1 /* dnsmasq is Copyright (c) 2000-2011 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 static struct frec *lookup_frec(unsigned short id, unsigned int crc);
20 static struct frec *lookup_frec_by_sender(unsigned short id,
21 union mysockaddr *addr,
23 static unsigned short get_id(unsigned int crc);
24 static void free_frec(struct frec *f);
25 static struct randfd *allocate_rfd(int family);
27 /* Send a UDP packet with its source address set as "source"
28 unless nowild is true, when we just send it with the kernel default */
29 static void send_from(int fd, int nowild, char *packet, size_t len,
30 union mysockaddr *to, struct all_addr *source,
36 struct cmsghdr align; /* this ensures alignment */
37 #if defined(HAVE_LINUX_NETWORK)
38 char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
39 #elif defined(IP_SENDSRCADDR)
40 char control[CMSG_SPACE(sizeof(struct in_addr))];
43 char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
47 iov[0].iov_base = packet;
50 msg.msg_control = NULL;
51 msg.msg_controllen = 0;
54 msg.msg_namelen = sa_len(to);
60 struct cmsghdr *cmptr;
61 msg.msg_control = &control_u;
62 msg.msg_controllen = sizeof(control_u);
63 cmptr = CMSG_FIRSTHDR(&msg);
65 if (to->sa.sa_family == AF_INET)
67 #if defined(HAVE_LINUX_NETWORK)
70 p.ipi_spec_dst = source->addr.addr4;
71 memcpy(CMSG_DATA(cmptr), &p, sizeof(p));
72 msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
73 cmptr->cmsg_level = SOL_IP;
74 cmptr->cmsg_type = IP_PKTINFO;
75 #elif defined(IP_SENDSRCADDR)
76 memcpy(CMSG_DATA(cmptr), &(source->addr.addr4), sizeof(source->addr.addr4));
77 msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
78 cmptr->cmsg_level = IPPROTO_IP;
79 cmptr->cmsg_type = IP_SENDSRCADDR;
86 p.ipi6_ifindex = iface; /* Need iface for IPv6 to handle link-local addrs */
87 p.ipi6_addr = source->addr.addr6;
88 memcpy(CMSG_DATA(cmptr), &p, sizeof(p));
89 msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
90 cmptr->cmsg_type = daemon->v6pktinfo;
91 cmptr->cmsg_level = IPV6_LEVEL;
94 iface = 0; /* eliminate warning */
99 if (sendmsg(fd, &msg, 0) == -1)
101 /* certain Linux kernels seem to object to setting the source address in the IPv6 stack
102 by returning EINVAL from sendmsg. In that case, try again without setting the
103 source address, since it will nearly alway be correct anyway. IPv6 stinks. */
104 if (errno == EINVAL && msg.msg_controllen)
106 msg.msg_controllen = 0;
114 static unsigned int search_servers(time_t now, struct all_addr **addrpp,
115 unsigned int qtype, char *qdomain, int *type, char **domain, int *norebind)
118 /* If the query ends in the domain in one of our servers, set
119 domain to point to that name. We find the largest match to allow both
120 domain.org and sub.domain.org to exist. */
122 unsigned int namelen = strlen(qdomain);
123 unsigned int matchlen = 0;
125 unsigned int flags = 0;
127 for (serv = daemon->servers; serv; serv=serv->next)
128 /* domain matches take priority over NODOTS matches */
129 if ((serv->flags & SERV_FOR_NODOTS) && *type != SERV_HAS_DOMAIN && !strchr(qdomain, '.') && namelen != 0)
131 unsigned int sflag = serv->addr.sa.sa_family == AF_INET ? F_IPV4 : F_IPV6;
132 *type = SERV_FOR_NODOTS;
133 if (serv->flags & SERV_NO_ADDR)
135 else if (serv->flags & SERV_LITERAL_ADDRESS)
140 if (serv->addr.sa.sa_family == AF_INET)
141 *addrpp = (struct all_addr *)&serv->addr.in.sin_addr;
144 *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
147 else if (!flags || (flags & F_NXDOMAIN))
151 else if (serv->flags & SERV_HAS_DOMAIN)
153 unsigned int domainlen = strlen(serv->domain);
154 char *matchstart = qdomain + namelen - domainlen;
155 if (namelen >= domainlen &&
156 hostname_isequal(matchstart, serv->domain) &&
157 (domainlen == 0 || namelen == domainlen || *(matchstart-1) == '.' ))
159 if (serv->flags & SERV_NO_REBIND)
163 unsigned int sflag = serv->addr.sa.sa_family == AF_INET ? F_IPV4 : F_IPV6;
164 /* implement priority rules for --address and --server for same domain.
