log warnings if resolv.conf or dhcp.leases are not + accessable for any reason, as suggested by Hinrich Eilts. + + Fixed wrong address printing in error message about + no interface with address. + + Updated docs and split installation instuctions into setup.html. + + Fix bug in CNAME chasing code: One CNAME pointing + to many A records would lose A records after the + first. This bug was introduced in version 1.9. + + Log startup failures at level Critical as well as + printing them to standard error. + Exit with return code 1 when given bad options. + + Cleaned up code for no-cache operation. + + Added -o option which forces dnsmasq to use to + upstream servers in the order they appear in /etc/resolv.conf. + + Added upstream server use logging. + + Log full cache dump on receipt of SIGUSR1 when query + logging is enabled (-q switch). + + Added -S option to directly specify upstream servers and + added ability to direct queries for specific domains to + specfic servers. Suggested by Jens Vonderheide. + + Upgraded random ID generation - patch from Rob Funk. + + Fixed reading of domains in arguments with capital + letters or trailing periods. + + Fixed potential SEGV when given bad options. + + Read options from /etc/dnsmasq.conf if it exists. + Do sensible things with missing parameters, eg + "--resolv-file=" turns off reading /etc/resolv.conf. + +release 1.11 Actually implement the -R flag promised in the 1.10 man page. + + Improve and rationalise the return codes in answers to + queries. In the case that there are no available + upstream servers to forward a query to, return REFUSED. + This makes sendmail work better on modem connected + systems when the modem link is down (Thanks to Roger Plant). + Cache and return the NXDOMAIN status of failed queries: + this makes the `host` command work when traversing search + paths (Thanks to Peter Bailey). Set the "authoritative" + bit in replies containing names from /etc/hosts or DHCP. + + Tolerate MS-DOS style line ending codes in /etc/hosts + and /etc/resolv.conf, for people who copy from winsock + installations. + + Allow specification of more than one resolv.conf file. This is + intended for laptops which connect via DHCP or + PPP. Whichever resolv.conf was updated last is used. + + Allow -S flags which specify a domain but no server + address. This gives local domains which are never forwarded. + + Add -E flag to automatically add the domain suffix to + names in /etc/hosts -suggestion from Phil Harman. + + Always return a zero time-to-live for names derived from + DHCP which stops anthing else caching these + names. Previously the TTL was derived from the lease + time but that is incorrect since a lease can be given + up early: dnsmasq would know this but anything with the + name cached with long TTL would not be updated. + + Extended HAVE_IPV6 config flag to allow compliation on + old systems which don't have modern library routines + like inet_ntop(). Thanks to Phil Harman for the patch. + +release 1.12 Allow more than one domain in server config lines and + make "local" a synonym for "server". This makes things + like "local=/localnet/thekelleys.org.uk/" legal. Allow + port to specified as part of server address. + + Allow whole domains to have an IP address specified + in /etc/dnsmasq.conf. (/etc/hosts doesn't work domains). + address=/doubleclick.net/127.0.0.1 should catch all + those nasty banner ads. Inspired by a patch + from Daniel Gryniewicz + + Log the source of each query when logging switched on. + + Fix bug in script fragment for dhcpcd - thanks to Barry Stewart. + + Fix bug which meant that strict-order and self-mx were + always enabled. + + Builds with Linux libc5 now - for the Freesco project. + + Fixed Makefile installation script (patch from Silvan + Minghetti) and added CC and CFLAGS variables. + + Improve resource allocation to reduce vulnerability to + DOS attacks - the old version could have all queries + blocked by a continuous high-speed stream of + queries. Now some queries will succeed, and the excess + will be rejected with a server fail error. This change also + protects against server-loops; setting up a resolving + loop between two instances of dnsmasq is no longer + catastrophic. The servers will continue to run, looped + queries fail and a warning is logged. Thanks to C. Lee + Taylor for help with this. + +release 1.13 Added support for building rpms suitable for modern Suse + systems. (patch from Andi ) + + Added options --group, --localmx, --local-ttl, + --no-negcache, --addn-host. + + Moved all the various rpm-building bits into /rpm. + + Fix builds with glibc 2.1 (thanks to Cristian + Ionescu-Idbohrn) + + Preserve case in domain names, as per RFC1035. + + Fixed ANY queries to domains with --address specification. + + Fixed FreeBSD build. (thanks to Steven Honson) + + Added -Q option which allows a specified port to be used + to talk to upstream servers. Useful for people who want + very paranoid firewalls which open individual UDP port. + (thanks to David Coe for the patch) + +release 1.14 Fixed man page description of -b option which confused + /etc/hosts with /etc/resolv.conf. (thanks to Christopher + Weimann) + + Fixed config.h to allow building under MACOS X and glibc + 2.0.x. (thanks to Matthew Gregan and Serge Caron) + + Added --except-interface option. (Suggested by Serge Caron) + + Added SIGUSR2 facility to re-scan for new + interfaces. (Suggested by Serge Caron) + + Fixed SEGV in option-reading code for invalid options. + (Thanks to Klaas Teschauer) + + Fixed man page to clarify effect of SIGUSR1 on + /etc/resolv.conf. + (Thanks to Klaas Teschauer) + + Check that recieved queries have only rfc1035-legal characters + in them. This check is mainly to avoid bad strings being + sent to syslog. + + Fixed &&/& confusion in option.c and added DESTDIR + variable for "make install" (Thanks to Osvaldo + Marques for the patch.) + + Fixed /etc/hosts parsing code to cope with MS-DOS + line-ends in the file. This was supposed to be done in + version 1.11, but something got missed. (Thanks to Doug + Copestake for helping to find this.) + + Squash repeated name/address pairs read from hosts + files. + + Tidied up resource handling in util.c (Thanks to + Cristian Ionescu-Idbohrn). + + Added hashed searching of domain names. People are starting + to use dnsmasq with larger loads now, and bigger caches, + and large lists of ad-block addresses. This means doing + linear searches can start to use lots of CPU so I added hashed + searching and seriously optimised the cache code for + algorithmic efficiency. Also upped the limit on cache + size to 10000. + + Fixed logging of the source of names from the additional + hosts file and from the "bogus private address" option. + + Fixed spurious re-reading of empty lease files. (Thanks + to Lewis Baughman for spotting this.) + + Fixed building under uclibc (patch from Cristian Ionescu-Idbohrn) + + Do some socket tweaking to allow dnsmasq to co-exist + with BIND. Thanks to Stefan 'Sec' Zehl for the patch. + +release 1.15 Added --bogus-nxdomain option. + + Restrict checking of resolv.conf and DHCP leases files + to once per second. This is intended to improve + performance under heavy loads. Also make a system call + to get the current time once per query, rather than four + times. + + Increased number of outstanding queries to 150 in + config.h + +release 1.16 Allow "/" characters in domain names - this fixes + caching of RFC 2317 CNAME-PTR records. + + Fixed brain-fart in -B option when GETOPT_LONG not + enabled - thanks to Steven Young and Jason Miller + for pointing this out. + + Generalised bogus-nxdomain code: allow more than one + address to check, and deal with replies with multiple + answer records. (Based on contribution from Humberto + Massa.) + + Updated the documentation to include information about + bogus-nxdomain and the Verisign tragedy. + + Added libraries needed on Solaris to Makefile. + + Added facility to set source address in queries to + upstream nameservers. This is useful with multihomed + hosts, especially when using VPNs. Thanks to Tom Fanning + for suggesting this feature. + + Tweaked logging: log to facility LOCAL0 when in + debug/no-daemon mode and changed level of query logging + from INFO to DEBUG. Make log options controllable in + config.h + +release 1.17 Fixed crash with DHCP hostnames > 40 characters. + + Fixed name-comparision routines to not depend on Locale, + in theory this versions since 1.15 could lock up or give + wrong results when run with locale != 'C'. + + Fix potential lockup in cache code. (thanks to Henning + Glawe for help chasing this down.) + + Made lease-file reader bullet-proof. + + Added -D option, suggested by Peter Fichtner. + +release 1.18 Added round-robin DNS for names which have more than one + address. In this case all the addresses will be + returned, as before, but the order will change on each + query. + + Remove stray tolower() and isalnum() calls missed in + last release to complete LOCALE independence. + + Allow port numbers in source-address specifications. + + For hostnames without a domain part which don't get + forwarded because -D is in effect, return NXDOMAIN not + an empty reply. + + Add code to return the software version in repsonse to the + correct magic query in the same way as BIND. Use + "dig version.bind chaos txt" to make the query. + + Added negative caching for PTR (address to name) records. + + Ensure that names of the form typically used in PTR queries + (ie w.x.yz.in-addr.arpa and IPv6 equivalents) get + correct answers when queried as other types. It's + unlikely that anyone would do this, but the change makes + things pedantically correct. + + Taught dnsmasq to understand "bitstring" names, as these + are used for PTR lookups of IPv6 addresses by some + resolvers and lookup tools. Dnsmasq now understands both + the ip6.int domain and the ip6.arpa domain and both + nibble and bitstring formats so it should work with any + client code. Standards for this stuff have flip-flopped + over the last few years, leaving many different clients + in their wake. See RFC2673 for details of bitstrings. + + Allow '_' characters in domain names: Legal characters + are now [a-z][A-Z].-_ Check names read from hosts files + and leases files and reject illegal ones with a message + in syslog. + + Make empty domain names in server and address options + have the special meaning "unqualified + names". (unqualified names are names without any dots in + them). It's now possible to do server=//1.2.3.4 and have + unqualified names sent to a special nameserver. + +release 2.0rc1 + Moved source code into src/ directory. + + Fixes to cure compilation breakage when HAVE_IPV6 not + set, thanks to Claas Hilbrecht. + + BIG CHANGE: added an integrated DHCP server and removed + the code to read ISC dhcp.leases. This wins in terms + of ease of setup and configuration flexibility and + total machine resources consumed. + + Re-jiged the signal handling code to remove a race + condition and to be more portable. + +release 2.0 + Thanks to David Ashworth for feedback which informed many + of the fixes below. + + Allow hosts to be specified by client ID in dhcp-hosts + options. These are now one of + dhcp-host=,.... + dhcp-host=id:,..... + dhcp-host=id:,..... + + Allow dhcp-host options to specify any IP address on the + DHCP-served network, not just the range available for + dynamic allocation. + + Allow dhcp-host options for the same host with different + IP adresses where the correct one will be selected for + the network the host appears on. + + Fix parsing of --dhcp-option to allow more than one + IP address and to allow text-type options. + + Inhibit use of --dhcp-option to send hostname DHCP options. + + Update the DNS with DHCP information after re-reading + /etc/hosts so that any DHCP derived names which have been + shadowed by now-deleted hosts entries become visible. + + Fix typos in dnsmasq.conf.example + + Fixes to Makefile(s) to help pkgsrc packaging - patch + from "pancake". + + Add dhcp-boot option to support network boot. + + Check for duplicate IP addresses in dhcp-hosts lines + and refuse to run if found. If allowed to remain these + can provoke an infinite loop in the DHCP protocol. + + Attempted to rationalise the .spec files for rpm + building. There are now files for Redhat, Suse and + Mandrake. I hope they work OK. + + Fixed hard-to-reproduce crash involving use of local + domains and IPv6 queries. Thanks to Roy Marples for + helping to track that one down. + +release 2.1 + Thanks to Matt Swift and Dag Wieers for many suggestions + which went into this release. + + Tweak include files to allow compilation on FreeBSD 5 + + Fix unaligned access warnings on BSD/Alpha. + + Allow empty DHCP options, like so: dhpc-option=44 + + Allow single-byte DHCP options like so: dhcp-option=20,1 + + Allow comments on the same line as options in + /etc/dnsmasq.conf + + Don't complain when the same name and address is + allocated to a host using DHCP and /etc/hosts. + + Added to the example configuration the dnsmasq equivalent + of the ISC dhcpd settings given in + http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt + + Fixed long-existing strangeness in Linux IPv6 interface + discovery code. The flags field in /proc/net/if_inet6 is + _not_ the interface flags. + + Fail gracefully when getting an ENODEV error when trying + to bind an IPv6 socket, rather than bailing out. Thanks + to Jan Ischebeck for feedback on that. + + Allow the name->address mapping for static DHCP leases to + be set by /etc/hosts. It's now possible to have + dhcp-host=,wibble + or even + dhcp-host=wibble + and in /etc/hosts have + wibble 1.2.3.4 + and for the correct thing to happen. Note that some sort + of dhcp-host line is still needed, it's not possible for + random host to claim an address in /etc/hosts without + some explicit configuration. + + Make 0.0.0.0 in a dhcp-option to mean "the machine + running dnsmasq". + + Fix lease time spec when specified in dhcp-range and not + in dhcp-host, previously this was always one hour. + + Fix problem with setting domains as "local only". - + thanks to Chris Schank. + + Added support for max message size DHCP option. + +release 2.2 + Fix total lack for DHCP functionality on + Linux systems with IPv6 enabled. - thanks to + Jonathon Hudson for spotting that. + + Move default config file under FreeBSD - patch from + Steven Honson + +release 2.3 + Fix "install" makefile target. (reported by Rob Stevens) + + Ensure that "local=/domain/" flag is obeyed for all + queries on a domain, not just A and AAAA. (Reported by + Peter Fichtner.) + + Handle DHCPDECLINE messages and provide an error message + in DHCPNAK messages. + + Add "domain" setting example to + dnsmasq.conf.example. Thanks to K P Kirchdorfer for + spotting that it was missing. + + Subtle change to the DHCPREQUEST handling code to work + around a bug in the DHCP client in HP Jetdirect printers. + Thanks to Marko Stolle for finding this problem. + + Return DHCP T1 and T2 times, with "fuzz" to desychronise lease + renewals, as specified in the RFC. + + Ensure that the END option is always present in DHCP + packets , even if the packet is too small to fit all + the requested options. + + Handle larger-than-default DHCP packets if required, up + to the ethernet MTU. + + Fix a couple of places where the return code from + malloc() was not checked. + + Cope with a machine taking a DHCP lease and then moving + network so that the lease address is no longer valid. + + The DHCP server will now work via a BOOTP relay - remote + networks are configured with the dhcp-range option the + same as directly connected ones, but they need an + additional netmask parameter. Eg + --dhcp-range=192.168.4.10,192.168.4.50,255.255,255.0 + will enable DHCP service via a BOOTP relay on the + 192.168.4.0 network. + + Add a limit on the number of available DHCP leases, + otherwise the daemon could be DOSed by a malicious + host. The default is 150, but it can be changed by the + dhcp-lease-max option. + + Fixed compilation on OpenBSD (thanks to Frederic Brodbeck + for help with that.) + + Reworked the DHCP network handling code for two good + effects: (1) The limit of one network only for DHCP on + FreeBSD is now gone, (2) The DHCP server copes with + dynamically created interfaces. The one-interface + limitation remains for OpenBSD, which is missing + extensions to the socket API which have been in Linux + since version 2.2 and FreeBSD since version 4.8. + + Reworked the DNS network code to also cope with + dynamically created interfaces. dnsmasq will now listen + to the wildcard address and port 53 by default, so if no + --interface or --address options are given it will handle + dynamically created interfaces. The old behaviour can be + restored with --bind-interfaces for people running BIND + on one interface and dnsmasq on another. Note that + --interface and --address options still work, but the + filtering is done by dnsmasq, rather then the kernel. + This works on Linux, and FreeBSD>=5.0. On systems which + don't support the required API extensions, the old + behaviour is used, just as if --bind-interfaces had been set. + + Allow IPv6 support to be disabled at compile time. To do + that, add -DNO_IPV6 to the CFLAGS. Thanks to Oleg + I. Vdovikin for the suggestion to do that. + + Add ability to set DHCP options per network. This is done + by giving a network an identifier like this: + dhcp-range=red-net,192.168.0.10,192.168.0.50 + and then labeling options intended for that network only + like this: + dhcp-option=red-net,6,1.1.1.1 + Thanks to Oleg Vdovikin for arguing that one through. + + Made errors in the configuration file non-fatal: dnsmasq + will now complain bitterly, but continue. + + Added --read-ethers option, to allow dnsmasq to pull + static DHCP information from that file. + Thanks to Andi Cambeis for that suggestion. + + Added HAVE_BROKEN_RTC compilation option to support + embedded systems without a stable RTC. Oleg Vdovikin + helped work out how to make that work. + +release 2.4 + Fixed inability to start when the lease file doesn't + already exist. Thanks to Dag Wieers for reporting that. + + Fixed problem were dhcp-host configuration options did + not play well with entries in /etc/ethers for the same + host. Thanks again to Dag Wieers. + + Tweaked DHCP code to favour moving to a newly-configured + static IP address rather than an old lease when doing + DHCP allocation. + + Added --alias configuration option. This provides IPv4 + rewrite facilities like Cisco "DNS doctoring". Suggested + by Chad Skeeters. + + Fixed bug in /etc/ethers parsing code triggered by tab + characters. Qudos to Dag Wieers for hepling to nail that + one. + + Added "bind-interfaces" option correctly. + +release 2.5 + Made "where are we allocating addresses?" code in DHCP + server cope with requests via a relay which is on a + directly connected network for which there is not a + configured netmask. This strange state of affairs occurs + with win4lin. Thanks to Alex Melt and Jim Horner for bug + reports and testing with this. + + Fixed trivial-but-irritating missing #include which broke + compilation on *BSD. + + Force --bind-interfaces if IP-aliased interface + specifications are used, since the sockets API provides + no other sane way to determine which alias of an + interface a packet was sent to. Thanks to Javier Kohen + for the bug report. + +release 2.6 + Support Token Ring DHCP. Thanks to Dag Wieers for help + testing. Note that Token ring support only works on Linux + currently. + + Fix compilation on MacOS X. Thanks to Bernhard Ehlers for + the patch. + + Added new "ignore" keyword for + dhcp-host. "dhcp-host=11:22:33:44:55:66,ignore" will + cause the DHCP server to ignore any host with the given + MAC address, leaving it to other servers on the + network. This also works with client-id and hostnames. + Suggestion by Alex Melt. + + Fixed parsing of hex client IDs. Problem spotted by Peter + Fichtner. + + Allow conf-file options in configuration file, to + provide an include function. + + Re-read /etc/ethers on receipt of SIGHUP. + + Added back the ability to read ISC dhcpd lease files, by + popular demand. Note that this is deprecated and for + backwards compatibility only. You can get back the 4K of + memory that the code occupies by undefining + "HAVE_ISC_READER" in src/config.h + + Added ability to disable "pool" DHCP address allocation + whilst leaving static leases working. The syntax is + "dhcp-range=192.168.0.0,static" + Thanks to Grzegorz Nosek for the suggestion. + + Generalized dnsmasq-rh.spec file to work on Mandrake too, + and removed dnsmasq-mdk.spec. Thanks to Doug Keller. + + Allow DHCP options which are tied to specific static + leases in the same way as to specific networks. + + Generalised the dhcp-option parser a bit to allow hex + strings as parameters. This is now legal: + dhcp-option=128,e4:45:74:68:00:00 + Inspired by a patch from Joel Nordell. + + Changed the semantics of argument-less dhcp-options for + the default-setting ones, ie 1, 3, 6 and 28. Now, doing + eg, dhcp-option=3 stops dnsmasq from sending a default + router option at all. Thanks to Scott Emmons for pointing + out that this is useful. + + Fixed dnsmasq.conf parsing bug which interpreted port + numbers in server= lines as a comment. To start a + comment, a '#' character must now be a the start of a + line or preceded by whitespace. Thanks to Christian + Haggstrom for the bug report. + +release 2.7 + Allow the dhcp-host specification of id:* which makes + dnsmasq ignore any client-id. This is useful to ensure + that a dual-boot machine sees the same lease when one OS + gives a client-id and the other doesn't. It's also useful + when PXE boot DHCP does not use client IDs but the OS it boots + does. Thanks to Grzegorz Nosek for suggesting this enhancement. + + No longer assume that ciaddr is zero in received DHCPDISCOVER + messages, just for security against broken clients. + + Set default of siaddr field to the address of the machine running + dnsmasq when not explicitly set using dhcp-boot + option. This is the ISC dhcpd behaviour. + + Send T1 and T2 options in DHCPOFFER packets. This is required + by the DHCP client in some JetDirect printers. Thanks + to Paul Mattal for work on this. + + Fixed bug with DHCP on OpenBSD reported by Dominique Jacquel. + The code which added loopback interfaces to the list + was confusing the DHCP code, which expected one interface only. + Solved by adding loopback interfaces to address list instead. + + Add dhcp-vendorclass option to allow options to be sent only + to certain classes of clients. + + Tweaked option search code so that if a netid-qualified + option is used, any unqualified option is ignored. + + Changed the method of picking new dynamic IP + addresses. This used to use the next consecutive + address as long it was free, now it uses a hash + from the client hardware address. This reduces the amount + of address movement for clients which let their lease + expire and allows consecutive DHCPOFFERS to the same host + to (almost always) be for the same address, without + storing state before a lease is granted. + + Tweaked option handling code to return all possible + options rather than none when DHCP "requested options" + field is missing. This fixes interoperability with + ancient IBM LANMAN DHCP clients. Thanks to Jim Louvau for + help with this. + +release 2.8 + Pad DHCP packets to a minimum size of 300 bytes. This + fixes interoperability problems with the Linux in-kernel + DHCP/BOOTP client. Thanks to Richard Musil for + diagnosing this and supplying a patch. + + Fixed option-parsing bug and potential memory leak. Patch + from Richard Musil. + + Improved vendor class configuration and added user class + configuration. Specifically: (1) options are matched on + the netids from dhcp-range, dhcp-host, vendor class and + user class(es). Multiple net-ids are allowed and options + are searched on them all. (2) matches agains vendor class + and user class are now on a substring, if the given + string is a substring of the vendor/user class, then a + match occurs. Thanks again to Richard Musil for prompting + this. + + Make "#" match any domain on --address and --server + flags. --address=/#/1.2.3.4 will return 1.2.3.4 for _any_ + domain not otherwise matched. Of course + --server=/#/1.2.3.4 is exactly equivalent to + --server=1.2.3.4. Special request from Josh Howlett. + + Fixed a nasty bug which would cause dnsmasq to lose track + of leases for hosts which had a --dhcp-host flag without + a name specification. The mechanism for this was that + the hostname could get erroneously set as a zero-length + string and then written to the leases file as a + mal-formed line. Restarting dnsmasq would then lose the lease. + Alex Hermann's work helped chase down this problem. + + Add checks against DHCP clients which return zero-length + hostnames. This avoids the potential lease-loss problems + reffered to above. Also, if a client sends a hostname when + it creates a lease but subsequently sends no or a + zero-length hostname whilst renewing, continue to use the + existing hostname, don't wipe it out. + + Tweaked option parsing to flag some parameter errors. + +release 2.9 + Fixed interface filter code for two effects: 1) Fixed bug + where queries sent via loopback interface + but to the address of another interface were ignored + unless the loopback interface was explicitly configured. + 2) on OpenBSD failure to configure one interface now + causes a fatal error on startup rather than an huge + stream of log messages. Thanks to Erik Jan Tromp for + finding that bug. + + Changed server selection strategy to improve performance + when there are many available servers and some are + broken. The new algorithm is to pick as before for the + first try, but if a query is retried, to send to all + available servers in parallel. The first one to reply + then becomes prefered for the next query. This should + improve reliability without generating significant extra + upstream load. + + Fixed breakage of special servers/addresses for + unqualified domains introduced in version 2.8 + + Allow fallback to "bind-interfaces" at runtime: Some + verions of *BSD seem to have enough stuff in the header + files to build but no kernel support. Also now log if + "bind-interfaces" is forced on. + + Log replies from upstream servers which refuse to do + recursion - dnsmasq is not a recursive nameserver and + relies on upstream servers to do the recursion, this + flags a configuration error. + + Disable client-id matching for hosts whose MAC address is + read from /etc/ethers. Patch from Oleg I. Vdovikin. + + Extended --mx-host flag to allow arbitrary targets for MX + records, suggested by Moritz Bunkus. + + Fixed build under NetBSD 2.0 - thanks to Felix Deichmann + for the patch. + + Deal correctly with repeated addresses in /etc/hosts. The + first name found is now returned for reverse lookups, + rather than all of them. + + Add back fatal errors when nonexistant + interfaces or interface addresses are given but only in + "bind-interfaces" mode. Principle of least surprise applies. + + Allow # as the argument to --domain, meaning "read the + domain from the first search directive in + /etc.resolv.conf". Feature suggested by Evan Jones. + +release 2.10 + Allow --query-port to be set to a low port by creating and + binding the socket before dropping root. (Suggestion from + Jamie Lokier) + + Support TCP queries. It turned out to be possible to do + this with a couple of hundred lines of code, once I knew + how. The executable size went up by a few K on i386. + There are a few limitations: data obtained via TCP is not + cached, and dynamically-created interfaces may break under + certain circumstances. Source-address or query-port + specifications are ignored for TCP. + + NAK attempts to renew a DHCP lease where the DHCP range + has changed and the lease is no longer in the allowed + range. Jamie Lokier pointed out this bug. + + NAK attempts to renew a pool DHCP lease when a statically + allocated address has become available, forcing a host to + move to its allocated address. Lots of people have + suggested this change and been rebuffed (they know who + they are) the straws that broke the camel's back were Tim + Cutts and Jamie Lokier. + + Remove any nameserver records from answers which are + modified by --alias flags. If the answer is modified, it + cannot any longer be authoritative. + + Change behaviour of "bogus-priv" option to return NXDOMAIN + rather than a PTR record with the dotted-quad address as + name. The new behaviour doesn't provoke tcpwrappers like + the old behavior did. + + Added a patch for the Suse rpm. That changes the default + group to one suitable for Suse and disables inclusion of + the ISC lease-file reader code. Thanks to Andy Cambeis for + his ongoing work on Suse packaging. + + Support forwarding of EDNS.0 The maximum UDP packet size + defaults to 1280, but may be changed with the + --edns-packet-max option. Detect queries with the do bit + set and always forward them, since DNSSEC records are + not cached. This behaviour is required to make + DNSSECbis work properly though dnsmasq. Thanks to Simon + Josefsson for help with this. + + Move default config file location under OpenBSD from + /usr/local/etc/dnsmasq.conf to /etc/dnsmasq.conf. Bug + report from Jonathan Weiss. + + Use a lease with matching MAC address for a host which + doesn't present a client-id, even if there was a client ID + at some point in the past. This reduces surprises when + changing DHCP clients, adding id:* to a host, and from the + semantics change of /etc/ethers in 2.9. Thanks to Bernard + Sammer for finding that. + + Added a "contrib" directory and in it the dnslist utility, + from Thomas Tuttle. + + Fixed "fail to start up" problems under Linux with IPv6 + enabled. It's not clear that these were an issue in + released versions, but they manifested themselves when TCP + support was added. Thanks to Michael Hamilton for + assistance with this. + +version 2.11 + Fixed DHCP problem which could result in two leases in the + database with the same address. This looked much more + alarming then it was, since it could only happen when a + machine changes MAC address but kept the same name. The + old lease would persist until it timed out but things + would still work OK. + + Check that IP addresses in all dhcp-host directives are + unique and die horribly if they are not, since otherwise + endless protocol loops can occur. + + Use IPV6_RECVPKTINFO as socket option rather than + IPV6_PKTINFO where available. This keeps late-model FreeBSD + happy. + + Set source interface when replying to IPv6 UDP + queries. This is needed to cope with link-local addresses. + +version 2.12 + Added extra checks to ensure that DHCP created DNS entries + cannot generate multiple DNS address->name entries. Thanks to + Stefan Monnier for finding the exact set of configuration + options which could create this. + + Don't set the the filterwin2k option in the example config + file and add warnings that is breaks Kerberos. Thanks to + Simon Josefsson and Timothy Folks for pointing that out. + + Log types of incoming queries as well as source and domain. + + Log NODATA replies generated as a result of the + filterwin2k option. + +version 2.13 + Fixed crash with un-named DHCP hosts introduced in 2.12. + Thanks to Nicolo Wojewoda and Gregory Gathy for bug reports. + +version 2.14 + Fix DHCP network detection for hosts which talk via a + relay. This makes lease renewal for such hosts work + correctly. + + Support RFC3011 subnet selectors in the DHCP server. + + Fix DHCP code to generate RFC-compliant responses + to hosts in the INIT-REBOOT state. + + In the DHCP server, set the receive buffer size on + the transmit-only packet socket to zero, to avoid + waste of kernel buffers. + + Fix DHCP address allocation code to use the whole of + the DHCP range, including the start and end addresses. + + Attempt an ICMP "ping" on new addresses before allocating + them to leases, to avoid allocating addresses which are in use. + + Handle rfc951 BOOTP as well as DHCP for hosts which have + MAC address to IP address mapping defined. + + Fix compilation under MacOS X. Thanks to Chris Tomlinson. + + Fix compilation under NetBSD. Thanks to Felix Deichmann. + + Added "keep-in-foreground" option. Thanks to Sean + MacLennan for the patch. + +version 2.15 + Fixed NXDOMAIN/NODATA confusion for locally known + names. We now return a NODATA reponse for names which are + locally known. Now a query for (eg AAAA or MX) for a name + with an IPv4 address in /etc/hosts which fails upstream + will generate a NODATA response. Note that the query + is still tried upstream, but a NXDOMAIN reply gets + converted to NODATA. Thanks to Eric de Thouars, Eric + Spakman and Mike Mestnik for bug reports/testing. + + Allow multiple dhcp-ranges within the same network. The + original intention was that there would be a dhcp-range + option for each network served, but there's no real reason + not to allow discontinuous ranges within a network so this + release adds support for that. + + Check for dhcp-ranges which are inconsistent with their + netmask, and generate errors or warnings. + + Improve error messages when there are problems with + configuration. + +version 2.16 + Fixed typo in OpenBSD-only code which stopped compilation + under that OS. Chris Weinhaupl gets credit for reporting + this. + + Added dhcp-authoritative option which restores non-RFC + compliant but desirable behaviour of pre-2.14 versions and + avoids long timeouts while DHCP clients try to renew leases + which are unknown to dnsmasq. Thanks to John Mastwijk for + help with this. + + Added support to the DHCP option code to allow RFC-3397 + domain search DHCP option (119) to be sent. + + Set NONBLOCK on all listening sockets to workaround non-POSIX + compliance in Linux 2.4 and 2.6. This fixes rare hangs which + occured when corrupted packets were received. Thanks to + Joris van Rantwijk for chasing that down. + + Updated config.h for NetBSD. Thanks to Martin Lambers. + + Do a better job of distinguishing between retransmissions + and new queries when forwarding. This fixes a bug + triggered by the polipo web cache which sends A and AAAA + queries both with the same transaction-ID. Thanks to + Joachim Berdal Haga and Juliusz Chroboczek for help with this. + + Rewrote cache code to store CNAMES, rather then chasing + them before storage. This eliminates bad situations when + clients get inconsistent views depending on if data comes + from the cache. + + Allow for more than one --addn-hosts flag. + + Clarify logged message when a DHCP lease clashes with an + /etc/hosts entry. Thanks to Mat Swift for the suggestion. + + Added dynamic-dnsmasq from Peter Willis to the contrib + section. + +version 2.17 + Correctly deduce the size of numeric dhcp-options, rather + than making wild guesses. Also cope with negative values. + + Fixed use of C library reserved symbol "index" which broke + under certain combinations of library and compiler. + + Make bind-interfaces work for IPv6 interfaces too. + + Warn if an interface is given for listening which doesn't + currently exist when not in bind-interfaces mode. (This is + already a fatal error when bind-interfaces is set.) + + Allow the --interface and --except-interface options to + take a comma-separated list of interfaces. + + Tweak --dhcp-userclass matching code to work with the + ISC dhclient which violates RFC3004 unless its + configuration is very warped. Thanks to Cedric Duval for + the bug report. + + Allow more than one network-id tag in a dhcp-option. All + the tags must match to enable the option. + + Added dhcp-ignore option to disable classes of hosts based + on network-id tags. Also allow BOOTP options to be + controlled by network tags. + + Fill in sname, file and siaddr fields in replies to + DHCPINFORM messages. + + Don't send NAK replies to DHCPREQUEST packets for disabled + clients. Credit to Cedric Duval for spotting this. + + Fix rare crash associated with long DNS names and CNAME + records. Thanks to Holger Hoffstatte and especially Steve + Grecni for help chasing that one down. + +version 2.18 + Reworked the Linux interface discovery code (again) to + cope with interfaces which have only IPv6 addresses and + interfaces with more than one IPv6 address. Thanks to + Martin Pels for help with that. + + Fix problems which occured when more than one dhcp-range + was specified in the same subnet: sometimes parameters + (lease time, network-id tag) from the wrong one would be + used. Thanks to Rory Campbell-Lange for the bug report. + + Reset cache statistics when clearing the cache. + + Enable long command line options on FreeBSD when the + C library supports them. + +version 2.19 + Tweaked the Linux-only interface discovery code to cope + with interface-indexes larger than 8 bits in + /proc/net/if_inet6. This only affects Linux, obviously. + Thanks to Richard Atterer for the bug report. + + Check for under-length option fields in DHCP packets, a + zero length client-id, in particluar, could seriously + confuse dnsmasq 'till now. Thanks to Will Murname for help + with that. + + If a DHCP-allocated address has an associated name in + /etc/hosts, and the client does not provide a hostname + parameter and there is no hostname in a matching dhcp-host + option, send the /etc/hosts name as the hostname in + the DHCP lease. Thanks to Will Murname for the suggestion. + +version 2.20 + Allow more than one instance of dnsmasq to run on a + machine, each providing DHCP service on a different + interface, provided that --bind-interfaces is set. This + configuration used to work, but regressed in version 2.14 + + Fix compilation on Mac OS X. Thanks to Kevin Bullock. + + Protect against overlong names and overlong + labels in configuration and from DHCP. + + Fix interesting corner case in CNAME handling. This occurs + when a CNAME has a target which "shadowed" by a name in + /etc/hosts or from DHCP. Resolving the CNAME would sneak + the upstream value of the CNAME's target into the cache, + alongside the local value. Now that doesn't happen, though + resolving the CNAME still gives the unshadowed value. This + is arguably wrong but rather difficult to fix. The main + thing is to avoid getting strange results for the target + due to the cache pollution when resolving the + CNAME. Thanks to Pierre Habouzit for exploring the corner + and submitting a very clear bug report. + + Fix subtle bug in the DNS packet parsing code. It's almost + impossible to describe this succinctly, but the one known + manifestation is the inability to cache the A record for + www.apple.com. Thanks to Bob Alexander for spotting that. + + Support SRV records. Thanks to Robert Kean for the patches + for this. + + Fixed sign confusion in the vendor-id matching code which + could cause crashes sometimes. (Credit to Mark Wiater for + help finding this.) + + Added the ability to match the netid tag in a + dhcp-range. Combined with the ability to have multiple + ranges in a single subnet, this provides a means to + segregate hosts on different address ranges based on + vendorclass or userclass. Thanks to Mark Wiater for + prompting this enhancement. + + Added preference values for MX records. + + Added the --localise-queries option. + +version 2.21 + Improve handling of SERVFAIL and REFUSED errors. Receiving + these now initiates search for a new good server, and a + server which returns them is not a candidate as a good + server. Thanks to Istvan Varadi for pointing out the + problem. + + Tweak the time code in BROKEN_RTC mode. + + Sanity check lease times in dhcp-range and dhcp-host + configurations and force them to be at least two minutes + (120s) leases shorter than a minute confuse some clients, + notably Apple MacOS X. Rory Campbell-Lange found this + problem. + + Only warn once about an upstream server which is refusing to do + recursive queries. + + Fix DHCP address allocation problem when netid tags are in + use. Thanks to Will Murnane for the bug report and + subsequent testing. + + Add an additional data section to the reply for MX and SRV + queries. Add support for DNS TXT records. Thanks to Robert + Kean and John Hampton for prompts and testing of these. + + Apply address rewriting to records in the additional data section + of DNS packets. This makes things like MX records work + with the alias function. Thanks to Chad Skeeters for + pointing out the need for this. + + Added support for quoted strings in config file. + + Detect and defeat cache-poisoning attacks which attempt to + send (malicious) answers to questions we didn't + send. These are ignored now even if the attacker manages + to guess a random query-id. + + Provide DHCP support for interfaces with multiple IP + addresses or aliases. This in only enabled under Linux. + See the FAQ entry for details. + + Revisit the MAC-address and client-id matching code to + provide saner behaviour with PXE boots, where some + requests have a client-id and some don't. + + Fixed off-by-one buffer overflow in lease file reading + code. Thanks to Rob Holland for the bug report. + + Added wildcard matching for MAC addresses in dhcp-host + options. A sensible suggestion by Nathaniel McCallum. + +version 2.22 + Fixed build problems on (many) systems with older libc + headers where is required before + . Enabled HAVE_RTNETLINK under uclibc now + that this fix is in place. + + Added support for encapsulated vendor-class-specific DHCP + options. Thanks to Eric Shattow for help with this. + + Fix regression in 2.21 which broke commas in filenames and + corrupted argv. Thanks to Eric Scott for the bugreport. + + Fixed stupid thinko which caused dnsmasq to wedge during + startup with certain MX-record options. Another 2.21 regression. + + Fixed broken-ness when reading /etc/ethers. 2.21 broke + this too. + + Fixed wedge with certain DHCP options. Yet another 2.21 + regression. Rob Holland and Roy Marples chased this one + down. + +version 2.23 + Added a check to ensure that there cannot be more than one + dhcp-host option for any one IP address, even if the + addresses are assigned indirectly via a hostname and + /etc/hosts. + + Include a "server identifier" in DHCPNAK replies, as + required by RFC2131. + + Added method support for DBus + (http://www.freedesktop.org/Software/dbus) + This is a superior way to re-configure dnsmasq on-the-fly + with different upstream nameservers, as the host moves + between networks. DBus support must be enabled in + src/config.h and should be considered experimental at this + point. See DBus-interface for the specification of the + DBus method calls supported. + + Added information to the FAQ about setting the DNS domain + in windows XP and Mac OS X, thanks to Rick Hull. + + Added sanity check to resolv.conf polling code to cope + with backwards-moving clocks. Thanks to Leonardo Canducci + for help with this. + + Handle so-called "A-for-A" queries, which are queries for + the address associated with a name which is already a + dotted-quad address. These should be handled by the + resolver code, but sometimes aren't and there's no point + in forwarding them. + + Added "no-dhcp-interface" option to disable DHCP service + on an interface, whilst still providing DNS. + + Fix format-string problem - config file names get passed + to fprintf as a format string, so % characters could cause + crashes. Thanks to Rob Holland for sleuthing that one. + + Fixed multiple compiler warnings from gcc 4. Thanks to + Tim Cutts for the report. + + Send the hostname option on DHCP offer messages as well as + DHCP ack messages. This is required by the Rio Digital + Audio Receiver. Thanks to Ron Frederick for the patch. + + Add 'd' (for day) as a possible time multiplier in lease + time specifications. Thanks to Michael Deegan. + + Make quoting suppress recognition of IP addresses, so + dhcp-option=66,1.2.3.4 now means something different to + dhcp-option=66,"1.2.3.4", which sets the option to a + string value. Thanks to Brian Macauley for the bug report. + + Fixed the option parsing code to avoid segfaults from some + invalid configurations. Thanks to Wookey for spotting that one. + + Provide information about which compile-time options were + selected, both in the log at startup and as part of the output + from dnsmasq --version. Thanks to Dirk Schenkewitz for + the suggestion. + + Fix pathalogical behaviour when a broken client keeps sending + DHCPDISCOVER messages repeatedly and fast. Because dealing with + each of these takes a few seconds, (because of the ping) then a + queue of DHCP packets could build up. Now, the results of a ping + test are assumed to be valid for 30 seconds, so repeated waits are + not required. Thanks to Luca Landi for finding this. + + Allow DHCPINFORM requests without hardware address + information. These are generated by some browsers, looking + for proxy information. Thanks to Stanley Jaddoe for the + bug report on that. + + Add support of the "client FQDN" DHCP option. If present, + this is used to allow the client to tell dnsmasq its name, + in preference to (mis)using the hostname option. See + http://tools.ietf.org/wg/dhc/draft-ietf-dhc-fqdn-option/\ + draft-ietf-dhc-fqdn-option-10.txt + for details of the draft spec. + + Added startup scripts for MacOS X Tiger/Panther to the + contrib collection. Thanks to Tim Cutts. + + Tweak DHCP network selection so that clients which turn up + on our network in REBINDING state and with a lease for a + foreign network will get a NAK response. Thanks to Dan + Shechter for work on this and an initial patch and thanks + to Gyorgy Farkas for further testing. + + Fix DNS query forwarding for empty queries and forward + queries even when the recursion-desired bit is clear. This + allows "dig +trace" to work. Problem report from Uwe + Gansert. + + Added "const" declarations where appropriate, thanks to + Andreas Mohr for the patch. + + Added --bootp-dynamic option and associated + functionality. Thanks to Josef Wolf for the suggestion. + +version 2.24 + Updated contrib/openvpn/dnsmasq.patch from Joseph Tate. + + Tweaked DHCP NAK code, a DHCP NAK is now unicast as a + fallback in cases where a broadcast is futile: namely in + response to a unicast REQUEST from a non-local network + which was not sent via a relay. + + Slightly changed the semantics of domain matching in + --server and --address configs. --server=/domain.com/ still + matches domain.com and sub.domain.com but does not + now match newdomain.com The semantics of + --server=/.domain.com/ are unchanged. + Thanks to Chris Blaise for the patch. + + Added backwards-compatible internationalisation support. + The existing make targets, (all, dnsmasq, install) work as + before. New ones (all-i18n, and install-i18n) add gettext. + The translations live in po/ There are not too many + strings, so if anybody can provide translations (and for + the manpage....) please send them in. + + Tweak behaviour on receipt of REFUSED or SERVFAIL rcodes, + now the query gets retried on all servers before returning + the error to the source of the query. Thanks to Javier + Kohen for the report. + + Added Polish translation - thanks to Tomasz Sochanski. + + Changed default manpage install location from /usr/man + to /usr/share/man + + Added Spanish translation - thanks to Christopher Chatham. + + Log a warning when a DHCP packet is truncated due to lack + of space. (Thanks to Michael Welle for the prompt to do + this.) + + Added French translation - thanks to Lionel Tricon. + + Added Indonesian translation - thanks to Salman AS. + + Tweaked the netlink code to cope with interface broadcast + address not set, or set to 0.0.0.0. + + Fixed problem assigning fixed addresses to hosts when more + than one dhcp-range is available. Thanks to Sorin Panca + for help chasing this down. + + Added more explict error mesages to the hosts file and + ethers file reading code. Markus Kaiserswerth suffered to + make this happen. + + Ensure that a hostname supplied by a DHCP client can never + override one configured on the server. Previously, any + host claiming a name would be given it, even if that + over-rode a dhcp-host declaration, leading to potentially + confusing situations. + + Added Slackware package-build stuff into contrib/ The i18n + effort broke the current scripts, and working ones were + needed for testing, so they ended up here rather than make + Pat re-invent the wheel. + + Added Romanian translation, thanks to Sorin Panca for + that. + +version 2.25 + Fixed RedHat spec file for FC4 - thanks to Werner Hoelzl + and Andrew Bird. + + Fixed Suse spec file - thanks to Steven Springl. + + Fixed DHCP bug when two distict subnets are on the same + physical interface. Thanks to Pawel Zawora for finding + this and suggesting the fix. + + Added logging to make it explicit when dnsmasq falls back + from using RT-netlink sockets to the old ioctl API for + getting information about interfaces. Doing this + completely silently made remote debugging hard. + + Merged uclibc build fixes from the OpenWRT package into + src/config.h + + Added Norwegian translation - thanks to Jan Erik Askildt. + +version 2.26 + Fixed SuSe rpm patch problem - thanks to Steven Springl. + + Fixed crash when attempting to send a DHCP NAK to a host + which believes it has a lease on an unknown + network. Thanks to Lutz Pressler for the bug report and + patch. + +version 2.27 + Tweaked DHCP behaviour when a client attempts to renew a lease + which dnsmasq doesn't know about. Previously that would always + result in a DHCPNAK. Now, in dhcp-authoritative mode, the + lease will be created, if it's legal. This makes dnsmasq work + better if the lease database is lost, for example on an OpenWRT + system which reboots. Thanks to Stephen Rose for work on + this. + + Added the ability to support RFC-3442 style destination + descriptors in dhcp-options. This makes classless static + routes easy to do, eg dhcp-option=121,192.168.1.0/24,1.2.3.4 + + Added error-checking to the code which writes the lease + file. If this fails for any reason, an error is logged, + and a retry occurs after one minute. This should improve + things eg when a filesystem is full. Thanks to Jens Holze + for the bug report. + + Fixed breakage of the "/#/ matches any domain" facility + which happened in 2.24. Thanks to Peter Surda for the bug + report. + + Use "size_t" and "ssize_t" types where appropriate in the + code. + + Fix buggy CNAME handling in mixed IPv4 and IPv6 + queries. Thanks to Andreas Pelme for help finding that. + + Added some code to attempt to re-transmit DNS queries when + a network interface comes up. This helps on DoD links, + where frequently the packet which triggers dialling is + a DNS query, which then gets lost. By re-sending, we can + avoid the lookup failing. This function is only active + when netlink support is compiled in, and therefore only + under Linux. Thanks to Jean Wolter for help with this. + + Tweaked the DHCP tag-matching code to work correctly with + NOT-tag conditions. Thanks to Lutz Pressler for finding + the bug. + + Generalised netid-tag matching in dhcp-range statements to + allow more than one tag. + + Added --dhcp-mac to do MAC address matching in the same + way as vendorclass and userclass matching. A good + suggestion from Lutz Pressler. + + Add workaround for buggy early Microsoft DHCP clients + which need zero-termination in string options. + Thanks to Fabiano Pires for help with this. + + Generalised the DHCP code to cope with any hardware + address type, at least on Linux. *BSD is still limited to + ethernet only. + +version 2.28 + Eliminated all raw network access when running on + Linux. All DHCP network activity now goes through the IP + stack. Packet sockets are no longer required. Apart from + being a neat hack, this should also allow DHCP over IPsec + to work better. On *BSD and OS X, the old method of raw net + access through BPF is retained. + + Simplified build options. Networking is now slimmed down + to a choice of "linux" or "other". Netlink is always used + under Linux. Since netlink has been available since 2.2 + and non-optional in an IPv4-configured kernel since 2.4, + and the dnsmasq netlink code is now well tested, this + should work out fine. + + Removed decayed build support for libc5 and Solaris. + + Removed pselect code: use a pipe for race-free signal + handling instead, as this works everywhere. + + No longer enable the ISC leasefile reading code in the + distributed sources. I doubt there are many people left + using this 1.x compatibility code. Those that are will + have to explicitly enable it in src/config.h. + + Don't send the "DHCP maximum message size" option, even if + requested. RFC2131 says this is a "MUST NOT". + + Support larger-than-minimum DHCP message. Dnsmasq is now + happy to get larger than 576-byte DHCP messages, and will + return large messages, if permitted by the "maximum + message size" option of the message to which it is + replying. There's now an arbitrary sanity limit of 16384 + bytes. + + Added --no-ping option. This fixes an RFC2131 "SHOULD". + + Building on the 2.27 MAC-address changes, allow clients to + provide no MAC address at all, relying on the client-id as + a unique identifier. This should make things like DHCP for + USB come easier. + + Fixed regression in netlink code under 2.2.x kernels which + occurred in 2.27. Erik Jan Tromp is the vintage kernel fan + who found this. P.S. It looks like this "netlink bind: + permission denied" problem occured in kernels at least as + late a 2.4.18. Good information from Alain Richoux. + + Added a warning when it's impossible to give a host its + configured address because the address is leased + elsewhere. A sensible suggestion from Mircea Bardac. + + Added minimal support for RFC 3046 DHCP relay agent-id + options. The DHCP server now echoes these back to the + relay, as required by the RFC. Also, RFC 3527 link selection + sub-options are honoured. + + Set the process "dumpable" flag when running in debug + mode: this makes getting core dumps from root processes + much easier. + + Fixed one-byte buffer overflow which seems to only cause + problems when dnsmasq is linked with uclibc. Thanks to + Eric House and Eric Spakman for help in chasing this down. + + Tolerate configuration screwups which lead to the DHCP + server attemping to allocate its own address to a + client; eg setting the whole subnet range as a DHCP + range. Addresses in use by the server are now excluded + from use by clients. + + Did some thinking about HAVE_BROKEN_RTC mode, and made it + much simpler and better. The key is to just keep lease + lengths in the lease file. Since these normally never + change, even as the lease is renewed, the lease file never + needs to change except when machines arrive on the network + or leave. This eliminates the code for timed writes, and + reduces the amount of wear on a flash filesystem to the + absolute minimum. Also re-did the basic time function in + this mode to use the portable times(), rather than parsing + /proc/uptime. + + Believe the source port number when replying to unicast + DHCP requests and DHCP requests via a relay, instead of always + using the standard ports. This will allow relays on + non-standard ports and DHCPINFORM from unprivileged ports + to work. The source port sent by unconfigured clients is still + ignored, since this may be unreliable. This means that a DHCP + client must use the standard port to do full configuration. + +version 2.29 + Fixed compilation on OpenBSD (thanks to Tom Hensel for the + report). + + Fixed false "no interface" errors when --bind-interfaces is + set along with --interface=lo or --listen-address. Thanks + to Paul Wise for the report. + + Updated patch for SuSE rpm. Thanks to Steven Springl. + + It turns out that there are some Linux kernel + configurations which make using the capability system + impossible. If this situation occurs then continue, running + as root, and log a warning. Thanks to Scott Wehrenberg + for help tracking this down. + +version 2.30 + Fixed crash when a DHCP client requested a broadcast + reply. This problem was introduced in version 2.28. + Thanks to Sandra Dekkers for the bug report. + +version 2.31 + Added --dhcp-script option. There have been calls for this + for a long time from many good people. Fabio Muzzi gets + the prize for finally convincing me. + + Added example dbus config file and moved dbus stuff into + its own directory. + + Removed horribly outdated Redhat RPM build files. These + are obsolete now that dnsmasq in in Fedora extras. Thanks + to Patrick "Jima" Laughton, the Fedora package + maintainer. + + Added workaround for Linux kernel bug. This manifests + itself as failure of DHCP on kernels with "support for + classical IP over ATM" configured. That includes most + Debian kernel packages. Many thanks to A. Costa and + Benjamin Kudria for their huge efforts in chasing this + down. + + Force-kill child processes when dnsmasq is sent a sigterm, + otherwise an unclosed TCP connection could keep dnsmasq + hanging round for a few minutes. + + Tweaked config.h logic for uclibc build. It will now pick + up MMU and IPV6 status correctly on every system I tested. + +version 2.32 + Attempt a better job of replacing previous configuration + when re-reading /etc/hosts and /etc/ethers. SIGHUP is + still not identical to a restart under all circumstances, + but it is for the common case of name->MAC address in + /etc/ethers and name->IP address in /etc/hosts. + + Fall back to broadcast for DHCP to an unconfigured client + when the MAC address size is greater than 14 bytes. + + Fix problem in 2.28-onwards releases which breaks DNS on + Mac OS X. Thanks to Doug Fields for the bug report and + testing. + + Added fix to allow compilation on c89-only compilers. + Thanks to John Mastwijk for the patch. + + Tweak resolv file polling code to work better if there is + a race between updating the mtime and file contents. This + is not normally a problem, but it can be on systems which + replace nameservers whilst active. The code now continues + to read resolv.conf until it gets at least one usable + server. Thanks to Holger Mauermann for help with this. + + If a client DECLINEs an address which is allocated to it + via dhcp-host or /etc/hosts, lock that address out of use + for ten minutes, instead of forever, and log when it's not + being used because of the lock-out. This should provide + less surprising behaviour when a configured address can't be + used. Thanks to Peter Surda and Heinz Deinhart for input + on this. + + Fixed *BSD DHCP breakage with only some + arches/compilers, depending on structure padding rules. + Thanks to Jeb Campbell and Tom Hensel for help with this. + + Added --conf-dir option. Suggestion from Aaron Tygart. + + Applied patch from Brent Cook which allows netids in + dhcp-option configuration lines to be prefixed by + "net:". This is not required by the syntax, but it is + consistent with other configuration items. + + Added --log-facility option. Suggestion from Fabio Muzzi. + + Major update to Spanish translation. Many thanks to Chris + Chatham. + + Fixed gcc-4.1 strict-alias compilation warning. + +version 2.33 + Remove bash-specific shellcode from the Makefile. + + Fix breakage with some DHCP relay implementations which + was introduced in 2.28. Believing the source port in + DHCP requests and sending the reply there is sometimes a + bad thing to do, so I've reverted to always sending to + the relay on port 68. Thanks to Daniel Hamlin and Alex + (alde) for bug reports on this. + + Moved the SuSe packaging files to contrib. I will no + longer attempt to maintain this in the source tarball. It + will be done externally, in the same way as packaging for + other distros. Suse packages are available from + ftp://ftp.suse.com/pub/people/ug/ + + Merged patch from Gentoo to honour $LDFLAGS environment. + + Fix bug in resolv.conf processing when more than one file + is being checked. + + Add --dns-forward-max option. + + Warn if --resolv-file flags are ignored because of + --no-resolv. Thanks to Martin F Krafft for spotting this + one. + + Add --leasefile-ro option which allows the use of an + external lease database. Many thanks to Steve Horbachuk + for assistance developing this feature. + + Provide extra information to lease-change script via its + environment. If the host has a client-id, then + DNSMASQ_CLIENT_ID will be set. Either the lease length (in + DNSMASQ_LEASE_LENGTH) or lease expiry time (in + DNSMASQ_LEASE_EXPIRES) will be set, depending on the + HAVE_BROKEN_RTC compile-time option. This extra + information should make it possible to maintain the lease + database in external storage such as LDAP or a relational + database. Note that while leasefile-ro is set, the script + will be called with "old" events more often, since + changes to the client-id and lease length + (HAVE_BROKEN_RTC) or lease expiry time (otherwise) + are now flagged. + + Add contrib/wrt/* which is an example implementation of an + external persistent lease database for *WRT distros with + the nvram command. + + Add contrib/wrt/dhcp_release.c which is a small utility + which removes DHCP leases using DHCPRELEASE operation in + the DHCP protocol. + +version 2.34 + Tweak network-determination code for another corner case: + in this case a host forced to move between dhcp-ranges on + the same physical interface. Thanks to Matthias Andree. + + Improve handling of high DNS loads by throttling acceptance of + new queries when resources are tight. This should be a + better response than the "forwarding table full..." + message which was logged before. + + Fixed intermittent infinite loop when re-reading + /etc/ethers after SIGHUP. Thanks to Eldon Ziegler for the + bug report. + + Provide extra information to the lease-change script: when + a lease loses its hostname (because a new lease comes + along and claims the same new), the "old" action is called + with the current state of the lease, ie no name. The + change is to provide the former name which the lease had + in the environment variable DNSMASQ_OLD_HOSTNAME. This + helps scripts which do stuff based on hostname, rather + than IP address. Also provide vendor-class and user-class + information to the lease-change script when a new lease is + created in the DNSMASQ_VENDOR_CLASS and + DNSMASQ_USER_CLASS environment variables. Suggestion + from Francois-Xavier Le Bail. + + Run the lease change script as root, even when dnsmasq is + configured to change UID to an unprivileged user. Since + most uses of the lease change script need root, this + allows its use whilst keeping the security advantages of + running the daemon without privs. The script is invoked + via a small helper process which keeps root UID, and + validates all data received from the main process. To get + root, an attacker would have to break dnsmasq and then + break the helper through the restricted comms channel + linking the two. + + Add contrib/port-forward/* which is a script to set up + port-forwards using the DHCP lease-change script. It's + possible to add a host to a config file by name, and when + that host gets a DHCP lease, the script will use iptables + to set up port-forwards to configured ports at the address + which the host is allocated. The script also handles + setting up the port-forward iptables entries after reboot, + using the persistent lease database, and removing them + when a host leaves and its DHCP lease expires. + + Fix unaligned access problem which caused wrong log + messages with some clients on some architectures. Thanks + to Francois-Xavier Le Bail for the bugreport. + + Fixed problem with DHCPRELEASE and multi-address + interfaces. Enhanced contrib/wrt/dhcp_release to cope + under these circumstances too. Thanks to Eldon Ziegler for + input on this. + + Updated French translation: thanks to Gildas Le Nadan. + + Upgraded the name hash function in the DNS cache. Thanks + to Oleg Khovayko for good work on this. + + Added --clear-on-reload flag. Suggestion from Johannes + Stezenbach. + + Treat a nameserver address of 0.0.0.0 as "nothing". Erwin + Cabrera spotted that specifying a nameserver as 0.0.0.0 + breaks things badly; this is because the network stack + treats is as "this host" and an endless loop ensues. + + Added Webmin module in contrib/webmin. Thanks to Neil + Fisher for that. + +version 2.35 + Generate an "old" script event when a client does a DHCPREQUEST + in INIT-REBOOT or SELECTING state and the lease already + exists. Supply vendor and user class information to these + script calls. + + Added support for Dragonfly BSD to src/config.h + + Removed "Upgrading to 2.0" document, which is ancient + history now. + + Tweak DHCP networking code for BSD, esp OpenBSD. Added a + workaround for a bug in OpenBSD 4.0: there should finally + be support for multiple interfaces under OpenBSD now. + Note that no version of dnsmasq before 2.35 will work for + DHCP under OpenBSD 4.0 because of a kernel bug. + Thanks to Claudio Jeker, Jeb Campbell and Cristobal + Palmer for help with this. + + Optimised the cache code for the case of large + /etc/hosts. This is mainly to remove the O(n-squared) + algorithm which made reading large (50000 lines) files + slow, but it also takes into account the size of + /etc/hosts when building hash tables, so overall + performance should be better. Thanks to "koko" for + pointing out the problem. + +version 2.36 + Added --dhcp-ignore-names flag which tells dnsmasq not to + use names provided by DHCP clients. Suggestion from + Thomas M Steenholdt. + + Send netmask and broadcast address DHCP options always, + even if the client doesn't request them. This makes a few + odd clients work better. + + Added simple TFTP function, optimised for net-boot. It is + now possible to net boot hosts using only dnsmasq. The + TFTP server is read-only, binary-mode only, and designed to be + secure; it adds about 4K to the dnsmasq binary. + + Support DHCP option 120, SIP servers, (RFC 3361). Both + encodings are supported, so both --dhcp-option=120,192.168.2.3 + and --dhcp-option=120,sip.example.net will work. Brian + Candler pointed out the need for this. + + Allow spaces in domain names, to support DNS-SD. + + Add --ptr-record flag, again for DNS-SD. Thanks to Stephan + Sokolow for the suggestion. + + Tolerate leading space on lines in the config file. Thanks + to Luigi Rizzo for pointing this out. + + Fixed netlink.c to cope with headers from the Linux 2.6.19 + kernel. Thanks to Philip Wall for the bug report. + + Added --dhcp-bridge option, but only to the FreeBSD + build. This fixes an oddity with a a particular bridged + network configuration on FreeBSD. Thanks to Luigi Rizzo + for the patch. + + Added FAQ entry about running dnsmasq in a Linux + vserver. Thanks to Gildas le Nadan for the information. + + Fixed problem with option parsing which interpreted "/" as + an address and not a string. Thanks to Luigi Rizzo + for the patch. + + Ignore the --domain-needed flag when forwarding NS + and SOA queries, since NS queries of TLDs are always legit. + Marcus Better pointed out this problem. + + Take care to forward signed DNS requests bit-perfect, so + as not to affect the validity of the signature. This + should allow DDNS updates to be forwarded. + +version 2.37 + Add better support for RFC-2855 DHCP-over-firewire and RFC + -4390 DHCP-over-InfiniBand. A good suggestion from Karl Svec. + + Some efficiency tweaks to the cache code for very large + /etc/hosts files. Should improve reverse (address->name) + lookups and garbage collection. Thanks to Jan 'RedBully' + Seiffert for input on this. + + Fix regression in 2.36 which made bogus-nxdomain + and DNS caching unreliable. Thanks to Dennis DeDonatis + and Jan Seiffert for bug reports. + + Make DHCP encapsulated vendor-class options sane. Be + warned that some conceivable existing configurations + using these may break, but they work in a much + simpler and more logical way now. Prepending + "vendor:" to an option encapsulates it + in option 43, and the option is sent only if the + client-supplied vendor-class substring-matches with + the given client-id. Thanks to Dennis DeDonatis for + help with this. + + Apply patch from Jan Seiffert to tidy up tftp.c + + Add support for overloading the filename and servername + fields in DHCP packet. This gives extra option-space when + these fields are not being used or with a modern client + which supports moving them into options. + + Added a LIMITS section to the man-page, with guidance on + maximum numbers of clients, file sizes and tuning. + +release 2.38 + Fix compilation on *BSD. Thanks to Tom Hensel. + + Don't send length zero DHCP option 43 and cope with + encapsulated options whose total length exceeds 255 octets + by splitting them into multiple option 43 pieces. + + Avoid queries being retried forever when --strict-order is + set and an upstream server returns a SERVFAIL + error. Thanks to Johannes Stezenbach for spotting this. + + Fix BOOTP support, broken in version 2.37. + + Add example dhcp-options for Etherboot. + + Add \e (for ASCII ESCape) to the set of valid escapes + in config-file strings. + + Added --dhcp-option-force flag and examples in the + configuration file which use this to control PXELinux. + + Added --tftp-no-blocksize option. + + Set netid tag "bootp" when BOOTP (rather than DHCP) is in + use. This makes it easy to customise which options are + sent to BOOTP clients. (BOOTP allows only 64 octets for + options, so it can be necessary to trim things.) + + Fix rare hang in cache code, a 2.37 regression. This + probably needs an infinite DHCP lease and some bad luck to + trigger. Thanks to Detlef Reichelt for bug reports and testing. + +release 2.39 + Apply patch from Mike Baker/OpenWRT to ensure that names + like "localhost." in /etc/hosts with trailing period + are treated as fully-qualified. + + Tolerate and ignore spaces around commas in the + configuration file in all circumstances. Note that this + may change the meaning of a few existing config files, for + instance + txt-record=mydomain.com, string + would have a leading space in the string before, and now + will not. To get the old behaviour back, use quotes: + txt-record=mydomain.com," string" + + /a is no longer a valid escape in quoted strings. + + Added symbolic DHCP option names. Instead of + dhcp-option = 3, 1.2.3.4 + it is now possible to do + dhcp-option = option:router, 1.2.3.4 + To see the list of known DHCP options, use the + command "dnsmasq --help dhcp" + Thanks to Luigi Rizzo for a patch and good work on this. + + Overhauled the log code so that logging can be asynchronous; + dnsmasq then no longer blocks waiting for the syslog() library + call. This is important on systems where syslog + is being used to log over the network (and therefore doing + DNS lookups) and syslog is using dnsmasq as its DNS + server. Having dnsmasq block awaiting syslog under + such circumstances can lead to syslog and dnsmasq + deadlocking. The new behaviour is enabled with a new + --log-async flag, which can also be used to tune the + queue length. Paul Chambers found and diagnosed + this trap for the unwary. He also did much testing of + the solution along with Carlos Carvalho. + + --log-facility can now take a file-name instead of a + facility name. When this is done, dnsmasq logs to the + file and not via syslog. (Failures early in startup, + whilst reading configuration, will still go to syslog, + and syslog is used as a log-of-last-resort if the file + cannot be written.) + + Added --log-dhcp flag. Suggestion from Carlos Carvalho. + + Made BINDIR, MANDIR and LOCALEDIR independently + over-rideable in the makefile. Suggestion from Thomas + Klausner. + + Added 127.0.0.0/8 and 169.254.0.0/16 to the address + ranges affected by --bogus-priv. Thanks to Paul + Chambers for the patch. + + Fixed failure of TFTP server with --listen-address. Thanks + to William Dinkel for the bug report. + + Added --dhcp-circuitid and --dhcp-remoteid for RFC3046 + relay agent data matching. + + Added --dhcp-subscrid for RFC3993 subscriber-id relay + agent data matching. + + Correctly garbage-collect connections when upstream + servers go away as a result of DBus transactions. + + Allow absolute paths for TFTP transfers even when + --tftp-root is set, as long as the path matches the root, + so /var/ftp/myfile is OK with tftp-root=/var/ftp. + Thanks for Thomas Mizzi for the patch. + + Updated Spanish translation - thanks to Chris Chatham. + + Updated French translation - thanks to Gildas Le Nadan. + + Added to example conf file example of routing PTR queries + for a subnet to a different nameserver. Suggestion from + Jon Nicholson. + + Added --interface-name option. This provides a facility + to add a domain name with a dynamic IP address taken from + the address of a local network interface. Useful for + networks with dynamic IPs. + +version 2.40 + Make SIGUSR2 close-and-reopen the logfile when logging + direct to a file. Thanks to Carlos Carvalho for + suggesting this. When a logfile is created, change + its ownership to the user dnsmasq will run as, don't + leave it owned by root. + + Set a special tag, "known" for hosts which are matched by + a dhcp-host or /etc/ethers line. This is especially + useful to be able to do --dhcp-ignore=#known, like ISCs + "deny unknown-clients". + + Explicitly set a umask before creating the leases file, + rather than relying on whatever we inherited. The + permissions are set to 644. + + Fix handling of fully-qualified names in --dhcp-host + directives and in /etc/ethers. These are now rejected + if the domain doesn't match that given by --domain, + and used correctly otherwise. Before, putting + a FQDN here could cause the whole FQDN to be used as + hostname. Thanks to Michael Heimpold for the bug report. + + Massive but trivial edit to make the "daemon" variable + global, instead of copying the same value around as the + first argument to half the functions in the program. + + Updated Spanish manpage and message catalog. Thanks + to Chris Chatham. + + Added patch for support of DNS LOC records in + contrib/dns-loc. Thanks to Lorenz Schori. + + Fixed error in manpage: dhcp-ignore-name -> + dhcp-ignore-names. Thanks to Daniel Mentz for spotting + this. + + Use client-id as hash-seed for DHCP address allocation + with Firewire and Infiniband, as these don't supply an MAC + address. + + Tweaked TFTP file-open code to make it behave sensibly + when the filesystem changes under its feet. + + Added DNSMASQ_TIME_REMAINING environment variable to the + lease-script. + + Always send replies to DHCPINFORM requests to the source + of the request and not to the address in ciaddr. This + allows third-party queries. + + Return "lease time remaining" in the reply to a DHCPINFORM + request if there exists a lease for the host sending the + request. + + Added --dhcp-hostsfile option. This gives a superset of + the functionality provided by /etc/ethers. Thanks to + Greg Kurtzer for the suggestion. + + Accept keyword "server" as a synonym for "nameserver" in + resolv.conf. Thanks to Andrew Bartlett for the report. + + Add --tftp-unique-root option. Suggestion from Dermot + Bradley. + + Tweak TFTP retry timer to avoid problems with difficult + clients. Thanks to Dermot Bradley for assistance with + this. + + Continue to use unqualified hostnames provided by DHCP + clients, even if the domain part is illegal. (The domain + is ignored, and an error logged.) Previously in this + situation, the whole name whould have been + rejected. Thanks to Jima for the patch. + + Handle EINTR returns from wait() correctly and reap + our children's children if necessary. This fixes + a problem with zombie-creation under *BSD when using + --dhcp-script. + + Escape spaces in hostnames when they are stored in the + leases file and passed to the lease-change + script. Suggestion from Ben Voigt. + + Re-run the lease chamge script with an "old" event for + each lease when dnsmasq receives a SIGHUP. + + Added more useful exit codes, including passing on a + non-zero exit code from the lease-script "init" call when + --leasefile-ro is set. + + Log memory allocation failure whilst the daemon is + running. Allocation failures during startup are fatal, + but lack of memory whilst running is worked around. + This used to be silent, but now is logged. + + Fixed misaligned memory access which caused problems on + Blackfin CPUs. Thanks to Alex Landau for the patch. + + Don't include (useless) script-calling code when NO_FORK + is set. Since this tends to be used on very small uclinux + systems, it's worth-while to save some code-size. + + Don't set REUSEADDR on TFTP listening socket. There's no + need to do so, and it creates confusing behaviour when + inetd is also listening on the same port. Thanks to Erik + Brown for spotting the problem. + +version 2.41 + Remove deprecated calls when compiled against libdbus 1.1. + + Fix "strict-alias" warning in bpf.c + + Reduce dependency on Gnu-make in build system: dnsmasq now + builds with system make under OpenBSD. + + Port to Solaris. Dnsmasq 1.x used to run under Solaris, + and this release does so again, for Solaris 9 or better. + + Allow the DNS function to be completely disabled, by + setting the port to zero "--port=0". The allows dnsmasq to + be used as a simple DHCP server, simple TFTP server, or + both, but without the DNS server getting in the way. + + Fix a bug where NXDOMAIN could be returned for a query + even if the name's value was known for a different query + type. This bug could be prodded with + --local=/domain/ --address=/name.domain/1.2.3.4 + An IPv6 query for name.domain would return NXDOMAIN, and + not the correct NOERROR. Thanks to Lars Nooden for + spotting the bug and Jima for diagnosis of the problem. + + Added per-server stats to the information logged when + dnsmasq gets SIGUSR1. + + Added counts of queries forwarded and queries answered + locally (from the cache, /etc/hosts or config). + + Fixed possible crash bug in DBus IPv6 code. Thanks to Matt + Domsch and Jima. + + Tighten checks for clashes between hosts-file and + DHCP-derived names. Multiple addresses associated with a + name in hosts-file no longer confuses the check. + + Add --dhcp-no-override option to fix problems with some + combinations of stage zero and stage one + bootloaders. Thanks to Steve Alexander for the bug report. + + Add --tftp-port-range option. Thanks to Daniel Mierswa for + the suggestion. + + Add --stop-dns-rebind option. Thanks to Collin Mulliner + for the patch. + + Added GPL version 3 as a license option. + + Added --all-servers option. Thanks to Peter Naulls for the + patch. + + Extend source address mechanism so that the interface used + to contact an upstream DNS server can be nailed + down. Something like "--server=1.2.3.4@eth1" will force + the use of eth1 for traffic to DNS-server 1.2.3.4. This + facility is only available on Linux and Solaris. Thanks to + Peter Naulls for prompting this. + + Add --dhcp-optsfile option. Thanks to Carlos Carvalho for + the suggestion. + + Fixed failure to set source address for server connections + when using TCP. Thanks to Simon Capper for finding this + bug. + + Refuse to give a DHCP client the address it asks for if + the address range in question is not available to that + particular host. Thanks to Cedric Duval for the bug + report. + + Changed behavior of DHCP server to always return total length of + a new lease in DHCPOFFER, even if an existing lease + exists. (It used to return the time remaining on the lease + whne one existed.) This fixes problems with the Sony Ericsson + K610i phone. Thanks to Hakon Stordahl for finding and + fixing this. + + Add DNSMASQ_INTERFACE to the environment of the + lease-change script. Thanks to Nikos Mavrogiannopoulos for + the patch. + + Fixed broken --alias functionality. Thanks to Michael + Meelis for the bug report. + + Added French translation of the man page. Thank to Gildas + Le Nadan for that. + + Add --dhcp-match flag, to check for arbitrary options in + DHCP messages from clients. This enables use of dnsmasq + with gPXE. Thanks to Rance Hall for the suggestion. + + Added --dhcp-broadcast, to force broadcast replies to DHCP + clients which need them but are too dumb or too old to + ask. Thanks to Bodo Bellut for the suggestion. + + Disable path-MTU discovery on DHCP and TFTP sockets. This + is never needed, and the presence of DF flags in the IP + header confuses some broken PXE ROMS. Thanks again to Bodo + Bellut for spotting this. + + Fix problems with addresses which have multiple PTR + records - all but one of these could get lost. + + Fix bug with --address and ANY query type seeing REFUSED + return code in replies. Thanks to Mike Wright for spotting + the problem. + + Update Spanish translation. Thanks to Chris Chatham. + + Add --neg-ttl option. + + Add warnings about the bad effects of --filterwin2k on + SIP, XMPP and Google-talk to the example config file. + + Fix va_list abuse in log.c. This fixes crashes on powerpc + when debug mode is set. Thanks to Cedric Duval for the + patch. + +version 2.42 + Define _GNU_SOURCE to avoid problems with later glibc + headers. Thanks to Jima for spotting the problem. + + Add --dhcp-alternate-port option. Thanks to Jan Psota for + the suggestion. + + Fix typo in code which is only used on BSD, when Dbus and + IPv6 support is enabled. Thanks to Roy Marples. + + Updated Polish translations - thank to Jan Psota. + + Fix OS detection logic to cope with GNU/FreeBSD. + + Fix unitialised variable in DBus code - thanks to Roy + Marples. + + Fix network enumeration code to work on later NetBSD - + thanks to Roy Marples. + + Provide --dhcp-bridge on all BSD variants. + + Define _LARGEFILE_SOURCE which removes an arbitrary 2GB + limit on logfiles. Thanks to Paul Chambers for spotting + the problem. + + Fix RFC3046 agent-id echo code, broken for many + releases. Thanks to Jeremy Laine for spotting the problem + and providing a patch. + + Added Solaris 10 service manifest from David Connelly in + contrib/Solaris10 + + Add --dhcp-scriptuser option. + + Support new capability interface on suitable Linux + kernels, removes "legacy support in use" messages. Thanks + to Jorge Bastos for pointing this out. + + Fix subtle bug in cache code which could cause dnsmasq to + lock spinning CPU in rare circumstances. Thanks to Alex + Chekholko for bug reports and help debugging. + + Support netascii transfer mode for TFTP. + diff --git a/COPYING b/COPYING new file mode 100755 index 0000000..60549be --- /dev/null +++ b/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/COPYING-v3 b/COPYING-v3 new file mode 100755 index 0000000..94a9ed0 --- /dev/null +++ b/COPYING-v3 @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/FAQ b/FAQ new file mode 100755 index 0000000..b51c31e --- /dev/null +++ b/FAQ @@ -0,0 +1,471 @@ +Q: Why does dnsmasq open UDP ports >1024 as well as port 53. + Is this a security problem/trojan/backdoor? + +A: The high ports that dnsmasq opens are for replies from the upstream + nameserver(s). Queries from dnsmasq to upstream nameservers are sent + from these ports and replies received to them. The reason for doing this is + that most firewall setups block incoming packets _to_ port 53, in order + to stop DNS queries from the outside world. If dnsmasq sent its queries + from port 53 the replies would be _to_ port 53 and get blocked. + + This is not a security hole since dnsmasq will only accept replies to that + port: queries are dropped. The replies must be to oustanding queries + which dnsmasq has forwarded, otherwise they are dropped too. + + Addendum: dnsmasq now has the option "query-port" (-Q), which allows + you to specify the UDP port to be used for this purpose. If not + specified, the operating system will select an available port number + just as it did before. + + Second addendum: following the discovery of a security flaw in the + DNS protocol, dnsmasq from version 2.43 has changed behavior. It + now uses a new, randomly selected, port for each query. The old + default behaviour (use one port allocated by the OS) is available by + setting --query-port=0, and setting the query port to a positive + value is still works. You should think hard and know what you are + doing before using either of these options. + +Q: Why doesn't dnsmasq support DNS queries over TCP? Don't the RFC's specify + that? + +A: Update: from version 2.10, it does. There are a few limitations: + data obtained via TCP is not cached, and source-address + or query-port specifications are ignored for TCP. + +Q: When I send SIGUSR1 to dump the contents of the cache, some entries have + no IP address and are for names like mymachine.mydomain.com.mydomain.com. + What are these? + +A: They are negative entries: that's what the N flag means. Dnsmasq asked + an upstream nameserver to resolve that address and it replied "doesn't + exist, and won't exist for hours" so dnsmasq saved that information so + that if _it_ gets asked the same question it can answer directly without + having to go back to the upstream server again. The strange repeated domains + result from the way resolvers search short names. See "man resolv.conf" for + details. + + +Q: Will dnsmasq compile/run on non-Linux systems? + +A: Yes, there is explicit support for *BSD and MacOS X and Solaris. + There are start-up scripts for MacOS X Tiger and Panther + in /contrib. Dnsmasq will link with uclibc to provide small + binaries suitable for use in embedded systems such as + routers. (There's special code to support machines with flash + filesystems and no battery-backed RTC.) + If you encounter make errors with *BSD, try installing gmake from + ports and building dnsmasq with "make MAKE=gmake" + For other systems, try altering the settings in config.h. + +Q: My company's nameserver knows about some names which aren't in the + public DNS. Even though I put it first in /etc/resolv.conf, it + dosen't work: dnsmasq seems not to use the nameservers in the order + given. What am I doing wrong? + +A: By default, dnsmasq treats all the nameservers it knows about as + equal: it picks the one to use using an algorithm designed to avoid + nameservers which aren't responding. To make dnsmasq use the + servers in order, give it the -o flag. If you want some queries + sent to a special server, think about using the -S flag to give the + IP address of that server, and telling dnsmasq exactly which + domains to use the server for. + +Q: OK, I've got queries to a private nameserver working, now how about + reverse queries for a range of IP addresses? + +A: Use the standard DNS convention of .in-addr.arpa. + For instance to send reverse queries on the range 192.168.0.0 to + 192.168.0.255 to a nameserver at 10.0.0.1 do + server=/0.168.192.in-addr.arpa/10.0.0.1 + Note that the "bogus-priv" option take priority over this option, + so the above will not work when the bogus-priv option is set. + +Q: Dnsmasq fails to start with an error like this: "dnsmasq: bind + failed: Cannot assign requested address". What's the problem? + +A: This has been seen when a system is bringing up a PPP interface at + boot time: by the time dnsmasq start the interface has been + created, but not brought up and assigned an address. The easiest + solution is to use --interface flags to specify which interfaces + dnsmasq should listen on. Since you are unlikely to want dnsmasq to + listen on a PPP interface and offer DNS service to the world, the + problem is solved. + +Q: I'm running on BSD and dnsmasq won't accept long options on the + command line. + +A: Dnsmasq when built on some BSD systems doesn't use GNU getopt by + default. You can either just use the single-letter options or + change config.h and the Makefile to use getopt-long. Note that + options in /etc/dnsmasq.conf must always be the long form, + on all platforms. + +Q: Names on the internet are working fine, but looking up local names + from /etc/hosts or DHCP doesn't seem to work. + +A: Resolver code sometime does strange things when given names without + any dots in. Win2k and WinXP may not use the DNS at all and just + try and look up the name using WINS. On unix look at "options ndots:" + in "man resolv.conf" for details on this topic. Testing lookups + using "nslookup" or "dig" will work, but then attempting to run + "ping" will get a lookup failure, appending a dot to the end of the + hostname will fix things. (ie "ping myhost" fails, but "ping + myhost." works. The solution is to make sure that all your hosts + have a domain set ("domain" in resolv.conf, or set a domain in + your DHCP server, see below fr Windows XP and Mac OS X). + Any domain will do, but "localnet" is traditional. Now when you + resolve "myhost" the resolver will attempt to look up + "myhost.localnet" so you need to have dnsmasq reply to that name. + The way to do that is to include the domain in each name on + /etc/hosts and/or to use the --expand-hosts and --domain options. + +Q: How do I set the DNS domain in Windows XP or MacOS X (ref: previous + question)? + +A: for XP, Control Panel > Network Connections > { Connection to gateway / + DNS } > Properties > { Highlight TCP/IP } > Properties > Advanced > + DNS Tab > DNS suffix for this connection: + +A: for OS X, System Preferences > Network > {Connection to gateway / DNS } > + Search domains: + +Q: Can I get dnsmasq to save the contents of its cache to disk when + I shut my machine down and re-load when it starts again? + +A: No, that facility is not provided. Very few names in the DNS have + their time-to-live set for longer than a few hours so most of the + cache entries would have expired after a shutdown. For longer-lived + names it's much cheaper to just reload them from the upstream + server. Note that dnsmasq is not shut down between PPP sessions so + go off-line and then on-line again will not lose the contents of + the cache. + +Q: Who are Verisign, what do they have to do with the bogus-nxdomain + option in dnsmasq and why should I wory about it? + +A: [note: this was written in September 2003, things may well change.] + Versign run the .com and .net top-level-domains. They have just + changed the configuration of their servers so that unknown .com and + .net domains, instead of returning an error code NXDOMAIN, (no such + domain) return the address of a host at Versign which runs a web + server showing a search page. Most right-thinking people regard + this new behaviour as broken :-). You can test to see if you are + suffering Versign brokeness by run a command like + + host jlsdajkdalld.com + + If you get "jlsdajkdalld.com" does not exist, then all is fine, if + host returns an IP address, then the DNS is broken. (Try a few + different unlikely domains, just in case you picked a wierd one + which really _is_ registered.) + + Assuming that your DNS is broken, and you want to fix it, simply + note the IP address being returned and pass it to dnsmasq using the + --bogus-nxdomain flag. Dnsmasq will check for results returning + that address and substitute an NXDOMAIN instead. + + As of writing, the IP address in question for the .com and .net + domains is is 64.94.110.11. Various other, less prominent, + registries pull the same stunt; there is a list of them all, and + the addresses to block, at http://winware.org/bogus-domains.txt + +Q: This new DHCP server is well and good, but it doesn't work for me. + What's the problem? + +A: There are a couple of configuration gotchas which have been + encountered by people moving from the ISC dhcpd to the dnsmasq + integrated DHCP daemon. Both are related to differences in + in the way the two daemons bypass the IP stack to do "ground up" + IP configuration and can lead to the dnsmasq daemon failing + whilst the ISC one works. + + The first thing to check is the broadcast address set for the + ethernet interface. This is normally the adddress on the connected + network with all ones in the host part. For instance if the + address of the ethernet interface is 192.168.55.7 and the netmask + is 255.255.255.0 then the broadcast address should be + 192.168.55.255. Having a broadcast address which is not on the + network to which the interface is connected kills things stone + dead. + + The second potential problem relates to firewall rules: since the ISC + daemon in some configurations bypasses the kernel firewall rules + entirely, the ability to run the ISC daemon does not indicate + that the current configuration is OK for the dnsmasq daemon. + For the dnsmasq daemon to operate it's vital that UDP packets to + and from ports 67 and 68 and broadcast packets with source + address 0.0.0.0 and destination address 255.255.255.255 are not + dropped by iptables/ipchains. + +Q: I'm running Debian, and my machines get an address fine with DHCP, + but their names are not appearing in the DNS. + +A: By default, none of the DHCP clients send the host-name when asking + for a lease. For most of the clients, you can set the host-name to + send with the "hostname" keyword in /etc/network/interfaces. (See + "man interfaces" for details.) That doesn't work for dhclient, were + you have to add something like "send host-name daisy" to + /etc/dhclient.conf [Update: the lastest dhcpcd packages _do_ send + the hostname by default. + +Q: I'm network booting my machines, and trying to give them static + DHCP-assigned addresses. The machine gets its correct address + whilst booting, but then the OS starts and it seems to get + allocated a different address. + +A: What is happening is this: The boot process sends a DHCP + request and gets allocated the static address corresponding to its + MAC address. The boot loader does not send a client-id. Then the OS + starts and repeats the DHCP process, but it it does send a + client-id. Dnsmasq cannot assume that the two requests are from the + same machine (since the client ID's don't match) and even though + the MAC address has a static allocation, that address is still in + use by the first incarnation of the machine (the one from the boot, + without a client ID.) dnsmasq therefore has to give the machine a + dynamic address from its pool. There are three ways to solve this: + (1) persuade your DHCP client not to send a client ID, or (2) set up + the static assignment to the client ID, not the MAC address. The + default client-id will be 01:, so change the dhcp-host + line from "dhcp-host=11:22:33:44:55:66,1.2.3.4" to + "dhcp-host=id:01:11:22:33:44:55:66,1.2.3.4" or (3) tell dnsmasq to + ignore client IDs for a particular MAC address, like this: + dhcp-host=11:22:33:44:55:66,id:* + +Q: What network types are supported by the DHCP server? + +A: Ethernet (and 802.11 wireless) are supported on all platforms. On + Linux all network types (including FireWire) are supported. + +Q: What is this strange "bind-interface" option? + +A: The DNS spec says that the reply to a DNS query must come from the + same address it was sent to. The traditional way to write an UDP + server to do this is to find all of the addresses belonging to the + machine (ie all the interfaces on the machine) and then create a + socket for each interface which is bound to the address of the + interface. Then when a packet is sent to address A, it is received + on the socket bound to address A and when the reply is also sent + via that socket, the source address is set to A by the kernel and + everything works. This is the how dnsmasq works when + "bind-interfaces" is set, with the obvious extension that is misses + out creating sockets for some interfaces depending on the + --interface, --address and --except-interface flags. The + disadvantage of this approach is that it breaks if interfaces don't + exist or are not configured when the daemon starts and does the + socket creation step. In a hotplug-aware world this is a real + problem. + + The alternative approach is to have only one socket, which is bound + to the correct port and the wildcard IP address (0.0.0.0). That + socket will receive _all_ packets sent to port 53, no matter what + destination address they have. This solves the problem of + interfaces which are created or reconfigured after daemon + start-up. To make this work is more complicated because of the + "reply source address" problem. When a UDP packet is sent by a + socket bound to 0.0.0.0 its source address will be set to the + address of one of the machine's interfaces, but which one is not + determined and can vary depending on the OS being run. To get round + this it is neccessary to use a scary advanced API to determine the + address to which a query was sent, and force that to be the source + address in the reply. For IPv4 this stuff in non-portable and quite + often not even available (It's different between FreeBSD 5.x and + Linux, for instance, and FreeBSD 4.x, Linux 2.0.x and OpenBSD don't + have it at all.) Hence "bind-interfaces" has to always be available + as a fall back. For IPv6 the API is standard and universally + available. + + It could be argued that if the --interface or --address flags are + used then binding interfaces is more appropriate, but using + wildcard binding means that dnsmasq will quite happily start up + after being told to use interfaces which don't exist, but which are + created later. Wildcard binding breaks the scenario when dnsmasq is + listening on one interface and another server (most probably BIND) + is listening on another. It's not possible for BIND to bind to an + (address,port) pair when dnsmasq has bound (wildcard,port), hence + the ability to explicitly turn off wildcard binding. + +Q: Why doesn't Kerberos work/why can't I get sensible answers to + queries for SRV records. + +A: Probably because you have the "filterwin2k" option set. Note that + it was on by default in example configuration files included in + versions before 2.12, so you might have it set on without + realising. + +Q: Can I get email notification when a new version of dnsmasq is + released? + +A: Yes, new releases of dnsmasq are always announced through + freshmeat.net, and they allow you to subcribe to email alerts when + new versions of particular projects are released. New releases are + also announced in the dnsmasq-discuss mailing list, subscribe at + http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss + +Q: What does the dhcp-authoritative option do? + +A: See http://www.isc.org/index.pl?