import of dnsmasq-2.36.tar.gz

CHANGELOG

@@ -2036,5 +2036,54 @@ version 2.35
 	    performance should be better. Thanks to "koko" for 
 	    pointing out the problem.
 
-
+version 2.36
+	    Added --dhcp-ignore-names flag which tells dnsmasq not to
+	    use names provided by DHCP clients. Suggestion from 
+	    Thomas M Steenholdt.
+
+	    Send netmask and broadcast address DHCP options always,
+	    even if the client doesn't request them. This makes a few
+	    odd clients work better.
+
+	    Added simple TFTP function, optimised for net-boot. It is
+	    now possible to net boot hosts using only dnsmasq. The
+	    TFTP server is read-only, binary-mode only, and designed to be
+	    secure; it adds about 4K to the dnsmasq binary. 
  
+	    Support DHCP option 120, SIP servers, (RFC 3361). Both
+            encodings are supported, so both --dhcp-option=120,192.168.2.3
+            and	--dhcp-option=120,sip.example.net will work. Brian
+            Candler pointed out the need for this.
+
+	    Allow spaces in domain names, to support DNS-SD.
+
+	    Add --ptr-record flag, again for DNS-SD. Thanks to Stephan 
+	    Sokolow for the suggestion.
+	    
+	    Tolerate leading space on lines in the config file. Thanks
+	    to Luigi Rizzo for pointing this out.
+
+	    Fixed netlink.c to cope with headers from the Linux 2.6.19
+	    kernel. Thanks to Philip Wall for the bug report.
+
+	    Added --dhcp-bridge option, but only to the FreeBSD
+	    build. This fixes an oddity with a a particular bridged
+	    network configuration on FreeBSD. Thanks to Luigi Rizzo
+	    for the patch.
+
+	    Added FAQ entry about running dnsmasq in a Linux
+	    vserver. Thanks to Gildas le Nadan for the information.  
+
+	    Fixed problem with option parsing which interpreted "/" as
+	    an address and not a string. Thanks to Luigi Rizzo
+	    for the patch.
+
+	    Ignore the --domain-needed flag when forwarding NS
+	    and SOA queries, since NS queries of TLDs are always legit.
+	    Marcus Better pointed out this problem.
+
+	    Take care to forward signed DNS requests bit-perfect, so
+	    as not to affect the validity of the signature. This
+	    should allow DDNS updates to be forwarded.
+
+

FAQ

@@ -311,7 +311,7 @@ A: Because when a Gentoo box shuts down, it releases its lease with
 
 Q: My laptop has two network interfaces, a wired one and a wireless
    one. I never use both interfaces at the same time, and I'd like the
-   same IP and configuration to be used irrespcetive of which
+   same IP and configuration to be used irrespective of which
    interface is in use. How can I do that?
 
 A: By default, the identity of a machine is determined by using the
@@ -393,6 +393,28 @@ A: Dnsmasq is in Suse itself, and the latest releases are also
    available at ftp://ftp.suse.com/pub/people/ug/
 
 
+Q: Can I run dnsmasq in a Linux vserver?
+
+A: Yes, as a DNS server, dnsmasq will just work in a vserver.
+   To use dnsmasq's DHCP function you need to give the vserver
+   extra system capabilities. Please note that doing so will lesser 
+   the overall security of your system. The capabilities 
+   required are NET_ADMIN and NET_RAW. NET_ADMIN is essential, NET_RAW
+   is required to do an ICMP "ping" check on newly allocated
+   addresses. If you don't need this check, you can disable it with
+   --no-ping and omit the NET_RAW capability. 
+   Adding the capabilities is done by adding them, one per line, to
+   either /etc/vservers/<vservername>/ccapabilities for a 2.4 kernel or
+   /etc/vservers/<vservername>/bcapabilities for a 2.6 kernel (please
+   refer to the vserver documentation for more information).
+
+
+
+
+
+
+
+
 
 
  

bld/Makefile

@@ -3,7 +3,7 @@ PKG_CONFIG ?= pkg-config
 
 
 OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o network.o \
-       dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o helper.o
+       dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o helper.o tftp.o
 