165 --address wins if the address is for the correct AF
166 --server wins otherwise. */
167 if (domainlen != 0 && domainlen == matchlen)
169 if ((serv->flags & SERV_LITERAL_ADDRESS))
171 if (!(sflag & qtype) && flags == 0)
176 if (flags & (F_IPV4 | F_IPV6))
181 if (domainlen >= matchlen)
183 *type = serv->flags & (SERV_HAS_DOMAIN | SERV_USE_RESOLV | SERV_NO_REBIND);
184 *domain = serv->domain;
185 matchlen = domainlen;
186 if (serv->flags & SERV_NO_ADDR)
188 else if (serv->flags & SERV_LITERAL_ADDRESS)
193 if (serv->addr.sa.sa_family == AF_INET)
194 *addrpp = (struct all_addr *)&serv->addr.in.sin_addr;
197 *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
200 else if (!flags || (flags & F_NXDOMAIN))
210 if (flags == 0 && !(qtype & F_NSRR) &&
211 option_bool(OPT_NODOTS_LOCAL) && !strchr(qdomain, '.') && namelen != 0)
212 /* don't forward simple names, make exception for NS queries and empty name. */
215 if (flags == F_NXDOMAIN && check_for_local_domain(qdomain, now))
222 if (flags == F_NXDOMAIN || flags == F_NOERR)
223 logflags = F_NEG | qtype;
225 log_query(logflags | flags | F_CONFIG | F_FORWARD, qdomain, *addrpp, NULL);
227 else if ((*type) & SERV_USE_RESOLV)
229 *type = 0; /* use normal servers for this domain */
235 static int forward_query(int udpfd, union mysockaddr *udpaddr,
236 struct all_addr *dst_addr, unsigned int dst_iface,
237 struct dns_header *header, size_t plen, time_t now, struct frec *forward)
240 int type = 0, norebind = 0;
241 struct all_addr *addrp = NULL;
242 unsigned int crc = questions_crc(header, plen, daemon->namebuff);
243 unsigned int flags = 0;
244 unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
245 struct server *start = NULL;
247 /* RFC 4035: sect 4.6 para 2 */
248 header->hb4 &= ~HB4_AD;
250 /* may be no servers available. */
251 if (!daemon->servers)
253 else if (forward || (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, crc)))
255 /* retry on existing query, send to all available servers */
256 domain = forward->sentto->domain;
257 forward->sentto->failed_queries++;
258 if (!option_bool(OPT_ORDER))
260 forward->forwardall = 1;
261 daemon->last_server = NULL;
263 type = forward->sentto->flags & SERV_TYPE;
264 if (!(start = forward->sentto->next))
265 start = daemon->servers; /* at end of list, recycle */
266 header->id = htons(forward->new_id);
271 flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain, &norebind);
273 if (!flags && !(forward = get_new_frec(now, NULL)))
274 /* table full - server failure. */
279 forward->source = *udpaddr;
280 forward->dest = *dst_addr;
281 forward->iface = dst_iface;
282 forward->orig_id = ntohs(header->id);
283 forward->new_id = get_id(crc);
286 forward->forwardall = 0;
288 forward->flags |= FREC_NOREBIND;
289 if (header->hb4 & HB4_CD)
290 forward->flags |= FREC_CHECKING_DISABLED;
292 header->id = htons(forward->new_id);
294 /* In strict_order mode, always try servers in the order
295 specified in resolv.conf, if a domain is given
296 always try all the available servers,
297 otherwise, use the one last known to work. */
301 if (option_bool(OPT_ORDER))
302 start = daemon->servers;
303 else if (!(start = daemon->last_server) ||
304 daemon->forwardcount++ > FORWARD_TEST ||
305 difftime(now, daemon->forwardtime) > FORWARD_TIME)
307 start = daemon->servers;
308 forward->forwardall = 1;
309 daemon->forwardcount = 0;
310 daemon->forwardtime = now;
315 start = daemon->servers;
316 if (!option_bool(OPT_ORDER))
317 forward->forwardall = 1;
322 /* check for send errors here (no route to host)
