import of dnsmasq-2.44.tar.gz

CHANGELOG

@@ -45,7 +45,7 @@ release 0.95  Major rewrite: remove calls to gethostbyname() and talk
                   dnsmasq to serve names to the machine it is running
                   on (put nameserver 127.0.0.1 in /etc/resolv.conf and
                   give dnsmasq the option -r /etc/resolv.dnsmasq)
-              (6) Dnsmasq will re-read it's servers if the
+              (6) Dnsmasq will re-read its servers if the
                   modification time of resolv.conf changes. Along with
                   4 above this allows nameservers to be set
 		  automatically by ppp or dhcp.	 
@@ -1076,7 +1076,7 @@ release 2.10
 
 	    NAK attempts to renew a pool DHCP lease when a statically
 	    allocated address has become available, forcing a host to
-	    move to it's allocated address. Lots of people have
+	    move to its allocated address. Lots of people have
 	    suggested this change and been rebuffed (they know who
 	    they are) the straws that broke the camel's back were Tim
 	    Cutts and Jamie Lokier.
@@ -2119,7 +2119,483 @@ version 2.37
 	    Added a LIMITS section to the man-page, with guidance on
 	    maximum numbers of clients, file sizes and tuning.
 
+release 2.38
+	    Fix compilation on *BSD. Thanks to Tom Hensel.
 
+	    Don't send length zero DHCP option 43 and cope with 
+	    encapsulated options whose total length exceeds 255 octets
+	    by splitting them into multiple option 43 pieces.
 
+	    Avoid queries being retried forever when --strict-order is
+	    set and an upstream server returns a SERVFAIL
+	    error. Thanks to Johannes Stezenbach for spotting this.
+
+	    Fix BOOTP support, broken in version 2.37.
+
+	    Add example dhcp-options for Etherboot.
+
+	    Add \e (for ASCII ESCape) to the set of valid escapes
+	    in config-file strings.
+
+	    Added --dhcp-option-force flag and examples in the
+	    configuration file which use this to control PXELinux.
+
+	    Added --tftp-no-blocksize option.
+
+	    Set netid tag "bootp" when BOOTP (rather than DHCP) is in
+	    use. This makes it easy to customise which options are
+	    sent to BOOTP clients. (BOOTP allows only 64 octets for
+	    options, so it can be necessary to trim things.)
+
+	    Fix rare hang in cache code, a 2.37 regression. This
+	    probably needs an infinite DHCP lease and some bad luck to
+	    trigger. Thanks to Detlef Reichelt for bug reports and testing.
+
+release 2.39
+	    Apply patch from Mike Baker/OpenWRT to ensure that names
+	    like "localhost." in /etc/hosts with trailing period 
+	    are treated as fully-qualified.
+
+	    Tolerate and ignore spaces around commas in the
+	    configuration file in all circumstances. Note that this
+	    may change the meaning of a few existing config files, for
+	    instance
+	    txt-record=mydomain.com, string
+	    would have a leading space in the string before, and now
+	    will not. To get the old behaviour back, use quotes:
+	    txt-record=mydomain.com," string"
+
+	    /a is no longer a valid escape in quoted strings.
+
+	    Added symbolic DHCP option names. Instead of
+	    dhcp-option = 3, 1.2.3.4 
+	    it is now possible to do
+	    dhcp-option = option:router, 1.2.3.4
+	    To see the list of known DHCP options, use the 
+            command "dnsmasq --help dhcp"
+	    Thanks to Luigi Rizzo for a patch and good work on this.
+
+	    Overhauled the log code so that logging can be asynchronous; 
+	    dnsmasq then no longer blocks waiting for the syslog() library
+	    call. This is important on systems where syslog
+	    is being used to log over the network (and therefore doing
+	    DNS lookups) and syslog is using dnsmasq as its DNS
+	    server. Having dnsmasq block awaiting syslog under 
+	    such circumstances can lead to syslog and dnsmasq 
+	    deadlocking. The new behaviour is enabled with a new
+	     --log-async flag, which can also be used to tune the
+	    queue length. Paul Chambers found and diagnosed 
+	    this trap for the unwary. He also did much testing of 
+	    the solution along with Carlos Carvalho.
+
+	    --log-facility can now take a file-name instead of a 
+	    facility name. When this is done, dnsmasq logs to the 
+	    file and not via syslog. (Failures early in startup, 
+	    whilst reading configuration, will still go to syslog, 
+	    and syslog is used as a log-of-last-resort if the file
+	    cannot be written.)
+
+	    Added --log-dhcp flag. Suggestion from Carlos Carvalho.
+
+	    Made BINDIR, MANDIR and LOCALEDIR independently
+	    over-rideable in the makefile. Suggestion from Thomas
+	    Klausner.
+
+	    Added 127.0.0.0/8 and 169.254.0.0/16 to the address
+	    ranges affected by --bogus-priv. Thanks to  Paul 
+	    Chambers for the patch.
+
+	    Fixed failure of TFTP server with --listen-address. Thanks
+	    to William Dinkel for the bug report.
+
+	    Added --dhcp-circuitid and --dhcp-remoteid for RFC3046
+	    relay agent data matching.
+ 
+	    Added --dhcp-subscrid for RFC3993 subscriber-id relay
+	    agent data matching.
+
+	    Correctly garbage-collect connections when upstream
+	    servers go away as a result of DBus transactions.
+
+	    Allow absolute paths for TFTP transfers even when
+	    --tftp-root is set, as long as the path matches the root,
+	    so /var/ftp/myfile is OK with tftp-root=/var/ftp.
+	    Thanks for Thomas Mizzi for the patch.
+
+	    Updated Spanish translation - thanks to Chris Chatham.
+
+	    Updated French translation - thanks to Gildas Le Nadan.
+
+	    Added to example conf file example of routing PTR queries
+	    for a subnet to a different nameserver. Suggestion from
+	    Jon Nicholson.
+
+	    Added --interface-name option. This provides a facility 
+	    to add a domain name with a dynamic IP address taken from
+	    the address of a local network interface. Useful for
+	    networks with dynamic IPs.
+
+version 2.40
+            Make SIGUSR2 close-and-reopen the logfile when logging 
+	    direct to a file. Thanks to Carlos Carvalho for 
+	    suggesting this. When a logfile is created, change
+	    its ownership to the user dnsmasq will run as, don't
+	    leave it owned by root.
+
+	    Set a special tag, "known" for hosts which are matched by
+	    a dhcp-host or /etc/ethers line. This is especially
+	    useful to be able to do --dhcp-ignore=#known, like ISCs
+	    "deny unknown-clients".
+
+	    Explicitly set a umask before creating the leases file,
+	    rather than relying on whatever we inherited. The
+	    permissions	are set to 644.
+
+	    Fix handling of fully-qualified names in --dhcp-host
+	    directives and in /etc/ethers. These are now rejected 
+	    if the domain doesn't match that given by --domain,	  
+	    and used correctly otherwise. Before, putting
+	    a FQDN here could cause the whole FQDN to be used as
+	    hostname. Thanks to Michael Heimpold for the bug report.
+
+	    Massive but trivial edit to make the "daemon" variable 
+	    global, instead of copying the same value around as the
+	    first argument to half the functions in the program.
+	    
+	    Updated Spanish manpage and message catalog. Thanks 
+	    to Chris Chatham.
+	    
+	    Added patch for support of DNS LOC records in
+	    contrib/dns-loc. Thanks to Lorenz Schori.
+
+	    Fixed error in manpage: dhcp-ignore-name ->
+	    dhcp-ignore-names. Thanks to Daniel Mentz for spotting
+	    this.
+
+	    Use client-id as hash-seed for DHCP address allocation
+	    with Firewire and Infiniband, as these don't supply an MAC
+	    address. 
+
+	    Tweaked TFTP file-open code to make it behave sensibly
+	    when the filesystem changes under its feet.
+
+	    Added DNSMASQ_TIME_REMAINING environment variable to the 
+	    lease-script.
+
+	    Always send replies to DHCPINFORM requests to the source
+	    of the request and not to the address in ciaddr. This
+	    allows third-party queries.
+	    
+	    Return "lease time remaining" in the reply to a DHCPINFORM
+	    request if there exists a lease for the host sending the
+	    request.
+
+	    Added --dhcp-hostsfile option. This gives a superset of
+	    the functionality provided by /etc/ethers. Thanks to 
+	    Greg Kurtzer for the suggestion.
+
+	    Accept keyword "server" as a synonym for "nameserver" in 
+	    resolv.conf. Thanks to Andrew Bartlett for the report.
+
+	    Add --tftp-unique-root option. Suggestion from Dermot
+	    Bradley.
+
+	    Tweak TFTP retry timer to avoid problems with difficult
+	    clients. Thanks to Dermot Bradley for assistance with
+	    this. 
+	    
+	    Continue to use unqualified hostnames provided by DHCP
+	    clients, even if the domain part is illegal. (The domain
+	    is	ignored, and an error logged.) Previously in this
+	    situation, the whole name whould have been
+	    rejected. Thanks to Jima for the patch.
+	    
+	    Handle EINTR returns from wait() correctly and reap
+	    our children's children if necessary. This fixes 
+	    a problem with zombie-creation under *BSD when using
+	    --dhcp-script.
+
+	    Escape spaces in hostnames when they are stored in the
+	    leases file and passed to the lease-change
+	    script. Suggestion from Ben Voigt.
+
+	    Re-run the lease chamge script with an "old" event for
+	    each lease when dnsmasq receives a SIGHUP.
+
+	    Added more useful exit codes, including passing on a
+	    non-zero exit code from the lease-script "init" call when
+	    --leasefile-ro is set.
+
+	    Log memory allocation failure whilst the daemon is
+	    running. Allocation failures during startup are fatal, 
+	    but lack of memory whilst running is worked around.
+	    This used to be silent, but now is logged.
+
+	    Fixed misaligned memory access which caused problems on
+	    Blackfin CPUs. Thanks to Alex Landau for the patch.
+
+	    Don't include (useless) script-calling code when NO_FORK
+	    is set. Since this tends to be used on very small uclinux 
+	    systems, it's worth-while to save some code-size.
+
+	    Don't set REUSEADDR on TFTP listening socket. There's no
+	    need to do so, and it creates confusing behaviour when
+	    inetd is also listening on the same port. Thanks to Erik
+	    Brown for spotting the problem.
+
+version 2.41
+            Remove deprecated calls when compiled against libdbus 1.1.
+	    
+	    Fix "strict-alias" warning in bpf.c
+
+	    Reduce dependency on Gnu-make in build system: dnsmasq now
+	    builds with system make under OpenBSD.
+
+	    Port to Solaris. Dnsmasq 1.x used to run under Solaris,
+	    and this release does so again, for Solaris 9 or better.
+
+	    Allow the DNS function to be completely disabled, by
+	    setting the port to zero "--port=0". The allows dnsmasq to
+	    be used as a simple DHCP server, simple TFTP server, or
+	    both, but without the DNS server getting in the way.
+
+	    Fix a bug where NXDOMAIN could be returned for a query
+	    even if the name's value was known for a different query
+	    type. This bug could be prodded with 
+            --local=/domain/ --address=/name.domain/1.2.3.4 
+	    An IPv6 query for name.domain would return NXDOMAIN, and
+	    not the correct NOERROR. Thanks to Lars Nooden for
+	    spotting the bug and Jima for diagnosis of the problem.
+
+	    Added per-server stats to the information logged when
+	    dnsmasq gets SIGUSR1.
+
+	    Added counts of queries forwarded and queries answered
+	    locally (from the cache, /etc/hosts or config).
+
+	    Fixed possible crash bug in DBus IPv6 code. Thanks to Matt
+	    Domsch and Jima.
+
+	    Tighten checks for clashes between hosts-file and
+	    DHCP-derived names. Multiple addresses associated with a
+	    name in hosts-file no longer confuses the check.
+
+	    Add --dhcp-no-override option to fix problems with some
+	    combinations of stage zero and stage one
+	    bootloaders. Thanks to Steve Alexander for the bug report.
+  
+	    Add --tftp-port-range option. Thanks to Daniel Mierswa for
+	    the suggestion.
+ 
+	    Add --stop-dns-rebind option. Thanks to Collin Mulliner
+	    for the patch.
+
+	    Added GPL version 3 as a license option.
+ 
+	    Added --all-servers option. Thanks to Peter Naulls for the
+	    patch.
+
+	    Extend source address mechanism so that the interface used
+	    to contact an upstream DNS server can be nailed
+	    down. Something like "--server=1.2.3.4@eth1" will force
+	    the use of eth1 for traffic to DNS-server 1.2.3.4. This
+	    facility is only available on Linux and Solaris. Thanks to
+	    Peter Naulls for prompting this.	     
 	
+	    Add --dhcp-optsfile option. Thanks to Carlos Carvalho for
+            the suggestion.
 
+	    Fixed failure to set source address for server connections
+	    when using TCP. Thanks to Simon Capper for finding this
+	    bug.
+
+	    Refuse to give a DHCP client the address it asks for if
+	    the address range in question is not available to that
+	    particular host. Thanks to Cedric Duval for the bug
+	    report. 
+
+	    Changed behavior of DHCP server to always return total length of
+	    a new lease in DHCPOFFER, even if an existing lease
+	    exists. (It used to return the time remaining on the lease
+	    whne one existed.) This fixes problems with the Sony Ericsson
+	    K610i phone. Thanks to Hakon Stordahl for finding and
+	    fixing this.
+
+	    Add DNSMASQ_INTERFACE to the environment of the
+	    lease-change script. Thanks to Nikos Mavrogiannopoulos for
+	    the patch.
+
+	    Fixed broken --alias functionality. Thanks to Michael
+	    Meelis for the bug report.
+
+	    Added French translation of the man page. Thank to Gildas
+	    Le Nadan for that.
+
+	    Add --dhcp-match flag, to check for arbitrary options in
+	    DHCP messages from clients. This enables use of dnsmasq
+	    with gPXE. Thanks to Rance Hall for the suggestion.
+
+	    Added --dhcp-broadcast, to force broadcast replies to DHCP
+	    clients which need them but are too dumb or too old to
+	    ask. Thanks to Bodo Bellut for the suggestion.
+
+	    Disable path-MTU discovery on DHCP and TFTP sockets. This
+	    is never needed, and the presence of DF flags in the IP
+	    header confuses some broken PXE ROMS. Thanks again to Bodo
+	    Bellut for spotting this.
+
+	    Fix problems with addresses which have multiple PTR
+	    records - all but one of these could get lost. 
+
+	    Fix bug with --address and ANY query type seeing REFUSED
+	    return code in replies. Thanks to Mike Wright for spotting
+	    the problem.
+
+	    Update Spanish translation. Thanks to Chris Chatham.
+
+	    Add --neg-ttl option.
+	    
+	    Add warnings about the bad effects of --filterwin2k on
+	    SIP, XMPP and Google-talk to the example config file.
+	    
+	    Fix va_list abuse in log.c. This fixes crashes on powerpc
+	    when debug mode is set. Thanks to Cedric Duval for the
+	    patch. 
+
+version 2.42
+            Define _GNU_SOURCE to avoid problems with later glibc
+            headers. Thanks to Jima for spotting the problem.
+
+	    Add --dhcp-alternate-port option. Thanks to Jan Psota for
+	    the suggestion.
+
+	    Fix typo in code which is only used on BSD, when Dbus and
+	    IPv6 support is enabled. Thanks to Roy Marples.
+	    
+	    Updated Polish translations - thank to Jan Psota.
+
+	    Fix OS detection logic to cope with GNU/FreeBSD.
+
+	    Fix unitialised variable in DBus code - thanks to Roy
+	    Marples.
+
+	    Fix network enumeration code to work on later NetBSD -
+	    thanks to Roy Marples.
+	    
+	    Provide --dhcp-bridge on all BSD variants.
+
+	    Define _LARGEFILE_SOURCE which removes an arbitrary 2GB
+            limit on logfiles. Thanks to Paul Chambers for spotting 
+            the problem.
+
+	    Fix RFC3046 agent-id echo code, broken for many
+	    releases. Thanks to Jeremy Laine for spotting the problem
+	    and providing a patch.
+
+	    Added Solaris 10 service manifest from David Connelly in
+	    contrib/Solaris10
+ 	    	     
+	    Add --dhcp-scriptuser option.	    
+
+	    Support new capability interface on suitable Linux 
+	    kernels, removes "legacy support in use" messages. Thanks 
+            to Jorge Bastos for pointing this out. 
+
+	    Fix subtle bug in cache code which could cause dnsmasq to
+	    lock spinning CPU in rare circumstances. Thanks to Alex
+	    Chekholko for bug reports and help debugging. 
+
+	    Support netascii transfer mode for TFTP.
+
+
+version 2.43
+	    Updated Polish translation. Thanks to Jan Psota.
+
+	    Flag errors when configuration options are repeated
+	    illegally.
+
+	    Further tweaks for GNU/kFreeBSD
+
+	    Add --no-wrap to msgmerge call - provides nicer .po file
+	    format.
+
+	    Honour lease-time spec in dhcp-host lines even for
+	    BOOTP. The user is assumed to known what they are doing in
+	    this case. (Hosts without the time spec still get infinite
+	    leases for BOOTP, over-riding the default in the
+	    dhcp-range.) Thanks to Peter Katzmann for uncovering this.
+
+	    Fix problem matching relay-agent ids. Thanks to Michael
+	    Rack for the bug report.
+
+	    Add --naptr-record option. Suggestion from Johan
+	    Bergquist.
+
+	    Implement RFC 5107 server-id-override DHCP relay agent
+	    option.
+
+	    Apply patches from Stefan Kruger for compilation on
+	    Solaris 10 under Sun studio.
+
+	    Yet more tweaking of Linux capability code, to suppress
+	    pointless wingeing from kernel 2.6.25 and above.
+
+	    Improve error checking during startup. Previously, some
+	    errors which occurred during startup would be worked
+	    around, with dnsmasq still starting up. Some were logged,
+            some silent. Now, they all cause a fatal error and dnsmasq 
+            terminates with a non-zero exit code. The errors are those
+            associated with changing uid and gid, setting process 
+            capabilities and writing the pidfile. Thanks to Uwe
+	    Gansert and the Suse security team for pointing out 
+	    this improvement, and Bill Reimers for good implementation
+	    suggestions.
+
+	    Provide NO_LARGEFILE compile option to switch off largefile
+	    support when compiling against versions of uclibc which
+	    don't support it. Thanks to Stephane Billiart for the patch.
+  
+            Implement random source ports for interactions with
+            upstream nameservers. New spoofing attacks have been found
+            against nameservers which do not do this, though it is not
+            clear if dnsmasq is vulnerable, since to doesn't implement
+            recursion. By default dnsmasq will now use a different
+            source port (and socket) for each query it sends
+            upstream. This behaviour can suppressed using the
+            --query-port option, and the old default behaviour
+            restored using --query-port=0. Explicit source-port
+            specifications in --server configs are still honoured.
+
+	    Replace the random number generator, for better
+	    security. On most BSD systems, dnsmasq uses the
+	    arc4random() RNG, which is secure, but on other platforms,
+	    it relied on the C-library RNG, which may be
+	    guessable and therefore allow spoofing. This release
+	    replaces the libc RNG with the SURF RNG, from Daniel
+	    J. Berstein's DJBDNS package.  
+
+	    Don't attempt to change user or group or set capabilities
+	    if dnsmasq is run as a non-root user. Without this, the
+	    change from soft to hard errors when these fail causes
+	    problems for non-root daemons listening on high
+	    ports. Thanks to Patrick McLean for spotting this.
+
+	    Updated French translation. Thanks to Gildas Le Nadan.
+
+version 2.44
+            Fix  crash when unknown client attempts to renew a DHCP
+            lease, problem introduced in version 2.43. Thanks to
+            Carlos Carvalho for help chasing this down.
+
+	    Fix potential crash when a host which doesn't have a lease
+	    does DHCPINFORM. Again introduced in 2.43. This bug has
+	    never been reported in the wild.
+
+            Fix crash in netlink code introduced in 2.43. Thanks to
+            Jean Wolter for finding this.
+
+	    Change implementation of min_port to work even if min-port
+	    as large.
+
+	    Patch to enable compilation of latest Mac OS X. Thanks to
+	    David Gilman.

COPYING-v3

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.

FAQ

@@ -1,7 +1,7 @@
 Q: Why does dnsmasq open UDP ports >1024 as well as port 53.
    Is this a security problem/trojan/backdoor?
 
-A: The high ports that dnsmasq opens is for replies from the upstream
+A: The high ports that dnsmasq opens are for replies from the upstream
    nameserver(s). Queries from dnsmasq to upstream nameservers are sent
    from these ports and replies received to them. The reason for doing this is
    that most firewall setups block incoming packets _to_ port 53, in order
@@ -39,10 +39,9 @@ A: They are negative entries: that's what the N flag means. Dnsmasq asked
 
 Q: Will dnsmasq compile/run on non-Linux systems?
 
-A: Yes, there is explicit support for *BSD and MacOS X. There are
-   start-up scripts for MacOS X Tiger and Panther in /contrib. Earlier
-   dnsmasq releases ran under Solaris, but that capability has
-   rotted. Dnsmasq will link with uclibc to provide small
+A: Yes, there is explicit support for *BSD and MacOS X and Solaris. 
+   There are start-up scripts for MacOS X Tiger and Panther 
+   in /contrib. Dnsmasq will link with uclibc to provide small
    binaries suitable for use in embedded systems such as
    routers. (There's special code to support machines with flash
    filesystems and no battery-backed RTC.)
@@ -50,7 +49,7 @@ A: Yes, there is explicit support for *BSD and MacOS X. There are
    ports and building dnsmasq with "make MAKE=gmake" 
    For other systems, try altering the settings in config.h.
  
-Q: My companies' nameserver knows about some names which aren't in the
+Q: My company's nameserver knows about some names which aren't in the
    public DNS. Even though I put it first in /etc/resolv.conf, it
    dosen't work: dnsmasq seems not to use the nameservers in the order
    given. What am I doing wrong?
@@ -227,7 +226,7 @@ A: What is happening is this: The boot process sends a DHCP
 Q: What network types are supported by the DHCP server?
   
 A: Ethernet (and 802.11 wireless) are supported on all platforms. On
-   Linux Token Ring is also supported.
+   Linux all network types (including FireWire) are supported.
 
 Q: What is this strange "bind-interface" option?
 
@@ -380,12 +379,20 @@ A: This a variant on the iptables problem. Explicit details on how to
    http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2005q3/000431.html
  
 
-Q: Dnsmasq logs "running as root because setting capabilities failed"
-   when it starts up. Why did that happen and what can do to fix it?
+Q: I'm using dnsmasq on a machine with the shorewall firewall, and
+   DHCP doesn't work. What's the problem?
+
+A: This a variant on the iptables problem. Explicit details on how to
+   proceed can be found at 
+   http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2007q4/001764.html
+
+
+Q: Dnsmasq fails to start up with a message about capabilities.
+   Why did that happen and what can do to fix it?
 
 A: Change your kernel configuration: either deselect CONFIG_SECURITY
-   _or_ select CONFIG_SECURITY_CAPABILITIES.
-
+   _or_ select CONFIG_SECURITY_CAPABILITIES. Alternatively, you can 
+   remove the need to set capabilities by running dnsmasq as root.
 
 Q: Where can I get .rpms Suitable for Suse?
 
@@ -409,7 +416,25 @@ A: Yes, as a DNS server, dnsmasq will just work in a vserver.
    refer to the vserver documentation for more information).
 
 
+Q: What's the problem with syslog and dnsmasq?
 
+A: In almost all cases: none. If you have the normal arrangement with
+   local daemons logging to a local syslog, which then writes to disk,
+   then there's never a problem. If you use network logging, then
+   there's a potential problem with deadlock: the syslog daemon will
+   do DNS lookups so that it can log the source of log messages,
+   these lookups will (depending on exact configuration) go through
+   dnsmasq, which also sends log messages. With bad timing, you can 
+   arrive at a situation where syslog is waiting for dnsmasq, and
+   dnsmasq is waiting for syslog; they will both wait forever. This
+   problem is fixed from dnsmasq-2.39, which introduces asynchronous
+   logging: dnsmasq no longer waits for syslog and the deadlock is
+   broken. There is a remaining problem in 2.39, where "log-queries"
+   is in use. In this case most DNS queries generate two log lines, if
+   these go to a syslog which is doing a DNS lookup for each log line,
+   then those queries will in turn generate two more log lines, and a 
+   chain reaction runaway will occur. To avoid this, use syslog-ng
+   and turn on syslog-ng's dns-cache function.
 
 
 

Makefile

@@ -1,4 +1,19 @@
-PREFIX?=/usr/local
+# dnsmasq is Copyright (c) 2000-2007 Simon Kelley
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; version 2 dated June, 1991, or
+#  (at your option) version 3 dated 29 June, 2007.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#    
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+PREFIX = /usr/local
 BINDIR = ${PREFIX}/sbin
 MANDIR = ${PREFIX}/share/man
 LOCALEDIR = ${PREFIX}/share/locale
@@ -7,12 +22,26 @@ SRC = src
 PO = po
 MAN = man
 
-CFLAGS?= -O2
+PKG_CONFIG = pkg-config
+AWK = nawk
+INSTALL = install
+
+DBUS_MINOR=" `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --modversion dbus-1 | $(AWK) -F . -- '{ if ($$(NF-1)) print \"-DDBUS_MINOR=\"$$(NF-1) }'`" 
+DBUS_CFLAGS="`echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --cflags dbus-1`" 
+DBUS_LIBS="  `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --libs dbus-1`" 
+SUNOS_VER="  `if uname | grep SunOS 2>&1 >/dev/null; then uname -r | $(AWK) -F . -- '{ print \"-DSUNOS_VER=\"$$2 }'; fi`"
+SUNOS_LIBS=" `if uname | grep SunOS 2>&1 >/dev/null; then echo -lsocket -lnsl -lposix4; fi `"
 
 all :   dnsmasq
 
 dnsmasq :
-	$(MAKE) I18N=-DNO_GETTEXT -f ../bld/Makefile -C $(SRC) dnsmasq 
+	cd $(SRC) && $(MAKE) \
+ DBUS_MINOR=$(DBUS_MINOR) \
+ DBUS_CFLAGS=$(DBUS_CFLAGS) \
+ DBUS_LIBS=$(DBUS_LIBS) \
+ SUNOS_LIBS=$(SUNOS_LIBS) \
+ SUNOS_VER=$(SUNOS_VER) \
+ -f ../bld/Makefile dnsmasq 
 
 clean :
 	rm -f *~ $(SRC)/*.mo contrib/*/*~ */*~ $(SRC)/*.pot 
@@ -21,14 +50,21 @@ clean :
 install : all install-common
 
 install-common :
-	install -d $(DESTDIR)$(BINDIR) -d $(DESTDIR)$(MANDIR)/man8
-	install -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 
-	install -m 755 $(SRC)/dnsmasq $(DESTDIR)$(BINDIR)
+	$(INSTALL) -d $(DESTDIR)$(BINDIR) -d $(DESTDIR)$(MANDIR)/man8
+	$(INSTALL) -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 
+	$(INSTALL) -m 755 $(SRC)/dnsmasq $(DESTDIR)$(BINDIR)
 
 all-i18n :
-	$(MAKE) I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' -f ../bld/Makefile -C $(SRC) dnsmasq
+	cd $(SRC) && $(MAKE) \
+ I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' \
+ DBUS_MINOR=$(DBUS_MINOR) \
+ DBUS_CFLAGS=$(DBUS_CFLAGS) \
+ DBUS_LIBS=$(DBUS_LIBS) \
+ SUNOS_LIBS=$(SUNOS_LIBS) \
+ SUNOS_VER=$(SUNOS_VER) \
+ -f ../bld/Makefile dnsmasq 
 	cd $(PO); for f in *.po; do \
-		$(MAKE) -f ../bld/Makefile -C ../$(SRC) $${f%.po}.mo; \
+		cd ../$(SRC) && $(MAKE) -f ../bld/Makefile $${f%.po}.mo; \
 	done
 
 install-i18n : all-i18n install-common
@@ -38,7 +74,7 @@ install-i18n : all-i18n install-common
 merge :
 	$(MAKE) I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' -f ../bld/Makefile -C $(SRC) dnsmasq.pot
 	cd $(PO); for f in *.po; do \
-		msgmerge -U $$f ../$(SRC)/dnsmasq.pot; \
+		msgmerge --no-wrap -U $$f ../$(SRC)/dnsmasq.pot; \
 	done
 
 

bld/Makefile

@@ -1,15 +1,14 @@
-CFLAGS ?= -O2
-PKG_CONFIG ?= pkg-config
-
+CFLAGS = -Wall -W -O2
 
 OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o network.o \
-       dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o helper.o tftp.o
+       dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+       helper.o tftp.o log.o
 
 .c.o:
-	$(CC) $(CFLAGS) $(COPTS) $(I18N) `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --cflags dbus-1` $(RPM_OPT_FLAGS) -Wall -W -c $<
+	$(CC) $(CFLAGS) $(COPTS) $(DBUS_MINOR) $(I18N) $(DBUS_CFLAGS) $(SUNOS_VER) $(RPM_OPT_FLAGS) -c $<
 
 dnsmasq : $(OBJS)
-	$(CC) $(LDFLAGS) -o $@  $(OBJS) `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --libs dbus-1` $(LIBS) 
+	$(CC) $(LDFLAGS) -o $@  $(OBJS) $(DBUS_LIBS) $(SUNOS_LIBS) $(LIBS) 
  
 dnsmasq.pot : $(OBJS:.o=.c) dnsmasq.h config.h
 	xgettext -d dnsmasq --foreign-user --keyword=_ -o dnsmasq.pot -i $(OBJS:.o=.c)

bld/install-man

@@ -2,7 +2,7 @@
 
 for f in *; do
   if [ -d $f ]; then
-     install -d $1/$f/man8 
+     install -m 755 -d $1/$f/man8 
      install -m 644 $f/dnsmasq.8 $1/$f/man8
      echo installing $1/$f/man8/dnsmasq.8
   fi

bld/install-mo

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 for f in *.mo; do
-  install -d $1/${f%.mo}/LC_MESSAGES
+  install -m 755 -d $1/${f%.mo}/LC_MESSAGES
   install -m 644 $f $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
   echo installing $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
 done

bld/pkg-wrapper

@@ -1,6 +1,7 @@
 #!/bin/sh
 
-if grep -q "^\#.*define.*HAVE_DBUS" config.h || grep -q HAVE_DBUS ; then
+if grep "^\#.*define.*HAVE_DBUS" config.h 2>&1 >/dev/null || \
+   grep HAVE_DBUS 2>&1 >/dev/null ; then
   exec $*
 fi
 

contrib/Solaris10/README

@@ -0,0 +1,28 @@
+From: David Connelly <dconnelly@gmail.com>
+Date: Mon, Apr 7, 2008 at 3:31 AM
+Subject: Solaris 10 service manifest
+To: dnsmasq-discuss@lists.thekelleys.org.uk
+
+
+I've found dnsmasq much easier to set up on my home server running Solaris
+10 than the stock dhcp/dns server, which is probably overkill anyway for my
+simple home network needs. Since Solaris now uses SMF (Service Management
+Facility) to manage services I thought I'd create a simple service manifest
+for the dnsmasq service. The manifest currently assumes that dnsmasq has
+been installed in '/usr/local/sbin/dnsmasq' and the configuration file in
+'/usr/local/etc/dnsmasq.conf', so you may have to adjust these paths for
+your local installation. Here are the steps I followed to install and enable
+the dnsmasq service:
+  # svccfg import dnsmasq.xml
+  # svcadm enable dnsmasq
+
+To confirm that the service is enabled and online:
+
+  # svcs -l dnsmasq
+
+I've just started learning about SMF so if anyone has any
+corrections/feedback they are more than welcome.
+
+Thanks,
+David
+

contrib/Solaris10/dnsmasq.xml

@@ -0,0 +1,65 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+
+<!-- Service manifest for dnsmasq -->
+
+<service_bundle type='manifest' name='dnsmasq'>
+  <service name='network/dnsmasq' type='service' version='1'>
+
+    <create_default_instance enabled='false'/>
+    <single_instance/>
+
+    <dependency name='multi-user'
+                grouping='require_all'
+                restart_on='refresh'
+                type='service'>
+      <service_fmri value='svc:/milestone/multi-user'/>
+    </dependency>
+
+    <dependency name='config'
+		grouping='require_all'
+		restart_on='restart'
+		type='path'>
+      <service_fmri value='file:///usr/local/etc/dnsmasq.conf'/>
+    </dependency>
+
+    <dependent name='dnsmasq_multi-user-server'
+               grouping='optional_all'
+               restart_on='none'>
+      <service_fmri value='svc:/milestone/multi-user-server' />
+    </dependent>
+
+    <exec_method type='method' name='start'
+                 exec='/usr/local/sbin/dnsmasq -C /usr/local/etc/dnsmasq.conf'
+                 timeout_seconds='60' >
+      <method_context>
+        <method_credential user='root' group='root' privileges='all'/>
+      </method_context>
+    </exec_method>
+
+    <exec_method type='method'
+                 name='stop'
+                 exec=':kill'
+                 timeout_seconds='60'/>
+
+    <exec_method type='method'
+                 name='refresh'
+                 exec=':kill -HUP'
+                 timeout_seconds='60' />
+
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>dnsmasq server</loctext>
+      </common_name>
+      <description>
+        <loctext xml:lang='C'>
+dnsmasq - A lightweight DHCP and caching DNS server.
+        </loctext>
+      </description>
+      <documentation>
+        <manpage title='dnsmasq' section='8' manpath='/usr/local/man'/>
+      </documentation>
+    </template>
+
+  </service>
+</service_bundle>

contrib/dns-loc/README

@@ -0,0 +1,12 @@
+Hi Simon
+
+Here is a patch against dnsmasq 2.39 which provides support for LOC  
+entries in order to assign location information to dns records  
+(rfc1876). I tested it on OSX and on OpenWRT.
+
+Cheers
+Lorenz
+
+More info:
+http://www.ckdhr.com/dns-loc/
+http://www.faqs.org/rfcs/rfc1876.html

contrib/dns-loc/dnsmasq2-loc-rfc1876.patch

@@ -0,0 +1,522 @@
+diff -Nur dnsmasq-2.39-orig/bld/Makefile dnsmasq-2.39/bld/Makefile
+--- dnsmasq-2.39-orig/bld/Makefile	2007-02-17 14:37:06.000000000 +0100
++++ dnsmasq-2.39/bld/Makefile	2007-05-20 18:23:44.000000000 +0200
+@@ -2,7 +2,7 @@
+ PKG_CONFIG ?= pkg-config
+ 
+ 
+-OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o network.o \
++OBJS = cache.o rfc1035.o rfc1876.o util.o option.o forward.o isc.o network.o \
+        dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+        helper.o tftp.o log.o
+ 
+diff -Nur dnsmasq-2.39-orig/src/dnsmasq.h dnsmasq-2.39/src/dnsmasq.h
+--- dnsmasq-2.39-orig/src/dnsmasq.h	2007-04-20 12:53:38.000000000 +0200
++++ dnsmasq-2.39/src/dnsmasq.h	2007-05-20 19:50:37.000000000 +0200
+@@ -162,6 +162,12 @@
+   struct interface_name *next;
+ };
+ 
++struct loc_record {
++  char *name, loc[16];
++  unsigned short class;
++  struct loc_record *next;
++};
++
+ union bigname {
+   char name[MAXDNAME];
+   union bigname *next; /* freelist */
+@@ -476,6 +482,7 @@
+   struct mx_srv_record *mxnames;
+   struct txt_record *txt;
+   struct ptr_record *ptr;
++	struct loc_record *loc;
+   struct interface_name *int_names;
+   char *mxtarget;
+   char *lease_file; 
+@@ -725,3 +732,6 @@
+ void tftp_request(struct listener *listen, struct daemon *daemon, time_t now);
+ void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now);
+ #endif
++
++/* rfc1876 */
++u_int32_t loc_aton(const char *ascii, u_char *binary);
+diff -Nur dnsmasq-2.39-orig/src/option.c dnsmasq-2.39/src/option.c
+--- dnsmasq-2.39-orig/src/option.c	2007-04-19 23:34:49.000000000 +0200
++++ dnsmasq-2.39/src/option.c	2007-05-20 20:15:15.000000000 +0200
+@@ -43,6 +43,7 @@
+ #define LOPT_REMOTE    269
+ #define LOPT_SUBSCR    270
+ #define LOPT_INTNAME   271
++#define LOPT_LOC       272
+ 
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =  
+@@ -122,6 +123,7 @@
+     {"tftp-root", 1, 0, LOPT_PREFIX },
+     {"tftp-max", 1, 0, LOPT_TFTP_MAX },
+     {"ptr-record", 1, 0, LOPT_PTR },
++    {"loc-record", 1, 0, LOPT_LOC },
+ #if defined(__FreeBSD__) || defined(__DragonFly__)
+     {"bridge-interface", 1, 0 , LOPT_BRIDGE },
+ #endif
+@@ -235,6 +237,7 @@
+   { "-y, --localise-queries", gettext_noop("Answer DNS queries based on the interface a query was sent to."), NULL },
+   { "-Y  --txt-record=name,txt....", gettext_noop("Specify TXT DNS record."), NULL },
+   { "    --ptr-record=name,target", gettext_noop("Specify PTR DNS record."), NULL },
++  { "    --loc-record=name,lat lon alt", gettext_noop("Specify LOC DNS record."), NULL },
+   { "    --interface-name=name,interface", gettext_noop("Give DNS name to IPv4 address of interface."), NULL },
+   { "-z, --bind-interfaces", gettext_noop("Bind only to interfaces in use."), NULL },
+   { "-Z, --read-ethers", gettext_noop("Read DHCP static host information from %s."), ETHERSFILE },
+@@ -1835,6 +1838,37 @@
+ 	new->intr = safe_string_alloc(comma);
+ 	break;
+       }
++      
++    case LOPT_LOC:
++      {
++	struct loc_record *new;
++	unsigned char *p, *q;
++	
++	comma = split(arg);
++	
++	if (!canonicalise_opt(arg))
++	  {
++	    option = '?';
++	    problem = _("bad LOC record");
++	    break;
++	  }
++	
++	new = safe_malloc(sizeof(struct loc_record));
++	new->next = daemon->loc;
++	daemon->loc = new;
++	new->class = C_IN;
++	if (!comma || loc_aton(comma,new->loc)!=16)
++	  {
++	    option = '?';
++	    problem = _("bad LOC record");
++	    break;
++	  }
++
++	if (comma)
++	  *comma = 0;
++	new->name = safe_string_alloc(arg);
++	break;
++      }
+ 
+     case LOPT_PTR:  /* --ptr-record */
+       {
+diff -Nur dnsmasq-2.39-orig/src/rfc1035.c dnsmasq-2.39/src/rfc1035.c
+--- dnsmasq-2.39-orig/src/rfc1035.c	2007-04-20 12:54:26.000000000 +0200
++++ dnsmasq-2.39/src/rfc1035.c	2007-05-20 18:22:46.000000000 +0200
+@@ -1112,6 +1112,27 @@
+ 	    }
+ 	}
+ 
++      if (qtype == T_LOC || qtype == T_ANY)
++	{
++	  struct loc_record *t;
++	  for(t = daemon->loc; t ; t = t->next)
++	    {
++	      if (t->class == qclass && hostname_isequal(name, t->name))
++		{
++		  ans = 1;
++		  if (!dryrun)
++		    {
++		      log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, 0, NULL, 0);
++		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
++					      daemon->local_ttl, NULL,
++					      T_LOC, t->class, "t", 16, t->loc))
++			anscount++;
++
++		    }
++		}
++	    }
++	}
++
+       if (qclass == C_IN)
+ 	{
+ 	  if (qtype == T_PTR || qtype == T_ANY)
+diff -Nur dnsmasq-2.39-orig/src/rfc1876.c dnsmasq-2.39/src/rfc1876.c
+--- dnsmasq-2.39-orig/src/rfc1876.c	1970-01-01 01:00:00.000000000 +0100
++++ dnsmasq-2.39/src/rfc1876.c	2007-05-20 19:50:10.000000000 +0200
+@@ -0,0 +1,379 @@
++/*
++ * routines to convert between on-the-wire RR format and zone file
++ * format.  Does not contain conversion to/from decimal degrees;
++ * divide or multiply by 60*60*1000 for that.
++ */
++
++#include "dnsmasq.h"
++
++static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000,
++                                 1000000,10000000,100000000,1000000000};
++
++/* takes an XeY precision/size value, returns a string representation.*/
++static const char *
++precsize_ntoa(u_int8_t prec)
++{
++        static char retbuf[sizeof("90000000.00")];
++        unsigned long val;
++        int mantissa, exponent;
++
++        mantissa = (int)((prec >> 4) & 0x0f) % 10;
++        exponent = (int)((prec >> 0) & 0x0f) % 10;
++
++        val = mantissa * poweroften[exponent];
++
++        (void) sprintf(retbuf,"%d.%.2d", val/100, val%100);
++        return (retbuf);
++}
++
++/* converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer.*/
++static u_int8_t
++precsize_aton(char **strptr)
++{
++        unsigned int mval = 0, cmval = 0;
++        u_int8_t retval = 0;
++        register char *cp;
++        register int exponent;
++        register int mantissa;
++
++        cp = *strptr;
++
++        while (isdigit(*cp))
++                mval = mval * 10 + (*cp++ - '0');
++
++        if (*cp == '.') {               /* centimeters */
++                cp++;
++                if (isdigit(*cp)) {
++                        cmval = (*cp++ - '0') * 10;
++                        if (isdigit(*cp)) {
++                                cmval += (*cp++ - '0');
++                        }
++                }
++        }
++        cmval = (mval * 100) + cmval;
++
++        for (exponent = 0; exponent < 9; exponent++)
++                if (cmval < poweroften[exponent+1])
++                        break;
++
++        mantissa = cmval / poweroften[exponent];
++        if (mantissa > 9)
++                mantissa = 9;
++
++        retval = (mantissa << 4) | exponent;
++
++        *strptr = cp;
++
++        return (retval);
++}
++
++/* converts ascii lat/lon to unsigned encoded 32-bit number.
++ *  moves pointer. */
++static u_int32_t
++latlon2ul(char **latlonstrptr,int *which)
++{
++        register char *cp;
++        u_int32_t retval;
++        int deg = 0, min = 0, secs = 0, secsfrac = 0;
++
++        cp = *latlonstrptr;
++
++        while (isdigit(*cp))
++                deg = deg * 10 + (*cp++ - '0');
++
++        while (isspace(*cp))
++                cp++;
++
++        if (!(isdigit(*cp)))
++                goto fndhemi;
++
++        while (isdigit(*cp))
++                min = min * 10 + (*cp++ - '0');
++        while (isspace(*cp))
++                cp++;
++
++        if (!(isdigit(*cp)))
++                goto fndhemi;
++
++        while (isdigit(*cp))
++                secs = secs * 10 + (*cp++ - '0');
++
++        if (*cp == '.') {               /* decimal seconds */
++                cp++;
++                if (isdigit(*cp)) {
++                        secsfrac = (*cp++ - '0') * 100;
++                        if (isdigit(*cp)) {
++                                secsfrac += (*cp++ - '0') * 10;
++                                if (isdigit(*cp)) {
++                                        secsfrac += (*cp++ - '0');
++                                }
++                        }
++                }
++        }
++
++        while (!isspace(*cp))   /* if any trailing garbage */
++                cp++;
++
++        while (isspace(*cp))
++                cp++;
++
++ fndhemi:
++        switch (*cp) {
++        case 'N': case 'n':
++        case 'E': case 'e':
++                retval = ((unsigned)1<<31)
++                        + (((((deg * 60) + min) * 60) + secs) * 1000)
++                        + secsfrac;
++                break;
++        case 'S': case 's':
++        case 'W': case 'w':
++                retval = ((unsigned)1<<31)
++                        - (((((deg * 60) + min) * 60) + secs) * 1000)
++                        - secsfrac;
++                break;
++        default:
++                retval = 0;     /* invalid value -- indicates error */
++                break;
++        }
++
++        switch (*cp) {
++        case 'N': case 'n':
++        case 'S': case 's':
++                *which = 1;     /* latitude */
++                break;
++        case 'E': case 'e':
++        case 'W': case 'w':
++                *which = 2;     /* longitude */
++                break;
++        default:
++                *which = 0;     /* error */
++                break;
++        }
++
++        cp++;                   /* skip the hemisphere */
++
++        while (!isspace(*cp))   /* if any trailing garbage */
++                cp++;
++
++        while (isspace(*cp))    /* move to next field */
++                cp++;
++
++        *latlonstrptr = cp;
++
++        return (retval);
++}
++
++/* converts a zone file representation in a string to an RDATA
++ * on-the-wire representation. */
++u_int32_t
++loc_aton(const char *ascii, u_char *binary)
++{
++        const char *cp, *maxcp;
++        u_char *bcp;
++
++        u_int32_t latit = 0, longit = 0, alt = 0;
++        u_int32_t lltemp1 = 0, lltemp2 = 0;
++        int altmeters = 0, altfrac = 0, altsign = 1;
++        u_int8_t hp = 0x16;    /* default = 1e6 cm = 10000.00m = 10km */
++        u_int8_t vp = 0x13;    /* default = 1e3 cm = 10.00m */
++        u_int8_t siz = 0x12;   /* default = 1e2 cm = 1.00m */
++        int which1 = 0, which2 = 0;
++
++        cp = ascii;
++        maxcp = cp + strlen(ascii);
++
++        lltemp1 = latlon2ul(&cp, &which1);
++        lltemp2 = latlon2ul(&cp, &which2);
++
++        switch (which1 + which2) {
++        case 3:                 /* 1 + 2, the only valid combination */
++                if ((which1 == 1) && (which2 == 2)) { /* normal case */
++                        latit = lltemp1;
++                        longit = lltemp2;
++                } else if ((which1 == 2) && (which2 == 1)) {/*reversed*/
++                        longit = lltemp1;
++                        latit = lltemp2;
++                } else {        /* some kind of brokenness */
++                        return 0;
++                }
++                break;
++        default:                /* we didn't get one of each */
++                return 0;
++        }
++
++        /* altitude */
++        if (*cp == '-') {
++                altsign = -1;
++                cp++;
++        }
++
++        if (*cp == '+')
++                cp++;
++
++        while (isdigit(*cp))
++                altmeters = altmeters * 10 + (*cp++ - '0');
++
++        if (*cp == '.') {               /* decimal meters */
++                cp++;
++                if (isdigit(*cp)) {
++                        altfrac = (*cp++ - '0') * 10;
++                        if (isdigit(*cp)) {
++                                altfrac += (*cp++ - '0');
++                        }
++                }
++        }
++
++        alt = (10000000 + (altsign * (altmeters * 100 + altfrac)));
++
++        while (!isspace(*cp) && (cp < maxcp))
++                                           /* if trailing garbage or m */
++                cp++;
++
++        while (isspace(*cp) && (cp < maxcp))
++                cp++;
++        if (cp >= maxcp)
++                goto defaults;
++
++        siz = precsize_aton(&cp);
++
++        while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/
++                cp++;
++
++        while (isspace(*cp) && (cp < maxcp))
++                cp++;
++
++        if (cp >= maxcp)
++                goto defaults;
++
++        hp = precsize_aton(&cp);
++
++        while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/
++                cp++;
++
++        while (isspace(*cp) && (cp < maxcp))
++                cp++;
++
++        if (cp >= maxcp)
++                goto defaults;
++
++        vp = precsize_aton(&cp);
++
++ defaults:
++
++        bcp = binary;
++        *bcp++ = (u_int8_t) 0;  /* version byte */
++        *bcp++ = siz;
++        *bcp++ = hp;
++        *bcp++ = vp;
++        PUTLONG(latit,bcp);
++        PUTLONG(longit,bcp);
++        PUTLONG(alt,bcp);
++
++        return (16);            /* size of RR in octets */
++}
++
++/* takes an on-the-wire LOC RR and prints it in zone file
++ * (human readable) format. */
++char *
++loc_ntoa(const u_char *binary,char *ascii)
++{
++        static char tmpbuf[255*3];
++
++        register char *cp;
++        register const u_char *rcp;
++
++        int latdeg, latmin, latsec, latsecfrac;
++        int longdeg, longmin, longsec, longsecfrac;
++        char northsouth, eastwest;
++        int altmeters, altfrac, altsign;
++
++        const int referencealt = 100000 * 100;
++
++        int32_t latval, longval, altval;
++        u_int32_t templ;
++        u_int8_t sizeval, hpval, vpval, versionval;
++
++        char *sizestr, *hpstr, *vpstr;
++
++        rcp = binary;
++        if (ascii)
++                cp = ascii;
++        else {
++                cp = tmpbuf;
++        }
++
++        versionval = *rcp++;
++
++        if (versionval) {
++                sprintf(cp,"; error: unknown LOC RR version");
++                return (cp);
++        }
++
++        sizeval = *rcp++;
++
++        hpval = *rcp++;
++        vpval = *rcp++;
++
++        GETLONG(templ,rcp);
++        latval = (templ - ((unsigned)1<<31));
++
++        GETLONG(templ,rcp);
++        longval = (templ - ((unsigned)1<<31));
++
++        GETLONG(templ,rcp);
++        if (templ < referencealt) { /* below WGS 84 spheroid */
++                altval = referencealt - templ;
++                altsign = -1;
++        } else {
++                altval = templ - referencealt;
++                altsign = 1;
++        }
++
++        if (latval < 0) {
++                northsouth = 'S';
++                latval = -latval;
++        }
++        else
++                northsouth = 'N';
++
++        latsecfrac = latval % 1000;
++        latval = latval / 1000;
++        latsec = latval % 60;
++        latval = latval / 60;
++        latmin = latval % 60;
++        latval = latval / 60;
++        latdeg = latval;
++
++        if (longval < 0) {
++                eastwest = 'W';
++                longval = -longval;
++        }
++        else
++                eastwest = 'E';
++
++        longsecfrac = longval % 1000;
++        longval = longval / 1000;
++        longsec = longval % 60;
++        longval = longval / 60;
++        longmin = longval % 60;
++        longval = longval / 60;
++        longdeg = longval;
++
++        altfrac = altval % 100;
++        altmeters = (altval / 100) * altsign;
++
++        sizestr = strdup(precsize_ntoa(sizeval));
++        hpstr = strdup(precsize_ntoa(hpval));
++        vpstr = strdup(precsize_ntoa(vpval));
++
++        sprintf(cp,
++                "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %d.%.2dm %sm %sm %sm",
++                latdeg, latmin, latsec, latsecfrac, northsouth,
++                longdeg, longmin, longsec, longsecfrac, eastwest,
++                altmeters, altfrac, sizestr, hpstr, vpstr);
++        free(sizestr);
++        free(hpstr);
++        free(vpstr);
++
++        return (cp);
++}

contrib/port-forward/portforward

@@ -23,6 +23,6 @@
 # will port forward port 53 UDP and TCP from this host to port 53 on dnsserver.
 #
 # Port forwards will recreated when dnsmasq restarts after a reboot, and
-# removed when DHCP leases expire. After editing this file, restart dnsmasq 
-# to install new iptables entries in the kernel.
+# removed when DHCP leases expire. After editing this file, send
+# SIGHUP to dnsmasq to install new iptables entries in the kernel.
 

