1 /* dnsmasq is Copyright (c) 2000-2009 Simon Kelley 2 3 This program is free software; you can redistribute it and/or modify 4 it under the terms of the GNU General Public License as published by 5 the Free Software Foundation; version 2 dated June, 1991, or 6 (at your option) version 3 dated 29 June, 2007. 7 8 This program is distributed in the hope that it will be useful, 9 but WITHOUT ANY WARRANTY; without even the implied warranty of 10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License 14 along with this program. If not, see <http://www.gnu.org/licenses/>. 15 */ 16 17 #include "dnsmasq.h" 18 19 static const char SEPARATOR[] = "|"; 20 21 #ifdef HAVE_LINUX_NETWORK 22 23 int indextoname(int fd, int index, char* name) { 24 struct ifreq ifr; 25 26 if (index == 0) return 0; 27 28 ifr.ifr_ifindex = index; 29 if (ioctl(fd, SIOCGIFNAME, &ifr) == -1) return 0; 30 31 strncpy(name, ifr.ifr_name, IF_NAMESIZE); 32 33 return 1; 34 } 35 36 #else 37 38 int indextoname(int fd, int index, char* name) { 39 if (index == 0 || !if_indextoname(index, name)) return 0; 40 41 return 1; 42 } 43 44 #endif 45 46 int iface_check(int family, struct all_addr* addr, char* name, int* indexp) { 47 struct iname* tmp; 48 int ret = 1; 49 50 /* Note: have to check all and not bail out early, so that we set the 51 "used" flags. */ 52 53 if (indexp) { 54 /* One form of bridging on BSD has the property that packets 55 can be recieved on bridge interfaces which do not have an IP address. 56 We allow these to be treated as aliases of another interface which does have 57 an IP address with --dhcp-bridge=interface,alias,alias */ 58 struct dhcp_bridge *bridge, *alias; 59 for (bridge = daemon->bridges; bridge; bridge = bridge->next) { 60 for (alias = bridge->alias; alias; alias = alias->next) 61 if (strncmp(name, alias->iface, IF_NAMESIZE) == 0) { 62 int newindex; 63 64 if (!(newindex = if_nametoindex(bridge->iface))) { 65 my_syslog(LOG_WARNING, _("unknown interface %s in bridge-interface"), name); 66 return 0; 67 } else { 68 *indexp = newindex; 69 strncpy(name, bridge->iface, IF_NAMESIZE); 70 break; 71 } 72 } 73 if (alias) break; 74 } 75 } 76 77 if (daemon->if_names || (addr && daemon->if_addrs)) { 78 ret = 0; 79 80 for (tmp = daemon->if_names; tmp; tmp = tmp->next) 81 if (tmp->name && (strcmp(tmp->name, name) == 0)) ret = tmp->used = 1; 82 83 for (tmp = daemon->if_addrs; tmp; tmp = tmp->next) 84 if (addr && tmp->addr.sa.sa_family == family) { 85 if (family == AF_INET && tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) 86 ret = tmp->used = 1; 87 #ifdef HAVE_IPV6 88 else if (family == AF_INET6 && 89 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6) && 90 (!IN6_IS_ADDR_LINKLOCAL(&addr->addr.addr6) || 91 (tmp->addr.in6.sin6_scope_id == (uint32_t) *indexp))) 92 ret = tmp->used = 1; 93 #endif 94 } 95 } 96 97 for (tmp = daemon->if_except; tmp; tmp = tmp->next) 98 if (tmp->name && (strcmp(tmp->name, name) == 0)) ret = 0; 99 100 return ret; 101 } 102 103 static int iface_allowed(struct irec** irecp, int if_index, union mysockaddr* addr, 104 struct in_addr netmask) { 105 struct irec* iface; 106 int fd, mtu = 0, loopback; 107 struct ifreq ifr; 108 int dhcp_ok = 1; 109 struct iname* tmp; 110 111 /* check whether the interface IP has been added already 112 we call this routine multiple times. */ 113 for (iface = *irecp; iface; iface = iface->next) 114 if (sockaddr_isequal(&iface->addr, addr)) return 1; 115 116 if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1 || !indextoname(fd, if_index, ifr.ifr_name) || 117 ioctl(fd, SIOCGIFFLAGS, &ifr) == -1) { 118 if (fd != -1) { 119 int errsave = errno; 120 close(fd); 121 errno = errsave; 122 } 123 return 0; 124 } 125 126 loopback = ifr.ifr_flags & IFF_LOOPBACK; 127 128 if (ioctl(fd, SIOCGIFMTU, &ifr) != -1) mtu = ifr.ifr_mtu; 129 130 close(fd); 131 132 /* If we are restricting the set of interfaces to use, make 133 sure that loopback interfaces are in that set. */ 134 if (daemon->if_names && loopback) { 135 struct iname* lo; 136 for (lo = daemon->if_names; lo; lo = lo->next) 137 if (lo->name && strcmp(lo->name, ifr.ifr_name) == 0) { 138 lo->isloop = 1; 139 break; 140 } 141 142 if (!lo && (lo = whine_malloc(sizeof(struct iname))) && 143 (lo->name = whine_malloc(strlen(ifr.ifr_name) + 1))) { 144 strcpy(lo->name, ifr.ifr_name); 145 lo->isloop = lo->used = 1; 146 lo->next = daemon->if_names; 147 daemon->if_names = lo; 148 } 149 } 150 151 if (addr->sa.sa_family == AF_INET && 152 !iface_check(AF_INET, (struct all_addr*) &addr->in.sin_addr, ifr.ifr_name, NULL)) 153 return 1; 154 155 for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) 156 if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0)) dhcp_ok = 0; 157 158 #ifdef HAVE_IPV6 159 int ifindex = (int) addr->in6.sin6_scope_id; 160 if (addr->sa.sa_family == AF_INET6 && 161 !iface_check(AF_INET6, (struct all_addr*) &addr->in6.sin6_addr, ifr.ifr_name, &ifindex)) 162 return 1; 163 #endif 164 165 /* add to list */ 166 if ((iface = whine_malloc(sizeof(struct irec)))) { 167 iface->addr = *addr; 168 iface->netmask = netmask; 169 iface->dhcp_ok = dhcp_ok; 170 iface->mtu = mtu; 171 iface->next = *irecp; 172 *irecp = iface; 173 return 1; 174 } 175 176 errno = ENOMEM; 177 return 0; 178 } 179 180 #ifdef HAVE_IPV6 181 static int iface_allowed_v6(struct in6_addr* local, int scope, int if_index, void* vparam) { 182 union mysockaddr addr; 183 struct in_addr netmask; /* dummy */ 184 185 netmask.s_addr = 0; 186 187 memset(&addr, 0, sizeof(addr)); 188 addr.in6.sin6_family = AF_INET6; 189 addr.in6.sin6_addr = *local; 190 addr.in6.sin6_port = htons(daemon->port); 191 /** 192 * Only populate the scope ID if the address is link-local. 193 * Scope IDs are not meaningful for global addresses. Also, we do not want to 194 * think that two addresses are different if they differ only in scope ID, 195 * because the kernel will treat them as if they are the same. 196 */ 197 if (IN6_IS_ADDR_LINKLOCAL(local)) { 198 addr.in6.sin6_scope_id = scope; 199 } 200 201 return iface_allowed((struct irec**) vparam, if_index, &addr, netmask); 202 } 203 #endif 204 205 static int iface_allowed_v4(struct in_addr local, int if_index, struct in_addr netmask, 206 struct in_addr broadcast, void* vparam) { 207 union mysockaddr addr; 208 209 memset(&addr, 0, sizeof(addr)); 210 addr.in.sin_family = AF_INET; 211 addr.in.sin_addr = broadcast; /* warning */ 212 addr.in.sin_addr = local; 213 addr.in.sin_port = htons(daemon->port); 214 215 return iface_allowed((struct irec**) vparam, if_index, &addr, netmask); 216 } 217 218 int enumerate_interfaces(void) { 219 #ifdef HAVE_IPV6 220 return iface_enumerate(&daemon->interfaces, iface_allowed_v4, iface_allowed_v6); 221 #else 222 return iface_enumerate(&daemon->interfaces, iface_allowed_v4, NULL); 223 #endif 224 } 225 226 /* set NONBLOCK bit on fd: See Stevens 16.6 */ 227 int fix_fd(int fd) { 228 int flags; 229 230 if ((flags = fcntl(fd, F_GETFL)) == -1 || fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) 231 return 0; 232 233 return 1; 234 } 235 236 #if defined(HAVE_IPV6) 237 static int create_ipv6_listener(struct listener** link, int port) { 238 union mysockaddr addr; 239 int tcpfd, fd; 240 struct listener* l; 241 int opt = 1; 242 243 memset(&addr, 0, sizeof(addr)); 244 addr.in6.sin6_family = AF_INET6; 245 addr.in6.sin6_addr = in6addr_any; 246 addr.in6.sin6_port = htons(port); 247 248 /* No error of the kernel doesn't support IPv6 */ 249 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) == -1) 250 return (errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT || errno == EINVAL); 251 252 if ((tcpfd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) return 0; 253 254 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 255 setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 256 setsockopt(fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 || 257 setsockopt(tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 || !fix_fd(fd) || 258 !fix_fd(tcpfd) || 259 #ifdef IPV6_RECVPKTINFO 260 setsockopt(fd, IPV6_LEVEL, IPV6_RECVPKTINFO, &opt, sizeof(opt)) == -1 || 261 #else 262 setsockopt(fd, IPV6_LEVEL, IPV6_PKTINFO, &opt, sizeof(opt)) == -1 || 263 #endif 264 bind(tcpfd, (struct sockaddr*) &addr, sa_len(&addr)) == -1 || listen(tcpfd, 5) == -1 || 265 bind(fd, (struct sockaddr*) &addr, sa_len(&addr)) == -1) 266 return 0; 267 268 l = safe_malloc(sizeof(struct listener)); 269 l->fd = fd; 270 l->tcpfd = tcpfd; 271 l->family = AF_INET6; 272 l->iface = NULL; 273 l->next = NULL; 274 *link = l; 275 276 return 1; 277 } 278 #endif 279 280 struct listener* create_wildcard_listeners(void) { 281 union mysockaddr addr; 282 int opt = 1; 283 struct listener *l, *l6 = NULL; 284 int tcpfd = -1, fd = -1; 285 286 memset(&addr, 0, sizeof(addr)); 287 addr.in.sin_family = AF_INET; 288 addr.in.sin_addr.s_addr = INADDR_ANY; 289 addr.in.sin_port = htons(daemon->port); 290 291 if (daemon->port != 0) { 292 