source: src/router/dnsmasq/src/network.c @ 31441

Last change on this file since 31441 was 31441, checked in by brainslayer, 4 months ago

latest dnsmasq code

File size: 42.8 KB
Line 
1/* dnsmasq is Copyright (c) 2000-2016 Simon Kelley
2
3   This program is free software; you can redistribute it and/or modify
4   it under the terms of the GNU General Public License as published by
5   the Free Software Foundation; version 2 dated June, 1991, or
6   (at your option) version 3 dated 29 June, 2007.
7 
8   This program is distributed in the hope that it will be useful,
9   but WITHOUT ANY WARRANTY; without even the implied warranty of
10   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11   GNU General Public License for more details.
12     
13   You should have received a copy of the GNU General Public License
14   along with this program.  If not, see <http://www.gnu.org/licenses/>.
15*/
16
17#include "dnsmasq.h"
18
19#ifdef HAVE_LINUX_NETWORK
20
21int indextoname(int fd, int index, char *name)
22{
23  struct ifreq ifr;
24 
25  if (index == 0)
26    return 0;
27
28  ifr.ifr_ifindex = index;
29  if (ioctl(fd, SIOCGIFNAME, &ifr) == -1)
30    return 0;
31
32  strncpy(name, ifr.ifr_name, IF_NAMESIZE);
33
34  return 1;
35}
36
37
38#elif defined(HAVE_SOLARIS_NETWORK)
39
40#include <zone.h>
41#include <alloca.h>
42#ifndef LIFC_UNDER_IPMP
43#  define LIFC_UNDER_IPMP 0
44#endif
45
46int indextoname(int fd, int index, char *name)
47{
48  int64_t lifc_flags;
49  struct lifnum lifn;
50  int numifs, bufsize, i;
51  struct lifconf lifc;
52  struct lifreq *lifrp;
53 
54  if (index == 0)
55    return 0;
56 
57  if (getzoneid() == GLOBAL_ZONEID)
58    {
59      if (!if_indextoname(index, name))
60        return 0;
61      return 1;
62    }
63 
64  lifc_flags = LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES | LIFC_UNDER_IPMP;
65  lifn.lifn_family = AF_UNSPEC;
66  lifn.lifn_flags = lifc_flags;
67  if (ioctl(fd, SIOCGLIFNUM, &lifn) < 0)
68    return 0;
69 
70  numifs = lifn.lifn_count;
71  bufsize = numifs * sizeof(struct lifreq);
72 
73  lifc.lifc_family = AF_UNSPEC;
74  lifc.lifc_flags = lifc_flags;
75  lifc.lifc_len = bufsize;
76  lifc.lifc_buf = alloca(bufsize);
77 
78  if (ioctl(fd, SIOCGLIFCONF, &lifc) < 0) 
79    return 0;
80 
81  lifrp = lifc.lifc_req;
82  for (i = lifc.lifc_len / sizeof(struct lifreq); i; i--, lifrp++)
83    {
84      struct lifreq lifr;
85      strncpy(lifr.lifr_name, lifrp->lifr_name, IF_NAMESIZE);
86      if (ioctl(fd, SIOCGLIFINDEX, &lifr) < 0)
87        return 0;
88     
89      if (lifr.lifr_index == index) {
90        strncpy(name, lifr.lifr_name, IF_NAMESIZE);
91        return 1;
92      }
93    }
94  return 0;
95}
96
97
98#else
99
100int indextoname(int fd, int index, char *name)
101{
102  (void)fd;
103
104  if (index == 0 || !if_indextoname(index, name))
105    return 0;
106
107  return 1;
108}
109
110#endif
111
112int iface_check(int family, struct all_addr *addr, char *name, int *auth)
113{
114  struct iname *tmp;
115  int ret = 1, match_addr = 0;
116
117  /* Note: have to check all and not bail out early, so that we set the
118     "used" flags.
119
120     May be called with family == AF_LOCALto check interface by name only. */
121 
122  if (auth)
123    *auth = 0;
124 
125  if (daemon->if_names || daemon->if_addrs)
126    {
127      ret = 0;
128
129      for (tmp = daemon->if_names; tmp; tmp = tmp->next)
130        if (tmp->name && wildcard_match(tmp->name, name))
131          ret = tmp->used = 1;
132               
133      if (addr)
134        for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
135          if (tmp->addr.sa.sa_family == family)
136            {
137              if (family == AF_INET &&
138                  tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
139                ret = match_addr = tmp->used = 1;
140#ifdef HAVE_IPV6
141              else if (family == AF_INET6 &&
142                       IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr,
143                                          &addr->addr.addr6))
144                ret = match_addr = tmp->used = 1;
145#endif
146            }         
147    }
148 
149  if (!match_addr)
150    for (tmp = daemon->if_except; tmp; tmp = tmp->next)
151      if (tmp->name && wildcard_match(tmp->name, name))
152        ret = 0;
153   
154
155  for (tmp = daemon->authinterface; tmp; tmp = tmp->next)
156    if (tmp->name)
157      {
158        if (strcmp(tmp->name, name) == 0 &&
159            (tmp->addr.sa.sa_family == 0 || tmp->addr.sa.sa_family == family))
160          break;
161      }
162    else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET &&
163             tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
164      break;
165#ifdef HAVE_IPV6
166    else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 &&
167             IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6))
168      break;
169#endif     
170
171  if (tmp && auth)
172    {
173      *auth = 1;
174      ret = 1;
175    }
176
177  return ret;
178}
179
180
181/* Fix for problem that the kernel sometimes reports the loopback interface as the
182   arrival interface when a packet originates locally, even when sent to address of
183   an interface other than the loopback. Accept packet if it arrived via a loopback
184   interface, even when we're not accepting packets that way, as long as the destination
185   address is one we're believing. Interface list must be up-to-date before calling. */
186int loopback_exception(int fd, int family, struct all_addr *addr, char *name)   
187{
188  struct ifreq ifr;
189  struct irec *iface;
190
191  strncpy(ifr.ifr_name, name, IF_NAMESIZE);
192  if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 &&
193      ifr.ifr_flags & IFF_LOOPBACK)
194    {
195      for (iface = daemon->interfaces; iface; iface = iface->next)
196        if (iface->addr.sa.sa_family == family)
197          {
198            if (family == AF_INET)
199              {
200                if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
201                  return 1;
202              }
203#ifdef HAVE_IPV6
204            else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6))
205              return 1;
206#endif
207           
208          }
209    }
210  return 0;
211}
212
213/* If we're configured with something like --interface=eth0:0 then we'll listen correctly
214   on the relevant address, but the name of the arrival interface, derived from the
215   index won't match the config. Check that we found an interface address for the arrival
