Handle IPv4 interface-address labels in Linux.

This makes RA the same as DHCP4/6

CHANGELOG

@@ -18,6 +18,18 @@ version 2.67
 
 	    Add --synth-domain. Thanks to Vishvananda Ishaya for
 	    suggesting this.
+
+	    Fix failure to compile ipset.c if old kernel headers are
+	    in use. Thanks to Eugene Rudoy for pointing this out.
+
+	    Handle IPv4 interface-address labels in Linux. These are
+	    often used to emulate the old IP-alias addresses. Before,
+	    using --interface=eth0 would service all the addresses of
+	    eth0, including ones configured as aliases, which appear
+	    in ifconfig as eth0:0. Now, only addresses with the label
+	    eth0 are active. This is not backwards compatible: if you
+	    want to continue to bind the aliases too, you need to add
+	    eg. --interface=eth0:0 to the config. 
 	
 
 version 2.66

man/dnsmasq.8

@@ -519,17 +519,18 @@ the name. More than one name may be associated with an interface
 address by repeating the flag; in that case the first instance is used
 for the reverse address-to-name mapping.
 .TP
-.B --synth-domain=<domain>,<address range>
+.B --synth-domain=<domain>,<address range>[,<prefix>]
 Create artificial A/AAAA and PTR records for an address range. The
 records use the address, with periods (or colons for IPv6) replaced
 with dashes.
 
 An example should make this clearer.
-.B --synth-domain=thekelleys.org.uk,192.168.0.0/24 
-will result in a query for 192-168-0-56.thekelleys.org.uk returning
-192.168.0.56 and a reverse query vice versa. The same applies to IPv6, but IPv6 addresses may start with '::'
-but DNS labels may not start with '-' so in this case a zero is added
-in front of the label. ::1 becomes 0--1.
+.B --synth-domain=thekelleys.org.uk,192.168.0.0/24,internal-
+will result in a query for internal-192-168-0-56.thekelleys.org.uk returning
+192.168.0.56 and a reverse query vice versa. The same applies to IPv6,
+but IPv6 addresses may start with '::'
+but DNS labels may not start with '-' so in this case if no prefix is
+configured a zero is added in front of the label. ::1 becomes 0--1.
 
 The address range can be of the form
 <ip address>,<ip address> or <ip address>/<netmask>

src/bpf.c

@@ -123,7 +123,7 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 		broadcast = ((struct sockaddr_in *) addrs->ifa_broadaddr)->sin_addr; 
 	      else 
 		broadcast.s_addr = 0;	      
-	      if (!((*callback)(addr, iface_index, netmask, broadcast, parm)))
+	      if (!((*callback)(addr, iface_index, NULL, netmask, broadcast, parm)))
 		goto err;
 	    }
 #ifdef HAVE_IPV6

src/config.h

@@ -279,12 +279,12 @@ HAVE_SOCKADDR_SA_LEN
 #if defined(INET6_ADDRSTRLEN) && defined(IPV6_V6ONLY)
 #  define HAVE_IPV6
 #  define ADDRSTRLEN INET6_ADDRSTRLEN
-#elif defined(INET_ADDRSTRLEN)
+#else
+#  if !defined(INET_ADDRSTRLEN)
+#      define INET_ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */
+#  endif
 #  undef HAVE_IPV6
 #  define ADDRSTRLEN INET_ADDRSTRLEN
-#else
-#  undef HAVE_IPV6
-#  define ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */
 #endif
 
 

src/dhcp.c

@@ -28,9 +28,9 @@ struct match_param {
   struct in_addr netmask, broadcast, addr;
 };
 
-static int complete_context(struct in_addr local, int if_index, 
+static int complete_context(struct in_addr local, int if_index, char *label,
 			    struct in_addr netmask, struct in_addr broadcast, void *vparam);
-static int check_listen_addrs(struct in_addr local, int if_index, 
+static int check_listen_addrs(struct in_addr local, int if_index, char *label,
 			      struct in_addr netmask, struct in_addr broadcast, void *vparam);
 
 static int make_fd(int port)
@@ -287,7 +287,7 @@ void dhcp_packet(time_t now, int pxe_fd)
       iface_addr = match.addr;
       /* make sure secondary address gets priority in case
 	 there is more than one address on the interface in the same subnet */
-      complete_context(match.addr, iface_index, match.netmask, match.broadcast, &parm);
+      complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm);
     }    
       
   if (!iface_enumerate(AF_INET, &parm, complete_context))
@@ -411,12 +411,14 @@ void dhcp_packet(time_t now, int pxe_fd)
 }
  
