import of dnsmasq-2.35.tar.gz

CHANGELOG

@@ -1267,7 +1267,7 @@ version 2.17
 	    already a fatal error when bind-interfaces is set.)
 
 	    Allow the --interface and --except-interface options to
-	    take a comma-seperated list of interfaces.
+	    take a comma-separated list of interfaces.
 
 	    Tweak --dhcp-userclass matching code to work with the
 	    ISC dhclient which violates RFC3004 unless its
@@ -1288,9 +1288,753 @@ version 2.17
 	    clients. Credit to Cedric Duval for spotting this.
 
 	    Fix rare crash associated with long DNS names and CNAME
-	    records. Thanks to Holger_Hoffstatte and especially Steve
+	    records. Thanks to Holger Hoffstatte and especially Steve
 	    Grecni for help chasing that one down.
 
- 
+version 2.18
+            Reworked the Linux interface discovery code (again) to
+	    cope with interfaces which have only IPv6 addresses and 
+	    interfaces with more than one IPv6 address. Thanks to
+            Martin Pels for help with that.
 
+	    Fix problems which occured when more than one dhcp-range
+	    was specified in the same subnet: sometimes parameters
+	    (lease time, network-id tag) from the wrong one would be
+	    used. Thanks to Rory Campbell-Lange for the bug report.
+
+	    Reset cache statistics when clearing the cache.
+
+	    Enable long command line options on FreeBSD when the
+	    C library supports them.
+
+version 2.19 
+            Tweaked the Linux-only interface discovery code to cope 
+	    with interface-indexes larger than 8 bits in
+            /proc/net/if_inet6. This only affects Linux, obviously.  
+	    Thanks to Richard Atterer for the bug report.
+
+	    Check for under-length option fields in DHCP packets, a
+	    zero length client-id, in particluar, could seriously
+	    confuse dnsmasq 'till now. Thanks to Will Murname for help
+	    with that.
+
+	    If a DHCP-allocated address has an associated name in
+	    /etc/hosts, and the client does not provide a hostname
+	    parameter and there is no hostname in a matching dhcp-host
+	    option, send the /etc/hosts name as the hostname in 
+	    the DHCP lease. Thanks to Will Murname for the suggestion.
+
+version 2.20
+	    Allow more than one instance of dnsmasq to run on a
+	    machine, each providing DHCP service on a different
+	    interface, provided that --bind-interfaces is set. This
+	    configuration used to work, but regressed in version 2.14
+
+	    Fix compilation on Mac OS X. Thanks to Kevin Bullock.
+	
+	    Protect against overlong names and overlong
+	    labels in configuration and from DHCP.
+
+	    Fix interesting corner case in CNAME handling. This occurs
+	    when a CNAME has a target which "shadowed" by a name in
+	    /etc/hosts or from DHCP. Resolving the CNAME would sneak
+	    the upstream value of the CNAME's target into the cache,
+	    alongside the local value. Now that doesn't happen, though
+	    resolving the CNAME still gives the unshadowed value. This
+	    is arguably wrong but rather difficult to fix. The main
+	    thing is to avoid getting strange results for the target
+	    due to the cache pollution when resolving the
+	    CNAME. Thanks to Pierre Habouzit for exploring the corner
+	    and submitting a very clear bug report.
+
+	    Fix subtle bug in the DNS packet parsing code. It's almost
+	    impossible to describe this succinctly, but the one known
+	    manifestation is the inability to cache the A record for
+	    www.apple.com. Thanks to Bob Alexander for spotting that.
+
+	    Support SRV records. Thanks to Robert Kean for the patches
+	    for this.
+
+	    Fixed sign confusion in the vendor-id matching code which
+	    could cause crashes sometimes. (Credit to Mark Wiater for
+	    help finding this.)
+
+	    Added the ability to match the netid tag in a
+	    dhcp-range. Combined with the ability to have multiple
+	    ranges in a single subnet, this provides a means to
+	    segregate hosts on different address ranges based on
+	    vendorclass or userclass. Thanks to Mark Wiater for
+	    prompting this enhancement.    
+
+	    Added preference values for MX records.
+
+	    Added the --localise-queries option.
+
+version 2.21
+            Improve handling of SERVFAIL and REFUSED errors. Receiving
+	    these now initiates search for a new good server, and a 
+	    server which returns them is not a candidate as a good
+            server. Thanks to Istvan Varadi for pointing out the
+            problem.
+
+	    Tweak the time code in BROKEN_RTC mode.
+
+	    Sanity check lease times in dhcp-range and dhcp-host
+	    configurations and force them to be at least two minutes
+	    (120s) leases shorter than a minute confuse some clients,
+	    notably Apple MacOS X. Rory Campbell-Lange found this
+	    problem.
+
+	    Only warn once about an upstream server which is refusing to do
+	    recursive queries.
+
+	    Fix DHCP address allocation problem when netid tags are in
+	    use. Thanks to Will Murnane for the bug report and
+	    subsequent testing.
+
+	    Add an additional data section to the reply for MX and SRV
+	    queries. Add support for DNS TXT records. Thanks to Robert 
+	    Kean and John Hampton for prompts and testing of these.
+
+	    Apply address rewriting to records in the additional data section
+	    of DNS packets. This makes things like MX records work
+	    with the alias function. Thanks to Chad Skeeters for
+	    pointing out the need for this.
+
+	    Added support for quoted strings in config file.
+
+	    Detect and defeat cache-poisoning attacks which attempt to
+	    send (malicious) answers to questions we didn't
+	    send. These are ignored now even if the attacker manages
+	    to guess a random query-id.
+
+	    Provide DHCP support for interfaces with multiple IP
+	    addresses or aliases. This in only enabled under Linux.
+	    See the FAQ entry for details.
+
+	    Revisit the MAC-address and client-id matching code to
+	    provide saner behaviour with PXE boots, where some
+	    requests have a client-id and some don't.
+
+	    Fixed off-by-one buffer overflow in lease file reading
+	    code. Thanks to Rob Holland for the bug report.
+
+	    Added wildcard matching for MAC addresses in dhcp-host
+	    options. A sensible suggestion by Nathaniel McCallum.
+
+version 2.22
+            Fixed build problems on (many) systems with older libc
+            headers where <linux/types.h> is required before
+            <linux/netlink.h>. Enabled HAVE_RTNETLINK under uclibc now
+            that this fix is in place.
+
+	    Added support for encapsulated vendor-class-specific DHCP
+	    options. Thanks to Eric Shattow for help with this.
+
+	    Fix regression in 2.21 which broke commas in filenames and
+	    corrupted argv. Thanks to Eric Scott for the bugreport.
+
+	    Fixed stupid thinko which caused dnsmasq to wedge during
+	    startup with certain MX-record options. Another 2.21 regression.
+
+	    Fixed broken-ness when reading /etc/ethers. 2.21 broke
+	    this too.
+
+	    Fixed wedge with certain DHCP options. Yet another 2.21
+	    regression. Rob Holland and Roy Marples chased this one
+	    down.
+
+version 2.23
+	    Added a check to ensure that there cannot be more than one
+	    dhcp-host option for any one IP address, even if the
+	    addresses are assigned indirectly via a hostname and
+	    /etc/hosts.
+
+	    Include a "server identifier" in DHCPNAK replies, as
+	    required by RFC2131.
+
+	    Added method  support for DBus
+	    (http://www.freedesktop.org/Software/dbus)
+	    This is a superior way to re-configure dnsmasq on-the-fly
+	    with different upstream nameservers, as the host moves
+	    between networks. DBus support must be enabled in
+	    src/config.h and should be considered experimental at this
+	    point. See DBus-interface for the specification of the
+	    DBus method calls supported.
+
+	    Added information to the FAQ about setting the DNS domain
+	    in windows XP and Mac OS X, thanks to Rick Hull.
+
+	    Added sanity check to resolv.conf polling code to cope
+	    with backwards-moving clocks. Thanks to Leonardo Canducci
+	    for	help with this.
+
+	    Handle so-called "A-for-A" queries, which are queries for
+	    the address associated with a name which is already a
+	    dotted-quad address. These should be handled by the
+	    resolver code, but sometimes aren't and there's no point
+	    in forwarding them.
+
+	    Added "no-dhcp-interface" option to disable DHCP service
+            on an interface, whilst still providing DNS.
+
+	    Fix format-string problem - config file names get passed
+	    to fprintf as a format string, so % characters could cause
+	    crashes. Thanks to Rob Holland for sleuthing that one.
+
+	    Fixed multiple compiler warnings from gcc 4. Thanks to 
+	    Tim Cutts for the report.
+
+	    Send the hostname option on DHCP offer messages as well as
+	    DHCP ack messages. This is required by the Rio Digital 
+	    Audio Receiver. Thanks to Ron Frederick for the patch.
+ 
+            Add 'd' (for day) as a possible time multiplier in lease 
+	    time specifications. Thanks to Michael Deegan.
+
+	    Make quoting suppress recognition of IP addresses, so
+	    dhcp-option=66,1.2.3.4 now means something different to
+            dhcp-option=66,"1.2.3.4", which sets the option to a
+	    string value. Thanks to Brian Macauley for the bug report.
+
+	    Fixed the option parsing code to avoid segfaults from some
+	    invalid configurations. Thanks to Wookey for spotting that one.
+ 
+            Provide information about which compile-time options were 
+	    selected, both in the log at startup and as part of the output 
+            from dnsmasq --version. Thanks to Dirk Schenkewitz for 
+            the suggestion. 
+
+	    Fix pathalogical behaviour when a broken client keeps sending
+            DHCPDISCOVER messages repeatedly and fast. Because dealing with
+            each of these takes a few seconds, (because of the ping) then a 
+	    queue of DHCP packets could build up. Now, the results of a ping 
+            test are assumed to be valid for 30 seconds, so repeated waits are
+            not required. Thanks to Luca Landi for finding this.
+
+	    Allow DHCPINFORM requests without hardware address
+	    information. These are generated by some browsers, looking
+	    for proxy information. Thanks to Stanley Jaddoe for the
+	    bug report on that.
+
+	    Add support of the "client FQDN" DHCP option. If present,
+	    this is used to allow the client to tell dnsmasq its name,
+	    in preference to (mis)using the hostname option. See 
+              http://tools.ietf.org/wg/dhc/draft-ietf-dhc-fqdn-option/\
+                draft-ietf-dhc-fqdn-option-10.txt
+            for details of the draft spec.
+
+	    Added startup scripts for MacOS X Tiger/Panther to the 
+            contrib collection. Thanks to Tim Cutts.
+
+	    Tweak DHCP network selection so that clients which turn up
+	    on our network in REBINDING state and with a lease for a
+	    foreign network will get a NAK response. Thanks to Dan
+	    Shechter for work on this and an initial patch and thanks
+	    to Gyorgy Farkas for further testing.
+
+	    Fix DNS query forwarding for empty queries and forward
+	    queries even when the recursion-desired bit is clear. This
+	    allows "dig +trace" to work. Problem report from Uwe
+	    Gansert.
+
+	    Added "const" declarations where appropriate, thanks to
+	    Andreas Mohr for the patch.
+
+	    Added --bootp-dynamic option and associated
+	    functionality. Thanks to Josef Wolf for the suggestion.
+ 
+version 2.24
+            Updated contrib/openvpn/dnsmasq.patch from Joseph Tate.
+
+	    Tweaked DHCP NAK code, a DHCP NAK is now unicast as a
+	    fallback in cases where a broadcast is futile: namely in
+	    response to a unicast REQUEST from a non-local network
+	    which was not sent via a relay.
+
+	    Slightly changed the semantics of domain matching in
+	    --server and --address configs. --server=/domain.com/ still
+	    matches domain.com and sub.domain.com but does not 
+	    now match newdomain.com The semantics of 
+            --server=/.domain.com/ are unchanged. 
+	    Thanks to Chris Blaise for the patch.
+
+	    Added backwards-compatible internationalisation support.
+	    The existing make targets, (all, dnsmasq, install) work as
+	    before. New ones (all-i18n, and install-i18n) add gettext.
+	    The translations live in po/ There are not too many
+	    strings, so if anybody can provide translations (and for
+	    the manpage....) please send them in.
+
+	    Tweak behaviour on receipt of REFUSED or SERVFAIL rcodes,
+	    now the query gets retried on all servers before returning
+	    the error to the source of the query. Thanks to Javier
+	    Kohen for the report.
+ 
+	    Added Polish translation - thanks to Tomasz Sochanski.
+
+	    Changed default manpage install location from /usr/man 
+	    to /usr/share/man 
+
+	    Added Spanish translation - thanks to Christopher Chatham.
+
+	    Log a warning when a DHCP packet is truncated due to lack
+	    of space. (Thanks to Michael Welle for the prompt to do
+	    this.)
 	    
+	    Added French translation - thanks to Lionel Tricon.
+
+	    Added Indonesian translation - thanks to Salman AS.
+
+	    Tweaked the netlink code to cope with interface broadcast
+	    address not set, or set to 0.0.0.0.
+
+	    Fixed problem assigning fixed addresses to hosts when more
+	    than one dhcp-range is available. Thanks to Sorin Panca
+	    for help chasing this down.
+
+	    Added more explict error mesages to the hosts file and
+	    ethers file reading code. Markus Kaiserswerth suffered to
+	    make this happen.
+
+	    Ensure that a hostname supplied by a DHCP client can never
+	    override one configured on the server. Previously, any
+	    host claiming a name would be given it, even if that
+	    over-rode a dhcp-host declaration, leading to potentially 
+            confusing situations.
+
+	    Added Slackware package-build stuff into contrib/ The i18n
+	    effort broke the current scripts, and working ones were
+	    needed for testing, so they ended up here rather than make
+	    Pat re-invent the wheel.
+	    
+	    Added Romanian translation, thanks to Sorin Panca for
+	    that.
+
+version 2.25
+            Fixed RedHat spec file for FC4 - thanks to Werner Hoelzl
+            and Andrew Bird.
+
+            Fixed Suse spec file - thanks to Steven Springl.
+
+	    Fixed DHCP bug when two distict subnets are on the same
+	    physical interface. Thanks to Pawel Zawora for finding
+	    this and suggesting the fix.
+
+	    Added logging to make it explicit when dnsmasq falls back
+	    from using RT-netlink sockets to the old ioctl API for
+	    getting information about interfaces. Doing this
+	    completely silently made remote debugging hard.
+
+	    Merged uclibc build fixes from the OpenWRT package into
+	    src/config.h 
+
+	    Added Norwegian translation - thanks to Jan Erik Askildt.
+
+version 2.26
+	    Fixed SuSe rpm patch problem - thanks to Steven Springl.
+
+	    Fixed crash when attempting to send a DHCP NAK to a host
+	    which believes it has a lease on an unknown
+	    network. Thanks to Lutz Pressler for the bug report and
+	    patch.
+
+version 2.27
+	    Tweaked DHCP behaviour when a client attempts to renew a lease
+            which dnsmasq doesn't know about. Previously that would always
+            result in a DHCPNAK. Now, in dhcp-authoritative mode, the
+            lease will be created, if it's legal. This makes dnsmasq work
+            better if the lease database is lost, for example on an OpenWRT
+	    system which reboots. Thanks to Stephen Rose for work on
+	    this.
+
+	    Added the ability to support RFC-3442 style destination
+	    descriptors in dhcp-options. This makes classless static
+	    routes easy to do, eg dhcp-option=121,192.168.1.0/24,1.2.3.4
+
+	    Added error-checking to the code which writes the lease
+	    file. If this fails for any reason, an error is logged,
+	    and a retry occurs after one minute. This should improve
+	    things eg when a filesystem is full. Thanks to Jens Holze
+	    for the bug report.
+
+	    Fixed breakage of the "/#/ matches any domain" facility
+	    which happened in 2.24. Thanks to Peter Surda for the bug
+	    report.
+
+	    Use "size_t" and "ssize_t" types where appropriate in the
+	    code.
+
+	    Fix buggy CNAME handling in mixed IPv4 and IPv6
+	    queries. Thanks to Andreas Pelme for help finding that.
+
+	    Added some code to attempt to re-transmit DNS queries when 
+	    a network interface comes up.  This helps on DoD links, 
+	    where frequently the packet which triggers dialling is
+            a DNS query, which then gets lost. By re-sending, we can 
+	    avoid the lookup failing. This function is only active
+	    when netlink support is compiled in, and therefore only
+	    under Linux. Thanks to Jean Wolter for help with this.
+
+	    Tweaked the DHCP tag-matching code to work correctly with
+	    NOT-tag conditions. Thanks to Lutz Pressler for finding
+	    the bug.
+
+	    Generalised netid-tag matching in dhcp-range statements to
+	    allow more than one tag.
+
+	    Added --dhcp-mac to do MAC address matching in the same
+	    way as vendorclass and userclass matching. A good
+	    suggestion from Lutz Pressler.
+
+	    Add workaround for buggy early Microsoft DHCP clients
+	    which need zero-termination in string options.
+	    Thanks to Fabiano Pires for help with this.
+
+	    Generalised the DHCP code to cope with any hardware
+	    address type, at least on Linux. *BSD is still limited to
+	    ethernet only.
+
+version 2.28
+            Eliminated all raw network access when running on
+            Linux. All DHCP network activity now goes through the IP
+            stack. Packet sockets are no longer required. Apart from
+            being a neat hack, this should also allow DHCP over IPsec
+            to work better. On *BSD and OS X, the old method of raw net
+            access through BPF is retained.
+
+	    Simplified build options. Networking is now slimmed down
+	    to a choice of "linux" or "other". Netlink is always used
+	    under Linux. Since netlink has been available since 2.2
+	    and non-optional in an IPv4-configured  kernel since 2.4,
+	    and the dnsmasq netlink code is now well tested, this 
+	    should work out fine. 
+
+	    Removed decayed build support for libc5 and Solaris.
+	    
+	    Removed pselect code: use a pipe for race-free signal
+	    handling instead, as this works everywhere.
+
+	    No longer enable the ISC leasefile reading code in the
+	    distributed sources. I doubt there are many people left
+	    using this 1.x compatibility code. Those that are will
+	    have to explicitly enable it in src/config.h.
+
+	    Don't send the "DHCP maximum message size" option, even if 
+	    requested. RFC2131 says this is a "MUST NOT".
+
+	    Support larger-than-minimum DHCP message. Dnsmasq is now
+	    happy to get larger than 576-byte DHCP messages, and will
+	    return large messages, if permitted by the "maximum
+	    message size" option of the message to which it is
+	    replying. There's now an arbitrary sanity limit of 16384
+	    bytes.
+
+	    Added --no-ping option. This fixes an RFC2131 "SHOULD".
+
+	    Building on the 2.27 MAC-address changes, allow clients to 
+	    provide no MAC address at all, relying on the client-id as
+	    a unique identifier. This should make things like DHCP for
+	    USB come easier.
+
+	    Fixed regression in netlink code under 2.2.x kernels which 
+	    occurred in 2.27. Erik Jan Tromp is the vintage kernel fan 
+	    who found this. P.S. It looks like this "netlink bind:
+	    permission denied" problem occured in kernels at least as
+	    late a 2.4.18. Good information from Alain Richoux.
+
+	    Added a warning when it's impossible to give a host its
+	    configured address because the address is leased
+	    elsewhere.  A sensible suggestion from Mircea Bardac.
+
+	    Added minimal support for RFC 3046 DHCP relay agent-id
+	    options. The DHCP server now echoes these back to the
+	    relay, as required by the RFC. Also, RFC 3527 link selection 
+	    sub-options are honoured.
+
+	    Set the process "dumpable" flag when running in debug
+	    mode: this makes getting core dumps from root processes
+	    much easier.
+	    
+	    Fixed one-byte buffer overflow which seems to only cause
+	    problems when dnsmasq is linked with uclibc. Thanks to
+	    Eric House and Eric Spakman for help in chasing this down.
+
+	    Tolerate configuration screwups which lead to the DHCP
+	    server attemping to allocate its own address to a
+	    client; eg setting the whole subnet range as a DHCP
+	    range. Addresses in use by the server are now excluded
+	    from use by clients.
+
+	    Did some thinking about HAVE_BROKEN_RTC mode, and made it
+	    much simpler and better. The key is to just keep lease
+	    lengths in the lease file. Since these normally never
+	    change, even as the lease is renewed, the lease file never
+	    needs to change except when machines arrive on the network
+	    or leave. This eliminates the code for timed writes, and
+	    reduces the amount of wear on a flash filesystem to the
+	    absolute minimum. Also re-did the basic time function in
+	    this mode to use the portable times(), rather than parsing
+	    /proc/uptime.
+
+	    Believe the source port number when replying to unicast 
+	    DHCP requests and DHCP requests via a relay, instead of always 
+            using the standard ports.  This will allow relays on 
+            non-standard ports and DHCPINFORM from unprivileged ports
+            to work. The source port sent by unconfigured clients is still 
+            ignored, since this may be unreliable. This means that a DHCP 
+            client must use the standard port to do full configuration.
+ 
+version 2.29
+	    Fixed compilation on OpenBSD (thanks to Tom Hensel for the
+	    report). 
+
+	    Fixed false "no interface" errors when --bind-interfaces is
+	    set along with --interface=lo or --listen-address. Thanks
+	    to Paul Wise for the report.
+
+	    Updated patch for SuSE rpm. Thanks to Steven Springl.
+
+	    It turns out that there are some Linux kernel
+	    configurations which make using the capability system
+	    impossible. If this situation occurs then continue, running
+	    as root, and log a warning. Thanks to Scott Wehrenberg
+	    for help tracking this down.
+
+version 2.30
+            Fixed crash when a DHCP client requested a broadcast
+            reply. This problem was introduced in version 2.28.
+	    Thanks to Sandra Dekkers for the bug report.
+
+version 2.31
+	    Added --dhcp-script option. There have been calls for this
+	    for a long time from many good people. Fabio Muzzi gets
+	    the prize for finally convincing me.
+
+	    Added example dbus config file and moved dbus stuff into
+	    its own directory.
+
+	    Removed horribly outdated Redhat RPM build files. These
+	    are obsolete now that dnsmasq in in Fedora extras. Thanks
+	    to Patrick "Jima" Laughton, the Fedora package
+	    maintainer.
+
+	    Added workaround for Linux kernel bug. This manifests
+	    itself as failure of DHCP on kernels with "support for
+	    classical IP over ATM" configured. That includes most
+	    Debian kernel packages. Many thanks to A. Costa and
+	    Benjamin Kudria for their huge efforts in chasing this
+	    down.
+
+	    Force-kill child processes when dnsmasq is sent a sigterm,
+	    otherwise an unclosed TCP connection could keep dnsmasq
+	    hanging round for a few minutes.
+
+	    Tweaked config.h logic for uclibc build. It will now pick
+	    up MMU and IPV6 status correctly on every system I tested.
+
+version 2.32 
+	    Attempt a better job of replacing previous configuration
+	    when re-reading /etc/hosts and /etc/ethers. SIGHUP is
+	    still not identical to a restart under all circumstances,
+	    but it is for the common case of name->MAC address in
+	    /etc/ethers and name->IP address in /etc/hosts.
+
+	    Fall back to broadcast for DHCP to an unconfigured client
+	    when the MAC address size is greater than 14 bytes.
+
+	    Fix problem in 2.28-onwards releases which breaks DNS on
+	    Mac OS X. Thanks to Doug Fields for the bug report and
+	    testing.
+
+	    Added fix to allow compilation on c89-only compilers.
+	    Thanks to John Mastwijk for the patch.
+	   
+	    Tweak resolv file polling code to work better if there is
+	    a race between updating the mtime and file contents. This
+	    is not normally a problem, but it can be on systems which
+	    replace nameservers whilst active. The code now continues
+	    to read resolv.conf until it gets at least one usable
+	    server. Thanks to Holger Mauermann for help with this.
+
+	    If a client DECLINEs an address which is allocated to it
+	    via dhcp-host or /etc/hosts, lock that address out of use
+	    for ten minutes, instead of forever, and log when it's not
+	    being used because of the lock-out. This should provide
+	    less surprising behaviour when a configured address can't be
+	    used. Thanks to Peter Surda and Heinz Deinhart for input
+	    on this.
+
+	    Fixed *BSD DHCP breakage with only some
+	    arches/compilers, depending on structure padding rules.
+	    Thanks to Jeb Campbell and Tom Hensel for help with this.
+
+	    Added --conf-dir option. Suggestion from Aaron Tygart.
+
+	    Applied patch from Brent Cook which allows netids in
+	    dhcp-option configuration lines to be prefixed by
+	    "net:". This is not required by the syntax, but it is
+	    consistent with other configuration items.
+
+	    Added --log-facility option. Suggestion from Fabio Muzzi.
+
+	    Major update to Spanish translation. Many thanks to Chris
+	    Chatham. 
+
+	    Fixed gcc-4.1 strict-alias compilation warning.
+
+version 2.33
+            Remove bash-specific shellcode from the Makefile.
+
+	    Fix breakage with some DHCP relay implementations which
+	    was introduced in 2.28. Believing the source port in
+	    DHCP requests and sending the reply there is sometimes a
+	    bad thing to do, so I've reverted to always sending to
+	    the relay on port 68. Thanks to Daniel Hamlin and Alex
+	    (alde) for bug reports on this.
+
+	    Moved the SuSe packaging files to contrib. I will no
+	    longer attempt to maintain this in the source tarball. It
+	    will be done externally, in the same way as packaging for
+	    other distros. Suse packages are available from 
+	    ftp://ftp.suse.com/pub/people/ug/
+	    
+	    Merged patch from Gentoo to honour $LDFLAGS environment.
+
+	    Fix bug in resolv.conf processing when more than one file
+	    is being checked.
+
+	    Add --dns-forward-max option.
+
+	    Warn if --resolv-file flags are ignored because of
+	    --no-resolv. Thanks to Martin F Krafft for spotting this
+	    one.
+
+            Add --leasefile-ro option which allows the use of an 
+            external lease database. Many thanks to Steve Horbachuk 
+	    for assistance developing this feature.
+
+	    Provide extra information to lease-change script via its
+	    environment. If the host has a client-id, then
+	    DNSMASQ_CLIENT_ID will be set. Either the lease length (in
+	    DNSMASQ_LEASE_LENGTH) or lease expiry time (in
+	    DNSMASQ_LEASE_EXPIRES) will be set, depending on the
+	    HAVE_BROKEN_RTC compile-time option. This extra
+	    information should make it possible to maintain the lease
+	    database in external storage such as LDAP or a relational
+	    database. Note that while leasefile-ro is set, the script
+            will be called with "old"  events more often, since 
+	    changes to the client-id and lease length
+	    (HAVE_BROKEN_RTC) or lease expiry time (otherwise) 
+	    are now flagged. 
+
+	    Add contrib/wrt/* which is an example implementation of an
+	    external persistent lease database for *WRT distros with 
+	    the nvram command.
+
+	    Add contrib/wrt/dhcp_release.c which is a small utility 
+	    which removes DHCP leases using DHCPRELEASE operation in
+	    the DHCP protocol.
+
+version 2.34
+	    Tweak network-determination code for another corner case:
+	    in this case a host forced to move between dhcp-ranges on
+	    the same physical interface. Thanks to Matthias Andree.
+	    
+	    Improve handling of high DNS loads by throttling acceptance of
+	    new queries when resources are tight. This should be a
+	    better response than the "forwarding table full..."
+	    message which was logged before.
+
+	    Fixed intermittent infinite loop when re-reading
+	    /etc/ethers after SIGHUP. Thanks to Eldon Ziegler for the
+	    bug report.
+
+	    Provide extra information to the lease-change script: when
+	    a lease loses its hostname (because a new lease comes
+	    along and claims the same new), the "old" action is called 
+	    with the current state of the lease, ie no name. The
+	    change is to provide the former name which the lease had
+	    in the environment variable DNSMASQ_OLD_HOSTNAME. This
+	    helps scripts which do stuff based on hostname, rather
+	    than IP address. Also provide vendor-class and user-class
+	    information to the lease-change script when a new lease is
+	    created in the DNSMASQ_VENDOR_CLASS and
+	    DNSMASQ_USER_CLASS<n> environment variables. Suggestion 
+            from Francois-Xavier Le Bail.
+
+	    Run the lease change script as root, even when dnsmasq is
+	    configured to change UID to an unprivileged user. Since
+	    most uses of the lease change script need root, this
+	    allows its use whilst keeping the security advantages of
+	    running the daemon without privs. The script is invoked
+	    via a small helper process which keeps root UID, and
+	    validates all data received from the main process. To get
+	    root, an attacker would have to break dnsmasq and then
+	    break the helper through the restricted comms channel 
+	    linking the two.
+	    
+	    Add contrib/port-forward/* which is a script to set up 
+	    port-forwards using the DHCP lease-change script. It's
+	    possible to add a host to a config file by name, and when
+	    that host gets a DHCP lease, the script will use iptables
+	    to set up port-forwards to configured ports at the address
+	    which the host is allocated. The script also handles
+	    setting up the port-forward iptables entries after reboot,
+	    using the persistent lease database, and removing them
+	    when a host leaves and its DHCP lease expires.
+
+	    Fix unaligned access problem which caused wrong log
+	    messages with some clients on some architectures. Thanks
+	    to Francois-Xavier Le Bail for the bugreport.
+
+	    Fixed problem with DHCPRELEASE and multi-address
+	    interfaces. Enhanced contrib/wrt/dhcp_release to cope
+	    under these circumstances too. Thanks to Eldon Ziegler for
+	    input on this.
+
+	    Updated French translation: thanks to Gildas Le Nadan.
+
+	    Upgraded the name hash function in the DNS cache. Thanks
+	    to Oleg Khovayko for good work on this.
+
+	    Added --clear-on-reload flag.  Suggestion from Johannes
+	    Stezenbach.
+
+	    Treat a nameserver address of 0.0.0.0 as "nothing". Erwin 
+            Cabrera spotted that specifying a nameserver as 0.0.0.0 
+	    breaks things badly; this is because the network stack
+	    treats is as "this host" and an endless loop ensues.
+		   
+            Added Webmin module in contrib/webmin. Thanks to Neil
+            Fisher for that.
+
+version 2.35
+	    Generate an "old" script event when a client does a DHCPREQUEST
+	    in INIT-REBOOT or SELECTING state and the lease already
+	    exists. Supply vendor and user class information to these
+	    script calls.
+
+	    Added support for Dragonfly BSD to src/config.h
+
+	    Removed "Upgrading to 2.0" document, which is ancient
+	    history now.
+
+	    Tweak DHCP networking code for BSD, esp OpenBSD. Added a 
+	    workaround for a bug in OpenBSD 4.0: there should finally
+            be support for multiple interfaces under OpenBSD now.
+	    Note that no version of dnsmasq before 2.35 will work for 
+	    DHCP under OpenBSD 4.0 because of a kernel bug.
+	    Thanks to Claudio Jeker, Jeb Campbell and Cristobal 
+	    Palmer for help with this.
+
+	    Optimised the cache code for the case of large
+	    /etc/hosts. This is mainly to remove the O(n-squared)
+	    algorithm which made reading large (50000 lines) files 
+	    slow, but it also takes into account the size of 
+	    /etc/hosts when building hash tables, so overall 
+	    performance should be better. Thanks to "koko" for 
+	    pointing out the problem.
+
+
+ 

FAQ

@@ -21,8 +21,7 @@ Q: Why doesn't dnsmasq support DNS queries over TCP? Don't the RFC's specify
    that?
 
 A: Update: from version 2.10, it does. There are a few limitations:
-   data obtained via TCP is not cached, and dynamically-created
-   interfaces may break under certain circumstances. Source-address
+   data obtained via TCP is not cached, and source-address
    or query-port specifications are ignored for TCP.
 
 Q: When I send SIGUSR1 to dump the contents of the cache, some entries have
@@ -40,18 +39,17 @@ A: They are negative entries: that's what the N flag means. Dnsmasq asked
 
 Q: Will dnsmasq compile/run on non-Linux systems?
 
-A: Yes, there is explicit support for *BSD and Solaris.
+A: Yes, there is explicit support for *BSD and MacOS X. There are
+   start-up scripts for MacOS X Tiger and Panther in /contrib. Earlier
+   dnsmasq releases ran under Solaris, but that capability has
+   rotted. Dnsmasq will link with uclibc to provide small
+   binaries suitable for use in embedded systems such as
+   routers. (There's special code to support machines with flash
+   filesystems and no battery-backed RTC.)
+   If you encounter make errors with *BSD, try installing gmake from
+   ports and building dnsmasq with "make MAKE=gmake" 
    For other systems, try altering the settings in config.h.
-
-A: Update for V2. Doing DHCP is rather non-portable, so there may be
-   a few teething troubles. The initial 2.0 release is known to work
-   on Linux 2.2.x, Linux 2.4.x and Linux 2.6.x with uclibc and glibc
-   2.3. It also works on FreeBSD 4.8. The crucial problem is sending
-   raw packets, bypassing the IP stack. Dnsmasq contains code to do
-   using PF_PACKET sockets (which is for Linux) and the Berkeley packet
-   filter (which works with BSD). If you are trying to port to another
-   Un*x, bpf is the most likeley candidate. See config.h 
-
+ 
 Q: My companies' nameserver knows about some names which aren't in the
    public DNS. Even though I put it first in /etc/resolv.conf, it
    dosen't work: dnsmasq seems not to use the nameservers in the order
@@ -89,7 +87,7 @@ A: This has been seen when a system is bringing up a PPP interface at
 Q: I'm running on BSD and dnsmasq won't accept long options on the
    command line. 
 
-A: Dnsmasq when built on BSD systems doesn't use GNU getopt by
+A: Dnsmasq when built on some BSD systems doesn't use GNU getopt by
    default. You can either just use the single-letter options or
    change config.h and the Makefile to use getopt-long. Note that
    options in /etc/dnsmasq.conf must always be the long form,
@@ -106,16 +104,26 @@ A: Resolver code sometime does strange things when given names without
    "ping" will get a lookup failure, appending a dot to the end of the
    hostname  will fix things. (ie "ping myhost" fails, but "ping
    myhost." works. The solution is to make sure that all your hosts
-   have a domain set ("domain" in resolv.conf, the network applet in
-   windows, or set a domain in your DHCP server). Any domain  will do,
-   but "localnet" is traditional. Now when you resolve "myhost" the
-   resolver will attempt to look up "myhost.localnet" so you need to
-   have dnsmasq reply to that name. The way to do that is to include
-   the domain in each name on /etc/hosts and/or to use the
-   --expand-hosts and --domain-suffix options.
+   have a domain set ("domain" in resolv.conf, or set a domain in 
+   your DHCP server, see below fr Windows XP and Mac OS X). 
+   Any domain  will do, but "localnet" is traditional. Now when you
+   resolve "myhost" the resolver will attempt to look up 
+   "myhost.localnet" so you need to have dnsmasq reply to that name. 
+   The way to do that is to include the domain in each name on
+   /etc/hosts  and/or to use the --expand-hosts and --domain options.
+
+Q: How do I set the DNS domain in Windows XP or MacOS X (ref: previous
+   question)?
+
+A: for XP, Control Panel > Network Connections > { Connection to gateway /
+   DNS } > Properties > { Highlight TCP/IP } > Properties > Advanced >
+   DNS Tab > DNS suffix for this connection: 
+
+A: for OS X, System Preferences > Network > {Connection to gateway / DNS } >
+   Search domains:
 
 Q: Can I get dnsmasq to save the contents of its cache to disk when
-   I shut my machine down and re-load when it starts again.
+   I shut my machine down and re-load when it starts again?
 
 A: No, that facility is not provided. Very few names in the DNS have
    their time-to-live set for longer than a few hours so most of the
@@ -282,7 +290,9 @@ Q: Can I get email notification when a new version of dnsmasq is
 
 A: Yes, new releases of dnsmasq are always announced through
    freshmeat.net, and they allow you to subcribe to email alerts when
-   new versions of particular projects are released.
+   new versions of particular projects are released. New releases are
+   also announced in the dnsmasq-discuss mailing list, subscribe at 
+   http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
 
 Q: What does the dhcp-authoritative option do? 
 
@@ -299,7 +309,97 @@ A: Because when a Gentoo box shuts down, it releases its lease with
    dnsmasq ignores it until is times out and restarts the process.
    To fix this, set the dhcp-authoritative flag in dnsmasq.
 
+Q: My laptop has two network interfaces, a wired one and a wireless
+   one. I never use both interfaces at the same time, and I'd like the
+   same IP and configuration to be used irrespcetive of which
+   interface is in use. How can I do that?
+
+A: By default, the identity of a machine is determined by using the
+   MAC address, which is associated with interface hardware. Once an
+   IP is bound to the MAC address of one interface, it cannot be
+   associated with another MAC address until after the DHCP lease
+   expires. The solution to this is to use a client-id as the machine
+   identity rather than the MAC address. If you arrange for the same
+   client-id to sent when either interface is in use, the DHCP server
+   will recognise the same machine, and use the same address. The
+   method for setting the client-id varies with DHCP client software,
+   dhcpcd uses the "-I" flag. Windows uses a registry setting,
+   see http://www.jsiinc.com/SUBF/TIP2800/rh2845.htm
+
+Q: Can dnsmasq do DHCP on IP-alias interfaces?
+
+A: Yes, from version-2.21. The support is only available running under
+   Linux, on a kernel which provides the RT-netlink facility. All 2.4 
+   and 2.6 kernels provide RT-netlink and it's an option in 2.2
+   kernels. 
+   
+   If a physical interface has more than one IP address or aliases
+   with extra IP addresses, then any dhcp-ranges corresponding to
+   these addresses can be used for address allocation. So if an
+   interface has addresses 192.168.1.0/24 and 192.68.2.0/24 and there
+   are DHCP ranges 192.168.1.100-192.168.1.200 and
+   192.168.2.100-192.168.2.200 then both ranges would be used for host
+   connected to the physical interface. A more typical use might be to
+   have one of the address-ranges as static-only, and have known
+   hosts allocated addresses on that subnet using dhcp-host options,
+   while  anonymous hosts go on the other.
 
 
+Q: Dnsmasq sometimes logs "nameserver xxx.xxx.xxx.xxx refused
+   to do a recursive query" and DNS stops working. What's going on?
+
+A: Probably the nameserver is an authoritative nameserver for a
+   particular domain, but is not configured to answer general DNS
+   queries for an arbitrary domain. It is not suitable for use by
+   dnsmasq as an upstream server and should be removed from the
+   configuration. Note that if you have more than one upstream
+   nameserver configured dnsmasq will load-balance across them and
+   it may be some time before dnsmasq gets around to using a 
+   particular nameserver. This means that a particular configuration
+   may work for sometime with a broken upstream nameserver
+   configuration.
+
+
+Q: Does the dnsmasq DHCP server probe addresses before allocating
+   them, as recommended in RFC2131?
+
+A: Yes, dynmaically allocated IP addresses are checked by sending an
+   ICMP echo request (ping). If a reply is received, then dnsmasq
+   assumes that the address is in use, and attempts to allocate an
+   different address. The wait for a reply is between two and three
+   seconds. Because the DHCP server is not re-entrant, it cannot serve
+   other DHCP requests during this time. To avoid dropping requests,
+   the address probe may be skipped when dnsmasq is under heavy load.
+
+
+Q: I'm using dnsmasq on a machine with the Firestarter firewall, and
+   DHCP doesn't work. What's the problem?
+
+A: This a variant on the iptables problem. Explicit details on how to
+   proceed can be found at 
+   http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2005q3/000431.html
+ 
+
+Q: Dnsmasq logs "running as root because setting capabilities failed"
+   when it starts up. Why did that happen and what can do to fix it?
+
+A: Change your kernel configuration: either deselect CONFIG_SECURITY
+   _or_ select CONFIG_SECURITY_CAPABILITIES.
+
+
+Q: Where can I get .rpms Suitable for Suse?
+
+A: Dnsmasq is in Suse itself, and the latest releases are also
+   available at ftp://ftp.suse.com/pub/people/ug/
+
+
+
+
+ 
+
+
+
+
+   
 
 	      

Makefile

@@ -1,22 +1,44 @@
 PREFIX?=/usr/local
 BINDIR = ${PREFIX}/sbin
-MANDIR = ${PREFIX}/man
+MANDIR = ${PREFIX}/share/man
+LOCALEDIR = ${PREFIX}/share/locale
 
 SRC = src
+PO = po
+MAN = man
 
 CFLAGS?= -O2
 
-all : 
-	@cd $(SRC); $(MAKE) dnsmasq 
+all :   dnsmasq
+
+dnsmasq :
+	$(MAKE) I18N=-DNO_GETTEXT -f ../bld/Makefile -C $(SRC) dnsmasq 
 
 clean :
-	rm -f *~ contrib/*/*~ */*~ $(SRC)/*.o $(SRC)/dnsmasq core build
+	rm -f *~ $(SRC)/*.mo contrib/*/*~ */*~ $(SRC)/*.pot 
+	rm -f $(SRC)/*.o $(SRC)/dnsmasq.a $(SRC)/dnsmasq core */core
 
-install : all
+install : all install-common
+
+install-common :
 	install -d $(DESTDIR)$(BINDIR) -d $(DESTDIR)$(MANDIR)/man8
-	install -m 644 dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 
+	install -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 
 	install -m 755 $(SRC)/dnsmasq $(DESTDIR)$(BINDIR)
 
-
+all-i18n :
+	$(MAKE) I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' -f ../bld/Makefile -C $(SRC) dnsmasq
+	cd $(PO); for f in *.po; do \
+		$(MAKE) -f ../bld/Makefile -C ../$(SRC) $${f%.po}.mo; \
+	done
+
+install-i18n : all-i18n install-common
+	cd $(SRC); ../bld/install-mo $(DESTDIR)$(LOCALEDIR)
+	cd $(MAN); ../bld/install-man $(DESTDIR)$(MANDIR)
+
+merge :
+	$(MAKE) I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' -f ../bld/Makefile -C $(SRC) dnsmasq.pot
+	cd $(PO); for f in *.po; do \
+		msgmerge -U $$f ../$(SRC)/dnsmasq.pot; \
+	done
 
 

UPGRADING_to_2.0

@@ -1,68 +0,0 @@
-
-
-	Upgrading to dnsmasq V2
-        -----------------------
-
-Version 1.x of dnsmasq includes a facility for reading the dhcp.leases
-file written by ISC dhcpd. This allows the names of machines which
-have addresses allocated by DHCP to be included in the DNS.
-
-Version 2.x of dnsmasq replaces the ISC dhcpd integration with a DHCP 
-server integrated into dnsmasq. Versions 2.0-2.5 removed the ISC 
-integration completely, but in version 2.6 it was re-enabled for 
-backwards compatibility purposes. The change to an integrated DHCP 
-server has the following advantages:
-
-* Small. ISC dhcpd is a large and comprehensive DHCP solution. The
-  dnsmasq DHCP server adds about 15k to DNS-only dnsmasq and provides
-  all the facilities likely to be needed in the sort of networks
-  which are targeted by dnsmasq.
-
-* Easy to configure. All configuration is in one file and there are
-  sensible defaults for common settings. Many applications will need
-  just one extra line in /etc/dnsmasq.conf which tells it the range of
-  addresses to allocate to DHCP.
-
-* Support for static leases. When static leases are used with ISC DHCP
-  they don't appear in the dhcp.leases file (since that file is used
-  for storage of dynamic leases which aren't pre-configured.) Hence
-  static leases cannot be used with dnsmasq unless each machine with a
-  static lease is also inserted into /etc/hosts. This is not required
-  with the dnsmasq DHCP server.
-
-
-       DHCP configuration
-       ------------------
-
-To convert an installation which is currently using ISC dhcpd, remove
-the ISC DHCP daemon. Unless you want dnsmasq to use the same file
-to store its leases it is necessary to remove the configuration line in
-/etc/dnsmasq.conf which specifies the dhcp.leases file.
-
-To enable DHCP, simply add a line like this to /etc/dnsmasq.conf
-
-dhcp-range=192.168.0.100,192.168.0.200,12h
-
-which tells dnsmasq to us the addresses 192.168.0.100 to 192.168.0.200
-for dynamic IP addresses, and to issue twelve hour leases.
-
-Each host will have its default route and DNS server set to be the
-address of the host running dnsmasq, and its netmask and broadcast 
-address set correctly, so nothing else at all is required for a
-minimal system. Hosts which include a hostname in their DHCP request 
-will have that name and their allocated address inserted into the DNS,
-in the same way as before.
-
-Having started dnsmasq, tell any hosts on the network to renew their
-DHCP lease, so that dnsmasq's  DHCP server becomes aware of them. For
-Linux, this is best done by killing-and-restarting the DHCP client
-daemon or taking the network interface down and then back up. For 
-Windows 9x/Me, use the graphical tool "winipcfg". For Windows
-NT/2000/XP, use the command-line "ipconfig /renew"
-
-For more complex DHCP configuration, refer to the doc/setup.html, the
-dnsmasq manpage and the annotated example configuration file. Also
-note that for some ISC dhcpd to dnsmasq DHCP upgrades there may be
-firewall issues: see the FAQ for details of this.
-
-

bld/Makefile

@@ -0,0 +1,18 @@
+CFLAGS ?= -O2
+PKG_CONFIG ?= pkg-config
+
+
+OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o network.o \
+       dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o helper.o
+
+.c.o:
+	$(CC) $(CFLAGS) $(COPTS) $(I18N) `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --cflags dbus-1` $(RPM_OPT_FLAGS) -Wall -W -c $<
+
+dnsmasq : $(OBJS)
+	$(CC) $(LDFLAGS) -o $@  $(OBJS) `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --libs dbus-1` $(LIBS) 
+ 
+dnsmasq.pot : $(OBJS:.o=.c) dnsmasq.h config.h
+	xgettext -d dnsmasq --foreign-user --keyword=_ -o dnsmasq.pot -i $(OBJS:.o=.c)
+
+%.mo : ../po/%.po dnsmasq.pot
+	msgmerge -o - ../po/$*.po dnsmasq.pot | msgfmt -o $*.mo -

bld/install-man

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+for f in *; do
+  if [ -d $f ]; then
+     install -d $1/$f/man8 
+     install -m 644 $f/dnsmasq.8 $1/$f/man8
+     echo installing $1/$f/man8/dnsmasq.8
+  fi
+done

bld/install-mo

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+for f in *.mo; do
+  install -d $1/${f%.mo}/LC_MESSAGES
+  install -m 644 $f $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
+  echo installing $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
+done
+
+

bld/pkg-wrapper

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if grep -q "^\#.*define.*HAVE_DBUS" config.h || grep -q HAVE_DBUS ; then
+  exec $*
+fi
+
+

contrib/Suse/README

@@ -0,0 +1,6 @@
+This packaging is now unmaintained in the dnsmasq source: dnsmasq is
+included in Suse proper, and up-to-date packages are now available
+from 
+
+ftp://ftp.suse.com/pub/people/ug/
+

contrib/Suse/dnsmasq-SuSE.patch

@@ -0,0 +1,23 @@
+--- man/dnsmasq.8	2004-08-08 20:57:56.000000000 +0200
++++ man/dnsmasq.8	2004-08-12 00:40:01.000000000 +0200
+@@ -69,7 +69,7 @@
+ .TP
+ .B \-g, --group=<groupname> 
+ Specify the group which dnsmasq will run
+-as. The defaults to "dip", if available, to facilitate access to
++as. The defaults to "dialout", if available, to facilitate access to
+ /etc/ppp/resolv.conf which is not normally world readable.
+ .TP
+ .B \-v, --version
+--- src/config.h	2004-08-11 11:39:18.000000000 +0200
++++ src/config.h	2004-08-12 00:40:01.000000000 +0200
+@@ -44,7 +44,7 @@
+ #endif
+ #define DEFLEASE 3600 /* default lease time, 1 hour */
+ #define CHUSER "nobody"
+-#define CHGRP "dip"
++#define CHGRP "dialout"
+ #define DHCP_SERVER_PORT 67
+ #define DHCP_CLIENT_PORT 68
+ 
+

contrib/Suse/dnsmasq-suse.spec

@@ -5,7 +5,7 @@
 ###############################################################################
 
 Name: dnsmasq
-Version: 2.17
+Version: 2.33
 Release: 1
 Copyright: GPL
 Group: Productivity/Networking/DNS/Servers
@@ -43,7 +43,7 @@ patch -p0 <rpm/%{name}-SuSE.patch
 
 %build
 %{?suse_update_config:%{suse_update_config -f}}
-make
+make all-i18n DESTDIR=$RPM_BUILD_ROOT PREFIX=/usr
 
 ###############################################################################
 #
@@ -54,15 +54,11 @@ make
 %install
 rm -rf $RPM_BUILD_ROOT
 mkdir -p ${RPM_BUILD_ROOT}/etc/init.d
-mkdir -p ${RPM_BUILD_ROOT}/usr/sbin
-mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8
+make install-i18n DESTDIR=$RPM_BUILD_ROOT PREFIX=/usr
 install -o root -g root -m 755 rpm/rc.dnsmasq-suse $RPM_BUILD_ROOT/etc/init.d/dnsmasq
 install -o root -g root -m 644 dnsmasq.conf.example $RPM_BUILD_ROOT/etc/dnsmasq.conf
-strip src/dnsmasq
-install -o root -g root -m 755 src/dnsmasq $RPM_BUILD_ROOT/usr/sbin
+strip $RPM_BUILD_ROOT/usr/sbin/dnsmasq
 ln -sf ../../etc/init.d/dnsmasq $RPM_BUILD_ROOT/usr/sbin/rcdnsmasq
-gzip -9 dnsmasq.8
-install -o root -g root -m 644 dnsmasq.8.gz $RPM_BUILD_ROOT%{_mandir}/man8
 
 ###############################################################################
 #
@@ -108,7 +104,8 @@ rm -rf $RPM_BUILD_ROOT
 %config /etc/dnsmasq.conf
 /usr/sbin/rcdnsmasq
 /usr/sbin/dnsmasq
+/usr/share/locale/*/LC_MESSAGES/*
 %doc %{_mandir}/man8/dnsmasq.8.gz
-
+%doc %{_mandir}/*/man8/dnsmasq.8.gz
 
 

contrib/dnsmasq_MacOSX/DNSmasq

@@ -0,0 +1,22 @@
+#!/bin/sh
+. /etc/rc.common
+
+StartService() {
+  if [ "${DNSMASQ:=-NO-}" = "-YES-" ] ; then
+    /usr/local/sbin/dnsmasq -q -n
+  fi
+}
+
+StopService() {
+  pid=`GetPID dnsmasq`
+  if [ $? -eq 0 ]; then
+    kill $pid
+  fi
+}
+
+RestartService() {
+  StopService "$@"
+  StartService "$@"
+}
+
+RunService "$1"

contrib/dnsmasq_MacOSX/README.rtf

@@ -0,0 +1,42 @@
+{\rtf1\mac\ansicpg10000\cocoartf824\cocoasubrtf100
+{\fonttbl\f0\fswiss\fcharset77 Helvetica;\f1\fnil\fcharset77 Monaco;}
+{\colortbl;\red255\green255\blue255;}
+\paperw11900\paperh16840\margl1440\margr1440\vieww11120\viewh10100\viewkind0
+\pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\ql\qnatural\pardirnatural
+
+\f0\fs24 \cf0 1. 	If you've used DNSenabler, or if you're using Mac OS X Server, or if you have in any other way activated Mac OS X's built-in DHCP and/or DNS servers, disable them.  This would usually involve checking that they are either set to -NO- or absent altogether in 
+\f1 /etc/hostconfig
+\f0 .  If you've never done anything to do with DNS or DHCP servers on a client version of MacOS X, you won't need to worry about this; it will already be configured for you.\
+\
+2.	Add a configuration item to 
+\f1 /etc/hostconfig
+\f0  as follows:\
+\
+
+\f1 DNSMASQ=-YES-
+\f0 \
+\
+3. 	Create a system-wide StartupItems directory for dnsmasq:\
+\
+
+\f1 sudo mkdir -p /Library/StartupItems/DNSmasq\
+
+\f0 \
+4.	Copy the files 
+\f1 DNSmasq
+\f0  and 
+\f1 StartupParameters.plist
+\f0  into this directory, and make sure the former is executable:\
+\
+
+\f1 sudo cp DNSmasq StartupParameters.plist /Library/StartupItems/DNSmasq\
+sudo chmod 755 /Library/StartupItems/DNSmasq/DNSmasq\
+
+\f0 \
+5.	Start the service:\
+\
+
+\f1 sudo /Library/StartupItems/DNSmasq/DNSmasq start\
+
+\f0 \cf0 \
+That should be all...}

contrib/dnsmasq_MacOSX/StartupParameters.plist

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Description</key>
+	<string>DNSmasq</string>
+	<key>OrderPreference</key>
+	<string>None</string>
+	<key>Provides</key>
+	<array>
+		<string>DNSmasq</string>
+	</array>
+	<key>Uses</key>
+	<array>
+		<string>Network</string>
+	</array>
+	</dict>
+</plist>

contrib/openvpn/README

@@ -0,0 +1,44 @@
+The patch I have attached lets me get the behavior I wish out of
+dnsmasq.  I also include my version of dhclient-enter-hooks as
+required for the switchover from pre-dnsmasq and dhclient.
+
+On 8/16/05, Joseph Tate <dragonstrider@gmail.com> wrote:
+> I'm trying to use dnsmasq on a laptop in order to facilitate openvpn
+> connections.  As such, the only configuration option I'm concerned
+> about is a single server=3D/example.com/192.168.0.1 line.
+>
+> The way I currently have it set up is I modified dhclient to write its
+> resolv.conf data to /etc/resolv.conf.dhclient and configured
+> /etc/dnsmasq.conf to look there for its upstream dns servers.
+> /etc/resolv.conf is set to nameserver 127.0.0.1
+>
+> All of this works great.  When I start the openvpn service, it the
+> routes, and queries to the domain in the server=3D line work just fine.
+>
+> The only problem is that the hostname for my system doesn't get set
+> correctly.  With the resolv.conf data written to something other than
+> /etc/resolv.conf, the ifup scripts don't have a valid dns server to do
+> the ipcalc call to set the laptop's hostname.  If I start dnsmasq
+> before the network comes up, something gets fubar'd.  I'm not sure how
+> to describe it exactly, but network services are slow to load, and
+> restarting networking and dnsmasq doesn't solve the problem.  Perhaps
+> dnsmasq is answering the dhcp request when the network starts?
+> Certainly not desired behavior.
+>
+> Anyway, my question: is there a way to have the best of both worlds?
+> DHCP requests to another server, and DNS lookups that work at all
+> times?
+>
+> My current best idea on how to solve this problem is modifying the
+> dnsmasq initscript to tweak /etc/dhclient-enter-hooks to change where
+> dhclient writes resolv.conf data, and fixing up /etc/resolv.conf on
+> the fly to set 127.0.0.1 to the nameserver (and somehow keep the
+> search domains intact), but I'm hoping that I'm just missing some key
+> piece of the puzzle and that this problem has been solved before.  Any
+> insights?
+>
+> --
+> Joseph Tate
+> Personal e-mail: jtate AT dragonstrider DOT com
+> Web: http://www.dragonstrider.com
+>

contrib/openvpn/dhclient-enter-hooks

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+function save_previous() {
+  if [ -e $1 -a ! -e $1.predhclient ]; then
+    mv $1 $1.predhclient 
+  fi
+}
+
+function write_resolv_conf() {
+  RESOLVCONF=$1
+  if [ -n "$new_domain_name" ] || [ -n "$new_domain_name_servers" ]; then
+    save_previous $RESOLVCONF
+    echo '; generated by /etc/dhclient-enter-hooks' > $RESOLVCONF
+    if [ -n "$SEARCH" ]; then
+ 	echo search $SEARCH >> $RESOLVCONF
+    else
+	if [ -n "$new_domain_name" ]; then
+ 	    echo search $new_domain_name >> $RESOLVCONF
+ 	fi
+    fi
+    chmod 644 $RESOLVCONF
+    for nameserver in $new_domain_name_servers; do
+      echo nameserver $nameserver >>$RESOLVCONF
+    done
+  fi
+}
+
+make_resolv_conf() {
+  write_resolv_conf /etc/resolv.conf
+}

contrib/openvpn/dnsmasq.patch

@@ -0,0 +1,61 @@
+--- dnsmasq-2.22/rpm/dnsmasq.rh	2005-03-24 09:51:18.000000000 -0500
++++ dnsmasq-2.22/rpm/dnsmasq.rh.new	2005-08-25 10:52:04.310568784 -0400
+@@ -2,7 +2,7 @@
+ #
+ # Startup script for the DNS caching server
+ #
+-# chkconfig: 2345 99 01
++# chkconfig: 2345 07 89
+ # description: This script starts your DNS caching server
+ # processname: dnsmasq
+ # pidfile: /var/run/dnsmasq.pid
+@@ -10,6 +10,25 @@
+ # Source function library.
+ . /etc/rc.d/init.d/functions
+ 
++function setup_dhclient_enter_hooks() {
++    if [ -f /etc/dhclient-enter-hooks ]; then
++        . /etc/dhclient-enter-hooks
++        cp /etc/resolv.conf /etc/resolv.conf.dnsmasq
++        cp /etc/dhclient-enter-hooks /etc/dhclient-enter-hooks.dnsmasq
++        sed -e 's/resolv\.conf$/resolv.conf.dnsmasq/' /etc/dhclient-enter-hooks.dnsmasq > /etc/dhclient-enter-hooks
++        sed -e 's/\(nameserver[ tab]\+\)[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/\1127.0.0.1/' /etc/resolv.conf.dnsmasq > /etc/resolv.conf
++    fi
++}
++
++function teardown_dhclient_enter_hooks() {
++    if [ -f /etc/dhclient-enter-hooks -a -f /etc/dhclient-enter-hooks.dnsmasq ]; then
++        if [ -f /etc/resolv.conf.dnsmasq ]; then
++            mv /etc/resolv.conf.dnsmasq /etc/resolv.conf
++        fi
++        mv /etc/dhclient-enter-hooks.dnsmasq /etc/dhclient-enter-hooks
++    fi
++}
++
+ # Source networking configuration.
+ . /etc/sysconfig/network
+ 
+@@ -24,7 +43,7 @@
+ MAILHOSTNAME=""
+ # change this line if you want dns to get its upstream servers from
+ # somewhere other that /etc/resolv.conf 
+-RESOLV_CONF=""
++RESOLV_CONF="/etc/resolv.conf.dnsmasq"
+ # change this if you want dnsmasq to cache any "hostname" or "client-hostname" from
+ # a dhcpd's lease file
+@@ -54,6 +73,7 @@
+ case "$1" in
+   start)
+         echo -n "Starting dnsmasq: "
++        setup_dhclient_enter_hooks
+         daemon $dnsmasq $OPTIONS
+ 	RETVAL=$?
+         echo
+@@ -62,6 +82,7 @@
+   stop)
+         if test "x`pidof dnsmasq`" != x; then
+             echo -n "Shutting down dnsmasq: "
++            teardown_dhclient_enter_hooks
+             killproc dnsmasq
+         fi
+ 	RETVAL=$?

