1 /* dnsmasq is Copyright (c) 2000-2009 Simon Kelley 2 3 This program is free software; you can redistribute it and/or modify 4 it under the terms of the GNU General Public License as published by 5 the Free Software Foundation; version 2 dated June, 1991, or 6 (at your option) version 3 dated 29 June, 2007. 7 8 This program is distributed in the hope that it will be useful, 9 but WITHOUT ANY WARRANTY; without even the implied warranty of 10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License 14 along with this program. If not, see <http://www.gnu.org/licenses/>. 15 */ 16 17 #include "dnsmasq.h" 18 19 #ifdef HAVE_LINUX_NETWORK 20 21 int indextoname(int fd, int index, char *name) 22 { 23 struct ifreq ifr; 24 25 if (index == 0) 26 return 0; 27 28 ifr.ifr_ifindex = index; 29 if (ioctl(fd, SIOCGIFNAME, &ifr) == -1) 30 return 0; 31 32 strncpy(name, ifr.ifr_name, IF_NAMESIZE); 33 34 return 1; 35 } 36 37 #else 38 39 int indextoname(int fd, int index, char *name) 40 { 41 if (index == 0 || !if_indextoname(index, name)) 42 return 0; 43 44 return 1; 45 } 46 47 #endif 48 49 int iface_check(int family, struct all_addr *addr, char *name, int *indexp) 50 { 51 struct iname *tmp; 52 int ret = 1; 53 54 /* Note: have to check all and not bail out early, so that we set the 55 "used" flags. */ 56 57 if (indexp) 58 { 59 /* One form of bridging on BSD has the property that packets 60 can be recieved on bridge interfaces which do not have an IP address. 61 We allow these to be treated as aliases of another interface which does have 62 an IP address with --dhcp-bridge=interface,alias,alias */ 63 struct dhcp_bridge *bridge, *alias; 64 for (bridge = daemon->bridges; bridge; bridge = bridge->next) 65 { 66 for (alias = bridge->alias; alias; alias = alias->next) 67 if (strncmp(name, alias->iface, IF_NAMESIZE) == 0) 68 { 69 int newindex; 70 71 if (!(newindex = if_nametoindex(bridge->iface))) 72 { 73 my_syslog(LOG_WARNING, _("unknown interface %s in bridge-interface"), name); 74 return 0; 75 } 76 else 77 { 78 *indexp = newindex; 79 strncpy(name, bridge->iface, IF_NAMESIZE); 80 break; 81 } 82 } 83 if (alias) 84 break; 85 } 86 } 87 88 if (daemon->if_names || (addr && daemon->if_addrs)) 89 { 90 ret = 0; 91 92 for (tmp = daemon->if_names; tmp; tmp = tmp->next) 93 if (tmp->name && (strcmp(tmp->name, name) == 0)) 94 ret = tmp->used = 1; 95 96 for (tmp = daemon->if_addrs; tmp; tmp = tmp->next) 97 if (addr && tmp->addr.sa.sa_family == family) 98 { 99 if (family == AF_INET && 100 tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) 101 ret = tmp->used = 1; 102 #ifdef HAVE_IPV6 103 else if (family == AF_INET6 && 104 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, 105 &addr->addr.addr6)) 106 ret = tmp->used = 1; 107 #endif 108 } 109 } 110 111 for (tmp = daemon->if_except; tmp; tmp = tmp->next) 112 if (tmp->name && (strcmp(tmp->name, name) == 0)) 113 ret = 0; 114 115 return ret; 116 } 117 118 static int iface_allowed(struct irec **irecp, int if_index, 119 union mysockaddr *addr, struct in_addr netmask) 120 { 121 struct irec *iface; 122 int fd, mtu = 0, loopback; 123 struct ifreq ifr; 124 int dhcp_ok = 1; 125 struct iname *tmp; 126 127 /* check whether the interface IP has been added already 128 we call this routine multiple times. */ 129 for (iface = *irecp; iface; iface = iface->next) 130 if (sockaddr_isequal(&iface->addr, addr)) 131 return 1; 132 133 if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1 || 134 !indextoname(fd, if_index, ifr.ifr_name) || 135 ioctl(fd, SIOCGIFFLAGS, &ifr) == -1) 136 { 137 if (fd != -1) 138 { 139 int errsave = errno; 140 close(fd); 141 errno = errsave; 142 } 143 return 0; 144 } 145 146 loopback = ifr.ifr_flags & IFF_LOOPBACK; 147 148 if (ioctl(fd, SIOCGIFMTU, &ifr) != -1) 149 mtu = ifr.ifr_mtu; 150 151 close(fd); 152 153 /* If we are restricting the set of interfaces to use, make 154 sure that loopback interfaces are in that set. */ 155 if (daemon->if_names && loopback) 156 { 157 struct iname *lo; 158 for (lo = daemon->if_names; lo; lo = lo->next) 159 if (lo->name && strcmp(lo->name, ifr.ifr_name) == 0) 160 { 161 lo->isloop = 1; 162 break; 163 } 164 165 if (!lo && 166 (lo = whine_malloc(sizeof(struct iname))) && 167 (lo->name = whine_malloc(strlen(ifr.ifr_name)+1))) 168 { 169 strcpy(lo->name, ifr.ifr_name); 170 lo->isloop = lo->used = 1; 171 lo->next = daemon->if_names; 172 daemon->if_names = lo; 173 } 174 } 175 176 if (addr->sa.sa_family == AF_INET && 177 !