1 /* dnsmasq is Copyright (c) 2000-2009 Simon Kelley
2 
3    This program is free software; you can redistribute it and/or modify
4    it under the terms of the GNU General Public License as published by
5    the Free Software Foundation; version 2 dated June, 1991, or
6    (at your option) version 3 dated 29 June, 2007.
7 
8    This program is distributed in the hope that it will be useful,
9    but WITHOUT ANY WARRANTY; without even the implied warranty of
10    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11    GNU General Public License for more details.
12 
13    You should have received a copy of the GNU General Public License
14    along with this program.  If not, see <http://www.gnu.org/licenses/>.
15 */
16 
17 #include "dnsmasq.h"
18 
19 static const char SEPARATOR[] = "|";
20 
21 #ifdef HAVE_LINUX_NETWORK
22 
indextoname(int fd,int index,char * name)23 int indextoname(int fd, int index, char* name) {
24     struct ifreq ifr;
25 
26     if (index == 0) return 0;
27 
28     ifr.ifr_ifindex = index;
29     if (ioctl(fd, SIOCGIFNAME, &ifr) == -1) return 0;
30 
31     strncpy(name, ifr.ifr_name, IF_NAMESIZE);
32 
33     return 1;
34 }
35 
36 #else
37 
indextoname(int fd,int index,char * name)38 int indextoname(int fd, int index, char* name) {
39     if (index == 0 || !if_indextoname(index, name)) return 0;
40 
41     return 1;
42 }
43 
44 #endif
45 
iface_check(int family,struct all_addr * addr,char * name,int * indexp)46 int iface_check(int family, struct all_addr* addr, char* name, int* indexp) {
47     struct iname* tmp;
48     int ret = 1;
49 
50     /* Note: have to check all and not bail out early, so that we set the
51        "used" flags. */
52 
53     if (indexp) {
54         /* One form of bridging on BSD has the property that packets
55        can be recieved on bridge interfaces which do not have an IP address.
56        We allow these to be treated as aliases of another interface which does have
57        an IP address with --dhcp-bridge=interface,alias,alias */
58         struct dhcp_bridge *bridge, *alias;
59         for (bridge = daemon->bridges; bridge; bridge = bridge->next) {
60             for (alias = bridge->alias; alias; alias = alias->next)
61                 if (strncmp(name, alias->iface, IF_NAMESIZE) == 0) {
62                     int newindex;
63 
64                     if (!(newindex = if_nametoindex(bridge->iface))) {
65                         my_syslog(LOG_WARNING, _("unknown interface %s in bridge-interface"), name);
66                         return 0;
67                     } else {
68                         *indexp = newindex;
69                         strncpy(name, bridge->iface, IF_NAMESIZE);
70                         break;
71                     }
72                 }
73             if (alias) break;
74         }
75     }
76 
77     if (daemon->if_names || (addr && daemon->if_addrs)) {
78         ret = 0;
79 
80         for (tmp = daemon->if_names; tmp; tmp = tmp->next)
81             if (tmp->name && (strcmp(tmp->name, name) == 0)) ret = tmp->used = 1;
82 
83         for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
84             if (addr && tmp->addr.sa.sa_family == family) {
85                 if (family == AF_INET && tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
86                     ret = tmp->used = 1;
87 #ifdef HAVE_IPV6
88                 else if (family == AF_INET6 &&
89                          IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6) &&
90                          (!IN6_IS_ADDR_LINKLOCAL(&addr->addr.addr6) ||
91                           (tmp->addr.in6.sin6_scope_id == (uint32_t) *indexp)))
92                     ret = tmp->used = 1;
93 #endif
94             }
95     }
96 
97     for (tmp = daemon->if_except; tmp; tmp = tmp->next)
98         if (tmp->name && (strcmp(tmp->name, name) == 0)) ret = 0;
99 
100     return ret;
101 }
102 
iface_allowed(struct irec ** irecp,int if_index,union mysockaddr * addr,struct in_addr netmask)103 static int iface_allowed(struct irec** irecp, int if_index, union mysockaddr* addr,
104                          struct in_addr netmask) {
105     struct irec* iface;
106     int fd, mtu = 0, loopback;
107     struct ifreq ifr;
108     int dhcp_ok = 1;
109     struct iname* tmp;
110 
111     /* check whether the interface IP has been added already
112        we call this routine multiple times. */
113     for (iface = *irecp; iface; iface = iface->next)
114         if (sockaddr_isequal(&iface->addr, addr)) return 1;
115 
116     if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1 || !indextoname(fd, if_index, ifr.ifr_name) ||
117         ioctl(fd, SIOCGIFFLAGS, &ifr) == -1) {
118         if (fd != -1) {
119             int errsave = errno;
120             close(fd);
121             errno = errsave;
122         }
123         return 0;
124     }
125 
126     loopback = ifr.ifr_flags & IFF_LOOPBACK;
127 
128     if (ioctl(fd, SIOCGIFMTU, &ifr) != -1) mtu = ifr.ifr_mtu;
129 
130     close(fd);
131 
132     /* If we are restricting the set of interfaces to use, make
133        sure that loopback interfaces are in that set. */
134     if (daemon->if_names && loopback) {
135         struct iname* lo;
136         for (lo = daemon->if_names; lo; lo = lo->next)
137             if (lo->name && strcmp(lo->name, ifr.ifr_name) == 0) {
138                 lo->isloop = 1;
139                 break;
140             }
141 
142         if (!lo && (lo = whine_malloc(sizeof(struct iname))) &&
143             (lo->name = whine_malloc(strlen(ifr.ifr_name) + 1))) {
144             strcpy(lo->name, ifr.ifr_name);
145             lo->isloop = lo->used = 1;
