Cope with --listen-address for not yet existent addr in bind-dynamic mode.

CHANGELOG

@@ -10,6 +10,43 @@ version 2.63
 	    Add --bind-dynamic. A hybrid mode between the default and
 	    --bind-interfaces which copes with dynamically created
 	    interfaces. 
+	    
+	    A couple of fixes to the build system for Android. Thanks
+	    to Metin Kaya for the patches.
+
+	    Remove the interface:<interface> argument in --dhcp-range, and
+	    the interface argument to --enable-tftp. These were a
+	    still-born attempt to allow automatic isolated
+	    configuration by libvirt, but have never (to my knowledge)
+	    been used, had very strange semantics, and have been
+	    superceded by other mechanisms. 
+
+	    Fixed bug logging filenames when duplicate dhcp-host
+	    addresses are found. Thanks to John Hanks for the patch.
+
+	    Fix regression in 2.61 which broke caching of CNAME
+	    chains. Thanks to Atul Gupta for the bug report.
+
+	    Allow the target of a --cname flag to be another --cname.
+
+            Teach DHCPv6 about the RFC 4242 information-refresh-time
+	    option, and add parsing if the minutes, hours and days
+	    format for options. Thanks to Francois-Xavier Le Bail for
+	    the suggestion.
+
+	    Allow "w" (for week) as multiplier in lease times, as well
+	    as seconds, minutes, hours and days.  Álvaro Gámez Machado 
+	    spotted the ommission.
+ 
+	    Update French translation. Thanks to Gildas Le Nadan.
+
+	    Allow a DBus service name to be given with --enable-dbus
+	    which overrides the default,
+	    uk.org.thekelleys.dnsmasq. Thanks to Mathieu
+	    Trudel-Lapierre for the patch. 
+
+	    Set the "prefix on-link" bit in Router
+	    Advertisements. Thanks to Gui Iribarren for the patch.
 
 
 version 2.62
@@ -36,7 +73,6 @@ version 2.62
 	    two addresses in the same network. Thanks to Jim Bos for
 	    his help nailing this.
 
-
 version 2.61
 	    Re-write interface discovery code on *BSD to use
 	    getifaddrs. This is more portable, more straightforward,

FAQ

@@ -236,53 +236,70 @@ Q: What network types are supported by the DHCP server?
 A: Ethernet (and 802.11 wireless) are supported on all platforms. On
    Linux all network types (including FireWire) are supported.
 
-Q: What is this strange "bind-interface" option?
+Q: What are these strange "bind-interface" and "bind-dynamic" options?
 
-A: The DNS spec says that the reply to a DNS query must come from the
-   same address it was sent to. The traditional way to write an UDP
-   server to do this is to find all of the addresses belonging to the
-   machine (ie all the interfaces on the machine) and then create a
-   socket for each interface which is bound to the address of the
-   interface. Then when a packet is sent to address A, it is received
-   on the socket bound to address A and when the reply is also sent
-   via that socket, the source address is set to A by the kernel and
-   everything works. This is the how dnsmasq works when
-   "bind-interfaces" is set, with the obvious extension that is misses
-   out creating sockets for some interfaces depending on the
-   --interface, --address and --except-interface flags.  The
-   disadvantage of this approach is that it breaks if interfaces don't
-   exist or are not configured when the daemon starts and does the
-   socket creation step. In a hotplug-aware world this is a real
-   problem.
+A: Dnsmasq from v2.63 can operate in one of three different "networking
+   modes". This is unfortunate as it requires users configuring dnsmasq
+   to take into account some rather bizzare contraints and select the
+   mode which best fits the requirements of a particular installation.
+   The origin of these are deficiencies in the Unix networking
+   model and APIs and each mode has different advantages and
+   problems. Just to add to the confusion, not all modes are available on
+   all platforms (due the to lack of supporting network APIs).To further
+   add to the confusion, the rules for the DHCP subsystem on dnsmasq are
+   different to the rules for the DNS and TFTP subsystems.
 
-   The alternative approach is to have only one socket, which is bound
-   to the correct port and the wildcard IP address (0.0.0.0). That
-   socket will receive _all_ packets sent to port 53, no matter what
-   destination address they have. This solves the problem of
-   interfaces which are created or reconfigured after daemon
-   start-up. To make this work is more complicated because of the
-   "reply source address" problem. When a UDP packet is sent by a
-   socket bound to 0.0.0.0 its source address will be set to the
-   address of one of the machine's interfaces, but which one is not
-   determined and can vary depending on the OS being run. To get round
-   this it is neccessary to use a scary advanced API to determine the
-   address to which a query was sent, and force that to be the source
-   address in the reply. For IPv4 this stuff in non-portable and quite
-   often not even available (It's different between FreeBSD 5.x and
-   Linux, for instance, and FreeBSD 4.x, Linux 2.0.x and OpenBSD don't
-   have it at all.) Hence "bind-interfaces" has to always be available
-   as a fall back. For IPv6 the API is standard and universally
-   available.
+   The three modes are "wildcard", "bind-interfaces" and "bind-dynamic".
 
-   It could be argued that if the --interface or --address flags are
-   used then binding interfaces is more appropriate, but using
-   wildcard binding means that dnsmasq will quite happily start up
-   after being told to use interfaces which don't exist, but which are
-   created later. Wildcard binding breaks the scenario when dnsmasq is
-   listening on one interface and another server (most probably BIND)
-   is listening on another. It's not possible for BIND to bind to an
-   (address,port) pair when dnsmasq has bound (wildcard,port), hence
-   the ability to explicitly turn off wildcard binding.
+   In "wildcard" mode, dnsmasq binds the wildcard IP address (0.0.0.0 or
+   ::). This allows it to recieve all the packets sent to the server on
+   the relevant port. Access control (--interface, --except-interface,
+   --listen-address, etc) is implemented by dnsmasq: it queries the
+   kernel to determine the interface on which a packet was recieved and
+   the address to which it was sent, and applies the configured
+   rules. Wildcard mode is the default if neither of the other modes are
+   specified. 
+
+   In "bind-interfaces" mode, dnsmasq runs through all the network
+   interfaces available when it starts, finds the set of IP addresses on
+   those interfaces, filters that set using the access control
+   configuration, and then binds the set of IP addresses. Only packets
+   sent to the allowed addresses are delivered by the kernel to dnsmasq.
+
+   In "bind-dynamic" mode, access control filtering is done both by
+   binding individual IP addresses, as for bind-interfaces, and by
+   inspecting individual packets on arrival as for wildcard mode. In
+   addition, dnsmasq notices when new interfaces appear or new addresses
+   appear on existing interfaces, and the resulting IP addresses are
+   bound automatically without having to restart dnsmasq.
+
+   The mode chosen has four different effects: co-existence with other
+   servers, semantics of --interface access control, effect of new
+   interfaces, and legality of --interface specifications for
+   non-existent inferfaces. We will deal with these in order.
+
+   A dnsmasq instance running in wildcard mode precludes a machine from
+   running a second instance of dnsmasq or any other DNS, TFTP or DHCP
+   server. Attempts to do so will fail with an "address in use" error. 
+   Dnsmasq running in --bind-interfaces or bind-dynamic mode allow other
+   instances of dnsmasq or other servers, as long as no two servers are
+   configured to listen on the same interface address. 
+
+   The semantics of --interface varies subtly between wildcard or
+   bind-dynamic mode and bind-interfaces mode. The situation where this
+   matters is a request which arrives via one interface (A), but with a
+   destination address of a second interface (B) and when dnsmasq is
+   configured to listen only on B. In wildcard or bind-dynamic mode, such
+   a request will be ignored, in bind-interfaces mode, it will be
+   accepted.
+
+   The creation of new network interfaces after dnsmasq starts is ignored
+   by dnsmasq when in --bind-interfaces mode. In wildcard or bind-dynamic
+   mode, such interfaces are handled normally.
+
+   A --interface specification for a non-existent interface is a fatal
+   error at start-up when in --bind-interfaces mode, by just generates a
+   warning in wildcard or bind-dynamic mode.
 
 Q: Why doesn't Kerberos work/why can't I get sensible answers to
    queries for SRV records.

bld/Android.mk

@@ -17,4 +17,6 @@ LOCAL_C_INCLUDES := external/dnsmasq/src
 LOCAL_CFLAGS := -O2 -g -W -Wall -D__ANDROID__ -DNO_IPV6 -DNO_TFTP -DNO_SCRIPT
 LOCAL_SYSTEM_SHARED_LIBRARIES := libc libcutils
 
+LOCAL_LDLIBS := -L$(SYSROOT)/usr/lib -llog
+
 include $(BUILD_EXECUTABLE)

dbus/DBus-interface

@@ -19,7 +19,8 @@ and avoids startup races with the provider of nameserver information.
 
