Man page update.

Also remove unused "isloop" field.

CHANGELOG

@@ -1,3 +1,149 @@
+version 2.63
+            Do duplicate dhcp-host address check in --test mode.
+
+	    Check that tftp-root directories are accessible before
+	    start-up. Thanks to Daniel Veillard for the initial patch.
+
+	    Allow more than one --tfp-root flag. The per-interface
+	    stuff is pointless without that.
+
+	    Add --bind-dynamic. A hybrid mode between the default and
+	    --bind-interfaces which copes with dynamically created
+	    interfaces. 
+
+
+version 2.62
+            Update German translation. Thanks to Conrad Kostecki.
+
+	    Cope with router-solict packets wich don't have a valid 
+	    source address. Thanks to Vladislav Grishenko for the patch.
+
+	    Fixed bug which caused missing periodic router
+	    advertisements with some configurations. Thanks to
+	    Vladislav Grishenko for the patch.
+
+	    Fixed bug which broke DHCPv6/RA with prefix lengths 
+	    which are not divisible by 8. Thanks to Andre Coetzee 
+	    for spotting this.
+
+	    Fix non-response to router-solicitations when
+	    router-advertisement configured, but DHCPv6 not
+	    configured. Thanks to Marien Zwart for the patch.
+
+	    Add --dns-rr, to allow arbitrary DNS resource records.
+
+	    Fixed bug which broke RA scheduling when an interface had
+	    two addresses in the same network. Thanks to Jim Bos for
+	    his help nailing this.
+
+
+version 2.61
+	    Re-write interface discovery code on *BSD to use
+	    getifaddrs. This is more portable, more straightforward,
+	    and allows us to find the prefix length for IPv6
+	    addresses.
+
+	    Add ra-names, ra-stateless and slaac keywords for DHCPv6.
+	    Dnsmasq can now synthesise AAAA records for dual-stack 
+            hosts which get IPv6 addresses via SLAAC. It is also now 
+	    possible to use SLAAC and stateless DHCPv6, and to 
+	    tell clients to use SLAAC addresses as well as DHCP ones.
+	    Thanks to Dave Taht for help with this.
+
+	    Add --dhcp-duid to allow DUID-EN uids to be used.
+
+	    Explicity send DHCPv6 replies to the correct port, instead
+	    of relying on clients to send requests with the correct
+	    source address, since at least one client in the wild gets
+	    this wrong. Thanks to Conrad Kostecki for help tracking
+	    this down.
+
+	    Send a preference value of 255 in DHCPv6 replies when 
+	    --dhcp-authoritative is in effect. This tells clients not
+	    to wait around for other DHCP servers.
+
+	    Better logging of DHCPv6 options.
+
+	    Add --host-record. Thanks to Rob Zwissler for the
+	    suggestion.
+
+	    Invoke the DHCP script with action "tftp" when a TFTP file
+	    transfer completes. The size of the file, address to which
+	    it was sent and complete pathname are supplied. Note that
+	    version 2.60 introduced some script incompatibilties
+	    associated with DHCPv6, and this is a further change. To
+	    be safe, scripts should ignore unknown actions, and if
+	    not IPv6-aware, should exit if the environment
+	    variable DNSMASQ_IAID is set. The use-case for this is
+	    to track netboot/install.  Suggestion from Shantanu
+	    Gadgil.
+
+	    Update contrib/port-forward/dnsmasq-portforward to reflect
+	    the above.
+
+	    Set the environment variable DNSMASQ_LOG_DHCP when running
+	    the script id --log-dhcp is in effect, so that script can
+	    taylor their logging verbosity. Suggestion from Malte
+	    Forkel.
+	    
+	    Arrange that addresses specified with --listen-address
+	    work even if there is no interface carrying the
+	    address. This is chiefly useful for IPv4 loopback
+	    addresses, where any address in 127.0.0.0/8 is a valid
+	    loopback address, but normally only 127.0.0.1 appears on
+	    the lo interface. Thanks to Mathieu Trudel-Lapierre for
+	    the idea and initial patch. 
+
+	    Fix crash, introduced in 2.60, when a DHCPINFORM is
+	    received from a network which has no valid dhcp-range.
+	    Thanks to Stephane Glondu for the bug report.
+
+	    Add a new DHCP lease time keyword, "deprecated" for
+	    --dhcp-range. This is only valid for IPv6, and sets the
+	    preffered lease time for both DHCP and RA to zero. The
+	    effect is that clients can continue to use the address 
+	    for existing connections, but new connections will use
+            other addresses, if they exist. This makes hitless
+	    renumbering at least possible.
+
+	    Fix bug in address6_available() which caused DHCPv6 lease
+	    aquisition to fail if more than one dhcp-range in use.
+
+	    Provide RDNSS and DNSSL data in router advertisements,
+	    using the settings provided for DHCP options
+	    option6:domain-search and option6:dns-server.
+
+	    Tweak logo/favicon.ico to add some transparency. Thanks to
+	    SamLT for work on this.
+	    
+	    Don't cache data from non-recursive nameservers, since it
+	    may erroneously look like a valid CNAME to a non-exitant
+	    name. Thanks to Ben Winslow for finding this.
+
+	    Call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP
+	    on exactly one interface and --bind-interfaces is set. This 
+	    makes the OpenStack use-case of one dnsmasq per virtual
+	    interface work. This is only available on Linux; it's not
+	    supported on other platforms. Thanks to Vishvananda Ishaya
+	    and the OpenStack team for the suggestion.
+
+	    Updated French translation. Thanks to Gildas Le Nadan.
+
+	    Give correct from-cache answers to explict CNAME queries.
+	    Thanks to Rob Zwissler for spotting this.
+	    
+	    Add --tftp-lowercase option. Thanks to Oliver Rath for the
+	    patch. 
+
+	    Ensure that the DBus DhcpLeaseUpdated events are generated
+	    when a lease goes through INIT_REBOOT state, even if the
+	    dhcp-script is not in use. Thanks to Antoaneta-Ecaterina
+	    Ene for the patch.
+
+	    Fix failure of TFTP over IPv4 on OpenBSD platform. Thanks
+	    to Brad Smith for spotting this.
+	    
+
 version 2.60
             Fix compilation problem in Mac OS X Lion. Thanks to Olaf
             Flebbe for the patch.
@@ -45,20 +191,42 @@ version 2.60
 	    round-robin	to multiple servers, in the same way as
 	    --dhcp-boot. A good suggestion from Cristiano Cumer.
 
-	    Support BUILDDIR variable in the Makefile. Allows 
-	    builds from multiple architectures in the same tree with eg
-	    make BUILDDIR=linux
+	    Support BUILDDIR variable in the Makefile. Allows builds 
+	    for multiple archs from the same source tree with eg.
+	    make BUILDDIR=linux             (relative to dnsmasq tree)
+	    make BUILDDIR=/tmp/openbsd      (absolute path)
 	    If BUILDDIR is not set, compilation happens in the src
 	    directory, as before. Suggestion from Mark Mitchell.
 
-	    First cut at supporting DHCPv6. Support is pretty much
-	    there for the sort of things the existing v4 server does,
-	    including tags, options, static addresses and relay
-	    support. Missing is prefix delegation. This is lightly
-	    tested alpha code, it is NOT YET PRODUCTION READY. Test
-	    reports would be greatly valued.
+	    Support DHCPv6. Support is there for the sort of things
+	    the existing v4 server does, including tags, options, 
+	    static addresses and relay support. Missing is prefix 
+	    delegation, which is probably not required in the dnsmasq
+	    niche, and an easy way to accept prefix delegations from
+	    an upstream DHCPv6 server, which is. Future plans include
+	    support for DHCPv6 router option and MAC address option
+	    (to make selecting clients by MAC address work like IPv4).
+	    These will be added as the standards mature.
+	    This code has been tested, but this is the first release,
+	    so don't bet the farm on it just yet. Many thanks to all 
+	    testers who have got it this far.
+
+	    Support IPv6 router advertisements. This is a
+	    simple-minded implementation, aimed at providing the
+	    vestigial RA needed to go alongside IPv6. Is picks up
+	    configuration from the DHCPv6 conf, and should just need
+	    enabling with --enable-ra.   
+
+	    Fix long-standing wrinkle with --localise-queries that
+	    could result in wrong answers when DNS packets arrive
+	    via an interface other than the expected one. Thanks to 
+	    Lorenzo Milesi and John Hanks for spotting this one.
+ 
+            Update French translation. Thanks to Gildas Le Nadan.
+
+	    Update Polish translation. Thanks to Jan Psota.
+
 
-	    
 version 2.59
             Fix regression in 2.58 which caused failure to start up
             with some combinations of dnsmasq config and IPv6 kernel

Makefile

@@ -13,50 +13,69 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-PREFIX = /usr/local
-BINDIR = ${PREFIX}/sbin
-MANDIR = ${PREFIX}/share/man
-LOCALEDIR = ${PREFIX}/share/locale
+# NOTE: Building the i18n targets requires GNU-make 
 
-BUILDDIR = $(SRC)
 
-CFLAGS = -Wall -W -O2
+# Variables you may well want to override.
+
+PREFIX        = /usr/local
+BINDIR        = $(PREFIX)/sbin
+MANDIR        = $(PREFIX)/share/man
+LOCALEDIR     = $(PREFIX)/share/locale
+BUILDDIR      = $(SRC)
+DESTDIR       = 
+CFLAGS        = -Wall -W -O2
+LDFLAGS       = 
+COPTS         = 
+RPM_OPT_FLAGS = 
+LIBS          = 
 
 #################################################################
 
+# Variables you might want to override.
+
 PKG_CONFIG = pkg-config
-INSTALL = install
-MSGMERGE = msgmerge
-MSGFMT = msgfmt
-XGETTEXT = xgettext
+INSTALL    = install
+MSGMERGE   = msgmerge
+MSGFMT     = msgfmt
+XGETTEXT   = xgettext
 
 SRC = src
-PO = po
+PO  = po
 MAN = man
 
-DBUS_CFLAGS=`echo $(COPTS) | ../bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1` 
-DBUS_LIBS=  `echo $(COPTS) | ../bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` 
-IDN_CFLAGS= `echo $(COPTS) | ../bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn` 
-IDN_LIBS=   `echo $(COPTS) | ../bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn` 
-CT_CFLAGS=  `echo $(COPTS) | ../bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack`
-CT_LIBS=    `echo $(COPTS) | ../bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack`
-LUA_CFLAGS= `echo $(COPTS) | ../bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.1` 
-LUA_LIBS=   `echo $(COPTS) | ../bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1` 
-SUNOS_LIBS= `if uname | grep SunOS 2>&1 >/dev/null; then echo -lsocket -lnsl -lposix4; fi`
-VERSION=    -DVERSION='\"`../bld/get-version`\"'
+#################################################################
 
-OBJS = cache.o rfc1035.o util.o option.o forward.o network.o \
+# pmake way. (NB no spaces to keep gmake 3.82 happy)
+top!=pwd
+# GNU make way.
+top?=$(CURDIR)
+
+dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1` 
+dbus_libs =   `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` 
+idn_cflags =  `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn` 
+idn_libs =    `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn` 
+ct_cflags =   `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack`
+ct_libs =     `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack`
+lua_cflags =  `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.1` 
+lua_libs =    `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1` 
+sunos_libs =  `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
+version =     -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
+
+objs = cache.o rfc1035.o util.o option.o forward.o network.o \
        dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
-       helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o dhcp-common.o 
-
-HDRS = dnsmasq.h config.h dhcp_protocol.h dhcp6_protocol.h dns_protocol.h
+       helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
+       dhcp-common.o outpacket.o radv.o slaac.o
 
+hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
+       dns-protocol.h radv-protocol.h
 
 all : $(BUILDDIR)
 	@cd $(BUILDDIR) && $(MAKE) \
- BUILD_CFLAGS="$(VERSION) $(DBUS_CFLAGS) $(IDN_CFLAGS) $(CT_CFLAGS) $(LUA_CFLAGS)" \
- BUILD_LIBS="$(DBUS_LIBS) $(IDN_LIBS) $(CT_LIBS) $(LUA_LIBS) $(SUNOS_LIBS)" \
- -f ../Makefile dnsmasq 
+ top="$(top)" \
+ build_cflags="$(version) $(dbus_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags)" \
+ build_libs="$(dbus_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs)" \
+ -f $(top)/Makefile dnsmasq 
 
 clean :
 	rm -f *~ $(BUILDDIR)/*.mo contrib/*/*~ */*~ $(BUILDDIR)/*.pot 
@@ -71,45 +90,45 @@ install-common :
 
 all-i18n : $(BUILDDIR)
 	@cd $(BUILDDIR) && $(MAKE) \
- I18N=-DLOCALEDIR=\'\"$(LOCALEDIR)\"\' \
- BUILD_CFLAGS="$(VERSION) $(DBUS_CFLAGS) $(CT_CFLAGS) $(LUA_CFLAGS) `$(PKG_CONFIG) --cflags libidn`" \
- BUILD_LIBS="$(DBUS_LIBS) $(CT_LIBS) $(LUA_LIBS) $(SUNOS_LIBS) `$(PKG_CONFIG) --libs libidn`"  \
- -f ../Makefile dnsmasq
-	@cd $(PO); for f in *.po; do \
-		cd ../$(BUILDDIR) && $(MAKE) \
- -f ../Makefile $${f%.po}.mo; \
+ top="$(top)" \
+ i18n=-DLOCALEDIR=\'\"$(LOCALEDIR)\"\' \
+ build_cflags="$(version) $(dbus_cflags) $(ct_cflags) $(lua_cflags) `$(PKG_CONFIG) --cflags libidn`" \
+ build_libs="$(dbus_libs) $(ct_libs) $(lua_libs) $(sunos_libs) `$(PKG_CONFIG) --libs libidn`"  \
+ -f $(top)/Makefile dnsmasq
+	for f in `cd $(PO); echo *.po`; do \
+		cd $(top) && cd $(BUILDDIR) && $(MAKE) top="$(top)" -f $(top)/Makefile $${f%.po}.mo; \
 	done
 
 install-i18n : all-i18n install-common
-	cd $(BUILDDIR); ../bld/install-mo $(DESTDIR)$(LOCALEDIR) $(INSTALL)
+	cd $(BUILDDIR); $(top)/bld/install-mo $(DESTDIR)$(LOCALEDIR) $(INSTALL)
 	cd $(MAN); ../bld/install-man $(DESTDIR)$(MANDIR) $(INSTALL)
 
-merge : $(BUILDDIR)
-	@cd $(BUILDDIR) && $(MAKE) -f ../Makefile dnsmasq.pot
-	@cd $(PO); for f in *.po; do \
-		echo -n msgmerge $$f && $(MSGMERGE) --no-wrap -U $$f ../$(BUILDDIR)/dnsmasq.pot; \
+merge : 
+	@cd $(BUILDDIR) && $(MAKE) -f $(top)/Makefile dnsmasq.pot
+	for f in `cd $(PO); echo *.po`; do \
+		echo -n msgmerge $(PO)/$$f && $(MSGMERGE) --no-wrap -U $(PO)/$$f $(BUILDDIR)/dnsmasq.pot; \
 	done
 
 $(BUILDDIR):
-	mkdir $(BUILDDIR)
+	mkdir -p $(BUILDDIR)
 
 
 # rules below are targets in recusive makes with cwd=$(SRC)
 
-$(OBJS:.o=.c) $(HDRS):
-	ln -s ../$(SRC)/$@ .
+$(objs:.o=.c) $(hdrs):
+	ln -s $(top)/$(SRC)/$@ .
 
 .c.o:
-	$(CC) $(CFLAGS) $(COPTS) $(I18N) $(BUILD_CFLAGS) $(RPM_OPT_FLAGS) -c $<	
+	$(CC) $(CFLAGS) $(COPTS) $(i18n) $(build_cflags) $(RPM_OPT_FLAGS) -c $<	
 
-dnsmasq : $(HDRS) $(OBJS) 
-	$(CC) $(LDFLAGS) -o $@ $(OBJS) $(BUILD_LIBS) $(LIBS) 
+dnsmasq : $(hdrs) $(objs) 
+	$(CC) $(LDFLAGS) -o $@ $(objs) $(build_libs) $(LIBS) 
 
-dnsmasq.pot : $(OBJS:.o=.c) $(HDRS)
-	$(XGETTEXT) -d dnsmasq --foreign-user --omit-header --keyword=_ -o $@ -i $(OBJS:.o=.c)
+dnsmasq.pot : $(objs:.o=.c) $(hdrs)
+	$(XGETTEXT) -d dnsmasq --foreign-user --omit-header --keyword=_ -o $@ -i $(objs:.o=.c)
 
-%.mo : ../po/%.po dnsmasq.pot
-	$(MSGMERGE) -o - ../po/$*.po dnsmasq.pot | $(MSGFMT) -o $*.mo -
+%.mo : $(top)/$(PO)/%.po dnsmasq.pot
+	$(MSGMERGE) -o - $(top)/$(PO)/$*.po dnsmasq.pot | $(MSGFMT) -o $*.mo -
 
 
 .PHONY : all clean install install-common all-i18n install-i18n merge 

bld/Android.mk

@@ -7,7 +7,8 @@ LOCAL_SRC_FILES :=  bpf.c cache.c dbus.c dhcp.c dnsmasq.c \
                     forward.c helper.c lease.c log.c \
                     netlink.c network.c option.c rfc1035.c \
 		    rfc2131.c tftp.c util.c conntrack.c \
-		    dhcp6.c rfc3315.c dhcp-common.c 
+		    dhcp6.c rfc3315.c dhcp-common.c outpacket.c \
+		    radv.c slaac.c
 
 LOCAL_MODULE := dnsmasq
 

bld/get-version

@@ -9,21 +9,18 @@
 # If we can find one which matches $v[0-9].* then we assume it's
 # a version-number tag, else we just use the whole string.
 
-# we're called with pwd == TLD
-cd ..
-
-if which git >/dev/null 2>&1 && [ -d .git ]; then
-     git describe
-elif grep '\$Format:%d\$' VERSION >/dev/null 2>&1; then
+if which git >/dev/null 2>&1 && [ -d $1/.git ]; then
+     cd $1; git describe
+elif grep '\$Format:%d\$' $1/VERSION >/dev/null 2>&1; then
 # unsubstituted VERSION, but no git available.
     echo UNKNOWN
 else
-     vers=`cat VERSION | sed 's/[(), ]/\n/ g' | grep -m 1 $v[0-9]`
+     vers=`cat $1/VERSION | sed 's/[(), ]/,/ g' | tr ',' '\n' | grep $v[0-9]`
 
      if [ $? -eq 0 ]; then
-         echo ${vers#v}
+         echo "${vers}" | head -n 1 | sed 's/^v//'
      else
-         cat VERSION
+         cat $1/VERSION
      fi
 fi
 

bld/install-man

@@ -4,6 +4,6 @@ for f in *; do
   if [ -d $f ]; then
      $2 -m 755 -d $1/$f/man8 
      $2 -m 644 $f/dnsmasq.8 $1/$f/man8
-     echo installing $1/$f/man8/dnsmasq.8
+     echo installing $f/man8/dnsmasq.8
   fi
 done

bld/install-mo

@@ -3,7 +3,7 @@
 for f in *.mo; do
   $2 -m 755 -d $1/${f%.mo}/LC_MESSAGES
   $2 -m 644 $f $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
-  echo installing $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
+  echo installing ${f%.mo}/LC_MESSAGES/dnsmasq.mo
 done
 
 

contrib/port-forward/dnsmasq-portforward

@@ -34,11 +34,21 @@ if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then
     hostname=${DNSMASQ_OLD_HOSTNAME}
 fi
 
+# IPv6 leases are not our concern. no NAT there!
+if [ ${DNSMASQ_IAID} ] ; then
+   exit 0
+fi
+
 # action init is not relevant, and will only be seen when leasefile-ro is set.
 if [ ${action} = init ] ; then
     exit 0
 fi
 
+# action tftp is not relevant.
+if [ ${action} = tftp ] ; then
+    exit 0
+fi
+
 if [ ${hostname} ]; then
     ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE})
 

contrib/systemd/dbus_activation

@@ -0,0 +1,57 @@
+To: dnsmasq-discuss@lists.thekelleys.org.uk
+From: Alex Elsayed <eternaleye+usenet@gmail.com>
+Date: Tue, 15 May 2012 01:53:54 -0700
+Subject: [Dnsmasq-discuss] [PATCH] Support dbus activation
+
+Introduce dbus service file and turn dbus on in the systemd
+unit.
+
+Note to packagers:
+To add support for dbus activation, you must install the dbus
+service file (dbus/uk.org.thekelleys.dnsmasq.service) into
+$DATADIR/dbus-1/system-services.
+
+---
+ contrib/systemd/dnsmasq.service        |    2 +-
+ dbus/uk.org.thekelleys.dnsmasq.service |    7 +++++++
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+ create mode 100644 dbus/uk.org.thekelleys.dnsmasq.service
+
+diff --git a/contrib/systemd/dnsmasq.service 
+b/contrib/systemd/dnsmasq.service
+index a27fe6d..4a784d3 100644
+--- a/contrib/systemd/dnsmasq.service
++++ b/contrib/systemd/dnsmasq.service
+@@ -5,7 +5,7 @@ Description=A lightweight DHCP and caching DNS server
+ Type=dbus
+ BusName=uk.org.thekelleys.dnsmasq
+ ExecStartPre=/usr/sbin/dnsmasq --test
+-ExecStart=/usr/sbin/dnsmasq -k
++ExecStart=/usr/sbin/dnsmasq -k -1
+ ExecReload=/bin/kill -HUP $MAINPID
+ 
+ [Install]
+diff --git a/dbus/uk.org.thekelleys.dnsmasq.service 
+b/dbus/uk.org.thekelleys.dnsmasq.service
+new file mode 100644
+index 0000000..f5fe98d
+--- /dev/null
++++ b/dbus/uk.org.thekelleys.dnsmasq.service
+@@ -0,0 +1,7 @@
++[D-BUS Service]
++Name=uk.org.thekelleys.dnsmasq
++Exec=/usr/sbin/dnsmasq -k -1
++User=root
++SystemdService=dnsmasq.service
++
++
+-- 
+1.7.10.2
+
+
+
+_______________________________________________
+Dnsmasq-discuss mailing list
+Dnsmasq-discuss@lists.thekelleys.org.uk
+http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
+

debian/changelog

@@ -1,3 +1,45 @@
+dnsmasq (2.63-1) unstable; urgency=low
+
+   * New upstream.
+
+ -- Simon Kelley <simon@thekelleys.org.uk>  Mon, 11 Jun 2012 21:55:35 +0000
+
+dnsmasq (2.62-3) unstable; urgency=low
+
+   * Do resolvconf and /etc/default startup logic when
+     starting with systemd. (closes: #675854)
+
+ -- Simon Kelley <simon@thekelleys.org.uk>  Mon, 11 Jun 2012 21:50:11 +0000
+
+dnsmasq (2.62-2) unstable; urgency=low
+
+   * Pass LDFLAGS to make to get hardening in linker.
+
+ -- Simon Kelley <simon@thekelleys.org.uk>  Thu, 7 Jun 2012 09:53:43 +0000
+
+dnsmasq (2.62-1) unstable; urgency=low
+
+   * New upstream.
+   * Use dpkg-buildflags. (Enables hardening).
+
+ -- Simon Kelley <simon@thekelleys.org.uk>  Sat, 12 May 2012 15:25:23 +0000
+
+dnsmasq (2.61-1) unstable; urgency=low
+
+   * New upstream.
+   * Provide "dump-stats" initscript method. (closes: #654656)
+   * Add (empty) build-indep and build-arch rules targets.
+   * Bump standards-version to 3.9.3
+   * Add port option to example dnsmasq.conf (closes: #668386)
+
+ -- Simon Kelley <simon@thekelleys.org.uk>  Tue, 6 Mar 2012 19:45:43 +0000
+
+dnsmasq (2.60-2) unstable; urgency=high
+
+   * Fix DHCPv4 segfault. (closes: #665008)
+
+ -- Simon Kelley <simon@thekelleys.org.uk>  Fri, 23 Mar 2012 09:37:23 +0000
+
 dnsmasq (2.60-1) unstable; urgency=low
 
    * New upstream.

debian/control

@@ -3,7 +3,7 @@ Section: net
 Priority: optional
 Build-depends: gettext, libnetfilter-conntrack-dev [linux-any], libidn11-dev, libdbus-1-dev (>=0.61)
 Maintainer: Simon Kelley <simon@thekelleys.org.uk>
-Standards-Version: 3.9.2
+Standards-Version: 3.9.3
 
 Package: dnsmasq
 Architecture: all

debian/init

@@ -256,8 +256,32 @@ case "$1" in
 		*) log_success_msg "(unknown)" ; exit 4 ;;
 	esac
 	;;
+  dump-stats)
+        kill -s USR1 `cat /var/run/dnsmasq/$NAME.pid`
+	;;
+  systemd-start-resolvconf)
+	start_resolvconf
+	;;
+  systemd-stop-resolvconf)
+	stop_resolvconf
+	;;
+  systemd-exec)
+#  --pid-file without argument disables writing a PIDfile, we don't need one with sytemd.
+# Enable DBus by default because we use DBus activation with systemd.
+	exec $DAEMON --keep-in-foreground --pid-file --enable-dbus \
+	    ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \
+	    ${MAILTARGET:+ -t $MAILTARGET} \
+	    ${DNSMASQ_USER:+ -u $DNSMASQ_USER} \
+	    ${DNSMASQ_INTERFACES:+ $DNSMASQ_INTERFACES} \
+	    ${DHCP_LEASE:+ -l $DHCP_LEASE} \
+	    ${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \
+	    ${RESOLV_CONF:+ -r $RESOLV_CONF} \
+	    ${CACHESIZE:+ -c $CACHESIZE} \
+	    ${CONFIG_DIR:+ -7 $CONFIG_DIR} \
+	    ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} 
+	;;
   *)
-	echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|status}" >&2
+	echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|dump-stats|status}" >&2
 	exit 3
 	;;
 esac

debian/rules

@@ -11,14 +11,14 @@
 
 package=dnsmasq-base
 
-# policy manual, section 10.1
-ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
-     CFLAGS = -g -O0 -Wall -W
-else
-     CFLAGS = -g -O2 -Wall -W
-endif
+CFLAGS = $(shell export DEB_BUILD_OPTIONS=$(DEB_BUILD_OPTIONS); dpkg-buildflags --get CFLAGS)
+CFLAGS += $(shell dpkg-buildflags --get CPPFLAGS)
+CFLAGS += -Wall -W
+
+LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS)
 
 COPTS = 
+
 TARGET = install-i18n
 
 DEB_BUILD_ARCH_OS := $(shell dpkg-architecture -qDEB_BUILD_ARCH_OS)
@@ -33,8 +33,8 @@ ifeq ($(DEB_BUILD_ARCH_OS),linux)
 endif
 endif
 
-ifeq (,$(filter nodhcp6,$(DEB_BUILD_OPTIONS)))
-     COPTS += -DHAVE_DHCP6
+ifneq (,$(filter nodhcp6,$(DEB_BUILD_OPTIONS)))
+     COPTS += -DNO_DHCP6
 endif
 
 ifneq (,$(filter noipv6,$(DEB_BUILD_OPTIONS)))
@@ -115,7 +115,7 @@ binary-arch:	checkroot
 		-d debian/base/usr/share/doc/$(package)/examples \
 	        -d debian/base/var/run \
 	        -d debian/base/var/lib/misc
-	make $(TARGET) PREFIX=/usr DESTDIR=`pwd`/debian/base CFLAGS="$(CFLAGS)" COPTS="$(COPTS)" CC=gcc
+	make $(TARGET) PREFIX=/usr DESTDIR=`pwd`/debian/base CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" COPTS="$(COPTS)" CC=gcc
 ifeq (,$(findstring nodocs,$(DEB_BUILD_OPTIONS)))
 	install -m 644 doc.html debian/base/usr/share/doc/$(package)/.
 	install -m 644 setup.html debian/base/usr/share/doc/$(package)/.
@@ -155,7 +155,7 @@ ifeq ($(DEB_BUILD_ARCH_OS),linux)
                        -d debian/utils/usr/share/man/man1 \
 	               -d debian/utils/usr/bin \
                        -d debian/utils/usr/share/doc/dnsmasq-utils
-	make -C contrib/wrt PREFIX=/usr DESTDIR=`pwd`/debian/utils CFLAGS="$(CFLAGS)" COPTS="$(COPTS)" CC=gcc
+	make -C contrib/wrt PREFIX=/usr DESTDIR=`pwd`/debian/utils CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" COPTS="$(COPTS)" CC=gcc
 	install -m 755 contrib/wrt/dhcp_release debian/utils/usr/bin/dhcp_release
 	install -m 644 contrib/wrt/dhcp_release.1 debian/utils/usr/share/man/man1/dhcp_release.1
 	gzip -9 debian/utils/usr/share/man/man1/dhcp_release.1
@@ -184,7 +184,10 @@ endef
 # Below here is fairly generic really
 
 binary:		binary-arch binary-indep
+
 build:		
+build-arch:
+build-indep:
 
 checkroot:
 	test root = "`whoami`"

debian/systemd.service

@@ -8,22 +8,24 @@ BusName=uk.org.thekelleys.dnsmasq
 # Test the config file and refuse starting if it is not valid.
 ExecStartPre=/usr/sbin/dnsmasq --test
 
-# Enable DBus by default because we use DBus activation.
+# We run dnsmasq via the /etc/init.d/dnsmasq script which acts as a
+# wrapper picking up extra configuration files and then execs dnsmasq
+# itself, when called with the "systemd-exec" function.
 #
-# Drop privileges and become the 'dnsmasq' user. It is recommended by dnsmasq
-# upstream to run dnsmasq as an isolated user that does not run any other
-# processes, owns no files and has no shell. The default 'nobody' user has a
-# shell and might be used for other processes.
+# It also adds the command-line flags
+#    --keep-in-foreground --pid-file --enable-dbus 
+# to disable writing a pid-file (not needed with systemd) and 
+# enable DBus by default because we use DBus activation.
 #
-# Debian-specific: add /etc/dnsmasq.d to config search path (with the exception
-# of .dpkg-*). Packages such as libvirt leave config files there.
-#
-# --pid-file without argument disables writing a PIDfile, we don't need one.
-ExecStart=/usr/sbin/dnsmasq -k \
-          --enable-dbus \
-          --user=dnsmasq \
-          -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new \
-          --pid-file
+ExecStart=/etc/init.d/dnsmasq systemd-exec
+
+# The systemd-*-resolvconf functions configure (and deconfigure)
+# resolvconf to work with the dnsmasq DNS server. They're called liek
+# this to get correct error handling (ie don't start-resolvconf if the 
+# dnsmasq daemon fails to start.
+ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf
+ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf
+
 
 ExecReload=/bin/kill -HUP $MAINPID
 

dnsmasq.conf.example

@@ -4,6 +4,11 @@
 # as the long options legal on the command line. See
 # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
 
+# Listen on this specific port instead of the standard DNS port
+# (53). Setting this to zero completely disables DNS function,
+# leaving only DHCP and/or TFTP.
+#port=5353
+
 # The following two options make you a better netizen, since they
 # tell dnsmasq to filter out queries which the public DNS cannot
 # answer, and which load the servers (especially the root servers)
@@ -157,6 +162,44 @@
 # an explicit netmask instead.
 #dhcp-range=192.168.0.0,static
 
+# Enable DHCPv6. Note that the prefix-length does not need to be specified
+# and defaults to 64 if missing/
+#dhcp-range=1234::2, 1234::500, 64, 12h
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet.
+#dhcp-range=1234::, ra-only 
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
+# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack 
+# hosts. Use the DHCPv4 lease to derive the name, network segment and 
+# MAC address and assume that the host will also have an
+# IPv6 address calculated using the SLAAC alogrithm.
+#dhcp-range=1234::, ra-names
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet.
+# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
+#dhcp-range=1234::, ra-only, 48h
+
+# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
+# so that clients can use SLAAC addresses as well as DHCP ones.
+#dhcp-range=1234::2, 1234::500, slaac
+
+# Do Router Advertisements and stateless DHCP for this subnet. Clients will
+# not get addresses from DHCP, but they will get other configuration information.
+# They will use SLAAC for addresses.
+#dhcp-range=1234::, ra-stateless
+
+# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
+# from DHCPv4 leases.
+#dhcp-range=1234::, ra-stateless, ra-names
+
+# Do router advertisements for all subnets where we're doing DHCPv6
+# Unless overriden by ra-stateless, ra-names, et al, the router 
+# advertisements will have the M and O bits set, so that the clients
+# get addresses and configuration from DHCPv6, and the A bit reset, so the 
+# clients don't use SLAAC addresses.
+#enable-ra
+
 # Supply parameters for specified hosts using DHCP. There are lots
 # of valid alternatives, so we will give examples of each. Note that
 # IP addresses DO NOT have to be in the range given above, they just
@@ -219,6 +262,12 @@
 # any machine with Ethernet address starting 11:22:33:
 #dhcp-host=11:22:33:*:*:*,set:red
 
+# Give a fixed IPv6 address and name to client with 
+# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
+# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
+# Note also the they [] around the IPv6 address are obilgatory.
+#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] 
+
 # Ignore any clients which are not specified in dhcp-host lines
 # or /etc/ethers. Equivalent to ISC "deny unknown-clients".
 # This relies on the special "known" tag which is set when
@@ -270,6 +319,13 @@
 # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
 #dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
 
+# Send DHCPv6 option. Note [] around IPv6 addresses.
+#dhcp-option=option6:dns-server,[1234::77],[1234::88]
+
+# Send DHCPv6 option for namservers as the machine running 
+# dnsmasq and another.
+#dhcp-option=option6:dns-server,[::],[1234::88]
+
 # Set the NTP time server address to be the same machine as
 # is running dnsmasq
 #dhcp-option=42,0.0.0.0

man/dnsmasq.8

@@ -23,7 +23,7 @@ options. It includes a secure, read-only,
 TFTP server to allow net/PXE boot of DHCP hosts and also supports BOOTP.
 .PP
 Dnsmasq 
-supports IPv6 for DNS and TFTP, but not DHCP.
+supports IPv6 for all functions and a minimal router-advertisement daemon.
 .SH OPTIONS
 Note that in general missing parameters are allowed and switch off
 functions, for instance "--pid-file" disables writing a PID file. On
@@ -204,6 +204,17 @@ running another nameserver (or another instance of dnsmasq) on the
 same machine. Setting this option also enables multiple instances of
 dnsmasq which provide DHCP service to run in the same machine.
 .TP
+.B --bind-dynamic
+Enable a network mode which is a hybrid between 
+.B --bind-interfaces
+and the default. Dnsmasq binds the address of indivdual interfaces,
+allowing multiple dnsmasq instances, but if new interfaces or
+addresses appear, it automatically listens on those (subject to any
+access-control configuration). This makes dynamically created
+interfaces work in the same way as the default. Implementing this
+option requires non-standard networking APIs and it is only availble
+under Linux. On other platforms it falls-back to --bind-interfaces mode.
+.TP
 .B \-y, --localise-queries
 Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was
 received. If a name in /etc/hosts has more than one address associated with
@@ -416,6 +427,24 @@ zone files: the port, weight and priority numbers are in a different
 order. More than one SRV record for a given service/domain is allowed,
 all that match are returned.
 .TP
+.B --host-record=<name>[,<name>....][<IPv4-address>],[<IPv6-address>]
+Add A, AAAA and PTR records to the DNS. This adds one or more names to
+the DNS with associated IPv4 (A) and IPv6 (AAAA) records. A name may
+appear in more than one 
+.B host-record
+and therefore be assigned more than one address. Only the first
+address creates a PTR record linking the address to the name. This is
+the same rule as is used reading hosts-files. 
+.B host-record
+options are considered to be read before host-files, so a name
+appearing there inhibits PTR-record creation if it appears in
+hosts-file also. Unlike hosts-files, names are not expanded, even when
+.B expand-hosts
+is in effect. Short and long names may appear in the same 
+.B host-record,
+eg. 
+.B --host-record=laptop,laptop.thekelleys.org,192.168.0.1,1234::100
+.TP
 .B \-Y, --txt-record=<name>[[,<text>],<text>]
 Return a TXT DNS record. The value of TXT record is a set of strings,
 so  any number may be included, delimited by commas; use quotes to put
@@ -436,6 +465,12 @@ hosts files) or from DHCP. If the target does not satisfy this
 criteria, the whole cname is ignored. The cname must be unique, but it
 is permissable to have more than one cname pointing to the same target.
 .TP
+.B --dns-rr=<name>,<RR-number>,[<hex data>]
+Return an arbitrary DNS Resource Record. The number is the type of the
+record (which is always in the C_IN class). The value of the record is
+given by the hex data, which may be of the for 01:23:45 or 01 23 45 or
+012345 or any mixture of these.
+.TP
 .B --interface-name=<name>,<interface>
 Return a DNS record associating the name with the primary address on
 the given interface. This flag specifies an A record for the given
@@ -494,9 +529,9 @@ compiled in and the kernel must have conntrack support
 included and configured. This option cannot be combined with
 --query-port. 
 .TP
-.B \-F, --dhcp-range=[interface:<interface>,][tag:<tag>[,tag:<tag>],][set:<tag],]<start-addr>,<end-addr>[,<netmask>[,<broadcast>]][,<lease time>]
+.B \-F, --dhcp-range=[interface:<interface>,][tag:<tag>[,tag:<tag>],][set:<tag],]<start-addr>[,<end-addr>][,<mode>][,<netmask>[,<broadcast>]][,<lease time>]
 .TP
-.B \-F, --dhcp-range=[interface:<interface>,][tag:<tag>[,tag:<tag>],][set:<tag],]<start-IPv6addr>,<end-IPv6addr>[,<prefix-len>][,<lease time>]
+.B \-F, --dhcp-range=[interface:<interface>,][tag:<tag>[,tag:<tag>],][set:<tag],]<start-IPv6addr>[,<end-IPv6addr>][,<mode>][,<prefix-len>][,<lease time>]
 
 Enable the DHCP server. Addresses will be given out from the range
 <start-addr> to <end-addr> and from statically defined addresses given
@@ -506,8 +541,12 @@ options. If the lease time is given, then leases
 will be given for that length of time. The lease time is in seconds,
 or minutes (eg 45m) or hours (eg 1h) or "infinite". If not given,
 the default lease time is one hour. The
-minimum lease time is two minutes. This
-option may be repeated, with different addresses, to enable DHCP
+minimum lease time is two minutes. For IPv6 ranges, the lease time
+maybe "deprecated"; this sets the preferred lifetime sent in a DHCP
+lease or router advertisement to zero, which causes clients to use
+other addresses, if available, for new connections as a prelude to renumbering.
+
+This option may be repeated, with different addresses, to enable DHCP
 service to more than one network. For directly connected networks (ie,
 networks on which the machine running dnsmasq has an interface) the
 netmask is optional: dnsmasq will determine it from the interface
@@ -529,22 +568,61 @@ The optional
 sets an alphanumeric label which marks this network so that
 dhcp options may be specified on a per-network basis. 
 When it is prefixed with 'tag:' instead, then its meaning changes from setting
-a tag to matching it. Only one tag may be set, but more than one tag may be matched.
-The end address may be replaced by the keyword 
+a tag to matching it. Only one tag may be set, but more than one tag
+may be matched.
+
+The optional <mode> keyword may be 
 .B static
 which tells dnsmasq to enable DHCP for the network specified, but not
 to dynamically allocate IP addresses: only hosts which have static
 addresses given via 
 .B dhcp-host
-or from /etc/ethers will be served. The end address may be replaced by
-the keyword
+or from /etc/ethers will be served. 
+
+For IPv4, the <mode> may be 
 .B proxy
 in which case dnsmasq will provide proxy-DHCP on the specified
 subnet. (See 
 .B pxe-prompt
 and 
 .B pxe-service
-for details, applies to IPv4 only.)
+for details.)
+
+For IPv6, the mode may be some combination of
+.B ra-only, slaac, ra-names, ra-stateless.
+
+.B ra-only
+tells dnsmasq to offer Router Advertisement only on this subnet,
+and not DHCP. 
+
+.B slaac
+tells dnsmasq to offer Router Advertisement on this subnet and to set
+the A bit in the router advertisement, so that the client will use
+SLAAC addresses. When used with a DHCP range or static DHCP address
+this results in the client having both a DHCP-assigned and a SLAAC
+address.
+
+.B ra-stateless
+sends router advertisements with the O and A bits set, and provides a
+stateless DHCP service. The client will use a SLAAC address, and use
+DHCP for other configuration information.
+
+.B ra-names
+enables a mode
+which gives DNS names to dual-stack hosts which do SLAAC for
+IPv6. Dnsmasq uses the host's IPv4 lease to derive the name, network
+segment and MAC address and assumes that the host will also have an
+IPv6 address calculated using the SLAAC algorithm, on the same network
+segment. The address is pinged, and if a reply is received, an AAAA
+record is added to the DNS for this IPv6
+address. Note that this is only happens for directly-connected
+networks, (not one doing DHCP via a relay) and it will not work 
+if a host is using privacy extensions. 
+.B ra-names
+can be combined  with 
+.B ra-stateless
+and
+.B slaac.
 
 The interface:<interface name> section is not normally used. See the
 NOTES section for details of this.
@@ -583,7 +661,7 @@ A single
 .B dhcp-host 
 may contain an IPv4 address or an IPv6 address, or both. IPv6 addresses must be bracketed by square brackets thus:
 .B --dhcp-host=laptop,[1234::56]
-Note that in IPv6 DHCP, the hardware address is not normally available, so a client must be identified by client-id (called client DUID) in IPv6-land) or hostname.
+Note that in IPv6 DHCP, the hardware address is not normally available, so a client must be identified by client-id (called client DUID in IPv6-land) or hostname.
 