146             lo->next = daemon->if_names;
147             daemon->if_names = lo;
148         }
149     }
150 
151     if (addr->sa.sa_family == AF_INET &&
152         !iface_check(AF_INET, (struct all_addr*) &addr->in.sin_addr, ifr.ifr_name, NULL))
153         return 1;
154 
155     for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
156         if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0)) dhcp_ok = 0;
157 
158 #ifdef HAVE_IPV6
159     int ifindex = (int) addr->in6.sin6_scope_id;
160     if (addr->sa.sa_family == AF_INET6 &&
161         !iface_check(AF_INET6, (struct all_addr*) &addr->in6.sin6_addr, ifr.ifr_name, &ifindex))
162         return 1;
163 #endif
164 
165     /* add to list */
166     if ((iface = whine_malloc(sizeof(struct irec)))) {
167         iface->addr = *addr;
168         iface->netmask = netmask;
169         iface->dhcp_ok = dhcp_ok;
170         iface->mtu = mtu;
171         iface->next = *irecp;
172         *irecp = iface;
173         return 1;
174     }
175 
176     errno = ENOMEM;
177     return 0;
178 }
179 
180 #ifdef HAVE_IPV6
iface_allowed_v6(struct in6_addr * local,int scope,int if_index,void * vparam)181 static int iface_allowed_v6(struct in6_addr* local, int scope, int if_index, void* vparam) {
182     union mysockaddr addr;
183     struct in_addr netmask; /* dummy */
184 
185     netmask.s_addr = 0;
186 
187     memset(&addr, 0, sizeof(addr));
188     addr.in6.sin6_family = AF_INET6;
189     addr.in6.sin6_addr = *local;
190     addr.in6.sin6_port = htons(daemon->port);
191     /**
192      * Only populate the scope ID if the address is link-local.
193      * Scope IDs are not meaningful for global addresses. Also, we do not want to
194      * think that two addresses are different if they differ only in scope ID,
195      * because the kernel will treat them as if they are the same.
196      */
197     if (IN6_IS_ADDR_LINKLOCAL(local)) {
198         addr.in6.sin6_scope_id = scope;
199     }
200 
201     return iface_allowed((struct irec**) vparam, if_index, &addr, netmask);
202 }
203 #endif
204 
iface_allowed_v4(struct in_addr local,int if_index,struct in_addr netmask,struct in_addr broadcast,void * vparam)205 static int iface_allowed_v4(struct in_addr local, int if_index, struct in_addr netmask,
206                             struct in_addr broadcast, void* vparam) {
207     union mysockaddr addr;
208 
209     memset(&addr, 0, sizeof(addr));
210     addr.in.sin_family = AF_INET;
211     addr.in.sin_addr = broadcast; /* warning */
212     addr.in.sin_addr = local;
213     addr.in.sin_port = htons(daemon->port);
214 
215     return iface_allowed((struct irec**) vparam, if_index, &addr, netmask);
216 }
217 
enumerate_interfaces(void)218 int enumerate_interfaces(void) {
219 #ifdef HAVE_IPV6
220     return iface_enumerate(&daemon->interfaces, iface_allowed_v4, iface_allowed_v6);
221 #else
222     return iface_enumerate(&daemon->interfaces, iface_allowed_v4, NULL);
223 #endif
224 }
225 
226 /* set NONBLOCK bit on fd: See Stevens 16.6 */
fix_fd(int fd)227 int fix_fd(int fd) {
228     int flags;
229 
230     if ((flags = fcntl(fd, F_GETFL)) == -1 || fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
231         return 0;
232 
233     return 1;
234 }
235 
236 #if defined(HAVE_IPV6)
create_ipv6_listener(struct listener ** link,int port)237 static int create_ipv6_listener(struct listener** link, int port) {
238     union mysockaddr addr;
239     int tcpfd, fd;
240     struct listener* l;
241     int opt = 1;
242 
243     memset(&addr, 0, sizeof(addr));
244     addr.in6.sin6_family = AF_INET6;
245     addr.in6.sin6_addr = in6addr_any;
246     addr.in6.sin6_port = htons(port);
247 
248     /* No error of the kernel doesn't support IPv6 */
249     if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) == -1)
250         return (errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT || errno == EINVAL);
251 
252     if ((tcpfd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) return 0;
253 
254     if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
255         setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
256         setsockopt(fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 ||
257         setsockopt(tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 || !fix_fd(fd) ||
258         !fix_fd(tcpfd) ||
259 #ifdef IPV6_RECVPKTINFO
260         setsockopt(fd, IPV6_LEVEL, IPV6_RECVPKTINFO, &opt, sizeof(opt)) == -1 ||
261 #else
262         setsockopt(fd, IPV6_LEVEL, IPV6_PKTINFO, &opt, sizeof(opt)) == -1 ||
263 #endif
264         bind(tcpfd, (struct sockaddr*) &addr, sa_len(&addr)) == -1 || listen(tcpfd, 5) == -1 ||
265         bind(fd, (struct sockaddr*) &addr, sa_len(&addr)) == -1)
266         return 0;
267 
268     l = safe_malloc(sizeof(struct listener));
269     l->fd = fd;
270     l->tcpfd = tcpfd;
271     l->family = AF_INET6;
272     l->iface = NULL;
273     l->next = NULL;
274     *link = l;
275 
276     return 1;
277 }
278 #endif
279 
create_wildcard_listeners(void)280 struct listener* create_wildcard_listeners(void) {
281     union mysockaddr addr;
282     int opt = 1;
283     struct listener *l, *l6 = NULL;
284     int tcpfd = -1, fd = -1;
285 
286     memset(&addr, 0, sizeof(addr));
287     addr.in.sin_family = AF_INET;
288     addr.in.sin_addr.s_addr = INADDR_ANY;
289     addr.in.sin_port = htons(daemon->port);
290 
291     if (daemon->port != 0) {
292         if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1 ||
293             (tcpfd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
294             return NULL;
295 