 
 Dnsmasq provides one service on the DBus: uk.org.thekelleys.dnsmasq
-and a single object: /uk/org/thekelleys/dnsmasq
+and a single object: /uk/org/thekelleys/dnsmasq 
+The name of the service may be changed by giving an argument to --enable-dbus.
 
 1. METHODS
 ----------

debian/changelog

@@ -1,6 +1,7 @@
 dnsmasq (2.63-1) unstable; urgency=low
 
    * New upstream.
+   * Move /etc/dbus-1/system.d/dnsmasq.conf from dnsmasq to dnsmasq-base.
 
  -- Simon Kelley <simon@thekelleys.org.uk>  Mon, 11 Jun 2012 21:55:35 +0000
 

debian/conffiles

@@ -2,5 +2,4 @@
 /etc/default/dnsmasq
 /etc/dnsmasq.conf
 /etc/resolvconf/update.d/dnsmasq
-/etc/dbus-1/system.d/dnsmasq.conf
 /etc/insserv.conf.d/dnsmasq

debian/control

@@ -23,7 +23,8 @@ Description: Small caching DNS proxy and DHCP/TFTP server
 Package: dnsmasq-base
 Architecture: any
 Depends: ${shlibs:Depends}
-Conflicts: dnsmasq (<<2.41)
+Breaks: dnsmasq (<< 2.62-3)
+Replaces: dnsmasq (<< 2.62-3)
 Description: Small caching DNS proxy and DHCP/TFTP server
  This package contains the dnsmasq executable and documentation, but
  not the infrastructure required to run it as a system daemon. For

debian/dnsmasq-base.conffiles

@@ -0,0 +1 @@
+/etc/dbus-1/system.d/dnsmasq.conf

debian/rules

@@ -85,7 +85,6 @@ binary-indep:	checkroot
 	        -d debian/daemon/etc/resolvconf/update.d \
 		-d debian/daemon/usr/lib/resolvconf/dpkg-event.d \
 	        -d debian/daemon/etc/default \
-		-d debian/daemon/etc/dbus-1/system.d \
 		-d debian/daemon/lib/systemd/system \
                 -d debian/daemon/etc/insserv.conf.d
 	install -m 644 debian/conffiles debian/daemon/DEBIAN
@@ -96,7 +95,6 @@ binary-indep:	checkroot
 	install -m 644 debian/default debian/daemon/etc/default/dnsmasq
 	install -m 644 dnsmasq.conf.example debian/daemon/etc/dnsmasq.conf
 	install -m 644 debian/readme.dnsmasq.d debian/daemon/etc/dnsmasq.d/README
-	install -m 644 debian/dbus.conf debian/daemon/etc/dbus-1/system.d/dnsmasq.conf
 	install -m 644 debian/systemd.service debian/daemon/lib/systemd/system/dnsmasq.service
 	install -m 644 debian/insserv debian/daemon/etc/insserv.conf.d/dnsmasq
 	ln -s $(package) debian/daemon/usr/share/doc/dnsmasq
@@ -111,6 +109,7 @@ binary-arch:	checkroot
 	rm -rf debian/base
 	install -m 755 \
 		-d debian/base/DEBIAN \
+		-d debian/base/etc/dbus-1/system.d \
 	        -d debian/base/usr/share/doc/$(package) \
 		-d debian/base/usr/share/doc/$(package)/examples \
 	        -d debian/base/var/run \
@@ -129,10 +128,12 @@ ifeq (,$(findstring nodocs,$(DEB_BUILD_OPTIONS)))
 	install -m 644 dbus/DBus-interface debian/base/usr/share/doc/$(package)/.
 	gzip -9 debian/base/usr/share/doc/$(package)/DBus-interface	
 endif
+	install -m 644 debian/dnsmasq-base.conffiles debian/base/DEBIAN/conffiles
 	install -m 644 debian/changelog debian/base/usr/share/doc/$(package)/changelog.Debian
 	gzip -9 debian/base/usr/share/doc/$(package)/changelog.Debian
 	install -m 644 debian/readme debian/base/usr/share/doc/$(package)/README.Debian
 	install -m 644 debian/copyright debian/base/usr/share/doc/$(package)/copyright
+	install -m 644 debian/dbus.conf debian/base/etc/dbus-1/system.d/dnsmasq.conf
 	gzip -9 debian/base/usr/share/man/man8/dnsmasq.8
 	for f in debian/base/usr/share/man/*; do \
 		if [ -f $$f/man8/dnsmasq.8 ]; then \

dnsmasq.conf.example

@@ -326,6 +326,9 @@
 # dnsmasq and another.
 #dhcp-option=option6:dns-server,[::],[1234::88]
 
+# Ask client to poll for option changes every six hours. (RFC4242)
+#dhcp-option=option6:information-refresh-time,6h
+
 # Set the NTP time server address to be the same machine as
 # is running dnsmasq
 #dhcp-option=42,0.0.0.0
@@ -522,7 +525,7 @@
 # If you want to disable negative caching, uncomment this.
 #no-negcache
 
-# Normally responses which come form /etc/hosts and the DHCP lease
+# Normally responses which come from /etc/hosts and the DHCP lease
 # file have Time-To-Live set as zero, which conventionally means
 # do not cache further. If you are happy to trade lower load on the
 # server for potentially stale date, you can set a time-to-live (in

man/dnsmasq.8

@@ -207,12 +207,12 @@ dnsmasq which provide DHCP service to run in the same machine.
 .B --bind-dynamic
 Enable a network mode which is a hybrid between 
 .B --bind-interfaces
-and the default. Dnsmasq binds the address of indivdual interfaces,
+and the default. Dnsmasq binds the address of individual interfaces,
 allowing multiple dnsmasq instances, but if new interfaces or
 addresses appear, it automatically listens on those (subject to any
 access-control configuration). This makes dynamically created
 interfaces work in the same way as the default. Implementing this
-option requires non-standard networking APIs and it is only availble
+option requires non-standard networking APIs and it is only available
 under Linux. On other platforms it falls-back to --bind-interfaces mode.
 .TP
 .B \-y, --localise-queries
@@ -271,11 +271,13 @@ time is the one used.
 Don't read /etc/resolv.conf. Get upstream servers only from the command
 line or the dnsmasq configuration file.
 .TP
-.B \-1, --enable-dbus
+.B \-1, --enable-dbus[=<service-name>]
 Allow dnsmasq configuration to be updated via DBus method calls. The
 configuration which can be changed is upstream DNS servers (and
 corresponding domains) and cache clear. Requires that dnsmasq has
-been built with DBus support.
+been built with DBus support. If the service name is given, dnsmasq
+provides service at that name, rather than the default which is 
+.B uk.org.thekelleys.dnsmasq
 .TP 
 .B \-o, --strict-order
 By default, dnsmasq will send queries to any of the upstream servers
@@ -461,14 +463,16 @@ Return an NAPTR DNS record, as specified in RFC3403.
 Return a CNAME record which indicates that <cname> is really
 <target>. There are significant limitations on the target; it must be a
 DNS name which is known to dnsmasq from /etc/hosts (or additional
-hosts files) or from DHCP. If the target does not satisfy this
+hosts files), from DHCP or from another 
+.B --cname.
+If the target does not satisfy this
 criteria, the whole cname is ignored. The cname must be unique, but it
 is permissable to have more than one cname pointing to the same target.
 .TP
 .B --dns-rr=<name>,<RR-number>,[<hex data>]
 Return an arbitrary DNS Resource Record. The number is the type of the
 record (which is always in the C_IN class). The value of the record is
-given by the hex data, which may be of the for 01:23:45 or 01 23 45 or
+given by the hex data, which may be of the form 01:23:45 or 01 23 45 or
 012345 or any mixture of these.
 .TP
 .B --interface-name=<name>,<interface>
@@ -529,9 +533,9 @@ compiled in and the kernel must have conntrack support
 included and configured. This option cannot be combined with
 --query-port. 
 .TP
-.B \-F, --dhcp-range=[interface:<interface>,][tag:<tag>[,tag:<tag>],][set:<tag],]<start-addr>[,<end-addr>][,<mode>][,<netmask>[,<broadcast>]][,<lease time>]
+.B \-F, --dhcp-range=[tag:<tag>[,tag:<tag>],][set:<tag],]<start-addr>[,<end-addr>][,<mode>][,<netmask>[,<broadcast>]][,<lease time>]
 .TP
-.B \-F, --dhcp-range=[interface:<interface>,][tag:<tag>[,tag:<tag>],][set:<tag],]<start-IPv6addr>[,<end-IPv6addr>][,<mode>][,<prefix-len>][,<lease time>]
+.B \-F, --dhcp-range=[tag:<tag>[,tag:<tag>],][set:<tag],]<start-IPv6addr>[,<end-IPv6addr>][,<mode>][,<prefix-len>][,<lease time>]
 
 Enable the DHCP server. Addresses will be given out from the range
 <start-addr> to <end-addr> and from statically defined addresses given
@@ -624,8 +628,6 @@ can be combined  with
 and
 .B slaac.
 
