Small SLAAC optimisation.

->uid is now overloaded to store key length

Android.mk

@@ -0,0 +1,3 @@
+ifneq ($(TARGET_SIMULATOR),true)
+include $(call all-subdir-makefiles)
+endif

COPYING-v3

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.

FAQ

@@ -1,7 +1,7 @@
 Q: Why does dnsmasq open UDP ports >1024 as well as port 53.
    Is this a security problem/trojan/backdoor?
 
-A: The high ports that dnsmasq opens is for replies from the upstream
+A: The high ports that dnsmasq opens are for replies from the upstream
    nameserver(s). Queries from dnsmasq to upstream nameservers are sent
    from these ports and replies received to them. The reason for doing this is
    that most firewall setups block incoming packets _to_ port 53, in order
@@ -16,6 +16,14 @@ A: The high ports that dnsmasq opens is for replies from the upstream
    you to specify the UDP port to be used for this purpose.  If not
    specified, the operating system will select an available port number
    just as it did before.
+
+   Second addendum: following the discovery of a security flaw in the
+   DNS protocol, dnsmasq from version 2.43 has changed behavior. It
+   now uses a new, randomly selected, port for each query. The old
+   default behaviour (use one port allocated by the OS) is available by
+   setting --query-port=0, and setting the query port to a positive
+   value is still works. You should think hard and know what you are
+   doing before using either of these options.
  
 Q: Why doesn't dnsmasq support DNS queries over TCP? Don't the RFC's specify
    that?
@@ -39,10 +47,9 @@ A: They are negative entries: that's what the N flag means. Dnsmasq asked
 
 Q: Will dnsmasq compile/run on non-Linux systems?
 
-A: Yes, there is explicit support for *BSD and MacOS X. There are
-   start-up scripts for MacOS X Tiger and Panther in /contrib. Earlier
-   dnsmasq releases ran under Solaris, but that capability has
-   rotted. Dnsmasq will link with uclibc to provide small
+A: Yes, there is explicit support for *BSD and MacOS X and Solaris. 
+   There are start-up scripts for MacOS X Tiger and Panther 
+   in /contrib. Dnsmasq will link with uclibc to provide small
    binaries suitable for use in embedded systems such as
    routers. (There's special code to support machines with flash
    filesystems and no battery-backed RTC.)
@@ -50,7 +57,7 @@ A: Yes, there is explicit support for *BSD and MacOS X. There are
    ports and building dnsmasq with "make MAKE=gmake" 
    For other systems, try altering the settings in config.h.
  
-Q: My companies' nameserver knows about some names which aren't in the
+Q: My company's nameserver knows about some names which aren't in the
    public DNS. Even though I put it first in /etc/resolv.conf, it
    dosen't work: dnsmasq seems not to use the nameservers in the order
    given. What am I doing wrong?
@@ -227,7 +234,7 @@ A: What is happening is this: The boot process sends a DHCP
 Q: What network types are supported by the DHCP server?
   
 A: Ethernet (and 802.11 wireless) are supported on all platforms. On
-   Linux Token Ring is also supported.
+   Linux all network types (including FireWire) are supported.
 
 Q: What is this strange "bind-interface" option?
 
@@ -296,7 +303,7 @@ A: Yes, new releases of dnsmasq are always announced through
 
 Q: What does the dhcp-authoritative option do? 
 
-A: See http://www.isc.org/index.pl?/sw/dhcp/authoritative.php - that's
+A: See http://www.isc.org/files/auth.html - that's
    for the ISC daemon, but the same applies to dnsmasq.
 
 Q: Why does my Gentoo box pause for a minute before getting a new
@@ -325,6 +332,17 @@ A: By default, the identity of a machine is determined by using the
    method for setting the client-id varies with DHCP client software,
    dhcpcd uses the "-I" flag. Windows uses a registry setting,
    see http://www.jsiinc.com/SUBF/TIP2800/rh2845.htm
+Addendum:
+   From version 2.46, dnsmasq has a solution to this which doesn't
+   involve setting client-IDs. It's possible to put more than one MAC
+   address in a --dhcp-host configuration. This tells dnsmasq that it
+   should use the specified IP for any of the specified MAC addresses,
+   and furthermore it gives dnsmasq permission to sumarily abandon a
+   lease to one of the MAC addresses if another one comes along. Note
+   that this will work fine only as longer as only one interface is
+   up at any time. There is no way for dnsmasq to enforce this
+   constraint: if you configure multiple MAC addresses and violate 
+   this rule, bad things will happen.
 
 Q: Can dnsmasq do DHCP on IP-alias interfaces?
 
@@ -336,7 +354,7 @@ A: Yes, from version-2.21. The support is only available running under
    If a physical interface has more than one IP address or aliases
    with extra IP addresses, then any dhcp-ranges corresponding to
    these addresses can be used for address allocation. So if an
-   interface has addresses 192.168.1.0/24 and 192.68.2.0/24 and there
+   interface has addresses 192.168.1.0/24 and 192.168.2.0/24 and there
    are DHCP ranges 192.168.1.100-192.168.1.200 and
    192.168.2.100-192.168.2.200 then both ranges would be used for host
    connected to the physical interface. A more typical use might be to
@@ -363,7 +381,7 @@ A: Probably the nameserver is an authoritative nameserver for a
 Q: Does the dnsmasq DHCP server probe addresses before allocating
    them, as recommended in RFC2131?
 
-A: Yes, dynmaically allocated IP addresses are checked by sending an
+A: Yes, dynamically allocated IP addresses are checked by sending an
    ICMP echo request (ping). If a reply is received, then dnsmasq
    assumes that the address is in use, and attempts to allocate an
    different address. The wait for a reply is between two and three
@@ -380,17 +398,26 @@ A: This a variant on the iptables problem. Explicit details on how to
    http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2005q3/000431.html
  
 
-Q: Dnsmasq logs "running as root because setting capabilities failed"
-   when it starts up. Why did that happen and what can do to fix it?
+Q: I'm using dnsmasq on a machine with the shorewall firewall, and
+   DHCP doesn't work. What's the problem?
+
+A: This a variant on the iptables problem. Explicit details on how to
+   proceed can be found at 
+   http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2007q4/001764.html
+
+
+Q: Dnsmasq fails to start up with a message about capabilities.
+   Why did that happen and what can do to fix it?
 
 A: Change your kernel configuration: either deselect CONFIG_SECURITY
-   _or_ select CONFIG_SECURITY_CAPABILITIES.
+   _or_ select CONFIG_SECURITY_CAPABILITIES. Alternatively, you can 
+   remove the need to set capabilities by running dnsmasq as root.
 
 
-Q: Where can I get .rpms Suitable for Suse?
+Q: Where can I get .rpms Suitable for openSUSE/SLES?
 
-A: Dnsmasq is in Suse itself, and the latest releases are also
-   available at ftp://ftp.suse.com/pub/people/ug/
+A: Dnsmasq is in openSUSE itself, and the latest releases are also
+   available at http://download.opensuse.org/repositories/network/
 
 
 Q: Can I run dnsmasq in a Linux vserver?
@@ -409,11 +436,49 @@ A: Yes, as a DNS server, dnsmasq will just work in a vserver.
    refer to the vserver documentation for more information).
 
 
+Q: What's the problem with syslog and dnsmasq?
+
+A: In almost all cases: none. If you have the normal arrangement with
+   local daemons logging to a local syslog, which then writes to disk,
+   then there's never a problem. If you use network logging, then
+   there's a potential problem with deadlock: the syslog daemon will
+   do DNS lookups so that it can log the source of log messages,
+   these lookups will (depending on exact configuration) go through
+   dnsmasq, which also sends log messages. With bad timing, you can 
+   arrive at a situation where syslog is waiting for dnsmasq, and
+   dnsmasq is waiting for syslog; they will both wait forever. This
+   problem is fixed from dnsmasq-2.39, which introduces asynchronous
+   logging: dnsmasq no longer waits for syslog and the deadlock is
+   broken. There is a remaining problem in 2.39, where "log-queries"
+   is in use. In this case most DNS queries generate two log lines, if
+   these go to a syslog which is doing a DNS lookup for each log line,
+   then those queries will in turn generate two more log lines, and a 
+   chain reaction runaway will occur. To avoid this, use syslog-ng
+   and turn on syslog-ng's dns-cache function.
 
 
+Q: DHCP doesn't work with windows Vista, but everything else is fine.
 
+A: The DHCP client on windows Vista (and possibly later versions)
+   demands that the DHCP server send replies as broadcasts. Most other
+   clients don't do this. The broadcasts are send to
+   255.255.255.255. A badly configured firewall which blocks such
+   packets will show exactly these symptoms (Vista fails, others
+   work).
 
+  
+Q: DHCP doesn't work with windows 7 but everything else is fine.
 
+A: There seems to be a problem if Windows 7 doesn't get a value for
+   DHCP option 252 in DHCP packets it gets from the server. The
+   symtoms have beeen variously reported as continual DHCPINFORM
+   requests in an attempt to get an option-252, or even ignoring DHCP
+   offers completely (and failing to get an IP address) if there is no
+   option-252 supplied. DHCP option 252 is for WPAD, WWW Proxy 
+   Auto Detection and if you don't want or need to use that, then 
+   simplest fix seems to be to supply an empty option with:
+
+   dhcp-option=252,"\n"
 
 
 

Makefile

@@ -1,44 +1,134 @@
-PREFIX?=/usr/local
-BINDIR = ${PREFIX}/sbin
-MANDIR = ${PREFIX}/share/man
-LOCALEDIR = ${PREFIX}/share/locale
+# dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; version 2 dated June, 1991, or
+#  (at your option) version 3 dated 29 June, 2007.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#    
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# NOTE: Building the i18n targets requires GNU-make 
+
+
+# Variables you may well want to override.
+
+PREFIX        = /usr/local
+BINDIR        = $(PREFIX)/sbin
+MANDIR        = $(PREFIX)/share/man
+LOCALEDIR     = $(PREFIX)/share/locale
+BUILDDIR      = $(SRC)
+DESTDIR       = 
+CFLAGS        = -Wall -W -O2
+LDFLAGS       = 
+COPTS         = 
+RPM_OPT_FLAGS = 
+LIBS          = 
+
+#################################################################
+
+# Variables you might want to override.
+
+PKG_CONFIG = pkg-config
+INSTALL    = install
+MSGMERGE   = msgmerge
+MSGFMT     = msgfmt
+XGETTEXT   = xgettext
 
 SRC = src
-PO = po
+PO  = po
 MAN = man
 
-CFLAGS?= -O2
+#################################################################
 
-all :   dnsmasq
+# pmake way. (NB no spaces to keep gmake 3.82 happy)
+top!=pwd
+# GNU make way.
+top?=$(CURDIR)
 
-dnsmasq :
-	$(MAKE) I18N=-DNO_GETTEXT -f ../bld/Makefile -C $(SRC) dnsmasq 
+dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1` 
+dbus_libs =   `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` 
+idn_cflags =  `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn` 
+idn_libs =    `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn` 
+ct_cflags =   `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack`
+ct_libs =     `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack`
+lua_cflags =  `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.1` 
+lua_libs =    `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1` 
+sunos_libs =  `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
+version =     -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
+
+objs = cache.o rfc1035.o util.o option.o forward.o network.o \
+       dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+       helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
+       dhcp-common.o outpacket.o radv.o slaac.o
+
+hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
+       dns-protocol.h radv-protocol.h
+
+all : $(BUILDDIR)
+	@cd $(BUILDDIR) && $(MAKE) \
+ top="$(top)" \
+ build_cflags="$(version) $(dbus_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags)" \
+ build_libs="$(dbus_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs)" \
+ -f $(top)/Makefile dnsmasq 
 
 clean :
-	rm -f *~ $(SRC)/*.mo contrib/*/*~ */*~ $(SRC)/*.pot 
-	rm -f $(SRC)/*.o $(SRC)/dnsmasq.a $(SRC)/dnsmasq core */core
+	rm -f *~ $(BUILDDIR)/*.mo contrib/*/*~ */*~ $(BUILDDIR)/*.pot 
+	rm -f $(BUILDDIR)/*.o $(BUILDDIR)/dnsmasq.a $(BUILDDIR)/dnsmasq core */core
 
 install : all install-common
 
 install-common :
-	install -d $(DESTDIR)$(BINDIR) -d $(DESTDIR)$(MANDIR)/man8
-	install -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 
-	install -m 755 $(SRC)/dnsmasq $(DESTDIR)$(BINDIR)
+	$(INSTALL) -d $(DESTDIR)$(BINDIR) -d $(DESTDIR)$(MANDIR)/man8
+	$(INSTALL) -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 
+	$(INSTALL) -m 755 $(BUILDDIR)/dnsmasq $(DESTDIR)$(BINDIR)
 
-all-i18n :
-	$(MAKE) I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' -f ../bld/Makefile -C $(SRC) dnsmasq
-	cd $(PO); for f in *.po; do \
-		$(MAKE) -f ../bld/Makefile -C ../$(SRC) $${f%.po}.mo; \
+all-i18n : $(BUILDDIR)
+	@cd $(BUILDDIR) && $(MAKE) \
+ top="$(top)" \
+ i18n=-DLOCALEDIR=\'\"$(LOCALEDIR)\"\' \
+ build_cflags="$(version) $(dbus_cflags) $(ct_cflags) $(lua_cflags) `$(PKG_CONFIG) --cflags libidn`" \
+ build_libs="$(dbus_libs) $(ct_libs) $(lua_libs) $(sunos_libs) `$(PKG_CONFIG) --libs libidn`"  \
+ -f $(top)/Makefile dnsmasq
+	for f in `cd $(PO); echo *.po`; do \
+		cd $(top) && cd $(BUILDDIR) && $(MAKE) top="$(top)" -f $(top)/Makefile $${f%.po}.mo; \
 	done
 
 install-i18n : all-i18n install-common
-	cd $(SRC); ../bld/install-mo $(DESTDIR)$(LOCALEDIR)
-	cd $(MAN); ../bld/install-man $(DESTDIR)$(MANDIR)
+	cd $(BUILDDIR); $(top)/bld/install-mo $(DESTDIR)$(LOCALEDIR) $(INSTALL)
+	cd $(MAN); ../bld/install-man $(DESTDIR)$(MANDIR) $(INSTALL)
 
-merge :
-	$(MAKE) I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' -f ../bld/Makefile -C $(SRC) dnsmasq.pot
-	cd $(PO); for f in *.po; do \
-		msgmerge -U $$f ../$(SRC)/dnsmasq.pot; \
+merge : 
+	@cd $(BUILDDIR) && $(MAKE) -f $(top)/Makefile dnsmasq.pot
+	for f in `cd $(PO); echo *.po`; do \
+		echo -n msgmerge $(PO)/$$f && $(MSGMERGE) --no-wrap -U $(PO)/$$f $(BUILDDIR)/dnsmasq.pot; \
 	done
 
+$(BUILDDIR):
+	mkdir -p $(BUILDDIR)
 
+
+# rules below are targets in recusive makes with cwd=$(SRC)
+
+$(objs:.o=.c) $(hdrs):
+	ln -s $(top)/$(SRC)/$@ .
+
+.c.o:
+	$(CC) $(CFLAGS) $(COPTS) $(i18n) $(build_cflags) $(RPM_OPT_FLAGS) -c $<	
+
+dnsmasq : $(hdrs) $(objs) 
+	$(CC) $(LDFLAGS) -o $@ $(objs) $(build_libs) $(LIBS) 
+
+dnsmasq.pot : $(objs:.o=.c) $(hdrs)
+	$(XGETTEXT) -d dnsmasq --foreign-user --omit-header --keyword=_ -o $@ -i $(objs:.o=.c)
+
+%.mo : $(top)/$(PO)/%.po dnsmasq.pot
+	$(MSGMERGE) -o - $(top)/$(PO)/$*.po dnsmasq.pot | $(MSGFMT) -o $*.mo -
+
+
+.PHONY : all clean install install-common all-i18n install-i18n merge 

VERSION

@@ -0,0 +1 @@
+$Format:%d$

bld/Android.mk

@@ -0,0 +1,20 @@
+LOCAL_PATH := external/dnsmasq/src
+
+#########################
+
+include $(CLEAR_VARS)
+LOCAL_SRC_FILES :=  bpf.c cache.c dbus.c dhcp.c dnsmasq.c \
+                    forward.c helper.c lease.c log.c \
+                    netlink.c network.c option.c rfc1035.c \
+		    rfc2131.c tftp.c util.c conntrack.c \
+		    dhcp6.c rfc3315.c dhcp-common.c outpacket.c \
+		    radv.c slaac.c
+
+LOCAL_MODULE := dnsmasq
+
+LOCAL_C_INCLUDES := external/dnsmasq/src
+
+LOCAL_CFLAGS := -O2 -g -W -Wall -D__ANDROID__ -DNO_IPV6 -DNO_TFTP -DNO_SCRIPT
+LOCAL_SYSTEM_SHARED_LIBRARIES := libc libcutils
+
+include $(BUILD_EXECUTABLE)

bld/Makefile

@@ -1,18 +0,0 @@
-CFLAGS ?= -O2
-PKG_CONFIG ?= pkg-config
-
-
-OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o network.o \
-       dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o helper.o tftp.o
-
-.c.o:
-	$(CC) $(CFLAGS) $(COPTS) $(I18N) `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --cflags dbus-1` $(RPM_OPT_FLAGS) -Wall -W -c $<
-
-dnsmasq : $(OBJS)
-	$(CC) $(LDFLAGS) -o $@  $(OBJS) `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --libs dbus-1` $(LIBS) 
- 
-dnsmasq.pot : $(OBJS:.o=.c) dnsmasq.h config.h
-	xgettext -d dnsmasq --foreign-user --keyword=_ -o dnsmasq.pot -i $(OBJS:.o=.c)
-
-%.mo : ../po/%.po dnsmasq.pot
-	msgmerge -o - ../po/$*.po dnsmasq.pot | msgfmt -o $*.mo -

bld/get-version

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# Determine the version string to build into a binary.
+# When building in the git repository, we can use the output 
+# of "git describe" which gives an unequivocal answer.
+#
+# Failing that, we use the contents of the VERSION file
+# which has a set of references substituted into it by git.
+# If we can find one which matches $v[0-9].* then we assume it's
+# a version-number tag, else we just use the whole string.
+
+if which git >/dev/null 2>&1 && [ -d $1/.git ]; then
+     cd $1; git describe
+elif grep '\$Format:%d\$' $1/VERSION >/dev/null 2>&1; then
+# unsubstituted VERSION, but no git available.
+    echo UNKNOWN
+else
+     vers=`cat $1/VERSION | sed 's/[(), ]/,/ g' | tr ',' '\n' | grep $v[0-9]`
+
+     if [ $? -eq 0 ]; then
+         echo "${vers}" | head -n 1 | sed 's/^v//'
+     else
+         cat $1/VERSION
+     fi
+fi
+
+exit 0
+

bld/install-man

@@ -2,8 +2,8 @@
 
 for f in *; do
   if [ -d $f ]; then
-     install -d $1/$f/man8 
-     install -m 644 $f/dnsmasq.8 $1/$f/man8
-     echo installing $1/$f/man8/dnsmasq.8
+     $2 -m 755 -d $1/$f/man8 
+     $2 -m 644 $f/dnsmasq.8 $1/$f/man8
+     echo installing $f/man8/dnsmasq.8
   fi
 done

bld/install-mo

@@ -1,9 +1,9 @@
 #!/bin/sh
 
 for f in *.mo; do
-  install -d $1/${f%.mo}/LC_MESSAGES
-  install -m 644 $f $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
-  echo installing $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
+  $2 -m 755 -d $1/${f%.mo}/LC_MESSAGES
+  $2 -m 644 $f $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
+  echo installing ${f%.mo}/LC_MESSAGES/dnsmasq.mo
 done
 
 

bld/pkg-wrapper

@@ -1,6 +1,10 @@
 #!/bin/sh
 
-if grep -q "^\#.*define.*HAVE_DBUS" config.h || grep -q HAVE_DBUS ; then
+search=$1
+shift
+
+if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
+   grep $search >/dev/null 2>&1; then
   exec $*
 fi
 

contrib/CPE-WAN/README

@@ -0,0 +1,36 @@
+Dnsmasq from version 2.52 has a couple of rather application-specific
+features designed to allow for implementation of the DHCP part of CPE
+WAN management protocol.
+
+http://www.broadband-forum.org/technical/download/TR-069_Amendment-2.pdf
+http://en.wikipedia.org/wiki/TR-069
+
+The relevant sections are F.2.1 "Gateway Requirements" and F.2.5 "DHCP
+Vendor Options".
+
+First, dnsmasq checks for DHCP requests which contain an option-125
+vendor-class option which in turn holds a vendor section for IANA
+enterprise number 3561 which contains sub-options codes 1 and 2. If
+this is present  then the network-tag "cpewan-id" is set. 
+This allows dnsmasq to be configured to reply with the correct 
+GatewayManufacturerOUI, GatewaySerialNumber and GatewayProductClass like this:
+
+dhcp-option=cpewan-id,vi-encap:3561,4,"<GatewayManufacturerOUI>"
+dhcp-option=cpewan-id,vi-encap:3561,5,"<SerialNumber>"
+dhcp-option=cpewan-id,vi-encap:3561,6,"<ProductClass>"
+
+Second, the received sub-options 1, 2, and 3 are passed to the DHCP
+lease-change script as the environment variables DNSMASQ_CPEWAN_OUI,
+DNSMASQ_CPEWAN_SERIAL, and DNSMASQ_CPEWAN_CLASS respectively. This allows
+the script to be used to maintain a ManageableDevice table as
+specified in F.2.1. Note that this data is not retained in dnsmasq's
+internal DHCP lease database, so it is not available on every call to 
+the script (this is the same as some other data such as vendor and
+user classes). It will however be available for at least the "add"
+call, and should be stored then against the IP address as primary 
+key for future use.
+
+
+This feature was added to dnsmasq under sponsorship from Ericsson.
+
+

contrib/MacOSX-launchd/launchd-README.txt

@@ -0,0 +1,38 @@
+This is a launchd item for Mac OS X and Mac OS X Server.
+For more information about launchd, the
+"System wide and per-user daemon/agent manager", see the launchd
+man page, or the wikipedia page: http://en.wikipedia.org/wiki/Launchd
+
+This launchd item uses the following flags:
+--keep-in-foreground - this is crucial for use with launchd
+--log-queries - this is optional and you can remove it
+--log-facility=/var/log/dnsmasq.log - again optional instead of system.log
+
+To use this launchd item for dnsmasq:
+
+If you don't already have a folder /Library/LaunchDaemons, then create one:
+sudo mkdir /Library/LaunchDaemons
+sudo chown root:admin /Library/LaunchDaemons
+sudo chmod 775 /Library/LaunchDaemons 
+
+Copy uk.org.thekelleys.dnsmasq.plist there and then set ownership/permissions:
+sudo cp uk.org.thekelleys.dnsmasq.plist /Library/LaunchDaemons/
+sudo chown root:admin /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist
+sudo chmod 644 /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist
+
+Optionally, edit your dnsmasq configuration file to your liking.
+
+To start the launchd job, which starts dnsmaq, reboot or use the command:
+sudo launchctl load /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist
+
+To stop the launchd job, which stops dnsmasq, use the command:
+sudo launchctl unload /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist
+
+If you want to permanently stop the launchd job, so it doesn't start the job even after a reboot, use the following command:
+sudo launchctl unload -w /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist
+
+If you make a change to the configuration file, you should relaunch dnsmasq;
+to do this unload and then load again:
+
+sudo launchctl unload /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist
+sudo launchctl load /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist

contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>uk.org.thekelleys.dnsmasq</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/usr/local/sbin/dnsmasq</string>
+		<string>--keep-in-foreground</string>
+	</array>
+	<key>RunAtLoad</key>
+	<true/>
+</dict>
+</plist>

contrib/Solaris10/README

@@ -0,0 +1,28 @@
+From: David Connelly <dconnelly@gmail.com>
+Date: Mon, Apr 7, 2008 at 3:31 AM
+Subject: Solaris 10 service manifest
+To: dnsmasq-discuss@lists.thekelleys.org.uk
+
+
+I've found dnsmasq much easier to set up on my home server running Solaris
+10 than the stock dhcp/dns server, which is probably overkill anyway for my
+simple home network needs. Since Solaris now uses SMF (Service Management
+Facility) to manage services I thought I'd create a simple service manifest
+for the dnsmasq service. The manifest currently assumes that dnsmasq has
+been installed in '/usr/local/sbin/dnsmasq' and the configuration file in
+'/usr/local/etc/dnsmasq.conf', so you may have to adjust these paths for
+your local installation. Here are the steps I followed to install and enable
+the dnsmasq service:
+  # svccfg import dnsmasq.xml
+  # svcadm enable dnsmasq
+
+To confirm that the service is enabled and online:
+
+  # svcs -l dnsmasq
+
+I've just started learning about SMF so if anyone has any
+corrections/feedback they are more than welcome.
+
+Thanks,
+David
+

contrib/Solaris10/README-sparc

@@ -0,0 +1,8 @@
+Hi Simon,
+
+I just wanted to let you know that I have built a Solaris .pkg install package of your dnsmasq utility for people to use.  Feel free to point them in my direction if you have people who want this sort of thing.
+
+http://ejesconsulting.wordpress.com/2010/05/12/gnu-dnsmasq-for-opensolaris-sparc/
+
+Thanks
+-evan

contrib/Solaris10/README.create_package

@@ -0,0 +1,25 @@
+Ok, script attached ... seems to be working ok for me, 
+tried to install and remove a few times. It does the
+right thing with the smf when installing, you can then 
+simply enable the service. Upon removal it cleans up the
+files but won't clean up the services (I think until
+a reboot) ... I've only started looking at the new 
+packages stuff in the last day or two, so I could be 
+missing something, but I can't find any way to force
+ a proper cleanup.
+
+It requires that you have a writable repository setup 
+as per the docs on the opensolaris website and it will
+create a dnsmasq package (package name is a variable 
+in the script). The script takes a version number for 
+the package and assumes that it's in the contrib/Solaris10 
+directory, it then works out the base tree directory 
+from $0.
+
+i.e.  $ contrib/Solaris10/create_package 2.52-1
+or   $ cd contrib/Solaris10; ./create_package 2.52-1
+
+It's a bit more complex than it could be because I 
+prefer putting the daemon in /usr/sbin and the config 
+in /etc, so the script will actually create a new 
+version of the existing contrib dnsmasq.xml.

contrib/Solaris10/create_package

@@ -0,0 +1,87 @@
+#!/bin/sh
+
+#
+# For our package, and for the SMF script, we need to define where we
+# want things to go...
+#
+BIN_DIR="/usr/sbin"
+CONF_DIR="/etc"
+MAN_DIR="/usr/share/man/man8"
+
+PACKAGE_NAME="dnsmasq"
+
+#
+# Since we know we are in the contrib directory we can work out where
+# the rest of the tree is...
+#
+BASEDIR="`dirname $0`/../.."
+
+#
+# We need a version number to use for the package creation...
+#
+if [ $# != 1 ]; then
+	echo "Usage: $0 <package_version_number>" >&2
+	exit 1
+fi
+VERSION="$1"
+
+#
+# First thing we do is fix-up the smf file to use the paths we prefer...
+#
+if [ ! -f "${BASEDIR}/contrib/Solaris10/dnsmasq.xml" ]; then
+	echo "$0: unable to find contrib/Solaris10/dnsmasq.xml" >&2
+	exit 1
+fi
+
+echo "Fixing up smf file ... \c"
+cat "${BASEDIR}/contrib/Solaris10/dnsmasq.xml" | \
+	sed 	-e "s%/usr/local/etc%${CONF_DIR}%" \
+		-e "s%/usr/local/sbin%${BIN_DIR}%" \
+		-e "s%/usr/local/man%${MAN_DIR}%" > ${BASEDIR}/contrib/Solaris10/dnsmasq-pkg.xml
+echo "done."
+
+echo "Creating packaging file ... \c"
+cat <<EOF >${BASEDIR}/contrib/Solaris10/dnsmasq_package.inc
+#
+# header
+#
+set name=pkg.name		value="dnsmasq"
+set name=pkg.description	value="dnsmasq daemon - dns, dhcp, tftp etc"
+set name=pkg.detailed_url	value="http://www.thekelleys.org.uk/dnsmasq/doc.html"
+set name=info.maintainer	value="TBD (tbd@tbd.com)"
+set name=info.upstream		value="dnsmasq-discuss@lists.thekelleys.org.uk"
+set name=info.upstream_url	value="http://www.thekelleys.org.uk/dnsmasq/doc.html"
+#
+# dependencies ... none?
+#
+
+#
+# directories
+#
+dir mode=0755 owner=root group=bin path=${BIN_DIR}/
+dir mode=0755 owner=root group=sys path=${CONF_DIR}/
+dir mode=0755 owner=root group=sys path=${MAN_DIR}/
+dir mode=0755 owner=root group=sys path=/var/
+dir mode=0755 owner=root group=sys path=/var/svc
+dir mode=0755 owner=root group=sys path=/var/svc/manifest
+dir mode=0755 owner=root group=sys path=/var/svc/manifest/network
+
+#
+# files
+#
+file ${BASEDIR}/src/dnsmasq mode=0555 owner=root group=bin path=${BIN_DIR}/dnsmasq
+file ${BASEDIR}/man/dnsmasq.8 mode=0555 owner=root group=bin path=${MAN_DIR}/dnsmasq.8
+file ${BASEDIR}/dnsmasq.conf.example mode=0644 owner=root group=sys path=${CONF_DIR}/dnsmasq.conf preserve=strawberry
+file ${BASEDIR}/contrib/Solaris10/dnsmasq-pkg.xml mode=0644 owner=root group=sys path=/var/svc/manifest/network/dnsmasq.xml restart_fmri=svc:/system/manifest-import:default
+
+EOF
+echo "done."
+
+echo "Creating package..."
+eval `pkgsend open ${PACKAGE_NAME}@${VERSION}`
+pkgsend include ${BASEDIR}/contrib/Solaris10/dnsmasq_package.inc
+if [ "$?" = 0 ]; then
+	pkgsend close
+else
+	echo "Errors"
+fi

contrib/Solaris10/dnsmasq.xml

@@ -0,0 +1,65 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+
+<!-- Service manifest for dnsmasq -->
+
+<service_bundle type='manifest' name='dnsmasq'>
+  <service name='network/dnsmasq' type='service' version='1'>
+
+    <create_default_instance enabled='false'/>
+    <single_instance/>
+
+    <dependency name='multi-user'
+                grouping='require_all'
+                restart_on='refresh'
+                type='service'>
+      <service_fmri value='svc:/milestone/multi-user'/>
+    </dependency>
+
+    <dependency name='config'
+		grouping='require_all'
+		restart_on='restart'
+		type='path'>
+      <service_fmri value='file:///usr/local/etc/dnsmasq.conf'/>
+    </dependency>
+
+    <dependent name='dnsmasq_multi-user-server'
+               grouping='optional_all'
+               restart_on='none'>
+      <service_fmri value='svc:/milestone/multi-user-server' />
+    </dependent>
+
+    <exec_method type='method' name='start'
+                 exec='/usr/local/sbin/dnsmasq -C /usr/local/etc/dnsmasq.conf'
+                 timeout_seconds='60' >
+      <method_context>
+        <method_credential user='root' group='root' privileges='all'/>
+      </method_context>
+    </exec_method>
+
+    <exec_method type='method'
+                 name='stop'
+                 exec=':kill'
+                 timeout_seconds='60'/>
+
+    <exec_method type='method'
+                 name='refresh'
+                 exec=':kill -HUP'
+                 timeout_seconds='60' />
+
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>dnsmasq server</loctext>
+      </common_name>
+      <description>
+        <loctext xml:lang='C'>
+dnsmasq - A lightweight DHCP and caching DNS server.
+        </loctext>
+      </description>
+      <documentation>
+        <manpage title='dnsmasq' section='8' manpath='/usr/local/man'/>
+      </documentation>
+    </template>
+
+  </service>
+</service_bundle>

contrib/conntrack/README

@@ -0,0 +1,54 @@
+Linux iptables includes that ability to mark individual network packets
+with a "firewall mark".  Additionally there is a component called
+"conntrack" which tries to string sequences of related packets together
+into a "connection" (it even relates sequences of UDP and ICMP packets).
+ There is a related mark for a connection called a "connection mark".
+Marks can be copied freely between the firewall and connection marks
+
+Using these two features it become possible to tag all related traffic
+in arbitrary ways, eg authenticated users, traffic from a particular IP,
+port, etc. Unfortunately any kind of "proxy" breaks this relationship
+because network packets go in one side of the proxy and a completely new
+connection comes out of the other side.  However, sometimes, we want to
+maintain that relationship through the proxy and continue the connection
+mark on packets upstream of our proxy
+
+DNSMasq includes such a feature enabled by the --conntrack
+option. This allows, for example, using iptables to mark traffic from
+a particular IP, and that mark to be persisted to requests made *by*
+DNSMasq. Such a feature could be useful for bandwidth accounting,
+captive portals and the like. Note a similar feature has been 
+implemented in Squid 2.2
+
+
+As an example consider the following iptables rules:
+
+
+1) iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
+2) iptables -t mangle -A PREROUTING -m mark --mark 0 -s 192.168.111.137
+-j MARK --set-mark 137
+3) iptables -t mangle -A PREROUTING -j CONNMARK --save-mark
+
+4) iptables -t mangle -A OUTPUT -m mark ! --mark 0 -j CONNMARK --save-mark
+
+1-3) are all applied to the PREROUTING table and affect all packets
+entering the firewall.
+
+1) copies any existing connection mark into the firewall mark. 2) Checks
+the packet not already marked and if not applies an arbitrary mark based
+on IP address. 3) Saves the firewall mark back to the connection mark
+(which will persist it across related packets)
+
+4) is applied to the OUTPUT table, which is where we first see packets
+generated locally. DNSMasq will have already copied the firewall mark
+from the request, across to the new packet, and so all that remains is
+for iptables to copy it to the connection mark so it's persisted across
+packets.
+
+Note: iptables can be quite confusing to the beginner. The following
+diagram is extremely helpful in understanding the flows
+	http://linux-ip.net/nf/nfk-traversal.png
+Additionally the following URL contains a useful "starting guide" on
+linux connection tracking/marking
+	http://home.regit.org/netfilter-en/netfilter-connmark/
+

contrib/dns-loc/README

@@ -0,0 +1,12 @@
+Hi Simon
+
+Here is a patch against dnsmasq 2.39 which provides support for LOC  
+entries in order to assign location information to dns records  
+(rfc1876). I tested it on OSX and on OpenWRT.
+
+Cheers
+Lorenz
+
+More info:
+http://www.ckdhr.com/dns-loc/
+http://www.faqs.org/rfcs/rfc1876.html