/sw/dhcp/authoritative.php - that's + for the ISC daemon, but the same applies to dnsmasq. + +Q: Why does my Gentoo box pause for a minute before getting a new + lease? + +A: Because when a Gentoo box shuts down, it releases its lease with + the server but remembers it on the client; this seems to be a + Gentoo-specific patch to dhcpcd. On restart it tries to renew + a lease which is long gone, as far as dnsmasq is concerned, and + dnsmasq ignores it until is times out and restarts the process. + To fix this, set the dhcp-authoritative flag in dnsmasq. + +Q: My laptop has two network interfaces, a wired one and a wireless + one. I never use both interfaces at the same time, and I'd like the + same IP and configuration to be used irrespective of which + interface is in use. How can I do that? + +A: By default, the identity of a machine is determined by using the + MAC address, which is associated with interface hardware. Once an + IP is bound to the MAC address of one interface, it cannot be + associated with another MAC address until after the DHCP lease + expires. The solution to this is to use a client-id as the machine + identity rather than the MAC address. If you arrange for the same + client-id to sent when either interface is in use, the DHCP server + will recognise the same machine, and use the same address. The + method for setting the client-id varies with DHCP client software, + dhcpcd uses the "-I" flag. Windows uses a registry setting, + see http://www.jsiinc.com/SUBF/TIP2800/rh2845.htm +Addendum: + From version 2.46, dnsmasq has a solution to this which doesn't + involve setting client-IDs. It's possible to put more than one MAC + address in a --dhcp-host configuration. This tells dnsmasq that it + should use the specified IP for any of the specified MAC addresses, + and furthermore it gives dnsmasq permission to sumarily abandon a + lease to one of the MAC addresses if another one comes along. Note + that this will work fine only as longer as only one interface is + up at any time. There is no way for dnsmasq to enforce this + constraint: if you configure multiple MAC addresses and violate + this rule, bad things will happen. + +Q: Can dnsmasq do DHCP on IP-alias interfaces? + +A: Yes, from version-2.21. The support is only available running under + Linux, on a kernel which provides the RT-netlink facility. All 2.4 + and 2.6 kernels provide RT-netlink and it's an option in 2.2 + kernels. + + If a physical interface has more than one IP address or aliases + with extra IP addresses, then any dhcp-ranges corresponding to + these addresses can be used for address allocation. So if an + interface has addresses 192.168.1.0/24 and 192.68.2.0/24 and there + are DHCP ranges 192.168.1.100-192.168.1.200 and + 192.168.2.100-192.168.2.200 then both ranges would be used for host + connected to the physical interface. A more typical use might be to + have one of the address-ranges as static-only, and have known + hosts allocated addresses on that subnet using dhcp-host options, + while anonymous hosts go on the other. + + +Q: Dnsmasq sometimes logs "nameserver xxx.xxx.xxx.xxx refused + to do a recursive query" and DNS stops working. What's going on? + +A: Probably the nameserver is an authoritative nameserver for a + particular domain, but is not configured to answer general DNS + queries for an arbitrary domain. It is not suitable for use by + dnsmasq as an upstream server and should be removed from the + configuration. Note that if you have more than one upstream + nameserver configured dnsmasq will load-balance across them and + it may be some time before dnsmasq gets around to using a + particular nameserver. This means that a particular configuration + may work for sometime with a broken upstream nameserver + configuration. + + +Q: Does the dnsmasq DHCP server probe addresses before allocating + them, as recommended in RFC2131? + +A: Yes, dynmaically allocated IP addresses are checked by sending an + ICMP echo request (ping). If a reply is received, then dnsmasq + assumes that the address is in use, and attempts to allocate an + different address. The wait for a reply is between two and three + seconds. Because the DHCP server is not re-entrant, it cannot serve + other DHCP requests during this time. To avoid dropping requests, + the address probe may be skipped when dnsmasq is under heavy load. + + +Q: I'm using dnsmasq on a machine with the Firestarter firewall, and + DHCP doesn't work. What's the problem? + +A: This a variant on the iptables problem. Explicit details on how to + proceed can be found at + http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2005q3/000431.html + + +Q: I'm using dnsmasq on a machine with the shorewall firewall, and + DHCP doesn't work. What's the problem? + +A: This a variant on the iptables problem. Explicit details on how to + proceed can be found at + http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2007q4/001764.html + + +Q: Dnsmasq fails to start up with a message about capabilities. + Why did that happen and what can do to fix it? + +A: Change your kernel configuration: either deselect CONFIG_SECURITY + _or_ select CONFIG_SECURITY_CAPABILITIES. Alternatively, you can + remove the need to set capabilities by running dnsmasq as root. + +Q: Where can I get .rpms Suitable for Suse? + +A: Dnsmasq is in Suse itself, and the latest releases are also + available at ftp://ftp.suse.com/pub/people/ug/ + + +Q: Can I run dnsmasq in a Linux vserver? + +A: Yes, as a DNS server, dnsmasq will just work in a vserver. + To use dnsmasq's DHCP function you need to give the vserver + extra system capabilities. Please note that doing so will lesser + the overall security of your system. The capabilities + required are NET_ADMIN and NET_RAW. NET_ADMIN is essential, NET_RAW + is required to do an ICMP "ping" check on newly allocated + addresses. If you don't need this check, you can disable it with + --no-ping and omit the NET_RAW capability. + Adding the capabilities is done by adding them, one per line, to + either /etc/vservers//ccapabilities for a 2.4 kernel or + /etc/vservers//bcapabilities for a 2.6 kernel (please + refer to the vserver documentation for more information). + + +Q: What's the problem with syslog and dnsmasq? + +A: In almost all cases: none. If you have the normal arrangement with + local daemons logging to a local syslog, which then writes to disk, + then there's never a problem. If you use network logging, then + there's a potential problem with deadlock: the syslog daemon will + do DNS lookups so that it can log the source of log messages, + these lookups will (depending on exact configuration) go through + dnsmasq, which also sends log messages. With bad timing, you can + arrive at a situation where syslog is waiting for dnsmasq, and + dnsmasq is waiting for syslog; they will both wait forever. This + problem is fixed from dnsmasq-2.39, which introduces asynchronous + logging: dnsmasq no longer waits for syslog and the deadlock is + broken. There is a remaining problem in 2.39, where "log-queries" + is in use. In this case most DNS queries generate two log lines, if + these go to a syslog which is doing a DNS lookup for each log line, + then those queries will in turn generate two more log lines, and a + chain reaction runaway will occur. To avoid this, use syslog-ng + and turn on syslog-ng's dns-cache function. + + + + + + + + + + + + + + + diff --git a/Makefile b/Makefile new file mode 100755 index 0000000..3d07c24 --- /dev/null +++ b/Makefile @@ -0,0 +1,78 @@ +# dnsmasq is Copyright (c) 2000-2009 Simon Kelley +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 dated June, 1991, or +# (at your option) version 3 dated 29 June, 2007. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +PREFIX = /usr/local +BINDIR = ${PREFIX}/sbin +MANDIR = ${PREFIX}/share/man +LOCALEDIR = ${PREFIX}/share/locale + +SRC = src +PO = po +MAN = man + +PKG_CONFIG = pkg-config +INSTALL = install +MSGMERGE = msgmerge +MSGFMT = msgfmt +XGETTEXT = xgettext + +################################################################# + +DNSMASQ_CFLAGS=`echo $(COPTS) | ../bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1` +DNSMASQ_LIBS= `echo $(COPTS) | ../bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` +SUNOS_LIBS= `if uname | grep SunOS 2>&1 >/dev/null; then echo -lsocket -lnsl -lposix4; fi` + +all : dnsmasq + +dnsmasq : + @cd $(SRC) && $(MAKE) \ + DNSMASQ_CFLAGS="$(DNSMASQ_CFLAGS)" \ + DNSMASQ_LIBS="$(DNSMASQ_LIBS) $(SUNOS_LIBS)" \ + -f ../bld/Makefile dnsmasq + +clean : + rm -f *~ $(SRC)/*.mo contrib/*/*~ */*~ $(SRC)/*.pot + rm -f $(SRC)/*.o $(SRC)/dnsmasq.a $(SRC)/dnsmasq core */core + +install : all install-common + +install-common : + $(INSTALL) -d $(DESTDIR)$(BINDIR) -d $(DESTDIR)$(MANDIR)/man8 + $(INSTALL) -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 + $(INSTALL) -m 755 $(SRC)/dnsmasq $(DESTDIR)$(BINDIR) + +all-i18n : + @cd $(SRC) && $(MAKE) \ + I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' \ + DNSMASQ_CFLAGS="$(DNSMASQ_CFLAGS) `$(PKG_CONFIG) --cflags libidn`" \ + DNSMASQ_LIBS="$(DNSMASQ_LIBS) $(SUNOS_LIBS) `$(PKG_CONFIG) --libs libidn`" \ + -f ../bld/Makefile dnsmasq + @cd $(PO); for f in *.po; do \ + cd ../$(SRC) && $(MAKE) \ + MSGMERGE=$(MSGMERGE) MSGFMT=$(MSGFMT) XGETTEXT=$(XGETTEXT) \ + -f ../bld/Makefile $${f%.po}.mo; \ + done + +install-i18n : all-i18n install-common + cd $(SRC); ../bld/install-mo $(DESTDIR)$(LOCALEDIR) $(INSTALL) + cd $(MAN); ../bld/install-man $(DESTDIR)$(MANDIR) $(INSTALL) + +merge : + @cd $(SRC) && $(MAKE) XGETTEXT=$(XGETTEXT) -f ../bld/Makefile dnsmasq.pot + @cd $(PO); for f in *.po; do \ + echo -n msgmerge $$f && $(MSGMERGE) --no-wrap -U $$f ../$(SRC)/dnsmasq.pot; \ + done + + diff --git a/bld/Makefile b/bld/Makefile new file mode 100755 index 0000000..53dab34 --- /dev/null +++ b/bld/Makefile @@ -0,0 +1,17 @@ +CFLAGS = -Wall -W -O2 + +OBJS = cache.o rfc1035.o util.o option.o forward.o network.o \ + dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \ + helper.o tftp.o log.o + +.c.o: + $(CC) $(CFLAGS) $(COPTS) $(I18N) $(DNSMASQ_CFLAGS) $(RPM_OPT_FLAGS) -c $< + +dnsmasq : $(OBJS) + $(CC) $(LDFLAGS) -o $@ $(OBJS) $(DNSMASQ_LIBS) $(LIBS) + +dnsmasq.pot : $(OBJS:.o=.c) dnsmasq.h config.h + $(XGETTEXT) -d dnsmasq --foreign-user --omit-header --keyword=_ -o $@ -i $(OBJS:.o=.c) + +%.mo : ../po/%.po dnsmasq.pot + $(MSGMERGE) -o - ../po/$*.po dnsmasq.pot | $(MSGFMT) -o $*.mo - diff --git a/bld/install-man b/bld/install-man new file mode 100755 index 0000000..f4cf3dc --- /dev/null +++ b/bld/install-man @@ -0,0 +1,9 @@ +#!/bin/sh + +for f in *; do + if [ -d $f ]; then + $2 -m 755 -d $1/$f/man8 + $2 -m 644 $f/dnsmasq.8 $1/$f/man8 + echo installing $1/$f/man8/dnsmasq.8 + fi +done diff --git a/bld/install-mo b/bld/install-mo new file mode 100755 index 0000000..d11fa9f --- /dev/null +++ b/bld/install-mo @@ -0,0 +1,9 @@ +#!/bin/sh + +for f in *.mo; do + $2 -m 755 -d $1/${f%.mo}/LC_MESSAGES + $2 -m 644 $f $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo + echo installing $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo +done + + diff --git a/bld/pkg-wrapper b/bld/pkg-wrapper new file mode 100755 index 0000000..4f3b76b --- /dev/null +++ b/bld/pkg-wrapper @@ -0,0 +1,11 @@ +#!/bin/sh + +search=$1 +shift + +if grep "^\#.*define.*$search" config.h 2>&1 >/dev/null || \ + grep $search 2>&1 >/dev/null ; then + exec $* +fi + + diff --git a/contrib/Solaris10/README b/contrib/Solaris10/README new file mode 100755 index 0000000..a035875 --- /dev/null +++ b/contrib/Solaris10/README @@ -0,0 +1,28 @@ +From: David Connelly +Date: Mon, Apr 7, 2008 at 3:31 AM +Subject: Solaris 10 service manifest +To: dnsmasq-discuss@lists.thekelleys.org.uk + + +I've found dnsmasq much easier to set up on my home server running Solaris +10 than the stock dhcp/dns server, which is probably overkill anyway for my +simple home network needs. Since Solaris now uses SMF (Service Management +Facility) to manage services I thought I'd create a simple service manifest +for the dnsmasq service. The manifest currently assumes that dnsmasq has +been installed in '/usr/local/sbin/dnsmasq' and the configuration file in +'/usr/local/etc/dnsmasq.conf', so you may have to adjust these paths for +your local installation. Here are the steps I followed to install and enable +the dnsmasq service: + # svccfg import dnsmasq.xml + # svcadm enable dnsmasq + +To confirm that the service is enabled and online: + + # svcs -l dnsmasq + +I've just started learning about SMF so if anyone has any +corrections/feedback they are more than welcome. + +Thanks, +David + diff --git a/contrib/Solaris10/dnsmasq.xml b/contrib/Solaris10/dnsmasq.xml new file mode 100755 index 0000000..7da0253 --- /dev/null +++ b/contrib/Solaris10/dnsmasq.xml @@ -0,0 +1,65 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/contrib/Suse/README b/contrib/Suse/README new file mode 100755 index 0000000..3fdc186 --- /dev/null +++ b/contrib/Suse/README @@ -0,0 +1,6 @@ +This packaging is now unmaintained in the dnsmasq source: dnsmasq is +included in Suse proper, and up-to-date packages are now available +from + +ftp://ftp.suse.com/pub/people/ug/ + diff --git a/contrib/Suse/README.susefirewall b/contrib/Suse/README.susefirewall new file mode 100755 index 0000000..2f19ca6 --- /dev/null +++ b/contrib/Suse/README.susefirewall @@ -0,0 +1,27 @@ +This is a patch against SuSEfirewall2-3.1-206 (SuSE 9.x and older) +It fixes the depancy from the dns daemon name 'named' +After appending the patch, the SuSEfirewall is again able to autodetect +the dnsmasq named service. +This is a very old bug in the SuSEfirewall script. +The SuSE people think the name of the dns server will allways 'named' + + +--- /sbin/SuSEfirewall2.orig 2004-01-23 13:30:09.000000000 +0100 ++++ /sbin/SuSEfirewall2 2004-01-23 13:31:56.000000000 +0100 +@@ -764,7 +764,7 @@ + echo 'FW_ALLOW_INCOMING_HIGHPORTS_UDP should be set to yes, if you are running a DNS server!' + + test "$FW_SERVICE_AUTODETECT" = yes -o "$FW_SERVICE_AUTODETECT" = dmz -o "$FW_SERVICE_AUTODETECT" = ext && { +- test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv named && { ++ test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv dnsmasq && { + echo -e 'Warning: detected activated named, enabling FW_SERVICE_DNS! + You still have to allow tcp/udp port 53 on internal, dmz and/or external.' + FW_SERVICE_DNS=$FW_SERVICE_AUTODETECT +@@ -878,7 +878,7 @@ + test -e /etc/resolv.conf || echo "Warning: /etc/resolv.conf not found" + # Get ports/IP bindings of NAMED/SQUID + test "$FW_SERVICE_DNS" = yes -o "$FW_SERVICE_DNS" = dmz -o "$FW_SERVICE_DNS" = ext -o "$START_NAMED" = yes && DNS_PORT=`$LSOF -i -n -P | \ +- $AWK -F: '/^named .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un` ++ $AWK -F: '/^dnsmasq .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un` + test "$FW_SERVICE_SQUID" = yes -o "$FW_SERVICE_SQUID" = dmz -o "$FW_SERVICE_SQUID" = ext -o "$START_SQUID" = yes && SQUID_PORT=`$LSOF -i -n -P | \ + $AWK -F: '/^squid .* UDP/ {print $2}'| $SORT -un` diff --git a/contrib/Suse/dnsmasq-SuSE.patch b/contrib/Suse/dnsmasq-SuSE.patch new file mode 100755 index 0000000..626245f --- /dev/null +++ b/contrib/Suse/dnsmasq-SuSE.patch @@ -0,0 +1,23 @@ +--- man/dnsmasq.8 2004-08-08 20:57:56.000000000 +0200 ++++ man/dnsmasq.8 2004-08-12 00:40:01.000000000 +0200 +@@ -69,7 +69,7 @@ + .TP + .B \-g, --group= + Specify the group which dnsmasq will run +-as. The defaults to "dip", if available, to facilitate access to ++as. The defaults to "dialout", if available, to facilitate access to + /etc/ppp/resolv.conf which is not normally world readable. + .TP + .B \-v, --version +--- src/config.h 2004-08-11 11:39:18.000000000 +0200 ++++ src/config.h 2004-08-12 00:40:01.000000000 +0200 +@@ -44,7 +44,7 @@ + #endif + #define DEFLEASE 3600 /* default lease time, 1 hour */ + #define CHUSER "nobody" +-#define CHGRP "dip" ++#define CHGRP "dialout" + #define DHCP_SERVER_PORT 67 + #define DHCP_CLIENT_PORT 68 + + diff --git a/contrib/Suse/dnsmasq-suse.spec b/contrib/Suse/dnsmasq-suse.spec new file mode 100755 index 0000000..ff8ba8f --- /dev/null +++ b/contrib/Suse/dnsmasq-suse.spec @@ -0,0 +1,111 @@ +############################################################################### +# +# General +# +############################################################################### + +Name: dnsmasq +Version: 2.33 +Release: 1 +Copyright: GPL +Group: Productivity/Networking/DNS/Servers +Vendor: Simon Kelley +Packager: Simon Kelley +URL: http://www.thekelleys.org.uk/dnsmasq +Provides: dns_daemon +Conflicts: bind bind8 bind9 +PreReq: %fillup_prereq %insserv_prereq +Autoreqprov: on +Source0: %{name}-%{version}.tar.bz2 +BuildRoot: /var/tmp/%{name}-%{version} +Summary: A lightweight caching nameserver + +%description +Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It +is designed to provide DNS and, optionally, DHCP, to a small network. It can +serve the names of local machines which are not in the global DNS. The DHCP +server integrates with the DNS server and allows machines with DHCP-allocated +addresses to appear in the DNS with names configured either in each host or +in a central configuration file. Dnsmasq supports static and dynamic DHCP +leases and BOOTP for network booting of diskless machines. + + + +############################################################################### +# +# Build +# +############################################################################### + +%prep +%setup -q +patch -p0 intr = safe_string_alloc(comma); + break; + } ++ ++ case LOPT_LOC: ++ { ++ struct loc_record *new; ++ unsigned char *p, *q; ++ ++ comma = split(arg); ++ ++ if (!canonicalise_opt(arg)) ++ { ++ option = '?'; ++ problem = _("bad LOC record"); ++ break; ++ } ++ ++ new = safe_malloc(sizeof(struct loc_record)); ++ new->next = daemon->loc; ++ daemon->loc = new; ++ new->class = C_IN; ++ if (!comma || loc_aton(comma,new->loc)!=16) ++ { ++ option = '?'; ++ problem = _("bad LOC record"); ++ break; ++ } ++ ++ if (comma) ++ *comma = 0; ++ new->name = safe_string_alloc(arg); ++ break; ++ } + + case LOPT_PTR: /* --ptr-record */ + { +diff -Nur dnsmasq-2.39-orig/src/rfc1035.c dnsmasq-2.39/src/rfc1035.c +--- dnsmasq-2.39-orig/src/rfc1035.c 2007-04-20 12:54:26.000000000 +0200 ++++ dnsmasq-2.39/src/rfc1035.c 2007-05-20 18:22:46.000000000 +0200 +@@ -1112,6 +1112,27 @@ + } + } + ++ if (qtype == T_LOC || qtype == T_ANY) ++ { ++ struct loc_record *t; ++ for(t = daemon->loc; t ; t = t->next) ++ { ++ if (t->class == qclass && hostname_isequal(name, t->name)) ++ { ++ ans = 1; ++ if (!dryrun) ++ { ++ log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, 0, NULL, 0); ++ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, ++ daemon->local_ttl, NULL, ++ T_LOC, t->class, "t", 16, t->loc)) ++ anscount++; ++ ++ } ++ } ++ } ++ } ++ + if (qclass == C_IN) + { + if (qtype == T_PTR || qtype == T_ANY) +diff -Nur dnsmasq-2.39-orig/src/rfc1876.c dnsmasq-2.39/src/rfc1876.c +--- dnsmasq-2.39-orig/src/rfc1876.c 1970-01-01 01:00:00.000000000 +0100 ++++ dnsmasq-2.39/src/rfc1876.c 2007-05-20 19:50:10.000000000 +0200 +@@ -0,0 +1,379 @@ ++/* ++ * routines to convert between on-the-wire RR format and zone file ++ * format. Does not contain conversion to/from decimal degrees; ++ * divide or multiply by 60*60*1000 for that. ++ */ ++ ++#include "dnsmasq.h" ++ ++static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000, ++ 1000000,10000000,100000000,1000000000}; ++ ++/* takes an XeY precision/size value, returns a string representation.*/ ++static const char * ++precsize_ntoa(u_int8_t prec) ++{ ++ static char retbuf[sizeof("90000000.00")]; ++ unsigned long val; ++ int mantissa, exponent; ++ ++ mantissa = (int)((prec >> 4) & 0x0f) % 10; ++ exponent = (int)((prec >> 0) & 0x0f) % 10; ++ ++ val = mantissa * poweroften[exponent]; ++ ++ (void) sprintf(retbuf,"%d.%.2d", val/100, val%100); ++ return (retbuf); ++} ++ ++/* converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer.*/ ++static u_int8_t ++precsize_aton(char **strptr) ++{ ++ unsigned int mval = 0, cmval = 0; ++ u_int8_t retval = 0; ++ register char *cp; ++ register int exponent; ++ register int mantissa; ++ ++ cp = *strptr; ++ ++ while (isdigit(*cp)) ++ mval = mval * 10 + (*cp++ - '0'); ++ ++ if (*cp == '.') { /* centimeters */ ++ cp++; ++ if (isdigit(*cp)) { ++ cmval = (*cp++ - '0') * 10; ++ if (isdigit(*cp)) { ++ cmval += (*cp++ - '0'); ++ } ++ } ++ } ++ cmval = (mval * 100) + cmval; ++ ++ for (exponent = 0; exponent < 9; exponent++) ++ if (cmval < poweroften[exponent+1]) ++ break; ++ ++ mantissa = cmval / poweroften[exponent]; ++ if (mantissa > 9) ++ mantissa = 9; ++ ++ retval = (mantissa << 4) | exponent; ++ ++ *strptr = cp; ++ ++ return (retval); ++} ++ ++/* converts ascii lat/lon to unsigned encoded 32-bit number. ++ * moves pointer. */ ++static u_int32_t ++latlon2ul(char **latlonstrptr,int *which) ++{ ++ register char *cp; ++ u_int32_t retval; ++ int deg = 0, min = 0, secs = 0, secsfrac = 0; ++ ++ cp = *latlonstrptr; ++ ++ while (isdigit(*cp)) ++ deg = deg * 10 + (*cp++ - '0'); ++ ++ while (isspace(*cp)) ++ cp++; ++ ++ if (!(isdigit(*cp))) ++ goto fndhemi; ++ ++ while (isdigit(*cp)) ++ min = min * 10 + (*cp++ - '0'); ++ while (isspace(*cp)) ++ cp++; ++ ++ if (!(isdigit(*cp))) ++ goto fndhemi; ++ ++ while (isdigit(*cp)) ++ secs = secs * 10 + (*cp++ - '0'); ++ ++ if (*cp == '.') { /* decimal seconds */ ++ cp++; ++ if (isdigit(*cp)) { ++ secsfrac = (*cp++ - '0') * 100; ++ if (isdigit(*cp)) { ++ secsfrac += (*cp++ - '0') * 10; ++ if (isdigit(*cp)) { ++ secsfrac += (*cp++ - '0'); ++ } ++ } ++ } ++ } ++ ++ while (!isspace(*cp)) /* if any trailing garbage */ ++ cp++; ++ ++ while (isspace(*cp)) ++ cp++; ++ ++ fndhemi: ++ switch (*cp) { ++ case 'N': case 'n': ++ case 'E': case 'e': ++ retval = ((unsigned)1<<31) ++ + (((((deg * 60) + min) * 60) + secs) * 1000) ++ + secsfrac; ++ break; ++ case 'S': case 's': ++ case 'W': case 'w': ++ retval = ((unsigned)1<<31) ++ - (((((deg * 60) + min) * 60) + secs) * 1000) ++ - secsfrac; ++ break; ++ default: ++ retval = 0; /* invalid value -- indicates error */ ++ break; ++ } ++ ++ switch (*cp) { ++ case 'N': case 'n': ++ case 'S': case 's': ++ *which = 1; /* latitude */ ++ break; ++ case 'E': case 'e': ++ case 'W': case 'w': ++ *which = 2; /* longitude */ ++ break; ++ default: ++ *which = 0; /* error */ ++ break; ++ } ++ ++ cp++; /* skip the hemisphere */ ++ ++ while (!isspace(*cp)) /* if any trailing garbage */ ++ cp++; ++ ++ while (isspace(*cp)) /* move to next field */ ++ cp++; ++ ++ *latlonstrptr = cp; ++ ++ return (retval); ++} ++ ++/* converts a zone file representation in a string to an RDATA ++ * on-the-wire representation. */ ++u_int32_t ++loc_aton(const char *ascii, u_char *binary) ++{ ++ const char *cp, *maxcp; ++ u_char *bcp; ++ ++ u_int32_t latit = 0, longit = 0, alt = 0; ++ u_int32_t lltemp1 = 0, lltemp2 = 0; ++ int altmeters = 0, altfrac = 0, altsign = 1; ++ u_int8_t hp = 0x16; /* default = 1e6 cm = 10000.00m = 10km */ ++ u_int8_t vp = 0x13; /* default = 1e3 cm = 10.00m */ ++ u_int8_t siz = 0x12; /* default = 1e2 cm = 1.00m */ ++ int which1 = 0, which2 = 0; ++ ++ cp = ascii; ++ maxcp = cp + strlen(ascii); ++ ++ lltemp1 = latlon2ul(&cp, &which1); ++ lltemp2 = latlon2ul(&cp, &which2); ++ ++ switch (which1 + which2) { ++ case 3: /* 1 + 2, the only valid combination */ ++ if ((which1 == 1) && (which2 == 2)) { /* normal case */ ++ latit = lltemp1; ++ longit = lltemp2; ++ } else if ((which1 == 2) && (which2 == 1)) {/*reversed*/ ++ longit = lltemp1; ++ latit = lltemp2; ++ } else { /* some kind of brokenness */ ++ return 0; ++ } ++ break; ++ default: /* we didn't get one of each */ ++ return 0; ++ } ++ ++ /* altitude */ ++ if (*cp == '-') { ++ altsign = -1; ++ cp++; ++ } ++ ++ if (*cp == '+') ++ cp++; ++ ++ while (isdigit(*cp)) ++ altmeters = altmeters * 10 + (*cp++ - '0'); ++ ++ if (*cp == '.') { /* decimal meters */ ++ cp++; ++ if (isdigit(*cp)) { ++ altfrac = (*cp++ - '0') * 10; ++ if (isdigit(*cp)) { ++ altfrac += (*cp++ - '0'); ++ } ++ } ++ } ++ ++ alt = (10000000 + (altsign * (altmeters * 100 + altfrac))); ++ ++ while (!isspace(*cp) && (cp < maxcp)) ++ /* if trailing garbage or m */ ++ cp++; ++ ++ while (isspace(*cp) && (cp < maxcp)) ++ cp++; ++ if (cp >= maxcp) ++ goto defaults; ++ ++ siz = precsize_aton(&cp); ++ ++ while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/ ++ cp++; ++ ++ while (isspace(*cp) && (cp < maxcp)) ++ cp++; ++ ++ if (cp >= maxcp) ++ goto defaults; ++ ++ hp = precsize_aton(&cp); ++ ++ while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/ ++ cp++; ++ ++ while (isspace(*cp) && (cp < maxcp)) ++ cp++; ++ ++ if (cp >= maxcp) ++ goto defaults; ++ ++ vp = precsize_aton(&cp); ++ ++ defaults: ++ ++ bcp = binary; ++ *bcp++ = (u_int8_t) 0; /* version byte */ ++ *bcp++ = siz; ++ *bcp++ = hp; ++ *bcp++ = vp; ++ PUTLONG(latit,bcp); ++ PUTLONG(longit,bcp); ++ PUTLONG(alt,bcp); ++ ++ return (16); /* size of RR in octets */ ++} ++ ++/* takes an on-the-wire LOC RR and prints it in zone file ++ * (human readable) format. */ ++char * ++loc_ntoa(const u_char *binary,char *ascii) ++{ ++ static char tmpbuf[255*3]; ++ ++ register char *cp; ++ register const u_char *rcp; ++ ++ int latdeg, latmin, latsec, latsecfrac; ++ int longdeg, longmin, longsec, longsecfrac; ++ char northsouth, eastwest; ++ int altmeters, altfrac, altsign; ++ ++ const int referencealt = 100000 * 100; ++ ++ int32_t latval, longval, altval; ++ u_int32_t templ; ++ u_int8_t sizeval, hpval, vpval, versionval; ++ ++ char *sizestr, *hpstr, *vpstr; ++ ++ rcp = binary; ++ if (ascii) ++ cp = ascii; ++ else { ++ cp = tmpbuf; ++ } ++ ++ versionval = *rcp++; ++ ++ if (versionval) { ++ sprintf(cp,"; error: unknown LOC RR version"); ++ return (cp); ++ } ++ ++ sizeval = *rcp++; ++ ++ hpval = *rcp++; ++ vpval = *rcp++; ++ ++ GETLONG(templ,rcp); ++ latval = (templ - ((unsigned)1<<31)); ++ ++ GETLONG(templ,rcp); ++ longval = (templ - ((unsigned)1<<31)); ++ ++ GETLONG(templ,rcp); ++ if (templ < referencealt) { /* below WGS 84 spheroid */ ++ altval = referencealt - templ; ++ altsign = -1; ++ } else { ++ altval = templ - referencealt; ++ altsign = 1; ++ } ++ ++ if (latval < 0) { ++ northsouth = 'S'; ++ latval = -latval; ++ } ++ else ++ northsouth = 'N'; ++ ++ latsecfrac = latval % 1000; ++ latval = latval / 1000; ++ latsec = latval % 60; ++ latval = latval / 60; ++ latmin = latval % 60; ++ latval = latval / 60; ++ latdeg = latval; ++ ++ if (longval < 0) { ++ eastwest = 'W'; ++ longval = -longval; ++ } ++ else ++ eastwest = 'E'; ++ ++ longsecfrac = longval % 1000; ++ longval = longval / 1000; ++ longsec = longval % 60; ++ longval = longval / 60; ++ longmin = longval % 60; ++ longval = longval / 60; ++ longdeg = longval; ++ ++ altfrac = altval % 100; ++ altmeters = (altval / 100) * altsign; ++ ++ sizestr = strdup(precsize_ntoa(sizeval)); ++ hpstr = strdup(precsize_ntoa(hpval)); ++ vpstr = strdup(precsize_ntoa(vpval)); ++ ++ sprintf(cp, ++ "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %d.%.2dm %sm %sm %sm", ++ latdeg, latmin, latsec, latsecfrac, northsouth, ++ longdeg, longmin, longsec, longsecfrac, eastwest, ++ altmeters, altfrac, sizestr, hpstr, vpstr); ++ free(sizestr); ++ free(hpstr); ++ free(vpstr); ++ ++ return (cp); ++} diff --git a/contrib/dnslist/dhcp.css b/contrib/dnslist/dhcp.css new file mode 100755 index 0000000..79cea39 --- /dev/null +++ b/contrib/dnslist/dhcp.css @@ -0,0 +1,57 @@ +body +{ + font-family: sans-serif; + color: #000; +} + +h1 +{ + font-size: medium; + font-weight: bold; +} + +h1 .updated +{ + color: #999; +} + +table +{ + border-collapse: collapse; + border-bottom: 2px solid #000; +} + +th +{ + background: #DDD; + border-top: 2px solid #000; + text-align: left; + font-weight: bold; +} + +/* Any row */ + +tr +{ + border-top: 2px solid #000; +} + +/* Any row but the first or second (overrides above rule) */ + +tr + tr + tr +{ + border-top: 2px solid #999; +} + +tr.offline td.hostname +{ + color: #999; +} + +.hostname { width: 10em; } +.ip_addr { width: 10em; background: #DDD; } +.ether_addr { width: 15em; } +.client_id { width: 15em; background: #DDD; } +.status { width: 5em; } +.since { width: 10em; background: #DDD; } +.lease { width: 10em; } diff --git a/contrib/dnslist/dnslist.pl b/contrib/dnslist/dnslist.pl new file mode 100755 index 0000000..7ce2720 --- /dev/null +++ b/contrib/dnslist/dnslist.pl @@ -0,0 +1,608 @@ +#!/usr/bin/perl + +# dnslist - Read state file from dnsmasq and create a nice web page to display +# a list of DHCP clients. +# +# Copyright (C) 2004 Thomas Tuttle +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTIBILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program*; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# * The license is in fact included at the end of this file, and can +# either be viewed by reading everything after "__DATA__" or by +# running dnslist with the '-l' option. +# +# Version: 0.2 +# Author: Thomas Tuttle +# Email: dnslist.20.thinkinginbinary@spamgourmet.org +# License: GNU General Public License, version 2.0 +# +# v. 0.0: Too ugly to publish, thrown out. +# +# v. 0.1: First rewrite. +# Added master host list so offline hosts can still be displayed. +# Fixed modification detection (a newer modification time is lower.) +# +# v. 0.2: Fixed Client ID = "*" => "None" +# Fixed HTML entities (a client ID of ???? +my $dnsmasq_state_file = '/var/lib/misc/dnsmasq.leases'; +# Location of template. (Assumed to be in current directory.) +# Change with -t +my $html_template_file = 'dnslist.tt2'; +# File to write HTML page to. (This is where Slackware puts WWW pages. It may +# be different on other systems. Make sure the permissions are set correctly +# for it.) +my $html_output_file = '/var/www/htdocs/dhcp.html'; +# Time to wait after each page update. (The state file is checked for changes +# before each update but is not read in each time, in case it is very big. The +# page is rewritten just so the "(updated __/__ __:__:__)" text changes ;-) +my $wait_time = 2; + +# Read command-line arguments. +while ($_ = shift @ARGV) { + if (/-s/) { $dnsmasq_state_file = shift; next; } + if (/-t/) { $html_template_file = shift; next; } + if (/-o/) { $html_output_file = shift; next; } + if (/-d/) { $wait_time = shift; next; } + if (/-l/) { show_license(); exit; } + die "usage: dnslist [-s state_file] [-t template_file] [-o output_file] [-d delay_time]\n"; +} + +# Master list of clients, offline and online. +my $list = {}; +# Sorted host list. (It's actually sorted by IP--the sub &byip() compares two +# IP addresses, octet by octet, and figures out which is higher.) +my @hosts = (); +# Last time the state file was changed. +my $last_state_change; + +# Check for a change to the state file. +sub check_state { + if (defined $last_state_change) { + if (-M $dnsmasq_state_file < $last_state_change) { + print "check_state: state file has been changed.\n"; + $last_state_change = -M $dnsmasq_state_file; + return 1; + } else { + return 0; + } + } else { + # Last change undefined, so we are running for the first time. + print "check_state: reading state file at startup.\n"; + read_state(); + $last_state_change = -M $dnsmasq_state_file; + return 1; + } +} + +# Read data in state file. +sub read_state { + my $old; + my $new; + # Open file. + unless (open STATE, $dnsmasq_state_file) { + warn "read_state: can't open $dnsmasq_state_file!\n"; + return 0; + } + # Mark all hosts as offline, saving old state. + foreach $ether (keys %{$list}) { + $list->{$ether}->{'old_online'} = $list->{$ether}->{'online'}; + $list->{$ether}->{'online'} = 0; + } + # Read hosts. + while () { + chomp; + @host{qw/raw_lease ether_addr ip_addr hostname raw_client_id/} = split /\s+/; + $ether = $host{ether_addr}; + # Mark each online host as online. + $list->{$ether}->{'online'} = 1; + # Copy data to master list. + foreach $key (keys %host) { + $list->{$ether}->{$key} = $host{$key}; + } + } + close STATE; + # Handle changes in offline/online state. (The sub &do_host() handles + # all of the extra stuff to do with a host's data once it is read. + foreach $ether (keys %{$list}) { + $old = $list->{$ether}->{'old_online'}; + $new = $list->{$ether}->{'online'}; + if (not $old) { + if (not $new) { + do_host($ether, 'offline'); + } else { + do_host($ether, 'join'); + } + } else { + if (not $new) { + do_host($ether, 'leave'); + } else { + do_host($ether, 'online'); + } + } + } + # Sort hosts by IP ;-) + @hosts = sort byip values %{$list}; + # Copy sorted list to template data store. + $data->{'hosts'} = [ @hosts ]; +} + +# Do stuff per host. +sub do_host { + my ($ether, $status) = @_; + + # Find textual representation of DHCP client ID. + if ($list->{$ether}->{'raw_client_id'} eq '*') { + $list->{$ether}->{'text_client_id'} = 'None'; + } else { + my $text = ""; + foreach $char (split /:/, $list->{$ether}->{'raw_client_id'}) { + $char = pack('H2', $char); + if (ord($char) >= 32 and ord($char) <= 127) { + $text .= $char; + } else { + $text .= "?"; + } + } + $list->{$ether}->{'text_client_id'} = $text; + } + + # Convert lease expiration date/time to text. + if ($list->{$ether}->{'raw_lease'} == 0) { + $list->{$ether}->{'text_lease'} = 'Never'; + } else { + $list->{$ether}->{'text_lease'} = nice_time($list->{$ether}->{'raw_lease'}); + } + + if ($status eq 'offline') { + # Nothing to do. + } elsif ($status eq 'online') { + # Nothing to do. + } elsif ($status eq 'join') { + # Update times for joining host. + print "do_host: $ether joined the network.\n"; + $list->{$ether}->{'join_time'} = time; + $list->{$ether}->{'since'} = nice_time(time); + } elsif ($status eq 'leave') { + # Update times for leaving host. + print "do_host: $ether left the network.\n"; + $list->{$ether}->{'leave_time'} = time; + $list->{$ether}->{'since'} = nice_time(time); + } + +} + +# Convert time to a string representation. +sub nice_time { + my $time = shift; + my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $dst) = localtime($time); + $sec = pad($sec, '0', 2); + $min = pad($min, '0', 2); + $hour = pad($hour, '0', 2); + $mon = pad($mon, '0', 2); + $mday = pad($mday, '0', 2); + return "$mon/$mday $hour:$min:$sec"; +} + +# Pad string to a certain length by repeatedly prepending another string. +sub pad { + my ($text, $pad, $length) = @_; + while (length($text) < $length) { + $text = "$pad$text"; + } + return $text; +} + +# Compare two IP addresses. (Uses $a and $b from sort.) +sub byip { + # Split into octets. + my @a = split /\./, $a->{ip_addr}; + my @b = split /\./, $b->{ip_addr}; + # Compare octets. + foreach $n (0..3) { + return $a[$n] <=> $b[$n] if ($a[$n] != $b[$n]); + } + # If we get here there is no difference. + return 0; +} + +# Output HTML file. +sub write_output { + # Create new template object. + my $template = Template->new( + { + ABSOLUTE => 1, # /var/www/... is an absolute path + OUTPUT => $html_output_file # put it here, not STDOUT + } + ); + $data->{'updated'} = nice_time(time); # add "(updated ...)" to file + unless ($template->process($html_template_file, $data)) { # do it + warn "write_output: Template Toolkit error: " . $template->error() . "\n"; + return 0; + } + print "write_output: page updated.\n"; + return 1; +} + +sub show_license { + while () { + print; + $line++; + if ($line == 24) { <>; $line = 1; } + } +} + +# Main loop. +while (1) { + # Check for state change. + if (check_state()) { + read_state(); + sleep 1; # Sleep for a second just so we don't wear anything + # out. (By not sleeping the whole time after a change + # we can detect rapid changes more easily--like if 300 + # hosts all come back online, they show up quicker.) + } else { + sleep $wait_time; # Take a nap. + } + write_output(); # Write the file anyway. +} +__DATA__ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/contrib/dnslist/dnslist.tt2 b/contrib/dnslist/dnslist.tt2 new file mode 100755 index 0000000..1998e5f --- /dev/null +++ b/contrib/dnslist/dnslist.tt2 @@ -0,0 +1,32 @@ + + + DHCP Clients + + + + +