296         if (setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
297             bind(tcpfd, (struct sockaddr*) &addr, sa_len(&addr)) == -1 || listen(tcpfd, 5) == -1 ||
298             !fix_fd(tcpfd) ||
299 #ifdef HAVE_IPV6
300             !create_ipv6_listener(&l6, daemon->port) ||
301 #endif
302             setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd) ||
303 #if defined(HAVE_LINUX_NETWORK)
304             setsockopt(fd, SOL_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1 ||
305 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
306             setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 ||
307             setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1 ||
308 #endif
309             bind(fd, (struct sockaddr*) &addr, sa_len(&addr)) == -1)
310             return NULL;
311 
312 #ifdef __ANDROID__
313         uint32_t mark = daemon->listen_mark;
314         if (mark != 0 && (setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1 ||
315                           setsockopt(tcpfd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1 ||
316                           setsockopt(l6->fd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1 ||
317                           setsockopt(l6->tcpfd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1)) {
318             my_syslog(LOG_WARNING, _("setsockopt(SO_MARK, 0x%x: %s"), mark, strerror(errno));
319             close(fd);
320             close(tcpfd);
321             close(l6->fd);
322             close(l6->tcpfd);
323             return NULL;
324         }
325     }
326 #endif /* __ANDROID__ */
327 
328     l = safe_malloc(sizeof(struct listener));
329     l->family = AF_INET;
330     l->fd = fd;
331     l->tcpfd = tcpfd;
332     l->iface = NULL;
333     l->next = l6;
334 
335     return l;
336 }
337 
338 #ifdef __ANDROID__
339 /**
340  * for a single given irec (interface name and address) create
341  * a set of sockets listening.  This is a copy of the code inside the loop
342  * of create_bound_listeners below and is added here to allow us
343  * to create just a single new listener dynamically when our interface
344  * list is changed.
345  *
346  * iface - input of the new interface details to listen on
347  * listeners - output.  Creates a new struct listener and inserts at head of the list
348  *
349  * die's on errors, so don't pass bad data.
350  */
create_bound_listener(struct listener ** listeners,struct irec * iface)351 void create_bound_listener(struct listener** listeners, struct irec* iface) {
352     int rc, opt = 1;
353 #ifdef HAVE_IPV6
354     static int dad_count = 0;
355 #endif
356 
357     struct listener* new = safe_malloc(sizeof(struct listener));
358     new->family = iface->addr.sa.sa_family;
359     new->iface = iface;
360     new->next = *listeners;
361     new->tcpfd = -1;
362     new->fd = -1;
363     *listeners = new;
364 
365     if (daemon->port != 0) {
366         if ((new->tcpfd = socket(iface->addr.sa.sa_family, SOCK_STREAM, 0)) == -1 ||
367             (new->fd = socket(iface->addr.sa.sa_family, SOCK_DGRAM, 0)) == -1 ||
368             setsockopt(new->fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
369             setsockopt(new->tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
370             !fix_fd(new->tcpfd) || !fix_fd(new->fd))
371             die(_("failed to create listening socket: %s"), NULL, EC_BADNET);
372 
373 #ifdef HAVE_IPV6
374         if (iface->addr.sa.sa_family == AF_INET6) {
375             if (setsockopt(new->fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 ||
376                 setsockopt(new->tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
377                 die(_("failed to set IPV6 options on listening socket: %s"), NULL, EC_BADNET);
378         }
379 #endif
380 
381         while (1) {
382             if ((rc = bind(new->fd, &iface->addr.sa, sa_len(&iface->addr))) != -1) break;
383 
384 #ifdef HAVE_IPV6
385             /* An interface may have an IPv6 address which is still undergoing DAD.
386                If so, the bind will fail until the DAD completes, so we try over 20 seconds
387                before failing. */
388             /* TODO: What to do here? 20 seconds is way too long. We use optimistic addresses, so
389                bind() will only fail if the address has already failed DAD, in which case retrying
390                won't help. */
391             if (iface->addr.sa.sa_family == AF_INET6 &&
392                 (errno == ENODEV || errno == EADDRNOTAVAIL) && dad_count++ < DAD_WAIT) {
393                 sleep(1);
394                 continue;
395             }
396 #endif
397             break;
398         }
399 
400         if (rc == -1 || bind(new->tcpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1) {
401             prettyprint_addr(&iface->addr, daemon->namebuff);
402             die(_("failed to bind listening socket for %s: %s"), daemon->namebuff, EC_BADNET);
403         }
404 
405         uint32_t mark = daemon->listen_mark;
406         if (mark != 0 && (setsockopt(new->fd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1 ||
407                           setsockopt(new->tcpfd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1))
408             die(_("failed to set SO_MARK on listen socket: %s"), NULL, EC_BADNET);
409 
410         if (listen(new->tcpfd, 5) == -1) die(_("failed to listen on socket: %s"), NULL, EC_BADNET);
411     }
412 }
413 
414 /**
415  * If a listener has a struct irec pointer whose address matches the newly
416  * malloc()d struct irec's address, update its pointer to refer to this new
417  * struct irec instance.