contrib/dns-loc/dnsmasq2-loc-rfc1876.patch

@@ -0,0 +1,522 @@
+diff -Nur dnsmasq-2.39-orig/bld/Makefile dnsmasq-2.39/bld/Makefile
+--- dnsmasq-2.39-orig/bld/Makefile	2007-02-17 14:37:06.000000000 +0100
++++ dnsmasq-2.39/bld/Makefile	2007-05-20 18:23:44.000000000 +0200
+@@ -2,7 +2,7 @@
+ PKG_CONFIG ?= pkg-config
+ 
+ 
+-OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o network.o \
++OBJS = cache.o rfc1035.o rfc1876.o util.o option.o forward.o isc.o network.o \
+        dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+        helper.o tftp.o log.o
+ 
+diff -Nur dnsmasq-2.39-orig/src/dnsmasq.h dnsmasq-2.39/src/dnsmasq.h
+--- dnsmasq-2.39-orig/src/dnsmasq.h	2007-04-20 12:53:38.000000000 +0200
++++ dnsmasq-2.39/src/dnsmasq.h	2007-05-20 19:50:37.000000000 +0200
+@@ -162,6 +162,12 @@
+   struct interface_name *next;
+ };
+ 
++struct loc_record {
++  char *name, loc[16];
++  unsigned short class;
++  struct loc_record *next;
++};
++
+ union bigname {
+   char name[MAXDNAME];
+   union bigname *next; /* freelist */
+@@ -476,6 +482,7 @@
+   struct mx_srv_record *mxnames;
+   struct txt_record *txt;
+   struct ptr_record *ptr;
++	struct loc_record *loc;
+   struct interface_name *int_names;
+   char *mxtarget;
+   char *lease_file; 
+@@ -725,3 +732,6 @@
+ void tftp_request(struct listener *listen, struct daemon *daemon, time_t now);
+ void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now);
+ #endif
++
++/* rfc1876 */
++u_int32_t loc_aton(const char *ascii, u_char *binary);
+diff -Nur dnsmasq-2.39-orig/src/option.c dnsmasq-2.39/src/option.c
+--- dnsmasq-2.39-orig/src/option.c	2007-04-19 23:34:49.000000000 +0200
++++ dnsmasq-2.39/src/option.c	2007-05-20 20:15:15.000000000 +0200
+@@ -43,6 +43,7 @@
+ #define LOPT_REMOTE    269
+ #define LOPT_SUBSCR    270
+ #define LOPT_INTNAME   271
++#define LOPT_LOC       272
+ 
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =  
+@@ -122,6 +123,7 @@
+     {"tftp-root", 1, 0, LOPT_PREFIX },
+     {"tftp-max", 1, 0, LOPT_TFTP_MAX },
+     {"ptr-record", 1, 0, LOPT_PTR },
++    {"loc-record", 1, 0, LOPT_LOC },
+ #if defined(__FreeBSD__) || defined(__DragonFly__)
+     {"bridge-interface", 1, 0 , LOPT_BRIDGE },
+ #endif
+@@ -235,6 +237,7 @@
+   { "-y, --localise-queries", gettext_noop("Answer DNS queries based on the interface a query was sent to."), NULL },
+   { "-Y  --txt-record=name,txt....", gettext_noop("Specify TXT DNS record."), NULL },
+   { "    --ptr-record=name,target", gettext_noop("Specify PTR DNS record."), NULL },
++  { "    --loc-record=name,lat lon alt", gettext_noop("Specify LOC DNS record."), NULL },
+   { "    --interface-name=name,interface", gettext_noop("Give DNS name to IPv4 address of interface."), NULL },
+   { "-z, --bind-interfaces", gettext_noop("Bind only to interfaces in use."), NULL },
+   { "-Z, --read-ethers", gettext_noop("Read DHCP static host information from %s."), ETHERSFILE },
+@@ -1835,6 +1838,37 @@
+ 	new->intr = safe_string_alloc(comma);
+ 	break;
+       }
++      
++    case LOPT_LOC:
++      {
++	struct loc_record *new;
++	unsigned char *p, *q;
++	
++	comma = split(arg);
++	
++	if (!canonicalise_opt(arg))
++	  {
++	    option = '?';
++	    problem = _("bad LOC record");
++	    break;
++	  }
++	
++	new = safe_malloc(sizeof(struct loc_record));
++	new->next = daemon->loc;
++	daemon->loc = new;
++	new->class = C_IN;
++	if (!comma || loc_aton(comma,new->loc)!=16)
++	  {
++	    option = '?';
++	    problem = _("bad LOC record");
++	    break;
++	  }
++
++	if (comma)
++	  *comma = 0;
++	new->name = safe_string_alloc(arg);
++	break;
++      }
+ 
+     case LOPT_PTR:  /* --ptr-record */
+       {
+diff -Nur dnsmasq-2.39-orig/src/rfc1035.c dnsmasq-2.39/src/rfc1035.c
+--- dnsmasq-2.39-orig/src/rfc1035.c	2007-04-20 12:54:26.000000000 +0200
++++ dnsmasq-2.39/src/rfc1035.c	2007-05-20 18:22:46.000000000 +0200
+@@ -1112,6 +1112,27 @@
+ 	    }
+ 	}
+ 
++      if (qtype == T_LOC || qtype == T_ANY)
++	{
++	  struct loc_record *t;
++	  for(t = daemon->loc; t ; t = t->next)
++	    {
++	      if (t->class == qclass && hostname_isequal(name, t->name))
++		{
++		  ans = 1;
++		  if (!dryrun)
++		    {
++		      log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, 0, NULL, 0);
++		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
++					      daemon->local_ttl, NULL,
++					      T_LOC, t->class, "t", 16, t->loc))
++			anscount++;
++
++		    }
++		}
++	    }
++	}
++
+       if (qclass == C_IN)
+ 	{
+ 	  if (qtype == T_PTR || qtype == T_ANY)
+diff -Nur dnsmasq-2.39-orig/src/rfc1876.c dnsmasq-2.39/src/rfc1876.c
+--- dnsmasq-2.39-orig/src/rfc1876.c	1970-01-01 01:00:00.000000000 +0100
++++ dnsmasq-2.39/src/rfc1876.c	2007-05-20 19:50:10.000000000 +0200
+@@ -0,0 +1,379 @@
++/*
++ * routines to convert between on-the-wire RR format and zone file
++ * format.  Does not contain conversion to/from decimal degrees;
++ * divide or multiply by 60*60*1000 for that.
++ */
++
++#include "dnsmasq.h"
++
++static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000,
++                                 1000000,10000000,100000000,1000000000};
++
++/* takes an XeY precision/size value, returns a string representation.*/
++static const char *
++precsize_ntoa(u_int8_t prec)
++{
++        static char retbuf[sizeof("90000000.00")];
++        unsigned long val;
++        int mantissa, exponent;
++
++        mantissa = (int)((prec >> 4) & 0x0f) % 10;
++        exponent = (int)((prec >> 0) & 0x0f) % 10;
++
++        val = mantissa * poweroften[exponent];
++
++        (void) sprintf(retbuf,"%d.%.2d", val/100, val%100);
++        return (retbuf);
++}
++
++/* converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer.*/
++static u_int8_t
++precsize_aton(char **strptr)
++{
++        unsigned int mval = 0, cmval = 0;
++        u_int8_t retval = 0;
++        register char *cp;
++        register int exponent;
++        register int mantissa;
++
++        cp = *strptr;
++
++        while (isdigit(*cp))
++                mval = mval * 10 + (*cp++ - '0');
++
++        if (*cp == '.') {               /* centimeters */
++                cp++;
++                if (isdigit(*cp)) {
++                        cmval = (*cp++ - '0') * 10;
++                        if (isdigit(*cp)) {
++                                cmval += (*cp++ - '0');
++                        }
++                }
++        }
++        cmval = (mval * 100) + cmval;
++
++        for (exponent = 0; exponent < 9; exponent++)
++                if (cmval < poweroften[exponent+1])
++                        break;
++
++        mantissa = cmval / poweroften[exponent];
++        if (mantissa > 9)
++                mantissa = 9;
++
++        retval = (mantissa << 4) | exponent;
++
++        *strptr = cp;
++
++        return (retval);
++}
++
++/* converts ascii lat/lon to unsigned encoded 32-bit number.
++ *  moves pointer. */
++static u_int32_t
++latlon2ul(char **latlonstrptr,int *which)
++{
++        register char *cp;
++        u_int32_t retval;
++        int deg = 0, min = 0, secs = 0, secsfrac = 0;
++
++        cp = *latlonstrptr;
++
++        while (isdigit(*cp))
++                deg = deg * 10 + (*cp++ - '0');
++
++        while (isspace(*cp))
++                cp++;
++
++        if (!(isdigit(*cp)))
++                goto fndhemi;
++
++        while (isdigit(*cp))
++                min = min * 10 + (*cp++ - '0');
++        while (isspace(*cp))
++                cp++;
++
++        if (!(isdigit(*cp)))
++                goto fndhemi;
++
++        while (isdigit(*cp))
++                secs = secs * 10 + (*cp++ - '0');
++
++        if (*cp == '.') {               /* decimal seconds */
++                cp++;
++                if (isdigit(*cp)) {
++                        secsfrac = (*cp++ - '0') * 100;
++                        if (isdigit(*cp)) {
++                                secsfrac += (*cp++ - '0') * 10;
++                                if (isdigit(*cp)) {
++                                        secsfrac += (*cp++ - '0');
++                                }
++                        }
++                }
++        }
++
++        while (!isspace(*cp))   /* if any trailing garbage */
++                cp++;
++
++        while (isspace(*cp))
++                cp++;
++
++ fndhemi:
++        switch (*cp) {
++        case 'N': case 'n':
++        case 'E': case 'e':
++                retval = ((unsigned)1<<31)
++                        + (((((deg * 60) + min) * 60) + secs) * 1000)
++                        + secsfrac;
++                break;
++        case 'S': case 's':
++        case 'W': case 'w':
++                retval = ((unsigned)1<<31)
++                        - (((((deg * 60) + min) * 60) + secs) * 1000)
++                        - secsfrac;
++                break;
++        default:
++                retval = 0;     /* invalid value -- indicates error */
++                break;
++        }
++
++        switch (*cp) {
++        case 'N': case 'n':
++        case 'S': case 's':
++                *which = 1;     /* latitude */
++                break;
++        case 'E': case 'e':
++        case 'W': case 'w':
++                *which = 2;     /* longitude */
++                break;
++        default:
++                *which = 0;     /* error */
++                break;
++        }
++
++        cp++;                   /* skip the hemisphere */
++
++        while (!isspace(*cp))   /* if any trailing garbage */
++                cp++;
++
++        while (isspace(*cp))    /* move to next field */
++                cp++;
++
++        *latlonstrptr = cp;
++
++        return (retval);
++}
++
++/* converts a zone file representation in a string to an RDATA
++ * on-the-wire representation. */
++u_int32_t
++loc_aton(const char *ascii, u_char *binary)
++{
++        const char *cp, *maxcp;
++        u_char *bcp;
++
++        u_int32_t latit = 0, longit = 0, alt = 0;
++        u_int32_t lltemp1 = 0, lltemp2 = 0;
++        int altmeters = 0, altfrac = 0, altsign = 1;
++        u_int8_t hp = 0x16;    /* default = 1e6 cm = 10000.00m = 10km */
++        u_int8_t vp = 0x13;    /* default = 1e3 cm = 10.00m */
++        u_int8_t siz = 0x12;   /* default = 1e2 cm = 1.00m */
++        int which1 = 0, which2 = 0;
++
++        cp = ascii;
++        maxcp = cp + strlen(ascii);
++
++        lltemp1 = latlon2ul(&cp, &which1);
++        lltemp2 = latlon2ul(&cp, &which2);
++
++        switch (which1 + which2) {
++        case 3:                 /* 1 + 2, the only valid combination */
++                if ((which1 == 1) && (which2 == 2)) { /* normal case */
++                        latit = lltemp1;
++                        longit = lltemp2;
++                } else if ((which1 == 2) && (which2 == 1)) {/*reversed*/
++                        longit = lltemp1;
++                        latit = lltemp2;
++                } else {        /* some kind of brokenness */
++                        return 0;
++                }
++                break;
++        default:                /* we didn't get one of each */
++                return 0;
++        }
++
++        /* altitude */
++        if (*cp == '-') {
++                altsign = -1;
++                cp++;
++        }
++
++        if (*cp == '+')
++                cp++;
++
++        while (isdigit(*cp))
++                altmeters = altmeters * 10 + (*cp++ - '0');
++
++        if (*cp == '.') {               /* decimal meters */
++                cp++;
++                if (isdigit(*cp)) {
++                        altfrac = (*cp++ - '0') * 10;
++                        if (isdigit(*cp)) {
++                                altfrac += (*cp++ - '0');
++                        }
++                }
++        }
++
++        alt = (10000000 + (altsign * (altmeters * 100 + altfrac)));
++
++        while (!isspace(*cp) && (cp < maxcp))
++                                           /* if trailing garbage or m */
++                cp++;
++
++        while (isspace(*cp) && (cp < maxcp))
++                cp++;
++        if (cp >= maxcp)
++                goto defaults;
++
++        siz = precsize_aton(&cp);
++
++        while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/
++                cp++;
++
++        while (isspace(*cp) && (cp < maxcp))
++                cp++;
++
++        if (cp >= maxcp)
++                goto defaults;
++
++        hp = precsize_aton(&cp);
++
++        while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/
++                cp++;
++
++        while (isspace(*cp) && (cp < maxcp))
++                cp++;
++
++        if (cp >= maxcp)
++                goto defaults;
++
++        vp = precsize_aton(&cp);
++
++ defaults:
++
++        bcp = binary;
++        *bcp++ = (u_int8_t) 0;  /* version byte */
++        *bcp++ = siz;
++        *bcp++ = hp;
++        *bcp++ = vp;
++        PUTLONG(latit,bcp);
++        PUTLONG(longit,bcp);
++        PUTLONG(alt,bcp);
++
++        return (16);            /* size of RR in octets */
++}
++
++/* takes an on-the-wire LOC RR and prints it in zone file
++ * (human readable) format. */
++char *
++loc_ntoa(const u_char *binary,char *ascii)
++{
++        static char tmpbuf[255*3];
++
++        register char *cp;
++        register const u_char *rcp;
++
++        int latdeg, latmin, latsec, latsecfrac;
++        int longdeg, longmin, longsec, longsecfrac;
++        char northsouth, eastwest;
++        int altmeters, altfrac, altsign;
++
++        const int referencealt = 100000 * 100;
++
++        int32_t latval, longval, altval;
++        u_int32_t templ;
++        u_int8_t sizeval, hpval, vpval, versionval;
++
++        char *sizestr, *hpstr, *vpstr;
++
++        rcp = binary;
++        if (ascii)
++                cp = ascii;
++        else {
++                cp = tmpbuf;
++        }
++
++        versionval = *rcp++;
++
++        if (versionval) {
++                sprintf(cp,"; error: unknown LOC RR version");
++                return (cp);
++        }
++
++        sizeval = *rcp++;
++
++        hpval = *rcp++;
++        vpval = *rcp++;
++
++        GETLONG(templ,rcp);
++        latval = (templ - ((unsigned)1<<31));
++
++        GETLONG(templ,rcp);
++        longval = (templ - ((unsigned)1<<31));
++
++        GETLONG(templ,rcp);
++        if (templ < referencealt) { /* below WGS 84 spheroid */
++                altval = referencealt - templ;
++                altsign = -1;
++        } else {
++                altval = templ - referencealt;
++                altsign = 1;
++        }
++
++        if (latval < 0) {
++                northsouth = 'S';
++                latval = -latval;
++        }
++        else
++                northsouth = 'N';
++
++        latsecfrac = latval % 1000;
++        latval = latval / 1000;
++        latsec = latval % 60;
++        latval = latval / 60;
++        latmin = latval % 60;
++        latval = latval / 60;
++        latdeg = latval;
++
++        if (longval < 0) {
++                eastwest = 'W';
++                longval = -longval;
++        }
++        else
++                eastwest = 'E';
++
++        longsecfrac = longval % 1000;
++        longval = longval / 1000;
++        longsec = longval % 60;
++        longval = longval / 60;
++        longmin = longval % 60;
++        longval = longval / 60;
++        longdeg = longval;
++
++        altfrac = altval % 100;
++        altmeters = (altval / 100) * altsign;
++
++        sizestr = strdup(precsize_ntoa(sizeval));
++        hpstr = strdup(precsize_ntoa(hpval));
++        vpstr = strdup(precsize_ntoa(vpval));
++
++        sprintf(cp,
++                "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %d.%.2dm %sm %sm %sm",
++                latdeg, latmin, latsec, latsecfrac, northsouth,
++                longdeg, longmin, longsec, longsecfrac, eastwest,
++                altmeters, altfrac, sizestr, hpstr, vpstr);
++        free(sizestr);
++        free(hpstr);
++        free(vpstr);
++
++        return (cp);
++}

contrib/lease-access/README

@@ -0,0 +1,20 @@
+Hello,
+
+For some specific application I needed to deny access to a MAC address
+to a lease. For this reason I modified the dhcp-script behavior and is
+called with an extra parameter "access" once a dhcp request or discover
+is received. In that case if the exit code of the script is zero,
+dnsmasq continues normally, and if non-zero the packet is ignored.
+
+This was not added as a security feature but as a mean to handle
+differently some addresses. It is also quite intrusive since it requires
+changes in several other subsystems.
+
+It attach the patch in case someone is interested.
+
+regards,
+Nikos
+
+nmav@gennetsa.com
+
+

contrib/lease-access/lease.access.patch

@@ -0,0 +1,578 @@
+Index: src/dnsmasq.c
+===================================================================
+--- src/dnsmasq.c	(revision 696)
++++ src/dnsmasq.c	(revision 821)
+@@ -59,7 +59,6 @@
+ static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
+ static void check_dns_listeners(fd_set *set, time_t now);
+ static void sig_handler(int sig);
+-static void async_event(int pipe, time_t now);
+ static void fatal_event(struct event_desc *ev);
+ static void poll_resolv(void);
+ 
+@@ -275,7 +274,7 @@
+   piperead = pipefd[0];
+   pipewrite = pipefd[1];
+   /* prime the pipe to load stuff first time. */
+-  send_event(pipewrite, EVENT_RELOAD, 0); 
++  send_event(pipewrite, EVENT_RELOAD, 0, 0); 
+ 
+   err_pipe[1] = -1;
+   
+@@ -340,7 +339,7 @@
+ 	    }
+ 	  else if (getuid() == 0)
+ 	    {
+-	      send_event(err_pipe[1], EVENT_PIDFILE, errno);
++	      send_event(err_pipe[1], EVENT_PIDFILE, errno, 0);
+ 	      _exit(0);
+ 	    }
+ 	}
+@@ -372,7 +371,7 @@
+ 	  (setgroups(0, &dummy) == -1 ||
+ 	   setgid(gp->gr_gid) == -1))
+ 	{
+-	  send_event(err_pipe[1], EVENT_GROUP_ERR, errno);
++	  send_event(err_pipe[1], EVENT_GROUP_ERR, errno, 0);
+ 	  _exit(0);
+ 	}
+   
+@@ -415,14 +414,14 @@
+ 
+ 	  if (bad_capabilities != 0)
+ 	    {
+-	      send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities);
++	      send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, 0);
+ 	      _exit(0);
+ 	    }
+ 	  
+ 	  /* finally drop root */
+ 	  if (setuid(ent_pw->pw_uid) == -1)
+ 	    {
+-	      send_event(err_pipe[1], EVENT_USER_ERR, errno);
++	      send_event(err_pipe[1], EVENT_USER_ERR, errno, 0);
+ 	      _exit(0);
+ 	    }     
+ 
+@@ -434,7 +433,7 @@
+ 	  /* lose the setuid and setgid capbilities */
+ 	  if (capset(hdr, data) == -1)
+ 	    {
+-	      send_event(err_pipe[1], EVENT_CAP_ERR, errno);
++	      send_event(err_pipe[1], EVENT_CAP_ERR, errno, 0);
+ 	      _exit(0);
+ 	    }
+ #endif
+@@ -647,7 +646,7 @@
+ 	}
+       
+       if (FD_ISSET(piperead, &rset))
+-	async_event(piperead, now);
++	async_event(piperead, now, NULL, 0);
+       
+ #ifdef HAVE_LINUX_NETWORK
+       if (FD_ISSET(daemon->netlinkfd, &rset))
+@@ -674,7 +673,7 @@
+ #endif      
+ 
+       if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset))
+-	dhcp_packet(now);
++	dhcp_packet(piperead, now);
+ 
+ #ifndef NO_FORK
+       if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
+@@ -719,17 +718,18 @@
+       else
+ 	return;
+ 
+-      send_event(pipewrite, event, 0); 
++      send_event(pipewrite, event, 0, 0); 
+       errno = errsave;
+     }
+ }
+ 
+-void send_event(int fd, int event, int data)
++void send_event(int fd, int event, int data, int priv)
+ {
+   struct event_desc ev;
+   
+   ev.event = event;
+   ev.data = data;
++  ev.priv = priv;
+   
+   /* error pipe, debug mode. */
+   if (fd == -1)
+@@ -771,14 +771,17 @@
+       die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE);
+     }
+ }	
+-      
+-static void async_event(int pipe, time_t now)
++
++/* returns the private data of the event
++ */
++int async_event(int pipe, time_t now, struct event_desc* event, unsigned int secs)
+ {
+   pid_t p;
+   struct event_desc ev;
+   int i;
+ 
+-  if (read_write(pipe, (unsigned char *)&ev, sizeof(ev), 1))
++  if (read_timeout(pipe, (unsigned char *)&ev, sizeof(ev), now, secs) > 0) 
++    {
+     switch (ev.event)
+       {
+       case EVENT_RELOAD:
+@@ -872,6 +875,14 @@
+ 	flush_log();
+ 	exit(EC_GOOD);
+       }
++    }
++  else
++    return -1; /* timeout */
++
++  if (event)
++    memcpy( event, &ev, sizeof(ev));
++    
++  return 0;
+ }
+ 
+ static void poll_resolv()
+Index: src/config.h
+===================================================================
+--- src/config.h	(revision 696)
++++ src/config.h	(revision 821)
+@@ -51,6 +51,8 @@
+ #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */
+ #define LOG_MAX 5 /* log-queue length */
+ #define RANDFILE "/dev/urandom"
++#define SCRIPT_TIMEOUT 6
++#define LEASE_CHECK_TIMEOUT 10
+ 
+ /* DBUS interface specifics */
+ #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq"
+Index: src/dnsmasq.h
+===================================================================
+--- src/dnsmasq.h	(revision 696)
++++ src/dnsmasq.h	(revision 821)
+@@ -116,6 +116,7 @@
+ /* Async event queue */
+ struct event_desc {
+   int event, data;
++  unsigned int priv;
+ };
+ 
+ #define EVENT_RELOAD    1
+@@ -390,6 +391,7 @@
+ #define ACTION_OLD_HOSTNAME  2
+ #define ACTION_OLD           3
+ #define ACTION_ADD           4
++#define ACTION_ACCESS        5
+ 
+ #define DHCP_CHADDR_MAX 16
+ 
+@@ -709,6 +711,7 @@
+ char *print_mac(char *buff, unsigned char *mac, int len);
+ void bump_maxfd(int fd, int *max);
+ int read_write(int fd, unsigned char *packet, int size, int rw);
++int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs);
+ 
+ /* log.c */
+ void die(char *message, char *arg1, int exit_code);
+@@ -748,7 +751,7 @@
+ 
+ /* dhcp.c */
+ void dhcp_init(void);
+-void dhcp_packet(time_t now);
++void dhcp_packet(int piperead, time_t now);
+ 
+ struct dhcp_context *address_available(struct dhcp_context *context, 
+ 				       struct in_addr addr,
+@@ -792,14 +795,16 @@
+ void rerun_scripts(void);
+ 
+ /* rfc2131.c */
+-size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
++size_t dhcp_reply(int pipefd, struct dhcp_context *context, char *iface_name, int int_index,
+ 		  size_t sz, time_t now, int unicast_dest, int *is_inform);
+ 
+ /* dnsmasq.c */
+ int make_icmp_sock(void);
+ int icmp_ping(struct in_addr addr);
+-void send_event(int fd, int event, int data);
++void send_event(int fd, int event, int data, int priv);
+ void clear_cache_and_reload(time_t now);
++int wait_for_child(int pipe);
++int async_event(int pipe, time_t now, struct event_desc*, unsigned int timeout);
+ 
+ /* isc.c */
+ #ifdef HAVE_ISC_READER
+@@ -832,9 +837,9 @@
+ /* helper.c */
+ #ifndef NO_FORK
+ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd);
+-void helper_write(void);
++int helper_write(void);
+ void queue_script(int action, struct dhcp_lease *lease, 
+-		  char *hostname, time_t now);
++		  char *hostname, time_t now, unsigned int uid);
+ int helper_buf_empty(void);
+ #endif
+ 
+Index: src/util.c
+===================================================================
+--- src/util.c	(revision 696)
++++ src/util.c	(revision 821)
+@@ -444,3 +444,38 @@
+   return 1;
+ }
+ 
++int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs)
++{
++  ssize_t n, done;
++  time_t expire;
++  
++  expire = now + secs;
++  
++  for (done = 0; done < size; done += n)
++    {
++    retry:
++      if (secs > 0) alarm(secs);
++      n = read(fd, &packet[done], (size_t)(size - done));
++
++      if (n == 0)
++        return 0;
++      else if (n == -1)
++        {
++          if (errno == EINTR) {
++            my_syslog(LOG_INFO, _("read timed out (errno %d)"), errno);
++            return 0;
++          }
++
++          if (retry_send() || errno == ENOMEM || errno == ENOBUFS || errno == EAGAIN)
++            {
++              if (secs == 0 || (secs > 0 && dnsmasq_time() < expire))
++                goto retry;
++            }
++
++          my_syslog(LOG_INFO, _("error in read (timeout %d, errno %d)"), secs, errno);
++          return 0;
++        }
++    }
++  return 1;
++}
++
+Index: src/dhcp.c
+===================================================================
+--- src/dhcp.c	(revision 696)
++++ src/dhcp.c	(revision 821)
+@@ -103,7 +103,7 @@
+   daemon->dhcp_packet.iov_base = safe_malloc(daemon->dhcp_packet.iov_len);
+ }
+   
+-void dhcp_packet(time_t now)
++void dhcp_packet(int piperead, time_t now)
+ {
+   struct dhcp_packet *mess;
+   struct dhcp_context *context;
+@@ -239,7 +239,8 @@
+   if (!iface_enumerate(&parm, complete_context, NULL))
+     return;
+   lease_prune(NULL, now); /* lose any expired leases */
+-  iov.iov_len = dhcp_reply(parm.current, ifr.ifr_name, iface_index, (size_t)sz, 
++
++  iov.iov_len = dhcp_reply(piperead, parm.current, ifr.ifr_name, iface_index, (size_t)sz, 
+ 			   now, unicast_dest, &is_inform);
+   lease_update_file(now);
+   lease_update_dns();
+Index: src/helper.c
+===================================================================
+--- src/helper.c	(revision 696)
++++ src/helper.c	(revision 821)
+@@ -45,6 +45,7 @@
+ #endif
+   unsigned char hwaddr[DHCP_CHADDR_MAX];
+   char interface[IF_NAMESIZE];
++  unsigned int uid;
+ };
+ 
+ static struct script_data *buf = NULL;
+@@ -60,7 +61,7 @@
+      then fork our process. */
+   if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+     {
+-      send_event(err_fd, EVENT_PIPE_ERR, errno);
++      send_event(err_fd, EVENT_PIPE_ERR, errno, 0);
+       _exit(0);
+     }
+ 
+@@ -87,13 +88,13 @@
+ 	{
+ 	  if (daemon->options & OPT_NO_FORK)
+ 	    /* send error to daemon process if no-fork */
+-	    send_event(event_fd, EVENT_HUSER_ERR, errno);
++	    send_event(event_fd, EVENT_HUSER_ERR, errno, 0);
+ 	  else
+ 	    {
+ 	      /* kill daemon */
+-	      send_event(event_fd, EVENT_DIE, 0);
++	      send_event(event_fd, EVENT_DIE, 0, 0);
+ 	      /* return error */
+-	      send_event(err_fd, EVENT_HUSER_ERR, errno);;
++	      send_event(err_fd, EVENT_HUSER_ERR, errno, 0);
+ 	    }
+ 	  _exit(0);
+ 	}
+@@ -122,6 +123,8 @@
+ 	action_str = "del";
+       else if (data.action == ACTION_ADD)
+ 	action_str = "add";
++      else if (data.action == ACTION_ACCESS)
++	action_str = "access";
+       else if (data.action == ACTION_OLD || data.action == ACTION_OLD_HOSTNAME)
+ 	action_str = "old";
+       else
+@@ -178,9 +181,11 @@
+ 		{
+ 		  /* On error send event back to main process for logging */
+ 		  if (WIFSIGNALED(status))
+-		    send_event(event_fd, EVENT_KILLED, WTERMSIG(status));
+-		  else if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
+-		    send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status));
++		    send_event(event_fd, EVENT_KILLED, WTERMSIG(status), data.uid);
++		  else if (WIFEXITED(status))
++		    send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status), data.uid);
++                  else
++		    send_event(event_fd, EVENT_EXITED, -1, data.uid);
+ 		  break;
+ 		}
+ 	      
+@@ -263,7 +268,7 @@
+ 	  err = errno;
+ 	}
+       /* failed, send event so the main process logs the problem */
+-      send_event(event_fd, EVENT_EXEC_ERR, err);
++      send_event(event_fd, EVENT_EXEC_ERR, err, data.uid);
+       _exit(0); 
+     }
+ }
+@@ -295,7 +300,7 @@
+ }
+  
+ /* pack up lease data into a buffer */    
+-void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now)
++void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now, unsigned int uid)
+ {
+   unsigned char *p;
+   size_t size;
+@@ -332,6 +337,7 @@
+       buf_size = size;
+     }
+ 
++  buf->uid = uid;
+   buf->action = action;
+   buf->hwaddr_len = lease->hwaddr_len;
+   buf->hwaddr_type = lease->hwaddr_type;
+@@ -393,12 +399,15 @@
+   return bytes_in_buf == 0;
+ }
+ 
+-void helper_write(void)
++/* returns -1 if write failed for a reason, 1 if no data exist
++ * and 0 if everything was ok.
++ */
++int helper_write(void)
+ {
+   ssize_t rc;
+ 
+   if (bytes_in_buf == 0)
+-    return;
++    return 1;
+   
+   if ((rc = write(daemon->helperfd, buf, bytes_in_buf)) != -1)
+     {
+@@ -409,9 +418,11 @@
+   else
+     {
+       if (errno == EAGAIN || errno == EINTR)
+-	return;
++	return -1;
+       bytes_in_buf = 0;
+     }
++    
++  return 0;
+ }
+ 
+ #endif
+Index: src/rfc2131.c
+===================================================================
+--- src/rfc2131.c	(revision 696)
++++ src/rfc2131.c	(revision 821)
+@@ -100,8 +100,49 @@
+ 				      int clid_len, unsigned char *clid, int *len_out);
+ static void match_vendor_opts(unsigned char *opt, struct dhcp_opt *dopt); 
+ 
++static int check_access_script( int piperead, struct dhcp_lease *lease, struct dhcp_packet *mess, time_t now)
++{
++#ifndef NO_FORK
++unsigned int uid;
++struct event_desc ev;
++int ret;
++struct dhcp_lease _lease;
++
++  if (daemon->lease_change_command == NULL) return 0; /* ok */
++
++  if (!lease) { /* if host has not been seen before lease is NULL */
++      memset(&_lease, 0, sizeof(_lease));
++      lease = &_lease;
++      lease_set_hwaddr(lease, mess->chaddr, NULL, mess->hlen, mess->htype, 0);
++  }
++
++  uid = rand16();
++  queue_script(ACTION_ACCESS, lease, NULL, now, uid);
++
++  /* send all data to helper process */
++  do 
++    {
++      helper_write();
++    } while (helper_buf_empty() == 0);
++
++  /* wait for our event */
++  ret = 0;
++  do 
++    {
++      ret = async_event( piperead, now, &ev, SCRIPT_TIMEOUT);
++    }
++  while(ev.priv != uid && ret >= 0);
++
++  if (ret < 0 || ev.data != 0) /* timeout or error */
++    {
++      return -1;
++    }
++
++#endif
++  return 0; /* ok */
++}
+ 	  
+-size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
++size_t dhcp_reply(int piperead, struct dhcp_context *context, char *iface_name, int int_index,
+ 		  size_t sz, time_t now, int unicast_dest, int *is_inform)
+ {
+   unsigned char *opt, *clid = NULL;
+@@ -252,7 +293,7 @@
+ 	mac->netid.next = netid;
+ 	netid = &mac->netid;
+       }
+-  
++
+   /* Determine network for this packet. Our caller will have already linked all the 
+      contexts which match the addresses of the receiving interface but if the 
+      machine has an address already, or came via a relay, or we have a subnet selector, 
+@@ -329,7 +370,7 @@
+ 	    my_syslog(LOG_INFO, _("Available DHCP range: %s -- %s"), daemon->namebuff, inet_ntoa(context_tmp->end));
+ 	}
+     }
+-
++    
+   mess->op = BOOTREPLY;
+   
+   config = find_config(daemon->dhcp_conf, context, clid, clid_len, 
+@@ -418,7 +459,7 @@
+ 	      else
+ 		mess->yiaddr = lease->addr;
+ 	    }
+-	  
++
+ 	  if (!message && 
+ 	      !lease && 
+ 	      (!(lease = lease_allocate(mess->yiaddr))))
+@@ -641,7 +682,14 @@
+       memcpy(req_options, option_ptr(opt, 0), option_len(opt));
+       req_options[option_len(opt)] = OPTION_END;
+     }
+-  
++
++  if (mess_type == DHCPREQUEST || mess_type == DHCPDISCOVER)
++    if (check_access_script(piperead, lease, mess, now) < 0)
++      {
++        my_syslog(LOG_INFO, _("Ignoring client due to access script"));
++        return 0;
++      }
++
+   switch (mess_type)
+     {
+     case DHCPDECLINE:
+Index: src/log.c
+===================================================================
+--- src/log.c	(revision 696)
++++ src/log.c	(revision 821)
+@@ -73,7 +73,7 @@
+ 
+   if (!log_reopen(daemon->log_file))
+     {
+-      send_event(errfd, EVENT_LOG_ERR, errno);
++      send_event(errfd, EVENT_LOG_ERR, errno, 0);
+       _exit(0);
+     }
+ 
+Index: src/lease.c
+===================================================================
+--- src/lease.c	(revision 696)
++++ src/lease.c	(revision 821)
+@@ -511,7 +511,7 @@
+       if (lease->old_hostname)
+ 	{
+ #ifndef NO_FORK
+-	  queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now);
++	  queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0);
+ #endif
+ 	  free(lease->old_hostname);
+ 	  lease->old_hostname = NULL;
+@@ -520,7 +520,7 @@
+       else 
+ 	{
+ #ifndef NO_FORK
+-	  queue_script(ACTION_DEL, lease, lease->hostname, now);
++	  queue_script(ACTION_DEL, lease, lease->hostname, now, 0);
+ #endif
+ 	  old_leases = lease->next;
+ 	  
+@@ -540,7 +540,7 @@
+     if (lease->old_hostname)
+       {	
+ #ifndef NO_FORK
+-	queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now);
++	queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0);
+ #endif
+ 	free(lease->old_hostname);
+ 	lease->old_hostname = NULL;
+@@ -552,7 +552,7 @@
+ 	(lease->aux_changed && (daemon->options & OPT_LEASE_RO)))
+       {
+ #ifndef NO_FORK
+-	queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now);
++	queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now, 0);
+ #endif
+ 	lease->new = lease->changed = lease->aux_changed = 0;
+ 	
+Index: man/dnsmasq.8
+===================================================================
+--- man/dnsmasq.8	(revision 696)
++++ man/dnsmasq.8	(revision 821)
+@@ -724,12 +724,15 @@
+ .B \-6 --dhcp-script=<path>
+ Whenever a new DHCP lease is created, or an old one destroyed, the
+ binary specified by this option is run. The arguments to the process
+-are "add", "old" or "del", the MAC
++are "add", "old", "access" or "del", the MAC
+ address of the host (or "<null>"), the IP address, and the hostname,
+ if known. "add" means a lease has been created, "del" means it has
+ been destroyed, "old" is a notification of an existing lease when
+ dnsmasq starts or a change to MAC address or hostname of an existing
+ lease (also, lease length or expiry and client-id, if leasefile-ro is set).
++The "access" keyword means that a request was just received and depending
++on the script exit status request for address will be granted, if exit status
++is zero or not if it is non-zero.
+ The process is run as root (assuming that dnsmasq was originally run as
+ root) even if dnsmasq is configured to change UID to an unprivileged user.
+ The environment is inherited from the invoker of dnsmasq, and if the

contrib/port-forward/dnsmasq-portforward

@@ -34,11 +34,21 @@ if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then
     hostname=${DNSMASQ_OLD_HOSTNAME}
 fi
 
+# IPv6 leases are not our concern. no NAT there!
+if [ ${DNSMASQ_IAID} ] ; then
+   exit 0
+fi
+
 # action init is not relevant, and will only be seen when leasefile-ro is set.
 if [ ${action} = init ] ; then
     exit 0
 fi
 
+# action tftp is not relevant.
+if [ ${action} = tftp ] ; then
+    exit 0
+fi
+
 if [ ${hostname} ]; then
     ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE})
 

contrib/port-forward/portforward

@@ -23,6 +23,6 @@
 # will port forward port 53 UDP and TCP from this host to port 53 on dnsserver.
 #
 # Port forwards will recreated when dnsmasq restarts after a reboot, and
-# removed when DHCP leases expire. After editing this file, restart dnsmasq 
-# to install new iptables entries in the kernel.
+# removed when DHCP leases expire. After editing this file, send
+# SIGHUP to dnsmasq to install new iptables entries in the kernel.
 

contrib/static-arp/static-arp

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# Contributed by Darren Hoo <darren.hoo@gmail.com>
+
+# If you use dnsmasq as DHCP server on a router, you may have
+# met with attackers trying ARP Poison Routing (APR) on your
+# local area network. This script will setup a 'permanent' entry
+# in the router's ARP table upon each DHCP transaction so as to
+# make the attacker's efforts less successful.
+
+# Usage:
+# edit /etc/dnsmasq.conf and specify the path of this script
+# to  dhcp-script, for example:
+#  dhcp-script=/usr/sbin/static-arp
+
+# if $1 is add or old, update the static arp table entry.
+# if $1 is del, then delete the entry from the table
+# if $1 is init which is called by dnsmasq at startup, it's ignored
+
+ARP=/usr/sbin/arp
+
+# Arguments.
+# $1 is action (add, del, old)
+# $2 is MAC
+# $3 is address
+# $4 is hostname (optional, may be unset)
+
+if [ ${1} = del ] ; then
+         ${ARP} -d $3
+fi
+
+if [ ${1} = old ] || [ ${1} = add ] ; then
+         ${ARP} -s $3 $2
+fi
+

contrib/systemd/README

@@ -0,0 +1,16 @@
+Hello,
+
+I created a systemd service file for dnsmasq.
+systemd is a sysvinit replacement (see [1] for more information).
+One of the goals of systemd is to encourage standardization between different
+distributions. This means, while I also submitted a ticket in Debian GNU/Linux,
+I would like to ask you to accept this service file as the upstream
+distributor, so that other distributions can use the same service file and
+don’t have to ship their own.
+
+Please include this file in your next release (just like in init script).
+
+
+[1] http://en.wikipedia.org/wiki/Systemd
+
+

contrib/systemd/dnsmasq.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=A lightweight DHCP and caching DNS server
+
+[Service]
+Type=dbus
+BusName=uk.org.thekelleys.dnsmasq
+ExecStartPre=/usr/sbin/dnsmasq --test
+ExecStart=/usr/sbin/dnsmasq -k
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

contrib/try-all-ns/README-2.47

@@ -0,0 +1,11 @@
+A remake of patch Bob Carroll had posted to dnsmasq,
+now compatible with version 2.47. Hopefully he doesn't 
+mind (sending a copy of this mail to him too).
+
+Maybe the patch in question is not acceptible
+as it doesn't add new switch, rather it binds itself to "strict-order".
+
+What it does is: if you have strict-order in the 
+dnsmasq config file and query a domain that would result 
+in NXDOMAIN, it iterates the whole given nameserver list 
+until the last one says NXDOMAIN.

contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch

@@ -0,0 +1,17 @@
+diff -ur dnsmasq-2.47/src/forward.c dnsmasq-2.47-patched/src/forward.c
+--- dnsmasq-2.47/src/forward.c	2009-02-01 17:59:48.000000000 +0200
++++ dnsmasq-2.47-patched/src/forward.c	2009-03-18 19:10:22.000000000 +0200
+@@ -488,9 +488,12 @@
+     return;
+    
+   server = forward->sentto;
++
++  if ( (header->rcode == NXDOMAIN) && ((daemon->options & OPT_ORDER) != 0) && (server->next != NULL) )
++    header->rcode = SERVFAIL;
+   
+   if ((header->rcode == SERVFAIL || header->rcode == REFUSED) &&
+-      !(daemon->options & OPT_ORDER) &&
++      ((daemon->options & OPT_ORDER) != 0) &&
+       forward->forwardall == 0)
+     /* for broken servers, attempt to send to another one. */
+     {

contrib/wrt/Makefile

@@ -1,7 +1,6 @@
-CFLAGS?= -O2
+CFLAGS?= -O2 -Wall -W
 
-all: dhcp_release.c
-	$(CC) $(CFLAGS) $(RPM_OPT_FLAGS) -Wall -W dhcp_release.c -o dhcp_release
+all: dhcp_release dhcp_lease_time
 
 clean:
-	rm -f *~ *.o core dhcp_release
+	rm -f *~ *.o core dhcp_release dhcp_lease_time

contrib/wrt/dhcp_lease_time.1

@@ -0,0 +1,23 @@
+.TH DHCP_LEASE_TIME 1
+.SH NAME
+dhcp_lease_time \- Query remaining time of a lease on a the local dnsmasq DHCP server.
+.SH SYNOPSIS
+.B  dhcp_lease_time <address>
+.SH "DESCRIPTION"
+Send a DHCPINFORM message to a dnsmasq server running on the local host
+and print (to stdout) the time remaining in any lease for the given
+address. The time is given as string printed to stdout.
+
+If an error occurs or no lease exists for the given address, 
+nothing is sent to stdout a message is sent to stderr and a
+non-zero error code is returned.
+
+Requires dnsmasq 2.40 or later and may not work with other DHCP servers.
+
+The address argument is a dotted-quad IP addresses and mandatory. 
+.SH SEE ALSO
+.BR dnsmasq (8)
+.SH AUTHOR
+This manual page was written by Simon Kelley <simon@thekelleys.org.uk>.
+
+

contrib/wrt/dhcp_lease_time.c

@@ -0,0 +1,214 @@
+/* Copyright (c) 2007 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+*/
+
+/* dhcp_lease_time <address> */
+
+/* Send a DHCPINFORM message to a dnsmasq server running on the local host
+   and print (to stdout) the time remaining in any lease for the given
+   address. The time is given as string printed to stdout.
+
+   If an error occurs or no lease exists for the given address, 
+   nothing is sent to stdout a message is sent to stderr and a
+   non-zero error code is returned.
+
+   Requires dnsmasq 2.40 or later. 
+*/
+
+#include <sys/types.h> 
+#include <netinet/in.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <net/if_arp.h>
+#include <sys/ioctl.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <errno.h>
+
+#define DHCP_CHADDR_MAX          16
+#define BOOTREQUEST              1
+#define DHCP_COOKIE              0x63825363
+#define OPTION_PAD               0
+#define OPTION_LEASE_TIME        51
+#define OPTION_OVERLOAD          52
+#define OPTION_MESSAGE_TYPE      53
+#define OPTION_END               255
+#define DHCPINFORM               8
+#define DHCP_SERVER_PORT         67
+
+#define option_len(opt) ((int)(((unsigned char *)(opt))[1]))
+#define option_ptr(opt) ((void *)&(((unsigned char *)(opt))[2]))
+
+
+typedef unsigned char u8;
+typedef unsigned short u16;
+typedef unsigned int u32;
+
+struct dhcp_packet {
+  u8 op, htype, hlen, hops;
+  u32 xid;
+  u16 secs, flags;
+  struct in_addr ciaddr, yiaddr, siaddr, giaddr;
+  u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128];
+  u32 cookie;
+  unsigned char options[308];
+};
+
+static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize)
+{
+  while (*p != OPTION_END) 
+    {
+      if (p >= end)
+        return NULL; /* malformed packet */
+      else if (*p == OPTION_PAD)
+        p++;
+      else 
+        { 
+          int opt_len;
+          if (p >= end - 2)
+            return NULL; /* malformed packet */
+          opt_len = option_len(p);
+          if (p >= end - (2 + opt_len))
+            return NULL; /* malformed packet */
+          if (*p == opt && opt_len >= minsize)
+            return p;
+          p += opt_len + 2;
+        }
+    }
+  
+  return opt == OPTION_END ? p : NULL;
+}
+ 
+static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize)
+{
+  unsigned char *ret, *overload;
+  
+  /* skip over DHCP cookie; */
+  if ((ret = option_find1(&mess->options[0], ((unsigned char *)mess) + size, opt_type, minsize)))
+    return ret;
+
+  /* look for overload option. */
+  if (!(overload = option_find1(&mess->options[0], ((unsigned char *)mess) + size, OPTION_OVERLOAD, 1)))
+    return NULL;
+  
+  /* Can we look in filename area ? */
+  if ((overload[2] & 1) &&
+      (ret = option_find1(&mess->file[0], &mess->file[128], opt_type, minsize)))
+    return ret;
+
+  /* finally try sname area */
+  if ((overload[2] & 2) &&
+      (ret = option_find1(&mess->sname[0], &mess->sname[64], opt_type, minsize)))
+    return ret;
+
+  return NULL;
+}
+
+static unsigned int option_uint(unsigned char *opt, int size)
+{
+  /* this worries about unaligned data and byte order */
+  unsigned int ret = 0;
+  int i;
+  unsigned char *p = option_ptr(opt);
+  
+  for (i = 0; i < size; i++)
+    ret = (ret << 8) | *p++;
+
+  return ret;
+}
+
+int main(int argc, char **argv)
+{ 
+  struct in_addr lease;
+  struct dhcp_packet packet;
+  unsigned char *p = packet.options;
+  struct sockaddr_in dest;
+  int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+  ssize_t rc;
+  
+  if (argc < 2)
+    { 
+      fprintf(stderr, "usage: dhcp_lease_time <address>\n");
+      exit(1);
+    }
+
+  if (fd == -1)
+    {
+      perror("cannot create socket");
+      exit(1);
+    }
+ 
+  lease.s_addr = inet_addr(argv[1]);
+   
+  memset(&packet, 0, sizeof(packet));
+ 
+  packet.hlen = 0;
+  packet.htype = 0;
+
+  packet.op = BOOTREQUEST;
+  packet.ciaddr = lease;
+  packet.cookie = htonl(DHCP_COOKIE);
+
+  *(p++) = OPTION_MESSAGE_TYPE;
+  *(p++) = 1;
+  *(p++) = DHCPINFORM;
+
+  *(p++) = OPTION_END;
+ 
+  dest.sin_family = AF_INET; 
+  dest.sin_addr.s_addr = inet_addr("127.0.0.1");
+  dest.sin_port = ntohs(DHCP_SERVER_PORT);
+  
+  if (sendto(fd, &packet, sizeof(packet), 0, 
+	     (struct sockaddr *)&dest, sizeof(dest)) == -1)
+    {
+      perror("sendto failed");
+      exit(1);
+    }
+
+  alarm(3); /* noddy timeout. */
+
+  rc = recv(fd, &packet, sizeof(packet), 0);
+  
+  if (rc < (ssize_t)(sizeof(packet) - sizeof(packet.options)))
+    {
+      perror("recv failed");
+      exit(1);
+    }
+
+  if ((p = option_find(&packet, (size_t)rc, OPTION_LEASE_TIME, 4)))
+    {
+      unsigned int t = option_uint(p, 4);
+      if (t == 0xffffffff)
+	printf("infinite");
+      else
+	{
+	  unsigned int x;
+	  if ((x = t/86400))
+	    printf("%dd", x);
+	  if ((x = (t/3600)%24))
+	    printf("%dh", x);
+	  if ((x = (t/60)%60))
+	    printf("%dm", x);
+	  if ((x = t%60))
+	    printf("%ds", x);
+	}
+      return 0;
+    }
+
+  return 1; /* no lease */
+}

contrib/wrt/dhcp_release.1

@@ -0,0 +1,35 @@
+.TH DHCP_RELEASE 1
+.SH NAME
+dhcp_release \- Release a DHCP lease on a the local dnsmasq DHCP server.
+.SH SYNOPSIS
+.B dhcp_release <interface> <address> <MAC address> <client_id>
+.SH "DESCRIPTION"
+A utility which forces the DHCP server running on this machine to release a 
+DHCP lease.
+.PP
+Send a DHCPRELEASE message via the specified interface to tell the
+local DHCP server to delete a particular lease. 
+
+The interface argument is the interface in which a DHCP
+request _would_ be received if it was coming from the client, 
+rather than being faked up here.
+   
+The address argument is a dotted-quad IP addresses and mandatory. 
+   
+The MAC address is colon separated hex, and is mandatory. It may be 
+prefixed by an address-type byte followed by -, eg
+
+10-11:22:33:44:55:66
+
+but if the address-type byte is missing it is assumed to be 1, the type 
+for ethernet. This encoding is the one used in dnsmasq lease files.
+
+The client-id is optional. If it is "*" then it treated as being missing.
+.SH NOTES
+MUST be run as root - will fail otherwise.
+.SH SEE ALSO
+.BR dnsmasq (8)
+.SH AUTHOR
+This manual page was written by Simon Kelley <simon@thekelleys.org.uk>.
+
+

contrib/wrt/dhcp_release.c

@@ -178,7 +178,7 @@ static int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask)
   return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr);
 }
 
-static struct in_addr find_interface(struct in_addr client, int fd, int index)
+static struct in_addr find_interface(struct in_addr client, int fd, unsigned int index)
 {
   struct sockaddr_nl addr;
   struct nlmsghdr *h;

dbus/DBus-interface

@@ -21,6 +21,9 @@ and avoids startup races with the provider of nameserver information.
 Dnsmasq provides one service on the DBus: uk.org.thekelleys.dnsmasq
 and a single object: /uk/org/thekelleys/dnsmasq
 
+1. METHODS
+----------
+
 Methods are of the form
 
 uk.org.thekelleys.<method>
@@ -91,4 +94,38 @@ Each call to SetServers completely replaces the set of servers
 specified by via the DBus, but it leaves any servers specified via the
 command line or /etc/dnsmasq.conf or /etc/resolv.conf alone.
 
+2. SIGNALS
+----------
 
+If dnsmasq's DHCP server is active, it will send signals over DBUS whenever
+the DHCP lease database changes. Think of these signals as transactions on
+a database with the IP address acting as the primary key.
+
+Signals are of the form:
+
+uk.org.thekelleys.<signal>
+
+and their parameters are:
+
+STRING "192.168.1.115"
+STRING "01:23:45:67:89:ab"
+STRING "hostname.or.fqdn"
+
+
+Available signals are:
+
+DhcpLeaseAdded
+---------------
+
+This signal is emitted when a DHCP lease for a given IP address is created.
+
+DhcpLeaseDeleted
+----------------
+
+This signal is emitted when a DHCP lease for a given IP address is deleted.
+
+DhcpLeaseUpdated
+----------------
+
+This signal is emitted when a DHCP lease for a given IP address is updated.
+ 

dbus/dnsmasq.conf

@@ -5,12 +5,10 @@
 	<policy user="root">
 		<allow own="uk.org.thekelleys.dnsmasq"/>
 		<allow send_destination="uk.org.thekelleys.dnsmasq"/>
-                <allow send_interface="uk.org.thekelleys.dnsmasq"/>
 	</policy>
 	<policy context="default">
                 <deny own="uk.org.thekelleys.dnsmasq"/>
                 <deny send_destination="uk.org.thekelleys.dnsmasq"/>
-                <deny send_interface="uk.org.thekelleys.dnsmasq"/>
         </policy>
 </busconfig>
 

debian/conffiles

@@ -0,0 +1,6 @@
+/etc/init.d/dnsmasq
+/etc/default/dnsmasq
+/etc/dnsmasq.conf
+/etc/resolvconf/update.d/dnsmasq
+/etc/dbus-1/system.d/dnsmasq.conf
+/etc/insserv.conf.d/dnsmasq

debian/control

@@ -0,0 +1,41 @@
+Source: dnsmasq
+Section: net
+Priority: optional
+Build-depends: gettext, libnetfilter-conntrack-dev [linux-any], libidn11-dev, libdbus-1-dev (>=0.61)
+Maintainer: Simon Kelley <simon@thekelleys.org.uk>
+Standards-Version: 3.9.3
+
+Package: dnsmasq
+Architecture: all
+Depends: netbase, adduser, dnsmasq-base(>= ${source:Version})
+Suggests: resolvconf
+Conflicts: resolvconf (<<1.15)
+Description: Small caching DNS proxy and DHCP/TFTP server
+ Dnsmasq is a lightweight, easy to configure, DNS forwarder and DHCP
+ server. It is designed to provide DNS and optionally, DHCP, to a 
+ small network. It can serve the names of local machines which are 
+ not in the global DNS. The DHCP server integrates with the DNS 
+ server and allows machines with DHCP-allocated addresses
+ to appear in the DNS with names configured either in each host or
+ in a central configuration file. Dnsmasq supports static and dynamic 
+ DHCP leases and BOOTP/TFTP for network booting of diskless machines.
+
+Package: dnsmasq-base
+Architecture: any
+Depends: ${shlibs:Depends}
+Conflicts: dnsmasq (<<2.41)
+Description: Small caching DNS proxy and DHCP/TFTP server
+ This package contains the dnsmasq executable and documentation, but
+ not the infrastructure required to run it as a system daemon. For
+ that, install the dnsmasq package.
+
+Package: dnsmasq-utils
+Architecture: linux-any
+Depends: ${shlibs:Depends}
+Conflicts: dnsmasq (<<2.40)
+Description: Utilities for manipulating DHCP leases
+ Small utilities to query a DHCP server's lease database and
+ remove leases from it. These programs are distributed with dnsmasq
+ and may not work correctly with other DHCP servers.
+
+ 

debian/copyright

@@ -0,0 +1,21 @@
+dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+It was downloaded from: http://www.thekelleys.org.uk/dnsmasq/
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+On Debian GNU/Linux systems, the text of the GNU general public license is 
+available in the file /usr/share/common-licenses/GPL-2 or 
+/usr/share/common-licenses/GPL-3
+
+The Debian package of dnsmasq was created by Simon Kelley with assistance 
+from Lars Bahner.
+

debian/dbus.conf

@@ -0,0 +1,18 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+	<policy user="root">
+		<allow own="uk.org.thekelleys.dnsmasq"/>
+		<allow send_destination="uk.org.thekelleys.dnsmasq"/>
+	</policy>
+        <policy user="dnsmasq">
+                <allow own="uk.org.thekelleys.dnsmasq"/>
+                <allow send_destination="uk.org.thekelleys.dnsmasq"/>
+        </policy>
+	<policy context="default">
+                <deny own="uk.org.thekelleys.dnsmasq"/>
+                <deny send_destination="uk.org.thekelleys.dnsmasq"/>
+        </policy>
+</busconfig>
+

debian/default

@@ -0,0 +1,33 @@
+# This file has five functions: 
+# 1) to completely disable starting dnsmasq, 
+# 2) to set DOMAIN_SUFFIX by running `dnsdomainname` 
+# 3) to select an alternative config file
+#    by setting DNSMASQ_OPTS to --conf-file=<file>
+# 4) to tell dnsmasq to read the files in /etc/dnsmasq.d for
+#    more configuration variables.
+# 5) to stop the resolvconf package from controlling dnsmasq's
+#    idea of which upstream nameservers to use.
+# For upgraders from very old versions, all the shell variables set 
+# here in previous versions are still honored by the init script
+# so if you just keep your old version of this file nothing will break.
+
+#DOMAIN_SUFFIX=`dnsdomainname`
+#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
+
+# Whether or not to run the dnsmasq daemon; set to 0 to disable.
+ENABLED=1
+
+# By default search this drop directory for configuration options.
+# Libvirt leaves a file here to make the system dnsmasq play nice.
+# Comment out this line if you don't want this. The dpkg-* are file
+# endings which cause dnsmasq to skip that file. This avoids pulling
+# in backups made by dpkg.
+CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
+
+# If the resolvconf package is installed, dnsmasq will use its output 
+# rather than the contents of /etc/resolv.conf to find upstream 
+# nameservers. Uncommenting this line inhibits this behaviour.
+# Not that including a "resolv-file=<filename>" line in 
+# /etc/dnsmasq.conf is not enough to override resolvconf if it is
+# installed: the line below must be uncommented.
+#IGNORE_RESOLVCONF=yes

debian/init

@@ -0,0 +1,269 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:       dnsmasq
+# Required-Start: $network $remote_fs $syslog
+# Required-Stop:  $network $remote_fs $syslog
+# Default-Start:  2 3 4 5
+# Default-Stop:   0 1 6
+# Description:    DHCP and DNS server
+### END INIT INFO
+
+set +e   # Don't exit on error status
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/dnsmasq
+NAME=dnsmasq
+DESC="DNS forwarder and DHCP server"
+
+# Most configuration options in /etc/default/dnsmasq are deprecated
+# but still honoured.
+ENABLED=1
+if [ -r /etc/default/$NAME ]; then
+	. /etc/default/$NAME
+fi
+
+# Get the system locale, so that messages are in the correct language, and the 
+# charset for IDN is correct
+if [ -r /etc/default/locale ]; then
+        . /etc/default/locale
+        export LANG
+fi
+
+test -x $DAEMON || exit 0
+
+# Provide skeleton LSB log functions for backports which don't have LSB functions.
+if [ -f /lib/lsb/init-functions ]; then
+         . /lib/lsb/init-functions
+else
+         log_warning_msg () {
+            echo "${@}."
+         }
+
+         log_success_msg () {
+            echo "${@}."
+         }
+
+         log_daemon_msg () {
+            echo -n "${1}: $2"
+         }
+
+	 log_end_msg () {
+            if [ $1 -eq 0 ]; then
+              echo "."
+            elif [ $1 -eq 255 ]; then
+              /bin/echo -e " (warning)."
+            else
+              /bin/echo -e " failed!"
+            fi
+         }
+fi
+
+# RESOLV_CONF:
+# If the resolvconf package is installed then use the resolv conf file
+# that it provides as the default.  Otherwise use /etc/resolv.conf as
+# the default.
+#
+# If IGNORE_RESOLVCONF is set in /etc/default/dnsmasq or an explicit
+# filename is set there then this inhibits the use of the resolvconf-provided
+# information.
+#
+# Note that if the resolvconf package is installed it is not possible to 
+# override it just by configuration in /etc/dnsmasq.conf, it is necessary
+# to set IGNORE_RESOLVCONF=yes in /etc/default/dnsmasq.
+
+if [ ! "$RESOLV_CONF" ] &&
+   [ "$IGNORE_RESOLVCONF" != "yes" ] &&
+   [ -x /sbin/resolvconf ]
+then
+	RESOLV_CONF=/var/run/dnsmasq/resolv.conf
+fi
+
+for INTERFACE in $DNSMASQ_INTERFACE; do
+	DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -i $INTERFACE"
+done
+
+for INTERFACE in $DNSMASQ_EXCEPT; do
+	DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -I $INTERFACE"
+done
+
+if [ ! "$DNSMASQ_USER" ]; then
+   DNSMASQ_USER="dnsmasq"
+fi
+
+start()
+{
+        # Return
+	#   0 if daemon has been started
+	#   1 if daemon was already running
+	#   2 if daemon could not be started
+
+        # /var/run may be volatile, so we need to ensure that
+        # /var/run/dnsmasq exists here as well as in postinst
+        if [ ! -d /var/run/dnsmasq ]; then
+           mkdir /var/run/dnsmasq || return 2
+           chown dnsmasq:nogroup /var/run/dnsmasq || return 2
+        fi
+
+	start-stop-daemon --start --quiet --pidfile /var/run/dnsmasq/$NAME.pid --exec $DAEMON --test > /dev/null || return 1
+	start-stop-daemon --start --quiet --pidfile /var/run/dnsmasq/$NAME.pid --exec $DAEMON -- \
+		-x /var/run/dnsmasq/$NAME.pid \
+	        ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \
+		${MAILTARGET:+ -t $MAILTARGET} \
+		${DNSMASQ_USER:+ -u $DNSMASQ_USER} \
+		${DNSMASQ_INTERFACES:+ $DNSMASQ_INTERFACES} \
+		${DHCP_LEASE:+ -l $DHCP_LEASE} \
+		${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \
+		${RESOLV_CONF:+ -r $RESOLV_CONF} \
+		${CACHESIZE:+ -c $CACHESIZE} \
+	        ${CONFIG_DIR:+ -7 $CONFIG_DIR} \
+		${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} \
+		|| return 2
+}
+
+start_resolvconf()
+{
+# If interface "lo" is explicitly disabled in /etc/default/dnsmasq
+# Then dnsmasq won't be providing local DNS, so don't add it to
+# the resolvconf server set.
+	for interface in $DNSMASQ_EXCEPT
+	do
+		[ $interface = lo ] && return
+	done
+
+        if [ -x /sbin/resolvconf ] ; then
+		echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.$NAME
+	fi
+	return 0
+}
+
+stop()
+{
+	# Return
+	#   0 if daemon has been stopped
+	#   1 if daemon was already stopped
+	#   2 if daemon could not be stopped
+	#   other if a failure occurred
+	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/dnsmasq/$NAME.pid --name $NAME
+	RETVAL="$?"
+	[ "$RETVAL" = 2 ] && return 2
+	return "$RETVAL"
+}
+
+stop_resolvconf()
+{
+	if [ -x /sbin/resolvconf ] ; then
+		/sbin/resolvconf -d lo.$NAME
+	fi
+	return 0
+}
+
+status()
+{
+	# Return
+	#   0 if daemon is running
+	#   1 if daemon is dead and pid file exists
+	#   3 if daemon is not running
+	#   4 if daemon status is unknown
+	start-stop-daemon --start --quiet --pidfile /var/run/dnsmasq/$NAME.pid --exec $DAEMON --test > /dev/null
+	case "$?" in
+		0) [ -e "/var/run/dnsmasq/$NAME.pid" ] && return 1 ; return 3 ;;
+		1) return 0 ;;
+		*) return 4 ;;
+	esac
+}
+
+case "$1" in
+  start)
+	test "$ENABLED" != "0" || exit 0
+	log_daemon_msg "Starting $DESC" "$NAME"
+	start
+	case "$?" in
+		0)
+			log_end_msg 0
+			start_resolvconf
+			exit 0
+			;;
+		1)
+			log_success_msg "(already running)"
+			exit 0
+			;;
+		*)
+			log_end_msg 1
+			exit 1
+			;;
+	esac
+	;;
+  stop)
+	stop_resolvconf
+	if [ "$ENABLED" != "0" ]; then
+             log_daemon_msg "Stopping $DESC" "$NAME"
+	fi
+	stop
+        RETVAL="$?"
+	if [ "$ENABLED" = "0" ]; then
+	    case "$RETVAL" in
+	       0) log_daemon_msg "Stopping $DESC" "$NAME"; log_end_msg 0 ;;
+            esac 
+	    exit 0
+	fi
+	case "$RETVAL" in
+		0) log_end_msg 0 ; exit 0 ;;
+		1) log_warning_msg "(not running)" ; exit 0 ;;
+		*) log_end_msg 1; exit 1 ;;
+	esac
+	;;
+  restart|force-reload)
+	test "$ENABLED" != "0" || exit 1
+	$DAEMON --test ${CONFIG_DIR:+ -7 $CONFIG_DIR} ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    NAME="configuration syntax check"
+	    RETVAL="2"
+	else   
+	    stop_resolvconf
+	    stop
+	    RETVAL="$?"
+        fi
+	log_daemon_msg "Restarting $DESC" "$NAME"
+	case "$RETVAL" in
+		0|1)
+		        sleep 2
+			start
+			case "$?" in
+				0)
+					log_end_msg 0
+					start_resolvconf
+					exit 0
+					;;
+			        *)
+					log_end_msg 1
+					exit 1
+					;;
+			esac
+			;;
+		*)
+			log_end_msg 1
+			exit 1
+			;;
+	esac
+	;;
+  status)
+	log_daemon_msg "Checking $DESC" "$NAME"
+	status
+	case "$?" in
+		0) log_success_msg "(running)" ; exit 0 ;;
+		1) log_success_msg "(dead, pid file exists)" ; exit 1 ;;
+		3) log_success_msg "(not running)" ; exit 3 ;;
+		*) log_success_msg "(unknown)" ; exit 4 ;;
+	esac
+	;;
+  dump-stats)
+        kill -s USR1 `cat /var/run/dnsmasq/$NAME.pid`
+	;;
+  *)
+	echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|dump-stats|status}" >&2
+	exit 3
+	;;
+esac
+
+exit 0
+

debian/insserv

@@ -0,0 +1 @@
+$named dnsmasq

debian/postinst

@@ -0,0 +1,49 @@
+#!/bin/sh
+set -e
+
+# create a user to run as (code stolen from dovecot-common)
+if [ "$1" = "configure" ]; then
+  if [ -z "`id -u dnsmasq 2> /dev/null`" ]; then
+    adduser --system  --home /var/lib/misc --gecos "dnsmasq" \
+            --no-create-home --disabled-password \
+            --quiet dnsmasq || true
+  fi
+
+  # Make the directory where we keep the pid file - this
+  # has to be owned by "dnsmasq" do that the file can be unlinked.
+  if [ ! -d /var/run/dnsmasq ]; then
+    mkdir /var/run/dnsmasq
+    chown dnsmasq:nogroup /var/run/dnsmasq
+  fi
+
+  # handle new location of pidfile during an upgrade
+  if [ -e /var/run/dnsmasq.pid ]; then
+      mv /var/run/dnsmasq.pid /var/run/dnsmasq
+  fi
+fi
+
+if [ -x /etc/init.d/dnsmasq ]; then
+   update-rc.d dnsmasq defaults 15 85 >/dev/null
+
+   if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then
+      if [ -e /var/run/dnsmasq/dnsmasq.pid ]; then
+          ACTION=restart
+      else
+          ACTION=start
+      fi
+
+      if [ -x /usr/sbin/invoke-rc.d ] ; then
+         invoke-rc.d dnsmasq $ACTION || true
+      else
+         /etc/init.d/dnsmasq $ACTION || true
+      fi
+   fi
+fi
+
+# dpkg can botch the change of /usr/share/doc/dnsmasq from
+# directory to symlink. Fix up here.
+if [ ! -h /usr/share/doc/dnsmasq ] && { rmdir /usr/share/doc/dnsmasq; }; then
+   cd /usr/share/doc/
+   ln -s /usr/share/doc/dnsmasq-base dnsmasq
+fi
+

debian/postrm

@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+if [ purge = "$1" ]; then
+   update-rc.d dnsmasq remove >/dev/null
+   if [ -x "$(command -v deluser)" ]; then
+     deluser --quiet --system dnsmasq > /dev/null || true
+  else
+     echo >&2 "not removing dnsmasq system account because deluser command was not found"
+  fi
+  rm -rf /var/run/dnsmasq
+fi

debian/prerm

@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = "remove" ]; then
+  if [ -x /usr/sbin/invoke-rc.d ] ; then
+      invoke-rc.d dnsmasq stop || true
+  else
+      /etc/init.d/dnsmasq stop || true
+  fi
+fi
+
+exit 0
+
+

debian/readme

@@ -0,0 +1,76 @@
+Notes on configuring dnsmasq as packaged for Debian.
+
+(1) To configure dnsmasq edit /etc/dnsmasq.conf. The file is well
+    commented; see also the dnsmasq.8 man page for explanation of
+    the options. The file /etc/default/dnsmasq also exists but it
+    shouldn't need to be touched in most cases. To set up DHCP
+    options you might need to refer to a copy of RFC 2132. This is 
+    available on Debian systems in the package doc-rfc-std as the file
+    /usr/share/doc/RFC/draft-standard/rfc2132.txt.gz .
+
+(2) Installing the dnsmasq package also creates the directory
+    /etc/dnsmasq.d which is searched by dnsmasq for configuration file
+    fragments. This behaviour can be disabled by editing 
+    /etc/default/dnsmasq.
+
+(3) If the Debian resolvconf package is installed then, regardless
+    of what interface configuration daemons are employed, the list of
+    nameservers to which dnsmasq should forward queries can be found
+    in /var/run/dnsmasq/resolv.conf; also, 127.0.0.1 is listed as the
+    first nameserver address in /etc/resolv.conf. This works using the
+    default configurations of resolvconf and dnsmasq.
+
+(4) In the absence of resolvconf, if you are using dhcpcd then
+    dnsmasq should read the list of nameservers from the automatically
+    generated file /etc/dhcpc/resolv.conf.  You should list 127.0.0.1
+    as the first nameserver address in /etc/resolv.conf.
+
+(5) In the absence of resolvconf, if you are using pppd then
+    dnsmasq should read the list of nameservers from the automatically
+    generated file /etc/ppp/resolv.conf.  You should list 127.0.0.1
+    as the first nameserver address in /etc/resolv.conf.
+
+(6) In the absence of resolvconf, dns-nameservers lines in 
+    /etc/network/interfaces are ignored. If you do do not use
+    resolvconf, list 127.0.0.1 as the first nameserver address
+    in /etc/resolv.conf and configure your nameservers using
+    "server=<IP-address>" lines in /etc/dnsmasq.conf.
+
+(7) If you run multiple DNS servers on a single machine, each
+    listening on a different interface, then it is necessary to use 
+    the bind-interfaces option by uncommenting "bind-interfaces" in 
+    /etc/dnsmasq.conf. This option stops dnsmasq from binding the 
+    wildcard address and allows servers listening on port 53 on
+    interfaces not in use by dnsmasq to work. The Debian 
+    libvirt package will add a configuration file in /etc/dnsmasq.d
+    which does this so that the "system" dnsmasq and "private" dnsmasq
+    instances started by libvirt do not clash.
+
+(8) The following options are supported in DEB_BUILD_OPTIONS
+      noopt       : compile without optimisation.
+      nostrip     : don't remove symbols from binary. 
+      nodocs      : omit documentation.
+      notftp      : omit TFTP support.
+      nodhcp      : omit DHCP support.
+      nodhcp6     : omit DHCPv6 support.
+      noscript    : omit lease-change script support.
+      use_lua     : provide support for lease-change scripts written
+                    in Lua.
+      noipv6      : omit IPv6 support.
+      nodbus      : omit DBus support.
+      noconntrack : omit connection tracking support. 
+      nortc       : compile alternate mode suitable for systems without an RTC.
+      noi18n      : omit translations and internationalisation support.
+      noidn       : omit international domain name support, must be
+                    combined with noi18n to be effective.
+      
+
+(9) Dnsmasq comes as three packages - dnsmasq-utils, dnsmasq-base and
+    dnsmasq. Dnsmasq-base provides the dnsmasq executable and
+    documentation (including this file). Dnsmasq, which depends on
+    dnsmasq-base, provides the init script and configuration
+    infrastructure. This file assumes that both are installed. It is
+    possible to install only dnsmasq-base and use dnsmasq as a
+    non-"system" daemon. Libvirt, for instance, does this.
+    Dnsmasq-utils provides the utilities dhcp_release and 
+    dhcp_lease_time.

debian/readme.dnsmasq.d

@@ -0,0 +1,7 @@
+# All files in this directory will be read by dnsmasq as 
+# configuration files, except if their names end in 
+# ".dpkg-dist",".dpkg-old" or ".dpkg-new"
+#
+# This can be changed by editing /etc/default/dnsmasq
+
+

debian/resolvconf

@@ -0,0 +1,70 @@
+#!/bin/bash
+#
+# Script to update the resolver list for dnsmasq
+#
+# N.B. Resolvconf may run us even if dnsmasq is not running.
+# If dnsmasq is installed then we go ahead and update
+# the resolver list in case dnsmasq is started later.
+#
+# Assumption: On entry, PWD contains the resolv.conf-type files
+#
+# Requires bash because it uses a non-POSIX printf extension.
+#
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.
+#
+
+set -e
+
+RUN_DIR="/var/run/dnsmasq"
+RSLVRLIST_FILE="${RUN_DIR}/resolv.conf"
+TMP_FILE="${RSLVRLIST_FILE}_new.$$"
+
+[ -x /usr/sbin/dnsmasq ] || exit 0
+[ -x /lib/resolvconf/list-records ] || exit 1
+
+PATH=/bin:/sbin
+
+report_err() { echo "$0: Error: $*" >&2 ; }
+
+# Stores arguments (minus duplicates) in RSLT, separated by spaces
+# Doesn't work properly if an argument itself contain whitespace
+uniquify()
+{
+	RSLT=""
+	while [ "$1" ] ; do
+		for E in $RSLT ; do
+			[ "$1" = "$E" ] && { shift ; continue 2 ; }
+		done
+		RSLT="${RSLT:+$RSLT }$1"
+		shift
+	done
+}
+
+if [ ! -d "$RUN_DIR" ] && ! mkdir --parents --mode=0755 "$RUN_DIR" ; then
+	report_err "Failed trying to create directory $RUN_DIR"
+	exit 1
+fi
+
+RSLVCNFFILES="$(/lib/resolvconf/list-records | sed -e '/^lo.dnsmasq$/d')"
+
+NMSRVRS=""
+if [ "$RSLVCNFFILES" ] ; then
+	uniquify $(sed -n -e 's/^[[:space:]]*nameserver[[:space:]]\+//p' $RSLVCNFFILES)
+	NMSRVRS="$RSLT"
+fi
+
+# Dnsmasq uses the mtime of $RSLVRLIST_FILE, with a resolution of one second,
+# to detect changes in the file. This means that if a resolvconf update occurs
+# within one second of the previous one then dnsmasq may fail to notice the
+# more recent change.  To work around this problem we sleep here to ensure
+# that the new mtime is different.
+if [ -f "$RSLVRLIST_FILE" ] && [ "$(ls -go --time-style='+%s' "$RSLVRLIST_FILE" | { read p h s t n ; echo "$t" ; })" = "$(date +%s)" ] ; then
+	sleep 1
+fi
+
+clean_up() { rm -f "$TMP_FILE" ; }
+trap clean_up EXIT
+: >| "$TMP_FILE"
+for N in $NMSRVRS ; do echo "nameserver $N" >> "$TMP_FILE" ; done
+mv -f "$TMP_FILE" "$RSLVRLIST_FILE"
+

debian/resolvconf-package

@@ -0,0 +1,13 @@
+#!/bin/sh
+# Resolvconf packaging event hook script for the dnsmasq package
+restart_dnsmasq() {
+    if which invoke-rc.d >/dev/null 2>&1 ; then
+        invoke-rc.d dnsmasq restart
+    elif [ -x /etc/init.d/dnsmasq ] ; then
+        /etc/init.d/dnsmasq restart
+    fi
+}
+
+case "$1" in
+  install) restart_dnsmasq ;;
+esac