323 if we fail to send to all nameservers, send back an error
324 packet straight away (helps modem users when offline) */
326 if (!flags && forward)
328 struct server *firstsentto = start;
331 if (udpaddr && option_bool(OPT_ADD_MAC))
332 plen = add_mac(header, plen, ((char *) header) + PACKETSZ, udpaddr);
336 /* only send to servers dealing with our domain.
337 domain may be NULL, in which case server->domain
338 must be NULL also. */
340 if (type == (start->flags & SERV_TYPE) &&
341 (type != SERV_HAS_DOMAIN || hostname_isequal(domain, start->domain)) &&
342 !(start->flags & SERV_LITERAL_ADDRESS))
346 /* find server socket to use, may need to get random one. */
352 if (start->addr.sa.sa_family == AF_INET6)
354 if (!forward->rfd6 &&
355 !(forward->rfd6 = allocate_rfd(AF_INET6)))
357 daemon->rfd_save = forward->rfd6;
358 fd = forward->rfd6->fd;
363 if (!forward->rfd4 &&
364 !(forward->rfd4 = allocate_rfd(AF_INET)))
366 daemon->rfd_save = forward->rfd4;
367 fd = forward->rfd4->fd;
371 if (sendto(fd, (char *)header, plen, 0,
373 sa_len(&start->addr)) == -1)
380 /* Keep info in case we want to re-send this packet */
381 daemon->srv_save = start;
382 daemon->packet_len = plen;
385 strcpy(daemon->namebuff, "query");
386 if (start->addr.sa.sa_family == AF_INET)
387 log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff,
388 (struct all_addr *)&start->addr.in.sin_addr, NULL);
391 log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff,
392 (struct all_addr *)&start->addr.in6.sin6_addr, NULL);
396 forward->sentto = start;
397 if (!forward->forwardall)
399 forward->forwardall++;
403 if (!(start = start->next))
404 start = daemon->servers;
406 if (start == firstsentto)
413 /* could not send on, prepare to return */
414 header->id = htons(forward->orig_id);
415 free_frec(forward); /* cancel */
418 /* could not send on, return empty answer or address if known for whole domain */
421 plen = setup_reply(header, plen, addrp, flags, daemon->local_ttl);
422 send_from(udpfd, option_bool(OPT_NOWILD), (char *)header, plen, udpaddr, dst_addr, dst_iface);
428 static size_t process_reply(struct dns_header *header, time_t now,
429 struct server *server, size_t n, int check_rebind, int checking_disabled)
431 unsigned char *pheader, *sizep;
432 int munged = 0, is_sign;
435 /* If upstream is advertising a larger UDP packet size
436 than we allow, trim it so that we don't get overlarge
437 requests for the client. We can't do this for signed packets. */
439 if ((pheader = find_pseudoheader(header, n, &plen, &sizep, &is_sign)) && !is_sign)
441 unsigned short udpsz;
442 unsigned char *psave = sizep;
444 GETSHORT(udpsz, sizep);
445 if (udpsz > daemon->edns_pktsz)
446 PUTSHORT(daemon->edns_pktsz, psave);
449 /* RFC 4035 sect 4.6 para 3 */
450 if (!is_sign && !option_bool(OPT_DNSSEC))
451 header->hb4 &= ~HB4_AD;
453 if (OPCODE(header) != QUERY || (RCODE(header) != NOERROR && RCODE(header) != NXDOMAIN))
456 /* Complain loudly if the upstream server is non-recursive. */
457 if (!(header->hb4 & HB4_RA) && RCODE(header) == NOERROR && ntohs(header->ancount) == 0 &&
458 server && !(server->flags & SERV_WARNED_RECURSIVE))
460 prettyprint_addr(&server->addr, daemon->namebuff);
461 my_syslog(LOG_WARNING, _("nameserver %s refused to do a recursive query"), daemon->namebuff);
462 if (!option_bool(OPT_LOG))
463 server->flags |= SERV_WARNED_RECURSIVE;
466 if (daemon->bogus_addr && RCODE(header) != NXDOMAIN &&
467 check_for_bogus_wildcard(header, n, daemon->namebuff, daemon->bogus_addr, now))
470 SET_RCODE(header, NXDOMAIN);