contrib/port-forward/dnsmasq-portforward

@@ -0,0 +1,68 @@
+#!/bin/bash
+# 
+# /usr/sbin/dnsmasq-portforward
+#
+# A script which gets run when the dnsmasq DHCP lease database changes.
+# It logs to $LOGFILE, if it exists, and maintains port-forwards using
+# IP-tables so that they always point to the correct host. See
+# $PORTSFILE for details on configuring this. dnsmasq must be version 2.34 
+# or later.
+#
+# To enable this script, add 
+#    dhcp-script=/usr/sbin/dnsmasq-portforward
+# to /etc/dnsmasq.conf
+#
+# To enable logging, touch $LOGFILE
+#
+
+PORTSFILE=/etc/portforward
+LOGFILE=/var/log/dhcp.log
+IPTABLES=/sbin/iptables
+
+action=${1:-0}
+hostname=${4}
+
+# log what's going on.
+if [ -f ${LOGFILE} ] ; then
+    date +"%D %T $*" >>${LOGFILE}
+fi
+
+# If a lease gets stripped of a name, we see that as an "old" action
+# with DNSMASQ_OLD_HOSTNAME set, convert it into a "del" 
+if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then
+    action=del
+    hostname=${DNSMASQ_OLD_HOSTNAME}
+fi
+
+# action init is not relevant, and will only be seen when leasefile-ro is set.
+if [ ${action} = init ] ; then
+    exit 0
+fi
+
+if [ ${hostname} ]; then
+    ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE})
+
+    for port in $ports; do
+	verb=removed
+	protocol=tcp
+	if [ ${port:0:1} = u ] ; then
+	    protocol=udp 
+	    port=${port/u/}
+	fi
+	src=${port/:*/}
+	dst=${port/*:/}
+# delete first, to avoid multiple copies of rules.
+	${IPTABLES} -t nat -D PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst
+        if [ ${action} != del ] ; then
+	    ${IPTABLES} -t nat -A PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst
+	    verb=added
+	fi
+	if [ -f ${LOGFILE} ] ; then
+	    echo "     DNAT $protocol $src to ${3}:$dst ${verb}." >>${LOGFILE}
+	fi
+    done
+fi
+    
+exit 0
+
+

contrib/port-forward/portforward

@@ -0,0 +1,28 @@
+# This file is read by /usr/sbin/dnsmasq-portforward and used to set up port 
+# forwarding to hostnames. If the dnsmasq-determined hostname matches the
+# first column of this file, then a DNAT port-forward will be set up 
+# to the address which has just been allocated by DHCP . The second field 
+# is port number(s). If there is only one, then the port-forward goes to 
+# the same port on the DHCP-client, if there are two seperated with a 
+# colon, then the second number is the port to which the connection 
+# is forwarded on the DHCP-client. By default, forwarding is set up 
+# for TCP, but it can done for UDP instead by prefixing the port to "u". 
+# To forward both TCP and UDP, two lines are required. 
+#
+# eg.
+# wwwserver 80
+# will set up a port forward from port 80 on this host to port 80 
+# at the address allocated to wwwserver whenever wwwserver gets a DHCP lease.
+#
+# wwwserver 8080:80
+# will set up a port forward from port 8080 on this host to port 80
+# on the DHCP-client.
+#
+# dnsserver 53
+# dnsserver u53
+# will port forward port 53 UDP and TCP from this host to port 53 on dnsserver.
+#
+# Port forwards will recreated when dnsmasq restarts after a reboot, and
+# removed when DHCP leases expire. After editing this file, restart dnsmasq 
+# to install new iptables entries in the kernel.
+

contrib/slackware-dnsmasq/dnsmasq.SlackBuild

@@ -0,0 +1,56 @@
+#!/bin/sh
+CWD=`pwd`
+PKG=/tmp/package-dnsmasq
+
+VERSION=2.24
+ARCH=${ARCH:-i486}
+BUILD=${BUILD:-1}
+
+if [ "$ARCH" = "i386" ]; then
+  SLKCFLAGS="-O2 -march=i386 -mcpu=i686"
+elif [ "$ARCH" = "i486" ]; then
+  SLKCFLAGS="-O2 -march=i486 -mcpu=i686"
+elif [ "$ARCH" = "s390" ]; then
+  SLKCFLAGS="-O2"
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2"
+fi
+
+rm -rf $PKG
+mkdir -p $PKG
+cd /tmp
+rm -rf dnsmasq-$VERSION
+tar xzvf $CWD/dnsmasq-$VERSION.tar.gz
+cd dnsmasq-$VERSION
+zcat $CWD/dnsmasq.leasedir.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit
+chown -R root.root .
+make install-i18n PREFIX=/usr DESTDIR=$PKG MANDIR=/usr/man
+chmod 755 $PKG/usr/sbin/dnsmasq
+chown -R root.bin $PKG/usr/sbin
+gzip -9 $PKG/usr/man/man8/dnsmasq.8
+for f in $PKG/usr/share/man/*; do 
+   if [ -f $$f/man8/dnsmasq.8 ]; then 
+        gzip -9 $$f/man8/dnsmasq.8 ; 
+   fi 
+done
+gzip -9 $PKG/usr/man/*/man8/dnsmasq.8
+mkdir -p $PKG/var/state/dnsmasq
+( cd $PKG
+  find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+  find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+)
+mkdir $PKG/etc
+cat dnsmasq.conf.example > $PKG/etc/dnsmasq.conf.new
+mkdir $PKG/etc/rc.d
+zcat $CWD/rc.dnsmasq.gz > $PKG/etc/rc.d/rc.dnsmasq.new
+mkdir -p $PKG/usr/doc/dnsmasq-$VERSION
+cp -a \
+  CHANGELOG COPYING FAQ UPGRADING_to_2.0 doc.html setup.html \
+  $PKG/usr/doc/dnsmasq-$VERSION
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+
+cd $PKG
+makepkg -l y -c n ../dnsmasq-$VERSION-$ARCH-$BUILD.tgz
+

contrib/slackware-dnsmasq/slack-desc

@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.  Line
+# up the first '|' above the ':' following the base package name, and the '|' on
+# the right side marks the last column you can put a character in.  You must make
+# exactly 11 lines for the formatting to be correct.  It's also customary to
+# leave one space after the ':'.
+
+       |-----handy-ruler------------------------------------------------------|
+dnsmasq: dnsmasq (small DNS and DHCP server)
+dnsmasq:
+dnsmasq: Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
+dnsmasq: server.  It is designed to provide DNS (and optionally DHCP) to a
+dnsmasq: small network, and can serve the names of local machines which are not
+dnsmasq: in the global DNS. 
+dnsmasq:
+dnsmasq: Dnsmasq was written by Simon Kelley.
+dnsmasq:
+dnsmasq:
+dnsmasq:

contrib/webmin/README

@@ -0,0 +1,54 @@
+
+This is the README for the DNSmasq webmin module.
+
+Problems:
+
+1) There's only basic error checking - if you enter some bad
+addresses or names, they will go straight into the config file
+although we do check for things like IP addresses being of
+the correct form (no letters, 4 groups of up to 3 digits
+separated by dots etc). One thing that ISN'T CHECKED FOR is
+that IP dotted quads are all numbers < 256. Another is that
+netmasks are logical (you could enter a netmask of 255.0.255.0 
+for example). Essentially, if it'll pass the config file
+regex scanner (and the above examples will), it won't be 
+flagged as "bad" even if it is a big no-no for dnsmasq itself. 
+
+2) Code is ugly and a kludge - I ain't a programmer! There are probably 
+a lot of things that could be done to tidy up the code - eg, 
+it probably wouldn't hurt to move some common stuff into the lib file.
+
+3) I've used the %text hash and written an english lang file, but
+I am mono-lingual so no other language support as yet.
+
+4) for reasons unknown to me, the icon does not appear properly
+on the servers page of webmin (at least it doesn't for me!)
+
+5) icons have been shamelessly stolen from the ipfilter module,
+specifically the up and down arrows.
+
+6) if you delete an item, the config file will contain
+an otherwise empty, but commented line. This means that if
+you add some new stuff, then delete it, the config file
+will have a number of lines at the end that are just comments.
+Therefore, the config file could possibly grow quite large.
+
+7) NO INCLUDE FILES!
+if you use an include file, it'll be flagged as an error. 
+OK if the include file line is commented out though.
+
+8) deprecated lines not supported (eg user and group) - they
+may produce an error! (user and group don't, but you can't change
+them)
+
+IOW, it works, it's just not very elegant and not very robust.
+
+Hope you find it useful though - I do, as I prevents me having to ever
+wade through the config file and man pages again.
+
+If you modify it, or add a language file, and you have a spare moment,
+please e-mail me - I won't be upset at all if you fix my poor coding!
+(rather the opposite - I'd be pleased someone found it usefull)
+
+Cheers,
+	Neil Fisher <neil@magnecor.com.au>

contrib/wrt/Makefile

@@ -0,0 +1,7 @@
+CFLAGS?= -O2
+
+all: dhcp_release.c
+	$(CC) $(CFLAGS) $(RPM_OPT_FLAGS) -Wall -W dhcp_release.c -o dhcp_release
+
+clean:
+	rm -f *~ *.o core dhcp_release

contrib/wrt/README

@@ -0,0 +1,81 @@
+This script can be used to implement persistent leases on openWRT, DD-WRT
+etc. Persistent leases are good: if the lease database is lost on a
+reboot, then it will eventually be restored as hosts renew their
+leases. Until a host renews (which may take hours/days) it will
+not exist in the DNS if dnsmasq's DDNS function is in use.
+
+*WRT systems remount all non-volatile fileystems read-only after boot,
+so the normal leasefile will not work. They do, however have NV
+storage, accessed with the nvram command:
+
+/usr/lib #  nvram
+usage: nvram [get name] [set name=value] [unset name] [show]
+
+The principle is that leases are kept in NV variable with data
+corresponding to the line in a leasefile:
+
+dnsmasq_lease_192.168.1.56=3600 00:41:4a:05:80:74 192.168.1.56 * *
+
+By giving dnsmasq the leasefile-ro command, it no longer creates or writes a
+leasefile; responsibility for maintaining the lease database transfers
+to the lease change script. At startup, in leasefile-ro mode,
+dnsmasq will run
+
+"<lease_change_script> init" 
+
+and read whatever that command spits out, expecting it to
+be in dnsmasq leasefile format.
+
+So the lease change script, given "init" as argv[1] will 
+suck existing leases out of the NVRAM and emit them from
+stdout in the correct format.
+
+The second part of the problem is keeping the NVRAM up-to-date: this
+is done by the lease-change script which dnsmasq runs when a lease is
+updated. When it is called with argv[1] as "old", "add", or "del"
+it updates the relevant nvram entry.
+
+So, dnsmasq should be run as :
+
+dnsmasq --leasefile-ro --dhcp-script=/path/to/lease_update.sh
+
+or the same flags added to /etc/dnsmasq.conf
+
+
+
+Notes: 
+
+This needs dnsmasq-2.33 or later to work.
+
+This technique will work with, or without, compilation with
+HAVE_BROKEN_RTC. Compiling with HAVE_BROKEN_RTC is
+_highly_recommended_ for this application since is avoids problems
+with the system clock being warped by NTP, and it vastly reduces the
+number of writes to the NVRAM. With HAVE_BROKEN_RTC, NVRAM is updated
+only when a lease is created or destroyed; without it, a write occurs
+every time a lease is renewed.
+
+It probably makes sense to restrict the number of active DHCP leases
+to an appropriate number using dhcp-lease-max. On a new DD_WRT system,
+there are about 10K bytes free in the NVRAM. Each lease record is
+about 100 bytes, so restricting the number of leases to 50 will limit
+use to half that. (The default limit in the distributed source is 150)
+
+Any UI script which reads the dnsmasq leasefile will have to be
+ammended, probably by changing it to read the output of 
+`lease_update init` instead.
+ 
+
+Thanks:
+
+To Steve Horbachuk for checks on the script and debugging beyond the 
+call of duty.
+
+
+Simon Kelley
+Fri Jul 28 11:51:13 BST 2006
+
+
+
+
+

contrib/wrt/dhcp_release.c

@@ -0,0 +1,331 @@
+/* Copyright (c) 2006 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+*/
+
+/* dhcp_release <interface> <address> <MAC address> <client_id>
+   MUST be run as root - will fail otherwise. */
+
+/* Send a DHCPRELEASE message via the specified interface 
+   to tell the local DHCP server to delete a particular lease. 
+   
+   The interface argument is the interface in which a DHCP
+   request _would_ be received if it was coming from the client, 
+   rather than being faked up here.
+   
+   The address argument is a dotted-quad IP addresses and mandatory. 
+   
+   The MAC address is colon separated hex, and is mandatory. It may be 
+   prefixed by an address-type byte followed by -, eg
+
+   10-11:22:33:44:55:66
+
+   but if the address-type byte is missing it is assumed to be 1, the type 
+   for ethernet. This encoding is the one used in dnsmasq lease files.
+
+   The client-id is optional. If it is "*" then it treated as being missing.
+*/
+
+#include <sys/types.h> 
+#include <netinet/in.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <net/if_arp.h>
+#include <sys/ioctl.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <errno.h>
+
+#define DHCP_CHADDR_MAX          16
+#define BOOTREQUEST              1
+#define DHCP_COOKIE              0x63825363
+#define OPTION_SERVER_IDENTIFIER 54
+#define OPTION_CLIENT_ID         61
+#define OPTION_MESSAGE_TYPE      53
+#define OPTION_END               255
+#define DHCPRELEASE              7
+#define DHCP_SERVER_PORT         67
+
+typedef unsigned char u8;
+typedef unsigned short u16;
+typedef unsigned int u32;
+
+struct dhcp_packet {
+  u8 op, htype, hlen, hops;
+  u32 xid;
+  u16 secs, flags;
+  struct in_addr ciaddr, yiaddr, siaddr, giaddr;
+  u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128];
+  u32 cookie;
+  unsigned char options[308];
+};
+
+static struct iovec iov;
+
+static int expand_buf(struct iovec *iov, size_t size)
+{
+  void *new;
+
+  if (size <= iov->iov_len)
+    return 1;
+
+  if (!(new = malloc(size)))
+    {
+      errno = ENOMEM;
+      return 0;
+    }
+
+  if (iov->iov_base)
+    {
+      memcpy(new, iov->iov_base, iov->iov_len);
+      free(iov->iov_base);
+    }
+
+  iov->iov_base = new;
+  iov->iov_len = size;
+
+  return 1;
+}
+
+static ssize_t netlink_recv(int fd)
+{
+  struct msghdr msg;
+  ssize_t rc;
+
+  msg.msg_control = NULL;
+  msg.msg_controllen = 0;
+  msg.msg_name = NULL;
+  msg.msg_namelen = 0;
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+    
+  while (1)
+    {
+      msg.msg_flags = 0;
+      while ((rc = recvmsg(fd, &msg, MSG_PEEK)) == -1 && errno == EINTR);
+      
+      /* 2.2.x doesn't suport MSG_PEEK at all, returning EOPNOTSUPP, so we just grab a 
+         big buffer and pray in that case. */
+      if (rc == -1 && errno == EOPNOTSUPP)
+        {
+          if (!expand_buf(&iov, 2000))
+            return -1;
+          break;
+        }
+      
+      if (rc == -1 || !(msg.msg_flags & MSG_TRUNC))
+        break;
+            
+      if (!expand_buf(&iov, iov.iov_len + 100))
+        return -1;
+    }
+
+  /* finally, read it for real */
+  while ((rc = recvmsg(fd, &msg, 0)) == -1 && errno == EINTR);
+  
+  return rc;
+}
+
+static int parse_hex(char *in, unsigned char *out, int maxlen, int *mac_type)
+{
+  int i = 0;
+  char *r;
+    
+  if (mac_type)
+    *mac_type = 0;
+  
+  while (maxlen == -1 || i < maxlen)
+    {
+      for (r = in; *r != 0 && *r != ':' && *r != '-'; r++);
+      if (*r == 0)
+        maxlen = i;
+      
+      if (r != in )
+        {
+          if (*r == '-' && i == 0 && mac_type)
+           {
+              *r = 0;
+              *mac_type = strtol(in, NULL, 16);
+              mac_type = NULL;
+           }
+          else
+            {
+              *r = 0;
+	      out[i] = strtol(in, NULL, 16);
+              i++;
+            }
+        }
+      in = r+1;
+    }
+    return i;
+}
+
+static int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask)
+{
+  return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr);
+}
+
+static struct in_addr find_interface(struct in_addr client, int fd, int index)
+{
+  struct sockaddr_nl addr;
+  struct nlmsghdr *h;
+  ssize_t len;
+ 
+  struct {
+    struct nlmsghdr nlh;
+    struct rtgenmsg g; 
+  } req;
+
+  addr.nl_family = AF_NETLINK;
+  addr.nl_pad = 0;
+  addr.nl_groups = 0;
+  addr.nl_pid = 0; /* address to kernel */
+
+  req.nlh.nlmsg_len = sizeof(req);
+  req.nlh.nlmsg_type = RTM_GETADDR;
+  req.nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST | NLM_F_ACK; 
+  req.nlh.nlmsg_pid = 0;
+  req.nlh.nlmsg_seq = 1;
+  req.g.rtgen_family = AF_INET; 
+
+  if (sendto(fd, (void *)&req, sizeof(req), 0, 
+	     (struct sockaddr *)&addr, sizeof(addr)) == -1)
+    {
+      perror("sendto failed");
+      exit(1);
+    }
+  
+  while (1)
+    {
+      if ((len = netlink_recv(fd)) == -1)
+	{
+	  perror("netlink");
+	  exit(1);
+	}
+
+      for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+	if (h->nlmsg_type == NLMSG_DONE)
+	  exit(0);
+	else if (h->nlmsg_type == RTM_NEWADDR)
+          {
+            struct ifaddrmsg *ifa = NLMSG_DATA(h);  
+            struct rtattr *rta;
+            unsigned int len1 = h->nlmsg_len - NLMSG_LENGTH(sizeof(*ifa));
+            
+            if (ifa->ifa_index == index && ifa->ifa_family == AF_INET)
+              {
+                struct in_addr netmask, addr;
+                
+                netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen));
+                addr.s_addr = 0;
+                
+                for (rta = IFA_RTA(ifa); RTA_OK(rta, len1); rta = RTA_NEXT(rta, len1))
+		  if (rta->rta_type == IFA_LOCAL)
+		    addr = *((struct in_addr *)(rta+1));
+		
+                if (addr.s_addr && is_same_net(addr, client, netmask))
+		  return addr;
+	      }
+	  }
+    }
+ 
+  exit(0);
+}
+
+int main(int argc, char **argv)
+{ 
+  struct in_addr server, lease;
+  int mac_type;
+  struct dhcp_packet packet;
+  unsigned char *p = packet.options;
+  struct sockaddr_in dest;
+  struct ifreq ifr;
+  int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+  int nl = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+  struct iovec iov;
+ 
+  iov.iov_len = 200;
+  iov.iov_base = malloc(iov.iov_len);
+
+  if (argc < 4 || argc > 5)
+    { 
+      fprintf(stderr, "usage: dhcp_release <interface> <addr> <mac> [<client_id>]\n");
+      exit(1);
+    }
+
+  if (fd == -1 || nl == -1)
+    {
+      perror("cannot create socket");
+      exit(1);
+    }
+  
+  /* This voodoo fakes up a packet coming from the correct interface, which really matters for 
+     a DHCP server */
+  strcpy(ifr.ifr_name, argv[1]);
+  if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1)
+    {
+      perror("cannot setup interface");
+      exit(1);
+    }
+  
+  
+  lease.s_addr = inet_addr(argv[2]);
+  server = find_interface(lease, nl, if_nametoindex(argv[1]));
+  
+  memset(&packet, 0, sizeof(packet));
+ 
+  packet.hlen = parse_hex(argv[3], packet.chaddr, DHCP_CHADDR_MAX, &mac_type);
+  if (mac_type == 0)
+    packet.htype = ARPHRD_ETHER;
+  else
+    packet.htype = mac_type;
+
+  packet.op = BOOTREQUEST;
+  packet.ciaddr = lease;
+  packet.cookie = htonl(DHCP_COOKIE);
+
+  *(p++) = OPTION_MESSAGE_TYPE;
+  *(p++) = 1;
+  *(p++) = DHCPRELEASE;
+
+  *(p++) = OPTION_SERVER_IDENTIFIER;
+  *(p++) = sizeof(server);
+  memcpy(p, &server, sizeof(server));
+  p += sizeof(server);
+
+  if (argc == 5 && strcmp(argv[4], "*") != 0)
+    {
+      unsigned int clid_len = parse_hex(argv[4], p+2, 255, NULL);
+      *(p++) = OPTION_CLIENT_ID;
+      *(p++) = clid_len;
+      p += clid_len;
+    }
+  
+  *(p++) = OPTION_END;
+ 
+  dest.sin_family = AF_INET;
+  dest.sin_port = ntohs(DHCP_SERVER_PORT);
+  dest.sin_addr = server;
+
+  if (sendto(fd, &packet, sizeof(packet), 0, 
+	     (struct sockaddr *)&dest, sizeof(dest)) == -1)
+    {
+      perror("sendto failed");
+      exit(1);
+    }
+
+  return 0;
+}

contrib/wrt/lease_update.sh

@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# Copyright (c) 2006 Simon Kelley
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; version 2 dated June, 1991.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+
+
+# if $1 is add del or old, this is a dnsmasq-called lease-change
+# script, update the nvram database. if $1 is init, emit a 
+# dnsmasq-format lease file to stdout representing the current state of the 
+# database, this is called by dnsmasq at startup.
+
+NVRAM=/usr/sbin/nvram
+PREFIX=dnsmasq_lease_
+
+# Arguments.
+# $1 is action (add, del, old)
+# $2 is MAC 
+# $3 is address
+# $4 is hostname (optional, may be unset)
+
+# env.
+# DNSMASQ_LEASE_LENGTH or DNSMASQ_LEASE_EXPIRES (which depends on HAVE_BROKEN_RTC)
+# DNSMASQ_CLIENT_ID (optional, may be unset)
+
+# File.
+# length|expires MAC addr hostname|* CLID|* 
+
+# Primary key is address.
+
+if [ ${1} = init ] ; then
+     ${NVRAM} show | sed -n -e "/^${PREFIX}.*/ s/^.*=//p"
+else
+     if [ ${1} = del ] ; then
+          ${NVRAM} unset ${PREFIX}${3}
+     fi
+
+     if [ ${1} = old ] || [ ${1} = add ] ; then
+          ${NVRAM} set ${PREFIX}${3}="${DNSMASQ_LEASE_LENGTH:-}${DNSMASQ_LEASE_EXPIRES:-} ${2} ${3} ${4:-*} ${DNSMASQ_CLIENT_ID:-*}"
+     fi
+     ${NVRAM} commit
+fi
+
+
+
+
+ 

dbus/DBus-interface

@@ -0,0 +1,94 @@
+DBus support must be enabled at compile-time and run-time. Ensure 
+that src/config.h contains the line
+
+#define HAVE_DBUS.
+
+and that /etc/dnsmasq.conf contains the line
+
+enable-dbus
+
+Because dnsmasq can operate stand-alone from the DBus, and may need to provide
+service before the dbus daemon is available, it will continue to run
+if the DBus connection is not available at startup. The DBus will be polled 
+every 250ms until a connection is established. Start of polling and final
+connection establishment are both logged. When dnsmasq establishes a
+connection to the dbus, it sends the signal "Up". Anything controlling
+the server settings in dnsmasq should re-invoke the SetServers method
+(q.v.) when it sees this signal. This allows dnsmasq to be restarted
+and avoids startup races with the provider of nameserver information.
+
+
+Dnsmasq provides one service on the DBus: uk.org.thekelleys.dnsmasq
+and a single object: /uk/org/thekelleys/dnsmasq
+
+Methods are of the form
+
+uk.org.thekelleys.<method>
+
+Available methods are:
+
+GetVersion
+----------
+Returns a string containing the version of dnsmasq running.
+
+ClearCache
+----------
+Returns nothing. Clears the domain name cache and re-reads
+/etc/hosts. The same as sending dnsmasq a HUP signal.
+
+SetServers
+----------
+Returns nothing. Takes a set of arguments representing the new
+upstream DNS servers to be used by dnsmasq. IPv4 addresses are
+represented as a UINT32 (in network byte order) and IPv6 addresses
+are represented as sixteen BYTEs (since there is no UINT128 type).
+Each server address may be followed by one or more STRINGS, which are
+the domains for which the preceding server should be used.
+
+Examples.
+
+UINT32: <address1>
+UNIT32: <address2>
+
+is equivalent to
+
+--server=<address1> --server=<address2>
+
+
+UINT32 <address1>
+UINT32 <address2>
+STRING "somedomain.com"
+
+is equivalent to
+
+--server=<address1> --server=/somedomain.com/<address2> 
+
+UINT32 <address1>
+UINT32 <address2>
+STRING "somedomain.com"
+UINT32 <address3>
+STRING "anotherdomain.com"
+STRING "thirddomain.com"
+
+is equivalent to
+
+--server=<address1> 
+--server=/somedomain.com/<address2> 
+--server=/anotherdomain.com/thirddomain.com/<address3>
+
+Am IPv4 address of 0.0.0.0 is interpreted as "no address, local only",
+so
+
+UINT32: <0.0.0.0>
+STRING  "local.domain"
+
+is equivalent to
+
+--local=/local.domain/
+
+
+Each call to SetServers completely replaces the set of servers
+specified by via the DBus, but it leaves any servers specified via the
+command line or /etc/dnsmasq.conf or /etc/resolv.conf alone.
+
+

dbus/dnsmasq.conf

@@ -0,0 +1,16 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+	<policy user="root">
+		<allow own="uk.org.thekelleys.dnsmasq"/>
+		<allow send_destination="uk.org.thekelleys.dnsmasq"/>
+                <allow send_interface="uk.org.thekelleys.dnsmasq"/>
+	</policy>
+	<policy context="default">
+                <deny own="uk.org.thekelleys.dnsmasq"/>
+                <deny send_destination="uk.org.thekelleys.dnsmasq"/>
+                <deny send_interface="uk.org.thekelleys.dnsmasq"/>
+        </policy>
+</busconfig>
+

dnsmasq-rh.spec

@@ -1,132 +0,0 @@
-###############################################################################
-#
-# General mumbojumbo
-#
-###############################################################################
-
-Name: dnsmasq
-Version: 2.17
-Release: 1
-Copyright: GPL
-Group: System Environment/Daemons
-Vendor: Simon Kelley
-Packager: Simon Kelley
-Distribution: Red Hat Linux
-URL: http://www.thekelleys.org.uk/dnsmasq
-Source0: %{name}-%{version}.tar.gz
-Requires: chkconfig
-BuildRoot: /var/tmp/%{name}-%{version}
-Summary: A lightweight caching nameserver
-
-%description
-Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It 
-is designed to provide DNS and, optionally, DHCP, to a small network. It can
-serve the names of local machines which are not in the global DNS. The DHCP 
-server integrates with the DNS server and allows machines with DHCP-allocated
-addresses to appear in the DNS with names configured either in each host or 
-in a central configuration file. Dnsmasq supports static and dynamic DHCP 
-leases and BOOTP for network booting of diskless machines.
-
-
-
-###############################################################################
-#
-# Build
-#
-###############################################################################
-
-%prep
-%setup -q
-%build
-make
-
-
-###############################################################################
-#
-# Install
-#
-###############################################################################
-
-%install
-rm -rf $RPM_BUILD_ROOT
-
-mkdir -p -m 755 $RPM_BUILD_ROOT/usr/sbin
-mkdir -p -m 755 $RPM_BUILD_ROOT/etc/rc.d/init.d
-mkdir -p -m 755 $RPM_BUILD_ROOT/usr/share/man/man8
-
-cp rpm/dnsmasq.rh $RPM_BUILD_ROOT/etc/rc.d/init.d/dnsmasq
-strip src/dnsmasq
-cp src/dnsmasq $RPM_BUILD_ROOT/usr/sbin
-cp dnsmasq.8 $RPM_BUILD_ROOT/usr/share/man/man8
-cp dnsmasq.conf.example $RPM_BUILD_ROOT/etc/dnsmasq.conf
-
-###############################################################################
-#
-# Clean up
-#
-###############################################################################
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
-###############################################################################
-#
-# Post-install scriptlet
-#
-###############################################################################
-
-%post
-/sbin/chkconfig --add dnsmasq
-
-
-###############################################################################
-#
-# Pre-uninstall scriptlet
-#
-# If there's a time when your package needs to have one last look around before
-# the user erases it, the place to do it is in the %preun script. Anything that
-# a package needs to do immediately prior to RPM taking any action to erase the
-# package, can be done here.
-#
-###############################################################################
-
-%preun
-if [ $1 = 0 ]; then     # execute this only if we are NOT doing an upgrade
-    service dnsmasq stop >/dev/null 2>&1
-    /sbin/chkconfig --del dnsmasq
-fi
-
-
-###############################################################################
-#
-# Post-uninstall scriptlet
-#
-# The %postun script executes after the package has been removed. It is the
-# last chance for a package to clean up after itself.
-#
-###############################################################################
-
-%postun
-if [ "$1" -ge "1" ]; then
-    service dnsmasq restart >/dev/null 2>&1
-fi
-
-
-###############################################################################
-#
-# File list
-#
-###############################################################################
-
-%files
-%defattr(-,root,root)
-%doc CHANGELOG COPYING FAQ doc.html setup.html UPGRADING_to_2.0
-%config /etc/rc.d/init.d/dnsmasq 
-%config /etc/dnsmasq.conf
-%attr(0755,root,root) /etc/rc.d/init.d/dnsmasq
-%attr(0664,root,root) /etc/dnsmasq.conf
-%attr(0755,root,root) /usr/sbin/dnsmasq
-%attr(0644,root,root) /usr/share/man/man8/dnsmasq*
-
-

dnsmasq.conf.example

@@ -4,34 +4,28 @@
 # as the long options legal on the command line. See
 # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
 
-# Change these lines if you want dnsmasq to serve MX records.
-# Only one of mx-host and mx-target need be set, the other defaults
-# to the name of the host  running dnsmasq.
-#mx-host=
-#mx-target=
-#selfmx
-#localmx
-
-# The following two options make you a better netizen, since they 
+# The following two options make you a better netizen, since they
 # tell dnsmasq to filter out queries which the public DNS cannot
-# answer, and which load the servers (especially the root servers) 
+# answer, and which load the servers (especially the root servers)
 # uneccessarily. If you have a dial-on-demand link they also stop
 # these requests from bringing up the link uneccessarily.
 
-# Never forward plain names (with a dot or domain part)
-domain-needed
+# Never forward plain names (without a dot or domain part)
+#domain-needed
 # Never forward addresses in the non-routed address spaces.
-bogus-priv
+#bogus-priv
 
 
 # Uncomment this to filter useless windows-originated DNS requests
 # which can trigger dial-on-demand links needlessly.
-# Note that (amongst other things) this blocks all SRV requests, 
+# Note that (amongst other things) this blocks all SRV requests,
 # so don't use it if you use eg Kerberos.
+# This option only affects forwarding, SRV records originating for
+# dnsmasq (via srv-host= lines) are not suppressed by it.
 #filterwin2k
 
 # Change this line if you want dns to get its upstream servers from
-# somewhere other that /etc/resolv.conf 
+# somewhere other that /etc/resolv.conf
 #resolv-file=
 
 # By  default,  dnsmasq  will  send queries to any of the upstream
@@ -42,7 +36,7 @@ bogus-priv
 #strict-order
 
 # If you don't want dnsmasq to read /etc/resolv.conf or any other
-# file, getting its servers for this file instead (see below), then
+# file, getting its servers from this file instead (see below), then
 # uncomment this
 #no-resolv
 
@@ -50,7 +44,7 @@ bogus-priv
 # files for changes and re-read them then uncomment this.
 #no-poll
 
-# Add other name servers here, with domain specs if they are for 
+# Add other name servers here, with domain specs if they are for
 # non-public domains.
 #server=/localnet/192.168.0.1
 
@@ -63,14 +57,14 @@ bogus-priv
 # webserver.
 #address=/doubleclick.net/127.0.0.1
 
-# You no longer (as of version 1.7) need to set these to enable 
-# dnsmasq to read /etc/ppp/resolv.conf since dnsmasq now uses the
-# "dip" group to achieve this.
+# If you want dnsmasq to change uid and gid to something other
+# than the default, edit the following lines.
 #user=
 #group=
 
-# If you want dnsmasq to listen for requests only on specified interfaces
-# (and the loopback) give the name of the interface (eg eth0) here. 
+# If you want dnsmasq to listen for DHCP and DNS requests only on
+# specified interfaces (and the loopback) give the name of the
+# interface (eg eth0) here.
 # Repeat the line for more than one interface.
 #interface=
 # Or you can specify which interface _not_ to listen on
@@ -78,15 +72,19 @@ bogus-priv
 # Or which to listen on by address (remember to include 127.0.0.1 if
 # you use this.)
 #listen-address=
+# If you want dnsmasq to provide only DNS service on an interface,
+# configure it as shown above, and then use the following line to
+# disable DHCP on it.
+#no-dhcp-interface=
 
 # On systems which support it, dnsmasq binds the wildcard address,
 # even when it is listening on only some interfaces. It then discards
-# requests that it shouldn't reply to. This has the advantage of 
+# requests that it shouldn't reply to. This has the advantage of
 # working even when interfaces come and go and change address. If you
 # want dnsmasq to really bind only the interfaces it is listening on,
-# uncomment this option. About the only time you may need this is when 
+# uncomment this option. About the only time you may need this is when
 # running another nameserver on the same machine.
-#bind-interfaces 
+#bind-interfaces
 
 # If you don't want dnsmasq to read /etc/hosts, uncomment the
 # following line.
@@ -107,16 +105,16 @@ bogus-priv
 #    domain of all systems configured by DHCP
 # 3) Provides the domain part for "expand-hosts"
 #domain=thekelleys.org.uk
-  
+
 # Uncomment this to enable the integrated DHCP server, you need
-# to supply the range of addresses available for lease and optionally 
+# to supply the range of addresses available for lease and optionally
 # a lease time. If you have more than one network, you will need to
 # repeat this for each network on which you want to supply DHCP
 # service.
 #dhcp-range=192.168.0.50,192.168.0.150,12h
 
 # This is an example of a DHCP range where the netmask is given. This
-# is needed for networks we reach the dnsmasq DHCP server via a relay 
+# is needed for networks we reach the dnsmasq DHCP server via a relay
 # agent. If you don't know what a DHCP relay agent is, you probably
 # don't need to worry about this.
 #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
@@ -131,7 +129,7 @@ bogus-priv
 # need to be on the same network. The order of the parameters in these
 # do not matter, it's permissble to give name,adddress and MAC in any order
 
-# Always allocate the host with ethernet address 11:22:33:44:55:66 
+# Always allocate the host with ethernet address 11:22:33:44:55:66
 # The IP address 192.168.0.60
 #dhcp-host=11:22:33:44:55:66,192.168.0.60
 
@@ -147,7 +145,7 @@ bogus-priv
 # 192.168.0.70 and an infinite lease
 #dhcp-host=bert,192.168.0.70,infinite
 
-# Always give the host with client identifier 01:02:02:04 
+# Always give the host with client identifier 01:02:02:04
 # the IP address 192.168.0.60
 #dhcp-host=id:01:02:02:04,192.168.0.60
 
@@ -160,28 +158,36 @@ bogus-priv
 # it asks for a DHCP lease.
 #dhcp-host=judge
 
-# Never offer DHCP service to a machine whose ethernet 
+# Never offer DHCP service to a machine whose ethernet
 # address is 11:22:33:44:55:66
 #dhcp-host=11:22:33:44:55:66,ignore
 
 # Ignore any client-id presented by the machine with ethernet
-# address 11:22:33:44:55:66. This is useful to prevent a machine 
+# address 11:22:33:44:55:66. This is useful to prevent a machine
 # being treated differently when running under different OS's or
 # between PXE boot and OS boot.
 #dhcp-host=11:22:33:44:55:66,id:*
 
-# Send extra options which are tagged as "red" to 
+# Send extra options which are tagged as "red" to
 # the machine with ethernet address 11:22:33:44:55:66
 #dhcp-host=11:22:33:44:55:66,net:red
 
+# Send extra options which are tagged as "red" to
+# any machine with ethernet address starting 11:22:33:
+#dhcp-host=11:22:33:*:*:*,net:red
+
 # Send extra options which are tagged as "red" to any machine whose
 # DHCP vendorclass string includes the substring "Linux"
 #dhcp-vendorclass=red,Linux
 
-# Send extra options which are tagged as "red" to any machine one 
+# Send extra options which are tagged as "red" to any machine one
 # of whose DHCP userclass strings includes the substring "accounts"
 #dhcp-userclass=red,accounts
 
+# Send extra options which are tagged as "red" to any machine whose
+# MAC address matches the pattern.
+#dhcp-mac=red,00:60:8C:*:*:*
+
 # If this line is uncommented, dnsmasq will read /etc/ethers and act
 # on the ethernet-address/IP pairs found there just as if they had
 # been given as --dhcp-host options. Useful if you keep
@@ -202,10 +208,14 @@ bogus-priv
 # DNS server - 6
 # broadcast address - 28
 
+# Override the default route supplied by dnsmasq, which assumes the
+# router is the same machine as the one running dnsmasq.
+#dhcp-option=3,1.2.3.4
+
 # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
 #dhcp-option=42,192.168.0.4,10.10.0.5
 
-# Set the NTP time server address to be the same machine as 
+# Set the NTP time server address to be the same machine as
 # is running dnsmasq
 #dhcp-option=42,0.0.0.0
 
@@ -222,17 +232,17 @@ bogus-priv
 #dhcp-option=128,e4:45:74:68:00:00
 #dhcp-option=129,NIC=eepro100
 
-# Specify an option which will only be sent to the "red" network 
+# Specify an option which will only be sent to the "red" network
 # (see dhcp-range for the declaration of the "red" network)
 #dhcp-option=red,42,192.168.1.1
 
 # The following DHCP options set up dnsmasq in the same way as is specified
-# for the ISC dhcpcd in 
+# for the ISC dhcpcd in
 # http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
 # adapted for a typical dnsmasq installation where the host running
 # dnsmasq is also the host running samba.
 # you may want to uncomment them if you use Windows clients and Samba.
-#dhcp-option=19,0           # option ip-forwarding off 
+#dhcp-option=19,0           # option ip-forwarding off
 #dhcp-option=44,0.0.0.0     # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
 #dhcp-option=45,0.0.0.0     # netbios datagram distribution server
 #dhcp-option=46,8           # netbios node type
@@ -240,7 +250,17 @@ bogus-priv
 
 # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
 # probably doesn't support this......
-#dhcp-option=119,eng.apple.com,marketing.apple.com 
+#dhcp-option=119,eng.apple.com,marketing.apple.com
+
+# Send RFC-3442 classless static routes (note the netmask encoding)
+#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
+
+# Send encapsulated vendor-class specific options. The vendor-class
+# is sent as DHCP option 60, and all the options marked with the
+# vendor class are send encapsulated in DHCP option 43. The meaning of
+# the options is defined by the vendor-class. This example sets the
+# mtftp address to 0.0.0.0 for PXEClients
+#dhcp-option=vendor:PXEClient,1,0.0.0.0
 
 # Set the boot filename and tftpd server name and address
 # for BOOTP. You will only need this is you want to
@@ -255,16 +275,22 @@ bogus-priv
 # the line below.
 #dhcp-leasefile=/var/lib/misc/dnsmasq.leases
 
-# Set the DHCP server to authoritative mode. In this mode it will barge in 
-# and take over the lease for any client which broadcasts on the network, 
+# Set the DHCP server to authoritative mode. In this mode it will barge in
+# and take over the lease for any client which broadcasts on the network,
 # whether it has a record of the lease or not. This avoids long timeouts
-# when a machine wakes up on a new network. DO NOT enable this if there's 
+# when a machine wakes up on a new network. DO NOT enable this if there's
 # the slighest chance that you might end up accidentally configuring a DHCP
 # server for your campus/company accidentally. The ISC server uses the same
 # the same option, and this URL provides more information:
 # http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
 #dhcp-authoritative
 
+# Run an executable when a DHCP lease is created or destroyed.
+# The arguments sent to the script are "add" or "del", 
+# then the MAC address, the IP address and finally the hostname
+# if there is one. 
+#dhcp-script=/bin/echo
+
 # Set the cachesize here.
 #cache-size=150
 
@@ -273,8 +299,8 @@ bogus-priv
 
 # Normally responses which come form /etc/hosts and the DHCP lease
 # file have Time-To-Live set as zero, which conventionally means
-# do not cache further. If you are happy to trade lower load on the 
-# server for potentially stale date, you can set a time-to-live (in 
+# do not cache further. If you are happy to trade lower load on the
+# server for potentially stale date, you can set a time-to-live (in
 # seconds) here.
 #local-ttl=
 
@@ -292,14 +318,68 @@ bogus-priv
 # and this maps 1.2.3.x to 5.6.7.x
 #alias=1.2.3.0,5.6.7.0,255.255.255.0
 
+
+# Change these lines if you want dnsmasq to serve MX records.
+
+# Return an MX record named "maildomain.com" with target
+# servermachine.com and preference 50
+#mx-host=maildomain.com,servermachine.com,50
+
+# Set the default target for MX records created using the localmx option.
+#mx-target=servermachine.com
+
+# Return an MX record pointing to the mx-target for all local
+# machines.
+#localmx
+
+# Return an MX record pointing to itself for all local machines.
+#selfmx
+
+# Change the following lines if you want dnsmasq to serve SRV
+# records.  These are useful if you want to serve ldap requests for
+# Active Directory and other windows-originated DNS requests.
+# See RFC 2782.
+# You may add multiple srv-host lines.
+# The fields are <name>,<target>,<port>,<priority>,<weight>
+# If the domain part if missing from the name (so that is just has the
+# service and protocol sections) then the domain given by the domain=
+# config option is used. (Note that expand-hosts does not need to be
+# set for this to work.)
+
+# A SRV record sending LDAP for the example.com domain to
+# ldapserver.example.com port 289
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
+
+# A SRV record sending LDAP for the example.com domain to
+# ldapserver.example.com port 289 (using domain=)
+#domain=example.com
+#srv-host=_ldap._tcp,ldapserver.example.com,389
+
+# Two SRV records for LDAP, each with different priorities
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
+
+# A SRV record indicating that there is no LDAP server for the domain
+# example.com
+#srv-host=_ldap._tcp.example.com
+
+
+# Change the following lines to enable dnsmasq to serve TXT records.
+# These are used for things like SPF and zeroconf. (Note that the
+# domain-name expansion done for SRV records _does_not
+# occur for TXT records.)
+
+#Example SPF.
+#txt-record=example.com,v=spf1 a -all
+
+#Example zeroconf
+#txt-record=_http._tcp.example.com,name=value,paper=A4
+
+
 # For debugging purposes, log each DNS query as it passes through
 # dnsmasq.
 #log-queries
 
 # Include a another lot of configuration options.
 #conf-file=/etc/dnsmasq.more.conf
- 
- 
-
-
-
+#conf-dir=/etc/dnsmasq.d

doc.html

@@ -4,7 +4,7 @@
 </HEAD>
 <BODY BGCOLOR="WHITE"> 
 <H1 ALIGN=center>Dnsmasq</H1> 
-Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP
+Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
  server. It is designed to provide DNS and, optionally, DHCP, to a 
  small network. It can serve the names of local machines which are 
  not in the global DNS. The DHCP server integrates with the DNS 
@@ -21,10 +21,11 @@ resource use and ease of configuration are important.
 Supported platforms include Linux (with glibc and uclibc), *BSD and
 Mac OS X.
 Dnsmasq is included in at least the following Linux distributions:
-Gentoo, Debian, Slackware, Suse, 
-Smoothwall, IP-Cop, floppyfw, Firebox, LEAF, Freesco, CoyoteLinux and
-Clarkconnect. It is also available as a FreeBSD port and is used in
-Linksys wireless routers and the m0n0wall project.
+Gentoo, Debian, Slackware, Suse, Fedora,
+Smoothwall, IP-Cop, floppyfw, Firebox, LEAF, Freesco, fli4l,
+CoyoteLinux, Endian Firewall and
+Clarkconnect. It is also available as FreeBSD, OpenBSD and NetBSD ports and is used in
+Linksys wireless routers (dd-wrt, openwrt and the stock firmware) and the m0n0wall project.
 <P>
 Dnsmasq provides the following features:
 <DIR>
@@ -73,7 +74,7 @@ upstream servers handling only those domains. This makes integration
 with private DNS systems easy.
 </LI>
 <LI>
-Dnsmasq supports MX records and can be configured to return MX records
+Dnsmasq supports MX and SRV records and can be configured to return MX records
 for any or all local machines.
 </LI>
 </DIR>
@@ -81,34 +82,18 @@ for any or all local machines.
 <H2>Download.</H2>
 
 <A HREF="http://www.thekelleys.org.uk/dnsmasq/"> Download</A> dnsmasq here. 
-The tarball includes this documentation, source, manpage and control files for building .rpms.
-There are also pre-built i386 .rpms, and a 
-<A HREF="CHANGELOG"> CHANGELOG</A>.
+The tarball includes this documentation, source, and manpage.
+There is also a <A HREF="CHANGELOG"> CHANGELOG</A>.
 Dnsmasq is part of the Debian distribution, it can be downloaded from 
 <A HREF="http://ftp.debian.org/debian/pool/main/d/dnsmasq/"> here</A> or installed using <TT>apt</TT>.
 
-
-<H2>Building rpms.</H2>
-Assuming you have the relevant tools installed, you can rebuild .rpms simply by running (as root)
-
-<PRE>
-rpmbuild -ta dnsmasq-xxx.tar.gz
-</PRE>
-
-Note for Suse users: you will need to re-compress the tar file as
-bzip2 before building using the commands
-<PRE>
-gunzip dnsmasq-xxx.tar.gz
-bzip2 dnsmasq-zzz.tar
-</PRE>
-
 <H2>Links.</H2>
-Ulrich Ivens has a nice HOWTO in German on installing dnsmasq at <A
-HREF="http://howto.linux-hardware-shop.de/dnsmasq.html">http://howto.linux-hardware-shop.de/dnsmasq.html</A>
+There is an article in German on dnsmasq at <A
+HREF="http://www.linuxnetmag.com/de/issue7/m7dnsmasq1.html">http://www.linuxnetmag.com/de/issue7/m7dnsmasq1.html</A>
 and Damien Raude-Morvan has one in French at <A HREF="http://www.drazzib.com/docs-dnsmasq.html">http://www.drazzib.com/docs-dnsmasq.html</A>
 There is a good article about dnsmasq at <A
 HREF="http://www.enterprisenetworkingplanet.com/netos/article.php/3377351">http://www.enterprisenetworkingplanet.com/netos/article.php/3377351</A>
-
+and Ilya Evseev has an article in Russian about dnsmasq to be found at <A HREF="http://ilya-evseev.narod.ru/articles/dnsmasq"> http://ilya-evseev.narod.ru/articles/dnsmasq</A>
 <H2>License.</H2>
 Dnsmasq is distributed under the GPL. See the file COPYING in the distribution 
 for details.

hosts

@@ -0,0 +1,2 @@
+127.0.0.1 host1.domain
+

man/dnsmasq.8

@@ -48,7 +48,8 @@ data under some circumstances.
 .TP
 .B \-k, --keep-in-foreground
 Do not go into the background at startup but otherwise run as
-normal. This is intended for use when dnsmasq is run under daemontools.
+normal. This is intended for use when dnsmasq is run under daemontools
+or launchd.
 .TP
 .B \-d, --no-daemon
 Debug mode: don't fork to the background, don't write a pid file,
@@ -59,12 +60,16 @@ to handle TCP queries.
 .B \-q, --log-queries
 Log the results of DNS queries handled by dnsmasq. Enable a full cache dump on receipt of SIGUSR1.
 .TP
+.B \-8, --log-facility=<facility>
+Set the facility to which dnsmasq will send syslog entries, this
+defaults to DAEMON, and to LOCAL0 when debug mode is in operation.
+.TP
 .B \-x, --pid-file=<path>
 Specify an alternate path for dnsmasq to record its process-id in. Normally /var/run/dnsmasq.pid.
 .TP
 .B \-u, --user=<username>
 Specify the userid to which dnsmasq will change after startup. Dnsmasq must normally be started as root, but it will drop root 
-priviledges after startup by changing id to another user. Normally this user is "nobody" but that 
+privileges after startup by changing id to another user. Normally this user is "nobody" but that 
 can be over-ridden with this switch.
 .TP
 .B \-g, --group=<groupname> 
@@ -101,14 +106,11 @@ or
 options are given dnsmasq listens on all available interfaces except any
 given in
 .B \--except-interface
-options. If IP alias interfaces (eg "eth1:0") are used with
+options. IP alias interfaces (eg "eth1:0") cannot be used with
 .B --interface
 or
 .B --except-interface
-options, then the 
-.B --bind-interfaces 
-option will be automatically set. This is required for deeply boring
-sockets-API reasons. 
+options, use --listen-address instead. 
 .TP
 .B \-I, --except-interface=<interface name>
 Do not listen on the specified interface. Note that the order of
@@ -120,6 +122,9 @@ options does not matter and that
 .B --except-interface
 options always override the others.
 .TP 
+.B \-2, --no-dhcp-interface=<interface name>
+Do not provide DHCP on the specified interface, but do provide DNS service.
+.TP
 .B \-a, --listen-address=<ipaddr>
 Listen on the given IP address(es). Both 
 .B \--interface
@@ -143,11 +148,19 @@ requests that it shouldn't reply to. This has the advantage of
 working even when interfaces come and go and change address. This
 option forces dnsmasq to really bind only the interfaces it is
 listening on. About the only time when this is useful is when 
-running another nameserver on the same machine or using IP
-alias. Specifying interfaces with IP alias automatically turns this
-option on. Note that this only applies to the DNS part of dnsmasq, the
-DHCP server always binds the wildcard address in order to receive
-broadcast packets.
+running another nameserver (or another instance of dnsmasq) on the
+same machine. Setting this option also enables multiple instances of
+dnsmasq which provide DHCP service to run in the same machine.
+.TP
+.B \-y, --localise-queries
+Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was
+received. If a name in /etc/hosts has more than one address associated with
+it, and at least one of those addresses is on the same subnet as the
+interface to which the query was sent, then return only the
+address(es) on that subnet. This allows for a server  to have multiple
+addresses in /etc/hosts corresponding to each of its interfaces, and
+hosts will get the correct address based on which network they are
+attached to. Currently this facility is limited to IPv4.
 .TP
 .B \-b, --bogus-priv
 Bogus private reverse lookups. All reverse lookups for private IP ranges (ie 192.168.x.x, etc)
@@ -165,11 +178,11 @@ Cisco PIX routers call "DNS doctoring".
 .B \-B, --bogus-nxdomain=<ipaddr>
 Transform replies which contain the IP address given into "No such
 domain" replies. This is intended to counteract a devious move made by
-Versign in September 2003 when they started returning the address of
+Verisign in September 2003 when they started returning the address of
 an advertising web page in response to queries for unregistered names,
 instead of the correct NXDOMAIN response. This option tells dnsmasq to
 fake the correct response when it sees this behaviour. As at Sept 2003
-the IP address being returnd by Verisign is 64.94.110.11
+the IP address being returned by Verisign is 64.94.110.11
 .TP
 .B \-f, --filterwin2k
 Later versions of windows make periodic DNS requests which don't get sensible answers from
@@ -191,6 +204,12 @@ time is the one used.
 Don't read /etc/resolv.conf. Get upstream servers only from the command
 line or the dnsmasq configuration file.
 .TP
+.B \-1, --enable-dbus
+Allow dnsmasq configuration to be updated via DBus method calls. The
+configuration which can be changed is upstream DNS servers (and
+corresponding domains) and cache clear. Requires that dnsmasq has
+been built with DBus support.
+.TP 
 .B \-o, --strict-order
 By default, dnsmasq will send queries to any of the upstream servers
 it knows about and tries to favour servers to are known to
@@ -200,13 +219,18 @@ server strictly in the order they appear in /etc/resolv.conf
 .B \-n, --no-poll
 Don't poll /etc/resolv.conf for changes.
 .TP
+.B --clear-on-reload
+Whenever /etc/resolv.conf is re-read, clear the DNS cache.
+This is useful when new nameservers may have different
+data than that held in cache.
+.TP
 .B \-D, --domain-needed
 Tells dnsmasq to never forward queries for plain names, without dots
-or domain parts, to upstream nameservers. If the name is not knowm
+or domain parts, to upstream nameservers. If the name is not known
 from /etc/hosts or DHCP then a "not found" answer is returned.
 .TP
 .B \-S, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source>[#<port>]]]
-Specify IP address of upsream severs directly. Setting this flag does
+Specify IP address of upstream severs directly. Setting this flag does
 not suppress reading of /etc/resolv.conf, use -R to do that. If one or
 more 
 optional domains are given, that server is used only for those domains
@@ -258,18 +282,20 @@ additional facility that /#/ matches any domain. Thus
 answered from /etc/hosts or DHCP and not sent to an upstream
 nameserver by a more specific --server directive.
 .TP
-.B \-m, --mx-host=<mx name>[,<hostname>]
+.B \-m, --mx-host=<mx name>[[,<hostname>],<preference>]
 Return an MX record named <mx name> pointing to the given hostname (if
 given), or
 the host specified in the --mx-target switch
 or, if that switch is not given, the host on which dnsmasq 
-is running. This is useful for directing mail from systems on a LAN
-to a central server.
+is running. The default is useful for directing mail from systems on a LAN
+to a central server. The preference value is optional, and defaults to
+1 if not given. More than one MX record may be given for a host.
 .TP 
 .B \-t, --mx-target=<hostname>
-Specify target for the MX record returned by dnsmasq. See --mx-host. Note that to turn on the MX function, 
-at least one of --mx-host and --mx-target must be set. If only one of --mx-host and --mx-target 
-is set, the other defaults to the hostname of the machine on which dnsmasq is running.
+Specify the default target for the MX record returned by dnsmasq. See
+--mx-host.  If --mx-target is given, but not --mx-host, then dnsmasq
+returns a MX record containing the MX target for MX queries on the 
+hostname of the machine on which dnsmasq is running.
 .TP
 .B \-e, --selfmx
 Return an MX record pointing to itself for each local
@@ -281,6 +307,21 @@ machine on which dnsmasq is running) for each
 local machine. Local machines are those in /etc/hosts or with DHCP
 leases.
 .TP
+.B \-W, --srv-host=<_service>.<_prot>.[<domain>],[<target>[,<port>[,<priority>[,<weight>]]]]
+Return a SRV DNS record. See RFC2782 for details. If not supplied, the
+domain defaults to that given by
+.B --domain.
+The default for the target domain is empty, and the default for port
+is one and the defaults for 
+weight and priority are zero. Be careful if transposing data from BIND
+zone files: the port, weight and priority numbers are in a different
+order. More than one SRV record for a given service/domain is allowed,
+all that match are returned.
+.TP
+.B \-Y, --txt-record=<name>[[,<text>],<text>]
+Return a TXT DNS record. The value of TXT record is a set of strings,
+so  any number may be included, split by commas.
+.TP
 .B \-c, --cache-size=<cachesize>
 Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.
 .TP
@@ -290,27 +331,36 @@ Disable negative caching. Negative caching allows dnsmasq to remember
 identical queries without forwarding them again. This flag disables
 negative caching.
 .TP
-.B \-F, --dhcp-range=[network-id,]<start-addr>,<end-addr>[[,<netmask>],<broadcast>][,<default lease time>]
+.B \-0, --dns-forward-max=<queries>
+Set the maximum number of concurrent DNS queries. The default value is
+150, which should be fine for most setups. The only known situation
+where this needs to be increased is when using web-server log file
+resolvers, which can generate large numbers of concurrent queries.
+.TP
+.B \-F, --dhcp-range=[[net:]network-id,]<start-addr>,<end-addr>[[,<netmask>],<broadcast>][,<default lease time>]
 Enable the DHCP server. Addresses will be given out from the range
 <start-addr> to <end-addr> and from statically defined addresses given
 in 
 .B dhcp-host
 options. If the lease time is given, then leases
-will be given for that length of time. The lease time is on seconds,
+will be given for that length of time. The lease time is in seconds,
 or minutes (eg 45m) or hours (eg 1h) or the literal "infinite". This
 option may be repeated, with different addresses, to enable DHCP
 service to more than one network. For directly connected networks (ie,
 networks on which the machine running dnsmasq has an interface) the
 netmask is optional. It is, however, required for networks which
-recieve DHCP service via a relay agent. The broadcast address is
+receive DHCP service via a relay agent. The broadcast address is
 always optional. On some broken systems, dnsmasq can listen on only
 one interface when using DHCP, and the name of that interface must be
 given using the
 .B interface
-option. This limitation currently affects OpenBSD. The optional
+option. This limitation currently affects OpenBSD before version 4.0. It is always
+allowed to have more than one dhcp-range in a single subnet. The optional
 network-id is a alphanumeric label which marks this network so that
-dhcp options may be specified on a per-network basis. The end address
-may be replaced by the keyword 
+dhcp options may be specified on a per-network basis. 
+When it is prefixed with 'net:' then its meaning changes from setting
+a tag to matching it. Only one tag may be set, but more than one tag may be matched.
+The end address may be replaced by the keyword 
 .B static
 which tells dnsmasq to enable DHCP for the network specified, but not
 to dynamically allocate IP addresses. Only hosts which have static
@@ -318,7 +368,7 @@ addresses given via
 .B dhcp-host
 or from /etc/ethers will be served.
 .TP
-.B \-G, --dhcp-host=[[<hwaddr>]|[id:[<client_id>][*]]][net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
+.B \-G, --dhcp-host=[[<hwaddr>]|[id:[<client_id>][*]]][,net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
 Specify per host parameters for the DHCP server. This allows a machine
 with a particular hardware address to be always allocated the same
 hostname, IP address and lease time. A hostname specified like this
@@ -328,7 +378,7 @@ which case the IP address and lease times will apply to any machine
 claiming that name. For example 
 .B --dhcp-host=00:20:e0:3b:13:af,wap,infinite 
 tells dnsmasq to give
-the machine with ethernet address 00:20:e0:3b:13:af the name wap, and
+the machine with hardware address 00:20:e0:3b:13:af the name wap, and
 an infinite DHCP lease. 
 .B --dhcp-host=lap,192.168.0.199 
 tells
@@ -354,9 +404,22 @@ instance
 .B --dhcp-host=00:20:e0:3b:13:af,ignore
 This is
 useful when there is another DHCP server on the network which should
-be used by some machines. The net:<network-id> parameter enables DHCP options just
-for this host in the same way as the the network-id in
-.B dhcp-range.
+be used by some machines. The net:<network-id> sets the network-id tag
+whenever this dhcp-host directive is in use.
+This can be used to selectively send DHCP options just
+for this host.
+Ethernet addresses (but not client-ids) may have
+wildcard bytes, so for example 
+.B --dhcp-host=00:20:e0:3b:13:*,ignore 
+will cause dnsmasq to ignore a range of hardware addresses. Note that
+the "*" will need to be escaped or quoted on a command line, but not
+in the configuration file. Hardware addresses normally match any
+network (ARP) type, but it is possible to restrict them to a single
+ARP type by preceding them with the ARP-type (in HEX) and "-". so 
+.B --dhcp-host=06-00:20:e0:3b:13:af,1.2.3.4 
+will only match a
+Token-Ring hardware address, since the ARP-address type for token ring
+is 6.
 .TP 
 .B \-Z, --read-ethers
 Read /etc/ethers for information about hosts for the DHCP server. The
@@ -366,28 +429,52 @@ have exactly the same effect as
 .B --dhcp-host
 options containing the same information.
 .TP
-.B \-O, --dhcp-option=[<network-id>,[<network-id>,]]<opt>,[<value>[,<value>]]
-Specfify different or extra options to DHCP clients. By default,
+.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][vendor:<vendor-class>]<opt>,[<value>[,<value>]]
+Specify different or extra options to DHCP clients. By default,
 dnsmasq sends some standard options to DHCP clients, the netmask and
 broadcast address are set to the same as the host running dnsmasq, and
 the DNS server and default route are set to the address of the machine
 running dnsmasq. If the domain name option has been set, that is sent.
 This option allows these defaults to be overridden,
 or other options specified. The <opt> is the number of the option, as
-specfied in RFC2132. For example, to set the default route option to 
+specified in RFC2132. For example, to set the default route option to 
 192.168.4.4, do 
 .B --dhcp-option=3,192.168.4.4
 and to set the time-server address to 192.168.0.4, do
 .B --dhcp-option=42,192.168.0.4
 The special address 0.0.0.0 is taken to mean "the address of the
-machine running dnsmasq". Data types allowed are comma seperated
-dotted-quad IP addresses, a decimal number, colon-seperated hex digits
+machine running dnsmasq". Data types allowed are comma separated
+dotted-quad IP addresses, a decimal number, colon-separated hex digits
 and a text string. If the optional network-ids are given then
 this option is only sent when all the network-ids are matched.
+
+Special processing is done on a text argument for option 119, to
+conform with RFC 3397, and dotted-quad IP addresses which are followed
+by a slash and then a netmask size are encoded as described in RFC
+3442.
+
 Be careful: no checking is done that the correct type of data for the
 option number is sent, it is quite possible to
 persuade dnsmasq to generate illegal DHCP packets with injudicious use
-of this flag.
+of this flag. When the value is a decimal number, dnsmasq must determine how 
+large the data item is. It does this by examining the option number and/or the
+value, but can be overridden by appending a single letter flag as follows:
+b = one byte, s = two bytes, i = four bytes. This is mainly useful with 
+encapsulated vendor class options (see below) where dnsmasq cannot
+determine data size from the  option number. Option data which
+consists solely of periods and digits will be interpreted by dnsmasq
+as an IP address, and inserted into an option as such. To force a
+literal string, use quotes. For instance when using option 66 to send
+a literal IP address as TFTP server name, it is necessary to do
+.B --dhcp-option=66,"1.2.3.4"
+
+Encapsulated Vendor-class options may also be specified using
+--dhcp-option: for instance 
+.B --dhcp-option=vendor:PXEClient,1,0.0.0.0
+sends the vendor class "PXEClient" and the encapsulated vendor class-specific option "mftp-address=0.0.0.0" Only one vendor class is allowed for any
+host, but multiple options are allowed, provided they all have
+the same vendor class. The address 0.0.0.0 is not treated specially in
+encapsulated vendor class options.
 .TP
 .B \-U, --dhcp-vendorclass=<network-id>,<vendor-class>
 Map from a vendor-class string to a network id. Most DHCP clients provide a 
@@ -410,7 +497,13 @@ to different classes of hosts. It is possible, for instance to use
 this to set a different printer server for hosts in the class
 "accounts" than for hosts in the class "engineering".
 .TP
-.B \ -J, --dhcp-ignore=<network-id>[,<network-id>]
+.B \-4, --dhcp-mac=<network-id>,<MAC address>
+Map from a MAC address to a network-id. The MAC address may include
+wildcards. For example
+.B --dhcp-mac=3com,01:34:23:*:*:*
+will set the tag "3com" for any host whose MAC address matches the pattern.
+.TP
+.B \-J, --dhcp-ignore=<network-id>[,<network-id>]
 When all the given network-ids match the set of network-ids derived
 from the net, host, vendor and user classes, ignore the host and do
 not allocate it a DHCP lease.
@@ -429,10 +522,25 @@ create thousands of leases and use lots of memory in the dnsmasq
 process.
 .TP
 .B \-K, --dhcp-authoritative
-Should be set when dnsmasq is definatively the only DHCP server on a network.
+Should be set when dnsmasq is definately the only DHCP server on a network.
 It changes the behaviour from strict RFC compliance so that DHCP requests on
 unknown leases from unknown hosts are not ignored. This allows new hosts
-to get a lease without a tedious timeout under all circumstances.
+to get a lease without a tedious timeout under all circumstances. It also 
+allows dnsmasq to rebuild its lease database without each client needing to 
+reaquire a lease, if the database is lost.
+.TP
+.B \-3, --bootp-dynamic
+Enable dynamic allocation of IP addresses to BOOTP clients. Use this
+with care, since each address allocated to a BOOTP client is leased
+forever, and therefore becomes permanently unavailable for re-use by
+other hosts.
+.TP
+.B \-5, --no-ping
+By default, the DHCP server will attempt to ensure that an address in
+not in use before allocating it to a host. It does this by sending an
+ICMP echo request (aka "ping") to the address in question. If it gets
+a reply, then the address must already be in use, and another is
+tried. This flag disables this check. Use with caution.
 .TP
 .B \-l, --dhcp-leasefile=<path>
 Use the specified file to store DHCP lease information. If this option
@@ -440,14 +548,66 @@ is given but no dhcp-range option is given then dnsmasq version 1
 behaviour is activated. The file given is assumed to be an ISC dhcpd
 lease file and parsed for leases which are then added to the DNS
 system if they have a hostname. This functionality may have been
-excluded from dnsmasq at compile time, in which case an error will occur.
+excluded from dnsmasq at compile time, in which case an error will
+occur. In any case note that ISC leasefile integration is a deprecated
+feature. It should not be used in new installations, and will be
+removed in a future release.
+.TP 
+.B \-6 --dhcp-script=<path>
+Whenever a new DHCP lease is created, or an old one destroyed, the
+binary specified by this option is run. The arguments to the process
+are "add", "old" or "del", the MAC
+address of the host (or "<null>"), the IP address, and the hostname,
+if known. "add" means a lease has been created, "del" means it has
+been destroyed, "old" is a notification of an existing lease when
+dnsmasq starts or a change to MAC address or hostname of an existing
+lease (also, lease length or expiry and client-id, if leasefile-ro is set).
+The process is run as root (assuming that dnsmasq was originally run as
+root) even if dnsmasq is configured to change UID to an unprivileged user.
+The environment is inherited from the invoker of dnsmasq, and if the
+host provided a client-id, this is stored in the environment variable
+DNSMASQ_CLIENT_ID. If the client provides vendor-class or user-class 
+information, these are provided in DNSMASQ_VENDOR_CLASS and 
+DNSMASQ_USER_CLASS0..DNSMASQ_USER_CLASSn variables, but only fory
+"add" actions or "old" actions when a host resumes an existing lease,
+since these data are not held in dnsmasq's lease
+database. If dnsmasq was compiled with HAVE_BROKEN_RTC, then
+the length of the lease (in seconds) is stored in
+DNSMASQ_LEASE_LENGTH, otherwise the time of lease expiry is stored in
+DNSMASQ_LEASE_EXPIRES. If a lease used to have a hostname, which is
+removed, an "old" event is generated with the new state of the lease, 
+ie no name, and the former name is provided in the environment 
+variable DNSMASQ_OLD_HOSTNAME.
+All file decriptors are
+closed except stdin, stdout and stderr which are open to /dev/null
+(except in debug mode).
+The script is not invoked concurrently: if subsequent lease 
+changes occur, the script is not invoked again until any existing 
+invokation exits. At dnsmasq startup, the script will be invoked for
+all existing leases as they are read from the lease file. Expired
+leases will be called with "del" and others with "old". <path>
+must be an absolute pathname, no PATH search occurs.
+.TP 
+.B \-9, --leasefile-ro
+Completely suppress use of the lease database file. The file will not
+be created, read, or written. Change the way the lease-change
+script (if one is provided) is called, so that the lease database may
+be maintained in external storage by the script. In addition to the
+invokations  given in 
+.B  --dhcp-script
+the lease-change script is called once, at dnsmasq startup, with the
+single argument "init". When called like this the script should write
+the saved state of the lease database, in dnsmasq leasefile format, to
+stdout and exit with zero exit code. Setting this
+option also forces the leasechange script to be called on changes
+to the client-id and lease length and expiry time.
 .TP
 .B \-s, --domain=<domain>
 Specifies the domain for the DHCP server. This has two effects;
 firstly it causes the DHCP server to return the domain to any hosts
 which request it, and secondly it sets the domain which it is legal
 for DHCP-configured hosts to claim. The intention is to constrain hostnames so that an untrusted host on the LAN cannot advertise it's name via dhcp as e.g. "microsoft.com" and capture traffic not meant for it. If no domain suffix is specified, then any DHCP hostname with a domain part (ie with a period) will be disallowed and logged. If suffix is specified, then hostnames with a domain part are allowed, provided the domain part matches the suffix. In addition, when a suffix is set then hostnames without a domain part have the suffix added as an optional domain part. Eg on my network I can set 
-.B --domain-suffix=thekelleys.org.uk
+.B --domain=thekelleys.org.uk
 and have a machine whose DHCP hostname is "laptop". The IP address for that machine is available from 
 .B dnsmasq
 both as "laptop" and "laptop.thekelleys.org.uk". If the domain is
@@ -455,22 +615,36 @@ given as "#" then the domain is read from the first "search" directive
 in /etc/resolv.conf (or equivalent). 
 .TP
 .B \-E, --expand-hosts
-Add the domain-suffix to simple names (without a period) in /etc/hosts
+Add the domain to simple names (without a period) in /etc/hosts
 in the same way as for DHCP-derived names.
+.TP
+.B \-C, --conf-file=<file>
+Specify a different configuration file. The conf-file option is also allowed in
+configuration files, to include multiple configuration files.
+.TP
+.B \-7, --conf-dir=<directory>
+Read all the files in the given directory as configuration
+files. Files whose names end in ~ or start with . or start and end
+with # are skipped. This flag may be given on the command
+line or in a configuration file.
 .SH CONFIG FILE
 At startup, dnsmasq reads
 .I /etc/dnsmasq.conf,
 if it exists. (On
 FreeBSD, the file is 
 .I /usr/local/etc/dnsmasq.conf
-) The format of this
+) (but see the 
+.B \-C
+and
+.B \-7
+options.) The format of this
 file consists of one option per line, exactly as the long options detailed 
 in the OPTIONS section but without the leading "--". Lines starting with # are comments and ignored. For
 options which may only be specified once, the configuration file overrides 
-the command line. Use the --conf-file option to specify a different
-configuration file. The conf-file option is also allowed in
-configuration files, to include multiple configuration files. Only one
-level of nesting is allowed.
+the command line.  Quoting is allowed in a config file:
+between " quotes the special meanings of ,:. and # are removed and the
+following escapes are allowed: \\\\ \\" \\t \\a \\b \\r and \\n. The later 
+corresponding to tab, bell, backspace, return and newline.
 .SH NOTES
 When it receives a SIGHUP, 
 .B dnsmasq 
@@ -544,6 +718,17 @@ and run dnsmasq with the
 .B \-r /etc/resolv.dnsmasq
 option. This second technique allows for dynamic update of the server
 addresses by PPP or DHCP.
+.PP
+Addresses in /etc/hosts will "shadow" different addresses for the same
+names in the upstream DNS, so "mycompany.com 1.2.3.4" in /etc/hosts will ensure that
+queries for "mycompany.com" always return 1.2.3.4 even if queries in
+the upstream DNS would otherwise return a different address. There is
+one exception to this: if the upstream DNS contains a CNAME which
+points to a shadowed name, then looking up the CNAME through dnsmasq
+will result in the unshadowed address associated with the target of
+the CNAME. To work around this, add the CNAME to /etc/hosts so that
+the CNAME is shadowed too.
+
 .PP
 The network-id system works as follows: For each DHCP request, dnsmasq
 collects a set of valid network-id tags, one from the 
@@ -560,6 +745,14 @@ set collected as described above. The prefix '#' on a tag means 'not'
 so --dhcp=option=#purple,3,1.2.3.4 sends the option when the
 network-id tag purple is not in the set of valid tags.
 .PP
+If the network-id in a
+.B dhcp-range 
+is prefixed with 'net:' then its meaning changes from setting a
+tag to matching it. Thus if there is more than dhcp-range on a subnet,
+and one is tagged with a network-id which is set (for instance
+from a vendorclass option) then hosts which set the netid tag will be 
+allocated addresses in the tagged range.
+.PP 
 The DHCP server in dnsmasq will function as a BOOTP server also,
 provided that the MAC address and IP address for clients are given,
 either using 
@@ -569,7 +762,8 @@ configurations or in
 , and a
 .B dhcp-range 
 configuration option is present to activate the DHCP server
-on a particular network. The filename
+on a particular network. (Setting --bootp-dynamic removes the need for
+static address mappings.) The filename
 parameter in a BOOTP request is matched against netids in
 .B  dhcp-option 
 configurations, allowing some control over the options returned to