DHCP Clients (updated [% updated %])

+ + + + + + + + + + + [% FOREACH host IN hosts %] + + + + + + + + + + [% END %] +
HostnameIP AddressEthernet AddressDHCP Client IDStatusSinceLease Expires
[% host.hostname %][% host.ip_addr %][% host.ether_addr %][% host.text_client_id %] ([% host.raw_client_id %])[% IF host.online %]Online[% ELSE %]Offline[% END %][% host.since %][% host.text_lease %]
+ + diff --git a/contrib/dnsmasq_MacOSX/DNSmasq b/contrib/dnsmasq_MacOSX/DNSmasq new file mode 100755 index 0000000..6b62118 --- /dev/null +++ b/contrib/dnsmasq_MacOSX/DNSmasq @@ -0,0 +1,22 @@ +#!/bin/sh +. /etc/rc.common + +StartService() { + if [ "${DNSMASQ:=-NO-}" = "-YES-" ] ; then + /usr/local/sbin/dnsmasq -q -n + fi +} + +StopService() { + pid=`GetPID dnsmasq` + if [ $? -eq 0 ]; then + kill $pid + fi +} + +RestartService() { + StopService "$@" + StartService "$@" +} + +RunService "$1" diff --git a/contrib/dnsmasq_MacOSX/README.rtf b/contrib/dnsmasq_MacOSX/README.rtf new file mode 100755 index 0000000..da48411 --- /dev/null +++ b/contrib/dnsmasq_MacOSX/README.rtf @@ -0,0 +1,42 @@ +{\rtf1\mac\ansicpg10000\cocoartf824\cocoasubrtf100 +{\fonttbl\f0\fswiss\fcharset77 Helvetica;\f1\fnil\fcharset77 Monaco;} +{\colortbl;\red255\green255\blue255;} +\paperw11900\paperh16840\margl1440\margr1440\vieww11120\viewh10100\viewkind0 +\pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\ql\qnatural\pardirnatural + +\f0\fs24 \cf0 1. If you've used DNSenabler, or if you're using Mac OS X Server, or if you have in any other way activated Mac OS X's built-in DHCP and/or DNS servers, disable them. This would usually involve checking that they are either set to -NO- or absent altogether in +\f1 /etc/hostconfig +\f0 . If you've never done anything to do with DNS or DHCP servers on a client version of MacOS X, you won't need to worry about this; it will already be configured for you.\ +\ +2. Add a configuration item to +\f1 /etc/hostconfig +\f0 as follows:\ +\ + +\f1 DNSMASQ=-YES- +\f0 \ +\ +3. Create a system-wide StartupItems directory for dnsmasq:\ +\ + +\f1 sudo mkdir -p /Library/StartupItems/DNSmasq\ + +\f0 \ +4. Copy the files +\f1 DNSmasq +\f0 and +\f1 StartupParameters.plist +\f0 into this directory, and make sure the former is executable:\ +\ + +\f1 sudo cp DNSmasq StartupParameters.plist /Library/StartupItems/DNSmasq\ +sudo chmod 755 /Library/StartupItems/DNSmasq/DNSmasq\ + +\f0 \ +5. Start the service:\ +\ + +\f1 sudo /Library/StartupItems/DNSmasq/DNSmasq start\ + +\f0 \cf0 \ +That should be all...} \ No newline at end of file diff --git a/contrib/dnsmasq_MacOSX/StartupParameters.plist b/contrib/dnsmasq_MacOSX/StartupParameters.plist new file mode 100755 index 0000000..454bda0 --- /dev/null +++ b/contrib/dnsmasq_MacOSX/StartupParameters.plist @@ -0,0 +1,18 @@ + + + + + Description + DNSmasq + OrderPreference + None + Provides + + DNSmasq + + Uses + + Network + + + diff --git a/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl b/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl new file mode 100755 index 0000000..3c4a1f1 --- /dev/null +++ b/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl @@ -0,0 +1,249 @@ +#!/usr/bin/perl +# dynamic-dnsmasq.pl - update dnsmasq's internal dns entries dynamically +# Copyright (C) 2004 Peter Willis +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# the purpose of this script is to be able to update dnsmasq's dns +# records from a remote dynamic dns client. +# +# basic use of this script: +# dynamic-dnsmasq.pl add testaccount 1234 testaccount.mydomain.com +# dynamic-dnsmasq.pl listen & +# +# this script tries to emulate DynDNS.org's dynamic dns service, so +# technically you should be able to use any DynDNS.org client to +# update the records here. tested and confirmed to work with ddnsu +# 1.3.1. just point the client's host to the IP of this machine, +# port 9020, and include the hostname, user and pass, and it should +# work. +# +# make sure "addn-hosts=/etc/dyndns-hosts" is in your /etc/dnsmasq.conf +# file and "nopoll" is commented out. + +use strict; +use IO::Socket; +use MIME::Base64; +use DB_File; +use Fcntl; + +my $accountdb = "accounts.db"; +my $recordfile = "/etc/dyndns-hosts"; +my $dnsmasqpidfile = "/var/run/dnsmasq.pid"; # if this doesn't exist, will look for process in /proc +my $listenaddress = "0.0.0.0"; +my $listenport = 9020; + +# no editing past this point should be necessary + +if ( @ARGV < 1 ) { + die "Usage: $0 ADD|DEL|LISTUSERS|WRITEHOSTSFILE|LISTEN\n"; +} elsif ( lc $ARGV[0] eq "add" ) { + die "Usage: $0 ADD USER PASS HOSTNAME\n" unless @ARGV == 4; + add_acct($ARGV[1], $ARGV[2], $ARGV[3]); +} elsif ( lc $ARGV[0] eq "del" ) { + die "Usage: $0 DEL USER\n" unless @ARGV == 2; + print "Are you sure you want to delete user \"$ARGV[1]\"? [N/y] "; + my $resp = ; + chomp $resp; + if ( lc substr($resp,0,1) eq "y" ) { + del_acct($ARGV[1]); + } +} elsif ( lc $ARGV[0] eq "listusers" or lc $ARGV[0] eq "writehostsfile" ) { + my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; + my $fh; + if ( lc $ARGV[0] eq "writehostsfile" ) { + open($fh, ">$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n"; + flock($fh, 2); + seek($fh, 0, 0); + truncate($fh, 0); + } + while ( my ($key, $val) = each %h ) { + my ($pass, $domain, $ip) = split("\t",$val); + if ( lc $ARGV[0] eq "listusers" ) { + print "user $key, hostname $domain, ip $ip\n"; + } else { + if ( defined $ip ) { + print $fh "$ip\t$domain\n"; + } + } + } + if ( lc $ARGV[0] eq "writehostsfile" ) { + flock($fh, 8); + close($fh); + dnsmasq_rescan_configs(); + } + undef $X; + untie %h; +} elsif ( lc $ARGV[0] eq "listen" ) { + listen_for_updates(); +} + +sub listen_for_updates { + my $sock = IO::Socket::INET->new(Listen => 5, + LocalAddr => $listenaddress, LocalPort => $listenport, + Proto => 'tcp', ReuseAddr => 1, + MultiHomed => 1) || die "Could not open listening socket: $!\n"; + $SIG{'CHLD'} = 'IGNORE'; + while ( my $client = $sock->accept() ) { + my $p = fork(); + if ( $p != 0 ) { + next; + } + $SIG{'CHLD'} = 'DEFAULT'; + my @headers; + my %cgi; + while ( <$client> ) { + s/(\r|\n)//g; + last if $_ eq ""; + push @headers, $_; + } + foreach my $header (@headers) { + if ( $header =~ /^GET \/nic\/update\?([^\s].+) HTTP\/1\.[01]$/ ) { + foreach my $element (split('&', $1)) { + $cgi{(split '=', $element)[0]} = (split '=', $element)[1]; + } + } elsif ( $header =~ /^Authorization: basic (.+)$/ ) { + unless ( defined $cgi{'hostname'} ) { + print_http_response($client, undef, "badsys"); + exit(1); + } + if ( !exists $cgi{'myip'} ) { + $cgi{'myip'} = $client->peerhost(); + } + my ($user,$pass) = split ":", MIME::Base64::decode($1); + if ( authorize($user, $pass, $cgi{'hostname'}, $cgi{'myip'}) == 0 ) { + print_http_response($client, $cgi{'myip'}, "good"); + update_dns(\%cgi); + } else { + print_http_response($client, undef, "badauth"); + exit(1); + } + last; + } + } + exit(0); + } + return(0); +} + +sub add_acct { + my ($user, $pass, $hostname) = @_; + my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; + $X->put($user, join("\t", ($pass, $hostname))); + undef $X; + untie %h; +} + +sub del_acct { + my ($user, $pass, $hostname) = @_; + my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; + $X->del($user); + undef $X; + untie %h; +} + + +sub authorize { + my $user = shift; + my $pass = shift; + my $hostname = shift; + my $ip = shift;; + my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; + my ($spass, $shost) = split("\t", $h{$user}); + if ( defined $h{$user} and ($spass eq $pass) and ($shost eq $hostname) ) { + $X->put($user, join("\t", $spass, $shost, $ip)); + undef $X; + untie %h; + return(0); + } + undef $X; + untie %h; + return(1); +} + +sub print_http_response { + my $sock = shift; + my $ip = shift; + my $response = shift; + print $sock "HTTP/1.0 200 OK\n"; + my @tmp = split /\s+/, scalar gmtime(); + print $sock "Date: $tmp[0], $tmp[2] $tmp[1] $tmp[4] $tmp[3] GMT\n"; + print $sock "Server: Peter's Fake DynDNS.org Server/1.0\n"; + print $sock "Content-Type: text/plain; charset=ISO-8859-1\n"; + print $sock "Connection: close\n"; + print $sock "Transfer-Encoding: chunked\n"; + print $sock "\n"; + #print $sock "12\n"; # this was part of the dyndns response but i'm not sure what it is + print $sock "$response", defined($ip)? " $ip" : "" . "\n"; +} + +sub update_dns { + my $hashref = shift; + my @records; + my $found = 0; + # update the addn-hosts file + open(FILE, "+<$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n"; + flock(FILE, 2); + while ( ) { + if ( /^(\d+\.\d+\.\d+\.\d+)\s+$$hashref{'hostname'}\n$/si ) { + if ( $1 ne $$hashref{'myip'} ) { + push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n"; + $found = 1; + } + } else { + push @records, $_; + } + } + unless ( $found ) { + push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n"; + } + sysseek(FILE, 0, 0); + truncate(FILE, 0); + syswrite(FILE, join("", @records)); + flock(FILE, 8); + close(FILE); + dnsmasq_rescan_configs(); + return(0); +} + +sub dnsmasq_rescan_configs { + # send the HUP signal to dnsmasq + if ( -r $dnsmasqpidfile ) { + open(PID,"<$dnsmasqpidfile") || die "Could not open PID file \"$dnsmasqpidfile\": $!\n"; + my $pid = ; + close(PID); + chomp $pid; + if ( kill(0, $pid) ) { + kill(1, $pid); + } else { + goto LOOKFORDNSMASQ; + } + } else { + LOOKFORDNSMASQ: + opendir(DIR,"/proc") || die "Couldn't opendir /proc: $!\n"; + my @dirs = grep(/^\d+$/, readdir(DIR)); + closedir(DIR); + foreach my $process (@dirs) { + if ( open(FILE,"; + close(FILE); + if ( (split(/\0/,$cmdline))[0] =~ /dnsmasq/ ) { + kill(1, $process); + } + } + } + } + return(0); +} diff --git a/contrib/lease-access/README b/contrib/lease-access/README new file mode 100755 index 0000000..fc66bdf --- /dev/null +++ b/contrib/lease-access/README @@ -0,0 +1,20 @@ +Hello, + +For some specific application I needed to deny access to a MAC address +to a lease. For this reason I modified the dhcp-script behavior and is +called with an extra parameter "access" once a dhcp request or discover +is received. In that case if the exit code of the script is zero, +dnsmasq continues normally, and if non-zero the packet is ignored. + +This was not added as a security feature but as a mean to handle +differently some addresses. It is also quite intrusive since it requires +changes in several other subsystems. + +It attach the patch in case someone is interested. + +regards, +Nikos + +nmav@gennetsa.com + + diff --git a/contrib/lease-access/lease.access.patch b/contrib/lease-access/lease.access.patch new file mode 100755 index 0000000..ad76e25 --- /dev/null +++ b/contrib/lease-access/lease.access.patch @@ -0,0 +1,578 @@ +Index: src/dnsmasq.c +=================================================================== +--- src/dnsmasq.c (revision 696) ++++ src/dnsmasq.c (revision 821) +@@ -59,7 +59,6 @@ + static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp); + static void check_dns_listeners(fd_set *set, time_t now); + static void sig_handler(int sig); +-static void async_event(int pipe, time_t now); + static void fatal_event(struct event_desc *ev); + static void poll_resolv(void); + +@@ -275,7 +274,7 @@ + piperead = pipefd[0]; + pipewrite = pipefd[1]; + /* prime the pipe to load stuff first time. */ +- send_event(pipewrite, EVENT_RELOAD, 0); ++ send_event(pipewrite, EVENT_RELOAD, 0, 0); + + err_pipe[1] = -1; + +@@ -340,7 +339,7 @@ + } + else if (getuid() == 0) + { +- send_event(err_pipe[1], EVENT_PIDFILE, errno); ++ send_event(err_pipe[1], EVENT_PIDFILE, errno, 0); + _exit(0); + } + } +@@ -372,7 +371,7 @@ + (setgroups(0, &dummy) == -1 || + setgid(gp->gr_gid) == -1)) + { +- send_event(err_pipe[1], EVENT_GROUP_ERR, errno); ++ send_event(err_pipe[1], EVENT_GROUP_ERR, errno, 0); + _exit(0); + } + +@@ -415,14 +414,14 @@ + + if (bad_capabilities != 0) + { +- send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities); ++ send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, 0); + _exit(0); + } + + /* finally drop root */ + if (setuid(ent_pw->pw_uid) == -1) + { +- send_event(err_pipe[1], EVENT_USER_ERR, errno); ++ send_event(err_pipe[1], EVENT_USER_ERR, errno, 0); + _exit(0); + } + +@@ -434,7 +433,7 @@ + /* lose the setuid and setgid capbilities */ + if (capset(hdr, data) == -1) + { +- send_event(err_pipe[1], EVENT_CAP_ERR, errno); ++ send_event(err_pipe[1], EVENT_CAP_ERR, errno, 0); + _exit(0); + } + #endif +@@ -647,7 +646,7 @@ + } + + if (FD_ISSET(piperead, &rset)) +- async_event(piperead, now); ++ async_event(piperead, now, NULL, 0); + + #ifdef HAVE_LINUX_NETWORK + if (FD_ISSET(daemon->netlinkfd, &rset)) +@@ -674,7 +673,7 @@ + #endif + + if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset)) +- dhcp_packet(now); ++ dhcp_packet(piperead, now); + + #ifndef NO_FORK + if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset)) +@@ -719,17 +718,18 @@ + else + return; + +- send_event(pipewrite, event, 0); ++ send_event(pipewrite, event, 0, 0); + errno = errsave; + } + } + +-void send_event(int fd, int event, int data) ++void send_event(int fd, int event, int data, int priv) + { + struct event_desc ev; + + ev.event = event; + ev.data = data; ++ ev.priv = priv; + + /* error pipe, debug mode. */ + if (fd == -1) +@@ -771,14 +771,17 @@ + die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE); + } + } +- +-static void async_event(int pipe, time_t now) ++ ++/* returns the private data of the event ++ */ ++int async_event(int pipe, time_t now, struct event_desc* event, unsigned int secs) + { + pid_t p; + struct event_desc ev; + int i; + +- if (read_write(pipe, (unsigned char *)&ev, sizeof(ev), 1)) ++ if (read_timeout(pipe, (unsigned char *)&ev, sizeof(ev), now, secs) > 0) ++ { + switch (ev.event) + { + case EVENT_RELOAD: +@@ -872,6 +875,14 @@ + flush_log(); + exit(EC_GOOD); + } ++ } ++ else ++ return -1; /* timeout */ ++ ++ if (event) ++ memcpy( event, &ev, sizeof(ev)); ++ ++ return 0; + } + + static void poll_resolv() +Index: src/config.h +=================================================================== +--- src/config.h (revision 696) ++++ src/config.h (revision 821) +@@ -51,6 +51,8 @@ + #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */ + #define LOG_MAX 5 /* log-queue length */ + #define RANDFILE "/dev/urandom" ++#define SCRIPT_TIMEOUT 6 ++#define LEASE_CHECK_TIMEOUT 10 + + /* DBUS interface specifics */ + #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" +Index: src/dnsmasq.h +=================================================================== +--- src/dnsmasq.h (revision 696) ++++ src/dnsmasq.h (revision 821) +@@ -116,6 +116,7 @@ + /* Async event queue */ + struct event_desc { + int event, data; ++ unsigned int priv; + }; + + #define EVENT_RELOAD 1 +@@ -390,6 +391,7 @@ + #define ACTION_OLD_HOSTNAME 2 + #define ACTION_OLD 3 + #define ACTION_ADD 4 ++#define ACTION_ACCESS 5 + + #define DHCP_CHADDR_MAX 16 + +@@ -709,6 +711,7 @@ + char *print_mac(char *buff, unsigned char *mac, int len); + void bump_maxfd(int fd, int *max); + int read_write(int fd, unsigned char *packet, int size, int rw); ++int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs); + + /* log.c */ + void die(char *message, char *arg1, int exit_code); +@@ -748,7 +751,7 @@ + + /* dhcp.c */ + void dhcp_init(void); +-void dhcp_packet(time_t now); ++void dhcp_packet(int piperead, time_t now); + + struct dhcp_context *address_available(struct dhcp_context *context, + struct in_addr addr, +@@ -792,14 +795,16 @@ + void rerun_scripts(void); + + /* rfc2131.c */ +-size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, ++size_t dhcp_reply(int pipefd, struct dhcp_context *context, char *iface_name, int int_index, + size_t sz, time_t now, int unicast_dest, int *is_inform); + + /* dnsmasq.c */ + int make_icmp_sock(void); + int icmp_ping(struct in_addr addr); +-void send_event(int fd, int event, int data); ++void send_event(int fd, int event, int data, int priv); + void clear_cache_and_reload(time_t now); ++int wait_for_child(int pipe); ++int async_event(int pipe, time_t now, struct event_desc*, unsigned int timeout); + + /* isc.c */ + #ifdef HAVE_ISC_READER +@@ -832,9 +837,9 @@ + /* helper.c */ + #ifndef NO_FORK + int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd); +-void helper_write(void); ++int helper_write(void); + void queue_script(int action, struct dhcp_lease *lease, +- char *hostname, time_t now); ++ char *hostname, time_t now, unsigned int uid); + int helper_buf_empty(void); + #endif + +Index: src/util.c +=================================================================== +--- src/util.c (revision 696) ++++ src/util.c (revision 821) +@@ -444,3 +444,38 @@ + return 1; + } + ++int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs) ++{ ++ ssize_t n, done; ++ time_t expire; ++ ++ expire = now + secs; ++ ++ for (done = 0; done < size; done += n) ++ { ++ retry: ++ if (secs > 0) alarm(secs); ++ n = read(fd, &packet[done], (size_t)(size - done)); ++ ++ if (n == 0) ++ return 0; ++ else if (n == -1) ++ { ++ if (errno == EINTR) { ++ my_syslog(LOG_INFO, _("read timed out (errno %d)"), errno); ++ return 0; ++ } ++ ++ if (retry_send() || errno == ENOMEM || errno == ENOBUFS || errno == EAGAIN) ++ { ++ if (secs == 0 || (secs > 0 && dnsmasq_time() < expire)) ++ goto retry; ++ } ++ ++ my_syslog(LOG_INFO, _("error in read (timeout %d, errno %d)"), secs, errno); ++ return 0; ++ } ++ } ++ return 1; ++} ++ +Index: src/dhcp.c +=================================================================== +--- src/dhcp.c (revision 696) ++++ src/dhcp.c (revision 821) +@@ -103,7 +103,7 @@ + daemon->dhcp_packet.iov_base = safe_malloc(daemon->dhcp_packet.iov_len); + } + +-void dhcp_packet(time_t now) ++void dhcp_packet(int piperead, time_t now) + { + struct dhcp_packet *mess; + struct dhcp_context *context; +@@ -239,7 +239,8 @@ + if (!iface_enumerate(&parm, complete_context, NULL)) + return; + lease_prune(NULL, now); /* lose any expired leases */ +- iov.iov_len = dhcp_reply(parm.current, ifr.ifr_name, iface_index, (size_t)sz, ++ ++ iov.iov_len = dhcp_reply(piperead, parm.current, ifr.ifr_name, iface_index, (size_t)sz, + now, unicast_dest, &is_inform); + lease_update_file(now); + lease_update_dns(); +Index: src/helper.c +=================================================================== +--- src/helper.c (revision 696) ++++ src/helper.c (revision 821) +@@ -45,6 +45,7 @@ + #endif + unsigned char hwaddr[DHCP_CHADDR_MAX]; + char interface[IF_NAMESIZE]; ++ unsigned int uid; + }; + + static struct script_data *buf = NULL; +@@ -60,7 +61,7 @@ + then fork our process. */ + if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1) + { +- send_event(err_fd, EVENT_PIPE_ERR, errno); ++ send_event(err_fd, EVENT_PIPE_ERR, errno, 0); + _exit(0); + } + +@@ -87,13 +88,13 @@ + { + if (daemon->options & OPT_NO_FORK) + /* send error to daemon process if no-fork */ +- send_event(event_fd, EVENT_HUSER_ERR, errno); ++ send_event(event_fd, EVENT_HUSER_ERR, errno, 0); + else + { + /* kill daemon */ +- send_event(event_fd, EVENT_DIE, 0); ++ send_event(event_fd, EVENT_DIE, 0, 0); + /* return error */ +- send_event(err_fd, EVENT_HUSER_ERR, errno);; ++ send_event(err_fd, EVENT_HUSER_ERR, errno, 0); + } + _exit(0); + } +@@ -122,6 +123,8 @@ + action_str = "del"; + else if (data.action == ACTION_ADD) + action_str = "add"; ++ else if (data.action == ACTION_ACCESS) ++ action_str = "access"; + else if (data.action == ACTION_OLD || data.action == ACTION_OLD_HOSTNAME) + action_str = "old"; + else +@@ -178,9 +181,11 @@ + { + /* On error send event back to main process for logging */ + if (WIFSIGNALED(status)) +- send_event(event_fd, EVENT_KILLED, WTERMSIG(status)); +- else if (WIFEXITED(status) && WEXITSTATUS(status) != 0) +- send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status)); ++ send_event(event_fd, EVENT_KILLED, WTERMSIG(status), data.uid); ++ else if (WIFEXITED(status)) ++ send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status), data.uid); ++ else ++ send_event(event_fd, EVENT_EXITED, -1, data.uid); + break; + } + +@@ -263,7 +268,7 @@ + err = errno; + } + /* failed, send event so the main process logs the problem */ +- send_event(event_fd, EVENT_EXEC_ERR, err); ++ send_event(event_fd, EVENT_EXEC_ERR, err, data.uid); + _exit(0); + } + } +@@ -295,7 +300,7 @@ + } + + /* pack up lease data into a buffer */ +-void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now) ++void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now, unsigned int uid) + { + unsigned char *p; + size_t size; +@@ -332,6 +337,7 @@ + buf_size = size; + } + ++ buf->uid = uid; + buf->action = action; + buf->hwaddr_len = lease->hwaddr_len; + buf->hwaddr_type = lease->hwaddr_type; +@@ -393,12 +399,15 @@ + return bytes_in_buf == 0; + } + +-void helper_write(void) ++/* returns -1 if write failed for a reason, 1 if no data exist ++ * and 0 if everything was ok. ++ */ ++int helper_write(void) + { + ssize_t rc; + + if (bytes_in_buf == 0) +- return; ++ return 1; + + if ((rc = write(daemon->helperfd, buf, bytes_in_buf)) != -1) + { +@@ -409,9 +418,11 @@ + else + { + if (errno == EAGAIN || errno == EINTR) +- return; ++ return -1; + bytes_in_buf = 0; + } ++ ++ return 0; + } + + #endif +Index: src/rfc2131.c +=================================================================== +--- src/rfc2131.c (revision 696) ++++ src/rfc2131.c (revision 821) +@@ -100,8 +100,49 @@ + int clid_len, unsigned char *clid, int *len_out); + static void match_vendor_opts(unsigned char *opt, struct dhcp_opt *dopt); + ++static int check_access_script( int piperead, struct dhcp_lease *lease, struct dhcp_packet *mess, time_t now) ++{ ++#ifndef NO_FORK ++unsigned int uid; ++struct event_desc ev; ++int ret; ++struct dhcp_lease _lease; ++ ++ if (daemon->lease_change_command == NULL) return 0; /* ok */ ++ ++ if (!lease) { /* if host has not been seen before lease is NULL */ ++ memset(&_lease, 0, sizeof(_lease)); ++ lease = &_lease; ++ lease_set_hwaddr(lease, mess->chaddr, NULL, mess->hlen, mess->htype, 0); ++ } ++ ++ uid = rand16(); ++ queue_script(ACTION_ACCESS, lease, NULL, now, uid); ++ ++ /* send all data to helper process */ ++ do ++ { ++ helper_write(); ++ } while (helper_buf_empty() == 0); ++ ++ /* wait for our event */ ++ ret = 0; ++ do ++ { ++ ret = async_event( piperead, now, &ev, SCRIPT_TIMEOUT); ++ } ++ while(ev.priv != uid && ret >= 0); ++ ++ if (ret < 0 || ev.data != 0) /* timeout or error */ ++ { ++ return -1; ++ } ++ ++#endif ++ return 0; /* ok */ ++} + +-size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, ++size_t dhcp_reply(int piperead, struct dhcp_context *context, char *iface_name, int int_index, + size_t sz, time_t now, int unicast_dest, int *is_inform) + { + unsigned char *opt, *clid = NULL; +@@ -252,7 +293,7 @@ + mac->netid.next = netid; + netid = &mac->netid; + } +- ++ + /* Determine network for this packet. Our caller will have already linked all the + contexts which match the addresses of the receiving interface but if the + machine has an address already, or came via a relay, or we have a subnet selector, +@@ -329,7 +370,7 @@ + my_syslog(LOG_INFO, _("Available DHCP range: %s -- %s"), daemon->namebuff, inet_ntoa(context_tmp->end)); + } + } +- ++ + mess->op = BOOTREPLY; + + config = find_config(daemon->dhcp_conf, context, clid, clid_len, +@@ -418,7 +459,7 @@ + else + mess->yiaddr = lease->addr; + } +- ++ + if (!message && + !lease && + (!(lease = lease_allocate(mess->yiaddr)))) +@@ -641,7 +682,14 @@ + memcpy(req_options, option_ptr(opt, 0), option_len(opt)); + req_options[option_len(opt)] = OPTION_END; + } +- ++ ++ if (mess_type == DHCPREQUEST || mess_type == DHCPDISCOVER) ++ if (check_access_script(piperead, lease, mess, now) < 0) ++ { ++ my_syslog(LOG_INFO, _("Ignoring client due to access script")); ++ return 0; ++ } ++ + switch (mess_type) + { + case DHCPDECLINE: +Index: src/log.c +=================================================================== +--- src/log.c (revision 696) ++++ src/log.c (revision 821) +@@ -73,7 +73,7 @@ + + if (!log_reopen(daemon->log_file)) + { +- send_event(errfd, EVENT_LOG_ERR, errno); ++ send_event(errfd, EVENT_LOG_ERR, errno, 0); + _exit(0); + } + +Index: src/lease.c +=================================================================== +--- src/lease.c (revision 696) ++++ src/lease.c (revision 821) +@@ -511,7 +511,7 @@ + if (lease->old_hostname) + { + #ifndef NO_FORK +- queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now); ++ queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0); + #endif + free(lease->old_hostname); + lease->old_hostname = NULL; +@@ -520,7 +520,7 @@ + else + { + #ifndef NO_FORK +- queue_script(ACTION_DEL, lease, lease->hostname, now); ++ queue_script(ACTION_DEL, lease, lease->hostname, now, 0); + #endif + old_leases = lease->next; + +@@ -540,7 +540,7 @@ + if (lease->old_hostname) + { + #ifndef NO_FORK +- queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now); ++ queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0); + #endif + free(lease->old_hostname); + lease->old_hostname = NULL; +@@ -552,7 +552,7 @@ + (lease->aux_changed && (daemon->options & OPT_LEASE_RO))) + { + #ifndef NO_FORK +- queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now); ++ queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now, 0); + #endif + lease->new = lease->changed = lease->aux_changed = 0; + +Index: man/dnsmasq.8 +=================================================================== +--- man/dnsmasq.8 (revision 696) ++++ man/dnsmasq.8 (revision 821) +@@ -724,12 +724,15 @@ + .B \-6 --dhcp-script= + Whenever a new DHCP lease is created, or an old one destroyed, the + binary specified by this option is run. The arguments to the process +-are "add", "old" or "del", the MAC ++are "add", "old", "access" or "del", the MAC + address of the host (or ""), the IP address, and the hostname, + if known. "add" means a lease has been created, "del" means it has + been destroyed, "old" is a notification of an existing lease when + dnsmasq starts or a change to MAC address or hostname of an existing + lease (also, lease length or expiry and client-id, if leasefile-ro is set). ++The "access" keyword means that a request was just received and depending ++on the script exit status request for address will be granted, if exit status ++is zero or not if it is non-zero. + The process is run as root (assuming that dnsmasq was originally run as + root) even if dnsmasq is configured to change UID to an unprivileged user. + The environment is inherited from the invoker of dnsmasq, and if the diff --git a/contrib/openvpn/README b/contrib/openvpn/README new file mode 100755 index 0000000..dd99600 --- /dev/null +++ b/contrib/openvpn/README @@ -0,0 +1,44 @@ +The patch I have attached lets me get the behavior I wish out of +dnsmasq. I also include my version of dhclient-enter-hooks as +required for the switchover from pre-dnsmasq and dhclient. + +On 8/16/05, Joseph Tate wrote: +> I'm trying to use dnsmasq on a laptop in order to facilitate openvpn +> connections. As such, the only configuration option I'm concerned +> about is a single server=3D/example.com/192.168.0.1 line. +> +> The way I currently have it set up is I modified dhclient to write its +> resolv.conf data to /etc/resolv.conf.dhclient and configured +> /etc/dnsmasq.conf to look there for its upstream dns servers. +> /etc/resolv.conf is set to nameserver 127.0.0.1 +> +> All of this works great. When I start the openvpn service, it the +> routes, and queries to the domain in the server=3D line work just fine. +> +> The only problem is that the hostname for my system doesn't get set +> correctly. With the resolv.conf data written to something other than +> /etc/resolv.conf, the ifup scripts don't have a valid dns server to do +> the ipcalc call to set the laptop's hostname. If I start dnsmasq +> before the network comes up, something gets fubar'd. I'm not sure how +> to describe it exactly, but network services are slow to load, and +> restarting networking and dnsmasq doesn't solve the problem. Perhaps +> dnsmasq is answering the dhcp request when the network starts? +> Certainly not desired behavior. +> +> Anyway, my question: is there a way to have the best of both worlds? +> DHCP requests to another server, and DNS lookups that work at all +> times? +> +> My current best idea on how to solve this problem is modifying the +> dnsmasq initscript to tweak /etc/dhclient-enter-hooks to change where +> dhclient writes resolv.conf data, and fixing up /etc/resolv.conf on +> the fly to set 127.0.0.1 to the nameserver (and somehow keep the +> search domains intact), but I'm hoping that I'm just missing some key +> piece of the puzzle and that this problem has been solved before. Any +> insights? +> +> -- +> Joseph Tate +> Personal e-mail: jtate AT dragonstrider DOT com +> Web: http://www.dragonstrider.com +> diff --git a/contrib/openvpn/dhclient-enter-hooks b/contrib/openvpn/dhclient-enter-hooks new file mode 100755 index 0000000..cb78e2a --- /dev/null +++ b/contrib/openvpn/dhclient-enter-hooks @@ -0,0 +1,30 @@ +#!