1
/* dnsmasq is Copyright (c) 2000 - 2005 Simon Kelley
1
/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
3
3
This program is free software; you can redistribute it and/or modify
4
4
it under the terms of the GNU General Public License as published by
5
the Free Software Foundation; version 2 dated June, 1991.
5
the Free Software Foundation; version 2 dated June, 1991, or
6
(at your option) version 3 dated 29 June, 2007.
7
8
This program is distributed in the hope that it will be useful,
8
9
but WITHOUT ANY WARRANTY; without even the implied warranty of
9
10
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10
11
GNU General Public License for more details.
13
You should have received a copy of the GNU General Public License
14
along with this program. If not, see <http://www.gnu.org/licenses/>.
13
17
#include "dnsmasq.h"
15
static struct frec *frec_list = NULL;
17
static struct frec *lookup_frec(unsigned short id);
19
static struct frec *lookup_frec(unsigned short id, unsigned int crc);
18
20
static struct frec *lookup_frec_by_sender(unsigned short id,
19
21
union mysockaddr *addr,
21
static unsigned short get_id(void);
24
/* Send a UDP packet with it's source address set as "source"
23
static unsigned short get_id(int force, unsigned short force_id, unsigned int crc);
24
static void free_frec(struct frec *f);
25
static struct randfd *allocate_rfd(int family);
27
/* Send a UDP packet with its source address set as "source"
25
28
unless nowild is true, when we just send it with the kernel default */
26
29
static void send_from(int fd, int nowild, char *packet, size_t len,
27
30
union mysockaddr *to, struct all_addr *source,
171
174
*addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
177
else if (!flags || (flags & F_NXDOMAIN))
180
if (flags & ~(F_NOERR | F_NXDOMAIN)) /* flags set here means a literal found */
183
log_query(F_CONFIG | F_FORWARD | F_NEG, qdomain, NULL, 0, NULL, 0);
185
log_query(F_CONFIG | F_FORWARD | flags, qdomain, *addrpp, 0, NULL, 0);
187
else if (qtype && (daemon->options & OPT_NODOTS_LOCAL) && !strchr(qdomain, '.') && namelen != 0)
183
if (flags == 0 && !(qtype & F_BIGNAME) &&
184
(daemon->options & OPT_NODOTS_LOCAL) && !strchr(qdomain, '.') && namelen != 0)
185
/* don't forward simple names, make exception for NS queries and empty name. */
188
186
flags = F_NXDOMAIN;
190
if (flags == F_NXDOMAIN && check_for_local_domain(qdomain, now, daemon))
188
if (flags == F_NXDOMAIN && check_for_local_domain(qdomain, now))
193
if (flags == F_NXDOMAIN || flags == F_NOERR)
194
log_query(F_CONFIG | F_FORWARD | F_NEG | qtype | (flags & F_NXDOMAIN), qdomain, NULL, 0, NULL, 0);
195
if (flags == F_NXDOMAIN || flags == F_NOERR)
196
logflags = F_NEG | qtype;
198
log_query(logflags | flags | F_CONFIG | F_FORWARD, qdomain, *addrpp, NULL);
199
/* returns new last_server */
200
static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *udpaddr,
201
struct all_addr *dst_addr, unsigned int dst_iface,
202
HEADER *header, size_t plen, time_t now, struct frec *forward)
204
static int forward_query(int udpfd, union mysockaddr *udpaddr,
205
struct all_addr *dst_addr, unsigned int dst_iface,
206
HEADER *header, size_t plen, time_t now, struct frec *forward)
204
208
char *domain = NULL;
232
flags = search_servers(daemon, now, &addrp, gotname, daemon->namebuff, &type, &domain);
237
flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain);
234
if (!flags && !(forward = get_new_frec(daemon, now, NULL)))
239
if (!flags && !(forward = get_new_frec(now, NULL)))
235
240
/* table full - server failure. */
245
/* force unchanging id for signed packets */
247
find_pseudoheader(header, plen, NULL, NULL, &is_sign);
240
249
forward->source = *udpaddr;
241
250
forward->dest = *dst_addr;
242
251
forward->iface = dst_iface;
243
forward->new_id = get_id();
252
forward->orig_id = ntohs(header->id);
253
forward->new_id = get_id(is_sign, forward->orig_id, crc);
244
254
forward->fd = udpfd;
245
forward->orig_id = ntohs(header->id);
246
255
forward->crc = crc;
247
256
forward->forwardall = 0;
248
257
header->id = htons(forward->new_id);
335
370
send_from(udpfd, daemon->options & OPT_NOWILD, (char *)header, plen, udpaddr, dst_addr, dst_iface);
341
static size_t process_reply(struct daemon *daemon, HEADER *header, time_t now,