 /* check against secondary interface addresses */
-static int check_listen_addrs(struct in_addr local, int if_index, 
+static int check_listen_addrs(struct in_addr local, int if_index, char *label,
 			      struct in_addr netmask, struct in_addr broadcast, void *vparam)
 {
   struct match_param *param = vparam;
   struct iname *tmp;
 
+  (void) label;
+
   if (if_index == param->ind)
     {
       for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
@@ -444,11 +446,13 @@ static int check_listen_addrs(struct in_addr local, int if_index,
 
    Note that the current chain may be superceded later for configured hosts or those coming via gateways. */
 
-static int complete_context(struct in_addr local, int if_index, 
+static int complete_context(struct in_addr local, int if_index, char *label,
 			    struct in_addr netmask, struct in_addr broadcast, void *vparam)
 {
   struct dhcp_context *context;
   struct iface_param *param = vparam;
+
+  (void)label;
   
   for (context = daemon->dhcp; context; context = context->next)
     {

src/dnsmasq.h

@@ -673,7 +673,7 @@ struct dhcp_bridge {
 };
 
 struct cond_domain {
-  char *domain;
+  char *domain, *prefix;
   struct in_addr start, end;
 #ifdef HAVE_IPV6
   struct in6_addr start6, end6;
@@ -1030,6 +1030,7 @@ void create_bound_listeners(int die);
 int is_dad_listeners(void);
 int iface_check(int family, struct all_addr *addr, char *name, int *auth_dns);
 int loopback_exception(int fd, int family, struct all_addr *addr, char *name);
+int label_exception(int index, int family, struct all_addr *addr);
 int fix_fd(int fd);
 int tcp_interface(int fd, int af);
 struct in_addr get_ifaddr(char *intr);

src/domain.c

@@ -34,48 +34,69 @@ int is_name_synthetic(int flags, char *name, struct all_addr *addr)
     prot = AF_INET6;
 #endif
 
-  /* NB, must not alter name if we return zero */
-  for (p = name; *p; p++)
+  for (c = daemon->synth_domains; c; c = c->next)
     {
-      char c = *p;
+      int found = 0;
+      char *tail, *pref;
       
-      if ((c >='0' && c <= '9') || c == '-')
+      for (tail = name, pref = c->prefix; *tail != 0 && pref && *pref != 0; tail++, pref++)
+	{
+	  unsigned int c1 = (unsigned char) *pref;
+	  unsigned int c2 = (unsigned char) *tail;
+	  
+	  if (c1 >= 'A' && c1 <= 'Z')
+	    c1 += 'a' - 'A';
+	  if (c2 >= 'A' && c2 <= 'Z')
+	    c2 += 'a' - 'A';
+	  
+	  if (c1 != c2)
+	    break;
+	}
+      
+      if (pref && *pref != 0)
+	continue; /* prefix match fail */
+      
+      /* NB, must not alter name if we return zero */
+      for (p = tail; *p; p++)
+	{
+	  char c = *p;
+	  
+	  if ((c >='0' && c <= '9') || c == '-')
+	    continue;
+	  
+#ifdef HAVE_IPV6
+	  if (prot == AF_INET6 && ((c >='A' && c <= 'F') || (c >='a' && c <= 'f'))) 
+	    continue;
+#endif
+	  
+	  break;
+	}
+      
+      if (*p != '.')
 	continue;
       
-#ifdef HAVE_IPV6
-      if (prot == AF_INET6 && ((c >='A' && c <= 'F') || (c >='a' && c <= 'f'))) 
-	continue;
-#endif
+      *p = 0;	
       