/bin/bash + +function save_previous() { + if [ -e $1 -a ! -e $1.predhclient ]; then + mv $1 $1.predhclient + fi +} + +function write_resolv_conf() { + RESOLVCONF=$1 + if [ -n "$new_domain_name" ] || [ -n "$new_domain_name_servers" ]; then + save_previous $RESOLVCONF + echo '; generated by /etc/dhclient-enter-hooks' > $RESOLVCONF + if [ -n "$SEARCH" ]; then + echo search $SEARCH >> $RESOLVCONF + else + if [ -n "$new_domain_name" ]; then + echo search $new_domain_name >> $RESOLVCONF + fi + fi + chmod 644 $RESOLVCONF + for nameserver in $new_domain_name_servers; do + echo nameserver $nameserver >>$RESOLVCONF + done + fi +} + +make_resolv_conf() { + write_resolv_conf /etc/resolv.conf +} diff --git a/contrib/openvpn/dnsmasq.patch b/contrib/openvpn/dnsmasq.patch new file mode 100755 index 0000000..5c11881 --- /dev/null +++ b/contrib/openvpn/dnsmasq.patch @@ -0,0 +1,61 @@ +--- dnsmasq-2.22/rpm/dnsmasq.rh 2005-03-24 09:51:18.000000000 -0500 ++++ dnsmasq-2.22/rpm/dnsmasq.rh.new 2005-08-25 10:52:04.310568784 -0400 +@@ -2,7 +2,7 @@ + # + # Startup script for the DNS caching server + # +-# chkconfig: 2345 99 01 ++# chkconfig: 2345 07 89 + # description: This script starts your DNS caching server + # processname: dnsmasq + # pidfile: /var/run/dnsmasq.pid +@@ -10,6 +10,25 @@ + # Source function library. + . /etc/rc.d/init.d/functions + ++function setup_dhclient_enter_hooks() { ++ if [ -f /etc/dhclient-enter-hooks ]; then ++ . /etc/dhclient-enter-hooks ++ cp /etc/resolv.conf /etc/resolv.conf.dnsmasq ++ cp /etc/dhclient-enter-hooks /etc/dhclient-enter-hooks.dnsmasq ++ sed -e 's/resolv\.conf$/resolv.conf.dnsmasq/' /etc/dhclient-enter-hooks.dnsmasq > /etc/dhclient-enter-hooks ++ sed -e 's/\(nameserver[ tab]\+\)[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/\1127.0.0.1/' /etc/resolv.conf.dnsmasq > /etc/resolv.conf ++ fi ++} ++ ++function teardown_dhclient_enter_hooks() { ++ if [ -f /etc/dhclient-enter-hooks -a -f /etc/dhclient-enter-hooks.dnsmasq ]; then ++ if [ -f /etc/resolv.conf.dnsmasq ]; then ++ mv /etc/resolv.conf.dnsmasq /etc/resolv.conf ++ fi ++ mv /etc/dhclient-enter-hooks.dnsmasq /etc/dhclient-enter-hooks ++ fi ++} ++ + # Source networking configuration. + . /etc/sysconfig/network + +@@ -24,7 +43,7 @@ + MAILHOSTNAME="" + # change this line if you want dns to get its upstream servers from + # somewhere other that /etc/resolv.conf +-RESOLV_CONF="" ++RESOLV_CONF="/etc/resolv.conf.dnsmasq" + # change this if you want dnsmasq to cache any "hostname" or "client-hostname" from + # a dhcpd's lease file +@@ -54,6 +73,7 @@ + case "$1" in + start) + echo -n "Starting dnsmasq: " ++ setup_dhclient_enter_hooks + daemon $dnsmasq $OPTIONS + RETVAL=$? + echo +@@ -62,6 +82,7 @@ + stop) + if test "x`pidof dnsmasq`" != x; then + echo -n "Shutting down dnsmasq: " ++ teardown_dhclient_enter_hooks + killproc dnsmasq + fi + RETVAL=$? diff --git a/contrib/port-forward/dnsmasq-portforward b/contrib/port-forward/dnsmasq-portforward new file mode 100755 index 0000000..f9bb857 --- /dev/null +++ b/contrib/port-forward/dnsmasq-portforward @@ -0,0 +1,68 @@ +#!/bin/bash +# +# /usr/sbin/dnsmasq-portforward +# +# A script which gets run when the dnsmasq DHCP lease database changes. +# It logs to $LOGFILE, if it exists, and maintains port-forwards using +# IP-tables so that they always point to the correct host. See +# $PORTSFILE for details on configuring this. dnsmasq must be version 2.34 +# or later. +# +# To enable this script, add +# dhcp-script=/usr/sbin/dnsmasq-portforward +# to /etc/dnsmasq.conf +# +# To enable logging, touch $LOGFILE +# + +PORTSFILE=/etc/portforward +LOGFILE=/var/log/dhcp.log +IPTABLES=/sbin/iptables + +action=${1:-0} +hostname=${4} + +# log what's going on. +if [ -f ${LOGFILE} ] ; then + date +"%D %T $*" >>${LOGFILE} +fi + +# If a lease gets stripped of a name, we see that as an "old" action +# with DNSMASQ_OLD_HOSTNAME set, convert it into a "del" +if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then + action=del + hostname=${DNSMASQ_OLD_HOSTNAME} +fi + +# action init is not relevant, and will only be seen when leasefile-ro is set. +if [ ${action} = init ] ; then + exit 0 +fi + +if [ ${hostname} ]; then + ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE}) + + for port in $ports; do + verb=removed + protocol=tcp + if [ ${port:0:1} = u ] ; then + protocol=udp + port=${port/u/} + fi + src=${port/:*/} + dst=${port/*:/} +# delete first, to avoid multiple copies of rules. + ${IPTABLES} -t nat -D PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst + if [ ${action} != del ] ; then + ${IPTABLES} -t nat -A PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst + verb=added + fi + if [ -f ${LOGFILE} ] ; then + echo " DNAT $protocol $src to ${3}:$dst ${verb}." >>${LOGFILE} + fi + done +fi + +exit 0 + + diff --git a/contrib/port-forward/portforward b/contrib/port-forward/portforward new file mode 100755 index 0000000..1a97c3a --- /dev/null +++ b/contrib/port-forward/portforward @@ -0,0 +1,28 @@ +# This file is read by /usr/sbin/dnsmasq-portforward and used to set up port +# forwarding to hostnames. If the dnsmasq-determined hostname matches the +# first column of this file, then a DNAT port-forward will be set up +# to the address which has just been allocated by DHCP . The second field +# is port number(s). If there is only one, then the port-forward goes to +# the same port on the DHCP-client, if there are two seperated with a +# colon, then the second number is the port to which the connection +# is forwarded on the DHCP-client. By default, forwarding is set up +# for TCP, but it can done for UDP instead by prefixing the port to "u". +# To forward both TCP and UDP, two lines are required. +# +# eg. +# wwwserver 80 +# will set up a port forward from port 80 on this host to port 80 +# at the address allocated to wwwserver whenever wwwserver gets a DHCP lease. +# +# wwwserver 8080:80 +# will set up a port forward from port 8080 on this host to port 80 +# on the DHCP-client. +# +# dnsserver 53 +# dnsserver u53 +# will port forward port 53 UDP and TCP from this host to port 53 on dnsserver. +# +# Port forwards will recreated when dnsmasq restarts after a reboot, and +# removed when DHCP leases expire. After editing this file, send +# SIGHUP to dnsmasq to install new iptables entries in the kernel. + diff --git a/contrib/slackware-dnsmasq/dnsmasq.SlackBuild b/contrib/slackware-dnsmasq/dnsmasq.SlackBuild new file mode 100755 index 0000000..c5ba083 --- /dev/null +++ b/contrib/slackware-dnsmasq/dnsmasq.SlackBuild @@ -0,0 +1,56 @@ +#!/bin/sh +CWD=`pwd` +PKG=/tmp/package-dnsmasq + +VERSION=2.24 +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} + +if [ "$ARCH" = "i386" ]; then + SLKCFLAGS="-O2 -march=i386 -mcpu=i686" +elif [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mcpu=i686" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2" +fi + +rm -rf $PKG +mkdir -p $PKG +cd /tmp +rm -rf dnsmasq-$VERSION +tar xzvf $CWD/dnsmasq-$VERSION.tar.gz +cd dnsmasq-$VERSION +zcat $CWD/dnsmasq.leasedir.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit +chown -R root.root . +make install-i18n PREFIX=/usr DESTDIR=$PKG MANDIR=/usr/man +chmod 755 $PKG/usr/sbin/dnsmasq +chown -R root.bin $PKG/usr/sbin +gzip -9 $PKG/usr/man/man8/dnsmasq.8 +for f in $PKG/usr/share/man/*; do + if [ -f $$f/man8/dnsmasq.8 ]; then + gzip -9 $$f/man8/dnsmasq.8 ; + fi +done +gzip -9 $PKG/usr/man/*/man8/dnsmasq.8 +mkdir -p $PKG/var/state/dnsmasq +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) +mkdir $PKG/etc +cat dnsmasq.conf.example > $PKG/etc/dnsmasq.conf.new +mkdir $PKG/etc/rc.d +zcat $CWD/rc.dnsmasq.gz > $PKG/etc/rc.d/rc.dnsmasq.new +mkdir -p $PKG/usr/doc/dnsmasq-$VERSION +cp -a \ + CHANGELOG COPYING FAQ UPGRADING_to_2.0 doc.html setup.html \ + $PKG/usr/doc/dnsmasq-$VERSION +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh + +cd $PKG +makepkg -l y -c n ../dnsmasq-$VERSION-$ARCH-$BUILD.tgz + diff --git a/contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz b/contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz new file mode 100755 index 0000000..22fc32b Binary files /dev/null and b/contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz differ diff --git a/contrib/slackware-dnsmasq/doinst.sh.gz b/contrib/slackware-dnsmasq/doinst.sh.gz new file mode 100755 index 0000000..3b44227 Binary files /dev/null and b/contrib/slackware-dnsmasq/doinst.sh.gz differ diff --git a/contrib/slackware-dnsmasq/rc.dnsmasq.gz b/contrib/slackware-dnsmasq/rc.dnsmasq.gz new file mode 100755 index 0000000..a86abbb Binary files /dev/null and b/contrib/slackware-dnsmasq/rc.dnsmasq.gz differ diff --git a/contrib/slackware-dnsmasq/slack-desc b/contrib/slackware-dnsmasq/slack-desc new file mode 100755 index 0000000..0a0c577 --- /dev/null +++ b/contrib/slackware-dnsmasq/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +dnsmasq: dnsmasq (small DNS and DHCP server) +dnsmasq: +dnsmasq: Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP +dnsmasq: server. It is designed to provide DNS (and optionally DHCP) to a +dnsmasq: small network, and can serve the names of local machines which are not +dnsmasq: in the global DNS. +dnsmasq: +dnsmasq: Dnsmasq was written by Simon Kelley. +dnsmasq: +dnsmasq: +dnsmasq: diff --git a/contrib/try-all-ns/README b/contrib/try-all-ns/README new file mode 100755 index 0000000..224d554 --- /dev/null +++ b/contrib/try-all-ns/README @@ -0,0 +1,19 @@ +Date: Thu, 07 Dec 2006 00:41:43 -0500 +From: Bob Carroll +Subject: dnsmasq suggestion +To: simon@thekelleys.org.uk + + +Hello, + +I recently needed a feature in dnsmasq for a very bizarre situation. I +placed a list of name servers in a special resolve file and told dnsmasq +to use that. But I wanted it to try requests in order and treat NXDOMAIN +requests as a failed tcp connection. I wrote the feature into dnsmasq +and it seems to work. I prepared a patch in the event that others might +find it useful as well. + +Thanks and keep up the good work. + +--Bob + diff --git a/contrib/try-all-ns/README-2.47 b/contrib/try-all-ns/README-2.47 new file mode 100755 index 0000000..3ebec65 --- /dev/null +++ b/contrib/try-all-ns/README-2.47 @@ -0,0 +1,11 @@ +A remake of patch Bob Carroll had posted to dnsmasq, +now compatible with version 2.47. Hopefully he doesn't +mind (sending a copy of this mail to him too). + +Maybe the patch in question is not acceptible +as it doesn't add new switch, rather it binds itself to "strict-order". + +What it does is: if you have strict-order in the +dnsmasq config file and query a domain that would result +in NXDOMAIN, it iterates the whole given nameserver list +until the last one says NXDOMAIN. diff --git a/contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch b/contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch new file mode 100755 index 0000000..ec3f3e0 --- /dev/null +++ b/contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch @@ -0,0 +1,61 @@ +diff -Nau dnsmasq-2.35/src/dnsmasq.h dnsmasq/src/dnsmasq.h +--- dnsmasq-2.35/src/dnsmasq.h 2006-10-18 16:24:50.000000000 -0400 ++++ dnsmasq/src/dnsmasq.h 2006-11-16 22:06:31.000000000 -0500 +@@ -112,6 +112,7 @@ + #define OPT_NO_PING 2097152 + #define OPT_LEASE_RO 4194304 + #define OPT_RELOAD 8388608 ++#define OPT_TRY_ALL_NS 16777216 + + struct all_addr { + union { +diff -Nau dnsmasq-2.35/src/forward.c dnsmasq/src/forward.c +--- dnsmasq-2.35/src/forward.c 2006-10-18 16:24:50.000000000 -0400 ++++ dnsmasq/src/forward.c 2006-11-16 22:08:19.000000000 -0500 +@@ -445,6 +445,10 @@ + { + struct server *server = forward->sentto; + ++ // If strict-order and try-all-ns are set, treat NXDOMAIN as a failed request ++ if( (daemon->options & OPT_ORDER) && (daemon->options && OPT_TRY_ALL_NS) ++ && header->rcode == NXDOMAIN ) header->rcode = SERVFAIL; ++ + if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && forward->forwardall == 0) + /* for broken servers, attempt to send to another one. */ + { +diff -Nau dnsmasq-2.35/src/option.c dnsmasq/src/option.c +--- dnsmasq-2.35/src/option.c 2006-10-18 16:24:50.000000000 -0400 ++++ dnsmasq/src/option.c 2006-11-16 22:10:36.000000000 -0500 +@@ -28,7 +28,7 @@ + + /* options which don't have a one-char version */ + #define LOPT_RELOAD 256 +- ++#define LOPT_TRY_ALL_NS 257 + + #ifdef HAVE_GETOPT_LONG + static const struct option opts[] = +@@ -102,6 +102,7 @@ + {"leasefile-ro", 0, 0, '9'}, + {"dns-forward-max", 1, 0, '0'}, + {"clear-on-reload", 0, 0, LOPT_RELOAD }, ++ {"try-all-ns", 0, 0, LOPT_TRY_ALL_NS }, + { NULL, 0, 0, 0 } + }; + +@@ -134,6 +135,7 @@ + { '5', OPT_NO_PING }, + { '9', OPT_LEASE_RO }, + { LOPT_RELOAD, OPT_RELOAD }, ++ { LOPT_TRY_ALL_NS,OPT_TRY_ALL_NS }, + { 'v', 0}, + { 'w', 0}, + { 0, 0 } +@@ -208,6 +210,7 @@ + { "-9, --leasefile-ro", gettext_noop("Read leases at startup, but never write the lease file."), NULL }, + { "-0, --dns-forward-max=", gettext_noop("Maximum number of concurrent DNS queries. (defaults to %s)"), "!" }, + { " --clear-on-reload", gettext_noop("Clear DNS cache when reloading %s."), RESOLVFILE }, ++ { " --try-all-ns", gettext_noop("Try all name servers in tandem on NXDOMAIN replies (use with strict-order)."), NULL }, + { NULL, NULL, NULL } + }; + diff --git a/contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch b/contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch new file mode 100755 index 0000000..7586003 --- /dev/null +++ b/contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch @@ -0,0 +1,17 @@ +diff -ur dnsmasq-2.47/src/forward.c dnsmasq-2.47-patched/src/forward.c +--- dnsmasq-2.47/src/forward.c 2009-02-01 17:59:48.000000000 +0200 ++++ dnsmasq-2.47-patched/src/forward.c 2009-03-18 19:10:22.000000000 +0200 +@@ -488,9 +488,12 @@ + return; + + server = forward->sentto; ++ ++ if ( (header->rcode == NXDOMAIN) && ((daemon->options & OPT_ORDER) != 0) && (server->next != NULL) ) ++ header->rcode = SERVFAIL; + + if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && +- !(daemon->options & OPT_ORDER) && ++ ((daemon->options & OPT_ORDER) != 0) && + forward->forwardall == 0) + /* for broken servers, attempt to send to another one. */ + { diff --git a/contrib/webmin/README b/contrib/webmin/README new file mode 100755 index 0000000..8a8f937 --- /dev/null +++ b/contrib/webmin/README @@ -0,0 +1,54 @@ + +This is the README for the DNSmasq webmin module. + +Problems: + +1) There's only basic error checking - if you enter some bad +addresses or names, they will go straight into the config file +although we do check for things like IP addresses being of +the correct form (no letters, 4 groups of up to 3 digits +separated by dots etc). One thing that ISN'T CHECKED FOR is +that IP dotted quads are all numbers < 256. Another is that +netmasks are logical (you could enter a netmask of 255.0.255.0 +for example). Essentially, if it'll pass the config file +regex scanner (and the above examples will), it won't be +flagged as "bad" even if it is a big no-no for dnsmasq itself. + +2) Code is ugly and a kludge - I ain't a programmer! There are probably +a lot of things that could be done to tidy up the code - eg, +it probably wouldn't hurt to move some common stuff into the lib file. + +3) I've used the %text hash and written an english lang file, but +I am mono-lingual so no other language support as yet. + +4) for reasons unknown to me, the icon does not appear properly +on the servers page of webmin (at least it doesn't for me!) + +5) icons have been shamelessly stolen from the ipfilter module, +specifically the up and down arrows. + +6) if you delete an item, the config file will contain +an otherwise empty, but commented line. This means that if +you add some new stuff, then delete it, the config file +will have a number of lines at the end that are just comments. +Therefore, the config file could possibly grow quite large. + +7) NO INCLUDE FILES! +if you use an include file, it'll be flagged as an error. +OK if the include file line is commented out though. + +8) deprecated lines not supported (eg user and group) - they +may produce an error! (user and group don't, but you can't change +them) + +IOW, it works, it's just not very elegant and not very robust. + +Hope you find it useful though - I do, as I prevents me having to ever +wade through the config file and man pages again. + +If you modify it, or add a language file, and you have a spare moment, +please e-mail me - I won't be upset at all if you fix my poor coding! +(rather the opposite - I'd be pleased someone found it usefull) + +Cheers, + Neil Fisher diff --git a/contrib/webmin/dnsmasq.wbm b/contrib/webmin/dnsmasq.wbm new file mode 100755 index 0000000..7307e23 Binary files /dev/null and b/contrib/webmin/dnsmasq.wbm differ diff --git a/contrib/wrt/Makefile b/contrib/wrt/Makefile new file mode 100755 index 0000000..68e8d32 --- /dev/null +++ b/contrib/wrt/Makefile @@ -0,0 +1,6 @@ +CFLAGS?= -O2 -Wall -W + +all: dhcp_release dhcp_lease_time + +clean: + rm -f *~ *.o core dhcp_release dhcp_lease_time diff --git a/contrib/wrt/README b/contrib/wrt/README new file mode 100755 index 0000000..862046f --- /dev/null +++ b/contrib/wrt/README @@ -0,0 +1,81 @@ +This script can be used to implement persistent leases on openWRT, DD-WRT +etc. Persistent leases are good: if the lease database is lost on a +reboot, then it will eventually be restored as hosts renew their +leases. Until a host renews (which may take hours/days) it will +not exist in the DNS if dnsmasq's DDNS function is in use. + +*WRT systems remount all non-volatile fileystems read-only after boot, +so the normal leasefile will not work. They do, however have NV +storage, accessed with the nvram command: + +/usr/lib # nvram +usage: nvram [get name] [set name=value] [unset name] [show] + +The principle is that leases are kept in NV variable with data +corresponding to the line in a leasefile: + +dnsmasq_lease_192.168.1.56=3600 00:41:4a:05:80:74 192.168.1.56 * * + +By giving dnsmasq the leasefile-ro command, it no longer creates or writes a +leasefile; responsibility for maintaining the lease database transfers +to the lease change script. At startup, in leasefile-ro mode, +dnsmasq will run + +" init" + +and read whatever that command spits out, expecting it to +be in dnsmasq leasefile format. + +So the lease change script, given "init" as argv[1] will +suck existing leases out of the NVRAM and emit them from +stdout in the correct format. + +The second part of the problem is keeping the NVRAM up-to-date: this +is done by the lease-change script which dnsmasq runs when a lease is +updated. When it is called with argv[1] as "old", "add", or "del" +it updates the relevant nvram entry. + +So, dnsmasq should be run as : + +dnsmasq --leasefile-ro --dhcp-script=/path/to/lease_update.sh + +or the same flags added to /etc/dnsmasq.conf + + + +Notes: + +This needs dnsmasq-2.33 or later to work. + +This technique will work with, or without, compilation with +HAVE_BROKEN_RTC. Compiling with HAVE_BROKEN_RTC is +_highly_recommended_ for this application since is avoids problems +with the system clock being warped by NTP, and it vastly reduces the +number of writes to the NVRAM. With HAVE_BROKEN_RTC, NVRAM is updated +only when a lease is created or destroyed; without it, a write occurs +every time a lease is renewed. + +It probably makes sense to restrict the number of active DHCP leases +to an appropriate number using dhcp-lease-max. On a new DD_WRT system, +there are about 10K bytes free in the NVRAM. Each lease record is +about 100 bytes, so restricting the number of leases to 50 will limit +use to half that. (The default limit in the distributed source is 150) + +Any UI script which reads the dnsmasq leasefile will have to be +ammended, probably by changing it to read the output of +`lease_update init` instead. + + +Thanks: + +To Steve Horbachuk for checks on the script and debugging beyond the +call of duty. + + +Simon Kelley +Fri Jul 28 11:51:13 BST 2006 + + + + + diff --git a/contrib/wrt/dhcp_lease_time.c b/contrib/wrt/dhcp_lease_time.c new file mode 100755 index 0000000..2866bb5 --- /dev/null +++ b/contrib/wrt/dhcp_lease_time.c @@ -0,0 +1,214 @@ +/* Copyright (c) 2007 Simon Kelley + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. +*/ + +/* dhcp_lease_time
*/ + +/* Send a DHCPINFORM message to a dnsmasq server running on the local host + and print (to stdout) the time remaining in any lease for the given + address. The time is given as string printed to stdout. + + If an error occurs or no lease exists for the given address, + nothing is sent to stdout a message is sent to stderr and a + non-zero error code is returned. + + Requires dnsmasq 2.40 or later. +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define DHCP_CHADDR_MAX 16 +#define BOOTREQUEST 1 +#define DHCP_COOKIE 0x63825363 +#define OPTION_PAD 0 +#define OPTION_LEASE_TIME 51 +#define OPTION_OVERLOAD 52 +#define OPTION_MESSAGE_TYPE 53 +#define OPTION_END 255 +#define DHCPINFORM 8 +#define DHCP_SERVER_PORT 67 + +#define option_len(opt) ((int)(((unsigned char *)(opt))[1])) +#define option_ptr(opt) ((void *)&(((unsigned char *)(opt))[2])) + + +typedef unsigned char u8; +typedef unsigned short u16; +typedef unsigned int u32; + +struct dhcp_packet { + u8 op, htype, hlen, hops; + u32 xid; + u16 secs, flags; + struct in_addr ciaddr, yiaddr, siaddr, giaddr; + u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128]; + u32 cookie; + unsigned char options[308]; +}; + +static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize) +{ + while (*p != OPTION_END) + { + if (p >= end) + return NULL; /* malformed packet */ + else if (*p == OPTION_PAD) + p++; + else + { + int opt_len; + if (p >= end - 2) + return NULL; /* malformed packet */ + opt_len = option_len(p); + if (p >= end - (2 + opt_len)) + return NULL; /* malformed packet */ + if (*p == opt && opt_len >= minsize) + return p; + p += opt_len + 2; + } + } + + return opt == OPTION_END ? p : NULL; +} + +static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize) +{ + unsigned char *ret, *overload; + + /* skip over DHCP cookie; */ + if ((ret = option_find1(&mess->options[0], ((unsigned char *)mess) + size, opt_type, minsize))) + return ret; + + /* look for overload option. */ + if (!(overload = option_find1(&mess->options[0], ((unsigned char *)mess) + size, OPTION_OVERLOAD, 1))) + return NULL; + + /* Can we look in filename area ? */ + if ((overload[2] & 1) && + (ret = option_find1(&mess->file[0], &mess->file[128], opt_type, minsize))) + return ret; + + /* finally try sname area */ + if ((overload[2] & 2) && + (ret = option_find1(&mess->sname[0], &mess->sname[64], opt_type, minsize))) + return ret; + + return NULL; +} + +static unsigned int option_uint(unsigned char *opt, int size) +{ + /* this worries about unaligned data and byte order */ + unsigned int ret = 0; + int i; + unsigned char *p = option_ptr(opt); + + for (i = 0; i < size; i++) + ret = (ret << 8) | *p++; + + return ret; +} + +int main(int argc, char **argv) +{ + struct in_addr lease; + struct dhcp_packet packet; + unsigned char *p = packet.options; + struct sockaddr_in dest; + int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); + ssize_t rc; + + if (argc < 2) + { + fprintf(stderr, "usage: dhcp_lease_time
\n"); + exit(1); + } + + if (fd == -1) + { + perror("cannot create socket"); + exit(1); + } + + lease.s_addr = inet_addr(argv[1]); + + memset(&packet, 0, sizeof(packet)); + + packet.hlen = 0; + packet.htype = 0; + + packet.op = BOOTREQUEST; + packet.ciaddr = lease; + packet.cookie = htonl(DHCP_COOKIE); + + *(p++) = OPTION_MESSAGE_TYPE; + *(p++) = 1; + *(p++) = DHCPINFORM; + + *(p++) = OPTION_END; + + dest.sin_family = AF_INET; + dest.sin_addr.s_addr = inet_addr("127.0.0.1"); + dest.sin_port = ntohs(DHCP_SERVER_PORT); + + if (sendto(fd, &packet, sizeof(packet), 0, + (struct sockaddr *)&dest, sizeof(dest)) == -1) + { + perror("sendto failed"); + exit(1); + } + + alarm(3); /* noddy timeout. */ + + rc = recv(fd, &packet, sizeof(packet), 0); + + if (rc < (ssize_t)(sizeof(packet) - sizeof(packet.options))) + { + perror("recv failed"); + exit(1); + } + + if ((p = option_find(&packet, (size_t)rc, OPTION_LEASE_TIME, 4))) + { + unsigned int t = option_uint(p, 4); + if (t == 0xffffffff) + printf("infinite"); + else + { + unsigned int x; + if ((x = t/86400)) + printf("%dd", x); + if ((x = (t/3600)%24)) + printf("%dh", x); + if ((x = (t/60)%60)) + printf("%dm", x); + if ((x = t%60)) + printf("%ds", x); + } + return 0; + } + + return 1; /* no lease */ +} diff --git a/contrib/wrt/dhcp_release.c b/contrib/wrt/dhcp_release.c new file mode 100755 index 0000000..c66d3a0 --- /dev/null +++ b/contrib/wrt/dhcp_release.c @@ -0,0 +1,331 @@ +/* Copyright (c) 2006 Simon Kelley + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. +*/ + +/* dhcp_release
+ MUST be run as root - will fail otherwise. */ + +/* Send a DHCPRELEASE message via the specified interface + to tell the local DHCP server to delete a particular lease. + + The interface argument is the interface in which a DHCP + request _would_ be received if it was coming from the client, + rather than being faked up here. + + The address argument is a dotted-quad IP addresses and mandatory. + + The MAC address is colon separated hex, and is mandatory. It may be + prefixed by an address-type byte followed by -, eg + + 10-11:22:33:44:55:66 + + but if the address-type byte is missing it is assumed to be 1, the type + for ethernet. This encoding is the one used in dnsmasq lease files. + + The client-id is optional. If it is "*" then it treated as being missing. +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define DHCP_CHADDR_MAX 16 +#define BOOTREQUEST 1 +#define DHCP_COOKIE 0x63825363 +#define OPTION_SERVER_IDENTIFIER 54 +#define OPTION_CLIENT_ID 61 +#define OPTION_MESSAGE_TYPE 53 +#define OPTION_END 255 +#define DHCPRELEASE 7 +#define DHCP_SERVER_PORT 67 + +typedef unsigned char u8; +typedef unsigned short u16; +typedef unsigned int u32; + +struct dhcp_packet { + u8 op, htype, hlen, hops; + u32 xid; + u16 secs, flags; + struct in_addr ciaddr, yiaddr, siaddr, giaddr; + u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128]; + u32 cookie; + unsigned char options[308]; +}; + +static struct iovec iov; + +static int expand_buf(struct iovec *iov, size_t size) +{ + void *new; + + if (size <= iov->iov_len) + return 1; + + if (!(new = malloc(size))) + { + errno = ENOMEM; + return 0; + } + + if (iov->iov_base) + { + memcpy(new, iov->iov_base, iov->iov_len); + free(iov->iov_base); + } + + iov->iov_base = new; + iov->iov_len = size; + + return 1; +} + +static ssize_t netlink_recv(int fd) +{ + struct msghdr msg; + ssize_t rc; + + msg.msg_control = NULL; + msg.msg_controllen = 0; + msg.msg_name = NULL; + msg.msg_namelen = 0; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + + while (1) + { + msg.msg_flags = 0; + while ((rc = recvmsg(fd, &msg, MSG_PEEK)) == -1 && errno == EINTR); + + /* 2.2.x doesn't suport MSG_PEEK at all, returning EOPNOTSUPP, so we just grab a + big buffer and pray in that case. */ + if (rc == -1 && errno == EOPNOTSUPP) + { + if (!expand_buf(&iov, 2000)) + return -1; + break; + } + + if (rc == -1 || !