 .c.o:
 	$(CC) $(CFLAGS) $(COPTS) $(I18N) `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --cflags dbus-1` $(RPM_OPT_FLAGS) -Wall -W -c $<

contrib/try-all-ns/README

+Date: Thu, 07 Dec 2006 00:41:43 -0500
+From: Bob Carroll <bob.carroll@rit.edu>
+Subject: dnsmasq suggestion
+To: simon@thekelleys.org.uk
+
+
+Hello,
+
+I recently needed a feature in dnsmasq for a very bizarre situation. I 
+placed a list of name servers in a special resolve file and told dnsmasq 
+to use that. But I wanted it to try requests in order and treat NXDOMAIN 
+requests as a failed tcp connection. I wrote the feature into dnsmasq 
+and it seems to work. I prepared a patch in the event that others might 
+find it useful as well.
+
+Thanks and keep up the good work.
+
+--Bob
+

contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch

+diff -Nau dnsmasq-2.35/src/dnsmasq.h dnsmasq/src/dnsmasq.h
+--- dnsmasq-2.35/src/dnsmasq.h	2006-10-18 16:24:50.000000000 -0400
++++ dnsmasq/src/dnsmasq.h	2006-11-16 22:06:31.000000000 -0500
+@@ -112,6 +112,7 @@
+ #define OPT_NO_PING        2097152
+ #define OPT_LEASE_RO       4194304
+ #define OPT_RELOAD         8388608
++#define OPT_TRY_ALL_NS     16777216
+ 
+ struct all_addr {
+   union {
+diff -Nau dnsmasq-2.35/src/forward.c dnsmasq/src/forward.c
+--- dnsmasq-2.35/src/forward.c	2006-10-18 16:24:50.000000000 -0400
++++ dnsmasq/src/forward.c	2006-11-16 22:08:19.000000000 -0500
+@@ -445,6 +445,10 @@
+     {
+        struct server *server = forward->sentto;
+        
++       // If strict-order and try-all-ns are set, treat NXDOMAIN as a failed request
++       if( (daemon->options & OPT_ORDER) && (daemon->options && OPT_TRY_ALL_NS)
++           && header->rcode == NXDOMAIN ) header->rcode = SERVFAIL;
++
+        if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && forward->forwardall == 0)
+ 	 /* for broken servers, attempt to send to another one. */
+ 	 {
+diff -Nau dnsmasq-2.35/src/option.c dnsmasq/src/option.c
+--- dnsmasq-2.35/src/option.c	2006-10-18 16:24:50.000000000 -0400
++++ dnsmasq/src/option.c	2006-11-16 22:10:36.000000000 -0500
+@@ -28,7 +28,7 @@
+ 
+ /* options which don't have a one-char version */
+ #define LOPT_RELOAD 256
+-
++#define LOPT_TRY_ALL_NS 257
+ 
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =  
+@@ -102,6 +102,7 @@
+     {"leasefile-ro", 0, 0, '9'},
+     {"dns-forward-max", 1, 0, '0'},
+     {"clear-on-reload", 0, 0, LOPT_RELOAD },
++    {"try-all-ns", 0, 0, LOPT_TRY_ALL_NS },
+     { NULL, 0, 0, 0 }
+   };
+ 
+@@ -134,6 +135,7 @@
+   { '5',            OPT_NO_PING },
+   { '9',            OPT_LEASE_RO },
+   { LOPT_RELOAD,    OPT_RELOAD },
++  { LOPT_TRY_ALL_NS,OPT_TRY_ALL_NS },
+   { 'v',            0},
+   { 'w',            0},
+   { 0, 0 }
+@@ -208,6 +210,7 @@
+   { "-9, --leasefile-ro", gettext_noop("Read leases at startup, but never write the lease file."), NULL },
+   { "-0, --dns-forward-max=<queries>", gettext_noop("Maximum number of concurrent DNS queries. (defaults to %s)"), "!" }, 
+   { "    --clear-on-reload", gettext_noop("Clear DNS cache when reloading %s."), RESOLVFILE },
++  { "    --try-all-ns", gettext_noop("Try all name servers in tandem on NXDOMAIN replies (use with strict-order)."), NULL },
+   { NULL, NULL, NULL }
+ }; 
+ 

dnsmasq.conf.example

@@ -37,7 +37,7 @@
 
 # If you don't want dnsmasq to read /etc/resolv.conf or any other
 # file, getting its servers from this file instead (see below), then
-# uncomment this
+# uncomment this.
 #no-resolv
 
 # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
@@ -206,12 +206,19 @@
 # subnet mask - 1
 # default router - 3
 # DNS server - 6
+# hostname - 12
 # broadcast address - 28
 
 # Override the default route supplied by dnsmasq, which assumes the
 # router is the same machine as the one running dnsmasq.
 #dhcp-option=3,1.2.3.4
 
+# Override the default route supplied by dnsmasq and send no default
+# route at all. Note that this only works for the options sent by
+# default (1, 3, 6, 12, 28) the same line will send a zero-length option 
+# for all other option numbers.
+#dhcp-option=3
+
 # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
 #dhcp-option=42,192.168.0.4,10.10.0.5
 
@@ -262,9 +269,27 @@
 # mtftp address to 0.0.0.0 for PXEClients
 #dhcp-option=vendor:PXEClient,1,0.0.0.0
 
-# Set the boot filename and tftpd server name and address
-# for BOOTP. You will only need this is you want to
-# boot machines over the network.
+# Set the boot filename for BOOTP. You will only need 
+# this is you want to boot machines over the network and you will need
+# a TFTP server; either dnsmasq's built in TFTP server or an
+# external one. (See below for how to enable the TFTP server.)
+#dhcp-boot=pxelinux.0
+
+# Enable dnsmasq's built-in TFTP server
+#enable-tftp
+
+# Set the root directory for files availble via FTP.
+#tftp-root=/var/ftpd
+
+# Make the TFTP server more secure: with this set, only files owned by
+# the user dnsmasq is running as will be send over the net.
+#tftp-secure
+
+# Set the boot file name only when the "red" tag is set.
+#dhcp-boot=net:red,pxelinux.red-net
+
+# An example of dhcp-boot with an external server: the name and IP
+# address of the server are given after the filename.
 #dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
 
 # Set the limit on DHCP leases, the default is 150
@@ -363,6 +388,11 @@
 # example.com
 #srv-host=_ldap._tcp.example.com
 
+# The following line shows how to make dnsmasq serve an arbitrary PTR
+# record. This is useful for DNS-SD. (Note that the
+# domain-name expansion done for SRV records _does_not
+# occur for PTR records.)
+#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
 
 # Change the following lines to enable dnsmasq to serve TXT records.
 # These are used for things like SPF and zeroconf. (Note that the
@@ -370,7 +400,7 @@
 # occur for TXT records.)
 
 #Example SPF.
-#txt-record=example.com,v=spf1 a -all
+#txt-record=example.com,"v=spf1 a -all"
 
 #Example zeroconf
 #txt-record=_http._tcp.example.com,name=value,paper=A4

doc.html

@@ -11,7 +11,7 @@ Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
  server and allows machines with DHCP-allocated addresses
  to appear in the DNS with names configured either in each host or
  in a central configuration file. Dnsmasq supports static and dynamic 
- DHCP leases and BOOTP for network booting of diskless machines.
+ DHCP leases and BOOTP/TFTP for network booting of diskless machines.
 <P>
  Dnsmasq is targeted at home networks using NAT and 
 connected to the internet via a modem, cable-modem or ADSL
@@ -83,7 +83,7 @@ for any or all local machines.
 
 <A HREF="http://www.thekelleys.org.uk/dnsmasq/"> Download</A> dnsmasq here. 
 The tarball includes this documentation, source, and manpage.
-There is also a <A HREF="CHANGELOG"> CHANGELOG</A>.
+There is also a <A HREF="CHANGELOG"> CHANGELOG</A> and a <A HREF="FAQ">FAQ</A>.
 Dnsmasq is part of the Debian distribution, it can be downloaded from 
 <A HREF="http://ftp.debian.org/debian/pool/main/d/dnsmasq/"> here</A> or installed using <TT>apt</TT>.
 