216   interface: daemon->interfaces must be up-to-date. */
217int label_exception(int index, int family, struct all_addr *addr)
218{
219  struct irec *iface;
220
221  /* labels only supported on IPv4 addresses. */
222  if (family != AF_INET)
223    return 0;
224
225  for (iface = daemon->interfaces; iface; iface = iface->next)
226    if (iface->index == index && iface->addr.sa.sa_family == AF_INET &&
227        iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
228      return 1;
229
230  return 0;
231}
232
233struct iface_param {
234  struct addrlist *spare;
235  int fd;
236};
237
238static int iface_allowed(struct iface_param *param, int if_index, char *label,
239                         union mysockaddr *addr, struct in_addr netmask, int prefixlen, int iface_flags)
240{
241  struct irec *iface;
242  int mtu = 0, loopback;
243  struct ifreq ifr;
244  int tftp_ok = !!option_bool(OPT_TFTP);
245  int dhcp_ok = 1;
246  int auth_dns = 0;
247#if defined(HAVE_DHCP) || defined(HAVE_TFTP)
248  struct iname *tmp;
249#endif
250
251  (void)prefixlen;
252
253  if (!indextoname(param->fd, if_index, ifr.ifr_name) ||
254      ioctl(param->fd, SIOCGIFFLAGS, &ifr) == -1)
255    return 0;
256   
257  loopback = ifr.ifr_flags & IFF_LOOPBACK;
258 
259  if (loopback)
260    dhcp_ok = 0;
261 
262  if (ioctl(param->fd, SIOCGIFMTU, &ifr) != -1)
263    mtu = ifr.ifr_mtu;
264 
265  if (!label)
266    label = ifr.ifr_name;
267 
268  /* maintain a list of all addresses on all interfaces for --local-service option */
269  if (option_bool(OPT_LOCAL_SERVICE))
270    {
271      struct addrlist *al;
272
273      if (param->spare)
274        {
275          al = param->spare;
276          param->spare = al->next;
277        }
278      else
279        al = whine_malloc(sizeof(struct addrlist));
280     
281      if (al)
282        {
283          al->next = daemon->interface_addrs;
284          daemon->interface_addrs = al;
285          al->prefixlen = prefixlen;
286         
287          if (addr->sa.sa_family == AF_INET)
288            {
289              al->addr.addr.addr4 = addr->in.sin_addr;
290              al->flags = 0;
291            }
292#ifdef HAVE_IPV6
293          else
294            {
295              al->addr.addr.addr6 = addr->in6.sin6_addr;
296              al->flags = ADDRLIST_IPV6;
297            }
298#endif
299        }
300    }
301 
302#ifdef HAVE_IPV6
303  if (addr->sa.sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr))
304#endif
305    {
306      struct interface_name *int_name;
307      struct addrlist *al;
308#ifdef HAVE_AUTH
309      struct auth_zone *zone;
310      struct auth_name_list *name;
311
312      /* Find subnets in auth_zones */
313      for (zone = daemon->auth_zones; zone; zone = zone->next)
314        for (name = zone->interface_names; name; name = name->next)
315          if (wildcard_match(name->name, label))
316            {
317              if (addr->sa.sa_family == AF_INET && (name->flags & AUTH4))
318                {
319                  if (param->spare)
320                    {
321                      al = param->spare;
322                      param->spare = al->next;
323                    }
324                  else
325                    al = whine_malloc(sizeof(struct addrlist));
326                 
327                  if (al)
328                    {
329                      al->next = zone->subnet;
330                      zone->subnet = al;
331                      al->prefixlen = prefixlen;
332                      al->addr.addr.addr4 = addr->in.sin_addr;
333                      al->flags = 0;
334                    }
335                }
336             
337#ifdef HAVE_IPV6
338              if (addr->sa.sa_family == AF_INET6 && (name->flags & AUTH6))
339                {
340                  if (param->spare)
341                    {
342                      al = param->spare;
343                      param->spare = al->next;
344                    }
345                  else
346                    al = whine_malloc(sizeof(struct addrlist));
347                 
348                  if (al)
349                    {
350                      al->next = zone->subnet;
351                      zone->subnet = al;
352                      al->prefixlen = prefixlen;
353                      al->addr.addr.addr6 = addr->in6.sin6_addr;
354                      al->flags = ADDRLIST_IPV6;
355                    }
356                }
357#endif
358             
359            }
360#endif
361       
362      /* Update addresses from interface_names. These are a set independent
363         of the set we're listening on. */ 
364      for (int_name = daemon->int_names; int_name; int_name = int_name->next)
365        if (strncmp(label, int_name->intr, IF_NAMESIZE) == 0 &&
366            (addr->sa.sa_family == int_name->family || int_name->family == 0))
367          {
368            if (param->spare)
369              {
370                al = param->spare;
371                param->spare = al->next;
372              }
373            else
374              al = whine_malloc(sizeof(struct addrlist));
375           
376            if (al)
377              {
378                al->next = int_name->addr;
379                int_name->addr = al;
380               
381                if (addr->sa.sa_family == AF_INET)
382                  {
383                    al->addr.addr.addr4 = addr->in.sin_addr;
384                    al->flags = 0;
385                  }
386#ifdef HAVE_IPV6
387                else
388                 {
389                    al->addr.addr.addr6 = addr->in6.sin6_addr;
390                    al->flags = ADDRLIST_IPV6;
391                    /* Privacy addresses and addresses still undergoing DAD and deprecated addresses
392                       don't appear in forward queries, but will in reverse ones. */
393                    if (!(iface_flags & IFACE_PERMANENT) || (iface_flags & (IFACE_DEPRECATED | IFACE_TENTATIVE)))
394                      al->flags |= ADDRLIST_REVONLY;
395                 }
396#endif
397              }
398          }
399    }
400 
401  /* check whether the interface IP has been added already
402     we call this routine multiple times. */
403  for (iface = daemon->interfaces; iface; iface = iface->next)
404    if (sockaddr_isequal(&iface->addr, addr))
405      {
406        iface->dad = !!(iface_flags & IFACE_TENTATIVE);
407        iface->found = 1; /* for garbage collection */
408        return 1;
409      }
410
411 /* If we are restricting the set of interfaces to use, make
412     sure that loopback interfaces are in that set. */