man/es/dnsmasq.8

@@ -0,0 +1,812 @@
+.TH DNSMASQ 8
+.SH NOMBRE
+dnsmasq \- Un ligero servidor DHCP y DNS con caché.
+.SH SINOPSIS
+.B dnsmasq
+.I [OPCION]...
+.SH "DESCRIPCION"
+.BR dnsmasq
+es un ligero servidor DNS y DHCP. Su propósito es proveer servicios DNS
+y DHCP a una red de área local.
+.PP
+Dnsmasq acepta búsquedas DNS y las responde desde un pequeño
+caché local, o las reenvía hacia un servidor DNS real recursivo.
+Carga el contenido de /etc/hosts, de tal forma que nombres de
+hosts locales los cuales no aparecen en el DNS mundial puedan ser
+resueltos. También responde a búsquedas DNS para hosts configurados
+vía DHCP.
+.PP
+El servidor DHCP dnsmasq incluye soporte para assignación de direcciones
+estáticas, redes múltiples, DHCP-relay y especificadores de subredes
+RFC3011. Automáticamente envía un predeterminado sensible de opciones
+DHCP, y puede ser configurado para enviar cualquier opciones DHCP
+deseadas. Tambíen incluye soporte para BOOTP.
+.PP
+Dnsmasq 
+incluye soporte para IPv6.
+.SH OPCIONES
+Nótese que en general parámetros ausentes son permitidos y deshabilitan
+funciones, por ejemplo "--pid-file=" deshabilita la escritura de un
+archivo PID. En BSD, a menos que la librería GNU getopt esté enlazada,
+la forma larga de las opciones no funciona en la línea de comandos,
+pero todavía es reconocida en el archivo de configuración.
+.TP
+.B \-h, --no-hosts
+No leer los nombres de hosts en /etc/hosts.
+.TP
+.B \-H, --addn-hosts=<archivo>
+Archivo de hosts adicional. Leer el archivo especificado adicionalmente
+a /etc/hosts. Si se brinda -h, leer solo el archivo especificado. Esta
+opción puede ser repetida para más de un archivo de hosts adicional.
+.TP
+.B \-T, --local-ttl=<tiempo>
+Al responder con información desde /etc/hosts o desde el archivo
+de arriendos DHCP, dnsmasq fija el tiempo de vida a cero por
+predeterminado, significando que el remitente no debrá cachear
+la información por sí mismo. Esto es lo correcto a hacer en casi
+todas las situaciones. Esta opción permite que se especifique
+cierto tiempo de vida (en segundos) para estas respuestas. Esto
+reduce la carga sobre el servidor al costo de que los clientes
+usaran datos añejos bajo algunas circunstancias.
+.TP
+.B \-k, --keep-in-foreground
+No ir hacia el fondo al iniciar, pero aparte de eso correr como
+normal. La intención de esto es para cuando dnsmasq es corrido
+bajo daemontools o launchd.
+.TP
+.B \-d, --no-daemon
+Modo debug: no hacer un fork hacia el fondo, no crear un archivo PID,
+no cambiar el ID del usuario, generar un cache dump completo al
+recibir un SIGUSR1, bitacorear a stderr al igual que a syslog, no
+hacerle fork a procesos nuevos para manejar búsquedas TCP.
+.TP
+.B \-q, --log-queries
+Bitacorear los resultados de búsquedas DNS manejadas por dnsmasq.
+Habilitar un dump de caché completo al recibir un SIGUSR1.
+.TP
+.B \-8, --log-facility=<facilidad>
+Fijar la facilidad a la cual dnsmasq deberá enviar mensajes syslog,
+esto es DAEMON por predeterminado, y LOCAL0 cuando en modo debug.
+.TP
+.B \-x, --pid-file=<path>
+Especificar un path alterno donde dnsmasq debe guardar su PID.
+Normalmente es /var/run/dnsmasq.pid.
+.TP
+.B \-u, --user=<usuario>
+Especificar el userid al cual dnsmasq debe cambiarse despues de iniciar.
+Dnsmasq normalmente debe ser iniciado como root, pero soltará los
+privilegios root despues del inicio, cambiando a otro usuario.
+Normalmente este usuario es "nobody", pero eso se puede cambiar
+con esta opción.
+.TP
+.B \-g, --group=<grupo> 
+Especificar el grupo como el cual dnsmasq correrá. El predeterminado
+es "dip", si está disponible, para facilitar el acceso a
+/etc/ppp/resolv.conf el cuál normalmente no es globalmente leíble.
+.TP
+.B \-v, --version
+Mostrar el número de versión.
+.TP
+.B \-p, --port=<puerto>
+Escuchar en el puerto <puerto> en vez del puerto estándar DNS (53).
+Principalmente útil para debugging.
+.TP
+.B \-P, --edns-packet-max=<tamaño>
+Especificar el paquete UDP EDNS.0 más grande que es soportado por
+el reenviador DNS. Por predeterminado es 1280, lo cual es el
+máximo recomendado en RFC2671 para ethernet.
+.TP
+.B \-Q, --query-port=<puerto>
+Enviar búsquedas outbound desde, y escuchar por respuestas en,
+el puerto UDP <puerto> en vez de usar uno escojido a la hora
+de inicio. Esto es útil para simplificar las reglas del firewall;
+sin esto, su firewall tendría que permitir conecciones desde
+servidores DNS foráneos hacia un rango de puertos UDP, o
+adaptarse dinámicamente al puerto siendo usado por la actual
+instancia de dnsmasq.
+.TP
+.B \-i, --interface=<interface>
+Escuchar solo en las interfaces especificadas. Dnsmasq automaticamente
+agrega la interface loopback a la lista de interfaces para usar cuando
+la opción
+.B \--interface
+es usada. Si ninguna opcion
+.B \--interface
+o
+.B \--listen-address
+es brindada, dnsmasq escucha en todas las interfaces disponibles excepto
+cualquiera fijada con la opcion
+.B \--except-interface
+Interfaces IP alias (eg "eth1:0") no pueden ser utilizadas con
+.B --interface
+o
+.B --except-interface
+, usar --listen-address en vez.
+.TP
+.B \-I, --except-interface=<interface>
+No escuchar en la interface especificada. Nótese que el orden de
+las opciones
+.B \--listen-address
+.B --interface
+y
+.B --except-interface
+no importa y la opcion
+.B --except-interface
+siempre invalida a las otras.
+.TP 
+.B \-2, --no-dhcp-interface=<interface>
+No proveer DHCP en la interface especificada, pero sí
+proveer servicio DNS.
+.TP
+.B \-a, --listen-address=<dirección IP>
+Escuchar en la(s) dirección(es) IP especificada(s). Las opciones
+.B \--interface
+y
+.B \--listen-address
+ambas pueden ser brindadas, y en tal caso el juego de ambas
+direcciones IP y interfaces es usada. Nótese que si ninguna opción
+.B \--interface
+es brindada, pero sí se brinda la opción
+.B \--listen-address
+entonces dnsmasq no escuchará automáticamente en la interface
+loopback. Para obtener esto, la dirección IP 127.0.0.1 debe ser
+explícitamente dada como una opción
+.B \--listen-address
+.TP
+.B \-z, --bind-interfaces
+En sistemas que inluyen el soporte, dnsmasq acopla la dirección
+de comodín, aún cuando está escuchando solamente en algunas
+interfaces. Entonces descarta búsquedas a las cuales no debe
+responder. Esto tiene la ventaja de funcionar aún cuando
+interfaces van y vienen y cambian direcciones. Esta opción forza
+a dnsmasq a acoplarse realmente solo a las interfaces en
+las cuales está escuchando. Casi la única vez que esto es útil
+es cuando se está corriendo otro servidor DNS (o otra instancia
+de dnsmasq) en la misma máquina. Fijar esta opción tambien
+habilita multiples instancias de dnsmasq, las cuales proveen
+servicio DHCP en la misma máquina.
+.TP
+.B \-y, --localise-queries
+Retornar respuestas a búsquedas DNS desde /etc/hosts las cuales dependen
+de la interface donde entró la búsqueda. Si un nombre en /etc/hosts tiene
+mas de una dirección asociada con el, y por lo menos una de esas direcciones
+está en la misma subred de la interface donde fue enviada, entónces
+retornar solo las direcciones en esa subred. Esto permite a un servidor
+tener direcciones múltiples en /etc/hosts correspondientes a cada una de
+sus interfaces y cada host recibirá la respuesta adecuada
+dependiendo de cual red tengan adjunta. Por el momento, esta facilidad
+está limitada a IPv4.
+.TP
+.B \-b, --bogus-priv
+Búsquedas privadas reversas raras. Toda búsqueda para rangos de IP
+privados (192.168.x.x, etc.) los cuales no se encuentren en
+/etc/hosts o en el archivo de arriendos DHCP es respondida con
+"dominio no existente" en vez de ser reenviada upstream.
+.TP
+.B \-V, --alias=<IP vieja>,<IP nueva>[,<máscara>]
+Modificar direcciones IPv4 retornadas desde servidores DNS upstream;
+<IP vieja> es remplazada con <IP nueva>. Si la máscara opcional
+es brindada, entonces cualquier dirección que coincida con la
+<IP vieja> enmascarada será re-escrita. Así que, por ejemplo,
+.B --alias=1.2.3.0,6.7.8.0,255.255.255.0
+mapeará 1.2.3.56 a 6.7.8.56 y 1.2.3.67 a 6.7.8.67. Esto es lo que
+ruteadores Cisco PIX llaman "DNS doctoring".
+.TP 
+.B \-B, --bogus-nxdomain=<dirección IP>
+Transformar respuestas que contienen la dirección IP brindada en
+respuestas tipo "Dominio no existe". La intención de esto es actuar
+en contra de una movida desviada hecha por Verisign en septiembre
+del 2003, cuando comenzaron a retornar la dirección de un servidor
+de publicidad en respuesta a búsquedas por nombres no registrados,
+en vez de la correcta respuesta NXDOMAIN. Esta opción le dice a dnsmasq
+que debe forjear la respuesta correcta cuando ve este comportamiento.
+Desde septiembre 2003 la dirección IP siendo retornada por Verisign
+es 64.94.110.11
+.TP
+.B \-f, --filterwin2k
+Algunas versiones de Windows hacen búsquedas DNS periódicas las cuales no
+reciben respuestas sensibles desde el DNS público y pueden causar problemas
+activando enlaces marcación-en-demanda. Esta opción filtra dichas búsquedas.
+Las búsquedas filtradas son para registros tipo SOA y SRV, al igual que
+tipo ANY donde el nombre pedido contiene _, para atrapar búsquedas LDAP.
+.TP
+.B \-r, --resolv-file=<archivo>
+Leer las direcciones IP de servidores DNS upstream desde <archivo>,
+en vez de /etc/resolv.conf. Para el formato de este archivo, ver
+.BR resolv.conf (5)
+Las únicas líneas relevantes a dnsmasq son las de servidores DNS. A
+dnsmasq se le puede decir que revise más de un archivo resolv.conf,
+el primer archivo especificado remplaza al predeterminado, y los
+subsiguientes archivos son agregados a la lista. Esto es solo
+permitido cuando haciendo polling; el archivo con la actual fecha
+de modificación más nueva es el que es usado.
+.TP
+.B \-R, --no-resolv
+No leer /etc/resolv.conf. Obtener los servidores DNS upstream solo
+desde la línea de comandos o desde el archivo de configuración de
+dnsmasq.
+.TP
+.B \-1, --enable-dbus
+Permitir que la configuración de dnsmasq sea actualizada vía llamadas
+de método DBus. La configuración que puede ser cambiada es servidores
+DNS upstream (y dominios correspondientes) y limpieza de caché. Esta
+opción requiere que dnsmasq haya sido compilado con soporte para DBus.
+.TP 
+.B \-o, --strict-order
+Por predeterminado, dnsmasq enviará búsquedas a cualquiera de los
+servidores upstream que conoce, y trata de favorecer servidores los
+cuales sabe que están activos. Fijar esta opcion forza a dnsmasq a
+probar cada búsqueda con cada servidor estrictamente en el orden
+que aparecen en /etc/resolv.conf
+.TP
+.B \-n, --no-poll
+No revisar periodicamente a /etc/resolv.conf en busca de cambios.
+.TP
+.B \-D, --domain-needed
+Le dice a dnsmasq que no debe reenviar búsquedas para nombres sencillos,
+sin puntos o partes de dominios, a servidores upstream. Si el nombre
+no se conoce desde /etc/hosts o desde DHCP entonces una respuesta
+"no encontrado" es devuelta.
+.TP
+.B \-S, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source>[#<port>]]]
+Especificar la dirección IP de servidores upstream directamente. Fijar
+esta opción no suprime la lectura de /etc/resolv.conf, use -R para
+hacer eso. Si uno a más dominios opcionales son brindados, ese servidor
+es usado solo para esos dominios y las búsquedas son hechas usando
+el servidor especificado solamente. La intención de esto es para el
+uso con servidores DNS privados: si usted tiene un servidor DNS en su
+red el cual lidea con nombres de la forma
+xxx.internal.thekelleys.org.uk en 192.168.1.1 entonces brindar la
+opción
+.B -S /internal.thekelleys.org.uk/192.168.1.1
+enviará todas las búsquedas de máquinas internas a ese servidor DNS,
+todas las demás búsquedas serán enviadas a los servidores en
+/etc/resolv.conf. Una especificación de dominio en blanco
+.B //
+tiene el significado especial de "solo nombres no calificados", o
+sea nombres sin ningun punto en ellos. Un puerto no-estándar puede
+ser especificado como parte de la dirección IP usando el caracter
+#. Más de una opción -S es permitida, con partes de dominio o
+dirección IP repetidas como sea necesario.
+
+También se permite una opción -S la cual brinda un dominio pero
+ninguna dirección IP; esto le dice a dnsmasq que un dominio es local
+y puede responder a búsquedas desde /etc/hosts o DHCP pero nunca
+deberá reenviar búsquedas en ese dominio a ningún servidor upstream.
+.B local
+es un sinónimo de
+.B server
+para hacer los archivos de configuración mas claros en este caso.
+
+La segunda dirección IP opcional después del carácter @ le dice
+a dnsmasq como fijar la dirección de remitente de las búsquedas
+hacia este servidor DNS. Debe ser una dirección perteneciente a
+la máquina en la cual corre dnsmasq, o de forma contraria esta
+línea de servidor será bitacoreada y después ignorada. La opción
+query-port es ignorada para cualquier servidores que tengan una
+dirección remitente especificada, pero el puerto puede ser
+especificado directamente como parte de la dirección remitente.
+.TP
+.B \-A, --address=/<domain>/[domain/]<ipaddr>
+Especificar una dirección IP para retornar por cualquier host en
+los dominios brindados. Búsquedas en estos dominios nunca son
+reenviadas, y siempre son respondidas con la dirección IP
+especificada, la cual puede ser IPv4 o IPv6. Para brindar ambas
+direcciones IPv4 y IPv6 para un dominio, usar opciones -A repetidas.
+Nótese que /etc/hosts y arriendos DHCP invalidan esto para nombres
+individuales. Un uso común para esto es redireccionar el dominio
+doubleclick.net entero a algún servidor web local amigable para
+evitar banners de publicidad. La especificación funciona de la misma
+forma que con --server, con la facilidad adicional que /#/ coincide
+con cualquier dominio. De tal forma, --address=/#/1.2.3.4 siempre
+retornará 1.2.3.4 para cualquier búsqueda no respondida desde
+/etc/hosts o DHCP y que no haya sido enviada a un servidor DNS
+upstream por una directiva --server mas especifica.
+.TP
+.B \-m, --mx-host=<mx name>[[,<hostname>],<preference>]
+Retornar un record llamado <nombre MX> apuntando hacia un nombre de
+host brindado (opcionalmente), o el host especificado en la opción
+--mx-target, o si esa opción no es brindada, el host en el cual
+dnsmasq está corriendo. El predeterminado es útil para redireccionar
+correo de sistemas en la red local hacia un servidor central. La
+opción de preferencia es opcional, y su predeterminado es 1 si no
+es brindada. Más de un record MX puede ser brindado para un host.
+.TP 
+.B \-t, --mx-target=<hostname>
+Especificar el target predeterminado para el record MX devuelto
+por dnsmasq. Ver --mx-host. Si --mx-target es brindado, pero no
+--mx-host, entonces dnsmasq devuelve un record MX conteniendo
+el target MX para búsquedas MX en el hostname de la máquina donde
+dnsmasq está corriendo.
+.TP
+.B \-e, --selfmx
+Retornar un record MX apuntándose a sí mismo para cada máquina local.
+Máquinas locales son aquellas en /etc/hosts o con arriendos DHCP.
+.TP 
+.B \-L, --localmx
+Retornar un record MX apuntando al host brindado por mx-target (o
+la máquina donde dnsmasq está corriendo) para cada máquina local.
+Máquinas locales son aquellas en /etc/hosts o con arriendos DHCP.
+.TP
+.B \-W, --srv-host=<_service>.<_prot>.[<domain>],[<target>[,<port>[,<priority>[,<weight>]]]]
+Retornar un record SRV DNS. Ver RFC2782 para detalles. Si no es
+brindada, el dominio se predetermina a el brindado por
+.B --domain.
+El predeterminado para el dominio target está vacío, y el predeterminado
+para puerto es uno y los predeterminados para peso y prioridad son cero.
+Tener cuidado al transponer data desde archivos de zona BIND: los
+números de puerto, peso, y prioridad están en un orden diferente. Más
+de un record SRV para un servicio/dominio es permitido, todos los que
+coincidan son retornados.
+.TP
+.B \-Y, --txt-record=<name>[[,<text>],<text>]
+Retornar un récord DNS TXT. El valor del récord TXT es una serie de
+strings, así que cualquier número puede ser incluido, dividido por
+comas.
+.TP
+.B \-c, --cache-size=<cachesize>
+Fijar el tamaño del caché de dnsmasq. El predeterminado es 150 nombres.
+Fijar el tamaño a cero deshabilita el caché.
+.TP
+.B \-N, --no-negcache
+Deshabilitar caché negativo. El caché negativo le permite a dnsmasq
+recordar resultados tipo "dominio no existe" desde servidores DNS
+upstream y responder búsquedas idénticas sin reenviarlas nuevamente.
+Esta opción deshabilita el caché negativo.
+.TP
+.B \-F, --dhcp-range=[[net:]network-id,]<start-addr>,<end-addr>[[,<netmask>],<broadcast>][,<default lease time>]
+Habilitar el servidor DHCP. Direcciones serán distribuidas desde el
+rango <start-addr> hasta <end-addr> y desde direcciones definidas
+estáticamente en opciones
+.B dhcp-host
+Si el tiempo de arriendo es brindado, entonces arriendos serán
+dados por esa cantidad de tiempo. El tiempo de arriendo es en
+segundos, o minutos (ej. 45m), o horas (ej. 1h), o el literal
+"infinite". Esta opción puede ser repetida, con diferentes
+direcciones para habilitar servicio DHCP en más de una red. Para
+redes conectadas diréctamente (en otras palabras, redes en las
+cuales la máquina corriendo dnsmasq tiene una interface) la
+máscara de subred es opcional. Es requerida para redes que
+reciben servicio DHCP vía un agente de relay. La dirección de
+broadcast siempre es opcional. En algunos sistemas rotos, dnsmasq
+solo puede escuchar en una interface cuando se usa DHCP, y el
+nombre de esa interface debe ser brindado usando la opcion
+.B interface
+Esta limitación actualmente afecta a OpenBSD. Siempre se permite
+tener más de un rango dhcp (dhcp-range) en una subred. El
+parametro opcional network-id es una etiqueta alfanumerica la
+cual marca esta red de tal forma que opciones dhcp puedan ser
+especificadas en base a cada red.
+Cuando es prefijada con 'net:' entonces el significado cambia
+de "fijar etiqueta" a "coincidir con etiqueta".
+La dirección final puede ser remplazada por la palabra
+.B static
+la cual le dice a dnsmasq que debe habilitar DHCP para la red
+especificada, pero no alocar dinámicamente direcciones IP.
+Solo hosts que tienen direcciones estáticas brindadas vía
+.B dhcp-host
+o desde /etc/ethers serán servidas.
+.TP
+.B \-G, --dhcp-host=[[<hwaddr>]|[id:[<client_id>][*]]][net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
+Especificar parámetros por host para el servidor DHCP. Esto permite
+que una máquina con una dirección de hardware particular sea siempre
+alocada el mismo nombre de host, dirección IP, y tiempo de arriendo.
+Un nombre de host especificado de esta manera toma presedencia
+sobre cualquiera suministrado por el cliente DHCP en la máquina.
+También se permite omitir la direccion de hardware y incluir el
+nombre host; en tal caso la dirección IP y los tiempos de arriendo
+serán aplicables a cualquier máquina que reclame ese nombre.
+Por ejemplo:
+.B --dhcp-host=00:20:e0:3b:13:af,wap,infinite
+le dice a dnsmasq que debe darle a la máquina con dirección
+ethernet 00:20:e0:3b:13:af el nombre wap, y un arriendo DHCP infinito.
+.B --dhcp-host=lap,192.168.0.199
+le dice a dnsmasq que siempre debe alocarle a la maquina lap
+la dirección IP 192.168.0.199. Direcciones alocadas de esta manera
+no tienen que estar dentro del rango dado con la opción --dhcp-range,
+pero deben estar en la red siendo servida por el servidor DHCP. Se
+permite usar identificadores de clientes en vez de direcciones de
+hardware para identificar hosts prefijando 'id:'. O sea que:
+.B --dhcp-host=id:01:02:03:04,.....
+se refiere al host con identificador de cliente 01:02:03:04.
+También se permite especificar el ID de cliente como texto, así:
+.B --dhcp-host=id:clientidastext,.....
+La opción especial id:* significa "ignorar cualquier ID de cliente
+y usar solamente direcciones MAC." Esto es útil cuando un cliente
+presenta un ID de cliente algunas veces pero otras no.
+Si un nombre aparece en /etc/hosts, la dirección asociada puede
+ser alocada a un arriendo DHCP, pero solo si existe una opción
+.B --dhcp-host
+la cual especifica el nombre también. La palabra clave "ignore"
+le dice a dnsmasq que no debe ofrecer jamás un arriendo DHCP a
+una máquina. La máquina puede ser especificada por dirección de
+hardware, ID de cliente, o nombre de host, por ejemplo:
+.B --dhcp-host=00:20:e0:3b:13:af,ignore
+Esto es útil cuando hay otro servidor DHCP en la red para ser
+usado por algúnas máquinas. net:<network-id> fija la etiqueta
+network-id cuando sea que esta directiva dhcp-host está en uso.
+Esto puede ser usado para enviar selectivamente opciones DHCP
+a este host.
+Direcciones ethernet (pero no client-ids) pueden tener bytes
+comodínes, así que por ejemplo
+.B --dhcp-host=00:20:e0:3b:13:*,ignore
+causará que dnsmasq ignore un rango de direcciones ethernet. Nótese
+que el "*" necesitará ser escapado o escrito entre comillas en la
+línea de comandos, pero no en el archivo de configuración.
+Direcciones de hardware normalmente coinciden con cualquier
+tipo de red (ARP), pero es posible restringirlas a un tipo ARP
+singular precediendolo con el tipo ARP (en HEX) y "-". Así que
+.B --dhcp-host=06-00:20:e0:3b:13:af,1.2.3.4
+solo coincidaría una dirección de hardware Token-Ring, dado que
+el tipo ARP para Token-Ring es 6.
+.TP 
+.B \-Z, --read-ethers
+Leer /etc/ethers en busca de información sobre hosts para el servidor
+DHCP. El formato de /etc/ethers es una dirección de hardware, seguida
+por ya sea un nombre de host o una dirección IP. Al ser leidas por
+dnsmasq, estas líneas tienen exáctamente el mismo efecto que opciones
+.B --dhcp-host
+que contienen la misma información.
+.TP
+.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][vendor:<vendor-class>]<opt>,[<value>[,<value>]]
+Especificar opciones diferentes o extra a clientes DHCP. Por
+predeterminado, dnsmasq envía algunas opciones estándar a clientes
+DHCP. La máscara de subred y dirección broadcast son fijadas igual
+a las del host que corre dnsmasq, y el servidor DNS y ruteador
+a la dirección de la máquina que corre dnsmasq. Si la opción de
+nombre de dominio ha sido fijada, es enviada. Esta opción permite
+que esos predeterminados sean sobrescritos, o que sean especificadas
+otras opciones. <opt> es el numero de la opción, como especificado
+en RFC2132. Por ejemplo, para fijar a ruta predeterminada a
+192.168.4.4, hágase un
+.B --dhcp-option=3,192.168.4.4
+y para fijar la dirección de servidor de tiempo a 192.168.0.4,
+hágase un
+.B --dhcp-option=42,192.168.0.4
+La dirección especial 0.0.0.0 es entendida que significa "la
+dirección de la máquina que corre dnsmasq". Tipos de data permitidos
+son direcciones IP de cuatro puntos, un número decimal, dígitos hex
+separados por colones, y un string de texto. Si las network-ids
+opcionales son brindadas, entonces esta opcion es solo enviada cuando
+todas las network-ids coinciden.
+
+Tener cuidado: niguna verificación es hecha sobre si el número de tipo
+correcto es enviado, y es muy posible persuadir a dnsmasq para que
+genere paquetes DHCP ilegales mediante uso inadecuado de esta opción.
+Cuando el valor es un número decimal, dnsmasq debe determinar qué tan
+grande es el objeto de data. Esto es hecho mediante una examinación del
+número de opción, y/o el valor, pero puede ser invalidado agregándole
+una opción de una sola letra de esta forma: b = un byte, s = dos bytes,
+i = cuatro bytes. Esto es principalmente útil con opciones encapsuladas
+tipo vendedor (ver abajo) donde dnsmasq no puede determinar el tamaño
+de data usando el número de opción. Data de opción la cual consiste
+solo de puntos y dígitos será interpretada por dnsmasq como una
+dirección IP, y será insertada dentro de una opción de esa manera.
+Para forzar un string literal, usar comillas. Por ejemplo, cuando se
+usa la opción 66 para enviar una IP literal como un nombre de servidor
+TFTP, es necesario hacer:
+.B --dhcp-option=66,"1.2.3.4"
+Opciones encapsuladas vendor-class también pueden ser especificadas
+usando
+--dhcp-option: por ejemplo
+.B --dhcp-option=vendor:PXEClient,1,0.0.0.0
+envía la clase de vendedor "PXEClient" y la clase encapsulada de vendedor
+especifica "mftp-address=0.0.0.0". Solo se permite una clase para cualquier
+host, pero opciones múltiples son permitidas, con tal que tengan la misma
+clase de vendedor. La dirección 0.0.0.0 no es tratada de forma especial
+en opciones de clase encapsuladas.
+.TP
+.B \-U, --dhcp-vendorclass=<network-id>,<vendor-class>
+Mapear desde un string vendor-class a un network id. La mayoría de los
+clientes DHCP proveen una "vendor class" la cual representa, en cierto
+sentido, el tipo de host. Esta opción mapea clases de vendedor a network
+ids, de tal forma que opciones DHCP pueden ser selectivamente entregadas
+a diferentes clases de hosts. Por ejemplo
+.B dhcp-vendorclass=printers,Hewlett-Packard JetDirect
+peritiría que opciones sean fijadas solo para impresoras HP así:
+.B --dhcp-option=printers,3,192.168.4.4 
+El string vendor-class es coordinado con el vendor-class proveido por
+el cliente, para permitir coincidencias borrosas.
+.TP
+.B \-j, --dhcp-userclass=<network-id>,<user-class>
+Mapear desde un string user-class a un network id (con coordinación
+substring, como con vendor-class). La mayoría de los clientes DHCP
+proveen un "user class" el cual es configurable. Esta opción mapea
+clases user a network ids, de tal manera que opciones DHCP puedan
+ser selectivamente enviadas a diferentes tipos de hosts. Es posible,
+por ejemplo, usar esto para especificar una impresora diferente para
+hosts en la clase "accounts" que para los de la clase "engineering".
+.TP
+.B \-4, --dhcp-mac=<network-id>,<MAC address>
+Mapear desde una dirección MAC a una network id. La dirección MAC
+puede incluir comodínes. Por ejemplo:
+.B --dhcp-mac=3com,01:34:23:*:*:*
+fijaría el tag "3com" a cualquier host el cual su MAC coincida con
+el patrón.
+.TP
+.B \-J, --dhcp-ignore=<network-id>[,<network-id>]
+Cuando todos los network ids brindados coincidan con el juego de
+network ids derivados de las clases net, host, y vendor, ignorar
+el host y no brindarle un arriendo DHCP.
+.TP
+.B \-M, --dhcp-boot=[net:<network-id>,]<filename>,[<servername>[,<server address>]]
+Fijar opciones BOOTP que han de ser devueltas por el servidor DHCP.
+Estas se necesitan para máquinas que bootean desde la red, y decirle
+a la máquina donde conseguir su configuración inicial. Si las network
+id opcionales son brindadas, deben coincidir con esta opción para ser
+enviadas. Nótese que network ids son prefijadas con "net:" para
+distinguirlas.
+.TP  
+.B \-X, --dhcp-lease-max=<number>
+Limita a dnsmasq a el número especificado de arriendos DHCP. El
+predeterminado es 150. El limite es para prevenir ataques DoS desde
+hosts que crean cientos de arriendos y usan mucha de la memoria del
+proceso dnsmasq.
+.TP
+.B \-K, --dhcp-authoritative
+Esta opción debe ser fijada cuando dnsmasq es definitivamente el único
+servidor DHCP en la red. Cambia el comportamiento de RFC de tal manera
+que pedidos desde hosts no conocidos no serán ignorados. Esto permite que
+hosts nuevos puedan conseguir un arriendo sin sin un timeout bajo toda
+circunstancia. También permite que dnsmasq reconstruya su base de datos
+de arriendos sin que cada cliente requiera un arriendo, si la base de datos
+es perdida.
+.TP
+.B \-3, --bootp-dynamic
+Habilitar alocación dinámica de direcciones IP a clientes BOOTP. Usar
+esto con cuidado, ya que cada cirección alocada a un cliente BOOTP
+es arrendada para siempre, y consecuentemente queda no-disponible
+para uso por otros hosts.
+.TP
+.B \-5, --no-ping
+Por predetermindado, el servidor DHCP tratará de asegurarse que una
+dirección no esté en uso antes de alocarsela a un host. Hace esto
+enviando un echo ICMP (ping) a la dirección referente. Si recibe una
+respuesta, entonces la dirección debe estar siendo usada, y se repite
+la prueba con otra. Esta opcion deshabilita esta prueba. Usar con
+cuidado.
+.TP
+.B \-l, --dhcp-leasefile=<path>
+Usar el archivo especificado para almacenar informacion de arriendos
+DHCP. Si esta opcion es brindada, pero ninguna opcion dhcp-range es
+brindada, entonces se activa comportamiento tipo dnsmasq versión 1.
+El archivo brindado se asume es un archivo de arriendos dhcpd ISC y
+es analizado en busca de arriendos los cuales son agregados al sistema
+DNS si tienen un nombre de host. Esta funcionalidad pudo haber sido
+excluida de dnsmasq a la hora de compilación, y en tal caso ocurrirá
+un error. En todo caso, nótese que la integración de archivos de
+arriendo ISC es una caracterísctica depreciada. No debería ser usada
+en instalaciones nuevas, y será eliminada en versiones futuras.
+.TP
+.B \-6 --dhcp-script=<path>
+Cuando sea que un arriendo DHCP nuevo es creado, o uno viejo es
+destruido, el binario especificado por esta opción es ejecutado.
+Los argumentos para el binario son "add", "old", o "del", la dirección
+MAC del host (o "<null>"), la dirección IP, y el hostname, si es
+conocido. "add" significa que un arriendo ha sido creado, "del" que
+ha sido destruido, y "old" es una notificación de un arriendo existente
+cuando dnsmasq inicia o un cambio a una MAC o nombre host de un arriendo
+existente. Este proceso es ejecutado como el usuario sin privilegios
+como corre dnsmasq, así que puede ser necesario inhibir el dejar el
+usuario root, usando la directiva
+.B -u
+si el ejecutable necesita privilegios root.
+El ambiente es heredado del usuario que ha invocado a dnsmasq, y todos
+los descriptores están cerrados excepto stdin, stdout y stderr los cuales
+están abiertos a /dev/null (excepto en modo debug).
+Este guión no es invocado concurrentemente: si cambios de arriendos
+subsiguientes ocurren, el guión no es invocado otra vez hasta que
+cualquier invocación existennte haga exit. Al inicio de dnsmasq, el guión
+será invocado para todos los arriendos existenetes mientras van siendo
+leidos desde el archivo de arriendos. Arriendos vencidos serán llamados
+con "del" y otros con "old". <path> debe ser un path absoluto, ninguna
+búsqueda PATH ocurre.
+.TP
+.B \-s, --domain=<domain>
+Especifica el dominio para el servidor DHCP. Esto tiene dos efectos:
+Primeramente, causa que el servidor DHCP le devuelva el dominio a
+cualquier host que lo pida. Segundamente, fija el dominio para el cual
+es legal para hosts configurados mediante DHCP reclamar. La intención es
+restringir nombres de host para que un host no-confiado en la LAN no
+pueda proclamar su nombre vía DHCP, como por ejemplo "microsoft.com" y
+capturar tráfico no destinado a ella. Si ningún sufijo de dominio es
+especificado, entonces cualquier nombre de host con una parte de dominio
+(o sea con un punto) será negada y logeada. Si un sufijo es especificado,
+entonces nombres de host con una parte de dominio son permitidos, con tal
+que la parte de dominio coincida con el sufijo. Adicionalmente, cuando
+un sufijo es fijado, entonces nombres de host sin parte de dominio tienen
+el sufijo agregado como una parte de dominio opcional. Por ejemplo, en
+mi red puedo fijar
+.B --domain=thekelleys.org.uk
+y tener una maquina cuyo nombre host DHCP es "laptop". La dirección IP
+de esa máquina es disponible desde
+.B dnsmasq
+como "laptop" y "laptop.thekelleys.org.uk". Si el dominio es brindado
+como "#" entonces el dominio es leido desde la primera directiva de
+búsqueda en /etc/resolv.conf (o equivalente).
+.TP
+.B \-E, --expand-hosts
+Agregar el dominio a nombres simples (sin un punto) en /etc/hosts de
+la misma manera que con nombres derivados de DHCP.
+.TP
+.B \-C, --conf-file=<archivo>
+Especificar un archivo de configuración diferente. La opción conf-file
+también es permitida en archivos de configuración, para incluir múltiples
+archivos de configuración.
+.TP
+.B \-7, --conf-dir=<directorio>
+Leer todos los archivos dentro del directorio brindado como archivos
+de configuración. Archivos cuyos nombres terminen con ~ o comienzen
+con . o comienzen y terminen con # son ignorados. Esta opción puede
+ser brindada en la línea de comandos o en un archivo de configuración.
+.SH ARCHIVO DE CONFIGURACION
+Al inicio, dnsmasq lee
+.I /etc/dnsmasq.conf,
+si existe. (En FreeBSD, el archivo es
+.I /usr/local/etc/dnsmasq.conf
+) (ver las opciónes
+.B \-C
+y
+.B \-7
+porfavor.) El formato de este archivo consiste de una opción por línea,
+exáctamente como las opciones largas detalladas en la sección OPCIONES
+pero sin el "--" al frente. Líneas que comienzan con # son comentarios
+y son ignoradas. Para opciones que solo pueden ser especificadas una
+sola vez, la línea de comandos invalida el archivo de configuración.
+La comillas son permitidas en el archivo de configuración: entre comillas
+tipo " los significados especiales de ,:. y # son eliminados y los
+siguientes escapes son permitidos: \\\\ \\" \\t \\a \\b \\r y \\n. El
+último corresponde a tab, bell, backspace, return y newline.
+.SH NOTAS
+Al recibir un SIGHUP
+.B dnsmasq 
+libera su cache y entonces recarga
+.I /etc/hosts.
+Si
+.B
+--no-poll
+está fijado entnces SIGHUP también re-lee
+.I /etc/resolv.conf.
+SIGHUP
+NO re-lee el archivo de configuración.
+.PP
+Al recibir un SIGUSR1,
+.B dnsmasq 
+escribe estadisticas de caché al log del sistema. Escribe el tamaño
+del caché, el numero de nombres que han tenido que ser removidos del
+caché antes de que vencieran para hacer espacio para nombres nuevos
+y el número total de nombres que han sido insertados en el caché. En
+modo
+.B --no-daemon
+o cuando logeo completo está habilitado (-q), una descarga completa de
+el contenido del caché es hecha.
+.PP
+Dnsmasq es un reenviador de búsquedas DNS: no puede responder búsquedas
+arbitrarias comenzando desde los servidores root pero reenvía dichas
+búsquedas a un servidor DNS recursivo, el cual es típicamente proveído
+por el proveedor de Internet. Por predeterminado, dnsmasq lee
+.I /etc/resolv.conf
+para descubir las direcciones IP de los servidores DNS upstream que
+debe usar, dado a que esta información es normalmente almacenada allí.
+Amenos que
+.B --no-poll
+sea usado,
+.B dnsmasq
+revisa el tiempo de modificación de
+.I /etc/resolv.conf
+(o equivalente si
+.B \--resolv-file 
+es usado)  y lo re-lee si ha cambiado. Esto permite que servidores DNS séan
+fijados dinámicamente vía PPP o DHCP ya que ambos protocolos brindan esta
+información.
+La ausencia de
+.I /etc/resolv.conf
+no es un error ya que pudo haber sido creada antes de que una conexión PPP
+haya existido. Dnsmasq simplemente sigue revisando en caso de que
+.I /etc/resolv.conf 
+sea creado en algún momento. A dnsmasq se le puede decir que revise más
+de un archivo resolv.conf. Esto es útil en una laptp, donde ambos PPP y
+DHCP podrían estar siendo usados: dnsmasq puede ser fijado para revisar
+ambos:
+.I /etc/ppp/resolv.conf 
+y
+.I /etc/dhcpc/resolv.conf 
+y usará el contenido de cualquiera que haya cambiado mas recientemente,
+brindando así la habilidad de cambio automático entre servidores DNS.
+.PP
+Servidores upstream también pueden ser especificados en la línea de
+comandos o en el archivo de configuración. Estas especificaciones de
+servidor ocpionalmente llevan un nombre de dominio el cual le dice a
+dnsmasq que debe usar ese servidor solo para encontrar nombres en ese
+dominio en particular.
+.PP
+Para configurar dnsmasq para que actúe como caché para el host donde está
+corriendo, poner un "nameserver 127.0.0.1" en
+.I /etc/resolv.conf
+para así forzar procesos locales a enviar búsquedas a dnsmasq. Entonces
+o espesificar los servidores upstream diréctamente a dnsmasq usando
+opciones
+.B \--server
+o poniendo sus direcciones reales en otro archivo, digamos
+.I /etc/resolv.dnsmasq
+y correr dnsmasq con la opcion
+.B \-r /etc/resolv.dnsmasq
+Esta segunda técnica permite la actualización dinámica de las direcciones
+de servidores mediante PPP o DHCP.
+.PP
+Direcciones en /etc/hosts harán "sombra" a diferentes direcciones para
+los mismos nombres en servidores DNS upstream, así que
+"miempresa.com 1.2.3.4" en /etc/hosts se asegurará que las búsquedas
+por "miempresa.com" siempre retornarán 1.2.3.4 aún si búsquedas en el
+servidor DNS upstream devolverían una dirección diferente. Hay una
+excepción a esto: si el servidor DNS upstream contiene un CNAME que
+apunta a un nombre sombreado, entonces buscando el CNAME a travéz de
+dnsmasq resultará en que la dirección no-sombreada será asociada con
+el destino del CNAME. Para circumventar esto, agregar en CNAME a
+/etc/hosts de tal manera que el CNAME es sombreado también.
+.PP
+El sistema network-id funciona de la siguiente manera: Para cada pedido
+DHCP, dnsmasq colecciona un juego de etiquetas network-id válidas,
+una del
+.B dhcp-range
+usado para alocar la dirección, una de cualquier
+.B dhcp-host
+que coincida, y posiblemente muchas de clases de vendedor y usuario
+que coinicdan que hayan sido enviadas por el cliente DHCP.
+Cualquier opcion
+.B dhcp-option 
+que tenga etiquetas network-id será usada en preferencia de una opción
+.B dhcp-option,
+sin etiqueta, con tal que _todas_ las etiquetas coincidan en alguna
+parte del juego coleccionado describido arriba. El prefijo "#" en una
+etiqueta significa "no" así que --dhcp=option=#purple,3,1.2.3.4 envía
+la opción cuando la etiqueta network-id "purple" no está en el juego
+de etiquetas válidas.
+.PP
+Si el network-id en un
+.B dhcp-range 
+es prefijado con "net:", entonces su significado cambia de "fijar
+etiqueta" a "coincidir con etiqueta". O sea que si hay más de un
+dhcp-range en enu subred, y una tiene una etiqueta network-id la
+cual está fijada (por ejemplo una opcion de clase de vendedor) entonces
+hosts que fijen la etiqueta network-id serán alocados direcciones en
+el rango etiquetado.
+.PP 
+El servidor DHCP de dnsmasq funcionará como servidor BOOTP tambien,
+con tal que las direcciones MAC y IP de los clientes sean brindadas,
+ya sea usando configuraciones
+.B dhcp-host 
+o en
+.I /etc/ethers
+, y una configuración
+.B dhcp-range 
+esté presente para activar el servidor DHCP en una red particular.
+(Fijar --bootp-dynamic elimina la necesidad de mapeos estáticos.) El
+Parámetro de nombre de archivos en un pedido BOOTP es revisado para
+ver si coincide con algún network-id en configuraciónes
+.B  dhcp-option 
+permitiendo algún control sobre las opciones devueltas a diferentes
+clases de hosts.
+.SH ARCHIVOS
+.IR /etc/dnsmasq.conf 
+
+.IR /usr/local/etc/dnsmasq.conf
+
+.IR /etc/resolv.conf
+
+.IR /etc/hosts
+
+.IR /etc/ethers
+
+.IR /var/lib/misc/dnsmasq.leases 
+
+.IR /var/db/dnsmasq.leases
+
+.IR /var/run/dnsmasq.pid
+.SH VER TAMBIEN
+.BR hosts (5), 
+.BR resolver (5)
+.SH AUTOR
+Este manual fue escrito por Simon Kelley <simon@thekelleys.org.uk>.
+
+Traducido a español por Christopher Chatham <chrislinux@gmail.com>.