 The special option id:* means "ignore any client-id 
 and use MAC addresses only." This is useful when a client presents a client-id sometimes 
@@ -692,7 +770,7 @@ and to set the time-server address to 192.168.0.4, do
 .B --dhcp-option = 42,192.168.0.4 
 or 
 .B --dhcp-option = option:ntp-server, 192.168.0.4
-The special address 0.0.0.0 is taken to mean "the address of the
+The special address 0.0.0.0 (or [::] for DHCPv6) is taken to mean "the address of the
 machine running dnsmasq". Data types allowed are comma separated
 dotted-quad IP addresses, a decimal number, colon-separated hex digits
 and a text string. If the optional tags are given then
@@ -1019,8 +1097,19 @@ the tags used to determine them.
 .B \-l, --dhcp-leasefile=<path>
 Use the specified file to store DHCP lease information.
 .TP 
+.B --dhcp-duid=<enterprise-id>,<uid>
+(IPv6 only) Specify the server persistent UID which the DHCPv6 server
+will use. This option is not normally required as dnsmasq creates a
+DUID automatically when it is first needed. When given, this option
+provides dnsmasq the data required to create a DUID-EN type DUID. Note
+that once set, the DUID is stored in the lease database, so to change between DUID-EN and
+automatically created DUIDs or vice-versa, the lease database must be
+re-intialised. The enterprise-id is assigned by IANA, and the uid is a
+string of hex octets unique to a particular device.
+.TP
 .B \-6 --dhcp-script=<path>
-Whenever a new DHCP lease is created, or an old one destroyed, the
+Whenever a new DHCP lease is created, or an old one destroyed, or a
+TFTP file transfer completes, the
 executable specified by this option is run.  <path>
 must be an absolute pathname, no PATH search occurs. 
 The arguments to the process
@@ -1070,6 +1159,10 @@ is known.
 DNSMASQ_TAGS contains all the tags set during the
 DHCP transaction, separated by spaces.
 
+DNSMASQ_LOG_DHCP is set if
+.B --log-dhcp
+is in effect.
+
 For IPv4 only:
 
 DNSMASQ_CLIENT_ID if the host provided a client-id.
@@ -1096,6 +1189,8 @@ only  supplied for
 since these data are not held in dnsmasq's lease
 database.
 
+
+
 All file descriptors are
 closed except stdin, stdout and stderr which are open to /dev/null
 (except in debug mode).
@@ -1114,6 +1209,17 @@ all existing leases as they are read from the lease file. Expired
 leases will be called with "del" and others with "old". When dnsmasq
 receives a HUP signal, the script will be invoked for existing leases
 with an "old " event.
+
+
+There are two further actions which may appear as the first argument
+to the script, "init" and "tftp". More may be added in the future, so
+scripts should be written to ignore unknown actions. "init" is
+described below in 
+.B --leasefile-ro
+The "tftp" action is invoked when a TFTP file transfer completes: the
+arguments are the file size in bytes, the address to which the file
+was sent, and the complete pathname of the file.
+ 
 .TP
 .B --dhcp-luascript=<path>
 Specify a script written in Lua, to be run when leases are created,
@@ -1127,11 +1233,13 @@ function, and may provide
 and
 .B shutdown
 functions, which are called, without arguments when dnsmasq starts up
-and terminates.
+and terminates. It may also provide a 
+.B tftp
+function.
 
 The 
 .B lease
-method receives the information detailed in 
+function receives the information detailed in 
 .B --dhcp-script. 
 It gets two arguments, firstly the action, which is a string
 containing, "add", "old" or "del", and secondly a table of tag value
@@ -1148,7 +1256,16 @@ for IPv4, and
 .B client_duid, ip_address
 and 
 .B hostname
-for IPv6. 
+for IPv6.
+
+The  
+.B tftp
+function is called in the same way as the lease function, and the
+table holds the tags 
+.B destination_address,
+.B file_name
+and 
+.B file_size.
 .TP
 .B --dhcp-scriptuser
 Specify the user as which to run the lease-change script or Lua script. This defaults to root, but can be changed to another user using this flag. 
@@ -1234,6 +1351,24 @@ added into dnsmasq's DNS view. This flag suppresses that behaviour,
 this is useful, for instance, to allow Windows clients to update
 Active Directory servers. See RFC 4702 for details. 
 .TP
+.B --enable-ra
+Enable dnsmasq's IPv6 Router Advertisement feature. DHCPv6 doesn't
+handle complete network configuration in the same way as DHCPv4. Router
+discovery and (possibly) prefix discovery for autonomous address
+creation are handled by a different protocol. When DHCP is in use,
+only a subset of this is needed, and dnsmasq can handle it, using
+existing DHCP configuration to provide most data. When RA is enabled,
+dnsmasq will advertise a prefix for each dhcp-range, with default
+router and recursive DNS server as the relevant link-local address on 
+the machine running dnsmasq. By default, he "managed address" bits are set, and
+the "use SLAAC" bit is reset. This can be changed for individual
+subnets with the mode keywords described in
+.B --dhcp-range.
+RFC6106 DNS parameters are included in the advertisements. By default,
+the relevant link-local address of the machine running dnsmasq is sent
+as recursive DNS server. If provided, the DHCPv6 options dns-server and
+domain-search are used for RDNSS and DNSSL.
+.TP
 .B --enable-tftp[=<interface>]
 Enable the TFTP server function. This is deliberately limited to that
 needed to net-boot a client. Only reading is allowed; the tsize and
@@ -1267,6 +1402,12 @@ are accessible. It is not recommended to run dnsmasq as root with TFTP
 enabled, and certainly not without specifying --tftp-root. Doing so
 can expose any world-readable file on the server to any host on the net. 
 .TP
+.B --tftp-lowercase
+Convert filenames in TFTP requests to all lowercase. This is useful
+for requests from Windows machines, which have case-insensitive
+filesystems and tend to play fast-and-loose with case in filenames.
+Note that dnsmasq's tftp server always converts "\\" to "/" in filenames.
+.TP
 .B --tftp-max=<connections>
 Set the maximum number of concurrent TFTP connections allowed. This
 defaults to 50. When serving a large number of TFTP connections,

man/fr/dnsmasq.8

@@ -22,7 +22,8 @@ peut être configuré pour envoyer n'importe quel option DHCP.
 Il inclut un serveur TFTP sécurisé en lecture seule permettant le démarrage via
 le réseau/PXE de clients DHCP et supporte également le protocole BOOTP.
 .PP
-Dnsmasq supporte IPv6 pour le DNS et TFTP mais pas pour le DHCP.
+Dnsmasq supporte IPv6 et contient un démon minimaliste capable de faire des
+annonces routeurs ("router-advertisements").
 .SH OPTIONS
 Notes : Il est possible d'utiliser des options sans leur donner de paramètre.
 Dans ce cas, la fonction correspondante sera désactivée. Par exemple
@@ -492,6 +493,27 @@ dans un ordre différents. Pour un service/domaine donné, plus d'un
 enregistrement SRV est autorisé et tous les enregistrements qui coïncident sont
 retournés dans la réponse.
 .TP
+.B --host-record=<nom>[,<nom>....][<adresse IPv4>],[<adresse IPv6>]
+Ajoute des enregistrements A, AAAA et PTR dans le DNS. Ceci permet d'ajouter
+un ou plusieurs noms dans le DNS et de les associer à des enregistrements IPv4
+(A) ou IPv6 (AAAA). Un nom peut apparaître dans plus d'une entrée
+.B host-record
+et de fait être associé à plus d'une adresse. Seule la première entrée créée
+l'enregistrement PTR associée au nom. Ceci correspond à la même règle que celle
+utilisée lors de la lecture du fichier hosts.
+Les options
+.B host-record
+sont considérées lues avant le fichier hosts, ainsi un nom apparaissant dans
+une option host-record et dans le fichier hosts n'aura pas d'enregistrement
+PTR associé à l'entrée dans le fichier hosts. A l'inverse du fichier hosts, les
+noms ne sont pas étendus, même lorsque l'option
+.B expand-hosts
+est activée. Les noms longs et les noms courts peuvent apparaitre dans la même
+entrée 
+.B host-record,
+c-à-d
+.B --host-record=laptop,laptop.thekelleys.org,192.168.0.1,1234::100
+.TP
 .B \-Y, --txt-record=<nom>[[,<texte>],<texte>]
 Définit un enregistrement DNS de type TXT. La valeur de l'enregistrement TXT est
 un ensemble de chaînes de caractères, donc un nombre variable de chaînes de
@@ -577,9 +599,11 @@ l'ayant déclenché, ce qui est pratique pour la gestion de la bande passante
 (accounting) et le filtrage (firewall). Dnsmasq doit pour cela être compilé
 avec le support conntrack, le noyau doit également inclure conntrack et être
 configuré pour cela. Cette option ne peut pas être combinée avec
---query-port. 
+--query-port.
 .TP
-.B \-F, --dhcp-range=[interface:<interface>,][tag:<label>[,tag:<label>],][set:<label],]<adresse de début>,<adresse de fin>[,<masque de réseau>[,<broadcast>]][,<durée de bail>]
+.B \-F, --dhcp-range=[interface:<interface>,][tag:<label>[,tag:<label>],][set:<label>],]<adresse de début>[,<adresse de fin>][,<mode>][,<masque de réseau>[,<broadcast>]][,<durée de bail>]
+.TP
+.B \-F, --dhcp-range=[interface:<interface>,][tag:<label>[,tag:<label>],][set:<label>],]<addresse IPv6 de début>[,<adresse IPv6 de fin>][,<mode>][,<longueur de préfixe>][,<durée de bail>]
 Active le serveur DHCP. Les adresses seront données dans la plage comprise entre
 <adresse de début> et <adresse de fin> et à partir des adresses définies
 statiquement dans l'option
@@ -590,6 +614,13 @@ en heures (exemple : 1h) ou être la chaine de caractère "infinite" pour une
 durée indéterminée. Si aucune valeur n'est donnée, une durée de bail par défaut
 de une heure est appliquée. La valeur minimum pour un bail DHCP est de 2
 minutes.
+
+Pour les plages IPv6, la durée de bail peut-être égale au mot-clef "deprecated"
+(obsolète); Cela positionne la durée de vie préférée envoyée dans les baux DHCP
+ou les annonces routeurs à zéro, ce qui incite les clients à utiliser d'autres
+adresses autant que possible, pour toute nouvelle connexion, en préalable à
+la renumérotation.
+
 Cette option peut être répétée, avec différentes adresses,
 pour activer le service DHCP sur plus d'un réseau. Pour des réseaux directement
 connectés (c'est-à-dire des réseaux dans lesquels la machine sur laquelle tourne
@@ -604,6 +635,14 @@ est toujours optionnelle.
 
 Il est toujours possible d'avoir plus d'une plage DHCP pour un même
 sous-réseau.
+
+Pour IPv6, les paramètres sont légèrement différents : au lieu d'un masque de
+réseau et d'une adresse de broadcast, il existe une longueur de préfixe
+optionnelle. Si elle est omise, la valeur par défaut est 64. À la différence
+d'IPv4, la longueur de préfixe n'est pas automatiquement déduite de la
+configuration de l'interface. La taille minimale pour la longueur de préfixe
+est 64.
+
 L'identifiant de label optionnel
 .B set:<label>
 fournie une étiquette alphanumérique qui identifie ce réseau, afin de permettre
@@ -612,15 +651,15 @@ Lorsque préfixé par 'tag:', la signification change, et au lieu de définir un
 label, il définit le label pour laquelle la règle s'applique. Un seul label peut-
 être défini mais plusieurs labels peuvent coïncider.
 
-L'adresse de fin peut être remplacée par le mot-clef
+Le mot clef optionnel <mode> peut être égal à
 .B static
-("statique") qui indique à Dnsmasq d'activer le service DHCP pour le réseau
+("statique") ce qui indique à Dnsmasq d'activer le service DHCP pour le réseau
 spécifié, mais de ne pas activer l'allocation dynamique d'adresses IP : Seuls
 les hôtes possédant des adresses IP statiques fournies via 
 .B dhcp-host
 ou présentes dans le fichier /etc/ethers seront alors servis par le DHCP.
 
-L'adresse de fin peut-être remplacée par le mot-clef
+Pour IPv4, le <mode> peut est égal à
 .B proxy
 , auquel cas Dnsmasq fournira un service de DHCP proxy pour le sous-réseau
 spécifié. (voir
@@ -629,6 +668,43 @@ et
 .B pxe-service
 pour plus de détails).
 
+Pour IPv6, le mode peut-être une combinaison des valeurs
+.B ra-only, slaac, ra-names, ra-stateless.
+
+.B ra-only
+indique à dnsmasq de n'effectuer que des annonces de routeur (Router
+Advertisement, RA) sur ce sous-réseau, et de ne pas faire de DHCP.
+
+.B slaac
+indique à dnsmasq d'effectuer des annonces de routeur sur ce sous-réseau
+et de positionner dans celles-ci le bit A, afin que les clients utilisent
+des adresses SLAAC. Lorsqu'utilisé conjointement avec une plage DHCP ou des
+affectations statiques d'adresses DHCP, les clients disposeront à la fois
+d'adresses DHCP assignées et d'adresses SLAAC.
+
+.B ra-stateless
+indique à dnsmasq d'effectuer des annonces de routeur avec les bits 0 et A
+positionnés, et de fournir un service DHCP sans état ("stateless"). Les clients
+utiliseront des adresses SLAAC, et utiliseront DHCP pour toutes les autres
+informations de configuration.
+
+.B ra-names
+active un mode qui fourni des noms DNS aux hôtes fonctionnant en double pile
+("dual stack") et configurés pour faire du SLAAC en IPv6. Dnsmasq utilise le
+bail IPv4 de l'hôte afin de dériver le nom, le segment de réseau et l'adresse
+MAC et assume que l'hôte disposera d'une adresse IPv6 calculée via l'algorithme
+SLAAC, sur le même segment de réseau. Un ping est envoyé à l'adresse, et si une
+réponse est obtenue, un enregistrement AAAA est rajouté dans le DNS pour cette
+adresse IPv6. Veuillez-noter que cela n'arrive que pour les réseaux directement
+connectés (et non ceux pour lesquels DHCP se fait via relai), et ne
+fonctionnera pas si un hôte utilise les "extensions de vie privée"
+("privacy extensions").
+.B ra-names
+peut-être combiné avec
+.B ra-stateless
+et
+.B slaac.
+
 La section interface:<nom d'interface> n'est normalement pas utilisée. Se
 référer aux indications de la section NOTES pour plus de détail à ce sujet.
 .TP
@@ -663,6 +739,15 @@ spécifier l'identifiant client sous la forme d'une chaîne de caractères, comm
 ceci :
 .B --dhcp-host=id:identifiantclientsousformedechaine,..... 
 
+Un seul
+.B dhcp-host 
+peut contenir une adresse IPv4, une adresse IPv6, ou les deux en même temps.
+Les adresses IPv6 doivent-être mises entre crochets comme suit :
+.B --dhcp-host=laptop,[1234::56]
+A noter que pour le DHCP IPv6, l'adresse matérielle n'est en principe pas
+disponible, aussi un client doit-être identifié par un identifiant de client
+(appellé "DUID client") ou un nom d'hôte.
+
 L'option spéciale id:* signifie : "ignorer tout identifiant client et n'utiliser
 que l'adresse matérielle". Cela est utile lorsqu'un client présente un
 identifiant client mais pas les autres.
@@ -709,7 +794,7 @@ ARP en les précédant du type ARP (en Hexadécimal) et de "-". Ainsi
 coïncidera uniquement avec des adresses matérielles Token-Ring, puisque le type
 ARP pour une adresse Token-Ring est 6.
 
-Un cas spécial correspond à l'inclusion d'une ou plusieurs adresses
+Un cas spécial, pour IPv4, correspond à l'inclusion d'une ou plusieurs adresses
 matérielles, c-à-d :
 .B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2.
 Cela permet à une adresse IP d'être associé à plusieurs adresses
@@ -750,22 +835,22 @@ une adresse IP sous la forme de 4 chiffres séparés par des points. Lorsque lu
 par Dnsmasq, ces lignes ont exactement le même effet que l'option
 .B --dhcp-host
 contenant les mêmes informations. /etc/ethers est relu à la réception d'un
-signal SIGHUP par Dnsmasq.
+signal SIGHUP par Dnsmasq. Les adresses IPv6 ne sont PAS lues dans /etc/ethers.
 .TP
-.B \-O, --dhcp-option=[tag:<label>,[tag:<label>]][encap:<option>,][vi-encap:<entreprise>,][vendor:[<classe_vendeur>],][<option>|option:<nom d'option>],[<valeur>[,<valeur>]]
+.B \-O, --dhcp-option=[tag:<label>,[tag:<label>]][encap:<option>,][vi-encap:<entreprise>,][vendor:[<classe_vendeur>],][<option>|option:<nom d'option>|option6:<option>|option6:<nom d'option>],[<valeur>[,<valeur>]]
 Spécifie des options différentes ou supplémentaires pour des clients DHCP. Par
 défaut, Dnsmasq envoie un ensemble standard d'options aux clients DHCP : le
 masque de réseau et l'adresse de broadcast sont les mêmes que pour l'hôte
 sur lequel tourne Dnsmasq, et le serveur DNS ainsi que la route par défaut
-prennent comme valeur l'adresse de la machine sur laquelle tourne Dnsmasq. Si
-une option de nom de domaine a été définie, son contenu est transmis. Cette
-option de configuration permet de changer toutes ces valeurs par défaut, ou de
-spécifier d'autres options. L'option DHCP à transmettre peut être fournie sous
-forme d'un nombre décimal ou sous la forme "option:<nom d'option>". Les nombres
-correspondants aux options sont définis dans la RFC2132 et suivants. Les noms
-d'options connus par Dnsmasq peuvent être obtenus via "Dnsmasq --help dhcp".
-Par exemple, pour définir la route par défaut à 192.168.4.4, il est possible de
-faire
+prennent comme valeur l'adresse de la machine sur laquelle tourne Dnsmasq. 
+(Des règles équivalentes s'appliquent en IPv6). Si une option de nom de domaine
+a été définie, son contenu est transmis. Cette option de configuration permet
+de changer toutes ces valeurs par défaut, ou de spécifier d'autres options.
+L'option DHCP à transmettre peut être fournie sous forme d'un nombre décimal 
+ou sous la forme "option:<nom d'option>". Les nombres correspondants aux options
+sont définis dans la RFC2132 et suivants. Les noms d'options connus par Dnsmasq 
+peuvent être obtenus via "Dnsmasq --help dhcp". Par exemple, pour définir la
+route par défaut à 192.168.4.4, il est possible de faire
 .B --dhcp-option=3,192.168.4.4 
 ou
 .B --dhcp-option = option:router, 192.168.4.4
@@ -788,6 +873,13 @@ de l'option 120 sont traités conforméments à la RFC 3361. Les adresses IP sou
 forme de 4 chiffres séparés par des points suivies par une barre montante "/",
 puis une taille de masque sont encodés conforméments à la RFC 3442.
 
+Les options IPv6 sont fournies en utilisant le mot-clef
+.B option6:
+suivi par le numéro d'option ou le nom d'option. L'espace de nommage des options
+IPv6 est disjint de l'espace de nommage des options IPv4. Les adresses IPv6
+en option doivent être entourées de crochets, comme par exemple :
+.B --dhcp-option=option6:ntp-server,[1234::56]
+
 Attention : aucun test n'étant fait pour vérifier que des données d'un type
 adéquat sont envoyées pour un numéro d'option donné, il est tout à fait possible
 de persuader Dnsmasq de générer des paquets DHCP illégaux par une utilisation
@@ -806,8 +898,8 @@ d'une chaîne de caractères comme nom de serveur TFTP, il est nécessaire de fa
 comme suit :
 .B --dhcp-option=66,"1.2.3.4"
 
-Les options encapsulées de classes de vendeurs peuvent-être aussi spécifiées en
-utilisant
+Les options encapsulées de classes de vendeurs peuvent-être aussi spécifiées 
+(pour IPv4 seulement) en utilisant
 .B --dhcp-option
 : par exemple
 .B --dhcp-option=vendor:PXEClient,1,0.0.0.0
@@ -823,7 +915,7 @@ par le client. Il est possible d'omettre complètement une classe de vendeur :
 .B --dhcp-option=vendor:,1,0.0.0.0
 Dans ce cas l'option encapsulée est toujours envoyée.
 
-Les options peuvent-être encapsulées au sein d'autres options :
+En IPv4, les options peuvent-être encapsulées au sein d'autres options :
 par exemple
 .B --dhcp-option=encap:175, 190, "iscsi-client0"
 enverra l'option 175, au sein de laquelle se trouve l'option 190.
@@ -836,7 +928,8 @@ identifiant le vendeur" ("Vendor-Identifying Vendor Options") telle que
 décrite dans le RFC3925. Celles-ci sont spécifiées comme suit :
 .B --dhcp-option=vi-encap:2, 10, "text"
 Le numéro dans la section vi-encap: est le numéro IANA de l'entreprise servant
-à identifier cette option.
+à identifier cette option. Cette forme d'encapsulation est également supportée
+en IPv6.
 
 L'adresse 0.0.0.0 n'est pas traitée de manière particulière lorsque fournie dans
 une option encapsulée.
@@ -849,8 +942,8 @@ dans la liste de paramêtres requis. Cela est parfois nécessaire, par exemple l
 de la fourniture d'options à PXELinux.
 .TP
 .B --dhcp-no-override
-Désactive la réutilisation des champs DHCP nom de serveur et nom de
-fichier comme espace supplémentaire pour les options. Si cela est
+(IPv4 seulement) Désactive la réutilisation des champs DHCP nom de serveur et
+nom de fichier comme espace supplémentaire pour les options. Si cela est
 possible, dnsmasq déplace les informations sur le serveur de démarrage
 et le nom de fichier (fournis par 'dhcp-boot') en dehors des champs
 dédiés à cet usage dans les options DHCP. Cet espace supplémentaire est
@@ -859,7 +952,8 @@ quelques rares cas, perturber des clients vieux ou défectueux. Cette
 option force le comportement à l'utilisation des valeurs "simples et sûres"
 afin d'éviter des problèmes dans de tels cas.
 .TP
-.B \-U, --dhcp-vendorclass=set:<label>,<classe de vendeur>
+.B \-U, --dhcp-vendorclass=set:<label>,[enterprise:<numéro IANA d'enterprise>,]<classe de vendeur>
+
 Associe une chaîne de classe de vendeur à un label. La plupart
 des clients DHCP fournissent une "classe de vendeur" ("vendor class") qui
 représente, d'une certaine façon, le type d'hôte. Cette option associe des
@@ -875,6 +969,11 @@ en temps que sous-chaîne de caractères au sein de la classe de vendeur fournie
 par le client, de façon à permettre la recherche d'un sous-ensemble de la chaîne
 de caractères ("fuzzy matching"). Le préfixe set: est optionnel mais autorisé
 afin de conserver une certaine homogénéité.
+
+Notez qu'en IPv6 (et seulement en IPv6), les noms de classes de vendeurs
+sont dans un espace de nom associé au numéro attribué à l'entreprise par
+l'IANA. Ce numéro est fourni par le biais du mot-clef enterprise: et seules
+les classes de vendeurs associées au numéro spécifié seront cherchées.
 .TP
 .B \-j, --dhcp-userclass=set:<label>,<classe utilisateur>
 Associe une chaîne de classe d'utilisateur à un label (effectue la
@@ -887,7 +986,7 @@ d'impression différent pour les hôtes de la classe "comptes" et ceux de la
 classe "ingénierie".
 .TP
 .B \-4, --dhcp-mac=set:<label>,<adresse MAC>
-Associe une adresse matérielle (MAC) à un label. L'adresse
+(IPv4 uniquement) Associe une adresse matérielle (MAC) à un label. L'adresse
 matérielle peut inclure des jokers. Par exemple
 .B --dhcp-mac=set:3com,01:34:23:*:*:*
 permet de définir le label "3com" pour n'importe quel hôte dont l'adresse
@@ -901,16 +1000,19 @@ chaîne de valeurs hexadécimales séparées par des ":", mais il est également
 possible qu'elle le soit sous la forme d'une simple chaîne de caractères. Si
 l'identifiant de circuit ou d'agent correspond exactement à celui fourni par le
 relais DHCP, alors le label est apposé.
+.B dhcp-remoteid
+est supporté en IPv6 (mais non dhcp-circuitid).
 .TP
 .B --dhcp-subscrid=set:<label>,<identifiant d'abonné>
-Associe des options de relais DHCP issues de la RFC3993 à des labels.
+(IPv4 et IPv6) Associe des options de relais DHCP issues de la RFC3993 à des
+labels.
 .TP
 .B --dhcp-proxy[=<adresse ip>]......
-Un agent relai DHCP normal est uniquement utilisé pour faire suivre les
-éléments initiaux de l'interaction avec le serveur DHCP. Une fois que le
-client est configuré, il communique directement avec le serveur. Cela n'est pas
-souhaitable si le relais rajoute des informations supplémentaires aux paquets
-DHCP, telles que celles utilisées dans
+(IPv4 seulement) Un agent relai DHCP normal est uniquement utilisé pour faire
+suivre les éléments initiaux de l'interaction avec le serveur DHCP. Une fois
+que le client est configuré, il communique directement avec le serveur. Cela
+n'est pas souhaitable si le relais rajoute des informations supplémentaires
+aux paquets DHCP, telles que celles utilisées dans
 .B dhcp-circuitid
 et
 .B dhcp-remoteid.
@@ -973,26 +1075,28 @@ configuration dhcp-host de Dnsmasq, ainsi que le contenu des fichiers /etc/hosts
 et /etc/ethers.
 .TP
 .B --dhcp-generate-names=tag:<label>[,tag:<label>]
-Générer un nom pour les clients DHCP qui autrement n'en aurait pas, en
-utilisant l'adresse MAC sous sa forme hexadécimale, séparée par des tirets.
+(IPv4 seulement) Générer un nom pour les clients DHCP qui autrement n'en aurait
+pas, en utilisant l'adresse MAC sous sa forme hexadécimale, séparée par des
+tirets.
 Noter que si un hôte fourni un nom, celui-ci sera utilisé de préférence au nom
 autogénéré, à moins que
 .B --dhcp-ignore-names 
 ne soit positionné.
 .TP
 .B --dhcp-broadcast=[tag:<label>[,tag:<label>]]
-Lorsque tous les labels fournis dans l'option sont présents, toujours utiliser
-le broadcast pour communiquer avec l'hôte lorsque celui-ci n'est
-pas configuré. Il est possible de ne spécifier aucun label, auquel cas cette
-option s'applique inconditionnellement. La plupart des clients DHCP nécessitant une réponse par le biais
-d'un broadcast activent une option dans leur requête, ce qui fait que cela
-se fait automatiquement, mais ce n'est pas la cas de certains vieux clients BOOTP.
+(IPv4 seulement) Lorsque tous les labels fournis dans l'option sont présents,
+toujours utiliser le broadcast pour communiquer avec l'hôte lorsque celui-ci
+n'est pas configuré. Il est possible de ne spécifier aucun label, auquel cas
+cette option s'applique inconditionnellement. La plupart des clients DHCP
+nécessitant une réponse par le biais d'un broadcast activent une option dans
+leur requête, ce qui fait que cela se fait automatiquement, mais ce n'est pas
+le cas de certains vieux clients BOOTP.
 .TP
 .B \-M, --dhcp-boot=[tag:<label>,]<nom de fichier>,[<nom de serveur>[,<adresse de serveur>|<nom du serveur tftp>]]
-Spécifie les options BOOTP devant être retournées par le serveur DHCP. Le nom de
-serveur ainsi que l'adresse sont optionnels : s'ils ne sont pas fournis, le nom
-est laissé vide et l'adresse fournie est celle de la machine sur laquelle
-s'exécute Dnsmasq. Si Dnsmasq founit un service TFTP (voir
+(IPv4 seulement) Spécifie les options BOOTP devant être retournées par le
+serveur DHCP. Le nom de serveur ainsi que l'adresse sont optionnels : s'ils
+ne sont pas fournis, le nom est laissé vide et l'adresse fournie est celle de
+la machine sur laquelle s'exécute Dnsmasq. Si Dnsmasq founit un service TFTP (voir
 .B --enable-tftp
 ), alors seul un nom de fichier est requis ici pour permettre un démarrage par
 le réseau.
@@ -1018,7 +1122,7 @@ Veuillez noter que dans ce mode séquentiel, les clients qui laissent expirer
 leur bail ont beaucoup plus de chance de voir leur adresse IP changer, aussi
 cette option ne devrait pas être utilisée dans un cas général.
 .TP
-.B --pxe-service=[tag:<label>,]<CSA>,<entrée de menu>[,<nom de fichier>|<type de service de démarrage>][,<adresse de serveur>]
+.B --pxe-service=[tag:<label>,]<CSA>,<entrée de menu>[,<nom de fichier>|<type de service de démarrage>][,<adresse de serveur>|<nom de serveur>]
 La plupart des ROMS de démarrage PXE ne permettent au système PXE que la simple
 obtention d'une adresse IP, le téléchargement du fichier spécifié dans
 .B dhcp-boot
@@ -1036,17 +1140,20 @@ client PXE qu'il faut télécharger ce fichier via TFTP, soit depuis ce serveur
 (l'option
 .B enable-tftp 
 doit être spécifiée pour que cela marche), soit depuis un autre serveur TFTP
-si une adresse de serveur est fournie.
+si une adresse ou un nom de serveur est fournie.
 Veuillez noter que le suffixe de "couche" (en principe ".0") est fourni par PXE
 et ne doit pas être rajouté au nom de fichier. Si une valeur numérique entière
 est fournir pour le type de démarrage, en remplacement du nom de fichier, le
 client PXE devra chercher un service de démarrage de ce type sur le réseau.
 Cette recherche peut être faite via broadcast ou directement auprès d'un
-serveur si son adresse IP est fournie dans l'option.
+serveur si son adresse IP ou son nom sont fournis dans l'option.
 Si aucun nom de fichier n'est donné ni aucune valeur de type de service de
 démarrage n'est fournie (ou qu'une valeur de 0 est donnée pour le type de
 service), alors l'entrée de menu provoque l'interruption du démarrage par
-le réseau et la poursuite du démarrage sur un média local.
+le réseau et la poursuite du démarrage sur un média local. L'adresse de serveur
+peut être donnée sous la forme de nom de domaine qui est recherché dans
+/etc/hosts. Ce nom peut-être associé à plusieurs adresses IP, qui dans ce cas
+sont utilisées à tour de rôle (en "round-robin").
 .TP
 .B --pxe-prompt=[tag:<label>,]<invite>[,<délai>]
 Cette option permet d'afficher une invite à la suite du démarrage PXE. Si un
@@ -1079,38 +1186,39 @@ créant des milliers de baux et utilisant beaucoup de mémoire dans le processus
 Dnsmasq.
 .TP
 .B \-K, --dhcp-authoritative
-Cette option doit être donnée lorsque Dnsmasq est le seul serveur DHCP sur le
-réseau. Cela change le comportement par défaut qui est celui d'un strict respect
-des RFC, afin que les requêtes DHCP pour des baux inconnus par des hôtes
-inconnus ne soient pas ignorées. Cela permet à de nouveaux hôtes d'obtenir des
-baux sans tenir compte de fastidieuses temporisations ("timeout"). Cela permet
-également à Dnsmasq de reconstruire sa base de donnée contenant les baux sans
-que les clients n'aient besoin de redemander un bail, si celle-ci est perdue.
+(IPv4 seulement) Cette option doit être donnée lorsque Dnsmasq est le seul
+serveur DHCP sur le réseau. Cela change le comportement par défaut qui est
+celui d'un strict respect des RFC, afin que les requêtes DHCP pour des baux
+inconnus par des hôtes inconnus ne soient pas ignorées. Cela permet à de
+nouveaux hôtes d'obtenir des baux sans tenir compte de fastidieuses
+temporisations ("timeout"). Cela permet également à Dnsmasq de reconstruire
+sa base de données contenant les baux sans que les clients n'aient besoin de
+redemander un bail, si celle-ci est perdue.
 .TP
 .B --dhcp-alternate-port[=<port serveur>[,<port client>]]
-Change les ports utilisés par défaut pour le DHCP. Si cette option est donnée
-toute seule sans arguments, alors change les ports utilisés pour le DHCP
-de 67 et 68 respectivement à 1067 et 1068. Si un seul argument est donné, ce
+(IPv4 seulement) Change les ports utilisés par défaut pour le DHCP. Si cette
+option est donnée seule sans argument, alors change les ports utilisés pour le
+DHCP de 67 et 68 respectivement à 1067 et 1068. Si un seul argument est donné, ce
 numéro est utilisé pour le port serveur et ce numéro plus 1 est utilisé pour le
 port client. Enfin, en fournissant deux numéros de ports, il est possible de
 spécifier arbitrairement 2 ports à la fois pour le serveur et pour le client DHCP.
 .TP
 .B \-3, --bootp-dynamic[=<identifiant de réseau>[,<identifiant de réseau>]]
-Permet l'allocation dynamique d'adresses IP à des clients BOOTP. Utiliser cette
-option avec précaution, une adresse allouée à un client BOOTP étant perpétuelle,
-et de fait n'est plus disponibles pour d'autres hôtes. Si aucun argument n'est
-donné, alors cette option permet une allocation dynamique dans tous les cas. Si
-des arguments sont spécifiés, alors l'allocation ne se fait que lorsque tous
-les identifiants coïncident. Il est possible de répeter cette option avec
-plusieurs jeux d'arguments.
+(IPv4 seulement) Permet l'allocation dynamique d'adresses IP à des clients BOOTP.
+Utiliser cette option avec précaution, une adresse allouée à un client BOOTP
+étant perpétuelle, et de fait n'est plus disponibles pour d'autres hôtes. Si
+aucun argument n'est donné, alors cette option permet une allocation dynamique
+dans tous les cas. Si des arguments sont spécifiés, alors l'allocation ne se
+fait que lorsque tous les identifiants coïncident. Il est possible de répeter
+cette option avec plusieurs jeux d'arguments.
 .TP
 .B \-5, --no-ping
-Par défaut, le serveur DHCP tente de s'assurer qu'une adresse n'est pas utilisée
-avant de l'allouer à un hôte. Cela est fait en envoyant une requête ICMP de type
-"echo request" (aussi connue sous le nom de "ping") à l'adresse en question. Si
-le serveur obtient une réponse, alors l'adresse doit déjà être utilisée et une
-autre est essayée. Cette option permet de supprimer cette vérification. A
-utiliser avec précaution.
+(IPv4 seulement) Par défaut, le serveur DHCP tente de s'assurer qu'une adresse
+n'est pas utilisée avant de l'allouer à un hôte. Cela est fait en envoyant une
+requête ICMP de type "echo request" (aussi connue sous le nom de "ping") à
+l'adresse en question. Si le serveur obtient une réponse, alors l'adresse doit
+déjà être utilisée et une autre est essayée. Cette option permet de supprimer
+cette vérification. A utiliser avec précaution.
 .TP
 .B --log-dhcp
 Traces additionnelles pour le service DHCP : enregistre toutes les options
@@ -1120,18 +1228,30 @@ détermination de celles-ci.
 .B \-l, --dhcp-leasefile=<chemin de fichier>
 Utilise le fichier dont le chemin est fourni pour stocker les informations de
 baux DHCP.
-.TP 
+.TP
+.B --dhcp-duid=<ID d'entreprise>,<uid>
+(IPv6 seulement) Spécifie le numéro d'UID de serveur persistant que le serveur
+DHCPv6 doit utiliser. Cette option n'est normalement pas requise, Dnsmasq
+créant un DUID automatiquement lorsque cela est nécessaire. Lorsque cette
+option est positionnée, elle fournit à Dnsmasq les données nécessaires à la
+création d'un DUID de type DUID-EN. Veuillez noter qu'une fois créé, le DUID
+est stocké dans la base des baux, aussi changer entre un DUID créé
+automatiquement et un DUID-EN et vice-versa impose de réinitialiser la base de
+baux. Le numéro d'ID d'entreprise est assigné par l'IANA, et l'uid est une
+chaine hexadécimale unique à chaque serveur.
+.TP
 .B \-6 --dhcp-script=<chemin de fichier>
-Lorsqu'un bail DHCP est créé, ou qu'un ancien est supprimé, le fichier dont le
+Lorsqu'un bail DHCP est créé, qu'un ancien est supprimé, ou qu'un transfert
+TFTP est terminé, le fichier dont le
 chemin  est spécifié est exécuté. Le <chemin de fichier> doit être un chemin
 absolu, aucune recherche n'est effectuée via la variable d'environnement PATH.
 Les arguments fournis à celui-ci sont soit
 "add" ("ajouter"), "old" ("ancien") ou "del" ("supprimer"), suivi de l'adresse
-MAC de l'hôte puis l'adresse IP et le nom d'hôte si celui-ci est
-connu."add" signifie qu'un bail a été créé, "del" signifie qu'il a été supprimé,
-"old" notifie que le bail existait au lancement de Dnsmasq, ou un changement
-d'adresse MAC ou de nom d'hôte pour un bail existant (ou, dans le cas où
-leasefile-ro est spécifié, un changement de durée de bail ou d'identifiant
+MAC de l'hôte (ou le DUID pour IPv6) puis l'adresse IP et le nom d'hôte si
+celui-ci est connu."add" signifie qu'un bail a été créé, "del" signifie qu'il a
+été supprimé, "old" notifie que le bail existait au lancement de Dnsmasq, ou un
+changement d'adresse MAC ou de nom d'hôte pour un bail existant (ou, dans le cas
+où leasefile-ro est spécifié, un changement de durée de bail ou d'identifiant
 d'hôte). Si l'adresse Mac est d'un type de réseau autre qu'ethernet, il est
 nécessaire de la préceder du type de réseau, par exemple "06-01:23:45:67:89:ab"
 pour du token ring. Le processus est exécuté en temps que super-utilisateur 
@@ -1141,18 +1261,16 @@ pour changer son UID pour celle d'un utilisateur non-privilégié.
 L'environnement est hérité de celui de l'invocation du processus Dnsmasq,
 auquel se rajoute quelques unes ou toutes les variables décrites ci-dessous :
 
-DNSMASQ_CLIENT_ID, si l'hôte a fourni un identifiant de client.
+Pour IPv4 et IPv6 :
 
 DNSMASQ_DOMAIN si le nom de domaine pleinement qualifié de l'hôte est connu, la
 part relative au domaine y est stockée. (Notez que le nom d'hôte transmis comme
 argument au script n'est jamais pleinement qualifié).
 
-Si le client fournit une information de classe de vendeur, un nom d'hôte, ou
-des classes d'utilisateur, celles-ci sont fournies dans les
-variables DNSMASQ_VENDOR_CLASS et DNSMASQ_USER_CLASS0 à DNSMASQ_USER_CLASSn
-et DNSMASQ_SUPPLIED_HOSTNAME respectivement, mais seulement pour les actions
-"add" et "old" lorsqu'un hôte reprend un bail existant, ces variables n'étant
-pas stockées dans la base de baux de Dnsmasq.
+Si le client fournit un nom d'hôte, DNSMASQ_SUPPLIED_HOSTNAME.
+
+Si le client fournit des classes d'utilisateur, DNSMASQ_USER_CLASS0 à
+DNSMASQ_USER_CLASSn.
 
 Si Dnsmasq a été compilé avec l'option HAVE_BROKEN_RTC ("horloge RTC
 défectueuse"), alors la durée du bail (en secondes) est stockée dans la
@@ -1175,6 +1293,33 @@ relai DHCP pour contacter Dnsmasq, si l'adresse IP du relai est connue.
 DNSMASQ_TAGS contient tous les labels fournis pendant la transaction DHCP,
 séparés par des espaces.
 
+DNSMASQ_LOG_DHCP est positionné si
+.B --log-dhcp
+est activé.
+
+Pour IPv4 seulement :
+
+DNSMASQ_CLIENT_ID, si l'hôte a fourni un identifiant de client.
+
+Si le client fournit une information de classe de vendeur, DNSMASQ_VENDOR_CLASS.
+
+Pour IPv6 seulement :
+
+Si le client fournit une classe de vendeur (vendor-class), positionne
+DNSMASQ_VENDOR_CLASS_ID avec comme contenu le numéro IANA de l'entreprise pour
+la classe, et DNSMASQ_VENDOR_CLASS0..DNSMASQ_VENDOR_CLASSn pour les données.
+
+DNSMASQ_SERVER_DUID contient le DUID du serveur : cette valeur est la même
+pour chaque appel au script.
+
+DNSMASQ_IAID contenant l'IAID pour le bail. Si le bail est une allocation
+temporaire, cela est préfixé par le caractère 'T'.
+
+A noter que le nom d'hôte fourni, la classe de vendeur ou les données de classe
+d'utilisateur sont uniquement fournies pour les actions "add" ou l'action "old"
+lorsqu'un hôte reprend un bail existant, puisque ces informations ne sont pas
+conservées dans la base de baux de dnsmasq.
+
 Tous les descripteurs de fichiers sont fermés, sauf stdin, stdout et stderr qui
 sont ouverts sur /dev/null (sauf en mode déverminage).
 