418  *
419  * Otherwise, any listeners that are preserved across interface list changes
420  * will point at interface structures that are free()d at the end of
421  * set_interfaces(), and can get overwritten by subsequent memory allocations.
422  *
423  * See b/17475756 for further discussion.
424  */
fixup_possible_existing_listener(struct irec * new_iface)425 void fixup_possible_existing_listener(struct irec* new_iface) {
426     /* find the listener, if present */
427     struct listener* l;
428     for (l = daemon->listeners; l; l = l->next) {
429         struct irec* listener_iface = l->iface;
430         if (listener_iface) {
431             if (sockaddr_isequal(&listener_iface->addr, &new_iface->addr)) {
432                 l->iface = new_iface;
433                 return;
434             }
435         }
436     }
437 }
438 
439 /**
440  * Closes the sockets of the specified listener, deletes it from the list, and frees it.
441  *
442  */
delete_listener(struct listener ** l)443 int delete_listener(struct listener** l) {
444     struct listener* listener = *l;
445     if (listener == NULL) return 0;
446 
447     if (listener->iface) {
448         int port = prettyprint_addr(&listener->iface->addr, daemon->namebuff);
449         my_syslog(LOG_INFO, _("Closing listener [%s]:%d"), daemon->namebuff, port);
450     } else {
451         my_syslog(LOG_INFO, _("Closing wildcard listener family=%d"), listener->family);
452     }
453 
454     if (listener->tcpfd != -1) {
455         close(listener->tcpfd);
456         listener->tcpfd = -1;
457     }
458     if (listener->fd != -1) {
459         close(listener->fd);
460         listener->fd = -1;
461     }
462     *l = listener->next;
463     free(listener);
464     return -1;
465 }
466 
467 /**
468  * Close the sockets listening on the given interface
469  *
470  * This new function is needed as we're dynamically changing the interfaces
471  * we listen on.  Before they'd be opened once in create_bound_listeners and stay
472  * until we exited.  Now, if an interface moves off the to-listen list we need to
473  * close out the listeners and keep trucking.
474  *
475  * interface - input of the interface details to listen on
476  */
close_bound_listener(struct irec * iface)477 int close_bound_listener(struct irec* iface) {
478     /* find the listener */
479     int ret = 0;
480     struct listener** l = &daemon->listeners;
481     while (*l) {
482         struct irec* listener_iface = (*l)->iface;
483         struct listener** next = &((*l)->next);
484         if (iface && listener_iface && sockaddr_isequal(&listener_iface->addr, &iface->addr)) {
485             // Listener bound to an IP address. There can be only one of these.
486             ret = delete_listener(l);
487             break;
488         }
489         if (iface == NULL && listener_iface == NULL) {
490             // Wildcard listener. There is one of these per address family.
491             ret = delete_listener(l);
492             continue;
493         }
494         l = next;
495     }
496     return ret;
497 }
498 #endif /* __ANDROID__ */
499 
create_bound_listeners(void)500 struct listener* create_bound_listeners(void) {
501     struct listener* listeners = NULL;
502     struct irec* iface;
503 #ifndef __ANDROID__
504     int rc, opt = 1;
505 #ifdef HAVE_IPV6
506     static int dad_count = 0;
507 #endif
508 #endif
509 
510     for (iface = daemon->interfaces; iface; iface = iface->next) {
511 #ifdef __ANDROID__
512         create_bound_listener(&listeners, iface);
513 #else
514             struct listener* new = safe_malloc(sizeof(struct listener));
515             new->family = iface->addr.sa.sa_family;
516             new->iface = iface;
517             new->next = listeners;
518             new->tcpfd = -1;
519             new->fd = -1;
520             listeners = new;
521 
522             if (daemon->port != 0) {
523                 if ((new->tcpfd = socket(iface->addr.sa.sa_family, SOCK_STREAM, 0)) == -1 ||
524                     (new->fd = socket(iface->addr.sa.sa_family, SOCK_DGRAM, 0)) == -1 ||
525                     setsockopt(new->fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
526                     setsockopt(new->tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
527                     !fix_fd(new->tcpfd) || !fix_fd(new->fd))
528                     die(_("failed to create listening socket: %s"), NULL, EC_BADNET);
529 
530 #ifdef HAVE_IPV6
531                 if (iface->addr.sa.sa_family == AF_INET6) {
532                     if (setsockopt(new->fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 ||
533                         setsockopt(new->tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
534                         die(_("failed to set IPV6 options on listening socket: %s"), NULL,
535                             EC_BADNET);
536                 }
537 #endif
538 
539                 while (1) {
540                     if ((rc = bind(new->fd, &iface->addr.sa, sa_len(&iface->addr))) != -1) break;
541 
542 #ifdef HAVE_IPV6
543                     /* An interface may have an IPv6 address which is still undergoing DAD.