po/es.po

@@ -0,0 +1,997 @@
+# Spanish translations for dnsmasq package.
+# This file is put in the public domain.
+# Christopher Chatham <chrislinux@gmail.com>, 2005.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: dnsmasq 2.24\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-10-28 15:42+0100\n"
+"PO-Revision-Date: 2005-10-07 11:04+0100\n"
+"Last-Translator: Christopher Chatham <chrislinux@gmail.com>\n"
+"Language-Team: Spanish <es@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: cache.c:665
+#, c-format
+msgid "failed to load names from %s: %m"
+msgstr "no se pudo cargar nombres desde %s: %m"
+
+#: cache.c:699 dhcp.c:701
+#, fuzzy, c-format
+msgid "bad address at %s line %d"
+msgstr "nombre erróneo en %s línea %d"
+
+#: cache.c:745 dhcp.c:715
+#, c-format
+msgid "bad name at %s line %d"
+msgstr "nombre erróneo en %s línea %d"
+
+#: cache.c:752 dhcp.c:769
+#, c-format
+msgid "read %s - %d addresses"
+msgstr "direcciónes %s - %d leídas"
+
+#: cache.c:790
+msgid "cleared cache"
+msgstr "el caché fue liberado"
+
+#: cache.c:843
+#, c-format
+msgid ""
+"not giving name %s to the DHCP lease of %s because the name exists in %s "
+"with address %s"
+msgstr ""
+"no otorgando nombre %s al arriendo DHCP de %s porque el nombre existe en %s "
+"con dirección %s"
+
+#: cache.c:887
+#, fuzzy, c-format
+msgid ""
+"time %lu, cache size %d, %d/%d cache insertions re-used unexpired cache "
+"entries."
+msgstr ""
+"tiempo %lu, tamaño de caché %d, %d/%d inserciónes de caché reutilizaron "
+"objetos no vencidos."
+
+#: util.c:153 option.c:1221
+msgid "could not get memory"
+msgstr "no se pudo conseguir memoria"
+
+#: util.c:176
+#, c-format
+msgid "%s at line %d of %%s"
+msgstr "%s en línea %d de %%s"
+
+#: util.c:183
+msgid "FAILED to start up"
+msgstr "el inicio ha FALLADO"
+
+#: util.c:304
+#, c-format
+msgid "infinite"
+msgstr "infinito"
+
+#: option.c:147
+msgid "Specify local address(es) to listen on."
+msgstr "Especificar dirección(es) locales dónde escuchar."
+
+#: option.c:148
+msgid "Return ipaddr for all hosts in specified domains."
+msgstr ""
+"Retornar ipaddr (dirección IP) para todos los hosts en los dominios "
+"especificados."
+
+#: option.c:149
+msgid "Fake reverse lookups for RFC1918 private address ranges."
+msgstr ""
+"Falsificar búsquedas reversas para rangos de dirección privados RFC1918."
+
+#: option.c:150
+msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+msgstr "Tratar ipaddr (dirección IP) como NXDOMAIN (derrota comodín Verisign)."
+
+#: option.c:151
+#, c-format
+msgid "Specify the size of the cache in entries (defaults to %s)."
+msgstr ""
+"Especificar tamaño de caché en cuanto a cantidad de objetos (%s por "
+"predeterminado)."
+
+#: option.c:152
+#, c-format
+msgid "Specify configuration file (defaults to %s)."
+msgstr "Especificar archivo de configuración (%s por predeterminado)."
+
+#: option.c:153
+msgid "Do NOT fork into the background: run in debug mode."
+msgstr "NO hacer un fork hacia el fondo: correr en modo debug."
+
+#: option.c:154
+msgid "Do NOT forward queries with no domain part."
+msgstr "NO reenviar búsquedas sin parte de dominio."
+
+#: option.c:155
+msgid "Return self-pointing MX records for local hosts."
+msgstr "Retornar expedientes MX auto-señaladores para hosts locales."
+
+#: option.c:156
+msgid "Expand simple names in /etc/hosts with domain-suffix."
+msgstr ""
+"Expandir nombres simples en /etc/hosts con domain-suffix (sufijo de dominio)."
+
+#: option.c:157
+msgid "Don't forward spurious DNS requests from Windows hosts."
+msgstr "No reenviar pedidos DNS falsos desde máquinas Windows."
+
+#: option.c:158
+msgid "Enable DHCP in the range given with lease duration."
+msgstr "Habilitar DHCP dentro del rango brindado con duración del arriendo."
+
+#: option.c:159
+#, c-format
+msgid "Change to this group after startup (defaults to %s)."
+msgstr "Cambiar a este grupo después del inicio (%s por predeterminado)."
+
+#: option.c:160
+msgid "Set address or hostname for a specified machine."
+msgstr "Fijar dirección o nombre de host para una máquina específica."
+
+#: option.c:161
+#, c-format
+msgid "Do NOT load %s file."
+msgstr "NO cargar archivo %s."
+
+#: option.c:162
+#, c-format
+msgid "Specify a hosts file to be read in addition to %s."
+msgstr "Especificar un archivo de hosts para ser leído adicionalmente a %s."
+
+#: option.c:163
+msgid "Specify interface(s) to listen on."
+msgstr "Especificar interface(s) donde escuchar."
+
+#: option.c:164
+msgid "Specify interface(s) NOT to listen on."
+msgstr "Especificar interface(s) donde NO escuchar."
+
+#: option.c:165
+msgid "Map DHCP user class to option set."
+msgstr "Trazar clase de usuario DHCP a la opción fijada."
+
+#: option.c:166
+msgid "Don't do DHCP for hosts in option set."
+msgstr "No hacer DHCP para hosts en la opción fijada."
+
+#: option.c:167
+msgid "Do NOT fork into the background, do NOT run in debug mode."
+msgstr "NO hacer un fork hacia el fondo, NO correr en modo debug."
+
+#: option.c:168
+msgid "Assume we are the only DHCP server on the local network."
+msgstr "Asumir que somos el único servidor DHCP en la red local."
+
+#: option.c:169
+#, c-format
+msgid "Specify where to store DHCP leases (defaults to %s)."
+msgstr "Especificar donde almacenar arriendos DHCP (%s por predeterminado)."
+
+#: option.c:170
+msgid "Return MX records for local hosts."
+msgstr "Retornar expedientes MX para hosts locales."
+
+#: option.c:171
+msgid "Specify an MX record."
+msgstr "Especificar un expediente MX."
+
+#: option.c:172
+msgid "Specify BOOTP options to DHCP server."
+msgstr "Especificar opciones BOOTP a servidor DHCP."
+
+#: option.c:173
+#, c-format
+msgid "Do NOT poll %s file, reload only on SIGHUP."
+msgstr "NO revisar archivo %s periódicamente, recargar solo con SIGHUP."
+
+#: option.c:174
+msgid "Do NOT cache failed search results."
+msgstr "NO almacenar en caché resultados de búsquedas fallidas."
+
+#: option.c:175
+#, c-format
+msgid "Use nameservers strictly in the order given in %s."
+msgstr "Usar servidores DNS estrictamente en el órden brindado en %s."
+
+#: option.c:176
+msgid "Set extra options to be set to DHCP clients."
+msgstr "Fijar opciones extras para ser enviadas a clientes DHCP."
+
+#: option.c:177
+msgid "Specify port to listen for DNS requests on (defaults to 53)."
+msgstr ""
+"Especificar puerto donde escuchar por búsquedas DNS (53 por predeterminado)."
+
+#: option.c:178
+#, c-format
+msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+msgstr ""
+"Tamaño máximo de paquetes UDP soportado para EDNS.0 (%s por predeterminado)."
+
+#: option.c:179
+msgid "Log queries."
+msgstr "Bitacorear búsquedas."
+
+#: option.c:180
+msgid "Force the originating port for upstream queries."
+msgstr "Enforzar el puerto original para búsquedas upstream."
+
+#: option.c:181
+msgid "Do NOT read resolv.conf."
+msgstr "NO leer resolv.conf."
+
+#: option.c:182
+#, c-format
+msgid "Specify path to resolv.conf (defaults to %s)."
+msgstr "Especificar el path hacia resolv.conf (%s por predeterminado)."
+
+#: option.c:183
+msgid "Specify address(es) of upstream servers with optional domains."
+msgstr ""
+"Especificar dirección(es) de servidores upstream con dominios opcionales."
+
+#: option.c:184
+msgid "Never forward queries to specified domains."
+msgstr "Nunca reenviar búsquedas a dominios especificados."
+
+#: option.c:185
+msgid "Specify the domain to be assigned in DHCP leases."
+msgstr "Especificar el dominio para ser asignado en arriendos DHCP."
+
+#: option.c:186
+msgid "Specify default target in an MX record."
+msgstr "Especificar destino predeterminado en un expediente MX."
+
+#: option.c:187
+msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+msgstr ""
+"Especificar tiempo de vida en segundos para respuestas desde /etc/hosts."
+
+#: option.c:188
+#, c-format
+msgid "Change to this user after startup. (defaults to %s)."
+msgstr "Cambiar a este usuario despues del inicio (%s por predeterminado)."
+
+#: option.c:189
+msgid "Map DHCP vendor class to option set."
+msgstr "Trazar clase de vendedor DHCP a opción fijada."
+
+#: option.c:190
+msgid "Display dnsmasq version and copyright information."
+msgstr "Mostrar información sobre la versión y copyright de dnsmasq."
+
+#: option.c:191
+msgid "Translate IPv4 addresses from upstream servers."
+msgstr "Traducir direcciones IPv4 desde servidores upstream."
+
+#: option.c:192
+msgid "Specify a SRV record."
+msgstr "Especificar un expediente SRV."
+
+#: option.c:193
+msgid "Display this message."
+msgstr "Mostrar este mensaje."
+
+#: option.c:194
+#, c-format
+msgid "Specify path of PID file. (defaults to %s)."
+msgstr "Especificar path de archivo PID (%s por predeterminado)."
+
+#: option.c:195
+#, c-format
+msgid "Specify maximum number of DHCP leases (defaults to %s)."
+msgstr "Especificar número máximo de arriendos DHCP (%s por predeterminado)."
+
+#: option.c:196
+msgid "Answer DNS queries based on the interface a query was sent to."
+msgstr ""
+"Responder a búsquedas DNS en base a la interface a la cuál fueron enviadas."
+
+#: option.c:197
+msgid "Specify TXT DNS record."
+msgstr "Especificar expediente DNS TXT."
+
+#: option.c:198
+msgid "Bind only to interfaces in use."
+msgstr "Acoplar solo a interfaces en uso."
+
+#: option.c:199
+#, c-format
+msgid "Read DHCP static host information from %s."
+msgstr "Leer información sobre hosts DHCP estáticos desde %s."
+
+#: option.c:200
+msgid "Enable the DBus interface for setting upstream servers, etc."
+msgstr "Habilitar la interface DBus para fijar servidores upstream, etc."
+
+#: option.c:201
+msgid "Do not provide DHCP on this interface, only provide DNS."
+msgstr "No proveer DHCP en esta interface, sólo proveer DNS."
+
+#: option.c:202
+msgid "Enable dynamic address allocation for bootp."
+msgstr "Habilitar alocación dinámica de direcciónes para BOOTP."
+
+#: option.c:203
+#, fuzzy
+msgid "Map MAC address (with wildcards) to option set."
+msgstr "Trazar clase de vendedor DHCP a opción fijada."
+
+#: option.c:204
+msgid "Disable ICMP echo address checking in the DHCP server."
+msgstr ""
+"Deshabilitar verificación de direcciónes echo ICMP en el servidor DHCP."
+
+#: option.c:205
+msgid "Script to run on DHCP lease creation and destruction."
+msgstr ""
+"Archivo guión para ejecutar cuando se crea o destruye un arriendo DHCP."
+
+#: option.c:206
+msgid "Read configuration from all the files in this directory."
+msgstr "Leer configuración desde todos los archivos en este directorio."
+
+#: option.c:207
+#, fuzzy
+msgid "Log to this syslog facility. (defaults to DAEMON)"
+msgstr "Bitacorear a esta facilidad syslog."
+
+#: option.c:208
+msgid "Read leases at startup, but never write the lease file."
+msgstr ""
+
+#: option.c:209
+#, fuzzy, c-format
+msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+msgstr "Especificar número máximo de arriendos DHCP (%s por predeterminado)."
+
+#: option.c:210
+#, c-format
+msgid "Clear DNS cache when reloading %s."
+msgstr ""
+
+#: option.c:323
+#, c-format
+msgid ""
+"Usage: dnsmasq [options]\n"
+"\n"
+msgstr ""
+"Modo de uso: dnsmasq [opciones]\n"
+"\n"
+
+#: option.c:325
+#, c-format
+msgid "Use short options only on the command line.\n"
+msgstr "Usar opciones cortas solo en la línea de comandos.\n"
+
+#: option.c:327
+#, c-format
+msgid "Valid options are :\n"
+msgstr "Opciones válidas son :\n"
+
+#: option.c:362
+msgid "extraneous parameter"
+msgstr "parámetro extraño"
+
+#: option.c:366
+msgid "missing parameter"
+msgstr "parámetro ausente"
+
+#: option.c:388
+#, fuzzy, c-format
+msgid "cannot access directory %s: %s"
+msgstr "no se puede leer %s: %s"
+
+#: option.c:407
+#, fuzzy, c-format
+msgid "cannot access %s: %s"
+msgstr "no se puede leer %s: %s"
+
+#: option.c:484
+msgid "bad MX preference"
+msgstr "preferencia MX errónea"
+
+#: option.c:493
+msgid "bad MX name"
+msgstr "nombre MX erróneo"
+
+#: option.c:511
+msgid "bad MX target"
+msgstr "destino MX erróneo"
+
+#: option.c:523
+msgid "cannot run scripts under uClinux"
+msgstr "no se pueden correr guiónes bajo uClinux"
+
+#: option.c:722 option.c:733
+msgid "bad port"
+msgstr "puerto erróneo"
+
+#: option.c:878
+msgid "bad dhcp-range"
+msgstr "dhcp-range (rango DHCP) erróneo"
+
+#: option.c:907
+msgid "only one netid tag allowed"
+msgstr "solo una etiqueta netid permitida"
+
+#: option.c:952
+msgid "inconsistent DHCP range"
+msgstr "rango DHCP inconsistente"
+
+#: option.c:1137
+msgid "bad dhcp-host"
+msgstr "dhcp-host erróneo"
+
+#: option.c:1198
+msgid "bad dhcp-option"
+msgstr "dhcp-option erróneo"
+
+#: option.c:1216
+msgid "bad domain in dhcp-option"
+msgstr "dominio erróneo en dhcp-option"
+
+#: option.c:1386
+msgid "dhcp-option too long"
+msgstr "opción dhcp-option demasiado larga"
+
+#: option.c:1583
+msgid "bad TXT record"
+msgstr "expediente TXT erróneo"
+
+#: option.c:1615
+msgid "TXT record string too long"
+msgstr "expediente TXT demasiado largo"
+
+#: option.c:1654
+msgid "bad SRV record"
+msgstr "expediente SRV erróneo"
+
+#: option.c:1667
+msgid "bad SRV target"
+msgstr "destino SRV erróneo"
+
+#: option.c:1679
+msgid "invalid port number"
+msgstr "número de puerto inválido"
+
+#: option.c:1690
+msgid "invalid priority"
+msgstr "prioridad inválida"
+
+#: option.c:1701
+msgid "invalid weight"
+msgstr "peso inválido"
+
+#: option.c:1732
+#, c-format
+msgid "files nested too deep in %s"
+msgstr ""
+
+#: option.c:1739
+#, c-format
+msgid "cannot read %s: %s"
+msgstr "no se puede leer %s: %s"
+
+#: option.c:1781
+msgid "missing \""
+msgstr "falta \""
+
+#: option.c:1816
+msgid "error"
+msgstr "error"
+
+#: option.c:1820
+msgid "bad option"
+msgstr "opción errónea"
+
+#: option.c:1884
+#, c-format
+msgid "Dnsmasq version %s  %s\n"
+msgstr "Dnsmasq versión %s  %s\n"
+
+#: option.c:1885
+#, c-format
+msgid ""
+"Compile time options %s\n"
+"\n"
+msgstr ""
+"Opciones de compilación %s\n"
+"\n"
+
+#: option.c:1886
+#, c-format
+msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+msgstr "Este software viene SIN NINGUNA GARANTIA.\n"
+
+#: option.c:1887
+#, c-format
+msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+msgstr "Dnsmasq es software libre, y usted está bienvenido a redistribuirlo\n"
+
+#: option.c:1888
+#, c-format
+msgid "under the terms of the GNU General Public License, version 2.\n"
+msgstr "bajo los términos de la GNU General Public License, versión 2.\n"
+
+#: option.c:1899
+msgid "try --help"
+msgstr "pruebe --help"
+
+#: option.c:1901
+msgid "try -w"
+msgstr "pruebe -w"
+
+#: option.c:1904
+#, fuzzy, c-format
+msgid "bad command line options: %s"
+msgstr "opciones de línea de comandos erróneas: %s."
+
+#: option.c:1955
+#, c-format
+msgid "cannot get host-name: %s"
+msgstr "no se puede obtener host-name (nombre de host): %s"
+
+#: option.c:1983
+msgid "only one resolv.conf file allowed in no-poll mode."
+msgstr "solo un archivo resolv.conf permitido en modo no-poll."
+
+#: option.c:1993
+msgid "must have exactly one resolv.conf to read domain from."
+msgstr "debe haber exactamente un resolv.conf desde donde leer dominio."
+
+#: option.c:1996
+#, fuzzy, c-format
+msgid "failed to read %s: %s"
+msgstr "no se pudo leer %s: %m"
+
+#: option.c:2014
+#, c-format
+msgid "no search directive found in %s"
+msgstr "ninguna directiva de búsqueda encontrada en %s"
+
+#: forward.c:370
+#, c-format
+msgid "nameserver %s refused to do a recursive query"
+msgstr "servidor DNS %s se reusó a hacer una búsqueda recursiva"
+
+#: isc.c:73 dnsmasq.c:482
+#, c-format
+msgid "failed to access %s: %m"
+msgstr "no se pudo accesar %s: %m"
+
+#: isc.c:89
+#, c-format
+msgid "failed to load %s: %m"
+msgstr "no se pudo cargar %s: %m"
+
+#: isc.c:93 dnsmasq.c:504
+#, c-format
+msgid "reading %s"
+msgstr "leyendo %s"
+
+#: isc.c:115
+#, c-format
+msgid "bad name in %s"
+msgstr "nombre erróneo en %s"
+
+#: isc.c:177
+#, c-format
+msgid "Ignoring DHCP lease for %s because it has an illegal domain part"
+msgstr ""
+"Ignorando arriendo DHCP para %s porque tiene una parte ilegal de dominio"
+
+#: network.c:315 dnsmasq.c:132
+#, c-format
+msgid "failed to create listening socket: %s"
+msgstr "no se pudo crear un socket escuchador: %s"
+
+#: network.c:322
+#, c-format
+msgid "failed to set IPV6 options on listening socket: %s"
+msgstr "no se pudo fijar opciones IPv6 sobre el socket escuchador: %s"
+
+#: network.c:340
+#, c-format
+msgid "failed to bind listening socket for %s: %s"
+msgstr "no se pudo acoplar socket escuchador para %s: %s"
+
+#: network.c:348
+#, c-format
+msgid "failed to listen on socket: %s"
+msgstr "no se pudo escuchar en el socket: %s"
+
+#: network.c:419
+#, c-format
+msgid "ignoring nameserver %s - local interface"
+msgstr "ignorando servidor DNS %s - interface local"
+
+#: network.c:428
+#, c-format
+msgid "ignoring nameserver %s - cannot make/bind socket: %m"
+msgstr "ignorando servidor DNS %s - no se pudo crear/acoplar socket: %m"
+
+#: network.c:442
+msgid "domain"
+msgstr "dominio"
+
+#: network.c:444
+msgid "unqualified"
+msgstr "no calificado"
+
+#: network.c:444
+msgid "domains"
+msgstr "dominios"
+
+#: network.c:447
+#, c-format
+msgid "using local addresses only for %s %s"
+msgstr "usando direcciones locales solo para %s %s"
+
+#: network.c:449
+#, c-format
+msgid "using nameserver %s#%d for %s %s"
+msgstr "usando servidor DNS %s#%d para %s %s"
+
+#: network.c:452
+#, c-format
+msgid "using nameserver %s#%d"
+msgstr "usando servidor DNS %s#%d"
+
+#: network.c:472
+#, c-format
+msgid "failed to read %s: %m"
+msgstr "no se pudo leer %s: %m"
+
+#: dnsmasq.c:97
+msgid ""
+"ISC dhcpd integration not available: set HAVE_ISC_READER in src/config.h"
+msgstr ""
+"Integración dhcpd ISC no disponible: fijar HAVE_ISC_READER en src/config.h"
+
+#: dnsmasq.c:114
+#, c-format
+msgid "failed to find list of interfaces: %s"
+msgstr "no se pudo encontrar lista de interfaces: %s"
+
+#: dnsmasq.c:122
+#, c-format
+msgid "unknown interface %s"
+msgstr "interface desconocida %s"
+
+#: dnsmasq.c:128
+#, c-format
+msgid "no interface with address %s"
+msgstr "ninguna interface con dirección %s"
+
+#: dnsmasq.c:147
+msgid "must set exactly one interface on broken systems without IP_RECVIF"
+msgstr "debe fijarse exactamente una interface en sistemas rotos sin IP_RECVIF"
+
+#: dnsmasq.c:160 dnsmasq.c:609
+#, c-format
+msgid "DBus error: %s"
+msgstr "error DBus: %s"
+
+#: dnsmasq.c:163
+msgid "DBus not available: set HAVE_DBUS in src/config.h"
+msgstr "DBus no disponible: fijar HAVE_DBUS en src/config.h"
+
+#: dnsmasq.c:194
+#, fuzzy, c-format
+msgid "cannot create pipe: %s"
+msgstr "no se puede leer pipe: %s"
+
+#: dnsmasq.c:337
+#, c-format
+msgid "started, version %s cachesize %d"
+msgstr "versión %s iniciada, tamaño de caché %d"
+
+#: dnsmasq.c:339
+#, c-format
+msgid "started, version %s cache disabled"
+msgstr "versión %s iniciada, caché deshabilitado"
+
+#: dnsmasq.c:341
+#, c-format
+msgid "compile time options: %s"
+msgstr "opciones de compilación: %s"
+
+#: dnsmasq.c:347
+msgid "DBus support enabled: connected to system bus"
+msgstr "soporte DBus habilitado: conectado a bus de sistema"
+
+#: dnsmasq.c:349
+msgid "DBus support enabled: bus connection pending"
+msgstr "soporte DBus habilitado: conección a bus pendiente"
+
+#: dnsmasq.c:354
+msgid "setting --bind-interfaces option because of OS limitations"
+msgstr ""
+"fijando opción --bind-interfaces debido a limitaciones de sistema operativo"
+
+#: dnsmasq.c:359
+#, c-format
+msgid "warning: interface %s does not currently exist"
+msgstr "advertencia: interface %s no existe actualmente"
+
+#: dnsmasq.c:364
+msgid "warning: ignoring resolv-file flag because no-resolv is set"
+msgstr ""
+
+#: dnsmasq.c:378
+#, c-format
+msgid "DHCP, static leases only on %.0s%s, lease time %s"
+msgstr "DHCP, arriendos estáticos solo en %.0s%s, tiempo de arriendo %s"
+
+#: dnsmasq.c:379
+#, c-format
+msgid "DHCP, IP range %s -- %s, lease time %s"
+msgstr "DHCP, rango de IPs %s -- %s, tiempo de arriendo %s"
+
+#: dnsmasq.c:389
+#, c-format
+msgid "warning: setting capabilities failed: %m"
+msgstr "advertencia: configuración de capacidades ha fallado: %m"
+
+#: dnsmasq.c:391
+msgid "running as root"
+msgstr "corriendo como root"
+
+#: dnsmasq.c:515
+#, fuzzy, c-format
+msgid "no servers found in %s, will retry"
+msgstr "ninguna directiva de búsqueda encontrada en %s"
+
+#: dnsmasq.c:574
+msgid "exiting on receipt of SIGTERM"
+msgstr "saliendo al haber recibido SIGTERM"
+
+#: dnsmasq.c:611
+msgid "connected to system DBus"
+msgstr "conectado a DBus de sistema"
+
+#: dhcp.c:32
+#, c-format
+msgid "cannot create DHCP socket : %s"
+msgstr "no se puede crear socket DHCP: %s"
+
+#: dhcp.c:41
+#, c-format
+msgid "failed to set options on DHCP socket: %s"
+msgstr "no se pudo fijar opciones en socket DHCP: %s"
+
+#: dhcp.c:59
+#, fuzzy, c-format
+msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
+msgstr "no se pudo fijar SO_REUSEADDR en socket DHCP: %s"
+
+#: dhcp.c:72
+#, c-format
+msgid "failed to bind DHCP server socket: %s"
+msgstr "no se pudo acoplar socket de servidor DHCP: %s"
+
+#: dhcp.c:85
+#, c-format
+msgid "cannot create ICMP raw socket: %s."
+msgstr "no se puede crear socket crudo ICMP: %s."
+
+#: dhcp.c:97
+#, c-format
+msgid "duplicate IP address %s in dhcp-config directive."
+msgstr "dirección IP duplicada en directiva dhcp-config."
+
+#: dhcp.c:336
+#, c-format
+msgid "DHCP range %s -- %s is not consistent with netmask %s"
+msgstr "rango DHCP %s -- %s no coincide con máscara de subred %s"
+
+#: dhcp.c:653
+#, c-format
+msgid "failed to read %s:%m"
+msgstr "no se pudo leer %s:%m"
+
+#: dhcp.c:688
+#, fuzzy, c-format
+msgid "bad line at %s line %d"
+msgstr "nombre erróneo en %s línea %d"
+
+#: dhcp.c:795
+#, c-format
+msgid "duplicate IP address %s (%s) in dhcp-config directive"
+msgstr "dirección IP duplicada %s (%s) en directiva dhcp-config"
+
+#: dhcp.c:831
+#, c-format
+msgid "Ignoring DHCP host name %s because it has an illegal domain part"
+msgstr ""
+"Ignorando nombre de host DHCP %s porque contiene una parte ilegal de dominio."
+
+#: lease.c:50
+#, fuzzy, c-format
+msgid "cannot open or create lease file %s: %s"
+msgstr "no se puede abrir o crear archivo de arriendos: %s"
+
+#: lease.c:80
+msgid "too many stored leases"
+msgstr "demasiados arriendos almacenados"
+
+#: lease.c:113
+#, fuzzy, c-format
+msgid "cannot run lease-init script %s: %s"
+msgstr "no se puede leer %s: %s"
+
+#: lease.c:119
+#, c-format
+msgid "lease-init script returned exit code %s"
+msgstr ""
+
+#: lease.c:217
+#, fuzzy, c-format
+msgid "failed to write %s: %s (retry in %us)"
+msgstr "no se pudo escribir %s: %s (reintentar en %us)"
+
+#: rfc2131.c:261
+#, c-format
+msgid "no address range available for DHCP request %s %s"
+msgstr "ningún rango de direcciónes disponible para pedido DHCP %s %s"
+
+#: rfc2131.c:262
+msgid "with subnet selector"
+msgstr "con selector de subred"
+
+#: rfc2131.c:262
+msgid "via"
+msgstr "vía"
+
+#: rfc2131.c:288 rfc2131.c:312
+msgid "disabled"
+msgstr "deshabilitado"
+
+#: rfc2131.c:324 rfc2131.c:762
+msgid "address in use"
+msgstr "dirección en uso"
+
+#: rfc2131.c:327
+msgid "no address configured"
+msgstr "ninguna dirección configurada"
+
+#: rfc2131.c:340 rfc2131.c:631
+msgid "no address available"
+msgstr "ninguna dirección disponible"
+
+#: rfc2131.c:349 rfc2131.c:772
+msgid "no leases left"
+msgstr "no queda ningún arriendo"
+
+#: rfc2131.c:352 rfc2131.c:736
+msgid "wrong network"
+msgstr "red equivocada"
+
+#: rfc2131.c:559
+#, fuzzy, c-format
+msgid "disabling DHCP static address %s for %s"
+msgstr "deshabilitando dirección DHCP estática %s"
+
+#: rfc2131.c:580
+msgid "unknown lease"
+msgstr "arriendo desconocido"
+
+#: rfc2131.c:589 rfc2131.c:873
+msgid "ignored"
+msgstr "ignorado"
+
+#: rfc2131.c:605
+#, c-format
+msgid "not using configured address %s because it is leased to %s"
+msgstr "no usando dirección configurada %s porque esta arriendada a %s"
+
+#: rfc2131.c:614
+#, fuzzy, c-format
+msgid ""
+"not using configured address %s because it is in use by the server or relay"
+msgstr ""
+"no usando dirección configurada %s porque esta siendo usada por el servidor"
+
+#: rfc2131.c:617
+#, fuzzy, c-format
+msgid "not using configured address %s because it was previously declined"
+msgstr "no usando dirección configurada %s porque esta arriendada a %s"
+
+#: rfc2131.c:699
+msgid "wrong address"
+msgstr "dirección equivocada"
+
+#: rfc2131.c:712
+msgid "lease not found"
+msgstr "arriendo no encontrado"
+
+#: rfc2131.c:744
+msgid "address not available"
+msgstr "dirección no disponible"
+
+#: rfc2131.c:755
+msgid "static lease available"
+msgstr "arriendo estático disponible"
+
+#: rfc2131.c:759
+msgid "address reserved"
+msgstr "dirección reservada"
+
+#: rfc2131.c:765
+msgid "no unique-id"
+msgstr "ningún unique-id (ID único)"
+
+#: rfc2131.c:1011
+#, c-format
+msgid "cannot send DHCP option %d: no space left in packet"
+msgstr "no se puede enviar opción DHCP %d: no queda espacio en el paquete"
+
+#: rfc2131.c:1312
+#, c-format
+msgid "More than one vendor class matches, using %s"
+msgstr "Más de una clase de vendedor coincide, usando %s"
+
+#: netlink.c:51
+#, fuzzy, c-format
+msgid "cannot create netlink socket: %s"
+msgstr "no se puede crear socket netlink: %s"
+
+#: netlink.c:224
+#, fuzzy, c-format
+msgid "netlink returns error: %s"
+msgstr "netlink retorna error: %s"
+
+#: dbus.c:112
+msgid "attempt to set an IPv6 server address via DBus - no IPv6 support"
+msgstr ""
+"intento de fijar dirección de servidor IPv6 vía DBus - no hay soporte IPv6"
+
+#: dbus.c:238
+msgid "setting upstream servers from DBus"
+msgstr "fijando servidores upstream desde DBus"
+
+#: dbus.c:274
+msgid "could not register a DBus message handler"
+msgstr "no se pudo registrar un manejador de mensajes DBus"
+
+#: bpf.c:48
+#, c-format
+msgid "cannot create DHCP BPF socket: %s"
+msgstr "no se puede crear socket BPF DHCP: %s"
+
+#: bpf.c:76
+#, fuzzy, c-format
+msgid "DHCP request for unsupported hardware type (%d) received on %s"
+msgstr "pedido DHCP por hardware no soportado tipo (%d) recibido en %s"
+
+#: helper.c:145
+#, c-format
+msgid "child process killed by signal %d"
+msgstr ""
+
+#: helper.c:147
+#, c-format
+msgid "child process exited with status %d"
+msgstr ""
+
+#: helper.c:216
+#, fuzzy, c-format
+msgid "failed to execute %s: %m"
+msgstr "no se pudo ejecutar %s: %m"
+
+#~ msgid "forwarding table overflow: check for server loops."
+#~ msgstr ""
+#~ "desbordamiento en la tabla de reenvio: revisar si hay loops de servidor."

po/fi.po

@@ -0,0 +1,964 @@
+# Finnish translations for dnsmasq package.
+# This file is put in the public domain.
+# Simon Kelley <simon@thekelleys.org.uk>, 2005.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: dnsmasq 2.24\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-10-28 15:42+0100\n"
+"PO-Revision-Date: 2005-11-28 22:05+0000\n"
+"Last-Translator: Simon Kelley <simon@thekelleys.org.uk>\n"
+"Language-Team: Finnish <translation-team-fi@lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ASCII\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: cache.c:665
+#, c-format
+msgid "failed to load names from %s: %m"
+msgstr ""
+
+#: cache.c:699 dhcp.c:701
+#, c-format
+msgid "bad address at %s line %d"
+msgstr ""
+
+#: cache.c:745 dhcp.c:715
+#, c-format
+msgid "bad name at %s line %d"
+msgstr ""
+
+#: cache.c:752 dhcp.c:769
+#, c-format
+msgid "read %s - %d addresses"
+msgstr ""
+
+#: cache.c:790
+msgid "cleared cache"
+msgstr ""
+
+#: cache.c:843
+#, c-format
+msgid ""
+"not giving name %s to the DHCP lease of %s because the name exists in %s "
+"with address %s"
+msgstr ""
+
+#: cache.c:887
+#, c-format
+msgid ""
+"time %lu, cache size %d, %d/%d cache insertions re-used unexpired cache "
+"entries."
+msgstr ""
+
+#: util.c:153 option.c:1221
+msgid "could not get memory"
+msgstr ""
+
+#: util.c:176
+#, c-format
+msgid "%s at line %d of %%s"
+msgstr ""
+
+#: util.c:183
+msgid "FAILED to start up"
+msgstr ""
+
+#: util.c:304
+#, c-format
+msgid "infinite"
+msgstr ""
+
+#: option.c:147
+msgid "Specify local address(es) to listen on."
+msgstr ""
+
+#: option.c:148
+msgid "Return ipaddr for all hosts in specified domains."
+msgstr ""
+
+#: option.c:149
+msgid "Fake reverse lookups for RFC1918 private address ranges."
+msgstr ""
+
+#: option.c:150
+msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+msgstr ""
+
+#: option.c:151
+#, c-format
+msgid "Specify the size of the cache in entries (defaults to %s)."
+msgstr ""
+
+#: option.c:152
+#, c-format
+msgid "Specify configuration file (defaults to %s)."
+msgstr ""
+
+#: option.c:153
+msgid "Do NOT fork into the background: run in debug mode."
+msgstr ""
+
+#: option.c:154
+msgid "Do NOT forward queries with no domain part."
+msgstr ""
+
+#: option.c:155
+msgid "Return self-pointing MX records for local hosts."
+msgstr ""
+
+#: option.c:156
+msgid "Expand simple names in /etc/hosts with domain-suffix."
+msgstr ""
+
+#: option.c:157
+msgid "Don't forward spurious DNS requests from Windows hosts."
+msgstr ""
+
+#: option.c:158
+msgid "Enable DHCP in the range given with lease duration."
+msgstr ""
+
+#: option.c:159
+#, c-format
+msgid "Change to this group after startup (defaults to %s)."
+msgstr ""
+
+#: option.c:160
+msgid "Set address or hostname for a specified machine."
+msgstr ""
+
+#: option.c:161
+#, c-format
+msgid "Do NOT load %s file."
+msgstr ""
+
+#: option.c:162
+#, c-format
+msgid "Specify a hosts file to be read in addition to %s."
+msgstr ""
+
+#: option.c:163
+msgid "Specify interface(s) to listen on."
+msgstr ""
+
+#: option.c:164
+msgid "Specify interface(s) NOT to listen on."
+msgstr ""
+
+#: option.c:165
+msgid "Map DHCP user class to option set."
+msgstr ""
+
+#: option.c:166
+msgid "Don't do DHCP for hosts in option set."
+msgstr ""
+
+#: option.c:167
+msgid "Do NOT fork into the background, do NOT run in debug mode."
+msgstr ""
+
+#: option.c:168
+msgid "Assume we are the only DHCP server on the local network."
+msgstr ""
+
+#: option.c:169
+#, c-format
+msgid "Specify where to store DHCP leases (defaults to %s)."
+msgstr ""
+
+#: option.c:170
+msgid "Return MX records for local hosts."
+msgstr ""
+
+#: option.c:171
+msgid "Specify an MX record."
+msgstr ""
+
+#: option.c:172
+msgid "Specify BOOTP options to DHCP server."
+msgstr ""
+
+#: option.c:173
+#, c-format
+msgid "Do NOT poll %s file, reload only on SIGHUP."
+msgstr ""
+
+#: option.c:174
+msgid "Do NOT cache failed search results."
+msgstr ""
+
+#: option.c:175
+#, c-format
+msgid "Use nameservers strictly in the order given in %s."
+msgstr ""
+
+#: option.c:176
+msgid "Set extra options to be set to DHCP clients."
+msgstr ""
+
+#: option.c:177
+msgid "Specify port to listen for DNS requests on (defaults to 53)."
+msgstr ""
+
+#: option.c:178
+#, c-format
+msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+msgstr ""
+
+#: option.c:179
+msgid "Log queries."
+msgstr ""
+
+#: option.c:180
+msgid "Force the originating port for upstream queries."
+msgstr ""
+
+#: option.c:181
+msgid "Do NOT read resolv.conf."
+msgstr ""
+
+#: option.c:182
+#, c-format
+msgid "Specify path to resolv.conf (defaults to %s)."
+msgstr ""
+
+#: option.c:183
+msgid "Specify address(es) of upstream servers with optional domains."
+msgstr ""
+
+#: option.c:184
+msgid "Never forward queries to specified domains."
+msgstr ""
+
+#: option.c:185
+msgid "Specify the domain to be assigned in DHCP leases."
+msgstr ""
+
+#: option.c:186
+msgid "Specify default target in an MX record."
+msgstr ""
+
+#: option.c:187
+msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+msgstr ""
+
+#: option.c:188
+#, c-format
+msgid "Change to this user after startup. (defaults to %s)."
+msgstr ""
+
+#: option.c:189
+msgid "Map DHCP vendor class to option set."
+msgstr ""
+
+#: option.c:190
+msgid "Display dnsmasq version and copyright information."
+msgstr ""
+
+#: option.c:191
+msgid "Translate IPv4 addresses from upstream servers."
+msgstr ""
+
+#: option.c:192
+msgid "Specify a SRV record."
+msgstr ""
+
+#: option.c:193
+msgid "Display this message."
+msgstr ""
+
+#: option.c:194
+#, c-format
+msgid "Specify path of PID file. (defaults to %s)."
+msgstr ""
+
+#: option.c:195
+#, c-format
+msgid "Specify maximum number of DHCP leases (defaults to %s)."
+msgstr ""
+
+#: option.c:196
+msgid "Answer DNS queries based on the interface a query was sent to."
+msgstr ""
+
+#: option.c:197
+msgid "Specify TXT DNS record."
+msgstr ""
+
+#: option.c:198
+msgid "Bind only to interfaces in use."
+msgstr ""
+
+#: option.c:199
+#, c-format
+msgid "Read DHCP static host information from %s."
+msgstr ""
+
+#: option.c:200
+msgid "Enable the DBus interface for setting upstream servers, etc."
+msgstr ""
+
+#: option.c:201
+msgid "Do not provide DHCP on this interface, only provide DNS."
+msgstr ""
+
+#: option.c:202
+msgid "Enable dynamic address allocation for bootp."
+msgstr ""
+
+#: option.c:203
+msgid "Map MAC address (with wildcards) to option set."
+msgstr ""
+
+#: option.c:204
+msgid "Disable ICMP echo address checking in the DHCP server."
+msgstr ""
+
+#: option.c:205
+msgid "Script to run on DHCP lease creation and destruction."
+msgstr ""
+
+#: option.c:206
+msgid "Read configuration from all the files in this directory."
+msgstr ""
+
+#: option.c:207
+msgid "Log to this syslog facility. (defaults to DAEMON)"
+msgstr ""
+
+#: option.c:208
+msgid "Read leases at startup, but never write the lease file."
+msgstr ""
+
+#: option.c:209
+#, c-format
+msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+msgstr ""
+
+#: option.c:210
+#, c-format
+msgid "Clear DNS cache when reloading %s."
+msgstr ""
+
+#: option.c:323
+#, c-format
+msgid ""
+"Usage: dnsmasq [options]\n"
+"\n"
+msgstr ""
+
+#: option.c:325
+#, c-format
+msgid "Use short options only on the command line.\n"
+msgstr ""
+
+#: option.c:327
+#, c-format
+msgid "Valid options are :\n"
+msgstr ""
+
+#: option.c:362
+msgid "extraneous parameter"
+msgstr ""
+
+#: option.c:366
+msgid "missing parameter"
+msgstr ""
+
+#: option.c:388
+#, c-format
+msgid "cannot access directory %s: %s"
+msgstr ""
+
+#: option.c:407
+#, c-format
+msgid "cannot access %s: %s"
+msgstr ""
+
+#: option.c:484
+msgid "bad MX preference"
+msgstr ""
+
+#: option.c:493
+msgid "bad MX name"
+msgstr ""
+
+#: option.c:511
+msgid "bad MX target"
+msgstr ""
+
+#: option.c:523
+msgid "cannot run scripts under uClinux"
+msgstr ""
+
+#: option.c:722 option.c:733
+msgid "bad port"
+msgstr ""
+
+#: option.c:878
+msgid "bad dhcp-range"
+msgstr ""
+
+#: option.c:907
+msgid "only one netid tag allowed"
+msgstr ""
+
+#: option.c:952
+msgid "inconsistent DHCP range"
+msgstr ""
+
+#: option.c:1137
+msgid "bad dhcp-host"
+msgstr ""
+
+#: option.c:1198
+msgid "bad dhcp-option"
+msgstr ""
+
+#: option.c:1216
+msgid "bad domain in dhcp-option"
+msgstr ""
+
+#: option.c:1386
+msgid "dhcp-option too long"
+msgstr ""
+
+#: option.c:1583
+msgid "bad TXT record"
+msgstr ""
+
+#: option.c:1615
+msgid "TXT record string too long"
+msgstr ""
+
+#: option.c:1654
+msgid "bad SRV record"
+msgstr ""
+
+#: option.c:1667
+msgid "bad SRV target"
+msgstr ""
+
+#: option.c:1679
+msgid "invalid port number"
+msgstr ""
+
+#: option.c:1690
+msgid "invalid priority"
+msgstr ""
+
+#: option.c:1701
+msgid "invalid weight"
+msgstr ""
+
+#: option.c:1732
+#, c-format
+msgid "files nested too deep in %s"
+msgstr ""
+
+#: option.c:1739
+#, c-format
+msgid "cannot read %s: %s"
+msgstr ""
+
+#: option.c:1781
+msgid "missing \""
+msgstr ""
+
+#: option.c:1816
+msgid "error"
+msgstr ""
+
+#: option.c:1820
+msgid "bad option"
+msgstr ""
+
+#: option.c:1884
+#, c-format
+msgid "Dnsmasq version %s  %s\n"
+msgstr ""
+
+#: option.c:1885
+#, c-format
+msgid ""
+"Compile time options %s\n"
+"\n"
+msgstr ""
+
+#: option.c:1886
+#, c-format
+msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+msgstr ""
+
+#: option.c:1887
+#, c-format
+msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+msgstr ""
+
+#: option.c:1888
+#, c-format
+msgid "under the terms of the GNU General Public License, version 2.\n"
+msgstr ""
+
+#: option.c:1899
+msgid "try --help"
+msgstr ""
+
+#: option.c:1901
+msgid "try -w"
+msgstr ""
+
+#: option.c:1904
+#, c-format
+msgid "bad command line options: %s"
+msgstr ""
+
+#: option.c:1955
+#, c-format
+msgid "cannot get host-name: %s"
+msgstr ""
+
+#: option.c:1983
+msgid "only one resolv.conf file allowed in no-poll mode."
+msgstr ""
+
+#: option.c:1993
+msgid "must have exactly one resolv.conf to read domain from."
+msgstr ""
+
+#: option.c:1996
+#, c-format
+msgid "failed to read %s: %s"
+msgstr ""
+
+#: option.c:2014
+#, c-format
+msgid "no search directive found in %s"
+msgstr ""
+
+#: forward.c:370
+#, c-format
+msgid "nameserver %s refused to do a recursive query"
+msgstr ""
+
+#: isc.c:73 dnsmasq.c:482
+#, c-format
+msgid "failed to access %s: %m"
+msgstr ""
+
+#: isc.c:89
+#, c-format
+msgid "failed to load %s: %m"
+msgstr ""
+
+#: isc.c:93 dnsmasq.c:504
+#, c-format
+msgid "reading %s"
+msgstr ""
+
+#: isc.c:115
+#, c-format
+msgid "bad name in %s"
+msgstr ""
+
+#: isc.c:177
+#, c-format
+msgid "Ignoring DHCP lease for %s because it has an illegal domain part"
+msgstr ""
+
+#: network.c:315 dnsmasq.c:132
+#, c-format
+msgid "failed to create listening socket: %s"
+msgstr ""
+
+#: network.c:322
+#, c-format
+msgid "failed to set IPV6 options on listening socket: %s"
+msgstr ""
+
+#: network.c:340
+#, c-format
+msgid "failed to bind listening socket for %s: %s"
+msgstr ""
+
+#: network.c:348
+#, c-format
+msgid "failed to listen on socket: %s"
+msgstr ""
+
+#: network.c:419
+#, c-format
+msgid "ignoring nameserver %s - local interface"
+msgstr ""
+
+#: network.c:428
+#, c-format
+msgid "ignoring nameserver %s - cannot make/bind socket: %m"
+msgstr ""
+
+#: network.c:442
+msgid "domain"
+msgstr ""
+
+#: network.c:444
+msgid "unqualified"
+msgstr ""
+
+#: network.c:444
+msgid "domains"
+msgstr ""
+
+#: network.c:447
+#, c-format
+msgid "using local addresses only for %s %s"
+msgstr ""
+
+#: network.c:449
+#, c-format
+msgid "using nameserver %s#%d for %s %s"
+msgstr ""
+
+#: network.c:452
+#, c-format
+msgid "using nameserver %s#%d"
+msgstr ""
+
+#: network.c:472
+#, c-format
+msgid "failed to read %s: %m"
+msgstr ""
+
+#: dnsmasq.c:97
+msgid ""
+"ISC dhcpd integration not available: set HAVE_ISC_READER in src/config.h"
+msgstr ""
+
+#: dnsmasq.c:114
+#, c-format
+msgid "failed to find list of interfaces: %s"
+msgstr ""
+
+#: dnsmasq.c:122
+#, c-format
+msgid "unknown interface %s"
+msgstr ""
+
+#: dnsmasq.c:128
+#, c-format
+msgid "no interface with address %s"
+msgstr ""
+
+#: dnsmasq.c:147
+msgid "must set exactly one interface on broken systems without IP_RECVIF"
+msgstr ""
+
+#: dnsmasq.c:160 dnsmasq.c:609
+#, c-format
+msgid "DBus error: %s"
+msgstr ""
+
+#: dnsmasq.c:163
+msgid "DBus not available: set HAVE_DBUS in src/config.h"
+msgstr ""
+
+#: dnsmasq.c:194
+#, c-format
+msgid "cannot create pipe: %s"
+msgstr ""
+
+#: dnsmasq.c:337
+#, c-format
+msgid "started, version %s cachesize %d"
+msgstr ""
+
+#: dnsmasq.c:339
+#, c-format
+msgid "started, version %s cache disabled"
+msgstr ""
+
+#: dnsmasq.c:341
+#, c-format
+msgid "compile time options: %s"
+msgstr ""
+
+#: dnsmasq.c:347
+msgid "DBus support enabled: connected to system bus"
+msgstr ""
+
+#: dnsmasq.c:349
+msgid "DBus support enabled: bus connection pending"
+msgstr ""
+
+#: dnsmasq.c:354
+msgid "setting --bind-interfaces option because of OS limitations"
+msgstr ""
+
+#: dnsmasq.c:359
+#, c-format
+msgid "warning: interface %s does not currently exist"
+msgstr ""
+
+#: dnsmasq.c:364
+msgid "warning: ignoring resolv-file flag because no-resolv is set"
+msgstr ""
+
+#: dnsmasq.c:378
+#, c-format
+msgid "DHCP, static leases only on %.0s%s, lease time %s"
+msgstr ""
+
+#: dnsmasq.c:379
+#, c-format
+msgid "DHCP, IP range %s -- %s, lease time %s"
+msgstr ""
+
+#: dnsmasq.c:389
+#, c-format
+msgid "warning: setting capabilities failed: %m"
+msgstr ""
+
+#: dnsmasq.c:391
+msgid "running as root"
+msgstr ""
+
+#: dnsmasq.c:515
+#, c-format
+msgid "no servers found in %s, will retry"
+msgstr ""
+
+#: dnsmasq.c:574
+msgid "exiting on receipt of SIGTERM"
+msgstr ""
+
+#: dnsmasq.c:611
+msgid "connected to system DBus"
+msgstr ""
+
+#: dhcp.c:32
+#, c-format
+msgid "cannot create DHCP socket : %s"
+msgstr ""
+
+#: dhcp.c:41
+#, c-format
+msgid "failed to set options on DHCP socket: %s"
+msgstr ""
+
+#: dhcp.c:59
+#, c-format
+msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
+msgstr ""
+
+#: dhcp.c:72
+#, c-format
+msgid "failed to bind DHCP server socket: %s"
+msgstr ""
+
+#: dhcp.c:85
+#, c-format
+msgid "cannot create ICMP raw socket: %s."
+msgstr ""
+
+#: dhcp.c:97
+#, c-format
+msgid "duplicate IP address %s in dhcp-config directive."
+msgstr ""
+
+#: dhcp.c:336
+#, c-format
+msgid "DHCP range %s -- %s is not consistent with netmask %s"
+msgstr ""
+
+#: dhcp.c:653
+#, c-format
+msgid "failed to read %s:%m"
+msgstr ""
+
+#: dhcp.c:688
+#, c-format
+msgid "bad line at %s line %d"
+msgstr ""
+
+#: dhcp.c:795
+#, c-format
+msgid "duplicate IP address %s (%s) in dhcp-config directive"
+msgstr ""
+
+#: dhcp.c:831
+#, c-format
+msgid "Ignoring DHCP host name %s because it has an illegal domain part"
+msgstr ""
+
+#: lease.c:50
+#, c-format
+msgid "cannot open or create lease file %s: %s"
+msgstr ""
+
+#: lease.c:80
+msgid "too many stored leases"
+msgstr ""
+
+#: lease.c:113
+#, c-format
+msgid "cannot run lease-init script %s: %s"
+msgstr ""
+
+#: lease.c:119
+#, c-format
+msgid "lease-init script returned exit code %s"
+msgstr ""
+
+#: lease.c:217
+#, c-format
+msgid "failed to write %s: %s (retry in %us)"
+msgstr ""
+
+#: rfc2131.c:261
+#, c-format
+msgid "no address range available for DHCP request %s %s"
+msgstr ""
+
+#: rfc2131.c:262
+msgid "with subnet selector"
+msgstr ""
+
+#: rfc2131.c:262
+msgid "via"
+msgstr ""
+
+#: rfc2131.c:288 rfc2131.c:312
+msgid "disabled"
+msgstr ""
+
+#: rfc2131.c:324 rfc2131.c:762
+msgid "address in use"
+msgstr ""
+
+#: rfc2131.c:327
+msgid "no address configured"
+msgstr ""
+
+#: rfc2131.c:340 rfc2131.c:631
+msgid "no address available"
+msgstr ""
+
+#: rfc2131.c:349 rfc2131.c:772
+msgid "no leases left"
+msgstr ""
+
+#: rfc2131.c:352 rfc2131.c:736
+msgid "wrong network"
+msgstr ""
+
+#: rfc2131.c:559
+#, c-format
+msgid "disabling DHCP static address %s for %s"
+msgstr ""
+
+#: rfc2131.c:580
+msgid "unknown lease"
+msgstr ""
+
+#: rfc2131.c:589 rfc2131.c:873
+msgid "ignored"
+msgstr ""
+
+#: rfc2131.c:605
+#, c-format
+msgid "not using configured address %s because it is leased to %s"
+msgstr ""
+
+#: rfc2131.c:614
+#, c-format
+msgid ""
+"not using configured address %s because it is in use by the server or relay"
+msgstr ""
+
+#: rfc2131.c:617
+#, c-format
+msgid "not using configured address %s because it was previously declined"
+msgstr ""
+
+#: rfc2131.c:699
+msgid "wrong address"
+msgstr ""
+
+#: rfc2131.c:712
+msgid "lease not found"
+msgstr ""
+
+#: rfc2131.c:744
+msgid "address not available"
+msgstr ""
+
+#: rfc2131.c:755
+msgid "static lease available"
+msgstr ""
+
+#: rfc2131.c:759
+msgid "address reserved"
+msgstr ""
+
+#: rfc2131.c:765
+msgid "no unique-id"
+msgstr ""
+
+#: rfc2131.c:1011
+#, c-format
+msgid "cannot send DHCP option %d: no space left in packet"
+msgstr ""
+
+#: rfc2131.c:1312
+#, c-format
+msgid "More than one vendor class matches, using %s"
+msgstr ""
+
+#: netlink.c:51
+#, c-format
+msgid "cannot create netlink socket: %s"
+msgstr ""
+
+#: netlink.c:224
+#, c-format
+msgid "netlink returns error: %s"
+msgstr ""
+
+#: dbus.c:112
+msgid "attempt to set an IPv6 server address via DBus - no IPv6 support"
+msgstr ""
+
+#: dbus.c:238
+msgid "setting upstream servers from DBus"
+msgstr ""
+
+#: dbus.c:274
+msgid "could not register a DBus message handler"
+msgstr ""
+
+#: bpf.c:48
+#, c-format
+msgid "cannot create DHCP BPF socket: %s"
+msgstr ""
+
+#: bpf.c:76
+#, c-format
+msgid "DHCP request for unsupported hardware type (%d) received on %s"
+msgstr ""
+
+#: helper.c:145
+#, c-format
+msgid "child process killed by signal %d"
+msgstr ""
+
+#: helper.c:147
+#, c-format
+msgid "child process exited with status %d"
+msgstr ""
+
+#: helper.c:216
+#, c-format
+msgid "failed to execute %s: %m"
+msgstr ""