@@ -1191,11 +1336,72 @@ Au démarrage de Dnsmasq, le script sera invoqué pour chacun des baux existants
 dans le fichier des baux. Le script sera lancé avec l'action "del" pour les
 baux expirés, et "old" pour les autres. Lorsque Dnsmasq reçoit un signal HUP,
 le script sera invoqué avec une action "old" pour tous les baux existants.
-.TP 
+
+Il existe deux autres actions pouvant apparaître comme argument au script :
+"init" et "tftp". D'autres sont susceptibles d'être rajoutées dans le futur,
+aussi les scripts devraient-être écrits de sorte à ignorer les actions
+inconnues. "init" est décrite ci-dessous dans
+.B --leasefile-ro.
+L'action "tftp" est invoquée lorsqu'un transfert de fichier TFTP s'est
+terminé. Ses arguments sont la taille du fichier en octets, l'adresse à
+laquelle le fichier a été envoyé, ainsi que le chemin complet du fichier.
+
+.TP
+.B --dhcp-luascript=<chemin>
+Spécifie un script écrit en Lua, devant être exécuté lorsque des baux sont
+créés, détruits ou modifiés. Pour utiliser cette option, dnsmasq doit être
+compilé avec avec le support de Lua. L'interpréteur Lua est initialisé une
+seule fois, lorsque dnsmasq démarre, ce qui fait que les variables globales
+persistent entre les évênements liés aux baux. Le code Lua doit définir une
+fonction
+.B lease
+et peut fournir des fonctions
+.B init
+et
+.B shutdown
+qui sont appellées, sans arguments, lorsque dnsmasq démarre ou s'arrête.
+Il peut également fournir une fonction
+.B tftp.
+
+La fonction
+.B lease
+reçoit les informations détaillées dans
+.B --dhcp-script. 
+Il reçoit deux arguments. Le premier spécifie l'action, qui est une chaîne de
+caractères contenant les valeurs "add" (ajout), "old" (réactivation d'un bail
+existant) ou "del" (suppression). Le deuxième est une table contenant des
+paires de valeurs de labels. Les labels correspondent pour l'essentiel aux
+valeurs d'environnement détaillées ci-dessus, ainsi le label "domain" (domaine)
+contient les mêmes données que la variable d'environnement DNSMASQ_DOMAIN. Il
+existe quelques labels supplémentaires contenant les données fournies comme
+arguments à
+.B --dhcp-script. 
+Ces labels sont
+.B mac_address, ip_address
+(pour respectivement l'adresse MAC et l'adresse IP)
+et
+.B hostname
+(le nom d'hôte) dans le cas d'IPv4, et
+.B client_duid, ip_address
+(valeur DUID du client et adresse IP respectivement)
+ainsi que
+.B hostname
+(le nom d'hôte) dans le cas d'IPv6.
+
+La fonction
+.B tftp
+est appelée de la même façon que la fonction "lease", et la table contient les
+labels
+.B destination_address,
+.B file_name
+et
+.B file_size
+(respectivement "adresse de destination", "nom de fichier" et "taille de fichier").
+.TP
 .B --dhcp-scriptuser
-Spécifie l'utilisateur sous lequel le script lease-change doit être exécuté. La
-valeur par défaut correspond à l'utilisateur root mais peut-être changée par le
-biais de cette option.
+Spécifie l'utilisateur sous lequel le script shell lease-change ou le script
+doivent être exécutés. La valeur par défaut correspond à l'utilisateur root
+mais peut-être changée par le biais de cette option.
 .TP
 .B \-9, --leasefile-ro
 Supprimer complètement l'usage du fichier servant de base de donnée pour les
@@ -1257,7 +1463,7 @@ Si la gamme d'adresse est fournie sous la forme
 qui a pour effect d'ajouter --local-declarations aux requêtes DNS directes et
 inverses. C-à-d
 .B --domain=thekelleys.org.uk,192.168.0.0/24,local
-est indentique à
+est identique à
 .B --domain=thekelleys.org.uk,192.168.0.0/24
 --local=/thekelleys.org.uk/ --local=/0.168.192.in-addr.arpa/
 La taille de réseau doit-être de 8, 16 ou 24 pour être valide.
@@ -1280,6 +1486,37 @@ sans gamme d'adresses de spécifié lorsque l'option
 .B --dhcp-fqdn 
 est configurée.
 .TP
+.B --dhcp-client-update
+Normalement, lorsque dnsmasq fournit un bail DHCP, il positionne un label
+dans l'option FQDN pour indiquer au client qu'il ne doit pas tenter de faire
+une mise à jour DDNS avec son nom et son adresse IP. Ceci parce que la paire
+Nom-IP est rajoutée automatiquement dans la partie DNS de dnsmasq. Cette option
+inhibe ce comportement ce qui est utile, par exemple, pour permettre aux clients
+Windows de la mise à jour de serveurs Active Directory. Voir la RFC 4702 pour
+plus de détails.
+.TP
+.B --enable-ra
+Active la fonctionalité d'annonces routeurs IPv6 ("IPv6 Router Advertisement").
+DHCPv6 ne gère pas la configuration complète du réseau de la même façon que
+DHCPv4. La découverte de routeurs et la découverte (éventuelle) de préfixes pour
+la création autonome d'adresse sont gérées par un protocole différent.
+Lorsque DHCP est utilisé, seul un sous-ensemble de tout ceci est nécessaire et
+dnsmasq est à même de le gérer, en utilisant la configuration DHCP présente pour
+fournir la majorité des données. Lorsque les annonces routeurs (RA pour "Router
+Advertisement") sont activées, dnsmasq va annoncer un préfixe pour chaque
+dhcp-range et, par défaut, fournir comme valeur de routeur et de DNS récursif
+la valeur d'adresse link-local appropriée parmi celles de la machine sur
+laquelle tourne dnsmasq.
+Par défaut, les bits "managed address" sont positionnés, et le bit "use SLAAC"
+("utiliser SLAAC") est réinitialisé. Cela peut-être changé pour des
+sous-réseaux donnés par le biais du mot clef de mode décris dans
+.B --dhcp-range.
+Les paramètres DNS du RFC6106 sont inclus dans les annonces. Par défaut,
+l'adresse link-local appropriée parmi celles de la machine sur laquelle tourne
+dnsmasq est spécifiée comme DNS récursif. Si elles sont fournies, les
+options dns-server et domain-search sont utilisées respectivement pour RDNSS et
+DNSSL.
+.TP
 .B --enable-tftp[=<interface>]
 Active la fonction serveur TFTP. Celui-ci est de manière délibérée limité aux
 fonctions nécessaires au démarrage par le réseau ("net-boot") d'un client. Seul
@@ -1547,10 +1784,6 @@ ligne de commande au lieu d'un fichier de configuration, ne pas oublier
 d'échapper le caractère !, qui est un méta-caractère d'interpréteur de commande
 shell).
 
-+When selecting dhcp-options, a tag from dhcp-range is second class
-+relative to other tags, to make it easy to override options for
-+individual hosts, so 
-
 Lors de la sélection d'une option, une étiquette spécifiée par dhcp-range
 passe après les autres étiquettes, ce qui permet de facilement remplacer des
 option génériques pour des hôtes spécifiques, ainsi :

src/bpf.c

@@ -17,19 +17,9 @@
 #include "dnsmasq.h"
 
 #if defined(HAVE_BSD_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
-
-static struct iovec ifconf = {
-  .iov_base = NULL,
-  .iov_len = 0
-};
-
-static struct iovec ifreq = {
-  .iov_base = NULL,
-  .iov_len = 0
-};
+#include <ifaddrs.h>
 
 #if defined(HAVE_BSD_NETWORK) && !defined(__APPLE__)
-
 #include <sys/sysctl.h>
 #include <net/route.h>
 #include <net/if_dl.h>
@@ -50,8 +40,12 @@ int arp_enumerate(void *parm, int (*callback)())
   struct rt_msghdr *rtm;
   struct sockaddr_inarp *sin2;
   struct sockaddr_dl *sdl;
+  struct iovec buff;
   int rc;
-  
+
+  buff.iov_base = NULL;
+  buff.iov_len = 0;
+
   mib[0] = CTL_NET;
   mib[1] = PF_ROUTE;
   mib[2] = 0;
@@ -67,9 +61,9 @@ int arp_enumerate(void *parm, int (*callback)())
 
   while (1) 
     {
-      if (!expand_buf(&ifconf, needed))
+      if (!expand_buf(&buff, needed))
 	return 0;
-      if ((rc = sysctl(mib, 6, ifconf.iov_base, &needed, NULL, 0)) == 0 ||
+      if ((rc = sysctl(mib, 6, buff.iov_base, &needed, NULL, 0)) == 0 ||
 	  errno != ENOMEM)
 	break;
       needed += needed / 8;
@@ -77,7 +71,7 @@ int arp_enumerate(void *parm, int (*callback)())
   if (rc == -1)
     return 0;
   
-  for (next = ifconf.iov_base ; next < (char *)ifconf.iov_base + needed; next += rtm->rtm_msglen)
+  for (next = buff.iov_base ; next < (char *)buff.iov_base + needed; next += rtm->rtm_msglen)
     {
       rtm = (struct rt_msghdr *)next;
       sin2 = (struct sockaddr_inarp *)(rtm + 1);
@@ -88,19 +82,14 @@ int arp_enumerate(void *parm, int (*callback)())
 
   return 1;
 }
-
 #endif
 
 
 int iface_enumerate(int family, void *parm, int (*callback)())
 {
-  char *ptr;
-  struct ifreq *ifr;
-  struct ifconf ifc;
-  int fd, errsav, ret = 0;
-  int lastlen = 0;
-  size_t len = 0;
-  
+  struct ifaddrs *head, *addrs;
+  int errsav, ret = 0;
+
   if (family == AF_UNSPEC)
 #if defined(HAVE_BSD_NETWORK) && !defined(__APPLE__)
     return  arp_enumerate(parm, callback);
@@ -112,94 +101,62 @@ int iface_enumerate(int family, void *parm, int (*callback)())
   if (family == AF_LOCAL)
     family = AF_LINK;
 
-  if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
+  if (getifaddrs(&head) == -1)
     return 0;
-  
-  while(1)
-    {
-      len += 10*sizeof(struct ifreq);
-      
-      if (!expand_buf(&ifconf, len))
-	goto err;
-      
-      ifc.ifc_len = len;
-      ifc.ifc_buf = ifconf.iov_base;
-      
-      if (ioctl(fd, SIOCGIFCONF, &ifc) == -1)
-	{
-	  if (errno != EINVAL || lastlen != 0)
-	    goto err;
-	}
-      else
-	{
-	  if (ifc.ifc_len == lastlen)
-	    break; /* got a big enough buffer now */
-	  lastlen = ifc.ifc_len;
-	}
-    }
-  
-  for (ptr = ifc.ifc_buf; ptr < (char *)(ifc.ifc_buf + ifc.ifc_len); ptr += len)
-    {
-      /* subsequent entries may not be aligned, so copy into
-	 an aligned buffer to avoid nasty complaints about 
-	 unaligned accesses. */
 
-      len = sizeof(struct ifreq);
-      
-#ifdef HAVE_SOCKADDR_SA_LEN
-      ifr = (struct ifreq *)ptr;
-      if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_ifru))
-	len = ifr->ifr_addr.sa_len + offsetof(struct ifreq, ifr_ifru);
-#endif
-      
-      if (!expand_buf(&ifreq, len))
-	goto err;
-
-      ifr = (struct ifreq *)ifreq.iov_base;
-      memcpy(ifr, ptr, len);
-      
-      if (ifr->ifr_addr.sa_family == family)
+  for (addrs = head; addrs; addrs = addrs->ifa_next)
+    {
+      if (addrs->ifa_addr->sa_family == family)
 	{
+	  int iface_index = if_nametoindex(addrs->ifa_name);
+
+	  if (iface_index == 0)
+	    continue;
+
 	  if (family == AF_INET)
 	    {
 	      struct in_addr addr, netmask, broadcast;
-	      broadcast.s_addr = 0;
-	      addr = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr;
-	      if (ioctl(fd, SIOCGIFNETMASK, ifr) == -1)
-		continue;
-	      netmask = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr;
-	      if (ioctl(fd, SIOCGIFBRDADDR, ifr) != -1)
-		broadcast = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr; 
-	      if (!((*callback)(addr, 
-				(int)if_nametoindex(ifr->ifr_name),
-				netmask, broadcast, 
-				parm)))
+	      addr = ((struct sockaddr_in *) addrs->ifa_addr)->sin_addr;
+	      netmask = ((struct sockaddr_in *) addrs->ifa_netmask)->sin_addr;
+	      broadcast = ((struct sockaddr_in *) addrs->ifa_broadaddr)->sin_addr; 
+	      if (!((*callback)(addr, iface_index, netmask, broadcast, parm)))
 		goto err;
 	    }
 #ifdef HAVE_IPV6
 	  else if (family == AF_INET6)
 	    {
-	      struct in6_addr *addr = &((struct sockaddr_in6 *)&ifr->ifr_addr)->sin6_addr;
+	      struct in6_addr *addr = &((struct sockaddr_in6 *) addrs->ifa_addr)->sin6_addr;
+	      unsigned char *netmask = (unsigned char *) &((struct sockaddr_in6 *) addrs->ifa_netmask)->sin6_addr;
+	      int scope_id = ((struct sockaddr_in6 *) addrs->ifa_addr)->sin6_scope_id;
+	      int i, j, prefix = 0;
+	      
+	      for (i = 0; i < IN6ADDRSZ; i++, prefix += 8) 
+                if (netmask[i] != 0xff)
+		  break;
+       
+	      if (i != IN6ADDRSZ && netmask[i]) 
+                for (j = 7; j > 0; j--, prefix++) 
+		  if ((netmask[i] & (1 << j)) == 0)
+		    break;
+	      
 	      /* voodoo to clear interface field in address */
 	      if (!option_bool(OPT_NOWILD) && IN6_IS_ADDR_LINKLOCAL(addr))
 		{
 		  addr->s6_addr[2] = 0;
 		  addr->s6_addr[3] = 0;
 		}
-	       /* We have no way to determine the prefix, so we assume it's 64 for now....... */
-	      if (!((*callback)(addr, 64,
-				(int)((struct sockaddr_in6 *)&ifr->ifr_addr)->sin6_scope_id,
-				(int)if_nametoindex(ifr->ifr_name), 0, 
-				parm)))
+	      
+	      if (!((*callback)(addr, prefix, scope_id, iface_index, 0, parm)))
 		goto err;
-	    }
+	}
 #endif
 #ifdef HAVE_DHCP6      
 	  else if (family == AF_LINK)
 	    { 
 	      /* Assume ethernet again here */
-	      struct sockaddr_dl *sdl = (struct sockaddr_dl *)&ifr->ifr_addr;
-	      if (sdl->sdl_alen != 0 && !((*callback)(ARPHRD_ETHER, LLADDR(sdl), sdl->sdl_alen, parm)))
+	      struct sockaddr_dl *sdl = (struct sockaddr_dl *) addrs->ifa_addr;
+	      if (sdl->sdl_alen != 0 && 
+		  !((*callback)(iface_index, ARPHRD_ETHER, LLADDR(sdl), sdl->sdl_alen, parm)))
 		goto err;
 	    }
 #endif 
@@ -210,7 +167,7 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 
  err:
   errsav = errno;
-  close(fd);  
+  freeifaddrs(head);  
   errno = errsav;
 
   return ret;
@@ -227,13 +184,10 @@ void init_bpf(void)
 
   while (1) 
     {
-      /* useful size which happens to be sufficient */
-      if (expand_buf(&ifreq, sizeof(struct ifreq)))
-	{
-	  sprintf(ifreq.iov_base, "/dev/bpf%d", i++);
-	  if ((daemon->dhcp_raw_fd = open(ifreq.iov_base, O_RDWR, 0)) != -1)
-	    return;
-	}
+      sprintf(daemon->dhcp_buff, "/dev/bpf%d", i++);
+      if ((daemon->dhcp_raw_fd = open(daemon->dhcp_buff, O_RDWR, 0)) != -1)
+	return;
+
       if (errno != EBUSY)
 	die(_("cannot create DHCP BPF socket: %s"), NULL, EC_BADNET);
     }	     

src/cache.c

@@ -25,6 +25,9 @@ static int cache_inserted = 0, cache_live_freed = 0, insert_error;
 static union bigname *big_free = NULL;
 static int bignames_left, hash_size;
 static int uid = 0;
+#ifdef HAVE_DNSSEC
+static struct keydata *keyblock_free = NULL;
+#endif
 
 /* type->string mapping: this is also used by the name-hash function as a mixing table. */
 static const struct {
@@ -190,6 +193,10 @@ static void cache_free(struct crec *crecp)
       big_free = crecp->name.bname;
       crecp->flags &= ~F_BIGNAME;
     }
+#ifdef HAVE_DNSSEC
+  else if (crecp->flags & (F_DNSKEY | F_DS))
+    keydata_free(crecp->addr.key.keydata);
+#endif
 }    
 
 /* insert a new cache entry at the head of the list (youngest entry) */
@@ -233,7 +240,11 @@ static int is_outdated_cname_pointer(struct crec *crecp)
   if (!(crecp->flags & F_CNAME))
     return 0;
   
-  if (crecp->addr.cname.cache && crecp->addr.cname.uid == crecp->addr.cname.cache->uid)
+  /* NB. record may be reused as DS or DNSKEY, where uid is 
+     overloaded for something completely different */
+  if (crecp->addr.cname.cache && 
+      (crecp->addr.cname.cache->flags & (F_IPV4 | F_IPV6)) &&
+      crecp->addr.cname.uid == crecp->addr.cname.cache->uid)
     return 0;
   
   return 1;
@@ -280,7 +291,7 @@ static int cache_scan_free(char *name, struct all_addr *addr, time_t now, unsign
 	      }
 	  } 
 	else if ((crecp->flags & F_FORWARD) && 
-		 ((flags & crecp->flags & (F_IPV4 | F_IPV6)) || ((crecp->flags | flags) & F_CNAME)) &&
+		 ((flags & crecp->flags & F_TYPE) || ((crecp->flags | flags) & F_CNAME)) &&
 		 hostname_isequal(cache_get_name(crecp), name))
 	  {
 	    if (crecp->flags & (F_HOSTS | F_DHCP))
@@ -360,7 +371,9 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
   int freed_all = flags & F_REVERSE;
   int free_avail = 0;
 
-  log_query(flags | F_UPSTREAM, name, addr, NULL);
+  /* Don't log keys */
+  if (flags & (F_IPV4 | F_IPV6))
+    log_query(flags | F_UPSTREAM, name, addr, NULL);
 
   /* if previous insertion failed give up now. */
   if (insert_error)
@@ -452,9 +465,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
 
   if (addr)
     new->addr.addr = *addr;
-  else
-    new->addr.cname.cache = NULL;
-  
+
   new->ttd = now + (time_t)ttl;
   new->next = new_chain;
   new_chain = new;
@@ -634,10 +645,11 @@ struct crec *cache_find_by_addr(struct crec *crecp, struct all_addr *addr,
   return NULL;
 }
 
+
 static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrlen, 
-			    unsigned short flags, int index, struct crec **rhash, int hashsz)
+			    int index, struct crec **rhash, int hashsz)
 {
-  struct crec *lookup = cache_find_by_name(NULL, cache->name.sname, 0, flags & (F_IPV4 | F_IPV6));
+  struct crec *lookup = cache_find_by_name(NULL, cache_get_name(cache), 0, cache->flags & (F_IPV4 | F_IPV6));
   int i, nameexists = 0;
   struct cname *a;
   unsigned int j; 
@@ -670,10 +682,10 @@ static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrl
     j = (j*2 +((unsigned char *)addr)[i]) % hashsz;
   
   for (lookup = rhash[j]; lookup; lookup = lookup->next)
-    if ((lookup->flags & flags & (F_IPV4 | F_IPV6)) &&
+    if ((lookup->flags & cache->flags & (F_IPV4 | F_IPV6)) &&
 	memcmp(&lookup->addr.addr, addr, addrlen) == 0)
       {
-	flags &= ~F_REVERSE;
+	cache->flags &= ~F_REVERSE;
 	break;
       }
   
@@ -684,7 +696,6 @@ static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrl
       rhash[j] = cache;
     }
   
-  cache->flags = flags;
   cache->uid = index;
   memcpy(&cache->addr.addr, addr, addrlen);  
   cache_hash(cache);
@@ -692,7 +703,7 @@ static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrl
   /* don't need to do alias stuff for second and subsequent addresses. */
   if (!nameexists)
     for (a = daemon->cnames; a; a = a->next)
-      if (hostname_isequal(cache->name.sname, a->target) &&
+      if (hostname_isequal(cache_get_name(cache), a->target) &&
 	  (lookup = whine_malloc(sizeof(struct crec))))
 	{
 	  lookup->flags = F_FORWARD | F_IMMORTAL | F_NAMEP | F_HOSTS | F_CNAME;
@@ -771,26 +782,19 @@ static int read_hostsfile(char *filename, int index, int cache_size, struct crec
     {
       lineno++;
       
-#ifdef HAVE_IPV6      
       if (inet_pton(AF_INET, token, &addr) > 0)
 	{
 	  flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4;
 	  addrlen = INADDRSZ;
 	  domain_suffix = get_domain(addr.addr.addr4);
 	}
+#ifdef HAVE_IPV6
       else if (inet_pton(AF_INET6, token, &addr) > 0)
 	{
 	  flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6;
 	  addrlen = IN6ADDRSZ;
 	  domain_suffix = get_domain6(&addr.addr.addr6);
 	}
-#else 
-      if ((addr.addr.addr4.s_addr = inet_addr(token)) != (in_addr_t) -1)
-	{
-	  flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4;
-	  addrlen = INADDRSZ;
-	  domain_suffix = get_domain(addr.addr.addr4);
-	}
 #endif
       else
 	{
@@ -830,13 +834,15 @@ static int read_hostsfile(char *filename, int index, int cache_size, struct crec
 		  strcpy(cache->name.sname, canon);
 		  strcat(cache->name.sname, ".");
 		  strcat(cache->name.sname, domain_suffix);
-		  add_hosts_entry(cache, &addr, addrlen, flags, index, rhash, hashsz);
+		  cache->flags = flags;
+		  add_hosts_entry(cache, &addr, addrlen, index, rhash, hashsz);
 		  name_count++;
 		}
 	      if ((cache = whine_malloc(sizeof(struct crec) + strlen(canon)+1-SMALLDNAME)))
 		{
 		  strcpy(cache->name.sname, canon);
-		  add_hosts_entry(cache, &addr, addrlen, flags, index, rhash, hashsz);
+		  cache->flags = flags;
+		  add_hosts_entry(cache, &addr, addrlen, index, rhash, hashsz);
 		  name_count++;
 		}
 	      free(canon);
@@ -860,6 +866,8 @@ void cache_reload(void)
   struct crec *cache, **up, *tmp;
   int revhashsz, i, total_size = daemon->cachesize;
   struct hostsfile *ah;
+  struct host_record *hr;
+  struct name_list *nl;
 
   cache_inserted = cache_live_freed = 0;
   
@@ -886,6 +894,34 @@ void cache_reload(void)
 	  up = &cache->hash_next;
       }
   
+  /* borrow the packet buffer for a temporary by-address hash */
+  memset(daemon->packet, 0, daemon->packet_buff_sz);
+  revhashsz = daemon->packet_buff_sz / sizeof(struct crec *);
+  /* we overwrote the buffer... */
+  daemon->srv_save = NULL;
+
+  /* Do host_records in config. */
+  for (hr = daemon->host_records; hr; hr = hr->next)
+    for (nl = hr->names; nl; nl = nl->next)
+      {
+	if (hr->addr.s_addr != 0 &&
+	    (cache = whine_malloc(sizeof(struct crec))))
+	  {
+	    cache->name.namep = nl->name;
+	    cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4 | F_NAMEP | F_CONFIG;
+	    add_hosts_entry(cache, (struct all_addr *)&hr->addr, INADDRSZ, 0, (struct crec **)daemon->packet, revhashsz);
+	  }
+#ifdef HAVE_IPV6
+	if (!IN6_IS_ADDR_UNSPECIFIED(&hr->addr6) &&
+	    (cache = whine_malloc(sizeof(struct crec))))
+	  {
+	    cache->name.namep = nl->name;
+	    cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6 | F_NAMEP | F_CONFIG;
+	    add_hosts_entry(cache, (struct all_addr *)&hr->addr6, IN6ADDRSZ, 0, (struct crec **)daemon->packet, revhashsz);
+	  }
+#endif
+      }
+	
   if (option_bool(OPT_NO_HOSTS) && !daemon->addn_hosts)
     {
       if (daemon->cachesize > 0)
@@ -893,12 +929,6 @@ void cache_reload(void)
       return;
     }
     
-  /* borrow the packet buffer for a temporary by-address hash */
-  memset(daemon->packet, 0, daemon->packet_buff_sz);
-  revhashsz = daemon->packet_buff_sz / sizeof(struct crec *);
-  /* we overwrote the buffer... */
-  daemon->srv_save = NULL;
-
   if (!option_bool(OPT_NO_HOSTS))
     total_size = read_hostsfile(HOSTSFILE, 0, total_size, (struct crec **)daemon->packet, revhashsz);
   	   
@@ -1131,22 +1161,35 @@ void dump_cache(time_t now)
 		if (!is_outdated_cname_pointer(cache))
 		  a = cache_get_name(cache->addr.cname.cache);
 	      }
-#ifdef HAVE_IPV6
+#ifdef HAVE_DNSSEC
+	    else if (cache->flags & F_DNSKEY)
+	      {
+		a = daemon->addrbuff;
+		sprintf(a, "%3u %u", cache->addr.key.algo, cache->uid);
+	      }
+	    else if (cache->flags & F_DS)
+	      {
+		a = daemon->addrbuff;
+		sprintf(a, "%5u %3u %3u %u", cache->addr.key.flags_or_keyid,
+			cache->addr.key.algo, cache->addr.key.digest, cache->uid);
+	      }
+#endif
 	    else 
 	      { 
 		a = daemon->addrbuff;
 		if (cache->flags & F_IPV4)
 		  inet_ntop(AF_INET, &cache->addr.addr, a, ADDRSTRLEN);
+#ifdef HAVE_IPV6
 		else if (cache->flags & F_IPV6)
 		  inet_ntop(AF_INET6, &cache->addr.addr, a, ADDRSTRLEN);
-	      }
-#else
-            else 
-	      a = inet_ntoa(cache->addr.addr.addr.addr4);
 #endif
-	    p += sprintf(p, "%-30.30s %s%s%s%s%s%s%s%s%s%s  ", a, 
+	      }
+
+	    p += sprintf(p, "%-30.30s %s%s%s%s%s%s%s%s%s%s%s%s%s  ", a, 
 			 cache->flags & F_IPV4 ? "4" : "",
 			 cache->flags & F_IPV6 ? "6" : "",
+			 cache->flags & F_DNSKEY ? "K" : "",
+			 cache->flags & F_DS ? "S" : "",
 			 cache->flags & F_CNAME ? "C" : "",
 			 cache->flags & F_FORWARD ? "F" : " ",
 			 cache->flags & F_REVERSE ? "R" : " ",
@@ -1154,7 +1197,8 @@ void dump_cache(time_t now)
 			 cache->flags & F_DHCP ? "D" : " ",
 			 cache->flags & F_NEG ? "N" : " ",
 			 cache->flags & F_NXDOMAIN ? "X" : " ",
-			 cache->flags & F_HOSTS ? "H" : " ");
+			 cache->flags & F_HOSTS ? "H" : " ",
+			 cache->flags & F_DNSSECOK ? "V" : " ");
 #ifdef HAVE_BROKEN_RTC
 	    p += sprintf(p, "%lu", cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now));
 #else
@@ -1268,3 +1312,50 @@ void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg)
   my_syslog(LOG_INFO, "%s %s %s %s", source, name, verb, dest);
 }
 
+#ifdef HAVE_DNSSEC
+struct keydata *keydata_alloc(char *data, size_t len)
+{
+  struct keydata *block, *ret = NULL;
+  struct keydata **prev = &ret;
+  while (len > 0)
+    {
+      if (keyblock_free)
+	{
+	  block = keyblock_free;
+	  keyblock_free = block->next;
+	}
+      else
+	block = whine_malloc(sizeof(struct keydata));
+
+      if (!block)
+	{
+	  /* failed to alloc, free partial chain */
+	  keydata_free(ret);
+	  return NULL;
+	}
+      
+      memcpy(block->key, data, len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len);
+      data += KEYBLOCK_LEN;
+      len -= KEYBLOCK_LEN;
+      *prev = block;
+      prev = &block->next;
+      block->next = NULL;
+    }
+  
+  return ret;
+}
+
+void keydata_free(struct keydata *blocks)
+{
+  struct keydata *tmp;
+
+  if (blocks)
+    {
+      for (tmp = blocks; tmp->next; tmp = tmp->next);
+      tmp->next = keyblock_free;
+      keyblock_free = blocks;
+    }
+}
+#endif
+
+      

src/config.h

@@ -18,6 +18,7 @@
 #define MAX_PROCS 20 /* max no children for TCP requests */
 #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
 #define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
+#define KEYBLOCK_LEN 140 /* choose to mininise fragmentation when storing DNSSEC keys */
 #define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */
 #define FORWARD_TEST 50 /* try all servers every 50 queries */
 #define FORWARD_TIME 20 /* or 20 seconds */
@@ -167,7 +168,7 @@ HAVE_SOLARIS_NETWORK
    define exactly one of these to alter interaction with kernel networking.
 
 HAVE_GETOPT_LONG
-   defined when GNU-sty;e getopt_long available. 
+   defined when GNU-style getopt_long available. 
 
 HAVE_ARC4RANDOM
    defined if arc4random() available to get better security from DNS spoofs

src/dbus.c

@@ -396,7 +396,7 @@ void emit_dbus_signal(int action, struct dhcp_lease *lease, char *hostname)
   DBusConnection *connection = (DBusConnection *)daemon->dbus;
   DBusMessage* message = NULL;
   DBusMessageIter args;
-  char *action_str, *addr, *mac = daemon->namebuff;
+  char *action_str, *mac = daemon->namebuff;
   unsigned char *p;
   int i;
 
@@ -406,10 +406,21 @@ void emit_dbus_signal(int action, struct dhcp_lease *lease, char *hostname)
   if (!hostname)
     hostname = "";
   
-  p = extended_hwaddr(lease->hwaddr_type, lease->hwaddr_len,
-		      lease->hwaddr, lease->clid_len, lease->clid, &i);
-  print_mac(mac, p, i);
-  
+#ifdef HAVE_DHCP6
+   if (lease->flags & (LEASE_TA | LEASE_NA))
+     {
+       print_mac(mac, lease->clid, lease->clid_len);
+       inet_ntop(AF_INET6, lease->hwaddr, daemon->addrbuff, ADDRSTRLEN);
+     }
+   else
+#endif
+     {
+       p = extended_hwaddr(lease->hwaddr_type, lease->hwaddr_len,
+			   lease->hwaddr, lease->clid_len, lease->clid, &i);
+       print_mac(mac, p, i);
+       inet_ntop(AF_INET, &lease->addr, daemon->addrbuff, ADDRSTRLEN);
+     }
+
   if (action == ACTION_DEL)
     action_str = "DhcpLeaseDeleted";
   else if (action == ACTION_ADD)
@@ -419,14 +430,12 @@ void emit_dbus_signal(int action, struct dhcp_lease *lease, char *hostname)
   else
     return;
 
-  addr = inet_ntoa(lease->addr);
-
   if (!(message = dbus_message_new_signal(DNSMASQ_PATH, DNSMASQ_SERVICE, action_str)))
     return;
   
   dbus_message_iter_init_append(message, &args);
-
-  if (dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &addr) &&
+  
+  if (dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &daemon->addrbuff) &&
       dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &mac) &&
       dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &hostname))
     dbus_connection_send(connection, message, NULL);

src/dhcp-common.c

@@ -53,14 +53,14 @@ ssize_t recv_dhcp_packet(int fd, struct msghdr *msg)
 
       /* Very new Linux kernels return the actual size needed, 
 	 older ones always return truncated size */
-      if ((size_t)sz == daemon->dhcp_packet.iov_len)
+      if ((size_t)sz == msg->msg_iov->iov_len)
 	{
-	  if (!expand_buf(&daemon->dhcp_packet, sz + 100))
+	  if (!expand_buf(msg->msg_iov, sz + 100))
 	    return -1;
 	}
       else
 	{
-	  expand_buf(&daemon->dhcp_packet, sz);
+	  expand_buf(msg->msg_iov, sz);
 	  break;
 	}
     }
@@ -111,6 +111,13 @@ struct dhcp_netid *option_filter(struct dhcp_netid *tags, struct dhcp_netid *con
       last_tag->next = tags;
       tagif = run_tag_if(context_tags);
       
+      /* reset stuff with tag:!<tag> which now matches. */
+      for (opt = opts; opt; opt = opt->next)
+	if (!(opt->flags & (DHOPT_ENCAPSULATE | DHOPT_VENDOR | DHOPT_RFC3925)) &&
+	    (opt->flags & DHOPT_TAGOK) &&
+	    !match_netid(opt->netid, tagif, 0))
+	  opt->flags &= ~DHOPT_TAGOK;
+
       for (opt = opts; opt; opt = opt->next)
 	if (!(opt->flags & (DHOPT_ENCAPSULATE | DHOPT_VENDOR | DHOPT_RFC3925 | DHOPT_TAGOK)) &&
 	    match_netid(opt->netid, tagif, 0))
@@ -332,9 +339,9 @@ void dhcp_update_configs(struct dhcp_config *configs)
 	      }
 
 #ifdef HAVE_DHCP6
-	    if (prot == AF_INET6 && !config_find_by_address6(configs, &crec->addr.addr.addr.addr6, 129, 0))
+	    if (prot == AF_INET6 && !config_find_by_address6(configs, &crec->addr.addr.addr.addr6, 128, 0))
 	      {
-		memcpy(config->hwaddr, &crec->addr.addr.addr.addr6, IN6ADDRSZ);
+		memcpy(&config->addr6, &crec->addr.addr.addr.addr6, IN6ADDRSZ);
 		config->flags |= CONFIG_ADDR6 | CONFIG_ADDR_HOSTS;
 		continue;
 	      }
@@ -358,4 +365,427 @@ void dhcp_update_configs(struct dhcp_config *configs)
 
 }
 
+#ifdef HAVE_DHCP6
+static int join_multicast_worker(struct in6_addr *local, int prefix, 
+				 int scope, int if_index, int dad, void *vparam)
+{
+  char ifrn_name[IFNAMSIZ];
+  struct ipv6_mreq mreq;
+  int fd, i, max = *((int *)vparam);
+  struct dhcp_context *context;
+  struct iname *tmp;
+
+  (void)prefix;
+  (void)scope;
+  (void)dad;
+  
+  /* record which interfaces we join on, so that we do it at most one per 
+     interface, even when they have multiple addresses. Use outpacket
+     as an array of int, since it's always allocated here and easy
+     to expand for theoretical vast numbers of interfaces. */
+  for (i = 0; i < max; i++)
+    if (if_index == ((int *)daemon->outpacket.iov_base)[i])
+      return 1;
+  
+  if ((fd = socket(PF_INET6, SOCK_DGRAM, 0)) == -1)
+    return 0;
+  
+  if (!indextoname(fd, if_index, ifrn_name))
+    {
+      close(fd);
+      return 0;
+    }
+  
+  close(fd);
+
+  /* Are we doing DHCP on this interface? */
+  if (!iface_check(AF_INET6, (struct all_addr *)local, ifrn_name))
+    return 1;
+ 
+  for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
+    if (tmp->name && (strcmp(tmp->name, ifrn_name) == 0))
+      return 1;
+
+  /* weird libvirt-inspired access control */
+  for (context = daemon->ra_contexts ? daemon->ra_contexts : daemon->dhcp6; 
+       context; context = context->next)
+    if (!context->interface || strcmp(context->interface, ifrn_name) == 0)
+      break;
+  
+  if (!context)
+    return 1;
+  
+  mreq.ipv6mr_interface = if_index;
+  
+  inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
+  
+  if (daemon->dhcp6 &&
+      setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+    return 0;
+
+  inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
+  
+  if (daemon->dhcp6 && 
+      setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+    return 0;
+  
+  inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr);
+  
+  if (daemon->ra_contexts &&
+      setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+    return 0;
+  
+  expand_buf(&daemon->outpacket, (max+1) * sizeof(int));
+  ((int *)daemon->outpacket.iov_base)[max++] = if_index;
+  
+  *((int *)vparam) = max;
+  
+  return 1;
+}
+
+void join_multicast(void)
+{
+  int count = 0;
+
+   if (!iface_enumerate(AF_INET6, &count, join_multicast_worker))
+     die(_("failed to join DHCPv6 multicast group: %s"), NULL, EC_BADNET);
+}
+#endif
+
+#ifdef HAVE_LINUX_NETWORK 
+void bindtodevice(int fd)
+{
+  /* If we are doing DHCP on exactly one interface, and running linux, do SO_BINDTODEVICE
+     to that device. This is for the use case of  (eg) OpenStack, which runs a new
+     dnsmasq instance for each VLAN interface it creates. Without the BINDTODEVICE, 
+     individual processes don't always see the packets they should.
+     SO_BINDTODEVICE is only available Linux. */
+  
+  struct irec *iface, *found;
+
+  for (found = NULL, iface = daemon->interfaces; iface; iface = iface->next)
+    if (iface->dhcp_ok)
+      {
+	if (!found)
+	  found = iface;
+	else if (strcmp(found->name, iface->name) != 0) 
+	  {
+	    /* more than one. */
+	    found = NULL;
+	    break;
+	  }
+      }
+  
+  if (found)
+	{
+	  struct ifreq ifr;
+	  strcpy(ifr.ifr_name, found->name);
+	  /* only allowed by root. */
+	  if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr)) == -1 &&
+	      errno != EPERM)
+	    die(_("failed to set SO_BINDTODEVICE on DHCP socket: %s"), NULL, EC_BADNET);
+	}
+}
+#endif
+
+static const struct opttab_t {
+  char *name;
+  u16 val, size;
+} opttab[] = {
+  { "netmask", 1, OT_ADDR_LIST },
+  { "time-offset", 2, 4 },
+  { "router", 3, OT_ADDR_LIST  },
+  { "dns-server", 6, OT_ADDR_LIST },
+  { "log-server", 7, OT_ADDR_LIST },
+  { "lpr-server", 9, OT_ADDR_LIST },
+  { "hostname", 12, OT_INTERNAL | OT_NAME },
+  { "boot-file-size", 13, 2 | OT_DEC },
+  { "domain-name", 15, OT_NAME },
+  { "swap-server", 16, OT_ADDR_LIST },
+  { "root-path", 17, OT_NAME },
+  { "extension-path", 18, OT_NAME },
+  { "ip-forward-enable", 19, 1 },
+  { "non-local-source-routing", 20, 1 },
+  { "policy-filter", 21, OT_ADDR_LIST },
+  { "max-datagram-reassembly", 22, 2 | OT_DEC },
+  { "default-ttl", 23, 1 | OT_DEC },
+  { "mtu", 26, 2 | OT_DEC },
+  { "all-subnets-local", 27, 1 },
+  { "broadcast", 28, OT_INTERNAL | OT_ADDR_LIST },
+  { "router-discovery", 31, 1 },
+  { "router-solicitation", 32, OT_ADDR_LIST },
+  { "static-route", 33, OT_ADDR_LIST },
+  { "trailer-encapsulation", 34, 1 },
+  { "arp-timeout", 35, 4 | OT_DEC },
+  { "ethernet-encap", 36, 1 },
+  { "tcp-ttl", 37, 1 },
+  { "tcp-keepalive", 38, 4 | OT_DEC },
+  { "nis-domain", 40, OT_NAME },
+  { "nis-server", 41, OT_ADDR_LIST },
+  { "ntp-server", 42, OT_ADDR_LIST },
+  { "vendor-encap", 43, OT_INTERNAL },
+  { "netbios-ns", 44, OT_ADDR_LIST },
+  { "netbios-dd", 45, OT_ADDR_LIST },
+  { "netbios-nodetype", 46, 1 },
+  { "netbios-scope", 47, 0 },
+  { "x-windows-fs", 48, OT_ADDR_LIST },
+  { "x-windows-dm", 49, OT_ADDR_LIST },
+  { "requested-address", 50, OT_INTERNAL | OT_ADDR_LIST },
+  { "lease-time", 51, OT_INTERNAL | OT_DEC },
+  { "option-overload", 52, OT_INTERNAL },
+  { "message-type", 53, OT_INTERNAL | OT_DEC },
+  { "server-identifier", 54, OT_INTERNAL | OT_ADDR_LIST },
+  { "parameter-request", 55, OT_INTERNAL },
+  { "message", 56, OT_INTERNAL },
+  { "max-message-size", 57, OT_INTERNAL },
+  { "T1", 58, OT_INTERNAL | OT_DEC},
+  { "T2", 59, OT_INTERNAL | OT_DEC},
+  { "vendor-class", 60, 0 },
+  { "client-id", 61, OT_INTERNAL },
+  { "nis+-domain", 64, OT_NAME },
+  { "nis+-server", 65, OT_ADDR_LIST },
+  { "tftp-server", 66, OT_NAME },
+  { "bootfile-name", 67, OT_NAME },
+  { "mobile-ip-home", 68, OT_ADDR_LIST }, 
+  { "smtp-server", 69, OT_ADDR_LIST }, 
+  { "pop3-server", 70, OT_ADDR_LIST }, 
+  { "nntp-server", 71, OT_ADDR_LIST }, 
+  { "irc-server", 74, OT_ADDR_LIST }, 
+  { "user-class", 77, 0 },
+  { "FQDN", 81, OT_INTERNAL },
+  { "agent-id", 82, OT_INTERNAL },
+  { "client-arch", 93, 2 | OT_DEC },
+  { "client-interface-id", 94, 0 },
+  { "client-machine-id", 97, 0 },
+  { "subnet-select", 118, OT_INTERNAL },
+  { "domain-search", 119, OT_RFC1035_NAME },
+  { "sip-server", 120, 0 },
+  { "classless-static-route", 121, 0 },
+  { "vendor-id-encap", 125, 0 },
+  { "server-ip-address", 255, OT_ADDR_LIST }, /* special, internal only, sets siaddr */
+  { NULL, 0, 0 }
+};
+
+#ifdef HAVE_DHCP6
+static const struct opttab_t opttab6[] = {
+  { "client-id", 1, OT_INTERNAL },
+  { "server-id", 2, OT_INTERNAL },
+  { "ia-na", 3, OT_INTERNAL },
+  { "ia-ta", 4, OT_INTERNAL },
+  { "iaaddr", 5, OT_INTERNAL },
+  { "oro", 6, OT_INTERNAL },
+  { "preference", 7, OT_INTERNAL | OT_DEC },
+  { "unicast", 12, OT_INTERNAL },
+  { "status", 13, OT_INTERNAL },
+  { "rapid-commit", 14, OT_INTERNAL },
+  { "user-class", 15, OT_INTERNAL | OT_CSTRING },
+  { "vendor-class", 16, OT_INTERNAL | OT_CSTRING },
+  { "vendor-opts", 17, OT_INTERNAL },
+  { "sip-server-domain", 21,  OT_RFC1035_NAME },
+  { "sip-server", 22, OT_ADDR_LIST },
+  { "dns-server", 23, OT_ADDR_LIST },
+  { "domain-search", 24, OT_RFC1035_NAME },
+  { "nis-server", 27, OT_ADDR_LIST },
+  { "nis+-server", 28, OT_ADDR_LIST },
+  { "nis-domain", 29,  OT_RFC1035_NAME },
+  { "nis+-domain", 30, OT_RFC1035_NAME },
+  { "sntp-server", 31,  OT_ADDR_LIST },
+  { "FQDN", 39, OT_INTERNAL | OT_RFC1035_NAME },
+  { "ntp-server", 56,  OT_ADDR_LIST },
+  { "bootfile-url", 59, OT_NAME },
+  { "bootfile-param", 60, OT_CSTRING },
+  { NULL, 0, 0 }
+};
+#endif
+
+
+
+void display_opts(void)
+{
+  int i;
+  
+  printf(_("Known DHCP options:\n"));
+  
+  for (i = 0; opttab[i].name; i++)
+    if (!(opttab[i].size & OT_INTERNAL))
+      printf("%3d %s\n", opttab[i].val, opttab[i].name);
+}
+
+#ifdef HAVE_DHCP6
+void display_opts6(void)
+{
+  int i;
+  printf(_("Known DHCPv6 options:\n"));
+  
+  for (i = 0; opttab6[i].name; i++)
+    if (!(opttab6[i].size & OT_INTERNAL))
+      printf("%3d %s\n", opttab6[i].val, opttab6[i].name);
+}
+#endif
+
+u16 lookup_dhcp_opt(int prot, char *name)
+{
+  const struct opttab_t *t;
+  int i;
+
+#ifdef HAVE_DHCP6
+  if (prot == AF_INET6)
+    t = opttab6;
+  else
+#endif
+    t = opttab;
+
+  for (i = 0; t[i].name; i++)
+    if (!(t[i].size & OT_INTERNAL) &&
+	strcasecmp(t[i].name, name) == 0)
+      return t[i].val;
+  
+  return 0;
+}
+
+u16 lookup_dhcp_len(int prot, u16 val)
+{
+  const struct opttab_t *t;
+  int i;
+
+#ifdef HAVE_DHCP6
+  if (prot == AF_INET6)
+    t = opttab6;
+  else
+#endif
+    t = opttab;
+
+  for (i = 0; t[i].name; i++)
+    if (val == t[i].val)
+      {
+	if (t[i].size & OT_INTERNAL)
+	  return 0;
+	
+	return t[i].size & ~OT_DEC;
+      }
+ 
+  return 0;
+}
+
+char *option_string(int prot, unsigned int opt, unsigned char *val, int opt_len, char *buf, int buf_len)
+{
+  int o, i, j, nodecode = 0;
+  const struct opttab_t *ot = opttab;
+
+#ifdef HAVE_DHCP6
+  if (prot == AF_INET6)
+    ot = opttab6;
+#endif
+
+  for (o = 0; ot[o].name; o++)
+    if (ot[o].val == opt)
+      {
+	if (buf)
+	  {
+	    memset(buf, 0, buf_len);
+	    
+	    if (ot[o].size & OT_ADDR_LIST) 
+	      {
+		struct all_addr addr;
+		int addr_len = INADDRSZ;
+
+#ifdef HAVE_DHCP6
+		if (prot == AF_INET6)
+		  addr_len = IN6ADDRSZ;
+#endif
+		for (buf[0]= 0, i = 0; i <= opt_len - addr_len; i += addr_len) 
+		  {
+		    if (i != 0)
+		      strncat(buf, ", ", buf_len - strlen(buf));
+		    /* align */
+		    memcpy(&addr, &val[i], addr_len); 
+		    inet_ntop(prot, &val[i], daemon->addrbuff, ADDRSTRLEN);
+		    strncat(buf, daemon->addrbuff, buf_len - strlen(buf));
+		  }
+	      }
+	    else if (ot[o].size & OT_NAME)
+		for (i = 0, j = 0; i < opt_len && j < buf_len ; i++)
+		  {
+		    char c = val[i];
+		    if (isprint((int)c))
+		      buf[j++] = c;
+		  }
+#ifdef HAVE_DHCP6
+	    /* We don't handle compressed rfc1035 names, so no good in IPv4 land */
+	    else if ((ot[o].size & OT_RFC1035_NAME) && prot == AF_INET6)
+	      {
+		i = 0, j = 0;
+		while (i < opt_len && val[i] != 0)
+		  {
+		    int k, l = i + val[i] + 1;
+		    for (k = i + 1; k < opt_len && k < l && j < buf_len ; k++)
+		     {
+		       char c = val[k];
+		       if (isprint((int)c))
+			 buf[j++] = c;
+		     }
+		    i = l;
+		    if (val[i] != 0 && j < buf_len)
+		      buf[j++] = '.';
+		  }
+	      }
+	    else if ((ot[o].size & OT_CSTRING))
+	      {
+		int k, len;
+		unsigned char *p;
+
+		i = 0, j = 0;
+		while (1)
+		  {
+		    p = &val[i];
+		    GETSHORT(len, p);
+		    for (k = 0; k < len && j < buf_len; k++)
+		      {
+		       char c = *p++;
+		       if (isprint((int)c))
+			 buf[j++] = c;
+		     }
+		    i += len +2;
+		    if (i >= opt_len)
+		      break;
+
+		    if (j < buf_len)
+		      buf[j++] = ',';
+		  }
+	      }	      
+#endif
+	    else if ((ot[o].size & OT_DEC) && opt_len != 0)
+	      {
+		unsigned int dec = 0;
+		
+		for (i = 0; i < opt_len; i++)
+		  dec = (dec << 8) | val[i]; 
+
+		sprintf(buf, "%u", dec);
+	      }
+	    else
+	      nodecode = 1;
+	  }
+	break;
+      }
+
+  if (opt_len != 0 && buf && (!ot[o].name || nodecode))
+    {
+      int trunc  = 0;
+      if (opt_len > 14)
+	{
+	  trunc = 1;
+	  opt_len = 14;
+	}
+      print_mac(buf, val, opt_len);
+      if (trunc)
+	strncat(buf, "...", buf_len - strlen(buf));
+    
+
+    }
+
+  return ot[o].name ? ot[o].name : "";
+
+}
+
 #endif