544                    If so, the bind will fail until the DAD completes, so we try over 20 seconds
545                    before failing. */
546                     if (iface->addr.sa.sa_family == AF_INET6 &&
547                         (errno == ENODEV || errno == EADDRNOTAVAIL) && dad_count++ < DAD_WAIT) {
548                         sleep(1);
549                         continue;
550                     }
551 #endif
552                     break;
553                 }
554 
555                 if (rc == -1 || bind(new->tcpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1) {
556                     prettyprint_addr(&iface->addr, daemon->namebuff);
557                     die(_("failed to bind listening socket for %s: %s"), daemon->namebuff,
558                         EC_BADNET);
559                 }
560 
561                 if (listen(new->tcpfd, 5) == -1)
562                     die(_("failed to listen on socket: %s"), NULL, EC_BADNET);
563             }
564 #endif /* !__ANDROID */
565     }
566 
567     return listeners;
568 }
569 
570 /* return a UDP socket bound to a random port, have to cope with straying into
571    occupied port nos and reserved ones. */
random_sock(int family)572 int random_sock(int family) {
573     int fd;
574 
575     if ((fd = socket(family, SOCK_DGRAM, 0)) != -1) {
576         union mysockaddr addr;
577         unsigned int ports_avail = 65536u - (unsigned short) daemon->min_port;
578         int tries = ports_avail < 30 ? 3 * ports_avail : 100;
579 
580         memset(&addr, 0, sizeof(addr));
581         addr.sa.sa_family = family;
582 
583         /* don't loop forever if all ports in use. */
584 
585         if (fix_fd(fd))
586             while (tries--) {
587                 unsigned short port = rand16();
588 
589                 if (daemon->min_port != 0)
590                     port = htons(daemon->min_port + (port % ((unsigned short) ports_avail)));
591 
592                 if (family == AF_INET) {
593                     addr.in.sin_addr.s_addr = INADDR_ANY;
594                     addr.in.sin_port = port;
595                 } else {
596                     addr.in6.sin6_addr = in6addr_any;
597                     addr.in6.sin6_port = port;
598                 }
599 
600                 if (bind(fd, (struct sockaddr*) &addr, sa_len(&addr)) == 0) return fd;
601 
602                 if (errno != EADDRINUSE && errno != EACCES) break;
603             }
604 
605         close(fd);
606     }
607 
608     return -1;
609 }
610 
local_bind(int fd,union mysockaddr * addr,char * intname,uint32_t mark,int is_tcp)611 int local_bind(int fd, union mysockaddr* addr, char* intname, uint32_t mark, int is_tcp) {
612     union mysockaddr addr_copy = *addr;
613 
614     /* cannot set source _port_ for TCP connections. */
615     if (is_tcp) {
616         if (addr_copy.sa.sa_family == AF_INET) addr_copy.in.sin_port = 0;
617 #ifdef HAVE_IPV6
618         else
619             addr_copy.in6.sin6_port = 0;
620 #endif
621     }
622 
623     if (bind(fd, (struct sockaddr*) &addr_copy, sa_len(&addr_copy)) == -1) return 0;
624 
625 #if defined(SO_BINDTODEVICE)
626     if (intname[0] != 0 &&
627         setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, strlen(intname)) == -1)
628         return 0;
629 #endif
630 
631     if (mark != 0 && setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) == -1) return 0;
632 
633     return 1;
634 }
635 
allocate_sfd(union mysockaddr * addr,char * intname,uint32_t mark)636 static struct serverfd* allocate_sfd(union mysockaddr* addr, char* intname, uint32_t mark) {
637     struct serverfd* sfd;
638     int errsave;
639 
640     /* when using random ports, servers which would otherwise use
641        the INADDR_ANY/port0 socket have sfd set to NULL */
642     if (!daemon->osport && intname[0] == 0) {
643         errno = 0;
644 
645         if (addr->sa.sa_family == AF_INET && addr->in.sin_addr.s_addr == INADDR_ANY &&
646             addr->in.sin_port == htons(0))
647             return NULL;
648 
649 #ifdef HAVE_IPV6
650         if (addr->sa.sa_family == AF_INET6 &&
651             memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 &&
652             addr->in6.sin6_port == htons(0))
653             return NULL;
654 #endif
655     }
656 
657     /* may have a suitable one already */
658     for (sfd = daemon->sfds; sfd; sfd = sfd->next)
659         if (sockaddr_isequal(&sfd->source_addr, addr) && mark == sfd->mark &&
660             strcmp(intname, sfd->interface) == 0)
661             return sfd;
662 
663     /* need to make a new one. */
664     errno = ENOMEM; /* in case malloc fails. */
665     if (!(sfd = whine_malloc(sizeof(struct serverfd)))) return NULL;
666 
667     if ((sfd->fd = socket(addr->sa.sa_family, SOCK_DGRAM, 0)) == -1) {
668         free(sfd);
669         return NULL;
670     }
671 
672     if (!local_bind(sfd->fd, addr, intname, mark, 0) || !fix_fd(sfd->fd)) {
673         errsave = errno; /* save error from bind. */
674         close(sfd->fd);
675         free(sfd);
676         errno = errsave;
677         return NULL;
678     }
679 
680     strcpy(sfd->interface, intname);
681     sfd->source_addr = *addr;
682     sfd->mark = mark;
683     sfd->next = daemon->sfds;
684     daemon->sfds = sfd;
685     return sfd;
686 }
687 
688 /* create upstream sockets during startup, before root is dropped which may be needed
689    this allows query_port to be a low port and interface binding */
pre_allocate_sfds(void)690 void pre_allocate_sfds(void) {
691     struct server* srv;
692 
693     if (daemon->query_port != 0) {
694         union mysockaddr addr;