-The interface:<interface name> section is not normally used. See the
-NOTES section for details of this.
 .TP
 .B \-G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
 Specify per host parameters for the DHCP server. This allows a machine
@@ -1369,12 +1371,11 @@ the relevant link-local address of the machine running dnsmasq is sent
 as recursive DNS server. If provided, the DHCPv6 options dns-server and
 domain-search are used for RDNSS and DNSSL.
 .TP
-.B --enable-tftp[=<interface>]
+.B --enable-tftp
 Enable the TFTP server function. This is deliberately limited to that
 needed to net-boot a client. Only reading is allowed; the tsize and
 blksize extensions are supported (tsize is only supported in octet
-mode). See NOTES section for use of the interface argument.
-
+mode). 
 .TP
 .B --tftp-root=<directory>[,<interface>]
 Look for files to transfer using TFTP relative to the given
@@ -1638,52 +1639,6 @@ parameter in a BOOTP request is used as a tag,
 as is the tag "bootp", allowing some control over the options returned to
 different classes of hosts.
 
-.B dhcp-range
-may have an interface name supplied as
-"interface:<interface-name>". The semantics if this are as follows:
-For DHCP, if any other dhcp-range exists _without_ an interface name,
-then the interface name is ignored and and dnsmasq behaves as if the
-interface parts did not exist, otherwise DHCP is only provided to 
-interfaces mentioned in dhcp-range
-declarations. For DNS, if there are no
-.B --interface
-or 
-.B --listen-address
-flags, behaviour is unchanged by the interface part. If either of
-these flags are present, the interfaces mentioned in
-dhcp-ranges are added to the set which get DNS service.
-
-Similarly, 
-.B enable-tftp
-may take an interface name, which enables TFTP only for a particular
-interface, ignoring 
-.B --interface 
-or
-.B --listen-address
-flags. In addition 
-.B --tftp-secure
-and
-.B --tftp-unique-root
-and
-.B --tftp-no-blocksize
-are ignored for requests from such interfaces. (A 
-.B --tftp-root
-directive giving a root path and an interface should be 
-provided too.)
-
-These rules may seem odd at first sight, but  they
-allow a single line  of the form "dhcp-range=interface:virt0,192.168.0.4,192.168.0.200"
-to be added to dnsmasq configuration which then supplies
-DHCP and DNS services to that interface, without affecting
-what services are supplied to other interfaces and irrespective of 
-the existance or lack of "interface=<interface>" 
-lines elsewhere in the dnsmasq configuration.
-"enable-tftp=virt0" and "tftp-root=<root>,virt0" do the same job for TFTP.
- The idea is
-that such a line can be added automatically by libvirt
-or equivalent systems, without disturbing any manual
-configuration.
-
 .SH EXIT CODES
 .PP
 0 - Dnsmasq successfully forked into the background, or terminated

man/fr/dnsmasq.8

@@ -232,6 +232,18 @@ autre serveur de nom (ou une autre instance de Dnsmasq) tourne sur la même
 machine. Utiliser cette option permet également d'avoir plusieurs instances de
 Dnsmasq fournissant un service DHCP sur la même machine.
 .TP
+.B --bind-dynamic
+Autorise un mode réseau intermédiaire entre
+.B --bind-interfaces
+et le mode par défaut. Dnsmasq s'associe à une seule interface, ce qui permet
+plusieurs instances de dnsmasq, mais si une interface ou adresse apparaissent,
+il se mettra automatiquement à écouter sur celles-ci (les règles de contrôle
+d'accès s'appliquent).
+De fait, les interfaces créées dynamiquement fonctionnent de la même façon que
+dans le comportement par défaut. Ce fonctionnement nécessite des APIs réseau
+non standard et n'est disponible que sous Linux. Sur les autres plateformes,
+le fonctionnement est celui du mode --bind-interfaces.
+.TP
 .B \-y, --localise-queries
 Retourne des réponses aux requêtes DNS dépendantes de l'interface sur laquelle
 la requête a été reçue, à partir du fichier /etc/hosts. Si un nom dans
@@ -532,9 +544,17 @@ Retourne un enregistrement de type NAPTR, tel que spécifié dans le RFC3403.
 Retourne un enregistrement de type CNAME qui indique que <cname> est en
 réalité <cible>. Il existe des contraintes significatives sur la valeur
 de cible; il doit s'agir d'un nom DNS qui est connu de dnsmasq via /etc/hosts
-(ou un fichier hôtes additionnel) ou via DHCP. Si une cible ne satisfait
-pas ces critères, le CNAME est ignoré. Le CNAME doit être unique, mais
-il est autorisé d'avoir plus d'un CNAME pointant vers la même cible.
+(ou un fichier hôtes additionnel), ou via DHCP, ou par un autre
+.B --cname.
+Si une cible ne satisfait pas ces critères, le CNAME est ignoré. Le CNAME
+doit être unique, mais il est autorisé d'avoir plus d'un CNAME pointant
+vers la même cible.
+.TP
+.B --dns-rr=<nom>,<numéro-RR>,[<données hexadécimales>]
+Retourne un enregistrement DNS arbitraire. Le numéro correspond au type
+d'enregistrement (qui est toujours de la classe C_IN). La valeur de
+l'enregistrement est donnée dans les données hexadécimales, qui peuvent
+être de la forme 01:23:45, 01 23 45,+012345 ou n'importe quelle combinaison.
 .TP
 .B --interface-name=<nom>,<interface>
 Définit un entregistrement DNS associant le nom avec l'adresse primaire sur
@@ -601,9 +621,9 @@ avec le support conntrack, le noyau doit également inclure conntrack et être
 configuré pour cela. Cette option ne peut pas être combinée avec
 --query-port.
 .TP
-.B \-F, --dhcp-range=[interface:<interface>,][tag:<label>[,tag:<label>],][set:<label>],]<adresse de début>[,<adresse de fin>][,<mode>][,<masque de réseau>[,<broadcast>]][,<durée de bail>]
+.B \-F, --dhcp-range=[tag:<label>[,tag:<label>],][set:<label>],]<adresse de début>[,<adresse de fin>][,<mode>][,<masque de réseau>[,<broadcast>]][,<durée de bail>]
 .TP
-.B \-F, --dhcp-range=[interface:<interface>,][tag:<label>[,tag:<label>],][set:<label>],]<addresse IPv6 de début>[,<adresse IPv6 de fin>][,<mode>][,<longueur de préfixe>][,<durée de bail>]
+.B \-F, --dhcp-range=[tag:<label>[,tag:<label>],][set:<label>],]<addresse IPv6 de début>[,<adresse IPv6 de fin>][,<mode>][,<longueur de préfixe>][,<durée de bail>]
 Active le serveur DHCP. Les adresses seront données dans la plage comprise entre
 <adresse de début> et <adresse de fin> et à partir des adresses définies
 statiquement dans l'option
@@ -705,8 +725,6 @@ peut-être combiné avec
 et
 .B slaac.
 
