1/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
2
3   This program is free software; you can redistribute it and/or modify
4   it under the terms of the GNU General Public License as published by
5   the Free Software Foundation; version 2 dated June, 1991, or
6   (at your option) version 3 dated 29 June, 2007.
7
8   This program is distributed in the hope that it will be useful,
9   but WITHOUT ANY WARRANTY; without even the implied warranty of
10   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11   GNU General Public License for more details.
12
13   You should have received a copy of the GNU General Public License
14   along with this program.  If not, see <http://www.gnu.org/licenses/>.
15*/
16
17#define FTABSIZ 150 /* max number of outstanding requests (default) */
18#define MAX_PROCS 20 /* max no children for TCP requests */
19#define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
20#define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
21#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
22#define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */
23#define KEYBLOCK_LEN 40 /* choose to mininise fragmentation when storing DNSSEC keys */
24#define DNSSEC_WORK 50 /* Max number of queries to validate one question */
25#define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */
26#define FORWARD_TEST 50 /* try all servers every 50 queries */
27#define FORWARD_TIME 20 /* or 20 seconds */
28#define RANDOM_SOCKS 64 /* max simultaneous random ports */
29#define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */
30#define CACHESIZ 150 /* default cache size */
31#define TTL_FLOOR_LIMIT 3600 /* don't allow --min-cache-ttl to raise TTL above this under any circumstances */
32#define MAXLEASES 1000 /* maximum number of DHCP leases */
33#define PING_WAIT 3 /* wait for ping address-in-use test */
34#define PING_CACHE_TIME 30 /* Ping test assumed to be valid this long. */
35#define DECLINE_BACKOFF 600 /* disable DECLINEd static addresses for this long */
36#define DHCP_PACKET_MAX 16384 /* hard limit on DHCP packet size */
37#define SMALLDNAME 50 /* most domain names are smaller than this */
38#define CNAME_CHAIN 10 /* chains longer than this atr dropped for loop protection */
39#define HOSTSFILE "/etc/hosts"
40#define ETHERSFILE "/etc/ethers"
41#define DEFLEASE 3600 /* default lease time, 1 hour */
42#define CHUSER "nobody"
43#define CHGRP "dip"
44#define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */
45#define LOG_MAX 5 /* log-queue length */
46#define RANDFILE "/dev/urandom"
47#define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" /* Default - may be overridden by config */
48#define DNSMASQ_PATH "/uk/org/thekelleys/dnsmasq"
49#define AUTH_TTL 600 /* default TTL for auth DNS */
50#define SOA_REFRESH 1200 /* SOA refresh default */
51#define SOA_RETRY 180 /* SOA retry default */
52#define SOA_EXPIRY 1209600 /* SOA expiry default */
53#define LOOP_TEST_DOMAIN "test" /* domain for loop testing, "test" is reserved by RFC 2606 and won't therefore clash */
54#define LOOP_TEST_TYPE T_TXT
55
56/* compile-time options: uncomment below to enable or do eg.
57   make COPTS=-DHAVE_BROKEN_RTC
58
59HAVE_BROKEN_RTC
60   define this on embedded systems which don't have an RTC
61   which keeps time over reboots. Causes dnsmasq to use uptime
62   for timing, and keep lease lengths rather than expiry times
63   in its leases file. This also make dnsmasq "flash disk friendly".
64   Normally, dnsmasq tries very hard to keep the on-disk leases file
65   up-to-date: rewriting it after every renewal.  When HAVE_BROKEN_RTC
66   is in effect, the lease file is only written when a new lease is
67   created, or an old one destroyed. (Because those are the only times
68   it changes.) This vastly reduces the number of file writes, and makes
69   it viable to keep the lease file on a flash filesystem.
70   NOTE: when enabling or disabling this, be sure to delete any old
71   leases file, otherwise dnsmasq may get very confused.
72
73HAVE_LEASEFILE_EXPIRE
74   define this if you want to enable lease file update with expire
75   timeouts instead of expiry times or lease lengths, if HAVE_BROKEN_RTC
76   is also enabled. Lease file will be rewritten upon SIGUSR2 signal
77   reception and/or dnsmasq termination.