342
unsigned int query_crc, struct server *server, size_t n)
376
static size_t process_reply(HEADER *header, time_t now,
377
struct server *server, size_t n)
344
379
unsigned char *pheader, *sizep;
380
int munged = 0, is_sign;
348
383
/* If upstream is advertising a larger UDP packet size
349
384
than we allow, trim it so that we don't get overlarge
350
requests for the client. */
385
requests for the client. We can't do this for signed packets. */
352
if ((pheader = find_pseudoheader(header, n, &plen, &sizep)))
387
if ((pheader = find_pseudoheader(header, n, &plen, &sizep, &is_sign)) && !is_sign)
354
389
unsigned short udpsz;
355
390
unsigned char *psave = sizep;
419
454
/* sets new last_server */
420
void reply_query(struct serverfd *sfd, struct daemon *daemon, time_t now)
455
void reply_query(int fd, int family, time_t now)
422
457
/* packet from peer server, extract data for cache, and send to
423
458
original requester */
460
union mysockaddr serveraddr;
424
461
struct frec *forward;
426
union mysockaddr serveraddr;
427
462
socklen_t addrlen = sizeof(serveraddr);
428
ssize_t n = recvfrom(sfd->fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen);
463
ssize_t n = recvfrom(fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen);
465
struct server *server;
431
467
/* packet buffer overwritten */
432
468
daemon->srv_save = NULL;
434
470
/* Determine the address of the server replying so that we can mark that as good */
435
serveraddr.sa.sa_family = sfd->source_addr.sa.sa_family;
471
serveraddr.sa.sa_family = family;
437
473
if (serveraddr.sa.sa_family == AF_INET6)
438
474
serveraddr.in6.sin6_flowinfo = 0;
477
/* spoof check: answer must come from known server, */
478
for (server = daemon->servers; server; server = server->next)
479
if (!(server->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) &&
480
sockaddr_isequal(&server->addr, &serveraddr))
441
483
header = (HEADER *)daemon->packet;
442
forward = lookup_frec(ntohs(header->id));
444
if (n >= (int)sizeof(HEADER) && header->qr && forward)
486
n < (int)sizeof(HEADER) || !header->qr ||
487
!(forward = lookup_frec(ntohs(header->id), questions_crc(header, n, daemon->namebuff))))
490
server = forward->sentto;
492
if ((header->rcode == SERVFAIL || header->rcode == REFUSED) &&
493
!(daemon->options & OPT_ORDER) &&
494
forward->forwardall == 0)
495
/* for broken servers, attempt to send to another one. */
446
struct server *server = forward->sentto;
448
if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && forward->forwardall == 0)
449
/* for broken servers, attempt to send to another one. */
451
unsigned char *pheader;
454
/* recreate query from reply */
455
pheader = find_pseudoheader(header, (size_t)n, &plen, NULL);
456
header->ancount = htons(0);
457
header->nscount = htons(0);
458
header->arcount = htons(0);
459
if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
463
forward_query(daemon, -1, NULL, NULL, 0, header, nn, now, forward);
468
if ((forward->sentto->flags & SERV_TYPE) == 0)
470
if (header->rcode == SERVFAIL || header->rcode == REFUSED)
474
struct server *last_server;
475
/* find good server by address if possible, otherwise assume the last one we sent to */
476
for (last_server = daemon->servers; last_server; last_server = last_server->next)
477
if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) &&
478
sockaddr_isequal(&last_server->addr, &serveraddr))
480
server = last_server;
484
daemon->last_server = server;
487
/* If the answer is an error, keep the forward record in place in case
488
we get a good reply from another server. Kill it when we've
489
had replies from all to avoid filling the forwarding table when
490
everything is broken */
491
if (forward->forwardall == 0 || --forward->forwardall == 1 ||
492
(header->rcode != REFUSED && header->rcode != SERVFAIL))
497
unsigned char *pheader;
501
/* recreate query from reply */
502
pheader = find_pseudoheader(header, (size_t)n, &plen, NULL, &is_sign);
494
if ((nn = process_reply(daemon, header, now, forward->crc, server, (size_t)n)))
505
header->ancount = htons(0);
506
header->nscount = htons(0);
507
header->arcount = htons(0);
508
if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
496
header->id = htons(forward->orig_id);
