import of dnsmasq-2.16.tar.gz

import of dnsmasq-2.15.tar.gz
import of dnsmasq-2.14.tar.gz
2012-01-05 17:31:11 +00:00 · 2012-01-05 17:31:11 +00:00 · 2012-01-05 17:31:10 +00:00 · 2012-01-05 17:31:10 +00:00 · 2012-01-05 17:31:10 +00:00 · 2012-01-05 17:31:10 +00:00
22 changed files with 2683 additions and 1576 deletions
--- a/129
+++ b/129
@@ -1123,4 +1123,133 @@ release 2.10
 	    support was added. Thanks to Michael Hamilton for
 	    assistance with this.

+version 2.11
+	    Fixed DHCP problem which could result in two leases in the
+            database with the same address. This looked much more
+            alarming then it was, since it could only happen when a
+            machine changes MAC address but kept the same name. The
+            old lease would persist until it timed out but things
+            would still work OK. 
+
+	    Check that IP addresses in all dhcp-host directives are
+	    unique and die horribly if they are not, since otherwise
+	    endless protocol loops can occur. 
+	    
+	    Use IPV6_RECVPKTINFO as socket option rather than
+	    IPV6_PKTINFO where available. This keeps late-model FreeBSD
+	    happy.
+
+	    Set source interface when replying to IPv6 UDP
+	    queries. This is needed to cope with link-local addresses.
+
+version 2.12
+            Added extra checks to ensure that DHCP created DNS entries 
+	    cannot generate multiple DNS address->name entries. Thanks to 
+	    Stefan Monnier for finding the exact set of configuration
+            options which could create this.
+
+	    Don't set the the filterwin2k option in the example config
+	    file and add warnings that is breaks Kerberos. Thanks to
+	    Simon Josefsson and Timothy Folks for pointing that out.
+	    
+	    Log types of incoming queries as well as source and domain.
+
+	    Log NODATA replies generated as a result of the
+	    filterwin2k option.
+
+version 2.13
+	    Fixed crash with un-named DHCP hosts introduced in 2.12.
+	    Thanks to Nicolo Wojewoda and Gregory Gathy for bug reports.
+
+version 2.14
+	    Fix DHCP network detection for hosts which talk via a
+	    relay. This makes lease renewal for such hosts work
+	    correctly.
+
+	    Support RFC3011 subnet selectors in the DHCP server.
+
+	    Fix DHCP code to generate RFC-compliant responses
+            to hosts in the INIT-REBOOT state.
+
+	    In the DHCP server, set the receive buffer size on 
+	    the transmit-only packet socket to zero, to avoid 
+	    waste of kernel buffers.
+
+	    Fix DHCP address allocation code to use the whole of
+	    the DHCP range, including the start and end addresses.
+	    
+	    Attempt an ICMP "ping" on new addresses before allocating 
+	    them to leases, to avoid allocating addresses which are in use.
+
+	    Handle rfc951 BOOTP as well as DHCP for hosts which have
+	    MAC address to IP address mapping defined.
+
+	    Fix compilation under MacOS X. Thanks to Chris Tomlinson.
+
+	    Fix compilation under NetBSD. Thanks to Felix Deichmann.
+
+	    Added "keep-in-foreground" option. Thanks to Sean
+	    MacLennan for the patch.
+
+version 2.15
+            Fixed NXDOMAIN/NODATA confusion for locally known
+            names. We now return a NODATA reponse for names which are
+            locally known. Now a query for (eg AAAA or MX) for a name
+	    with an IPv4 address in /etc/hosts which fails upstream
+            will generate a NODATA response. Note that the query 
+	    is still tried upstream, but a NXDOMAIN reply gets
+            converted to NODATA. Thanks to Eric de Thouars, Eric
+            Spakman and Mike Mestnik for bug reports/testing.
+
+	    Allow multiple dhcp-ranges within the same network. The
+	    original intention was that there would be a dhcp-range
+	    option for each network served, but there's no real reason
+	    not to allow discontinuous ranges within a network so this
+	    release adds support for that.
+
+	    Check for dhcp-ranges which are inconsistent with their 
+	    netmask, and generate errors or warnings.
+	    
+	    Improve error messages when there are problems with
+	    configuration.
+
+version 2.16
+	    Fixed typo in OpenBSD-only code which stopped compilation
+            under that OS. Chris Weinhaupl gets credit for reporting 
+            this.
+
+	    Added dhcp-authoritative option which restores non-RFC 
+	    compliant but desirable behaviour of pre-2.14 versions and
+            avoids long timeouts while DHCP clients try to renew leases
+            which are unknown to dnsmasq. Thanks to John Mastwijk for 
+	    help with this.	 
+
+	    Added support to the DHCP option code to allow RFC-3397 
+	    domain search DHCP option (119) to be sent.
+
+            Set NONBLOCK on all listening sockets to workaround non-POSIX
+            compliance in Linux 2.4 and 2.6. This fixes rare hangs which
+            occured when corrupted packets were received. Thanks to
+	    Joris van Rantwijk for chasing that down.
+ 
+	    Updated config.h for NetBSD. Thanks to Martin Lambers.
+
+            Do a better job of distinguishing between retransmissions
+	    and new queries when forwarding. This fixes a bug
+	    triggered by the polipo web cache which sends A and AAAA
+	    queries both with the same transaction-ID. Thanks to 
+	    Joachim Berdal Haga and Juliusz Chroboczek for help with this.
+
+	    Rewrote cache code to store CNAMES, rather then chasing
+	    them before storage. This eliminates bad situations when
+	    clients get inconsistent views depending on if data comes
+	    from the cache.
+
+	    Allow for more than one --addn-hosts flag.
+
+	    Clarify logged message when a DHCP lease clashes with an
+	    /etc/hosts entry. Thanks to Mat Swift for the suggestion.
+
+	    Added dynamic-dnsmasq from Peter Willis to the contrib
+	    section.

--- a/36
+++ b/36
@@ -190,7 +190,8 @@ A: By default, none of the DHCP clients send the host-name when asking
   send with the "hostname" keyword in /etc/network/interfaces. (See
   "man interfaces" for details.) That doesn't work for dhclient, were
   you have to add something like "send host-name daisy" to
-   /etc/dhclient.conf
+   /etc/dhclient.conf [Update: the lastest dhcpcd packages _do_ send
+   the hostname by default.

 Q: I'm network booting my machines, and trying to give them static
   DHCP-assigned addresses. The machine gets its correct address
@@ -268,4 +269,37 @@ A: The DNS spec says that the reply to a DNS query must come from the
   (address,port) pair when dnsmasq has bound (wildcard,port), hence
   the ability to explicitly turn off wildcard binding.

+Q: Why doesn't Kerberos work/why can't I get sensible answers to
+   queries for SRV records.

+A: Probably because you have the "filterwin2k" option set. Note that
+   it was on by default in example configuration files included in 
+   versions before 2.12, so you might have it set on without
+   realising.
+
+Q: Can I get email notification when a new version of dnsmasq is
+   released?
+
+A: Yes, new releases of dnsmasq are always announced through
+   freshmeat.net, and they allow you to subcribe to email alerts when
+   new versions of particular projects are released.
+
+Q: What does the dhcp-authoritative option do? 
+
+A: See http://www.isc.org/index.pl?/sw/dhcp/authoritative.php - that's
+   for the ISC daemon, but the same applies to dnsmasq.
+
+Q: Why does my Gentoo box pause for a minute before getting a new
+   lease?
+
+A: Because when a Gentoo box shuts down, it releases its lease with
+   the server but remembers it on the client; this seems to be a 
+   Gentoo-specific patch to dhcpcd. On restart it tries to renew
+   a lease which is long gone, as far as dnsmasq is concerned, and
+   dnsmasq ignores it until is times out and restarts the process.
+   To fix this, set the dhcp-authoritative flag in dnsmasq.
+
+
+
+
+	      
--- a/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl
+++ b/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl
@@ -0,0 +1,249 @@
+#!/usr/bin/perl
+# dynamic-dnsmasq.pl - update dnsmasq's internal dns entries dynamically
+# Copyright (C) 2004  Peter Willis
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# 
+# the purpose of this script is to be able to update dnsmasq's dns
+# records from a remote dynamic dns client.
+# 
+# basic use of this script:
+# dynamic-dnsmasq.pl add testaccount 1234 testaccount.mydomain.com
+# dynamic-dnsmasq.pl listen &
+# 
+# this script tries to emulate DynDNS.org's dynamic dns service, so
+# technically you should be able to use any DynDNS.org client to
+# update the records here. tested and confirmed to work with ddnsu
+# 1.3.1. just point the client's host to the IP of this machine,
+# port 9020, and include the hostname, user and pass, and it should
+# work.
+# 
+# make sure "addn-hosts=/etc/dyndns-hosts" is in your /etc/dnsmasq.conf
+# file and "nopoll" is commented out.
+
+use strict;
+use IO::Socket;
+use MIME::Base64;
+use DB_File;
+use Fcntl;
+
+my $accountdb = "accounts.db";
+my $recordfile = "/etc/dyndns-hosts";
+my $dnsmasqpidfile = "/var/run/dnsmasq.pid"; # if this doesn't exist, will look for process in /proc
+my $listenaddress = "0.0.0.0";
+my $listenport = 9020;
+
+# no editing past this point should be necessary
+
+if ( @ARGV < 1 ) {
+	die "Usage: $0 ADD|DEL|LISTUSERS|WRITEHOSTSFILE|LISTEN\n";
+} elsif ( lc $ARGV[0] eq "add" ) {
+	die "Usage: $0 ADD USER PASS HOSTNAME\n" unless @ARGV == 4;
+	add_acct($ARGV[1], $ARGV[2], $ARGV[3]);
+} elsif ( lc $ARGV[0] eq "del" ) {
+	die "Usage: $0 DEL USER\n" unless @ARGV == 2;
+	print "Are you sure you want to delete user \"$ARGV[1]\"? [N/y] ";
+	my $resp = <STDIN>;
+	chomp $resp;
+	if ( lc substr($resp,0,1) eq "y" ) {
+		del_acct($ARGV[1]);
+	}
+} elsif ( lc $ARGV[0] eq "listusers" or lc $ARGV[0] eq "writehostsfile" ) {
+	my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH;
+	my $fh;
+	if ( lc $ARGV[0] eq "writehostsfile" ) {
+        	open($fh, ">$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n";
+	       	flock($fh, 2);
+	       	seek($fh, 0, 0);
+	       	truncate($fh, 0);
+        }
+	while ( my ($key, $val) = each %h ) {
+		my ($pass, $domain, $ip) = split("\t",$val);
+		if ( lc $ARGV[0] eq "listusers" ) {
+			print "user $key, hostname $domain, ip $ip\n";
+		} else {
+			if ( defined $ip ) {
+				print $fh "$ip\t$domain\n";
+			}
+		}
+	}
+	if ( lc $ARGV[0] eq "writehostsfile" ) {
+		flock($fh, 8);
+		close($fh);
+		dnsmasq_rescan_configs();
+	}
+	undef $X;
+	untie %h;
+} elsif ( lc $ARGV[0] eq "listen" ) {
+	listen_for_updates();
+}
+
+sub listen_for_updates {
+	my $sock = IO::Socket::INET->new(Listen    => 5,
+		LocalAddr => $listenaddress, LocalPort => $listenport,
+		Proto     => 'tcp', ReuseAddr => 1,
+		MultiHomed => 1) || die "Could not open listening socket: $!\n";
+	$SIG{'CHLD'} = 'IGNORE';
+	while ( my $client = $sock->accept() ) {
+		my $p = fork();
+		if ( $p != 0 ) {
+			next;
+		}
+		$SIG{'CHLD'} = 'DEFAULT';
+		my @headers;
+		my %cgi;
+		while ( <$client> ) {
+			s/(\r|\n)//g;
+			last if $_ eq "";
+			push @headers, $_;
+		}
+		foreach my $header (@headers) {
+			if ( $header =~ /^GET \/nic\/update\?([^\s].+) HTTP\/1\.[01]$/ ) {
+				foreach my $element (split('&', $1)) {
+					$cgi{(split '=', $element)[0]} = (split '=', $element)[1];
+				}
+			} elsif ( $header =~ /^Authorization: basic (.+)$/ ) {
+				unless ( defined $cgi{'hostname'} ) {
+					print_http_response($client, undef, "badsys");
+					exit(1);
+				}
+				if ( !exists $cgi{'myip'} ) {
+					$cgi{'myip'} = $client->peerhost();
+				}
+				my ($user,$pass) = split ":", MIME::Base64::decode($1);
+				if ( authorize($user, $pass, $cgi{'hostname'}, $cgi{'myip'}) == 0 ) {
+					print_http_response($client, $cgi{'myip'}, "good");
+					update_dns(\%cgi);
+				} else {
+					print_http_response($client, undef, "badauth");
+					exit(1);
+				}
+				last;
+			}
+		}
+		exit(0);
+	}
+	return(0);
+}
+
+sub add_acct {
+	my ($user, $pass, $hostname) = @_;
+	my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH;
+	$X->put($user, join("\t", ($pass, $hostname)));
+	undef $X;
+	untie %h;
+}
+
+sub del_acct {
+        my ($user, $pass, $hostname) = @_;
+        my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH;
+        $X->del($user);
+        undef $X;
+        untie %h;
+}
+
+
+sub authorize {
+	my $user = shift;
+	my $pass = shift;
+	my $hostname = shift;
+	my $ip = shift;;
+	my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH;
+	my ($spass, $shost) = split("\t", $h{$user});
+	if ( defined $h{$user} and ($spass eq $pass) and ($shost eq $hostname) ) {
+		$X->put($user, join("\t", $spass, $shost, $ip));
+		undef $X;
+		untie %h;
+		return(0);
+	}
+	undef $X;
+	untie %h;
+	return(1);
+}
+
+sub print_http_response {
+	my $sock = shift;
+	my $ip = shift;
+	my $response = shift;
+	print $sock "HTTP/1.0 200 OK\n";
+	my @tmp = split /\s+/, scalar gmtime();
+	print $sock "Date: $tmp[0], $tmp[2] $tmp[1] $tmp[4] $tmp[3] GMT\n";
+	print $sock "Server: Peter's Fake DynDNS.org Server/1.0\n";
+	print $sock "Content-Type: text/plain; charset=ISO-8859-1\n";
+	print $sock "Connection: close\n";
+	print $sock "Transfer-Encoding: chunked\n";
+	print $sock "\n";
+	#print $sock "12\n"; # this was part of the dyndns response but i'm not sure what it is
+	print $sock "$response", defined($ip)? " $ip" : "" . "\n";
+}
+
+sub update_dns {
+	my $hashref = shift;
+	my @records;
+	my $found = 0;
+	# update the addn-hosts file
+	open(FILE, "+<$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n";
+	flock(FILE, 2);
+	while ( <FILE> ) {
+		if ( /^(\d+\.\d+\.\d+\.\d+)\s+$$hashref{'hostname'}\n$/si ) {
+			if ( $1 ne $$hashref{'myip'} ) {
+				push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n";
+				$found = 1;
+			}
+		} else {
+			push @records, $_;
+		}
+	}
+	unless ( $found ) {
+		push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n";
+	}
+	sysseek(FILE, 0, 0);
+	truncate(FILE, 0);
+	syswrite(FILE, join("", @records));
+	flock(FILE, 8);
+	close(FILE);
+	dnsmasq_rescan_configs();
+	return(0);
+}
+
+sub dnsmasq_rescan_configs {
+	# send the HUP signal to dnsmasq
+	if ( -r $dnsmasqpidfile ) {
+		open(PID,"<$dnsmasqpidfile") || die "Could not open PID file \"$dnsmasqpidfile\": $!\n";
+		my $pid = <PID>;
+		close(PID);
+		chomp $pid;
+		if ( kill(0, $pid) ) {
+			kill(1, $pid);
+		} else {
+			goto LOOKFORDNSMASQ;
+		}
+	} else {
+		LOOKFORDNSMASQ:
+		opendir(DIR,"/proc") || die "Couldn't opendir /proc: $!\n";
+		my @dirs = grep(/^\d+$/, readdir(DIR));
+		closedir(DIR);
+		foreach my $process (@dirs) {
+			if ( open(FILE,"</proc/$process/cmdline") ) {
+				my $cmdline = <FILE>;
+				close(FILE);
+				if ( (split(/\0/,$cmdline))[0] =~ /dnsmasq/ ) {
+					kill(1, $process);
+				}
+			}
+		}
+	}
+	return(0);
+}
--- a/dnsmasq-rh.spec
+++ b/dnsmasq-rh.spec
@@ -5,7 +5,7 @@
 ###############################################################################

 Name: dnsmasq
-Version: 2.10
+Version: 2.16
 Release: 1
 Copyright: GPL
 Group: System Environment/Daemons
--- a/dnsmasq-suse.spec
+++ b/dnsmasq-suse.spec
@@ -5,7 +5,7 @@
 ###############################################################################

 Name: dnsmasq
-Version: 2.10
+Version: 2.16
 Release: 1
 Copyright: GPL
 Group: Productivity/Networking/DNS/Servers
@@ -103,6 +103,7 @@ rm -rf $RPM_BUILD_ROOT
 %files
 %defattr(-,root,root)
 %doc CHANGELOG COPYING FAQ doc.html setup.html UPGRADING_to_2.0 rpm/README.susefirewall
+%doc contrib
 %config /etc/init.d/dnsmasq
 %config /etc/dnsmasq.conf
 /usr/sbin/rcdnsmasq
--- a/dnsmasq.8
+++ b/dnsmasq.8
@@ -15,12 +15,13 @@ contents of /etc/hosts so that local hostnames
 which do not appear in the global DNS can be resolved and also answers
 DNS queries for DHCP configured hosts.
 .PP
-.BR dnsmasq 
-supports IPv6.
+The dnsmasq DHCP server supports static address assignments, multiple
+networks, DHCP-relay and RFC3011 subnet specifiers. It automatically
+sends a sensible default set of DHCP options, and can be configured to
+send any desired set of DHCP options. It also supports BOOTP.
 .PP
-.BR dnsmasq
-is lightweight and easy to configure. It is intended as be run on
-small router/firewalls and  provide a DNS (and optionally, DHCP) service to a LAN.
+Dnsmasq 
+supports IPv6.
 .SH OPTIONS
 Note that in general missing parameters are allowed and switch off
 functions, for instance "--pid-file=" disables writing a PID file. On
@@ -33,8 +34,8 @@ Don't read the hostnames in /etc/hosts.
 .TP
 .B \-H, --addn-hosts=<file>
 Additional hosts file. Read the specified file as well as /etc/hosts. If -h is given, read
-only the specified file. At most one additional hosts file may be
-given.
+only the specified file. This option may be repeated for more than one
+additional hosts file.
 .TP
 .B \-T, --local-ttl=<time>
 When replying with information from /etc/hosts or the DHCP leases
@@ -45,10 +46,15 @@ time-to-live (in seconds) to be given for these replies. This will
 reduce the load on the server at the expense of clients using stale
 data under some circumstances.
 .TP
+.B \-k, --keep-in-foreground
+Do not go into the background at startup but otherwise run as
+normal. This is intended for use when dnsmasq is run under daemontools.
+.TP
 .B \-d, --no-daemon
 Debug mode: don't fork to the background, don't write a pid file,
 don't change user id, generate a complete cache dump on receipt on
-SIGUSR1, log to stderr as well as syslog.
+SIGUSR1, log to stderr as well as syslog, don't fork new processes
+to handle TCP queries.
 .TP
 .B \-q, --log-queries
 Log the results of DNS queries handled by dnsmasq. Enable a full cache dump on receipt of SIGUSR1.
@@ -417,6 +423,12 @@ default is 150. This limit is to prevent DoS attacks from hosts which
 create thousands of leases and use lots of memory in the dnsmasq
 process.
 .TP
+.B \-K, --dhcp-authoritative
+Should be set when dnsmasq is definatively the only DHCP server on a network.
+It changes the behaviour from strict RFC compliance so that DHCP requests on
+unknown leases from unknown hosts are not ignored. This allows new hosts
+to get a lease without a tedious timeout under all circumstances.
+.TP
 .B \-l, --dhcp-leasefile=<path>
 Use the specified file to store DHCP lease information. If this option
 is given but no dhcp-range option is given then dnsmasq version 1
@@ -441,8 +453,12 @@ in /etc/resolv.conf (or equivalent).
 Add the domain-suffix to simple names (without a period) in /etc/hosts
 in the same way as for DHCP-derived names.
 .SH CONFIG FILE
-At startup, dnsmasq reads /etc/dnsmasq.conf, if it exists. (On
-FreeBSD and OpenBSD, the file is /usr/local/etc/dnsmasq.conf) The format of this
+At startup, dnsmasq reads
+.I /etc/dnsmasq.conf,
+if it exists. (On
+FreeBSD, the file is 
+.I /usr/local/etc/dnsmasq.conf
+) The format of this
 file consists of one option per line, exactly as the long options detailed 
 in the OPTIONS section but without the leading "--". Lines starting with # are comments and ignored. For
 options which may only be specified once, the configuration file overrides 
@@ -453,10 +469,14 @@ level of nesting is allowed.
 .SH NOTES
 When it receives a SIGHUP, 
 .B dnsmasq 
-clears its cache and then re-loads /etc/hosts. If 
+clears its cache and then re-loads 
+.I /etc/hosts.
+If 
 .B
 --no-poll
-is set SIGHUP also re-reads /etc/resolv.conf. SIGHUP
+is set SIGHUP also re-reads
+.I /etc/resolv.conf.
+SIGHUP
 does NOT re-read the configuration file.
 .PP
 When it receives a SIGUSR1,
@@ -472,25 +492,34 @@ Dnsmasq is a DNS query forwarder: it it not capable of recursively
 answering arbitrary queries starting from the root servers but
 forwards such queries to a fully recursive upstream DNS server which is
 typically provided by an ISP. By default, dnsmasq reads
-/etc/resolv.conf to discover the IP
+.I /etc/resolv.conf
+to discover the IP
 addresses of the upstream nameservers it should use, since the
 information is typically stored there. Unless
 .B --no-poll
 is used,
 .B dnsmasq
-checks the modification time of /etc/resolv.conf (or 
-equivalent if 
+checks the modification time of
+.I /etc/resolv.conf
+(or equivalent if 
 .B \--resolv-file 
 is used) and re-reads it if it changes. This allows the DNS servers to
 be set dynamically by PPP or DHCP since both protocols provide the
 information.
-Absence of /etc/resolv.conf is not an error
+Absence of
+.I /etc/resolv.conf
+is not an error
 since it may not have been created before a PPP connection exists. Dnsmasq 
-simply keeps checking in case /etc/resolv.conf is created at any
+simply keeps checking in case
+.I /etc/resolv.conf 
+is created at any
 time. Dnsmasq can be told to parse more than one resolv.conf
 file. This is useful on a laptop, where both PPP and DHCP may be used:
-dnsmasq can be set to poll both /etc/ppp/resolv.conf and
-/etc/dhcpc/resolv.conf and will use the contents of whichever changed
+dnsmasq can be set to poll both 
+.I /etc/ppp/resolv.conf 
+and
+.I /etc/dhcpc/resolv.conf 
+and will use the contents of whichever changed
 last, giving automatic switching between DNS servers.
 .PP
 Upstream servers may also be specified on the command line or in
@@ -510,6 +539,22 @@ and run dnsmasq with the
 .B \-r /etc/resolv.dnsmasq
 option. This second technique allows for dynamic update of the server
 addresses by PPP or DHCP.
+.PP
+The DHCP server in dnsmasq will function as a BOOTP server also,
+provided that the MAC address and IP address for clients are given,
+either using 
+.B dhcp-host 
+configurations or in
+.I /etc/ethers
+, and a
+.B dhcp-range 
+configuration option is present to activate the DHCP server
+on a particular network. The filename
+parameter in a BOOTP request is matched against netids in
+.B  dhcp-option 
+configurations, allowing some control over the options returned to
+different classes of hosts.
+
 .SH FILES
 .IR /etc/dnsmasq.conf 

@@ -519,6 +564,8 @@ addresses by PPP or DHCP.

 .IR /etc/hosts

+.IR /etc/ethers
+
 .IR /var/lib/misc/dnsmasq.leases 

 .IR /var/db/dnsmasq.leases
--- a/dnsmasq.conf.example
+++ b/dnsmasq.conf.example
@@ -12,7 +12,7 @@
 #selfmx
 #localmx

-# The following three options make you a better netizen, since they 
+# The following two options make you a better netizen, since they 
 # tell dnsmasq to filter out queries which the public DNS cannot
 # answer, and which load the servers (especially the root servers) 
 # uneccessarily. If you have a dial-on-demand link they also stop
@@ -20,13 +20,16 @@

 # Never forward plain names (with a dot or domain part)
 domain-needed
-# Reply to reverse queries for addresses in the non-routed address
-# space with the dotted.quad address
+# Never forward addresses in the non-routed address spaces.
 bogus-priv
-# Filter useless windows-originated DNS requests
-filterwin2k


+# Uncomment this to filter useless windows-originated DNS requests
+# which can trigger dial-on-demand links needlessly.
+# Note that (amongst other things) this blocks all SRV requests, 
+# so don't use it if you use eg Kerberos.
+#filterwin2k
+
 # Change this line if you want dns to get its upstream servers from
 # somewhere other that /etc/resolv.conf 
 #resolv-file=
@@ -234,7 +237,10 @@ filterwin2k
 #dhcp-option=45,0.0.0.0     # netbios datagram distribution server
 #dhcp-option=46,8           # netbios node type
 #dhcp-option=47             # empty netbios scope.
- 
+
+# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
+# probably doesn't support this......
+#dhcp-option=119,eng.apple.com,marketing.apple.com 

 # Set the boot filename and tftpd server name and address
 # for BOOTP. You will only need this is you want to
@@ -249,6 +255,16 @@ filterwin2k
 # the line below.
 #dhcp-leasefile=/var/lib/misc/dnsmasq.leases

+# Set the DHCP server to authoritative mode. In this mode it will barge in 
+# and take over the lease for any client which broadcasts on the network, 
+# whether it has a record of the lease or not. This avoids long timeouts
+# when a machine wakes up on a new network. DO NOT enable this if there's 
+# the slighest chance that you might end up accidentally configuring a DHCP
+# server for your campus/company accidentally. The ISC server uses the same
+# the same option, and this URL provides more information:
+# http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
+#dhcp-authoritative
+
 # Set the cachesize here.
 #cache-size=150

--- a/doc.html
+++ b/doc.html
@@ -112,7 +112,9 @@ bzip2 dnsmasq-zzz.tar
 </PRE>

 <H2>Links.</H2>
-Ulrich Ivens has a nice HOWTO in German on installing dnsmasq at <A HREF="http://howto.linux-hardware-shop.de/dnsmasq.html">http://howto.linux-hardware-shop.de/dnsmasq.html</A>
+Ulrich Ivens has a nice HOWTO in German on installing dnsmasq at <A
+HREF="http://howto.linux-hardware-shop.de/dnsmasq.html">http://howto.linux-hardware-shop.de/dnsmasq.html</A>
+and Damien Raude-Morvan has one in French at <A HREF="http://www.drazzib.com/docs-dnsmasq.html">http://www.drazzib.com/docs-dnsmasq.html</A>

 <H2>License.</H2>
 Dnsmasq is distributed under the GPL. See the file COPYING in the distribution 
--- a/rpm/dnsmasq-SuSE.patch
+++ b/rpm/dnsmasq-SuSE.patch
@@ -1,6 +1,6 @@
--- dnsmasq.8	2004-06-21 21:55:47.000000000 +0200
-+++ dnsmasq.8	2004-06-22 23:30:18.000000000 +0200
-@@ -63,7 +63,7 @@
+--- dnsmasq.8	2004-08-08 20:57:56.000000000 +0200
+++ dnsmasq.8	2004-08-12 00:40:01.000000000 +0200
+@@ -69,7 +69,7 @@
 .TP
 .B \-g, --group=<groupname> 
 Specify the group which dnsmasq will run
@@ -9,9 +9,9 @@
 /etc/ppp/resolv.conf which is not normally world readable.
 .TP
 .B \-v, --version
--- dnsmasq.conf.example	2004-05-26 12:59:56.000000000 +0200
-+++ dnsmasq.conf.example	2004-06-22 23:32:36.000000000 +0200
-@@ -62,7 +62,7 @@
+--- dnsmasq.conf.example	2004-08-08 21:18:26.000000000 +0200
+++ dnsmasq.conf.example	2004-08-12 00:40:01.000000000 +0200
+@@ -65,7 +65,7 @@
 
 # You no longer (as of version 1.7) need to set these to enable 
 # dnsmasq to read /etc/ppp/resolv.conf since dnsmasq now uses the
@@ -20,9 +20,9 @@
 #user=
 #group=
 
--- src/config.h	2004-06-22 21:14:50.000000000 +0200
-+++ src/config.h	2004-06-22 23:31:46.000000000 +0200
-@@ -38,7 +38,7 @@
+--- src/config.h	2004-08-11 11:39:18.000000000 +0200
+++ src/config.h	2004-08-12 00:40:01.000000000 +0200
+@@ -44,7 +44,7 @@
 #endif
 #define DEFLEASE 3600 /* default lease time, 1 hour */
 #define CHUSER "nobody"
@@ -31,7 +31,7 @@
 #define IP6INTERFACES "/proc/net/if_inet6"
 #define UPTIME "/proc/uptime"
 #define DHCP_SERVER_PORT 67
-@@ -171,7 +171,7 @@
+@@ -187,7 +187,7 @@
 
 /* platform independent options. */
 #undef HAVE_BROKEN_RTC
--- a/src/cache.c
+++ b/src/cache.c
@@ -17,11 +17,12 @@ static struct crec *dhcp_inuse, *dhcp_spare, *new_chain;
 static int cache_inserted, cache_live_freed, insert_error;
 static union bigname *big_free;
 static int bignames_left, log_queries, cache_size, hash_size;
-static char *addn_file;
+static int index;

 static void cache_free(struct crec *crecp);
 static void cache_unlink(struct crec *crecp);
 static void cache_link(struct crec *crecp);
+static char *record_source(struct hostsfile *add_hosts, int index);

 void cache_init(int size, int logq)
 {
@@ -35,7 +36,7 @@ void cache_init(int size, int logq)
  cache_size = size;
  big_free = NULL;
  bignames_left = size/10;
-  addn_file = NULL;
+  index = 0;

  cache_inserted = cache_live_freed = 0;

@@ -47,6 +48,7 @@ void cache_init(int size, int logq)
 	{
 	  cache_link(crecp);
 	  crecp->flags = 0;
+	  crecp->uid = index++;
 	}
    }
  
@@ -83,7 +85,8 @@ static void cache_free(struct crec *crecp)
 {
  crecp->flags &= ~F_FORWARD;
  crecp->flags &= ~F_REVERSE;
-
+  crecp->uid = index++; /* invalidate CNAMES pointing to this. */
+  
  if (cache_tail)
    cache_tail->next = crecp;
  else
@@ -137,6 +140,22 @@ char *cache_get_name(struct crec *crecp)
  return crecp->name.sname;
 }

+static int is_outdated_cname_pointer(struct crec *crecp)
+{
+  struct crec *target = crecp->addr.cname.cache;
+
+  if (!(crecp->flags & F_CNAME))
+    return 0;
+
+  if (!target)
+    return 1;
+
+  if (crecp->addr.cname.uid == target->uid)
+    return 0;
+
+  return 1;
+}
+
 static void cache_scan_free(char *name, struct all_addr *addr, time_t now, unsigned short flags)
 {
  /* Scan and remove old entries.
@@ -146,14 +165,15 @@ static void cache_scan_free(char *name, struct all_addr *addr, time_t now, unsig
     entries in the whole cache.
     If (flags == 0) remove any expired entries in the whole cache. */
  
-#define F_CACHESTATUS (F_HOSTS | F_DHCP | F_FORWARD | F_REVERSE | F_IPV4 | F_IPV6)
+#define F_CACHESTATUS (F_HOSTS | F_DHCP | F_FORWARD | F_REVERSE | F_IPV4 | F_IPV6 | F_CNAME)
  struct crec *crecp, **up;
-  flags &= (F_FORWARD | F_REVERSE | F_IPV6 | F_IPV4);
+  flags &= (F_FORWARD | F_REVERSE | F_IPV6 | F_IPV4 | F_CNAME);

  if (flags & F_FORWARD)
    {
      for (up = hash_bucket(name), crecp = *up; crecp; crecp = crecp->hash_next)
 	if ((!(crecp->flags & F_IMMORTAL) && difftime(now, crecp->ttd) > 0) ||
+	    is_outdated_cname_pointer(crecp) || 
 	    ((flags == (crecp->flags & F_CACHESTATUS)) && hostname_isequal(cache_get_name(crecp), name)))
 	  {
 	    *up = crecp->hash_next;
@@ -177,7 +197,7 @@ static void cache_scan_free(char *name, struct all_addr *addr, time_t now, unsig
      for (i = 0; i < hash_size; i++)
 	for (crecp = hash_table[i], up = &hash_table[i]; crecp; crecp = crecp->hash_next)
 	  if ((!(crecp->flags & F_IMMORTAL) && difftime(now, crecp->ttd) > 0) ||
-	      ((flags == (crecp->flags & F_CACHESTATUS)) && memcmp(&crecp->addr, addr, addrlen) == 0))
+	      ((flags == (crecp->flags & F_CACHESTATUS)) && memcmp(&crecp->addr.addr, addr, addrlen) == 0))
 	    {
 	      *up = crecp->hash_next;
 	      if (!(crecp->flags & (F_HOSTS | F_DHCP)))
@@ -214,8 +234,8 @@ void cache_start_insert(void)
  insert_error = 0;
 }
 
-void cache_insert(char *name, struct all_addr *addr, 
-		  time_t now,  unsigned long ttl, unsigned short flags)
+struct crec *cache_insert(char *name, struct all_addr *addr, 
+			  time_t now,  unsigned long ttl, unsigned short flags)
 {
 #ifdef HAVE_IPV6
  int addrlen = (flags & F_IPV6) ? IN6ADDRSZ : INADDRSZ;
@@ -226,7 +246,7 @@ void cache_insert(char *name, struct all_addr *addr,
  union bigname *big_name = NULL;
  int freed_all = flags & F_REVERSE;