if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1 || 293 (tcpfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) 294 return NULL; 295 296 if (setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 297 bind(tcpfd, (struct sockaddr*) &addr, sa_len(&addr)) == -1 || listen(tcpfd, 5) == -1 || 298 !fix_fd(tcpfd) || 299 #ifdef HAVE_IPV6 300 !create_ipv6_listener(&l6, daemon->port) || 301 #endif 302 setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd) || 303 #if defined(HAVE_LINUX_NETWORK) 304 setsockopt(fd, SOL_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1 || 305 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF) 306 setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 || 307 setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1 || 308 #endif 309 bind(fd, (struct sockaddr*) &addr, sa_len(&addr)) == -1) 310 return NULL; 311 312 #ifdef __ANDROID__ 313 uint32_t mark = daemon->listen_mark; 314 if (mark != 0 && (setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1 || 315 setsockopt(tcpfd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1 || 316 setsockopt(l6->fd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1 || 317 setsockopt(l6->tcpfd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1)) { 318 my_syslog(LOG_WARNING, _("setsockopt(SO_MARK, 0x%x: %s"), mark, strerror(errno)); 319 close(fd); 320 close(tcpfd); 321 close(l6->fd); 322 close(l6->tcpfd); 323 return NULL; 324 } 325 } 326 #endif /* __ANDROID__ */ 327 328 l = safe_malloc(sizeof(struct listener)); 329 l->family = AF_INET; 330 l->fd = fd; 331 l->tcpfd = tcpfd; 332 l->iface = NULL; 333 l->next = l6; 334 335 return l; 336 } 337 338 #ifdef __ANDROID__ 339 /** 340 * for a single given irec (interface name and address) create 341 * a set of sockets listening. This is a copy of the code inside the loop 342 * of create_bound_listeners below and is added here to allow us 343 * to create just a single new listener dynamically when our interface 344 * list is changed. 345 * 346 * iface - input of the new interface details to listen on 347 * listeners - output. Creates a new struct listener and inserts at head of the list 348 * 349 * die's on errors, so don't pass bad data. 350 */ 351 void create_bound_listener(struct listener** listeners, struct irec* iface) { 352 int rc, opt = 1; 353 #ifdef HAVE_IPV6 354 static int dad_count = 0; 355 #endif 356 357 struct listener* new = safe_malloc(sizeof(struct listener)); 358 new->family = iface->addr.sa.sa_family; 359 new->iface = iface; 360 new->next = *listeners; 361 new->tcpfd = -1; 362 new->fd = -1; 363 *listeners = new; 364 365 if (daemon->port != 0) { 366 if ((new->tcpfd = socket(iface->addr.sa.sa_family, SOCK_STREAM, 0)) == -1 || 367 (new->fd = socket(iface->addr.sa.sa_family, SOCK_DGRAM, 0)) == -1 || 368 setsockopt(new->fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 369 setsockopt(new->tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 370 !fix_fd(new->tcpfd) || !fix_fd(new->fd)) 371 die(_("failed to create listening socket: %s"), NULL, EC_BADNET); 372 373 #ifdef HAVE_IPV6 374 if (iface->addr.sa.sa_family == AF_INET6) { 375 if (setsockopt(new->fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 || 376 setsockopt(new->tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1) 377 die(_("failed to set IPV6 options on listening socket: %s"), NULL, EC_BADNET); 378 } 379 #endif 380 381 while (1) { 382 if ((rc = bind(new->fd, &iface->addr.sa, sa_len(&iface->addr))) != -1) break; 383 384 #ifdef HAVE_IPV6 385 /* An interface may have an IPv6 address which is still undergoing DAD. 386 If so, the bind will fail until the DAD completes, so we try over 20 seconds 387 before failing. */ 388 /* TODO: What to do here? 20 seconds is way too long. We use optimistic addresses, so 389 bind() will only fail if the address has already failed DAD, in which case retrying 390 won't help. */ 391 if (iface->addr.sa.sa_family == AF_INET6 && 392 (errno == ENODEV || errno == EADDRNOTAVAIL) && dad_count++ < DAD_WAIT) { 393 sleep(1); 394 continue; 395 } 396 #endif 397 break; 398 } 399 400 if (rc == -1 || bind(new->tcpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1) { 401 prettyprint_addr(&iface->addr, daemon->namebuff); 402 die(_("failed to bind listening socket for %s: %s"), daemon->namebuff, EC_BADNET); 403 } 404 405 uint32_t mark = daemon->listen_mark; 406 if (mark != 0 && (setsockopt(new->fd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1 || 407 setsockopt(new->tcpfd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1)) 408 die(_("failed to set SO_MARK on listen socket: %s"), NULL, EC_BADNET); 409 410 if (listen(new->tcpfd, 5) == -1) die(_("failed to listen on socket: %s"), NULL, EC_BADNET); 411 } 412 } 413 414 /** 415 * If a listener has a struct irec pointer whose address matches the newly 416 * malloc()d struct irec's address, update its pointer to refer to this new 417 * struct irec instance. 