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, ifr.ifr_name, NULL)) 178 return 1; 179 180 for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) 181 if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0)) 182 dhcp_ok = 0; 183 184 #ifdef HAVE_IPV6 185 if (addr->sa.sa_family == AF_INET6 && 186 !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, ifr.ifr_name, NULL)) 187 return 1; 188 #endif 189 190 /* add to list */ 191 if ((iface = whine_malloc(sizeof(struct irec)))) 192 { 193 iface->addr = *addr; 194 iface->netmask = netmask; 195 iface->dhcp_ok = dhcp_ok; 196 iface->mtu = mtu; 197 iface->next = *irecp; 198 *irecp = iface; 199 return 1; 200 } 201 202 errno = ENOMEM; 203 return 0; 204 } 205 206 #ifdef HAVE_IPV6 207 static int iface_allowed_v6(struct in6_addr *local, 208 int scope, int if_index, void *vparam) 209 { 210 union mysockaddr addr; 211 struct in_addr netmask; /* dummy */ 212 213 netmask.s_addr = 0; 214 215 memset(&addr, 0, sizeof(addr)); 216 #ifdef HAVE_SOCKADDR_SA_LEN 217 addr.in6.sin6_len = sizeof(addr.in6); 218 #endif 219 addr.in6.sin6_family = AF_INET6; 220 addr.in6.sin6_addr = *local; 221 addr.in6.sin6_port = htons(daemon->port); 222 addr.in6.sin6_scope_id = scope; 223 224 return iface_allowed((struct irec **)vparam, if_index, &addr, netmask); 225 } 226 #endif 227 228 static int iface_allowed_v4(struct in_addr local, int if_index, 229 struct in_addr netmask, struct in_addr broadcast, void *vparam) 230 { 231 union mysockaddr addr; 232 233 memset(&addr, 0, sizeof(addr)); 234 #ifdef HAVE_SOCKADDR_SA_LEN 235 addr.in.sin_len = sizeof(addr.in); 236 #endif 237 addr.in.sin_family = AF_INET; 238 addr.in.sin_addr = broadcast; /* warning */ 239 addr.in.sin_addr = local; 240 addr.in.sin_port = htons(daemon->port); 241 242 return iface_allowed((struct irec **)vparam, if_index, &addr, netmask); 243 } 244 245 int enumerate_interfaces(void) 246 { 247 #ifdef HAVE_IPV6 248 return iface_enumerate(&daemon->interfaces, iface_allowed_v4, iface_allowed_v6); 249 #else 250 return iface_enumerate(&daemon->interfaces, iface_allowed_v4, NULL); 251 #endif 252 } 253 254 /* set NONBLOCK bit on fd: See Stevens 16.6 */ 255 int fix_fd(int fd) 256 { 257 int flags; 258 259 if ((flags = fcntl(fd, F_GETFL)) == -1 || 260 fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) 261 return 0; 262 263 return 1; 264 } 265 266 #if defined(HAVE_IPV6) 267 static int create_ipv6_listener(struct listener **link, int port) 268 { 269 union mysockaddr addr; 270 int tcpfd, fd; 271 struct listener *l; 272 int opt = 1; 273 274 memset(&addr, 0, sizeof(addr)); 275 addr.in6.sin6_family = AF_INET6; 276 addr.in6.sin6_addr = in6addr_any; 277 addr.in6.sin6_port = htons(port); 278 #ifdef HAVE_SOCKADDR_SA_LEN 279 addr.in6.sin6_len = sizeof(addr.in6); 280 #endif 281 282 /* No error of the kernel doesn't support IPv6 */ 283 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) == -1) 284 return (errno == EPROTONOSUPPORT || 285 errno == EAFNOSUPPORT || 286 errno == EINVAL); 287 288 if ((tcpfd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) 289 return 0; 290 291 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 292 setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 293 setsockopt(fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 || 294 setsockopt(tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 || 295 !fix_fd(fd) || 296 !fix_fd(tcpfd) || 297 #ifdef IPV6_RECVPKTINFO 298 setsockopt(fd, IPV6_LEVEL, IPV6_RECVPKTINFO, &opt, sizeof(opt)) == -1 || 299 #else 300 setsockopt(fd, IPV6_LEVEL, IPV6_PKTINFO, &opt, sizeof(opt)) == -1 || 301 #endif 302 bind(tcpfd, (struct sockaddr *)&addr, sa_len(&addr)) == -1 || 303 listen(tcpfd, 5) == -1 || 304 bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == -1) 305 return 0; 306 307 l = safe_malloc(sizeof(struct listener)); 308 l->fd = fd; 309 l->tcpfd = tcpfd; 310 l->tftpfd = -1; 311 l->family = AF_INET6; 312 l->next = NULL; 313 *link = l; 314 315 return 1; 316 } 317 #endif 318 319 struct listener *create_wildcard_listeners(void) 320 { 321 union mysockaddr addr; 322 int opt = 1; 323 struct listener *l, *l6 = NULL; 324 int tcpfd = -1, fd = -1, tftpfd = -1; 325 326 memset(&addr, 0, sizeof(addr)); 327 addr.in.sin_family = AF_INET; 328 addr.in.sin_addr.s_addr = INADDR_ANY; 329 addr.in.sin_port = htons(daemon->port); 330 #ifdef HAVE_SOCKADDR_SA_LEN 331 addr.in.sin_len = sizeof(struct sockaddr_in); 332 #endif 333 334 if (daemon->port != 0) 335 { 336 337 if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1 || 338 (tcpfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) 339 return NULL; 340 341 if (setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 342 bind(tcpfd, (struct sockaddr *)&addr, sa_len(&addr)) == -1 || 343 listen(tcpfd, 5) == -1 || 344 !fix_fd(tcpfd) || 345 #ifdef HAVE_IPV6 346 !create_ipv6_listener(&l6, daemon->port) || 347 #endif 348 setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 349 !fix_fd(fd) || 350 #if defined(HAVE_LINUX_NETWORK) 351 setsockopt(fd, SOL_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1 || 352 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF) 353 setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 || 354 setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1 || 355 #endif 356 bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == -1) 357 return NULL; 358 } 359 360 #ifdef HAVE_TFTP 361 if (daemon->options & OPT_TFTP) 362 { 363 addr.in.sin_port = htons(TFTP_PORT); 364 if ((tftpfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) 365 return NULL; 366 367 if (!fix_fd(tftpfd) || 368 #if defined(HAVE_LINUX_NETWORK) 369 setsockopt(tftpfd, SOL_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1 || 370 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF) 371 setsockopt(tftpfd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 || 372 setsockopt(tftpfd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1 || 373 #endif 374 bind(tftpfd, (struct sockaddr *)&addr, sa_len(&addr)) == -1) 375 return NULL; 376 } 377 #endif 378 379 l = safe_malloc(sizeof(struct listener)); 380 l->family = AF_INET; 381 l->fd = fd; 382 l->tcpfd = tcpfd; 383 l->tftpfd = tftpfd; 384 l->next = l6; 385 386 return l; 387 } 388 389 #ifdef __ANDROID__ 390 /** 391 * for a single given irec (interface name and address) create 392 * a set of sockets listening. This is a copy of the code inside the loop 393 * of create_bound_listeners below and is added here to allow us 394 * to create just a single new listener dynamically when our interface 395 * list is changed. 396 * 397 * iface - input of the new interface details to listen on 398 * listeners - output. Creates a new struct listener and inserts at head of the list 399 * 400 * die's on errors, so don't pass bad data. 401 */ 402 void create_bound_listener(struct listener **listeners, struct irec *iface) 403 { 404 int rc, opt = 1; 405 #ifdef HAVE_IPV6 406 static int dad_count = 0; 407 #endif 408 409 struct listener *new = safe_malloc(sizeof(struct listener)); 410 new->family = iface->addr.sa.sa_family; 411 new->iface = iface; 412 new->next = *listeners; 413 new->tftpfd = -1; 414 new->tcpfd = -1; 415 new->fd = -1; 416 *listeners = new; 417 418 if (daemon->port != 0) 419 { 420 if ((new->tcpfd = socket(iface->addr.sa.sa_family, SOCK_STREAM, 0)) == -1 || 421 (new->fd = socket(iface->addr.sa.sa_family, SOCK_DGRAM, 0)) == -1 || 422 setsockopt(new->fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 423 setsockopt(new->tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 424 !fix_fd(new->tcpfd) || 425 !fix_fd(new->fd)) 426 die(_("failed to create listening socket: %s"), NULL, EC_BADNET); 427 428 #ifdef HAVE_IPV6 429 if (iface->addr.sa.sa_family == AF_INET6) 430 { 431 if (setsockopt(new->fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 || 432 setsockopt(new->tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1) 433 die(_("failed to set IPV6 options on listening socket: %s"), NULL, EC_BADNET);\ 434 } 435 #endif 436 437 while(1) 438 { 439 if ((rc = bind(new->fd, &iface->addr.sa, sa_len(&iface->addr))) != -1) 440 break; 441 442 #ifdef HAVE_IPV6 443 /* An interface may have an IPv6 address which is still undergoing DAD. 444 If so, the bind will fail until the DAD completes, so we try over 20 seconds 445 before failing. */ 446 if (iface->addr.sa.sa_family == AF_INET6 && (errno == ENODEV || errno == EADDRNOTAVAIL) && 447 dad_count++ < DAD_WAIT) 448 { 449 sleep(1); 450 continue; 451 } 452 #endif 453 break; 454 } 455 456 if (rc == -1 || bind(new->tcpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1) 457 { 458 prettyprint_addr(&iface->addr, daemon->namebuff); 459 die(_("failed to bind listening socket for %s: %s"), daemon->namebuff, EC_BADNET); 460 } 461 462 if (listen(new->tcpfd, 5) == -1) 463 die(_("failed to listen on socket: %s"), NULL, EC_BADNET); 464 } 465 466 #ifdef HAVE_TFTP 467 if ((daemon->options & OPT_TFTP) && iface->addr.sa.sa_family == AF_INET && iface->dhcp_ok) 468 { 469 short save = iface->addr.in.sin_port; 470 iface->addr.in.sin_port = htons(TFTP_PORT); 471 if ((new->tftpfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1 || 472 setsockopt(new->tftpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 473 !fix_fd(new->tftpfd) || 474 bind(new->tftpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1) 475 die(_("failed to create TFTP socket: %s"), NULL, EC_BADNET); 476 iface->addr.in.sin_port = save; 477 } 478 #endif 479 } 480 481 /** 482 * Close the sockets listening on the given interface 483 * 484 * This new function is needed as we're dynamically changing the interfaces 485 * we listen on. Before they'd be opened once in create_bound_listeners and stay 486 * until we exited. Now, if an interface moves off the to-listen list we need to 487 * close out the listeners and keep trucking. 488 * 489 * interface - input of the interface details to listen on 490 */ 491 int close_bound_listener(struct irec *interface) 492 { 493 /* find the listener */ 494 struct listener **l, *listener; 495 for (l = &(daemon->listeners); *l; l = &((*l)->next)) { 496 struct irec *listener_iface = (*l)->iface; 497 if (listener_iface && interface) { 498 if (sockaddr_isequal(&listener_iface->addr, &interface->addr)) { 499 break; 500 } 501 } else { 502 if (interface == NULL && listener_iface == NULL) { 503 break; 504 } 505 } 506 } 507 listener = *l; 508 if (listener == NULL) return 0; 509 510 if (listener->tftpfd != -1) 511 { 512 close(listener->tftpfd); 513 listener->tftpfd = -1; 514 } 515 if (listener->tcpfd != -1) 516 { 517 close(listener->tcpfd); 518 listener->tcpfd = -1; 519 } 520 if (listener->fd != -1) 521 { 522 close(listener->fd); 523 listener->fd = -1; 524 } 525 *l = listener->next; 526 free(listener); 527 return -1; 528 } 529 #endif /* __ANDROID__ */ 530 531 struct listener *create_bound_listeners(void) 532 { 533 struct listener *listeners = NULL; 534 struct irec *iface; 535 #ifndef __ANDROID__ 536 int rc, opt = 1; 537 #ifdef HAVE_IPV6 538 static int dad_count = 0; 539 #endif 540 #endif 541 542 for (iface = daemon->interfaces; iface; iface = iface->next) 543 { 544 #ifdef __ANDROID__ 545 create_bound_listener(&listeners, iface); 546 #else 547 struct listener *new = safe_malloc(sizeof(struct listener)); 548 new->family = iface->addr.sa.sa_family; 549 new->iface = iface; 550 new->next = listeners; 551 new->tftpfd = -1; 552 new->tcpfd = -1; 553 new->fd = -1; 554 listeners = new; 555 556 if (daemon->port != 0) 557 { 558 if ((new->tcpfd = socket(iface->addr.sa.sa_family, SOCK_STREAM, 0)) == -1 || 559 (new->fd = socket(iface->addr.sa.sa_family, SOCK_DGRAM, 0)) == -1 || 560 setsockopt(new->fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 561 setsockopt(new->tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 562 !fix_fd(new->tcpfd) || 563 !fix_fd(new->fd)) 564 die(_("failed to create listening socket: %s"), NULL, EC_BADNET); 565 566 #ifdef HAVE_IPV6 567 if (iface->addr.sa.sa_family == AF_INET6) 568 { 569 if (setsockopt(new->fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 || 570 setsockopt(new->tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1) 571 die(_("failed to set IPV6 options on listening socket: %s"), NULL, EC_BADNET); 572 } 573 #endif 574 575 while(1) 576 { 577 if ((rc = bind(new->fd, &iface->addr.sa, sa_len(&iface->addr))) != -1) 578 break; 579 580 #ifdef HAVE_IPV6 581 /* An interface may have an IPv6 address which is still undergoing DAD. 582 If so, the bind will fail until the DAD completes, so we try over 20 seconds 583 before failing. */ 584 if (iface->addr.sa.sa_family == AF_INET6 && (errno == ENODEV || errno == EADDRNOTAVAIL) && 585 dad_count++ < DAD_WAIT) 586 { 587 sleep(1); 588 continue; 589 } 590 #endif 591 break; 592 } 593 594 if (rc == -1 || bind(new->tcpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1) 595 { 596 prettyprint_addr(&iface->addr, daemon->namebuff); 597 die(_("failed to bind listening socket for %s: %s"), 598 daemon->namebuff, EC_BADNET); 599 } 600 601 if (listen(new->tcpfd, 5) == -1) 602 die(_("failed to listen on socket: %s"), NULL, EC_BADNET); 603 } 604 605 #ifdef HAVE_TFTP 606 if ((daemon->options & OPT_TFTP) && iface->addr.sa.sa_family == AF_INET && iface->dhcp_ok) 607 { 608 short save = iface->addr.in.sin_port; 609 iface->addr.in.sin_port = htons(TFTP_PORT); 610 if ((new->tftpfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1 || 611 setsockopt(new->tftpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || 612 !fix_fd(new->tftpfd) || 613 bind(new->tftpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1) 614 die(_("failed to create TFTP socket: %s"), NULL, EC_BADNET); 615 iface->addr.in.sin_port = save; 616 } 617 #endif 618 #endif /* !