413  if (daemon->if_names && loopback)
414    {
415      struct iname *lo;
416      for (lo = daemon->if_names; lo; lo = lo->next)
417        if (lo->name && strcmp(lo->name, ifr.ifr_name) == 0)
418          break;
419     
420      if (!lo && (lo = whine_malloc(sizeof(struct iname))))
421        {
422          if ((lo->name = whine_malloc(strlen(ifr.ifr_name)+1)))
423            {
424              strcpy(lo->name, ifr.ifr_name);
425              lo->used = 1;
426              lo->next = daemon->if_names;
427              daemon->if_names = lo;
428            }
429          else
430            free(lo);
431        }
432    }
433 
434  if (addr->sa.sa_family == AF_INET &&
435      !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns))
436    return 1;
437
438#ifdef HAVE_IPV6
439  if (addr->sa.sa_family == AF_INET6 &&
440      !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns))
441    return 1;
442#endif
443   
444#ifdef HAVE_DHCP
445  /* No DHCP where we're doing auth DNS. */
446  if (auth_dns)
447    {
448      tftp_ok = 0;
449      dhcp_ok = 0;
450    }
451  else
452    for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
453      if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
454        {
455          tftp_ok = 0;
456          dhcp_ok = 0;
457        }
458#endif
459 
460 
461#ifdef HAVE_TFTP
462  if (daemon->tftp_interfaces)
463    {
464      /* dedicated tftp interface list */
465      tftp_ok = 0;
466      for (tmp = daemon->tftp_interfaces; tmp; tmp = tmp->next)
467        if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
468          tftp_ok = 1;
469    }
470#endif
471 
472  /* add to list */
473  if ((iface = whine_malloc(sizeof(struct irec))))
474    {
475      iface->addr = *addr;
476      iface->netmask = netmask;
477      iface->tftp_ok = tftp_ok;
478      iface->dhcp_ok = dhcp_ok;
479      iface->dns_auth = auth_dns;
480      iface->mtu = mtu;
481      iface->dad = !!(iface_flags & IFACE_TENTATIVE);
482      iface->found = 1;
483      iface->done = iface->multicast_done = iface->warned = 0;
484      iface->index = if_index;
485      if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1)))
486        {
487          strcpy(iface->name, ifr.ifr_name);
488          iface->next = daemon->interfaces;
489          daemon->interfaces = iface;
490          return 1;
491        }
492      free(iface);
493
494    }
495 
496  errno = ENOMEM;
497  return 0;
498}
499
500#ifdef HAVE_IPV6
501static int iface_allowed_v6(struct in6_addr *local, int prefix,
502                            int scope, int if_index, int flags,
503                            int preferred, int valid, void *vparam)
504{
505  union mysockaddr addr;
506  struct in_addr netmask; /* dummy */
507  netmask.s_addr = 0;
508
509  (void)scope; /* warning */
510  (void)preferred;
511  (void)valid;
512 
513  memset(&addr, 0, sizeof(addr));
514#ifdef HAVE_SOCKADDR_SA_LEN
515  addr.in6.sin6_len = sizeof(addr.in6);
516#endif
517  addr.in6.sin6_family = AF_INET6;
518  addr.in6.sin6_addr = *local;
519  addr.in6.sin6_port = htons(daemon->port);
520  /* FreeBSD insists this is zero for non-linklocal addresses */
521  if (IN6_IS_ADDR_LINKLOCAL(local))
522    addr.in6.sin6_scope_id = if_index;
523  else
524    addr.in6.sin6_scope_id = 0;
525 
526  return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, flags);
527}
528#endif
529
530static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
531                            struct in_addr netmask, struct in_addr broadcast, void *vparam)
532{
533  union mysockaddr addr;
534  int prefix, bit;
535 
536  (void)broadcast; /* warning */
537
538  memset(&addr, 0, sizeof(addr));
539#ifdef HAVE_SOCKADDR_SA_LEN
540  addr.in.sin_len = sizeof(addr.in);
541#endif
542  addr.in.sin_family = AF_INET;
543  addr.in.sin_addr = local;
544  addr.in.sin_port = htons(daemon->port);
545
546  /* determine prefix length from netmask */
547  for (prefix = 32, bit = 1; (bit & ntohl(netmask.s_addr)) == 0 && prefix != 0; bit = bit << 1, prefix--);
548
549  return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0);
550}
551   
552int enumerate_interfaces(int reset)
553{
554  static struct addrlist *spare = NULL;
555  static int done = 0;
556  struct iface_param param;
557  int errsave, ret = 1;
558  struct addrlist *addr, *tmp;
559  struct interface_name *intname;
560  struct irec *iface;
561#ifdef HAVE_AUTH
562  struct auth_zone *zone;
563#endif
564
565  /* Do this max once per select cycle  - also inhibits netlink socket use
566   in TCP child processes. */
567
568  if (reset)
569    {
570      done = 0;
571      return 1;
572    }
573
574  if (done)
575    return 1;
576
577  done = 1;
578
579  if ((param.fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
580    return 0;
581 
582  /* Mark interfaces for garbage collection */
583  for (iface = daemon->interfaces; iface; iface = iface->next)
584    iface->found = 0;
585
586  /* remove addresses stored against interface_names */
587  for (intname = daemon->int_names; intname; intname = intname->next)
588    {
589      for (addr = intname->addr; addr; addr = tmp)
590        {
591          tmp = addr->next;
592          addr->next = spare;
593          spare = addr;
594        }
595     
596      intname->addr = NULL;
597    }
598
599  /* Remove list of addresses of local interfaces */
600  for (addr = daemon->interface_addrs; addr; addr = tmp)
601    {
602      tmp = addr->next;
603      addr->next = spare;
604      spare = addr;
605    }
606  daemon->interface_addrs = NULL;
607 
608#ifdef HAVE_AUTH
609  /* remove addresses stored against auth_zone subnets, but not
610   ones configured as address literals */
611  for (zone = daemon->auth_zones; zone; zone = zone->next)
612    if (zone->interface_names)
613      {
614        struct addrlist **up;
615        for (up = &zone->subnet, addr = zone->subnet; addr; addr = tmp)
616          {
617            tmp = addr->next;
618            if (addr->flags & ADDRLIST_LITERAL)
619              up = &addr->next;
620            else
621              {
622                *up = addr->next;
623                addr->next = spare;
624                spare = addr;
625              }
626          }
627      }
628#endif
629
630  param.spare = spare;
631 
632#ifdef HAVE_IPV6
633  ret = iface_enumerate(AF_INET6, &param, iface_allowed_v6);
634#endif
635
636  if (ret)
637    ret = iface_enumerate(AF_INET, &param, iface_allowed_v4);
638 
639  errsave = errno;
640  close(param.fd);
641 
642  if (option_bool(OPT_CLEVERBIND))
643    {
644      /* Garbage-collect listeners listening on addresses that no longer exist.