418 * 419 * Otherwise, any listeners that are preserved across interface list changes 420 * will point at interface structures that are free()d at the end of 421 * set_interfaces(), and can get overwritten by subsequent memory allocations. 422 * 423 * See b/17475756 for further discussion. 424 */ 425 void fixup_possible_existing_listener(struct irec* new_iface) { 426 /* find the listener, if present */ 427 struct listener* l; 428 for (l = daemon->listeners; l; l = l->next) { 429 struct irec* listener_iface = l->iface; 430 if (listener_iface) { 431 if (sockaddr_isequal(&listener_iface->addr, &new_iface->addr)) { 432 l->iface = new_iface; 433 return; 434 } 435 } 436 } 437 } 438 439 /** 440 * Closes the sockets of the specified listener, deletes it from the list, and frees it. 441 * 442 */ 443 int delete_listener(struct listener** l) { 444 struct listener* listener = *l; 445 if (listener == NULL) return 0; 446 447 if (listener->iface) { 448 int port = prettyprint_addr(&listener->iface->addr, daemon->namebuff); 449 my_syslog(LOG_INFO, _("Closing listener [%s]:%d"), daemon->namebuff, port); 450 } else { 451 my_syslog(LOG_INFO, _("Closing wildcard listener family=%d"), listener->family); 452 } 453 454 if (listener->tcpfd != -1) { 455 close(listener->tcpfd); 456 listener->tcpfd = -1; 457 } 458 if (listener->fd != -1) { 459 close(listener->fd); 460 listener->fd = -1; 461 } 462 *l = listener->next; 463 free(listener); 464 return -1; 465 } 466 467 /** 468 * Close the sockets listening on the given interface 469 * 470 * This new function is needed as we're dynamically changing the interfaces 471 * we listen on. Before they'd be opened once in create_bound_listeners and stay 472 * until we exited. Now, if an interface moves off the to-listen list we need to 473 * close out the listeners and keep trucking. 474 * 475 * interface - input of the interface details to listen on 476 */ 477 int close_bound_listener(struct irec* iface) { 478 /* find the listener */ 479 int ret = 0; 480 struct listener** l = &daemon->listeners; 481 while (*l) { 482 struct irec* listener_iface = (*l)->iface; 483 struct listener** next = &((*l)->next); 484 if (iface && listener_iface && sockaddr_isequal(&listener_iface->addr, &iface->addr)) { 485 // Listener bound to an IP address. There can be only one of these. 486 ret = delete_listener(l); 487 break; 488 } 489 if (iface == NULL && listener_iface == NULL) { 490 // Wildcard listener. There is one of these per address family. 491 ret = delete_listener(l); 492 continue; 493 } 494 l = next; 495 } 496 return ret; 497 } 498 #endif /* __ANDROID__ */ 499 500 struct listener* create_bound_listeners(void) { 501 struct listener* listeners = NULL; 502 struct irec* iface; 503 #ifndef __ANDROID__ 504 int rc, opt = 1; 505 #ifdef HAVE_IPV6 506 static int dad_count = 0; 507 #endif 508 #endif 509 510 for (iface = daemon->interfaces; iface; iface = iface->next) { 511 #ifdef __ANDROID__ 512 create_bound_listener(&listeners, iface); 513 #else 514 struct listener* new = safe_malloc(sizeof(struct listener)); 515 new->family = iface->addr.sa.sa_family; 516 new->iface = iface; 517 new->next = listeners; 518 new->tcpfd = -1; 519 new->fd = -1; 520 listeners = new; 521 522 if (daemon->port != 0) { 523 if ((new->tcpfd = socket(iface->addr.sa.sa_family, SOCK_STREAM, 0)) == -1 || 524 (new->fd = socket(iface->addr.sa.sa_family, SOCK_DGRAM, 0)) == -1 || 525 setsockopt(new->fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 526 setsockopt(new->tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 527 !fix_fd(new->tcpfd) || !fix_fd(new->fd)) 528 die(_("failed to create listening socket: %s"), NULL, EC_BADNET); 529 530 #ifdef HAVE_IPV6 531 if (iface->addr.sa.sa_family == AF_INET6) { 532 if (setsockopt(new->fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 || 533 setsockopt(new->tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1) 534 die(_("failed to set IPV6 options on listening socket: %s"), NULL, 535 EC_BADNET); 536 } 537 #endif 538 539 while (1) { 540 if ((rc = bind(new->fd, &iface->addr.sa, sa_len(&iface->addr))) != -1) break; 541 542 #ifdef HAVE_IPV6 543 /* An interface may have an IPv6 address which is still undergoing DAD. 544 If so, the bind will fail until the DAD completes, so we try over 20 seconds 545 before failing. */ 546 if (iface->addr.sa.sa_family == AF_INET6 && 547 (errno == ENODEV || errno == EADDRNOTAVAIL) && dad_count++ < DAD_WAIT) { 548 sleep(1); 549 continue; 550 } 551 #endif 552 break; 553 } 554 555 if (rc == -1 || bind(new->tcpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1) { 556 prettyprint_addr(&iface->addr, daemon->namebuff); 557 die(_("failed to bind listening socket for %s: %s"), daemon->namebuff, 558 EC_BADNET); 559 } 560 561 if (listen(new->tcpfd, 5) == -1) 562 die(_("failed to listen on socket: %s"), NULL, EC_BADNET); 563 } 564 #endif /* !__ANDROID */ 565 } 566 567 return listeners; 568 } 569 570 /* return a UDP socket bound to a random port, have to cope with straying into 571 occupied port nos and reserved ones. */ 572 int random_sock(int family) { 573 int fd; 574 575 if ((fd = socket(family, SOCK_DGRAM, 0)) != -1) { 576 union mysockaddr addr; 577 unsigned int ports_avail = 65536u - (unsigned short) daemon->min_port; 578 int tries = ports_avail < 30 ? 3 * ports_avail : 100; 579 580 memset(&addr, 0, sizeof(addr)); 581 addr.sa.sa_family = family; 582 583 /* don't loop forever if all ports in use. */ 584 585 if (fix_fd(fd)) 586 while (tries--) { 587 unsigned short port = rand16(); 588 589 if (daemon->min_port != 0) 590 port = htons(daemon->min_port + (port % ((unsigned short) ports_avail))); 591 592 if (family == AF_INET) { 593 addr.in.sin_addr.s_addr = INADDR_ANY; 594 addr.in.sin_port = port; 595 } else { 596 addr.in6.sin6_addr = in6addr_any; 597 addr.in6.sin6_port = port; 598 } 599 600 if (bind(fd, (struct sockaddr*) &addr, sa_len(&addr)) == 0) return fd; 601 602 if (errno != EADDRINUSE && errno != EACCES) break; 603 } 604 605 close(fd); 606 } 607 608 return -1; 609 } 610 611 int local_bind(int fd, union mysockaddr* addr, char* intname, uint32_t mark, int is_tcp) { 612 union mysockaddr addr_copy = *addr; 613 614 /* cannot set source _port_ for TCP connections. */ 615 if (is_tcp) { 616 if (addr_copy.sa.sa_family == AF_INET) addr_copy.in.sin_port = 0; 617 #ifdef HAVE_IPV6 618 else 619 addr_copy.in6.sin6_port = 0; 620 #endif 621 } 622 623 if (bind(fd, (struct sockaddr*) &addr_copy, sa_len(&addr_copy)) == -1) return 0; 624 625 #if defined(SO_BINDTODEVICE) 626 if (intname[0] != 0 && 627 setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, strlen(intname)) == -1) 628 return 0; 629 #endif 630 631 if (mark != 0 && setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1) return 0; 632 633 return 1; 634 } 635 636 static struct serverfd* allocate_sfd(union mysockaddr* addr, char* intname, uint32_t mark) { 637 struct serverfd* sfd; 638 int errsave; 639 640 /* when using random ports, servers which would otherwise use 641 the INADDR_ANY/port0 socket have sfd set to NULL */ 642 if (!daemon->osport && intname[0] == 0) { 643 errno = 0; 644 645 if (addr->sa.sa_family == AF_INET && addr->in.sin_addr.s_addr == INADDR_ANY && 646 addr->in.sin_port == htons(0)) 647 return NULL; 648 649 #ifdef HAVE_IPV6 650 if (addr->sa.sa_family == AF_INET6 && 651 memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 && 652 addr->in6.sin6_port == htons(0)) 653 return NULL; 654 #endif 655 } 656 657 /* may have a suitable one already */ 658 for (sfd = daemon->sfds; sfd; sfd = sfd->next) 659 if (sockaddr_isequal(&sfd->source_addr, addr) && mark == sfd->mark && 660 strcmp(intname, sfd->interface) == 0) 661 return sfd; 662 663 /* need to make a new one. */ 664 errno = ENOMEM; /* in case malloc fails. */ 665 if (!(sfd = whine_malloc(sizeof(struct serverfd)))) return NULL; 666 667 if ((sfd->fd = socket(addr->sa.sa_family, SOCK_DGRAM, 0)) == -1) { 668 free(sfd); 669 return NULL; 670 } 671 672 if (!local_bind(sfd->fd, addr, intname, mark, 0) || !fix_fd(sfd->fd)) { 673 errsave = errno; /* save error from bind. */ 674 close(sfd->fd); 675 free(sfd); 676 errno = errsave; 677 return NULL; 678 } 679 680 strcpy(sfd->interface, intname); 681 sfd->source_addr = *addr; 682 sfd->mark = mark; 683 sfd->next = daemon->sfds; 684 daemon->sfds = sfd; 685 return sfd; 686 } 687 688 /* create upstream sockets during startup, before root is dropped which may be needed 689 this allows query_port to be a low port