├── debian ├── source │ └── format ├── insserv ├── shlibs.local ├── dnsmasq-base.conffiles ├── conffiles ├── installed-marker ├── readme.dnsmasq.d ├── prerm ├── dnsmasq-base.postrm ├── resolvconf-package ├── postrm ├── dbus.conf ├── dnsmasq-base.postinst ├── copyright ├── systemd.service ├── postinst ├── default ├── control ├── resolvconf └── readme ├── VERSION ├── .gitattributes ├── po ├── es.po ├── fr.po └── no.po ├── logo ├── icon.png ├── favicon.ico ├── README └── icon.svg ├── man └── es │ └── dnsmasq.8 ├── Android.mk ├── contrib ├── webmin │ ├── dnsmasq.wbm │ └── README ├── slackware-dnsmasq │ ├── doinst.sh.gz │ ├── rc.dnsmasq.gz │ ├── dnsmasq.leasedir.diff.gz │ ├── slack-desc │ └── dnsmasq.SlackBuild ├── lease-tools │ ├── Makefile │ ├── dhcp_lease_time.1 │ ├── dhcp_release.1 │ ├── dhcp_release6.1 │ └── dhcp_lease_time.c ├── Suse │ ├── README │ ├── dnsmasq-SuSE.patch │ ├── README.susefirewall │ ├── rc.dnsmasq-suse │ └── dnsmasq-suse.spec ├── systemd │ ├── dnsmasq.service │ ├── README │ └── dbus_activation ├── dns-loc │ └── README ├── Solaris10 │ ├── README-sparc │ ├── README │ ├── README.create_package │ ├── dnsmasq.xml │ └── create_package ├── try-all-ns │ ├── README-2.78 │ ├── README-2.47 │ ├── README │ ├── dnsmasq-2.47_no_nxdomain_until_end.patch │ ├── dnsmasq-2.78xx-try-all-ns.patch │ ├── dnsmasq-2.68-try-all-ns │ └── dnsmasq-2.35-try-all-ns.patch ├── dnsmasq_MacOSX-pre10.4 │ ├── DNSmasq │ ├── StartupParameters.plist │ └── README.rtf ├── MacOSX-launchd │ ├── uk.org.thekelleys.dnsmasq.plist │ └── launchd-README.txt ├── reverse-dns │ ├── README │ └── reverse_replace.sh ├── lease-access │ └── README ├── openvpn │ ├── dhclient-enter-hooks │ ├── README │ └── dnsmasq.patch ├── dnslist │ ├── dhcp.css │ └── dnslist.tt2 ├── static-arp │ └── static-arp ├── mactable │ └── macscript ├── port-forward │ ├── portforward │ └── dnsmasq-portforward ├── wrt │ ├── lease_update.sh │ └── README ├── CPE-WAN │ └── README ├── dbus-test │ └── dbus-test.py ├── conntrack │ └── README └── dynamic-dnsmasq │ └── dynamic-dnsmasq.pl ├── bld ├── install-man ├── install-mo ├── Android.mk ├── pkg-wrapper ├── get-version └── bloat-o-meter ├── .gitignore ├── trust-anchors.conf ├── dbus ├── dnsmasq.conf └── DBus-interface ├── src ├── ip6addr.h ├── radv-protocol.h ├── dhcp6-protocol.h ├── outpacket.c ├── conntrack.c ├── poll.c ├── loop.c ├── dhcp-protocol.h ├── tables.c ├── blockdata.c ├── dns-protocol.h ├── domain.c ├── slaac.c ├── arp.c ├── ipset.c └── inotify.c ├── doc.html └── Makefile /debian/source/format: -------------------------------------------------------------------------------- 1 | 1.0 2 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | (HEAD -> master) 2 | -------------------------------------------------------------------------------- /debian/insserv: -------------------------------------------------------------------------------- 1 | $named dnsmasq 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | VERSION export-subst 2 | -------------------------------------------------------------------------------- /debian/shlibs.local: -------------------------------------------------------------------------------- 1 | libnettle 6 libnettle6 (>= 3.3) 2 | -------------------------------------------------------------------------------- /debian/dnsmasq-base.conffiles: -------------------------------------------------------------------------------- 1 | /etc/dbus-1/system.d/dnsmasq.conf 2 | -------------------------------------------------------------------------------- /po/es.po: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PowerDNS/dnsmasq/HEAD/po/es.po -------------------------------------------------------------------------------- /po/fr.po: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PowerDNS/dnsmasq/HEAD/po/fr.po -------------------------------------------------------------------------------- /po/no.po: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PowerDNS/dnsmasq/HEAD/po/no.po -------------------------------------------------------------------------------- /logo/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PowerDNS/dnsmasq/HEAD/logo/icon.png -------------------------------------------------------------------------------- /logo/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PowerDNS/dnsmasq/HEAD/logo/favicon.ico -------------------------------------------------------------------------------- /man/es/dnsmasq.8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PowerDNS/dnsmasq/HEAD/man/es/dnsmasq.8 -------------------------------------------------------------------------------- /Android.mk: -------------------------------------------------------------------------------- 1 | ifneq ($(TARGET_SIMULATOR),true) 2 | include $(call all-subdir-makefiles) 3 | endif 4 | -------------------------------------------------------------------------------- /contrib/webmin/dnsmasq.wbm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PowerDNS/dnsmasq/HEAD/contrib/webmin/dnsmasq.wbm -------------------------------------------------------------------------------- /contrib/slackware-dnsmasq/doinst.sh.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PowerDNS/dnsmasq/HEAD/contrib/slackware-dnsmasq/doinst.sh.gz -------------------------------------------------------------------------------- /contrib/slackware-dnsmasq/rc.dnsmasq.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PowerDNS/dnsmasq/HEAD/contrib/slackware-dnsmasq/rc.dnsmasq.gz -------------------------------------------------------------------------------- /contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PowerDNS/dnsmasq/HEAD/contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz -------------------------------------------------------------------------------- /debian/conffiles: -------------------------------------------------------------------------------- 1 | /etc/init.d/dnsmasq 2 | /etc/default/dnsmasq 3 | /etc/dnsmasq.conf 4 | /etc/resolvconf/update.d/dnsmasq 5 | /etc/insserv.conf.d/dnsmasq 6 | -------------------------------------------------------------------------------- /debian/installed-marker: -------------------------------------------------------------------------------- 1 | # This file indicates dnsmasq (and not just dnsmasq-base) is installed. 2 | # It is an implementation detail of the dnsmasq init script. 3 | -------------------------------------------------------------------------------- /contrib/lease-tools/Makefile: -------------------------------------------------------------------------------- 1 | CFLAGS?= -O2 -Wall -W 2 | 3 | all: dhcp_release dhcp_release6 dhcp_lease_time 4 | 5 | clean: 6 | rm -f *~ *.o core dhcp_release dhcp_release6 dhcp_lease_time 7 | -------------------------------------------------------------------------------- /contrib/Suse/README: -------------------------------------------------------------------------------- 1 | This packaging is now unmaintained in the dnsmasq source: dnsmasq is 2 | included in Suse proper, and up-to-date packages are now available 3 | from 4 | 5 | ftp://ftp.suse.com/pub/people/ug/ 6 | 7 | -------------------------------------------------------------------------------- /bld/install-man: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | for f in *; do 4 | if [ -d $f ]; then 5 | $2 -m 755 -d $1/$f/man8 6 | $2 -m 644 $f/dnsmasq.8 $1/$f/man8 7 | echo installing $f/man8/dnsmasq.8 8 | fi 9 | done 10 | -------------------------------------------------------------------------------- /bld/install-mo: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | for f in *.mo; do 4 | $2 -m 755 -d $1/${f%.mo}/LC_MESSAGES 5 | $2 -m 644 $f $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo 6 | echo installing ${f%.mo}/LC_MESSAGES/dnsmasq.mo 7 | done 8 | 9 | 10 | -------------------------------------------------------------------------------- /debian/readme.dnsmasq.d: -------------------------------------------------------------------------------- 1 | # All files in this directory will be read by dnsmasq as 2 | # configuration files, except if their names end in 3 | # ".dpkg-dist",".dpkg-old" or ".dpkg-new" 4 | # 5 | # This can be changed by editing /etc/default/dnsmasq 6 | 7 | 8 | -------------------------------------------------------------------------------- /debian/prerm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ "$1" = "remove" ]; then 5 | if [ -x /usr/sbin/invoke-rc.d ] ; then 6 | invoke-rc.d dnsmasq stop || true 7 | else 8 | /etc/init.d/dnsmasq stop || true 9 | fi 10 | fi 11 | 12 | exit 0 13 | 14 | 15 | -------------------------------------------------------------------------------- /logo/README: -------------------------------------------------------------------------------- 1 | Dnsmasq logo, contributed by Justin Clift. 2 | 3 | The source format is Inkscape SVG vector format, which is scalable and 4 | easy to export to other formats. For convenience I've included a 56x31 5 | png export and a 16x16 ico suitable for use as a web favicon. 6 | 7 | Simon Kelley, 22/10/2010 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /debian/dnsmasq-base.postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ purge = "$1" ]; then 5 | if [ -x "$(command -v deluser)" ]; then 6 | deluser --quiet --system dnsmasq > /dev/null || true 7 | else 8 | echo >&2 "not removing dnsmasq system account because deluser command was not found" 9 | fi 10 | rm -rf /run/dnsmasq 11 | fi 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | src/*.o 2 | src/*.mo 3 | src/dnsmasq.pot 4 | src/dnsmasq 5 | src/dnsmasq_baseline 6 | src/.copts_* 7 | contrib/lease-tools/dhcp_lease_time 8 | contrib/lease-tools/dhcp_release 9 | contrib/lease-tools/dhcp_release6 10 | debian/base/ 11 | debian/daemon/ 12 | debian/files 13 | debian/substvars 14 | debian/utils-substvars 15 | debian/utils/ 16 | -------------------------------------------------------------------------------- /contrib/systemd/dnsmasq.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=dnsmasq - A lightweight DHCP and caching DNS server 3 | 4 | [Service] 5 | Type=dbus 6 | BusName=uk.org.thekelleys.dnsmasq 7 | ExecStartPre=/usr/sbin/dnsmasq --test 8 | ExecStart=/usr/sbin/dnsmasq -k 9 | ExecReload=/bin/kill -HUP $MAINPID 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /contrib/dns-loc/README: -------------------------------------------------------------------------------- 1 | Hi Simon 2 | 3 | Here is a patch against dnsmasq 2.39 which provides support for LOC 4 | entries in order to assign location information to dns records 5 | (rfc1876). I tested it on OSX and on OpenWRT. 6 | 7 | Cheers 8 | Lorenz 9 | 10 | More info: 11 | http://www.ckdhr.com/dns-loc/ 12 | http://www.faqs.org/rfcs/rfc1876.html 13 | -------------------------------------------------------------------------------- /contrib/Solaris10/README-sparc: -------------------------------------------------------------------------------- 1 | Hi Simon, 2 | 3 | I just wanted to let you know that I have built a Solaris .pkg install package of your dnsmasq utility for people to use. Feel free to point them in my direction if you have people who want this sort of thing. 4 | 5 | http://ejesconsulting.wordpress.com/2010/05/12/gnu-dnsmasq-for-opensolaris-sparc/ 6 | 7 | Thanks 8 | -evan 9 | -------------------------------------------------------------------------------- /debian/resolvconf-package: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Resolvconf packaging event hook script for the dnsmasq package 3 | restart_dnsmasq() { 4 | if which invoke-rc.d >/dev/null 2>&1 ; then 5 | invoke-rc.d dnsmasq restart 6 | elif [ -x /etc/init.d/dnsmasq ] ; then 7 | /etc/init.d/dnsmasq restart 8 | fi 9 | } 10 | 11 | case "$1" in 12 | install) restart_dnsmasq ;; 13 | esac 14 | -------------------------------------------------------------------------------- /contrib/try-all-ns/README-2.78: -------------------------------------------------------------------------------- 1 | Hi, 2 | I updated the try-all-ns patch to work with the latest version of git. Ended up implementing it on top of master, 2.78test2-7-g63437ff. As that specific if-clause has been changed in the last few commits, it's not compatible for 2.77, sadly. 3 | 4 | Find the patch attached. 5 | 6 | Regards, 7 | 8 | Rasmus Ahlberg 9 | Software Developer, R&D 10 | Electrolux Small Appliances 11 | -------------------------------------------------------------------------------- /contrib/dnsmasq_MacOSX-pre10.4/DNSmasq: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | . /etc/rc.common 3 | 4 | StartService() { 5 | if [ "${DNSMASQ:=-NO-}" = "-YES-" ] ; then 6 | /usr/local/sbin/dnsmasq -q -n 7 | fi 8 | } 9 | 10 | StopService() { 11 | pid=`GetPID dnsmasq` 12 | if [ $? -eq 0 ]; then 13 | kill $pid 14 | fi 15 | } 16 | 17 | RestartService() { 18 | StopService "$@" 19 | StartService "$@" 20 | } 21 | 22 | RunService "$1" 23 | -------------------------------------------------------------------------------- /trust-anchors.conf: -------------------------------------------------------------------------------- 1 | # The root DNSSEC trust anchor, valid as at 10/02/2017 2 | 3 | # Note that this is a DS record (ie a hash of the root Zone Signing Key) 4 | # If was downloaded from https://data.iana.org/root-anchors/root-anchors.xml 5 | 6 | trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 7 | trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Label 6 | uk.org.thekelleys.dnsmasq 7 | ProgramArguments 8 | 9 | /usr/local/sbin/dnsmasq 10 | --keep-in-foreground 11 | 12 | RunAtLoad 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /contrib/try-all-ns/README-2.47: -------------------------------------------------------------------------------- 1 | A remake of patch Bob Carroll had posted to dnsmasq, 2 | now compatible with version 2.47. Hopefully he doesn't 3 | mind (sending a copy of this mail to him too). 4 | 5 | Maybe the patch in question is not acceptable 6 | as it doesn't add new switch, rather it binds itself to "strict-order". 7 | 8 | What it does is: if you have strict-order in the 9 | dnsmasq config file and query a domain that would result 10 | in NXDOMAIN, it iterates the whole given nameserver list 11 | until the last one says NXDOMAIN. 12 | -------------------------------------------------------------------------------- /dbus/dnsmasq.conf: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /contrib/dnsmasq_MacOSX-pre10.4/StartupParameters.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Description 6 | DNSmasq 7 | OrderPreference 8 | None 9 | Provides 10 | 11 | DNSmasq 12 | 13 | Uses 14 | 15 | Network 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /debian/postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ purge = "$1" ]; then 5 | update-rc.d dnsmasq remove >/dev/null 6 | fi 7 | 8 | # Code copied from dh_systemd_enable ---------------------- 9 | if [ "$1" = "remove" ]; then 10 | if [ -x "/usr/bin/deb-systemd-helper" ]; then 11 | deb-systemd-helper mask dnsmasq.service >/dev/null 12 | fi 13 | fi 14 | 15 | if [ "$1" = "purge" ]; then 16 | if [ -x "/usr/bin/deb-systemd-helper" ]; then 17 | deb-systemd-helper purge dnsmasq.service >/dev/null 18 | deb-systemd-helper unmask dnsmasq.service >/dev/null 19 | fi 20 | fi 21 | # End code copied from dh_systemd_enable ------------------ 22 | 23 | -------------------------------------------------------------------------------- /contrib/systemd/README: -------------------------------------------------------------------------------- 1 | Hello, 2 | 3 | I created a systemd service file for dnsmasq. 4 | systemd is a sysvinit replacement (see [1] for more information). 5 | One of the goals of systemd is to encourage standardization between different 6 | distributions. This means, while I also submitted a ticket in Debian GNU/Linux, 7 | I would like to ask you to accept this service file as the upstream 8 | distributor, so that other distributions can use the same service file and 9 | don’t have to ship their own. 10 | 11 | Please include this file in your next release (just like in init script). 12 | 13 | 14 | [1] http://en.wikipedia.org/wiki/Systemd 15 | 16 | 17 | -------------------------------------------------------------------------------- /contrib/try-all-ns/README: -------------------------------------------------------------------------------- 1 | Date: Thu, 07 Dec 2006 00:41:43 -0500 2 | From: Bob Carroll 3 | Subject: dnsmasq suggestion 4 | To: simon@thekelleys.org.uk 5 | 6 | 7 | Hello, 8 | 9 | I recently needed a feature in dnsmasq for a very bizarre situation. I 10 | placed a list of name servers in a special resolve file and told dnsmasq 11 | to use that. But I wanted it to try requests in order and treat NXDOMAIN 12 | requests as a failed tcp connection. I wrote the feature into dnsmasq 13 | and it seems to work. I prepared a patch in the event that others might 14 | find it useful as well. 15 | 16 | Thanks and keep up the good work. 17 | 18 | --Bob 19 | 20 | -------------------------------------------------------------------------------- /contrib/reverse-dns/README: -------------------------------------------------------------------------------- 1 | The script reads stdin and replaces all IP addresses with names before 2 | outputting it again. IPs from private networks are reverse looked up 3 | via dns. Other IP addresses are searched for in the dnsmasq query log. 4 | This gives names (CNAMEs if I understand DNS correctly) that are closer 5 | to the name the client originally asked for then the names obtained by 6 | reverse lookup. Just run 7 | 8 | netstat -n -4 | ./reverse_replace.sh 9 | 10 | to see what it does. It needs 11 | 12 | log-queries 13 | log-facility=/var/log/dnsmasq.log 14 | 15 | in the dnsmasq configuration. 16 | 17 | The script runs on debian (with ash installed) and on busybox. 18 | 19 | -------------------------------------------------------------------------------- /contrib/lease-access/README: -------------------------------------------------------------------------------- 1 | Hello, 2 | 3 | For some specific application I needed to deny access to a MAC address 4 | to a lease. For this reason I modified the dhcp-script behavior and is 5 | called with an extra parameter "access" once a dhcp request or discover 6 | is received. In that case if the exit code of the script is zero, 7 | dnsmasq continues normally, and if non-zero the packet is ignored. 8 | 9 | This was not added as a security feature but as a mean to handle 10 | differently some addresses. It is also quite intrusive since it requires 11 | changes in several other subsystems. 12 | 13 | It attach the patch in case someone is interested. 14 | 15 | regards, 16 | Nikos 17 | 18 | nmav@gennetsa.com 19 | 20 | 21 | -------------------------------------------------------------------------------- /debian/dbus.conf: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch: -------------------------------------------------------------------------------- 1 | diff -ur dnsmasq-2.47/src/forward.c dnsmasq-2.47-patched/src/forward.c 2 | --- dnsmasq-2.47/src/forward.c 2009-02-01 17:59:48.000000000 +0200 3 | +++ dnsmasq-2.47-patched/src/forward.c 2009-03-18 19:10:22.000000000 +0200 4 | @@ -488,9 +488,12 @@ 5 | return; 6 | 7 | server = forward->sentto; 8 | + 9 | + if ( (header->rcode == NXDOMAIN) && ((daemon->options & OPT_ORDER) != 0) && (server->next != NULL) ) 10 | + header->rcode = SERVFAIL; 11 | 12 | if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && 13 | - !(daemon->options & OPT_ORDER) && 14 | + ((daemon->options & OPT_ORDER) != 0) && 15 | forward->forwardall == 0) 16 | /* for broken servers, attempt to send to another one. */ 17 | { 18 | -------------------------------------------------------------------------------- /contrib/Suse/dnsmasq-SuSE.patch: -------------------------------------------------------------------------------- 1 | --- man/dnsmasq.8 2004-08-08 20:57:56.000000000 +0200 2 | +++ man/dnsmasq.8 2004-08-12 00:40:01.000000000 +0200 3 | @@ -69,7 +69,7 @@ 4 | .TP 5 | .B \-g, --group= 6 | Specify the group which dnsmasq will run 7 | -as. The defaults to "dip", if available, to facilitate access to 8 | +as. The defaults to "dialout", if available, to facilitate access to 9 | /etc/ppp/resolv.conf which is not normally world readable. 10 | .TP 11 | .B \-v, --version 12 | --- src/config.h 2004-08-11 11:39:18.000000000 +0200 13 | +++ src/config.h 2004-08-12 00:40:01.000000000 +0200 14 | @@ -44,7 +44,7 @@ 15 | #endif 16 | #define DEFLEASE 3600 /* default lease time, 1 hour */ 17 | #define CHUSER "nobody" 18 | -#define CHGRP "dip" 19 | +#define CHGRP "dialout" 20 | #define DHCP_SERVER_PORT 67 21 | #define DHCP_CLIENT_PORT 68 22 | 23 | 24 | -------------------------------------------------------------------------------- /contrib/openvpn/dhclient-enter-hooks: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function save_previous() { 4 | if [ -e $1 -a ! -e $1.predhclient ]; then 5 | mv $1 $1.predhclient 6 | fi 7 | } 8 | 9 | function write_resolv_conf() { 10 | RESOLVCONF=$1 11 | if [ -n "$new_domain_name" ] || [ -n "$new_domain_name_servers" ]; then 12 | save_previous $RESOLVCONF 13 | echo '; generated by /etc/dhclient-enter-hooks' > $RESOLVCONF 14 | if [ -n "$SEARCH" ]; then 15 | echo search $SEARCH >> $RESOLVCONF 16 | else 17 | if [ -n "$new_domain_name" ]; then 18 | echo search $new_domain_name >> $RESOLVCONF 19 | fi 20 | fi 21 | chmod 644 $RESOLVCONF 22 | for nameserver in $new_domain_name_servers; do 23 | echo nameserver $nameserver >>$RESOLVCONF 24 | done 25 | fi 26 | } 27 | 28 | make_resolv_conf() { 29 | write_resolv_conf /etc/resolv.conf 30 | } 31 | -------------------------------------------------------------------------------- /bld/Android.mk: -------------------------------------------------------------------------------- 1 | LOCAL_PATH := external/dnsmasq/src 2 | 3 | ######################### 4 | 5 | include $(CLEAR_VARS) 6 | LOCAL_SRC_FILES := bpf.c cache.c dbus.c dhcp.c dnsmasq.c \ 7 | forward.c helper.c lease.c log.c \ 8 | netlink.c network.c option.c rfc1035.c \ 9 | rfc2131.c tftp.c util.c conntrack.c \ 10 | dhcp6.c rfc3315.c dhcp-common.c outpacket.c \ 11 | radv.c slaac.c auth.c ipset.c domain.c \ 12 | dnssec.c dnssec-openssl.c blockdata.c tables.c \ 13 | loop.c inotify.c poll.c rrfilter.c edns0.c arp.c crypto.c 14 | 15 | LOCAL_MODULE := dnsmasq 16 | 17 | LOCAL_C_INCLUDES := external/dnsmasq/src 18 | 19 | LOCAL_CFLAGS := -O2 -g -W -Wall -D__ANDROID__ -DNO_IPV6 -DNO_TFTP -DNO_SCRIPT 20 | LOCAL_SYSTEM_SHARED_LIBRARIES := libc libcutils 21 | 22 | LOCAL_LDLIBS := -L$(SYSROOT)/usr/lib -llog 23 | 24 | include $(BUILD_EXECUTABLE) 25 | -------------------------------------------------------------------------------- /contrib/try-all-ns/dnsmasq-2.78xx-try-all-ns.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/forward.c b/src/forward.c 2 | index e3fa94b..ecf3b98 100644 3 | --- a/src/forward.c 4 | +++ b/src/forward.c 5 | @@ -789,9 +789,12 @@ void reply_query(int fd, int family, time_t now) 6 | 7 | /* Note: if we send extra options in the EDNS0 header, we can't recreate 8 | the query from the reply. */ 9 | - if (RCODE(header) == REFUSED && 10 | - forward->forwardall == 0 && 11 | - !(forward->flags & FREC_HAS_EXTRADATA)) 12 | + if ((RCODE(header) == REFUSED && 13 | + forward->forwardall == 0 && 14 | + !(forward->flags & FREC_HAS_EXTRADATA)) || 15 | + /* If strict-order is set, try next server on NXDOMAIN reply */ 16 | + (RCODE(header) == NXDOMAIN && option_bool(OPT_ORDER) && 17 | + server->next != NULL)) 18 | /* for broken servers, attempt to send to another one. */ 19 | { 20 | unsigned char *pheader; 21 | -------------------------------------------------------------------------------- /contrib/slackware-dnsmasq/slack-desc: -------------------------------------------------------------------------------- 1 | # HOW TO EDIT THIS FILE: 2 | # The "handy ruler" below makes it easier to edit a package description. Line 3 | # up the first '|' above the ':' following the base package name, and the '|' on 4 | # the right side marks the last column you can put a character in. You must make 5 | # exactly 11 lines for the formatting to be correct. It's also customary to 6 | # leave one space after the ':'. 7 | 8 | |-----handy-ruler------------------------------------------------------| 9 | dnsmasq: dnsmasq (small DNS and DHCP server) 10 | dnsmasq: 11 | dnsmasq: Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP 12 | dnsmasq: server. It is designed to provide DNS (and optionally DHCP) to a 13 | dnsmasq: small network, and can serve the names of local machines which are not 14 | dnsmasq: in the global DNS. 15 | dnsmasq: 16 | dnsmasq: Dnsmasq was written by Simon Kelley. 17 | dnsmasq: 18 | dnsmasq: 19 | dnsmasq: 20 | -------------------------------------------------------------------------------- /debian/dnsmasq-base.postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # Create the dnsmasq user in dnsmasq-base, so that Dbus doesn't complain. 5 | 6 | # create a user to run as (code stolen from dovecot-common) 7 | if [ "$1" = "configure" ]; then 8 | if [ -z "`id -u dnsmasq 2> /dev/null`" ]; then 9 | adduser --system --home /var/lib/misc --gecos "dnsmasq" \ 10 | --no-create-home --disabled-password \ 11 | --quiet dnsmasq || true 12 | fi 13 | 14 | # Make the directory where we keep the pid file - this 15 | # has to be owned by "dnsmasq" so that the file can be unlinked. 16 | # This is only actually used by the dnsmasq binary package, not 17 | # dnsmasq-base, but it's much easier to create it here so that 18 | # we don't have synchronisation issues with the creation of the 19 | # dnsmasq user. 20 | if [ ! -d /run/dnsmasq ]; then 21 | mkdir /run/dnsmasq 22 | chown dnsmasq:nogroup /run/dnsmasq 23 | fi 24 | fi 25 | -------------------------------------------------------------------------------- /debian/copyright: -------------------------------------------------------------------------------- 1 | dnsmasq is Copyright (c) 2000-2016 Simon Kelley 2 | 3 | It was downloaded from: http://www.thekelleys.org.uk/dnsmasq/ 4 | 5 | This program is free software; you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation; version 2 dated June, 1991, or 8 | (at your option) version 3 dated 29 June, 2007. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | On Debian GNU/Linux systems, the text of the GNU general public license is 16 | available in the file /usr/share/common-licenses/GPL-2 or 17 | /usr/share/common-licenses/GPL-3 18 | 19 | The Debian package of dnsmasq was created by Simon Kelley with assistance 20 | from Lars Bahner. 21 | 22 | -------------------------------------------------------------------------------- /contrib/lease-tools/dhcp_lease_time.1: -------------------------------------------------------------------------------- 1 | .TH DHCP_LEASE_TIME 1 2 | .SH NAME 3 | dhcp_lease_time \- Query remaining time of a lease on a the local dnsmasq DHCP server. 4 | .SH SYNOPSIS 5 | .B dhcp_lease_time
6 | .SH "DESCRIPTION" 7 | Send a DHCPINFORM message to a dnsmasq server running on the local host 8 | and print (to stdout) the time remaining in any lease for the given 9 | address. The time is given as string printed to stdout. 10 | 11 | If an error occurs or no lease exists for the given address, 12 | nothing is sent to stdout a message is sent to stderr and a 13 | non-zero error code is returned. 14 | 15 | Requires dnsmasq 2.67 or later and may not work with other DHCP servers. 16 | 17 | The address argument is a dotted-quad IP addresses and mandatory. 18 | .SH LIMITATIONS 19 | Only works with IPv4 addresses and DHCP leases. 20 | .SH SEE ALSO 21 | .BR dnsmasq (8) 22 | .SH AUTHOR 23 | This manual page was written by Simon Kelley . 24 | 25 | 26 | -------------------------------------------------------------------------------- /contrib/dnslist/dhcp.css: -------------------------------------------------------------------------------- 1 | body 2 | { 3 | font-family: sans-serif; 4 | color: #000; 5 | } 6 | 7 | h1 8 | { 9 | font-size: medium; 10 | font-weight: bold; 11 | } 12 | 13 | h1 .updated 14 | { 15 | color: #999; 16 | } 17 | 18 | table 19 | { 20 | border-collapse: collapse; 21 | border-bottom: 2px solid #000; 22 | } 23 | 24 | th 25 | { 26 | background: #DDD; 27 | border-top: 2px solid #000; 28 | text-align: left; 29 | font-weight: bold; 30 | } 31 | 32 | /* Any row */ 33 | 34 | tr 35 | { 36 | border-top: 2px solid #000; 37 | } 38 | 39 | /* Any row but the first or second (overrides above rule) */ 40 | 41 | tr + tr + tr 42 | { 43 | border-top: 2px solid #999; 44 | } 45 | 46 | tr.offline td.hostname 47 | { 48 | color: #999; 49 | } 50 | 51 | .hostname { width: 10em; } 52 | .ip_addr { width: 10em; background: #DDD; } 53 | .ether_addr { width: 15em; } 54 | .client_id { width: 15em; background: #DDD; } 55 | .status { width: 5em; } 56 | .since { width: 10em; background: #DDD; } 57 | .lease { width: 10em; } 58 | -------------------------------------------------------------------------------- /contrib/static-arp/static-arp: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Contributed by Darren Hoo 4 | 5 | # If you use dnsmasq as DHCP server on a router, you may have 6 | # met with attackers trying ARP Poison Routing (APR) on your 7 | # local area network. This script will setup a 'permanent' entry 8 | # in the router's ARP table upon each DHCP transaction so as to 9 | # make the attacker's efforts less successful. 10 | 11 | # Usage: 12 | # edit /etc/dnsmasq.conf and specify the path of this script 13 | # to dhcp-script, for example: 14 | # dhcp-script=/usr/sbin/static-arp 15 | 16 | # if $1 is add or old, update the static arp table entry. 17 | # if $1 is del, then delete the entry from the table 18 | # if $1 is init which is called by dnsmasq at startup, it's ignored 19 | 20 | ARP=/usr/sbin/arp 21 | 22 | # Arguments. 23 | # $1 is action (add, del, old) 24 | # $2 is MAC 25 | # $3 is address 26 | # $4 is hostname (optional, may be unset) 27 | 28 | if [ ${1} = del ] ; then 29 | ${ARP} -d $3 30 | fi 31 | 32 | if [ ${1} = old ] || [ ${1} = add ] ; then 33 | ${ARP} -s $3 $2 34 | fi 35 | 36 | -------------------------------------------------------------------------------- /contrib/mactable/macscript: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | STATUS_FILE="/tmp/dnsmasq-ip-mac.status" 4 | 5 | # Script for dnsmasq lease-change hook. 6 | # Maintains the above file with a IP address/MAC address pairs, 7 | # one lease per line. Works with IPv4 and IPv6 leases, file is 8 | # atomically updated, so no races for users of the data. 9 | 10 | action="$1" 11 | mac="$2" # IPv4 12 | ip="$3" 13 | 14 | # ensure it always exists. 15 | 16 | if [ ! -f "$STATUS_FILE" ]; then 17 | touch "$STATUS_FILE" 18 | fi 19 | 20 | if [ -n "$DNSMASQ_IAID" ]; then 21 | mac="$DNSMASQ_MAC" # IPv6 22 | fi 23 | 24 | # worry about an add or old action when the MAC address is not known: 25 | # leave any old one in place in that case. 26 | 27 | if [ "$action" = "add" -o "$action" = "old" -o "$action" = "del" ]; then 28 | if [ -n "$mac" -o "$action" = "del" ]; then 29 | sed "/^${ip//./\.} / d" "$STATUS_FILE" > "$STATUS_FILE".new 30 | 31 | if [ "$action" = "add" -o "$action" = "old" ]; then 32 | echo "$ip $mac" >> "$STATUS_FILE".new 33 | fi 34 | mv "$STATUS_FILE".new "$STATUS_FILE" # atomic update. 35 | fi 36 | fi 37 | -------------------------------------------------------------------------------- /debian/systemd.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=dnsmasq - A lightweight DHCP and caching DNS server 3 | Requires=network.target 4 | Wants=nss-lookup.target 5 | Before=nss-lookup.target 6 | After=network.target 7 | 8 | [Service] 9 | Type=forking 10 | PIDFile=/run/dnsmasq/dnsmasq.pid 11 | 12 | # Test the config file and refuse starting if it is not valid. 13 | ExecStartPre=/usr/sbin/dnsmasq --test 14 | 15 | # We run dnsmasq via the /etc/init.d/dnsmasq script which acts as a 16 | # wrapper picking up extra configuration files and then execs dnsmasq 17 | # itself, when called with the "systemd-exec" function. 18 | ExecStart=/etc/init.d/dnsmasq systemd-exec 19 | 20 | # The systemd-*-resolvconf functions configure (and deconfigure) 21 | # resolvconf to work with the dnsmasq DNS server. They're called like 22 | # this to get correct error handling (ie don't start-resolvconf if the 23 | # dnsmasq daemon fails to start. 24 | ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf 25 | ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf 26 | 27 | 28 | ExecReload=/bin/kill -HUP $MAINPID 29 | 30 | [Install] 31 | WantedBy=multi-user.target 32 | -------------------------------------------------------------------------------- /contrib/Solaris10/README: -------------------------------------------------------------------------------- 1 | From: David Connelly 2 | Date: Mon, Apr 7, 2008 at 3:31 AM 3 | Subject: Solaris 10 service manifest 4 | To: dnsmasq-discuss@lists.thekelleys.org.uk 5 | 6 | 7 | I've found dnsmasq much easier to set up on my home server running Solaris 8 | 10 than the stock dhcp/dns server, which is probably overkill anyway for my 9 | simple home network needs. Since Solaris now uses SMF (Service Management 10 | Facility) to manage services I thought I'd create a simple service manifest 11 | for the dnsmasq service. The manifest currently assumes that dnsmasq has 12 | been installed in '/usr/local/sbin/dnsmasq' and the configuration file in 13 | '/usr/local/etc/dnsmasq.conf', so you may have to adjust these paths for 14 | your local installation. Here are the steps I followed to install and enable 15 | the dnsmasq service: 16 | # svccfg import dnsmasq.xml 17 | # svcadm enable dnsmasq 18 | 19 | To confirm that the service is enabled and online: 20 | 21 | # svcs -l dnsmasq 22 | 23 | I've just started learning about SMF so if anyone has any 24 | corrections/feedback they are more than welcome. 25 | 26 | Thanks, 27 | David 28 | 29 | -------------------------------------------------------------------------------- /bld/pkg-wrapper: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | search=$1 4 | shift 5 | pkg=$1 6 | shift 7 | op=$1 8 | shift 9 | 10 | in=`cat` 11 | 12 | if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \ 13 | echo $in | grep $search >/dev/null 2>&1; then 14 | # Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP 15 | if [ $op = "--copy" ]; then 16 | if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \ 17 | echo $in | grep $pkg >/dev/null 2>&1; then 18 | pkg="" 19 | else 20 | pkg="$*" 21 | fi 22 | elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ 23 | echo $in | grep ${search}_STATIC >/dev/null 2>&1; then 24 | pkg=`$pkg --static $op $*` 25 | else 26 | pkg=`$pkg $op $*` 27 | fi 28 | 29 | if grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ 30 | echo $in | grep ${search}_STATIC >/dev/null 2>&1; then 31 | if [ $op = "--libs" ] || [ $op = "--copy" ]; then 32 | echo "-Wl,-Bstatic $pkg -Wl,-Bdynamic" 33 | else 34 | echo "$pkg" 35 | fi 36 | else 37 | echo "$pkg" 38 | fi 39 | fi 40 | 41 | -------------------------------------------------------------------------------- /contrib/try-all-ns/dnsmasq-2.68-try-all-ns: -------------------------------------------------------------------------------- 1 | From: Jesse Glick 2 | To: dnsmasq-discuss@lists.thekelleys.org.uk 3 | Subject: Re: [Dnsmasq-discuss] Ability to delegate to one server but fall 4 | back to another after NXDOMAIN? 5 | 6 | 7 | On Wed, Jan 15, 2014 at 12:30 PM, Simon Kelley wrote: 8 | > > There's a (very old) patch in contrib/try-all-ns that would make a starting point 9 | This does not apply against trunk, so I tried to rework it. The 10 | following appears to do what I expect: 11 | 12 | diff --git a/src/forward.c b/src/forward.c 13 | index 8167229..76070b5 100644 14 | --- a/src/forward.c 15 | +++ b/src/forward.c 16 | @@ -610,7 +610,11 @@ void reply_query(int fd, int family, time_t now) 17 | 18 | if ((RCODE(header) == SERVFAIL || RCODE(header) == REFUSED) && 19 | !option_bool(OPT_ORDER) && 20 | - forward->forwardall == 0) 21 | + forward->forwardall == 0 || 22 | + /* try each in turn */ 23 | + RCODE(header) == NXDOMAIN && 24 | + option_bool(OPT_ORDER) && 25 | + server->next != NULL) 26 | /* for broken servers, attempt to send to another one. */ 27 | { 28 | unsigned char *pheader; 29 | 30 | -------------------------------------------------------------------------------- /contrib/Solaris10/README.create_package: -------------------------------------------------------------------------------- 1 | Ok, script attached ... seems to be working ok for me, 2 | tried to install and remove a few times. It does the 3 | right thing with the smf when installing, you can then 4 | simply enable the service. Upon removal it cleans up the 5 | files but won't clean up the services (I think until 6 | a reboot) ... I've only started looking at the new 7 | packages stuff in the last day or two, so I could be 8 | missing something, but I can't find any way to force 9 | a proper cleanup. 10 | 11 | It requires that you have a writable repository setup 12 | as per the docs on the opensolaris website and it will 13 | create a dnsmasq package (package name is a variable 14 | in the script). The script takes a version number for 15 | the package and assumes that it's in the contrib/Solaris10 16 | directory, it then works out the base tree directory 17 | from $0. 18 | 19 | i.e. $ contrib/Solaris10/create_package 2.52-1 20 | or $ cd contrib/Solaris10; ./create_package 2.52-1 21 | 22 | It's a bit more complex than it could be because I 23 | prefer putting the daemon in /usr/sbin and the config 24 | in /etc, so the script will actually create a new 25 | version of the existing contrib dnsmasq.xml. 26 | -------------------------------------------------------------------------------- /contrib/dnslist/dnslist.tt2: -------------------------------------------------------------------------------- 1 | 2 | 3 | DHCP Clients 4 | 5 | 6 | 7 | 8 |