78
79HAVE_TFTP
80   define this to get dnsmasq's built-in TFTP server.
81
82HAVE_DHCP
83   define this to get dnsmasq's DHCPv4 server.
84
85HAVE_DHCP6
86   define this to get dnsmasq's DHCPv6 server. (implies HAVE_DHCP).
87
88HAVE_SCRIPT
89   define this to get the ability to call scripts on lease-change.
90
91HAVE_LUASCRIPT
92   define this to get the ability to call Lua script on lease-change. (implies HAVE_SCRIPT)
93
94HAVE_DBUS
95   define this if you want to link against libdbus, and have dnsmasq
96   support some methods to allow (re)configuration of the upstream DNS
97   servers via DBus.
98
99HAVE_IDN
100   define this if you want international domain name support.
101   NOTE: for backwards compatibility, IDN support is automatically
102         included when internationalisation support is built, using the
103	 *-i18n makefile targets, even if HAVE_IDN is not explicitly set.
104
105HAVE_CONNTRACK
106   define this to include code which propogates conntrack marks from
107   incoming DNS queries to the corresponding upstream queries. This adds
108   a build-dependency on libnetfilter_conntrack, but the resulting binary will
109   still run happily on a kernel without conntrack support.
110
111HAVE_IPSET
112    define this to include the ability to selectively add resolved ip addresses
113    to given ipsets.
114
115HAVE_AUTH
116   define this to include the facility to act as an authoritative DNS
117   server for one or more zones.
118
119HAVE_DNSSEC
120   include DNSSEC validator.
121
122HAVE_LOOP
123   include functionality to probe for and remove DNS forwarding loops.
124
125HAVE_INOTIFY
126   use the Linux inotify facility to efficiently re-read configuration files.
127
128NO_IPV6
129NO_TFTP
130NO_DHCP
131NO_DHCP6
132NO_SCRIPT
133NO_LARGEFILE
134NO_AUTH
135NO_INOTIFY
136   these are avilable to explictly disable compile time options which would
137   otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or
138   which are enabled  by default in the distributed source tree. Building dnsmasq
139   with something like "make COPTS=-DNO_SCRIPT" will do the trick.
140
141NO_NETTLE_ECC
142   Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions.
143NO_GMP
144   Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp.
145
146LEASEFILE
147CONFFILE
148RESOLVFILE
149   the default locations of these files are determined below, but may be overridden
150   in a build command line using COPTS.
151
152*/
153
154/* Defining this builds a binary which handles time differently and works better on a system without a
155   stable RTC (it uses uptime, not epoch time) and writes the DHCP leases file less often to avoid flash wear.
156*/
157
158/* #define HAVE_BROKEN_RTC */
159/* #define HAVE_LEASEFILE_EXPIRE */
160
161/* The default set of options to build. Built with these options, dnsmasq
162   has no library dependencies other than libc */
163
164#define HAVE_DHCP
165#define HAVE_DHCP6
166#define HAVE_TFTP
167#define HAVE_SCRIPT
168#define HAVE_AUTH
169#define HAVE_IPSET
170#define HAVE_LOOP
171
172/* Build options which require external libraries.