471 header->hb3 &= ~HB3_AA;
475 if (RCODE(header) == NXDOMAIN &&
476 extract_request(header, n, daemon->namebuff, NULL) &&
477 check_for_local_domain(daemon->namebuff, now))
479 /* if we forwarded a query for a locally known name (because it was for
480 an unknown type) and the answer is NXDOMAIN, convert that to NODATA,
481 since we know that the domain exists, even if upstream doesn't */
483 header->hb3 |= HB3_AA;
484 SET_RCODE(header, NOERROR);
487 if (extract_addresses(header, n, daemon->namebuff, now, is_sign, check_rebind, checking_disabled))
489 my_syslog(LOG_WARNING, _("possible DNS-rebind attack detected: %s"), daemon->namebuff);
494 /* do this after extract_addresses. Ensure NODATA reply and remove
499 header->ancount = htons(0);
500 header->nscount = htons(0);
501 header->arcount = htons(0);
504 /* the bogus-nxdomain stuff, doctor and NXDOMAIN->NODATA munging can all elide
505 sections of the packet. Find the new length here and put back pseudoheader
506 if it was removed. */
507 return resize_packet(header, n, pheader, plen);
510 /* sets new last_server */
511 void reply_query(int fd, int family, time_t now)
513 /* packet from peer server, extract data for cache, and send to
514 original requester */
515 struct dns_header *header;
516 union mysockaddr serveraddr;
517 struct frec *forward;
518 socklen_t addrlen = sizeof(serveraddr);
519 ssize_t n = recvfrom(fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen);
521 struct server *server;
523 /* packet buffer overwritten */
524 daemon->srv_save = NULL;
526 /* Determine the address of the server replying so that we can mark that as good */
527 serveraddr.sa.sa_family = family;
529 if (serveraddr.sa.sa_family == AF_INET6)
530 serveraddr.in6.sin6_flowinfo = 0;
533 /* spoof check: answer must come from known server, */
534 for (server = daemon->servers; server; server = server->next)
535 if (!(server->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) &&
536 sockaddr_isequal(&server->addr, &serveraddr))
539 header = (struct dns_header *)daemon->packet;
542 n < (int)sizeof(struct dns_header) || !(header->hb3 & HB3_QR) ||
543 !(forward = lookup_frec(ntohs(header->id), questions_crc(header, n, daemon->namebuff))))
546 server = forward->sentto;
548 if ((RCODE(header) == SERVFAIL || RCODE(header) == REFUSED) &&
549 !option_bool(OPT_ORDER) &&
550 forward->forwardall == 0)
551 /* for broken servers, attempt to send to another one. */
553 unsigned char *pheader;
557 /* recreate query from reply */
558 pheader = find_pseudoheader(header, (size_t)n, &plen, NULL, &is_sign);
561 header->ancount = htons(0);
562 header->nscount = htons(0);
563 header->arcount = htons(0);
564 if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
566 header->hb3 &= ~(HB3_QR | HB3_TC);
567 forward_query(-1, NULL, NULL, 0, header, nn, now, forward);
573 if ((forward->sentto->flags & SERV_TYPE) == 0)
575 if (RCODE(header) == SERVFAIL || RCODE(header) == REFUSED)
579 struct server *last_server;
581 /* find good server by address if possible, otherwise assume the last one we sent to */
582 for (last_server = daemon->servers; last_server; last_server = last_server->next)
583 if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) &&
584 sockaddr_isequal(&last_server->addr, &serveraddr))
586 server = last_server;
590 if (!option_bool(OPT_ALL_SERVERS))
591 daemon->last_server = server;
594 /* If the answer is an error, keep the forward record in place in case
595 we get a good reply from another server. Kill it when we've
596 had replies from all to avoid filling the forwarding table when