DHCP Clients (updated [% updated %])

9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | [% FOREACH host IN hosts %] 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | [% END %] 30 |
HostnameIP AddressEthernet AddressDHCP Client IDStatusSinceLease Expires
[% host.hostname %][% host.ip_addr %][% host.ether_addr %][% host.text_client_id %] ([% host.raw_client_id %])[% IF host.online %]Online[% ELSE %]Offline[% END %][% host.since %][% host.text_lease %]
31 | 32 | 33 | -------------------------------------------------------------------------------- /debian/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # Code copied from dh_systemd_enable ---------------------- 5 | # This will only remove masks created by d-s-h on package removal. 6 | deb-systemd-helper unmask dnsmasq.service >/dev/null || true 7 | 8 | # was-enabled defaults to true, so new installations run enable. 9 | if deb-systemd-helper --quiet was-enabled dnsmasq.service; then 10 | # Enables the unit on first installation, creates new 11 | # symlinks on upgrades if the unit file has changed. 12 | deb-systemd-helper enable dnsmasq.service >/dev/null || true 13 | else 14 | # Update the statefile to add new symlinks (if any), which need to be 15 | # cleaned up on purge. Also remove old symlinks. 16 | deb-systemd-helper update-state dnsmasq.service >/dev/null || true 17 | fi 18 | # End code copied from dh_systemd_enable ------------------ 19 | 20 | if [ -x /etc/init.d/dnsmasq ]; then 21 | update-rc.d dnsmasq defaults 15 85 >/dev/null 22 | 23 | if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then 24 | if [ -e /run/dnsmasq/dnsmasq.pid ]; then 25 | ACTION=restart 26 | else 27 | ACTION=start 28 | fi 29 | 30 | if [ -x /usr/sbin/invoke-rc.d ] ; then 31 | invoke-rc.d dnsmasq $ACTION || true 32 | else 33 | /etc/init.d/dnsmasq $ACTION || true 34 | fi 35 | fi 36 | fi 37 | 38 | 39 | -------------------------------------------------------------------------------- /contrib/lease-tools/dhcp_release.1: -------------------------------------------------------------------------------- 1 | .TH DHCP_RELEASE 1 2 | .SH NAME 3 | dhcp_release \- Release a DHCP lease on a the local dnsmasq DHCP server. 4 | .SH SYNOPSIS 5 | .B dhcp_release
6 | .SH "DESCRIPTION" 7 | A utility which forces the DHCP server running on this machine to release a 8 | DHCP lease. 9 | .PP 10 | Send a DHCPRELEASE message via the specified interface to tell the 11 | local DHCP server to delete a particular lease. 12 | 13 | The interface argument is the interface in which a DHCP 14 | request _would_ be received if it was coming from the client, 15 | rather than being faked up here. 16 | 17 | The address argument is a dotted-quad IP addresses and mandatory. 18 | 19 | The MAC address is colon separated hex, and is mandatory. It may be 20 | prefixed by an address-type byte followed by -, eg 21 | 22 | 10-11:22:33:44:55:66 23 | 24 | but if the address-type byte is missing it is assumed to be 1, the type 25 | for ethernet. This encoding is the one used in dnsmasq lease files. 26 | 27 | The client-id is optional. If it is "*" then it treated as being missing. 28 | .SH NOTES 29 | MUST be run as root - will fail otherwise. 30 | .SH LIMITATIONS 31 | Only usable on IPv4 DHCP leases. 32 | .SH SEE ALSO 33 | .BR dnsmasq (8) 34 | .SH AUTHOR 35 | This manual page was written by Simon Kelley . 36 | 37 | 38 | -------------------------------------------------------------------------------- /bld/get-version: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Determine the version string to build into a binary. 4 | # When building in the git repository, we can use the output 5 | # of "git describe" which gives an unequivocal answer. 6 | # 7 | # Failing that, we use the contents of the VERSION file 8 | # which has a set of references substituted into it by git. 9 | # If we can find one which matches $v[0-9].* then we assume it's 10 | # a version-number tag, else we just use the whole string. 11 | # If there is more than one v[0-9].* tag, sort them and use the 12 | # first. This favours, eg v2.63 over 2.63rc6. 13 | 14 | # Change directory to the toplevel source directory. 15 | if test -z "$1" || ! test -d "$1" || ! cd "$1"; then 16 | echo "$0: First argument $1 must be toplevel dir." >&2 17 | exit 1 18 | fi 19 | 20 | if which git >/dev/null 2>&1 && \ 21 | ([ -d .git ] || grep '^gitdir:' .git >/dev/null 2>&1) && \ 22 | git describe >/dev/null 2>&1; then 23 | git describe | sed 's/^v//' 24 | elif grep '\$Format:%d\$' $1/VERSION >/dev/null 2>&1; then 25 | # unsubstituted VERSION, but no git available. 26 | echo UNKNOWN 27 | else 28 | vers=`cat $1/VERSION | sed 's/[(), ]/,/ g' | tr ',' '\n' | grep ^v[0-9]` 29 | 30 | if [ $? -eq 0 ]; then 31 | echo "${vers}" | sort -r | head -n 1 | sed 's/^v//' 32 | else 33 | cat $1/VERSION 34 | fi 35 | fi 36 | 37 | exit 0 38 | 39 | -------------------------------------------------------------------------------- /contrib/port-forward/portforward: -------------------------------------------------------------------------------- 1 | # This file is read by /usr/sbin/dnsmasq-portforward and used to set up port 2 | # forwarding to hostnames. If the dnsmasq-determined hostname matches the 3 | # first column of this file, then a DNAT port-forward will be set up 4 | # to the address which has just been allocated by DHCP . The second field 5 | # is port number(s). If there is only one, then the port-forward goes to 6 | # the same port on the DHCP-client, if there are two separated with a 7 | # colon, then the second number is the port to which the connection 8 | # is forwarded on the DHCP-client. By default, forwarding is set up 9 | # for TCP, but it can done for UDP instead by prefixing the port to "u". 10 | # To forward both TCP and UDP, two lines are required. 11 | # 12 | # eg. 13 | # wwwserver 80 14 | # will set up a port forward from port 80 on this host to port 80 15 | # at the address allocated to wwwserver whenever wwwserver gets a DHCP lease. 16 | # 17 | # wwwserver 8080:80 18 | # will set up a port forward from port 8080 on this host to port 80 19 | # on the DHCP-client. 20 | # 21 | # dnsserver 53 22 | # dnsserver u53 23 | # will port forward port 53 UDP and TCP from this host to port 53 on dnsserver. 24 | # 25 | # Port forwards will recreated when dnsmasq restarts after a reboot, and 26 | # removed when DHCP leases expire. After editing this file, send 27 | # SIGHUP to dnsmasq to install new iptables entries in the kernel. 28 | 29 | -------------------------------------------------------------------------------- /contrib/lease-tools/dhcp_release6.1: -------------------------------------------------------------------------------- 1 | .TH DHCP_RELEASE 1 2 | .SH NAME 3 | dhcp_release6 \- Release a DHCPv6 lease on a the local dnsmasq DHCP server. 4 | .SH SYNOPSIS 5 | .B dhcp_release6 --iface --client-id --server-id 6 | server-id --iaid --ip [--dry-run] [--help] 7 | .SH "DESCRIPTION" 8 | A utility which forces the DHCP server running on this machine to release a 9 | DHCPv6 lease. 10 | .SS OPTIONS 11 | .IP "-a, --ip" 12 | IPv6 address to release. 13 | .IP "-c, --client-id" 14 | Colon-separated hex string representing DHCPv6 client id. Normally 15 | it can be found in leases file both on client and server. 16 | .IP "-d, --dry-run" 17 | Print hexadecimal representation of generated DHCPv6 release packet to standard 18 | output and exit. 19 | .IP "-h, --help" 20 | print usage information to standard output and exit. 21 | .IP "-i, --iaid" 22 | Decimal representation of DHCPv6 IAID. Normally it can be found in leases file 23 | both on client and server. 24 | .IP "-n, --iface" 25 | Network interface to send a DHCPv6 release packet from. 26 | .IP "-s, --server-id" 27 | Colon-separated hex string representing DHCPv6 server id. Normally 28 | it can be found in leases file both on client and server. 29 | .SH NOTES 30 | MUST be run as root - will fail otherwise. 31 | .SH LIMITATIONS 32 | Only usable on IPv6 DHCP leases. 33 | .SH SEE ALSO 34 | .BR dnsmasq (8) 35 | .SH AUTHOR 36 | This manual page was written by Simon Kelley . 37 | 38 | 39 | -------------------------------------------------------------------------------- /contrib/dnsmasq_MacOSX-pre10.4/README.rtf: -------------------------------------------------------------------------------- 1 | {\rtf1\mac\ansicpg10000\cocoartf824\cocoasubrtf100 2 | {\fonttbl\f0\fswiss\fcharset77 Helvetica;\f1\fnil\fcharset77 Monaco;} 3 | {\colortbl;\red255\green255\blue255;} 4 | \paperw11900\paperh16840\margl1440\margr1440\vieww11120\viewh10100\viewkind0 5 | \pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\ql\qnatural\pardirnatural 6 | 7 | \f0\fs24 \cf0 1. If you've used DNSenabler, or if you're using Mac OS X Server, or if you have in any other way activated Mac OS X's built-in DHCP and/or DNS servers, disable them. This would usually involve checking that they are either set to -NO- or absent altogether in 8 | \f1 /etc/hostconfig 9 | \f0 . If you've never done anything to do with DNS or DHCP servers on a client version of MacOS X, you won't need to worry about this; it will already be configured for you.\ 10 | \ 11 | 2. Add a configuration item to 12 | \f1 /etc/hostconfig 13 | \f0 as follows:\ 14 | \ 15 | 16 | \f1 DNSMASQ=-YES- 17 | \f0 \ 18 | \ 19 | 3. Create a system-wide StartupItems directory for dnsmasq:\ 20 | \ 21 | 22 | \f1 sudo mkdir -p /Library/StartupItems/DNSmasq\ 23 | 24 | \f0 \ 25 | 4. Copy the files 26 | \f1 DNSmasq 27 | \f0 and 28 | \f1 StartupParameters.plist 29 | \f0 into this directory, and make sure the former is executable:\ 30 | \ 31 | 32 | \f1 sudo cp DNSmasq StartupParameters.plist /Library/StartupItems/DNSmasq\ 33 | sudo chmod 755 /Library/StartupItems/DNSmasq/DNSmasq\ 34 | 35 | \f0 \ 36 | 5. Start the service:\ 37 | \ 38 | 39 | \f1 sudo /Library/StartupItems/DNSmasq/DNSmasq start\ 40 | 41 | \f0 \cf0 \ 42 | That should be all...} -------------------------------------------------------------------------------- /src/ip6addr.h: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | 18 | 19 | #define IN6_IS_ADDR_ULA(a) \ 20 | ((((__const uint32_t *) (a))[0] & htonl (0xff000000)) \ 21 | == htonl (0xfd000000)) 22 | 23 | #define IN6_IS_ADDR_ULA_ZERO(a) \ 24 | (((__const uint32_t *) (a))[0] == htonl (0xfd000000) \ 25 | && ((__const uint32_t *) (a))[1] == 0 \ 26 | && ((__const uint32_t *) (a))[2] == 0 \ 27 | && ((__const uint32_t *) (a))[3] == 0) 28 | 29 | #define IN6_IS_ADDR_LINK_LOCAL_ZERO(a) \ 30 | (((__const uint32_t *) (a))[0] == htonl (0xfe800000) \ 31 | && ((__const uint32_t *) (a))[1] == 0 \ 32 | && ((__const uint32_t *) (a))[2] == 0 \ 33 | && ((__const uint32_t *) (a))[3] == 0) 34 | 35 | -------------------------------------------------------------------------------- /debian/default: -------------------------------------------------------------------------------- 1 | # This file has five functions: 2 | # 1) to completely disable starting dnsmasq, 3 | # 2) to set DOMAIN_SUFFIX by running `dnsdomainname` 4 | # 3) to select an alternative config file 5 | # by setting DNSMASQ_OPTS to --conf-file= 6 | # 4) to tell dnsmasq to read the files in /etc/dnsmasq.d for 7 | # more configuration variables. 8 | # 5) to stop the resolvconf package from controlling dnsmasq's 9 | # idea of which upstream nameservers to use. 10 | # For upgraders from very old versions, all the shell variables set 11 | # here in previous versions are still honored by the init script 12 | # so if you just keep your old version of this file nothing will break. 13 | 14 | #DOMAIN_SUFFIX=`dnsdomainname` 15 | #DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt" 16 | 17 | # Whether or not to run the dnsmasq daemon; set to 0 to disable. 18 | ENABLED=1 19 | 20 | # By default search this drop directory for configuration options. 21 | # Libvirt leaves a file here to make the system dnsmasq play nice. 22 | # Comment out this line if you don't want this. The dpkg-* are file 23 | # endings which cause dnsmasq to skip that file. This avoids pulling 24 | # in backups made by dpkg. 25 | CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new 26 | 27 | # If the resolvconf package is installed, dnsmasq will use its output 28 | # rather than the contents of /etc/resolv.conf to find upstream 29 | # nameservers. Uncommenting this line inhibits this behaviour. 30 | # Note that including a "resolv-file=" line in 31 | # /etc/dnsmasq.conf is not enough to override resolvconf if it is 32 | # installed: the line below must be uncommented. 33 | #IGNORE_RESOLVCONF=yes 34 | -------------------------------------------------------------------------------- /contrib/wrt/lease_update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2006 Simon Kelley 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; version 2 dated June, 1991. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | 14 | 15 | # if $1 is add del or old, this is a dnsmasq-called lease-change 16 | # script, update the nvram database. if $1 is init, emit a 17 | # dnsmasq-format lease file to stdout representing the current state of the 18 | # database, this is called by dnsmasq at startup. 19 | 20 | NVRAM=/usr/sbin/nvram 21 | PREFIX=dnsmasq_lease_ 22 | 23 | # Arguments. 24 | # $1 is action (add, del, old) 25 | # $2 is MAC 26 | # $3 is address 27 | # $4 is hostname (optional, may be unset) 28 | 29 | # env. 30 | # DNSMASQ_LEASE_LENGTH or DNSMASQ_LEASE_EXPIRES (which depends on HAVE_BROKEN_RTC) 31 | # DNSMASQ_CLIENT_ID (optional, may be unset) 32 | 33 | # File. 34 | # length|expires MAC addr hostname|* CLID|* 35 | 36 | # Primary key is address. 37 | 38 | if [ ${1} = init ] ; then 39 | ${NVRAM} show | sed -n -e "/^${PREFIX}.*/ s/^.*=//p" 40 | else 41 | if [ ${1} = del ] ; then 42 | ${NVRAM} unset ${PREFIX}${3} 43 | fi 44 | 45 | if [ ${1} = old ] || [ ${1} = add ] ; then 46 | ${NVRAM} set ${PREFIX}${3}="${DNSMASQ_LEASE_LENGTH:-}${DNSMASQ_LEASE_EXPIRES:-} ${2} ${3} ${4:-*} ${DNSMASQ_CLIENT_ID:-*}" 47 | fi 48 | ${NVRAM} commit 49 | fi 50 | 51 | 52 | 53 | 54 | 55 | -------------------------------------------------------------------------------- /src/radv-protocol.h: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #define ALL_NODES "FF02::1" 18 | #define ALL_ROUTERS "FF02::2" 19 | 20 | struct ping_packet { 21 | u8 type, code; 22 | u16 checksum; 23 | u16 identifier; 24 | u16 sequence_no; 25 | }; 26 | 27 | struct ra_packet { 28 | u8 type, code; 29 | u16 checksum; 30 | u8 hop_limit, flags; 31 | u16 lifetime; 32 | u32 reachable_time; 33 | u32 retrans_time; 34 | }; 35 | 36 | struct neigh_packet { 37 | u8 type, code; 38 | u16 checksum; 39 | u16 reserved; 40 | struct in6_addr target; 41 | }; 42 | 43 | struct prefix_opt { 44 | u8 type, len, prefix_len, flags; 45 | u32 valid_lifetime, preferred_lifetime, reserved; 46 | struct in6_addr prefix; 47 | }; 48 | 49 | #define ICMP6_OPT_SOURCE_MAC 1 50 | #define ICMP6_OPT_PREFIX 3 51 | #define ICMP6_OPT_MTU 5 52 | #define ICMP6_OPT_ADV_INTERVAL 7 53 | #define ICMP6_OPT_RT_INFO 24 54 | #define ICMP6_OPT_RDNSS 25 55 | #define ICMP6_OPT_DNSSL 31 56 | 57 | 58 | 59 | -------------------------------------------------------------------------------- /contrib/Suse/README.susefirewall: -------------------------------------------------------------------------------- 1 | This is a patch against SuSEfirewall2-3.1-206 (SuSE 9.x and older) 2 | It fixes the dependency from the dns daemon name 'named' 3 | After appending the patch, the SuSEfirewall is again able to autodetect 4 | the dnsmasq named service. 5 | This is a very old bug in the SuSEfirewall script. 6 | The SuSE people think the name of the dns server will always 'named' 7 | 8 | 9 | --- /sbin/SuSEfirewall2.orig 2004-01-23 13:30:09.000000000 +0100 10 | +++ /sbin/SuSEfirewall2 2004-01-23 13:31:56.000000000 +0100 11 | @@ -764,7 +764,7 @@ 12 | echo 'FW_ALLOW_INCOMING_HIGHPORTS_UDP should be set to yes, if you are running a DNS server!' 13 | 14 | test "$FW_SERVICE_AUTODETECT" = yes -o "$FW_SERVICE_AUTODETECT" = dmz -o "$FW_SERVICE_AUTODETECT" = ext && { 15 | - test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv named && { 16 | + test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv dnsmasq && { 17 | echo -e 'Warning: detected activated named, enabling FW_SERVICE_DNS! 18 | You still have to allow tcp/udp port 53 on internal, dmz and/or external.' 19 | FW_SERVICE_DNS=$FW_SERVICE_AUTODETECT 20 | @@ -878,7 +878,7 @@ 21 | test -e /etc/resolv.conf || echo "Warning: /etc/resolv.conf not found" 22 | # Get ports/IP bindings of NAMED/SQUID 23 | test "$FW_SERVICE_DNS" = yes -o "$FW_SERVICE_DNS" = dmz -o "$FW_SERVICE_DNS" = ext -o "$START_NAMED" = yes && DNS_PORT=`$LSOF -i -n -P | \ 24 | - $AWK -F: '/^named .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un` 25 | + $AWK -F: '/^dnsmasq .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un` 26 | test "$FW_SERVICE_SQUID" = yes -o "$FW_SERVICE_SQUID" = dmz -o "$FW_SERVICE_SQUID" = ext -o "$START_SQUID" = yes && SQUID_PORT=`$LSOF -i -n -P | \ 27 | $AWK -F: '/^squid .* UDP/ {print $2}'| $SORT -un` 28 | -------------------------------------------------------------------------------- /contrib/CPE-WAN/README: -------------------------------------------------------------------------------- 1 | Dnsmasq from version 2.52 has a couple of rather application-specific 2 | features designed to allow for implementation of the DHCP part of CPE 3 | WAN management protocol. 4 | 5 | http://www.broadband-forum.org/technical/download/TR-069_Amendment-2.pdf 6 | http://en.wikipedia.org/wiki/TR-069 7 | 8 | The relevant sections are F.2.1 "Gateway Requirements" and F.2.5 "DHCP 9 | Vendor Options". 10 | 11 | First, dnsmasq checks for DHCP requests which contain an option-125 12 | vendor-class option which in turn holds a vendor section for IANA 13 | enterprise number 3561 which contains sub-options codes 1 and 2. If 14 | this is present then the network-tag "cpewan-id" is set. 15 | This allows dnsmasq to be configured to reply with the correct 16 | GatewayManufacturerOUI, GatewaySerialNumber and GatewayProductClass like this: 17 | 18 | dhcp-option=cpewan-id,vi-encap:3561,4,"" 19 | dhcp-option=cpewan-id,vi-encap:3561,5,"" 20 | dhcp-option=cpewan-id,vi-encap:3561,6,"" 21 | 22 | Second, the received sub-options 1, 2, and 3 are passed to the DHCP 23 | lease-change script as the environment variables DNSMASQ_CPEWAN_OUI, 24 | DNSMASQ_CPEWAN_SERIAL, and DNSMASQ_CPEWAN_CLASS respectively. This allows 25 | the script to be used to maintain a ManageableDevice table as 26 | specified in F.2.1. Note that this data is not retained in dnsmasq's 27 | internal DHCP lease database, so it is not available on every call to 28 | the script (this is the same as some other data such as vendor and 29 | user classes). It will however be available for at least the "add" 30 | call, and should be stored then against the IP address as primary 31 | key for future use. 32 | 33 | 34 | This feature was added to dnsmasq under sponsorship from Ericsson. 35 | 36 | 37 | -------------------------------------------------------------------------------- /contrib/dbus-test/dbus-test.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import dbus 3 | 4 | bus = dbus.SystemBus() 5 | p = bus.get_object("uk.org.thekelleys.dnsmasq", "/uk/org/thekelleys/dnsmasq") 6 | l = dbus.Interface(p, dbus_interface="uk.org.thekelleys.dnsmasq") 7 | 8 | # The new more flexible SetServersEx method 9 | array = dbus.Array() 10 | array.append(["1.2.3.5"]) 11 | array.append(["1.2.3.4#664", "foobar.com"]) 12 | array.append(["1003:1234:abcd::1%eth0", "eng.mycorp.com", "lab.mycorp.com"]) 13 | print l.SetServersEx(array) 14 | 15 | # Must create a new object for dnsmasq as the introspection gives the wrong 16 | # signature for SetServers (av) while the code only expects a bunch of arguments 17 | # instead of an array of variants 18 | p = bus.get_object("uk.org.thekelleys.dnsmasq", "/uk/org/thekelleys/dnsmasq", introspect=False) 19 | l = dbus.Interface(p, dbus_interface="uk.org.thekelleys.dnsmasq") 20 | 21 | # The previous method; all addresses in machine byte order 22 | print l.SetServers(dbus.UInt32(16909060), # 1.2.3.5 23 | dbus.UInt32(16909061), # 1.2.3.4 24 | "foobar.com", 25 | dbus.Byte(0x10), # 1003:1234:abcd::1 26 | dbus.Byte(0x03), 27 | dbus.Byte(0x12), 28 | dbus.Byte(0x34), 29 | dbus.Byte(0xab), 30 | dbus.Byte(0xcd), 31 | dbus.Byte(0x00), 32 | dbus.Byte(0x00), 33 | dbus.Byte(0x00), 34 | dbus.Byte(0x00), 35 | dbus.Byte(0x00), 36 | dbus.Byte(0x00), 37 | dbus.Byte(0x00), 38 | dbus.Byte(0x00), 39 | dbus.Byte(0x00), 40 | dbus.Byte(0x01), 41 | "eng.mycorp.com", 42 | "lab.mycorp.com") 43 | 44 | -------------------------------------------------------------------------------- /contrib/slackware-dnsmasq/dnsmasq.SlackBuild: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=`pwd` 3 | PKG=/tmp/package-dnsmasq 4 | 5 | VERSION=2.24 6 | ARCH=${ARCH:-i486} 7 | BUILD=${BUILD:-1} 8 | 9 | if [ "$ARCH" = "i386" ]; then 10 | SLKCFLAGS="-O2 -march=i386 -mcpu=i686" 11 | elif [ "$ARCH" = "i486" ]; then 12 | SLKCFLAGS="-O2 -march=i486 -mcpu=i686" 13 | elif [ "$ARCH" = "s390" ]; then 14 | SLKCFLAGS="-O2" 15 | elif [ "$ARCH" = "x86_64" ]; then 16 | SLKCFLAGS="-O2" 17 | fi 18 | 19 | rm -rf $PKG 20 | mkdir -p $PKG 21 | cd /tmp 22 | rm -rf dnsmasq-$VERSION 23 | tar xzvf $CWD/dnsmasq-$VERSION.tar.gz 24 | cd dnsmasq-$VERSION 25 | zcat $CWD/dnsmasq.leasedir.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 26 | chown -R root.root . 27 | make install-i18n PREFIX=/usr DESTDIR=$PKG MANDIR=/usr/man 28 | chmod 755 $PKG/usr/sbin/dnsmasq 29 | chown -R root.bin $PKG/usr/sbin 30 | gzip -9 $PKG/usr/man/man8/dnsmasq.8 31 | for f in $PKG/usr/share/man/*; do 32 | if [ -f $$f/man8/dnsmasq.8 ]; then 33 | gzip -9 $$f/man8/dnsmasq.8 ; 34 | fi 35 | done 36 | gzip -9 $PKG/usr/man/*/man8/dnsmasq.8 37 | mkdir -p $PKG/var/state/dnsmasq 38 | ( cd $PKG 39 | find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null 40 | find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null 41 | ) 42 | mkdir $PKG/etc 43 | cat dnsmasq.conf.example > $PKG/etc/dnsmasq.conf.new 44 | mkdir $PKG/etc/rc.d 45 | zcat $CWD/rc.dnsmasq.gz > $PKG/etc/rc.d/rc.dnsmasq.new 46 | mkdir -p $PKG/usr/doc/dnsmasq-$VERSION 47 | cp -a \ 48 | CHANGELOG COPYING FAQ UPGRADING_to_2.0 doc.html setup.html \ 49 | $PKG/usr/doc/dnsmasq-$VERSION 50 | mkdir -p $PKG/install 51 | cat $CWD/slack-desc > $PKG/install/slack-desc 52 | zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh 53 | 54 | cd $PKG 55 | makepkg -l y -c n ../dnsmasq-$VERSION-$ARCH-$BUILD.tgz 56 | 57 | -------------------------------------------------------------------------------- /contrib/systemd/dbus_activation: -------------------------------------------------------------------------------- 1 | To: dnsmasq-discuss@lists.thekelleys.org.uk 2 | From: Alex Elsayed 3 | Date: Tue, 15 May 2012 01:53:54 -0700 4 | Subject: [Dnsmasq-discuss] [PATCH] Support dbus activation 5 | 6 | Introduce dbus service file and turn dbus on in the systemd 7 | unit. 8 | 9 | Note to packagers: 10 | To add support for dbus activation, you must install the dbus 11 | service file (dbus/uk.org.thekelleys.dnsmasq.service) into 12 | $DATADIR/dbus-1/system-services. 