debian/rules

@@ -0,0 +1,197 @@
+#!/usr/bin/make -f
+# debian/rules file - for dnsmasq.
+# Copyright 2001-2011 by Simon Kelley
+# Based on the sample in the debian hello package which carries the following:
+# Copyright 1994,1995 by Ian Jackson.
+# I hereby give you perpetual unlimited permission to copy,
+# modify and relicense this file, provided that you do not remove
+# my name from the file itself.  (I assert my moral right of
+# paternity under the Copyright, Designs and Patents Act 1988.)
+# This file may have to be extensively modified
+
+package=dnsmasq-base
+
+# policy manual, section 10.1
+ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
+     CFLAGS = -g -O0 -Wall -W
+else
+     CFLAGS = -g -O2 -Wall -W
+endif
+
+COPTS = 
+TARGET = install-i18n
+
+DEB_BUILD_ARCH_OS := $(shell dpkg-architecture -qDEB_BUILD_ARCH_OS)
+
+ifeq (,$(filter nodbus,$(DEB_BUILD_OPTIONS)))
+     COPTS += -DHAVE_DBUS
+endif
+
+ifeq (,$(filter noconntrack,$(DEB_BUILD_OPTIONS)))
+ifeq ($(DEB_BUILD_ARCH_OS),linux)
+     COPTS += -DHAVE_CONNTRACK
+endif
+endif
+
+ifneq (,$(filter nodhcp6,$(DEB_BUILD_OPTIONS)))
+     COPTS += -DNO_DHCP6
+endif
+
+ifneq (,$(filter noipv6,$(DEB_BUILD_OPTIONS)))
+     COPTS += -DNO_IPV6
+endif
+
+ifneq (,$(filter notftp,$(DEB_BUILD_OPTIONS)))
+     COPTS += -DNO_TFTP
+endif
+
+ifneq (,$(filter nodhcp,$(DEB_BUILD_OPTIONS)))
+     COPTS += -DNO_DHCP
+endif
+
+ifneq (,$(filter noscript,$(DEB_BUILD_OPTIONS)))
+     COPTS += -DNO_SCRIPT
+endif
+
+ifneq (,$(filter nortc,$(DEB_BUILD_OPTIONS)))
+     COPTS += -DHAVE_BROKEN_RTC
+endif
+
+ifneq (,$(filter noi18n,$(DEB_BUILD_OPTIONS)))
+     TARGET = install
+     ifeq (,$(filter noidn, $(DEB_BUILD_OPTIONS)))
+	COPTS += -DHAVE_IDN
+     endif	
+endif
+
+ifneq (,$(filter uselua,$(DEB_BUILD_OPTIONS)))
+     COPTS += -DHAVE_LUASCRIPT
+endif
+
+clean:
+	$(checkdir)
+	rm -rf debian/daemon debian/base debian/utils debian/*~ debian/files debian/substvars debian/utils-substvars
+	make clean
+	make -C contrib/wrt clean
+
+binary-indep:	checkroot
+	$(checkdir)
+	rm -rf debian/daemon
+	install -m 755 \
+	        -d debian/daemon/DEBIAN \
+		-d debian/daemon/usr/share/doc \
+	        -d debian/daemon/etc/init.d \
+		-d debian/daemon/etc/dnsmasq.d \
+	        -d debian/daemon/etc/resolvconf/update.d \
+		-d debian/daemon/usr/lib/resolvconf/dpkg-event.d \
+	        -d debian/daemon/etc/default \
+		-d debian/daemon/etc/dbus-1/system.d \
+		-d debian/daemon/lib/systemd/system \
+                -d debian/daemon/etc/insserv.conf.d
+	install -m 644 debian/conffiles debian/daemon/DEBIAN
+	install -m 755 debian/postinst debian/postrm debian/prerm debian/daemon/DEBIAN
+	install -m 755 debian/init debian/daemon/etc/init.d/dnsmasq
+	install -m 755 debian/resolvconf debian/daemon/etc/resolvconf/update.d/dnsmasq
+	install -m 755 debian/resolvconf-package debian/daemon/usr/lib/resolvconf/dpkg-event.d/dnsmasq
+	install -m 644 debian/default debian/daemon/etc/default/dnsmasq
+	install -m 644 dnsmasq.conf.example debian/daemon/etc/dnsmasq.conf
+	install -m 644 debian/readme.dnsmasq.d debian/daemon/etc/dnsmasq.d/README
+	install -m 644 debian/dbus.conf debian/daemon/etc/dbus-1/system.d/dnsmasq.conf
+	install -m 644 debian/systemd.service debian/daemon/lib/systemd/system/dnsmasq.service
+	install -m 644 debian/insserv debian/daemon/etc/insserv.conf.d/dnsmasq
+	ln -s $(package) debian/daemon/usr/share/doc/dnsmasq
+	cd debian/daemon && find . -type f ! -regex '.*DEBIAN/.*' -printf '%P\0' | xargs -r0 md5sum > DEBIAN/md5sums	
+	dpkg-gencontrol -pdnsmasq -Pdebian/daemon
+	chown -R root.root debian/daemon
+	chmod -R g-ws debian/daemon
+	dpkg --build debian/daemon ..
+
+binary-arch:	checkroot 
+	$(checkdir)
+	rm -rf debian/base
+	install -m 755 \
+		-d debian/base/DEBIAN \
+	        -d debian/base/usr/share/doc/$(package) \
+		-d debian/base/usr/share/doc/$(package)/examples \
+	        -d debian/base/var/run \
+	        -d debian/base/var/lib/misc
+	make $(TARGET) PREFIX=/usr DESTDIR=`pwd`/debian/base CFLAGS="$(CFLAGS)" COPTS="$(COPTS)" CC=gcc
+ifeq (,$(findstring nodocs,$(DEB_BUILD_OPTIONS)))
+	install -m 644 doc.html debian/base/usr/share/doc/$(package)/.
+	install -m 644 setup.html debian/base/usr/share/doc/$(package)/.
+	install -m 644 dnsmasq.conf.example debian/base/usr/share/doc/$(package)/examples/.
+	install -m 644 FAQ debian/base/usr/share/doc/$(package)/.
+	gzip -9 debian/base/usr/share/doc/$(package)/FAQ
+	install -m 644 CHANGELOG debian/base/usr/share/doc/$(package)/changelog
+	gzip -9 debian/base/usr/share/doc/$(package)/changelog
+	install -m 644 CHANGELOG.archive debian/base/usr/share/doc/$(package)/changelog.archive
+	gzip -9 debian/base/usr/share/doc/$(package)/changelog.archive
+	install -m 644 dbus/DBus-interface debian/base/usr/share/doc/$(package)/.
+	gzip -9 debian/base/usr/share/doc/$(package)/DBus-interface	
+endif
+	install -m 644 debian/changelog debian/base/usr/share/doc/$(package)/changelog.Debian
+	gzip -9 debian/base/usr/share/doc/$(package)/changelog.Debian
+	install -m 644 debian/readme debian/base/usr/share/doc/$(package)/README.Debian
+	install -m 644 debian/copyright debian/base/usr/share/doc/$(package)/copyright
+	gzip -9 debian/base/usr/share/man/man8/dnsmasq.8
+	for f in debian/base/usr/share/man/*; do \
+		if [ -f $$f/man8/dnsmasq.8 ]; then \
+                       gzip -9 $$f/man8/dnsmasq.8 ; \
+                fi \
+	done
+ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
+	strip -R .note -R .comment debian/base/usr/sbin/dnsmasq
+endif
+	cd debian/base && find . -type f ! -regex '.*DEBIAN/.*' -printf '%P\0' | xargs -r0 md5sum > DEBIAN/md5sums
+	dpkg-shlibdeps debian/base/usr/sbin/dnsmasq
+	dpkg-gencontrol -pdnsmasq-base -Pdebian/base
+	chown -R root.root debian/base
+	chmod -R g-ws debian/base 
+	dpkg --build debian/base ..
+
+ifeq ($(DEB_BUILD_ARCH_OS),linux)
+	rm -rf debian/utils
+	install -m 755 -d debian/utils/DEBIAN \
+                       -d debian/utils/usr/share/man/man1 \
+	               -d debian/utils/usr/bin \
+                       -d debian/utils/usr/share/doc/dnsmasq-utils
+	make -C contrib/wrt PREFIX=/usr DESTDIR=`pwd`/debian/utils CFLAGS="$(CFLAGS)" COPTS="$(COPTS)" CC=gcc
+	install -m 755 contrib/wrt/dhcp_release debian/utils/usr/bin/dhcp_release
+	install -m 644 contrib/wrt/dhcp_release.1 debian/utils/usr/share/man/man1/dhcp_release.1
+	gzip -9 debian/utils/usr/share/man/man1/dhcp_release.1
+	install -m 755 contrib/wrt/dhcp_lease_time debian/utils/usr/bin/dhcp_lease_time
+	install -m 644 contrib/wrt/dhcp_lease_time.1 debian/utils/usr/share/man/man1/dhcp_lease_time.1
+	install -m 644 debian/copyright debian/utils/usr/share/doc/dnsmasq-utils/copyright
+	install -m 644 debian/changelog debian/utils/usr/share/doc/dnsmasq-utils/changelog.Debian
+	gzip -9 debian/utils/usr/share/doc/dnsmasq-utils/changelog.Debian
+	gzip -9 debian/utils/usr/share/man/man1/dhcp_lease_time.1
+ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
+	strip -R .note -R .comment debian/utils/usr/bin/dhcp_release
+	strip -R .note -R .comment debian/utils/usr/bin/dhcp_lease_time
+endif	
+	cd debian/utils && find . -type f ! -regex '.*DEBIAN/.*' -printf '%P\0' | xargs -r0 md5sum > DEBIAN/md5sums
+	dpkg-shlibdeps -Tdebian/utils-substvars debian/utils/usr/bin/dhcp_release debian/utils/usr/bin/dhcp_lease_time
+	dpkg-gencontrol -Tdebian/utils-substvars -pdnsmasq-utils -Pdebian/utils
+	chown -R root.root debian/utils
+	chmod -R g-ws debian/utils 
+	dpkg --build debian/utils ..
+endif
+
+define checkdir
+	test -f Makefile -a -f debian/rules
+endef
+
+# Below here is fairly generic really
+
+binary:		binary-arch binary-indep
+
+build:		
+build-arch:
+build-indep:
+
+checkroot:
+	test root = "`whoami`"
+
+.PHONY: binary binary-arch binary-indep clean checkroot
+
+

debian/source/format

@@ -0,0 +1 @@
+1.0

debian/systemd.service

@@ -0,0 +1,31 @@
+[Unit]
+Description=A lightweight DHCP and caching DNS server
+
+[Service]
+Type=dbus
+BusName=uk.org.thekelleys.dnsmasq
+
+# Test the config file and refuse starting if it is not valid.
+ExecStartPre=/usr/sbin/dnsmasq --test
+
+# Enable DBus by default because we use DBus activation.
+#
+# Drop privileges and become the 'dnsmasq' user. It is recommended by dnsmasq
+# upstream to run dnsmasq as an isolated user that does not run any other
+# processes, owns no files and has no shell. The default 'nobody' user has a
+# shell and might be used for other processes.
+#
+# Debian-specific: add /etc/dnsmasq.d to config search path (with the exception
+# of .dpkg-*). Packages such as libvirt leave config files there.
+#
+# --pid-file without argument disables writing a PIDfile, we don't need one.
+ExecStart=/usr/sbin/dnsmasq -k \
+          --enable-dbus \
+          --user=dnsmasq \
+          -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new \
+          --pid-file
+
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

dnsmasq.conf.example

@@ -4,11 +4,16 @@
 # as the long options legal on the command line. See
 # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
 
+# Listen on this specific port instead of the standard DNS port
+# (53). Setting this to zero completely disables DNS function,
+# leaving only DHCP and/or TFTP.
+#port=5353
+
 # The following two options make you a better netizen, since they
 # tell dnsmasq to filter out queries which the public DNS cannot
 # answer, and which load the servers (especially the root servers)
-# uneccessarily. If you have a dial-on-demand link they also stop
-# these requests from bringing up the link uneccessarily.
+# unnecessarily. If you have a dial-on-demand link they also stop
+# these requests from bringing up the link unnecessarily.
 
 # Never forward plain names (without a dot or domain part)
 #domain-needed
@@ -19,7 +24,7 @@
 # Uncomment this to filter useless windows-originated DNS requests
 # which can trigger dial-on-demand links needlessly.
 # Note that (amongst other things) this blocks all SRV requests,
-# so don't use it if you use eg Kerberos.
+# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
 # This option only affects forwarding, SRV records originating for
 # dnsmasq (via srv-host= lines) are not suppressed by it.
 #filterwin2k
@@ -48,14 +53,30 @@
 # non-public domains.
 #server=/localnet/192.168.0.1
 
+# Example of routing PTR queries to nameservers: this will send all
+# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
+#server=/3.168.192.in-addr.arpa/10.1.2.3
+
 # Add local-only domains here, queries in these domains are answered
 # from /etc/hosts or DHCP only.
 #local=/localnet/
 
 # Add domains which you want to force to an IP address here.
-# The example below send any host in doubleclick.net to a local
-# webserver.
-#address=/doubleclick.net/127.0.0.1
+# The example below send any host in double-click.net to a local
+# web-server.
+#address=/double-click.net/127.0.0.1
+
+# --address (and --server) work with IPv6 addresses too.
+#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
+
+# You can control how dnsmasq talks to a server: this forces
+# queries to 10.1.2.3 to be routed via eth1
+# server=10.1.2.3@eth1
+
+# and this sets the source (ie local) address used to talk to
+# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
+# IP on the machine, obviously).
+# server=10.1.2.3@192.168.1.1#55
 
 # If you want dnsmasq to change uid and gid to something other
 # than the default, edit the following lines.
@@ -74,7 +95,7 @@
 #listen-address=
 # If you want dnsmasq to provide only DNS service on an interface,
 # configure it as shown above, and then use the following line to
-# disable DHCP on it.
+# disable DHCP and TFTP on it.
 #no-dhcp-interface=
 
 # On systems which support it, dnsmasq binds the wildcard address,
@@ -106,6 +127,12 @@
 # 3) Provides the domain part for "expand-hosts"
 #domain=thekelleys.org.uk
 
+# Set a different domain for a particular subnet
+#domain=wireless.thekelleys.org.uk,192.168.2.0/24
+
+# Same idea, but range rather then subnet
+#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
+
 # Uncomment this to enable the integrated DHCP server, you need
 # to supply the range of addresses available for lease and optionally
 # a lease time. If you have more than one network, you will need to
@@ -119,17 +146,68 @@
 # don't need to worry about this.
 #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
 
-# This is an example of a DHCP range with a network-id, so that
+# This is an example of a DHCP range which sets a tag, so that
 # some DHCP options may be set only for this network.
-#dhcp-range=red,192.168.0.50,192.168.0.150
+#dhcp-range=set:red,192.168.0.50,192.168.0.150
+
+# Use this DHCP range only when the tag "green" is set.
+#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
+
+# Specify a subnet which can't be used for dynamic address allocation,
+# is available for hosts with matching --dhcp-host lines. Note that
+# dhcp-host declarations will be ignored unless there is a dhcp-range
+# of some type for the subnet in question.
+# In this case the netmask is implied (it comes from the network
+# configuration on the machine running dnsmasq) it is possible to give
+# an explicit netmask instead.
+#dhcp-range=192.168.0.0,static
+
+# Enable DHCPv6. Note that the prefix-length does not need to be specified
+# and defaults to 64 if missing/
+#dhcp-range=1234::2, 1234::500, 64, 12h
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet.
+#dhcp-range=1234::, ra-only 
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
+# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack 
+# hosts. Use the DHCPv4 lease to derive the name, network segment and 
+# MAC address and assume that the host will also have an
+# IPv6 address calculated using the SLAAC alogrithm.
+#dhcp-range=1234::, ra-names
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet.
+# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
+#dhcp-range=1234::, ra-only, 48h
+
+# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
+# so that clients can use SLAAC addresses as well as DHCP ones.
+#dhcp-range=1234::2, 1234::500, slaac
+
+# Do Router Advertisements and stateless DHCP for this subnet. Clients will
+# not get addresses from DHCP, but they will get other configuration information.
+# They will use SLAAC for addresses.
+#dhcp-range=1234::, ra-stateless
+
+# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
+# from DHCPv4 leases.
+#dhcp-range=1234::, ra-stateless, ra-names
+
+# Do router advertisements for all subnets where we're doing DHCPv6
+# Unless overriden by ra-stateless, ra-names, et al, the router 
+# advertisements will have the M and O bits set, so that the clients
+# get addresses and configuration from DHCPv6, and the A bit reset, so the 
+# clients don't use SLAAC addresses.
+#enable-ra
 
 # Supply parameters for specified hosts using DHCP. There are lots
 # of valid alternatives, so we will give examples of each. Note that
 # IP addresses DO NOT have to be in the range given above, they just
 # need to be on the same network. The order of the parameters in these
-# do not matter, it's permissble to give name,adddress and MAC in any order
+# do not matter, it's permissible to give name, address and MAC in any
+# order.
 
-# Always allocate the host with ethernet address 11:22:33:44:55:66
+# Always allocate the host with Ethernet address 11:22:33:44:55:66
 # The IP address 192.168.0.60
 #dhcp-host=11:22:33:44:55:66,192.168.0.60
 
@@ -137,11 +215,19 @@
 # 11:22:33:44:55:66 to be "fred"
 #dhcp-host=11:22:33:44:55:66,fred
 
-# Always give the host with ethernet address 11:22:33:44:55:66
+# Always give the host with Ethernet address 11:22:33:44:55:66
 # the name fred and IP address 192.168.0.60 and lease time 45 minutes
 #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
 
-# Give the machine which says it's name is "bert" IP address
+# Give a host with Ethernet address 11:22:33:44:55:66 or
+# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
+# that these two Ethernet interfaces will never be in use at the same
+# time, and give the IP address to the second, even if it is already
+# in use by the first. Useful for laptops with wired and wireless
+# addresses.
+#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
+
+# Give the machine which says its name is "bert" IP address
 # 192.168.0.70 and an infinite lease
 #dhcp-host=bert,192.168.0.70,infinite
 
@@ -158,35 +244,47 @@
 # it asks for a DHCP lease.
 #dhcp-host=judge
 
-# Never offer DHCP service to a machine whose ethernet
+# Never offer DHCP service to a machine whose Ethernet
 # address is 11:22:33:44:55:66
 #dhcp-host=11:22:33:44:55:66,ignore
 
-# Ignore any client-id presented by the machine with ethernet
+# Ignore any client-id presented by the machine with Ethernet
 # address 11:22:33:44:55:66. This is useful to prevent a machine
 # being treated differently when running under different OS's or
 # between PXE boot and OS boot.
 #dhcp-host=11:22:33:44:55:66,id:*
 
 # Send extra options which are tagged as "red" to
-# the machine with ethernet address 11:22:33:44:55:66
-#dhcp-host=11:22:33:44:55:66,net:red
+# the machine with Ethernet address 11:22:33:44:55:66
+#dhcp-host=11:22:33:44:55:66,set:red
 
 # Send extra options which are tagged as "red" to
-# any machine with ethernet address starting 11:22:33:
-#dhcp-host=11:22:33:*:*:*,net:red
+# any machine with Ethernet address starting 11:22:33:
+#dhcp-host=11:22:33:*:*:*,set:red
+
+# Give a fixed IPv6 address and name to client with 
+# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
+# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
+# Note also the they [] around the IPv6 address are obilgatory.
+#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] 
+
+# Ignore any clients which are not specified in dhcp-host lines
+# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
+# This relies on the special "known" tag which is set when
+# a host is matched.
+#dhcp-ignore=tag:!known
 
 # Send extra options which are tagged as "red" to any machine whose
 # DHCP vendorclass string includes the substring "Linux"
-#dhcp-vendorclass=red,Linux
+#dhcp-vendorclass=set:red,Linux
 
 # Send extra options which are tagged as "red" to any machine one
 # of whose DHCP userclass strings includes the substring "accounts"
-#dhcp-userclass=red,accounts
+#dhcp-userclass=set:red,accounts
 
 # Send extra options which are tagged as "red" to any machine whose
 # MAC address matches the pattern.
-#dhcp-mac=red,00:60:8C:*:*:*
+#dhcp-mac=set:red,00:60:8C:*:*:*
 
 # If this line is uncommented, dnsmasq will read /etc/ethers and act
 # on the ethernet-address/IP pairs found there just as if they had
@@ -196,31 +294,37 @@
 
 # Send options to hosts which ask for a DHCP lease.
 # See RFC 2132 for details of available options.
+# Common options can be given to dnsmasq by name:
+# run "dnsmasq --help dhcp" to get a list.
 # Note that all the common settings, such as netmask and
 # broadcast address, DNS server and default route, are given
-# sane defaults by dnsmasq. You very likely will not need any
+# sane defaults by dnsmasq. You very likely will not need
 # any dhcp-options. If you use Windows clients and Samba, there
 # are some options which are recommended, they are detailed at the
 # end of this section.
-# For reference, the common options are:
-# subnet mask - 1
-# default router - 3
-# DNS server - 6
-# hostname - 12
-# broadcast address - 28
 
 # Override the default route supplied by dnsmasq, which assumes the
 # router is the same machine as the one running dnsmasq.
 #dhcp-option=3,1.2.3.4
 
+# Do the same thing, but using the option name
+#dhcp-option=option:router,1.2.3.4
+
 # Override the default route supplied by dnsmasq and send no default
 # route at all. Note that this only works for the options sent by
-# default (1, 3, 6, 12, 28) the same line will send a zero-length option 
+# default (1, 3, 6, 12, 28) the same line will send a zero-length option
 # for all other option numbers.
 #dhcp-option=3
 
 # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
-#dhcp-option=42,192.168.0.4,10.10.0.5
+#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
+
+# Send DHCPv6 option. Note [] around IPv6 addresses.
+#dhcp-option=option6:dns-server,[1234::77],[1234::88]
+
+# Send DHCPv6 option for namservers as the machine running 
+# dnsmasq and another.
+#dhcp-option=option6:dns-server,[::],[1234::88]
 
 # Set the NTP time server address to be the same machine as
 # is running dnsmasq
@@ -241,31 +345,35 @@
 
 # Specify an option which will only be sent to the "red" network
 # (see dhcp-range for the declaration of the "red" network)
-#dhcp-option=red,42,192.168.1.1
+# Note that the tag: part must precede the option: part.
+#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
 
 # The following DHCP options set up dnsmasq in the same way as is specified
 # for the ISC dhcpcd in
 # http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
 # adapted for a typical dnsmasq installation where the host running
 # dnsmasq is also the host running samba.
-# you may want to uncomment them if you use Windows clients and Samba.
+# you may want to uncomment some or all of them if you use
+# Windows clients and Samba.
 #dhcp-option=19,0           # option ip-forwarding off
 #dhcp-option=44,0.0.0.0     # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
 #dhcp-option=45,0.0.0.0     # netbios datagram distribution server
 #dhcp-option=46,8           # netbios node type
-#dhcp-option=47             # empty netbios scope.
+
+# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
+#dhcp-option=252,"\n"
 
 # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
 # probably doesn't support this......
-#dhcp-option=119,eng.apple.com,marketing.apple.com
+#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
 
 # Send RFC-3442 classless static routes (note the netmask encoding)
 #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
 
-# Send vendor-class specific options encapsulated in DHCP option 43. 
+# Send vendor-class specific options encapsulated in DHCP option 43.
 # The meaning of the options is defined by the vendor-class so
 # options are sent only when the client supplied vendor class
-# matches the class given here. (A substring match is OK, so "MSFT" 
+# matches the class given here. (A substring match is OK, so "MSFT"
 # matches "MSFT" and "MSFT 5.0"). This example sets the
 # mtftp address to 0.0.0.0 for PXEClients.
 #dhcp-option=vendor:PXEClient,1,0.0.0.0
@@ -276,29 +384,114 @@
 # http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
 #dhcp-option=vendor:MSFT,2,1i
 
-# Set the boot filename for BOOTP. You will only need 
+# Send the Encapsulated-vendor-class ID needed by some configurations of
+# Etherboot to allow is to recognise the DHCP server.
+#dhcp-option=vendor:Etherboot,60,"Etherboot"
+
+# Send options to PXELinux. Note that we need to send the options even
+# though they don't appear in the parameter request list, so we need
+# to use dhcp-option-force here.
+# See http://syslinux.zytor.com/pxe.php#special for details.
+# Magic number - needed before anything else is recognised
+#dhcp-option-force=208,f1:00:74:7e
+# Configuration file name
+#dhcp-option-force=209,configs/common
+# Path prefix
+#dhcp-option-force=210,/tftpboot/pxelinux/files/
+# Reboot time. (Note 'i' to send 32-bit value)
+#dhcp-option-force=211,30i
+
+# Set the boot filename for netboot/PXE. You will only need
 # this is you want to boot machines over the network and you will need
 # a TFTP server; either dnsmasq's built in TFTP server or an
 # external one. (See below for how to enable the TFTP server.)
 #dhcp-boot=pxelinux.0
 
+# The same as above, but use custom tftp-server instead machine running dnsmasq
+#dhcp-boot=pxelinux,server.name,192.168.1.100
+
+# Boot for Etherboot gPXE. The idea is to send two different
+# filenames, the first loads gPXE, and the second tells gPXE what to
+# load. The dhcp-match sets the gpxe tag for requests from gPXE.
+#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
+#dhcp-boot=tag:!gpxe,undionly.kpxe
+#dhcp-boot=mybootimage
+
+# Encapsulated options for Etherboot gPXE. All the options are
+# encapsulated within option 175
+#dhcp-option=encap:175, 1, 5b         # priority code
+#dhcp-option=encap:175, 176, 1b       # no-proxydhcp
+#dhcp-option=encap:175, 177, string   # bus-id
+#dhcp-option=encap:175, 189, 1b       # BIOS drive code
+#dhcp-option=encap:175, 190, user     # iSCSI username
+#dhcp-option=encap:175, 191, pass     # iSCSI password
+
+# Test for the architecture of a netboot client. PXE clients are
+# supposed to send their architecture as option 93. (See RFC 4578)
+#dhcp-match=peecees, option:client-arch, 0 #x86-32
+#dhcp-match=itanics, option:client-arch, 2 #IA64
+#dhcp-match=hammers, option:client-arch, 6 #x86-64
+#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
+
+# Do real PXE, rather than just booting a single file, this is an
+# alternative to dhcp-boot.
+#pxe-prompt="What system shall I netboot?"
+# or with timeout before first available action is taken:
+#pxe-prompt="Press F8 for menu.", 60
+
+# Available boot services. for PXE.
+#pxe-service=x86PC, "Boot from local disk"
+
+# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
+#pxe-service=x86PC, "Install Linux", pxelinux
+
+# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
+# Beware this fails on old PXE ROMS.
+#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
+
+# Use bootserver on network, found my multicast or broadcast.
+#pxe-service=x86PC, "Install windows from RIS server", 1
+
+# Use bootserver at a known IP address.
+#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
+
+# If you have multicast-FTP available,
+# information for that can be passed in a similar way using options 1
+# to 5. See page 19 of
+# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
+
+
 # Enable dnsmasq's built-in TFTP server
 #enable-tftp
 
-# Set the root directory for files availble via FTP.
+# Set the root directory for files available via FTP.
 #tftp-root=/var/ftpd
 
 # Make the TFTP server more secure: with this set, only files owned by
 # the user dnsmasq is running as will be send over the net.
 #tftp-secure
 
+# This option stops dnsmasq from negotiating a larger blocksize for TFTP
+# transfers. It will slow things down, but may rescue some broken TFTP
+# clients.
+#tftp-no-blocksize
+
 # Set the boot file name only when the "red" tag is set.
 #dhcp-boot=net:red,pxelinux.red-net
 
-# An example of dhcp-boot with an external server: the name and IP
+# An example of dhcp-boot with an external TFTP server: the name and IP
 # address of the server are given after the filename.
+# Can fail with old PXE ROMS. Overridden by --pxe-service.
 #dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
 
+# If there are multiple external tftp servers having a same name
+# (using /etc/hosts) then that name can be specified as the
+# tftp_servername (the third option to dhcp-boot) and in that
+# case dnsmasq resolves this name and returns the resultant IP
+# addresses in round robin fasion. This facility can be used to
+# load balance the tftp load among a set of servers.
+#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
+
 # Set the limit on DHCP leases, the default is 150
 #dhcp-lease-max=150
 
@@ -311,16 +504,16 @@
 # and take over the lease for any client which broadcasts on the network,
 # whether it has a record of the lease or not. This avoids long timeouts
 # when a machine wakes up on a new network. DO NOT enable this if there's
-# the slighest chance that you might end up accidentally configuring a DHCP
-# server for your campus/company accidentally. The ISC server uses the same
+# the slightest chance that you might end up accidentally configuring a DHCP
+# server for your campus/company accidentally. The ISC server uses
 # the same option, and this URL provides more information:
-# http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
+# http://www.isc.org/files/auth.html
 #dhcp-authoritative
 
 # Run an executable when a DHCP lease is created or destroyed.
-# The arguments sent to the script are "add" or "del", 
+# The arguments sent to the script are "add" or "del",
 # then the MAC address, the IP address and finally the hostname
-# if there is one. 
+# if there is one.
 #dhcp-script=/bin/echo
 
 # Set the cachesize here.
@@ -349,7 +542,8 @@
 #alias=1.2.3.4,5.6.7.8
 # and this maps 1.2.3.x to 5.6.7.x
 #alias=1.2.3.0,5.6.7.0,255.255.255.0
-
+# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
+#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
 
 # Change these lines if you want dnsmasq to serve MX records.
 
@@ -379,11 +573,11 @@
 # set for this to work.)
 
 # A SRV record sending LDAP for the example.com domain to
-# ldapserver.example.com port 289
+# ldapserver.example.com port 389
 #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
 
 # A SRV record sending LDAP for the example.com domain to
-# ldapserver.example.com port 289 (using domain=)
+# ldapserver.example.com port 389 (using domain=)
 #domain=example.com
 #srv-host=_ldap._tcp,ldapserver.example.com,389
 
@@ -412,11 +606,18 @@
 #Example zeroconf
 #txt-record=_http._tcp.example.com,name=value,paper=A4
 
+# Provide an alias for a "local" DNS name. Note that this _only_ works
+# for targets which are names from DHCP or /etc/hosts. Give host
+# "bert" another name, bertrand
+#cname=bertand,bert
 
 # For debugging purposes, log each DNS query as it passes through
 # dnsmasq.
 #log-queries
 
+# Log lots of extra information about DHCP transactions.
+#log-dhcp
+
 # Include a another lot of configuration options.
 #conf-file=/etc/dnsmasq.more.conf
 #conf-dir=/etc/dnsmasq.d

doc.html

@@ -1,9 +1,17 @@
 <HTML>
 <HEAD>
 <TITLE> Dnsmasq - a DNS forwarder for NAT firewalls.</TITLE>
+<link rel="icon"
+      href="http://www.thekelleys.org.uk/dnsmasq/images/favicon.ico">
 </HEAD>
 <BODY BGCOLOR="WHITE"> 
-<H1 ALIGN=center>Dnsmasq</H1> 
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr>
+<td align="left" valign="middle"><img border="0" src="http://www.thekelleys.org.uk/dnsmasq/images/icon.png" /></td>
+<td align="middle" valign="middle"><h1>Dnsmasq</h1></td>
+<td align="right" valign="middle"><img border="0" src="http://www.thekelleys.org.uk/dnsmasq/images/icon.png" /></td></tr>
+</table>
+
 Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
  server. It is designed to provide DNS and, optionally, DHCP, to a 
  small network. It can serve the names of local machines which are 
@@ -11,7 +19,7 @@ Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
  server and allows machines with DHCP-allocated addresses
  to appear in the DNS with names configured either in each host or
  in a central configuration file. Dnsmasq supports static and dynamic 
- DHCP leases and BOOTP/TFTP for network booting of diskless machines.
+ DHCP leases and BOOTP/TFTP/PXE for network booting of diskless machines.
 <P>
  Dnsmasq is targeted at home networks using NAT and 
 connected to the internet via a modem, cable-modem or ADSL
@@ -19,8 +27,8 @@ connection but would be a good choice for any smallish network (up to
 1000 clients is known to work) where low
 resource use and ease of configuration are important. 
 <P>
-Supported platforms include Linux (with glibc and uclibc), *BSD and
-Mac OS X.
+Supported platforms include Linux (with glibc and uclibc), Android, *BSD,
+Solaris and Mac OS X.
 Dnsmasq is included in at least the following Linux distributions:
 Gentoo, Debian, Slackware, Suse, Fedora,
 Smoothwall, IP-Cop, floppyfw, Firebox, LEAF, Freesco, fli4l,
@@ -59,7 +67,7 @@ improving performance (especially on modem connections).
 </LI>
 <LI>
 Dnsmasq can be configured to automatically pick up the addresses of
-it's upstream nameservers from ppp or dhcp configuration. It will
+its upstream nameservers from ppp or dhcp configuration. It will
 automatically reload this information if it changes. This facility
 will be of particular interest to maintainers of Linux firewall
 distributions since it allows dns configuration to be made automatic.
@@ -80,21 +88,19 @@ for any or all local machines.
 </LI>
 </DIR>
 
-<H2>Download.</H2>
+<H2>Get code.</H2>
 
-<A HREF="http://www.thekelleys.org.uk/dnsmasq/"> Download</A> dnsmasq here. 
+<A HREF="http://www.thekelleys.org.uk/dnsmasq/">Download</A> dnsmasq here. 
 The tarball includes this documentation, source, and manpage.
 There is also a <A HREF="CHANGELOG"> CHANGELOG</A> and a <A HREF="FAQ">FAQ</A>.
-Dnsmasq is part of the Debian distribution, it can be downloaded from 
-<A HREF="http://ftp.debian.org/debian/pool/main/d/dnsmasq/"> here</A> or installed using <TT>apt</TT>.
 
-<H2>Links.</H2>
-There is an article in German on dnsmasq at <A
-HREF="http://www.linuxnetmag.com/de/issue7/m7dnsmasq1.html">http://www.linuxnetmag.com/de/issue7/m7dnsmasq1.html</A>
-and Damien Raude-Morvan has one in French at <A HREF="http://www.drazzib.com/docs-dnsmasq.html">http://www.drazzib.com/docs-dnsmasq.html</A>
-There is a good article about dnsmasq at <A
-HREF="http://www.enterprisenetworkingplanet.com/netos/article.php/3377351">http://www.enterprisenetworkingplanet.com/netos/article.php/3377351</A>
-and Ilya Evseev has an article in Russian about dnsmasq to be found at <A HREF="http://ilya-evseev.narod.ru/articles/dnsmasq"> http://ilya-evseev.narod.ru/articles/dnsmasq</A>
+Dnsmasq has a git repository which contains the complete release
+history of version 2 and development history from 2.60. You can 
+<A HREF="http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=summary">browse</A>
+the repo, or get a copy using git protocol with the command
+
+<PRE><TT>git clone git://thekelleys.org.uk/dnsmasq.git </TT></PRE>
+
 <H2>License.</H2>
 Dnsmasq is distributed under the GPL. See the file COPYING in the distribution 
 for details.

logo/README

@@ -0,0 +1,12 @@
+Dnsmasq logo, contributed by Justin Clift.
+
+The source format is Inkscape SVG vector format, which is scalable and
+easy to export to other formats. For convenience I've included a 56x31
+png export and a 16x16 ico suitable for use as a web favicon.
+
+Simon Kelley, 22/10/2010
+
+
+
+
+ 

logo/icon.svg

@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   version="1.1"
+   x="0px"
+   y="0px"
+   width="56"
+   height="31"
+   viewBox="0 0 56 31"
+   enable-background="new 0 0 72.833 46.667"
+   xml:space="preserve"
+   id="svg2"
+   inkscape:version="0.47 r22583"
+   sodipodi:docname="dnsmasq_icon.svg"
+   inkscape:export-filename="/x/centos_home/jc/workspace/git_repos/libvirt-media/libvirt-media/png/dnsmasq_icon.png"
+   inkscape:export-xdpi="90"
+   inkscape:export-ydpi="90"><metadata
+   id="metadata27"><rdf:RDF><cc:Work
+       rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+         rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
+   id="defs25"><inkscape:perspective
+   sodipodi:type="inkscape:persp3d"
+   inkscape:vp_x="0 : 23.3335 : 1"
+   inkscape:vp_y="0 : 1000 : 0"
+   inkscape:vp_z="72.833 : 23.3335 : 1"
+   inkscape:persp3d-origin="36.4165 : 15.555667 : 1"
+   id="perspective4857" />
+	<filter
+   id="filter3802"
+   inkscape:label="filter1"
+   color-interpolation-filters="sRGB" /><linearGradient
+   inkscape:collect="always"
+   xlink:href="#SVGID_3_"
+   id="linearGradient4929"
+   gradientUnits="userSpaceOnUse"
+   x1="30.564501"
+   y1="-8.8144999"
+   x2="32.937"
+   y2="32.715599" />
+		<linearGradient
+   inkscape:collect="always"
+   xlink:href="#SVGID_3_"
+   id="linearGradient5798"
+   gradientUnits="userSpaceOnUse"
+   x1="30.564501"
+   y1="-8.8144999"
+   x2="32.937"
+   y2="32.715599" /><linearGradient
+   inkscape:collect="always"
+   xlink:href="#SVGID_3_"
+   id="linearGradient5812"
+   gradientUnits="userSpaceOnUse"
+   x1="30.564501"
+   y1="-8.8144999"
+   x2="32.937"
+   y2="32.715599" /><filter
+   id="filter6262"
+   inkscape:label="Drop shadow"
+   width="1.5"
+   height="1.5"
+   x="-0.25"
+   y="-0.25"
+   color-interpolation-filters="sRGB"><feGaussianBlur
+     id="feGaussianBlur6264"
+     in="SourceAlpha"
+     stdDeviation="2.500000"
+     result="blur" /><feColorMatrix
+     id="feColorMatrix6266"
+     result="bluralpha"
+     type="matrix"
+     values="1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0.500000 0 " /><feOffset
+     id="feOffset6268"
+     in="bluralpha"
+     dx="2.700000"
+     dy="2.600000"
+     result="offsetBlur" /><feMerge
+     id="feMerge6270"><feMergeNode
+       id="feMergeNode6272"
+       in="offsetBlur" /><feMergeNode
+       id="feMergeNode6274"
+       in="SourceGraphic" /></feMerge></filter></defs><sodipodi:namedview
+   pagecolor="#ffffff"
+   bordercolor="#666666"
+   borderopacity="1"
+   objecttolerance="10"
+   gridtolerance="10"
+   guidetolerance="10"
+   inkscape:pageopacity="0"
+   inkscape:pageshadow="2"
+   inkscape:window-width="1568"
+   inkscape:window-height="1076"
+   id="namedview23"
+   showgrid="false"
+   inkscape:zoom="8"
+   inkscape:cx="31.966768"
+   inkscape:cy="21.211869"
+   inkscape:window-x="567"
+   inkscape:window-y="328"
+   inkscape:window-maximized="0"
+   inkscape:current-layer="layer1"
+   inkscape:showpageshadow="false"
+   showborder="true" />
+<g
+   inkscape:groupmode="layer"
+   id="layer1"
+   inkscape:label="dnsmasq"
+   style="display:inline"
+   transform="translate(5.2838057,-15.545371)"><g
+     id="g3790"
+     transform="matrix(0.8183832,0,0,0.8183832,65.304897,9.8747678)"
+     style="filter:url(#filter6262)"
+     inkscape:export-xdpi="90"
+     inkscape:export-ydpi="90"><g
+       transform="translate(-91.018462,1.0687099)"
+       id="g9">
+			<path
+   style="fill:#6700ad"
+   inkscape:connector-curvature="0"
+   id="path11"
+   d="M 54.997,12.151 C 50.083,9.132 43.29,7.266 35.791,7.266 c -7.5,0 -14.29,1.866 -19.204,4.885 -4.915,3.016 -7.956,7.184 -7.956,11.789 0,4.604 3.041,8.772 7.956,11.788 4.914,3.02 11.704,-4.271 19.204,-4.271 7.499,0 14.292,7.291 19.206,4.271 4.914,-3.016 7.955,-7.185 7.955,-11.788 0,-4.606 -3.041,-8.773 -7.955,-11.789 z M 24.996,24.318 c -2.698,0 -4.885,-0.922 -4.885,-2.061 0,-1.14 2.187,-2.063 4.885,-2.063 2.697,0 4.885,0.924 4.885,2.063 0,1.139 -2.188,2.061 -4.885,2.061 z m 21.501,0.191 c -2.686,0 -4.861,-0.856 -4.861,-1.912 0,-1.054 2.176,-1.911 4.861,-1.911 2.685,0 4.863,0.857 4.863,1.911 0,1.056 -2.178,1.912 -4.863,1.912 z" />
+			<path
+   style="fill:none;stroke:#ffb616;stroke-width:1.85353255"
+   inkscape:connector-curvature="0"
+   id="path13"
+   d="M 54.997,12.151 C 50.083,9.132 43.29,7.266 35.791,7.266 c -7.5,0 -14.29,1.866 -19.204,4.885 -4.915,3.016 -7.956,7.184 -7.956,11.789 0,4.604 3.041,8.772 7.956,11.788 4.914,3.02 11.704,-4.271 19.204,-4.271 7.499,0 14.292,7.291 19.206,4.271 4.914,-3.016 7.955,-7.185 7.955,-11.788 0,-4.606 -3.041,-8.773 -7.955,-11.789 z M 24.996,24.318 c -2.698,0 -4.885,-0.922 -4.885,-2.061 0,-1.14 2.187,-2.063 4.885,-2.063 2.697,0 4.885,0.924 4.885,2.063 0,1.139 -2.188,2.061 -4.885,2.061 z m 21.501,0.191 c -2.686,0 -4.861,-0.856 -4.861,-1.912 0,-1.054 2.176,-1.911 4.861,-1.911 2.685,0 4.863,0.857 4.863,1.911 0,1.056 -2.178,1.912 -4.863,1.912 z" />
+		</g><g
+       transform="translate(-91.018462,1.0687099)"
+       id="Layer_2">
+	<linearGradient
+   y2="32.715599"
+   x2="32.937"
+   y1="-8.8144999"
+   x1="30.564501"
+   gradientUnits="userSpaceOnUse"
+   id="SVGID_3_">
+		<stop
+   id="stop17"
+   style="stop-color:#FFFFFF;stop-opacity:0.73"
+   offset="0" />
+		<stop
+   id="stop19"
+   style="stop-color:#FFFFFF;stop-opacity:0"
+   offset="1" />
+	</linearGradient>
+	<path
+   inkscape:connector-curvature="0"
+   style="fill:url(#linearGradient5812)"
+   id="path21"
+   d="m 54.1,15.361 c -0.924,1.078 -2.782,1.265 -3.857,1.06 C 38,14.083 22.75,12.75 16.027,23.031 14.858,24.819 11.992,25.39 10.293,23.887 8.631,22.417 13.105,15.804 17.646,13.033 22.194,10.252 28.474,8.53 35.41,8.53 c 6.936,0 13.215,1.722 17.756,4.502 0.731,0.442 1.627,1.52 0.934,2.329 z" />
+</g></g></g></svg>

setup.html

@@ -221,7 +221,7 @@ triggering dial-on-demand internet links.
 Sending SIGHUP to the dnsmasq process will cause it to empty its cache and 
 then re-load <TT>/etc/hosts</TT> and <TT>/etc/resolv.conf</TT>.
 <P> Sending SIGUSR1 (killall -10 dnsmasq) to the dnsmasq process will
-cause to to write cache usage statisticss to the log, typically
+cause to write cache usage statisticss to the log, typically
 <TT>/var/log/syslog</TT> or <TT>/var/log/messages</TT>.
 <P> The <TT>log-queries</TT> option tells dnsmasq to verbosely log the queries
 it is handling and causes SIGUSR1 to trigger a complete dump of the

src/bpf.c

@@ -1,55 +1,199 @@
-/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
 
-#ifndef HAVE_LINUX_NETWORK
+#if defined(HAVE_BSD_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
+#include <ifaddrs.h>
 