597 everything is broken */
598 if (forward->forwardall == 0 || --forward->forwardall == 1 ||
599 (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL))
601 int check_rebind = !(forward->flags & FREC_NOREBIND);
603 if (!option_bool(OPT_NO_REBIND))
606 if ((nn = process_reply(header, now, server, (size_t)n, check_rebind, forward->flags & FREC_CHECKING_DISABLED)))
608 header->id = htons(forward->orig_id);
609 header->hb4 |= HB4_RA; /* recursion if available */
610 send_from(forward->fd, option_bool(OPT_NOWILD), daemon->packet, nn,
611 &forward->source, &forward->dest, forward->iface);
613 free_frec(forward); /* cancel */
618 void receive_query(struct listener *listen, time_t now)
620 struct dns_header *header = (struct dns_header *)daemon->packet;
621 union mysockaddr source_addr;
623 struct all_addr dst_addr;
624 struct in_addr netmask, dst_addr_4;
630 struct cmsghdr *cmptr;
632 struct cmsghdr align; /* this ensures alignment */
634 char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
636 #if defined(HAVE_LINUX_NETWORK)
637 char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
638 #elif defined(IP_RECVDSTADDR) && defined(HAVE_SOLARIS_NETWORK)
639 char control[CMSG_SPACE(sizeof(struct in_addr)) +
640 CMSG_SPACE(sizeof(unsigned int))];
641 #elif defined(IP_RECVDSTADDR)
642 char control[CMSG_SPACE(sizeof(struct in_addr)) +
643 CMSG_SPACE(sizeof(struct sockaddr_dl))];
647 /* packet buffer overwritten */
648 daemon->srv_save = NULL;
650 if (listen->family == AF_INET && option_bool(OPT_NOWILD))
652 dst_addr_4 = listen->iface->addr.in.sin_addr;
653 netmask = listen->iface->netmask;
657 dst_addr_4.s_addr = 0;
661 iov[0].iov_base = daemon->packet;
662 iov[0].iov_len = daemon->edns_pktsz;
664 msg.msg_control = control_u.control;
665 msg.msg_controllen = sizeof(control_u);
667 msg.msg_name = &source_addr;
668 msg.msg_namelen = sizeof(source_addr);
672 if ((n = recvmsg(listen->fd, &msg, 0)) == -1)
675 if (n < (int)sizeof(struct dns_header) ||
676 (msg.msg_flags & MSG_TRUNC) ||
677 (header->hb3 & HB3_QR))
680 source_addr.sa.sa_family = listen->family;
682 if (listen->family == AF_INET6)
683 source_addr.in6.sin6_flowinfo = 0;
686 if (!option_bool(OPT_NOWILD))
690 if (msg.msg_controllen < sizeof(struct cmsghdr))
693 #if defined(HAVE_LINUX_NETWORK)
694 if (listen->family == AF_INET)
695 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
696 if (cmptr->cmsg_level == SOL_IP && cmptr->cmsg_type == IP_PKTINFO)
700 struct in_pktinfo *p;
702 p.c = CMSG_DATA(cmptr);
703 dst_addr_4 = dst_addr.addr.addr4 = p.p->ipi_spec_dst;
704 if_index = p.p->ipi_ifindex;
706 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
707 if (listen->family == AF_INET)
709 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
715 #ifndef HAVE_SOLARIS_NETWORK
716 struct sockaddr_dl *s;
719 p.c = CMSG_DATA(cmptr);
720 if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVDSTADDR)
721 dst_addr_4 = dst_addr.addr.addr4 = *(p.a);
722 else if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
723 #ifdef HAVE_SOLARIS_NETWORK
726 if_index = p.s->sdl_index;
733 if (listen->family == AF_INET6)
735 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
736 if (cmptr->cmsg_level == IPV6_LEVEL && cmptr->cmsg_type == daemon->v6pktinfo)
740 struct in6_pktinfo *p;
742 p.c = CMSG_DATA(cmptr);
744 dst_addr.addr.addr6 = p.p->ipi6_addr;
745 if_index = p.p->ipi6_ifindex;
750 /* enforce available interface configuration */
752 if (!indextoname(listen->fd, if_index, ifr.ifr_name) ||
753 !iface_check(listen->family, &dst_addr, ifr.ifr_name, &if_index))