13 | 14 | --- 15 | contrib/systemd/dnsmasq.service | 2 +- 16 | dbus/uk.org.thekelleys.dnsmasq.service | 7 +++++++ 17 | 2 files changed, 8 insertions(+), 1 deletion(-) 18 | create mode 100644 dbus/uk.org.thekelleys.dnsmasq.service 19 | 20 | diff --git a/contrib/systemd/dnsmasq.service 21 | b/contrib/systemd/dnsmasq.service 22 | index a27fe6d..4a784d3 100644 23 | --- a/contrib/systemd/dnsmasq.service 24 | +++ b/contrib/systemd/dnsmasq.service 25 | @@ -5,7 +5,7 @@ Description=A lightweight DHCP and caching DNS server 26 | Type=dbus 27 | BusName=uk.org.thekelleys.dnsmasq 28 | ExecStartPre=/usr/sbin/dnsmasq --test 29 | -ExecStart=/usr/sbin/dnsmasq -k 30 | +ExecStart=/usr/sbin/dnsmasq -k -1 31 | ExecReload=/bin/kill -HUP $MAINPID 32 | 33 | [Install] 34 | diff --git a/dbus/uk.org.thekelleys.dnsmasq.service 35 | b/dbus/uk.org.thekelleys.dnsmasq.service 36 | new file mode 100644 37 | index 0000000..f5fe98d 38 | --- /dev/null 39 | +++ b/dbus/uk.org.thekelleys.dnsmasq.service 40 | @@ -0,0 +1,7 @@ 41 | +[D-BUS Service] 42 | +Name=uk.org.thekelleys.dnsmasq 43 | +Exec=/usr/sbin/dnsmasq -k -1 44 | +User=root 45 | +SystemdService=dnsmasq.service 46 | + 47 | + 48 | -- 49 | 1.7.10.2 50 | 51 | 52 | 53 | _______________________________________________ 54 | Dnsmasq-discuss mailing list 55 | Dnsmasq-discuss@lists.thekelleys.org.uk 56 | http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss 57 | 58 | -------------------------------------------------------------------------------- /contrib/MacOSX-launchd/launchd-README.txt: -------------------------------------------------------------------------------- 1 | This is a launchd item for Mac OS X and Mac OS X Server. 2 | For more information about launchd, the 3 | "System wide and per-user daemon/agent manager", see the launchd 4 | man page, or the wikipedia page: http://en.wikipedia.org/wiki/Launchd 5 | 6 | This launchd item uses the following flags: 7 | --keep-in-foreground - this is crucial for use with launchd 8 | --log-queries - this is optional and you can remove it 9 | --log-facility=/var/log/dnsmasq.log - again optional instead of system.log 10 | 11 | To use this launchd item for dnsmasq: 12 | 13 | If you don't already have a folder /Library/LaunchDaemons, then create one: 14 | sudo mkdir /Library/LaunchDaemons 15 | sudo chown root:admin /Library/LaunchDaemons 16 | sudo chmod 775 /Library/LaunchDaemons 17 | 18 | Copy uk.org.thekelleys.dnsmasq.plist there and then set ownership/permissions: 19 | sudo cp uk.org.thekelleys.dnsmasq.plist /Library/LaunchDaemons/ 20 | sudo chown root:admin /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist 21 | sudo chmod 644 /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist 22 | 23 | Optionally, edit your dnsmasq configuration file to your liking. 24 | 25 | To start the launchd job, which starts dnsmasq, reboot or use the command: 26 | sudo launchctl load /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist 27 | 28 | To stop the launchd job, which stops dnsmasq, use the command: 29 | sudo launchctl unload /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist 30 | 31 | If you want to permanently stop the launchd job, so it doesn't start the job even after a reboot, use the following command: 32 | sudo launchctl unload -w /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist 33 | 34 | If you make a change to the configuration file, you should relaunch dnsmasq; 35 | to do this unload and then load again: 36 | 37 | sudo launchctl unload /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist 38 | sudo launchctl load /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist 39 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | Source: dnsmasq 2 | Section: net 3 | Priority: optional 4 | Build-depends: gettext, libnetfilter-conntrack-dev [linux-any], 5 | libidn11-dev, libdbus-1-dev (>=0.61), libgmp-dev, 6 | nettle-dev (>=2.4-3), libbsd-dev [!linux-any] 7 | Maintainer: Simon Kelley 8 | Standards-Version: 3.9.8 9 | 10 | Package: dnsmasq 11 | Architecture: all 12 | Depends: netbase, dnsmasq-base(>= ${binary:Version}), 13 | init-system-helpers (>= 1.18~), lsb-base (>= 3.0-6) 14 | Suggests: resolvconf 15 | Conflicts: resolvconf (<<1.15) 16 | Description: Small caching DNS proxy and DHCP/TFTP server 17 | Dnsmasq is a lightweight, easy to configure, DNS forwarder and DHCP 18 | server. It is designed to provide DNS and optionally, DHCP, to a 19 | small network. It can serve the names of local machines which are 20 | not in the global DNS. The DHCP server integrates with the DNS 21 | server and allows machines with DHCP-allocated addresses 22 | to appear in the DNS with names configured either in each host or 23 | in a central configuration file. Dnsmasq supports static and dynamic 24 | DHCP leases and BOOTP/TFTP for network booting of diskless machines. 25 | 26 | Package: dnsmasq-base 27 | Architecture: any 28 | Depends: adduser, ${shlibs:Depends} 29 | Breaks: dnsmasq (<< 2.63-1~) 30 | Replaces: dnsmasq (<< 2.63-1~) 31 | Recommends: dns-root-data 32 | Description: Small caching DNS proxy and DHCP/TFTP server 33 | This package contains the dnsmasq executable and documentation, but 34 | not the infrastructure required to run it as a system daemon. For 35 | that, install the dnsmasq package. 36 | 37 | Package: dnsmasq-utils 38 | Architecture: linux-any 39 | Depends: ${shlibs:Depends} 40 | Conflicts: dnsmasq (<<2.40) 41 | Description: Utilities for manipulating DHCP leases 42 | Small utilities to query a DHCP server's lease database and 43 | remove leases from it. These programs are distributed with dnsmasq 44 | and may not work correctly with other DHCP servers. 45 | -------------------------------------------------------------------------------- /contrib/Suse/rc.dnsmasq-suse: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # init.d/dnsmasq 4 | # 5 | ### BEGIN INIT INFO 6 | # Provides: dnsmasq 7 | # Required-Start: $network $remote_fs $syslog 8 | # Required-Stop: 9 | # Default-Start: 3 5 10 | # Default-Stop: 11 | # Description: Starts internet name service masq caching server (DNS) 12 | ### END INIT INFO 13 | 14 | NAMED_BIN=/usr/sbin/dnsmasq 15 | NAMED_PID=/var/run/dnsmasq.pid 16 | NAMED_CONF=/etc/dnsmasq.conf 17 | 18 | if [ ! -x $NAMED_BIN ] ; then 19 | echo -n "dnsmasq not installed ! " 20 | exit 5 21 | fi 22 | 23 | . /etc/rc.status 24 | rc_reset 25 | 26 | case "$1" in 27 | start) 28 | echo -n "Starting name service masq caching server " 29 | checkproc -p $NAMED_PID $NAMED_BIN 30 | if [ $? -eq 0 ] ; then 31 | echo -n "- Warning: dnsmasq already running ! " 32 | else 33 | [ -e $NAMED_PID ] && echo -n "- Warning: $NAMED_PID exists ! " 34 | fi 35 | startproc -p $NAMED_PID $NAMED_BIN -u nobody 36 | rc_status -v 37 | ;; 38 | stop) 39 | echo -n "Shutting name service masq caching server " 40 | checkproc -p $NAMED_PID $NAMED_BIN 41 | [ $? -ne 0 ] && echo -n "- Warning: dnsmasq not running ! " 42 | killproc -p $NAMED_PID -TERM $NAMED_BIN 43 | rc_status -v 44 | ;; 45 | try-restart) 46 | $0 stop && $0 start 47 | rc_status 48 | ;; 49 | restart) 50 | $0 stop 51 | $0 start 52 | rc_status 53 | ;; 54 | force-reload) 55 | $0 reload 56 | rc_status 57 | ;; 58 | reload) 59 | echo -n "Reloading name service masq caching server " 60 | checkproc -p $NAMED_PID $NAMED_BIN 61 | [ $? -ne 0 ] && echo -n "- Warning: dnsmasq not running ! " 62 | killproc -p $NAMED_PID -HUP $NAMED_BIN 63 | rc_status -v 64 | ;; 65 | status) 66 | echo -n "Checking for name service masq caching server " 67 | checkproc -p $NAMED_PID $NAMED_BIN 68 | rc_status -v 69 | ;; 70 | probe) 71 | test $NAMED_CONF -nt $NAMED_PID && echo reload 72 | ;; 73 | *) 74 | echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" 75 | exit 1 76 | ;; 77 | esac 78 | rc_exit 79 | 80 | -------------------------------------------------------------------------------- /contrib/Solaris10/dnsmasq.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 16 | 17 | 18 | 19 | 23 | 24 | 25 | 26 | 29 | 30 | 31 | 32 | 35 | 36 | 37 | 38 | 39 | 40 | 44 | 45 | 49 | 50 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /contrib/port-forward/dnsmasq-portforward: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # /usr/sbin/dnsmasq-portforward 4 | # 5 | # A script which gets run when the dnsmasq DHCP lease database changes. 6 | # It logs to $LOGFILE, if it exists, and maintains port-forwards using 7 | # IP-tables so that they always point to the correct host. See 8 | # $PORTSFILE for details on configuring this. dnsmasq must be version 2.34 9 | # or later. 10 | # 11 | # To enable this script, add 12 | # dhcp-script=/usr/sbin/dnsmasq-portforward 13 | # to /etc/dnsmasq.conf 14 | # 15 | # To enable logging, touch $LOGFILE 16 | # 17 | 18 | PORTSFILE=/etc/portforward 19 | LOGFILE=/var/log/dhcp.log 20 | IPTABLES=/sbin/iptables 21 | 22 | action=${1:-0} 23 | hostname=${4} 24 | 25 | # log what's going on. 26 | if [ -f ${LOGFILE} ] ; then 27 | date +"%D %T $*" >>${LOGFILE} 28 | fi 29 | 30 | # If a lease gets stripped of a name, we see that as an "old" action 31 | # with DNSMASQ_OLD_HOSTNAME set, convert it into a "del" 32 | if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then 33 | action=del 34 | hostname=${DNSMASQ_OLD_HOSTNAME} 35 | fi 36 | 37 | # IPv6 leases are not our concern. no NAT there! 38 | if [ ${DNSMASQ_IAID} ] ; then 39 | exit 0 40 | fi 41 | 42 | # action init is not relevant, and will only be seen when leasefile-ro is set. 43 | if [ ${action} = init ] ; then 44 | exit 0 45 | fi 46 | 47 | # action tftp is not relevant. 48 | if [ ${action} = tftp ] ; then 49 | exit 0 50 | fi 51 | 52 | if [ ${hostname} ]; then 53 | ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE}) 54 | 55 | for port in $ports; do 56 | verb=removed 57 | protocol=tcp 58 | if [ ${port:0:1} = u ] ; then 59 | protocol=udp 60 | port=${port/u/} 61 | fi 62 | src=${port/:*/} 63 | dst=${port/*:/} 64 | # delete first, to avoid multiple copies of rules. 65 | ${IPTABLES} -t nat -D PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst 66 | if [ ${action} != del ] ; then 67 | ${IPTABLES} -t nat -A PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst 68 | verb=added 69 | fi 70 | if [ -f ${LOGFILE} ] ; then 71 | echo " DNAT $protocol $src to ${3}:$dst ${verb}." >>${LOGFILE} 72 | fi 73 | done 74 | fi 75 | 76 | exit 0 77 | 78 | 79 | -------------------------------------------------------------------------------- /contrib/openvpn/README: -------------------------------------------------------------------------------- 1 | The patch I have attached lets me get the behavior I wish out of 2 | dnsmasq. I also include my version of dhclient-enter-hooks as 3 | required for the switchover from pre-dnsmasq and dhclient. 4 | 5 | On 8/16/05, Joseph Tate wrote: 6 | > I'm trying to use dnsmasq on a laptop in order to facilitate openvpn 7 | > connections. As such, the only configuration option I'm concerned 8 | > about is a single server=3D/example.com/192.168.0.1 line. 9 | > 10 | > The way I currently have it set up is I modified dhclient to write its 11 | > resolv.conf data to /etc/resolv.conf.dhclient and configured 12 | > /etc/dnsmasq.conf to look there for its upstream dns servers. 13 | > /etc/resolv.conf is set to nameserver 127.0.0.1 14 | > 15 | > All of this works great. When I start the openvpn service, it the 16 | > routes, and queries to the domain in the server=3D line work just fine. 17 | > 18 | > The only problem is that the hostname for my system doesn't get set 19 | > correctly. With the resolv.conf data written to something other than 20 | > /etc/resolv.conf, the ifup scripts don't have a valid dns server to do 21 | > the ipcalc call to set the laptop's hostname. If I start dnsmasq 22 | > before the network comes up, something gets fubar'd. I'm not sure how 23 | > to describe it exactly, but network services are slow to load, and 24 | > restarting networking and dnsmasq doesn't solve the problem. Perhaps 25 | > dnsmasq is answering the dhcp request when the network starts? 26 | > Certainly not desired behavior. 27 | > 28 | > Anyway, my question: is there a way to have the best of both worlds? 29 | > DHCP requests to another server, and DNS lookups that work at all 30 | > times? 31 | > 32 | > My current best idea on how to solve this problem is modifying the 33 | > dnsmasq initscript to tweak /etc/dhclient-enter-hooks to change where 34 | > dhclient writes resolv.conf data, and fixing up /etc/resolv.conf on 35 | > the fly to set 127.0.0.1 to the nameserver (and somehow keep the 36 | > search domains intact), but I'm hoping that I'm just missing some key 37 | > piece of the puzzle and that this problem has been solved before. Any 38 | > insights? 39 | > 40 | > -- 41 | > Joseph Tate 42 | > Personal e-mail: jtate AT dragonstrider DOT com 43 | > Web: http://www.dragonstrider.com 44 | > 45 | -------------------------------------------------------------------------------- /contrib/openvpn/dnsmasq.patch: -------------------------------------------------------------------------------- 1 | --- dnsmasq-2.22/rpm/dnsmasq.rh 2005-03-24 09:51:18.000000000 -0500 2 | +++ dnsmasq-2.22/rpm/dnsmasq.rh.new 2005-08-25 10:52:04.310568784 -0400 3 | @@ -2,7 +2,7 @@ 4 | # 5 | # Startup script for the DNS caching server 6 | # 7 | -# chkconfig: 2345 99 01 8 | +# chkconfig: 2345 07 89 9 | # description: This script starts your DNS caching server 10 | # processname: dnsmasq 11 | # pidfile: /var/run/dnsmasq.pid 12 | @@ -10,6 +10,25 @@ 13 | # Source function library. 14 | . /etc/rc.d/init.d/functions 15 | 16 | +function setup_dhclient_enter_hooks() { 17 | + if [ -f /etc/dhclient-enter-hooks ]; then 18 | + . /etc/dhclient-enter-hooks 19 | + cp /etc/resolv.conf /etc/resolv.conf.dnsmasq 20 | + cp /etc/dhclient-enter-hooks /etc/dhclient-enter-hooks.dnsmasq 21 | + sed -e 's/resolv\.conf$/resolv.conf.dnsmasq/' /etc/dhclient-enter-hooks.dnsmasq > /etc/dhclient-enter-hooks 22 | + sed -e 's/\(nameserver[ tab]\+\)[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/\1127.0.0.1/' /etc/resolv.conf.dnsmasq > /etc/resolv.conf 23 | + fi 24 | +} 25 | + 26 | +function teardown_dhclient_enter_hooks() { 27 | + if [ -f /etc/dhclient-enter-hooks -a -f /etc/dhclient-enter-hooks.dnsmasq ]; then 28 | + if [ -f /etc/resolv.conf.dnsmasq ]; then 29 | + mv /etc/resolv.conf.dnsmasq /etc/resolv.conf 30 | + fi 31 | + mv /etc/dhclient-enter-hooks.dnsmasq /etc/dhclient-enter-hooks 32 | + fi 33 | +} 34 | + 35 | # Source networking configuration. 36 | . /etc/sysconfig/network 37 | 38 | @@ -24,7 +43,7 @@ 39 | MAILHOSTNAME="" 40 | # change this line if you want dns to get its upstream servers from 41 | # somewhere other that /etc/resolv.conf 42 | -RESOLV_CONF="" 43 | +RESOLV_CONF="/etc/resolv.conf.dnsmasq" 44 | # change this if you want dnsmasq to cache any "hostname" or "client-hostname" from 45 | # a dhcpd's lease file 46 | @@ -54,6 +73,7 @@ 47 | case "$1" in 48 | start) 49 | echo -n "Starting dnsmasq: " 50 | + setup_dhclient_enter_hooks 51 | daemon $dnsmasq $OPTIONS 52 | RETVAL=$? 53 | echo 54 | @@ -62,6 +82,7 @@ 55 | stop) 56 | if test "x`pidof dnsmasq`" != x; then 57 | echo -n "Shutting down dnsmasq: " 58 | + teardown_dhclient_enter_hooks 59 | killproc dnsmasq 60 | fi 61 | RETVAL=$? 62 | -------------------------------------------------------------------------------- /contrib/webmin/README: -------------------------------------------------------------------------------- 1 | 2 | This is the README for the Dnsmasq webmin module. 3 | 4 | Problems: 5 | 6 | 1) There's only basic error checking - if you enter some bad 7 | addresses or names, they will go straight into the config file 8 | although we do check for things like IP addresses being of 9 | the correct form (no letters, 4 groups of up to 3 digits 10 | separated by dots etc). One thing that ISN'T CHECKED FOR is 11 | that IP dotted quads are all numbers < 256. Another is that 12 | netmasks are logical (you could enter a netmask of 255.0.255.0 13 | for example). Essentially, if it'll pass the config file 14 | regex scanner (and the above examples will), it won't be 15 | flagged as "bad" even if it is a big no-no for dnsmasq itself. 16 | 17 | 2) Code is ugly and a kludge - I ain't a programmer! There are probably 18 | a lot of things that could be done to tidy up the code - eg, 19 | it probably wouldn't hurt to move some common stuff into the lib file. 20 | 21 | 3) I've used the %text hash and written an english lang file, but 22 | I am mono-lingual so no other language support as yet. 23 | 24 | 4) for reasons unknown to me, the icon does not appear properly 25 | on the servers page of webmin (at least it doesn't for me!) 26 | 27 | 5) icons have been shamelessly stolen from the ipfilter module, 28 | specifically the up and down arrows. 29 | 30 | 6) if you delete an item, the config file will contain 31 | an otherwise empty, but commented line. This means that if 32 | you add some new stuff, then delete it, the config file 33 | will have a number of lines at the end that are just comments. 34 | Therefore, the config file could possibly grow quite large. 35 | 36 | 7) NO INCLUDE FILES! 37 | if you use an include file, it'll be flagged as an error. 38 | OK if the include file line is commented out though. 39 | 40 | 8) deprecated lines not supported (eg user and group) - they 41 | may produce an error! (user and group don't, but you can't change 42 | them) 43 | 44 | IOW, it works, it's just not very elegant and not very robust. 45 | 46 | Hope you find it useful though - I do, as I prevents me having to ever 47 | wade through the config file and man pages again. 48 | 49 | If you modify it, or add a language file, and you have a spare moment, 50 | please e-mail me - I won't be upset at all if you fix my poor coding! 51 | (rather the opposite - I'd be pleased someone found it useful) 52 | 53 | Cheers, 54 | Neil Fisher 55 | -------------------------------------------------------------------------------- /contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch: -------------------------------------------------------------------------------- 1 | diff -Nau dnsmasq-2.35/src/dnsmasq.h dnsmasq/src/dnsmasq.h 2 | --- dnsmasq-2.35/src/dnsmasq.h 2006-10-18 16:24:50.000000000 -0400 3 | +++ dnsmasq/src/dnsmasq.h 2006-11-16 22:06:31.000000000 -0500 4 | @@ -112,6 +112,7 @@ 5 | #define OPT_NO_PING 2097152 6 | #define OPT_LEASE_RO 4194304 7 | #define OPT_RELOAD 8388608 8 | +#define OPT_TRY_ALL_NS 16777216 9 | 10 | struct all_addr { 11 | union { 12 | diff -Nau dnsmasq-2.35/src/forward.c dnsmasq/src/forward.c 13 | --- dnsmasq-2.35/src/forward.c 2006-10-18 16:24:50.000000000 -0400 14 | +++ dnsmasq/src/forward.c 2006-11-16 22:08:19.000000000 -0500 15 | @@ -445,6 +445,10 @@ 16 | { 17 | struct server *server = forward->sentto; 18 | 19 | + // If strict-order and try-all-ns are set, treat NXDOMAIN as a failed request 20 | + if( (daemon->options & OPT_ORDER) && (daemon->options && OPT_TRY_ALL_NS) 21 | + && header->rcode == NXDOMAIN ) header->rcode = SERVFAIL; 22 | + 23 | if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && forward->forwardall == 0) 24 | /* for broken servers, attempt to send to another one. */ 25 | { 26 | diff -Nau dnsmasq-2.35/src/option.c dnsmasq/src/option.c 27 | --- dnsmasq-2.35/src/option.c 2006-10-18 16:24:50.000000000 -0400 28 | +++ dnsmasq/src/option.c 2006-11-16 22:10:36.000000000 -0500 29 | @@ -28,7 +28,7 @@ 30 | 31 | /* options which don't have a one-char version */ 32 | #define LOPT_RELOAD 256 33 | - 34 | +#define LOPT_TRY_ALL_NS 257 35 | 36 | #ifdef HAVE_GETOPT_LONG 37 | static const struct option opts[] = 38 | @@ -102,6 +102,7 @@ 39 | {"leasefile-ro", 0, 0, '9'}, 40 | {"dns-forward-max", 1, 0, '0'}, 41 | {"clear-on-reload", 0, 0, LOPT_RELOAD }, 42 | + {"try-all-ns", 0, 0, LOPT_TRY_ALL_NS }, 43 | { NULL, 0, 0, 0 } 44 | }; 45 | 46 | @@ -134,6 +135,7 @@ 47 | { '5', OPT_NO_PING }, 48 | { '9', OPT_LEASE_RO }, 49 | { LOPT_RELOAD, OPT_RELOAD }, 50 | + { LOPT_TRY_ALL_NS,OPT_TRY_ALL_NS }, 51 | { 'v', 0}, 52 | { 'w', 0}, 53 | { 0, 0 } 54 | @@ -208,6 +210,7 @@ 55 | { "-9, --leasefile-ro", gettext_noop("Read leases at startup, but never write the lease file."), NULL }, 56 | { "-0, --dns-forward-max=", gettext_noop("Maximum number of concurrent DNS queries. (defaults to %s)"), "!" }, 57 | { " --clear-on-reload", gettext_noop("Clear DNS cache when reloading %s."), RESOLVFILE }, 58 | + { " --try-all-ns", gettext_noop("Try all name servers in tandem on NXDOMAIN replies (use with strict-order)."), NULL }, 59 | { NULL, NULL, NULL } 60 | }; 61 | 62 | -------------------------------------------------------------------------------- /debian/resolvconf: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Script to update the resolver list for dnsmasq 4 | # 5 | # N.B. Resolvconf may run us even if dnsmasq is not (yet) running. 6 | # If dnsmasq is installed then we go ahead and update the resolver list 7 | # in case dnsmasq is started later. 8 | # 9 | # Assumption: On entry, PWD contains the resolv.conf-type files. 10 | # 11 | # This file is part of the dnsmasq package. 12 | # 13 | 14 | set -e 15 | 16 | RUN_DIR="/run/dnsmasq" 17 | RSLVRLIST_FILE="${RUN_DIR}/resolv.conf" 18 | TMP_FILE="${RSLVRLIST_FILE}_new.$$" 19 | MY_NAME_FOR_RESOLVCONF="dnsmasq" 20 | 21 | [ -x /usr/sbin/dnsmasq ] || exit 0 22 | [ -x /lib/resolvconf/list-records ] || exit 1 23 | 24 | PATH=/bin:/sbin 25 | 26 | report_err() { echo "$0: Error: $*" >&2 ; } 27 | 28 | # Stores arguments (minus duplicates) in RSLT, separated by spaces 29 | # Doesn't work properly if an argument itself contains whitespace 30 | uniquify() 31 | { 32 | RSLT="" 33 | while [ "$1" ] ; do 34 | for E in $RSLT ; do 35 | [ "$1" = "$E" ] && { shift ; continue 2 ; } 36 | done 37 | RSLT="${RSLT:+$RSLT }$1" 38 | shift 39 | done 40 | } 41 | 42 | if [ ! -d "$RUN_DIR" ] && ! mkdir --parents --mode=0755 "$RUN_DIR" ; then 43 | report_err "Failed trying to create directory $RUN_DIR" 44 | exit 1 45 | fi 46 | 47 | RSLVCNFFILES="" 48 | for F in $(/lib/resolvconf/list-records --after "lo.$MY_NAME_FOR_RESOLVCONF") ; do 49 | case "$F" in 50 | "lo.$MY_NAME_FOR_RESOLVCONF") 51 | # Omit own record 52 | ;; 53 | lo.*) 54 | # Include no more records after one for a local nameserver 55 | RSLVCNFFILES="${RSLVCNFFILES:+$RSLVCNFFILES }$F" 56 | break 57 | ;; 58 | *) 59 | RSLVCNFFILES="${RSLVCNFFILES:+$RSLVCNFFILES }$F" 60 | ;; 61 | esac 62 | done 63 | 64 | NMSRVRS="" 65 | if [ "$RSLVCNFFILES" ] ; then 66 | uniquify $(sed -n -e 's/^[[:space:]]*nameserver[[:space:]]\+//p' $RSLVCNFFILES) 67 | NMSRVRS="$RSLT" 68 | fi 69 | 70 | # Dnsmasq uses the mtime of $RSLVRLIST_FILE, with a resolution of one second, 71 | # to detect changes in the file. This means that if a resolvconf update occurs 72 | # within one second of the previous one then dnsmasq may fail to notice the 73 | # more recent change. To work around this problem we sleep one second here 74 | # if necessary in order to ensure that the new mtime is different. 75 | if [ -f "$RSLVRLIST_FILE" ] && [ "$(ls -go --time-style='+%s' "$RSLVRLIST_FILE" | { read p h s t n ; echo "$t" ; })" = "$(date +%s)" ] ; then 76 | sleep 1 77 | fi 78 | 79 | clean_up() { rm -f "$TMP_FILE" ; } 80 | trap clean_up EXIT 81 | : >| "$TMP_FILE" 82 | for N in $NMSRVRS ; do echo "nameserver $N" >> "$TMP_FILE" ; done 83 | mv -f "$TMP_FILE" "$RSLVRLIST_FILE" 84 | 85 | -------------------------------------------------------------------------------- /src/dhcp6-protocol.h: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #define DHCPV6_SERVER_PORT 547 18 | #define DHCPV6_CLIENT_PORT 546 19 | 20 | #define ALL_SERVERS "FF05::1:3" 21 | #define ALL_RELAY_AGENTS_AND_SERVERS "FF02::1:2" 22 | 23 | #define DHCP6SOLICIT 1 24 | #define DHCP6ADVERTISE 2 25 | #define DHCP6REQUEST 3 26 | #define DHCP6CONFIRM 4 27 | #define DHCP6RENEW 5 28 | #define DHCP6REBIND 6 29 | #define DHCP6REPLY 7 30 | #define DHCP6RELEASE 8 31 | #define DHCP6DECLINE 9 32 | #define DHCP6RECONFIGURE 10 33 | #define DHCP6IREQ 11 34 | #define DHCP6RELAYFORW 12 35 | #define DHCP6RELAYREPL 13 36 | 37 | #define OPTION6_CLIENT_ID 1 38 | #define OPTION6_SERVER_ID 2 39 | #define OPTION6_IA_NA 3 40 | #define OPTION6_IA_TA 4 41 | #define OPTION6_IAADDR 5 42 | #define OPTION6_ORO 6 43 | #define OPTION6_PREFERENCE 7 44 | #define OPTION6_ELAPSED_TIME 8 45 | #define OPTION6_RELAY_MSG 9 46 | #define OPTION6_AUTH 11 47 | #define OPTION6_UNICAST 12 48 | #define OPTION6_STATUS_CODE 13 49 | #define OPTION6_RAPID_COMMIT 14 50 | #define OPTION6_USER_CLASS 15 51 | #define OPTION6_VENDOR_CLASS 16 52 | #define OPTION6_VENDOR_OPTS 17 53 | #define OPTION6_INTERFACE_ID 18 54 | #define OPTION6_RECONFIGURE_MSG 19 55 | #define OPTION6_RECONF_ACCEPT 20 56 | #define OPTION6_DNS_SERVER 23 57 | #define OPTION6_DOMAIN_SEARCH 24 58 | #define OPTION6_REFRESH_TIME 32 59 | #define OPTION6_REMOTE_ID 37 60 | #define OPTION6_SUBSCRIBER_ID 38 61 | #define OPTION6_FQDN 39 62 | #define OPTION6_CLIENT_MAC 79 63 | 64 | /* replace this with the real number when allocated. 