-      break;
-    }
-  
-  if (*p != '.')
-    return 0;
-  
-  *p = 0;	
-
-  for (p = name; *p; p++)
-    if (*p == '-')
-      {
-	if (prot == AF_INET)
-	  *p = '.';
+      /* swap . or : for - */
+      for (p = tail; *p; p++)
+	if (*p == '-')
+	  {
+	    if (prot == AF_INET)
+	      *p = '.';
 #ifdef HAVE_IPV6
-	else
-	  *p = ':';
+	    else
+	      *p = ':';
 #endif
-      }
- 
-  if (inet_pton(prot, name, addr))
-    for (c = daemon->synth_domains; c; c = c->next)
-      if (hostname_isequal(c->domain, p+1))
+	  }
+      
+      if (hostname_isequal(c->domain, p+1) && inet_pton(prot, tail, addr))
 	{
 	  if (prot == AF_INET)
 	    {
 	      if (!c->is6 &&
 		  ntohl(addr->addr.addr4.s_addr) >= ntohl(c->start.s_addr) &&
 		  ntohl(addr->addr.addr4.s_addr) <= ntohl(c->end.s_addr))
-		break;
+		found = 1;
 	    }
 #ifdef HAVE_IPV6
 	  else
@@ -86,20 +107,23 @@ int is_name_synthetic(int flags, char *name, struct all_addr *addr)
 		  is_same_net6(&addr->addr.addr6, &c->start6, 64) &&
 		  addrpart >= addr6part(&c->start6) &&
 		  addrpart <= addr6part(&c->end6))
-		break;
+		found = 1;
 	    }
 #endif
 	}
+      
+      /* restore name */
+      for (p = tail; *p; p++)
+	if (*p == '.' || *p == ':')
+	  *p = '-';
+      
+      *p = '.';
+
+      if (found)
+	return 1;
+    }
   
-  /* restore name */
-  for (p = name; *p; p++)
-    if (*p == '.' || *p == ':')
-      *p = '-';
-  
-  *p = '.';
-  
-  return (c != NULL);
-  
+  return 0;
 }
 
 
@@ -111,7 +135,11 @@ int is_rev_synth(int flag, struct all_addr *addr, char *name)
      {
        char *p;
        
-       inet_ntop(AF_INET, &addr->addr.addr4, name, ADDRSTRLEN);
+       *name = 0;
+       if (c->prefix)
+	 strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN);
+       
+       inet_ntop(AF_INET, &addr->addr.addr4, name + strlen(name), ADDRSTRLEN);
        for (p = name; *p; p++)
 	 if (*p == '.')
 	   *p = '-';
@@ -127,11 +155,15 @@ int is_rev_synth(int flag, struct all_addr *addr, char *name)
      {
        char *p;
        
-       inet_ntop(AF_INET6, &addr->addr.addr6, name, ADDRSTRLEN);
+       *name = 0;
+       if (c->prefix)
+	 strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN);
+       
+       inet_ntop(AF_INET6, &addr->addr.addr6, name + strlen(name), ADDRSTRLEN);
 
        /* IPv6 presentation address can start with ":", but valid domain names
 	  cannot start with "-" so prepend a zero in that case. */
-       if (*name == ':')
+       if (!c->prefix && *name == ':')
 	 {
 	   *name = '0';
 	   inet_ntop(AF_INET6, &addr->addr.addr6, name+1, ADDRSTRLEN);

src/forward.c

@@ -789,7 +789,8 @@ void receive_query(struct listener *listen, time_t now)
 	{
 	   if (!option_bool(OPT_CLEVERBIND))
 	     enumerate_interfaces(); 
-	   if (!loopback_exception(listen->fd, listen->family, &dst_addr, ifr.ifr_name))
+	   if (!loopback_exception(listen->fd, listen->family, &dst_addr, ifr.ifr_name) &&
+	       !label_exception(if_index, listen->family, &dst_addr))
 	     return;
 	}
 

src/ipset.c

@@ -26,9 +26,12 @@
 #include <arpa/inet.h>
 #include <linux/version.h>
 #include <linux/netlink.h>
-#include <linux/netfilter/nfnetlink.h>
-#ifndef NFNL_SUBSYS_IPSET
+
+/* We want to be able to compile against old header files
+   Kernel version is handled at run-time. */
+
 #define NFNL_SUBSYS_IPSET 6
+
 #define IPSET_ATTR_DATA 7
 #define IPSET_ATTR_IP 1
 #define IPSET_ATTR_IPADDR_IPV4 1
@@ -39,10 +42,31 @@
 #define IPSET_CMD_DEL 10
 #define IPSET_MAXNAMELEN 32
 #define IPSET_PROTOCOL 6
-#else
-#include <linux/netfilter/ipset/ip_set.h>
+
+#ifndef NFNETLINK_V0
+#define NFNETLINK_V0    0
 #endif
 