756 if (listen->family == AF_INET &&
757 option_bool(OPT_LOCALISE) &&
758 ioctl(listen->fd, SIOCGIFNETMASK, &ifr) == -1)
761 netmask = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
764 if (extract_request(header, (size_t)n, daemon->namebuff, &type))
768 querystr(types, type);
770 if (listen->family == AF_INET)
771 log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
772 (struct all_addr *)&source_addr.in.sin_addr, types);
775 log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff,
776 (struct all_addr *)&source_addr.in6.sin6_addr, types);
780 m = answer_request (header, ((char *) header) + PACKETSZ, (size_t)n,
781 dst_addr_4, netmask, now);
784 send_from(listen->fd, option_bool(OPT_NOWILD), (char *)header,
785 m, &source_addr, &dst_addr, if_index);
786 daemon->local_answer++;
788 else if (forward_query(listen->fd, &source_addr, &dst_addr, if_index,
789 header, (size_t)n, now, NULL))
790 daemon->queries_forwarded++;
792 daemon->local_answer++;
795 /* The daemon forks before calling this: it should deal with one connection,
796 blocking as neccessary, and then return. Note, need to be a bit careful
797 about resources for debug mode, when the fork is suppressed: that's
798 done by the caller. */
799 unsigned char *tcp_request(int confd, time_t now,
800 struct in_addr local_addr, struct in_addr netmask)
804 int checking_disabled;
806 unsigned short qtype, gotname;
807 unsigned char c1, c2;
808 /* Max TCP packet + slop */
809 unsigned char *packet = whine_malloc(65536 + MAXDNAME + RRFIXEDSZ);
810 struct dns_header *header;
811 struct server *last_server;
816 !read_write(confd, &c1, 1, 1) || !read_write(confd, &c2, 1, 1) ||
817 !(size = c1 << 8 | c2) ||
818 !read_write(confd, packet, size, 1))
821 if (size < (int)sizeof(struct dns_header))
824 header = (struct dns_header *)packet;
826 /* save state of "cd" flag in query */
827 checking_disabled = header->hb4 & HB4_CD;
829 /* RFC 4035: sect 4.6 para 2 */
830 header->hb4 &= ~HB4_AD;
832 if ((gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype)))
834 union mysockaddr peer_addr;
835 socklen_t peer_len = sizeof(union mysockaddr);
837 if (getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) != -1)
841 querystr(types, qtype);
843 if (peer_addr.sa.sa_family == AF_INET)
844 log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
845 (struct all_addr *)&peer_addr.in.sin_addr, types);
848 log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff,
849 (struct all_addr *)&peer_addr.in6.sin6_addr, types);
854 /* m > 0 if answered from cache */
855 m = answer_request(header, ((char *) header) + 65536, (unsigned int)size,
856 local_addr, netmask, now);
858 /* Do this by steam now we're not in the select() loop */
859 check_log_writer(NULL);
863 unsigned int flags = 0;
864 struct all_addr *addrp = NULL;
868 if (option_bool(OPT_ADD_MAC))
870 union mysockaddr peer_addr;
871 socklen_t peer_len = sizeof(union mysockaddr);
873 if (getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) != -1)
874 size = add_mac(header, size, ((char *) header) + 65536, &peer_addr);
878 flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain, &norebind);
880 if (type != 0 || option_bool(OPT_ORDER) || !daemon->last_server)
881 last_server = daemon->servers;
883 last_server = daemon->last_server;
885 if (!flags && last_server)
887 struct server *firstsendto = NULL;
888 unsigned int crc = questions_crc(header, (unsigned int)size, daemon->namebuff);
890 /* Loop round available servers until we succeed in connecting to one.