src/dhcp.c

@@ -66,7 +66,7 @@ static int make_fd(int port)
   /* When bind-interfaces is set, there might be more than one dnmsasq
      instance binding port 67. That's OK if they serve different networks.
      Need to set REUSEADDR to make this posible, or REUSEPORT on *BSD. */
-  if (option_bool(OPT_NOWILD))
+  if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
     {
 #ifdef SO_REUSEPORT
       int rc = setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &oneopt, sizeof(oneopt));
@@ -299,7 +299,7 @@ void dhcp_packet(time_t now, int pxe_fd)
   iov.iov_len = dhcp_reply(parm.current, ifr.ifr_name, iface_index, (size_t)sz, 
 			   now, unicast_dest, &is_inform, pxe_fd, iface_addr);
   lease_update_file(now);
-  lease_update_dns();
+  lease_update_dns(0);
     
   if (iov.iov_len == 0)
     return;

src/dhcp6-protocol.h

@@ -54,6 +54,7 @@
 #define OPTION6_RECONFIGURE_MSG 19
 #define OPTION6_RECONF_ACCEPT   20
 #define OPTION6_DNS_SERVER      23
+#define OPTION6_DOMAIN_SEARCH   24
 #define OPTION6_REMOTE_ID       37
 #define OPTION6_SUBSCRIBER_ID   38
 #define OPTION6_FQDN            39

src/dhcp6.c

@@ -20,33 +20,25 @@
 
 struct iface_param {
   struct dhcp_context *current;
+  struct in6_addr fallback;
   int ind;
 };
 
-struct listen_param {
-  int fd_or_iface;
-  struct listen_param *next;
-};
-
-static int join_multicast(struct in6_addr *local, int prefix, 
-			  int scope, int if_index, int dad, void *vparam);
-
 static int complete_context6(struct in6_addr *local,  int prefix,
 			     int scope, int if_index, int dad, void *vparam);
 
-static int make_duid1(unsigned int type, char *mac, size_t maclen, void *parm); 
+static int make_duid1(int index, unsigned int type, char *mac, size_t maclen, void *parm); 
 
 void dhcp6_init(void)
 {
   int fd;
   struct sockaddr_in6 saddr;
-  struct listen_param *listenp, listen; 
-#if defined(IP_TOS) && defined(IPTOS_CLASS_CS6)
+#if defined(IPV6_TCLASS) && defined(IPTOS_CLASS_CS6)
   int class = IPTOS_CLASS_CS6;
 #endif
   
   if ((fd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP)) == -1 ||
-#if defined(IP_TOS) && defined(IPTOS_CLASS_CS6)
+#if defined(IPV6_TCLASS) && defined(IPTOS_CLASS_CS6)
       setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &class, sizeof(class)) == -1 ||
 #endif
       !fix_fd(fd) ||
@@ -64,81 +56,9 @@ void dhcp6_init(void)
   if (bind(fd, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in6)))
     die(_("failed to bind DHCPv6 server socket: %s"), NULL, EC_BADNET);
   
-  /* join multicast groups on each interface we're interested in */
-  listen.fd_or_iface = fd;
-  listen.next = NULL;
-  if (!iface_enumerate(AF_INET6, &listen, join_multicast))
-     die(_("failed to join DHCPv6 multicast group: %s"), NULL, EC_BADNET);
-  for (listenp = listen.next; listenp; )
-    {
-      struct listen_param *tmp = listenp->next;
-      free(listenp);
-      listenp = tmp;
-    }
-  
   daemon->dhcp6fd = fd;
 }
 
-static int join_multicast(struct in6_addr *local, int prefix, 
-			  int scope, int if_index, int dad, void *vparam)
-{
-  char ifrn_name[IFNAMSIZ];
-  struct ipv6_mreq mreq;
-  struct listen_param *listenp, *param = vparam;
-  int fd = param->fd_or_iface;
-  struct dhcp_context *context;
-  struct iname *tmp;
-
-  (void)prefix;
-  (void)scope;
-  (void)dad;
-  
-  /* record which interfaces we join on, so
-     that we do it at most one per interface, even when they
-     have multiple addresses */
-  for (listenp = param->next; listenp; listenp = listenp->next)
-    if (if_index == listenp->fd_or_iface)
-      return 1;
-  
-  if (!indextoname(fd, if_index, ifrn_name))
-    return 0;
-
-  /* Are we doing DHCP on this interface? */
-  if (!iface_check(AF_INET6, (struct all_addr *)local, ifrn_name))
-    return 1;
- 
-  for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
-    if (tmp->name && (strcmp(tmp->name, ifrn_name) == 0))
-      return 1;
-
-  /* weird libvirt-inspired access control */
-  for (context = daemon->dhcp6; context; context = context->next)
-    if (!context->interface || strcmp(context->interface, ifrn_name) == 0)
-      break;
-
-  if (!context)
-    return 1;
-
-  mreq.ipv6mr_interface = if_index;
-  inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
-  
-  if (setsockopt(fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
-    return 0;
-
-  inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
-  
-  if (setsockopt(fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
-    return 0;
-  
-  listenp = whine_malloc(sizeof(struct listen_param));
-  listenp->fd_or_iface = if_index;
-  listenp->next = param->next;
-  param->next = listenp;
-  
-  return 1;
-}
-
-
 void dhcp6_packet(time_t now)
 {
   struct dhcp_context *context;
@@ -150,11 +70,12 @@ void dhcp6_packet(time_t now)
     struct cmsghdr align; /* this ensures alignment */
     char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
   } control_u;
-  union mysockaddr from;
+  struct sockaddr_in6 from;
   struct all_addr dest;
   ssize_t sz; 
   struct ifreq ifr;
   struct iname *tmp;
+  unsigned short port;
 
   msg.msg_control = control_u.control6;
   msg.msg_controllen = sizeof(control_u);
@@ -164,7 +85,7 @@ void dhcp6_packet(time_t now)
   msg.msg_iov =  &daemon->dhcp_packet;
   msg.msg_iovlen = 1;
   
-  if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1 || sz <= 4)
+  if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1)
     return;
   
   for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
@@ -200,25 +121,37 @@ void dhcp6_packet(time_t now)
 
   /* unlinked contexts are marked by context->current == context */
   for (context = daemon->dhcp6; context; context = context->next)
-    context->current = context;
-  
+    {
+      context->current = context;
+      memset(&context->local6, 0, IN6ADDRSZ);
+    }
+
   parm.current = NULL;
   parm.ind = if_index;
+  memset(&parm.fallback, 0, IN6ADDRSZ);
   
   if (!iface_enumerate(AF_INET6, &parm, complete_context6))
     return;
   
   lease_prune(NULL, now); /* lose any expired leases */
 
-  msg.msg_iov =  &daemon->dhcp_packet;
-  sz = dhcp6_reply(parm.current, if_index, ifr.ifr_name, sz, IN6_IS_ADDR_MULTICAST(&from.in6.sin6_addr), now);
+  port = dhcp6_reply(parm.current, if_index, ifr.ifr_name, &parm.fallback, 
+		     sz, IN6_IS_ADDR_MULTICAST(&from.sin6_addr), now);
   
   lease_update_file(now);
-  lease_update_dns();
+  lease_update_dns(0);
   
-  if (sz != 0)
-    while (sendto(daemon->dhcp6fd, daemon->outpacket.iov_base, sz, 0, (struct sockaddr *)&from, sizeof(from)) &&
+  /* The port in the source address of the original request should
+     be correct, but at least once client sends from the server port,
+     so we explicitly send to the client port to a client, and the
+     server port to a relay. */
+  if (port != 0)
+    {
+      from.sin6_port = htons(port);
+      while (sendto(daemon->dhcp6fd, daemon->outpacket.iov_base, save_counter(0), 
+		    0, (struct sockaddr *)&from, sizeof(from)) == -1 &&
 	   retry_send());
+    }
 }
 
 static int complete_context6(struct in6_addr *local,  int prefix,
@@ -229,23 +162,32 @@ static int complete_context6(struct in6_addr *local,  int prefix,
 
   (void)scope; /* warning */
   (void)dad;
-
-  for (context = daemon->dhcp6; context; context = context->next)
+  
+  if (if_index == param->ind &&
+      !IN6_IS_ADDR_LOOPBACK(local) &&
+      !IN6_IS_ADDR_LINKLOCAL(local) &&
+      !IN6_IS_ADDR_MULTICAST(local))
     {
-      if (prefix == context->prefix &&
-	  !IN6_IS_ADDR_LOOPBACK(local) &&
-	  !IN6_IS_ADDR_LINKLOCAL(local) &&
-	  !IN6_IS_ADDR_MULTICAST(local) &&
-	  is_same_net6(local, &context->start6, prefix) &&
-          is_same_net6(local, &context->end6, prefix))
-        {
-          /* link it onto the current chain if we've not seen it before */
-          if (if_index == param->ind && context->current == context)
-            {
-              context->current = param->current;
-              param->current = context;
-	      context->local6 = *local;
-            }
+      /* Determine a globally address on the arrival interface, even
+	 if we have no matching dhcp-context, because we're only
+	 allocating on remote subnets via relays. This
+	 is used as a default for the DNS server option. */
+      param->fallback = *local;
+      
+      for (context = daemon->dhcp6; context; context = context->next)
+	{
+	  if (prefix == context->prefix &&
+	      is_same_net6(local, &context->start6, prefix) &&
+	      is_same_net6(local, &context->end6, prefix))
+	    {
+	      /* link it onto the current chain if we've not seen it before */
+	      if (context->current == context)
+		{
+		  context->current = param->current;
+		  param->current = context;
+		  context->local6 = *local;
+		}
+	    }
 	}
     }          
   return 1;
@@ -287,7 +229,7 @@ int address6_allocate(struct dhcp_context *context,  unsigned char *clid, int cl
   
   for (pass = 0; pass <= 1; pass++)
     for (c = context; c; c = c->current)
-      if (c->flags & (CONTEXT_STATIC | CONTEXT_PROXY))
+      if (c->flags & (CONTEXT_DEPRECATE | CONTEXT_STATIC | CONTEXT_RA_STATELESS))
 	continue;
       else if (!match_netid(c->filter, netids, pass))
 	continue;
@@ -305,7 +247,7 @@ int address6_allocate(struct dhcp_context *context,  unsigned char *clid, int cl
 	  do {
 	    /* eliminate addresses in use by the server. */
 	    for (d = context; d; d = d->current)
-	      if (addr == addr6part(&d->router6))
+	      if (addr == addr6part(&d->local6))
 		break;
 
 	    if (!d &&
@@ -340,9 +282,9 @@ struct dhcp_context *address6_available(struct dhcp_context *context,
       start = addr6part(&tmp->start6);
       end = addr6part(&tmp->end6);
 
-      if (!(tmp->flags & (CONTEXT_STATIC | CONTEXT_PROXY)) &&
-          is_same_net6(&context->start6, taddr, context->prefix) &&
-	  is_same_net6(&context->end6, taddr, context->prefix) &&
+      if (!(tmp->flags & (CONTEXT_STATIC | CONTEXT_RA_STATELESS)) &&
+          is_same_net6(&tmp->start6, taddr, tmp->prefix) &&
+	  is_same_net6(&tmp->end6, taddr, tmp->prefix) &&
 	  addr >= start &&
           addr <= end &&
           match_netid(tmp->filter, netids, 1))
@@ -432,34 +374,51 @@ struct dhcp_config *find_config6(struct dhcp_config *configs,
 
 void make_duid(time_t now)
 {
-  /* rebase epoch to 1/1/2000 */
-  time_t newnow = now - 946684800;
-  
-  iface_enumerate(AF_LOCAL, &newnow, make_duid1);
-  
-  if(!daemon->duid)
-    die("Cannot create DHCPv6 server DUID: %s", NULL, EC_MISC);
+  if (daemon->duid_config)
+    {
+      unsigned char *p;
+      
+      daemon->duid = p = safe_malloc(daemon->duid_config_len + 6);
+      daemon->duid_len = daemon->duid_config_len + 6;
+      PUTSHORT(2, p); /* DUID_EN */
+      PUTLONG(daemon->duid_enterprise, p);
+      memcpy(p, daemon->duid_config, daemon->duid_config_len);
+    }
+  else
+    {
+      /* rebase epoch to 1/1/2000 */
+      time_t newnow = now - 946684800;
+      
+      iface_enumerate(AF_LOCAL, &newnow, make_duid1);
+      
+      if(!daemon->duid)
+	die("Cannot create DHCPv6 server DUID: %s", NULL, EC_MISC);
+    }
 }
 
-static int make_duid1(unsigned int type, char *mac, size_t maclen, void *parm)
+static int make_duid1(int index, unsigned int type, char *mac, size_t maclen, void *parm)
 {
   /* create DUID as specified in RFC3315. We use the MAC of the
-     first interface we find that isn't loopback or P-to-P */
+     first interface we find that isn't loopback or P-to-P and
+     has address-type < 256. Address types above 256 are things like 
+     tunnels which don't have usable MAC addresses. */
   
   unsigned char *p;
+  (void)index;
 
+  if (type >= 256)
+    return 1;
+
+#ifdef HAVE_BROKEN_RTC
+  daemon->duid = p = safe_malloc(maclen + 4);
+  daemon->duid_len = maclen + 4;
+  PUTSHORT(3, p); /* DUID_LL */
+  PUTSHORT(type, p); /* address type */
+#else
   daemon->duid = p = safe_malloc(maclen + 8);
   daemon->duid_len = maclen + 8;
-  
-#ifdef HAVE_BROKEN_RTC
-  PUTSHORT(3, p); /* DUID_LL */
-#else
   PUTSHORT(1, p); /* DUID_LLT */
-#endif
-
   PUTSHORT(type, p); /* address type */
-
-#ifndef HAVE_BROKEN_RTC
   PUTLONG(*((time_t *)parm), p); /* time */
 #endif
 

src/dnsmasq.c

@@ -106,18 +106,24 @@ int main (int argc, char **argv)
     else
       open("/dev/null", O_RDWR); 
 
-#ifdef HAVE_LINUX_NETWORK
-  netlink_init();
-#elif !(defined(IP_RECVDSTADDR) && \
-	defined(IP_RECVIF) && \
-	defined(IP_SENDSRCADDR))
+#ifndef HAVE_LINUX_NETWORK
+#  if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
   if (!option_bool(OPT_NOWILD))
     {
       bind_fallback = 1;
       set_option_bool(OPT_NOWILD);
     }
+#  endif
+  
+  /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
+  if (option_bool(OPT_CLEVERBIND))
+    {
+      bind_fallback = 1;
+      set_option_bool(OPT_NOWILD);
+      reset_option_bool(OPT_CLVERBIND);
+    }
 #endif
-
+  
 #ifndef HAVE_TFTP
   if (daemon->tftp_unlimited || daemon->tftp_interfaces)
     die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
@@ -154,32 +160,82 @@ int main (int argc, char **argv)
 	 before lease_init to allocate buffers it uses.*/
       dhcp_common_init();
       lease_init(now);
+  
       if (daemon->dhcp)
 	dhcp_init();
-#ifdef HAVE_DHCP6
-      if (daemon->dhcp6)
-	dhcp6_init();
-#endif
     }
+  
+#  ifdef HAVE_DHCP6
+  /* Start RA subsystem if --enable-ra OR dhcp-range=<subnet>, ra-only */
+  if (daemon->ra_contexts || option_bool(OPT_RA))
+    {
+      /* link the DHCP6 contexts to the ra-only ones so we can traverse them all 
+	 from ->ra_contexts, but only the non-ra-onlies from ->dhcp6 */
+      struct dhcp_context *context;
+      
+      if (!daemon->ra_contexts)
+	daemon->ra_contexts = daemon->dhcp6;
+      else
+	{
+	  for (context = daemon->ra_contexts; context->next; context = context->next);
+	  context->next = daemon->dhcp6;
+	}
+      ra_init(now);
+    }
+
+  if (daemon->dhcp6)
+    dhcp6_init();
+
+#  endif
+
+#endif
+
+#ifdef HAVE_LINUX_NETWORK
+  /* After lease_init */
+  netlink_init();
+
+  if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
+    die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
+#endif
+
+#ifdef HAVE_DHCP6
+  /* after netlink_init */
+  if (daemon->ra_contexts || daemon->dhcp6)
+    join_multicast();
+#endif
+
+#ifdef HAVE_DHCP
+  /* after netlink_init */
+  if (daemon->dhcp || daemon->dhcp6)
+    lease_find_interfaces(now);
 #endif
 
   if (!enumerate_interfaces())
     die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
-    
-  if (option_bool(OPT_NOWILD)) 
+  
+  if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)) 
     {
       create_bound_listeners(1);
+      
+      if (!option_bool(OPT_CLEVERBIND))
+	for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
+	  if (if_tmp->name && !if_tmp->used)
+	    die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
 
-      for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
-	if (if_tmp->name && !if_tmp->used)
-	  die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
-  
-      for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
-	if (!if_tmp->used)
-	  {
-	    prettyprint_addr(&if_tmp->addr, daemon->namebuff);
-	    die(_("no interface with address %s"), daemon->namebuff, EC_BADNET);
-	  }
+#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
+      /* after enumerate_interfaces()  */
+      if (daemon->dhcp)
+	{
+	  bindtodevice(daemon->dhcpfd);
+	  if (daemon->enable_pxe)
+	    bindtodevice(daemon->pxefd);
+	}
+#endif
+
+#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
+      if (daemon->dhcp6)
+	bindtodevice(daemon->dhcp6fd);
+#endif
     }
   else 
     create_wildcard_listeners();
@@ -205,7 +261,8 @@ int main (int argc, char **argv)
 
 #if defined(HAVE_SCRIPT)
   /* Note getpwnam returns static storage */
-  if ((daemon->dhcp || daemon->dhcp6) && daemon->scriptuser && 
+  if ((daemon->dhcp || daemon->dhcp6) && 
+      daemon->scriptuser && 
       (daemon->lease_change_command || daemon->luascript))
     {
       if ((ent_pw = getpwnam(daemon->scriptuser)))
@@ -380,8 +437,9 @@ int main (int argc, char **argv)
 #if defined(HAVE_LINUX_NETWORK)	  
 	  /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
 	     CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind 
-	     ports because of DAD, we need CAP_NET_BIND_SERVICE too. */
-	  if (is_dad_listeners())
+	     ports because of DAD, or we're doing it dynamically,
+	     we need CAP_NET_BIND_SERVICE too. */
+	  if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
 	    data->effective = data->permitted = data->inheritable =
 	      (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | 
 	      (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
@@ -429,7 +487,7 @@ int main (int argc, char **argv)
 	    }     
 
 #ifdef HAVE_LINUX_NETWORK
-	 if (is_dad_listeners())
+	  if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
 	   data->effective = data->permitted =
 	     (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
 	 else
@@ -453,6 +511,34 @@ int main (int argc, char **argv)
     prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
 #endif
 
+#ifdef HAVE_TFTP
+  if (daemon->tftp_unlimited || daemon->tftp_interfaces)
+    {
+      DIR *dir;
+      struct tftp_prefix *p;
+      
+      if (daemon->tftp_prefix)
+	{
+	  if (!((dir = opendir(daemon->tftp_prefix))))
+	    {
+	      send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
+	      _exit(0);
+	    }
+	  closedir(dir);
+	}
+
+      for (p = daemon->if_prefix; p; p = p->next)
+	{
+	  if (!((dir = opendir(p->prefix))))
+	   {
+	     send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
+	     _exit(0);
+	   } 
+	  closedir(dir);
+	}
+    }
+#endif
+
   if (daemon->port == 0)
     my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
   else if (daemon->cachesize != 0)
@@ -495,9 +581,12 @@ int main (int argc, char **argv)
 
   if (daemon->max_logs != 0)
     my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
+ 
+  if (daemon->ra_contexts)
+    my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
 
 #ifdef HAVE_DHCP
-  if (daemon->dhcp || daemon->dhcp6)
+  if (daemon->dhcp || daemon->dhcp6 || daemon->ra_contexts)
     {
       struct dhcp_context *dhcp_tmp;
       int family = AF_INET;
@@ -510,32 +599,66 @@ int main (int argc, char **argv)
 	{
 	  void *start = &dhcp_tmp->start;
 	  void *end = &dhcp_tmp->end;
-	  
+	  	  
 #ifdef HAVE_DHCP6
 	  if (family == AF_INET6)
 	    {
 	      start = &dhcp_tmp->start6;
 	      end = &dhcp_tmp->end6;
+	      struct in6_addr subnet = dhcp_tmp->start6;
+	      setaddr6part(&subnet, 0);
+	      inet_ntop(AF_INET6, &subnet, daemon->addrbuff, 256);
 	    }
 #endif
 	  
-	  prettyprint_time(daemon->dhcp_buff2, dhcp_tmp->lease_time);
-	  inet_ntop(family, start, daemon->dhcp_buff, 256);
-	  inet_ntop(family, end, daemon->dhcp_buff3, 256);
-	  my_syslog(MS_DHCP | LOG_INFO, 
-		    (dhcp_tmp->flags & CONTEXT_STATIC) ? 
-		    _("DHCP, static leases only on %.0s%s, lease time %s") :
-		    (dhcp_tmp->flags & CONTEXT_PROXY) ?
-		    _("DHCP, proxy on subnet %.0s%s%.0s") :
-		    _("DHCP, IP range %s -- %s, lease time %s"),
-		    daemon->dhcp_buff, daemon->dhcp_buff3, daemon->dhcp_buff2);
+	  if (family != AF_INET && (dhcp_tmp->flags & CONTEXT_DEPRECATE))
+	    strcpy(daemon->namebuff, _("prefix deprecated"));
+	  else
+	    {
+	      char *p = daemon->namebuff;
+	      p += sprintf(p, _("lease time "));
+	      prettyprint_time(p, dhcp_tmp->lease_time);
+	    }
+	  
+	  if (daemon->dhcp_buff)
+	    inet_ntop(family, start, daemon->dhcp_buff, 256);
+	  if (daemon->dhcp_buff3)
+	    inet_ntop(family, end, daemon->dhcp_buff3, 256);
+	  if ((dhcp_tmp->flags & CONTEXT_DHCP) || family == AF_INET) 
+	    my_syslog(MS_DHCP | LOG_INFO, 
+		      (dhcp_tmp->flags & CONTEXT_RA_STATELESS) ? 
+		      _("stateless DHCPv6 on %s%.0s%.0s") :
+		      (dhcp_tmp->flags & CONTEXT_STATIC) ? 
+		      _("DHCP, static leases only on %.0s%s, %s") :
+		      (dhcp_tmp->flags & CONTEXT_PROXY) ?
+		      _("DHCP, proxy on subnet %.0s%s%.0s") :
+		      _("DHCP, IP range %s -- %s, %s"),
+		      daemon->dhcp_buff, daemon->dhcp_buff3, daemon->namebuff);
+
+	  if (dhcp_tmp->flags & CONTEXT_RA_NAME)
+	    my_syslog(MS_DHCP | LOG_INFO, _("DHCPv4-derived IPv6 names on %s"), 
+		      daemon->addrbuff);
+	  if (dhcp_tmp->flags & (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS))
+	    {
+	      if (!(dhcp_tmp->flags & CONTEXT_DEPRECATE))
+		{
+		  char *p = daemon->namebuff;
+		  p += sprintf(p, _("prefix valid "));
+		  prettyprint_time(p, dhcp_tmp->lease_time > 7200 ? dhcp_tmp->lease_time : 7200);
+		}
+	      my_syslog(MS_DHCP | LOG_INFO, _("SLAAC on %s %s"), 
+			daemon->addrbuff, daemon->namebuff);
+	    }
 	}
       
 #ifdef HAVE_DHCP6
       if (family == AF_INET)
 	{
 	  family = AF_INET6;
-	  dhcp_tmp = daemon->dhcp6;
+	  if (daemon->ra_contexts)
+	    dhcp_tmp = daemon->ra_contexts;
+	  else
+	    dhcp_tmp = daemon->dhcp6;
 	  goto again;
 	}
 #endif
@@ -652,7 +775,13 @@ int main (int argc, char **argv)
       if (daemon->dhcp6)
 	{
 	  FD_SET(daemon->dhcp6fd, &rset);
-	   bump_maxfd(daemon->dhcp6fd, &maxfd);
+	  bump_maxfd(daemon->dhcp6fd, &maxfd);
+	}
+
+      if (daemon->ra_contexts)
+	{
+	  FD_SET(daemon->icmp6fd, &rset);
+	  bump_maxfd(daemon->icmp6fd, &maxfd); 
 	}
 #endif
 
@@ -668,6 +797,10 @@ int main (int argc, char **argv)
 #  ifdef HAVE_SCRIPT
       while (helper_buf_empty() && do_script_run(now));
 
+#    ifdef HAVE_TFTP
+      while (helper_buf_empty() && do_tftp_script_run());
+#    endif
+
       if (!helper_buf_empty())
 	{
 	  FD_SET(daemon->helperfd, &wset);
@@ -676,6 +809,11 @@ int main (int argc, char **argv)
 #  else
       /* need this for other side-effects */
       while (do_script_run(now));
+
+#    ifdef HAVE_TFTP 
+      while (do_tftp_script_run());
+#    endif
+
 #  endif
 #endif
    
@@ -752,11 +890,11 @@ int main (int argc, char **argv)
 	}
 
 #ifdef HAVE_DHCP6
-      if (daemon->dhcp6)
-	{
-	  if (FD_ISSET(daemon->dhcp6fd, &rset))
-	    dhcp6_packet(now);
-	}
+      if (daemon->dhcp6 && FD_ISSET(daemon->dhcp6fd, &rset))
+	dhcp6_packet(now);
+
+      if (daemon->ra_contexts && FD_ISSET(daemon->icmp6fd, &rset))
+	icmp6_packet();
 #endif
 
 #  ifdef HAVE_SCRIPT
@@ -808,6 +946,19 @@ static void sig_handler(int sig)
     }
 }
 
+/* now == 0 -> queue immediate callback */
+void send_alarm(time_t event, time_t now)
+{
+  if (now == 0 || event != 0)
+    {
+      /* alarm(0) or alarm(-ve) doesn't do what we want.... */
+      if ((now == 0 || difftime(event, now) <= 0.0))
+	send_event(pipewrite, EVENT_ALARM, 0, NULL);
+      else 
+	alarm((unsigned)difftime(event, now)); 
+    }
+}
+
 void send_event(int fd, int event, int data, char *msg)
 {
   struct event_desc ev;
@@ -885,6 +1036,9 @@ static void fatal_event(struct event_desc *ev, char *msg)
     
     case EVENT_LUA_ERR:
       die(_("failed to load Lua script: %s"), msg, EC_MISC);
+
+    case EVENT_TFTP_ERR:
+      die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
     }
 }	
       
@@ -925,6 +1079,11 @@ static void async_event(int pipe, time_t now)
 	    lease_prune(NULL, now);
 	    lease_update_file(now);
 	  }
+#ifdef HAVE_DHCP6
+	else if (daemon->ra_contexts)
+	  /* Not doing DHCP, so no lease system, manage alarms for ra only */
+	    send_alarm(periodic_ra(now), now);
+#endif
 #endif
 	break;
 		
@@ -1087,8 +1246,14 @@ void clear_cache_and_reload(time_t now)
       check_dhcp_hosts(0);
       lease_update_from_configs(); 
       lease_update_file(now); 
-      lease_update_dns();
+      lease_update_dns(1);
     }
+#ifdef HAVE_DHCP6
+  else if (daemon->ra_contexts)
+    /* Not doing DHCP, so no lease system, manage 
+       alarms for ra only */
+    send_alarm(periodic_ra(now), now);
+#endif
 #endif
 }
 
@@ -1191,18 +1356,19 @@ static void check_dns_listeners(fd_set *set, time_t now)
 	  int confd;
 	  struct irec *iface = NULL;
 	  pid_t p;
+	  union mysockaddr tcp_addr;
+	  socklen_t tcp_len = sizeof(union mysockaddr);
+
+	  while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
 	  
-	  while((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
-	  
-	  if (confd == -1)
+	  if (confd == -1 ||
+	      getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
 	    continue;
 	  
-	  if (option_bool(OPT_NOWILD))
-	    iface = listener->iface;
+	  if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
+	    iface = listener->iface; /* May be NULL */
 	  else
 	    {
-	      union mysockaddr tcp_addr;
-	      socklen_t tcp_len = sizeof(union mysockaddr);
 	      /* Check for allowed interfaces when binding the wildcard address:
 		 we do this by looking for an interface with the same address as 
 		 the local address of the TCP connection, then looking to see if that's
@@ -1210,14 +1376,13 @@ static void check_dns_listeners(fd_set *set, time_t now)
 		 interface too, for localisation. */
 	      
 	      /* interface may be new since startup */
-	      if (enumerate_interfaces() &&
-		  getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) != -1)
+	      if (enumerate_interfaces())
 		for (iface = daemon->interfaces; iface; iface = iface->next)
 		  if (sockaddr_isequal(&iface->addr, &tcp_addr))
 		    break;
 	    }
 	  
-	  if (!iface)
+	  if (!iface && !(option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)))
 	    {
 	      shutdown(confd, SHUT_RDWR);
 	      close(confd);
@@ -1243,7 +1408,13 @@ static void check_dns_listeners(fd_set *set, time_t now)
 	      unsigned char *buff;
 	      struct server *s; 
 	      int flags;
-	      
+	      struct in_addr netmask;
+
+	      if (iface)
+		netmask = iface->netmask;
+	      else
+		netmask.s_addr = 0;
+
 #ifndef NO_FORK
 	      /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
 		 terminate the process. */
@@ -1261,7 +1432,7 @@ static void check_dns_listeners(fd_set *set, time_t now)
 	      if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
 		fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
 	      
-	      buff = tcp_request(confd, now, &iface->addr, iface->netmask);
+	      buff = tcp_request(confd, now, &tcp_addr, netmask);
 	       
 	      shutdown(confd, SHUT_RDWR);
 	      close(confd);
@@ -1372,7 +1543,15 @@ int icmp_ping(struct in_addr addr)
       FD_SET(fd, &rset);
       set_dns_listeners(now, &rset, &maxfd);
       set_log_writer(&wset, &maxfd);
-
+      
+#ifdef HAVE_DHCP6
+      if (daemon->ra_contexts)
+	{
+	  FD_SET(daemon->icmp6fd, &rset);
+	  bump_maxfd(daemon->icmp6fd, &maxfd); 
+	}
+#endif
+      
       if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
 	{
 	  FD_ZERO(&rset);
@@ -1384,6 +1563,11 @@ int icmp_ping(struct in_addr addr)
       check_log_writer(&wset);
       check_dns_listeners(&rset, now);
 
+#ifdef HAVE_DHCP6
+      if (daemon->ra_contexts && FD_ISSET(daemon->icmp6fd, &rset))
+	icmp6_packet();
+#endif
+      
 #ifdef HAVE_TFTP
       check_tftp_listeners(&rset, now);
 #endif

src/dnsmasq.h

@@ -56,10 +56,11 @@ typedef unsigned short u16;
 typedef unsigned int u32;
 typedef unsigned long long u64;
 
-#include "dns_protocol.h"
-#include "dhcp_protocol.h"
+#include "dns-protocol.h"
+#include "dhcp-protocol.h"
 #ifdef HAVE_DHCP6
-#include "dhcp6_protocol.h"
+#include "dhcp6-protocol.h"
+#include "radv-protocol.h"
 #endif
 
 #define gettext_noop(S) (S)
@@ -158,6 +159,7 @@ struct event_desc {
 #define EVENT_LOG_ERR   17
 #define EVENT_FORK_ERR  18
 #define EVENT_LUA_ERR   19
+#define EVENT_TFTP_ERR  20
 
 /* Exit codes. */
 #define EC_GOOD        0
@@ -215,7 +217,10 @@ struct event_desc {
 #define OPT_CONSEC_ADDR    34
 #define OPT_CONNTRACK      35
 #define OPT_FQDN_UPDATE    36
-#define OPT_LAST           37
+#define OPT_RA             37
+#define OPT_TFTP_LC        38
+#define OPT_CLEVERBIND     39
+#define OPT_LAST           40
 
 /* extra flags for my_syslog, we use a couple of facilities since they are known 
    not to occupy the same bits as priorities, no matter how syslog.h is set up. */
@@ -272,6 +277,18 @@ struct cname {
   struct cname *next;
 };
 
+struct host_record {
+  struct name_list {
+    char *name;
+    struct name_list *next;
+  } *names;
+  struct in_addr addr;
+#ifdef HAVE_IPV6
+  struct in6_addr addr6;
+#endif
+  struct host_record *next;
+};
+
 struct interface_name {
   char *name; /* domain name */
   char *intr; /* interface name */
@@ -283,17 +300,30 @@ union bigname {
   union bigname *next; /* freelist */
 };
 
+struct keydata {
+  struct keydata *next;
+  unsigned char key[KEYBLOCK_LEN];
+};
+
 struct crec { 
   struct crec *next, *prev, *hash_next;
-  time_t ttd; /* time to die */
-  int uid; 
+  /* union is 16 bytes when doing IPv6, 8 bytes on 32 bit machines without IPv6 */
   union {
     struct all_addr addr;
     struct {
       struct crec *cache;
       int uid;
     } cname;
+    struct {
+      struct keydata *keydata;
+      unsigned char algo;
+      unsigned char digest; /* DS only */
+      unsigned short flags_or_keyid; /* flags for DNSKEY, keyid for DS */
+    } key;
   } addr;
+  time_t ttd; /* time to die */
+  /* used as keylen if F_DS or F_DNSKEY, index to source for F_HOSTS */
+  int uid; 
   unsigned short flags;
   union {
     char sname[SMALLDNAME];
@@ -314,14 +344,21 @@ struct crec {
 #define F_BIGNAME   (1u<<9)
 #define F_NXDOMAIN  (1u<<10)
 #define F_CNAME     (1u<<11)
-#define F_NOERR     (1u<<12)
+#define F_DNSKEY    (1u<<12)
 #define F_CONFIG    (1u<<13)
+#define F_DS        (1u<<14)
+#define F_DNSSECOK  (1u<<15)
+
 /* below here are only valid as args to log_query: cache
    entries are limited to 16 bits */
 #define F_UPSTREAM  (1u<<16)
 #define F_RRNAME    (1u<<17)
 #define F_SERVER    (1u<<18)
 #define F_QUERY     (1u<<19)
+#define F_NOERR     (1u<<20)
+/* composites */
+#define F_TYPE      (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS) /* Only one may be set */
+
 
 
 /* struct sockaddr is not large enough to hold any address,
@@ -374,14 +411,14 @@ struct server {
 struct irec {
   union mysockaddr addr;
   struct in_addr netmask; /* only valid for IPv4 */
-  int tftp_ok, mtu, done, dad;
+  int tftp_ok, dhcp_ok, mtu, done, dad;
   char *name;
   struct irec *next;
 };
 
 struct listener {
   int fd, tcpfd, tftpfd, family;
-  struct irec *iface; /* only valid for non-wildcard */
+  struct irec *iface; /* only sometimes valid for non-wildcard */
   struct listener *next;
 };
 
@@ -389,7 +426,7 @@ struct listener {
 struct iname {
   char *name;
   union mysockaddr addr;
-  int isloop, used;
+  int used;
   struct iname *next;
 };
 
@@ -430,11 +467,21 @@ struct frec {
   struct frec *next;
 };
 
+/* flags in top of length field for DHCP-option tables */
+#define OT_ADDR_LIST    0x8000
+#define OT_RFC1035_NAME 0x4000
+#define OT_INTERNAL     0x2000
+#define OT_NAME         0x1000
+#define OT_CSTRING      0x0800
+#define OT_DEC          0x0400 
+
+
 /* actions in the daemon->helper RPC */
 #define ACTION_DEL           1
 #define ACTION_OLD_HOSTNAME  2
 #define ACTION_OLD           3
 #define ACTION_ADD           4
+#define ACTION_TFTP          5
 
 #define LEASE_NEW            1  /* newly created */
 #define LEASE_CHANGED        2  /* modified */
@@ -443,6 +490,7 @@ struct frec {
 #define LEASE_USED          16  /* used this DHCPv6 transaction */
 #define LEASE_NA            32  /* IPv6 no-temporary lease */
 #define LEASE_TA            64  /* IPv6 temporary lease */
+#define LEASE_HAVE_HWADDR  128  /* Have set hwaddress */
 
 struct dhcp_lease {
   int clid_len;          /* length of client identifier */
@@ -460,6 +508,14 @@ struct dhcp_lease {
   unsigned char *extradata;
   unsigned int extradata_len, extradata_size;
   int last_interface;
+#ifdef HAVE_DHCP6
+  struct slaac_address {
+    struct in6_addr addr, local;
+    time_t ping_time;
+    int backoff; /* zero -> confirmed */
+    struct slaac_address *next;
+  } *slaac_address;
+#endif
   struct dhcp_lease *next;
 };
 