-La section interface:<nom d'interface> n'est normalement pas utilisée. Se
-référer aux indications de la section NOTES pour plus de détail à ce sujet.
 .TP
 .B \-G, --dhcp-host=[<adresse matérielle>][,id:<identifiant client>|*][,set:<label>][,<adresse IP>][,<nom d'hôte>][,<durée de bail>][,ignore]
 Spécifie les paramètres DHCP relatifs à un hôte. Cela permet à une machine
@@ -1517,12 +1535,11 @@ dnsmasq est spécifiée comme DNS récursif. Si elles sont fournies, les
 options dns-server et domain-search sont utilisées respectivement pour RDNSS et
 DNSSL.
 .TP
-.B --enable-tftp[=<interface>]
+.B --enable-tftp
 Active la fonction serveur TFTP. Celui-ci est de manière délibérée limité aux
 fonctions nécessaires au démarrage par le réseau ("net-boot") d'un client. Seul
 un accès en lecture est possible; les extensions tsize et blksize sont supportées
-(tsize est seulement supporté en mode octet). Voir dans la section NOTES les
-informations relatives à la spécification de l'interface.
+(tsize est seulement supporté en mode octet).
 .TP
 .B --tftp-root=<répertoire>[,<interface>]
 Les fichiers à fournir dans les transferts TFTP seront cherchés en prenant le
@@ -1560,6 +1577,13 @@ Sans cela, en effet, l'accès de tous les fichiers du serveur pour lequel le
 droit de lecture pour tout le monde est positionné ("world-readable") devient
 possible par n'importe quel hôte sur le réseau.
 .TP
+.B --tftp-lowercase
+Converti les noms de fichiers des requêtes TFTP en minuscules. Cela est utile
+pour les requêtes effectuées depuis les machines Windows, dont les systèmes
+de fichiers sont insensibles à la casse et pour lesquels la détermination
+de la casse est parfois un peu aléatoire. A noter que le serveur tftp de
+dnsmasq converti systématiquement les "\\" en "/" dans les noms de fichiers.
+.TP
 .B --tftp-max=<connexions>
 Définit le nombre maximum de connexions TFTP simultanées autorisées. La valeur
 par défaut est de 50. Lorsqu'un grand nombre de connexions TFTP est spécifié,
@@ -1823,51 +1847,6 @@ supprime la nécessité des associations statiques). Le paramètre
 que le label "bootp", permettant un certain contrôle sur les options retournées
 aux différentes classes d'hôtes.
 
-Il est possible de spécifier un nom d'interface à
-.B dhcp-range
-sous la forme "interface:<nom d'interface>". La sémantique est comme suit :
-Pour le DHCP, s'il existe une autre valeur de dhcp-range pour laquelle
-_aucun_ nom d'interface n'est donné, alors le nom d'interface est ignoré
-et dnsmasq se comporte comme si la partie spécifiant l'interface n'existait
-pas, sinon le service DHCP n'est fourni qu'aux interfaces mentionnées dans
-les déclarations dhcp-range. Pour le DNS, si il n'y a pas d'option
-.B --interface
-ou
-.B --listen-address
-, alors le comportement n'est pas impacté par la spécification d'interface. Si
-l'une ou l'autre de ces options est présente, alors les interfaces mentionnées
-dans les plages d'adresses dhcp-range sont rajoutées à la liste de celles
-où le service DNS est assuré.
-
-De manière similaire,
-.B enable-tftp
-peut prendre un nom d'interface, ce qui active le TFTP pour cette seule
-interface, en ignorant les options
-.B --interface 
-ou
-.B --listen-address
-De plus, 
-.B --tftp-secure
-, 
-.B --tftp-unique-root
-et
-.B --tftp-no-blocksize
-sont ignorées pour les requêtes sur de telles interfaces. (une directive
-.B --tftp-root
-donnant le chemin de la racine et une interface doit-être fournie).
-
-Ces règles peuvent paraître étrange à première vue, mais elles permettent
-d'ajouter à la configuration de dnsmasq des lignes de configuration de la
-forme "dhcp-range=interface:virt0,192.168.0.4,192.168.0.200" afin de fournir
-un service DHCP et DNS sur cette interface, sans pour autant affecter les
-services fournis sur d'autres interfaces, malgré l'absence de paramètres
-"interface=<interface>" sur les autres lignes de configuration.
-"enable-tftp=virt0" et "tftp-root=<root>,virt0" effectuent la même chose pour
-TFTP.
-L'idée de tout cela est de permettre l'addition de telles lignes
-automatiquement par libvirt ou un système équivalent, sans perturbation
-d'une configuration manuelle existant par ailleurs.
-
 .SH CODES DE SORTIE
 .PP
 0 - Dnsmasq s'est correctement lancé en tâche de fond, ou alors s'est

src/bpf.c

@@ -20,6 +20,7 @@
 #include <ifaddrs.h>
 
 #if defined(HAVE_BSD_NETWORK) && !defined(__APPLE__)
+#include <sys/param.h>
 #include <sys/sysctl.h>
 #include <net/route.h>
 #include <net/if_dl.h>

src/cache.c

@@ -243,7 +243,7 @@ static int is_outdated_cname_pointer(struct crec *crecp)
   /* NB. record may be reused as DS or DNSKEY, where uid is 
      overloaded for something completely different */
   if (crecp->addr.cname.cache && 
-      (crecp->addr.cname.cache->flags & (F_IPV4 | F_IPV6)) &&
+      (crecp->addr.cname.cache->flags & (F_IPV4 | F_IPV6 | F_CNAME)) &&
       crecp->addr.cname.uid == crecp->addr.cname.cache->uid)
     return 0;
   
@@ -645,13 +645,29 @@ struct crec *cache_find_by_addr(struct crec *crecp, struct all_addr *addr,
   return NULL;
 }
 
-
+static void add_hosts_cname(struct crec *target)
+{
+  struct crec *crec;
+  struct cname *a;
+  
+  for (a = daemon->cnames; a; a = a->next)
+    if (hostname_isequal(cache_get_name(target), a->target) &&
+	(crec = whine_malloc(sizeof(struct crec))))
+      {
+	crec->flags = F_FORWARD | F_IMMORTAL | F_NAMEP | F_HOSTS | F_CNAME;
+	crec->name.namep = a->alias;
+	crec->addr.cname.cache = target;
+	crec->addr.cname.uid = target->uid;
+	cache_hash(crec);
+	add_hosts_cname(crec); /* handle chains */
+      }
+}
+  
 static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrlen, 
 			    int index, struct crec **rhash, int hashsz)
 {
   struct crec *lookup = cache_find_by_name(NULL, cache_get_name(cache), 0, cache->flags & (F_IPV4 | F_IPV6));
   int i, nameexists = 0;
-  struct cname *a;
   unsigned int j; 
 
   /* Remove duplicates in hosts files. */
@@ -702,16 +718,7 @@ static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrl
   
   /* don't need to do alias stuff for second and subsequent addresses. */
   if (!nameexists)
-    for (a = daemon->cnames; a; a = a->next)
-      if (hostname_isequal(cache_get_name(cache), a->target) &&
-	  (lookup = whine_malloc(sizeof(struct crec))))
-	{
-	  lookup->flags = F_FORWARD | F_IMMORTAL | F_NAMEP | F_HOSTS | F_CNAME;
-	  lookup->name.namep = a->alias;
-	  lookup->addr.cname.cache = cache;
-	  lookup->addr.cname.uid = index;
-	  cache_hash(lookup);
-	}
+    add_hosts_cname(cache);
 }
 
 static int eatspace(FILE *f)
@@ -1003,13 +1010,41 @@ void cache_unhash_dhcp(void)
 	up = &cache->hash_next;
 }
 
+static void add_dhcp_cname(struct crec *target, time_t ttd)
+{
+  struct crec *aliasc;
+  struct cname *a;
+  
+  for (a = daemon->cnames; a; a = a->next)
+    if (hostname_isequal(cache_get_name(target), a->target))
+      {
+	if ((aliasc = dhcp_spare))
+	  dhcp_spare = dhcp_spare->next;
+	else /* need new one */
+	  aliasc = whine_malloc(sizeof(struct crec));
+	
+	if (aliasc)
+	  {
+	    aliasc->flags = F_FORWARD | F_NAMEP | F_DHCP | F_CNAME;
+	    if (ttd == 0)
+	      aliasc->flags |= F_IMMORTAL;
+	    else
+	      aliasc->ttd = ttd;
+	    aliasc->name.namep = a->alias;
+	    aliasc->addr.cname.cache = target;
+	    aliasc->addr.cname.uid = target->uid;
+	    cache_hash(aliasc);
+	    add_dhcp_cname(aliasc, ttd);
+	  }
+      }
+}
+
 void cache_add_dhcp_entry(char *host_name, int prot,
 			  struct all_addr *host_address, time_t ttd) 
 {
-  struct crec *crec = NULL, *aliasc;
+  struct crec *crec = NULL;
   unsigned short flags = F_IPV4;
   int in_hosts = 0;
-  struct cname *a;
   size_t addrlen = sizeof(struct in_addr);
 
