import of dnsmasq-2.45.tar.gz

CHANGELOG

@@ -45,7 +45,7 @@ release 0.95  Major rewrite: remove calls to gethostbyname() and talk
                   dnsmasq to serve names to the machine it is running
                   on (put nameserver 127.0.0.1 in /etc/resolv.conf and
                   give dnsmasq the option -r /etc/resolv.dnsmasq)
-              (6) Dnsmasq will re-read it's servers if the
+              (6) Dnsmasq will re-read its servers if the
                   modification time of resolv.conf changes. Along with
                   4 above this allows nameservers to be set
 		  automatically by ppp or dhcp.	 
@@ -1076,7 +1076,7 @@ release 2.10
 
 	    NAK attempts to renew a pool DHCP lease when a statically
 	    allocated address has become available, forcing a host to
-	    move to it's allocated address. Lots of people have
+	    move to its allocated address. Lots of people have
 	    suggested this change and been rebuffed (they know who
 	    they are) the straws that broke the camel's back were Tim
 	    Cutts and Jamie Lokier.
@@ -1639,3 +1639,973 @@ version 2.26
 	    network. Thanks to Lutz Pressler for the bug report and
 	    patch.
 
+version 2.27
+	    Tweaked DHCP behaviour when a client attempts to renew a lease
+            which dnsmasq doesn't know about. Previously that would always
+            result in a DHCPNAK. Now, in dhcp-authoritative mode, the
+            lease will be created, if it's legal. This makes dnsmasq work
+            better if the lease database is lost, for example on an OpenWRT
+	    system which reboots. Thanks to Stephen Rose for work on
+	    this.
+
+	    Added the ability to support RFC-3442 style destination
+	    descriptors in dhcp-options. This makes classless static
+	    routes easy to do, eg dhcp-option=121,192.168.1.0/24,1.2.3.4
+
+	    Added error-checking to the code which writes the lease
+	    file. If this fails for any reason, an error is logged,
+	    and a retry occurs after one minute. This should improve
+	    things eg when a filesystem is full. Thanks to Jens Holze
+	    for the bug report.
+
+	    Fixed breakage of the "/#/ matches any domain" facility
+	    which happened in 2.24. Thanks to Peter Surda for the bug
+	    report.
+
+	    Use "size_t" and "ssize_t" types where appropriate in the
+	    code.
+
+	    Fix buggy CNAME handling in mixed IPv4 and IPv6
+	    queries. Thanks to Andreas Pelme for help finding that.
+
+	    Added some code to attempt to re-transmit DNS queries when 
+	    a network interface comes up.  This helps on DoD links, 
+	    where frequently the packet which triggers dialling is
+            a DNS query, which then gets lost. By re-sending, we can 
+	    avoid the lookup failing. This function is only active
+	    when netlink support is compiled in, and therefore only
+	    under Linux. Thanks to Jean Wolter for help with this.
+
+	    Tweaked the DHCP tag-matching code to work correctly with
+	    NOT-tag conditions. Thanks to Lutz Pressler for finding
+	    the bug.
+
+	    Generalised netid-tag matching in dhcp-range statements to
+	    allow more than one tag.
+
+	    Added --dhcp-mac to do MAC address matching in the same
+	    way as vendorclass and userclass matching. A good
+	    suggestion from Lutz Pressler.
+
+	    Add workaround for buggy early Microsoft DHCP clients
+	    which need zero-termination in string options.
+	    Thanks to Fabiano Pires for help with this.
+
+	    Generalised the DHCP code to cope with any hardware
+	    address type, at least on Linux. *BSD is still limited to
+	    ethernet only.
+
+version 2.28
+            Eliminated all raw network access when running on
+            Linux. All DHCP network activity now goes through the IP
+            stack. Packet sockets are no longer required. Apart from
+            being a neat hack, this should also allow DHCP over IPsec
+            to work better. On *BSD and OS X, the old method of raw net
+            access through BPF is retained.
+
+	    Simplified build options. Networking is now slimmed down
+	    to a choice of "linux" or "other". Netlink is always used
+	    under Linux. Since netlink has been available since 2.2
+	    and non-optional in an IPv4-configured  kernel since 2.4,
+	    and the dnsmasq netlink code is now well tested, this 
+	    should work out fine. 
+
+	    Removed decayed build support for libc5 and Solaris.
+	    
+	    Removed pselect code: use a pipe for race-free signal
+	    handling instead, as this works everywhere.
+
+	    No longer enable the ISC leasefile reading code in the
+	    distributed sources. I doubt there are many people left
+	    using this 1.x compatibility code. Those that are will
+	    have to explicitly enable it in src/config.h.
+
+	    Don't send the "DHCP maximum message size" option, even if 
+	    requested. RFC2131 says this is a "MUST NOT".
+
+	    Support larger-than-minimum DHCP message. Dnsmasq is now
+	    happy to get larger than 576-byte DHCP messages, and will
+	    return large messages, if permitted by the "maximum
+	    message size" option of the message to which it is
+	    replying. There's now an arbitrary sanity limit of 16384
+	    bytes.
+
+	    Added --no-ping option. This fixes an RFC2131 "SHOULD".
+
+	    Building on the 2.27 MAC-address changes, allow clients to 
+	    provide no MAC address at all, relying on the client-id as
+	    a unique identifier. This should make things like DHCP for
+	    USB come easier.
+
+	    Fixed regression in netlink code under 2.2.x kernels which 
+	    occurred in 2.27. Erik Jan Tromp is the vintage kernel fan 
+	    who found this. P.S. It looks like this "netlink bind:
+	    permission denied" problem occured in kernels at least as
+	    late a 2.4.18. Good information from Alain Richoux.
+
+	    Added a warning when it's impossible to give a host its
+	    configured address because the address is leased
+	    elsewhere.  A sensible suggestion from Mircea Bardac.
+
+	    Added minimal support for RFC 3046 DHCP relay agent-id
+	    options. The DHCP server now echoes these back to the
+	    relay, as required by the RFC. Also, RFC 3527 link selection 
+	    sub-options are honoured.
+
+	    Set the process "dumpable" flag when running in debug
+	    mode: this makes getting core dumps from root processes
+	    much easier.
+	    
+	    Fixed one-byte buffer overflow which seems to only cause
+	    problems when dnsmasq is linked with uclibc. Thanks to
+	    Eric House and Eric Spakman for help in chasing this down.
+
+	    Tolerate configuration screwups which lead to the DHCP
+	    server attemping to allocate its own address to a
+	    client; eg setting the whole subnet range as a DHCP
+	    range. Addresses in use by the server are now excluded
+	    from use by clients.
+
+	    Did some thinking about HAVE_BROKEN_RTC mode, and made it
+	    much simpler and better. The key is to just keep lease
+	    lengths in the lease file. Since these normally never
+	    change, even as the lease is renewed, the lease file never
+	    needs to change except when machines arrive on the network
+	    or leave. This eliminates the code for timed writes, and
+	    reduces the amount of wear on a flash filesystem to the
+	    absolute minimum. Also re-did the basic time function in
+	    this mode to use the portable times(), rather than parsing
+	    /proc/uptime.
+
+	    Believe the source port number when replying to unicast 
+	    DHCP requests and DHCP requests via a relay, instead of always 
+            using the standard ports.  This will allow relays on 
+            non-standard ports and DHCPINFORM from unprivileged ports
+            to work. The source port sent by unconfigured clients is still 
+            ignored, since this may be unreliable. This means that a DHCP 
+            client must use the standard port to do full configuration.
+ 
+version 2.29
+	    Fixed compilation on OpenBSD (thanks to Tom Hensel for the
+	    report). 
+
+	    Fixed false "no interface" errors when --bind-interfaces is
+	    set along with --interface=lo or --listen-address. Thanks
+	    to Paul Wise for the report.
+
+	    Updated patch for SuSE rpm. Thanks to Steven Springl.
+
+	    It turns out that there are some Linux kernel
+	    configurations which make using the capability system
+	    impossible. If this situation occurs then continue, running
+	    as root, and log a warning. Thanks to Scott Wehrenberg
+	    for help tracking this down.
+
+version 2.30
+            Fixed crash when a DHCP client requested a broadcast
+            reply. This problem was introduced in version 2.28.
+	    Thanks to Sandra Dekkers for the bug report.
+
+version 2.31
+	    Added --dhcp-script option. There have been calls for this
+	    for a long time from many good people. Fabio Muzzi gets
+	    the prize for finally convincing me.
+
+	    Added example dbus config file and moved dbus stuff into
+	    its own directory.
+
+	    Removed horribly outdated Redhat RPM build files. These
+	    are obsolete now that dnsmasq in in Fedora extras. Thanks
+	    to Patrick "Jima" Laughton, the Fedora package
+	    maintainer.
+
+	    Added workaround for Linux kernel bug. This manifests
+	    itself as failure of DHCP on kernels with "support for
+	    classical IP over ATM" configured. That includes most
+	    Debian kernel packages. Many thanks to A. Costa and
+	    Benjamin Kudria for their huge efforts in chasing this
+	    down.
+
+	    Force-kill child processes when dnsmasq is sent a sigterm,
+	    otherwise an unclosed TCP connection could keep dnsmasq
+	    hanging round for a few minutes.
+
+	    Tweaked config.h logic for uclibc build. It will now pick
+	    up MMU and IPV6 status correctly on every system I tested.
+
+version 2.32 
+	    Attempt a better job of replacing previous configuration
+	    when re-reading /etc/hosts and /etc/ethers. SIGHUP is
+	    still not identical to a restart under all circumstances,
+	    but it is for the common case of name->MAC address in
+	    /etc/ethers and name->IP address in /etc/hosts.
+
+	    Fall back to broadcast for DHCP to an unconfigured client
+	    when the MAC address size is greater than 14 bytes.
+
+	    Fix problem in 2.28-onwards releases which breaks DNS on
+	    Mac OS X. Thanks to Doug Fields for the bug report and
+	    testing.
+
+	    Added fix to allow compilation on c89-only compilers.
+	    Thanks to John Mastwijk for the patch.
+	   
+	    Tweak resolv file polling code to work better if there is
+	    a race between updating the mtime and file contents. This
+	    is not normally a problem, but it can be on systems which
+	    replace nameservers whilst active. The code now continues
+	    to read resolv.conf until it gets at least one usable
+	    server. Thanks to Holger Mauermann for help with this.
+
+	    If a client DECLINEs an address which is allocated to it
+	    via dhcp-host or /etc/hosts, lock that address out of use
+	    for ten minutes, instead of forever, and log when it's not
+	    being used because of the lock-out. This should provide
+	    less surprising behaviour when a configured address can't be
+	    used. Thanks to Peter Surda and Heinz Deinhart for input
+	    on this.
+
+	    Fixed *BSD DHCP breakage with only some
+	    arches/compilers, depending on structure padding rules.
+	    Thanks to Jeb Campbell and Tom Hensel for help with this.
+
+	    Added --conf-dir option. Suggestion from Aaron Tygart.
+
+	    Applied patch from Brent Cook which allows netids in
+	    dhcp-option configuration lines to be prefixed by
+	    "net:". This is not required by the syntax, but it is
+	    consistent with other configuration items.
+
+	    Added --log-facility option. Suggestion from Fabio Muzzi.
+
+	    Major update to Spanish translation. Many thanks to Chris
+	    Chatham. 
+
+	    Fixed gcc-4.1 strict-alias compilation warning.
+
+version 2.33
+            Remove bash-specific shellcode from the Makefile.
+
+	    Fix breakage with some DHCP relay implementations which
+	    was introduced in 2.28. Believing the source port in
+	    DHCP requests and sending the reply there is sometimes a
+	    bad thing to do, so I've reverted to always sending to
+	    the relay on port 68. Thanks to Daniel Hamlin and Alex
+	    (alde) for bug reports on this.
+
+	    Moved the SuSe packaging files to contrib. I will no
+	    longer attempt to maintain this in the source tarball. It
+	    will be done externally, in the same way as packaging for
+	    other distros. Suse packages are available from 
+	    ftp://ftp.suse.com/pub/people/ug/
+	    
+	    Merged patch from Gentoo to honour $LDFLAGS environment.
+
+	    Fix bug in resolv.conf processing when more than one file
+	    is being checked.
+
+	    Add --dns-forward-max option.
+
+	    Warn if --resolv-file flags are ignored because of
+	    --no-resolv. Thanks to Martin F Krafft for spotting this
+	    one.
+
+            Add --leasefile-ro option which allows the use of an 
+            external lease database. Many thanks to Steve Horbachuk 
+	    for assistance developing this feature.
+
+	    Provide extra information to lease-change script via its
+	    environment. If the host has a client-id, then
+	    DNSMASQ_CLIENT_ID will be set. Either the lease length (in
+	    DNSMASQ_LEASE_LENGTH) or lease expiry time (in
+	    DNSMASQ_LEASE_EXPIRES) will be set, depending on the
+	    HAVE_BROKEN_RTC compile-time option. This extra
+	    information should make it possible to maintain the lease
+	    database in external storage such as LDAP or a relational
+	    database. Note that while leasefile-ro is set, the script
+            will be called with "old"  events more often, since 
+	    changes to the client-id and lease length
+	    (HAVE_BROKEN_RTC) or lease expiry time (otherwise) 
+	    are now flagged. 
+
+	    Add contrib/wrt/* which is an example implementation of an
+	    external persistent lease database for *WRT distros with 
+	    the nvram command.
+
+	    Add contrib/wrt/dhcp_release.c which is a small utility 
+	    which removes DHCP leases using DHCPRELEASE operation in
+	    the DHCP protocol.
+
+version 2.34
+	    Tweak network-determination code for another corner case:
+	    in this case a host forced to move between dhcp-ranges on
+	    the same physical interface. Thanks to Matthias Andree.
+	    
+	    Improve handling of high DNS loads by throttling acceptance of
+	    new queries when resources are tight. This should be a
+	    better response than the "forwarding table full..."
+	    message which was logged before.
+
+	    Fixed intermittent infinite loop when re-reading
+	    /etc/ethers after SIGHUP. Thanks to Eldon Ziegler for the
+	    bug report.
+
+	    Provide extra information to the lease-change script: when
+	    a lease loses its hostname (because a new lease comes
+	    along and claims the same new), the "old" action is called 
+	    with the current state of the lease, ie no name. The
+	    change is to provide the former name which the lease had
+	    in the environment variable DNSMASQ_OLD_HOSTNAME. This
+	    helps scripts which do stuff based on hostname, rather
+	    than IP address. Also provide vendor-class and user-class
+	    information to the lease-change script when a new lease is
+	    created in the DNSMASQ_VENDOR_CLASS and
+	    DNSMASQ_USER_CLASS<n> environment variables. Suggestion 
+            from Francois-Xavier Le Bail.
+
+	    Run the lease change script as root, even when dnsmasq is
+	    configured to change UID to an unprivileged user. Since
+	    most uses of the lease change script need root, this
+	    allows its use whilst keeping the security advantages of
+	    running the daemon without privs. The script is invoked
+	    via a small helper process which keeps root UID, and
+	    validates all data received from the main process. To get
+	    root, an attacker would have to break dnsmasq and then
+	    break the helper through the restricted comms channel 
+	    linking the two.
+	    
+	    Add contrib/port-forward/* which is a script to set up 
+	    port-forwards using the DHCP lease-change script. It's
+	    possible to add a host to a config file by name, and when
+	    that host gets a DHCP lease, the script will use iptables
+	    to set up port-forwards to configured ports at the address
+	    which the host is allocated. The script also handles
+	    setting up the port-forward iptables entries after reboot,
+	    using the persistent lease database, and removing them
+	    when a host leaves and its DHCP lease expires.
+
+	    Fix unaligned access problem which caused wrong log
+	    messages with some clients on some architectures. Thanks
+	    to Francois-Xavier Le Bail for the bugreport.
+
+	    Fixed problem with DHCPRELEASE and multi-address
+	    interfaces. Enhanced contrib/wrt/dhcp_release to cope
+	    under these circumstances too. Thanks to Eldon Ziegler for
+	    input on this.
+
+	    Updated French translation: thanks to Gildas Le Nadan.
+
+	    Upgraded the name hash function in the DNS cache. Thanks
+	    to Oleg Khovayko for good work on this.
+
+	    Added --clear-on-reload flag.  Suggestion from Johannes
+	    Stezenbach.
+
+	    Treat a nameserver address of 0.0.0.0 as "nothing". Erwin 
+            Cabrera spotted that specifying a nameserver as 0.0.0.0 
+	    breaks things badly; this is because the network stack
+	    treats is as "this host" and an endless loop ensues.
+		   
+            Added Webmin module in contrib/webmin. Thanks to Neil
+            Fisher for that.
+
+version 2.35
+	    Generate an "old" script event when a client does a DHCPREQUEST
+	    in INIT-REBOOT or SELECTING state and the lease already
+	    exists. Supply vendor and user class information to these
+	    script calls.
+
+	    Added support for Dragonfly BSD to src/config.h
+
+	    Removed "Upgrading to 2.0" document, which is ancient
+	    history now.
+
+	    Tweak DHCP networking code for BSD, esp OpenBSD. Added a 
+	    workaround for a bug in OpenBSD 4.0: there should finally
+            be support for multiple interfaces under OpenBSD now.
+	    Note that no version of dnsmasq before 2.35 will work for 
+	    DHCP under OpenBSD 4.0 because of a kernel bug.
+	    Thanks to Claudio Jeker, Jeb Campbell and Cristobal 
+	    Palmer for help with this.
+
+	    Optimised the cache code for the case of large
+	    /etc/hosts. This is mainly to remove the O(n-squared)
+	    algorithm which made reading large (50000 lines) files 
+	    slow, but it also takes into account the size of 
+	    /etc/hosts when building hash tables, so overall 
+	    performance should be better. Thanks to "koko" for 
+	    pointing out the problem.
+
+version 2.36
+	    Added --dhcp-ignore-names flag which tells dnsmasq not to
+	    use names provided by DHCP clients. Suggestion from 
+	    Thomas M Steenholdt.
+
+	    Send netmask and broadcast address DHCP options always,
+	    even if the client doesn't request them. This makes a few
+	    odd clients work better.
+
+	    Added simple TFTP function, optimised for net-boot. It is
+	    now possible to net boot hosts using only dnsmasq. The
+	    TFTP server is read-only, binary-mode only, and designed to be
+	    secure; it adds about 4K to the dnsmasq binary. 
+ 
+	    Support DHCP option 120, SIP servers, (RFC 3361). Both
+            encodings are supported, so both --dhcp-option=120,192.168.2.3
+            and	--dhcp-option=120,sip.example.net will work. Brian
+            Candler pointed out the need for this.
+
+	    Allow spaces in domain names, to support DNS-SD.
+
+	    Add --ptr-record flag, again for DNS-SD. Thanks to Stephan 
+	    Sokolow for the suggestion.
+	    
+	    Tolerate leading space on lines in the config file. Thanks
+	    to Luigi Rizzo for pointing this out.
+
+	    Fixed netlink.c to cope with headers from the Linux 2.6.19
+	    kernel. Thanks to Philip Wall for the bug report.
+
+	    Added --dhcp-bridge option, but only to the FreeBSD
+	    build. This fixes an oddity with a a particular bridged
+	    network configuration on FreeBSD. Thanks to Luigi Rizzo
+	    for the patch.
+
+	    Added FAQ entry about running dnsmasq in a Linux
+	    vserver. Thanks to Gildas le Nadan for the information.  
+
+	    Fixed problem with option parsing which interpreted "/" as
+	    an address and not a string. Thanks to Luigi Rizzo
+	    for the patch.
+
+	    Ignore the --domain-needed flag when forwarding NS
+	    and SOA queries, since NS queries of TLDs are always legit.
+	    Marcus Better pointed out this problem.
+
+	    Take care to forward signed DNS requests bit-perfect, so
+	    as not to affect the validity of the signature. This
+	    should allow DDNS updates to be forwarded.
+
+version 2.37
+            Add better support for RFC-2855 DHCP-over-firewire and RFC
+           -4390 DHCP-over-InfiniBand. A good suggestion from Karl Svec.
+
+	    Some efficiency tweaks to the cache code for very large
+	    /etc/hosts files. Should improve reverse (address->name)
+	    lookups and garbage collection. Thanks to Jan 'RedBully'
+	    Seiffert for input on this.
+
+	    Fix regression in 2.36 which made bogus-nxdomain
+	    and DNS caching unreliable. Thanks to Dennis DeDonatis
+	    and Jan Seiffert for bug reports.
+
+	    Make DHCP encapsulated vendor-class	options sane. Be
+	    warned that some conceivable existing configurations 
+	    using these may break, but they work in a much 
+	    simpler and more logical way now. Prepending
+	    "vendor:<client-id>" to an option encapsulates it 
+	    in option 43, and the option is sent only if the 
+	    client-supplied vendor-class substring-matches with 
+	    the given client-id. Thanks to Dennis DeDonatis for 
+	    help with this.
+
+	    Apply patch from Jan Seiffert to tidy up tftp.c
+
+	    Add support for overloading the filename and servername 
+	    fields in DHCP packet. This gives extra option-space when
+	    these fields are not being used or with a modern client
+	    which supports moving them into options.
+
+	    Added a LIMITS section to the man-page, with guidance on
+	    maximum numbers of clients, file sizes and tuning.
+
+release 2.38
+	    Fix compilation on *BSD. Thanks to Tom Hensel.
+
+	    Don't send length zero DHCP option 43 and cope with 
+	    encapsulated options whose total length exceeds 255 octets
+	    by splitting them into multiple option 43 pieces.
+
+	    Avoid queries being retried forever when --strict-order is
+	    set and an upstream server returns a SERVFAIL
+	    error. Thanks to Johannes Stezenbach for spotting this.
+
+	    Fix BOOTP support, broken in version 2.37.
+
+	    Add example dhcp-options for Etherboot.
+
+	    Add \e (for ASCII ESCape) to the set of valid escapes
+	    in config-file strings.
+
+	    Added --dhcp-option-force flag and examples in the
+	    configuration file which use this to control PXELinux.
+
+	    Added --tftp-no-blocksize option.
+
+	    Set netid tag "bootp" when BOOTP (rather than DHCP) is in
+	    use. This makes it easy to customise which options are
+	    sent to BOOTP clients. (BOOTP allows only 64 octets for
+	    options, so it can be necessary to trim things.)
+
+	    Fix rare hang in cache code, a 2.37 regression. This
+	    probably needs an infinite DHCP lease and some bad luck to
+	    trigger. Thanks to Detlef Reichelt for bug reports and testing.
+
+release 2.39
+	    Apply patch from Mike Baker/OpenWRT to ensure that names
+	    like "localhost." in /etc/hosts with trailing period 
+	    are treated as fully-qualified.
+
+	    Tolerate and ignore spaces around commas in the
+	    configuration file in all circumstances. Note that this
+	    may change the meaning of a few existing config files, for
+	    instance
+	    txt-record=mydomain.com, string
+	    would have a leading space in the string before, and now
+	    will not. To get the old behaviour back, use quotes:
+	    txt-record=mydomain.com," string"
+
+	    /a is no longer a valid escape in quoted strings.
+
+	    Added symbolic DHCP option names. Instead of
+	    dhcp-option = 3, 1.2.3.4 
+	    it is now possible to do
+	    dhcp-option = option:router, 1.2.3.4
+	    To see the list of known DHCP options, use the 
+            command "dnsmasq --help dhcp"
+	    Thanks to Luigi Rizzo for a patch and good work on this.
+
+	    Overhauled the log code so that logging can be asynchronous; 
+	    dnsmasq then no longer blocks waiting for the syslog() library
+	    call. This is important on systems where syslog
+	    is being used to log over the network (and therefore doing
+	    DNS lookups) and syslog is using dnsmasq as its DNS
+	    server. Having dnsmasq block awaiting syslog under 
+	    such circumstances can lead to syslog and dnsmasq 
+	    deadlocking. The new behaviour is enabled with a new
+	     --log-async flag, which can also be used to tune the
+	    queue length. Paul Chambers found and diagnosed 
+	    this trap for the unwary. He also did much testing of 
+	    the solution along with Carlos Carvalho.
+
+	    --log-facility can now take a file-name instead of a 
+	    facility name. When this is done, dnsmasq logs to the 
+	    file and not via syslog. (Failures early in startup, 
+	    whilst reading configuration, will still go to syslog, 
+	    and syslog is used as a log-of-last-resort if the file
+	    cannot be written.)
+
+	    Added --log-dhcp flag. Suggestion from Carlos Carvalho.
+
+	    Made BINDIR, MANDIR and LOCALEDIR independently
+	    over-rideable in the makefile. Suggestion from Thomas
+	    Klausner.
+
+	    Added 127.0.0.0/8 and 169.254.0.0/16 to the address
+	    ranges affected by --bogus-priv. Thanks to  Paul 
+	    Chambers for the patch.
+
+	    Fixed failure of TFTP server with --listen-address. Thanks
+	    to William Dinkel for the bug report.
+
+	    Added --dhcp-circuitid and --dhcp-remoteid for RFC3046
+	    relay agent data matching.
+ 
+	    Added --dhcp-subscrid for RFC3993 subscriber-id relay
+	    agent data matching.
+
+	    Correctly garbage-collect connections when upstream
+	    servers go away as a result of DBus transactions.
+
+	    Allow absolute paths for TFTP transfers even when
+	    --tftp-root is set, as long as the path matches the root,
+	    so /var/ftp/myfile is OK with tftp-root=/var/ftp.
+	    Thanks for Thomas Mizzi for the patch.
+
+	    Updated Spanish translation - thanks to Chris Chatham.
+
+	    Updated French translation - thanks to Gildas Le Nadan.
+
+	    Added to example conf file example of routing PTR queries
+	    for a subnet to a different nameserver. Suggestion from
+	    Jon Nicholson.
+
+	    Added --interface-name option. This provides a facility 
+	    to add a domain name with a dynamic IP address taken from
+	    the address of a local network interface. Useful for
+	    networks with dynamic IPs.
+
+version 2.40
+            Make SIGUSR2 close-and-reopen the logfile when logging 
+	    direct to a file. Thanks to Carlos Carvalho for 
+	    suggesting this. When a logfile is created, change
+	    its ownership to the user dnsmasq will run as, don't
+	    leave it owned by root.
+
+	    Set a special tag, "known" for hosts which are matched by
+	    a dhcp-host or /etc/ethers line. This is especially
+	    useful to be able to do --dhcp-ignore=#known, like ISCs
+	    "deny unknown-clients".
+
+	    Explicitly set a umask before creating the leases file,
+	    rather than relying on whatever we inherited. The
+	    permissions	are set to 644.
+
+	    Fix handling of fully-qualified names in --dhcp-host
+	    directives and in /etc/ethers. These are now rejected 
+	    if the domain doesn't match that given by --domain,	  
+	    and used correctly otherwise. Before, putting
+	    a FQDN here could cause the whole FQDN to be used as
+	    hostname. Thanks to Michael Heimpold for the bug report.
+
+	    Massive but trivial edit to make the "daemon" variable 
+	    global, instead of copying the same value around as the
+	    first argument to half the functions in the program.
+	    
+	    Updated Spanish manpage and message catalog. Thanks 
+	    to Chris Chatham.
+	    
+	    Added patch for support of DNS LOC records in
+	    contrib/dns-loc. Thanks to Lorenz Schori.
+
+	    Fixed error in manpage: dhcp-ignore-name ->
+	    dhcp-ignore-names. Thanks to Daniel Mentz for spotting
+	    this.
+
+	    Use client-id as hash-seed for DHCP address allocation
+	    with Firewire and Infiniband, as these don't supply an MAC
+	    address. 
+
+	    Tweaked TFTP file-open code to make it behave sensibly
+	    when the filesystem changes under its feet.
+
+	    Added DNSMASQ_TIME_REMAINING environment variable to the 
+	    lease-script.
+
+	    Always send replies to DHCPINFORM requests to the source
+	    of the request and not to the address in ciaddr. This
+	    allows third-party queries.
+	    
+	    Return "lease time remaining" in the reply to a DHCPINFORM
+	    request if there exists a lease for the host sending the
+	    request.
+
+	    Added --dhcp-hostsfile option. This gives a superset of
+	    the functionality provided by /etc/ethers. Thanks to 
+	    Greg Kurtzer for the suggestion.
+
+	    Accept keyword "server" as a synonym for "nameserver" in 
+	    resolv.conf. Thanks to Andrew Bartlett for the report.
+
+	    Add --tftp-unique-root option. Suggestion from Dermot
+	    Bradley.
+
+	    Tweak TFTP retry timer to avoid problems with difficult
+	    clients. Thanks to Dermot Bradley for assistance with
+	    this. 
+	    
+	    Continue to use unqualified hostnames provided by DHCP
+	    clients, even if the domain part is illegal. (The domain
+	    is	ignored, and an error logged.) Previously in this
+	    situation, the whole name whould have been
+	    rejected. Thanks to Jima for the patch.
+	    
+	    Handle EINTR returns from wait() correctly and reap
+	    our children's children if necessary. This fixes 
+	    a problem with zombie-creation under *BSD when using
+	    --dhcp-script.
+
+	    Escape spaces in hostnames when they are stored in the
+	    leases file and passed to the lease-change
+	    script. Suggestion from Ben Voigt.
+
+	    Re-run the lease chamge script with an "old" event for
+	    each lease when dnsmasq receives a SIGHUP.
+
+	    Added more useful exit codes, including passing on a
+	    non-zero exit code from the lease-script "init" call when
+	    --leasefile-ro is set.
+
+	    Log memory allocation failure whilst the daemon is
+	    running. Allocation failures during startup are fatal, 
+	    but lack of memory whilst running is worked around.
+	    This used to be silent, but now is logged.
+
+	    Fixed misaligned memory access which caused problems on
+	    Blackfin CPUs. Thanks to Alex Landau for the patch.
+
+	    Don't include (useless) script-calling code when NO_FORK
+	    is set. Since this tends to be used on very small uclinux 
+	    systems, it's worth-while to save some code-size.
+
+	    Don't set REUSEADDR on TFTP listening socket. There's no
+	    need to do so, and it creates confusing behaviour when
+	    inetd is also listening on the same port. Thanks to Erik
+	    Brown for spotting the problem.
+
+version 2.41
+            Remove deprecated calls when compiled against libdbus 1.1.
+	    
+	    Fix "strict-alias" warning in bpf.c
+
+	    Reduce dependency on Gnu-make in build system: dnsmasq now
+	    builds with system make under OpenBSD.
+
+	    Port to Solaris. Dnsmasq 1.x used to run under Solaris,
+	    and this release does so again, for Solaris 9 or better.
+
+	    Allow the DNS function to be completely disabled, by
+	    setting the port to zero "--port=0". The allows dnsmasq to
+	    be used as a simple DHCP server, simple TFTP server, or
+	    both, but without the DNS server getting in the way.
+
+	    Fix a bug where NXDOMAIN could be returned for a query
+	    even if the name's value was known for a different query
+	    type. This bug could be prodded with 
+            --local=/domain/ --address=/name.domain/1.2.3.4 
+	    An IPv6 query for name.domain would return NXDOMAIN, and
+	    not the correct NOERROR. Thanks to Lars Nooden for
+	    spotting the bug and Jima for diagnosis of the problem.
+
+	    Added per-server stats to the information logged when
+	    dnsmasq gets SIGUSR1.
+
+	    Added counts of queries forwarded and queries answered
+	    locally (from the cache, /etc/hosts or config).
+
+	    Fixed possible crash bug in DBus IPv6 code. Thanks to Matt
+	    Domsch and Jima.
+
+	    Tighten checks for clashes between hosts-file and
+	    DHCP-derived names. Multiple addresses associated with a
+	    name in hosts-file no longer confuses the check.
+
+	    Add --dhcp-no-override option to fix problems with some
+	    combinations of stage zero and stage one
+	    bootloaders. Thanks to Steve Alexander for the bug report.
+  
+	    Add --tftp-port-range option. Thanks to Daniel Mierswa for
+	    the suggestion.
+ 
+	    Add --stop-dns-rebind option. Thanks to Collin Mulliner
+	    for the patch.
+
+	    Added GPL version 3 as a license option.
+ 
+	    Added --all-servers option. Thanks to Peter Naulls for the
+	    patch.
+
+	    Extend source address mechanism so that the interface used
+	    to contact an upstream DNS server can be nailed
+	    down. Something like "--server=1.2.3.4@eth1" will force
+	    the use of eth1 for traffic to DNS-server 1.2.3.4. This
+	    facility is only available on Linux and Solaris. Thanks to
+	    Peter Naulls for prompting this.	     
+	
+	    Add --dhcp-optsfile option. Thanks to Carlos Carvalho for
+            the suggestion.
+
+	    Fixed failure to set source address for server connections
+	    when using TCP. Thanks to Simon Capper for finding this
+	    bug.
+
+	    Refuse to give a DHCP client the address it asks for if
+	    the address range in question is not available to that
+	    particular host. Thanks to Cedric Duval for the bug
+	    report. 
+
+	    Changed behavior of DHCP server to always return total length of
+	    a new lease in DHCPOFFER, even if an existing lease
+	    exists. (It used to return the time remaining on the lease
+	    whne one existed.) This fixes problems with the Sony Ericsson
+	    K610i phone. Thanks to Hakon Stordahl for finding and
+	    fixing this.
+
+	    Add DNSMASQ_INTERFACE to the environment of the
+	    lease-change script. Thanks to Nikos Mavrogiannopoulos for
+	    the patch.
+
+	    Fixed broken --alias functionality. Thanks to Michael
+	    Meelis for the bug report.
+
+	    Added French translation of the man page. Thank to Gildas
+	    Le Nadan for that.
+
+	    Add --dhcp-match flag, to check for arbitrary options in
+	    DHCP messages from clients. This enables use of dnsmasq
+	    with gPXE. Thanks to Rance Hall for the suggestion.
+
+	    Added --dhcp-broadcast, to force broadcast replies to DHCP
+	    clients which need them but are too dumb or too old to
+	    ask. Thanks to Bodo Bellut for the suggestion.
+
+	    Disable path-MTU discovery on DHCP and TFTP sockets. This
+	    is never needed, and the presence of DF flags in the IP
+	    header confuses some broken PXE ROMS. Thanks again to Bodo
+	    Bellut for spotting this.
+
+	    Fix problems with addresses which have multiple PTR
+	    records - all but one of these could get lost. 
+
+	    Fix bug with --address and ANY query type seeing REFUSED
+	    return code in replies. Thanks to Mike Wright for spotting
+	    the problem.
+
+	    Update Spanish translation. Thanks to Chris Chatham.
+
+	    Add --neg-ttl option.
+	    
+	    Add warnings about the bad effects of --filterwin2k on
+	    SIP, XMPP and Google-talk to the example config file.
+	    
+	    Fix va_list abuse in log.c. This fixes crashes on powerpc
+	    when debug mode is set. Thanks to Cedric Duval for the
+	    patch. 
+
+version 2.42
+            Define _GNU_SOURCE to avoid problems with later glibc
+            headers. Thanks to Jima for spotting the problem.
+
+	    Add --dhcp-alternate-port option. Thanks to Jan Psota for
+	    the suggestion.
+
+	    Fix typo in code which is only used on BSD, when Dbus and
+	    IPv6 support is enabled. Thanks to Roy Marples.
+	    
+	    Updated Polish translations - thank to Jan Psota.
+
+	    Fix OS detection logic to cope with GNU/FreeBSD.
+
+	    Fix unitialised variable in DBus code - thanks to Roy
+	    Marples.
+
+	    Fix network enumeration code to work on later NetBSD -
+	    thanks to Roy Marples.
+	    
+	    Provide --dhcp-bridge on all BSD variants.
+
+	    Define _LARGEFILE_SOURCE which removes an arbitrary 2GB
+            limit on logfiles. Thanks to Paul Chambers for spotting 
+            the problem.
+
+	    Fix RFC3046 agent-id echo code, broken for many
+	    releases. Thanks to Jeremy Laine for spotting the problem
+	    and providing a patch.
+
+	    Added Solaris 10 service manifest from David Connelly in
+	    contrib/Solaris10
+ 	    	     
+	    Add --dhcp-scriptuser option.	    
+
+	    Support new capability interface on suitable Linux 
+	    kernels, removes "legacy support in use" messages. Thanks 
+            to Jorge Bastos for pointing this out. 
+
+	    Fix subtle bug in cache code which could cause dnsmasq to
+	    lock spinning CPU in rare circumstances. Thanks to Alex
+	    Chekholko for bug reports and help debugging. 
+
+	    Support netascii transfer mode for TFTP.
+
+
+version 2.43
+	    Updated Polish translation. Thanks to Jan Psota.
+
+	    Flag errors when configuration options are repeated
+	    illegally.
+
+	    Further tweaks for GNU/kFreeBSD
+
+	    Add --no-wrap to msgmerge call - provides nicer .po file
+	    format.
+
+	    Honour lease-time spec in dhcp-host lines even for
+	    BOOTP. The user is assumed to known what they are doing in
+	    this case. (Hosts without the time spec still get infinite
+	    leases for BOOTP, over-riding the default in the
+	    dhcp-range.) Thanks to Peter Katzmann for uncovering this.
+
+	    Fix problem matching relay-agent ids. Thanks to Michael
+	    Rack for the bug report.
+
+	    Add --naptr-record option. Suggestion from Johan
+	    Bergquist.
+
+	    Implement RFC 5107 server-id-override DHCP relay agent
+	    option.
+
+	    Apply patches from Stefan Kruger for compilation on
+	    Solaris 10 under Sun studio.
+
+	    Yet more tweaking of Linux capability code, to suppress
+	    pointless wingeing from kernel 2.6.25 and above.
+
+	    Improve error checking during startup. Previously, some
+	    errors which occurred during startup would be worked
+	    around, with dnsmasq still starting up. Some were logged,
+            some silent. Now, they all cause a fatal error and dnsmasq 
+            terminates with a non-zero exit code. The errors are those
+            associated with changing uid and gid, setting process 
+            capabilities and writing the pidfile. Thanks to Uwe
+	    Gansert and the Suse security team for pointing out 
+	    this improvement, and Bill Reimers for good implementation
+	    suggestions.
+
+	    Provide NO_LARGEFILE compile option to switch off largefile
+	    support when compiling against versions of uclibc which
+	    don't support it. Thanks to Stephane Billiart for the patch.
+  
+            Implement random source ports for interactions with
+            upstream nameservers. New spoofing attacks have been found
+            against nameservers which do not do this, though it is not
+            clear if dnsmasq is vulnerable, since to doesn't implement
+            recursion. By default dnsmasq will now use a different
+            source port (and socket) for each query it sends
+            upstream. This behaviour can suppressed using the
+            --query-port option, and the old default behaviour
+            restored using --query-port=0. Explicit source-port
+            specifications in --server configs are still honoured.
+
+	    Replace the random number generator, for better
+	    security. On most BSD systems, dnsmasq uses the
+	    arc4random() RNG, which is secure, but on other platforms,
+	    it relied on the C-library RNG, which may be
+	    guessable and therefore allow spoofing. This release
+	    replaces the libc RNG with the SURF RNG, from Daniel
+	    J. Berstein's DJBDNS package.  
+
+	    Don't attempt to change user or group or set capabilities
+	    if dnsmasq is run as a non-root user. Without this, the
+	    change from soft to hard errors when these fail causes
+	    problems for non-root daemons listening on high
+	    ports. Thanks to Patrick McLean for spotting this.
+
+	    Updated French translation. Thanks to Gildas Le Nadan.
+
+version 2.44
+            Fix  crash when unknown client attempts to renew a DHCP
+            lease, problem introduced in version 2.43. Thanks to
+            Carlos Carvalho for help chasing this down.
+
+	    Fix potential crash when a host which doesn't have a lease
+	    does DHCPINFORM. Again introduced in 2.43. This bug has
+	    never been reported in the wild.
+
+            Fix crash in netlink code introduced in 2.43. Thanks to
+            Jean Wolter for finding this.
+
+	    Change implementation of min_port to work even if min-port
+	    as large.
+
+	    Patch to enable compilation of latest Mac OS X. Thanks to
+	    David Gilman.
+
+	    Update Spanish translation. Thanks to Christopher Chatham.
+
+version 2.45
+            Fix total DNS failure in release 2.43 unless --min-port 
+            specified. Thanks to Steven Barth and Grant Coady for
+            bugreport. Also reject out-of-range port spec, which could
+            break things too: suggestion from Gilles Espinasse.
+
+ 

COPYING-v3

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.

FAQ

@@ -1,7 +1,7 @@
 Q: Why does dnsmasq open UDP ports >1024 as well as port 53.
    Is this a security problem/trojan/backdoor?
 
-A: The high ports that dnsmasq opens is for replies from the upstream
+A: The high ports that dnsmasq opens are for replies from the upstream
    nameserver(s). Queries from dnsmasq to upstream nameservers are sent
    from these ports and replies received to them. The reason for doing this is
    that most firewall setups block incoming packets _to_ port 53, in order
@@ -39,16 +39,17 @@ A: They are negative entries: that's what the N flag means. Dnsmasq asked
 
 Q: Will dnsmasq compile/run on non-Linux systems?
 
-A: Yes, there is explicit support for *BSD and MacOS X. There are
-   start-up scripts for MacOS X Tiger and Panther in /contrib. Earlier
-   dnsmasq releases ran under Solaris, but that capability has
-   probably rotted. Dnsmasq will link with uclibc to provide small
+A: Yes, there is explicit support for *BSD and MacOS X and Solaris. 
+   There are start-up scripts for MacOS X Tiger and Panther 
+   in /contrib. Dnsmasq will link with uclibc to provide small
    binaries suitable for use in embedded systems such as
    routers. (There's special code to support machines with flash
    filesystems and no battery-backed RTC.)
+   If you encounter make errors with *BSD, try installing gmake from
+   ports and building dnsmasq with "make MAKE=gmake" 
    For other systems, try altering the settings in config.h.
  