contrib/wrt/Makefile

@@ -1,7 +1,6 @@
-CFLAGS?= -O2
+CFLAGS?= -O2 -Wall -W
 
-all: dhcp_release.c
-	$(CC) $(CFLAGS) $(RPM_OPT_FLAGS) -Wall -W dhcp_release.c -o dhcp_release
+all: dhcp_release dhcp_lease_time
 
 clean:
-	rm -f *~ *.o core dhcp_release
+	rm -f *~ *.o core dhcp_release dhcp_lease_time

contrib/wrt/dhcp_lease_time.c

@@ -0,0 +1,214 @@
+/* Copyright (c) 2007 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+*/
+
+/* dhcp_lease_time <address> */
+
+/* Send a DHCPINFORM message to a dnsmasq server running on the local host
+   and print (to stdout) the time remaining in any lease for the given
+   address. The time is given as string printed to stdout.
+
+   If an error occurs or no lease exists for the given address, 
+   nothing is sent to stdout a message is sent to stderr and a
+   non-zero error code is returned.
+
+   Requires dnsmasq 2.40 or later. 
+*/
+
+#include <sys/types.h> 
+#include <netinet/in.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <net/if_arp.h>
+#include <sys/ioctl.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <errno.h>
+
+#define DHCP_CHADDR_MAX          16
+#define BOOTREQUEST              1
+#define DHCP_COOKIE              0x63825363
+#define OPTION_PAD               0
+#define OPTION_LEASE_TIME        51
+#define OPTION_OVERLOAD          52
+#define OPTION_MESSAGE_TYPE      53
+#define OPTION_END               255
+#define DHCPINFORM               8
+#define DHCP_SERVER_PORT         67
+
+#define option_len(opt) ((int)(((unsigned char *)(opt))[1]))
+#define option_ptr(opt) ((void *)&(((unsigned char *)(opt))[2]))
+
+
+typedef unsigned char u8;
+typedef unsigned short u16;
+typedef unsigned int u32;
+
+struct dhcp_packet {
+  u8 op, htype, hlen, hops;
+  u32 xid;
+  u16 secs, flags;
+  struct in_addr ciaddr, yiaddr, siaddr, giaddr;
+  u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128];
+  u32 cookie;
+  unsigned char options[308];
+};
+
+static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize)
+{
+  while (*p != OPTION_END) 
+    {
+      if (p >= end)
+        return NULL; /* malformed packet */
+      else if (*p == OPTION_PAD)
+        p++;
+      else 
+        { 
+          int opt_len;
+          if (p >= end - 2)
+            return NULL; /* malformed packet */
+          opt_len = option_len(p);
+          if (p >= end - (2 + opt_len))
+            return NULL; /* malformed packet */
+          if (*p == opt && opt_len >= minsize)
+            return p;
+          p += opt_len + 2;
+        }
+    }
+  
+  return opt == OPTION_END ? p : NULL;
+}
+ 
+static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize)
+{
+  unsigned char *ret, *overload;
+  
+  /* skip over DHCP cookie; */
+  if ((ret = option_find1(&mess->options[0], ((unsigned char *)mess) + size, opt_type, minsize)))
+    return ret;
+
+  /* look for overload option. */
+  if (!(overload = option_find1(&mess->options[0], ((unsigned char *)mess) + size, OPTION_OVERLOAD, 1)))
+    return NULL;
+  
+  /* Can we look in filename area ? */
+  if ((overload[2] & 1) &&
+      (ret = option_find1(&mess->file[0], &mess->file[128], opt_type, minsize)))
+    return ret;
+
+  /* finally try sname area */
+  if ((overload[2] & 2) &&
+      (ret = option_find1(&mess->sname[0], &mess->sname[64], opt_type, minsize)))
+    return ret;
+
+  return NULL;
+}
+
+static unsigned int option_uint(unsigned char *opt, int size)
+{
+  /* this worries about unaligned data and byte order */
+  unsigned int ret = 0;
+  int i;
+  unsigned char *p = option_ptr(opt);
+  
+  for (i = 0; i < size; i++)
+    ret = (ret << 8) | *p++;
+
+  return ret;
+}
+
+int main(int argc, char **argv)
+{ 
+  struct in_addr lease;
+  struct dhcp_packet packet;
+  unsigned char *p = packet.options;
+  struct sockaddr_in dest;
+  int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+  ssize_t rc;
+  
+  if (argc < 2)
+    { 
+      fprintf(stderr, "usage: dhcp_lease_time <address>\n");
+      exit(1);
+    }
+
+  if (fd == -1)
+    {
+      perror("cannot create socket");
+      exit(1);
+    }
+ 
+  lease.s_addr = inet_addr(argv[1]);
+   
+  memset(&packet, 0, sizeof(packet));
+ 
+  packet.hlen = 0;
+  packet.htype = 0;
+
+  packet.op = BOOTREQUEST;
+  packet.ciaddr = lease;
+  packet.cookie = htonl(DHCP_COOKIE);
+
+  *(p++) = OPTION_MESSAGE_TYPE;
+  *(p++) = 1;
+  *(p++) = DHCPINFORM;
+
+  *(p++) = OPTION_END;
+ 
+  dest.sin_family = AF_INET; 
+  dest.sin_addr.s_addr = inet_addr("127.0.0.1");
+  dest.sin_port = ntohs(DHCP_SERVER_PORT);
+  
+  if (sendto(fd, &packet, sizeof(packet), 0, 
+	     (struct sockaddr *)&dest, sizeof(dest)) == -1)
+    {
+      perror("sendto failed");
+      exit(1);
+    }
+
+  alarm(3); /* noddy timeout. */
+
+  rc = recv(fd, &packet, sizeof(packet), 0);
+  
+  if (rc < (ssize_t)(sizeof(packet) - sizeof(packet.options)))
+    {
+      perror("recv failed");
+      exit(1);
+    }
+
+  if ((p = option_find(&packet, (size_t)rc, OPTION_LEASE_TIME, 4)))
+    {
+      unsigned int t = option_uint(p, 4);
+      if (t == 0xffffffff)
+	printf("infinite");
+      else
+	{
+	  unsigned int x;
+	  if ((x = t/86400))
+	    printf("%dd", x);
+	  if ((x = (t/3600)%24))
+	    printf("%dh", x);
+	  if ((x = (t/60)%60))
+	    printf("%dm", x);
+	  if ((x = t%60))
+	    printf("%ds", x);
+	}
+      return 0;
+    }
+
+  return 1; /* no lease */
+}

dnsmasq.conf.example

@@ -19,7 +19,7 @@
 # Uncomment this to filter useless windows-originated DNS requests
 # which can trigger dial-on-demand links needlessly.
 # Note that (amongst other things) this blocks all SRV requests,
-# so don't use it if you use eg Kerberos.
+# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
 # This option only affects forwarding, SRV records originating for
 # dnsmasq (via srv-host= lines) are not suppressed by it.
 #filterwin2k
@@ -48,6 +48,10 @@
 # non-public domains.
 #server=/localnet/192.168.0.1
 
+# Example of routing PTR queries to nameservers: this will send all 
+# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
+#server=/3.168.192.in-addr.arpa/10.1.2.3
+
 # Add local-only domains here, queries in these domains are answered
 # from /etc/hosts or DHCP only.
 #local=/localnet/
@@ -57,6 +61,18 @@
 # webserver.
 #address=/doubleclick.net/127.0.0.1
 
+# --address (and --server) work with IPv6 addresses too.
+#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
+
+# You can control how dnsmasq talks to a server: this forces 
+# queries to 10.1.2.3 to be routed via eth1
+# --server=10.1.2.3@eth1
+
+# and this sets the source (ie local) address used to talk to
+# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
+# IP on the machine, obviously).
+# --server=10.1.2.3@192.168.1.1#55
+
 # If you want dnsmasq to change uid and gid to something other
 # than the default, edit the following lines.
 #user=
@@ -141,7 +157,7 @@
 # the name fred and IP address 192.168.0.60 and lease time 45 minutes
 #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
 
-# Give the machine which says it's name is "bert" IP address
+# Give the machine which says its name is "bert" IP address
 # 192.168.0.70 and an infinite lease
 #dhcp-host=bert,192.168.0.70,infinite
 
@@ -176,6 +192,12 @@
 # any machine with ethernet address starting 11:22:33:
 #dhcp-host=11:22:33:*:*:*,net:red
 
+# Ignore any clients which are specified in dhcp-host lines
+# or /etc/ethers. Equivalent to ISC "deny unkown-clients".
+# This relies on the special "known" tag which is set when 
+# a host is matched.
+#dhcp-ignore=#known
+
 # Send extra options which are tagged as "red" to any machine whose
 # DHCP vendorclass string includes the substring "Linux"
 #dhcp-vendorclass=red,Linux
@@ -196,23 +218,22 @@
 
 # Send options to hosts which ask for a DHCP lease.
 # See RFC 2132 for details of available options.
+# Common options can be given to dnsmasq by name: 
+# run "dnsmasq --help dhcp" to get a list.
 # Note that all the common settings, such as netmask and
 # broadcast address, DNS server and default route, are given
-# sane defaults by dnsmasq. You very likely will not need any
+# sane defaults by dnsmasq. You very likely will not need 
 # any dhcp-options. If you use Windows clients and Samba, there
 # are some options which are recommended, they are detailed at the
 # end of this section.
-# For reference, the common options are:
-# subnet mask - 1
-# default router - 3
-# DNS server - 6
-# hostname - 12
-# broadcast address - 28
 
 # Override the default route supplied by dnsmasq, which assumes the
 # router is the same machine as the one running dnsmasq.
 #dhcp-option=3,1.2.3.4
 
+# Do the same thing, but using the option name
+#dhcp-option=option:router,1.2.3.4
+
 # Override the default route supplied by dnsmasq and send no default
 # route at all. Note that this only works for the options sent by
 # default (1, 3, 6, 12, 28) the same line will send a zero-length option 
@@ -220,7 +241,7 @@
 #dhcp-option=3
 
 # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
-#dhcp-option=42,192.168.0.4,10.10.0.5
+#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
 
 # Set the NTP time server address to be the same machine as
 # is running dnsmasq
@@ -241,7 +262,8 @@
 
 # Specify an option which will only be sent to the "red" network
 # (see dhcp-range for the declaration of the "red" network)
-#dhcp-option=red,42,192.168.1.1
+# Note that the net: part must precede the option: part.
+#dhcp-option = net:red, option:ntp-server, 192.168.1.1
 
 # The following DHCP options set up dnsmasq in the same way as is specified
 # for the ISC dhcpcd in
@@ -257,7 +279,7 @@
 
 # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
 # probably doesn't support this......
-#dhcp-option=119,eng.apple.com,marketing.apple.com
+#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
 
 # Send RFC-3442 classless static routes (note the netmask encoding)
 #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
@@ -276,12 +298,36 @@
 # http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
 #dhcp-option=vendor:MSFT,2,1i
 
+# Send the Encapsulated-vendor-class ID needed by some configurations of
+# Etherboot to allow is to recognise the DHCP server.
+#dhcp-option=vendor:Etherboot,60,"Etherboot"
+
+# Send options to PXELinux. Note that we need to send the options even
+# though they don't appear in the parameter request list, so we need
+# to use dhcp-option-force here. 
+# See http://syslinux.zytor.com/pxe.php#special for details.
+# Magic number - needed before anything else is recognised
+#dhcp-option-force=208,f1:00:74:7e
+# Configuration file name
+#dhcp-option-force=209,configs/common
+# Path prefix
+#dhcp-option-force=210,/tftpboot/pxelinux/files/
+# Reboot time. (Note 'i' to send 32-bit value)
+#dhcp-option-force=211,30i
+
 # Set the boot filename for BOOTP. You will only need 
 # this is you want to boot machines over the network and you will need
 # a TFTP server; either dnsmasq's built in TFTP server or an
 # external one. (See below for how to enable the TFTP server.)
 #dhcp-boot=pxelinux.0
 
+# Boot for Etherboot gPXE. The idea is to send two different
+# filenames, the first loads gPXE, and the second tells gPXE what to
+# load. The dhcp-match sets the gpxe tag for requests from gPXE.
+#dhcp-match=gpxe,175 # gPXE sends a 175 option.
+#dhcp-boot=net:#gpxe,undionly.kpxe
+#dhcp-boot=mybootimage
+ 
 # Enable dnsmasq's built-in TFTP server
 #enable-tftp
 
@@ -312,7 +358,7 @@
 # whether it has a record of the lease or not. This avoids long timeouts
 # when a machine wakes up on a new network. DO NOT enable this if there's
 # the slighest chance that you might end up accidentally configuring a DHCP
-# server for your campus/company accidentally. The ISC server uses the same
+# server for your campus/company accidentally. The ISC server uses
 # the same option, and this URL provides more information:
 # http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
 #dhcp-authoritative
@@ -417,6 +463,9 @@
 # dnsmasq.
 #log-queries
 
+# Log lots of extra information about DHCP transactions.
+#log-dhcp
+
 # Include a another lot of configuration options.
 #conf-file=/etc/dnsmasq.more.conf
 #conf-dir=/etc/dnsmasq.d

doc.html

@@ -19,8 +19,8 @@ connection but would be a good choice for any smallish network (up to
 1000 clients is known to work) where low
 resource use and ease of configuration are important. 
 <P>
-Supported platforms include Linux (with glibc and uclibc), *BSD and
-Mac OS X.
+Supported platforms include Linux (with glibc and uclibc), *BSD,
+Solaris and Mac OS X.
 Dnsmasq is included in at least the following Linux distributions:
 Gentoo, Debian, Slackware, Suse, Fedora,
 Smoothwall, IP-Cop, floppyfw, Firebox, LEAF, Freesco, fli4l,
@@ -59,7 +59,7 @@ improving performance (especially on modem connections).
 </LI>
 <LI>
 Dnsmasq can be configured to automatically pick up the addresses of
-it's upstream nameservers from ppp or dhcp configuration. It will
+its upstream nameservers from ppp or dhcp configuration. It will
 automatically reload this information if it changes. This facility
 will be of particular interest to maintainers of Linux firewall
 distributions since it allows dns configuration to be made automatic.

man/dnsmasq.8

@@ -6,8 +6,8 @@ dnsmasq \- A lightweight DHCP and caching DNS server.
 .I [OPTION]...
 .SH "DESCRIPTION"
 .BR dnsmasq
-is a lightweight DNS, TFTP and DHCP server. It is intended to provide coupled DNS and DHCP service to a
-LAN.
+is a lightweight DNS, TFTP and DHCP server. It is intended to provide 
+coupled DNS and DHCP service to a LAN.
 .PP
 Dnsmasq accepts DNS queries and either answers them from a small, local,
 cache or forwards them to a real, recursive, DNS server. It loads the
@@ -18,7 +18,7 @@ DNS queries for DHCP configured hosts.
 The dnsmasq DHCP server supports static address assignments, multiple
 networks, DHCP-relay and RFC3011 subnet specifiers. It automatically
 sends a sensible default set of DHCP options, and can be configured to
-send any desired set of DHCP options, inlcuding vendor-encapsulated
+send any desired set of DHCP options, including vendor-encapsulated
 options. It includes a secure, read-only,
 TFTP server to allow net/PXE boot of DHCP hosts and also supports BOOTP.
 .PP
@@ -52,6 +52,14 @@ time-to-live (in seconds) to be given for these replies. This will
 reduce the load on the server at the expense of clients using stale
 data under some circumstances.
 .TP
+.B --neg-ttl=<time>
+Negative replies from upstream servers normally contain time-to-live
+information in SOA records which dnsmasq uses for caching. If the
+replies from upstream servers omit this information, dnsmasq does not
+cache the reply. This option gives a default value for time-to-live
+(in seconds) which dnsmasq uses to cache negative replies even in 
+the absence of an SOA record. 
+.TP
 .B \-k, --keep-in-foreground
 Do not go into the background at startup but otherwise run as
 normal. This is intended for use when dnsmasq is run under daemontools
@@ -68,7 +76,25 @@ Log the results of DNS queries handled by dnsmasq. Enable a full cache dump on r
 .TP
 .B \-8, --log-facility=<facility>
 Set the facility to which dnsmasq will send syslog entries, this
-defaults to DAEMON, and to LOCAL0 when debug mode is in operation.
+defaults to DAEMON, and to LOCAL0 when debug mode is in operation. If
+the facility given contains at least one '/' character, it is taken to
+be a filename, and dnsmasq logs to the given file, instead of
+syslog. (Errors whilst reading configuration will still go to syslog,
+but all output from a successful startup, and all output whilst
+running, will go exclusively to the file.) When logging to a file,
+dnsmasq will close and reopen the file when it receives SIGUSR2. This 
+allows the log file to be rotated without stopping dnsmasq.
+.TP
+.B --log-async[=<lines>]
+Enable asynchronous logging and optionally set the limit on the
+number of lines
+which will be queued by dnsmasq when writing to the syslog is slow. 
+Dnsmasq can log asynchronously: this
+allows it to continue functioning without being blocked by syslog, and
+allows syslog to use dnsmasq for DNS queries without risking deadlock.
+If the queue of log-lines becomes full, dnsmasq will log the
+overflow, and the number of messages  lost. The default queue length is
+5, a sane value would be 5-25, and a maximum limit of 100 is imposed.
 .TP
 .B \-x, --pid-file=<path>
 Specify an alternate path for dnsmasq to record its process-id in. Normally /var/run/dnsmasq.pid.
@@ -87,8 +113,8 @@ as. The defaults to "dip", if available, to facilitate access to
 Print the version number.
 .TP
 .B \-p, --port=<port>
-Listen on <port> instead of the standard DNS port (53). Useful mainly for
-debugging.
+Listen on <port> instead of the standard DNS port (53). Setting this
+to zero completely disables DNS function, leaving only DHCP and/or TFTP.
 .TP
 .B \-P, --edns-packet-max=<size>
 Specify the largest EDNS.0 UDP packet which is supported by the DNS
@@ -96,9 +122,18 @@ forwarder. Defaults to 1280, which is the RFC2671-recommended maximum
 for ethernet.
 .TP
 .B \-Q, --query-port=<query_port>
-Send outbound DNS queries from, and listen for their replies on, the specific UDP port <query_port> instead of using one chosen at runtime.  Useful to simplify your
-firewall rules; without this, your firewall would have to allow connections from outside DNS servers to a range of UDP ports, or dynamically adapt to the
-port being used by the current dnsmasq instance.
+Send outbound DNS queries from, and listen for their replies on, the
+specific UDP port <query_port> instead of using random ports. NOTE
+that using this option will make dnsmasq less secure against DNS
+spoofing attacks but it may be faster and use less resources.  Setting this option
+to zero makes dnsmasq use a single port allocated to it by the
+OS: this was the default behaviour in versions prior to 2.43. 
+.TP
+.B --min-port=<port>
+Do not use ports less than that given as source for outbound DNS
+queries. Dnsmasq picks random ports as source for outbound queries:
+when this option is given, the ports used will always to larger
+than that specified. Useful for systems behind firewalls. 
 .TP
 .B \-i, --interface=<interface name>
 Listen only on the specified interface(s). Dnsmasq automatically adds
@@ -218,10 +253,21 @@ been built with DBus support.
 .TP 
 .B \-o, --strict-order
 By default, dnsmasq will send queries to any of the upstream servers
-it knows about and tries to favour servers to are known to
+it knows about and tries to favour servers that are known to
 be up. Setting this flag forces dnsmasq to try each query with each
 server strictly in the order they appear in /etc/resolv.conf
 .TP
+.B --all-servers
+By default, when dnsmasq has more than one upstream server available,
+it will send queries to just one server. Setting this flag forces
+dnsmasq to send all queries to all available servers. The reply from
+the server which answers first will be returned to the original requestor.
+.TP
+.B --stop-dns-rebind
+Reject (and log) addresses from upstream nameservers which are in the
+private IP ranges. This blocks an attack where a browser behind a
+firewall is used to probe machines on the local network.
+.TP
 .B \-n, --no-poll
 Don't poll /etc/resolv.conf for changes.
 .TP
@@ -235,8 +281,8 @@ Tells dnsmasq to never forward queries for plain names, without dots
 or domain parts, to upstream nameservers. If the name is not known
 from /etc/hosts or DHCP then a "not found" answer is returned.
 .TP
-.B \-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source>[#<port>]]]
-Specify IP address of upstream severs directly. Setting this flag does
+.B \-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]
+Specify IP address of upstream servers directly. Setting this flag does
 not suppress reading of /etc/resolv.conf, use -R to do that. If one or
 more 
 optional domains are given, that server is used only for those domains
@@ -266,13 +312,18 @@ is a synonym for
 .B server
 to make configuration files clearer in this case.
 
-The optional second IP address after the @ character tells
-dnsmasq how to set the source address of the queries to this
-nameserver. It should be an address belonging to the machine on which
+The optional string after the @ character tells
+dnsmasq how to set the source of the queries to this
+nameserver. It should be an ip-address, which should belong to the machine on which
 dnsmasq is running otherwise this server line will be logged and then
-ignored. The query-port flag is ignored for any servers which have a
+ignored, or an interface name. If an interface name is given, then
+queries to the server will be forced via that interface; if an
+ip-address is given then the source address of the queries will be set
+to that address.
+The query-port flag is ignored for any servers which have a
 source address specified but the port may be specified directly as
-part of the source address.
+part of the source address. Forcing queries to an interface is not
+implemented on all platforms supported by dnsmasq.
 .TP
 .B \-A, --address=/<domain>/[domain/]<ipaddr>
 Specify an IP address to return for any host in the given domains.
@@ -331,14 +382,27 @@ so  any number may be included, split by commas.
 .B --ptr-record=<name>[,<target>]
 Return a PTR DNS record.
 .TP
+.B --naptr-record=<name>,<order>,<preference>,<flags>,<service>,<regexp>[,<replacement>]
+Return an NAPTR DNS record, as specified in RFC3403.
+.TP
+.B --interface-name=<name>,<interface>
+Return a DNS record associating the name with the primary address on
+the given interface. This flag specifies an A record for the given
+name in the same way as an /etc/hosts line, except that the address is
+not constant, but taken from the given interface. If the interface is
+down, not configured or non-existent, an empty record is returned. The
+matching PTR record is also created, mapping the interface address to
+the name. More than one name may be associated with an interface
+address by repeating the flag; in that case the first instance is used
+for the reverse address-to-name mapping.
+.TP
 .B \-c, --cache-size=<cachesize>
 Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.
 .TP
 .B \-N, --no-negcache
 Disable negative caching. Negative caching allows dnsmasq to remember
 "no such domain" answers from upstream nameservers and answer
-identical queries without forwarding them again. This flag disables
-negative caching.
+identical queries without forwarding them again. 
 .TP
 .B \-0, --dns-forward-max=<queries>
 Set the maximum number of concurrent DNS queries. The default value is
@@ -353,7 +417,8 @@ in
 .B dhcp-host
 options. If the lease time is given, then leases
 will be given for that length of time. The lease time is in seconds,
-or minutes (eg 45m) or hours (eg 1h) or the literal "infinite". This
+or minutes (eg 45m) or hours (eg 1h) or the literal "infinite". The
+minimum lease time is two minutes. This
 option may be repeated, with different addresses, to enable DHCP
 service to more than one network. For directly connected networks (ie,
 networks on which the machine running dnsmasq has an interface) the
@@ -414,9 +479,12 @@ instance
 This is
 useful when there is another DHCP server on the network which should
 be used by some machines. The net:<network-id> sets the network-id tag
-whenever this dhcp-host directive is in use.
-This can be used to selectively send DHCP options just
-for this host.
+whenever this dhcp-host directive is in use.This can be used to 
+selectively send DHCP options just for this host. When a host matches any
+dhcp-host directive (or one implied by /etc/ethers) then the special
+network-id tag "known" is set. This allows dnsmasq to be configured to
+ignore requests from unknown machines using
+.B --dhcp-ignore=#known
 Ethernet addresses (but not client-ids) may have
 wildcard bytes, so for example 
 .B --dhcp-host=00:20:e0:3b:13:*,ignore 
@@ -429,6 +497,18 @@ ARP type by preceding them with the ARP-type (in HEX) and "-". so
 will only match a
 Token-Ring hardware address, since the ARP-address type for token ring
 is 6.
+.TP
+.B --dhcp-hostsfile=<file>
+Read DHCP host information from the specified file. The file contains 
+information about one host per line. The format of a line is the same
+as text to the right of '=' in --dhcp-host. The advantage of storing DHCP host information
+in this file is that it can be changed without re-starting dnsmasq:
+the file will be re-read when dnsmasq receives SIGHUP.
+.TP
+.B --dhcp-optsfile=<file>
+Read DHCP option information from the specified file. The advantage of 
+using this option is the same as for --dhcp-hostsfile: the
+dhcp-optsfile will be re-read when dnsmasq receives SIGHUP.
 .TP 
 .B \-Z, --read-ethers
 Read /etc/ethers for information about hosts for the DHCP server. The
@@ -436,21 +516,29 @@ format of /etc/ethers is a hardware address, followed by either a
 hostname or dotted-quad IP address. When read by dnsmasq these lines
 have exactly the same effect as
 .B --dhcp-host
-options containing the same information.
+options containing the same information. /etc/ethers is re-read when 
+dnsmasq receives SIGHUP.
 .TP
-.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][vendor:[<vendor-class>],]<opt>,[<value>[,<value>]]
+.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][vendor:[<vendor-class>],][<opt>|option:<opt-name>],[<value>[,<value>]]
 Specify different or extra options to DHCP clients. By default,
 dnsmasq sends some standard options to DHCP clients, the netmask and
 broadcast address are set to the same as the host running dnsmasq, and
 the DNS server and default route are set to the address of the machine
 running dnsmasq. If the domain name option has been set, that is sent.
-This option allows these defaults to be overridden,
-or other options specified. The <opt> is the number of the option, as
-specified in RFC2132. For example, to set the default route option to 
+This configuration allows these defaults to be overridden,
+or other options specified. The option, to be sent may be given as a
+decimal number or as "option:<option-name>" The option numbers are
+specified in RFC2132 and subsequent RFCs. The set of option-names
+known by dnsmasq can be discovered by running "dnsmasq --help dhcp".
+For example, to set the default route option to 
 192.168.4.4, do 
-.B --dhcp-option=3,192.168.4.4
+.B --dhcp-option=3,192.168.4.4 
+or
+.B --dhcp-option = option:router, 192.168.4.4
 and to set the time-server address to 192.168.0.4, do
-.B --dhcp-option=42,192.168.0.4
+.B --dhcp-option = 42,192.168.0.4 
+or 
+.B --dhcp-option = option:ntp-server, 192.168.0.4
 The special address 0.0.0.0 is taken to mean "the address of the
 machine running dnsmasq". Data types allowed are comma separated
 dotted-quad IP addresses, a decimal number, colon-separated hex digits
@@ -484,17 +572,35 @@ Encapsulated Vendor-class options may also be specified using
 sends the encapsulated vendor
 class-specific option "mftp-address=0.0.0.0" to any client whose
 vendor-class matches "PXEClient". The vendor-class matching is
-substring based (see --dhcp-vendorclass for details) and it is
+substring based (see --dhcp-vendorclass for details). If a
+vendor-class option (number 60) is sent by dnsmasq, then that is used 
+for selecting encapsulated options in preference to any sent by the
+client. It is
 possible to omit the vendorclass completely;
 .B --dhcp-option=vendor:,1,0.0.0.0
 in which case the encapsulated option is always sent.
 The address 0.0.0.0 is not treated specially in
 encapsulated vendor class options.
 .TP
+.B --dhcp-option-force=[<network-id>,[<network-id>,]][vendor:[<vendor-class>],]<opt>,[<value>[,<value>]]
+This works in exactly the same way as
+.B --dhcp-option
+except that the option will always be sent, even if the client does
+not ask for it in the parameter request list. This is sometimes
+needed, for example when sending options to PXELinux.
+.TP
+.B --dhcp-no-override
+Disable re-use of the DHCP servername and filename fields as extra
+option space. If it can, dnsmasq moves the boot server and filename
+information (from dhcp-boot) out of their dedicated fields into
+DHCP options. This make extra space available in the DHCP packet for
+options but can, rarely, confuse old or broken clients. This flag
+forces "simple and safe" behaviour to avoid problems in such a case.
+.TP
 .B \-U, --dhcp-vendorclass=<network-id>,<vendor-class>
-Map from a vendor-class string to a network id. Most DHCP clients provide a 
+Map from a vendor-class string to a network id tag. Most DHCP clients provide a 
 "vendor class" which represents, in some sense, the type of host. This option 
-maps vendor classes to network ids, so that DHCP options may be selectively delivered
+maps vendor classes to tags, so that DHCP options may be selectively delivered
 to different classes of hosts. For example 
 .B dhcp-vendorclass=printers,Hewlett-Packard JetDirect
 will allow options to be set only for HP printers like so:
@@ -504,34 +610,56 @@ substring matched against the vendor-class supplied by the client, to
 allow fuzzy matching.
 .TP
 .B \-j, --dhcp-userclass=<network-id>,<user-class>
-Map from a user-class string to a network id (with substring
+Map from a user-class string to a network id tag (with substring
 matching, like vendor classes). Most DHCP clients provide a 
 "user class" which is configurable. This option
-maps user classes to network ids, so that DHCP options may be selectively delivered
+maps user classes to tags, so that DHCP options may be selectively delivered
 to different classes of hosts. It is possible, for instance to use
 this to set a different printer server for hosts in the class
 "accounts" than for hosts in the class "engineering".
 .TP
 .B \-4, --dhcp-mac=<network-id>,<MAC address>
-Map from a MAC address to a network-id. The MAC address may include
+Map from a MAC address to a network-id tag. The MAC address may include
 wildcards. For example
 .B --dhcp-mac=3com,01:34:23:*:*:*
 will set the tag "3com" for any host whose MAC address matches the pattern.
 .TP
+.B --dhcp-circuitid=<network-id>,<circuit-id>, --dhcp-remoteid=<network-id>,<remote-id>
+Map from RFC3046 relay agent options to network-id tags. This data may
+be provided by DHCP relay agents. The circuit-id or remote-id is
+normally given as colon-separated hex, but is also allowed to be a
+simple string. If an exact match is achieved between the circuit or
+agent ID and one provided by a relay agent, the network-id tag is set.
+.TP
+.B --dhcp-subscrid=<network-id>,<subscriber-id>
+Map from RFC3993 subscriber-id relay agent options to network-id tags.
+.TP
+.B --dhcp-match=<network-id>,<option number>
+Set the network-id tag if the client sends a DHCP option of the given
+number. This can be used to identify particular clients which send
+information using private option numbers.
+.TP
 .B \-J, --dhcp-ignore=<network-id>[,<network-id>]
 When all the given network-ids match the set of network-ids derived
 from the net, host, vendor and user classes, ignore the host and do
 not allocate it a DHCP lease.
 .TP
-.B --dhcp-ignore-name[=<network-id>[,<network-id>]]
+.B --dhcp-ignore-names[=<network-id>[,<network-id>]]
 When all the given network-ids match the set of network-ids derived
 from the net, host, vendor and user classes, ignore any hostname
-provided by the host. Note that, unlike dhcp-ignore, it is permissable
+provided by the host. Note that, unlike dhcp-ignore, it is permissible
 to supply no netid tags, in which case DHCP-client supplied hostnames
 are always ignored, and DHCP hosts are added to the DNS using only
 dhcp-host configuration in dnsmasq and the contents of /etc/hosts and
 /etc/ethers.
 .TP
+.B --dhcp-broadcast=<network-id>[,<network-id>]
+When all the given network-ids match the set of network-ids derived
+from the net, host, vendor and user classes, always use broadcast to
+communicate with the host when it is unconfigured. Most DHCP clients which
+need broadcast replies set a flag in their requests so that this
+happens automatically, some old BOOTP clients do not.
+.TP
 .B \-M, --dhcp-boot=[net:<network-id>,]<filename>,[<servername>[,<server address>]]
 Set BOOTP options to be returned by the DHCP server. Server name and
 address are optional: if not provided, the name is left empty, and the
@@ -550,12 +678,20 @@ create thousands of leases and use lots of memory in the dnsmasq
 process.
 .TP
 .B \-K, --dhcp-authoritative
-Should be set when dnsmasq is definately the only DHCP server on a network.
+Should be set when dnsmasq is definitely the only DHCP server on a network.
 It changes the behaviour from strict RFC compliance so that DHCP requests on
 unknown leases from unknown hosts are not ignored. This allows new hosts
 to get a lease without a tedious timeout under all circumstances. It also 
 allows dnsmasq to rebuild its lease database without each client needing to 
-reaquire a lease, if the database is lost.
+reacquire a lease, if the database is lost.
+.TP
+.B --dhcp-alternate-port[=<server port>[,<client port>]]
+Change the ports used for DHCP from the default. If this option is
+given alone, without arguments, it changes the ports used for DHCP
+from 67 and 68 to 1067 and 1068. If a single argument is given, that
+port number is used for the server and the port number plus one used
+for the client. Finally, two port numbers allows arbitrary
+specification of both server and client ports for DHCP.
 .TP
 .B \-3, --bootp-dynamic
 Enable dynamic allocation of IP addresses to BOOTP clients. Use this
@@ -570,6 +706,10 @@ ICMP echo request (aka "ping") to the address in question. If it gets
 a reply, then the address must already be in use, and another is
 tried. This flag disables this check. Use with caution.
 .TP
+.B --log-dhcp
+Extra logging for DHCP: log all the options sent to DHCP clients and
+the netid tags used to determine them.
+.TP
 .B \-l, --dhcp-leasefile=<path>
 Use the specified file to store DHCP lease information. If this option
 is given but no dhcp-range option is given then dnsmasq version 1
@@ -602,26 +742,35 @@ since these data are not held in dnsmasq's lease
 database. If dnsmasq was compiled with HAVE_BROKEN_RTC, then
 the length of the lease (in seconds) is stored in
 DNSMASQ_LEASE_LENGTH, otherwise the time of lease expiry is stored in
-DNSMASQ_LEASE_EXPIRES. If a lease used to have a hostname, which is
+DNSMASQ_LEASE_EXPIRES. The number of seconds until lease expiry is
+always stored in DNSMASQ_TIME_REMAINING. 
+If a lease used to have a hostname, which is
 removed, an "old" event is generated with the new state of the lease, 
 ie no name, and the former name is provided in the environment 
-variable DNSMASQ_OLD_HOSTNAME.
-All file decriptors are
+variable DNSMASQ_OLD_HOSTNAME. DNSMASQ_INTERFACE stores the name of
+the interface on which the request arrived; this is not set for "old"
+actions when dnsmasq restarts.
+All file descriptors are
 closed except stdin, stdout and stderr which are open to /dev/null
 (except in debug mode).
 The script is not invoked concurrently: if subsequent lease 
 changes occur, the script is not invoked again until any existing 
-invokation exits. At dnsmasq startup, the script will be invoked for
+invocation exits. At dnsmasq startup, the script will be invoked for
 all existing leases as they are read from the lease file. Expired
 leases will be called with "del" and others with "old". <path>
-must be an absolute pathname, no PATH search occurs.
+must be an absolute pathname, no PATH search occurs. When dnsmasq
+receives a HUP signal, the script will be invoked for existing leases
+with an "old " event.
+.TP
+.B --dhcp-scriptuser
+Specify the user as which to run the lease-change script. This defaults to root, but can be changed to another user using this flag. 
 .TP 
 .B \-9, --leasefile-ro
 Completely suppress use of the lease database file. The file will not
 be created, read, or written. Change the way the lease-change
 script (if one is provided) is called, so that the lease database may
 be maintained in external storage by the script. In addition to the
-invokations  given in 
+invocations  given in 
 .B  --dhcp-script
 the lease-change script is called once, at dnsmasq startup, with the
 single argument "init". When called like this the script should write
@@ -633,7 +782,7 @@ to the client-id and lease length and expiry time.
 .B --bridge-interface=<interface>,<alias>[,<alias>]
 Treat DHCP request packets arriving at any of the <alias> interfaces
 as if they had arrived at <interface>. This option is only available
-on FreeBSD and Dragonfly BSD, and is necessary when using "old style" bridging, since
+on BSD platforms, and is necessary when using "old style" bridging, since
 packets arrive at tap interfaces which don't have an IP address.
 .TP
 .B \-s, --domain=<domain>
@@ -658,16 +807,25 @@ in /etc/resolv.conf (or equivalent).
 .TP
 .B --enable-tftp
 Enable the TFTP server function. This is deliberately limited to that
-needed to net-boot a client: Only reading is allowed, and only in
-binary/octet mode. The tsize and blksize extensions are supported.
+needed to net-boot a client. Only reading is allowed; the tsize and
+blksize extensions are supported (tsize is only supported in octet mode).
 .TP
 .B --tftp-root=<directory>
 Look for files to transfer using TFTP relative to the given
 directory. When this is set, TFTP paths which include ".." are
 rejected, to stop clients getting outside the specified root.
+Absolute paths (starting with /) are allowed, but they must be within
+the tftp-root.
+.TP
+.B --tftp-unique-root
+Add the IP address of the TFTP client as a path component on the end
+of the TFTP-root (in standard dotted-quad format). Only valid if a
+tftp-root is set and the directory exists. For instance, if tftp-root is "/tftp" and client 
+1.2.3.4 requests file "myfile" then the effective path will be
+"/tftp/1.2.3.4/myfile" if /tftp/1.2.3.4 exists or /tftp/myfile otherwise.
 .TP
 .B --tftp-secure
-Enable TFTP secure mode: without this, any file which is readble by
+Enable TFTP secure mode: without this, any file which is readable by
 the dnsmasq process under normal unix access-control rules is
 available via TFTP. When the --tftp-secure flag is given, only files
 owned by the user running the dnsmasq process are accessible. If
@@ -685,7 +843,23 @@ one file descriptor for each concurrent TFTP connection and one
 file descriptor per unique file (plus a few others). So serving the
 same file simultaneously to n clients will use require about n + 10 file
 descriptors, serving different files simultaneously to n clients will
-require about (2*n) + 10 descriptors.
+require about (2*n) + 10 descriptors. If 
+.B --tftp-port-range
+is given, that can affect the number of concurrent connections.
+.TP
+.B --tftp-no-blocksize
+Stop the TFTP server from negotiating the "blocksize" option with a
+client. Some buggy clients request this option but then behave badly
+when it is granted.
+.TP
+.B --tftp-port-range=<start>,<end>
+A TFTP server listens on a well-known port (69) for connection initiation,
+but it also uses a dynamically-allocated port for each
+connection. Normally these are allocated by the OS, but this option
+specifies a range of ports for use by TFTP transfers. This can be
+useful when TFTP has to traverse a firewall. The start of the range
+cannot be lower than 1025 unless dnsmasq is running as root. The number
+of concurrent TFTP connections is limited by the size of the port range. 
 .TP  
 .B \-C, --conf-file=<file>
 Specify a different configuration file. The conf-file option is also allowed in
@@ -712,14 +886,18 @@ in the OPTIONS section but without the leading "--". Lines starting with # are c
 options which may only be specified once, the configuration file overrides 
 the command line.  Quoting is allowed in a config file:
 between " quotes the special meanings of ,:. and # are removed and the
-following escapes are allowed: \\\\ \\" \\t \\a \\b \\r and \\n. The later 
-corresponding to tab, bell, backspace, return and newline.
+following escapes are allowed: \\\\ \\" \\t \\e \\b \\r and \\n. The later 
+corresponding to tab, escape, backspace, return and newline.
 .SH NOTES
 When it receives a SIGHUP, 
 .B dnsmasq 
 clears its cache and then re-loads 
-.I /etc/hosts.
-If 
+.I /etc/hosts
+and 
+.I /etc/ethers 
+and any file given by --dhcp-hostsfile, --dhcp-optsfile or --addn-hosts.
+The dhcp lease change script is called for all
+existing DHCP leases. If 
 .B
 --no-poll
 is set SIGHUP also re-reads
@@ -729,12 +907,36 @@ does NOT re-read the configuration file.
 .PP
 When it receives a SIGUSR1,
 .B dnsmasq 
-writes cache statistics to the system log. It writes the cache size,
+writes statistics to the system log. It writes the cache size,
 the number of names which have had to removed from the cache before
 they expired in order to make room for new names and the total number
-of names that have been inserted into the cache. In 
+of names that have been inserted into the cache. For each upstream
+server it gives the number of queries sent, and the number which
+resulted in an error. In 
 .B --no-daemon
-mode or when full logging is enabled (-q), a complete dump of the contents of the cache is made.
+mode or when full logging is enabled (-q), a complete dump of the
+contents of the cache is made.
+.PP 
+When it receives SIGUSR2 and it is logging direct to a file (see
+.B --log-facility
+) 
+.B dnsmasq
+will close and reopen the log file. Note that during this operation,
+dnsmasq will not be running as root. When it first creates the logfile
+dnsmasq changes the ownership of the file to the non-root user it will run
+as. Logrotate should be configured to create a new log file with
+the ownership which matches the existing one before sending SIGUSR2.
+If TCP DNS queries are in progress, the old logfile will remain open in
+child processes which are handling TCP queries and may continue to be
+written. There is a limit of 150 seconds, after which all existing TCP
+processes will have expired: for this reason, it is not wise to
+configure logfile compression for logfiles which have just been
+rotated. Using logrotate, the required options are 
+.B create 
+and
+.B delaycompress.
+
+ 
 .PP
 Dnsmasq is a DNS query forwarder: it it not capable of recursively
 answering arbitrary queries starting from the root servers but
@@ -835,9 +1037,30 @@ on a particular network. (Setting --bootp-dynamic removes the need for
 static address mappings.) The filename
 parameter in a BOOTP request is matched against netids in
 .B  dhcp-option 
-configurations, allowing some control over the options returned to
+configurations, as is the tag "bootp", allowing some control over the options returned to
 different classes of hosts.
 