+#if defined(HAVE_BSD_NETWORK) && !defined(__APPLE__)
+#include <sys/sysctl.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/if_ether.h>
+
+#ifndef SA_SIZE
+#define SA_SIZE(sa)                                             \
+    (  (!(sa) || ((struct sockaddr *)(sa))->sa_len == 0) ?      \
+        sizeof(long)            :                               \
+        1 + ( (((struct sockaddr *)(sa))->sa_len - 1) | (sizeof(long) - 1) ) )
+#endif
+
+int arp_enumerate(void *parm, int (*callback)())
+{
+  int mib[6];
+  size_t needed;
+  char *next;
+  struct rt_msghdr *rtm;
+  struct sockaddr_inarp *sin2;
+  struct sockaddr_dl *sdl;
+  struct iovec buff;
+  int rc;
+
+  buff.iov_base = NULL;
+  buff.iov_len = 0;
+
+  mib[0] = CTL_NET;
+  mib[1] = PF_ROUTE;
+  mib[2] = 0;
+  mib[3] = AF_INET;
+  mib[4] = NET_RT_FLAGS;
+#ifdef RTF_LLINFO
+  mib[5] = RTF_LLINFO;
+#else
+  mib[5] = 0;
+#endif	
+  if (sysctl(mib, 6, NULL, &needed, NULL, 0) == -1 || needed == 0)
+    return 0;
+
+  while (1) 
+    {
+      if (!expand_buf(&buff, needed))
+	return 0;
+      if ((rc = sysctl(mib, 6, buff.iov_base, &needed, NULL, 0)) == 0 ||
+	  errno != ENOMEM)
+	break;
+      needed += needed / 8;
+    }
+  if (rc == -1)
+    return 0;
+  
+  for (next = buff.iov_base ; next < (char *)buff.iov_base + needed; next += rtm->rtm_msglen)
+    {
+      rtm = (struct rt_msghdr *)next;
+      sin2 = (struct sockaddr_inarp *)(rtm + 1);
+      sdl = (struct sockaddr_dl *)((char *)sin2 + SA_SIZE(sin2));
+      if (!(*callback)(AF_INET, &sin2->sin_addr, LLADDR(sdl), sdl->sdl_alen, parm))
+	return 0;
+    }
+
+  return 1;
+}
+#endif
+
+
+int iface_enumerate(int family, void *parm, int (*callback)())
+{
+  struct ifaddrs *head, *addrs;
+  int errsav, ret = 0;
+
+  if (family == AF_UNSPEC)
+#if defined(HAVE_BSD_NETWORK) && !defined(__APPLE__)
+    return  arp_enumerate(parm, callback);
+#else
+  return 0; /* need code for Solaris and MacOS*/
+#endif
+
+  /* AF_LINK doesn't exist in Linux, so we can't use it in our API */
+  if (family == AF_LOCAL)
+    family = AF_LINK;
+
+  if (getifaddrs(&head) == -1)
+    return 0;
+
+  for (addrs = head; addrs; addrs = addrs->ifa_next)
+    {
+      if (addrs->ifa_addr->sa_family == family)
+	{
+	  int iface_index = if_nametoindex(addrs->ifa_name);
+
+	  if (iface_index == 0)
+	    continue;
+
+	  if (family == AF_INET)
+	    {
+	      struct in_addr addr, netmask, broadcast;
+	      addr = ((struct sockaddr_in *) addrs->ifa_addr)->sin_addr;
+	      netmask = ((struct sockaddr_in *) addrs->ifa_netmask)->sin_addr;
+	      broadcast = ((struct sockaddr_in *) addrs->ifa_broadaddr)->sin_addr; 
+	      if (!((*callback)(addr, iface_index, netmask, broadcast, parm)))
+		goto err;
+	    }
+#ifdef HAVE_IPV6
+	  else if (family == AF_INET6)
+	    {
+	      struct in6_addr *addr = &((struct sockaddr_in6 *) addrs->ifa_addr)->sin6_addr;
+	      unsigned char *netmask = (unsigned char *) &((struct sockaddr_in6 *) addrs->ifa_netmask)->sin6_addr;
+	      int scope_id = ((struct sockaddr_in6 *) addrs->ifa_addr)->sin6_scope_id;
+	      int i, j, prefix = 0;
+	      
+	      for (i = 0; i < IN6ADDRSZ; i++, prefix += 8) 
+                if (netmask[i] != 0xff)
+		  break;
+       
+	      if (i != IN6ADDRSZ && netmask[i]) 
+                for (j = 7; j > 0; j--, prefix++) 
+		  if ((netmask[i] & (1 << j)) == 0)
+		    break;
+	      
+	      /* voodoo to clear interface field in address */
+	      if (!option_bool(OPT_NOWILD) && IN6_IS_ADDR_LINKLOCAL(addr))
+		{
+		  addr->s6_addr[2] = 0;
+		  addr->s6_addr[3] = 0;
+		}
+	      
+	      if (!((*callback)(addr, prefix, scope_id, iface_index, 0, parm)))
+		goto err;
+	}
+#endif
+#ifdef HAVE_DHCP6      
+	  else if (family == AF_LINK)
+	    { 
+	      /* Assume ethernet again here */
+	      struct sockaddr_dl *sdl = (struct sockaddr_dl *) addrs->ifa_addr;
+	      if (sdl->sdl_alen != 0 && 
+		  !((*callback)(iface_index, ARPHRD_ETHER, LLADDR(sdl), sdl->sdl_alen, parm)))
+		goto err;
+	    }
+#endif 
+	}
+    }
+  
+  ret = 1;
+
+ err:
+  errsav = errno;
+  freeifaddrs(head);  
+  errno = errsav;
+
+  return ret;
+}
+#endif
+
+
+#if defined(HAVE_BSD_NETWORK) && defined(HAVE_DHCP)
 #include <net/bpf.h>
 
-static struct iovec ifconf = {
-  .iov_base = NULL,
-  .iov_len = 0
-};
-
-static struct iovec ifreq = {
-  .iov_base = NULL,
-  .iov_len = 0
-};
-
-void init_bpf(struct daemon *daemon)
+void init_bpf(void)
 {
   int i = 0;
 
   while (1) 
     {
-      /* useful size which happens to be sufficient */
-      if (expand_buf(&ifreq, sizeof(struct ifreq)))
-	{
-	  sprintf(ifreq.iov_base, "/dev/bpf%d", i++);
-	  if ((daemon->dhcp_raw_fd = open(ifreq.iov_base, O_RDWR, 0)) != -1)
-	    {
-	      int flags = fcntl(daemon->dhcp_raw_fd, F_GETFD);
-	      if (flags != -1)
-		fcntl(daemon->dhcp_raw_fd, F_SETFD, flags | FD_CLOEXEC); 
-	      return;
-	    }
-	}
+      sprintf(daemon->dhcp_buff, "/dev/bpf%d", i++);
+      if ((daemon->dhcp_raw_fd = open(daemon->dhcp_buff, O_RDWR, 0)) != -1)
+	return;
+
       if (errno != EBUSY)
-	die(_("cannot create DHCP BPF socket: %s"), NULL);
+	die(_("cannot create DHCP BPF socket: %s"), NULL, EC_BADNET);
     }	     
 }
 
-void send_via_bpf(struct daemon *daemon, struct dhcp_packet *mess, size_t len,
+void send_via_bpf(struct dhcp_packet *mess, size_t len,
 		  struct in_addr iface_addr, struct ifreq *ifr)
 {
    /* Hairy stuff, packet either has to go to the
@@ -73,8 +217,8 @@ void send_via_bpf(struct daemon *daemon, struct dhcp_packet *mess, size_t len,
   /* Only know how to do ethernet on *BSD */
   if (mess->htype != ARPHRD_ETHER || mess->hlen != ETHER_ADDR_LEN)
     {
-      syslog(LOG_WARNING, _("DHCP request for unsupported hardware type (%d) received on %s"), 
-	     mess->htype, ifr->ifr_name);
+      my_syslog(MS_DHCP | LOG_WARNING, _("DHCP request for unsupported hardware type (%d) received on %s"), 
+		mess->htype, ifr->ifr_name);
       return;
     }
    
@@ -114,15 +258,17 @@ void send_via_bpf(struct daemon *daemon, struct dhcp_packet *mess, size_t len,
     sum = (sum & 0xffff) + (sum >> 16);  
   ip.ip_sum = (sum == 0xffff) ? sum : ~sum;
   
-  udp.uh_sport = htons(DHCP_SERVER_PORT);
-  udp.uh_dport = htons(DHCP_CLIENT_PORT);
+  udp.uh_sport = htons(daemon->dhcp_server_port);
+  udp.uh_dport = htons(daemon->dhcp_client_port);
   if (len & 1)
     ((char *)mess)[len] = 0; /* for checksum, in case length is odd. */
   udp.uh_sum = 0;
   udp.uh_ulen = sum = htons(sizeof(struct udphdr) + len);
   sum += htons(IPPROTO_UDP);
-  for (i = 0; i < 4; i++)
-    sum += ((u16 *)&ip.ip_src)[i];
+  sum += ip.ip_src.s_addr & 0xffff;
+  sum += (ip.ip_src.s_addr >> 16) & 0xffff;
+  sum += ip.ip_dst.s_addr & 0xffff;
+  sum += (ip.ip_dst.s_addr >> 16) & 0xffff;
   for (i = 0; i < sizeof(struct udphdr)/2; i++)
     sum += ((u16 *)&udp)[i];
   for (i = 0; i < (len + 1) / 2; i++)
@@ -145,100 +291,6 @@ void send_via_bpf(struct daemon *daemon, struct dhcp_packet *mess, size_t len,
   while (writev(daemon->dhcp_raw_fd, iov, 4) == -1 && retry_send());
 }
 
-int iface_enumerate(struct daemon *daemon, void *parm, int (*ipv4_callback)(), int (*ipv6_callback)())
-{
-  char *ptr;
-  struct ifreq *ifr;
-  struct ifconf ifc;
-  int fd, errsav, ret = 0;
-  int lastlen = 0;
-  size_t len = 0;
-  
-  if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
-    return 0;
-  
-  while(1)
-    {
-      len += 10*sizeof(struct ifreq);
-      
-      if (!expand_buf(&ifconf, len))
-	goto err;
-      
-      ifc.ifc_len = len;
-      ifc.ifc_buf = ifconf.iov_base;
-      
-      if (ioctl(fd, SIOCGIFCONF, &ifc) == -1)
-	{
-	  if (errno != EINVAL || lastlen != 0)
-	    goto err;
-	}
-      else
-	{
-	  if (ifc.ifc_len == lastlen)
-	    break; /* got a big enough buffer now */
-	  lastlen = ifc.ifc_len;
-	}
-    }
-  
-  for (ptr = ifc.ifc_buf; ptr < ifc.ifc_buf + ifc.ifc_len; ptr += len )
-    {
-      /* subsequent entries may not be aligned, so copy into
-	 an aligned buffer to avoid nasty complaints about 
-	 unaligned accesses. */
-#ifdef HAVE_SOCKADDR_SA_LEN
-      len = ((struct ifreq *)ptr)->ifr_addr.sa_len + IF_NAMESIZE;
-#else
-      len = sizeof(struct ifreq);
 #endif
-      if (!expand_buf(&ifreq, len))
-	goto err;
 
-      ifr = ifreq.iov_base;
-      memcpy(ifr, ptr, len);
-           
-      if (ifr->ifr_addr.sa_family == AF_INET && ipv4_callback)
-	{
-	  struct in_addr addr, netmask, broadcast;
-	  broadcast.s_addr = 0;
-	  addr = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr;
-	  if (ioctl(fd, SIOCGIFNETMASK, ifr) == -1)
-	    continue;
-	  netmask = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr;
-	  if (ioctl(fd, SIOCGIFBRDADDR, ifr) != -1)
-	    broadcast = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr; 
-	  if (!((*ipv4_callback)(daemon, addr, 
-				 (int)if_nametoindex(ifr->ifr_name),
-				 netmask, broadcast, 
-				 parm)))
-	    goto err;
-	}
-#ifdef HAVE_IPV6
-      else if (ifr->ifr_addr.sa_family == AF_INET6 && ipv6_callback)
-	{
-	  struct in6_addr *addr = &((struct sockaddr_in6 *)&ifr->ifr_addr)->sin6_addr;
-	  /* voodoo to clear interface field in address */
-	  if (!(daemon->options & OPT_NOWILD) && IN6_IS_ADDR_LINKLOCAL(addr))
-	    {
-	      addr->s6_addr[2] = 0;
-	      addr->s6_addr[3] = 0;
-	    }
-	  if (!((*ipv6_callback)(daemon, addr,
-				 (int)((struct sockaddr_in6 *)&ifr->ifr_addr)->sin6_scope_id,
-				 (int)if_nametoindex(ifr->ifr_name),
-				 parm)))
-	    goto err;
-	}
-#endif
-    }
-  
-  ret = 1;
 
- err:
-  errsav = errno;
-  close(fd);  
-  errno = errsav;
-
-  return ret;
-}
-
-#endif

src/config.h

@@ -1,25 +1,31 @@
-/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#define VERSION "2.37"
-
 #define FTABSIZ 150 /* max number of outstanding requests (default) */
 #define MAX_PROCS 20 /* max no children for TCP requests */
 #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
-#define EDNS_PKTSZ 1280 /* default max EDNS.0 UDP packet from RFC2671 */
+#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
+#define KEYBLOCK_LEN 140 /* choose to mininise fragmentation when storing DNSSEC keys */
 #define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */
+#define FORWARD_TEST 50 /* try all servers every 50 queries */
+#define FORWARD_TIME 20 /* or 20 seconds */
+#define RANDOM_SOCKS 64 /* max simultaneous random ports */
 #define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */
 #define CACHESIZ 150 /* default cache size */
-#define MAXLEASES 150 /* maximum number of DHCP leases */
+#define MAXLEASES 1000 /* maximum number of DHCP leases */
 #define PING_WAIT 3 /* wait for ping address-in-use test */
 #define PING_CACHE_TIME 30 /* Ping test assumed to be valid this long. */
 #define DECLINE_BACKOFF 600 /* disable DECLINEd static addresses for this long */
@@ -27,73 +33,19 @@
 #define SMALLDNAME 40 /* most domain names are smaller than this */
 #define HOSTSFILE "/etc/hosts"
 #define ETHERSFILE "/etc/ethers"
-#ifdef __uClinux__
-#  define RESOLVFILE "/etc/config/resolv.conf"
-#else
-#  define RESOLVFILE "/etc/resolv.conf"
-#endif
 #define RUNFILE "/var/run/dnsmasq.pid"
-#if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__)
-#   define LEASEFILE "/var/db/dnsmasq.leases"
-#else
-#   define LEASEFILE "/var/lib/misc/dnsmasq.leases"
-#endif
-#if defined(__FreeBSD__)
-#   define CONFFILE "/usr/local/etc/dnsmasq.conf"
-#else
-#   define CONFFILE "/etc/dnsmasq.conf"
-#endif
 #define DEFLEASE 3600 /* default lease time, 1 hour */
 #define CHUSER "nobody"
 #define CHGRP "dip"
-#define DHCP_SERVER_PORT 67
-#define DHCP_CLIENT_PORT 68
-#define TFTP_PORT 69
 #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */
-
-/* DBUS interface specifics */
-#define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq"
+#define LOG_MAX 5 /* log-queue length */
+#define RANDFILE "/dev/urandom"
+#define EDNS0_OPTION_MAC 5 /* dyndns.org temporary assignment */
+#define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" /* DBUS interface specifics */
 #define DNSMASQ_PATH "/uk/org/thekelleys/dnsmasq"
 
-/* A small collection of RR-types which are missing on some platforms */
-
-#ifndef T_SIG
-#  define T_SIG 24
-#endif
-
-#ifndef T_SRV
-#  define T_SRV 33
-#endif
-
-#ifndef T_OPT
-#  define T_OPT 41
-#endif
-
-#ifndef T_TKEY
-#  define T_TKEY 249
-#endif
-
-#ifndef T_TSIG
-#  define T_TSIG 250
-#endif
-
-
-/* Get linux C library versions. */
-#if defined(__linux__) && !defined(__UCLIBC__) && !defined(__uClinux__)
-/*#  include <libio.h> */
-#  include <features.h> 
-#endif
-
-
-/* Follows system specific switches. If you run on a 
-   new system, you may want to edit these. 
-   May replace this with Autoconf one day. 
-
-HAVE_LINUX_NETWORK
-   define this to do networking the Linux way. When it's defined, the code will
-   use IP_PKTINFO, Linux capabilities and the RTnetlink system. If it's not defined,
-   a few facilities will be lost, namely support for multiple addresses on an interface,
-   DNS query retransmission, and (on some systems) wildcard interface binding.
+/* compile-time options: uncomment below to enable or do eg.
+   make COPTS=-DHAVE_BROKEN_RTC
 
 HAVE_BROKEN_RTC
    define this on embedded systems which don't have an RTC
@@ -109,96 +61,133 @@ HAVE_BROKEN_RTC
    NOTE: when enabling or disabling this, be sure to delete any old
    leases file, otherwise dnsmasq may get very confused.
 
-HAVE_ISC_READER 
-   define this to include the old ISC dhcpcd integration. Note that you cannot
-   set both HAVE_ISC_READER and HAVE_BROKEN_RTC.
-
 HAVE_TFTP
    define this to get dnsmasq's built-in TFTP server.
 
-HAVE_GETOPT_LONG
-   define this if you have GNU libc or GNU getopt. 
+HAVE_DHCP
+   define this to get dnsmasq's DHCPv4 server.
 
-HAVE_ARC4RANDOM
-   define this if you have arc4random() to get better security from DNS spoofs
-   by using really random ids (OpenBSD) 
+HAVE_DHCP6
+   define this to get dnsmasq's DHCPv6 server. (implies HAVE_DHCP).
 
-HAVE_RANDOM
-   define this if you have the 4.2BSD random() function (and its
-   associated srandom() function), which is at least as good as (if not
-   better than) the rand() function.
+HAVE_SCRIPT
+   define this to get the ability to call scripts on lease-change.
 
-HAVE_DEV_RANDOM
-   define this if you have the /dev/random device, which gives truly
-   random numbers but may run out of random numbers.
-
-HAVE_DEV_URANDOM
-   define this if you have the /dev/urandom device, which gives
-   semi-random numbers when it runs out of truly random numbers.
-
-HAVE_SOCKADDR_SA_LEN
-   define this if struct sockaddr has sa_len field (*BSD) 
+HAVE_LUASCRIPT
+   define this to get the ability to call Lua script on lease-change. (implies HAVE_SCRIPT) 
 
 HAVE_DBUS
-   Define this if you want to link against libdbus, and have dnsmasq
-   define some methods to allow (re)configuration of the upstream DNS 
+   define this if you want to link against libdbus, and have dnsmasq
+   support some methods to allow (re)configuration of the upstream DNS 
    servers via DBus.
 
-NOTES:
-   For Linux you should define 
-      HAVE_LINUX_NETWORK
-      HAVE_GETOPT_LONG
-      HAVE_RANDOM
-      HAVE_DEV_RANDOM
-      HAVE_DEV_URANDOM
-  you should NOT define 
-      HAVE_ARC4RANDOM
-      HAVE_SOCKADDR_SA_LEN
+HAVE_IDN
+   define this if you want international domain name support.
+   NOTE: for backwards compatibility, IDN support is automatically 
+         included when internationalisation support is built, using the 
+	 *-i18n makefile targets, even if HAVE_IDN is not explicitly set.
 
-   For *BSD systems you should define 
-     HAVE_SOCKADDR_SA_LEN
-     HAVE_RANDOM
-   you should NOT define  
-     HAVE_LINUX_NETWORK 
-   and you MAY define  
-     HAVE_ARC4RANDOM - OpenBSD and FreeBSD and NetBSD version 2.0 or later
-     HAVE_DEV_URANDOM - OpenBSD and FreeBSD and NetBSD
-     HAVE_DEV_RANDOM - FreeBSD  and NetBSD 
-                       (OpenBSD with hardware random number generator)
-     HAVE_GETOPT_LONG - NetBSD, later FreeBSD 
-                       (FreeBSD and OpenBSD only if you link GNU getopt) 
+HAVE_CONNTRACK
+   define this to include code which propogates conntrack marks from
+   incoming DNS queries to the corresponding upstream queries. This adds
+   a build-dependency on libnetfilter_conntrack, but the resulting binary will
+   still run happily on a kernel without conntrack support.
+
+NO_IPV6
+NO_TFTP
+NO_DHCP
+NO_DHCP6
+NO_SCRIPT
+NO_LARGEFILE
+   these are avilable to explictly disable compile time options which would 
+   otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or 
+   which are enabled  by default in the distributed source tree. Building dnsmasq
+   with something like "make COPTS=-DNO_SCRIPT" will do the trick.
+
+LEASEFILE
+CONFFILE
+RESOLVFILE
+   the default locations of these files are determined below, but may be overridden 
+   in a build command line using COPTS.
 
 */
 
-/* platform independent options- uncomment to enable */
+
+/* The default set of options to build. Built with these options, dnsmasq
+   has no library dependencies other than libc */
+
+#define HAVE_DHCP
+#define HAVE_DHCP6 
 #define HAVE_TFTP
+#define HAVE_SCRIPT
+/* #define HAVE_LUASCRIPT */
 /* #define HAVE_BROKEN_RTC */
-/* #define HAVE_ISC_READER */
 /* #define HAVE_DBUS */
+/* #define HAVE_IDN */
+/* #define HAVE_CONNTRACK */
 
-#if defined(HAVE_BROKEN_RTC) && defined(HAVE_ISC_READER)
-#  error HAVE_ISC_READER is not compatible with HAVE_BROKEN_RTC
+
+
+/* Default locations for important system files. */
+
+#ifndef LEASEFILE
+#   if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__) || defined(__NetBSD__)
+#      define LEASEFILE "/var/db/dnsmasq.leases"
+#   elif defined(__sun__) || defined (__sun)
+#      define LEASEFILE "/var/cache/dnsmasq.leases"
+#   elif defined(__ANDROID__)
+#      define LEASEFILE "/data/misc/dhcp/dnsmasq.leases"
+#   else
+#      define LEASEFILE "/var/lib/misc/dnsmasq.leases"
+#   endif
 #endif
 
-/* Allow TFTP to be disabled with CFLAGS=-DNO_TFTP */
-#ifdef NO_TFTP
-#undef HAVE_TFTP
+#ifndef CONFFILE
+#   if defined(__FreeBSD__)
+#      define CONFFILE "/usr/local/etc/dnsmasq.conf"
+#   else
+#      define CONFFILE "/etc/dnsmasq.conf"
+#   endif
 #endif
 
-/* platform dependent options. */
+#ifndef RESOLVFILE
+#   if defined(__uClinux__)
+#      define RESOLVFILE "/etc/config/resolv.conf"
+#   else
+#      define RESOLVFILE "/etc/resolv.conf"
+#   endif
+#endif
+
+
+
+/* platform dependent options: these are determined automatically below
+
+HAVE_LINUX_NETWORK
+HAVE_BSD_NETWORK
+HAVE_SOLARIS_NETWORK
+   define exactly one of these to alter interaction with kernel networking.
+
+HAVE_GETOPT_LONG
+   defined when GNU-style getopt_long available. 
+
+HAVE_ARC4RANDOM
+   defined if arc4random() available to get better security from DNS spoofs
+   by using really random ids (OpenBSD) 
+
+HAVE_SOCKADDR_SA_LEN
+   defined if struct sockaddr has sa_len field (*BSD) 
+*/
 
 /* Must preceed __linux__ since uClinux defines __linux__ too. */
 #if defined(__uClinux__)
 #define HAVE_LINUX_NETWORK
 #define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
 /* Never use fork() on uClinux. Note that this is subtly different from the
    --keep-in-foreground option, since it also  suppresses forking new 
-   processes for TCP connections. It's intended for use on MMU-less kernels. */
+   processes for TCP connections and disables the call-a-script on leasechange
+   system. It's intended for use on MMU-less kernels. */
 #define NO_FORK
 
 #elif defined(__UCLIBC__)
@@ -206,13 +195,8 @@ NOTES:
 #if defined(__UCLIBC_HAS_GNU_GETOPT__) || \
    ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21))
 #    define HAVE_GETOPT_LONG
-#else
-#    undef HAVE_GETOPT_LONG
 #endif
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
 #if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__)
 #  define NO_FORK
@@ -228,65 +212,52 @@ NOTES:
 #define HAVE_LINUX_NETWORK
 #define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #undef HAVE_SOCKADDR_SA_LEN
-/* glibc < 2.2  has broken Sockaddr_in6 so we have to use our own. */
-/* glibc < 2.2 doesn't define in_addr_t */
-#if defined(__GLIBC__) && (__GLIBC__ == 2) && \
-    defined(__GLIBC_MINOR__) && (__GLIBC_MINOR__ < 2)
-typedef unsigned long in_addr_t; 
-#   define HAVE_BROKEN_SOCKADDR_IN6
-#endif
 
-#elif defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__)
-#undef HAVE_LINUX_NETWORK
+#elif defined(__FreeBSD__) || \
+      defined(__OpenBSD__) || \
+      defined(__DragonFly__) || \
+      defined(__FreeBSD_kernel__)
+#define HAVE_BSD_NETWORK
 /* Later verions of FreeBSD have getopt_long() */
 #if defined(optional_argument) && defined(required_argument)
 #   define HAVE_GETOPT_LONG
-#else
-#   undef HAVE_GETOPT_LONG
 #endif
-#define HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
+#if !defined(__FreeBSD_kernel__)
+#   define HAVE_ARC4RANDOM
+#endif
 #define HAVE_SOCKADDR_SA_LEN
 
 #elif defined(__APPLE__)
-#undef HAVE_LINUX_NETWORK
-#undef HAVE_GETOPT_LONG
+#define HAVE_BSD_NETWORK
+#define HAVE_GETOPT_LONG
 #define HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
 #define HAVE_SOCKADDR_SA_LEN
 /* Define before sys/socket.h is included so we get socklen_t */
 #define _BSD_SOCKLEN_T_
-/* This is not defined in Mac OS X arpa/nameserv.h */
-#define IN6ADDRSZ 16
  
 #elif defined(__NetBSD__)
-#undef HAVE_LINUX_NETWORK
+#define HAVE_BSD_NETWORK
 #define HAVE_GETOPT_LONG
 #undef HAVE_ARC4RANDOM
-#define HAVE_RANDOM
-#define HAVE_DEV_URANDOM
-#define HAVE_DEV_RANDOM
 #define HAVE_SOCKADDR_SA_LEN
+
+#elif defined(__sun) || defined(__sun__)
+#define HAVE_SOLARIS_NETWORK
+#define HAVE_GETOPT_LONG
+#undef HAVE_ARC4RANDOM
+#undef HAVE_SOCKADDR_SA_LEN
+#define ETHER_ADDR_LEN 6 
  
 #endif
+
 /* Decide if we're going to support IPv6 */
 /* We assume that systems which don't have IPv6
    headers don't have ntop and pton either */
 
-#if defined(INET6_ADDRSTRLEN) && defined(IPV6_V6ONLY) && !defined(NO_IPV6)
+#if defined(INET6_ADDRSTRLEN) && defined(IPV6_V6ONLY)
 #  define HAVE_IPV6
 #  define ADDRSTRLEN INET6_ADDRSTRLEN
-#  if defined(SOL_IPV6)
-#    define IPV6_LEVEL SOL_IPV6
-#  else
-#    define IPV6_LEVEL IPPROTO_IPV6
-#  endif
 #elif defined(INET_ADDRSTRLEN)
 #  undef HAVE_IPV6
 #  define ADDRSTRLEN INET_ADDRSTRLEN
@@ -295,3 +266,103 @@ typedef unsigned long in_addr_t;
 #  define ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */
 #endif
 
+
+/* rules to implement compile-time option dependencies and 
+   the NO_XXX flags */
+
+#ifdef NO_IPV6
+#undef HAVE_IPV6
+#endif
+
+#ifdef NO_TFTP
+#undef HAVE_TFTP
+#endif
+
+#ifdef NO_DHCP
+#undef HAVE_DHCP
+#undef HAVE_DHCP6
+#endif
+
+#if defined(NO_DHCP6) || !defined(HAVE_IPV6)
+#undef HAVE_DHCP6
+#endif
+
+/* DHCP6 needs DHCP too */
+#ifdef HAVE_DHCP6
+#define HAVE_DHCP
+#endif
+
+#if defined(NO_SCRIPT) || !defined(HAVE_DHCP) || defined(NO_FORK)
+#undef HAVE_SCRIPT
+#undef HAVE_LUASCRIPT
+#endif
+
+/* Must HAVE_SCRIPT to HAVE_LUASCRIPT */
+#ifdef HAVE_LUASCRIPT
+#define HAVE_SCRIPT
+#endif
+
+
+/* Define a string indicating which options are in use.
+   DNSMASQP_COMPILE_OPTS is only defined in dnsmasq.c */
+
+#ifdef DNSMASQ_COMPILE_OPTS
+
+static char *compile_opts = 
+#ifndef HAVE_IPV6
+"no-"
+#endif
+"IPv6 "
+#ifndef HAVE_GETOPT_LONG
+"no-"
+#endif
+"GNU-getopt "
+#ifdef HAVE_BROKEN_RTC
+"no-RTC "
+#endif
+#ifdef NO_FORK
+"no-MMU "
+#endif
+#ifndef HAVE_DBUS
+"no-"
+#endif
+"DBus "
+#ifndef LOCALEDIR
+"no-"
+#endif
+"i18n "
+#if !defined(LOCALEDIR) && !defined(HAVE_IDN)
+"no-"
+#endif 
+"IDN "
+#ifndef HAVE_DHCP
+"no-"
+#endif
+"DHCP "
+#if defined(HAVE_DHCP)
+#  if !defined (HAVE_DHCP6)
+     "no-"
+#  endif  
+     "DHCPv6 "
+#  if !defined(HAVE_SCRIPT)
+     "no-scripts "
+#  else
+#    if !defined(HAVE_LUASCRIPT)
+       "no-"
+#    endif
+     "Lua "
+#  endif
+#endif
+#ifndef HAVE_TFTP
+"no-"
+#endif
+"TFTP "
+#ifndef HAVE_CONNTRACK
+"no-"
+#endif
+"conntrack";
+
+#endif
+
+
+

src/conntrack.c

@@ -0,0 +1,90 @@
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+#ifdef HAVE_CONNTRACK
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+static int gotit = 0; /* yuck */
+
+static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data);
+
+int get_incoming_mark(union mysockaddr *peer_addr, struct all_addr *local_addr, int istcp, unsigned int *markp)
+{
+  struct nf_conntrack *ct;
+  struct nfct_handle *h;
+  
+  gotit = 0;
+  
+  if ((ct = nfct_new())) 
+    {
+      nfct_set_attr_u8(ct, ATTR_L4PROTO, istcp ? IPPROTO_TCP : IPPROTO_UDP);
+      nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(daemon->port));
+      
+#ifdef HAVE_IPV6
+      if (peer_addr->sa.sa_family == AF_INET6)
+	{
+	  nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6);
+	  nfct_set_attr(ct, ATTR_IPV6_SRC, peer_addr->in6.sin6_addr.s6_addr);
+	  nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in6.sin6_port);
+	  nfct_set_attr(ct, ATTR_IPV6_DST, local_addr->addr.addr6.s6_addr);
+	}
+      else
+#endif
+	{
+	  nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
+	  nfct_set_attr_u32(ct, ATTR_IPV4_SRC, peer_addr->in.sin_addr.s_addr);
+	  nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in.sin_port);
+	  nfct_set_attr_u32(ct, ATTR_IPV4_DST, local_addr->addr.addr4.s_addr);
+	}
+      
+      
+      if ((h = nfct_open(CONNTRACK, 0))) 
+	{
+	  nfct_callback_register(h, NFCT_T_ALL, callback, (void *)markp);  
+	  if (nfct_query(h, NFCT_Q_GET, ct) == -1)
+	    {
+	      static int warned = 0;
+	      if (!warned)
+		{
+		  my_syslog(LOG_ERR, _("Conntrack connection mark retrieval failed: %s"), strerror(errno));
+		  warned = 1;
+		}
+	    }
+	  nfct_close(h);  
+	}
+      nfct_destroy(ct);
+    }
+
+  return gotit;
+}
+
+static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data)
+{
+  unsigned int *ret = (unsigned int *)data;
+  *ret = nfct_get_attr_u32(ct, ATTR_MARK);
+  (void)type; /* eliminate warning */
+  gotit = 1;
+
+  return NFCT_CB_CONTINUE;
+}
+
+#endif
+  
+
+

src/dbus.c

@@ -1,22 +1,61 @@
-/* dnsmasq is Copyright (c) 2000-2005 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
 
 #ifdef HAVE_DBUS
 
-#define DBUS_API_SUBJECT_TO_CHANGE
 #include <dbus/dbus.h>
 
+const char* introspection_xml =
+"<!DOCTYPE node PUBLIC \"-//freedesktop//DTD D-BUS Object Introspection 1.0//EN\"\n"
+"\"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd\">\n"
+"<node name=\"" DNSMASQ_PATH "\">\n"
+"  <interface name=\"org.freedesktop.DBus.Introspectable\">\n"
+"    <method name=\"Introspect\">\n"
+"      <arg name=\"data\" direction=\"out\" type=\"s\"/>\n"
+"    </method>\n"
+"  </interface>\n"
+"  <interface name=\"" DNSMASQ_SERVICE "\">\n"
+"    <method name=\"ClearCache\">\n"
+"    </method>\n"
+"    <method name=\"GetVersion\">\n"
+"      <arg name=\"version\" direction=\"out\" type=\"s\"/>\n"
+"    </method>\n"
+"    <method name=\"SetServers\">\n"
+"      <arg name=\"servers\" direction=\"in\" type=\"av\"/>\n"
+"    </method>\n"
+"    <signal name=\"DhcpLeaseAdded\">\n"
+"      <arg name=\"ipaddr\" type=\"s\"/>\n"
+"      <arg name=\"hwaddr\" type=\"s\"/>\n"
+"      <arg name=\"hostname\" type=\"s\"/>\n"
+"    </signal>\n"
+"    <signal name=\"DhcpLeaseDeleted\">\n"
+"      <arg name=\"ipaddr\" type=\"s\"/>\n"
+"      <arg name=\"hwaddr\" type=\"s\"/>\n"
+"      <arg name=\"hostname\" type=\"s\"/>\n"
+"    </signal>\n"
+"    <signal name=\"DhcpLeaseUpdated\">\n"
+"      <arg name=\"ipaddr\" type=\"s\"/>\n"
+"      <arg name=\"hwaddr\" type=\"s\"/>\n"
+"      <arg name=\"hostname\" type=\"s\"/>\n"
+"    </signal>\n"
+"  </interface>\n"
+"</node>\n";
+
 struct watch {
   DBusWatch *watch;      
   struct watch *next;
@@ -25,28 +64,25 @@ struct watch {
 
 static dbus_bool_t add_watch(DBusWatch *watch, void *data)
 {
-  struct daemon *daemon = data;
   struct watch *w;
 
   for (w = daemon->watches; w; w = w->next)
     if (w->watch == watch)
       return TRUE;
 
-  if (!(w = malloc(sizeof(struct watch))))
+  if (!(w = whine_malloc(sizeof(struct watch))))
     return FALSE;
 
   w->watch = watch;
   w->next = daemon->watches;
   daemon->watches = w;
 
-  dbus_watch_set_data (watch, (void *)daemon, NULL);
-
+  w = data; /* no warning */
   return TRUE;
 }
 
 static void remove_watch(DBusWatch *watch, void *data)
 {
-  struct daemon *daemon = data;
   struct watch **up, *w;  
   
   for (up = &(daemon->watches), w = daemon->watches; w; w = w->next)
@@ -57,9 +93,11 @@ static void remove_watch(DBusWatch *watch, void *data)
       }
     else
       up = &(w->next);
+
+  w = data; /* no warning */
 }
 