-  log_query(flags | F_UPSTREAM, name, addr);
+  log_query(flags | F_UPSTREAM, name, addr, 0, NULL, 0);

  /* name is needed as workspace by log_query in this case */
  if ((flags & F_NEG) && (flags & F_REVERSE))
@@ -237,7 +257,7 @@ void cache_insert(char *name, struct all_addr *addr,

  /* if previous insertion failed give up now. */
  if (insert_error)
-    return;
+    return NULL;

  /* First remove any expired entries and entries for the name/address we
     are currently inserting. */
@@ -248,7 +268,7 @@ void cache_insert(char *name, struct all_addr *addr,
    if (!(new = cache_tail)) /* no entries left - cache is too small, bail */
      {
 	insert_error = 1;
-	return;
+	return NULL;
      }
    
    /* End of LRU list is still in use: if we didn't scan all the hash
@@ -259,7 +279,7 @@ void cache_insert(char *name, struct all_addr *addr,
      { 
 	if (freed_all)
 	  {
-	    cache_scan_free(cache_get_name(new), &new->addr, now, new->flags);
+	    cache_scan_free(cache_get_name(new), &new->addr.addr, now, new->flags);
 	    cache_live_freed++;
 	  }
 	else
@@ -283,7 +303,7 @@ void cache_insert(char *name, struct all_addr *addr,
 		 !(big_name = (union bigname *)malloc(sizeof(union bigname))))
 	  {
 	    insert_error = 1;
-	    return;
+	    return NULL;
 	  }
 	else
 	  bignames_left--;
@@ -306,10 +326,15 @@ void cache_insert(char *name, struct all_addr *addr,
  else
    *cache_get_name(new) = 0;
  if (addr)
-    memcpy(&new->addr, addr, addrlen);
+    memcpy(&new->addr.addr, addr, addrlen);
+  else
+    new->addr.cname.cache = NULL;
+  
  new->ttd = now + (time_t)ttl;
  new->next = new_chain;
  new_chain = new;
+
+  return new;
 }

 /* after end of insertion, commit the new entries */
@@ -321,10 +346,16 @@ void cache_end_insert(void)
  while (new_chain)
    { 
      struct crec *tmp = new_chain->next;
-      cache_hash(new_chain);
-      cache_link(new_chain);
+      /* drop CNAMEs which didn't find a target. */
+      if (is_outdated_cname_pointer(new_chain))
+	cache_free(new_chain);
+      else
+	{
+	  cache_hash(new_chain);
+	  cache_link(new_chain);
+	  cache_inserted++;
+	}
      new_chain = tmp;
-      cache_inserted++;
    }
  new_chain = NULL;
 }
@@ -345,7 +376,8 @@ struct crec *cache_find_by_name(struct crec *crecp, char *name, time_t now, unsi
 	{
 	  next = crecp->hash_next;
 	  
-	  if ((crecp->flags & F_IMMORTAL) || difftime(now, crecp->ttd) < 0)
+	  if (!is_outdated_cname_pointer(crecp) &&
+	      ((crecp->flags & F_IMMORTAL) || difftime(now, crecp->ttd) < 0))
 	    {
 	      if ((crecp->flags & F_FORWARD) && 
 		  (crecp->flags & prot) &&
@@ -430,7 +462,7 @@ struct crec *cache_find_by_addr(struct crec *crecp, struct all_addr *addr,
 	     {      
 	       if ((crecp->flags & F_REVERSE) && 
 		   (crecp->flags & prot) &&
-		   memcmp(&crecp->addr, addr, addrlen) == 0)
+		   memcmp(&crecp->addr.addr, addr, addrlen) == 0)
 		 {	    
 		   if (crecp->flags & (F_HOSTS | F_DHCP))
 		     {
@@ -461,19 +493,20 @@ struct crec *cache_find_by_addr(struct crec *crecp, struct all_addr *addr,
  if (ans && 
      (ans->flags & F_REVERSE) &&
      (ans->flags & prot) &&
-      memcmp(&ans->addr, addr, addrlen) == 0)
+      memcmp(&ans->addr.addr, addr, addrlen) == 0)
    return ans;
  
  return NULL;
 }

-static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrlen, unsigned short flags)
+static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrlen, 
+			    unsigned short flags, int index)
 {
  struct crec *lookup = cache_find_by_name(NULL, cache->name.sname, 0, flags & (F_IPV4 | F_IPV6));

  /* Remove duplicates in hosts files. */
  if (lookup && (lookup->flags & F_HOSTS) &&
-      memcmp(&lookup->addr, addr, addrlen) == 0)
+      memcmp(&lookup->addr.addr, addr, addrlen) == 0)
    free(cache);
  else
    {
@@ -481,12 +514,13 @@ static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrl
      if (cache_find_by_addr(NULL, addr, 0, flags & (F_IPV4 | F_IPV6)))
 	flags &= ~F_REVERSE;
      cache->flags = flags;
-      memcpy(&cache->addr, addr, addrlen);
+      cache->uid = index;
+      memcpy(&cache->addr.addr, addr, addrlen);
      cache_hash(cache);
    }
 }

-static void read_hostsfile(char *filename, int opts, char *buff, char *domain_suffix, int is_addn)
+static void read_hostsfile(char *filename, int opts, char *buff, char *domain_suffix, int index)
 {  
  FILE *f = fopen(filename, "r");
  char *line;
@@ -531,9 +565,6 @@ static void read_hostsfile(char *filename, int opts, char *buff, char *domain_su
      else
 	continue;

-     if (is_addn)
-	 flags |= F_ADDN;
-
     while ((token = strtok(NULL, " \t\n\r")) && (*token != '#'))
       {
 	 struct crec *cache;
@@ -548,12 +579,12 @@ static void read_hostsfile(char *filename, int opts, char *buff, char *domain_su
 		 strcpy(cache->name.sname, token);
 		 strcat(cache->name.sname, ".");
 		 strcat(cache->name.sname, domain_suffix);
-		 add_hosts_entry(cache, &addr, addrlen, flags);
+		 add_hosts_entry(cache, &addr, addrlen, flags, index);
 	       }
 	     if ((cache = malloc(sizeof(struct crec) + strlen(token)+1-SMALLDNAME)))
 	       {
 		 strcpy(cache->name.sname, token);
-		 add_hosts_entry(cache, &addr, addrlen, flags);
+		 add_hosts_entry(cache, &addr, addrlen, flags, index);
 	       }
 	   }
 	 else
@@ -566,7 +597,7 @@ static void read_hostsfile(char *filename, int opts, char *buff, char *domain_su
  syslog(LOG_INFO, "read %s - %d addresses", filename, count);
 }
 	    
-void cache_reload(int opts, char *buff, char *domain_suffix, char *addn_hosts)
+void cache_reload(int opts, char *buff, char *domain_suffix, struct hostsfile *addn_hosts)
 {
  struct crec *cache, **up, *tmp;
  int i;
@@ -603,11 +634,11 @@ void cache_reload(int opts, char *buff, char *domain_suffix, char *addn_hosts)

  if (!(opts & OPT_NO_HOSTS))
    read_hostsfile(HOSTSFILE, opts, buff, domain_suffix, 0);
-  if (addn_hosts)
+  while (addn_hosts)
    {
-      read_hostsfile(addn_hosts, opts, buff, domain_suffix, 1);
-      addn_file = addn_hosts;
-    }
+      read_hostsfile(addn_hosts->fname, opts, buff, domain_suffix, addn_hosts->index);
+      addn_hosts = addn_hosts->next;
+    }  
 } 

 void cache_unhash_dhcp(void)
@@ -633,36 +664,43 @@ void cache_unhash_dhcp(void)
  dhcp_inuse = NULL;
 }

-void cache_add_dhcp_entry(char *host_name, struct in_addr *host_address, time_t ttd, unsigned short flags) 
+void cache_add_dhcp_entry(struct daemon *daemon, char *host_name, 
+			  struct in_addr *host_address, time_t ttd) 
 {
  struct crec *crec;
-  
+  unsigned short flags =  F_DHCP | F_FORWARD | F_IPV4 | F_REVERSE;
+
+  if (!host_name)
+    return;
+
  if ((crec = cache_find_by_name(NULL, host_name, 0, F_IPV4)))
    {
      if (crec->flags & F_HOSTS)
 	{
-	  if (crec->addr.addr.addr4.s_addr != host_address->s_addr)
-	    syslog(LOG_WARNING, "not naming DHCP lease for %s because it clashes with an /etc/hosts entry.", host_name);
+	  if (crec->addr.addr.addr.addr4.s_addr != host_address->s_addr)
+	    {
+	      strcpy(daemon->namebuff, inet_ntoa(crec->addr.addr.addr.addr4));
+	      syslog(LOG_WARNING, 
+		     "not giving name %s to the DHCP lease of %s because"
+		     "the name exists in %s with address %s", 
+		     host_name, inet_ntoa(*host_address),
+		     record_source(daemon->addn_hosts, crec->uid), daemon->namebuff);
+	    }
+	  return;
 	}
      else if (!(crec->flags & F_DHCP))
-	{
-	  if (crec->flags & F_NEG)
-	    {
-	      /* name may have been searched for before being allocated to DHCP and 
-		 therefore got a negative cache entry. If so delete it and continue. */
-	      cache_scan_free(host_name, NULL, 0, F_IPV4 | F_FORWARD);
-	      goto newrec;
-	    }
-	  else
-	    syslog(LOG_WARNING, "not naming DHCP lease for %s because it clashes with a cached name.", cache_get_name(crec));
-	}
-      return;
+	cache_scan_free(host_name, NULL, 0, F_IPV4 | F_FORWARD);
    }
 
-  if ((crec = cache_find_by_addr(NULL, (struct all_addr *)host_address, 0, F_IPV4)) && (crec->flags & F_NEG))
-    cache_scan_free(NULL, (struct all_addr *)host_address, 0, F_IPV4 | F_REVERSE);
-  
- newrec:
+  if ((crec = cache_find_by_addr(NULL, (struct all_addr *)host_address, 0, F_IPV4)))
+    {
+      if (crec->flags & F_NEG)
+	cache_scan_free(NULL, (struct all_addr *)host_address, 0, F_IPV4 | F_REVERSE);
+      else
+	/* avoid multiple reverse mappings */
+	flags &= ~F_REVERSE;
+    }
+
  if ((crec = dhcp_spare))
    dhcp_spare = dhcp_spare->prev;
  else /* need new one */
@@ -670,12 +708,12 @@ void cache_add_dhcp_entry(char *host_name, struct in_addr *host_address, time_t
  
  if (crec) /* malloc may fail */
    {
-      crec->flags = F_DHCP | F_FORWARD | F_IPV4 | flags;
+      crec->flags = flags;
      if (ttd == 0)
 	crec->flags |= F_IMMORTAL;
      else
 	crec->ttd = ttd;
-      crec->addr.addr.addr4 = *host_address;
+      crec->addr.addr.addr.addr4 = *host_address;
      crec->name.namep = host_name;
      crec->prev = dhcp_inuse;
      dhcp_inuse = crec;
@@ -685,12 +723,12 @@ void cache_add_dhcp_entry(char *host_name, struct in_addr *host_address, time_t



-void dump_cache(int debug, int cache_size)
+void dump_cache(struct daemon *daemon)
 {
  syslog(LOG_INFO, "cache size %d, %d/%d cache insertions re-used unexpired cache entries.", 
-	 cache_size, cache_live_freed, cache_inserted); 
+	 daemon->cachesize, cache_live_freed, cache_inserted); 
  
-  if (debug)
+  if (daemon->options & (OPT_DEBUG | OPT_LOG))
    {
      struct crec *cache ;
      char addrbuff[ADDRSTRLEN];
@@ -702,14 +740,21 @@ void dump_cache(int debug, int cache_size)
 	  {
 	    if ((cache->flags & F_NEG) && (cache->flags & F_FORWARD))
 	      addrbuff[0] = 0;
+	    else if (cache->flags & F_CNAME) 
+	      {
+		addrbuff[0] = 0;
+		addrbuff[ADDRSTRLEN-1] = 0;
+		if (!is_outdated_cname_pointer(cache))
+		  strncpy(addrbuff, cache_get_name(cache->addr.cname.cache), ADDRSTRLEN);
+	      }
 #ifdef HAVE_IPV6
 	    else if (cache->flags & F_IPV4)
-	      inet_ntop(AF_INET, &cache->addr, addrbuff, ADDRSTRLEN);
+	      inet_ntop(AF_INET, &cache->addr.addr, addrbuff, ADDRSTRLEN);
 	    else if (cache->flags & F_IPV6)
-	      inet_ntop(AF_INET6, &cache->addr, addrbuff, ADDRSTRLEN);
+	      inet_ntop(AF_INET6, &cache->addr.addr, addrbuff, ADDRSTRLEN);
 #else
            else 
-	      strcpy(addrbuff, inet_ntoa(cache->addr.addr.addr4));
+	      strcpy(addrbuff, inet_ntoa(cache->addr.addr.addr.addr4));
 #endif
 	    syslog(LOG_DEBUG, 
 #ifdef HAVE_BROKEN_RTC
@@ -720,6 +765,7 @@ void dump_cache(int debug, int cache_size)
 		   cache_get_name(cache), addrbuff,
 		   cache->flags & F_IPV4 ? "4" : "",
 		   cache->flags & F_IPV6 ? "6" : "",
+		   cache->flags & F_CNAME ? "C" : "",
 		   cache->flags & F_FORWARD ? "F" : " ",
 		   cache->flags & F_REVERSE ? "R" : " ",
 		   cache->flags & F_IMMORTAL ? "I" : " ",
@@ -727,27 +773,45 @@ void dump_cache(int debug, int cache_size)
 		   cache->flags & F_NEG ? "N" : " ",
 		   cache->flags & F_NXDOMAIN ? "X" : " ",
 		   cache->flags & F_HOSTS ? "H" : " ",
-		   cache->flags & F_ADDN ? "A" : " ",
 #ifdef HAVE_BROKEN_RTC
-		   cache->flags & F_IMMORTAL ? 0: (unsigned long)cache->ttd) ;
+		   cache->flags & F_IMMORTAL ? 0: (unsigned long)cache->ttd
 #else
-		   cache->flags & F_IMMORTAL ? "\n" : ctime(&(cache->ttd))) ;
+	           cache->flags & F_IMMORTAL ? "\n" : ctime(&(cache->ttd)) 
 #endif
-	  }
-      
-    }
+		   );
+	  }  
+    } 
 }

+static char *record_source(struct hostsfile *addn_hosts, int index)
+{
+  char *source = HOSTSFILE;
+  while (addn_hosts)
+    { 
+      if (addn_hosts->index == index)
+	{
+	  source = addn_hosts->fname;
+	  break;
+	}
+      addn_hosts = addn_hosts->next;
+    }

-void log_query(unsigned short flags, char *name, struct all_addr *addr)
+  return source;
+}
+
+void log_query(unsigned short flags, char *name, struct all_addr *addr, 
+	       unsigned short type, struct hostsfile *addn_hosts, int index)
 {
  char *source;
  char *verb = "is";
+  char types[20];
  char addrbuff[ADDRSTRLEN];
-  
+
  if (!log_queries)
    return;
  
+  strcpy(types, " ");
+  
  if (flags & F_NEG)
    {
      if (flags & F_REVERSE)
@@ -768,6 +832,8 @@ void log_query(unsigned short flags, char *name, struct all_addr *addr)
      else if (flags & F_IPV6)
 	strcat(addrbuff, "-IPv6");
    }
+  else if (flags & F_CNAME)
+    strcpy(addrbuff, "<CNAME>");
  else
 #ifdef HAVE_IPV6
    inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6,
@@ -775,17 +841,12 @@ void log_query(unsigned short flags, char *name, struct all_addr *addr)
 #else
    strcpy(addrbuff, inet_ntoa(addr->addr.addr4));  
 #endif
-  
+    
  if (flags & F_DHCP)
    source = "DHCP";
  else if (flags & F_HOSTS)
-    {
-      if (flags & F_ADDN)
-	source = addn_file;
-      else
-	source = HOSTSFILE;
-    }
-   else if (flags & F_CONFIG)
+    source = record_source(addn_hosts, index);
+  else if (flags & F_CONFIG)
    source = "config";
  else if (flags & F_UPSTREAM)
    source = "reply";
@@ -796,6 +857,47 @@ void log_query(unsigned short flags, char *name, struct all_addr *addr)
    }
  else if (flags & F_QUERY)
    {
+      unsigned int i;
+      static struct {
+	unsigned int type;
+	char *name;
+      } typestr[] = {
+	{ 1,   "A" },
+	{ 2,   "NS" },
+	{ 5,   "CNAME" },
+	{ 6,   "SOA" },
+	{ 10,  "NULL" },
+	{ 11,  "WKS" },
+	{ 12,  "PTR" },
+	{ 13,  "HINFO" },	
+        { 15,  "MX" },
+	{ 16,  "TXT" },
+	{ 22,  "NSAP" },
+	{ 23,  "NSAP_PTR" },
+	{ 24,  "SIG" },
+	{ 25,  "KEY" },
+	{ 28,  "AAAA" },
+ 	{ 33,  "SRV" },
+        { 36,  "KX" },
+        { 37,  "CERT" },
+        { 38,  "A6" },
+        { 39,  "DNAME" },
+	{ 41,  "OPT" },
+	{ 250, "TSIG" },
+	{ 251, "IXFR" },
+	{ 252, "AXFR" },
+        { 253, "MAILB" },
+	{ 254, "MAILA" },
+	{ 255, "ANY" }
+      };
+      
+      if (type != 0)
+        {
+          sprintf(types, "[type=%d] ", type); 
+          for (i = 0; i < (sizeof(typestr)/sizeof(typestr[0])); i++)
+	    if (typestr[i].type == type)
+	      sprintf(types,"[%s] ", typestr[i].name);
+	}
      source = "query";
      verb = "from";
    }
@@ -803,7 +905,7 @@ void log_query(unsigned short flags, char *name, struct all_addr *addr)
    source = "cached";
  
  if ((flags & F_FORWARD) | (flags & F_NEG))
-    syslog(LOG_DEBUG, "%s %s %s %s", source, name, verb, addrbuff);
+    syslog(LOG_DEBUG, "%s %s%s%s %s", source, name, types, verb, addrbuff);
  else if (flags & F_REVERSE)
    syslog(LOG_DEBUG, "%s %s is %s", source, addrbuff, name);
 }
--- a/src/config.h
+++ b/src/config.h
@@ -12,7 +12,7 @@

 /* Author's email: simon@thekelleys.org.uk */

-#define VERSION "2.10"
+#define VERSION "2.16"

 #define FTABSIZ 150 /* max number of outstanding requests */
 #define MAX_PROCS 20 /* max no children for TCP requests */
@@ -64,6 +64,15 @@
 #  define DNSMASQ_LOG_FAC(debug)  LOG_DAEMON
 #endif

+/* A small collection of RR-types which are missing on some platforms */
+
+#ifndef T_SRV
+#  define T_SRV 33
+#endif
+
+#ifndef T_OPT
+#  define T_OPT 41
+#endif

 /* Decide if we're going to support IPv6 */
 /* We assume that systems which don't have IPv6
@@ -147,7 +156,7 @@ HAVE_PSELECT
   If your C library implements pselect, define this.

 HAVE_BPF
-   If your OS implements Berkeley PAcket filter, define this.
+   If your OS implements Berkeley Packet filter, define this.

 NOTES:
   For Linux you should define 
@@ -167,10 +176,12 @@ NOTES:
   you should NOT define  
     HAVE_LINUX_IPV6_PROC 
   and you MAY define  
-     HAVE_ARC4RANDOM - OpenBSD and FreeBSD 
-     HAVE_DEV_URANDOM - OpenBSD and FreeBSD
-     HAVE_DEV_RANDOM - FreeBSD (OpenBSD with hardware random number generator)
-     HAVE_GETOPT_LONG - only if you link GNU getopt. 
+     HAVE_ARC4RANDOM - OpenBSD and FreeBSD and NetBSD version 2.0 or later
+     HAVE_DEV_URANDOM - OpenBSD and FreeBSD and NetBSD
+     HAVE_DEV_RANDOM - FreeBSD  and NetBSD 
+                       (OpenBSD with hardware random number generator)
+     HAVE_GETOPT_LONG - NetBSD 
+                       (FreeBSD and OpenBSD only if you link GNU getopt) 

 */

@@ -218,7 +229,6 @@ NOTES:
 #undef HAVE_SOCKADDR_SA_LEN
 #undef HAVE_PSELECT
 /* Fix various misfeatures of libc5 headers */
-#define T_SRV 33 
 typedef unsigned long in_addr_t; 
 typedef size_t socklen_t;

@@ -242,9 +252,6 @@ typedef unsigned long in_addr_t;
 #endif
 #endif

-/* #elif defined(__OpenBSD__)
-#error The sockets API in OpenBSD does not provide facilities required by dnsmasq
-*/
 #elif defined(__FreeBSD__) || defined(__OpenBSD__)
 #undef HAVE_LINUX_IPV6_PROC
 #undef HAVE_GETOPT_LONG
@@ -267,17 +274,16 @@ typedef unsigned long in_addr_t;
 #define BIND_8_COMPAT
 /* Define before sys/socket.h is included so we get socklen_t */
 #define _BSD_SOCKLEN_T_
-/* The two below are not defined in Mac OS X arpa/nameserv.h */
+/* This is not defined in Mac OS X arpa/nameserv.h */
 #define IN6ADDRSZ 16
-#define T_SRV 33
 
 #elif defined(__NetBSD__)
 #undef HAVE_LINUX_IPV6_PROC
-#undef HAVE_GETOPT_LONG
+#define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
 #define HAVE_RANDOM
-#undef HAVE_DEV_URANDOM
-#undef HAVE_DEV_RANDOM
+#define HAVE_DEV_URANDOM
+#define HAVE_DEV_RANDOM
 #define HAVE_SOCKADDR_SA_LEN
 #undef HAVE_PSELECT
 #define HAVE_BPF
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -14,61 +14,94 @@

 #include "dnsmasq.h"

-void dhcp_init(int *fdp, int* rfdp)
+void dhcp_init(struct daemon *daemon)
 {
  int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
  struct sockaddr_in saddr;
-  int opt = 1;
-  
+  int flags, oneopt = 1, zeroopt = 0;
+  struct dhcp_config *configs, *cp;
+
  if (fd == -1)
    die ("cannot create DHCP socket : %s", NULL);
  
-  if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
+  if ((flags = fcntl(fd, F_GETFL, 0)) == -1 ||
+      fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1 ||
 #if defined(IP_PKTINFO)
-      setsockopt(fd, SOL_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1 ||
+      setsockopt(fd, SOL_IP, IP_PKTINFO, &oneopt, sizeof(oneopt)) == -1 ||
 #elif defined(IP_RECVIF)
-      setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1 ||
+      setsockopt(fd, IPPROTO_IP, IP_RECVIF, &oneopt, sizeof(oneopt)) == -1 ||
 #endif
-      setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &opt, sizeof(opt)) == -1)  
+      setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &oneopt, sizeof(oneopt)) == -1)  
    die("failed to set options on DHCP socket: %s", NULL);
  
  saddr.sin_family = AF_INET;
  saddr.sin_port = htons(DHCP_SERVER_PORT);
  saddr.sin_addr.s_addr = INADDR_ANY;
+#ifdef HAVE_SOCKADDR_SA_LEN
+  saddr.sin_len = sizeof(struct sockaddr_in);
+#endif
+
  if (bind(fd, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in)))
    die("failed to bind DHCP server socket: %s", NULL);

-  *fdp = fd;
+  daemon->dhcpfd = fd;
+
+  if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) == -1 ||
+      setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &oneopt, sizeof(oneopt)) ||
+      setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
+    die("cannot create ICMP raw socket: %s.", NULL);
+
+  daemon->dhcp_icmp_fd = fd;

 #ifdef HAVE_BPF
-  opt = 0;
-  while (1) 
-    {
-      char filename[50];
-      sprintf(filename, "/dev/bpf%d", opt++);
-      if ((fd = open(filename, O_RDWR, 0)) != -1)
-	break;
-      if (errno != EBUSY)
-	die("cannot create DHCP BPF socket: %s", NULL);
-    }	    
+  { 
+    int i = 0;
+    while (1) 
+      {
+	char filename[50];
+	sprintf(filename, "/dev/bpf%d", i++);
+	if ((fd = open(filename, O_RDWR, 0)) != -1)
+	  break;
+	if (errno != EBUSY)
+	  die("cannot create DHCP BPF socket: %s", NULL);
+      }	    
+  }
 #else
-  if ((fd = socket(PF_PACKET, SOCK_DGRAM, htons(ETHERTYPE_IP))) == -1)
-    die("cannot create DHCP packet socket: %s", NULL);
+  /* since we don't ever use the packet socket for reception,
+     and it receives copies of _all_ IP packets, then that data
+     will build up in kernel buffers, wasting memory. Set the
+     socket receive buffer size to one to avoid that. (zero is
+     rejected as non-sensical by some BSD kernels) */
+  if ((fd = socket(PF_PACKET, SOCK_DGRAM, htons(ETHERTYPE_IP))) == -1 ||
+      (flags = fcntl(fd, F_GETFL, 0)) == -1 ||
+      fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1 ||
+      setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &oneopt, sizeof(oneopt)) == -1)
+    die("cannot create DHCP packet socket: %s. "
+	"Is CONFIG_PACKET enabled in your kernel?", NULL);
 #endif
  
-  *rfdp = fd;
+  daemon->dhcp_raw_fd = fd;
+  
+  /* If the same IP appears in more than one host config, then DISCOVER
+     for one of the hosts will get the address, but REQUEST will be NAKed,
+     since the address is reserved by the other one -> protocol loop. */
+  for (configs = daemon->dhcp_conf; configs; configs = configs->next)
+    for (cp = configs->next; cp; cp = cp->next)
+      if ((configs->flags & cp->flags & CONFIG_ADDR) &&	configs->addr.s_addr == cp->addr.s_addr)
+	die("duplicate IP address %s in dhcp-config directive.", inet_ntoa(cp->addr));
+  
+  daemon->dhcp_packet = safe_malloc(sizeof(struct udp_dhcp_packet));
+  /* These two each hold a DHCP option max size 256 
+     and get a terminating zero added */
+  daemon->dhcp_buff = safe_malloc(257);
+  daemon->dhcp_buff2 = safe_malloc(257); 
+
 }

-void dhcp_packet(struct dhcp_context *contexts, char *packet, 
-		 struct dhcp_opt *dhcp_opts, struct dhcp_config *dhcp_configs,
-		 struct dhcp_vendor *vendors,
-		 time_t now, char *namebuff, char *domain_suffix,
-		 char *dhcp_file, char *dhcp_sname, 
-		 struct in_addr dhcp_next_server, int dhcp_fd, int raw_fd,
-		 struct iname *names, struct iname *addrs, struct iname *except)
+void dhcp_packet(struct daemon *daemon, time_t now)
 {
-  struct udp_dhcp_packet *rawpacket = (struct udp_dhcp_packet *)packet;
-  struct dhcp_packet *mess = (struct dhcp_packet *)&rawpacket->data;
+  struct udp_dhcp_packet *rawpacket = daemon->dhcp_packet;
+  struct dhcp_packet *mess = &rawpacket->data;
  struct dhcp_context *context;
  struct iname *tmp;
  struct ifreq ifr;
@@ -76,8 +109,7 @@ void dhcp_packet(struct dhcp_context *contexts, char *packet,
  struct iovec iov[2];
  struct cmsghdr *cmptr;
  int sz, newlen, iface_index = 0;
-  struct in_addr source, iface_netmask, iface_addr, iface_broadcast;
-  struct in_addr netmask_save, broadcast_save, router;
+  struct in_addr iface_netmask, iface_addr, iface_broadcast;
 #ifdef HAVE_BPF
  unsigned char iface_hwaddr[ETHER_ADDR_LEN];
 #endif
@@ -91,8 +123,8 @@ void dhcp_packet(struct dhcp_context *contexts, char *packet,
 #endif
  } control_u;
  
-  iov[0].iov_base = (char *)&rawpacket->data;
-  iov[0].iov_len = DNSMASQ_PACKETSZ - (sizeof(struct ip) + sizeof(struct udphdr));
+  iov[0].iov_base = (char *)mess;
+  iov[0].iov_len = sizeof(struct dhcp_packet);

  msg.msg_control = control_u.control;
  msg.msg_controllen = sizeof(control_u);
@@ -102,7 +134,7 @@ void dhcp_packet(struct dhcp_context *contexts, char *packet,
  msg.msg_iov = iov;
  msg.msg_iovlen = 1;
  
-  sz = recvmsg(dhcp_fd, &msg, 0);
+  sz = recvmsg(daemon->dhcpfd, &msg, 0);
  
  if (sz < (int)(sizeof(*mess) - sizeof(mess->options)))
    return;
@@ -115,7 +147,7 @@ void dhcp_packet(struct dhcp_context *contexts, char *packet,
      iface_index = ((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_ifindex;
  
  if (!(ifr.ifr_ifindex = iface_index) || 
-      ioctl(dhcp_fd, SIOCGIFNAME, &ifr) == -1)
+      ioctl(daemon->dhcpfd, SIOCGIFNAME, &ifr) == -1)
    return;

 #elif defined(IP_RECVIF)
@@ -129,35 +161,37 @@ void dhcp_packet(struct dhcp_context *contexts, char *packet,
    return;

 #else
-  while (names->isloop)
-    names = names->next;
-  strcpy(ifr.ifr_name, names->name);
+  {
+    struct iname *name;
+    for (name = daemon->if_names; name->isloop; name = name->next);
+    strcpy(ifr.ifr_name, name->name);
+  }
 #endif

 #ifdef HAVE_BPF
  ifr.ifr_addr.sa_family = AF_LINK;
-  if (ioctl(dhcp_fd, SIOCGIFADDR, &ifr) < 0)
+  if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) < 0)
    return;
  memcpy(iface_hwaddr, LLADDR((struct sockaddr_dl *)&ifr.ifr_addr), ETHER_ADDR_LEN);
 #endif
  
  ifr.ifr_addr.sa_family = AF_INET;
-  if (ioctl(dhcp_fd, SIOCGIFADDR, &ifr) < 0 )
+  if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) < 0 )
    return;
  iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;

  /* enforce available interface configuration */
-  for (tmp = except; tmp; tmp = tmp->next)
+  for (tmp = daemon->if_except; tmp; tmp = tmp->next)
    if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
      return;
  
-  if (names || addrs)
+  if (daemon->if_names || daemon->if_addrs)
    {
-      for (tmp = names; tmp; tmp = tmp->next)
+      for (tmp = daemon->if_names; tmp; tmp = tmp->next)
 	if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
 	  break;
      if (!tmp)
-	for (tmp = addrs; tmp; tmp = tmp->next)
+	for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
 	  if (tmp->addr.sa.sa_family == AF_INET && 
 	      tmp->addr.in.sin_addr.s_addr == iface_addr.s_addr)
 	    break;
@@ -165,90 +199,82 @@ void dhcp_packet(struct dhcp_context *contexts, char *packet,
 	return; 
    }
  