+.SH EXIT CODES
+.PP
+0 - Dnsmasq successfully forked into the background, or terminated
+normally if backgrounding is not enabled.
+.PP
+1 - A problem with configuration was detected.
+.PP
+2 - A problem with network access occurred (address in use, attempt
+to use privileged ports without permission).
+.PP
+3 - A problem occurred with a filesystem operation (missing
+file/directory, permissions).
+.PP
+4 - Memory allocation failure.
+.PP
+5 - Other miscellaneous problem.
+.PP
+11 or greater - a non zero return code was received from the
+lease-script process "init" call. The exit code from dnsmasq is the
+script's exit code with 10 added. 
+
 .SH LIMITS
 The default values for resource limits in dnsmasq are generally
 conservative, and appropriate for embedded router type devices with
@@ -848,7 +1071,7 @@ following applies to dnsmasq-2.37: earlier versions did not scale as well.
 .PP
 Dnsmasq is capable of handling DNS and DHCP for at least a thousand
 clients. Clearly to do this the value of 
-.B --dhcp-max
+.B --dhcp-lease-max
 must be increased,
 and lease times should not be very short (less than one hour). The
 value of 

src/bpf.c

@@ -1,20 +1,22 @@
-/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
 
-#ifndef HAVE_LINUX_NETWORK
-
-#include <net/bpf.h>
+#if defined(HAVE_BSD_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
 
 static struct iovec ifconf = {
   .iov_base = NULL,
@@ -26,126 +28,7 @@ static struct iovec ifreq = {
   .iov_len = 0
 };
 
-void init_bpf(struct daemon *daemon)
-{
-  int i = 0;
-
-  while (1) 
-    {
-      /* useful size which happens to be sufficient */
-      if (expand_buf(&ifreq, sizeof(struct ifreq)))
-	{
-	  sprintf(ifreq.iov_base, "/dev/bpf%d", i++);
-	  if ((daemon->dhcp_raw_fd = open(ifreq.iov_base, O_RDWR, 0)) != -1)
-	    {
-	      int flags = fcntl(daemon->dhcp_raw_fd, F_GETFD);
-	      if (flags != -1)
-		fcntl(daemon->dhcp_raw_fd, F_SETFD, flags | FD_CLOEXEC); 
-	      return;
-	    }
-	}
-      if (errno != EBUSY)
-	die(_("cannot create DHCP BPF socket: %s"), NULL);
-    }	     
-}
-
-void send_via_bpf(struct daemon *daemon, struct dhcp_packet *mess, size_t len,
-		  struct in_addr iface_addr, struct ifreq *ifr)
-{
-   /* Hairy stuff, packet either has to go to the
-      net broadcast or the destination can't reply to ARP yet,
-      but we do know the physical address. 
-      Build the packet by steam, and send directly, bypassing
-      the kernel IP stack */
-  
-  struct ether_header ether; 
-  struct ip ip;
-  struct udphdr {
-    u16 uh_sport;               /* source port */
-    u16 uh_dport;               /* destination port */
-    u16 uh_ulen;                /* udp length */
-    u16 uh_sum;                 /* udp checksum */
-  } udp;
-  
-  u32 i, sum;
-  struct iovec iov[4];
-
-  /* Only know how to do ethernet on *BSD */
-  if (mess->htype != ARPHRD_ETHER || mess->hlen != ETHER_ADDR_LEN)
-    {
-      syslog(LOG_WARNING, _("DHCP request for unsupported hardware type (%d) received on %s"), 
-	     mess->htype, ifr->ifr_name);
-      return;
-    }
-   
-  ifr->ifr_addr.sa_family = AF_LINK;
-  if (ioctl(daemon->dhcpfd, SIOCGIFADDR, ifr) < 0)
-    return;
-  
-  memcpy(ether.ether_shost, LLADDR((struct sockaddr_dl *)&ifr->ifr_addr), ETHER_ADDR_LEN);
-  ether.ether_type = htons(ETHERTYPE_IP);
-  
-  if (ntohs(mess->flags) & 0x8000)
-    {
-      memset(ether.ether_dhost, 255,  ETHER_ADDR_LEN);
-      ip.ip_dst.s_addr = INADDR_BROADCAST;
-    }
-  else
-    {
-      memcpy(ether.ether_dhost, mess->chaddr, ETHER_ADDR_LEN); 
-      ip.ip_dst.s_addr = mess->yiaddr.s_addr;
-    }
-  
-  ip.ip_p = IPPROTO_UDP;
-  ip.ip_src.s_addr = iface_addr.s_addr;
-  ip.ip_len = htons(sizeof(struct ip) + 
-		    sizeof(struct udphdr) +
-		    len) ;
-  ip.ip_hl = sizeof(struct ip) / 4;
-  ip.ip_v = IPVERSION;
-  ip.ip_tos = 0;
-  ip.ip_id = htons(0);
-  ip.ip_off = htons(0x4000); /* don't fragment */
-  ip.ip_ttl = IPDEFTTL;
-  ip.ip_sum = 0;
-  for (sum = 0, i = 0; i < sizeof(struct ip) / 2; i++)
-    sum += ((u16 *)&ip)[i];
-  while (sum>>16)
-    sum = (sum & 0xffff) + (sum >> 16);  
-  ip.ip_sum = (sum == 0xffff) ? sum : ~sum;
-  
-  udp.uh_sport = htons(DHCP_SERVER_PORT);
-  udp.uh_dport = htons(DHCP_CLIENT_PORT);
-  if (len & 1)
-    ((char *)mess)[len] = 0; /* for checksum, in case length is odd. */
-  udp.uh_sum = 0;
-  udp.uh_ulen = sum = htons(sizeof(struct udphdr) + len);
-  sum += htons(IPPROTO_UDP);
-  for (i = 0; i < 4; i++)
-    sum += ((u16 *)&ip.ip_src)[i];
-  for (i = 0; i < sizeof(struct udphdr)/2; i++)
-    sum += ((u16 *)&udp)[i];
-  for (i = 0; i < (len + 1) / 2; i++)
-    sum += ((u16 *)mess)[i];
-  while (sum>>16)
-    sum = (sum & 0xffff) + (sum >> 16);
-  udp.uh_sum = (sum == 0xffff) ? sum : ~sum;
-  
-  ioctl(daemon->dhcp_raw_fd, BIOCSETIF, ifr);
-  
-  iov[0].iov_base = &ether;
-  iov[0].iov_len = sizeof(ether);
-  iov[1].iov_base = &ip;
-  iov[1].iov_len = sizeof(ip);
-  iov[2].iov_base = &udp;
-  iov[2].iov_len = sizeof(udp);
-  iov[3].iov_base = mess;
-  iov[3].iov_len = len;
-
-  while (writev(daemon->dhcp_raw_fd, iov, 4) == -1 && retry_send());
-}
-
-int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), int (*ipv6_callback)())
+int iface_enumerate(void *parm, int (*ipv4_callback)(), int (*ipv6_callback)())
 {
   char *ptr;
   struct ifreq *ifr;
@@ -186,14 +69,14 @@ int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), i
 	 an aligned buffer to avoid nasty complaints about 
 	 unaligned accesses. */
 #ifdef HAVE_SOCKADDR_SA_LEN
-      len = ((struct ifreq *)ptr)->ifr_addr.sa_len + IF_NAMESIZE;
+      len = ((struct ifreq *)ptr)->ifr_addr.sa_len + offsetof(struct ifreq, ifr_ifru);
 #else
       len = sizeof(struct ifreq);
 #endif
       if (!expand_buf(&ifreq, len))
 	goto err;
 
-      ifr = ifreq.iov_base;
+      ifr = (struct ifreq *)ifreq.iov_base;
       memcpy(ifr, ptr, len);
            
       if (ifr->ifr_addr.sa_family == AF_INET && ipv4_callback)
@@ -206,7 +89,7 @@ int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), i
 	  netmask = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr;
 	  if (ioctl(fd, SIOCGIFBRDADDR, ifr) != -1)
 	    broadcast = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr; 
-	  if (!((*ipv4_callback)(daemon, addr, 
+	  if (!((*ipv4_callback)(addr, 
 				 (int)if_nametoindex(ifr->ifr_name),
 				 netmask, broadcast, 
 				 parm)))
@@ -222,7 +105,7 @@ int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), i
 	      addr->s6_addr[2] = 0;
 	      addr->s6_addr[3] = 0;
 	    }
-	  if (!((*ipv6_callback)(daemon, addr,
+	  if (!((*ipv6_callback)(addr,
 				 (int)((struct sockaddr_in6 *)&ifr->ifr_addr)->sin6_scope_id,
 				 (int)if_nametoindex(ifr->ifr_name),
 				 parm)))
@@ -240,5 +123,128 @@ int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), i
 
   return ret;
 }
+#endif
+
+
+#if defined(HAVE_BSD_NETWORK)
+#include <net/bpf.h>
+
+void init_bpf(void)
+{
+  int i = 0;
+
+  while (1) 
+    {
+      /* useful size which happens to be sufficient */
+      if (expand_buf(&ifreq, sizeof(struct ifreq)))
+	{
+	  sprintf(ifreq.iov_base, "/dev/bpf%d", i++);
+	  if ((daemon->dhcp_raw_fd = open(ifreq.iov_base, O_RDWR, 0)) != -1)
+	    return;
+	}
+      if (errno != EBUSY)
+	die(_("cannot create DHCP BPF socket: %s"), NULL, EC_BADNET);
+    }	     
+}
+
+void send_via_bpf(struct dhcp_packet *mess, size_t len,
+		  struct in_addr iface_addr, struct ifreq *ifr)
+{
+   /* Hairy stuff, packet either has to go to the
+      net broadcast or the destination can't reply to ARP yet,
+      but we do know the physical address. 
+      Build the packet by steam, and send directly, bypassing
+      the kernel IP stack */
+  
+  struct ether_header ether; 
+  struct ip ip;
+  struct udphdr {
+    u16 uh_sport;               /* source port */
+    u16 uh_dport;               /* destination port */
+    u16 uh_ulen;                /* udp length */
+    u16 uh_sum;                 /* udp checksum */
+  } udp;
+  
+  u32 i, sum;
+  struct iovec iov[4];
+
+  /* Only know how to do ethernet on *BSD */
+  if (mess->htype != ARPHRD_ETHER || mess->hlen != ETHER_ADDR_LEN)
+    {
+      my_syslog(LOG_WARNING, _("DHCP request for unsupported hardware type (%d) received on %s"), 
+		mess->htype, ifr->ifr_name);
+      return;
+    }
+   
+  ifr->ifr_addr.sa_family = AF_LINK;
+  if (ioctl(daemon->dhcpfd, SIOCGIFADDR, ifr) < 0)
+    return;
+  
+  memcpy(ether.ether_shost, LLADDR((struct sockaddr_dl *)&ifr->ifr_addr), ETHER_ADDR_LEN);
+  ether.ether_type = htons(ETHERTYPE_IP);
+  
+  if (ntohs(mess->flags) & 0x8000)
+    {
+      memset(ether.ether_dhost, 255,  ETHER_ADDR_LEN);
+      ip.ip_dst.s_addr = INADDR_BROADCAST;
+    }
+  else
+    {
+      memcpy(ether.ether_dhost, mess->chaddr, ETHER_ADDR_LEN); 
+      ip.ip_dst.s_addr = mess->yiaddr.s_addr;
+    }
+  
+  ip.ip_p = IPPROTO_UDP;
+  ip.ip_src.s_addr = iface_addr.s_addr;
+  ip.ip_len = htons(sizeof(struct ip) + 
+		    sizeof(struct udphdr) +
+		    len) ;
+  ip.ip_hl = sizeof(struct ip) / 4;
+  ip.ip_v = IPVERSION;
+  ip.ip_tos = 0;
+  ip.ip_id = htons(0);
+  ip.ip_off = htons(0x4000); /* don't fragment */
+  ip.ip_ttl = IPDEFTTL;
+  ip.ip_sum = 0;
+  for (sum = 0, i = 0; i < sizeof(struct ip) / 2; i++)
+    sum += ((u16 *)&ip)[i];
+  while (sum>>16)
+    sum = (sum & 0xffff) + (sum >> 16);  
+  ip.ip_sum = (sum == 0xffff) ? sum : ~sum;
+  
+  udp.uh_sport = htons(daemon->dhcp_server_port);
+  udp.uh_dport = htons(daemon->dhcp_client_port);
+  if (len & 1)
+    ((char *)mess)[len] = 0; /* for checksum, in case length is odd. */
+  udp.uh_sum = 0;
+  udp.uh_ulen = sum = htons(sizeof(struct udphdr) + len);
+  sum += htons(IPPROTO_UDP);
+  sum += ip.ip_src.s_addr & 0xffff;
+  sum += (ip.ip_src.s_addr >> 16) & 0xffff;
+  sum += ip.ip_dst.s_addr & 0xffff;
+  sum += (ip.ip_dst.s_addr >> 16) & 0xffff;
+  for (i = 0; i < sizeof(struct udphdr)/2; i++)
+    sum += ((u16 *)&udp)[i];
+  for (i = 0; i < (len + 1) / 2; i++)
+    sum += ((u16 *)mess)[i];
+  while (sum>>16)
+    sum = (sum & 0xffff) + (sum >> 16);
+  udp.uh_sum = (sum == 0xffff) ? sum : ~sum;
+  
+  ioctl(daemon->dhcp_raw_fd, BIOCSETIF, ifr);
+  
+  iov[0].iov_base = &ether;
+  iov[0].iov_len = sizeof(ether);
+  iov[1].iov_base = &ip;
+  iov[1].iov_len = sizeof(ip);
+  iov[2].iov_base = &udp;
+  iov[2].iov_len = sizeof(udp);
+  iov[3].iov_base = mess;
+  iov[3].iov_len = len;
+
+  while (writev(daemon->dhcp_raw_fd, iov, 4) == -1 && retry_send());
+}
 
 #endif
+
+

src/cache.c

@@ -2,23 +2,27 @@
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
 
-static struct crec *cache_head, *cache_tail, **hash_table;
-static struct crec *dhcp_inuse, *dhcp_spare, *new_chain;
-static int cache_inserted, cache_live_freed, insert_error;
-static union bigname *big_free;
-static int bignames_left, log_queries, cache_size, hash_size;
-static int uid;
-static char *addrbuff;
+static struct crec *cache_head = NULL, *cache_tail = NULL, **hash_table = NULL;
+static struct crec *dhcp_spare = NULL, *new_chain = NULL;
+static int cache_inserted = 0, cache_live_freed = 0, insert_error;
+static union bigname *big_free = NULL;
+static int bignames_left, hash_size;
+static int uid = 0;
+static char *addrbuff = NULL;
 
 /* type->string mapping: this is also used by the name-hash function as a mixing table. */
 static const struct {
@@ -41,6 +45,7 @@ static const struct {
   { 25,  "KEY" },
   { 28,  "AAAA" },
   { 33,  "SRV" },
+  { 35,  "NAPTR" },
   { 36,  "KX" },
   { 37,  "CERT" },
   { 38,  "A6" },
@@ -59,36 +64,24 @@ static const struct {
 static void cache_free(struct crec *crecp);
 static void cache_unlink(struct crec *crecp);
 static void cache_link(struct crec *crecp);
-static char *record_source(struct hostsfile *add_hosts, int index);
 static void rehash(int size);
 static void cache_hash(struct crec *crecp);
 
-void cache_init(int size, int logq)
+void cache_init(void)
 {
   struct crec *crecp;
   int i;
 
-  if ((log_queries = logq))
+  if (daemon->options & OPT_LOG)
     addrbuff = safe_malloc(ADDRSTRLEN);
-  else
-    addrbuff = NULL;
-      
-  cache_head = cache_tail = NULL;
-  dhcp_inuse = dhcp_spare = NULL;
-  new_chain = NULL;
-  hash_table = NULL;
-  cache_size = size;
-  big_free = NULL;
-  bignames_left = size/10;
-  uid = 0;
-
-  cache_inserted = cache_live_freed = 0;
-
-  if (cache_size > 0)
+  
+  bignames_left = daemon->cachesize/10;
+  
+  if (daemon->cachesize > 0)
     {
-      crecp = safe_malloc(size*sizeof(struct crec));
+      crecp = safe_malloc(daemon->cachesize*sizeof(struct crec));
       
-      for (i=0; i<size; i++, crecp++)
+      for (i=0; i < daemon->cachesize; i++, crecp++)
 	{
 	  cache_link(crecp);
 	  crecp->flags = 0;
@@ -97,7 +90,7 @@ void cache_init(int size, int logq)
     }
   
   /* create initial hash table*/
-  rehash(cache_size);
+  rehash(daemon->cachesize);
 }
 
 /* In most cases, we create the hash table once here by calling this with (hash_table == NULL)
@@ -115,7 +108,7 @@ static void rehash(int size)
   /* must succeed in getting first instance, failure later is non-fatal */
   if (!hash_table)
     new = safe_malloc(new_size * sizeof(struct crec *));
-  else if (new_size <= hash_size || !(new = malloc(new_size * sizeof(struct crec *))))
+  else if (new_size <= hash_size || !(new = whine_malloc(new_size * sizeof(struct crec *))))
     return;
 
   for(i = 0; i < new_size; i++)
@@ -170,7 +163,7 @@ static void cache_hash(struct crec *crecp)
 	up = &((*up)->hash_next); 
       
       if (crecp->flags & F_IMMORTAL)
-	while (*up && (!(*up)->flags & F_IMMORTAL))
+	while (*up && !((*up)->flags & F_IMMORTAL))
 	  up = &((*up)->hash_next);
     }
   crecp->hash_next = *up;
@@ -238,17 +231,12 @@ char *cache_get_name(struct crec *crecp)
 
 static int is_outdated_cname_pointer(struct crec *crecp)
 {
-  struct crec *target = crecp->addr.cname.cache;
-
   if (!(crecp->flags & F_CNAME))
     return 0;
-
-  if (!target)
-    return 1;
-
-  if (crecp->addr.cname.uid == target->uid)
+  
+  if (crecp->addr.cname.cache && crecp->addr.cname.uid == crecp->addr.cname.cache->uid)
     return 0;
-
+  
   return 1;
 }
 
@@ -282,9 +270,7 @@ static int cache_scan_free(char *name, struct all_addr *addr, time_t now, unsign
   
   if (flags & F_FORWARD)
     {
-      for (up = hash_bucket(name), crecp = *up; 
-	   crecp && ((crecp->flags & F_REVERSE) || !(crecp->flags & F_IMMORTAL));
-	   crecp = crecp->hash_next)
+      for (up = hash_bucket(name), crecp = *up; crecp; crecp = crecp->hash_next)
 	if (is_expired(now, crecp) || is_outdated_cname_pointer(crecp))
 	  { 
 	    *up = crecp->hash_next;
@@ -370,20 +356,12 @@ void cache_start_insert(void)
 struct crec *cache_insert(char *name, struct all_addr *addr, 
 			  time_t now,  unsigned long ttl, unsigned short flags)
 {
-#ifdef HAVE_IPV6
-  int addrlen = (flags & F_IPV6) ? IN6ADDRSZ : INADDRSZ;
-#else
-  int addrlen = INADDRSZ;
-#endif
   struct crec *new;
   union bigname *big_name = NULL;
   int freed_all = flags & F_REVERSE;
+  int free_avail = 0;
 
-  log_query(flags | F_UPSTREAM, name, addr, 0, NULL, 0);
-
-  /* name is needed as workspace by log_query in this case */
-  if ((flags & F_NEG) && (flags & F_REVERSE))
-    name = NULL;
+  log_query(flags | F_UPSTREAM, name, addr, NULL);
 
   /* CONFIG bit no needed except for logging */
   flags &= ~F_CONFIG;
@@ -415,8 +393,19 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
     
     if (new->flags & (F_FORWARD | F_REVERSE))
       { 
+	/* If free_avail set, we believe that an entry has been freed.
+	   Bugs have been known to make this not true, resulting in
+	   a tight loop here. If that happens, abandon the
+	   insert. Once in this state, all inserts will probably fail. */
+	if (free_avail)
+	  {
+	    insert_error = 1;
+	    return NULL;
+	  }
+		
 	if (freed_all)
 	  {
+	    free_avail = 1; /* Must be free space now. */
 	    cache_scan_free(cache_get_name(new), &new->addr.addr, now, new->flags);
 	    cache_live_freed++;
 	  }
@@ -438,7 +427,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
 	    big_free = big_free->next;
 	  }
 	else if (!bignames_left ||
-		 !(big_name = (union bigname *)malloc(sizeof(union bigname))))
+		 !(big_name = (union bigname *)whine_malloc(sizeof(union bigname))))
 	  {
 	    insert_error = 1;
 	    return NULL;
@@ -459,12 +448,14 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
       new->name.bname = big_name;
       new->flags |= F_BIGNAME;
     }
+
   if (name)
     strcpy(cache_get_name(new), name);
   else
     *cache_get_name(new) = 0;
+
   if (addr)
-    memcpy(&new->addr.addr, addr, addrlen);
+    new->addr.addr = *addr;
   else
     new->addr.cname.cache = NULL;
   
@@ -509,7 +500,8 @@ struct crec *cache_find_by_name(struct crec *crecp, char *name, time_t now, unsi
       /* first search, look for relevant entries and push to top of list
 	 also free anything which has expired */
       struct crec *next, **up, **insert = NULL, **chainp = &ans;
-         
+      int ins_flags = 0;
+      
       for (up = hash_bucket(name), crecp = *up; crecp; crecp = next)
 	{
 	  next = crecp->hash_next;
@@ -531,20 +523,27 @@ struct crec *cache_find_by_name(struct crec *crecp, char *name, time_t now, unsi
 		      cache_link(crecp);
 		    }
 	      	      
-		  /* move all but the first entry up the hash chain
-		     this implements round-robin */
-		  if (!insert)
-		    {
-		      insert = up; 
-		      up = &crecp->hash_next; 
-		    }
-		  else
+		  /* Move all but the first entry up the hash chain
+		     this implements round-robin. 
+		     Make sure that re-ordering doesn't break the hash-chain
+		     order invariants. 
+		  */
+		  if (insert && (crecp->flags & (F_REVERSE | F_IMMORTAL)) == ins_flags)
 		    {
 		      *up = crecp->hash_next;
 		      crecp->hash_next = *insert;
 		      *insert = crecp;
 		      insert = &crecp->hash_next;
 		    }
+		  else
+		    {
+		      if (!insert)
+			{
+			  insert = up;
+			  ins_flags = crecp->flags & (F_REVERSE | F_IMMORTAL);
+			}
+		      up = &crecp->hash_next; 
+		    }
 		}
 	      else
 		/* case : not expired, incorrect entry. */
@@ -601,8 +600,7 @@ struct crec *cache_find_by_addr(struct crec *crecp, struct all_addr *addr,
 	      crecp = crecp->hash_next)
 	   if (!is_expired(now, crecp))
 	     {      
-	       if ((crecp->flags & F_REVERSE) && 
-		   (crecp->flags & prot) &&
+	       if ((crecp->flags & prot) &&
 		   memcmp(&crecp->addr.addr, addr, addrlen) == 0)
 		 {	    
 		   if (crecp->flags & (F_HOSTS | F_DHCP))
@@ -694,7 +692,7 @@ static int read_hostsfile(char *filename, int opts, char *buff, char *domain_suf
 
   if (!f)
     {
-      syslog(LOG_ERR, _("failed to load names from %s: %m"), filename);
+      my_syslog(LOG_ERR, _("failed to load names from %s: %s"), filename, strerror(errno));
       return 0;
     }
     
@@ -728,7 +726,7 @@ static int read_hostsfile(char *filename, int opts, char *buff, char *domain_suf
 #endif
       else
 	{
-	  syslog(LOG_ERR, _("bad address at %s line %d"), filename, lineno); 
+	  my_syslog(LOG_ERR, _("bad address at %s line %d"), filename, lineno); 
 	  continue;
 	}
 
@@ -752,12 +750,13 @@ static int read_hostsfile(char *filename, int opts, char *buff, char *domain_suf
      while ((token = strtok(NULL, " \t\n\r")) && (*token != '#'))
        {
 	 struct crec *cache;
+	 int fqdn = !!strchr(token, '.');
 	 if (canonicalise(token))
 	   {
 	     /* If set, add a version of the name with a default domain appended */
-	     if ((opts & OPT_EXPAND) && domain_suffix && !strchr(token, '.') && 
-		 (cache = malloc(sizeof(struct crec) + 
-				 strlen(token)+2+strlen(domain_suffix)-SMALLDNAME)))
+	     if ((opts & OPT_EXPAND) && domain_suffix && !fqdn && 
+		 (cache = whine_malloc(sizeof(struct crec) + 
+				       strlen(token)+2+strlen(domain_suffix)-SMALLDNAME)))
 	       {
 		 strcpy(cache->name.sname, token);
 		 strcat(cache->name.sname, ".");
@@ -766,7 +765,7 @@ static int read_hostsfile(char *filename, int opts, char *buff, char *domain_suf
 		 addr_dup = 1;
 		 name_count++;
 	       }
-	     if ((cache = malloc(sizeof(struct crec) + strlen(token)+1-SMALLDNAME)))
+	     if ((cache = whine_malloc(sizeof(struct crec) + strlen(token)+1-SMALLDNAME)))
 	       {
 		 strcpy(cache->name.sname, token);
 		 add_hosts_entry(cache, &addr, addrlen, flags, index, addr_dup);
@@ -774,14 +773,14 @@ static int read_hostsfile(char *filename, int opts, char *buff, char *domain_suf
 	       }
 	   }
 	 else
-	   syslog(LOG_ERR, _("bad name at %s line %d"), filename, lineno); 
+	   my_syslog(LOG_ERR, _("bad name at %s line %d"), filename, lineno); 
        }
     }
   
   fclose(f);
   rehash(name_count);
 
-  syslog(LOG_INFO, _("read %s - %d addresses"), filename, addr_count);
+  my_syslog(LOG_INFO, _("read %s - %d addresses"), filename, addr_count);
 
   return name_count;
 }
@@ -789,7 +788,7 @@ static int read_hostsfile(char *filename, int opts, char *buff, char *domain_suf
 void cache_reload(int opts, char *buff, char *domain_suffix, struct hostsfile *addn_hosts)
 {
   struct crec *cache, **up, *tmp;
-  int i, total_size = cache_size;
+  int i, total_size = daemon->cachesize;
 
   cache_inserted = cache_live_freed = 0;
   
@@ -818,8 +817,8 @@ void cache_reload(int opts, char *buff, char *domain_suffix, struct hostsfile *a
   
   if ((opts & OPT_NO_HOSTS) && !addn_hosts)
     {
-      if (cache_size > 0)
-	syslog(LOG_INFO, _("cleared cache"));
+      if (daemon->cachesize > 0)
+	my_syslog(LOG_INFO, _("cleared cache"));
       return;
     }
 
@@ -834,68 +833,74 @@ void cache_reload(int opts, char *buff, char *domain_suffix, struct hostsfile *a
 
 void cache_unhash_dhcp(void)
 {
-  struct crec *tmp, *cache, **up;
+  struct crec *cache, **up;
   int i;
 
   for (i=0; i<hash_size; i++)
     for (cache = hash_table[i], up = &hash_table[i]; cache; cache = cache->hash_next)
       if (cache->flags & F_DHCP)
-	*up = cache->hash_next;
+	{
+	  *up = cache->hash_next;
+	  cache->next = dhcp_spare;
+	  dhcp_spare = cache;
+	}
       else
 	up = &cache->hash_next;
-
-  /* prev field links all dhcp entries */
-  for (cache = dhcp_inuse; cache; cache = tmp)
-    {
-      tmp = cache->prev;
-      cache->prev = dhcp_spare;
-      dhcp_spare = cache;
-    }
-    
-  dhcp_inuse = NULL;
 }
 
-void cache_add_dhcp_entry(struct daemon *daemon, char *host_name, 
+void cache_add_dhcp_entry(char *host_name, 
 			  struct in_addr *host_address, time_t ttd) 
 {
-  struct crec *crec;
+  struct crec *crec = NULL;
   unsigned short flags =  F_DHCP | F_FORWARD | F_IPV4 | F_REVERSE;
+  int in_hosts = 0;
 
   if (!host_name)
     return;
 
-  if ((crec = cache_find_by_name(NULL, host_name, 0, F_IPV4 | F_CNAME)))
+  while ((crec = cache_find_by_name(crec, host_name, 0, F_IPV4 | F_CNAME)))
     {
+      /* check all addresses associated with name */
       if (crec->flags & F_HOSTS)
 	{
 	  if (crec->addr.addr.addr.addr4.s_addr != host_address->s_addr)
 	    {
 	      strcpy(daemon->namebuff, inet_ntoa(crec->addr.addr.addr.addr4));
-	      syslog(LOG_WARNING, 
-		     _("not giving name %s to the DHCP lease of %s because "
-		       "the name exists in %s with address %s"), 
-		     host_name, inet_ntoa(*host_address),
-		     record_source(daemon->addn_hosts, crec->uid), daemon->namebuff);
+	      my_syslog(LOG_WARNING, 
+			_("not giving name %s to the DHCP lease of %s because "
+			  "the name exists in %s with address %s"), 
+			host_name, inet_ntoa(*host_address),
+			record_source(daemon->addn_hosts, crec->uid), daemon->namebuff);
+	      return;
 	    }
-	  return;
+	  else
+	    /* if in hosts, don't need DHCP record */
+	    in_hosts = 1;
 	}
       else if (!(crec->flags & F_DHCP))
-	cache_scan_free(host_name, NULL, 0, crec->flags & (F_IPV4 | F_CNAME | F_FORWARD));
-    }
- 
-  if ((crec = cache_find_by_addr(NULL, (struct all_addr *)host_address, 0, F_IPV4)))
-    {
-      if (crec->flags & F_NEG)
-	cache_scan_free(NULL, (struct all_addr *)host_address, 0, F_IPV4 | F_REVERSE);
-      else
-	/* avoid multiple reverse mappings */
-	flags &= ~F_REVERSE;
+	{
+	  cache_scan_free(host_name, NULL, 0, crec->flags & (F_IPV4 | F_CNAME | F_FORWARD));
+	  /* scan_free deletes all addresses associated with name */
+	  break;
+	}
     }
+  
+   if (in_hosts)
+    return;
 
-  if ((crec = dhcp_spare))
-    dhcp_spare = dhcp_spare->prev;
+   if ((crec = cache_find_by_addr(NULL, (struct all_addr *)host_address, 0, F_IPV4)))
+     {
+       if (crec->flags & F_NEG)
+	 cache_scan_free(NULL, (struct all_addr *)host_address, 0, F_IPV4 | F_REVERSE);
+       else
+	 /* avoid multiple reverse mappings */
+	 flags &= ~F_REVERSE;
+     }
+   
+   if ((crec = dhcp_spare))
+    dhcp_spare = dhcp_spare->next;
   else /* need new one */
-    crec = malloc(sizeof(struct crec));
+    crec = whine_malloc(sizeof(struct crec));
   
   if (crec) /* malloc may fail */
     {
@@ -906,75 +911,99 @@ void cache_add_dhcp_entry(struct daemon *daemon, char *host_name,
 	crec->ttd = ttd;
       crec->addr.addr.addr.addr4 = *host_address;
       crec->name.namep = host_name;
-      crec->prev = dhcp_inuse;
-      dhcp_inuse = crec;
       cache_hash(crec);
     }
 }
 
-
-
-void dump_cache(struct daemon *daemon, time_t now)
+void dump_cache(time_t now)
 {
-  syslog(LOG_INFO, _("time %lu, cache size %d, %d/%d cache insertions re-used unexpired cache entries."), 
-	 (unsigned long)now, daemon->cachesize, cache_live_freed, cache_inserted); 
+  struct server *serv, *serv1;
+
+  my_syslog(LOG_INFO, _("time %lu"), (unsigned long)now);
+  my_syslog(LOG_INFO, _("cache size %d, %d/%d cache insertions re-used unexpired cache entries."), 
+	    daemon->cachesize, cache_live_freed, cache_inserted);
+  my_syslog(LOG_INFO, _("queries forwarded %u, queries answered locally %u"), 
+	    daemon->queries_forwarded, daemon->local_answer);
+
+  if (!addrbuff && !(addrbuff = whine_malloc(ADDRSTRLEN)))
+    return;
+
+  /* sum counts from different records for same server */
+  for (serv = daemon->servers; serv; serv = serv->next)
+    serv->flags &= ~SERV_COUNTED;
   
-  if ((daemon->options & (OPT_DEBUG | OPT_LOG)) &&
-      (addrbuff || (addrbuff = malloc(ADDRSTRLEN))))
+  for (serv = daemon->servers; serv; serv = serv->next)
+    if (!(serv->flags & (SERV_NO_ADDR | SERV_LITERAL_ADDRESS | SERV_COUNTED)))
+      {
+	int port;
+	unsigned int queries = 0, failed_queries = 0;
+	for (serv1 = serv; serv1; serv1 = serv1->next)
+	  if (!(serv1->flags & (SERV_NO_ADDR | SERV_LITERAL_ADDRESS | SERV_COUNTED)) && sockaddr_isequal(&serv->addr, &serv1->addr))
+	    {
+	      serv1->flags |= SERV_COUNTED;
+	      queries += serv1->queries;
+	      failed_queries += serv1->failed_queries;
+	    }
+	port = prettyprint_addr(&serv->addr, addrbuff);
+	my_syslog(LOG_INFO, _("server %s#%d: queries sent %u, retried or failed %u"), addrbuff, port, queries, failed_queries);
+      }
+  
+  if ((daemon->options & (OPT_DEBUG | OPT_LOG)))
     {
       struct crec *cache ;
       int i;
-      syslog(LOG_DEBUG, "Host                                     Address                        Flags     Expires");
+      my_syslog(LOG_DEBUG, "Host                                     Address                        Flags     Expires");
     
       for (i=0; i<hash_size; i++)
 	for (cache = hash_table[i]; cache; cache = cache->hash_next)
 	  {
+	    char *a, *p = daemon->namebuff;
+	    p += sprintf(p, "%-40.40s ", cache_get_name(cache));
 	    if ((cache->flags & F_NEG) && (cache->flags & F_FORWARD))
-	      addrbuff[0] = 0;
+	      a = ""; 
 	    else if (cache->flags & F_CNAME) 
 	      {
-		addrbuff[0] = 0;
-		addrbuff[ADDRSTRLEN-1] = 0;
+		a = "";
 		if (!is_outdated_cname_pointer(cache))
-		  strncpy(addrbuff, cache_get_name(cache->addr.cname.cache), ADDRSTRLEN);
+		  a = cache_get_name(cache->addr.cname.cache);
 	      }
 #ifdef HAVE_IPV6
-	    else if (cache->flags & F_IPV4)
-	      inet_ntop(AF_INET, &cache->addr.addr, addrbuff, ADDRSTRLEN);
-	    else if (cache->flags & F_IPV6)
-	      inet_ntop(AF_INET6, &cache->addr.addr, addrbuff, ADDRSTRLEN);
+	    else 
+	      { 
+		a = addrbuff;
+		if (cache->flags & F_IPV4)
+		  inet_ntop(AF_INET, &cache->addr.addr, addrbuff, ADDRSTRLEN);
+		else if (cache->flags & F_IPV6)
+		  inet_ntop(AF_INET6, &cache->addr.addr, addrbuff, ADDRSTRLEN);
+	      }
 #else
             else 
-	      strcpy(addrbuff, inet_ntoa(cache->addr.addr.addr.addr4));
+	      a = inet_ntoa(cache->addr.addr.addr.addr4);
 #endif
-	    syslog(LOG_DEBUG, 
+	    p += sprintf(p, "%-30.30s %s%s%s%s%s%s%s%s%s%s  ", a, 
+			 cache->flags & F_IPV4 ? "4" : "",
+			 cache->flags & F_IPV6 ? "6" : "",
+			 cache->flags & F_CNAME ? "C" : "",
+			 cache->flags & F_FORWARD ? "F" : " ",
+			 cache->flags & F_REVERSE ? "R" : " ",
+			 cache->flags & F_IMMORTAL ? "I" : " ",
+			 cache->flags & F_DHCP ? "D" : " ",
+			 cache->flags & F_NEG ? "N" : " ",
+			 cache->flags & F_NXDOMAIN ? "X" : " ",
+			 cache->flags & F_HOSTS ? "H" : " ");
 #ifdef HAVE_BROKEN_RTC
-		   "%-40.40s %-30.30s %s%s%s%s%s%s%s%s%s%s  %lu",
+	    p += sprintf(p, "%lu", cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now));
 #else
-		   "%-40.40s %-30.30s %s%s%s%s%s%s%s%s%s%s  %s",
+	    p += sprintf(p, "%s", cache->flags & F_IMMORTAL ? "\n" : ctime(&(cache->ttd)));
+	    /* ctime includes trailing \n - eat it */
+	    *(p-1) = 0;
 #endif
-		   cache_get_name(cache), addrbuff,
-		   cache->flags & F_IPV4 ? "4" : "",
-		   cache->flags & F_IPV6 ? "6" : "",
-		   cache->flags & F_CNAME ? "C" : "",
-		   cache->flags & F_FORWARD ? "F" : " ",
-		   cache->flags & F_REVERSE ? "R" : " ",
-		   cache->flags & F_IMMORTAL ? "I" : " ",
-		   cache->flags & F_DHCP ? "D" : " ",
-		   cache->flags & F_NEG ? "N" : " ",
-		   cache->flags & F_NXDOMAIN ? "X" : " ",
-		   cache->flags & F_HOSTS ? "H" : " ",
-#ifdef HAVE_BROKEN_RTC
-		   cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now)
-#else
-	           cache->flags & F_IMMORTAL ? "\n" : ctime(&(cache->ttd)) 
-#endif
-		   );
-	  }  
-    } 
+	    my_syslog(LOG_DEBUG, daemon->namebuff);
+	  }
+    }
 }
 
-static char *record_source(struct hostsfile *addn_hosts, int index)
+char *record_source(struct hostsfile *addn_hosts, int index)
 {
   char *source = HOSTSFILE;
   while (addn_hosts)
@@ -990,62 +1019,74 @@ static char *record_source(struct hostsfile *addn_hosts, int index)
   return source;
 }
 
-void log_query(unsigned short flags, char *name, struct all_addr *addr, 
-	       unsigned short type, struct hostsfile *addn_hosts, int index)
+void querystr(char *str, unsigned short type)
 {
-  char *source;
-  char *verb = "is";
-  char types[20];
+  unsigned int i;
   
-  if (!log_queries)
+  sprintf(str, "query[type=%d]", type); 
+  for (i = 0; i < (sizeof(typestr)/sizeof(typestr[0])); i++)
+    if (typestr[i].type == type)
+      sprintf(str,"query[%s]", typestr[i].name);
+}
+
+void log_query(unsigned short flags, char *name, struct all_addr *addr, char *arg)
+{
+  char *source, *dest = addrbuff;
+  char *verb = "is";
+  
+  if (!(daemon->options & OPT_LOG))
     return;
+
+  if (addr)
+    {
+#ifdef HAVE_IPV6
+      inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6,
+		addr, addrbuff, ADDRSTRLEN);
+#else
+      strncpy(addrbuff, inet_ntoa(addr->addr.addr4), ADDRSTRLEN);  
+#endif
+    }
+
+  if (flags & F_REVERSE)
+    {
+      dest = name;
+      name = addrbuff;
+    }
   
   if (flags & F_NEG)
     {
-      if (flags & F_REVERSE)
-#ifdef HAVE_IPV6
-	inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6,
-		  addr, name, MAXDNAME);
-#else
-        strcpy(name, inet_ntoa(addr->addr.addr4));  
-#endif
-	      
       if (flags & F_NXDOMAIN)
-	strcpy(addrbuff, "<NXDOMAIN>");
+	{
+	  if (flags & F_IPV4)
+	    dest = "NXDOMAIN-IPv4";
+	  else if (flags & F_IPV6)
+	    dest = "NXDOMAIN-IPv6";
+	  else
+	    dest = "NXDOMAIN";
+	}
       else
-	strcpy(addrbuff, "<NODATA>");
-      
-      if (flags & F_IPV4)
-	strcat(addrbuff, "-IPv4");
-      else if (flags & F_IPV6)
-	strcat(addrbuff, "-IPv6");
+	{      
+	  if (flags & F_IPV4)
+	    dest = "NODATA-IPv4";
+	  else if (flags & F_IPV6)
+	    dest = "NODATA-IPv6";
+	  else
+	    dest = "NODATA";
+	}
     }
   else if (flags & F_CNAME)
     {
-      /* nasty abuse of IPV4 and IPV6 flags */
-      if (flags & F_IPV4)
-	strcpy(addrbuff, "<MX>");
-      else if (flags & F_IPV6)
-	strcpy(addrbuff, "<SRV>");
-      else if (flags & F_NXDOMAIN)
-	strcpy(addrbuff, "<TXT>");
-      else if (flags & F_BIGNAME)
-	strcpy(addrbuff, "<PTR>");
+      /* nasty abuse of NXDOMAIN and CNAME flags */
+      if (flags & F_NXDOMAIN)
+	dest = arg;
       else
-	strcpy(addrbuff, "<CNAME>");
+	dest = "<CNAME>";
     }
-  else
-#ifdef HAVE_IPV6
-    inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6,
-	      addr, addrbuff, ADDRSTRLEN);
-#else
-    strcpy(addrbuff, inet_ntoa(addr->addr.addr4));  
-#endif
     
   if (flags & F_DHCP)
     source = "DHCP";
   else if (flags & F_HOSTS)
-    source = record_source(addn_hosts, index);
+    source = arg;
   else if (flags & F_CONFIG)
     source = "config";
   else if (flags & F_UPSTREAM)
@@ -1057,16 +1098,7 @@ void log_query(unsigned short flags, char *name, struct all_addr *addr,
     }
   else if (flags & F_QUERY)
     {
-      unsigned int i;
-      
-      if (type != 0)
-        {
-          sprintf(types, "query[type=%d]", type); 
-          for (i = 0; i < (sizeof(typestr)/sizeof(typestr[0])); i++)
-	    if (typestr[i].type == type)
-	      sprintf(types,"query[%s]", typestr[i].name);
-	}
-      source = types;
+      source = arg;
       verb = "from";
     }
   else
@@ -1075,9 +1107,6 @@ void log_query(unsigned short flags, char *name, struct all_addr *addr,
   if (strlen(name) == 0)
     name = ".";
 
-  if ((flags & F_FORWARD) | (flags & F_NEG))
-    syslog(LOG_DEBUG, "%s %s %s %s", source, name, verb, addrbuff);
-  else if (flags & F_REVERSE)
-    syslog(LOG_DEBUG, "%s %s is %s", source, addrbuff, name);
+  my_syslog(LOG_DEBUG, "%s %s %s %s", source, name, verb, dest);
 }
 

src/config.h

@@ -1,22 +1,27 @@
-/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#define VERSION "2.37"
+#define VERSION "2.44"
 
 #define FTABSIZ 150 /* max number of outstanding requests (default) */
 #define MAX_PROCS 20 /* max no children for TCP requests */
 #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
 #define EDNS_PKTSZ 1280 /* default max EDNS.0 UDP packet from RFC2671 */
 #define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */
+#define RANDOM_SOCKS 64 /* max simultaneous random ports */
 #define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */
 #define CACHESIZ 150 /* default cache size */
 #define MAXLEASES 150 /* maximum number of DHCP leases */
@@ -35,6 +40,8 @@
 #define RUNFILE "/var/run/dnsmasq.pid"
 #if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__)
 #   define LEASEFILE "/var/db/dnsmasq.leases"
+#elif defined(__sun__) || defined (__sun)
+#   define LEASEFILE "/var/cache/dnsmasq.leases"
 #else
 #   define LEASEFILE "/var/lib/misc/dnsmasq.leases"
 #endif
@@ -48,8 +55,12 @@
 #define CHGRP "dip"
 #define DHCP_SERVER_PORT 67
 #define DHCP_CLIENT_PORT 68
+#define DHCP_SERVER_ALTPORT 1067
+#define DHCP_CLIENT_ALTPORT 1068
 #define TFTP_PORT 69
 #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */
+#define LOG_MAX 5 /* log-queue length */
+#define RANDFILE "/dev/urandom"
 
 /* DBUS interface specifics */
 #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq"
@@ -78,22 +89,17 @@
 #endif
 
 
-/* Get linux C library versions. */
-#if defined(__linux__) && !defined(__UCLIBC__) && !defined(__uClinux__)
-/*#  include <libio.h> */
-#  include <features.h> 
-#endif
-
-
 /* Follows system specific switches. If you run on a 
    new system, you may want to edit these. 
    May replace this with Autoconf one day. 
 
 HAVE_LINUX_NETWORK
-   define this to do networking the Linux way. When it's defined, the code will
-   use IP_PKTINFO, Linux capabilities and the RTnetlink system. If it's not defined,
-   a few facilities will be lost, namely support for multiple addresses on an interface,
-   DNS query retransmission, and (on some systems) wildcard interface binding.
+HAVE_BSD_NETWORK
+HAVE_SOLARIS_NETWORK
+   define exactly one of these to alter interaction with kernel networking.
+
+HAVE_SOLARIS_PRIVS
+   define for Solaris > 10 which can split privileges.
 
 HAVE_BROKEN_RTC
    define this on embedded systems which don't have an RTC
@@ -123,19 +129,6 @@ HAVE_ARC4RANDOM
    define this if you have arc4random() to get better security from DNS spoofs
    by using really random ids (OpenBSD) 
 
-HAVE_RANDOM
-   define this if you have the 4.2BSD random() function (and its
-   associated srandom() function), which is at least as good as (if not
-   better than) the rand() function.
-
-HAVE_DEV_RANDOM
-   define this if you have the /dev/random device, which gives truly
-   random numbers but may run out of random numbers.
-
-HAVE_DEV_URANDOM
-   define this if you have the /dev/urandom device, which gives
-   semi-random numbers when it runs out of truly random numbers.
-
 HAVE_SOCKADDR_SA_LEN
    define this if struct sockaddr has sa_len field (*BSD) 
 
@@ -144,27 +137,27 @@ HAVE_DBUS
    define some methods to allow (re)configuration of the upstream DNS 
    servers via DBus.
 