man/dnsmasq.8

@@ -24,7 +24,7 @@ Dnsmasq
 supports IPv6.
 .SH OPTIONS
 Note that in general missing parameters are allowed and switch off
-functions, for instance "--pid-file=" disables writing a PID file. On
+functions, for instance "--pid-file" disables writing a PID file. On
 BSD, unless the GNU getopt library is linked, the long form of the
 options does not work on the command line; it is still recognised in
 the configuration file.
@@ -37,6 +37,10 @@ Additional hosts file. Read the specified file as well as /etc/hosts. If -h is g
 only the specified file. This option may be repeated for more than one
 additional hosts file.
 .TP
+.B \-E, --expand-hosts
+Add the domain to simple names (without a period) in /etc/hosts
+in the same way as for DHCP-derived names.
+.TP
 .B \-T, --local-ttl=<time>
 When replying with information from /etc/hosts or the DHCP leases
 file dnsmasq by default sets the time-to-live field to zero, meaning
@@ -123,7 +127,7 @@ options does not matter and that
 options always override the others.
 .TP 
 .B \-2, --no-dhcp-interface=<interface name>
-Do not provide DHCP on the specified interface, but do provide DNS service.
+Do not provide DHCP or TFTP on the specified interface, but do provide DNS service.
 .TP
 .B \-a, --listen-address=<ipaddr>
 Listen on the given IP address(es). Both 
@@ -229,7 +233,7 @@ Tells dnsmasq to never forward queries for plain names, without dots
 or domain parts, to upstream nameservers. If the name is not known
 from /etc/hosts or DHCP then a "not found" answer is returned.
 .TP
-.B \-S, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source>[#<port>]]]
+.B \-S, ,--local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source>[#<port>]]]
 Specify IP address of upstream severs directly. Setting this flag does
 not suppress reading of /etc/resolv.conf, use -R to do that. If one or
 more 
@@ -322,6 +326,9 @@ all that match are returned.
 Return a TXT DNS record. The value of TXT record is a set of strings,
 so  any number may be included, split by commas.
 .TP
+.B --ptr-record=<name>[,<target>]
+Return a PTR DNS record.
+.TP
 .B \-c, --cache-size=<cachesize>
 Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.
 .TP
@@ -368,7 +375,7 @@ addresses given via
 .B dhcp-host
 or from /etc/ethers will be served.
 .TP
-.B \-G, --dhcp-host=[[<hwaddr>]|[id:[<client_id>][*]]][,net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
+.B \-G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
 Specify per host parameters for the DHCP server. This allows a machine
 with a particular hardware address to be always allocated the same
 hostname, IP address and lease time. A hostname specified like this
@@ -449,9 +456,10 @@ and a text string. If the optional network-ids are given then
 this option is only sent when all the network-ids are matched.
 
 Special processing is done on a text argument for option 119, to
-conform with RFC 3397, and dotted-quad IP addresses which are followed
-by a slash and then a netmask size are encoded as described in RFC
-3442.
+conform with RFC 3397. Text or dotted-quad IP addresses as arguments
+to option 120 are handled as per RFC 3361. Dotted-quad IP addresses 
+which are followed by a slash and then a netmask size are encoded as
+described in RFC 3442.
 