 #ifdef HAVE_IPV6
@@ -1030,7 +1065,6 @@ void cache_add_dhcp_entry(char *host_name, int prot,
 	  
 	  inet_ntop(prot, host_address, daemon->addrbuff, ADDRSTRLEN);
 	  if (crec->flags & F_CNAME)
-	    
 	    my_syslog(MS_DHCP | LOG_WARNING, 
 		      _("%s is a CNAME, not giving it to the DHCP lease of %s"),
 		      host_name, daemon->addrbuff);
@@ -1083,27 +1117,7 @@ void cache_add_dhcp_entry(char *host_name, int prot,
       crec->uid = uid++;
       cache_hash(crec);
 
-      for (a = daemon->cnames; a; a = a->next)
-	if (hostname_isequal(host_name, a->target))
-	  {
-	    if ((aliasc = dhcp_spare))
-	      dhcp_spare = dhcp_spare->next;
-	    else /* need new one */
-	      aliasc = whine_malloc(sizeof(struct crec));
-	    
-	    if (aliasc)
-	      {
-		aliasc->flags = F_FORWARD | F_NAMEP | F_DHCP | F_CNAME;
-		if (ttd == 0)
-		  aliasc->flags |= F_IMMORTAL;
-		else
-		  aliasc->ttd = ttd;
-		aliasc->name.namep = a->alias;
-		aliasc->addr.cname.cache = crec;
-		aliasc->addr.cname.uid = crec->uid;
-		cache_hash(aliasc);
-	      }
-	  }
+      add_dhcp_cname(crec, ttd);
     }
 }
 #endif

src/config.h

@@ -33,7 +33,6 @@
 #define SMALLDNAME 40 /* most domain names are smaller than this */
 #define HOSTSFILE "/etc/hosts"
 #define ETHERSFILE "/etc/ethers"
-#define RUNFILE "/var/run/dnsmasq.pid"
 #define DEFLEASE 3600 /* default lease time, 1 hour */
 #define CHUSER "nobody"
 #define CHGRP "dip"
@@ -41,7 +40,7 @@
 #define LOG_MAX 5 /* log-queue length */
 #define RANDFILE "/dev/urandom"
 #define EDNS0_OPTION_MAC 5 /* dyndns.org temporary assignment */
-#define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" /* DBUS interface specifics */
+#define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" /* Default - may be overridden by config */
 #define DNSMASQ_PATH "/uk/org/thekelleys/dnsmasq"
 
 /* compile-time options: uncomment below to enable or do eg.
@@ -158,7 +157,13 @@ RESOLVFILE
 #   endif
 #endif
 
-
+#ifndef RUNFILE
+#   if defined(__ANDROID__)
+#      define RUNFILE "/data/dnsmasq.pid"
+#    else
+#      define RUNFILE "/var/run/dnsmasq.pid"
+#    endif
+#endif
 
 /* platform dependent options: these are determined automatically below
 

src/dbus.c

@@ -20,7 +20,7 @@
 
 #include <dbus/dbus.h>
 
-const char* introspection_xml =
+const char* introspection_xml_template =
 "<!DOCTYPE node PUBLIC \"-//freedesktop//DTD D-BUS Object Introspection 1.0//EN\"\n"
 "\"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd\">\n"
 "<node name=\"" DNSMASQ_PATH "\">\n"
@@ -29,7 +29,7 @@ const char* introspection_xml =
 "      <arg name=\"data\" direction=\"out\" type=\"s\"/>\n"
 "    </method>\n"
 "  </interface>\n"
-"  <interface name=\"" DNSMASQ_SERVICE "\">\n"
+"  <interface name=\"%s\">\n"
 "    <method name=\"ClearCache\">\n"
 "    </method>\n"
 "    <method name=\"GetVersion\">\n"
@@ -56,6 +56,8 @@ const char* introspection_xml =
 "  </interface>\n"
 "</node>\n";
 
+static char *introspection_xml = NULL;
+
 struct watch {
   DBusWatch *watch;      
   struct watch *next;
@@ -266,11 +268,21 @@ DBusHandlerResult message_handler(DBusConnection *connection,
    
   if (dbus_message_is_method_call(message, DBUS_INTERFACE_INTROSPECTABLE, "Introspect"))
     {
-      DBusMessage *reply = dbus_message_new_method_return(message);
+      DBusMessage *reply;
 
-      dbus_message_append_args(reply, DBUS_TYPE_STRING, &introspection_xml, DBUS_TYPE_INVALID);
-      dbus_connection_send (connection, reply, NULL);
-      dbus_message_unref (reply);
+      /* string length: "%s" provides space for termination zero */
+      if (!introspection_xml && 
+	  (introspection_xml = whine_malloc(strlen(introspection_xml_template) + strlen(daemon->dbus_name))))
+	sprintf(introspection_xml, introspection_xml_template, daemon->dbus_name);
+    
+      if (introspection_xml)
+	{
+	  reply = dbus_message_new_method_return(message);
+	  
+	  dbus_message_append_args(reply, DBUS_TYPE_STRING, &introspection_xml, DBUS_TYPE_INVALID);
+	  dbus_connection_send (connection, reply, NULL);
+	  dbus_message_unref (reply);
+	}
     }
   else if (strcmp(method, "GetVersion") == 0)
     {
@@ -315,7 +327,7 @@ char *dbus_init(void)
   dbus_connection_set_watch_functions(connection, add_watch, remove_watch, 
 				      NULL, NULL, NULL);
   dbus_error_init (&dbus_error);
-  dbus_bus_request_name (connection, DNSMASQ_SERVICE, 0, &dbus_error);
+  dbus_bus_request_name (connection, daemon->dbus_name, 0, &dbus_error);
   if (dbus_error_is_set (&dbus_error))
     return (char *)dbus_error.message;
   
@@ -325,7 +337,7 @@ char *dbus_init(void)
   
   daemon->dbus = connection; 
   
-  if ((message = dbus_message_new_signal(DNSMASQ_PATH, DNSMASQ_SERVICE, "Up")))
+  if ((message = dbus_message_new_signal(DNSMASQ_PATH, daemon->dbus_name, "Up")))
     {
       dbus_connection_send(connection, message, NULL);
       dbus_message_unref(message);
@@ -430,7 +442,7 @@ void emit_dbus_signal(int action, struct dhcp_lease *lease, char *hostname)
   else
     return;
 
-  if (!(message = dbus_message_new_signal(DNSMASQ_PATH, DNSMASQ_SERVICE, action_str)))
+  if (!(message = dbus_message_new_signal(DNSMASQ_PATH, daemon->dbus_name, action_str)))
     return;
   
   dbus_message_iter_init_append(message, &args);

src/dhcp-common.c

@@ -246,40 +246,6 @@ int match_bytes(struct dhcp_opt *o, unsigned char *p, int len)
   return 0;
 }
 
-void check_dhcp_hosts(int fatal)
-{
-  /* If the same IP appears in more than one host config, then DISCOVER
-     for one of the hosts will get the address, but REQUEST will be NAKed,
-     since the address is reserved by the other one -> protocol loop. 
-     Also check that FQDNs match the domain we are using. */
-  
-  struct dhcp_config *configs, *cp;
- 
-  for (configs = daemon->dhcp_conf; configs; configs = configs->next)
-    {
-      char *domain;
-
-      if ((configs->flags & DHOPT_BANK) || fatal)
-       {
-	 for (cp = configs->next; cp; cp = cp->next)
-	   if ((configs->flags & cp->flags & CONFIG_ADDR) && configs->addr.s_addr == cp->addr.s_addr)
-	     {
-	       if (fatal)
-		 die(_("duplicate IP address %s in dhcp-config directive."), 
-		     inet_ntoa(cp->addr), EC_BADCONF);
-	       else
-		 my_syslog(MS_DHCP | LOG_ERR, _("duplicate IP address %s in %s."), 
-			   inet_ntoa(cp->addr), daemon->dhcp_hosts_file);
-	       configs->flags &= ~CONFIG_ADDR;
-	     }
-	 
-	 /* split off domain part */
-	 if ((configs->flags & CONFIG_NAME) && (domain = strip_hostname(configs->hostname)))
-	   configs->domain = domain;
-       }
-    }
-}
-
 void dhcp_update_configs(struct dhcp_config *configs)
 {
   /* Some people like to keep all static IP addresses in /etc/hosts.
@@ -372,7 +338,6 @@ static int join_multicast_worker(struct in6_addr *local, int prefix,
   char ifrn_name[IFNAMSIZ];
   struct ipv6_mreq mreq;
   int fd, i, max = *((int *)vparam);
-  struct dhcp_context *context;
   struct iname *tmp;
 
   (void)prefix;
@@ -406,15 +371,6 @@ static int join_multicast_worker(struct in6_addr *local, int prefix,
     if (tmp->name && (strcmp(tmp->name, ifrn_name) == 0))
       return 1;
 