+HAVE_BSD_BRIDGE
+   Define this to enable the --bridge-interface option, useful on some
+   BSD systems.
+
+HAVE_LARGFILE
+   Define this if the C library supports large (>2GB) files probably true everywhere 
+   except some builds of uclibc
+
 NOTES:
    For Linux you should define 
       HAVE_LINUX_NETWORK
       HAVE_GETOPT_LONG
-      HAVE_RANDOM
-      HAVE_DEV_RANDOM
-      HAVE_DEV_URANDOM
   you should NOT define 
       HAVE_ARC4RANDOM
       HAVE_SOCKADDR_SA_LEN
 
    For *BSD systems you should define 
+     HAVE_BSD_NETWORK
      HAVE_SOCKADDR_SA_LEN
-     HAVE_RANDOM
-   you should NOT define  
-     HAVE_LINUX_NETWORK 
    and you MAY define  
      HAVE_ARC4RANDOM - OpenBSD and FreeBSD and NetBSD version 2.0 or later
-     HAVE_DEV_URANDOM - OpenBSD and FreeBSD and NetBSD
-     HAVE_DEV_RANDOM - FreeBSD  and NetBSD 
-                       (OpenBSD with hardware random number generator)
      HAVE_GETOPT_LONG - NetBSD, later FreeBSD 
                        (FreeBSD and OpenBSD only if you link GNU getopt) 
 
@@ -180,7 +173,7 @@ NOTES:
 #  error HAVE_ISC_READER is not compatible with HAVE_BROKEN_RTC
 #endif
 
-/* Allow TFTP to be disabled with CFLAGS=-DNO_TFTP */
+/* Allow TFTP to be disabled with COPTS=-DNO_TFTP */
 #ifdef NO_TFTP
 #undef HAVE_TFTP
 #endif
@@ -192,13 +185,11 @@ NOTES:
 #define HAVE_LINUX_NETWORK
 #define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
 /* Never use fork() on uClinux. Note that this is subtly different from the
    --keep-in-foreground option, since it also  suppresses forking new 
-   processes for TCP connections. It's intended for use on MMU-less kernels. */
+   processes for TCP connections and disables the call-a-script on leasechange
+   system. It's intended for use on MMU-less kernels. */
 #define NO_FORK
 
 #elif defined(__UCLIBC__)
@@ -206,13 +197,8 @@ NOTES:
 #if defined(__UCLIBC_HAS_GNU_GETOPT__) || \
    ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21))
 #    define HAVE_GETOPT_LONG
-#else
-#    undef HAVE_GETOPT_LONG
 #endif
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
 #if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__)
 #  define NO_FORK
@@ -228,9 +214,6 @@ NOTES:
 #define HAVE_LINUX_NETWORK
 #define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
 /* glibc < 2.2  has broken Sockaddr_in6 so we have to use our own. */
 /* glibc < 2.2 doesn't define in_addr_t */
@@ -240,42 +223,66 @@ typedef unsigned long in_addr_t;
 #   define HAVE_BROKEN_SOCKADDR_IN6
 #endif
 
-#elif defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__)
-#undef HAVE_LINUX_NETWORK
+#elif defined(__FreeBSD__) || \
+      defined(__OpenBSD__) || \
+      defined(__DragonFly__) || \
+      defined (__FreeBSD_kernel__)
+#define HAVE_BSD_NETWORK
 /* Later verions of FreeBSD have getopt_long() */
 #if defined(optional_argument) && defined(required_argument)
 #   define HAVE_GETOPT_LONG
-#else
-#   undef HAVE_GETOPT_LONG
 #endif
-#define HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
+#if !defined (__FreeBSD_kernel__)
+#   define HAVE_ARC4RANDOM
+#endif
 #define HAVE_SOCKADDR_SA_LEN
+#define HAVE_BSD_BRIDGE
 
 #elif defined(__APPLE__)
-#undef HAVE_LINUX_NETWORK
+#define HAVE_BSD_NETWORK
 #undef HAVE_GETOPT_LONG
 #define HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
 #define HAVE_SOCKADDR_SA_LEN
 /* Define before sys/socket.h is included so we get socklen_t */
 #define _BSD_SOCKLEN_T_
-/* This is not defined in Mac OS X arpa/nameserv.h */
-#define IN6ADDRSZ 16
  
 #elif defined(__NetBSD__)
-#undef HAVE_LINUX_NETWORK
+#define HAVE_BSD_NETWORK
 #define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #define HAVE_SOCKADDR_SA_LEN
- 
+#define HAVE_BSD_BRIDGE
+
+#elif defined(__sun) || defined(__sun__)
+#define HAVE_SOLARIS_NETWORK
+/* only Solaris 10 does split privs. */
+#if (SUNOS_VER >= 10)
+#  define HAVE_SOLARIS_PRIVS
+#  define HAVE_GETOPT_LONG
 #endif
+/* some CMSG stuff missing on early solaris */
+#ifndef OSSH_ALIGNBYTES
+#  define OSSH_ALIGNBYTES (sizeof(int) - 1)
+#endif
+#ifndef __CMSG_ALIGN
+#  define __CMSG_ALIGN(p) (((u_int)(p) + OSSH_ALIGNBYTES) &~ OSSH_ALIGNBYTES)
+#endif
+#ifndef CMSG_LEN
+#  define CMSG_LEN(len)   (__CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
+#endif
+#ifndef CMSG_SPACE
+#  define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len))
+#endif
+#undef HAVE_ARC4RANDOM
+#undef HAVE_SOCKADDR_SA_LEN
+
+#define _XPG4_2
+#define __EXTENSIONS__
+#define ETHER_ADDR_LEN 6
+#endif
+
 /* Decide if we're going to support IPv6 */
+/* IPv6 can be forced off with "make COPTS=-DNO_IPV6" */
 /* We assume that systems which don't have IPv6
    headers don't have ntop and pton either */
 

src/dbus.c

@@ -1,13 +1,17 @@
-/* dnsmasq is Copyright (c) 2000-2005 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
@@ -25,28 +29,25 @@ struct watch {
 
 static dbus_bool_t add_watch(DBusWatch *watch, void *data)
 {
-  struct daemon *daemon = data;
   struct watch *w;
 
   for (w = daemon->watches; w; w = w->next)
     if (w->watch == watch)
       return TRUE;
 
-  if (!(w = malloc(sizeof(struct watch))))
+  if (!(w = whine_malloc(sizeof(struct watch))))
     return FALSE;
 
   w->watch = watch;
   w->next = daemon->watches;
   daemon->watches = w;
 
-  dbus_watch_set_data (watch, (void *)daemon, NULL);
-
+  w = data; /* no warning */
   return TRUE;
 }
 
 static void remove_watch(DBusWatch *watch, void *data)
 {
-  struct daemon *daemon = data;
   struct watch **up, *w;  
   
   for (up = &(daemon->watches), w = daemon->watches; w; w = w->next)
@@ -57,9 +58,11 @@ static void remove_watch(DBusWatch *watch, void *data)
       }
     else
       up = &(w->next);
+
+  w = data; /* no warning */
 }
 
-static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
+static void dbus_read_servers(DBusMessage *message)
 {
   struct server *serv, *tmp, **up;
   DBusMessageIter iter;
@@ -109,13 +112,13 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
 	    }
 
 #ifndef HAVE_IPV6
-	  syslog(LOG_WARNING, _("attempt to set an IPv6 server address via DBus - no IPv6 support"));
+	  my_syslog(LOG_WARNING, _("attempt to set an IPv6 server address via DBus - no IPv6 support"));
 #else
 	  if (i == sizeof(struct in6_addr)-1)
 	    {
-	      memcpy(&addr.in6.sin6_addr, p, sizeof(addr.in6));
+	      memcpy(&addr.in6.sin6_addr, p, sizeof(struct in6_addr));
 #ifdef HAVE_SOCKADDR_SA_LEN
-              source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(addr.in6);
+              source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(struct sockaddr_in6);
 #endif
               source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
               addr.in6.sin6_port = htons(NAMESERVER_PORT);
@@ -161,11 +164,14 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
 		    }
 		}
 	    
-	    if (!serv && (serv = malloc(sizeof (struct server))))
+	    if (!serv && (serv = whine_malloc(sizeof (struct server))))
 	      {
 		/* Not found, create a new one. */
+		memset(serv, 0, sizeof(struct server));
+		
 		if (domain)
-		  serv->domain = malloc(strlen(domain)+1);
+		  serv->domain = whine_malloc(strlen(domain)+1);
+		
 		if (domain && !serv->domain)
 		  {
 		    free(serv);
@@ -176,7 +182,6 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
 		    serv->next = daemon->servers;
 		    daemon->servers = serv;
 		    serv->flags = SERV_FROM_DBUS;
-		    serv->sfd = NULL;
 		    if (domain)
 		      {
 			strcpy(serv->domain, domain);
@@ -208,6 +213,7 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
       tmp = serv->next;
       if (serv->flags & SERV_MARK)
 	{
+	  server_gone(serv);
 	  *up = serv->next;
 	  free(serv);
 	}
@@ -222,8 +228,7 @@ DBusHandlerResult message_handler(DBusConnection *connection,
 				  void *user_data)
 {
   char *method = (char *)dbus_message_get_member(message);
-  struct daemon *daemon = (struct daemon *)user_data;
-  
+   
   if (strcmp(method, "GetVersion") == 0)
     {
       char *v = VERSION;
@@ -235,22 +240,24 @@ DBusHandlerResult message_handler(DBusConnection *connection,
     }
   else if (strcmp(method, "SetServers") == 0)
     {
-      syslog(LOG_INFO, _("setting upstream servers from DBus"));
-      dbus_read_servers(daemon, message);
-      check_servers(daemon);
+      my_syslog(LOG_INFO, _("setting upstream servers from DBus"));
+      dbus_read_servers(message);
+      check_servers();
     }
   else if (strcmp(method, "ClearCache") == 0)
-    clear_cache_and_reload(daemon, dnsmasq_time());
+    clear_cache_and_reload(dnsmasq_time());
   else
     return (DBUS_HANDLER_RESULT_NOT_YET_HANDLED);
   
+  method = user_data; /* no warning */
+
   return (DBUS_HANDLER_RESULT_HANDLED);
  
 }
  
 
 /* returns NULL or error message, may fail silently if dbus daemon not yet up. */
-char *dbus_init(struct daemon *daemon)
+char *dbus_init(void)
 {
   DBusConnection *connection = NULL;
   DBusObjectPathVTable dnsmasq_vtable = {NULL, &message_handler, NULL, NULL, NULL, NULL };
@@ -263,14 +270,14 @@ char *dbus_init(struct daemon *daemon)
     
   dbus_connection_set_exit_on_disconnect(connection, FALSE);
   dbus_connection_set_watch_functions(connection, add_watch, remove_watch, 
-				      NULL, (void *)daemon, NULL);
+				      NULL, NULL, NULL);
   dbus_error_init (&dbus_error);
   dbus_bus_request_name (connection, DNSMASQ_SERVICE, 0, &dbus_error);
   if (dbus_error_is_set (&dbus_error))
     return (char *)dbus_error.message;
   
   if (!dbus_connection_register_object_path(connection,  DNSMASQ_PATH, 
-					    &dnsmasq_vtable, daemon))
+					    &dnsmasq_vtable, NULL))
     return _("could not register a DBus message handler");
   
   daemon->dbus = connection; 
@@ -282,7 +289,7 @@ char *dbus_init(struct daemon *daemon)
 }
  
 
-void set_dbus_listeners(struct daemon *daemon, int *maxfdp,
+void set_dbus_listeners(int *maxfdp,
 			fd_set *rset, fd_set *wset, fd_set *eset)
 {
   struct watch *w;
@@ -291,7 +298,11 @@ void set_dbus_listeners(struct daemon *daemon, int *maxfdp,
     if (dbus_watch_get_enabled(w->watch))
       {
 	unsigned int flags = dbus_watch_get_flags(w->watch);
+#if (DBUS_MINOR > 0)
+	int fd = dbus_watch_get_unix_fd(w->watch);
+#else
 	int fd = dbus_watch_get_fd(w->watch);
+#endif
 	
 	bump_maxfd(fd, maxfdp);
 	
@@ -305,8 +316,7 @@ void set_dbus_listeners(struct daemon *daemon, int *maxfdp,
       }
 }
 
-void check_dbus_listeners(struct daemon *daemon,
-			  fd_set *rset, fd_set *wset, fd_set *eset)
+void check_dbus_listeners(fd_set *rset, fd_set *wset, fd_set *eset)
 {
   DBusConnection *connection = (DBusConnection *)daemon->dbus;
   struct watch *w;
@@ -315,7 +325,11 @@ void check_dbus_listeners(struct daemon *daemon,
     if (dbus_watch_get_enabled(w->watch))
       {
 	unsigned int flags = 0;
+#if (DBUS_MINOR > 0)
+	int fd = dbus_watch_get_unix_fd(w->watch);
+#else
 	int fd = dbus_watch_get_fd(w->watch);
+#endif
 	
 	if (FD_ISSET(fd, rset))
 	  flags |= DBUS_WATCH_READABLE;

src/dhcp.c

@@ -1,13 +1,17 @@
-/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
@@ -18,27 +22,32 @@ struct iface_param {
   int ind;
 };
 
-static int complete_context(struct daemon *daemon, struct in_addr local, int if_index, 
+static int complete_context(struct in_addr local, int if_index, 
 			    struct in_addr netmask, struct in_addr broadcast, void *vparam);
 
-void dhcp_init(struct daemon *daemon)
+void dhcp_init(void)
 {
   int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
   struct sockaddr_in saddr;
   int oneopt = 1;
-  struct dhcp_config *configs, *cp;
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+  int mtu = IP_PMTUDISC_DONT;
+#endif
 
   if (fd == -1)
-    die (_("cannot create DHCP socket : %s"), NULL);
+    die (_("cannot create DHCP socket : %s"), NULL, EC_BADNET);
   
-  if (!fix_fd(fd) || 
+  if (!fix_fd(fd) ||
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+      setsockopt(fd, SOL_IP, IP_MTU_DISCOVER, &mtu, sizeof(mtu)) == -1 ||
+#endif
 #if defined(HAVE_LINUX_NETWORK)
       setsockopt(fd, SOL_IP, IP_PKTINFO, &oneopt, sizeof(oneopt)) == -1 ||
 #elif defined(IP_RECVIF)
       setsockopt(fd, IPPROTO_IP, IP_RECVIF, &oneopt, sizeof(oneopt)) == -1 ||
 #endif
       setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &oneopt, sizeof(oneopt)) == -1)  
-    die(_("failed to set options on DHCP socket: %s"), NULL);
+    die(_("failed to set options on DHCP socket: %s"), NULL, EC_BADNET);
   
   /* When bind-interfaces is set, there might be more than one dnmsasq
      instance binding port 67. That's OK if they serve different networks.
@@ -56,24 +65,24 @@ void dhcp_init(struct daemon *daemon)
       int rc = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &oneopt, sizeof(oneopt));
 #endif
       if (rc == -1)
-	die(_("failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"), NULL);
+	die(_("failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"), NULL, EC_BADNET);
     }
 #endif
   
   memset(&saddr, 0, sizeof(saddr));
   saddr.sin_family = AF_INET;
-  saddr.sin_port = htons(DHCP_SERVER_PORT);
+  saddr.sin_port = htons(daemon->dhcp_server_port);
   saddr.sin_addr.s_addr = INADDR_ANY;
 #ifdef HAVE_SOCKADDR_SA_LEN
   saddr.sin_len = sizeof(struct sockaddr_in);
 #endif
 
   if (bind(fd, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in)))
-    die(_("failed to bind DHCP server socket: %s"), NULL);
+    die(_("failed to bind DHCP server socket: %s"), NULL, EC_BADNET);
 
   daemon->dhcpfd = fd;
 
-#ifndef HAVE_LINUX_NETWORK
+#if defined(HAVE_BSD_NETWORK)
   /* When we're not using capabilities, we need to do this here before
      we drop root. Also, set buffer size small, to avoid wasting
      kernel buffers */
@@ -82,30 +91,19 @@ void dhcp_init(struct daemon *daemon)
     daemon->dhcp_icmp_fd = -1;
   else if ((daemon->dhcp_icmp_fd = make_icmp_sock()) == -1 ||
 	   setsockopt(daemon->dhcp_icmp_fd, SOL_SOCKET, SO_RCVBUF, &oneopt, sizeof(oneopt)) == -1 )
-    die(_("cannot create ICMP raw socket: %s."), NULL);
+    die(_("cannot create ICMP raw socket: %s."), NULL, EC_BADNET);
   
   /* Make BPF raw send socket */
-  init_bpf(daemon);
+  init_bpf();
 #endif
   
-  /* If the same IP appears in more than one host config, then DISCOVER
-     for one of the hosts will get the address, but REQUEST will be NAKed,
-     since the address is reserved by the other one -> protocol loop. */
-  for (configs = daemon->dhcp_conf; configs; configs = configs->next)
-    for (cp = configs->next; cp; cp = cp->next)
-      if ((configs->flags & cp->flags & CONFIG_ADDR) &&	configs->addr.s_addr == cp->addr.s_addr)
-	die(_("duplicate IP address %s in dhcp-config directive."), inet_ntoa(cp->addr));
-  
+  check_dhcp_hosts(1);
+    
   daemon->dhcp_packet.iov_len = sizeof(struct dhcp_packet); 
   daemon->dhcp_packet.iov_base = safe_malloc(daemon->dhcp_packet.iov_len);
-    /* These two each hold a DHCP option max size 255
-     and get a terminating zero added */
-  daemon->dhcp_buff = safe_malloc(256);
-  daemon->dhcp_buff2 = safe_malloc(256); 
-  daemon->ping_results = NULL;
 }
   
-void dhcp_packet(struct daemon *daemon, time_t now)
+void dhcp_packet(time_t now)
 {
   struct dhcp_packet *mess;
   struct dhcp_context *context;
@@ -116,15 +114,17 @@ void dhcp_packet(struct daemon *daemon, time_t now)
   struct cmsghdr *cmptr;
   struct iovec iov;
   ssize_t sz; 
-  int iface_index = 0, unicast_dest = 0;
+  int iface_index = 0, unicast_dest = 0, is_inform = 0;
   struct in_addr iface_addr, *addrp = NULL;
   struct iface_param parm;
 
   union {
     struct cmsghdr align; /* this ensures alignment */
-#ifdef HAVE_LINUX_NETWORK
+#if defined(HAVE_LINUX_NETWORK)
     char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
-#else
+#elif defined(HAVE_SOLARIS_NETWORK)
+    char control[CMSG_SPACE(sizeof(unsigned int))];
+#elif defined(IP_RECVIF) 
     char control[CMSG_SPACE(sizeof(struct sockaddr_dl))];
 #endif
   } control_u;
@@ -145,7 +145,7 @@ void dhcp_packet(struct daemon *daemon, time_t now)
 	 expand_buf(&daemon->dhcp_packet, daemon->dhcp_packet.iov_len + 100));
   
   /* expand_buf may have moved buffer */
-  mess = daemon->dhcp_packet.iov_base;
+  mess = (struct dhcp_packet *)daemon->dhcp_packet.iov_base;
   msg.msg_controllen = sizeof(control_u);
   msg.msg_control = control_u.control;
   msg.msg_flags = 0;
@@ -175,8 +175,12 @@ void dhcp_packet(struct daemon *daemon, time_t now)
   if (msg.msg_controllen >= sizeof(struct cmsghdr))
     for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
       if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
-	iface_index = ((struct sockaddr_dl *)CMSG_DATA(cmptr))->sdl_index;
-  
+#ifdef HAVE_SOLARIS_NETWORK
+	iface_index = *((unsigned int *)CMSG_DATA(cmptr));
+#else
+        iface_index = ((struct sockaddr_dl *)CMSG_DATA(cmptr))->sdl_index;
+#endif
+	  
   if (!iface_index || !if_indextoname(iface_index, ifr.ifr_name))
     return;
   
@@ -196,7 +200,7 @@ void dhcp_packet(struct daemon *daemon, time_t now)
     iface_index = if_nametoindex(name->name);
   }
 #endif
-
+  
   ifr.ifr_addr.sa_family = AF_INET;
   if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 )
     {
@@ -204,7 +208,7 @@ void dhcp_packet(struct daemon *daemon, time_t now)
       iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
     }
 
-  if (!iface_check(daemon, AF_INET, (struct all_addr *)addrp, &ifr, &iface_index))
+  if (!iface_check(AF_INET, (struct all_addr *)addrp, &ifr, &iface_index))
     return;
   
   for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
@@ -216,7 +220,7 @@ void dhcp_packet(struct daemon *daemon, time_t now)
     {
       if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1)
 	{
-	  syslog(LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name);
+	  my_syslog(LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name);
 	  return;
 	}
       else
@@ -232,12 +236,13 @@ void dhcp_packet(struct daemon *daemon, time_t now)
   parm.current = NULL;
   parm.ind = iface_index;
 
-  if (!iface_enumerate(daemon, &parm, complete_context, NULL))
+  if (!iface_enumerate(&parm, complete_context, NULL))
     return;
   lease_prune(NULL, now); /* lose any expired leases */
-  iov.iov_len = dhcp_reply(daemon, parm.current, ifr.ifr_name, (size_t)sz, now, unicast_dest);
-  lease_update_file(daemon, now);
-  lease_update_dns(daemon);
+  iov.iov_len = dhcp_reply(parm.current, ifr.ifr_name, iface_index, (size_t)sz, 
+			   now, unicast_dest, &is_inform);
+  lease_update_file(now);
+  lease_update_dns();
     
   if (iov.iov_len == 0)
     return;
@@ -250,7 +255,7 @@ void dhcp_packet(struct daemon *daemon, time_t now)
   iov.iov_base = daemon->dhcp_packet.iov_base;
   
   /* packet buffer may have moved */
-  mess = daemon->dhcp_packet.iov_base;
+  mess = (struct dhcp_packet *)daemon->dhcp_packet.iov_base;
   
 #ifdef HAVE_SOCKADDR_SA_LEN
   dest.sin_len = sizeof(struct sockaddr_in);
@@ -259,21 +264,23 @@ void dhcp_packet(struct daemon *daemon, time_t now)
   if (mess->giaddr.s_addr)
     {
       /* Send to BOOTP relay  */
-      dest.sin_port = htons(DHCP_SERVER_PORT);
+      dest.sin_port = htons(daemon->dhcp_server_port);
       dest.sin_addr = mess->giaddr; 
     }
   else if (mess->ciaddr.s_addr)
     {
       /* If the client's idea of its own address tallys with
 	 the source address in the request packet, we believe the
-	 source port too, and send back to that. */
-      if (dest.sin_addr.s_addr != mess->ciaddr.s_addr || !dest.sin_port)
+	 source port too, and send back to that.  If we're replying 
+	 to a DHCPINFORM, trust the source address always. */
+      if ((!is_inform && dest.sin_addr.s_addr != mess->ciaddr.s_addr) ||
+	  dest.sin_port == 0 || dest.sin_addr.s_addr == 0)
 	{
-	  dest.sin_port = htons(DHCP_CLIENT_PORT); 
+	  dest.sin_port = htons(daemon->dhcp_client_port); 
 	  dest.sin_addr = mess->ciaddr;
 	}
     } 
-#ifdef HAVE_LINUX_NETWORK
+#if defined(HAVE_LINUX_NETWORK)
   else if ((ntohs(mess->flags) & 0x8000) || mess->hlen == 0 ||
 	   mess->hlen > sizeof(ifr.ifr_addr.sa_data) || mess->htype == 0)
     {
@@ -282,14 +289,14 @@ void dhcp_packet(struct daemon *daemon, time_t now)
       msg.msg_control = control_u.control;
       msg.msg_controllen = sizeof(control_u);
       cmptr = CMSG_FIRSTHDR(&msg);
-      dest.sin_addr.s_addr = INADDR_BROADCAST;
-      dest.sin_port = htons(DHCP_CLIENT_PORT);
       pkt = (struct in_pktinfo *)CMSG_DATA(cmptr);
       pkt->ipi_ifindex = iface_index;
       pkt->ipi_spec_dst.s_addr = 0;
       msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
       cmptr->cmsg_level = SOL_IP;
-      cmptr->cmsg_type = IP_PKTINFO;
+      cmptr->cmsg_type = IP_PKTINFO;  
+      dest.sin_addr.s_addr = INADDR_BROADCAST;
+      dest.sin_port = htons(daemon->dhcp_client_port);
     }
   else
     {
@@ -297,7 +304,7 @@ void dhcp_packet(struct daemon *daemon, time_t now)
 	 struct sockaddr limits size to 14 bytes. */
       struct arpreq req;
       dest.sin_addr = mess->yiaddr;
-      dest.sin_port = htons(DHCP_CLIENT_PORT);
+      dest.sin_port = htons(daemon->dhcp_client_port);
       *((struct sockaddr_in *)&req.arp_pa) = dest;
       req.arp_ha.sa_family = mess->htype;
       memcpy(req.arp_ha.sa_data, mess->chaddr, mess->hlen);
@@ -305,14 +312,42 @@ void dhcp_packet(struct daemon *daemon, time_t now)
       req.arp_flags = ATF_COM;
       ioctl(daemon->dhcpfd, SIOCSARP, &req);
     }
-#else
+#elif defined(HAVE_SOLARIS_NETWORK)
+  else if ((ntohs(mess->flags) & 0x8000) || mess->hlen != ETHER_ADDR_LEN || mess->htype != ARPHRD_ETHER)
+    {
+      /* broadcast to 255.255.255.255 (or mac address invalid) */
+      dest.sin_addr.s_addr = INADDR_BROADCAST;
+      dest.sin_port = htons(daemon->dhcp_client_port);
+      /* note that we don't specify the interface here: that's done by the
+	 IP_XMIT_IF sockopt lower down. */
+    }
+  else
+    {
+      /* unicast to unconfigured client. Inject mac address direct into ARP cache. 
+	 Note that this only works for ethernet on solaris, because we use SIOCSARP
+	 and not SIOCSXARP, which would be perfect, except that it returns ENXIO 
+	 mysteriously. Bah. Fall back to broadcast for other net types. */
+      struct arpreq req;
+      dest.sin_addr = mess->yiaddr;
+      dest.sin_port = htons(daemon->dhcp_client_port);
+      *((struct sockaddr_in *)&req.arp_pa) = dest;
+      req.arp_ha.sa_family = AF_UNSPEC;
+      memcpy(req.arp_ha.sa_data, mess->chaddr, mess->hlen);
+      req.arp_flags = ATF_COM;
+      ioctl(daemon->dhcpfd, SIOCSARP, &req);
+    }
+#elif defined(HAVE_BSD_NETWORK)
   else 
     {
-      send_via_bpf(daemon, mess, iov.iov_len, iface_addr, &ifr);
+      send_via_bpf(mess, iov.iov_len, iface_addr, &ifr);
       return;
     }
 #endif
    
+#ifdef HAVE_SOLARIS_NETWORK
+  setsockopt(daemon->dhcpfd, IPPROTO_IP, IP_XMIT_IF, &iface_index, sizeof(iface_index));
+#endif
+  
   while(sendmsg(daemon->dhcpfd, &msg, 0) == -1 && retry_send());
 }
  
@@ -326,15 +361,12 @@ void dhcp_packet(struct daemon *daemon, time_t now)
 
    Note that the current chain may be superceded later for configured hosts or those coming via gateways. */
 
-static int complete_context(struct daemon *daemon, struct in_addr local, int if_index, 
-			     struct in_addr netmask, struct in_addr broadcast, void *vparam)
+static int complete_context(struct in_addr local, int if_index, 
+			    struct in_addr netmask, struct in_addr broadcast, void *vparam)
 {
   struct dhcp_context *context;
   struct iface_param *param = vparam;
   
-  if (if_index != param->ind)
-    return 1; /* no for us. */
-  
   for (context = daemon->dhcp; context; context = context->next)
     {
       if (!(context->flags & CONTEXT_NETMASK) &&
@@ -347,8 +379,8 @@ static int complete_context(struct daemon *daemon, struct in_addr local, int if_
 	  {
 	    strcpy(daemon->dhcp_buff, inet_ntoa(context->start));
 	    strcpy(daemon->dhcp_buff2, inet_ntoa(context->end));
-	    syslog(LOG_WARNING, _("DHCP range %s -- %s is not consistent with netmask %s"),
-		   daemon->dhcp_buff, daemon->dhcp_buff2, inet_ntoa(netmask));
+	    my_syslog(LOG_WARNING, _("DHCP range %s -- %s is not consistent with netmask %s"),
+		      daemon->dhcp_buff, daemon->dhcp_buff2, inet_ntoa(netmask));
 	  }	
  	context->netmask = netmask;
       }
@@ -359,7 +391,7 @@ static int complete_context(struct daemon *daemon, struct in_addr local, int if_
 	      is_same_net(local, context->end, context->netmask))
 	    {
 	      /* link it onto the current chain if we've not seen it before */
-	      if (context->current == context)
+	      if (if_index == param->ind && context->current == context)
 		{
 		  context->router = local;
 		  context->local = local;
@@ -390,7 +422,9 @@ static int complete_context(struct daemon *daemon, struct in_addr local, int if_
   return 1;
 }
 	  
-struct dhcp_context *address_available(struct dhcp_context *context, struct in_addr taddr)
+struct dhcp_context *address_available(struct dhcp_context *context, 
+				       struct in_addr taddr,
+				       struct dhcp_netid *netids)
 {
   /* Check is an address is OK for this network, check all
      possible ranges. Make sure that the address isn't in use
@@ -410,14 +444,17 @@ struct dhcp_context *address_available(struct dhcp_context *context, struct in_a
 
       if (!(tmp->flags & CONTEXT_STATIC) &&
 	  addr >= start &&
-	  addr <= end)
+	  addr <= end &&
+	  match_netid(tmp->filter, netids, 1))
 	return tmp;
     }
 
   return NULL;
 }
 
-struct dhcp_context *narrow_context(struct dhcp_context *context, struct in_addr taddr)
+struct dhcp_context *narrow_context(struct dhcp_context *context, 
+				    struct in_addr taddr,
+				    struct dhcp_netid *netids)
 {
   /* We start of with a set of possible contexts, all on the current physical interface.
      These are chained on ->current.
@@ -429,19 +466,24 @@ struct dhcp_context *narrow_context(struct dhcp_context *context, struct in_addr
   
   struct dhcp_context *tmp;
 
-  if ((tmp = address_available(context, taddr)))
-    return tmp;
+  if (!(tmp = address_available(context, taddr, netids)))
+    {
+      for (tmp = context; tmp; tmp = tmp->current)
+      if (is_same_net(taddr, tmp->start, tmp->netmask) && 
+	  (tmp->flags & CONTEXT_STATIC))
+	break;
+      
+      if (!tmp)
+	for (tmp = context; tmp; tmp = tmp->current)
+	  if (is_same_net(taddr, tmp->start, tmp->netmask))
+	    break;
+    }
   
-  for (tmp = context; tmp; tmp = tmp->current)
-    if (is_same_net(taddr, tmp->start, tmp->netmask) && 
-	(tmp->flags & CONTEXT_STATIC))
-      return tmp;
-
-  for (tmp = context; tmp; tmp = tmp->current)
-    if (is_same_net(taddr, tmp->start, tmp->netmask))
-      return tmp;
-
-  return NULL;
+  /* Only one context allowed now */
+  if (tmp)
+    tmp->current = NULL;
+  
+  return tmp;
 }
 
 struct dhcp_config *config_find_by_address(struct dhcp_config *configs, struct in_addr addr)
@@ -456,12 +498,12 @@ struct dhcp_config *config_find_by_address(struct dhcp_config *configs, struct i
 }
 
 /* Is every member of check matched by a member of pool? 
-   If negonly, match unless there's a negative tag which matches. */
-int match_netid(struct dhcp_netid *check, struct dhcp_netid *pool, int negonly)
+   If tagnotneeded, untagged is OK */
+int match_netid(struct dhcp_netid *check, struct dhcp_netid *pool, int tagnotneeded)
 {
   struct dhcp_netid *tmp1;
   
-  if (!check && !negonly)
+  if (!check && !tagnotneeded)
     return 0;
 
   for (; check; check = check->next)
@@ -471,7 +513,7 @@ int match_netid(struct dhcp_netid *check, struct dhcp_netid *pool, int negonly)
 	  for (tmp1 = pool; tmp1; tmp1 = tmp1->next)
 	    if (strcmp(check->net, tmp1->net) == 0)
 	      break;
-	  if (!tmp1 || negonly)
+	  if (!tmp1)
 	    return 0;
 	}
       else
@@ -482,7 +524,7 @@ int match_netid(struct dhcp_netid *check, struct dhcp_netid *pool, int negonly)
   return 1;
 }
 
-int address_allocate(struct dhcp_context *context, struct daemon *daemon,
+int address_allocate(struct dhcp_context *context,
 		     struct in_addr *addrp, unsigned char *hwaddr, int hw_len, 
 		     struct dhcp_netid *netids, time_t now)   
 {
@@ -543,7 +585,7 @@ int address_allocate(struct dhcp_context *context, struct daemon *daemon,
 		  else if (++count == max || r->addr.s_addr == addr.s_addr)
 		    return 1;
 		    
-		if (icmp_ping(daemon, addr))
+		if (icmp_ping(addr))
 		  /* address in use: perturb address selection so that we are
 		     less likely to try this address again. */
 		  c->addr_epoch++;
@@ -552,7 +594,7 @@ int address_allocate(struct dhcp_context *context, struct daemon *daemon,
 		    /* at this point victim may hold an expired record */
 		    if (!victim)
 		      {
-			if ((victim = malloc(sizeof(struct ping_result))))
+			if ((victim = whine_malloc(sizeof(struct ping_result))))
 			  {
 			    victim->next = daemon->ping_results;
 			    daemon->ping_results = victim;
@@ -648,7 +690,7 @@ struct dhcp_config *find_config(struct dhcp_config *configs,
   return NULL;
 }
 
-void dhcp_read_ethers(struct daemon *daemon)
+void dhcp_read_ethers(void)
 {
   FILE *f = fopen(ETHERSFILE, "r");
   unsigned int flags;
@@ -664,7 +706,7 @@ void dhcp_read_ethers(struct daemon *daemon)
   
   if (!f)
     {
-      syslog(LOG_ERR, _("failed to read %s:%m"), ETHERSFILE);
+      my_syslog(LOG_ERR, _("failed to read %s:%s"), ETHERSFILE, strerror(errno));
       return;
     }
 
@@ -688,18 +730,18 @@ void dhcp_read_ethers(struct daemon *daemon)
     {
       lineno++;
       
-      while (strlen(buff) > 0 && isspace(buff[strlen(buff)-1]))
+      while (strlen(buff) > 0 && isspace((int)buff[strlen(buff)-1]))
 	buff[strlen(buff)-1] = 0;
       
       if ((*buff == '#') || (*buff == '+'))
 	continue;
       
-      for (ip = buff; *ip && !isspace(*ip); ip++);
-      for(; *ip && isspace(*ip); ip++)
+      for (ip = buff; *ip && !isspace((int)*ip); ip++);
+      for(; *ip && isspace((int)*ip); ip++)
 	*ip = 0;
       if (!*ip || parse_hex(buff, hwaddr, ETHER_ADDR_LEN, NULL, NULL) != ETHER_ADDR_LEN)
 	{
-	  syslog(LOG_ERR, _("bad line at %s line %d"), ETHERSFILE, lineno); 
+	  my_syslog(LOG_ERR, _("bad line at %s line %d"), ETHERSFILE, lineno); 
 	  continue;
 	}
       
@@ -712,7 +754,7 @@ void dhcp_read_ethers(struct daemon *daemon)
 	{
 	  if ((addr.s_addr = inet_addr(ip)) == (in_addr_t)-1)
 	    {
-	      syslog(LOG_ERR, _("bad address at %s line %d"), ETHERSFILE, lineno); 
+	      my_syslog(LOG_ERR, _("bad address at %s line %d"), ETHERSFILE, lineno); 
 	      continue;
 	    }
 
@@ -724,12 +766,12 @@ void dhcp_read_ethers(struct daemon *daemon)
 	}
       else 
 	{
-	  if (!canonicalise(ip))
+	  if (!canonicalise(ip) || strip_hostname(ip))
 	    {
-	      syslog(LOG_ERR, _("bad name at %s line %d"), ETHERSFILE, lineno); 
+	      my_syslog(LOG_ERR, _("bad name at %s line %d"), ETHERSFILE, lineno); 
 	      continue;
 	    }
-
+	      
 	  flags = CONFIG_NAME;
 
 	  for (config = daemon->dhcp_conf; config; config = config->next)
@@ -749,7 +791,7 @@ void dhcp_read_ethers(struct daemon *daemon)
 	  
 	  if (!config)
 	    {
-	      if (!(config = malloc(sizeof(struct dhcp_config))))
+	      if (!(config = whine_malloc(sizeof(struct dhcp_config))))
 		continue;
 	      config->flags = CONFIG_FROM_ETHERS;
 	      config->wildcard_mask = 0;
@@ -761,7 +803,7 @@ void dhcp_read_ethers(struct daemon *daemon)
 	  
 	  if (flags & CONFIG_NAME)
 	    {
-	      if ((config->hostname = malloc(strlen(ip)+1)))
+	      if ((config->hostname = whine_malloc(strlen(ip)+1)))
 		strcpy(config->hostname, ip);
 	      else
 		config->flags &= ~CONFIG_NAME;
@@ -780,7 +822,47 @@ void dhcp_read_ethers(struct daemon *daemon)
   
   fclose(f);
 
-  syslog(LOG_INFO, _("read %s - %d addresses"), ETHERSFILE, count);
+  my_syslog(LOG_INFO, _("read %s - %d addresses"), ETHERSFILE, count);
+}
+
+void check_dhcp_hosts(int fatal)
+{
+  /* If the same IP appears in more than one host config, then DISCOVER
+     for one of the hosts will get the address, but REQUEST will be NAKed,
+     since the address is reserved by the other one -> protocol loop. 
+     Also check that FQDNs match the domain we are using. */
+  
+  struct dhcp_config *configs, *cp;
+ 
+  for (configs = daemon->dhcp_conf; configs; configs = configs->next)
+    {
+      char *domain;
+
+      if ((configs->flags & DHOPT_BANK) || fatal)
+       {
+	 for (cp = configs->next; cp; cp = cp->next)
+	   if ((configs->flags & cp->flags & CONFIG_ADDR) && configs->addr.s_addr == cp->addr.s_addr)
+	     {
+	       if (fatal)
+		 die(_("duplicate IP address %s in dhcp-config directive."), 
+		     inet_ntoa(cp->addr), EC_BADCONF);
+	       else
+		 my_syslog(LOG_ERR, _("duplicate IP address %s in %s."), 
+			   inet_ntoa(cp->addr), daemon->dhcp_hosts_file);
+	       configs->flags &= ~CONFIG_ADDR;
+	     }
+	 
+	 if ((configs->flags & CONFIG_NAME) && (domain = strip_hostname(configs->hostname)))
+	   {
+	     if (fatal)
+	       die(_("illegal domain %s in dhcp-config directive."), domain, EC_BADCONF);
+	     else
+	       my_syslog(LOG_ERR, _("illegal domain %s in %s."), domain, daemon->dhcp_hosts_file);
+	     free(configs->hostname);
+	     configs->flags &= ~CONFIG_NAME;
+	   }
+       }
+    }
 }
 
 void dhcp_update_configs(struct dhcp_config *configs)
@@ -799,58 +881,72 @@ void dhcp_update_configs(struct dhcp_config *configs)
     if (config->flags & CONFIG_ADDR_HOSTS)
       config->flags &= ~(CONFIG_ADDR | CONFIG_ADDR_HOSTS);
   
-  for (config = configs; config; config = config->next)
-    if (!(config->flags & CONFIG_ADDR) &&
-	(config->flags & CONFIG_NAME) && 
-	(crec = cache_find_by_name(NULL, config->hostname, 0, F_IPV4)) &&
-	(crec->flags & F_HOSTS))
-      {
-	if (config_find_by_address(configs, crec->addr.addr.addr.addr4))
-	  syslog(LOG_WARNING, _("duplicate IP address %s (%s) in dhcp-config directive"), 
-		 inet_ntoa(crec->addr.addr.addr.addr4), config->hostname);
-	else
-	  {
-	    config->addr = crec->addr.addr.addr.addr4;
-	    config->flags |= CONFIG_ADDR | CONFIG_ADDR_HOSTS;
-	  }
-      }
+  
+  if (daemon->port != 0)
+    for (config = configs; config; config = config->next)
+      if (!(config->flags & CONFIG_ADDR) &&
+	  (config->flags & CONFIG_NAME) && 
+	  (crec = cache_find_by_name(NULL, config->hostname, 0, F_IPV4)) &&
+	  (crec->flags & F_HOSTS))
+	{
+	  if (cache_find_by_name(crec, config->hostname, 0, F_IPV4))
+	    {
+	      /* use primary (first) address */
+	      while (crec && !(crec->flags & F_REVERSE))
+		crec = cache_find_by_name(crec, config->hostname, 0, F_IPV4);
+	      if (!crec)
+		continue; /* should be never */
+	      my_syslog(LOG_WARNING, _("%s has more than one address in hostsfile, using %s for DHCP"), 
+			config->hostname, inet_ntoa(crec->addr.addr.addr.addr4));
+	    }
+
+	  if (config_find_by_address(configs, crec->addr.addr.addr.addr4))
+	    my_syslog(LOG_WARNING, _("duplicate IP address %s (%s) in dhcp-config directive"), 
+		      inet_ntoa(crec->addr.addr.addr.addr4), config->hostname);
+	  else 
+	    {
+	      config->addr = crec->addr.addr.addr.addr4;
+	      config->flags |= CONFIG_ADDR | CONFIG_ADDR_HOSTS;
+	    }
+	}
 }
 
 /* If we've not found a hostname any other way, try and see if there's one in /etc/hosts
    for this address. If it has a domain part, that must match the set domain and
    it gets stripped. */
-char *host_from_dns(struct daemon *daemon, struct in_addr addr)
+char *host_from_dns(struct in_addr addr)
 {
-  struct crec *lookup = cache_find_by_addr(NULL, (struct all_addr *)&addr, 0, F_IPV4);
+  struct crec *lookup;
   char *hostname = NULL;
+
+  if (daemon->port == 0)
+    return NULL; /* DNS disabled. */
   
+  lookup = cache_find_by_addr(NULL, (struct all_addr *)&addr, 0, F_IPV4);
   if (lookup && (lookup->flags & F_HOSTS))
     {
       hostname = daemon->dhcp_buff;
       strncpy(hostname, cache_get_name(lookup), 256);
       hostname[255] = 0;
-      hostname = strip_hostname(daemon, hostname);
+      if (strip_hostname(hostname))
+	hostname = NULL;
     }
-
+  
   return hostname;
 }
 
-char *strip_hostname(struct daemon *daemon, char *hostname)
+/* return illegal domain or NULL if OK */
+char *strip_hostname(char *hostname)
 {
   char *dot = strchr(hostname, '.');
-  if (dot)
-    {
-      if (!daemon->domain_suffix || !hostname_isequal(dot+1, daemon->domain_suffix))
-	{
-	  syslog(LOG_WARNING, _("Ignoring DHCP host name %s because it has an illegal domain part"), hostname);
-	  hostname = NULL;
-	}
-      else
-	{
-	  *dot = 0; /* truncate */
-	  if (strlen(hostname) == 0)
-	    hostname = NULL; /* nothing left */
-	}
-    }
-  return hostname;
+ 
+  if (!dot)
+    return NULL;
+  
+  *dot = 0; /* truncate */
+  
+  if (*(dot+1) && (!daemon->domain_suffix || !hostname_isequal(dot+1, daemon->domain_suffix)))
+    return dot+1;
+  
+  return NULL;
 }

src/dnsmasq.h

@@ -1,26 +1,43 @@
-/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
-
+/* dnsmasq is Copyright (c) 2000-2008 Simon Kelley
+ 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#define COPYRIGHT "Copyright (C) 2000-2007 Simon Kelley" 
+#define COPYRIGHT "Copyright (C) 2000-2008 Simon Kelley" 
+
+#ifndef NO_LARGEFILE
+/* Ensure we can use files >2GB (log files may grow this big) */
+#  define _LARGEFILE_SOURCE 1
+#  define _FILE_OFFSET_BITS 64
+#endif
+
+/* Get linux C library versions. */
+#ifdef __linux__
+#  define _GNU_SOURCE
+#  include <features.h> 
+#endif
 
 /* get these before config.h  for IPv6 stuff... */
 #include <sys/types.h> 
 #include <netinet/in.h>
 
 #ifdef __APPLE__
-/* need this before arpa/nameser.h */
-#  define BIND_8_COMPAT
+#  include <nameser.h>
+#  include <arpa/nameser_compat.h>
+#else
+#  include <arpa/nameser.h>
 #endif
-#include <arpa/nameser.h>
 
 /* and this. */
 #include <getopt.h>
@@ -28,7 +45,7 @@
 #include "config.h"
 
 #define gettext_noop(S) (S)
-#ifdef NO_GETTEXT
+#ifndef LOCALEDIR
 #  define _(S) (S)
 #else
 #  include <libintl.h>
@@ -40,9 +57,13 @@
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/ioctl.h>
+#if defined(HAVE_SOLARIS_NETWORK)
+#include <sys/sockio.h>
+#endif
 #include <sys/select.h>
 #include <sys/wait.h>
 #include <sys/time.h>
+#include <sys/un.h>
 #include <limits.h>
 #include <net/if.h>
 #include <unistd.h>
@@ -52,12 +73,13 @@
 #include <fcntl.h>
 #include <ctype.h>
 #include <signal.h>
+#include <stddef.h>
 #include <time.h>
 #include <errno.h>
 #include <pwd.h>
 #include <grp.h>
 #include <stdarg.h>
-#if defined(__OpenBSD__) || defined(__NetBSD__)
+#if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__sun__) || defined (__sun)
 #  include <netinet/if_ether.h>
 #else
 #  include <net/ethernet.h>
@@ -73,14 +95,56 @@
 #  include <net/if_dl.h>
 #endif
 
-#ifdef HAVE_LINUX_NETWORK
+#if defined(HAVE_LINUX_NETWORK)
 #include <linux/capability.h>
 /* There doesn't seem to be a universally-available 
-   userpace header for this. */
+   userpace header for these. */
 extern int capset(cap_user_header_t header, cap_user_data_t data);
+extern int capget(cap_user_header_t header, cap_user_data_t data);
+#define LINUX_CAPABILITY_VERSION_1  0x19980330
+#define LINUX_CAPABILITY_VERSION_2  0x20071026
+#define LINUX_CAPABILITY_VERSION_3  0x20080522
+
 #include <sys/prctl.h>
+#elif defined(HAVE_SOLARIS_PRIVS)
+#include <priv.h>
 #endif
 
+/* daemon is function in the C library.... */
+#define daemon dnsmasq_daemon
+
+/* Async event queue */
+struct event_desc {
+  int event, data;
+};
+
+#define EVENT_RELOAD    1
+#define EVENT_DUMP      2
+#define EVENT_ALARM     3
+#define EVENT_TERM      4
+#define EVENT_CHILD     5
+#define EVENT_REOPEN    6
+#define EVENT_EXITED    7
+#define EVENT_KILLED    8
+#define EVENT_EXEC_ERR  9
+#define EVENT_PIPE_ERR  10
+#define EVENT_USER_ERR  11
+#define EVENT_CAP_ERR   12
+#define EVENT_PIDFILE   13
+#define EVENT_HUSER_ERR 14
+#define EVENT_GROUP_ERR 15
+#define EVENT_DIE       16
+#define EVENT_LOG_ERR   17
+
+/* Exit codes. */
+#define EC_GOOD        0
+#define EC_BADCONF     1
+#define EC_BADNET      2
+#define EC_FILE        3
+#define EC_NOMEM       4
+#define EC_MISC        5
+#define EC_INIT_OFFSET 10
+
 /* Min buffer size: we check after adding each record, so there must be 
    memory for the largest packet, and the largest record so the
    min for DNS is PACKETSZ+MAXDNAME+RRFIXEDSZ which is < 1000.
@@ -88,32 +152,38 @@ extern int capset(cap_user_header_t header, cap_user_data_t data);
 */
 #define DNSMASQ_PACKETSZ PACKETSZ+MAXDNAME+RRFIXEDSZ
 