 Be careful: no checking is done that the correct type of data for the
 option number is sent, it is quite possible to
@@ -508,10 +516,23 @@ When all the given network-ids match the set of network-ids derived
 from the net, host, vendor and user classes, ignore the host and do
 not allocate it a DHCP lease.
 .TP
+.B --dhcp-ignore-name[=<network-id>[,<network-id>]]
+When all the given network-ids match the set of network-ids derived
+from the net, host, vendor and user classes, ignore any hostname
+provided by the host. Note that, unlike dhcp-ignore, it is permissable
+to supply no netid tags, in which case DHCP-client supplied hostnames
+are always ignored, and DHCP hosts are added to the DNS using only
+dhcp-host configuration in dnsmasq and the contents of /etc/hosts and
+/etc/ethers.
+.TP
 .B \-M, --dhcp-boot=[net:<network-id>,]<filename>,[<servername>[,<server address>]]
-Set BOOTP options to be returned by the DHCP server. These are needed
-for machines which network boot, and tell the machine where to collect
-its initial configuration. If the optional network-id(s) are given,
+Set BOOTP options to be returned by the DHCP server. Server name and
+address are optional: if not provided, the name is left empty, and the
+address set to the address of the machine running dnsmasq. If dnsmasq
+is providing a TFTP service (see 
+.B --enable-tftp
+) then only the filename is required here to enable network booting.
+If the optional network-id(s) are given,
 they must match for this configuration to be sent. Note that
 network-ids are prefixed by "net:" to distinguish them.
 .TP  
@@ -602,6 +623,12 @@ stdout and exit with zero exit code. Setting this
 option also forces the leasechange script to be called on changes
 to the client-id and lease length and expiry time.
 .TP
+.B --bridge-interface=<interface>,<alias>[,<alias>]
+Treat DHCP request packets arriving at any of the <alias> interfaces
+as if they had arrived at <interface>. This option is only available
+on FreeBSD and Dragonfly BSD, and is necessary when using "old style" bridging, since
+packets arrive at tap interfaces which don't have an IP address.
+.TP
 .B \-s, --domain=<domain>
 Specifies the domain for the DHCP server. This has two effects;
 firstly it causes the DHCP server to return the domain to any hosts
@@ -614,10 +641,37 @@ both as "laptop" and "laptop.thekelleys.org.uk". If the domain is
 given as "#" then the domain is read from the first "search" directive
 in /etc/resolv.conf (or equivalent). 
 .TP
-.B \-E, --expand-hosts
-Add the domain to simple names (without a period) in /etc/hosts
-in the same way as for DHCP-derived names.
-.TP
+.B --enable-tftp
+Enable the TFTP server function. This is deliberately limited to that
+needed to net-boot a client: Only reading is allowed, and only in
+binary/octet mode. The tsize and blksize extensions are supported.
+.TP
+.B --tftp-root=<directory>
+Look for files to transfer using TFTP relative to the given
+directory. When this is set, TFTP paths which include ".." are
+rejected, to stop clients getting outside the specified root.
+.TP
+.B --tftp-secure
+Enable TFTP secure mode: without this, any file which is readble by
+the dnsmasq process under normal unix access-control rules is
+available via TFTP. When the --tftp-secure flag is given, only files
+owned by the user running the dnsmasq process are accessible. If
+dnsmasq is being run as root, different rules apply: --tftp-secure
+has not effect, but only files which have the world-readable bit set
+are accessible. It is not recommended to run dnsmasq as root with TFTP
+enabled, and certainly not without specifying --tftp-root. Doing so
+can expose any world-readable file on the server to any host on the net. 
+.TP
+.B --tftp-max=<connections>
+Set the maximum number of concurrent TFTP connections allowed. This
+defaults to 50. When serving a large number of TFTP connections,
+per-process file descriptor limits may be encountered. Dnsmasq needs
+one file descriptor for each concurrent TFTP connection and one
+file descriptor per unique file (plus a few others). So serving the
+same file simultaneously to n clients will use require about n + 10 file
+descriptors, serving different files simultaneously to n clients will
+require about (2*n) + 10 descriptors.
+.TP  
 .B \-C, --conf-file=<file>
 Specify a different configuration file. The conf-file option is also allowed in
 configuration files, to include multiple configuration files.

src/cache.c

@@ -46,6 +46,8 @@ static const struct {
   { 38,  "A6" },
   { 39,  "DNAME" },
   { 41,  "OPT" },
+  { 48,  "DNSKEY" },
+  { 249, "TKEY" },
   { 250, "TSIG" },
   { 251, "IXFR" },
   { 252, "AXFR" },
@@ -636,15 +638,19 @@ static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrl
 	flags &= ~F_REVERSE;
       else
 	for (i=0; i<hash_size; i++)
-	  for (lookup = hash_table[i]; lookup; lookup = lookup->hash_next)
-	    if ((lookup->flags & F_HOSTS) && 
-		(lookup->flags & flags & (F_IPV4 | F_IPV6)) &&
-		memcmp(&lookup->addr.addr, addr, addrlen) == 0)
-	      {
-		flags &= ~F_REVERSE;
-		break;
-	      }
-    
+	  {
+	    for (lookup = hash_table[i]; lookup; lookup = lookup->hash_next)
+	      if ((lookup->flags & F_HOSTS) && 
+		  (lookup->flags & flags & (F_IPV4 | F_IPV6)) &&
+		  memcmp(&lookup->addr.addr, addr, addrlen) == 0)
+		{
+		  flags &= ~F_REVERSE;
+		  break;
+		}
+	    if (lookup)
+	      break;
+	  }
+      
       cache->flags = flags;
       cache->uid = index;
       memcpy(&cache->addr.addr, addr, addrlen);
@@ -997,6 +1003,8 @@ void log_query(unsigned short flags, char *name, struct all_addr *addr,
 	strcpy(addrbuff, "<SRV>");
       else if (flags & F_NXDOMAIN)
 	strcpy(addrbuff, "<TXT>");
+      else if (flags & F_BIGNAME)
+	strcpy(addrbuff, "<PTR>");
       else
 	strcpy(addrbuff, "<CNAME>");
     }