-  /* If the packet came via a relay, use that address to look up the context,
-     else use the address of the interface is arrived on. */
-   source = mess->giaddr.s_addr ? mess->giaddr : iface_addr;
-   
-   iface_netmask.s_addr = 0;
-   iface_broadcast.s_addr = 0;
-
-   if (ioctl(dhcp_fd, SIOCGIFNETMASK, &ifr) != -1)
-     {
-       iface_netmask = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
-       /* we can use the interface netmask if either the packet came direct,
-	  or it came via a relay listening on the same network. This sounds unlikely,
-	  but it happens with win4lin. */
-       if (!is_same_net(source, iface_addr, iface_netmask))
-	 iface_netmask.s_addr = 0;
-       else if (ioctl(dhcp_fd, SIOCGIFBRDADDR, &ifr) != -1)
-	 iface_broadcast = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
-	      
-     }
-          
-   for (context = contexts; context; context = context->next)
+  iface_netmask.s_addr = 0;
+  iface_broadcast.s_addr = 0;
+  
+  for (context = daemon->dhcp; context; context = context->next)
    {
-      struct in_addr netmask = context->netmask.s_addr ? context->netmask : iface_netmask;
-
-      if (netmask.s_addr && 
-	  is_same_net(source, context->start, netmask) &&
-	  is_same_net(source, context->end, netmask))
-	break;
+      /* Fill in missing netmask and broadcast address values for any approriate
+	 dhcp-ranges which match this interface and don't have them. */
+      if (!context->netmask.s_addr)
+	{
+	  if (!iface_netmask.s_addr && ioctl(daemon->dhcpfd, SIOCGIFNETMASK, &ifr) != -1)
+	    iface_netmask = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
+	  
+	  if (iface_netmask.s_addr &&
+	      (is_same_net(iface_addr, context->start, iface_netmask) ||
+	       is_same_net(iface_addr, context->end, iface_netmask)))
+	    {
+	      context->netmask = iface_netmask; 
+	      if (!(is_same_net(iface_addr, context->start, iface_netmask) &&
+		    is_same_net(iface_addr, context->end, iface_netmask)))
+		{
+		   strcpy(daemon->dhcp_buff, inet_ntoa(context->start));
+		   strcpy(daemon->dhcp_buff2, inet_ntoa(context->end));
+		   syslog(LOG_WARNING, "DHCP range %s -- %s is not consistent with netmask %s",
+			  daemon->dhcp_buff, daemon->dhcp_buff2, inet_ntoa(iface_netmask));
+		}
+	    }
+	}    
+	 
+      /* Determine "default" default routes. These are to this server or the relay agent.
+	 Also broadcast addresses, if not specified */
+      if (context->netmask.s_addr)
+	{
+	  if (is_same_net(iface_addr, context->start, context->netmask))
+	    {
+	      if (!context->router.s_addr)
+		context->router = iface_addr;
+	      if (!context->broadcast.s_addr)
+		{
+		  if (!iface_broadcast.s_addr && ioctl(daemon->dhcpfd, SIOCGIFBRDADDR, &ifr) != -1)
+		    iface_broadcast = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
+		  if (iface_broadcast.s_addr && 
+		      is_same_net(iface_broadcast, context->start, context->netmask))
+		    context->broadcast = iface_broadcast;
+		  else 
+		    context->broadcast.s_addr  = context->start.s_addr | ~context->netmask.s_addr;
+		}
+	    }	
+	  else if (mess->giaddr.s_addr && is_same_net(mess->giaddr, context->start, context->netmask))
+	    {
+	      if (!context->router.s_addr)
+		context->router = mess->giaddr;
+	      /* fill in missing broadcast addresses for relayed ranges */
+	      if (!context->broadcast.s_addr)
+		context->broadcast.s_addr  = context->start.s_addr | ~context->netmask.s_addr;
+	    }
+	}
    }
-      
-  if (!context)
-    {
-      syslog(LOG_WARNING, "no address range available for DHCP request via %s", inet_ntoa(source));
-      return;
-    }
-  
-  netmask_save = context->netmask;
-  broadcast_save = context->broadcast;
-  
-  if (!context->netmask.s_addr)
-    context->netmask = iface_netmask;
-  
-  if (!context->broadcast.s_addr)
-    {
-      if (iface_broadcast.s_addr)
-	context->broadcast = iface_broadcast;
-      else
-	context->broadcast.s_addr  = (source.s_addr & context->netmask.s_addr) | ~context->netmask.s_addr;
-    }
-  
-  if (ioctl(dhcp_fd, SIOCGIFMTU, &ifr) == -1)
-   ifr.ifr_mtu = ETHERMTU;
-
-  /* Normally, we set the default route to point to the machine which is getting the
-     DHCP broadcast, either this machine or a relay. In the special case that the relay
-     is on the same network as us, we set the default route to us, not the relay.
-     This is the win4lin scenario again. */ 
-  if (is_same_net(source, iface_addr, context->netmask))
-    router = iface_addr;
-  else
-    router = source;
  
  lease_prune(NULL, now); /* lose any expired leases */
-  newlen = dhcp_reply(context, iface_addr, ifr.ifr_name, ifr.ifr_mtu, 
-		      rawpacket, sz, now, namebuff, 
-		      dhcp_opts, dhcp_configs, vendors, domain_suffix, 
-		      dhcp_file, dhcp_sname, dhcp_next_server, router);
+  newlen = dhcp_reply(daemon, iface_addr, ifr.ifr_name, sz, now);
  lease_update_file(0, now);
-  lease_update_dns();
-	  
-  context->netmask = netmask_save;
-  context->broadcast = broadcast_save;
+  lease_update_dns(daemon);
  
  if (newlen == 0)
    return;
  
  if (mess->giaddr.s_addr || mess->ciaddr.s_addr)
    {
-      /* To send to BOOTP relay or configured client, use 
-	 the IP packet */
+      /* To send to BOOTP relay or configured client, use the IP packet */
      
      struct sockaddr_in dest;
      dest.sin_family = AF_INET;
-      
+#ifdef HAVE_SOCKADDR_SA_LEN
+      dest.sin_len = sizeof(struct sockaddr_in);
+#endif
+     
      if (mess->giaddr.s_addr)
 	{
 	  dest.sin_port = htons(DHCP_SERVER_PORT);
@@ -260,7 +286,9 @@ void dhcp_packet(struct dhcp_context *contexts, char *packet,
 	  dest.sin_addr = mess->ciaddr;
 	}
      
-      sendto(dhcp_fd, mess, newlen, 0, (struct sockaddr *)&dest, sizeof(dest));
+      while(sendto(daemon->dhcpfd, mess, newlen, 0, 
+		   (struct sockaddr *)&dest, sizeof(dest)) == -1 &&
+	    retry_send());
    }
  else
    {
@@ -324,13 +352,14 @@ void dhcp_packet(struct dhcp_context *contexts, char *packet,
 	memcpy(header.ether_shost, iface_hwaddr, ETHER_ADDR_LEN);
 	memcpy(header.ether_dhost, hwdest, ETHER_ADDR_LEN); 
 	
-	ioctl(raw_fd, BIOCSETIF, &ifr);
+	ioctl(daemon->dhcp_raw_fd, BIOCSETIF, &ifr);
 	
 	iov[0].iov_base = (char *)&header;
 	iov[0].iov_len = sizeof(struct ether_header);
 	iov[1].iov_base = (char *)rawpacket;
 	iov[1].iov_len = ntohs(rawpacket->ip.ip_len);
-	writev(raw_fd, iov, 2);
+	while (writev(daemon->dhcp_raw_fd, iov, 2) == -1 &&
+	       errno == EINTR);
 #else
 	struct sockaddr_ll dest;
 	
@@ -339,9 +368,9 @@ void dhcp_packet(struct dhcp_context *contexts, char *packet,
 	dest.sll_ifindex = iface_index;
 	dest.sll_protocol = htons(ETHERTYPE_IP);
 	memcpy(dest.sll_addr, hwdest, ETHER_ADDR_LEN); 
-	sendto(raw_fd, rawpacket, ntohs(rawpacket->ip.ip_len), 
-	       0, (struct sockaddr *)&dest, sizeof(dest));
-	
+	while (sendto(daemon->dhcp_raw_fd, rawpacket, ntohs(rawpacket->ip.ip_len), 
+		      0, (struct sockaddr *)&dest, sizeof(dest)) == -1 &&
+	       errno == EINTR);
 #endif
      }
    }
@@ -349,71 +378,78 @@ void dhcp_packet(struct dhcp_context *contexts, char *packet,

 int address_available(struct dhcp_context *context, struct in_addr taddr)
 {
-  /* Check is an address is OK for this network, ie
-     within allowable range and not in an existing lease */
+  /* Check is an address is OK for this network, check all
+     possible ranges. */
  
-  unsigned int addr, start, end;
+  unsigned int start, end, addr = ntohl(taddr.s_addr);
  
-  addr = ntohl(taddr.s_addr);
-  start = ntohl(context->start.s_addr);
-  end = ntohl(context->end.s_addr);
+  for (; context; context = context->current)
+    {
+      start = ntohl(context->start.s_addr);
+      end = ntohl(context->end.s_addr);

-  /* static leases only. */
-  if (start == end)
-    return 0;
+      if (!context->static_only &&
+	  addr >= start &&
+	  addr <= end)
+	return 1;
+    }

-  if (addr < start)
-    return 0;
+  return 0;
+}
+ 
+struct dhcp_config *config_find_by_address(struct dhcp_config *configs, struct in_addr addr)
+{
+  struct dhcp_config *config;
+  
+  for (config = configs; config; config = config->next)
+    if ((config->flags & CONFIG_ADDR) && config->addr.s_addr == addr.s_addr)
+      return config;

-  if (addr > end)
-    return 0;
-
-  return 1;
+  return NULL;
 }

-int address_allocate(struct dhcp_context *context, struct dhcp_config *configs,
+int address_allocate(struct dhcp_context *context, struct daemon *daemon,
 		     struct in_addr *addrp, unsigned char *hwaddr)   
 {
  /* Find a free address: exclude anything in use and anything allocated to
     a particular hwaddr/clientid/hostname in our configuration */

-  struct dhcp_config *config;
  struct in_addr start, addr ;
  unsigned int i, j;
-
-  /* start == end means no dynamic leases. */
-  if (context->end.s_addr == context->start.s_addr)
-    return 0;
  
-  /* pick a seed based on hwaddr then iterate until we find a free address. */
-  for (j = context->addr_epoch, i = 0; i < ETHER_ADDR_LEN; i++)
-    j += hwaddr[i] + (hwaddr[i] << 8) + (hwaddr[i] << 16);
-  
-  start.s_addr = addr.s_addr = 
-    htonl(ntohl(context->start.s_addr) + 
-	  (j % (ntohl(context->end.s_addr) - ntohl(context->start.s_addr))));
- 
-  do {
-    if (addr.s_addr == context->end.s_addr)
-      addr = context->start;
-    else
-      addr.s_addr = htonl(ntohl(addr.s_addr) + 1);
-
-    
-    if (!lease_find_by_addr(addr))
+  for (; context; context = context->current)
+    if (!context->static_only)
      {
-	for (config = configs; config; config = config->next)
-	  if ((config->flags & CONFIG_ADDR) && config->addr.s_addr == addr.s_addr)
-	    break;
+	/* pick a seed based on hwaddr then iterate until we find a free address. */
+	for (j = context->addr_epoch, i = 0; i < ETHER_ADDR_LEN; i++)
+	  j += hwaddr[i] + (hwaddr[i] << 8) + (hwaddr[i] << 16);
 	
-	if (!config)
-	  {
-	    *addrp = addr;
-	    return 1;
-	  }
+	start.s_addr = addr.s_addr = 
+	  htonl(ntohl(context->start.s_addr) + 
+		(j % (1 + ntohl(context->end.s_addr) - ntohl(context->start.s_addr))));
+	
+	do {
+	  if (!lease_find_by_addr(addr) && 
+	      !config_find_by_address(daemon->dhcp_conf, addr))
+	    {
+	      if (icmp_ping(daemon, addr))
+		/* perturb address selection so that we are
+		   less likely to try this address again. */
+		context->addr_epoch++;
+	      else
+		{
+		  *addrp = addr;
+		  return 1;
+		}
+	    }
+
+	  addr.s_addr = htonl(ntohl(addr.s_addr) + 1);
+	  
+	  if (addr.s_addr == htonl(ntohl(context->end.s_addr) + 1))
+	    addr = context->start;
+	  
+	} while (addr.s_addr != start.s_addr);
      }
-  } while (addr.s_addr != start.s_addr);
-  
  return 0;
 }

@@ -469,20 +505,21 @@ struct dhcp_config *find_config(struct dhcp_config *configs,
  return NULL;
 }

-struct dhcp_config *dhcp_read_ethers(struct dhcp_config *configs, char *buff)
+void dhcp_read_ethers(struct daemon *daemon)
 {
  FILE *f = fopen(ETHERSFILE, "r");
  unsigned int flags, e0, e1, e2, e3, e4, e5;
+  char *buff = daemon->namebuff;
  char *ip, *cp;
  struct in_addr addr;
  unsigned char hwaddr[ETHER_ADDR_LEN];
-  struct dhcp_config *config;
+  struct dhcp_config *config, *configs = daemon->dhcp_conf;
  int count = 0;
  
  if (!f)
    {
      syslog(LOG_ERR, "failed to read " ETHERSFILE ":%m");
-      return configs;
+      return;
    }

  while (fgets(buff, MAXDNAME, f))
@@ -574,7 +611,8 @@ struct dhcp_config *dhcp_read_ethers(struct dhcp_config *configs, char *buff)
  fclose(f);

  syslog(LOG_INFO, "read " ETHERSFILE " - %d addresses", count);
-  return configs;
+  
+  daemon->dhcp_conf =  configs;
 }

 void dhcp_update_configs(struct dhcp_config *configs)
@@ -592,7 +630,7 @@ void dhcp_update_configs(struct dhcp_config *configs)
 	(crec = cache_find_by_name(NULL, config->hostname, 0, F_IPV4)) &&
 	(crec->flags & F_HOSTS))
      {
-	config->addr = crec->addr.addr.addr4;
+	config->addr = crec->addr.addr.addr.addr4;
 	config->flags |= CONFIG_ADDR;
      }
 }
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2003 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2004 Simon Kelley

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -16,75 +16,18 @@

 static int sigterm, sighup, sigusr1, sigalarm, num_kids, in_child;

-static void sig_handler(int sig)
-{
-  if (sig == SIGTERM)
-    sigterm = 1;
-  else if (sig == SIGHUP)
-    sighup = 1;
-  else if (sig == SIGUSR1)
-    sigusr1 = 1;
-  else if (sig == SIGALRM)
-    {
-      /* alarm is used to kill children after a fixed time. */
-      if (in_child)
-	exit(0);
-      else
-	sigalarm = 1;
-    }
-  else if (sig == SIGCHLD)
-    {
-      /* See Stevens 5.10 */
-      pid_t pid;
-      int stat;
-      
-      while ((pid = waitpid(-1, &stat, WNOHANG)) > 0)
-	num_kids--;
-    }
-}
+static int set_dns_listeners(struct daemon *daemon, fd_set *set, int maxfd);
+static void check_dns_listeners(struct daemon *daemon, fd_set *set, time_t now);
+static void sig_handler(int sig);

 int main (int argc, char **argv)
 {
-  int cachesize = CACHESIZ;
-  int port = NAMESERVER_PORT;
-  int maxleases = MAXLEASES;
-  unsigned short edns_pktsz = EDNS_PKTSZ;
-  int query_port = 0;
+  struct daemon *daemon;
  int first_loop = 1;
  int bind_fallback = 0;
-  unsigned long local_ttl = 0;
-  unsigned int options, min_leasetime;
-  char *runfile = RUNFILE;
  time_t resolv_changed = 0;
  time_t now, last = 0;
-  struct irec *interfaces = NULL;
-  struct listener *listener, *listeners = NULL;
-  struct doctor *doctors = NULL;
-  struct mx_record *mxnames = NULL;
-  char *mxtarget = NULL;
-  char *lease_file = NULL;
-  char *addn_hosts = NULL;
-  char *domain_suffix = NULL;
-  char *username = CHUSER;
-  char *groupname = CHGRP;
-  struct iname *if_names = NULL;
-  struct iname *if_addrs = NULL;
-  struct iname *if_except = NULL;
-  struct server *serv_addrs = NULL;
-  char *dnamebuff, *packet;
-  int uptime_fd = -1;
-  struct server *servers, *last_server;
-  struct resolvc default_resolv = { NULL, 1, 0, RESOLVFILE };
-  struct resolvc *resolv = &default_resolv;
-  struct bogus_addr *bogus_addr = NULL;
-  struct serverfd *serverfdp, *sfds = NULL;
-  struct dhcp_context *dhcp_tmp, *dhcp = NULL;
-  struct dhcp_config *dhcp_configs = NULL;
-  struct dhcp_opt *dhcp_options = NULL;
-  struct dhcp_vendor *dhcp_vendors = NULL;
-  char *dhcp_file = NULL, *dhcp_sname = NULL;
-  struct in_addr dhcp_next_server;
-  int leasefd = -1, dhcpfd = -1, dhcp_raw_fd = -1;
+  struct irec *interfaces;
  struct sigaction sigact;
  sigset_t sigmask;

@@ -121,56 +64,45 @@ int main (int argc, char **argv)
  sigaddset(&sigact.sa_mask, SIGCHLD);
  sigprocmask(SIG_BLOCK, &sigact.sa_mask, &sigmask); 

-  /* These get allocated here to avoid overflowing the small stack
-     on embedded systems. dnamebuff is big enough to hold one
-     maximal sixed domain name and gets passed into all the processing
-     code. We manage to get away with one buffer. */
-  dnamebuff = safe_malloc(MAXDNAME);
+  daemon = read_opts(argc, argv);
  
-  dhcp_next_server.s_addr = 0;
-  options = read_opts(argc, argv, dnamebuff, &resolv, &mxnames, &mxtarget, &lease_file,
-		      &username, &groupname, &domain_suffix, &runfile, 
-		      &if_names, &if_addrs, &if_except, &bogus_addr, 
-		      &serv_addrs, &cachesize, &port, &query_port, &local_ttl, &addn_hosts,
-		      &dhcp, &dhcp_configs, &dhcp_options, &dhcp_vendors,
-		      &dhcp_file, &dhcp_sname, &dhcp_next_server, &maxleases, &min_leasetime,
-		      &doctors, &edns_pktsz);
-
-  if (edns_pktsz < PACKETSZ)
-    edns_pktsz = PACKETSZ;
-  packet = safe_malloc(edns_pktsz > DNSMASQ_PACKETSZ ? edns_pktsz : DNSMASQ_PACKETSZ);
-
-  if (!lease_file)
+  if (daemon->edns_pktsz < PACKETSZ)
+    daemon->edns_pktsz = PACKETSZ;
+  daemon->packet = safe_malloc(daemon->edns_pktsz > DNSMASQ_PACKETSZ ? 
+			       daemon->edns_pktsz : DNSMASQ_PACKETSZ);
+  
+  if (!daemon->lease_file)
    {
-      if (dhcp)
-	lease_file = LEASEFILE;
+      if (daemon->dhcp)
+	daemon->lease_file = LEASEFILE;
    }
 #ifndef HAVE_ISC_READER
-  else if (!dhcp)
+  else if (!daemon->dhcp)
    die("ISC dhcpd integration not available: set HAVE_ISC_READER in src/config.h", NULL);
 #endif
  
-  interfaces = enumerate_interfaces(&if_names, &if_addrs, if_except, port);
-
-  if (!(options & OPT_NOWILD) && !(listeners = create_wildcard_listeners(port)))
+  interfaces = enumerate_interfaces(daemon);
+    
+  if (!(daemon->options & OPT_NOWILD) && 
+      !(daemon->listeners = create_wildcard_listeners(daemon->port)))
    {
      bind_fallback = 1;
-      options |= OPT_NOWILD;
+      daemon->options |= OPT_NOWILD;
    }
    
-  if (options & OPT_NOWILD) 
+  if (daemon->options & OPT_NOWILD) 
    {
      struct iname *if_tmp;
-      listeners = create_bound_listeners(interfaces, port);
+      daemon->listeners = create_bound_listeners(interfaces, daemon->port);

-      for (if_tmp = if_names; if_tmp; if_tmp = if_tmp->next)
+      for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
 	if (if_tmp->name && !if_tmp->used)
 	  die("unknown interface %s", if_tmp->name);
  
-      for (if_tmp = if_addrs; if_tmp; if_tmp = if_tmp->next)
+      for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
 	if (!if_tmp->used)
 	  {
-	    char addrbuff[ADDRSTRLEN];
+	    char *addrbuff = daemon->namebuff;
 #ifdef HAVE_IPV6
 	    if (if_tmp->addr.sa.sa_family == AF_INET)
 	      inet_ntop(AF_INET, &if_tmp->addr.in.sin_addr,
@@ -186,60 +118,62 @@ int main (int argc, char **argv)
    }
  
  forward_init(1);
-  cache_init(cachesize, options & OPT_LOG);
+  cache_init(daemon->cachesize, daemon->options & OPT_LOG);

 #ifdef HAVE_BROKEN_RTC
-  if ((uptime_fd = open(UPTIME, O_RDONLY)) == -1)
+  if ((daemon->uptime_fd = open(UPTIME, O_RDONLY)) == -1)
    die("cannot open " UPTIME ":%s", NULL);
 #endif
 
-  now = dnsmasq_time(uptime_fd);
+  now = dnsmasq_time(daemon->uptime_fd);
  
-  if (dhcp)
+  if (daemon->dhcp)
    {
 #if !defined(IP_PKTINFO) && !defined(IP_RECVIF)
      int c;
      struct iname *tmp;
-      for (c = 0, tmp = if_names; tmp; tmp = tmp->next)
+      for (c = 0, tmp = daemon->if_names; tmp; tmp = tmp->next)
 	if (!tmp->isloop)
 	  c++;
      if (c != 1)
 	die("must set exactly one interface on broken systems without IP_RECVIF", NULL);
 #endif
-      dhcp_init(&dhcpfd, &dhcp_raw_fd);
-      leasefd = lease_init(lease_file, domain_suffix, dnamebuff, packet, now, maxleases);
+      dhcp_init(daemon);
+      lease_init(daemon, now);
    }

  /* If query_port is set then create a socket now, before dumping root
     for use to access nameservers without more specific source addresses.
     This allows query_port to be a low port */
-  if (query_port)
+  if (daemon->query_port)
    {
      union  mysockaddr addr;
      addr.in.sin_family = AF_INET;
      addr.in.sin_addr.s_addr = INADDR_ANY;
-      addr.in.sin_port = htons(query_port);
+      addr.in.sin_port = htons(daemon->query_port);
 #ifdef HAVE_SOCKADDR_SA_LEN
      addr.in.sin_len = sizeof(struct sockaddr_in);
 #endif
-      allocate_sfd(&addr, &sfds);
+      allocate_sfd(&addr, &daemon->sfds);
 #ifdef HAVE_IPV6
      addr.in6.sin6_family = AF_INET6;
      addr.in6.sin6_addr = in6addr_any;
-      addr.in6.sin6_port = htons(query_port);
+      addr.in6.sin6_port = htons(daemon->query_port);
      addr.in6.sin6_flowinfo = htonl(0);
 #ifdef HAVE_SOCKADDR_SA_LEN
      addr.in6.sin6_len = sizeof(struct sockaddr_in6);
 #endif
-      allocate_sfd(&addr, &sfds);
+      allocate_sfd(&addr, &daemon->sfds);
 #endif
    }
  
  setbuf(stdout, NULL);

-  if (!(options & OPT_DEBUG))
+  if (!(daemon->options & OPT_DEBUG))
    {
      FILE *pidfile;
+      struct serverfd *serverfdp;
+      struct listener *listener;
      struct passwd *ent_pw;
      int i;
        
@@ -247,20 +181,23 @@ int main (int argc, char **argv)
 	 See Stevens section 12.4 */

 #ifndef NO_FORK
-      if (fork() != 0 )
-	exit(0);
-      
-      setsid();
-      
-      if (fork() != 0)
-	exit(0);
+      if (!(daemon->options & OPT_NO_FORK))
+	{
+	  if (fork() != 0 )
+	    exit(0);
+	  
+	  setsid();
+	  
+	  if (fork() != 0)
+	    exit(0);
+	}
 #endif
      
      chdir("/");
      umask(022); /* make pidfile 0644 */
      
      /* write pidfile _after_ forking ! */
-      if (runfile && (pidfile = fopen(runfile, "w")))
+      if (daemon->runfile && (pidfile = fopen(daemon->runfile, "w")))
      	{
 	  fprintf(pidfile, "%d\n", (int) getpid());
 	  fclose(pidfile);
@@ -270,23 +207,25 @@ int main (int argc, char **argv)

      for (i=0; i<64; i++)
 	{
-	  for (listener = listeners; listener; listener = listener->next)
-	    {
-	      if (listener->fd == i)
-		break;
-	      if (listener->tcpfd == i)
-		break;
-	    }
+	  for (listener = daemon->listeners; listener; listener = listener->next)
+	    if (listener->fd == i || listener->tcpfd == i)
+	      break;
 	  if (listener)
 	    continue;

-	  if (i == leasefd || 
-	      i == uptime_fd ||
-	      i == dhcpfd || 
-	      i == dhcp_raw_fd)
+#ifdef HAVE_BROKEN_RTC	  
+	  if (i == daemon->uptime_fd)
 	    continue;
+#endif

-	  for (serverfdp = sfds; serverfdp; serverfdp = serverfdp->next)
+	  if (daemon->dhcp && 
+	      (i == daemon->lease_fd || 
+	       i == daemon->dhcpfd || 
+	       i == daemon->dhcp_raw_fd ||
+	       i == daemon->dhcp_icmp_fd))
+	    continue;
+	  
+	  for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
 	    if (serverfdp->fd == i)
 	      break;
 	  if (serverfdp)
@@ -296,7 +235,7 @@ int main (int argc, char **argv)
 	}

      /* Change uid and gid for security */
-      if (username && (ent_pw = getpwnam(username)))
+      if (daemon->username && (ent_pw = getpwnam(daemon->username)))
 	{
 	  gid_t dummy;
 	  struct group *gp;
@@ -304,7 +243,7 @@ int main (int argc, char **argv)
 	  setgroups(0, &dummy);
 	  /* change group for /etc/ppp/resolv.conf 
 	     otherwise get the group for "nobody" */
-	  if ((groupname && (gp = getgrnam(groupname))) || 
+	  if ((daemon->groupname && (gp = getgrnam(daemon->groupname))) || 
 	      (gp = getgrgid(ent_pw->pw_gid)))
 	    setgid(gp->gr_gid); 
 	  /* finally drop root */
@@ -313,88 +252,91 @@ int main (int argc, char **argv)
    }

  openlog("dnsmasq", 
-	  DNSMASQ_LOG_OPT(options & OPT_DEBUG), 
-	  DNSMASQ_LOG_FAC(options & OPT_DEBUG));
+	  DNSMASQ_LOG_OPT(daemon->options & OPT_DEBUG), 
+	  DNSMASQ_LOG_FAC(daemon->options & OPT_DEBUG));
  
-  if (cachesize != 0)
-    syslog(LOG_INFO, "started, version %s cachesize %d", VERSION, cachesize);
+  if (daemon->cachesize != 0)
+    syslog(LOG_INFO, "started, version %s cachesize %d", VERSION, daemon->cachesize);
  else
    syslog(LOG_INFO, "started, version %s cache disabled", VERSION);
  
  if (bind_fallback)
    syslog(LOG_WARNING, "setting --bind-interfaces option because of OS limitations");
  
-  for (dhcp_tmp = dhcp; dhcp_tmp; dhcp_tmp = dhcp_tmp->next)
+  if (daemon->dhcp)
    {
-      strcpy(dnamebuff, inet_ntoa(dhcp_tmp->start));
-      if (dhcp_tmp->lease_time == 0)
-	sprintf(packet, "infinite");
-      else
+      struct dhcp_context *dhcp_tmp;
+      for (dhcp_tmp = daemon->dhcp; dhcp_tmp; dhcp_tmp = dhcp_tmp->next)
 	{
-	  unsigned int x, p = 0, t = (unsigned int)dhcp_tmp->lease_time;
-	  if ((x = t/3600))
-	    p += sprintf(&packet[p], "%dh", x);
-	  if ((x = (t/60)%60))
-	    p += sprintf(&packet[p], "%dm", x);
-	  if ((x = t%60))
-	    p += sprintf(&packet[p], "%ds", x);
+	  char *time = daemon->dhcp_buff2;
+	  strcpy(daemon->dhcp_buff, inet_ntoa(dhcp_tmp->start));
+	  if (dhcp_tmp->lease_time == 0)
+	    sprintf(time, "infinite");
+	  else
+	    {
+	      unsigned int x, p = 0, t = (unsigned int)dhcp_tmp->lease_time;
+	      if ((x = t/3600))
+		p += sprintf(&time[p], "%dh", x);
+	      if ((x = (t/60)%60))
+		p += sprintf(&time[p], "%dm", x);
+	      if ((x = t%60))
+		p += sprintf(&time[p], "%ds", x);
+	    }
+	  syslog(LOG_INFO, 
+		 dhcp_tmp->static_only ? 
+		 "DHCP, static leases only on %.0s%s, lease time %s" :
+		 "DHCP, IP range %s -- %s, lease time %s",
+		 daemon->dhcp_buff, inet_ntoa(dhcp_tmp->end), time);
 	}
-      syslog(LOG_INFO, 
-	     dhcp_tmp->start.s_addr == dhcp_tmp->end.s_addr ? 
-	     "DHCP, static leases only on %.0s%s, lease time %s" :
-	     "DHCP, IP range %s -- %s, lease time %s",
-	     dnamebuff, inet_ntoa(dhcp_tmp->end), packet);
    }

 #ifdef HAVE_BROKEN_RTC
-  if (dhcp)
-    syslog(LOG_INFO, "DHCP, %s will be written every %ds", lease_file, min_leasetime/3);
+  if (daemon->dhcp)
+    syslog(LOG_INFO, "DHCP, %s will be written every %ds", daemon->lease_file, daemon->min_leasetime/3);
 #endif
  
-  if (!(options & OPT_DEBUG) && (getuid() == 0 || geteuid() == 0))
+  if (!(daemon->options & OPT_DEBUG) && (getuid() == 0 || geteuid() == 0))
    syslog(LOG_WARNING, "running as root");
  
-  servers = check_servers(serv_addrs, interfaces, &sfds);
-  last_server = NULL;
-
+  check_servers(daemon, interfaces);
+  
  while (sigterm == 0)
    {
      fd_set rset;
      
      if (sighup)
 	{
-	  cache_reload(options, dnamebuff, domain_suffix, addn_hosts);
-	  if (dhcp)
+	  cache_reload(daemon->options, daemon->namebuff, daemon->domain_suffix, daemon->addn_hosts);
+	  if (daemon->dhcp)
 	    {
-	      if (options & OPT_ETHERS)
-		dhcp_configs = dhcp_read_ethers(dhcp_configs, dnamebuff);
-	      dhcp_update_configs(dhcp_configs);
-	      lease_update_from_configs(dhcp_configs, domain_suffix); 
+	      if (daemon->options & OPT_ETHERS)
+		dhcp_read_ethers(daemon);
+	      dhcp_update_configs(daemon->dhcp_conf);
+	      lease_update_from_configs(daemon->dhcp_conf, daemon->domain_suffix); 
 	      lease_update_file(0, now); 
-	      lease_update_dns();
+	      lease_update_dns(daemon);
 	    }
-	  if (resolv && (options & OPT_NO_POLL))
+	  if (daemon->resolv_files && (daemon->options & OPT_NO_POLL))
 	    {
-	      servers = check_servers(reload_servers(resolv->name, dnamebuff, servers, query_port), 
-				      interfaces, &sfds);
-	      last_server = NULL;
+	      reload_servers(daemon->resolv_files->name, daemon);
+	      check_servers(daemon, interfaces);
 	    }
 	  sighup = 0;
 	}
      
      if (sigusr1)
 	{
-	  dump_cache(options & (OPT_DEBUG | OPT_LOG), cachesize);
+	  dump_cache(daemon);
 	  sigusr1 = 0;
 	}
      
      if (sigalarm)
 	{
-	  if (dhcp)
+	  if (daemon->dhcp)
 	    {
 	      lease_update_file(1, now);
 #ifdef HAVE_BROKEN_RTC
-	      alarm(min_leasetime/3);
+	      alarm(daemon->min_leasetime/3);
 #endif
 	    } 
 	  sigalarm  = 0;
@@ -404,30 +346,13 @@ int main (int argc, char **argv)
      
      if (!first_loop)
 	{
-	  int maxfd = 0;
-	  
-	  for (serverfdp = sfds; serverfdp; serverfdp = serverfdp->next)
+	  int maxfd = set_dns_listeners(daemon, &rset, 0);
+	  	  
+	  if (daemon->dhcp)
 	    {
-	      FD_SET(serverfdp->fd, &rset);
-	      if (serverfdp->fd > maxfd)
-		maxfd = serverfdp->fd;
-	    }
-	  
-	  for (listener = listeners; listener; listener = listener->next)
-	    {
-	      FD_SET(listener->fd, &rset);
-	      if (listener->fd > maxfd)
-		maxfd = listener->fd;
-	      FD_SET(listener->tcpfd, &rset);
-	      if (listener->tcpfd > maxfd)
-		maxfd = listener->tcpfd;
-	    }
-	  
-	  if (dhcp)
-	    {
-	      FD_SET(dhcpfd, &rset);
-	      if (dhcpfd > maxfd)
-		maxfd = dhcpfd;
+	      FD_SET(daemon->dhcpfd, &rset);
+	      if (daemon->dhcpfd > maxfd)
+		maxfd = daemon->dhcpfd;
 	    }

 #ifdef HAVE_PSELECT
@@ -442,11 +367,10 @@ int main (int argc, char **argv)
 	    sigprocmask(SIG_SETMASK, &save_mask, NULL);
 	  }
 #endif
-	  
 	}

      first_loop = 0;
-      now = dnsmasq_time(uptime_fd);
+      now = dnsmasq_time(daemon->uptime_fd);

      /* Check for changes to resolv files once per second max. */
      if (last == 0 || difftime(now, last) > 1.0)
@@ -454,13 +378,13 @@ int main (int argc, char **argv)
 	  last = now;

 #ifdef HAVE_ISC_READER
-	  if (lease_file && !dhcp)
-	    load_dhcp(lease_file, domain_suffix, now, dnamebuff);
+	  if (daemon->lease_file && !daemon->dhcp)
+	    load_dhcp(daemon, now);
 #endif

-	  if (!(options & OPT_NO_POLL))
+	  if (!(daemon->options & OPT_NO_POLL))
 	    {
-	      struct resolvc *res = resolv, *latest = NULL;
+	      struct resolvc *res = daemon->resolv_files, *latest = NULL;
 	      struct stat statbuf;
 	      time_t last_change = 0;
 	      /* There may be more than one possible file. 
@@ -489,141 +413,270 @@ int main (int argc, char **argv)
 	      if (latest && difftime(last_change, resolv_changed) > 0.0)
 		{
 		  resolv_changed = last_change;
-		  servers = check_servers(reload_servers(latest->name, dnamebuff, servers, query_port),
-					  interfaces, &sfds);
-		  last_server = NULL;
+		  reload_servers(latest->name, daemon);
+		  check_servers(daemon, interfaces);
 		}
 	    }
 	}
 		
-      for (serverfdp = sfds; serverfdp; serverfdp = serverfdp->next)
-	if (FD_ISSET(serverfdp->fd, &rset))
-	  last_server = reply_query(serverfdp, options, packet, now, 
-				    dnamebuff, servers, last_server, 
-				    bogus_addr, doctors, edns_pktsz);
-
-      if (dhcp && FD_ISSET(dhcpfd, &rset))
-	dhcp_packet(dhcp, packet, dhcp_options, dhcp_configs, dhcp_vendors,
-		    now, dnamebuff, domain_suffix, dhcp_file,
-		    dhcp_sname, dhcp_next_server, dhcpfd, dhcp_raw_fd,
-		    if_names, if_addrs, if_except);
+      check_dns_listeners(daemon, &rset, now);
      