645         Does nothing when not binding interfaces or for listeners on localhost,
646         since the ->iface field is NULL. Note that this needs the protections
647         against reentrancy, hence it's here.  It also means there's a possibility,
648         in OPT_CLEVERBIND mode, that at listener will just disappear after
649         a call to enumerate_interfaces, this is checked OK on all calls. */
650      struct listener *l, *tmp, **up;
651     
652      for (up = &daemon->listeners, l = daemon->listeners; l; l = tmp)
653        {
654          tmp = l->next;
655         
656          if (!l->iface || l->iface->found)
657            up = &l->next;
658          else
659            {
660              *up = l->next;
661             
662              /* In case it ever returns */
663              l->iface->done = 0;
664             
665              if (l->fd != -1)
666                close(l->fd);
667              if (l->tcpfd != -1)
668                close(l->tcpfd);
669              if (l->tftpfd != -1)
670                close(l->tftpfd);
671             
672              free(l);
673            }
674        }
675    }
676 
677  errno = errsave;
678  spare = param.spare;
679   
680  return ret;
681}
682
683/* set NONBLOCK bit on fd: See Stevens 16.6 */
684int fix_fd(int fd)
685{
686  int flags;
687
688  if ((flags = fcntl(fd, F_GETFL)) == -1 ||
689      fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
690    return 0;
691 
692  return 1;
693}
694
695static int make_sock(union mysockaddr *addr, int type, int dienow)
696{
697  int family = addr->sa.sa_family;
698  int fd, rc, opt = 1;
699 
700  if ((fd = socket(family, type, 0)) == -1)
701    {
702      int port, errsave;
703      char *s;
704
705      /* No error if the kernel just doesn't support this IP flavour */
706      if (errno == EPROTONOSUPPORT ||
707          errno == EAFNOSUPPORT ||
708          errno == EINVAL)
709        return -1;
710     
711    err:
712      errsave = errno;
713      port = prettyprint_addr(addr, daemon->addrbuff);
714      if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
715        sprintf(daemon->addrbuff, "port %d", port);
716      s = _("failed to create listening socket for %s: %s");
717     
718      if (fd != -1)
719        close (fd);
720       
721      errno = errsave;
722
723      if (dienow)
724        {
725          /* failure to bind addresses given by --listen-address at this point
726             is OK if we're doing bind-dynamic */
727          if (!option_bool(OPT_CLEVERBIND))
728            die(s, daemon->addrbuff, EC_BADNET);
729        }
730      else
731        my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
732     
733      return -1;
734    }   
735 
736  if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd))
737    goto err;
738 
739#ifdef HAVE_IPV6
740  if (family == AF_INET6 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
741    goto err;
742#endif
743 
744  if ((rc = bind(fd, (struct sockaddr *)addr, sa_len(addr))) == -1)
745    goto err;
746 
747  if (type == SOCK_STREAM)
748    {
749      if (listen(fd, TCP_BACKLOG) == -1)
750        goto err;
751    }
752  else if (family == AF_INET)
753    {
754      if (!option_bool(OPT_NOWILD))
755        {
756#if defined(HAVE_LINUX_NETWORK)
757          if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1)
758            goto err;
759#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
760          if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 ||
761              setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1)
762            goto err;
763#endif
764        }
765    }
766#ifdef HAVE_IPV6
767  else if (!set_ipv6pktinfo(fd))
768    goto err;
769#endif
770 
771  return fd;
772}
773
774#ifdef HAVE_IPV6 
775int set_ipv6pktinfo(int fd)
776{
777  int opt = 1;
778
779  /* The API changed around Linux 2.6.14 but the old ABI is still supported:
780     handle all combinations of headers and kernel.
781     OpenWrt note that this fixes the problem addressed by your very broken patch. */
782  daemon->v6pktinfo = IPV6_PKTINFO;
783 
784#ifdef IPV6_RECVPKTINFO
785  if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &opt, sizeof(opt)) != -1)
786    return 1;
787# ifdef IPV6_2292PKTINFO
788  else if (errno == ENOPROTOOPT && setsockopt(fd, IPPROTO_IPV6, IPV6_2292PKTINFO, &opt, sizeof(opt)) != -1)
789    {
790      daemon->v6pktinfo = IPV6_2292PKTINFO;
791      return 1;
792    }
793# endif
794#else
795  if (setsockopt(fd, IPPROTO_IPV6, IPV6_PKTINFO, &opt, sizeof(opt)) != -1)
796    return 1;
797#endif
798
799  return 0;
800}
801#endif
802
803
804/* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
805int tcp_interface(int fd, int af)
806{
807  int if_index = 0;
808
809#ifdef HAVE_LINUX_NETWORK
810  int opt = 1;
811  struct cmsghdr *cmptr;
812  struct msghdr msg;
813  socklen_t len;
814 
815  /* use mshdr so that the CMSDG_* macros are available */
816  msg.msg_control = daemon->packet;
817  msg.msg_controllen = len = daemon->packet_buff_sz;
818 
819  /* we overwrote the buffer... */
820  daemon->srv_save = NULL;
821 
822  if (af == AF_INET)
823    {
824      if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) != -1 &&
825          getsockopt(fd, IPPROTO_IP, IP_PKTOPTIONS, msg.msg_control, &len) != -1)
826        {
827          msg.msg_controllen = len;
828          for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
829            if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
830              {
831                union {
832                  unsigned char *c;
833                  struct in_pktinfo *p;
834                } p;
835               
836                p.c = CMSG_DATA(cmptr);
837                if_index = p.p->ipi_ifindex;
838              }
839        }
840    }
841#ifdef HAVE_IPV6
842  else
843    {
844      /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
845         it was removed in RFC-3542 !!!!
