1/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley 2 3 This program is free software; you can redistribute it and/or modify 4 it under the terms of the GNU General Public License as published by 5 the Free Software Foundation; version 2 dated June, 1991, or 6 (at your option) version 3 dated 29 June, 2007. 7 8 This program is distributed in the hope that it will be useful, 9 but WITHOUT ANY WARRANTY; without even the implied warranty of 10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License 14 along with this program. If not, see <http://www.gnu.org/licenses/>. 15*/ 16 17#define FTABSIZ 150 /* max number of outstanding requests (default) */ 18#define MAX_PROCS 20 /* max no children for TCP requests */ 19#define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */ 20#define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */ 21#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */ 22#define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */ 23#define KEYBLOCK_LEN 40 /* choose to mininise fragmentation when storing DNSSEC keys */ 24#define DNSSEC_WORK 50 /* Max number of queries to validate one question */ 25#define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */ 26#define FORWARD_TEST 50 /* try all servers every 50 queries */ 27#define FORWARD_TIME 20 /* or 20 seconds */ 28#define RANDOM_SOCKS 64 /* max simultaneous random ports */ 29#define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */ 30#define CACHESIZ 150 /* default cache size */ 31#define TTL_FLOOR_LIMIT 3600 /* don't allow --min-cache-ttl to raise TTL above this under any circumstances */ 32#define MAXLEASES 1000 /* maximum number of DHCP leases */ 33#define PING_WAIT 3 /* wait for ping address-in-use test */ 34#define PING_CACHE_TIME 30 /* Ping test assumed to be valid this long. */ 35#define DECLINE_BACKOFF 600 /* disable DECLINEd static addresses for this long */ 36#define DHCP_PACKET_MAX 16384 /* hard limit on DHCP packet size */ 37#define SMALLDNAME 50 /* most domain names are smaller than this */ 38#define CNAME_CHAIN 10 /* chains longer than this atr dropped for loop protection */ 39#define HOSTSFILE "/etc/hosts" 40#define ETHERSFILE "/etc/ethers" 41#define DEFLEASE 3600 /* default lease time, 1 hour */ 42#define CHUSER "nobody" 43#define CHGRP "dip" 44#define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */ 45#define LOG_MAX 5 /* log-queue length */ 46#define RANDFILE "/dev/urandom" 47#define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" /* Default - may be overridden by config */ 48#define DNSMASQ_PATH "/uk/org/thekelleys/dnsmasq" 49#define AUTH_TTL 600 /* default TTL for auth DNS */ 50#define SOA_REFRESH 1200 /* SOA refresh default */ 51#define SOA_RETRY 180 /* SOA retry default */ 52#define SOA_EXPIRY 1209600 /* SOA expiry default */ 53#define LOOP_TEST_DOMAIN "test" /* domain for loop testing, "test" is reserved by RFC 2606 and won't therefore clash */ 54#define LOOP_TEST_TYPE T_TXT 55 56/* compile-time options: uncomment below to enable or do eg. 57 make COPTS=-DHAVE_BROKEN_RTC 58 59HAVE_BROKEN_RTC 60 define this on embedded systems which don't have an RTC 61 which keeps time over reboots. Causes dnsmasq to use uptime 62 for timing, and keep lease lengths rather than expiry times 63 in its leases file. This also make dnsmasq "flash disk friendly". 