-      for (listener = listeners; listener; listener = listener->next)
-	{
-	  if (FD_ISSET(listener->fd, &rset))
-	    last_server = receive_query(listener, packet,
-					mxnames, mxtarget, options, now, local_ttl, dnamebuff,
-					if_names, if_addrs, if_except, last_server, servers, edns_pktsz);
-
-	  if (FD_ISSET(listener->tcpfd, &rset))
-	    {
-	      int confd;
-
-	      while((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
-	      
-	      if (confd != -1)
-		{
-		  int match = 1;
-		  if (!(options & OPT_NOWILD)) 
-		    {
-		      /* Check for allowed interfaces when binding the wildcard address */
-		      /* Don't know how to get interface of a connection, so we have to
-			 check by address. This will break when interfaces change address */
-		      union mysockaddr tcp_addr;
-		      socklen_t tcp_len = sizeof(union mysockaddr);
-		      struct iname *tmp;
-		      
-		      if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) != -1)
-			{
-#ifdef HAVE_IPV6
-			  if (tcp_addr.sa.sa_family == AF_INET6)
-			    tcp_addr.in6.sin6_flowinfo =  htonl(0);
-#endif
-			  for (match = 1, tmp = if_except; tmp; tmp = tmp->next)
-			    if (sockaddr_isequal(&tmp->addr, &tcp_addr))
-			      match = 0;
-			  
-			  if (match && (if_names || if_addrs))
-			    {
-			      match = 0;
-			      for (tmp = if_names; tmp; tmp = tmp->next)
-				if (sockaddr_isequal(&tmp->addr, &tcp_addr))
-				  match = 1;
-			      for (tmp = if_addrs; tmp; tmp = tmp->next)
-				if (sockaddr_isequal(&tmp->addr, &tcp_addr))
-				  match = 1;  
-			    }
-			}
-		    }			  
-
-		  if (!match || (num_kids >= MAX_PROCS))
-		    close(confd);
-		  else if (!(options & OPT_DEBUG) && fork())
-		    {
-		      num_kids++;
-		      close(confd);
-		    }
-		  else
-		    {
-		      char *buff;
-		      struct server *s; 
-		      int flags;
-		      
-		      /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
-			 terminate the process. */
-		      if (!(options & OPT_DEBUG))
-			{
-			  sigemptyset(&sigact.sa_mask);
-			  sigaddset(&sigact.sa_mask, SIGALRM);
-			  sigprocmask(SIG_UNBLOCK, &sigact.sa_mask, NULL);
-			  alarm(CHILD_LIFETIME);
-			  in_child = 1;
-			}
-		      
-		      /* start with no upstream connections. */
-		      for (s = servers; s; s = s->next)
-			s->tcpfd = -1; 
-
-		      /* The connected socket inherits non-blocking
-			 attribute from the listening socket. 
-			 Reset that here. */
-		      if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
-			fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
-		      
-		      buff = tcp_request(confd, mxnames, mxtarget, options, now, 
-					 local_ttl, dnamebuff, last_server, servers,
-					 bogus_addr, doctors, edns_pktsz);
-		      
-		      
-		      if (!(options & OPT_DEBUG))
-			exit(0);
-		      
-		      close(confd);
-		      if (buff)
-			free(buff);
-		      for (s = servers; s; s = s->next)
-			if (s->tcpfd != -1)
-			  close(s->tcpfd);
-		    }
-		}
-	    }
-	}
+      if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset))
+	dhcp_packet(daemon, now);
    }
  
  syslog(LOG_INFO, "exiting on receipt of SIGTERM");

+  if (daemon->dhcp)
+    { 
 #ifdef HAVE_BROKEN_RTC
-  if (dhcp)
-    lease_update_file(1, now);
+      lease_update_file(1, now);
 #endif
-
-  if (leasefd != -1)
-    close(leasefd);
+      close(daemon->lease_fd);
+    }
+  
  return 0;
 }

+static void sig_handler(int sig)
+{
+  if (sig == SIGTERM)
+    sigterm = 1;
+  else if (sig == SIGHUP)
+    sighup = 1;
+  else if (sig == SIGUSR1)
+    sigusr1 = 1;
+  else if (sig == SIGALRM)
+    {
+      /* alarm is used to kill children after a fixed time. */
+      if (in_child)
+	exit(0);
+      else
+	sigalarm = 1;
+    }
+  else if (sig == SIGCHLD)
+    {
+      /* See Stevens 5.10 */
+      
+      while (waitpid(-1, NULL, WNOHANG) > 0)
+	num_kids--;
+    }
+}

+static int set_dns_listeners(struct daemon *daemon, fd_set *set, int maxfd)
+{
+  struct serverfd *serverfdp;
+  struct listener *listener;

+  for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
+    {
+      FD_SET(serverfdp->fd, set);
+      if (serverfdp->fd > maxfd)
+	maxfd = serverfdp->fd;
+    }
+	  
+  for (listener = daemon->listeners; listener; listener = listener->next)
+    {
+      FD_SET(listener->fd, set);
+      if (listener->fd > maxfd)
+	maxfd = listener->fd;
+      FD_SET(listener->tcpfd, set);
+      if (listener->tcpfd > maxfd)
+	maxfd = listener->tcpfd;
+    }

+  return maxfd;
+}

+static void check_dns_listeners(struct daemon *daemon, fd_set *set, time_t now)
+{
+  struct serverfd *serverfdp;
+  struct listener *listener;	  

+   for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
+     if (FD_ISSET(serverfdp->fd, set))
+       reply_query(serverfdp, daemon, now);
+
+   for (listener = daemon->listeners; listener; listener = listener->next)
+     {
+       if (FD_ISSET(listener->fd, set))
+	 receive_query(listener, daemon, now);
+       
+       if (FD_ISSET(listener->tcpfd, set))
+	 {
+	   int confd;
+	   
+	   while((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
+	      
+	   if (confd != -1)
+	     {
+	       int match = 1;
+	       if (!(daemon->options & OPT_NOWILD)) 
+		 {
+		   /* Check for allowed interfaces when binding the wildcard address */
+		   /* Don't know how to get interface of a connection, so we have to
+		      check by address. This will break when interfaces change address */
+		   union mysockaddr tcp_addr;
+		   socklen_t tcp_len = sizeof(union mysockaddr);
+		   struct iname *tmp;
+		   
+		   if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) != -1)
+		     {
+#ifdef HAVE_IPV6
+		       if (tcp_addr.sa.sa_family == AF_INET6)
+			 tcp_addr.in6.sin6_flowinfo =  htonl(0);
+#endif
+		       for (match = 1, tmp = daemon->if_except; tmp; tmp = tmp->next)
+			 if (sockaddr_isequal(&tmp->addr, &tcp_addr))
+			   match = 0;
+		       
+		       if (match && (daemon->if_names || daemon->if_addrs))
+			 {
+			   match = 0;
+			   for (tmp = daemon->if_names; tmp; tmp = tmp->next)
+			     if (sockaddr_isequal(&tmp->addr, &tcp_addr))
+			       match = 1;
+			   for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
+			     if (sockaddr_isequal(&tmp->addr, &tcp_addr))
+			       match = 1;  
+			 }
+		     }
+		 }			  
+	       
+	       if (!match || (num_kids >= MAX_PROCS))
+		 close(confd);
+	       else if (!(daemon->options & OPT_DEBUG) && fork())
+		 {
+		   num_kids++;
+		   close(confd);
+		 }
+	       else
+		 {
+		   char *buff;
+		   struct server *s; 
+		   int flags;
+		   
+		   /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
+		      terminate the process. */
+		   if (!(daemon->options & OPT_DEBUG))
+		     {
+		       sigset_t mask;
+		       sigemptyset(&mask);
+		       sigaddset(&mask, SIGALRM);
+		       sigprocmask(SIG_UNBLOCK, &mask, NULL);
+		       alarm(CHILD_LIFETIME);
+		       in_child = 1;
+		     }
+		   
+		   /* start with no upstream connections. */
+		   for (s = daemon->servers; s; s = s->next)
+		     s->tcpfd = -1; 
+		   
+		   /* The connected socket inherits non-blocking
+		      attribute from the listening socket. 
+		      Reset that here. */
+		   if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
+		     fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
+		   
+		   buff = tcp_request(daemon, confd, now);
+		   
+		   if (!(daemon->options & OPT_DEBUG))
+		     exit(0);
+		      
+		   close(confd);
+		   if (buff)
+		     free(buff);
+		   for (s = daemon->servers; s; s = s->next)
+		     if (s->tcpfd != -1)
+		       close(s->tcpfd);
+		 }
+	     }
+	 }
+     }
+}
+
+int icmp_ping(struct daemon *daemon, struct in_addr addr)
+{
+  /* Try and get an ICMP echo from a machine.
+     Note that we can't create the raw socket each time
+     we do this, since that needs root. Therefore the socket has to hang
+     around all the time. Since most of the time we won't read the 
+     socket, it will accumulate buffers full of ICMP messages,
+     wasting memory. To avoid that we set the receive buffer
+     length to zero except when we're actively pinging. */
+
+  /* Note that whilst in the three second wait, we check for 
+     (and service) events on the DNS sockets, (so doing that
+     better not use any resources our caller has in use...)
+     but we remain deaf to signals or further DHCP packets. */
+
+  struct sockaddr_in saddr;
+  struct { 
+    struct ip ip;
+    struct icmp icmp;
+  } packet;
+  unsigned short id = rand16();
+  unsigned int i, j;
+  int opt = 2000, gotreply = 0;
+  time_t start, now;
+  
+  saddr.sin_family = AF_INET;
+  saddr.sin_port = 0;
+  saddr.sin_addr = addr;
+#ifdef HAVE_SOCKADDR_SA_LEN
+  saddr.sin_len = sizeof(struct sockaddr_in);
+#endif
+  
+  memset(&packet.icmp, 0, sizeof(packet.icmp));
+  packet.icmp.icmp_type = ICMP_ECHO;
+  packet.icmp.icmp_id = id;
+  for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
+    j += ((u16 *)&packet.icmp)[i];
+  while (j>>16)
+    j = (j & 0xffff) + (j >> 16);  
+  packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
+  
+  setsockopt(daemon->dhcp_icmp_fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
+
+  while (sendto(daemon->dhcp_icmp_fd, (char *)&packet.icmp, sizeof(struct icmp), 0, 
+		(struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
+	 retry_send());
+  
+  for (now = start = dnsmasq_time(daemon->uptime_fd); difftime(now, start) < 3.0;)
+    {
+      struct timeval tv;
+      fd_set rset;
+      struct sockaddr_in faddr;
+      int maxfd, len = sizeof(faddr);
+      
+      tv.tv_usec = 250000;
+      tv.tv_sec = 0; 
+      
+      FD_ZERO(&rset);
+      FD_SET(daemon->dhcp_icmp_fd, &rset);
+      maxfd = set_dns_listeners(daemon, &rset, daemon->dhcp_icmp_fd);
+		
+      if (select(maxfd+1, &rset, NULL, NULL, &tv) < 0)
+	FD_ZERO(&rset);
+      
+      now = dnsmasq_time(daemon->uptime_fd);
+      check_dns_listeners(daemon, &rset, now);
+      
+      if (FD_ISSET(daemon->dhcp_icmp_fd, &rset) &&
+	  recvfrom(daemon->dhcp_icmp_fd, &packet, sizeof(packet), 0,
+		   (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
+	  saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
+	  packet.icmp.icmp_type == ICMP_ECHOREPLY &&
+	  packet.icmp.icmp_seq == 0 &&
+	  packet.icmp.icmp_id == id)
+	{
+	  gotreply = 1;
+	  break;
+	}
+    }
+  
+  opt = 1;
+  setsockopt(daemon->dhcp_icmp_fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
+  
+  return gotreply;
+}
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -27,14 +27,13 @@

 /* get this before config.h too. */
 #include <syslog.h>
+#include <arpa/nameser.h>

 #include "config.h"
 
-#include <arpa/nameser.h>
 #include <arpa/inet.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
-#include <sys/stat.h>
 #include <sys/ioctl.h>
 #include <sys/select.h>
 #include <sys/wait.h>
@@ -66,6 +65,7 @@
 #include <net/if_arp.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
+#include <netinet/ip_icmp.h>
 #ifdef HAVE_BPF
 #  include <net/bpf.h>
 #  include <net/if_dl.h>
@@ -94,6 +94,8 @@
 #define OPT_NOWILD         8192
 #define OPT_ETHERS         16384
 #define OPT_RESOLV_DOMAIN  32768
+#define OPT_NO_FORK        65536
+#define OPT_AUTHORITATIVE  131072

 struct all_addr {
  union {
@@ -128,7 +130,14 @@ union bigname {
 struct crec { 
  struct crec *next, *prev, *hash_next;
  time_t ttd; /* time to die */
-  struct all_addr addr;
+  int uid; 
+  union {
+    struct all_addr addr;
+    struct {
+      struct crec *cache;
+      int uid;
+    } cname;
+  } addr;
  unsigned short flags;
  union {
    char sname[SMALLDNAME];
@@ -138,7 +147,7 @@ struct crec {
 };

 #define F_IMMORTAL  1
-#define F_CONFIG   2
+#define F_CONFIG    2
 #define F_REVERSE   4
 #define F_FORWARD   8
 #define F_DHCP      16 
@@ -151,7 +160,7 @@ struct crec {
 #define F_SERVER    2048
 #define F_NXDOMAIN  4096
 #define F_QUERY     8192
-#define F_ADDN      16384
+#define F_CNAME     16384
 #define F_NOERR     32768

 /* struct sockaddr is not large enough to hold any address,
@@ -226,12 +235,21 @@ struct resolvc {
  char *name;
 };

+/* adn-hosts parms from command-line */
+struct hostsfile {
+  struct hostsfile *next;
+  char *fname;
+  int index; /* matches to cache entries fro logging */
+};
+
 struct frec {
  union mysockaddr source;
  struct all_addr dest;
  struct server *sentto;
+  unsigned int iface;
  unsigned short orig_id, new_id;
  int fd;
+  unsigned int crc;
  time_t time;
  struct frec *next;
 };
@@ -288,10 +306,11 @@ struct dhcp_vendor {

 struct dhcp_context {
  unsigned int lease_time, addr_epoch;
-  struct in_addr netmask, broadcast;
+  struct in_addr netmask, broadcast, router;
  struct in_addr start, end; /* range of available addresses */
+  int static_only;
  struct dhcp_netid netid;
-  struct dhcp_context *next;
+  struct dhcp_context *next, *current;
 };

 typedef unsigned char u8;
@@ -313,15 +332,61 @@ struct udp_dhcp_packet {
 	  u16 secs, flags;
 	  struct in_addr ciaddr, yiaddr, siaddr, giaddr;
 	  u8 chaddr[16], sname[64], file[128];
-	  u32 cookie;
-	  u8 options[308];
+	  u8 options[312];
 	} data;
 };


+struct daemon {
+  /* datastuctures representing the command-line and 
+     config file arguments. All set (including defaults)
+     in option.c */
+
+  unsigned int options;
+  struct resolvc default_resolv, *resolv_files;
+  struct mx_record *mxnames;
+  char *mxtarget;
+  char *lease_file; 
+  char *username, *groupname;
+  char *domain_suffix;
+  char *runfile; 
+  struct iname *if_names, *if_addrs, *if_except;
+  struct bogus_addr *bogus_addr;
+  struct server *servers;
+  int cachesize;
+  int port, query_port;
+  unsigned long local_ttl;
+  struct hostsfile *addn_hosts;
+  struct dhcp_context *dhcp;
+  struct dhcp_config *dhcp_conf;
+  struct dhcp_opt *dhcp_opts;
+  struct dhcp_vendor *dhcp_vendors;
+  char *dhcp_file;
+  char *dhcp_sname;
+  struct in_addr dhcp_next_server;
+  int dhcp_max; 
+  unsigned int min_leasetime;
+  struct doctor *doctors;
+  unsigned short edns_pktsz;
+
+  /* globally used stuff for DNS */
+  char *packet; /* packet buffer */
+  char *namebuff; /* MAXDNAME size buffer */
+  struct serverfd *sfds;
+  struct listener *listeners;
+  struct server *last_server;
+  int uptime_fd;
+  
+  /* DHCP state */
+  int dhcpfd, dhcp_raw_fd, dhcp_icmp_fd, lease_fd;
+  struct udp_dhcp_packet *dhcp_packet;
+  char *dhcp_buff, *dhcp_buff2;
+};
+
 /* cache.c */
 void cache_init(int cachesize, int log);
-void log_query(unsigned short flags, char *name, struct all_addr *addr);
+void log_query(unsigned short flags, char *name, struct all_addr *addr, 
+	       unsigned short type, struct hostsfile *addn_hosts, int index);
 struct crec *cache_find_by_addr(struct crec *crecp,
 				struct all_addr *addr, time_t now, 
 				unsigned short prot);
@@ -329,29 +394,31 @@ struct crec *cache_find_by_name(struct crec *crecp,
 				char *name, time_t now, unsigned short  prot);
 void cache_end_insert(void);
 void cache_start_insert(void);
-void cache_insert(char *name, struct all_addr *addr,
-		  time_t now, unsigned long ttl, unsigned short flags);
-void cache_reload(int opts, char *buff, char *domain_suffix, char *addn_hosts);
-void cache_add_dhcp_entry(char *host_name, struct in_addr *host_address, 
-			  time_t ttd, unsigned short flags);
+struct crec *cache_insert(char *name, struct all_addr *addr,
+			  time_t now, unsigned long ttl, unsigned short flags);
+void cache_reload(int opts, char *buff, char *domain_suffix, struct hostsfile  *addn_hosts);
+void cache_add_dhcp_entry(struct daemon *daemon, char *host_name, struct in_addr *host_address, time_t ttd);
 void cache_unhash_dhcp(void);
-void dump_cache(int debug, int size);
+void dump_cache(struct daemon *daemon);
 char *cache_get_name(struct crec *crecp);

 /* rfc1035.c */
-unsigned short extract_request(HEADER *header, unsigned int qlen, char *name);
+unsigned short extract_request(HEADER *header, unsigned int qlen, 
+			       char *name, unsigned short *typep);
 int setup_reply(HEADER *header, unsigned int qlen,
 		struct all_addr *addrp, unsigned short flags,
 		unsigned long local_ttl);
 void extract_addresses(HEADER *header, unsigned int qlen, char *namebuff, 
-		       time_t now, struct doctor *doctors);
-void extract_neg_addrs(HEADER *header, unsigned int qlen, char *namebuff, time_t now);
-int answer_request(HEADER *header, char *limit, unsigned int qlen, struct mx_record *mxnames,
-		   char *mxtarget, unsigned int options, time_t now, unsigned long local_ttl,
-		   char *namebuff, unsigned short edns_pcktsz);
+		       time_t now, struct daemon *daemon);
+int answer_request(HEADER *header, char *limit, unsigned int qlen, struct daemon *daemon, time_t now);
 int check_for_bogus_wildcard(HEADER *header, unsigned int qlen, char *name, 
 			     struct bogus_addr *addr, time_t now);
-unsigned char *find_pseudoheader(HEADER *header, unsigned int plen);
+unsigned char *find_pseudoheader(HEADER *header, unsigned int plen,
+				 unsigned int *len, unsigned char **p);
+int check_for_local_domain(char *name, time_t now, struct mx_record *mx);
+unsigned int questions_crc(HEADER *header, unsigned int plen);
+int resize_packet(HEADER *header, unsigned int plen, 
+		  unsigned char *pheader, unsigned int hlen);

 /* util.c */
 unsigned short rand16(void);
@@ -367,75 +434,44 @@ int sockaddr_isequal(union mysockaddr *s1, union mysockaddr *s2);
 int hostname_isequal(unsigned char *a, unsigned char *b);
 time_t dnsmasq_time(int fd);
 int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask);
+int retry_send(void);

 /* option.c */
-unsigned int read_opts(int argc, char **argv, char *buff, struct resolvc **resolv_file, 
-		       struct mx_record **mxnames, char **mxtarget, char **lease_file, 
-		       char **username, char **groupname, 
-		       char **domain_suffix, char **runfile, 
-		       struct iname **if_names, struct iname **if_addrs, struct iname **if_except, 
-		       struct bogus_addr **bogus_addr, struct server **serv_addrs, int *cachesize, 
-		       int *port, int *query_port, unsigned long *local_ttl, char **addn_hosts,
-		       struct dhcp_context **dhcp, struct dhcp_config **dhcp_conf, 
-		       struct dhcp_opt **opts, struct dhcp_vendor **dhcp_vendors,
-		       char **dhcp_file, char **dhcp_sname, struct in_addr *dhcp_next_server,
-		       int *maxleases, unsigned int *min_leasetime, struct doctor **doctors,
-		       unsigned short *edns_pktsz);
+struct daemon *read_opts (int argc, char **argv);

 /* forward.c */
 void forward_init(int first);
-struct server *reply_query(struct serverfd *sfd, int options, char *packet, time_t now,
-			   char *dnamebuff, struct server *servers, struct server *last_server, 
-			   struct bogus_addr *bogus_nxdomain, 
-			   struct doctor *doctors, unsigned short edns_pcktsz);
+void reply_query(struct serverfd *sfd, struct daemon *daemon, time_t now);
+void receive_query(struct listener *listen, struct daemon *daemon, time_t now);
+char *tcp_request(struct daemon *daemon, int confd, time_t now);

-struct server *receive_query(struct listener *listen, char *packet, struct mx_record *mxnames, 
-			     char *mxtarget, unsigned int options, time_t now, 
-			     unsigned long local_ttl, char *namebuff,
-			     struct iname *names, struct iname *addrs, struct iname *except,
-			     struct server *last_server, struct server *servers, unsigned short edns_pcktsz);
-
-char *tcp_request(int confd, struct mx_record *mxnames, 
-		  char *mxtarget, unsigned int options, time_t now, 
-		  unsigned long local_ttl, char *namebuff,
-		  struct server *last_server, struct server *servers,
-		  struct bogus_addr *bogus_nxdomain, struct doctor *doctors,
-		  unsigned short edns_pcktsz);
 /* network.c */
 struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds);
-struct server *reload_servers(char *fname, char *buff, struct server *servers, int query_port);
-struct server *check_servers(struct server *new, struct irec *interfaces, struct serverfd **sfds);
-struct irec *enumerate_interfaces(struct iname **names,
-				  struct iname **addrs,
-				  struct iname *except,
-				  int port);
+void reload_servers(char *fname, struct daemon *daemon);
+void check_servers(struct daemon *daemon, struct irec *interfaces);
+struct irec *enumerate_interfaces(struct daemon *daemon);
 struct listener *create_wildcard_listeners(int port);
 struct listener *create_bound_listeners(struct irec *interfaces, int port);
+
 /* dhcp.c */
-void dhcp_init(int *fdp, int* rfdp);
-void dhcp_packet(struct dhcp_context *contexts, char *packet, 
-		 struct dhcp_opt *dhcp_opts, struct dhcp_config *dhcp_configs, 
-		 struct dhcp_vendor *vendors,
-		 time_t now, char *namebuff, char *domain_suffix,
-		 char *dhcp_file, char *dhcp_sname, 
-		 struct in_addr dhcp_next_server, int dhcp_fd, int raw_fd,
-		 struct iname *names, struct iname *addrs, struct iname *except);
+void dhcp_init(struct daemon *daemon);
+void dhcp_packet(struct daemon *daemon, time_t now);
+
 int address_available(struct dhcp_context *context, struct in_addr addr);
-int address_allocate(struct dhcp_context *context, struct dhcp_config *configs,
+int address_allocate(struct dhcp_context *context, struct daemon *daemon,
 		     struct in_addr *addrp, unsigned char *hwaddr);
 struct dhcp_config *find_config(struct dhcp_config *configs,
 				struct dhcp_context *context,
 				unsigned char *clid, int clid_len,
 				unsigned char *hwaddr, char *hostname);
-struct dhcp_config *read_ethers(struct dhcp_config *configs, char *buff);
 void dhcp_update_configs(struct dhcp_config *configs);
-struct dhcp_config *dhcp_read_ethers(struct dhcp_config *configs, char *buff);
+void dhcp_read_ethers(struct daemon *daemon);
+struct dhcp_config *config_find_by_address(struct dhcp_config *configs, struct in_addr addr);

 /* lease.c */
 void lease_update_file(int force, time_t now);
-void lease_update_dns(void);
-int lease_init(char *lease_file, char *domain, char *buff, 
-	       char *buff2, time_t now, int maxleases);
+void lease_update_dns(struct daemon *daemon);
+void lease_init(struct daemon *daemon, time_t now);
 struct dhcp_lease *lease_allocate(unsigned char *clid, int clid_len, struct in_addr addr);
 void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr);
 void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix);
@@ -446,19 +482,13 @@ void lease_prune(struct dhcp_lease *target, time_t now);
 void lease_update_from_configs(struct dhcp_config *dhcp_configs, char *domain);

 /* rfc2131.c */
-int dhcp_reply(struct dhcp_context *context, 
-	       struct in_addr iface_addr,
-	       char *iface_name,
-	       int iface_mtu,
-	       struct udp_dhcp_packet *rawpacket,
-	       unsigned int sz, time_t now, char *namebuff, 
-	       struct dhcp_opt *dhcp_opts, struct dhcp_config *dhcp_configs, 
-	       struct dhcp_vendor *vendors,
-	       char *domain_suffix, char *dhcp_file, char *dhcp_sname, 
-	       struct in_addr dhcp_next_server, struct in_addr router);
+int dhcp_reply(struct daemon *daemon, struct in_addr iface_addr, char *iface_name, unsigned int sz, time_t now);
+
+/* dnsmasq.c */
+int icmp_ping(struct daemon *daemon, struct in_addr addr);

 /* isc.c */
 #ifdef HAVE_ISC_READER
-void load_dhcp(char *file, char *suffix, time_t now, char *hostname);
+void load_dhcp(struct daemon *daemon, time_t now);
 #endif

--- a/src/forward.c
+++ b/src/forward.c
@@ -19,7 +19,8 @@ static struct frec *frec_list;
 static struct frec *get_new_frec(time_t now);
 static struct frec *lookup_frec(unsigned short id);
 static struct frec *lookup_frec_by_sender(unsigned short id,
-					  union mysockaddr *addr);
+					  union mysockaddr *addr,
+					  unsigned int crc);
 static unsigned short get_id(void);

 /* May be called more than once. */
@@ -36,7 +37,8 @@ void forward_init(int first)
 /* Send a UDP packet with it's source address set as "source" 
   unless nowild is true, when we just send it with the kernel default */
 static void send_from(int fd, int nowild, char *packet, int len, 
-		      union mysockaddr *to, struct all_addr *source)
+		      union mysockaddr *to, struct all_addr *source,
+		      unsigned int iface)
 {
  struct msghdr msg;
  struct iovec iov[1]; 
@@ -94,7 +96,7 @@ static void send_from(int fd, int nowild, char *packet, int len,
      {
 	struct cmsghdr *cmptr = CMSG_FIRSTHDR(&msg);
 	struct in6_pktinfo *pkt = (struct in6_pktinfo *)CMSG_DATA(cmptr);
-	pkt->ipi6_ifindex = 0;
+	pkt->ipi6_ifindex = iface; /* Need iface for IPv6 to handle link-local addrs */
 	pkt->ipi6_addr = source->addr.addr6;
 	msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
 	cmptr->cmsg_type = IPV6_PKTINFO;
@@ -103,18 +105,24 @@ static void send_from(int fd, int nowild, char *packet, int len,
    }
 #endif
  
-  /* certain Linux kernels seem to object to setting the source address in the IPv6 stack
-     by returning EINVAL from sendmsg. In that case, try again without setting the
-     source address, since it will nearly alway be correct anyway.  IPv6 stinks. */
-  if (sendmsg(fd, &msg, 0) == -1 && errno == EINVAL)
+ retry:
+  if (sendmsg(fd, &msg, 0) == -1)
    {
-      msg.msg_controllen = 0;
-      sendmsg(fd, &msg, 0);
+      /* certain Linux kernels seem to object to setting the source address in the IPv6 stack
+	 by returning EINVAL from sendmsg. In that case, try again without setting the
+	 source address, since it will nearly alway be correct anyway.  IPv6 stinks. */
+      if (errno == EINVAL && msg.msg_controllen)
+	{
+	  msg.msg_controllen = 0;
+	  goto retry;
+	}
+      if (retry_send())
+	goto retry;
    }
 }
          
-unsigned short search_servers(struct server *servers, unsigned int options, struct all_addr **addrpp,
-			      unsigned short qtype, char *qdomain, int *type, char **domain)
+static unsigned short search_servers(struct daemon *daemon, time_t now, struct all_addr **addrpp, 
+				     unsigned short qtype, char *qdomain, int *type, char **domain)
 			      
 {
  /* If the query ends in the domain in one of our servers, set
@@ -126,25 +134,29 @@ unsigned short search_servers(struct server *servers, unsigned int options, stru
  struct server *serv;
  unsigned short flags = 0;
  
-  for (serv=servers; serv; serv=serv->next)
+  for (serv = daemon->servers; serv; serv=serv->next)
    /* domain matches take priority over NODOTS matches */
    if ((serv->flags & SERV_FOR_NODOTS) && *type != SERV_HAS_DOMAIN && !strchr(qdomain, '.'))
      {
 	unsigned short sflag = serv->addr.sa.sa_family == AF_INET ? F_IPV4 : F_IPV6; 
 	*type = SERV_FOR_NODOTS;
-	flags = 0;
 	if (serv->flags & SERV_NO_ADDR)
-	  flags = F_NOERR; 
-	else if ((serv->flags & SERV_LITERAL_ADDRESS) && (sflag & qtype))
-	  {
-	    flags = sflag;
-	    if (serv->addr.sa.sa_family == AF_INET) 
-	      *addrpp = (struct all_addr *)&serv->addr.in.sin_addr;
+	  flags = F_NXDOMAIN;
+	else if (serv->flags & SERV_LITERAL_ADDRESS) 
+	  { 
+	    if (sflag & qtype)
+	      {
+		flags = sflag;
+		if (serv->addr.sa.sa_family == AF_INET) 
+		  *addrpp = (struct all_addr *)&serv->addr.in.sin_addr;
 #ifdef HAVE_IPV6
-	    else
-	      *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
+		else
+		  *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
 #endif 
-	  }
+	      }
+	    else if (!flags)
+	      flags = F_NOERR;
+	  } 
      }
    else if (serv->flags & SERV_HAS_DOMAIN)
      {
@@ -157,74 +169,80 @@ unsigned short search_servers(struct server *servers, unsigned int options, stru
 	    *type = SERV_HAS_DOMAIN;
 	    *domain = serv->domain;
 	    matchlen = domainlen;
-	    flags = 0;
 	    if (serv->flags & SERV_NO_ADDR)
-	      flags = F_NOERR; 
-	    else if ((serv->flags & SERV_LITERAL_ADDRESS) && ((sflag | F_QUERY ) & qtype))
+	      flags = F_NXDOMAIN;
+	    else if (serv->flags & SERV_LITERAL_ADDRESS)
 	      {
-		flags = qtype;
-		if (serv->addr.sa.sa_family == AF_INET) 
-		  *addrpp = (struct all_addr *)&serv->addr.in.sin_addr;
+		if ((sflag | F_QUERY ) & qtype)
+		  {
+		    flags = qtype;
+		    if (serv->addr.sa.sa_family == AF_INET) 
+		      *addrpp = (struct all_addr *)&serv->addr.in.sin_addr;
 #ifdef HAVE_IPV6
-		else
-		  *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
+		    else
+		      *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
 #endif
+		  }
+		else if (!flags)
+		  flags = F_NOERR;
 	      }
 	  } 
      }

-  if (flags & ~F_NOERR) /* flags set here means a literal found */
+  if (flags & ~(F_NOERR | F_NXDOMAIN)) /* flags set here means a literal found */
    {
      if (flags & F_QUERY)
-	log_query(F_CONFIG | F_FORWARD | F_NEG, qdomain, NULL);
+	log_query(F_CONFIG | F_FORWARD | F_NEG, qdomain, NULL, 0, NULL, 0);
      else
-	log_query(F_CONFIG | F_FORWARD | flags, qdomain, *addrpp);
+	log_query(F_CONFIG | F_FORWARD | flags, qdomain, *addrpp, 0, NULL, 0);
    }
-  else if (qtype && (options & OPT_NODOTS_LOCAL) && !strchr(qdomain, '.'))
+  else if (qtype && (daemon->options & OPT_NODOTS_LOCAL) && !strchr(qdomain, '.'))
    flags = F_NXDOMAIN;
+    
+  if (flags == F_NXDOMAIN && check_for_local_domain(qdomain, now, daemon->mxnames))
+    flags = F_NOERR;

-  if (flags & (F_NOERR | F_NXDOMAIN))
-    log_query(F_CONFIG | F_FORWARD | F_NEG | qtype | (flags & F_NXDOMAIN), qdomain, NULL);
+  if (flags == F_NXDOMAIN || flags == F_NOERR)
+    log_query(F_CONFIG | F_FORWARD | F_NEG | qtype | (flags & F_NXDOMAIN), qdomain, NULL, 0, NULL, 0);

  return  flags;
 }

 /* returns new last_server */	
-static struct server *forward_query(int udpfd, union mysockaddr *udpaddr, 
-				    struct all_addr *dst_addr, HEADER *header, 
-				    int plen, unsigned int options, char *dnamebuff, 
-				    struct server *servers, struct server *last_server,
-				    time_t now, unsigned long local_ttl)
+static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *udpaddr,
+			  struct all_addr *dst_addr, unsigned int dst_iface,
+			  HEADER *header, int plen, time_t now)
 {
  struct frec *forward;
  char *domain = NULL;
  int forwardall = 0, type = 0;
  struct all_addr *addrp = NULL;
  unsigned short flags = 0;
-  unsigned short gotname = extract_request(header, (unsigned int)plen, dnamebuff);
+  unsigned short gotname = extract_request(header, (unsigned int)plen, daemon->namebuff, NULL);
  struct server *start = NULL;
+  unsigned int crc = questions_crc(header,(unsigned int)plen);
  
  /* may be  recursion not speced or no servers available. */
-  if (!header->rd || !servers)
+  if (!header->rd || !daemon->servers)
    forward = NULL;
-  else if ((forward = lookup_frec_by_sender(ntohs(header->id), udpaddr)))
+  else if ((forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, crc)))
    {
      /* retry on existing query, send to all available servers  */
      domain = forward->sentto->domain;
-      if (!(options & OPT_ORDER))
+      if (!(daemon->options & OPT_ORDER))
 	{
 	  forwardall = 1;
-	  last_server = NULL;
+	  daemon->last_server = NULL;
 	}
      type = forward->sentto->flags & SERV_TYPE;
      if (!(start = forward->sentto->next))
-	start = servers; /* at end of list, recycle */
+	start = daemon->servers; /* at end of list, recycle */
      header->id = htons(forward->new_id);
    }
  else 
    {
      if (gotname)
-	flags = search_servers(servers, options, &addrp, gotname, dnamebuff, &type, &domain);
+	flags = search_servers(daemon, now, &addrp, gotname, daemon->namebuff, &type, &domain);
      
      if (!flags && !(forward = get_new_frec(now)))
 	/* table full - server failure. */
@@ -236,19 +254,21 @@ static struct server *forward_query(int udpfd, union mysockaddr *udpaddr,
 	     always try servers in the order specified in resolv.conf,
 	     otherwise, use the one last known to work. */
 	  