@@ -603,8 +659,9 @@ struct dhcp_context {
   struct in_addr start, end; /* range of available addresses */
 #ifdef HAVE_DHCP6
   struct in6_addr start6, end6; /* range of available addresses */
-  struct in6_addr local6, router6;
-  int prefix;
+  struct in6_addr local6;
+  int prefix, if_index;
+  time_t ra_time;
 #endif
   int flags;
   char *interface;
@@ -612,10 +669,16 @@ struct dhcp_context {
   struct dhcp_context *next, *current;
 };
 
-#define CONTEXT_STATIC    1
-#define CONTEXT_NETMASK   2
-#define CONTEXT_BRDCAST   4
-#define CONTEXT_PROXY     8
+#define CONTEXT_STATIC         1
+#define CONTEXT_NETMASK        2
+#define CONTEXT_BRDCAST        4
+#define CONTEXT_PROXY          8
+#define CONTEXT_RA_ONLY       16
+#define CONTEXT_RA_DONE       32
+#define CONTEXT_RA_NAME       64
+#define CONTEXT_RA_STATELESS 128
+#define CONTEXT_DHCP         256
+#define CONTEXT_DEPRECATE    512
 
 struct ping_result {
   struct in_addr addr;
@@ -671,8 +734,9 @@ extern struct daemon {
   time_t last_resolv;
   struct mx_srv_record *mxnames;
   struct naptr *naptr;
-  struct txt_record *txt;
+  struct txt_record *txt, *rr;
   struct ptr_record *ptr;
+  struct host_record *host_records, *host_records_tail;
   struct cname *cnames;
   struct interface_name *int_names;
   char *mxtarget;
@@ -694,7 +758,7 @@ extern struct daemon {
   int port, query_port, min_port;
   unsigned long local_ttl, neg_ttl, max_ttl;
   struct hostsfile *addn_hosts;
-  struct dhcp_context *dhcp, *dhcp6;
+  struct dhcp_context *dhcp, *dhcp6, *ra_contexts;
   struct dhcp_config *dhcp_conf;
   struct dhcp_opt *dhcp_opts, *dhcp_match, *dhcp_opts6, *dhcp_match6;
   struct dhcp_vendor *dhcp_vendors;
@@ -718,6 +782,8 @@ extern struct daemon {
   struct tftp_prefix *if_prefix; /* per-interface TFTP prefixes */
   struct interface_list *tftp_interfaces; /* interfaces for limited TFTP service */
   int tftp_unlimited;
+  unsigned int duid_enterprise, duid_config_len;
+  unsigned char *duid_config;
 
   /* globally used stuff for DNS */
   char *packet; /* packet buffer */
@@ -754,7 +820,7 @@ extern struct daemon {
   int duid_len;
   unsigned char *duid;
   struct iovec outpacket;
-  int dhcp6fd;
+  int dhcp6fd, icmp6fd;
 #endif
   /* DBus stuff */
   /* void * here to avoid depending on dbus headers outside dbus.c */
@@ -764,7 +830,7 @@ extern struct daemon {
 #endif
 
   /* TFTP stuff */
-  struct tftp_transfer *tftp_trans;
+  struct tftp_transfer *tftp_trans, *tftp_done_trans;
 
   /* utility string buffer, hold max sized IP address as string */
   char *addrbuff;
@@ -795,6 +861,10 @@ char *get_domain(struct in_addr addr);
 #ifdef HAVE_IPV6
 char *get_domain6(struct in6_addr *addr);
 #endif
+#ifdef HAVE_DNSSEC
+struct keydata *keydata_alloc(char *data, size_t len);
+void keydata_free(struct keydata *blocks);
+#endif
 
 /* rfc1035.c */
 unsigned int extract_request(struct dns_header *header, size_t qlen, 
@@ -862,6 +932,7 @@ char *option_string(int prot, unsigned int opt, unsigned char *val,
 		    int opt_len, char *buf, int buf_len);
 void reread_dhcp(void);
 void set_option_bool(unsigned int opt);
+void reset_option_bool(unsigned int opt);
 struct hostsfile *expand_filelist(struct hostsfile *list);
 
 /* forward.c */
@@ -871,7 +942,7 @@ unsigned char *tcp_request(int confd, time_t now,
 			   union mysockaddr *local_addr, struct in_addr netmask);
 void server_gone(struct server *server);
 struct frec *get_new_frec(time_t now, int *wait);
-void send_from(int fd, int nowild, char *packet, size_t len, 
+int send_from(int fd, int nowild, char *packet, size_t len, 
 	       union mysockaddr *to, struct all_addr *source,
 	       unsigned int iface);
 
@@ -920,7 +991,7 @@ char *host_from_dns(struct in_addr addr);
 /* lease.c */
 #ifdef HAVE_DHCP
 void lease_update_file(time_t now);
-void lease_update_dns();
+void lease_update_dns(int force);
 void lease_init(time_t now);
 struct dhcp_lease *lease4_allocate(struct in_addr addr);
 #ifdef HAVE_DHCP6
@@ -929,12 +1000,13 @@ struct dhcp_lease *lease6_find(unsigned char *clid, int clid_len,
 			       int lease_type, int iaid, struct in6_addr *addr);
 struct dhcp_lease *lease6_find_by_addr(struct in6_addr *net, int prefix, u64 addr);
 u64 lease_find_max_addr6(struct dhcp_context *context);
+void lease_ping_reply(struct in6_addr *sender, unsigned char *packet, char *interface);
 #endif
 void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
-		      unsigned char *clid, int hw_len, int hw_type, int clid_len);
+		      unsigned char *clid, int hw_len, int hw_type, int clid_len, time_t now, int force);
 void lease_set_hostname(struct dhcp_lease *lease, char *name, int auth, char *domain, char *config_domain);
 void lease_set_expires(struct dhcp_lease *lease, unsigned int len, time_t now);
-void lease_set_interface(struct dhcp_lease *lease, int interface);
+void lease_set_interface(struct dhcp_lease *lease, int interface, time_t now);
 struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr, int hw_len, int hw_type,  
 					unsigned char *clid, int clid_len);
 struct dhcp_lease *lease_find_by_addr(struct in_addr addr);
@@ -943,6 +1015,7 @@ void lease_prune(struct dhcp_lease *target, time_t now);
 void lease_update_from_configs(void);
 int do_script_run(time_t now);
 void rerun_scripts(void);
+void lease_find_interfaces(time_t now);
 #ifdef HAVE_SCRIPT
 void lease_add_extradata(struct dhcp_lease *lease, unsigned char *data, 
 			 unsigned int len, int delim);
@@ -962,6 +1035,7 @@ unsigned char *extended_hwaddr(int hwtype, int hwlen, unsigned char *hwaddr,
 int make_icmp_sock(void);
 int icmp_ping(struct in_addr addr);
 #endif
+void send_alarm(time_t event, time_t now);
 void send_event(int fd, int event, int data, char *msg);
 void clear_cache_and_reload(time_t now);
 void poll_resolv(int force, int do_reload, time_t now);
@@ -993,11 +1067,14 @@ void emit_dbus_signal(int action, struct dhcp_lease *lease, char *hostname);
 #endif
 
 /* helper.c */
-#if defined(HAVE_DHCP) && !defined(NO_FORK)
+#if defined(HAVE_SCRIPT)
 int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd);
 void helper_write(void);
 void queue_script(int action, struct dhcp_lease *lease, 
 		  char *hostname, time_t now);
+#ifdef HAVE_TFTP
+void queue_tftp(off_t file_len, char *filename, union mysockaddr *peer);
+#endif
 int helper_buf_empty(void);
 #endif
 
@@ -1005,6 +1082,7 @@ int helper_buf_empty(void);
 #ifdef HAVE_TFTP
 void tftp_request(struct listener *listen, time_t now);
 void check_tftp_listeners(fd_set *rset, time_t now);
+int do_tftp_script_run(void);
 #endif
 
 /* conntrack.c */
@@ -1036,7 +1114,8 @@ void make_duid(time_t now);
 
 /* rfc3315.c */
 #ifdef HAVE_DHCP6
-size_t dhcp6_reply(struct dhcp_context *context, int interface, char *iface_name, size_t sz, int is_multicast, time_t now);
+unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *iface_name,  
+			   struct in6_addr *fallback, size_t sz, int is_multicast, time_t now);
 #endif
 
 /* dhcp-common.c */
@@ -1052,4 +1131,46 @@ void log_tags(struct dhcp_netid *netid, u32 xid);
 int match_bytes(struct dhcp_opt *o, unsigned char *p, int len);
 void dhcp_update_configs(struct dhcp_config *configs);
 void check_dhcp_hosts(int fatal);
+void display_opts(void);
+u16 lookup_dhcp_opt(int prot, char *name);
+u16 lookup_dhcp_len(int prot, u16 val);
+char *option_string(int prot, unsigned int opt, unsigned char *val, 
+		    int opt_len, char *buf, int buf_len);
+#ifdef HAVE_LINUX_NETWORK
+void bindtodevice(int fd);
+#endif
+#  ifdef HAVE_DHCP6
+void display_opts6(void);
+void join_multicast(void);
+#  endif
+#endif
+
+/* outpacket.c */
+#ifdef HAVE_DHCP6
+void end_opt6(int container);
+int save_counter(int newval);
+void *expand(size_t headroom);
+int new_opt6(int opt);
+void *put_opt6(void *data, size_t len);
+void put_opt6_long(unsigned int val);
+void put_opt6_short(unsigned int val);
+void put_opt6_char(unsigned int val);
+void put_opt6_string(char *s);
+#endif
+
+/* radv.c */
+#ifdef HAVE_DHCP6
+void ra_init(time_t now);
+void icmp6_packet(void);
+time_t periodic_ra(time_t now);
+void ra_start_unsolicted(time_t now, struct dhcp_context *context);
+#endif
+
+/* slaac.c */ 
+#ifdef HAVE_DHCP6
+void build_subnet_map(void);
+void slaac_add_addrs(struct dhcp_lease *lease, time_t now, int force);
+time_t periodic_slaac(time_t now, struct dhcp_lease *leases);
+void slaac_ping_reply(struct in6_addr *sender, unsigned char *packet, char *interface, struct dhcp_lease *leases);
+void schedule_subnet_map(void);
 #endif

src/forward.c

@@ -26,9 +26,9 @@ static struct randfd *allocate_rfd(int family);
 
 /* Send a UDP packet with its source address set as "source" 
    unless nowild is true, when we just send it with the kernel default */
-void send_from(int fd, int nowild, char *packet, size_t len, 
-	       union mysockaddr *to, struct all_addr *source,
-	       unsigned int iface)
+int send_from(int fd, int nowild, char *packet, size_t len, 
+	      union mysockaddr *to, struct all_addr *source,
+	      unsigned int iface)
 {
   struct msghdr msg;
   struct iovec iov[1]; 
@@ -106,9 +106,16 @@ void send_from(int fd, int nowild, char *packet, size_t len,
 	  msg.msg_controllen = 0;
 	  goto retry;
 	}
+      
       if (retry_send())
 	goto retry;
+      
+      my_syslog(LOG_ERR, _("failed to send packet: %s"), strerror(errno));
+      
+      return 0;
     }
+
+  return 1;
 }
           
 static unsigned int search_servers(time_t now, struct all_addr **addrpp, 
@@ -429,7 +436,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
   if (udpfd != -1)
     {
       plen = setup_reply(header, plen, addrp, flags, daemon->local_ttl);
-      send_from(udpfd, option_bool(OPT_NOWILD), (char *)header, plen, udpaddr, dst_addr, dst_iface);
+      send_from(udpfd, option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND), (char *)header, plen, udpaddr, dst_addr, dst_iface);
     }
 
   return 0;
@@ -617,7 +624,7 @@ void reply_query(int fd, int family, time_t now)
 	{
 	  header->id = htons(forward->orig_id);
 	  header->hb4 |= HB4_RA; /* recursion if available */
-	  send_from(forward->fd, option_bool(OPT_NOWILD), daemon->packet, nn, 
+	  send_from(forward->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn, 
 		    &forward->source, &forward->dest, forward->iface);
 	}
       free_frec(forward); /* cancel */
@@ -657,7 +664,7 @@ void receive_query(struct listener *listen, time_t now)
   /* packet buffer overwritten */
   daemon->srv_save = NULL;
   
-  if (listen->family == AF_INET && option_bool(OPT_NOWILD))
+  if (listen->iface && listen->family == AF_INET && option_bool(OPT_NOWILD))
     {
       dst_addr_4 = listen->iface->addr.in.sin_addr;
       netmask = listen->iface->netmask;
@@ -763,12 +770,33 @@ void receive_query(struct listener *listen, time_t now)
 	  !iface_check(listen->family, &dst_addr, ifr.ifr_name))
 	return;
       
-      if (listen->family == AF_INET &&
-	  option_bool(OPT_LOCALISE) &&
-	  ioctl(listen->fd, SIOCGIFNETMASK, &ifr) == -1)
-	return;
-      
-      netmask = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
+      if (listen->family == AF_INET && option_bool(OPT_LOCALISE))
+	{
+	  struct irec *iface;
+	  
+	  /* get the netmask of the interface whch has the address we were sent to.
+	     This is no neccessarily the interface we arrived on. */
+	  
+	  for (iface = daemon->interfaces; iface; iface = iface->next)
+	    if (iface->addr.sa.sa_family == AF_INET &&
+		iface->addr.in.sin_addr.s_addr == dst_addr_4.s_addr)
+	      break;
+	  
+	  /* interface may be new */
+	  if (!iface)
+	    enumerate_interfaces(); 
+	  
+	  for (iface = daemon->interfaces; iface; iface = iface->next)
+	    if (iface->addr.sa.sa_family == AF_INET &&
+		iface->addr.in.sin_addr.s_addr == dst_addr_4.s_addr)
+	      break;
+	  
+	  /* If we failed, abandon localisation */
+	  if (iface)
+	    netmask = iface->netmask;
+	  else
+	    dst_addr_4.s_addr = 0;
+	}
     }
   
   if (extract_request(header, (size_t)n, daemon->namebuff, &type))
@@ -791,8 +819,8 @@ void receive_query(struct listener *listen, time_t now)
 		      dst_addr_4, netmask, now);
   if (m >= 1)
     {
-      send_from(listen->fd, option_bool(OPT_NOWILD), (char *)header, 
-		m, &source_addr, &dst_addr, if_index);
+      send_from(listen->fd, option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND),
+		(char *)header, m, &source_addr, &dst_addr, if_index);
       daemon->local_answer++;
     }
   else if (forward_query(listen->fd, &source_addr, &dst_addr, if_index,

src/helper.c

@@ -192,18 +192,24 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 #endif
 	  _exit(0);
 	}
-
+ 
+      is6 = !!(data.flags & (LEASE_TA | LEASE_NA));
+      
       if (data.action == ACTION_DEL)
 	action_str = "del";
       else if (data.action == ACTION_ADD)
 	action_str = "add";
       else if (data.action == ACTION_OLD || data.action == ACTION_OLD_HOSTNAME)
 	action_str = "old";
+      else if (data.action == ACTION_TFTP)
+	{
+	  action_str = "tftp";
+	  is6 = (data.flags != AF_INET);
+	}
       else
 	continue;
 
-      is6 = !!(data.flags & (LEASE_TA | LEASE_NA));
-	
+      	
       if (!is6)
 	{
 	  /* stringify MAC into dhcp_buff */
@@ -271,13 +277,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	  char *dot;
 	  hostname = (char *)buf;
 	  hostname[data.hostname_len - 1] = 0;
-	  if (!legal_hostname(hostname))
-	    hostname = NULL;
-	  else if ((dot = strchr(hostname, '.')))
+	  if (data.action != ACTION_TFTP)
 	    {
-	      domain = dot+1;
-	      *dot = 0;
-	    } 
+	      if (!legal_hostname(hostname))
+		hostname = NULL;
+	      else if ((dot = strchr(hostname, '.')))
+		{
+		  domain = dot+1;
+		  *dot = 0;
+		} 
+	    }
 	}
     
       extradata = buf + data.hostname_len;
@@ -289,116 +298,141 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	inet_ntop(AF_INET6, &data.hwaddr, daemon->addrbuff, ADDRSTRLEN);
 #endif
 
+      /* file length */
+      if (data.action == ACTION_TFTP)
+	sprintf(daemon->dhcp_buff, "%u", data.hwaddr_len);
+      
 #ifdef HAVE_LUASCRIPT
       if (daemon->luascript)
 	{
-	  lua_getglobal(lua, "lease");     /* function to call */
-	  lua_pushstring(lua, action_str); /* arg1 - action */
-	  lua_newtable(lua);               /* arg2 - data table */
-
-	  if (is6)
+	  if (data.action == ACTION_TFTP)
 	    {
-	      lua_pushstring(lua, daemon->dhcp_buff);
-	      lua_setfield(lua, -2, "client_duid");
-	      lua_pushstring(lua, daemon->packet);
-	      lua_setfield(lua, -2, "server_duid");
-	      lua_pushstring(lua, daemon->dhcp_buff3);
-	      lua_setfield(lua, -2, "iaid");
+	      lua_getglobal(lua, "tftp"); 
+	      if (lua_type(lua, -1) != LUA_TFUNCTION)
+		lua_pop(lua, 1); /* tftp function optional */
+	      else
+		{
+		  lua_pushstring(lua, action_str); /* arg1 - action */
+		  lua_newtable(lua);               /* arg2 - data table */
+		  lua_pushstring(lua, daemon->addrbuff);
+		  lua_setfield(lua, -2, "destination_address");
+		  lua_pushstring(lua, hostname);
+		  lua_setfield(lua, -2, "file_name"); 
+		  lua_pushstring(lua, daemon->dhcp_buff);
+		  lua_setfield(lua, -2, "file_size");
+		  lua_call(lua, 2, 0);	/* pass 2 values, expect 0 */
+		}
 	    }
-
-	  if (!is6 && data.clid_len != 0)
-	    {
-	      lua_pushstring(lua, daemon->packet);
-	      lua_setfield(lua, -2, "client_id");
-	    }
-	  
-	  if (strlen(data.interface) != 0)
-	    {
-	      lua_pushstring(lua, data.interface);
-	      lua_setfield(lua, -2, "interface");
-	    }
-	  
-#ifdef HAVE_BROKEN_RTC	
-	  lua_pushnumber(lua, data.length);
-	  lua_setfield(lua, -2, "lease_length");
-#else
-	  lua_pushnumber(lua, data.expires);
-	  lua_setfield(lua, -2, "lease_expires");
-#endif
-	  
-	  if (hostname)
-	    {
-	      lua_pushstring(lua, hostname);
-	      lua_setfield(lua, -2, "hostname");
-	    }
-	  
-	  if (domain)
-	    {
-	      lua_pushstring(lua, domain);
-	      lua_setfield(lua, -2, "domain");
-	    }
-
-	  end = extradata + data.ed_len;
-	  buf = extradata;
-	  
-	  if (!is6)
-	    buf = grab_extradata_lua(buf, end, "vendor_class");
-#ifdef HAVE_DHCP6
 	  else
-	    for (i = 0; i < data.hwaddr_len; i++)
-	      {
-		sprintf(daemon->dhcp_buff2, "vendor_class%i", i);
-		buf = grab_extradata_lua(buf, end, daemon->dhcp_buff2);
-	      }
+	    {
+	      lua_getglobal(lua, "lease");     /* function to call */
+	      lua_pushstring(lua, action_str); /* arg1 - action */
+	      lua_newtable(lua);               /* arg2 - data table */
+	      
+	      if (is6)
+		{
+		  lua_pushstring(lua, daemon->dhcp_buff);
+		  lua_setfield(lua, -2, "client_duid");
+		  lua_pushstring(lua, daemon->packet);
+		  lua_setfield(lua, -2, "server_duid");
+		  lua_pushstring(lua, daemon->dhcp_buff3);
+		  lua_setfield(lua, -2, "iaid");
+		}
+	      
+	      if (!is6 && data.clid_len != 0)
+		{
+		  lua_pushstring(lua, daemon->packet);
+		  lua_setfield(lua, -2, "client_id");
+		}
+	      
+	      if (strlen(data.interface) != 0)
+		{
+		  lua_pushstring(lua, data.interface);
+		  lua_setfield(lua, -2, "interface");
+		}
+	      
+#ifdef HAVE_BROKEN_RTC	
+	      lua_pushnumber(lua, data.length);
+	      lua_setfield(lua, -2, "lease_length");
+#else
+	      lua_pushnumber(lua, data.expires);
+	      lua_setfield(lua, -2, "lease_expires");
 #endif
-	  
-	  buf = grab_extradata_lua(buf, end, "supplied_hostname");
-	  
-	  if (!is6)
-	    {
-	      buf = grab_extradata_lua(buf, end, "cpewan_oui");
-	      buf = grab_extradata_lua(buf, end, "cpewan_serial");   
-	      buf = grab_extradata_lua(buf, end, "cpewan_class");
+	      
+	      if (hostname)
+		{
+		  lua_pushstring(lua, hostname);
+		  lua_setfield(lua, -2, "hostname");
+		}
+	      
+	      if (domain)
+		{
+		  lua_pushstring(lua, domain);
+		  lua_setfield(lua, -2, "domain");
+		}
+	      
+	      end = extradata + data.ed_len;
+	      buf = extradata;
+	      
+	      if (!is6)
+		buf = grab_extradata_lua(buf, end, "vendor_class");
+#ifdef HAVE_DHCP6
+	      else
+		for (i = 0; i < data.hwaddr_len; i++)
+		  {
+		    sprintf(daemon->dhcp_buff2, "vendor_class%i", i);
+		    buf = grab_extradata_lua(buf, end, daemon->dhcp_buff2);
+		  }
+#endif
+	      
+	      buf = grab_extradata_lua(buf, end, "supplied_hostname");
+	      
+	      if (!is6)
+		{
+		  buf = grab_extradata_lua(buf, end, "cpewan_oui");
+		  buf = grab_extradata_lua(buf, end, "cpewan_serial");   
+		  buf = grab_extradata_lua(buf, end, "cpewan_class");
+		}
+	      
+	      buf = grab_extradata_lua(buf, end, "tags");
+	      
+	      if (is6)
+		buf = grab_extradata_lua(buf, end, "relay_address");
+	      else if (data.giaddr.s_addr != 0)
+		{
+		  lua_pushstring(lua, inet_ntoa(data.giaddr));
+		  lua_setfield(lua, -2, "relay_address");
+		}
+	      
+	      for (i = 0; buf; i++)
+		{
+		  sprintf(daemon->dhcp_buff2, "user_class%i", i);
+		  buf = grab_extradata_lua(buf, end, daemon->dhcp_buff2);
+		}
+	      
+	      if (data.action != ACTION_DEL && data.remaining_time != 0)
+		{
+		  lua_pushnumber(lua, data.remaining_time);
+		  lua_setfield(lua, -2, "time_remaining");
+		}
+	      
+	      if (data.action == ACTION_OLD_HOSTNAME && hostname)
+		{
+		  lua_pushstring(lua, hostname);
+		  lua_setfield(lua, -2, "old_hostname");
+		}
+	      
+	      if (!is6)
+		{
+		  lua_pushstring(lua, daemon->dhcp_buff);
+		  lua_setfield(lua, -2, "mac_address");
+		}
+	      
+	      lua_pushstring(lua, daemon->addrbuff);
+	      lua_setfield(lua, -2, "ip_address");
+	    
+	      lua_call(lua, 2, 0);	/* pass 2 values, expect 0 */
 	    }
-	  
-	  buf = grab_extradata_lua(buf, end, "tags");
-
-	  if (is6)
-	    buf = grab_extradata_lua(buf, end, "relay_address");
-	  else if (data.giaddr.s_addr != 0)
-	    {
-	      lua_pushstring(lua, inet_ntoa(data.giaddr));
-	      lua_setfield(lua, -2, "relay_address");
-	    }
-
-	  for (i = 0; buf; i++)
-	    {
-	      sprintf(daemon->dhcp_buff2, "user_class%i", i);
-	      buf = grab_extradata_lua(buf, end, daemon->dhcp_buff2);
-	    }
- 
-	  if (data.action != ACTION_DEL && data.remaining_time != 0)
-	    {
-	      lua_pushnumber(lua, data.remaining_time);
-	      lua_setfield(lua, -2, "time_remaining");
-	    }
-	  
-	  if (data.action == ACTION_OLD_HOSTNAME && hostname)
-	    {
-	      lua_pushstring(lua, hostname);
-	      lua_setfield(lua, -2, "old_hostname");
-	    }
-	  
-	  if (!is6)
-	    {
-	      lua_pushstring(lua, daemon->dhcp_buff);
-	      lua_setfield(lua, -2, "mac_address");
-	    }
-	  
-	  lua_pushstring(lua, daemon->addrbuff);
-	  lua_setfield(lua, -2, "ip_address");
-
-	  lua_call(lua, 2, 0);	/* pass 2 values, expect 0 */
 	}
 #endif
 
@@ -439,81 +473,87 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	  continue;
 	}
       
-      if (is6)
+      if (data.action != ACTION_TFTP)
 	{
-	  my_setenv("DNSMASQ_IAID", daemon->dhcp_buff3, &err);
-	  my_setenv("DNSMASQ_SERVER_DUID", daemon->packet, &err);
-	}
-
-      if (!is6 && data.clid_len != 0)
-	my_setenv("DNSMASQ_CLIENT_ID", daemon->packet, &err);
-
-      if (strlen(data.interface) != 0)
-	my_setenv("DNSMASQ_INTERFACE", data.interface, &err);
-            
-#ifdef HAVE_BROKEN_RTC
-      my_setenv("DNSMASQ_LEASE_LENGTH", daemon->dhcp_buff2, &err);
-#else
-      my_setenv("DNSMASQ_LEASE_EXPIRES", daemon->dhcp_buff2, &err); 
-#endif
-      
-      if (domain)
-	my_setenv("DNSMASQ_DOMAIN", domain, &err);
-	     
-      end = extradata + data.ed_len;
-      buf = extradata;
-      
-      if (!is6)
-	buf = grab_extradata(buf, end, "DNSMASQ_VENDOR_CLASS", &err);
-#ifdef HAVE_DHCP6
-      else
-	{
-	  if (data.hwaddr_len != 0)
+	  if (is6)
 	    {
-	      buf = grab_extradata(buf, end, "DNSMASQ_VENDOR_CLASS_ID", &err);
-	      for (i = 0; i < data.hwaddr_len - 1; i++)
+	      my_setenv("DNSMASQ_IAID", daemon->dhcp_buff3, &err);
+	      my_setenv("DNSMASQ_SERVER_DUID", daemon->packet, &err);
+	    }
+	  
+	  if (!is6 && data.clid_len != 0)
+	    my_setenv("DNSMASQ_CLIENT_ID", daemon->packet, &err);
+	  
+	  if (strlen(data.interface) != 0)
+	    my_setenv("DNSMASQ_INTERFACE", data.interface, &err);
+	  
+#ifdef HAVE_BROKEN_RTC
+	  my_setenv("DNSMASQ_LEASE_LENGTH", daemon->dhcp_buff2, &err);
+#else
+	  my_setenv("DNSMASQ_LEASE_EXPIRES", daemon->dhcp_buff2, &err); 
+#endif
+	  
+	  if (domain)
+	    my_setenv("DNSMASQ_DOMAIN", domain, &err);
+	  
+	  end = extradata + data.ed_len;
+	  buf = extradata;
+	  
+	  if (!is6)
+	    buf = grab_extradata(buf, end, "DNSMASQ_VENDOR_CLASS", &err);
+#ifdef HAVE_DHCP6
+	  else
+	    {
+	      if (data.hwaddr_len != 0)
 		{
-		  sprintf(daemon->dhcp_buff2, "DNSMASQ_VENDOR_CLASS%i", i);
-		  buf = grab_extradata(buf, end, daemon->dhcp_buff2, &err);
+		  buf = grab_extradata(buf, end, "DNSMASQ_VENDOR_CLASS_ID", &err);
+		  for (i = 0; i < data.hwaddr_len - 1; i++)
+		    {
+		      sprintf(daemon->dhcp_buff2, "DNSMASQ_VENDOR_CLASS%i", i);
+		      buf = grab_extradata(buf, end, daemon->dhcp_buff2, &err);
+		    }
 		}
 	    }
-	}
 #endif
-
-      buf = grab_extradata(buf, end, "DNSMASQ_SUPPLIED_HOSTNAME", &err);
-      
-      if (!is6)
-	{
-	  buf = grab_extradata(buf, end, "DNSMASQ_CPEWAN_OUI", &err);
-	  buf = grab_extradata(buf, end, "DNSMASQ_CPEWAN_SERIAL", &err);   
-	  buf = grab_extradata(buf, end, "DNSMASQ_CPEWAN_CLASS", &err);
-	}
-      
-      buf = grab_extradata(buf, end, "DNSMASQ_TAGS", &err);
-
-      if (is6)
-	buf = grab_extradata(buf, end, "DNSMASQ_RELAY_ADDRESS", &err);
-      else if (data.giaddr.s_addr != 0)
-	my_setenv("DNSMASQ_RELAY_ADDRESS", inet_ntoa(data.giaddr), &err); 
-
-      for (i = 0; buf; i++)
-	{
-	  sprintf(daemon->dhcp_buff2, "DNSMASQ_USER_CLASS%i", i);
-	  buf = grab_extradata(buf, end, daemon->dhcp_buff2, &err);
-	}
-      
-      if (data.action != ACTION_DEL && data.remaining_time != 0)
-	{
-	  sprintf(daemon->dhcp_buff2, "%u", data.remaining_time);
-	  my_setenv("DNSMASQ_TIME_REMAINING", daemon->dhcp_buff2, &err);
-	}
-
-      if (data.action == ACTION_OLD_HOSTNAME && hostname)
-	{
-	  my_setenv("DNSMASQ_OLD_HOSTNAME", hostname, &err);
-	  hostname = NULL;
+	  
+	  buf = grab_extradata(buf, end, "DNSMASQ_SUPPLIED_HOSTNAME", &err);
+	  
+	  if (!is6)
+	    {
+	      buf = grab_extradata(buf, end, "DNSMASQ_CPEWAN_OUI", &err);
+	      buf = grab_extradata(buf, end, "DNSMASQ_CPEWAN_SERIAL", &err);   
+	      buf = grab_extradata(buf, end, "DNSMASQ_CPEWAN_CLASS", &err);
+	    }
+	  
+	  buf = grab_extradata(buf, end, "DNSMASQ_TAGS", &err);
+	  
+	  if (is6)
+	    buf = grab_extradata(buf, end, "DNSMASQ_RELAY_ADDRESS", &err);
+	  else if (data.giaddr.s_addr != 0)
+	    my_setenv("DNSMASQ_RELAY_ADDRESS", inet_ntoa(data.giaddr), &err); 
+	  
+	  for (i = 0; buf; i++)
+	    {
+	      sprintf(daemon->dhcp_buff2, "DNSMASQ_USER_CLASS%i", i);
+	      buf = grab_extradata(buf, end, daemon->dhcp_buff2, &err);
+	    }
+	  
+	  if (data.action != ACTION_DEL && data.remaining_time != 0)
+	    {
+	      sprintf(daemon->dhcp_buff2, "%u", data.remaining_time);
+	      my_setenv("DNSMASQ_TIME_REMAINING", daemon->dhcp_buff2, &err);
+	    }
+	  
+	  if (data.action == ACTION_OLD_HOSTNAME && hostname)
+	    {
+	      my_setenv("DNSMASQ_OLD_HOSTNAME", hostname, &err);
+	      hostname = NULL;
+	    }
 	}
 
+      if (option_bool(OPT_LOG_OPTS))
+	my_setenv("DNSMASQ_LOG_DHCP", "1", &err);
+	 
       /* we need to have the event_fd around if exec fails */
       if ((i = fcntl(event_fd, F_GETFD)) != -1)
 	fcntl(event_fd, F_SETFD, i | FD_CLOEXEC);
@@ -584,11 +624,29 @@ static unsigned char *grab_extradata_lua(unsigned char *buf, unsigned char *end,
 }
 #endif
 
+static void buff_alloc(size_t size)
+{
+  if (size > buf_size)
+    {
+      struct script_data *new;
+      
+      /* start with reasonable size, will almost never need extending. */
+      if (size < sizeof(struct script_data) + 200)
+	size = sizeof(struct script_data) + 200;
+
+      if (!(new = whine_malloc(size)))
+	return;
+      if (buf)
+	free(buf);
+      buf = new;
+      buf_size = size;
+    }
+}
+
 /* pack up lease data into a buffer */    
 void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now)
 {
   unsigned char *p;
-  size_t size;
   unsigned int hostname_len = 0, clid_len = 0, ed_len = 0;
   int fd = daemon->dhcpfd;
 
@@ -608,23 +666,7 @@ void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t n
   if (hostname)
     hostname_len = strlen(hostname) + 1;
 
-  size = sizeof(struct script_data) +  clid_len + ed_len + hostname_len;
-
-  if (size > buf_size)
-    {
-      struct script_data *new;
-      
-      /* start with reasonable size, will almost never need extending. */
-      if (size < sizeof(struct script_data) + 200)
-	size = sizeof(struct script_data) + 200;
-
-      if (!(new = whine_malloc(size)))
-	return;
-      if (buf)
-	free(buf);
-      buf = new;
-      buf_size = size;
-    }
+  buff_alloc(sizeof(struct script_data) +  clid_len + ed_len + hostname_len);
 
   buf->action = action;
   buf->flags = lease->flags;
@@ -669,6 +711,37 @@ void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t n
   bytes_in_buf = p - (unsigned char *)buf;
 }
 
+#ifdef HAVE_TFTP
+/* This nastily re-uses DHCP-fields for TFTP stuff */
+void queue_tftp(off_t file_len, char *filename, union mysockaddr *peer)
+{
+  unsigned int filename_len;
+
+  /* no script */
+  if (daemon->helperfd == -1)
+    return;
+  
+  filename_len = strlen(filename) + 1;
+  buff_alloc(sizeof(struct script_data) +  filename_len);
+  memset(buf, 0, sizeof(struct script_data));
+
+  buf->action = ACTION_TFTP;
+  buf->hostname_len = filename_len;
+  buf->hwaddr_len = file_len;
+
+  if ((buf->flags = peer->sa.sa_family) == AF_INET)
+    buf->addr = peer->in.sin_addr;
+#ifdef HAVE_IPV6
+  else
+    memcpy(buf->hwaddr, &peer->in6.sin6_addr, IN6ADDRSZ);
+#endif
+
+  memcpy((unsigned char *)(buf+1), filename, filename_len);
+  
+  bytes_in_buf = sizeof(struct script_data) +  filename_len;
+}
+#endif
+
 int helper_buf_empty(void)
 {
   return bytes_in_buf == 0;

src/lease.c

@@ -97,7 +97,8 @@ void lease_init(time_t now)
 	    if (hw_type == 0 && hw_len != 0)
 	      hw_type = ARPHRD_ETHER; 
 
-	    lease_set_hwaddr(lease, (unsigned char *)daemon->dhcp_buff2, (unsigned char *)daemon->packet, hw_len, hw_type, clid_len);
+	    lease_set_hwaddr(lease, (unsigned char *)daemon->dhcp_buff2, (unsigned char *)daemon->packet, 
+			     hw_len, hw_type, clid_len, now, 0);
 	    
 	    if (strcmp(daemon->dhcp_buff, "*") !=  0)
 	      lease_set_hostname(lease, daemon->dhcp_buff, 0, get_domain(lease->addr), NULL);
@@ -118,7 +119,7 @@ void lease_init(time_t now)
 	    
 	    if ((lease = lease6_allocate(&addr.addr.addr6, lease_type)))
 	      {
-		lease_set_hwaddr(lease, NULL, (unsigned char *)daemon->packet, 0, hw_type, clid_len);
+		lease_set_hwaddr(lease, NULL, (unsigned char *)daemon->packet, 0, hw_type, clid_len, now, 0);
 		
 		if (strcmp(daemon->dhcp_buff, "*") !=  0)
 		  lease_set_hostname(lease, daemon->dhcp_buff, 0, get_domain6((struct in6_addr *)lease->hwaddr), NULL);
@@ -175,16 +176,6 @@ void lease_init(time_t now)
   file_dirty = 0;
   lease_prune(NULL, now);
   dns_dirty = 1;
-
-#ifdef HAVE_DHCP6  
-  /* If we're not doing DHCPv6, and there are not v6 leases, don't add the DUID to the database */
-  if (!daemon->duid && daemon->dhcp6)
-    {
-      file_dirty = 1;
-      make_duid(now);
-    }
-#endif
-
 }
 
 void lease_update_from_configs(void)
@@ -313,7 +304,29 @@ void lease_update_file(time_t now)
     }
   
   /* Set alarm for when the first lease expires + slop. */
-  for (next_event = 0, lease = leases; lease; lease = lease->next)
+  next_event = 0;
+
+#ifdef HAVE_DHCP6
+  /* do timed RAs and determine when the next is, also pings to potential SLAAC addresses */
+  if (daemon->ra_contexts)
+    {
+      time_t event;
+      
+      if ((event = periodic_slaac(now, leases)) != 0)
+	{
+	  if (next_event == 0 || difftime(next_event, event) > 0.0)
+	    next_event = event;
+	}
+      
+      if ((event = periodic_ra(now)) != 0)
+	{
+	  if (next_event == 0 || difftime(next_event, event) > 0.0)
+	    next_event = event;
+	}
+    }
+#endif
+
+  for (lease = leases; lease; lease = lease->next)
     if (lease->expires != 0 &&
 	(next_event == 0 || difftime(next_event, lease->expires + 10) > 0.0))
       next_event = lease->expires + 10;
@@ -328,24 +341,107 @@ void lease_update_file(time_t now)
 		(unsigned int)difftime(next_event, now));
     }
 
-  if (next_event != 0)
-    alarm((unsigned)difftime(next_event, now)); 
+  send_alarm(next_event, now);
 }
 
-void lease_update_dns(void)
+
+static int find_interface_v4(struct in_addr local, int if_index, 
+			     struct in_addr netmask, struct in_addr broadcast, void *vparam)
 {
   struct dhcp_lease *lease;
   
-  if (daemon->port != 0 && dns_dirty)
+  (void) broadcast;
+  (void) vparam;
+
+  for (lease = leases; lease; lease = lease->next)
+    if (!(lease->flags & (LEASE_TA | LEASE_NA)))
+      if (is_same_net(local, lease->addr, netmask))
+	lease_set_interface(lease, if_index, *((time_t *)vparam));
+  
+  return 1;
+}
+
+#ifdef HAVE_DHCP6
+static int find_interface_v6(struct in6_addr *local,  int prefix,
+			     int scope, int if_index, int dad, void *vparam)
+{
+  struct dhcp_lease *lease;
+  
+  (void)scope;
+  (void)dad;
+
+  for (lease = leases; lease; lease = lease->next)
+    if ((lease->flags & (LEASE_TA | LEASE_NA)))
+      if (is_same_net6(local, (struct in6_addr *)&lease->hwaddr, prefix))
+	lease_set_interface(lease, if_index, *((time_t *)vparam));
+  
+  return 1;
+}
+
+void lease_ping_reply(struct in6_addr *sender, unsigned char *packet, char *interface)
+{
+  /* We may be doing RA but not DHCPv4, in which case the lease
+     database may not exist and we have nothing to do anyway */
+  if (daemon->dhcp)
+    slaac_ping_reply(sender, packet, interface, leases);
+}
+
+#endif
+
+
+/* Find interfaces associated with leases at start-up. This gets updated as
+   we do DHCP transactions, but information about directly-connected subnets
+   is useful from scrips and necessary for determining SLAAC addresses from
+   start-time. */
+void lease_find_interfaces(time_t now)
+{
+#ifdef HAVE_DHCP6
+  build_subnet_map();
+#endif
+
+  iface_enumerate(AF_INET, &now, find_interface_v4);
+#ifdef HAVE_DHCP6
+  iface_enumerate(AF_INET6, &now, find_interface_v6);
+
+  /* If we're not doing DHCPv6, and there are not v6 leases, don't add the DUID to the database */
+  if (!daemon->duid && daemon->dhcp6)
+    {
+      file_dirty = 1;
+      make_duid(now);
+    }
+#endif
+}
+
+
+
+void lease_update_dns(int force)
+{
+  struct dhcp_lease *lease;
+
+  if (daemon->port != 0 && (dns_dirty || force))
     {
       cache_unhash_dhcp();
-      
+
       for (lease = leases; lease; lease = lease->next)
 	{
 	  int prot = AF_INET;
+	  
 #ifdef HAVE_DHCP6
 	  if (lease->flags & (LEASE_TA | LEASE_NA))
 	    prot = AF_INET6;
+	  else if (lease->hostname || lease->fqdn)
+	    {
+	      struct slaac_address *slaac;
+
+	      for (slaac = lease->slaac_address; slaac; slaac = slaac->next)
+		if (slaac->backoff == 0)
+		  {
+		    if (lease->fqdn)
+		      cache_add_dhcp_entry(lease->fqdn, AF_INET6, (struct all_addr *)&slaac->addr, lease->expires);
+		    if (!option_bool(OPT_DHCP_FQDN) && lease->hostname)
+		      cache_add_dhcp_entry(lease->hostname, AF_INET6, (struct all_addr *)&slaac->addr, lease->expires);
+		  }
+	    }
 #endif
 	  
 	  if (lease->fqdn)
@@ -606,14 +702,23 @@ void lease_set_expires(struct dhcp_lease *lease, unsigned int len, time_t now)
   if (len != lease->length)
     {
       lease->length = len;
-      lease->aux_changed = file_dirty = 1; 
+      lease->flags |= LEASE_AUX_CHANGED;
+      file_dirty = 1; 
     }
 #endif
 } 
 
 void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
-		      unsigned char *clid, int hw_len, int hw_type, int clid_len)
+		      unsigned char *clid, int hw_len, int hw_type, int clid_len, 
+		      time_t now, int force)
 {
+#ifdef HAVE_DHCP6
+  int change = force;
+  lease->flags |= LEASE_HAVE_HWADDR;
+#endif
+
+  (void)force;
+
   if (hw_len != lease->hwaddr_len ||
       hw_type != lease->hwaddr_type || 
       (hw_len != 0 && memcmp(lease->hwaddr, hwaddr, hw_len) != 0))
@@ -624,6 +729,9 @@ void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
       lease->hwaddr_type = hw_type;
       lease->flags |= LEASE_CHANGED;
       file_dirty = 1; /* run script on change */
+#ifdef HAVE_DHCP6
+      change = 1;
+#endif
     }
 