(msg.msg_flags & MSG_TRUNC)) + break; + + if (!expand_buf(&iov, iov.iov_len + 100)) + return -1; + } + + /* finally, read it for real */ + while ((rc = recvmsg(fd, &msg, 0)) == -1 && errno == EINTR); + + return rc; +} + +static int parse_hex(char *in, unsigned char *out, int maxlen, int *mac_type) +{ + int i = 0; + char *r; + + if (mac_type) + *mac_type = 0; + + while (maxlen == -1 || i < maxlen) + { + for (r = in; *r != 0 && *r != ':' && *r != '-'; r++); + if (*r == 0) + maxlen = i; + + if (r != in ) + { + if (*r == '-' && i == 0 && mac_type) + { + *r = 0; + *mac_type = strtol(in, NULL, 16); + mac_type = NULL; + } + else + { + *r = 0; + out[i] = strtol(in, NULL, 16); + i++; + } + } + in = r+1; + } + return i; +} + +static int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask) +{ + return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr); +} + +static struct in_addr find_interface(struct in_addr client, int fd, int index) +{ + struct sockaddr_nl addr; + struct nlmsghdr *h; + ssize_t len; + + struct { + struct nlmsghdr nlh; + struct rtgenmsg g; + } req; + + addr.nl_family = AF_NETLINK; + addr.nl_pad = 0; + addr.nl_groups = 0; + addr.nl_pid = 0; /* address to kernel */ + + req.nlh.nlmsg_len = sizeof(req); + req.nlh.nlmsg_type = RTM_GETADDR; + req.nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST | NLM_F_ACK; + req.nlh.nlmsg_pid = 0; + req.nlh.nlmsg_seq = 1; + req.g.rtgen_family = AF_INET; + + if (sendto(fd, (void *)&req, sizeof(req), 0, + (struct sockaddr *)&addr, sizeof(addr)) == -1) + { + perror("sendto failed"); + exit(1); + } + + while (1) + { + if ((len = netlink_recv(fd)) == -1) + { + perror("netlink"); + exit(1); + } + + for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len)) + if (h->nlmsg_type == NLMSG_DONE) + exit(0); + else if (h->nlmsg_type == RTM_NEWADDR) + { + struct ifaddrmsg *ifa = NLMSG_DATA(h); + struct rtattr *rta; + unsigned int len1 = h->nlmsg_len - NLMSG_LENGTH(sizeof(*ifa)); + + if (ifa->ifa_index == index && ifa->ifa_family == AF_INET) + { + struct in_addr netmask, addr; + + netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen)); + addr.s_addr = 0; + + for (rta = IFA_RTA(ifa); RTA_OK(rta, len1); rta = RTA_NEXT(rta, len1)) + if (rta->rta_type == IFA_LOCAL) + addr = *((struct in_addr *)(rta+1)); + + if (addr.s_addr && is_same_net(addr, client, netmask)) + return addr; + } + } + } + + exit(0); +} + +int main(int argc, char **argv) +{ + struct in_addr server, lease; + int mac_type; + struct dhcp_packet packet; + unsigned char *p = packet.options; + struct sockaddr_in dest; + struct ifreq ifr; + int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); + int nl = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + struct iovec iov; + + iov.iov_len = 200; + iov.iov_base = malloc(iov.iov_len); + + if (argc < 4 || argc > 5) + { + fprintf(stderr, "usage: dhcp_release []\n"); + exit(1); + } + + if (fd == -1 || nl == -1) + { + perror("cannot create socket"); + exit(1); + } + + /* This voodoo fakes up a packet coming from the correct interface, which really matters for + a DHCP server */ + strcpy(ifr.ifr_name, argv[1]); + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1) + { + perror("cannot setup interface"); + exit(1); + } + + + lease.s_addr = inet_addr(argv[2]); + server = find_interface(lease, nl, if_nametoindex(argv[1])); + + memset(&packet, 0, sizeof(packet)); + + packet.hlen = parse_hex(argv[3], packet.chaddr, DHCP_CHADDR_MAX, &mac_type); + if (mac_type == 0) + packet.htype = ARPHRD_ETHER; + else + packet.htype = mac_type; + + packet.op = BOOTREQUEST; + packet.ciaddr = lease; + packet.cookie = htonl(DHCP_COOKIE); + + *(p++) = OPTION_MESSAGE_TYPE; + *(p++) = 1; + *(p++) = DHCPRELEASE; + + *(p++) = OPTION_SERVER_IDENTIFIER; + *(p++) = sizeof(server); + memcpy(p, &server, sizeof(server)); + p += sizeof(server); + + if (argc == 5 && strcmp(argv[4], "*") != 0) + { + unsigned int clid_len = parse_hex(argv[4], p+2, 255, NULL); + *(p++) = OPTION_CLIENT_ID; + *(p++) = clid_len; + p += clid_len; + } + + *(p++) = OPTION_END; + + dest.sin_family = AF_INET; + dest.sin_port = ntohs(DHCP_SERVER_PORT); + dest.sin_addr = server; + + if (sendto(fd, &packet, sizeof(packet), 0, + (struct sockaddr *)&dest, sizeof(dest)) == -1) + { + perror("sendto failed"); + exit(1); + } + + return 0; +} diff --git a/contrib/wrt/lease_update.sh b/contrib/wrt/lease_update.sh new file mode 100755 index 0000000..46509b3 --- /dev/null +++ b/contrib/wrt/lease_update.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +# Copyright (c) 2006 Simon Kelley +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 dated June, 1991. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + + +# if $1 is add del or old, this is a dnsmasq-called lease-change +# script, update the nvram database. if $1 is init, emit a +# dnsmasq-format lease file to stdout representing the current state of the +# database, this is called by dnsmasq at startup. + +NVRAM=/usr/sbin/nvram +PREFIX=dnsmasq_lease_ + +# Arguments. +# $1 is action (add, del, old) +# $2 is MAC +# $3 is address +# $4 is hostname (optional, may be unset) + +# env. +# DNSMASQ_LEASE_LENGTH or DNSMASQ_LEASE_EXPIRES (which depends on HAVE_BROKEN_RTC) +# DNSMASQ_CLIENT_ID (optional, may be unset) + +# File. +# length|expires MAC addr hostname|* CLID|* + +# Primary key is address. + +if [ ${1} = init ] ; then + ${NVRAM} show | sed -n -e "/^${PREFIX}.*/ s/^.*=//p" +else + if [ ${1} = del ] ; then + ${NVRAM} unset ${PREFIX}${3} + fi + + if [ ${1} = old ] || [ ${1} = add ] ; then + ${NVRAM} set ${PREFIX}${3}="${DNSMASQ_LEASE_LENGTH:-}${DNSMASQ_LEASE_EXPIRES:-} ${2} ${3} ${4:-*} ${DNSMASQ_CLIENT_ID:-*}" + fi + ${NVRAM} commit +fi + + + + + diff --git a/dbus/DBus-interface b/dbus/DBus-interface new file mode 100755 index 0000000..8d578ca --- /dev/null +++ b/dbus/DBus-interface @@ -0,0 +1,131 @@ +DBus support must be enabled at compile-time and run-time. Ensure +that src/config.h contains the line + +#define HAVE_DBUS. + +and that /etc/dnsmasq.conf contains the line + +enable-dbus + +Because dnsmasq can operate stand-alone from the DBus, and may need to provide +service before the dbus daemon is available, it will continue to run +if the DBus connection is not available at startup. The DBus will be polled +every 250ms until a connection is established. Start of polling and final +connection establishment are both logged. When dnsmasq establishes a +connection to the dbus, it sends the signal "Up". Anything controlling +the server settings in dnsmasq should re-invoke the SetServers method +(q.v.) when it sees this signal. This allows dnsmasq to be restarted +and avoids startup races with the provider of nameserver information. + + +Dnsmasq provides one service on the DBus: uk.org.thekelleys.dnsmasq +and a single object: /uk/org/thekelleys/dnsmasq + +1. METHODS +---------- + +Methods are of the form + +uk.org.thekelleys. + +Available methods are: + +GetVersion +---------- +Returns a string containing the version of dnsmasq running. + +ClearCache +---------- +Returns nothing. Clears the domain name cache and re-reads +/etc/hosts. The same as sending dnsmasq a HUP signal. + +SetServers +---------- +Returns nothing. Takes a set of arguments representing the new +upstream DNS servers to be used by dnsmasq. IPv4 addresses are +represented as a UINT32 (in network byte order) and IPv6 addresses +are represented as sixteen BYTEs (since there is no UINT128 type). +Each server address may be followed by one or more STRINGS, which are +the domains for which the preceding server should be used. + +Examples. + +UINT32: +UNIT32: + +is equivalent to + +--server= --server= + + +UINT32 +UINT32 +STRING "somedomain.com" + +is equivalent to + +--server= --server=/somedomain.com/ + +UINT32 +UINT32 +STRING "somedomain.com" +UINT32 +STRING "anotherdomain.com" +STRING "thirddomain.com" + +is equivalent to + +--server= +--server=/somedomain.com/ +--server=/anotherdomain.com/thirddomain.com/ + +Am IPv4 address of 0.0.0.0 is interpreted as "no address, local only", +so + +UINT32: <0.0.0.0> +STRING "local.domain" + +is equivalent to + +--local=/local.domain/ + + +Each call to SetServers completely replaces the set of servers +specified by via the DBus, but it leaves any servers specified via the +command line or /etc/dnsmasq.conf or /etc/resolv.conf alone. + +2. SIGNALS +---------- + +If dnsmasq's DHCP server is active, it will send signals over DBUS whenever +the DHCP lease database changes. Think of these signals as transactions on +a database with the IP address acting as the primary key. + +Signals are of the form: + +uk.org.thekelleys. + +and their parameters are: + +STRING "192.168.1.115" +STRING "01:23:45:67:89:ab" +STRING "hostname.or.fqdn" + + +Available signals are: + +DhcpLeaseAdded +--------------- + +This signal is emitted when a DHCP lease for a given IP address is created. + +DhcpLeaseDeleted +---------------- + +This signal is emitted when a DHCP lease for a given IP address is deleted. + +DhcpLeaseUpdated +---------------- + +This signal is emitted when a DHCP lease for a given IP address is updated. + diff --git a/dbus/dnsmasq.conf b/dbus/dnsmasq.conf new file mode 100755 index 0000000..82b1c76 --- /dev/null +++ b/dbus/dnsmasq.conf @@ -0,0 +1,14 @@ + + + + + + + + + + + + diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example new file mode 100755 index 0000000..ac9ef7a --- /dev/null +++ b/dnsmasq.conf.example @@ -0,0 +1,540 @@ +# Configuration file for dnsmasq. +# +# Format is one option per line, legal options are the same +# as the long options legal on the command line. See +# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. + +# The following two options make you a better netizen, since they +# tell dnsmasq to filter out queries which the public DNS cannot +# answer, and which load the servers (especially the root servers) +# uneccessarily. If you have a dial-on-demand link they also stop +# these requests from bringing up the link uneccessarily. + +# Never forward plain names (without a dot or domain part) +#domain-needed +# Never forward addresses in the non-routed address spaces. +#bogus-priv + + +# Uncomment this to filter useless windows-originated DNS requests +# which can trigger dial-on-demand links needlessly. +# Note that (amongst other things) this blocks all SRV requests, +# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. +# This option only affects forwarding, SRV records originating for +# dnsmasq (via srv-host= lines) are not suppressed by it. +#filterwin2k + +# Change this line if you want dns to get its upstream servers from +# somewhere other that /etc/resolv.conf +#resolv-file= + +# By default, dnsmasq will send queries to any of the upstream +# servers it knows about and tries to favour servers to are known +# to be up. Uncommenting this forces dnsmasq to try each query +# with each server strictly in the order they appear in +# /etc/resolv.conf +#strict-order + +# If you don't want dnsmasq to read /etc/resolv.conf or any other +# file, getting its servers from this file instead (see below), then +# uncomment this. +#no-resolv + +# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv +# files for changes and re-read them then uncomment this. +#no-poll + +# Add other name servers here, with domain specs if they are for +# non-public domains. +#server=/localnet/192.168.0.1 + +# Example of routing PTR queries to nameservers: this will send all +# address->name queries for 192.168.3/24 to nameserver 10.1.2.3 +#server=/3.168.192.in-addr.arpa/10.1.2.3 + +# Add local-only domains here, queries in these domains are answered +# from /etc/hosts or DHCP only. +#local=/localnet/ + +# Add domains which you want to force to an IP address here. +# The example below send any host in doubleclick.net to a local +# webserver. +#address=/doubleclick.net/127.0.0.1 + +# --address (and --server) work with IPv6 addresses too. +#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83 + +# You can control how dnsmasq talks to a server: this forces +# queries to 10.1.2.3 to be routed via eth1 +# --server=10.1.2.3@eth1 + +# and this sets the source (ie local) address used to talk to +# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that +# IP on the machine, obviously). +# --server=10.1.2.3@192.168.1.1#55 + +# If you want dnsmasq to change uid and gid to something other +# than the default, edit the following lines. +#user= +#group= + +# If you want dnsmasq to listen for DHCP and DNS requests only on +# specified interfaces (and the loopback) give the name of the +# interface (eg eth0) here. +# Repeat the line for more than one interface. +#interface= +# Or you can specify which interface _not_ to listen on +#except-interface= +# Or which to listen on by address (remember to include 127.0.0.1 if +# you use this.) +#listen-address= +# If you want dnsmasq to provide only DNS service on an interface, +# configure it as shown above, and then use the following line to +# disable DHCP on it. +#no-dhcp-interface= + +# On systems which support it, dnsmasq binds the wildcard address, +# even when it is listening on only some interfaces. It then discards +# requests that it shouldn't reply to. This has the advantage of +# working even when interfaces come and go and change address. If you +# want dnsmasq to really bind only the interfaces it is listening on, +# uncomment this option. About the only time you may need this is when +# running another nameserver on the same machine. +#bind-interfaces + +# If you don't want dnsmasq to read /etc/hosts, uncomment the +# following line. +#no-hosts +# or if you want it to read another file, as well as /etc/hosts, use +# this. +#addn-hosts=/etc/banner_add_hosts + +# Set this (and domain: see below) if you want to have a domain +# automatically added to simple names in a hosts-file. +#expand-hosts + +# Set the domain for dnsmasq. this is optional, but if it is set, it +# does the following things. +# 1) Allows DHCP hosts to have fully qualified domain names, as long +# as the domain part matches this setting. +# 2) Sets the "domain" DHCP option thereby potentially setting the +# domain of all systems configured by DHCP +# 3) Provides the domain part for "expand-hosts" +#domain=thekelleys.org.uk + +# Set a different domain for a particular subnet +#domain=wireless.thekelleys.org.uk,192.168.2.0/24 + +# Same idea, but range rather then subnet +#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200 + +# Uncomment this to enable the integrated DHCP server, you need +# to supply the range of addresses available for lease and optionally +# a lease time. If you have more than one network, you will need to +# repeat this for each network on which you want to supply DHCP +# service. +#dhcp-range=192.168.0.50,192.168.0.150,12h + +# This is an example of a DHCP range where the netmask is given. This +# is needed for networks we reach the dnsmasq DHCP server via a relay +# agent. If you don't know what a DHCP relay agent is, you probably +# don't need to worry about this. +#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h + +# This is an example of a DHCP range with a network-id, so that +# some DHCP options may be set only for this network. +#dhcp-range=red,192.168.0.50,192.168.0.150 + +# Supply parameters for specified hosts using DHCP. There are lots +# of valid alternatives, so we will give examples of each. Note that +# IP addresses DO NOT have to be in the range given above, they just +# need to be on the same network. The order of the parameters in these +# do not matter, it's permissble to give name,adddress and MAC in any order + +# Always allocate the host with ethernet address 11:22:33:44:55:66 +# The IP address 192.168.0.60 +#dhcp-host=11:22:33:44:55:66,192.168.0.60 + +# Always set the name of the host with hardware address +# 11:22:33:44:55:66 to be "fred" +#dhcp-host=11:22:33:44:55:66,fred + +# Always give the host with ethernet address 11:22:33:44:55:66 +# the name fred and IP address 192.168.0.60 and lease time 45 minutes +#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m + +# Give a host with ethernet address 11:22:33:44:55:66 or +# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume +# that these two ethernet interfaces will never be in use at the same +# time, and give the IP address to the second, even if it is already +# in use by the first. Useful for laptops with wired and wireless +# addresses. +#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60 + +# Give the machine which says its name is "bert" IP address +# 192.168.0.70 and an infinite lease +#dhcp-host=bert,192.168.0.70,infinite + +# Always give the host with client identifier 01:02:02:04 +# the IP address 192.168.0.60 +#dhcp-host=id:01:02:02:04,192.168.0.60 + +# Always give the host with client identifier "marjorie" +# the IP address 192.168.0.60 +#dhcp-host=id:marjorie,192.168.0.60 + +# Enable the address given for "judge" in /etc/hosts +# to be given to a machine presenting the name "judge" when +# it asks for a DHCP lease. +#dhcp-host=judge + +# Never offer DHCP service to a machine whose ethernet +# address is 11:22:33:44:55:66 +#dhcp-host=11:22:33:44:55:66,ignore + +# Ignore any client-id presented by the machine with ethernet +# address 11:22:33:44:55:66. This is useful to prevent a machine +# being treated differently when running under different OS's or +# between PXE boot and OS boot. +#dhcp-host=11:22:33:44:55:66,id:* + +# Send extra options which are tagged as "red" to +# the machine with ethernet address 11:22:33:44:55:66 +#dhcp-host=11:22:33:44:55:66,net:red + +# Send extra options which are tagged as "red" to +# any machine with ethernet address starting 11:22:33: +#dhcp-host=11:22:33:*:*:*,net:red + +# Ignore any clients which are specified in dhcp-host lines +# or /etc/ethers. Equivalent to ISC "deny unkown-clients". +# This relies on the special "known" tag which is set when +# a host is matched. +#dhcp-ignore=#known + +# Send extra options which are tagged as "red" to any machine whose +# DHCP vendorclass string includes the substring "Linux" +#dhcp-vendorclass=red,Linux + +# Send extra options which are tagged as "red" to any machine one +# of whose DHCP userclass strings includes the substring "accounts" +#dhcp-userclass=red,accounts + +# Send extra options which are tagged as "red" to any machine whose +# MAC address matches the pattern. +#dhcp-mac=red,00:60:8C:*:*:* + +# If this line is uncommented, dnsmasq will read /etc/ethers and act +# on the ethernet-address/IP pairs found there just as if they had +# been given as --dhcp-host options. Useful if you keep +# MAC-address/host mappings there for other purposes. +#read-ethers + +# Send options to hosts which ask for a DHCP lease. +# See RFC 2132 for details of available options. +# Common options can be given to dnsmasq by name: +# run "dnsmasq --help dhcp" to get a list. +# Note that all the common settings, such as netmask and +# broadcast address, DNS server and default route, are given +# sane defaults by dnsmasq. You very likely will not need +# any dhcp-options. If you use Windows clients and Samba, there +# are some options which are recommended, they are detailed at the +# end of this section. + +# Override the default route supplied by dnsmasq, which assumes the +# router is the same machine as the one running dnsmasq. +#dhcp-option=3,1.2.3.4 + +# Do the same thing, but using the option name +#dhcp-option=option:router,1.2.3.4 + +# Override the default route supplied by dnsmasq and send no default +# route at all. Note that this only works for the options sent by +# default (1, 3, 6, 12, 28) the same line will send a zero-length option +# for all other option numbers. +#dhcp-option=3 + +# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5 +#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5 + +# Set the NTP time server address to be the same machine as +# is running dnsmasq +#dhcp-option=42,0.0.0.0 + +# Set the NIS domain name to "welly" +#dhcp-option=40,welly + +# Set the default time-to-live to 50 +#dhcp-option=23,50 + +# Set the "all subnets are local" flag +#dhcp-option=27,1 + +# Send the etherboot magic flag and then etherboot options (a string). +#dhcp-option=128,e4:45:74:68:00:00 +#dhcp-option=129,NIC=eepro100 + +# Specify an option which will only be sent to the "red" network +# (see dhcp-range for the declaration of the "red" network) +# Note that the net: part must precede the option: part. +#dhcp-option = net:red, option:ntp-server, 192.168.1.1 + +# The following DHCP options set up dnsmasq in the same way as is specified +# for the ISC dhcpcd in +# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt +# adapted for a typical dnsmasq installation where the host running +# dnsmasq is also the host running samba. +# you may want to uncomment some or all of them if you use +# Windows clients and Samba. +#dhcp-option=19,0 # option ip-forwarding off +#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) +#dhcp-option=45,0.0.0.0 # netbios datagram distribution server +#dhcp-option=46,8 # netbios node type + +# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client +# probably doesn't support this...... +#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com + +# Send RFC-3442 classless static routes (note the netmask encoding) +#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8 + +# Send vendor-class specific options encapsulated in DHCP option 43. +# The meaning of the options is defined by the vendor-class so +# options are sent only when the client supplied vendor class +# matches the class given here. (A substring match is OK, so "MSFT" +# matches "MSFT" and "MSFT 5.0"). This example sets the +# mtftp address to 0.0.0.0 for PXEClients. +#dhcp-option=vendor:PXEClient,1,0.0.0.0 + +# Send microsoft-specific option to tell windows to release the DHCP lease +# when it shuts down. Note the "i" flag, to tell dnsmasq to send the +# value as a four-byte integer - that's what microsoft wants. See +# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true +#dhcp-option=vendor:MSFT,2,1i + +# Send the Encapsulated-vendor-class ID needed by some configurations of +# Etherboot to allow is to recognise the DHCP server. +#dhcp-option=vendor:Etherboot,60,"Etherboot" + +# Send options to PXELinux. Note that we need to send the options even +# though they don't appear in the parameter request list, so we need +# to use dhcp-option-force here. +# See http://syslinux.zytor.com/pxe.php#special for details. +# Magic number - needed before anything else is recognised +#dhcp-option-force=208,f1:00:74:7e +# Configuration file name +#dhcp-option-force=209,configs/common +# Path prefix +#dhcp-option-force=210,/tftpboot/pxelinux/files/ +# Reboot time. (Note 'i' to send 32-bit value) +#dhcp-option-force=211,30i + +# Set the boot filename for netboot/PXE. You will only need +# this is you want to boot machines over the network and you will need +# a TFTP server; either dnsmasq's built in TFTP server or an +# external one. (See below for how to enable the TFTP server.) +#dhcp-boot=pxelinux.0 + +# Boot for Etherboot gPXE. The idea is to send two different +# filenames, the first loads gPXE, and the second tells gPXE what to +# load. The dhcp-match sets the gpxe tag for requests from gPXE. +#dhcp-match=gpxe,175 # gPXE sends a 175 option. +#dhcp-boot=net:#gpxe,undionly.kpxe +#dhcp-boot=mybootimage + +# Encapsulated options for Etherboot gPXE. All the options are +# encapsulated within option 175 +#dhcp-option=encap:175, 1, 5b # priority code +#dhcp-option=encap:175, 176, 1b # no-proxydhcp +#dhcp-option=encap:175, 177, string # bus-id +#dhcp-option=encap:175, 189, 1b # BIOS drive code +#dhcp-option=encap:175, 190, user # iSCSI username +#dhcp-option=encap:175, 191, pass # iSCSI password + +# Test for the architecture of a netboot client. PXE clients are +# supposed to send their architecture as option 93. (See RFC 4578) +#dhcp-match=peecees, option:client-arch, 0 #x86-32 +#dhcp-match=itanics, option:client-arch, 2 #IA64 +#dhcp-match=hammers, option:client-arch, 6 #x86-64 +#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64 + +# Do real PXE, rather than just booting a single file, this is an +# alternative to dhcp-boot. +#pxe-prompt="What system shall I netboot?" +# or with timeout before first available action is taken: +#pxe-prompt="Press F8 for menu.", 60 + +# Available boot services. for PXE. +#pxe-service=x86PC, "Boot from local disk", 0 + +# Loads /pxelinux.0 from dnsmasq TFTP server. +#pxe-service=x86PC, "Install Linux", pxelinux + +# Loads /pxelinux.0 from TFTP server at 1.2.3.4. +# Beware this fails on old PXE ROMS. +#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4 + +# Use bootserver on network, found my multicast or broadcast. +#pxe-service=x86PC, "Install windows from RIS server", 1 + +# Use bootserver at a known IP address. +#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4 + +# If you have multicast-FTP available, +# information for that can be passed in a similar way using options 1 +# to 5. See page 19 of +# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf + + +# Enable dnsmasq's built-in TFTP server +#enable-tftp + +# Set the root directory for files availble via FTP. +#tftp-root=/var/ftpd + +# Make the TFTP server more secure: with this set, only files owned by +# the user dnsmasq is running as will be send over the net. +#tftp-secure + +# This option stops dnsmasq from negotiating a larger blocksize for TFTP +# transfers. It will slow things down, but may rescue some broken TFTP +# clients. +#tftp-no-blocksize + +# Set the boot file name only when the "red" tag is set. +#dhcp-boot=net:red,pxelinux.red-net + +# An example of dhcp-boot with an external TFTP server: the name and IP +# address of the server are given after the filename. +# Can fail with old PXE ROMS. Overridden by --pxe-service. +#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3 + +# Set the limit on DHCP leases, the default is 150 +#dhcp-lease-max=150 + +# The DHCP server needs somewhere on disk to keep its lease database. +# This defaults to a sane location, but if you want to change it, use +# the line below. +#dhcp-leasefile=/var/lib/misc/dnsmasq.leases + +# Set the DHCP server to authoritative mode. In this mode it will barge in +# and take over the lease for any client which broadcasts on the network, +# whether it has a record of the lease or not. This avoids long timeouts +# when a machine wakes up on a new network. DO NOT enable this if there's +# the slighest chance that you might end up accidentally configuring a DHCP +# server for your campus/company accidentally. The ISC server uses +# the same option, and this URL provides more information: +# http://www.isc.org/index.pl?/sw/dhcp/authoritative.php +#dhcp-authoritative + +# Run an executable when a DHCP lease is created or destroyed. +# The arguments sent to the script are "add" or "del", +# then the MAC address, the IP address and finally the hostname +# if there is one. +#dhcp-script=/bin/echo + +# Set the cachesize here. +#cache-size=150 + +# If you want to disable negative caching, uncomment this. +#no-negcache + +# Normally responses which come form /etc/hosts and the DHCP lease +# file have Time-To-Live set as zero, which conventionally means +# do not cache further. If you are happy to trade lower load on the +# server for potentially stale date, you can set a time-to-live (in +# seconds) here. +#local-ttl= + +# If you want dnsmasq to detect attempts by Verisign to send queries +# to unregistered .com and .net hosts to its sitefinder service and +# have dnsmasq instead return the correct NXDOMAIN response, uncomment +# this line. You can add similar lines to do the same for other +# registries which have implemented wildcard A records. +#bogus-nxdomain=64.94.110.11 + +# If you want to fix up DNS results from upstream servers, use the +# alias option. This only works for IPv4. +# This alias makes a result of 1.2.3.4 appear as 5.6.7.8 +#alias=1.2.3.4,5.6.7.8 +# and this maps 1.2.3.x to 5.6.7.x +#alias=1.2.3.0,5.6.7.0,255.255.255.0 +# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40 +#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 + +# Change these lines if you want dnsmasq to serve MX records. + +# Return an MX record named "maildomain.com" with target +# servermachine.com and preference 50 +#mx-host=maildomain.com,servermachine.com,50 + +# Set the default target for MX records created using the localmx option. +#mx-target=servermachine.com + +# Return an MX record pointing to the mx-target for all local +# machines. +#localmx + +# Return an MX record pointing to itself for all local machines. +#selfmx + +# Change the following lines if you want dnsmasq to serve SRV +# records. These are useful if you want to serve ldap requests for +# Active Directory and other windows-originated DNS requests. +# See RFC 2782. +# You may add multiple srv-host lines. +# The fields are ,,,, +# If the domain part if missing from the name (so that is just has the +# service and protocol sections) then the domain given by the domain= +# config option is used. (Note that expand-hosts does not need to be +# set for this to work.) + +# A SRV record sending LDAP for the example.com domain to +# ldapserver.example.com port 289 +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 + +# A SRV record sending LDAP for the example.com domain to +# ldapserver.example.com port 289 (using domain=) +#domain=example.com +#srv-host=_ldap._tcp,ldapserver.example.com,389 + +# Two SRV records for LDAP, each with different priorities +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 + +# A SRV record indicating that there is no LDAP server for the domain +# example.com +#srv-host=_ldap._tcp.example.com + +# The following line shows how to make dnsmasq serve an arbitrary PTR +# record. This is useful for DNS-SD. (Note that the +# domain-name expansion done for SRV records _does_not +# occur for PTR records.) +#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" + +# Change the following lines to enable dnsmasq to serve TXT records. +# These are used for things like SPF and zeroconf. (Note that the +# domain-name expansion done for SRV records _does_not +# occur for TXT records.) + +#Example SPF. +#txt-record=example.com,"v=spf1 a -all" + +#Example zeroconf +#txt-record=_http._tcp.example.com,name=value,paper=A4 + +# Provide an alias for a "local" DNS name. Note that this _only_ works +# for targets which are names from DHCP or /etc/hosts. Give host +# "bert" another name, bertrand +#cname=bertand,bert + +# For debugging purposes, log each DNS query as it passes through +# dnsmasq. +#log-queries + +# Log lots of extra information about DHCP transactions. +#log-dhcp + +# Include a another lot of configuration options. +#conf-file=/etc/dnsmasq.more.conf +#conf-dir=/etc/dnsmasq.d diff --git a/doc.html b/doc.html new file mode 100755 index 0000000..18a4b24 --- /dev/null +++ b/doc.html @@ -0,0 +1,113 @@ + + + Dnsmasq - a DNS forwarder for NAT firewalls. + + +