65 | defining this also enables the relevant code. */ 66 | /* #define OPTION6_PREFIX_CLASS 99 */ 67 | 68 | 69 | #define DHCP6SUCCESS 0 70 | #define DHCP6UNSPEC 1 71 | #define DHCP6NOADDRS 2 72 | #define DHCP6NOBINDING 3 73 | #define DHCP6NOTONLINK 4 74 | #define DHCP6USEMULTI 5 75 | 76 | -------------------------------------------------------------------------------- /contrib/conntrack/README: -------------------------------------------------------------------------------- 1 | Linux iptables includes that ability to mark individual network packets 2 | with a "firewall mark". Additionally there is a component called 3 | "conntrack" which tries to string sequences of related packets together 4 | into a "connection" (it even relates sequences of UDP and ICMP packets). 5 | There is a related mark for a connection called a "connection mark". 6 | Marks can be copied freely between the firewall and connection marks 7 | 8 | Using these two features it become possible to tag all related traffic 9 | in arbitrary ways, eg authenticated users, traffic from a particular IP, 10 | port, etc. Unfortunately any kind of "proxy" breaks this relationship 11 | because network packets go in one side of the proxy and a completely new 12 | connection comes out of the other side. However, sometimes, we want to 13 | maintain that relationship through the proxy and continue the connection 14 | mark on packets upstream of our proxy 15 | 16 | Dnsmasq includes such a feature enabled by the --conntrack 17 | option. This allows, for example, using iptables to mark traffic from 18 | a particular IP, and that mark to be persisted to requests made *by* 19 | Dnsmasq. Such a feature could be useful for bandwidth accounting, 20 | captive portals and the like. Note a similar feature has been 21 | implemented in Squid 2.2 22 | 23 | 24 | As an example consider the following iptables rules: 25 | 26 | 27 | 1) iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark 28 | 2) iptables -t mangle -A PREROUTING -m mark --mark 0 -s 192.168.111.137 29 | -j MARK --set-mark 137 30 | 3) iptables -t mangle -A PREROUTING -j CONNMARK --save-mark 31 | 32 | 4) iptables -t mangle -A OUTPUT -m mark ! --mark 0 -j CONNMARK --save-mark 33 | 34 | 1-3) are all applied to the PREROUTING table and affect all packets 35 | entering the firewall. 36 | 37 | 1) copies any existing connection mark into the firewall mark. 2) Checks 38 | the packet not already marked and if not applies an arbitrary mark based 39 | on IP address. 3) Saves the firewall mark back to the connection mark 40 | (which will persist it across related packets) 41 | 42 | 4) is applied to the OUTPUT table, which is where we first see packets 43 | generated locally. Dnsmasq will have already copied the firewall mark 44 | from the request, across to the new packet, and so all that remains is 45 | for iptables to copy it to the connection mark so it's persisted across 46 | packets. 47 | 48 | Note: iptables can be quite confusing to the beginner. The following 49 | diagram is extremely helpful in understanding the flows 50 | http://linux-ip.net/nf/nfk-traversal.png 51 | Additionally the following URL contains a useful "starting guide" on 52 | linux connection tracking/marking 53 | http://home.regit.org/netfilter-en/netfilter-connmark/ 54 | 55 | -------------------------------------------------------------------------------- /src/outpacket.c: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | 18 | #include "dnsmasq.h" 19 | 20 | #ifdef HAVE_DHCP6 21 | 22 | static size_t outpacket_counter; 23 | 24 | void end_opt6(int container) 25 | { 26 | void *p = daemon->outpacket.iov_base + container + 2; 27 | u16 len = outpacket_counter - container - 4 ; 28 | 29 | PUTSHORT(len, p); 30 | } 31 | 32 | void reset_counter(void) 33 | { 34 | /* Clear out buffer when starting from beginning */ 35 | if (daemon->outpacket.iov_base) 36 | memset(daemon->outpacket.iov_base, 0, daemon->outpacket.iov_len); 37 | 38 | save_counter(0); 39 | } 40 | 41 | int save_counter(int newval) 42 | { 43 | int ret = outpacket_counter; 44 | 45 | if (newval != -1) 46 | outpacket_counter = newval; 47 | 48 | return ret; 49 | } 50 | 51 | void *expand(size_t headroom) 52 | { 53 | void *ret; 54 | 55 | if (expand_buf(&daemon->outpacket, outpacket_counter + headroom)) 56 | { 57 | ret = daemon->outpacket.iov_base + outpacket_counter; 58 | outpacket_counter += headroom; 59 | return ret; 60 | } 61 | 62 | return NULL; 63 | } 64 | 65 | int new_opt6(int opt) 66 | { 67 | int ret = outpacket_counter; 68 | void *p; 69 | 70 | if ((p = expand(4))) 71 | { 72 | PUTSHORT(opt, p); 73 | PUTSHORT(0, p); 74 | } 75 | 76 | return ret; 77 | } 78 | 79 | void *put_opt6(void *data, size_t len) 80 | { 81 | void *p; 82 | 83 | if ((p = expand(len)) && data) 84 | memcpy(p, data, len); 85 | 86 | return p; 87 | } 88 | 89 | void put_opt6_long(unsigned int val) 90 | { 91 | void *p; 92 | 93 | if ((p = expand(4))) 94 | PUTLONG(val, p); 95 | } 96 | 97 | void put_opt6_short(unsigned int val) 98 | { 99 | void *p; 100 | 101 | if ((p = expand(2))) 102 | PUTSHORT(val, p); 103 | } 104 | 105 | void put_opt6_char(unsigned int val) 106 | { 107 | unsigned char *p; 108 | 109 | if ((p = expand(1))) 110 | *p = val; 111 | } 112 | 113 | void put_opt6_string(char *s) 114 | { 115 | put_opt6(s, strlen(s)); 116 | } 117 | 118 | #endif 119 | -------------------------------------------------------------------------------- /contrib/Solaris10/create_package: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # For our package, and for the SMF script, we need to define where we 5 | # want things to go... 6 | # 7 | BIN_DIR="/usr/sbin" 8 | CONF_DIR="/etc" 9 | MAN_DIR="/usr/share/man/man8" 10 | 11 | PACKAGE_NAME="dnsmasq" 12 | 13 | # 14 | # Since we know we are in the contrib directory we can work out where 15 | # the rest of the tree is... 16 | # 17 | BASEDIR="`dirname $0`/../.." 18 | 19 | # 20 | # We need a version number to use for the package creation... 21 | # 22 | if [ $# != 1 ]; then 23 | echo "Usage: $0 " >&2 24 | exit 1 25 | fi 26 | VERSION="$1" 27 | 28 | # 29 | # First thing we do is fix-up the smf file to use the paths we prefer... 30 | # 31 | if [ ! -f "${BASEDIR}/contrib/Solaris10/dnsmasq.xml" ]; then 32 | echo "$0: unable to find contrib/Solaris10/dnsmasq.xml" >&2 33 | exit 1 34 | fi 35 | 36 | echo "Fixing up smf file ... \c" 37 | cat "${BASEDIR}/contrib/Solaris10/dnsmasq.xml" | \ 38 | sed -e "s%/usr/local/etc%${CONF_DIR}%" \ 39 | -e "s%/usr/local/sbin%${BIN_DIR}%" \ 40 | -e "s%/usr/local/man%${MAN_DIR}%" > ${BASEDIR}/contrib/Solaris10/dnsmasq-pkg.xml 41 | echo "done." 42 | 43 | echo "Creating packaging file ... \c" 44 | cat <${BASEDIR}/contrib/Solaris10/dnsmasq_package.inc 45 | # 46 | # header 47 | # 48 | set name=pkg.name value="dnsmasq" 49 | set name=pkg.description value="dnsmasq daemon - dns, dhcp, tftp etc" 50 | set name=pkg.detailed_url value="http://www.thekelleys.org.uk/dnsmasq/doc.html" 51 | set name=info.maintainer value="TBD (tbd@tbd.com)" 52 | set name=info.upstream value="dnsmasq-discuss@lists.thekelleys.org.uk" 53 | set name=info.upstream_url value="http://www.thekelleys.org.uk/dnsmasq/doc.html" 54 | # 55 | # dependencies ... none? 56 | # 57 | 58 | # 59 | # directories 60 | # 61 | dir mode=0755 owner=root group=bin path=${BIN_DIR}/ 62 | dir mode=0755 owner=root group=sys path=${CONF_DIR}/ 63 | dir mode=0755 owner=root group=sys path=${MAN_DIR}/ 64 | dir mode=0755 owner=root group=sys path=/var/ 65 | dir mode=0755 owner=root group=sys path=/var/svc 66 | dir mode=0755 owner=root group=sys path=/var/svc/manifest 67 | dir mode=0755 owner=root group=sys path=/var/svc/manifest/network 68 | 69 | # 70 | # files 71 | # 72 | file ${BASEDIR}/src/dnsmasq mode=0555 owner=root group=bin path=${BIN_DIR}/dnsmasq 73 | file ${BASEDIR}/man/dnsmasq.8 mode=0555 owner=root group=bin path=${MAN_DIR}/dnsmasq.8 74 | file ${BASEDIR}/dnsmasq.conf.example mode=0644 owner=root group=sys path=${CONF_DIR}/dnsmasq.conf preserve=strawberry 75 | file ${BASEDIR}/contrib/Solaris10/dnsmasq-pkg.xml mode=0644 owner=root group=sys path=/var/svc/manifest/network/dnsmasq.xml restart_fmri=svc:/system/manifest-import:default 76 | 77 | EOF 78 | echo "done." 79 | 80 | echo "Creating package..." 81 | eval `pkgsend open ${PACKAGE_NAME}@${VERSION}` 82 | pkgsend include ${BASEDIR}/contrib/Solaris10/dnsmasq_package.inc 83 | if [ "$?" = 0 ]; then 84 | pkgsend close 85 | else 86 | echo "Errors" 87 | fi 88 | -------------------------------------------------------------------------------- /src/conntrack.c: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #include "dnsmasq.h" 18 | 19 | #ifdef HAVE_CONNTRACK 20 | 21 | #include 22 | 23 | static int gotit = 0; /* yuck */ 24 | 25 | static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data); 26 | 27 | int get_incoming_mark(union mysockaddr *peer_addr, struct all_addr *local_addr, int istcp, unsigned int *markp) 28 | { 29 | struct nf_conntrack *ct; 30 | struct nfct_handle *h; 31 | 32 | gotit = 0; 33 | 34 | if ((ct = nfct_new())) 35 | { 36 | nfct_set_attr_u8(ct, ATTR_L4PROTO, istcp ? IPPROTO_TCP : IPPROTO_UDP); 37 | nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(daemon->port)); 38 | 39 | #ifdef HAVE_IPV6 40 | if (peer_addr->sa.sa_family == AF_INET6) 41 | { 42 | nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6); 43 | nfct_set_attr(ct, ATTR_IPV6_SRC, peer_addr->in6.sin6_addr.s6_addr); 44 | nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in6.sin6_port); 45 | nfct_set_attr(ct, ATTR_IPV6_DST, local_addr->addr.addr6.s6_addr); 46 | } 47 | else 48 | #endif 49 | { 50 | nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); 51 | nfct_set_attr_u32(ct, ATTR_IPV4_SRC, peer_addr->in.sin_addr.s_addr); 52 | nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in.sin_port); 53 | nfct_set_attr_u32(ct, ATTR_IPV4_DST, local_addr->addr.addr4.s_addr); 54 | } 55 | 56 | 57 | if ((h = nfct_open(CONNTRACK, 0))) 58 | { 59 | nfct_callback_register(h, NFCT_T_ALL, callback, (void *)markp); 60 | if (nfct_query(h, NFCT_Q_GET, ct) == -1) 61 | { 62 | static int warned = 0; 63 | if (!warned) 64 | { 65 | my_syslog(LOG_ERR, _("Conntrack connection mark retrieval failed: %s"), strerror(errno)); 66 | warned = 1; 67 | } 68 | } 69 | nfct_close(h); 70 | } 71 | nfct_destroy(ct); 72 | } 73 | 74 | return gotit; 75 | } 76 | 77 | static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data) 78 | { 79 | unsigned int *ret = (unsigned int *)data; 80 | *ret = nfct_get_attr_u32(ct, ATTR_MARK); 81 | (void)type; /* eliminate warning */ 82 | gotit = 1; 83 | 84 | return NFCT_CB_CONTINUE; 85 | } 86 | 87 | #endif 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /contrib/wrt/README: -------------------------------------------------------------------------------- 1 | This script can be used to implement persistent leases on openWRT, DD-WRT 2 | etc. Persistent leases are good: if the lease database is lost on a 3 | reboot, then it will eventually be restored as hosts renew their 4 | leases. Until a host renews (which may take hours/days) it will 5 | not exist in the DNS if dnsmasq's DDNS function is in use. 6 | 7 | *WRT systems remount all non-volatile filesystems read-only after boot, 8 | so the normal leasefile will not work. They do, however have NV 9 | storage, accessed with the nvram command: 10 | 11 | /usr/lib # nvram 12 | usage: nvram [get name] [set name=value] [unset name] [show] 13 | 14 | The principle is that leases are kept in NV variable with data 15 | corresponding to the line in a leasefile: 16 | 17 | dnsmasq_lease_192.168.1.56=3600 00:41:4a:05:80:74 192.168.1.56 * * 18 | 19 | By giving dnsmasq the leasefile-ro command, it no longer creates or writes a 20 | leasefile; responsibility for maintaining the lease database transfers 21 | to the lease change script. At startup, in leasefile-ro mode, 22 | dnsmasq will run 23 | 24 | " init" 25 | 26 | and read whatever that command spits out, expecting it to 27 | be in dnsmasq leasefile format. 28 | 29 | So the lease change script, given "init" as argv[1] will 30 | suck existing leases out of the NVRAM and emit them from 31 | stdout in the correct format. 32 | 33 | The second part of the problem is keeping the NVRAM up-to-date: this 34 | is done by the lease-change script which dnsmasq runs when a lease is 35 | updated. When it is called with argv[1] as "old", "add", or "del" 36 | it updates the relevant nvram entry. 37 | 38 | So, dnsmasq should be run as : 39 | 40 | dnsmasq --leasefile-ro --dhcp-script=/path/to/lease_update.sh 41 | 42 | or the same flags added to /etc/dnsmasq.conf 43 | 44 | 45 | 46 | Notes: 47 | 48 | This needs dnsmasq-2.33 or later to work. 49 | 50 | This technique will work with, or without, compilation with 51 | HAVE_BROKEN_RTC. Compiling with HAVE_BROKEN_RTC is 52 | _highly_recommended_ for this application since is avoids problems 53 | with the system clock being warped by NTP, and it vastly reduces the 54 | number of writes to the NVRAM. With HAVE_BROKEN_RTC, NVRAM is updated 55 | only when a lease is created or destroyed; without it, a write occurs 56 | every time a lease is renewed. 57 | 58 | It probably makes sense to restrict the number of active DHCP leases 59 | to an appropriate number using dhcp-lease-max. On a new DD_WRT system, 60 | there are about 10K bytes free in the NVRAM. Each lease record is 61 | about 100 bytes, so restricting the number of leases to 50 will limit 62 | use to half that. (The default limit in the distributed source is 150) 63 | 64 | Any UI script which reads the dnsmasq leasefile will have to be 65 | amended, probably by changing it to read the output of 66 | `lease_update init` instead. 67 | 68 | 69 | Thanks: 70 | 71 | To Steve Horbachuk for checks on the script and debugging beyond the 72 | call of duty. 73 | 74 | 75 | Simon Kelley 76 | Fri Jul 28 11:51:13 BST 2006 77 | 78 | 79 | 80 | 81 | 82 | -------------------------------------------------------------------------------- /contrib/reverse-dns/reverse_replace.sh: -------------------------------------------------------------------------------- 1 | #!/bin/ash 2 | # $Id: reverse_replace.sh 18 2015-03-01 16:12:35Z jo $ 3 | # 4 | # Usage e.g.: netstat -n -4 | reverse_replace.sh 5 | # Parses stdin for IP4 addresses and replaces them 6 | # with names retrieved by parsing the dnsmasq log. 7 | # This currently only gives CNAMEs. But these 8 | # usually tell you more than the ones from reverse 9 | # lookups. 10 | # 11 | # This has been tested on debian and asuswrt. Please 12 | # report successful tests on other platforms. 13 | # 14 | # Author: Joachim Zobel 15 | # License: Consider this MIT style licensed. You can 16 | # do as you ike, but you must not remove my name. 17 | # 18 | 19 | LOG=/var/log/dnsmasq.log 20 | MAX_LINES=15000 21 | 22 | # sed regex do match IPs 23 | IP_regex='[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' 24 | # private IP ranges 25 | IP_private='\(^127\.\)\|\(^192\.168\.\)\|\(^10\.\)\|\(^172\.1[6-9]\.\)\|\(^172\.2[0-9]\.\)\|\(^172\.3[0-1]\.\)' 26 | 27 | ####################################################################### 28 | # Find Commands 29 | 30 | HOST=nslookup 31 | if type host > /dev/null 2>&1; then 32 | # echo "No need for nslookup, host is there" 33 | HOST=host 34 | fi 35 | 36 | ####################################################################### 37 | # Functions 38 | 39 | # Use shell variables for an (IP) lookup table 40 | create_lookup_table() 41 | { 42 | # Parse log into lookup table 43 | local CMDS="$( tail -"$MAX_LINES" "$LOG" | \ 44 | grep " is $IP_regex" | \ 45 | sed "s#.* \([^ ]*\) is \($IP_regex\).*#set_val \2 \1;#" )" 46 | 47 | local IFS=' 48 | ' 49 | for CMD in $CMDS 50 | do 51 | eval $CMD 52 | done 53 | } 54 | 55 | set_val() 56 | { 57 | local _IP=$(echo $1 | tr . _) 58 | local KEY="__IP__$_IP" 59 | eval "$KEY"=$2 60 | } 61 | 62 | get_val() 63 | { 64 | local _IP=$(echo $1 | tr . _) 65 | local KEY="__IP__$_IP" 66 | eval echo -n '${'"$KEY"'}' 67 | } 68 | 69 | dns_lookup() 70 | { 71 | local IP=$1 72 | 73 | local RTN="$($HOST $IP | \ 74 | sed 's#\s\+#\n#g' | \ 75 | grep -v '^$' | \ 76 | tail -1 | tr -d '\n' | \ 77 | sed 's#\.$##')" 78 | if echo $RTN | grep -q NXDOMAIN; then 79 | echo -n $IP 80 | else 81 | echo -n "$RTN" 82 | fi 83 | } 84 | 85 | reverse_dns() 86 | { 87 | local IP=$1 88 | 89 | # Skip if it is not an IP 90 | if ! echo $IP | grep -q "^$IP_regex$"; then 91 | echo -n $IP 92 | return 93 | fi 94 | 95 | # Do a dns lookup, if it is a local IP 96 | if echo $IP | grep -q $IP_private; then 97 | dns_lookup $IP 98 | return 99 | fi 100 | 101 | local NAME="$(get_val $IP)" 102 | 103 | if [ -z "$NAME" ]; then 104 | echo -n $IP 105 | else 106 | echo -n $NAME 107 | fi 108 | } 109 | 110 | ####################################################################### 111 | # Main 112 | create_lookup_table 113 | 114 | while read LINE; do 115 | for IP in $(echo "$LINE" | \ 116 | sed "s#\b\($IP_regex\)\b#\n\1\n#g" | \ 117 | grep $IP_regex) 118 | do 119 | NAME=`reverse_dns $IP ` 120 | # echo "$NAME $IP" 121 | LINE=`echo "$LINE" | sed "s#$IP#$NAME#" ` 122 | done 123 | echo $LINE 124 | done 125 | 126 | -------------------------------------------------------------------------------- /src/poll.c: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #include "dnsmasq.h" 18 | 19 | /* Wrapper for poll(). Allocates and extends array of struct pollfds, 20 | keeps them in fd order so that we can set and test conditions on 21 | fd using a simple but efficient binary chop. */ 22 | 23 | /* poll_reset() 24 | poll_listen(fd, event) 25 | . 26 | . 27 | poll_listen(fd, event); 28 | 29 | hits = do_poll(timeout); 30 | 31 | if (poll_check(fd, event) 32 | . 33 | . 34 | 35 | if (poll_check(fd, event) 36 | . 37 | . 38 | 39 | event is OR of POLLIN, POLLOUT, POLLERR, etc 40 | */ 41 | 42 | static struct pollfd *pollfds = NULL; 43 | static nfds_t nfds, arrsize = 0; 44 | 45 | /* Binary search. Returns either the pollfd with fd, or 46 | if the fd doesn't match, or return equals nfds, the entry 47 | to the left of which a new record should be inserted. */ 48 | static nfds_t fd_search(int fd) 49 | { 50 | nfds_t left, right, mid; 51 | 52 | if ((right = nfds) == 0) 53 | return 0; 54 | 55 | left = 0; 56 | 57 | while (1) 58 | { 59 | if (right == left + 1) 60 | return (pollfds[left].fd >= fd) ? left : right; 61 | 62 | mid = (left + right)/2; 63 | 64 | if (pollfds[mid].fd > fd) 65 | right = mid; 66 | else 67 | left = mid; 68 | } 69 | } 70 | 71 | void poll_reset(void) 72 | { 73 | nfds = 0; 74 | } 75 | 76 | int do_poll(int timeout) 77 | { 78 | return poll(pollfds, nfds, timeout); 79 | } 80 | 81 | int poll_check(int fd, short event) 82 | { 83 | nfds_t i = fd_search(fd); 84 | 85 | if (i < nfds && pollfds[i].fd == fd) 86 | return pollfds[i].revents & event; 87 | 88 | return 0; 89 | } 90 | 91 | void poll_listen(int fd, short event) 92 | { 93 | nfds_t i = fd_search(fd); 94 | 95 | if (i < nfds && pollfds[i].fd == fd) 96 | pollfds[i].events |= event; 97 | else 98 | { 99 | if (arrsize != nfds) 100 | memmove(&pollfds[i+1], &pollfds[i], (nfds - i) * sizeof(struct pollfd)); 101 | else 102 | { 103 | /* Array too small, extend. */ 104 | struct pollfd *new; 105 | 106 | arrsize = (arrsize == 0) ? 64 : arrsize * 2; 107 | 108 | if (!(new = whine_malloc(arrsize * sizeof(struct pollfd)))) 109 | return; 110 | 111 | if (pollfds) 112 | { 113 | memcpy(new, pollfds, i * sizeof(struct pollfd)); 114 | memcpy(&new[i+1], &pollfds[i], (nfds - i) * sizeof(struct pollfd)); 115 | free(pollfds); 116 | } 117 | 118 | pollfds = new; 119 | } 120 | 121 | pollfds[i].fd = fd; 122 | pollfds[i].events = event; 123 | nfds++; 124 | } 125 | } 126 | -------------------------------------------------------------------------------- /src/loop.c: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #include "dnsmasq.h" 18 | 19 | #ifdef HAVE_LOOP 20 | static ssize_t loop_make_probe(u32 uid); 21 | 22 | void loop_send_probes() 23 | { 24 | struct server *serv; 25 | 26 | if (!option_bool(OPT_LOOP_DETECT)) 27 | return; 28 | 29 | /* Loop through all upstream servers not for particular domains, and send a query to that server which is 30 | identifiable, via the uid. If we see that query back again, then the server is looping, and we should not use it. */ 31 | for (serv = daemon->servers; serv; serv = serv->next) 32 | if (!(serv->flags & 33 | (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_LOOP))) 34 | { 35 | ssize_t len = loop_make_probe(serv->uid); 36 | int fd; 37 | struct randfd *rfd = NULL; 38 | 39 | if (serv->sfd) 40 | fd = serv->sfd->fd; 41 | else 42 | { 43 | if (!(rfd = allocate_rfd(serv->addr.sa.sa_family))) 44 | continue; 45 | fd = rfd->fd; 46 | } 47 | 48 | while (retry_send(sendto(fd, daemon->packet, len, 0, 49 | &serv->addr.sa, sa_len(&serv->addr)))); 50 | 51 | free_rfd(rfd); 52 | } 53 | } 54 | 55 | static ssize_t loop_make_probe(u32 uid) 56 | { 57 | struct dns_header *header = (struct dns_header *)daemon->packet; 58 | unsigned char *p = (unsigned char *)(header+1); 59 | 60 | /* packet buffer overwritten */ 61 | daemon->srv_save = NULL; 62 | 63 | header->id = rand16(); 64 | header->ancount = header->nscount = header->arcount = htons(0); 65 | header->qdcount = htons(1); 66 | header->hb3 = HB3_RD; 67 | header->hb4 = 0; 68 | SET_OPCODE(header, QUERY); 69 | 70 | *p++ = 8; 71 | sprintf((char *)p, "%.8x", uid); 72 | p += 8; 73 | *p++ = strlen(LOOP_TEST_DOMAIN); 74 | strcpy((char *)p, LOOP_TEST_DOMAIN); /* Add terminating zero */ 75 | p += strlen(LOOP_TEST_DOMAIN) + 1; 76 | 77 | PUTSHORT(LOOP_TEST_TYPE, p); 78 | PUTSHORT(C_IN, p); 79 | 80 | return p - (unsigned char *)header; 81 | } 82 | 83 | 84 | int detect_loop(char *query, int type) 85 | { 86 | int i; 87 | u32 uid; 88 | struct server *serv; 89 | 90 | if (!option_bool(OPT_LOOP_DETECT)) 91 | return 0; 92 | 93 | if (type != LOOP_TEST_TYPE || 94 | strlen(LOOP_TEST_DOMAIN) + 9 != strlen(query) || 95 | strstr(query, LOOP_TEST_DOMAIN) != query + 9) 96 | return 0; 97 | 98 | for (i = 0; i < 8; i++) 99 | if (!isxdigit(query[i])) 100 | return 0; 101 | 102 | uid = strtol(query, NULL, 16); 103 | 104 | for (serv = daemon->servers; serv; serv = serv->next) 105 | if (!(serv->flags & 106 | (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_LOOP)) && 107 | uid == serv->uid) 108 | { 109 | serv->flags |= SERV_LOOP; 110 | check_servers(); /* log new state */ 111 | return 1; 112 | } 113 | 114 | return 0; 115 | } 116 | 117 | #endif 118 | -------------------------------------------------------------------------------- /contrib/Suse/dnsmasq-suse.spec: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # 3 | # General 4 | # 5 | ############################################################################### 6 | 7 | Name: dnsmasq 8 | Version: 2.33 9 | Release: 1 10 | Copyright: GPL 11 | Group: Productivity/Networking/DNS/Servers 12 | Vendor: Simon Kelley 13 | Packager: Simon Kelley 14 | URL: http://www.thekelleys.org.uk/dnsmasq 15 | Provides: dns_daemon 16 | Conflicts: bind bind8 bind9 17 | PreReq: %fillup_prereq %insserv_prereq 18 | Autoreqprov: on 19 | Source0: %{name}-%{version}.tar.bz2 20 | BuildRoot: /var/tmp/%{name}-%{version} 21 | Summary: A lightweight caching nameserver 22 | 23 | %description 24 | Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It 25 | is designed to provide DNS and, optionally, DHCP, to a small network. It can 26 | serve the names of local machines which are not in the global DNS. The DHCP 27 | server integrates with the DNS server and allows machines with DHCP-allocated 28 | addresses to appear in the DNS with names configured either in each host or 29 | in a central configuration file. Dnsmasq supports static and dynamic DHCP 30 | leases and BOOTP for network booting of diskless machines. 