-Q: My companies' nameserver knows about some names which aren't in the
+Q: My company's nameserver knows about some names which aren't in the
    public DNS. Even though I put it first in /etc/resolv.conf, it
    dosen't work: dnsmasq seems not to use the nameservers in the order
    given. What am I doing wrong?
@@ -225,7 +226,7 @@ A: What is happening is this: The boot process sends a DHCP
 Q: What network types are supported by the DHCP server?
   
 A: Ethernet (and 802.11 wireless) are supported on all platforms. On
-   Linux Token Ring is also supported.
+   Linux all network types (including FireWire) are supported.
 
 Q: What is this strange "bind-interface" option?
 
@@ -309,7 +310,7 @@ A: Because when a Gentoo box shuts down, it releases its lease with
 
 Q: My laptop has two network interfaces, a wired one and a wireless
    one. I never use both interfaces at the same time, and I'd like the
-   same IP and configuration to be used irrespcetive of which
+   same IP and configuration to be used irrespective of which
    interface is in use. How can I do that?
 
 A: By default, the identity of a machine is determined by using the
@@ -369,8 +370,79 @@ A: Yes, dynmaically allocated IP addresses are checked by sending an
    other DHCP requests during this time. To avoid dropping requests,
    the address probe may be skipped when dnsmasq is under heavy load.
 
+
+Q: I'm using dnsmasq on a machine with the Firestarter firewall, and
+   DHCP doesn't work. What's the problem?
+
+A: This a variant on the iptables problem. Explicit details on how to
+   proceed can be found at 
+   http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2005q3/000431.html
+ 
+
+Q: I'm using dnsmasq on a machine with the shorewall firewall, and
+   DHCP doesn't work. What's the problem?
+
+A: This a variant on the iptables problem. Explicit details on how to
+   proceed can be found at 
+   http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2007q4/001764.html
+
+
+Q: Dnsmasq fails to start up with a message about capabilities.
+   Why did that happen and what can do to fix it?
+
+A: Change your kernel configuration: either deselect CONFIG_SECURITY
+   _or_ select CONFIG_SECURITY_CAPABILITIES. Alternatively, you can 
+   remove the need to set capabilities by running dnsmasq as root.
+
+Q: Where can I get .rpms Suitable for Suse?
+
+A: Dnsmasq is in Suse itself, and the latest releases are also
+   available at ftp://ftp.suse.com/pub/people/ug/
+
+
+Q: Can I run dnsmasq in a Linux vserver?
+
+A: Yes, as a DNS server, dnsmasq will just work in a vserver.
+   To use dnsmasq's DHCP function you need to give the vserver
+   extra system capabilities. Please note that doing so will lesser 
+   the overall security of your system. The capabilities 
+   required are NET_ADMIN and NET_RAW. NET_ADMIN is essential, NET_RAW
+   is required to do an ICMP "ping" check on newly allocated
+   addresses. If you don't need this check, you can disable it with
+   --no-ping and omit the NET_RAW capability. 
+   Adding the capabilities is done by adding them, one per line, to
+   either /etc/vservers/<vservername>/ccapabilities for a 2.4 kernel or
+   /etc/vservers/<vservername>/bcapabilities for a 2.6 kernel (please
+   refer to the vserver documentation for more information).
+
+
+Q: What's the problem with syslog and dnsmasq?
+
+A: In almost all cases: none. If you have the normal arrangement with
+   local daemons logging to a local syslog, which then writes to disk,
+   then there's never a problem. If you use network logging, then
+   there's a potential problem with deadlock: the syslog daemon will
+   do DNS lookups so that it can log the source of log messages,
+   these lookups will (depending on exact configuration) go through
+   dnsmasq, which also sends log messages. With bad timing, you can 
+   arrive at a situation where syslog is waiting for dnsmasq, and
+   dnsmasq is waiting for syslog; they will both wait forever. This
+   problem is fixed from dnsmasq-2.39, which introduces asynchronous
+   logging: dnsmasq no longer waits for syslog and the deadlock is
+   broken. There is a remaining problem in 2.39, where "log-queries"
+   is in use. In this case most DNS queries generate two log lines, if
+   these go to a syslog which is doing a DNS lookup for each log line,
+   then those queries will in turn generate two more log lines, and a 
+   chain reaction runaway will occur. To avoid this, use syslog-ng
+   and turn on syslog-ng's dns-cache function.
+
+
+
+
+
+
+
  
-  
 
 
 

Makefile

@@ -1,4 +1,19 @@
-PREFIX?=/usr/local
+# dnsmasq is Copyright (c) 2000-2007 Simon Kelley
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; version 2 dated June, 1991, or
+#  (at your option) version 3 dated 29 June, 2007.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#    
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+PREFIX = /usr/local
 BINDIR = ${PREFIX}/sbin
 MANDIR = ${PREFIX}/share/man
 LOCALEDIR = ${PREFIX}/share/locale
@@ -7,26 +22,49 @@ SRC = src
 PO = po
 MAN = man
 
-CFLAGS?= -O2
+PKG_CONFIG = pkg-config
+AWK = nawk
+INSTALL = install
 
-all : 
-	$(MAKE) I18N=-DNO_GETTEXT -f ../bld/Makefile -C $(SRC) dnsmasq 
+DBUS_MINOR=" `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --modversion dbus-1 | $(AWK) -F . -- '{ if ($$(NF-1)) print \"-DDBUS_MINOR=\"$$(NF-1) }'`" 
+DBUS_CFLAGS="`echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --cflags dbus-1`" 
+DBUS_LIBS="  `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --libs dbus-1`" 
+SUNOS_VER="  `if uname | grep SunOS 2>&1 >/dev/null; then uname -r | $(AWK) -F . -- '{ print \"-DSUNOS_VER=\"$$2 }'; fi`"
+SUNOS_LIBS=" `if uname | grep SunOS 2>&1 >/dev/null; then echo -lsocket -lnsl -lposix4; fi `"
+
+all :   dnsmasq
+
+dnsmasq :
+	cd $(SRC) && $(MAKE) \
+ DBUS_MINOR=$(DBUS_MINOR) \
+ DBUS_CFLAGS=$(DBUS_CFLAGS) \
+ DBUS_LIBS=$(DBUS_LIBS) \
+ SUNOS_LIBS=$(SUNOS_LIBS) \
+ SUNOS_VER=$(SUNOS_VER) \
+ -f ../bld/Makefile dnsmasq 
 
 clean :
 	rm -f *~ $(SRC)/*.mo contrib/*/*~ */*~ $(SRC)/*.pot 
-	rm -f $(SRC)/*.o $(SRC)/dnsmasq core */core
+	rm -f $(SRC)/*.o $(SRC)/dnsmasq.a $(SRC)/dnsmasq core */core
 
 install : all install-common
 
 install-common :
-	install -d $(DESTDIR)$(BINDIR) -d $(DESTDIR)$(MANDIR)/man8
-	install -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 
-	install -m 755 $(SRC)/dnsmasq $(DESTDIR)$(BINDIR)
+	$(INSTALL) -d $(DESTDIR)$(BINDIR) -d $(DESTDIR)$(MANDIR)/man8
+	$(INSTALL) -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 
+	$(INSTALL) -m 755 $(SRC)/dnsmasq $(DESTDIR)$(BINDIR)
 
 all-i18n :
-	$(MAKE) I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' -f ../bld/Makefile -C $(SRC) dnsmasq
+	cd $(SRC) && $(MAKE) \
+ I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' \
+ DBUS_MINOR=$(DBUS_MINOR) \
+ DBUS_CFLAGS=$(DBUS_CFLAGS) \
+ DBUS_LIBS=$(DBUS_LIBS) \
+ SUNOS_LIBS=$(SUNOS_LIBS) \
+ SUNOS_VER=$(SUNOS_VER) \
+ -f ../bld/Makefile dnsmasq 
 	cd $(PO); for f in *.po; do \
-		$(MAKE) -f ../bld/Makefile -C ../$(SRC) $${f/.po/.mo}; \
+		cd ../$(SRC) && $(MAKE) -f ../bld/Makefile $${f%.po}.mo; \
 	done
 
 install-i18n : all-i18n install-common
@@ -36,7 +74,7 @@ install-i18n : all-i18n install-common
 merge :
 	$(MAKE) I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' -f ../bld/Makefile -C $(SRC) dnsmasq.pot
 	cd $(PO); for f in *.po; do \
-		msgmerge -U $$f ../$(SRC)/dnsmasq.pot; \
+		msgmerge --no-wrap -U $$f ../$(SRC)/dnsmasq.pot; \
 	done
 
 

UPGRADING_to_2.0

@@ -1,68 +0,0 @@
-
-
-	Upgrading to dnsmasq V2
-        -----------------------
-
-Version 1.x of dnsmasq includes a facility for reading the dhcp.leases
-file written by ISC dhcpd. This allows the names of machines which
-have addresses allocated by DHCP to be included in the DNS.
-
-Version 2.x of dnsmasq replaces the ISC dhcpd integration with a DHCP 
-server integrated into dnsmasq. Versions 2.0-2.5 removed the ISC 
-integration completely, but in version 2.6 it was re-enabled for 
-backwards compatibility purposes. The change to an integrated DHCP 
-server has the following advantages:
-
-* Small. ISC dhcpd is a large and comprehensive DHCP solution. The
-  dnsmasq DHCP server adds about 15k to DNS-only dnsmasq and provides
-  all the facilities likely to be needed in the sort of networks
-  which are targeted by dnsmasq.
-
-* Easy to configure. All configuration is in one file and there are
-  sensible defaults for common settings. Many applications will need
-  just one extra line in /etc/dnsmasq.conf which tells it the range of
-  addresses to allocate to DHCP.
-
-* Support for static leases. When static leases are used with ISC DHCP
-  they don't appear in the dhcp.leases file (since that file is used
-  for storage of dynamic leases which aren't pre-configured.) Hence
-  static leases cannot be used with dnsmasq unless each machine with a
-  static lease is also inserted into /etc/hosts. This is not required
-  with the dnsmasq DHCP server.
-
-
-       DHCP configuration
-       ------------------
-
-To convert an installation which is currently using ISC dhcpd, remove
-the ISC DHCP daemon. Unless you want dnsmasq to use the same file
-to store its leases it is necessary to remove the configuration line in
-/etc/dnsmasq.conf which specifies the dhcp.leases file.
-
-To enable DHCP, simply add a line like this to /etc/dnsmasq.conf
-
-dhcp-range=192.168.0.100,192.168.0.200,12h
-
-which tells dnsmasq to us the addresses 192.168.0.100 to 192.168.0.200
-for dynamic IP addresses, and to issue twelve hour leases.
-
-Each host will have its default route and DNS server set to be the
-address of the host running dnsmasq, and its netmask and broadcast 
-address set correctly, so nothing else at all is required for a
-minimal system. Hosts which include a hostname in their DHCP request 
-will have that name and their allocated address inserted into the DNS,
-in the same way as before.
-
-Having started dnsmasq, tell any hosts on the network to renew their
-DHCP lease, so that dnsmasq's  DHCP server becomes aware of them. For
-Linux, this is best done by killing-and-restarting the DHCP client
-daemon or taking the network interface down and then back up. For 
-Windows 9x/Me, use the graphical tool "winipcfg". For Windows
-NT/2000/XP, use the command-line "ipconfig /renew"
-
-For more complex DHCP configuration, refer to the doc/setup.html, the
-dnsmasq manpage and the annotated example configuration file. Also
-note that for some ISC dhcpd to dnsmasq DHCP upgrades there may be
-firewall issues: see the FAQ for details of this.
-
-

bld/Makefile

@@ -1,19 +1,15 @@
-# Uncomment this on Solaris.
-#LIBS = -lsocket -lnsl
-
-CFLAGS ?= -O2
-PKG_CONFIG ?= pkg-config
-
+CFLAGS = -Wall -W -O2
 
 OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o network.o \
-       dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o
+       dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+       helper.o tftp.o log.o
 
 .c.o:
-	$(CC) $(CFLAGS) $(I18N) `../bld/pkg-wrapper $(PKG_CONFIG) --cflags dbus-1` $(RPM_OPT_FLAGS) -Wall -W -c $<
+	$(CC) $(CFLAGS) $(COPTS) $(DBUS_MINOR) $(I18N) $(DBUS_CFLAGS) $(SUNOS_VER) $(RPM_OPT_FLAGS) -c $<
 
 dnsmasq : $(OBJS)
-	$(CC) -o $@  $(OBJS) `../bld/pkg-wrapper $(PKG_CONFIG) --libs dbus-1` $(LIBS) 
-
+	$(CC) $(LDFLAGS) -o $@  $(OBJS) $(DBUS_LIBS) $(SUNOS_LIBS) $(LIBS) 
+ 
 dnsmasq.pot : $(OBJS:.o=.c) dnsmasq.h config.h
 	xgettext -d dnsmasq --foreign-user --keyword=_ -o dnsmasq.pot -i $(OBJS:.o=.c)
 

bld/install-man

@@ -2,7 +2,7 @@
 
 for f in *; do
   if [ -d $f ]; then
-     install -d $1/$f/man8 
+     install -m 755 -d $1/$f/man8 
      install -m 644 $f/dnsmasq.8 $1/$f/man8
      echo installing $1/$f/man8/dnsmasq.8
   fi

bld/install-mo

@@ -1,9 +1,9 @@
 #!/bin/sh
 
 for f in *.mo; do
-  install -d $1/${f/.mo/}/LC_MESSAGES
-  install -m 644 $f $1/${f/.mo/}/LC_MESSAGES/dnsmasq.mo
-  echo installing $1/${f/.mo/}/LC_MESSAGES/dnsmasq.mo
+  install -m 755 -d $1/${f%.mo}/LC_MESSAGES
+  install -m 644 $f $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
+  echo installing $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
 done
 
 

bld/pkg-wrapper

@@ -1,6 +1,7 @@
 #!/bin/sh
 
-if grep -q "^\#.*define.*HAVE_DBUS" config.h ; then
+if grep "^\#.*define.*HAVE_DBUS" config.h 2>&1 >/dev/null || \
+   grep HAVE_DBUS 2>&1 >/dev/null ; then
   exec $*
 fi
 

contrib/Solaris10/README

@@ -0,0 +1,28 @@
+From: David Connelly <dconnelly@gmail.com>
+Date: Mon, Apr 7, 2008 at 3:31 AM
+Subject: Solaris 10 service manifest
+To: dnsmasq-discuss@lists.thekelleys.org.uk
+
+
+I've found dnsmasq much easier to set up on my home server running Solaris
+10 than the stock dhcp/dns server, which is probably overkill anyway for my
+simple home network needs. Since Solaris now uses SMF (Service Management
+Facility) to manage services I thought I'd create a simple service manifest
+for the dnsmasq service. The manifest currently assumes that dnsmasq has
+been installed in '/usr/local/sbin/dnsmasq' and the configuration file in
+'/usr/local/etc/dnsmasq.conf', so you may have to adjust these paths for
+your local installation. Here are the steps I followed to install and enable
+the dnsmasq service:
+  # svccfg import dnsmasq.xml
+  # svcadm enable dnsmasq
+
+To confirm that the service is enabled and online:
+
+  # svcs -l dnsmasq
+
+I've just started learning about SMF so if anyone has any
+corrections/feedback they are more than welcome.
+
+Thanks,
+David
+

contrib/Solaris10/dnsmasq.xml

@@ -0,0 +1,65 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+
+<!-- Service manifest for dnsmasq -->
+
+<service_bundle type='manifest' name='dnsmasq'>
+  <service name='network/dnsmasq' type='service' version='1'>
+
+    <create_default_instance enabled='false'/>
+    <single_instance/>
+
+    <dependency name='multi-user'
+                grouping='require_all'
+                restart_on='refresh'
+                type='service'>
+      <service_fmri value='svc:/milestone/multi-user'/>
+    </dependency>
+
+    <dependency name='config'
+		grouping='require_all'
+		restart_on='restart'
+		type='path'>
+      <service_fmri value='file:///usr/local/etc/dnsmasq.conf'/>
+    </dependency>
+
+    <dependent name='dnsmasq_multi-user-server'
+               grouping='optional_all'
+               restart_on='none'>
+      <service_fmri value='svc:/milestone/multi-user-server' />
+    </dependent>
+
+    <exec_method type='method' name='start'
+                 exec='/usr/local/sbin/dnsmasq -C /usr/local/etc/dnsmasq.conf'
+                 timeout_seconds='60' >
+      <method_context>
+        <method_credential user='root' group='root' privileges='all'/>
+      </method_context>
+    </exec_method>
+
+    <exec_method type='method'
+                 name='stop'
+                 exec=':kill'
+                 timeout_seconds='60'/>
+
+    <exec_method type='method'
+                 name='refresh'
+                 exec=':kill -HUP'
+                 timeout_seconds='60' />
+
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>dnsmasq server</loctext>
+      </common_name>
+      <description>
+        <loctext xml:lang='C'>
+dnsmasq - A lightweight DHCP and caching DNS server.
+        </loctext>
+      </description>
+      <documentation>
+        <manpage title='dnsmasq' section='8' manpath='/usr/local/man'/>
+      </documentation>
+    </template>
+
+  </service>
+</service_bundle>

contrib/Suse/README

@@ -0,0 +1,6 @@
+This packaging is now unmaintained in the dnsmasq source: dnsmasq is
+included in Suse proper, and up-to-date packages are now available
+from 
+
+ftp://ftp.suse.com/pub/people/ug/
+

contrib/Suse/dnsmasq-SuSE.patch

@@ -17,16 +17,7 @@
  #define CHUSER "nobody"
 -#define CHGRP "dip"
 +#define CHGRP "dialout"
- #define IP6INTERFACES "/proc/net/if_inet6"
- #define UPTIME "/proc/uptime"
  #define DHCP_SERVER_PORT 67
-@@ -195,8 +195,8 @@
+ #define DHCP_CLIENT_PORT 68
  
- /* platform independent options. */
- #undef HAVE_BROKEN_RTC
--#define HAVE_ISC_READER
-+#undef HAVE_ISC_READER
- #undef HAVE_DBUS
- 
- #if defined(HAVE_BROKEN_RTC) && defined(HAVE_ISC_READER)
- #  error HAVE_ISC_READER is not compatible with HAVE_BROKEN_RTC
+

contrib/Suse/dnsmasq-suse.spec

@@ -5,7 +5,7 @@
 ###############################################################################
 
 Name: dnsmasq
-Version: 2.26
+Version: 2.33
 Release: 1
 Copyright: GPL
 Group: Productivity/Networking/DNS/Servers
@@ -106,6 +106,6 @@ rm -rf $RPM_BUILD_ROOT
 /usr/sbin/dnsmasq
 /usr/share/locale/*/LC_MESSAGES/*
 %doc %{_mandir}/man8/dnsmasq.8.gz
-
+%doc %{_mandir}/*/man8/dnsmasq.8.gz
 
 

contrib/dns-loc/README

@@ -0,0 +1,12 @@
+Hi Simon
+
+Here is a patch against dnsmasq 2.39 which provides support for LOC  
+entries in order to assign location information to dns records  
+(rfc1876). I tested it on OSX and on OpenWRT.
+
+Cheers
+Lorenz
+
+More info:
+http://www.ckdhr.com/dns-loc/
+http://www.faqs.org/rfcs/rfc1876.html

contrib/dns-loc/dnsmasq2-loc-rfc1876.patch

@@ -0,0 +1,522 @@
+diff -Nur dnsmasq-2.39-orig/bld/Makefile dnsmasq-2.39/bld/Makefile
+--- dnsmasq-2.39-orig/bld/Makefile	2007-02-17 14:37:06.000000000 +0100
++++ dnsmasq-2.39/bld/Makefile	2007-05-20 18:23:44.000000000 +0200
+@@ -2,7 +2,7 @@
+ PKG_CONFIG ?= pkg-config
+ 
+ 
+-OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o network.o \
++OBJS = cache.o rfc1035.o rfc1876.o util.o option.o forward.o isc.o network.o \
+        dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+        helper.o tftp.o log.o
+ 
+diff -Nur dnsmasq-2.39-orig/src/dnsmasq.h dnsmasq-2.39/src/dnsmasq.h
+--- dnsmasq-2.39-orig/src/dnsmasq.h	2007-04-20 12:53:38.000000000 +0200
++++ dnsmasq-2.39/src/dnsmasq.h	2007-05-20 19:50:37.000000000 +0200
+@@ -162,6 +162,12 @@
+   struct interface_name *next;
+ };
+ 
++struct loc_record {
++  char *name, loc[16];
++  unsigned short class;
++  struct loc_record *next;
++};
++
+ union bigname {
+   char name[MAXDNAME];
+   union bigname *next; /* freelist */
+@@ -476,6 +482,7 @@
+   struct mx_srv_record *mxnames;
+   struct txt_record *txt;
+   struct ptr_record *ptr;
++	struct loc_record *loc;
+   struct interface_name *int_names;
+   char *mxtarget;
+   char *lease_file; 
+@@ -725,3 +732,6 @@
+ void tftp_request(struct listener *listen, struct daemon *daemon, time_t now);
+ void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now);
+ #endif
++
++/* rfc1876 */
++u_int32_t loc_aton(const char *ascii, u_char *binary);
+diff -Nur dnsmasq-2.39-orig/src/option.c dnsmasq-2.39/src/option.c
+--- dnsmasq-2.39-orig/src/option.c	2007-04-19 23:34:49.000000000 +0200
++++ dnsmasq-2.39/src/option.c	2007-05-20 20:15:15.000000000 +0200
+@@ -43,6 +43,7 @@
+ #define LOPT_REMOTE    269
+ #define LOPT_SUBSCR    270
+ #define LOPT_INTNAME   271
++#define LOPT_LOC       272
+ 
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =  
+@@ -122,6 +123,7 @@
+     {"tftp-root", 1, 0, LOPT_PREFIX },
+     {"tftp-max", 1, 0, LOPT_TFTP_MAX },
+     {"ptr-record", 1, 0, LOPT_PTR },
++    {"loc-record", 1, 0, LOPT_LOC },
+ #if defined(__FreeBSD__) || defined(__DragonFly__)
+     {"bridge-interface", 1, 0 , LOPT_BRIDGE },
+ #endif
+@@ -235,6 +237,7 @@
+   { "-y, --localise-queries", gettext_noop("Answer DNS queries based on the interface a query was sent to."), NULL },
+   { "-Y  --txt-record=name,txt....", gettext_noop("Specify TXT DNS record."), NULL },
+   { "    --ptr-record=name,target", gettext_noop("Specify PTR DNS record."), NULL },
++  { "    --loc-record=name,lat lon alt", gettext_noop("Specify LOC DNS record."), NULL },
+   { "    --interface-name=name,interface", gettext_noop("Give DNS name to IPv4 address of interface."), NULL },
+   { "-z, --bind-interfaces", gettext_noop("Bind only to interfaces in use."), NULL },
+   { "-Z, --read-ethers", gettext_noop("Read DHCP static host information from %s."), ETHERSFILE },
+@@ -1835,6 +1838,37 @@
+ 	new->intr = safe_string_alloc(comma);
+ 	break;
+       }
++      
++    case LOPT_LOC:
++      {
++	struct loc_record *new;
++	unsigned char *p, *q;
++	
++	comma = split(arg);
++	
++	if (!canonicalise_opt(arg))
++	  {
++	    option = '?';
++	    problem = _("bad LOC record");
++	    break;
++	  }
++	
++	new = safe_malloc(sizeof(struct loc_record));
++	new->next = daemon->loc;
++	daemon->loc = new;
++	new->class = C_IN;
++	if (!comma || loc_aton(comma,new->loc)!=16)
++	  {
++	    option = '?';
++	    problem = _("bad LOC record");
++	    break;
++	  }
++
++	if (comma)
++	  *comma = 0;
++	new->name = safe_string_alloc(arg);
++	break;
++      }
+ 
+     case LOPT_PTR:  /* --ptr-record */
+       {
+diff -Nur dnsmasq-2.39-orig/src/rfc1035.c dnsmasq-2.39/src/rfc1035.c
+--- dnsmasq-2.39-orig/src/rfc1035.c	2007-04-20 12:54:26.000000000 +0200
++++ dnsmasq-2.39/src/rfc1035.c	2007-05-20 18:22:46.000000000 +0200
+@@ -1112,6 +1112,27 @@
+ 	    }
+ 	}
+ 
++      if (qtype == T_LOC || qtype == T_ANY)
++	{
++	  struct loc_record *t;
++	  for(t = daemon->loc; t ; t = t->next)
++	    {
++	      if (t->class == qclass && hostname_isequal(name, t->name))
++		{
++		  ans = 1;
++		  if (!dryrun)
++		    {
++		      log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, 0, NULL, 0);
++		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
++					      daemon->local_ttl, NULL,
++					      T_LOC, t->class, "t", 16, t->loc))
++			anscount++;
++
++		    }
++		}
++	    }
++	}
++
+       if (qclass == C_IN)
+ 	{
+ 	  if (qtype == T_PTR || qtype == T_ANY)
+diff -Nur dnsmasq-2.39-orig/src/rfc1876.c dnsmasq-2.39/src/rfc1876.c
+--- dnsmasq-2.39-orig/src/rfc1876.c	1970-01-01 01:00:00.000000000 +0100
++++ dnsmasq-2.39/src/rfc1876.c	2007-05-20 19:50:10.000000000 +0200
+@@ -0,0 +1,379 @@
++/*
++ * routines to convert between on-the-wire RR format and zone file
++ * format.  Does not contain conversion to/from decimal degrees;
++ * divide or multiply by 60*60*1000 for that.
++ */
++
++#include "dnsmasq.h"
++
++static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000,
++                                 1000000,10000000,100000000,1000000000};
++
++/* takes an XeY precision/size value, returns a string representation.*/
++static const char *
++precsize_ntoa(u_int8_t prec)
++{
++        static char retbuf[sizeof("90000000.00")];
++        unsigned long val;
++        int mantissa, exponent;
++
++        mantissa = (int)((prec >> 4) & 0x0f) % 10;
++        exponent = (int)((prec >> 0) & 0x0f) % 10;
++
++        val = mantissa * poweroften[exponent];
++
++        (void) sprintf(retbuf,"%d.%.2d", val/100, val%100);
++        return (retbuf);
++}
++
++/* converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer.*/
++static u_int8_t
++precsize_aton(char **strptr)
++{
++        unsigned int mval = 0, cmval = 0;
++        u_int8_t retval = 0;
++        register char *cp;
++        register int exponent;
++        register int mantissa;
++
++        cp = *strptr;
++
++        while (isdigit(*cp))
++                mval = mval * 10 + (*cp++ - '0');
++
++        if (*cp == '.') {               /* centimeters */
++                cp++;
++                if (isdigit(*cp)) {
++                        cmval = (*cp++ - '0') * 10;
++                        if (isdigit(*cp)) {
++                                cmval += (*cp++ - '0');
++                        }
++                }
++        }
++        cmval = (mval * 100) + cmval;
++
++        for (exponent = 0; exponent < 9; exponent++)
++                if (cmval < poweroften[exponent+1])
++                        break;
++
++        mantissa = cmval / poweroften[exponent];
++        if (mantissa > 9)
++                mantissa = 9;
++
++        retval = (mantissa << 4) | exponent;
++
++        *strptr = cp;
++
++        return (retval);
++}
++
++/* converts ascii lat/lon to unsigned encoded 32-bit number.
++ *  moves pointer. */
++static u_int32_t
++latlon2ul(char **latlonstrptr,int *which)
++{
++        register char *cp;
++        u_int32_t retval;
++        int deg = 0, min = 0, secs = 0, secsfrac = 0;
++
++        cp = *latlonstrptr;
++
++        while (isdigit(*cp))
++                deg = deg * 10 + (*cp++ - '0');
++
++        while (isspace(*cp))
++                cp++;
++
++        if (!(isdigit(*cp)))
++                goto fndhemi;
++
++        while (isdigit(*cp))
++                min = min * 10 + (*cp++ - '0');
++        while (isspace(*cp))
++                cp++;
++
++        if (!(isdigit(*cp)))
++                goto fndhemi;
++
++        while (isdigit(*cp))
++                secs = secs * 10 + (*cp++ - '0');
++
++        if (*cp == '.') {               /* decimal seconds */
++                cp++;
++                if (isdigit(*cp)) {
++                        secsfrac = (*cp++ - '0') * 100;
++                        if (isdigit(*cp)) {
++                                secsfrac += (*cp++ - '0') * 10;
++                                if (isdigit(*cp)) {
++                                        secsfrac += (*cp++ - '0');
++                                }
++                        }
++                }
++        }
++
++        while (!isspace(*cp))   /* if any trailing garbage */
++                cp++;
++
++        while (isspace(*cp))
++                cp++;
++
++ fndhemi:
++        switch (*cp) {
++        case 'N': case 'n':
++        case 'E': case 'e':
++                retval = ((unsigned)1<<31)
++                        + (((((deg * 60) + min) * 60) + secs) * 1000)
++                        + secsfrac;
++                break;
++        case 'S': case 's':
++        case 'W': case 'w':
++                retval = ((unsigned)1<<31)
++                        - (((((deg * 60) + min) * 60) + secs) * 1000)
++                        - secsfrac;
++                break;
++        default:
++                retval = 0;     /* invalid value -- indicates error */
++                break;
++        }
++
++        switch (*cp) {
++        case 'N': case 'n':
++        case 'S': case 's':
++                *which = 1;     /* latitude */
++                break;
++        case 'E': case 'e':
++        case 'W': case 'w':
++                *which = 2;     /* longitude */
++                break;
++        default:
++                *which = 0;     /* error */
++                break;
++        }
++
++        cp++;                   /* skip the hemisphere */
++
++        while (!isspace(*cp))   /* if any trailing garbage */
++                cp++;
++
++        while (isspace(*cp))    /* move to next field */
++                cp++;
++
++        *latlonstrptr = cp;
++
++        return (retval);
++}
++
++/* converts a zone file representation in a string to an RDATA
++ * on-the-wire representation. */
++u_int32_t
++loc_aton(const char *ascii, u_char *binary)
++{
++        const char *cp, *maxcp;
++        u_char *bcp;
++
++        u_int32_t latit = 0, longit = 0, alt = 0;
++        u_int32_t lltemp1 = 0, lltemp2 = 0;
++        int altmeters = 0, altfrac = 0, altsign = 1;
++        u_int8_t hp = 0x16;    /* default = 1e6 cm = 10000.00m = 10km */
++        u_int8_t vp = 0x13;    /* default = 1e3 cm = 10.00m */
++        u_int8_t siz = 0x12;   /* default = 1e2 cm = 1.00m */
++        int which1 = 0, which2 = 0;
++
++        cp = ascii;
++        maxcp = cp + strlen(ascii);
++
++        lltemp1 = latlon2ul(&cp, &which1);
++        lltemp2 = latlon2ul(&cp, &which2);
++
++        switch (which1 + which2) {
++        case 3:                 /* 1 + 2, the only valid combination */
++                if ((which1 == 1) && (which2 == 2)) { /* normal case */
++                        latit = lltemp1;
++                        longit = lltemp2;
++                } else if ((which1 == 2) && (which2 == 1)) {/*reversed*/
++                        longit = lltemp1;
++                        latit = lltemp2;
++                } else {        /* some kind of brokenness */
++                        return 0;
++                }
++                break;
++        default:                /* we didn't get one of each */
++                return 0;
++        }
++
++        /* altitude */
++        if (*cp == '-') {
++                altsign = -1;
++                cp++;
++        }
++
++        if (*cp == '+')
++                cp++;
++
++        while (isdigit(*cp))
++                altmeters = altmeters * 10 + (*cp++ - '0');
++
++        if (*cp == '.') {               /* decimal meters */
++                cp++;
++                if (isdigit(*cp)) {
++                        altfrac = (*cp++ - '0') * 10;
++                        if (isdigit(*cp)) {
++                                altfrac += (*cp++ - '0');
++                        }
++                }
++        }
++
++        alt = (10000000 + (altsign * (altmeters * 100 + altfrac)));
++
++        while (!isspace(*cp) && (cp < maxcp))
++                                           /* if trailing garbage or m */
++                cp++;
++
++        while (isspace(*cp) && (cp < maxcp))
++                cp++;
++        if (cp >= maxcp)
++                goto defaults;
++
++        siz = precsize_aton(&cp);
++
++        while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/
++                cp++;
++
++        while (isspace(*cp) && (cp < maxcp))
++                cp++;
++
++        if (cp >= maxcp)
++                goto defaults;
++
++        hp = precsize_aton(&cp);
++
++        while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/
++                cp++;
++
++        while (isspace(*cp) && (cp < maxcp))
++                cp++;
++
++        if (cp >= maxcp)
++                goto defaults;
++
++        vp = precsize_aton(&cp);
++
++ defaults:
++
++        bcp = binary;
++        *bcp++ = (u_int8_t) 0;  /* version byte */
++        *bcp++ = siz;
++        *bcp++ = hp;
++        *bcp++ = vp;
++        PUTLONG(latit,bcp);
++        PUTLONG(longit,bcp);
++        PUTLONG(alt,bcp);
++
++        return (16);            /* size of RR in octets */
++}
++
++/* takes an on-the-wire LOC RR and prints it in zone file
++ * (human readable) format. */
++char *
++loc_ntoa(const u_char *binary,char *ascii)
++{
++        static char tmpbuf[255*3];
++
++        register char *cp;
++        register const u_char *rcp;
++
++        int latdeg, latmin, latsec, latsecfrac;
++        int longdeg, longmin, longsec, longsecfrac;
++        char northsouth, eastwest;
++        int altmeters, altfrac, altsign;
++
++        const int referencealt = 100000 * 100;
++
++        int32_t latval, longval, altval;
++        u_int32_t templ;
++        u_int8_t sizeval, hpval, vpval, versionval;
++
++        char *sizestr, *hpstr, *vpstr;
++
++        rcp = binary;
++        if (ascii)
++                cp = ascii;
++        else {
++                cp = tmpbuf;
++        }
++
++        versionval = *rcp++;
++
++        if (versionval) {
++                sprintf(cp,"; error: unknown LOC RR version");
++                return (cp);
++        }
++
++        sizeval = *rcp++;
++
++        hpval = *rcp++;
++        vpval = *rcp++;
++
++        GETLONG(templ,rcp);
++        latval = (templ - ((unsigned)1<<31));
++
++        GETLONG(templ,rcp);
++        longval = (templ - ((unsigned)1<<31));
++
++        GETLONG(templ,rcp);
++        if (templ < referencealt) { /* below WGS 84 spheroid */
++                altval = referencealt - templ;
++                altsign = -1;
++        } else {
++                altval = templ - referencealt;
++                altsign = 1;
++        }
++
++        if (latval < 0) {
++                northsouth = 'S';
++                latval = -latval;
++        }
++        else
++                northsouth = 'N';
++
++        latsecfrac = latval % 1000;
++        latval = latval / 1000;
++        latsec = latval % 60;
++        latval = latval / 60;
++        latmin = latval % 60;
++        latval = latval / 60;
++        latdeg = latval;
++
++        if (longval < 0) {
++                eastwest = 'W';
++                longval = -longval;
++        }
++        else
++                eastwest = 'E';
++
++        longsecfrac = longval % 1000;
++        longval = longval / 1000;
++        longsec = longval % 60;
++        longval = longval / 60;
++        longmin = longval % 60;
++        longval = longval / 60;
++        longdeg = longval;
++
++        altfrac = altval % 100;
++        altmeters = (altval / 100) * altsign;
++
++        sizestr = strdup(precsize_ntoa(sizeval));
++        hpstr = strdup(precsize_ntoa(hpval));
++        vpstr = strdup(precsize_ntoa(vpval));
++
++        sprintf(cp,
++                "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %d.%.2dm %sm %sm %sm",
++                latdeg, latmin, latsec, latsecfrac, northsouth,
++                longdeg, longmin, longsec, longsecfrac, eastwest,
++                altmeters, altfrac, sizestr, hpstr, vpstr);
++        free(sizestr);
++        free(hpstr);
++        free(vpstr);
++
++        return (cp);
++}

contrib/port-forward/dnsmasq-portforward

@@ -0,0 +1,68 @@
+#!/bin/bash
+# 
+# /usr/sbin/dnsmasq-portforward
+#
+# A script which gets run when the dnsmasq DHCP lease database changes.
+# It logs to $LOGFILE, if it exists, and maintains port-forwards using
+# IP-tables so that they always point to the correct host. See
+# $PORTSFILE for details on configuring this. dnsmasq must be version 2.34 
+# or later.
+#
+# To enable this script, add 
+#    dhcp-script=/usr/sbin/dnsmasq-portforward
+# to /etc/dnsmasq.conf
+#
+# To enable logging, touch $LOGFILE
+#
+
+PORTSFILE=/etc/portforward
+LOGFILE=/var/log/dhcp.log
+IPTABLES=/sbin/iptables
+
+action=${1:-0}
+hostname=${4}
+
+# log what's going on.
+if [ -f ${LOGFILE} ] ; then
+    date +"%D %T $*" >>${LOGFILE}
+fi
+
+# If a lease gets stripped of a name, we see that as an "old" action
+# with DNSMASQ_OLD_HOSTNAME set, convert it into a "del" 
+if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then
+    action=del
+    hostname=${DNSMASQ_OLD_HOSTNAME}
+fi
+
+# action init is not relevant, and will only be seen when leasefile-ro is set.
+if [ ${action} = init ] ; then
+    exit 0
+fi
+
+if [ ${hostname} ]; then
+    ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE})
+
+    for port in $ports; do
+	verb=removed
+	protocol=tcp
+	if [ ${port:0:1} = u ] ; then
+	    protocol=udp 
+	    port=${port/u/}
+	fi
+	src=${port/:*/}
+	dst=${port/*:/}
+# delete first, to avoid multiple copies of rules.
+	${IPTABLES} -t nat -D PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst
+        if [ ${action} != del ] ; then
+	    ${IPTABLES} -t nat -A PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst
+	    verb=added
+	fi
+	if [ -f ${LOGFILE} ] ; then
+	    echo "     DNAT $protocol $src to ${3}:$dst ${verb}." >>${LOGFILE}
+	fi
+    done
+fi
+    
+exit 0
+
+

contrib/port-forward/portforward

@@ -0,0 +1,28 @@
+# This file is read by /usr/sbin/dnsmasq-portforward and used to set up port 
+# forwarding to hostnames. If the dnsmasq-determined hostname matches the
+# first column of this file, then a DNAT port-forward will be set up 
+# to the address which has just been allocated by DHCP . The second field 
+# is port number(s). If there is only one, then the port-forward goes to 
+# the same port on the DHCP-client, if there are two seperated with a 
+# colon, then the second number is the port to which the connection 
+# is forwarded on the DHCP-client. By default, forwarding is set up 
+# for TCP, but it can done for UDP instead by prefixing the port to "u". 
+# To forward both TCP and UDP, two lines are required. 
+#
+# eg.
+# wwwserver 80
+# will set up a port forward from port 80 on this host to port 80 
+# at the address allocated to wwwserver whenever wwwserver gets a DHCP lease.
+#
+# wwwserver 8080:80
+# will set up a port forward from port 8080 on this host to port 80
+# on the DHCP-client.
+#
+# dnsserver 53
+# dnsserver u53
+# will port forward port 53 UDP and TCP from this host to port 53 on dnsserver.
+#
+# Port forwards will recreated when dnsmasq restarts after a reboot, and
+# removed when DHCP leases expire. After editing this file, send
+# SIGHUP to dnsmasq to install new iptables entries in the kernel.
+

contrib/try-all-ns/README

@@ -0,0 +1,19 @@
+Date: Thu, 07 Dec 2006 00:41:43 -0500
+From: Bob Carroll <bob.carroll@rit.edu>
+Subject: dnsmasq suggestion
+To: simon@thekelleys.org.uk
+
+
+Hello,
+
+I recently needed a feature in dnsmasq for a very bizarre situation. I 
+placed a list of name servers in a special resolve file and told dnsmasq 
+to use that. But I wanted it to try requests in order and treat NXDOMAIN 
+requests as a failed tcp connection. I wrote the feature into dnsmasq 
+and it seems to work. I prepared a patch in the event that others might 
+find it useful as well.
+
+Thanks and keep up the good work.
+
+--Bob
+

contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch

@@ -0,0 +1,61 @@
+diff -Nau dnsmasq-2.35/src/dnsmasq.h dnsmasq/src/dnsmasq.h
+--- dnsmasq-2.35/src/dnsmasq.h	2006-10-18 16:24:50.000000000 -0400
++++ dnsmasq/src/dnsmasq.h	2006-11-16 22:06:31.000000000 -0500
+@@ -112,6 +112,7 @@
+ #define OPT_NO_PING        2097152
+ #define OPT_LEASE_RO       4194304
+ #define OPT_RELOAD         8388608
++#define OPT_TRY_ALL_NS     16777216
+ 
+ struct all_addr {
+   union {
+diff -Nau dnsmasq-2.35/src/forward.c dnsmasq/src/forward.c
+--- dnsmasq-2.35/src/forward.c	2006-10-18 16:24:50.000000000 -0400
++++ dnsmasq/src/forward.c	2006-11-16 22:08:19.000000000 -0500
+@@ -445,6 +445,10 @@
+     {
+        struct server *server = forward->sentto;
+        
++       // If strict-order and try-all-ns are set, treat NXDOMAIN as a failed request
++       if( (daemon->options & OPT_ORDER) && (daemon->options && OPT_TRY_ALL_NS)
++           && header->rcode == NXDOMAIN ) header->rcode = SERVFAIL;
++
+        if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && forward->forwardall == 0)
+ 	 /* for broken servers, attempt to send to another one. */
+ 	 {
+diff -Nau dnsmasq-2.35/src/option.c dnsmasq/src/option.c
+--- dnsmasq-2.35/src/option.c	2006-10-18 16:24:50.000000000 -0400
++++ dnsmasq/src/option.c	2006-11-16 22:10:36.000000000 -0500
+@@ -28,7 +28,7 @@
+ 
+ /* options which don't have a one-char version */
+ #define LOPT_RELOAD 256
+-
++#define LOPT_TRY_ALL_NS 257
+ 
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =  
+@@ -102,6 +102,7 @@
+     {"leasefile-ro", 0, 0, '9'},
+     {"dns-forward-max", 1, 0, '0'},
+     {"clear-on-reload", 0, 0, LOPT_RELOAD },
++    {"try-all-ns", 0, 0, LOPT_TRY_ALL_NS },
+     { NULL, 0, 0, 0 }
+   };
+ 
+@@ -134,6 +135,7 @@
+   { '5',            OPT_NO_PING },
+   { '9',            OPT_LEASE_RO },
+   { LOPT_RELOAD,    OPT_RELOAD },
++  { LOPT_TRY_ALL_NS,OPT_TRY_ALL_NS },
+   { 'v',            0},
+   { 'w',            0},
+   { 0, 0 }
+@@ -208,6 +210,7 @@
+   { "-9, --leasefile-ro", gettext_noop("Read leases at startup, but never write the lease file."), NULL },
+   { "-0, --dns-forward-max=<queries>", gettext_noop("Maximum number of concurrent DNS queries. (defaults to %s)"), "!" }, 
+   { "    --clear-on-reload", gettext_noop("Clear DNS cache when reloading %s."), RESOLVFILE },
++  { "    --try-all-ns", gettext_noop("Try all name servers in tandem on NXDOMAIN replies (use with strict-order)."), NULL },
+   { NULL, NULL, NULL }
+ }; 
+ 

contrib/webmin/README

@@ -0,0 +1,54 @@
+
+This is the README for the DNSmasq webmin module.
+
+Problems:
+
+1) There's only basic error checking - if you enter some bad
+addresses or names, they will go straight into the config file
+although we do check for things like IP addresses being of
+the correct form (no letters, 4 groups of up to 3 digits
+separated by dots etc). One thing that ISN'T CHECKED FOR is
+that IP dotted quads are all numbers < 256. Another is that
+netmasks are logical (you could enter a netmask of 255.0.255.0 
+for example). Essentially, if it'll pass the config file
+regex scanner (and the above examples will), it won't be 
+flagged as "bad" even if it is a big no-no for dnsmasq itself. 
+
+2) Code is ugly and a kludge - I ain't a programmer! There are probably 
+a lot of things that could be done to tidy up the code - eg, 
+it probably wouldn't hurt to move some common stuff into the lib file.
+
+3) I've used the %text hash and written an english lang file, but
+I am mono-lingual so no other language support as yet.
+
+4) for reasons unknown to me, the icon does not appear properly
+on the servers page of webmin (at least it doesn't for me!)
+
+5) icons have been shamelessly stolen from the ipfilter module,
+specifically the up and down arrows.
+
+6) if you delete an item, the config file will contain
+an otherwise empty, but commented line. This means that if
+you add some new stuff, then delete it, the config file
+will have a number of lines at the end that are just comments.
+Therefore, the config file could possibly grow quite large.
+
+7) NO INCLUDE FILES!
+if you use an include file, it'll be flagged as an error. 
+OK if the include file line is commented out though.
+
+8) deprecated lines not supported (eg user and group) - they
+may produce an error! (user and group don't, but you can't change
+them)
+
+IOW, it works, it's just not very elegant and not very robust.
+
+Hope you find it useful though - I do, as I prevents me having to ever
+wade through the config file and man pages again.
+
+If you modify it, or add a language file, and you have a spare moment,
+please e-mail me - I won't be upset at all if you fix my poor coding!
+(rather the opposite - I'd be pleased someone found it usefull)
+
+Cheers,
+	Neil Fisher <neil@magnecor.com.au>

contrib/wrt/Makefile

@@ -0,0 +1,6 @@
+CFLAGS?= -O2 -Wall -W
+
+all: dhcp_release dhcp_lease_time
+
+clean:
+	rm -f *~ *.o core dhcp_release dhcp_lease_time

contrib/wrt/README

@@ -0,0 +1,81 @@
+This script can be used to implement persistent leases on openWRT, DD-WRT
+etc. Persistent leases are good: if the lease database is lost on a
+reboot, then it will eventually be restored as hosts renew their
+leases. Until a host renews (which may take hours/days) it will
+not exist in the DNS if dnsmasq's DDNS function is in use.
+
+*WRT systems remount all non-volatile fileystems read-only after boot,
+so the normal leasefile will not work. They do, however have NV
+storage, accessed with the nvram command:
+
+/usr/lib #  nvram
+usage: nvram [get name] [set name=value] [unset name] [show]
+
+The principle is that leases are kept in NV variable with data
+corresponding to the line in a leasefile:
+
+dnsmasq_lease_192.168.1.56=3600 00:41:4a:05:80:74 192.168.1.56 * *
+
+By giving dnsmasq the leasefile-ro command, it no longer creates or writes a
+leasefile; responsibility for maintaining the lease database transfers
+to the lease change script. At startup, in leasefile-ro mode,
+dnsmasq will run
+
+"<lease_change_script> init" 
+
+and read whatever that command spits out, expecting it to
+be in dnsmasq leasefile format.
+
+So the lease change script, given "init" as argv[1] will 
+suck existing leases out of the NVRAM and emit them from
+stdout in the correct format.
+
+The second part of the problem is keeping the NVRAM up-to-date: this
+is done by the lease-change script which dnsmasq runs when a lease is
+updated. When it is called with argv[1] as "old", "add", or "del"
+it updates the relevant nvram entry.
+
+So, dnsmasq should be run as :
+
+dnsmasq --leasefile-ro --dhcp-script=/path/to/lease_update.sh
+
+or the same flags added to /etc/dnsmasq.conf
+
+
+
+Notes: 
+
+This needs dnsmasq-2.33 or later to work.
+
+This technique will work with, or without, compilation with
+HAVE_BROKEN_RTC. Compiling with HAVE_BROKEN_RTC is
+_highly_recommended_ for this application since is avoids problems
+with the system clock being warped by NTP, and it vastly reduces the
+number of writes to the NVRAM. With HAVE_BROKEN_RTC, NVRAM is updated
+only when a lease is created or destroyed; without it, a write occurs
+every time a lease is renewed.
+
+It probably makes sense to restrict the number of active DHCP leases
+to an appropriate number using dhcp-lease-max. On a new DD_WRT system,
+there are about 10K bytes free in the NVRAM. Each lease record is
+about 100 bytes, so restricting the number of leases to 50 will limit
+use to half that. (The default limit in the distributed source is 150)
+
+Any UI script which reads the dnsmasq leasefile will have to be
+ammended, probably by changing it to read the output of 
+`lease_update init` instead.
+ 
+
+Thanks:
+
+To Steve Horbachuk for checks on the script and debugging beyond the 
+call of duty.
+
+
+Simon Kelley
+Fri Jul 28 11:51:13 BST 2006
+
+
+
+
+

contrib/wrt/dhcp_lease_time.c

@@ -0,0 +1,214 @@
+/* Copyright (c) 2007 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+*/
+
+/* dhcp_lease_time <address> */
+
+/* Send a DHCPINFORM message to a dnsmasq server running on the local host
+   and print (to stdout) the time remaining in any lease for the given
+   address. The time is given as string printed to stdout.
+
+   If an error occurs or no lease exists for the given address, 
+   nothing is sent to stdout a message is sent to stderr and a
+   non-zero error code is returned.
+
+   Requires dnsmasq 2.40 or later. 
+*/
+
+#include <sys/types.h> 
+#include <netinet/in.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <net/if_arp.h>
+#include <sys/ioctl.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <errno.h>
+
+#define DHCP_CHADDR_MAX          16
+#define BOOTREQUEST              1
+#define DHCP_COOKIE              0x63825363
+#define OPTION_PAD               0
+#define OPTION_LEASE_TIME        51
+#define OPTION_OVERLOAD          52
+#define OPTION_MESSAGE_TYPE      53
+#define OPTION_END               255
+#define DHCPINFORM               8
+#define DHCP_SERVER_PORT         67
+
+#define option_len(opt) ((int)(((unsigned char *)(opt))[1]))
+#define option_ptr(opt) ((void *)&(((unsigned char *)(opt))[2]))
+
+
+typedef unsigned char u8;
+typedef unsigned short u16;
+typedef unsigned int u32;
+
+struct dhcp_packet {
+  u8 op, htype, hlen, hops;
+  u32 xid;
+  u16 secs, flags;
+  struct in_addr ciaddr, yiaddr, siaddr, giaddr;
+  u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128];
+  u32 cookie;
+  unsigned char options[308];
+};
+
+static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize)
+{
+  while (*p != OPTION_END) 
+    {
+      if (p >= end)
+        return NULL; /* malformed packet */
+      else if (*p == OPTION_PAD)
+        p++;
+      else 
+        { 
+          int opt_len;
+          if (p >= end - 2)
+            return NULL; /* malformed packet */
+          opt_len = option_len(p);
+          if (p >= end - (2 + opt_len))
+            return NULL; /* malformed packet */
+          if (*p == opt && opt_len >= minsize)
+            return p;
+          p += opt_len + 2;
+        }
+    }
+  
+  return opt == OPTION_END ? p : NULL;
+}
+ 
+static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize)
+{
+  unsigned char *ret, *overload;
+  
+  /* skip over DHCP cookie; */
+  if ((ret = option_find1(&mess->options[0], ((unsigned char *)mess) + size, opt_type, minsize)))
+    return ret;
+
+  /* look for overload option. */
+  if (!(overload = option_find1(&mess->options[0], ((unsigned char *)mess) + size, OPTION_OVERLOAD, 1)))
+    return NULL;
+  
+  /* Can we look in filename area ? */
+  if ((overload[2] & 1) &&
+      (ret = option_find1(&mess->file[0], &mess->file[128], opt_type, minsize)))
+    return ret;
+
+  /* finally try sname area */
+  if ((overload[2] & 2) &&
+      (ret = option_find1(&mess->sname[0], &mess->sname[64], opt_type, minsize)))
+    return ret;
+
+  return NULL;
+}
+
+static unsigned int option_uint(unsigned char *opt, int size)
+{
+  /* this worries about unaligned data and byte order */
+  unsigned int ret = 0;
+  int i;
+  unsigned char *p = option_ptr(opt);
+  
+  for (i = 0; i < size; i++)
+    ret = (ret << 8) | *p++;
+
+  return ret;
+}
+
+int main(int argc, char **argv)
+{ 
+  struct in_addr lease;
+  struct dhcp_packet packet;
+  unsigned char *p = packet.options;
+  struct sockaddr_in dest;
+  int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+  ssize_t rc;
+  
+  if (argc < 2)
+    { 
+      fprintf(stderr, "usage: dhcp_lease_time <address>\n");
+      exit(1);
+    }
+
+  if (fd == -1)
+    {
+      perror("cannot create socket");
+      exit(1);
+    }
+ 
+  lease.s_addr = inet_addr(argv[1]);
+   
+  memset(&packet, 0, sizeof(packet));
+ 
+  packet.hlen = 0;
+  packet.htype = 0;
+
+  packet.op = BOOTREQUEST;
+  packet.ciaddr = lease;
+  packet.cookie = htonl(DHCP_COOKIE);
+
+  *(p++) = OPTION_MESSAGE_TYPE;
+  *(p++) = 1;
+  *(p++) = DHCPINFORM;
+
+  *(p++) = OPTION_END;
+ 
+  dest.sin_family = AF_INET; 
+  dest.sin_addr.s_addr = inet_addr("127.0.0.1");
+  dest.sin_port = ntohs(DHCP_SERVER_PORT);
+  
+  if (sendto(fd, &packet, sizeof(packet), 0, 
+	     (struct sockaddr *)&dest, sizeof(dest)) == -1)
+    {
+      perror("sendto failed");
+      exit(1);
+    }
+
+  alarm(3); /* noddy timeout. */
+
+  rc = recv(fd, &packet, sizeof(packet), 0);
+  
+  if (rc < (ssize_t)(sizeof(packet) - sizeof(packet.options)))
+    {
+      perror("recv failed");
+      exit(1);
+    }
+
+  if ((p = option_find(&packet, (size_t)rc, OPTION_LEASE_TIME, 4)))
+    {
+      unsigned int t = option_uint(p, 4);
+      if (t == 0xffffffff)
+	printf("infinite");
+      else
+	{
+	  unsigned int x;
+	  if ((x = t/86400))
+	    printf("%dd", x);
+	  if ((x = (t/3600)%24))
+	    printf("%dh", x);
+	  if ((x = (t/60)%60))
+	    printf("%dm", x);
+	  if ((x = t%60))
+	    printf("%ds", x);
+	}
+      return 0;
+    }
+
+  return 1; /* no lease */
+}

contrib/wrt/dhcp_release.c

@@ -0,0 +1,331 @@
+/* Copyright (c) 2006 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+*/
+
+/* dhcp_release <interface> <address> <MAC address> <client_id>
+   MUST be run as root - will fail otherwise. */
+
+/* Send a DHCPRELEASE message via the specified interface 
+   to tell the local DHCP server to delete a particular lease. 
+   
+   The interface argument is the interface in which a DHCP
+   request _would_ be received if it was coming from the client, 
+   rather than being faked up here.
+   
+   The address argument is a dotted-quad IP addresses and mandatory. 
+   
+   The MAC address is colon separated hex, and is mandatory. It may be 
+   prefixed by an address-type byte followed by -, eg
+
+   10-11:22:33:44:55:66
+
+   but if the address-type byte is missing it is assumed to be 1, the type 
+   for ethernet. This encoding is the one used in dnsmasq lease files.
+
+   The client-id is optional. If it is "*" then it treated as being missing.
+*/
+
+#include <sys/types.h> 
+#include <netinet/in.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <net/if_arp.h>
+#include <sys/ioctl.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <errno.h>
+
+#define DHCP_CHADDR_MAX          16
+#define BOOTREQUEST              1
+#define DHCP_COOKIE              0x63825363
+#define OPTION_SERVER_IDENTIFIER 54
+#define OPTION_CLIENT_ID         61
+#define OPTION_MESSAGE_TYPE      53
+#define OPTION_END               255
+#define DHCPRELEASE              7
+#define DHCP_SERVER_PORT         67
+
+typedef unsigned char u8;
+typedef unsigned short u16;
+typedef unsigned int u32;
+
+struct dhcp_packet {
+  u8 op, htype, hlen, hops;
+  u32 xid;
+  u16 secs, flags;
+  struct in_addr ciaddr, yiaddr, siaddr, giaddr;
+  u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128];
+  u32 cookie;
+  unsigned char options[308];
+};
+
+static struct iovec iov;
+
+static int expand_buf(struct iovec *iov, size_t size)
+{
+  void *new;
+
+  if (size <= iov->iov_len)
+    return 1;
+
+  if (!(new = malloc(size)))
+    {
+      errno = ENOMEM;
+      return 0;
+    }
+
+  if (iov->iov_base)
+    {
+      memcpy(new, iov->iov_base, iov->iov_len);
+      free(iov->iov_base);
+    }
+
+  iov->iov_base = new;
+  iov->iov_len = size;
+
+  return 1;
+}
+
+static ssize_t netlink_recv(int fd)
+{
+  struct msghdr msg;
+  ssize_t rc;
+
+  msg.msg_control = NULL;
+  msg.msg_controllen = 0;
+  msg.msg_name = NULL;
+  msg.msg_namelen = 0;
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+    
+  while (1)
+    {
+      msg.msg_flags = 0;
+      while ((rc = recvmsg(fd, &msg, MSG_PEEK)) == -1 && errno == EINTR);
+      
+      /* 2.2.x doesn't suport MSG_PEEK at all, returning EOPNOTSUPP, so we just grab a 
+         big buffer and pray in that case. */
+      if (rc == -1 && errno == EOPNOTSUPP)
+        {
+          if (!expand_buf(&iov, 2000))
+            return -1;
+          break;
+        }
+      
+      if (rc == -1 || !(msg.msg_flags & MSG_TRUNC))
+        break;
+            
+      if (!expand_buf(&iov, iov.iov_len + 100))
+        return -1;
+    }
+
+  /* finally, read it for real */
+  while ((rc = recvmsg(fd, &msg, 0)) == -1 && errno == EINTR);
+  
+  return rc;
+}
+
+static int parse_hex(char *in, unsigned char *out, int maxlen, int *mac_type)
+{
+  int i = 0;
+  char *r;
+    
+  if (mac_type)
+    *mac_type = 0;
+  
+  while (maxlen == -1 || i < maxlen)
+    {
+      for (r = in; *r != 0 && *r != ':' && *r != '-'; r++);
+      if (*r == 0)
+        maxlen = i;
+      
+      if (r != in )
+        {
+          if (*r == '-' && i == 0 && mac_type)
+           {
+              *r = 0;
+              *mac_type = strtol(in, NULL, 16);
+              mac_type = NULL;
+           }
+          else
+            {
+              *r = 0;
+	      out[i] = strtol(in, NULL, 16);
+              i++;
+            }
+        }
+      in = r+1;
+    }
+    return i;
+}
+
+static int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask)
+{
+  return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr);
+}
+
+static struct in_addr find_interface(struct in_addr client, int fd, int index)
+{
+  struct sockaddr_nl addr;
+  struct nlmsghdr *h;
+  ssize_t len;
+ 
+  struct {
+    struct nlmsghdr nlh;
+    struct rtgenmsg g; 
+  } req;
+
+  addr.nl_family = AF_NETLINK;
+  addr.nl_pad = 0;
+  addr.nl_groups = 0;
+  addr.nl_pid = 0; /* address to kernel */
+
+  req.nlh.nlmsg_len = sizeof(req);
+  req.nlh.nlmsg_type = RTM_GETADDR;
+  req.nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST | NLM_F_ACK; 
+  req.nlh.nlmsg_pid = 0;
+  req.nlh.nlmsg_seq = 1;
+  req.g.rtgen_family = AF_INET; 
+
+  if (sendto(fd, (void *)&req, sizeof(req), 0, 
+	     (struct sockaddr *)&addr, sizeof(addr)) == -1)
+    {
+      perror("sendto failed");
+      exit(1);
+    }
+  
+  while (1)
+    {
+      if ((len = netlink_recv(fd)) == -1)
+	{
+	  perror("netlink");
+	  exit(1);
+	}
+
+      for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+	if (h->nlmsg_type == NLMSG_DONE)
+	  exit(0);
+	else if (h->nlmsg_type == RTM_NEWADDR)
+          {
+            struct ifaddrmsg *ifa = NLMSG_DATA(h);  
+            struct rtattr *rta;
+            unsigned int len1 = h->nlmsg_len - NLMSG_LENGTH(sizeof(*ifa));
+            
+            if (ifa->ifa_index == index && ifa->ifa_family == AF_INET)
+              {
+                struct in_addr netmask, addr;
+                
+                netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen));
+                addr.s_addr = 0;
+                
+                for (rta = IFA_RTA(ifa); RTA_OK(rta, len1); rta = RTA_NEXT(rta, len1))
+		  if (rta->rta_type == IFA_LOCAL)
+		    addr = *((struct in_addr *)(rta+1));
+		
+                if (addr.s_addr && is_same_net(addr, client, netmask))
+		  return addr;
+	      }
+	  }
+    }
+ 
+  exit(0);
+}
+
+int main(int argc, char **argv)
+{ 
+  struct in_addr server, lease;
+  int mac_type;
+  struct dhcp_packet packet;
+  unsigned char *p = packet.options;
+  struct sockaddr_in dest;
+  struct ifreq ifr;
+  int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+  int nl = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+  struct iovec iov;
+ 
+  iov.iov_len = 200;
+  iov.iov_base = malloc(iov.iov_len);
+
+  if (argc < 4 || argc > 5)
+    { 
+      fprintf(stderr, "usage: dhcp_release <interface> <addr> <mac> [<client_id>]\n");
+      exit(1);
+    }
+
+  if (fd == -1 || nl == -1)
+    {
+      perror("cannot create socket");
+      exit(1);
+    }
+  
+  /* This voodoo fakes up a packet coming from the correct interface, which really matters for 
+     a DHCP server */
+  strcpy(ifr.ifr_name, argv[1]);
+  if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1)
+    {
+      perror("cannot setup interface");
+      exit(1);
+    }
+  
+  
+  lease.s_addr = inet_addr(argv[2]);
+  server = find_interface(lease, nl, if_nametoindex(argv[1]));
+  
+  memset(&packet, 0, sizeof(packet));
+ 
+  packet.hlen = parse_hex(argv[3], packet.chaddr, DHCP_CHADDR_MAX, &mac_type);
+  if (mac_type == 0)
+    packet.htype = ARPHRD_ETHER;
+  else
+    packet.htype = mac_type;
+
+  packet.op = BOOTREQUEST;
+  packet.ciaddr = lease;
+  packet.cookie = htonl(DHCP_COOKIE);
+
+  *(p++) = OPTION_MESSAGE_TYPE;
+  *(p++) = 1;
+  *(p++) = DHCPRELEASE;
+
+  *(p++) = OPTION_SERVER_IDENTIFIER;
+  *(p++) = sizeof(server);
+  memcpy(p, &server, sizeof(server));
+  p += sizeof(server);
+
+  if (argc == 5 && strcmp(argv[4], "*") != 0)
+    {
+      unsigned int clid_len = parse_hex(argv[4], p+2, 255, NULL);
+      *(p++) = OPTION_CLIENT_ID;
+      *(p++) = clid_len;
+      p += clid_len;
+    }
+  
+  *(p++) = OPTION_END;
+ 
+  dest.sin_family = AF_INET;
+  dest.sin_port = ntohs(DHCP_SERVER_PORT);
+  dest.sin_addr = server;
+
+  if (sendto(fd, &packet, sizeof(packet), 0, 
+	     (struct sockaddr *)&dest, sizeof(dest)) == -1)
+    {
+      perror("sendto failed");
+      exit(1);
+    }
+
+  return 0;
+}

contrib/wrt/lease_update.sh

@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# Copyright (c) 2006 Simon Kelley
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; version 2 dated June, 1991.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+
+
+# if $1 is add del or old, this is a dnsmasq-called lease-change
+# script, update the nvram database. if $1 is init, emit a 
+# dnsmasq-format lease file to stdout representing the current state of the 
+# database, this is called by dnsmasq at startup.
+
+NVRAM=/usr/sbin/nvram
+PREFIX=dnsmasq_lease_
+
+# Arguments.
+# $1 is action (add, del, old)
+# $2 is MAC 
+# $3 is address
+# $4 is hostname (optional, may be unset)
+
+# env.
+# DNSMASQ_LEASE_LENGTH or DNSMASQ_LEASE_EXPIRES (which depends on HAVE_BROKEN_RTC)
+# DNSMASQ_CLIENT_ID (optional, may be unset)
+
+# File.
+# length|expires MAC addr hostname|* CLID|* 
+
+# Primary key is address.
+
+if [ ${1} = init ] ; then
+     ${NVRAM} show | sed -n -e "/^${PREFIX}.*/ s/^.*=//p"
+else
+     if [ ${1} = del ] ; then
+          ${NVRAM} unset ${PREFIX}${3}
+     fi
+
+     if [ ${1} = old ] || [ ${1} = add ] ; then
+          ${NVRAM} set ${PREFIX}${3}="${DNSMASQ_LEASE_LENGTH:-}${DNSMASQ_LEASE_EXPIRES:-} ${2} ${3} ${4:-*} ${DNSMASQ_CLIENT_ID:-*}"
+     fi
+     ${NVRAM} commit
+fi
+
+
+
+
+ 

dbus/dnsmasq.conf

@@ -0,0 +1,16 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+	<policy user="root">
+		<allow own="uk.org.thekelleys.dnsmasq"/>
+		<allow send_destination="uk.org.thekelleys.dnsmasq"/>
+                <allow send_interface="uk.org.thekelleys.dnsmasq"/>
+	</policy>
+	<policy context="default">
+                <deny own="uk.org.thekelleys.dnsmasq"/>
+                <deny send_destination="uk.org.thekelleys.dnsmasq"/>
+                <deny send_interface="uk.org.thekelleys.dnsmasq"/>
+        </policy>
+</busconfig>
+

dnsmasq-rh.spec

@@ -1,133 +0,0 @@
-###############################################################################
-#
-# General mumbojumbo
-#
-###############################################################################
-
-Name: dnsmasq
-Version: 2.26
-Release: 1
-License: GPL
-Group: System Environment/Daemons
-Vendor: Simon Kelley
-Packager: Simon Kelley
-Distribution: Red Hat Linux
-URL: http://www.thekelleys.org.uk/dnsmasq
-Source0: %{name}-%{version}.tar.gz
-Requires: chkconfig
-BuildRoot: /var/tmp/%{name}-%{version}
-Summary: A lightweight caching nameserver
-
-%description
-Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It 
-is designed to provide DNS and, optionally, DHCP, to a small network. It can
-serve the names of local machines which are not in the global DNS. The DHCP 
-server integrates with the DNS server and allows machines with DHCP-allocated
-addresses to appear in the DNS with names configured either in each host or 
-in a central configuration file. Dnsmasq supports static and dynamic DHCP 
-leases and BOOTP for network booting of diskless machines.
-
-
-
-###############################################################################
-#
-# Build
-#
-###############################################################################
-
-%prep
-%setup -q
-%build
-make all-i18n PREFIX=/usr
-
-
-###############################################################################
-#
-# Install
-#
-###############################################################################
-
-%install
-rm -rf $RPM_BUILD_ROOT
-
-mkdir -p -m 755 $RPM_BUILD_ROOT/usr/sbin
-mkdir -p -m 755 $RPM_BUILD_ROOT/etc/rc.d/init.d
-mkdir -p -m 755 $RPM_BUILD_ROOT/usr/share/man/man8
-
-cp rpm/dnsmasq.rh $RPM_BUILD_ROOT/etc/rc.d/init.d/dnsmasq
-make install-i18n DESTDIR=$RPM_BUILD_ROOT PREFIX=/usr
-strip $RPM_BUILD_ROOT/usr/sbin/dnsmasq
-cp src/dnsmasq $RPM_BUILD_ROOT/usr/sbin
-cp dnsmasq.conf.example $RPM_BUILD_ROOT/etc/dnsmasq.conf
-
-###############################################################################
-#
-# Clean up
-#
-###############################################################################
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
-###############################################################################
-#
-# Post-install scriptlet
-#
-###############################################################################
-
-%post
-/sbin/chkconfig --add dnsmasq
-
-
-###############################################################################
-#
-# Pre-uninstall scriptlet
-#
-# If there's a time when your package needs to have one last look around before
-# the user erases it, the place to do it is in the %preun script. Anything that
-# a package needs to do immediately prior to RPM taking any action to erase the
-# package, can be done here.
-#
-###############################################################################
-
-%preun
-if [ $1 = 0 ]; then     # execute this only if we are NOT doing an upgrade
-    service dnsmasq stop >/dev/null 2>&1
-    /sbin/chkconfig --del dnsmasq
-fi
-
-
-###############################################################################
-#
-# Post-uninstall scriptlet
-#
-# The %postun script executes after the package has been removed. It is the
-# last chance for a package to clean up after itself.
-#
-###############################################################################
-
-%postun
-if [ "$1" -ge "1" ]; then
-    service dnsmasq restart >/dev/null 2>&1
-fi
-
-
-###############################################################################
-#
-# File list
-#
-###############################################################################
-
-%files
-%defattr(-,root,root)
-%doc CHANGELOG COPYING FAQ doc.html setup.html UPGRADING_to_2.0
-%config /etc/rc.d/init.d/dnsmasq 
-%config /etc/dnsmasq.conf
-%attr(0755,root,root) /etc/rc.d/init.d/dnsmasq
-%attr(0664,root,root) /etc/dnsmasq.conf
-%attr(0755,root,root) /usr/sbin/dnsmasq
-%attr(0644,root,root) /usr/share/man/*/man8/dnsmasq*
-%attr(0644,root,root) /usr/share/man/man8/dnsmasq*
-%attr(0644,root,root) /usr/share/locale/*/LC_MESSAGES/*
-

dnsmasq.conf.example

@@ -11,15 +11,15 @@
 # these requests from bringing up the link uneccessarily.
 
 # Never forward plain names (without a dot or domain part)
-domain-needed
+#domain-needed
 # Never forward addresses in the non-routed address spaces.
-bogus-priv
+#bogus-priv
 
 
 # Uncomment this to filter useless windows-originated DNS requests
 # which can trigger dial-on-demand links needlessly.
 # Note that (amongst other things) this blocks all SRV requests,
-# so don't use it if you use eg Kerberos.
+# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
 # This option only affects forwarding, SRV records originating for
 # dnsmasq (via srv-host= lines) are not suppressed by it.
 #filterwin2k
@@ -37,7 +37,7 @@ bogus-priv
 
 # If you don't want dnsmasq to read /etc/resolv.conf or any other
 # file, getting its servers from this file instead (see below), then
-# uncomment this
+# uncomment this.
 #no-resolv
 
 # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
@@ -48,6 +48,10 @@ bogus-priv
 # non-public domains.
 #server=/localnet/192.168.0.1
 
+# Example of routing PTR queries to nameservers: this will send all 
+# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
+#server=/3.168.192.in-addr.arpa/10.1.2.3
+
 # Add local-only domains here, queries in these domains are answered
 # from /etc/hosts or DHCP only.
 #local=/localnet/
@@ -57,6 +61,18 @@ bogus-priv
 # webserver.
 #address=/doubleclick.net/127.0.0.1
 
+# --address (and --server) work with IPv6 addresses too.
+#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
+
+# You can control how dnsmasq talks to a server: this forces 
+# queries to 10.1.2.3 to be routed via eth1
+# --server=10.1.2.3@eth1
+
+# and this sets the source (ie local) address used to talk to
+# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
+# IP on the machine, obviously).
+# --server=10.1.2.3@192.168.1.1#55
+
 # If you want dnsmasq to change uid and gid to something other
 # than the default, edit the following lines.
 #user=
@@ -141,7 +157,7 @@ bogus-priv
 # the name fred and IP address 192.168.0.60 and lease time 45 minutes
 #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
 
-# Give the machine which says it's name is "bert" IP address
+# Give the machine which says its name is "bert" IP address
 # 192.168.0.70 and an infinite lease
 #dhcp-host=bert,192.168.0.70,infinite
 
@@ -176,6 +192,12 @@ bogus-priv
 # any machine with ethernet address starting 11:22:33:
 #dhcp-host=11:22:33:*:*:*,net:red
 
+# Ignore any clients which are specified in dhcp-host lines
+# or /etc/ethers. Equivalent to ISC "deny unkown-clients".
+# This relies on the special "known" tag which is set when 
+# a host is matched.
+#dhcp-ignore=#known
+
 # Send extra options which are tagged as "red" to any machine whose
 # DHCP vendorclass string includes the substring "Linux"
 #dhcp-vendorclass=red,Linux
@@ -184,6 +206,10 @@ bogus-priv
 # of whose DHCP userclass strings includes the substring "accounts"
 #dhcp-userclass=red,accounts
 
+# Send extra options which are tagged as "red" to any machine whose
+# MAC address matches the pattern.
+#dhcp-mac=red,00:60:8C:*:*:*
+
 # If this line is uncommented, dnsmasq will read /etc/ethers and act
 # on the ethernet-address/IP pairs found there just as if they had
 # been given as --dhcp-host options. Useful if you keep
@@ -192,20 +218,30 @@ bogus-priv
 
 # Send options to hosts which ask for a DHCP lease.
 # See RFC 2132 for details of available options.
+# Common options can be given to dnsmasq by name: 
+# run "dnsmasq --help dhcp" to get a list.
 # Note that all the common settings, such as netmask and
 # broadcast address, DNS server and default route, are given
-# sane defaults by dnsmasq. You very likely will not need any
+# sane defaults by dnsmasq. You very likely will not need 
 # any dhcp-options. If you use Windows clients and Samba, there
 # are some options which are recommended, they are detailed at the
 # end of this section.
-# For reference, the common options are:
-# subnet mask - 1
-# default router - 3
-# DNS server - 6
-# broadcast address - 28
+
+# Override the default route supplied by dnsmasq, which assumes the
+# router is the same machine as the one running dnsmasq.
+#dhcp-option=3,1.2.3.4
+
+# Do the same thing, but using the option name
+#dhcp-option=option:router,1.2.3.4
+
+# Override the default route supplied by dnsmasq and send no default
+# route at all. Note that this only works for the options sent by
+# default (1, 3, 6, 12, 28) the same line will send a zero-length option 
+# for all other option numbers.
+#dhcp-option=3
 
 # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
-#dhcp-option=42,192.168.0.4,10.10.0.5
+#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
 
 # Set the NTP time server address to be the same machine as
 # is running dnsmasq
@@ -226,7 +262,8 @@ bogus-priv
 
 # Specify an option which will only be sent to the "red" network
 # (see dhcp-range for the declaration of the "red" network)
-#dhcp-option=red,42,192.168.1.1
+# Note that the net: part must precede the option: part.
+#dhcp-option = net:red, option:ntp-server, 192.168.1.1
 
 # The following DHCP options set up dnsmasq in the same way as is specified
 # for the ISC dhcpcd in
@@ -242,18 +279,70 @@ bogus-priv
 
 # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
 # probably doesn't support this......
-#dhcp-option=119,eng.apple.com,marketing.apple.com
+#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
 
-# Send encapsulated vendor-class specific options. The vendor-class
-# is sent as DHCP option 60, and all the options marked with the
-# vendor class are send encapsulated in DHCP option 43. The meaning of
-# the options is defined by the vendor-class. This example sets the
-# mtftp address to 0.0.0.0 for PXEClients
+# Send RFC-3442 classless static routes (note the netmask encoding)
+#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
+
+# Send vendor-class specific options encapsulated in DHCP option 43. 
+# The meaning of the options is defined by the vendor-class so
+# options are sent only when the client supplied vendor class
+# matches the class given here. (A substring match is OK, so "MSFT" 
+# matches "MSFT" and "MSFT 5.0"). This example sets the
+# mtftp address to 0.0.0.0 for PXEClients.
 #dhcp-option=vendor:PXEClient,1,0.0.0.0
 
-# Set the boot filename and tftpd server name and address
-# for BOOTP. You will only need this is you want to
-# boot machines over the network.
+# Send microsoft-specific option to tell windows to release the DHCP lease
+# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
+# value as a four-byte integer - that's what microsoft wants. See
+# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
+#dhcp-option=vendor:MSFT,2,1i
+
+# Send the Encapsulated-vendor-class ID needed by some configurations of
+# Etherboot to allow is to recognise the DHCP server.
+#dhcp-option=vendor:Etherboot,60,"Etherboot"
+
+# Send options to PXELinux. Note that we need to send the options even
+# though they don't appear in the parameter request list, so we need
+# to use dhcp-option-force here. 
+# See http://syslinux.zytor.com/pxe.php#special for details.
+# Magic number - needed before anything else is recognised
+#dhcp-option-force=208,f1:00:74:7e
+# Configuration file name
+#dhcp-option-force=209,configs/common
+# Path prefix
+#dhcp-option-force=210,/tftpboot/pxelinux/files/
+# Reboot time. (Note 'i' to send 32-bit value)
+#dhcp-option-force=211,30i
+
+# Set the boot filename for BOOTP. You will only need 
+# this is you want to boot machines over the network and you will need
+# a TFTP server; either dnsmasq's built in TFTP server or an
+# external one. (See below for how to enable the TFTP server.)
+#dhcp-boot=pxelinux.0
+
+# Boot for Etherboot gPXE. The idea is to send two different
+# filenames, the first loads gPXE, and the second tells gPXE what to
+# load. The dhcp-match sets the gpxe tag for requests from gPXE.
+#dhcp-match=gpxe,175 # gPXE sends a 175 option.
+#dhcp-boot=net:#gpxe,undionly.kpxe
+#dhcp-boot=mybootimage
+ 
+# Enable dnsmasq's built-in TFTP server
+#enable-tftp
+
+# Set the root directory for files availble via FTP.
+#tftp-root=/var/ftpd
+
+# Make the TFTP server more secure: with this set, only files owned by
+# the user dnsmasq is running as will be send over the net.
+#tftp-secure
+
+# Set the boot file name only when the "red" tag is set.
+#dhcp-boot=net:red,pxelinux.red-net
+
+# An example of dhcp-boot with an external server: the name and IP
+# address of the server are given after the filename.
 #dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
 
 # Set the limit on DHCP leases, the default is 150
@@ -269,11 +358,17 @@ bogus-priv
 # whether it has a record of the lease or not. This avoids long timeouts
 # when a machine wakes up on a new network. DO NOT enable this if there's
 # the slighest chance that you might end up accidentally configuring a DHCP
-# server for your campus/company accidentally. The ISC server uses the same
+# server for your campus/company accidentally. The ISC server uses
 # the same option, and this URL provides more information:
 # http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
 #dhcp-authoritative
 
+# Run an executable when a DHCP lease is created or destroyed.
+# The arguments sent to the script are "add" or "del", 
+# then the MAC address, the IP address and finally the hostname
+# if there is one. 
+#dhcp-script=/bin/echo
+
 # Set the cachesize here.
 #cache-size=150
 
@@ -346,6 +441,11 @@ bogus-priv
 # example.com
 #srv-host=_ldap._tcp.example.com
 
+# The following line shows how to make dnsmasq serve an arbitrary PTR
+# record. This is useful for DNS-SD. (Note that the
+# domain-name expansion done for SRV records _does_not
+# occur for PTR records.)
+#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
 
 # Change the following lines to enable dnsmasq to serve TXT records.
 # These are used for things like SPF and zeroconf. (Note that the
@@ -353,7 +453,7 @@ bogus-priv
 # occur for TXT records.)
 
 #Example SPF.
-#txt-record=example.com,v=spf1 a -all
+#txt-record=example.com,"v=spf1 a -all"
 
 #Example zeroconf
 #txt-record=_http._tcp.example.com,name=value,paper=A4
@@ -363,5 +463,9 @@ bogus-priv
 # dnsmasq.
 #log-queries
 
+# Log lots of extra information about DHCP transactions.
+#log-dhcp
+
 # Include a another lot of configuration options.
 #conf-file=/etc/dnsmasq.more.conf
+#conf-dir=/etc/dnsmasq.d

doc.html

@@ -11,20 +11,22 @@ Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
  server and allows machines with DHCP-allocated addresses
  to appear in the DNS with names configured either in each host or
  in a central configuration file. Dnsmasq supports static and dynamic 
- DHCP leases and BOOTP for network booting of diskless machines.
+ DHCP leases and BOOTP/TFTP for network booting of diskless machines.
 <P>
  Dnsmasq is targeted at home networks using NAT and 
 connected to the internet via a modem, cable-modem or ADSL
-connection but would be a good choice for any small network where low
+connection but would be a good choice for any smallish network (up to
+1000 clients is known to work) where low
 resource use and ease of configuration are important. 
 <P>
-Supported platforms include Linux (with glibc and uclibc), *BSD and
-Mac OS X.
+Supported platforms include Linux (with glibc and uclibc), *BSD,
+Solaris and Mac OS X.
 Dnsmasq is included in at least the following Linux distributions:
-Gentoo, Debian, Slackware, Suse, 
-Smoothwall, IP-Cop, floppyfw, Firebox, LEAF, Freesco, fli4l, CoyoteLinux and
-Clarkconnect. It is also available as a FreeBSD port and is used in
-Linksys wireless routers and the m0n0wall project.
+Gentoo, Debian, Slackware, Suse, Fedora,
+Smoothwall, IP-Cop, floppyfw, Firebox, LEAF, Freesco, fli4l,
+CoyoteLinux, Endian Firewall and
+Clarkconnect. It is also available as FreeBSD, OpenBSD and NetBSD ports and is used in
+Linksys wireless routers (dd-wrt, openwrt and the stock firmware) and the m0n0wall project.
 <P>
 Dnsmasq provides the following features:
 <DIR>
@@ -57,7 +59,7 @@ improving performance (especially on modem connections).
 </LI>
 <LI>
 Dnsmasq can be configured to automatically pick up the addresses of
-it's upstream nameservers from ppp or dhcp configuration. It will
+its upstream nameservers from ppp or dhcp configuration. It will
 automatically reload this information if it changes. This facility
 will be of particular interest to maintainers of Linux firewall
 distributions since it allows dns configuration to be made automatic.
@@ -73,7 +75,7 @@ upstream servers handling only those domains. This makes integration
 with private DNS systems easy.
 </LI>
 <LI>
-Dnsmasq supports MX records and can be configured to return MX records
+Dnsmasq supports MX and SRV records and can be configured to return MX records
 for any or all local machines.
 </LI>
 </DIR>
@@ -81,27 +83,11 @@ for any or all local machines.
 <H2>Download.</H2>
 
 <A HREF="http://www.thekelleys.org.uk/dnsmasq/"> Download</A> dnsmasq here. 
-The tarball includes this documentation, source, manpage and control files for building .rpms.
-There are also pre-built i386 .rpms, and a 
-<A HREF="CHANGELOG"> CHANGELOG</A>.
+The tarball includes this documentation, source, and manpage.
+There is also a <A HREF="CHANGELOG"> CHANGELOG</A> and a <A HREF="FAQ">FAQ</A>.
 Dnsmasq is part of the Debian distribution, it can be downloaded from 
 <A HREF="http://ftp.debian.org/debian/pool/main/d/dnsmasq/"> here</A> or installed using <TT>apt</TT>.
 