-	  if (type != 0  || (options & OPT_ORDER))
-	    start = servers;
-	  else if (!(start = last_server))
+	  if (type != 0  || (daemon->options & OPT_ORDER))
+	    start = daemon->servers;
+	  else if (!(start = daemon->last_server))
 	    {
-	      start = servers;
+	      start = daemon->servers;
 	      forwardall = 1;
 	    }
 	  
 	  forward->source = *udpaddr;
 	  forward->dest = *dst_addr;
+	  forward->iface = dst_iface;
 	  forward->new_id = get_id();
 	  forward->fd = udpfd;
 	  forward->orig_id = ntohs(header->id);
+	  forward->crc = crc;
 	  header->id = htons(forward->new_id);
 	}
    }
@@ -269,22 +289,29 @@ static struct server *forward_query(int udpfd, union mysockaddr *udpaddr,
 	     must be NULL also. */
 	  
 	  if (type == (start->flags & SERV_TYPE) &&
-	      (type != SERV_HAS_DOMAIN || hostname_isequal(domain, start->domain)))
+	      (type != SERV_HAS_DOMAIN || hostname_isequal(domain, start->domain)) &&
+	      !(start->flags & SERV_LITERAL_ADDRESS))
 	    {
-	      if (!(start->flags & SERV_LITERAL_ADDRESS) &&
-		  sendto(start->sfd->fd, (char *)header, plen, 0,
+	      if (sendto(start->sfd->fd, (char *)header, plen, 0,
 			 &start->addr.sa,
-			 sa_len(&start->addr)) != -1)
+			 sa_len(&start->addr)) == -1)
+		{
+		  if (retry_send())
+		    continue;
+		}
+	      else
 		{
 		  if (!gotname)
-		    strcpy(dnamebuff, "query");
+		    strcpy(daemon->namebuff, "query");
 		  if (start->addr.sa.sa_family == AF_INET)
-		    log_query(F_SERVER | F_IPV4 | F_FORWARD, dnamebuff, 
-			      (struct all_addr *)&start->addr.in.sin_addr); 
+		    log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, 
+			      (struct all_addr *)&start->addr.in.sin_addr, 0,
+			      NULL, 0); 
 #ifdef HAVE_IPV6
 		  else
-		    log_query(F_SERVER | F_IPV6 | F_FORWARD, dnamebuff, 
-			      (struct all_addr *)&start->addr.in6.sin6_addr);
+		    log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, 
+			      (struct all_addr *)&start->addr.in6.sin6_addr, 0,
+			      NULL, 0);
 #endif 
 		  forwarded = 1;
 		  forward->sentto = start;
@@ -294,14 +321,14 @@ static struct server *forward_query(int udpfd, union mysockaddr *udpaddr,
 	    } 
 	  
 	  if (!(start = start->next))
- 	    start = servers;
+ 	    start = daemon->servers;
 	  
 	  if (start == firstsentto)
 	    break;
 	}
      
      if (forwarded)
-	  return last_server;
+	  return;
      
      /* could not send on, prepare to return */ 
      header->id = htons(forward->orig_id);
@@ -309,30 +336,30 @@ static struct server *forward_query(int udpfd, union mysockaddr *udpaddr,
    }	  
  
  /* could not send on, return empty answer or address if known for whole domain */
-  plen = setup_reply(header, (unsigned int)plen, addrp, flags, local_ttl);
-  send_from(udpfd, options & OPT_NOWILD, (char *)header, plen, udpaddr, dst_addr);
+  plen = setup_reply(header, (unsigned int)plen, addrp, flags, daemon->local_ttl);
+  send_from(udpfd, daemon->options & OPT_NOWILD, (char *)header, plen, udpaddr, dst_addr, dst_iface);
  
-  return last_server;
+  return;
 }

-static int process_reply(HEADER *header, time_t now, char *dnamebuff, struct bogus_addr *bogus_nxdomain, 
-			 struct doctor *doctors, union mysockaddr *serveraddr, 
-			 int n, int options, unsigned short edns_pcktsz)
+static int process_reply(struct daemon *daemon, HEADER *header, time_t now, 
+			 union mysockaddr *serveraddr, unsigned int n)
 {
-  unsigned char *pheader;
+  unsigned char *pheader, *sizep;
+  unsigned int plen, munged = 0;
   
  /* If upstream is advertising a larger UDP packet size
 	 than we allow, trim it so that we don't get overlarge
 	 requests for the client. */

-  if ((pheader = find_pseudoheader(header, n)))
+  if ((pheader = find_pseudoheader(header, n, &plen, &sizep)))
    {
      unsigned short udpsz;
-      unsigned char *psave = pheader;
+      unsigned char *psave = sizep;
      
-      GETSHORT(udpsz, pheader);
-      if (udpsz > edns_pcktsz)
-	PUTSHORT(edns_pcktsz, psave);
+      GETSHORT(udpsz, sizep);
+      if (udpsz > daemon->edns_pktsz)
+	PUTSHORT(daemon->edns_pktsz, psave);
    }

  /* Complain loudly if the upstream server is non-recursive. */
@@ -351,26 +378,51 @@ static int process_reply(HEADER *header, time_t now, char *dnamebuff, struct bog
      return 0;
    }
  
-  if ((header->rcode == NOERROR || header->rcode == NXDOMAIN) && header->opcode == QUERY)
+  if (header->opcode != QUERY || (header->rcode != NOERROR && header->rcode != NXDOMAIN))
+    return n;
+  
+  if (daemon->bogus_addr && header->rcode != NXDOMAIN &&
+      check_for_bogus_wildcard(header, n, daemon->namebuff, daemon->bogus_addr, now))
    {
-      if (!(bogus_nxdomain && 
-	    header->rcode == NOERROR && 
-	    check_for_bogus_wildcard(header, (unsigned int)n, dnamebuff, bogus_nxdomain, now)))
+      munged = 1;
+      header->rcode = NXDOMAIN;
+      header->aa = 0;
+    }
+  else 
+    {
+      if (header->rcode == NXDOMAIN && 
+	  extract_request(header, n, daemon->namebuff, NULL) &&
+	  check_for_local_domain(daemon->namebuff, now, daemon->mxnames))
 	{
-	  if (header->rcode == NOERROR && ntohs(header->ancount) != 0)
-	    extract_addresses(header, (unsigned int)n, dnamebuff, now, doctors);
-	  else if (!(options & OPT_NO_NEG))
-	    extract_neg_addrs(header, (unsigned int)n, dnamebuff, now);
+	  /* if we forwarded a query for a locally known name (because it was for 
+	     an unknown type) and the answer is NXDOMAIN, convert that to NODATA,
+	     since we know that the domain exists, even if upstream doesn't */
+	  munged = 1;
+	  header->aa = 1;
+	  header->rcode = NOERROR;
 	}
+  
+      extract_addresses(header, n, daemon->namebuff, now, daemon);
    }
  
-  return 1;
+  /* do this after extract_addresses. Ensure NODATA reply and remove
+     nameserver info. */
+  
+  if (munged)
+    {
+      header->ancount = htons(0);
+      header->nscount = htons(0);
+      header->arcount = htons(0);
+    }
+  
+  /* the bogus-nxdomain stuff, doctor and NXDOMAIN->NODATA munging can all elide
+     sections of the packet. Find the new length here and put back pseudoheader
+     if it was removed. */
+  return resize_packet(header, n, pheader, plen);
 }

-/* returns new last_server */
-struct server *reply_query(struct serverfd *sfd, int options, char *packet, time_t now,
-			   char *dnamebuff, struct server *servers, struct server *last_server,
-			   struct bogus_addr *bogus_nxdomain, struct doctor *doctors, unsigned short edns_pcktsz)
+/* sets new last_server */
+void reply_query(struct serverfd *sfd, struct daemon *daemon, time_t now)
 {
  /* packet from peer server, extract data for cache, and send to
     original requester */
@@ -378,7 +430,7 @@ struct server *reply_query(struct serverfd *sfd, int options, char *packet, time
  HEADER *header;
  union mysockaddr serveraddr;
  socklen_t addrlen = sizeof(serveraddr);
-  int n = recvfrom(sfd->fd, packet, edns_pcktsz, 0, &serveraddr.sa, &addrlen);
+  int n = recvfrom(sfd->fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen);
  
  /* Determine the address of the server replying  so that we can mark that as good */
  serveraddr.sa.sa_family = sfd->source_addr.sa.sa_family;
@@ -387,42 +439,44 @@ struct server *reply_query(struct serverfd *sfd, int options, char *packet, time
    serveraddr.in6.sin6_flowinfo = htonl(0);
 #endif
  
-  header = (HEADER *)packet;
-  if (n >= (int)sizeof(HEADER) && header->qr && (forward = lookup_frec(ntohs(header->id))))
+  header = (HEADER *)daemon->packet;
+  forward = lookup_frec(ntohs(header->id));
+  
+  if (n >= (int)sizeof(HEADER) && header->qr && forward)
    {
      /* find good server by address if possible, otherwise assume the last one we sent to */ 
      if ((forward->sentto->flags & SERV_TYPE) == 0)
 	{
-	  for (last_server = servers; last_server; last_server = last_server->next)
+	  struct server *last_server;
+	  daemon->last_server = forward->sentto;
+	  for (last_server = daemon->servers; last_server; last_server = last_server->next)
 	    if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) &&
 		sockaddr_isequal(&last_server->addr, &serveraddr))
-	      break;
-	  if (!last_server)
-	    last_server = forward->sentto;
+	      {
+		daemon->last_server = last_server;
+		break;
+	      }
 	}
      
-      if (!process_reply(header, now, dnamebuff, bogus_nxdomain, doctors, &serveraddr, n, options, edns_pcktsz))
-	return NULL;
-      
-      header->id = htons(forward->orig_id);
-      send_from(forward->fd, options & OPT_NOWILD, packet, n, &forward->source, &forward->dest);
-      forward->new_id = 0; /* cancel */
+      if ((n = process_reply(daemon, header, now, &serveraddr, (unsigned int)n)))
+	{
+	  header->id = htons(forward->orig_id);
+	  header->ra = 1; /* recursion if available */
+send_from(forward->fd, daemon->options & OPT_NOWILD, daemon->packet, n, 
+		    &forward->source, &forward->dest, forward->iface);
+	  forward->new_id = 0; /* cancel */
+	}
    }
-  
-  return last_server;
 }

-struct server *receive_query(struct listener *listen, char *packet, struct mx_record *mxnames, 
-			     char *mxtarget, unsigned int options, time_t now, 
-			     unsigned long local_ttl, char *namebuff,
-			     struct iname *names, struct iname *addrs, struct iname *except,
-			     struct server *last_server, struct server *servers, unsigned short edns_pcktsz)
+void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
 {
-  HEADER *header = (HEADER *)packet;
+  HEADER *header = (HEADER *)daemon->packet;
  union mysockaddr source_addr;
+  unsigned short type;
  struct iname *tmp;
  struct all_addr dst_addr;
-  int check_dst = !(options & OPT_NOWILD);
+  int check_dst = !(daemon->options & OPT_NOWILD);
  int m, n, if_index = 0;
  struct iovec iov[1];
  struct msghdr msg;
@@ -440,8 +494,8 @@ struct server *receive_query(struct listener *listen, char *packet, struct mx_re
 #endif
  } control_u;
  
-  iov[0].iov_base = packet;
-  iov[0].iov_len = edns_pcktsz;
+  iov[0].iov_base = daemon->packet;
+  iov[0].iov_len = daemon->edns_pktsz;
    
  msg.msg_control = control_u.control;
  msg.msg_controllen = sizeof(control_u);
@@ -452,7 +506,7 @@ struct server *receive_query(struct listener *listen, char *packet, struct mx_re
  msg.msg_iovlen = 1;
  
  if ((n = recvmsg(listen->fd, &msg, 0)) == -1)
-    return last_server;
+    return;
  
  source_addr.sa.sa_family = listen->family;
 #ifdef HAVE_IPV6
@@ -464,7 +518,7 @@ struct server *receive_query(struct listener *listen, char *packet, struct mx_re
 #endif
  
  if (check_dst && msg.msg_controllen < sizeof(struct cmsghdr))
-    return last_server;
+    return;

 #if defined(IP_PKTINFO)
  if (check_dst && listen->family == AF_INET)
@@ -498,7 +552,7 @@ struct server *receive_query(struct listener *listen, char *packet, struct mx_re
 #endif
  
  if (n < (int)sizeof(HEADER) || header->qr)
-    return last_server;
+    return;
  
  /* enforce available interface configuration */
  if (check_dst)
@@ -506,31 +560,31 @@ struct server *receive_query(struct listener *listen, char *packet, struct mx_re
      struct ifreq ifr;

      if (if_index == 0)
-	return last_server;
+	return;
      
-      if (except || names)
+      if (daemon->if_except || daemon->if_names)
 	{
 #ifdef SIOCGIFNAME
 	  ifr.ifr_ifindex = if_index;
 	  if (ioctl(listen->fd, SIOCGIFNAME, &ifr) == -1)
-	    return last_server;
+	    return;
 #else
 	  if (!if_indextoname(if_index, ifr.ifr_name))
-	    return last_server;
+	    return;
 #endif
 	}

-      for (tmp = except; tmp; tmp = tmp->next)
+      for (tmp = daemon->if_except; tmp; tmp = tmp->next)
 	if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
-	  return last_server;
+	  return;
      
-      if (names || addrs)
+      if (daemon->if_names || daemon->if_addrs)
 	{
-	  for (tmp = names; tmp; tmp = tmp->next)
+	  for (tmp = daemon->if_names; tmp; tmp = tmp->next)
 	    if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
 	      break;
 	  if (!tmp)
-	    for (tmp = addrs; tmp; tmp = tmp->next)
+	    for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
 	      if (tmp->addr.sa.sa_family == listen->family)
 		{
 		  if (tmp->addr.sa.sa_family == AF_INET &&
@@ -545,31 +599,28 @@ struct server *receive_query(struct listener *listen, char *packet, struct mx_re
 #endif
 		}
 	  if (!tmp)
-	    return last_server; 
+	    return; 
 	}
    }
  
-  if (extract_request(header, (unsigned int)n, namebuff))
+  if (extract_request(header, (unsigned int)n, daemon->namebuff, &type))
    {
      if (listen->family == AF_INET) 
-	log_query(F_QUERY | F_IPV4 | F_FORWARD, namebuff, 
-		  (struct all_addr *)&source_addr.in.sin_addr);
+	log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, 
+		  (struct all_addr *)&source_addr.in.sin_addr, type, NULL, 0);
 #ifdef HAVE_IPV6
      else
-	log_query(F_QUERY | F_IPV6 | F_FORWARD, namebuff, 
-		  (struct all_addr *)&source_addr.in6.sin6_addr);
+	log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, 
+		  (struct all_addr *)&source_addr.in6.sin6_addr, type, NULL, 0);
 #endif
    }

-  m = answer_request (header, ((char *) header) + PACKETSZ, (unsigned int)n, 
-		      mxnames, mxtarget, options, now, local_ttl, namebuff, edns_pcktsz);
+  m = answer_request (header, ((char *) header) + PACKETSZ, (unsigned int)n, daemon, now);
  if (m >= 1)
-    send_from(listen->fd, options & OPT_NOWILD, (char *)header, m, &source_addr, &dst_addr);
+    send_from(listen->fd, daemon->options & OPT_NOWILD, (char *)header, m, &source_addr, &dst_addr, if_index);
  else
-    last_server = forward_query(listen->fd, &source_addr, &dst_addr,
-				header, n, options, namebuff, servers, 
-				last_server, now, local_ttl);
-  return last_server;
+    forward_query(daemon, listen->fd, &source_addr, &dst_addr, if_index,
+		  header, n, now);
 }

 static int read_write(int fd, char *packet, int size, int rw)
@@ -588,16 +639,8 @@ static int read_write(int fd, char *packet, int size, int rw)
 	return 0;
      else if (n == -1)
 	{
-	  if (errno == EINTR)
+	  if (retry_send())
 	    goto retry;
-	  else if (errno == EAGAIN)
-	    {
-	      struct timespec waiter;
-	      waiter.tv_sec = 0;
-	      waiter.tv_nsec = 10000;
-	      nanosleep(&waiter, NULL);
-	      goto retry;
-	    }
 	  else
 	    return 0;
 	}
@@ -609,19 +652,16 @@ static int read_write(int fd, char *packet, int size, int rw)
   blocking as neccessary, and then return. Note, need to be a bit careful
   about resources for debug mode, when the fork is suppressed: that's
   done by the caller. */
-char *tcp_request(int confd, struct mx_record *mxnames, 
-		  char *mxtarget, unsigned int options, time_t now, 
-		  unsigned long local_ttl, char *namebuff,
-		  struct server *last_server, struct server *servers,
-		  struct bogus_addr *bogus_nxdomain, struct doctor *doctors,
-		  unsigned short edns_pktsz)
+char *tcp_request(struct daemon *daemon, int confd, time_t now)
 {
  int size = 0, m;
+  unsigned short qtype, gotname;
  unsigned char c1, c2;
  /* Max TCP packet + slop */
  char *packet = malloc(65536 + MAXDNAME + RRFIXEDSZ);
  HEADER *header;
-
+  struct server *last_server;
+  
  while (1)
    {
      if (!packet ||
@@ -635,7 +675,7 @@ char *tcp_request(int confd, struct mx_record *mxnames,
      
      header = (HEADER *)packet;
      
-      if (extract_request(header, (unsigned int)size, namebuff))
+      if ((gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype)))
 	{
 	  union mysockaddr peer_addr;
 	  socklen_t peer_len = sizeof(union mysockaddr);
@@ -643,33 +683,33 @@ char *tcp_request(int confd, struct mx_record *mxnames,
 	  if (getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) != -1)
 	    {
 	      if (peer_addr.sa.sa_family == AF_INET) 
-		log_query(F_QUERY | F_IPV4 | F_FORWARD, namebuff, 
-			  (struct all_addr *)&peer_addr.in.sin_addr);
+		log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, 
+			  (struct all_addr *)&peer_addr.in.sin_addr, qtype, NULL, 0);
 #ifdef HAVE_IPV6
 	      else
-		log_query(F_QUERY | F_IPV6 | F_FORWARD, namebuff, 
-			  (struct all_addr *)&peer_addr.in6.sin6_addr);
+		log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, 
+			  (struct all_addr *)&peer_addr.in6.sin6_addr, qtype, NULL, 0);
 #endif
 	    }
 	}
      
      /* m > 0 if answered from cache */
-      m = answer_request (header, ((char *) header) + 65536, (unsigned int)size,
-			  mxnames, mxtarget, options, now, local_ttl, namebuff, edns_pktsz);
+      m = answer_request(header, ((char *) header) + 65536, (unsigned int)size, daemon, now);
      
      if (m == 0)
 	{
 	  unsigned short flags = 0;
-	  unsigned short gotname = extract_request(header, (unsigned int)size, namebuff);
 	  struct all_addr *addrp = NULL;
 	  int type = 0;
 	  char *domain = NULL;
 	  
 	  if (gotname)
-	    flags = search_servers(servers, options, &addrp, gotname, namebuff, &type, &domain);
+	    flags = search_servers(daemon, now, &addrp, gotname, daemon->namebuff, &type, &domain);
 	  
-	  if (type != 0  || (options & OPT_ORDER) || !last_server)
-	    last_server = servers;
+	  if (type != 0  || (daemon->options & OPT_ORDER) || !daemon->last_server)
+	    last_server = daemon->servers;
+	  else
+	    last_server = daemon->last_server;
      
 	  if (!flags && last_server)
 	    {
@@ -685,7 +725,7 @@ char *tcp_request(int confd, struct mx_record *mxnames,
 		  else
 		    {
 		      if (!(last_server = last_server->next))
-			last_server = servers;
+			last_server = daemon->servers;
 		      
 		      if (last_server == firstsendto)
 			break;
@@ -726,21 +766,20 @@ char *tcp_request(int confd, struct mx_record *mxnames,
 		    return packet;
 		  
 		  if (!gotname)
-		    strcpy(namebuff, "query");
+		    strcpy(daemon->namebuff, "query");
 		  if (last_server->addr.sa.sa_family == AF_INET)
-		    log_query(F_SERVER | F_IPV4 | F_FORWARD, namebuff, 
-			      (struct all_addr *)&last_server->addr.in.sin_addr); 
+		    log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, 
+			      (struct all_addr *)&last_server->addr.in.sin_addr, 0, NULL, 0); 
 #ifdef HAVE_IPV6
 		  else
-		    log_query(F_SERVER | F_IPV6 | F_FORWARD, namebuff, 
-			      (struct all_addr *)&last_server->addr.in6.sin6_addr);
+		    log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, 
+			      (struct all_addr *)&last_server->addr.in6.sin6_addr, 0, NULL, 0);
 #endif 
 		  
 		  /* There's no point in updating the cache, since this process will exit and
 		     lose the information after one query. We make this call for the alias and 
 		     bogus-nxdomain side-effects. */
-		  process_reply(header, now, namebuff, bogus_nxdomain, doctors, 
-				&last_server->addr, m, options, edns_pktsz);
+		  m = process_reply(daemon, header, now, &last_server->addr, (unsigned int)m);
 		  
 		  break;
 		}
@@ -748,7 +787,7 @@ char *tcp_request(int confd, struct mx_record *mxnames,
 	  
 	  /* In case of local answer or no connections made. */
 	  if (m == 0)
-	    m = setup_reply(header, (unsigned int)size, addrp, flags, local_ttl);
+	    m = setup_reply(header, (unsigned int)size, addrp, flags, daemon->local_ttl);
 	}
      
      c1 = m>>8;
@@ -824,13 +863,15 @@ static struct frec *lookup_frec(unsigned short id)
 }

 static struct frec *lookup_frec_by_sender(unsigned short id,
-					  union mysockaddr *addr)
+					  union mysockaddr *addr,
+					  unsigned int crc)
 {
  struct frec *f;
  
  for(f = frec_list; f; f = f->next)
    if (f->new_id &&
 	f->orig_id == id && 
+	f->crc == crc &&
 	sockaddr_isequal(&f->source, addr))
      return f;
   
--- a/src/isc.c
+++ b/src/isc.c
@@ -55,8 +55,9 @@ static int next_token (char *token, int buffsize, FILE * fp)
  return count ? 1 : 0;
 }

-void load_dhcp(char *file, char *suffix, time_t now, char *hostname)
+void load_dhcp(struct daemon *daemon, time_t now)
 {
+  char *hostname = daemon->namebuff;
  char token[MAXTOK], *dot;
  struct in_addr host_address;
  time_t ttd, tts;
@@ -64,10 +65,10 @@ void load_dhcp(char *file, char *suffix, time_t now, char *hostname)
  struct isc_lease *lease, *tmp, **up;
  struct stat statbuf;

-  if (stat(file, &statbuf) == -1)
+  if (stat(daemon->lease_file, &statbuf) == -1)
    {
      if (!logged_lease)
-	syslog(LOG_WARNING, "failed to access %s: %m", file);
+	syslog(LOG_WARNING, "failed to access %s: %m", daemon->lease_file);
      logged_lease = 1;
      return;
    }
@@ -81,13 +82,13 @@ void load_dhcp(char *file, char *suffix, time_t now, char *hostname)
  lease_file_size = statbuf.st_size;
  lease_file_inode = statbuf.st_ino;
  
-  if (!(fp = fopen (file, "r")))
+  if (!(fp = fopen (daemon->lease_file, "r")))
    {
-      syslog (LOG_ERR, "failed to load %s: %m", file);
+      syslog (LOG_ERR, "failed to load %s: %m", daemon->lease_file);
      return;
    }
  
-  syslog (LOG_INFO, "reading %s", file);
+  syslog (LOG_INFO, "reading %s", daemon->lease_file);

  while ((next_token(token, MAXTOK, fp)))
    {
@@ -109,7 +110,7 @@ void load_dhcp(char *file, char *suffix, time_t now, char *hostname)
 			    if (!canonicalise(hostname))
 			      {
 				*hostname = 0;
-				syslog(LOG_ERR, "bad name in %s", file); 
+				syslog(LOG_ERR, "bad name in %s", daemon->lease_file); 
 			      }
 			}
                      else if ((strcmp(token, "ends") == 0) ||
@@ -168,7 +169,7 @@ void load_dhcp(char *file, char *suffix, time_t now, char *hostname)

 		  if ((dot = strchr(hostname, '.')))
 		    { 
-		      if (!suffix || hostname_isequal(dot+1, suffix))
+		      if (!daemon->domain_suffix || hostname_isequal(dot+1, daemon->domain_suffix))
 			{
 			  syslog(LOG_WARNING, 
 				 "Ignoring DHCP lease for %s because it has an illegal domain part", 
@@ -198,11 +199,12 @@ void load_dhcp(char *file, char *suffix, time_t now, char *hostname)
 			{
 			  leases = lease;
 			  strcpy(lease->name, hostname);
-			  if (suffix && (lease->fqdn = malloc(strlen(hostname) + strlen(suffix) + 2)))
+			  if (daemon->domain_suffix && 
+			      (lease->fqdn = malloc(strlen(hostname) + strlen(daemon->domain_suffix) + 2)))
 			    {
 			      strcpy(lease->fqdn, hostname);
 			      strcat(lease->fqdn, ".");
-			      strcat(lease->fqdn, suffix);
+			      strcat(lease->fqdn, daemon->domain_suffix);
 			    }
 			}
 		    }
@@ -235,13 +237,8 @@ void load_dhcp(char *file, char *suffix, time_t now, char *hostname)

  for (lease = leases; lease; lease = lease->next)
    {
-      if (lease->fqdn)
-	{
-	  cache_add_dhcp_entry(lease->fqdn, &lease->addr, lease->expires, F_REVERSE);
-	  cache_add_dhcp_entry(lease->name, &lease->addr, lease->expires, 0);
-	}
-      else 
-	cache_add_dhcp_entry(lease->name, &lease->addr, lease->expires, F_REVERSE);
+      cache_add_dhcp_entry(daemon, lease->fqdn, &lease->addr, lease->expires);
+      cache_add_dhcp_entry(daemon, lease->name, &lease->addr, lease->expires);
    }
 }

--- a/src/lease.c
+++ b/src/lease.c
@@ -15,12 +15,11 @@
 #include "dnsmasq.h"

 static struct dhcp_lease *leases;
-FILE *lease_file;
-int dns_dirty, file_dirty, new_lease;
-int leases_left;
+static FILE *lease_file;
+static int dns_dirty, file_dirty, new_lease;
+static int leases_left;

-int lease_init(char *filename, char *domain, char *buff, 
-	       char *buff2, time_t now, int maxleases)
+void lease_init(struct daemon *daemon, time_t now)
 {
  unsigned int e0, e1, e2, e3, e4, e5, a0, a1, a2, a3;
  unsigned long ei;
@@ -30,19 +29,22 @@ int lease_init(char *filename, char *domain, char *buff,
  struct dhcp_lease *lease;
  int clid_len = 0;
  int has_old = 0;
-
+  char *buff = daemon->dhcp_buff;
+  char *buff2 = daemon->dhcp_buff2;
+  
  leases = NULL;
-  leases_left = maxleases;
+  leases_left = daemon->dhcp_max;

  /* NOTE: need a+ mode to create file if it doesn't exist */
-  if (!(lease_file = fopen(filename, "a+")))
+  if (!(lease_file = fopen(daemon->lease_file, "a+")))
    die("cannot open or create leases file: %s", NULL);
    
  /* a+ mode lease pointer at end. */
  rewind(lease_file);

-  while (fscanf(lease_file, "%lu %x:%x:%x:%x:%x:%x %d.%d.%d.%d %256s %500s",
-		&ei, &e0, &e1, &e2, &e3, &e4, &e5, &a0, &a1, &a2, &a3, buff, buff2) == 13)
+  while (fscanf(lease_file, "%lu %x:%x:%x:%x:%x:%x %d.%d.%d.%d %257s %257s",
+		&ei, &e0, &e1, &e2, &e3, &e4, &e5, &a0, &a1, &a2, &a3, 
+		buff, buff2) == 13)
    {
 #ifdef HAVE_BROKEN_RTC
      if (ei)
@@ -90,14 +92,14 @@ int lease_init(char *filename, char *domain, char *buff,
      memcpy(lease->hwaddr, hwaddr, ETHER_ADDR_LEN);

      if (strcmp(buff, "*") !=  0)
-	  lease_set_hostname(lease, buff, domain);
+	  lease_set_hostname(lease, buff, daemon->domain_suffix);
    }
  
  dns_dirty = 1;
  file_dirty = has_old;
  new_lease = 0;

-  return fileno(lease_file);
+  daemon->lease_fd = fileno(lease_file);
 }

 void lease_update_from_configs(struct dhcp_config *dhcp_configs, char *domain)
@@ -165,7 +167,7 @@ void lease_update_file(int force, time_t now)
    }
 }

-void lease_update_dns(void)
+void lease_update_dns(struct daemon *daemon)
 {
  struct dhcp_lease *lease;
  
@@ -175,13 +177,8 @@ void lease_update_dns(void)
      
      for (lease = leases; lease; lease = lease->next)
 	{
-	  if (lease->fqdn)
-	    {
-	      cache_add_dhcp_entry(lease->fqdn, &lease->addr, lease->expires, F_REVERSE);
-	      cache_add_dhcp_entry(lease->hostname, &lease->addr, lease->expires, 0);
-	    }
-	  else if (lease->hostname)
-	    cache_add_dhcp_entry(lease->hostname, &lease->addr, lease->expires, F_REVERSE);
+	  cache_add_dhcp_entry(daemon, lease->fqdn, &lease->addr, lease->expires);
+	  cache_add_dhcp_entry(daemon, lease->hostname, &lease->addr, lease->expires);
 	}
      
      dns_dirty = 0;
--- a/src/network.c
+++ b/src/network.c
@@ -14,16 +14,14 @@

 #include "dnsmasq.h"

-static struct irec *add_iface(struct irec *list, char *name, union mysockaddr *addr, 
-			      struct iname *names, struct iname *addrs, 
-			      struct iname *except)
+static struct irec *add_iface(struct daemon *daemon, struct irec *list, char *name, union mysockaddr *addr) 
 {
  struct irec *iface;
  struct iname *tmp;
  
  /* check blacklist */
-  if (except)
-    for (tmp = except; tmp; tmp = tmp->next)
+  if (daemon->if_except)
+    for (tmp = daemon->if_except; tmp; tmp = tmp->next)
      if (tmp->name && strcmp(tmp->name, name) == 0)
 	{
 	  /* record address of named interfaces, for TCP access control */
@@ -32,18 +30,18 @@ static struct irec *add_iface(struct irec *list, char *name, union mysockaddr *a
 	}

  /* we may need to check the whitelist */
-  if (names || addrs)
+  if (daemon->if_names || daemon->if_addrs)
    { 
      int found = 0;

-      for (tmp = names; tmp; tmp = tmp->next)
+      for (tmp = daemon->if_names; tmp; tmp = tmp->next)
 	if (tmp->name && (strcmp(tmp->name, name) == 0))
 	  {
 	    tmp->addr = *addr;
 	    found = tmp->used = 1;
 	  }

-      for (tmp = addrs; tmp; tmp = tmp->next)
+      for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
 	if (sockaddr_isequal(&tmp->addr, addr))
 	  found = tmp->used = 1;
      
@@ -67,10 +65,7 @@ static struct irec *add_iface(struct irec *list, char *name, union mysockaddr *a
 }


-struct irec *enumerate_interfaces(struct iname **names,
-				  struct iname **addrs,
-				  struct iname *except,
-				  int port)
+struct irec *enumerate_interfaces(struct daemon *daemon)
 {
  struct irec *iface = NULL;
  char *buf, *ptr;
@@ -126,7 +121,7 @@ struct irec *enumerate_interfaces(struct iname **names,
      if (ifr->ifr_addr.sa_family == AF_INET)
 	{
 	  addr.in = *((struct sockaddr_in *) &ifr->ifr_addr);
-	  addr.in.sin_port = htons(port);
+	  addr.in.sin_port = htons(daemon->port);
 	}
 #ifdef HAVE_IPV6
      else if (ifr->ifr_addr.sa_family == AF_INET6)
@@ -136,7 +131,7 @@ struct irec *enumerate_interfaces(struct iname **names,
 #else
 	  addr.in6 = *((struct sockaddr_in6 *) &ifr->ifr_addr);
 #endif
-	  addr.in6.sin6_port = htons(port);
+	  addr.in6.sin6_port = htons(daemon->port);
 	  addr.in6.sin6_flowinfo = htonl(0);
 	}
 #endif
@@ -148,10 +143,10 @@ struct irec *enumerate_interfaces(struct iname **names,

      /* If we are restricting the set of interfaces to use, make
 	 sure that loopback interfaces are in that set. */
-      if (*names && (ifr->ifr_flags & IFF_LOOPBACK))
+      if (daemon->if_names && (ifr->ifr_flags & IFF_LOOPBACK))
 	{
 	  struct iname *lo;
-	  for (lo = *names; lo; lo = lo->next)
+	  for (lo = daemon->if_names; lo; lo = lo->next)
 	    if (lo->name && strcmp(lo->name, ifr->ifr_name) == 0)
 	      {
 		lo->isloop = 1;
@@ -162,12 +157,12 @@ struct irec *enumerate_interfaces(struct iname **names,
 	      lo = safe_malloc(sizeof(struct iname));
 	      lo->name = safe_string_alloc(ifr->ifr_name);
 	      lo->isloop = lo->used = 1;
-	      lo->next = *names;
-	      *names = lo;
+	      lo->next = daemon->if_names;
+	      daemon->if_names = lo;
 	    }
 	}

-      iface = add_iface(iface, ifr->ifr_name, &addr, *names, *addrs, except);
+      iface = add_iface(daemon, iface, ifr->ifr_name, &addr);
 	