-  /* weird libvirt-inspired access control */
-  for (context = daemon->ra_contexts ? daemon->ra_contexts : daemon->dhcp6; 
-       context; context = context->next)
-    if (!context->interface || strcmp(context->interface, ifrn_name) == 0)
-      break;
-  
-  if (!context)
-    return 1;
-  
   mreq.ipv6mr_interface = if_index;
   
   inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
@@ -531,15 +487,15 @@ static const struct opttab_t {
   { "x-windows-fs", 48, OT_ADDR_LIST },
   { "x-windows-dm", 49, OT_ADDR_LIST },
   { "requested-address", 50, OT_INTERNAL | OT_ADDR_LIST },
-  { "lease-time", 51, OT_INTERNAL | OT_DEC },
+  { "lease-time", 51, OT_INTERNAL | OT_TIME },
   { "option-overload", 52, OT_INTERNAL },
   { "message-type", 53, OT_INTERNAL | OT_DEC },
   { "server-identifier", 54, OT_INTERNAL | OT_ADDR_LIST },
   { "parameter-request", 55, OT_INTERNAL },
   { "message", 56, OT_INTERNAL },
   { "max-message-size", 57, OT_INTERNAL },
-  { "T1", 58, OT_INTERNAL | OT_DEC},
-  { "T2", 59, OT_INTERNAL | OT_DEC},
+  { "T1", 58, OT_INTERNAL | OT_TIME},
+  { "T2", 59, OT_INTERNAL | OT_TIME},
   { "vendor-class", 60, 0 },
   { "client-id", 61, OT_INTERNAL },
   { "nis+-domain", 64, OT_NAME },
@@ -590,6 +546,7 @@ static const struct opttab_t opttab6[] = {
   { "nis-domain", 29,  OT_RFC1035_NAME },
   { "nis+-domain", 30, OT_RFC1035_NAME },
   { "sntp-server", 31,  OT_ADDR_LIST },
+  { "information-refresh-time", 32, OT_TIME },
   { "FQDN", 39, OT_INTERNAL | OT_RFC1035_NAME },
   { "ntp-server", 56,  OT_ADDR_LIST },
   { "bootfile-url", 59, OT_NAME },
@@ -754,14 +711,17 @@ char *option_string(int prot, unsigned int opt, unsigned char *val, int opt_len,
 		  }
 	      }	      
 #endif
-	    else if ((ot[o].size & OT_DEC) && opt_len != 0)
+	    else if ((ot[o].size & (OT_DEC | OT_TIME)) && opt_len != 0)
 	      {
 		unsigned int dec = 0;
 		
 		for (i = 0; i < opt_len; i++)
 		  dec = (dec << 8) | val[i]; 
 
-		sprintf(buf, "%u", dec);
+		if (ot[o].size & OT_TIME)
+		  prettyprint_time(buf, dec);
+		else
+		  sprintf(buf, "%u", dec);
 	      }
 	    else
 	      nodecode = 1;

src/dhcp.c

@@ -116,9 +116,7 @@ void dhcp_init(void)
   
   /* Make BPF raw send socket */
   init_bpf();
-#endif
-  
-  check_dhcp_hosts(1);
+#endif  
 }
 
 void dhcp_packet(time_t now, int pxe_fd)
@@ -257,14 +255,6 @@ void dhcp_packet(time_t now, int pxe_fd)
     if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
       return;
   
-  /* weird libvirt-inspired access control */
-  for (context = daemon->dhcp; context; context = context->next)
-    if (!context->interface || strcmp(context->interface, ifr.ifr_name) == 0)
-      break;
-
-  if (!context)
-    return;
-
   /* unlinked contexts are marked by context->current == context */
   for (context = daemon->dhcp; context; context = context->next)
     context->current = context;
@@ -277,7 +267,7 @@ void dhcp_packet(time_t now, int pxe_fd)
       /* If we failed to match the primary address of the interface, see if we've got a --listen-address
 	 for a secondary */
       struct match_param match;
-
+      
       match.matched = 0;
       match.ind = iface_index;
       

src/dhcp6.c

@@ -111,14 +111,6 @@ void dhcp6_packet(time_t now)
     if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
       return;
  
-  /* weird libvirt-inspired access control */
-  for (context = daemon->dhcp6; context; context = context->next)
-    if (!context->interface || strcmp(context->interface, ifr.ifr_name) == 0)
-      break;
-  
-  if (!context)
-    return;
-
   /* unlinked contexts are marked by context->current == context */
   for (context = daemon->dhcp6; context; context = context->next)
     {

src/dnsmasq.c

@@ -120,12 +120,12 @@ int main (int argc, char **argv)
     {
       bind_fallback = 1;
       set_option_bool(OPT_NOWILD);
-      reset_option_bool(OPT_CLVERBIND);
+      reset_option_bool(OPT_CLEVERBIND);
     }
 #endif
   
 #ifndef HAVE_TFTP
-  if (daemon->tftp_unlimited || daemon->tftp_interfaces)
+  if (option_bool(OPT_TFTP))
     die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
 #endif
 
@@ -512,7 +512,7 @@ int main (int argc, char **argv)
 #endif
 
 #ifdef HAVE_TFTP
-  if (daemon->tftp_unlimited || daemon->tftp_interfaces)
+      if (option_bool(OPT_TFTP))
     {
       DIR *dir;
       struct tftp_prefix *p;
@@ -668,7 +668,7 @@ int main (int argc, char **argv)
 
 
 #ifdef HAVE_TFTP
-  if (daemon->tftp_unlimited || daemon->tftp_interfaces)
+	if (option_bool(OPT_TFTP))
     {
 #ifdef FD_SETSIZE
       if (FD_SETSIZE < (unsigned)max_fd)
@@ -1243,7 +1243,6 @@ void clear_cache_and_reload(time_t now)
 	dhcp_read_ethers();
       reread_dhcp();
       dhcp_update_configs(daemon->dhcp_conf);
-      check_dhcp_hosts(0);
       lease_update_from_configs(); 
       lease_update_file(now); 
       lease_update_dns(1);

src/dnsmasq.h

@@ -220,7 +220,8 @@ struct event_desc {
 #define OPT_RA             37
 #define OPT_TFTP_LC        38
 #define OPT_CLEVERBIND     39
-#define OPT_LAST           40
+#define OPT_TFTP           40
+#define OPT_LAST           41
 
 /* extra flags for my_syslog, we use a couple of facilities since they are known 
    not to occupy the same bits as priorities, no matter how syslog.h is set up. */
@@ -474,7 +475,7 @@ struct frec {
 #define OT_NAME         0x1000
 #define OT_CSTRING      0x0800
 #define OT_DEC          0x0400 
-
+#define OT_TIME         0x0200
 
 /* actions in the daemon->helper RPC */
 #define ACTION_DEL           1
@@ -664,7 +665,6 @@ struct dhcp_context {
   time_t ra_time;
 #endif
   int flags;
-  char *interface;
   struct dhcp_netid netid, *filter;
   struct dhcp_context *next, *current;
 };
@@ -712,11 +712,6 @@ struct addr_list {
   struct addr_list *next;
 };
 
-struct interface_list {
-  char *interface;
-  struct interface_list *next;
-};
-
 struct tftp_prefix {
   char *interface;
   char *prefix;
@@ -780,10 +775,9 @@ extern struct daemon {
   unsigned short edns_pktsz;
   char *tftp_prefix; 
   struct tftp_prefix *if_prefix; /* per-interface TFTP prefixes */
-  struct interface_list *tftp_interfaces; /* interfaces for limited TFTP service */
-  int tftp_unlimited;
   unsigned int duid_enterprise, duid_config_len;
   unsigned char *duid_config;
+  char *dbus_name;
 