   /* only update clid when one is available, stops packets
@@ -641,17 +749,27 @@ void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
 	  free(lease->clid);
 	  if (!(lease->clid = whine_malloc(clid_len)))
 	    return;
+#ifdef HAVE_DHCP6
+	  change = 1;
+#endif	   
 	}
       else if (memcmp(lease->clid, clid, clid_len) != 0)
 	{
 	  lease->flags |= LEASE_AUX_CHANGED;
 	  file_dirty = 1;
+#ifdef HAVE_DHCP6
+	  change = 1;
+#endif	
 	}
-
+      
       lease->clid_len = clid_len;
       memcpy(lease->clid, clid, clid_len);
     }
-
+  
+#ifdef HAVE_DHCP6
+  if (change)
+    slaac_add_addrs(lease, now, force);
+#endif
 }
 
 static void kill_name(struct dhcp_lease *lease)
@@ -769,13 +887,17 @@ void lease_set_hostname(struct dhcp_lease *lease, char *name, int auth, char *do
   lease->flags |= LEASE_CHANGED; /* run script on change */
 }
 
-void lease_set_interface(struct dhcp_lease *lease, int interface)
+void lease_set_interface(struct dhcp_lease *lease, int interface, time_t now)
 {
   if (lease->last_interface == interface)
     return;
 
   lease->last_interface = interface;
   lease->flags |= LEASE_CHANGED; 
+
+#ifdef HAVE_DHCP6
+  slaac_add_addrs(lease, now, 0);
+#endif
 }
 
 void rerun_scripts(void)
@@ -818,6 +940,14 @@ int do_script_run(time_t now)
 	}
       else 
 	{
+#ifdef HAVE_DHCP6
+	  struct slaac_address *slaac, *tmp;
+	  for (slaac = lease->slaac_address; slaac; slaac = tmp)
+	    {
+	      tmp = slaac->next;
+	      free(slaac);
+	    }
+#endif
 	  kill_name(lease);
 #ifdef HAVE_SCRIPT
 	  queue_script(ACTION_DEL, lease, lease->old_hostname, now);

src/netlink.c

@@ -38,7 +38,7 @@
 static struct iovec iov;
 static u32 netlink_pid;
 
-static void nl_err(struct nlmsghdr *h);
+static int nl_async(struct nlmsghdr *h);
 static void nl_routechange(struct nlmsghdr *h);
 
 void netlink_init(void)
@@ -49,10 +49,13 @@ void netlink_init(void)
   addr.nl_family = AF_NETLINK;
   addr.nl_pad = 0;
   addr.nl_pid = 0; /* autobind */
-#ifdef HAVE_IPV6
-  addr.nl_groups = RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE;
-#else
   addr.nl_groups = RTMGRP_IPV4_ROUTE;
+  if (option_bool(OPT_CLEVERBIND))
+    addr.nl_groups |= RTMGRP_IPV4_IFADDR;
+#ifdef HAVE_IPV6
+  addr.nl_groups |= RTMGRP_IPV6_ROUTE;
+  if (daemon->ra_contexts || option_bool(OPT_CLEVERBIND))
+    addr.nl_groups |= RTMGRP_IPV6_IFADDR;
 #endif
   
   /* May not be able to have permission to set multicast groups don't die in that case */
@@ -136,6 +139,7 @@ int iface_enumerate(int family, void *parm, int (*callback)())
   struct nlmsghdr *h;
   ssize_t len;
   static unsigned int seq = 0;
+  int callback_ok = 1, newaddr = 0;
 
   struct {
     struct nlmsghdr nlh;
@@ -181,12 +185,24 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 	}
 
       for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
-	if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid)
-	  nl_routechange(h); /* May be multicast arriving async */
-	else if (h->nlmsg_type == NLMSG_ERROR)
-	  nl_err(h);
+	if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
+	  {
+	    /* May be multicast arriving async */
+	    if (nl_async(h) && option_bool(OPT_CLEVERBIND))
+	      newaddr = 1; 
+	  }
 	else if (h->nlmsg_type == NLMSG_DONE)
-	  return 1;
+	  {
+	    /* handle async new interface address arrivals, these have to be done
+	       after we complete as we're not re-entrant */
+	    if (newaddr) 
+	      {
+		enumerate_interfaces();
+		create_bound_listeners(0);
+	      }
+	    
+	    return callback_ok;
+	  }
 	else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL)
 	  {
 	    struct ifaddrmsg *ifa = NLMSG_DATA(h);  
@@ -213,9 +229,9 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 			rta = RTA_NEXT(rta, len1);
 		      }
 		    
-		    if (addr.s_addr)
+		    if (addr.s_addr && callback_ok)
 		      if (!((*callback)(addr, ifa->ifa_index, netmask, broadcast, parm)))
-			return 0;
+			callback_ok = 0;
 		  }
 #ifdef HAVE_IPV6
 		else if (ifa->ifa_family == AF_INET6)
@@ -229,10 +245,10 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 			rta = RTA_NEXT(rta, len1);
 		      }
 		    
-		    if (addrp)
+		    if (addrp && callback_ok)
 		      if (!((*callback)(addrp, (int)(ifa->ifa_prefixlen), (int)(ifa->ifa_scope), 
 					(int)(ifa->ifa_index), (int)(ifa->ifa_flags & IFA_F_TENTATIVE), parm)))
-			return 0;
+			callback_ok = 0;
 		  }
 #endif
 	      }
@@ -258,9 +274,9 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 		rta = RTA_NEXT(rta, len1);
 	      }
 
-	    if (inaddr && mac)
+	    if (inaddr && mac && callback_ok)
 	      if (!((*callback)(neigh->ndm_family, inaddr, mac, maclen, parm)))
-		return 0;
+		callback_ok = 0;
 	  }
 #ifdef HAVE_DHCP6
 	else if (h->nlmsg_type == RTM_NEWLINK && family == AF_LOCAL)
@@ -282,9 +298,9 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 		rta = RTA_NEXT(rta, len1);
 	      }
 
-	    if (mac && !((link->ifi_flags & (IFF_LOOPBACK | IFF_POINTOPOINT))) && 
-		!((*callback)((unsigned int)link->ifi_type, mac, maclen, parm)))
-	      return 0;
+	    if (mac && callback_ok && !((link->ifi_flags & (IFF_LOOPBACK | IFF_POINTOPOINT))) && 
+		!((*callback)((int)link->ifi_index, (unsigned int)link->ifi_type, mac, maclen, parm)))
+	      callback_ok = 0;
 	  }
 #endif
     }
@@ -294,7 +310,7 @@ void netlink_multicast(void)
 {
   ssize_t len;
   struct nlmsghdr *h;
-  int flags;
+  int flags, newaddr = 0;
   
   /* don't risk blocking reading netlink messages here. */
   if ((flags = fcntl(daemon->netlinkfd, F_GETFL)) == -1 ||
@@ -302,59 +318,83 @@ void netlink_multicast(void)
     return;
   
   if ((len = netlink_recv()) != -1)
-    {
-      for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
-	if (h->nlmsg_type == NLMSG_ERROR)
-	  nl_err(h);
-	else
-	  nl_routechange(h);
-    }
-
-  /* restore non-blocking status */
-  fcntl(daemon->netlinkfd, F_SETFL, flags); 
-}
-
-static void nl_err(struct nlmsghdr *h)
-{
-  struct nlmsgerr *err = NLMSG_DATA(h);
+    for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+      if (nl_async(h) && option_bool(OPT_CLEVERBIND))
+	newaddr = 1;
   
-  if (err->error != 0)
-    my_syslog(LOG_ERR, _("netlink returns error: %s"), strerror(-(err->error)));
+  /* restore non-blocking status */
+  fcntl(daemon->netlinkfd, F_SETFL, flags);
+
+  if (newaddr) 
+    {
+      enumerate_interfaces();
+      create_bound_listeners(0);
+    }
 }
 
+static int nl_async(struct nlmsghdr *h)
+{
+  if (h->nlmsg_type == NLMSG_ERROR)
+    {
+      struct nlmsgerr *err = NLMSG_DATA(h);
+      my_syslog(LOG_ERR, _("netlink returns error: %s"), strerror(-(err->error)));
+      return 0;
+    }
+  else if (h->nlmsg_pid == 0 && h->nlmsg_type == RTM_NEWROUTE) 
+    {
+      nl_routechange(h);
+      return 0;
+    }
+  else if (h->nlmsg_type == RTM_NEWADDR) 
+	{
+#ifdef HAVE_DHCP6
+	  /* force RAs to sync new network and pick up new interfaces.  */
+	  if (daemon->ra_contexts)
+	    {
+	      schedule_subnet_map();
+	      ra_start_unsolicted(dnsmasq_time(), NULL);
+	      /* cause lease_update_file to run after we return, in case we were called from
+		 iface_enumerate and can't re-enter it now */
+	      send_alarm(0, 0);
+	    }
+	  return 1; /* clever bind mode - rescan */
+	}
+#endif	 
+
+  return 0;
+}
+  
 /* We arrange to receive netlink multicast messages whenever the network route is added.
    If this happens and we still have a DNS packet in the buffer, we re-send it.
    This helps on DoD links, where frequently the packet which triggers dialling is
    a DNS query, which then gets lost. By re-sending, we can avoid the lookup
-   failing. Note that we only accept these messages from the kernel (pid == 0) */ 
+   failing. */ 
 static void nl_routechange(struct nlmsghdr *h)
 {
-  if (h->nlmsg_pid == 0 && h->nlmsg_type == RTM_NEWROUTE)
+  struct rtmsg *rtm = NLMSG_DATA(h);
+  int fd;
+  
+  if (rtm->rtm_type != RTN_UNICAST || rtm->rtm_scope != RT_SCOPE_LINK)
+    return;
+  
+  /* Force re-reading resolv file right now, for luck. */
+  daemon->last_resolv = 0;
+  
+  if (daemon->srv_save)
     {
-      struct rtmsg *rtm = NLMSG_DATA(h);
-      int fd;
-
-      if (rtm->rtm_type != RTN_UNICAST || rtm->rtm_scope != RT_SCOPE_LINK)
+      if (daemon->srv_save->sfd)
+	fd = daemon->srv_save->sfd->fd;
+      else if (daemon->rfd_save && daemon->rfd_save->refcount != 0)
+	fd = daemon->rfd_save->fd;
+      else
 	return;
-
-      /* Force re-reading resolv file right now, for luck. */
-      daemon->last_resolv = 0;
       
-      if (daemon->srv_save)
-	{
-	  if (daemon->srv_save->sfd)
-	    fd = daemon->srv_save->sfd->fd;
-	  else if (daemon->rfd_save && daemon->rfd_save->refcount != 0)
-	    fd = daemon->rfd_save->fd;
-	  else
-	    return;
-	  
-	  while(sendto(fd, daemon->packet, daemon->packet_len, 0,
-		       &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
-	}
+      while(sendto(fd, daemon->packet, daemon->packet_len, 0,
+		   &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
     }
 }
 
+
 #endif
 
       

src/network.c

@@ -162,6 +162,7 @@ static int iface_allowed(struct irec **irecp, int if_index,
   int fd, mtu = 0, loopback;
   struct ifreq ifr;
   int tftp_ok = daemon->tftp_unlimited;
+  int dhcp_ok = 1;
 #ifdef HAVE_DHCP
   struct iname *tmp;
 #endif
@@ -190,6 +191,9 @@ static int iface_allowed(struct irec **irecp, int if_index,
     }
    
   loopback = ifr.ifr_flags & IFF_LOOPBACK;
+  
+  if (loopback)
+     dhcp_ok = 0;
 
   if (ioctl(fd, SIOCGIFMTU, &ifr) != -1)
     mtu = ifr.ifr_mtu;
@@ -203,17 +207,14 @@ static int iface_allowed(struct irec **irecp, int if_index,
       struct iname *lo;
       for (lo = daemon->if_names; lo; lo = lo->next)
 	if (lo->name && strcmp(lo->name, ifr.ifr_name) == 0)
-	  {
-	    lo->isloop = 1;
-	    break;
-	  }
+	  break;
       
       if (!lo && 
 	  (lo = whine_malloc(sizeof(struct iname))) &&
 	  (lo->name = whine_malloc(strlen(ifr.ifr_name)+1)))
 	{
 	  strcpy(lo->name, ifr.ifr_name);
-	  lo->isloop = lo->used = 1;
+	  lo->used = 1;
 	  lo->next = daemon->if_names;
 	  daemon->if_names = lo;
 	}
@@ -238,7 +239,10 @@ static int iface_allowed(struct irec **irecp, int if_index,
 #ifdef HAVE_DHCP
       for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
 	if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
-	  tftp_ok = 0;
+	  {
+	    tftp_ok = 0;
+	    dhcp_ok = 0;
+	  }
 #endif
       
 #ifdef HAVE_IPV6
@@ -254,14 +258,18 @@ static int iface_allowed(struct irec **irecp, int if_index,
       iface->addr = *addr;
       iface->netmask = netmask;
       iface->tftp_ok = tftp_ok;
+      iface->dhcp_ok = dhcp_ok;
       iface->mtu = mtu;
       iface->dad = dad;
       iface->done = 0;
       if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1)))
-	strcpy(iface->name, ifr.ifr_name);
-      iface->next = *irecp;
-      *irecp = iface;
-      return 1;
+	{
+	  strcpy(iface->name, ifr.ifr_name);
+	  iface->next = *irecp;
+	  *irecp = iface;
+	  return 1;
+	}
+      free(iface);
     }
   
   errno = ENOMEM; 
@@ -339,6 +347,7 @@ static int make_sock(union mysockaddr *addr, int type, int dienow)
   if ((fd = socket(family, type, 0)) == -1)
     {
       int port;
+      char *s;
 
       /* No error if the kernel just doesn't support this IP flavour */
       if (errno == EPROTONOSUPPORT ||
@@ -347,15 +356,15 @@ static int make_sock(union mysockaddr *addr, int type, int dienow)
 	return -1;
       
     err:
+      port = prettyprint_addr(addr, daemon->addrbuff);
+      if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
+	sprintf(daemon->addrbuff, "port %d", port);
+      s = _("failed to create listening socket for %s: %s");
+      
       if (dienow)
-	{
-	  port = prettyprint_addr(addr, daemon->namebuff);
-	  if (!option_bool(OPT_NOWILD))
-	    sprintf(daemon->namebuff, "port %d", port);
-	  die(_("failed to create listening socket for %s: %s"), 
-	      daemon->namebuff, EC_BADNET);
-	
-	}
+	die(s, daemon->addrbuff, EC_BADNET);
+      
+      my_syslog(LOG_ERR, s, daemon->addrbuff, strerror(errno));
       return -1;
     }	
 
@@ -511,6 +520,7 @@ void create_bound_listeners(int dienow)
 {
   struct listener *new;
   struct irec *iface;
+  struct iname *if_tmp;
 
   for (iface = daemon->interfaces; iface; iface = iface->next)
     if (!iface->done && !iface->dad && 
@@ -521,6 +531,25 @@ void create_bound_listeners(int dienow)
 	daemon->listeners = new;
 	iface->done = 1;
       }
+
+  /* Check for --listen-address options that haven't been used because there's
+     no interface with a matching address. These may be valid: eg it's possible
+     to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
+
+     If the address isn't valid the bind() will fail and we'll die().
+
+     The resulting listeners have the ->iface field NULL, and this has to be
+     handled by the DNS and TFTP code. It disables --localise-queries processing
+     (no netmask) and some MTU login the tftp code. */
+
+  for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
+    if (!if_tmp->used && 
+	(new = create_listeners(&if_tmp->addr, daemon->tftp_unlimited, dienow)))
+      {
+	new->iface = NULL;
+	new->next = daemon->listeners;
+	daemon->listeners = new;
+      }
 }
 
 int is_dad_listeners(void)

src/option.c

@@ -114,6 +114,12 @@ struct myoption {
 #define LOPT_CONNTRACK 303
 #define LOPT_FQDN      304
 #define LOPT_LUASCRIPT 305
+#define LOPT_RA        306
+#define LOPT_DUID      307
+#define LOPT_HOST_REC  308
+#define LOPT_TFTP_LC   309
+#define LOPT_RR        310
+#define LOPT_CLVERBIND 311
 
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
@@ -177,6 +183,7 @@ static const struct myoption opts[] =
     { "srv-host", 1, 0, 'W' },
     { "localise-queries", 0, 0, 'y' },
     { "txt-record", 1, 0, 'Y' },
+    { "dns-rr", 1, 0, LOPT_RR },
     { "enable-dbus", 0, 0, '1' },
     { "bootp-dynamic", 2, 0, '3' },
     { "dhcp-mac", 1, 0, '4' },
@@ -193,6 +200,7 @@ static const struct myoption opts[] =
     { "tftp-unique-root", 0, 0, LOPT_APREF },
     { "tftp-root", 1, 0, LOPT_PREFIX },
     { "tftp-max", 1, 0, LOPT_TFTP_MAX },
+    { "tftp-lowercase", 0, 0, LOPT_TFTP_LC },
     { "ptr-record", 1, 0, LOPT_PTR },
     { "naptr-record", 1, 0, LOPT_NAPTR },
     { "bridge-interface", 1, 0 , LOPT_BRIDGE },
@@ -233,6 +241,10 @@ static const struct myoption opts[] =
     { "conntrack", 0, 0, LOPT_CONNTRACK },
     { "dhcp-client-update", 0, 0, LOPT_FQDN },
     { "dhcp-luascript", 1, 0, LOPT_LUASCRIPT },
+    { "enable-ra", 0, 0, LOPT_RA },
+    { "dhcp-duid", 1, 0, LOPT_DUID },
+    { "host-record", 1, 0, LOPT_HOST_REC },
+    { "bind-dynamic", 0, 0, LOPT_CLVERBIND },
     { NULL, 0, 0, 0 }
   };
 
@@ -331,11 +343,12 @@ static struct {
   { LOPT_NO_NAMES, ARG_DUP, "[=tag:<tag>]...", gettext_noop("Ignore hostnames provided by DHCP clients."), NULL },
   { LOPT_OVERRIDE, OPT_NO_OVERRIDE, NULL, gettext_noop("Do NOT reuse filename and server fields for extra DHCP options."), NULL },
   { LOPT_TFTP, ARG_DUP, "[=<interface>]", gettext_noop("Enable integrated read-only TFTP server."), NULL },
-  { LOPT_PREFIX, ARG_ONE, "<dir>[,<iface>]", gettext_noop("Export files by TFTP only from the specified subtree."), NULL },
+  { LOPT_PREFIX, ARG_DUP, "<dir>[,<iface>]", gettext_noop("Export files by TFTP only from the specified subtree."), NULL },
   { LOPT_APREF, OPT_TFTP_APREF, NULL, gettext_noop("Add client IP address to tftp-root."), NULL },
   { LOPT_SECURE, OPT_TFTP_SECURE, NULL, gettext_noop("Allow access only to files owned by the user running dnsmasq."), NULL },
   { LOPT_TFTP_MAX, ARG_ONE, "<integer>", gettext_noop("Maximum number of conncurrent TFTP transfers (defaults to %s)."), "#" },
   { LOPT_NOBLOCK, OPT_TFTP_NOBLOCK, NULL, gettext_noop("Disable the TFTP blocksize extension."), NULL },
+  { LOPT_TFTP_LC, OPT_TFTP_LC, NULL, gettext_noop("Convert TFTP filenames to lowercase"), NULL },
   { LOPT_TFTPPORTS, ARG_ONE, "<start>,<end>", gettext_noop("Ephemeral port range for use by TFTP transfers."), NULL },
   { LOPT_LOG_OPTS, OPT_LOG_OPTS, NULL, gettext_noop("Extra logging for DHCP."), NULL },
   { LOPT_MAX_LOGS, ARG_ONE, "[=<integer>]", gettext_noop("Enable async. logging; optionally set queue length."), NULL },
@@ -359,242 +372,14 @@ static struct {
   { LOPT_INCR_ADDR, OPT_CONSEC_ADDR, NULL, gettext_noop("Attempt to allocate sequential IP addresses to DHCP clients."), NULL },
   { LOPT_CONNTRACK, OPT_CONNTRACK, NULL, gettext_noop("Copy connection-track mark from queries to upstream connections."), NULL },
   { LOPT_FQDN, OPT_FQDN_UPDATE, NULL, gettext_noop("Allow DHCP clients to do their own DDNS updates."), NULL },
+  { LOPT_RA, OPT_RA, NULL, gettext_noop("Send router-advertisements for interfaces doing DHCPv6"), NULL },
+  { LOPT_DUID, ARG_ONE, "<enterprise>,<duid>", gettext_noop("Specify DUID_EN-type DHCPv6 server DUID"), NULL },
+  { LOPT_HOST_REC, ARG_DUP, "<name>,<address>", gettext_noop("Specify host (A/AAAA and PTR) records"), NULL },
+  { LOPT_RR, ARG_DUP, "<name>,<RR-number>,[<data>]", gettext_noop("Specify arbitrary DNS resource record"), NULL },
+  { LOPT_CLVERBIND, OPT_CLEVERBIND, NULL, gettext_noop("Bind to interfaces in use - check for new interfaces"), NULL},
   { 0, 0, NULL, NULL, NULL }
 }; 
 
-#ifdef HAVE_DHCP
-
-#define OT_ADDR_LIST    0x8000
-#define OT_RFC1035_NAME 0x4000
-#define OT_INTERNAL     0x2000
-#define OT_NAME         0x1000
-#define OT_CSTRING      0x0800
-
-static const struct opttab_t {
-  char *name;
-  u16 val, size;
-} opttab[] = {
-  { "netmask", 1, OT_ADDR_LIST },
-  { "time-offset", 2, 4 },
-  { "router", 3, OT_ADDR_LIST  },
-  { "dns-server", 6, OT_ADDR_LIST },
-  { "log-server", 7, OT_ADDR_LIST },
-  { "lpr-server", 9, OT_ADDR_LIST },
-  { "hostname", 12, OT_INTERNAL | OT_NAME },
-  { "boot-file-size", 13, 2 },
-  { "domain-name", 15, OT_NAME },
-  { "swap-server", 16, OT_ADDR_LIST },
-  { "root-path", 17, OT_NAME },
-  { "extension-path", 18, OT_NAME },
-  { "ip-forward-enable", 19, 1 },
-  { "non-local-source-routing", 20, 1 },
-  { "policy-filter", 21, OT_ADDR_LIST },
-  { "max-datagram-reassembly", 22, 2 },
-  { "default-ttl", 23, 1 },
-  { "mtu", 26, 2 },
-  { "all-subnets-local", 27, 1 },
-  { "broadcast", 28, OT_INTERNAL | OT_ADDR_LIST },
-  { "router-discovery", 31, 1 },
-  { "router-solicitation", 32, OT_ADDR_LIST },
-  { "static-route", 33, OT_ADDR_LIST },
-  { "trailer-encapsulation", 34, 1 },
-  { "arp-timeout", 35, 4 },
-  { "ethernet-encap", 36, 1 },
-  { "tcp-ttl", 37, 1 },
-  { "tcp-keepalive", 38, 4 },
-  { "nis-domain", 40, OT_NAME },
-  { "nis-server", 41, OT_ADDR_LIST },
-  { "ntp-server", 42, OT_ADDR_LIST },
-  { "vendor-encap", 43, OT_INTERNAL },
-  { "netbios-ns", 44, OT_ADDR_LIST },
-  { "netbios-dd", 45, OT_ADDR_LIST },
-  { "netbios-nodetype", 46, 1 },
-  { "netbios-scope", 47, 0 },
-  { "x-windows-fs", 48, OT_ADDR_LIST },
-  { "x-windows-dm", 49, OT_ADDR_LIST },
-  { "requested-address", 50, OT_INTERNAL | OT_ADDR_LIST },
-  { "lease-time", 51, OT_INTERNAL },
-  { "option-overload", 52, OT_INTERNAL },
-  { "message-type", 53, OT_INTERNAL, },
-  { "server-identifier", 54, OT_INTERNAL | OT_ADDR_LIST },
-  { "parameter-request", 55, OT_INTERNAL },
-  { "message", 56, OT_INTERNAL },
-  { "max-message-size", 57, OT_INTERNAL },
-  { "T1", 58, OT_INTERNAL },
-  { "T2", 59, OT_INTERNAL },
-  { "vendor-class", 60, 0 },
-  { "client-id", 61, OT_INTERNAL },
-  { "nis+-domain", 64, OT_NAME },
-  { "nis+-server", 65, OT_ADDR_LIST },
-  { "tftp-server", 66, OT_NAME },
-  { "bootfile-name", 67, OT_NAME },
-  { "mobile-ip-home", 68, OT_ADDR_LIST }, 
-  { "smtp-server", 69, OT_ADDR_LIST }, 
-  { "pop3-server", 70, OT_ADDR_LIST }, 
-  { "nntp-server", 71, OT_ADDR_LIST }, 
-  { "irc-server", 74, OT_ADDR_LIST }, 
-  { "user-class", 77, 0 },
-  { "FQDN", 81, OT_INTERNAL },
-  { "agent-id", 82, OT_INTERNAL },
-  { "client-arch", 93, 2 },
-  { "client-interface-id", 94, 0 },
-  { "client-machine-id", 97, 0 },
-  { "subnet-select", 118, OT_INTERNAL },
-  { "domain-search", 119, OT_RFC1035_NAME },
-  { "sip-server", 120, 0 },
-  { "classless-static-route", 121, 0 },
-  { "vendor-id-encap", 125, 0 },
-  { "server-ip-address", 255, OT_ADDR_LIST }, /* special, internal only, sets siaddr */
-  { NULL, 0, 0 }
-};
-
-#ifdef HAVE_DHCP6
-static const struct opttab_t opttab6[] = {
-  { "client-id", 1, OT_INTERNAL },
-  { "server-id", 2, OT_INTERNAL },
-  { "ia-na", 3, OT_INTERNAL },
-  { "ia-ta", 4, OT_INTERNAL },
-  { "iaaddr", 5, OT_INTERNAL },
-  { "oro", 6, OT_INTERNAL },
-  { "preference", 7, OT_INTERNAL },
-  { "unicast", 12, OT_INTERNAL },
-  { "status-code", 13, OT_INTERNAL },
-  { "rapid-commit", 14, OT_INTERNAL },
-  { "user-class", 15, OT_INTERNAL | OT_CSTRING },
-  { "vendor-class", 16, OT_INTERNAL | OT_CSTRING },
-  { "vendor-opts", 17, OT_INTERNAL },
-  { "sip-server-domain", 21,  OT_RFC1035_NAME },
-  { "sip-server", 22, OT_ADDR_LIST },
-  { "dns-server", 23, OT_ADDR_LIST },
-  { "domain-search", 24, OT_RFC1035_NAME },
-  { "nis-server", 27, OT_ADDR_LIST },
-  { "nis+-server", 28, OT_ADDR_LIST },
-  { "nis-domain", 29,  OT_RFC1035_NAME },
-  { "nis+-domain", 30, OT_RFC1035_NAME },
-  { "sntp-server", 31,  OT_ADDR_LIST },
-  { "FQDN", 39, OT_INTERNAL | OT_RFC1035_NAME },
-  { "ntp-server", 56,  OT_ADDR_LIST },
-  { "bootfile-url", 59, OT_NAME },
-  { "bootfile-param", 60, OT_CSTRING },
-  { NULL, 0, 0 }
-};
-#endif
-
-
-char *option_string(int prot, unsigned int opt, unsigned char *val, int opt_len, char *buf, int buf_len)
-{
-  int o, i, j, nodecode = 0;
-  const struct opttab_t *ot = opttab;
-
-#ifdef HAVE_DHCP6
-  if (prot == AF_INET6)
-    ot = opttab6;
-#endif
-
-  for (o = 0; ot[o].name; o++)
-    if (ot[o].val == opt)
-      {
-	if (buf)
-	  {
-	    memset(buf, 0, buf_len);
-	    
-	    if (ot[o].size & OT_ADDR_LIST) 
-	      {
-		struct all_addr addr;
-		int addr_len = INADDRSZ;
-
-#ifdef HAVE_DHCP6
-		if (prot == AF_INET6)
-		  addr_len = IN6ADDRSZ;
-#endif
-		for (buf[0]= 0, i = 0; i <= opt_len - addr_len; i += addr_len) 
-		  {
-		    if (i != 0)
-		      strncat(buf, ", ", buf_len - strlen(buf));
-		    /* align */
-		    memcpy(&addr, &val[i], addr_len); 
-		    inet_ntop(prot, &val[i], daemon->addrbuff, ADDRSTRLEN);
-		    strncat(buf, daemon->addrbuff, buf_len - strlen(buf));
-		  }
-	      }
-	    else if (ot[o].size & OT_NAME)
-		for (i = 0, j = 0; i < opt_len && j < buf_len ; i++)
-		  {
-		    char c = val[i];
-		    if (isprint((int)c))
-		      buf[j++] = c;
-		  }
-#ifdef HAVE_DHCP6
-	    /* We don't handle compressed rfc1035 names, so no good in IPv4 land */
-	    else if ((ot[o].size & OT_RFC1035_NAME) && prot == AF_INET6)
-	      {
-		i = 0, j = 0;
-		while (i < opt_len && val[i] != 0)
-		  {
-		    int k, l = i + val[i] + 1;
-		    for (k = i + 1; k < opt_len && k < l && j < buf_len ; k++)
-		     {
-		       char c = val[k];
-		       if (isprint((int)c))
-			 buf[j++] = c;
-		     }
-		    i = l;
-		    if (val[i] != 0 && j < buf_len)
-		      buf[j++] = '.';
-		  }
-	      }
-	    else if ((ot[o].size & OT_CSTRING))
-	      {
-		int k, len;
-		unsigned char *p;
-
-		i = 0, j = 0;
-		while (1)
-		  {
-		    p = &val[i];
-		    GETSHORT(len, p);
-		    for (k = 0; k < len && j < buf_len; k++)
-		      {
-		       char c = *p++;
-		       if (isprint((int)c))
-			 buf[j++] = c;
-		     }
-		    i += len +2;
-		    if (i >= opt_len)
-		      break;
-
-		    if (j < buf_len)
-		      buf[j++] = ',';
-		  }
-	      }	      
-#endif
-	    else 
-	      nodecode = 1;
-	  }
-	break;
-      }
-
-  if (buf && (!ot[o].name || nodecode))
-    {
-      int trunc  = 0;
-      if (opt_len > 13)
-	{
-	  trunc = 1;
-	  opt_len = 13;
-	}
-      print_mac(buf, val, opt_len);
-      if (trunc)
-	strncat(buf, "...", buf_len - strlen(buf));
-    
-
-    }
-
-  return ot[o].name ? ot[o].name : "";
-
-}
-
-#endif
-
 /* We hide metacharaters in quoted strings by mapping them into the ASCII control
    character space. Note that the \0, \t \b \r \033 and \n characters are carefully placed in the
    following sequence so that they map to themselves: it is therefore possible to call
@@ -817,29 +602,6 @@ static void do_usage(void)
 }
 
 #ifdef HAVE_DHCP
-static void display_opts(void)
-{
-  int i;
-  
-  printf(_("Known DHCP options:\n"));
-  
-  for (i = 0; opttab[i].name; i++)
-    if (!(opttab[i].size & OT_INTERNAL))
-      printf("%3d %s\n", opttab[i].val, opttab[i].name);
-}
-
-#ifdef HAVE_DHCP6
-static void display_opts6(void)
-{
-  int i;
-  printf(_("Known DHCPv6 options:\n"));
-  
-  for (i = 0; opttab6[i].name; i++)
-    if (!(opttab6[i].size & OT_INTERNAL))
-      printf("%3d %s\n", opttab6[i].val, opttab6[i].name);
-}
-#endif
-
 
 static int is_tag_prefix(char *arg)
 {
@@ -862,7 +624,7 @@ static char *parse_dhcp_opt(char *arg, int flags)
 {
   struct dhcp_opt *new = opt_malloc(sizeof(struct dhcp_opt));
   char lenchar = 0, *cp;
-  int i, addrs, digs, is_addr, is_addr6, is_hex, is_dec, is_string, dots;
+  int addrs, digs, is_addr, is_addr6, is_hex, is_dec, is_string, dots;
   char *comma = NULL, *problem = NULL;
   struct dhcp_netid *np = NULL;
   u16 opt_len = 0;
@@ -891,14 +653,8 @@ static char *parse_dhcp_opt(char *arg, int flags)
       
       if (strstr(arg, "option:") == arg)
 	{
-	  for (i = 0; opttab[i].name; i++)
-	    if (!(opttab[i].size & OT_INTERNAL) &&
-		strcasecmp(opttab[i].name, arg+7) == 0)
-	      {
-		new->opt = opttab[i].val;
-		opt_len = opttab[i].size;
-		break;
-	      }
+	  new->opt = lookup_dhcp_opt(AF_INET, arg+7);
+	  opt_len = lookup_dhcp_len(AF_INET, new->opt);
 	  /* option:<optname> must follow tag and vendor string. */
 	  break;
 	}
@@ -915,14 +671,10 @@ static char *parse_dhcp_opt(char *arg, int flags)
 	      opt_len = 0;
 	    }
 	  else
-	    for (i = 0; opttab6[i].name; i++)
-	      if (!(opttab6[i].size & OT_INTERNAL) &&
-		  strcasecmp(opttab6[i].name, arg+8) == 0)
-		{
-		  new->opt = opttab6[i].val;
-		  opt_len = opttab6[i].size;
-		  break;
-		}
+	    {
+	      new->opt = lookup_dhcp_opt(AF_INET6, arg+8);
+	      opt_len = lookup_dhcp_len(AF_INET6, new->opt);
+	    }
 	  /* option6:<opt>|<optname> must follow tag and vendor string. */
 	  is6 = 1;
 	  break;
@@ -971,28 +723,14 @@ static char *parse_dhcp_opt(char *arg, int flags)
       
       if (opt_len == 0 &&
 	  !(new->flags & DHOPT_RFC3925))
-	for (i = 0; opttab6[i].name; i++)
-	  if (new->opt == opttab6[i].val)
-	    {
-	      opt_len = opttab6[i].size;
-	      if (opt_len & OT_INTERNAL)
-		opt_len = 0;
-	      break;
-	    }
+	opt_len = lookup_dhcp_len(AF_INET6 ,new->opt);
     }
   else
 #endif
     if (opt_len == 0 &&
 	!(new->flags & (DHOPT_VENDOR | DHOPT_ENCAPSULATE | DHOPT_RFC3925)))
-      for (i = 0; opttab[i].name; i++)
-	if (new->opt == opttab[i].val)
-	  {
-	    opt_len = opttab[i].size;
-	    if (opt_len & OT_INTERNAL)
-	      opt_len = 0;
-	    break;
-	  }
-
+      opt_len = lookup_dhcp_len(AF_INET ,new->opt);
+  
   /* option may be missing with rfc3925 match */
   if (new->opt == 0)
     problem = _("bad dhcp-option");
@@ -1256,10 +994,10 @@ static char *parse_dhcp_opt(char *arg, int flags)
 	  else if (comma && (opt_len & OT_CSTRING))
 	    {
 	      /* length fields are two bytes so need 16 bits for each string */
-	      int commas = 1;
+	      int i, commas = 1;
 	      unsigned char *p, *newp;
 
-	      for(i = 0; comma[i]; i++)
+	      for (i = 0; comma[i]; i++)
 		if (comma[i] == ',')
 		  commas++;
 	      
@@ -1271,6 +1009,7 @@ static char *parse_dhcp_opt(char *arg, int flags)
 	      while (arg && *arg)
 		{
 		  u16 len = strlen(arg);
+		  unhide_metas(arg);
 		  PUTSHORT(len, p);
 		  memcpy(p, arg, len);
 		  p += len; 
@@ -1284,29 +1023,40 @@ static char *parse_dhcp_opt(char *arg, int flags)
 	    }
 	  else if (comma && (opt_len & OT_RFC1035_NAME))
 	    {
-	      int commas = 1;
-	      unsigned char *p, *newp;
-	      
-	      for(i = 0; comma[i]; i++)
-		if (comma[i] == ',')
-		  commas++;
-	      
-	      newp = opt_malloc(strlen(comma)+(2*commas));
-	      p = newp;
+	      unsigned char *p = NULL, *newp, *end;
+	      int len = 0;
 	      arg = comma;
 	      comma = split(arg);
 	      
 	      while (arg && *arg)
 		{
-		  p = do_rfc1035_name(p, arg);
-		  *p++ = 0;
+		  char *dom = canonicalise_opt(arg);
+		  if (!dom)
+		    {
+		      problem = _("bad domain in dhcp-option");
+		      break;
+		    }
 		  
+		  newp = opt_malloc(len + strlen(dom) + 2);
+		  
+		  if (p)
+		    {
+		      memcpy(newp, p, len);
+		      free(p);
+		    }
+		  
+		  p = newp;
+		  end = do_rfc1035_name(p + len, dom);
+		  *end++ = 0;
+		  len = end - p;
+		  free(dom);
+
 		  arg = comma;
 		  comma = split(arg);
 		}
 	      
-	      new->val = newp;
-	      new->len = p - newp;
+	      new->val = p;
+	      new->len = len;
 	    }
 #endif
 	  else
@@ -1369,6 +1119,14 @@ void set_option_bool(unsigned int opt)
     daemon->options2 |= 1u << (opt - 32);
 }
 
+void reset_option_bool(unsigned int opt)
+{
+  if (opt < 32)
+    daemon->options &= ~(1u << opt);
+  else
+    daemon->options2 &= ~(1u << (opt - 32));
+}
+
 static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
 {      
   int i;
@@ -1823,7 +1581,7 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
 	/* new->name may be NULL if someone does
 	   "interface=" to disable all interfaces except loop. */
 	new->name = opt_string_alloc(arg);
-	new->isloop = new->used = 0;
+	new->used = 0;
 	arg = comma;
       } while (arg);
       break;
@@ -1893,7 +1651,8 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
 	    option = '?'; /* error */
 	    break;
 	  }
-	
+
+	new->used = 0;
 	daemon->if_addrs = new;
 	arg = comma;
       } while (arg);
@@ -2230,7 +1989,7 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
     case 'F':  /* --dhcp-range */
       {
 	int k, leasepos = 2;
-	char *cp, *a[5] = { NULL, NULL, NULL, NULL, NULL };
+	char *cp, *a[7] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL };
 	struct dhcp_context *new = opt_malloc(sizeof(struct dhcp_context));
 	
 	memset (new, 0, sizeof(*new));
@@ -2281,7 +2040,7 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
 	      }
 	  }
 	
-	for (k = 1; k < 5; k++)
+	for (k = 1; k < 7; k++)
 	  if (!(a[k] = split(a[k-1])))
 	    break;
 	
@@ -2291,17 +2050,12 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
 	  {
 	    new->next = daemon->dhcp;
 	    daemon->dhcp = new;
+	    new->end = new->start;
 	    if (strcmp(a[1], "static") == 0)
-	      {
-		new->end = new->start;
-		new->flags |= CONTEXT_STATIC;
-	      }
+	      new->flags |= CONTEXT_STATIC;
 	    else if (strcmp(a[1], "proxy") == 0)
-	      {
-		new->end = new->start;
-		new->flags |= CONTEXT_PROXY;
-	      }
-	    else if ((new->end.s_addr = inet_addr(a[1])) == (in_addr_t)-1)
+	      new->flags |= CONTEXT_PROXY;
+	    else if (!inet_pton(AF_INET, a[1], &new->end))
 	      option = '?';
 	    
 	    if (ntohl(new->start.s_addr) > ntohl(new->end.s_addr))
@@ -2330,32 +2084,55 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
 #ifdef HAVE_DHCP6
 	else if (inet_pton(AF_INET6, a[0], &new->start6))
 	  {
-	    new->next = daemon->dhcp6;
 	    new->prefix = 64; /* default */
-	    daemon->dhcp6 = new;
-	    if (strcmp(a[1], "static") == 0)
+	    new->end6 = new->start6;
+
+	    for (leasepos = 1; leasepos < k; leasepos++)
 	      {
-		memcpy(&new->end6, &new->start6, IN6ADDRSZ);
-		new->flags |= CONTEXT_STATIC;
+		if (strcmp(a[leasepos], "static") == 0)
+		  new->flags |= CONTEXT_STATIC | CONTEXT_DHCP;
+		else if (strcmp(a[leasepos], "ra-only") == 0 || strcmp(a[leasepos], "slaac") == 0 )
+		  new->flags |= CONTEXT_RA_ONLY;
+		else if (strcmp(a[leasepos], "ra-names") == 0)
+		  new->flags |= CONTEXT_RA_NAME;
+		else if (strcmp(a[leasepos], "ra-stateless") == 0)
+		  new->flags |= CONTEXT_RA_STATELESS | CONTEXT_DHCP;
+		else if (leasepos == 1 && inet_pton(AF_INET6, a[leasepos], &new->end6))
+		  new->flags |= CONTEXT_DHCP; 
+		else  
+		  break;
 	      }
-	    else if (!inet_pton(AF_INET6, a[1], &new->end6))
-	      option = '?';
 	    
+	    if (new->flags & CONTEXT_DHCP)
+	      {
+		new->next = daemon->dhcp6;
+		daemon->dhcp6 = new;
+	      }
+	    else
+	      {
+		new->next = daemon->ra_contexts;
+		daemon->ra_contexts = new;
+	      }
+	     
 	    /* bare integer < 128 is prefix value */
-	    if (option != '?' && k >= 3)
+	    if (option != '?' && leasepos < k)
 	      {
 		int pref;
-		for (cp = a[2]; *cp; cp++)
+		for (cp = a[leasepos]; *cp; cp++)
 		  if (!(*cp >= '0' && *cp <= '9'))
 		    break;
-		if (!*cp && (pref = atoi(a[2])) <= 128)
+		if (!*cp && (pref = atoi(a[leasepos])) <= 128)
 		  {
 		    new->prefix = pref;
-		    leasepos = 3;
-		    if (new->prefix < 64)
+		    leasepos++;
+		    if ((new->flags & (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS)) && 
+			new->prefix != 64)
+		      problem = _("prefix must be exactly 64 for RA subnets");
+		    else if (new->prefix < 64)
 		      problem = _("prefix must be at least 64");
 		  }
 	      }
+	    
 	    if (!problem && !is_same_net6(&new->start6, &new->end6, new->prefix))
 	      problem = _("inconsistent DHCPv6 range");
 	    else if (addr6part(&new->start6) > addr6part(&new->end6))
@@ -2367,10 +2144,12 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
 	  }
 #endif
 	