-
-<H2>Building rpms.</H2>
-Assuming you have the relevant tools installed, you can rebuild .rpms simply by running (as root)
-
-<PRE>
-rpmbuild -ta dnsmasq-xxx.tar.gz
-</PRE>
-
-Note for Suse users: you will need to re-compress the tar file as
-bzip2 before building using the commands
-<PRE>
-gunzip dnsmasq-xxx.tar.gz
-bzip2 dnsmasq-zzz.tar
-</PRE>
-
 <H2>Links.</H2>
 There is an article in German on dnsmasq at <A
 HREF="http://www.linuxnetmag.com/de/issue7/m7dnsmasq1.html">http://www.linuxnetmag.com/de/issue7/m7dnsmasq1.html</A>

man/dnsmasq.8

@@ -6,8 +6,8 @@ dnsmasq \- A lightweight DHCP and caching DNS server.
 .I [OPTION]...
 .SH "DESCRIPTION"
 .BR dnsmasq
-is a lightweight DNS and DHCP server. It is intended to provide coupled DNS and DHCP service to a
-LAN.
+is a lightweight DNS, TFTP and DHCP server. It is intended to provide 
+coupled DNS and DHCP service to a LAN.
 .PP
 Dnsmasq accepts DNS queries and either answers them from a small, local,
 cache or forwards them to a real, recursive, DNS server. It loads the
@@ -18,13 +18,15 @@ DNS queries for DHCP configured hosts.
 The dnsmasq DHCP server supports static address assignments, multiple
 networks, DHCP-relay and RFC3011 subnet specifiers. It automatically
 sends a sensible default set of DHCP options, and can be configured to
-send any desired set of DHCP options. It also supports BOOTP.
+send any desired set of DHCP options, including vendor-encapsulated
+options. It includes a secure, read-only,
+TFTP server to allow net/PXE boot of DHCP hosts and also supports BOOTP.
 .PP
 Dnsmasq 
-supports IPv6.
+supports IPv6 for DNS, but not DHCP.
 .SH OPTIONS
 Note that in general missing parameters are allowed and switch off
-functions, for instance "--pid-file=" disables writing a PID file. On
+functions, for instance "--pid-file" disables writing a PID file. On
 BSD, unless the GNU getopt library is linked, the long form of the
 options does not work on the command line; it is still recognised in
 the configuration file.
@@ -37,6 +39,10 @@ Additional hosts file. Read the specified file as well as /etc/hosts. If -h is g
 only the specified file. This option may be repeated for more than one
 additional hosts file.
 .TP
+.B \-E, --expand-hosts
+Add the domain to simple names (without a period) in /etc/hosts
+in the same way as for DHCP-derived names.
+.TP
 .B \-T, --local-ttl=<time>
 When replying with information from /etc/hosts or the DHCP leases
 file dnsmasq by default sets the time-to-live field to zero, meaning
@@ -46,6 +52,14 @@ time-to-live (in seconds) to be given for these replies. This will
 reduce the load on the server at the expense of clients using stale
 data under some circumstances.
 .TP
+.B --neg-ttl=<time>
+Negative replies from upstream servers normally contain time-to-live
+information in SOA records which dnsmasq uses for caching. If the
+replies from upstream servers omit this information, dnsmasq does not
+cache the reply. This option gives a default value for time-to-live
+(in seconds) which dnsmasq uses to cache negative replies even in 
+the absence of an SOA record. 
+.TP
 .B \-k, --keep-in-foreground
 Do not go into the background at startup but otherwise run as
 normal. This is intended for use when dnsmasq is run under daemontools
@@ -60,6 +74,28 @@ to handle TCP queries.
 .B \-q, --log-queries
 Log the results of DNS queries handled by dnsmasq. Enable a full cache dump on receipt of SIGUSR1.
 .TP
+.B \-8, --log-facility=<facility>
+Set the facility to which dnsmasq will send syslog entries, this
+defaults to DAEMON, and to LOCAL0 when debug mode is in operation. If
+the facility given contains at least one '/' character, it is taken to
+be a filename, and dnsmasq logs to the given file, instead of
+syslog. (Errors whilst reading configuration will still go to syslog,
+but all output from a successful startup, and all output whilst
+running, will go exclusively to the file.) When logging to a file,
+dnsmasq will close and reopen the file when it receives SIGUSR2. This 
+allows the log file to be rotated without stopping dnsmasq.
+.TP
+.B --log-async[=<lines>]
+Enable asynchronous logging and optionally set the limit on the
+number of lines
+which will be queued by dnsmasq when writing to the syslog is slow. 
+Dnsmasq can log asynchronously: this
+allows it to continue functioning without being blocked by syslog, and
+allows syslog to use dnsmasq for DNS queries without risking deadlock.
+If the queue of log-lines becomes full, dnsmasq will log the
+overflow, and the number of messages  lost. The default queue length is
+5, a sane value would be 5-25, and a maximum limit of 100 is imposed.
+.TP
 .B \-x, --pid-file=<path>
 Specify an alternate path for dnsmasq to record its process-id in. Normally /var/run/dnsmasq.pid.
 .TP
@@ -77,8 +113,8 @@ as. The defaults to "dip", if available, to facilitate access to
 Print the version number.
 .TP
 .B \-p, --port=<port>
-Listen on <port> instead of the standard DNS port (53). Useful mainly for
-debugging.
+Listen on <port> instead of the standard DNS port (53). Setting this
+to zero completely disables DNS function, leaving only DHCP and/or TFTP.
 .TP
 .B \-P, --edns-packet-max=<size>
 Specify the largest EDNS.0 UDP packet which is supported by the DNS
@@ -86,9 +122,18 @@ forwarder. Defaults to 1280, which is the RFC2671-recommended maximum
 for ethernet.
 .TP
 .B \-Q, --query-port=<query_port>
-Send outbound DNS queries from, and listen for their replies on, the specific UDP port <query_port> instead of using one chosen at runtime.  Useful to simplify your
-firewall rules; without this, your firewall would have to allow connections from outside DNS servers to a range of UDP ports, or dynamically adapt to the
-port being used by the current dnsmasq instance.
+Send outbound DNS queries from, and listen for their replies on, the
+specific UDP port <query_port> instead of using random ports. NOTE
+that using this option will make dnsmasq less secure against DNS
+spoofing attacks but it may be faster and use less resources.  Setting this option
+to zero makes dnsmasq use a single port allocated to it by the
+OS: this was the default behaviour in versions prior to 2.43. 
+.TP
+.B --min-port=<port>
+Do not use ports less than that given as source for outbound DNS
+queries. Dnsmasq picks random ports as source for outbound queries:
+when this option is given, the ports used will always to larger
+than that specified. Useful for systems behind firewalls. 
 .TP
 .B \-i, --interface=<interface name>
 Listen only on the specified interface(s). Dnsmasq automatically adds
@@ -102,14 +147,11 @@ or
 options are given dnsmasq listens on all available interfaces except any
 given in
 .B \--except-interface
-options. If IP alias interfaces (eg "eth1:0") are used with
+options. IP alias interfaces (eg "eth1:0") cannot be used with
 .B --interface
 or
 .B --except-interface
-options, then the 
-.B --bind-interfaces 
-option will be automatically set. This is required for deeply boring
-sockets-API reasons. 
+options, use --listen-address instead. 
 .TP
 .B \-I, --except-interface=<interface name>
 Do not listen on the specified interface. Note that the order of
@@ -122,7 +164,7 @@ options does not matter and that
 options always override the others.
 .TP 
 .B \-2, --no-dhcp-interface=<interface name>
-Do not provide DHCP on the specified interface, but do provide DNS service.
+Do not provide DHCP or TFTP on the specified interface, but do provide DNS service.
 .TP
 .B \-a, --listen-address=<ipaddr>
 Listen on the given IP address(es). Both 
@@ -148,9 +190,7 @@ working even when interfaces come and go and change address. This
 option forces dnsmasq to really bind only the interfaces it is
 listening on. About the only time when this is useful is when 
 running another nameserver (or another instance of dnsmasq) on the
-same machine or when using IP
-alias. Specifying interfaces with IP alias automatically turns this
-option on. Setting this option also enables multiple instances of
+same machine. Setting this option also enables multiple instances of
 dnsmasq which provide DHCP service to run in the same machine.
 .TP
 .B \-y, --localise-queries
@@ -213,20 +253,36 @@ been built with DBus support.
 .TP 
 .B \-o, --strict-order
 By default, dnsmasq will send queries to any of the upstream servers
-it knows about and tries to favour servers to are known to
+it knows about and tries to favour servers that are known to
 be up. Setting this flag forces dnsmasq to try each query with each
 server strictly in the order they appear in /etc/resolv.conf
 .TP
+.B --all-servers
+By default, when dnsmasq has more than one upstream server available,
+it will send queries to just one server. Setting this flag forces
+dnsmasq to send all queries to all available servers. The reply from
+the server which answers first will be returned to the original requestor.
+.TP
+.B --stop-dns-rebind
+Reject (and log) addresses from upstream nameservers which are in the
+private IP ranges. This blocks an attack where a browser behind a
+firewall is used to probe machines on the local network.
+.TP
 .B \-n, --no-poll
 Don't poll /etc/resolv.conf for changes.
 .TP
+.B --clear-on-reload
+Whenever /etc/resolv.conf is re-read, clear the DNS cache.
+This is useful when new nameservers may have different
+data than that held in cache.
+.TP
 .B \-D, --domain-needed
 Tells dnsmasq to never forward queries for plain names, without dots
 or domain parts, to upstream nameservers. If the name is not known
 from /etc/hosts or DHCP then a "not found" answer is returned.
 .TP
-.B \-S, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source>[#<port>]]]
-Specify IP address of upstream severs directly. Setting this flag does
+.B \-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]
+Specify IP address of upstream servers directly. Setting this flag does
 not suppress reading of /etc/resolv.conf, use -R to do that. If one or
 more 
 optional domains are given, that server is used only for those domains
@@ -256,13 +312,18 @@ is a synonym for
 .B server
 to make configuration files clearer in this case.
 
-The optional second IP address after the @ character tells
-dnsmasq how to set the source address of the queries to this
-nameserver. It should be an address belonging to the machine on which
+The optional string after the @ character tells
+dnsmasq how to set the source of the queries to this
+nameserver. It should be an ip-address, which should belong to the machine on which
 dnsmasq is running otherwise this server line will be logged and then
-ignored. The query-port flag is ignored for any servers which have a
+ignored, or an interface name. If an interface name is given, then
+queries to the server will be forced via that interface; if an
+ip-address is given then the source address of the queries will be set
+to that address.
+The query-port flag is ignored for any servers which have a
 source address specified but the port may be specified directly as
-part of the source address.
+part of the source address. Forcing queries to an interface is not
+implemented on all platforms supported by dnsmasq.
 .TP
 .B \-A, --address=/<domain>/[domain/]<ipaddr>
 Specify an IP address to return for any host in the given domains.
@@ -318,14 +379,36 @@ all that match are returned.
 Return a TXT DNS record. The value of TXT record is a set of strings,
 so  any number may be included, split by commas.
 .TP
+.B --ptr-record=<name>[,<target>]
+Return a PTR DNS record.
+.TP
+.B --naptr-record=<name>,<order>,<preference>,<flags>,<service>,<regexp>[,<replacement>]
+Return an NAPTR DNS record, as specified in RFC3403.
+.TP
+.B --interface-name=<name>,<interface>
+Return a DNS record associating the name with the primary address on
+the given interface. This flag specifies an A record for the given
+name in the same way as an /etc/hosts line, except that the address is
+not constant, but taken from the given interface. If the interface is
+down, not configured or non-existent, an empty record is returned. The
+matching PTR record is also created, mapping the interface address to
+the name. More than one name may be associated with an interface
+address by repeating the flag; in that case the first instance is used
+for the reverse address-to-name mapping.
+.TP
 .B \-c, --cache-size=<cachesize>
 Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.
 .TP
 .B \-N, --no-negcache
 Disable negative caching. Negative caching allows dnsmasq to remember
 "no such domain" answers from upstream nameservers and answer
-identical queries without forwarding them again. This flag disables
-negative caching.
+identical queries without forwarding them again. 
+.TP
+.B \-0, --dns-forward-max=<queries>
+Set the maximum number of concurrent DNS queries. The default value is
+150, which should be fine for most setups. The only known situation
+where this needs to be increased is when using web-server log file
+resolvers, which can generate large numbers of concurrent queries.
 .TP
 .B \-F, --dhcp-range=[[net:]network-id,]<start-addr>,<end-addr>[[,<netmask>],<broadcast>][,<default lease time>]
 Enable the DHCP server. Addresses will be given out from the range
@@ -334,7 +417,8 @@ in
 .B dhcp-host
 options. If the lease time is given, then leases
 will be given for that length of time. The lease time is in seconds,
-or minutes (eg 45m) or hours (eg 1h) or the literal "infinite". This
+or minutes (eg 45m) or hours (eg 1h) or the literal "infinite". The
+minimum lease time is two minutes. This
 option may be repeated, with different addresses, to enable DHCP
 service to more than one network. For directly connected networks (ie,
 networks on which the machine running dnsmasq has an interface) the
@@ -344,12 +428,12 @@ always optional. On some broken systems, dnsmasq can listen on only
 one interface when using DHCP, and the name of that interface must be
 given using the
 .B interface
-option. This limitation currently affects OpenBSD. It is always
+option. This limitation currently affects OpenBSD before version 4.0. It is always
 allowed to have more than one dhcp-range in a single subnet. The optional
 network-id is a alphanumeric label which marks this network so that
 dhcp options may be specified on a per-network basis. 
 When it is prefixed with 'net:' then its meaning changes from setting
-a tag to matching it.
+a tag to matching it. Only one tag may be set, but more than one tag may be matched.
 The end address may be replaced by the keyword 
 .B static
 which tells dnsmasq to enable DHCP for the network specified, but not
@@ -358,7 +442,7 @@ addresses given via
 .B dhcp-host
 or from /etc/ethers will be served.
 .TP
-.B \-G, --dhcp-host=[[<hwaddr>]|[id:[<client_id>][*]]][net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
+.B \-G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
 Specify per host parameters for the DHCP server. This allows a machine
 with a particular hardware address to be always allocated the same
 hostname, IP address and lease time. A hostname specified like this
@@ -368,7 +452,7 @@ which case the IP address and lease times will apply to any machine
 claiming that name. For example 
 .B --dhcp-host=00:20:e0:3b:13:af,wap,infinite 
 tells dnsmasq to give
-the machine with ethernet address 00:20:e0:3b:13:af the name wap, and
+the machine with hardware address 00:20:e0:3b:13:af the name wap, and
 an infinite DHCP lease. 
 .B --dhcp-host=lap,192.168.0.199 
 tells
@@ -395,15 +479,36 @@ instance
 This is
 useful when there is another DHCP server on the network which should
 be used by some machines. The net:<network-id> sets the network-id tag
-whenever this dhcp-host directive is in use.
-This can be used to selectively send DHCP options just
-for this host.
+whenever this dhcp-host directive is in use.This can be used to 
+selectively send DHCP options just for this host. When a host matches any
+dhcp-host directive (or one implied by /etc/ethers) then the special
+network-id tag "known" is set. This allows dnsmasq to be configured to
+ignore requests from unknown machines using
+.B --dhcp-ignore=#known
 Ethernet addresses (but not client-ids) may have
 wildcard bytes, so for example 
 .B --dhcp-host=00:20:e0:3b:13:*,ignore 
-will cause dnsmasq to ignore a range of ethernet addresses. Note that
+will cause dnsmasq to ignore a range of hardware addresses. Note that
 the "*" will need to be escaped or quoted on a command line, but not
-in the configuration file.
+in the configuration file. Hardware addresses normally match any
+network (ARP) type, but it is possible to restrict them to a single
+ARP type by preceding them with the ARP-type (in HEX) and "-". so 
+.B --dhcp-host=06-00:20:e0:3b:13:af,1.2.3.4 
+will only match a
+Token-Ring hardware address, since the ARP-address type for token ring
+is 6.
+.TP
+.B --dhcp-hostsfile=<file>
+Read DHCP host information from the specified file. The file contains 
+information about one host per line. The format of a line is the same
+as text to the right of '=' in --dhcp-host. The advantage of storing DHCP host information
+in this file is that it can be changed without re-starting dnsmasq:
+the file will be re-read when dnsmasq receives SIGHUP.
+.TP
+.B --dhcp-optsfile=<file>
+Read DHCP option information from the specified file. The advantage of 
+using this option is the same as for --dhcp-hostsfile: the
+dhcp-optsfile will be re-read when dnsmasq receives SIGHUP.
 .TP 
 .B \-Z, --read-ethers
 Read /etc/ethers for information about hosts for the DHCP server. The
@@ -411,27 +516,41 @@ format of /etc/ethers is a hardware address, followed by either a
 hostname or dotted-quad IP address. When read by dnsmasq these lines
 have exactly the same effect as
 .B --dhcp-host
-options containing the same information.
+options containing the same information. /etc/ethers is re-read when 
+dnsmasq receives SIGHUP.
 .TP
-.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][vendor:<vendor-class>]<opt>,[<value>[,<value>]]
+.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][vendor:[<vendor-class>],][<opt>|option:<opt-name>],[<value>[,<value>]]
 Specify different or extra options to DHCP clients. By default,
 dnsmasq sends some standard options to DHCP clients, the netmask and
 broadcast address are set to the same as the host running dnsmasq, and
 the DNS server and default route are set to the address of the machine
 running dnsmasq. If the domain name option has been set, that is sent.
-This option allows these defaults to be overridden,
-or other options specified. The <opt> is the number of the option, as
-specified in RFC2132. For example, to set the default route option to 
+This configuration allows these defaults to be overridden,
+or other options specified. The option, to be sent may be given as a
+decimal number or as "option:<option-name>" The option numbers are
+specified in RFC2132 and subsequent RFCs. The set of option-names
+known by dnsmasq can be discovered by running "dnsmasq --help dhcp".
+For example, to set the default route option to 
 192.168.4.4, do 
-.B --dhcp-option=3,192.168.4.4
+.B --dhcp-option=3,192.168.4.4 
+or
+.B --dhcp-option = option:router, 192.168.4.4
 and to set the time-server address to 192.168.0.4, do
-.B --dhcp-option=42,192.168.0.4
+.B --dhcp-option = 42,192.168.0.4 
+or 
+.B --dhcp-option = option:ntp-server, 192.168.0.4
 The special address 0.0.0.0 is taken to mean "the address of the
 machine running dnsmasq". Data types allowed are comma separated
 dotted-quad IP addresses, a decimal number, colon-separated hex digits
 and a text string. If the optional network-ids are given then
 this option is only sent when all the network-ids are matched.
 
+Special processing is done on a text argument for option 119, to
+conform with RFC 3397. Text or dotted-quad IP addresses as arguments
+to option 120 are handled as per RFC 3361. Dotted-quad IP addresses 
+which are followed by a slash and then a netmask size are encoded as
+described in RFC 3442.
+
 Be careful: no checking is done that the correct type of data for the
 option number is sent, it is quite possible to
 persuade dnsmasq to generate illegal DHCP packets with injudicious use
@@ -449,16 +568,39 @@ a literal IP address as TFTP server name, it is necessary to do
 
 Encapsulated Vendor-class options may also be specified using
 --dhcp-option: for instance 
-.B --dhcp-option=vendor:PXEClient,1,0.0.0.0
-sends the vendor class "PXEClient" and the encapsulated vendor class-specific option "mftp-address=0.0.0.0" Only one vendor class is allowed for any
-host, but multiple options are allowed, provided they all have
-the same vendor class. The address 0.0.0.0 is not treated specially in
+.B --dhcp-option=vendor:PXEClient,1,0.0.0.0 
+sends the encapsulated vendor
+class-specific option "mftp-address=0.0.0.0" to any client whose
+vendor-class matches "PXEClient". The vendor-class matching is
+substring based (see --dhcp-vendorclass for details). If a
+vendor-class option (number 60) is sent by dnsmasq, then that is used 
+for selecting encapsulated options in preference to any sent by the
+client. It is
+possible to omit the vendorclass completely;
+.B --dhcp-option=vendor:,1,0.0.0.0
+in which case the encapsulated option is always sent.
+The address 0.0.0.0 is not treated specially in
 encapsulated vendor class options.
 .TP
+.B --dhcp-option-force=[<network-id>,[<network-id>,]][vendor:[<vendor-class>],]<opt>,[<value>[,<value>]]
+This works in exactly the same way as
+.B --dhcp-option
+except that the option will always be sent, even if the client does
+not ask for it in the parameter request list. This is sometimes
+needed, for example when sending options to PXELinux.
+.TP
+.B --dhcp-no-override
+Disable re-use of the DHCP servername and filename fields as extra
+option space. If it can, dnsmasq moves the boot server and filename
+information (from dhcp-boot) out of their dedicated fields into
+DHCP options. This make extra space available in the DHCP packet for
+options but can, rarely, confuse old or broken clients. This flag
+forces "simple and safe" behaviour to avoid problems in such a case.
+.TP
 .B \-U, --dhcp-vendorclass=<network-id>,<vendor-class>
-Map from a vendor-class string to a network id. Most DHCP clients provide a 
+Map from a vendor-class string to a network id tag. Most DHCP clients provide a 
 "vendor class" which represents, in some sense, the type of host. This option 
-maps vendor classes to network ids, so that DHCP options may be selectively delivered
+maps vendor classes to tags, so that DHCP options may be selectively delivered
 to different classes of hosts. For example 
 .B dhcp-vendorclass=printers,Hewlett-Packard JetDirect
 will allow options to be set only for HP printers like so:
@@ -468,23 +610,64 @@ substring matched against the vendor-class supplied by the client, to
 allow fuzzy matching.
 .TP
 .B \-j, --dhcp-userclass=<network-id>,<user-class>
-Map from a user-class string to a network id (with substring
+Map from a user-class string to a network id tag (with substring
 matching, like vendor classes). Most DHCP clients provide a 
 "user class" which is configurable. This option
-maps user classes to network ids, so that DHCP options may be selectively delivered
+maps user classes to tags, so that DHCP options may be selectively delivered
 to different classes of hosts. It is possible, for instance to use
 this to set a different printer server for hosts in the class
 "accounts" than for hosts in the class "engineering".
 .TP
-.B \ -J, --dhcp-ignore=<network-id>[,<network-id>]
+.B \-4, --dhcp-mac=<network-id>,<MAC address>
+Map from a MAC address to a network-id tag. The MAC address may include
+wildcards. For example
+.B --dhcp-mac=3com,01:34:23:*:*:*
+will set the tag "3com" for any host whose MAC address matches the pattern.
+.TP
+.B --dhcp-circuitid=<network-id>,<circuit-id>, --dhcp-remoteid=<network-id>,<remote-id>
+Map from RFC3046 relay agent options to network-id tags. This data may
+be provided by DHCP relay agents. The circuit-id or remote-id is
+normally given as colon-separated hex, but is also allowed to be a
+simple string. If an exact match is achieved between the circuit or
+agent ID and one provided by a relay agent, the network-id tag is set.
+.TP
+.B --dhcp-subscrid=<network-id>,<subscriber-id>
+Map from RFC3993 subscriber-id relay agent options to network-id tags.
+.TP
+.B --dhcp-match=<network-id>,<option number>
+Set the network-id tag if the client sends a DHCP option of the given
+number. This can be used to identify particular clients which send
+information using private option numbers.
+.TP
+.B \-J, --dhcp-ignore=<network-id>[,<network-id>]
 When all the given network-ids match the set of network-ids derived
 from the net, host, vendor and user classes, ignore the host and do
 not allocate it a DHCP lease.
 .TP
+.B --dhcp-ignore-names[=<network-id>[,<network-id>]]
+When all the given network-ids match the set of network-ids derived
+from the net, host, vendor and user classes, ignore any hostname
+provided by the host. Note that, unlike dhcp-ignore, it is permissible
+to supply no netid tags, in which case DHCP-client supplied hostnames
+are always ignored, and DHCP hosts are added to the DNS using only
+dhcp-host configuration in dnsmasq and the contents of /etc/hosts and
+/etc/ethers.
+.TP
+.B --dhcp-broadcast=<network-id>[,<network-id>]
+When all the given network-ids match the set of network-ids derived
+from the net, host, vendor and user classes, always use broadcast to
+communicate with the host when it is unconfigured. Most DHCP clients which
+need broadcast replies set a flag in their requests so that this
+happens automatically, some old BOOTP clients do not.
+.TP
 .B \-M, --dhcp-boot=[net:<network-id>,]<filename>,[<servername>[,<server address>]]
-Set BOOTP options to be returned by the DHCP server. These are needed
-for machines which network boot, and tell the machine where to collect
-its initial configuration. If the optional network-id(s) are given,
+Set BOOTP options to be returned by the DHCP server. Server name and
+address are optional: if not provided, the name is left empty, and the
+address set to the address of the machine running dnsmasq. If dnsmasq
+is providing a TFTP service (see 
+.B --enable-tftp
+) then only the filename is required here to enable network booting.
+If the optional network-id(s) are given,
 they must match for this configuration to be sent. Note that
 network-ids are prefixed by "net:" to distinguish them.
 .TP  
@@ -495,10 +678,20 @@ create thousands of leases and use lots of memory in the dnsmasq
 process.
 .TP
 .B \-K, --dhcp-authoritative
-Should be set when dnsmasq is definately the only DHCP server on a network.
+Should be set when dnsmasq is definitely the only DHCP server on a network.
 It changes the behaviour from strict RFC compliance so that DHCP requests on
 unknown leases from unknown hosts are not ignored. This allows new hosts
-to get a lease without a tedious timeout under all circumstances.
+to get a lease without a tedious timeout under all circumstances. It also 
+allows dnsmasq to rebuild its lease database without each client needing to 
+reacquire a lease, if the database is lost.
+.TP
+.B --dhcp-alternate-port[=<server port>[,<client port>]]
+Change the ports used for DHCP from the default. If this option is
+given alone, without arguments, it changes the ports used for DHCP
+from 67 and 68 to 1067 and 1068. If a single argument is given, that
+port number is used for the server and the port number plus one used
+for the client. Finally, two port numbers allows arbitrary
+specification of both server and client ports for DHCP.
 .TP
 .B \-3, --bootp-dynamic
 Enable dynamic allocation of IP addresses to BOOTP clients. Use this
@@ -506,19 +699,105 @@ with care, since each address allocated to a BOOTP client is leased
 forever, and therefore becomes permanently unavailable for re-use by
 other hosts.
 .TP
+.B \-5, --no-ping
+By default, the DHCP server will attempt to ensure that an address in
+not in use before allocating it to a host. It does this by sending an
+ICMP echo request (aka "ping") to the address in question. If it gets
+a reply, then the address must already be in use, and another is
+tried. This flag disables this check. Use with caution.
+.TP
+.B --log-dhcp
+Extra logging for DHCP: log all the options sent to DHCP clients and
+the netid tags used to determine them.
+.TP
 .B \-l, --dhcp-leasefile=<path>
 Use the specified file to store DHCP lease information. If this option
 is given but no dhcp-range option is given then dnsmasq version 1
 behaviour is activated. The file given is assumed to be an ISC dhcpd
 lease file and parsed for leases which are then added to the DNS
 system if they have a hostname. This functionality may have been
-excluded from dnsmasq at compile time, in which case an error will occur.
+excluded from dnsmasq at compile time, in which case an error will
+occur. In any case note that ISC leasefile integration is a deprecated
+feature. It should not be used in new installations, and will be
+removed in a future release.
+.TP 
+.B \-6 --dhcp-script=<path>
+Whenever a new DHCP lease is created, or an old one destroyed, the
+binary specified by this option is run. The arguments to the process
+are "add", "old" or "del", the MAC
+address of the host (or "<null>"), the IP address, and the hostname,
+if known. "add" means a lease has been created, "del" means it has
+been destroyed, "old" is a notification of an existing lease when
+dnsmasq starts or a change to MAC address or hostname of an existing
+lease (also, lease length or expiry and client-id, if leasefile-ro is set).
+The process is run as root (assuming that dnsmasq was originally run as
+root) even if dnsmasq is configured to change UID to an unprivileged user.
+The environment is inherited from the invoker of dnsmasq, and if the
+host provided a client-id, this is stored in the environment variable
+DNSMASQ_CLIENT_ID. If the client provides vendor-class or user-class 
+information, these are provided in DNSMASQ_VENDOR_CLASS and 
+DNSMASQ_USER_CLASS0..DNSMASQ_USER_CLASSn variables, but only for
+"add" actions or "old" actions when a host resumes an existing lease,
+since these data are not held in dnsmasq's lease
+database. If dnsmasq was compiled with HAVE_BROKEN_RTC, then
+the length of the lease (in seconds) is stored in
+DNSMASQ_LEASE_LENGTH, otherwise the time of lease expiry is stored in
+DNSMASQ_LEASE_EXPIRES. The number of seconds until lease expiry is
+always stored in DNSMASQ_TIME_REMAINING. 
+If a lease used to have a hostname, which is
+removed, an "old" event is generated with the new state of the lease, 
+ie no name, and the former name is provided in the environment 
+variable DNSMASQ_OLD_HOSTNAME. DNSMASQ_INTERFACE stores the name of
+the interface on which the request arrived; this is not set for "old"
+actions when dnsmasq restarts.
+All file descriptors are
+closed except stdin, stdout and stderr which are open to /dev/null
+(except in debug mode).
+The script is not invoked concurrently: if subsequent lease 
+changes occur, the script is not invoked again until any existing 
+invocation exits. At dnsmasq startup, the script will be invoked for
+all existing leases as they are read from the lease file. Expired
+leases will be called with "del" and others with "old". <path>
+must be an absolute pathname, no PATH search occurs. When dnsmasq
+receives a HUP signal, the script will be invoked for existing leases
+with an "old " event.
+.TP
+.B --dhcp-scriptuser
+Specify the user as which to run the lease-change script. This defaults to root, but can be changed to another user using this flag. 
+.TP 
+.B \-9, --leasefile-ro
+Completely suppress use of the lease database file. The file will not
+be created, read, or written. Change the way the lease-change
+script (if one is provided) is called, so that the lease database may
+be maintained in external storage by the script. In addition to the
+invocations  given in 
+.B  --dhcp-script
+the lease-change script is called once, at dnsmasq startup, with the
+single argument "init". When called like this the script should write
+the saved state of the lease database, in dnsmasq leasefile format, to
+stdout and exit with zero exit code. Setting this
+option also forces the leasechange script to be called on changes
+to the client-id and lease length and expiry time.
+.TP
+.B --bridge-interface=<interface>,<alias>[,<alias>]
+Treat DHCP request packets arriving at any of the <alias> interfaces
+as if they had arrived at <interface>. This option is only available
+on BSD platforms, and is necessary when using "old style" bridging, since
+packets arrive at tap interfaces which don't have an IP address.
 .TP
 .B \-s, --domain=<domain>
 Specifies the domain for the DHCP server. This has two effects;
 firstly it causes the DHCP server to return the domain to any hosts
 which request it, and secondly it sets the domain which it is legal
-for DHCP-configured hosts to claim. The intention is to constrain hostnames so that an untrusted host on the LAN cannot advertise it's name via dhcp as e.g. "microsoft.com" and capture traffic not meant for it. If no domain suffix is specified, then any DHCP hostname with a domain part (ie with a period) will be disallowed and logged. If suffix is specified, then hostnames with a domain part are allowed, provided the domain part matches the suffix. In addition, when a suffix is set then hostnames without a domain part have the suffix added as an optional domain part. Eg on my network I can set 
+for DHCP-configured hosts to claim. The intention is to constrain
+hostnames so that an untrusted host on the LAN cannot advertise 
+its name via dhcp as e.g. "microsoft.com" and capture traffic not 
+meant for it. If no domain suffix is specified, then any DHCP
+hostname with a domain part (ie with a period) will be disallowed 
+and logged. If suffix is specified, then hostnames with a domain 
+part are allowed, provided the domain part matches the suffix. In
+addition, when a suffix is set then hostnames without a domain
+part have the suffix added as an optional domain part. Eg on my network I can set 
 .B --domain=thekelleys.org.uk
 and have a machine whose DHCP hostname is "laptop". The IP address for that machine is available from 
 .B dnsmasq
@@ -526,14 +805,71 @@ both as "laptop" and "laptop.thekelleys.org.uk". If the domain is
 given as "#" then the domain is read from the first "search" directive
 in /etc/resolv.conf (or equivalent). 
 .TP
-.B \-E, --expand-hosts
-Add the domain to simple names (without a period) in /etc/hosts
-in the same way as for DHCP-derived names.
+.B --enable-tftp
+Enable the TFTP server function. This is deliberately limited to that
+needed to net-boot a client. Only reading is allowed; the tsize and
+blksize extensions are supported (tsize is only supported in octet mode).
 .TP
+.B --tftp-root=<directory>
+Look for files to transfer using TFTP relative to the given
+directory. When this is set, TFTP paths which include ".." are
+rejected, to stop clients getting outside the specified root.
+Absolute paths (starting with /) are allowed, but they must be within
+the tftp-root.
+.TP
+.B --tftp-unique-root
+Add the IP address of the TFTP client as a path component on the end
+of the TFTP-root (in standard dotted-quad format). Only valid if a
+tftp-root is set and the directory exists. For instance, if tftp-root is "/tftp" and client 
+1.2.3.4 requests file "myfile" then the effective path will be
+"/tftp/1.2.3.4/myfile" if /tftp/1.2.3.4 exists or /tftp/myfile otherwise.
+.TP
+.B --tftp-secure
+Enable TFTP secure mode: without this, any file which is readable by
+the dnsmasq process under normal unix access-control rules is
+available via TFTP. When the --tftp-secure flag is given, only files
+owned by the user running the dnsmasq process are accessible. If
+dnsmasq is being run as root, different rules apply: --tftp-secure
+has no effect, but only files which have the world-readable bit set
+are accessible. It is not recommended to run dnsmasq as root with TFTP
+enabled, and certainly not without specifying --tftp-root. Doing so
+can expose any world-readable file on the server to any host on the net. 
+.TP
+.B --tftp-max=<connections>
+Set the maximum number of concurrent TFTP connections allowed. This
+defaults to 50. When serving a large number of TFTP connections,
+per-process file descriptor limits may be encountered. Dnsmasq needs
+one file descriptor for each concurrent TFTP connection and one
+file descriptor per unique file (plus a few others). So serving the
+same file simultaneously to n clients will use require about n + 10 file
+descriptors, serving different files simultaneously to n clients will
+require about (2*n) + 10 descriptors. If 
+.B --tftp-port-range
+is given, that can affect the number of concurrent connections.
+.TP
+.B --tftp-no-blocksize
+Stop the TFTP server from negotiating the "blocksize" option with a
+client. Some buggy clients request this option but then behave badly
+when it is granted.
+.TP
+.B --tftp-port-range=<start>,<end>
+A TFTP server listens on a well-known port (69) for connection initiation,
+but it also uses a dynamically-allocated port for each
+connection. Normally these are allocated by the OS, but this option
+specifies a range of ports for use by TFTP transfers. This can be
+useful when TFTP has to traverse a firewall. The start of the range
+cannot be lower than 1025 unless dnsmasq is running as root. The number
+of concurrent TFTP connections is limited by the size of the port range. 
+.TP  
 .B \-C, --conf-file=<file>
 Specify a different configuration file. The conf-file option is also allowed in
-configuration files, to include multiple configuration files. Only one
-level of nesting is allowed.
+configuration files, to include multiple configuration files.
+.TP
+.B \-7, --conf-dir=<directory>
+Read all the files in the given directory as configuration
+files. Files whose names end in ~ or start with . or start and end
+with # are skipped. This flag may be given on the command
+line or in a configuration file.
 .SH CONFIG FILE
 At startup, dnsmasq reads
 .I /etc/dnsmasq.conf,
@@ -542,20 +878,26 @@ FreeBSD, the file is
 .I /usr/local/etc/dnsmasq.conf
 ) (but see the 
 .B \-C
-option.) The format of this
+and
+.B \-7
+options.) The format of this
 file consists of one option per line, exactly as the long options detailed 
 in the OPTIONS section but without the leading "--". Lines starting with # are comments and ignored. For
 options which may only be specified once, the configuration file overrides 
 the command line.  Quoting is allowed in a config file:
 between " quotes the special meanings of ,:. and # are removed and the
-following escapes are allowed: \\\\ \\" \\t \\a \\b \\r and \\n. The later 
-corresponding to tab, bell, backspace, return and newline.
+following escapes are allowed: \\\\ \\" \\t \\e \\b \\r and \\n. The later 
+corresponding to tab, escape, backspace, return and newline.
 .SH NOTES
 When it receives a SIGHUP, 
 .B dnsmasq 
 clears its cache and then re-loads 
-.I /etc/hosts.
-If 
+.I /etc/hosts
+and 
+.I /etc/ethers 
+and any file given by --dhcp-hostsfile, --dhcp-optsfile or --addn-hosts.
+The dhcp lease change script is called for all
+existing DHCP leases. If 
 .B
 --no-poll
 is set SIGHUP also re-reads
@@ -565,12 +907,36 @@ does NOT re-read the configuration file.
 .PP
 When it receives a SIGUSR1,
 .B dnsmasq 
-writes cache statistics to the system log. It writes the cache size,
+writes statistics to the system log. It writes the cache size,
 the number of names which have had to removed from the cache before
 they expired in order to make room for new names and the total number
-of names that have been inserted into the cache. In 
+of names that have been inserted into the cache. For each upstream
+server it gives the number of queries sent, and the number which
+resulted in an error. In 
 .B --no-daemon
-mode or when full logging is enabled (-q), a complete dump of the contents of the cache is made.
+mode or when full logging is enabled (-q), a complete dump of the
+contents of the cache is made.
+.PP 
+When it receives SIGUSR2 and it is logging direct to a file (see
+.B --log-facility
+) 
+.B dnsmasq
+will close and reopen the log file. Note that during this operation,
+dnsmasq will not be running as root. When it first creates the logfile
+dnsmasq changes the ownership of the file to the non-root user it will run
+as. Logrotate should be configured to create a new log file with
+the ownership which matches the existing one before sending SIGUSR2.
+If TCP DNS queries are in progress, the old logfile will remain open in
+child processes which are handling TCP queries and may continue to be
+written. There is a limit of 150 seconds, after which all existing TCP
+processes will have expired: for this reason, it is not wise to
+configure logfile compression for logfiles which have just been
+rotated. Using logrotate, the required options are 
+.B create 
+and
+.B delaycompress.
+
+ 
 .PP
 Dnsmasq is a DNS query forwarder: it it not capable of recursively
 answering arbitrary queries starting from the root servers but
@@ -671,9 +1037,74 @@ on a particular network. (Setting --bootp-dynamic removes the need for
 static address mappings.) The filename
 parameter in a BOOTP request is matched against netids in
 .B  dhcp-option 
-configurations, allowing some control over the options returned to
+configurations, as is the tag "bootp", allowing some control over the options returned to
 different classes of hosts.
 
