You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

286 lines
9.5 KiB

  1. diff --git a/Clients/Makefile b/Clients/Makefile
  2. index 383af31..925c20e 100755
  3. --- a/Clients/Makefile
  4. +++ b/Clients/Makefile
  5. @@ -36,7 +36,7 @@ TARGETS = build/dns-sd build/dns-sd64
  6. LIBS =
  7. else
  8. TARGETS = build/dns-sd
  9. -LIBS = -L../mDNSPosix/build/prod/ -ldns_sd
  10. +LIBS ?= -L../mDNSPosix/build/prod/ -ldns_sd
  11. endif
  12. all: $(TARGETS)
  13. diff --git a/mDNSPosix/PosixDaemon.c b/mDNSPosix/PosixDaemon.c
  14. index 88b3292..e86a6c7 100644
  15. --- a/mDNSPosix/PosixDaemon.c
  16. +++ b/mDNSPosix/PosixDaemon.c
  17. @@ -37,6 +37,11 @@
  18. #include <fcntl.h>
  19. #include <pwd.h>
  20. #include <sys/types.h>
  21. +#ifdef __linux__
  22. +#include <sys/capability.h> /* !!! We require libcap-dev for this. Oh well. */
  23. +/* prctl is required to enable inheriting of capabilities across setuid */
  24. +#include <sys/prctl.h>
  25. +#endif /* __linux__ */
  26. #if __APPLE__
  27. #undef daemon
  28. @@ -184,16 +189,50 @@ int main(int argc, char **argv)
  29. Reconfigure(&mDNSStorage);
  30. +#ifdef __linux__
  31. + /*
  32. + * SO_BINDTODEVICE is privileged operation; however, we can get
  33. + * around it using capabilities instead of remaining root.
  34. + */
  35. + if (mStatus_NoError == err)
  36. + {
  37. + if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
  38. + perror("prctl PR_SET_KEEPCAPS");
  39. + }
  40. +#endif /* __linux__ */
  41. +
  42. // Now that we're finished with anything privileged, switch over to running as "nobody"
  43. if (mStatus_NoError == err)
  44. {
  45. const struct passwd *pw = getpwnam("nobody");
  46. if (pw != NULL)
  47. + {
  48. setuid(pw->pw_uid);
  49. +#ifdef __linux__
  50. + struct __user_cap_header_struct ch;
  51. + struct __user_cap_data_struct cd[_LINUX_CAPABILITY_U32S_3];
  52. +
  53. + memset(&ch, 0, sizeof(ch));
  54. + ch.version = _LINUX_CAPABILITY_VERSION_3;
  55. + ch.pid = getpid();
  56. + memset(&cd[0], 0, sizeof(cd));
  57. + /* CAP_NET_RAW is required to use SO_BINDTODEVICE */
  58. + int caps = CAP_TO_MASK(CAP_NET_RAW);
  59. + cd[0].permitted = caps;
  60. + cd[0].effective = caps;
  61. + if (capset(&ch, &cd[0]) < 0)
  62. + perror("capset");
  63. +#endif /* __linux__ */
  64. + }
  65. else
  66. LogMsg("WARNING: mdnsd continuing as root because user \"nobody\" does not exist");
  67. }
  68. +#ifdef __linux__
  69. + if (mStatus_NoError == err)
  70. + err = mDNSPlatformPosixRefreshInterfaceList(&mDNSStorage);
  71. +#endif /* __linux__ */
  72. +
  73. if (mStatus_NoError == err)
  74. err = MainLoop(&mDNSStorage);
  75. diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c
  76. index 6effa12..7c1d6eb 100755
  77. --- a/mDNSPosix/mDNSPosix.c
  78. +++ b/mDNSPosix/mDNSPosix.c
  79. @@ -733,6 +741,29 @@ mDNSlocal int SetupSocket(struct sockaddr *intfAddr, mDNSIPPort port, int interf
  80. if (err < 0) { err = errno; perror("setsockopt - IP_MULTICAST_TTL"); }
  81. }
  82. +#ifdef __linux__
  83. +#ifdef SO_BINDTODEVICE
  84. + if (err == 0 && interfaceIndex)
  85. + {
  86. + char ifname[IFNAMSIZ];
  87. + if (if_indextoname(interfaceIndex, ifname))
  88. + {
  89. + err = setsockopt(*sktPtr, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname));
  90. + if (err < 0)
  91. + {
  92. + err = errno;
  93. + perror("setsockopt - SO_BINDTODEVICE");
  94. + }
  95. + }
  96. + else
  97. + {
  98. + err = errno;
  99. + perror("if_indextoname");
  100. + }
  101. + }
  102. +#endif /* SO_BINDTODEVICE */
  103. +#endif /* __linux__ */
  104. +
  105. // And start listening for packets
  106. if (err == 0)
  107. {
  108. @@ -814,6 +845,29 @@ mDNSlocal int SetupSocket(struct sockaddr *intfAddr, mDNSIPPort port, int interf
  109. if (err < 0) { err = errno; perror("setsockopt - IPV6_MULTICAST_HOPS"); }
  110. }
  111. +#ifdef __linux__
  112. +#ifdef SO_BINDTODEVICE
  113. + if (err == 0 && interfaceIndex)
  114. + {
  115. + char ifname[IFNAMSIZ];
  116. + if (if_indextoname(interfaceIndex, ifname))
  117. + {