   /* globally used stuff for DNS */
   char *packet; /* packet buffer */
@@ -1130,7 +1124,6 @@ char *strip_hostname(char *hostname);
 void log_tags(struct dhcp_netid *netid, u32 xid);
 int match_bytes(struct dhcp_opt *o, unsigned char *p, int len);
 void dhcp_update_configs(struct dhcp_config *configs);
-void check_dhcp_hosts(int fatal);
 void display_opts(void);
 u16 lookup_dhcp_opt(int prot, char *name);
 u16 lookup_dhcp_len(int prot, u16 val);

src/netlink.c

@@ -39,7 +39,6 @@ static struct iovec iov;
 static u32 netlink_pid;
 
 static int nl_async(struct nlmsghdr *h);
-static void nl_routechange(struct nlmsghdr *h);
 
 void netlink_init(void)
 {
@@ -342,59 +341,54 @@ static int nl_async(struct nlmsghdr *h)
     }
   else if (h->nlmsg_pid == 0 && h->nlmsg_type == RTM_NEWROUTE) 
     {
-      nl_routechange(h);
+      /* We arrange to receive netlink multicast messages whenever the network route is added.
+	 If this happens and we still have a DNS packet in the buffer, we re-send it.
+	 This helps on DoD links, where frequently the packet which triggers dialling is
+	 a DNS query, which then gets lost. By re-sending, we can avoid the lookup
+	 failing. */ 
+      struct rtmsg *rtm = NLMSG_DATA(h);
+      
+      if (rtm->rtm_type == RTN_UNICAST && rtm->rtm_scope == RT_SCOPE_LINK)
+	{
+  	  /* Force re-reading resolv file right now, for luck. */
+	  daemon->last_resolv = 0;
+	  
+	  if (daemon->srv_save)
+	    {
+	      int fd;
+
+	      if (daemon->srv_save->sfd)
+		fd = daemon->srv_save->sfd->fd;
+	      else if (daemon->rfd_save && daemon->rfd_save->refcount != 0)
+		fd = daemon->rfd_save->fd;
+	      else
+		return 0;
+	      
+	      while(sendto(fd, daemon->packet, daemon->packet_len, 0,
+			   &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
+	    }
+	}
       return 0;
     }
-  else if (h->nlmsg_type == RTM_NEWADDR) 
-	{
 #ifdef HAVE_DHCP6
-	  /* force RAs to sync new network and pick up new interfaces.  */
-	  if (daemon->ra_contexts)
-	    {
-	      schedule_subnet_map();
-	      ra_start_unsolicted(dnsmasq_time(), NULL);
-	      /* cause lease_update_file to run after we return, in case we were called from
-		 iface_enumerate and can't re-enter it now */
-	      send_alarm(0, 0);
-	    }
-	  return 1; /* clever bind mode - rescan */
+  else if (h->nlmsg_type == RTM_NEWADDR) 
+    {
+      /* force RAs to sync new network and pick up new interfaces.  */
+      if (daemon->ra_contexts)
+	{
+	  schedule_subnet_map();
+	  ra_start_unsolicted(dnsmasq_time(), NULL);
+	  /* cause lease_update_file to run after we return, in case we were called from
+	     iface_enumerate and can't re-enter it now */
+	  send_alarm(0, 0);
 	}
+      return 1; /* clever bind mode - rescan */
+    }
 #endif	 
-
+  
   return 0;
 }
   
-/* We arrange to receive netlink multicast messages whenever the network route is added.
-   If this happens and we still have a DNS packet in the buffer, we re-send it.
-   This helps on DoD links, where frequently the packet which triggers dialling is
-   a DNS query, which then gets lost. By re-sending, we can avoid the lookup
-   failing. */ 
-static void nl_routechange(struct nlmsghdr *h)
-{
-  struct rtmsg *rtm = NLMSG_DATA(h);
-  int fd;
-  
-  if (rtm->rtm_type != RTN_UNICAST || rtm->rtm_scope != RT_SCOPE_LINK)
-    return;
-  
-  /* Force re-reading resolv file right now, for luck. */
-  daemon->last_resolv = 0;
-  
-  if (daemon->srv_save)
-    {
-      if (daemon->srv_save->sfd)
-	fd = daemon->srv_save->sfd->fd;
-      else if (daemon->rfd_save && daemon->rfd_save->refcount != 0)
-	fd = daemon->rfd_save->fd;
-      else
-	return;
-      
-      while(sendto(fd, daemon->packet, daemon->packet_len, 0,
-		   &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
-    }
-}
-
-
 #endif
 
       

src/network.c

@@ -117,18 +117,8 @@ int iface_check(int family, struct all_addr *addr, char *name)
   
   if (daemon->if_names || daemon->if_addrs)
     {
-#ifdef HAVE_DHCP
-      struct dhcp_context *range;
-#endif
-
       ret = 0;
 
-#ifdef HAVE_DHCP
-      for (range = daemon->dhcp; range; range = range->next)
-	if (range->interface && strcmp(range->interface, name) == 0)
-	  ret = 1;
-#endif
-
       for (tmp = daemon->if_names; tmp; tmp = tmp->next)
 	if (tmp->name && (strcmp(tmp->name, name) == 0))
 	  ret = tmp->used = 1;
@@ -161,12 +151,11 @@ static int iface_allowed(struct irec **irecp, int if_index,
   struct irec *iface;
   int fd, mtu = 0, loopback;
   struct ifreq ifr;
-  int tftp_ok = daemon->tftp_unlimited;
+  int tftp_ok = !!option_bool(OPT_TFTP);
   int dhcp_ok = 1;
 #ifdef HAVE_DHCP
   struct iname *tmp;
 #endif
-  struct interface_list *ir = NULL;
 
   /* check whether the interface IP has been added already 
      we call this routine multiple times. */
@@ -220,37 +209,25 @@ static int iface_allowed(struct irec **irecp, int if_index,
 	}
     }
   
-#ifdef HAVE_TFTP
-  /* implement wierd TFTP service rules */
-  for (ir = daemon->tftp_interfaces; ir; ir = ir->next)
-    if (strcmp(ir->interface, ifr.ifr_name) == 0)
+  if (addr->sa.sa_family == AF_INET &&
+      !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, ifr.ifr_name))
+    return 1;
+  
+#ifdef HAVE_DHCP
+  for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
+    if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
       {
-	tftp_ok = 1;
-	break;
+	tftp_ok = 0;
+	dhcp_ok = 0;
       }
 #endif
   
-  if (!ir)
-    {
-      if (addr->sa.sa_family == AF_INET &&
-	  !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, ifr.ifr_name))
-	return 1;
-      
-#ifdef HAVE_DHCP
-      for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
-	if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
-	  {
-	    tftp_ok = 0;
-	    dhcp_ok = 0;
-	  }
-#endif
-      
 #ifdef HAVE_IPV6
-      if (addr->sa.sa_family == AF_INET6 &&
-	  !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, ifr.ifr_name))
-	return 1;
+  if (addr->sa.sa_family == AF_INET6 &&
+      !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, ifr.ifr_name))
+    return 1;
 #endif
-    }
+  
 
   /* add to list */
   if ((iface = whine_malloc(sizeof(struct irec))))
@@ -361,13 +338,22 @@ static int make_sock(union mysockaddr *addr, int type, int dienow)
 	sprintf(daemon->addrbuff, "port %d", port);
       s = _("failed to create listening socket for %s: %s");
       
-      if (dienow)
-	die(s, daemon->addrbuff, EC_BADNET);
+      if (fd != -1)
+	close (fd);
+      
+      if (dienow)
+	{
+	  /* failure to bind addresses given by --listen-address at this point
+	     is OK if we're doing bind-dynamic */
+	  if (!option_bool(OPT_CLEVERBIND))
+	    die(s, daemon->addrbuff, EC_BADNET);
+	}
+      else
+	my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
       
-      my_syslog(LOG_ERR, s, daemon->addrbuff, strerror(errno));
       return -1;
     }	
-
+  
   if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd))
     goto err;
   
@@ -485,8 +471,7 @@ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, in
 void create_wildcard_listeners(void)
 {
   union mysockaddr addr;
-  struct listener *l;
-  int tftp_enabled = daemon->tftp_unlimited || daemon->tftp_interfaces; 
+  struct listener *l, *l6;
 
   memset(&addr, 0, sizeof(addr));
 #ifdef HAVE_SOCKADDR_SA_LEN
@@ -496,7 +481,7 @@ void create_wildcard_listeners(void)
   addr.in.sin_addr.s_addr = INADDR_ANY;
   addr.in.sin_port = htons(daemon->port);
 
-  l = create_listeners(&addr, tftp_enabled, 1);
+  l = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
 
 #ifdef HAVE_IPV6
   memset(&addr, 0, sizeof(addr));
@@ -506,11 +491,12 @@ void create_wildcard_listeners(void)
   addr.in6.sin6_family = AF_INET6;
   addr.in6.sin6_addr = in6addr_any;
   addr.in6.sin6_port = htons(daemon->port);
-  
+ 
+  l6 = create_listeners(&addr, !!option_bool(OPT_TFTP), 1);
   if (l) 
-    l->next = create_listeners(&addr, tftp_enabled, 1);
+    l->next = l6;
   else 
-    l = create_listeners(&addr, tftp_enabled, 1);
+    l = l6;
 #endif
 
   daemon->listeners = l;
@@ -536,7 +522,8 @@ void create_bound_listeners(int dienow)
      no interface with a matching address. These may be valid: eg it's possible
      to listen on 127.0.1.1 even if the loopback interface is 127.0.0.1
 
-     If the address isn't valid the bind() will fail and we'll die().
+     If the address isn't valid the bind() will fail and we'll die() 
+     (except in bind-dynamic mode, when we'll complain but keep trying.)
 