+.SH EXIT CODES
+.PP
+0 - Dnsmasq successfully forked into the background, or terminated
+normally if backgrounding is not enabled.
+.PP
+1 - A problem with configuration was detected.
+.PP
+2 - A problem with network access occurred (address in use, attempt
+to use privileged ports without permission).
+.PP
+3 - A problem occurred with a filesystem operation (missing
+file/directory, permissions).
+.PP
+4 - Memory allocation failure.
+.PP
+5 - Other miscellaneous problem.
+.PP
+11 or greater - a non zero return code was received from the
+lease-script process "init" call. The exit code from dnsmasq is the
+script's exit code with 10 added. 
+
+.SH LIMITS
+The default values for resource limits in dnsmasq are generally
+conservative, and appropriate for embedded router type devices with
+slow processors and limited memory. On more capable hardware, it is
+possible to increase the limits, and handle many more clients. The
+following applies to dnsmasq-2.37: earlier versions did not scale as well.
+ 
+.PP
+Dnsmasq is capable of handling DNS and DHCP for at least a thousand
+clients. Clearly to do this the value of 
+.B --dhcp-lease-max
+must be increased,
+and lease times should not be very short (less than one hour). The
+value of 
+.B --dns-forward-max 
+can be increased: start with it equal to
+the number of clients and increase if DNS seems slow. Note that DNS
+performance depends too on the performance of the upstream
+nameservers. The size of the DNS cache may be increased: the hard
+limit is 10000 names and the default (150) is very low. Sending
+SIGUSR1 to dnsmasq makes it log information which is useful for tuning
+the cache size. See the 
+.B NOTES
+section for details.
+
+.PP
+The built-in TFTP server is capable of many simultaneous file
+transfers: the absolute limit is related to the number of file-handles
+allowed to a process and the ability of the select() system call to
+cope with large numbers of file handles. If the limit is set too high
+using 
+.B --tftp-max
+it will be scaled down and the actual limit logged at
+start-up. Note that more transfers are possible when the same file is
+being sent than when each transfer sends a different file.
+
+.PP
+It is possible to use dnsmasq to block Web advertising by using a list
+of known banner-ad servers, all resolving to 127.0.0.1 or 0.0.0.0, in
+.B /etc/hosts 
+or an additional hosts file. The list can be very long, 
+dnsmasq has been tested successfully with one million names. That size
+file needs a 1GHz processor and about 60Mb of RAM.
+
 .SH FILES
 .IR /etc/dnsmasq.conf 
 

rpm/dnsmasq.rh

@@ -1,93 +0,0 @@
-#!/bin/sh
-#
-# Startup script for the DNS caching server
-#
-# chkconfig: 2345 99 01
-# description: This script starts your DNS caching server
-# processname: dnsmasq
-# pidfile: /var/run/dnsmasq.pid
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-# Source networking configuration.
-. /etc/sysconfig/network
-
-# Check that networking is up.
-[ ${NETWORKING} = "no" ] && exit 0
-
-dnsmasq=/usr/sbin/dnsmasq
-[ -f $dnsmasq ] || exit 0
-
-# change this line if you want dnsmasq to serve an MX record for 
-# the host it is running on. 
-MAILHOSTNAME=""
-# change this line if you want dns to get its upstream servers from
-# somewhere other that /etc/resolv.conf 
-RESOLV_CONF=""
-# change this if you want dnsmasq to cache any "hostname" or "client-hostname" from
-# a dhcpd's lease file
-DHCP_LEASE="/var/lib/dhcp/dhcpd.leases"
-DOMAIN_SUFFIX=`dnsdomainname`
-
-OPTIONS=""
-
-if [ ! -z "${MAILHOSTNAME}" ]; then
-  OPTIONS="$OPTIONS -m $MAILHOSTNAME"
-fi
-
-if [ ! -z "${RESOLV_CONF}" ]; then
-  OPTIONS="$OPTIONS -r $RESOLV_CONF"
-fi
-
-if [ ! -z "${DHCP_LEASE}" ]; then
-  OPTIONS="$OPTIONS -l $DHCP_LEASE"
-fi
-
-if [ ! -z "${DOMAIN_SUFFIX}" ]; then
-  OPTIONS="$OPTIONS -s $DOMAIN_SUFFIX"
-fi
-
-RETVAL=0
-
-# See how we were called.
-case "$1" in
-  start)
-        echo -n "Starting dnsmasq: "
-        daemon $dnsmasq $OPTIONS
-	RETVAL=$?
-        echo
-        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/dnsmasq
-        ;;
-  stop)
-        if test "x`pidof dnsmasq`" != x; then
-            echo -n "Shutting down dnsmasq: "
-            killproc dnsmasq
-        fi
-	RETVAL=$?
-        echo
-        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/dnsmasq /var/run/dnsmasq.pid
-        ;;
-  status)
-	status dnsmasq
-	RETVAL=$?
-	;;
-  restart|reload)
-	$0 stop
-	$0 start
-	RETVAL=$?
-	;;
-  condrestart)
-	    if test "x`/sbin/pidof dnsmasq`" != x; then
-		$0 stop
-		$0 start
-		RETVAL=$?
-	    fi
-	    ;;
-  *)
-        echo "Usage: $0 {start|stop|restart|reload|condrestart|status}"
-        exit 1
-esac
-
-exit $RETVAL
-

src/bpf.c

@@ -0,0 +1,250 @@
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+#if defined(HAVE_BSD_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
+
+static struct iovec ifconf = {
+  .iov_base = NULL,
+  .iov_len = 0
+};
+
+static struct iovec ifreq = {
+  .iov_base = NULL,
+  .iov_len = 0
+};
+
+int iface_enumerate(void *parm, int (*ipv4_callback)(), int (*ipv6_callback)())
+{
+  char *ptr;
+  struct ifreq *ifr;
+  struct ifconf ifc;
+  int fd, errsav, ret = 0;
+  int lastlen = 0;
+  size_t len = 0;
+  
+  if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
+    return 0;
+  
+  while(1)
+    {
+      len += 10*sizeof(struct ifreq);
+      
+      if (!expand_buf(&ifconf, len))
+	goto err;
+      
+      ifc.ifc_len = len;
+      ifc.ifc_buf = ifconf.iov_base;
+      
+      if (ioctl(fd, SIOCGIFCONF, &ifc) == -1)
+	{
+	  if (errno != EINVAL || lastlen != 0)
+	    goto err;
+	}
+      else
+	{
+	  if (ifc.ifc_len == lastlen)
+	    break; /* got a big enough buffer now */
+	  lastlen = ifc.ifc_len;
+	}
+    }
+  
+  for (ptr = ifc.ifc_buf; ptr < ifc.ifc_buf + ifc.ifc_len; ptr += len )
+    {
+      /* subsequent entries may not be aligned, so copy into
+	 an aligned buffer to avoid nasty complaints about 
+	 unaligned accesses. */
+#ifdef HAVE_SOCKADDR_SA_LEN
+      len = ((struct ifreq *)ptr)->ifr_addr.sa_len + offsetof(struct ifreq, ifr_ifru);
+#else
+      len = sizeof(struct ifreq);
+#endif
+      if (!expand_buf(&ifreq, len))
+	goto err;
+
+      ifr = (struct ifreq *)ifreq.iov_base;
+      memcpy(ifr, ptr, len);
+           
+      if (ifr->ifr_addr.sa_family == AF_INET && ipv4_callback)
+	{
+	  struct in_addr addr, netmask, broadcast;
+	  broadcast.s_addr = 0;
+	  addr = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr;
+	  if (ioctl(fd, SIOCGIFNETMASK, ifr) == -1)
+	    continue;
+	  netmask = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr;
+	  if (ioctl(fd, SIOCGIFBRDADDR, ifr) != -1)
+	    broadcast = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr; 
+	  if (!((*ipv4_callback)(addr, 
+				 (int)if_nametoindex(ifr->ifr_name),
+				 netmask, broadcast, 
+				 parm)))
+	    goto err;
+	}
+#ifdef HAVE_IPV6
+      else if (ifr->ifr_addr.sa_family == AF_INET6 && ipv6_callback)
+	{
+	  struct in6_addr *addr = &((struct sockaddr_in6 *)&ifr->ifr_addr)->sin6_addr;
+	  /* voodoo to clear interface field in address */
+	  if (!(daemon->options & OPT_NOWILD) && IN6_IS_ADDR_LINKLOCAL(addr))
+	    {
+	      addr->s6_addr[2] = 0;
+	      addr->s6_addr[3] = 0;
+	    }
+	  if (!((*ipv6_callback)(addr,
+				 (int)((struct sockaddr_in6 *)&ifr->ifr_addr)->sin6_scope_id,
+				 (int)if_nametoindex(ifr->ifr_name),
+				 parm)))
+	    goto err;
+	}
+#endif
+    }
+  
+  ret = 1;
+
+ err:
+  errsav = errno;
+  close(fd);  
+  errno = errsav;
+
+  return ret;
+}
+#endif
+
+
+#if defined(HAVE_BSD_NETWORK)
+#include <net/bpf.h>
+
+void init_bpf(void)
+{
+  int i = 0;
+
+  while (1) 
+    {
+      /* useful size which happens to be sufficient */
+      if (expand_buf(&ifreq, sizeof(struct ifreq)))
+	{
+	  sprintf(ifreq.iov_base, "/dev/bpf%d", i++);
+	  if ((daemon->dhcp_raw_fd = open(ifreq.iov_base, O_RDWR, 0)) != -1)
+	    return;
+	}
+      if (errno != EBUSY)
+	die(_("cannot create DHCP BPF socket: %s"), NULL, EC_BADNET);
+    }	     
+}
+
+void send_via_bpf(struct dhcp_packet *mess, size_t len,
+		  struct in_addr iface_addr, struct ifreq *ifr)
+{
+   /* Hairy stuff, packet either has to go to the
+      net broadcast or the destination can't reply to ARP yet,
+      but we do know the physical address. 
+      Build the packet by steam, and send directly, bypassing
+      the kernel IP stack */
+  
+  struct ether_header ether; 
+  struct ip ip;
+  struct udphdr {
+    u16 uh_sport;               /* source port */
+    u16 uh_dport;               /* destination port */
+    u16 uh_ulen;                /* udp length */
+    u16 uh_sum;                 /* udp checksum */
+  } udp;
+  
+  u32 i, sum;
+  struct iovec iov[4];
+
+  /* Only know how to do ethernet on *BSD */
+  if (mess->htype != ARPHRD_ETHER || mess->hlen != ETHER_ADDR_LEN)
+    {
+      my_syslog(LOG_WARNING, _("DHCP request for unsupported hardware type (%d) received on %s"), 
+		mess->htype, ifr->ifr_name);
+      return;
+    }
+   
+  ifr->ifr_addr.sa_family = AF_LINK;
+  if (ioctl(daemon->dhcpfd, SIOCGIFADDR, ifr) < 0)
+    return;
+  
+  memcpy(ether.ether_shost, LLADDR((struct sockaddr_dl *)&ifr->ifr_addr), ETHER_ADDR_LEN);
+  ether.ether_type = htons(ETHERTYPE_IP);
+  
+  if (ntohs(mess->flags) & 0x8000)
+    {
+      memset(ether.ether_dhost, 255,  ETHER_ADDR_LEN);
+      ip.ip_dst.s_addr = INADDR_BROADCAST;
+    }
+  else
+    {
+      memcpy(ether.ether_dhost, mess->chaddr, ETHER_ADDR_LEN); 
+      ip.ip_dst.s_addr = mess->yiaddr.s_addr;
+    }
+  
+  ip.ip_p = IPPROTO_UDP;
+  ip.ip_src.s_addr = iface_addr.s_addr;
+  ip.ip_len = htons(sizeof(struct ip) + 
+		    sizeof(struct udphdr) +
+		    len) ;
+  ip.ip_hl = sizeof(struct ip) / 4;
+  ip.ip_v = IPVERSION;
+  ip.ip_tos = 0;
+  ip.ip_id = htons(0);
+  ip.ip_off = htons(0x4000); /* don't fragment */
+  ip.ip_ttl = IPDEFTTL;
+  ip.ip_sum = 0;
+  for (sum = 0, i = 0; i < sizeof(struct ip) / 2; i++)
+    sum += ((u16 *)&ip)[i];
+  while (sum>>16)
+    sum = (sum & 0xffff) + (sum >> 16);  
+  ip.ip_sum = (sum == 0xffff) ? sum : ~sum;
+  
+  udp.uh_sport = htons(daemon->dhcp_server_port);
+  udp.uh_dport = htons(daemon->dhcp_client_port);
+  if (len & 1)
+    ((char *)mess)[len] = 0; /* for checksum, in case length is odd. */
+  udp.uh_sum = 0;
+  udp.uh_ulen = sum = htons(sizeof(struct udphdr) + len);
+  sum += htons(IPPROTO_UDP);
+  sum += ip.ip_src.s_addr & 0xffff;
+  sum += (ip.ip_src.s_addr >> 16) & 0xffff;
+  sum += ip.ip_dst.s_addr & 0xffff;
+  sum += (ip.ip_dst.s_addr >> 16) & 0xffff;
+  for (i = 0; i < sizeof(struct udphdr)/2; i++)
+    sum += ((u16 *)&udp)[i];
+  for (i = 0; i < (len + 1) / 2; i++)
+    sum += ((u16 *)mess)[i];
+  while (sum>>16)
+    sum = (sum & 0xffff) + (sum >> 16);
+  udp.uh_sum = (sum == 0xffff) ? sum : ~sum;
+  
+  ioctl(daemon->dhcp_raw_fd, BIOCSETIF, ifr);
+  
+  iov[0].iov_base = &ether;
+  iov[0].iov_len = sizeof(ether);
+  iov[1].iov_base = &ip;
+  iov[1].iov_len = sizeof(ip);
+  iov[2].iov_base = &udp;
+  iov[2].iov_len = sizeof(udp);
+  iov[3].iov_base = mess;
+  iov[3].iov_len = len;
+
+  while (writev(daemon->dhcp_raw_fd, iov, 4) == -1 && retry_send());
+}
+
+#endif
+
+

src/config.h

@@ -1,28 +1,34 @@
-/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-/* Author's email: simon@thekelleys.org.uk */
+#define VERSION "2.45"
 
-#define VERSION "2.26"
-
-#define FTABSIZ 150 /* max number of outstanding requests */
+#define FTABSIZ 150 /* max number of outstanding requests (default) */
 #define MAX_PROCS 20 /* max no children for TCP requests */
 #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
 #define EDNS_PKTSZ 1280 /* default max EDNS.0 UDP packet from RFC2671 */
-#define TIMEOUT 20 /* drop UDP queries after TIMEOUT seconds */
-#define LOGRATE 120 /* log table overflows every LOGRATE seconds */
+#define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */
+#define RANDOM_SOCKS 64 /* max simultaneous random ports */
+#define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */
 #define CACHESIZ 150 /* default cache size */
-#define MAXTOK 50 /* token in DHCP leases */
 #define MAXLEASES 150 /* maximum number of DHCP leases */
+#define PING_WAIT 3 /* wait for ping address-in-use test */
+#define PING_CACHE_TIME 30 /* Ping test assumed to be valid this long. */
+#define DECLINE_BACKOFF 600 /* disable DECLINEd static addresses for this long */
+#define DHCP_PACKET_MAX 16384 /* hard limit on DHCP packet size */
 #define SMALLDNAME 40 /* most domain names are smaller than this */
 #define HOSTSFILE "/etc/hosts"
 #define ETHERSFILE "/etc/ethers"
@@ -32,8 +38,10 @@
 #  define RESOLVFILE "/etc/resolv.conf"
 #endif
 #define RUNFILE "/var/run/dnsmasq.pid"
-#if defined(__FreeBSD__) || defined (__OpenBSD__)
+#if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__)
 #   define LEASEFILE "/var/db/dnsmasq.leases"
+#elif defined(__sun__) || defined (__sun)
+#   define LEASEFILE "/var/cache/dnsmasq.leases"
 #else
 #   define LEASEFILE "/var/lib/misc/dnsmasq.leases"
 #endif
@@ -45,31 +53,25 @@
 #define DEFLEASE 3600 /* default lease time, 1 hour */
 #define CHUSER "nobody"
 #define CHGRP "dip"
-#define IP6INTERFACES "/proc/net/if_inet6"
-#define UPTIME "/proc/uptime"
 #define DHCP_SERVER_PORT 67
 #define DHCP_CLIENT_PORT 68
+#define DHCP_SERVER_ALTPORT 1067
+#define DHCP_CLIENT_ALTPORT 1068
+#define TFTP_PORT 69
+#define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */
+#define LOG_MAX 5 /* log-queue length */
+#define RANDFILE "/dev/urandom"
 
 /* DBUS interface specifics */
 #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq"
 #define DNSMASQ_PATH "/uk/org/thekelleys/dnsmasq"
 
-/* Logfile stuff - change this to change the options and facility */
-/* debug is true if the --no-daemon flag is given */
-#ifdef LOG_PERROR
-#  define DNSMASQ_LOG_OPT(debug)  (debug) ? LOG_PERROR : LOG_PID
-#else
-#  define DNSMASQ_LOG_OPT(debug)  (debug) ? 0 : LOG_PID
-#endif
-
-#ifdef LOG_LOCAL0
-#  define DNSMASQ_LOG_FAC(debug)  (debug) ? LOG_LOCAL0 : LOG_DAEMON
-#else
-#  define DNSMASQ_LOG_FAC(debug)  LOG_DAEMON
-#endif
-
 /* A small collection of RR-types which are missing on some platforms */
 
+#ifndef T_SIG
+#  define T_SIG 24
+#endif
+
 #ifndef T_SRV
 #  define T_SRV 33
 #endif
@@ -78,9 +80,12 @@
 #  define T_OPT 41
 #endif
 
-/* Get linux C library versions. */
-#if defined(__linux__) && !defined(__UCLIBC__) && !defined(__uClinux__)
-#  include <libio.h> 
+#ifndef T_TKEY
+#  define T_TKEY 249
+#endif
+
+#ifndef T_TSIG
+#  define T_TSIG 250
 #endif
 
 
@@ -88,31 +93,35 @@
    new system, you may want to edit these. 
    May replace this with Autoconf one day. 
 
-HAVE_LINUX_IPV6_PROC
-   define this to do IPv6 interface discovery using
-   proc/net/if_inet6 ala LINUX. 
+HAVE_LINUX_NETWORK
+HAVE_BSD_NETWORK
+HAVE_SOLARIS_NETWORK
+   define exactly one of these to alter interaction with kernel networking.
+
+HAVE_SOLARIS_PRIVS
+   define for Solaris > 10 which can split privileges.
 
 HAVE_BROKEN_RTC
-   define this on embeded systems which don't have an RTC
-   which keeps time over reboots. Causes dnsmasq to use uptime()
-   for timing, and keep relative time values in its leases file.
-   Also enables "Flash disk mode". Normally, dnsmasq tries very hard to 
-   keep the on-disk leases file up-to-date: rewriting it after every change.
-   When HAVE_BROKEN_RTC is in effect, a different regime is used:
-   The leases file is written when dnsmasq terminates, when it receives
-   SIGALRM, when a brand new lease is allocated, or every n seconds, 
-   where n is one third  of the smallest time configured for leases 
-   in a --dhcp-range or --dhcp-host option.
+   define this on embedded systems which don't have an RTC
+   which keeps time over reboots. Causes dnsmasq to use uptime
+   for timing, and keep lease lengths rather than expiry times
+   in its leases file. This also make dnsmasq "flash disk friendly".
+   Normally, dnsmasq tries very hard to keep the on-disk leases file
+   up-to-date: rewriting it after every renewal.  When HAVE_BROKEN_RTC 
+   is in effect, the lease file is only written when a new lease is 
+   created, or an old one destroyed. (Because those are the only times 
+   it changes.) This vastly reduces the number of file writes, and makes
+   it viable to keep the lease file on a flash filesystem.
    NOTE: when enabling or disabling this, be sure to delete any old
    leases file, otherwise dnsmasq may get very confused.
-   This configuration currently only works on Linux, but could be made to
-   work on other systems by teaching dnsmasq_time() in utils.c how to
-   read the system uptime.
 
 HAVE_ISC_READER 
    define this to include the old ISC dhcpcd integration. Note that you cannot
    set both HAVE_ISC_READER and HAVE_BROKEN_RTC.
 
+HAVE_TFTP
+   define this to get dnsmasq's built-in TFTP server.
+
 HAVE_GETOPT_LONG
    define this if you have GNU libc or GNU getopt. 
 
@@ -120,151 +129,92 @@ HAVE_ARC4RANDOM
    define this if you have arc4random() to get better security from DNS spoofs
    by using really random ids (OpenBSD) 
 
-HAVE_RANDOM
-   define this if you have the 4.2BSD random() function (and its
-   associated srandom() function), which is at least as good as (if not
-   better than) the rand() function.
-
-HAVE_DEV_RANDOM
-   define this if you have the /dev/random device, which gives truly
-   random numbers but may run out of random numbers.
-
-HAVE_DEV_URANDOM
-   define this if you have the /dev/urandom device, which gives
-   semi-random numbers when it runs out of truly random numbers.
-
 HAVE_SOCKADDR_SA_LEN
    define this if struct sockaddr has sa_len field (*BSD) 
 
-HAVE_PSELECT
-   If your C library implements pselect, define this.
-
-HAVE_BPF
-   If your OS implements Berkeley Packet filter, define this.
-
-HAVE_RTNETLINK
-   If your OS has the Linux Routing netlink socket API and suitable
-   C library headers, define this. Note that the code will fall
-   back to the Berkley API at runtime if netlink support is not
-   configured into the kernel.
-
 HAVE_DBUS
    Define this if you want to link against libdbus, and have dnsmasq
    define some methods to allow (re)configuration of the upstream DNS 
    servers via DBus.
 
+HAVE_BSD_BRIDGE
+   Define this to enable the --bridge-interface option, useful on some
+   BSD systems.
+
+HAVE_LARGFILE
+   Define this if the C library supports large (>2GB) files probably true everywhere 
+   except some builds of uclibc
+
 NOTES:
    For Linux you should define 
-      HAVE_LINUX_IPV6_PROC 
+      HAVE_LINUX_NETWORK
       HAVE_GETOPT_LONG
-      HAVE_RANDOM
-      HAVE_DEV_RANDOM
-      HAVE_DEV_URANDOM
-      HAVE_RTNETLINK
   you should NOT define 
       HAVE_ARC4RANDOM
       HAVE_SOCKADDR_SA_LEN
 
    For *BSD systems you should define 
+     HAVE_BSD_NETWORK
      HAVE_SOCKADDR_SA_LEN
-     HAVE_RANDOM
-     HAVE_BPF
-   you should NOT define  
-     HAVE_LINUX_IPV6_PROC 
-     HAVE_RTNETLINK
    and you MAY define  
      HAVE_ARC4RANDOM - OpenBSD and FreeBSD and NetBSD version 2.0 or later
-     HAVE_DEV_URANDOM - OpenBSD and FreeBSD and NetBSD
-     HAVE_DEV_RANDOM - FreeBSD  and NetBSD 
-                       (OpenBSD with hardware random number generator)
      HAVE_GETOPT_LONG - NetBSD, later FreeBSD 
                        (FreeBSD and OpenBSD only if you link GNU getopt) 
 
 */
 
-/* platform independent options. */
-#undef HAVE_BROKEN_RTC
-#define HAVE_ISC_READER
-#undef HAVE_DBUS
+/* platform independent options- uncomment to enable */
+#define HAVE_TFTP
+/* #define HAVE_BROKEN_RTC */
+/* #define HAVE_ISC_READER */
+/* #define HAVE_DBUS */
 
 #if defined(HAVE_BROKEN_RTC) && defined(HAVE_ISC_READER)
 #  error HAVE_ISC_READER is not compatible with HAVE_BROKEN_RTC
 #endif
 
+/* Allow TFTP to be disabled with COPTS=-DNO_TFTP */
+#ifdef NO_TFTP
+#undef HAVE_TFTP
+#endif
+
 /* platform dependent options. */
 
 /* Must preceed __linux__ since uClinux defines __linux__ too. */
 #if defined(__uClinux__)
-#define HAVE_LINUX_IPV6_PROC
+#define HAVE_LINUX_NETWORK
 #define HAVE_GETOPT_LONG
-#define HAVE_RTNETLINK
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
 /* Never use fork() on uClinux. Note that this is subtly different from the
    --keep-in-foreground option, since it also  suppresses forking new 
-   processes for TCP connections. It's intended for use on MMU-less kernels. */
+   processes for TCP connections and disables the call-a-script on leasechange
+   system. It's intended for use on MMU-less kernels. */
 #define NO_FORK
 
 #elif defined(__UCLIBC__)
-#define HAVE_LINUX_IPV6_PROC
+#define HAVE_LINUX_NETWORK
 #if defined(__UCLIBC_HAS_GNU_GETOPT__) || \
    ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21))
 #    define HAVE_GETOPT_LONG
-#  else
-#    undef HAVE_GETOPT_LONG
-#  endif
-#define HAVE_RTNETLINK
+#endif
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-#if !defined(__ARCH_HAS_MMU__)
+#if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__)
 #  define NO_FORK
 #endif
-#if !defined(__UCLIBC_HAS_IPV6__)
-#  define NO_IPV6
+#if defined(__UCLIBC_HAS_IPV6__)
+#  ifndef IPV6_V6ONLY
+#    define IPV6_V6ONLY 26
+#  endif
 #endif
 
-/* libc5 - must precede __linux__ too */
-/* Note to build a libc5 binary on a modern Debian system:
-   install the packages altgcc libc5 and libc5-altdev 
-   then run "make CC=i486-linuxlibc1-gcc" */
-/* Note that compling dnsmasq 2.x under libc5 and kernel 2.0.x
-   is probably doomed - no packet socket for starters. */
-#elif defined(__linux__) && \
-      defined(_LINUX_C_LIB_VERSION_MAJOR) && \
-      (_LINUX_C_LIB_VERSION_MAJOR == 5 )
-#undef HAVE_IPV6
-#undef HAVE_LINUX_IPV6_PROC
-#undef HAVE_RTNETLINK
-#define HAVE_GETOPT_LONG
-#undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
-#undef HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-/* Fix various misfeatures of libc5 headers */
-typedef unsigned long in_addr_t; 
-typedef size_t socklen_t;
-
 /* This is for glibc 2.x */
 #elif defined(__linux__)
-#define HAVE_LINUX_IPV6_PROC
-#define HAVE_RTNETLINK
+#define HAVE_LINUX_NETWORK
 #define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
-#define HAVE_PSELECT
 /* glibc < 2.2  has broken Sockaddr_in6 so we have to use our own. */
 /* glibc < 2.2 doesn't define in_addr_t */
 #if defined(__GLIBC__) && (__GLIBC__ == 2) && \
@@ -273,65 +223,66 @@ typedef unsigned long in_addr_t;
 #   define HAVE_BROKEN_SOCKADDR_IN6
 #endif
 
-#elif defined(__FreeBSD__) || defined(__OpenBSD__)
-#undef HAVE_LINUX_IPV6_PROC
-#undef HAVE_RTNETLINK
+#elif defined(__FreeBSD__) || \
+      defined(__OpenBSD__) || \
+      defined(__DragonFly__) || \
+      defined (__FreeBSD_kernel__)
+#define HAVE_BSD_NETWORK
 /* Later verions of FreeBSD have getopt_long() */
 #if defined(optional_argument) && defined(required_argument)
 #   define HAVE_GETOPT_LONG
-#else
-#   undef HAVE_GETOPT_LONG
 #endif
-#define HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
+#if !defined (__FreeBSD_kernel__)
+#   define HAVE_ARC4RANDOM
+#endif
 #define HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-#define HAVE_BPF
+#define HAVE_BSD_BRIDGE
 
 #elif defined(__APPLE__)
-#undef HAVE_LINUX_IPV6_PROC
-#undef HAVE_RTNETLINK
+#define HAVE_BSD_NETWORK
 #undef HAVE_GETOPT_LONG
 #define HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
 #define HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-#define HAVE_BPF
 /* Define before sys/socket.h is included so we get socklen_t */
 #define _BSD_SOCKLEN_T_
-/* This is not defined in Mac OS X arpa/nameserv.h */
-#define IN6ADDRSZ 16
  
 #elif defined(__NetBSD__)
-#undef HAVE_LINUX_IPV6_PROC
-#undef HAVE_RTNETLINK
+#define HAVE_BSD_NETWORK
 #define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #define HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-#define HAVE_BPF
- 
-/* env "LIBS=-lsocket -lnsl" make */
+#define HAVE_BSD_BRIDGE
+
 #elif defined(__sun) || defined(__sun__)
-#undef HAVE_LINUX_IPV6_PROC
-#undef HAVE_RTNETLINK
-#undef HAVE_GETOPT_LONG
+#define HAVE_SOLARIS_NETWORK
+/* only Solaris 10 does split privs. */
+#if (SUNOS_VER >= 10)
+#  define HAVE_SOLARIS_PRIVS
+#  define HAVE_GETOPT_LONG
+#endif
+/* some CMSG stuff missing on early solaris */
+#ifndef OSSH_ALIGNBYTES
+#  define OSSH_ALIGNBYTES (sizeof(int) - 1)
+#endif
+#ifndef __CMSG_ALIGN
+#  define __CMSG_ALIGN(p) (((u_int)(p) + OSSH_ALIGNBYTES) &~ OSSH_ALIGNBYTES)
+#endif
+#ifndef CMSG_LEN
+#  define CMSG_LEN(len)   (__CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
+#endif
+#ifndef CMSG_SPACE
+#  define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len))
+#endif
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#undef HAVE_DEV_URANDOM
-#undef HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
-#undef HAVE_PSELECT
-#define HAVE_BPF
+
+#define _XPG4_2
+#define __EXTENSIONS__
+#define ETHER_ADDR_LEN 6
 #endif
 
-
 /* Decide if we're going to support IPv6 */
+/* IPv6 can be forced off with "make COPTS=-DNO_IPV6" */
 /* We assume that systems which don't have IPv6
    headers don't have ntop and pton either */
 
@@ -351,5 +302,3 @@ typedef unsigned long in_addr_t;
 #  define ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */
 #endif
 
-
-

src/dbus.c

@@ -1,13 +1,17 @@
-/* dnsmasq is Copyright (c) 2000-2005 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
@@ -25,28 +29,25 @@ struct watch {
 
 static dbus_bool_t add_watch(DBusWatch *watch, void *data)
 {
-  struct daemon *daemon = data;
   struct watch *w;
 
   for (w = daemon->watches; w; w = w->next)
     if (w->watch == watch)
       return TRUE;
 
-  if (!(w = malloc(sizeof(struct watch))))
+  if (!(w = whine_malloc(sizeof(struct watch))))
     return FALSE;
 
   w->watch = watch;
   w->next = daemon->watches;
   daemon->watches = w;
 
-  dbus_watch_set_data (watch, (void *)daemon, NULL);
-
+  w = data; /* no warning */
   return TRUE;
 }
 
 static void remove_watch(DBusWatch *watch, void *data)
 {
-  struct daemon *daemon = data;
   struct watch **up, *w;  
   
   for (up = &(daemon->watches), w = daemon->watches; w; w = w->next)
@@ -57,9 +58,11 @@ static void remove_watch(DBusWatch *watch, void *data)
       }
     else
       up = &(w->next);
+
+  w = data; /* no warning */
 }
 
-static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
+static void dbus_read_servers(DBusMessage *message)
 {
   struct server *serv, *tmp, **up;
   DBusMessageIter iter;
@@ -109,7 +112,7 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
 	    }
 
 #ifndef HAVE_IPV6
-	  syslog(LOG_WARNING, _("attempt to set an IPv6 server address via DBus - no IPv6 support"));
+	  my_syslog(LOG_WARNING, _("attempt to set an IPv6 server address via DBus - no IPv6 support"));
 #else
 	  if (i == sizeof(struct in6_addr)-1)
 	    {
@@ -119,7 +122,8 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
 #endif
               source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
               addr.in6.sin6_port = htons(NAMESERVER_PORT);
-              source_addr.in6.sin6_flowinfo = addr.in6.sin6_flowinfo = htonl(0);
+              source_addr.in6.sin6_flowinfo = addr.in6.sin6_flowinfo = 0;
+	      source_addr.in6.sin6_scope_id = addr.in6.sin6_scope_id = 0;
               source_addr.in6.sin6_addr = in6addr_any;
               source_addr.in6.sin6_port = htons(daemon->query_port);
 	      skip = 0;
@@ -160,11 +164,14 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
 		    }
 		}
 	    
-	    if (!serv && (serv = malloc(sizeof (struct server))))
+	    if (!serv && (serv = whine_malloc(sizeof (struct server))))
 	      {
 		/* Not found, create a new one. */
+		memset(serv, 0, sizeof(struct server));
+		
 		if (domain)
-		  serv->domain = malloc(strlen(domain)+1);
+		  serv->domain = whine_malloc(strlen(domain)+1);
+		
 		if (domain && !serv->domain)
 		  {
 		    free(serv);
@@ -175,7 +182,6 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
 		    serv->next = daemon->servers;
 		    daemon->servers = serv;
 		    serv->flags = SERV_FROM_DBUS;
-		    serv->sfd = NULL;
 		    if (domain)
 		      {
 			strcpy(serv->domain, domain);
@@ -207,22 +213,22 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
       tmp = serv->next;
       if (serv->flags & SERV_MARK)
 	{
+	  server_gone(serv);
 	  *up = serv->next;
 	  free(serv);
 	}
       else 
-	    up = &serv->next;
+	up = &serv->next;
     }
 
 }
 
-DBusHandlerResult message_handler (DBusConnection *connection, 
-				   DBusMessage *message, 
-				   void *user_data)
+DBusHandlerResult message_handler(DBusConnection *connection, 
+				  DBusMessage *message, 
+				  void *user_data)
 {
   char *method = (char *)dbus_message_get_member(message);
-  struct daemon *daemon = (struct daemon *)user_data;
-  
+   
   if (strcmp(method, "GetVersion") == 0)
     {
       char *v = VERSION;
@@ -234,22 +240,24 @@ DBusHandlerResult message_handler (DBusConnection *connection,
     }
   else if (strcmp(method, "SetServers") == 0)
     {
-      syslog(LOG_INFO, _("setting upstream servers from DBus"));
-      dbus_read_servers(daemon, message);
-      check_servers(daemon);
+      my_syslog(LOG_INFO, _("setting upstream servers from DBus"));
+      dbus_read_servers(message);
+      check_servers();
     }
   else if (strcmp(method, "ClearCache") == 0)
-    clear_cache_and_reload(daemon, dnsmasq_time(daemon->uptime_fd));
+    clear_cache_and_reload(dnsmasq_time());
   else
     return (DBUS_HANDLER_RESULT_NOT_YET_HANDLED);
   
+  method = user_data; /* no warning */
+
   return (DBUS_HANDLER_RESULT_HANDLED);
  
 }
  
 
 /* returns NULL or error message, may fail silently if dbus daemon not yet up. */
-char *dbus_init(struct daemon *daemon)
+char *dbus_init(void)
 {
   DBusConnection *connection = NULL;
   DBusObjectPathVTable dnsmasq_vtable = {NULL, &message_handler, NULL, NULL, NULL, NULL };
@@ -259,17 +267,17 @@ char *dbus_init(struct daemon *daemon)
   dbus_error_init (&dbus_error);
   if (!(connection = dbus_bus_get (DBUS_BUS_SYSTEM, &dbus_error)))
     return NULL;
-
+    
   dbus_connection_set_exit_on_disconnect(connection, FALSE);
   dbus_connection_set_watch_functions(connection, add_watch, remove_watch, 
-				      NULL, (void *)daemon, NULL);
+				      NULL, NULL, NULL);
   dbus_error_init (&dbus_error);
   dbus_bus_request_name (connection, DNSMASQ_SERVICE, 0, &dbus_error);
   if (dbus_error_is_set (&dbus_error))
     return (char *)dbus_error.message;
   
   if (!dbus_connection_register_object_path(connection,  DNSMASQ_PATH, 
-					    &dnsmasq_vtable, daemon))
+					    &dnsmasq_vtable, NULL))
     return _("could not register a DBus message handler");
   
   daemon->dbus = connection; 
@@ -281,8 +289,8 @@ char *dbus_init(struct daemon *daemon)
 }
  
 
-int set_dbus_listeners(struct daemon *daemon, int maxfd,
-		       fd_set *rset, fd_set *wset, fd_set *eset)
+void set_dbus_listeners(int *maxfdp,
+			fd_set *rset, fd_set *wset, fd_set *eset)
 {
   struct watch *w;
   
@@ -290,10 +298,13 @@ int set_dbus_listeners(struct daemon *daemon, int maxfd,
     if (dbus_watch_get_enabled(w->watch))
       {
 	unsigned int flags = dbus_watch_get_flags(w->watch);
+#if (DBUS_MINOR > 0)
+	int fd = dbus_watch_get_unix_fd(w->watch);
+#else
 	int fd = dbus_watch_get_fd(w->watch);
+#endif
 	
-	if (fd > maxfd)
-	  maxfd = fd;
+	bump_maxfd(fd, maxfdp);
 	
 	if (flags & DBUS_WATCH_READABLE)
 	  FD_SET(fd, rset);
@@ -303,11 +314,9 @@ int set_dbus_listeners(struct daemon *daemon, int maxfd,
 	
 	FD_SET(fd, eset);
       }
-  return maxfd;
 }
 
-void check_dbus_listeners(struct daemon *daemon,
-			  fd_set *rset, fd_set *wset, fd_set *eset)
+void check_dbus_listeners(fd_set *rset, fd_set *wset, fd_set *eset)
 {
   DBusConnection *connection = (DBusConnection *)daemon->dbus;
   struct watch *w;
@@ -316,7 +325,11 @@ void check_dbus_listeners(struct daemon *daemon,
     if (dbus_watch_get_enabled(w->watch))
       {
 	unsigned int flags = 0;
+#if (DBUS_MINOR > 0)
+	int fd = dbus_watch_get_unix_fd(w->watch);
+#else
 	int fd = dbus_watch_get_fd(w->watch);
+#endif
 	
 	if (FD_ISSET(fd, rset))
 	  flags |= DBUS_WATCH_READABLE;

src/dnsmasq.h

@@ -1,37 +1,43 @@
-/* dnsmasq is Copyright (c) 2000-2005 Simon Kelley
-
+/* dnsmasq is Copyright (c) 2000-2008 Simon Kelley
+ 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-/* Author's email: simon@thekelleys.org.uk */
+#define COPYRIGHT "Copyright (C) 2000-2008 Simon Kelley" 
 
-#define COPYRIGHT "Copyright (C) 2000-2006 Simon Kelley" 
-
-#ifdef __linux__
-/* for pselect.... */
-#  define _XOPEN_SOURCE 600 
-/* but then DNS headers don't compile without.... */
-#define _BSD_SOURCE
+#ifndef NO_LARGEFILE
+/* Ensure we can use files >2GB (log files may grow this big) */
+#  define _LARGEFILE_SOURCE 1
+#  define _FILE_OFFSET_BITS 64
 #endif
- 
+
+/* Get linux C library versions. */
+#ifdef __linux__
+#  define _GNU_SOURCE
+#  include <features.h> 
+#endif
+
 /* get these before config.h  for IPv6 stuff... */
 #include <sys/types.h> 
 #include <netinet/in.h>
 
-/* get this before config.h too. */
-#include <syslog.h>
 #ifdef __APPLE__
-/* need this before arpa/nameser.h */
-#  define BIND_8_COMPAT
+#  include <nameser.h>
+#  include <arpa/nameser_compat.h>
+#else
+#  include <arpa/nameser.h>
 #endif
-#include <arpa/nameser.h>
 
 /* and this. */
 #include <getopt.h>
@@ -39,7 +45,7 @@
 #include "config.h"
 
 #define gettext_noop(S) (S)
-#ifdef NO_GETTEXT
+#ifndef LOCALEDIR
 #  define _(S) (S)
 #else
 #  include <libintl.h>
@@ -51,12 +57,13 @@
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/ioctl.h>
+#if defined(HAVE_SOLARIS_NETWORK)
+#include <sys/sockio.h>
+#endif
 #include <sys/select.h>
 #include <sys/wait.h>
-#if defined(__sun) || defined(__sun__)
-#  include <sys/sockio.h>
-#endif
 #include <sys/time.h>
+#include <sys/un.h>
 #include <limits.h>
 #include <net/if.h>
 #include <unistd.h>
@@ -66,12 +73,13 @@
 #include <fcntl.h>
 #include <ctype.h>
 #include <signal.h>
+#include <stddef.h>
 #include <time.h>
 #include <errno.h>
 #include <pwd.h>
 #include <grp.h>
 #include <stdarg.h>
-#if defined(__OpenBSD__) || defined(__NetBSD__)
+#if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__sun__) || defined (__sun)
 #  include <netinet/if_ether.h>
 #else
 #  include <net/ethernet.h>
@@ -80,47 +88,102 @@
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
 #include <netinet/ip_icmp.h>
-#ifdef HAVE_BPF
-#  include <net/bpf.h>
-#  include <net/if_dl.h>
-#else
-#  include <netpacket/packet.h>
-#endif
 #include <sys/uio.h>
+#include <syslog.h>
+#include <dirent.h>
+#ifndef HAVE_LINUX_NETWORK
+#  include <net/if_dl.h>
+#endif
+
+#if defined(HAVE_LINUX_NETWORK)
+#include <linux/capability.h>
+/* There doesn't seem to be a universally-available 
+   userpace header for these. */
+extern int capset(cap_user_header_t header, cap_user_data_t data);
+extern int capget(cap_user_header_t header, cap_user_data_t data);
+#define LINUX_CAPABILITY_VERSION_1  0x19980330
+#define LINUX_CAPABILITY_VERSION_2  0x20071026
+#define LINUX_CAPABILITY_VERSION_3  0x20080522
+
+#include <sys/prctl.h>
+#elif defined(HAVE_SOLARIS_PRIVS)
+#include <priv.h>
+#endif
+
+/* daemon is function in the C library.... */
+#define daemon dnsmasq_daemon
+
+/* Async event queue */
+struct event_desc {
+  int event, data;
+};
+
+#define EVENT_RELOAD    1
+#define EVENT_DUMP      2
+#define EVENT_ALARM     3
+#define EVENT_TERM      4
+#define EVENT_CHILD     5
+#define EVENT_REOPEN    6
+#define EVENT_EXITED    7
+#define EVENT_KILLED    8
+#define EVENT_EXEC_ERR  9
+#define EVENT_PIPE_ERR  10
+#define EVENT_USER_ERR  11
+#define EVENT_CAP_ERR   12
+#define EVENT_PIDFILE   13
+#define EVENT_HUSER_ERR 14
+#define EVENT_GROUP_ERR 15
+#define EVENT_DIE       16
+#define EVENT_LOG_ERR   17
+
+/* Exit codes. */
+#define EC_GOOD        0
+#define EC_BADCONF     1
+#define EC_BADNET      2
+#define EC_FILE        3
+#define EC_NOMEM       4
+#define EC_MISC        5
+#define EC_INIT_OFFSET 10
 
 /* Min buffer size: we check after adding each record, so there must be 
    memory for the largest packet, and the largest record so the
    min for DNS is PACKETSZ+MAXDNAME+RRFIXEDSZ which is < 1000.
    This might be increased is EDNS packet size if greater than the minimum.
-   The buffer is also used for NETLINK, which needs to be about 2000
-   on systems with many interfaces/addresses. */
-#ifdef HAVE_RTNETLINK
-# define DNSMASQ_PACKETSZ PACKETSZ+MAXDNAME+RRFIXEDSZ
-#else
-# define DNSMASQ_PACKETSZ 2000
-#endif
+*/
+#define DNSMASQ_PACKETSZ PACKETSZ+MAXDNAME+RRFIXEDSZ
 