846
847         Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
848         uses the old ABI, and should work with pre- and post-3542 kernel headers */
849
850#ifdef IPV6_2292PKTOPTIONS   
851#  define PKTOPTIONS IPV6_2292PKTOPTIONS
852#else
853#  define PKTOPTIONS IPV6_PKTOPTIONS
854#endif
855
856      if (set_ipv6pktinfo(fd) &&
857          getsockopt(fd, IPPROTO_IPV6, PKTOPTIONS, msg.msg_control, &len) != -1)
858        {
859          msg.msg_controllen = len;
860          for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
861            if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
862              {
863                union {
864                  unsigned char *c;
865                  struct in6_pktinfo *p;
866                } p;
867                p.c = CMSG_DATA(cmptr);
868               
869                if_index = p.p->ipi6_ifindex;
870              }
871        }
872    }
873#endif /* IPV6 */
874#endif /* Linux */
875 
876  return if_index;
877}
878     
879static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, int dienow)
880{
881  struct listener *l = NULL;
882  int fd = -1, tcpfd = -1, tftpfd = -1;
883
884  (void)do_tftp;
885
886  if (daemon->port != 0)
887    {
888      fd = make_sock(addr, SOCK_DGRAM, dienow);
889      tcpfd = make_sock(addr, SOCK_STREAM, dienow);
890    }
891 
892#ifdef HAVE_TFTP
893  if (do_tftp)
894    {
895      if (addr->sa.sa_family == AF_INET)
896        {
897          /* port must be restored to DNS port for TCP code */
898          short save = addr->in.sin_port;
899          addr->in.sin_port = htons(TFTP_PORT);
900          tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
901          addr->in.sin_port = save;
902        }
903#  ifdef HAVE_IPV6
904      else
905        {
906          short save = addr->in6.sin6_port;
907          addr->in6.sin6_port = htons(TFTP_PORT);
908          tftpfd = make_sock(addr, SOCK_DGRAM, dienow);
909          addr->in6.sin6_port = save;
910        } 
911#  endif
912    }
913#endif
914
915  if (fd != -1 || tcpfd != -1 || tftpfd != -1)
916    {
917      l = safe_malloc(sizeof(struct listener));
918      l->next = NULL;
919      l->family = addr->sa.sa_family;
920      l->fd = fd;
921      l->tcpfd = tcpfd;
922      l->tftpfd = tftpfd;       
923      l->iface = NULL;
924    }
925
926  return l;
927}
928
929void create_wildcard_listeners(void)
930{
931  union mysockaddr addr;
932  struct listener *l, *l6;
933
934  memset(&addr, 0, sizeof(addr));
935#ifdef HAVE_SOCKADDR_SA_LEN
936  addr.in.sin_len = sizeof(addr.in);
937#endif
938  addr.in.sin_family = AF_INET;
939  addr.in.sin_addr.s_addr = INADDR_ANY;
940  addr.in.sin_port = htons(daemon->port);
941
942  l = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
943
944#ifdef HAVE_IPV6
945  memset(&addr, 0, sizeof(addr));
946#  ifdef HAVE_SOCKADDR_SA_LEN
947  addr.in6.sin6_len = sizeof(addr.in6);
948#  endif
949  addr.in6.sin6_family = AF_INET6;
950  addr.in6.sin6_addr = in6addr_any;
951  addr.in6.sin6_port = htons(daemon->port);
952 
953  l6 = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
954  if (l)
955    l->next = l6;
956  else
957    l = l6;
958#endif
959
960  daemon->listeners = l;
961}
962
963void create_bound_listeners(int dienow)
964{
965  struct listener *new;
966  struct irec *iface;
967  struct iname *if_tmp;
968
969  for (iface = daemon->interfaces; iface; iface = iface->next)
970    if (!iface->done && !iface->dad && iface->found &&
971        (new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
972      {
973        new->iface = iface;
974        new->next = daemon->listeners;
975        daemon->listeners = new;
976        iface->done = 1;
977      }
978
979  /* Check for --listen-address options that haven't been used because there's
980     no interface with a matching address. These may be valid: eg it's possible
981     to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
982
983     If the address isn't valid the bind() will fail and we'll die()
984     (except in bind-dynamic mode, when we'll complain but keep trying.)
985
986     The resulting listeners have the ->iface field NULL, and this has to be
987     handled by the DNS and TFTP code. It disables --localise-queries processing
988     (no netmask) and some MTU login the tftp code. */
989
990  for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
991    if (!if_tmp->used &&
992        (new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow)))
993      {
994        new->next = daemon->listeners;
995        daemon->listeners = new;
996      }
997}
998
999/* In --bind-interfaces, the only access control is the addresses we're listening on.
1000   There's nothing to avoid a query to the address of an internal interface arriving via
1001   an external interface where we don't want to accept queries, except that in the usual
1002   case the addresses of internal interfaces are RFC1918. When bind-interfaces in use,
1003   and we listen on an address that looks like it's probably globally routeable, shout.
1004
1005   The fix is to use --bind-dynamic, which actually checks the arrival interface too.
1006   Tough if your platform doesn't support this.
1007
1008   Note that checking the arrival interface is supported in the standard IPv6 API and
1009   always done, so we don't warn about any IPv6 addresses here.
1010*/
1011
1012void warn_bound_listeners(void)
1013{
1014  struct irec *iface;   
1015  int advice = 0;
1016
1017  for (iface = daemon->interfaces; iface; iface = iface->next)
1018    if (!iface->dns_auth)
1019      {
1020        if (iface->addr.sa.sa_family == AF_INET)
1021          {
1022            if (!private_net(iface->addr.in.sin_addr, 1))
1023              {
1024                inet_ntop(AF_INET, &iface->addr.in.sin_addr, daemon->addrbuff, ADDRSTRLEN);
1025                iface->warned = advice = 1;
1026                my_syslog(LOG_WARNING,
1027                          _("LOUD WARNING: listening on %s may accept requests via interfaces other than %s"),
1028                          daemon->addrbuff, iface->name);
1029              }
1030          }
1031      }
1032 
1033  if (advice)
1034    my_syslog(LOG_WARNING, _("LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"));
1035}
1036
1037void warn_int_names(void)
1038{
1039  struct interface_name *intname;
1040 
1041  for (intname = daemon->int_names; intname; intname = intname->next)
1042    if (!intname->addr)
1043      my_syslog(LOG_WARNING, _("warning: no addresses found for interface %s"), intname->intr);
1044}
1045 
1046int is_dad_listeners(void)
1047{
1048  struct irec *iface;