-#define OPT_BOGUSPRIV      (1<<0)
-#define OPT_FILTER         (1<<1)
-#define OPT_LOG            (1<<2)
-#define OPT_SELFMX         (1<<3)
-#define OPT_NO_HOSTS       (1<<4)
-#define OPT_NO_POLL        (1<<5)
-#define OPT_DEBUG          (1<<6)
-#define OPT_ORDER          (1<<7)
-#define OPT_NO_RESOLV      (1<<8)
-#define OPT_EXPAND         (1<<9)
-#define OPT_LOCALMX        (1<<10)
-#define OPT_NO_NEG         (1<<11)
-#define OPT_NODOTS_LOCAL   (1<<12)
-#define OPT_NOWILD         (1<<13)
-#define OPT_ETHERS         (1<<14)
-#define OPT_RESOLV_DOMAIN  (1<<15)
-#define OPT_NO_FORK        (1<<16)
-#define OPT_AUTHORITATIVE  (1<<17)
-#define OPT_LOCALISE       (1<<18)
-#define OPT_DBUS           (1<<19)
-#define OPT_BOOTP_DYNAMIC  (1<<20)
-#define OPT_NO_PING        (1<<21)
-#define OPT_LEASE_RO       (1<<22)
-#define OPT_RELOAD         (1<<24)
-#define OPT_TFTP           (1<<25)
-#define OPT_TFTP_SECURE    (1<<26)
+#define OPT_BOGUSPRIV      (1u<<0)
+#define OPT_FILTER         (1u<<1)
+#define OPT_LOG            (1u<<2)
+#define OPT_SELFMX         (1u<<3)
+#define OPT_NO_HOSTS       (1u<<4)
+#define OPT_NO_POLL        (1u<<5)
+#define OPT_DEBUG          (1u<<6)
+#define OPT_ORDER          (1u<<7)
+#define OPT_NO_RESOLV      (1u<<8)
+#define OPT_EXPAND         (1u<<9)
+#define OPT_LOCALMX        (1u<<10)
+#define OPT_NO_NEG         (1u<<11)
+#define OPT_NODOTS_LOCAL   (1u<<12)
+#define OPT_NOWILD         (1u<<13)
+#define OPT_ETHERS         (1u<<14)
+#define OPT_RESOLV_DOMAIN  (1u<<15)
+#define OPT_NO_FORK        (1u<<16)
+#define OPT_AUTHORITATIVE  (1u<<17)
+#define OPT_LOCALISE       (1u<<18)
+#define OPT_DBUS           (1u<<19)
+#define OPT_BOOTP_DYNAMIC  (1u<<20)
+#define OPT_NO_PING        (1u<<21)
+#define OPT_LEASE_RO       (1u<<22)
+#define OPT_ALL_SERVERS    (1u<<23)
+#define OPT_RELOAD         (1u<<24)
+#define OPT_TFTP           (1u<<25)
+#define OPT_TFTP_SECURE    (1u<<26)
+#define OPT_TFTP_NOBLOCK   (1u<<27)
+#define OPT_LOG_OPTS       (1u<<28)
+#define OPT_TFTP_APREF     (1u<<29)
+#define OPT_NO_OVERRIDE    (1u<<30)
+#define OPT_NO_REBIND      (1u<<31)
 
 struct all_addr {
   union {
@@ -142,6 +212,12 @@ struct mx_srv_record {
   struct mx_srv_record *next;
 };
 
+struct naptr {
+  char *name, *replace, *regexp, *services, *flags;
+  unsigned int order, pref;
+  struct naptr *next;
+};
+
 struct txt_record {
   char *name, *txt;
   unsigned short class, len;
@@ -153,6 +229,12 @@ struct ptr_record {
   struct ptr_record *next;
 };
 
+struct interface_name {
+  char *name; /* domain name */
+  char *intr; /* interface name */
+  struct interface_name *next;
+};
+
 union bigname {
   char name[MAXDNAME];
   union bigname *next; /* freelist */
@@ -220,26 +302,34 @@ union mysockaddr {
 #define SERV_FROM_RESOLV       1  /* 1 for servers from resolv, 0 for command line. */
 #define SERV_NO_ADDR           2  /* no server, this domain is local only */
 #define SERV_LITERAL_ADDRESS   4  /* addr is the answer, not the server */ 
-#define SERV_HAS_SOURCE        8  /* source address specified */
-#define SERV_HAS_DOMAIN       16  /* server for one domain only */
+#define SERV_HAS_DOMAIN        8  /* server for one domain only */
+#define SERV_HAS_SOURCE       16  /* source address defined */
 #define SERV_FOR_NODOTS       32  /* server for names with no domain part only */
 #define SERV_WARNED_RECURSIVE 64  /* avoid warning spam */
 #define SERV_FROM_DBUS       128  /* 1 if source is DBus */
 #define SERV_MARK            256  /* for mark-and-delete */
 #define SERV_TYPE    (SERV_HAS_DOMAIN | SERV_FOR_NODOTS)
-
+#define SERV_COUNTED         512  /* workspace for log code */
 
 struct serverfd {
   int fd;
   union mysockaddr source_addr;
+  char interface[IF_NAMESIZE+1];
   struct serverfd *next;
 };
 
+struct randfd {
+  int fd;
+  unsigned short refcount, family;
+};
+  
 struct server {
   union mysockaddr addr, source_addr;
+  char interface[IF_NAMESIZE+1];
   struct serverfd *sfd; 
   char *domain; /* set if this server only handles a domain. */ 
   int flags, tcpfd;
+  unsigned int queries, failed_queries;
   struct server *next; 
 };
 
@@ -283,6 +373,10 @@ struct frec {
   union mysockaddr source;
   struct all_addr dest;
   struct server *sentto; /* NULL means free */
+  struct randfd *rfd4;
+#ifdef HAVE_IPV6
+  struct randfd *rfd6;
+#endif
   unsigned int iface;
   unsigned short orig_id, new_id;
   int fd, forwardall;
@@ -314,9 +408,10 @@ struct dhcp_lease {
 #endif
   int hwaddr_len, hwaddr_type;
   unsigned char hwaddr[DHCP_CHADDR_MAX]; 
-  struct in_addr addr;
+  struct in_addr addr, override;
   unsigned char *vendorclass, *userclass;
   unsigned int vendorclass_len, userclass_len;
+  int last_interface;
   struct dhcp_lease *next;
 };
 
@@ -355,6 +450,7 @@ struct dhcp_config {
 #define CONFIG_FROM_ETHERS     256    /* entry created by /etc/ethers */
 #define CONFIG_ADDR_HOSTS      512    /* address added by from /etc/hosts */
 #define CONFIG_DECLINED       1024    /* address declined by client */
+#define CONFIG_BANK           2048    /* from dhcp hosts file */
 
 struct dhcp_opt {
   int opt, len, flags;
@@ -365,7 +461,10 @@ struct dhcp_opt {
 
 #define DHOPT_ADDR               1
 #define DHOPT_STRING             2
-#define DHOPT_VENDOR_MATCH       4
+#define DHOPT_ENCAPSULATE        4
+#define DHOPT_VENDOR_MATCH       8
+#define DHOPT_FORCE             16
+#define DHOPT_BANK              32
 
 struct dhcp_boot {
   char *file, *sname;
@@ -374,8 +473,16 @@ struct dhcp_boot {
   struct dhcp_boot *next;
 };
 
+#define MATCH_VENDOR     1
+#define MATCH_USER       2
+#define MATCH_CIRCUIT    3
+#define MATCH_REMOTE     4
+#define MATCH_SUBSCRIBER 5
+#define MATCH_OPTION     6
+
+/* vendorclass, userclass, remote-id or cicuit-id */
 struct dhcp_vendor {
-  int len, is_vendor;
+  int len, match_type, option;
   char *data;
   struct dhcp_netid netid;
   struct dhcp_vendor *next;
@@ -389,7 +496,7 @@ struct dhcp_mac {
   struct dhcp_mac *next;
 };
 
-#if defined(__FreeBSD__) || defined(__DragonFly__)
+#ifdef HAVE_BSD_BRIDGE
 struct dhcp_bridge {
   char iface[IF_NAMESIZE];
   struct dhcp_bridge *alias, *next;
@@ -434,6 +541,8 @@ struct ping_result {
 struct tftp_file {
   int refcount, fd;
   off_t size;
+  dev_t dev;
+  ino_t inode;
   char filename[];
 };
 
@@ -441,14 +550,15 @@ struct tftp_transfer {
   int sockfd;
   time_t timeout;
   int backoff;
-  unsigned int block, blocksize;
+  unsigned int block, blocksize, expansion;
+  off_t offset;
   struct sockaddr_in peer;
-  char opt_blocksize, opt_transize;
+  char opt_blocksize, opt_transize, netascii, carrylf;
   struct tftp_file *file;
   struct tftp_transfer *next;
 };
 
-struct daemon {
+extern struct daemon {
   /* datastuctures representing the command-line and 
      config file arguments. All set (including defaults)
      in option.c */
@@ -456,11 +566,14 @@ struct daemon {
   unsigned int options;
   struct resolvc default_resolv, *resolv_files;
   struct mx_srv_record *mxnames;
+  struct naptr *naptr;
   struct txt_record *txt;
   struct ptr_record *ptr;
+  struct interface_name *int_names;
   char *mxtarget;
   char *lease_file; 
-  char *username, *groupname;
+  char *username, *groupname, *scriptuser;
+  int group_set, osport;
   char *domain_suffix;
   char *runfile; 
   char *lease_change_command;
@@ -468,34 +581,44 @@ struct daemon {
   struct bogus_addr *bogus_addr;
   struct server *servers;
   int log_fac; /* log facility */
+  char *log_file; /* optional log file */
+  int max_logs;  /* queue limit */
   int cachesize, ftabsize;
-  int port, query_port;
-  unsigned long local_ttl;
+  int port, query_port, min_port;
+  unsigned long local_ttl, neg_ttl;
   struct hostsfile *addn_hosts;
   struct dhcp_context *dhcp;
   struct dhcp_config *dhcp_conf;
-  struct dhcp_opt *dhcp_opts, *vendor_opts;
+  struct dhcp_opt *dhcp_opts;
   struct dhcp_vendor *dhcp_vendors;
   struct dhcp_mac *dhcp_macs;
   struct dhcp_boot *boot_config;
-  struct dhcp_netid_list *dhcp_ignore, *dhcp_ignore_names;
-  int dhcp_max, tftp_max; 
+  struct dhcp_netid_list *dhcp_ignore, *dhcp_ignore_names, *force_broadcast;
+  char *dhcp_hosts_file, *dhcp_opts_file;
+  int dhcp_max, tftp_max;
+  int dhcp_server_port, dhcp_client_port;
+  int start_tftp_port, end_tftp_port; 
   unsigned int min_leasetime;
   struct doctor *doctors;
   unsigned short edns_pktsz;
+  char *tftp_prefix; 
 
   /* globally used stuff for DNS */
   char *packet; /* packet buffer */
   int packet_buff_sz; /* size of above */
   char *namebuff; /* MAXDNAME size buffer */
+  unsigned int local_answer, queries_forwarded;
+  struct frec *frec_list;
   struct serverfd *sfds;
   struct irec *interfaces;
   struct listener *listeners;
   struct server *last_server;
   struct server *srv_save; /* Used for resend on DoD */
   size_t packet_len;       /*      "        "        */
-  pid_t tcp_pids[MAX_PROCS];
- 
+  struct randfd *rfd_save; /*      "        "        */
+pid_t tcp_pids[MAX_PROCS];
+  struct randfd randomsocks[RANDOM_SOCKS];
+
   /* DHCP state */
   int dhcpfd, helperfd; 
 #ifdef HAVE_LINUX_NETWORK
@@ -507,7 +630,7 @@ struct daemon {
   char *dhcp_buff, *dhcp_buff2;
   struct ping_result *ping_results;
   FILE *lease_stream;
-#if defined(__FreeBSD__) || defined(__DragonFly__)
+#ifdef HAVE_BSD_BRIDGE
   struct dhcp_bridge *bridges;
 #endif
 
@@ -520,13 +643,14 @@ struct daemon {
 
   /* TFTP stuff */
   struct tftp_transfer *tftp_trans;
-  char *tftp_prefix; 
-};
+
+} *daemon;
 
 /* cache.c */
-void cache_init(int cachesize, int log);
-void log_query(unsigned short flags, char *name, struct all_addr *addr, 
-	       unsigned short type, struct hostsfile *addn_hosts, int index);
+void cache_init(void);
+void log_query(unsigned short flags, char *name, struct all_addr *addr, char *arg); 
+char *record_source(struct hostsfile *addn_hosts, int index);
+void querystr(char *str, unsigned short type);
 struct crec *cache_find_by_addr(struct crec *crecp,
 				struct all_addr *addr, time_t now, 
 				unsigned short prot);
@@ -537,9 +661,9 @@ void cache_start_insert(void);
 struct crec *cache_insert(char *name, struct all_addr *addr,
 			  time_t now, unsigned long ttl, unsigned short flags);
 void cache_reload(int opts, char *buff, char *domain_suffix, struct hostsfile  *addn_hosts);
-void cache_add_dhcp_entry(struct daemon *daemon, char *host_name, struct in_addr *host_address, time_t ttd);
+void cache_add_dhcp_entry(char *host_name, struct in_addr *host_address, time_t ttd);
 void cache_unhash_dhcp(void);
-void dump_cache(struct daemon *daemon, time_t now);
+void dump_cache(time_t now);
 char *cache_get_name(struct crec *crecp);
 
 /* rfc1035.c */
@@ -548,27 +672,27 @@ unsigned short extract_request(HEADER *header, size_t qlen,
 size_t setup_reply(HEADER *header, size_t  qlen,
 		   struct all_addr *addrp, unsigned short flags,
 		   unsigned long local_ttl);
-void extract_addresses(HEADER *header, size_t qlen, char *namebuff, 
-		       time_t now, struct daemon *daemon);
-size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *daemon, 
+int extract_addresses(HEADER *header, size_t qlen, char *namebuff, time_t now);
+size_t answer_request(HEADER *header, char *limit, size_t qlen,  
 		   struct in_addr local_addr, struct in_addr local_netmask, time_t now);
 int check_for_bogus_wildcard(HEADER *header, size_t qlen, char *name, 
 			     struct bogus_addr *addr, time_t now);
 unsigned char *find_pseudoheader(HEADER *header, size_t plen,
 				 size_t *len, unsigned char **p, int *is_sign);
-int check_for_local_domain(char *name, time_t now, struct daemon *daemon);
+int check_for_local_domain(char *name, time_t now);
 unsigned int questions_crc(HEADER *header, size_t plen, char *buff);
 size_t resize_packet(HEADER *header, size_t plen, 
 		  unsigned char *pheader, size_t hlen);
 
 /* util.c */
+void rand_init(void);
 unsigned short rand16(void);
 int legal_char(char c);
 int canonicalise(char *s);
 unsigned char *do_rfc1035_name(unsigned char *p, char *sval);
-void die(char *message, char *arg1);
-void complain(char *message, int lineno, char *file);
 void *safe_malloc(size_t size);
+void safe_pipe(int *fd, int read_noblock);
+void *whine_malloc(size_t size);
 int sa_len(union mysockaddr *addr);
 int sockaddr_isequal(union mysockaddr *s1, union mysockaddr *s2);
 int hostname_isequal(char *a, char *b);
@@ -582,41 +706,58 @@ int parse_hex(char *in, unsigned char *out, int maxlen,
 int memcmp_masked(unsigned char *a, unsigned char *b, int len, 
 		  unsigned int mask);
 int expand_buf(struct iovec *iov, size_t size);
-char *print_mac(struct daemon *daemon, unsigned char *mac, int len);
+char *print_mac(char *buff, unsigned char *mac, int len);
 void bump_maxfd(int fd, int *max);
-void log_start(struct daemon *daemon);
 int read_write(int fd, unsigned char *packet, int size, int rw);
 
+/* log.c */
+void die(char *message, char *arg1, int exit_code);
+int log_start(struct passwd *ent_pw, int errfd);
+int log_reopen(char *log_file);
+void my_syslog(int priority, const char *format, ...);
+void set_log_writer(fd_set *set, int *maxfdp);
+void check_log_writer(fd_set *set);
+void flush_log(void);
+
 /* option.c */
-struct daemon *read_opts (int argc, char **argv, char *compile_opts);
+void read_opts (int argc, char **argv, char *compile_opts);
+char *option_string(unsigned char opt);
+void reread_dhcp(void);
 
 /* forward.c */
-void reply_query(struct serverfd *sfd, struct daemon *daemon, time_t now);
-void receive_query(struct listener *listen, struct daemon *daemon, time_t now);
-unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
+void reply_query(int fd, int family, time_t now);
+void receive_query(struct listener *listen, time_t now);
+unsigned char *tcp_request(int confd, time_t now,
 			   struct in_addr local_addr, struct in_addr netmask);
-void server_gone(struct daemon *daemon, struct server *server);
-struct frec *get_new_frec(struct daemon *daemon, time_t now, int *wait);
+void server_gone(struct server *server);
+struct frec *get_new_frec(time_t now, int *wait);
 
 /* network.c */
-struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds);
-int reload_servers(char *fname, struct daemon *daemon);
-void check_servers(struct daemon *daemon);
-int enumerate_interfaces(struct daemon *daemon);
-struct listener *create_wildcard_listeners(int port, int have_tftp);
-struct listener *create_bound_listeners(struct daemon *daemon);
-int iface_check(struct daemon *daemon, int family, struct all_addr *addr, 
+int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp);
+int random_sock(int family);
+void pre_allocate_sfds(void);
+int reload_servers(char *fname);
+void check_servers(void);
+int enumerate_interfaces();
+struct listener *create_wildcard_listeners(void);
+struct listener *create_bound_listeners(void);
+int iface_check(int family, struct all_addr *addr, 
 		struct ifreq *ifr, int *indexp);
 int fix_fd(int fd);
+struct in_addr get_ifaddr(char *intr);
 
 /* dhcp.c */
-void dhcp_init(struct daemon *daemon);
-void dhcp_packet(struct daemon *daemon, time_t now);
+void dhcp_init(void);
+void dhcp_packet(time_t now);
 
-struct dhcp_context *address_available(struct dhcp_context *context, struct in_addr addr);
-struct dhcp_context *narrow_context(struct dhcp_context *context, struct in_addr taddr);
+struct dhcp_context *address_available(struct dhcp_context *context, 
+				       struct in_addr addr,
+				       struct dhcp_netid *netids);
+struct dhcp_context *narrow_context(struct dhcp_context *context, 
+				    struct in_addr taddr,
+				    struct dhcp_netid *netids);
 int match_netid(struct dhcp_netid *check, struct dhcp_netid *pool, int negonly);
-int address_allocate(struct dhcp_context *context, struct daemon *daemon,
+int address_allocate(struct dhcp_context *context,
 		     struct in_addr *addrp, unsigned char *hwaddr, int hw_len,
 		     struct dhcp_netid *netids, time_t now);
 struct dhcp_config *find_config(struct dhcp_config *configs,
@@ -625,76 +766,80 @@ struct dhcp_config *find_config(struct dhcp_config *configs,
 				unsigned char *hwaddr, int hw_len, 
 				int hw_type, char *hostname);
 void dhcp_update_configs(struct dhcp_config *configs);
-void dhcp_read_ethers(struct daemon *daemon);
+void dhcp_read_ethers(void);
+void check_dhcp_hosts(int fatal);
 struct dhcp_config *config_find_by_address(struct dhcp_config *configs, struct in_addr addr);
-char *strip_hostname(struct daemon *daemon, char *hostname);
-char *host_from_dns(struct daemon *daemon, struct in_addr addr);
+char *strip_hostname(char *hostname);
+char *host_from_dns(struct in_addr addr);
 
 /* lease.c */
-void lease_update_file(struct daemon *daemon, time_t now);
-void lease_update_dns(struct daemon *daemon);
-void lease_init(struct daemon *daemon, time_t now);
+void lease_update_file(time_t now);
+void lease_update_dns();
+void lease_init(time_t now);
 struct dhcp_lease *lease_allocate(struct in_addr addr);
 void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
 		      unsigned char *clid, int hw_len, int hw_type, int clid_len);
 void lease_set_hostname(struct dhcp_lease *lease, char *name, 
 			char *suffix, int auth);
 void lease_set_expires(struct dhcp_lease *lease, unsigned int len, time_t now);
+void lease_set_interface(struct dhcp_lease *lease, int interface);
 struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr, int hw_len, int hw_type,  
 					unsigned char *clid, int clid_len);
 struct dhcp_lease *lease_find_by_addr(struct in_addr addr);
 void lease_prune(struct dhcp_lease *target, time_t now);
-void lease_update_from_configs(struct daemon *daemon);
-int do_script_run(struct daemon *daemon);
+void lease_update_from_configs(void);
+int do_script_run(time_t now);
+void rerun_scripts(void);
 
 /* rfc2131.c */
-size_t dhcp_reply(struct daemon *daemon, struct dhcp_context *context, char *iface_name, size_t sz, time_t now, int unicast_dest);
+size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+		  size_t sz, time_t now, int unicast_dest, int *is_inform);
 
 /* dnsmasq.c */
 int make_icmp_sock(void);
-int icmp_ping(struct daemon *daemon, struct in_addr addr);
-void clear_cache_and_reload(struct daemon *daemon, time_t now);
+int icmp_ping(struct in_addr addr);
+void send_event(int fd, int event, int data);
+void clear_cache_and_reload(time_t now);
 
 /* isc.c */
 #ifdef HAVE_ISC_READER
-void load_dhcp(struct daemon *daemon, time_t now);
+void load_dhcp(time_t now);
 #endif
 
 /* netlink.c */
 #ifdef HAVE_LINUX_NETWORK
-void netlink_init(struct daemon *daemon);
-int iface_enumerate(struct daemon *daemon, void *parm,
-		    int (*ipv4_callback)(), int (*ipv6_callback)());
-void netlink_multicast(struct daemon *daemon);
+void netlink_init(void);
+void netlink_multicast(void);
 #endif
 
 /* bpf.c */
-#ifndef HAVE_LINUX_NETWORK
-void init_bpf(struct daemon *daemon);
-void send_via_bpf(struct daemon *daemon, struct dhcp_packet *mess, size_t len,
+#ifdef HAVE_BSD_NETWORK
+void init_bpf(void);
+void send_via_bpf(struct dhcp_packet *mess, size_t len,
 		  struct in_addr iface_addr, struct ifreq *ifr);
-int iface_enumerate(struct daemon *daemon, void *parm,
-		    int (*ipv4_callback)(), int (*ipv6_callback)());
 #endif
 
+/* bpf.c or netlink.c */
+int iface_enumerate(void *parm, int (*ipv4_callback)(), int (*ipv6_callback)());
+
 /* dbus.c */
 #ifdef HAVE_DBUS
-char *dbus_init(struct daemon *daemon);
-void check_dbus_listeners(struct daemon *daemon,
-			  fd_set *rset, fd_set *wset, fd_set *eset);
-void set_dbus_listeners(struct daemon *daemon, int *maxfdp, 
-			fd_set *rset, fd_set *wset, fd_set *eset);
+char *dbus_init(void);
+void check_dbus_listeners(fd_set *rset, fd_set *wset, fd_set *eset);
+void set_dbus_listeners(int *maxfdp, fd_set *rset, fd_set *wset, fd_set *eset);
 #endif
 
 /* helper.c */
-int create_helper(struct daemon *daemon);
-void helper_write(struct daemon *daemon);
-void queue_script(struct daemon *daemon, int action, 
-		  struct dhcp_lease *lease, char *hostname);
+#ifndef NO_FORK
+int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd);
+void helper_write(void);
+void queue_script(int action, struct dhcp_lease *lease, 
+		  char *hostname, time_t now);
 int helper_buf_empty(void);
+#endif
 
 /* tftp.c */
 #ifdef HAVE_TFTP
-void tftp_request(struct listener *listen, struct daemon *daemon, time_t now);
-void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now);
+void tftp_request(struct listener *listen, time_t now);
+void check_tftp_listeners(fd_set *rset, time_t now);
 #endif

src/forward.c

@@ -1,27 +1,30 @@
-/* dnsmasq is Copyright (c) 2000 - 2005 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
 
-static struct frec *frec_list = NULL;
-
 static struct frec *lookup_frec(unsigned short id, unsigned int crc);
 static struct frec *lookup_frec_by_sender(unsigned short id,
 					  union mysockaddr *addr,
 					  unsigned int crc);
 static unsigned short get_id(int force, unsigned short force_id, unsigned int crc);
+static void free_frec(struct frec *f);
+static struct randfd *allocate_rfd(int family);
 
-
-/* Send a UDP packet with it's source address set as "source" 
+/* Send a UDP packet with its source address set as "source" 
    unless nowild is true, when we just send it with the kernel default */
 static void send_from(int fd, int nowild, char *packet, size_t len, 
 		      union mysockaddr *to, struct all_addr *source,
@@ -107,7 +110,7 @@ static void send_from(int fd, int nowild, char *packet, size_t len,
     }
 }
           
-static unsigned short search_servers(struct daemon *daemon, time_t now, struct all_addr **addrpp, 
+static unsigned short search_servers(time_t now, struct all_addr **addrpp, 
 				     unsigned short qtype, char *qdomain, int *type, char **domain)
 			      
 {
@@ -140,7 +143,7 @@ static unsigned short search_servers(struct daemon *daemon, time_t now, struct a
 		  *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
 #endif 
 	      }
-	    else if (!flags)
+	    else if (!flags || (flags & F_NXDOMAIN))
 	      flags = F_NOERR;
 	  } 
       }
@@ -161,9 +164,9 @@ static unsigned short search_servers(struct daemon *daemon, time_t now, struct a
 	      flags = F_NXDOMAIN;
 	    else if (serv->flags & SERV_LITERAL_ADDRESS)
 	      {
-		if ((sflag | F_QUERY ) & qtype)
+		if (sflag & qtype)
 		  {
-		    flags = qtype & ~F_BIGNAME;
+		    flags = sflag;
 		    if (serv->addr.sa.sa_family == AF_INET) 
 		      *addrpp = (struct all_addr *)&serv->addr.in.sin_addr;
 #ifdef HAVE_IPV6
@@ -171,37 +174,36 @@ static unsigned short search_servers(struct daemon *daemon, time_t now, struct a
 		      *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr;
 #endif
 		  }
-		else if (!flags)
+		else if (!flags || (flags & F_NXDOMAIN))
 		  flags = F_NOERR;
 	      }
 	  } 
       }
 
-  if (flags & ~(F_NOERR | F_NXDOMAIN)) /* flags set here means a literal found */
-    {
-      if (flags & F_QUERY)
-	log_query(F_CONFIG | F_FORWARD | F_NEG, qdomain, NULL, 0, NULL, 0);
-      else
-	log_query(F_CONFIG | F_FORWARD | flags, qdomain, *addrpp, 0, NULL, 0);
-    }
-  else if (qtype && !(qtype & F_BIGNAME) && 
-	   (daemon->options & OPT_NODOTS_LOCAL) && !strchr(qdomain, '.') && namelen != 0)
-    /* don't forward simple names, make exception from NS queries and empty name. */
+  if (flags == 0 && !(qtype & F_BIGNAME) && 
+      (daemon->options & OPT_NODOTS_LOCAL) && !strchr(qdomain, '.') && namelen != 0)
+    /* don't forward simple names, make exception for NS queries and empty name. */
     flags = F_NXDOMAIN;
     
-  if (flags == F_NXDOMAIN && check_for_local_domain(qdomain, now, daemon))
+  if (flags == F_NXDOMAIN && check_for_local_domain(qdomain, now))
     flags = F_NOERR;
 
-  if (flags == F_NXDOMAIN || flags == F_NOERR)
-    log_query(F_CONFIG | F_FORWARD | F_NEG | qtype | (flags & F_NXDOMAIN), qdomain, NULL, 0, NULL, 0);
+  if (flags)
+    {
+      int logflags = 0;
+      
+      if (flags == F_NXDOMAIN || flags == F_NOERR)
+	logflags = F_NEG | qtype;
+  
+      log_query(logflags | flags | F_CONFIG | F_FORWARD, qdomain, *addrpp, NULL);
+    }
 
   return  flags;
 }
 
-/* returns new last_server */	
-static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *udpaddr,
-			  struct all_addr *dst_addr, unsigned int dst_iface,
-			  HEADER *header, size_t plen, time_t now, struct frec *forward)
+static int forward_query(int udpfd, union mysockaddr *udpaddr,
+			 struct all_addr *dst_addr, unsigned int dst_iface,
+			 HEADER *header, size_t plen, time_t now, struct frec *forward)
 {
   char *domain = NULL;
   int type = 0;
@@ -218,6 +220,7 @@ static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *ud
     {
       /* retry on existing query, send to all available servers  */
       domain = forward->sentto->domain;
+      forward->sentto->failed_queries++;
       if (!(daemon->options & OPT_ORDER))
 	{
 	  forward->forwardall = 1;
@@ -231,9 +234,9 @@ static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *ud
   else 
     {
       if (gotname)
-	flags = search_servers(daemon, now, &addrp, gotname, daemon->namebuff, &type, &domain);
+	flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain);
       
-      if (!flags && !(forward = get_new_frec(daemon, now, NULL)))
+      if (!flags && !(forward = get_new_frec(now, NULL)))
 	/* table full - server failure. */
 	flags = F_NEG;
       
@@ -286,7 +289,34 @@ static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *ud
 	      (type != SERV_HAS_DOMAIN || hostname_isequal(domain, start->domain)) &&
 	      !(start->flags & SERV_LITERAL_ADDRESS))
 	    {
-	      if (sendto(start->sfd->fd, (char *)header, plen, 0,
+	      int fd;
+
+	      /* find server socket to use, may need to get random one. */
+	      if (start->sfd)
+		fd = start->sfd->fd;
+	      else 
+		{
+#ifdef HAVE_IPV6
+		  if (start->addr.sa.sa_family == AF_INET6)
+		    {
+		      if (!forward->rfd6 &&
+			  !(forward->rfd6 = allocate_rfd(AF_INET6)))
+			break;
+		      daemon->rfd_save = forward->rfd6;
+		      fd = forward->rfd6->fd;
+		    }
+		  else
+#endif
+		    {
+		      if (!forward->rfd4 &&
+			  !(forward->rfd4 = allocate_rfd(AF_INET)))
+			break;
+		      daemon->rfd_save = forward->rfd4;
+		      fd = forward->rfd4->fd;
+		    }
+		}
+	      
+	      if (sendto(fd, (char *)header, plen, 0,
 			 &start->addr.sa,
 			 sa_len(&start->addr)) == -1)
 		{
@@ -303,14 +333,13 @@ static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *ud
 		    strcpy(daemon->namebuff, "query");
 		  if (start->addr.sa.sa_family == AF_INET)
 		    log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, 
-			      (struct all_addr *)&start->addr.in.sin_addr, 0,
-			      NULL, 0); 
+			      (struct all_addr *)&start->addr.in.sin_addr, NULL); 
 #ifdef HAVE_IPV6
 		  else
 		    log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, 
-			      (struct all_addr *)&start->addr.in6.sin6_addr, 0,
-			      NULL, 0);
+			      (struct all_addr *)&start->addr.in6.sin6_addr, NULL);
 #endif 
+		  start->queries++;
 		  forwarded = 1;
 		  forward->sentto = start;
 		  if (!forward->forwardall) 
@@ -327,11 +356,11 @@ static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *ud
 	}
       
       if (forwarded)
-	  return;
+	return 1;
       
       /* could not send on, prepare to return */ 
       header->id = htons(forward->orig_id);
-      forward->sentto = NULL; /* cancel */
+      free_frec(forward); /* cancel */
     }	  
   
   /* could not send on, return empty answer or address if known for whole domain */
@@ -341,10 +370,10 @@ static void forward_query(struct daemon *daemon, int udpfd, union mysockaddr *ud
       send_from(udpfd, daemon->options & OPT_NOWILD, (char *)header, plen, udpaddr, dst_addr, dst_iface);
     }
 
-  return;
+  return 0;
 }
 
-static size_t process_reply(struct daemon *daemon, HEADER *header, time_t now, 
+static size_t process_reply(HEADER *header, time_t now, 
 			    struct server *server, size_t n)
 {
   unsigned char *pheader, *sizep;
@@ -373,7 +402,7 @@ static size_t process_reply(struct daemon *daemon, HEADER *header, time_t now,
       server && !(server->flags & SERV_WARNED_RECURSIVE))
     {
       prettyprint_addr(&server->addr, daemon->namebuff);
-      syslog(LOG_WARNING, _("nameserver %s refused to do a recursive query"), daemon->namebuff);
+      my_syslog(LOG_WARNING, _("nameserver %s refused to do a recursive query"), daemon->namebuff);
       if (!(daemon->options & OPT_LOG))
 	server->flags |= SERV_WARNED_RECURSIVE;
     }  
@@ -389,7 +418,7 @@ static size_t process_reply(struct daemon *daemon, HEADER *header, time_t now,
     {
       if (header->rcode == NXDOMAIN && 
 	  extract_request(header, n, daemon->namebuff, NULL) &&
-	  check_for_local_domain(daemon->namebuff, now, daemon))
+	  check_for_local_domain(daemon->namebuff, now))
 	{
 	  /* if we forwarded a query for a locally known name (because it was for 
 	     an unknown type) and the answer is NXDOMAIN, convert that to NODATA,
@@ -399,7 +428,11 @@ static size_t process_reply(struct daemon *daemon, HEADER *header, time_t now,
 	  header->rcode = NOERROR;
 	}
       
-      extract_addresses(header, n, daemon->namebuff, now, daemon);
+      if (extract_addresses(header, n, daemon->namebuff, now))
+	{
+	  my_syslog(LOG_WARNING, _("possible DNS-rebind attack detected"));
+	  munged = 1;
+	}
     }
   
   /* do this after extract_addresses. Ensure NODATA reply and remove
@@ -419,7 +452,7 @@ static size_t process_reply(struct daemon *daemon, HEADER *header, time_t now,
 }
 
 /* sets new last_server */
-void reply_query(struct serverfd *sfd, struct daemon *daemon, time_t now)
+void reply_query(int fd, int family, time_t now)
 {
   /* packet from peer server, extract data for cache, and send to
      original requester */
@@ -427,89 +460,102 @@ void reply_query(struct serverfd *sfd, struct daemon *daemon, time_t now)
   union mysockaddr serveraddr;
   struct frec *forward;
   socklen_t addrlen = sizeof(serveraddr);
-  ssize_t n = recvfrom(sfd->fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen);
+  ssize_t n = recvfrom(fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen);
   size_t nn;
-
+  struct server *server;
+  
   /* packet buffer overwritten */
   daemon->srv_save = NULL;
   
   /* Determine the address of the server replying  so that we can mark that as good */
-  serveraddr.sa.sa_family = sfd->source_addr.sa.sa_family;
+  serveraddr.sa.sa_family = family;
 #ifdef HAVE_IPV6
   if (serveraddr.sa.sa_family == AF_INET6)
     serveraddr.in6.sin6_flowinfo = 0;
 #endif
   
+  /* spoof check: answer must come from known server, */
+  for (server = daemon->servers; server; server = server->next)
+    if (!(server->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) &&
+	sockaddr_isequal(&server->addr, &serveraddr))
+      break;
+   
   header = (HEADER *)daemon->packet;
   
-  if (n >= (int)sizeof(HEADER) && header->qr && 
-      (forward = lookup_frec(ntohs(header->id), questions_crc(header, n, daemon->namebuff))))
+  if (!server ||
+      n < (int)sizeof(HEADER) || !header->qr ||
+      !(forward = lookup_frec(ntohs(header->id), questions_crc(header, n, daemon->namebuff))))
+    return;
+   
+  server = forward->sentto;
+  
+  if ((header->rcode == SERVFAIL || header->rcode == REFUSED) &&
+      !(daemon->options & OPT_ORDER) &&
+      forward->forwardall == 0)
+    /* for broken servers, attempt to send to another one. */
     {
-      struct server *server = forward->sentto;
+      unsigned char *pheader;
+      size_t plen;
+      int is_sign;
       
-      if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && forward->forwardall == 0)
-	/* for broken servers, attempt to send to another one. */
+      /* recreate query from reply */
+      pheader = find_pseudoheader(header, (size_t)n, &plen, NULL, &is_sign);
+      if (!is_sign)
 	{
-	  unsigned char *pheader;
-	  size_t plen;
-	  int is_sign;
+	  header->ancount = htons(0);
+	  header->nscount = htons(0);
+	  header->arcount = htons(0);
+	  if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
+	    {
+	      header->qr = 0;
+	      header->tc = 0;
+	      forward_query(-1, NULL, NULL, 0, header, nn, now, forward);
+	      return;
+	    }
+	}
+    }   
+  
+  if ((forward->sentto->flags & SERV_TYPE) == 0)
+    {
+      if (header->rcode == SERVFAIL || header->rcode == REFUSED)
+	server = NULL;
+      else
+	{
+	  struct server *last_server;
 	  
-	  /* recreate query from reply */
-	  pheader = find_pseudoheader(header, (size_t)n, &plen, NULL, &is_sign);
-	  if (!is_sign)
-	    {
-	      header->ancount = htons(0);
-	      header->nscount = htons(0);
-	      header->arcount = htons(0);
-	      if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
-		{
-		  header->qr = 0;
-		  header->tc = 0;
-		  forward_query(daemon, -1, NULL, NULL, 0, header, nn, now, forward);
-		  return;
-		}
-	    }
-	}   
-      
-      if ((forward->sentto->flags & SERV_TYPE) == 0)
+	  /* find good server by address if possible, otherwise assume the last one we sent to */ 
+	  for (last_server = daemon->servers; last_server; last_server = last_server->next)
+	    if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) &&
+		sockaddr_isequal(&last_server->addr, &serveraddr))
+	      {
+		server = last_server;
+		break;
+	      }
+	} 
+      if (!(daemon->options & OPT_ALL_SERVERS))
+	daemon->last_server = server;
+    }
+  
+  /* If the answer is an error, keep the forward record in place in case
+     we get a good reply from another server. Kill it when we've
+     had replies from all to avoid filling the forwarding table when
+     everything is broken */
+  if (forward->forwardall == 0 || --forward->forwardall == 1 || 
+      (header->rcode != REFUSED && header->rcode != SERVFAIL))
+    {
+      if ((nn = process_reply(header, now, server, (size_t)n)))
 	{
-	  if (header->rcode == SERVFAIL || header->rcode == REFUSED)
-	    server = NULL;
-	  else
-	    {
-	      struct server *last_server;
-	      /* find good server by address if possible, otherwise assume the last one we sent to */ 
-	      for (last_server = daemon->servers; last_server; last_server = last_server->next)
-		if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) &&
-		    sockaddr_isequal(&last_server->addr, &serveraddr))
-		  {
-		    server = last_server;
-		    break;
-		  }
-	    } 
-	  daemon->last_server = server;
-	}
-      
-      /* If the answer is an error, keep the forward record in place in case
-	 we get a good reply from another server. Kill it when we've
-	 had replies from all to avoid filling the forwarding table when
-	 everything is broken */
-      if (forward->forwardall == 0 || --forward->forwardall == 1 || 
-	  (header->rcode != REFUSED && header->rcode != SERVFAIL))
-	{
-	  if ((nn = process_reply(daemon, header, now, server, (size_t)n)))
-	    {
-	      header->id = htons(forward->orig_id);
-	      header->ra = 1; /* recursion if available */
-	      send_from(forward->fd, daemon->options & OPT_NOWILD, daemon->packet, nn, 
-			&forward->source, &forward->dest, forward->iface);
-	    }
-	  forward->sentto = NULL; /* cancel */
+	  header->id = htons(forward->orig_id);
+	  header->ra = 1; /* recursion if available */
+	  send_from(forward->fd, daemon->options & OPT_NOWILD, daemon->packet, nn, 
+		    &forward->source, &forward->dest, forward->iface);
 	}
+      free_frec(forward); /* cancel */
     }
 }
 
-void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
+
+void receive_query(struct listener *listen, time_t now)
 {
   HEADER *header = (HEADER *)daemon->packet;
   union mysockaddr source_addr;
@@ -529,6 +575,9 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
 #endif
 #if defined(HAVE_LINUX_NETWORK)
     char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
+#elif defined(IP_RECVDSTADDR) && defined(HAVE_SOLARIS_NETWORK)
+    char control[CMSG_SPACE(sizeof(struct in_addr)) +
+		 CMSG_SPACE(sizeof(unsigned int))];
 #elif defined(IP_RECVDSTADDR)
     char control[CMSG_SPACE(sizeof(struct in_addr)) +
 		 CMSG_SPACE(sizeof(struct sockaddr_dl))];
@@ -596,7 +645,11 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
 	    if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVDSTADDR)
 	      dst_addr_4 = dst_addr.addr.addr4 = *((struct in_addr *)CMSG_DATA(cmptr));
 	    else if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
+#ifdef HAVE_SOLARIS_NETWORK
+	      if_index = *((unsigned int *)CMSG_DATA(cmptr));
+#else
 	      if_index = ((struct sockaddr_dl *)CMSG_DATA(cmptr))->sdl_index;
+#endif
 	}
 #endif
       
@@ -626,7 +679,7 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
 	return;
 #endif
       
-      if (!iface_check(daemon, listen->family, &dst_addr, &ifr, &if_index))
+      if (!iface_check(listen->family, &dst_addr, &ifr, &if_index))
 	return;
       
       if (listen->family == AF_INET &&
@@ -639,30 +692,40 @@ void receive_query(struct listener *listen, struct daemon *daemon, time_t now)
   
   if (extract_request(header, (size_t)n, daemon->namebuff, &type))
     {
+      char types[20];
+
+      querystr(types, type);
+
       if (listen->family == AF_INET) 
 	log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, 
-		  (struct all_addr *)&source_addr.in.sin_addr, type, NULL, 0);
+		  (struct all_addr *)&source_addr.in.sin_addr, types);
 #ifdef HAVE_IPV6
       else
 	log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, 
-		  (struct all_addr *)&source_addr.in6.sin6_addr, type, NULL, 0);
+		  (struct all_addr *)&source_addr.in6.sin6_addr, types);
 #endif
     }
 
-  m = answer_request (header, ((char *) header) + PACKETSZ, (size_t)n, daemon, 
+  m = answer_request (header, ((char *) header) + PACKETSZ, (size_t)n, 
 		      dst_addr_4, netmask, now);
   if (m >= 1)
-    send_from(listen->fd, daemon->options & OPT_NOWILD, (char *)header, m, &source_addr, &dst_addr, if_index);
+    {
+      send_from(listen->fd, daemon->options & OPT_NOWILD, (char *)header, 
+		m, &source_addr, &dst_addr, if_index);
+      daemon->local_answer++;
+    }
+  else if (forward_query(listen->fd, &source_addr, &dst_addr, if_index,
+			 header, (size_t)n, now, NULL))
+    daemon->queries_forwarded++;
   else
-    forward_query(daemon, listen->fd, &source_addr, &dst_addr, if_index,
-		  header, (size_t)n, now, NULL);
+    daemon->local_answer++;
 }
 
 /* The daemon forks before calling this: it should deal with one connection,
    blocking as neccessary, and then return. Note, need to be a bit careful
    about resources for debug mode, when the fork is suppressed: that's
    done by the caller. */
-unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
+unsigned char *tcp_request(int confd, time_t now,
 			   struct in_addr local_addr, struct in_addr netmask)
 {
   int size = 0;
@@ -670,7 +733,7 @@ unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
   unsigned short qtype, gotname;
   unsigned char c1, c2;
   /* Max TCP packet + slop */
-  unsigned char *packet = malloc(65536 + MAXDNAME + RRFIXEDSZ);
+  unsigned char *packet = whine_malloc(65536 + MAXDNAME + RRFIXEDSZ);
   HEADER *header;
   struct server *last_server;
   
@@ -694,20 +757,27 @@ unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
 	  
 	  if (getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) != -1)
 	    {
+	      char types[20];
+
+	      querystr(types, qtype);
+
 	      if (peer_addr.sa.sa_family == AF_INET) 
 		log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, 
-			  (struct all_addr *)&peer_addr.in.sin_addr, qtype, NULL, 0);
+			  (struct all_addr *)&peer_addr.in.sin_addr, types);
 #ifdef HAVE_IPV6
 	      else
 		log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, 
-			  (struct all_addr *)&peer_addr.in6.sin6_addr, qtype, NULL, 0);
+			  (struct all_addr *)&peer_addr.in6.sin6_addr, types);
 #endif
 	    }
 	}
       
       /* m > 0 if answered from cache */
-      m = answer_request(header, ((char *) header) + 65536, (unsigned int)size, daemon, 
+      m = answer_request(header, ((char *) header) + 65536, (unsigned int)size, 
 			 local_addr, netmask, now);
+
+      /* Do this by steam now we're not in the select() loop */
+      check_log_writer(NULL); 
       
       if (m == 0)
 	{
@@ -717,7 +787,7 @@ unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
 	  char *domain = NULL;
 	  
 	  if (gotname)
-	    flags = search_servers(daemon, now, &addrp, gotname, daemon->namebuff, &type, &domain);
+	    flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain);
 	  
 	  if (type != 0  || (daemon->options & OPT_ORDER) || !daemon->last_server)
 	    last_server = daemon->servers;
@@ -752,7 +822,8 @@ unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
 		  
 		  if ((last_server->tcpfd == -1) &&
 		      (last_server->tcpfd = socket(last_server->addr.sa.sa_family, SOCK_STREAM, 0)) != -1 &&
-		      connect(last_server->tcpfd, &last_server->addr.sa, sa_len(&last_server->addr)) == -1)
+		      (!local_bind(last_server->tcpfd,  &last_server->source_addr, last_server->interface, 1) ||
+		       connect(last_server->tcpfd, &last_server->addr.sa, sa_len(&last_server->addr)) == -1))
 		    {
 		      close(last_server->tcpfd);
 		      last_server->tcpfd = -1;
@@ -760,7 +831,7 @@ unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
 		  
 		  if (last_server->tcpfd == -1)	
 		    continue;
-		  
+
 		  c1 = size >> 8;
 		  c2 = size;
 		  