173
174   Defining HAVE_<opt>_STATIC as _well_ as HAVE_<opt> will link the library statically.
175
176   You can use "make COPTS=-DHAVE_<opt>" instead of editing these.
177*/
178
179/* #define HAVE_LUASCRIPT */
180/* #define HAVE_DBUS */
181/* #define HAVE_IDN */
182/* #define HAVE_CONNTRACK */
183/* #define HAVE_DNSSEC */
184
185
186/* Default locations for important system files. */
187
188#ifndef LEASEFILE
189#   if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__) || defined(__NetBSD__)
190#      define LEASEFILE "/var/db/dnsmasq.leases"
191#   elif defined(__sun__) || defined (__sun)
192#      define LEASEFILE "/var/cache/dnsmasq.leases"
193#   elif defined(__ANDROID__)
194#      define LEASEFILE "/data/misc/dhcp/dnsmasq.leases"
195#   else
196#      define LEASEFILE "/var/lib/misc/dnsmasq.leases"
197#   endif
198#endif
199
200#ifndef CONFFILE
201#   if defined(__FreeBSD__)
202#      define CONFFILE "/usr/local/etc/dnsmasq.conf"
203#   else
204#      define CONFFILE "/etc/dnsmasq.conf"
205#   endif
206#endif
207
208#ifndef RESOLVFILE
209#   if defined(__uClinux__)
210#      define RESOLVFILE "/etc/config/resolv.conf"
211#   else
212#      define RESOLVFILE "/etc/resolv.conf"
213#   endif
214#endif
215
216#ifndef RUNFILE
217#   if defined(__ANDROID__)
218#      define RUNFILE "/data/dnsmasq.pid"
219#    else
220#      define RUNFILE "/var/run/dnsmasq.pid"
221#    endif
222#endif
223
224/* platform dependent options: these are determined automatically below
225
226HAVE_LINUX_NETWORK
227HAVE_BSD_NETWORK
228HAVE_SOLARIS_NETWORK
229   define exactly one of these to alter interaction with kernel networking.
230
231HAVE_GETOPT_LONG
232   defined when GNU-style getopt_long available.
233
234HAVE_SOCKADDR_SA_LEN
235   defined if struct sockaddr has sa_len field (*BSD)
236*/
237
238/* Must preceed __linux__ since uClinux defines __linux__ too. */
239#if defined(__uClinux__)
240#define HAVE_LINUX_NETWORK
241#define HAVE_GETOPT_LONG
242#undef HAVE_SOCKADDR_SA_LEN
243/* Never use fork() on uClinux. Note that this is subtly different from the
244   --keep-in-foreground option, since it also  suppresses forking new
245   processes for TCP connections and disables the call-a-script on leasechange
246   system. It's intended for use on MMU-less kernels. */
247#define NO_FORK
248
249#elif defined(__UCLIBC__)
250#define HAVE_LINUX_NETWORK
251#if defined(__UCLIBC_HAS_GNU_GETOPT__) || \
252   ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21))
253#    define HAVE_GETOPT_LONG
254#endif
255#undef HAVE_SOCKADDR_SA_LEN
256#if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__)
257#  define NO_FORK
258#endif
259#if defined(__UCLIBC_HAS_IPV6__) && defined(USE_IPV6)
260#  ifndef IPV6_V6ONLY
261#    define IPV6_V6ONLY 26
262#  endif
263#elif !defined(NO_IPV6)
264#  define NO_IPV6
265#endif
266
267/* This is for glibc 2.x */
268#elif defined(__linux__)
269#define HAVE_LINUX_NETWORK
270#define HAVE_GETOPT_LONG
271#undef HAVE_SOCKADDR_SA_LEN
272
273#elif defined(__FreeBSD__) || \
274      defined(__OpenBSD__) || \
275      defined(__DragonFly__) || \
276      defined(__FreeBSD_kernel__)
277#define HAVE_BSD_NETWORK
278/* Later verions of FreeBSD have getopt_long() */
279#if defined(optional_argument) && defined(required_argument)
280#   define HAVE_GETOPT_LONG
281#endif
282#define HAVE_SOCKADDR_SA_LEN
283
284#elif defined(__APPLE__)
285#define HAVE_BSD_NETWORK
286#define HAVE_GETOPT_LONG
287#define HAVE_SOCKADDR_SA_LEN
288/* Define before sys/socket.h is included so we get socklen_t */
289#define _BSD_SOCKLEN_T_
290/* Select the RFC_3542 version of the IPv6 socket API.