-	if (k >= leasepos+1)
+	if (leasepos < k)
 	  {
 	    if (strcmp(a[leasepos], "infinite") == 0)
 	      new->lease_time = 0xffffffff;
+	    else if (strcmp(a[leasepos], "deprecated") == 0)
+	      new->flags |= CONTEXT_DEPRECATE;
 	    else
 	      {
 		int fac = 1;
@@ -2450,6 +2229,7 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
 			}
 
 		      if (len == -1)
+
 			problem = _("bad hex constant");
 		      else if ((new->clid = opt_malloc(len)))
 			{
@@ -3012,6 +2792,19 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
       break;
 #endif
       
+#ifdef HAVE_DHCP6
+    case LOPT_DUID: /* --dhcp-duid */
+      if (!(comma = split(arg)) || !atoi_check(arg, (int *)&daemon->duid_enterprise))
+	problem = _("bad DUID");
+      else
+	{
+	  daemon->duid_config_len = parse_hex(comma,(unsigned char *)comma, strlen(comma), NULL, NULL);
+	  daemon->duid_config = opt_malloc(daemon->duid_config_len);
+	  memcpy(daemon->duid_config, comma, daemon->duid_config_len);
+	}
+      break;
+#endif
+
     case 'V':  /* --alias */
       {
 	char *dash, *a[3] = { NULL, NULL, NULL };
@@ -3154,7 +2947,42 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
 	  }
 	break;
       }
-       
+
+    case LOPT_RR: /* dns-rr */
+      {
+       	struct txt_record *new;
+	size_t len;
+	char *data;
+	int val;
+
+	comma = split(arg);
+	data = split(comma);
+		
+	new = opt_malloc(sizeof(struct txt_record));
+	new->next = daemon->rr;
+	daemon->rr = new;
+	
+	if (!atoi_check(comma, &val) || 
+	    !(new->name = canonicalise_opt(arg)) ||
+	    (data && (len = parse_hex(data, (unsigned char *)data, -1, NULL, NULL)) == -1U))
+	  {
+	    problem = _("bad RR record");
+	    break;
+	  }
+	
+	new->class = val;
+	new->len = 0;
+	
+	if (data)
+	  {
+	    new->txt=opt_malloc(len);
+	    new->len = len;
+	    memcpy(new->txt, data, len);
+	  }
+	
+	break;
+      }
+
     case 'Y':  /* --txt-record */
       {
 	struct txt_record *new;
@@ -3259,6 +3087,59 @@ static char *one_opt(int option, char *arg, char *gen_prob, int command_line)
 	break;
       }
       
+    case LOPT_HOST_REC: /* --host-record */
+      {
+	struct host_record *new = opt_malloc(sizeof(struct host_record));
+	memset(new, 0, sizeof(struct host_record));
+	
+	if (!arg || !(comma = split(arg)))
+	  problem = _("Bad host-record");
+	else
+	  while (arg)
+	    {
+	      struct all_addr addr;
+	      if (inet_pton(AF_INET, arg, &addr))
+		new->addr = addr.addr.addr4;
+#ifdef HAVE_IPV6
+	      else if (inet_pton(AF_INET6, arg, &addr))
+		new->addr6 = addr.addr.addr6;
+#endif
+	      else
+		{
+		  int nomem;
+		  char *canon = canonicalise(arg, &nomem);
+		  struct name_list *nl = opt_malloc(sizeof(struct name_list));
+		  if (!canon)
+		    {
+		      problem = _("Bad name in host-record");
+		      break;
+		    }
+		  nl->name = canon;
+		  /* keep order, so that PTR record goes to first name */
+		  nl->next = NULL;
+		  if (!new->names)
+		    new->names = nl;
+		  else
+		    { 
+		      struct name_list *tmp;
+		      for (tmp = new->names; tmp->next; tmp = tmp->next);
+		      tmp->next = nl;
+		    }
+		}
+	      arg = comma;
+	      comma = split(arg);
+	    }
+
+	/* Keep list order */
+	if (!daemon->host_records_tail)
+	  daemon->host_records = new;
+	else
+	  daemon->host_records_tail->next = new;
+	new->next = NULL;
+	daemon->host_records_tail = new;
+	break;
+      }
+
     default:
       return _("unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DBus support)");
 
@@ -3893,6 +3774,9 @@ void read_opts(int argc, char **argv, char *compile_opts)
 
   if (testmode)
     {
+      /* Can cause a call to die() */
+      check_dhcp_hosts(1);
+      
       fprintf(stderr, "dnsmasq: %s.\n", _("syntax check OK"));
       exit(0);
     }

src/outpacket.c

@@ -0,0 +1,108 @@
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "dnsmasq.h"
+ 
+#ifdef HAVE_DHCP6
+
+static size_t outpacket_counter;
+
+void end_opt6(int container)
+{
+   void *p = daemon->outpacket.iov_base + container + 2;
+   u16 len = outpacket_counter - container - 4 ;
+   
+   PUTSHORT(len, p);
+}
+
+int save_counter(int newval)
+{
+  int ret = outpacket_counter;
+  if (newval != -1)
+    outpacket_counter = newval;
+
+  return ret;
+}
+
+void *expand(size_t headroom)
+{
+  void *ret;
+
+  if (expand_buf(&daemon->outpacket, outpacket_counter + headroom))
+    {
+      ret = daemon->outpacket.iov_base + outpacket_counter;
+      outpacket_counter += headroom;
+      return ret;
+    }
+  
+  return NULL;
+}
+    
+int new_opt6(int opt)
+{
+  int ret = outpacket_counter;
+  void *p;
+
+  if ((p = expand(4)))
+    {
+      PUTSHORT(opt, p);
+      PUTSHORT(0, p);
+    }
+
+  return ret;
+}
+
+void *put_opt6(void *data, size_t len)
+{
+  void *p;
+
+  if ((p = expand(len)))
+    memcpy(p, data, len);   
+
+  return p;
+}
+  
+void put_opt6_long(unsigned int val)
+{
+  void *p;
+  
+  if ((p = expand(4)))  
+    PUTLONG(val, p);
+}
+
+void put_opt6_short(unsigned int val)
+{
+  void *p;
+
+  if ((p = expand(2)))
+    PUTSHORT(val, p);   
+}
+
+void put_opt6_char(unsigned int val)
+{
+  unsigned char *p;
+
+  if ((p = expand(1)))
+    *p = val;   
+}
+
+void put_opt6_string(char *s)
+{
+  put_opt6(s, strlen(s));
+}
+
+#endif

src/radv-protocol.h

@@ -0,0 +1,49 @@
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#define ALL_NODES                 "FF02::1"
+#define ALL_ROUTERS               "FF02::2"
+
+struct ping_packet {
+  u8 type, code;
+  u16 checksum;
+  u16 identifier;
+  u16 sequence_no;
+};
+
+struct ra_packet {
+  u8 type, code;
+  u16 checksum;
+  u8 hop_limit, flags;
+  u16 lifetime;
+  u32 reachable_time;
+  u32 retrans_time;
+};
+
+struct prefix_opt {
+  u8 type, len, prefix_len, flags;
+  u32 valid_lifetime, preferred_lifetime, reserved;
+  struct in6_addr prefix;
+};
+
+#define ICMP6_OPT_SOURCE_MAC   1
+#define ICMP6_OPT_PREFIX       3
+#define ICMP6_OPT_MTU          5
+#define ICMP6_OPT_RDNSS       25
+#define ICMP6_OPT_DNSSL       31
+
+
+

src/radv.c

@@ -0,0 +1,533 @@
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+/* NB. This code may be called during a DHCPv4 or transaction which is in ping-wait
+   It therefore cannot use any DHCP buffer resources except outpacket, which is
+   not used by DHCPv4 code. This code may also be called when DHCP 4 or 6 isn't
+   active, so we ensure that outpacket is allocated here too */
+
+#include "dnsmasq.h"
+
+#ifdef HAVE_DHCP6
+
+#include <netinet/icmp6.h>
+
+struct ra_param {
+  int ind, managed, other, found_context, first;
+  char *if_name;
+  struct dhcp_netid *tags;
+  struct in6_addr link_local;
+};
+
+struct search_param {
+  time_t now; int iface;
+};
+
+static void send_ra(int iface, char *iface_name, struct in6_addr *dest);
+static int add_prefixes(struct in6_addr *local,  int prefix,
+			int scope, int if_index, int dad, void *vparam);
+static int iface_search(struct in6_addr *local,  int prefix,
+			int scope, int if_index, int dad, void *vparam);
+static int add_lla(int index, unsigned int type, char *mac, size_t maclen, void *parm);
+
+static int hop_limit;
+static time_t ra_short_period_start;
+
+void ra_init(time_t now)
+{
+  struct icmp6_filter filter;
+  int fd;
+#if defined(IPV6_TCLASS) && defined(IPTOS_CLASS_CS6)
+  int class = IPTOS_CLASS_CS6;
+#endif
+  int val = 255; /* radvd uses this value */
+  socklen_t len = sizeof(int);
+  struct dhcp_context *context;
+  
+  /* ensure this is around even if we're not doing DHCPv6 */
+  expand_buf(&daemon->outpacket, sizeof(struct dhcp_packet));
+ 
+  /* See if we're guessing SLAAC addresses, if so we need to recieve ping replies */
+  for (context = daemon->ra_contexts; context; context = context->next)
+    if ((context->flags & CONTEXT_RA_NAME))
+      break;
+  
+  ICMP6_FILTER_SETBLOCKALL(&filter);
+  ICMP6_FILTER_SETPASS(ND_ROUTER_SOLICIT, &filter);
+  if (context)
+    ICMP6_FILTER_SETPASS(ICMP6_ECHO_REPLY, &filter);
+  
+  if ((fd = socket(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) == -1 ||
+      getsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &hop_limit, &len) ||
+#if defined(IPV6_TCLASS) && defined(IPTOS_CLASS_CS6)
+      setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &class, sizeof(class)) == -1 ||
+#endif
+      !fix_fd(fd) ||
+      !set_ipv6pktinfo(fd) ||
+      setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &val, sizeof(val)) ||
+      setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &val, sizeof(val)) ||
+      setsockopt(fd, IPPROTO_ICMPV6, ICMP6_FILTER, &filter, sizeof(filter)) == -1)
+    die (_("cannot create ICMPv6 socket: %s"), NULL, EC_BADNET);
+  
+   daemon->icmp6fd = fd;
+   
+   ra_start_unsolicted(now, NULL);
+}
+
+void ra_start_unsolicted(time_t now, struct dhcp_context *context)
+{   
+   /* init timers so that we do ra's for some/all soon. some ra_times will end up zeroed
+     if it's not appropriate to advertise those contexts.
+     This gets re-called on a netlink route-change to re-do the advertisement
+     and pick up new interfaces */
+
+  if (context)
+     context->ra_time = now;
+  else
+    for (context = daemon->ra_contexts; context; context = context->next)
+      context->ra_time = now + (rand16()/13000); /* range 0 - 5 */
+
+   /* re-do frequently for a minute or so, in case the first gets lost. */
+   ra_short_period_start = now;
+}
+
+void icmp6_packet(void)
+{
+  char interface[IF_NAMESIZE+1];
+  ssize_t sz; 
+  int if_index = 0;
+  struct cmsghdr *cmptr;
+  struct msghdr msg;
+  union {
+    struct cmsghdr align; /* this ensures alignment */
+    char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+  } control_u;
+  struct sockaddr_in6 from;
+  unsigned char *packet;
+  struct iname *tmp;
+  struct dhcp_context *context;
+
+  /* Note: use outpacket for input buffer */
+  msg.msg_control = control_u.control6;
+  msg.msg_controllen = sizeof(control_u);
+  msg.msg_flags = 0;
+  msg.msg_name = &from;
+  msg.msg_namelen = sizeof(from);
+  msg.msg_iov = &daemon->outpacket;
+  msg.msg_iovlen = 1;
+  
+  if ((sz = recv_dhcp_packet(daemon->icmp6fd, &msg)) == -1 || sz < 8)
+    return;
+   
+  packet = (unsigned char *)daemon->outpacket.iov_base;
+  
+  for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+    if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
+      {
+	union {
+	  unsigned char *c;
+	  struct in6_pktinfo *p;
+	} p;
+	p.c = CMSG_DATA(cmptr);
+        
+	if_index = p.p->ipi6_ifindex;
+      }
+  
+  if (!indextoname(daemon->icmp6fd, if_index, interface))
+    return;
+    
+  if (!iface_check(AF_LOCAL, NULL, interface))
+    return;
+  
+  for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
+    if (tmp->name && (strcmp(tmp->name, interface) == 0))
+      return;
+ 
+  /* weird libvirt-inspired access control */
+  for (context = daemon->ra_contexts ? daemon->ra_contexts : daemon->dhcp6; 
+       context; context = context->next)
+    if (!context->interface || strcmp(context->interface, interface) == 0)
+      break;
+  
+  if (!context || packet[1] != 0)
+    return;
+
+  if (packet[0] == ICMP6_ECHO_REPLY)
+    lease_ping_reply(&from.sin6_addr, packet, interface); 
+  else if (packet[0] == ND_ROUTER_SOLICIT)
+    {
+      char *mac = "";
+      
+      /* look for link-layer address option for logging */
+      if (sz >= 16 && packet[8] == ICMP6_OPT_SOURCE_MAC && (packet[9] * 8) + 8 <= sz)
+	{
+	  print_mac(daemon->namebuff, &packet[10], (packet[9] * 8) - 2);
+	  mac = daemon->namebuff;
+	}
+         
+      my_syslog(MS_DHCP | LOG_INFO, "RTR-SOLICIT(%s) %s", interface, mac);
+      /* source address may not be valid in solicit request. */
+      send_ra(if_index, interface, !IN6_IS_ADDR_UNSPECIFIED(&from.sin6_addr) ? &from.sin6_addr : NULL);
+    }
+}
+
+static void send_ra(int iface, char *iface_name, struct in6_addr *dest)
+{
+  struct ra_packet *ra;
+  struct ra_param parm;
+  struct ifreq ifr;
+  struct sockaddr_in6 addr;
+  struct dhcp_context *context;
+  struct dhcp_netid iface_id;
+  struct dhcp_opt *opt_cfg;
+  int done_dns = 0;
+ 
+  save_counter(0);
+  ra = expand(sizeof(struct ra_packet));
+  
+  ra->type = ND_ROUTER_ADVERT;
+  ra->code = 0;
+  ra->hop_limit = hop_limit;
+  ra->flags = 0x00;
+  ra->lifetime = htons(1800); /* AdvDefaultLifetime*/
+  ra->reachable_time = 0;
+  ra->retrans_time = 0;
+
+  parm.ind = iface;
+  parm.managed = 0;
+  parm.other = 0;
+  parm.found_context = 0;
+  parm.if_name = iface_name;
+  parm.first = 1;
+
+  /* set tag with name == interface */
+  iface_id.net = iface_name;
+  iface_id.next = NULL;
+  parm.tags = &iface_id; 
+  
+  for (context = daemon->ra_contexts; context; context = context->next)
+    {
+      context->flags &= ~CONTEXT_RA_DONE;
+      context->netid.next = &context->netid;
+    }
+
+  if (!iface_enumerate(AF_INET6, &parm, add_prefixes) ||
+      !parm.found_context)
+    return;
+
+  strncpy(ifr.ifr_name, iface_name, IF_NAMESIZE);
+  
+  if (ioctl(daemon->icmp6fd, SIOCGIFMTU, &ifr) != -1)
+    {
+      put_opt6_char(ICMP6_OPT_MTU);
+      put_opt6_char(1);
+      put_opt6_short(0);
+      put_opt6_long(ifr.ifr_mtu);
+    }
+     
+  iface_enumerate(AF_LOCAL, &iface, add_lla);
+ 
+  /* RDNSS, RFC 6106, use relevant DHCP6 options */
+  (void)option_filter(parm.tags, NULL, daemon->dhcp_opts6);
+  
+  for (opt_cfg = daemon->dhcp_opts6; opt_cfg; opt_cfg = opt_cfg->next)
+    {
+      int i;
+      
+      /* netids match and not encapsulated? */
+      if (!(opt_cfg->flags & DHOPT_TAGOK))
+        continue;
+      
+      if (opt_cfg->opt == OPTION6_DNS_SERVER)
+        {
+	  struct in6_addr *a = (struct in6_addr *)opt_cfg->val;
+
+	  done_dns = 1;
+          if (opt_cfg->len == 0)
+            continue;
+	  
+	  put_opt6_char(ICMP6_OPT_RDNSS);
+	  put_opt6_char((opt_cfg->len/8) + 1);
+	  put_opt6_short(0);
+	  put_opt6_long(1800); /* lifetime - twice RA retransmit */
+	  /* zero means "self" */
+	  for (i = 0; i < opt_cfg->len; i += IN6ADDRSZ, a++)
+	    if (IN6_IS_ADDR_UNSPECIFIED(a))
+	      put_opt6(&parm.link_local, IN6ADDRSZ);
+	    else
+	      put_opt6(a, IN6ADDRSZ);
+	}
+      
+      if (opt_cfg->opt == OPTION6_DOMAIN_SEARCH && opt_cfg->len != 0)
+	{
+	  int len = ((opt_cfg->len+7)/8);
+	  
+	  put_opt6_char(ICMP6_OPT_DNSSL);
+	  put_opt6_char(len + 1);
+	  put_opt6_short(0);
+	  put_opt6_long(1800); /* lifetime - twice RA retransmit */
+	  put_opt6(opt_cfg->val, opt_cfg->len);
+	  
+	  /* pad */
+	  for (i = opt_cfg->len; i < len * 8; i++)
+	    put_opt6_char(0);
+	}
+    }
+	
+  if (!done_dns)
+    {
+      /* default == us. */
+      put_opt6_char(ICMP6_OPT_RDNSS);
+      put_opt6_char(3);
+      put_opt6_short(0);
+      put_opt6_long(1800); /* lifetime - twice RA retransmit */
+      put_opt6(&parm.link_local, IN6ADDRSZ);
+    }
+
+  /* set managed bits unless we're providing only RA on this link */
+  if (parm.managed)
+    ra->flags |= 0x80; /* M flag, managed, */
+   if (parm.other)
+    ra->flags |= 0x40; /* O flag, other */ 
+			
+  /* decide where we're sending */
+  memset(&addr, 0, sizeof(addr));
+#ifdef HAVE_SOCKADDR_SA_LEN
+  addr.sin6_len = sizeof(struct sockaddr_in6);
+#endif
+  addr.sin6_family = AF_INET6;
+  addr.sin6_port = htons(IPPROTO_ICMPV6);
+  if (dest)
+    {
+      addr.sin6_addr = *dest;
+      if (IN6_IS_ADDR_LINKLOCAL(dest) ||
+	  IN6_IS_ADDR_MC_LINKLOCAL(dest))
+	addr.sin6_scope_id = iface;
+    }
+  else
+    inet_pton(AF_INET6, ALL_NODES, &addr.sin6_addr); 
+  
+  send_from(daemon->icmp6fd, 0, daemon->outpacket.iov_base, save_counter(0),
+	    (union mysockaddr *)&addr, (struct all_addr *)&parm.link_local, iface); 
+  
+}
+
+static int add_prefixes(struct in6_addr *local,  int prefix,
+			int scope, int if_index, int dad, void *vparam)
+{
+  struct ra_param *param = vparam;
+
+  (void)scope; /* warning */
+  (void)dad;
+
+  if (if_index == param->ind)
+    {
+      if (IN6_IS_ADDR_LINKLOCAL(local))
+	param->link_local = *local;
+      else if (!IN6_IS_ADDR_LOOPBACK(local) &&
+	       !IN6_IS_ADDR_LINKLOCAL(local) &&
+	       !IN6_IS_ADDR_MULTICAST(local))
+	{
+	  int do_prefix = 0;
+	  int do_slaac = 0;
+	  int deprecate  = 0;
+	  unsigned int time = 0xffffffff;
+	  struct dhcp_context *context;
+	  
+	  for (context = daemon->ra_contexts; context; context = context->next)
+	    if (prefix == context->prefix &&
+		is_same_net6(local, &context->start6, prefix) &&
+		is_same_net6(local, &context->end6, prefix))
+	      {
+		if ((context->flags & 
+		     (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS)))
+		  {
+		    do_slaac = 1;
+		    if (context->flags & CONTEXT_DHCP)
+		      {
+			param->other = 1; 
+			if (!(context->flags & CONTEXT_RA_STATELESS))
+			  param->managed = 1;
+		      }
+		  }
+		else
+		  {
+		    /* don't do RA for non-ra-only unless --enable-ra is set */
+		    if (!option_bool(OPT_RA))
+		      continue;
+		    param->managed = 1;
+		    param->other = 1;
+		  }
+
+		/* find floor time */
+		if (time > context->lease_time)
+		  time = context->lease_time;
+		
+		if (context->flags & CONTEXT_DEPRECATE)
+		  deprecate = 1;
+
+		/* collect dhcp-range tags */
+		if (context->netid.next == &context->netid && context->netid.net)
+		  {
+		    context->netid.next = param->tags;
+		    param->tags = &context->netid;
+		  }
+		  
+		/* subsequent prefixes on the same interface 
+		   and subsequent instances of this prefix don't need timers.
+		   Be careful not to find the same prefix twice with different
+		   addresses. */
+		if (!(context->flags & CONTEXT_RA_DONE))
+		  {
+		    if (!param->first)
+		      context->ra_time = 0;
+		    context->flags |= CONTEXT_RA_DONE;
+		    do_prefix = 1;
+		  }
+
+		param->first = 0;	
+		param->found_context = 1;
+	      }
+	  
+	  if (do_prefix)
+	    {
+	      struct prefix_opt *opt;
+	     	      
+	      if ((opt = expand(sizeof(struct prefix_opt))))
+		{
+		  /* zero net part of address */
+		  setaddr6part(local, addr6part(local) & ~((prefix == 64) ? (u64)-1LL : (1LLU << (128 - prefix)) - 1LLU));
+		  
+		  /* lifetimes must be min 2 hrs, by RFC 2462 */
+		  if (time < 7200)
+		    time = 7200;
+		  
+		  opt->type = ICMP6_OPT_PREFIX;
+		  opt->len = 4;
+		  opt->prefix_len = prefix;
+		  /* autonomous only if we're not doing dhcp */
+		  opt->flags = do_slaac ? 0x40 : 0x00;
+		  opt->valid_lifetime = htonl(time);
+		  opt->preferred_lifetime = htonl(deprecate ? 0 : time);
+		  opt->reserved = 0; 
+		  opt->prefix = *local;
+		  
+		  inet_ntop(AF_INET6, local, daemon->addrbuff, ADDRSTRLEN);
+		  my_syslog(MS_DHCP | LOG_INFO, "RTR-ADVERT(%s) %s", param->if_name, daemon->addrbuff); 		    
+		}
+	    }
+	}
+    }          
+  return 1;
+}
+
+static int add_lla(int index, unsigned int type, char *mac, size_t maclen, void *parm)
+{
+  (void)type;
+
+  if (index == *((int *)parm))
+    {
+      /* size is in units of 8 octets and includes type and length (2 bytes)
+	 add 7 to round up */
+      int len = (maclen + 9) >> 3;
+      unsigned char *p = expand(len << 3);
+      memset(p, 0, len << 3);
+      *p++ = ICMP6_OPT_SOURCE_MAC;
+      *p++ = len;
+      memcpy(p, mac, maclen);
+
+      return 0;
+    }
+
+  return 1;
+}
+
+time_t periodic_ra(time_t now)
+{
+  struct search_param param;
+  struct dhcp_context *context;
+  time_t next_event;
+  char interface[IF_NAMESIZE+1];
+  
+  param.now = now;
+
+  while (1)
+    {
+      /* find overdue events, and time of first future event */
+      for (next_event = 0, context = daemon->ra_contexts; context; context = context->next)
+	if (context->ra_time != 0)
+	  {
+	    if (difftime(context->ra_time, now) <= 0.0)
+	      break; /* overdue */
+	    
+	    if (next_event == 0 || difftime(next_event, context->ra_time) > 0.0)
+	      next_event = context->ra_time;
+	  }
+      
+      /* none overdue */
+      if (!context)
+	break;
+      
+      /* There's a context overdue, but we can't find an interface
+	 associated with it, because it's for a subnet we dont 
+	 have an interface on. Probably we're doing DHCP on
+	 a remote subnet via a relay. Zero the timer, since we won't
+	 ever be able to send ra's and satistfy it. */
+      if (iface_enumerate(AF_INET6, &param, iface_search))
+	context->ra_time = 0;
+      else if (indextoname(daemon->icmp6fd, param.iface, interface))
+	send_ra(param.iface, interface, NULL); 
+    }
+  
+  return next_event;
+}
+
+static int iface_search(struct in6_addr *local,  int prefix,
+			int scope, int if_index, int dad, void *vparam)
+{
+  struct search_param *param = vparam;
+  struct dhcp_context *context;
+
+  (void)scope;
+  (void)dad;
+ 
+  for (context = daemon->ra_contexts; context; context = context->next)
+    if (prefix == context->prefix &&
+	is_same_net6(local, &context->start6, prefix) &&
+	is_same_net6(local, &context->end6, prefix))
+      if (context->ra_time != 0 && difftime(context->ra_time, param->now) <= 0.0)
+	{
+	  /* found an interface that's overdue for RA determine new 
+	     timeout value and zap other contexts on the same interface 
+	     so they don't timeout independently .*/
+	  param->iface = if_index;
+	  
+	  if (difftime(param->now, ra_short_period_start) < 60.0)
+	    /* range 5 - 20 */
+	    context->ra_time = param->now + 5 + (rand16()/4400);
+	  else
+	    /* range 450 - 600 */
+	    context->ra_time = param->now + 450 + (rand16()/440);
+	  
+	  return 0; /* found, abort */
+	}
+  
+  return 1; /* keep searching */
+}
+
+
+#endif

src/rfc1035.c

@@ -25,7 +25,7 @@ static int add_resource_record(struct dns_header *header, char *limit, int *trun
     ((size_t)((pp) - (unsigned char *)(header) + (len)) <= (plen))
 
 #define ADD_RDLEN(header, pp, plen, len) \
-    (!CHECK_LEN(header, pp, plen, len) ? 0 : (long)((pp) += (len)), 1)
+  (!CHECK_LEN(header, pp, plen, len) ? 0 : (((pp) += (len)), 1))
 
 static int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, 
 			char *name, int isExtract, int extrabytes)
@@ -699,15 +699,17 @@ static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *
 	      unsigned char *p2 = p1;
 	      /* make counted string zero-term  and sanitise */
 	      for (i = 0; i < len; i++)
-		if (isprint(*(p2+1)))
-		  {
-		    *p2 = *(p2+1);
-		    p2++;
-		  }
+		{
+		  if (!isprint((int)*(p2+1)))
+		    break;
+		  
+		  *p2 = *(p2+1);
+		  p2++;
+		}
 	      *p2 = 0;
 	      my_syslog(LOG_INFO, "reply %s is %s", name, p1);
 	      /* restore */
-	      memmove(p1 + 1, p1, len);
+	      memmove(p1 + 1, p1, i);
 	      *p1 = len;
 	      p1 += len+1;
 	    }
@@ -936,10 +938,14 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 			  if (!cname_count--)
 			    return 0; /* looped CNAMES */
 			  newc = cache_insert(name, NULL, now, attl, F_CNAME | F_FORWARD);
-			  if (newc && cpp)
+			  if (newc)
 			    {
-			      cpp->addr.cname.cache = newc;
-			      cpp->addr.cname.uid = newc->uid;
+			      newc->addr.cname.cache = NULL;
+			      if (cpp)
+				{
+				  cpp->addr.cname.cache = newc;
+				  cpp->addr.cname.uid = newc->uid;
+				}
 			    }
 
 			  cpp = newc;
@@ -1003,10 +1009,16 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	}
     }
   
-  /* Don't put stuff from a truncated packet into the cache,
-     also don't cache replies where DNSSEC validation was turned off, either
-     the upstream server told us so, or the original query specified it. */
-  if (!(header->hb3 & HB3_TC) && !(header->hb4 & HB4_CD) && !checking_disabled)
+  /* Don't put stuff from a truncated packet into the cache.
+     Don't cache replies where DNSSEC validation was turned off, either
+     the upstream server told us so, or the original query specified it. 
+     Don't cache replies from non-recursive nameservers, since we may get a 
+     reply containing a CNAME but not its target, even though the target 
+     does exist. */
+  if (!(header->hb3 & HB3_TC) && 
+      !(header->hb4 & HB4_CD) &&
+      (header->hb4 & HB4_RA) &&
+      !checking_disabled)
     cache_end_insert();
 
   return 0;
@@ -1238,7 +1250,8 @@ static int add_resource_record(struct dns_header *header, char *limit, int *trun
       case 't':
 	usval = va_arg(ap, int);
 	sval = va_arg(ap, char *);
-	memcpy(p, sval, usval);
+	if (usval != 0)
+	  memcpy(p, sval, usval);
 	p += usval;
 	break;
 
@@ -1381,6 +1394,22 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 
       if (qclass == C_IN)
 	{
+	  struct txt_record *t;
+
+	  for (t = daemon->rr; t; t = t->next)
+	    if ((t->class == qtype || qtype == T_ANY) && hostname_isequal(name, t->name))
+	      {
+		ans = 1;
+		if (!dryrun)
+		  {
+		    log_query(F_CONFIG | F_RRNAME, name, NULL, "<RR>");
+		    if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
+					    daemon->local_ttl, NULL,
+					    t->class, C_IN, "t", t->len, t->txt))
+		      anscount ++;
+		  }
+	      }
+		
 	  if (qtype == T_PTR || qtype == T_ANY)
 	    {
 	      /* see if it's w.z.y.z.in-addr.arpa format */
@@ -1633,6 +1662,23 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		    } while ((crecp = cache_find_by_name(crecp, name, now, flag | F_CNAME)));
 		}
 	    }
+
+	  if (qtype == T_CNAME || qtype == T_ANY)
+	    {
+	      if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME)) &&
+		  (qtype == T_CNAME || (crecp->flags & (F_HOSTS | F_DHCP))))
+		{
+		  ans = 1;
+		  if (!dryrun)
+		    {
+		      log_query(crecp->flags, name, NULL, record_source(crecp->uid));
+		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
+					      crec_ttl(crecp, now), &nameoffset,
+					      T_CNAME, C_IN, "d", cache_get_name(crecp->addr.cname.cache)))
+			anscount++;
+		    }
+		}
+	    }
 	  
 	  if (qtype == T_MX || qtype == T_ANY)
 	    {

src/rfc2131.c

@@ -483,14 +483,14 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
 	    {
 	      logaddr = &mess->yiaddr;
 		
-	      lease_set_hwaddr(lease, mess->chaddr, NULL, mess->hlen, mess->htype, 0);
+	      lease_set_hwaddr(lease, mess->chaddr, NULL, mess->hlen, mess->htype, 0, now, 1);
 	      if (hostname)
 		lease_set_hostname(lease, hostname, 1, get_domain(lease->addr), domain); 
 	      /* infinite lease unless nailed in dhcp-host line. */
 	      lease_set_expires(lease,  
 				have_config(config, CONFIG_TIME) ? config->lease_time : 0xffffffff, 
 				now); 
-	      lease_set_interface(lease, int_index);
+	      lease_set_interface(lease, int_index, now);
 	      
 	      clear_packet(mess, end);
 	      do_options(context, mess, end, NULL, hostname, get_domain(mess->yiaddr), 
@@ -1222,51 +1222,56 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
 
 	  log_tags(tagif_netid, ntohl(mess->xid));
 	  
-#ifdef HAVE_SCRIPT
-	  if (do_classes && daemon->lease_change_command)
+	  if (do_classes)
 	    {
-	      struct dhcp_netid *n;
-	      
-	      if (mess->giaddr.s_addr)
-		lease->giaddr = mess->giaddr;
-	      
+	      /* pick up INIT-REBOOT events. */
 	      lease->flags |= LEASE_CHANGED;
-	      free(lease->extradata);
-	      lease->extradata = NULL;
-	      lease->extradata_size = lease->extradata_len = 0;
-	      
-	      add_extradata_opt(lease, option_find(mess, sz, OPTION_VENDOR_ID, 1));
-	      add_extradata_opt(lease, option_find(mess, sz, OPTION_HOSTNAME, 1));
-	      add_extradata_opt(lease, oui);
-	      add_extradata_opt(lease, serial);
-	      add_extradata_opt(lease, class);
-	      
-	      /* space-concat tag set */
-	      if (!tagif_netid)
-		add_extradata_opt(lease, NULL);
-	      else
-		for (n = tagif_netid; n; n = n->next)
-		  {
-		    struct dhcp_netid *n1;
-		    /* kill dupes */
-		    for (n1 = n->next; n1; n1 = n1->next)
-		      if (strcmp(n->net, n1->net) == 0)
-			break;
-		    if (!n1)
-		      lease_add_extradata(lease, (unsigned char *)n->net, strlen(n->net), n->next ? ' ' : 0); 
-		  }
 
-	      if ((opt = option_find(mess, sz, OPTION_USER_CLASS, 1)))
+#ifdef HAVE_SCRIPT
+	      if (daemon->lease_change_command)
 		{
-		  int len = option_len(opt);
-		  unsigned char *ucp = option_ptr(opt, 0);
-		  /* If the user-class option started as counted strings, the first byte will be zero. */
-		  if (len != 0 && ucp[0] == 0)
-		    ucp++, len--;
-		  lease_add_extradata(lease, ucp, len, 0);
+		  struct dhcp_netid *n;
+		  
+		  if (mess->giaddr.s_addr)
+		    lease->giaddr = mess->giaddr;
+		  
+		  free(lease->extradata);
+		  lease->extradata = NULL;
+		  lease->extradata_size = lease->extradata_len = 0;
+		  
+		  add_extradata_opt(lease, option_find(mess, sz, OPTION_VENDOR_ID, 1));
+		  add_extradata_opt(lease, option_find(mess, sz, OPTION_HOSTNAME, 1));
+		  add_extradata_opt(lease, oui);
+		  add_extradata_opt(lease, serial);
+		  add_extradata_opt(lease, class);
+		  
+		  /* space-concat tag set */
+		  if (!tagif_netid)
+		    add_extradata_opt(lease, NULL);
+		  else
+		    for (n = tagif_netid; n; n = n->next)
+		      {
+			struct dhcp_netid *n1;
+			/* kill dupes */
+			for (n1 = n->next; n1; n1 = n1->next)
+			  if (strcmp(n->net, n1->net) == 0)
+			    break;
+			if (!n1)
+			  lease_add_extradata(lease, (unsigned char *)n->net, strlen(n->net), n->next ? ' ' : 0); 
+		      }
+		  
+		  if ((opt = option_find(mess, sz, OPTION_USER_CLASS, 1)))
+		    {
+		      int len = option_len(opt);
+		      unsigned char *ucp = option_ptr(opt, 0);
+		      /* If the user-class option started as counted strings, the first byte will be zero. */
+		      if (len != 0 && ucp[0] == 0)
+			ucp++, len--;
+		      lease_add_extradata(lease, ucp, len, 0);
+		    }
 		}
-	    }
 #endif
+	    }
 	  
 	  if (!hostname_auth && (client_hostname = host_from_dns(mess->yiaddr)))
 	    {
@@ -1276,7 +1281,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
 	    }
 	  
 	  time = calc_time(context, config, option_find(mess, sz, OPTION_LEASE_TIME, 4));
-	  lease_set_hwaddr(lease, mess->chaddr, clid, mess->hlen, mess->htype, clid_len);
+	  lease_set_hwaddr(lease, mess->chaddr, clid, mess->hlen, mess->htype, clid_len, now, do_classes);
 	  
 	  /* if all the netids in the ignore_name list are present, ignore client-supplied name */
 	  if (!hostname_auth)
@@ -1310,7 +1315,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
 	    lease_set_hostname(lease, hostname, hostname_auth, get_domain(lease->addr), domain);
 	  
 	  lease_set_expires(lease, time, now);
-	  lease_set_interface(lease, int_index);
+	  lease_set_interface(lease, int_index, now);
 
 	  if (override.s_addr != 0)
 	    lease->override = override;
@@ -1387,7 +1392,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
 	  else
 	    time = (unsigned int)difftime(lease->expires, now);
 	  option_put(mess, end, OPTION_LEASE_TIME, 4, time);
-	  lease_set_interface(lease, int_index);
+	  lease_set_interface(lease, int_index, now);
 	}
 
       do_options(context, mess, end, req_options, hostname, get_domain(mess->ciaddr),
@@ -2095,7 +2100,8 @@ static void do_options(struct dhcp_context *context,
   struct dhcp_netid_list *id_list;
 
   /* filter options based on tags, those we want get DHOPT_TAGOK bit set */
-  context->netid.next = NULL;
+  if (context)
+    context->netid.next = NULL;
   tagif = option_filter(netid, context && context->netid.net ? &context->netid : NULL, config_opts);
 	
   /* logging */

src/rfc3315.c

@@ -19,21 +19,11 @@
 
 #ifdef HAVE_DHCP6
 
-static size_t outpacket_counter;
-
-static void end_opt6(int container);
-static int save_counter(int newval);
-static void *expand(size_t headroom);
-static int new_opt6(int opt);
-static void *put_opt6(void *data, size_t len);
-static void put_opt6_short(unsigned int val);
-static void put_opt6_long(unsigned int val);
-static void put_opt6_string(char *s);
-
 static int dhcp6_maybe_relay(struct in6_addr *link_address, struct dhcp_netid **relay_tagsp, struct dhcp_context *context, 
-			     int interface, char *iface_name, void *inbuff, size_t sz, int is_unicast, time_t now);
+			     int interface, char *iface_name, struct in6_addr *fallback, void *inbuff, size_t sz, int is_unicast, time_t now);
 static int dhcp6_no_relay(int msg_type,  struct in6_addr *link_address, struct dhcp_netid *tags, struct dhcp_context *context, 
-			  int interface, char *iface_name, void *inbuff, size_t sz, int is_unicast, time_t now);
+			  int interface, char *iface_name, struct in6_addr *fallback, void *inbuff, size_t sz, int is_unicast, time_t now);
+static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts);
 static void log6_packet(char *type, unsigned char *clid, int clid_len, struct in6_addr *addr, int xid, char *iface, char *string);
 
 static void *opt6_find (void *opts, void *end, unsigned int search, unsigned int minsize);
@@ -45,26 +35,33 @@ static unsigned int opt6_uint(unsigned char *opt, int offset, int size);
 #define opt6_ptr(opt, i) ((void *)&(((unsigned char *)(opt))[4+(i)]))
 
 
-size_t dhcp6_reply(struct dhcp_context *context, int interface, char *iface_name, size_t sz, int is_unicast, time_t now)
+unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *iface_name,
+			   struct in6_addr *fallback, size_t sz, int is_unicast, time_t now)
 {
   struct dhcp_netid *relay_tags = NULL;
   struct dhcp_vendor *vendor;
-
+  int msg_type;
+  
+  if (sz <= 4)
+    return 0;
+  
+  msg_type = *((unsigned char *)daemon->dhcp_packet.iov_base);
+  
   /* Mark these so we only match each at most once, to avoid tangled linked lists */
   for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)
     vendor->netid.next = &vendor->netid;
   
-  outpacket_counter = 0;
+  save_counter(0);
   
-  if (dhcp6_maybe_relay(NULL, &relay_tags, context, interface, iface_name, daemon->dhcp_packet.iov_base, sz, is_unicast, now))
-    return outpacket_counter;
+  if (dhcp6_maybe_relay(NULL, &relay_tags, context, interface, iface_name, fallback, daemon->dhcp_packet.iov_base, sz, is_unicast, now))
+    return msg_type == DHCP6RELAYFORW ? DHCPV6_SERVER_PORT : DHCPV6_CLIENT_PORT;
 
   return 0;
 }
 
 /* This cost me blood to write, it will probably cost you blood to understand - srk. */
 static int dhcp6_maybe_relay(struct in6_addr *link_address, struct dhcp_netid **relay_tagsp, struct dhcp_context *context,
-			     int interface, char *iface_name, void *inbuff, size_t sz, int is_unicast, time_t now)
+			     int interface, char *iface_name, struct in6_addr *fallback, void *inbuff, size_t sz, int is_unicast, time_t now)
 {
   void *end = inbuff + sz;
   void *opts = inbuff + 34;
@@ -114,7 +111,7 @@ static int dhcp6_maybe_relay(struct in6_addr *link_address, struct dhcp_netid **
 	  return 0;
 	}
 
-      return dhcp6_no_relay(msg_type, link_address, *relay_tagsp, context, interface, iface_name, inbuff, sz, is_unicast, now);
+      return dhcp6_no_relay(msg_type, link_address, *relay_tagsp, context, interface, iface_name, fallback, inbuff, sz, is_unicast, now);
     }
 
   /* must have at least msg_type+hopcount+link_address+peer_address+minimal size option
@@ -159,7 +156,7 @@ static int dhcp6_maybe_relay(struct in6_addr *link_address, struct dhcp_netid **
 	  memcpy(&link_address, inbuff + 2, IN6ADDRSZ); 
 	  /* Not, zero is_unicast since that is now known to refer to the 
 	     relayed packet, not the original sent by the client */
-	  if (!dhcp6_maybe_relay(&link_address, relay_tagsp, context, interface, iface_name, opt6_ptr(opt, 0), opt6_len(opt), 0, now))
+	  if (!dhcp6_maybe_relay(&link_address, relay_tagsp, context, interface, iface_name, fallback, opt6_ptr(opt, 0), opt6_len(opt), 0, now))
 	    return 0;
 	}
       else
@@ -171,7 +168,7 @@ static int dhcp6_maybe_relay(struct in6_addr *link_address, struct dhcp_netid **
 }
 
 static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dhcp_netid *tags, struct dhcp_context *context, 
-			  int interface, char *iface_name, void *inbuff, size_t sz, int is_unicast, time_t now)
+			  int interface, char *iface_name, struct in6_addr *fallback, void *inbuff, size_t sz, int is_unicast, time_t now)
 {
   void *packet_options = inbuff + 4;
   void *end = inbuff + sz;
@@ -293,6 +290,9 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 	}
     }
 