891 Note that this code subtley ensures that consecutive queries on this connection
892 which can go to the same server, do so. */
896 firstsendto = last_server;
899 if (!(last_server = last_server->next))
900 last_server = daemon->servers;
902 if (last_server == firstsendto)
906 /* server for wrong domain */
907 if (type != (last_server->flags & SERV_TYPE) ||
908 (type == SERV_HAS_DOMAIN && !hostname_isequal(domain, last_server->domain)))
911 if ((last_server->tcpfd == -1) &&
912 (last_server->tcpfd = socket(last_server->addr.sa.sa_family, SOCK_STREAM, 0)) != -1 &&
913 (!local_bind(last_server->tcpfd, &last_server->source_addr, last_server->interface, 1) ||
914 connect(last_server->tcpfd, &last_server->addr.sa, sa_len(&last_server->addr)) == -1))
916 close(last_server->tcpfd);
917 last_server->tcpfd = -1;
920 if (last_server->tcpfd == -1)
926 if (!read_write(last_server->tcpfd, &c1, 1, 0) ||
927 !read_write(last_server->tcpfd, &c2, 1, 0) ||
928 !read_write(last_server->tcpfd, packet, size, 0) ||
929 !read_write(last_server->tcpfd, &c1, 1, 1) ||
930 !read_write(last_server->tcpfd, &c2, 1, 1))
932 close(last_server->tcpfd);
933 last_server->tcpfd = -1;
938 if (!read_write(last_server->tcpfd, packet, m, 1))
942 strcpy(daemon->namebuff, "query");
943 if (last_server->addr.sa.sa_family == AF_INET)
944 log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff,
945 (struct all_addr *)&last_server->addr.in.sin_addr, NULL);
948 log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff,
949 (struct all_addr *)&last_server->addr.in6.sin6_addr, NULL);
952 /* There's no point in updating the cache, since this process will exit and
953 lose the information after a few queries. We make this call for the alias and
954 bogus-nxdomain side-effects. */
955 /* If the crc of the question section doesn't match the crc we sent, then
956 someone might be attempting to insert bogus values into the cache by
957 sending replies containing questions and bogus answers. */
958 if (crc == questions_crc(header, (unsigned int)m, daemon->namebuff))
959 m = process_reply(header, now, last_server, (unsigned int)m,
960 option_bool(OPT_NO_REBIND) && !norebind, checking_disabled);
966 /* In case of local answer or no connections made. */
968 m = setup_reply(header, (unsigned int)size, addrp, flags, daemon->local_ttl);
971 check_log_writer(NULL);
975 if (!read_write(confd, &c1, 1, 0) ||
976 !read_write(confd, &c2, 1, 0) ||
977 !read_write(confd, packet, m, 0))
982 static struct frec *allocate_frec(time_t now)
986 if ((f = (struct frec *)whine_malloc(sizeof(struct frec))))
988 f->next = daemon->frec_list;
996 daemon->frec_list = f;
1002 static struct randfd *allocate_rfd(int family)
1004 static int finger = 0;
1007 /* limit the number of sockets we have open to avoid starvation of
1008 (eg) TFTP. Once we have a reasonable number, randomness should be OK */
1010 for (i = 0; i < RANDOM_SOCKS; i++)