+#ifndef NLA_F_NESTED
+#define NLA_F_NESTED		(1 << 15)
+#endif
+
+#ifndef NLA_F_NET_BYTEORDER
+#define NLA_F_NET_BYTEORDER	(1 << 14)
+#endif
+
+struct my_nlattr {
+        __u16           nla_len;
+        __u16           nla_type;
+};
+
+struct my_nfgenmsg {
+        __u8  nfgen_family;             /* AF_xxx */
+        __u8  version;          /* nfnetlink version */
+        __be16    res_id;               /* resource id */
+};
+
+
 /* data structure size in here is fixed */
 #define BUFF_SZ 256
 
@@ -53,11 +77,11 @@ static char *buffer;
 
 static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data)
 {
-  struct nlattr *attr = (void *)nlh + NL_ALIGN(nlh->nlmsg_len);
-  uint16_t payload_len = NL_ALIGN(sizeof(struct nlattr)) + len;
+  struct my_nlattr *attr = (void *)nlh + NL_ALIGN(nlh->nlmsg_len);
+  uint16_t payload_len = NL_ALIGN(sizeof(struct my_nlattr)) + len;
   attr->nla_type = type;
   attr->nla_len = payload_len;
-  memcpy((void *)attr + NL_ALIGN(sizeof(struct nlattr)), data, len);
+  memcpy((void *)attr + NL_ALIGN(sizeof(struct my_nlattr)), data, len);
   nlh->nlmsg_len += NL_ALIGN(payload_len);
 }
 
@@ -93,8 +117,8 @@ void ipset_init(void)
 static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int af, int remove)
 {
   struct nlmsghdr *nlh;
-  struct nfgenmsg *nfg;
-  struct nlattr *nested[2];
+  struct my_nfgenmsg *nfg;
+  struct my_nlattr *nested[2];
   uint8_t proto;
   int addrsz = INADDRSZ;
   ssize_t rc;
@@ -117,8 +141,8 @@ static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr,
   nlh->nlmsg_type = (remove ? IPSET_CMD_DEL : IPSET_CMD_ADD) | (NFNL_SUBSYS_IPSET << 8);
   nlh->nlmsg_flags = NLM_F_REQUEST;
   
-  nfg = (struct nfgenmsg *)(buffer + nlh->nlmsg_len);
-  nlh->nlmsg_len += NL_ALIGN(sizeof(struct nfgenmsg));
+  nfg = (struct my_nfgenmsg *)(buffer + nlh->nlmsg_len);
+  nlh->nlmsg_len += NL_ALIGN(sizeof(struct my_nfgenmsg));
   nfg->nfgen_family = af;
   nfg->version = NFNETLINK_V0;
   nfg->res_id = htons(0);
@@ -126,11 +150,11 @@ static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr,
   proto = IPSET_PROTOCOL;
   add_attr(nlh, IPSET_ATTR_PROTOCOL, sizeof(proto), &proto);
   add_attr(nlh, IPSET_ATTR_SETNAME, strlen(setname) + 1, setname);
-  nested[0] = (struct nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
-  nlh->nlmsg_len += NL_ALIGN(sizeof(struct nlattr));
+  nested[0] = (struct my_nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
+  nlh->nlmsg_len += NL_ALIGN(sizeof(struct my_nlattr));
   nested[0]->nla_type = NLA_F_NESTED | IPSET_ATTR_DATA;
-  nested[1] = (struct nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
-  nlh->nlmsg_len += NL_ALIGN(sizeof(struct nlattr));
+  nested[1] = (struct my_nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
+  nlh->nlmsg_len += NL_ALIGN(sizeof(struct my_nlattr));
   nested[1]->nla_type = NLA_F_NESTED | IPSET_ATTR_IP;
   add_attr(nlh, 
 	   (af == AF_INET ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6) | NLA_F_NET_BYTEORDER,

src/lease.c

@@ -345,11 +345,12 @@ void lease_update_file(time_t now)
 }
 
 
-static int find_interface_v4(struct in_addr local, int if_index, 
+static int find_interface_v4(struct in_addr local, int if_index, char *label,
 			     struct in_addr netmask, struct in_addr broadcast, void *vparam)
 {
   struct dhcp_lease *lease;
   