695         memset(&addr, 0, sizeof(addr));
696         addr.in.sin_family = AF_INET;
697         addr.in.sin_addr.s_addr = INADDR_ANY;
698         addr.in.sin_port = htons(daemon->query_port);
699         allocate_sfd(&addr, "", 0);
700 #ifdef HAVE_IPV6
701         memset(&addr, 0, sizeof(addr));
702         addr.in6.sin6_family = AF_INET6;
703         addr.in6.sin6_addr = in6addr_any;
704         addr.in6.sin6_port = htons(daemon->query_port);
705         allocate_sfd(&addr, "", 0);
706 #endif
707     }
708 
709     for (srv = daemon->servers; srv; srv = srv->next)
710         if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) &&
711             !allocate_sfd(&srv->source_addr, srv->interface, srv->mark) && errno != 0 &&
712             (daemon->options & OPT_NOWILD)) {
713             prettyprint_addr(&srv->addr, daemon->namebuff);
714             if (srv->interface[0] != 0) {
715                 strcat(daemon->namebuff, " ");
716                 strcat(daemon->namebuff, srv->interface);
717             }
718             die(_("failed to bind server socket for %s: %s"), daemon->namebuff, EC_BADNET);
719         }
720 }
721 
check_servers(void)722 void check_servers(void) {
723     struct irec* iface;
724     struct server* new, *tmp, *ret = NULL;
725     int port = 0;
726 
727     for (new = daemon->servers; new; new = tmp) {
728         tmp = new->next;
729 
730         if (!(new->flags&(SERV_LITERAL_ADDRESS | SERV_NO_ADDR))) {
731             port = prettyprint_addr(&new->addr, daemon->namebuff);
732 
733             /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
734             if (new->addr.sa.sa_family == AF_INET && new->addr.in.sin_addr.s_addr == 0) {
735                 free(new);
736                 continue;
737             }
738 
739             for (iface = daemon->interfaces; iface; iface = iface->next)
740                 if (sockaddr_isequal(&new->addr, &iface->addr)) break;
741             if (iface) {
742                 my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"),
743                           daemon->namebuff);
744                 free(new);
745                 continue;
746             }
747 
748             /* Do we need a socket set? */
749             if (!new->sfd &&
750                 !(new->sfd = allocate_sfd(&new->source_addr, new->interface, new->mark)) &&
751                 errno != 0) {
752                 my_syslog(LOG_WARNING, _("ignoring nameserver %s - cannot make/bind socket: %s"),
753                           daemon->namebuff, strerror(errno));
754                 free(new);
755                 continue;
756             }
757         }
758 
759         /* reverse order - gets it right. */
760         new->next = ret;
761         ret = new;
762 
763         if (new->flags&(SERV_HAS_DOMAIN | SERV_FOR_NODOTS)) {
764             char *s1, *s2;
765             if (!(new->flags& SERV_HAS_DOMAIN))
766                 s1 = _("unqualified"), s2 = _("names");
767             else if (strlen(new->domain) == 0)
768                 s1 = _("default"), s2 = "";
769             else
770                 s1 = _("domain"), s2 = new->domain;
771 
772             if (new->flags & SERV_NO_ADDR)
773                 my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
774             else if (!(new->flags& SERV_LITERAL_ADDRESS))
775                 my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port,
776                           s1, s2);
777         } else if (new->interface[0] != 0)
778             my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port,
779                       new->interface);
780         else
781             my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port);
782     }
783 
784     daemon->servers = ret;
785 }
786 
787 #ifdef __ANDROID__
788 /* #define __ANDROID_DEBUG__ 1 */
789 /*
790  * Ingests a new list of interfaces and starts to listen on them, adding only the new
791  * and stopping to listen to any interfaces not on the new list.
792  *
793  * interfaces - input in the format "bt-pan|eth0|wlan0|..>" up to 1024 bytes long
794  */
set_interfaces(const char * interfaces)795 void set_interfaces(const char* interfaces) {
796     struct iname* if_tmp;
797     struct iname* prev_if_names;
798     struct irec *old_iface, *new_iface, *prev_interfaces;
799     char s[1024];
800     char* next = s;
801     char* interface;
802     int was_wild = 0;
803 
804 #ifdef __ANDROID_DEBUG__
805     my_syslog(LOG_DEBUG, _("set_interfaces(%s)"), interfaces);
806 #endif
807     prev_if_names = daemon->if_names;
808     daemon->if_names = NULL;
809 
810     prev_interfaces = daemon->interfaces;
811     daemon->interfaces = NULL;
812 
813     if (strlen(interfaces) > sizeof(s)) {
814         die(_("interface string too long: %s"), NULL, EC_BADNET);
815     }
816     strncpy(s, interfaces, sizeof(s));
817     while ((interface = strsep(&next, SEPARATOR))) {
818         if (!if_nametoindex(interface)) {
819             my_syslog(LOG_ERR, _("interface given in %s: '%s' has no ifindex; ignoring"),
820                       __FUNCTION__, interface);
821             continue;
822         }
823         if_tmp = safe_malloc(sizeof(struct iname));
824         memset(if_tmp, 0, sizeof(struct iname));
825         if ((if_tmp->name = strdup(interface)) == NULL) {
826             die(_("malloc failure in set_interfaces: %s"), NULL, EC_BADNET);
827         }
828         if_tmp->next = daemon->if_names;
829         daemon->if_names = if_tmp;
830     }
831 
832     /*
833      * Enumerate IP addresses (via RTM_GETADDR), adding IP entries to
834      * daemon->interfaces for interface names listed in daemon->if_names.