-#define OPT_BOGUSPRIV      1
-#define OPT_FILTER         2
-#define OPT_LOG            4
-#define OPT_SELFMX         8
-#define OPT_NO_HOSTS       16
-#define OPT_NO_POLL        32
-#define OPT_DEBUG          64
-#define OPT_ORDER          128
-#define OPT_NO_RESOLV      256
-#define OPT_EXPAND         512
-#define OPT_LOCALMX        1024
-#define OPT_NO_NEG         2048
-#define OPT_NODOTS_LOCAL   4096
-#define OPT_NOWILD         8192
-#define OPT_ETHERS         16384
-#define OPT_RESOLV_DOMAIN  32768
-#define OPT_NO_FORK        65536
-#define OPT_AUTHORITATIVE  131072
-#define OPT_LOCALISE       262144
-#define OPT_DBUS           524288
-#define OPT_BOOTP_DYNAMIC  1048576
+#define OPT_BOGUSPRIV      (1u<<0)
+#define OPT_FILTER         (1u<<1)
+#define OPT_LOG            (1u<<2)
+#define OPT_SELFMX         (1u<<3)
+#define OPT_NO_HOSTS       (1u<<4)
+#define OPT_NO_POLL        (1u<<5)
+#define OPT_DEBUG          (1u<<6)
+#define OPT_ORDER          (1u<<7)
+#define OPT_NO_RESOLV      (1u<<8)
+#define OPT_EXPAND         (1u<<9)
+#define OPT_LOCALMX        (1u<<10)
+#define OPT_NO_NEG         (1u<<11)
+#define OPT_NODOTS_LOCAL   (1u<<12)
+#define OPT_NOWILD         (1u<<13)
+#define OPT_ETHERS         (1u<<14)
+#define OPT_RESOLV_DOMAIN  (1u<<15)
+#define OPT_NO_FORK        (1u<<16)
+#define OPT_AUTHORITATIVE  (1u<<17)
+#define OPT_LOCALISE       (1u<<18)
+#define OPT_DBUS           (1u<<19)
+#define OPT_BOOTP_DYNAMIC  (1u<<20)
+#define OPT_NO_PING        (1u<<21)
+#define OPT_LEASE_RO       (1u<<22)
+#define OPT_ALL_SERVERS    (1u<<23)
+#define OPT_RELOAD         (1u<<24)
+#define OPT_TFTP           (1u<<25)
+#define OPT_TFTP_SECURE    (1u<<26)
+#define OPT_TFTP_NOBLOCK   (1u<<27)
+#define OPT_LOG_OPTS       (1u<<28)
+#define OPT_TFTP_APREF     (1u<<29)
+#define OPT_NO_OVERRIDE    (1u<<30)
+#define OPT_NO_REBIND      (1u<<31)
 
 struct all_addr {
   union {
@@ -149,12 +212,29 @@ struct mx_srv_record {
   struct mx_srv_record *next;
 };
 
+struct naptr {
+  char *name, *replace, *regexp, *services, *flags;
+  unsigned int order, pref;
+  struct naptr *next;
+};
+
 struct txt_record {
   char *name, *txt;
   unsigned short class, len;
   struct txt_record *next;
 };
 
+struct ptr_record {
+  char *name, *ptr;
+  struct ptr_record *next;
+};
+
+struct interface_name {
+  char *name; /* domain name */
+  char *intr; /* interface name */
+  struct interface_name *next;
+};
+
 union bigname {
   char name[MAXDNAME];
   union bigname *next; /* freelist */
@@ -197,7 +277,7 @@ struct crec {
 #define F_NOERR     32768
 
 /* struct sockaddr is not large enough to hold any address,
-   and specifically not big enough to hold and IPv6 address.
+   and specifically not big enough to hold an IPv6 address.
    Blech. Roll our own. */
 union mysockaddr {
   struct sockaddr sa;
@@ -222,38 +302,46 @@ union mysockaddr {
 #define SERV_FROM_RESOLV       1  /* 1 for servers from resolv, 0 for command line. */
 #define SERV_NO_ADDR           2  /* no server, this domain is local only */
 #define SERV_LITERAL_ADDRESS   4  /* addr is the answer, not the server */ 
-#define SERV_HAS_SOURCE        8  /* source address specified */
-#define SERV_HAS_DOMAIN       16  /* server for one domain only */
+#define SERV_HAS_DOMAIN        8  /* server for one domain only */
+#define SERV_HAS_SOURCE       16  /* source address defined */
 #define SERV_FOR_NODOTS       32  /* server for names with no domain part only */
 #define SERV_WARNED_RECURSIVE 64  /* avoid warning spam */
 #define SERV_FROM_DBUS       128  /* 1 if source is DBus */
 #define SERV_MARK            256  /* for mark-and-delete */
 #define SERV_TYPE    (SERV_HAS_DOMAIN | SERV_FOR_NODOTS)
-
+#define SERV_COUNTED         512  /* workspace for log code */
 
 struct serverfd {
   int fd;
   union mysockaddr source_addr;
+  char interface[IF_NAMESIZE+1];
   struct serverfd *next;
 };
 
+struct randfd {
+  int fd;
+  unsigned short refcount, family;
+};
+  
 struct server {
   union mysockaddr addr, source_addr;
-  struct serverfd *sfd; /* non-NULL if this server has its own fd bound to
-			   a source port */
+  char interface[IF_NAMESIZE+1];
+  struct serverfd *sfd; 
   char *domain; /* set if this server only handles a domain. */ 
   int flags, tcpfd;
+  unsigned int queries, failed_queries;
   struct server *next; 
 };
 
 struct irec {
   union mysockaddr addr;
   struct in_addr netmask; /* only valid for IPv4 */
+  int dhcp_ok;
   struct irec *next;
 };
 
 struct listener {
-  int fd, tcpfd, family;
+  int fd, tcpfd, tftpfd, family;
   struct irec *iface; /* only valid for non-wildcard */
   struct listener *next;
 };
@@ -278,13 +366,17 @@ struct resolvc {
 struct hostsfile {
   struct hostsfile *next;
   char *fname;
-  int index; /* matches to cache entries fro logging */
+  int index; /* matches to cache entries for logging */
 };
 
 struct frec {
   union mysockaddr source;
   struct all_addr dest;
-  struct server *sentto;
+  struct server *sentto; /* NULL means free */
+  struct randfd *rfd4;
+#ifdef HAVE_IPV6
+  struct randfd *rfd6;
+#endif
   unsigned int iface;
   unsigned short orig_id, new_id;
   int fd, forwardall;
@@ -293,14 +385,33 @@ struct frec {
   struct frec *next;
 };
 
+/* actions in the daemon->helper RPC */
+#define ACTION_DEL           1
+#define ACTION_OLD_HOSTNAME  2
+#define ACTION_OLD           3
+#define ACTION_ADD           4
+
+#define DHCP_CHADDR_MAX 16
+
 struct dhcp_lease {
   int clid_len;          /* length of client identifier */
   unsigned char *clid;   /* clientid */
   char *hostname, *fqdn; /* name from client-hostname option or config */
-  int auth_name;         /* hostname came from config, not from client */
+  char *old_hostname;    /* hostname before it moved to another lease */
+  char auth_name;        /* hostname came from config, not from client */
+  char new;              /* newly created */
+  char changed;          /* modified */
+  char aux_changed;      /* CLID or expiry changed */
   time_t expires;        /* lease expiry */
-  unsigned char hwaddr[ETHER_ADDR_LEN]; 
-  struct in_addr addr;
+#ifdef HAVE_BROKEN_RTC
+  unsigned int length;
+#endif
+  int hwaddr_len, hwaddr_type;
+  unsigned char hwaddr[DHCP_CHADDR_MAX]; 
+  struct in_addr addr, override;
+  unsigned char *vendorclass, *userclass;
+  unsigned int vendorclass_len, userclass_len;
+  int last_interface;
   struct dhcp_lease *next;
 };
 
@@ -313,14 +424,17 @@ struct dhcp_netid_list {
   struct dhcp_netid *list;
   struct dhcp_netid_list *next;
 };
+
 struct dhcp_config {
   unsigned int flags;
   int clid_len;          /* length of client identifier */
   unsigned char *clid;   /* clientid */
-  unsigned char hwaddr[ETHER_ADDR_LEN]; 
+  int hwaddr_len, hwaddr_type;
+  unsigned char hwaddr[DHCP_CHADDR_MAX]; 
   char *hostname;
   struct dhcp_netid netid;
   struct in_addr addr;
+  time_t decline_time;
   unsigned int lease_time, wildcard_mask;
   struct dhcp_config *next;
 };
@@ -333,14 +447,25 @@ struct dhcp_config {
 #define CONFIG_ADDR             32
 #define CONFIG_NETID            64
 #define CONFIG_NOCLID          128
+#define CONFIG_FROM_ETHERS     256    /* entry created by /etc/ethers */
+#define CONFIG_ADDR_HOSTS      512    /* address added by from /etc/hosts */
+#define CONFIG_DECLINED       1024    /* address declined by client */
+#define CONFIG_BANK           2048    /* from dhcp hosts file */
 
 struct dhcp_opt {
-  int opt, len, is_addr;
+  int opt, len, flags;
   unsigned char *val, *vendor_class;
   struct dhcp_netid *netid;
   struct dhcp_opt *next;
 };
 
+#define DHOPT_ADDR               1
+#define DHOPT_STRING             2
+#define DHOPT_ENCAPSULATE        4
+#define DHOPT_VENDOR_MATCH       8
+#define DHOPT_FORCE             16
+#define DHOPT_BANK              32
+
 struct dhcp_boot {
   char *file, *sname;
   struct in_addr next_server;
@@ -348,27 +473,49 @@ struct dhcp_boot {
   struct dhcp_boot *next;
 };
 
+#define MATCH_VENDOR     1
+#define MATCH_USER       2
+#define MATCH_CIRCUIT    3
+#define MATCH_REMOTE     4
+#define MATCH_SUBSCRIBER 5
+#define MATCH_OPTION     6
+
+/* vendorclass, userclass, remote-id or cicuit-id */
 struct dhcp_vendor {
-  int len, is_vendor;
+  int len, match_type, option;
   char *data;
   struct dhcp_netid netid;
   struct dhcp_vendor *next;
 };
 
+struct dhcp_mac {
+  unsigned int mask;
+  int hwaddr_len, hwaddr_type;
+  unsigned char hwaddr[DHCP_CHADDR_MAX];
+  struct dhcp_netid netid;
+  struct dhcp_mac *next;
+};
+
+#ifdef HAVE_BSD_BRIDGE
+struct dhcp_bridge {
+  char iface[IF_NAMESIZE];
+  struct dhcp_bridge *alias, *next;
+};
+#endif
+
 struct dhcp_context {
   unsigned int lease_time, addr_epoch;
   struct in_addr netmask, broadcast;
   struct in_addr local, router;
   struct in_addr start, end; /* range of available addresses */
   int flags;
-  struct dhcp_netid netid;
+  struct dhcp_netid netid, *filter;
   struct dhcp_context *next, *current;
 };
 
 #define CONTEXT_STATIC    1
-#define CONTEXT_FILTER    2
-#define CONTEXT_NETMASK   4
-#define CONTEXT_BRDCAST   8
+#define CONTEXT_NETMASK   2
+#define CONTEXT_BRDCAST   4
 
 
 typedef unsigned char u8;
@@ -376,22 +523,13 @@ typedef unsigned short u16;
 typedef unsigned int u32;
 
 
-struct udp_dhcp_packet {
-        struct ip ip;
-        struct udphdr {
-	  u16 uh_sport;               /* source port */
-	  u16 uh_dport;               /* destination port */
-	  u16 uh_ulen;                /* udp length */
-	  u16 uh_sum;                 /* udp checksum */
-	} udp;
-        struct dhcp_packet {
-	  u8 op, htype, hlen, hops;
-	  u32 xid;
-	  u16 secs, flags;
-	  struct in_addr ciaddr, yiaddr, siaddr, giaddr;
-	  u8 chaddr[16], sname[64], file[128];
-	  u8 options[312];
-	} data;
+struct dhcp_packet {
+  u8 op, htype, hlen, hops;
+  u32 xid;
+  u16 secs, flags;
+  struct in_addr ciaddr, yiaddr, siaddr, giaddr;
+  u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128];
+  u8 options[312];
 };
 
 struct ping_result {
@@ -400,7 +538,27 @@ struct ping_result {
   struct ping_result *next;
 };
 
-struct daemon {
+struct tftp_file {
+  int refcount, fd;
+  off_t size;
+  dev_t dev;
+  ino_t inode;
+  char filename[];
+};
+
+struct tftp_transfer {
+  int sockfd;
+  time_t timeout;
+  int backoff;
+  unsigned int block, blocksize, expansion;
+  off_t offset;
+  struct sockaddr_in peer;
+  char opt_blocksize, opt_transize, netascii, carrylf;
+  struct tftp_file *file;
+  struct tftp_transfer *next;
+};
+
+extern struct daemon {
   /* datastuctures representing the command-line and 
      config file arguments. All set (including defaults)
      in option.c */
@@ -408,62 +566,91 @@ struct daemon {
   unsigned int options;
   struct resolvc default_resolv, *resolv_files;
   struct mx_srv_record *mxnames;
+  struct naptr *naptr;
   struct txt_record *txt;
+  struct ptr_record *ptr;
+  struct interface_name *int_names;
   char *mxtarget;
   char *lease_file; 
-  char *username, *groupname;
+  char *username, *groupname, *scriptuser;
+  int group_set, osport;
   char *domain_suffix;
   char *runfile; 
+  char *lease_change_command;
   struct iname *if_names, *if_addrs, *if_except, *dhcp_except;
   struct bogus_addr *bogus_addr;
   struct server *servers;
-  int cachesize;
-  int port, query_port;
-  unsigned long local_ttl;
+  int log_fac; /* log facility */
+  char *log_file; /* optional log file */
+  int max_logs;  /* queue limit */
+  int cachesize, ftabsize;
+  int port, query_port, min_port;
+  unsigned long local_ttl, neg_ttl;
   struct hostsfile *addn_hosts;
   struct dhcp_context *dhcp;
   struct dhcp_config *dhcp_conf;
-  struct dhcp_opt *dhcp_opts, *vendor_opts;
+  struct dhcp_opt *dhcp_opts;
   struct dhcp_vendor *dhcp_vendors;
+  struct dhcp_mac *dhcp_macs;
   struct dhcp_boot *boot_config;
-  struct dhcp_netid_list *dhcp_ignore;
-  int dhcp_max; 
+  struct dhcp_netid_list *dhcp_ignore, *dhcp_ignore_names, *force_broadcast;
+  char *dhcp_hosts_file, *dhcp_opts_file;
+  int dhcp_max, tftp_max;
+  int dhcp_server_port, dhcp_client_port;
+  int start_tftp_port, end_tftp_port; 
   unsigned int min_leasetime;
   struct doctor *doctors;
   unsigned short edns_pktsz;
+  char *tftp_prefix; 
 
   /* globally used stuff for DNS */
   char *packet; /* packet buffer */
   int packet_buff_sz; /* size of above */
   char *namebuff; /* MAXDNAME size buffer */
+  unsigned int local_answer, queries_forwarded;
+  struct frec *frec_list;
   struct serverfd *sfds;
   struct irec *interfaces;
   struct listener *listeners;
   struct server *last_server;
-  int uptime_fd;
-  
+  struct server *srv_save; /* Used for resend on DoD */
+  size_t packet_len;       /*      "        "        */
+  struct randfd *rfd_save; /*      "        "        */
+pid_t tcp_pids[MAX_PROCS];
+  struct randfd randomsocks[RANDOM_SOCKS];
+
   /* DHCP state */
-  int dhcpfd, dhcp_raw_fd, dhcp_icmp_fd, lease_fd;
-#ifdef HAVE_RTNETLINK
+  int dhcpfd, helperfd; 
+#ifdef HAVE_LINUX_NETWORK
   int netlinkfd;
+#else
+  int dhcp_raw_fd, dhcp_icmp_fd;
 #endif
-  struct udp_dhcp_packet *dhcp_packet;
+  struct iovec dhcp_packet;
   char *dhcp_buff, *dhcp_buff2;
   struct ping_result *ping_results;
+  FILE *lease_stream;
+#ifdef HAVE_BSD_BRIDGE
+  struct dhcp_bridge *bridges;
+#endif
 
   /* DBus stuff */
-#ifdef HAVE_DBUS
   /* void * here to avoid depending on dbus headers outside dbus.c */
   void *dbus;
+#ifdef HAVE_DBUS
   struct watch *watches;
 #endif
 
-};
+  /* TFTP stuff */
+  struct tftp_transfer *tftp_trans;
+
+} *daemon;
 
 /* cache.c */
-void cache_init(int cachesize, int log);
-void log_query(unsigned short flags, char *name, struct all_addr *addr, 
-	       unsigned short type, struct hostsfile *addn_hosts, int index);
+void cache_init(void);
+void log_query(unsigned short flags, char *name, struct all_addr *addr, char *arg); 
+char *record_source(struct hostsfile *addn_hosts, int index);
+void querystr(char *str, unsigned short type);
 struct crec *cache_find_by_addr(struct crec *crecp,
 				struct all_addr *addr, time_t now, 
 				unsigned short prot);
@@ -474,134 +661,185 @@ void cache_start_insert(void);
 struct crec *cache_insert(char *name, struct all_addr *addr,
 			  time_t now, unsigned long ttl, unsigned short flags);
 void cache_reload(int opts, char *buff, char *domain_suffix, struct hostsfile  *addn_hosts);
-void cache_add_dhcp_entry(struct daemon *daemon, char *host_name, struct in_addr *host_address, time_t ttd);
+void cache_add_dhcp_entry(char *host_name, struct in_addr *host_address, time_t ttd);
 void cache_unhash_dhcp(void);
-void dump_cache(struct daemon *daemon);
+void dump_cache(time_t now);
 char *cache_get_name(struct crec *crecp);
 
 /* rfc1035.c */
-unsigned short extract_request(HEADER *header, unsigned int qlen, 
+unsigned short extract_request(HEADER *header, size_t qlen, 
 			       char *name, unsigned short *typep);
-int setup_reply(HEADER *header, unsigned int qlen,
-		struct all_addr *addrp, unsigned short flags,
-		unsigned long local_ttl);
-void extract_addresses(HEADER *header, unsigned int qlen, char *namebuff, 
-		       time_t now, struct daemon *daemon);
-int answer_request(HEADER *header, char *limit, unsigned int qlen, struct daemon *daemon, 
+size_t setup_reply(HEADER *header, size_t  qlen,
+		   struct all_addr *addrp, unsigned short flags,
+		   unsigned long local_ttl);
+int extract_addresses(HEADER *header, size_t qlen, char *namebuff, time_t now);
+size_t answer_request(HEADER *header, char *limit, size_t qlen,  
 		   struct in_addr local_addr, struct in_addr local_netmask, time_t now);
-int check_for_bogus_wildcard(HEADER *header, unsigned int qlen, char *name, 
+int check_for_bogus_wildcard(HEADER *header, size_t qlen, char *name, 
 			     struct bogus_addr *addr, time_t now);
-unsigned char *find_pseudoheader(HEADER *header, unsigned int plen,
-				 unsigned int *len, unsigned char **p);
-int check_for_local_domain(char *name, time_t now, struct daemon *daemon);
-unsigned int questions_crc(HEADER *header, unsigned int plen, char *buff);
-int resize_packet(HEADER *header, unsigned int plen, 
-		  unsigned char *pheader, unsigned int hlen);
+unsigned char *find_pseudoheader(HEADER *header, size_t plen,
+				 size_t *len, unsigned char **p, int *is_sign);
+int check_for_local_domain(char *name, time_t now);
+unsigned int questions_crc(HEADER *header, size_t plen, char *buff);
+size_t resize_packet(HEADER *header, size_t plen, 
+		  unsigned char *pheader, size_t hlen);
 
 /* util.c */
+void rand_init(void);
 unsigned short rand16(void);
 int legal_char(char c);
 int canonicalise(char *s);
 unsigned char *do_rfc1035_name(unsigned char *p, char *sval);
-void die(char *message, char *arg1);
-void complain(char *message, int lineno, char *file);
 void *safe_malloc(size_t size);
+void safe_pipe(int *fd, int read_noblock);
+void *whine_malloc(size_t size);
 int sa_len(union mysockaddr *addr);
 int sockaddr_isequal(union mysockaddr *s1, union mysockaddr *s2);
 int hostname_isequal(char *a, char *b);
-time_t dnsmasq_time(int fd);
+time_t dnsmasq_time(void);
 int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask);
 int retry_send(void);
 void prettyprint_time(char *buf, unsigned int t);
 int prettyprint_addr(union mysockaddr *addr, char *buf);
 int parse_hex(char *in, unsigned char *out, int maxlen, 
-	      unsigned int *wildcard_mask);
+	      unsigned int *wildcard_mask, int *mac_type);
+int memcmp_masked(unsigned char *a, unsigned char *b, int len, 
+		  unsigned int mask);
+int expand_buf(struct iovec *iov, size_t size);
+char *print_mac(char *buff, unsigned char *mac, int len);
+void bump_maxfd(int fd, int *max);
+int read_write(int fd, unsigned char *packet, int size, int rw);
+
+/* log.c */
+void die(char *message, char *arg1, int exit_code);
+int log_start(struct passwd *ent_pw, int errfd);
+int log_reopen(char *log_file);
+void my_syslog(int priority, const char *format, ...);
+void set_log_writer(fd_set *set, int *maxfdp);
+void check_log_writer(fd_set *set);
+void flush_log(void);
 
 /* option.c */
-struct daemon *read_opts (int argc, char **argv, char *compile_opts);
+void read_opts (int argc, char **argv, char *compile_opts);
+char *option_string(unsigned char opt);
+void reread_dhcp(void);
 
 /* forward.c */
-void forward_init(int first);
-void reply_query(struct serverfd *sfd, struct daemon *daemon, time_t now);
-void receive_query(struct listener *listen, struct daemon *daemon, time_t now);
-unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
+void reply_query(int fd, int family, time_t now);
+void receive_query(struct listener *listen, time_t now);
+unsigned char *tcp_request(int confd, time_t now,
 			   struct in_addr local_addr, struct in_addr netmask);
+void server_gone(struct server *server);
+struct frec *get_new_frec(time_t now, int *wait);
 
 /* network.c */
-struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds);
-void reload_servers(char *fname, struct daemon *daemon);
-void check_servers(struct daemon *daemon);
-int enumerate_interfaces(struct daemon *daemon, struct irec **chainp,
-			 union mysockaddr *test_addrp, struct in_addr *netmaskp);
-struct listener *create_wildcard_listeners(int port);
-struct listener *create_bound_listeners(struct irec *interfaces, int port);
+int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp);
+int random_sock(int family);
+void pre_allocate_sfds(void);
+int reload_servers(char *fname);
+void check_servers(void);
+int enumerate_interfaces();
+struct listener *create_wildcard_listeners(void);
+struct listener *create_bound_listeners(void);
+int iface_check(int family, struct all_addr *addr, 
+		struct ifreq *ifr, int *indexp);
+int fix_fd(int fd);
+struct in_addr get_ifaddr(char *intr);
 
 /* dhcp.c */
-void dhcp_init(struct daemon *daemon);
-void dhcp_packet(struct daemon *daemon, time_t now);
+void dhcp_init(void);
+void dhcp_packet(time_t now);
 
-struct dhcp_context *address_available(struct dhcp_context *context, struct in_addr addr);
-struct dhcp_context *narrow_context(struct dhcp_context *context, struct in_addr taddr);
-int match_netid(struct dhcp_netid *check, struct dhcp_netid *pool);
-int address_allocate(struct dhcp_context *context, struct daemon *daemon,
-		     struct in_addr *addrp, unsigned char *hwaddr,
+struct dhcp_context *address_available(struct dhcp_context *context, 
+				       struct in_addr addr,
+				       struct dhcp_netid *netids);
+struct dhcp_context *narrow_context(struct dhcp_context *context, 
+				    struct in_addr taddr,
+				    struct dhcp_netid *netids);
+int match_netid(struct dhcp_netid *check, struct dhcp_netid *pool, int negonly);
+int address_allocate(struct dhcp_context *context,
+		     struct in_addr *addrp, unsigned char *hwaddr, int hw_len,
 		     struct dhcp_netid *netids, time_t now);
 struct dhcp_config *find_config(struct dhcp_config *configs,
 				struct dhcp_context *context,
 				unsigned char *clid, int clid_len,
-				unsigned char *hwaddr, char *hostname);
+				unsigned char *hwaddr, int hw_len, 
+				int hw_type, char *hostname);
 void dhcp_update_configs(struct dhcp_config *configs);
-void dhcp_read_ethers(struct daemon *daemon);
+void dhcp_read_ethers(void);
+void check_dhcp_hosts(int fatal);
 struct dhcp_config *config_find_by_address(struct dhcp_config *configs, struct in_addr addr);
-char *strip_hostname(struct daemon *daemon, char *hostname);
-char *host_from_dns(struct daemon *daemon, struct in_addr addr);
-struct dhcp_context *complete_context(struct daemon *daemon, struct in_addr local, 
-				      struct dhcp_context *current, struct in_addr netmask, 
-				      struct in_addr broadcast, struct in_addr relay,
-				      struct in_addr primary);
+char *strip_hostname(char *hostname);
+char *host_from_dns(struct in_addr addr);
 
 /* lease.c */
-void lease_update_file(int force, time_t now);
-void lease_update_dns(struct daemon *daemon);
-void lease_init(struct daemon *daemon, time_t now);
-struct dhcp_lease *lease_allocate(unsigned char *hwaddr, unsigned char *clid,
-				  int clid_len, struct in_addr addr);
-int lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
-		      unsigned char *clid, int clid_len);
+void lease_update_file(time_t now);
+void lease_update_dns();
+void lease_init(time_t now);
+struct dhcp_lease *lease_allocate(struct in_addr addr);
+void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
+		      unsigned char *clid, int hw_len, int hw_type, int clid_len);
 void lease_set_hostname(struct dhcp_lease *lease, char *name, 
 			char *suffix, int auth);
-void lease_set_expires(struct dhcp_lease *lease, time_t exp);
-struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr,
+void lease_set_expires(struct dhcp_lease *lease, unsigned int len, time_t now);
+void lease_set_interface(struct dhcp_lease *lease, int interface);
+struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr, int hw_len, int hw_type,  
 					unsigned char *clid, int clid_len);
 struct dhcp_lease *lease_find_by_addr(struct in_addr addr);
 void lease_prune(struct dhcp_lease *target, time_t now);
-void lease_update_from_configs(struct daemon *daemon);
+void lease_update_from_configs(void);
+int do_script_run(time_t now);
+void rerun_scripts(void);
 
 /* rfc2131.c */
-int dhcp_reply(struct daemon *daemon, struct dhcp_context *context, char *iface_name, unsigned int sz, time_t now, int unicast_dest);
+size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+		  size_t sz, time_t now, int unicast_dest, int *is_inform);
 
 /* dnsmasq.c */
-int icmp_ping(struct daemon *daemon, struct in_addr addr);
-void clear_cache_and_reload(struct daemon *daemon, time_t now);
+int make_icmp_sock(void);
+int icmp_ping(struct in_addr addr);
+void send_event(int fd, int event, int data);
+void clear_cache_and_reload(time_t now);
 
 /* isc.c */
 #ifdef HAVE_ISC_READER
-void load_dhcp(struct daemon *daemon, time_t now);
+void load_dhcp(time_t now);
 #endif
 
 /* netlink.c */
-#ifdef HAVE_RTNETLINK
-int netlink_init(void);
-int netlink_process(struct daemon *daemon, int index, 
-		    struct in_addr relay, struct in_addr primary,
-		    struct dhcp_context **retp);
+#ifdef HAVE_LINUX_NETWORK
+void netlink_init(void);
+void netlink_multicast(void);
 #endif
 
+/* bpf.c */
+#ifdef HAVE_BSD_NETWORK
+void init_bpf(void);
+void send_via_bpf(struct dhcp_packet *mess, size_t len,
+		  struct in_addr iface_addr, struct ifreq *ifr);
+#endif
+
+/* bpf.c or netlink.c */
+int iface_enumerate(void *parm, int (*ipv4_callback)(), int (*ipv6_callback)());
+
 /* dbus.c */
 #ifdef HAVE_DBUS
-char *dbus_init(struct daemon *daemon);
-void check_dbus_listeners(struct daemon *daemon,
-			  fd_set *rset, fd_set *wset, fd_set *eset);
-int set_dbus_listeners(struct daemon *daemon, int maxfd, 
-		       fd_set *rset, fd_set *wset, fd_set *eset);
+char *dbus_init(void);
+void check_dbus_listeners(fd_set *rset, fd_set *wset, fd_set *eset);
+void set_dbus_listeners(int *maxfdp, fd_set *rset, fd_set *wset, fd_set *eset);
+#endif
+
+/* helper.c */
+#ifndef NO_FORK
+int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd);
+void helper_write(void);
+void queue_script(int action, struct dhcp_lease *lease, 
+		  char *hostname, time_t now);
+int helper_buf_empty(void);
+#endif
+
+/* tftp.c */
+#ifdef HAVE_TFTP
+void tftp_request(struct listener *listen, time_t now);
+void check_tftp_listeners(fd_set *rset, time_t now);
 #endif

src/helper.c

@@ -0,0 +1,419 @@
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+/* This file has code to fork a helper process which recieves data via a pipe 
+   shared with the main process and which is responsible for calling a script when
+   DHCP leases change.
+
+   The helper process is forked before the main process drops root, so it retains root 
+   privs to pass on to the script. For this reason it tries to be paranoid about 
+   data received from the main process, in case that has been compromised. We don't
+   want the helper to give an attacker root. In particular, the script to be run is
+   not settable via the pipe, once the fork has taken place it is not alterable by the 
+   main process.
+*/
+
+#ifndef NO_FORK
+
+static void my_setenv(const char *name, const char *value, int *error);
+ 
+struct script_data
+{
+  unsigned char action, hwaddr_len, hwaddr_type;
+  unsigned char clid_len, hostname_len, uclass_len, vclass_len;
+  struct in_addr addr;
+  unsigned int remaining_time;
+#ifdef HAVE_BROKEN_RTC
+  unsigned int length;
+#else
+  time_t expires;
+#endif
+  unsigned char hwaddr[DHCP_CHADDR_MAX];
+  char interface[IF_NAMESIZE];
+};
+
+static struct script_data *buf = NULL;
+static size_t bytes_in_buf = 0, buf_size = 0;
+
+int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+{
+  pid_t pid;
+  int i, pipefd[2];
+  struct sigaction sigact;
+
+  /* create the pipe through which the main program sends us commands,
+     then fork our process. */
+  if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+    {
+      send_event(err_fd, EVENT_PIPE_ERR, errno);
+      _exit(0);
+    }
+
+  if (pid != 0)
+    {
+      close(pipefd[0]); /* close reader side */
+      return pipefd[1];
+    }
+
+  /* ignore SIGTERM, so that we can clean up when the main process gets hit
+     and SIGALRM so that we can use sleep() */
+  sigact.sa_handler = SIG_IGN;
+  sigact.sa_flags = 0;
+  sigemptyset(&sigact.sa_mask);
+  sigaction(SIGTERM, &sigact, NULL);
+  sigaction(SIGALRM, &sigact, NULL);
+
+  if (!(daemon->options & OPT_DEBUG) && uid != 0)
+    {
+      gid_t dummy;
+      if (setgroups(0, &dummy) == -1 || 
+	  setgid(gid) == -1 || 
+	  setuid(uid) == -1)
+	{
+	  if (daemon->options & OPT_NO_FORK)
+	    /* send error to daemon process if no-fork */
+	    send_event(event_fd, EVENT_HUSER_ERR, errno);
+	  else
+	    {
+	      /* kill daemon */
+	      send_event(event_fd, EVENT_DIE, 0);
+	      /* return error */
+	      send_event(err_fd, EVENT_HUSER_ERR, errno);;
+	    }
+	  _exit(0);
+	}
+    }
+
+  /* close all the sockets etc, we don't need them here. This closes err_fd, so that
+     main process can return. */
+  for (max_fd--; max_fd > 0; max_fd--)
+    if (max_fd != STDOUT_FILENO && max_fd != STDERR_FILENO && 
+	max_fd != STDIN_FILENO && max_fd != pipefd[0] && max_fd != event_fd)
+      close(max_fd);
+  
+  /* loop here */
+  while(1)
+    {
+      struct script_data data;
+      char *p, *action_str, *hostname = NULL;
+      unsigned char *buf = (unsigned char *)daemon->namebuff;
+      int err = 0;
+
+      /* we read zero bytes when pipe closed: this is our signal to exit */ 
+      if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
+	_exit(0);
+      
+      if (data.action == ACTION_DEL)
+	action_str = "del";
+      else if (data.action == ACTION_ADD)
+	action_str = "add";
+      else if (data.action == ACTION_OLD || data.action == ACTION_OLD_HOSTNAME)
+	action_str = "old";
+      else
+	continue;
+	
+      /* stringify MAC into dhcp_buff */
+      p = daemon->dhcp_buff;
+      if (data.hwaddr_type != ARPHRD_ETHER || data.hwaddr_len == 0) 
+	p += sprintf(p, "%.2x-", data.hwaddr_type);
+      for (i = 0; (i < data.hwaddr_len) && (i < DHCP_CHADDR_MAX); i++)
+	{
+	  p += sprintf(p, "%.2x", data.hwaddr[i]);
+	  if (i != data.hwaddr_len - 1)
+	    p += sprintf(p, ":");
+	}
+      
+      /* and CLID into packet */
+      if (!read_write(pipefd[0], buf, data.clid_len, 1))
+	continue;
+      for (p = daemon->packet, i = 0; i < data.clid_len; i++)
+	{
+	  p += sprintf(p, "%.2x", buf[i]);
+	  if (i != data.clid_len - 1) 
+	    p += sprintf(p, ":");
+	}
+      
+      /* and expiry or length into dhcp_buff2 */
+#ifdef HAVE_BROKEN_RTC
+      sprintf(daemon->dhcp_buff2, "%u ", data.length);
+#else
+      sprintf(daemon->dhcp_buff2, "%lu ", (unsigned long)data.expires);
+#endif
+      
+      if (!read_write(pipefd[0], buf, data.hostname_len + data.uclass_len + data.vclass_len, 1))
+	continue;
+      
+      /* possible fork errors are all temporary resource problems */
+      while ((pid = fork()) == -1 && (errno == EAGAIN || errno == ENOMEM))
+	sleep(2);
+      
+      if (pid == -1)
+	continue;
+	  
+      /* wait for child to complete */
+      if (pid != 0)
+	{
+	  /* reap our children's children, if necessary */
+	  while (1)
+	    {
+	      int status;
+	      pid_t rc = wait(&status);
+	      
+	      if (rc == pid)
+		{
+		  /* On error send event back to main process for logging */
+		  if (WIFSIGNALED(status))
+		    send_event(event_fd, EVENT_KILLED, WTERMSIG(status));
+		  else if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
+		    send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status));
+		  break;
+		}
+	      
+	      if (rc == -1 && errno != EINTR)
+		break;
+	    }
+	  
+	  continue;
+	}
+      
+      if (data.clid_len != 0)
+	my_setenv("DNSMASQ_CLIENT_ID", daemon->packet, &err);
+
+      if (strlen(data.interface) != 0)
+	my_setenv("DNSMASQ_INTERFACE", data.interface, &err);
+            
+#ifdef HAVE_BROKEN_RTC
+      my_setenv("DNSMASQ_LEASE_LENGTH", daemon->dhcp_buff2, &err);
+#else
+      my_setenv("DNSMASQ_LEASE_EXPIRES", daemon->dhcp_buff2, &err); 
+#endif
+      
+      if (data.vclass_len != 0)
+	{
+	  buf[data.vclass_len - 1] = 0; /* don't trust zero-term */
+	  /* cannot have = chars in env - truncate if found . */
+	  if ((p = strchr((char *)buf, '=')))
+	    *p = 0;
+	  my_setenv("DNSMASQ_VENDOR_CLASS", (char *)buf, &err);
+	  buf += data.vclass_len;
+	}
+      
+      if (data.uclass_len != 0)
+	{
+	  unsigned char *end = buf + data.uclass_len;
+	  buf[data.uclass_len - 1] = 0; /* don't trust zero-term */
+	  
+	  for (i = 0; buf < end;)
+	    {
+	      size_t len = strlen((char *)buf) + 1;
+	      if ((p = strchr((char *)buf, '=')))
+		*p = 0;
+	      if (strlen((char *)buf) != 0)
+		{
+		  sprintf(daemon->dhcp_buff2, "DNSMASQ_USER_CLASS%i", i++);
+		  my_setenv(daemon->dhcp_buff2, (char *)buf, &err);
+		}
+	      buf += len;
+	    }
+	}
+      
+      sprintf(daemon->dhcp_buff2, "%u ", data.remaining_time);
+      my_setenv("DNSMASQ_TIME_REMAINING", daemon->dhcp_buff2, &err);
+      
+      if (data.hostname_len != 0)
+	{
+	  hostname = (char *)buf;
+	  hostname[data.hostname_len - 1] = 0;
+	  if (!canonicalise(hostname))
+	    hostname = NULL;
+	}
+      
+      if (data.action == ACTION_OLD_HOSTNAME && hostname)
+	{
+	  my_setenv("DNSMASQ_OLD_HOSTNAME", hostname, &err);
+	  hostname = NULL;
+	}
+
+      /* we need to have the event_fd around if exec fails */
+      if ((i = fcntl(event_fd, F_GETFD)) != -1)
+	fcntl(event_fd, F_SETFD, i | FD_CLOEXEC);
+      close(pipefd[0]);
+
+      p =  strrchr(daemon->lease_change_command, '/');
+      if (err == 0)
+	{
+	  execl(daemon->lease_change_command, 
+		p ? p+1 : daemon->lease_change_command,
+		action_str, daemon->dhcp_buff, inet_ntoa(data.addr), hostname, (char*)NULL);
+	  err = errno;
+	}
+      /* failed, send event so the main process logs the problem */
+      send_event(event_fd, EVENT_EXEC_ERR, err);
+      _exit(0); 
+    }
+}
+
+static void my_setenv(const char *name, const char *value, int *error)
+{
+  if (*error == 0)
+    {
+#if defined(HAVE_SOLARIS_NETWORK) && !defined(HAVE_SOLARIS_PRIVS)
+      /* old Solaris is missing setenv..... */
+      char *p;
+      
+      if (!(p = malloc(strlen(name) + strlen(value) + 2)))
+	*error = ENOMEM;
+      else
+	{
+	  strcpy(p, name);
+	  strcat(p, "=");
+	  strcat(p, value);
+	  
+	  if (putenv(p) != 0)
+	    *error = errno;
+	}
+#else
+      if (setenv(name, value, 1) != 0)
+	*error = errno;
+#endif
+    }
+}
+ 
+/* pack up lease data into a buffer */    
+void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now)
+{
+  unsigned char *p;
+  size_t size;
+  unsigned int i, hostname_len = 0, clid_len = 0, vclass_len = 0, uclass_len = 0;
+
+  /* no script */
+  if (daemon->helperfd == -1)
+    return;
+
+  if (lease->vendorclass)
+    vclass_len = lease->vendorclass_len;
+  if (lease->userclass)
+    uclass_len = lease->userclass_len;
+  if (lease->clid)
+    clid_len = lease->clid_len;
+  if (hostname)
+    hostname_len = strlen(hostname) + 1;
+
+  size = sizeof(struct script_data) +  clid_len + vclass_len + uclass_len + hostname_len;
+
+  if (size > buf_size)
+    {
+      struct script_data *new;
+      
+      /* start with resonable size, will almost never need extending. */
+      if (size < sizeof(struct script_data) + 200)
+	size = sizeof(struct script_data) + 200;
+
+      if (!(new = whine_malloc(size)))
+	return;
+      if (buf)
+	free(buf);
+      buf = new;
+      buf_size = size;
+    }
+
+  buf->action = action;
+  buf->hwaddr_len = lease->hwaddr_len;
+  buf->hwaddr_type = lease->hwaddr_type;
+  buf->clid_len = clid_len;
+  buf->vclass_len = vclass_len;
+  buf->uclass_len = uclass_len;
+  buf->hostname_len = hostname_len;
+  buf->addr = lease->addr;
+  memcpy(buf->hwaddr, lease->hwaddr, lease->hwaddr_len);
+  buf->interface[0] = 0;
+#ifdef HAVE_LINUX_NETWORK
+  if (lease->last_interface != 0)
+    {
+      struct ifreq ifr;
+      ifr.ifr_ifindex = lease->last_interface;
+      if (ioctl(daemon->dhcpfd, SIOCGIFNAME, &ifr) != -1)
+	strncpy(buf->interface, ifr.ifr_name, IF_NAMESIZE);
+    }
+#else
+  if (lease->last_interface != 0)
+    if_indextoname(lease->last_interface, buf->interface);
+#endif
+  
+#ifdef HAVE_BROKEN_RTC 
+  buf->length = lease->length;
+#else
+  buf->expires = lease->expires;
+#endif
+  buf->remaining_time = (unsigned int)difftime(lease->expires, now);
+
+  p = (unsigned char *)(buf+1);
+  if (clid_len != 0)
+    {
+      memcpy(p, lease->clid, clid_len);
+      p += clid_len;
+    }
+  if (vclass_len != 0)
+    {
+      memcpy(p, lease->vendorclass, vclass_len);
+      p += vclass_len;
+    }
+  if (uclass_len != 0)
+    {
+      memcpy(p, lease->userclass, uclass_len);
+      p += uclass_len;
+    }
+  /* substitute * for space */
+  for (i = 0; i < hostname_len; i++)
+    if ((daemon->options & OPT_LEASE_RO) && hostname[i] == ' ')
+      *(p++) = '*';
+    else
+      *(p++) = hostname[i];
+  
+  bytes_in_buf = p - (unsigned char *)buf;
+}
+
+int helper_buf_empty(void)
+{
+  return bytes_in_buf == 0;
+}
+
+void helper_write(void)
+{
+  ssize_t rc;
+
+  if (bytes_in_buf == 0)
+    return;
+  
+  if ((rc = write(daemon->helperfd, buf, bytes_in_buf)) != -1)
+    {
+      if (bytes_in_buf != (size_t)rc)
+	memmove(buf, buf + rc, bytes_in_buf - rc); 
+      bytes_in_buf -= rc;
+    }
+  else
+    {
+      if (errno == EAGAIN || errno == EINTR)
+	return;
+      bytes_in_buf = 0;
+    }
+}
+
+#endif
+
+

src/isc.c

@@ -1,13 +1,17 @@
-/* dnsmasq is Copyright (c) 2000 - 2005 by Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 
@@ -17,6 +21,8 @@
 