+  if (option_bool(OPT_LOG_OPTS) && (opt = opt6_find(packet_options, end, OPTION6_VENDOR_CLASS, 4)))
+    my_syslog(MS_DHCP | LOG_INFO, _("%u vendor class: %u"), xid, opt6_uint(opt, 0, 4));
+  
   /* dhcp-match. If we have hex-and-wildcards, look for a left-anchored match.
      Otherwise assume the option is an array, and look for a matching element. 
      If no data given, existance of the option is enough. This code handles 
@@ -349,28 +349,28 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 
        if (len != 0 && len < 255)
 	 {
-	  unsigned char *pp, *op = opt6_ptr(opt, 1);
-	  char *pq = daemon->dhcp_buff;
-	  
-	  pp = op;
-	  while (*op != 0 && ((op + (*op) + 1) - pp) < len)
-	    {
-            memcpy(pq, op+1, *op);
-            pq += *op;
-            op += (*op)+1;
-            *(pq++) = '.';
-	    }
-	  
-	  if (pq != daemon->dhcp_buff)
-	    pq--;
-	  *pq = 0;
-
-	  if (legal_hostname(daemon->dhcp_buff))
-	    {
-	      client_hostname = daemon->dhcp_buff;
-	      if (option_bool(OPT_LOG_OPTS))
-		my_syslog(MS_DHCP | LOG_INFO, _("%u client provides name: %s"), xid, client_hostname); 
-	    }
+	   unsigned char *pp, *op = opt6_ptr(opt, 1);
+	   char *pq = daemon->dhcp_buff;
+	   
+	   pp = op;
+	   while (*op != 0 && ((op + (*op)) - pp) < len)
+	     {
+	       memcpy(pq, op+1, *op);
+	       pq += *op;
+	       op += (*op)+1;
+	       *(pq++) = '.';
+	     }
+	   
+	   if (pq != daemon->dhcp_buff)
+	     pq--;
+	   *pq = 0;
+	   
+	   if (legal_hostname(daemon->dhcp_buff))
+	     {
+	       client_hostname = daemon->dhcp_buff;
+	       if (option_bool(OPT_LOG_OPTS))
+		 my_syslog(MS_DHCP | LOG_INFO, _("%u client provides name: %s"), xid, client_hostname); 
+	     }
 	 }
     }	 
   
@@ -394,7 +394,7 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 	      if (!config)
 		{
 		  /* Search again now we have a hostname. 
-		     Only accept configs without CLID and HWADDR here, (they won't match)
+		     Only accept configs without CLID here, (it won't match)
 		     to avoid impersonation by name. */
 		  struct dhcp_config *new = find_config6(daemon->dhcp_conf, context, NULL, 0, hostname);
 		  if (new && !have_config(new, CONFIG_CLID) && !new->hwaddr)
@@ -422,18 +422,31 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
       if (have_config(config, CONFIG_DISABLE))
 	ignore = 1;
     }
+   
+  tagif = run_tag_if(tags);
   
   /* if all the netids in the ignore list are present, ignore this client */
   if (daemon->dhcp_ignore)
     {
       struct dhcp_netid_list *id_list;
      
-      tagif = run_tag_if(tags);
-      
       for (id_list = daemon->dhcp_ignore; id_list; id_list = id_list->next)
 	if (match_netid(id_list->list, tagif, 0))
 	  ignore = 1;
     }
+  
+  /* if all the netids in the ignore_name list are present, ignore client-supplied name */
+  if (!hostname_auth)
+    {
+       struct dhcp_netid_list *id_list;
+       
+       for (id_list = daemon->dhcp_ignore_names; id_list; id_list = id_list->next)
+	 if ((!id_list->list) || match_netid(id_list->list, tagif, 0))
+	   break;
+       if (id_list)
+	 hostname = NULL;
+    }
+  
 
   switch (msg_type)
     {
@@ -500,15 +513,16 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 	    while (1)
 	      {
 		struct in6_addr alloced_addr, *addrp = NULL;
-		u32 preferred_time = 0;
+		u32 requested_time = 0;
 		struct dhcp_lease *lease = NULL;
 		
 		if (ia_option)
 		  {
 		    struct in6_addr *req_addr = opt6_ptr(ia_option, 0);
-		    preferred_time = opt6_uint(ia_option, 16, 4);
+		    requested_time = opt6_uint(ia_option, 16, 4);
 		    
-		    if (!address6_available(context, req_addr, tags))
+		    if (!address6_available(context, req_addr, tags) &&
+			(!have_config(config, CONFIG_ADDR6) || memcmp(&config->addr6, req_addr, IN6ADDRSZ) != 0))
 		      {
 			if (msg_type == DHCP6REQUEST)
 			  {
@@ -584,23 +598,33 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 		    address_assigned = 1;
 		    
 		    /* shouldn't ever fail */
-		    if ((this_context = narrow_context6(context, addrp, tags)))
+		    if ((this_context = narrow_context6(context, addrp, tagif)))
 		      {
 			/* get tags from context if we've not used it before */
-			if (this_context->netid.next != &this_context->netid && this_context->netid.net)
+			if (this_context->netid.next == &this_context->netid && this_context->netid.net)
 			  {
 			    this_context->netid.next = context_tags;
 			    context_tags = &this_context->netid;
+			    if (!hostname_auth)
+			      {
+				struct dhcp_netid_list *id_list;
+				
+				for (id_list = daemon->dhcp_ignore_names; id_list; id_list = id_list->next)
+				  if ((!id_list->list) || match_netid(id_list->list, &this_context->netid, 0))
+				    break;
+				if (id_list)
+				  hostname = NULL;
+			      }
 			  }
 			
 			lease_time = have_config(valid_config, CONFIG_TIME) ? valid_config->lease_time : this_context->lease_time;
 			
 			if (ia_option)
 			  {
-			    if (preferred_time < 120u )
-			      preferred_time = 120u; /* sanity */
-			    if (lease_time == 0xffffffff || (preferred_time != 0xffffffff && preferred_time < lease_time))
-			      lease_time = preferred_time;
+			    if (requested_time < 120u )
+			      requested_time = 120u; /* sanity */
+			    if (lease_time == 0xffffffff || (requested_time != 0xffffffff && requested_time < lease_time))
+			      lease_time = requested_time;
 			  }
 			  
 			if (lease_time < min_time)
@@ -613,8 +637,8 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 			if (lease)
 			  {
 			    lease_set_expires(lease, lease_time, now);
-			    lease_set_hwaddr(lease, NULL, clid, 0, iaid, clid_len);
-			    lease_set_interface(lease, interface);
+			    lease_set_hwaddr(lease, NULL, clid, 0, iaid, clid_len, now, 0);
+			    lease_set_interface(lease, interface, now);
 			    if (hostname && ia_type == OPTION6_IA_NA)
 			      {
 				char *addr_domain = get_domain6(addrp);
@@ -653,13 +677,21 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 						    client_hostname ? strlen(client_hostname) : 0, 0);				
 				
 				/* space-concat tag set */
-				if (!tags)
+				if (!tagif && !context_tags)
 				  lease_add_extradata(lease, NULL, 0, 0);
 				else
 				  {
-				    struct dhcp_netid *n;
+				    struct dhcp_netid *n, *l, *tmp = tags;
 				    
-				    for (n = run_tag_if(tags); n; n = n->next)
+				    /* link temporarily */
+				    for (n = context_tags; n && n->next; n = n->next);
+				    if ((l = n))
+				      {
+					l->next = tags;
+					tmp = context_tags;
+				      }
+				    
+				    for (n = run_tag_if(tmp); n; n = n->next)
 				      {
 					struct dhcp_netid *n1;
 					/* kill dupes */
@@ -669,6 +701,10 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 					if (!n1)
 					  lease_add_extradata(lease, (unsigned char *)n->net, strlen(n->net), n->next ? ' ' : 0); 
 				      }
+
+				    /* unlink again */
+				    if (l)
+				      l->next = NULL;
 				  }
 
 				if (link_address)
@@ -694,8 +730,9 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 			  {
 			    o1 =  new_opt6(OPTION6_IAADDR);
 			    put_opt6(addrp, sizeof(*addrp));
-			    put_opt6_long(lease_time);
-			    put_opt6_long(lease_time);
+			    /* preferred lifetime */
+			    put_opt6_long(this_context && (this_context->flags & CONTEXT_DEPRECATE) ? 0 : lease_time);
+			    put_opt6_long(lease_time); /* valid lifetime */
 			    end_opt6(o1);
 
 			    log6_packet( make_lease ? "DHCPREPLY" : "DHCPADVERTISE", 
@@ -711,6 +748,11 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 		  {
 		    if (address_assigned) 
 		      {
+			o1 = new_opt6(OPTION6_STATUS_CODE);
+			put_opt6_short(DHCP6SUCCESS);
+			put_opt6_string("Oh hai from dnsmasq");
+			end_opt6(o1);
+			
 			if (ia_type == OPTION6_IA_NA)
 			  {
 			    /* go back an fill in fields in IA_NA option */
@@ -724,7 +766,7 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 		      }
 		    else
 		      { 
-			/* no address, return erro */
+			/* no address, return error */
 			o1 = new_opt6(OPTION6_STATUS_CODE);
 			put_opt6_short(DHCP6NOADDRS);
 			put_opt6_string("No addresses available");
@@ -732,6 +774,15 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 		      }
 		    
 		    end_opt6(o);
+		    	
+		    if (address_assigned) 
+		      {
+			/* If --dhcp-authoritative is set, we can tell client not to wait for
+			   other possible servers */
+			o = new_opt6(OPTION6_PREFERENCE);
+			put_opt6_char(option_bool(OPT_AUTHORITATIVE) ? 255 : 0);
+			end_opt6(o);
+		      }
 		    
 		    break;
 		  }
@@ -792,7 +843,7 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 	      {
 		struct dhcp_lease *lease = NULL;
 		struct in6_addr *req_addr = opt6_ptr(ia_option, 0);
-		u32 preferred_time = opt6_uint(ia_option, 16, 4);
+		u32 requested_time = opt6_uint(ia_option, 16, 4);
 		unsigned int lease_time;
 		struct dhcp_context *this_context;
 		struct dhcp_config *valid_config = config;
@@ -820,25 +871,38 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 		    break;
 		  }
 		
-		tagif = run_tag_if(tags);
+		
 		if (!address6_available(context, req_addr, tagif) || 
 		    !(this_context = narrow_context6(context, req_addr, tagif)))
-		  lease_time = 0;
+		  {
+		    lease_time = 0;
+		    this_context = NULL;
+		  }
 		else
 		  {
 		    /* get tags from context if we've not used it before */
-		    if (this_context->netid.next != &this_context->netid && this_context->netid.net)
+		    if (this_context->netid.next == &this_context->netid && this_context->netid.net)
 		      {
 			this_context->netid.next = context_tags;
 			context_tags = &this_context->netid;
+			if (!hostname_auth)
+			  {
+			    struct dhcp_netid_list *id_list;
+			    
+			    for (id_list = daemon->dhcp_ignore_names; id_list; id_list = id_list->next)
+			      if ((!id_list->list) || match_netid(id_list->list, &this_context->netid, 0))
+				break;
+			    if (id_list)
+			      hostname = NULL;
+			  }
 		      }
 		    
 		    lease_time = have_config(valid_config, CONFIG_TIME) ? valid_config->lease_time : this_context->lease_time;
 		    
-		    if (preferred_time < 120u )
-		      preferred_time = 120u; /* sanity */
-		    if (lease_time == 0xffffffff || (preferred_time != 0xffffffff && preferred_time < lease_time))
-		      lease_time = preferred_time;
+		    if (requested_time < 120u )
+		      requested_time = 120u; /* sanity */
+		    if (lease_time == 0xffffffff || (requested_time != 0xffffffff && requested_time < lease_time))
+		      lease_time = requested_time;
 		    
 		    lease_set_expires(lease, lease_time, now);
 		    if (ia_type == OPTION6_IA_NA && hostname)
@@ -857,17 +921,23 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 		
 		o1 =  new_opt6(OPTION6_IAADDR);
 		put_opt6(req_addr, sizeof(*req_addr));
-		put_opt6_long(lease_time);
-		put_opt6_long(lease_time);
+		/* preferred lifetime */
+		put_opt6_long(this_context && (this_context->flags & CONTEXT_DEPRECATE) ? 0 : lease_time);
+		put_opt6_long(lease_time); /* valid lifetime */
 		end_opt6(o1);
 	      }
 	    
 	    if (t1cntr != 0)
 	      {
 		/* go back an fill in fields in IA_NA option */
-		unsigned int t1 = min_time == 0xffffffff ? 0xffffffff : min_time/2;
-		unsigned int t2 = min_time == 0xffffffff ? 0xffffffff : (min_time/8) * 7;
 		int sav = save_counter(t1cntr);
+		unsigned int t1, t2, fuzz = rand16();
+		
+		while (fuzz > (min_time/16))
+		  fuzz = fuzz/2; 
+		t1 = min_time == 0xffffffff ? 0xffffffff : min_time/2 - fuzz;
+		t2 = min_time == 0xffffffff ? 0xffffffff : ((min_time/8)*7) - fuzz;
+		
 		put_opt6_long(t1);
 		put_opt6_long(t2);
 		save_counter(sav);
@@ -1141,17 +1211,38 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 	}
       
       o = new_opt6(opt_cfg->opt);
-      /* Maye be empty */
-      if (opt_cfg->val)
+      if (opt_cfg->flags & DHOPT_ADDR6)
+	{
+	  int j;
+	  struct in6_addr *a = (struct in6_addr *)opt_cfg->val;
+          for (j = 0; j < opt_cfg->len; j+=IN6ADDRSZ, a++)
+            {
+              /* zero means "self" (but not in vendorclass options.) */
+              if (IN6_IS_ADDR_UNSPECIFIED(a))
+                {
+		  if (IN6_IS_ADDR_UNSPECIFIED(&context->local6))
+		    put_opt6(fallback, IN6ADDRSZ);
+		  else
+		    put_opt6(&context->local6, IN6ADDRSZ);
+		}
+              else
+                put_opt6(a, IN6ADDRSZ);
+            }
+	}
+      else if (opt_cfg->val)
 	put_opt6(opt_cfg->val, opt_cfg->len);
       end_opt6(o);
-      
     }
   
-  if (!done_dns)
+  if (!done_dns && 
+      (!IN6_IS_ADDR_UNSPECIFIED(&context->local6) ||
+       !IN6_IS_ADDR_UNSPECIFIED(fallback)))
     {
       o = new_opt6(OPTION6_DNS_SERVER);
-      put_opt6(&context->local6, IN6ADDRSZ);
+      if (IN6_IS_ADDR_UNSPECIFIED(&context->local6))
+	put_opt6(fallback, IN6ADDRSZ);
+      else
+	put_opt6(&context->local6, IN6ADDRSZ);
       end_opt6(o); 
     }
    
@@ -1159,8 +1250,7 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
        dhcp-option = vi-encap:13,17,....... */
   for (opt_cfg = daemon->dhcp_opts6; opt_cfg; opt_cfg = opt_cfg->next)
     opt_cfg->flags &= ~DHOPT_ENCAP_DONE;
-  
-  
+    
   if (oro)
     for (i = 0; i <  opt6_len(oro) - 1; i += 2)
       if (opt6_uint(oro, i, 2) == OPTION6_VENDOR_OPTS)
@@ -1213,18 +1303,6 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
     }      
 
 
-  /* if all the netids in the ignore_name list are present, ignore client-supplied name */
-  if (!hostname_auth)
-    {
-       struct dhcp_netid_list *id_list;
-       
-       for (id_list = daemon->dhcp_ignore_names; id_list; id_list = id_list->next)
-	 if ((!id_list->list) || match_netid(id_list->list, tagif, 0))
-	   break;
-       if (id_list)
-	 hostname = NULL;
-    }
-  
   if (hostname)
     {
       unsigned char *p;
@@ -1234,12 +1312,14 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 	len += strlen(send_domain) + 1;
 
       o = new_opt6(OPTION6_FQDN);
-      p = expand(len + 3);
-      *(p++) = fqdn_flags;
-      p = do_rfc1035_name(p, hostname);
-      if (send_domain)
-	p = do_rfc1035_name(p, send_domain);
-      *p = 0;
+      if ((p = expand(len + 3)))
+	{
+	  *(p++) = fqdn_flags;
+	  p = do_rfc1035_name(p, hostname);
+	  if (send_domain)
+	    p = do_rfc1035_name(p, send_domain);
+	  *p = 0;
+	}
       end_opt6(o);
     }
 
@@ -1268,31 +1348,68 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
   log_tags(tagif, xid);
 
   if (option_bool(OPT_LOG_OPTS))
-    {
-      int end_opts = save_counter(-1);
-      
-      /* must have created at least one option */
-      if (start_opts != end_opts)
-	for (opt = daemon->outpacket.iov_base + start_opts; opt; opt = opt6_next(opt, daemon->outpacket.iov_base + end_opts))
-	  {
-	    int offset = 0;
-	    char *optname;
-
-	    /* account for flag byte on FQDN */
-	    if (opt6_type(opt) == OPTION6_FQDN)
-	      offset = 1;
-	    
-	    optname = option_string(AF_INET6, opt6_type(opt), opt6_ptr(opt, offset), opt6_len(opt) - offset, daemon->namebuff, MAXDNAME);
-	    
-	    my_syslog(MS_DHCP | LOG_INFO, "%u sent size:%3d option:%3d %s  %s", 
-		      xid, opt6_len(opt), opt6_type(opt), optname, daemon->namebuff);
-	  }
-    }		 
+    log6_opts(0, xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1));
   
   return 1;
-  
 }
 
+static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts)
+{
+  void *opt;
+  char *desc = nest ? "nest" : "sent";
+  
+  if (start_opts == end_opts)
+    return;
+  
+  for (opt = start_opts; opt; opt = opt6_next(opt, end_opts))
+    {
+      int type = opt6_type(opt);
+      void *ia_options = NULL;
+      char *optname;
+      
+      if (type == OPTION6_IA_NA)
+	{
+	  sprintf(daemon->namebuff, "IAID=%u T1=%u T2=%u",
+		  opt6_uint(opt, 0, 4), opt6_uint(opt, 4, 4), opt6_uint(opt, 8, 4));
+	  optname = "ia-na";
+	  ia_options = opt6_ptr(opt, 12);
+	}
+      else if (type == OPTION6_IA_TA)
+	{
+	  sprintf(daemon->namebuff, "IAID=%u", opt6_uint(opt, 0, 4));
+	  optname = "ia-ta";
+	  ia_options = opt6_ptr(opt, 4);
+	}
+      else if (type == OPTION6_IAADDR)
+	{
+	  inet_ntop(AF_INET6, opt6_ptr(opt, 0), daemon->addrbuff, ADDRSTRLEN);
+	  sprintf(daemon->namebuff, "%s PL=%u VL=%u", 
+		  daemon->addrbuff, opt6_uint(opt, 16, 4), opt6_uint(opt, 20, 4));
+	  optname = "iaaddr";
+	  ia_options = opt6_ptr(opt, 24);
+	}
+      else if (type == OPTION6_STATUS_CODE)
+	{
+	  int len = sprintf(daemon->namebuff, "%u ", opt6_uint(opt, 0, 2));
+	  memcpy(daemon->namebuff + len, opt6_ptr(opt, 2), opt6_len(opt)-2);
+	  daemon->namebuff[len + opt6_len(opt) - 2] = 0;
+	  optname = "status";
+	}
+      else
+	{
+	  /* account for flag byte on FQDN */
+	  int offset = type == OPTION6_FQDN ? 1 : 0;
+	  optname = option_string(AF_INET6, type, opt6_ptr(opt, offset), opt6_len(opt) - offset, daemon->namebuff, MAXDNAME);
+	}
+      
+      my_syslog(MS_DHCP | LOG_INFO, "%u %s size:%3d option:%3d %s  %s", 
+		xid, desc, opt6_len(opt), type, optname, daemon->namebuff);
+      
+      if (ia_options)
+	log6_opts(1, xid, ia_options, opt6_ptr(opt, opt6_len(opt)));
+    }
+}		 
+ 
 static void log6_packet(char *type, unsigned char *clid, int clid_len, struct in6_addr *addr, int xid, char *iface, char *string)
 {
   /* avoid buffer overflow */
@@ -1310,19 +1427,19 @@ static void log6_packet(char *type, unsigned char *clid, int clid_len, struct in
     daemon->dhcp_buff2[0] = 0;
 
   if(option_bool(OPT_LOG_OPTS))
-    my_syslog(MS_DHCP | LOG_INFO, "%u %s(%s) %s %s%s",
+    my_syslog(MS_DHCP | LOG_INFO, "%u %s(%s) %s%s %s",
 	      xid, 
 	      type,
 	      iface, 
-	      daemon->namebuff,
 	      daemon->dhcp_buff2,
+	      daemon->namebuff,
 	      string ? string : "");
   else
-    my_syslog(MS_DHCP | LOG_INFO, "%s(%s) %s %s%s",
+    my_syslog(MS_DHCP | LOG_INFO, "%s(%s) %s%s %s",
 	      type,
 	      iface, 
-	      daemon->namebuff,
 	      daemon->dhcp_buff2,
+	      daemon->namebuff,
 	      string ? string : "");
 }
 
@@ -1382,80 +1499,4 @@ static unsigned int opt6_uint(unsigned char *opt, int offset, int size)
   return ret;
 } 
 
-static void end_opt6(int container)
-{
-   void *p = daemon->outpacket.iov_base + container + 2;
-   u16 len = outpacket_counter - container - 4 ;
-   
-   PUTSHORT(len, p);
-}
-
-static int save_counter(int newval)
-{
-  int ret = outpacket_counter;
-  if (newval != -1)
-    outpacket_counter = newval;
-
-  return ret;
-}
-
-static void *expand(size_t headroom)
-{
-  void *ret;
-
-  if (expand_buf(&daemon->outpacket, outpacket_counter + headroom))
-    {
-      ret = daemon->outpacket.iov_base + outpacket_counter;
-      outpacket_counter += headroom;
-      return ret;
-    }
-  
-  return NULL;
-}
-    
-static int new_opt6(int opt)
-{
-  int ret = outpacket_counter;
-  void *p;
-
-  if ((p = expand(4)))
-    {
-      PUTSHORT(opt, p);
-      PUTSHORT(0, p);
-    }
-
-  return ret;
-}
-
-static void *put_opt6(void *data, size_t len)
-{
-  void *p;
-
-  if ((p = expand(len)))
-    memcpy(p, data, len);   
-
-  return p;
-}
-  
-static void put_opt6_long(unsigned int val)
-{
-  void *p;
-  
-  if ((p = expand(4)))  
-    PUTLONG(val, p);
-}
-
-static void put_opt6_short(unsigned int val)
-{
-  void *p;
-
-  if ((p = expand(2)))
-    PUTSHORT(val, p);   
-}
-
-static void put_opt6_string(char *s)
-{
-  put_opt6(s, strlen(s));
-}
-
 #endif

src/slaac.c

@@ -0,0 +1,261 @@
+/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+#ifdef HAVE_DHCP6
+
+#include <netinet/icmp6.h>
+
+static int map_rebuild = 0;
+static int ping_id = 0;
+
+void slaac_add_addrs(struct dhcp_lease *lease, time_t now, int force)
+{
+  struct slaac_address *slaac, *old, **up;
+  struct dhcp_context *context;
+  int dns_dirty = 0;
+  
+  if (!(lease->flags & LEASE_HAVE_HWADDR) || 
+      (lease->flags & (LEASE_TA | LEASE_NA)) ||
+      lease->last_interface == 0 ||
+      !lease->hostname)
+    return ;
+  
+  old = lease->slaac_address;
+  lease->slaac_address = NULL;
+
+  for (context = daemon->ra_contexts; context; context = context->next) 
+    if ((context->flags & CONTEXT_RA_NAME) && lease->last_interface == context->if_index)
+      {
+	struct in6_addr addr = context->start6;
+	if (lease->hwaddr_len == 6 &&
+	    (lease->hwaddr_type == ARPHRD_ETHER || lease->hwaddr_type == ARPHRD_IEEE802))
+	  {
+	    /* convert MAC address to EUI-64 */
+	    memcpy(&addr.s6_addr[8], lease->hwaddr, 3);
+	    memcpy(&addr.s6_addr[13], &lease->hwaddr[3], 3);
+	    addr.s6_addr[11] = 0xff;
+	    addr.s6_addr[12] = 0xfe;
+	  }
+#if defined(ARPHRD_EUI64)
+	else if (lease->hwaddr_len == 8 &&
+		 lease->hwaddr_type == ARPHRD_EUI64)
+	  memcpy(&addr.s6_addr[8], lease->hwaddr, 8);
+#endif
+#if defined(ARPHRD_IEEE1394) && defined(ARPHRD_EUI64)
+	else if (lease->clid_len == 9 && 
+		 lease->clid[0] ==  ARPHRD_EUI64 &&
+		 lease->hwaddr_type == ARPHRD_IEEE1394)
+	  /* firewire has EUI-64 identifier as clid */
+	  memcpy(&addr.s6_addr[8], &lease->clid[1], 8);
+#endif
+	else
+	  continue;
+	
+	addr.s6_addr[8] ^= 0x02;
+	
+	/* check if we already have this one */
+	for (up = &old, slaac = old; slaac; slaac = slaac->next)
+	  {
+	    if (IN6_ARE_ADDR_EQUAL(&addr, &slaac->addr))
+	      {
+		*up = slaac->next;
+		/* recheck when DHCPv4 goes through init-reboot */
+		if (force)
+		  {
+		    slaac->ping_time = now;
+		    slaac->backoff = 1;
+		    dns_dirty = 1;
+		  }
+		break;
+	      }
+	    up = &slaac->next;
+	  }
+	    
+	/* No, make new one */
+	if (!slaac && (slaac = whine_malloc(sizeof(struct slaac_address))))
+	  {
+	    slaac->ping_time = now;
+	    slaac->backoff = 1;
+	    slaac->addr = addr;
+	    slaac->local = context->local6;
+	    /* Do RA's to prod it */
+	    ra_start_unsolicted(now, context);
+	  }
+	
+	if (slaac)
+	  {
+	    slaac->next = lease->slaac_address;
+	    lease->slaac_address = slaac;
+	  }
+      }
+  
+  if (old || dns_dirty)
+    lease_update_dns(1);
+  
+  /* Free any no reused */
+  for (; old; old = slaac)
+    {
+      slaac = old->next;
+      free(old);
+    }
+}
+
+
+time_t periodic_slaac(time_t now, struct dhcp_lease *leases)
+{
+  struct dhcp_context *context;
+  struct dhcp_lease *lease;
+  struct slaac_address *slaac;
+  time_t next_event = 0;
+  
+  for (context = daemon->ra_contexts; context; context = context->next)
+    if ((context->flags & CONTEXT_RA_NAME))
+      break;
+
+  /* nothing configured */
+  if (!context)
+    return 0;
+
+  while (ping_id == 0)
+    ping_id = rand16();
+
+  if (map_rebuild)
+    {
+      map_rebuild = 0;
+      build_subnet_map();
+    }
+
+  for (lease = leases; lease; lease = lease->next)
+    for (slaac = lease->slaac_address; slaac; slaac = slaac->next)
+      {
+	/* confirmed or given up? */
+	if (slaac->backoff == 0 || slaac->ping_time == 0)
+	  continue;
+	
+	if (difftime(slaac->ping_time, now) <= 0.0)
+	  {
+	    struct ping_packet *ping;
+	    struct sockaddr_in6 addr;
+ 
+	    save_counter(0);
+	    ping = expand(sizeof(struct ping_packet));
+	    ping->type = ICMP6_ECHO_REQUEST;
+	    ping->code = 0;
+	    ping->identifier = ping_id;
+	    ping->sequence_no = slaac->backoff;
+	    
+	    memset(&addr, 0, sizeof(addr));
+#ifdef HAVE_SOCKADDR_SA_LEN
+	    addr.sin6_len = sizeof(struct sockaddr_in6);
+#endif
+	    addr.sin6_family = AF_INET6;
+	    addr.sin6_port = htons(IPPROTO_ICMPV6);
+	    addr.sin6_addr = slaac->addr;
+	    
+	    if (sendto(daemon->icmp6fd, daemon->outpacket.iov_base, save_counter(0), 0,
+		       (struct sockaddr *)&addr,  sizeof(addr)) == -1 &&
+		errno == EHOSTUNREACH)
+	      slaac->ping_time = 0; /* Give up */ 
+	    else
+	      {
+		slaac->ping_time += (1 << (slaac->backoff - 1)) + (rand16()/21785); /* 0 - 3 */
+		if (slaac->backoff > 4)
+		  slaac->ping_time += rand16()/4000; /* 0 - 15 */
+		if (slaac->backoff < 12)
+		  slaac->backoff++;
+	      }
+	  }
+	
+	if (slaac->ping_time != 0 &&
+	    (next_event == 0 || difftime(next_event, slaac->ping_time) >= 0.0))
+	  next_event = slaac->ping_time;
+      }
+
+  return next_event;
+}
+
+
+void slaac_ping_reply(struct in6_addr *sender, unsigned char *packet, char *interface, struct dhcp_lease *leases)
+{
+  struct dhcp_lease *lease;
+  struct slaac_address *slaac;
+  struct ping_packet *ping = (struct ping_packet *)packet;
+  int gotone = 0;
+  
+  if (ping->identifier == ping_id)
+    for (lease = leases; lease; lease = lease->next)
+      for (slaac = lease->slaac_address; slaac; slaac = slaac->next)
+	if (slaac->backoff != 0 && IN6_ARE_ADDR_EQUAL(sender, &slaac->addr))
+	  {
+	    slaac->backoff = 0;
+	    gotone = 1;
+	    inet_ntop(AF_INET6, sender, daemon->addrbuff, ADDRSTRLEN);
+	    my_syslog(MS_DHCP | LOG_INFO, "SLAAC-CONFIRM(%s) %s %s", interface, daemon->addrbuff, lease->hostname); 
+	  }
+  
+  lease_update_dns(gotone);
+}
+	
+/* Build a map from ra-names subnets to corresponding interfaces. This
+   is used to go from DHCPv4 leases to SLAAC addresses, 
+   interface->IPv6-subnet, IPv6-subnet + MAC address -> SLAAC.
+*/	      
+static int add_subnet(struct in6_addr *local,  int prefix,
+		      int scope, int if_index, int dad, void *vparam)
+{ 
+  struct dhcp_context *context;
+ 
+  (void)scope;
+  (void)dad;
+  (void)vparam;
+
+  for (context = daemon->ra_contexts; context; context = context->next)
+    if ((context->flags & CONTEXT_RA_NAME) &&
+	prefix == context->prefix &&
+	is_same_net6(local, &context->start6, prefix) &&
+	is_same_net6(local, &context->end6, prefix))
+      {
+	context->if_index = if_index;
+	context->local6 = *local;
+      }
+
+  return 1;
+}
+
+void build_subnet_map(void)
+{
+  struct dhcp_context *context;
+  int ok = 0;
+
+  for (context = daemon->ra_contexts; context; context = context->next)
+    {
+      context->if_index = 0;
+      if ((context->flags & CONTEXT_RA_NAME))
+	ok = 1;
+    }
+
+  /* ra-names configured */
+  if (ok)
+    iface_enumerate(AF_INET6, NULL, add_subnet);
+}
+
+void schedule_subnet_map(void)
+{
+  map_rebuild = 1; 
+}
+#endif

src/tftp.c

@@ -24,6 +24,7 @@ static ssize_t tftp_err(int err, char *packet, char *mess, char *file);
 static ssize_t tftp_err_oops(char *packet, char *file);
 static ssize_t get_block(char *packet, struct tftp_transfer *transfer);
 static char *next(char **p, char *end);
+static void sanitise(char *buf);
 
 #define OP_RRQ  1
 #define OP_WRQ  2
@@ -57,7 +58,7 @@ void tftp_request(struct listener *listen, time_t now)
   int mtuflag = IP_PMTUDISC_DONT;
 #endif
   char namebuff[IF_NAMESIZE];
-  char *name;
+  char *name = NULL;
   char *prefix = daemon->tftp_prefix;
   struct tftp_prefix *pref;
   struct interface_list *ir;
@@ -95,9 +96,20 @@ void tftp_request(struct listener *listen, time_t now)
   
   if (option_bool(OPT_NOWILD))
     {
-      addr = listen->iface->addr;
-      mtu = listen->iface->mtu;
-      name = listen->iface->name;
+      if (listen->iface)
+	{
+	  addr = listen->iface->addr;
+	  mtu = listen->iface->mtu;
+	  name = listen->iface->name;
+	}
+      else
+	{
+	  /* we're listening on an address that doesn't appear on an interface,
+	     ask the kernel what the socket is bound to */
+	  socklen_t tcp_len = sizeof(union mysockaddr);
+	  if (getsockname(listen->tftpfd, (struct sockaddr *)&addr, &tcp_len) == -1)
+	    return;
+	}
     }
   else
     {
@@ -211,15 +223,18 @@ void tftp_request(struct listener *listen, time_t now)
 	mtu = ifr.ifr_mtu;      
     }
   
-  /* check for per-interface prefix */ 
-  for (pref = daemon->if_prefix; pref; pref = pref->next)
-    if (strcmp(pref->interface, name) == 0)
-      prefix = pref->prefix;
-
-  /* wierd TFTP interfaces disable special options. */
-  for (ir = daemon->tftp_interfaces; ir; ir = ir->next)
-    if (strcmp(ir->interface, name) == 0)
-      special = 1;
+  if (name)
+    {
+      /* check for per-interface prefix */ 
+      for (pref = daemon->if_prefix; pref; pref = pref->next)
+	if (strcmp(pref->interface, name) == 0)
+	  prefix = pref->prefix;
+      
+      /* wierd TFTP interfaces disable special options. */
+      for (ir = daemon->tftp_interfaces; ir; ir = ir->next)
+	if (strcmp(ir->interface, name) == 0)
+	  special = 1;
+    }
 
   if (listen->family == AF_INET)
     {
@@ -297,7 +312,10 @@ void tftp_request(struct listener *listen, time_t now)
       !(filename = next(&p, end)) ||
       !(mode = next(&p, end)) ||
       (strcasecmp(mode, "octet") != 0 && strcasecmp(mode, "netascii") != 0))
-    len = tftp_err(ERR_ILL, packet, _("unsupported request from %s"), daemon->addrbuff);
+    {
+      len = tftp_err(ERR_ILL, packet, _("unsupported request from %s"), daemon->addrbuff);
+      is_err = 1;
+    }
   else
     {
       if (strcasecmp(mode, "netascii") == 0)
@@ -330,9 +348,12 @@ void tftp_request(struct listener *listen, time_t now)
 	}
 
       /* cope with backslashes from windows boxen. */
-      while ((p = strchr(filename, '\\')))
-	*p = '/';
-
+      for (p = filename; *p; p++)
+	if (*p == '\\')
+	  *p = '/';
+	else if (option_bool(OPT_TFTP_LC))
+	  *p = tolower(*p);
+		
       strcpy(daemon->namebuff, "/");
       if (prefix)
 	{
@@ -379,7 +400,7 @@ void tftp_request(struct listener *listen, time_t now)
     }
   
   while (sendto(transfer->sockfd, packet, len, 0, 
-		(struct sockaddr *)&peer, sizeof(peer)) == -1 && errno == EINTR);
+		(struct sockaddr *)&peer, sa_len(&peer)) == -1 && errno == EINTR);
   
   if (is_err)
     free_transfer(transfer);
@@ -487,12 +508,12 @@ void check_tftp_listeners(fd_set *rset, time_t now)
     {
       tmp = transfer->next;
       
+      prettyprint_addr(&transfer->peer, daemon->addrbuff);
+     
       if (FD_ISSET(transfer->sockfd, rset))
 	{
 	  /* we overwrote the buffer... */
 	  daemon->srv_save = NULL;
-	   
-	  prettyprint_addr(&transfer->peer, daemon->addrbuff);
 	  
 	  if ((len = recv(transfer->sockfd, daemon->packet, daemon->packet_buff_sz, 0)) >= (ssize_t)sizeof(struct ack))
 	    {
@@ -514,14 +535,8 @@ void check_tftp_listeners(fd_set *rset, time_t now)
 		  if (!err)
 		    err = "";
 		  else
-		    {
-		      unsigned char *q, *r;
-		      for (q = r = (unsigned char *)err; *r; r++)
-			if (isprint(*r))
-			  *(q++) = *r;
-		      *q = 0;
-		    }
-
+		    sanitise(err);
+		  
 		  my_syslog(MS_TFTP | LOG_ERR, _("error %d %s received from %s"),
 			    (int)ntohs(mess->block), err, 
 			    daemon->addrbuff);	
@@ -548,30 +563,33 @@ void check_tftp_listeners(fd_set *rset, time_t now)
 	      len = tftp_err_oops(daemon->packet, transfer->file->filename);
 	      endcon = 1;
 	    }
-	  else if (++transfer->backoff > 5)
+	  /* don't complain about timeout when we're awaiting the last
+	     ACK, some clients never send it */
+	  else if (++transfer->backoff > 5 && len != 0)
 	    {
-	      /* don't complain about timeout when we're awaiting the last
-		 ACK, some clients never send it */
-	      if (len != 0)
-		{
-		  my_syslog(MS_TFTP | LOG_ERR, _("failed sending %s to %s"), 
-			    transfer->file->filename, daemon->addrbuff);
-		  len = 0;
-		  endcon = 1;
-		}
+	      endcon = 1;
+	      len = 0;
 	    }
-	  
+
 	  if (len != 0)
 	    while(sendto(transfer->sockfd, daemon->packet, len, 0, 
-			 (struct sockaddr *)&transfer->peer, sizeof(transfer->peer)) == -1 && errno == EINTR);
+			 (struct sockaddr *)&transfer->peer, sa_len(&transfer->peer)) == -1 && errno == EINTR);
 	  
 	  if (endcon || len == 0)
 	    {
-	      if (!endcon)
-		my_syslog(MS_TFTP | LOG_INFO, _("sent %s to %s"), transfer->file->filename, daemon->addrbuff);
+	      strcpy(daemon->namebuff, transfer->file->filename);
+	      sanitise(daemon->namebuff);
+	      my_syslog(MS_TFTP | LOG_INFO, endcon ? _("failed sending %s to %s") : _("sent %s to %s"), daemon->namebuff, daemon->addrbuff);
 	      /* unlink */
 	      *up = tmp;
-	      free_transfer(transfer);
+	      if (endcon)
+		free_transfer(transfer);
+	      else
+		{
+		  /* put on queue to be sent to script and deleted */
+		  transfer->next = daemon->tftp_done_trans;
+		  daemon->tftp_done_trans = transfer;
+		}
 	      continue;
 	    }
 	}
@@ -605,6 +623,16 @@ static char *next(char **p, char *end)
   return ret;
 }
 
+static void sanitise(char *buf)
+{
+  unsigned char *q, *r;
+  for (q = r = (unsigned char *)buf; *r; r++)
+    if (isprint((int)*r))
+      *(q++) = *r;
+  *q = 0;
+
+}
+
 static ssize_t tftp_err(int err, char *packet, char *message, char *file)
 {
   struct errmess {
@@ -613,7 +641,9 @@ static ssize_t tftp_err(int err, char *packet, char *message, char *file)
   } *mess = (struct errmess *)packet;
   ssize_t ret = 4;
   char *errstr = strerror(errno);
- 
+  
+  sanitise(file);
+
   mess->op = htons(OP_ERR);
   mess->err = htons(err);
   ret += (snprintf(mess->message, 500,  message, file, errstr) + 1);
@@ -624,7 +654,9 @@ static ssize_t tftp_err(int err, char *packet, char *message, char *file)
 
 static ssize_t tftp_err_oops(char *packet, char *file)
 {
-  return tftp_err(ERR_NOTDEF, packet, _("cannot read %s: %s"), file);
+  /* May have >1 refs to file, so potentially mangle a copy of the name */
+  strcpy(daemon->namebuff, file);
+  return tftp_err(ERR_NOTDEF, packet, _("cannot read %s: %s"), daemon->namebuff);
 }
 
 /* return -1 for error, zero for done. */
@@ -709,4 +741,21 @@ static ssize_t get_block(char *packet, struct tftp_transfer *transfer)
     }
 }
 
+
+int do_tftp_script_run(void)
+{
+  struct tftp_transfer *transfer;
+
+  if ((transfer = daemon->tftp_done_trans))
+    {
+      daemon->tftp_done_trans = transfer->next;
+#ifdef HAVE_SCRIPT
+      queue_tftp(transfer->file->size, transfer->file->filename, &transfer->peer);
+#endif
+      free_transfer(transfer);
+      return 1;
+    }
+
+  return 0;
+}
 #endif

src/util.c

@@ -330,7 +330,7 @@ int is_same_net6(struct in6_addr *a, struct in6_addr *b, int prefixlen)
     return 0;
 
   if (pfbits == 0 ||
-      (a->s6_addr[pfbytes] >> (8 - pfbits) != b->s6_addr[pfbytes] >> (8 - pfbits)))
+      (a->s6_addr[pfbytes] >> (8 - pfbits) == b->s6_addr[pfbytes] >> (8 - pfbits)))
     return 1;
 
   return 0;
@@ -426,7 +426,7 @@ int parse_hex(char *in, unsigned char *out, int maxlen,
   
   while (maxlen == -1 || i < maxlen)
     {
-      for (r = in; *r != 0 && *r != ':' && *r != '-'; r++)
+      for (r = in; *r != 0 && *r != ':' && *r != '-' && *r != ' '; r++)
 	if (*r != '*' && !isxdigit((unsigned char)*r))
 	  return -1;
       
@@ -444,12 +444,29 @@ int parse_hex(char *in, unsigned char *out, int maxlen,
 	  else
 	    {
 	      *r = 0;
-	      mask = mask << 1;
 	      if (strcmp(in, "*") == 0)
-		mask |= 1;
+		{
+		  mask = (mask << 1) | 1;
+		  i++;
+		}
 	      else
-		out[i] = strtol(in, NULL, 16);
-	      i++;
+		{
+		  int j, bytes = (1 + (r - in))/2;
+		  for (j = 0; j < bytes; j++)
+		    { 
+		      char sav;
+		      if (j < bytes - 1)
+			{
+			  sav = in[(j+1)*2];
+			  in[(j+1)*2] = 0;
+			}
+		      out[i] = strtol(&in[j*2], NULL, 16);
+		      mask = mask << 1;
+		      i++;
+		      if (j < bytes - 1)
+			in[(j+1)*2] = sav;
+		    }
+		}
 	    }
 	}
       in = r+1;