__ANDROID */ 619 } 620 621 return listeners; 622 } 623 624 625 /* return a UDP socket bound to a random port, have to cope with straying into 626 occupied port nos and reserved ones. */ 627 int random_sock(int family) 628 { 629 int fd; 630 631 if ((fd = socket(family, SOCK_DGRAM, 0)) != -1) 632 { 633 union mysockaddr addr; 634 unsigned int ports_avail = 65536u - (unsigned short)daemon->min_port; 635 int tries = ports_avail < 30 ? 3 * ports_avail : 100; 636 637 memset(&addr, 0, sizeof(addr)); 638 addr.sa.sa_family = family; 639 640 /* don't loop forever if all ports in use. */ 641 642 if (fix_fd(fd)) 643 while(tries--) 644 { 645 unsigned short port = rand16(); 646 647 if (daemon->min_port != 0) 648 port = htons(daemon->min_port + (port % ((unsigned short)ports_avail))); 649 650 if (family == AF_INET) 651 { 652 addr.in.sin_addr.s_addr = INADDR_ANY; 653 addr.in.sin_port = port; 654 #ifdef HAVE_SOCKADDR_SA_LEN 655 addr.in.sin_len = sizeof(struct sockaddr_in); 656 #endif 657 } 658 #ifdef HAVE_IPV6 659 else 660 { 661 addr.in6.sin6_addr = in6addr_any; 662 addr.in6.sin6_port = port; 663 #ifdef HAVE_SOCKADDR_SA_LEN 664 addr.in6.sin6_len = sizeof(struct sockaddr_in6); 665 #endif 666 } 667 #endif 668 669 if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0) 670 return fd; 671 672 if (errno != EADDRINUSE && errno != EACCES) 673 break; 674 } 675 676 close(fd); 677 } 678 679 return -1; 680 } 681 682 683 int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp) 684 { 685 union mysockaddr addr_copy = *addr; 686 687 /* cannot set source _port_ for TCP connections. */ 688 if (is_tcp) 689 { 690 if (addr_copy.sa.sa_family == AF_INET) 691 addr_copy.in.sin_port = 0; 692 #ifdef HAVE_IPV6 693 else 694 addr_copy.in6.sin6_port = 0; 695 #endif 696 } 697 698 if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) == -1) 699 return 0; 700 701 #if defined(SO_BINDTODEVICE) 702 if (intname[0] != 0 && 703 setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, strlen(intname)) == -1) 704 return 0; 705 #endif 706 707 return 1; 708 } 709 710 static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname) 711 { 712 struct serverfd *sfd; 713 int errsave; 714 715 /* when using random ports, servers which would otherwise use 716 the INADDR_ANY/port0 socket have sfd set to NULL */ 717 if (!daemon->osport && intname[0] == 0) 718 { 719 errno = 0; 720 721 if (addr->sa.sa_family == AF_INET && 722 addr->in.sin_addr.s_addr == INADDR_ANY && 723 addr->in.sin_port == htons(0)) 724 return NULL; 725 726 #ifdef HAVE_IPV6 727 if (addr->sa.sa_family == AF_INET6 && 728 memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 && 729 addr->in6.sin6_port == htons(0)) 730 return NULL; 731 #endif 732 } 733 734 /* may have a suitable one already */ 735 for (sfd = daemon->sfds; sfd; sfd = sfd->next ) 736 if (sockaddr_isequal(&sfd->source_addr, addr) && 737 strcmp(intname, sfd->interface) == 0) 738 return sfd; 739 740 /* need to make a new one. */ 741 errno = ENOMEM; /* in case malloc fails. */ 742 if (!(sfd = whine_malloc(sizeof(struct serverfd)))) 743 return NULL; 744 745 if ((sfd->fd = socket(addr->sa.sa_family, SOCK_DGRAM, 0)) == -1) 746 { 747 free(sfd); 748 return NULL; 749 } 750 751 if (!local_bind(sfd->fd, addr, intname, 0) || !fix_fd(sfd->fd)) 752 { 753 errsave = errno; /* save error from bind. */ 754 close(sfd->fd); 755 free(sfd); 756 errno = errsave; 757 return NULL; 758 } 759 760 strcpy(sfd->interface, intname); 761 sfd->source_addr = *addr; 762 sfd->next = daemon->sfds; 763 daemon->sfds = sfd; 764 return sfd; 765 } 766 767 /* create upstream sockets during startup, before root is dropped which may be needed 768 this allows query_port to be a low port and interface binding */ 769 void pre_allocate_sfds(void) 770 { 771 struct server *srv; 772 773 if (daemon->query_port != 0) 774 { 775 union mysockaddr addr; 776 memset(&addr, 0, sizeof(addr)); 777 addr.in.sin_family = AF_INET; 778 addr.in.sin_addr.s_addr = INADDR_ANY; 779 addr.in.sin_port = htons(daemon->query_port); 780 #ifdef