po/it.po

@@ -0,0 +1,964 @@
+# Italian translations for dnsmasq package.
+# This file is put in the public domain.
+# Simon Kelley <simon@thekelleys.org.uk>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: dnsmasq 2.32\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-10-28 15:42+0100\n"
+"PO-Revision-Date: 2006-05-22 11:09+0100\n"
+"Last-Translator: Simon Kelley <simon@thekelleys.org.uk>\n"
+"Language-Team: Italian <tp@lists.linux.it>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ASCII\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: cache.c:665
+#, c-format
+msgid "failed to load names from %s: %m"
+msgstr ""
+
+#: cache.c:699 dhcp.c:701
+#, c-format
+msgid "bad address at %s line %d"
+msgstr ""
+
+#: cache.c:745 dhcp.c:715
+#, c-format
+msgid "bad name at %s line %d"
+msgstr ""
+
+#: cache.c:752 dhcp.c:769
+#, c-format
+msgid "read %s - %d addresses"
+msgstr ""
+
+#: cache.c:790
+msgid "cleared cache"
+msgstr ""
+
+#: cache.c:843
+#, c-format
+msgid ""
+"not giving name %s to the DHCP lease of %s because the name exists in %s "
+"with address %s"
+msgstr ""
+
+#: cache.c:887
+#, c-format
+msgid ""
+"time %lu, cache size %d, %d/%d cache insertions re-used unexpired cache "
+"entries."
+msgstr ""
+
+#: util.c:153 option.c:1221
+msgid "could not get memory"
+msgstr ""
+
+#: util.c:176
+#, c-format
+msgid "%s at line %d of %%s"
+msgstr ""
+
+#: util.c:183
+msgid "FAILED to start up"
+msgstr ""
+
+#: util.c:304
+#, c-format
+msgid "infinite"
+msgstr ""
+
+#: option.c:147
+msgid "Specify local address(es) to listen on."
+msgstr ""
+
+#: option.c:148
+msgid "Return ipaddr for all hosts in specified domains."
+msgstr ""
+
+#: option.c:149
+msgid "Fake reverse lookups for RFC1918 private address ranges."
+msgstr ""
+
+#: option.c:150
+msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+msgstr ""
+
+#: option.c:151
+#, c-format
+msgid "Specify the size of the cache in entries (defaults to %s)."
+msgstr ""
+
+#: option.c:152
+#, c-format
+msgid "Specify configuration file (defaults to %s)."
+msgstr ""
+
+#: option.c:153
+msgid "Do NOT fork into the background: run in debug mode."
+msgstr ""
+
+#: option.c:154
+msgid "Do NOT forward queries with no domain part."
+msgstr ""
+
+#: option.c:155
+msgid "Return self-pointing MX records for local hosts."
+msgstr ""
+
+#: option.c:156
+msgid "Expand simple names in /etc/hosts with domain-suffix."
+msgstr ""
+
+#: option.c:157
+msgid "Don't forward spurious DNS requests from Windows hosts."
+msgstr ""
+
+#: option.c:158
+msgid "Enable DHCP in the range given with lease duration."
+msgstr ""
+
+#: option.c:159
+#, c-format
+msgid "Change to this group after startup (defaults to %s)."
+msgstr ""
+
+#: option.c:160
+msgid "Set address or hostname for a specified machine."
+msgstr ""
+
+#: option.c:161
+#, c-format
+msgid "Do NOT load %s file."
+msgstr ""
+
+#: option.c:162
+#, c-format
+msgid "Specify a hosts file to be read in addition to %s."
+msgstr ""
+
+#: option.c:163
+msgid "Specify interface(s) to listen on."
+msgstr ""
+
+#: option.c:164
+msgid "Specify interface(s) NOT to listen on."
+msgstr ""
+
+#: option.c:165
+msgid "Map DHCP user class to option set."
+msgstr ""
+
+#: option.c:166
+msgid "Don't do DHCP for hosts in option set."
+msgstr ""
+
+#: option.c:167
+msgid "Do NOT fork into the background, do NOT run in debug mode."
+msgstr ""
+
+#: option.c:168
+msgid "Assume we are the only DHCP server on the local network."
+msgstr ""
+
+#: option.c:169
+#, c-format
+msgid "Specify where to store DHCP leases (defaults to %s)."
+msgstr ""
+
+#: option.c:170
+msgid "Return MX records for local hosts."
+msgstr ""
+
+#: option.c:171
+msgid "Specify an MX record."
+msgstr ""
+
+#: option.c:172
+msgid "Specify BOOTP options to DHCP server."
+msgstr ""
+
+#: option.c:173
+#, c-format
+msgid "Do NOT poll %s file, reload only on SIGHUP."
+msgstr ""
+
+#: option.c:174
+msgid "Do NOT cache failed search results."
+msgstr ""
+
+#: option.c:175
+#, c-format
+msgid "Use nameservers strictly in the order given in %s."
+msgstr ""
+
+#: option.c:176
+msgid "Set extra options to be set to DHCP clients."
+msgstr ""
+
+#: option.c:177
+msgid "Specify port to listen for DNS requests on (defaults to 53)."
+msgstr ""
+
+#: option.c:178
+#, c-format
+msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+msgstr ""
+
+#: option.c:179
+msgid "Log queries."
+msgstr ""
+
+#: option.c:180
+msgid "Force the originating port for upstream queries."
+msgstr ""
+
+#: option.c:181
+msgid "Do NOT read resolv.conf."
+msgstr ""
+
+#: option.c:182
+#, c-format
+msgid "Specify path to resolv.conf (defaults to %s)."
+msgstr ""
+
+#: option.c:183
+msgid "Specify address(es) of upstream servers with optional domains."
+msgstr ""
+
+#: option.c:184
+msgid "Never forward queries to specified domains."
+msgstr ""
+
+#: option.c:185
+msgid "Specify the domain to be assigned in DHCP leases."
+msgstr ""
+
+#: option.c:186
+msgid "Specify default target in an MX record."
+msgstr ""
+
+#: option.c:187
+msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+msgstr ""
+
+#: option.c:188
+#, c-format
+msgid "Change to this user after startup. (defaults to %s)."
+msgstr ""
+
+#: option.c:189
+msgid "Map DHCP vendor class to option set."
+msgstr ""
+
+#: option.c:190
+msgid "Display dnsmasq version and copyright information."
+msgstr ""
+
+#: option.c:191
+msgid "Translate IPv4 addresses from upstream servers."
+msgstr ""
+
+#: option.c:192
+msgid "Specify a SRV record."
+msgstr ""
+
+#: option.c:193
+msgid "Display this message."
+msgstr ""
+
+#: option.c:194
+#, c-format
+msgid "Specify path of PID file. (defaults to %s)."
+msgstr ""
+
+#: option.c:195
+#, c-format
+msgid "Specify maximum number of DHCP leases (defaults to %s)."
+msgstr ""
+
+#: option.c:196
+msgid "Answer DNS queries based on the interface a query was sent to."
+msgstr ""
+
+#: option.c:197
+msgid "Specify TXT DNS record."
+msgstr ""
+
+#: option.c:198
+msgid "Bind only to interfaces in use."
+msgstr ""
+
+#: option.c:199
+#, c-format
+msgid "Read DHCP static host information from %s."
+msgstr ""
+
+#: option.c:200
+msgid "Enable the DBus interface for setting upstream servers, etc."
+msgstr ""
+
+#: option.c:201
+msgid "Do not provide DHCP on this interface, only provide DNS."
+msgstr ""
+
+#: option.c:202
+msgid "Enable dynamic address allocation for bootp."
+msgstr ""
+
+#: option.c:203
+msgid "Map MAC address (with wildcards) to option set."
+msgstr ""
+
+#: option.c:204
+msgid "Disable ICMP echo address checking in the DHCP server."
+msgstr ""
+
+#: option.c:205
+msgid "Script to run on DHCP lease creation and destruction."
+msgstr ""
+
+#: option.c:206
+msgid "Read configuration from all the files in this directory."
+msgstr ""
+
+#: option.c:207
+msgid "Log to this syslog facility. (defaults to DAEMON)"
+msgstr ""
+
+#: option.c:208
+msgid "Read leases at startup, but never write the lease file."
+msgstr ""
+
+#: option.c:209
+#, c-format
+msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+msgstr ""
+
+#: option.c:210
+#, c-format
+msgid "Clear DNS cache when reloading %s."
+msgstr ""
+
+#: option.c:323
+#, c-format
+msgid ""
+"Usage: dnsmasq [options]\n"
+"\n"
+msgstr ""
+
+#: option.c:325
+#, c-format
+msgid "Use short options only on the command line.\n"
+msgstr ""
+
+#: option.c:327
+#, c-format
+msgid "Valid options are :\n"
+msgstr ""
+
+#: option.c:362
+msgid "extraneous parameter"
+msgstr ""
+
+#: option.c:366
+msgid "missing parameter"
+msgstr ""
+
+#: option.c:388
+#, c-format
+msgid "cannot access directory %s: %s"
+msgstr ""
+
+#: option.c:407
+#, c-format
+msgid "cannot access %s: %s"
+msgstr ""
+
+#: option.c:484
+msgid "bad MX preference"
+msgstr ""
+
+#: option.c:493
+msgid "bad MX name"
+msgstr ""
+
+#: option.c:511
+msgid "bad MX target"
+msgstr ""
+
+#: option.c:523
+msgid "cannot run scripts under uClinux"
+msgstr ""
+
+#: option.c:722 option.c:733
+msgid "bad port"
+msgstr ""
+
+#: option.c:878
+msgid "bad dhcp-range"
+msgstr ""
+
+#: option.c:907
+msgid "only one netid tag allowed"
+msgstr ""
+
+#: option.c:952
+msgid "inconsistent DHCP range"
+msgstr ""
+
+#: option.c:1137
+msgid "bad dhcp-host"
+msgstr ""
+
+#: option.c:1198
+msgid "bad dhcp-option"
+msgstr ""
+
+#: option.c:1216
+msgid "bad domain in dhcp-option"
+msgstr ""
+
+#: option.c:1386
+msgid "dhcp-option too long"
+msgstr ""
+
+#: option.c:1583
+msgid "bad TXT record"
+msgstr ""
+
+#: option.c:1615
+msgid "TXT record string too long"
+msgstr ""
+
+#: option.c:1654
+msgid "bad SRV record"
+msgstr ""
+
+#: option.c:1667
+msgid "bad SRV target"
+msgstr ""
+
+#: option.c:1679
+msgid "invalid port number"
+msgstr ""
+
+#: option.c:1690
+msgid "invalid priority"
+msgstr ""
+
+#: option.c:1701
+msgid "invalid weight"
+msgstr ""
+
+#: option.c:1732
+#, c-format
+msgid "files nested too deep in %s"
+msgstr ""
+
+#: option.c:1739
+#, c-format
+msgid "cannot read %s: %s"
+msgstr ""
+
+#: option.c:1781
+msgid "missing \""
+msgstr ""
+
+#: option.c:1816
+msgid "error"
+msgstr ""
+
+#: option.c:1820
+msgid "bad option"
+msgstr ""
+
+#: option.c:1884
+#, c-format
+msgid "Dnsmasq version %s  %s\n"
+msgstr ""
+
+#: option.c:1885
+#, c-format
+msgid ""
+"Compile time options %s\n"
+"\n"
+msgstr ""
+
+#: option.c:1886
+#, c-format
+msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+msgstr ""
+
+#: option.c:1887
+#, c-format
+msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+msgstr ""
+
+#: option.c:1888
+#, c-format
+msgid "under the terms of the GNU General Public License, version 2.\n"
+msgstr ""
+
+#: option.c:1899
+msgid "try --help"
+msgstr ""
+
+#: option.c:1901
+msgid "try -w"
+msgstr ""
+
+#: option.c:1904
+#, c-format
+msgid "bad command line options: %s"
+msgstr ""
+
+#: option.c:1955
+#, c-format
+msgid "cannot get host-name: %s"
+msgstr ""
+
+#: option.c:1983
+msgid "only one resolv.conf file allowed in no-poll mode."
+msgstr ""
+
+#: option.c:1993
+msgid "must have exactly one resolv.conf to read domain from."
+msgstr ""
+
+#: option.c:1996
+#, c-format
+msgid "failed to read %s: %s"
+msgstr ""
+
+#: option.c:2014
+#, c-format
+msgid "no search directive found in %s"
+msgstr ""
+
+#: forward.c:370
+#, c-format
+msgid "nameserver %s refused to do a recursive query"
+msgstr ""
+
+#: isc.c:73 dnsmasq.c:482
+#, c-format
+msgid "failed to access %s: %m"
+msgstr ""
+
+#: isc.c:89
+#, c-format
+msgid "failed to load %s: %m"
+msgstr ""
+
+#: isc.c:93 dnsmasq.c:504
+#, c-format
+msgid "reading %s"
+msgstr ""
+
+#: isc.c:115
+#, c-format
+msgid "bad name in %s"
+msgstr ""
+
+#: isc.c:177
+#, c-format
+msgid "Ignoring DHCP lease for %s because it has an illegal domain part"
+msgstr ""
+
+#: network.c:315 dnsmasq.c:132
+#, c-format
+msgid "failed to create listening socket: %s"
+msgstr ""
+
+#: network.c:322
+#, c-format
+msgid "failed to set IPV6 options on listening socket: %s"
+msgstr ""
+
+#: network.c:340
+#, c-format
+msgid "failed to bind listening socket for %s: %s"
+msgstr ""
+
+#: network.c:348
+#, c-format
+msgid "failed to listen on socket: %s"
+msgstr ""
+
+#: network.c:419
+#, c-format
+msgid "ignoring nameserver %s - local interface"
+msgstr ""
+
+#: network.c:428
+#, c-format
+msgid "ignoring nameserver %s - cannot make/bind socket: %m"
+msgstr ""
+
+#: network.c:442
+msgid "domain"
+msgstr ""
+
+#: network.c:444
+msgid "unqualified"
+msgstr ""
+
+#: network.c:444
+msgid "domains"
+msgstr ""
+
+#: network.c:447
+#, c-format
+msgid "using local addresses only for %s %s"
+msgstr ""
+
+#: network.c:449
+#, c-format
+msgid "using nameserver %s#%d for %s %s"
+msgstr ""
+
+#: network.c:452
+#, c-format
+msgid "using nameserver %s#%d"
+msgstr ""
+
+#: network.c:472
+#, c-format
+msgid "failed to read %s: %m"
+msgstr ""
+
+#: dnsmasq.c:97
+msgid ""
+"ISC dhcpd integration not available: set HAVE_ISC_READER in src/config.h"
+msgstr ""
+
+#: dnsmasq.c:114
+#, c-format
+msgid "failed to find list of interfaces: %s"
+msgstr ""
+
+#: dnsmasq.c:122
+#, c-format
+msgid "unknown interface %s"
+msgstr ""
+
+#: dnsmasq.c:128
+#, c-format
+msgid "no interface with address %s"
+msgstr ""
+
+#: dnsmasq.c:147
+msgid "must set exactly one interface on broken systems without IP_RECVIF"
+msgstr ""
+
+#: dnsmasq.c:160 dnsmasq.c:609
+#, c-format
+msgid "DBus error: %s"
+msgstr ""
+
+#: dnsmasq.c:163
+msgid "DBus not available: set HAVE_DBUS in src/config.h"
+msgstr ""
+
+#: dnsmasq.c:194
+#, c-format
+msgid "cannot create pipe: %s"
+msgstr ""
+
+#: dnsmasq.c:337
+#, c-format
+msgid "started, version %s cachesize %d"
+msgstr ""
+
+#: dnsmasq.c:339
+#, c-format
+msgid "started, version %s cache disabled"
+msgstr ""
+
+#: dnsmasq.c:341
+#, c-format
+msgid "compile time options: %s"
+msgstr ""
+
+#: dnsmasq.c:347
+msgid "DBus support enabled: connected to system bus"
+msgstr ""
+
+#: dnsmasq.c:349
+msgid "DBus support enabled: bus connection pending"
+msgstr ""
+
+#: dnsmasq.c:354
+msgid "setting --bind-interfaces option because of OS limitations"
+msgstr ""
+
+#: dnsmasq.c:359
+#, c-format
+msgid "warning: interface %s does not currently exist"
+msgstr ""
+
+#: dnsmasq.c:364
+msgid "warning: ignoring resolv-file flag because no-resolv is set"
+msgstr ""
+
+#: dnsmasq.c:378
+#, c-format
+msgid "DHCP, static leases only on %.0s%s, lease time %s"
+msgstr ""
+
+#: dnsmasq.c:379
+#, c-format
+msgid "DHCP, IP range %s -- %s, lease time %s"
+msgstr ""
+
+#: dnsmasq.c:389
+#, c-format
+msgid "warning: setting capabilities failed: %m"
+msgstr ""
+
+#: dnsmasq.c:391
+msgid "running as root"
+msgstr ""
+
+#: dnsmasq.c:515
+#, c-format
+msgid "no servers found in %s, will retry"
+msgstr ""
+
+#: dnsmasq.c:574
+msgid "exiting on receipt of SIGTERM"
+msgstr ""
+
+#: dnsmasq.c:611
+msgid "connected to system DBus"
+msgstr ""
+
+#: dhcp.c:32
+#, c-format
+msgid "cannot create DHCP socket : %s"
+msgstr ""
+
+#: dhcp.c:41
+#, c-format
+msgid "failed to set options on DHCP socket: %s"
+msgstr ""
+
+#: dhcp.c:59
+#, c-format
+msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
+msgstr ""
+
+#: dhcp.c:72
+#, c-format
+msgid "failed to bind DHCP server socket: %s"
+msgstr ""
+
+#: dhcp.c:85
+#, c-format
+msgid "cannot create ICMP raw socket: %s."
+msgstr ""
+
+#: dhcp.c:97
+#, c-format
+msgid "duplicate IP address %s in dhcp-config directive."
+msgstr ""
+
+#: dhcp.c:336
+#, c-format
+msgid "DHCP range %s -- %s is not consistent with netmask %s"
+msgstr ""
+
+#: dhcp.c:653
+#, c-format
+msgid "failed to read %s:%m"
+msgstr ""
+
+#: dhcp.c:688
+#, c-format
+msgid "bad line at %s line %d"
+msgstr ""
+
+#: dhcp.c:795
+#, c-format
+msgid "duplicate IP address %s (%s) in dhcp-config directive"
+msgstr ""
+
+#: dhcp.c:831
+#, c-format
+msgid "Ignoring DHCP host name %s because it has an illegal domain part"
+msgstr ""
+
+#: lease.c:50
+#, c-format
+msgid "cannot open or create lease file %s: %s"
+msgstr ""
+
+#: lease.c:80
+msgid "too many stored leases"
+msgstr ""
+
+#: lease.c:113
+#, c-format
+msgid "cannot run lease-init script %s: %s"
+msgstr ""
+
+#: lease.c:119
+#, c-format
+msgid "lease-init script returned exit code %s"
+msgstr ""
+
+#: lease.c:217
+#, c-format
+msgid "failed to write %s: %s (retry in %us)"
+msgstr ""
+
+#: rfc2131.c:261
+#, c-format
+msgid "no address range available for DHCP request %s %s"
+msgstr ""
+
+#: rfc2131.c:262
+msgid "with subnet selector"
+msgstr ""
+
+#: rfc2131.c:262
+msgid "via"
+msgstr ""
+
+#: rfc2131.c:288 rfc2131.c:312
+msgid "disabled"
+msgstr ""
+
+#: rfc2131.c:324 rfc2131.c:762
+msgid "address in use"
+msgstr ""
+
+#: rfc2131.c:327
+msgid "no address configured"
+msgstr ""
+
+#: rfc2131.c:340 rfc2131.c:631
+msgid "no address available"
+msgstr ""
+
+#: rfc2131.c:349 rfc2131.c:772
+msgid "no leases left"
+msgstr ""
+
+#: rfc2131.c:352 rfc2131.c:736
+msgid "wrong network"
+msgstr ""
+
+#: rfc2131.c:559
+#, c-format
+msgid "disabling DHCP static address %s for %s"
+msgstr ""
+
+#: rfc2131.c:580
+msgid "unknown lease"
+msgstr ""
+
+#: rfc2131.c:589 rfc2131.c:873
+msgid "ignored"
+msgstr ""
+
+#: rfc2131.c:605
+#, c-format
+msgid "not using configured address %s because it is leased to %s"
+msgstr ""
+
+#: rfc2131.c:614
+#, c-format
+msgid ""
+"not using configured address %s because it is in use by the server or relay"
+msgstr ""
+
+#: rfc2131.c:617
+#, c-format
+msgid "not using configured address %s because it was previously declined"
+msgstr ""
+
+#: rfc2131.c:699
+msgid "wrong address"
+msgstr ""
+
+#: rfc2131.c:712
+msgid "lease not found"
+msgstr ""
+
+#: rfc2131.c:744
+msgid "address not available"
+msgstr ""
+
+#: rfc2131.c:755
+msgid "static lease available"
+msgstr ""
+
+#: rfc2131.c:759
+msgid "address reserved"
+msgstr ""
+
+#: rfc2131.c:765
+msgid "no unique-id"
+msgstr ""
+
+#: rfc2131.c:1011
+#, c-format
+msgid "cannot send DHCP option %d: no space left in packet"
+msgstr ""
+
+#: rfc2131.c:1312
+#, c-format
+msgid "More than one vendor class matches, using %s"
+msgstr ""
+
+#: netlink.c:51
+#, c-format
+msgid "cannot create netlink socket: %s"
+msgstr ""
+
+#: netlink.c:224
+#, c-format
+msgid "netlink returns error: %s"
+msgstr ""
+
+#: dbus.c:112
+msgid "attempt to set an IPv6 server address via DBus - no IPv6 support"
+msgstr ""
+
+#: dbus.c:238
+msgid "setting upstream servers from DBus"
+msgstr ""
+
+#: dbus.c:274
+msgid "could not register a DBus message handler"
+msgstr ""
+
+#: bpf.c:48
+#, c-format
+msgid "cannot create DHCP BPF socket: %s"
+msgstr ""
+
+#: bpf.c:76
+#, c-format
+msgid "DHCP request for unsupported hardware type (%d) received on %s"
+msgstr ""
+
+#: helper.c:145
+#, c-format
+msgid "child process killed by signal %d"
+msgstr ""
+
+#: helper.c:147
+#, c-format
+msgid "child process exited with status %d"
+msgstr ""
+
+#: helper.c:216
+#, c-format
+msgid "failed to execute %s: %m"
+msgstr ""

po/pt_BR.po

@@ -0,0 +1,964 @@
+# Portuguese translations for dnsmasq package.
+# This file is put in the public domain.
+# Simon Kelley <simon@thekelleys.org.uk>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: dnsmasq 2.26\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-10-28 15:42+0100\n"
+"PO-Revision-Date: 2006-01-16 20:42+0000\n"
+"Last-Translator: Simon Kelley <simon@thekelleys.org.uk>\n"
+"Language-Team: Portuguese <ldp-br@bazar.conectiva.com.br>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ASCII\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+
+#: cache.c:665
+#, c-format
+msgid "failed to load names from %s: %m"
+msgstr ""
+
+#: cache.c:699 dhcp.c:701
+#, c-format
+msgid "bad address at %s line %d"
+msgstr ""
+
+#: cache.c:745 dhcp.c:715
+#, c-format
+msgid "bad name at %s line %d"
+msgstr ""
+
+#: cache.c:752 dhcp.c:769
+#, c-format
+msgid "read %s - %d addresses"
+msgstr ""
+
+#: cache.c:790
+msgid "cleared cache"
+msgstr ""
+
+#: cache.c:843
+#, c-format
+msgid ""
+"not giving name %s to the DHCP lease of %s because the name exists in %s "
+"with address %s"
+msgstr ""
+
+#: cache.c:887
+#, c-format
+msgid ""
+"time %lu, cache size %d, %d/%d cache insertions re-used unexpired cache "
+"entries."
+msgstr ""
+
+#: util.c:153 option.c:1221
+msgid "could not get memory"
+msgstr ""
+
+#: util.c:176
+#, c-format
+msgid "%s at line %d of %%s"
+msgstr ""
+
+#: util.c:183
+msgid "FAILED to start up"
+msgstr ""
+
+#: util.c:304
+#, c-format
+msgid "infinite"
+msgstr ""
+
+#: option.c:147
+msgid "Specify local address(es) to listen on."
+msgstr ""
+
+#: option.c:148
+msgid "Return ipaddr for all hosts in specified domains."
+msgstr ""
+
+#: option.c:149
+msgid "Fake reverse lookups for RFC1918 private address ranges."
+msgstr ""
+
+#: option.c:150
+msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+msgstr ""
+
+#: option.c:151
+#, c-format
+msgid "Specify the size of the cache in entries (defaults to %s)."
+msgstr ""
+
+#: option.c:152
+#, c-format
+msgid "Specify configuration file (defaults to %s)."
+msgstr ""
+
+#: option.c:153
+msgid "Do NOT fork into the background: run in debug mode."
+msgstr ""
+
+#: option.c:154
+msgid "Do NOT forward queries with no domain part."
+msgstr ""
+
+#: option.c:155
+msgid "Return self-pointing MX records for local hosts."
+msgstr ""
+
+#: option.c:156
+msgid "Expand simple names in /etc/hosts with domain-suffix."
+msgstr ""
+
+#: option.c:157
+msgid "Don't forward spurious DNS requests from Windows hosts."
+msgstr ""
+
+#: option.c:158
+msgid "Enable DHCP in the range given with lease duration."
+msgstr ""
+
+#: option.c:159
+#, c-format
+msgid "Change to this group after startup (defaults to %s)."
+msgstr ""
+
+#: option.c:160
+msgid "Set address or hostname for a specified machine."
+msgstr ""
+
+#: option.c:161
+#, c-format
+msgid "Do NOT load %s file."
+msgstr ""
+
+#: option.c:162
+#, c-format
+msgid "Specify a hosts file to be read in addition to %s."
+msgstr ""
+
+#: option.c:163
+msgid "Specify interface(s) to listen on."
+msgstr ""
+
+#: option.c:164
+msgid "Specify interface(s) NOT to listen on."
+msgstr ""
+
+#: option.c:165
+msgid "Map DHCP user class to option set."
+msgstr ""
+
+#: option.c:166
+msgid "Don't do DHCP for hosts in option set."
+msgstr ""
+
+#: option.c:167
+msgid "Do NOT fork into the background, do NOT run in debug mode."
+msgstr ""
+
+#: option.c:168
+msgid "Assume we are the only DHCP server on the local network."
+msgstr ""
+
+#: option.c:169
+#, c-format
+msgid "Specify where to store DHCP leases (defaults to %s)."
+msgstr ""
+
+#: option.c:170
+msgid "Return MX records for local hosts."
+msgstr ""
+
+#: option.c:171
+msgid "Specify an MX record."
+msgstr ""
+
+#: option.c:172
+msgid "Specify BOOTP options to DHCP server."
+msgstr ""
+
+#: option.c:173
+#, c-format
+msgid "Do NOT poll %s file, reload only on SIGHUP."
+msgstr ""
+
+#: option.c:174
+msgid "Do NOT cache failed search results."
+msgstr ""
+
+#: option.c:175
+#, c-format
+msgid "Use nameservers strictly in the order given in %s."
+msgstr ""
+
+#: option.c:176
+msgid "Set extra options to be set to DHCP clients."
+msgstr ""
+
+#: option.c:177
+msgid "Specify port to listen for DNS requests on (defaults to 53)."
+msgstr ""
+
+#: option.c:178
+#, c-format
+msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+msgstr ""
+
+#: option.c:179
+msgid "Log queries."
+msgstr ""
+
+#: option.c:180
+msgid "Force the originating port for upstream queries."
+msgstr ""
+
+#: option.c:181
+msgid "Do NOT read resolv.conf."
+msgstr ""
+
+#: option.c:182
+#, c-format
+msgid "Specify path to resolv.conf (defaults to %s)."
+msgstr ""
+
+#: option.c:183
+msgid "Specify address(es) of upstream servers with optional domains."
+msgstr ""
+
+#: option.c:184
+msgid "Never forward queries to specified domains."
+msgstr ""
+
+#: option.c:185
+msgid "Specify the domain to be assigned in DHCP leases."
+msgstr ""
+
+#: option.c:186
+msgid "Specify default target in an MX record."
+msgstr ""
+
+#: option.c:187
+msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+msgstr ""
+
+#: option.c:188
+#, c-format
+msgid "Change to this user after startup. (defaults to %s)."
+msgstr ""
+
+#: option.c:189
+msgid "Map DHCP vendor class to option set."
+msgstr ""
+
+#: option.c:190
+msgid "Display dnsmasq version and copyright information."
+msgstr ""
+
+#: option.c:191
+msgid "Translate IPv4 addresses from upstream servers."
+msgstr ""
+
+#: option.c:192
+msgid "Specify a SRV record."
+msgstr ""
+
+#: option.c:193
+msgid "Display this message."
+msgstr ""
+
+#: option.c:194
+#, c-format
+msgid "Specify path of PID file. (defaults to %s)."
+msgstr ""
+
+#: option.c:195
+#, c-format
+msgid "Specify maximum number of DHCP leases (defaults to %s)."
+msgstr ""
+
+#: option.c:196
+msgid "Answer DNS queries based on the interface a query was sent to."
+msgstr ""
+
+#: option.c:197
+msgid "Specify TXT DNS record."
+msgstr ""
+
+#: option.c:198
+msgid "Bind only to interfaces in use."
+msgstr ""
+
+#: option.c:199
+#, c-format
+msgid "Read DHCP static host information from %s."
+msgstr ""
+
+#: option.c:200
+msgid "Enable the DBus interface for setting upstream servers, etc."
+msgstr ""
+
+#: option.c:201
+msgid "Do not provide DHCP on this interface, only provide DNS."
+msgstr ""
+
+#: option.c:202
+msgid "Enable dynamic address allocation for bootp."
+msgstr ""
+
+#: option.c:203
+msgid "Map MAC address (with wildcards) to option set."
+msgstr ""
+
+#: option.c:204
+msgid "Disable ICMP echo address checking in the DHCP server."
+msgstr ""
+
+#: option.c:205
+msgid "Script to run on DHCP lease creation and destruction."
+msgstr ""
+
+#: option.c:206
+msgid "Read configuration from all the files in this directory."
+msgstr ""
+
+#: option.c:207
+msgid "Log to this syslog facility. (defaults to DAEMON)"
+msgstr ""
+
+#: option.c:208
+msgid "Read leases at startup, but never write the lease file."
+msgstr ""
+
+#: option.c:209
+#, c-format
+msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+msgstr ""
+
+#: option.c:210
+#, c-format
+msgid "Clear DNS cache when reloading %s."
+msgstr ""
+
+#: option.c:323
+#, c-format
+msgid ""
+"Usage: dnsmasq [options]\n"
+"\n"
+msgstr ""
+
+#: option.c:325
+#, c-format
+msgid "Use short options only on the command line.\n"
+msgstr ""
+
+#: option.c:327
+#, c-format
+msgid "Valid options are :\n"
+msgstr ""
+
+#: option.c:362
+msgid "extraneous parameter"
+msgstr ""
+
+#: option.c:366
+msgid "missing parameter"
+msgstr ""
+
+#: option.c:388
+#, c-format
+msgid "cannot access directory %s: %s"
+msgstr ""
+
+#: option.c:407
+#, c-format
+msgid "cannot access %s: %s"
+msgstr ""
+
+#: option.c:484
+msgid "bad MX preference"
+msgstr ""
+
+#: option.c:493
+msgid "bad MX name"
+msgstr ""
+
+#: option.c:511
+msgid "bad MX target"
+msgstr ""
+
+#: option.c:523
+msgid "cannot run scripts under uClinux"
+msgstr ""
+
+#: option.c:722 option.c:733
+msgid "bad port"
+msgstr ""
+
+#: option.c:878
+msgid "bad dhcp-range"
+msgstr ""
+
+#: option.c:907
+msgid "only one netid tag allowed"
+msgstr ""
+
+#: option.c:952
+msgid "inconsistent DHCP range"
+msgstr ""
+
+#: option.c:1137
+msgid "bad dhcp-host"
+msgstr ""
+
+#: option.c:1198
+msgid "bad dhcp-option"
+msgstr ""
+
+#: option.c:1216
+msgid "bad domain in dhcp-option"
+msgstr ""
+
+#: option.c:1386
+msgid "dhcp-option too long"
+msgstr ""
+
+#: option.c:1583
+msgid "bad TXT record"
+msgstr ""
+
+#: option.c:1615
+msgid "TXT record string too long"
+msgstr ""
+
+#: option.c:1654
+msgid "bad SRV record"
+msgstr ""
+
+#: option.c:1667
+msgid "bad SRV target"
+msgstr ""
+
+#: option.c:1679
+msgid "invalid port number"
+msgstr ""
+
+#: option.c:1690
+msgid "invalid priority"
+msgstr ""
+
+#: option.c:1701
+msgid "invalid weight"
+msgstr ""
+
+#: option.c:1732
+#, c-format
+msgid "files nested too deep in %s"
+msgstr ""
+
+#: option.c:1739
+#, c-format
+msgid "cannot read %s: %s"
+msgstr ""
+
+#: option.c:1781
+msgid "missing \""
+msgstr ""
+
+#: option.c:1816
+msgid "error"
+msgstr ""
+
+#: option.c:1820
+msgid "bad option"
+msgstr ""
+
+#: option.c:1884
+#, c-format
+msgid "Dnsmasq version %s  %s\n"
+msgstr ""
+
+#: option.c:1885
+#, c-format
+msgid ""
+"Compile time options %s\n"
+"\n"
+msgstr ""
+
+#: option.c:1886
+#, c-format
+msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+msgstr ""
+
+#: option.c:1887
+#, c-format
+msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+msgstr ""
+
+#: option.c:1888
+#, c-format
+msgid "under the terms of the GNU General Public License, version 2.\n"
+msgstr ""
+
+#: option.c:1899
+msgid "try --help"
+msgstr ""
+
+#: option.c:1901
+msgid "try -w"
+msgstr ""
+
+#: option.c:1904
+#, c-format
+msgid "bad command line options: %s"
+msgstr ""
+
+#: option.c:1955
+#, c-format
+msgid "cannot get host-name: %s"
+msgstr ""
+
+#: option.c:1983
+msgid "only one resolv.conf file allowed in no-poll mode."
+msgstr ""
+
+#: option.c:1993
+msgid "must have exactly one resolv.conf to read domain from."
+msgstr ""
+
+#: option.c:1996
+#, c-format
+msgid "failed to read %s: %s"
+msgstr ""
+
+#: option.c:2014
+#, c-format
+msgid "no search directive found in %s"
+msgstr ""
+
+#: forward.c:370
+#, c-format
+msgid "nameserver %s refused to do a recursive query"
+msgstr ""
+
+#: isc.c:73 dnsmasq.c:482
+#, c-format
+msgid "failed to access %s: %m"
+msgstr ""
+
+#: isc.c:89
+#, c-format
+msgid "failed to load %s: %m"
+msgstr ""
+
+#: isc.c:93 dnsmasq.c:504
+#, c-format
+msgid "reading %s"
+msgstr ""
+
+#: isc.c:115
+#, c-format
+msgid "bad name in %s"
+msgstr ""
+
+#: isc.c:177
+#, c-format
+msgid "Ignoring DHCP lease for %s because it has an illegal domain part"
+msgstr ""
+
+#: network.c:315 dnsmasq.c:132
+#, c-format
+msgid "failed to create listening socket: %s"
+msgstr ""
+
+#: network.c:322
+#, c-format
+msgid "failed to set IPV6 options on listening socket: %s"
+msgstr ""
+
+#: network.c:340
+#, c-format
+msgid "failed to bind listening socket for %s: %s"
+msgstr ""
+
+#: network.c:348
+#, c-format
+msgid "failed to listen on socket: %s"
+msgstr ""
+
+#: network.c:419
+#, c-format
+msgid "ignoring nameserver %s - local interface"
+msgstr ""
+
+#: network.c:428
+#, c-format
+msgid "ignoring nameserver %s - cannot make/bind socket: %m"
+msgstr ""
+
+#: network.c:442
+msgid "domain"
+msgstr ""
+
+#: network.c:444
+msgid "unqualified"
+msgstr ""
+
+#: network.c:444
+msgid "domains"
+msgstr ""
+
+#: network.c:447
+#, c-format
+msgid "using local addresses only for %s %s"
+msgstr ""
+
+#: network.c:449
+#, c-format
+msgid "using nameserver %s#%d for %s %s"
+msgstr ""
+
+#: network.c:452
+#, c-format
+msgid "using nameserver %s#%d"
+msgstr ""
+
+#: network.c:472
+#, c-format
+msgid "failed to read %s: %m"
+msgstr ""
+
+#: dnsmasq.c:97
+msgid ""
+"ISC dhcpd integration not available: set HAVE_ISC_READER in src/config.h"
+msgstr ""
+
+#: dnsmasq.c:114
+#, c-format
+msgid "failed to find list of interfaces: %s"
+msgstr ""
+
+#: dnsmasq.c:122
+#, c-format
+msgid "unknown interface %s"
+msgstr ""
+
+#: dnsmasq.c:128
+#, c-format
+msgid "no interface with address %s"
+msgstr ""
+
+#: dnsmasq.c:147
+msgid "must set exactly one interface on broken systems without IP_RECVIF"
+msgstr ""
+
+#: dnsmasq.c:160 dnsmasq.c:609
+#, c-format
+msgid "DBus error: %s"
+msgstr ""
+
+#: dnsmasq.c:163
+msgid "DBus not available: set HAVE_DBUS in src/config.h"
+msgstr ""
+
+#: dnsmasq.c:194
+#, c-format
+msgid "cannot create pipe: %s"
+msgstr ""
+
+#: dnsmasq.c:337
+#, c-format
+msgid "started, version %s cachesize %d"
+msgstr ""
+
+#: dnsmasq.c:339
+#, c-format
+msgid "started, version %s cache disabled"
+msgstr ""
+
+#: dnsmasq.c:341
+#, c-format
+msgid "compile time options: %s"
+msgstr ""
+
+#: dnsmasq.c:347
+msgid "DBus support enabled: connected to system bus"
+msgstr ""
+
+#: dnsmasq.c:349
+msgid "DBus support enabled: bus connection pending"
+msgstr ""
+
+#: dnsmasq.c:354
+msgid "setting --bind-interfaces option because of OS limitations"
+msgstr ""
+
+#: dnsmasq.c:359
+#, c-format
+msgid "warning: interface %s does not currently exist"
+msgstr ""
+
+#: dnsmasq.c:364
+msgid "warning: ignoring resolv-file flag because no-resolv is set"
+msgstr ""
+
+#: dnsmasq.c:378
+#, c-format
+msgid "DHCP, static leases only on %.0s%s, lease time %s"
+msgstr ""
+
+#: dnsmasq.c:379
+#, c-format
+msgid "DHCP, IP range %s -- %s, lease time %s"
+msgstr ""
+
+#: dnsmasq.c:389
+#, c-format
+msgid "warning: setting capabilities failed: %m"
+msgstr ""
+
+#: dnsmasq.c:391
+msgid "running as root"
+msgstr ""
+
+#: dnsmasq.c:515
+#, c-format
+msgid "no servers found in %s, will retry"
+msgstr ""
+
+#: dnsmasq.c:574
+msgid "exiting on receipt of SIGTERM"
+msgstr ""
+
+#: dnsmasq.c:611
+msgid "connected to system DBus"
+msgstr ""
+
+#: dhcp.c:32
+#, c-format
+msgid "cannot create DHCP socket : %s"
+msgstr ""
+
+#: dhcp.c:41
+#, c-format
+msgid "failed to set options on DHCP socket: %s"
+msgstr ""
+
+#: dhcp.c:59
+#, c-format
+msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
+msgstr ""
+
+#: dhcp.c:72
+#, c-format
+msgid "failed to bind DHCP server socket: %s"
+msgstr ""
+
+#: dhcp.c:85
+#, c-format
+msgid "cannot create ICMP raw socket: %s."
+msgstr ""
+
+#: dhcp.c:97
+#, c-format
+msgid "duplicate IP address %s in dhcp-config directive."
+msgstr ""
+
+#: dhcp.c:336
+#, c-format
+msgid "DHCP range %s -- %s is not consistent with netmask %s"
+msgstr ""
+
+#: dhcp.c:653
+#, c-format
+msgid "failed to read %s:%m"
+msgstr ""
+
+#: dhcp.c:688
+#, c-format
+msgid "bad line at %s line %d"
+msgstr ""
+
+#: dhcp.c:795
+#, c-format
+msgid "duplicate IP address %s (%s) in dhcp-config directive"
+msgstr ""
+
+#: dhcp.c:831
+#, c-format
+msgid "Ignoring DHCP host name %s because it has an illegal domain part"
+msgstr ""
+
+#: lease.c:50
+#, c-format
+msgid "cannot open or create lease file %s: %s"
+msgstr ""
+
+#: lease.c:80
+msgid "too many stored leases"
+msgstr ""
+
+#: lease.c:113
+#, c-format
+msgid "cannot run lease-init script %s: %s"
+msgstr ""
+
+#: lease.c:119
+#, c-format
+msgid "lease-init script returned exit code %s"
+msgstr ""
+
+#: lease.c:217
+#, c-format
+msgid "failed to write %s: %s (retry in %us)"
+msgstr ""
+
+#: rfc2131.c:261
+#, c-format
+msgid "no address range available for DHCP request %s %s"
+msgstr ""
+
+#: rfc2131.c:262
+msgid "with subnet selector"
+msgstr ""
+
+#: rfc2131.c:262
+msgid "via"
+msgstr ""
+
+#: rfc2131.c:288 rfc2131.c:312
+msgid "disabled"
+msgstr ""
+
+#: rfc2131.c:324 rfc2131.c:762
+msgid "address in use"
+msgstr ""
+
+#: rfc2131.c:327
+msgid "no address configured"
+msgstr ""
+
+#: rfc2131.c:340 rfc2131.c:631
+msgid "no address available"
+msgstr ""
+
+#: rfc2131.c:349 rfc2131.c:772
+msgid "no leases left"
+msgstr ""
+
+#: rfc2131.c:352 rfc2131.c:736
+msgid "wrong network"
+msgstr ""
+
+#: rfc2131.c:559
+#, c-format
+msgid "disabling DHCP static address %s for %s"
+msgstr ""
+
+#: rfc2131.c:580
+msgid "unknown lease"
+msgstr ""
+
+#: rfc2131.c:589 rfc2131.c:873
+msgid "ignored"
+msgstr ""
+
+#: rfc2131.c:605
+#, c-format
+msgid "not using configured address %s because it is leased to %s"
+msgstr ""
+
+#: rfc2131.c:614
+#, c-format
+msgid ""
+"not using configured address %s because it is in use by the server or relay"
+msgstr ""
+
+#: rfc2131.c:617
+#, c-format
+msgid "not using configured address %s because it was previously declined"
+msgstr ""
+
+#: rfc2131.c:699
+msgid "wrong address"
+msgstr ""
+
+#: rfc2131.c:712
+msgid "lease not found"
+msgstr ""
+
+#: rfc2131.c:744
+msgid "address not available"
+msgstr ""
+
+#: rfc2131.c:755
+msgid "static lease available"
+msgstr ""
+
+#: rfc2131.c:759
+msgid "address reserved"
+msgstr ""
+
+#: rfc2131.c:765
+msgid "no unique-id"
+msgstr ""
+
+#: rfc2131.c:1011
+#, c-format
+msgid "cannot send DHCP option %d: no space left in packet"
+msgstr ""
+
+#: rfc2131.c:1312
+#, c-format
+msgid "More than one vendor class matches, using %s"
+msgstr ""
+
+#: netlink.c:51
+#, c-format
+msgid "cannot create netlink socket: %s"
+msgstr ""
+
+#: netlink.c:224
+#, c-format
+msgid "netlink returns error: %s"
+msgstr ""
+
+#: dbus.c:112
+msgid "attempt to set an IPv6 server address via DBus - no IPv6 support"
+msgstr ""
+
+#: dbus.c:238
+msgid "setting upstream servers from DBus"
+msgstr ""
+
+#: dbus.c:274
+msgid "could not register a DBus message handler"
+msgstr ""
+
+#: bpf.c:48
+#, c-format
+msgid "cannot create DHCP BPF socket: %s"
+msgstr ""
+
+#: bpf.c:76
+#, c-format
+msgid "DHCP request for unsupported hardware type (%d) received on %s"
+msgstr ""
+
+#: helper.c:145
+#, c-format
+msgid "child process killed by signal %d"
+msgstr ""
+
+#: helper.c:147
+#, c-format
+msgid "child process exited with status %d"
+msgstr ""
+
+#: helper.c:216
+#, c-format
+msgid "failed to execute %s: %m"
+msgstr ""

rpm/dnsmasq-SuSE.patch

@@ -1,42 +0,0 @@
---- dnsmasq.8	2004-08-08 20:57:56.000000000 +0200
-+++ dnsmasq.8	2004-08-12 00:40:01.000000000 +0200
-@@ -69,7 +69,7 @@
- .TP
- .B \-g, --group=<groupname> 
- Specify the group which dnsmasq will run
--as. The defaults to "dip", if available, to facilitate access to
-+as. The defaults to "dialout", if available, to facilitate access to
- /etc/ppp/resolv.conf which is not normally world readable.
- .TP
- .B \-v, --version
---- dnsmasq.conf.example	2004-08-08 21:18:26.000000000 +0200
-+++ dnsmasq.conf.example	2004-08-12 00:40:01.000000000 +0200
-@@ -65,7 +65,7 @@
- 
- # You no longer (as of version 1.7) need to set these to enable 
- # dnsmasq to read /etc/ppp/resolv.conf since dnsmasq now uses the
--# "dip" group to achieve this.
-+# "dialout" group to achieve this.
- #user=
- #group=
- 
---- src/config.h	2004-08-11 11:39:18.000000000 +0200
-+++ src/config.h	2004-08-12 00:40:01.000000000 +0200
-@@ -44,7 +44,7 @@
- #endif
- #define DEFLEASE 3600 /* default lease time, 1 hour */
- #define CHUSER "nobody"
--#define CHGRP "dip"
-+#define CHGRP "dialout"
- #define IP6INTERFACES "/proc/net/if_inet6"
- #define UPTIME "/proc/uptime"
- #define DHCP_SERVER_PORT 67
-@@ -187,7 +187,7 @@
- 
- /* platform independent options. */
- #undef HAVE_BROKEN_RTC
--#define HAVE_ISC_READER
-+#undef HAVE_ISC_READER
- 
- #if defined(HAVE_BROKEN_RTC) && defined(HAVE_ISC_READER)
- #  error HAVE_ISC_READER is not compatible with HAVE_BROKEN_RTC

rpm/dnsmasq.rh

@@ -1,93 +0,0 @@
-#!/bin/sh
-#
-# Startup script for the DNS caching server
-#
-# chkconfig: 2345 99 01
-# description: This script starts your DNS caching server
-# processname: dnsmasq
-# pidfile: /var/run/dnsmasq.pid
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-# Source networking configuration.
-. /etc/sysconfig/network
-
-# Check that networking is up.
-[ ${NETWORKING} = "no" ] && exit 0
-
-dnsmasq=/usr/sbin/dnsmasq
-[ -f $dnsmasq ] || exit 0
-
-# change this line if you want dnsmasq to serve an MX record for 
-# the host it is running on. 
-MAILHOSTNAME=""
-# change this line if you want dns to get its upstream servers from
-# somewhere other that /etc/resolv.conf 
-RESOLV_CONF=""
-# change this if you want dnsmasq to cache any "hostname" or "client-hostname" from
-# a dhcpd's lease file
-DHCP_LEASE="/var/lib/dhcp/dhcpd.leases"
-DOMAIN_SUFFIX=`dnsdomainname`
-
-OPTIONS=""
-
-if [ ! -z "${MAILHOSTNAME}" ]; then
-  OPTIONS="$OPTIONS -m $MAILHOSTNAME"
-fi
-
-if [ ! -z "${RESOLV_CONF}" ]; then
-  OPTIONS="$OPTIONS -r $RESOLV_CONF"
-fi
-
-if [ ! -z "${DHCP_LEASE}" ]; then
-  OPTIONS="$OPTIONS -l $DHCP_LEASE"
-fi
-
-if [ ! -z "${DOMAIN_SUFFIX}" ]; then
-  OPTIONS="$OPTIONS -s $DOMAIN_SUFFIX"
-fi
-
-RETVAL=0
-
-# See how we were called.
-case "$1" in
-  start)
-        echo -n "Starting dnsmasq: "
-        daemon $dnsmasq $OPTIONS
-	RETVAL=$?
-        echo
-        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/dnsmasq
-        ;;
-  stop)
-        if test "x`pidof dnsmasq`" != x; then
-            echo -n "Shutting down dnsmasq: "
-            killproc dnsmasq
-        fi
-	RETVAL=$?
-        echo
-        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/dnsmasq /var/run/dnsmasq.pid
-        ;;
-  status)
-	status dnsmasq
-	RETVAL=$?
-	;;
-  restart|reload)
-	$0 stop
-	$0 start
-	RETVAL=$?
-	;;
-  condrestart)
-	    if test "x`/sbin/pidof dnsmasq`" != x; then
-		$0 stop
-		$0 start
-		RETVAL=$?
-	    fi
-	    ;;
-  *)
-        echo "Usage: $0 {start|stop|restart|reload|condrestart|status}"
-        exit 1
-esac
-
-exit $RETVAL
-

src/Makefile

@@ -1,16 +0,0 @@
-# Uncomment this on Solaris.
-#LIBS = -lsocket -lnsl
-
-CFLAGS?= -O2
-
-OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o \
-       network.o dnsmasq.o dhcp.o lease.o rfc2131.o 
-
-.c.o: dnsmasq.h config.h 
-	$(CC) $(CFLAGS) $(RPM_OPT_FLAGS) -Wall -W -c $*.c 
-
-dnsmasq : $(OBJS) dnsmasq.h config.h
-	$(CC) -o $@  $(OBJS) $(LIBS)
-
-
-

src/bpf.c

@@ -0,0 +1,244 @@
+/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+*/
+
+#include "dnsmasq.h"
+
+#ifndef HAVE_LINUX_NETWORK
+
+#include <net/bpf.h>
+
+static struct iovec ifconf = {
+  .iov_base = NULL,
+  .iov_len = 0
+};
+
+static struct iovec ifreq = {
+  .iov_base = NULL,
+  .iov_len = 0
+};
+
+void init_bpf(struct daemon *daemon)
+{
+  int i = 0;
+
+  while (1) 
+    {
+      /* useful size which happens to be sufficient */
+      if (expand_buf(&ifreq, sizeof(struct ifreq)))
+	{
+	  sprintf(ifreq.iov_base, "/dev/bpf%d", i++);
+	  if ((daemon->dhcp_raw_fd = open(ifreq.iov_base, O_RDWR, 0)) != -1)
+	    {
+	      int flags = fcntl(daemon->dhcp_raw_fd, F_GETFD);
+	      if (flags != -1)
+		fcntl(daemon->dhcp_raw_fd, F_SETFD, flags | FD_CLOEXEC); 
+	      return;
+	    }
+	}
+      if (errno != EBUSY)
+	die(_("cannot create DHCP BPF socket: %s"), NULL);
+    }	     
+}
+
+void send_via_bpf(struct daemon *daemon, struct dhcp_packet *mess, size_t len,
+		  struct in_addr iface_addr, struct ifreq *ifr)
+{
+   /* Hairy stuff, packet either has to go to the
+      net broadcast or the destination can't reply to ARP yet,
+      but we do know the physical address. 
+      Build the packet by steam, and send directly, bypassing
+      the kernel IP stack */
+  
+  struct ether_header ether; 
+  struct ip ip;
+  struct udphdr {
+    u16 uh_sport;               /* source port */
+    u16 uh_dport;               /* destination port */
+    u16 uh_ulen;                /* udp length */
+    u16 uh_sum;                 /* udp checksum */
+  } udp;
+  
+  u32 i, sum;
+  struct iovec iov[4];
+
+  /* Only know how to do ethernet on *BSD */
+  if (mess->htype != ARPHRD_ETHER || mess->hlen != ETHER_ADDR_LEN)
+    {
+      syslog(LOG_WARNING, _("DHCP request for unsupported hardware type (%d) received on %s"), 
+	     mess->htype, ifr->ifr_name);
+      return;
+    }
+   
+  ifr->ifr_addr.sa_family = AF_LINK;
+  if (ioctl(daemon->dhcpfd, SIOCGIFADDR, ifr) < 0)
+    return;
+  
+  memcpy(ether.ether_shost, LLADDR((struct sockaddr_dl *)&ifr->ifr_addr), ETHER_ADDR_LEN);
+  ether.ether_type = htons(ETHERTYPE_IP);
+  
+  if (ntohs(mess->flags) & 0x8000)
+    {
+      memset(ether.ether_dhost, 255,  ETHER_ADDR_LEN);
+      ip.ip_dst.s_addr = INADDR_BROADCAST;
+    }
+  else
+    {
+      memcpy(ether.ether_dhost, mess->chaddr, ETHER_ADDR_LEN); 
+      ip.ip_dst.s_addr = mess->yiaddr.s_addr;
+    }
+  
+  ip.ip_p = IPPROTO_UDP;
+  ip.ip_src.s_addr = iface_addr.s_addr;
+  ip.ip_len = htons(sizeof(struct ip) + 
+		    sizeof(struct udphdr) +
+		    len) ;
+  ip.ip_hl = sizeof(struct ip) / 4;
+  ip.ip_v = IPVERSION;
+  ip.ip_tos = 0;
+  ip.ip_id = htons(0);
+  ip.ip_off = htons(0x4000); /* don't fragment */
+  ip.ip_ttl = IPDEFTTL;
+  ip.ip_sum = 0;
+  for (sum = 0, i = 0; i < sizeof(struct ip) / 2; i++)
+    sum += ((u16 *)&ip)[i];
+  while (sum>>16)
+    sum = (sum & 0xffff) + (sum >> 16);  
+  ip.ip_sum = (sum == 0xffff) ? sum : ~sum;
+  
+  udp.uh_sport = htons(DHCP_SERVER_PORT);
+  udp.uh_dport = htons(DHCP_CLIENT_PORT);
+  if (len & 1)
+    ((char *)mess)[len] = 0; /* for checksum, in case length is odd. */
+  udp.uh_sum = 0;
+  udp.uh_ulen = sum = htons(sizeof(struct udphdr) + len);
+  sum += htons(IPPROTO_UDP);
+  for (i = 0; i < 4; i++)
+    sum += ((u16 *)&ip.ip_src)[i];
+  for (i = 0; i < sizeof(struct udphdr)/2; i++)
+    sum += ((u16 *)&udp)[i];
+  for (i = 0; i < (len + 1) / 2; i++)
+    sum += ((u16 *)mess)[i];
+  while (sum>>16)
+    sum = (sum & 0xffff) + (sum >> 16);
+  udp.uh_sum = (sum == 0xffff) ? sum : ~sum;
+  
+  ioctl(daemon->dhcp_raw_fd, BIOCSETIF, ifr);
+  
+  iov[0].iov_base = &ether;
+  iov[0].iov_len = sizeof(ether);
+  iov[1].iov_base = &ip;
+  iov[1].iov_len = sizeof(ip);
+  iov[2].iov_base = &udp;
+  iov[2].iov_len = sizeof(udp);
+  iov[3].iov_base = mess;
+  iov[3].iov_len = len;
+
+  while (writev(daemon->dhcp_raw_fd, iov, 4) == -1 && retry_send());
+}
+
+int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), int (*ipv6_callback)())
+{
+  char *ptr;
+  struct ifreq *ifr;
+  struct ifconf ifc;
+  int fd, errsav, ret = 0;
+  int lastlen = 0;
+  size_t len = 0;
+  
+  if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
+    return 0;
+  
+  while(1)
+    {
+      len += 10*sizeof(struct ifreq);
+      
+      if (!expand_buf(&ifconf, len))
+	goto err;
+      
+      ifc.ifc_len = len;
+      ifc.ifc_buf = ifconf.iov_base;
+      
+      if (ioctl(fd, SIOCGIFCONF, &ifc) == -1)
+	{
+	  if (errno != EINVAL || lastlen != 0)
+	    goto err;
+	}
+      else
+	{
+	  if (ifc.ifc_len == lastlen)
+	    break; /* got a big enough buffer now */
+	  lastlen = ifc.ifc_len;
+	}
+    }
+  
+  for (ptr = ifc.ifc_buf; ptr < ifc.ifc_buf + ifc.ifc_len; ptr += len )
+    {
+      /* subsequent entries may not be aligned, so copy into
+	 an aligned buffer to avoid nasty complaints about 
+	 unaligned accesses. */
+#ifdef HAVE_SOCKADDR_SA_LEN
+      len = ((struct ifreq *)ptr)->ifr_addr.sa_len + IF_NAMESIZE;
+#else
+      len = sizeof(struct ifreq);
+#endif
+      if (!expand_buf(&ifreq, len))
+	goto err;
+
+      ifr = ifreq.iov_base;
+      memcpy(ifr, ptr, len);
+           
+      if (ifr->ifr_addr.sa_family == AF_INET && ipv4_callback)
+	{
+	  struct in_addr addr, netmask, broadcast;
+	  broadcast.s_addr = 0;
+	  addr = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr;
+	  if (ioctl(fd, SIOCGIFNETMASK, ifr) == -1)
+	    continue;
+	  netmask = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr;
+	  if (ioctl(fd, SIOCGIFBRDADDR, ifr) != -1)
+	    broadcast = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr; 
+	  if (!((*ipv4_callback)(daemon, addr, 
+				 (int)if_nametoindex(ifr->ifr_name),
+				 netmask, broadcast, 
+				 parm)))
+	    goto err;
+	}
+#ifdef HAVE_IPV6
+      else if (ifr->ifr_addr.sa_family == AF_INET6 && ipv6_callback)
+	{
+	  struct in6_addr *addr = &((struct sockaddr_in6 *)&ifr->ifr_addr)->sin6_addr;
+	  /* voodoo to clear interface field in address */
+	  if (!(daemon->options & OPT_NOWILD) && IN6_IS_ADDR_LINKLOCAL(addr))
+	    {
+	      addr->s6_addr[2] = 0;
+	      addr->s6_addr[3] = 0;
+	    }
+	  if (!((*ipv6_callback)(daemon, addr,
+				 (int)((struct sockaddr_in6 *)&ifr->ifr_addr)->sin6_scope_id,
+				 (int)if_nametoindex(ifr->ifr_name),
+				 parm)))
+	    goto err;
+	}
+#endif
+    }
+  
+  ret = 1;
+
+ err:
+  errsav = errno;
+  close(fd);  
+  errno = errsav;
+
+  return ret;
+}
+
+#endif

src/cache.c

@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2005 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -18,21 +18,63 @@ static int cache_inserted, cache_live_freed, insert_error;
 static union bigname *big_free;
 static int bignames_left, log_queries, cache_size, hash_size;
 static int uid;
+static char *addrbuff;
+
+/* type->string mapping: this is also used by the name-hash function as a mixing table. */
+static const struct {
+  unsigned int type;
+  const char * const name;
+} typestr[] = {
+  { 1,   "A" },
+  { 2,   "NS" },
+  { 5,   "CNAME" },
+  { 6,   "SOA" },
+  { 10,  "NULL" },
+  { 11,  "WKS" },
+  { 12,  "PTR" },
+  { 13,  "HINFO" },	
+  { 15,  "MX" },
+  { 16,  "TXT" },
+  { 22,  "NSAP" },
+  { 23,  "NSAP_PTR" },
+  { 24,  "SIG" },
+  { 25,  "KEY" },
+  { 28,  "AAAA" },
+  { 33,  "SRV" },
+  { 36,  "KX" },
+  { 37,  "CERT" },
+  { 38,  "A6" },
+  { 39,  "DNAME" },
+  { 41,  "OPT" },
+  { 250, "TSIG" },
+  { 251, "IXFR" },
+  { 252, "AXFR" },
+  { 253, "MAILB" },
+  { 254, "MAILA" },
+  { 255, "ANY" }
+};
 
 static void cache_free(struct crec *crecp);
 static void cache_unlink(struct crec *crecp);
 static void cache_link(struct crec *crecp);
 static char *record_source(struct hostsfile *add_hosts, int index);
+static void rehash(int size);
+static void cache_hash(struct crec *crecp);
 
 void cache_init(int size, int logq)
 {
   struct crec *crecp;
   int i;
 
-  log_queries = logq;
+  if ((log_queries = logq))
+    addrbuff = safe_malloc(ADDRSTRLEN);
+  else
+    addrbuff = NULL;
+      
   cache_head = cache_tail = NULL;
   dhcp_inuse = dhcp_spare = NULL;
   new_chain = NULL;
+  hash_table = NULL;
   cache_size = size;
   big_free = NULL;
   bignames_left = size/10;
@@ -52,26 +94,63 @@ void cache_init(int size, int logq)
 	}
     }
   
-  /* hash_size is a power of two. */
-  for (hash_size = 64; hash_size < cache_size/10; hash_size = hash_size << 1);
-  hash_table = safe_malloc(hash_size*sizeof(struct crec *));
-  for(i=0; i < hash_size; i++)
-    hash_table[i] = NULL;
+  /* create initial hash table*/
+  rehash(cache_size);
 }
 
-static struct crec **hash_bucket(unsigned char *name)
+/* In most cases, we create the hash table once here by calling this with (hash_table == NULL)
+   but if the hosts file(s) are big (some people have 50000 ad-block entries), the table
+   will be much too small, so the hosts reading code calls rehash every 1000 addresses, to
+   expand the table. */
+static void rehash(int size)
 {
-  unsigned int c, val = 0;
+  struct crec **new, **old, *p, *tmp;
+  int i, new_size, old_size;
+
+  /* hash_size is a power of two. */
+  for (new_size = 64; new_size < size/10; new_size = new_size << 1);
   
-  /* don't use tolower and friends here - they may be messed up by LOCALE */
-  while((c = *name++))
-    if (c >= 'A' && c <= 'Z')
-      val += c + 'a' - 'A';
-    else
-      val += c;
+  /* must succeed in getting first instance, failure later is non-fatal */
+  if (!hash_table)
+    new = safe_malloc(new_size * sizeof(struct crec *));
+  else if (new_size <= hash_size || !(new = malloc(new_size * sizeof(struct crec *))))
+    return;
+
+  for(i = 0; i < new_size; i++)
+    new[i] = NULL;
+
+  old = hash_table;
+  old_size = hash_size;
+  hash_table = new;
+  hash_size = new_size;
+  
+  if (old)
+    {
+      for (i = 0; i < old_size; i++)
+	for (p = old[i]; p ; p = tmp)
+	  {
+	    tmp = p->hash_next;
+	    cache_hash(p);
+	  }
+      free(old);
+    }
+}
+  
+static struct crec **hash_bucket(char *name)
+{
+  unsigned int c, val = 017465; /* Barker code - minimum self-correlation in cyclic shift */
+  const unsigned char *mix_tab = (const unsigned char*)typestr; 
+
+  while((c = (unsigned char) *name++))
+    {
+      /* don't use tolower and friends here - they may be messed up by LOCALE */
+      if (c >= 'A' && c <= 'Z')
+	c += 'a' - 'A';
+      val = ((val << 7) | (val >> (32 - 7))) + (mix_tab[(val + c) & 0x3F] ^ c);
+    } 
   
   /* hash_size is a power of two */
-  return hash_table + (val & (hash_size - 1));
+  return hash_table + ((val ^ (val >> 16)) & (hash_size - 1));
 }
 
 static void cache_hash(struct crec *crecp)
@@ -156,32 +235,52 @@ static int is_outdated_cname_pointer(struct crec *crecp)
   return 1;
 }
 
-static void cache_scan_free(char *name, struct all_addr *addr, time_t now, unsigned short flags)
+static int is_expired(time_t now, struct crec *crecp)
+{
+  if (crecp->flags & F_IMMORTAL)
+    return 0;
+
+  if (difftime(now, crecp->ttd) < 0)
+    return 0;
+  
+  return 1;
+}
+
+static int cache_scan_free(char *name, struct all_addr *addr, time_t now, unsigned short flags)
 {
   /* Scan and remove old entries.
      If (flags & F_FORWARD) then remove any forward entries for name and any expired
      entries but only in the same hash bucket as name.
      If (flags & F_REVERSE) then remove any reverse entries for addr and any expired
      entries in the whole cache.
-     If (flags == 0) remove any expired entries in the whole cache. */
+     If (flags == 0) remove any expired entries in the whole cache. 
+
+     In the flags & F_FORWARD case, the return code is valid, and returns zero if the
+     name exists in the cache as a HOSTS or DHCP entry (these are never deleted) */
   
-#define F_CACHESTATUS (F_HOSTS | F_DHCP | F_FORWARD | F_REVERSE | F_IPV4 | F_IPV6 | F_CNAME)
   struct crec *crecp, **up;
-  flags &= (F_FORWARD | F_REVERSE | F_IPV6 | F_IPV4 | F_CNAME);
 
   if (flags & F_FORWARD)
     {
       for (up = hash_bucket(name), crecp = *up; crecp; crecp = crecp->hash_next)
-	if ((!(crecp->flags & F_IMMORTAL) && difftime(now, crecp->ttd) > 0) ||
-	    is_outdated_cname_pointer(crecp) || 
-	    ((flags == (crecp->flags & F_CACHESTATUS)) && hostname_isequal(cache_get_name(crecp), name)))
-	  {
+	if (is_expired(now, crecp) || is_outdated_cname_pointer(crecp))
+	  { 
 	    *up = crecp->hash_next;
 	    if (!(crecp->flags & (F_HOSTS | F_DHCP)))
-	      { 
+	      {
 		cache_unlink(crecp);
 		cache_free(crecp);
 	      }
+	  } 
+	else if ((crecp->flags & F_FORWARD) && 
+		 ((flags & crecp->flags & (F_IPV4 | F_IPV6)) || ((crecp->flags | flags) & F_CNAME)) &&
+		 hostname_isequal(cache_get_name(crecp), name))
+	  {
+	    if (crecp->flags & (F_HOSTS | F_DHCP))
+	      return 0;
+	    *up = crecp->hash_next;
+	    cache_unlink(crecp);
+	    cache_free(crecp);
 	  }
 	else
 	  up = &crecp->hash_next;
@@ -196,8 +295,7 @@ static void cache_scan_free(char *name, struct all_addr *addr, time_t now, unsig
 #endif 
       for (i = 0; i < hash_size; i++)
 	for (crecp = hash_table[i], up = &hash_table[i]; crecp; crecp = crecp->hash_next)
-	  if ((!(crecp->flags & F_IMMORTAL) && difftime(now, crecp->ttd) > 0) ||
-	      ((flags == (crecp->flags & F_CACHESTATUS)) && memcmp(&crecp->addr.addr, addr, addrlen) == 0))
+	  if (is_expired(now, crecp))
 	    {
 	      *up = crecp->hash_next;
 	      if (!(crecp->flags & (F_HOSTS | F_DHCP)))
@@ -206,9 +304,20 @@ static void cache_scan_free(char *name, struct all_addr *addr, time_t now, unsig
 		  cache_free(crecp);
 		}
 	    }
+	  else if (!(crecp->flags & (F_HOSTS | F_DHCP)) &&
+		   (flags & crecp->flags & F_REVERSE) && 
+		   (flags & crecp->flags & (F_IPV4 | F_IPV6)) &&
+		   memcmp(&crecp->addr.addr, addr, addrlen) == 0)
+	    {
+	      *up = crecp->hash_next;
+	      cache_unlink(crecp);
+	      cache_free(crecp);
+	    }
 	  else
 	    up = &crecp->hash_next;
     }
+  
+  return 1;
 }
 
 /* Note: The normal calling sequence is
@@ -260,8 +369,13 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
     return NULL;
 
   /* First remove any expired entries and entries for the name/address we
-     are currently inserting. */
-  cache_scan_free(name, addr, now, flags);
+     are currently inserting. Fail is we attempt to delete a name from
+     /etc/hosts or DHCP. */
+  if (!cache_scan_free(name, addr, now, flags))
+    {
+      insert_error = 1;
+      return NULL;
+    }
   
   /* Now get a cache entry from the end of the LRU list */
   while (1) {
@@ -376,8 +490,7 @@ struct crec *cache_find_by_name(struct crec *crecp, char *name, time_t now, unsi
 	{
 	  next = crecp->hash_next;
 	  
-	  if (!is_outdated_cname_pointer(crecp) &&
-	      ((crecp->flags & F_IMMORTAL) || difftime(now, crecp->ttd) < 0))
+	  if (!is_expired(now, crecp) && !is_outdated_cname_pointer(crecp))
 	    {
 	      if ((crecp->flags & F_FORWARD) && 
 		  (crecp->flags & prot) &&
@@ -458,7 +571,7 @@ struct crec *cache_find_by_addr(struct crec *crecp, struct all_addr *addr,
        
        for(i=0; i<hash_size; i++)
 	 for (crecp = hash_table[i], up = &hash_table[i]; crecp; crecp = crecp->hash_next)
-	   if ((crecp->flags & F_IMMORTAL) || difftime(now, crecp->ttd) < 0)
+	   if (!is_expired(now, crecp))
 	     {      
 	       if ((crecp->flags & F_REVERSE) && 
 		   (crecp->flags & prot) &&
@@ -500,19 +613,38 @@ struct crec *cache_find_by_addr(struct crec *crecp, struct all_addr *addr,
 }
 
 static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrlen, 
-			    unsigned short flags, int index)
+			    unsigned short flags, int index, int addr_dup)
 {
   struct crec *lookup = cache_find_by_name(NULL, cache->name.sname, 0, flags & (F_IPV4 | F_IPV6));
-
+  int i;
+  
   /* Remove duplicates in hosts files. */
   if (lookup && (lookup->flags & F_HOSTS) &&
       memcmp(&lookup->addr.addr, addr, addrlen) == 0)
     free(cache);
   else
     {
-      /* Ensure there is only one address -> name mapping (first one trumps) */
-      if (cache_find_by_addr(NULL, addr, 0, flags & (F_IPV4 | F_IPV6)))
+      /* Ensure there is only one address -> name mapping (first one trumps) 
+	 We do this by steam here, first we see if the address is the same as
+	 the last one we saw, which eliminates most in the case of an ad-block 
+	 file with thousands of entries for the same address.
+	 Then we search and bail at the first matching address that came from
+	 a HOSTS file. Since the first host entry gets reverse, we know 
+	 then that it must exist without searching exhaustively for it. */
+     
+      if (addr_dup)
 	flags &= ~F_REVERSE;
+      else
+	for (i=0; i<hash_size; i++)
+	  for (lookup = hash_table[i]; lookup; lookup = lookup->hash_next)
+	    if ((lookup->flags & F_HOSTS) && 
+		(lookup->flags & flags & (F_IPV4 | F_IPV6)) &&
+		memcmp(&lookup->addr.addr, addr, addrlen) == 0)
+	      {
+		flags &= ~F_REVERSE;
+		break;
+	      }
+    
       cache->flags = flags;
       cache->uid = index;
       memcpy(&cache->addr.addr, addr, addrlen);
@@ -520,37 +652,37 @@ static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrl
     }
 }
 