src/config.h

@@ -10,7 +10,7 @@
    GNU General Public License for more details.
 */
 
-#define VERSION "2.35"
+#define VERSION "2.36"
 
 #define FTABSIZ 150 /* max number of outstanding requests (default) */
 #define MAX_PROCS 20 /* max no children for TCP requests */
@@ -48,6 +48,8 @@
 #define CHGRP "dip"
 #define DHCP_SERVER_PORT 67
 #define DHCP_CLIENT_PORT 68
+#define TFTP_PORT 69
+#define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */
 
 /* DBUS interface specifics */
 #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq"
@@ -55,6 +57,10 @@
 
 /* A small collection of RR-types which are missing on some platforms */
 
+#ifndef T_SIG
+#  define T_SIG 24
+#endif
+
 #ifndef T_SRV
 #  define T_SRV 33
 #endif
@@ -63,6 +69,15 @@
 #  define T_OPT 41
 #endif
 
+#ifndef T_TKEY
+#  define T_TKEY 249
+#endif
+
+#ifndef T_TSIG
+#  define T_TSIG 250
+#endif
+
+
 /* Get linux C library versions. */
 #if defined(__linux__) && !defined(__UCLIBC__) && !defined(__uClinux__)
 /*#  include <libio.h> */
@@ -98,6 +113,9 @@ HAVE_ISC_READER
    define this to include the old ISC dhcpcd integration. Note that you cannot
    set both HAVE_ISC_READER and HAVE_BROKEN_RTC.
 
+HAVE_TFTP
+   define this to get dnsmasq's built-in TFTP server.
+
 HAVE_GETOPT_LONG
    define this if you have GNU libc or GNU getopt. 
 
@@ -153,6 +171,7 @@ NOTES:
 */
 
 /* platform independent options- uncomment to enable */
+#define HAVE_TFTP
 /* #define HAVE_BROKEN_RTC */
 /* #define HAVE_ISC_READER */
 /* #define HAVE_DBUS */
@@ -161,6 +180,11 @@ NOTES:
 #  error HAVE_ISC_READER is not compatible with HAVE_BROKEN_RTC
 #endif
 
+/* Allow TFTP to be disabled with CFLAGS=-DNO_TFTP */
+#ifdef NO_TFTP
+#undef HAVE_TFTP
+#endif
+
 /* platform dependent options. */
 
 /* Must preceed __linux__ since uClinux defines __linux__ too. */

src/dhcp.c

@@ -117,7 +117,7 @@ void dhcp_packet(struct daemon *daemon, time_t now)
   struct iovec iov;
   ssize_t sz; 
   int iface_index = 0, unicast_dest = 0;
-  struct in_addr iface_addr;
+  struct in_addr iface_addr, *addrp = NULL;
   struct iface_param parm;
 
   union {
@@ -185,7 +185,7 @@ void dhcp_packet(struct daemon *daemon, time_t now)
   if (!(msg.msg_flags & MSG_BCAST))
     unicast_dest = 1;
 #endif
- 
+
 #else
   /* fallback for systems without IP_RECVIF - allow only one interface
      and assume packets arrive from it - yuk. */
@@ -198,16 +198,30 @@ void dhcp_packet(struct daemon *daemon, time_t now)
 #endif
 
   ifr.ifr_addr.sa_family = AF_INET;
-  if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) == -1 )
-    return;
-  iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
+  if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 )
+    {
+      addrp = &iface_addr;
+      iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
+    }
 
+  if (!iface_check(daemon, AF_INET, (struct all_addr *)addrp, &ifr, &iface_index))
+    return;
+  
   for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
     if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
       return;
   