291   Define before netinet6/in6.h is included. */
292#define __APPLE_USE_RFC_3542
293#define NO_IPSET
294
295#elif defined(__NetBSD__)
296#define HAVE_BSD_NETWORK
297#define HAVE_GETOPT_LONG
298#define HAVE_SOCKADDR_SA_LEN
299
300#elif defined(__sun) || defined(__sun__)
301#define HAVE_SOLARIS_NETWORK
302#define HAVE_GETOPT_LONG
303#undef HAVE_SOCKADDR_SA_LEN
304#define ETHER_ADDR_LEN 6
305
306#endif
307
308/* Decide if we're going to support IPv6 */
309/* We assume that systems which don't have IPv6
310   headers don't have ntop and pton either */
311
312#if defined(INET6_ADDRSTRLEN) && defined(IPV6_V6ONLY)
313#  define HAVE_IPV6
314#  define ADDRSTRLEN INET6_ADDRSTRLEN
315#else
316#  if !defined(INET_ADDRSTRLEN)
317#      define INET_ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */
318#  endif
319#  undef HAVE_IPV6
320#  define ADDRSTRLEN INET_ADDRSTRLEN
321#endif
322
323
324/* rules to implement compile-time option dependencies and
325   the NO_XXX flags */
326
327#ifdef NO_IPV6
328#undef HAVE_IPV6
329#endif
330
331#ifdef NO_TFTP
332#undef HAVE_TFTP
333#endif
334
335#ifdef NO_DHCP
336#undef HAVE_DHCP
337#undef HAVE_DHCP6
338#endif
339
340#if defined(NO_DHCP6) || !defined(HAVE_IPV6)
341#undef HAVE_DHCP6
342#endif
343
344/* DHCP6 needs DHCP too */
345#ifdef HAVE_DHCP6
346#define HAVE_DHCP
347#endif
348
349#if defined(NO_SCRIPT) || !defined(HAVE_DHCP) || defined(NO_FORK)
350#undef HAVE_SCRIPT
351#undef HAVE_LUASCRIPT
352#endif
353
354/* Must HAVE_SCRIPT to HAVE_LUASCRIPT */
355#ifdef HAVE_LUASCRIPT
356#define HAVE_SCRIPT
357#endif
358
359#ifdef NO_AUTH
360#undef HAVE_AUTH
361#endif
362
363#if defined(NO_IPSET)
364#undef HAVE_IPSET
365#endif
366
367#ifdef NO_LOOP
368#undef HAVE_LOOP
369#endif
370
371#if defined (HAVE_LINUX_NETWORK) && !defined(NO_INOTIFY)
372#define HAVE_INOTIFY
373#endif
374
375/* Define a string indicating which options are in use.
376   DNSMASQP_COMPILE_OPTS is only defined in dnsmasq.c */
377
378#ifdef DNSMASQ_COMPILE_OPTS
379
380static char *compile_opts =
381#ifndef HAVE_IPV6
382"no-"
383#endif
384"IPv6 "
385#ifndef HAVE_GETOPT_LONG
386"no-"
387#endif
388"GNU-getopt "
389#ifdef HAVE_BROKEN_RTC
390"no-RTC "
391#endif
392#ifdef NO_FORK
393"no-MMU "
394#endif
395#ifndef HAVE_DBUS
396"no-"
397#endif
398"DBus "
399#ifndef LOCALEDIR
400"no-"
401#endif
402"i18n "
403#if !defined(LOCALEDIR) && !defined(HAVE_IDN)
404"no-"
405#endif
406"IDN "
407#ifndef HAVE_DHCP
408"no-"
409#endif
410"DHCP "
411#if defined(HAVE_DHCP)
412#  if !defined (HAVE_DHCP6)
413     "no-"
414#  endif
415     "DHCPv6 "
416#  if !defined(HAVE_SCRIPT)
417     "no-scripts "
418#  else
419#    if !defined(HAVE_LUASCRIPT)
420       "no-"
421#    endif
422     "Lua "
423#  endif
424#endif
425#ifndef HAVE_TFTP
426"no-"
427#endif
428"TFTP "
429#ifndef HAVE_CONNTRACK
430"no-"
431#endif
432"conntrack "
433#ifndef HAVE_IPSET
434"no-"
435#endif
436"ipset "
437#ifndef HAVE_AUTH
438"no-"
439#endif
440"auth "
441#ifndef HAVE_DNSSEC
442"no-"
443#endif
444"DNSSEC "
445#ifndef HAVE_LOOP
446"no-"
447#endif
448"loop-detect "
449#ifndef HAVE_INOTIFY
450"no-"
451#endif
452"inotify";
453
454
455#endif
456
457
458
459