and interface binding */ 690 void pre_allocate_sfds(void) { 691 struct server* srv; 692 693 if (daemon->query_port != 0) { 694 union mysockaddr addr; 695 memset(&addr, 0, sizeof(addr)); 696 addr.in.sin_family = AF_INET; 697 addr.in.sin_addr.s_addr = INADDR_ANY; 698 addr.in.sin_port = htons(daemon->query_port); 699 allocate_sfd(&addr, "", 0); 700 #ifdef HAVE_IPV6 701 memset(&addr, 0, sizeof(addr)); 702 addr.in6.sin6_family = AF_INET6; 703 addr.in6.sin6_addr = in6addr_any; 704 addr.in6.sin6_port = htons(daemon->query_port); 705 allocate_sfd(&addr, "", 0); 706 #endif 707 } 708 709 for (srv = daemon->servers; srv; srv = srv->next) 710 if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) && 711 !allocate_sfd(&srv->source_addr, srv->interface, srv->mark) && errno != 0 && 712 (daemon->options & OPT_NOWILD)) { 713 prettyprint_addr(&srv->addr, daemon->namebuff); 714 if (srv->interface[0] != 0) { 715 strcat(daemon->namebuff, " "); 716 strcat(daemon->namebuff, srv->interface); 717 } 718 die(_("failed to bind server socket for %s: %s"), daemon->namebuff, EC_BADNET); 719 } 720 } 721 722 void check_servers(void) { 723 struct irec* iface; 724 struct server* new, *tmp, *ret = NULL; 725 int port = 0; 726 727 for (new = daemon->servers; new; new = tmp) { 728 tmp = new->next; 729 730 if (!(new->flags&(SERV_LITERAL_ADDRESS | SERV_NO_ADDR))) { 731 port = prettyprint_addr(&new->addr, daemon->namebuff); 732 733 /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */ 734 if (new->addr.sa.sa_family == AF_INET && new->addr.in.sin_addr.s_addr == 0) { 735 free(new); 736 continue; 737 } 738 739 for (iface = daemon->interfaces; iface; iface = iface->next) 740 if (sockaddr_isequal(&new->addr, &iface->addr)) break; 741 if (iface) { 742 my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), 743 daemon->namebuff); 744 free(new); 745 continue; 746 } 747 748 /* Do we need a socket set? */ 749 if (!new->sfd && 750 !(new->sfd = allocate_sfd(&new->source_addr, new->interface, new->mark)) && 751 errno != 0) { 752 my_syslog(LOG_WARNING, _("ignoring nameserver %s - cannot make/bind socket: %s"), 753 daemon->namebuff, strerror(errno)); 754 free(new); 755 continue; 756 } 757 } 758 759 /* reverse order - gets it right. */ 760 new->next = ret; 761 ret = new; 762 763 if (new->flags&(SERV_HAS_DOMAIN | SERV_FOR_NODOTS)) { 764 char *s1, *s2; 765 if (!(new->flags& SERV_HAS_DOMAIN)) 766 s1 = _("unqualified"), s2 = _("names"); 767 else if (strlen(new->domain) == 0) 768 s1 = _("default"), s2 = ""; 769 else 770 s1 = _("domain"), s2 = new->domain; 771 772 if (new->flags & SERV_NO_ADDR) 773 my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2); 774 else if (!(new->flags& SERV_LITERAL_ADDRESS)) 775 my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, 776 s1, s2); 777 } else if (new->interface[0] != 0) 778 my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port, 779 new->interface); 780 else 781 my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port); 782 } 783 784 daemon->servers = ret; 785 } 786 787 #ifdef __ANDROID__ 788 /* #define __ANDROID_DEBUG__ 1 */ 789 /* 790 * Ingests a new list of interfaces and starts to listen on them, adding only the new 791 * and stopping to listen to any interfaces not on the new list. 792 * 793 * interfaces - input in the format "bt-pan|eth0|wlan0|..>" up to 1024 bytes long 794 */ 795 void set_interfaces(const char* interfaces) { 796 struct iname* if_tmp; 797 struct iname* prev_if_names; 798 struct irec *old_iface, *new_iface, *prev_interfaces; 799 char s[1024]; 800 char* next = s; 801 char* interface; 802 int was_wild = 0; 803 804 #ifdef __ANDROID_DEBUG__ 805 my_syslog(LOG_DEBUG, _("set_interfaces(%s)"), interfaces); 806 #endif 807 prev_if_names = daemon->if_names; 808 daemon->if_names = NULL; 809 810 prev_interfaces = daemon->interfaces; 811 daemon->interfaces = NULL; 812 813 if (strlen(interfaces) > sizeof(s)) { 814 die(_("interface string too long: %s"), NULL, EC_BADNET); 815 } 816 strncpy(s, interfaces, sizeof(s)); 817 while ((interface = strsep(&next, SEPARATOR))) { 818 if (!if_nametoindex(interface)) { 819 my_syslog(LOG_ERR, _("interface given in %s: '%s' has no ifindex; ignoring"), 820 __FUNCTION__, interface); 821 continue; 822 } 823 if_tmp = safe_malloc(sizeof(struct iname)); 824 memset(if_tmp, 0, sizeof(struct iname)); 825 if ((if_tmp->name = strdup(interface)) == NULL) { 826 die(_("malloc failure in set_interfaces: %s"), NULL, EC_BADNET); 827 } 828 if_tmp->next = daemon->if_names; 829 daemon->if_names = if_tmp; 830 } 831 832 /* 833 * Enumerate IP addresses (via RTM_GETADDR), adding IP entries to 834 * daemon->interfaces for interface names listed in daemon->if_names. 