 #ifdef HAVE_ISC_READER
 
+#define MAXTOK 50
+
 struct isc_lease {
   char *name, *fqdn;
   time_t expires;
@@ -55,7 +61,7 @@ static int next_token (char *token, int buffsize, FILE * fp)
   return count ? 1 : 0;
 }
 
-void load_dhcp(struct daemon *daemon, time_t now)
+void load_dhcp(time_t now)
 {
   char *hostname = daemon->namebuff;
   char token[MAXTOK], *dot;
@@ -68,7 +74,7 @@ void load_dhcp(struct daemon *daemon, time_t now)
   if (stat(daemon->lease_file, &statbuf) == -1)
     {
       if (!logged_lease)
-	syslog(LOG_WARNING, _("failed to access %s: %m"), daemon->lease_file);
+	my_syslog(LOG_WARNING, _("failed to access %s: %s"), daemon->lease_file, strerror(errno));
       logged_lease = 1;
       return;
     }
@@ -84,11 +90,11 @@ void load_dhcp(struct daemon *daemon, time_t now)
   
   if (!(fp = fopen (daemon->lease_file, "r")))
     {
-      syslog (LOG_ERR, _("failed to load %s: %m"), daemon->lease_file);
+      my_syslog (LOG_ERR, _("failed to load %s: %s"), daemon->lease_file, strerror(errno));
       return;
     }
   
-  syslog (LOG_INFO, _("reading %s"), daemon->lease_file);
+  my_syslog (LOG_INFO, _("reading %s"), daemon->lease_file);
 
   while ((next_token(token, MAXTOK, fp)))
     {
@@ -110,7 +116,7 @@ void load_dhcp(struct daemon *daemon, time_t now)
 			    if (!canonicalise(hostname))
 			      {
 				*hostname = 0;
-				syslog(LOG_ERR, _("bad name in %s"), daemon->lease_file); 
+				my_syslog(LOG_ERR, _("bad name in %s"), daemon->lease_file); 
 			      }
 			}
                       else if ((strcmp(token, "ends") == 0) ||
@@ -171,9 +177,9 @@ void load_dhcp(struct daemon *daemon, time_t now)
 		    { 
 		      if (!daemon->domain_suffix || hostname_isequal(dot+1, daemon->domain_suffix))
 			{
-			  syslog(LOG_WARNING, 
-				 _("Ignoring DHCP lease for %s because it has an illegal domain part"), 
-				 hostname);
+			  my_syslog(LOG_WARNING, 
+				    _("Ignoring DHCP lease for %s because it has an illegal domain part"), 
+				    hostname);
 			  continue;
 			}
 		      *dot = 0;
@@ -187,20 +193,20 @@ void load_dhcp(struct daemon *daemon, time_t now)
 			break;
 		      }
 
-		  if (!lease && (lease = malloc(sizeof(struct isc_lease))))
+		  if (!lease && (lease = whine_malloc(sizeof(struct isc_lease))))
 		    {
 		      lease->expires = ttd;
 		      lease->addr = host_address;
 		      lease->fqdn =  NULL;
 		      lease->next = leases;
-		      if (!(lease->name = malloc(strlen(hostname)+1)))
+		      if (!(lease->name = whine_malloc(strlen(hostname)+1)))
 			free(lease);
 		      else
 			{
 			  leases = lease;
 			  strcpy(lease->name, hostname);
 			  if (daemon->domain_suffix && 
-			      (lease->fqdn = malloc(strlen(hostname) + strlen(daemon->domain_suffix) + 2)))
+			      (lease->fqdn = whine_malloc(strlen(hostname) + strlen(daemon->domain_suffix) + 2)))
 			    {
 			      strcpy(lease->fqdn, hostname);
 			      strcat(lease->fqdn, ".");
@@ -237,8 +243,8 @@ void load_dhcp(struct daemon *daemon, time_t now)
 
   for (lease = leases; lease; lease = lease->next)
     {
-      cache_add_dhcp_entry(daemon, lease->fqdn, &lease->addr, lease->expires);
-      cache_add_dhcp_entry(daemon, lease->name, &lease->addr, lease->expires);
+      cache_add_dhcp_entry(lease->fqdn, &lease->addr, lease->expires);
+      cache_add_dhcp_entry(lease->name, &lease->addr, lease->expires);
     }
 }
 

src/lease.c

@@ -1,94 +1,144 @@
-/* dnsmasq is Copyright (c) 2000-2005 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-/* Author's email: simon@thekelleys.org.uk */
-
 #include "dnsmasq.h"
 
-static struct dhcp_lease *leases;
-static FILE *lease_file;
-static int dns_dirty;
-enum { no, yes, force } file_dirty;
-static int leases_left;
+static struct dhcp_lease *leases = NULL, *old_leases = NULL;
+static int dns_dirty, file_dirty, leases_left;
 
-void lease_init(struct daemon *daemon, time_t now)
+void lease_init(time_t now)
 {
-  unsigned int a0, a1, a2, a3;
   unsigned long ei;
-  time_t expires;
-  unsigned char hwaddr[ETHER_ADDR_LEN];
   struct in_addr addr;
   struct dhcp_lease *lease;
-  int clid_len = 0;
-  int has_old = 0;
-
-  leases = NULL;
+  int clid_len, hw_len, hw_type;
+  FILE *leasestream;
+  
+  /* These two each hold a DHCP option max size 255
+     and get a terminating zero added */
+  daemon->dhcp_buff = safe_malloc(256);
+  daemon->dhcp_buff2 = safe_malloc(256); 
+  
   leases_left = daemon->dhcp_max;
 
-  /* NOTE: need a+ mode to create file if it doesn't exist */
-  if (!(lease_file = fopen(daemon->lease_file, "a+")))
-    die(_("cannot open or create leases file: %s"), NULL);
-    
-  /* a+ mode lease pointer at end. */
-  rewind(lease_file);
-
-  /* client-id max length is 255 which is 255*2 digits + 254 colons 
-     borrow DNS packet buffer which is always larger than 1000 bytes */
-  while (fscanf(lease_file, "%lu %40s %d.%d.%d.%d %255s %764s",
-		&ei, daemon->dhcp_buff2, &a0, &a1, &a2, &a3, 
-		daemon->dhcp_buff, daemon->packet) == 8)
+  if (daemon->options & OPT_LEASE_RO)
     {
-#ifdef HAVE_BROKEN_RTC
-      if (ei)
-	expires = (time_t)ei + now;
-      else
-	expires = (time_t)0;
-#else 
-      /* strictly time_t is opaque, but this hack should work on all sane systems,
-	 even when sizeof(time_t) == 8 */
-      expires = (time_t)ei;
-      
-      if (ei != 0  && difftime(now, expires) > 0)
+      /* run "<lease_change_script> init" once to get the
+	 initial state of the database. If leasefile-ro is
+	 set without a script, we just do without any 
+	 lease database. */
+      if (!daemon->lease_change_command)
 	{
-	  has_old = 1;
-	  continue; /* expired */
+	  file_dirty = dns_dirty = 0;
+	  return;
 	}
-#endif
-
-      parse_hex(daemon->dhcp_buff2, hwaddr, ETHER_ADDR_LEN, NULL);
-      addr.s_addr = htonl((a0<<24) + (a1<<16) + (a2<<8) + a3);
-
-      /* decode hex in place */
-      if (strcmp(daemon->packet, "*") == 0)
-	clid_len = 0;
-      else
-	clid_len = parse_hex(daemon->packet, (unsigned char *)daemon->packet, 255, NULL);
+      strcpy(daemon->dhcp_buff, daemon->lease_change_command);
+      strcat(daemon->dhcp_buff, " init");
+      leasestream = popen(daemon->dhcp_buff, "r");
+    }
+  else
+    {
+      /* NOTE: need a+ mode to create file if it doesn't exist */
+      leasestream = daemon->lease_stream = fopen(daemon->lease_file, "a+");
       
-      if (!(lease = lease_allocate(hwaddr, (unsigned char *)daemon->packet, clid_len, addr)))
-	die (_("too many stored leases"), NULL);
+      if (!leasestream)
+	die(_("cannot open or create lease file %s: %s"), daemon->lease_file, EC_FILE);
       
-      lease->expires = expires;
-
-      if (strcmp(daemon->dhcp_buff, "*") !=  0)
-	  lease_set_hostname(lease, daemon->dhcp_buff, daemon->domain_suffix, 0);
+      /* a+ mode lease pointer at end. */
+      rewind(leasestream);
     }
   
-  dns_dirty = 1;
-  file_dirty = has_old ? yes: no;
+  /* client-id max length is 255 which is 255*2 digits + 254 colons 
+     borrow DNS packet buffer which is always larger than 1000 bytes */
+  if (leasestream)
+    while (fscanf(leasestream, "%lu %255s %16s %255s %764s",
+		  &ei, daemon->dhcp_buff2, daemon->namebuff, 
+		  daemon->dhcp_buff, daemon->packet) == 5)
+      {
+	hw_len = parse_hex(daemon->dhcp_buff2, (unsigned char *)daemon->dhcp_buff2, DHCP_CHADDR_MAX, NULL, &hw_type);
+	/* For backwards compatibility, no explict MAC address type means ether. */
+	if (hw_type == 0 && hw_len != 0)
+	  hw_type = ARPHRD_ETHER;
+	
+	addr.s_addr = inet_addr(daemon->namebuff);
+	
+	/* decode hex in place */
+	clid_len = 0;
+	if (strcmp(daemon->packet, "*") != 0)
+	  clid_len = parse_hex(daemon->packet, (unsigned char *)daemon->packet, 255, NULL, NULL);
+	
+	if (!(lease = lease_allocate(addr)))
+	  die (_("too many stored leases"), NULL, EC_MISC);
+       	
+#ifdef HAVE_BROKEN_RTC
+	if (ei != 0)
+	  lease->expires = (time_t)ei + now;
+	else
+	  lease->expires = (time_t)0;
+	lease->length = ei;
+#else
+	/* strictly time_t is opaque, but this hack should work on all sane systems,
+	   even when sizeof(time_t) == 8 */
+	lease->expires = (time_t)ei;
+#endif
+	
+	lease_set_hwaddr(lease, (unsigned char *)daemon->dhcp_buff2, (unsigned char *)daemon->packet, hw_len, hw_type, clid_len);
+	
+	if (strcmp(daemon->dhcp_buff, "*") !=  0)
+	  {
+	    char *p;
+	    /* unprotect spaces */
+	    for (p = strchr(daemon->dhcp_buff, '*'); p; p = strchr(p, '*'))
+	      *p = ' ';
+	    lease_set_hostname(lease, daemon->dhcp_buff, daemon->domain_suffix, 0);
+	  }
 
-  daemon->lease_fd = fileno(lease_file);
+	/* set these correctly: the "old" events are generated later from
+	   the startup synthesised SIGHUP. */
+	lease->new = lease->changed = 0;
+      }
+  
+  if (!daemon->lease_stream)
+    {
+      int rc = 0;
+
+      /* shell returns 127 for "command not found", 126 for bad permissions. */
+      if (!leasestream || (rc = pclose(leasestream)) == -1 || WEXITSTATUS(rc) == 127 || WEXITSTATUS(rc) == 126)
+	{
+	  if (WEXITSTATUS(rc) == 127)
+	    errno = ENOENT;
+	  else if (WEXITSTATUS(rc) == 126)
+	    errno = EACCES;
+	  die(_("cannot run lease-init script %s: %s"), daemon->lease_change_command, EC_FILE);
+	}
+      
+      if (WEXITSTATUS(rc) != 0)
+	{
+	  sprintf(daemon->dhcp_buff, "%d", WEXITSTATUS(rc));
+	  die(_("lease-init script returned exit code %s"), daemon->dhcp_buff, WEXITSTATUS(rc) + EC_INIT_OFFSET);
+	}
+    }
+
+  /* Some leases may have expired */
+  file_dirty = 0;
+  lease_prune(NULL, now);
+  dns_dirty = 1;
 }
 
-void lease_update_from_configs(struct daemon *daemon)
+void lease_update_from_configs(void)
 {
   /* changes to the config may change current leases. */
   
@@ -97,77 +147,115 @@ void lease_update_from_configs(struct daemon *daemon)
   char *name;
 
   for (lease = leases; lease; lease = lease->next)
-    if ((config = find_config(daemon->dhcp_conf, NULL, lease->clid, lease->clid_len, lease->hwaddr, NULL)) && 
+    if ((config = find_config(daemon->dhcp_conf, NULL, lease->clid, lease->clid_len, 
+			      lease->hwaddr, lease->hwaddr_len, lease->hwaddr_type, NULL)) && 
 	(config->flags & CONFIG_NAME) &&
 	(!(config->flags & CONFIG_ADDR) || config->addr.s_addr == lease->addr.s_addr))
       lease_set_hostname(lease, config->hostname, daemon->domain_suffix, 1);
-    else if ((name = host_from_dns(daemon, lease->addr)))
+    else if ((name = host_from_dns(lease->addr)))
       lease_set_hostname(lease, name, daemon->domain_suffix, 1); /* updates auth flag only */
 }
 
-void lease_update_file(int always, time_t now)
+static void ourprintf(int *errp, char *format, ...)
+{
+  va_list ap;
+  
+  va_start(ap, format);
+  if (!(*errp) && vfprintf(daemon->lease_stream, format, ap) < 0)
+    *errp = errno;
+  va_end(ap);
+}
+
+void lease_update_file(time_t now)
 {
   struct dhcp_lease *lease;
-  int i = always; /* avoid warning */
-  unsigned long expires;
+  time_t next_event;
+  int i, err = 0;
+  char *p;
 
-#ifdef HAVE_BROKEN_RTC
-  if (always || file_dirty == force)
+  if (file_dirty != 0 && daemon->lease_stream)
     {
-      lease_prune(NULL, now);
-#else
-  if (file_dirty != no)
-    {
-#endif
-      rewind(lease_file);
-      ftruncate(fileno(lease_file), 0);
+      errno = 0;
+      rewind(daemon->lease_stream);
+      if (errno != 0 || ftruncate(fileno(daemon->lease_stream), 0) != 0)
+	err = errno;
       
       for (lease = leases; lease; lease = lease->next)
 	{
 #ifdef HAVE_BROKEN_RTC
-	  if (lease->expires)
-	    expires = (unsigned long) difftime(lease->expires, now);
-	  else
-	    expires = 0;
+	  ourprintf(&err, "%u ", lease->length);
 #else
-	  expires = now; /* eliminate warning */
-	  expires = (unsigned long)lease->expires;
+	  ourprintf(&err, "%lu ", (unsigned long)lease->expires);
 #endif
-	  fprintf(lease_file, "%lu %.2x:%.2x:%.2x:%.2x:%.2x:%.2x %s %s ", 
-		  expires, lease->hwaddr[0], lease->hwaddr[1],
-		  lease->hwaddr[2], lease->hwaddr[3], lease->hwaddr[4],
-		  lease->hwaddr[5], inet_ntoa(lease->addr),
-		  lease->hostname && strlen(lease->hostname) != 0 ? lease->hostname : "*");
+	  if (lease->hwaddr_type != ARPHRD_ETHER || lease->hwaddr_len == 0) 
+	    ourprintf(&err, "%.2x-", lease->hwaddr_type);
+	  for (i = 0; i < lease->hwaddr_len; i++)
+	    {
+	      ourprintf(&err, "%.2x", lease->hwaddr[i]);
+	      if (i != lease->hwaddr_len - 1)
+		ourprintf(&err, ":");
+	    }
+
+	  ourprintf(&err, " %s ", inet_ntoa(lease->addr));
+	  
+	  /* substitute * for space: "*" is an illegal name, as is " " */
+	  if (lease->hostname)
+	    for (p = lease->hostname; *p; p++)
+	      ourprintf(&err, "%c", *p == ' ' ? '*' : *p);
+	  else
+	    ourprintf(&err, "*");
+	  ourprintf(&err, " ");
 	  
 	  if (lease->clid && lease->clid_len != 0)
 	    {
 	      for (i = 0; i < lease->clid_len - 1; i++)
-		fprintf(lease_file, "%.2x:", lease->clid[i]);
-	      fprintf(lease_file, "%.2x\n", lease->clid[i]);
+		ourprintf(&err, "%.2x:", lease->clid[i]);
+	      ourprintf(&err, "%.2x\n", lease->clid[i]);
 	    }
 	  else
-	    fprintf(lease_file, "*\n");
-	  
+	    ourprintf(&err, "*\n");	  
 	}
-
-      fflush(lease_file);
-      fsync(fileno(lease_file));
-      file_dirty = no;
+      
+      if (fflush(daemon->lease_stream) != 0 ||
+	  fsync(fileno(daemon->lease_stream)) < 0)
+	err = errno;
+      
+      if (!err)
+	file_dirty = 0;
     }
+  
+  /* Set alarm for when the first lease expires + slop. */
+  for (next_event = 0, lease = leases; lease; lease = lease->next)
+    if (lease->expires != 0 &&
+	(next_event == 0 || difftime(next_event, lease->expires + 10) > 0.0))
+      next_event = lease->expires + 10;
+   
+  if (err)
+    {
+      if (next_event == 0 || difftime(next_event, LEASE_RETRY + now) > 0.0)
+	next_event = LEASE_RETRY + now;
+      
+      my_syslog(LOG_ERR, _("failed to write %s: %s (retry in %us)"), 
+		daemon->lease_file, strerror(err),
+		(unsigned int)difftime(next_event, now));
+    }
+
+  if (next_event != 0)
+    alarm((unsigned)difftime(next_event, now)); 
 }
 
-void lease_update_dns(struct daemon *daemon)
+void lease_update_dns(void)
 {
   struct dhcp_lease *lease;
   
-  if (dns_dirty)
+  if (daemon->port != 0 && dns_dirty)
     {
       cache_unhash_dhcp();
       
       for (lease = leases; lease; lease = lease->next)
 	{
-	  cache_add_dhcp_entry(daemon, lease->fqdn, &lease->addr, lease->expires);
-	  cache_add_dhcp_entry(daemon, lease->hostname, &lease->addr, lease->expires);
+	  cache_add_dhcp_entry(lease->fqdn, &lease->addr, lease->expires);
+	  cache_add_dhcp_entry(lease->hostname, &lease->addr, lease->expires);
 	}
       
       dns_dirty = 0;
@@ -183,19 +271,17 @@ void lease_prune(struct dhcp_lease *target, time_t now)
       tmp = lease->next;
       if ((lease->expires != 0 && difftime(now, lease->expires) > 0) || lease == target)
 	{
-	  file_dirty = yes;
-
-	  *up = lease->next; /* unlink */
+	  file_dirty = 1;
 	  if (lease->hostname)
-	    {
-	      free(lease->hostname); 
-	      dns_dirty = 1;
-	    }
-	  if (lease->fqdn)
-	    free(lease->fqdn);
-	  if (lease->clid)
-	    free(lease->clid);
-	  free(lease);
+	    dns_dirty = 1;
+	  
+	  *up = lease->next; /* unlink */
+	  
+	  /* Put on old_leases list 'till we
+	     can run the script */
+	  lease->next = old_leases;
+	  old_leases = lease;
+	  
 	  leases_left++;
 	}
       else
@@ -204,7 +290,7 @@ void lease_prune(struct dhcp_lease *target, time_t now)
 } 
 	
   
-struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr,
+struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr, int hw_len, int hw_type,
 					unsigned char *clid, int clid_len)
 {
   struct dhcp_lease *lease;
@@ -217,7 +303,10 @@ struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr,
   
   for (lease = leases; lease; lease = lease->next)	
     if ((!lease->clid || !clid) && 
-	memcmp(hwaddr, lease->hwaddr, ETHER_ADDR_LEN) == 0)
+	hw_len != 0 && 
+	lease->hwaddr_len == hw_len &&
+	lease->hwaddr_type == hw_type &&
+	memcmp(hwaddr, lease->hwaddr, hw_len) == 0)
       return lease;
   
   return NULL;
@@ -235,51 +324,68 @@ struct dhcp_lease *lease_find_by_addr(struct in_addr addr)
 }
 
 
-struct dhcp_lease *lease_allocate(unsigned char *hwaddr, unsigned char *clid, 
-				  int clid_len, struct in_addr addr)
+struct dhcp_lease *lease_allocate(struct in_addr addr)
 {
   struct dhcp_lease *lease;
-  if (!leases_left || !(lease = malloc(sizeof(struct dhcp_lease))))
+  if (!leases_left || !(lease = whine_malloc(sizeof(struct dhcp_lease))))
     return NULL;
 
-  lease->clid = NULL;
-  lease->hostname = lease->fqdn = NULL;  
+  memset(lease, 0, sizeof(struct dhcp_lease));
+  lease->new = 1;
   lease->addr = addr;
-  memset(lease->hwaddr, 0, ETHER_ADDR_LEN);
+  lease->hwaddr_len = 256; /* illegal value */
   lease->expires = 1;
-  
-  if (!lease_set_hwaddr(lease, hwaddr, clid, clid_len))
-    {
-      free(lease);
-      return NULL;
-    }
-
+#ifdef HAVE_BROKEN_RTC
+  lease->length = 0xffffffff; /* illegal value */
+#endif
   lease->next = leases;
   leases = lease;
   
-  file_dirty = force;
+  file_dirty = 1;
   leases_left--;
 
   return lease;
 }
 
-void lease_set_expires(struct dhcp_lease *lease, time_t exp)
+void lease_set_expires(struct dhcp_lease *lease, unsigned int len, time_t now)
 {
+  time_t exp = now + (time_t)len;
+  
+  if (len == 0xffffffff)
+    {
+      exp = 0;
+      len = 0;
+    }
+  
   if (exp != lease->expires)
     {
-      file_dirty = yes;
       dns_dirty = 1;
+      lease->expires = exp;
+#ifndef HAVE_BROKEN_RTC
+      lease->aux_changed = file_dirty = 1;
+#endif
     }
-  lease->expires = exp;
-}
-
-int lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
-		      unsigned char *clid, int clid_len)
-{
-  if (memcmp(lease->hwaddr, hwaddr, ETHER_ADDR_LEN) != 0)
+  
+#ifdef HAVE_BROKEN_RTC
+  if (len != lease->length)
     {
-      file_dirty = force;
-      memcpy(lease->hwaddr, hwaddr, ETHER_ADDR_LEN);
+      lease->length = len;
+      lease->aux_changed = file_dirty = 1; 
+    }
+#endif
+} 
+
+void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
+		      unsigned char *clid, int hw_len, int hw_type, int clid_len)
+{
+  if (hw_len != lease->hwaddr_len ||
+      hw_type != lease->hwaddr_type || 
+      (hw_len != 0 && memcmp(lease->hwaddr, hwaddr, hw_len) != 0))
+    {
+      memcpy(lease->hwaddr, hwaddr, hw_len);
+      lease->hwaddr_len = hw_len;
+      lease->hwaddr_type = hw_type;
+      lease->changed = file_dirty = 1; /* run script on change */
     }
 
   /* only update clid when one is available, stops packets
@@ -292,20 +398,18 @@ int lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
 
       if (lease->clid_len != clid_len)
 	{
-	  file_dirty = force;
-	  if (lease->clid)
-	    free(lease->clid);
-	  if (!(lease->clid = malloc(clid_len)))
-	    return 0;
+	  lease->aux_changed = file_dirty = 1;
+	  free(lease->clid);
+	  if (!(lease->clid = whine_malloc(clid_len)))
+	    return;
 	}
       else if (memcmp(lease->clid, clid, clid_len) != 0)
-	file_dirty = force;
-
+	lease->aux_changed = file_dirty = 1;
+	  
       lease->clid_len = clid_len;
       memcpy(lease->clid, clid, clid_len);
     }
 
-  return 1;
 }
 
 void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix, int auth)
@@ -318,7 +422,7 @@ void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix, int
       lease->auth_name = auth;
       return;
     }
-
+  
   if (!name && !lease->hostname)
     return;
 
@@ -334,7 +438,10 @@ void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix, int
 	  {
 	    if (lease_tmp->auth_name && !auth)
 	      return;
-	    new_name = lease_tmp->hostname;
+	    /* this shouldn't happen unless updates are very quick and the
+	       script very slow, we just avoid a memory leak if it does. */
+	    free(lease_tmp->old_hostname);
+	    lease_tmp->old_hostname = lease_tmp->hostname;
 	    lease_tmp->hostname = NULL;
 	    if (lease_tmp->fqdn)
 	      {
@@ -344,10 +451,10 @@ void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix, int
 	    break;
 	  }
      
-      if (!new_name && (new_name = malloc(strlen(name) + 1)))
+      if (!new_name && (new_name = whine_malloc(strlen(name) + 1)))
 	strcpy(new_name, name);
       
-      if (suffix && !new_fqdn && (new_fqdn = malloc(strlen(name) + strlen(suffix) + 2)))
+      if (suffix && !new_fqdn && (new_fqdn = whine_malloc(strlen(name) + strlen(suffix) + 2)))
 	{
 	  strcpy(new_fqdn, name);
 	  strcat(new_fqdn, ".");
@@ -356,17 +463,115 @@ void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix, int
     }
 
   if (lease->hostname)
-    free(lease->hostname);
-  if (lease->fqdn)
-    free(lease->fqdn);
+    {
+      /* run script to say we lost our old name */
+      free(lease->old_hostname);
+      lease->old_hostname = lease->hostname;
+    }
+
+  free(lease->fqdn);
   
   lease->hostname = new_name;
   lease->fqdn = new_fqdn;
   lease->auth_name = auth;
   
-  file_dirty = force;
-  dns_dirty = 1;
+  file_dirty = 1;
+  dns_dirty = 1; 
+  lease->changed = 1; /* run script on change */
 }
 
+void lease_set_interface(struct dhcp_lease *lease, int interface)
+{
+  if (lease->last_interface == interface)
+    return;
 
+  lease->last_interface = interface;
+  lease->changed = 1;
+}
+
+void rerun_scripts(void)
+{
+  struct dhcp_lease *lease;
+  
+  for (lease = leases; lease; lease = lease->next)
+    lease->changed = 1;
+}
+
+/* deleted leases get transferred to the old_leases list.
+   remove them here, after calling the lease change
+   script. Also run the lease change script on new/modified leases.
+
+   Return zero if nothing to do. */
+int do_script_run(time_t now)
+{
+  struct dhcp_lease *lease;
+
+  if (old_leases)
+    {
+      lease = old_leases;
+                  
+      /* If the lease still has an old_hostname, do the "old" action on that first */
+      if (lease->old_hostname)
+	{
+#ifndef NO_FORK
+	  queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now);
+#endif
+	  free(lease->old_hostname);
+	  lease->old_hostname = NULL;
+	  return 1;
+	}
+      else 
+	{
+#ifndef NO_FORK
+	  queue_script(ACTION_DEL, lease, lease->hostname, now);
+#endif
+	  old_leases = lease->next;
+	  
+	  free(lease->hostname); 
+	  free(lease->fqdn);
+	  free(lease->clid);
+	  free(lease->vendorclass);
+	  free(lease->userclass);
+	  free(lease);
+	    
+	  return 1; 
+	}
+    }
+  
+  /* make sure we announce the loss of a hostname before its new location. */
+  for (lease = leases; lease; lease = lease->next)
+    if (lease->old_hostname)
+      {	
+#ifndef NO_FORK
+	queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now);
+#endif
+	free(lease->old_hostname);
+	lease->old_hostname = NULL;
+	return 1;
+      }
+  
+  for (lease = leases; lease; lease = lease->next)
+    if (lease->new || lease->changed || 
+	(lease->aux_changed && (daemon->options & OPT_LEASE_RO)))
+      {
+#ifndef NO_FORK
+	queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now);
+#endif
+	lease->new = lease->changed = lease->aux_changed = 0;
+	
+	/* these are used for the "add" call, then junked, since they're not in the database */
+	free(lease->vendorclass);
+	lease->vendorclass = NULL;
+	
+	free(lease->userclass);
+	lease->userclass = NULL;
+		
+	return 1;
+      }
+
+  return 0; /* nothing to do */
+}
+	  
+
+      
 

src/log.c

@@ -0,0 +1,406 @@
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+/* Implement logging to /dev/log asynchronously. If syslogd is 
+   making DNS lookups through dnsmasq, and dnsmasq blocks awaiting
+   syslogd, then the two daemons can deadlock. We get around this
+   by not blocking when talking to syslog, instead we queue up to 
+   MAX_LOGS messages. If more are queued, they will be dropped,
+   and the drop event itself logged. */
+
+/* The "wire" protocol for logging is defined in RFC 3164 */
+
+/* From RFC 3164 */
+#define MAX_MESSAGE 1024
+
+/* defaults in case we die() before we log_start() */
+static int log_fac = LOG_DAEMON;
+static int log_stderr = 0; 
+static int log_fd = -1;
+static int log_to_file = 0;
+static int entries_alloced = 0;
+static int entries_lost = 0;
+static int connection_good = 1;
+static int max_logs = 0;
+static int connection_type = SOCK_DGRAM;
+
+struct log_entry {
+  int offset, length;
+  pid_t pid; /* to avoid duplicates over a fork */
+  struct log_entry *next;
+  char payload[MAX_MESSAGE];
+};
+
+static struct log_entry *entries = NULL;
+static struct log_entry *free_entries = NULL;
+
+
+int log_start(struct passwd *ent_pw, int errfd)
+{
+  int ret = 0;
+
+  log_stderr = !!(daemon->options & OPT_DEBUG);
+
+  if (daemon->log_fac != -1)
+    log_fac = daemon->log_fac;
+#ifdef LOG_LOCAL0
+  else if (daemon->options & OPT_DEBUG)
+    log_fac = LOG_LOCAL0;
+#endif
+
+  if (daemon->log_file)
+    { 
+      log_to_file = 1;
+      daemon->max_logs = 0;
+    }
+  
+  max_logs = daemon->max_logs;
+
+  if (!log_reopen(daemon->log_file))
+    {
+      send_event(errfd, EVENT_LOG_ERR, errno);
+      _exit(0);
+    }
+
+  /* if queuing is inhibited, make sure we allocate
+     the one required buffer now. */
+  if (max_logs == 0)
+    {  
+      free_entries = safe_malloc(sizeof(struct log_entry));
+      free_entries->next = NULL;
+      entries_alloced = 1;
+    }
+
+  /* If we're running as root and going to change uid later,
+     change the ownership here so that the file is always owned by
+     the dnsmasq user. Then logrotate can just copy the owner.
+     Failure of the chown call is OK, (for instance when started as non-root) */
+  if (log_to_file && ent_pw && ent_pw->pw_uid != 0 && 
+      fchown(log_fd, ent_pw->pw_uid, -1) != 0)
+    ret = errno;
+
+  return ret;
+}
+
+int log_reopen(char *log_file)
+{
+  if (log_fd != -1)
+    close(log_fd);
+
+  /* NOTE: umask is set to 022 by the time this gets called */
+     
+  if (log_file)
+    {
+      log_fd = open(log_file, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);
+      return log_fd != -1;
+    }
+  else
+#ifdef HAVE_SOLARIS_NETWORK
+    /* Solaris logging is "different", /dev/log is not unix-domain socket.
+       Just leave log_fd == -1 and use the vsyslog call for everything.... */
+#   define _PATH_LOG ""  /* dummy */
+    log_fd = -1;
+#else
+    {
+       int flags;
+       log_fd = socket(AF_UNIX, connection_type, 0);
+      
+      if (log_fd == -1)
+	return 0;
+      
+      /* if max_logs is zero, leave the socket blocking */
+      if (max_logs != 0 && (flags = fcntl(log_fd, F_GETFL)) != -1)
+	fcntl(log_fd, F_SETFL, flags | O_NONBLOCK);
+    }
+#endif
+
+  return 1;
+}
+
+static void free_entry(void)
+{
+  struct log_entry *tmp = entries;
+  entries = tmp->next;
+  tmp->next = free_entries;
+  free_entries = tmp;
+}      
+
+static void log_write(void)
+{
+  ssize_t rc;
+   
+  while (entries)
+    {
+      /* Avoid duplicates over a fork() */
+      if (entries->pid != getpid())
+	{
+	  free_entry();
+	  continue;
+	}
+
+      connection_good = 1;
+
+      if ((rc = write(log_fd, entries->payload + entries->offset, entries->length)) != -1)
+	{
+	  entries->length -= rc;
+	  entries->offset += rc;
+	  if (entries->length == 0)
+	    {
+	      free_entry();
+	      if (entries_lost != 0)
+		{
+		  int e = entries_lost;
+		  entries_lost = 0; /* avoid wild recursion */
+		  my_syslog(LOG_WARNING, _("overflow: %d log entries lost"), e);
+		}	  
+	    }
+	  continue;
+	}
+      
+      if (errno == EINTR)
+	continue;
+
+      if (errno == EAGAIN)
+	return; /* syslogd busy, go again when select() or poll() says so */
+      
+      if (errno == ENOBUFS)
+	{
+	  connection_good = 0;
+	  return;
+	}
+
+      /* errors handling after this assumes sockets */ 
+      if (!log_to_file)
+	{
+	  /* Once a stream socket hits EPIPE, we have to close and re-open
+	     (we ignore SIGPIPE) */
+	  if (errno == EPIPE)
+	    {
+	      if (log_reopen(NULL))
+		continue;
+	    }
+	  else if (errno == ECONNREFUSED || 
+		   errno == ENOTCONN || 
+		   errno == EDESTADDRREQ || 
+		   errno == ECONNRESET)
+	    {
+	      /* socket went (syslogd down?), try and reconnect. If we fail,
+		 stop trying until the next call to my_syslog() 
+		 ECONNREFUSED -> connection went down
+		 ENOTCONN -> nobody listening
+		 (ECONNRESET, EDESTADDRREQ are *BSD equivalents) */
+	      
+	      struct sockaddr_un logaddr;
+	      
+#ifdef HAVE_SOCKADDR_SA_LEN
+	      logaddr.sun_len = sizeof(logaddr) - sizeof(logaddr.sun_path) + strlen(_PATH_LOG) + 1; 
+#endif
+	      logaddr.sun_family = AF_UNIX;
+	      strncpy(logaddr.sun_path, _PATH_LOG, sizeof(logaddr.sun_path));
+	      
+	      /* Got connection back? try again. */
+	      if (connect(log_fd, (struct sockaddr *)&logaddr, sizeof(logaddr)) != -1)
+		continue;
+	      
+	      /* errors from connect which mean we should keep trying */
+	      if (errno == ENOENT || 
+		  errno == EALREADY || 
+		  errno == ECONNREFUSED ||
+		  errno == EISCONN || 
+		  errno == EINTR ||
+		  errno == EAGAIN)
+		{
+		  /* try again on next syslog() call */
+		  connection_good = 0;
+		  return;
+		}
+	      
+	      /* try the other sort of socket... */
+	      if (errno == EPROTOTYPE)
+		{
+		  connection_type = connection_type == SOCK_DGRAM ? SOCK_STREAM : SOCK_DGRAM;
+		  if (log_reopen(NULL))
+		    continue;
+		}
+	    }
+	}
+
+      /* give up - fall back to syslog() - this handles out-of-space
+	 when logging to a file, for instance. */
+      log_fd = -1;
+      my_syslog(LOG_CRIT, _("log failed: %s"), strerror(errno));
+      return;
+    }
+}
+
+void my_syslog(int priority, const char *format, ...)
+{
+  va_list ap;
+  struct log_entry *entry;
+  time_t time_now;
+  char *p;
+  size_t len;
+  pid_t pid = getpid();
+
+  if (log_stderr) 
+    {
+      fprintf(stderr, "dnsmasq: ");
+      va_start(ap, format);
+      vfprintf(stderr, format, ap);
+      va_end(ap);
+      fputc('\n', stderr);
+    }
+
+  if (log_fd == -1)
+    {
+      /* fall-back to syslog if we die during startup or fail during running. */
+      static int isopen = 0;
+      if (!isopen)
+	{
+	  openlog("dnsmasq", LOG_PID, log_fac);
+	  isopen = 1;
+	}
+      va_start(ap, format);  
+      vsyslog(priority, format, ap);
+      va_end(ap);
+      return;
+    }
+  
+  if ((entry = free_entries))
+    free_entries = entry->next;
+  else if (entries_alloced < max_logs && (entry = malloc(sizeof(struct log_entry))))
+    entries_alloced++;
+  
+  if (!entry)
+    entries_lost++;
+  else
+    {
+      /* add to end of list, consumed from the start */
+      entry->next = NULL;
+      if (!entries)
+	entries = entry;
+      else
+	{
+	  struct log_entry *tmp;
+	  for (tmp = entries; tmp->next; tmp = tmp->next);
+	  tmp->next = entry;
+	}
+      
+      time(&time_now);
+      p = entry->payload;
+      if (!log_to_file)
+	p += sprintf(p, "<%d>", priority | log_fac);
+      
+      p += sprintf(p, "%.15s dnsmasq[%d]: ", ctime(&time_now) + 4, (int)pid);
+      len = p - entry->payload;
+      va_start(ap, format);  
+      len += vsnprintf(p, MAX_MESSAGE - len, format, ap) + 1; /* include zero-terminator */
+      va_end(ap);
+      entry->length = len > MAX_MESSAGE ? MAX_MESSAGE : len;
+      entry->offset = 0;
+      entry->pid = pid;
+
+      /* replace terminator with \n */
+      if (log_to_file)
+	entry->payload[entry->length - 1] = '\n';
+    }
+  
+  /* almost always, logging won't block, so try and write this now,
+     to save collecting too many log messages during a select loop. */
+  log_write();
+  
+  /* Since we're doing things asynchronously, a cache-dump, for instance,
+     can now generate log lines very fast. With a small buffer (desirable),
+     that means it can overflow the log-buffer very quickly,
+     so that the cache dump becomes mainly a count of how many lines 
+     overflowed. To avoid this, we delay here, the delay is controlled 
+     by queue-occupancy, and grows exponentially. The delay is limited to (2^8)ms.
+     The scaling stuff ensures that when the queue is bigger than 8, the delay
+     only occurs for the last 8 entries. Once the queue is full, we stop delaying
+     to preserve performance.
+  */
+
+  if (entries && max_logs != 0)
+    {
+      int d;
+      
+      for (d = 0,entry = entries; entry; entry = entry->next, d++);
+      
+      if (d == max_logs)
+	d = 0;
+      else if (max_logs > 8)
+	d -= max_logs - 8;
+
+      if (d > 0)
+	{
+	  struct timespec waiter;
+	  waiter.tv_sec = 0;
+	  waiter.tv_nsec = 1000000 << (d - 1); /* 1 ms */
+	  nanosleep(&waiter, NULL);
+      
+	  /* Have another go now */
+	  log_write();
+	}
+    } 
+}
+
+void set_log_writer(fd_set *set, int *maxfdp)
+{
+  if (entries && log_fd != -1 && connection_good)
+    {
+      FD_SET(log_fd, set);
+      bump_maxfd(log_fd, maxfdp);
+    }
+}
+
+void check_log_writer(fd_set *set)
+{
+  if (log_fd != -1 && (!set || FD_ISSET(log_fd, set)))
+    log_write();
+}
+
+void flush_log(void)
+{
+  /* block until queue empty */
+  if (log_fd != -1)
+    {
+      int flags;
+      if ((flags = fcntl(log_fd, F_GETFL)) != -1)
+	fcntl(log_fd, F_SETFL, flags & ~O_NONBLOCK);
+      log_write();
+      close(log_fd);
+    }
+}
+
+void die(char *message, char *arg1, int exit_code)
+{
+  char *errmess = strerror(errno);
+  
+  if (!arg1)
+    arg1 = errmess;
+
+  log_stderr = 1; /* print as well as log when we die.... */
+  fputc('\n', stderr); /* prettyfy  startup-script message */
+  my_syslog(LOG_CRIT, message, arg1, errmess);
+  
+  log_stderr = 0;
+  my_syslog(LOG_CRIT, _("FAILED to start up"));
+  flush_log();
+  
+  exit(exit_code);
+}

src/netlink.c

@@ -1,154 +1,261 @@
-/* dnsmasq is Copyright (c) 2000-2005 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-/* Author's email: simon@thekelleys.org.uk */
-
 #include "dnsmasq.h"
 
-#ifdef HAVE_RTNETLINK
+#ifdef HAVE_LINUX_NETWORK
 
 #include <linux/types.h>
 #include <linux/netlink.h>
 #include <linux/rtnetlink.h>
 
-int netlink_init(void)
+/* linux 2.6.19 buggers up the headers, patch it up here. */ 
+#ifndef IFA_RTA
+#  define IFA_RTA(r)  \
+       ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
+
+#  include <linux/if_addr.h>
+#endif
+
+static struct iovec iov;
+
+static void nl_err(struct nlmsghdr *h);
+static void nl_routechange(struct nlmsghdr *h);
+
+void netlink_init(void)
 {
   struct sockaddr_nl addr;
-  int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
-  
-  if (sock < 0)
-    return -1; /* no kernel support */
 
   addr.nl_family = AF_NETLINK;
   addr.nl_pad = 0;
-  addr.nl_pid = getpid();
-  addr.nl_groups = 0;
+  addr.nl_pid = 0; /* autobind */
+#ifdef HAVE_IPV6
+  addr.nl_groups = RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE;
+#else
+  addr.nl_groups = RTMGRP_IPV4_ROUTE;
+#endif
   
-  if (bind(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-    die(_("cannot bind netlink socket: %s"), NULL);
+  /* May not be able to have permission to set multicast groups don't die in that case */
+  if ((daemon->netlinkfd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) != -1)
+    {
+      if (bind(daemon->netlinkfd, (struct sockaddr *)&addr, sizeof(addr)) == -1)
+	{
+	  addr.nl_groups = 0;
+	  if (errno != EPERM || bind(daemon->netlinkfd, (struct sockaddr *)&addr, sizeof(addr)) == -1)
+	    daemon->netlinkfd = -1;
+	}
+    }
   