64 Normally, dnsmasq tries very hard to keep the on-disk leases file 65 up-to-date: rewriting it after every renewal. When HAVE_BROKEN_RTC 66 is in effect, the lease file is only written when a new lease is 67 created, or an old one destroyed. (Because those are the only times 68 it changes.) This vastly reduces the number of file writes, and makes 69 it viable to keep the lease file on a flash filesystem. 70 NOTE: when enabling or disabling this, be sure to delete any old 71 leases file, otherwise dnsmasq may get very confused. 72 73HAVE_LEASEFILE_EXPIRE 74 define this if you want to enable lease file update with expire 75 timeouts instead of expiry times or lease lengths, if HAVE_BROKEN_RTC 76 is also enabled. Lease file will be rewritten upon SIGUSR2 signal 77 reception and/or dnsmasq termination. 78 79HAVE_TFTP 80 define this to get dnsmasq's built-in TFTP server. 81 82HAVE_DHCP 83 define this to get dnsmasq's DHCPv4 server. 84 85HAVE_DHCP6 86 define this to get dnsmasq's DHCPv6 server. (implies HAVE_DHCP). 87 88HAVE_SCRIPT 89 define this to get the ability to call scripts on lease-change. 90 91HAVE_LUASCRIPT 92 define this to get the ability to call Lua script on lease-change. (implies HAVE_SCRIPT) 93 94HAVE_DBUS 95 define this if you want to link against libdbus, and have dnsmasq 96 support some methods to allow (re)configuration of the upstream DNS 97 servers via DBus. 98 99HAVE_IDN 100 define this if you want international domain name support. 101 NOTE: for backwards compatibility, IDN support is automatically 102 included when internationalisation support is built, using the 103 *-i18n makefile targets, even if HAVE_IDN is not explicitly set. 104 105HAVE_CONNTRACK 106 define this to include code which propogates conntrack marks from 107 incoming DNS queries to the corresponding upstream queries. This adds 108 a build-dependency on libnetfilter_conntrack, but the resulting binary will 109 still run happily on a kernel without conntrack support. 110 111HAVE_IPSET 112 define this to include the ability to selectively add resolved ip addresses 113 to given ipsets. 114 115HAVE_AUTH 116 define this to include the facility to act as an authoritative DNS 117 server for one or more zones. 118 119HAVE_DNSSEC 120 include DNSSEC validator. 121 122HAVE_LOOP 123 include functionality to probe for and remove DNS forwarding loops. 124 125HAVE_INOTIFY 126 use the Linux inotify facility to efficiently re-read configuration files. 127 128NO_IPV6 129NO_TFTP 130NO_DHCP 131NO_DHCP6 132NO_SCRIPT 133NO_LARGEFILE 134NO_AUTH 135NO_INOTIFY 136 these are avilable to explictly disable compile time options which would 137 otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or 138 which are enabled by default in the distributed source tree. Building dnsmasq 139 with something like "make COPTS=-DNO_SCRIPT" will do the trick. 140 141NO_NETTLE_ECC 142 Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions. 143NO_GMP 144 Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp. 145 146LEASEFILE 147CONFFILE 148RESOLVFILE 149 the default locations of these files are determined below, but may be overridden 150 in a build command line using COPTS. 151 152*/ 153 154/* Defining this builds a binary which handles time differently and works better on a system without a 155 stable RTC (it uses uptime, not epoch time) and writes the DHCP leases file less often to avoid flash wear. 156*/ 157 158/* #define HAVE_BROKEN_RTC */ 159/* #define HAVE_LEASEFILE_EXPIRE */ 160 161/* The default set of options to build. Built with these options, dnsmasq 162 has no library dependencies other than libc */ 163 164#define HAVE_DHCP 165#define HAVE_DHCP6 166#define HAVE_TFTP 167#define HAVE_SCRIPT 168#define HAVE_AUTH 169#define HAVE_IPSET 170#define HAVE_LOOP 171 172/* Build options which require external libraries. 