835      * The sockets are created by the create_bound_listener call below.
836      */
837     if (!enumerate_interfaces()) {
838         die(_("enumerate interfaces error in set_interfaces: %s"), NULL, EC_BADNET);
839     }
840 
841     for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) {
842         if (if_tmp->name && !if_tmp->used) {
843             my_syslog(LOG_ERR, _("unknown interface given %s in set_interfaces()"), if_tmp->name);
844         }
845     }
846 
847     /* success! - setup to free the old */
848     /* check for any that have been removed */
849     for (old_iface = prev_interfaces; old_iface; old_iface = old_iface->next) {
850         int found = 0;
851         for (new_iface = daemon->interfaces; new_iface; new_iface = new_iface->next) {
852             if (sockaddr_isequal(&old_iface->addr, &new_iface->addr)) {
853                 found = 1;
854                 break;
855             }
856         }
857 
858         if (found) {
859             fixup_possible_existing_listener(new_iface);
860         } else {
861 #ifdef __ANDROID_DEBUG__
862             char debug_buff[MAXDNAME];
863             prettyprint_addr(&old_iface->addr, debug_buff);
864             my_syslog(LOG_DEBUG, _("closing listener for %s"), debug_buff);
865 #endif
866 
867             close_bound_listener(old_iface);
868         }
869     }
870 
871     /* remove wildchar listeners */
872     was_wild = close_bound_listener(NULL);
873     if (was_wild) daemon->options |= OPT_NOWILD;
874 
875     /* check for any that have been added */
876     for (new_iface = daemon->interfaces; new_iface; new_iface = new_iface->next) {
877         int found = 0;
878 
879         /* if the previous setup used a wildchar, then add any current interfaces */
880         if (!was_wild) {
881             for (old_iface = prev_interfaces; old_iface; old_iface = old_iface->next) {
882                 if (sockaddr_isequal(&old_iface->addr, &new_iface->addr)) {
883                     found = -1;
884                     break;
885                 }
886             }
887         }
888         if (!found) {
889 #ifdef __ANDROID_DEBUG__
890             char debug_buff[MAXDNAME];
891             prettyprint_addr(&new_iface->addr, debug_buff);
892             my_syslog(LOG_DEBUG, _("adding listener for %s"), debug_buff);
893 #endif
894             create_bound_listener(&(daemon->listeners), new_iface);
895         }
896     }
897 
898     while (prev_if_names) {
899         if (prev_if_names->name) free(prev_if_names->name);
900         if_tmp = prev_if_names->next;
901         free(prev_if_names);
902         prev_if_names = if_tmp;
903     }
904     while (prev_interfaces) {
905         struct irec* tmp_irec = prev_interfaces->next;
906         free(prev_interfaces);
907         prev_interfaces = tmp_irec;
908     }
909 #ifdef __ANDROID_DEBUG__
910     my_syslog(LOG_DEBUG, _("done with setInterfaces"));
911 #endif
912 }
913 
914 /*
915  * Takes a string in the format "0x100b|1.2.3.4|1.2.3.4|..." - up to 1024 bytes in length
916  *  - The first element is the socket mark to set on sockets that forward DNS queries.
917  *  - The subsequent elements are the DNS servers to forward queries to.
918  */
set_servers(const char * servers)919 int set_servers(const char* servers) {
920     char s[1024];
921     struct server* old_servers = NULL;
922     struct server* new_servers = NULL;
923     struct server* serv;
924     char* mark_string;
925     uint32_t mark;
926 
927     strncpy(s, servers, sizeof(s));
928 
929     /* move old servers to free list - we can reuse the memory
930        and not risk malloc if there are the same or fewer new servers.
931        Servers which were specced on the command line go to the new list. */
932     for (serv = daemon->servers; serv;) {
933         struct server* tmp = serv->next;
934         if (serv->flags & SERV_FROM_RESOLV) {
935             serv->next = old_servers;
936             old_servers = serv;
937             /* forward table rules reference servers, so have to blow them away */
938             server_gone(serv);
939         } else {
940             serv->next = new_servers;
941             new_servers = serv;
942         }
943         serv = tmp;
944     }
945 
946     char* next = s;
947     char* saddr;
948 
949     /* Parse the mark. */
950     mark_string = strsep(&next, SEPARATOR);
951     mark = strtoul(mark_string, NULL, 0);
952 
953     while ((saddr = strsep(&next, SEPARATOR))) {
954         union mysockaddr addr, source_addr;
955         memset(&addr, 0, sizeof(addr));
956         memset(&source_addr, 0, sizeof(source_addr));
957 
958         if (parse_addr(AF_INET, saddr, &addr) == 0) {
959             addr.in.sin_port = htons(NAMESERVER_PORT);
960             source_addr.in.sin_family = AF_INET;
961             source_addr.in.sin_addr.s_addr = INADDR_ANY;
962             source_addr.in.sin_port = htons(daemon->query_port);
963         }
964 #ifdef HAVE_IPV6
965         else if (parse_addr(AF_INET6, saddr, &addr) == 0) {
966             addr.in6.sin6_port = htons(NAMESERVER_PORT);
967             source_addr.in6.sin6_family = AF_INET6;
968             source_addr.in6.sin6_addr = in6addr_any;
969             source_addr.in6.sin6_port = htons(daemon->query_port);
970         }
971 #endif /* IPV6 */
972         else
973             continue;
974 
975         if (old_servers) {
976             serv = old_servers;
977             old_servers = old_servers->next;
978         } else if (!(serv = whine_malloc(sizeof(struct server))))
979             continue;
980 
981         /* this list is reverse ordered:
982        it gets reversed again in check_servers */
983         serv->next = new_servers;
984         new_servers = serv;
985         serv->addr = addr;
986         serv->source_addr = source_addr;
987         serv->domain = NULL;
988         serv->interface[0] = 0;
989         serv->mark = mark;
990         serv->sfd = NULL;
991         serv->flags = SERV_FROM_RESOLV;
992         serv->queries = serv->failed_queries = 0;
993     }
994 
995     /* Free any memory not used. */
996     while (old_servers) {
997         struct server* tmp = old_servers->next;
998         free(old_servers);
999         old_servers = tmp;
1000     }
1001 
1002     daemon->servers = new_servers;
1003     return 0;
1004 }
1005 #endif
1006 
1007 /* Return zero if no servers found, in that case we keep polling.