@@ -774,7 +845,7 @@ unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
 		      last_server->tcpfd = -1;
 		      continue;
 		    } 
-	      
+		  
 		  m = (c1 << 8) | c2;
 		  if (!read_write(last_server->tcpfd, packet, m, 1))
 		    return packet;
@@ -783,11 +854,11 @@ unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
 		    strcpy(daemon->namebuff, "query");
 		  if (last_server->addr.sa.sa_family == AF_INET)
 		    log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, 
-			      (struct all_addr *)&last_server->addr.in.sin_addr, 0, NULL, 0); 
+			      (struct all_addr *)&last_server->addr.in.sin_addr, NULL); 
 #ifdef HAVE_IPV6
 		  else
 		    log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, 
-			      (struct all_addr *)&last_server->addr.in6.sin6_addr, 0, NULL, 0);
+			      (struct all_addr *)&last_server->addr.in6.sin6_addr, NULL);
 #endif 
 		  
 		  /* There's no point in updating the cache, since this process will exit and
@@ -797,7 +868,7 @@ unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
 		     someone might be attempting to insert bogus values into the cache by 
 		     sending replies containing questions and bogus answers. */
 		  if (crc == questions_crc(header, (unsigned int)m, daemon->namebuff))
-		    m = process_reply(daemon, header, now, last_server, (unsigned int)m);
+		    m = process_reply(header, now, last_server, (unsigned int)m);
 		  
 		  break;
 		}
@@ -807,6 +878,8 @@ unsigned char *tcp_request(struct daemon *daemon, int confd, time_t now,
 	  if (m == 0)
 	    m = setup_reply(header, (unsigned int)size, addrp, flags, daemon->local_ttl);
 	}
+
+      check_log_writer(NULL);
       
       c1 = m>>8;
       c2 = m;
@@ -821,36 +894,101 @@ static struct frec *allocate_frec(time_t now)
 {
   struct frec *f;
   
-  if ((f = (struct frec *)malloc(sizeof(struct frec))))
+  if ((f = (struct frec *)whine_malloc(sizeof(struct frec))))
     {
-      f->next = frec_list;
+      f->next = daemon->frec_list;
       f->time = now;
       f->sentto = NULL;
-      frec_list = f;
+      f->rfd4 = NULL;
+#ifdef HAVE_IPV6
+      f->rfd6 = NULL;
+#endif
+      daemon->frec_list = f;
     }
 
   return f;
 }
 
+static struct randfd *allocate_rfd(int family)
+{
+  static int finger = 0;
+  int i;
+
+  /* limit the number of sockets we have open to avoid starvation of 
+     (eg) TFTP. Once we have a reasonable number, randomness should be OK */
+
+  for (i = 0; i < RANDOM_SOCKS; i++)
+    if (daemon->randomsocks[i].refcount == 0 && 
+	(daemon->randomsocks[i].fd = random_sock(family)) != -1)
+      {
+	daemon->randomsocks[i].refcount = 1;
+	daemon->randomsocks[i].family = family;
+	return &daemon->randomsocks[i];
+      }
+
+  /* No free ones, grab an existing one */
+  for (i = 0; i < RANDOM_SOCKS; i++)
+    {
+      int j = (i+finger) % RANDOM_SOCKS;
+      if (daemon->randomsocks[j].family == family && daemon->randomsocks[j].refcount != 0xffff)
+	{
+	  finger = j;
+	  daemon->randomsocks[j].refcount++;
+	  return &daemon->randomsocks[j];
+	}
+    }
+
+  return NULL; /* doom */
+}
+
+static void free_frec(struct frec *f)
+{
+  if (f->rfd4 && --(f->rfd4->refcount) == 0)
+    close(f->rfd4->fd);
+    
+  f->rfd4 = NULL;
+  f->sentto = NULL;
+  
+#ifdef HAVE_IPV6
+  if (f->rfd6 && --(f->rfd6->refcount) == 0)
+    close(f->rfd6->fd);
+    
+  f->rfd6 = NULL;
+#endif
+}
+
 /* if wait==NULL return a free or older than TIMEOUT record.
    else return *wait zero if one available, or *wait is delay to
-   when the oldest in-use record will expire. */
-struct frec *get_new_frec(struct daemon *daemon, time_t now, int *wait)
+   when the oldest in-use record will expire. Impose an absolute
+   limit of 4*TIMEOUT before we wipe things (for random sockets) */
+struct frec *get_new_frec(time_t now, int *wait)
 {
-  struct frec *f, *oldest;
+  struct frec *f, *oldest, *target;
   int count;
   
   if (wait)
     *wait = 0;
 
-  for (f = frec_list, oldest = NULL, count = 0; f; f = f->next, count++)
+  for (f = daemon->frec_list, oldest = NULL, target =  NULL, count = 0; f; f = f->next, count++)
     if (!f->sentto)
+      target = f;
+    else 
       {
-	f->time = now;
-	return f;
+	if (difftime(now, f->time) >= 4*TIMEOUT)
+	  {
+	    free_frec(f);
+	    target = f;
+	  }
+	
+	if (!oldest || difftime(f->time, oldest->time) <= 0)
+	  oldest = f;
       }
-    else if (!oldest || difftime(f->time, oldest->time) <= 0)
-      oldest = f;
+
+  if (target)
+    {
+      target->time = now;
+      return target;
+    }
   
   /* can't find empty one, use oldest if there is one
      and it's older than timeout */
@@ -865,7 +1003,7 @@ struct frec *get_new_frec(struct daemon *daemon, time_t now, int *wait)
 
       if (!wait)
 	{
-	  oldest->sentto = 0;
+	  free_frec(oldest);
 	  oldest->time = now;
 	}
       return oldest;
@@ -891,7 +1029,7 @@ static struct frec *lookup_frec(unsigned short id, unsigned int crc)
 {
   struct frec *f;
 
-  for(f = frec_list; f; f = f->next)
+  for(f = daemon->frec_list; f; f = f->next)
     if (f->sentto && f->new_id == id && 
 	(f->crc == crc || crc == 0xffffffff))
       return f;
@@ -905,7 +1043,7 @@ static struct frec *lookup_frec_by_sender(unsigned short id,
 {
   struct frec *f;
   
-  for(f = frec_list; f; f = f->next)
+  for(f = daemon->frec_list; f; f = f->next)
     if (f->sentto &&
 	f->orig_id == id && 
 	f->crc == crc &&
@@ -916,13 +1054,13 @@ static struct frec *lookup_frec_by_sender(unsigned short id,
 }
 
 /* A server record is going away, remove references to it */
-void server_gone(struct daemon *daemon, struct server *server)
+void server_gone(struct server *server)
 {
   struct frec *f;
   
-  for (f = frec_list; f; f = f->next)
+  for (f = daemon->frec_list; f; f = f->next)
     if (f->sentto && f->sentto == server)
-      f->sentto = NULL;
+      free_frec(f);
   
   if (daemon->last_server == server)
     daemon->last_server = NULL;
@@ -943,7 +1081,7 @@ static unsigned short get_id(int force, unsigned short force_id, unsigned int cr
     {
       struct frec *f = lookup_frec(force_id, crc);
       if (f)
-	f->sentto = NULL; /* free */
+	free_frec(f); /* free */
       ret = force_id;
     }
   else do 

src/helper.c

@@ -1,13 +1,17 @@
-/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
@@ -24,70 +28,91 @@
    main process.
 */
 
+#ifndef NO_FORK
+
+static void my_setenv(const char *name, const char *value, int *error);
+ 
 struct script_data
 {
   unsigned char action, hwaddr_len, hwaddr_type;
   unsigned char clid_len, hostname_len, uclass_len, vclass_len;
   struct in_addr addr;
+  unsigned int remaining_time;
 #ifdef HAVE_BROKEN_RTC
   unsigned int length;
 #else
   time_t expires;
 #endif
   unsigned char hwaddr[DHCP_CHADDR_MAX];
+  char interface[IF_NAMESIZE];
 };
 
-static struct script_data *buf;
-static size_t bytes_in_buf, buf_size;
+static struct script_data *buf = NULL;
+static size_t bytes_in_buf = 0, buf_size = 0;
 
-int create_helper(struct daemon *daemon)
+int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 {
   pid_t pid;
   int i, pipefd[2];
   struct sigaction sigact;
 
-  buf = NULL;
-  buf_size = bytes_in_buf = 0;
-
-  if (!daemon->dhcp || !daemon->lease_change_command)
-    return -1;
-
   /* create the pipe through which the main program sends us commands,
-   then fork our process. */
+     then fork our process. */
   if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
-    return -1;
-  
+    {
+      send_event(err_fd, EVENT_PIPE_ERR, errno);
+      _exit(0);
+    }
+
   if (pid != 0)
     {
       close(pipefd[0]); /* close reader side */
       return pipefd[1];
     }
 
-  /* ignore SIGTERM, so that we can clean up when the main process gets hit */
+  /* ignore SIGTERM, so that we can clean up when the main process gets hit
+     and SIGALRM so that we can use sleep() */
   sigact.sa_handler = SIG_IGN;
   sigact.sa_flags = 0;
   sigemptyset(&sigact.sa_mask);
   sigaction(SIGTERM, &sigact, NULL);
+  sigaction(SIGALRM, &sigact, NULL);
 
-  /* close all the sockets etc, we don't need them here */
-  for (i = 0; i < 64; i++)
-    if (i != STDOUT_FILENO && i != STDERR_FILENO && 
-	i != STDIN_FILENO && i != pipefd[0])
-      close(i);
+  if (!(daemon->options & OPT_DEBUG) && uid != 0)
+    {
+      gid_t dummy;
+      if (setgroups(0, &dummy) == -1 || 
+	  setgid(gid) == -1 || 
+	  setuid(uid) == -1)
+	{
+	  if (daemon->options & OPT_NO_FORK)
+	    /* send error to daemon process if no-fork */
+	    send_event(event_fd, EVENT_HUSER_ERR, errno);
+	  else
+	    {
+	      /* kill daemon */
+	      send_event(event_fd, EVENT_DIE, 0);
+	      /* return error */
+	      send_event(err_fd, EVENT_HUSER_ERR, errno);;
+	    }
+	  _exit(0);
+	}
+    }
 
-  /* we open our own log connection. */
-  log_start(daemon);
+  /* close all the sockets etc, we don't need them here. This closes err_fd, so that
+     main process can return. */
+  for (max_fd--; max_fd > 0; max_fd--)
+    if (max_fd != STDOUT_FILENO && max_fd != STDERR_FILENO && 
+	max_fd != STDIN_FILENO && max_fd != pipefd[0] && max_fd != event_fd)
+      close(max_fd);
   
-  /* don't give our end of the pipe to our children */
-  if ((i = fcntl(pipefd[0], F_GETFD)) != -1)
-    fcntl(pipefd[0], F_SETFD, i | FD_CLOEXEC); 
-      
   /* loop here */
   while(1)
     {
       struct script_data data;
       char *p, *action_str, *hostname = NULL;
       unsigned char *buf = (unsigned char *)daemon->namebuff;
+      int err = 0;
 
       /* we read zero bytes when pipe closed: this is our signal to exit */ 
       if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
@@ -133,32 +158,49 @@ int create_helper(struct daemon *daemon)
       if (!read_write(pipefd[0], buf, data.hostname_len + data.uclass_len + data.vclass_len, 1))
 	continue;
       
-      if ((pid = fork()) == -1)
-	continue;
+      /* possible fork errors are all temporary resource problems */
+      while ((pid = fork()) == -1 && (errno == EAGAIN || errno == ENOMEM))
+	sleep(2);
       
+      if (pid == -1)
+	continue;
+	  
       /* wait for child to complete */
       if (pid != 0)
 	{
-	  int status;
-	  waitpid(pid, &status, 0);
-	  if (WIFSIGNALED(status))
-	    syslog(LOG_WARNING, _("child process killed by signal %d"), WTERMSIG(status));
-	  else if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
-	    syslog(LOG_WARNING, _("child process exited with status %d"), WEXITSTATUS(status));
+	  /* reap our children's children, if necessary */
+	  while (1)
+	    {
+	      int status;
+	      pid_t rc = wait(&status);
+	      
+	      if (rc == pid)
+		{
+		  /* On error send event back to main process for logging */
+		  if (WIFSIGNALED(status))
+		    send_event(event_fd, EVENT_KILLED, WTERMSIG(status));
+		  else if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
+		    send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status));
+		  break;
+		}
+	      
+	      if (rc == -1 && errno != EINTR)
+		break;
+	    }
+	  
 	  continue;
 	}
       
       if (data.clid_len != 0)
-	setenv("DNSMASQ_CLIENT_ID", daemon->packet, 1);
-      else
-	unsetenv("DNSMASQ_CLIENT_ID");
-      
+	my_setenv("DNSMASQ_CLIENT_ID", daemon->packet, &err);
+
+      if (strlen(data.interface) != 0)
+	my_setenv("DNSMASQ_INTERFACE", data.interface, &err);
+            
 #ifdef HAVE_BROKEN_RTC
-      setenv("DNSMASQ_LEASE_LENGTH", daemon->dhcp_buff2, 1);
-      unsetenv("DNSMASQ_LEASE_EXPIRES");
+      my_setenv("DNSMASQ_LEASE_LENGTH", daemon->dhcp_buff2, &err);
 #else
-      setenv("DNSMASQ_LEASE_EXPIRES", daemon->dhcp_buff2, 1); 
-      unsetenv("DNSMASQ_LEASE_LENGTH");
+      my_setenv("DNSMASQ_LEASE_EXPIRES", daemon->dhcp_buff2, &err); 
 #endif
       
       if (data.vclass_len != 0)
@@ -167,11 +209,9 @@ int create_helper(struct daemon *daemon)
 	  /* cannot have = chars in env - truncate if found . */
 	  if ((p = strchr((char *)buf, '=')))
 	    *p = 0;
-	  setenv("DNSMASQ_VENDOR_CLASS", (char *)buf, 1);
+	  my_setenv("DNSMASQ_VENDOR_CLASS", (char *)buf, &err);
 	  buf += data.vclass_len;
 	}
-      else 
-	unsetenv("DNSMASQ_VENDOR_CLASS");
       
       if (data.uclass_len != 0)
 	{
@@ -186,45 +226,80 @@ int create_helper(struct daemon *daemon)
 	      if (strlen((char *)buf) != 0)
 		{
 		  sprintf(daemon->dhcp_buff2, "DNSMASQ_USER_CLASS%i", i++);
-		  setenv(daemon->dhcp_buff2, (char *)buf, 1);
+		  my_setenv(daemon->dhcp_buff2, (char *)buf, &err);
 		}
 	      buf += len;
 	    }
 	}
       
+      sprintf(daemon->dhcp_buff2, "%u ", data.remaining_time);
+      my_setenv("DNSMASQ_TIME_REMAINING", daemon->dhcp_buff2, &err);
+      
       if (data.hostname_len != 0)
 	{
 	  hostname = (char *)buf;
 	  hostname[data.hostname_len - 1] = 0;
-	  canonicalise(hostname);
+	  if (!canonicalise(hostname))
+	    hostname = NULL;
 	}
       
       if (data.action == ACTION_OLD_HOSTNAME && hostname)
 	{
-	  setenv("DNSMASQ_OLD_HOSTNAME", hostname, 1);
+	  my_setenv("DNSMASQ_OLD_HOSTNAME", hostname, &err);
 	  hostname = NULL;
 	}
-      else
-	unsetenv("DNSMASQ_OLD_HOSTNAME");
-      
+
+      /* we need to have the event_fd around if exec fails */
+      if ((i = fcntl(event_fd, F_GETFD)) != -1)
+	fcntl(event_fd, F_SETFD, i | FD_CLOEXEC);
+      close(pipefd[0]);
+
       p =  strrchr(daemon->lease_change_command, '/');
-      execl(daemon->lease_change_command, 
-	    p ? p+1 : daemon->lease_change_command,
-	    action_str, daemon->dhcp_buff, inet_ntoa(data.addr), hostname, (char*)NULL);
-      
-      /* log socket should still be open, right? */
-      syslog(LOG_ERR, _("failed to execute %s: %m"), 
-	     daemon->lease_change_command);
+      if (err == 0)
+	{
+	  execl(daemon->lease_change_command, 
+		p ? p+1 : daemon->lease_change_command,
+		action_str, daemon->dhcp_buff, inet_ntoa(data.addr), hostname, (char*)NULL);
+	  err = errno;
+	}
+      /* failed, send event so the main process logs the problem */
+      send_event(event_fd, EVENT_EXEC_ERR, err);
       _exit(0); 
     }
 }
 
+static void my_setenv(const char *name, const char *value, int *error)
+{
+  if (*error == 0)
+    {
+#if defined(HAVE_SOLARIS_NETWORK) && !defined(HAVE_SOLARIS_PRIVS)
+      /* old Solaris is missing setenv..... */
+      char *p;
+      
+      if (!(p = malloc(strlen(name) + strlen(value) + 2)))
+	*error = ENOMEM;
+      else
+	{
+	  strcpy(p, name);
+	  strcat(p, "=");
+	  strcat(p, value);
+	  
+	  if (putenv(p) != 0)
+	    *error = errno;
+	}
+#else
+      if (setenv(name, value, 1) != 0)
+	*error = errno;
+#endif
+    }
+}
+ 
 /* pack up lease data into a buffer */    
-void queue_script(struct daemon *daemon, int action, struct dhcp_lease *lease, char *hostname)
+void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now)
 {
   unsigned char *p;
   size_t size;
-  unsigned int hostname_len = 0, clid_len = 0, vclass_len = 0, uclass_len = 0;
+  unsigned int i, hostname_len = 0, clid_len = 0, vclass_len = 0, uclass_len = 0;
 
   /* no script */
   if (daemon->helperfd == -1)
@@ -249,7 +324,7 @@ void queue_script(struct daemon *daemon, int action, struct dhcp_lease *lease, c
       if (size < sizeof(struct script_data) + 200)
 	size = sizeof(struct script_data) + 200;
 
-      if (!(new = malloc(size)))
+      if (!(new = whine_malloc(size)))
 	return;
       if (buf)
 	free(buf);
@@ -266,34 +341,50 @@ void queue_script(struct daemon *daemon, int action, struct dhcp_lease *lease, c
   buf->hostname_len = hostname_len;
   buf->addr = lease->addr;
   memcpy(buf->hwaddr, lease->hwaddr, lease->hwaddr_len);
+  buf->interface[0] = 0;
+#ifdef HAVE_LINUX_NETWORK
+  if (lease->last_interface != 0)
+    {
+      struct ifreq ifr;
+      ifr.ifr_ifindex = lease->last_interface;
+      if (ioctl(daemon->dhcpfd, SIOCGIFNAME, &ifr) != -1)
+	strncpy(buf->interface, ifr.ifr_name, IF_NAMESIZE);
+    }
+#else
+  if (lease->last_interface != 0)
+    if_indextoname(lease->last_interface, buf->interface);
+#endif
+  
 #ifdef HAVE_BROKEN_RTC 
   buf->length = lease->length;
 #else
   buf->expires = lease->expires;
 #endif
- 
+  buf->remaining_time = (unsigned int)difftime(lease->expires, now);
+
   p = (unsigned char *)(buf+1);
-  if (buf->clid_len != 0)
+  if (clid_len != 0)
     {
       memcpy(p, lease->clid, clid_len);
       p += clid_len;
     }
-  if (buf->vclass_len != 0)
+  if (vclass_len != 0)
     {
       memcpy(p, lease->vendorclass, vclass_len);
       p += vclass_len;
     }
-  if (buf->uclass_len != 0)
+  if (uclass_len != 0)
     {
       memcpy(p, lease->userclass, uclass_len);
       p += uclass_len;
     }
-  if (buf->hostname_len != 0)
-    {
-      memcpy(p, hostname, hostname_len);
-      p += hostname_len;
-    }
-
+  /* substitute * for space */
+  for (i = 0; i < hostname_len; i++)
+    if ((daemon->options & OPT_LEASE_RO) && hostname[i] == ' ')
+      *(p++) = '*';
+    else
+      *(p++) = hostname[i];
+  
   bytes_in_buf = p - (unsigned char *)buf;
 }
 
@@ -302,7 +393,7 @@ int helper_buf_empty(void)
   return bytes_in_buf == 0;
 }
 
-void helper_write(struct daemon *daemon)
+void helper_write(void)
 {
   ssize_t rc;
 
@@ -323,5 +414,6 @@ void helper_write(struct daemon *daemon)
     }
 }
 
+#endif
 
 

src/isc.c

@@ -1,13 +1,17 @@
-/* dnsmasq is Copyright (c) 2000 - 2005 by Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 
@@ -57,7 +61,7 @@ static int next_token (char *token, int buffsize, FILE * fp)
   return count ? 1 : 0;
 }
 
-void load_dhcp(struct daemon *daemon, time_t now)
+void load_dhcp(time_t now)
 {
   char *hostname = daemon->namebuff;
   char token[MAXTOK], *dot;
@@ -70,7 +74,7 @@ void load_dhcp(struct daemon *daemon, time_t now)
   if (stat(daemon->lease_file, &statbuf) == -1)
     {
       if (!logged_lease)
-	syslog(LOG_WARNING, _("failed to access %s: %m"), daemon->lease_file);
+	my_syslog(LOG_WARNING, _("failed to access %s: %s"), daemon->lease_file, strerror(errno));
       logged_lease = 1;
       return;
     }
@@ -86,11 +90,11 @@ void load_dhcp(struct daemon *daemon, time_t now)
   
   if (!(fp = fopen (daemon->lease_file, "r")))
     {
-      syslog (LOG_ERR, _("failed to load %s: %m"), daemon->lease_file);
+      my_syslog (LOG_ERR, _("failed to load %s: %s"), daemon->lease_file, strerror(errno));
       return;
     }
   
-  syslog (LOG_INFO, _("reading %s"), daemon->lease_file);
+  my_syslog (LOG_INFO, _("reading %s"), daemon->lease_file);
 
   while ((next_token(token, MAXTOK, fp)))
     {
@@ -112,7 +116,7 @@ void load_dhcp(struct daemon *daemon, time_t now)
 			    if (!canonicalise(hostname))
 			      {
 				*hostname = 0;
-				syslog(LOG_ERR, _("bad name in %s"), daemon->lease_file); 
+				my_syslog(LOG_ERR, _("bad name in %s"), daemon->lease_file); 
 			      }
 			}
                       else if ((strcmp(token, "ends") == 0) ||
@@ -173,9 +177,9 @@ void load_dhcp(struct daemon *daemon, time_t now)
 		    { 
 		      if (!daemon->domain_suffix || hostname_isequal(dot+1, daemon->domain_suffix))
 			{
-			  syslog(LOG_WARNING, 
-				 _("Ignoring DHCP lease for %s because it has an illegal domain part"), 
-				 hostname);
+			  my_syslog(LOG_WARNING, 
+				    _("Ignoring DHCP lease for %s because it has an illegal domain part"), 
+				    hostname);
 			  continue;
 			}
 		      *dot = 0;
@@ -189,20 +193,20 @@ void load_dhcp(struct daemon *daemon, time_t now)
 			break;
 		      }
 
-		  if (!lease && (lease = malloc(sizeof(struct isc_lease))))
+		  if (!lease && (lease = whine_malloc(sizeof(struct isc_lease))))
 		    {
 		      lease->expires = ttd;
 		      lease->addr = host_address;
 		      lease->fqdn =  NULL;
 		      lease->next = leases;
-		      if (!(lease->name = malloc(strlen(hostname)+1)))
+		      if (!(lease->name = whine_malloc(strlen(hostname)+1)))
 			free(lease);
 		      else
 			{
 			  leases = lease;
 			  strcpy(lease->name, hostname);
 			  if (daemon->domain_suffix && 
-			      (lease->fqdn = malloc(strlen(hostname) + strlen(daemon->domain_suffix) + 2)))
+			      (lease->fqdn = whine_malloc(strlen(hostname) + strlen(daemon->domain_suffix) + 2)))
 			    {
 			      strcpy(lease->fqdn, hostname);
 			      strcat(lease->fqdn, ".");
@@ -239,8 +243,8 @@ void load_dhcp(struct daemon *daemon, time_t now)
 
   for (lease = leases; lease; lease = lease->next)
     {
-      cache_add_dhcp_entry(daemon, lease->fqdn, &lease->addr, lease->expires);
-      cache_add_dhcp_entry(daemon, lease->name, &lease->addr, lease->expires);
+      cache_add_dhcp_entry(lease->fqdn, &lease->addr, lease->expires);
+      cache_add_dhcp_entry(lease->name, &lease->addr, lease->expires);
     }
 }
 

src/lease.c

@@ -1,29 +1,37 @@
-/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
 
-static struct dhcp_lease *leases, *old_leases;
+static struct dhcp_lease *leases = NULL, *old_leases = NULL;
 static int dns_dirty, file_dirty, leases_left;
 
-void lease_init(struct daemon *daemon, time_t now)
+void lease_init(time_t now)
 {
   unsigned long ei;
   struct in_addr addr;
   struct dhcp_lease *lease;
-  int flags, clid_len, hw_len, hw_type;
+  int clid_len, hw_len, hw_type;
   FILE *leasestream;
   
-  leases = old_leases = NULL;
+  /* These two each hold a DHCP option max size 255
+     and get a terminating zero added */
+  daemon->dhcp_buff = safe_malloc(256);
+  daemon->dhcp_buff2 = safe_malloc(256); 
+  
   leases_left = daemon->dhcp_max;
 
   if (daemon->options & OPT_LEASE_RO)
@@ -47,11 +55,7 @@ void lease_init(struct daemon *daemon, time_t now)
       leasestream = daemon->lease_stream = fopen(daemon->lease_file, "a+");
       
       if (!leasestream)
-	die(_("cannot open or create lease file %s: %s"), daemon->lease_file);
-      
-      flags = fcntl(fileno(leasestream), F_GETFD);
-      if (flags != -1)
-	fcntl(fileno(leasestream), F_SETFD, flags | FD_CLOEXEC); 
+	die(_("cannot open or create lease file %s: %s"), daemon->lease_file, EC_FILE);
       
       /* a+ mode lease pointer at end. */
       rewind(leasestream);
@@ -77,10 +81,8 @@ void lease_init(struct daemon *daemon, time_t now)
 	  clid_len = parse_hex(daemon->packet, (unsigned char *)daemon->packet, 255, NULL, NULL);
 	
 	if (!(lease = lease_allocate(addr)))
-	  die (_("too many stored leases"), NULL);
-	/* not actually new */
-	lease->new = 0;
-	
+	  die (_("too many stored leases"), NULL, EC_MISC);
+       	
 #ifdef HAVE_BROKEN_RTC
 	if (ei != 0)
 	  lease->expires = (time_t)ei + now;
@@ -96,7 +98,17 @@ void lease_init(struct daemon *daemon, time_t now)
 	lease_set_hwaddr(lease, (unsigned char *)daemon->dhcp_buff2, (unsigned char *)daemon->packet, hw_len, hw_type, clid_len);
 	
 	if (strcmp(daemon->dhcp_buff, "*") !=  0)
-	  lease_set_hostname(lease, daemon->dhcp_buff, daemon->domain_suffix, 0);
+	  {
+	    char *p;
+	    /* unprotect spaces */
+	    for (p = strchr(daemon->dhcp_buff, '*'); p; p = strchr(p, '*'))
+	      *p = ' ';
+	    lease_set_hostname(lease, daemon->dhcp_buff, daemon->domain_suffix, 0);
+	  }
+
+	/* set these correctly: the "old" events are generated later from
+	   the startup synthesised SIGHUP. */
+	lease->new = lease->changed = 0;
       }
   
   if (!daemon->lease_stream)
@@ -110,13 +122,13 @@ void lease_init(struct daemon *daemon, time_t now)
 	    errno = ENOENT;
 	  else if (WEXITSTATUS(rc) == 126)
 	    errno = EACCES;
-	  die(_("cannot run lease-init script %s: %s"), daemon->lease_change_command);
+	  die(_("cannot run lease-init script %s: %s"), daemon->lease_change_command, EC_FILE);
 	}
       
       if (WEXITSTATUS(rc) != 0)
 	{
 	  sprintf(daemon->dhcp_buff, "%d", WEXITSTATUS(rc));
-	  die(_("lease-init script returned exit code %s"), daemon->dhcp_buff);
+	  die(_("lease-init script returned exit code %s"), daemon->dhcp_buff, WEXITSTATUS(rc) + EC_INIT_OFFSET);
 	}
     }
 
@@ -126,7 +138,7 @@ void lease_init(struct daemon *daemon, time_t now)
   dns_dirty = 1;
 }
 
-void lease_update_from_configs(struct daemon *daemon)
+void lease_update_from_configs(void)
 {
   /* changes to the config may change current leases. */
   
@@ -140,11 +152,11 @@ void lease_update_from_configs(struct daemon *daemon)
 	(config->flags & CONFIG_NAME) &&
 	(!(config->flags & CONFIG_ADDR) || config->addr.s_addr == lease->addr.s_addr))
       lease_set_hostname(lease, config->hostname, daemon->domain_suffix, 1);
-    else if ((name = host_from_dns(daemon, lease->addr)))
+    else if ((name = host_from_dns(lease->addr)))
       lease_set_hostname(lease, name, daemon->domain_suffix, 1); /* updates auth flag only */
 }
 
-static void ourprintf(struct daemon *daemon, int *errp, char *format, ...)
+static void ourprintf(int *errp, char *format, ...)
 {
   va_list ap;
   
@@ -154,11 +166,12 @@ static void ourprintf(struct daemon *daemon, int *errp, char *format, ...)
   va_end(ap);
 }
 
-void lease_update_file(struct daemon *daemon, time_t now)
+void lease_update_file(time_t now)
 {
   struct dhcp_lease *lease;
   time_t next_event;
   int i, err = 0;
+  char *p;
 
   if (file_dirty != 0 && daemon->lease_stream)
     {
@@ -170,29 +183,37 @@ void lease_update_file(struct daemon *daemon, time_t now)
       for (lease = leases; lease; lease = lease->next)
 	{
 #ifdef HAVE_BROKEN_RTC
-	  ourprintf(daemon, &err, "%u ", lease->length);
+	  ourprintf(&err, "%u ", lease->length);
 #else
-	  ourprintf(daemon, &err, "%lu ", (unsigned long)lease->expires);
+	  ourprintf(&err, "%lu ", (unsigned long)lease->expires);
 #endif
 	  if (lease->hwaddr_type != ARPHRD_ETHER || lease->hwaddr_len == 0) 
-	    ourprintf(daemon, &err, "%.2x-", lease->hwaddr_type);
+	    ourprintf(&err, "%.2x-", lease->hwaddr_type);
 	  for (i = 0; i < lease->hwaddr_len; i++)
 	    {
-	      ourprintf(daemon, &err, "%.2x", lease->hwaddr[i]);
+	      ourprintf(&err, "%.2x", lease->hwaddr[i]);
 	      if (i != lease->hwaddr_len - 1)
-		ourprintf(daemon, &err, ":");
+		ourprintf(&err, ":");
 	    }
-	  ourprintf(daemon, &err, " %s %s ", inet_ntoa(lease->addr),
-		    lease->hostname && strlen(lease->hostname) != 0 ? lease->hostname : "*");
+
+	  ourprintf(&err, " %s ", inet_ntoa(lease->addr));
+	  
+	  /* substitute * for space: "*" is an illegal name, as is " " */
+	  if (lease->hostname)
+	    for (p = lease->hostname; *p; p++)
+	      ourprintf(&err, "%c", *p == ' ' ? '*' : *p);
+	  else
+	    ourprintf(&err, "*");
+	  ourprintf(&err, " ");
 	  
 	  if (lease->clid && lease->clid_len != 0)
 	    {
 	      for (i = 0; i < lease->clid_len - 1; i++)
-		ourprintf(daemon, &err, "%.2x:", lease->clid[i]);
-	      ourprintf(daemon, &err, "%.2x\n", lease->clid[i]);
+		ourprintf(&err, "%.2x:", lease->clid[i]);
+	      ourprintf(&err, "%.2x\n", lease->clid[i]);
 	    }
 	  else
-	    ourprintf(daemon, &err, "*\n");	  
+	    ourprintf(&err, "*\n");	  
 	}
       
       if (fflush(daemon->lease_stream) != 0 ||
@@ -214,27 +235,27 @@ void lease_update_file(struct daemon *daemon, time_t now)
       if (next_event == 0 || difftime(next_event, LEASE_RETRY + now) > 0.0)
 	next_event = LEASE_RETRY + now;
       
-      syslog(LOG_ERR, _("failed to write %s: %s (retry in %us)"), 
-	     daemon->lease_file, strerror(err),
-	     (unsigned int)difftime(next_event, now));
+      my_syslog(LOG_ERR, _("failed to write %s: %s (retry in %us)"), 
+		daemon->lease_file, strerror(err),
+		(unsigned int)difftime(next_event, now));
     }
 
   if (next_event != 0)
     alarm((unsigned)difftime(next_event, now)); 
 }
 
-void lease_update_dns(struct daemon *daemon)
+void lease_update_dns(void)
 {
   struct dhcp_lease *lease;
   
-  if (dns_dirty)
+  if (daemon->port != 0 && dns_dirty)
     {
       cache_unhash_dhcp();
       
       for (lease = leases; lease; lease = lease->next)
 	{
-	  cache_add_dhcp_entry(daemon, lease->fqdn, &lease->addr, lease->expires);
-	  cache_add_dhcp_entry(daemon, lease->hostname, &lease->addr, lease->expires);
+	  cache_add_dhcp_entry(lease->fqdn, &lease->addr, lease->expires);
+	  cache_add_dhcp_entry(lease->hostname, &lease->addr, lease->expires);
 	}
       
       dns_dirty = 0;
@@ -306,7 +327,7 @@ struct dhcp_lease *lease_find_by_addr(struct in_addr addr)
 struct dhcp_lease *lease_allocate(struct in_addr addr)
 {
   struct dhcp_lease *lease;
-  if (!leases_left || !(lease = malloc(sizeof(struct dhcp_lease))))
+  if (!leases_left || !(lease = whine_malloc(sizeof(struct dhcp_lease))))
     return NULL;
 
   memset(lease, 0, sizeof(struct dhcp_lease));
@@ -378,9 +399,8 @@ void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
       if (lease->clid_len != clid_len)
 	{
 	  lease->aux_changed = file_dirty = 1;
-	  if (lease->clid)
-	    free(lease->clid);
-	  if (!(lease->clid = malloc(clid_len)))
+	  free(lease->clid);
+	  if (!(lease->clid = whine_malloc(clid_len)))
 	    return;
 	}
       else if (memcmp(lease->clid, clid, clid_len) != 0)
@@ -420,8 +440,7 @@ void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix, int
 	      return;
 	    /* this shouldn't happen unless updates are very quick and the
 	       script very slow, we just avoid a memory leak if it does. */
-	    if (lease_tmp->old_hostname)
-	      free(lease_tmp->old_hostname);
+	    free(lease_tmp->old_hostname);
 	    lease_tmp->old_hostname = lease_tmp->hostname;
 	    lease_tmp->hostname = NULL;
 	    if (lease_tmp->fqdn)
@@ -432,10 +451,10 @@ void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix, int
 	    break;
 	  }
      
-      if (!new_name && (new_name = malloc(strlen(name) + 1)))
+      if (!new_name && (new_name = whine_malloc(strlen(name) + 1)))
 	strcpy(new_name, name);
       
-      if (suffix && !new_fqdn && (new_fqdn = malloc(strlen(name) + strlen(suffix) + 2)))
+      if (suffix && !new_fqdn && (new_fqdn = whine_malloc(strlen(name) + strlen(suffix) + 2)))
 	{
 	  strcpy(new_fqdn, name);
 	  strcat(new_fqdn, ".");
@@ -446,13 +465,11 @@ void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix, int
   if (lease->hostname)
     {
       /* run script to say we lost our old name */
-      if (lease->old_hostname)
-	free(lease->old_hostname);
+      free(lease->old_hostname);
       lease->old_hostname = lease->hostname;
     }
 
-  if (lease->fqdn)
-    free(lease->fqdn);
+  free(lease->fqdn);
   
   lease->hostname = new_name;
   lease->fqdn = new_fqdn;
@@ -463,12 +480,29 @@ void lease_set_hostname(struct dhcp_lease *lease, char *name, char *suffix, int
   lease->changed = 1; /* run script on change */
 }
 
+void lease_set_interface(struct dhcp_lease *lease, int interface)
+{
+  if (lease->last_interface == interface)
+    return;
+
+  lease->last_interface = interface;
+  lease->changed = 1;
+}
+
+void rerun_scripts(void)
+{
+  struct dhcp_lease *lease;
+  
+  for (lease = leases; lease; lease = lease->next)
+    lease->changed = 1;
+}
+
 /* deleted leases get transferred to the old_leases list.
    remove them here, after calling the lease change
    script. Also run the lease change script on new/modified leases.
 
    Return zero if nothing to do. */
-int do_script_run(struct daemon *daemon)
+int do_script_run(time_t now)
 {
   struct dhcp_lease *lease;
 
@@ -479,26 +513,25 @@ int do_script_run(struct daemon *daemon)
       /* If the lease still has an old_hostname, do the "old" action on that first */
       if (lease->old_hostname)
 	{
-	  queue_script(daemon, ACTION_OLD_HOSTNAME, lease, lease->old_hostname);
+#ifndef NO_FORK
+	  queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now);
+#endif
 	  free(lease->old_hostname);
 	  lease->old_hostname = NULL;
 	  return 1;
 	}
       else 
 	{
-	  queue_script(daemon, ACTION_DEL, lease, lease->hostname);
+#ifndef NO_FORK
+	  queue_script(ACTION_DEL, lease, lease->hostname, now);
+#endif
 	  old_leases = lease->next;
 	  
-	  if (lease->hostname)
-	    free(lease->hostname); 
-	  if (lease->fqdn)
-	    free(lease->fqdn);
-	  if (lease->clid)
-	    free(lease->clid);
-	  if (lease->vendorclass)
-	    free(lease->vendorclass);
-	  if (lease->userclass)
-	    free(lease->userclass);
+	  free(lease->hostname); 
+	  free(lease->fqdn);
+	  free(lease->clid);
+	  free(lease->vendorclass);
+	  free(lease->userclass);
 	  free(lease);
 	    
 	  return 1; 
@@ -509,7 +542,9 @@ int do_script_run(struct daemon *daemon)
   for (lease = leases; lease; lease = lease->next)
     if (lease->old_hostname)
       {	
-	queue_script(daemon, ACTION_OLD_HOSTNAME, lease, lease->old_hostname);
+#ifndef NO_FORK
+	queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now);
+#endif
 	free(lease->old_hostname);
 	lease->old_hostname = NULL;
 	return 1;
@@ -519,21 +554,18 @@ int do_script_run(struct daemon *daemon)
     if (lease->new || lease->changed || 
 	(lease->aux_changed && (daemon->options & OPT_LEASE_RO)))
       {
-	queue_script(daemon, lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname);
+#ifndef NO_FORK
+	queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now);
+#endif
 	lease->new = lease->changed = lease->aux_changed = 0;
 	
 	/* these are used for the "add" call, then junked, since they're not in the database */
-	if (lease->vendorclass)
-	  {
-	    free(lease->vendorclass);
-	    lease->vendorclass = NULL;
-	  }
-	if (lease->userclass)
-	  {
-	    free(lease->userclass);
-	    lease->userclass = NULL;
-	  }
+	free(lease->vendorclass);
+	lease->vendorclass = NULL;
 	
+	free(lease->userclass);
+	lease->userclass = NULL;
+		
 	return 1;
       }
 

src/log.c

@@ -0,0 +1,406 @@
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+/* Implement logging to /dev/log asynchronously. If syslogd is 
+   making DNS lookups through dnsmasq, and dnsmasq blocks awaiting
+   syslogd, then the two daemons can deadlock. We get around this
+   by not blocking when talking to syslog, instead we queue up to 
+   MAX_LOGS messages. If more are queued, they will be dropped,
+   and the drop event itself logged. */
+
+/* The "wire" protocol for logging is defined in RFC 3164 */
+
+/* From RFC 3164 */
+#define MAX_MESSAGE 1024
+
+/* defaults in case we die() before we log_start() */
+static int log_fac = LOG_DAEMON;
+static int log_stderr = 0; 
+static int log_fd = -1;
+static int log_to_file = 0;
+static int entries_alloced = 0;
+static int entries_lost = 0;
+static int connection_good = 1;
+static int max_logs = 0;
+static int connection_type = SOCK_DGRAM;
+
+struct log_entry {
+  int offset, length;
+  pid_t pid; /* to avoid duplicates over a fork */
+  struct log_entry *next;
+  char payload[MAX_MESSAGE];
+};
+
+static struct log_entry *entries = NULL;
+static struct log_entry *free_entries = NULL;
+
+
+int log_start(struct passwd *ent_pw, int errfd)
+{
+  int ret = 0;
+
+  log_stderr = !!(daemon->options & OPT_DEBUG);
+
+  if (daemon->log_fac != -1)
+    log_fac = daemon->log_fac;
+#ifdef LOG_LOCAL0
+  else if (daemon->options & OPT_DEBUG)
+    log_fac = LOG_LOCAL0;
+#endif
+
+  if (daemon->log_file)
+    { 
+      log_to_file = 1;
+      daemon->max_logs = 0;
+    }
+  
+  max_logs = daemon->max_logs;
+
+  if (!log_reopen(daemon->log_file))
+    {
+      send_event(errfd, EVENT_LOG_ERR, errno);
+      _exit(0);
+    }
+
+  /* if queuing is inhibited, make sure we allocate
+     the one required buffer now. */
+  if (max_logs == 0)
+    {  
+      free_entries = safe_malloc(sizeof(struct log_entry));
+      free_entries->next = NULL;
+      entries_alloced = 1;
+    }
+
+  /* If we're running as root and going to change uid later,
+     change the ownership here so that the file is always owned by
+     the dnsmasq user. Then logrotate can just copy the owner.
+     Failure of the chown call is OK, (for instance when started as non-root) */
+  if (log_to_file && ent_pw && ent_pw->pw_uid != 0 && 
+      fchown(log_fd, ent_pw->pw_uid, -1) != 0)
+    ret = errno;
+
+  return ret;
+}
+
+int log_reopen(char *log_file)
+{
+  if (log_fd != -1)
+    close(log_fd);
+
+  /* NOTE: umask is set to 022 by the time this gets called */
+     
+  if (log_file)
+    {
+      log_fd = open(log_file, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);
+      return log_fd != -1;
+    }
+  else
+#ifdef HAVE_SOLARIS_NETWORK
+    /* Solaris logging is "different", /dev/log is not unix-domain socket.
+       Just leave log_fd == -1 and use the vsyslog call for everything.... */
+#   define _PATH_LOG ""  /* dummy */
+    log_fd = -1;
+#else
+    {
+       int flags;
+       log_fd = socket(AF_UNIX, connection_type, 0);
+      
+      if (log_fd == -1)
+	return 0;
+      
+      /* if max_logs is zero, leave the socket blocking */
+      if (max_logs != 0 && (flags = fcntl(log_fd, F_GETFL)) != -1)
+	fcntl(log_fd, F_SETFL, flags | O_NONBLOCK);
+    }
+#endif
+
+  return 1;
+}
+
+static void free_entry(void)
+{
+  struct log_entry *tmp = entries;
+  entries = tmp->next;
+  tmp->next = free_entries;
+  free_entries = tmp;
+}      
+
+static void log_write(void)
+{
+  ssize_t rc;
+   
+  while (entries)
+    {
+      /* Avoid duplicates over a fork() */
+      if (entries->pid != getpid())
+	{
+	  free_entry();
+	  continue;
+	}
+
+      connection_good = 1;
+
+      if ((rc = write(log_fd, entries->payload + entries->offset, entries->length)) != -1)
+	{
+	  entries->length -= rc;
+	  entries->offset += rc;
+	  if (entries->length == 0)
+	    {
+	      free_entry();
+	      if (entries_lost != 0)
+		{
+		  int e = entries_lost;
+		  entries_lost = 0; /* avoid wild recursion */
+		  my_syslog(LOG_WARNING, _("overflow: %d log entries lost"), e);
+		}	  
+	    }
+	  continue;
+	}
+      
+      if (errno == EINTR)
+	continue;
+
+      if (errno == EAGAIN)
+	return; /* syslogd busy, go again when select() or poll() says so */
+      
+      if (errno == ENOBUFS)
+	{
+	  connection_good = 0;
+	  return;
+	}
+
+      /* errors handling after this assumes sockets */ 
+      if (!log_to_file)
+	{
+	  /* Once a stream socket hits EPIPE, we have to close and re-open
+	     (we ignore SIGPIPE) */
+	  if (errno == EPIPE)
+	    {
+	      if (log_reopen(NULL))
+		continue;
+	    }
+	  else if (errno == ECONNREFUSED || 
+		   errno == ENOTCONN || 
+		   errno == EDESTADDRREQ || 
+		   errno == ECONNRESET)
+	    {
+	      /* socket went (syslogd down?), try and reconnect. If we fail,
+		 stop trying until the next call to my_syslog() 
+		 ECONNREFUSED -> connection went down
+		 ENOTCONN -> nobody listening
+		 (ECONNRESET, EDESTADDRREQ are *BSD equivalents) */
+	      
+	      struct sockaddr_un logaddr;
+	      
+#ifdef HAVE_SOCKADDR_SA_LEN
+	      logaddr.sun_len = sizeof(logaddr) - sizeof(logaddr.sun_path) + strlen(_PATH_LOG) + 1; 
+#endif
+	      logaddr.sun_family = AF_UNIX;
+	      strncpy(logaddr.sun_path, _PATH_LOG, sizeof(logaddr.sun_path));
+	      
+	      /* Got connection back? try again. */
+	      if (connect(log_fd, (struct sockaddr *)&logaddr, sizeof(logaddr)) != -1)
+		continue;
+	      
+	      /* errors from connect which mean we should keep trying */
+	      if (errno == ENOENT || 
+		  errno == EALREADY || 
+		  errno == ECONNREFUSED ||
+		  errno == EISCONN || 
+		  errno == EINTR ||
+		  errno == EAGAIN)
+		{
+		  /* try again on next syslog() call */
+		  connection_good = 0;
+		  return;
+		}
+	      
+	      /* try the other sort of socket... */
+	      if (errno == EPROTOTYPE)
+		{
+		  connection_type = connection_type == SOCK_DGRAM ? SOCK_STREAM : SOCK_DGRAM;
+		  if (log_reopen(NULL))
+		    continue;
+		}
+	    }
+	}
+
+      /* give up - fall back to syslog() - this handles out-of-space
+	 when logging to a file, for instance. */
+      log_fd = -1;
+      my_syslog(LOG_CRIT, _("log failed: %s"), strerror(errno));
+      return;
+    }
+}
+
+void my_syslog(int priority, const char *format, ...)
+{
+  va_list ap;
+  struct log_entry *entry;
+  time_t time_now;
+  char *p;
+  size_t len;
+  pid_t pid = getpid();
+
+  if (log_stderr) 
+    {
+      fprintf(stderr, "dnsmasq: ");
+      va_start(ap, format);
+      vfprintf(stderr, format, ap);
+      va_end(ap);
+      fputc('\n', stderr);
+    }
+
+  if (log_fd == -1)
+    {
+      /* fall-back to syslog if we die during startup or fail during running. */
+      static int isopen = 0;
+      if (!isopen)
+	{
+	  openlog("dnsmasq", LOG_PID, log_fac);
+	  isopen = 1;
+	}
+      va_start(ap, format);  
+      vsyslog(priority, format, ap);
+      va_end(ap);
+      return;
+    }
+  
+  if ((entry = free_entries))
+    free_entries = entry->next;
+  else if (entries_alloced < max_logs && (entry = malloc(sizeof(struct log_entry))))
+    entries_alloced++;
+  
+  if (!entry)
+    entries_lost++;
+  else
+    {
+      /* add to end of list, consumed from the start */
+      entry->next = NULL;
+      if (!entries)
+	entries = entry;
+      else
+	{
+	  struct log_entry *tmp;
+	  for (tmp = entries; tmp->next; tmp = tmp->next);
+	  tmp->next = entry;
+	}
+      
+      time(&time_now);
+      p = entry->payload;
+      if (!log_to_file)
+	p += sprintf(p, "<%d>", priority | log_fac);
+      
+      p += sprintf(p, "%.15s dnsmasq[%d]: ", ctime(&time_now) + 4, (int)pid);
+      len = p - entry->payload;
+      va_start(ap, format);  
+      len += vsnprintf(p, MAX_MESSAGE - len, format, ap) + 1; /* include zero-terminator */
+      va_end(ap);
+      entry->length = len > MAX_MESSAGE ? MAX_MESSAGE : len;
+      entry->offset = 0;
+      entry->pid = pid;
+
+      /* replace terminator with \n */
+      if (log_to_file)
+	entry->payload[entry->length - 1] = '\n';
+    }
+  
+  /* almost always, logging won't block, so try and write this now,
+     to save collecting too many log messages during a select loop. */
+  log_write();
+  
+  /* Since we're doing things asynchronously, a cache-dump, for instance,
+     can now generate log lines very fast. With a small buffer (desirable),
+     that means it can overflow the log-buffer very quickly,
+     so that the cache dump becomes mainly a count of how many lines 
+     overflowed. To avoid this, we delay here, the delay is controlled 
+     by queue-occupancy, and grows exponentially. The delay is limited to (2^8)ms.
+     The scaling stuff ensures that when the queue is bigger than 8, the delay
+     only occurs for the last 8 entries. Once the queue is full, we stop delaying
+     to preserve performance.
+  */
+
+  if (entries && max_logs != 0)
+    {
+      int d;
+      
+      for (d = 0,entry = entries; entry; entry = entry->next, d++);
+      
+      if (d == max_logs)
+	d = 0;
+      else if (max_logs > 8)
+	d -= max_logs - 8;
+
+      if (d > 0)
+	{
+	  struct timespec waiter;
+	  waiter.tv_sec = 0;
+	  waiter.tv_nsec = 1000000 << (d - 1); /* 1 ms */
+	  nanosleep(&waiter, NULL);
+      
+	  /* Have another go now */
+	  log_write();
+	}
+    } 
+}
+
+void set_log_writer(fd_set *set, int *maxfdp)
+{
+  if (entries && log_fd != -1 && connection_good)
+    {
+      FD_SET(log_fd, set);
+      bump_maxfd(log_fd, maxfdp);
+    }
+}
+
+void check_log_writer(fd_set *set)
+{
+  if (log_fd != -1 && (!set || FD_ISSET(log_fd, set)))
+    log_write();
+}
+
+void flush_log(void)
+{
+  /* block until queue empty */
+  if (log_fd != -1)
+    {
+      int flags;
+      if ((flags = fcntl(log_fd, F_GETFL)) != -1)
+	fcntl(log_fd, F_SETFL, flags & ~O_NONBLOCK);
+      log_write();
+      close(log_fd);
+    }
+}
+
+void die(char *message, char *arg1, int exit_code)
+{
+  char *errmess = strerror(errno);
+  
+  if (!arg1)
+    arg1 = errmess;
+
+  log_stderr = 1; /* print as well as log when we die.... */
+  fputc('\n', stderr); /* prettyfy  startup-script message */
+  my_syslog(LOG_CRIT, message, arg1, errmess);
+  
+  log_stderr = 0;
+  my_syslog(LOG_CRIT, _("FAILED to start up"));
+  flush_log();
+  
+  exit(exit_code);
+}

src/netlink.c

@@ -1,13 +1,17 @@
- /* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
@@ -29,9 +33,9 @@
 static struct iovec iov;
 
 static void nl_err(struct nlmsghdr *h);
-static void nl_routechange(struct daemon *daemon, struct nlmsghdr *h);
+static void nl_routechange(struct nlmsghdr *h);
 