-static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
+static void dbus_read_servers(DBusMessage *message)
 {
   struct server *serv, *tmp, **up;
   DBusMessageIter iter;
@@ -109,13 +147,13 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
 	    }
 
 #ifndef HAVE_IPV6
-	  syslog(LOG_WARNING, _("attempt to set an IPv6 server address via DBus - no IPv6 support"));
+	  my_syslog(LOG_WARNING, _("attempt to set an IPv6 server address via DBus - no IPv6 support"));
 #else
 	  if (i == sizeof(struct in6_addr)-1)
 	    {
-	      memcpy(&addr.in6.sin6_addr, p, sizeof(addr.in6));
+	      memcpy(&addr.in6.sin6_addr, p, sizeof(struct in6_addr));
 #ifdef HAVE_SOCKADDR_SA_LEN
-              source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(addr.in6);
+              source_addr.in6.sin6_len = addr.in6.sin6_len = sizeof(struct sockaddr_in6);
 #endif
               source_addr.in6.sin6_family = addr.in6.sin6_family = AF_INET6;
               addr.in6.sin6_port = htons(NAMESERVER_PORT);
@@ -161,11 +199,14 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
 		    }
 		}
 	    
-	    if (!serv && (serv = malloc(sizeof (struct server))))
+	    if (!serv && (serv = whine_malloc(sizeof (struct server))))
 	      {
 		/* Not found, create a new one. */
+		memset(serv, 0, sizeof(struct server));
+		
 		if (domain)
-		  serv->domain = malloc(strlen(domain)+1);
+		  serv->domain = whine_malloc(strlen(domain)+1);
+		
 		if (domain && !serv->domain)
 		  {
 		    free(serv);
@@ -176,7 +217,6 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
 		    serv->next = daemon->servers;
 		    daemon->servers = serv;
 		    serv->flags = SERV_FROM_DBUS;
-		    serv->sfd = NULL;
 		    if (domain)
 		      {
 			strcpy(serv->domain, domain);
@@ -208,6 +248,7 @@ static void dbus_read_servers(struct daemon *daemon, DBusMessage *message)
       tmp = serv->next;
       if (serv->flags & SERV_MARK)
 	{
+	  server_gone(serv);
 	  *up = serv->next;
 	  free(serv);
 	}
@@ -222,9 +263,16 @@ DBusHandlerResult message_handler(DBusConnection *connection,
 				  void *user_data)
 {
   char *method = (char *)dbus_message_get_member(message);
-  struct daemon *daemon = (struct daemon *)user_data;
-  
-  if (strcmp(method, "GetVersion") == 0)
+   
+  if (dbus_message_is_method_call(message, DBUS_INTERFACE_INTROSPECTABLE, "Introspect"))
+    {
+      DBusMessage *reply = dbus_message_new_method_return(message);
+
+      dbus_message_append_args(reply, DBUS_TYPE_STRING, &introspection_xml, DBUS_TYPE_INVALID);
+      dbus_connection_send (connection, reply, NULL);
+      dbus_message_unref (reply);
+    }
+  else if (strcmp(method, "GetVersion") == 0)
     {
       char *v = VERSION;
       DBusMessage *reply = dbus_message_new_method_return(message);
@@ -235,22 +283,24 @@ DBusHandlerResult message_handler(DBusConnection *connection,
     }
   else if (strcmp(method, "SetServers") == 0)
     {
-      syslog(LOG_INFO, _("setting upstream servers from DBus"));
-      dbus_read_servers(daemon, message);
-      check_servers(daemon);
+      my_syslog(LOG_INFO, _("setting upstream servers from DBus"));
+      dbus_read_servers(message);
+      check_servers();
     }
   else if (strcmp(method, "ClearCache") == 0)
-    clear_cache_and_reload(daemon, dnsmasq_time());
+    clear_cache_and_reload(dnsmasq_time());
   else
     return (DBUS_HANDLER_RESULT_NOT_YET_HANDLED);
   
+  method = user_data; /* no warning */
+
   return (DBUS_HANDLER_RESULT_HANDLED);
  
 }
  
 
 /* returns NULL or error message, may fail silently if dbus daemon not yet up. */
-char *dbus_init(struct daemon *daemon)
+char *dbus_init(void)
 {
   DBusConnection *connection = NULL;
   DBusObjectPathVTable dnsmasq_vtable = {NULL, &message_handler, NULL, NULL, NULL, NULL };
@@ -263,26 +313,29 @@ char *dbus_init(struct daemon *daemon)
     
   dbus_connection_set_exit_on_disconnect(connection, FALSE);
   dbus_connection_set_watch_functions(connection, add_watch, remove_watch, 
-				      NULL, (void *)daemon, NULL);
+				      NULL, NULL, NULL);
   dbus_error_init (&dbus_error);
   dbus_bus_request_name (connection, DNSMASQ_SERVICE, 0, &dbus_error);
   if (dbus_error_is_set (&dbus_error))
     return (char *)dbus_error.message;
   
   if (!dbus_connection_register_object_path(connection,  DNSMASQ_PATH, 
-					    &dnsmasq_vtable, daemon))
+					    &dnsmasq_vtable, NULL))
     return _("could not register a DBus message handler");
   
   daemon->dbus = connection; 
   
   if ((message = dbus_message_new_signal(DNSMASQ_PATH, DNSMASQ_SERVICE, "Up")))
-    dbus_connection_send(connection, message, NULL);
+    {
+      dbus_connection_send(connection, message, NULL);
+      dbus_message_unref(message);
+    }
 
   return NULL;
 }
  
 
-void set_dbus_listeners(struct daemon *daemon, int *maxfdp,
+void set_dbus_listeners(int *maxfdp,
 			fd_set *rset, fd_set *wset, fd_set *eset)
 {
   struct watch *w;
@@ -291,7 +344,7 @@ void set_dbus_listeners(struct daemon *daemon, int *maxfdp,
     if (dbus_watch_get_enabled(w->watch))
       {
 	unsigned int flags = dbus_watch_get_flags(w->watch);
-	int fd = dbus_watch_get_fd(w->watch);
+	int fd = dbus_watch_get_unix_fd(w->watch);
 	
 	bump_maxfd(fd, maxfdp);
 	
@@ -305,8 +358,7 @@ void set_dbus_listeners(struct daemon *daemon, int *maxfdp,
       }
 }
 
-void check_dbus_listeners(struct daemon *daemon,
-			  fd_set *rset, fd_set *wset, fd_set *eset)
+void check_dbus_listeners(fd_set *rset, fd_set *wset, fd_set *eset)
 {
   DBusConnection *connection = (DBusConnection *)daemon->dbus;
   struct watch *w;
@@ -315,7 +367,7 @@ void check_dbus_listeners(struct daemon *daemon,
     if (dbus_watch_get_enabled(w->watch))
       {
 	unsigned int flags = 0;
-	int fd = dbus_watch_get_fd(w->watch);
+	int fd = dbus_watch_get_unix_fd(w->watch);
 	
 	if (FD_ISSET(fd, rset))
 	  flags |= DBUS_WATCH_READABLE;
@@ -338,4 +390,58 @@ void check_dbus_listeners(struct daemon *daemon,
     }
 }
 
+#ifdef HAVE_DHCP
+void emit_dbus_signal(int action, struct dhcp_lease *lease, char *hostname)
+{
+  DBusConnection *connection = (DBusConnection *)daemon->dbus;
+  DBusMessage* message = NULL;
+  DBusMessageIter args;
+  char *action_str, *mac = daemon->namebuff;
+  unsigned char *p;
+  int i;
+
+  if (!connection)
+    return;
+  
+  if (!hostname)
+    hostname = "";
+  
+#ifdef HAVE_DHCP6
+   if (lease->flags & (LEASE_TA | LEASE_NA))
+     {
+       print_mac(mac, lease->clid, lease->clid_len);
+       inet_ntop(AF_INET6, lease->hwaddr, daemon->addrbuff, ADDRSTRLEN);
+     }
+   else
+#endif
+     {
+       p = extended_hwaddr(lease->hwaddr_type, lease->hwaddr_len,
+			   lease->hwaddr, lease->clid_len, lease->clid, &i);
+       print_mac(mac, p, i);
+       inet_ntop(AF_INET, &lease->addr, daemon->addrbuff, ADDRSTRLEN);
+     }
+
+  if (action == ACTION_DEL)
+    action_str = "DhcpLeaseDeleted";
+  else if (action == ACTION_ADD)
+    action_str = "DhcpLeaseAdded";
+  else if (action == ACTION_OLD)
+    action_str = "DhcpLeaseUpdated";
+  else
+    return;
+
+  if (!(message = dbus_message_new_signal(DNSMASQ_PATH, DNSMASQ_SERVICE, action_str)))
+    return;
+  
+  dbus_message_iter_init_append(message, &args);
+  
+  if (dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &daemon->addrbuff) &&
+      dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &mac) &&
+      dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &hostname))
+    dbus_connection_send(connection, message, NULL);
+  
+  dbus_message_unref(message);
+}
+#endif
+
 #endif

src/dhcp-common.c

@@ -0,0 +1,790 @@
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+#ifdef HAVE_DHCP
+
+void dhcp_common_init(void)
+{
+    /* These each hold a DHCP option max size 255
+       and get a terminating zero added */
+  daemon->dhcp_buff = safe_malloc(256);
+  daemon->dhcp_buff2 = safe_malloc(256); 
+  daemon->dhcp_buff3 = safe_malloc(256);
+  
+  /* dhcp_packet is used by v4 and v6, outpacket only by v6 
+     sizeof(struct dhcp_packet) is as good an initial size as any,
+     even for v6 */
+  expand_buf(&daemon->dhcp_packet, sizeof(struct dhcp_packet));
+#ifdef HAVE_DHCP6
+  if (daemon->dhcp6)
+    expand_buf(&daemon->outpacket, sizeof(struct dhcp_packet));
+#endif
+}
+
+ssize_t recv_dhcp_packet(int fd, struct msghdr *msg)
+{  
+  ssize_t sz;
+ 
+  while (1)
+    {
+      msg->msg_flags = 0;
+      while ((sz = recvmsg(fd, msg, MSG_PEEK | MSG_TRUNC)) == -1 && errno == EINTR);
+      
+      if (sz == -1)
+	return -1;
+      
+      if (!(msg->msg_flags & MSG_TRUNC))
+	break;
+
+      /* Very new Linux kernels return the actual size needed, 
+	 older ones always return truncated size */
+      if ((size_t)sz == msg->msg_iov->iov_len)
+	{
+	  if (!expand_buf(msg->msg_iov, sz + 100))
+	    return -1;
+	}
+      else
+	{
+	  expand_buf(msg->msg_iov, sz);
+	  break;
+	}
+    }
+  
+  while ((sz = recvmsg(fd, msg, 0)) == -1 && errno == EINTR);
+  
+  return (msg->msg_flags & MSG_TRUNC) ? -1 : sz;
+}
+
+struct dhcp_netid *run_tag_if(struct dhcp_netid *tags)
+{
+  struct tag_if *exprs;
+  struct dhcp_netid_list *list;
+
+  for (exprs = daemon->tag_if; exprs; exprs = exprs->next)
+    if (match_netid(exprs->tag, tags, 1))
+      for (list = exprs->set; list; list = list->next)
+	{
+	  list->list->next = tags;
+	  tags = list->list;
+	}
+
+  return tags;
+}
+
+
+struct dhcp_netid *option_filter(struct dhcp_netid *tags, struct dhcp_netid *context_tags, struct dhcp_opt *opts)
+{
+  struct dhcp_netid *tagif = run_tag_if(tags);
+  struct dhcp_opt *opt;
+
+  /* flag options which are valid with the current tag set (sans context tags) */
+  for (opt = opts; opt; opt = opt->next)
+    {
+      opt->flags &= ~DHOPT_TAGOK;
+      if (!(opt->flags & (DHOPT_ENCAPSULATE | DHOPT_VENDOR | DHOPT_RFC3925)) &&
+	  match_netid(opt->netid, tagif, 0))
+	opt->flags |= DHOPT_TAGOK;
+    }
+
+  /* now flag options which are valid, including the context tags,
+     otherwise valid options are inhibited if we found a higher priority one above */
+  if (context_tags)
+    {
+      struct dhcp_netid *last_tag;
+
+      for (last_tag = context_tags; last_tag->next; last_tag = last_tag->next);
+      last_tag->next = tags;
+      tagif = run_tag_if(context_tags);
+      
+      /* reset stuff with tag:!<tag> which now matches. */
+      for (opt = opts; opt; opt = opt->next)
+	if (!(opt->flags & (DHOPT_ENCAPSULATE | DHOPT_VENDOR | DHOPT_RFC3925)) &&
+	    (opt->flags & DHOPT_TAGOK) &&
+	    !match_netid(opt->netid, tagif, 0))
+	  opt->flags &= ~DHOPT_TAGOK;
+
+      for (opt = opts; opt; opt = opt->next)
+	if (!(opt->flags & (DHOPT_ENCAPSULATE | DHOPT_VENDOR | DHOPT_RFC3925 | DHOPT_TAGOK)) &&
+	    match_netid(opt->netid, tagif, 0))
+	  {
+	    struct dhcp_opt *tmp;  
+	    for (tmp = opts; tmp; tmp = tmp->next) 
+	      if (tmp->opt == opt->opt && opt->netid && (tmp->flags & DHOPT_TAGOK))
+		break;
+	    if (!tmp)
+	      opt->flags |= DHOPT_TAGOK;
+	  }      
+    }
+  
+  /* now flag untagged options which are not overridden by tagged ones */
+  for (opt = opts; opt; opt = opt->next)
+    if (!(opt->flags & (DHOPT_ENCAPSULATE | DHOPT_VENDOR | DHOPT_RFC3925 | DHOPT_TAGOK)) && !opt->netid)
+      {
+	struct dhcp_opt *tmp;  
+	for (tmp = opts; tmp; tmp = tmp->next) 
+	  if (tmp->opt == opt->opt && (tmp->flags & DHOPT_TAGOK))
+	    break;
+	if (!tmp)
+	  opt->flags |= DHOPT_TAGOK;
+	else if (!tmp->netid)
+	  my_syslog(MS_DHCP | LOG_WARNING, _("Ignoring duplicate dhcp-option %d"), tmp->opt); 
+      }
+
+  return tagif;
+}
+	
+/* Is every member of check matched by a member of pool? 
+   If tagnotneeded, untagged is OK */
+int match_netid(struct dhcp_netid *check, struct dhcp_netid *pool, int tagnotneeded)
+{
+  struct dhcp_netid *tmp1;
+  
+  if (!check && !tagnotneeded)
+    return 0;
+
+  for (; check; check = check->next)
+    {
+      /* '#' for not is for backwards compat. */
+      if (check->net[0] != '!' && check->net[0] != '#')
+	{
+	  for (tmp1 = pool; tmp1; tmp1 = tmp1->next)
+	    if (strcmp(check->net, tmp1->net) == 0)
+	      break;
+	  if (!tmp1)
+	    return 0;
+	}
+      else
+	for (tmp1 = pool; tmp1; tmp1 = tmp1->next)
+	  if (strcmp((check->net)+1, tmp1->net) == 0)
+	    return 0;
+    }
+  return 1;
+}
+
+/* return domain or NULL if none. */
+char *strip_hostname(char *hostname)
+{
+  char *dot = strchr(hostname, '.');
+ 
+  if (!dot)
+    return NULL;
+  
+  *dot = 0; /* truncate */
+  if (strlen(dot+1) != 0)
+    return dot+1;
+  
+  return NULL;
+}
+
+void log_tags(struct dhcp_netid *netid, u32 xid)
+{
+  if (netid && option_bool(OPT_LOG_OPTS))
+    {
+      char *s = daemon->namebuff;
+      for (*s = 0; netid; netid = netid->next)
+	{
+	  /* kill dupes. */
+	  struct dhcp_netid *n;
+	  
+	  for (n = netid->next; n; n = n->next)
+	    if (strcmp(netid->net, n->net) == 0)
+	      break;
+	  
+	  if (!n)
+	    {
+	      strncat (s, netid->net, (MAXDNAME-1) - strlen(s));
+	      if (netid->next)
+		strncat (s, ", ", (MAXDNAME-1) - strlen(s));
+	    }
+	}
+      my_syslog(MS_DHCP | LOG_INFO, _("%u tags: %s"), xid, s);
+    } 
+}   
+  
+int match_bytes(struct dhcp_opt *o, unsigned char *p, int len)
+{
+  int i;
+  
+  if (o->len > len)
+    return 0;
+  
+  if (o->len == 0)
+    return 1;
+     
+  if (o->flags & DHOPT_HEX)
+    { 
+      if (memcmp_masked(o->val, p, o->len, o->u.wildcard_mask))
+	return 1;
+    }
+  else 
+    for (i = 0; i <= (len - o->len); ) 
+      {
+	if (memcmp(o->val, p + i, o->len) == 0)
+	  return 1;
+	    
+	if (o->flags & DHOPT_STRING)
+	  i++;
+	else
+	  i += o->len;
+      }
+  
+  return 0;
+}
+
+void check_dhcp_hosts(int fatal)
+{
+  /* If the same IP appears in more than one host config, then DISCOVER
+     for one of the hosts will get the address, but REQUEST will be NAKed,
+     since the address is reserved by the other one -> protocol loop. 
+     Also check that FQDNs match the domain we are using. */
+  
+  struct dhcp_config *configs, *cp;
+ 
+  for (configs = daemon->dhcp_conf; configs; configs = configs->next)
+    {
+      char *domain;
+
+      if ((configs->flags & DHOPT_BANK) || fatal)
+       {
+	 for (cp = configs->next; cp; cp = cp->next)
+	   if ((configs->flags & cp->flags & CONFIG_ADDR) && configs->addr.s_addr == cp->addr.s_addr)
+	     {
+	       if (fatal)
+		 die(_("duplicate IP address %s in dhcp-config directive."), 
+		     inet_ntoa(cp->addr), EC_BADCONF);
+	       else
+		 my_syslog(MS_DHCP | LOG_ERR, _("duplicate IP address %s in %s."), 
+			   inet_ntoa(cp->addr), daemon->dhcp_hosts_file);
+	       configs->flags &= ~CONFIG_ADDR;
+	     }
+	 
+	 /* split off domain part */
+	 if ((configs->flags & CONFIG_NAME) && (domain = strip_hostname(configs->hostname)))
+	   configs->domain = domain;
+       }
+    }
+}
+
+void dhcp_update_configs(struct dhcp_config *configs)
+{
+  /* Some people like to keep all static IP addresses in /etc/hosts.
+     This goes through /etc/hosts and sets static addresses for any DHCP config
+     records which don't have an address and whose name matches. 
+     We take care to maintain the invariant that any IP address can appear
+     in at most one dhcp-host. Since /etc/hosts can be re-read by SIGHUP, 
+     restore the status-quo ante first. */
+  
+  struct dhcp_config *config;
+  struct crec *crec;
+  int prot = AF_INET;
+
+  for (config = configs; config; config = config->next)
+    if (config->flags & CONFIG_ADDR_HOSTS)
+      config->flags &= ~(CONFIG_ADDR | CONFIG_ADDR6 | CONFIG_ADDR_HOSTS);
+
+#ifdef HAVE_DHCP6 
+ again:  
+#endif
+
+  if (daemon->port != 0)
+    for (config = configs; config; config = config->next)
+      {
+	int conflags = CONFIG_ADDR;
+	int cacheflags = F_IPV4;
+
+#ifdef HAVE_DHCP6
+	if (prot == AF_INET6)
+	  {
+	    conflags = CONFIG_ADDR6;
+	    cacheflags = F_IPV6;
+	  }
+#endif
+	if (!(config->flags & conflags) &&
+	    (config->flags & CONFIG_NAME) && 
+	    (crec = cache_find_by_name(NULL, config->hostname, 0, cacheflags)) &&
+	    (crec->flags & F_HOSTS))
+	  {
+	    if (cache_find_by_name(crec, config->hostname, 0, cacheflags))
+	      {
+		/* use primary (first) address */
+	      while (crec && !(crec->flags & F_REVERSE))
+		crec = cache_find_by_name(crec, config->hostname, 0, cacheflags);
+	      if (!crec)
+		continue; /* should be never */
+	      inet_ntop(prot, &crec->addr.addr, daemon->addrbuff, ADDRSTRLEN);
+	      my_syslog(MS_DHCP | LOG_WARNING, _("%s has more than one address in hostsfile, using %s for DHCP"), 
+			config->hostname, daemon->addrbuff);
+	      }
+	    
+	    if (prot == AF_INET && !config_find_by_address(configs, crec->addr.addr.addr.addr4))
+	      {
+		config->addr = crec->addr.addr.addr.addr4;
+		config->flags |= CONFIG_ADDR | CONFIG_ADDR_HOSTS;
+		continue;
+	      }
+
+#ifdef HAVE_DHCP6
+	    if (prot == AF_INET6 && !config_find_by_address6(configs, &crec->addr.addr.addr.addr6, 128, 0))
+	      {
+		memcpy(&config->addr6, &crec->addr.addr.addr.addr6, IN6ADDRSZ);
+		config->flags |= CONFIG_ADDR6 | CONFIG_ADDR_HOSTS;
+		continue;
+	      }
+#endif
+
+	    inet_ntop(prot, &crec->addr.addr, daemon->addrbuff, ADDRSTRLEN);
+	    my_syslog(MS_DHCP | LOG_WARNING, _("duplicate IP address %s (%s) in dhcp-config directive"), 
+		      daemon->addrbuff, config->hostname);
+	    
+	    
+	  }
+      }
+
+#ifdef HAVE_DHCP6
+  if (prot == AF_INET)
+    {
+      prot = AF_INET6;
+      goto again;
+    }
+#endif
+
+}
+
+#ifdef HAVE_DHCP6
+static int join_multicast_worker(struct in6_addr *local, int prefix, 
+				 int scope, int if_index, int dad, void *vparam)
+{
+  char ifrn_name[IFNAMSIZ];
+  struct ipv6_mreq mreq;
+  int fd, i, max = *((int *)vparam);
+  struct dhcp_context *context;
+  struct iname *tmp;
+
+  (void)prefix;
+  (void)scope;
+  (void)dad;
+  
+  /* record which interfaces we join on, so that we do it at most one per 
+     interface, even when they have multiple addresses. Use outpacket
+     as an array of int, since it's always allocated here and easy
+     to expand for theoretical vast numbers of interfaces. */
+  for (i = 0; i < max; i++)
+    if (if_index == ((int *)daemon->outpacket.iov_base)[i])
+      return 1;
+  
+  if ((fd = socket(PF_INET6, SOCK_DGRAM, 0)) == -1)
+    return 0;
+  
+  if (!indextoname(fd, if_index, ifrn_name))
+    {
+      close(fd);
+      return 0;
+    }
+  
+  close(fd);
+
+  /* Are we doing DHCP on this interface? */
+  if (!iface_check(AF_INET6, (struct all_addr *)local, ifrn_name))
+    return 1;
+ 
+  for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
+    if (tmp->name && (strcmp(tmp->name, ifrn_name) == 0))
+      return 1;
+
+  /* weird libvirt-inspired access control */
+  for (context = daemon->dhcp6; context; context = context->next)
+    if (!context->interface || strcmp(context->interface, ifrn_name) == 0)
+      break;
+
+  if (!context)
+    return 1;
+  
+  mreq.ipv6mr_interface = if_index;
+  
+  inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
+  
+  if (daemon->dhcp6 &&
+      setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+    return 0;
+
+  inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
+  
+  if (daemon->dhcp6 && 
+      setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+    return 0;
+  
+  inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr);
+  
+  if (daemon->ra_contexts &&
+      setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+    return 0;
+  
+  expand_buf(&daemon->outpacket, (max+1) * sizeof(int));
+  ((int *)daemon->outpacket.iov_base)[max++] = if_index;
+  
+  *((int *)vparam) = max;
+  
+  return 1;
+}
+
+void join_multicast(void)
+{
+  int count = 0;
+
+   if (!iface_enumerate(AF_INET6, &count, join_multicast_worker))
+     die(_("failed to join DHCPv6 multicast group: %s"), NULL, EC_BADNET);
+}
+#endif
+
+#ifdef HAVE_LINUX_NETWORK 
+void bindtodevice(int fd)
+{
+  /* If we are doing DHCP on exactly one interface, and running linux, do SO_BINDTODEVICE
+     to that device. This is for the use case of  (eg) OpenStack, which runs a new
+     dnsmasq instance for each VLAN interface it creates. Without the BINDTODEVICE, 
+     individual processes don't always see the packets they should.
+     SO_BINDTODEVICE is only available Linux. */
+  
+  struct irec *iface, *found;
+
+  for (found = NULL, iface = daemon->interfaces; iface; iface = iface->next)
+    if (iface->dhcp_ok)
+      {
+	if (!found)
+	  found = iface;
+	else if (strcmp(found->name, iface->name) != 0) 
+	  {
+	    /* more than one. */
+	    found = NULL;
+	    break;
+	  }
+      }
+  
+  if (found)
+	{
+	  struct ifreq ifr;
+	  strcpy(ifr.ifr_name, found->name);
+	  /* only allowed by root. */
+	  if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr)) == -1 &&
+	      errno != EPERM)
+	    die(_("failed to set SO_BINDTODEVICE on DHCP socket: %s"), NULL, EC_BADNET);
+	}
+}
+#endif
+
+static const struct opttab_t {
+  char *name;
+  u16 val, size;
+} opttab[] = {
+  { "netmask", 1, OT_ADDR_LIST },
+  { "time-offset", 2, 4 },
+  { "router", 3, OT_ADDR_LIST  },
+  { "dns-server", 6, OT_ADDR_LIST },
+  { "log-server", 7, OT_ADDR_LIST },
+  { "lpr-server", 9, OT_ADDR_LIST },
+  { "hostname", 12, OT_INTERNAL | OT_NAME },
+  { "boot-file-size", 13, 2 | OT_DEC },
+  { "domain-name", 15, OT_NAME },
+  { "swap-server", 16, OT_ADDR_LIST },
+  { "root-path", 17, OT_NAME },
+  { "extension-path", 18, OT_NAME },
+  { "ip-forward-enable", 19, 1 },
+  { "non-local-source-routing", 20, 1 },
+  { "policy-filter", 21, OT_ADDR_LIST },
+  { "max-datagram-reassembly", 22, 2 | OT_DEC },
+  { "default-ttl", 23, 1 | OT_DEC },
+  { "mtu", 26, 2 | OT_DEC },
+  { "all-subnets-local", 27, 1 },
+  { "broadcast", 28, OT_INTERNAL | OT_ADDR_LIST },
+  { "router-discovery", 31, 1 },
+  { "router-solicitation", 32, OT_ADDR_LIST },
+  { "static-route", 33, OT_ADDR_LIST },
+  { "trailer-encapsulation", 34, 1 },
+  { "arp-timeout", 35, 4 | OT_DEC },
+  { "ethernet-encap", 36, 1 },
+  { "tcp-ttl", 37, 1 },
+  { "tcp-keepalive", 38, 4 | OT_DEC },
+  { "nis-domain", 40, OT_NAME },
+  { "nis-server", 41, OT_ADDR_LIST },
+  { "ntp-server", 42, OT_ADDR_LIST },
+  { "vendor-encap", 43, OT_INTERNAL },
+  { "netbios-ns", 44, OT_ADDR_LIST },
+  { "netbios-dd", 45, OT_ADDR_LIST },
+  { "netbios-nodetype", 46, 1 },
+  { "netbios-scope", 47, 0 },
+  { "x-windows-fs", 48, OT_ADDR_LIST },
+  { "x-windows-dm", 49, OT_ADDR_LIST },
+  { "requested-address", 50, OT_INTERNAL | OT_ADDR_LIST },
+  { "lease-time", 51, OT_INTERNAL | OT_DEC },
+  { "option-overload", 52, OT_INTERNAL },
+  { "message-type", 53, OT_INTERNAL | OT_DEC },
+  { "server-identifier", 54, OT_INTERNAL | OT_ADDR_LIST },
+  { "parameter-request", 55, OT_INTERNAL },
+  { "message", 56, OT_INTERNAL },
+  { "max-message-size", 57, OT_INTERNAL },
+  { "T1", 58, OT_INTERNAL | OT_DEC},
+  { "T2", 59, OT_INTERNAL | OT_DEC},
+  { "vendor-class", 60, 0 },
+  { "client-id", 61, OT_INTERNAL },
+  { "nis+-domain", 64, OT_NAME },
+  { "nis+-server", 65, OT_ADDR_LIST },
+  { "tftp-server", 66, OT_NAME },
+  { "bootfile-name", 67, OT_NAME },
+  { "mobile-ip-home", 68, OT_ADDR_LIST }, 
+  { "smtp-server", 69, OT_ADDR_LIST }, 
+  { "pop3-server", 70, OT_ADDR_LIST }, 
+  { "nntp-server", 71, OT_ADDR_LIST }, 
+  { "irc-server", 74, OT_ADDR_LIST }, 
+  { "user-class", 77, 0 },
+  { "FQDN", 81, OT_INTERNAL },
+  { "agent-id", 82, OT_INTERNAL },
+  { "client-arch", 93, 2 | OT_DEC },
+  { "client-interface-id", 94, 0 },
+  { "client-machine-id", 97, 0 },
+  { "subnet-select", 118, OT_INTERNAL },
+  { "domain-search", 119, OT_RFC1035_NAME },
+  { "sip-server", 120, 0 },
+  { "classless-static-route", 121, 0 },
+  { "vendor-id-encap", 125, 0 },
+  { "server-ip-address", 255, OT_ADDR_LIST }, /* special, internal only, sets siaddr */
+  { NULL, 0, 0 }
+};
+
+#ifdef HAVE_DHCP6
+static const struct opttab_t opttab6[] = {
+  { "client-id", 1, OT_INTERNAL },
+  { "server-id", 2, OT_INTERNAL },
+  { "ia-na", 3, OT_INTERNAL },
+  { "ia-ta", 4, OT_INTERNAL },
+  { "iaaddr", 5, OT_INTERNAL },
+  { "oro", 6, OT_INTERNAL },
+  { "preference", 7, OT_INTERNAL | OT_DEC },
+  { "unicast", 12, OT_INTERNAL },
+  { "status", 13, OT_INTERNAL },
+  { "rapid-commit", 14, OT_INTERNAL },
+  { "user-class", 15, OT_INTERNAL | OT_CSTRING },
+  { "vendor-class", 16, OT_INTERNAL | OT_CSTRING },
+  { "vendor-opts", 17, OT_INTERNAL },
+  { "sip-server-domain", 21,  OT_RFC1035_NAME },
+  { "sip-server", 22, OT_ADDR_LIST },
+  { "dns-server", 23, OT_ADDR_LIST },
+  { "domain-search", 24, OT_RFC1035_NAME },
+  { "nis-server", 27, OT_ADDR_LIST },
+  { "nis+-server", 28, OT_ADDR_LIST },
+  { "nis-domain", 29,  OT_RFC1035_NAME },
+  { "nis+-domain", 30, OT_RFC1035_NAME },
+  { "sntp-server", 31,  OT_ADDR_LIST },
+  { "FQDN", 39, OT_INTERNAL | OT_RFC1035_NAME },
+  { "ntp-server", 56,  OT_ADDR_LIST },
+  { "bootfile-url", 59, OT_NAME },
+  { "bootfile-param", 60, OT_CSTRING },
+  { NULL, 0, 0 }
+};
+#endif
+
+
+
+void display_opts(void)
+{
+  int i;
+  
+  printf(_("Known DHCP options:\n"));
+  
+  for (i = 0; opttab[i].name; i++)
+    if (!(opttab[i].size & OT_INTERNAL))
+      printf("%3d %s\n", opttab[i].val, opttab[i].name);
+}
+
+#ifdef HAVE_DHCP6
+void display_opts6(void)
+{
+  int i;
+  printf(_("Known DHCPv6 options:\n"));
+  
+  for (i = 0; opttab6[i].name; i++)
+    if (!(opttab6[i].size & OT_INTERNAL))
+      printf("%3d %s\n", opttab6[i].val, opttab6[i].name);
+}
+#endif
+
+u16 lookup_dhcp_opt(int prot, char *name)
+{
+  const struct opttab_t *t;
+  int i;
+
+#ifdef HAVE_DHCP6
+  if (prot == AF_INET6)
+    t = opttab6;
+  else
+#endif
+    t = opttab;
+
+  for (i = 0; t[i].name; i++)
+    if (!(t[i].size & OT_INTERNAL) &&
+	strcasecmp(t[i].name, name) == 0)
+      return t[i].val;
+  
+  return 0;
+}
+
+u16 lookup_dhcp_len(int prot, u16 val)
+{
+  const struct opttab_t *t;
+  int i;
+
+#ifdef HAVE_DHCP6
+  if (prot == AF_INET6)
+    t = opttab6;
+  else
+#endif
+    t = opttab;
+
+  for (i = 0; t[i].name; i++)
+    if (val == t[i].val)
+      {
+	if (t[i].size & OT_INTERNAL)
+	  return 0;
+	
+	return t[i].size & ~OT_DEC;
+      }
+ 
+  return 0;
+}
+
+char *option_string(int prot, unsigned int opt, unsigned char *val, int opt_len, char *buf, int buf_len)
+{
+  int o, i, j, nodecode = 0;
+  const struct opttab_t *ot = opttab;
+
+#ifdef HAVE_DHCP6
+  if (prot == AF_INET6)
+    ot = opttab6;
+#endif
+
+  for (o = 0; ot[o].name; o++)
+    if (ot[o].val == opt)
+      {
+	if (buf)
+	  {
+	    memset(buf, 0, buf_len);
+	    
+	    if (ot[o].size & OT_ADDR_LIST) 
+	      {
+		struct all_addr addr;
+		int addr_len = INADDRSZ;
+
+#ifdef HAVE_DHCP6
+		if (prot == AF_INET6)
+		  addr_len = IN6ADDRSZ;
+#endif
+		for (buf[0]= 0, i = 0; i <= opt_len - addr_len; i += addr_len) 
+		  {
+		    if (i != 0)
+		      strncat(buf, ", ", buf_len - strlen(buf));
+		    /* align */
+		    memcpy(&addr, &val[i], addr_len); 
+		    inet_ntop(prot, &val[i], daemon->addrbuff, ADDRSTRLEN);
+		    strncat(buf, daemon->addrbuff, buf_len - strlen(buf));
+		  }
+	      }
+	    else if (ot[o].size & OT_NAME)
+		for (i = 0, j = 0; i < opt_len && j < buf_len ; i++)
+		  {
+		    char c = val[i];
+		    if (isprint((int)c))
+		      buf[j++] = c;
+		  }
+#ifdef HAVE_DHCP6
+	    /* We don't handle compressed rfc1035 names, so no good in IPv4 land */
+	    else if ((ot[o].size & OT_RFC1035_NAME) && prot == AF_INET6)
+	      {
+		i = 0, j = 0;
+		while (i < opt_len && val[i] != 0)
+		  {
+		    int k, l = i + val[i] + 1;
+		    for (k = i + 1; k < opt_len && k < l && j < buf_len ; k++)
+		     {
+		       char c = val[k];
+		       if (isprint((int)c))
+			 buf[j++] = c;
+		     }
+		    i = l;
+		    if (val[i] != 0 && j < buf_len)
+		      buf[j++] = '.';
+		  }
+	      }
+	    else if ((ot[o].size & OT_CSTRING))
+	      {
+		int k, len;
+		unsigned char *p;
+
+		i = 0, j = 0;
+		while (1)
+		  {
+		    p = &val[i];
+		    GETSHORT(len, p);
+		    for (k = 0; k < len && j < buf_len; k++)
+		      {
+		       char c = *p++;
+		       if (isprint((int)c))
+			 buf[j++] = c;
+		     }
+		    i += len +2;
+		    if (i >= opt_len)
+		      break;
+
+		    if (j < buf_len)
+		      buf[j++] = ',';
+		  }
+	      }	      
+#endif
+	    else if ((ot[o].size & OT_DEC) && opt_len != 0)
+	      {
+		unsigned int dec = 0;
+		
+		for (i = 0; i < opt_len; i++)
+		  dec = (dec << 8) | val[i]; 
+
+		sprintf(buf, "%u", dec);
+	      }
+	    else
+	      nodecode = 1;
+	  }
+	break;
+      }
+
+  if (opt_len != 0 && buf && (!ot[o].name || nodecode))
+    {
+      int trunc  = 0;
+      if (opt_len > 14)
+	{
+	  trunc = 1;
+	  opt_len = 14;
+	}
+      print_mac(buf, val, opt_len);
+      if (trunc)
+	strncat(buf, "...", buf_len - strlen(buf));
+    
+
+    }
+
+  return ot[o].name ? ot[o].name : "";
+
+}
+
+#endif