173 174 Defining HAVE_<opt>_STATIC as _well_ as HAVE_<opt> will link the library statically. 175 176 You can use "make COPTS=-DHAVE_<opt>" instead of editing these. 177*/ 178 179/* #define HAVE_LUASCRIPT */ 180/* #define HAVE_DBUS */ 181/* #define HAVE_IDN */ 182/* #define HAVE_CONNTRACK */ 183/* #define HAVE_DNSSEC */ 184 185 186/* Default locations for important system files. */ 187 188#ifndef LEASEFILE 189# if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__) || defined(__NetBSD__) 190# define LEASEFILE "/var/db/dnsmasq.leases" 191# elif defined(__sun__) || defined (__sun) 192# define LEASEFILE "/var/cache/dnsmasq.leases" 193# elif defined(__ANDROID__) 194# define LEASEFILE "/data/misc/dhcp/dnsmasq.leases" 195# else 196# define LEASEFILE "/var/lib/misc/dnsmasq.leases" 197# endif 198#endif 199 200#ifndef CONFFILE 201# if defined(__FreeBSD__) 202# define CONFFILE "/usr/local/etc/dnsmasq.conf" 203# else 204# define CONFFILE "/etc/dnsmasq.conf" 205# endif 206#endif 207 208#ifndef RESOLVFILE 209# if defined(__uClinux__) 210# define RESOLVFILE "/etc/config/resolv.conf" 211# else 212# define RESOLVFILE "/etc/resolv.conf" 213# endif 214#endif 215 216#ifndef RUNFILE 217# if defined(__ANDROID__) 218# define RUNFILE "/data/dnsmasq.pid" 219# else 220# define RUNFILE "/var/run/dnsmasq.pid" 221# endif 222#endif 223 224/* platform dependent options: these are determined automatically below 225 226HAVE_LINUX_NETWORK 227HAVE_BSD_NETWORK 228HAVE_SOLARIS_NETWORK 229 define exactly one of these to alter interaction with kernel networking. 230 231HAVE_GETOPT_LONG 232 defined when GNU-style getopt_long available. 233 234HAVE_SOCKADDR_SA_LEN 235 defined if struct sockaddr has sa_len field (*BSD) 236*/ 237 238/* Must preceed __linux__ since uClinux defines __linux__ too. */ 239#if defined(__uClinux__) 240#define HAVE_LINUX_NETWORK 241#define HAVE_GETOPT_LONG 242#undef HAVE_SOCKADDR_SA_LEN 243/* Never use fork() on uClinux. Note that this is subtly different from the 244 --keep-in-foreground option, since it also suppresses forking new 245 processes for TCP connections and disables the call-a-script on leasechange 246 system. It's intended for use on MMU-less kernels. */ 247#define NO_FORK 248 249#elif defined(__UCLIBC__) 250#define HAVE_LINUX_NETWORK 251#if defined(__UCLIBC_HAS_GNU_GETOPT__) || \ 252 ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21)) 253# define HAVE_GETOPT_LONG 254#endif 255#undef HAVE_SOCKADDR_SA_LEN 256#if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__) 257# define NO_FORK 258#endif 259#if defined(__UCLIBC_HAS_IPV6__) && defined(USE_IPV6) 260# ifndef IPV6_V6ONLY 261# define IPV6_V6ONLY 26 262# endif 263#elif !defined(NO_IPV6) 264# define NO_IPV6 265#endif 266 267/* This is for glibc 2.x */ 268#elif defined(__linux__) 269#define HAVE_LINUX_NETWORK 270#define HAVE_GETOPT_LONG 271#undef HAVE_SOCKADDR_SA_LEN 272 273#elif defined(__FreeBSD__) || \ 274 defined(__OpenBSD__) || \ 275 defined(__DragonFly__) || \ 276 defined(__FreeBSD_kernel__) 277#define HAVE_BSD_NETWORK 278/* Later verions of FreeBSD have getopt_long() */ 279#if defined(optional_argument) && defined(required_argument) 