HAVE_SOCKADDR_SA_LEN 781 addr.in.sin_len = sizeof(struct sockaddr_in); 782 #endif 783 allocate_sfd(&addr, ""); 784 #ifdef HAVE_IPV6 785 memset(&addr, 0, sizeof(addr)); 786 addr.in6.sin6_family = AF_INET6; 787 addr.in6.sin6_addr = in6addr_any; 788 addr.in6.sin6_port = htons(daemon->query_port); 789 #ifdef HAVE_SOCKADDR_SA_LEN 790 addr.in6.sin6_len = sizeof(struct sockaddr_in6); 791 #endif 792 allocate_sfd(&addr, ""); 793 #endif 794 } 795 796 for (srv = daemon->servers; srv; srv = srv->next) 797 if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) && 798 !allocate_sfd(&srv->source_addr, srv->interface) && 799 errno != 0 && 800 (daemon->options & OPT_NOWILD)) 801 { 802 prettyprint_addr(&srv->addr, daemon->namebuff); 803 if (srv->interface[0] != 0) 804 { 805 strcat(daemon->namebuff, " "); 806 strcat(daemon->namebuff, srv->interface); 807 } 808 die(_("failed to bind server socket for %s: %s"), 809 daemon->namebuff, EC_BADNET); 810 } 811 } 812 813 814 void check_servers(void) 815 { 816 struct irec *iface; 817 struct server *new, *tmp, *ret = NULL; 818 int port = 0; 819 820 for (new = daemon->servers; new; new = tmp) 821 { 822 tmp = new->next; 823 824 if (!(new->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR))) 825 { 826 port = prettyprint_addr(&new->addr, daemon->namebuff); 827 828 /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */ 829 if (new->addr.sa.sa_family == AF_INET && 830 new->addr.in.sin_addr.s_addr == 0) 831 { 832 free(new); 833 continue; 834 } 835 836 for (iface = daemon->interfaces; iface; iface = iface->next) 837 if (sockaddr_isequal(&new->addr, &iface->addr)) 838 break; 839 if (iface) 840 { 841 my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff); 842 free(new); 843 continue; 844 } 845 846 /* Do we need a socket set? */ 847 if (!new->sfd && 848 !(new->sfd = allocate_sfd(&new->source_addr, new->interface)) && 849 errno != 0) 850 { 851 my_syslog(LOG_WARNING, 852 _("ignoring nameserver %s - cannot make/bind socket: %s"), 853 daemon->namebuff, strerror(errno)); 854 free(new); 855 continue; 856 } 857 } 858 859 /* reverse order - gets it right. */ 860 new->next = ret; 861 ret = new; 862 863 if (new->flags & (SERV_HAS_DOMAIN | SERV_FOR_NODOTS)) 864 { 865 char *s1, *s2; 866 if (!(new->flags & SERV_HAS_DOMAIN)) 867 s1 = _("unqualified"), s2 = _("names"); 868 else if (strlen(new->domain) == 0) 869 s1 = _("default"), s2 = ""; 870 else 871 s1 = _("domain"), s2 = new->domain; 872 873 if (new->flags & SERV_NO_ADDR) 874 my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2); 875 else if (!(new->flags & SERV_LITERAL_ADDRESS)) 876 my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2); 877 } 878 else if (new->interface[0] != 0) 879 my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port, new->interface); 880 else 881 my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port); 882 } 883 884 daemon->servers = ret; 885 } 886 887 #ifdef __ANDROID__ 888 /* #define __ANDROID_DEBUG__ 1 */ 889 /* 890 * Ingests a new list of interfaces and starts to listen on them, adding only the new 891 * and stopping to listen to any interfaces not on the new list. 892 * 893 * interfaces - input in the format "bt-pan:eth0:wlan0:..>" up to 1024 bytes long 894 */ 895 void set_interfaces(const char *interfaces) 896 { 897 struct iname *if_tmp; 898 struct iname *prev_if_names; 899 struct irec *old_iface, *new_iface, *prev_interfaces; 900 char s[1024]; 901 char *next = s; 902 char *interface; 903 int was_wild = 0; 904 905 #ifdef __ANDROID_DEBUG__ 906 my_syslog(LOG_DEBUG, _("set_interfaces(%s)"), interfaces); 907 #endif 908 prev_if_names = daemon->if_names; 909 daemon->if_names = NULL; 910 911 prev_interfaces = daemon->interfaces; 912 daemon->interfaces = NULL; 913 914 if (strlen(interfaces) > sizeof(s)) { 915 die(_("interface string too long: %s"), NULL, EC_BADNET); 916 } 917 strncpy(s, interfaces, sizeof(s)); 918 while((interface = strsep(&next, ":"))) { 919 if_tmp = safe_malloc(sizeof(struct iname)); 920 memset(if_tmp, sizeof(struct iname), 0); 921 if ((if_tmp->name = strdup(interface)) == NULL) { 922 die(_("malloc failure in set_interfaces: %s"), NULL, EC_BADNET); 923 } 924 if_tmp->next = daemon->if_names; 925 daemon->if_names = if_tmp; 926 } 927 928 if (!enumerate_interfaces()) { 929 die(_("enumerate interfaces error in set_interfaces: %s"), NULL, EC_BADNET); 930 } 931 932 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) { 933 if (if_tmp->name && !if_tmp->used) { 934 die(_("unknown interface given %s in set_interfaces: %s"), if_tmp->name, EC_BADNET); 935 } 936 } 937 /* success! - setup to free the old */ 938 /* check for any that have been removed */ 939 for (old_iface = prev_interfaces; old_iface; old_iface=old_iface->next) { 940 int found = 0; 941 for (new_iface = daemon->interfaces; new_iface; new_iface = new_iface->next) { 942 if (sockaddr_isequal(&old_iface->addr, &new_iface->addr)) { 943 found = -1; 944 break; 945 } 946 } 947 if (!found) { 948 #ifdef __ANDROID_DEBUG__ 949 char debug_buff[MAXDNAME]; 950 prettyprint_addr(&old_iface->addr, debug_buff); 951 my_syslog(LOG_DEBUG, _("closing listener for %s"), debug_buff); 952 #endif 953 954 close_bound_listener(old_iface); 955 } 956 } 957 958 /* remove wildchar listeners */ 959 was_wild = close_bound_listener(NULL); 960 if (was_wild) daemon->options |= OPT_NOWILD; 961 962 /* check for any that have been added */ 963 for (new_iface = daemon->interfaces; new_iface; new_iface = new_iface->next) { 964 int found = 0; 965 966 /* if the previous setup used a wildchar, then add any current interfaces */ 967 if (!was_wild) { 968 for (old_iface = prev_interfaces; old_iface; old_iface = old_iface->next) { 969 if(sockaddr_isequal(&old_iface->addr, &new_iface->addr)) { 970 found = -1; 971 break; 972 } 973 } 974 } 975 if (!found) { 976 #ifdef __ANDROID_DEBUG__ 977 char debug_buff[MAXDNAME]; 978 prettyprint_addr(&new_iface->addr, debug_buff); 979 my_syslog(LOG_DEBUG, _("adding listener for %s"), debug_buff); 980 #endif 981 create_bound_listener(&(daemon->listeners), new_iface); 982 } 983 } 984 985 while (prev_if_names) { 986 if (prev_if_names->name) free(prev_if_names->name); 987 if_tmp = prev_if_names->next; 988 free(prev_if_names); 989 prev_if_names = if_tmp; 990 } 991 while (prev_interfaces) { 992 struct irec *tmp_irec = prev_interfaces->next; 993 free(prev_interfaces); 994 prev_interfaces = tmp_irec; 995 } 996 #ifdef __ANDROID_DEBUG__ 997 my_syslog(LOG_DEBUG, _("done with setInterfaces")); 998 #endif 999 } 1000 1001 /* 1002 * Takes a string in the format "1.2.3.4:1.2.3.4:..." - up to 1024 bytes in length 1003 */ 1004 int set_servers(const char *servers) 1005 { 1006 char s[1024]; 1007 struct server *old_servers = NULL; 1008 struct server *new_servers = NULL; 1009 struct server *serv; 1010 1011 strncpy(s, servers, sizeof(s)); 1012 1013 /* move old servers to free list - we can reuse the memory 1014 and not risk malloc if there are the same or fewer new servers. 1015 Servers which were specced on the command line go to the new list. */ 1016 for (serv = daemon->servers; serv;) 1017 { 1018 struct server *tmp = serv->next; 1019 if (serv->flags & SERV_FROM_RESOLV) 1020 { 1021 serv->next = old_servers; 1022 old_servers = serv; 1023 /* forward table rules reference servers, so have to blow them away */ 1024 server_gone(serv); 1025 } 1026 else 1027 { 1028 serv->next = new_servers; 1029 new_servers = serv; 1030 } 1031 serv = tmp; 1032 } 1033 1034 char *next = s; 1035 char *saddr; 1036 1037 while ((saddr = strsep(&next, ":"))) { 1038 union mysockaddr addr, source_addr; 1039 memset(&addr, 0, sizeof(addr)); 1040 memset(&source_addr, 0, sizeof(source_addr)); 1041 1042 if ((addr.in.sin_addr.s_addr = inet_addr(saddr)) != (in_addr_t) -1) 1043 { 1044 #ifdef HAVE_SOCKADDR_SA_LEN 1045 source_addr.in.sin_len = addr.in.sin_len = sizeof(source_addr.in); 1046 #endif 1047 source_addr.in.sin_family = addr.in.sin_family = AF_INET; 1048 addr.in.sin_port = htons(NAMESERVER_PORT); 1049 source_addr.in.sin_addr.s_addr = INADDR_ANY; 1050 source_addr.in.sin_port = htons(daemon->query_port); 1051 } 1052 #ifdef HAVE_IPV6 1053 else if (inet_pton(AF_INET6, saddr, &addr.in6.sin6_addr) > 0) 1054 { 1055 #ifdef HAVE_SOCKADDR_SA_LEN 1056 source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(source_addr.in6); 1057 #endif 1058 source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6; 1059 addr.in6.sin6_port = htons(NAMESERVER_PORT); 1060 source_addr.in6.sin6_addr = in6addr_any; 1061 source_addr.in6.sin6_port = htons(daemon->query_port); 1062 } 1063 #endif /* IPV6 */ 1064 else 1065 continue; 1066 1067 if (old_servers) 1068 { 1069 serv = old_servers; 1070 old_servers = old_servers->next; 1071 } 1072 else if (!