31 | 32 | 33 | 34 | ############################################################################### 35 | # 36 | # Build 37 | # 38 | ############################################################################### 39 | 40 | %prep 41 | %setup -q 42 | patch -p0 . 15 | */ 16 | #define DHCP_SERVER_PORT 67 17 | #define DHCP_CLIENT_PORT 68 18 | #define DHCP_SERVER_ALTPORT 1067 19 | #define DHCP_CLIENT_ALTPORT 1068 20 | #define PXE_PORT 4011 21 | 22 | /* These each hold a DHCP option max size 255 23 | and get a terminating zero added */ 24 | #define DHCP_BUFF_SZ 256 25 | 26 | #define BOOTREQUEST 1 27 | #define BOOTREPLY 2 28 | #define DHCP_COOKIE 0x63825363 29 | 30 | /* The Linux in-kernel DHCP client silently ignores any packet 31 | smaller than this. Sigh........... */ 32 | #define MIN_PACKETSZ 300 33 | 34 | #define OPTION_PAD 0 35 | #define OPTION_NETMASK 1 36 | #define OPTION_ROUTER 3 37 | #define OPTION_DNSSERVER 6 38 | #define OPTION_HOSTNAME 12 39 | #define OPTION_DOMAINNAME 15 40 | #define OPTION_BROADCAST 28 41 | #define OPTION_VENDOR_CLASS_OPT 43 42 | #define OPTION_REQUESTED_IP 50 43 | #define OPTION_LEASE_TIME 51 44 | #define OPTION_OVERLOAD 52 45 | #define OPTION_MESSAGE_TYPE 53 46 | #define OPTION_SERVER_IDENTIFIER 54 47 | #define OPTION_REQUESTED_OPTIONS 55 48 | #define OPTION_MESSAGE 56 49 | #define OPTION_MAXMESSAGE 57 50 | #define OPTION_T1 58 51 | #define OPTION_T2 59 52 | #define OPTION_VENDOR_ID 60 53 | #define OPTION_CLIENT_ID 61 54 | #define OPTION_SNAME 66 55 | #define OPTION_FILENAME 67 56 | #define OPTION_USER_CLASS 77 57 | #define OPTION_CLIENT_FQDN 81 58 | #define OPTION_AGENT_ID 82 59 | #define OPTION_ARCH 93 60 | #define OPTION_PXE_UUID 97 61 | #define OPTION_SUBNET_SELECT 118 62 | #define OPTION_DOMAIN_SEARCH 119 63 | #define OPTION_SIP_SERVER 120 64 | #define OPTION_VENDOR_IDENT 124 65 | #define OPTION_VENDOR_IDENT_OPT 125 66 | #define OPTION_END 255 67 | 68 | #define SUBOPT_CIRCUIT_ID 1 69 | #define SUBOPT_REMOTE_ID 2 70 | #define SUBOPT_SUBNET_SELECT 5 /* RFC 3527 */ 71 | #define SUBOPT_SUBSCR_ID 6 /* RFC 3393 */ 72 | #define SUBOPT_SERVER_OR 11 /* RFC 5107 */ 73 | 74 | #define SUBOPT_PXE_BOOT_ITEM 71 /* PXE standard */ 75 | #define SUBOPT_PXE_DISCOVERY 6 76 | #define SUBOPT_PXE_SERVERS 8 77 | #define SUBOPT_PXE_MENU 9 78 | #define SUBOPT_PXE_MENU_PROMPT 10 79 | 80 | #define DHCPDISCOVER 1 81 | #define DHCPOFFER 2 82 | #define DHCPREQUEST 3 83 | #define DHCPDECLINE 4 84 | #define DHCPACK 5 85 | #define DHCPNAK 6 86 | #define DHCPRELEASE 7 87 | #define DHCPINFORM 8 88 | 89 | #define BRDBAND_FORUM_IANA 3561 /* Broadband forum IANA enterprise */ 90 | 91 | #define DHCP_CHADDR_MAX 16 92 | 93 | struct dhcp_packet { 94 | u8 op, htype, hlen, hops; 95 | u32 xid; 96 | u16 secs, flags; 97 | struct in_addr ciaddr, yiaddr, siaddr, giaddr; 98 | u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128]; 99 | u8 options[312]; 100 | }; 101 | -------------------------------------------------------------------------------- /src/tables.c: -------------------------------------------------------------------------------- 1 | /* tables.c is Copyright (c) 2014 Sven Falempin All Rights Reserved. 2 | 3 | Author's email: sfalempin@citypassenger.com 4 | 5 | This program is free software; you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation; version 2 dated June, 1991, or 8 | (at your option) version 3 dated 29 June, 2007. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include "dnsmasq.h" 20 | 21 | #if defined(HAVE_IPSET) && defined(HAVE_BSD_NETWORK) 22 | 23 | #include 24 | 25 | #include 26 | #include 27 | 28 | #include 29 | #include 30 | #include 31 | 32 | #include 33 | #include 34 | #include 35 | 36 | #define UNUSED(x) (void)(x) 37 | 38 | static char *pf_device = "/dev/pf"; 39 | static int dev = -1; 40 | 41 | static char *pfr_strerror(int errnum) 42 | { 43 | switch (errnum) 44 | { 45 | case ESRCH: 46 | return "Table does not exist"; 47 | case ENOENT: 48 | return "Anchor or Ruleset does not exist"; 49 | default: 50 | return strerror(errnum); 51 | } 52 | } 53 | 54 | 55 | void ipset_init(void) 56 | { 57 | dev = open( pf_device, O_RDWR); 58 | if (dev == -1) 59 | { 60 | err(1, "%s", pf_device); 61 | die (_("failed to access pf devices: %s"), NULL, EC_MISC); 62 | } 63 | } 64 | 65 | int add_to_ipset(const char *setname, const struct all_addr *ipaddr, 66 | int flags, int remove) 67 | { 68 | struct pfr_addr addr; 69 | struct pfioc_table io; 70 | struct pfr_table table; 71 | 72 | if (dev == -1) 73 | { 74 | my_syslog(LOG_ERR, _("warning: no opened pf devices %s"), pf_device); 75 | return -1; 76 | } 77 | 78 | bzero(&table, sizeof(struct pfr_table)); 79 | table.pfrt_flags |= PFR_TFLAG_PERSIST; 80 | if (strlen(setname) >= PF_TABLE_NAME_SIZE) 81 | { 82 | my_syslog(LOG_ERR, _("error: cannot use table name %s"), setname); 83 | errno = ENAMETOOLONG; 84 | return -1; 85 | } 86 | 87 | if (strlcpy(table.pfrt_name, setname, 88 | sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name)) 89 | { 90 | my_syslog(LOG_ERR, _("error: cannot strlcpy table name %s"), setname); 91 | return -1; 92 | } 93 | 94 | bzero(&io, sizeof io); 95 | io.pfrio_flags = 0; 96 | io.pfrio_buffer = &table; 97 | io.pfrio_esize = sizeof(table); 98 | io.pfrio_size = 1; 99 | if (ioctl(dev, DIOCRADDTABLES, &io)) 100 | { 101 | my_syslog(LOG_WARNING, _("IPset: error:%s"), pfr_strerror(errno)); 102 | 103 | return -1; 104 | } 105 | 106 | table.pfrt_flags &= ~PFR_TFLAG_PERSIST; 107 | if (io.pfrio_nadd) 108 | my_syslog(LOG_INFO, _("info: table created")); 109 | 110 | bzero(&addr, sizeof(addr)); 111 | #ifdef HAVE_IPV6 112 | if (flags & F_IPV6) 113 | { 114 | addr.pfra_af = AF_INET6; 115 | addr.pfra_net = 0x80; 116 | memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); 117 | } 118 | else 119 | #endif 120 | { 121 | addr.pfra_af = AF_INET; 122 | addr.pfra_net = 0x20; 123 | addr.pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr; 124 | } 125 | 126 | bzero(&io, sizeof(io)); 127 | io.pfrio_flags = 0; 128 | io.pfrio_table = table; 129 | io.pfrio_buffer = &addr; 130 | io.pfrio_esize = sizeof(addr); 131 | io.pfrio_size = 1; 132 | if (ioctl(dev, ( remove ? DIOCRDELADDRS : DIOCRADDADDRS ), &io)) 133 | { 134 | my_syslog(LOG_WARNING, _("warning: DIOCR%sADDRS: %s"), ( remove ? "DEL" : "ADD" ), pfr_strerror(errno)); 135 | return -1; 136 | } 137 | 138 | my_syslog(LOG_INFO, _("%d addresses %s"), 139 | io.pfrio_nadd, ( remove ? "removed" : "added" )); 140 | 141 | return io.pfrio_nadd; 142 | } 143 | 144 | 145 | #endif 146 | -------------------------------------------------------------------------------- /src/blockdata.c: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #include "dnsmasq.h" 18 | 19 | #ifdef HAVE_DNSSEC 20 | 21 | static struct blockdata *keyblock_free; 22 | static unsigned int blockdata_count, blockdata_hwm, blockdata_alloced; 23 | 24 | static void blockdata_expand(int n) 25 | { 26 | struct blockdata *new = whine_malloc(n * sizeof(struct blockdata)); 27 | 28 | if (new) 29 | { 30 | int i; 31 | 32 | new[n-1].next = keyblock_free; 33 | keyblock_free = new; 34 | 35 | for (i = 0; i < n - 1; i++) 36 | new[i].next = &new[i+1]; 37 | 38 | blockdata_alloced += n; 39 | } 40 | } 41 | 42 | /* Preallocate some blocks, proportional to cachesize, to reduce heap fragmentation. */ 43 | void blockdata_init(void) 44 | { 45 | keyblock_free = NULL; 46 | blockdata_alloced = 0; 47 | blockdata_count = 0; 48 | blockdata_hwm = 0; 49 | 50 | /* Note that daemon->cachesize is enforced to have non-zero size if OPT_DNSSEC_VALID is set */ 51 | if (option_bool(OPT_DNSSEC_VALID)) 52 | blockdata_expand((daemon->cachesize * 100) / sizeof(struct blockdata)); 53 | } 54 | 55 | void blockdata_report(void) 56 | { 57 | if (option_bool(OPT_DNSSEC_VALID)) 58 | my_syslog(LOG_INFO, _("DNSSEC memory in use %u, max %u, allocated %u"), 59 | blockdata_count * sizeof(struct blockdata), 60 | blockdata_hwm * sizeof(struct blockdata), 61 | blockdata_alloced * sizeof(struct blockdata)); 62 | } 63 | 64 | struct blockdata *blockdata_alloc(char *data, size_t len) 65 | { 66 | struct blockdata *block, *ret = NULL; 67 | struct blockdata **prev = &ret; 68 | size_t blen; 69 | 70 | while (len > 0) 71 | { 72 | if (!keyblock_free) 73 | blockdata_expand(50); 74 | 75 | if (keyblock_free) 76 | { 77 | block = keyblock_free; 78 | keyblock_free = block->next; 79 | blockdata_count++; 80 | } 81 | else 82 | { 83 | /* failed to alloc, free partial chain */ 84 | blockdata_free(ret); 85 | return NULL; 86 | } 87 | 88 | if (blockdata_hwm < blockdata_count) 89 | blockdata_hwm = blockdata_count; 90 | 91 | blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len; 92 | memcpy(block->key, data, blen); 93 | data += blen; 94 | len -= blen; 95 | *prev = block; 96 | prev = &block->next; 97 | block->next = NULL; 98 | } 99 | 100 | return ret; 101 | } 102 | 103 | 104 | void blockdata_free(struct blockdata *blocks) 105 | { 106 | struct blockdata *tmp; 107 | 108 | if (blocks) 109 | { 110 | for (tmp = blocks; tmp->next; tmp = tmp->next) 111 | blockdata_count--; 112 | tmp->next = keyblock_free; 113 | keyblock_free = blocks; 114 | blockdata_count--; 115 | } 116 | } 117 | 118 | /* if data == NULL, return pointer to static block of sufficient size */ 119 | void *blockdata_retrieve(struct blockdata *block, size_t len, void *data) 120 | { 121 | size_t blen; 122 | struct blockdata *b; 123 | void *new, *d; 124 | 125 | static unsigned int buff_len = 0; 126 | static unsigned char *buff = NULL; 127 | 128 | if (!data) 129 | { 130 | if (len > buff_len) 131 | { 132 | if (!(new = whine_malloc(len))) 133 | return NULL; 134 | if (buff) 135 | free(buff); 136 | buff = new; 137 | } 138 | data = buff; 139 | } 140 | 141 | for (d = data, b = block; len > 0 && b; b = b->next) 142 | { 143 | blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len; 144 | memcpy(d, b->key, blen); 145 | d += blen; 146 | len -= blen; 147 | } 148 | 149 | return data; 150 | } 151 | 152 | #endif 153 | -------------------------------------------------------------------------------- /debian/readme: -------------------------------------------------------------------------------- 1 | Notes on configuring dnsmasq as packaged for Debian. 2 | 3 | (1) To configure dnsmasq edit /etc/dnsmasq.conf. The file is well 4 | commented; see also the dnsmasq.8 man page for explanation of 5 | the options. The file /etc/default/dnsmasq also exists but it 6 | shouldn't need to be touched in most cases. To set up DHCP 7 | options you might need to refer to a copy of RFC 2132. This is 8 | available on Debian systems in the package doc-rfc-std as the file 9 | /usr/share/doc/RFC/draft-standard/rfc2132.txt.gz . 10 | 11 | (2) Installing the dnsmasq package also creates the directory 12 | /etc/dnsmasq.d which is searched by dnsmasq for configuration file 13 | fragments. This behaviour can be disabled by editing 14 | /etc/default/dnsmasq. 15 | 16 | (3) If the Debian resolvconf package is installed then, regardless 17 | of what interface configuration daemons are employed, the list of 18 | nameservers to which dnsmasq should forward queries can be found 19 | in /var/run/dnsmasq/resolv.conf; also, 127.0.0.1 is listed as the 20 | first nameserver address in /etc/resolv.conf. This works using the 21 | default configurations of resolvconf and dnsmasq. 22 | 23 | (4) In the absence of resolvconf, if you are using dhcpcd then 24 | dnsmasq should read the list of nameservers from the automatically 25 | generated file /etc/dhcpc/resolv.conf. You should list 127.0.0.1 26 | as the first nameserver address in /etc/resolv.conf. 27 | 28 | (5) In the absence of resolvconf, if you are using pppd then 29 | dnsmasq should read the list of nameservers from the automatically 30 | generated file /etc/ppp/resolv.conf. You should list 127.0.0.1 31 | as the first nameserver address in /etc/resolv.conf. 32 | 33 | (6) In the absence of resolvconf, dns-nameservers lines in 34 | /etc/network/interfaces are ignored. If you do not use 35 | resolvconf, list 127.0.0.1 as the first nameserver address 36 | in /etc/resolv.conf and configure your nameservers using 37 | "server=" lines in /etc/dnsmasq.conf. 38 | 39 | (7) If you run multiple DNS servers on a single machine, each 40 | listening on a different interface, then it is necessary to use 41 | the bind-interfaces option by uncommenting "bind-interfaces" in 42 | /etc/dnsmasq.conf. This option stops dnsmasq from binding the 43 | wildcard address and allows servers listening on port 53 on 44 | interfaces not in use by dnsmasq to work. The Debian 45 | libvirt package will add a configuration file in /etc/dnsmasq.d 46 | which does this so that the "system" dnsmasq and "private" dnsmasq 47 | instances started by libvirt do not clash. 48 | 49 | (8) The following options are supported in DEB_BUILD_OPTIONS 50 | noopt : compile without optimisation. 51 | nostrip : don't remove symbols from binary. 52 | nodocs : omit documentation. 53 | notftp : omit TFTP support. 54 | nodhcp : omit DHCP support. 55 | nodhcp6 : omit DHCPv6 support. 56 | noscript : omit lease-change script support. 57 | use_lua : provide support for lease-change scripts written 58 | in Lua. 59 | noipv6 : omit IPv6 support. 60 | nodbus : omit DBus support. 61 | noconntrack : omit connection tracking support. 62 | noipset : omit IPset support. 63 | nortc : compile alternate mode suitable for systems without an RTC. 64 | noi18n : omit translations and internationalisation support. 65 | noidn : omit international domain name support, must be 66 | combined with noi18n to be effective. 67 | gitversion : set the version of the produced packages from the 68 | git-derived versioning information on the source, 69 | rather than the debian changelog. 70 | 71 | (9) Dnsmasq comes as three packages - dnsmasq-utils, dnsmasq-base and 72 | dnsmasq. Dnsmasq-base provides the dnsmasq executable and 73 | documentation (including this file). Dnsmasq, which depends on 74 | dnsmasq-base, provides the init script and configuration 75 | infrastructure. This file assumes that both are installed. It is 76 | possible to install only dnsmasq-base and use dnsmasq as a 77 | non-"system" daemon. Libvirt, for instance, does this. 78 | Dnsmasq-utils provides the utilities dhcp_release and 79 | dhcp_lease_time. 80 | -------------------------------------------------------------------------------- /bld/bloat-o-meter: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # Copyright 2004 Matt Mackall 4 | # 5 | # Inspired by perl Bloat-O-Meter (c) 1997 by Andi Kleen 6 | # 7 | # This software may be used and distributed according to the terms 8 | # of the GNU General Public License, incorporated herein by reference. 9 | 10 | import sys, os#, re 11 | 12 | def usage(): 13 | sys.stderr.write("usage: %s [-t] file1 file2\n" % sys.argv[0]) 14 | sys.exit(-1) 15 | 16 | f1, f2 = (None, None) 17 | flag_timing, dashes = (False, False) 18 | 19 | for f in sys.argv[1:]: 20 | if f.startswith("-"): 21 | if f == "--": # sym_args 22 | dashes = True 23 | break 24 | if f == "-t": # timings 25 | flag_timing = True 26 | else: 27 | if not os.path.exists(f): 28 | sys.stderr.write("Error: file '%s' does not exist\n" % f) 29 | usage() 30 | if f1 is None: 31 | f1 = f 32 | elif f2 is None: 33 | f2 = f 34 | if flag_timing: 35 | import time 36 | if f1 is None or f2 is None: 37 | usage() 38 | 39 | sym_args = " ".join(sys.argv[3 + flag_timing + dashes:]) 40 | def getsizes(file): 41 | sym, alias, lut = {}, {}, {} 42 | for l in os.popen("readelf -W -s %s %s" % (sym_args, file)).readlines(): 43 | l = l.strip() 44 | if not (len(l) and l[0].isdigit() and len(l.split()) == 8): 45 | continue 46 | num, value, size, typ, bind, vis, ndx, name = l.split() 47 | if ndx == "UND": continue # skip undefined 48 | if typ in ["SECTION", "FILES"]: continue # skip sections and files 49 | if "." in name: name = "static." + name.split(".")[0] 50 | value = int(value, 16) 51 | size = int(size, 16) if size.startswith('0x') else int(size) 52 | if vis != "DEFAULT" and bind != "GLOBAL": # see if it is an alias 53 | alias[(value, size)] = {"name" : name} 54 | else: 55 | sym[name] = {"addr" : value, "size": size} 56 | lut[(value, size)] = 0 57 | for addr, sz in iter(alias.keys()): 58 | # If the non-GLOBAL sym has an implementation elsewhere then 59 | # it's an alias, disregard it. 60 | if not (addr, sz) in lut: 61 | # If this non-GLOBAL sym does not have an implementation at 62 | # another address, then treat it as a normal symbol. 63 | sym[alias[(addr, sz)]["name"]] = {"addr" : addr, "size": sz} 64 | for l in os.popen("readelf -W -S " + file).readlines(): 65 | x = l.split() 66 | if len(x)<6: continue 67 | # Should take these into account too! 68 | #if x[1] not in [".text", ".rodata", ".symtab", ".strtab"]: continue 69 | if x[1] not in [".rodata"]: continue 70 | sym[x[1]] = {"addr" : int(x[3], 16), "size" : int(x[5], 16)} 71 | return sym 72 | 73 | if flag_timing: 74 | start_t1 = int(time.time() * 1e9) 75 | old = getsizes(f1) 76 | if flag_timing: 77 | end_t1 = int(time.time() * 1e9) 78 | start_t2 = int(time.time() * 1e9) 79 | new = getsizes(f2) 80 | if flag_timing: 81 | end_t2 = int(time.time() * 1e9) 82 | start_t3 = int(time.time() * 1e9) 83 | grow, shrink, add, remove, up, down = 0, 0, 0, 0, 0, 0 84 | delta, common = [], {} 85 | 86 | for name in iter(old.keys()): 87 | if name in new: 88 | common[name] = 1 89 | 90 | for name in old: 91 | if name not in common: 92 | remove += 1 93 | sz = old[name]["size"] 94 | down += sz 95 | delta.append((-sz, name)) 96 | 97 | for name in new: 98 | if name not in common: 99 | add += 1 100 | sz = new[name]["size"] 101 | up += sz 102 | delta.append((sz, name)) 103 | 104 | for name in common: 105 | d = new[name].get("size", 0) - old[name].get("size", 0) 106 | if d>0: grow, up = grow+1, up+d 107 | elif d<0: shrink, down = shrink+1, down-d 108 | else: 109 | continue 110 | delta.append((d, name)) 111 | 112 | delta.sort() 113 | delta.reverse() 114 | if flag_timing: 115 | end_t3 = int(time.time() * 1e9) 116 | 117 | print("%-48s %7s %7s %+7s" % ("function", "old", "new", "delta")) 118 | for d, n in delta: 119 | if d: 120 | old_sz = old.get(n, {}).get("size", "-") 121 | new_sz = new.get(n, {}).get("size", "-") 122 | print("%-48s %7s %7s %+7d" % (n, old_sz, new_sz, d)) 123 | print("-"*78) 124 | total="(add/remove: %s/%s grow/shrink: %s/%s up/down: %s/%s)%%sTotal: %s bytes"\ 125 | % (add, remove, grow, shrink, up, -down, up-down) 126 | print(total % (" "*(80-len(total)))) 127 | if flag_timing: 128 | print("\n%d/%d; %d Parse origin/new; processing nsecs" % 129 | (end_t1-start_t1, end_t2-start_t2, end_t3-start_t3)) 130 | print("total nsecs: %d" % (end_t3-start_t1)) 131 | -------------------------------------------------------------------------------- /src/dns-protocol.h: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #define NAMESERVER_PORT 53 18 | #define TFTP_PORT 69 19 | #define MAX_PORT 65535u 20 | 21 | #define IN6ADDRSZ 16 22 | #define INADDRSZ 4 23 | 24 | #define PACKETSZ 512 /* maximum packet size */ 25 | #define MAXDNAME 1025 /* maximum presentation domain name */ 26 | #define RRFIXEDSZ 10 /* #/bytes of fixed data in r record */ 27 | #define MAXLABEL 63 /* maximum length of domain label */ 28 | 29 | #define NOERROR 0 /* no error */ 30 | #define FORMERR 1 /* format error */ 31 | #define SERVFAIL 2 /* server failure */ 32 | #define NXDOMAIN 3 /* non existent domain */ 33 | #define NOTIMP 4 /* not implemented */ 34 | #define REFUSED 5 /* query refused */ 35 | 36 | #define QUERY 0 /* opcode */ 37 | 38 | #define C_IN 1 /* the arpa internet */ 39 | #define C_CHAOS 3 /* for chaos net (MIT) */ 40 | #define C_HESIOD 4 /* hesiod */ 41 | #define C_ANY 255 /* wildcard match */ 42 | 43 | #define T_A 1 44 | #define T_NS 2 45 | #define T_MD 3 46 | #define T_MF 4 47 | #define T_CNAME 5 48 | #define T_SOA 6 49 | #define T_MB 7 50 | #define T_MG 8 51 | #define T_MR 9 52 | #define T_PTR 12 53 | #define T_MINFO 14 54 | #define T_MX 15 55 | #define T_TXT 16 56 | #define T_RP 17 57 | #define T_AFSDB 18 58 | #define T_RT 21 59 | #define T_SIG 24 60 | #define T_PX 26 61 | #define T_AAAA 28 62 | #define T_NXT 30 63 | #define T_SRV 33 64 | #define T_NAPTR 35 65 | #define T_KX 36 66 | #define T_DNAME 39 67 | #define T_OPT 41 68 | #define T_DS 43 69 | #define T_RRSIG 46 70 | #define T_NSEC 47 71 | #define T_DNSKEY 48 72 | #define T_NSEC3 50 73 | #define T_TKEY 249 74 | #define T_TSIG 250 75 | #define T_AXFR 252 76 | #define T_MAILB 253 77 | #define T_ANY 255 78 | 79 | #define EDNS0_OPTION_MAC 65001 /* dyndns.org temporary assignment */ 80 | #define EDNS0_OPTION_CLIENT_SUBNET 8 /* IANA */ 81 | #define EDNS0_OPTION_NOMDEVICEID 65073 /* Nominum temporary assignment */ 82 | #define EDNS0_OPTION_NOMCPEID 65074 /* Nominum temporary assignment */ 83 | 84 | struct dns_header { 85 | u16 id; 86 | u8 hb3,hb4; 87 | u16 qdcount,ancount,nscount,arcount; 88 | }; 89 | 90 | #define HB3_QR 0x80 /* Query */ 91 | #define HB3_OPCODE 0x78 92 | #define HB3_AA 0x04 /* Authoritative Answer */ 93 | #define HB3_TC 0x02 /* TrunCated */ 94 | #define HB3_RD 0x01 /* Recursion Desired */ 95 | 96 | #define HB4_RA 0x80 /* Recursion Available */ 97 | #define HB4_AD 0x20 /* Authenticated Data */ 98 | #define HB4_CD 0x10 /* Checking Disabled */ 99 | #define HB4_RCODE 0x0f 100 | 101 | #define OPCODE(x) (((x)->hb3 & HB3_OPCODE) >> 3) 102 | #define SET_OPCODE(x, code) (x)->hb3 = ((x)->hb3 & ~HB3_OPCODE) | code 103 | 104 | #define RCODE(x) ((x)->hb4 & HB4_RCODE) 105 | #define SET_RCODE(x, code) (x)->hb4 = ((x)->hb4 & ~HB4_RCODE) | code 106 | 107 | #define GETSHORT(s, cp) { \ 108 | unsigned char *t_cp = (unsigned char *)(cp); \ 109 | (s) = ((u16)t_cp[0] << 8) \ 110 | | ((u16)t_cp[1]) \ 111 | ; \ 112 | (cp) += 2; \ 113 | } 114 | 115 | #define GETLONG(l, cp) { \ 116 | unsigned char *t_cp = (unsigned char *)(cp); \ 117 | (l) = ((u32)t_cp[0] << 24) \ 118 | | ((u32)t_cp[1] << 16) \ 119 | | ((u32)t_cp[2] << 8) \ 120 | | ((u32)t_cp[3]) \ 121 | ; \ 122 | (cp) += 4; \ 123 | } 124 | 125 | #define PUTSHORT(s, cp) { \ 126 | u16 t_s = (u16)(s); \ 127 | unsigned char *t_cp = (unsigned char *)(cp); \ 128 | *t_cp++ = t_s >> 8; \ 129 | *t_cp = t_s; \ 130 | (cp) += 2; \ 131 | } 132 | 133 | #define PUTLONG(l, cp) { \ 134 | u32 t_l = (u32)(l); \ 135 | unsigned char *t_cp = (unsigned char *)(cp); \ 136 | *t_cp++ = t_l >> 24; \ 137 | *t_cp++ = t_l >> 16; \ 138 | *t_cp++ = t_l >> 8; \ 139 | *t_cp = t_l; \ 140 | (cp) += 4; \ 141 | } 142 | 143 | #define CHECK_LEN(header, pp, plen, len) \ 144 | ((size_t)((pp) - (unsigned char *)(header) + (len)) <= (plen)) 145 | 146 | #define ADD_RDLEN(header, pp, plen, len) \ 147 | (!CHECK_LEN(header, pp, plen, len) ? 0 : (((pp) += (len)), 1)) 148 | 149 | /* Escape character in our presentation format for names. 150 | Cannot be '.' or /000 and must be !isprint(). 151 | Note that escaped chars are stored as 152 | 153 | to ensure that the escaped form of /000 doesn't include /000 154 | */ 155 | #define NAME_ESCAPE 1 156 | -------------------------------------------------------------------------------- /doc.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Dnsmasq - network services for small networks. 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 |