497
header->ra = 1; /* recursion if available */
498
send_from(forward->fd, daemon->options & OPT_NOWILD, daemon->packet, nn,
499
&forward->source, &forward->dest, forward->iface);
512
forward_query(-1, NULL, NULL, 0, header, nn, now, forward);
501
forward->new_id = 0; /* cancel */
518
if ((forward->sentto->flags & SERV_TYPE) == 0)
520
if (header->rcode == SERVFAIL || header->rcode == REFUSED)
524
struct server *last_server;
526
/* find good server by address if possible, otherwise assume the last one we sent to */
527
for (last_server = daemon->servers; last_server; last_server = last_server->next)
528
if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) &&
529
sockaddr_isequal(&last_server->addr, &serveraddr))
531
server = last_server;
535
if (!(daemon->options & OPT_ALL_SERVERS))
536
daemon->last_server = server;
539
/* If the answer is an error, keep the forward record in place in case
540
we get a good reply from another server. Kill it when we've
541
had replies from all to avoid filling the forwarding table when
542
everything is broken */
543
if (forward->forwardall == 0 || --forward->forwardall == 1 ||
544
(header->rcode != REFUSED && header->rcode != SERVFAIL))
546
if ((nn = process_reply(header, now, server, (size_t)n)))
548
header->id = htons(forward->orig_id);
549
header->ra = 1; /* recursion if available */
550
send_from(forward->fd, daemon->options & OPT_NOWILD, daemon->packet, nn,
551
&forward->source, &forward->dest, forward->iface);
553
free_frec(forward); /* cancel */
506
void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
558
void receive_query(struct listener *listen, time_t now)
508
560
HEADER *header = (HEADER *)daemon->packet;
509
561
union mysockaddr source_addr;
611
670
if (if_index == 0)
614
if (daemon->if_except || daemon->if_names || (daemon->options & OPT_LOCALISE))
616
673
#ifdef SIOCGIFNAME
617
ifr.ifr_ifindex = if_index;
618
if (ioctl(listen->fd, SIOCGIFNAME, &ifr) == -1)
674
ifr.ifr_ifindex = if_index;
675
if (ioctl(listen->fd, SIOCGIFNAME, &ifr) == -1)
621
if (!if_indextoname(if_index, ifr.ifr_name))
678
if (!if_indextoname(if_index, ifr.ifr_name))
625
if (listen->family == AF_INET &&
626
(daemon->options & OPT_LOCALISE) &&
627
ioctl(listen->fd, SIOCGIFNETMASK, &ifr) == -1)
630
netmask = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
633
if (!iface_check(daemon, listen->family, &dst_addr, ifr.ifr_name))
682
if (!iface_check(listen->family, &dst_addr, &ifr, &if_index))
685
if (listen->family == AF_INET &&
686
(daemon->options & OPT_LOCALISE) &&
687
ioctl(listen->fd, SIOCGIFNETMASK, &ifr) == -1)
690
netmask = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
637
693
if (extract_request(header, (size_t)n, daemon->namebuff, &type))
697
querystr(types, type);
639
699
if (listen->family == AF_INET)
640
700
log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
641
(struct all_addr *)&source_addr.in.sin_addr, type, NULL, 0);
701
(struct all_addr *)&source_addr.in.sin_addr, types);
644
704
log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff,
645
(struct all_addr *)&source_addr.in6.sin6_addr, type, NULL, 0);
705
(struct all_addr *)&source_addr.in6.sin6_addr, types);
649
m = answer_request (header, ((char *) header) + PACKETSZ, (size_t)n, daemon,
709
m = answer_request (header, ((char *) header) + PACKETSZ, (size_t)n,
650
710
dst_addr_4, netmask, now);
652
send_from(listen->fd, daemon->options & OPT_NOWILD, (char *)header, m, &source_addr, &dst_addr, if_index);
713
send_from(listen->fd, daemon->options & OPT_NOWILD, (char *)header,
714
m, &source_addr, &dst_addr, if_index);
715
daemon->local_answer++;
717
else if (forward_query(listen->fd, &source_addr, &dst_addr, if_index,
718
header, (size_t)n, now, NULL))
719
daemon->queries_forwarded++;
654
forward_query(daemon, listen->fd, &source_addr, &dst_addr, if_index,
655
header, (size_t)n, now, NULL);
721
daemon->local_answer++;
658
724
/* The daemon forks before calling this: it should deal with one connection,
659
725
blocking as neccessary, and then return. Note, need to be a bit careful
660
726
about resources for debug mode, when the fork is suppressed: that's
661
727
done by the caller. */
662
unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
728