-  if (!iface_check(daemon, AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name))
-    return;
+  /* interface may have been changed by alias in iface_check */
+  if (!addrp)
+    {
+      if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1)
+	{
+	  syslog(LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name);
+	  return;
+	}
+      else
+	iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
+    }
   
   /* unlinked contexts are marked by context->current == context */
   for (context = daemon->dhcp; context; context = context->next)

src/dnsmasq.h

@@ -88,30 +88,32 @@ extern int capset(cap_user_header_t header, cap_user_data_t data);
 */
 #define DNSMASQ_PACKETSZ PACKETSZ+MAXDNAME+RRFIXEDSZ
 
-#define OPT_BOGUSPRIV      1
-#define OPT_FILTER         2
-#define OPT_LOG            4
-#define OPT_SELFMX         8
-#define OPT_NO_HOSTS       16
-#define OPT_NO_POLL        32
-#define OPT_DEBUG          64
-#define OPT_ORDER          128
-#define OPT_NO_RESOLV      256
-#define OPT_EXPAND         512
-#define OPT_LOCALMX        1024
-#define OPT_NO_NEG         2048
-#define OPT_NODOTS_LOCAL   4096
-#define OPT_NOWILD         8192
-#define OPT_ETHERS         16384
-#define OPT_RESOLV_DOMAIN  32768
-#define OPT_NO_FORK        65536
-#define OPT_AUTHORITATIVE  131072
-#define OPT_LOCALISE       262144
-#define OPT_DBUS           524288
-#define OPT_BOOTP_DYNAMIC  1048576
-#define OPT_NO_PING        2097152
-#define OPT_LEASE_RO       4194304
-#define OPT_RELOAD         8388608
+#define OPT_BOGUSPRIV      (1<<0)
+#define OPT_FILTER         (1<<1)
+#define OPT_LOG            (1<<2)
+#define OPT_SELFMX         (1<<3)
+#define OPT_NO_HOSTS       (1<<4)
+#define OPT_NO_POLL        (1<<5)
+#define OPT_DEBUG          (1<<6)
+#define OPT_ORDER          (1<<7)
+#define OPT_NO_RESOLV      (1<<8)
+#define OPT_EXPAND         (1<<9)
+#define OPT_LOCALMX        (1<<10)
+#define OPT_NO_NEG         (1<<11)
+#define OPT_NODOTS_LOCAL   (1<<12)
+#define OPT_NOWILD         (1<<13)
+#define OPT_ETHERS         (1<<14)
+#define OPT_RESOLV_DOMAIN  (1<<15)
+#define OPT_NO_FORK        (1<<16)
+#define OPT_AUTHORITATIVE  (1<<17)
+#define OPT_LOCALISE       (1<<18)
+#define OPT_DBUS           (1<<19)
+#define OPT_BOOTP_DYNAMIC  (1<<20)
+#define OPT_NO_PING        (1<<21)
+#define OPT_LEASE_RO       (1<<22)
+#define OPT_RELOAD         (1<<24)
+#define OPT_TFTP           (1<<25)
+#define OPT_TFTP_SECURE    (1<<26)
 
 struct all_addr {
   union {
@@ -146,6 +148,11 @@ struct txt_record {
   struct txt_record *next;
 };
 
+struct ptr_record {
+  char *name, *ptr;
+  struct ptr_record *next;
+};
+
 union bigname {
   char name[MAXDNAME];
   union bigname *next; /* freelist */
@@ -239,11 +246,12 @@ struct server {
 struct irec {
   union mysockaddr addr;
   struct in_addr netmask; /* only valid for IPv4 */
+  int dhcp_ok;
   struct irec *next;
 };
 
 struct listener {
-  int fd, tcpfd, family;
+  int fd, tcpfd, tftpfd, family;
   struct irec *iface; /* only valid for non-wildcard */
   struct listener *next;
 };
@@ -274,7 +282,7 @@ struct hostsfile {
 struct frec {
   union mysockaddr source;
   struct all_addr dest;
-  struct server *sentto;
+  struct server *sentto; /* NULL means free */
   unsigned int iface;
   unsigned short orig_id, new_id;
   int fd, forwardall;
@@ -380,6 +388,13 @@ struct dhcp_mac {
   struct dhcp_mac *next;
 };
 