835 * The sockets are created by the create_bound_listener call below. 836 */ 837 if (!enumerate_interfaces()) { 838 die(_("enumerate interfaces error in set_interfaces: %s"), NULL, EC_BADNET); 839 } 840 841 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) { 842 if (if_tmp->name && !if_tmp->used) { 843 my_syslog(LOG_ERR, _("unknown interface given %s in set_interfaces()"), if_tmp->name); 844 } 845 } 846 847 /* success! - setup to free the old */ 848 /* check for any that have been removed */ 849 for (old_iface = prev_interfaces; old_iface; old_iface = old_iface->next) { 850 int found = 0; 851 for (new_iface = daemon->interfaces; new_iface; new_iface = new_iface->next) { 852 if (sockaddr_isequal(&old_iface->addr, &new_iface->addr)) { 853 found = 1; 854 break; 855 } 856 } 857 858 if (found) { 859 fixup_possible_existing_listener(new_iface); 860 } else { 861 #ifdef __ANDROID_DEBUG__ 862 char debug_buff[MAXDNAME]; 863 prettyprint_addr(&old_iface->addr, debug_buff); 864 my_syslog(LOG_DEBUG, _("closing listener for %s"), debug_buff); 865 #endif 866 867 close_bound_listener(old_iface); 868 } 869 } 870 871 /* remove wildchar listeners */ 872 was_wild = close_bound_listener(NULL); 873 if (was_wild) daemon->options |= OPT_NOWILD; 874 875 /* check for any that have been added */ 876 for (new_iface = daemon->interfaces; new_iface; new_iface = new_iface->next) { 877 int found = 0; 878 879 /* if the previous setup used a wildchar, then add any current interfaces */ 880 if (!was_wild) { 881 for (old_iface = prev_interfaces; old_iface; old_iface = old_iface->next) { 882 if (sockaddr_isequal(&old_iface->addr, &new_iface->addr)) { 883 found = -1; 884 break; 885 } 886 } 887 } 888 if (!found) { 889 #ifdef __ANDROID_DEBUG__ 890 char debug_buff[MAXDNAME]; 891 prettyprint_addr(&new_iface->addr, debug_buff); 892 my_syslog(LOG_DEBUG, _("adding listener for %s"), debug_buff); 893 #endif 894 create_bound_listener(&(daemon->listeners), new_iface); 895 } 896 } 897 898 while (prev_if_names) { 899 if (prev_if_names->name) free(prev_if_names->name); 900 if_tmp = prev_if_names->next; 901 free(prev_if_names); 902 prev_if_names = if_tmp; 903 } 904 while (prev_interfaces) { 905 struct irec* tmp_irec = prev_interfaces->next; 906 free(prev_interfaces); 907 prev_interfaces = tmp_irec; 908 } 909 #ifdef __ANDROID_DEBUG__ 910 my_syslog(LOG_DEBUG, _("done with setInterfaces")); 911 #endif 912 } 913 914 /* 915 * Takes a string in the format "0x100b|1.2.3.4|1.2.3.4|..." - up to 1024 bytes in length 916 * - The first element is the socket mark to set on sockets that forward DNS queries. 917 * - The subsequent elements are the DNS servers to forward queries to. 918 */ 919 int set_servers(const char* servers) { 920 char s[1024]; 921 struct server* old_servers = NULL; 922 struct server* new_servers = NULL; 923 struct server* serv; 924 char* mark_string; 925 uint32_t mark; 926 927 strncpy(s, servers, sizeof(s)); 928 929 /* move old servers to free list - we can reuse the memory 930 and not risk malloc if there are the same or fewer new servers. 931 Servers which were specced on the command line go to the new list. */ 932 for (serv = daemon->servers; serv;) { 933 struct server* tmp = serv->next; 934 if (serv->flags & SERV_FROM_RESOLV) { 935 serv->next = old_servers; 936 old_servers = serv; 937 /* forward table rules reference servers, so have to blow them away */ 938 server_gone(serv); 939 } else { 940 serv->next = new_servers; 941 new_servers = serv; 942 } 943 serv = tmp; 944 } 945 946 char* next = s; 947 char* saddr; 948 949 /* Parse the mark. */ 950 mark_string = strsep(&next, SEPARATOR); 951 mark = strtoul(mark_string, NULL, 0); 952 953 while ((saddr = strsep(&next, SEPARATOR))) { 954 union mysockaddr addr, source_addr; 955 memset(&addr, 0, sizeof(addr)); 956 memset(&source_addr, 0, sizeof(source_addr)); 957 958 if (parse_addr(AF_INET, saddr, &addr) == 0) { 959 addr.in.sin_port = htons(NAMESERVER_PORT); 960 source_addr.in.sin_family = AF_INET; 961 source_addr.in.sin_addr.s_addr = INADDR_ANY; 962 source_addr.in.sin_port = htons(daemon->query_port); 963 } 964 #ifdef HAVE_IPV6 965 else if (parse_addr(AF_INET6, saddr, &addr) == 0) { 966 addr.in6.sin6_port = htons(NAMESERVER_PORT); 967 source_addr.in6.sin6_family = AF_INET6; 968 source_addr.in6.sin6_addr = in6addr_any; 969 source_addr.in6.sin6_port = htons(daemon->query_port); 970 } 971 #endif /* IPV6 */ 972 else 973 continue; 974 975 if (old_servers) { 976 serv = old_servers; 977 old_servers = old_servers->next; 978 } else if (!