1008    This is a protection against an update-time/write race on resolv.conf */
reload_servers(char * fname)1009 int reload_servers(char* fname) {
1010     FILE* f;
1011     char* line;
1012     struct server* old_servers = NULL;
1013     struct server* new_servers = NULL;
1014     struct server* serv;
1015     int gotone = 0;
1016 
1017     /* buff happens to be MAXDNAME long... */
1018     if (!(f = fopen(fname, "r"))) {
1019         my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno));
1020         return 0;
1021     }
1022 
1023     /* move old servers to free list - we can reuse the memory
1024        and not risk malloc if there are the same or fewer new servers.
1025        Servers which were specced on the command line go to the new list. */
1026     for (serv = daemon->servers; serv;) {
1027         struct server* tmp = serv->next;
1028         if (serv->flags & SERV_FROM_RESOLV) {
1029             serv->next = old_servers;
1030             old_servers = serv;
1031             /* forward table rules reference servers, so have to blow them away */
1032             server_gone(serv);
1033         } else {
1034             serv->next = new_servers;
1035             new_servers = serv;
1036         }
1037         serv = tmp;
1038     }
1039 
1040     while ((line = fgets(daemon->namebuff, MAXDNAME, f))) {
1041         union mysockaddr addr, source_addr;
1042         char* token = strtok(line, " \t\n\r");
1043 
1044         if (!token) continue;
1045         if (strcmp(token, "nameserver") != 0 && strcmp(token, "server") != 0) continue;
1046         if (!(token = strtok(NULL, " \t\n\r"))) continue;
1047 
1048         memset(&addr, 0, sizeof(addr));
1049         memset(&source_addr, 0, sizeof(source_addr));
1050 
1051         if (parse_addr(AF_INET, token, &addr) == 0) {
1052             addr.in.sin_port = htons(NAMESERVER_PORT);
1053             source_addr.in.sin_family = AF_INET;
1054             source_addr.in.sin_addr.s_addr = INADDR_ANY;
1055             source_addr.in.sin_port = htons(daemon->query_port);
1056         }
1057 #ifdef HAVE_IPV6
1058         else if (parse_addr(AF_INET6, token, &addr) == 0) {
1059             addr.in6.sin6_port = htons(NAMESERVER_PORT);
1060             source_addr.in6.sin6_family = AF_INET6;
1061             source_addr.in6.sin6_addr = in6addr_any;
1062             source_addr.in6.sin6_port = htons(daemon->query_port);
1063         }
1064 #endif /* IPV6 */
1065         else
1066             continue;
1067 
1068         if (old_servers) {
1069             serv = old_servers;
1070             old_servers = old_servers->next;
1071         } else if (!(serv = whine_malloc(sizeof(struct server))))
1072             continue;
1073 
1074         /* this list is reverse ordered:
1075        it gets reversed again in check_servers */
1076         serv->next = new_servers;
1077         new_servers = serv;
1078         serv->addr = addr;
1079         serv->source_addr = source_addr;
1080         serv->domain = NULL;
1081         serv->interface[0] = 0;
1082         serv->mark = 0;
1083         serv->sfd = NULL;
1084         serv->flags = SERV_FROM_RESOLV;
1085         serv->queries = serv->failed_queries = 0;
1086         gotone = 1;
1087     }
1088 
1089     /* Free any memory not used. */
1090     while (old_servers) {
1091         struct server* tmp = old_servers->next;
1092         free(old_servers);
1093         old_servers = tmp;
1094     }
1095 
1096     daemon->servers = new_servers;
1097     fclose(f);
1098 
1099     return gotone;
1100 }
1101 
1102 /* Use an IPv4 listener socket for ioctling */
get_ifaddr(char * intr)1103 struct in_addr get_ifaddr(char* intr) {
1104     struct listener* l;
1105     struct ifreq ifr;
1106 
1107     for (l = daemon->listeners; l && l->family != AF_INET; l = l->next)
1108         ;
1109 
1110     strncpy(ifr.ifr_name, intr, IF_NAMESIZE);
1111     ifr.ifr_addr.sa_family = AF_INET;
1112 
1113     if (!l || ioctl(l->fd, SIOCGIFADDR, &ifr) == -1)
1114         ((struct sockaddr_in*) &ifr.ifr_addr)->sin_addr.s_addr = -1;
1115 
1116     return ((struct sockaddr_in*) &ifr.ifr_addr)->sin_addr;
1117 }
1118