+  (void) label;
   (void) broadcast;
   (void) vparam;
 

src/netlink.c

@@ -215,7 +215,8 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 		if (ifa->ifa_family == AF_INET)
 		  {
 		    struct in_addr netmask, addr, broadcast;
-		    
+		    char *label = NULL;
+
 		    netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen));
 		    addr.s_addr = 0;
 		    broadcast.s_addr = 0;
@@ -226,12 +227,14 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 			  addr = *((struct in_addr *)(rta+1));
 			else if (rta->rta_type == IFA_BROADCAST)
 			  broadcast = *((struct in_addr *)(rta+1));
+			else if (rta->rta_type == IFA_LABEL)
+			  label = RTA_DATA(rta);
 			
 			rta = RTA_NEXT(rta, len1);
 		      }
 		    
 		    if (addr.s_addr && callback_ok)
-		      if (!((*callback)(addr, ifa->ifa_index, netmask, broadcast, parm)))
+		      if (!((*callback)(addr, ifa->ifa_index, label,  netmask, broadcast, parm)))
 			callback_ok = 0;
 		  }
 #ifdef HAVE_IPV6

src/network.c

@@ -204,7 +204,27 @@ int loopback_exception(int fd, int family, struct all_addr *addr, char *name)
   return 0;
 }
 
-static int iface_allowed(struct irec **irecp, int if_index, 
+/* If we're configured with something like --interface=eth0:0 then we'll listen correctly
+   on the relevant address, but the name of the arrival interface, derived from the
+   index won't match the config. Check that we found an interface address for the arrival 
+   interface: daemon->interfaces must be up-to-date. */
+int label_exception(int index, int family, struct all_addr *addr)
+{
+  struct irec *iface;
+
+  /* labels only supported on IPv4 addresses. */
+  if (family != AF_INET)
+    return 0;
+
+  for (iface = daemon->interfaces; iface; iface = iface->next)
+    if (iface->index == index && iface->addr.sa.sa_family == AF_INET &&
+	iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
+      return 1;
+
+  return 0;
+}
+
+static int iface_allowed(struct irec **irecp, int if_index, char *label,
 			 union mysockaddr *addr, struct in_addr netmask, int dad) 
 {
   struct irec *iface;
@@ -242,8 +262,8 @@ static int iface_allowed(struct irec **irecp, int if_index,
   loopback = ifr.ifr_flags & IFF_LOOPBACK;
   
   if (loopback)
-     dhcp_ok = 0;
-
+    dhcp_ok = 0;
+  
   if (ioctl(fd, SIOCGIFMTU, &ifr) != -1)
     mtu = ifr.ifr_mtu;
   
@@ -272,13 +292,16 @@ static int iface_allowed(struct irec **irecp, int if_index,
 	}
     }
   
+  if (!label)
+    label = ifr.ifr_name;
+
   if (addr->sa.sa_family == AF_INET &&
-      !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, ifr.ifr_name, &auth_dns))
+      !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns))
     return 1;
 
 #ifdef HAVE_IPV6
   if (addr->sa.sa_family == AF_INET6 &&
-      !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, ifr.ifr_name, &auth_dns))
+      !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns))
     return 1;
 #endif
     
@@ -348,11 +371,11 @@ static int iface_allowed_v6(struct in6_addr *local, int prefix,
   addr.in6.sin6_port = htons(daemon->port);
   addr.in6.sin6_scope_id = if_index;
   
-  return iface_allowed((struct irec **)vparam, if_index, &addr, netmask, !!(flags & IFACE_TENTATIVE));
+  return iface_allowed((struct irec **)vparam, if_index, NULL, &addr, netmask, !!(flags & IFACE_TENTATIVE));
 }
 #endif
 
-static int iface_allowed_v4(struct in_addr local, int if_index, 
+static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
 			    struct in_addr netmask, struct in_addr broadcast, void *vparam)
 {
   union mysockaddr addr;
@@ -366,7 +389,7 @@ static int iface_allowed_v4(struct in_addr local, int if_index,
   addr.in.sin_addr = local;
   addr.in.sin_port = htons(daemon->port);
 
-  return iface_allowed((struct irec **)vparam, if_index, &addr, netmask, 0);
+  return iface_allowed((struct irec **)vparam, if_index, label, &addr, netmask, 0);
 }
    
 int enumerate_interfaces(void)