unsigned char *tcp_request(int confd, time_t now,
663
729
struct in_addr local_addr, struct in_addr netmask)
692
758
if (getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) != -1)
762
querystr(types, qtype);
694
764
if (peer_addr.sa.sa_family == AF_INET)
695
765
log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
696
(struct all_addr *)&peer_addr.in.sin_addr, qtype, NULL, 0);
766
(struct all_addr *)&peer_addr.in.sin_addr, types);
699
769
log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff,
700
(struct all_addr *)&peer_addr.in6.sin6_addr, qtype, NULL, 0);
770
(struct all_addr *)&peer_addr.in6.sin6_addr, types);
705
775
/* m > 0 if answered from cache */
706
m = answer_request(header, ((char *) header) + 65536, (unsigned int)size, daemon,
776
m = answer_request(header, ((char *) header) + 65536, (unsigned int)size,
707
777
local_addr, netmask, now);
779
/* Do this by steam now we're not in the select() loop */
780
check_log_writer(NULL);
780
854
strcpy(daemon->namebuff, "query");
781
855
if (last_server->addr.sa.sa_family == AF_INET)
782
856
log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff,
783
(struct all_addr *)&last_server->addr.in.sin_addr, 0, NULL, 0);
857
(struct all_addr *)&last_server->addr.in.sin_addr, NULL);
786
860
log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff,
787
(struct all_addr *)&last_server->addr.in6.sin6_addr, 0, NULL, 0);
861
(struct all_addr *)&last_server->addr.in6.sin6_addr, NULL);
790
864
/* There's no point in updating the cache, since this process will exit and
791
lose the information after one query. We make this call for the alias and
865
lose the information after a few queries. We make this call for the alias and
792
866
bogus-nxdomain side-effects. */
793
m = process_reply(daemon, header, now, crc, last_server, (unsigned int)m);
867
/* If the crc of the question section doesn't match the crc we sent, then
868
someone might be attempting to insert bogus values into the cache by
869
sending replies containing questions and bogus answers. */
870
if (crc == questions_crc(header, (unsigned int)m, daemon->namebuff))
871
m = process_reply(header, now, last_server, (unsigned int)m);
817
if ((f = (struct frec *)malloc(sizeof(struct frec))))
897
if ((f = (struct frec *)whine_malloc(sizeof(struct frec))))
899
f->next = daemon->frec_list;
906
daemon->frec_list = f;
912
static struct randfd *allocate_rfd(int family)
914
static int finger = 0;
917
/* limit the number of sockets we have open to avoid starvation of
918
(eg) TFTP. Once we have a reasonable number, randomness should be OK */
920
for (i = 0; i < RANDOM_SOCKS; i++)
921
if (daemon->randomsocks[i].refcount == 0 &&
922
(daemon->randomsocks[i].fd = random_sock(family)) != -1)
924
daemon->randomsocks[i].refcount = 1;
925
daemon->randomsocks[i].family = family;
926
return &daemon->randomsocks[i];
929
/* No free ones, grab an existing one */
930
for (i = 0; i < RANDOM_SOCKS; i++)
932
int j = (i+finger) % RANDOM_SOCKS;
933
if (daemon->randomsocks[j].family == family && daemon->randomsocks[j].refcount != 0xffff)
936
daemon->randomsocks[j].refcount++;
937
return &daemon->randomsocks[j];
941
return NULL; /* doom */
944
static void free_frec(struct frec *f)
946
if (f->rfd4 && --(f->rfd4->refcount) == 0)
953
if (f->rfd6 && --(f->rfd6->refcount) == 0)
828
960
/* if wait==NULL return a free or older than TIMEOUT record.
829
961
else return *wait zero if one available, or *wait is delay to
830
when the oldest in-use record will expire. */
831
struct frec *get_new_frec(struct daemon *daemon, time_t now, int *wait)
962
when the oldest in-use record will expire. Impose an absolute
963
limit of 4*TIMEOUT before we wipe things (for random sockets) */
964
struct frec *get_new_frec(time_t now, int *wait)
833
struct frec *f, *oldest;
966
struct frec *f, *oldest, *target;
839
for (f = frec_list, oldest = NULL, count = 0; f; f = f->next, count++)
972
for (f = daemon->frec_list, oldest = NULL, target = NULL, count = 0; f; f = f->next, count++)
977
if (difftime(now, f->time) >= 4*TIMEOUT)
983
if (!oldest || difftime(f->time, oldest->time) <= 0)
845
else if (!oldest || difftime(f->time, oldest->time) <= 0)
848
993
/* can't find empty one, use oldest if there is one
849
994
and it's older than timeout */