-static void read_hostsfile(char *filename, int opts, char *buff, char *domain_suffix, int index)
+static int read_hostsfile(char *filename, int opts, char *buff, char *domain_suffix, int index, int cache_size)
 {  
   FILE *f = fopen(filename, "r");
   char *line;
-  int count = 0, lineno = 0;
-  
+  int addr_count = 0, name_count = cache_size, lineno = 0;
+  unsigned short flags, saved_flags = 0;
+  struct all_addr addr, saved_addr;
+
   if (!f)
     {
-      syslog(LOG_ERR, "failed to load names from %s: %m", filename);
-      return;
+      syslog(LOG_ERR, _("failed to load names from %s: %m"), filename);
+      return 0;
     }
     
   while ((line = fgets(buff, MAXDNAME, f)))
     {
-      struct all_addr addr;
       char *token = strtok(line, " \t\n\r");
-      int addrlen;
-      unsigned short flags;
-          
+      int addrlen, addr_dup = 0;
+              
       lineno++;
 
       if (!token || (*token == '#')) 
 	continue;
 
 #ifdef HAVE_IPV6      
-      if (inet_pton(AF_INET, token, &addr) == 1)
+      if (inet_pton(AF_INET, token, &addr) > 0)
 	{
 	  flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4;
 	  addrlen = INADDRSZ;
 	}
-      else if (inet_pton(AF_INET6, token, &addr) == 1)
+      else if (inet_pton(AF_INET6, token, &addr) > 0)
 	{
 	  flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6;
 	  addrlen = IN6ADDRSZ;
@@ -563,14 +695,33 @@ static void read_hostsfile(char *filename, int opts, char *buff, char *domain_su
 	}
 #endif
       else
-	continue;
+	{
+	  syslog(LOG_ERR, _("bad address at %s line %d"), filename, lineno); 
+	  continue;
+	}
 
+     if (saved_flags == flags && memcmp(&addr, &saved_addr, addrlen) == 0)
+       addr_dup = 1;
+     else
+       {
+	 saved_flags = flags;
+	 saved_addr = addr;
+       }
+     
+     addr_count++;
+     
+     /* rehash every 1000 names. */
+     if ((name_count - cache_size) > 1000)
+       {
+	 rehash(name_count);
+	 cache_size = name_count;
+       }
+     
      while ((token = strtok(NULL, " \t\n\r")) && (*token != '#'))
        {
 	 struct crec *cache;
 	 if (canonicalise(token))
 	   {
-	     count++;
 	     /* If set, add a version of the name with a default domain appended */
 	     if ((opts & OPT_EXPAND) && domain_suffix && !strchr(token, '.') && 
 		 (cache = malloc(sizeof(struct crec) + 
@@ -579,29 +730,37 @@ static void read_hostsfile(char *filename, int opts, char *buff, char *domain_su
 		 strcpy(cache->name.sname, token);
 		 strcat(cache->name.sname, ".");
 		 strcat(cache->name.sname, domain_suffix);
-		 add_hosts_entry(cache, &addr, addrlen, flags, index);
+		 add_hosts_entry(cache, &addr, addrlen, flags, index, addr_dup);
+		 addr_dup = 1;
+		 name_count++;
 	       }
 	     if ((cache = malloc(sizeof(struct crec) + strlen(token)+1-SMALLDNAME)))
 	       {
 		 strcpy(cache->name.sname, token);
-		 add_hosts_entry(cache, &addr, addrlen, flags, index);
+		 add_hosts_entry(cache, &addr, addrlen, flags, index, addr_dup);
+		 name_count++;
 	       }
 	   }
 	 else
-	   syslog(LOG_ERR, "bad name at %s line %d", filename, lineno); 
+	   syslog(LOG_ERR, _("bad name at %s line %d"), filename, lineno); 
        }
     }
   
   fclose(f);
+  rehash(name_count);
 
-  syslog(LOG_INFO, "read %s - %d addresses", filename, count);
+  syslog(LOG_INFO, _("read %s - %d addresses"), filename, addr_count);
+
+  return name_count;
 }
 	    
 void cache_reload(int opts, char *buff, char *domain_suffix, struct hostsfile *addn_hosts)
 {
   struct crec *cache, **up, *tmp;
-  int i;
+  int i, total_size = cache_size;
 
+  cache_inserted = cache_live_freed = 0;
+  
   for (i=0; i<hash_size; i++)
     for (cache = hash_table[i], up = &hash_table[i]; cache; cache = tmp)
       {
@@ -628,15 +787,15 @@ void cache_reload(int opts, char *buff, char *domain_suffix, struct hostsfile *a
   if ((opts & OPT_NO_HOSTS) && !addn_hosts)
     {
       if (cache_size > 0)
-	syslog(LOG_INFO, "cleared cache");
+	syslog(LOG_INFO, _("cleared cache"));
       return;
     }
 
   if (!(opts & OPT_NO_HOSTS))
-    read_hostsfile(HOSTSFILE, opts, buff, domain_suffix, 0);
+    total_size = read_hostsfile(HOSTSFILE, opts, buff, domain_suffix, 0, total_size);
   while (addn_hosts)
     {
-      read_hostsfile(addn_hosts->fname, opts, buff, domain_suffix, addn_hosts->index);
+      total_size = read_hostsfile(addn_hosts->fname, opts, buff, domain_suffix, addn_hosts->index, total_size);
       addn_hosts = addn_hosts->next;
     }  
 } 
@@ -681,8 +840,8 @@ void cache_add_dhcp_entry(struct daemon *daemon, char *host_name,
 	    {
 	      strcpy(daemon->namebuff, inet_ntoa(crec->addr.addr.addr.addr4));
 	      syslog(LOG_WARNING, 
-		     "not giving name %s to the DHCP lease of %s because "
-		     "the name exists in %s with address %s", 
+		     _("not giving name %s to the DHCP lease of %s because "
+		       "the name exists in %s with address %s"), 
 		     host_name, inet_ntoa(*host_address),
 		     record_source(daemon->addn_hosts, crec->uid), daemon->namebuff);
 	    }
@@ -723,17 +882,17 @@ void cache_add_dhcp_entry(struct daemon *daemon, char *host_name,
 
 
 
-void dump_cache(struct daemon *daemon)
+void dump_cache(struct daemon *daemon, time_t now)
 {
-  syslog(LOG_INFO, "cache size %d, %d/%d cache insertions re-used unexpired cache entries.", 
-	 daemon->cachesize, cache_live_freed, cache_inserted); 
+  syslog(LOG_INFO, _("time %lu, cache size %d, %d/%d cache insertions re-used unexpired cache entries."), 
+	 (unsigned long)now, daemon->cachesize, cache_live_freed, cache_inserted); 
   
-  if (daemon->options & (OPT_DEBUG | OPT_LOG))
+  if ((daemon->options & (OPT_DEBUG | OPT_LOG)) &&
+      (addrbuff || (addrbuff = malloc(ADDRSTRLEN))))
     {
       struct crec *cache ;
-      char addrbuff[ADDRSTRLEN];
       int i;
-      syslog(LOG_DEBUG, "Host                                     Address                        Flags     Expires\n");
+      syslog(LOG_DEBUG, "Host                                     Address                        Flags     Expires");
     
       for (i=0; i<hash_size; i++)
 	for (cache = hash_table[i]; cache; cache = cache->hash_next)
@@ -758,7 +917,7 @@ void dump_cache(struct daemon *daemon)
 #endif
 	    syslog(LOG_DEBUG, 
 #ifdef HAVE_BROKEN_RTC
-		   "%-40.40s %-30.30s %s%s%s%s%s%s%s%s%s%s  %ld\n",
+		   "%-40.40s %-30.30s %s%s%s%s%s%s%s%s%s%s  %lu",
 #else
 		   "%-40.40s %-30.30s %s%s%s%s%s%s%s%s%s%s  %s",
 #endif
@@ -774,7 +933,7 @@ void dump_cache(struct daemon *daemon)
 		   cache->flags & F_NXDOMAIN ? "X" : " ",
 		   cache->flags & F_HOSTS ? "H" : " ",
 #ifdef HAVE_BROKEN_RTC
-		   cache->flags & F_IMMORTAL ? 0: (unsigned long)cache->ttd
+		   cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now)
 #else
 	           cache->flags & F_IMMORTAL ? "\n" : ctime(&(cache->ttd)) 
 #endif
@@ -805,13 +964,10 @@ void log_query(unsigned short flags, char *name, struct all_addr *addr,
   char *source;
   char *verb = "is";
   char types[20];
-  char addrbuff[ADDRSTRLEN];
-
+  
   if (!log_queries)
     return;
   
-  strcpy(types, " ");
-  
   if (flags & F_NEG)
     {
       if (flags & F_REVERSE)
@@ -833,7 +989,17 @@ void log_query(unsigned short flags, char *name, struct all_addr *addr,
 	strcat(addrbuff, "-IPv6");
     }
   else if (flags & F_CNAME)
-    strcpy(addrbuff, "<CNAME>");
+    {
+      /* nasty abuse of IPV4 and IPV6 flags */
+      if (flags & F_IPV4)
+	strcpy(addrbuff, "<MX>");
+      else if (flags & F_IPV6)
+	strcpy(addrbuff, "<SRV>");
+      else if (flags & F_NXDOMAIN)
+	strcpy(addrbuff, "<TXT>");
+      else
+	strcpy(addrbuff, "<CNAME>");
+    }
   else
 #ifdef HAVE_IPV6
     inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6,
@@ -858,54 +1024,25 @@ void log_query(unsigned short flags, char *name, struct all_addr *addr,
   else if (flags & F_QUERY)
     {
       unsigned int i;
-      static struct {
-	unsigned int type;
-	char *name;
-      } typestr[] = {
-	{ 1,   "A" },
-	{ 2,   "NS" },
-	{ 5,   "CNAME" },
-	{ 6,   "SOA" },
-	{ 10,  "NULL" },
-	{ 11,  "WKS" },
-	{ 12,  "PTR" },
-	{ 13,  "HINFO" },	
-        { 15,  "MX" },
-	{ 16,  "TXT" },
-	{ 22,  "NSAP" },
-	{ 23,  "NSAP_PTR" },
-	{ 24,  "SIG" },
-	{ 25,  "KEY" },
-	{ 28,  "AAAA" },
- 	{ 33,  "SRV" },
-        { 36,  "KX" },
-        { 37,  "CERT" },
-        { 38,  "A6" },
-        { 39,  "DNAME" },
-	{ 41,  "OPT" },
-	{ 250, "TSIG" },
-	{ 251, "IXFR" },
-	{ 252, "AXFR" },
-        { 253, "MAILB" },
-	{ 254, "MAILA" },
-	{ 255, "ANY" }
-      };
       
       if (type != 0)
         {
-          sprintf(types, "[type=%d] ", type); 
+          sprintf(types, "query[type=%d]", type); 
           for (i = 0; i < (sizeof(typestr)/sizeof(typestr[0])); i++)
 	    if (typestr[i].type == type)
-	      sprintf(types,"[%s] ", typestr[i].name);
+	      sprintf(types,"query[%s]", typestr[i].name);
 	}
-      source = "query";
+      source = types;
       verb = "from";
     }
   else
     source = "cached";
   
+  if (strlen(name) == 0)
+    name = ".";
+
   if ((flags & F_FORWARD) | (flags & F_NEG))
-    syslog(LOG_DEBUG, "%s %s%s%s %s", source, name, types, verb, addrbuff);
+    syslog(LOG_DEBUG, "%s %s %s %s", source, name, verb, addrbuff);
   else if (flags & F_REVERSE)
     syslog(LOG_DEBUG, "%s %s is %s", source, addrbuff, name);
 }

src/config.h

@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -10,19 +10,20 @@
    GNU General Public License for more details.
 */
 
-/* Author's email: simon@thekelleys.org.uk */
+#define VERSION "2.35"
 
-#define VERSION "2.17"
-
-#define FTABSIZ 150 /* max number of outstanding requests */
+#define FTABSIZ 150 /* max number of outstanding requests (default) */
 #define MAX_PROCS 20 /* max no children for TCP requests */
 #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
 #define EDNS_PKTSZ 1280 /* default max EDNS.0 UDP packet from RFC2671 */
-#define TIMEOUT 20 /* drop UDP queries after TIMEOUT seconds */
-#define LOGRATE 120 /* log table overflows every LOGRATE seconds */
+#define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */
+#define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */
 #define CACHESIZ 150 /* default cache size */
-#define MAXTOK 50 /* token in DHCP leases */
 #define MAXLEASES 150 /* maximum number of DHCP leases */
+#define PING_WAIT 3 /* wait for ping address-in-use test */
+#define PING_CACHE_TIME 30 /* Ping test assumed to be valid this long. */
+#define DECLINE_BACKOFF 600 /* disable DECLINEd static addresses for this long */
+#define DHCP_PACKET_MAX 16384 /* hard limit on DHCP packet size */
 #define SMALLDNAME 40 /* most domain names are smaller than this */
 #define HOSTSFILE "/etc/hosts"
 #define ETHERSFILE "/etc/ethers"
@@ -32,7 +33,7 @@
 #  define RESOLVFILE "/etc/resolv.conf"
 #endif
 #define RUNFILE "/var/run/dnsmasq.pid"
-#if defined(__FreeBSD__) || defined (__OpenBSD__)
+#if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__)
 #   define LEASEFILE "/var/db/dnsmasq.leases"
 #else
 #   define LEASEFILE "/var/lib/misc/dnsmasq.leases"
@@ -45,24 +46,12 @@
 #define DEFLEASE 3600 /* default lease time, 1 hour */
 #define CHUSER "nobody"
 #define CHGRP "dip"
-#define IP6INTERFACES "/proc/net/if_inet6"
-#define UPTIME "/proc/uptime"
 #define DHCP_SERVER_PORT 67
 #define DHCP_CLIENT_PORT 68
 
-/* Logfile stuff - change this to change the options and facility */
-/* debug is true if the --no-daemon flag is given */
-#ifdef LOG_PERROR
-#  define DNSMASQ_LOG_OPT(debug)  (debug) ? LOG_PERROR : LOG_PID
-#else
-#  define DNSMASQ_LOG_OPT(debug)  (debug) ? 0 : LOG_PID
-#endif
-
-#ifdef LOG_LOCAL0
-#  define DNSMASQ_LOG_FAC(debug)  (debug) ? LOG_LOCAL0 : LOG_DAEMON
-#else
-#  define DNSMASQ_LOG_FAC(debug)  LOG_DAEMON
-#endif
+/* DBUS interface specifics */
+#define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq"
+#define DNSMASQ_PATH "/uk/org/thekelleys/dnsmasq"
 
 /* A small collection of RR-types which are missing on some platforms */
 
@@ -74,29 +63,10 @@
 #  define T_OPT 41
 #endif
 
-/* Decide if we're going to support IPv6 */
-/* We assume that systems which don't have IPv6
-   headers don't have ntop and pton either */
-
-#if defined(INET6_ADDRSTRLEN) && defined(IPV6_V6ONLY) && !defined(NO_IPV6)
-#  define HAVE_IPV6
-#  define ADDRSTRLEN INET6_ADDRSTRLEN
-#  if defined(SOL_IPV6)
-#    define IPV6_LEVEL SOL_IPV6
-#  else
-#    define IPV6_LEVEL IPPROTO_IPV6
-#  endif
-#elif defined(INET_ADDRSTRLEN)
-#  undef HAVE_IPV6
-#  define ADDRSTRLEN INET_ADDRSTRLEN
-#else
-#  undef HAVE_IPV6
-#  define ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */
-#endif
-
 /* Get linux C library versions. */
 #if defined(__linux__) && !defined(__UCLIBC__) && !defined(__uClinux__)
-#  include <libio.h> 
+/*#  include <libio.h> */
+#  include <features.h> 
 #endif
 
 
@@ -104,26 +74,25 @@
    new system, you may want to edit these. 
    May replace this with Autoconf one day. 
 
-HAVE_LINUX_IPV6_PROC
-   define this to do IPv6 interface discovery using
-   proc/net/if_inet6 ala LINUX. 
+HAVE_LINUX_NETWORK
+   define this to do networking the Linux way. When it's defined, the code will
+   use IP_PKTINFO, Linux capabilities and the RTnetlink system. If it's not defined,
+   a few facilities will be lost, namely support for multiple addresses on an interface,
+   DNS query retransmission, and (on some systems) wildcard interface binding.
 
 HAVE_BROKEN_RTC
-   define this on embeded systems which don't have an RTC
-   which keeps time over reboots. Causes dnsmasq to use uptime()
-   for timing, and keep relative time values in its leases file.
-   Also enables "Flash disk mode". Normally, dnsmasq tries very hard to 
-   keep the on-disk leases file up-to-date: rewriting it after every change.
-   When HAVE_BROKEN_RTC is in effect, a different regime is used:
-   The leases file is written when dnsmasq terminates, when it receives
-   SIGALRM, when a brand new lease is allocated, or every n seconds, 
-   where n is one third  of the smallest time configured for leases 
-   in a --dhcp-range or --dhcp-host option.
+   define this on embedded systems which don't have an RTC
+   which keeps time over reboots. Causes dnsmasq to use uptime
+   for timing, and keep lease lengths rather than expiry times
+   in its leases file. This also make dnsmasq "flash disk friendly".
+   Normally, dnsmasq tries very hard to keep the on-disk leases file
+   up-to-date: rewriting it after every renewal.  When HAVE_BROKEN_RTC 
+   is in effect, the lease file is only written when a new lease is 
+   created, or an old one destroyed. (Because those are the only times 
+   it changes.) This vastly reduces the number of file writes, and makes
+   it viable to keep the lease file on a flash filesystem.
    NOTE: when enabling or disabling this, be sure to delete any old
    leases file, otherwise dnsmasq may get very confused.
-   This configuration currently only works on Linux, but could be made to
-   work on other systems by teaching dnsmasq_time() in utils.c how to
-   read the system uptime.
 
 HAVE_ISC_READER 
    define this to include the old ISC dhcpcd integration. Note that you cannot
@@ -152,15 +121,14 @@ HAVE_DEV_URANDOM
 HAVE_SOCKADDR_SA_LEN
    define this if struct sockaddr has sa_len field (*BSD) 
 
-HAVE_PSELECT
-   If your C library implements pselect, define this.
-
-HAVE_BPF
-   If your OS implements Berkeley Packet filter, define this.
+HAVE_DBUS
+   Define this if you want to link against libdbus, and have dnsmasq
+   define some methods to allow (re)configuration of the upstream DNS 
+   servers via DBus.
 
 NOTES:
    For Linux you should define 
-      HAVE_LINUX_IPV6_PROC 
+      HAVE_LINUX_NETWORK
       HAVE_GETOPT_LONG
       HAVE_RANDOM
       HAVE_DEV_RANDOM
@@ -172,22 +140,22 @@ NOTES:
    For *BSD systems you should define 
      HAVE_SOCKADDR_SA_LEN
      HAVE_RANDOM
-     HAVE_BPF
    you should NOT define  
-     HAVE_LINUX_IPV6_PROC 
+     HAVE_LINUX_NETWORK 
    and you MAY define  
      HAVE_ARC4RANDOM - OpenBSD and FreeBSD and NetBSD version 2.0 or later
      HAVE_DEV_URANDOM - OpenBSD and FreeBSD and NetBSD
      HAVE_DEV_RANDOM - FreeBSD  and NetBSD 
                        (OpenBSD with hardware random number generator)
-     HAVE_GETOPT_LONG - NetBSD 
+     HAVE_GETOPT_LONG - NetBSD, later FreeBSD 
                        (FreeBSD and OpenBSD only if you link GNU getopt) 
 
 */
 
-/* platform independent options. */
-#undef HAVE_BROKEN_RTC
-#define HAVE_ISC_READER
+/* platform independent options- uncomment to enable */
+/* #define HAVE_BROKEN_RTC */
+/* #define HAVE_ISC_READER */
+/* #define HAVE_DBUS */
 
 #if defined(HAVE_BROKEN_RTC) && defined(HAVE_ISC_READER)
 #  error HAVE_ISC_READER is not compatible with HAVE_BROKEN_RTC
@@ -196,111 +164,110 @@ NOTES:
 /* platform dependent options. */
 
 /* Must preceed __linux__ since uClinux defines __linux__ too. */
-#if defined(__uClinux__) || defined(__UCLIBC__)
-#undef HAVE_LINUX_IPV6_PROC
+#if defined(__uClinux__)
+#define HAVE_LINUX_NETWORK
 #define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
 #define HAVE_RANDOM
 #define HAVE_DEV_URANDOM
 #define HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-/* Don't fork into background on uClinux */
-#if defined(__uClinux__)
+/* Never use fork() on uClinux. Note that this is subtly different from the
+   --keep-in-foreground option, since it also  suppresses forking new 
+   processes for TCP connections. It's intended for use on MMU-less kernels. */
+#define NO_FORK
+
+#elif defined(__UCLIBC__)
+#define HAVE_LINUX_NETWORK
+#if defined(__UCLIBC_HAS_GNU_GETOPT__) || \
+   ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21))
+#    define HAVE_GETOPT_LONG
+#else
+#    undef HAVE_GETOPT_LONG
+#endif
+#undef HAVE_ARC4RANDOM
+#define HAVE_RANDOM
+#define HAVE_DEV_URANDOM
+#define HAVE_DEV_RANDOM
+#undef HAVE_SOCKADDR_SA_LEN
+#if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__)
 #  define NO_FORK
 #endif
-
-/* libc5 - must precede __linux__ too */
-/* Note to build a libc5 binary on a modern Debian system:
-   install the packages altgcc libc5 and libc5-altdev 
-   then run "make CC=i486-linuxlibc1-gcc" */
-/* Note that compling dnsmasq 2.x under libc5 and kernel 2.0.x
-   is probably doomed - no packet socket for starters. */
-#elif defined(__linux__) && \
-      defined(_LINUX_C_LIB_VERSION_MAJOR) && \
-      (_LINUX_C_LIB_VERSION_MAJOR == 5 )
-#undef HAVE_IPV6
-#undef HAVE_LINUX_IPV6_PROC
-#define HAVE_GETOPT_LONG
-#undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
-#undef HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-/* Fix various misfeatures of libc5 headers */
-typedef unsigned long in_addr_t; 
-typedef size_t socklen_t;
+#if defined(__UCLIBC_HAS_IPV6__)
+#  ifndef IPV6_V6ONLY
+#    define IPV6_V6ONLY 26
+#  endif
+#endif
 
 /* This is for glibc 2.x */
 #elif defined(__linux__)
-#define HAVE_LINUX_IPV6_PROC
+#define HAVE_LINUX_NETWORK
 #define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
 #define HAVE_RANDOM
 #define HAVE_DEV_URANDOM
 #define HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
-#define HAVE_PSELECT
 /* glibc < 2.2  has broken Sockaddr_in6 so we have to use our own. */
 /* glibc < 2.2 doesn't define in_addr_t */
 #if defined(__GLIBC__) && (__GLIBC__ == 2) && \
     defined(__GLIBC_MINOR__) && (__GLIBC_MINOR__ < 2)
 typedef unsigned long in_addr_t; 
-#if defined(HAVE_IPV6)
 #   define HAVE_BROKEN_SOCKADDR_IN6
 #endif
-#endif
 
-#elif defined(__FreeBSD__) || defined(__OpenBSD__)
-#undef HAVE_LINUX_IPV6_PROC
-#undef HAVE_GETOPT_LONG
+#elif defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__)
+#undef HAVE_LINUX_NETWORK
+/* Later verions of FreeBSD have getopt_long() */
+#if defined(optional_argument) && defined(required_argument)
+#   define HAVE_GETOPT_LONG
+#else
+#   undef HAVE_GETOPT_LONG
+#endif
 #define HAVE_ARC4RANDOM
 #define HAVE_RANDOM
 #define HAVE_DEV_URANDOM
 #define HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-#define HAVE_BPF
 
 #elif defined(__APPLE__)
-#undef HAVE_LINUX_IPV6_PROC
+#undef HAVE_LINUX_NETWORK
 #undef HAVE_GETOPT_LONG
 #define HAVE_ARC4RANDOM
 #define HAVE_RANDOM
 #define HAVE_DEV_URANDOM
 #define HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-#define HAVE_BPF
-#define BIND_8_COMPAT
 /* Define before sys/socket.h is included so we get socklen_t */
 #define _BSD_SOCKLEN_T_
 /* This is not defined in Mac OS X arpa/nameserv.h */
 #define IN6ADDRSZ 16
  
 #elif defined(__NetBSD__)
-#undef HAVE_LINUX_IPV6_PROC
+#undef HAVE_LINUX_NETWORK
 #define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
 #define HAVE_RANDOM
 #define HAVE_DEV_URANDOM
 #define HAVE_DEV_RANDOM
 #define HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-#define HAVE_BPF
  
-/* env "LIBS=-lsocket -lnsl" make */
-#elif defined(__sun) || defined(__sun__)
-#undef HAVE_LINUX_IPV6_PROC
-#undef HAVE_GETOPT_LONG
-#undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#undef HAVE_DEV_URANDOM
-#undef HAVE_DEV_RANDOM
-#undef HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-#define HAVE_BPF
+#endif
+/* Decide if we're going to support IPv6 */
+/* We assume that systems which don't have IPv6
+   headers don't have ntop and pton either */
+
+#if defined(INET6_ADDRSTRLEN) && defined(IPV6_V6ONLY) && !defined(NO_IPV6)
+#  define HAVE_IPV6
+#  define ADDRSTRLEN INET6_ADDRSTRLEN
+#  if defined(SOL_IPV6)
+#    define IPV6_LEVEL SOL_IPV6
+#  else
+#    define IPV6_LEVEL IPPROTO_IPV6
+#  endif
+#elif defined(INET_ADDRSTRLEN)
+#  undef HAVE_IPV6
+#  define ADDRSTRLEN INET_ADDRSTRLEN
+#else
+#  undef HAVE_IPV6
+#  define ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */
 #endif
 
-
-
-

src/dbus.c

@@ -0,0 +1,341 @@
+/* dnsmasq is Copyright (c) 2000-2005 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+*/
+
+#include "dnsmasq.h"
+
+#ifdef HAVE_DBUS
+
+#define DBUS_API_SUBJECT_TO_CHANGE
+#include <dbus/dbus.h>
+
+struct watch {
+  DBusWatch *watch;      
+  struct watch *next;
+};
+
+
+static dbus_bool_t add_watch(DBusWatch *watch, void *data)
+{
+  struct daemon *daemon = data;
+  struct watch *w;
+
+  for (w = daemon->watches; w; w = w->next)
+    if (w->watch == watch)
+      return TRUE;
+
+  if (!(w = malloc(sizeof(struct watch))))
+    return FALSE;
+
+  w->watch = watch;
+  w->next = daemon->watches;
+  daemon->watches = w;
+
+  dbus_watch_set_data (watch, (void *)daemon, NULL);
+
+  return TRUE;
+}
+
+static void remove_watch(DBusWatch *watch, void *data)
+{
+  struct daemon *daemon = data;
+  struct watch **up, *w;  
+  
+  for (up = &(daemon->watches), w = daemon->watches; w; w = w->next)
+    if (w->watch == watch)
+      {
+        *up = w->next;
+        free(w);
+      }
+    else
+      up = &(w->next);
+}
+
+static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
+{
+  struct server *serv, *tmp, **up;
+  DBusMessageIter iter;
+  union  mysockaddr addr, source_addr;
+  char *domain;
+  
+  dbus_message_iter_init(message, &iter);
+  
+  /* mark everything from DBUS */
+  for (serv = daemon->servers; serv; serv = serv->next)
+    if (serv->flags & SERV_FROM_DBUS)
+      serv->flags |= SERV_MARK;
+  
+  while (1)
+    {
+      int skip = 0;
+
+      if (dbus_message_iter_get_arg_type(&iter) == DBUS_TYPE_UINT32)
+	{
+	  u32 a;
+	  
+	  dbus_message_iter_get_basic(&iter, &a);
+	  dbus_message_iter_next (&iter);
+	  
+#ifdef HAVE_SOCKADDR_SA_LEN
+	  source_addr.in.sin_len = addr.in.sin_len = sizeof(struct sockaddr_in);
+#endif
+	  addr.in.sin_addr.s_addr = ntohl(a);
+	  source_addr.in.sin_family = addr.in.sin_family = AF_INET;
+	  addr.in.sin_port = htons(NAMESERVER_PORT);
+	  source_addr.in.sin_addr.s_addr = INADDR_ANY;
+	  source_addr.in.sin_port = htons(daemon->query_port);
+	}
+      else if (dbus_message_iter_get_arg_type(&iter) == DBUS_TYPE_BYTE)
+	{
+	  unsigned char p[sizeof(struct in6_addr)];
+	  unsigned int i;
+
+	  skip = 1;
+
+	  for(i = 0; i < sizeof(struct in6_addr); i++)
+	    {
+	      dbus_message_iter_get_basic(&iter, &p[i]);
+	      dbus_message_iter_next (&iter);
+	      if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_BYTE)
+		break;
+	    }
+
+#ifndef HAVE_IPV6
+	  syslog(LOG_WARNING, _("attempt to set an IPv6 server address via DBus - no IPv6 support"));
+#else
+	  if (i == sizeof(struct in6_addr)-1)
+	    {
+	      memcpy(&addr.in6.sin6_addr, p, sizeof(addr.in6));
+#ifdef HAVE_SOCKADDR_SA_LEN
+              source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(addr.in6);
+#endif
+              source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
+              addr.in6.sin6_port = htons(NAMESERVER_PORT);
+              source_addr.in6.sin6_flowinfo = addr.in6.sin6_flowinfo = 0;
+	      source_addr.in6.sin6_scope_id = addr.in6.sin6_scope_id = 0;
+              source_addr.in6.sin6_addr = in6addr_any;
+              source_addr.in6.sin6_port = htons(daemon->query_port);
+	      skip = 0;
+	    }
+#endif
+	}
+      else
+	/* At the end */
+	break;
+      
+      do {
+	if (dbus_message_iter_get_arg_type(&iter) == DBUS_TYPE_STRING)
+	  {
+	    dbus_message_iter_get_basic(&iter, &domain);
+	    dbus_message_iter_next (&iter);
+	  }
+	else
+	  domain = NULL;
+	
+	if (!skip)
+	  {
+	    /* See if this is already there, and unmark */
+	    for (serv = daemon->servers; serv; serv = serv->next)
+	      if ((serv->flags & SERV_FROM_DBUS) &&
+		  (serv->flags & SERV_MARK))
+		{
+		  if (!(serv->flags & SERV_HAS_DOMAIN) && !domain)
+		    {
+		      serv->flags &= ~SERV_MARK;
+		      break;
+		    }
+		  if ((serv->flags & SERV_HAS_DOMAIN) && 
+		      domain &&
+		      hostname_isequal(domain, serv->domain))
+		    {
+		      serv->flags &= ~SERV_MARK;
+		      break;
+		    }
+		}
+	    
+	    if (!serv && (serv = malloc(sizeof (struct server))))
+	      {
+		/* Not found, create a new one. */
+		if (domain)
+		  serv->domain = malloc(strlen(domain)+1);
+		if (domain && !serv->domain)
+		  {
+		    free(serv);
+		    serv = NULL;
+		  }
+		else
+		  {
+		    serv->next = daemon->servers;
+		    daemon->servers = serv;
+		    serv->flags = SERV_FROM_DBUS;
+		    serv->sfd = NULL;
+		    if (domain)
+		      {
+			strcpy(serv->domain, domain);
+			serv->flags |= SERV_HAS_DOMAIN;
+		      }
+		  }
+	      }
+
+	    if (serv)
+	      {
+		if (source_addr.in.sin_family == AF_INET &&
+		    addr.in.sin_addr.s_addr == 0 &&
+		    serv->domain)
+		  serv->flags |= SERV_NO_ADDR;
+		else
+		  {
+		    serv->flags &= ~SERV_NO_ADDR;
+		    serv->addr = addr;
+		    serv->source_addr = source_addr;
+		  }
+	      }
+	  }
+	} while (dbus_message_iter_get_arg_type(&iter) == DBUS_TYPE_STRING);
+    }
+  
+  /* unlink and free anything still marked. */
+  for (serv = daemon->servers, up = &daemon->servers; serv; serv = tmp) 
+    {
+      tmp = serv->next;
+      if (serv->flags & SERV_MARK)
+	{
+	  *up = serv->next;
+	  free(serv);
+	}
+      else 
+	up = &serv->next;
+    }
+
+}
+
+DBusHandlerResult message_handler(DBusConnection *connection, 
+				  DBusMessage *message, 
+				  void *user_data)
+{
+  char *method = (char *)dbus_message_get_member(message);
+  struct daemon *daemon = (struct daemon *)user_data;
+  
+  if (strcmp(method, "GetVersion") == 0)
+    {
+      char *v = VERSION;
+      DBusMessage *reply = dbus_message_new_method_return(message);
+      
+      dbus_message_append_args(reply, DBUS_TYPE_STRING, &v, DBUS_TYPE_INVALID);
+      dbus_connection_send (connection, reply, NULL);
+      dbus_message_unref (reply);
+    }
+  else if (strcmp(method, "SetServers") == 0)
+    {
+      syslog(LOG_INFO, _("setting upstream servers from DBus"));
+      dbus_read_servers(daemon, message);
+      check_servers(daemon);
+    }
+  else if (strcmp(method, "ClearCache") == 0)
+    clear_cache_and_reload(daemon, dnsmasq_time());
+  else
+    return (DBUS_HANDLER_RESULT_NOT_YET_HANDLED);
+  
+  return (DBUS_HANDLER_RESULT_HANDLED);
+ 
+}
+ 
+
+/* returns NULL or error message, may fail silently if dbus daemon not yet up. */
+char *dbus_init(struct daemon *daemon)
+{
+  DBusConnection *connection = NULL;
+  DBusObjectPathVTable dnsmasq_vtable = {NULL, &message_handler, NULL, NULL, NULL, NULL };
+  DBusError dbus_error;
+  DBusMessage *message;
+
+  dbus_error_init (&dbus_error);
+  if (!(connection = dbus_bus_get (DBUS_BUS_SYSTEM, &dbus_error)))
+    return NULL;
+    
+  dbus_connection_set_exit_on_disconnect(connection, FALSE);
+  dbus_connection_set_watch_functions(connection, add_watch, remove_watch, 
+				      NULL, (void *)daemon, NULL);
+  dbus_error_init (&dbus_error);
+  dbus_bus_request_name (connection, DNSMASQ_SERVICE, 0, &dbus_error);
+  if (dbus_error_is_set (&dbus_error))
+    return (char *)dbus_error.message;
+  
+  if (!dbus_connection_register_object_path(connection,  DNSMASQ_PATH, 
+					    &dnsmasq_vtable, daemon))
+    return _("could not register a DBus message handler");
+  
+  daemon->dbus = connection; 
+  
+  if ((message = dbus_message_new_signal(DNSMASQ_PATH, DNSMASQ_SERVICE, "Up")))
+    dbus_connection_send(connection, message, NULL);
+
+  return NULL;
+}
+ 
+
+void set_dbus_listeners(struct daemon *daemon, int *maxfdp,
+			fd_set *rset, fd_set *wset, fd_set *eset)
+{
+  struct watch *w;
+  
+  for (w = daemon->watches; w; w = w->next)
+    if (dbus_watch_get_enabled(w->watch))
+      {
+	unsigned int flags = dbus_watch_get_flags(w->watch);
+	int fd = dbus_watch_get_fd(w->watch);
+	
+	bump_maxfd(fd, maxfdp);
+	
+	if (flags & DBUS_WATCH_READABLE)
+	  FD_SET(fd, rset);
+	
+	if (flags & DBUS_WATCH_WRITABLE)
+	  FD_SET(fd, wset);
+	
+	FD_SET(fd, eset);
+      }
+}
+
+void check_dbus_listeners(struct daemon *daemon,
+			  fd_set *rset, fd_set *wset, fd_set *eset)
+{
+  DBusConnection *connection = (DBusConnection *)daemon->dbus;
+  struct watch *w;
+
+  for (w = daemon->watches; w; w = w->next)
+    if (dbus_watch_get_enabled(w->watch))
+      {
+	unsigned int flags = 0;
+	int fd = dbus_watch_get_fd(w->watch);
+	
+	if (FD_ISSET(fd, rset))
+	  flags |= DBUS_WATCH_READABLE;
+	
+	if (FD_ISSET(fd, wset))
+	  flags |= DBUS_WATCH_WRITABLE;
+	
+	if (FD_ISSET(fd, eset))
+	  flags |= DBUS_WATCH_ERROR;
+
+	if (flags != 0)
+	  dbus_watch_handle(w->watch, flags);
+      }
+
+  if (connection)
+    {
+      dbus_connection_ref (connection);
+      while (dbus_connection_dispatch (connection) == DBUS_DISPATCH_DATA_REMAINS);
+      dbus_connection_unref (connection);
+    }
+}
+
+#endif

src/dnsmasq.h

@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2003 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2005 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -10,36 +10,38 @@
    GNU General Public License for more details.
 */
 
-/* Author's email: simon@thekelleys.org.uk */
+#define COPYRIGHT "Copyright (C) 2000-2006 Simon Kelley" 
 
-#define COPYRIGHT "Copyright (C) 2000-2004 Simon Kelley" 
-
-#ifdef __linux__
-/* for pselect.... */
-#define _XOPEN_SOURCE 600 
-/* but then DNS headers don't compile without.... */
-#define _BSD_SOURCE
-#endif
- 
 /* get these before config.h  for IPv6 stuff... */
 #include <sys/types.h> 
 #include <netinet/in.h>
 
-/* get this before config.h too. */
-#include <syslog.h>
+#ifdef __APPLE__
+/* need this before arpa/nameser.h */
+#  define BIND_8_COMPAT
+#endif
 #include <arpa/nameser.h>
 
+/* and this. */
+#include <getopt.h>
+
 #include "config.h"
- 
+
+#define gettext_noop(S) (S)
+#ifdef NO_GETTEXT
+#  define _(S) (S)
+#else
+#  include <libintl.h>
+#  include <locale.h>   
+#  define _(S) gettext(S)
+#endif
+
 #include <arpa/inet.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/ioctl.h>
 #include <sys/select.h>
 #include <sys/wait.h>
-#if defined(__sun) || defined(__sun__)
-#  include <sys/sockio.h>
-#endif
 #include <sys/time.h>
 #include <limits.h>
 #include <net/if.h>
@@ -50,13 +52,11 @@
 #include <fcntl.h>
 #include <ctype.h>
 #include <signal.h>
-#ifdef HAVE_GETOPT_LONG
-#  include <getopt.h>
-#endif
 #include <time.h>
 #include <errno.h>
 #include <pwd.h>
 #include <grp.h>
+#include <stdarg.h>
 #if defined(__OpenBSD__) || defined(__NetBSD__)
 #  include <netinet/if_ether.h>
 #else
@@ -66,16 +66,26 @@
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
 #include <netinet/ip_icmp.h>
-#ifdef HAVE_BPF
-#  include <net/bpf.h>
-#  include <net/if_dl.h>
-#else
-#  include <netpacket/packet.h>
-#endif
 #include <sys/uio.h>
+#include <syslog.h>
+#include <dirent.h>
+#ifndef HAVE_LINUX_NETWORK
+#  include <net/if_dl.h>
+#endif
 
-/* Size: we check after adding each record, so there must be 
-     memory for the largest packet, and the largest record */
+#ifdef HAVE_LINUX_NETWORK
+#include <linux/capability.h>
+/* There doesn't seem to be a universally-available 
+   userpace header for this. */
+extern int capset(cap_user_header_t header, cap_user_data_t data);
+#include <sys/prctl.h>
+#endif
+
+/* Min buffer size: we check after adding each record, so there must be 
+   memory for the largest packet, and the largest record so the
+   min for DNS is PACKETSZ+MAXDNAME+RRFIXEDSZ which is < 1000.
+   This might be increased is EDNS packet size if greater than the minimum.
+*/
 #define DNSMASQ_PACKETSZ PACKETSZ+MAXDNAME+RRFIXEDSZ
 
 #define OPT_BOGUSPRIV      1
@@ -96,6 +106,12 @@
 #define OPT_RESOLV_DOMAIN  32768
 #define OPT_NO_FORK        65536
 #define OPT_AUTHORITATIVE  131072
+#define OPT_LOCALISE       262144
+#define OPT_DBUS           524288
+#define OPT_BOOTP_DYNAMIC  1048576
+#define OPT_NO_PING        2097152
+#define OPT_LEASE_RO       4194304
+#define OPT_RELOAD         8388608
 
 struct all_addr {
   union {
@@ -117,9 +133,17 @@ struct doctor {
   struct doctor *next;
 };
 
-struct mx_record {
-  char *mxname, *mxtarget;
-  struct mx_record *next;
+struct mx_srv_record {
+  char *name, *target;
+  int issrv, srvport, priority, weight;
+  unsigned int offset;
+  struct mx_srv_record *next;
+};
+
+struct txt_record {
+  char *name, *txt;
+  unsigned short class, len;
+  struct txt_record *next;
 };
 
 union bigname {
@@ -164,7 +188,7 @@ struct crec {
 #define F_NOERR     32768
 
 /* struct sockaddr is not large enough to hold any address,
-   and specifically not big enough to hold and IPv6 address.
+   and specifically not big enough to hold an IPv6 address.
    Blech. Roll our own. */
 union mysockaddr {
   struct sockaddr sa;
@@ -186,14 +210,18 @@ union mysockaddr {
 #endif
 };
 
-#define SERV_FROM_RESOLV     1  /* 1 for servers from resolv, 0 for command line. */
-#define SERV_NO_ADDR         2  /* no server, this domain is local only */
-#define SERV_LITERAL_ADDRESS 4  /* addr is the answer, not the server */ 
-#define SERV_HAS_SOURCE      8  /* source address specified */
-#define SERV_HAS_DOMAIN     16  /* server for one domain only */
-#define SERV_FOR_NODOTS     32  /* server for names with no domain part only */
+#define SERV_FROM_RESOLV       1  /* 1 for servers from resolv, 0 for command line. */
+#define SERV_NO_ADDR           2  /* no server, this domain is local only */
+#define SERV_LITERAL_ADDRESS   4  /* addr is the answer, not the server */ 
+#define SERV_HAS_SOURCE        8  /* source address specified */
+#define SERV_HAS_DOMAIN       16  /* server for one domain only */
+#define SERV_FOR_NODOTS       32  /* server for names with no domain part only */
+#define SERV_WARNED_RECURSIVE 64  /* avoid warning spam */
+#define SERV_FROM_DBUS       128  /* 1 if source is DBus */
+#define SERV_MARK            256  /* for mark-and-delete */
 #define SERV_TYPE    (SERV_HAS_DOMAIN | SERV_FOR_NODOTS)
 
+
 struct serverfd {
   int fd;
   union mysockaddr source_addr;
@@ -202,8 +230,7 @@ struct serverfd {
 
 struct server {
   union mysockaddr addr, source_addr;
-  struct serverfd *sfd; /* non-NULL if this server has its own fd bound to
-			   a source port */
+  struct serverfd *sfd; 
   char *domain; /* set if this server only handles a domain. */ 
   int flags, tcpfd;
   struct server *next; 
@@ -211,11 +238,13 @@ struct server {
 
 struct irec {
   union mysockaddr addr;
+  struct in_addr netmask; /* only valid for IPv4 */
   struct irec *next;
 };
 
 struct listener {
   int fd, tcpfd, family;
+  struct irec *iface; /* only valid for non-wildcard */
   struct listener *next;
 };
 
@@ -230,8 +259,8 @@ struct iname {
 /* resolv-file parms from command-line */
 struct resolvc {
   struct resolvc *next;
-  int is_default;
-  int logged;
+  int is_default, logged;
+  time_t mtime;
   char *name;
 };
 
@@ -239,7 +268,7 @@ struct resolvc {
 struct hostsfile {
   struct hostsfile *next;
   char *fname;
-  int index; /* matches to cache entries fro logging */
+  int index; /* matches to cache entries for logging */
 };
 
 struct frec {
@@ -248,19 +277,38 @@ struct frec {
   struct server *sentto;
   unsigned int iface;
   unsigned short orig_id, new_id;
-  int fd;
+  int fd, forwardall;
   unsigned int crc;
   time_t time;
   struct frec *next;
 };
 
+/* actions in the daemon->helper RPC */
+#define ACTION_DEL           1
+#define ACTION_OLD_HOSTNAME  2
+#define ACTION_OLD           3
+#define ACTION_ADD           4
+
+#define DHCP_CHADDR_MAX 16
+
 struct dhcp_lease {
   int clid_len;          /* length of client identifier */
   unsigned char *clid;   /* clientid */
   char *hostname, *fqdn; /* name from client-hostname option or config */
+  char *old_hostname;    /* hostname before it moved to another lease */
+  char auth_name;        /* hostname came from config, not from client */
+  char new;              /* newly created */
+  char changed;          /* modified */
+  char aux_changed;      /* CLID or expiry changed */
   time_t expires;        /* lease expiry */
-  unsigned char hwaddr[ETHER_ADDR_LEN]; 
+#ifdef HAVE_BROKEN_RTC
+  unsigned int length;
+#endif
+  int hwaddr_len, hwaddr_type;
+  unsigned char hwaddr[DHCP_CHADDR_MAX]; 
   struct in_addr addr;
+  unsigned char *vendorclass, *userclass;
+  unsigned int vendorclass_len, userclass_len;
   struct dhcp_lease *next;
 };
 
@@ -273,34 +321,43 @@ struct dhcp_netid_list {
   struct dhcp_netid *list;
   struct dhcp_netid_list *next;
 };
+
 struct dhcp_config {
   unsigned int flags;
   int clid_len;          /* length of client identifier */
   unsigned char *clid;   /* clientid */
-  unsigned char hwaddr[ETHER_ADDR_LEN]; 
+  int hwaddr_len, hwaddr_type;
+  unsigned char hwaddr[DHCP_CHADDR_MAX]; 
   char *hostname;
   struct dhcp_netid netid;
   struct in_addr addr;
-  unsigned int lease_time;
+  time_t decline_time;
+  unsigned int lease_time, wildcard_mask;
   struct dhcp_config *next;
 };
 
-#define CONFIG_DISABLE   1
-#define CONFIG_CLID      2
-#define CONFIG_HWADDR    4
-#define CONFIG_TIME      8
-#define CONFIG_NAME     16
-#define CONFIG_ADDR     32
-#define CONFIG_NETID    64
-#define CONFIG_NOCLID  128
+#define CONFIG_DISABLE           1
+#define CONFIG_CLID              2
+#define CONFIG_HWADDR            4
+#define CONFIG_TIME              8
+#define CONFIG_NAME             16
+#define CONFIG_ADDR             32
+#define CONFIG_NETID            64
+#define CONFIG_NOCLID          128
+#define CONFIG_FROM_ETHERS     256    /* entry created by /etc/ethers */
+#define CONFIG_ADDR_HOSTS      512    /* address added by from /etc/hosts */
+#define CONFIG_DECLINED       1024    /* address declined by client */
 
 struct dhcp_opt {
-  int opt, len, is_addr;
-  unsigned char *val;
+  int opt, len, flags;
+  unsigned char *val, *vendor_class;
   struct dhcp_netid *netid;
   struct dhcp_opt *next;
 };
 
+#define DHOPT_ADDR               1
+#define DHOPT_STRING             2
+
 struct dhcp_boot {
   char *file, *sname;
   struct in_addr next_server;
@@ -315,38 +372,48 @@ struct dhcp_vendor {
   struct dhcp_vendor *next;
 };
 
+struct dhcp_mac {
+  unsigned int mask;
+  int hwaddr_len, hwaddr_type;
+  unsigned char hwaddr[DHCP_CHADDR_MAX];
+  struct dhcp_netid netid;
+  struct dhcp_mac *next;
+};
+
 struct dhcp_context {
   unsigned int lease_time, addr_epoch;
-  struct in_addr netmask, broadcast, router;
+  struct in_addr netmask, broadcast;
+  struct in_addr local, router;
   struct in_addr start, end; /* range of available addresses */
-  int static_only;
-  struct dhcp_netid netid;
+  int flags;
+  struct dhcp_netid netid, *filter;
   struct dhcp_context *next, *current;
 };
 
+#define CONTEXT_STATIC    1
+#define CONTEXT_NETMASK   2
+#define CONTEXT_BRDCAST   4
+
+
 typedef unsigned char u8;
 typedef unsigned short u16;
 typedef unsigned int u32;
 
 
-struct udp_dhcp_packet {
-        struct ip ip;
-        struct udphdr {
-	  u16 uh_sport;               /* source port */
-	  u16 uh_dport;               /* destination port */
-	  u16 uh_ulen;                /* udp length */
-	  u16 uh_sum;                 /* udp checksum */
-	} udp;
-        struct dhcp_packet {
-	  u8 op, htype, hlen, hops;
-	  u32 xid;
-	  u16 secs, flags;
-	  struct in_addr ciaddr, yiaddr, siaddr, giaddr;
-	  u8 chaddr[16], sname[64], file[128];
-	  u8 options[312];
-	} data;
+struct dhcp_packet {
+  u8 op, htype, hlen, hops;
+  u32 xid;
+  u16 secs, flags;
+  struct in_addr ciaddr, yiaddr, siaddr, giaddr;
+  u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128];
+  u8 options[312];
 };
 
+struct ping_result {
+  struct in_addr addr;
+  time_t time;
+  struct ping_result *next;
+};
 
 struct daemon {
   /* datastuctures representing the command-line and 
@@ -355,23 +422,27 @@ struct daemon {
 
   unsigned int options;
   struct resolvc default_resolv, *resolv_files;
-  struct mx_record *mxnames;
+  struct mx_srv_record *mxnames;
+  struct txt_record *txt;
   char *mxtarget;
   char *lease_file; 
   char *username, *groupname;
   char *domain_suffix;
   char *runfile; 
-  struct iname *if_names, *if_addrs, *if_except;
+  char *lease_change_command;
+  struct iname *if_names, *if_addrs, *if_except, *dhcp_except;
   struct bogus_addr *bogus_addr;
   struct server *servers;
-  int cachesize;
+  int log_fac; /* log facility */
+  int cachesize, ftabsize;
   int port, query_port;
   unsigned long local_ttl;
   struct hostsfile *addn_hosts;
   struct dhcp_context *dhcp;
   struct dhcp_config *dhcp_conf;
-  struct dhcp_opt *dhcp_opts;
+  struct dhcp_opt *dhcp_opts, *vendor_opts;
   struct dhcp_vendor *dhcp_vendors;
+  struct dhcp_mac *dhcp_macs;
   struct dhcp_boot *boot_config;
   struct dhcp_netid_list *dhcp_ignore;
   int dhcp_max; 
@@ -381,16 +452,35 @@ struct daemon {
 
   /* globally used stuff for DNS */
   char *packet; /* packet buffer */
+  int packet_buff_sz; /* size of above */
   char *namebuff; /* MAXDNAME size buffer */
   struct serverfd *sfds;
+  struct irec *interfaces;
   struct listener *listeners;
   struct server *last_server;
-  int uptime_fd;
-  
+  struct server *srv_save; /* Used for resend on DoD */
+  size_t packet_len;       /*      "        "        */
+  pid_t tcp_pids[MAX_PROCS];
+ 
   /* DHCP state */
-  int dhcpfd, dhcp_raw_fd, dhcp_icmp_fd, lease_fd;
-  struct udp_dhcp_packet *dhcp_packet;
+  int dhcpfd, helperfd; 
+#ifdef HAVE_LINUX_NETWORK
+  int netlinkfd;
+#else
+  int dhcp_raw_fd, dhcp_icmp_fd;
+#endif
+  struct iovec dhcp_packet;
   char *dhcp_buff, *dhcp_buff2;
+  struct ping_result *ping_results;
+  FILE *lease_stream;
+
+  /* DBus stuff */
+#ifdef HAVE_DBUS
+  /* void * here to avoid depending on dbus headers outside dbus.c */
+  void *dbus;
+  struct watch *watches;
+#endif
+
 };
 
 /* cache.c */
@@ -409,96 +499,156 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
 void cache_reload(int opts, char *buff, char *domain_suffix, struct hostsfile  *addn_hosts);
 void cache_add_dhcp_entry(struct daemon *daemon, char *host_name, struct in_addr *host_address, time_t ttd);
 void cache_unhash_dhcp(void);
-void dump_cache(struct daemon *daemon);
+void dump_cache(struct daemon *daemon, time_t now);
 char *cache_get_name(struct crec *crecp);
 
 /* rfc1035.c */
-unsigned short extract_request(HEADER *header, unsigned int qlen, 
+unsigned short extract_request(HEADER *header, size_t qlen, 
 			       char *name, unsigned short *typep);
-int setup_reply(HEADER *header, unsigned int qlen,
-		struct all_addr *addrp, unsigned short flags,
-		unsigned long local_ttl);
-void extract_addresses(HEADER *header, unsigned int qlen, char *namebuff, 
+size_t setup_reply(HEADER *header, size_t  qlen,
+		   struct all_addr *addrp, unsigned short flags,
+		   unsigned long local_ttl);
+void extract_addresses(HEADER *header, size_t qlen, char *namebuff, 
 		       time_t now, struct daemon *daemon);
-int answer_request(HEADER *header, char *limit, unsigned int qlen, struct daemon *daemon, time_t now);
-int check_for_bogus_wildcard(HEADER *header, unsigned int qlen, char *name, 
+size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *daemon, 
+		   struct in_addr local_addr, struct in_addr local_netmask, time_t now);
+int check_for_bogus_wildcard(HEADER *header, size_t qlen, char *name, 
 			     struct bogus_addr *addr, time_t now);
-unsigned char *find_pseudoheader(HEADER *header, unsigned int plen,
-				 unsigned int *len, unsigned char **p);
-int check_for_local_domain(char *name, time_t now, struct mx_record *mx);
-unsigned int questions_crc(HEADER *header, unsigned int plen);
-int resize_packet(HEADER *header, unsigned int plen, 
-		  unsigned char *pheader, unsigned int hlen);
+unsigned char *find_pseudoheader(HEADER *header, size_t plen,
+				 size_t *len, unsigned char **p);
+int check_for_local_domain(char *name, time_t now, struct daemon *daemon);
+unsigned int questions_crc(HEADER *header, size_t plen, char *buff);
+size_t resize_packet(HEADER *header, size_t plen, 
+		  unsigned char *pheader, size_t hlen);
 
 /* util.c */
 unsigned short rand16(void);
 int legal_char(char c);
 int canonicalise(char *s);
-int atoi_check(char *a, int *res);
+unsigned char *do_rfc1035_name(unsigned char *p, char *sval);
 void die(char *message, char *arg1);
-void complain(char *message, char *arg1);
-void *safe_malloc(int size);
-char *safe_string_alloc(char *cp);
+void complain(char *message, int lineno, char *file);
+void *safe_malloc(size_t size);
 int sa_len(union mysockaddr *addr);
 int sockaddr_isequal(union mysockaddr *s1, union mysockaddr *s2);
-int hostname_isequal(unsigned char *a, unsigned char *b);
-time_t dnsmasq_time(int fd);
+int hostname_isequal(char *a, char *b);
+time_t dnsmasq_time(void);
 int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask);
 int retry_send(void);
+void prettyprint_time(char *buf, unsigned int t);
+int prettyprint_addr(union mysockaddr *addr, char *buf);
+int parse_hex(char *in, unsigned char *out, int maxlen, 
+	      unsigned int *wildcard_mask, int *mac_type);
+int memcmp_masked(unsigned char *a, unsigned char *b, int len, 
+		  unsigned int mask);
+int expand_buf(struct iovec *iov, size_t size);
+char *print_mac(struct daemon *daemon, unsigned char *mac, int len);
+void bump_maxfd(int fd, int *max);
+void log_start(struct daemon *daemon);
+int read_write(int fd, unsigned char *packet, int size, int rw);
 
 /* option.c */
-struct daemon *read_opts (int argc, char **argv);
+struct daemon *read_opts (int argc, char **argv, char *compile_opts);
 
 /* forward.c */
-void forward_init(int first);
 void reply_query(struct serverfd *sfd, struct daemon *daemon, time_t now);
 void receive_query(struct listener *listen, struct daemon *daemon, time_t now);
-char *tcp_request(struct daemon *daemon, int confd, time_t now);
+unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
+			   struct in_addr local_addr, struct in_addr netmask);
+void server_gone(struct daemon *daemon, struct server *server);
+struct frec *get_new_frec(struct daemon *daemon, time_t now, int *wait);
 
 /* network.c */
 struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds);
-void reload_servers(char *fname, struct daemon *daemon);
-void check_servers(struct daemon *daemon, struct irec *interfaces);
-struct irec *enumerate_interfaces(struct daemon *daemon);
+int reload_servers(char *fname, struct daemon *daemon);
+void check_servers(struct daemon *daemon);
+int enumerate_interfaces(struct daemon *daemon);
 struct listener *create_wildcard_listeners(int port);
-struct listener *create_bound_listeners(struct irec *interfaces, int port);
+struct listener *create_bound_listeners(struct daemon *daemon);
+int iface_check(struct daemon *daemon, int family, 
+		struct all_addr *addr, char *name);
+int fix_fd(int fd);
 
 /* dhcp.c */
 void dhcp_init(struct daemon *daemon);
 void dhcp_packet(struct daemon *daemon, time_t now);
 
-int address_available(struct dhcp_context *context, struct in_addr addr);
+struct dhcp_context *address_available(struct dhcp_context *context, struct in_addr addr);
+struct dhcp_context *narrow_context(struct dhcp_context *context, struct in_addr taddr);
+int match_netid(struct dhcp_netid *check, struct dhcp_netid *pool, int negonly);
 int address_allocate(struct dhcp_context *context, struct daemon *daemon,
-		     struct in_addr *addrp, unsigned char *hwaddr);
+		     struct in_addr *addrp, unsigned char *hwaddr, int hw_len,
+		     struct dhcp_netid *netids, time_t now);
 struct dhcp_config *find_config(struct dhcp_config *configs,
 				struct dhcp_context *context,
 				unsigned char *clid, int clid_len,
-				unsigned char *hwaddr, char *hostname);
+				unsigned char *hwaddr, int hw_len, 
+				int hw_type, char *hostname);
 void dhcp_update_configs(struct dhcp_config *configs);
 void dhcp_read_ethers(struct daemon *daemon);
 struct dhcp_config *config_find_by_address(struct dhcp_config *configs, struct in_addr addr);
+char *strip_hostname(struct daemon *daemon, char *hostname);
+char *host_from_dns(struct daemon *daemon, struct in_addr addr);
 