1011 if (daemon->randomsocks[i].refcount == 0)
1013 if ((daemon->randomsocks[i].fd = random_sock(family)) == -1)
1016 daemon->randomsocks[i].refcount = 1;
1017 daemon->randomsocks[i].family = family;
1018 return &daemon->randomsocks[i];
1021 /* No free ones or cannot get new socket, grab an existing one */
1022 for (i = 0; i < RANDOM_SOCKS; i++)
1024 int j = (i+finger) % RANDOM_SOCKS;
1025 if (daemon->randomsocks[j].refcount != 0 &&
1026 daemon->randomsocks[j].family == family &&
1027 daemon->randomsocks[j].refcount != 0xffff)
1030 daemon->randomsocks[j].refcount++;
1031 return &daemon->randomsocks[j];
1035 return NULL; /* doom */
1038 static void free_frec(struct frec *f)
1040 if (f->rfd4 && --(f->rfd4->refcount) == 0)
1048 if (f->rfd6 && --(f->rfd6->refcount) == 0)
1055 /* if wait==NULL return a free or older than TIMEOUT record.
1056 else return *wait zero if one available, or *wait is delay to
1057 when the oldest in-use record will expire. Impose an absolute
1058 limit of 4*TIMEOUT before we wipe things (for random sockets) */
1059 struct frec *get_new_frec(time_t now, int *wait)
1061 struct frec *f, *oldest, *target;
1067 for (f = daemon->frec_list, oldest = NULL, target = NULL, count = 0; f; f = f->next, count++)
1072 if (difftime(now, f->time) >= 4*TIMEOUT)
1078 if (!oldest || difftime(f->time, oldest->time) <= 0)
1088 /* can't find empty one, use oldest if there is one
1089 and it's older than timeout */
1090 if (oldest && ((int)difftime(now, oldest->time)) >= TIMEOUT)
1092 /* keep stuff for twice timeout if we can by allocating a new
1094 if (difftime(now, oldest->time) < 2*TIMEOUT &&
1095 count <= daemon->ftabsize &&
1096 (f = allocate_frec(now)))
1107 /* none available, calculate time 'till oldest record expires */
1108 if (count > daemon->ftabsize)
1111 *wait = oldest->time + (time_t)TIMEOUT - now;
1115 if (!(f = allocate_frec(now)) && wait)
1116 /* wait one second on malloc failure */
1119 return f; /* OK if malloc fails and this is NULL */
1122 /* crc is all-ones if not known. */
1123 static struct frec *lookup_frec(unsigned short id, unsigned int crc)
1127 for(f = daemon->frec_list; f; f = f->next)
1128 if (f->sentto && f->new_id == id &&
1129 (f->crc == crc || crc == 0xffffffff))
1135 static struct frec *lookup_frec_by_sender(unsigned short id,
1136 union mysockaddr *addr,
1141 for(f = daemon->frec_list; f; f = f->next)
1145 sockaddr_isequal(&f->source, addr))
1151 /* A server record is going away, remove references to it */
1152 void server_gone(struct server *server)
1156 for (f = daemon->frec_list; f; f = f->next)
1157 if (f->sentto && f->sentto == server)
1160 if (daemon->last_server == server)
1161 daemon->last_server = NULL;
1163 if (daemon->srv_save == server)
1164 daemon->srv_save = NULL;
1167 /* return unique random ids. */
1168 static unsigned short get_id(unsigned int crc)
1170 unsigned short ret = 0;
1174 while (lookup_frec(ret, crc));