-void netlink_init(struct daemon *daemon)
+void netlink_init(void)
 {
   struct sockaddr_nl addr;
 
@@ -56,19 +60,13 @@ void netlink_init(struct daemon *daemon)
     }
   
   if (daemon->netlinkfd == -1)
-    die(_("cannot create netlink socket: %s"), NULL);
-  else
-    {
-      int flags = fcntl(daemon->netlinkfd, F_GETFD);
-      if (flags != -1)
-	fcntl(daemon->netlinkfd, F_SETFD, flags | FD_CLOEXEC); 
-    }
-
+    die(_("cannot create netlink socket: %s"), NULL, EC_MISC);
+  
   iov.iov_len = 200;
   iov.iov_base = safe_malloc(iov.iov_len);
 }
 
-static ssize_t netlink_recv(struct daemon *daemon)
+static ssize_t netlink_recv(void)
 {
   struct msghdr msg;
   ssize_t rc;
@@ -107,7 +105,7 @@ static ssize_t netlink_recv(struct daemon *daemon)
   return rc;
 }
   
-int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), int (*ipv6_callback)())
+int iface_enumerate(void *parm, int (*ipv4_callback)(), int (*ipv6_callback)())
 {
   struct sockaddr_nl addr;
   struct nlmsghdr *h;
@@ -142,14 +140,14 @@ int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), i
     
   while (1)
     {
-      if ((len = netlink_recv(daemon)) == -1)
+      if ((len = netlink_recv()) == -1)
 	return 0;
   
       for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
  	if (h->nlmsg_type == NLMSG_ERROR)
 	  nl_err(h);
 	else if (h->nlmsg_seq != seq)
-	  nl_routechange(daemon, h); /* May be multicast arriving async */
+	  nl_routechange(h); /* May be multicast arriving async */
 	else if (h->nlmsg_type == NLMSG_DONE)
 	  {
 #ifdef HAVE_IPV6
@@ -186,7 +184,7 @@ int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), i
 		  }
 		
 		if (addr.s_addr && ipv4_callback)
-		  if (!((*ipv4_callback)(daemon, addr, ifa->ifa_index, netmask, broadcast, parm)))
+		  if (!((*ipv4_callback)(addr, ifa->ifa_index, netmask, broadcast, parm)))
 		    return 0;
 	      }
 #ifdef HAVE_IPV6
@@ -202,7 +200,7 @@ int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), i
 		  }
 		
 		if (addrp && ipv6_callback)
-		  if (!((*ipv6_callback)(daemon, addrp, ifa->ifa_index, ifa->ifa_index, parm)))
+		  if (!((*ipv6_callback)(addrp, ifa->ifa_index, ifa->ifa_index, parm)))
 		    return 0;
 	      }
 #endif
@@ -210,18 +208,18 @@ int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), i
     }
 }
 
-void netlink_multicast(struct daemon *daemon)
+void netlink_multicast(void)
 {
   ssize_t len;
   struct nlmsghdr *h;
   
-  if ((len = netlink_recv(daemon)) != -1)
+  if ((len = netlink_recv()) != -1)
     {
       for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
 	if (h->nlmsg_type == NLMSG_ERROR)
 	  nl_err(h);
 	else
-	  nl_routechange(daemon, h);
+	  nl_routechange(h);
     }
 }
 
@@ -229,7 +227,7 @@ static void nl_err(struct nlmsghdr *h)
 {
   struct nlmsgerr *err = NLMSG_DATA(h);
   if (err->error != 0)
-    syslog(LOG_ERR, _("netlink returns error: %s"), strerror(-(err->error)));
+    my_syslog(LOG_ERR, _("netlink returns error: %s"), strerror(-(err->error)));
 }
 
 /* We arrange to receive netlink multicast messages whenever the network route is added.
@@ -237,15 +235,25 @@ static void nl_err(struct nlmsghdr *h)
    This helps on DoD links, where frequently the packet which triggers dialling is
    a DNS query, which then gets lost. By re-sending, we can avoid the lookup
    failing. */ 
-static void nl_routechange(struct daemon *daemon, struct nlmsghdr *h)
+static void nl_routechange(struct nlmsghdr *h)
 {
   if (h->nlmsg_type == RTM_NEWROUTE && daemon->srv_save)
     {
       struct rtmsg *rtm = NLMSG_DATA(h);
-      if (rtm->rtm_type == RTN_UNICAST &&
-	  rtm->rtm_scope == RT_SCOPE_LINK) 
-	while(sendto(daemon->srv_save->sfd->fd, daemon->packet, daemon->packet_len, 0,
-		     &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
+      int fd;
+
+      if (rtm->rtm_type != RTN_UNICAST || rtm->rtm_scope != RT_SCOPE_LINK)
+	return;
+
+      if (daemon->srv_save->sfd)
+	fd = daemon->srv_save->sfd->fd;
+      else if (daemon->rfd_save && daemon->rfd_save->refcount != 0)
+	fd = daemon->rfd_save->fd;
+      else
+	return;
+
+      while(sendto(fd, daemon->packet, daemon->packet_len, 0,
+		   &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
     }
 }
 #endif

src/network.c

@@ -1,18 +1,22 @@
-/* dnsmasq is Copyright (c) 2000 - 2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
 
-int iface_check(struct daemon *daemon, int family, struct all_addr *addr, 
+int iface_check(int family, struct all_addr *addr, 
 		struct ifreq *ifr, int *indexp)
 {
   struct iname *tmp;
@@ -23,8 +27,8 @@ int iface_check(struct daemon *daemon, int family, struct all_addr *addr,
 
   if (indexp)
     {
-#if defined(__FreeBSD__) || defined(__DragonFly__)
-      /* One form of bridging on FreeBSD has the property that packets
+#ifdef HAVE_BSD_BRIDGE
+      /* One form of bridging on BSD has the property that packets
 	 can be recieved on bridge interfaces which do not have an IP address.
 	 We allow these to be treated as aliases of another interface which does have
 	 an IP address with --dhcp-bridge=interface,alias,alias */
@@ -38,7 +42,7 @@ int iface_check(struct daemon *daemon, int family, struct all_addr *addr,
 		
 		if (!(newindex = if_nametoindex(bridge->iface)))
 		  {
-		    syslog(LOG_WARNING, _("unknown interface %s in bridge-interface"), ifr->ifr_name);
+		    my_syslog(LOG_WARNING, _("unknown interface %s in bridge-interface"), ifr->ifr_name);
 		    return 0;
 		  }
 		else 
@@ -84,7 +88,7 @@ int iface_check(struct daemon *daemon, int family, struct all_addr *addr,
   return ret; 
 }
       
-static int iface_allowed(struct daemon *daemon, struct irec **irecp, int if_index, 
+static int iface_allowed(struct irec **irecp, int if_index, 
 			 union mysockaddr *addr, struct in_addr netmask) 
 {
   struct irec *iface;
@@ -134,9 +138,10 @@ static int iface_allowed(struct daemon *daemon, struct irec **irecp, int if_inde
 	    break;
 	  }
       
-      if (!lo && (lo = malloc(sizeof(struct iname))))
+      if (!lo && 
+	  (lo = whine_malloc(sizeof(struct iname))) &&
+	  (lo->name = whine_malloc(strlen(ifr.ifr_name)+1)))
 	{
-	  lo->name = safe_malloc(strlen(ifr.ifr_name)+1);
 	  strcpy(lo->name, ifr.ifr_name);
 	  lo->isloop = lo->used = 1;
 	  lo->next = daemon->if_names;
@@ -145,7 +150,7 @@ static int iface_allowed(struct daemon *daemon, struct irec **irecp, int if_inde
     }
   
   if (addr->sa.sa_family == AF_INET &&
-      !iface_check(daemon, AF_INET, (struct all_addr *)&addr->in.sin_addr, &ifr, NULL))
+      !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, &ifr, NULL))
     return 1;
   
   for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
@@ -154,12 +159,12 @@ static int iface_allowed(struct daemon *daemon, struct irec **irecp, int if_inde
   
 #ifdef HAVE_IPV6
   if (addr->sa.sa_family == AF_INET6 &&
-      !iface_check(daemon, AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, &ifr, NULL))
+      !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, &ifr, NULL))
     return 1;
 #endif
 
   /* add to list */
-  if ((iface = malloc(sizeof(struct irec))))
+  if ((iface = whine_malloc(sizeof(struct irec))))
     {
       iface->addr = *addr;
       iface->netmask = netmask;
@@ -174,7 +179,7 @@ static int iface_allowed(struct daemon *daemon, struct irec **irecp, int if_inde
 }
 
 #ifdef HAVE_IPV6
-static int iface_allowed_v6(struct daemon *daemon, struct in6_addr *local, 
+static int iface_allowed_v6(struct in6_addr *local, 
 			    int scope, int if_index, void *vparam)
 {
   union mysockaddr addr;
@@ -191,11 +196,11 @@ static int iface_allowed_v6(struct daemon *daemon, struct in6_addr *local,
   addr.in6.sin6_port = htons(daemon->port);
   addr.in6.sin6_scope_id = scope;
   
-  return iface_allowed(daemon, (struct irec **)vparam, if_index, &addr, netmask);
+  return iface_allowed((struct irec **)vparam, if_index, &addr, netmask);
 }
 #endif
 
-static int iface_allowed_v4(struct daemon *daemon, struct in_addr local, int if_index, 
+static int iface_allowed_v4(struct in_addr local, int if_index, 
 			    struct in_addr netmask, struct in_addr broadcast, void *vparam)
 {
   union mysockaddr addr;
@@ -209,30 +214,28 @@ static int iface_allowed_v4(struct daemon *daemon, struct in_addr local, int if_
   addr.in.sin_addr = local;
   addr.in.sin_port = htons(daemon->port);
 
-  return iface_allowed(daemon, (struct irec **)vparam, if_index, &addr, netmask);
+  return iface_allowed((struct irec **)vparam, if_index, &addr, netmask);
 }
    
 
-int enumerate_interfaces(struct daemon *daemon)
+int enumerate_interfaces(void)
 {
 #ifdef HAVE_IPV6
-  return iface_enumerate(daemon, &daemon->interfaces, iface_allowed_v4, iface_allowed_v6);
+  return iface_enumerate(&daemon->interfaces, iface_allowed_v4, iface_allowed_v6);
 #else
-  return iface_enumerate(daemon, &daemon->interfaces, iface_allowed_v4, NULL);
+  return iface_enumerate(&daemon->interfaces, iface_allowed_v4, NULL);
 #endif
 }
 
-/* set NONBLOCK and CLOEXEC bits on fd: See Stevens 16.6 */
+/* set NONBLOCK bit on fd: See Stevens 16.6 */
 int fix_fd(int fd)
 {
   int flags;
 
   if ((flags = fcntl(fd, F_GETFL)) == -1 ||
-      fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1 ||
-      (flags = fcntl(fd, F_GETFD)) == -1 ||
-      fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1)
+      fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
     return 0;
-
+  
   return 1;
 }
 
@@ -289,52 +292,55 @@ static int create_ipv6_listener(struct listener **link, int port)
 }
 #endif
 
-struct listener *create_wildcard_listeners(int port, int have_tftp)
+struct listener *create_wildcard_listeners(void)
 {
   union mysockaddr addr;
   int opt = 1;
   struct listener *l, *l6 = NULL;
-  int tcpfd, fd, tftpfd = -1;
+  int tcpfd = -1, fd = -1, tftpfd = -1;
 
   memset(&addr, 0, sizeof(addr));
   addr.in.sin_family = AF_INET;
   addr.in.sin_addr.s_addr = INADDR_ANY;
-  addr.in.sin_port = htons(port);
+  addr.in.sin_port = htons(daemon->port);
 #ifdef HAVE_SOCKADDR_SA_LEN
   addr.in.sin_len = sizeof(struct sockaddr_in);
 #endif
 
-  if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1 ||
-      (tcpfd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
-    return NULL;
-  
-  if (setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
-      bind(tcpfd, (struct sockaddr *)&addr, sa_len(&addr)) == -1 ||
-      listen(tcpfd, 5) == -1 ||
-      !fix_fd(tcpfd) ||
+  if (daemon->port != 0)
+    {
+      
+      if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1 ||
+	  (tcpfd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
+	return NULL;
+      
+      if (setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
+	  bind(tcpfd, (struct sockaddr *)&addr, sa_len(&addr)) == -1 ||
+	  listen(tcpfd, 5) == -1 ||
+	  !fix_fd(tcpfd) ||
 #ifdef HAVE_IPV6
-      !create_ipv6_listener(&l6, port) ||
+	  !create_ipv6_listener(&l6, daemon->port) ||
 #endif
-      setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
-      !fix_fd(fd) ||
+	  setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
+	  !fix_fd(fd) ||
 #if defined(HAVE_LINUX_NETWORK) 
-      setsockopt(fd, SOL_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1 ||
+	  setsockopt(fd, SOL_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1 ||
 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
-      setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 ||
-      setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1 ||
+	  setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) == -1 ||
+	  setsockopt(fd, IPPROTO_IP, IP_RECVIF, &opt, sizeof(opt)) == -1 ||
 #endif 
-      bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == -1)
-    return NULL;
-
+	  bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == -1)
+	return NULL;
+    }
+  
 #ifdef HAVE_TFTP
-  if (have_tftp)
+  if (daemon->options & OPT_TFTP)
     {
       addr.in.sin_port = htons(TFTP_PORT);
       if ((tftpfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
 	return NULL;
       
-      if (setsockopt(tftpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
-	  !fix_fd(tftpfd) ||
+      if (!fix_fd(tftpfd) ||
 #if defined(HAVE_LINUX_NETWORK) 
 	  setsockopt(tftpfd, SOL_IP, IP_PKTINFO, &opt, sizeof(opt)) == -1 ||
 #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
@@ -356,7 +362,7 @@ struct listener *create_wildcard_listeners(int port, int have_tftp)
   return l;
 }
 
-struct listener *create_bound_listeners(struct daemon *daemon)
+struct listener *create_bound_listeners(void)
 {
   struct listener *listeners = NULL;
   struct irec *iface;
@@ -369,49 +375,52 @@ struct listener *create_bound_listeners(struct daemon *daemon)
       new->iface = iface;
       new->next = listeners;
       new->tftpfd = -1;
+      new->tcpfd = -1;
+      new->fd = -1;
 
-      if ((new->tcpfd = socket(iface->addr.sa.sa_family, SOCK_STREAM, 0)) == -1 ||
-	  (new->fd = socket(iface->addr.sa.sa_family, SOCK_DGRAM, 0)) == -1 ||
-	  setsockopt(new->fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
-	  setsockopt(new->tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
-	  !fix_fd(new->tcpfd) ||
-	  !fix_fd(new->fd))
-	die(_("failed to create listening socket: %s"), NULL);
-      
-#ifdef HAVE_IPV6
-      if (iface->addr.sa.sa_family == AF_INET6)
-	{
-	  if (setsockopt(new->fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 ||
-	      setsockopt(new->tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
-	    die(_("failed to set IPV6 options on listening socket: %s"), NULL);
-	}
-#endif
-      
-      if (bind(new->tcpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1 ||
-	  bind(new->fd, &iface->addr.sa, sa_len(&iface->addr)) == -1)
+      if (daemon->port != 0)
 	{
+	  if ((new->tcpfd = socket(iface->addr.sa.sa_family, SOCK_STREAM, 0)) == -1 ||
+	      (new->fd = socket(iface->addr.sa.sa_family, SOCK_DGRAM, 0)) == -1 ||
+	      setsockopt(new->fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
+	      setsockopt(new->tcpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
+	      !fix_fd(new->tcpfd) ||
+	      !fix_fd(new->fd))
+	    die(_("failed to create listening socket: %s"), NULL, EC_BADNET);
+	  
 #ifdef HAVE_IPV6
-	  if (iface->addr.sa.sa_family == AF_INET6 && errno == ENODEV)
+	  if (iface->addr.sa.sa_family == AF_INET6)
 	    {
-	      close(new->tcpfd);
-	      close(new->fd);
-	      free(new);
+	      if (setsockopt(new->fd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1 ||
+		  setsockopt(new->tcpfd, IPV6_LEVEL, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
+		die(_("failed to set IPV6 options on listening socket: %s"), NULL, EC_BADNET);
 	    }
-	  else
 #endif
+	  
+	  if (bind(new->tcpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1 ||
+	      bind(new->fd, &iface->addr.sa, sa_len(&iface->addr)) == -1)
 	    {
-	      prettyprint_addr(&iface->addr, daemon->namebuff);
-	      die(_("failed to bind listening socket for %s: %s"), 
-		  daemon->namebuff);
+#ifdef HAVE_IPV6
+	      if (iface->addr.sa.sa_family == AF_INET6 && (errno == ENODEV || errno == EADDRNOTAVAIL))
+		{
+		  close(new->tcpfd);
+		  close(new->fd);
+		  free(new);
+		  new = NULL;
+		}
+	      else
+#endif
+		{
+		  prettyprint_addr(&iface->addr, daemon->namebuff);
+		  die(_("failed to bind listening socket for %s: %s"), 
+		      daemon->namebuff, EC_BADNET);
+		}
 	    }
+	  else if (listen(new->tcpfd, 5) == -1)
+	    die(_("failed to listen on socket: %s"), NULL, EC_BADNET);
 	}
-      else
-	 {
-	   listeners = new;     
-	   if (listen(new->tcpfd, 5) == -1)
-	     die(_("failed to listen on socket: %s"), NULL);
-	 }
 
+#ifdef HAVE_TFTP
       if ((daemon->options & OPT_TFTP) && iface->addr.sa.sa_family == AF_INET && iface->dhcp_ok)
 	{
 	  short save = iface->addr.in.sin_port;
@@ -420,26 +429,135 @@ struct listener *create_bound_listeners(struct daemon *daemon)
 	      setsockopt(new->tftpfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 ||
 	      !fix_fd(new->tftpfd) ||
 	      bind(new->tftpfd, &iface->addr.sa, sa_len(&iface->addr)) == -1)
-	    die(_("failed to create TFTP socket: %s"), NULL);
+	    die(_("failed to create TFTP socket: %s"), NULL, EC_BADNET);
 	  iface->addr.in.sin_port = save;
 	}
+#endif
+
+      if (new)
+	listeners = new;
     }
 
   return listeners;
 }
 
-struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds)
+
+/* return a UDP socket bound to a random port, have to coper with straying into
+   occupied port nos and reserved ones. */
+int random_sock(int family)
+{
+  int fd;
+
+  if ((fd = socket(family, SOCK_DGRAM, 0)) != -1)
+    {
+      union mysockaddr addr;
+      unsigned short ports_avail = 65536u - (unsigned short)daemon->min_port;
+      int i;
+
+      memset(&addr, 0, sizeof(addr));
+      addr.sa.sa_family = family;
+
+      if (fix_fd(fd))
+	for (i = ports_avail; i != 0; i--)
+	  {
+	    unsigned short port = rand16();
+	    
+	    if (daemon->min_port != 0)
+	      port = htons(daemon->min_port + (port % ports_avail));
+	    
+	    if (family == AF_INET) 
+	      {
+		addr.in.sin_addr.s_addr = INADDR_ANY;
+		addr.in.sin_port = port;
+#ifdef HAVE_SOCKADDR_SA_LEN
+		addr.in.sin_len = sizeof(struct sockaddr_in);
+#endif
+	      }
+#ifdef HAVE_IPV6
+	    else
+	      {
+		addr.in6.sin6_addr = in6addr_any; 
+		addr.in6.sin6_port = port;
+#ifdef HAVE_SOCKADDR_SA_LEN
+		addr.in6.sin6_len = sizeof(struct sockaddr_in6);
+#endif
+	      }
+#endif
+	    
+	    if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0)
+	      return fd;
+	    
+	    if (errno != EADDRINUSE && errno != EACCES)
+	      break;
+	  }
+
+      close(fd);
+    }
+
+  return -1; 
+}
+  
+
+int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp)
+{
+  union mysockaddr addr_copy = *addr;
+
+  /* cannot set source _port_ for TCP connections. */
+  if (is_tcp)
+    {
+      if (addr_copy.sa.sa_family == AF_INET)
+	addr_copy.in.sin_port = 0;
+#ifdef HAVE_IPV6
+      else
+	addr_copy.in6.sin6_port = 0;
+#endif
+    }
+  
+  if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) == -1)
+    return 0;
+    
+#if defined(SO_BINDTODEVICE)
+  if (strlen(intname) != 0 &&
+      setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, sizeof(intname)) == -1)
+    return 0;
+#endif
+
+  return 1;
+}
+
+static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname)
 {
   struct serverfd *sfd;
+  int errsave;
 
+  /* when using random ports, servers which would otherwise use
+     the INADDR_ANY/port0 socket have sfd set to NULL */
+  if (!daemon->osport)
+    {
+      errno = 0;
+      
+      if (addr->sa.sa_family == AF_INET &&
+	  addr->in.sin_addr.s_addr == INADDR_ANY &&
+	  addr->in.sin_port == htons(0)) 
+	return NULL;
+
+#ifdef HAVE_IPV6
+      if (addr->sa.sa_family == AF_INET6 &&
+	  memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 &&
+	  addr->in6.sin6_port == htons(0)) 
+	return NULL;
+#endif
+    }
+      
   /* may have a suitable one already */
-  for (sfd = *sfds; sfd; sfd = sfd->next )
-    if (sockaddr_isequal(&sfd->source_addr, addr))
+  for (sfd = daemon->sfds; sfd; sfd = sfd->next )
+    if (sockaddr_isequal(&sfd->source_addr, addr) &&
+	strcmp(intname, sfd->interface) == 0)
       return sfd;
   
   /* need to make a new one. */
   errno = ENOMEM; /* in case malloc fails. */
-  if (!(sfd = malloc(sizeof(struct serverfd))))
+  if (!(sfd = whine_malloc(sizeof(struct serverfd))))
     return NULL;
   
   if ((sfd->fd = socket(addr->sa.sa_family, SOCK_DGRAM, 0)) == -1)
@@ -448,24 +566,70 @@ struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds)
       return NULL;
     }
   
-  if (bind(sfd->fd, (struct sockaddr *)addr, sa_len(addr)) == -1 ||
-      !fix_fd(sfd->fd))
-    {
-      int errsave = errno; /* save error from bind. */
+  if (!local_bind(sfd->fd, addr, intname, 0) || !fix_fd(sfd->fd))
+    { 
+      errsave = errno; /* save error from bind. */
       close(sfd->fd);
       free(sfd);
       errno = errsave;
       return NULL;
     }
-  
+    
+  strcpy(sfd->interface, intname); 
   sfd->source_addr = *addr;
-  sfd->next = *sfds;
-  *sfds = sfd;
-  
-  return sfd;
+  sfd->next = daemon->sfds;
+  daemon->sfds = sfd;
+  return sfd; 
 }
 
-void check_servers(struct daemon *daemon)
+/* create upstream sockets during startup, before root is dropped which may be needed
+   this allows query_port to be a low port and interface binding */
+void pre_allocate_sfds(void)
+{
+  struct server *srv;
+  
+  if (daemon->query_port != 0)
+    {
+      union  mysockaddr addr;
+      memset(&addr, 0, sizeof(addr));
+      addr.in.sin_family = AF_INET;
+      addr.in.sin_addr.s_addr = INADDR_ANY;
+      addr.in.sin_port = htons(daemon->query_port);
+#ifdef HAVE_SOCKADDR_SA_LEN
+      addr.in.sin_len = sizeof(struct sockaddr_in);
+#endif
+      allocate_sfd(&addr, "");
+#ifdef HAVE_IPV6
+      memset(&addr, 0, sizeof(addr));
+      addr.in6.sin6_family = AF_INET6;
+      addr.in6.sin6_addr = in6addr_any;
+      addr.in6.sin6_port = htons(daemon->query_port);
+#ifdef HAVE_SOCKADDR_SA_LEN
+      addr.in6.sin6_len = sizeof(struct sockaddr_in6);
+#endif
+      allocate_sfd(&addr, "");
+#endif
+    }
+  
+  for (srv = daemon->servers; srv; srv = srv->next)
+    if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) &&
+	!allocate_sfd(&srv->source_addr, srv->interface) &&
+	errno != 0 &&
+	(daemon->options & OPT_NOWILD))
+      {
+	prettyprint_addr(&srv->addr, daemon->namebuff);
+	if (strlen(srv->interface) != 0)
+	  {
+	    strcat(daemon->namebuff, " ");
+	    strcat(daemon->namebuff, srv->interface);
+	  }
+	die(_("failed to bind server socket for %s: %s"),
+	    daemon->namebuff, EC_BADNET);
+      }  
+}
+
+
+void check_servers(void)
 {
   struct irec *iface;
   struct server *new, *tmp, *ret = NULL;
@@ -492,16 +656,19 @@ void check_servers(struct daemon *daemon)
 	      break;
 	  if (iface)
 	    {
-	      syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff);
+	      my_syslog(LOG_WARNING, _("ignoring nameserver %s - local interface"), daemon->namebuff);
 	      free(new);
 	      continue;
 	    }
 	  
 	  /* Do we need a socket set? */
-	  if (!new->sfd && !(new->sfd = allocate_sfd(&new->source_addr, &daemon->sfds)))
+	  if (!new->sfd && 
+	      !(new->sfd = allocate_sfd(&new->source_addr, new->interface)) &&
+	      errno != 0)
 	    {
-	      syslog(LOG_WARNING, 
-		     _("ignoring nameserver %s - cannot make/bind socket: %m"), daemon->namebuff);
+	      my_syslog(LOG_WARNING, 
+			_("ignoring nameserver %s - cannot make/bind socket: %s"),
+			daemon->namebuff, strerror(errno));
 	      free(new);
 	      continue;
 	    }
@@ -514,18 +681,22 @@ void check_servers(struct daemon *daemon)
       if (new->flags & (SERV_HAS_DOMAIN | SERV_FOR_NODOTS))
 	{
 	  char *s1, *s2;
-	  if (new->flags & SERV_HAS_DOMAIN)
-	    s1 = _("domain"), s2 = new->domain;
+	  if (!(new->flags & SERV_HAS_DOMAIN))
+	    s1 = _("unqualified"), s2 = _("names");
+	  else if (strlen(new->domain) == 0)
+	    s1 = _("default"), s2 = "";
 	  else
-	    s1 = _("unqualified"), s2 = _("domains");
+	    s1 = _("domain"), s2 = new->domain;
 	  
 	  if (new->flags & SERV_NO_ADDR)
-	    syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
+	    my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
 	  else if (!(new->flags & SERV_LITERAL_ADDRESS))
-	    syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2);
+	    my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2);
 	}
+      else if (strlen(new->interface) != 0)
+	my_syslog(LOG_INFO, _("using nameserver %s#%d(via %s)"), daemon->namebuff, port, new->interface); 
       else
-	syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port); 
+	my_syslog(LOG_INFO, _("using nameserver %s#%d"), daemon->namebuff, port); 
     }
   
   daemon->servers = ret;
@@ -533,7 +704,7 @@ void check_servers(struct daemon *daemon)
 
 /* Return zero if no servers found, in that case we keep polling.
    This is a protection against an update-time/write race on resolv.conf */
-int reload_servers(char *fname, struct daemon *daemon)
+int reload_servers(char *fname)
 {
   FILE *f;
   char *line;
@@ -545,7 +716,7 @@ int reload_servers(char *fname, struct daemon *daemon)
   /* buff happens to be MAXDNAME long... */
   if (!(f = fopen(fname, "r")))
     {
-      syslog(LOG_ERR, _("failed to read %s: %m"), fname);
+      my_syslog(LOG_ERR, _("failed to read %s: %s"), fname, strerror(errno));
       return 0;
     }
   
@@ -560,7 +731,7 @@ int reload_servers(char *fname, struct daemon *daemon)
 	  serv->next = old_servers;
 	  old_servers = serv; 
 	  /* forward table rules reference servers, so have to blow them away */
-	  server_gone(daemon, serv);
+	  server_gone(serv);
 	}
       else
 	{
@@ -575,7 +746,9 @@ int reload_servers(char *fname, struct daemon *daemon)
       union mysockaddr addr, source_addr;
       char *token = strtok(line, " \t\n\r");
       
-      if (!token || strcmp(token, "nameserver") != 0)
+      if (!token)
+	continue;
+      if (strcmp(token, "nameserver") != 0 && strcmp(token, "server") != 0)
 	continue;
       if (!(token = strtok(NULL, " \t\n\r")))
 	continue;
@@ -613,7 +786,7 @@ int reload_servers(char *fname, struct daemon *daemon)
 	  serv = old_servers;
 	  old_servers = old_servers->next;
 	}
-      else if (!(serv = malloc(sizeof (struct server))))
+      else if (!(serv = whine_malloc(sizeof (struct server))))
 	continue;
       
       /* this list is reverse ordered: 
@@ -623,9 +796,10 @@ int reload_servers(char *fname, struct daemon *daemon)
       serv->addr = addr;
       serv->source_addr = source_addr;
       serv->domain = NULL;
+      serv->interface[0] = 0;
       serv->sfd = NULL;
       serv->flags = SERV_FROM_RESOLV;
-
+      serv->queries = serv->failed_queries = 0;
       gotone = 1;
     }
   
@@ -644,8 +818,22 @@ int reload_servers(char *fname, struct daemon *daemon)
 }
 
 
-
-
+/* Use an IPv4 listener socket for ioctling */
+struct in_addr get_ifaddr(char *intr)
+{
+  struct listener *l;
+  struct ifreq ifr;
+
+  for (l = daemon->listeners; l && l->family != AF_INET; l = l->next);
+  
+  strncpy(ifr.ifr_name, intr, IF_NAMESIZE);
+  ifr.ifr_addr.sa_family = AF_INET;
+  
+  if (!l || ioctl(l->fd, SIOCGIFADDR, &ifr) == -1)
+    ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr.s_addr = -1;
+  
+  return ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
+}
 
 
 

src/rfc1035.c

@@ -1,13 +1,17 @@
-/* dnsmasq is Copyright (c) 2000 - 2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
@@ -32,7 +36,7 @@ static int extract_name(HEADER *header, size_t plen, unsigned char **pp,
       unsigned int label_type = l & 0xc0;
       if (label_type == 0xc0) /* pointer */
 	{ 
-	  if ((size_t)(p - (unsigned char *)header + 1) >= plen)
+	  if ((size_t)(p - (unsigned char *)header) >= plen)
 	    return 0;
 	      
 	  /* get offset */
@@ -70,7 +74,7 @@ static int extract_name(HEADER *header, size_t plen, unsigned char **pp,
 	  /* output is \[x<hex>/siz]. which is digs+9 chars */
 	  if (cp - (unsigned char *)name + digs + 9 >= MAXDNAME)
 	    return 0;
-	  if ((size_t)(p - (unsigned char *)header + ((count-1)>>3) + 1) >= plen)
+	  if ((size_t)(p - (unsigned char *)header + ((count-1)>>3)) >= plen)
 	    return 0;
 
 	  *cp++ = '\\';
@@ -94,7 +98,7 @@ static int extract_name(HEADER *header, size_t plen, unsigned char **pp,
 	{ /* label_type = 0 -> label. */
 	  if (cp - (unsigned char *)name + l + 1 >= MAXDNAME)
 	    return 0;
-	  if ((size_t)(p - (unsigned char *)header + 1) >= plen)
+	  if ((size_t)(p - (unsigned char *)header) >= plen)
 	    return 0;
 	  for(j=0; j<l; j++, p++)
 	    if (isExtract)
@@ -223,7 +227,7 @@ static int in_arpa_name_2_addr(char *namein, struct all_addr *addrp)
       if (*name == '\\' && *(name+1) == '[' && 
 	  (*(name+2) == 'x' || *(name+2) == 'X'))
 	{	  
-	  for (j = 0, cp1 = name+3; *cp1 && isxdigit(*cp1) && j < 32; cp1++, j++)
+	  for (j = 0, cp1 = name+3; *cp1 && isxdigit((int) *cp1) && j < 32; cp1++, j++)
 	    {
 	      char xdig[2];
 	      xdig[0] = *cp1;
@@ -304,10 +308,10 @@ static unsigned char *skip_name(unsigned char *ansp, HEADER *header, size_t plen
 
 static unsigned char *skip_questions(HEADER *header, size_t plen)
 {
-  int q, qdcount = ntohs(header->qdcount);
+  int q;
   unsigned char *ansp = (unsigned char *)(header+1);
 
-  for (q = 0; q<qdcount; q++)
+  for (q = ntohs(header->qdcount); q != 0; q--)
     {
       if (!(ansp = skip_name(ansp, header, plen)))
 	return NULL;
@@ -349,7 +353,7 @@ unsigned int questions_crc(HEADER *header, size_t plen, char *name)
   unsigned int crc = 0xffffffff;
   unsigned char *p1, *p = (unsigned char *)(header+1);
 
-  for (q = 0; q < ntohs(header->qdcount); q++) 
+  for (q = ntohs(header->qdcount); q != 0; q--) 
     {
       if (!extract_name(header, plen, &p, name, 1))
 	return crc; /* bad packet */
@@ -426,7 +430,7 @@ unsigned char *find_pseudoheader(HEADER *header, size_t plen, size_t  *len, unsi
 
       if (header->opcode == QUERY)
 	{
-	  for (i = 0; i < ntohs(header->qdcount); i++)
+	  for (i = ntohs(header->qdcount); i != 0; i--)
 	    {
 	      if (!(ansp = skip_name(ansp, header, plen)))
 		return NULL;
@@ -485,31 +489,63 @@ unsigned char *find_pseudoheader(HEADER *header, size_t plen, size_t  *len, unsi
       
   
 /* is addr in the non-globally-routed IP space? */ 
-static int private_net(struct all_addr *addrp) 
+static int private_net(struct in_addr addr) 
 {
-  struct in_addr addr = *(struct in_addr *)addrp;
-  if (inet_netof(addr) == 0xA ||
-      (inet_netof(addr) >= 0xAC10 && inet_netof(addr) < 0xAC20) ||
-      (inet_netof(addr) >> 8) == 0xC0A8) 
-    return 1;
-  else 
-    return 0;
-}
- 
-static void dns_doctor(HEADER *header, struct doctor *doctor, struct in_addr *addr)
-{
-  for (; doctor; doctor = doctor->next)
-    if (is_same_net(doctor->in, *addr, doctor->mask))
-      {
-	addr->s_addr &= ~doctor->mask.s_addr;
-	addr->s_addr |= (doctor->out.s_addr & doctor->mask.s_addr);
-	/* Since we munged the data, the server it came from is no longer authoritative */
-	header->aa = 0;
-	break;
-      }
+  in_addr_t ip_addr = ntohl(addr.s_addr);
+
+  return
+    ((ip_addr & 0xFF000000) == 0x7F000000)  /* 127.0.0.0/8    (loopback) */ || 
+    ((ip_addr & 0xFFFF0000) == 0xC0A80000)  /* 192.168.0.0/16 (private)  */ ||
+    ((ip_addr & 0xFF000000) == 0x0A000000)  /* 10.0.0.0/8     (private)  */ ||
+    ((ip_addr & 0xFFF00000) == 0xAC100000)  /* 172.16.0.0/12  (private)  */ ||
+    ((ip_addr & 0xFFFF0000) == 0xA9FE0000)  /* 169.254.0.0/16 (zeroconf) */ ;
 }
 
-static int find_soa(HEADER *header, struct doctor *doctor, size_t qlen)
+static unsigned char *do_doctor(unsigned char *p, int count, HEADER *header, size_t qlen)
+{
+  int i, qtype, qclass, rdlen;
+  unsigned long ttl;
+
+  for (i = count; i != 0; i--)
+    {
+      if (!(p = skip_name(p, header, qlen)))
+	return 0; /* bad packet */
+      
+      GETSHORT(qtype, p); 
+      GETSHORT(qclass, p);
+      GETLONG(ttl, p);
+      GETSHORT(rdlen, p);
+      
+      if ((qclass == C_IN) && (qtype == T_A))
+	{
+	  struct doctor *doctor;
+	  struct in_addr addr;
+	  
+	  /* alignment */
+	  memcpy(&addr, p, INADDRSZ);
+	  
+	  for (doctor = daemon->doctors; doctor; doctor = doctor->next)
+	    if (is_same_net(doctor->in, addr, doctor->mask))
+	      {
+		addr.s_addr &= ~doctor->mask.s_addr;
+		addr.s_addr |= (doctor->out.s_addr & doctor->mask.s_addr);
+		/* Since we munged the data, the server it came from is no longer authoritative */
+		header->aa = 0;
+		memcpy(p, &addr, INADDRSZ);
+		break;
+	      }
+	}
+      
+      p += rdlen;
+      
+      if ((size_t)(p - (unsigned char *)header) > qlen)
+	return 0; /* bad packet */
+    }
+  
+  return p; 
+}
+
+static int find_soa(HEADER *header, size_t qlen)
 {
   unsigned char *p;
   int qtype, qclass, rdlen;
@@ -518,10 +554,10 @@ static int find_soa(HEADER *header, struct doctor *doctor, size_t qlen)
   
   /* first move to NS section and find TTL from any SOA section */
   if (!(p = skip_questions(header, qlen)) ||
-      !(p = skip_section(p, ntohs(header->ancount), header, qlen)))
-    return 0; /* bad packet */
+      !(p = do_doctor(p, ntohs(header->ancount), header, qlen)))
+    return 0;  /* bad packet */
   
-  for (i=0; i<ntohs(header->nscount); i++)
+  for (i = ntohs(header->nscount); i != 0; i--)
     {
       if (!(p = skip_name(p, header, qlen)))
 	return 0; /* bad packet */
@@ -556,37 +592,26 @@ static int find_soa(HEADER *header, struct doctor *doctor, size_t qlen)
 	return 0; /* bad packet */
     }
  
-  if (doctor)
-    for (i=0; i<ntohs(header->arcount); i++)
-      {
-	if (!(p = skip_name(p, header, qlen)))
-	  return 0; /* bad packet */
-      
-	GETSHORT(qtype, p); 
-	GETSHORT(qclass, p);
-	GETLONG(ttl, p);
-	GETSHORT(rdlen, p);
-	
-	if ((qclass == C_IN) && (qtype == T_A))
-	  dns_doctor(header, doctor, (struct in_addr *)p);
-	
-	p += rdlen;
-	
-	if ((size_t)(p - (unsigned char *)header) > qlen)
-	  return 0; /* bad packet */
-      }
- 
-  return found_soa ? minttl : 0;
+  /* rewrite addresses in additioal section too */
+  if (!do_doctor(p, ntohs(header->arcount), header, qlen))
+    return 0;
+  
+  if (!found_soa)
+    minttl = daemon->neg_ttl;
+
+  return minttl;
 }
 
 /* Note that the following code can create CNAME chains that don't point to a real record,
    either because of lack of memory, or lack of SOA records.  These are treated by the cache code as 
-   expired and cleaned out that way. */
-void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, struct daemon *daemon)
+   expired and cleaned out that way. 
+   Return 1 if we reject an address because it look like parct of dns-rebinding attack. */
+int extract_addresses(HEADER *header, size_t qlen, char *name, time_t now)
 {
-  unsigned char *p, *p1, *endrr;
+  unsigned char *p, *p1, *endrr, *namep;
   int i, j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0;
   unsigned long ttl = 0;
+  struct all_addr addr;
 
   cache_start_insert();
 
@@ -594,21 +619,22 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
   if (daemon->doctors)
     {
       searched_soa = 1;
-      ttl = find_soa(header, daemon->doctors, qlen);
+      ttl = find_soa(header, qlen);
     }
   
   /* go through the questions. */
   p = (unsigned char *)(header+1);
   
-  for (i = 0; i<ntohs(header->qdcount); i++)
+  for (i = ntohs(header->qdcount); i != 0; i--)
     {
       int found = 0, cname_count = 5;
       struct crec *cpp = NULL;
       int flags = header->rcode == NXDOMAIN ? F_NXDOMAIN : 0;
       unsigned long cttl = ULONG_MAX, attl;
       
+      namep = p;
       if (!extract_name(header, qlen, &p, name, 1))
-	return; /* bad packet */
+	return 0; /* bad packet */
            
       GETSHORT(qtype, p); 
       GETSHORT(qclass, p);
@@ -620,7 +646,6 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
 	 represent them in the cache. */
       if (qtype == T_PTR)
 	{ 
-	  struct all_addr addr;
 	  int name_encoding = in_arpa_name_2_addr(name, &addr);
 	  
 	  if (!name_encoding)
@@ -630,12 +655,15 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
 	    {
 	    cname_loop:
 	      if (!(p1 = skip_questions(header, qlen)))
-		return;
+		return 0;
 	      
-	      for (j = 0; j<ntohs(header->ancount); j++) 
+	      for (j = ntohs(header->ancount); j != 0; j--) 
 		{
-		  if (!(res = extract_name(header, qlen, &p1, name, 0)))
-		    return; /* bad packet */
+		  unsigned char *tmp = namep;
+		  /* the loop body overwrites the original name, so get it back here. */
+		  if (!extract_name(header, qlen, &tmp, name, 1) ||
+		      !(res = extract_name(header, qlen, &p1, name, 0)))
+		    return 0; /* bad packet */
 		  
 		  GETSHORT(aqtype, p1); 
 		  GETSHORT(aqclass, p1);
@@ -650,12 +678,12 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
 		  if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == T_PTR))
 		    {
 		      if (!extract_name(header, qlen, &p1, name, 1))
-			return;
+			return 0;
 		      
 		      if (aqtype == T_CNAME)
 			{
 			  if (!cname_count--)
-			    return; /* looped CNAMES */
+			    return 0; /* looped CNAMES */
 			  goto cname_loop;
 			}
 		      
@@ -665,7 +693,7 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
 		  
 		  p1 = endrr;
 		  if ((size_t)(p1 - (unsigned char *)header) > qlen)
-		    return; /* bad packet */
+		    return 0; /* bad packet */
 		}
 	    }
 	  