src/option.c

@@ -408,7 +408,7 @@ static struct {
   { LOPT_AUTHSFS, ARG_DUP, "<NS>[,<NS>...]", gettext_noop("Secondary authoritative nameservers for forward domains"), NULL },
   { LOPT_AUTHPEER, ARG_DUP, "<ipaddr>[,<ipaddr>...]", gettext_noop("Peers which are allowed to do zone transfer"), NULL },
   { LOPT_IPSET, ARG_DUP, "/<domain>/<ipset>[,<ipset>...]", gettext_noop("Specify ipsets to which matching domains should be added"), NULL },
-  { LOPT_SYNTH, ARG_DUP, "<domain>,<range>", gettext_noop("Specify a domain and address range for sythesised names"), NULL },
+  { LOPT_SYNTH, ARG_DUP, "<domain>,<range>,[<prefix>]", gettext_noop("Specify a domain and address range for sythesised names"), NULL },
 #ifdef OPTION6_PREFIX_CLASS 
   { LOPT_PREF_CLSS, ARG_DUP, "set:tag,<class>", gettext_noop("Specify DHCPv6 prefix class"), NULL },
 #endif
@@ -660,7 +660,7 @@ char *parse_server(char *arg, union mysockaddr *addr, union mysockaddr *source_a
   scope_id = split_chr(arg, '%');
 #endif
   
-  if ((addr->in.sin_addr.s_addr = inet_addr(arg)) != (in_addr_t) -1)
+  if (inet_pton(AF_INET, arg, &addr->in.sin_addr) > 0)
     {
       addr->in.sin_port = htons(serv_port);	
       addr->sa.sa_family = source_addr->sa.sa_family = AF_INET;
@@ -675,7 +675,7 @@ char *parse_server(char *arg, union mysockaddr *addr, union mysockaddr *source_a
 	  if (flags)
 	    *flags |= SERV_HAS_SOURCE;
 	  source_addr->in.sin_port = htons(source_port);
-	  if ((source_addr->in.sin_addr.s_addr = inet_addr(source)) == (in_addr_t) -1)
+	  if (!(inet_pton(AF_INET, source, &source_addr->in.sin_addr) > 0))
 	    {
 #if defined(SO_BINDTODEVICE)
 	      source_addr->in.sin_addr.s_addr = INADDR_ANY;
@@ -1031,7 +1031,7 @@ static int parse_dhcp_opt(char *errstr, char *arg, int flags)
 	      cp = comma;
 	      comma = split(cp);
 	      slash = split_chr(cp, '/');
-	      in.s_addr = inet_addr(cp);
+	      inet_pton(AF_INET, cp, &in);
 	      if (!slash)
 		{
 		  memcpy(op, &in, INADDRSZ);
@@ -1576,7 +1576,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	comma = split(arg);
 	new->name = NULL;
 	unhide_metas(arg);
-	if ((new->addr.in.sin_addr.s_addr = inet_addr(arg)) != (in_addr_t)-1)
+	if (inet_pton(AF_INET, arg, &new->addr.in.sin_addr) > 0)
 	  new->addr.sa.sa_family = AF_INET;
 #ifdef HAVE_IPV6
 	else if (inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0)
@@ -1707,6 +1707,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 		  struct cond_domain *new = opt_malloc(sizeof(struct cond_domain));
 		  char *netpart;
 		  