 /* lease.c */
-void lease_update_file(int force, time_t now);
+void lease_update_file(struct daemon *daemon, time_t now);
 void lease_update_dns(struct daemon *daemon);
 void lease_init(struct daemon *daemon, time_t now);
-struct dhcp_lease *lease_allocate(unsigned char *clid, int clid_len, struct in_addr addr);
-void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr);
-void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix);
-void lease_set_expires(struct dhcp_lease *lease, time_t exp);
-struct dhcp_lease *lease_find_by_client(unsigned char *clid, int clid_len);
+struct dhcp_lease *lease_allocate(struct in_addr addr);
+void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
+		      unsigned char *clid, int hw_len, int hw_type, int clid_len);
+void lease_set_hostname(struct dhcp_lease *lease, char *name, 
+			char *suffix, int auth);
+void lease_set_expires(struct dhcp_lease *lease, unsigned int len, time_t now);
+struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr, int hw_len, int hw_type,  
+					unsigned char *clid, int clid_len);
 struct dhcp_lease *lease_find_by_addr(struct in_addr addr);
 void lease_prune(struct dhcp_lease *target, time_t now);
-void lease_update_from_configs(struct dhcp_config *dhcp_configs, char *domain);
+void lease_update_from_configs(struct daemon *daemon);
+int do_script_run(struct daemon *daemon);
 
 /* rfc2131.c */
-int dhcp_reply(struct daemon *daemon, struct in_addr iface_addr, char *iface_name, unsigned int sz, time_t now);
+size_t dhcp_reply(struct daemon *daemon, struct dhcp_context *context, char *iface_name, size_t sz, time_t now, int unicast_dest);
 
 /* dnsmasq.c */
+int make_icmp_sock(void);
 int icmp_ping(struct daemon *daemon, struct in_addr addr);
+void clear_cache_and_reload(struct daemon *daemon, time_t now);
 
 /* isc.c */
 #ifdef HAVE_ISC_READER
 void load_dhcp(struct daemon *daemon, time_t now);
 #endif
 
+/* netlink.c */
+#ifdef HAVE_LINUX_NETWORK
+void netlink_init(struct daemon *daemon);
+int iface_enumerate(struct daemon *daemon, void *parm,
+		    int (*ipv4_callback)(), int (*ipv6_callback)());
+void netlink_multicast(struct daemon *daemon);
+#endif
+
+/* bpf.c */
+#ifndef HAVE_LINUX_NETWORK
+void init_bpf(struct daemon *daemon);
+void send_via_bpf(struct daemon *daemon, struct dhcp_packet *mess, size_t len,
+		  struct in_addr iface_addr, struct ifreq *ifr);
+int iface_enumerate(struct daemon *daemon, void *parm,
+		    int (*ipv4_callback)(), int (*ipv6_callback)());
+#endif
+
+/* dbus.c */
+#ifdef HAVE_DBUS
+char *dbus_init(struct daemon *daemon);
+void check_dbus_listeners(struct daemon *daemon,
+			  fd_set *rset, fd_set *wset, fd_set *eset);
+void set_dbus_listeners(struct daemon *daemon, int *maxfdp, 
+			fd_set *rset, fd_set *wset, fd_set *eset);
+#endif
+
+/* helper.c */
+int create_helper(struct daemon *daemon);
+void helper_write(struct daemon *daemon);
+void queue_script(struct daemon *daemon, int action, 
+		  struct dhcp_lease *lease, char *hostname);
+int helper_buf_empty(void);

src/forward.c

@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000 - 2003 Simon Kelley
+/* dnsmasq is Copyright (c) 2000 - 2005 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -10,33 +10,20 @@
    GNU General Public License for more details.
 */
 
-/* Author's email: simon@thekelleys.org.uk */
-
 #include "dnsmasq.h"
 
-static struct frec *frec_list;
+static struct frec *frec_list = NULL;
 
-static struct frec *get_new_frec(time_t now);
 static struct frec *lookup_frec(unsigned short id);
 static struct frec *lookup_frec_by_sender(unsigned short id,
 					  union mysockaddr *addr,
 					  unsigned int crc);
 static unsigned short get_id(void);
 
-/* May be called more than once. */
-void forward_init(int first)
-{
-  struct frec *f;
-  
-  if (first)
-    frec_list = NULL;
-  for (f = frec_list; f; f = f->next)
-    f->new_id = 0;
-}
 
 /* Send a UDP packet with it's source address set as "source" 
    unless nowild is true, when we just send it with the kernel default */
-static void send_from(int fd, int nowild, char *packet, int len, 
+static void send_from(int fd, int nowild, char *packet, size_t len, 
 		      union mysockaddr *to, struct all_addr *source,
 		      unsigned int iface)
 {
@@ -44,7 +31,7 @@ static void send_from(int fd, int nowild, char *packet, int len,
   struct iovec iov[1]; 
   union {
     struct cmsghdr align; /* this ensures alignment */
-#if defined(IP_PKTINFO)
+#if defined(HAVE_LINUX_NETWORK)
     char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
 #elif defined(IP_SENDSRCADDR)
     char control[CMSG_SPACE(sizeof(struct in_addr))];
@@ -74,7 +61,7 @@ static void send_from(int fd, int nowild, char *packet, int len,
 
       if (to->sa.sa_family == AF_INET)
 	{
-#if defined(IP_PKTINFO)
+#if defined(HAVE_LINUX_NETWORK)
 	  struct in_pktinfo *pkt = (struct in_pktinfo *)CMSG_DATA(cmptr);
 	  pkt->ipi_ifindex = 0;
 	  pkt->ipi_spec_dst = source->addr.addr4;
@@ -89,9 +76,8 @@ static void send_from(int fd, int nowild, char *packet, int len,
 	  cmptr->cmsg_type = IP_SENDSRCADDR;
 #endif
 	}
-      
-#ifdef HAVE_IPV6
       else
+#ifdef HAVE_IPV6
 	{
 	  struct in6_pktinfo *pkt = (struct in6_pktinfo *)CMSG_DATA(cmptr);
 	  pkt->ipi6_ifindex = iface; /* Need iface for IPv6 to handle link-local addrs */
@@ -100,6 +86,8 @@ static void send_from(int fd, int nowild, char *packet, int len,
 	  cmptr->cmsg_type = IPV6_PKTINFO;
 	  cmptr->cmsg_level = IPV6_LEVEL;
 	}
+#else
+      iface = 0; /* eliminate warning */
 #endif
     }
   
@@ -134,7 +122,7 @@ static unsigned short search_servers(struct daemon *daemon, time_t now, struct a
   
   for (serv = daemon->servers; serv; serv=serv->next)
     /* domain matches take priority over NODOTS matches */
-    if ((serv->flags & SERV_FOR_NODOTS) && *type != SERV_HAS_DOMAIN && !strchr(qdomain, '.'))
+    if ((serv->flags & SERV_FOR_NODOTS) && *type != SERV_HAS_DOMAIN && !strchr(qdomain, '.') && namelen != 0)
       {
 	unsigned short sflag = serv->addr.sa.sa_family == AF_INET ? F_IPV4 : F_IPV6; 
 	*type = SERV_FOR_NODOTS;
@@ -159,9 +147,11 @@ static unsigned short search_servers(struct daemon *daemon, time_t now, struct a
     else if (serv->flags & SERV_HAS_DOMAIN)
       {
 	unsigned int domainlen = strlen(serv->domain);
+	char *matchstart = qdomain + namelen - domainlen;
 	if (namelen >= domainlen &&
-	    hostname_isequal(qdomain + namelen - domainlen, serv->domain) &&
-	    domainlen >= matchlen)
+	    hostname_isequal(matchstart, serv->domain) &&
+	    domainlen >= matchlen &&
+	    (domainlen == 0 || namelen == domainlen || *(serv->domain) == '.' || *(matchstart-1) == '.' ))
 	  {
 	    unsigned short sflag = serv->addr.sa.sa_family == AF_INET ? F_IPV4 : F_IPV6;
 	    *type = SERV_HAS_DOMAIN;
@@ -194,10 +184,10 @@ static unsigned short search_servers(struct daemon *daemon, time_t now, struct a
       else
 	log_query(F_CONFIG | F_FORWARD | flags, qdomain, *addrpp, 0, NULL, 0);
     }
-  else if (qtype && (daemon->options & OPT_NODOTS_LOCAL) && !strchr(qdomain, '.'))
+  else if (qtype && (daemon->options & OPT_NODOTS_LOCAL) && !strchr(qdomain, '.') && namelen != 0)
     flags = F_NXDOMAIN;
     
-  if (flags == F_NXDOMAIN && check_for_local_domain(qdomain, now, daemon->mxnames))
+  if (flags == F_NXDOMAIN && check_for_local_domain(qdomain, now, daemon))
     flags = F_NOERR;
 
   if (flags == F_NXDOMAIN || flags == F_NOERR)
@@ -209,27 +199,26 @@ static unsigned short search_servers(struct daemon *daemon, time_t now, struct a
 /* returns new last_server */	
 static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *udpaddr,
 			  struct all_addr *dst_addr, unsigned int dst_iface,
-			  HEADER *header, int plen, time_t now)
+			  HEADER *header, size_t plen, time_t now, struct frec *forward)
 {
-  struct frec *forward;
   char *domain = NULL;
-  int forwardall = 0, type = 0;
+  int type = 0;
   struct all_addr *addrp = NULL;
+  unsigned int crc = questions_crc(header, plen, daemon->namebuff);
   unsigned short flags = 0;
-  unsigned short gotname = extract_request(header, (unsigned int)plen, daemon->namebuff, NULL);
+  unsigned short gotname = extract_request(header, plen, daemon->namebuff, NULL);
   struct server *start = NULL;
-  unsigned int crc = questions_crc(header,(unsigned int)plen);
-  
-  /* may be  recursion not speced or no servers available. */
-  if (!header->rd || !daemon->servers)
+    
+  /* may be no servers available. */
+  if (!daemon->servers)
     forward = NULL;
-  else if ((forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, crc)))
+  else if (forward || (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, crc)))
     {
       /* retry on existing query, send to all available servers  */
       domain = forward->sentto->domain;
       if (!(daemon->options & OPT_ORDER))
 	{
-	  forwardall = 1;
+	  forward->forwardall = 1;
 	  daemon->last_server = NULL;
 	}
       type = forward->sentto->flags & SERV_TYPE;
@@ -242,12 +231,22 @@ static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *ud
       if (gotname)
 	flags = search_servers(daemon, now, &addrp, gotname, daemon->namebuff, &type, &domain);
       
-      if (!flags && !(forward = get_new_frec(now)))
+      if (!flags && !(forward = get_new_frec(daemon, now, NULL)))
 	/* table full - server failure. */
 	flags = F_NEG;
       
       if (forward)
 	{
+	  forward->source = *udpaddr;
+	  forward->dest = *dst_addr;
+	  forward->iface = dst_iface;
+	  forward->new_id = get_id();
+	  forward->fd = udpfd;
+	  forward->orig_id = ntohs(header->id);
+	  forward->crc = crc;
+	  forward->forwardall = 0;
+	  header->id = htons(forward->new_id);
+
 	  /* In strict_order mode, or when using domain specific servers
 	     always try servers in the order specified in resolv.conf,
 	     otherwise, use the one last known to work. */
@@ -257,17 +256,8 @@ static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *ud
 	  else if (!(start = daemon->last_server))
 	    {
 	      start = daemon->servers;
-	      forwardall = 1;
+	      forward->forwardall = 1;
 	    }
-	  
-	  forward->source = *udpaddr;
-	  forward->dest = *dst_addr;
-	  forward->iface = dst_iface;
-	  forward->new_id = get_id();
-	  forward->fd = udpfd;
-	  forward->orig_id = ntohs(header->id);
-	  forward->crc = crc;
-	  header->id = htons(forward->new_id);
 	}
     }
 
@@ -299,6 +289,10 @@ static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *ud
 		}
 	      else
 		{
+		  /* Keep info in case we want to re-send this packet */
+		  daemon->srv_save = start;
+		  daemon->packet_len = plen;
+		  
 		  if (!gotname)
 		    strcpy(daemon->namebuff, "query");
 		  if (start->addr.sa.sa_family == AF_INET)
@@ -313,8 +307,9 @@ static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *ud
 #endif 
 		  forwarded = 1;
 		  forward->sentto = start;
-		  if (!forwardall) 
+		  if (!forward->forwardall) 
 		    break;
+		  forward->forwardall++;
 		}
 	    } 
 	  
@@ -334,18 +329,22 @@ static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *ud
     }	  
   
   /* could not send on, return empty answer or address if known for whole domain */
-  plen = setup_reply(header, (unsigned int)plen, addrp, flags, daemon->local_ttl);
-  send_from(udpfd, daemon->options & OPT_NOWILD, (char *)header, plen, udpaddr, dst_addr, dst_iface);
-  
+  if (udpfd != -1)
+    {
+      plen = setup_reply(header, plen, addrp, flags, daemon->local_ttl);
+      send_from(udpfd, daemon->options & OPT_NOWILD, (char *)header, plen, udpaddr, dst_addr, dst_iface);
+    }
+
   return;
 }
 
-static int process_reply(struct daemon *daemon, HEADER *header, time_t now, 
-			 union mysockaddr *serveraddr, unsigned int n)
+static size_t process_reply(struct daemon *daemon, HEADER *header, time_t now, 
+			    unsigned int query_crc, struct server *server, size_t n)
 {
   unsigned char *pheader, *sizep;
-  unsigned int plen, munged = 0;
-   
+  int munged = 0;
+  size_t plen; 
+
   /* If upstream is advertising a larger UDP packet size
 	 than we allow, trim it so that we don't get overlarge
 	 requests for the client. */
@@ -360,25 +359,19 @@ static int process_reply(struct daemon *daemon, HEADER *header, time_t now,
 	PUTSHORT(daemon->edns_pktsz, psave);
     }
 
-  /* Complain loudly if the upstream server is non-recursive. */
-  if (!header->ra && header->rcode == NOERROR && ntohs(header->ancount) == 0)
-    {
-      char addrbuff[ADDRSTRLEN];
-#ifdef HAVE_IPV6
-      if (serveraddr->sa.sa_family == AF_INET)
-	inet_ntop(AF_INET, &serveraddr->in.sin_addr, addrbuff, ADDRSTRLEN);
-      else if (serveraddr->sa.sa_family == AF_INET6)
-	inet_ntop(AF_INET6, &serveraddr->in6.sin6_addr, addrbuff, ADDRSTRLEN);
-#else
-      strcpy(addrbuff, inet_ntoa(serveraddr->in.sin_addr));
-#endif
-      syslog(LOG_WARNING, "nameserver %s refused to do a recursive query", addrbuff);
-      return 0;
-    }
-  
   if (header->opcode != QUERY || (header->rcode != NOERROR && header->rcode != NXDOMAIN))
     return n;
   
+  /* Complain loudly if the upstream server is non-recursive. */
+  if (!header->ra && header->rcode == NOERROR && ntohs(header->ancount) == 0 &&
+      server && !(server->flags & SERV_WARNED_RECURSIVE))
+    {
+      prettyprint_addr(&server->addr, daemon->namebuff);
+      syslog(LOG_WARNING, _("nameserver %s refused to do a recursive query"), daemon->namebuff);
+      if (!(daemon->options & OPT_LOG))
+	server->flags |= SERV_WARNED_RECURSIVE;
+    }  
+    
   if (daemon->bogus_addr && header->rcode != NXDOMAIN &&
       check_for_bogus_wildcard(header, n, daemon->namebuff, daemon->bogus_addr, now))
     {
@@ -390,7 +383,7 @@ static int process_reply(struct daemon *daemon, HEADER *header, time_t now,
     {
       if (header->rcode == NXDOMAIN && 
 	  extract_request(header, n, daemon->namebuff, NULL) &&
-	  check_for_local_domain(daemon->namebuff, now, daemon->mxnames))
+	  check_for_local_domain(daemon->namebuff, now, daemon))
 	{
 	  /* if we forwarded a query for a locally known name (because it was for 
 	     an unknown type) and the answer is NXDOMAIN, convert that to NODATA,
@@ -400,7 +393,11 @@ static int process_reply(struct daemon *daemon, HEADER *header, time_t now,
 	  header->rcode = NOERROR;
 	}
   
-      extract_addresses(header, n, daemon->namebuff, now, daemon);
+      /* If the crc of the question section doesn't match the crc we sent, then
+	 someone might be attempting to insert bogus values into the cache by 
+	 sending replies containing questions and bogus answers. */
+      if (query_crc == questions_crc(header, n, daemon->namebuff))
+	extract_addresses(header, n, daemon->namebuff, now, daemon);
     }
   
   /* do this after extract_addresses. Ensure NODATA reply and remove
@@ -428,13 +425,17 @@ void reply_query(struct serverfd *sfd, struct daemon *daemon, time_t now)
   HEADER *header;
   union mysockaddr serveraddr;
   socklen_t addrlen = sizeof(serveraddr);
-  int n = recvfrom(sfd->fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen);
-  
+  ssize_t n = recvfrom(sfd->fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen);
+  size_t nn;
+
+  /* packet buffer overwritten */
+  daemon->srv_save = NULL;
+
   /* Determine the address of the server replying  so that we can mark that as good */
   serveraddr.sa.sa_family = sfd->source_addr.sa.sa_family;
 #ifdef HAVE_IPV6
   if (serveraddr.sa.sa_family == AF_INET6)
-    serveraddr.in6.sin6_flowinfo = htonl(0);
+    serveraddr.in6.sin6_flowinfo = 0;
 #endif
   
   header = (HEADER *)daemon->packet;
@@ -442,26 +443,61 @@ void reply_query(struct serverfd *sfd, struct daemon *daemon, time_t now)
   
   if (n >= (int)sizeof(HEADER) && header->qr && forward)
     {
-      /* find good server by address if possible, otherwise assume the last one we sent to */ 
-      if ((forward->sentto->flags & SERV_TYPE) == 0)
+       struct server *server = forward->sentto;
+       
+       if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && forward->forwardall == 0)
+	 /* for broken servers, attempt to send to another one. */
+	 {
+	   unsigned char *pheader;
+	   size_t plen;
+	   
+	   /* recreate query from reply */
+	   pheader = find_pseudoheader(header, (size_t)n, &plen, NULL);
+	   header->ancount = htons(0);
+	   header->nscount = htons(0);
+	   header->arcount = htons(0);
+	   if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
+	     {
+	       header->qr = 0;
+	       header->tc = 0;
+	       forward_query(daemon, -1, NULL, NULL, 0, header, nn, now, forward);
+	       return;
+	     }
+	 }   
+
+       if ((forward->sentto->flags & SERV_TYPE) == 0)
+	 {
+	   if (header->rcode == SERVFAIL || header->rcode == REFUSED)
+	     server = NULL;
+	   else
+	     {
+	       struct server *last_server;
+	       /* find good server by address if possible, otherwise assume the last one we sent to */ 
+	       for (last_server = daemon->servers; last_server; last_server = last_server->next)
+		 if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) &&
+		     sockaddr_isequal(&last_server->addr, &serveraddr))
+		   {
+		     server = last_server;
+		     break;
+		   }
+	     } 
+	   daemon->last_server = server;
+	 }
+	         
+      /* If the answer is an error, keep the forward record in place in case
+	 we get a good reply from another server. Kill it when we've
+	 had replies from all to avoid filling the forwarding table when
+	 everything is broken */
+      if (forward->forwardall == 0 || --forward->forwardall == 1 || 
+	  (header->rcode != REFUSED && header->rcode != SERVFAIL))
 	{
-	  struct server *last_server;
-	  daemon->last_server = forward->sentto;
-	  for (last_server = daemon->servers; last_server; last_server = last_server->next)
-	    if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) &&
-		sockaddr_isequal(&last_server->addr, &serveraddr))
-	      {
-		daemon->last_server = last_server;
-		break;
-	      }
-	}
-      
-      if ((n = process_reply(daemon, header, now, &serveraddr, (unsigned int)n)))
-	{
-	  header->id = htons(forward->orig_id);
-	  header->ra = 1; /* recursion if available */
-	  send_from(forward->fd, daemon->options & OPT_NOWILD, daemon->packet, n, 
-		    &forward->source, &forward->dest, forward->iface);
+	  if ((nn = process_reply(daemon, header, now, forward->crc, server, (size_t)n)))
+	    {
+	      header->id = htons(forward->orig_id);
+	      header->ra = 1; /* recursion if available */
+	      send_from(forward->fd, daemon->options & OPT_NOWILD, daemon->packet, nn, 
+			&forward->source, &forward->dest, forward->iface);
+	    }
 	  forward->new_id = 0; /* cancel */
 	}
     }
@@ -472,9 +508,11 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
   HEADER *header = (HEADER *)daemon->packet;
   union mysockaddr source_addr;
   unsigned short type;
-  struct iname *tmp;
   struct all_addr dst_addr;
-  int m, n, if_index = 0;
+  struct in_addr netmask, dst_addr_4;
+  size_t m;
+  ssize_t n;
+  int if_index = 0;
   struct iovec iov[1];
   struct msghdr msg;
   struct cmsghdr *cmptr;
@@ -483,7 +521,7 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
 #ifdef HAVE_IPV6
     char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
 #endif
-#if defined(IP_PKTINFO)
+#if defined(HAVE_LINUX_NETWORK)
     char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
 #elif defined(IP_RECVDSTADDR)
     char control[CMSG_SPACE(sizeof(struct in_addr)) +
@@ -491,6 +529,20 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
 #endif
   } control_u;
   
+  /* packet buffer overwritten */
+  daemon->srv_save = NULL;
+  
+  if (listen->family == AF_INET && (daemon->options & OPT_NOWILD))
+    {
+      dst_addr_4 = listen->iface->addr.in.sin_addr;
+      netmask = listen->iface->netmask;
+    }
+  else
+    {
+      dst_addr_4.s_addr = 0;
+      netmask.s_addr = 0;
+    }
+
   iov[0].iov_base = daemon->packet;
   iov[0].iov_len = daemon->edns_pktsz;
     
@@ -505,13 +557,15 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
   if ((n = recvmsg(listen->fd, &msg, 0)) == -1)
     return;
   
-  if (n < (int)sizeof(HEADER) || header->qr)
+  if (n < (int)sizeof(HEADER) || 
+      (msg.msg_flags & MSG_TRUNC) ||
+      header->qr)
     return;
   
   source_addr.sa.sa_family = listen->family;
 #ifdef HAVE_IPV6
   if (listen->family == AF_INET6)
-    source_addr.in6.sin6_flowinfo = htonl(0);
+    source_addr.in6.sin6_flowinfo = 0;
 #endif
   
   if (!(daemon->options & OPT_NOWILD))
@@ -521,12 +575,12 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
       if (msg.msg_controllen < sizeof(struct cmsghdr))
 	return;
 
-#if defined(IP_PKTINFO)
+#if defined(HAVE_LINUX_NETWORK)
       if (listen->family == AF_INET)
 	for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
 	  if (cmptr->cmsg_level == SOL_IP && cmptr->cmsg_type == IP_PKTINFO)
 	    {
-	      dst_addr.addr.addr4 = ((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_spec_dst;
+	      dst_addr_4 = dst_addr.addr.addr4 = ((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_spec_dst;
 	      if_index = ((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_ifindex;
 	    }
 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
@@ -534,7 +588,7 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
 	{
 	  for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
 	    if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVDSTADDR)
-	      dst_addr.addr.addr4 = *((struct in_addr *)CMSG_DATA(cmptr));
+	      dst_addr_4 = dst_addr.addr.addr4 = *((struct in_addr *)CMSG_DATA(cmptr));
 	    else if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
 	      if_index = ((struct sockaddr_dl *)CMSG_DATA(cmptr))->sdl_index;
 	}
@@ -557,7 +611,7 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
       if (if_index == 0)
 	return;
       
-      if (daemon->if_except || daemon->if_names)
+      if (daemon->if_except || daemon->if_names || (daemon->options & OPT_LOCALISE))
 	{
 #ifdef SIOCGIFNAME
 	  ifr.ifr_ifindex = if_index;
@@ -567,38 +621,20 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
 	  if (!if_indextoname(if_index, ifr.ifr_name))
 	    return;
 #endif
+
+	  if (listen->family == AF_INET &&
+	      (daemon->options & OPT_LOCALISE) &&
+	      ioctl(listen->fd, SIOCGIFNETMASK, &ifr) == -1)
+	    return;
+
+	  netmask = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
 	}
 
-      for (tmp = daemon->if_except; tmp; tmp = tmp->next)
-	if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
-	  return;
-      
-      if (daemon->if_names || daemon->if_addrs)
-	{
-	  for (tmp = daemon->if_names; tmp; tmp = tmp->next)
-	    if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
-	      break;
-	  if (!tmp)
-	    for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
-	      if (tmp->addr.sa.sa_family == listen->family)
-		{
-		  if (tmp->addr.sa.sa_family == AF_INET &&
-		      tmp->addr.in.sin_addr.s_addr == dst_addr.addr.addr4.s_addr)
-		    break;
-#ifdef HAVE_IPV6
-		  else if (tmp->addr.sa.sa_family == AF_INET6 &&
-			   memcmp(&tmp->addr.in6.sin6_addr, 
-				  &dst_addr.addr.addr6, 
-				  sizeof(struct in6_addr)) == 0)
-		    break;
-#endif
-		}
-	  if (!tmp)
-	    return; 
-	}
+      if (!iface_check(daemon, listen->family, &dst_addr, ifr.ifr_name))
+	return;
     }
   
-  if (extract_request(header, (unsigned int)n, daemon->namebuff, &type))
+  if (extract_request(header, (size_t)n, daemon->namebuff, &type))
     {
       if (listen->family == AF_INET) 
 	log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, 
@@ -610,50 +646,28 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
 #endif
     }
 
-  m = answer_request (header, ((char *) header) + PACKETSZ, (unsigned int)n, daemon, now);
+  m = answer_request (header, ((char *) header) + PACKETSZ, (size_t)n, daemon, 
+		      dst_addr_4, netmask, now);
   if (m >= 1)
     send_from(listen->fd, daemon->options & OPT_NOWILD, (char *)header, m, &source_addr, &dst_addr, if_index);
   else
     forward_query(daemon, listen->fd, &source_addr, &dst_addr, if_index,
-		  header, n, now);
+		  header, (size_t)n, now, NULL);
 }
 
-static int read_write(int fd, char *packet, int size, int rw)
-{
-  int n, done;
-  
-  for (done = 0; done < size; done += n)
-    {
-    retry:
-      if (rw)
-	n = read(fd, &packet[done], (size_t)(size - done));
-      else
-	n = write(fd, &packet[done], (size_t)(size - done));
-
-      if (n == 0)
-	return 0;
-      else if (n == -1)
-	{
-	  if (retry_send())
-	    goto retry;
-	  else
-	    return 0;
-	}
-    }
-  return 1;
-}
-  
 /* The daemon forks before calling this: it should deal with one connection,
    blocking as neccessary, and then return. Note, need to be a bit careful
    about resources for debug mode, when the fork is suppressed: that's
    done by the caller. */
-char *tcp_request(struct daemon *daemon, int confd, time_t now)
+unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
+			   struct in_addr local_addr, struct in_addr netmask)
 {
-  int size = 0, m;
+  int size = 0;
+  size_t m;
   unsigned short qtype, gotname;
   unsigned char c1, c2;
   /* Max TCP packet + slop */
-  char *packet = malloc(65536 + MAXDNAME + RRFIXEDSZ);
+  unsigned char *packet = malloc(65536 + MAXDNAME + RRFIXEDSZ);
   HEADER *header;
   struct server *last_server;
   
@@ -689,7 +703,8 @@ char *tcp_request(struct daemon *daemon, int confd, time_t now)
 	}
       
       /* m > 0 if answered from cache */
-      m = answer_request(header, ((char *) header) + 65536, (unsigned int)size, daemon, now);
+      m = answer_request(header, ((char *) header) + 65536, (unsigned int)size, daemon, 
+			 local_addr, netmask, now);
       
       if (m == 0)
 	{
@@ -709,7 +724,8 @@ char *tcp_request(struct daemon *daemon, int confd, time_t now)
 	  if (!flags && last_server)
 	    {
 	      struct server *firstsendto = NULL;
-	      
+	      unsigned int crc = questions_crc(header, (unsigned int)size, daemon->namebuff);
+
 	      /* Loop round available servers until we succeed in connecting to one.
 	         Note that this code subtley ensures that consecutive queries on this connection
 	         which can go to the same server, do so. */
@@ -774,7 +790,7 @@ char *tcp_request(struct daemon *daemon, int confd, time_t now)
 		  /* There's no point in updating the cache, since this process will exit and
 		     lose the information after one query. We make this call for the alias and 
 		     bogus-nxdomain side-effects. */
-		  m = process_reply(daemon, header, now, &last_server->addr, (unsigned int)m);
+		  m = process_reply(daemon, header, now, crc, last_server, (unsigned int)m);
 		  
 		  break;
 		}
@@ -794,55 +810,72 @@ char *tcp_request(struct daemon *daemon, int confd, time_t now)
     }
 }
 
-static struct frec *get_new_frec(time_t now)
+static struct frec *allocate_frec(time_t now)
 {
-  struct frec *f = frec_list, *oldest = NULL;
-  time_t oldtime = now;
-  int count = 0;
-  static time_t warntime = 0;
-
-  while (f)
-    {
-      if (f->new_id == 0)
-	{
-	  f->time = now;
-	  return f;
-	}
-
-      if (difftime(f->time, oldtime) <= 0)
-	{
-	  oldtime = f->time;
-	  oldest = f;
-	}
-
-      count++;
-      f = f->next;
-    }
+  struct frec *f;
   
-  /* can't find empty one, use oldest if there is one
-     and it's older than timeout */
-  if (oldest && difftime(now, oldtime)  > TIMEOUT)
-    { 
-      oldest->time = now;
-      return oldest;
-    }
-  
-  if (count > FTABSIZ)
-    { /* limit logging rate so syslog isn't DOSed either */
-      if (!warntime || difftime(now, warntime) > LOGRATE)
-	{
-	  warntime = now;
-	  syslog(LOG_WARNING, "forwarding table overflow: check for server loops.");
-	}
-      return NULL;
-    }
-
   if ((f = (struct frec *)malloc(sizeof(struct frec))))
     {
       f->next = frec_list;
       f->time = now;
+      f->new_id = 0;
       frec_list = f;
     }
+
+  return f;
+}
+
+/* if wait==NULL return a free or older than TIMEOUT record.
+   else return *wait zero if one available, or *wait is delay to
+   when the oldest in-use record will expire. */
+struct frec *get_new_frec(struct daemon *daemon, time_t now, int *wait)
+{
+  struct frec *f, *oldest;
+  int count;
+  
+  if (wait)
+    *wait = 0;
+
+  for (f = frec_list, oldest = NULL, count = 0; f; f = f->next, count++)
+    if (f->new_id == 0)
+      {
+	f->time = now;
+	return f;
+      }
+    else if (!oldest || difftime(f->time, oldest->time) <= 0)
+      oldest = f;
+  
+  /* can't find empty one, use oldest if there is one
+     and it's older than timeout */
+  if (oldest && ((int)difftime(now, oldest->time)) >= TIMEOUT)
+    { 
+      /* keep stuff for twice timeout if we can by allocating a new
+	 record instead */
+      if (difftime(now, oldest->time) < 2*TIMEOUT && 
+	  count <= daemon->ftabsize &&
+	  (f = allocate_frec(now)))
+	return f;
+
+      if (!wait)
+	{
+	  oldest->new_id = 0;
+	  oldest->time = now;
+	}
+      return oldest;
+    }
+  
+  /* none available, calculate time 'till oldest record expires */
+  if (count > daemon->ftabsize)
+    {
+      if (oldest && wait)
+	*wait = oldest->time + (time_t)TIMEOUT - now;
+      return NULL;
+    }
+  
+  if (!(f = allocate_frec(now)) && wait)
+    /* wait one second on malloc failure */
+    *wait = 1;
+
   return f; /* OK if malloc fails and this is NULL */
 }
  
@@ -873,6 +906,21 @@ static struct frec *lookup_frec_by_sender(unsigned short id,
   return NULL;
 }
 
+/* A server record is going away, remove references to it */
+void server_gone(struct daemon *daemon, struct server *server)
+{
+  struct frec *f;
+  
+  for (f = frec_list; f; f = f->next)
+    if (f->new_id != 0 && f->sentto == server)
+      f->new_id = 0;
+  
+  if (daemon->last_server == server)
+    daemon->last_server = NULL;
+
+  if (daemon->srv_save == server)
+    daemon->srv_save = NULL;
+}
 
 /* return unique random ids between 1 and 65535 */
 static unsigned short get_id(void)

src/helper.c

@@ -0,0 +1,327 @@
+/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+*/
+
+#include "dnsmasq.h"
+
+/* This file has code to fork a helper process which recieves data via a pipe 
+   shared with the main process and which is responsible for calling a script when
+   DHCP leases change.
+
+   The helper process is forked before the main process drops root, so it retains root 
+   privs to pass on to the script. For this reason it tries to be paranoid about 
+   data received from the main process, in case that has been compromised. We don't
+   want the helper to give an attacker root. In particular, the script to be run is
+   not settable via the pipe, once the fork has taken place it is not alterable by the 
+   main process.
+*/
+
+struct script_data
+{
+  unsigned char action, hwaddr_len, hwaddr_type;
+  unsigned char clid_len, hostname_len, uclass_len, vclass_len;
+  struct in_addr addr;
+#ifdef HAVE_BROKEN_RTC
+  unsigned int length;
+#else
+  time_t expires;
+#endif
+  unsigned char hwaddr[DHCP_CHADDR_MAX];
+};
+
+static struct script_data *buf;
+static size_t bytes_in_buf, buf_size;
+
+int create_helper(struct daemon *daemon)
+{
+  pid_t pid;
+  int i, pipefd[2];
+  struct sigaction sigact;
+
+  buf = NULL;
+  buf_size = bytes_in_buf = 0;
+
+  if (!daemon->dhcp || !daemon->lease_change_command)
+    return -1;
+
+  /* create the pipe through which the main program sends us commands,
+   then fork our process. */
+  if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+    return -1;
+  
+  if (pid != 0)
+    {
+      close(pipefd[0]); /* close reader side */
+      return pipefd[1];
+    }
+
+  /* ignore SIGTERM, so that we can clean up when the main process gets hit */
+  sigact.sa_handler = SIG_IGN;
+  sigact.sa_flags = 0;
+  sigemptyset(&sigact.sa_mask);
+  sigaction(SIGTERM, &sigact, NULL);
+
+  /* close all the sockets etc, we don't need them here */
+  for (i = 0; i < 64; i++)
+    if (i != STDOUT_FILENO && i != STDERR_FILENO && 
+	i != STDIN_FILENO && i != pipefd[0])
+      close(i);
+
+  /* we open our own log connection. */
+  log_start(daemon);
+  
+  /* don't give our end of the pipe to our children */
+  if ((i = fcntl(pipefd[0], F_GETFD)) != -1)
+    fcntl(pipefd[0], F_SETFD, i | FD_CLOEXEC); 
+      
+  /* loop here */
+  while(1)
+    {
+      struct script_data data;
+      char *p, *action_str, *hostname = NULL;
+      unsigned char *buf = (unsigned char *)daemon->namebuff;
+
+      /* we read zero bytes when pipe closed: this is our signal to exit */ 
+      if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
+	_exit(0);
+      
+      if (data.action == ACTION_DEL)
+	action_str = "del";
+      else if (data.action == ACTION_ADD)
+	action_str = "add";
+      else if (data.action == ACTION_OLD || data.action == ACTION_OLD_HOSTNAME)
+	action_str = "old";
+      else
+	continue;
+	
+      /* stringify MAC into dhcp_buff */
+      p = daemon->dhcp_buff;
+      if (data.hwaddr_type != ARPHRD_ETHER || data.hwaddr_len == 0) 
+	p += sprintf(p, "%.2x-", data.hwaddr_type);
+      for (i = 0; (i < data.hwaddr_len) && (i < DHCP_CHADDR_MAX); i++)
+	{
+	  p += sprintf(p, "%.2x", data.hwaddr[i]);
+	  if (i != data.hwaddr_len - 1)
+	    p += sprintf(p, ":");
+	}
+      
+      /* and CLID into packet */
+      if (!read_write(pipefd[0], buf, data.clid_len, 1))
+	continue;
+      for (p = daemon->packet, i = 0; i < data.clid_len; i++)
+	{
+	  p += sprintf(p, "%.2x", buf[i]);
+	  if (i != data.clid_len - 1) 
+	    p += sprintf(p, ":");
+	}
+      
+      /* and expiry or length into dhcp_buff2 */
+#ifdef HAVE_BROKEN_RTC
+      sprintf(daemon->dhcp_buff2, "%u ", data.length);
+#else
+      sprintf(daemon->dhcp_buff2, "%lu ", (unsigned long)data.expires);
+#endif
+      
+      if (!read_write(pipefd[0], buf, data.hostname_len + data.uclass_len + data.vclass_len, 1))
+	continue;
+      
+      if ((pid = fork()) == -1)
+	continue;
+      
+      /* wait for child to complete */
+      if (pid != 0)
+	{
+	  int status;
+	  waitpid(pid, &status, 0);
+	  if (WIFSIGNALED(status))
+	    syslog(LOG_WARNING, _("child process killed by signal %d"), WTERMSIG(status));
+	  else if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
+	    syslog(LOG_WARNING, _("child process exited with status %d"), WEXITSTATUS(status));
+	  continue;
+	}
+      
+      if (data.clid_len != 0)
+	setenv("DNSMASQ_CLIENT_ID", daemon->packet, 1);
+      else
+	unsetenv("DNSMASQ_CLIENT_ID");
+      
+#ifdef HAVE_BROKEN_RTC
+      setenv("DNSMASQ_LEASE_LENGTH", daemon->dhcp_buff2, 1);
+      unsetenv("DNSMASQ_LEASE_EXPIRES");
+#else
+      setenv("DNSMASQ_LEASE_EXPIRES", daemon->dhcp_buff2, 1); 
+      unsetenv("DNSMASQ_LEASE_LENGTH");
+#endif
+      
+      if (data.vclass_len != 0)
+	{
+	  buf[data.vclass_len - 1] = 0; /* don't trust zero-term */
+	  /* cannot have = chars in env - truncate if found . */
+	  if ((p = strchr((char *)buf, '=')))
+	    *p = 0;
+	  setenv("DNSMASQ_VENDOR_CLASS", (char *)buf, 1);
+	  buf += data.vclass_len;
+	}
+      else 
+	unsetenv("DNSMASQ_VENDOR_CLASS");
+      
+      if (data.uclass_len != 0)
+	{
+	  unsigned char *end = buf + data.uclass_len;
+	  buf[data.uclass_len - 1] = 0; /* don't trust zero-term */
+	  
+	  for (i = 0; buf < end;)
+	    {
+	      size_t len = strlen((char *)buf) + 1;
+	      if ((p = strchr((char *)buf, '=')))
+		*p = 0;
+	      if (strlen((char *)buf) != 0)
+		{
+		  sprintf(daemon->dhcp_buff2, "DNSMASQ_USER_CLASS%i", i++);
+		  setenv(daemon->dhcp_buff2, (char *)buf, 1);
+		}
+	      buf += len;
+	    }
+	}
+      
+      if (data.hostname_len != 0)
+	{
+	  hostname = (char *)buf;
+	  hostname[data.hostname_len - 1] = 0;
+	  canonicalise(hostname);
+	}
+      
+      if (data.action == ACTION_OLD_HOSTNAME && hostname)
+	{
+	  setenv("DNSMASQ_OLD_HOSTNAME", hostname, 1);
+	  hostname = NULL;
+	}
+      else
+	unsetenv("DNSMASQ_OLD_HOSTNAME");
+      
+      p =  strrchr(daemon->lease_change_command, '/');
+      execl(daemon->lease_change_command, 
+	    p ? p+1 : daemon->lease_change_command,
+	    action_str, daemon->dhcp_buff, inet_ntoa(data.addr), hostname, (char*)NULL);
+      
+      /* log socket should still be open, right? */
+      syslog(LOG_ERR, _("failed to execute %s: %m"), 
+	     daemon->lease_change_command);
+      _exit(0); 
+    }
+}
+
+/* pack up lease data into a buffer */    
+void queue_script(struct daemon *daemon, int action, struct dhcp_lease *lease, char *hostname)
+{
+  unsigned char *p;
+  size_t size;
+  unsigned int hostname_len = 0, clid_len = 0, vclass_len = 0, uclass_len = 0;
+
+  /* no script */
+  if (daemon->helperfd == -1)
+    return;
+
+  if (lease->vendorclass)
+    vclass_len = lease->vendorclass_len;
+  if (lease->userclass)
+    uclass_len = lease->userclass_len;
+  if (lease->clid)
+    clid_len = lease->clid_len;
+  if (hostname)
+    hostname_len = strlen(hostname) + 1;
+
+  size = sizeof(struct script_data) +  clid_len + vclass_len + uclass_len + hostname_len;
+
+  if (size > buf_size)
+    {
+      struct script_data *new;
+      
+      /* start with resonable size, will almost never need extending. */
+      if (size < sizeof(struct script_data) + 200)
+	size = sizeof(struct script_data) + 200;
+
+      if (!(new = malloc(size)))
+	return;
+      if (buf)
+	free(buf);
+      buf = new;
+      buf_size = size;
+    }
+
+  buf->action = action;
+  buf->hwaddr_len = lease->hwaddr_len;
+  buf->hwaddr_type = lease->hwaddr_type;
+  buf->clid_len = clid_len;
+  buf->vclass_len = vclass_len;
+  buf->uclass_len = uclass_len;
+  buf->hostname_len = hostname_len;
+  buf->addr = lease->addr;
+  memcpy(buf->hwaddr, lease->hwaddr, lease->hwaddr_len);
+#ifdef HAVE_BROKEN_RTC 
+  buf->length = lease->length;
+#else
+  buf->expires = lease->expires;
+#endif
+ 
+  p = (unsigned char *)(buf+1);
+  if (buf->clid_len != 0)
+    {
+      memcpy(p, lease->clid, clid_len);
+      p += clid_len;
+    }
+  if (buf->vclass_len != 0)
+    {
+      memcpy(p, lease->vendorclass, vclass_len);
+      p += vclass_len;
+    }
+  if (buf->uclass_len != 0)
+    {
+      memcpy(p, lease->userclass, uclass_len);
+      p += uclass_len;
+    }
+  if (buf->hostname_len != 0)
+    {
+      memcpy(p, hostname, hostname_len);
+      p += hostname_len;
+    }
+
+  bytes_in_buf = p - (unsigned char *)buf;
+}
+
+int helper_buf_empty(void)
+{
+  return bytes_in_buf == 0;
+}
+
+void helper_write(struct daemon *daemon)
+{
+  ssize_t rc;
+
+  if (bytes_in_buf == 0)
+    return;
+  
+  if ((rc = write(daemon->helperfd, buf, bytes_in_buf)) != -1)
+    {
+      if (bytes_in_buf != (size_t)rc)
+	memmove(buf, buf + rc, bytes_in_buf - rc); 
+      bytes_in_buf -= rc;
+    }
+  else
+    {
+      if (errno == EAGAIN || errno == EINTR)
+	return;
+      bytes_in_buf = 0;
+    }
+}
+
+
+

src/isc.c

@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000 - 2004 by Simon Kelley
+/* dnsmasq is Copyright (c) 2000 - 2005 by Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -17,6 +17,8 @@
 
 #ifdef HAVE_ISC_READER
 
+#define MAXTOK 50
+
 struct isc_lease {
   char *name, *fqdn;
   time_t expires;
@@ -68,7 +70,7 @@ void load_dhcp(struct daemon *daemon, time_t now)
   if (stat(daemon->lease_file, &statbuf) == -1)
     {
       if (!logged_lease)
-	syslog(LOG_WARNING, "failed to access %s: %m", daemon->lease_file);
+	syslog(LOG_WARNING, _("failed to access %s: %m"), daemon->lease_file);
       logged_lease = 1;
       return;
     }
@@ -84,11 +86,11 @@ void load_dhcp(struct daemon *daemon, time_t now)
   
   if (!(fp = fopen (daemon->lease_file, "r")))
     {
-      syslog (LOG_ERR, "failed to load %s: %m", daemon->lease_file);
+      syslog (LOG_ERR, _("failed to load %s: %m"), daemon->lease_file);
       return;
     }
   
-  syslog (LOG_INFO, "reading %s", daemon->lease_file);
+  syslog (LOG_INFO, _("reading %s"), daemon->lease_file);
 
   while ((next_token(token, MAXTOK, fp)))
     {
@@ -110,7 +112,7 @@ void load_dhcp(struct daemon *daemon, time_t now)
 			    if (!canonicalise(hostname))
 			      {
 				*hostname = 0;
-				syslog(LOG_ERR, "bad name in %s", daemon->lease_file); 
+				syslog(LOG_ERR, _("bad name in %s"), daemon->lease_file); 
 			      }
 			}
                       else if ((strcmp(token, "ends") == 0) ||
@@ -136,8 +138,8 @@ void load_dhcp(struct daemon *daemon, time_t now)
                                  it is noted that it might not be entirely accurate for odd seconds.
 				 Since we're trying to get the same answer as dhcpd, that's just
 				 fine here. */
-			      static int months [11] = { 31, 59, 90, 120, 151, 181,
-							 212, 243, 273, 304, 334 };
+			      static const int months [11] = { 31, 59, 90, 120, 151, 181,
+							       212, 243, 273, 304, 334 };
 			      time_t time = ((((((365 * (lease_time.tm_year - 1970) + /* Days in years since '70 */
 						  (lease_time.tm_year - 1969) / 4 +   /* Leap days since '70 */
 						  (lease_time.tm_mon > 1                /* Days in months this year */
@@ -172,7 +174,7 @@ void load_dhcp(struct daemon *daemon, time_t now)
 		      if (!daemon->domain_suffix || hostname_isequal(dot+1, daemon->domain_suffix))
 			{
 			  syslog(LOG_WARNING, 
-				 "Ignoring DHCP lease for %s because it has an illegal domain part", 
+				 _("Ignoring DHCP lease for %s because it has an illegal domain part"), 
 				 hostname);
 			  continue;
 			}

src/lease.c

@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2003 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -10,161 +10,217 @@
    GNU General Public License for more details.
 */
 
-/* Author's email: simon@thekelleys.org.uk */
-
 #include "dnsmasq.h"
 
-static struct dhcp_lease *leases;
-static FILE *lease_file;
-static int dns_dirty, file_dirty, new_lease;
-static int leases_left;
+static struct dhcp_lease *leases, *old_leases;
+static int dns_dirty, file_dirty, leases_left;
 
 void lease_init(struct daemon *daemon, time_t now)
 {
-  unsigned int e0, e1, e2, e3, e4, e5, a0, a1, a2, a3;
   unsigned long ei;
-  time_t expires;
-  unsigned char hwaddr[ETHER_ADDR_LEN];
   struct in_addr addr;
   struct dhcp_lease *lease;
-  int clid_len = 0;
-  int has_old = 0;
-  char *buff = daemon->dhcp_buff;
-  char *buff2 = daemon->dhcp_buff2;
+  int flags, clid_len, hw_len, hw_type;
+  FILE *leasestream;
   
-  leases = NULL;
+  leases = old_leases = NULL;
   leases_left = daemon->dhcp_max;
 
-  /* NOTE: need a+ mode to create file if it doesn't exist */
-  if (!(lease_file = fopen(daemon->lease_file, "a+")))
-    die("cannot open or create leases file: %s", NULL);
-    
-  /* a+ mode lease pointer at end. */
-  rewind(lease_file);
-
-  while (fscanf(lease_file, "%lu %x:%x:%x:%x:%x:%x %d.%d.%d.%d %257s %257s",
-		&ei, &e0, &e1, &e2, &e3, &e4, &e5, &a0, &a1, &a2, &a3, 
-		buff, buff2) == 13)
+  if (daemon->options & OPT_LEASE_RO)
     {
-#ifdef HAVE_BROKEN_RTC
-      if (ei)
-	expires = (time_t)ei + now;
-      else
-	expires = (time_t)0;
-#else 
-      /* strictly time_t is opaque, but this hack should work on all sane systems,
-	 even when sizeof(time_t) == 8 */
-      expires = (time_t)ei;
-      
-      if (ei != 0  && difftime(now, expires) > 0)
+      /* run "<lease_change_script> init" once to get the
+	 initial state of the database. If leasefile-ro is
+	 set without a script, we just do without any 
+	 lease database. */
+      if (!daemon->lease_change_command)
 	{
-	  has_old = 1;
-	  continue; /* expired */
+	  file_dirty = dns_dirty = 0;
+	  return;
 	}
-#endif
-
-      hwaddr[0] = e0;
-      hwaddr[1] = e1;
-      hwaddr[2] = e2;
-      hwaddr[3] = e3;
-      hwaddr[4] = e4;
-      hwaddr[5] = e5;
+      strcpy(daemon->dhcp_buff, daemon->lease_change_command);
+      strcat(daemon->dhcp_buff, " init");
+      leasestream = popen(daemon->dhcp_buff, "r");
+    }
+  else
+    {
+      /* NOTE: need a+ mode to create file if it doesn't exist */
+      leasestream = daemon->lease_stream = fopen(daemon->lease_file, "a+");
       
-      addr.s_addr = htonl((a0<<24) + (a1<<16) + (a2<<8) + a3);
-
-      /* decode hex in place */
-      if (strcmp(buff2, "*") == 0)
-	clid_len = 0;
-      else
-	{ 
-	  int s = (strlen(buff2)/3) + 1;
-	  for (clid_len = 0; clid_len < s; clid_len++)
-	  {
-	    buff2[(clid_len*3)+2] = 0;
-	    buff2[clid_len] = strtol(&buff2[clid_len*3], NULL, 16);
-	  }
-	}
+      if (!leasestream)
+	die(_("cannot open or create lease file %s: %s"), daemon->lease_file);
       
-      if (!(lease = lease_allocate(buff2, clid_len, addr)))
-	die ("too many stored leases", NULL);
+      flags = fcntl(fileno(leasestream), F_GETFD);
+      if (flags != -1)
+	fcntl(fileno(leasestream), F_SETFD, flags | FD_CLOEXEC); 
       
-      lease->expires = expires;
-      memcpy(lease->hwaddr, hwaddr, ETHER_ADDR_LEN);
-
-      if (strcmp(buff, "*") !=  0)
-	  lease_set_hostname(lease, buff, daemon->domain_suffix);
+      /* a+ mode lease pointer at end. */
+      rewind(leasestream);
     }
   
-  dns_dirty = 1;
-  file_dirty = has_old;
-  new_lease = 0;
+  /* client-id max length is 255 which is 255*2 digits + 254 colons 
+     borrow DNS packet buffer which is always larger than 1000 bytes */
+  if (leasestream)
+    while (fscanf(leasestream, "%lu %255s %16s %255s %764s",
+		  &ei, daemon->dhcp_buff2, daemon->namebuff, 
+		  daemon->dhcp_buff, daemon->packet) == 5)
+      {
+	hw_len = parse_hex(daemon->dhcp_buff2, (unsigned char *)daemon->dhcp_buff2, DHCP_CHADDR_MAX, NULL, &hw_type);
+	/* For backwards compatibility, no explict MAC address type means ether. */
+	if (hw_type == 0 && hw_len != 0)
+	  hw_type = ARPHRD_ETHER;
+	
+	addr.s_addr = inet_addr(daemon->namebuff);
+	
+	/* decode hex in place */
+	clid_len = 0;
+	if (strcmp(daemon->packet, "*") != 0)
+	  clid_len = parse_hex(daemon->packet, (unsigned char *)daemon->packet, 255, NULL, NULL);
+	
+	if (!(lease = lease_allocate(addr)))
+	  die (_("too many stored leases"), NULL);
+	/* not actually new */
+	lease->new = 0;
+	
+#ifdef HAVE_BROKEN_RTC
+	if (ei != 0)
+	  lease->expires = (time_t)ei + now;
+	else
+	  lease->expires = (time_t)0;
+	lease->length = ei;
+#else
+	/* strictly time_t is opaque, but this hack should work on all sane systems,
+	   even when sizeof(time_t) == 8 */
+	lease->expires = (time_t)ei;
+#endif
+	
+	lease_set_hwaddr(lease, (unsigned char *)daemon->dhcp_buff2, (unsigned char *)daemon->packet, hw_len, hw_type, clid_len);
+	
+	if (strcmp(daemon->dhcp_buff, "*") !=  0)
+	  lease_set_hostname(lease, daemon->dhcp_buff, daemon->domain_suffix, 0);
+      }
+  
+  if (!daemon->lease_stream)
+    {
+      int rc = 0;
 
-  daemon->lease_fd = fileno(lease_file);
+      /* shell returns 127 for "command not found", 126 for bad permissions. */
+      if (!leasestream || (rc = pclose(leasestream)) == -1 || WEXITSTATUS(rc) == 127 || WEXITSTATUS(rc) == 126)
+	{
+	  if (WEXITSTATUS(rc) == 127)
+	    errno = ENOENT;
+	  else if (WEXITSTATUS(rc) == 126)
+	    errno = EACCES;
+	  die(_("cannot run lease-init script %s: %s"), daemon->lease_change_command);
+	}
+      
+      if (WEXITSTATUS(rc) != 0)
+	{
+	  sprintf(daemon->dhcp_buff, "%d", WEXITSTATUS(rc));
+	  die(_("lease-init script returned exit code %s"), daemon->dhcp_buff);
+	}
+    }
+
+  /* Some leases may have expired */
+  file_dirty = 0;
+  lease_prune(NULL, now);
+  dns_dirty = 1;
 }
 
-void lease_update_from_configs(struct dhcp_config *dhcp_configs, char *domain)
+void lease_update_from_configs(struct daemon *daemon)
 {
   /* changes to the config may change current leases. */
   
   struct dhcp_lease *lease;
   struct dhcp_config *config;
-  
+  char *name;
+
   for (lease = leases; lease; lease = lease->next)
-    if ((config = find_config(dhcp_configs, NULL, lease->clid, lease->clid_len, lease->hwaddr, NULL)) && 
-	(config->flags & CONFIG_NAME))
-      lease_set_hostname(lease, config->hostname, domain);
+    if ((config = find_config(daemon->dhcp_conf, NULL, lease->clid, lease->clid_len, 
+			      lease->hwaddr, lease->hwaddr_len, lease->hwaddr_type, NULL)) && 
+	(config->flags & CONFIG_NAME) &&
+	(!(config->flags & CONFIG_ADDR) || config->addr.s_addr == lease->addr.s_addr))
+      lease_set_hostname(lease, config->hostname, daemon->domain_suffix, 1);
+    else if ((name = host_from_dns(daemon, lease->addr)))
+      lease_set_hostname(lease, name, daemon->domain_suffix, 1); /* updates auth flag only */
 }
 
-void lease_update_file(int force, time_t now)
+static void ourprintf(struct daemon *daemon, int *errp, char *format, ...)
+{
+  va_list ap;
+  
+  va_start(ap, format);
+  if (!(*errp) && vfprintf(daemon->lease_stream, format, ap) < 0)
+    *errp = errno;
+  va_end(ap);
+}
+
+void lease_update_file(struct daemon *daemon, time_t now)
 {
   struct dhcp_lease *lease;
-  int i = force; /* avoid warning */
-  unsigned long expires;
+  time_t next_event;
+  int i, err = 0;
 
-#ifdef HAVE_BROKEN_RTC
-  if (force || new_lease)
+  if (file_dirty != 0 && daemon->lease_stream)
     {
-      lease_prune(NULL, now);
-#else
-  if (file_dirty)
-    {
-#endif
-      rewind(lease_file);
-      ftruncate(fileno(lease_file), 0);
+      errno = 0;
+      rewind(daemon->lease_stream);
+      if (errno != 0 || ftruncate(fileno(daemon->lease_stream), 0) != 0)
+	err = errno;
       
       for (lease = leases; lease; lease = lease->next)
 	{
 #ifdef HAVE_BROKEN_RTC
-	  if (lease->expires)
-	    expires = (unsigned long) difftime(lease->expires, now);
-	  else
-	    expires = 0;
+	  ourprintf(daemon, &err, "%u ", lease->length);
 #else
-	  expires = now; /* eliminate warning */
-	  expires = (unsigned long)lease->expires;
+	  ourprintf(daemon, &err, "%lu ", (unsigned long)lease->expires);
 #endif
-	  fprintf(lease_file, "%lu %.2x:%.2x:%.2x:%.2x:%.2x:%.2x %s %s ", 
-		  expires, lease->hwaddr[0], lease->hwaddr[1],
-		  lease->hwaddr[2], lease->hwaddr[3], lease->hwaddr[4],
-		  lease->hwaddr[5], inet_ntoa(lease->addr),
-		  lease->hostname && strlen(lease->hostname) != 0 ? lease->hostname : "*");
+	  if (lease->hwaddr_type != ARPHRD_ETHER || lease->hwaddr_len == 0) 
+	    ourprintf(daemon, &err, "%.2x-", lease->hwaddr_type);
+	  for (i = 0; i < lease->hwaddr_len; i++)
+	    {
+	      ourprintf(daemon, &err, "%.2x", lease->hwaddr[i]);
+	      if (i != lease->hwaddr_len - 1)
+		ourprintf(daemon, &err, ":");
+	    }
+	  ourprintf(daemon, &err, " %s %s ", inet_ntoa(lease->addr),
+		    lease->hostname && strlen(lease->hostname) != 0 ? lease->hostname : "*");
 	  
-	  if (lease->clid_len)
+	  if (lease->clid && lease->clid_len != 0)
 	    {
 	      for (i = 0; i < lease->clid_len - 1; i++)
-		fprintf(lease_file, "%.2x:", lease->clid[i]);
-	      fprintf(lease_file, "%.2x\n", lease->clid[i]);
+		ourprintf(daemon, &err, "%.2x:", lease->clid[i]);
+	      ourprintf(daemon, &err, "%.2x\n", lease->clid[i]);
 	    }
 	  else
-	    fprintf(lease_file, "*\n");
-	  
+	    ourprintf(daemon, &err, "*\n");	  
 	}
-
-      fflush(lease_file);
-      fsync(fileno(lease_file));
-      file_dirty = 0;
-      new_lease = 0;
+      
+      if (fflush(daemon->lease_stream) != 0 ||
+	  fsync(fileno(daemon->lease_stream)) < 0)
+	err = errno;
+      
+      if (!err)
+	file_dirty = 0;
     }
+  
+  /* Set alarm for when the first lease expires + slop. */
+  for (next_event = 0, lease = leases; lease; lease = lease->next)
+    if (lease->expires != 0 &&
+	(next_event == 0 || difftime(next_event, lease->expires + 10) > 0.0))
+      next_event = lease->expires + 10;
+   
+  if (err)
+    {
+      if (next_event == 0 || difftime(next_event, LEASE_RETRY + now) > 0.0)
+	next_event = LEASE_RETRY + now;
+      
+      syslog(LOG_ERR, _("failed to write %s: %s (retry in %us)"), 
+	     daemon->lease_file, strerror(err),
+	     (unsigned int)difftime(next_event, now));
+    }
+
+  if (next_event != 0)
+    alarm((unsigned)difftime(next_event, now)); 
 }
 
 void lease_update_dns(struct daemon *daemon)
@@ -195,18 +251,16 @@ void lease_prune(struct dhcp_lease *target, time_t now)
       if ((lease->expires != 0 && difftime(now, lease->expires) > 0) || lease == target)
 	{
 	  file_dirty = 1;
-
-	  *up = lease->next; /* unlink */
 	  if (lease->hostname)
-	    {
-	      free(lease->hostname); 
-	      dns_dirty = 1;
-	    }
-	  if (lease->fqdn)
-	    free(lease->fqdn);
-	  if (lease->clid)
-	    free(lease->clid);
-	  free(lease);
+	    dns_dirty = 1;
+	  
+	  *up = lease->next; /* unlink */
+	  
+	  /* Put on old_leases list 'till we
+	     can run the script */
+	  lease->next = old_leases;
+	  old_leases = lease;
+	  
 	  leases_left++;
 	}
       else
@@ -215,23 +269,24 @@ void lease_prune(struct dhcp_lease *target, time_t now)
 } 
 	
   
-struct dhcp_lease *lease_find_by_client(unsigned char *clid, int clid_len)
+struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr, int hw_len, int hw_type,
+					unsigned char *clid, int clid_len)
 {
   struct dhcp_lease *lease;
 
-  if (clid_len)
-    {
-      for (lease = leases; lease; lease = lease->next)
-	if (lease->clid && clid_len == lease->clid_len &&
+  if (clid)
+    for (lease = leases; lease; lease = lease->next)
+      if (lease->clid && clid_len == lease->clid_len &&
 	  memcmp(clid, lease->clid, clid_len) == 0)
 	return lease;
-    }
-  else
-    {
-      for (lease = leases; lease; lease = lease->next)	
-	if (memcmp(clid, lease->hwaddr, ETHER_ADDR_LEN) == 0)
-	  return lease;
-    }
+  
+  for (lease = leases; lease; lease = lease->next)	
+    if ((!lease->clid || !clid) && 
+	hw_len != 0 && 
+	lease->hwaddr_len == hw_len &&
+	lease->hwaddr_type == hw_type &&
+	memcmp(hwaddr, lease->hwaddr, hw_len) == 0)
+      return lease;
   
   return NULL;
 }
@@ -248,84 +303,133 @@ struct dhcp_lease *lease_find_by_addr(struct in_addr addr)
 }
 
 
-struct dhcp_lease *lease_allocate(unsigned char *clid, int clid_len, struct in_addr addr)
+struct dhcp_lease *lease_allocate(struct in_addr addr)
 {
   struct dhcp_lease *lease;
   if (!leases_left || !(lease = malloc(sizeof(struct dhcp_lease))))
     return NULL;
 
-  lease->clid = NULL;
-  lease->clid_len = clid_len;
-  
-  if (clid_len)
-    {
-      if (!(lease->clid = malloc(clid_len)))
-       {
-	 free(lease);
-	 return NULL;
-       }
-      memcpy(lease->clid, clid, clid_len);
-    }
-  
-  lease->hostname = lease->fqdn = NULL;
+  memset(lease, 0, sizeof(struct dhcp_lease));
+  lease->new = 1;
   lease->addr = addr;
-  memset(lease->hwaddr, 0, ETHER_ADDR_LEN);
+  lease->hwaddr_len = 225; /* illegal value */
   lease->expires = 1;
-  
+#ifdef HAVE_BROKEN_RTC
+  lease->length = 0xffffffff; /* illegal value */
+#endif
   lease->next = leases;
   leases = lease;
   
   file_dirty = 1;
-  new_lease = 1;
   leases_left--;
 
   return lease;
 }
 
-void lease_set_expires(struct dhcp_lease *lease, time_t exp)
+void lease_set_expires(struct dhcp_lease *lease, unsigned int len, time_t now)
 {
-  if (exp != lease->expires)
-    file_dirty = dns_dirty = 1;
-
-  lease->expires = exp;
-}
-
-void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr)
-{
-  if (memcmp(lease->hwaddr, hwaddr, ETHER_ADDR_LEN) != 0)
+  time_t exp = now + (time_t)len;
+  
+  if (len == 0xffffffff)
     {
-      file_dirty = 1;
-      memcpy(lease->hwaddr, hwaddr, ETHER_ADDR_LEN);
+      exp = 0;
+      len = 0;
     }
+  
+  if (exp != lease->expires)
+    {
+      dns_dirty = 1;
+      lease->expires = exp;
+#ifndef HAVE_BROKEN_RTC
+      lease->aux_changed = file_dirty = 1;
+#endif
+    }
+  
+#ifdef HAVE_BROKEN_RTC
+  if (len != lease->length)
+    {
+      lease->length = len;
+      lease->aux_changed = file_dirty = 1; 
+    }
+#endif
+} 
+
+void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
+		      unsigned char *clid, int hw_len, int hw_type, int clid_len)
+{
+  if (hw_len != lease->hwaddr_len ||
+      hw_type != lease->hwaddr_type || 
+      (hw_len != 0 && memcmp(lease->hwaddr, hwaddr, hw_len) != 0))
+    {
+      memcpy(lease->hwaddr, hwaddr, hw_len);
+      lease->hwaddr_len = hw_len;
+      lease->hwaddr_type = hw_type;
+      lease->changed = file_dirty = 1; /* run script on change */
+    }
+
+  /* only update clid when one is available, stops packets
+     without a clid removing the record. Lease init uses
+     clid_len == 0 for no clid. */
+  if (clid_len != 0 && clid)
+    {
+      if (!lease->clid)
+	lease->clid_len = 0;
+
+      if (lease->clid_len != clid_len)
+	{
+	  lease->aux_changed = file_dirty = 1;
+	  if (lease->clid)
+	    free(lease->clid);
+	  if (!(lease->clid = malloc(clid_len)))
+	    return;
+	}
+      else if (memcmp(lease->clid, clid, clid_len) != 0)
+	lease->aux_changed = file_dirty = 1;
+	  
+      lease->clid_len = clid_len;
+      memcpy(lease->clid, clid, clid_len);
+    }
+
 }
 
-void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix)
+void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix, int auth)
 {
   struct dhcp_lease *lease_tmp;
   char *new_name = NULL, *new_fqdn = NULL;
 
   if (lease->hostname && name && hostname_isequal(lease->hostname, name))
-    return;
-
+    {
+      lease->auth_name = auth;
+      return;
+    }
+  
   if (!name && !lease->hostname)
     return;
 
   /* If a machine turns up on a new net without dropping the old lease,
      or two machines claim the same name, then we end up with two interfaces with
-     the same name. Check for that here and remove the name from the old lease. */
+     the same name. Check for that here and remove the name from the old lease.
+     Don't allow a name from the client to override a name from dnsmasq config. */
   
   if (name)
     {
       for (lease_tmp = leases; lease_tmp; lease_tmp = lease_tmp->next)
 	if (lease_tmp->hostname && hostname_isequal(lease_tmp->hostname, name))
 	  {
-	    new_name = lease_tmp->hostname;
+	    if (lease_tmp->auth_name && !auth)
+	      return;
+	    /* this shouldn't happen unless updates are very quick and the
+	       script very slow, we just avoid a memory leak if it does. */
+	    if (lease_tmp->old_hostname)
+	      free(lease_tmp->old_hostname);
+	    lease_tmp->old_hostname = lease_tmp->hostname;
 	    lease_tmp->hostname = NULL;
 	    if (lease_tmp->fqdn)
 	      {
 		new_fqdn = lease_tmp->fqdn;
 		lease_tmp->fqdn = NULL;
 	      }
+	    break;
 	  }
      
       if (!new_name && (new_name = malloc(strlen(name) + 1)))
@@ -340,15 +444,102 @@ void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix)
     }
 
   if (lease->hostname)
-    free(lease->hostname);
+    {
+      /* run script to say we lost our old name */
+      if (lease->old_hostname)
+	free(lease->old_hostname);
+      lease->old_hostname = lease->hostname;
+    }
+
   if (lease->fqdn)
     free(lease->fqdn);
   
   lease->hostname = new_name;
   lease->fqdn = new_fqdn;
+  lease->auth_name = auth;
   
-  file_dirty = dns_dirty = 1;
+  file_dirty = 1;
+  dns_dirty = 1; 
+  lease->changed = 1; /* run script on change */
 }
 
+/* deleted leases get transferred to the old_leases list.
+   remove them here, after calling the lease change
+   script. Also run the lease change script on new/modified leases.
 