 #if defined(HAVE_LINUX_IPV6_PROC) && defined(HAVE_IPV6)
      /* IPv6 addresses don't seem to work with SIOCGIFCONF. Barf */
@@ -198,7 +193,7 @@ struct irec *enumerate_interfaces(struct iname **names,
 			sscanf(addrstring+i+i, "%02x", &byte);
 			addr6p[i] = byte;
 		      }
-		    addr6.in6.sin6_port = htons(port);
+		    addr6.in6.sin6_port = htons(daemon->port);
 		    addr6.in6.sin6_flowinfo = htonl(0);
 		    addr6.in6.sin6_scope_id = htonl(scope);
 		    
@@ -211,7 +206,7 @@ struct irec *enumerate_interfaces(struct iname **names,
 	  }
 	
 	if (found)
-	  iface = add_iface(iface, ifr->ifr_name, &addr6, *names, *addrs, except);
+	  iface = add_iface(daemon, iface, ifr->ifr_name, &addr6);
      }
 #endif /* LINUX */
    }
@@ -261,9 +256,15 @@ static int create_ipv6_listener(struct listener **link, int port)
      setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
      setsockopt(fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 ||
      setsockopt(tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 ||
+      (flags = fcntl(fd, F_GETFL, 0)) == -1 ||
+      fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1 ||
      (flags = fcntl(tcpfd, F_GETFL, 0)) == -1 ||
      fcntl(tcpfd, F_SETFL, flags | O_NONBLOCK) == -1 ||
+#ifdef IPV6_RECVPKTINFO
+      setsockopt(fd, IPV6_LEVEL, IPV6_RECVPKTINFO, &opt, sizeof(opt)) == -1 ||
+#else
      setsockopt(fd, IPV6_LEVEL, IPV6_PKTINFO, &opt, sizeof(opt)) == -1 ||
+#endif
      bind(tcpfd, (struct sockaddr *)&addr, sa_len(&addr)) == -1 ||
      listen(tcpfd, 5) == -1 ||
      bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == -1) 
@@ -322,6 +323,8 @@ struct listener *create_wildcard_listeners(int port)
      !create_ipv6_listener(&l6, port) ||
 #endif
      setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
+      (flags = fcntl(fd, F_GETFL, 0)) == -1 ||
+      fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1 ||
 #if defined(IP_PKTINFO) 
      setsockopt(fd, SOL_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1 ||
 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
@@ -374,6 +377,8 @@ struct listener *create_bound_listeners(struct irec *interfaces, int port)
 	    /* See Stevens 16.6 */
 	    (flags = fcntl(new->tcpfd, F_GETFL, 0)) == -1 ||
 	    fcntl(new->tcpfd, F_SETFL, flags | O_NONBLOCK) == -1 ||
+	    (flags = fcntl(new->fd, F_GETFL, 0)) == -1 ||
+	    fcntl(new->fd, F_SETFL, flags | O_NONBLOCK) == -1 ||
 	    bind(new->tcpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1 ||
 	    bind(new->fd, &iface->addr.sa, sa_len(&iface->addr)) == -1 ||
 	    listen(new->tcpfd, 5) == -1)
@@ -386,7 +391,8 @@ struct listener *create_bound_listeners(struct irec *interfaces, int port)
 struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds)
 {
  struct serverfd *sfd;
-  
+  int flags;
+
  /* may have a suitable one already */
  for (sfd = *sfds; sfd; sfd = sfd->next )
    if (sockaddr_isequal(&sfd->source_addr, addr))
@@ -403,7 +409,9 @@ struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds)
      return NULL;
    }
  
-  if (bind(sfd->fd, (struct sockaddr *)addr, sa_len(addr)) == -1)
+  if (bind(sfd->fd, (struct sockaddr *)addr, sa_len(addr)) == -1 ||
+      (flags = fcntl(sfd->fd, F_GETFL, 0)) == -1 ||
+      fcntl(sfd->fd, F_SETFL, flags | O_NONBLOCK) == -1)
    {
      int errsave = errno; /* save error from bind. */
      close(sfd->fd);
@@ -419,17 +427,19 @@ struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds)
  return sfd;
 }

-struct server *check_servers(struct server *new, struct irec *interfaces, struct serverfd **sfds)
+void check_servers(struct daemon *daemon, struct irec *interfaces)
 {
  char addrbuff[ADDRSTRLEN];
  struct irec *iface;
-  struct server *tmp, *ret = NULL;
+  struct server *new, *tmp, *ret = NULL;
  int port = 0;

  /* forward table rules reference servers, so have to blow them away */
  forward_init(0);
  
-  for (;new; new = tmp)
+  daemon->last_server = NULL;
+  
+  for (new = daemon->servers; new; new = tmp)
    {
      tmp = new->next;
      
@@ -461,7 +471,7 @@ struct server *check_servers(struct server *new, struct irec *interfaces, struct
 	    }
 	  
 	  /* Do we need a socket set? */
-	  if (!new->sfd && !(new->sfd = allocate_sfd(&new->source_addr, sfds)))
+	  if (!new->sfd && !(new->sfd = allocate_sfd(&new->source_addr, &daemon->sfds)))
 	    {
 	      syslog(LOG_WARNING, 
 		     "ignoring nameserver %s - cannot make/bind socket: %m", addrbuff);
@@ -491,15 +501,16 @@ struct server *check_servers(struct server *new, struct irec *interfaces, struct
 	syslog(LOG_INFO, "using nameserver %s#%d", addrbuff, port); 
    }
  
- return ret;
+  daemon->servers = ret;
 }
  
-struct server *reload_servers(char *fname, char *buff, struct server *serv, int query_port)
+void reload_servers(char *fname, struct daemon *daemon)
 {
  FILE *f;
  char *line;
  struct server *old_servers = NULL;
  struct server *new_servers = NULL;
+  struct server *serv = daemon->servers;

  /* move old servers to free list - we can reuse the memory 
     and not risk malloc if there are the same or fewer new servers. 
@@ -529,7 +540,7 @@ struct server *reload_servers(char *fname, char *buff, struct server *serv, int
  else
    {
      syslog(LOG_INFO, "reading %s", fname);
-      while ((line = fgets(buff, MAXDNAME, f)))
+      while ((line = fgets(daemon->namebuff, MAXDNAME, f)))
 	{
 	  union  mysockaddr addr, source_addr;
 	  char *token = strtok(line, " \t\n\r");
@@ -552,7 +563,7 @@ struct server *reload_servers(char *fname, char *buff, struct server *serv, int
 	      source_addr.in.sin_family = addr.in.sin_family = AF_INET;
 	      addr.in.sin_port = htons(NAMESERVER_PORT);
 	      source_addr.in.sin_addr.s_addr = INADDR_ANY;
-	      source_addr.in.sin_port = htons(query_port);
+	      source_addr.in.sin_port = htons(daemon->query_port);
 	    }
 #ifdef HAVE_IPV6
 	  else if (inet_pton(AF_INET6, token, &addr.in6.sin6_addr))
@@ -564,7 +575,7 @@ struct server *reload_servers(char *fname, char *buff, struct server *serv, int
 	      addr.in6.sin6_port = htons(NAMESERVER_PORT);
 	      source_addr.in6.sin6_flowinfo = addr.in6.sin6_flowinfo = htonl(0);
 	      source_addr.in6.sin6_addr = in6addr_any;
-	      source_addr.in6.sin6_port = htons(query_port);
+	      source_addr.in6.sin6_port = htons(daemon->query_port);
 	    }
 #endif /* IPV6 */
 	  else
@@ -600,7 +611,7 @@ struct server *reload_servers(char *fname, char *buff, struct server *serv, int
      old_servers = tmp;
    }

-  return new_servers;
+  daemon->servers = new_servers;
 }


--- a/src/option.c
+++ b/src/option.c
@@ -21,7 +21,7 @@ struct myoption {
  int val;
 };

-#define OPTSTRING "ZDNLERzowefnbvhdqr:m:p:c:l:s:i:t:u:g:a:x:S:C:A:T:H:Q:I:B:F:G:O:M:X:V:U:j:P:"
+#define OPTSTRING "ZDNLERKzowefnbvhdkqr:m:p:c:l:s:i:t:u:g:a:x:S:C:A:T:H:Q:I:B:F:G:O:M:X:V:U:j:P:"

 static struct myoption opts[] = { 
  {"version", 0, 0, 'v'},
@@ -73,6 +73,8 @@ static struct myoption opts[] = {
  {"dhcp-vendorclass", 1, 0, 'U'},
  {"dhcp-userclass", 1, 0, 'j'},
  {"edns-packet-max", 1, 0, 'P'},
+  {"keep-in-foreground", 0, 0, 'k'},
+  {"dhcp-authoritative", 0, 0, 'K'},
  {0, 0, 0, 0}
 };

@@ -89,6 +91,8 @@ static struct optflags optmap[] = {
  { 'h', OPT_NO_HOSTS },
  { 'n', OPT_NO_POLL },
  { 'd', OPT_DEBUG },
+  { 'k', OPT_NO_FORK },
+  { 'K', OPT_AUTHORITATIVE },
  { 'o', OPT_ORDER },
  { 'R', OPT_NO_RESOLV },
  { 'E', OPT_EXPAND },
@@ -124,6 +128,8 @@ static char *usage =
 "-i, --interface=interface           Specify interface(s) to listen on.\n"
 "-I, --except-interface=int          Specify interface(s) NOT to listen on.\n"
 "-j, --dhcp-userclass=<id>,<class>   Map DHCP user class to option set.\n"
+"-k, --keep-in-foreground            Do NOT fork into the background, do NOT run in debug mode.\n"
+"-K, --dhcp-authoritative            Assume we are the only DHCP server on the local network.\n"
 "-l, --dhcp-leasefile=path           Specify where to store DHCP leases (defaults to " LEASEFILE ").\n"
 "-L, --localmx                       Return MX records for local hosts.\n"
 "-m, --mx-host=host_name             Specify the MX name to reply to.\n"
@@ -155,28 +161,37 @@ static char *usage =
 "\n";


-unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **resolv_files, 
-			struct mx_record **mxnames, char **mxtarget, char **lease_file, 
-			char **username, char **groupname, char **domain_suffix, char **runfile, 
-			struct iname **if_names, struct iname **if_addrs, struct iname **if_except,
-			struct bogus_addr **bogus_addr, struct server **serv_addrs, int *cachesize, int *port, 
-			int *query_port, unsigned long *local_ttl, char **addn_hosts, struct dhcp_context **dhcp,
-			struct dhcp_config **dhcp_conf, struct dhcp_opt **dhcp_opts, struct dhcp_vendor **dhcp_vendors, char **dhcp_file,
-			char **dhcp_sname, struct in_addr *dhcp_next_server, int *dhcp_max, 
-			unsigned int *min_leasetime, struct doctor **doctors, unsigned short *edns_pktsz)
+struct daemon *read_opts (int argc, char **argv)
 {
+  struct daemon *daemon = safe_malloc(sizeof(struct daemon));
+  char *problem = NULL, *buff = safe_malloc(MAXDNAME);
  int option = 0, i;
-  unsigned int flags = 0;
  FILE *file_save = NULL, *f = NULL;
  char *file_name_save = NULL, *conffile = CONFFILE;
-  int conffile_set = 0;
+  int hosts_index = 1, conffile_set = 0;
  int line_save = 0, lineno = 0;
  opterr = 0;
  
-  *min_leasetime = UINT_MAX;
+  memset(daemon, 0, sizeof(struct daemon));
+  daemon->namebuff = buff;

+  /* Set defaults - everything else is zero or NULL */
+  daemon->min_leasetime = UINT_MAX;
+  daemon->cachesize = CACHESIZ;
+  daemon->port = NAMESERVER_PORT;
+  daemon->default_resolv.is_default = 1;
+  daemon->default_resolv.name = RESOLVFILE;
+  daemon->resolv_files = &daemon->default_resolv;
+  daemon->username = CHUSER;
+  daemon->groupname = CHGRP;
+  daemon->runfile =  RUNFILE;
+  daemon->dhcp_max = MAXLEASES;
+  daemon->edns_pktsz = EDNS_PKTSZ;
+  
  while (1)
    {
+      problem = NULL;
+
      if (!f)
 #ifdef HAVE_GETOPT_LONG
 	option = getopt_long(argc, argv, OPTSTRING, (struct option *)opts, NULL);
@@ -274,7 +289,7 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
      for (i=0; optmap[i].c; i++)
 	if (option == optmap[i].c)
 	  {
-	    flags |= optmap[i].flag;
+	    daemon->options |= optmap[i].flag;
 	    option = 0;
 	    if (f && optarg)
 	      {
@@ -292,7 +307,7 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 	      complain(buff, NULL);
 	      continue;
 	    }
-	               
+	      	  
 	  switch (option)
 	    { 
 	     case 'C': 
@@ -319,13 +334,13 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 	       goto fileopen;
 	      
 	    case 'x': 
-	      *runfile = safe_string_alloc(optarg);
+	      daemon->runfile = safe_string_alloc(optarg);
 	      break;
 	      
 	    case 'r':
 	      {
 		char *name = safe_string_alloc(optarg);
-		struct resolvc *new, *list = *resolv_files;
+		struct resolvc *new, *list = daemon->resolv_files;
 		if (list && list->is_default)
 		  {
 		    /* replace default resolv file - possibly with nothing */
@@ -346,7 +361,7 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		    new->logged = 0;
 		    list = new;
 		  }
-		*resolv_files = list;
+		daemon->resolv_files = list;
 		break;
 	      }

@@ -356,12 +371,15 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		if (comma)
 		  *(comma++) = 0;
 		if (!canonicalise(optarg) || (comma && !canonicalise(comma)))
-		  option = '?';
+		  {
+		    option = '?';
+		    problem = "bad MX name";
+		  }
 		else 
 		  {
 		    struct mx_record *new = safe_malloc(sizeof(struct mx_record));
-		    new->next = *mxnames;
-		    *mxnames = new;
+		    new->next = daemon->mxnames;
+		    daemon->mxnames = new;
 		    new->mxname = safe_string_alloc(optarg);
 		    new->mxtarget = safe_string_alloc(comma); /* may be NULL */
 		  }
@@ -370,61 +388,67 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 	      
 	    case 't':
 	      if (!canonicalise(optarg))
-		option = '?';
+		{
+		  option = '?';
+		  problem = "bad MX target";
+		}
 	      else
-		*mxtarget = safe_string_alloc(optarg);
+		daemon->mxtarget = safe_string_alloc(optarg);
 	      break;
 	      
 	    case 'l':
-	      *lease_file = safe_string_alloc(optarg);
+	      daemon->lease_file = safe_string_alloc(optarg);
 	      break;
 	      
 	    case 'H':
-	      if (*addn_hosts)
-		option = '?';
-	      else
-		*addn_hosts = safe_string_alloc(optarg);
-	      break;
-	      
+	      {
+		struct hostsfile *new = safe_malloc(sizeof(struct hostsfile));
+		new->fname = safe_string_alloc(optarg);
+		new->index = hosts_index++;
+		new->next = daemon->addn_hosts;
+		daemon->addn_hosts = new;
+		break;
+	      }
+
 	    case 's':
 	      if (strcmp (optarg, "#") == 0)
-		flags |= OPT_RESOLV_DOMAIN;
+		daemon->options |= OPT_RESOLV_DOMAIN;
 	      else if (!canonicalise(optarg))
 		option = '?';
 	      else
-		*domain_suffix = safe_string_alloc(optarg);
+		daemon->domain_suffix = safe_string_alloc(optarg);
 	      break;
 	      
 	    case 'u':
-	      *username = safe_string_alloc(optarg);
+	      daemon->username = safe_string_alloc(optarg);
 	      break;
 	      
 	    case 'g':
-	      *groupname = safe_string_alloc(optarg);
+	      daemon->groupname = safe_string_alloc(optarg);
 	      break;
 	      
 	    case 'i':
 	      {
 		struct iname *new = safe_malloc(sizeof(struct iname));
-		new->next = *if_names;
-		*if_names = new;
+		new->next = daemon->if_names;
+		daemon->if_names = new;
 		/* new->name may be NULL if someone does
 		   "interface=" to disable all interfaces except loop. */
 		new->name = safe_string_alloc(optarg);
 		new->isloop = new->used = 0;
 		if (strchr(optarg, ':'))
-		  flags |= OPT_NOWILD;
+		  daemon->options |= OPT_NOWILD;
 		break;
 	      }
 	      
 	    case 'I':
 	      {
 		struct iname *new = safe_malloc(sizeof(struct iname));
-		new->next = *if_except;
-		*if_except = new;
+		new->next = daemon->if_except;
+		daemon->if_except = new;
 		new->name = safe_string_alloc(optarg);
 		if (strchr(optarg, ':'))
-		   flags |= OPT_NOWILD;
+		   daemon->options |= OPT_NOWILD;
 		break;
 	      }
 	      
@@ -434,8 +458,8 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		if ((addr.s_addr = inet_addr(optarg)) != (in_addr_t)-1)
 		  {
 		    struct bogus_addr *baddr = safe_malloc(sizeof(struct bogus_addr));
-		    baddr->next = *bogus_addr;
-		    *bogus_addr = baddr;
+		    baddr->next = daemon->bogus_addr;
+		    daemon->bogus_addr = baddr;
 		    baddr->addr = addr;
 		  }
 		else
@@ -446,7 +470,7 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 	    case 'a':
 	      {
 		struct iname *new = safe_malloc(sizeof(struct iname));
-		new->next = *if_addrs;
+		new->next = daemon->if_addrs;
 #ifdef HAVE_IPV6
 		if (inet_pton(AF_INET, optarg, &new->addr.in.sin_addr))
 		  {
@@ -480,7 +504,7 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		  }
 		
 		if (new)
-		  *if_addrs = new;
+		  daemon->if_addrs = new;
 		break;
 	      }
 	      
@@ -553,7 +577,10 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 			  { 
 			    *portno = 0;
 			    if (!atoi_check(portno+1, &source_port))
-			      option = '?';
+			      {
+				option = '?';
+				problem = "bad port";
+			      }
 			  }
 		      }
 		    
@@ -561,7 +588,10 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		      {
 			*portno = 0;
 			if (!atoi_check(portno+1, &serv_port))
-			  option = '?';
+			  {
+			    option = '?';
+			    problem = "bad port";
+			  }
 		      }

 #ifdef HAVE_IPV6
@@ -633,8 +663,8 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 			serv->next->source_addr = serv->source_addr;
 			serv = serv->next;
 		      }
-		    serv->next = *serv_addrs;
-		    *serv_addrs = newlist;
+		    serv->next = daemon->servers;
+		    daemon->servers = newlist;
 		  }
 		break;
 	      }
@@ -653,13 +683,13 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		    else if (size > 10000)
 		      size = 10000;
 		    
-		    *cachesize = size;
+		    daemon->cachesize = size;
 		  }
 		break;
 	      }
 	      
 	    case 'p':
-	      if (!atoi_check(optarg, port))
+	      if (!atoi_check(optarg, &daemon->port))
 		option = '?';
 	      break;
 	      
@@ -668,12 +698,12 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		int i;
 		if (!atoi_check(optarg, &i))
 		  option = '?';
-		*edns_pktsz = (unsigned short)i;	
+		daemon->edns_pktsz = (unsigned short)i;	
 		break;
 	      }

 	    case 'Q':
-	      if (!atoi_check(optarg, query_port))
+	      if (!atoi_check(optarg, &daemon->query_port))
 		option = '?';
 	      break;

@@ -683,12 +713,12 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		if (!atoi_check(optarg, &ttl))
 		  option = '?';
 		else
-		  *local_ttl = (unsigned long)ttl;
+		  daemon->local_ttl = (unsigned long)ttl;
 		break;
 	      }

 	    case 'X':
-	      if (!atoi_check(optarg, dhcp_max))
+	      if (!atoi_check(optarg, &daemon->dhcp_max))
 		option = '?';
 	      break;

@@ -698,14 +728,17 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		char *cp, *comma, *a[5] = { NULL, NULL, NULL, NULL, NULL };
 		struct dhcp_context *new = safe_malloc(sizeof(struct dhcp_context));
 		
-		new->next = *dhcp;
+		new->next = daemon->dhcp;
 		new->lease_time = DEFLEASE;
 		new->addr_epoch = 0;
 		new->netmask.s_addr = 0;
 		new->broadcast.s_addr = 0;
+		new->router.s_addr = 0;
 		new->netid.net = NULL;
+		new->static_only = 0;
 		
-		
+		problem = "bad dhcp-range";
+
 		for (cp = optarg; *cp; cp++)
 		  if (!(*cp == ' ' || *cp == '.' ||  (*cp >='0' && *cp <= '9')))
 		    break;
@@ -730,22 +763,39 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		if ((k < 2) || ((new->start.s_addr = inet_addr(a[0])) == (in_addr_t)-1))
 		  option = '?';
 		else if (strcmp(a[1], "static") == 0)
-		  new->end = new->start;
+		  {
+		    new->end = new->start;
+		    new->static_only = 1;
+		  }
 		else if ((new->end.s_addr = inet_addr(a[1])) == (in_addr_t)-1)
 		  option = '?';
 		  
+		if (ntohl(new->start.s_addr) > ntohl(new->end.s_addr))
+		  {
+		    struct in_addr tmp = new->start;
+		    new->start = new->end;
+		    new->end = tmp;
+		  }
+		    
+		if (option != '?' && k >= 3 && strchr(a[2], '.') &&  
+		    ((new->netmask.s_addr = inet_addr(a[2])) != (in_addr_t)-1))
+		  {
+		    leasepos = 3;
+		    if (!is_same_net(new->start, new->end, new->netmask))
+		      {
+			problem = "inconsistent DHCP range";
+			option = '?';
+		      }
+		  }
+
 		if (option == '?')
 		  {
 		    free(new);
 		    break;
 		  }
 		else
-		  *dhcp = new;
-		
-		if (k >= 3 && strchr(a[2], '.') &&  
-		    ((new->netmask.s_addr = inet_addr(a[2])) != (in_addr_t)-1))
-		  leasepos = 3;
-		
+		  daemon->dhcp = new;
+
 		if (k >= 4 && strchr(a[3], '.') &&  
 		    ((new->broadcast.s_addr = inet_addr(a[3])) != (in_addr_t)-1))
 		  leasepos = 4;
@@ -779,8 +829,8 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		      }
 		  }
 				
-		if (new->lease_time < *min_leasetime)
-		  *min_leasetime = new->lease_time;
+		if (new->lease_time < daemon->min_leasetime)
+		  daemon->min_leasetime = new->lease_time;
 		break;
 	      }

@@ -792,7 +842,7 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		struct dhcp_config *new = safe_malloc(sizeof(struct dhcp_config));
 		struct in_addr in;

-		new->next = *dhcp_conf;
+		new->next = daemon->dhcp_conf;
 		new->flags = 0;		  
 		
 		
@@ -934,6 +984,7 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso

 		if (option == '?')
 		  {
+		    problem = "bad dhcp-host";
 		    if (new->flags & CONFIG_NAME)
 		      free(new->hostname);
 		    if (new->flags & CONFIG_CLID)
@@ -944,9 +995,9 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		  }
 		else
 		  {
-		    if ((new->flags & CONFIG_TIME) && new->lease_time < *min_leasetime)
-		      *min_leasetime = new->lease_time;
-		    *dhcp_conf = new;
+		    if ((new->flags & CONFIG_TIME) && new->lease_time < daemon->min_leasetime)
+		      daemon->min_leasetime = new->lease_time;
+		    daemon->dhcp_conf = new;
 		  }
 		break;
 	      }
@@ -957,14 +1008,15 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		char *cp, *comma;
 		int addrs, digs, is_addr, is_hex, is_dec;
 		
-		new->next = *dhcp_opts;
+		new->next = daemon->dhcp_opts;
 		new->len = 0;
 		new->is_addr = 0;
 		new->netid = NULL;
+		new->val = NULL;
 				
 		if ((comma = strchr(optarg, ',')))
 		  {
-		    *comma = 0;
+		    *comma++ = 0;
 		
 		    for (cp = optarg; *cp; cp++)
 		      if (!(*cp == ' ' || (*cp >='0' && *cp <= '9')))
@@ -973,127 +1025,200 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		    if (*cp)
 		      {
 			new->netid = safe_string_alloc(optarg);
-			optarg = comma + 1;
+			optarg = comma;
 			if ((comma = strchr(optarg, ',')))
-			  *comma = 0;
+			  *comma++ = 0;
 		      }
 		  }
 		
 		if ((new->opt = atoi(optarg)) == 0)
 		  {
 		    option = '?';
-		    if (new->netid)
-		      free(new->netid);
-		    free(new);
-		    break;
+		    problem = "bad dhcp-opt";
 		  }
-		
-		*dhcp_opts = new;
-		
-		if (!comma)
-		  break;
-		
-		/* characterise the value */
-		is_addr = is_hex = is_dec = 1;
-		addrs = digs = 1;
-		for (cp = comma+1; *cp; cp++)
-		  if (*cp == ',')
-		    {
-		      addrs++;
-		      is_dec = is_hex = 0;
-		    }
-		  else if (*cp == ':')
-		    {
-		      digs++;
-		      is_dec = is_addr = 0;
-		    }
-		  else if (*cp == '.')
-		    is_dec = is_hex = 0;
-		  else if (!(*cp >='0' && *cp <= '9'))
-		      {
-			is_dec = is_addr = 0;
-			if (!((*cp >='A' && *cp <= 'F') ||
-			      (*cp >='a' && *cp <= 'f')))
-			  is_hex = 0;
-		      }
-		
-		if (is_hex && digs > 1)
+		else if (comma && new->opt == 119)
 		  {
-		    char *p = comma+1, *q, *r;
-		    new->len = digs;
-		    q = new->val = safe_malloc(new->len);
-		    while (*p)
+		    /* dns search, RFC 3397 */
+		    unsigned char *q, *r, *tail;
+		    unsigned char *p = NULL;
+		    int newlen, len = 0;
+		    
+		    optarg = comma;
+		    if ((comma = strchr(optarg, ',')))
+		      *(comma++) = 0;
+
+		    while (optarg && *optarg)
 		      {
-			for (r = p; *r && *r != ':'; r++);
-			if (*r)
+			if (!canonicalise(optarg))
 			  {
-			    if (r != p)
+			    option = '?';
+			    problem = "bad dhcp-search-opt";
+			    break;
+			  }
+			
+			if (!(r = realloc(p, len + strlen(optarg) + 2)))
+			  die("could not get memory", NULL);
+			p = memmove(r, p, len);
+			
+			q = p + len;
+			
+			/* add string on the end in RFC1035 format */
+			while (*optarg) 
+			  {
+			    char *cp = q++;
+			    int j;
+			    for (j = 0; *optarg && (*optarg != '.'); optarg++, j++)
+			      *q++ = *optarg;
+			    *cp = j;
+			    if (*optarg)
+			      optarg++;
+			  }
+			*q++ = 0;
+			
+			/* Now tail-compress using earlier names. */
+			newlen = q - p;
+			for (tail = p + len; *tail; tail += (*tail) + 1)
+			  for (r = p; r - p < len; r += (*r) + 1)
+			    if (strcmp(r, tail) == 0)
 			      {
-				*r = 0;
-				*(q++) = strtol(p, NULL, 16);
+				PUTSHORT((r - p) | 0xc000, tail); 
+				newlen = tail - p;
+				goto end;
 			      }
-			    p = r+1;
+		      end:
+			len = newlen;
+		    
+			optarg = comma;
+			if (optarg && (comma = strchr(optarg, ',')))
+			  *(comma++) = 0;
+		      }
+
+		    new->len = len;
+		    new->val = p;
+		  }
+		else if (comma)
+		  {
+		    /* not option 119 */
+		    /* characterise the value */
+		    is_addr = is_hex = is_dec = 1;
+		    addrs = digs = 1;
+		    for (cp = comma; *cp; cp++)
+		      if (*cp == ',')
+			{
+			  addrs++;
+			  is_dec = is_hex = 0;
+			}
+		      else if (*cp == ':')
+			{
+			  digs++;
+			  is_dec = is_addr = 0;
+			}
+		      else if (*cp == '.')
+			is_dec = is_hex = 0;
+		      else if (!(*cp >='0' && *cp <= '9'))
+			{
+			  is_dec = is_addr = 0;
+			  if (!((*cp >='A' && *cp <= 'F') ||
+				(*cp >='a' && *cp <= 'f')))
+			    is_hex = 0;
+			}
+		
+		    if (is_hex && digs > 1)
+		      {
+			char *p = comma, *q, *r;
+			new->len = digs;
+			q = new->val = safe_malloc(new->len);
+			while (*p)
+			  {
+			    for (r = p; *r && *r != ':'; r++);
+			    if (*r)
+			      {
+				if (r != p)
+				  {
+				    *r = 0;
+				    *(q++) = strtol(p, NULL, 16);
+				  }
+				p = r+1;
+			      }
+			    else
+			      {
+				if (*p)
+				  *(q++) = strtol(p, NULL, 16);
+				break;
+			      }
+			  }
+		      }
+		    else if (is_dec)
+		      {
+			/* Given that we don't know the length,
+			   this appaling hack is the best available */
+			unsigned int val = atoi(comma);
+			if (val < 256)
+			  {
+			    new->len = 1;
+			    new->val = safe_malloc(1);
+			    *(new->val) = val;
+			  }
+			else if (val < 65536)
+			  {
+			    new->len = 2;
+			    new->val = safe_malloc(2);
+			    *(new->val) = val>>8;
+			    *(new->val+1) = val;
 			  }
 			else
 			  {
-			    if (*p)
-			      *(q++) = strtol(p, NULL, 16);
-			    break;
+			    new->len = 4;
+			    new->val = safe_malloc(4);
+			    *(new->val) = val>>24;
+			    *(new->val+1) = val>>16;
+			    *(new->val+2) = val>>8;
+			    *(new->val+3) = val;
 			  }
 		      }
-		  }
-		else if (is_dec)
-		  {
-		    /* Given that we don't know the length,
-		       this applaing hack is the best available */
-		    unsigned int val = atoi(comma+1);
-		    if (val < 256)
+		    else if (is_addr)	
 		      {
-			new->len = 1;
-			new->val = safe_malloc(1);
-			*(new->val) = val;
-		      }
-		    else if (val < 65536)
-		      {
-			new->len = 2;
-			new->val = safe_malloc(2);
-			*(new->val) = val>>8;
-			*(new->val+1) = val;
+			struct in_addr in;
+			unsigned char *op;
+			new->len = INADDRSZ * addrs;
+			new->val = op = safe_malloc(new->len);
+			new->is_addr = 1;
+			while (addrs--) 
+			  {
+			    cp = comma;
+			    if ((comma = strchr(cp, ',')))
+			      *comma++ = 0;
+			    in.s_addr = inet_addr(cp);
+			    memcpy(op, &in, INADDRSZ);
+			    op += INADDRSZ;
+			  }
 		      }
 		    else
 		      {
-			new->len = 4;
-			new->val = safe_malloc(4);
-			*(new->val) = val>>24;
-			*(new->val+1) = val>>16;
-			*(new->val+2) = val>>8;
-			*(new->val+3) = val;
+			/* text arg */
+			new->len = strlen(comma);
+			new->val = safe_malloc(new->len);
+			memcpy(new->val, comma, new->len);
 		      }
 		  }
-		else if (is_addr)	
+
+		if (new->len > 256)
 		  {
-		    struct in_addr in;
-		    unsigned char *op;
-		    new->len = INADDRSZ * addrs;
-		    new->val = op = safe_malloc(new->len);
-		    new->is_addr = 1;
-		    while (addrs--) 
-		      {
-			cp = comma;
-			if ((comma = strchr(cp+1, ',')))
-			  *comma = 0;
-			in.s_addr = inet_addr(cp+1);
-			memcpy(op, &in, INADDRSZ);
-			op += INADDRSZ;
-		      }
+		    option = '?';
+		    problem = "dhcp-option too long";
+		  }
+
+		if (option == '?')
+		  {
+		    if (new->netid)
+		      free(new->netid);
+		    if (new->val)
+		      free(new->val);
+		    free(new);
 		  }
 		else
-		  {
-		    /* text arg */
-		    new->len = strlen(comma+1);
-		    new->val = safe_malloc(new->len);
-		    memcpy(new->val, comma+1, new->len);
-		  }
+		  daemon->dhcp_opts = new;
+
 		break;
 	      }

@@ -1103,14 +1228,14 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		
 		if ((comma = strchr(optarg, ',')))
 		  *comma = 0;
-		*dhcp_file = safe_string_alloc(optarg);
+		daemon->dhcp_file = safe_string_alloc(optarg);
 		if (comma)
 		  {
 		    optarg = comma+1;
 		    if ((comma = strchr(optarg, ',')))
 		      *comma = 0;
-		    *dhcp_sname = safe_string_alloc(optarg);
-		    if (comma && (dhcp_next_server->s_addr = inet_addr(comma+1)) == (in_addr_t)-1)
+		    daemon->dhcp_sname = safe_string_alloc(optarg);
+		    if (comma && (daemon->dhcp_next_server.s_addr = inet_addr(comma+1)) == (in_addr_t)-1)
 		      option = '?';
 		  }
 		break;
@@ -1132,8 +1257,8 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		    new->data = safe_malloc(new->len);
 		    memcpy(new->data, comma+1, new->len);
 		    new->is_vendor = (option == 'U');
-		    new->next = *dhcp_vendors;
-		    *dhcp_vendors = new;
+		    new->next = daemon->dhcp_vendors;
+		    daemon->dhcp_vendors = new;
 		  }
 		break;
 	      }
@@ -1170,8 +1295,8 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 		new->in = in;
 		new->out = out;
 		new->mask = mask;
-		new->next = *doctors;
-		*doctors = new;
+		new->next = daemon->doctors;
+		daemon->doctors = new;
 		
 		break;
 	      }
@@ -1182,75 +1307,76 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 	{
 	  if (f)
 	    {
-	      sprintf(buff, "error at line %d of %s ", lineno, conffile);
+	      sprintf(buff, "%s at line %d of %s ", 
+		      problem ? problem : "error", lineno, conffile);
 	      complain(buff, NULL);
 	    }
 	  else
-	    die("bad command line options: try --help.", NULL);
+	    die("bad command line options: %s.", problem ? problem : "try --help");
 	}
    }
      