src/dhcp-protocol.h

@@ -0,0 +1,96 @@
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#define DHCP_SERVER_PORT 67
+#define DHCP_CLIENT_PORT 68
+#define DHCP_SERVER_ALTPORT 1067
+#define DHCP_CLIENT_ALTPORT 1068
+#define PXE_PORT 4011
+
+#define BOOTREQUEST              1
+#define BOOTREPLY                2
+#define DHCP_COOKIE              0x63825363
+
+/* The Linux in-kernel DHCP client silently ignores any packet 
+   smaller than this. Sigh...........   */
+#define MIN_PACKETSZ             300
+
+#define OPTION_PAD               0
+#define OPTION_NETMASK           1
+#define OPTION_ROUTER            3
+#define OPTION_DNSSERVER         6
+#define OPTION_HOSTNAME          12
+#define OPTION_DOMAINNAME        15
+#define OPTION_BROADCAST         28
+#define OPTION_VENDOR_CLASS_OPT  43
+#define OPTION_REQUESTED_IP      50 
+#define OPTION_LEASE_TIME        51
+#define OPTION_OVERLOAD          52
+#define OPTION_MESSAGE_TYPE      53
+#define OPTION_SERVER_IDENTIFIER 54
+#define OPTION_REQUESTED_OPTIONS 55
+#define OPTION_MESSAGE           56
+#define OPTION_MAXMESSAGE        57
+#define OPTION_T1                58
+#define OPTION_T2                59
+#define OPTION_VENDOR_ID         60
+#define OPTION_CLIENT_ID         61
+#define OPTION_SNAME             66
+#define OPTION_FILENAME          67
+#define OPTION_USER_CLASS        77
+#define OPTION_CLIENT_FQDN       81
+#define OPTION_AGENT_ID          82
+#define OPTION_ARCH              93
+#define OPTION_PXE_UUID          97
+#define OPTION_SUBNET_SELECT     118
+#define OPTION_DOMAIN_SEARCH     119
+#define OPTION_SIP_SERVER        120
+#define OPTION_VENDOR_IDENT      124
+#define OPTION_VENDOR_IDENT_OPT  125
+#define OPTION_END               255
+
+#define SUBOPT_CIRCUIT_ID        1
+#define SUBOPT_REMOTE_ID         2
+#define SUBOPT_SUBNET_SELECT     5     /* RFC 3527 */
+#define SUBOPT_SUBSCR_ID         6     /* RFC 3393 */
+#define SUBOPT_SERVER_OR         11    /* RFC 5107 */
+
+#define SUBOPT_PXE_BOOT_ITEM     71    /* PXE standard */
+#define SUBOPT_PXE_DISCOVERY     6
+#define SUBOPT_PXE_SERVERS       8
+#define SUBOPT_PXE_MENU          9
+#define SUBOPT_PXE_MENU_PROMPT   10
+
+#define DHCPDISCOVER             1
+#define DHCPOFFER                2
+#define DHCPREQUEST              3
+#define DHCPDECLINE              4
+#define DHCPACK                  5
+#define DHCPNAK                  6
+#define DHCPRELEASE              7
+#define DHCPINFORM               8
+
+#define BRDBAND_FORUM_IANA       3561 /* Broadband forum IANA enterprise */
+
+#define DHCP_CHADDR_MAX 16
+
+struct dhcp_packet {
+  u8 op, htype, hlen, hops;
+  u32 xid;
+  u16 secs, flags;
+  struct in_addr ciaddr, yiaddr, siaddr, giaddr;
+  u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128];
+  u8 options[312];
+};

src/dhcp6-protocol.h

@@ -0,0 +1,68 @@
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#define DHCPV6_SERVER_PORT 547
+#define DHCPV6_CLIENT_PORT 546
+
+#define ALL_SERVERS                  "FF05::1:3"
+#define ALL_RELAY_AGENTS_AND_SERVERS "FF02::1:2"
+
+#define DHCP6SOLICIT      1
+#define DHCP6ADVERTISE    2
+#define DHCP6REQUEST      3
+#define DHCP6CONFIRM      4
+#define DHCP6RENEW        5
+#define DHCP6REBIND       6
+#define DHCP6REPLY        7
+#define DHCP6RELEASE      8
+#define DHCP6DECLINE      9
+#define DHCP6RECONFIGURE  10
+#define DHCP6IREQ         11
+#define DHCP6RELAYFORW    12
+#define DHCP6RELAYREPL    13
+
+#define OPTION6_CLIENT_ID       1
+#define OPTION6_SERVER_ID       2
+#define OPTION6_IA_NA           3
+#define OPTION6_IA_TA           4
+#define OPTION6_IAADDR          5
+#define OPTION6_ORO             6
+#define OPTION6_PREFERENCE      7
+#define OPTION6_ELAPSED_TIME    8
+#define OPTION6_RELAY_MSG       9
+#define OPTION6_AUTH            11
+#define OPTION6_UNICAST         12
+#define OPTION6_STATUS_CODE     13
+#define OPTION6_RAPID_COMMIT    14
+#define OPTION6_USER_CLASS      15
+#define OPTION6_VENDOR_CLASS    16
+#define OPTION6_VENDOR_OPTS     17
+#define OPTION6_INTERFACE_ID    18
+#define OPTION6_RECONFIGURE_MSG 19
+#define OPTION6_RECONF_ACCEPT   20
+#define OPTION6_DNS_SERVER      23
+#define OPTION6_DOMAIN_SEARCH   24
+#define OPTION6_REMOTE_ID       37
+#define OPTION6_SUBSCRIBER_ID   38
+#define OPTION6_FQDN            39
+
+#define DHCP6SUCCESS     0
+#define DHCP6UNSPEC      1
+#define DHCP6NOADDRS     2
+#define DHCP6NOBINDING   3
+#define DHCP6NOTONLINK   4
+#define DHCP6USEMULTI    5
+

src/dhcp6.c

@@ -0,0 +1,431 @@
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+#ifdef HAVE_DHCP6
+
+struct iface_param {
+  struct dhcp_context *current;
+  struct in6_addr fallback;
+  int ind;
+};
+
+static int complete_context6(struct in6_addr *local,  int prefix,
+			     int scope, int if_index, int dad, void *vparam);
+
+static int make_duid1(int index, unsigned int type, char *mac, size_t maclen, void *parm); 
+
+void dhcp6_init(void)
+{
+  int fd;
+  struct sockaddr_in6 saddr;
+#if defined(IPV6_TCLASS) && defined(IPTOS_CLASS_CS6)
+  int class = IPTOS_CLASS_CS6;
+#endif
+  
+  if ((fd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP)) == -1 ||
+#if defined(IPV6_TCLASS) && defined(IPTOS_CLASS_CS6)
+      setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &class, sizeof(class)) == -1 ||
+#endif
+      !fix_fd(fd) ||
+      !set_ipv6pktinfo(fd))
+    die (_("cannot create DHCPv6 socket: %s"), NULL, EC_BADNET);
+  
+  memset(&saddr, 0, sizeof(saddr));
+#ifdef HAVE_SOCKADDR_SA_LEN
+  saddr.sin6_len = sizeof(struct sockaddr_in6);
+#endif
+  saddr.sin6_family = AF_INET6;
+  saddr.sin6_addr = in6addr_any;
+  saddr.sin6_port = htons(DHCPV6_SERVER_PORT);
+  
+  if (bind(fd, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in6)))
+    die(_("failed to bind DHCPv6 server socket: %s"), NULL, EC_BADNET);
+  
+  daemon->dhcp6fd = fd;
+}
+
+void dhcp6_packet(time_t now)
+{
+  struct dhcp_context *context;
+  struct iface_param parm;
+  struct cmsghdr *cmptr;
+  struct msghdr msg;
+  int if_index = 0;
+  union {
+    struct cmsghdr align; /* this ensures alignment */
+    char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+  } control_u;
+  struct sockaddr_in6 from;
+  struct all_addr dest;
+  ssize_t sz; 
+  struct ifreq ifr;
+  struct iname *tmp;
+  unsigned short port;
+
+  msg.msg_control = control_u.control6;
+  msg.msg_controllen = sizeof(control_u);
+  msg.msg_flags = 0;
+  msg.msg_name = &from;
+  msg.msg_namelen = sizeof(from);
+  msg.msg_iov =  &daemon->dhcp_packet;
+  msg.msg_iovlen = 1;
+  
+  if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1)
+    return;
+  
+  for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+    if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
+      {
+	union {
+	  unsigned char *c;
+	  struct in6_pktinfo *p;
+	} p;
+	p.c = CMSG_DATA(cmptr);
+        
+	if_index = p.p->ipi6_ifindex;
+	dest.addr.addr6 = p.p->ipi6_addr;
+      }
+
+  if (!indextoname(daemon->dhcp6fd, if_index, ifr.ifr_name))
+    return;
+    
+  if (!iface_check(AF_INET6, (struct all_addr *)&dest, ifr.ifr_name))
+    return;
+  
+  for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
+    if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
+      return;
+ 
+  /* weird libvirt-inspired access control */
+  for (context = daemon->dhcp6; context; context = context->next)
+    if (!context->interface || strcmp(context->interface, ifr.ifr_name) == 0)
+      break;
+  
+  if (!context)
+    return;
+
+  /* unlinked contexts are marked by context->current == context */
+  for (context = daemon->dhcp6; context; context = context->next)
+    {
+      context->current = context;
+      memset(&context->local6, 0, IN6ADDRSZ);
+    }
+
+  parm.current = NULL;
+  parm.ind = if_index;
+  memset(&parm.fallback, 0, IN6ADDRSZ);
+  
+  if (!iface_enumerate(AF_INET6, &parm, complete_context6))
+    return;
+  
+  lease_prune(NULL, now); /* lose any expired leases */
+
+  port = dhcp6_reply(parm.current, if_index, ifr.ifr_name, &parm.fallback, 
+		     sz, IN6_IS_ADDR_MULTICAST(&from.sin6_addr), now);
+  
+  lease_update_file(now);
+  lease_update_dns(0);
+  
+  /* The port in the source address of the original request should
+     be correct, but at least once client sends from the server port,
+     so we explicitly send to the client port to a client, and the
+     server port to a relay. */
+  if (port != 0)
+    {
+      from.sin6_port = htons(port);
+      while (sendto(daemon->dhcp6fd, daemon->outpacket.iov_base, save_counter(0), 
+		    0, (struct sockaddr *)&from, sizeof(from)) == -1 &&
+	   retry_send());
+    }
+}
+
+static int complete_context6(struct in6_addr *local,  int prefix,
+			     int scope, int if_index, int dad, void *vparam)
+{
+  struct dhcp_context *context;
+  struct iface_param *param = vparam;
+
+  (void)scope; /* warning */
+  (void)dad;
+  
+  if (if_index == param->ind &&
+      !IN6_IS_ADDR_LOOPBACK(local) &&
+      !IN6_IS_ADDR_LINKLOCAL(local) &&
+      !IN6_IS_ADDR_MULTICAST(local))
+    {
+      /* Determine a globally address on the arrival interface, even
+	 if we have no matching dhcp-context, because we're only
+	 allocating on remote subnets via relays. This
+	 is used as a default for the DNS server option. */
+      param->fallback = *local;
+      
+      for (context = daemon->dhcp6; context; context = context->next)
+	{
+	  if (prefix == context->prefix &&
+	      is_same_net6(local, &context->start6, prefix) &&
+	      is_same_net6(local, &context->end6, prefix))
+	    {
+	      /* link it onto the current chain if we've not seen it before */
+	      if (context->current == context)
+		{
+		  context->current = param->current;
+		  param->current = context;
+		  context->local6 = *local;
+		}
+	    }
+	}
+    }          
+  return 1;
+}
+
+struct dhcp_config *config_find_by_address6(struct dhcp_config *configs, struct in6_addr *net, int prefix, u64 addr)
+{
+  struct dhcp_config *config;
+  
+  for (config = configs; config; config = config->next)
+    if ((config->flags & CONFIG_ADDR6) &&
+	is_same_net6(&config->addr6, net, prefix) &&
+	(prefix == 128 || addr6part(&config->addr6) == addr))
+      return config;
+  
+  return NULL;
+}
+
+int address6_allocate(struct dhcp_context *context,  unsigned char *clid, int clid_len, 
+		      int serial, struct dhcp_netid *netids, struct in6_addr *ans)   
+{
+  /* Find a free address: exclude anything in use and anything allocated to
+     a particular hwaddr/clientid/hostname in our configuration.
+     Try to return from contexts which match netids first. 
+     
+     Note that we assume the address prefix lengths are 64 or greater, so we can
+     get by with 64 bit arithmetic.
+*/
+
+  u64 start, addr;
+  struct dhcp_context *c, *d;
+  int i, pass;
+  u64 j; 
+
+  /* hash hwaddr: use the SDBM hashing algorithm.  This works
+     for MAC addresses, let's see how it manages with client-ids! */
+  for (j = 0, i = 0; i < clid_len; i++)
+    j += clid[i] + (j << 6) + (j << 16) - j;
+  
+  for (pass = 0; pass <= 1; pass++)
+    for (c = context; c; c = c->current)
+      if (c->flags & (CONTEXT_DEPRECATE | CONTEXT_STATIC | CONTEXT_RA_STATELESS))
+	continue;
+      else if (!match_netid(c->filter, netids, pass))
+	continue;
+      else
+	{ 
+	  if (option_bool(OPT_CONSEC_ADDR))
+	    /* seed is largest extant lease addr in this context */
+	    start = lease_find_max_addr6(c) + serial;
+	  else
+	    start = addr6part(&c->start6) + ((j + c->addr_epoch + serial) % (1 + addr6part(&c->end6) - addr6part(&c->start6)));
+
+	  /* iterate until we find a free address. */
+	  addr = start;
+	  
+	  do {
+	    /* eliminate addresses in use by the server. */
+	    for (d = context; d; d = d->current)
+	      if (addr == addr6part(&d->local6))
+		break;
+
+	    if (!d &&
+		!lease6_find_by_addr(&c->start6, c->prefix, addr) && 
+		!config_find_by_address6(daemon->dhcp_conf, &c->start6, c->prefix, addr))
+	      {
+		*ans = c->start6;
+		setaddr6part (ans, addr);
+		return 1;
+	      }
+	
+	    addr++;
+	    
+	    if (addr  == addr6part(&c->end6) + 1)
+	      addr = addr6part(&c->start6);
+	    
+	  } while (addr != start);
+	}
+  
+  return 0;
+}
+
+struct dhcp_context *address6_available(struct dhcp_context *context, 
+					struct in6_addr *taddr,
+					struct dhcp_netid *netids)
+{
+  u64 start, end, addr = addr6part(taddr);
+  struct dhcp_context *tmp;
+ 
+  for (tmp = context; tmp; tmp = tmp->current)
+    {
+      start = addr6part(&tmp->start6);
+      end = addr6part(&tmp->end6);
+
+      if (!(tmp->flags & (CONTEXT_STATIC | CONTEXT_RA_STATELESS)) &&
+          is_same_net6(&tmp->start6, taddr, tmp->prefix) &&
+	  is_same_net6(&tmp->end6, taddr, tmp->prefix) &&
+	  addr >= start &&
+          addr <= end &&
+          match_netid(tmp->filter, netids, 1))
+        return tmp;
+    }
+
+  return NULL;
+}
+
+struct dhcp_context *narrow_context6(struct dhcp_context *context, 
+				     struct in6_addr *taddr,
+				     struct dhcp_netid *netids)
+{
+  /* We start of with a set of possible contexts, all on the current physical interface.
+     These are chained on ->current.
+     Here we have an address, and return the actual context correponding to that
+     address. Note that none may fit, if the address came a dhcp-host and is outside
+     any dhcp-range. In that case we return a static range if possible, or failing that,
+     any context on the correct subnet. (If there's more than one, this is a dodgy 
+     configuration: maybe there should be a warning.) */
+  
+  struct dhcp_context *tmp;
+
+  if (!(tmp = address6_available(context, taddr, netids)))
+    {
+      for (tmp = context; tmp; tmp = tmp->current)
+        if (match_netid(tmp->filter, netids, 1) &&
+            is_same_net6(taddr, &tmp->start6, tmp->prefix) && 
+            (tmp->flags & CONTEXT_STATIC))
+          break;
+      
+      if (!tmp)
+        for (tmp = context; tmp; tmp = tmp->current)
+          if (match_netid(tmp->filter, netids, 1) &&
+              is_same_net6(taddr, &tmp->start6, tmp->prefix) &&
+              !(tmp->flags & CONTEXT_PROXY))
+            break;
+    }
+  
+  /* Only one context allowed now */
+  if (tmp)
+    tmp->current = NULL;
+  
+  return tmp;
+}
+
+static int is_addr_in_context6(struct dhcp_context *context, struct dhcp_config *config)
+{
+  if (!context) /* called via find_config() from lease_update_from_configs() */
+    return 1; 
+  if (!(config->flags & CONFIG_ADDR6))
+    return 1;
+  for (; context; context = context->current)
+    if (is_same_net6(&config->addr6, &context->start6, context->prefix))
+      return 1;
+  
+  return 0;
+}
+
+
+struct dhcp_config *find_config6(struct dhcp_config *configs,
+				 struct dhcp_context *context,
+				 unsigned char *duid, int duid_len,
+				 char *hostname)
+{
+  struct dhcp_config *config; 
+      
+  if (duid)
+    for (config = configs; config; config = config->next)
+      if (config->flags & CONFIG_CLID)
+	{
+	  if (config->clid_len == duid_len && 
+	      memcmp(config->clid, duid, duid_len) == 0 &&
+	      is_addr_in_context6(context, config))
+	    return config;
+	}
+    
+  if (hostname && context)
+    for (config = configs; config; config = config->next)
+      if ((config->flags & CONFIG_NAME) && 
+          hostname_isequal(config->hostname, hostname) &&
+          is_addr_in_context6(context, config))
+        return config;
+
+  return NULL;
+}
+
+void make_duid(time_t now)
+{
+  if (daemon->duid_config)
+    {
+      unsigned char *p;
+      
+      daemon->duid = p = safe_malloc(daemon->duid_config_len + 6);
+      daemon->duid_len = daemon->duid_config_len + 6;
+      PUTSHORT(2, p); /* DUID_EN */
+      PUTLONG(daemon->duid_enterprise, p);
+      memcpy(p, daemon->duid_config, daemon->duid_config_len);
+    }
+  else
+    {
+      /* rebase epoch to 1/1/2000 */
+      time_t newnow = now - 946684800;
+      
+      iface_enumerate(AF_LOCAL, &newnow, make_duid1);
+      
+      if(!daemon->duid)
+	die("Cannot create DHCPv6 server DUID: %s", NULL, EC_MISC);
+    }
+}
+
+static int make_duid1(int index, unsigned int type, char *mac, size_t maclen, void *parm)
+{
+  /* create DUID as specified in RFC3315. We use the MAC of the
+     first interface we find that isn't loopback or P-to-P and
+     has address-type < 256. Address types above 256 are things like 
+     tunnels which don't have usable MAC addresses. */
+  
+  unsigned char *p;
+  (void)index;
+
+  if (type >= 256)
+    return 1;
+
+#ifdef HAVE_BROKEN_RTC
+  daemon->duid = p = safe_malloc(maclen + 4);
+  daemon->duid_len = maclen + 4;
+  PUTSHORT(3, p); /* DUID_LL */
+  PUTSHORT(type, p); /* address type */
+#else
+  daemon->duid = p = safe_malloc(maclen + 8);
+  daemon->duid_len = maclen + 8;
+  PUTSHORT(1, p); /* DUID_LLT */
+  PUTSHORT(type, p); /* address type */
+  PUTLONG(*((time_t *)parm), p); /* time */
+#endif
+
+  memcpy(p, mac, maclen);
+
+  return 0;
+}
+#endif
+
+

src/dns-protocol.h

@@ -0,0 +1,114 @@
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#define NAMESERVER_PORT 53
+#define TFTP_PORT       69
+
+#define IN6ADDRSZ       16
+#define INADDRSZ        4
+
+#define PACKETSZ	512		/* maximum packet size */
+#define MAXDNAME	1025		/* maximum presentation domain name */
+#define RRFIXEDSZ	10		/* #/bytes of fixed data in r record */
+#define MAXLABEL        63              /* maximum length of domain label */
+
+#define NOERROR		0		/* no error */
+#define FORMERR		1		/* format error */
+#define SERVFAIL	2		/* server failure */
+#define NXDOMAIN	3		/* non existent domain */
+#define NOTIMP		4		/* not implemented */
+#define REFUSED		5		/* query refused */
+
+#define QUERY           0               /* opcode */
+
+#define C_IN            1               /* the arpa internet */
+#define C_CHAOS         3               /* for chaos net (MIT) */
+#define C_ANY           255             /* wildcard match */
+
+#define T_A		1
+#define T_NS            2               
+#define T_CNAME		5
+#define T_SOA		6
+#define T_PTR		12
+#define T_MX		15
+#define T_TXT		16
+#define T_SIG		24
+#define T_AAAA		28
+#define T_SRV		33
+#define T_NAPTR		35
+#define T_OPT		41
+#define	T_TKEY		249		
+#define	T_TSIG		250
+#define T_MAILB		253	
+#define T_ANY		255
+
+struct dns_header {
+  u16 id;
+  u8  hb3,hb4;
+  u16 qdcount,ancount,nscount,arcount;
+};
+
+#define HB3_QR       0x80
+#define HB3_OPCODE   0x78
+#define HB3_AA       0x04
+#define HB3_TC       0x02
+#define HB3_RD       0x01
+
+#define HB4_RA       0x80
+#define HB4_AD       0x20
+#define HB4_CD       0x10
+#define HB4_RCODE    0x0f
+
+#define OPCODE(x)          (((x)->hb3 & HB3_OPCODE) >> 3)
+#define RCODE(x)           ((x)->hb4 & HB4_RCODE)
+#define SET_RCODE(x, code) (x)->hb4 = ((x)->hb4 & ~HB4_RCODE) | code
+  
+#define GETSHORT(s, cp) { \
+	unsigned char *t_cp = (unsigned char *)(cp); \
+	(s) = ((u16)t_cp[0] << 8) \
+	    | ((u16)t_cp[1]) \
+	    ; \
+	(cp) += 2; \
+}
+
+#define GETLONG(l, cp) { \
+	unsigned char *t_cp = (unsigned char *)(cp); \
+	(l) = ((u32)t_cp[0] << 24) \
+	    | ((u32)t_cp[1] << 16) \
+	    | ((u32)t_cp[2] << 8) \
+	    | ((u32)t_cp[3]) \
+	    ; \
+	(cp) += 4; \
+}
+
+#define PUTSHORT(s, cp) { \
+	u16 t_s = (u16)(s); \
+	unsigned char *t_cp = (unsigned char *)(cp); \
+	*t_cp++ = t_s >> 8; \
+	*t_cp   = t_s; \
+	(cp) += 2; \
+}
+
+#define PUTLONG(l, cp) { \
+	u32 t_l = (u32)(l); \
+	unsigned char *t_cp = (unsigned char *)(cp); \
+	*t_cp++ = t_l >> 24; \
+	*t_cp++ = t_l >> 16; \
+	*t_cp++ = t_l >> 8; \
+	*t_cp   = t_l; \
+	(cp) += 4; \
+}
+

src/helper.c

@@ -1,17 +1,23 @@
-/* dnsmasq is Copyright (c) 2000-2006 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "dnsmasq.h"
 
+#ifdef HAVE_SCRIPT
+
 /* This file has code to fork a helper process which recieves data via a pipe 
    shared with the main process and which is responsible for calling a script when
    DHCP leases change.
@@ -24,74 +30,170 @@
    main process.
 */
 
+static void my_setenv(const char *name, const char *value, int *error);
+static unsigned char *grab_extradata(unsigned char *buf, unsigned char *end,  char *env, int *err);
+
+#ifdef HAVE_LUASCRIPT
+#include <lua.h>  
+#include <lualib.h>  
+#include <lauxlib.h>  
+
+lua_State *lua;
+
+static unsigned char *grab_extradata_lua(unsigned char *buf, unsigned char *end, char *field);
+#endif
+
+
 struct script_data
 {
-  unsigned char action, hwaddr_len, hwaddr_type;
-  unsigned char clid_len, hostname_len, uclass_len, vclass_len;
-  struct in_addr addr;
+  int flags;
+  int action, hwaddr_len, hwaddr_type;
+  int clid_len, hostname_len, ed_len;
+  struct in_addr addr, giaddr;
+  unsigned int remaining_time;
 #ifdef HAVE_BROKEN_RTC
   unsigned int length;
 #else
   time_t expires;
 #endif
   unsigned char hwaddr[DHCP_CHADDR_MAX];
+  char interface[IF_NAMESIZE];
+
 };
 
-static struct script_data *buf;
-static size_t bytes_in_buf, buf_size;
+static struct script_data *buf = NULL;
+static size_t bytes_in_buf = 0, buf_size = 0;
 
-int create_helper(struct daemon *daemon)
+int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 {
   pid_t pid;
   int i, pipefd[2];
   struct sigaction sigact;
 
-  buf = NULL;
-  buf_size = bytes_in_buf = 0;
-
-  if (!daemon->dhcp || !daemon->lease_change_command)
-    return -1;
-
   /* create the pipe through which the main program sends us commands,
-   then fork our process. */
+     then fork our process. */
   if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
-    return -1;
-  
+    {
+      send_event(err_fd, EVENT_PIPE_ERR, errno, NULL);
+      _exit(0);
+    }
+
   if (pid != 0)
     {
       close(pipefd[0]); /* close reader side */
       return pipefd[1];
     }
 
-  /* ignore SIGTERM, so that we can clean up when the main process gets hit */
+  /* ignore SIGTERM, so that we can clean up when the main process gets hit
+     and SIGALRM so that we can use sleep() */
   sigact.sa_handler = SIG_IGN;
   sigact.sa_flags = 0;
   sigemptyset(&sigact.sa_mask);
   sigaction(SIGTERM, &sigact, NULL);
+  sigaction(SIGALRM, &sigact, NULL);
 
-  /* close all the sockets etc, we don't need them here */
-  for (i = 0; i < 64; i++)
-    if (i != STDOUT_FILENO && i != STDERR_FILENO && 
-	i != STDIN_FILENO && i != pipefd[0])
-      close(i);
+  if (!option_bool(OPT_DEBUG) && uid != 0)
+    {
+      gid_t dummy;
+      if (setgroups(0, &dummy) == -1 || 
+	  setgid(gid) == -1 || 
+	  setuid(uid) == -1)
+	{
+	  if (option_bool(OPT_NO_FORK))
+	    /* send error to daemon process if no-fork */
+	    send_event(event_fd, EVENT_USER_ERR, errno, daemon->scriptuser);
+	  else
+	    {
+	      /* kill daemon */
+	      send_event(event_fd, EVENT_DIE, 0, NULL);
+	      /* return error */
+	      send_event(err_fd, EVENT_USER_ERR, errno, daemon->scriptuser);
+	    }
+	  _exit(0);
+	}
+    }
 
-  /* we open our own log connection. */
-  log_start(daemon);
+  /* close all the sockets etc, we don't need them here. 
+     Don't close err_fd, in case the lua-init fails.
+     Note that we have to do this before lua init
+     so we don't close any lua fds. */
+  for (max_fd--; max_fd >= 0; max_fd--)
+    if (max_fd != STDOUT_FILENO && max_fd != STDERR_FILENO && 
+	max_fd != STDIN_FILENO && max_fd != pipefd[0] && 
+	max_fd != event_fd && max_fd != err_fd)
+      close(max_fd);
   
-  /* don't give our end of the pipe to our children */
-  if ((i = fcntl(pipefd[0], F_GETFD)) != -1)
-    fcntl(pipefd[0], F_SETFD, i | FD_CLOEXEC); 
+#ifdef HAVE_LUASCRIPT
+  if (daemon->luascript)
+    {
+      const char *lua_err = NULL;
+      lua = lua_open();
+      luaL_openlibs(lua);
       
+      /* get Lua to load our script file */
+      if (luaL_dofile(lua, daemon->luascript) != 0)
+	lua_err = lua_tostring(lua, -1);
+      else
+	{
+	  lua_getglobal(lua, "lease");
+	  if (lua_type(lua, -1) != LUA_TFUNCTION) 
+	    lua_err = _("lease() function missing in Lua script");
+	}
+      
+      if (lua_err)
+	{
+	  if (option_bool(OPT_NO_FORK) || option_bool(OPT_DEBUG))
+	    /* send error to daemon process if no-fork */
+	    send_event(event_fd, EVENT_LUA_ERR, 0, (char *)lua_err);
+	  else
+	    {
+	      /* kill daemon */
+	      send_event(event_fd, EVENT_DIE, 0, NULL);
+	      /* return error */
+	      send_event(err_fd, EVENT_LUA_ERR, 0, (char *)lua_err);
+	    }
+	  _exit(0);
+	}
+      
+      lua_pop(lua, 1);  /* remove nil from stack */
+      lua_getglobal(lua, "init");
+      if (lua_type(lua, -1) == LUA_TFUNCTION)
+	lua_call(lua, 0, 0);
+      else
+	lua_pop(lua, 1);  /* remove nil from stack */	
+    }
+#endif
+
+  /* All init done, close our copy of the error pipe, so that main process can return */
+  if (err_fd != -1)
+    close(err_fd);
+    
   /* loop here */
   while(1)
     {
       struct script_data data;
-      char *p, *action_str, *hostname = NULL;
+      char *p, *action_str, *hostname = NULL, *domain = NULL;
       unsigned char *buf = (unsigned char *)daemon->namebuff;
+      unsigned char *end, *extradata, *alloc_buff = NULL;
+      int is6, err = 0;
 
+      free(alloc_buff);
+      
       /* we read zero bytes when pipe closed: this is our signal to exit */ 
       if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
-	_exit(0);
+	{
+#ifdef HAVE_LUASCRIPT
+	  if (daemon->luascript)
+	    {
+	      lua_getglobal(lua, "shutdown");
+	      if (lua_type(lua, -1) == LUA_TFUNCTION)
+		lua_call(lua, 0, 0);
+	    }
+#endif
+	  _exit(0);
+	}
+ 
+      is6 = !!(data.flags & (LEASE_TA | LEASE_NA));
       
       if (data.action == ACTION_DEL)
 	action_str = "del";
@@ -99,210 +201,553 @@ int create_helper(struct daemon *daemon)
 	action_str = "add";
       else if (data.action == ACTION_OLD || data.action == ACTION_OLD_HOSTNAME)
 	action_str = "old";
+      else if (data.action == ACTION_TFTP)
+	{
+	  action_str = "tftp";
+	  is6 = (data.flags != AF_INET);
+	}
       else
 	continue;
-	
-      /* stringify MAC into dhcp_buff */
-      p = daemon->dhcp_buff;
-      if (data.hwaddr_type != ARPHRD_ETHER || data.hwaddr_len == 0) 
-	p += sprintf(p, "%.2x-", data.hwaddr_type);
-      for (i = 0; (i < data.hwaddr_len) && (i < DHCP_CHADDR_MAX); i++)
+
+      	
+      if (!is6)
 	{
-	  p += sprintf(p, "%.2x", data.hwaddr[i]);
-	  if (i != data.hwaddr_len - 1)
-	    p += sprintf(p, ":");
+	  /* stringify MAC into dhcp_buff */
+	  p = daemon->dhcp_buff;
+	  if (data.hwaddr_type != ARPHRD_ETHER || data.hwaddr_len == 0) 
+	    p += sprintf(p, "%.2x-", data.hwaddr_type);
+	  for (i = 0; (i < data.hwaddr_len) && (i < DHCP_CHADDR_MAX); i++)
+	    {
+	      p += sprintf(p, "%.2x", data.hwaddr[i]);
+	      if (i != data.hwaddr_len - 1)
+		p += sprintf(p, ":");
+	    }
 	}
-      
-      /* and CLID into packet */
-      if (!read_write(pipefd[0], buf, data.clid_len, 1))
-	continue;
-      for (p = daemon->packet, i = 0; i < data.clid_len; i++)
-	{
-	  p += sprintf(p, "%.2x", buf[i]);
-	  if (i != data.clid_len - 1) 
-	    p += sprintf(p, ":");
-	}
-      
-      /* and expiry or length into dhcp_buff2 */
+       
+      /* expiry or length into dhcp_buff2 */
 #ifdef HAVE_BROKEN_RTC
-      sprintf(daemon->dhcp_buff2, "%u ", data.length);
+      sprintf(daemon->dhcp_buff2, "%u", data.length);
 #else
-      sprintf(daemon->dhcp_buff2, "%lu ", (unsigned long)data.expires);
+      sprintf(daemon->dhcp_buff2, "%lu", (unsigned long)data.expires);
 #endif
-      
-      if (!read_write(pipefd[0], buf, data.hostname_len + data.uclass_len + data.vclass_len, 1))
+           
+      /* supplied data may just exceed normal buffer (unlikely) */
+      if ((data.hostname_len + data.ed_len + data.clid_len) > MAXDNAME && 
+	  !(alloc_buff = buf = malloc(data.hostname_len + data.ed_len + data.clid_len)))
 	continue;
       
-      if ((pid = fork()) == -1)
+      if (!read_write(pipefd[0], buf, 
+		      data.hostname_len + data.ed_len + data.clid_len, 1))
+	continue;
+
+      /* CLID into packet */
+      if (!is6)
+	for (p = daemon->packet, i = 0; i < data.clid_len; i++)
+	  {
+	    p += sprintf(p, "%.2x", buf[i]);
+	    if (i != data.clid_len - 1) 
+	      p += sprintf(p, ":");
+	  }
+#ifdef HAVE_DHCP6
+      else
+	{
+	  /* or IAID and server DUID for IPv6 */
+	  sprintf(daemon->dhcp_buff3, "%s%u", data.flags & LEASE_TA ? "T" : "", data.hwaddr_type);	
+	  for (p = daemon->packet, i = 0; i < daemon->duid_len; i++)
+	    {
+	      p += sprintf(p, "%.2x", daemon->duid[i]);
+	      if (i != daemon->duid_len - 1) 
+		p += sprintf(p, ":");
+	    }
+
+	  /* duid not MAC for IPv6 */
+	  for (p = daemon->dhcp_buff, i = 0; i < data.clid_len; i++)
+	    {
+	      p += sprintf(p, "%.2x", buf[i]);
+	      if (i != data.clid_len - 1) 
+		p += sprintf(p, ":");
+	    } 
+	}
+#endif
+
+      buf += data.clid_len;
+
+      if (data.hostname_len != 0)
+	{
+	  char *dot;
+	  hostname = (char *)buf;
+	  hostname[data.hostname_len - 1] = 0;
+	  if (data.action != ACTION_TFTP)
+	    {
+	      if (!legal_hostname(hostname))
+		hostname = NULL;
+	      else if ((dot = strchr(hostname, '.')))
+		{
+		  domain = dot+1;
+		  *dot = 0;
+		} 
+	    }
+	}
+    
+      extradata = buf + data.hostname_len;
+    
+      if (!is6)
+	inet_ntop(AF_INET, &data.addr, daemon->addrbuff, ADDRSTRLEN);
+#ifdef HAVE_DHCP6
+      else
+	inet_ntop(AF_INET6, &data.hwaddr, daemon->addrbuff, ADDRSTRLEN);
+#endif
+
+      /* file length */
+      if (data.action == ACTION_TFTP)
+	sprintf(daemon->dhcp_buff, "%u", data.hwaddr_len);
+      
+#ifdef HAVE_LUASCRIPT
+      if (daemon->luascript)
+	{
+	  if (data.action == ACTION_TFTP)
+	    {
+	      lua_getglobal(lua, "tftp"); 
+	      if (lua_type(lua, -1) != LUA_TFUNCTION)
+		lua_pop(lua, 1); /* tftp function optional */
+	      else
+		{
+		  lua_pushstring(lua, action_str); /* arg1 - action */
+		  lua_newtable(lua);               /* arg2 - data table */
+		  lua_pushstring(lua, daemon->addrbuff);
+		  lua_setfield(lua, -2, "destination_address");
+		  lua_pushstring(lua, hostname);
+		  lua_setfield(lua, -2, "file_name"); 
+		  lua_pushstring(lua, daemon->dhcp_buff);
+		  lua_setfield(lua, -2, "file_size");
+		  lua_call(lua, 2, 0);	/* pass 2 values, expect 0 */
+		}
+	    }
+	  else
+	    {
+	      lua_getglobal(lua, "lease");     /* function to call */
+	      lua_pushstring(lua, action_str); /* arg1 - action */
+	      lua_newtable(lua);               /* arg2 - data table */
+	      
+	      if (is6)
+		{
+		  lua_pushstring(lua, daemon->dhcp_buff);
+		  lua_setfield(lua, -2, "client_duid");
+		  lua_pushstring(lua, daemon->packet);
+		  lua_setfield(lua, -2, "server_duid");
+		  lua_pushstring(lua, daemon->dhcp_buff3);
+		  lua_setfield(lua, -2, "iaid");
+		}
+	      
+	      if (!is6 && data.clid_len != 0)
+		{
+		  lua_pushstring(lua, daemon->packet);
+		  lua_setfield(lua, -2, "client_id");
+		}
+	      
+	      if (strlen(data.interface) != 0)
+		{
+		  lua_pushstring(lua, data.interface);
+		  lua_setfield(lua, -2, "interface");
+		}
+	      
+#ifdef HAVE_BROKEN_RTC	
+	      lua_pushnumber(lua, data.length);
+	      lua_setfield(lua, -2, "lease_length");
+#else
+	      lua_pushnumber(lua, data.expires);
+	      lua_setfield(lua, -2, "lease_expires");
+#endif
+	      
+	      if (hostname)
+		{
+		  lua_pushstring(lua, hostname);
+		  lua_setfield(lua, -2, "hostname");
+		}
+	      
+	      if (domain)
+		{
+		  lua_pushstring(lua, domain);
+		  lua_setfield(lua, -2, "domain");
+		}
+	      
+	      end = extradata + data.ed_len;
+	      buf = extradata;
+	      
+	      if (!is6)
+		buf = grab_extradata_lua(buf, end, "vendor_class");
+#ifdef HAVE_DHCP6
+	      else
+		for (i = 0; i < data.hwaddr_len; i++)
+		  {
+		    sprintf(daemon->dhcp_buff2, "vendor_class%i", i);
+		    buf = grab_extradata_lua(buf, end, daemon->dhcp_buff2);
+		  }
+#endif
+	      
+	      buf = grab_extradata_lua(buf, end, "supplied_hostname");
+	      
+	      if (!is6)
+		{
+		  buf = grab_extradata_lua(buf, end, "cpewan_oui");
+		  buf = grab_extradata_lua(buf, end, "cpewan_serial");   
+		  buf = grab_extradata_lua(buf, end, "cpewan_class");
+		}
+	      
+	      buf = grab_extradata_lua(buf, end, "tags");
+	      
+	      if (is6)
+		buf = grab_extradata_lua(buf, end, "relay_address");
+	      else if (data.giaddr.s_addr != 0)
+		{
+		  lua_pushstring(lua, inet_ntoa(data.giaddr));
+		  lua_setfield(lua, -2, "relay_address");
+		}
+	      
+	      for (i = 0; buf; i++)
+		{
+		  sprintf(daemon->dhcp_buff2, "user_class%i", i);
+		  buf = grab_extradata_lua(buf, end, daemon->dhcp_buff2);
+		}
+	      
+	      if (data.action != ACTION_DEL && data.remaining_time != 0)
+		{
+		  lua_pushnumber(lua, data.remaining_time);
+		  lua_setfield(lua, -2, "time_remaining");
+		}
+	      
+	      if (data.action == ACTION_OLD_HOSTNAME && hostname)
+		{
+		  lua_pushstring(lua, hostname);
+		  lua_setfield(lua, -2, "old_hostname");
+		}
+	      
+	      if (!is6)
+		{
+		  lua_pushstring(lua, daemon->dhcp_buff);
+		  lua_setfield(lua, -2, "mac_address");
+		}
+	      
+	      lua_pushstring(lua, daemon->addrbuff);
+	      lua_setfield(lua, -2, "ip_address");
+	    
+	      lua_call(lua, 2, 0);	/* pass 2 values, expect 0 */
+	    }
+	}
+#endif
+
+      /* no script, just lua */
+      if (!daemon->lease_change_command)
+	continue;
+
+      /* possible fork errors are all temporary resource problems */
+      while ((pid = fork()) == -1 && (errno == EAGAIN || errno == ENOMEM))
+	sleep(2);
+
+      if (pid == -1)
 	continue;
       