+   Return zero if nothing to do. */
+int do_script_run(struct daemon *daemon)
+{
+  struct dhcp_lease *lease;
+
+  if (old_leases)
+    {
+      lease = old_leases;
+                  
+      /* If the lease still has an old_hostname, do the "old" action on that first */
+      if (lease->old_hostname)
+	{
+	  queue_script(daemon, ACTION_OLD_HOSTNAME, lease, lease->old_hostname);
+	  free(lease->old_hostname);
+	  lease->old_hostname = NULL;
+	  return 1;
+	}
+      else 
+	{
+	  queue_script(daemon, ACTION_DEL, lease, lease->hostname);
+	  old_leases = lease->next;
+	  
+	  if (lease->hostname)
+	    free(lease->hostname); 
+	  if (lease->fqdn)
+	    free(lease->fqdn);
+	  if (lease->clid)
+	    free(lease->clid);
+	  if (lease->vendorclass)
+	    free(lease->vendorclass);
+	  if (lease->userclass)
+	    free(lease->userclass);
+	  free(lease);
+	    
+	  return 1; 
+	}
+    }
+  
+  /* make sure we announce the loss of a hostname before its new location. */
+  for (lease = leases; lease; lease = lease->next)
+    if (lease->old_hostname)
+      {	
+	queue_script(daemon, ACTION_OLD_HOSTNAME, lease, lease->old_hostname);
+	free(lease->old_hostname);
+	lease->old_hostname = NULL;
+	return 1;
+      }
+  
+  for (lease = leases; lease; lease = lease->next)
+    if (lease->new || lease->changed || 
+	(lease->aux_changed && (daemon->options & OPT_LEASE_RO)))
+      {
+	queue_script(daemon, lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname);
+	lease->new = lease->changed = lease->aux_changed = 0;
+	
+	/* these are used for the "add" call, then junked, since they're not in the database */
+	if (lease->vendorclass)
+	  {
+	    free(lease->vendorclass);
+	    lease->vendorclass = NULL;
+	  }
+	if (lease->userclass)
+	  {
+	    free(lease->userclass);
+	    lease->userclass = NULL;
+	  }
+	
+	return 1;
+      }
+
+  return 0; /* nothing to do */
+}
+	  
+
+      
 

src/netlink.c

@@ -0,0 +1,245 @@
+ /* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+*/
+
+#include "dnsmasq.h"
+
+#ifdef HAVE_LINUX_NETWORK
+
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+
+static struct iovec iov;
+
+static void nl_err(struct nlmsghdr *h);
+static void nl_routechange(struct daemon *daemon, struct nlmsghdr *h);
+
+void netlink_init(struct daemon *daemon)
+{
+  struct sockaddr_nl addr;
+
+  addr.nl_family = AF_NETLINK;
+  addr.nl_pad = 0;
+  addr.nl_pid = 0; /* autobind */
+#ifdef HAVE_IPV6
+  addr.nl_groups = RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE;
+#else
+  addr.nl_groups = RTMGRP_IPV4_ROUTE;
+#endif
+  
+  /* May not be able to have permission to set multicast groups don't die in that case */
+  if ((daemon->netlinkfd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) != -1)
+    {
+      if (bind(daemon->netlinkfd, (struct sockaddr *)&addr, sizeof(addr)) == -1)
+	{
+	  addr.nl_groups = 0;
+	  if (errno != EPERM || bind(daemon->netlinkfd, (struct sockaddr *)&addr, sizeof(addr)) == -1)
+	    daemon->netlinkfd = -1;
+	}
+    }
+  
+  if (daemon->netlinkfd == -1)
+    die(_("cannot create netlink socket: %s"), NULL);
+  else
+    {
+      int flags = fcntl(daemon->netlinkfd, F_GETFD);
+      if (flags != -1)
+	fcntl(daemon->netlinkfd, F_SETFD, flags | FD_CLOEXEC); 
+    }
+
+  iov.iov_len = 200;
+  iov.iov_base = safe_malloc(iov.iov_len);
+}
+
+static ssize_t netlink_recv(struct daemon *daemon)
+{
+  struct msghdr msg;
+  ssize_t rc;
+
+  msg.msg_control = NULL;
+  msg.msg_controllen = 0;
+  msg.msg_name = NULL;
+  msg.msg_namelen = 0;
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+    
+  while (1)
+    {
+      msg.msg_flags = 0;
+      while ((rc = recvmsg(daemon->netlinkfd, &msg, MSG_PEEK)) == -1 && errno == EINTR);
+      
+      /* 2.2.x doesn't suport MSG_PEEK at all, returning EOPNOTSUPP, so we just grab a 
+	 big buffer and pray in that case. */
+      if (rc == -1 && errno == EOPNOTSUPP)
+	{
+	  if (!expand_buf(&iov, 2000))
+	    return -1;
+	  break;
+	}
+      
+      if (rc == -1 || !(msg.msg_flags & MSG_TRUNC))
+        break;
+            
+      if (!expand_buf(&iov, iov.iov_len + 100))
+	return -1;
+    }
+
+  /* finally, read it for real */
+  while ((rc = recvmsg(daemon->netlinkfd, &msg, 0)) == -1 && errno == EINTR);
+  
+  return rc;
+}
+  
+int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), int (*ipv6_callback)())
+{
+  struct sockaddr_nl addr;
+  struct nlmsghdr *h;
+  ssize_t len;
+  static unsigned int seq = 0;
+  int family = AF_INET;
+
+  struct {
+    struct nlmsghdr nlh;
+    struct rtgenmsg g; 
+  } req;
+
+  addr.nl_family = AF_NETLINK;
+  addr.nl_pad = 0;
+  addr.nl_groups = 0;
+  addr.nl_pid = 0; /* address to kernel */
+
+ again:
+  req.nlh.nlmsg_len = sizeof(req);
+  req.nlh.nlmsg_type = RTM_GETADDR;
+  req.nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST | NLM_F_ACK; 
+  req.nlh.nlmsg_pid = 0;
+  req.nlh.nlmsg_seq = ++seq;
+  req.g.rtgen_family = family; 
+
+  /* Don't block in recvfrom if send fails */
+  while((len = sendto(daemon->netlinkfd, (void *)&req, sizeof(req), 0, 
+		      (struct sockaddr *)&addr, sizeof(addr))) == -1 && retry_send());
+  
+  if (len == -1)
+    return 0;
+    
+  while (1)
+    {
+      if ((len = netlink_recv(daemon)) == -1)
+	return 0;
+  
+      for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+ 	if (h->nlmsg_type == NLMSG_ERROR)
+	  nl_err(h);
+	else if (h->nlmsg_seq != seq)
+	  nl_routechange(daemon, h); /* May be multicast arriving async */
+	else if (h->nlmsg_type == NLMSG_DONE)
+	  {
+#ifdef HAVE_IPV6
+	    if (family == AF_INET && ipv6_callback)
+	      {
+		family = AF_INET6;
+		goto again;
+	      }
+#endif
+	    return 1;
+	  }
+	else if (h->nlmsg_type == RTM_NEWADDR)
+	  {
+	    struct ifaddrmsg *ifa = NLMSG_DATA(h);  
+	    struct rtattr *rta = IFA_RTA(ifa);
+	    unsigned int len1 = h->nlmsg_len - NLMSG_LENGTH(sizeof(*ifa));
+	    
+	    if (ifa->ifa_family == AF_INET)
+	      {
+		struct in_addr netmask, addr, broadcast;
+		
+		netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen));
+		addr.s_addr = 0;
+		broadcast.s_addr = 0;
+		
+		while (RTA_OK(rta, len1))
+		  {
+		    if (rta->rta_type == IFA_LOCAL)
+		      addr = *((struct in_addr *)(rta+1));
+		    else if (rta->rta_type == IFA_BROADCAST)
+		      broadcast = *((struct in_addr *)(rta+1));
+		    
+		    rta = RTA_NEXT(rta, len1);
+		  }
+		
+		if (addr.s_addr && ipv4_callback)
+		  if (!((*ipv4_callback)(daemon, addr, ifa->ifa_index, netmask, broadcast, parm)))
+		    return 0;
+	      }
+#ifdef HAVE_IPV6
+	    else if (ifa->ifa_family == AF_INET6)
+	      {
+		struct in6_addr *addrp = NULL;
+		while (RTA_OK(rta, len1))
+		  {
+		    if (rta->rta_type == IFA_ADDRESS)
+		      addrp = ((struct in6_addr *)(rta+1)); 
+		    
+		    rta = RTA_NEXT(rta, len1);
+		  }
+		
+		if (addrp && ipv6_callback)
+		  if (!((*ipv6_callback)(daemon, addrp, ifa->ifa_index, ifa->ifa_index, parm)))
+		    return 0;
+	      }
+#endif
+	  }
+    }
+}
+
+void netlink_multicast(struct daemon *daemon)
+{
+  ssize_t len;
+  struct nlmsghdr *h;
+  
+  if ((len = netlink_recv(daemon)) != -1)
+    {
+      for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+	if (h->nlmsg_type == NLMSG_ERROR)
+	  nl_err(h);
+	else
+	  nl_routechange(daemon, h);
+    }
+}
+
+static void nl_err(struct nlmsghdr *h)
+{
+  struct nlmsgerr *err = NLMSG_DATA(h);
+  if (err->error != 0)
+    syslog(LOG_ERR, _("netlink returns error: %s"), strerror(-(err->error)));
+}
+
+/* We arrange to receive netlink multicast messages whenever the network route is added.
+   If this happens and we still have a DNS packet in the buffer, we re-send it.
+   This helps on DoD links, where frequently the packet which triggers dialling is
+   a DNS query, which then gets lost. By re-sending, we can avoid the lookup
+   failing. */ 
+static void nl_routechange(struct daemon *daemon, struct nlmsghdr *h)
+{
+  if (h->nlmsg_type == RTM_NEWROUTE && daemon->srv_save)
+    {
+      struct rtmsg *rtm = NLMSG_DATA(h);
+      if (rtm->rtm_type == RTN_UNICAST &&
+	  rtm->rtm_scope == RT_SCOPE_LINK) 
+	while(sendto(daemon->srv_save->sfd->fd, daemon->packet, daemon->packet_len, 0,
+		     &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
+    }
+}
+#endif
+
+      

src/network.c

@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000 - 2003 Simon Kelley
+/* dnsmasq is Copyright (c) 2000 - 2006 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -10,232 +10,205 @@
    GNU General Public License for more details.
 */
 
-/* Author's email: simon@thekelleys.org.uk */
-
 #include "dnsmasq.h"
 
-static struct irec *add_iface(struct daemon *daemon, struct irec *list, char *name, union mysockaddr *addr) 
+int iface_check(struct daemon *daemon, int family, struct all_addr *addr, char *name)
 {
-  struct irec *iface;
   struct iname *tmp;
-  
-  /* check blacklist */
-  if (daemon->if_except)
-    for (tmp = daemon->if_except; tmp; tmp = tmp->next)
-      if (tmp->name && strcmp(tmp->name, name) == 0)
-	{
-	  /* record address of named interfaces, for TCP access control */
-	  tmp->addr = *addr;
-	  return list;
-	}
+  int ret = 1;
+
+  /* Note: have to check all and not bail out early, so that we set the
+     "used" flags. */
 
-  /* we may need to check the whitelist */
   if (daemon->if_names || daemon->if_addrs)
-    { 
-      int found = 0;
+    {
+      ret = 0;
 
       for (tmp = daemon->if_names; tmp; tmp = tmp->next)
 	if (tmp->name && (strcmp(tmp->name, name) == 0))
-	  {
-	    tmp->addr = *addr;
-	    found = tmp->used = 1;
-	  }
-
+	  ret = tmp->used = 1;
+	        
       for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
-	if (sockaddr_isequal(&tmp->addr, addr))
-	  found = tmp->used = 1;
-      
-      if (!found) 
-	return list;
+	if (tmp->addr.sa.sa_family == family)
+	  {
+	    if (family == AF_INET &&
+		tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
+	      ret = tmp->used = 1;
+#ifdef HAVE_IPV6
+	    else if (family == AF_INET6 &&
+		     IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, 
+					&addr->addr.addr6))
+	      ret = tmp->used = 1;
+#endif
+	  }          
     }
   
+  for (tmp = daemon->if_except; tmp; tmp = tmp->next)
+    if (tmp->name && (strcmp(tmp->name, name) == 0))
+      ret = 0;
+  
+  return ret; 
+}
+      
+static int iface_allowed(struct daemon *daemon, struct irec **irecp, int if_index, 
+			 union mysockaddr *addr, struct in_addr netmask) 
+{
+  struct irec *iface;
+  int fd;
+  struct ifreq ifr;
+  
   /* check whether the interface IP has been added already 
-     it is possible to have multiple interfaces with the same address */
-  for (iface = list; iface; iface = iface->next) 
+     we call this routine multiple times. */
+  for (iface = *irecp; iface; iface = iface->next) 
     if (sockaddr_isequal(&iface->addr, addr))
-      break;
-  if (iface)
-    return list;
+      return 1;
   
-  /* If OK, add it to the head of the list */
-  iface = safe_malloc(sizeof(struct irec));
-  iface->addr = *addr;
-  iface->next = list;
-  return iface;
-}
-
-
-struct irec *enumerate_interfaces(struct daemon *daemon)
-{
-  struct irec *iface = NULL;
-  char *buf, *ptr;
-  struct ifreq *ifr = NULL;
-  struct ifconf ifc;
-  int lastlen = 0;
-  int len = 20 * sizeof(struct ifreq);
-  int fd = socket(PF_INET, SOCK_DGRAM, 0);
+#ifdef HAVE_LINUX_NETWORK
+  ifr.ifr_ifindex = if_index;
+#endif
   
-  if (fd == -1)
-    die ("cannot create socket to enumerate interfaces: %s", NULL);
-        
-  while (1)
-     {
-       buf = safe_malloc(len);
-
-       ifc.ifc_len = len;
-       ifc.ifc_buf = buf;
-       if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
-	 {
-	   if (errno != EINVAL || lastlen != 0)
-	     die ("ioctl error while enumerating interfaces: %s", NULL);
-	 }
-       else
-	 {
-	   if (ifc.ifc_len == lastlen)
-	     break; /* got a big enough buffer now */
-	   lastlen = ifc.ifc_len;
-	 }
-       len += 10*sizeof(struct ifreq);
-       free(buf);
-     }
-  
-  for (ptr = buf; ptr < buf + len; )
+  if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1 ||
+#ifdef HAVE_LINUX_NETWORK
+      ioctl(fd, SIOCGIFNAME, &ifr) == -1 ||
+#else
+      !if_indextoname(if_index, ifr.ifr_name) ||
+#endif
+      ioctl(fd, SIOCGIFFLAGS, &ifr) == -1)
     {
-      union mysockaddr addr;
-#ifdef HAVE_SOCKADDR_SA_LEN
-      /* subsequent entries may not be aligned, so copy into
-	 an aligned buffer to avoid nasty complaints about 
-	 unaligned accesses. */
-      int ifr_len = ((struct ifreq *)ptr)->ifr_addr.sa_len + IF_NAMESIZE;
-      if (!(ifr = realloc(ifr, ifr_len)))
-	die("cannot allocate buffer", NULL);
-      
-      memcpy(ifr, ptr, ifr_len);
-      ptr += ifr_len;
-#else
-      ifr = (struct ifreq *)ptr;
-      ptr += sizeof(struct ifreq);
-#endif
-      
-      /* copy address since getting flags overwrites */
-      if (ifr->ifr_addr.sa_family == AF_INET)
+      if (fd != -1)
 	{
-	  addr.in = *((struct sockaddr_in *) &ifr->ifr_addr);
-	  addr.in.sin_port = htons(daemon->port);
+	  int errsave = errno;
+	  close(fd);
+	  errno = errsave;
 	}
-#ifdef HAVE_IPV6
-      else if (ifr->ifr_addr.sa_family == AF_INET6)
-	{
-#ifdef HAVE_BROKEN_SOCKADDR_IN6
-	  addr.in6 = *((struct my_sockaddr_in6 *) &ifr->ifr_addr);
-#else
-	  addr.in6 = *((struct sockaddr_in6 *) &ifr->ifr_addr);
-#endif
-	  addr.in6.sin6_port = htons(daemon->port);
-	  addr.in6.sin6_flowinfo = htonl(0);
-	}
-#endif
-      else
-	continue; /* unknown address family */
-      
-      if (ioctl(fd, SIOCGIFFLAGS, ifr) < 0)
-	die("ioctl error getting interface flags: %m", NULL);
-
-      /* If we are restricting the set of interfaces to use, make
-	 sure that loopback interfaces are in that set. */
-      if (daemon->if_names && (ifr->ifr_flags & IFF_LOOPBACK))
-	{
-	  struct iname *lo;
-	  for (lo = daemon->if_names; lo; lo = lo->next)
-	    if (lo->name && strcmp(lo->name, ifr->ifr_name) == 0)
-	      {
-		lo->isloop = 1;
-		break;
-	      }
-	  if (!lo)
-	    {
-	      lo = safe_malloc(sizeof(struct iname));
-	      lo->name = safe_string_alloc(ifr->ifr_name);
-	      lo->isloop = lo->used = 1;
-	      lo->next = daemon->if_names;
-	      daemon->if_names = lo;
-	    }
-	}
-
-      iface = add_iface(daemon, iface, ifr->ifr_name, &addr);
-	
-#if defined(HAVE_LINUX_IPV6_PROC) && defined(HAVE_IPV6)
-      /* IPv6 addresses don't seem to work with SIOCGIFCONF. Barf */
-      /* This code snarfed from net-tools 1.60 and certainly linux specific, though
-	 it shouldn't break on other Unices, and their SIOGIFCONF might work. */
-      {
-	FILE *f = fopen(IP6INTERFACES, "r");
-	int found = 0;
-	union mysockaddr addr6;
-
-	if (f)
-	  {
-	    unsigned int plen, scope, flags, if_idx;
-	    char devname[20], addrstring[32];
-	    
-	    while (fscanf(f, "%32s %02x %02x %02x %02x %20s\n",
-			  addrstring, &if_idx, &plen, &scope, &flags, devname) != EOF) 
-	      {
-		if (strcmp(devname, ifr->ifr_name) == 0)
-		  {
-		    int i;
-		    unsigned char *addr6p = (unsigned char *) &addr6.in6.sin6_addr;
-		    memset(&addr6, 0, sizeof(addr6));
-		    addr6.sa.sa_family = AF_INET6;
-		    for (i=0; i<16; i++)
-		      {
-			unsigned int byte;
-			sscanf(addrstring+i+i, "%02x", &byte);
-			addr6p[i] = byte;
-		      }
-		    addr6.in6.sin6_port = htons(daemon->port);
-		    addr6.in6.sin6_flowinfo = htonl(0);
-		    addr6.in6.sin6_scope_id = htonl(scope);
-		    
-		    found = 1;
-		    break;
-		  }
-	      }
-	    
-	    fclose(f);
-	  }
-	
-	if (found)
-	  iface = add_iface(daemon, iface, ifr->ifr_name, &addr6);
-      }
-#endif /* LINUX */
+      return 0;
     }
   
-  if (buf)
-    free(buf);
-#ifdef HAVE_SOCKADDR_SA_LEN
-  if (ifr)
-    free(ifr);
-#endif
   close(fd);
+  
+  /* If we are restricting the set of interfaces to use, make
+     sure that loopback interfaces are in that set. */
+  if (daemon->if_names && (ifr.ifr_flags & IFF_LOOPBACK))
+    {
+      struct iname *lo;
+      for (lo = daemon->if_names; lo; lo = lo->next)
+	if (lo->name && strcmp(lo->name, ifr.ifr_name) == 0)
+	  {
+	    lo->isloop = 1;
+	    break;
+	  }
+      
+      if (!lo && (lo = malloc(sizeof(struct iname))))
+	{
+	  lo->name = safe_malloc(strlen(ifr.ifr_name)+1);
+	  strcpy(lo->name, ifr.ifr_name);
+	  lo->isloop = lo->used = 1;
+	  lo->next = daemon->if_names;
+	  daemon->if_names = lo;
+	}
+    }
+  
+  if (addr->sa.sa_family == AF_INET &&
+      !iface_check(daemon, AF_INET, (struct all_addr *)&addr->in.sin_addr, ifr.ifr_name))
+    return 1;
 
-  return iface;
+#ifdef HAVE_IPV6
+  if (addr->sa.sa_family == AF_INET6 &&
+      !iface_check(daemon, AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, ifr.ifr_name))
+    return 1;
+#endif
+
+  /* add to list */
+  if ((iface = malloc(sizeof(struct irec))))
+    {
+      iface->addr = *addr;
+      iface->netmask = netmask;
+      iface->next = *irecp;
+      *irecp = iface; 
+      return 1;
+    }
+  
+  errno = ENOMEM; 
+  return 0;
 }
 
 #ifdef HAVE_IPV6
+static int iface_allowed_v6(struct daemon *daemon, struct in6_addr *local, 
+			    int scope, int if_index, void *vparam)
+{
+  union mysockaddr addr;
+  struct in_addr netmask; /* dummy */
+  
+  netmask.s_addr = 0;
+  
+  memset(&addr, 0, sizeof(addr));
+#ifdef HAVE_SOCKADDR_SA_LEN
+  addr.in6.sin6_len = sizeof(addr.in6);
+#endif
+  addr.in6.sin6_family = AF_INET6;
+  addr.in6.sin6_addr = *local;
+  addr.in6.sin6_port = htons(daemon->port);
+  addr.in6.sin6_scope_id = scope;
+  
+  return iface_allowed(daemon, (struct irec **)vparam, if_index, &addr, netmask);
+}
+#endif
+
+static int iface_allowed_v4(struct daemon *daemon, struct in_addr local, int if_index, 
+			    struct in_addr netmask, struct in_addr broadcast, void *vparam)
+{
+  union mysockaddr addr;
+
+  memset(&addr, 0, sizeof(addr));
+#ifdef HAVE_SOCKADDR_SA_LEN
+  addr.in.sin_len = sizeof(addr.in);
+#endif
+  addr.in.sin_family = AF_INET;
+  addr.in.sin_addr = broadcast; /* warning */
+  addr.in.sin_addr = local;
+  addr.in.sin_port = htons(daemon->port);
+
+  return iface_allowed(daemon, (struct irec **)vparam, if_index, &addr, netmask);
+}
+   
+
+int enumerate_interfaces(struct daemon *daemon)
+{
+#ifdef HAVE_IPV6
+  return iface_enumerate(daemon, &daemon->interfaces, iface_allowed_v4, iface_allowed_v6);
+#else
+  return iface_enumerate(daemon, &daemon->interfaces, iface_allowed_v4, NULL);
+#endif
+}
+
+/* set NONBLOCK and CLOEXEC bits on fd: See Stevens 16.6 */
+int fix_fd(int fd)
+{
+  int flags;
+
+  if ((flags = fcntl(fd, F_GETFL)) == -1 ||
+      fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1 ||
+      (flags = fcntl(fd, F_GETFD)) == -1 ||
+      fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1)
+    return 0;
+
+  return 1;
+}
+
+#if defined(HAVE_IPV6)
 static int create_ipv6_listener(struct listener **link, int port)
 {
   union mysockaddr addr;
-  int tcpfd, fd, flags, save;
+  int tcpfd, fd;
   struct listener *l;
   int opt = 1;
 
+  memset(&addr, 0, sizeof(addr));
   addr.in6.sin6_family = AF_INET6;
   addr.in6.sin6_addr = in6addr_any;
   addr.in6.sin6_port = htons(port);
-  addr.in6.sin6_flowinfo = htonl(0);
 #ifdef HAVE_SOCKADDR_SA_LEN
-  addr.in6.sin6_len = sizeof(struct sockaddr_in6);
+  addr.in6.sin6_len = sizeof(addr.in6);
 #endif
 
   /* No error of the kernel doesn't support IPv6 */
@@ -245,21 +218,14 @@ static int create_ipv6_listener(struct listener **link, int port)
 	    errno == EINVAL);
   
   if ((tcpfd = socket(AF_INET6, SOCK_STREAM, 0)) == -1)
-    {
-      save = errno;
-      close(fd);
-      errno = save;
-      return 0;
-    }
-  
+    return 0;
+      
   if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
       setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
       setsockopt(fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 ||
       setsockopt(tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 ||
-      (flags = fcntl(fd, F_GETFL, 0)) == -1 ||
-      fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1 ||
-      (flags = fcntl(tcpfd, F_GETFL, 0)) == -1 ||
-      fcntl(tcpfd, F_SETFL, flags | O_NONBLOCK) == -1 ||
+      !fix_fd(fd) ||
+      !fix_fd(tcpfd) ||
 #ifdef IPV6_RECVPKTINFO
       setsockopt(fd, IPV6_LEVEL, IPV6_RECVPKTINFO, &opt, sizeof(opt)) == -1 ||
 #else
@@ -268,14 +234,8 @@ static int create_ipv6_listener(struct listener **link, int port)
       bind(tcpfd, (struct sockaddr *)&addr, sa_len(&addr)) == -1 ||
       listen(tcpfd, 5) == -1 ||
       bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == -1) 
-    {
-      save = errno;
-      close(fd);
-      close(tcpfd);
-      errno = save;
-      return 0;
-    }
-  
+    return 0;
+      
   l = safe_malloc(sizeof(struct listener));
   l->fd = fd;
   l->tcpfd = tcpfd;
@@ -289,15 +249,12 @@ static int create_ipv6_listener(struct listener **link, int port)
 
 struct listener *create_wildcard_listeners(int port)
 {
-#if !(defined(IP_PKTINFO) || (defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR)))
-  return NULL;
-#else
   union mysockaddr addr;
   int opt = 1;
   struct listener *l, *l6 = NULL;
-  int flags;
   int tcpfd, fd;
 
+  memset(&addr, 0, sizeof(addr));
   addr.in.sin_family = AF_INET;
   addr.in.sin_addr.s_addr = INADDR_ANY;
   addr.in.sin_port = htons(port);
@@ -305,39 +262,28 @@ struct listener *create_wildcard_listeners(int port)
   addr.in.sin_len = sizeof(struct sockaddr_in);
 #endif
 
-  if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+  if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1 ||
+      (tcpfd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
     return NULL;
   
-  if ((tcpfd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
-    {
-      close (fd);
-      return NULL;
-    }
-  
   if (setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
       bind(tcpfd, (struct sockaddr *)&addr, sa_len(&addr)) == -1 ||
       listen(tcpfd, 5) == -1 ||
-      (flags = fcntl(tcpfd, F_GETFL, 0)) == -1 ||
-      fcntl(tcpfd, F_SETFL, flags | O_NONBLOCK) == -1 ||
+      !fix_fd(tcpfd) ||
 #ifdef HAVE_IPV6
       !create_ipv6_listener(&l6, port) ||
 #endif
       setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
-      (flags = fcntl(fd, F_GETFL, 0)) == -1 ||
-      fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1 ||
-#if defined(IP_PKTINFO) 
+      !fix_fd(fd) ||
+#if defined(HAVE_LINUX_NETWORK) 
       setsockopt(fd, SOL_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1 ||
 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
       setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 ||
       setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1 ||
 #endif 
       bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == -1)
-    {
-      close(fd);
-      close(tcpfd);
-      return NULL;
-    }
-  
+    return NULL;
+      
   l = safe_malloc(sizeof(struct listener));
   l->family = AF_INET;
   l->fd = fd;
@@ -345,47 +291,62 @@ struct listener *create_wildcard_listeners(int port)
   l->next = l6;
 
   return l;
-
-#endif
 }
 
-struct listener *create_bound_listeners(struct irec *interfaces, int port)
+struct listener *create_bound_listeners(struct daemon *daemon)
 {
 
   struct listener *listeners = NULL;
   struct irec *iface;
-  int flags = port, opt = 1;
+  int opt = 1;
   
-  for (iface = interfaces ;iface; iface = iface->next)
+  for (iface = daemon->interfaces; iface; iface = iface->next)
     {
       struct listener *new = safe_malloc(sizeof(struct listener));
       new->family = iface->addr.sa.sa_family;
+      new->iface = iface;
       new->next = listeners;
-      listeners = new;
       if ((new->tcpfd = socket(iface->addr.sa.sa_family, SOCK_STREAM, 0)) == -1 ||
 	  (new->fd = socket(iface->addr.sa.sa_family, SOCK_DGRAM, 0)) == -1 ||
 	  setsockopt(new->fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
 	  setsockopt(new->tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
-	  /* See Stevens 16.6 */
-	  (flags = fcntl(new->tcpfd, F_GETFL, 0)) == -1 ||
-	  fcntl(new->tcpfd, F_SETFL, flags | O_NONBLOCK) == -1 ||
-	  (flags = fcntl(new->fd, F_GETFL, 0)) == -1 ||
-	  fcntl(new->fd, F_SETFL, flags | O_NONBLOCK) == -1)
-	die("failed to create listening socket: %s", NULL);
+	  !fix_fd(new->tcpfd) ||
+	  !fix_fd(new->fd))
+	die(_("failed to create listening socket: %s"), NULL);
       
 #ifdef HAVE_IPV6
       if (iface->addr.sa.sa_family == AF_INET6)
 	{
 	  if (setsockopt(new->fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 ||
 	      setsockopt(new->tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
-	    die("failed to set IPV6 options on listening socket: %s", NULL);
+	    die(_("failed to set IPV6 options on listening socket: %s"), NULL);
 	}
 #endif
       
       if (bind(new->tcpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1 ||
-	  bind(new->fd, &iface->addr.sa, sa_len(&iface->addr)) == -1 ||
-	  listen(new->tcpfd, 5) == -1)
-	die("failed to bind listening socket: %s", NULL);
+	  bind(new->fd, &iface->addr.sa, sa_len(&iface->addr)) == -1)
+	{
+#ifdef HAVE_IPV6
+	  if (iface->addr.sa.sa_family == AF_INET6 && errno == ENODEV)
+	    {
+	      close(new->tcpfd);
+	      close(new->fd);
+	      free(new);
+	    }
+	  else
+#endif
+	    {
+	      prettyprint_addr(&iface->addr, daemon->namebuff);
+	      die(_("failed to bind listening socket for %s: %s"), 
+		  daemon->namebuff);
+	    }
+	}
+      else
+	 {
+	   listeners = new;     
+	   if (listen(new->tcpfd, 5) == -1)
+	     die(_("failed to listen on socket: %s"), NULL);
+	 }
     }
   
   return listeners;
@@ -394,7 +355,6 @@ struct listener *create_bound_listeners(struct irec *interfaces, int port)
 struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds)
 {
   struct serverfd *sfd;
-  int flags;
 
   /* may have a suitable one already */
   for (sfd = *sfds; sfd; sfd = sfd->next )
@@ -413,8 +373,7 @@ struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds)
     }
   
   if (bind(sfd->fd, (struct sockaddr *)addr, sa_len(addr)) == -1 ||
-      (flags = fcntl(sfd->fd, F_GETFL, 0)) == -1 ||
-      fcntl(sfd->fd, F_SETFL, flags | O_NONBLOCK) == -1)
+      !fix_fd(sfd->fd))
     {
       int errsave = errno; /* save error from bind. */
       close(sfd->fd);
@@ -430,45 +389,34 @@ struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds)
   return sfd;
 }
 
-void check_servers(struct daemon *daemon, struct irec *interfaces)
+void check_servers(struct daemon *daemon)
 {
-  char addrbuff[ADDRSTRLEN];
   struct irec *iface;
   struct server *new, *tmp, *ret = NULL;
   int port = 0;
 
-  /* forward table rules reference servers, so have to blow them away */
-  forward_init(0);
-  
-  daemon->last_server = NULL;
-  
   for (new = daemon->servers; new; new = tmp)
     {
       tmp = new->next;
       
       if (!(new->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)))
 	{
-#ifdef HAVE_IPV6
-	  if (new->addr.sa.sa_family == AF_INET)
+	  port = prettyprint_addr(&new->addr, daemon->namebuff);
+
+	  /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
+	  if (new->addr.sa.sa_family == AF_INET &&
+	      new->addr.in.sin_addr.s_addr == 0)
 	    {
-	      inet_ntop(AF_INET, &new->addr.in.sin_addr, addrbuff, ADDRSTRLEN);
-	      port = ntohs(new->addr.in.sin_port);
+	      free(new);
+	      continue;
 	    }
-	  else if (new->addr.sa.sa_family == AF_INET6)
-	    {
-	      inet_ntop(AF_INET6, &new->addr.in6.sin6_addr, addrbuff, ADDRSTRLEN);
-	      port = ntohs(new->addr.in6.sin6_port);
-	    }
-#else
-	  strcpy(addrbuff, inet_ntoa(new->addr.in.sin_addr));
-	  port = ntohs(new->addr.in.sin_port); 
-#endif
-	  for (iface = interfaces; iface; iface = iface->next)
+
+	  for (iface = daemon->interfaces; iface; iface = iface->next)
 	    if (sockaddr_isequal(&new->addr, &iface->addr))
 	      break;
 	  if (iface)
 	    {
-	      syslog(LOG_WARNING, "ignoring nameserver %s - local interface", addrbuff);
+	      syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff);
 	      free(new);
 	      continue;
 	    }
@@ -477,7 +425,7 @@ void check_servers(struct daemon *daemon, struct irec *interfaces)
 	  if (!new->sfd && !(new->sfd = allocate_sfd(&new->source_addr, &daemon->sfds)))
 	    {
 	      syslog(LOG_WARNING, 
-		     "ignoring nameserver %s - cannot make/bind socket: %m", addrbuff);
+		     _("ignoring nameserver %s - cannot make/bind socket: %m"), daemon->namebuff);
 	      free(new);
 	      continue;
 	    }
@@ -491,40 +439,52 @@ void check_servers(struct daemon *daemon, struct irec *interfaces)
 	{
 	  char *s1, *s2;
 	  if (new->flags & SERV_HAS_DOMAIN)
-	    s1 = "domain", s2 = new->domain;
+	    s1 = _("domain"), s2 = new->domain;
 	  else
-	    s1 = "unqualified", s2 = "domains";
+	    s1 = _("unqualified"), s2 = _("domains");
 	  
 	  if (new->flags & SERV_NO_ADDR)
-	    syslog(LOG_INFO, "using local addresses only for %s %s", s1, s2);
+	    syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
 	  else if (!(new->flags & SERV_LITERAL_ADDRESS))
-	    syslog(LOG_INFO, "using nameserver %s#%d for %s %s", addrbuff, port, s1, s2);
+	    syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2);
 	}
       else
-	syslog(LOG_INFO, "using nameserver %s#%d", addrbuff, port); 
+	syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port); 
     }
   
   daemon->servers = ret;
 }
-  
-void reload_servers(char *fname, struct daemon *daemon)
+
+/* Return zero if no servers found, in that case we keep polling.
+   This is a protection against an update-time/write race on resolv.conf */
+int reload_servers(char *fname, struct daemon *daemon)
 {
   FILE *f;
   char *line;
   struct server *old_servers = NULL;
   struct server *new_servers = NULL;
-  struct server *serv = daemon->servers;
+  struct server *serv;
+  int gotone = 0;
 
+  /* buff happens to be MAXDNAME long... */
+  if (!(f = fopen(fname, "r")))
+    {
+      syslog(LOG_ERR, _("failed to read %s: %m"), fname);
+      return 0;
+    }
+  
   /* move old servers to free list - we can reuse the memory 
      and not risk malloc if there are the same or fewer new servers. 
      Servers which were specced on the command line go to the new list. */
-  while (serv)
+  for (serv = daemon->servers; serv;)
     {
       struct server *tmp = serv->next;
       if (serv->flags & SERV_FROM_RESOLV)
 	{
 	  serv->next = old_servers;
-	  old_servers = serv;
+	  old_servers = serv; 
+	  /* forward table rules reference servers, so have to blow them away */
+	  server_gone(daemon, serv);
 	}
       else
 	{
@@ -533,81 +493,68 @@ void reload_servers(char *fname, struct daemon *daemon)
 	}
       serv = tmp;
     }
-
-  /* buff happens to be NAXDNAME long... */
-  f = fopen(fname, "r");
-  if (!f)
-    {
-      syslog(LOG_ERR, "failed to read %s: %m", fname);
-    }
-  else
-    {
-      syslog(LOG_INFO, "reading %s", fname);
-      while ((line = fgets(daemon->namebuff, MAXDNAME, f)))
-	{
-	  union  mysockaddr addr, source_addr;
-	  char *token = strtok(line, " \t\n\r");
-	  struct server *serv;
-	  
-	  if (!token || strcmp(token, "nameserver") != 0)
-	    continue;
-	  if (!(token = strtok(NULL, " \t\n\r")))
-	    continue;
-	  
-#ifdef HAVE_IPV6
-          if (inet_pton(AF_INET, token, &addr.in.sin_addr))
-#else
-          if ((addr.in.sin_addr.s_addr = inet_addr(token)) != (in_addr_t) -1)
-#endif
-	    {
-#ifdef HAVE_SOCKADDR_SA_LEN
-	      source_addr.in.sin_len = addr.in.sin_len = sizeof(struct sockaddr_in);
-#endif
-	      source_addr.in.sin_family = addr.in.sin_family = AF_INET;
-	      addr.in.sin_port = htons(NAMESERVER_PORT);
-	      source_addr.in.sin_addr.s_addr = INADDR_ANY;
-	      source_addr.in.sin_port = htons(daemon->query_port);
-	    }
-#ifdef HAVE_IPV6
-	  else if (inet_pton(AF_INET6, token, &addr.in6.sin6_addr))
-	    {
-#ifdef HAVE_SOCKADDR_SA_LEN
-	      source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(struct sockaddr_in6);
-#endif
-	      source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
-	      addr.in6.sin6_port = htons(NAMESERVER_PORT);
-	      source_addr.in6.sin6_flowinfo = addr.in6.sin6_flowinfo = htonl(0);
-	      source_addr.in6.sin6_addr = in6addr_any;
-	      source_addr.in6.sin6_port = htons(daemon->query_port);
-	    }
-#endif /* IPV6 */
-	  else
-	    continue;
-	  
-	  if (old_servers)
-	    {
-	      serv = old_servers;
-	      old_servers = old_servers->next;
-	    }
-	  else if (!(serv = malloc(sizeof (struct server))))
-	    continue;
-	  
-	  /* this list is reverse ordered: 
-	     it gets reversed again in check_servers */
-	  serv->next = new_servers;
-	  new_servers = serv;
-	  serv->addr = addr;
-	  serv->source_addr = source_addr;
-	  serv->domain = NULL;
-	  serv->sfd = NULL;
-	  serv->flags = SERV_FROM_RESOLV;
-	}
   
-      fclose(f);
-    }
+  while ((line = fgets(daemon->namebuff, MAXDNAME, f)))
+    {
+      union mysockaddr addr, source_addr;
+      char *token = strtok(line, " \t\n\r");
+      
+      if (!token || strcmp(token, "nameserver") != 0)
+	continue;
+      if (!(token = strtok(NULL, " \t\n\r")))
+	continue;
+      
+      memset(&addr, 0, sizeof(addr));
+      memset(&source_addr, 0, sizeof(source_addr));
+      
+      if ((addr.in.sin_addr.s_addr = inet_addr(token)) != (in_addr_t) -1)
+	{
+#ifdef HAVE_SOCKADDR_SA_LEN
+	  source_addr.in.sin_len = addr.in.sin_len = sizeof(source_addr.in);
+#endif
+	  source_addr.in.sin_family = addr.in.sin_family = AF_INET;
+	  addr.in.sin_port = htons(NAMESERVER_PORT);
+	  source_addr.in.sin_addr.s_addr = INADDR_ANY;
+	  source_addr.in.sin_port = htons(daemon->query_port);
+	}
+#ifdef HAVE_IPV6
+      else if (inet_pton(AF_INET6, token, &addr.in6.sin6_addr) > 0)
+	{
+#ifdef HAVE_SOCKADDR_SA_LEN
+	  source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(source_addr.in6);
+#endif
+	  source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
+	  addr.in6.sin6_port = htons(NAMESERVER_PORT);
+	  source_addr.in6.sin6_addr = in6addr_any;
+	  source_addr.in6.sin6_port = htons(daemon->query_port);
+	}
+#endif /* IPV6 */
+      else
+	continue;
+      
+      if (old_servers)
+	{
+	  serv = old_servers;
+	  old_servers = old_servers->next;
+	}
+      else if (!(serv = malloc(sizeof (struct server))))
+	continue;
+      
+      /* this list is reverse ordered: 
+	 it gets reversed again in check_servers */
+      serv->next = new_servers;
+      new_servers = serv;
+      serv->addr = addr;
+      serv->source_addr = source_addr;
+      serv->domain = NULL;
+      serv->sfd = NULL;
+      serv->flags = SERV_FROM_RESOLV;
 
+      gotone = 1;
+    }
+  
   /* Free any memory not used. */
-  while(old_servers)
+  while (old_servers)
     {
       struct server *tmp = old_servers->next;
       free(old_servers);
@@ -615,6 +562,9 @@ void reload_servers(char *fname, struct daemon *daemon)
     }
 
   daemon->servers = new_servers;
+  fclose(f);
+
+  return gotone;
 }
 
 

src/util.c

@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000 Simon Kelley
+/* dnsmasq is Copyright (c) 2000 - 2005 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -15,6 +15,10 @@
 
 #include "dnsmasq.h"
 
+#ifdef HAVE_BROKEN_RTC
+#include <sys/times.h>
+#endif
+
 /* Prefer arc4random(3) over random(3) over rand(3) */
 /* Also prefer /dev/urandom over /dev/random, to preserve the entropy pool */
 #ifdef HAVE_ARC4RANDOM
@@ -85,18 +89,6 @@ unsigned short rand16(void)
   return( (unsigned short) (rand() >> 15) );
 }
 
-int atoi_check(char *a, int *res)
-{
-  char *p;
-
-  for (p = a; *p; p++)
-     if (*p < '0' || *p > '9')
-       return 0;
-
-  *res = atoi(a);
-  return 1;
-}
-
 int legal_char(char c)
 {
   /* check for legal char a-z A-Z 0-9 - 
@@ -113,50 +105,57 @@ int legal_char(char c)
 int canonicalise(char *s)
 {
   /* check for legal chars and remove trailing . 
-     also fail empty string. */
-  int l = strlen(s);
+     also fail empty string and label > 63 chars */
+  size_t dotgap = 0, l = strlen(s);
   char c;
 
-  if (l == 0) return 0;
+  if (l == 0 || l > MAXDNAME) return 0;
 
   if (s[l-1] == '.')
     {
       if (l == 1) return 0;
       s[l-1] = 0;
     }
-
-  while ((c = *s++))
-    if (c != '.' && !legal_char(c))
-      return 0;
   
+  while ((c = *s))
+    {
+      if (c == '.')
+	dotgap = 0;
+      else if (!legal_char(c) || (++dotgap > MAXLABEL))
+	return 0;
+      s++;
+    }
   return 1;
 }
 
+unsigned char *do_rfc1035_name(unsigned char *p, char *sval)
+{
+  int j;
+  
+  while (sval && *sval)
+    {
+      unsigned char *cp = p++;
+      for (j = 0; *sval && (*sval != '.'); sval++, j++)
+	*p++ = *sval;
+      *cp  = j;
+      if (*sval)
+	sval++;
+    }
+  return p;
+}
+
 /* for use during startup */
-void *safe_malloc(int size)
+void *safe_malloc(size_t size)
 {
   void *ret = malloc(size);
   
   if (!ret)
-    die("could not get memory", NULL);
+    die(_("could not get memory"), NULL);
      
   return ret;
-}
-    
-char *safe_string_alloc(char *cp)
-{
-  char *ret = NULL;
+}    
 
-  if (cp && strlen(cp) != 0)
-    {
-      ret = safe_malloc(strlen(cp)+1);
-      strcpy(ret, cp);
-    }
-
-  return ret;
-}
-
-void complain(char *message, char *arg1)
+static void log_err(char *message, char *arg1)
 {
   char *errmess = strerror(errno);
   
@@ -170,10 +169,18 @@ void complain(char *message, char *arg1)
   syslog(LOG_CRIT, message, arg1, errmess);
 }
 
+void complain(char *message, int lineno, char *file)
+{
+  char buff[256];
+  
+  sprintf(buff, _("%s at line %d of %%s"), message, lineno);
+  log_err(buff, file);
+}
+
 void die(char *message, char *arg1)
 {
-  complain(message, arg1);
-  syslog(LOG_CRIT, "FAILED to start up");
+  log_err(message, arg1);
+  syslog(LOG_CRIT, _("FAILED to start up"));
   exit(1);
 }
 
@@ -183,13 +190,12 @@ int sockaddr_isequal(union mysockaddr *s1, union mysockaddr *s2)
     { 
       if (s1->sa.sa_family == AF_INET &&
 	  s1->in.sin_port == s2->in.sin_port &&
-	  memcmp(&s1->in.sin_addr, &s2->in.sin_addr, sizeof(struct in_addr)) == 0)
+	  s1->in.sin_addr.s_addr == s2->in.sin_addr.s_addr)
 	return 1;
 #ifdef HAVE_IPV6      
       if (s1->sa.sa_family == AF_INET6 &&
 	  s1->in6.sin6_port == s2->in6.sin6_port &&
-	  s1->in6.sin6_flowinfo == s2->in6.sin6_flowinfo &&
-	  memcmp(&s1->in6.sin6_addr, &s2->in6.sin6_addr, sizeof(struct in6_addr)) == 0)
+	  IN6_ARE_ADDR_EQUAL(&s1->in6.sin6_addr, &s2->in6.sin6_addr))
 	return 1;
 #endif
     }
@@ -211,13 +217,13 @@ int sa_len(union mysockaddr *addr)
 }
 
 /* don't use strcasecmp and friends here - they may be messed up by LOCALE */
-int hostname_isequal(unsigned char *a, unsigned char *b)
+int hostname_isequal(char *a, char *b)
 {
   unsigned int c1, c2;
   
   do {
-    c1 = *a++;
-    c2 = *b++;
+    c1 = (unsigned char) *a++;
+    c2 = (unsigned char) *b++;
     
     if (c1 >= 'A' && c1 <= 'Z')
       c1 += 'a' - 'A';
@@ -231,18 +237,17 @@ int hostname_isequal(unsigned char *a, unsigned char *b)
   return 1;
 }
     
-time_t dnsmasq_time(int fd)
+time_t dnsmasq_time(void)
 {
 #ifdef HAVE_BROKEN_RTC
-  /* we use uptime as a time-base, rather than epoch time
-     because epoch time can break when a machine contacts
-     a nameserver and updates it. */
-  char buf[30];
-  lseek(fd, 0, SEEK_SET);
-  read(fd, buf, 30);
-  return (time_t)atol(buf);
+  struct tms dummy;
+  static long tps = 0;
+
+  if (tps == 0)
+    tps = sysconf(_SC_CLK_TCK);
+
+  return (time_t)(times(&dummy)/tps);
 #else
-  fd = 0; /* stop warning */
   return time(NULL);
 #endif
 }
@@ -268,3 +273,185 @@ int retry_send(void)
 
    return 0;
 }
+
+/* returns port number from address */
+int prettyprint_addr(union mysockaddr *addr, char *buf)
+{
+  int port = 0;
+  
+#ifdef HAVE_IPV6
+  if (addr->sa.sa_family == AF_INET)
+    {
+      inet_ntop(AF_INET, &addr->in.sin_addr, buf, ADDRSTRLEN);
+      port = ntohs(addr->in.sin_port);
+    }
+  else if (addr->sa.sa_family == AF_INET6)
+    {
+      inet_ntop(AF_INET6, &addr->in6.sin6_addr, buf, ADDRSTRLEN);
+      port = ntohs(addr->in6.sin6_port);
+    }
+#else
+  strcpy(buf, inet_ntoa(addr->in.sin_addr));
+  port = ntohs(addr->in.sin_port); 
+#endif
+  
+  return port;
+}
+
+void prettyprint_time(char *buf, unsigned int t)
+{
+  if (t == 0xffffffff)
+    sprintf(buf, _("infinite"));
+  else
+    {
+      unsigned int x, p = 0;
+       if ((x = t/86400))
+	p += sprintf(&buf[p], "%dd", x);
+       if ((x = (t/3600)%24))
+	p += sprintf(&buf[p], "%dh", x);
+      if ((x = (t/60)%60))
+	p += sprintf(&buf[p], "%dm", x);
+      if ((x = t%60))
+	p += sprintf(&buf[p], "%ds", x);
+    }
+}
+
+
+/* in may equal out, when maxlen may be -1 (No max len). */
+int parse_hex(char *in, unsigned char *out, int maxlen, 
+	      unsigned int *wildcard_mask, int *mac_type)
+{
+  int mask = 0, i = 0;
+  char *r;
+    
+  if (mac_type)
+    *mac_type = 0;
+  
+  while (maxlen == -1 || i < maxlen)
+    {
+      for (r = in; *r != 0 && *r != ':' && *r != '-'; r++);
+      if (*r == 0)
+	maxlen = i;
+      
+      if (r != in )
+	{
+	  if (*r == '-' && i == 0 && mac_type)
+	   {
+	      *r = 0;
+	      *mac_type = strtol(in, NULL, 16);
+	      mac_type = NULL;
+	   }
+	  else
+	    {
+	      *r = 0;
+	      mask = mask << 1;
+	      if (strcmp(in, "*") == 0)
+		mask |= 1;
+	      else
+		out[i] = strtol(in, NULL, 16);
+	      i++;
+	    }
+	}
+      in = r+1;
+    }
+  
+  if (wildcard_mask)
+    *wildcard_mask = mask;
+
+  return i;
+}
+
+int memcmp_masked(unsigned char *a, unsigned char *b, int len, unsigned int mask)
+{
+  int i;
+  for (i = len - 1; i >= 0; i--, mask = mask >> 1)
+    if (!(mask & 1) && a[i] != b[i])
+      return 0;
+
+  return 1;
+}
+
+/* _note_ may copy buffer */
+int expand_buf(struct iovec *iov, size_t size)
+{
+  void *new;
+
+  if (size <= iov->iov_len)
+    return 1;
+
+  if (!(new = malloc(size)))
+    {
+      errno = ENOMEM;
+      return 0;
+    }
+
+  if (iov->iov_base)
+    {
+      memcpy(new, iov->iov_base, iov->iov_len);
+      free(iov->iov_base);
+    }
+
+  iov->iov_base = new;
+  iov->iov_len = size;
+
+  return 1;
+}
+
+char *print_mac(struct daemon *daemon, unsigned char *mac, int len)
+{
+  char *p = daemon->namebuff;
+  int i;
+   
+  if (len == 0)
+    sprintf(p, "<null>");
+  else
+    for (i = 0; i < len; i++)
+      p += sprintf(p, "%.2x%s", mac[i], (i == len - 1) ? "" : ":");
+  
+  return daemon->namebuff;
+}
+
+void bump_maxfd(int fd, int *max)
+{
+  if (fd > *max)
+    *max = fd;
+}
+
+void log_start(struct daemon *daemon)
+{
+  if (daemon->options & OPT_DEBUG)   
+    {
+#ifdef LOG_PERROR
+      openlog("dnsmasq", LOG_PERROR, daemon->log_fac);
+#else
+      openlog("dnsmasq", 0, daemon->log_fac);
+#endif
+    }
+  else
+    openlog("dnsmasq", LOG_PID, daemon->log_fac);
+}
+
+int read_write(int fd, unsigned char *packet, int size, int rw)
+{
+  ssize_t n, done;
+  
+  for (done = 0; done < size; done += n)
+    {
+    retry:
+      if (rw)
+        n = read(fd, &packet[done], (size_t)(size - done));
+      else
+        n = write(fd, &packet[done], (size_t)(size - done));
+
+      if (n == 0)
+        return 0;
+      else if (n == -1)
+        {
+          if (errno == EINTR || errno == ENOMEM || errno == ENOBUFS)
+            goto retry;
+          else
+            return 0;
+        }
+    }
+  return 1;
+}