+		  new->prefix = NULL;
+
 		  unhide_metas(comma);
 		  if ((netpart = split_chr(comma, '/')))
 		    {
@@ -1723,26 +1725,30 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 			  new->end.s_addr = new->start.s_addr | htonl(mask);
 			  if (arg)
 			    {
-			      /* generate the equivalent of
-				 local=/<domain>/
-				 local=/xxx.yyy.zzz.in-addr.arpa/ */
-
-			      if (strcmp(arg, "local") != 0 ||
-				  option != 's' ||
-				  (msize != 8 && msize != 16 && msize != 24))
+			      if (option != 's')
+				{
+				  if (!(new->prefix = canonicalise_opt(arg)) ||
+				      strlen(new->prefix) > MAXLABEL - INET_ADDRSTRLEN)
+				    ret_err(_("bad prefix"));
+				}
+			      else if (strcmp(arg, "local") != 0 ||
+				       (msize != 8 && msize != 16 && msize != 24))
 				ret_err(gen_err);
 			      else
 				{
+				  /* generate the equivalent of
+				     local=/<domain>/
+				     local=/xxx.yyy.zzz.in-addr.arpa/ */
 				  struct server *serv = opt_malloc(sizeof(struct server));
 				  in_addr_t a = ntohl(new->start.s_addr) >> 8;
 				  char *p;
-
+				  
 				  memset(serv, 0, sizeof(struct server));
 				  serv->domain = d;
 				  serv->flags = SERV_HAS_DOMAIN | SERV_NO_ADDR;
 				  serv->next = daemon->servers;
 				  daemon->servers = serv;
-
+				  
 				  serv = opt_malloc(sizeof(struct server));
 				  memset(serv, 0, sizeof(struct server));
 				  p = serv->domain = opt_malloc(25); /* strlen("xxx.yyy.zzz.in-addr.arpa")+1 */
@@ -1754,7 +1760,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 				    p += sprintf(p, "%d.", a & 0xff);
 				  a = a >> 8;
 				  p += sprintf(p, "%d.in-addr.arpa", a & 0xff);
-
+				  
 				  serv->flags = SERV_HAS_DOMAIN | SERV_NO_ADDR;
 				  serv->next = daemon->servers;
 				  daemon->servers = serv;
@@ -1767,11 +1773,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 			  u64 mask = (1LLU << (128 - msize)) - 1LLU;
 			  u64 addrpart = addr6part(&new->start6);
 			  new->is6 = 1;
-
+			  
 			  /* prefix==64 overflows the mask calculation above */
 			  if (msize == 64)
 			    mask = (u64)-1LL;
-
+			  
 			  new->end6 = new->start6;
 			  setaddr6part(&new->start6, addrpart & ~mask);
 			  setaddr6part(&new->end6, addrpart | mask);
@@ -1780,16 +1786,19 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 			    ret_err(gen_err);
 			  else if (arg)
 			    {
-			      /* generate the equivalent of
-				 local=/<domain>/
-				 local=/xxx.yyy.zzz.ip6.arpa/ */
-
-			      if (strcmp(arg, "local") != 0 || 
-				  option != 's' ||
-				  ((msize & 4) != 0))
+			      if (option != 's')
+				{
+				  if (!(new->prefix = canonicalise_opt(arg)) ||
+				      strlen(new->prefix) > MAXLABEL - INET6_ADDRSTRLEN)
+				    ret_err(_("bad prefix"));
+				}	
+			      else if (strcmp(arg, "local") != 0 || ((msize & 4) != 0))
 				ret_err(gen_err);
 			      else 
 				{
+				  /* generate the equivalent of
+				     local=/<domain>/
+				     local=/xxx.yyy.zzz.ip6.arpa/ */
 				  struct server *serv = opt_malloc(sizeof(struct server));
 				  char *p;
 				  
@@ -1918,7 +1927,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
       {
 	struct in_addr addr;
 	unhide_metas(arg);
-	if (arg && (addr.s_addr = inet_addr(arg)) != (in_addr_t)-1)
+	if (arg && (inet_pton(AF_INET, arg, &addr) > 0))
 	  {
 	    struct bogus_addr *baddr = opt_malloc(sizeof(struct bogus_addr));
 	    baddr->next = daemon->bogus_addr;
@@ -1936,7 +1945,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	struct iname *new = opt_malloc(sizeof(struct iname));
 	comma = split(arg);
 	unhide_metas(arg);
-	if (arg && (new->addr.in.sin_addr.s_addr = inet_addr(arg)) != (in_addr_t)-1)
+	if (arg && (inet_pton(AF_INET, arg, &new->addr.in.sin_addr) > 0))
 	  {
 	    new->addr.sa.sa_family = AF_INET;
 	    new->addr.in.sin_port = 0;
@@ -2360,7 +2369,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	      }
 	    
 	    if (k >= 3 && strchr(a[2], '.') &&  
-		((new->netmask.s_addr = inet_addr(a[2])) != (in_addr_t)-1))
+		(inet_pton(AF_INET, a[2], &new->netmask) > 0))
 	      {
 		new->flags |= CONTEXT_NETMASK;
 		leasepos = 3;
@@ -2369,7 +2378,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	      }
 	    
 	    if (k >= 4 && strchr(a[3], '.') &&  
-		((new->broadcast.s_addr = inet_addr(a[3])) != (in_addr_t)-1))
+		(inet_pton(AF_INET, a[3], &new->broadcast) > 0))
 	      {
 		new->flags |= CONTEXT_BRDCAST;
 		leasepos = 4;
@@ -2599,7 +2608,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 		    }		    
 		}
 	    }
-	  else if (strchr(a[j], '.') && (in.s_addr = inet_addr(a[j])) != (in_addr_t)-1)
+	  else if (strchr(a[j], '.') && (inet_pton(AF_INET, a[j], &in) > 0))
 	    {
 	      struct dhcp_config *configs;
 	      