+#if defined(__FreeBSD__) || defined(__DragonFly__)
+struct dhcp_bridge {
+  char iface[IF_NAMESIZE];
+  struct dhcp_bridge *alias, *next;
+};
+#endif
+
 struct dhcp_context {
   unsigned int lease_time, addr_epoch;
   struct in_addr netmask, broadcast;
@@ -415,6 +430,23 @@ struct ping_result {
   struct ping_result *next;
 };
 
+struct tftp_file {
+  int refcount, fd;
+  off_t size;
+  char filename[];
+};
+
+struct tftp_transfer {
+  int sockfd;
+  time_t timeout;
+  int backoff;
+  unsigned int block, blocksize;
+  struct sockaddr_in peer;
+  char opt_blocksize, opt_transize;
+  struct tftp_file *file;
+  struct tftp_transfer *next;
+};
+
 struct daemon {
   /* datastuctures representing the command-line and 
      config file arguments. All set (including defaults)
@@ -424,6 +456,7 @@ struct daemon {
   struct resolvc default_resolv, *resolv_files;
   struct mx_srv_record *mxnames;
   struct txt_record *txt;
+  struct ptr_record *ptr;
   char *mxtarget;
   char *lease_file; 
   char *username, *groupname;
@@ -444,8 +477,8 @@ struct daemon {
   struct dhcp_vendor *dhcp_vendors;
   struct dhcp_mac *dhcp_macs;
   struct dhcp_boot *boot_config;
-  struct dhcp_netid_list *dhcp_ignore;
-  int dhcp_max; 
+  struct dhcp_netid_list *dhcp_ignore, *dhcp_ignore_names;
+  int dhcp_max, tftp_max; 
   unsigned int min_leasetime;
   struct doctor *doctors;
   unsigned short edns_pktsz;
@@ -473,14 +506,20 @@ struct daemon {
   char *dhcp_buff, *dhcp_buff2;
   struct ping_result *ping_results;
   FILE *lease_stream;
+#if defined(__FreeBSD__) || defined(__DragonFly__)
+  struct dhcp_bridge *bridges;
+#endif
 
   /* DBus stuff */
-#ifdef HAVE_DBUS
   /* void * here to avoid depending on dbus headers outside dbus.c */
   void *dbus;
+#ifdef HAVE_DBUS
   struct watch *watches;
 #endif
 
+  /* TFTP stuff */
+  struct tftp_transfer *tftp_trans;
+  char *tftp_prefix; 
 };
 
 /* cache.c */
@@ -515,7 +554,7 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct daemon *d
 int check_for_bogus_wildcard(HEADER *header, size_t qlen, char *name, 
 			     struct bogus_addr *addr, time_t now);
 unsigned char *find_pseudoheader(HEADER *header, size_t plen,
-				 size_t *len, unsigned char **p);
+				 size_t *len, unsigned char **p, int *is_sign);
 int check_for_local_domain(char *name, time_t now, struct daemon *daemon);
 unsigned int questions_crc(HEADER *header, size_t plen, char *buff);
 size_t resize_packet(HEADER *header, size_t plen, 
@@ -563,10 +602,10 @@ struct serverfd *allocate_sfd(union mysockaddr *addr, struct serverfd **sfds);
 int reload_servers(char *fname, struct daemon *daemon);
 void check_servers(struct daemon *daemon);
 int enumerate_interfaces(struct daemon *daemon);
-struct listener *create_wildcard_listeners(int port);
+struct listener *create_wildcard_listeners(int port, int have_tftp);
 struct listener *create_bound_listeners(struct daemon *daemon);
-int iface_check(struct daemon *daemon, int family, 
-		struct all_addr *addr, char *name);
+int iface_check(struct daemon *daemon, int family, struct all_addr *addr, 
+		struct ifreq *ifr, int *indexp);
 int fix_fd(int fd);
 
 /* dhcp.c */
@@ -652,3 +691,9 @@ void helper_write(struct daemon *daemon);
 void queue_script(struct daemon *daemon, int action, 
 		  struct dhcp_lease *lease, char *hostname);
 int helper_buf_empty(void);
+
+/* tftp.c */
+#ifdef HAVE_TFTP
+void tftp_request(struct listener *listen, struct daemon *daemon, time_t now);
+void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now);
+#endif