(serv = whine_malloc(sizeof(struct server)))) 979 continue; 980 981 /* this list is reverse ordered: 982 it gets reversed again in check_servers */ 983 serv->next = new_servers; 984 new_servers = serv; 985 serv->addr = addr; 986 serv->source_addr = source_addr; 987 serv->domain = NULL; 988 serv->interface[0] = 0; 989 serv->mark = mark; 990 serv->sfd = NULL; 991 serv->flags = SERV_FROM_RESOLV; 992 serv->queries = serv->failed_queries = 0; 993 } 994 995 /* Free any memory not used. */ 996 while (old_servers) { 997 struct server* tmp = old_servers->next; 998 free(old_servers); 999 old_servers = tmp; 1000 } 1001 1002 daemon->servers = new_servers; 1003 return 0; 1004 } 1005 #endif 1006 1007 /* Return zero if no servers found, in that case we keep polling. 1008 This is a protection against an update-time/write race on resolv.conf */ 1009 int reload_servers(char* fname) { 1010 FILE* f; 1011 char* line; 1012 struct server* old_servers = NULL; 1013 struct server* new_servers = NULL; 1014 struct server* serv; 1015 int gotone = 0; 1016 1017 /* buff happens to be MAXDNAME long... */ 1018 if (!(f = fopen(fname, "r"))) { 1019 my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno)); 1020 return 0; 1021 } 1022 1023 /* move old servers to free list - we can reuse the memory 1024 and not risk malloc if there are the same or fewer new servers. 1025 Servers which were specced on the command line go to the new list. */ 1026 for (serv = daemon->servers; serv;) { 1027 struct server* tmp = serv->next; 1028 if (serv->flags & SERV_FROM_RESOLV) { 1029 serv->next = old_servers; 1030 old_servers = serv; 1031 /* forward table rules reference servers, so have to blow them away */ 1032 server_gone(serv); 1033 } else { 1034 serv->next = new_servers; 1035 new_servers = serv; 1036 } 1037 serv = tmp; 1038 } 1039 1040 while ((line = fgets(daemon->namebuff, MAXDNAME, f))) { 1041 union mysockaddr addr, source_addr; 1042 char* token = strtok(line, " \t\n\r"); 1043 1044 if (!token) continue; 1045 if (strcmp(token, "nameserver") != 0 && strcmp(token, "server") != 0) continue; 1046 if (!(token = strtok(NULL, " \t\n\r"))) continue; 1047 1048 memset(&addr, 0, sizeof(addr)); 1049 memset(&source_addr, 0, sizeof(source_addr)); 1050 1051 if (parse_addr(AF_INET, token, &addr) == 0) { 1052 addr.in.sin_port = htons(NAMESERVER_PORT); 1053 source_addr.in.sin_family = AF_INET; 1054 source_addr.in.sin_addr.s_addr = INADDR_ANY; 1055 source_addr.in.sin_port = htons(daemon->query_port); 1056 } 1057 #ifdef HAVE_IPV6 1058 else if (parse_addr(AF_INET6, token, &addr) == 0) { 1059 addr.in6.sin6_port = htons(NAMESERVER_PORT); 1060 source_addr.in6.sin6_family = AF_INET6; 1061 source_addr.in6.sin6_addr = in6addr_any; 1062 source_addr.in6.sin6_port = htons(daemon->query_port); 1063 } 1064 #endif /* IPV6 */ 1065 else 1066 continue; 1067 1068 if (old_servers) { 1069 serv = old_servers; 1070 old_servers = old_servers->next; 1071 } else if (!(serv = whine_malloc(sizeof(struct server)))) 1072 continue; 1073 1074 /* this list is reverse ordered: 1075 it gets reversed again in check_servers */ 1076 serv->next = new_servers; 1077 new_servers = serv; 1078 serv->addr = addr; 1079 serv->source_addr = source_addr; 1080 serv->domain = NULL; 1081 serv->interface[0] = 0; 1082 serv->mark = 0; 1083 serv->sfd = NULL; 1084 serv->flags = SERV_FROM_RESOLV; 1085 serv->queries = serv->failed_queries = 0; 1086 gotone = 1; 1087 } 1088 1089 /* Free any memory not used. */ 1090 while (old_servers) { 1091 struct server* tmp = old_servers->next; 1092 free(old_servers); 1093 old_servers = tmp; 1094 } 1095 1096 daemon->servers = new_servers; 1097 fclose(f); 1098 1099 return gotone; 1100 } 1101 1102 /* Use an IPv4 listener socket for ioctling */ 1103 struct in_addr get_ifaddr(char* intr) { 1104 struct listener* l; 1105 struct ifreq ifr; 1106 1107 for (l = daemon->listeners; l && l->family != AF_INET; l = l->next) 1108 ; 1109 1110 strncpy(ifr.ifr_name, intr, IF_NAMESIZE); 1111 ifr.ifr_addr.sa_family = AF_INET; 1112 1113 if (!l || ioctl(l->fd, SIOCGIFADDR, &ifr) == -1) 1114 ((struct sockaddr_in*) &ifr.ifr_addr)->sin_addr.s_addr = -1; 1115 1116 return ((struct sockaddr_in*) &ifr.ifr_addr)->sin_addr; 1117 } 1118