Dnsmasq

+Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP + server. It is designed to provide DNS and, optionally, DHCP, to a + small network. It can serve the names of local machines which are + not in the global DNS. The DHCP server integrates with the DNS + server and allows machines with DHCP-allocated addresses + to appear in the DNS with names configured either in each host or + in a central configuration file. Dnsmasq supports static and dynamic + DHCP leases and BOOTP/TFTP/PXE for network booting of diskless machines. +

+ Dnsmasq is targeted at home networks using NAT and +connected to the internet via a modem, cable-modem or ADSL +connection but would be a good choice for any smallish network (up to +1000 clients is known to work) where low +resource use and ease of configuration are important. +

+Supported platforms include Linux (with glibc and uclibc), *BSD, +Solaris and Mac OS X. +Dnsmasq is included in at least the following Linux distributions: +Gentoo, Debian, Slackware, Suse, Fedora, +Smoothwall, IP-Cop, floppyfw, Firebox, LEAF, Freesco, fli4l, +CoyoteLinux, Endian Firewall and +Clarkconnect. It is also available as FreeBSD, OpenBSD and NetBSD ports and is used in +Linksys wireless routers (dd-wrt, openwrt and the stock firmware) and the m0n0wall project. +

+Dnsmasq provides the following features: +

+ +
  • +The DNS configuration of machines behind the firewall is simple and +doesn't depend on the details of the ISP's dns servers +
  • +Clients which try to do DNS lookups while a modem link to the +internet is down will time out immediately. +
    • +
  • +Dnsmasq will serve names from the /etc/hosts file on the firewall +machine: If the names of local machines are there, then they can all +be addressed without having to maintain /etc/hosts on each machine. +
    • +
  • +The integrated DHCP server supports static and dynamic DHCP leases and +multiple networks and IP ranges. It works across BOOTP relays and +supports DHCP options including RFC3397 DNS search lists. +Machines which are configured by DHCP have their names automatically +included in the DNS and the names can specified by each machine or +centrally by associating a name with a MAC address in the dnsmasq +config file. +
    • +
  • +Dnsmasq caches internet addresses (A records and AAAA records) and address-to-name +mappings (PTR records), reducing the load on upstream servers and +improving performance (especially on modem connections). +
    • +
  • +Dnsmasq can be configured to automatically pick up the addresses of +its upstream nameservers from ppp or dhcp configuration. It will +automatically reload this information if it changes. This facility +will be of particular interest to maintainers of Linux firewall +distributions since it allows dns configuration to be made automatic. +
    • +
  • +On IPv6-enabled boxes, dnsmasq can both talk to upstream servers via IPv6 +and offer DNS service via IPv6. On dual-stack (IPv4 and IPv6) boxes it talks +both protocols and can even act as IPv6-to-IPv4 or IPv4-to-IPv6 forwarder. +
    • +
  • +Dnsmasq can be configured to send queries for certain domains to +upstream servers handling only those domains. This makes integration +with private DNS systems easy. +
    • +
  • +Dnsmasq supports MX and SRV records and can be configured to return MX records +for any or all local machines. +
    • +     + +

    Download.

    + + Download dnsmasq here. +The tarball includes this documentation, source, and manpage. +There is also a CHANGELOG and a FAQ. +Dnsmasq is part of the Debian distribution, it can be downloaded from + here or installed using apt. + +

    Links.

    +Damien Raude-Morvan has an article in French at http://www.drazzib.com/docs-dnsmasq.html +There is a good article about dnsmasq at http://www.enterprisenetworkingplanet.com/netos/article.php/3377351 +and another at http://www.linux.com/articles/149040 +and Ilya Evseev has an article in Russian about dnsmasq to be found at + +http://ilya-evseev.narod.ru/articles/dnsmasq. Ismael Ull has an +article about dnsmasq in Spanish at http://www.mey-online.com.ar/blog/index.php/archives/guia-rapida-de-dnsmasq +

    License.

    +Dnsmasq is distributed under the GPL. See the file COPYING in the distribution +for details. + +

    Contact.

    +There is a dnsmasq mailing list at +http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss which should be the +first location for queries, bugreports, suggestions etc. +Dnsmasq was written by Simon Kelley. You can contact me at simon@thekelleys.org.uk. + + diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 new file mode 100755 index 0000000..a5eac63 --- /dev/null +++ b/man/dnsmasq.8 @@ -0,0 +1,1290 @@ +.TH DNSMASQ 8 +.SH NAME +dnsmasq \- A lightweight DHCP and caching DNS server. +.SH SYNOPSIS +.B dnsmasq +.I [OPTION]... +.SH "DESCRIPTION" +.BR dnsmasq +is a lightweight DNS, TFTP and DHCP server. It is intended to provide +coupled DNS and DHCP service to a LAN. +.PP +Dnsmasq accepts DNS queries and either answers them from a small, local, +cache or forwards them to a real, recursive, DNS server. It loads the +contents of /etc/hosts so that local hostnames +which do not appear in the global DNS can be resolved and also answers +DNS queries for DHCP configured hosts. +.PP +The dnsmasq DHCP server supports static address assignments and multiple +networks. It automatically +sends a sensible default set of DHCP options, and can be configured to +send any desired set of DHCP options, including vendor-encapsulated +options. It includes a secure, read-only, +TFTP server to allow net/PXE boot of DHCP hosts and also supports BOOTP. +.PP +Dnsmasq +supports IPv6 for DNS, but not DHCP. +.SH OPTIONS +Note that in general missing parameters are allowed and switch off +functions, for instance "--pid-file" disables writing a PID file. On +BSD, unless the GNU getopt library is linked, the long form of the +options does not work on the command line; it is still recognised in +the configuration file. +.TP +.B --test +Read and syntax check configuration file(s). Exit with code 0 if all +is OK, or a non-zero code otherwise. Do not start up dnsmasq. +.TP +.B \-h, --no-hosts +Don't read the hostnames in /etc/hosts. +.TP +.B \-H, --addn-hosts= +Additional hosts file. Read the specified file as well as /etc/hosts. If -h is given, read +only the specified file. This option may be repeated for more than one +additional hosts file. If a directory is given, then read all the files contained in that directory. +.TP +.B \-E, --expand-hosts +Add the domain to simple names (without a period) in /etc/hosts +in the same way as for DHCP-derived names. Note that this does not +apply to domain names in cnames, PTR records, TXT records etc. +.TP +.B \-T, --local-ttl=