  /* port might no be known when the address is parsed - fill in here */
-  if (*serv_addrs)
+  if (daemon->servers)
    {
      struct server *tmp;
-      for (tmp = *serv_addrs; tmp; tmp = tmp->next)
+      for (tmp = daemon->servers; tmp; tmp = tmp->next)
 	if (!(tmp->flags & SERV_HAS_SOURCE))
 	  {
 	    if (tmp->source_addr.sa.sa_family == AF_INET)
-	      tmp->source_addr.in.sin_port = htons(*query_port);
+	      tmp->source_addr.in.sin_port = htons(daemon->query_port);
 #ifdef HAVE_IPV6
 	    else if (tmp->source_addr.sa.sa_family == AF_INET6)
-	      tmp->source_addr.in6.sin6_port = htons(*query_port);
+	      tmp->source_addr.in6.sin6_port = htons(daemon->query_port);
 #endif  
 	  }
    }
  
-  if (*if_addrs)
+  if (daemon->if_addrs)
    {  
      struct iname *tmp;
-      for(tmp = *if_addrs; tmp; tmp = tmp->next)
+      for(tmp = daemon->if_addrs; tmp; tmp = tmp->next)
 	if (tmp->addr.sa.sa_family == AF_INET)
-	  tmp->addr.in.sin_port = htons(*port);
+	  tmp->addr.in.sin_port = htons(daemon->port);
 #ifdef HAVE_IPV6
 	else if (tmp->addr.sa.sa_family == AF_INET6)
-	  tmp->addr.in6.sin6_port = htons(*port);
+	  tmp->addr.in6.sin6_port = htons(daemon->port);
 #endif /* IPv6 */
    }
 		      
  /* only one of these need be specified: the other defaults to the
     host-name */
-  if ((flags & OPT_LOCALMX) || *mxnames || *mxtarget)
+  if ((daemon->options & OPT_LOCALMX) || daemon->mxnames || daemon->mxtarget)
    {
      if (gethostname(buff, MAXDNAME) == -1)
 	die("cannot get host-name: %s", NULL);
 	      
-      if (!*mxnames)
+      if (!daemon->mxnames)
 	{
-	  *mxnames = safe_malloc(sizeof(struct mx_record));
-	  (*mxnames)->next = NULL;
-	  (*mxnames)->mxtarget = NULL;
-	  (*mxnames)->mxname = safe_string_alloc(buff);
-	}
+	  daemon->mxnames = safe_malloc(sizeof(struct mx_record));
+	  daemon->mxnames->next = NULL;
+	  daemon->mxnames->mxtarget = NULL;
+	  daemon->mxnames->mxname = safe_string_alloc(buff);
+}
      
-      if (!*mxtarget)
-	*mxtarget = safe_string_alloc(buff);
+      if (!daemon->mxtarget)
+	daemon->mxtarget = safe_string_alloc(buff);
    }
  
-  if (flags & OPT_NO_RESOLV)
-    *resolv_files = 0;
-  else if (*resolv_files && (*resolv_files)->next && (flags & OPT_NO_POLL))
+  if (daemon->options & OPT_NO_RESOLV)
+    daemon->resolv_files = 0;
+  else if (daemon->resolv_files && (daemon->resolv_files)->next && (daemon->options & OPT_NO_POLL))
    die("only one resolv.conf file allowed in no-poll mode.", NULL);
  
-  if (flags & OPT_RESOLV_DOMAIN)
+  if (daemon->options & OPT_RESOLV_DOMAIN)
    {
      char *line;
      
-      if (!*resolv_files || (*resolv_files)->next)
+      if (!daemon->resolv_files || (daemon->resolv_files)->next)
 	die("must have exactly one resolv.conf to read domain from.", NULL);
      
-      if (!(f = fopen((*resolv_files)->name, "r")))
-	die("failed to read %s: %m", (*resolv_files)->name);
+      if (!(f = fopen((daemon->resolv_files)->name, "r")))
+	die("failed to read %s: %m", (daemon->resolv_files)->name);
      
      while ((line = fgets(buff, MAXDNAME, f)))
 	{
@@ -1261,17 +1387,17 @@ unsigned int read_opts (int argc, char **argv, char *buff, struct resolvc **reso
 	  
 	  if ((token = strtok(NULL, " \t\n\r")) &&  
 	      canonicalise(token) &&
-	      (*domain_suffix = safe_string_alloc(token)))
+	      (daemon->domain_suffix = safe_string_alloc(token)))
 	    break;
 	}
-      
+
      fclose(f);

-      if (!*domain_suffix)
-	die("no search directive found in %s", (*resolv_files)->name);
+      if (!daemon->domain_suffix)
+	die("no search directive found in %s", (daemon->resolv_files)->name);
    }
      
-  return flags;
+  return daemon;
 }
      
      
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -306,18 +306,11 @@ static unsigned char *skip_questions(HEADER *header, unsigned int plen)
  return ansp;
 }

-unsigned char *find_pseudoheader(HEADER *header, unsigned int plen)
+static unsigned char *skip_section(unsigned char *ansp, int count, HEADER *header, unsigned int plen)
 {
-  /* See if packet has an RFC2671 pseudoheader, and if so return a pointer to it. */
+  int i, rdlen;
  
-  int i, arcount = ntohs(header->arcount);
-  unsigned char *ansp;
-  unsigned short rdlen, type;
-
-  if (arcount == 0 || !(ansp = skip_questions(header, plen)))
-    return NULL;
-  
-  for (i = 0; i < (ntohs(header->ancount) + ntohs(header->nscount)); i++)
+  for (i = 0; i < count; i++)
    {
      if (!(ansp = skip_name(ansp, header, plen)))
 	return NULL; 
@@ -328,9 +321,69 @@ unsigned char *find_pseudoheader(HEADER *header, unsigned int plen)
      ansp += rdlen;
    }

+  return ansp;
+}
+
+/* CRC all the bytes of the question section. This is used to
+   safely detect query retransmision. */
+unsigned int questions_crc(HEADER *header, unsigned int plen)
+{
+  unsigned char *start, *end = skip_questions(header, plen);
+  unsigned int crc = 0xffffffff;
+
+  if (end)
+    for (start = (unsigned char *)(header+1); start < end; start++)
+      {
+	int i = 8;
+	crc ^= *start << 24;
+	while (i--)
+	  crc = crc & 0x80000000 ? (crc << 1) ^ 0x04c11db7 : crc << 1;
+      }
+  return crc;
+}
+
+
+int resize_packet(HEADER *header, unsigned int plen, unsigned char *pheader, unsigned int hlen)
+{
+  unsigned char *ansp = skip_questions(header, plen);
+    
+  if (!ansp)
+    return 0;
+  
+  if (!(ansp = skip_section(ansp, ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount),
+			    header, plen)))
+    return 0;
+    
+  /* restore pseudoheader */
+  if (pheader && ntohs(header->arcount) == 0)
+    {
+      /* must use memmove, may overlap */
+      memmove(ansp, pheader, hlen);
+      header->arcount = htons(1);
+      ansp += hlen;
+    }
+
+  return ansp - (unsigned char *)header;
+}
+
+unsigned char *find_pseudoheader(HEADER *header, unsigned int plen, unsigned int *len, unsigned char **p)
+{
+  /* See if packet has an RFC2671 pseudoheader, and if so return a pointer to it. 
+     also return length of pseudoheader in *len and pointer to the UDP size in *p */
+  
+  int i, arcount = ntohs(header->arcount);
+  unsigned char *ansp;
+  unsigned short rdlen, type;
+
+  if (arcount == 0 || !(ansp = skip_questions(header, plen)))
+    return NULL;
+  
+  if (!(ansp = skip_section(ansp, ntohs(header->ancount) + ntohs(header->nscount), header, plen)))
+    return NULL; 
+    
  for (i = 0; i < arcount; i++)
    {
-      unsigned char *save;
+      unsigned char *save, *start = ansp;
      if (!(ansp = skip_name(ansp, header, plen)))
 	return NULL; 

@@ -340,9 +393,15 @@ unsigned char *find_pseudoheader(HEADER *header, unsigned int plen)
      GETSHORT(rdlen, ansp);
      if ((unsigned int)(ansp + rdlen - (unsigned char *)header) > plen) 
 	return NULL;
-      if (type == ns_t_opt)
-	return save;
-      ansp += rdlen;
+       ansp += rdlen;
+       if (type == T_OPT)
+	{
+	  if (len)
+	    *len = ansp - start;
+	  if (p)
+	    *p = save;
+	  return start;
+	}
    }
  
  return NULL;
@@ -361,9 +420,9 @@ static int private_net(struct all_addr *addrp)
    return 0;
 }
 
-static unsigned char *add_text_record(unsigned int nameoffset, unsigned char *p, 
+static unsigned char *add_text_record(HEADER *header, unsigned int nameoffset, unsigned char *p, 
 				      unsigned long ttl, unsigned short pref, 
-				      unsigned short type, char *name)
+				      unsigned short type, char *name, int *offset)
 {
  unsigned char *sav, *cp;
  int j;
@@ -392,105 +451,12 @@ static unsigned char *add_text_record(unsigned int nameoffset, unsigned char *p,
  j = p - sav - 2;
  PUTSHORT(j, sav); /* Real RDLENGTH */
  
+  if (offset)
+    *offset = sav - (unsigned char *)header;
+
  return p;
 }

-/* On receiving an NXDOMAIN or NODATA reply, determine which names are known
-   not to exist for negative caching. name if a working buffer passed in. */
-void extract_neg_addrs(HEADER *header, unsigned int qlen, char *name, time_t now) 
-{
-  unsigned char *p;
-  int i, found_soa = 0;
-  int qtype, qclass, rdlen;
-  unsigned long ttl, minttl = 0;
-  unsigned short flags = F_NEG;
-
-  if (header->rcode == NXDOMAIN)
-    flags |= F_NXDOMAIN;
-  
-  /* there may be more than one question with some questions
-     answered. We don't generate negative entries from those. */
-  if (ntohs(header->ancount) != 0)
-    return;
-  
-  if (!(p = skip_questions(header, qlen)))
-    return; /* bad packet */
-  
-  /* we first need to find SOA records, to get min TTL, then we
-     add a NEG cache entry for each question. */
-
-  for (i=0; i<ntohs(header->nscount); i++)
-    {
-      if (!extract_name(header, qlen, &p, name, 1))
-	return; /* bad packet */
-
-      GETSHORT(qtype, p); 
-      GETSHORT(qclass, p);
-      GETLONG(ttl, p);
-      GETSHORT(rdlen, p);
-       
-      if ((qclass == C_IN) && (qtype == T_SOA))
-	{
-	  int dummy;
-	  /* MNAME */
-	  if (!extract_name(header, qlen, &p, name, 1))
-	    return;
-	  /* RNAME */
-	  if (!extract_name(header, qlen, &p, name, 1))
-	    return;
-	  GETLONG(dummy, p); /* SERIAL */
-	  GETLONG(dummy, p); /* REFRESH */
-	  GETLONG(dummy, p); /* RETRY */
-	  GETLONG(dummy, p); /* EXPIRE */
-	  if (!found_soa)
-	    {
-	      found_soa = 1;
-	      minttl = ttl;
-	    }
-	  else if (ttl < minttl)
-	    minttl = ttl;
-	  GETLONG(ttl, p); /* minTTL */
-	  if (ttl < minttl)
-	    minttl = ttl;
-	}
-      else
-	p += rdlen;
-
-      if ((unsigned int)(p - (unsigned char *)header) > qlen)
-	return; /* bad packet */
-    }
-  
-  if (!found_soa)
-    return; /* failed to find SOA */
-
-  cache_start_insert();
-  
-  p = (unsigned char *)(header+1);
-  
-  for (i=0; i<ntohs(header->qdcount); i++)
-    {
-      struct all_addr addr;
-      int is_arpa;
-
-      if (!extract_name(header, qlen, &p, name, 1))
-	return; /* bad packet */
-      
-      GETSHORT(qtype, p); 
-      GETSHORT(qclass, p);
-      
-      if (qclass == C_IN && qtype == T_PTR && (is_arpa = in_arpa_name_2_addr(name, &addr)))
-	cache_insert(name, &addr, now, minttl , is_arpa | F_REVERSE | flags);
-      else if (qclass == C_IN && qtype == T_A) 
-	cache_insert(name, NULL, now, minttl, F_IPV4 | F_FORWARD | flags);
-#ifdef HAVE_IPV6	      
-      else if (qclass == C_IN && qtype == T_AAAA) 
-	cache_insert(name, NULL, now, minttl, F_IPV6 | F_FORWARD | flags);
-#endif
-    }
-  
-  cache_end_insert();
-}
-
 static void dns_doctor(HEADER *header, struct doctor *doctor, struct in_addr *addr)
 {
  for (; doctor; doctor = doctor->next)
@@ -501,160 +467,263 @@ static void dns_doctor(HEADER *header, struct doctor *doctor, struct in_addr *ad
 	/* Since we munged the data, the server it came from is no longer authoritative */
 	header->nscount = htons(0);
 	header->arcount = htons(0);
+	header->aa = 0;
 	break;
      }
 }

-void extract_addresses(HEADER *header, unsigned int qlen, char *name, 
-		       time_t now, struct doctor *doctors)
+static int find_soa(HEADER *header, unsigned int qlen)
 {
-  unsigned char *p, *psave, *endrr;
+  unsigned char *p;
  int qtype, qclass, rdlen;
-  unsigned long ttl;
-  int i;
+  unsigned long ttl, minttl = ULONG_MAX;
+  int i, found_soa = 0;
  
-  /* skip over questions */
-  if (!(p = skip_questions(header, qlen)))
-    return; /* bad packet */
+  /* first move to NS section and find TTL from any SOA section */
+  if (!(p = skip_questions(header, qlen)) ||
+      !(p = skip_section(p, ntohs(header->ancount), header, qlen)))
+    return 0; /* bad packet */
  
-  cache_start_insert();
-  
-  psave = p;
-  
-  for (i=0; i<ntohs(header->ancount); i++)
+  for (i=0; i<ntohs(header->nscount); i++)
    {
-      unsigned char *origname = p;
-      if (!extract_name(header, qlen, &p, name, 1))
-	return; /* bad packet */
-
+      if (!(p = skip_name(p, header, qlen)))
+	return 0; /* bad packet */
+      
      GETSHORT(qtype, p); 
      GETSHORT(qclass, p);
      GETLONG(ttl, p);
      GETSHORT(rdlen, p);
-	
-      endrr = p + rdlen;
-      if ((unsigned int)(endrr - (unsigned char *)header) > qlen)
+      
+      if ((qclass == C_IN) && (qtype == T_SOA))
+	{
+	  found_soa = 1;
+	  if (ttl < minttl)
+	    minttl = ttl;
+
+	  /* MNAME */
+	  if (!(p = skip_name(p, header, qlen)))
+	    return 0;
+	  /* RNAME */
+	  if (!(p = skip_name(p, header, qlen)))
+	    return 0;
+	  p += 16; /* SERIAL REFRESH RETRY EXPIRE */
+	  
+	  GETLONG(ttl, p); /* minTTL */
+	  if (ttl < minttl)
+	    minttl = ttl;
+	}
+      else
+	p += rdlen;
+      
+      if ((unsigned int)(p - (unsigned char *)header) > qlen)
+	return 0; /* bad packet */
+    }
+ 
+  return found_soa ? minttl : 0;
+}
+
+/* Note that the following code can create CNAME chains that don't point to a real record,
+   either because of lack of memory, or lack of SOA records.  These are treated by the cache code as 
+   expired and cleaned out that way. */
+void extract_addresses(HEADER *header, unsigned int qlen, char *name, time_t now, struct daemon *daemon)
+{
+  unsigned char *p, *p1, *endrr;
+  int i, j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0;
+   
+  cache_start_insert();
+  
+  /* go through the questions. */
+  p = (unsigned char *)(header+1);
+  
+  for (i = 0; i<ntohs(header->qdcount); i++)
+    {
+      int found = 0, cname_count = 5;
+      struct crec *cpp = NULL;
+      int flags = header->rcode == NXDOMAIN ? F_NXDOMAIN : 0;
+      unsigned long cttl = ULONG_MAX, attl, ttl = 0;
+      
+      if (!extract_name(header, qlen, &p, name, 1))
 	return; /* bad packet */
+           
+      GETSHORT(qtype, p); 
+      GETSHORT(qclass, p);
      
      if (qclass != C_IN)
-	{
-	  p = endrr;
-	  continue;
-	}
+	continue;

-      if (qtype == T_A) /* A record. */
-	{
-	  dns_doctor(header, doctors, (struct in_addr *)p);
-	  cache_insert(name, (struct all_addr *)p, now, 
-		       ttl, F_IPV4 | F_FORWARD);
-	}
-#ifdef HAVE_IPV6
-      else if (qtype == T_AAAA) /* IPV6 address record. */
-	cache_insert(name, (struct all_addr *)p, now,
-		     ttl, F_IPV6 | F_FORWARD);
-#endif
-      else if (qtype == T_PTR)
-	{
-	  /* PTR record */
+      /* PTRs: we chase CNAMEs here, since we have no way to 
+	 represent them in the cache. */
+      if (qtype == T_PTR)
+	{ 
 	  struct all_addr addr;
 	  int name_encoding = in_arpa_name_2_addr(name, &addr);
-	  if (name_encoding)
+	  
+	  if (!name_encoding)
+	    continue;
+
+	  if (!(flags & F_NXDOMAIN))
 	    {
-	      if (!extract_name(header, qlen, &p, name, 1))
-		return; /* bad packet */
-	      cache_insert(name, &addr, now, 
-			   ttl, name_encoding | F_REVERSE); 
+	    cname_loop:
+	      if (!(p1 = skip_questions(header, qlen)))
+		return;
+	      
+	      for (j = 0; j<ntohs(header->ancount); j++) 
+		{
+		  if (!(res = extract_name(header, qlen, &p1, name, 0)))
+		    return; /* bad packet */
+		  
+		  GETSHORT(aqtype, p1); 
+		  GETSHORT(aqclass, p1);
+		  GETLONG(attl, p1);
+		  GETSHORT(ardlen, p1);
+		  endrr = p1+ardlen;
+		  
+		  /* TTL of record is minimum of CNAMES and PTR */
+		  if (attl < cttl)
+		    cttl = attl;
+
+		  if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == T_PTR))
+		    {
+		      if (!extract_name(header, qlen, &p1, name, 1))
+			return;
+		      
+		      if (aqtype == T_CNAME)
+			{
+			  if (!cname_count--)
+			    return; /* looped CNAMES */
+			  goto cname_loop;
+			}
+		      
+		      cache_insert(name, &addr, now, cttl, name_encoding | F_REVERSE);
+		      found = 1; 
+		    }
+		  
+		  p1 = endrr;
+		  if ((unsigned int)(p1 - (unsigned char *)header) > qlen)
+		    return; /* bad packet */
+		}
+	    }
+	  
+	   if (!found && !(daemon->options & OPT_NO_NEG))
+	    {
+	      if (!searched_soa)
+		{
+		  searched_soa = 1;
+		  ttl = find_soa(header, qlen);
+		}
+	      if (ttl)
+		cache_insert(name, &addr, now, ttl, name_encoding | F_REVERSE | F_NEG | flags);	
 	    }
 	}
-      else if (qtype == T_CNAME)
+      else
 	{
-	  /* CNAME, search whole answer section again */
-	  unsigned char *endrr1;
-	  unsigned long cttl;
-	  int j;
-	  unsigned char *targp = p;
-	  	  
-	  p = psave; /* rewind p */
-	  for (j=0; j<ntohs(header->ancount); j++)
-	    {
-	      int res;
-	      unsigned char *tmp = targp; 
-	      /* copy since it gets altered by extract_name */
-	      /* get CNAME target each time round */
-	      if (!extract_name(header, qlen, &tmp, name, 1))
-		return; /* bad packet */
-	      /* compare this name with target of CNAME in name buffer */
-	      if (!(res = extract_name(header, qlen, &p, name, 0)))
-		return; /* bad packet */
-	      
-	      GETSHORT(qtype, p); 
-	      GETSHORT(qclass, p);
-	      GETLONG(cttl, p);
-	      GETSHORT(rdlen, p);
-	      
-	      endrr1 = p+rdlen;
-	      if ((unsigned int)(endrr1 - (unsigned char *)header) > qlen)
-		return; /* bad packet */
-
-	      /* is this RR name same as target of CNAME */
-	      if ((qclass != C_IN) || (res == 2))
-		{
-		  p = endrr1;
-		  continue;
-		}
-
-	      /* match, use name of CNAME, data from this RR
-		 use min TTL of two */
-
-	      if (ttl < cttl)
-		cttl = ttl;
-
-	      /* get orig. name back again */
-	      tmp = origname;
-	      if (!extract_name(header, qlen, &tmp, name, 1))
-		return;
-
-	      if (qtype == T_A) /* A record. */
-		{
-		  dns_doctor(header, doctors, (struct in_addr *)p);
-		  cache_insert(name, (struct all_addr *)p, now, 
-			       cttl, F_IPV4 | F_FORWARD);
-		}
+	  /* everything other than PTR */
+	  struct crec *newc;
+	  
+	  if (qtype == T_A)
+	    flags |= F_IPV4;
 #ifdef HAVE_IPV6
-	      else if (qtype == T_AAAA) /* IPV6 address record. */
-		cache_insert(name, (struct all_addr *)p, now, 
-			     cttl, F_IPV6 | F_FORWARD);
+	  else if (qtype == T_AAAA)
+	    flags |= F_IPV6;
 #endif
-	      else if (qtype == T_PTR)
+	  else 
+	    continue;
+	    
+	  if (!(flags & F_NXDOMAIN))
+	    {
+	    cname_loop1:
+	      if (!(p1 = skip_questions(header, qlen)))
+		return;
+	      
+	      for (j = 0; j<ntohs(header->ancount); j++) 
 		{
-		  /* PTR record extract address from CNAME name */
-		  struct all_addr addr;
-		  int name_encoding = in_arpa_name_2_addr(name, &addr);
-		  if (name_encoding)
+		  if (!(res = extract_name(header, qlen, &p1, name, 0)))
+		    return; /* bad packet */
+		  
+		  GETSHORT(aqtype, p1); 
+		  GETSHORT(aqclass, p1);
+		  GETLONG(attl, p1);
+		  GETSHORT(ardlen, p1);
+		  endrr = p1+ardlen;
+		  
+		  if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == qtype))
 		    {
-		      if (!extract_name(header, qlen, &p, name, 1))
-			return; /* bad packet */
-		      cache_insert(name, &addr, now, cttl, 
-				   name_encoding | F_REVERSE);
-		    } 
-		}
-	      p = endrr1;
-	    }
-	} 
-      p = endrr;
-    }
+		      if (aqtype == T_CNAME)
+			{
+			  if (!cname_count--)
+			    return; /* looped CNAMES */
+			  newc = cache_insert(name, NULL, now, attl, F_CNAME | F_FORWARD);
+			  if (cpp)
+			    {
+			      cpp->addr.cname.cache = newc;
+			      cpp->addr.cname.uid = newc->uid;
+			    }

+			  cpp = newc;
+			  if (attl < cttl)
+			    cttl = attl;
+			  
+			  if (!extract_name(header, qlen, &p1, name, 1))
+			    return;
+			  goto cname_loop1;
+			}
+		      else
+			{
+			  found = 1;
+			  if (aqtype == T_A)
+			    dns_doctor(header, daemon->doctors, (struct in_addr *)p1);
+			  newc = cache_insert(name, (struct all_addr *)p1, now, attl, flags | F_FORWARD);
+			  if (cpp)
+			    {
+			      cpp->addr.cname.cache = newc;
+			      cpp->addr.cname.uid = newc->uid;
+			    }
+			  cpp = NULL;
+			}
+		    }
+		  
+		  p1 = endrr;
+		  if ((unsigned int)(p1 - (unsigned char *)header) > qlen)
+		    return; /* bad packet */
+		}
+	    }
+	  
+	  if (!found && !(daemon->options & OPT_NO_NEG))
+	    {
+	      if (!searched_soa)
+		{
+		  searched_soa = 1;
+		  ttl = find_soa(header, qlen);
+		}
+	      /* If there's no SOA to get the TTL from, but there is a CNAME 
+		 pointing at this, inherit it's TTL */
+	      if (ttl || cpp)
+		{
+		  newc = cache_insert(name, (struct all_addr *)p, now, ttl ? ttl : cttl, F_FORWARD | F_NEG | flags);	
+		  if (cpp)
+		    {
+		      cpp->addr.cname.cache = newc;
+		      cpp->addr.cname.uid = newc->uid;
+		    }
+		}
+	    }
+	}
+    }
+  
  cache_end_insert();
 }

 /* If the packet holds exactly one query
   return 1 and leave the name from the query in name. */

-unsigned short extract_request(HEADER *header,unsigned int qlen, char *name)
+unsigned short extract_request(HEADER *header,unsigned int qlen, char *name, unsigned short *typep)
 {
  unsigned char *p = (unsigned char *)(header+1);
  int qtype, qclass;

+  if (typep)
+    *typep = 0;
+
  if (ntohs(header->qdcount) != 1 || header->opcode != QUERY)
    return 0; /* must be exactly one query. */
  
@@ -666,6 +735,9 @@ unsigned short extract_request(HEADER *header,unsigned int qlen, char *name)

  if (qclass == C_IN)
    {
+      if (typep)
+	*typep = qtype;
+
      if (qtype == T_A)
 	return F_IPV4;
      if (qtype == T_AAAA)
@@ -729,7 +801,22 @@ int setup_reply(HEADER *header, unsigned int qlen,
 
  return p - (unsigned char *)header;
 }
-	
+
+/* check if name matches local names ie from /etc/hosts or DHCP or local mx names. */
+int check_for_local_domain(char *name, time_t now, struct mx_record *mx)
+{
+  struct crec *crecp;
+  
+  if ((crecp = cache_find_by_name(NULL, name, now, F_IPV4|F_IPV6)) &&
+      (crecp->flags & (F_HOSTS | F_DHCP)))
+    return 1;
+  
+  for (; mx; mx = mx->next)
+    if (hostname_isequal(name, mx->mxname))
+      return 1;
+  
+  return 0;
+}

 /* Is the packet a reply with the answer address equal to addr?
   If so mung is into an NXDOMAIN reply and also put that information
@@ -760,14 +847,8 @@ int check_for_bogus_wildcard(HEADER *header, unsigned int qlen, char *name,
 	for (baddrp = baddr; baddrp; baddrp = baddrp->next)
 	  if (memcmp(&baddrp->addr, p, INADDRSZ) == 0)
 	    {
-	      /* Found a bogus address. Mangle the packet into an NXDOMAIN reply */
-	      header->aa = 0;
-	      header->ra = 1; /* recursion if available */
-	      header->nscount = htons(0);
-	      header->arcount = htons(0);
-	      header->ancount = htons(0);
-	      header->rcode = NXDOMAIN;
-	      
+	      /* Found a bogus address. Insert that info here, since there no SOA record
+		 to get the ttl from in the normal processing */
 	      cache_start_insert();
 	      cache_insert(name, NULL, now, ttl, F_IPV4 | F_FORWARD | F_NEG | F_NXDOMAIN | F_CONFIG);
 	      cache_end_insert();
@@ -782,10 +863,9 @@ int check_for_bogus_wildcard(HEADER *header, unsigned int qlen, char *name,
 }

 /* return zero if we can't answer from cache, or packet size if we can */
-int answer_request(HEADER *header, char *limit, unsigned int qlen, struct mx_record *mxnames, 
-		   char *mxtarget, unsigned int options, time_t now, 
-		   unsigned long local_ttl, char *name, unsigned short edns_pcktsz)
+int answer_request(HEADER *header, char *limit, unsigned int qlen, struct daemon *daemon, time_t now) 
 {
+  char *name = daemon->namebuff;
  unsigned char *p, *ansp, *pheader;
  int qtype, qclass, is_arpa;
  struct all_addr addr;
@@ -806,7 +886,7 @@ int answer_request(HEADER *header, char *limit, unsigned int qlen, struct mx_rec
     forward rather than answering from the cache, which doesn't include
     security information. */

-  if ((pheader = find_pseudoheader(header, qlen)))
+  if (find_pseudoheader(header, qlen, NULL, &pheader))
    { 
      unsigned short udpsz, ext_rcode, flags;
      unsigned char *psave = pheader;
@@ -821,8 +901,8 @@ int answer_request(HEADER *header, char *limit, unsigned int qlen, struct mx_rec
 	 than we allow, trim it so that we don't get an overlarge
 	 response from upstream */

-      if (udpsz > edns_pcktsz)
-	PUTSHORT(edns_pcktsz, psave); 
+      if (udpsz > daemon->edns_pktsz)
+	PUTSHORT(daemon->edns_pktsz, psave); 

      dryrun = 1;
    }
@@ -883,22 +963,25 @@ int answer_request(HEADER *header, char *limit, unsigned int qlen, struct mx_rec
 	  }
      else if (qclass == C_IN)
 	{
-	  if ((options & OPT_FILTER) && 
+	  if ((daemon->options & OPT_FILTER) && 
 	      (qtype == T_SOA || qtype == T_SRV || (qtype == T_ANY && strchr(name, '_'))))
-	    ans = 1;
+	    {
+	      ans = 1;
+	      log_query(F_CONFIG | F_NEG, name, &addr, 0, NULL, 0);
+	    }
 	  else 
 	    {
 	      if (qtype == T_PTR || qtype == T_ANY)
 		{
 		  if (!(crecp = cache_find_by_addr(NULL, &addr, now, is_arpa)))
 		    { 
-		      if (is_arpa == F_IPV4 && (options & OPT_BOGUSPRIV) && private_net(&addr))
+		      if (is_arpa == F_IPV4 && (daemon->options & OPT_BOGUSPRIV) && private_net(&addr))
 			{
 			  /* if not in cache, enabled and private IPV4 address, return NXDOMAIN */
 			  ans = 1;
 			  if (!dryrun)
 			    {
-			      log_query(F_CONFIG | F_REVERSE | F_IPV4 | F_NEG | F_NXDOMAIN, name, &addr);
+			      log_query(F_CONFIG | F_REVERSE | F_IPV4 | F_NEG | F_NXDOMAIN, name, &addr, 0, NULL, 0);
 			      nxdomain = 1;
 			    }
 			}
@@ -914,7 +997,7 @@ int answer_request(HEADER *header, char *limit, unsigned int qlen, struct mx_rec
 			  ans = 1;
 			  if (!dryrun)
 			    {
-			      log_query(crecp->flags & ~F_FORWARD, name, &addr);
+			      log_query(crecp->flags & ~F_FORWARD, name, &addr, 0, NULL, 0);
 			      auth = 0;
 			      if (crecp->flags & F_NXDOMAIN)
 				nxdomain = 1;
@@ -929,17 +1012,18 @@ int answer_request(HEADER *header, char *limit, unsigned int qlen, struct mx_rec
 			      /* Return 0 ttl for DHCP entries, which might change
 				 before the lease expires. */
 			      if  (crecp->flags & (F_IMMORTAL | F_DHCP))
-				ttl = local_ttl;
+				ttl = daemon->local_ttl;
 			      else
 				ttl = crecp->ttd - now;
 			      
 			      if (!(crecp->flags & (F_HOSTS | F_DHCP)))
 				auth = 0;
 			      
-			      ansp = add_text_record(nameoffset, ansp, ttl, 0, T_PTR, 
-						     cache_get_name(crecp));
+			      ansp = add_text_record(header, nameoffset, ansp, ttl, 0, T_PTR, 
+						     cache_get_name(crecp), NULL);
 			      
-			      log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr);
+			      log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr,
+					0, daemon->addn_hosts, crecp->uid);
 			      anscount++;
 			      
 			      /* if last answer exceeded packet size, give up */
@@ -965,23 +1049,43 @@ int answer_request(HEADER *header, char *limit, unsigned int qlen, struct mx_rec
 #endif
 		    }
 		  
-		  if (qtype != type && qtype != T_ANY)
+		  if (qtype != type && qtype != T_ANY && qtype != T_CNAME)
 		    continue;
-		  
+
+		cname_restart:
 		  crecp = NULL;
-		  while ((crecp = cache_find_by_name(crecp, name, now, flag)))
+		  while ((crecp = cache_find_by_name(crecp, name, now, flag | F_CNAME)))
 		    { 
+		      if (crecp->flags & F_CNAME)
+			{
+			  if (qtype == T_CNAME)
+			    ans = 1;
+			  
+			  if (!dryrun)
+			    {
+			      ansp = add_text_record(header, nameoffset, ansp, crecp->ttd - now, 0, T_CNAME, 
+						     cache_get_name(crecp->addr.cname.cache), &nameoffset);
+			      anscount++;
+			      log_query(crecp->flags, name, NULL, 0, daemon->addn_hosts, crecp->uid);
+			    }
+			  strcpy(name, cache_get_name(crecp->addr.cname.cache));
+			  goto cname_restart;
+			}
+		      
+		      if (qtype == T_CNAME)
+			break;
+
 		      /* don't answer wildcard queries with data not from /etc/hosts
 			 or DHCP leases */
 		      if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP)))
 			continue;
-		      
+
 		      if (crecp->flags & F_NEG)
 			{
 			  ans = 1;
 			  if (!dryrun)
 			    {
-			      log_query(crecp->flags, name, NULL);
+			      log_query(crecp->flags, name, NULL, 0, NULL, 0);
 			      auth = 0;
 			      if (crecp->flags & F_NXDOMAIN)
 				nxdomain = 1;
@@ -995,13 +1099,14 @@ int answer_request(HEADER *header, char *limit, unsigned int qlen, struct mx_rec
 			      unsigned long ttl;
 			      
 			      if  (crecp->flags & (F_IMMORTAL | F_DHCP))
-				ttl = local_ttl;
+				ttl = daemon->local_ttl;
 			      else
 				ttl = crecp->ttd - now;
 			      
 			      if (!(crecp->flags & (F_HOSTS | F_DHCP)))
 				auth = 0;
-			      log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr);
+			      log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr.addr,
+					0, daemon->addn_hosts, crecp->uid);
 			      