1049 
1050  if (option_bool(OPT_NOWILD))
1051    for (iface = daemon->interfaces; iface; iface = iface->next)
1052      if (iface->dad && !iface->done)
1053        return 1;
1054 
1055  return 0;
1056}
1057
1058#ifdef HAVE_DHCP6
1059void join_multicast(int dienow)     
1060{
1061  struct irec *iface, *tmp;
1062
1063  for (iface = daemon->interfaces; iface; iface = iface->next)
1064    if (iface->addr.sa.sa_family == AF_INET6 && iface->dhcp_ok && !iface->multicast_done)
1065      {
1066        /* There's an irec per address but we only want to join for multicast
1067           once per interface. Weed out duplicates. */
1068        for (tmp = daemon->interfaces; tmp; tmp = tmp->next)
1069          if (tmp->multicast_done && tmp->index == iface->index)
1070            break;
1071       
1072        iface->multicast_done = 1;
1073       
1074        if (!tmp)
1075          {
1076            struct ipv6_mreq mreq;
1077            int err = 0;
1078
1079            mreq.ipv6mr_interface = iface->index;
1080           
1081            inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
1082           
1083            if ((daemon->doing_dhcp6 || daemon->relay6) &&
1084                setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
1085              err = errno;
1086           
1087            inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
1088           
1089            if (daemon->doing_dhcp6 &&
1090                setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
1091              err = errno;
1092           
1093            inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr);
1094           
1095            if (daemon->doing_ra &&
1096                setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
1097              err = errno;
1098           
1099            if (err)
1100              {
1101                char *s = _("interface %s failed to join DHCPv6 multicast group: %s");
1102                errno = err;
1103
1104#ifdef HAVE_LINUX_NETWORK
1105                if (errno == ENOMEM)
1106                  my_syslog(LOG_ERR, _("try increasing /proc/sys/net/core/optmem_max"));
1107#endif
1108
1109                if (dienow)
1110                  die(s, iface->name, EC_BADNET);
1111                else
1112                  my_syslog(LOG_ERR, s, iface->name, strerror(errno));
1113              }
1114          }
1115      }
1116}
1117#endif
1118
1119/* return a UDP socket bound to a random port, have to cope with straying into
1120   occupied port nos and reserved ones. */
1121int random_sock(int family)
1122{
1123  int fd;
1124
1125  if ((fd = socket(family, SOCK_DGRAM, 0)) != -1)
1126    {
1127      union mysockaddr addr;
1128      unsigned int ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1;
1129      int tries = ports_avail < 30 ? 3 * ports_avail : 100;
1130
1131      memset(&addr, 0, sizeof(addr));
1132      addr.sa.sa_family = family;
1133
1134      /* don't loop forever if all ports in use. */
1135
1136      if (fix_fd(fd))
1137        while(tries--)
1138          {
1139            unsigned short port = rand16();
1140           
1141            if (daemon->min_port != 0 || daemon->max_port != MAX_PORT)
1142              port = htons(daemon->min_port + (port % ((unsigned short)ports_avail)));
1143           
1144            if (family == AF_INET)
1145              {
1146                addr.in.sin_addr.s_addr = INADDR_ANY;
1147                addr.in.sin_port = port;
1148#ifdef HAVE_SOCKADDR_SA_LEN
1149                addr.in.sin_len = sizeof(struct sockaddr_in);
1150#endif
1151              }
1152#ifdef HAVE_IPV6
1153            else
1154              {
1155                addr.in6.sin6_addr = in6addr_any;
1156                addr.in6.sin6_port = port;
1157#ifdef HAVE_SOCKADDR_SA_LEN
1158                addr.in6.sin6_len = sizeof(struct sockaddr_in6);
1159#endif
1160              }
1161#endif
1162           
1163            if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0)
1164              return fd;
1165           
1166            if (errno != EADDRINUSE && errno != EACCES)
1167              break;
1168          }
1169
1170      close(fd);
1171    }
1172
1173  return -1;
1174}
1175 
1176
1177int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp)
1178{
1179  union mysockaddr addr_copy = *addr;
1180
1181  /* cannot set source _port_ for TCP connections. */
1182  if (is_tcp)
1183    {
1184      if (addr_copy.sa.sa_family == AF_INET)
1185        addr_copy.in.sin_port = 0;
1186#ifdef HAVE_IPV6
1187      else
1188        addr_copy.in6.sin6_port = 0;
1189#endif
1190    }
1191 
1192  if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) == -1)
1193    return 0;
1194   
1195#if defined(SO_BINDTODEVICE)
1196  if (intname[0] != 0 &&
1197      setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, IF_NAMESIZE) == -1)
1198    return 0;
1199#endif
1200
1201  return 1;
1202}
1203
1204static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname)
1205{
1206  struct serverfd *sfd;
1207  unsigned int ifindex = 0;
1208  int errsave;
1209
1210  /* when using random ports, servers which would otherwise use
1211     the INADDR_ANY/port0 socket have sfd set to NULL */
1212  if (!daemon->osport && intname[0] == 0)
1213    {
1214      errno = 0;
1215     
1216      if (addr->sa.sa_family == AF_INET &&
1217          addr->in.sin_addr.s_addr == INADDR_ANY &&
1218          addr->in.sin_port == htons(0))
1219        return NULL;
1220
1221#ifdef HAVE_IPV6
1222      if (addr->sa.sa_family == AF_INET6 &&
1223          memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 &&
1224          addr->in6.sin6_port == htons(0))
1225        return NULL;
1226#endif
1227    }
1228
1229  if (intname && strlen(intname) != 0)
1230    ifindex = if_nametoindex(intname); /* index == 0 when not binding to an interface */
1231     
1232  /* may have a suitable one already */
1233  for (sfd = daemon->sfds; sfd; sfd = sfd->next )
1234    if (sockaddr_isequal(&sfd->source_addr, addr) &&
1235        strcmp(intname, sfd->interface) == 0 &&
1236        ifindex == sfd->ifindex)
1237      return sfd;
1238 
1239  /* need to make a new one. */
1240  errno = ENOMEM; /* in case malloc fails. */
1241  if (!(sfd = whine_malloc(sizeof(struct serverfd))))
1242    return NULL;
1243 
1244  if ((sfd->fd = socket(addr->sa.sa_family, SOCK_DGRAM, 0)) == -1)
1245    {
1246      free(sfd);
1247      return NULL;
1248    }
1249 
1250  if (!local_bind(sfd->fd, addr, intname, 0) || !fix_fd(sfd->fd))
1251    {
1252      errsave = errno; /* save error from bind. */
1253      close(sfd->fd);
1254      free(sfd);