@@ -674,22 +702,29 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
 	      if (!searched_soa)
 		{
 		  searched_soa = 1;
-		  ttl = find_soa(header, NULL, qlen);
+		  ttl = find_soa(header, qlen);
 		}
 	      if (ttl)
-		cache_insert(name, &addr, now, ttl, name_encoding | F_REVERSE | F_NEG | flags);	
+		cache_insert(NULL, &addr, now, ttl, name_encoding | F_REVERSE | F_NEG | flags);	
 	    }
 	}
       else
 	{
 	  /* everything other than PTR */
 	  struct crec *newc;
-	  
+	  int addrlen;
+
 	  if (qtype == T_A)
-	    flags |= F_IPV4;
+	    {
+	      addrlen = INADDRSZ;
+	      flags |= F_IPV4;
+	    }
 #ifdef HAVE_IPV6
 	  else if (qtype == T_AAAA)
-	    flags |= F_IPV6;
+	    {
+	      addrlen = IN6ADDRSZ;
+	      flags |= F_IPV6;
+	    }
 #endif
 	  else 
 	    continue;
@@ -698,12 +733,12 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
 	    {
 	    cname_loop1:
 	      if (!(p1 = skip_questions(header, qlen)))
-		return;
+		return 0;
 	      
-	      for (j = 0; j<ntohs(header->ancount); j++) 
+	      for (j = ntohs(header->ancount); j != 0; j--) 
 		{
 		  if (!(res = extract_name(header, qlen, &p1, name, 0)))
-		    return; /* bad packet */
+		    return 0; /* bad packet */
 		  
 		  GETSHORT(aqtype, p1); 
 		  GETSHORT(aqclass, p1);
@@ -716,7 +751,7 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
 		      if (aqtype == T_CNAME)
 			{
 			  if (!cname_count--)
-			    return; /* looped CNAMES */
+			    return 0; /* looped CNAMES */
 			  newc = cache_insert(name, NULL, now, attl, F_CNAME | F_FORWARD);
 			  if (newc && cpp)
 			    {
@@ -729,15 +764,22 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
 			    cttl = attl;
 			  
 			  if (!extract_name(header, qlen, &p1, name, 1))
-			    return;
+			    return 0;
 			  goto cname_loop1;
 			}
 		      else
 			{
 			  found = 1;
-			  if (aqtype == T_A)
-			    dns_doctor(header, daemon->doctors, (struct in_addr *)p1);
-			  newc = cache_insert(name, (struct all_addr *)p1, now, attl, flags | F_FORWARD);
+			  /* copy address into aligned storage */
+			  memcpy(&addr, p1, addrlen);
+			  
+			  /* check for returned address in private space */
+			  if ((daemon->options & OPT_NO_REBIND) &&
+			      (flags & F_IPV4) &&
+			      private_net(addr.addr.addr4))
+			    return 1;
+			  
+			  newc = cache_insert(name, &addr, now, attl, flags | F_FORWARD);
 			  if (newc && cpp)
 			    {
 			      cpp->addr.cname.cache = newc;
@@ -749,7 +791,7 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
 		  
 		  p1 = endrr;
 		  if ((size_t)(p1 - (unsigned char *)header) > qlen)
-		    return; /* bad packet */
+		    return 0; /* bad packet */
 		}
 	    }
 	  
@@ -758,13 +800,13 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
 	      if (!searched_soa)
 		{
 		  searched_soa = 1;
-		  ttl = find_soa(header, NULL, qlen);
+		  ttl = find_soa(header, qlen);
 		}
 	      /* If there's no SOA to get the TTL from, but there is a CNAME 
-		 pointing at this, inherit it's TTL */
+		 pointing at this, inherit its TTL */
 	      if (ttl || cpp)
 		{
-		  newc = cache_insert(name, (struct all_addr *)p, now, ttl ? ttl : cttl, F_FORWARD | F_NEG | flags);	
+		  newc = cache_insert(name, NULL, now, ttl ? ttl : cttl, F_FORWARD | F_NEG | flags);	
 		  if (newc && cpp)
 		    {
 		      cpp->addr.cname.cache = newc;
@@ -775,7 +817,11 @@ void extract_addresses(HEADER *header, size_t qlen, char *name, time_t now, stru
 	}
     }
   
-  cache_end_insert();
+  /* Don't put stuff from a truncated packet into the cache, but do everything else */
+  if (!header->tc)
+    cache_end_insert();
+
+  return 0;
 }
 
 /* If the packet holds exactly one query
@@ -832,7 +878,7 @@ size_t setup_reply(HEADER *header, size_t qlen,
   header->ancount = htons(0); /* no answers unless changed below */
   if (flags == F_NEG)
     header->rcode = SERVFAIL; /* couldn't get memory */
-  else if (flags == F_NOERR || flags == F_QUERY)
+  else if (flags == F_NOERR)
     header->rcode = NOERROR; /* empty domain */
   else if (flags == F_NXDOMAIN)
     header->rcode = NXDOMAIN;
@@ -859,12 +905,14 @@ size_t setup_reply(HEADER *header, size_t qlen,
 }
 
 /* check if name matches local names ie from /etc/hosts or DHCP or local mx names. */
-int check_for_local_domain(char *name, time_t now, struct daemon *daemon)
+int check_for_local_domain(char *name, time_t now)
 {
   struct crec *crecp;
   struct mx_srv_record *mx;
   struct txt_record *txt;
-    
+  struct interface_name *intr;
+  struct ptr_record *ptr;
+  
   if ((crecp = cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6)) &&
       (crecp->flags & (F_HOSTS | F_DHCP)))
     return 1;
@@ -876,7 +924,15 @@ int check_for_local_domain(char *name, time_t now, struct daemon *daemon)
   for (txt = daemon->txt; txt; txt = txt->next)
     if (hostname_isequal(name, txt->name))
       return 1;
-  
+
+  for (intr = daemon->int_names; intr; intr = intr->next)
+    if (hostname_isequal(name, intr->name))
+      return 1;
+
+  for (ptr = daemon->ptr; ptr; ptr = ptr->next)
+    if (hostname_isequal(name, ptr->name))
+      return 1;
+ 
   return 0;
 }
 
@@ -895,7 +951,7 @@ int check_for_bogus_wildcard(HEADER *header, size_t qlen, char *name,
   if (!(p = skip_questions(header, qlen)))
     return 0; /* bad packet */
 
-  for (i=0; i<ntohs(header->ancount); i++)
+  for (i = ntohs(header->ancount); i != 0; i--)
     {
       if (!extract_name(header, qlen, &p, name, 1))
 	return 0; /* bad packet */
@@ -988,6 +1044,16 @@ static int add_resource_record(HEADER *header, char *limit, int *truncp, unsigne
 	memcpy(p, sval, usval);
 	p += usval;
 	break;
+
+      case 'z':
+	sval = va_arg(ap, char *);
+	usval = sval ? strlen(sval) : 0;
+	if (usval > 255)
+	  usval = 255;
+	*p++ = (unsigned char)usval;
+	memcpy(p, sval, usval);
+	p += usval;
+	break;
       }
 
   va_end(ap);	/* clean up variable argument pointer */
@@ -1008,7 +1074,7 @@ static int add_resource_record(HEADER *header, char *limit, int *truncp, unsigne
 }
 
 /* return zero if we can't answer from cache, or packet size if we can */
-size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *daemon, 
+size_t answer_request(HEADER *header, char *limit, size_t qlen,  
 		      struct in_addr local_addr, struct in_addr local_netmask, time_t now) 
 {
   char *name = daemon->namebuff;
@@ -1017,7 +1083,6 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
   struct all_addr addr;
   unsigned int nameoffset;
   unsigned short flag;
-  int qdcount = ntohs(header->qdcount); 
   int q, ans, anscount = 0, addncount = 0;
   int dryrun = 0, sec_reqd = 0;
   int is_sign;
@@ -1052,7 +1117,7 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
       dryrun = 1;
     }
 
-  if (!qdcount || header->opcode != QUERY )
+  if (ntohs(header->qdcount) == 0 || header->opcode != QUERY )
     return 0;
   
   for (rec = daemon->mxnames; rec; rec = rec->next)
@@ -1066,7 +1131,7 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
   /* now process each question, answers go in RRs after the question */
   p = (unsigned char *)(header+1);
 
-  for (q=0; q<qdcount; q++)
+  for (q = ntohs(header->qdcount); q != 0; q--)
     {
       /* save pointer to name for copying into answers */
       nameoffset = p - (unsigned char *)header;
@@ -1090,7 +1155,7 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 		  ans = 1;
 		  if (!dryrun)
 		    {
-		      log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, 0, NULL, 0);
+		      log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, "<TXT>");
 		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 					      daemon->local_ttl, NULL,
 					      T_TXT, t->class, "t", t->len, t->txt))
@@ -1108,21 +1173,32 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 	      /* see if it's w.z.y.z.in-addr.arpa format */
 	      int is_arpa = in_arpa_name_2_addr(name, &addr);
 	      struct ptr_record *ptr;
+	      struct interface_name* intr = NULL;
 
 	      for (ptr = daemon->ptr; ptr; ptr = ptr->next)
 		if (hostname_isequal(name, ptr->name))
 		  break;
 
-	      if (!ptr &&
-		  !(crecp = cache_find_by_addr(NULL, &addr, now, is_arpa)))
-		{ 
-		  if (is_arpa == F_IPV4 && (daemon->options & OPT_BOGUSPRIV) && private_net(&addr))
+	      if (is_arpa == F_IPV4)
+		for (intr = daemon->int_names; intr; intr = intr->next)
+		  {
+		    if (addr.addr.addr4.s_addr == get_ifaddr(intr->intr).s_addr)
+		      break;
+		    else
+		      while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
+			intr = intr->next;
+		  }
+	      
+	      if (intr)
+		{
+		  ans = 1;
+		  if (!dryrun)
 		    {
-		      /* if not in cache, enabled and private IPV4 address, return NXDOMAIN */
-		      ans = 1;
-		      nxdomain = 1;
-		      if (!dryrun)
-			log_query(F_CONFIG | F_REVERSE | F_IPV4 | F_NEG | F_NXDOMAIN, name, &addr, 0, NULL, 0);
+		      log_query(F_IPV4 | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
+		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
+					      daemon->local_ttl, NULL,
+					      T_PTR, C_IN, "d", intr->name))
+			anscount++;
 		    }
 		}
 	      else if (ptr)
@@ -1130,61 +1206,73 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 		  ans = 1;
 		  if (!dryrun)
 		    {
-		      log_query(F_CNAME | F_FORWARD | F_CONFIG | F_BIGNAME, name, NULL, 0, NULL, 0);
+		      log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, "<PTR>");
 		      for (ptr = daemon->ptr; ptr; ptr = ptr->next)
-			if (hostname_isequal(name, ptr->name))
-			  {
-			    if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL,
-						    T_PTR, C_IN, "d", ptr->ptr))
-			      anscount++;
-			  }
+			if (hostname_isequal(name, ptr->name) &&
+			    add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
+						daemon->local_ttl, NULL,
+						T_PTR, C_IN, "d", ptr->ptr))
+			  anscount++;
+			 
 		    }
 		}
-	      else do 
-		{ 
-		  /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */
-		  if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP)))
-		    continue;
-		  
-		  if (crecp->flags & F_NEG)
-		    {
-		      ans = 1;
-		      auth = 0;
-		      if (crecp->flags & F_NXDOMAIN)
-			nxdomain = 1;
-		      if (!dryrun)
-			log_query(crecp->flags & ~F_FORWARD, name, &addr, 0, NULL, 0);
-		    }
-		  else if ((crecp->flags & (F_HOSTS | F_DHCP)) || !sec_reqd)
-		    {
-		      ans = 1;
-		      if (!(crecp->flags & (F_HOSTS | F_DHCP)))
+	      else if ((crecp = cache_find_by_addr(NULL, &addr, now, is_arpa)))
+		do 
+		  { 
+		    /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */
+		    if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP)))
+		      continue;
+		    
+		    if (crecp->flags & F_NEG)
+		      {
+			ans = 1;
 			auth = 0;
-		      if (!dryrun)
-			{
-			  unsigned long ttl;
-			  /* Return 0 ttl for DHCP entries, which might change
-			     before the lease expires. */
-			  if  (crecp->flags & (F_IMMORTAL | F_DHCP))
-			    ttl = daemon->local_ttl;
-			  else
-			    ttl = crecp->ttd - now;
-			  
-			  log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr,
-				    0, daemon->addn_hosts, crecp->uid);
-
-			  if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, ttl, NULL,
-						  T_PTR, C_IN, "d", cache_get_name(crecp)))
-			    anscount++;
-			}
-		    }
-		} while ((crecp = cache_find_by_addr(crecp, &addr, now, is_arpa)));
+			if (crecp->flags & F_NXDOMAIN)
+			  nxdomain = 1;
+			if (!dryrun)
+			  log_query(crecp->flags & ~F_FORWARD, name, &addr, NULL);
+		      }
+		    else if ((crecp->flags & (F_HOSTS | F_DHCP)) || !sec_reqd)
+		      {
+			ans = 1;
+			if (!(crecp->flags & (F_HOSTS | F_DHCP)))
+			  auth = 0;
+			if (!dryrun)
+			  {
+			    unsigned long ttl;
+			    /* Return 0 ttl for DHCP entries, which might change
+			       before the lease expires. */
+			    if  (crecp->flags & (F_IMMORTAL | F_DHCP))
+			      ttl = daemon->local_ttl;
+			    else
+			      ttl = crecp->ttd - now;
+			    
+			    log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr, 
+				      record_source(daemon->addn_hosts, crecp->uid));
+			    
+			    if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, ttl, NULL,
+						    T_PTR, C_IN, "d", cache_get_name(crecp)))
+			      anscount++;
+			  }
+		      }
+		  } while ((crecp = cache_find_by_addr(crecp, &addr, now, is_arpa)));
+	      else if (is_arpa == F_IPV4 && 
+		       (daemon->options & OPT_BOGUSPRIV) && 
+		       private_net(addr.addr.addr4))
+		{
+		  /* if not in cache, enabled and private IPV4 address, return NXDOMAIN */
+		  ans = 1;
+		  nxdomain = 1;
+		  if (!dryrun)
+		    log_query(F_CONFIG | F_REVERSE | F_IPV4 | F_NEG | F_NXDOMAIN, 
+			      name, &addr, NULL);
+		}
 	    }
-
+	    
 	  for (flag = F_IPV4; flag; flag = (flag == F_IPV4) ? F_IPV6 : 0)
 	    {
 	      unsigned short type = T_A;
-
+	      
 	      if (flag == F_IPV6)
 #ifdef HAVE_IPV6
 		type = T_AAAA;
@@ -1195,13 +1283,13 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 	      if (qtype != type && qtype != T_ANY)
 		continue;
 	      
-	      /* Check for "A for A"  queries. */
+	      /* Check for "A for A"  queries */
 	      if (qtype == T_A && (addr.addr.addr4.s_addr = inet_addr(name)) != (in_addr_t) -1)
 		{
 		  ans = 1;
 		  if (!dryrun)
 		    {
-		      log_query(F_FORWARD | F_CONFIG | F_IPV4, name, &addr, 0, NULL, 0);
+		      log_query(F_FORWARD | F_CONFIG | F_IPV4, name, &addr, NULL);
 		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 					      daemon->local_ttl, NULL, type, C_IN, "4", &addr))
 			anscount++;
@@ -1209,6 +1297,34 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 		  continue;
 		}
 
+	      /* interface name stuff */
+	      if (qtype == T_A)
+		{
+		  struct interface_name *intr;
+
+		  for (intr = daemon->int_names; intr; intr = intr->next)
+		    if (hostname_isequal(name, intr->name))
+		      break;
+		  
+		  if (intr)
+		    {
+		      ans = 1;
+		      if (!dryrun)
+			{
+			  if ((addr.addr.addr4 = get_ifaddr(intr->intr)).s_addr == (in_addr_t) -1)
+			    log_query(F_FORWARD | F_CONFIG | F_IPV4 | F_NEG, name, NULL, NULL);
+			  else
+			    {
+			      log_query(F_FORWARD | F_CONFIG | F_IPV4, name, &addr, NULL);
+			      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
+						      daemon->local_ttl, NULL, type, C_IN, "4", &addr))
+				anscount++;
+			    }
+			}
+		      continue;
+		    }
+		}
+
 	    cname_restart:
 	      if ((crecp = cache_find_by_name(NULL, name, now, flag | F_CNAME)))
 		{
@@ -1241,7 +1357,7 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 			{
 			  if (!dryrun)
 			    {
-			      log_query(crecp->flags, name, NULL, 0, daemon->addn_hosts, crecp->uid);
+			      log_query(crecp->flags, name, NULL, record_source(daemon->addn_hosts, crecp->uid));
 			      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, crecp->ttd - now, &nameoffset,
 						      T_CNAME, C_IN, "d", cache_get_name(crecp->addr.cname.cache)))
 				anscount++;
@@ -1258,7 +1374,7 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 			  if (crecp->flags & F_NXDOMAIN)
 			    nxdomain = 1;
 			  if (!dryrun)
-			    log_query(crecp->flags, name, NULL, 0, NULL, 0);
+			    log_query(crecp->flags, name, NULL, NULL);
 			}
 		      else if ((crecp->flags & (F_HOSTS | F_DHCP)) || !sec_reqd)
 			{
@@ -1283,7 +1399,7 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 				ttl = crecp->ttd - now;
 			      
 			      log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr.addr,
-					0, daemon->addn_hosts, crecp->uid);
+					record_source(daemon->addn_hosts, crecp->uid));
 			      
 			      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, ttl, NULL, type, C_IN, 
 						      type == T_A ? "4" : "6", &crecp->addr))
@@ -1304,7 +1420,7 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 		  if (!dryrun)
 		    {
 		      unsigned int offset;
-		      log_query(F_CNAME | F_FORWARD | F_CONFIG | F_IPV4, name, NULL, 0, NULL, 0);
+		      log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, "<MX>");
 		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
 					      &offset, T_MX, C_IN, "sd", rec->weight, rec->target))
 			{
@@ -1321,7 +1437,7 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 		  ans = 1;
 		  if (!dryrun)
 		    {
-		      log_query(F_CNAME | F_FORWARD | F_CONFIG | F_IPV4, name, NULL, 0, NULL, 0);
+		      log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, "<MX>");
 		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL, 
 					      T_MX, C_IN, "sd", 1, 
 					      (daemon->options & OPT_SELFMX) ? name : daemon->mxtarget))
@@ -1341,7 +1457,7 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 		    if (!dryrun)
 		      {
 			unsigned int offset;
-			log_query(F_CNAME | F_FORWARD | F_CONFIG | F_IPV6, name, NULL, 0, NULL, 0);
+			log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, "<SRV>");
 			if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, 
 						&offset, T_SRV, C_IN, "sssd", 
 						rec->priority, rec->weight, rec->srvport, rec->target))
@@ -1357,9 +1473,27 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 		{
 		  ans = 1;
 		  if (!dryrun)
-		    log_query(F_CONFIG | F_NEG, name, NULL, 0, NULL, 0);
+		    log_query(F_CONFIG | F_NEG, name, NULL, NULL);
 		}
 	    }
+
+	  if (qtype == T_NAPTR || qtype == T_ANY)
+	    {
+	      struct naptr *na;
+	      for (na = daemon->naptr; na; na = na->next)
+		if (hostname_isequal(name, na->name))
+		  {
+		    ans = 1;
+		    if (!dryrun)
+		      {
+			log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, "<NAPTR>");
+			if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, 
+						NULL, T_NAPTR, C_IN, "sszzzd", 
+						na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
+			  anscount++;
+		      }
+		  }
+	    }
 	  
 	  if (qtype == T_MAILB)
 	    ans = 1, nxdomain = 1;
@@ -1368,7 +1502,7 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 	    {
 	      ans = 1; 
 	      if (!dryrun)
-		log_query(F_CONFIG | F_NEG, name, &addr, 0, NULL, 0);
+		log_query(F_CONFIG | F_NEG, name, &addr, NULL);
 	    }
 	}
 

src/tftp.c

@@ -1,20 +1,24 @@
-/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
 
 #ifdef HAVE_TFTP
 
-static struct tftp_file *check_tftp_fileperm(struct daemon *daemon, ssize_t *len);
+static struct tftp_file *check_tftp_fileperm(ssize_t *len);
 static void free_transfer(struct tftp_transfer *transfer);
 static ssize_t tftp_err(int err, char *packet, char *mess, char *file);
 static ssize_t tftp_err_oops(char *packet, char *file);
@@ -34,7 +38,7 @@ static char *next(char **p, char *end);
 #define ERR_FULL   3
 #define ERR_ILL    4
 
-void tftp_request(struct listener *listen, struct daemon *daemon, time_t now)
+void tftp_request(struct listener *listen, time_t now)
 {
   ssize_t len;
   char *packet = daemon->packet;
@@ -46,12 +50,18 @@ void tftp_request(struct listener *listen, struct daemon *daemon, time_t now)
   struct ifreq ifr;
   int is_err = 1, if_index = 0;
   struct iname *tmp;
-  struct tftp_transfer *transfer, *t;
-
+  struct tftp_transfer *transfer;
+  int port = daemon->start_tftp_port; /* may be zero to use ephemeral port */
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+  int mtu = IP_PMTUDISC_DONT;
+#endif
+  
   union {
     struct cmsghdr align; /* this ensures alignment */
-#ifdef HAVE_LINUX_NETWORK
+#if defined(HAVE_LINUX_NETWORK)
     char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
+#elif defined(HAVE_SOLARIS_NETWORK)
+    char control[CMSG_SPACE(sizeof(unsigned int))];
 #else
     char control[CMSG_SPACE(sizeof(struct sockaddr_dl))];
 #endif
@@ -96,7 +106,11 @@ void tftp_request(struct listener *listen, struct daemon *daemon, time_t now)
 	if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVDSTADDR)
 	  addr.sin_addr = *((struct in_addr *)CMSG_DATA(cmptr));
 	else if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
-	  if_index = ((struct sockaddr_dl *)CMSG_DATA(cmptr))->sdl_index;
+#ifdef HAVE_SOLARIS_NETWORK
+	  if_index = *((unsigned int *)CMSG_DATA(cmptr));
+#else
+          if_index = ((struct sockaddr_dl *)CMSG_DATA(cmptr))->sdl_index;
+#endif
       
       if (if_index == 0 || !if_indextoname(if_index, ifr.ifr_name))
 	return;
@@ -106,7 +120,8 @@ void tftp_request(struct listener *listen, struct daemon *daemon, time_t now)
       if (addr.sin_addr.s_addr == 0)
 	return;
       
-      if (!iface_check(daemon, AF_INET, (struct all_addr *)&addr, &ifr, &if_index))
+      if (!iface_check(AF_INET, (struct all_addr *)&addr.sin_addr, 
+		       &ifr, &if_index))
 	return;
       
       /* allowed interfaces are the same as for DHCP */
@@ -116,14 +131,13 @@ void tftp_request(struct listener *listen, struct daemon *daemon, time_t now)
       
     }
   
-  /* tell kernel to use ephemeral port */
-  addr.sin_port = 0;
+  addr.sin_port = htons(port);
   addr.sin_family = AF_INET;
 #ifdef HAVE_SOCKADDR_SA_LEN
   addr.sin_len = sizeof(addr);
 #endif
   
-  if (!(transfer = malloc(sizeof(struct tftp_transfer))))
+  if (!(transfer = whine_malloc(sizeof(struct tftp_transfer))))
     return;
   
   if ((transfer->sockfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
@@ -133,34 +147,57 @@ void tftp_request(struct listener *listen, struct daemon *daemon, time_t now)
     }
   
   transfer->peer = peer;
-  transfer->timeout = now + 1;
+  transfer->timeout = now + 2;
   transfer->backoff = 1;
   transfer->block = 1;
   transfer->blocksize = 512;
+  transfer->offset = 0;
   transfer->file = NULL;
   transfer->opt_blocksize = transfer->opt_transize = 0;
+  transfer->netascii = transfer->carrylf = 0;
 
-  if (bind(transfer->sockfd, (struct sockaddr *)&addr, sizeof(addr)) == -1 ||
-      !fix_fd(transfer->sockfd))
+  /* if we have a nailed-down range, iterate until we find a free one. */
+  while (1)
     {
-      free_transfer(transfer);
-      return;
+      if (bind(transfer->sockfd, (struct sockaddr *)&addr, sizeof(addr)) == -1 ||
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+	  setsockopt(transfer->sockfd, SOL_IP, IP_MTU_DISCOVER, &mtu, sizeof(mtu)) == -1 ||
+#endif
+	  !fix_fd(transfer->sockfd))
+	{
+	  if (errno == EADDRINUSE && daemon->start_tftp_port != 0)
+	    {
+	      if (++port <= daemon->end_tftp_port)
+		{ 
+		  addr.sin_port = htons(port);
+		  continue;
+		}
+	      my_syslog(LOG_ERR, _("unable to get free port for TFTP"));
+	    }
+	  free_transfer(transfer);
+	  return;
+	}
+      break;
     }
-
+  
   p = packet + 2;
   end = packet + len;
 
   if (ntohs(*((unsigned short *)packet)) != OP_RRQ ||
       !(filename = next(&p, end)) ||
       !(mode = next(&p, end)) ||
-      strcasecmp(mode, "octet") != 0)
+      (strcasecmp(mode, "octet") != 0 && strcasecmp(mode, "netascii") != 0))
     len = tftp_err(ERR_ILL, packet, _("unsupported request from %s"), inet_ntoa(peer.sin_addr));
   else
     {
+      if (strcasecmp(mode, "netascii") == 0)
+	transfer->netascii = 1;
+      
       while ((opt = next(&p, end)))
 	{
 	  if (strcasecmp(opt, "blksize") == 0 &&
-	      (opt = next(&p, end)))
+	      (opt = next(&p, end)) &&
+	      !(daemon->options & OPT_TFTP_NOBLOCK))
 	    {
 	      transfer->blocksize = atoi(opt);
 	      if (transfer->blocksize < 1)
@@ -171,46 +208,51 @@ void tftp_request(struct listener *listen, struct daemon *daemon, time_t now)
 	      transfer->block = 0;
 	    }
 	  
-	  if (strcasecmp(opt, "tsize") == 0 && next(&p, end))
+	  if (strcasecmp(opt, "tsize") == 0 && next(&p, end) && !transfer->netascii)
 	    {
 	      transfer->opt_transize = 1;
 	      transfer->block = 0;
 	    }
 	}
 
+      strcpy(daemon->namebuff, "/");
       if (daemon->tftp_prefix)
 	{
-	  strncpy(daemon->namebuff, daemon->tftp_prefix, MAXDNAME);
-	  if (daemon->tftp_prefix[strlen(daemon->tftp_prefix)-1] != '/' &&
-	      filename[0] != '/')
+	  if (daemon->tftp_prefix[0] == '/')
+	    daemon->namebuff[0] = 0;
+	  strncat(daemon->namebuff, daemon->tftp_prefix, MAXDNAME);
+	  if (daemon->tftp_prefix[strlen(daemon->tftp_prefix)-1] != '/')
 	    strncat(daemon->namebuff, "/", MAXDNAME);
+
+	  if (daemon->options & OPT_TFTP_APREF)
+	    {
+	      size_t oldlen = strlen(daemon->namebuff);
+	      struct stat statbuf;
+	      
+	      strncat(daemon->namebuff, inet_ntoa(peer.sin_addr), MAXDNAME);
+	      strncat(daemon->namebuff, "/", MAXDNAME);
+	      
+	      /* remove unique-directory if it doesn't exist */
+	      if (stat(daemon->namebuff, &statbuf) == -1 || !S_ISDIR(statbuf.st_mode))
+		daemon->namebuff[oldlen] = 0;
+	    }
+		
+	  /* Absolute pathnames OK if they match prefix */
+	  if (filename[0] == '/')
+	    {
+	      if (strstr(filename, daemon->namebuff) == filename)
+		daemon->namebuff[0] = 0;
+	      else
+		filename++;
+	    }
 	}
-      else if (filename[0] != '/')
-	strncpy(daemon->namebuff, "/", MAXDNAME);
-      else
+      else if (filename[0] == '/')
 	daemon->namebuff[0] = 0;
-	
       strncat(daemon->namebuff, filename, MAXDNAME);
       daemon->namebuff[MAXDNAME-1] = 0;
 
-      /* If we're doing many tranfers from the same file, only 
-	 open it once this saves lots of file descriptors 
-	 when mass-booting a big cluster, for instance. */
-      for (t = daemon->tftp_trans; t; t = t->next)
-	if (strcmp(t->file->filename, daemon->namebuff) == 0)
-	  break;
-
-      if (t)
-	{
-	  /* file already open */
-	  transfer->file = t->file;
-	  transfer->file->refcount++;
-	}
-      else 
-	/* check permissions and open file */
-	transfer->file = check_tftp_fileperm(daemon, &len);
-      
-      if (transfer->file)
+      /* check permissions and open file */
+      if ((transfer->file = check_tftp_fileperm(&len)))
 	{
 	  if ((len = get_block(packet, transfer)) == -1)
 	    len = tftp_err_oops(packet, daemon->namebuff);
@@ -226,86 +268,96 @@ void tftp_request(struct listener *listen, struct daemon *daemon, time_t now)
     free_transfer(transfer);
   else
     {
-      syslog(LOG_INFO, _("TFTP sent %s to %s"), daemon->namebuff, inet_ntoa(peer.sin_addr));
+      my_syslog(LOG_INFO, _("TFTP sent %s to %s"), daemon->namebuff, inet_ntoa(peer.sin_addr));
       transfer->next = daemon->tftp_trans;
       daemon->tftp_trans = transfer;
     }
 }
  
-static struct tftp_file *check_tftp_fileperm(struct daemon *daemon, ssize_t *len)
+static struct tftp_file *check_tftp_fileperm(ssize_t *len)
 {
   char *packet = daemon->packet, *namebuff = daemon->namebuff;
   struct tftp_file *file;
+  struct tftp_transfer *t;
   uid_t uid = geteuid();
   struct stat statbuf;
+  int fd = -1;
 
   /* trick to ban moving out of the subtree */
   if (daemon->tftp_prefix && strstr(namebuff, "/../"))
+    goto perm;
+  
+  if ((fd = open(namebuff, O_RDONLY)) == -1)
     {
-      errno = EACCES;
-      goto perm;
-    }
-
-  if (stat(namebuff, &statbuf) == -1)
-    {
-      if (errno == ENOENT || errno == ENOTDIR)
-	goto nofile;
+      if (errno == ENOENT)
+	{
+	  *len = tftp_err(ERR_FNF, packet, _("file %s not found"), namebuff);
+	  return NULL;
+	}
       else if (errno == EACCES)
 	goto perm;
       else
 	goto oops;
     }
-
+  
+  /* stat the file descriptor to avoid stat->open races */
+  if (fstat(fd, &statbuf) == -1)
+    goto oops;
+  
   /* running as root, must be world-readable */
   if (uid == 0)
     {
       if (!(statbuf.st_mode & S_IROTH))
-	{
-	  errno = EACCES;
-	  goto perm;
-	}
+	goto perm;
     }
   /* in secure mode, must be owned by user running dnsmasq */
   else if ((daemon->options & OPT_TFTP_SECURE) && uid != statbuf.st_uid)
-    {
-      errno = EACCES;
-      goto perm;
-    }
-
-  if (!(file = malloc(sizeof(struct tftp_file) + strlen(namebuff) + 1)))
+    goto perm;
+      
+  /* If we're doing many tranfers from the same file, only 
+     open it once this saves lots of file descriptors 
+     when mass-booting a big cluster, for instance. 
+     Be conservative and only share when inode and name match
+     this keeps error messages sane. */
+  for (t = daemon->tftp_trans; t; t = t->next)
+    if (t->file->dev == statbuf.st_dev && 
+	t->file->inode == statbuf.st_ino &&
+	strcmp(t->file->filename, namebuff) == 0)
+      {
+	close(fd);
+	t->file->refcount++;
+	return t->file;
+      }
+  
+  if (!(file = whine_malloc(sizeof(struct tftp_file) + strlen(namebuff) + 1)))
     {
       errno = ENOMEM;
       goto oops;
     }
 
-  if ((file->fd = open(namebuff, O_RDONLY)) == -1)
-    {
-      free(file);
-      if (errno == EACCES || errno == EISDIR)
-	goto perm;
-      else
-	goto oops;
-    }
-
+  file->fd = fd;
   file->size = statbuf.st_size;
+  file->dev = statbuf.st_dev;
+  file->inode = statbuf.st_ino;
   file->refcount = 1;
   strcpy(file->filename, namebuff);
   return file;
-
-nofile:
-  *len = tftp_err(ERR_FNF, packet, _("file %s not found"), namebuff);
-  return NULL;
-
+  
  perm:
+  errno = EACCES;
   *len =  tftp_err(ERR_PERM, packet, _("cannot access %s: %s"), namebuff);
+  if (fd != -1)
+    close(fd);
   return NULL;
 
-oops:
+ oops:
   *len =  tftp_err_oops(packet, namebuff);
+  if (fd != -1)
+    close(fd);
   return NULL;
 }
 
-void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now)
+void check_tftp_listeners(fd_set *rset, time_t now)
 {
   struct tftp_transfer *transfer, *tmp, **up;
   ssize_t len;
@@ -331,7 +383,8 @@ void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now)
 		  /* Got ack, ensure we take the (re)transmit path */
 		  transfer->timeout = now;
 		  transfer->backoff = 0;
-		  transfer->block++;
+		  if (transfer->block++ != 0)
+		    transfer->offset += transfer->blocksize - transfer->expansion;
 		}
 	      else if (ntohs(mess->op) == OP_ERR)
 		{
@@ -345,13 +398,13 @@ void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now)
 		    {
 		      char *q, *r;
 		      for (q = r = err; *r; r++)
-			if (isprint(*r))
+			if (isprint((int)*r))
 			  *(q++) = *r;
 		      *q = 0;
 		    }
-		  syslog(LOG_ERR, _("TFTP error %d %s received from %s"),
-			 (int)ntohs(mess->block), err, 
-			 inet_ntoa(transfer->peer.sin_addr));	
+		  my_syslog(LOG_ERR, _("TFTP error %d %s received from %s"),
+			    (int)ntohs(mess->block), err, 
+			    inet_ntoa(transfer->peer.sin_addr));	
 		  
 		  /* Got err, ensure we take abort */
 		  transfer->timeout = now;
@@ -365,7 +418,7 @@ void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now)
 	  int endcon = 0;
 
 	  /* timeout, retransmit */
-	  transfer->timeout += 1<<(transfer->backoff);
+	  transfer->timeout += 1 + (1<<transfer->backoff);
 	  	  
 	  /* we overwrote the buffer... */
 	  daemon->srv_save = NULL;
@@ -380,8 +433,8 @@ void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now)
 	      /* don't complain about timeout when we're awaiting the last
 		 ACK, some clients never send it */
 	      if (len != 0)
-		syslog(LOG_ERR, _("TFTP failed sending %s to %s"), 
-		       transfer->file->filename, inet_ntoa(transfer->peer.sin_addr));
+		my_syslog(LOG_ERR, _("TFTP failed sending %s to %s"), 
+			  transfer->file->filename, inet_ntoa(transfer->peer.sin_addr));
 	      len = 0;
 	    }
 	  
@@ -440,7 +493,7 @@ static ssize_t tftp_err(int err, char *packet, char *message, char *file)
   mess->err = htons(err);
   ret += (snprintf(mess->message, 500,  message, file, errstr) + 1);
   if (err != ERR_FNF)
-    syslog(LOG_ERR, "TFTP %s", mess->message);
+    my_syslog(LOG_ERR, "TFTP %s", mess->message);
   
   return  ret;
 }
@@ -485,24 +538,52 @@ static ssize_t get_block(char *packet, struct tftp_transfer *transfer)
 	unsigned char data[];
       } *mess = (struct datamess *)packet;
       
-      off_t offset = transfer->blocksize * (transfer->block - 1);
-      size_t size = transfer->file->size - offset; 
+      size_t size = transfer->file->size - transfer->offset; 
       
-      if (offset > transfer->file->size)
+      if (transfer->offset > transfer->file->size)
 	return 0; /* finished */
       
       if (size > transfer->blocksize)
 	size = transfer->blocksize;
       
-      lseek(transfer->file->fd, offset, SEEK_SET);
-      
       mess->op = htons(OP_DATA);
       mess->block = htons((unsigned short)(transfer->block));
       
-      if (!read_write(transfer->file->fd, mess->data, size, 1))
+      if (lseek(transfer->file->fd, transfer->offset, SEEK_SET) == (off_t)-1 ||
+	  !read_write(transfer->file->fd, mess->data, size, 1))
 	return -1;
-      else
-	return size + 4;
+      
+      transfer->expansion = 0;
+      
+      /* Map '\n' to CR-LF in netascii mode */
+      if (transfer->netascii)
+	{
+	  size_t i;
+	  int newcarrylf;
+
+	  for (i = 0, newcarrylf = 0; i < size; i++)
+	    if (mess->data[i] == '\n' && ( i != 0 || !transfer->carrylf))
+	      {
+		if (size == transfer->blocksize)
+		  {
+		    transfer->expansion++;
+		    if (i == size - 1)
+		      newcarrylf = 1; /* don't expand LF again if it moves to the next block */
+		  }
+		else
+		  size++; /* room in this block */
+	      
+		/* make space and insert CR */
+		memmove(&mess->data[i+1], &mess->data[i], size - (i + 1));
+		mess->data[i] = '\r';
+		
+		i++;
+	      }
+	  transfer->carrylf = newcarrylf;
+	  
+	}
+
+      return size + 4;
     }
 }
 

src/util.c

@@ -1,94 +1,103 @@
-/* dnsmasq is Copyright (c) 2000 - 2005 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2007 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-
 /* Some code in this file contributed by Rob Funk. */
 
+/* The SURF random number generator was taken from djbdns-1.05, by 
+   Daniel J Berstein, which is public domain. */
+
+
 #include "dnsmasq.h"
 
 #ifdef HAVE_BROKEN_RTC
 #include <sys/times.h>
 #endif
 
-/* Prefer arc4random(3) over random(3) over rand(3) */
-/* Also prefer /dev/urandom over /dev/random, to preserve the entropy pool */
+
 #ifdef HAVE_ARC4RANDOM
-# define rand()		arc4random()
-# define srand(s)	(void)0
-# define RANDFILE	(NULL)
-#else
-# ifdef HAVE_RANDOM
-#  define rand()	random()
-#  define srand(s)	srandom(s)
-# endif
-# ifdef HAVE_DEV_URANDOM
-#  define RANDFILE	"/dev/urandom"
-# else
-#  ifdef HAVE_DEV_RANDOM
-#   define RANDFILE	"/dev/random"
-#  else
-#   define RANDFILE	(NULL)
-#  endif
-# endif
-#endif
+void rand_init(void)
+{
+  return;
+}
 
 unsigned short rand16(void)
 {
-  static int been_seeded = 0;
-  const char *randfile = RANDFILE;
-  
-  if (! been_seeded) 
-    {
-      int fd, n = 0;
-      unsigned int c = 0, seed = 0, badseed;
-      char sbuf[sizeof(seed)];
-      char *s;
-      struct timeval now;
-
-      /* get the bad seed as a backup */
-      /* (but we'd rather have something more random) */
-      gettimeofday(&now, NULL);
-      badseed = now.tv_sec ^ now.tv_usec ^ (getpid() << 16);
-      
-      fd = open(randfile, O_RDONLY);
-      if (fd < 0) 
-	seed = badseed;
-      else
-	{
-	  s = (char *) &seed;
-	  while ((c < sizeof(seed)) &&
-		 ((n = read(fd, sbuf, sizeof(seed)) > 0))) 
-	    {
-	      memcpy(s, sbuf, n);
-	      s += n;
-	      c += n;
-	    }
-	  if (n < 0)
-	    seed = badseed;
-	  close(fd);
-	}
-
-      srand(seed);
-      been_seeded = 1;
-    }
-  
-  /* Some rand() implementations have less randomness in low bits
-   * than in high bits, so we only pay attention to the high ones.
-   * But most implementations don't touch the high bit, so we 
-   * ignore that one.
-   */
-  return( (unsigned short) (rand() >> 15) );
+   return (unsigned short) (arc4random() >> 15);
 }
 
+#else
+
+/* SURF random number generator */
+
+typedef unsigned int uint32;
+
+static uint32 seed[32];
+static uint32 in[12];
+static uint32 out[8];
+
+void rand_init()
+{
+  int fd = open(RANDFILE, O_RDONLY);
+  
+  if (fd == -1 ||
+      !read_write(fd, (unsigned char *)&seed, sizeof(seed), 1) ||
+      !read_write(fd, (unsigned char *)&in, sizeof(in), 1))
+    die(_("failed to seed the random number generator: %s"), NULL, EC_MISC);
+  
+  close(fd);
+}
+
+#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b))))
+#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b));
+
+static void surf(void)
+{
+  uint32 t[12]; uint32 x; uint32 sum = 0;
+  int r; int i; int loop;
+
+  for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i];
+  for (i = 0;i < 8;++i) out[i] = seed[24 + i];
+  x = t[11];
+  for (loop = 0;loop < 2;++loop) {
+    for (r = 0;r < 16;++r) {
+      sum += 0x9e3779b9;
+      MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13)
+      MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13)
+      MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13)
+    }
+    for (i = 0;i < 8;++i) out[i] ^= t[i + 4];
+  }
+}
+
+unsigned short rand16(void)
+{
+  static int outleft = 0;
+
+  if (!outleft) {
+    if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3];
+    surf();
+    outleft = 8;
+  }
+
+  return (unsigned short) out[--outleft];
+}
+
+#endif
+
+
 int legal_char(char c)
 {
   /* check for legal char a-z A-Z 0-9 - 
@@ -109,6 +118,7 @@ int canonicalise(char *s)
      also fail empty string and label > 63 chars */
   size_t dotgap = 0, l = strlen(s);
   char c;
+  int nowhite = 0;
 
   if (l == 0 || l > MAXDNAME) return 0;
 
@@ -124,9 +134,11 @@ int canonicalise(char *s)
 	dotgap = 0;
       else if (!legal_char(c) || (++dotgap > MAXLABEL))
 	return 0;
+      else if (c != ' ')
+	nowhite = 1;
       s++;
     }
-  return 1;
+  return nowhite;
 }
 
 unsigned char *do_rfc1035_name(unsigned char *p, char *sval)
@@ -151,38 +163,27 @@ void *safe_malloc(size_t size)
   void *ret = malloc(size);
   
   if (!ret)
-    die(_("could not get memory"), NULL);
+    die(_("could not get memory"), NULL, EC_NOMEM);
      
   return ret;
 }    
 
-static void log_err(char *message, char *arg1)
+void safe_pipe(int *fd, int read_noblock)
 {
-  char *errmess = strerror(errno);
-  
-  if (!arg1)
-    arg1 = errmess;
-  
-  fprintf(stderr, "dnsmasq: ");
-  fprintf(stderr, message, arg1, errmess);
-  fprintf(stderr, "\n");
-  
-  syslog(LOG_CRIT, message, arg1, errmess);
+  if (pipe(fd) == -1 || 
+      !fix_fd(fd[1]) ||
+      (read_noblock && !fix_fd(fd[0])))
+    die(_("cannot create pipe: %s"), NULL, EC_MISC);
 }
 
-void complain(char *message, int lineno, char *file)
+void *whine_malloc(size_t size)
 {
-  char buff[256];
-  
-  sprintf(buff, _("%s at line %d of %%s"), message, lineno);
-  log_err(buff, file);
-}
+  void *ret = malloc(size);
 
-void die(char *message, char *arg1)
-{
-  log_err(message, arg1);
-  syslog(LOG_CRIT, _("FAILED to start up"));
-  exit(1);
+  if (!ret)
+    my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size);
+
+  return ret;
 }
 
 int sockaddr_isequal(union mysockaddr *s1, union mysockaddr *s2)
@@ -258,23 +259,6 @@ int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask)
   return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr);
 } 
 
-int retry_send(void)
-{
-   struct timespec waiter;
-   if (errno == EAGAIN)
-     {
-       waiter.tv_sec = 0;
-       waiter.tv_nsec = 10000;
-       nanosleep(&waiter, NULL);
-       return 1;
-     }
-   
-   if (errno == EINTR)
-     return 1;
-
-   return 0;
-}
-
 /* returns port number from address */
 int prettyprint_addr(union mysockaddr *addr, char *buf)
 {
@@ -377,10 +361,10 @@ int expand_buf(struct iovec *iov, size_t size)
 {
   void *new;
 
-  if (size <= iov->iov_len)
+  if (size <= (size_t)iov->iov_len)
     return 1;
 
-  if (!(new = malloc(size)))
+  if (!(new = whine_malloc(size)))
     {
       errno = ENOMEM;
       return 0;
@@ -398,9 +382,9 @@ int expand_buf(struct iovec *iov, size_t size)
   return 1;
 }
 
-char *print_mac(struct daemon *daemon, unsigned char *mac, int len)
+char *print_mac(char *buff, unsigned char *mac, int len)
 {
-  char *p = daemon->namebuff;
+  char *p = buff;
   int i;
    
   if (len == 0)
@@ -409,7 +393,7 @@ char *print_mac(struct daemon *daemon, unsigned char *mac, int len)
     for (i = 0; i < len; i++)
       p += sprintf(p, "%.2x%s", mac[i], (i == len - 1) ? "" : ":");
   
-  return daemon->namebuff;
+  return buff;
 }
 
 void bump_maxfd(int fd, int *max)
@@ -418,18 +402,21 @@ void bump_maxfd(int fd, int *max)
     *max = fd;
 }
 
-void log_start(struct daemon *daemon)
+int retry_send(void)
 {
-  if (daemon->options & OPT_DEBUG)   
-    {
-#ifdef LOG_PERROR
-      openlog("dnsmasq", LOG_PERROR, daemon->log_fac);
-#else
-      openlog("dnsmasq", 0, daemon->log_fac);
-#endif
-    }
-  else
-    openlog("dnsmasq", LOG_PID, daemon->log_fac);
+   struct timespec waiter;
+   if (errno == EAGAIN)
+     {
+       waiter.tv_sec = 0;
+       waiter.tv_nsec = 10000;
+       nanosleep(&waiter, NULL);
+       return 1;
+     }
+   
+   if (errno == EINTR)
+     return 1;
+
+   return 0;
 }
 
 int read_write(int fd, unsigned char *packet, int size, int rw)
@@ -448,7 +435,7 @@ int read_write(int fd, unsigned char *packet, int size, int rw)
         return 0;
       else if (n == -1)
         {
-          if (errno == EINTR || errno == ENOMEM || errno == ENOBUFS)
+          if (retry_send() || errno == ENOMEM || errno == ENOBUFS)
             goto retry;
           else
             return 0;
@@ -456,3 +443,4 @@ int read_write(int fd, unsigned char *packet, int size, int rw)
     }
   return 1;
 }
+