280# define HAVE_GETOPT_LONG 281#endif 282#define HAVE_SOCKADDR_SA_LEN 283 284#elif defined(__APPLE__) 285#define HAVE_BSD_NETWORK 286#define HAVE_GETOPT_LONG 287#define HAVE_SOCKADDR_SA_LEN 288/* Define before sys/socket.h is included so we get socklen_t */ 289#define _BSD_SOCKLEN_T_ 290/* Select the RFC_3542 version of the IPv6 socket API. 291 Define before netinet6/in6.h is included. */ 292#define __APPLE_USE_RFC_3542 293#define NO_IPSET 294 295#elif defined(__NetBSD__) 296#define HAVE_BSD_NETWORK 297#define HAVE_GETOPT_LONG 298#define HAVE_SOCKADDR_SA_LEN 299 300#elif defined(__sun) || defined(__sun__) 301#define HAVE_SOLARIS_NETWORK 302#define HAVE_GETOPT_LONG 303#undef HAVE_SOCKADDR_SA_LEN 304#define ETHER_ADDR_LEN 6 305 306#endif 307 308/* Decide if we're going to support IPv6 */ 309/* We assume that systems which don't have IPv6 310 headers don't have ntop and pton either */ 311 312#if defined(INET6_ADDRSTRLEN) && defined(IPV6_V6ONLY) 313# define HAVE_IPV6 314# define ADDRSTRLEN INET6_ADDRSTRLEN 315#else 316# if !defined(INET_ADDRSTRLEN) 317# define INET_ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */ 318# endif 319# undef HAVE_IPV6 320# define ADDRSTRLEN INET_ADDRSTRLEN 321#endif 322 323 324/* rules to implement compile-time option dependencies and 325 the NO_XXX flags */ 326 327#ifdef NO_IPV6 328#undef HAVE_IPV6 329#endif 330 331#ifdef NO_TFTP 332#undef HAVE_TFTP 333#endif 334 335#ifdef NO_DHCP 336#undef HAVE_DHCP 337#undef HAVE_DHCP6 338#endif 339 340#if defined(NO_DHCP6) || !defined(HAVE_IPV6) 341#undef HAVE_DHCP6 342#endif 343 344/* DHCP6 needs DHCP too */ 345#ifdef HAVE_DHCP6 346#define HAVE_DHCP 347#endif 348 349#if defined(NO_SCRIPT) || !defined(HAVE_DHCP) || defined(NO_FORK) 350#undef HAVE_SCRIPT 351#undef HAVE_LUASCRIPT 352#endif 353 354/* Must HAVE_SCRIPT to HAVE_LUASCRIPT */ 355#ifdef HAVE_LUASCRIPT 356#define HAVE_SCRIPT 357#endif 358 359#ifdef NO_AUTH 360#undef HAVE_AUTH 361#endif 362 363#if defined(NO_IPSET) 364#undef HAVE_IPSET 365#endif 366 367#ifdef NO_LOOP 368#undef HAVE_LOOP 369#endif 370 371#if defined (HAVE_LINUX_NETWORK) && !defined(NO_INOTIFY) 372#define HAVE_INOTIFY 373#endif 374 375/* Define a string indicating which options are in use. 376 DNSMASQP_COMPILE_OPTS is only defined in dnsmasq.c */ 377 378#ifdef DNSMASQ_COMPILE_OPTS 379 380static char *compile_opts = 381#ifndef HAVE_IPV6 382"no-" 383#endif 384"IPv6 " 385#ifndef HAVE_GETOPT_LONG 386"no-" 387#endif 388"GNU-getopt " 389#ifdef HAVE_BROKEN_RTC 390"no-RTC " 391#endif 392#ifdef NO_FORK 393"no-MMU " 394#endif 395#ifndef HAVE_DBUS 396"no-" 397#endif 398"DBus " 399#ifndef LOCALEDIR 400"no-" 401#endif 402"i18n " 403#if !defined(LOCALEDIR) && !defined(HAVE_IDN) 404"no-" 405#endif 406"IDN " 407#ifndef HAVE_DHCP 408"no-" 409#endif 410"DHCP " 411#if defined(HAVE_DHCP) 412# if !defined (HAVE_DHCP6) 413 "no-" 414# endif 415 "DHCPv6 " 416# if !defined(HAVE_SCRIPT) 417 "no-scripts " 418# else 419# if !defined(HAVE_LUASCRIPT) 420 "no-" 421# endif 422 "Lua " 423# endif 424#endif 425#ifndef HAVE_TFTP 426"no-" 427#endif 428"TFTP " 429#ifndef HAVE_CONNTRACK 430"no-" 431#endif 432"conntrack " 433#ifndef HAVE_IPSET 434"no-" 435#endif 436"ipset " 437#ifndef HAVE_AUTH 438"no-" 439#endif 440"auth " 441#ifndef HAVE_DNSSEC 442"no-" 443#endif 444"DNSSEC " 445#ifndef HAVE_LOOP 446"no-" 447#endif 448"loop-detect " 449#ifndef HAVE_INOTIFY 450"no-" 451#endif 452"inotify"; 453 454 455#endif 456 457 458 459