Dnsmasq

13 | Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be 14 | lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used 15 | for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks. 16 | Supported platforms include Linux (with glibc and uclibc), Android, *BSD, and Mac OS X. Dnsmasq is included in most 17 | Linux distributions and the ports systems of FreeBSD, OpenBSD and NetBSD. Dnsmasq provides full IPv6 support. 18 | 19 |

20 | The DNS subsystem provides a local DNS server for the network, with forwarding of all query types to upstream recursive DNS servers and 21 | caching of common record types (A, AAAA, CNAME and PTR, also DNSKEY and DS when DNSSEC is enabled). 22 |

23 |
  • Local DNS names can be defined by reading /etc/hosts, by importing names from the DHCP subsystem, or by configuration of a wide range of useful record types.
    • 24 |
  • Upstream servers can be configured in a variety of convenient ways, including dynamic configuration as these change on moving upstream network. 25 |
  • Authoritative DNS mode allows local DNS names may be exported to zone in the global DNS. Dnsmasq acts as authoritative server for this zone, and also provides 26 | zone transfer to secondaries for the zone, if required.
    • 27 |
  • DNSSEC validation may be performed on DNS replies from upstream nameservers, providing security against spoofing and cache poisoning.
    • 28 |
  • Specified sub-domains can be directed to their own upstream DNS servers, making VPN configuration easy.
    • 29 |
  • Internationalised domain names are supported. 30 |
    • 31 |

    32 | The DHCP subsystem supports DHCPv4, DHCPv6, BOOTP and PXE. 33 |

    34 |
  • Both static and dynamic DHCP leases are supported, along with stateless mode in DHCPv6.
    • 35 |
  • The PXE system is a full PXE server, supporting netboot menus and multiple architecture support. It 36 | includes proxy-mode, where the PXE system co-operates with another DHCP server.
    • 37 |
  • There is a built in read-only TFTP server to support netboot.
    • 38 |
  • Machines which are configured by DHCP have their names automatically 39 | included in the DNS and the names can specified by each machine or 40 | centrally by associating a name with a MAC address or UID in the dnsmasq 41 | configuration file.
    • 42 |     43 |

    44 | The Router Advertisement subsystem provides basic autoconfiguration for IPv6 hosts. It can be used stand-alone or in conjunction with DHCPv6. 45 |

    46 |
  • The M and O bits are configurable, to control hosts' use of DHCPv6.
    • 47 |
  • Router advertisements can include the RDNSS option.
    • 48 |
  • There is a mode which uses name information from DHCPv4 configuration to provide DNS entries 49 | for autoconfigured IPv6 addresses which would otherwise be anonymous.
    • 50 |     51 |

    52 | 53 | For extra compactness, unused features may be omitted at compile time. 54 | 55 | 56 |

    Get code.

    57 | 58 | Download dnsmasq here. 59 | The tarball includes this documentation, source, and manpage. 60 | There is also a CHANGELOG and a FAQ. 61 | 62 | Dnsmasq has a git repository which contains the complete release 63 | history of version 2 and development history from 2.60. You can 64 | browse 65 | the repo, or get a copy using git protocol with the command 66 | 67 | 
    git clone git://thekelleys.org.uk/dnsmasq.git
    68 | 69 |

    License.

    70 | Dnsmasq is distributed under the GPL, version 2 or version 3 at your discretion. See the files COPYING and COPYING-v3 in the distribution 71 | for details. 72 | 73 |

    Contact.

    74 | There is a dnsmasq mailing list at 76 | http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss which should be the 77 | first location for queries, bugreports, suggestions etc. The list is mirrored, with a 78 | search facility, at 79 | https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/. 80 | You can contact me at simon@thekelleys.org.uk. 82 | 83 |

    Donations.