(serv = whine_malloc(sizeof (struct server)))) 1073 continue; 1074 1075 /* this list is reverse ordered: 1076 it gets reversed again in check_servers */ 1077 serv->next = new_servers; 1078 new_servers = serv; 1079 serv->addr = addr; 1080 serv->source_addr = source_addr; 1081 serv->domain = NULL; 1082 serv->interface[0] = 0; 1083 serv->sfd = NULL; 1084 serv->flags = SERV_FROM_RESOLV; 1085 serv->queries = serv->failed_queries = 0; 1086 } 1087 1088 /* Free any memory not used. */ 1089 while (old_servers) 1090 { 1091 struct server *tmp = old_servers->next; 1092 free(old_servers); 1093 old_servers = tmp; 1094 } 1095 1096 daemon->servers = new_servers; 1097 return 0; 1098 } 1099 #endif 1100 1101 /* Return zero if no servers found, in that case we keep polling. 1102 This is a protection against an update-time/write race on resolv.conf */ 1103 int reload_servers(char *fname) 1104 { 1105 FILE *f; 1106 char *line; 1107 struct server *old_servers = NULL; 1108 struct server *new_servers = NULL; 1109 struct server *serv; 1110 int gotone = 0; 1111 1112 /* buff happens to be MAXDNAME long... */ 1113 if (!(f = fopen(fname, "r"))) 1114 { 1115 my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno)); 1116 return 0; 1117 } 1118 1119 /* move old servers to free list - we can reuse the memory 1120 and not risk malloc if there are the same or fewer new servers. 1121 Servers which were specced on the command line go to the new list. */ 1122 for (serv = daemon->servers; serv;) 1123 { 1124 struct server *tmp = serv->next; 1125 if (serv->flags & SERV_FROM_RESOLV) 1126 { 1127 serv->next = old_servers; 1128 old_servers = serv; 1129 /* forward table rules reference servers, so have to blow them away */ 1130 server_gone(serv); 1131 } 1132 else 1133 { 1134 serv->next = new_servers; 1135 new_servers = serv; 1136 } 1137 serv = tmp; 1138 } 1139 1140 while ((line = fgets(daemon->namebuff, MAXDNAME, f))) 1141 { 1142 union mysockaddr addr, source_addr; 1143 char *token = strtok(line, " \t\n\r"); 1144 1145 if (!token) 1146 continue; 1147 if (strcmp(token, "nameserver") != 0 && strcmp(token, "server") != 0) 1148 continue; 1149 if (!(token = strtok(NULL, " \t\n\r"))) 1150 continue; 1151 1152 memset(&addr, 0, sizeof(addr)); 1153 memset(&source_addr, 0, sizeof(source_addr)); 1154 1155 if ((addr.in.sin_addr.s_addr = inet_addr(token)) != (in_addr_t) -1) 1156 { 1157 #ifdef HAVE_SOCKADDR_SA_LEN 1158 source_addr.in.sin_len = addr.in.sin_len = sizeof(source_addr.in); 1159 #endif 1160 source_addr.in.sin_family = addr.in.sin_family = AF_INET; 1161 addr.in.sin_port = htons(NAMESERVER_PORT); 1162 source_addr.in.sin_addr.s_addr = INADDR_ANY; 1163 source_addr.in.sin_port = htons(daemon->query_port); 1164 } 1165 #ifdef HAVE_IPV6 1166 else if (inet_pton(AF_INET6, token, &addr.in6.sin6_addr) > 0) 1167 { 1168 #ifdef HAVE_SOCKADDR_SA_LEN 1169 source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(source_addr.in6); 1170 #endif 1171 source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6; 1172 addr.in6.sin6_port = htons(NAMESERVER_PORT); 1173 source_addr.in6.sin6_addr = in6addr_any; 1174 source_addr.in6.sin6_port = htons(daemon->query_port); 1175 } 1176 #endif /* IPV6 */ 1177 else 1178 continue; 1179 1180 if (old_servers) 1181 { 1182 serv = old_servers; 1183 old_servers = old_servers->next; 1184 } 1185 else if (!(serv = whine_malloc(sizeof (struct server)))) 1186 continue; 1187 1188 /* this list is reverse ordered: 1189 it gets reversed again in check_servers */ 1190 serv->next = new_servers; 1191 new_servers = serv; 1192 serv->addr = addr; 1193 serv->source_addr = source_addr; 1194 serv->domain = NULL; 1195 serv->interface[0] = 0; 1196 serv->sfd = NULL; 1197 serv->flags = SERV_FROM_RESOLV; 1198 serv->queries = serv->failed_queries = 0; 1199 gotone = 1; 1200 } 1201 1202 /* Free any memory not used. */ 1203 while (old_servers) 1204 { 1205 struct server *tmp = old_servers->next; 1206 free(old_servers); 1207 old_servers = tmp; 1208 } 1209 1210 daemon->servers = new_servers; 1211 fclose(f); 1212 1213 return gotone; 1214 } 1215 1216 1217 /* Use an IPv4 listener socket for ioctling */ 1218 struct in_addr get_ifaddr(char *intr) 1219 { 1220 struct listener *l; 1221 struct ifreq ifr; 1222 1223 for (l = daemon->listeners; l && l->family != AF_INET; l = l->next); 1224 1225 strncpy(ifr.ifr_name, intr, IF_NAMESIZE); 1226 ifr.ifr_addr.sa_family = AF_INET; 1227 1228 if (!l || ioctl(l->fd, SIOCGIFADDR, &ifr) == -1) 1229 ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr.s_addr = -1; 1230 1231 return ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; 1232 } 1233