1255      errno = errsave;
1256      return NULL;
1257    }
1258
1259  strcpy(sfd->interface, intname);
1260  sfd->source_addr = *addr;
1261  sfd->next = daemon->sfds;
1262  sfd->ifindex = ifindex;
1263  daemon->sfds = sfd;
1264
1265  return sfd;
1266}
1267
1268/* create upstream sockets during startup, before root is dropped which may be needed
1269   this allows query_port to be a low port and interface binding */
1270void pre_allocate_sfds(void)
1271{
1272  struct server *srv;
1273 
1274  if (daemon->query_port != 0)
1275    {
1276      union  mysockaddr addr;
1277      memset(&addr, 0, sizeof(addr));
1278      addr.in.sin_family = AF_INET;
1279      addr.in.sin_addr.s_addr = INADDR_ANY;
1280      addr.in.sin_port = htons(daemon->query_port);
1281#ifdef HAVE_SOCKADDR_SA_LEN
1282      addr.in.sin_len = sizeof(struct sockaddr_in);
1283#endif
1284      allocate_sfd(&addr, "");
1285#ifdef HAVE_IPV6
1286      memset(&addr, 0, sizeof(addr));
1287      addr.in6.sin6_family = AF_INET6;
1288      addr.in6.sin6_addr = in6addr_any;
1289      addr.in6.sin6_port = htons(daemon->query_port);
1290#ifdef HAVE_SOCKADDR_SA_LEN
1291      addr.in6.sin6_len = sizeof(struct sockaddr_in6);
1292#endif
1293      allocate_sfd(&addr, "");
1294#endif
1295    }
1296 
1297  for (srv = daemon->servers; srv; srv = srv->next)
1298    if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)) &&
1299        !allocate_sfd(&srv->source_addr, srv->interface) &&
1300        errno != 0 &&
1301        option_bool(OPT_NOWILD))
1302      {
1303        prettyprint_addr(&srv->source_addr, daemon->namebuff);
1304        if (srv->interface[0] != 0)
1305          {
1306            strcat(daemon->namebuff, " ");
1307            strcat(daemon->namebuff, srv->interface);
1308          }
1309        die(_("failed to bind server socket for %s: %s"),
1310            daemon->namebuff, EC_BADNET);
1311      } 
1312}
1313
1314void mark_servers(int flag)
1315{
1316  struct server *serv;
1317
1318  /* mark everything with argument flag */
1319  for (serv = daemon->servers; serv; serv = serv->next)
1320    {
1321      if (serv->flags & flag)
1322        serv->flags |= SERV_MARK;
1323#ifdef HAVE_LOOP
1324      /* Give looped servers another chance */
1325      serv->flags &= ~SERV_LOOP;
1326#endif
1327    }
1328}
1329
1330void cleanup_servers(void)
1331{
1332  struct server *serv, *tmp, **up;
1333
1334  /* unlink and free anything still marked. */
1335  for (serv = daemon->servers, up = &daemon->servers; serv; serv = tmp)
1336    {
1337      tmp = serv->next;
1338      if (serv->flags & SERV_MARK)
1339       {
1340         server_gone(serv);
1341         *up = serv->next;
1342         if (serv->domain)
1343           free(serv->domain);
1344         free(serv);
1345       }
1346      else
1347       up = &serv->next;
1348    }
1349
1350#ifdef HAVE_LOOP
1351  /* Now we have a new set of servers, test for loops. */
1352  loop_send_probes();
1353#endif
1354}
1355
1356void add_update_server(int flags,
1357                       union mysockaddr *addr,
1358                       union mysockaddr *source_addr,
1359                       const char *interface,
1360                       const char *domain)
1361{
1362  struct server *serv, *next = NULL;
1363  char *domain_str = NULL;
1364 
1365  /* See if there is a suitable candidate, and unmark */
1366  for (serv = daemon->servers; serv; serv = serv->next)
1367    if (serv->flags & SERV_MARK)
1368      {
1369        if (domain)
1370          {
1371            if (!(serv->flags & SERV_HAS_DOMAIN) || !hostname_isequal(domain, serv->domain))
1372              continue;
1373          }
1374        else
1375          {
1376            if (serv->flags & SERV_HAS_DOMAIN)
1377              continue;
1378          }
1379       
1380        break;
1381      }
1382
1383  if (serv)
1384    {
1385      domain_str = serv->domain;
1386      next = serv->next;
1387    }
1388  else if ((serv = whine_malloc(sizeof (struct server))))
1389    {
1390      /* Not found, create a new one. */
1391      if (domain && !(domain_str = whine_malloc(strlen(domain)+1)))
1392        {
1393          free(serv);
1394          serv = NULL;
1395        }
1396      else
1397        {
1398          struct server *s;
1399          /* Add to the end of the chain, for order */
1400          if (!daemon->servers)
1401            daemon->servers = serv;
1402          else
1403            {
1404              for (s = daemon->servers; s->next; s = s->next);
1405              s->next = serv;
1406            }
1407          if (domain)
1408            strcpy(domain_str, domain);
1409        }
1410    }
1411 
1412  if (serv)
1413    {
1414      memset(serv, 0, sizeof(struct server));
1415      serv->flags = flags;
1416      serv->domain = domain_str;
1417      serv->next = next;
1418      serv->queries = serv->failed_queries = 0;
1419#ifdef HAVE_LOOP
1420      serv->uid = rand32();
1421#endif     
1422
1423      if (domain)
1424        serv->flags |= SERV_HAS_DOMAIN;
1425     
1426      if (interface)
1427        strcpy(serv->interface, interface);     
1428      if (addr)
1429        serv->addr = *addr;
1430      if (source_addr)
1431        serv->source_addr = *source_addr;
1432    }
1433}
1434
1435void check_servers(void)
1436{
1437  struct irec *iface;
1438  struct server *serv;
1439  struct serverfd *sfd, *tmp, **up;
1440  int port = 0, count;
1441  int locals = 0;
1442
1443  /* interface may be new since startup */
1444  if (!option_bool(OPT_NOWILD))
1445    enumerate_interfaces(0);
1446 
1447  for (sfd = daemon->sfds; sfd; sfd = sfd->next)
1448    sfd->used = 0;
1449
1450#ifdef HAVE_DNSSEC
1451 /* Disable DNSSEC validation when using server=/domain/.... servers
1452    unless there's a configured trust anchor. */
1453  for (serv = daemon->servers; serv; serv = serv->next)
1454    serv->flags |= SERV_DO_DNSSEC;
1455#endif
1456
1457  for (count = 0, serv = daemon->servers; serv; serv = serv->next)
1458    {
1459      if (!(serv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND)))
1460        {
1461          /* Init edns_pktsz for newly created server records. */
1462          if (serv->edns_pktsz == 0)
1463            serv->edns_pktsz = daemon->edns_pktsz;
1464         
1465#ifdef HAVE_DNSSEC
1466          if (option_bool(OPT_DNSSEC_VALID))
1467            {
1468              if (serv->flags & SERV_HAS_DOMAIN)
1469                {
1470                  struct ds_config *ds;
1471                  char *domain = serv->domain;
1472                 
1473                  /* .example.com is valid */
1474                  while (*domain == '.')