    84 | Dnsmasq is mainly written and maintained by Simon Kelley. For most of its life, dnsmasq has been a spare-time project. 85 | These days I'm working on it as my main activity. 86 | I don't have an employer or anyone who pays me regularly to work on dnsmasq. If you'd like to make 87 | a contribution towards my expenses, please use the donation button below. 88 |
    89 | 90 | 91 | 92 | 93 |
    94 | 95 | 96 | 97 | 98 | -------------------------------------------------------------------------------- /contrib/lease-tools/dhcp_lease_time.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2007 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991. 6 | 7 | This program is distributed in the hope that it will be useful, 8 | but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | GNU General Public License for more details. 11 | */ 12 | 13 | /* dhcp_lease_time
    */ 14 | 15 | /* Send a DHCPINFORM message to a dnsmasq server running on the local host 16 | and print (to stdout) the time remaining in any lease for the given 17 | address. The time is given as string printed to stdout. 18 | 19 | If an error occurs or no lease exists for the given address, 20 | nothing is sent to stdout a message is sent to stderr and a 21 | non-zero error code is returned. 22 | 23 | This version requires dnsmasq 2.67 or later. 24 | */ 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | 42 | #define DHCP_CHADDR_MAX 16 43 | #define BOOTREQUEST 1 44 | #define DHCP_COOKIE 0x63825363 45 | #define OPTION_PAD 0 46 | #define OPTION_LEASE_TIME 51 47 | #define OPTION_OVERLOAD 52 48 | #define OPTION_MESSAGE_TYPE 53 49 | #define OPTION_REQUESTED_OPTIONS 55 50 | #define OPTION_END 255 51 | #define DHCPINFORM 8 52 | #define DHCP_SERVER_PORT 67 53 | 54 | #define option_len(opt) ((int)(((unsigned char *)(opt))[1])) 55 | #define option_ptr(opt) ((void *)&(((unsigned char *)(opt))[2])) 56 | 57 | 58 | typedef unsigned char u8; 59 | typedef unsigned short u16; 60 | typedef unsigned int u32; 61 | 62 | struct dhcp_packet { 63 | u8 op, htype, hlen, hops; 64 | u32 xid; 65 | u16 secs, flags; 66 | struct in_addr ciaddr, yiaddr, siaddr, giaddr; 67 | u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128]; 68 | u32 cookie; 69 | unsigned char options[308]; 70 | }; 71 | 72 | static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize) 73 | { 74 | while (*p != OPTION_END) 75 | { 76 | if (p >= end) 77 | return NULL; /* malformed packet */ 78 | else if (*p == OPTION_PAD) 79 | p++; 80 | else 81 | { 82 | int opt_len; 83 | if (p >= end - 2) 84 | return NULL; /* malformed packet */ 85 | opt_len = option_len(p); 86 | if (p >= end - (2 + opt_len)) 87 | return NULL; /* malformed packet */ 88 | if (*p == opt && opt_len >= minsize) 89 | return p; 90 | p += opt_len + 2; 91 | } 92 | } 93 | 94 | return opt == OPTION_END ? p : NULL; 95 | } 96 | 97 | static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize) 98 | { 99 | unsigned char *ret, *overload; 100 | 101 | /* skip over DHCP cookie; */ 102 | if ((ret = option_find1(&mess->options[0], ((unsigned char *)mess) + size, opt_type, minsize))) 103 | return ret; 104 | 105 | /* look for overload option. */ 106 | if (!(overload = option_find1(&mess->options[0], ((unsigned char *)mess) + size, OPTION_OVERLOAD, 1))) 107 | return NULL; 108 | 109 | /* Can we look in filename area ? */ 110 | if ((overload[2] & 1) && 111 | (ret = option_find1(&mess->file[0], &mess->file[128], opt_type, minsize))) 112 | return ret; 113 | 114 | /* finally try sname area */ 115 | if ((overload[2] & 2) && 116 | (ret = option_find1(&mess->sname[0], &mess->sname[64], opt_type, minsize))) 117 | return ret; 118 | 119 | return NULL; 120 | } 121 | 122 | static unsigned int option_uint(unsigned char *opt, int size) 123 | { 124 | /* this worries about unaligned data and byte order */ 125 | unsigned int ret = 0; 126 | int i; 127 | unsigned char *p = option_ptr(opt); 128 | 129 | for (i = 0; i < size; i++) 130 | ret = (ret << 8) | *p++; 131 | 132 | return ret; 133 | } 134 | 135 | int main(int argc, char **argv) 136 | { 137 | struct in_addr lease; 138 | struct dhcp_packet packet; 139 | unsigned char *p = packet.options; 140 | struct sockaddr_in dest; 141 | int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); 142 | ssize_t rc; 143 | 144 | if (argc < 2) 145 | { 146 | fprintf(stderr, "usage: dhcp_lease_time
    \n"); 147 | exit(1); 148 | } 149 | 150 | if (fd == -1) 151 | { 152 | perror("cannot create socket"); 153 | exit(1); 154 | } 155 | 156 | lease.s_addr = inet_addr(argv[1]); 157 | 158 | memset(&packet, 0, sizeof(packet)); 159 | 160 | packet.hlen = 0; 161 | packet.htype = 0; 162 | 163 | packet.op = BOOTREQUEST; 164 | packet.ciaddr = lease; 165 | packet.cookie = htonl(DHCP_COOKIE); 166 | 167 | *(p++) = OPTION_MESSAGE_TYPE; 168 | *(p++) = 1; 169 | *(p++) = DHCPINFORM; 170 | 171 | /* Explicitly request the lease time, it won't be sent otherwise: 172 | this is a dnsmasq extension, not standard. */ 173 | *(p++) = OPTION_REQUESTED_OPTIONS; 174 | *(p++) = 1; 175 | *(p++) = OPTION_LEASE_TIME; 176 | 177 | *(p++) = OPTION_END; 178 | 179 | dest.sin_family = AF_INET; 180 | dest.sin_addr.s_addr = inet_addr("127.0.0.1"); 181 | dest.sin_port = ntohs(DHCP_SERVER_PORT); 182 | 183 | if (sendto(fd, &packet, sizeof(packet), 0, 184 | (struct sockaddr *)&dest, sizeof(dest)) == -1) 185 | { 186 | perror("sendto failed"); 187 | exit(1); 188 | } 189 | 190 | alarm(3); /* noddy timeout. */ 191 | 192 | rc = recv(fd, &packet, sizeof(packet), 0); 193 | 194 | if (rc < (ssize_t)(sizeof(packet) - sizeof(packet.options))) 195 | { 196 | perror("recv failed"); 197 | exit(1); 198 | } 199 | 200 | if ((p = option_find(&packet, (size_t)rc, OPTION_LEASE_TIME, 4))) 201 | { 202 | unsigned int t = option_uint(p, 4); 203 | if (t == 0xffffffff) 204 | printf("infinite"); 205 | else 206 | { 207 | unsigned int x; 208 | if ((x = t/86400)) 209 | printf("%ud", x); 210 | if ((x = (t/3600)%24)) 211 | printf("%uh", x); 212 | if ((x = (t/60)%60)) 213 | printf("%um", x); 214 | if ((x = t%60)) 215 | printf("%us", x); 216 | } 217 | return 0; 218 | } 219 | 220 | return 1; /* no lease */ 221 | } 222 | -------------------------------------------------------------------------------- /src/domain.c: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #include "dnsmasq.h" 18 | 19 | 20 | static struct cond_domain *search_domain(struct in_addr addr, struct cond_domain *c); 21 | #ifdef HAVE_IPV6 22 | static struct cond_domain *search_domain6(struct in6_addr *addr, struct cond_domain *c); 23 | #endif 24 | 25 | 26 | int is_name_synthetic(int flags, char *name, struct all_addr *addr) 27 | { 28 | char *p; 29 | struct cond_domain *c = NULL; 30 | int prot = AF_INET; 31 | 32 | #ifdef HAVE_IPV6 33 | if (flags & F_IPV6) 34 | prot = AF_INET6; 35 | #endif 36 | 37 | for (c = daemon->synth_domains; c; c = c->next) 38 | { 39 | int found = 0; 40 | char *tail, *pref; 41 | 42 | for (tail = name, pref = c->prefix; *tail != 0 && pref && *pref != 0; tail++, pref++) 43 | { 44 | unsigned int c1 = (unsigned char) *pref; 45 | unsigned int c2 = (unsigned char) *tail; 46 | 47 | if (c1 >= 'A' && c1 <= 'Z') 48 | c1 += 'a' - 'A'; 49 | if (c2 >= 'A' && c2 <= 'Z') 50 | c2 += 'a' - 'A'; 51 | 52 | if (c1 != c2) 53 | break; 54 | } 55 | 56 | if (pref && *pref != 0) 57 | continue; /* prefix match fail */ 58 | 59 | /* NB, must not alter name if we return zero */ 60 | for (p = tail; *p; p++) 61 | { 62 | char c = *p; 63 | 64 | if ((c >='0' && c <= '9') || c == '-') 65 | continue; 66 | 67 | #ifdef HAVE_IPV6 68 | if (prot == AF_INET6 && ((c >='A' && c <= 'F') || (c >='a' && c <= 'f'))) 69 | continue; 70 | #endif 71 | 72 | break; 73 | } 74 | 75 | if (*p != '.') 76 | continue; 77 | 78 | *p = 0; 79 | 80 | #ifdef HAVE_IPV6 81 | if (prot == AF_INET6 && strstr(tail, "--ffff-") == tail) 82 | { 83 | /* special hack for v4-mapped. */ 84 | memcpy(tail, "::ffff:", 7); 85 | for (p = tail + 7; *p; p++) 86 | if (*p == '-') 87 | *p = '.'; 88 | } 89 | else 90 | #endif 91 | { 92 | /* swap . or : for - */ 93 | for (p = tail; *p; p++) 94 | if (*p == '-') 95 | { 96 | if (prot == AF_INET) 97 | *p = '.'; 98 | #ifdef HAVE_IPV6 99 | else 100 | *p = ':'; 101 | #endif 102 | } 103 | } 104 | 105 | if (hostname_isequal(c->domain, p+1) && inet_pton(prot, tail, addr)) 106 | { 107 | if (prot == AF_INET) 108 | { 109 | if (!c->is6 && 110 | ntohl(addr->addr.addr4.s_addr) >= ntohl(c->start.s_addr) && 111 | ntohl(addr->addr.addr4.s_addr) <= ntohl(c->end.s_addr)) 112 | found = 1; 113 | } 114 | #ifdef HAVE_IPV6 115 | else 116 | { 117 | u64 addrpart = addr6part(&addr->addr.addr6); 118 | 119 | if (c->is6 && 120 | is_same_net6(&addr->addr.addr6, &c->start6, 64) && 121 | addrpart >= addr6part(&c->start6) && 122 | addrpart <= addr6part(&c->end6)) 123 | found = 1; 124 | } 125 | #endif 126 | } 127 | 128 | /* restore name */ 129 | for (p = tail; *p; p++) 130 | if (*p == '.' || *p == ':') 131 | *p = '-'; 132 | 133 | *p = '.'; 134 | 135 | if (found) 136 | return 1; 137 | } 138 | 139 | return 0; 140 | } 141 | 142 | 143 | int is_rev_synth(int flag, struct all_addr *addr, char *name) 144 | { 145 | struct cond_domain *c; 146 | 147 | if (flag & F_IPV4 && (c = search_domain(addr->addr.addr4, daemon->synth_domains))) 148 | { 149 | char *p; 150 | 151 | *name = 0; 152 | if (c->prefix) 153 | strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN); 154 | 155 | inet_ntop(AF_INET, &addr->addr.addr4, name + strlen(name), ADDRSTRLEN); 156 | for (p = name; *p; p++) 157 | if (*p == '.') 158 | *p = '-'; 159 | 160 | strncat(name, ".", MAXDNAME); 161 | strncat(name, c->domain, MAXDNAME); 162 | 163 | return 1; 164 | } 165 | 166 | #ifdef HAVE_IPV6 167 | if (flag & F_IPV6 && (c = search_domain6(&addr->addr.addr6, daemon->synth_domains))) 168 | { 169 | char *p; 170 | 171 | *name = 0; 172 | if (c->prefix) 173 | strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN); 174 | 175 | inet_ntop(AF_INET6, &addr->addr.addr6, name + strlen(name), ADDRSTRLEN); 176 | 177 | /* IPv6 presentation address can start with ":", but valid domain names 178 | cannot start with "-" so prepend a zero in that case. */ 179 | if (!c->prefix && *name == ':') 180 | { 181 | *name = '0'; 182 | inet_ntop(AF_INET6, &addr->addr.addr6, name+1, ADDRSTRLEN); 183 | } 184 | 185 | /* V4-mapped have periods.... */ 186 | for (p = name; *p; p++) 187 | if (*p == ':' || *p == '.') 188 | *p = '-'; 189 | 190 | strncat(name, ".", MAXDNAME); 191 | strncat(name, c->domain, MAXDNAME); 192 | 193 | return 1; 194 | } 195 | #endif 196 | 197 | return 0; 198 | } 199 | 200 | 201 | static struct cond_domain *search_domain(struct in_addr addr, struct cond_domain *c) 202 | { 203 | for (; c; c = c->next) 204 | if (!c->is6 && 205 | ntohl(addr.s_addr) >= ntohl(c->start.s_addr) && 206 | ntohl(addr.s_addr) <= ntohl(c->end.s_addr)) 207 | return c; 208 | 209 | return NULL; 210 | } 211 | 212 | char *get_domain(struct in_addr addr) 213 | { 214 | struct cond_domain *c; 215 | 216 | if ((c = search_domain(addr, daemon->cond_domain))) 217 | return c->domain; 218 | 219 | return daemon->domain_suffix; 220 | } 221 | 222 | #ifdef HAVE_IPV6 223 | static struct cond_domain *search_domain6(struct in6_addr *addr, struct cond_domain *c) 224 | { 225 | u64 addrpart = addr6part(addr); 226 | 227 | for (; c; c = c->next) 228 | if (c->is6 && 229 | is_same_net6(addr, &c->start6, 64) && 230 | addrpart >= addr6part(&c->start6) && 231 | addrpart <= addr6part(&c->end6)) 232 | return c; 233 | 234 | return NULL; 235 | } 236 | 237 | char *get_domain6(struct in6_addr *addr) 238 | { 239 | struct cond_domain *c; 240 | 241 | if (addr && (c = search_domain6(addr, daemon->cond_domain))) 242 | return c->domain; 243 | 244 | return daemon->domain_suffix; 245 | } 246 | #endif 247 | -------------------------------------------------------------------------------- /logo/icon.svg: -------------------------------------------------------------------------------- 1 | 2 | image/svg+xml 35 | 47 | 110 | 123 | 128 | 133 | 136 | 143 | 147 | 151 | 152 | 157 | -------------------------------------------------------------------------------- /src/slaac.c: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #include "dnsmasq.h" 18 | 19 | #ifdef HAVE_DHCP6 20 | 21 | #include 22 | 23 | static int ping_id = 0; 24 | 25 | void slaac_add_addrs(struct dhcp_lease *lease, time_t now, int force) 26 | { 27 | struct slaac_address *slaac, *old, **up; 28 | struct dhcp_context *context; 29 | int dns_dirty = 0; 30 | 31 | if (!(lease->flags & LEASE_HAVE_HWADDR) || 32 | (lease->flags & (LEASE_TA | LEASE_NA)) || 33 | lease->last_interface == 0 || 34 | !lease->hostname) 35 | return ; 36 | 37 | old = lease->slaac_address; 38 | lease->slaac_address = NULL; 39 | 40 | for (context = daemon->dhcp6; context; context = context->next) 41 | if ((context->flags & CONTEXT_RA_NAME) && 42 | !(context->flags & CONTEXT_OLD) && 43 | lease->last_interface == context->if_index) 44 | { 45 | struct in6_addr addr = context->start6; 46 | if (lease->hwaddr_len == 6 && 47 | (lease->hwaddr_type == ARPHRD_ETHER || lease->hwaddr_type == ARPHRD_IEEE802)) 48 | { 49 | /* convert MAC address to EUI-64 */ 50 | memcpy(&addr.s6_addr[8], lease->hwaddr, 3); 51 | memcpy(&addr.s6_addr[13], &lease->hwaddr[3], 3); 52 | addr.s6_addr[11] = 0xff; 53 | addr.s6_addr[12] = 0xfe; 54 | } 55 | #if defined(ARPHRD_EUI64) 56 | else if (lease->hwaddr_len == 8 && 57 | lease->hwaddr_type == ARPHRD_EUI64) 58 | memcpy(&addr.s6_addr[8], lease->hwaddr, 8); 59 | #endif 60 | #if defined(ARPHRD_IEEE1394) && defined(ARPHRD_EUI64) 61 | else if (lease->clid_len == 9 && 62 | lease->clid[0] == ARPHRD_EUI64 && 63 | lease->hwaddr_type == ARPHRD_IEEE1394) 64 | /* firewire has EUI-64 identifier as clid */ 65 | memcpy(&addr.s6_addr[8], &lease->clid[1], 8); 66 | #endif 67 | else 68 | continue; 69 | 70 | addr.s6_addr[8] ^= 0x02; 71 | 72 | /* check if we already have this one */ 73 | for (up = &old, slaac = old; slaac; slaac = slaac->next) 74 | { 75 | if (IN6_ARE_ADDR_EQUAL(&addr, &slaac->addr)) 76 | { 77 | *up = slaac->next; 78 | /* recheck when DHCPv4 goes through init-reboot */ 79 | if (force) 80 | { 81 | slaac->ping_time = now; 82 | slaac->backoff = 1; 83 | dns_dirty = 1; 84 | } 85 | break; 86 | } 87 | up = &slaac->next; 88 | } 89 | 90 | /* No, make new one */ 91 | if (!slaac && (slaac = whine_malloc(sizeof(struct slaac_address)))) 92 | { 93 | slaac->ping_time = now; 94 | slaac->backoff = 1; 95 | slaac->addr = addr; 96 | /* Do RA's to prod it */ 97 | ra_start_unsolicited(now, context); 98 | } 99 | 100 | if (slaac) 101 | { 102 | slaac->next = lease->slaac_address; 103 | lease->slaac_address = slaac; 104 | } 105 | } 106 | 107 | if (old || dns_dirty) 108 | lease_update_dns(1); 109 | 110 | /* Free any no reused */ 111 | for (; old; old = slaac) 112 | { 113 | slaac = old->next; 114 | free(old); 115 | } 116 | } 117 | 118 | 119 | time_t periodic_slaac(time_t now, struct dhcp_lease *leases) 120 | { 121 | struct dhcp_context *context; 122 | struct dhcp_lease *lease; 123 | struct slaac_address *slaac; 124 | time_t next_event = 0; 125 | 126 | for (context = daemon->dhcp6; context; context = context->next) 127 | if ((context->flags & CONTEXT_RA_NAME) && !(context->flags & CONTEXT_OLD)) 128 | break; 129 | 130 | /* nothing configured */ 131 | if (!context) 132 | return 0; 133 | 134 | while (ping_id == 0) 135 | ping_id = rand16(); 136 | 137 | for (lease = leases; lease; lease = lease->next) 138 | for (slaac = lease->slaac_address; slaac; slaac = slaac->next) 139 | { 140 | /* confirmed or given up? */ 141 | if (slaac->backoff == 0 || slaac->ping_time == 0) 142 | continue; 143 | 144 | if (difftime(slaac->ping_time, now) <= 0.0) 145 | { 146 | struct ping_packet *ping; 147 | struct sockaddr_in6 addr; 148 | 149 | reset_counter(); 150 | 151 | if (!(ping = expand(sizeof(struct ping_packet)))) 152 | continue; 153 | 154 | ping->type = ICMP6_ECHO_REQUEST; 155 | ping->code = 0; 156 | ping->identifier = ping_id; 157 | ping->sequence_no = slaac->backoff; 158 | 159 | memset(&addr, 0, sizeof(addr)); 160 | #ifdef HAVE_SOCKADDR_SA_LEN 161 | addr.sin6_len = sizeof(struct sockaddr_in6); 162 | #endif 163 | addr.sin6_family = AF_INET6; 164 | addr.sin6_port = htons(IPPROTO_ICMPV6); 165 | addr.sin6_addr = slaac->addr; 166 | 167 | if (sendto(daemon->icmp6fd, daemon->outpacket.iov_base, save_counter(-1), 0, 168 | (struct sockaddr *)&addr, sizeof(addr)) == -1 && 169 | errno == EHOSTUNREACH) 170 | slaac->ping_time = 0; /* Give up */ 171 | else 172 | { 173 | slaac->ping_time += (1 << (slaac->backoff - 1)) + (rand16()/21785); /* 0 - 3 */ 174 | if (slaac->backoff > 4) 175 | slaac->ping_time += rand16()/4000; /* 0 - 15 */ 176 | if (slaac->backoff < 12) 177 | slaac->backoff++; 178 | } 179 | } 180 | 181 | if (slaac->ping_time != 0 && 182 | (next_event == 0 || difftime(next_event, slaac->ping_time) >= 0.0)) 183 | next_event = slaac->ping_time; 184 | } 185 | 186 | return next_event; 187 | } 188 | 189 | 190 | void slaac_ping_reply(struct in6_addr *sender, unsigned char *packet, char *interface, struct dhcp_lease *leases) 191 | { 192 | struct dhcp_lease *lease; 193 | struct slaac_address *slaac; 194 | struct ping_packet *ping = (struct ping_packet *)packet; 195 | int gotone = 0; 196 | 197 | if (ping->identifier == ping_id) 198 | for (lease = leases; lease; lease = lease->next) 199 | for (slaac = lease->slaac_address; slaac; slaac = slaac->next) 200 | if (slaac->backoff != 0 && IN6_ARE_ADDR_EQUAL(sender, &slaac->addr)) 201 | { 202 | slaac->backoff = 0; 203 | gotone = 1; 204 | inet_ntop(AF_INET6, sender, daemon->addrbuff, ADDRSTRLEN); 205 | if (!option_bool(OPT_QUIET_DHCP6)) 206 | my_syslog(MS_DHCP | LOG_INFO, "SLAAC-CONFIRM(%s) %s %s", interface, daemon->addrbuff, lease->hostname); 207 | } 208 | 209 | lease_update_dns(gotone); 210 | } 211 | 212 | #endif 213 | -------------------------------------------------------------------------------- /src/arp.c: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #include "dnsmasq.h" 18 | 19 | /* Time between forced re-loads from kernel. */ 20 | #define INTERVAL 90 21 | 22 | #define ARP_MARK 0 23 | #define ARP_FOUND 1 /* Confirmed */ 24 | #define ARP_NEW 2 /* Newly created */ 25 | #define ARP_EMPTY 3 /* No MAC addr */ 26 | 27 | struct arp_record { 28 | unsigned short hwlen, status; 29 | int family; 30 | unsigned char hwaddr[DHCP_CHADDR_MAX]; 31 | struct all_addr addr; 32 | struct arp_record *next; 33 | }; 34 | 35 | static struct arp_record *arps = NULL, *old = NULL, *freelist = NULL; 36 | static time_t last = 0; 37 | 38 | static int filter_mac(int family, char *addrp, char *mac, size_t maclen, void *parmv) 39 | { 40 | struct arp_record *arp; 41 | 42 | (void)parmv; 43 | 44 | if (maclen > DHCP_CHADDR_MAX) 45 | return 1; 46 | 47 | #ifndef HAVE_IPV6 48 | if (family != AF_INET) 49 | return 1; 50 | #endif 51 | 52 | /* Look for existing entry */ 53 | for (arp = arps; arp; arp = arp->next) 54 | { 55 | if (family != arp->family || arp->status == ARP_NEW) 56 | continue; 57 | 58 | if (family == AF_INET) 59 | { 60 | if (arp->addr.addr.addr4.s_addr != ((struct in_addr *)addrp)->s_addr) 61 | continue; 62 | } 63 | #ifdef HAVE_IPV6 64 | else 65 | { 66 | if (!IN6_ARE_ADDR_EQUAL(&arp->addr.addr.addr6, (struct in6_addr *)addrp)) 67 | continue; 68 | } 69 | #endif 70 | 71 | if (arp->status == ARP_EMPTY) 72 | { 73 | /* existing address, was negative. */ 74 | arp->status = ARP_NEW; 75 | arp->hwlen = maclen; 76 | memcpy(arp->hwaddr, mac, maclen); 77 | } 78 | else if (arp->hwlen == maclen && memcmp(arp->hwaddr, mac, maclen) == 0) 79 | /* Existing entry matches - confirm. */ 80 | arp->status = ARP_FOUND; 81 | else 82 | continue; 83 | 84 | break; 85 | } 86 | 87 | if (!arp) 88 | { 89 | /* New entry */ 90 | if (freelist) 91 | { 92 | arp = freelist; 93 | freelist = freelist->next; 94 | } 95 | else if (!(arp = whine_malloc(sizeof(struct arp_record)))) 96 | return 1; 97 | 98 | arp->next = arps; 99 | arps = arp; 100 | arp->status = ARP_NEW; 101 | arp->hwlen = maclen; 102 | arp->family = family; 103 | memcpy(arp->hwaddr, mac, maclen); 104 | if (family == AF_INET) 105 | arp->addr.addr.addr4.s_addr = ((struct in_addr *)addrp)->s_addr; 106 | #ifdef HAVE_IPV6 107 | else 108 | memcpy(&arp->addr.addr.addr6, addrp, IN6ADDRSZ); 109 | #endif 110 | } 111 | 112 | return 1; 113 | } 114 | 115 | /* If in lazy mode, we cache absence of ARP entries. */ 116 | int find_mac(union mysockaddr *addr, unsigned char *mac, int lazy, time_t now) 117 | { 118 | struct arp_record *arp, *tmp, **up; 119 | int updated = 0; 120 | 121 | again: 122 | 123 | /* If the database is less then INTERVAL old, look in there */ 124 | if (difftime(now, last) < INTERVAL) 125 | { 126 | /* addr == NULL -> just make cache up-to-date */ 127 | if (!addr) 128 | return 0; 129 | 130 | for (arp = arps; arp; arp = arp->next) 131 | { 132 | if (addr->sa.sa_family != arp->family) 133 | continue; 134 | 135 | if (arp->family == AF_INET && 136 | arp->addr.addr.addr4.s_addr != addr->in.sin_addr.s_addr) 137 | continue; 138 | 139 | #ifdef HAVE_IPV6 140 | if (arp->family == AF_INET6 && 141 | !IN6_ARE_ADDR_EQUAL(&arp->addr.addr.addr6, &addr->in6.sin6_addr)) 142 | continue; 143 | #endif 144 | 145 | /* Only accept positive entries unless in lazy mode. */ 146 | if (arp->status != ARP_EMPTY || lazy || updated) 147 | { 148 | if (mac && arp->hwlen != 0) 149 | memcpy(mac, arp->hwaddr, arp->hwlen); 150 | return arp->hwlen; 151 | } 152 | } 153 | } 154 | 155 | /* Not found, try the kernel */ 156 | if (!updated) 157 | { 158 | updated = 1; 159 | last = now; 160 | 161 | /* Mark all non-negative entries */ 162 | for (arp = arps; arp; arp = arp->next) 163 | if (arp->status != ARP_EMPTY) 164 | arp->status = ARP_MARK; 165 | 166 | iface_enumerate(AF_UNSPEC, NULL, filter_mac); 167 | 168 | /* Remove all unconfirmed entries to old list. */ 169 | for (arp = arps, up = &arps; arp; arp = tmp) 170 | { 171 | tmp = arp->next; 172 | 173 | if (arp->status == ARP_MARK) 174 | { 175 | *up = arp->next; 176 | arp->next = old; 177 | old = arp; 178 | } 179 | else 180 | up = &arp->next; 181 | } 182 | 183 | goto again; 184 | } 185 | 186 | /* record failure, so we don't consult the kernel each time 187 | we're asked for this address */ 188 | if (freelist) 189 | { 190 | arp = freelist; 191 | freelist = freelist->next; 192 | } 193 | else 194 | arp = whine_malloc(sizeof(struct arp_record)); 195 | 196 | if (arp) 197 | { 198 | arp->next = arps; 199 | arps = arp; 200 | arp->status = ARP_EMPTY; 201 | arp->family = addr->sa.sa_family; 202 | arp->hwlen = 0; 203 | 204 | if (addr->sa.sa_family == AF_INET) 205 | arp->addr.addr.addr4.s_addr = addr->in.sin_addr.s_addr; 206 | #ifdef HAVE_IPV6 207 | else 208 | memcpy(&arp->addr.addr.addr6, &addr->in6.sin6_addr, IN6ADDRSZ); 209 | #endif 210 | } 211 | 212 | return 0; 213 | } 214 | 215 | int do_arp_script_run(void) 216 | { 217 | struct arp_record *arp; 218 | 219 | /* Notify any which went, then move to free list */ 220 | if (old) 221 | { 222 | #ifdef HAVE_SCRIPT 223 | if (option_bool(OPT_SCRIPT_ARP)) 224 | queue_arp(ACTION_ARP_DEL, old->hwaddr, old->hwlen, old->family, &old->addr); 225 | #endif 226 | arp = old; 227 | old = arp->next; 228 | arp->next = freelist; 229 | freelist = arp; 230 | return 1; 231 | } 232 | 233 | for (arp = arps; arp; arp = arp->next) 234 | if (arp->status == ARP_NEW) 235 | { 236 | #ifdef HAVE_SCRIPT 237 | if (option_bool(OPT_SCRIPT_ARP)) 238 | queue_arp(ACTION_ARP, arp->hwaddr, arp->hwlen, arp->family, &arp->addr); 239 | #endif 240 | arp->status = ARP_FOUND; 241 | return 1; 242 | } 243 | 244 | return 0; 245 | } 246 | 247 | 248 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # dnsmasq is Copyright (c) 2000-2016 Simon Kelley 2 | # 3 | # This program is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; version 2 dated June, 1991, or 6 | # (at your option) version 3 dated 29 June, 2007. 7 | # 8 | # This program is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU General Public License 14 | # along with this program. If not, see . 15 | 16 | # NOTE: Building the i18n targets requires GNU-make 17 | 18 | 19 | # Variables you may well want to override. 20 | 21 | PREFIX = /usr/local 22 | BINDIR = $(PREFIX)/sbin 23 | MANDIR = $(PREFIX)/share/man 24 | LOCALEDIR = $(PREFIX)/share/locale 25 | BUILDDIR = $(SRC) 26 | DESTDIR = 27 | CFLAGS = -Wall -W -O2 28 | LDFLAGS = 29 | COPTS = 30 | RPM_OPT_FLAGS = 31 | LIBS = 32 | 33 | ################################################################# 34 | 35 | # Variables you might want to override. 36 | 37 | PKG_CONFIG = pkg-config 38 | INSTALL = install 39 | MSGMERGE = msgmerge 40 | MSGFMT = msgfmt 41 | XGETTEXT = xgettext 42 | 43 | SRC = src 44 | PO = po 45 | MAN = man 46 | 47 | ################################################################# 48 | 49 | # pmake way. (NB no spaces to keep gmake 3.82 happy) 50 | top!=pwd 51 | # GNU make way. 52 | top?=$(CURDIR) 53 | 54 | dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1` 55 | dbus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` 56 | idn_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn` 57 | idn_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn` 58 | idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --cflags libidn2` 59 | idn2_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --libs libidn2` 60 | ct_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack` 61 | ct_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack` 62 | lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.2` 63 | lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.2` 64 | nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed` 65 | nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed` 66 | gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp` 67 | sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi` 68 | version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"' 69 | 70 | sum?=$(shell $(CC) -DDNSMASQ_COMPILE_OPTS $(COPTS) -E $(top)/$(SRC)/dnsmasq.h | ( md5sum 2>/dev/null || md5 ) | cut -f 1 -d ' ') 71 | sum!=$(CC) -DDNSMASQ_COMPILE_OPTS $(COPTS) -E $(top)/$(SRC)/dnsmasq.h | ( md5sum 2>/dev/null || md5 ) | cut -f 1 -d ' ' 72 | copts_conf = .copts_$(sum) 73 | 74 | objs = cache.o rfc1035.o util.o option.o forward.o network.o \ 75 | dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \ 76 | helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \ 77 | dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \ 78 | domain.o dnssec.o blockdata.o tables.o loop.o inotify.o \ 79 | poll.o rrfilter.o edns0.o arp.o crypto.o 80 | 81 | hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \ 82 | dns-protocol.h radv-protocol.h ip6addr.h 83 | 84 | all : $(BUILDDIR) 85 | @cd $(BUILDDIR) && $(MAKE) \ 86 | top="$(top)" \ 87 | build_cflags="$(version) $(dbus_cflags) $(idn2_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags) $(nettle_cflags)" \ 88 | build_libs="$(dbus_libs) $(idn2_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs)" \ 89 | -f $(top)/Makefile dnsmasq 90 | 91 | mostly_clean : 92 | rm -f $(BUILDDIR)/*.mo $(BUILDDIR)/*.pot 93 | rm -f $(BUILDDIR)/.copts_* $(BUILDDIR)/*.o $(BUILDDIR)/dnsmasq.a $(BUILDDIR)/dnsmasq 94 | 95 | clean : mostly_clean 96 | rm -f $(BUILDDIR)/dnsmasq_baseline 97 | rm -f core */core 98 | rm -f *~ contrib/*/*~ */*~ 99 | 100 | install : all install-common 101 | 102 | install-common : 103 | $(INSTALL) -d $(DESTDIR)$(BINDIR) -d $(DESTDIR)$(MANDIR)/man8 104 | $(INSTALL) -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 105 | $(INSTALL) -m 755 $(BUILDDIR)/dnsmasq $(DESTDIR)$(BINDIR) 106 | 107 | all-i18n : $(BUILDDIR) 108 | @cd $(BUILDDIR) && $(MAKE) \ 109 | top="$(top)" \ 110 | i18n=-DLOCALEDIR=\'\"$(LOCALEDIR)\"\' \ 111 | build_cflags="$(version) $(dbus_cflags) $(idn2_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags) $(nettle_cflags)" \ 112 | build_libs="$(dbus_libs) $(idn2_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs)" \ 113 | -f $(top)/Makefile dnsmasq 114 | for f in `cd $(PO); echo *.po`; do \ 115 | cd $(top) && cd $(BUILDDIR) && $(MAKE) top="$(top)" -f $(top)/Makefile $${f%.po}.mo; \ 116 | done 117 | 118 | install-i18n : all-i18n install-common 119 | cd $(BUILDDIR); $(top)/bld/install-mo $(DESTDIR)$(LOCALEDIR) $(INSTALL) 120 | cd $(MAN); ../bld/install-man $(DESTDIR)$(MANDIR) $(INSTALL) 121 | 122 | merge : 123 | @cd $(BUILDDIR) && $(MAKE) top="$(top)" -f $(top)/Makefile dnsmasq.pot 124 | for f in `cd $(PO); echo *.po`; do \ 125 | echo -n msgmerge $(PO)/$$f && $(MSGMERGE) --no-wrap -U $(PO)/$$f $(BUILDDIR)/dnsmasq.pot; \ 126 | done 127 | 128 | # Canonicalise .po file. 129 | %.po : 130 | @cd $(BUILDDIR) && $(MAKE) -f $(top)/Makefile dnsmasq.pot 131 | mv $(PO)/$*.po $(PO)/$*.po.orig && $(MSGMERGE) --no-wrap $(PO)/$*.po.orig $(BUILDDIR)/dnsmasq.pot >$(PO)/$*.po; 132 | 133 | $(BUILDDIR): 134 | mkdir -p $(BUILDDIR) 135 | 136 | # rules below are helpers for size tracking 137 | 138 | baseline : mostly_clean all 139 | @cd $(BUILDDIR) && \ 140 | mv dnsmasq dnsmasq_baseline 141 | 142 | bloatcheck : $(BUILDDIR)/dnsmasq_baseline mostly_clean all 143 | @cd $(BUILDDIR) && \ 144 | $(top)/bld/bloat-o-meter dnsmasq_baseline dnsmasq; \ 145 | size dnsmasq_baseline dnsmasq 146 | 147 | # rules below are targets in recursive makes with cwd=$(BUILDDIR) 148 | 149 | $(copts_conf): $(hdrs) 150 | @rm -f *.o .copts_* 151 | @touch $@ 152 | 153 | $(objs:.o=.c) $(hdrs): 154 | ln -s $(top)/$(SRC)/$@ . 155 | 156 | $(objs): $(copts_conf) $(hdrs) 157 | 158 | .c.o: 159 | $(CC) $(CFLAGS) $(COPTS) $(i18n) $(build_cflags) $(RPM_OPT_FLAGS) -c $< 160 | 161 | dnsmasq : $(objs) 162 | $(CC) $(LDFLAGS) -o $@ $(objs) $(build_libs) $(LIBS) 163 | 164 | dnsmasq.pot : $(objs:.o=.c) $(hdrs) 165 | $(XGETTEXT) -d dnsmasq --foreign-user --omit-header --keyword=_ -o $@ -i $(objs:.o=.c) 166 | 167 | %.mo : $(top)/$(PO)/%.po dnsmasq.pot 168 | $(MSGMERGE) -o - $(top)/$(PO)/$*.po dnsmasq.pot | $(MSGFMT) -o $*.mo - 169 | 170 | .PHONY : all clean mostly_clean install install-common all-i18n install-i18n merge baseline bloatcheck 171 | -------------------------------------------------------------------------------- /src/ipset.c: -------------------------------------------------------------------------------- 1 | /* ipset.c is Copyright (c) 2013 Jason A. Donenfeld . All Rights Reserved. 