      The resulting listeners have the ->iface field NULL, and this has to be
      handled by the DNS and TFTP code. It disables --localise-queries processing
@@ -544,7 +531,7 @@ void create_bound_listeners(int dienow)
 
   for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
     if (!if_tmp->used && 
-	(new = create_listeners(&if_tmp->addr, daemon->tftp_unlimited, dienow)))
+	(new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow)))
       {
 	new->iface = NULL;
 	new->next = daemon->listeners;

src/radv.c

@@ -119,7 +119,6 @@ void icmp6_packet(void)
   struct sockaddr_in6 from;
   unsigned char *packet;
   struct iname *tmp;
-  struct dhcp_context *context;
 
   /* Note: use outpacket for input buffer */
   msg.msg_control = control_u.control6;
@@ -157,15 +156,9 @@ void icmp6_packet(void)
     if (tmp->name && (strcmp(tmp->name, interface) == 0))
       return;
  
-  /* weird libvirt-inspired access control */
-  for (context = daemon->ra_contexts ? daemon->ra_contexts : daemon->dhcp6; 
-       context; context = context->next)
-    if (!context->interface || strcmp(context->interface, interface) == 0)
-      break;
-  
-  if (!context || packet[1] != 0)
+  if (packet[1] != 0)
     return;
-
+  
   if (packet[0] == ICMP6_ECHO_REPLY)
     lease_ping_reply(&from.sin6_addr, packet, interface); 
   else if (packet[0] == ND_ROUTER_SOLICIT)
@@ -419,8 +412,8 @@ static int add_prefixes(struct in6_addr *local,  int prefix,
 		  opt->type = ICMP6_OPT_PREFIX;
 		  opt->len = 4;
 		  opt->prefix_len = prefix;
-		  /* autonomous only if we're not doing dhcp */
-		  opt->flags = do_slaac ? 0x40 : 0x00;
+		  /* autonomous only if we're not doing dhcp, always set "on-link" */
+		  opt->flags = do_slaac ? 0xC0 : 0x80;
 		  opt->valid_lifetime = htonl(time);
 		  opt->preferred_lifetime = htonl(deprecate ? 0 : time);
 		  opt->reserved = 0; 

src/tftp.c

@@ -18,7 +18,7 @@
 
 #ifdef HAVE_TFTP
 
-static struct tftp_file *check_tftp_fileperm(ssize_t *len, char *prefix, int special);
+static struct tftp_file *check_tftp_fileperm(ssize_t *len, char *prefix);
 static void free_transfer(struct tftp_transfer *transfer);
 static ssize_t tftp_err(int err, char *packet, char *mess, char *file);
 static ssize_t tftp_err_oops(char *packet, char *file);
@@ -48,7 +48,7 @@ void tftp_request(struct listener *listen, time_t now)
   struct msghdr msg;
   struct iovec iov;
   struct ifreq ifr;
-  int is_err = 1, if_index = 0, mtu = 0, special = 0;
+  int is_err = 1, if_index = 0, mtu = 0;
 #ifdef HAVE_DHCP
   struct iname *tmp;
 #endif
@@ -61,7 +61,6 @@ void tftp_request(struct listener *listen, time_t now)
   char *name = NULL;
   char *prefix = daemon->tftp_prefix;
   struct tftp_prefix *pref;
-  struct interface_list *ir;
 
   union {
     struct cmsghdr align; /* this ensures alignment */
@@ -114,8 +113,6 @@ void tftp_request(struct listener *listen, time_t now)
   else
     {
       struct cmsghdr *cmptr;
-      int check;
-      struct interface_list *ir;
 
       if (msg.msg_controllen < sizeof(struct cmsghdr))
         return;
@@ -195,29 +192,22 @@ void tftp_request(struct listener *listen, time_t now)
 
 #ifdef HAVE_IPV6
       if (listen->family == AF_INET6)
-	check = iface_check(AF_INET6, (struct all_addr *)&addr.in6.sin6_addr, name);
+	{
+	  if (!iface_check(AF_INET6, (struct all_addr *)&addr.in6.sin6_addr, name))
+	    return;
+	}
       else
 #endif
-        check = iface_check(AF_INET, (struct all_addr *)&addr.in.sin_addr, name);
+        if (!iface_check(AF_INET, (struct all_addr *)&addr.in.sin_addr, name))
+	  return;
 
-      /* wierd TFTP service override */
-      for (ir = daemon->tftp_interfaces; ir; ir = ir->next)
-	if (strcmp(ir->interface, name) == 0)
-	  break;
-       
-      if (!ir)
-	{
-	  if (!daemon->tftp_unlimited || !check)
-	    return;
-	  
 #ifdef HAVE_DHCP      
-	  /* allowed interfaces are the same as for DHCP */
-	  for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
-	    if (tmp->name && (strcmp(tmp->name, name) == 0))
-	      return;
+      /* allowed interfaces are the same as for DHCP */
+      for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
+	if (tmp->name && (strcmp(tmp->name, name) == 0))
+	  return;
 #endif
-	}
-
+      
       strncpy(ifr.ifr_name, name, IF_NAMESIZE);
       if (ioctl(listen->tftpfd, SIOCGIFMTU, &ifr) != -1)
 	mtu = ifr.ifr_mtu;      
@@ -228,12 +218,7 @@ void tftp_request(struct listener *listen, time_t now)
       /* check for per-interface prefix */ 
       for (pref = daemon->if_prefix; pref; pref = pref->next)
 	if (strcmp(pref->interface, name) == 0)
-	  prefix = pref->prefix;
-      
-      /* wierd TFTP interfaces disable special options. */
-      for (ir = daemon->tftp_interfaces; ir; ir = ir->next)
-	if (strcmp(ir->interface, name) == 0)
-	  special = 1;
+	  prefix = pref->prefix;  
     }
 
   if (listen->family == AF_INET)
@@ -325,8 +310,7 @@ void tftp_request(struct listener *listen, time_t now)
 	{
 	  if (strcasecmp(opt, "blksize") == 0)
 	    {
-	      if ((opt = next(&p, end)) &&
-		  (special || !option_bool(OPT_TFTP_NOBLOCK)))
+	      if ((opt = next(&p, end)) && !option_bool(OPT_TFTP_NOBLOCK))
 		{
 		  transfer->blocksize = atoi(opt);
 		  if (transfer->blocksize < 1)
@@ -363,7 +347,7 @@ void tftp_request(struct listener *listen, time_t now)
 	  if (prefix[strlen(prefix)-1] != '/')
 	    strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff));
 
-	  if (!special && option_bool(OPT_TFTP_APREF))
+	  if (option_bool(OPT_TFTP_APREF))
 	    {
 	      size_t oldlen = strlen(daemon->namebuff);
 	      struct stat statbuf;
@@ -390,7 +374,7 @@ void tftp_request(struct listener *listen, time_t now)
       strncat(daemon->namebuff, filename, (MAXDNAME-1) - strlen(daemon->namebuff));
 
       /* check permissions and open file */
-      if ((transfer->file = check_tftp_fileperm(&len, prefix, special)))
+      if ((transfer->file = check_tftp_fileperm(&len, prefix)))
 	{
 	  if ((len = get_block(packet, transfer)) == -1)
 	    len = tftp_err_oops(packet, daemon->namebuff);
@@ -411,7 +395,7 @@ void tftp_request(struct listener *listen, time_t now)
     }
 }
  
-static struct tftp_file *check_tftp_fileperm(ssize_t *len, char *prefix, int special)
+static struct tftp_file *check_tftp_fileperm(ssize_t *len, char *prefix)
 {
   char *packet = daemon->packet, *namebuff = daemon->namebuff;
   struct tftp_file *file;
@@ -448,7 +432,7 @@ static struct tftp_file *check_tftp_fileperm(ssize_t *len, char *prefix, int spe
 	goto perm;
     }
   /* in secure mode, must be owned by user running dnsmasq */
-  else if (!special && option_bool(OPT_TFTP_SECURE) && uid != statbuf.st_uid)
+  else if (option_bool(OPT_TFTP_SECURE) && uid != statbuf.st_uid)
     goto perm;
       
   /* If we're doing many tranfers from the same file, only