-  return sock;
+  if (daemon->netlinkfd == -1)
+    die(_("cannot create netlink socket: %s"), NULL, EC_MISC);
+  
+  iov.iov_len = 200;
+  iov.iov_base = safe_malloc(iov.iov_len);
 }
 
+static ssize_t netlink_recv(void)
+{
+  struct msghdr msg;
+  ssize_t rc;
 
-/* We borrow the DNS packet buffer here. (The DHCP one already has a packet in it)
-   Since it's used only within this routine, that's fine, just remember 
-   that calling icmp_echo() will trash it */
-int netlink_process(struct daemon *daemon, int index, struct in_addr relay, 
-		    struct in_addr primary, struct dhcp_context **retp)
+  msg.msg_control = NULL;
+  msg.msg_controllen = 0;
+  msg.msg_name = NULL;
+  msg.msg_namelen = 0;
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+    
+  while (1)
+    {
+      msg.msg_flags = 0;
+      while ((rc = recvmsg(daemon->netlinkfd, &msg, MSG_PEEK)) == -1 && errno == EINTR);
+      
+      /* 2.2.x doesn't suport MSG_PEEK at all, returning EOPNOTSUPP, so we just grab a 
+	 big buffer and pray in that case. */
+      if (rc == -1 && errno == EOPNOTSUPP)
+	{
+	  if (!expand_buf(&iov, 2000))
+	    return -1;
+	  break;
+	}
+      
+      if (rc == -1 || !(msg.msg_flags & MSG_TRUNC))
+        break;
+            
+      if (!expand_buf(&iov, iov.iov_len + 100))
+	return -1;
+    }
+
+  /* finally, read it for real */
+  while ((rc = recvmsg(daemon->netlinkfd, &msg, 0)) == -1 && errno == EINTR);
+  
+  return rc;
+}
+  
+int iface_enumerate(void *parm, int (*ipv4_callback)(), int (*ipv6_callback)())
 {
   struct sockaddr_nl addr;
   struct nlmsghdr *h;
-  int len, found_primary = 0;
-  struct dhcp_context *ret = NULL;
+  ssize_t len;
   static unsigned int seq = 0;
+  int family = AF_INET;
 
   struct {
     struct nlmsghdr nlh;
     struct rtgenmsg g; 
   } req;
 
-  if (daemon->netlinkfd == -1)
-    return 0;
-
   addr.nl_family = AF_NETLINK;
   addr.nl_pad = 0;
   addr.nl_groups = 0;
   addr.nl_pid = 0; /* address to kernel */
 
+ again:
   req.nlh.nlmsg_len = sizeof(req);
   req.nlh.nlmsg_type = RTM_GETADDR;
-  req.nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST;
+  req.nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST | NLM_F_ACK; 
   req.nlh.nlmsg_pid = 0;
   req.nlh.nlmsg_seq = ++seq;
-  req.g.rtgen_family = AF_INET; 
+  req.g.rtgen_family = family; 
 
   /* Don't block in recvfrom if send fails */
   while((len = sendto(daemon->netlinkfd, (void *)&req, sizeof(req), 0, 
 		      (struct sockaddr *)&addr, sizeof(addr))) == -1 && retry_send());
-
-  if (len == -1)
-    {
-      /* if RTnetlink not configured in the kernel, don't keep trying. */
-      if (errno == ECONNREFUSED)
-	{
-	  close(daemon->netlinkfd);
-	  daemon->netlinkfd = -1;
-	}
-      return 0;
-    }
-
- get_next:
-  while((len = recvfrom(daemon->netlinkfd, daemon->packet, daemon->packet_buff_sz, 
-			MSG_WAITALL, NULL, 0)) == -1 && retry_send());
- 
+  
   if (len == -1)
     return 0;
-  
-  h = (struct nlmsghdr *)daemon->packet;
-
-  while (NLMSG_OK(h, (unsigned int)len))
+    
+  while (1)
     {
-          
-      if (h->nlmsg_seq != seq)
-	goto get_next;
-	
-      if (h->nlmsg_type == NLMSG_DONE)
-	break;
-
-      if (h->nlmsg_type == NLMSG_ERROR)
+      if ((len = netlink_recv()) == -1)
 	return 0;
-      
-      if (h->nlmsg_type == RTM_NEWADDR)
-	{
-	  struct ifaddrmsg *ifa = NLMSG_DATA(h);
-	  
-	  if (ifa->ifa_index == index && ifa->ifa_family == AF_INET)
-	    {
-	      struct rtattr *rta = IFA_RTA(ifa);
-	      unsigned int len1 = h->nlmsg_len - NLMSG_LENGTH(sizeof(*ifa));
-	      struct in_addr netmask, addr, broadcast;
-	      
-	      netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen));
-	      addr.s_addr = 0;
-	      broadcast.s_addr = 0;
-	      
-	      while (RTA_OK(rta, len1))
-		{
-		  if (rta->rta_type == IFA_LOCAL)
-		    addr = *((struct in_addr *)(rta+1));
-		  else if (rta->rta_type == IFA_BROADCAST)
-		    broadcast = *((struct in_addr *)(rta+1));
-		  
-		  rta = RTA_NEXT(rta, len1);
-		}
-	      
-	      if (addr.s_addr)
-		{
-		  ret = complete_context(daemon, addr, ret, netmask, broadcast, relay, primary);	
-		  if (addr.s_addr == primary.s_addr)
-		    found_primary = 1;
-		}
-	    }
-	}
-
-      h = NLMSG_NEXT(h, len);
+  
+      for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+ 	if (h->nlmsg_type == NLMSG_ERROR)
+	  nl_err(h);
+	else if (h->nlmsg_seq != seq)
+	  nl_routechange(h); /* May be multicast arriving async */
+	else if (h->nlmsg_type == NLMSG_DONE)
+	  {
+#ifdef HAVE_IPV6
+	    if (family == AF_INET && ipv6_callback)
+	      {
+		family = AF_INET6;
+		goto again;
+	      }
+#endif
+	    return 1;
+	  }
+	else if (h->nlmsg_type == RTM_NEWADDR)
+	  {
+	    struct ifaddrmsg *ifa = NLMSG_DATA(h);  
+	    struct rtattr *rta = IFA_RTA(ifa);
+	    unsigned int len1 = h->nlmsg_len - NLMSG_LENGTH(sizeof(*ifa));
+	    
+	    if (ifa->ifa_family == AF_INET)
+	      {
+		struct in_addr netmask, addr, broadcast;
+		
+		netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen));
+		addr.s_addr = 0;
+		broadcast.s_addr = 0;
+		
+		while (RTA_OK(rta, len1))
+		  {
+		    if (rta->rta_type == IFA_LOCAL)
+		      addr = *((struct in_addr *)(rta+1));
+		    else if (rta->rta_type == IFA_BROADCAST)
+		      broadcast = *((struct in_addr *)(rta+1));
+		    
+		    rta = RTA_NEXT(rta, len1);
+		  }
+		
+		if (addr.s_addr && ipv4_callback)
+		  if (!((*ipv4_callback)(addr, ifa->ifa_index, netmask, broadcast, parm)))
+		    return 0;
+	      }
+#ifdef HAVE_IPV6
+	    else if (ifa->ifa_family == AF_INET6)
+	      {
+		struct in6_addr *addrp = NULL;
+		while (RTA_OK(rta, len1))
+		  {
+		    if (rta->rta_type == IFA_ADDRESS)
+		      addrp = ((struct in6_addr *)(rta+1)); 
+		    
+		    rta = RTA_NEXT(rta, len1);
+		  }
+		
+		if (addrp && ipv6_callback)
+		  if (!((*ipv6_callback)(addrp, ifa->ifa_index, ifa->ifa_index, parm)))
+		    return 0;
+	      }
+#endif
+	  }
     }
-
-  *retp = ret;
-
-  return found_primary;
 }
 
+void netlink_multicast(void)
+{
+  ssize_t len;
+  struct nlmsghdr *h;
+  
+  if ((len = netlink_recv()) != -1)
+    {
+      for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+	if (h->nlmsg_type == NLMSG_ERROR)
+	  nl_err(h);
+	else
+	  nl_routechange(h);
+    }
+}
+
+static void nl_err(struct nlmsghdr *h)
+{
+  struct nlmsgerr *err = NLMSG_DATA(h);
+  if (err->error != 0)
+    my_syslog(LOG_ERR, _("netlink returns error: %s"), strerror(-(err->error)));
+}
+
+/* We arrange to receive netlink multicast messages whenever the network route is added.
+   If this happens and we still have a DNS packet in the buffer, we re-send it.
+   This helps on DoD links, where frequently the packet which triggers dialling is
+   a DNS query, which then gets lost. By re-sending, we can avoid the lookup
+   failing. */ 
+static void nl_routechange(struct nlmsghdr *h)
+{
+  if (h->nlmsg_type == RTM_NEWROUTE && daemon->srv_save)
+    {
+      struct rtmsg *rtm = NLMSG_DATA(h);
+      int fd;
+
+      if (rtm->rtm_type != RTN_UNICAST || rtm->rtm_scope != RT_SCOPE_LINK)
+	return;
+
+      if (daemon->srv_save->sfd)
+	fd = daemon->srv_save->sfd->fd;
+      else if (daemon->rfd_save && daemon->rfd_save->refcount != 0)
+	fd = daemon->rfd_save->fd;
+      else
+	return;
+
+      while(sendto(fd, daemon->packet, daemon->packet_len, 0,
+		   &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
+    }
+}
 #endif
 
       

src/tftp.c

@@ -0,0 +1,590 @@
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+#ifdef HAVE_TFTP
+
+static struct tftp_file *check_tftp_fileperm(ssize_t *len);
+static void free_transfer(struct tftp_transfer *transfer);
+static ssize_t tftp_err(int err, char *packet, char *mess, char *file);
+static ssize_t tftp_err_oops(char *packet, char *file);
+static ssize_t get_block(char *packet, struct tftp_transfer *transfer);
+static char *next(char **p, char *end);
+
+#define OP_RRQ  1
+#define OP_WRQ  2
+#define OP_DATA 3
+#define OP_ACK  4
+#define OP_ERR  5
+#define OP_OACK 6
+
+#define ERR_NOTDEF 0
+#define ERR_FNF    1
+#define ERR_PERM   2
+#define ERR_FULL   3
+#define ERR_ILL    4
+
+void tftp_request(struct listener *listen, time_t now)
+{
+  ssize_t len;
+  char *packet = daemon->packet;
+  char *filename, *mode, *p, *end, *opt;
+  struct sockaddr_in addr, peer;
+  struct msghdr msg;
+  struct cmsghdr *cmptr;
+  struct iovec iov;
+  struct ifreq ifr;
+  int is_err = 1, if_index = 0;
+  struct iname *tmp;
+  struct tftp_transfer *transfer;
+  int port = daemon->start_tftp_port; /* may be zero to use ephemeral port */
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+  int mtu = IP_PMTUDISC_DONT;
+#endif
+  
+  union {
+    struct cmsghdr align; /* this ensures alignment */
+#if defined(HAVE_LINUX_NETWORK)
+    char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
+#elif defined(HAVE_SOLARIS_NETWORK)
+    char control[CMSG_SPACE(sizeof(unsigned int))];
+#else
+    char control[CMSG_SPACE(sizeof(struct sockaddr_dl))];
+#endif
+  } control_u; 
+
+  msg.msg_controllen = sizeof(control_u);
+  msg.msg_control = control_u.control;
+  msg.msg_flags = 0;
+  msg.msg_name = &peer;
+  msg.msg_namelen = sizeof(peer);
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+
+  iov.iov_base = packet;
+  iov.iov_len = daemon->packet_buff_sz;
+
+  /* we overwrote the buffer... */
+  daemon->srv_save = NULL;
+
+  if ((len = recvmsg(listen->tftpfd, &msg, 0)) < 2)
+    return;
+  
+  if (daemon->options & OPT_NOWILD)
+    addr = listen->iface->addr.in;
+  else
+    {
+      addr.sin_addr.s_addr = 0;
+      
+#if defined(HAVE_LINUX_NETWORK)
+      for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+	if (cmptr->cmsg_level == SOL_IP && cmptr->cmsg_type == IP_PKTINFO)
+	  {
+	    addr.sin_addr = ((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_spec_dst;
+	    if_index = ((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_ifindex;
+	  }
+      if (!(ifr.ifr_ifindex = if_index) || 
+	  ioctl(listen->tftpfd, SIOCGIFNAME, &ifr) == -1)
+	return;
+      
+#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
+      for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+	if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVDSTADDR)
+	  addr.sin_addr = *((struct in_addr *)CMSG_DATA(cmptr));
+	else if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
+#ifdef HAVE_SOLARIS_NETWORK
+	  if_index = *((unsigned int *)CMSG_DATA(cmptr));
+#else
+          if_index = ((struct sockaddr_dl *)CMSG_DATA(cmptr))->sdl_index;
+#endif
+      
+      if (if_index == 0 || !if_indextoname(if_index, ifr.ifr_name))
+	return;
+      
+#endif
+      
+      if (addr.sin_addr.s_addr == 0)
+	return;
+      
+      if (!iface_check(AF_INET, (struct all_addr *)&addr.sin_addr, 
+		       &ifr, &if_index))
+	return;
+      
+      /* allowed interfaces are the same as for DHCP */
+      for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
+	if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
+	  return;
+      
+    }
+  
+  addr.sin_port = htons(port);
+  addr.sin_family = AF_INET;
+#ifdef HAVE_SOCKADDR_SA_LEN
+  addr.sin_len = sizeof(addr);
+#endif
+  
+  if (!(transfer = whine_malloc(sizeof(struct tftp_transfer))))
+    return;
+  
+  if ((transfer->sockfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+    {
+      free(transfer);
+      return;
+    }
+  
+  transfer->peer = peer;
+  transfer->timeout = now + 2;
+  transfer->backoff = 1;
+  transfer->block = 1;
+  transfer->blocksize = 512;
+  transfer->offset = 0;
+  transfer->file = NULL;
+  transfer->opt_blocksize = transfer->opt_transize = 0;
+  transfer->netascii = transfer->carrylf = 0;
+
+  /* if we have a nailed-down range, iterate until we find a free one. */
+  while (1)
+    {
+      if (bind(transfer->sockfd, (struct sockaddr *)&addr, sizeof(addr)) == -1 ||
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+	  setsockopt(transfer->sockfd, SOL_IP, IP_MTU_DISCOVER, &mtu, sizeof(mtu)) == -1 ||
+#endif
+	  !fix_fd(transfer->sockfd))
+	{
+	  if (errno == EADDRINUSE && daemon->start_tftp_port != 0)
+	    {
+	      if (++port <= daemon->end_tftp_port)
+		{ 
+		  addr.sin_port = htons(port);
+		  continue;
+		}
+	      my_syslog(LOG_ERR, _("unable to get free port for TFTP"));
+	    }
+	  free_transfer(transfer);
+	  return;
+	}
+      break;
+    }
+  
+  p = packet + 2;
+  end = packet + len;
+
+  if (ntohs(*((unsigned short *)packet)) != OP_RRQ ||
+      !(filename = next(&p, end)) ||
+      !(mode = next(&p, end)) ||
+      (strcasecmp(mode, "octet") != 0 && strcasecmp(mode, "netascii") != 0))
+    len = tftp_err(ERR_ILL, packet, _("unsupported request from %s"), inet_ntoa(peer.sin_addr));
+  else
+    {
+      if (strcasecmp(mode, "netascii") == 0)
+	transfer->netascii = 1;
+      
+      while ((opt = next(&p, end)))
+	{
+	  if (strcasecmp(opt, "blksize") == 0 &&
+	      (opt = next(&p, end)) &&
+	      !(daemon->options & OPT_TFTP_NOBLOCK))
+	    {
+	      transfer->blocksize = atoi(opt);
+	      if (transfer->blocksize < 1)
+		transfer->blocksize = 1;
+	      if (transfer->blocksize > (unsigned)daemon->packet_buff_sz - 4)
+		transfer->blocksize = (unsigned)daemon->packet_buff_sz - 4;
+	      transfer->opt_blocksize = 1;
+	      transfer->block = 0;
+	    }
+	  
+	  if (strcasecmp(opt, "tsize") == 0 && next(&p, end) && !transfer->netascii)
+	    {
+	      transfer->opt_transize = 1;
+	      transfer->block = 0;
+	    }
+	}
+
+      strcpy(daemon->namebuff, "/");
+      if (daemon->tftp_prefix)
+	{
+	  if (daemon->tftp_prefix[0] == '/')
+	    daemon->namebuff[0] = 0;
+	  strncat(daemon->namebuff, daemon->tftp_prefix, MAXDNAME);
+	  if (daemon->tftp_prefix[strlen(daemon->tftp_prefix)-1] != '/')
+	    strncat(daemon->namebuff, "/", MAXDNAME);
+
+	  if (daemon->options & OPT_TFTP_APREF)
+	    {
+	      size_t oldlen = strlen(daemon->namebuff);
+	      struct stat statbuf;
+	      
+	      strncat(daemon->namebuff, inet_ntoa(peer.sin_addr), MAXDNAME);
+	      strncat(daemon->namebuff, "/", MAXDNAME);
+	      
+	      /* remove unique-directory if it doesn't exist */
+	      if (stat(daemon->namebuff, &statbuf) == -1 || !S_ISDIR(statbuf.st_mode))
+		daemon->namebuff[oldlen] = 0;
+	    }
+		
+	  /* Absolute pathnames OK if they match prefix */
+	  if (filename[0] == '/')
+	    {
+	      if (strstr(filename, daemon->namebuff) == filename)
+		daemon->namebuff[0] = 0;
+	      else
+		filename++;
+	    }
+	}
+      else if (filename[0] == '/')
+	daemon->namebuff[0] = 0;
+      strncat(daemon->namebuff, filename, MAXDNAME);
+      daemon->namebuff[MAXDNAME-1] = 0;
+
+      /* check permissions and open file */
+      if ((transfer->file = check_tftp_fileperm(&len)))
+	{
+	  if ((len = get_block(packet, transfer)) == -1)
+	    len = tftp_err_oops(packet, daemon->namebuff);
+	  else
+	    is_err = 0;
+	}
+    }
+  
+  while (sendto(transfer->sockfd, packet, len, 0, 
+		(struct sockaddr *)&peer, sizeof(peer)) == -1 && errno == EINTR);
+  
+  if (is_err)
+    free_transfer(transfer);
+  else
+    {
+      my_syslog(LOG_INFO, _("TFTP sent %s to %s"), daemon->namebuff, inet_ntoa(peer.sin_addr));
+      transfer->next = daemon->tftp_trans;
+      daemon->tftp_trans = transfer;
+    }
+}
+ 
+static struct tftp_file *check_tftp_fileperm(ssize_t *len)
+{
+  char *packet = daemon->packet, *namebuff = daemon->namebuff;
+  struct tftp_file *file;
+  struct tftp_transfer *t;
+  uid_t uid = geteuid();
+  struct stat statbuf;
+  int fd = -1;
+
+  /* trick to ban moving out of the subtree */
+  if (daemon->tftp_prefix && strstr(namebuff, "/../"))
+    goto perm;
+  
+  if ((fd = open(namebuff, O_RDONLY)) == -1)
+    {
+      if (errno == ENOENT)
+	{
+	  *len = tftp_err(ERR_FNF, packet, _("file %s not found"), namebuff);
+	  return NULL;
+	}
+      else if (errno == EACCES)
+	goto perm;
+      else
+	goto oops;
+    }
+  
+  /* stat the file descriptor to avoid stat->open races */
+  if (fstat(fd, &statbuf) == -1)
+    goto oops;
+  
+  /* running as root, must be world-readable */
+  if (uid == 0)
+    {
+      if (!(statbuf.st_mode & S_IROTH))
+	goto perm;
+    }
+  /* in secure mode, must be owned by user running dnsmasq */
+  else if ((daemon->options & OPT_TFTP_SECURE) && uid != statbuf.st_uid)
+    goto perm;
+      
+  /* If we're doing many tranfers from the same file, only 
+     open it once this saves lots of file descriptors 
+     when mass-booting a big cluster, for instance. 
+     Be conservative and only share when inode and name match
+     this keeps error messages sane. */
+  for (t = daemon->tftp_trans; t; t = t->next)
+    if (t->file->dev == statbuf.st_dev && 
+	t->file->inode == statbuf.st_ino &&
+	strcmp(t->file->filename, namebuff) == 0)
+      {
+	close(fd);
+	t->file->refcount++;
+	return t->file;
+      }
+  
+  if (!(file = whine_malloc(sizeof(struct tftp_file) + strlen(namebuff) + 1)))
+    {
+      errno = ENOMEM;
+      goto oops;
+    }
+
+  file->fd = fd;
+  file->size = statbuf.st_size;
+  file->dev = statbuf.st_dev;
+  file->inode = statbuf.st_ino;
+  file->refcount = 1;
+  strcpy(file->filename, namebuff);
+  return file;
+  
+ perm:
+  errno = EACCES;
+  *len =  tftp_err(ERR_PERM, packet, _("cannot access %s: %s"), namebuff);
+  if (fd != -1)
+    close(fd);
+  return NULL;
+
+ oops:
+  *len =  tftp_err_oops(packet, namebuff);
+  if (fd != -1)
+    close(fd);
+  return NULL;
+}
+
+void check_tftp_listeners(fd_set *rset, time_t now)
+{
+  struct tftp_transfer *transfer, *tmp, **up;
+  ssize_t len;
+  
+  struct ack {
+    unsigned short op, block;
+  } *mess = (struct ack *)daemon->packet;
+  
+  /* Check for activity on any existing transfers */
+  for (transfer = daemon->tftp_trans, up = &daemon->tftp_trans; transfer; transfer = tmp)
+    {
+      tmp = transfer->next;
+      
+      if (FD_ISSET(transfer->sockfd, rset))
+	{
+	  /* we overwrote the buffer... */
+	  daemon->srv_save = NULL;
+	  
+	  if ((len = recv(transfer->sockfd, daemon->packet, daemon->packet_buff_sz, 0)) >= (ssize_t)sizeof(struct ack))
+	    {
+	      if (ntohs(mess->op) == OP_ACK && ntohs(mess->block) == (unsigned short)transfer->block) 
+		{
+		  /* Got ack, ensure we take the (re)transmit path */
+		  transfer->timeout = now;
+		  transfer->backoff = 0;
+		  if (transfer->block++ != 0)
+		    transfer->offset += transfer->blocksize - transfer->expansion;
+		}
+	      else if (ntohs(mess->op) == OP_ERR)
+		{
+		  char *p = daemon->packet + sizeof(struct ack);
+		  char *end = daemon->packet + len;
+		  char *err = next(&p, end);
+		  /* Sanitise error message */
+		  if (!err)
+		    err = "";
+		  else
+		    {
+		      char *q, *r;
+		      for (q = r = err; *r; r++)
+			if (isprint((int)*r))
+			  *(q++) = *r;
+		      *q = 0;
+		    }
+		  my_syslog(LOG_ERR, _("TFTP error %d %s received from %s"),
+			    (int)ntohs(mess->block), err, 
+			    inet_ntoa(transfer->peer.sin_addr));	
+		  
+		  /* Got err, ensure we take abort */
+		  transfer->timeout = now;
+		  transfer->backoff = 100;
+		}
+	    }
+	}
+      
+      if (difftime(now, transfer->timeout) >= 0.0)
+	{
+	  int endcon = 0;
+
+	  /* timeout, retransmit */
+	  transfer->timeout += 1 + (1<<transfer->backoff);
+	  	  
+	  /* we overwrote the buffer... */
+	  daemon->srv_save = NULL;
+	 
+	  if ((len = get_block(daemon->packet, transfer)) == -1)
+	    {
+	      len = tftp_err_oops(daemon->packet, transfer->file->filename);
+	      endcon = 1;
+	    }
+	  else if (++transfer->backoff > 5)
+	    {
+	      /* don't complain about timeout when we're awaiting the last
+		 ACK, some clients never send it */
+	      if (len != 0)
+		my_syslog(LOG_ERR, _("TFTP failed sending %s to %s"), 
+			  transfer->file->filename, inet_ntoa(transfer->peer.sin_addr));
+	      len = 0;
+	    }
+	  
+	  if (len != 0)
+	    while(sendto(transfer->sockfd, daemon->packet, len, 0, 
+			 (struct sockaddr *)&transfer->peer, sizeof(transfer->peer)) == -1 && errno == EINTR);
+	  
+	  if (endcon || len == 0)
+	    {
+	      /* unlink */
+	      *up = tmp;
+	      free_transfer(transfer);
+	      continue;
+	    }
+	}
+
+      up = &transfer->next;
+    }
+}
+
+static void free_transfer(struct tftp_transfer *transfer)
+{
+  close(transfer->sockfd);
+  if (transfer->file && (--transfer->file->refcount) == 0)
+    {
+      close(transfer->file->fd);
+      free(transfer->file);
+    }
+  free(transfer);
+}
+
+static char *next(char **p, char *end)
+{
+  char *ret = *p;
+  size_t len;
+
+  if (*(end-1) != 0 || 
+      *p == end ||
+      (len = strlen(ret)) == 0)
+    return NULL;
+
+  *p += len + 1;
+  return ret;
+}
+
+static ssize_t tftp_err(int err, char *packet, char *message, char *file)
+{
+  struct errmess {
+    unsigned short op, err;
+    char message[];
+  } *mess = (struct errmess *)packet;
+  ssize_t ret = 4;
+  char *errstr = strerror(errno);
+ 
+  mess->op = htons(OP_ERR);
+  mess->err = htons(err);
+  ret += (snprintf(mess->message, 500,  message, file, errstr) + 1);
+  if (err != ERR_FNF)
+    my_syslog(LOG_ERR, "TFTP %s", mess->message);
+  
+  return  ret;
+}
+
+static ssize_t tftp_err_oops(char *packet, char *file)
+{
+  return tftp_err(ERR_NOTDEF, packet, _("cannot read %s: %s"), file);
+}
+
+/* return -1 for error, zero for done. */
+static ssize_t get_block(char *packet, struct tftp_transfer *transfer)
+{
+  if (transfer->block == 0)
+    {
+      /* send OACK */
+      char *p;
+      struct oackmess {
+	unsigned short op;
+	char data[];
+      } *mess = (struct oackmess *)packet;
+      
+      p = mess->data;
+      mess->op = htons(OP_OACK);
+      if (transfer->opt_blocksize)
+	{
+	  p += (sprintf(p, "blksize") + 1);
+	  p += (sprintf(p, "%d", transfer->blocksize) + 1);
+	}
+      if (transfer->opt_transize)
+	{
+	  p += (sprintf(p,"tsize") + 1);
+	  p += (sprintf(p, "%u", (unsigned int)transfer->file->size) + 1);
+	}
+
+      return p - packet;
+    }
+  else
+    {
+      /* send data packet */
+      struct datamess {
+	unsigned short op, block;
+	unsigned char data[];
+      } *mess = (struct datamess *)packet;
+      
+      size_t size = transfer->file->size - transfer->offset; 
+      
+      if (transfer->offset > transfer->file->size)
+	return 0; /* finished */
+      
+      if (size > transfer->blocksize)
+	size = transfer->blocksize;
+      
+      mess->op = htons(OP_DATA);
+      mess->block = htons((unsigned short)(transfer->block));
+      
+      if (lseek(transfer->file->fd, transfer->offset, SEEK_SET) == (off_t)-1 ||
+	  !read_write(transfer->file->fd, mess->data, size, 1))
+	return -1;
+      
+      transfer->expansion = 0;
+      
+      /* Map '\n' to CR-LF in netascii mode */
+      if (transfer->netascii)
+	{
+	  size_t i;
+	  int newcarrylf;
+
+	  for (i = 0, newcarrylf = 0; i < size; i++)
+	    if (mess->data[i] == '\n' && ( i != 0 || !transfer->carrylf))
+	      {
+		if (size == transfer->blocksize)
+		  {
+		    transfer->expansion++;
+		    if (i == size - 1)
+		      newcarrylf = 1; /* don't expand LF again if it moves to the next block */
+		  }
+		else
+		  size++; /* room in this block */
+	      
+		/* make space and insert CR */
+		memmove(&mess->data[i+1], &mess->data[i], size - (i + 1));
+		mess->data[i] = '\r';
+		
+		i++;
+	      }
+	  transfer->carrylf = newcarrylf;
+	  
+	}
+
+      return size + 4;
+    }
+}
+
+#endif

src/util.c

@@ -1,98 +1,112 @@
-/* dnsmasq is Copyright (c) 2000 - 2005 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-
 /* Some code in this file contributed by Rob Funk. */
 
+/* The SURF random number generator was taken from djbdns-1.05, by 
+   Daniel J Berstein, which is public domain. */
+
+
 #include "dnsmasq.h"
 
-/* Prefer arc4random(3) over random(3) over rand(3) */
-/* Also prefer /dev/urandom over /dev/random, to preserve the entropy pool */
-#ifdef HAVE_ARC4RANDOM
-# define rand()		arc4random()
-# define srand(s)	(void)0
-# define RANDFILE	(NULL)
-#else
-# ifdef HAVE_RANDOM
-#  define rand()	random()
-#  define srand(s)	srandom(s)
-# endif
-# ifdef HAVE_DEV_URANDOM
-#  define RANDFILE	"/dev/urandom"
-# else
-#  ifdef HAVE_DEV_RANDOM
-#   define RANDFILE	"/dev/random"
-#  else
-#   define RANDFILE	(NULL)
-#  endif
-# endif
+#ifdef HAVE_BROKEN_RTC
+#include <sys/times.h>
 #endif
 
+
+#ifdef HAVE_ARC4RANDOM
+void rand_init(void)
+{
+  return;
+}
+
 unsigned short rand16(void)
 {
-  static int been_seeded = 0;
-  const char *randfile = RANDFILE;
-  
-  if (! been_seeded) 
-    {
-      int fd, n = 0;
-      unsigned int c = 0, seed = 0, badseed;
-      char sbuf[sizeof(seed)];
-      char *s;
-      struct timeval now;
-
-      /* get the bad seed as a backup */
-      /* (but we'd rather have something more random) */
-      gettimeofday(&now, NULL);
-      badseed = now.tv_sec ^ now.tv_usec ^ (getpid() << 16);
-      
-      fd = open(randfile, O_RDONLY);
-      if (fd < 0) 
-	seed = badseed;
-      else
-	{
-	  s = (char *) &seed;
-	  while ((c < sizeof(seed)) &&
-		 ((n = read(fd, sbuf, sizeof(seed)) > 0))) 
-	    {
-	      memcpy(s, sbuf, n);
-	      s += n;
-	      c += n;
-	    }
-	  if (n < 0)
-	    seed = badseed;
-	  close(fd);
-	}
-
-      srand(seed);
-      been_seeded = 1;
-    }
-  
-  /* Some rand() implementations have less randomness in low bits
-   * than in high bits, so we only pay attention to the high ones.
-   * But most implementations don't touch the high bit, so we 
-   * ignore that one.
-   */
-  return( (unsigned short) (rand() >> 15) );
+   return (unsigned short) (arc4random() >> 15);
 }
 
+#else
+
+/* SURF random number generator */
+
+typedef unsigned int uint32;
+
+static uint32 seed[32];
+static uint32 in[12];
+static uint32 out[8];
+
+void rand_init()
+{
+  int fd = open(RANDFILE, O_RDONLY);
+  
+  if (fd == -1 ||
+      !read_write(fd, (unsigned char *)&seed, sizeof(seed), 1) ||
+      !read_write(fd, (unsigned char *)&in, sizeof(in), 1))
+    die(_("failed to seed the random number generator: %s"), NULL, EC_MISC);
+  
+  close(fd);
+}
+
+#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b))))
+#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b));
+
+static void surf(void)
+{
+  uint32 t[12]; uint32 x; uint32 sum = 0;
+  int r; int i; int loop;
+
+  for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i];
+  for (i = 0;i < 8;++i) out[i] = seed[24 + i];
+  x = t[11];
+  for (loop = 0;loop < 2;++loop) {
+    for (r = 0;r < 16;++r) {
+      sum += 0x9e3779b9;
+      MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13)
+      MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13)
+      MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13)
+    }
+    for (i = 0;i < 8;++i) out[i] ^= t[i + 4];
+  }
+}
+
+unsigned short rand16(void)
+{
+  static int outleft = 0;
+
+  if (!outleft) {
+    if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3];
+    surf();
+    outleft = 8;
+  }
+
+  return (unsigned short) out[--outleft];
+}
+
+#endif
+
+
 int legal_char(char c)
 {
   /* check for legal char a-z A-Z 0-9 - 
-     (also / , used for RFC2317 and _ used in windows queries) */
+     (also / , used for RFC2317 and _ used in windows queries
+     and space, for DNS-SD stuff) */
   if ((c >= 'A' && c <= 'Z') ||
       (c >= 'a' && c <= 'z') ||
       (c >= '0' && c <= '9') ||
-      c == '-' || c == '/' || c == '_')
+      c == '-' || c == '/' || c == '_' || c == ' ')
     return 1;
   
   return 0;
@@ -104,6 +118,7 @@ int canonicalise(char *s)
      also fail empty string and label > 63 chars */
   size_t dotgap = 0, l = strlen(s);
   char c;
+  int nowhite = 0;
 
   if (l == 0 || l > MAXDNAME) return 0;
 
@@ -119,9 +134,11 @@ int canonicalise(char *s)
 	dotgap = 0;
       else if (!legal_char(c) || (++dotgap > MAXLABEL))
 	return 0;
+      else if (c != ' ')
+	nowhite = 1;
       s++;
     }
-  return 1;
+  return nowhite;
 }
 
 unsigned char *do_rfc1035_name(unsigned char *p, char *sval)
@@ -146,38 +163,27 @@ void *safe_malloc(size_t size)
   void *ret = malloc(size);
   
   if (!ret)
-    die(_("could not get memory"), NULL);
+    die(_("could not get memory"), NULL, EC_NOMEM);
      
   return ret;
 }    
 
-static void log_err(char *message, char *arg1)
+void safe_pipe(int *fd, int read_noblock)
 {
-  char *errmess = strerror(errno);
-  
-  if (!arg1)
-    arg1 = errmess;
-  
-  fprintf(stderr, "dnsmasq: ");
-  fprintf(stderr, message, arg1, errmess);
-  fprintf(stderr, "\n");
-  
-  syslog(LOG_CRIT, message, arg1, errmess);
+  if (pipe(fd) == -1 || 
+      !fix_fd(fd[1]) ||
+      (read_noblock && !fix_fd(fd[0])))
+    die(_("cannot create pipe: %s"), NULL, EC_MISC);
 }
 
-void complain(char *message, int lineno, char *file)
+void *whine_malloc(size_t size)
 {
-  char buff[256];
-  
-  sprintf(buff, _("%s at line %d of %%s"), message, lineno);
-  log_err(buff, file);
-}
+  void *ret = malloc(size);
 
-void die(char *message, char *arg1)
-{
-  log_err(message, arg1);
-  syslog(LOG_CRIT, _("FAILED to start up"));
-  exit(1);
+  if (!ret)
+    my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size);
+
+  return ret;
 }
 
 int sockaddr_isequal(union mysockaddr *s1, union mysockaddr *s2)
@@ -186,13 +192,12 @@ int sockaddr_isequal(union mysockaddr *s1, union mysockaddr *s2)
     { 
       if (s1->sa.sa_family == AF_INET &&
 	  s1->in.sin_port == s2->in.sin_port &&
-	  memcmp(&s1->in.sin_addr, &s2->in.sin_addr, sizeof(struct in_addr)) == 0)
+	  s1->in.sin_addr.s_addr == s2->in.sin_addr.s_addr)
 	return 1;
 #ifdef HAVE_IPV6      
       if (s1->sa.sa_family == AF_INET6 &&
 	  s1->in6.sin6_port == s2->in6.sin6_port &&
-	  s1->in6.sin6_flowinfo == s2->in6.sin6_flowinfo &&
-	  memcmp(&s1->in6.sin6_addr, &s2->in6.sin6_addr, sizeof(struct in6_addr)) == 0)
+	  IN6_ARE_ADDR_EQUAL(&s1->in6.sin6_addr, &s2->in6.sin6_addr))
 	return 1;
 #endif
     }
@@ -234,21 +239,17 @@ int hostname_isequal(char *a, char *b)
   return 1;
 }
     
-time_t dnsmasq_time(int fd)
+time_t dnsmasq_time(void)
 {
 #ifdef HAVE_BROKEN_RTC
-  /* we use uptime as a time-base, rather than epoch time
-     because epoch time can break when a machine contacts
-     a nameserver and updates it. */
-  char buf[30];
-  lseek(fd, 0, SEEK_SET);
-  read(fd, buf, 30);
-  /* ensure the time is terminated even if /proc/uptime sends something unexpected */
-  buf[29] = 0;  
-  read(fd, buf, 30);
-  return (time_t)atol(buf);
+  struct tms dummy;
+  static long tps = 0;
+
+  if (tps == 0)
+    tps = sysconf(_SC_CLK_TCK);
+
+  return (time_t)(times(&dummy)/tps);
 #else
-  fd = 0; /* stop warning */
   return time(NULL);
 #endif
 }
@@ -258,23 +259,6 @@ int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask)
   return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr);
 } 
 
-int retry_send(void)
-{
-   struct timespec waiter;
-   if (errno == EAGAIN)
-     {
-       waiter.tv_sec = 0;
-       waiter.tv_nsec = 10000;
-       nanosleep(&waiter, NULL);
-       return 1;
-     }
-   
-   if (errno == EINTR)
-     return 1;
-
-   return 0;
-}
-
 /* returns port number from address */
 int prettyprint_addr(union mysockaddr *addr, char *buf)
 {
@@ -319,25 +303,39 @@ void prettyprint_time(char *buf, unsigned int t)
 
 
 /* in may equal out, when maxlen may be -1 (No max len). */
-int parse_hex(char *in, unsigned char *out, int maxlen, unsigned int *wildcard_mask)
+int parse_hex(char *in, unsigned char *out, int maxlen, 
+	      unsigned int *wildcard_mask, int *mac_type)
 {
   int mask = 0, i = 0;
   char *r;
-
+    
+  if (mac_type)
+    *mac_type = 0;
+  
   while (maxlen == -1 || i < maxlen)
     {
       for (r = in; *r != 0 && *r != ':' && *r != '-'; r++);
       if (*r == 0)
 	maxlen = i;
+      
       if (r != in )
 	{
-	  *r = 0;
-	  mask = mask << 1;
-	  if (strcmp(in, "*") == 0)
-	    mask |= 1;
+	  if (*r == '-' && i == 0 && mac_type)
+	   {
+	      *r = 0;
+	      *mac_type = strtol(in, NULL, 16);
+	      mac_type = NULL;
+	   }
 	  else
-	    out[i] = strtol(in, NULL, 16);
-	  i++;
+	    {
+	      *r = 0;
+	      mask = mask << 1;
+	      if (strcmp(in, "*") == 0)
+		mask |= 1;
+	      else
+		out[i] = strtol(in, NULL, 16);
+	      i++;
+	    }
 	}
       in = r+1;
     }
@@ -347,3 +345,102 @@ int parse_hex(char *in, unsigned char *out, int maxlen, unsigned int *wildcard_m
 
   return i;
 }
+
+int memcmp_masked(unsigned char *a, unsigned char *b, int len, unsigned int mask)
+{
+  int i;
+  for (i = len - 1; i >= 0; i--, mask = mask >> 1)
+    if (!(mask & 1) && a[i] != b[i])
+      return 0;
+
+  return 1;
+}
+
+/* _note_ may copy buffer */
+int expand_buf(struct iovec *iov, size_t size)
+{
+  void *new;
+
+  if (size <= (size_t)iov->iov_len)
+    return 1;
+
+  if (!(new = whine_malloc(size)))
+    {
+      errno = ENOMEM;
+      return 0;
+    }
+
+  if (iov->iov_base)
+    {
+      memcpy(new, iov->iov_base, iov->iov_len);
+      free(iov->iov_base);
+    }
+
+  iov->iov_base = new;
+  iov->iov_len = size;
+
+  return 1;
+}
+
+char *print_mac(char *buff, unsigned char *mac, int len)
+{
+  char *p = buff;
+  int i;
+   
+  if (len == 0)
+    sprintf(p, "<null>");
+  else
+    for (i = 0; i < len; i++)
+      p += sprintf(p, "%.2x%s", mac[i], (i == len - 1) ? "" : ":");
+  
+  return buff;
+}
+
+void bump_maxfd(int fd, int *max)
+{
+  if (fd > *max)
+    *max = fd;
+}
+
+int retry_send(void)
+{
+   struct timespec waiter;
+   if (errno == EAGAIN)
+     {
+       waiter.tv_sec = 0;
+       waiter.tv_nsec = 10000;
+       nanosleep(&waiter, NULL);
+       return 1;
+     }
+   
+   if (errno == EINTR)
+     return 1;
+
+   return 0;
+}
+
+int read_write(int fd, unsigned char *packet, int size, int rw)
+{
+  ssize_t n, done;
+  
+  for (done = 0; done < size; done += n)
+    {
+    retry:
+      if (rw)
+        n = read(fd, &packet[done], (size_t)(size - done));
+      else
+        n = write(fd, &packet[done], (size_t)(size - done));
+
+      if (n == 0)
+        return 0;
+      else if (n == -1)
+        {
+          if (retry_send() || errno == ENOMEM || errno == ENOBUFS)
+            goto retry;
+          else
+            return 0;
+        }
+    }
+  return 1;
+}
+