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #include "dnsmasq.h" 18 | 19 | #if defined(HAVE_IPSET) && defined(HAVE_LINUX_NETWORK) 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | /* We want to be able to compile against old header files 31 | Kernel version is handled at run-time. */ 32 | 33 | #define NFNL_SUBSYS_IPSET 6 34 | 35 | #define IPSET_ATTR_DATA 7 36 | #define IPSET_ATTR_IP 1 37 | #define IPSET_ATTR_IPADDR_IPV4 1 38 | #define IPSET_ATTR_IPADDR_IPV6 2 39 | #define IPSET_ATTR_PROTOCOL 1 40 | #define IPSET_ATTR_SETNAME 2 41 | #define IPSET_CMD_ADD 9 42 | #define IPSET_CMD_DEL 10 43 | #define IPSET_MAXNAMELEN 32 44 | #define IPSET_PROTOCOL 6 45 | 46 | #ifndef NFNETLINK_V0 47 | #define NFNETLINK_V0 0 48 | #endif 49 | 50 | #ifndef NLA_F_NESTED 51 | #define NLA_F_NESTED (1 << 15) 52 | #endif 53 | 54 | #ifndef NLA_F_NET_BYTEORDER 55 | #define NLA_F_NET_BYTEORDER (1 << 14) 56 | #endif 57 | 58 | struct my_nlattr { 59 | __u16 nla_len; 60 | __u16 nla_type; 61 | }; 62 | 63 | struct my_nfgenmsg { 64 | __u8 nfgen_family; /* AF_xxx */ 65 | __u8 version; /* nfnetlink version */ 66 | __be16 res_id; /* resource id */ 67 | }; 68 | 69 | 70 | /* data structure size in here is fixed */ 71 | #define BUFF_SZ 256 72 | 73 | #define NL_ALIGN(len) (((len)+3) & ~(3)) 74 | static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK }; 75 | static int ipset_sock, old_kernel; 76 | static char *buffer; 77 | 78 | static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data) 79 | { 80 | struct my_nlattr *attr = (void *)nlh + NL_ALIGN(nlh->nlmsg_len); 81 | uint16_t payload_len = NL_ALIGN(sizeof(struct my_nlattr)) + len; 82 | attr->nla_type = type; 83 | attr->nla_len = payload_len; 84 | memcpy((void *)attr + NL_ALIGN(sizeof(struct my_nlattr)), data, len); 85 | nlh->nlmsg_len += NL_ALIGN(payload_len); 86 | } 87 | 88 | void ipset_init(void) 89 | { 90 | struct utsname utsname; 91 | int version; 92 | char *split; 93 | 94 | if (uname(&utsname) < 0) 95 | die(_("failed to find kernel version: %s"), NULL, EC_MISC); 96 | 97 | split = strtok(utsname.release, "."); 98 | version = (split ? atoi(split) : 0); 99 | split = strtok(NULL, "."); 100 | version = version * 256 + (split ? atoi(split) : 0); 101 | split = strtok(NULL, "."); 102 | version = version * 256 + (split ? atoi(split) : 0); 103 | old_kernel = (version < KERNEL_VERSION(2,6,32)); 104 | 105 | if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1) 106 | return; 107 | 108 | if (!old_kernel && 109 | (buffer = safe_malloc(BUFF_SZ)) && 110 | (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 && 111 | (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1)) 112 | return; 113 | 114 | die (_("failed to create IPset control socket: %s"), NULL, EC_MISC); 115 | } 116 | 117 | static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int af, int remove) 118 | { 119 | struct nlmsghdr *nlh; 120 | struct my_nfgenmsg *nfg; 121 | struct my_nlattr *nested[2]; 122 | uint8_t proto; 123 | int addrsz = INADDRSZ; 124 | 125 | #ifdef HAVE_IPV6 126 | if (af == AF_INET6) 127 | addrsz = IN6ADDRSZ; 128 | #endif 129 | 130 | if (strlen(setname) >= IPSET_MAXNAMELEN) 131 | { 132 | errno = ENAMETOOLONG; 133 | return -1; 134 | } 135 | 136 | memset(buffer, 0, BUFF_SZ); 137 | 138 | nlh = (struct nlmsghdr *)buffer; 139 | nlh->nlmsg_len = NL_ALIGN(sizeof(struct nlmsghdr)); 140 | nlh->nlmsg_type = (remove ? IPSET_CMD_DEL : IPSET_CMD_ADD) | (NFNL_SUBSYS_IPSET << 8); 141 | nlh->nlmsg_flags = NLM_F_REQUEST; 142 | 143 | nfg = (struct my_nfgenmsg *)(buffer + nlh->nlmsg_len); 144 | nlh->nlmsg_len += NL_ALIGN(sizeof(struct my_nfgenmsg)); 145 | nfg->nfgen_family = af; 146 | nfg->version = NFNETLINK_V0; 147 | nfg->res_id = htons(0); 148 | 149 | proto = IPSET_PROTOCOL; 150 | add_attr(nlh, IPSET_ATTR_PROTOCOL, sizeof(proto), &proto); 151 | add_attr(nlh, IPSET_ATTR_SETNAME, strlen(setname) + 1, setname); 152 | nested[0] = (struct my_nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len)); 153 | nlh->nlmsg_len += NL_ALIGN(sizeof(struct my_nlattr)); 154 | nested[0]->nla_type = NLA_F_NESTED | IPSET_ATTR_DATA; 155 | nested[1] = (struct my_nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len)); 156 | nlh->nlmsg_len += NL_ALIGN(sizeof(struct my_nlattr)); 157 | nested[1]->nla_type = NLA_F_NESTED | IPSET_ATTR_IP; 158 | add_attr(nlh, 159 | (af == AF_INET ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6) | NLA_F_NET_BYTEORDER, 160 | addrsz, &ipaddr->addr); 161 | nested[1]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[1]; 162 | nested[0]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[0]; 163 | 164 | while (retry_send(sendto(ipset_sock, buffer, nlh->nlmsg_len, 0, 165 | (struct sockaddr *)&snl, sizeof(snl)))); 166 | 167 | return errno == 0 ? 0 : -1; 168 | } 169 | 170 | 171 | static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove) 172 | { 173 | socklen_t size; 174 | struct ip_set_req_adt_get { 175 | unsigned op; 176 | unsigned version; 177 | union { 178 | char name[IPSET_MAXNAMELEN]; 179 | uint16_t index; 180 | } set; 181 | char typename[IPSET_MAXNAMELEN]; 182 | } req_adt_get; 183 | struct ip_set_req_adt { 184 | unsigned op; 185 | uint16_t index; 186 | uint32_t ip; 187 | } req_adt; 188 | 189 | if (strlen(setname) >= sizeof(req_adt_get.set.name)) 190 | { 191 | errno = ENAMETOOLONG; 192 | return -1; 193 | } 194 | 195 | req_adt_get.op = 0x10; 196 | req_adt_get.version = 3; 197 | strcpy(req_adt_get.set.name, setname); 198 | size = sizeof(req_adt_get); 199 | if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0) 200 | return -1; 201 | req_adt.op = remove ? 0x102 : 0x101; 202 | req_adt.index = req_adt_get.set.index; 203 | req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr); 204 | if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0) 205 | return -1; 206 | 207 | return 0; 208 | } 209 | 210 | 211 | 212 | int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove) 213 | { 214 | int ret = 0, af = AF_INET; 215 | 216 | #ifdef HAVE_IPV6 217 | if (flags & F_IPV6) 218 | { 219 | af = AF_INET6; 220 | /* old method only supports IPv4 */ 221 | if (old_kernel) 222 | { 223 | errno = EAFNOSUPPORT ; 224 | ret = -1; 225 | } 226 | } 227 | #endif 228 | 229 | if (ret != -1) 230 | ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); 231 | 232 | if (ret == -1) 233 | my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno)); 234 | 235 | return ret; 236 | } 237 | 238 | #endif 239 | -------------------------------------------------------------------------------- /contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # dynamic-dnsmasq.pl - update dnsmasq's internal dns entries dynamically 3 | # Copyright (C) 2004 Peter Willis 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 | # 19 | # the purpose of this script is to be able to update dnsmasq's dns 20 | # records from a remote dynamic dns client. 21 | # 22 | # basic use of this script: 23 | # dynamic-dnsmasq.pl add testaccount 1234 testaccount.mydomain.com 24 | # dynamic-dnsmasq.pl listen & 25 | # 26 | # this script tries to emulate DynDNS.org's dynamic dns service, so 27 | # technically you should be able to use any DynDNS.org client to 28 | # update the records here. tested and confirmed to work with ddnsu 29 | # 1.3.1. just point the client's host to the IP of this machine, 30 | # port 9020, and include the hostname, user and pass, and it should 31 | # work. 32 | # 33 | # make sure "addn-hosts=/etc/dyndns-hosts" is in your /etc/dnsmasq.conf 34 | # file and "nopoll" is commented out. 35 | 36 | use strict; 37 | use IO::Socket; 38 | use MIME::Base64; 39 | use DB_File; 40 | use Fcntl; 41 | 42 | my $accountdb = "accounts.db"; 43 | my $recordfile = "/etc/dyndns-hosts"; 44 | my $dnsmasqpidfile = "/var/run/dnsmasq.pid"; # if this doesn't exist, will look for process in /proc 45 | my $listenaddress = "0.0.0.0"; 46 | my $listenport = 9020; 47 | 48 | # no editing past this point should be necessary 49 | 50 | if ( @ARGV < 1 ) { 51 | die "Usage: $0 ADD|DEL|LISTUSERS|WRITEHOSTSFILE|LISTEN\n"; 52 | } elsif ( lc $ARGV[0] eq "add" ) { 53 | die "Usage: $0 ADD USER PASS HOSTNAME\n" unless @ARGV == 4; 54 | add_acct($ARGV[1], $ARGV[2], $ARGV[3]); 55 | } elsif ( lc $ARGV[0] eq "del" ) { 56 | die "Usage: $0 DEL USER\n" unless @ARGV == 2; 57 | print "Are you sure you want to delete user \"$ARGV[1]\"? [N/y] "; 58 | my $resp = ; 59 | chomp $resp; 60 | if ( lc substr($resp,0,1) eq "y" ) { 61 | del_acct($ARGV[1]); 62 | } 63 | } elsif ( lc $ARGV[0] eq "listusers" or lc $ARGV[0] eq "writehostsfile" ) { 64 | my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; 65 | my $fh; 66 | if ( lc $ARGV[0] eq "writehostsfile" ) { 67 | open($fh, ">$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n"; 68 | flock($fh, 2); 69 | seek($fh, 0, 0); 70 | truncate($fh, 0); 71 | } 72 | while ( my ($key, $val) = each %h ) { 73 | my ($pass, $domain, $ip) = split("\t",$val); 74 | if ( lc $ARGV[0] eq "listusers" ) { 75 | print "user $key, hostname $domain, ip $ip\n"; 76 | } else { 77 | if ( defined $ip ) { 78 | print $fh "$ip\t$domain\n"; 79 | } 80 | } 81 | } 82 | if ( lc $ARGV[0] eq "writehostsfile" ) { 83 | flock($fh, 8); 84 | close($fh); 85 | dnsmasq_rescan_configs(); 86 | } 87 | undef $X; 88 | untie %h; 89 | } elsif ( lc $ARGV[0] eq "listen" ) { 90 | listen_for_updates(); 91 | } 92 | 93 | sub listen_for_updates { 94 | my $sock = IO::Socket::INET->new(Listen => 5, 95 | LocalAddr => $listenaddress, LocalPort => $listenport, 96 | Proto => 'tcp', ReuseAddr => 1, 97 | MultiHomed => 1) || die "Could not open listening socket: $!\n"; 98 | $SIG{'CHLD'} = 'IGNORE'; 99 | while ( my $client = $sock->accept() ) { 100 | my $p = fork(); 101 | if ( $p != 0 ) { 102 | next; 103 | } 104 | $SIG{'CHLD'} = 'DEFAULT'; 105 | my @headers; 106 | my %cgi; 107 | while ( <$client> ) { 108 | s/(\r|\n)//g; 109 | last if $_ eq ""; 110 | push @headers, $_; 111 | } 112 | foreach my $header (@headers) { 113 | if ( $header =~ /^GET \/nic\/update\?([^\s].+) HTTP\/1\.[01]$/ ) { 114 | foreach my $element (split('&', $1)) { 115 | $cgi{(split '=', $element)[0]} = (split '=', $element)[1]; 116 | } 117 | } elsif ( $header =~ /^Authorization: basic (.+)$/ ) { 118 | unless ( defined $cgi{'hostname'} ) { 119 | print_http_response($client, undef, "badsys"); 120 | exit(1); 121 | } 122 | if ( !exists $cgi{'myip'} ) { 123 | $cgi{'myip'} = $client->peerhost(); 124 | } 125 | my ($user,$pass) = split ":", MIME::Base64::decode($1); 126 | if ( authorize($user, $pass, $cgi{'hostname'}, $cgi{'myip'}) == 0 ) { 127 | print_http_response($client, $cgi{'myip'}, "good"); 128 | update_dns(\%cgi); 129 | } else { 130 | print_http_response($client, undef, "badauth"); 131 | exit(1); 132 | } 133 | last; 134 | } 135 | } 136 | exit(0); 137 | } 138 | return(0); 139 | } 140 | 141 | sub add_acct { 142 | my ($user, $pass, $hostname) = @_; 143 | my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; 144 | $X->put($user, join("\t", ($pass, $hostname))); 145 | undef $X; 146 | untie %h; 147 | } 148 | 149 | sub del_acct { 150 | my ($user, $pass, $hostname) = @_; 151 | my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; 152 | $X->del($user); 153 | undef $X; 154 | untie %h; 155 | } 156 | 157 | 158 | sub authorize { 159 | my $user = shift; 160 | my $pass = shift; 161 | my $hostname = shift; 162 | my $ip = shift;; 163 | my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; 164 | my ($spass, $shost) = split("\t", $h{$user}); 165 | if ( defined $h{$user} and ($spass eq $pass) and ($shost eq $hostname) ) { 166 | $X->put($user, join("\t", $spass, $shost, $ip)); 167 | undef $X; 168 | untie %h; 169 | return(0); 170 | } 171 | undef $X; 172 | untie %h; 173 | return(1); 174 | } 175 | 176 | sub print_http_response { 177 | my $sock = shift; 178 | my $ip = shift; 179 | my $response = shift; 180 | print $sock "HTTP/1.0 200 OK\n"; 181 | my @tmp = split /\s+/, scalar gmtime(); 182 | print $sock "Date: $tmp[0], $tmp[2] $tmp[1] $tmp[4] $tmp[3] GMT\n"; 183 | print $sock "Server: Peter's Fake DynDNS.org Server/1.0\n"; 184 | print $sock "Content-Type: text/plain; charset=ISO-8859-1\n"; 185 | print $sock "Connection: close\n"; 186 | print $sock "Transfer-Encoding: chunked\n"; 187 | print $sock "\n"; 188 | #print $sock "12\n"; # this was part of the dyndns response but i'm not sure what it is 189 | print $sock "$response", defined($ip)? " $ip" : "" . "\n"; 190 | } 191 | 192 | sub update_dns { 193 | my $hashref = shift; 194 | my @records; 195 | my $found = 0; 196 | # update the addn-hosts file 197 | open(FILE, "+<$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n"; 198 | flock(FILE, 2); 199 | while ( ) { 200 | if ( /^(\d+\.\d+\.\d+\.\d+)\s+$$hashref{'hostname'}\n$/si ) { 201 | if ( $1 ne $$hashref{'myip'} ) { 202 | push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n"; 203 | $found = 1; 204 | } 205 | } else { 206 | push @records, $_; 207 | } 208 | } 209 | unless ( $found ) { 210 | push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n"; 211 | } 212 | sysseek(FILE, 0, 0); 213 | truncate(FILE, 0); 214 | syswrite(FILE, join("", @records)); 215 | flock(FILE, 8); 216 | close(FILE); 217 | dnsmasq_rescan_configs(); 218 | return(0); 219 | } 220 | 221 | sub dnsmasq_rescan_configs { 222 | # send the HUP signal to dnsmasq 223 | if ( -r $dnsmasqpidfile ) { 224 | open(PID,"<$dnsmasqpidfile") || die "Could not open PID file \"$dnsmasqpidfile\": $!\n"; 225 | my $pid = ; 226 | close(PID); 227 | chomp $pid; 228 | if ( kill(0, $pid) ) { 229 | kill(1, $pid); 230 | } else { 231 | goto LOOKFORDNSMASQ; 232 | } 233 | } else { 234 | LOOKFORDNSMASQ: 235 | opendir(DIR,"/proc") || die "Couldn't opendir /proc: $!\n"; 236 | my @dirs = grep(/^\d+$/, readdir(DIR)); 237 | closedir(DIR); 238 | foreach my $process (@dirs) { 239 | if ( open(FILE,"; 241 | close(FILE); 242 | if ( (split(/\0/,$cmdline))[0] =~ /dnsmasq/ ) { 243 | kill(1, $process); 244 | } 245 | } 246 | } 247 | } 248 | return(0); 249 | } 250 | -------------------------------------------------------------------------------- /dbus/DBus-interface: -------------------------------------------------------------------------------- 1 | DBus support must be enabled at compile-time and run-time. Ensure 2 | that src/config.h contains the line 3 | 4 | #define HAVE_DBUS. 5 | 6 | and that /etc/dnsmasq.conf contains the line 7 | 8 | enable-dbus 9 | 10 | Because dnsmasq can operate stand-alone from the DBus, and may need to provide 11 | service before the dbus daemon is available, it will continue to run 12 | if the DBus connection is not available at startup. The DBus will be polled 13 | every 250ms until a connection is established. Start of polling and final 14 | connection establishment are both logged. When dnsmasq establishes a 15 | connection to the dbus, it sends the signal "Up". Anything controlling 16 | the server settings in dnsmasq should re-invoke the SetServers method 17 | (q.v.) when it sees this signal. This allows dnsmasq to be restarted 18 | and avoids startup races with the provider of nameserver information. 19 | 20 | 21 | Dnsmasq provides one service on the DBus: uk.org.thekelleys.dnsmasq 22 | and a single object: /uk/org/thekelleys/dnsmasq 23 | The name of the service may be changed by giving an argument to --enable-dbus. 24 | 25 | 1. METHODS 26 | ---------- 27 | 28 | Methods are of the form 29 | 30 | uk.org.thekelleys. 31 | 32 | Available methods are: 33 | 34 | GetVersion 35 | ---------- 36 | Returns a string containing the version of dnsmasq running. 37 | 38 | ClearCache 39 | ---------- 40 | Returns nothing. Clears the domain name cache and re-reads 41 | /etc/hosts. The same as sending dnsmasq a HUP signal. 42 | 43 | SetFilterWin2KOption 44 | -------------------- 45 | Takes boolean, sets or resets the --filterwin2k option. 46 | 47 | SetBogusPrivOption 48 | ------------------ 49 | Takes boolean, sets or resets the --bogus-priv option. 50 | 51 | SetServers 52 | ---------- 53 | Returns nothing. Takes a set of arguments representing the new 54 | upstream DNS servers to be used by dnsmasq. IPv4 addresses are 55 | represented as a UINT32 (in network byte order) and IPv6 addresses 56 | are represented as sixteen BYTEs (since there is no UINT128 type). 57 | Each server address may be followed by one or more STRINGS, which are 58 | the domains for which the preceding server should be used. 59 | 60 | Examples. 61 | 62 | UINT32: 63 | UNIT32: 64 | 65 | is equivalent to 66 | 67 | --server= --server= 68 | 69 | 70 | UINT32 71 | UINT32 72 | STRING "somedomain.com" 73 | 74 | is equivalent to 75 | 76 | --server= --server=/somedomain.com/ 77 | 78 | UINT32 79 | UINT32 80 | STRING "somedomain.com" 81 | UINT32 82 | STRING "anotherdomain.com" 83 | STRING "thirddomain.com" 84 | 85 | is equivalent to 86 | 87 | --server= 88 | --server=/somedomain.com/ 89 | --server=/anotherdomain.com/thirddomain.com/ 90 | 91 | Am IPv4 address of 0.0.0.0 is interpreted as "no address, local only", 92 | so 93 | 94 | UINT32: <0.0.0.0> 95 | STRING "local.domain" 96 | 97 | is equivalent to 98 | 99 | --local=/local.domain/ 100 | 101 | 102 | Each call to SetServers completely replaces the set of servers 103 | specified by via the DBus, but it leaves any servers specified via the 104 | command line or /etc/dnsmasq.conf or /etc/resolv.conf alone. 105 | 106 | SetServersEx 107 | ------------ 108 | 109 | This function is more flexible and the SetServers function, in that it can 110 | handle address scoping, port numbers, and is easier for clients to use. 111 | 112 | Returns nothing. Takes a set of arguments representing the new 113 | upstream DNS servers to be used by dnsmasq. All addresses (both IPv4 and IPv6) 114 | are represented as STRINGS. Each server address may be followed by one or more 115 | STRINGS, which are the domains for which the preceding server should be used. 116 | 117 | This function takes an array of STRING arrays, where each inner array represents 118 | a set of DNS servers and domains for which those servers may be used. Each 119 | string represents a list of upstream DNS servers first, and domains second. 120 | Mixing of domains and servers within a the string array is not allowed. 121 | 122 | Examples. 123 | 124 | [ 125 | ["1.2.3.4", "foobar.com"], 126 | ["1003:1234:abcd::1%eth0", "eng.mycorp.com", "lab.mycorp.com"] 127 | ] 128 | 129 | is equivalent to 130 | 131 | --server=/foobar.com/1.2.3.4 \ 132 | --server=/eng.mycorp.com/lab.mycorp.com/1003:1234:abcd::1%eth0 133 | 134 | An IPv4 address of 0.0.0.0 is interpreted as "no address, local only", 135 | so 136 | 137 | [ ["0.0.0.0", "local.domain"] ] 138 | 139 | is equivalent to 140 | 141 | --local=/local.domain/ 142 | 143 | 144 | Each call to SetServersEx completely replaces the set of servers 145 | specified by via the DBus, but it leaves any servers specified via the 146 | command line or /etc/dnsmasq.conf or /etc/resolv.conf alone. 147 | 148 | 149 | SetDomainServers 150 | ---------------- 151 | 152 | Yes another variation for setting DNS servers, with the capability of 153 | SetServersEx, but without using arrays of arrays, which are not 154 | sendable with dbus-send. The arguments are an array of strings which 155 | are identical to the equivalent arguments --server, so the example 156 | for SetServersEx is represented as 157 | 158 | [ 159 | "/foobar.com/1.2.3.4" 160 | "/eng.mycorp.com/lab.mycorp.com/1003:1234:abcd::1%eth0" 161 | ] 162 | 163 | GetLoopServers 164 | -------------- 165 | 166 | (Only available if dnsmasq compiled with HAVE_LOOP) 167 | 168 | Return an array of strings, each string is the IP address of an upstream 169 | server which has been found to loop queries back to this dnsmasq instance, and 170 | it therefore not being used. 171 | 172 | AddDhcpLease 173 | ------------ 174 | 175 | Returns nothing. Adds or updates a DHCP or DHCPv6 lease to the internal lease 176 | database, as if a client requested and obtained a lease. 177 | 178 | If a lease for the IPv4 or IPv6 address already exist, it is overwritten. 179 | 180 | Note that this function will trigger the DhcpLeaseAdded or DhcpLeaseUpdated 181 | D-Bus signal and will run the configured DHCP lease script accordingly. 182 | 183 | This function takes many arguments which are the lease parameters: 184 | - A string with the textual representation of the IPv4 or IPv6 address of the 185 | client. 186 | 187 | Examples: 188 | "192.168.1.115" 189 | "1003:1234:abcd::1%eth0" 190 | "2001:db8:abcd::1" 191 | 192 | - A string representing the hardware address of the client, using the same 193 | format as the one used in the lease database. 194 | 195 | Examples: 196 | 197 | "00:23:45:67:89:ab" 198 | "06-00:20:e0:3b:13:af" (token ring) 199 | 200 | - The hostname of the client, as an array of bytes (so there is no problem 201 | with non-ASCII character encoding). May be empty. 202 | 203 | Example (for "hostname.or.fqdn"): 204 | [104, 111, 115, 116, 110, 97, 109, 101, 46, 111, 114, 46, 102, 113, 100, 110] 205 | 206 | - The client identifier (IPv4) or DUID (IPv6) as an array of bytes. May be 207 | empty. 208 | 209 | Examples: 210 | 211 | DHCPv6 DUID: 212 | [0, 3, 0, 1, 0, 35, 69, 103, 137, 171] 213 | DHCPv4 client identifier: 214 | [255, 12, 34, 56, 78, 0, 1, 0, 1, 29, 9, 99, 190, 35, 69, 103, 137, 171] 215 | 216 | - The duration of the lease, in seconds. If the lease is updated, then 217 | the duration replaces the previous duration. 218 | 219 | Example: 220 | 221 | 7200 222 | 223 | - The IAID (Identity association identifier) of the DHCPv6 lease, as a network 224 | byte-order unsigned integer. For DHCPv4 leases, this must be set to 0. 225 | 226 | Example (for IPv6): 227 | 228 | 203569230 229 | 230 | - A boolean which, if true, indicates that the DHCPv6 lease is for a temporary 231 | address (IA_TA). If false, the DHCPv6 lease is for a non-temporary address 232 | (IA_NA). For DHCPv4 leases, this must be set to false. 233 | 234 | RemoveDhcpLease 235 | --------------- 236 | 237 | Returns nothing. Removes a DHCP or DHCPv6 lease to the internal lease 238 | database, as if a client sent a release message to abandon a lease. 239 | 240 | This function takes only one parameter: the text representation of the 241 | IPv4 or IPv6 address of the lease to remove. 242 | 243 | Note that this function will trigger the DhcpLeaseRemoved signal and the 244 | configured DHCP lease script will be run with the "del" action. 245 | 246 | 247 | 248 | 2. SIGNALS 249 | ---------- 250 | 251 | If dnsmasq's DHCP server is active, it will send signals over DBUS whenever 252 | the DHCP lease database changes. Think of these signals as transactions on 253 | a database with the IP address acting as the primary key. 254 | 255 | Signals are of the form: 256 | 257 | uk.org.thekelleys. 258 | 259 | and their parameters are: 260 | 261 | STRING "192.168.1.115" 262 | STRING "01:23:45:67:89:ab" 263 | STRING "hostname.or.fqdn" 264 | 265 | 266 | Available signals are: 267 | 268 | DhcpLeaseAdded 269 | --------------- 270 | 271 | This signal is emitted when a DHCP lease for a given IP address is created. 272 | 273 | DhcpLeaseDeleted 274 | ---------------- 275 | 276 | This signal is emitted when a DHCP lease for a given IP address is deleted. 277 | 278 | DhcpLeaseUpdated 279 | ---------------- 280 | 281 | This signal is emitted when a DHCP lease for a given IP address is updated. 282 | 283 | -------------------------------------------------------------------------------- /src/inotify.c: -------------------------------------------------------------------------------- 1 | /* dnsmasq is Copyright (c) 2000-2017 Simon Kelley 2 | 3 | This program is free software; you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation; version 2 dated June, 1991, or 6 | (at your option) version 3 dated 29 June, 2007. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with this program. If not, see . 15 | */ 16 | 17 | #include "dnsmasq.h" 18 | #ifdef HAVE_INOTIFY 19 | 20 | #include 21 | #include /* For MAXSYMLINKS */ 22 | 23 | /* the strategy is to set a inotify on the directories containing 24 | resolv files, for any files in the directory which are close-write 25 | or moved into the directory. 26 | 27 | When either of those happen, we look to see if the file involved 28 | is actually a resolv-file, and if so, call poll-resolv with 29 | the "force" argument, to ensure it's read. 30 | 31 | This adds one new error condition: the directories containing 32 | all specified resolv-files must exist at start-up, even if the actual 33 | files don't. 34 | */ 35 | 36 | static char *inotify_buffer; 37 | #define INOTIFY_SZ (sizeof(struct inotify_event) + NAME_MAX + 1) 38 | 39 | /* If path is a symbolic link, return the path it 40 | points to, made absolute if relative. 41 | If path doesn't exist or is not a symlink, return NULL. 42 | Return value is malloc'ed */ 43 | static char *my_readlink(char *path) 44 | { 45 | ssize_t rc, size = 64; 46 | char *buf; 47 | 48 | while (1) 49 | { 50 | buf = safe_malloc(size); 51 | rc = readlink(path, buf, (size_t)size); 52 | 53 | if (rc == -1) 54 | { 55 | /* Not link or doesn't exist. */ 56 | if (errno == EINVAL || errno == ENOENT) 57 | { 58 | free(buf); 59 | return NULL; 60 | } 61 | else 62 | die(_("cannot access path %s: %s"), path, EC_MISC); 63 | } 64 | else if (rc < size-1) 65 | { 66 | char *d; 67 | 68 | buf[rc] = 0; 69 | if (buf[0] != '/' && ((d = strrchr(path, '/')))) 70 | { 71 | /* Add path to relative link */ 72 | char *new_buf = safe_malloc((d - path) + strlen(buf) + 2); 73 | *(d+1) = 0; 74 | strcpy(new_buf, path); 75 | strcat(new_buf, buf); 76 | free(buf); 77 | buf = new_buf; 78 | } 79 | return buf; 80 | } 81 | 82 | /* Buffer too small, increase and retry */ 83 | size += 64; 84 | free(buf); 85 | } 86 | } 87 | 88 | void inotify_dnsmasq_init() 89 | { 90 | struct resolvc *res; 91 | inotify_buffer = safe_malloc(INOTIFY_SZ); 92 | daemon->inotifyfd = inotify_init1(IN_NONBLOCK | IN_CLOEXEC); 93 | 94 | if (daemon->inotifyfd == -1) 95 | die(_("failed to create inotify: %s"), NULL, EC_MISC); 96 | 97 | if (option_bool(OPT_NO_RESOLV)) 98 | return; 99 | 100 | for (res = daemon->resolv_files; res; res = res->next) 101 | { 102 | char *d, *new_path, *path = safe_malloc(strlen(res->name) + 1); 103 | int links = MAXSYMLINKS; 104 | 105 | strcpy(path, res->name); 106 | 107 | /* Follow symlinks until we reach a non-symlink, or a non-existent file. */ 108 | while ((new_path = my_readlink(path))) 109 | { 110 | if (links-- == 0) 111 | die(_("too many symlinks following %s"), res->name, EC_MISC); 112 | free(path); 113 | path = new_path; 114 | } 115 | 116 | res->wd = -1; 117 | 118 | if ((d = strrchr(path, '/'))) 119 | { 120 | *d = 0; /* make path just directory */ 121 | res->wd = inotify_add_watch(daemon->inotifyfd, path, IN_CLOSE_WRITE | IN_MOVED_TO); 122 | 123 | res->file = d+1; /* pointer to filename */ 124 | *d = '/'; 125 | 126 | if (res->wd == -1 && errno == ENOENT) 127 | die(_("directory %s for resolv-file is missing, cannot poll"), res->name, EC_MISC); 128 | } 129 | 130 | if (res->wd == -1) 131 | die(_("failed to create inotify for %s: %s"), res->name, EC_MISC); 132 | 133 | } 134 | } 135 | 136 | 137 | /* initialisation for dynamic-dir. Set inotify watch for each directory, and read pre-existing files */ 138 | void set_dynamic_inotify(int flag, int total_size, struct crec **rhash, int revhashsz) 139 | { 140 | struct hostsfile *ah; 141 | 142 | for (ah = daemon->dynamic_dirs; ah; ah = ah->next) 143 | { 144 | DIR *dir_stream = NULL; 145 | struct dirent *ent; 146 | struct stat buf; 147 | 148 | if (!(ah->flags & flag)) 149 | continue; 150 | 151 | if (stat(ah->fname, &buf) == -1 || !(S_ISDIR(buf.st_mode))) 152 | { 153 | my_syslog(LOG_ERR, _("bad dynamic directory %s: %s"), 154 | ah->fname, strerror(errno)); 155 | continue; 156 | } 157 | 158 | if (!(ah->flags & AH_WD_DONE)) 159 | { 160 | ah->wd = inotify_add_watch(daemon->inotifyfd, ah->fname, IN_CLOSE_WRITE | IN_MOVED_TO); 161 | ah->flags |= AH_WD_DONE; 162 | } 163 | 164 | /* Read contents of dir _after_ calling add_watch, in the hope of avoiding 165 | a race which misses files being added as we start */ 166 | if (ah->wd == -1 || !(dir_stream = opendir(ah->fname))) 167 | { 168 | my_syslog(LOG_ERR, _("failed to create inotify for %s: %s"), 169 | ah->fname, strerror(errno)); 170 | continue; 171 | } 172 | 173 | while ((ent = readdir(dir_stream))) 174 | { 175 | size_t lendir = strlen(ah->fname); 176 | size_t lenfile = strlen(ent->d_name); 177 | char *path; 178 | 179 | /* ignore emacs backups and dotfiles */ 180 | if (lenfile == 0 || 181 | ent->d_name[lenfile - 1] == '~' || 182 | (ent->d_name[0] == '#' && ent->d_name[lenfile - 1] == '#') || 183 | ent->d_name[0] == '.') 184 | continue; 185 | 186 | if ((path = whine_malloc(lendir + lenfile + 2))) 187 | { 188 | strcpy(path, ah->fname); 189 | strcat(path, "/"); 190 | strcat(path, ent->d_name); 191 | 192 | /* ignore non-regular files */ 193 | if (stat(path, &buf) != -1 && S_ISREG(buf.st_mode)) 194 | { 195 | if (ah->flags & AH_HOSTS) 196 | total_size = read_hostsfile(path, ah->index, total_size, rhash, revhashsz); 197 | #ifdef HAVE_DHCP 198 | else if (ah->flags & (AH_DHCP_HST | AH_DHCP_OPT)) 199 | option_read_dynfile(path, ah->flags); 200 | #endif 201 | } 202 | 203 | free(path); 204 | } 205 | } 206 | 207 | closedir(dir_stream); 208 | } 209 | } 210 | 211 | int inotify_check(time_t now) 212 | { 213 | int hit = 0; 214 | struct hostsfile *ah; 215 | 216 | while (1) 217 | { 218 | int rc; 219 | char *p; 220 | struct resolvc *res; 221 | struct inotify_event *in; 222 | 223 | while ((rc = read(daemon->inotifyfd, inotify_buffer, INOTIFY_SZ)) == -1 && errno == EINTR); 224 | 225 | if (rc <= 0) 226 | break; 227 | 228 | for (p = inotify_buffer; rc - (p - inotify_buffer) >= (int)sizeof(struct inotify_event); p += sizeof(struct inotify_event) + in->len) 229 | { 230 | in = (struct inotify_event*)p; 231 | 232 | for (res = daemon->resolv_files; res; res = res->next) 233 | if (res->wd == in->wd && in->len != 0 && strcmp(res->file, in->name) == 0) 234 | hit = 1; 235 | 236 | /* ignore emacs backups and dotfiles */ 237 | if (in->len == 0 || 238 | in->name[in->len - 1] == '~' || 239 | (in->name[0] == '#' && in->name[in->len - 1] == '#') || 240 | in->name[0] == '.') 241 | continue; 242 | 243 | for (ah = daemon->dynamic_dirs; ah; ah = ah->next) 244 | if (ah->wd == in->wd) 245 | { 246 | size_t lendir = strlen(ah->fname); 247 | char *path; 248 | 249 | if ((path = whine_malloc(lendir + in->len + 2))) 250 | { 251 | strcpy(path, ah->fname); 252 | strcat(path, "/"); 253 | strcat(path, in->name); 254 | 255 | my_syslog(LOG_INFO, _("inotify, new or changed file %s"), path); 256 | 257 | if (ah->flags & AH_HOSTS) 258 | { 259 | read_hostsfile(path, ah->index, 0, NULL, 0); 260 | #ifdef HAVE_DHCP 261 | if (daemon->dhcp || daemon->doing_dhcp6) 262 | { 263 | /* Propagate the consequences of loading a new dhcp-host */ 264 | dhcp_update_configs(daemon->dhcp_conf); 265 | lease_update_from_configs(); 266 | lease_update_file(now); 267 | lease_update_dns(1); 268 | } 269 | #endif 270 | } 271 | #ifdef HAVE_DHCP 272 | else if (ah->flags & AH_DHCP_HST) 273 | { 274 | if (option_read_dynfile(path, AH_DHCP_HST)) 275 | { 276 | /* Propagate the consequences of loading a new dhcp-host */ 277 | dhcp_update_configs(daemon->dhcp_conf); 278 | lease_update_from_configs(); 279 | lease_update_file(now); 280 | lease_update_dns(1); 281 | } 282 | } 283 | else if (ah->flags & AH_DHCP_OPT) 284 | option_read_dynfile(path, AH_DHCP_OPT); 285 | #endif 286 | 287 | free(path); 288 | } 289 | } 290 | } 291 | } 292 | return hit; 293 | } 294 | 295 | #endif /* INOTIFY */ 296 | 297 | --------------------------------------------------------------------------------