1475                    domain++;
1476                 
1477                  for (ds = daemon->ds; ds; ds = ds->next)
1478                    if (ds->name[0] != 0 && hostname_isequal(domain, ds->name))
1479                      break;
1480                 
1481                  if (!ds)
1482                    serv->flags &= ~SERV_DO_DNSSEC;
1483                }
1484              else if (serv->flags & SERV_FOR_NODOTS)
1485                serv->flags &= ~SERV_DO_DNSSEC;
1486            }
1487#endif
1488
1489          port = prettyprint_addr(&serv->addr, daemon->namebuff);
1490         
1491          /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
1492          if (serv->addr.sa.sa_family == AF_INET &&
1493              serv->addr.in.sin_addr.s_addr == 0)
1494            {
1495              serv->flags |= SERV_MARK;
1496              continue;
1497            }
1498
1499          for (iface = daemon->interfaces; iface; iface = iface->next)
1500            if (sockaddr_isequal(&serv->addr, &iface->addr))
1501              break;
1502          if (iface)
1503            {
1504              my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff);
1505              serv->flags |= SERV_MARK;
1506              continue;
1507            }
1508         
1509          /* Do we need a socket set? */
1510          if (!serv->sfd &&
1511              !(serv->sfd = allocate_sfd(&serv->source_addr, serv->interface)) &&
1512              errno != 0)
1513            {
1514              my_syslog(LOG_WARNING,
1515                        _("ignoring nameserver %s - cannot make/bind socket: %s"),
1516                        daemon->namebuff, strerror(errno));
1517              serv->flags |= SERV_MARK;
1518              continue;
1519            }
1520         
1521          if (serv->sfd)
1522            serv->sfd->used = 1;
1523        }
1524     
1525      if (!(serv->flags & SERV_NO_REBIND) && !(serv->flags & SERV_LITERAL_ADDRESS))
1526        {
1527          if (++count > SERVERS_LOGGED)
1528            continue;
1529         
1530          if (serv->flags & (SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_USE_RESOLV))
1531            {
1532              char *s1, *s2, *s3 = "";
1533#ifdef HAVE_DNSSEC
1534              if (option_bool(OPT_DNSSEC_VALID) && !(serv->flags & SERV_DO_DNSSEC))
1535                s3 = _("(no DNSSEC)");
1536#endif
1537              if (!(serv->flags & SERV_HAS_DOMAIN))
1538                s1 = _("unqualified"), s2 = _("names");
1539              else if (strlen(serv->domain) == 0)
1540                s1 = _("default"), s2 = "";
1541              else
1542                s1 = _("domain"), s2 = serv->domain;
1543             
1544              if (serv->flags & SERV_NO_ADDR)
1545                {
1546                  count--;
1547                  if (++locals <= LOCALS_LOGGED)
1548                        my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
1549                }
1550              else if (serv->flags & SERV_USE_RESOLV)
1551                my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2);
1552              else
1553                my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s %s"), daemon->namebuff, port, s1, s2, s3);
1554            }
1555#ifdef HAVE_LOOP
1556          else if (serv->flags & SERV_LOOP)
1557            my_syslog(LOG_INFO, _("NOT using nameserver %s#%d - query loop detected"), daemon->namebuff, port);
1558#endif
1559          else if (serv->interface[0] != 0)
1560            my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port, serv->interface);
1561          else
1562            my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port);
1563        }
1564    }
1565 
1566  if (locals > LOCALS_LOGGED)
1567    my_syslog(LOG_INFO, _("using %d more local addresses"), locals - LOCALS_LOGGED);
1568  if (count - 1 > SERVERS_LOGGED)
1569    my_syslog(LOG_INFO, _("using %d more nameservers"), count - SERVERS_LOGGED - 1);
1570
1571  /* Remove unused sfds */
1572  for (sfd = daemon->sfds, up = &daemon->sfds; sfd; sfd = tmp)
1573    {
1574       tmp = sfd->next;
1575       if (!sfd->used)
1576        {
1577          *up = sfd->next;
1578          close(sfd->fd);
1579          free(sfd);
1580        }
1581      else
1582        up = &sfd->next;
1583    }
1584 
1585  cleanup_servers();
1586}
1587
1588/* Return zero if no servers found, in that case we keep polling.
1589   This is a protection against an update-time/write race on resolv.conf */
1590int reload_servers(char *fname)
1591{
1592  FILE *f;
1593  char *line;
1594  int gotone = 0;
1595
1596  /* buff happens to be MAXDNAME long... */
1597  if (!(f = fopen(fname, "r")))
1598    {
1599      my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno));
1600      return 0;
1601    }
1602   
1603  mark_servers(SERV_FROM_RESOLV);
1604   
1605  while ((line = fgets(daemon->namebuff, MAXDNAME, f)))
1606    {
1607      union mysockaddr addr, source_addr;
1608      char *token = strtok(line, " \t\n\r");
1609     
1610      if (!token)
1611        continue;
1612      if (strcmp(token, "nameserver") != 0 && strcmp(token, "server") != 0)
1613        continue;
1614      if (!(token = strtok(NULL, " \t\n\r")))
1615        continue;
1616     
1617      memset(&addr, 0, sizeof(addr));
1618      memset(&source_addr, 0, sizeof(source_addr));
1619     
1620      if ((addr.in.sin_addr.s_addr = inet_addr(token)) != (in_addr_t) -1)
1621        {
1622#ifdef HAVE_SOCKADDR_SA_LEN
1623          source_addr.in.sin_len = addr.in.sin_len = sizeof(source_addr.in);
1624#endif
1625          source_addr.in.sin_family = addr.in.sin_family = AF_INET;
1626          addr.in.sin_port = htons(NAMESERVER_PORT);
1627          source_addr.in.sin_addr.s_addr = INADDR_ANY;
1628          source_addr.in.sin_port = htons(daemon->query_port);
1629        }
1630#ifdef HAVE_IPV6
1631      else
1632        {       
1633          int scope_index = 0;
1634          char *scope_id = strchr(token, '%');
1635         
1636          if (scope_id)
1637            {
1638              *(scope_id++) = 0;
1639              scope_index = if_nametoindex(scope_id);
1640            }
1641         
1642          if (inet_pton(AF_INET6, token, &addr.in6.sin6_addr) > 0)
1643            {
1644#ifdef HAVE_SOCKADDR_SA_LEN
1645              source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(source_addr.in6);
1646#endif
1647              source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
1648              source_addr.in6.sin6_flowinfo = addr.in6.sin6_flowinfo = 0;
1649              addr.in6.sin6_port = htons(NAMESERVER_PORT);
1650              addr.in6.sin6_scope_id = scope_index;
1651              source_addr.in6.sin6_addr = in6addr_any;
1652              source_addr.in6.sin6_port = htons(daemon->query_port);
1653              source_addr.in6.sin6_scope_id = 0;
1654            }
1655          else
1656            continue;
1657        }
1658#else /* IPV6 */
1659      else
1660        continue;
1661#endif
1662
1663      add_update_server(SERV_FROM_RESOLV, &addr, &source_addr, NULL, NULL);
1664      gotone = 1;
1665    }
1666 
1667  fclose(f);
1668  cleanup_servers();
1669
1670  return gotone;
1671}
1672
1673/* Called when addresses are added or deleted from an interface */
1674void newaddress(time_t now)
1675{
1676  (void)now;
1677 
1678  if (option_bool(OPT_CLEVERBIND) || option_bool(OPT_LOCAL_SERVICE) ||
1679      daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
1680    enumerate_interfaces(0);
1681 
1682  if (option_bool(OPT_CLEVERBIND))
1683    create_bound_listeners(0);
1684 
1685#ifdef HAVE_DHCP6
1686  if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
1687    join_multicast(0);
1688 
1689  if (daemon->doing_dhcp6 || daemon->doing_ra)
1690    dhcp_construct_contexts(now);
1691 
1692  if (daemon->doing_dhcp6)
1693    lease_find_interfaces(now);
1694#endif
1695}
1696
1697
1698
1699
1700
Note: See TracBrowser for help on using the repository browser.