@@ -2796,17 +2805,17 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 		if (comma)
 		  {
 		    unhide_metas(comma);
-		    if ((dhcp_next_server.s_addr = inet_addr(comma)) == (in_addr_t)-1) {
-
-		      /*
-		       * The user may have specified the tftp hostname here.
-		       * save it so that it can be resolved/looked up during
-		       * actual dhcp_reply().
-		       */	
-
-		      tftp_sname = opt_string_alloc(comma);
-		      dhcp_next_server.s_addr = 0;
-		    }
+		    if (!(inet_pton(AF_INET, comma, &dhcp_next_server) > 0))
+		      {
+			/*
+			 * The user may have specified the tftp hostname here.
+			 * save it so that it can be resolved/looked up during
+			 * actual dhcp_reply().
+			 */	
+			
+			tftp_sname = opt_string_alloc(comma);
+			dhcp_next_server.s_addr = 0;
+		      }
 		  }
 	      }
 	    
@@ -2819,7 +2828,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	    new->next = daemon->boot_config;
 	    daemon->boot_config = new;
 	  }
-	
+      
 	break;
       }
 
@@ -3135,7 +3144,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
       while (arg) {
 	struct addr_list *new = opt_malloc(sizeof(struct addr_list));
 	comma = split(arg);
-	if ((new->addr.s_addr = inet_addr(arg)) == (in_addr_t)-1)
+	if (!(inet_pton(AF_INET, arg, &new->addr) > 0))
 	  ret_err(_("bad dhcp-proxy address"));
 	new->next = daemon->override_relays;
 	daemon->override_relays = new;
@@ -3178,15 +3187,15 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	dash = split_chr(a[0], '-');
 
 	if ((k < 2) || 
-	    ((new->in.s_addr = inet_addr(a[0])) == (in_addr_t)-1) ||
-	    ((new->out.s_addr = inet_addr(a[1])) == (in_addr_t)-1))
+	    (!(inet_pton(AF_INET, a[0], &new->in) > 0)) ||
+	    (!(inet_pton(AF_INET, a[1], &new->out) > 0)))
 	  option = '?';
 	
 	if (k == 3)
-	  new->mask.s_addr = inet_addr(a[2]);
+	  inet_pton(AF_INET, a[2], &new->mask);
 	
 	if (dash && 
-	    ((new->end.s_addr = inet_addr(dash)) == (in_addr_t)-1 ||
+	    (!(inet_pton(AF_INET, dash, &new->end) > 0) ||
 	     !is_same_net(new->in, new->end, new->mask) ||
 	     ntohl(new->in.s_addr) > ntohl(new->end.s_addr)))
 	  ret_err(_("invalid alias range"));

src/radv.c

@@ -300,9 +300,9 @@ static void send_ra(time_t now, int iface, char *iface_name, struct in6_addr *de
 	}
     }
 	
-  if (!done_dns)
+  if (daemon->port == NAMESERVER_PORT && !done_dns)
     {
-      /* default == us. */
+      /* default == us, as long as we are supplying DNS service. */
       put_opt6_char(ICMP6_OPT_RDNSS);
       put_opt6_char(3);
       put_opt6_short(0);

src/tftp.c

@@ -202,7 +202,8 @@ void tftp_request(struct listener *listen, time_t now)
 	{
 	  if (!option_bool(OPT_CLEVERBIND))
 	    enumerate_interfaces(); 
-	  if (!loopback_exception(listen->tftpfd, listen->family, &addra, name))
+	  if (!loopback_exception(listen->tftpfd, listen->family, &addra, name) &&
+	      !label_exception(if_index, listen->family, &addra) )
 	    return;
 	}
       

src/util.c

@@ -142,19 +142,23 @@ static int check_name(char *in)
 int legal_hostname(char *name)
 {
   char c;
+  int first;
 
   if (!check_name(name))
     return 0;
 
-  for (; (c = *name); name++)
+  for (first = 1; (c = *name); name++, first = 0)
     /* check for legal char a-z A-Z 0-9 - _ . */
     {
       if ((c >= 'A' && c <= 'Z') ||
-	  (c >= 'a' && c <= 'z') ||
-	  (c >= '0' && c <= '9') ||
-	  c == '-' || c == '_')
+	  (c >= 'a' && c <= 'z'))
 	continue;
-      
+
+      if (!first && 
+	  ((c >= '0' && c <= '9') ||
+	   c == '-' || c == '_'))
+	continue;
+
       /* end of hostname part */
       if (c == '.')
 	return 1;