       /* wait for child to complete */
       if (pid != 0)
 	{
-	  int status;
-	  waitpid(pid, &status, 0);
-	  if (WIFSIGNALED(status))
-	    syslog(LOG_WARNING, _("child process killed by signal %d"), WTERMSIG(status));
-	  else if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
-	    syslog(LOG_WARNING, _("child process exited with status %d"), WEXITSTATUS(status));
+	  /* reap our children's children, if necessary */
+	  while (1)
+	    {
+	      int status;
+	      pid_t rc = wait(&status);
+	      
+	      if (rc == pid)
+		{
+		  /* On error send event back to main process for logging */
+		  if (WIFSIGNALED(status))
+		    send_event(event_fd, EVENT_KILLED, WTERMSIG(status), NULL);
+		  else if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
+		    send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status), NULL);
+		  break;
+		}
+	      
+	      if (rc == -1 && errno != EINTR)
+		break;
+	    }
+	  
 	  continue;
 	}
       
-      if (data.clid_len != 0)
-	setenv("DNSMASQ_CLIENT_ID", daemon->packet, 1);
-      else
-	unsetenv("DNSMASQ_CLIENT_ID");
-      
-#ifdef HAVE_BROKEN_RTC
-      setenv("DNSMASQ_LEASE_LENGTH", daemon->dhcp_buff2, 1);
-      unsetenv("DNSMASQ_LEASE_EXPIRES");
-#else
-      setenv("DNSMASQ_LEASE_EXPIRES", daemon->dhcp_buff2, 1); 
-      unsetenv("DNSMASQ_LEASE_LENGTH");
-#endif
-      
-      if (data.vclass_len != 0)
+      if (data.action != ACTION_TFTP)
 	{
-	  buf[data.vclass_len - 1] = 0; /* don't trust zero-term */
-	  /* cannot have = chars in env - truncate if found . */
-	  if ((p = strchr((char *)buf, '=')))
-	    *p = 0;
-	  setenv("DNSMASQ_VENDOR_CLASS", (char *)buf, 1);
-	  buf += data.vclass_len;
-	}
-      else 
-	unsetenv("DNSMASQ_VENDOR_CLASS");
-      
-      if (data.uclass_len != 0)
-	{
-	  unsigned char *end = buf + data.uclass_len;
-	  buf[data.uclass_len - 1] = 0; /* don't trust zero-term */
-	  
-	  for (i = 0; buf < end;)
+	  if (is6)
 	    {
-	      size_t len = strlen((char *)buf) + 1;
-	      if ((p = strchr((char *)buf, '=')))
-		*p = 0;
-	      if (strlen((char *)buf) != 0)
+	      my_setenv("DNSMASQ_IAID", daemon->dhcp_buff3, &err);
+	      my_setenv("DNSMASQ_SERVER_DUID", daemon->packet, &err);
+	    }
+	  
+	  if (!is6 && data.clid_len != 0)
+	    my_setenv("DNSMASQ_CLIENT_ID", daemon->packet, &err);
+	  
+	  if (strlen(data.interface) != 0)
+	    my_setenv("DNSMASQ_INTERFACE", data.interface, &err);
+	  
+#ifdef HAVE_BROKEN_RTC
+	  my_setenv("DNSMASQ_LEASE_LENGTH", daemon->dhcp_buff2, &err);
+#else
+	  my_setenv("DNSMASQ_LEASE_EXPIRES", daemon->dhcp_buff2, &err); 
+#endif
+	  
+	  if (domain)
+	    my_setenv("DNSMASQ_DOMAIN", domain, &err);
+	  
+	  end = extradata + data.ed_len;
+	  buf = extradata;
+	  
+	  if (!is6)
+	    buf = grab_extradata(buf, end, "DNSMASQ_VENDOR_CLASS", &err);
+#ifdef HAVE_DHCP6
+	  else
+	    {
+	      if (data.hwaddr_len != 0)
 		{
-		  sprintf(daemon->dhcp_buff2, "DNSMASQ_USER_CLASS%i", i++);
-		  setenv(daemon->dhcp_buff2, (char *)buf, 1);
+		  buf = grab_extradata(buf, end, "DNSMASQ_VENDOR_CLASS_ID", &err);
+		  for (i = 0; i < data.hwaddr_len - 1; i++)
+		    {
+		      sprintf(daemon->dhcp_buff2, "DNSMASQ_VENDOR_CLASS%i", i);
+		      buf = grab_extradata(buf, end, daemon->dhcp_buff2, &err);
+		    }
 		}
-	      buf += len;
+	    }
+#endif
+	  
+	  buf = grab_extradata(buf, end, "DNSMASQ_SUPPLIED_HOSTNAME", &err);
+	  
+	  if (!is6)
+	    {
+	      buf = grab_extradata(buf, end, "DNSMASQ_CPEWAN_OUI", &err);
+	      buf = grab_extradata(buf, end, "DNSMASQ_CPEWAN_SERIAL", &err);   
+	      buf = grab_extradata(buf, end, "DNSMASQ_CPEWAN_CLASS", &err);
+	    }
+	  
+	  buf = grab_extradata(buf, end, "DNSMASQ_TAGS", &err);
+	  
+	  if (is6)
+	    buf = grab_extradata(buf, end, "DNSMASQ_RELAY_ADDRESS", &err);
+	  else if (data.giaddr.s_addr != 0)
+	    my_setenv("DNSMASQ_RELAY_ADDRESS", inet_ntoa(data.giaddr), &err); 
+	  
+	  for (i = 0; buf; i++)
+	    {
+	      sprintf(daemon->dhcp_buff2, "DNSMASQ_USER_CLASS%i", i);
+	      buf = grab_extradata(buf, end, daemon->dhcp_buff2, &err);
+	    }
+	  
+	  if (data.action != ACTION_DEL && data.remaining_time != 0)
+	    {
+	      sprintf(daemon->dhcp_buff2, "%u", data.remaining_time);
+	      my_setenv("DNSMASQ_TIME_REMAINING", daemon->dhcp_buff2, &err);
+	    }
+	  
+	  if (data.action == ACTION_OLD_HOSTNAME && hostname)
+	    {
+	      my_setenv("DNSMASQ_OLD_HOSTNAME", hostname, &err);
+	      hostname = NULL;
 	    }
 	}
-      
-      if (data.hostname_len != 0)
-	{
-	  hostname = (char *)buf;
-	  hostname[data.hostname_len - 1] = 0;
-	  canonicalise(hostname);
-	}
-      
-      if (data.action == ACTION_OLD_HOSTNAME && hostname)
-	{
-	  setenv("DNSMASQ_OLD_HOSTNAME", hostname, 1);
-	  hostname = NULL;
-	}
-      else
-	unsetenv("DNSMASQ_OLD_HOSTNAME");
-      
+
+      if (option_bool(OPT_LOG_OPTS))
+	my_setenv("DNSMASQ_LOG_DHCP", "1", &err);
+	 
+      /* we need to have the event_fd around if exec fails */
+      if ((i = fcntl(event_fd, F_GETFD)) != -1)
+	fcntl(event_fd, F_SETFD, i | FD_CLOEXEC);
+      close(pipefd[0]);
+
       p =  strrchr(daemon->lease_change_command, '/');
-      execl(daemon->lease_change_command, 
-	    p ? p+1 : daemon->lease_change_command,
-	    action_str, daemon->dhcp_buff, inet_ntoa(data.addr), hostname, (char*)NULL);
-      
-      /* log socket should still be open, right? */
-      syslog(LOG_ERR, _("failed to execute %s: %m"), 
-	     daemon->lease_change_command);
+      if (err == 0)
+	{
+	  execl(daemon->lease_change_command, 
+		p ? p+1 : daemon->lease_change_command,
+		action_str, daemon->dhcp_buff, daemon->addrbuff, hostname, (char*)NULL);
+	  err = errno;
+	}
+      /* failed, send event so the main process logs the problem */
+      send_event(event_fd, EVENT_EXEC_ERR, err, NULL);
       _exit(0); 
     }
 }
 
-/* pack up lease data into a buffer */    
-void queue_script(struct daemon *daemon, int action, struct dhcp_lease *lease, char *hostname)
+static void my_setenv(const char *name, const char *value, int *error)
 {
-  unsigned char *p;
-  size_t size;
-  unsigned int hostname_len = 0, clid_len = 0, vclass_len = 0, uclass_len = 0;
+  if (*error == 0 && setenv(name, value, 1) != 0)
+    *error = errno;
+}
+ 
+static unsigned char *grab_extradata(unsigned char *buf, unsigned char *end,  char *env, int *err)
+{
+  unsigned char *next;
 
-  /* no script */
-  if (daemon->helperfd == -1)
-    return;
+  if (!buf || (buf == end))
+    return NULL;
 
-  if (lease->vendorclass)
-    vclass_len = lease->vendorclass_len;
-  if (lease->userclass)
-    uclass_len = lease->userclass_len;
-  if (lease->clid)
-    clid_len = lease->clid_len;
-  if (hostname)
-    hostname_len = strlen(hostname) + 1;
+  for (next = buf; *next != 0; next++)
+    if (next == end)
+      return NULL;
+  
+  if (next != buf)
+    {
+      char *p;
+      /* No "=" in value */
+      if ((p = strchr((char *)buf, '=')))
+	*p = 0;
+      my_setenv(env, (char *)buf, err);
+    }
 
-  size = sizeof(struct script_data) +  clid_len + vclass_len + uclass_len + hostname_len;
+  return next + 1;
+}
 
+#ifdef HAVE_LUASCRIPT
+static unsigned char *grab_extradata_lua(unsigned char *buf, unsigned char *end, char *field)
+{
+  unsigned char *next;
+
+  if (!buf || (buf == end))
+    return NULL;
+
+  for (next = buf; *next != 0; next++)
+    if (next == end)
+      return NULL;
+  
+  if (next != buf)
+    {
+      lua_pushstring(lua,  (char *)buf);
+      lua_setfield(lua, -2, field);
+    }
+
+  return next + 1;
+}
+#endif
+
+static void buff_alloc(size_t size)
+{
   if (size > buf_size)
     {
       struct script_data *new;
       
-      /* start with resonable size, will almost never need extending. */
+      /* start with reasonable size, will almost never need extending. */
       if (size < sizeof(struct script_data) + 200)
 	size = sizeof(struct script_data) + 200;
 
-      if (!(new = malloc(size)))
+      if (!(new = whine_malloc(size)))
 	return;
       if (buf)
 	free(buf);
       buf = new;
       buf_size = size;
     }
+}
+
+/* pack up lease data into a buffer */    
+void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now)
+{
+  unsigned char *p;
+  unsigned int hostname_len = 0, clid_len = 0, ed_len = 0;
+  int fd = daemon->dhcpfd;
+
+#ifdef HAVE_DHCP6
+  if (!daemon->dhcp)
+    fd = daemon->dhcp6fd;
+#endif
+
+  /* no script */
+  if (daemon->helperfd == -1)
+    return;
+
+  if (lease->extradata)
+    ed_len = lease->extradata_len;
+  if (lease->clid)
+    clid_len = lease->clid_len;
+  if (hostname)
+    hostname_len = strlen(hostname) + 1;
+
+  buff_alloc(sizeof(struct script_data) +  clid_len + ed_len + hostname_len);
 
   buf->action = action;
+  buf->flags = lease->flags;
   buf->hwaddr_len = lease->hwaddr_len;
   buf->hwaddr_type = lease->hwaddr_type;
   buf->clid_len = clid_len;
-  buf->vclass_len = vclass_len;
-  buf->uclass_len = uclass_len;
+  buf->ed_len = ed_len;
   buf->hostname_len = hostname_len;
   buf->addr = lease->addr;
-  memcpy(buf->hwaddr, lease->hwaddr, lease->hwaddr_len);
+  buf->giaddr = lease->giaddr;
+  memcpy(buf->hwaddr, lease->hwaddr, DHCP_CHADDR_MAX);
+  if (!indextoname(fd, lease->last_interface, buf->interface))
+    buf->interface[0] = 0;
+  
 #ifdef HAVE_BROKEN_RTC 
   buf->length = lease->length;
 #else
   buf->expires = lease->expires;
 #endif
- 
+
+  if (lease->expires != 0)
+    buf->remaining_time = (unsigned int)difftime(lease->expires, now);
+  else
+    buf->remaining_time = 0;
+
   p = (unsigned char *)(buf+1);
-  if (buf->clid_len != 0)
+  if (clid_len != 0)
     {
       memcpy(p, lease->clid, clid_len);
       p += clid_len;
     }
-  if (buf->vclass_len != 0)
-    {
-      memcpy(p, lease->vendorclass, vclass_len);
-      p += vclass_len;
-    }
-  if (buf->uclass_len != 0)
-    {
-      memcpy(p, lease->userclass, uclass_len);
-      p += uclass_len;
-    }
-  if (buf->hostname_len != 0)
+  if (hostname_len != 0)
     {
       memcpy(p, hostname, hostname_len);
       p += hostname_len;
     }
-
+  if (ed_len != 0)
+    {
+      memcpy(p, lease->extradata, ed_len);
+      p += ed_len;
+    }
   bytes_in_buf = p - (unsigned char *)buf;
 }
 
+#ifdef HAVE_TFTP
+/* This nastily re-uses DHCP-fields for TFTP stuff */
+void queue_tftp(off_t file_len, char *filename, union mysockaddr *peer)
+{
+  unsigned int filename_len;
+
+  /* no script */
+  if (daemon->helperfd == -1)
+    return;
+  
+  filename_len = strlen(filename) + 1;
+  buff_alloc(sizeof(struct script_data) +  filename_len);
+  memset(buf, 0, sizeof(struct script_data));
+
+  buf->action = ACTION_TFTP;
+  buf->hostname_len = filename_len;
+  buf->hwaddr_len = file_len;
+
+  if ((buf->flags = peer->sa.sa_family) == AF_INET)
+    buf->addr = peer->in.sin_addr;
+#ifdef HAVE_IPV6
+  else
+    memcpy(buf->hwaddr, &peer->in6.sin6_addr, IN6ADDRSZ);
+#endif
+
+  memcpy((unsigned char *)(buf+1), filename, filename_len);
+  
+  bytes_in_buf = sizeof(struct script_data) +  filename_len;
+}
+#endif
+
 int helper_buf_empty(void)
 {
   return bytes_in_buf == 0;
 }
 
-void helper_write(struct daemon *daemon)
+void helper_write(void)
 {
   ssize_t rc;
 
@@ -323,5 +768,7 @@ void helper_write(struct daemon *daemon)
     }
 }
 
+#endif
+
 
 

src/isc.c

@@ -1,248 +0,0 @@
-/* dnsmasq is Copyright (c) 2000 - 2005 by Simon Kelley
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-*/
-
-
-/* Code in this file is based on contributions by John Volpe. */
-
-#include "dnsmasq.h"
-
-#ifdef HAVE_ISC_READER
-
-#define MAXTOK 50
-
-struct isc_lease {
-  char *name, *fqdn;
-  time_t expires;
-  struct in_addr addr;
-  struct isc_lease *next;
-};
-
-static struct isc_lease *leases = NULL;
-static off_t lease_file_size = (off_t)0;
-static ino_t lease_file_inode = (ino_t)0;
-static int logged_lease = 0;
-
-static int next_token (char *token, int buffsize, FILE * fp)
-{
-  int c, count = 0;
-  char *cp = token;
-  
-  while((c = getc(fp)) != EOF)
-    {
-      if (c == '#')
-	do { c = getc(fp); } while (c != '\n' && c != EOF);
-      
-      if (c == ' ' || c == '\t' || c == '\n' || c == ';')
-	{
-	  if (count)
-	    break;
-	}
-      else if ((c != '"') && (count<buffsize-1))
-	{
-	  *cp++ = c;
-	  count++;
-	}
-    }
-  
-  *cp = 0;
-  return count ? 1 : 0;
-}
-
-void load_dhcp(struct daemon *daemon, time_t now)
-{
-  char *hostname = daemon->namebuff;
-  char token[MAXTOK], *dot;
-  struct in_addr host_address;
-  time_t ttd, tts;
-  FILE *fp;
-  struct isc_lease *lease, *tmp, **up;
-  struct stat statbuf;
-
-  if (stat(daemon->lease_file, &statbuf) == -1)
-    {
-      if (!logged_lease)
-	syslog(LOG_WARNING, _("failed to access %s: %m"), daemon->lease_file);
-      logged_lease = 1;
-      return;
-    }
-  
-  logged_lease = 0;
-  
-  if ((statbuf.st_size <= lease_file_size) &&
-      (statbuf.st_ino == lease_file_inode))
-    return;
-  
-  lease_file_size = statbuf.st_size;
-  lease_file_inode = statbuf.st_ino;
-  
-  if (!(fp = fopen (daemon->lease_file, "r")))
-    {
-      syslog (LOG_ERR, _("failed to load %s: %m"), daemon->lease_file);
-      return;
-    }
-  
-  syslog (LOG_INFO, _("reading %s"), daemon->lease_file);
-
-  while ((next_token(token, MAXTOK, fp)))
-    {
-      if (strcmp(token, "lease") == 0)
-        {
-          hostname[0] = '\0';
-	  ttd = tts = (time_t)(-1);
-	  if (next_token(token, MAXTOK, fp) && 
-	      (host_address.s_addr = inet_addr(token)) != (in_addr_t) -1)
-            {
-              if (next_token(token, MAXTOK, fp) && *token == '{')
-                {
-                  while (next_token(token, MAXTOK, fp) && *token != '}')
-                    {
-                      if ((strcmp(token, "client-hostname") == 0) ||
-			  (strcmp(token, "hostname") == 0))
-			{
-			  if (next_token(hostname, MAXDNAME, fp))
-			    if (!canonicalise(hostname))
-			      {
-				*hostname = 0;
-				syslog(LOG_ERR, _("bad name in %s"), daemon->lease_file); 
-			      }
-			}
-                      else if ((strcmp(token, "ends") == 0) ||
-			       (strcmp(token, "starts") == 0))
-                        {
-                          struct tm lease_time;
-			  int is_ends = (strcmp(token, "ends") == 0);
-			  if (next_token(token, MAXTOK, fp) &&  /* skip weekday */
-			      next_token(token, MAXTOK, fp) &&  /* Get date from lease file */
-			      sscanf (token, "%d/%d/%d", 
-				      &lease_time.tm_year,
-				      &lease_time.tm_mon,
-				      &lease_time.tm_mday) == 3 &&
-			      next_token(token, MAXTOK, fp) &&
-			      sscanf (token, "%d:%d:%d:", 
-				      &lease_time.tm_hour,
-				      &lease_time.tm_min, 
-				      &lease_time.tm_sec) == 3)
-			    {
-			      /* There doesn't seem to be a universally available library function
-				 which converts broken-down _GMT_ time to seconds-in-epoch.
-				 The following was borrowed from ISC dhcpd sources, where
-                                 it is noted that it might not be entirely accurate for odd seconds.
-				 Since we're trying to get the same answer as dhcpd, that's just
-				 fine here. */
-			      static const int months [11] = { 31, 59, 90, 120, 151, 181,
-							       212, 243, 273, 304, 334 };
-			      time_t time = ((((((365 * (lease_time.tm_year - 1970) + /* Days in years since '70 */
-						  (lease_time.tm_year - 1969) / 4 +   /* Leap days since '70 */
-						  (lease_time.tm_mon > 1                /* Days in months this year */
-						   ? months [lease_time.tm_mon - 2]
-						   : 0) +
-						  (lease_time.tm_mon > 2 &&         /* Leap day this year */
-						   !((lease_time.tm_year - 1972) & 3)) +
-						  lease_time.tm_mday - 1) * 24) +   /* Day of month */
-						lease_time.tm_hour) * 60) +
-					      lease_time.tm_min) * 60) + lease_time.tm_sec;
-			      if (is_ends)
-				ttd = time;
-			      else
-				tts = time;			    }
-                        }
-		    }
-		  
-		  /* missing info? */
-		  if (!*hostname)
-		    continue;
-		  if (ttd == (time_t)(-1))
-		    continue;
-		  
-		  /* We use 0 as infinite in ttd */
-		  if ((tts != -1) && (ttd == tts - 1))
-		    ttd = (time_t)0;
-		  else if (difftime(now, ttd) > 0)
-		    continue;
-
-		  if ((dot = strchr(hostname, '.')))
-		    { 
-		      if (!daemon->domain_suffix || hostname_isequal(dot+1, daemon->domain_suffix))
-			{
-			  syslog(LOG_WARNING, 
-				 _("Ignoring DHCP lease for %s because it has an illegal domain part"), 
-				 hostname);
-			  continue;
-			}
-		      *dot = 0;
-		    }
-
-		  for (lease = leases; lease; lease = lease->next)
-		    if (hostname_isequal(lease->name, hostname))
-		      {
-			lease->expires = ttd;
-			lease->addr = host_address;
-			break;
-		      }
-
-		  if (!lease && (lease = malloc(sizeof(struct isc_lease))))
-		    {
-		      lease->expires = ttd;
-		      lease->addr = host_address;
-		      lease->fqdn =  NULL;
-		      lease->next = leases;
-		      if (!(lease->name = malloc(strlen(hostname)+1)))
-			free(lease);
-		      else
-			{
-			  leases = lease;
-			  strcpy(lease->name, hostname);
-			  if (daemon->domain_suffix && 
-			      (lease->fqdn = malloc(strlen(hostname) + strlen(daemon->domain_suffix) + 2)))
-			    {
-			      strcpy(lease->fqdn, hostname);
-			      strcat(lease->fqdn, ".");
-			      strcat(lease->fqdn, daemon->domain_suffix);
-			    }
-			}
-		    }
-		}
-	    }
-	}
-    }
-
-  fclose(fp);
-  
-  /* prune expired leases */
-  for (lease = leases, up = &leases; lease; lease = tmp)
-     {
-       tmp = lease->next;
-       if (lease->expires != (time_t)0 && difftime(now, lease->expires) > 0)
-	 {
-	   *up = lease->next; /* unlink */
-	   free(lease->name);
-	   if (lease->fqdn)
-	     free(lease->fqdn);
-	   free(lease);
-	 }
-       else
-	 up = &lease->next;
-     }
-
-     
-  /* remove all existing DHCP cache entries */
-  cache_unhash_dhcp();
-
-  for (lease = leases; lease; lease = lease->next)
-    {
-      cache_add_dhcp_entry(daemon, lease->fqdn, &lease->addr, lease->expires);
-      cache_add_dhcp_entry(daemon, lease->name, &lease->addr, lease->expires);
-    }
-}
-
-#endif
-

src/log.c

@@ -0,0 +1,476 @@
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+#ifdef __ANDROID__
+#  include <android/log.h>
+#endif
+
+/* Implement logging to /dev/log asynchronously. If syslogd is 
+   making DNS lookups through dnsmasq, and dnsmasq blocks awaiting
+   syslogd, then the two daemons can deadlock. We get around this
+   by not blocking when talking to syslog, instead we queue up to 
+   MAX_LOGS messages. If more are queued, they will be dropped,
+   and the drop event itself logged. */
+
+/* The "wire" protocol for logging is defined in RFC 3164 */
+
+/* From RFC 3164 */
+#define MAX_MESSAGE 1024
+
+/* defaults in case we die() before we log_start() */
+static int log_fac = LOG_DAEMON;
+static int log_stderr = 0;
+static int echo_stderr = 0;
+static int log_fd = -1;
+static int log_to_file = 0;
+static int entries_alloced = 0;
+static int entries_lost = 0;
+static int connection_good = 1;
+static int max_logs = 0;
+static int connection_type = SOCK_DGRAM;
+
+struct log_entry {
+  int offset, length;
+  pid_t pid; /* to avoid duplicates over a fork */
+  struct log_entry *next;
+  char payload[MAX_MESSAGE];
+};
+
+static struct log_entry *entries = NULL;
+static struct log_entry *free_entries = NULL;
+
+
+int log_start(struct passwd *ent_pw, int errfd)
+{
+  int ret = 0;
+
+  echo_stderr = option_bool(OPT_DEBUG);
+
+  if (daemon->log_fac != -1)
+    log_fac = daemon->log_fac;
+#ifdef LOG_LOCAL0
+  else if (option_bool(OPT_DEBUG))
+    log_fac = LOG_LOCAL0;
+#endif
+
+  if (daemon->log_file)
+    { 
+      log_to_file = 1;
+      daemon->max_logs = 0;
+      if (strcmp(daemon->log_file, "-") == 0)
+	{
+	  log_stderr = 1;
+	  echo_stderr = 0;
+	  log_fd = dup(STDERR_FILENO);
+	}
+    }
+  
+  max_logs = daemon->max_logs;
+
+  if (!log_reopen(daemon->log_file))
+    {
+      send_event(errfd, EVENT_LOG_ERR, errno, daemon->log_file ? daemon->log_file : "");
+      _exit(0);
+    }
+
+  /* if queuing is inhibited, make sure we allocate
+     the one required buffer now. */
+  if (max_logs == 0)
+    {  
+      free_entries = safe_malloc(sizeof(struct log_entry));
+      free_entries->next = NULL;
+      entries_alloced = 1;
+    }
+
+  /* If we're running as root and going to change uid later,
+     change the ownership here so that the file is always owned by
+     the dnsmasq user. Then logrotate can just copy the owner.
+     Failure of the chown call is OK, (for instance when started as non-root) */
+  if (log_to_file && !log_stderr && ent_pw && ent_pw->pw_uid != 0 && 
+      fchown(log_fd, ent_pw->pw_uid, -1) != 0)
+    ret = errno;
+
+  return ret;
+}
+
+int log_reopen(char *log_file)
+{
+  if (!log_stderr)
+    {      
+      if (log_fd != -1)
+	close(log_fd);
+      
+      /* NOTE: umask is set to 022 by the time this gets called */
+      
+      if (log_file)
+	log_fd = open(log_file, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);      
+      else
+	{
+#if defined(HAVE_SOLARIS_NETWORK) || defined(__ANDROID__)
+	  /* Solaris logging is "different", /dev/log is not unix-domain socket.
+	     Just leave log_fd == -1 and use the vsyslog call for everything.... */
+#   define _PATH_LOG ""  /* dummy */
+	  return 1;
+#else
+	  int flags;
+	  log_fd = socket(AF_UNIX, connection_type, 0);
+	  
+	  /* if max_logs is zero, leave the socket blocking */
+	  if (log_fd != -1 && max_logs != 0 && (flags = fcntl(log_fd, F_GETFL)) != -1)
+	    fcntl(log_fd, F_SETFL, flags | O_NONBLOCK);
+#endif
+	}
+    }
+  
+  return log_fd != -1;
+}
+
+static void free_entry(void)
+{
+  struct log_entry *tmp = entries;
+  entries = tmp->next;
+  tmp->next = free_entries;
+  free_entries = tmp;
+}      
+
+static void log_write(void)
+{
+  ssize_t rc;
+   
+  while (entries)
+    {
+      /* The data in the payoad is written with a terminating zero character 
+	 and the length reflects this. For a stream connection we need to 
+	 send the zero as a record terminator, but this isn't done for a 
+	 datagram connection, so treat the length as one less than reality 
+	 to elide the zero. If we're logging to a file, turn the zero into 
+	 a newline, and leave the length alone. */
+      int len_adjust = 0;
+
+      if (log_to_file)
+	entries->payload[entries->offset + entries->length - 1] = '\n';
+      else if (connection_type == SOCK_DGRAM)
+	len_adjust = 1;
+
+      /* Avoid duplicates over a fork() */
+      if (entries->pid != getpid())
+	{
+	  free_entry();
+	  continue;
+	}
+
+      connection_good = 1;
+
+      if ((rc = write(log_fd, entries->payload + entries->offset, entries->length - len_adjust)) != -1)
+	{
+	  entries->length -= rc;
+	  entries->offset += rc;
+	  if (entries->length == len_adjust)
+	    {
+	      free_entry();
+	      if (entries_lost != 0)
+		{
+		  int e = entries_lost;
+		  entries_lost = 0; /* avoid wild recursion */
+		  my_syslog(LOG_WARNING, _("overflow: %d log entries lost"), e);
+		}	  
+	    }
+	  continue;
+	}
+      
+      if (errno == EINTR)
+	continue;
+
+      if (errno == EAGAIN || errno == EWOULDBLOCK)
+	return; /* syslogd busy, go again when select() or poll() says so */
+      
+      if (errno == ENOBUFS)
+	{
+	  connection_good = 0;
+	  return;
+	}
+
+      /* errors handling after this assumes sockets */ 
+      if (!log_to_file)
+	{
+	  /* Once a stream socket hits EPIPE, we have to close and re-open
+	     (we ignore SIGPIPE) */
+	  if (errno == EPIPE)
+	    {
+	      if (log_reopen(NULL))
+		continue;
+	    }
+	  else if (errno == ECONNREFUSED || 
+		   errno == ENOTCONN || 
+		   errno == EDESTADDRREQ || 
+		   errno == ECONNRESET)
+	    {
+	      /* socket went (syslogd down?), try and reconnect. If we fail,
+		 stop trying until the next call to my_syslog() 
+		 ECONNREFUSED -> connection went down
+		 ENOTCONN -> nobody listening
+		 (ECONNRESET, EDESTADDRREQ are *BSD equivalents) */
+	      
+	      struct sockaddr_un logaddr;
+	      
+#ifdef HAVE_SOCKADDR_SA_LEN
+	      logaddr.sun_len = sizeof(logaddr) - sizeof(logaddr.sun_path) + strlen(_PATH_LOG) + 1; 
+#endif
+	      logaddr.sun_family = AF_UNIX;
+	      strncpy(logaddr.sun_path, _PATH_LOG, sizeof(logaddr.sun_path));
+	      
+	      /* Got connection back? try again. */
+	      if (connect(log_fd, (struct sockaddr *)&logaddr, sizeof(logaddr)) != -1)
+		continue;
+	      
+	      /* errors from connect which mean we should keep trying */
+	      if (errno == ENOENT || 
+		  errno == EALREADY || 
+		  errno == ECONNREFUSED ||
+		  errno == EISCONN || 
+		  errno == EINTR ||
+		  errno == EAGAIN || 
+		  errno == EWOULDBLOCK)
+		{
+		  /* try again on next syslog() call */
+		  connection_good = 0;
+		  return;
+		}
+	      
+	      /* try the other sort of socket... */
+	      if (errno == EPROTOTYPE)
+		{
+		  connection_type = connection_type == SOCK_DGRAM ? SOCK_STREAM : SOCK_DGRAM;
+		  if (log_reopen(NULL))
+		    continue;
+		}
+	    }
+	}
+
+      /* give up - fall back to syslog() - this handles out-of-space
+	 when logging to a file, for instance. */
+      log_fd = -1;
+      my_syslog(LOG_CRIT, _("log failed: %s"), strerror(errno));
+      return;
+    }
+}
+
+/* priority is one of LOG_DEBUG, LOG_INFO, LOG_NOTICE, etc. See sys/syslog.h.
+   OR'd to priority can be MS_TFTP, MS_DHCP, ... to be able to do log separation between
+   DNS, DHCP and TFTP services.
+*/
+void my_syslog(int priority, const char *format, ...)
+{
+  va_list ap;
+  struct log_entry *entry;
+  time_t time_now;
+  char *p;
+  size_t len;
+  pid_t pid = getpid();
+  char *func = "";
+
+  if ((LOG_FACMASK & priority) == MS_TFTP)
+    func = "-tftp";
+  else if ((LOG_FACMASK & priority) == MS_DHCP)
+    func = "-dhcp";
+      
+#ifdef LOG_PRI
+  priority = LOG_PRI(priority);
+#else
+  /* Solaris doesn't have LOG_PRI */
+  priority &= LOG_PRIMASK;
+#endif
+
+  if (echo_stderr) 
+    {
+      fprintf(stderr, "dnsmasq%s: ", func);
+      va_start(ap, format);
+      vfprintf(stderr, format, ap);
+      va_end(ap);
+      fputc('\n', stderr);
+    }
+
+  if (log_fd == -1)
+    {
+#ifdef __ANDROID__
+      /* do android-specific logging. 
+	 log_fd is always -1 on Android except when logging to a file. */
+      int alog_lvl;
+      
+      if (priority <= LOG_ERR)
+	alog_lvl = ANDROID_LOG_ERROR;
+      else if (priority == LOG_WARNING)
+	alog_lvl = ANDROID_LOG_WARN;
+      else if (priority <= LOG_INFO)
+	alog_lvl = ANDROID_LOG_INFO;
+      else
+	alog_lvl = ANDROID_LOG_DEBUG;
+
+      va_start(ap, format);
+      __android_log_vprint(alog_lvl, "dnsmasq", format, ap);
+      va_end(ap);
+#else
+      /* fall-back to syslog if we die during startup or 
+	 fail during running (always on Solaris). */
+      static int isopen = 0;
+
+      if (!isopen)
+	{
+	  openlog("dnsmasq", LOG_PID, log_fac);
+	  isopen = 1;
+	}
+      va_start(ap, format);  
+      vsyslog(priority, format, ap);
+      va_end(ap);
+#endif
+
+      return;
+    }
+  
+  if ((entry = free_entries))
+    free_entries = entry->next;
+  else if (entries_alloced < max_logs && (entry = malloc(sizeof(struct log_entry))))
+    entries_alloced++;
+  
+  if (!entry)
+    entries_lost++;
+  else
+    {
+      /* add to end of list, consumed from the start */
+      entry->next = NULL;
+      if (!entries)
+	entries = entry;
+      else
+	{
+	  struct log_entry *tmp;
+	  for (tmp = entries; tmp->next; tmp = tmp->next);
+	  tmp->next = entry;
+	}
+      
+      time(&time_now);
+      p = entry->payload;
+      if (!log_to_file)
+	p += sprintf(p, "<%d>", priority | log_fac);
+
+      /* Omit timestamp for default daemontools situation */
+      if (!log_stderr || !option_bool(OPT_NO_FORK)) 
+	p += sprintf(p, "%.15s ", ctime(&time_now) + 4);
+      
+      p += sprintf(p, "dnsmasq%s[%d]: ", func, (int)pid);
+        
+      len = p - entry->payload;
+      va_start(ap, format);  
+      len += vsnprintf(p, MAX_MESSAGE - len, format, ap) + 1; /* include zero-terminator */
+      va_end(ap);
+      entry->length = len > MAX_MESSAGE ? MAX_MESSAGE : len;
+      entry->offset = 0;
+      entry->pid = pid;
+    }
+  
+  /* almost always, logging won't block, so try and write this now,
+     to save collecting too many log messages during a select loop. */
+  log_write();
+  
+  /* Since we're doing things asynchronously, a cache-dump, for instance,
+     can now generate log lines very fast. With a small buffer (desirable),
+     that means it can overflow the log-buffer very quickly,
+     so that the cache dump becomes mainly a count of how many lines 
+     overflowed. To avoid this, we delay here, the delay is controlled 
+     by queue-occupancy, and grows exponentially. The delay is limited to (2^8)ms.
+     The scaling stuff ensures that when the queue is bigger than 8, the delay
+     only occurs for the last 8 entries. Once the queue is full, we stop delaying
+     to preserve performance.
+  */
+
+  if (entries && max_logs != 0)
+    {
+      int d;
+      
+      for (d = 0,entry = entries; entry; entry = entry->next, d++);
+      
+      if (d == max_logs)
+	d = 0;
+      else if (max_logs > 8)
+	d -= max_logs - 8;
+
+      if (d > 0)
+	{
+	  struct timespec waiter;
+	  waiter.tv_sec = 0;
+	  waiter.tv_nsec = 1000000 << (d - 1); /* 1 ms */
+	  nanosleep(&waiter, NULL);
+      
+	  /* Have another go now */
+	  log_write();
+	}
+    } 
+}
+
+void set_log_writer(fd_set *set, int *maxfdp)
+{
+  if (entries && log_fd != -1 && connection_good)
+    {
+      FD_SET(log_fd, set);
+      bump_maxfd(log_fd, maxfdp);
+    }
+}
+
+void check_log_writer(fd_set *set)
+{
+  if (log_fd != -1 && (!set || FD_ISSET(log_fd, set)))
+    log_write();
+}
+
+void flush_log(void)
+{
+  /* write until queue empty, but don't loop forever if there's
+   no connection to the syslog in existance */
+  while (log_fd != -1)
+    {
+      struct timespec waiter;
+      log_write();
+      if (!entries || !connection_good)
+	{
+	  close(log_fd);	
+	  break;
+	}
+      waiter.tv_sec = 0;
+      waiter.tv_nsec = 1000000; /* 1 ms */
+      nanosleep(&waiter, NULL);
+    }
+}
+
+void die(char *message, char *arg1, int exit_code)
+{
+  char *errmess = strerror(errno);
+  
+  if (!arg1)
+    arg1 = errmess;
+
+  if (!log_stderr)
+    {
+      echo_stderr = 1; /* print as well as log when we die.... */
+      fputc('\n', stderr); /* prettyfy  startup-script message */
+    }
+  my_syslog(LOG_CRIT, message, arg1, errmess);
+  echo_stderr = 0;
+  my_syslog(LOG_CRIT, _("FAILED to start up"));
+  flush_log();
+  
+  exit(exit_code);
+}