 			      /* copy question as first part of answer (use compression) */
 			      PUTSHORT(nameoffset | 0xc000, ansp); 
@@ -1024,7 +1129,7 @@ int answer_request(HEADER *header, char *limit, unsigned int qlen, struct mx_rec
 	      if (qtype == T_MX || qtype == T_ANY)
 		{
 		  struct mx_record *mx;
-		  for (mx = mxnames; mx; mx = mx->next)
+		  for (mx = daemon->mxnames; mx; mx = mx->next)
 		    if (hostname_isequal(name, mx->mxname))
 		      break;
 		  if (mx)
@@ -1032,19 +1137,19 @@ int answer_request(HEADER *header, char *limit, unsigned int qlen, struct mx_rec
 		      ans = 1;
 		      if (!dryrun)
 			{
-			  ansp = add_text_record(nameoffset, ansp, local_ttl, 1, T_MX, 
-						 mx->mxtarget ? mx->mxtarget : mxtarget);
+			  ansp = add_text_record(header, nameoffset, ansp, daemon->local_ttl, 1, T_MX, 
+						 mx->mxtarget ? mx->mxtarget : daemon->mxtarget, NULL);
 			  anscount++;
 			}
 		    }
-		  else if ((options & (OPT_SELFMX | OPT_LOCALMX)) && 
+		  else if ((daemon->options & (OPT_SELFMX | OPT_LOCALMX)) && 
 			   cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP))
 		    { 
 		      ans = 1;
 		      if (!dryrun)
 			{
-			  ansp = add_text_record(nameoffset, ansp, local_ttl, 1, T_MX,  
-						 (options & OPT_SELFMX) ? name : mxtarget);
+			  ansp = add_text_record(header, nameoffset, ansp, daemon->local_ttl, 1, T_MX,  
+						 (daemon->options & OPT_SELFMX) ? name : daemon->mxtarget, NULL);
 			  anscount++;
 			}
 		    }
--- a/src/rfc2131.c
+++ b/src/rfc2131.c
@@ -42,6 +42,7 @@
 #define OPTION_VENDOR_ID         60
 #define OPTION_CLIENT_ID         61
 #define OPTION_USER_CLASS        77
+#define OPTION_SUBNET_SELECT     118
 #define OPTION_END               255

 #define DHCPDISCOVER             1
@@ -66,53 +67,47 @@ static unsigned char *option_find(struct dhcp_packet *mess, int size, int opt_ty
 static unsigned char *do_req_options(struct dhcp_context *context,
 				     unsigned char *p, unsigned char *end, 
 				     unsigned char *req_options, 
-				     struct dhcp_opt *config_opts,
-				     char *domainname, char *hostname,
-				     struct in_addr router,
+				     struct daemon *daemon,
+				     char *hostname,
 				     struct in_addr iface_addr,
-				     int iface_mtu, struct dhcp_netid *netid);
+				     struct dhcp_netid *netid,
+				     struct in_addr subnet_addr);

 static int have_config(struct dhcp_config *config, unsigned int mask)
 {
  return config && (config->flags & mask);
 }

-int dhcp_reply(struct dhcp_context *context, 
-	       struct in_addr iface_addr,
-	       char *iface_name,
-	       int iface_mtu,
-	       struct udp_dhcp_packet *rawpacket,
-	       unsigned int sz, time_t now, char *namebuff, 
-	       struct dhcp_opt *dhcp_opts, struct dhcp_config *dhcp_configs, 
-	       struct dhcp_vendor *vendors, 
-	       char *domain_suffix, char *dhcp_file, char *dhcp_sname, 
-	       struct in_addr dhcp_next_server, struct in_addr router)
+int dhcp_reply(struct daemon *daemon, struct in_addr iface_addr, char *iface_name, unsigned int sz, time_t now)
 {
+  struct dhcp_context *context, *context_tmp;
  unsigned char *opt, *clid;
-  struct dhcp_lease *lease;
+  struct dhcp_lease *lease, *ltmp;
  struct dhcp_vendor *vendor;
  int clid_len;
-  struct dhcp_packet *mess = &rawpacket->data;
-  unsigned char *p = mess->options;
-  /* default max reply packet length, max be overridden */
-  unsigned char *end = (unsigned char *)(rawpacket + 1);
+  struct dhcp_packet *mess = &daemon->dhcp_packet->data;
+  unsigned char *p = mess->options + sizeof(u32); /* skip cookie */
+  unsigned char *end = (unsigned char *)(daemon->dhcp_packet + 1);
  char *hostname = NULL;
  char *req_options = NULL;
  char *message = NULL;
  unsigned int renewal_time, expires_time, def_time;
  struct dhcp_config *config;
  struct dhcp_netid *netid = NULL;
-  struct in_addr addr;
+  struct in_addr addr, subnet_addr;
  unsigned short fuzz = 0;
+  unsigned int mess_type = 0;

-  if (mess->op != BOOTREQUEST || mess->cookie != htonl(DHCP_COOKIE))
+  subnet_addr.s_addr = 0;
+
+  if (mess->op != BOOTREQUEST)
    return 0;
  
  /* Token ring is supported when we have packet sockets
     to make the HW headers for us. We don't have the code to build
     token ring headers when using BPF. We rely on the fact that
     token ring hwaddrs are the same size as ethernet hwaddrs. */
-
+  
 #ifdef HAVE_BPF
  if (mess->htype != ARPHRD_ETHER)	
 #else
@@ -123,23 +118,106 @@ int dhcp_reply(struct dhcp_context *context,
 	     mess->htype, iface_name);
      return 0;
    }	
-    
+  
  if (mess->hlen != ETHER_ADDR_LEN)
    return 0;
-
-  mess->op = BOOTREPLY;
-
-  if ((opt = option_find(mess, sz, OPTION_MAXMESSAGE)))
+  
+  /* check for DHCP rather than BOOTP */
+  if ((opt = option_find(mess, sz, OPTION_MESSAGE_TYPE)))
    {
-      int maxsize = (int)option_uint(opt, 2);
-      if (maxsize > DNSMASQ_PACKETSZ)
-	maxsize = DNSMASQ_PACKETSZ; 
-      if (maxsize > iface_mtu)
-	maxsize = iface_mtu; 
+      mess_type = option_uint(opt, 1);

-      end = ((unsigned char *)rawpacket) + maxsize;
+      /* only insist on a cookie for DHCP. */
+      if (*((u32 *)&mess->options) != htonl(DHCP_COOKIE))
+	return 0;
+
+      /* Some buggy clients set ciaddr when they shouldn't, so clear that here since
+	 it can affect the context-determination code. */
+      if ((option_find(mess, sz, OPTION_REQUESTED_IP) || mess_type == DHCPDISCOVER))
+	mess->ciaddr.s_addr = 0;
+
+      /* Check for RFC3011 subnet selector */
+      if ((opt = option_find(mess, sz, OPTION_SUBNET_SELECT)))
+	subnet_addr = option_addr(opt);
    }
+  
+  /* Determine network for this packet. If the machine has an address already, and we don't have
+     have a giaddr or explicit subnet selector, use the ciaddr. This is necessary because a 
+     machine which got a lease via a relay won't use the relay to renew. */
+  addr = 
+    subnet_addr.s_addr ? subnet_addr : 
+    (mess->giaddr.s_addr ? mess->giaddr : 
+     (mess->ciaddr.s_addr ? mess->ciaddr : iface_addr));

+  /* More than one context may match, we build a chain of them all on ->current
+     Note that if netmasks, netid or lease times don't match, odd things may happen. */
+    
+  for (context = NULL, context_tmp = daemon->dhcp; context_tmp; context_tmp = context_tmp->next)
+    if (context_tmp->netmask.s_addr  && 
+	is_same_net(addr, context_tmp->start, context_tmp->netmask) &&
+	is_same_net(addr, context_tmp->end, context_tmp->netmask))
+      {
+	context_tmp->current = context;
+	context = context_tmp;
+	
+	/* start to build netid chain */
+	if (context_tmp->netid.net)
+	  {
+	    context_tmp->netid.next = netid;
+	    netid = &context_tmp->netid;
+	  }
+      }
+  
+  if (!context)
+    {
+      syslog(LOG_WARNING, "no address range available for DHCP request %s %s", 
+	     subnet_addr.s_addr ? "with subnet selector" : "via",
+	     subnet_addr.s_addr ? inet_ntoa(subnet_addr) : (mess->giaddr.s_addr ? inet_ntoa(mess->giaddr) : iface_name));
+      return 0;
+    }
+  
+  mess->op = BOOTREPLY;
+    
+  if (mess_type == 0)
+    {
+      /* BOOTP request */
+      config = find_config(daemon->dhcp_conf, context, NULL, 0, mess->chaddr, NULL);
+      if (have_config(config, CONFIG_ADDR) &&
+	  !have_config(config, CONFIG_DISABLE) &&
+	  !lease_find_by_addr(config->addr))
+	{
+	  struct dhcp_netid id;
+	  char save = mess->file[128];
+	  end = mess->options + 64; /* BOOTP vend area is only 64 bytes */
+	  mess->yiaddr = config->addr;
+	  mess->siaddr = daemon->dhcp_next_server.s_addr ? daemon->dhcp_next_server : iface_addr;
+	  if (have_config(config, CONFIG_NAME))
+	    hostname = config->hostname;
+	  if (have_config(config, CONFIG_NETID))
+	    {
+	      config->netid.next = netid;
+	      netid = &config->netid;
+	    }
+	  /* Match incoming filename field as a netid. */
+	  if (mess->file[0])
+	    {
+	      mess->file[128] = 0; /* ensure zero term. */
+	      id.net = mess->file;
+	      id.next = netid;
+	      netid = &id;
+	    }
+	  p = do_req_options(context, p, end, NULL, daemon, 
+			     hostname, iface_addr, netid, subnet_addr);
+	  /* must do this after do_req_options since it overwrites filename field. */
+	  bootp_option_put(mess, daemon->dhcp_file, daemon->dhcp_sname);
+	  p = option_end(p, end, mess);
+	  log_packet(NULL, &config->addr, mess->chaddr, iface_name, NULL);
+	  mess->file[128] = save;
+	  return p - (unsigned char *)mess; 
+	}
+      return 0;
+    }
+  
  /* If there is no client identifier option, use the hardware address */
  if ((opt = option_find(mess, sz, OPTION_CLIENT_ID)))
    {
@@ -152,15 +230,14 @@ int dhcp_reply(struct dhcp_context *context,
      clid_len = 0;
    }
    
-  if ((config = find_config(dhcp_configs, context, clid, clid_len, mess->chaddr, NULL)) && 
-      have_config(config, CONFIG_NAME))
+  config = find_config(daemon->dhcp_conf, context, clid, clid_len, mess->chaddr, NULL);
+
+  if (have_config(config, CONFIG_NAME))
    hostname = config->hostname;
  else if ((opt = option_find(mess, sz, OPTION_HOSTNAME)))
    {
      int len = option_len(opt);
-      /* namebuff is 1K long, use half for requested options and half for hostname */
-      /* len < 256 by definition */
-      hostname = namebuff + 500;
+      hostname = daemon->dhcp_buff;
      memcpy(hostname, option_ptr(opt), len);
      /* May not be zero terminated */
      hostname[len] = 0;
@@ -172,7 +249,7 @@ int dhcp_reply(struct dhcp_context *context,
 	  char *dot = strchr(hostname, '.');
 	  if (dot)
 	    {
-	      if (!domain_suffix || !hostname_isequal(dot+1, domain_suffix))
+	      if (!daemon->domain_suffix || !hostname_isequal(dot+1, daemon->domain_suffix))
 		{
 		  syslog(LOG_WARNING, "Ignoring DHCP host name %s because it has an illegal domain part", hostname);
 		  hostname = NULL;
@@ -184,32 +261,32 @@ int dhcp_reply(struct dhcp_context *context,
 		    hostname = NULL; /* nothing left */
 		}
 	    }
-	  /* search again now we have a hostname */
-	  config = find_config(dhcp_configs, context, clid, clid_len, mess->chaddr, hostname);
+
+	  /* Search again now we have a hostname. 
+	     Only accept configs without CLID and HWADDR here, (they won't match)
+	     to avoid impersonation by name. */
+	  if (!config)
+	    {
+	      struct dhcp_config *new = find_config(daemon->dhcp_conf, context, NULL, 0, mess->chaddr, hostname);
+	      if (!have_config(new, CONFIG_CLID) && !have_config(new, CONFIG_HWADDR))
+		config = new;
+	    }
 	}
    }
  
-  def_time = have_config(config, CONFIG_TIME) ? config->lease_time : context->lease_time;
-  
-  if (context->netid.net)
-    {
-      context->netid.next = netid;
-      netid = &context->netid;
-    }
-  
  if (have_config(config, CONFIG_NETID))
    {
      config->netid.next = netid;
      netid = &config->netid;
    }
-
+  
  /* Theres a chance that carefully chosen data could match the same
     vendor/user option twice and make a loop in the netid chain. */
-  for (vendor = vendors; vendor; vendor = vendor->next)
+  for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)
    vendor->used = 0;

  if ((opt = option_find(mess, sz, OPTION_VENDOR_ID)))
-    for (vendor = vendors; vendor; vendor = vendor->next)
+    for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)
      if (vendor->is_vendor && !vendor->used)
 	{
 	  int i;
@@ -228,7 +305,7 @@ int dhcp_reply(struct dhcp_context *context,
      unsigned char *ucp =  option_ptr(opt);
      int j;
      for (j = 0; j < option_len(opt); j += ucp[j] + 1)
-	for (vendor = vendors; vendor; vendor = vendor->next)
+	for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)
 	  if (!vendor->is_vendor && !vendor->used)
 	    {
 	      int i;
@@ -253,10 +330,12 @@ int dhcp_reply(struct dhcp_context *context,
  /* do we have a lease in store? */
  lease = lease_find_by_client(clid, clid_len);
  
+  def_time = have_config(config, CONFIG_TIME) ? config->lease_time : context->lease_time;
+  
  if ((opt = option_find(mess, sz, OPTION_LEASE_TIME)))
    {
      unsigned int req_time = option_uint(opt, 4);
-        
+      
      if (def_time == 0xffffffff || 
 	  (req_time != 0xffffffff && req_time < def_time))
 	expires_time = renewal_time = req_time;
@@ -275,15 +354,12 @@ int dhcp_reply(struct dhcp_context *context,
  if ((opt = option_find(mess, sz, OPTION_REQUESTED_OPTIONS)))
    {
      int len = option_len(opt);
-      req_options = namebuff;
+      req_options = daemon->dhcp_buff2;
      memcpy(req_options, option_ptr(opt), len);
      req_options[len] = OPTION_END;
    }
  
-  if (!(opt = option_find(mess, sz, OPTION_MESSAGE_TYPE)))
-    return 0;
-  
-  switch (option_uint(opt, 1))
+  switch (mess_type)
    {
    case DHCPDECLINE:
      if (!(opt = option_find(mess, sz, OPTION_SERVER_IDENTIFIER)) ||
@@ -293,7 +369,7 @@ int dhcp_reply(struct dhcp_context *context,
      /* sanitise any message. Paranoid? Moi? */
      if ((opt = option_find(mess, sz, OPTION_MESSAGE)))
 	{ 
-	  char *p = option_ptr(opt), *q = namebuff;
+	  char *p = option_ptr(opt), *q = daemon->dhcp_buff;
 	  int i;
 	  
 	  for (i = option_len(opt); i > 0; i--)
@@ -303,7 +379,7 @@ int dhcp_reply(struct dhcp_context *context,
 		*q++ = c;
 	    }
 	  *q++ = 0; /* add terminator */
-	  message = namebuff;
+	  message = daemon->dhcp_buff;
 	}
      
      if (!(opt = option_find(mess, sz, OPTION_REQUESTED_IP)))
@@ -322,7 +398,8 @@ int dhcp_reply(struct dhcp_context *context,
 	}
      else
 	/* make sure this host gets a different address next time. */
-	context->addr_epoch++;
+	for (; context; context = context->current)
+	  context->addr_epoch++;
      
      return 0;

@@ -331,10 +408,12 @@ int dhcp_reply(struct dhcp_context *context,
 	  (iface_addr.s_addr != option_addr(opt).s_addr))
 	return 0;
      
-      log_packet("RELEASE", &mess->ciaddr, mess->chaddr, iface_name, NULL);
-
      if (lease && lease->addr.s_addr == mess->ciaddr.s_addr)
 	lease_prune(lease, now);
+      else
+	message = "unknown lease";
+
+      log_packet("RELEASE", &mess->ciaddr, mess->chaddr, iface_name, message);
 	
      return 0;
      
@@ -343,23 +422,23 @@ int dhcp_reply(struct dhcp_context *context,
 	addr = option_addr(opt);
      if (have_config(config, CONFIG_DISABLE))
 	message = "ignored";
-      else if (have_config(config, CONFIG_ADDR) && !lease_find_by_addr(config->addr))
+      else if (have_config(config, CONFIG_ADDR) && 
+               (!(ltmp = lease_find_by_addr(config->addr)) || ltmp == lease))
 	mess->yiaddr = config->addr;
      else if (lease && address_available(context, lease->addr))
 	mess->yiaddr = lease->addr;
-      else if (opt && address_available(context, addr) && !lease_find_by_addr(addr))
+      else if (opt && address_available(context, addr) && !lease_find_by_addr(addr) && 
+	       !config_find_by_address(daemon->dhcp_conf, addr))
 	mess->yiaddr = addr;
-      else if (!address_allocate(context, dhcp_configs, &mess->yiaddr, mess->chaddr))
+      else if (!address_allocate(context, daemon, &mess->yiaddr, mess->chaddr))
 	message = "no address available";      
      log_packet("DISCOVER", opt ? &addr : NULL, mess->chaddr, iface_name, message);          
      
      if (message)
 	return 0;
      
-      /* ensure that we send the reply by steam even if a buggy client sets this. */
-      mess->ciaddr.s_addr = 0;
-      bootp_option_put(mess, dhcp_file, dhcp_sname);
-      mess->siaddr = dhcp_next_server.s_addr ? dhcp_next_server : iface_addr;
+      bootp_option_put(mess, daemon->dhcp_file, daemon->dhcp_sname);
+      mess->siaddr = daemon->dhcp_next_server.s_addr ? daemon->dhcp_next_server : iface_addr;
      p = option_put(p, end, OPTION_MESSAGE_TYPE, 1, DHCPOFFER);
      p = option_put(p, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(iface_addr.s_addr));
      p = option_put(p, end, OPTION_LEASE_TIME, 4, expires_time);
@@ -369,8 +448,8 @@ int dhcp_reply(struct dhcp_context *context,
 	  p = option_put(p, end, OPTION_T1, 4, (expires_time/2));
 	  p = option_put(p, end, OPTION_T2, 4, ((expires_time * 7)/8));
 	}
-      p = do_req_options(context, p, end, req_options, dhcp_opts, domain_suffix, 
-			 NULL, router, iface_addr, iface_mtu, netid);
+      p = do_req_options(context, p, end, req_options, daemon, 
+			 NULL, iface_addr, netid, subnet_addr);
      p = option_end(p, end, mess);
      
      log_packet("OFFER" , &mess->yiaddr, mess->chaddr, iface_name, NULL);
@@ -383,66 +462,80 @@ int dhcp_reply(struct dhcp_context *context,
 	{
 	  /* SELECTING  or INIT_REBOOT */
 	  mess->yiaddr = option_addr(opt);
-	  /* The RFC says that this is already zero, but there exist
-	     real-world counter examples. */
-	  mess->ciaddr.s_addr = 0; 
 	  
-	  if ((opt = option_find(mess, sz, OPTION_SERVER_IDENTIFIER)) &&
-	      (iface_addr.s_addr != option_addr(opt).s_addr))
-	    return 0;
-	  
-	  /* If a lease exists for this host and another address, squash it. */
-	  if (lease && lease->addr.s_addr != mess->yiaddr.s_addr)
+	  if ((opt = option_find(mess, sz, OPTION_SERVER_IDENTIFIER)))
 	    {
-	      lease_prune(lease, now);
-	      lease = NULL;
+	      /* SELECTING */
+	      if (iface_addr.s_addr != option_addr(opt).s_addr)
+		return 0;
+	      
+	      /* If a lease exists for this host and another address, squash it. */
+	      if (lease && lease->addr.s_addr != mess->yiaddr.s_addr)
+		{
+		  lease_prune(lease, now);
+		  lease = NULL;
+		}
 	    }
-	    
-	  if (!lease)
-	    { 
-	      if ((!address_available(context, mess->yiaddr) || lease_find_by_addr(mess->yiaddr)) && 
-		  (!have_config(config, CONFIG_ADDR) || config->addr.s_addr != mess->yiaddr.s_addr))
-		message = "address unavailable";
-	      else if (!(lease = lease_allocate(clid, clid_len, mess->yiaddr)))
-		message = "no leases left";
+	  else
+	    {
+	      /* INIT-REBOOT */
+	      if (!lease && !(daemon->options & OPT_AUTHORITATIVE))
+		return 0;
+	      
+	      if (lease && lease->addr.s_addr != mess->yiaddr.s_addr)
+		message = "wrong address";
 	    }
 	}
      else
 	{
 	  /* RENEWING or REBINDING */ 
 	  /* Must exist a lease for this address */
-	  if (!mess->ciaddr.s_addr)
-	    return 0;
-	  
-	  mess->yiaddr = mess->ciaddr;
 	  if (!lease || mess->ciaddr.s_addr != lease->addr.s_addr)
 	    message = "lease not found";
 	  
 	  /* desynchronise renewals */
 	  fuzz = rand16();
 	  while (fuzz > (renewal_time/16))
-	    fuzz = fuzz/2;
+	    fuzz = fuzz/2; 
+
+	  mess->yiaddr = mess->ciaddr;
 	}
      
-      /* If a machine moves networks whilst it has a lease, we catch that here. */
-      if (!message && !is_same_net(mess->yiaddr, context->start, context->netmask))
-	message = "wrong network";
-
-      /* Check for renewal of a lease which is now outside the allowed range. */
-      if (!message && !address_available(context, mess->yiaddr) &&
-	  (!have_config(config, CONFIG_ADDR) || config->addr.s_addr != mess->yiaddr.s_addr))
-	message = "address no longer available";
-
-      /* Check if a new static address has been configured. Be very sure that
-	 when the client does DISCOVER, it will get the static address, otherwise
-	 an endless protocol loop will ensue. */
-      if (!message && have_config(config, CONFIG_ADDR) &&
-	  !have_config(config, CONFIG_DISABLE) &&
-	  !lease_find_by_addr(config->addr))
-	message = "static lease available";
-   
      log_packet("REQUEST", &mess->yiaddr, mess->chaddr, iface_name, NULL);
      
+      if (!message)
+	{
+	  struct dhcp_config *addr_config;
+
+	  /* If a machine moves networks whilst it has a lease, we catch that here. */
+	  if (!is_same_net(mess->yiaddr, context->start, context->netmask))
+	    message = "wrong network";
+
+	  /* Check for renewal of a lease which is outside the allowed range. */
+	  else if (!address_available(context, mess->yiaddr) &&
+		   (!have_config(config, CONFIG_ADDR) || config->addr.s_addr != mess->yiaddr.s_addr))
+	    message = "address not available";
+
+	  /* Check if a new static address has been configured. Be very sure that
+	     when the client does DISCOVER, it will get the static address, otherwise
+	     an endless protocol loop will ensue. */
+	  
+	  else if (have_config(config, CONFIG_ADDR) && 
+		   config->addr.s_addr != mess->yiaddr.s_addr &&
+		   (!(ltmp = lease_find_by_addr(config->addr)) || ltmp == lease))
+	    message = "static lease available";
+
+	  /* Check to see if the address is reserved as a static address for another host */
+	  else if ((addr_config = config_find_by_address(daemon->dhcp_conf, mess->yiaddr)) && addr_config != config)
+	    message ="address reserved";
+
+	  else if ((ltmp = lease_find_by_addr(mess->yiaddr)) && ltmp != lease)
+	    message = "address in use";
+	  
+	  else if (!lease && !(lease = lease_allocate(clid, clid_len, mess->yiaddr)))
+	    message = "no leases left";
+	}
+      
      if (message)
 	{
 	  log_packet("NAK", &mess->yiaddr, mess->chaddr, iface_name, message);
@@ -451,30 +544,31 @@ int dhcp_reply(struct dhcp_context *context,
 	  bootp_option_put(mess, NULL, NULL);
 	  p = option_put(p, end, OPTION_MESSAGE_TYPE, 1, DHCPNAK);
 	  p = option_put_string(p, end, OPTION_MESSAGE, message);
-	  p = option_end(p, end, mess);
 	  mess->flags |= htons(0x8000); /* broadcast */
-	  return p - (unsigned char *)mess;
 	}
-      
-      log_packet("ACK", &mess->yiaddr, mess->chaddr, iface_name, hostname);
-      
-      lease_set_hwaddr(lease, mess->chaddr);
-      if (hostname)
-	lease_set_hostname(lease, hostname, domain_suffix);
-      lease_set_expires(lease, renewal_time == 0xffffffff ? 0 : now + (time_t)renewal_time);
-      
-      bootp_option_put(mess, dhcp_file, dhcp_sname);
-      mess->siaddr = dhcp_next_server.s_addr ? dhcp_next_server : iface_addr;
-      p = option_put(p, end, OPTION_MESSAGE_TYPE, 1, DHCPACK);
-      p = option_put(p, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(iface_addr.s_addr));
-      p = option_put(p, end, OPTION_LEASE_TIME, 4, renewal_time);
-      if (renewal_time != 0xffffffff)
+      else
 	{
-	  p = option_put(p, end, OPTION_T1, 4, (renewal_time/2) - fuzz);
-	  p = option_put(p, end, OPTION_T2, 4, ((renewal_time * 7)/8) - fuzz);
+	  log_packet("ACK", &mess->yiaddr, mess->chaddr, iface_name, hostname);
+      
+	  lease_set_hwaddr(lease, mess->chaddr);
+	  if (hostname)
+	    lease_set_hostname(lease, hostname, daemon->domain_suffix);
+	  lease_set_expires(lease, renewal_time == 0xffffffff ? 0 : now + (time_t)renewal_time);
+	  
+	  bootp_option_put(mess, daemon->dhcp_file, daemon->dhcp_sname);
+	  mess->siaddr = daemon->dhcp_next_server.s_addr ? daemon->dhcp_next_server : iface_addr;
+	  p = option_put(p, end, OPTION_MESSAGE_TYPE, 1, DHCPACK);
+	  p = option_put(p, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(iface_addr.s_addr));
+	  p = option_put(p, end, OPTION_LEASE_TIME, 4, renewal_time);
+	  if (renewal_time != 0xffffffff)
+	    {
+	      p = option_put(p, end, OPTION_T1, 4, (renewal_time/2) - fuzz);
+	      p = option_put(p, end, OPTION_T2, 4, ((renewal_time * 7)/8) - fuzz);
+	    }
+	  p = do_req_options(context, p, end, req_options, daemon, 
+			     hostname, iface_addr, netid, subnet_addr);
 	}
-      p = do_req_options(context, p, end, req_options, dhcp_opts, domain_suffix, 
-			 hostname, router, iface_addr, iface_mtu, netid);
+
      p = option_end(p, end, mess);
      return p - (unsigned char *)mess; 
      
@@ -489,8 +583,8 @@ int dhcp_reply(struct dhcp_context *context,
      
      p = option_put(p, end, OPTION_MESSAGE_TYPE, 1, DHCPACK);
      p = option_put(p, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(iface_addr.s_addr));
-      p = do_req_options(context, p, end, req_options, dhcp_opts, domain_suffix, 
-			 hostname, router, iface_addr, iface_mtu, netid);
+      p = do_req_options(context, p, end, req_options, daemon, 
+			 hostname, iface_addr, netid, subnet_addr);
      p = option_end(p, end, mess);
      
      log_packet("ACK", &mess->ciaddr, mess->chaddr, iface_name, hostname);
@@ -502,8 +596,9 @@ int dhcp_reply(struct dhcp_context *context,

 static void log_packet(char *type, struct in_addr *addr, unsigned char *hwaddr, char *interface, char *string)
 {
-  syslog(LOG_INFO, "DHCP%s(%s)%s%s %.2x:%.2x:%.2x:%.2x:%.2x:%.2x%s%s",
-	 type,
+  syslog(LOG_INFO, "%s%s(%s)%s%s %.2x:%.2x:%.2x:%.2x:%.2x:%.2x%s%s",
+	 type ? "DHCP" : "BOOTP",
+	 type ? type : "",
 	 interface, 
 	 addr ? " " : "",
 	 addr ? inet_ntoa(*addr) : "",
@@ -583,13 +678,16 @@ static unsigned char *option_end(unsigned char *p, unsigned char *end, struct dh

 static unsigned char *option_put_string(unsigned char *p, unsigned char *end, int opt, char *string)
 {
-  if (p + strlen(string) + 3 < end)
+  int len = strlen(string);
+
+  if (p + len + 3 < end)
    {
      *(p++) = opt;
-      *(p++) = strlen(string);
-      memcpy(p, string, strlen(string));
-      p += strlen(string);
+      *(p++) = len;
+      memcpy(p, string, len);
+      p += len;
    }
+
  return p;
 }
 
@@ -634,7 +732,8 @@ static unsigned char *option_find(struct dhcp_packet *mess, int size, int opt_ty
  int overload = 0; 
  unsigned char *ret;
  
-  ret = option_find1(&mess->options[0], ((unsigned char *)mess) + size, opt_type, &overload);
+  /* skip over DHCP cookie; */
+  ret = option_find1(&mess->options[0] + sizeof(u32), ((unsigned char *)mess) + size, opt_type, &overload);
  
  if (!ret && (overload & 1)) 
    ret = option_find1(&mess->file[0], &mess->file[128], opt_type, &overload);
@@ -685,39 +784,46 @@ static struct dhcp_opt *option_find2(struct dhcp_netid *netid, struct dhcp_opt *
 static unsigned char *do_req_options(struct dhcp_context *context,
 				     unsigned char *p, unsigned char *end, 
 				     unsigned char *req_options,
-				     struct dhcp_opt *config_opts,
-				     char *domainname, char *hostname,
-				     struct in_addr router, 
+				     struct daemon *daemon,
+				     char *hostname,
 				     struct in_addr iface_addr,
-				     int iface_mtu, struct dhcp_netid *netid)
+				     struct dhcp_netid *netid,
+				     struct in_addr subnet_addr)
 {
-  struct dhcp_opt *opt;
-    
+  struct dhcp_opt *opt, *config_opts = daemon->dhcp_opts;
+
  if (in_list(req_options, OPTION_MAXMESSAGE))
-    p = option_put(p, end, OPTION_MAXMESSAGE, 2, 
-		   DNSMASQ_PACKETSZ > iface_mtu ? 
-		   iface_mtu : DNSMASQ_PACKETSZ);
+    p = option_put(p, end, OPTION_MAXMESSAGE, 2, end - (unsigned char *)daemon->dhcp_packet);
  
+  /* rfc3011 says this doesn't need to be in the requested options list. */
+  if (subnet_addr.s_addr)
+    p = option_put(p, end, OPTION_SUBNET_SELECT, INADDRSZ, ntohl(subnet_addr.s_addr));
+
  if (in_list(req_options, OPTION_NETMASK) &&
      !option_find2(netid, config_opts, OPTION_NETMASK))
    p = option_put(p, end, OPTION_NETMASK, INADDRSZ, ntohl(context->netmask.s_addr));
  
-  if (in_list(req_options, OPTION_BROADCAST) &&
+  /* May not have a "guessed" broadcast address if we got no packets via a relay
+     from this net yet (ie just unicast renewals after a restart */
+  if (context->broadcast.s_addr &&
+      in_list(req_options, OPTION_BROADCAST) &&
      !option_find2(netid, config_opts, OPTION_BROADCAST))
    p = option_put(p, end, OPTION_BROADCAST, INADDRSZ, ntohl(context->broadcast.s_addr));
  
-  if (in_list(req_options, OPTION_ROUTER) &&
+  /* Same comments as broadcast apply, and also may not be able to get a sensible
+     default when using subnet select.  User must configure by steam in that case. */
+  if (context->router.s_addr &&
+      in_list(req_options, OPTION_ROUTER) &&
      !option_find2(netid, config_opts, OPTION_ROUTER))
-    p = option_put(p, end, OPTION_ROUTER, INADDRSZ, 
-		   ntohl(router.s_addr));
+    p = option_put(p, end, OPTION_ROUTER, INADDRSZ, ntohl(context->router.s_addr));

  if (in_list(req_options, OPTION_DNSSERVER) &&
      !option_find2(netid, config_opts, OPTION_DNSSERVER))
    p = option_put(p, end, OPTION_DNSSERVER, INADDRSZ, ntohl(iface_addr.s_addr));
  
-  if (domainname && in_list(req_options, OPTION_DOMAINNAME) && 
+  if (daemon->domain_suffix && in_list(req_options, OPTION_DOMAINNAME) && 
      !option_find2(netid, config_opts, OPTION_DOMAINNAME))
-    p = option_put_string(p, end, OPTION_DOMAINNAME, domainname);
+    p = option_put_string(p, end, OPTION_DOMAINNAME, daemon->domain_suffix);
 
  /* Note that we ignore attempts to set the hostname using 
     --dhcp-option=12,<name> */
--- a/src/util.c
+++ b/src/util.c
@@ -251,3 +251,20 @@ int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask)
 {
  return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr);
 } 
+
+int retry_send(void)
+{
+   struct timespec waiter;
+   if (errno == EAGAIN)
+     {
+       waiter.tv_sec = 0;
+       waiter.tv_nsec = 10000;
+       nanosleep(&waiter, NULL);
+       return 1;
+     }
+   
+   if (errno == EINTR)
+     return 1;
+
+   return 0;
+}
Author	SHA1	Message	Date
Simon Kelley	fd9fa4811d	import of dnsmasq-2.16.tar.gz	2012-01-05 17:31:11 +00:00
Simon Kelley	36717eeefc	import of dnsmasq-2.15.tar.gz	2012-01-05 17:31:11 +00:00
Simon Kelley	3be34541c2	import of dnsmasq-2.14.tar.gz	2012-01-05 17:31:10 +00:00
Simon Kelley	9c74ec03ca	import of dnsmasq-2.13.tar.gz	2012-01-05 17:31:10 +00:00
Simon Kelley	c1bb85048b	import of dnsmasq-2.12.tar.gz	2012-01-05 17:31:10 +00:00
Simon Kelley	dfa666f24b	import of dnsmasq-2.11.tar.gz	2012-01-05 17:31:10 +00:00