  118. + err = setsockopt(*sktPtr, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname));
  119. + if (err < 0)
  120. + {
  121. + err = errno;
  122. + perror("setsockopt - SO_BINDTODEVICE");
  123. + }
  124. + }
  125. + else
  126. + {
  127. + err = errno;
  128. + perror("if_indextoname");
  129. + }
  130. + }
  131. +#endif /* SO_BINDTODEVICE */
  132. +#endif /* __linux__ */
  133. +
  134. // And start listening for packets
  135. if (err == 0)
  136. {
  137. @@ -958,19 +1017,14 @@ mDNSlocal int SetupInterfaceList(mDNS *const m)
  138. int err = 0;
  139. struct ifi_info *intfList = get_ifi_info(AF_INET, mDNStrue);
  140. struct ifi_info *firstLoopback = NULL;
  141. + struct ifi_info **p = &intfList;
  142. assert(m != NULL);
  143. debugf("SetupInterfaceList");
  144. - if (intfList == NULL) err = ENOENT;
  145. -
  146. #if HAVE_IPV6
  147. - if (err == 0) /* Link the IPv6 list to the end of the IPv4 list */
  148. - {
  149. - struct ifi_info **p = &intfList;
  150. - while (*p) p = &(*p)->ifi_next;
  151. - *p = get_ifi_info(AF_INET6, mDNStrue);
  152. - }
  153. + while (*p) p = &(*p)->ifi_next;
  154. + *p = get_ifi_info(AF_INET6, mDNStrue);
  155. #endif
  156. if (err == 0)
  157. @@ -1046,7 +1100,7 @@ mDNSlocal mStatus OpenIfNotifySocket(int *pFD)
  158. /* Subscribe the socket to Link & IP addr notifications. */
  159. mDNSPlatformMemZero(&snl, sizeof snl);
  160. snl.nl_family = AF_NETLINK;
  161. - snl.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR;
  162. + snl.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR;
  163. ret = bind(sock, (struct sockaddr *) &snl, sizeof snl);
  164. if (0 == ret)
  165. *pFD = sock;
  166. @@ -1124,11 +1178,18 @@ mDNSlocal mDNSu32 ProcessRoutingNotification(int sd)
  167. PrintNetLinkMsg(pNLMsg);
  168. #endif
  169. + // this result isn't used anywhere as a number, just as
  170. + // non-zero - however, I have seen devices with more than 32
  171. + // interfaces at some point..
  172. + // (on Linux, every tunnel increases index for example)
  173. +
  174. // Process the NetLink message
  175. if (pNLMsg->nlmsg_type == RTM_GETLINK || pNLMsg->nlmsg_type == RTM_NEWLINK)
  176. - result |= 1 << ((struct ifinfomsg*) NLMSG_DATA(pNLMsg))->ifi_index;
  177. + result |= 1;
  178. + // << ((struct ifinfomsg*) NLMSG_DATA(pNLMsg))->ifi_index;
  179. else if (pNLMsg->nlmsg_type == RTM_DELADDR || pNLMsg->nlmsg_type == RTM_NEWADDR)
  180. - result |= 1 << ((struct ifaddrmsg*) NLMSG_DATA(pNLMsg))->ifa_index;
  181. + result |= 1;
  182. + // << ((struct ifaddrmsg*) NLMSG_DATA(pNLMsg))->ifa_index;
  183. // Advance pNLMsg to the next message in the buffer
  184. if ((pNLMsg->nlmsg_flags & NLM_F_MULTI) != 0 && pNLMsg->nlmsg_type != NLMSG_DONE)
  185. @@ -1299,8 +1360,12 @@ mDNSexport mStatus mDNSPlatformInit(mDNS *const m)
  186. if (err == mStatus_NoError) err = SetupSocket(&sa, zeroIPPort, 0, &m->p->unicastSocket6);
  187. #endif
  188. + // In Linux case, we can't set up sockets with different owner -
  189. + // it blows up SO_REUSEPORT. So we do this step bit later.
  190. +#ifndef __linux__
  191. // Tell mDNS core about the network interfaces on this machine.
  192. if (err == mStatus_NoError) err = SetupInterfaceList(m);
  193. +#endif /* !__linux__ */
  194. // Tell mDNS core about DNS Servers
  195. mDNS_Lock(m);
  196. diff --git a/mDNSPosix/mDNSUNP.c b/mDNSPosix/mDNSUNP.c
  197. index b392fc7..f551ad5 100755
  198. --- a/mDNSPosix/mDNSUNP.c
  199. +++ b/mDNSPosix/mDNSUNP.c
  200. @@ -63,6 +63,7 @@
  201. #if defined(AF_INET6) && HAVE_IPV6 && HAVE_LINUX
  202. #include <netdb.h>
  203. #include <arpa/inet.h>
  204. +#include <linux/if_addr.h>
  205. /* Converts a prefix length to IPv6 network mask */
  206. void plen_to_mask(int plen, char *addr) {
  207. @@ -86,7 +87,7 @@ struct ifi_info *get_ifi_info_linuxv6(int family, int doaliases)
  208. FILE *fp = NULL;
  209. char addr[8][5];
  210. int flags, myflags, index, plen, scope;
  211. - char ifname[9], lastname[IFNAMSIZ];
  212. + char ifname[IFNAMSIZ], lastname[IFNAMSIZ];
  213. char addr6[32+7+1]; /* don't forget the seven ':' */
  214. struct addrinfo hints, *res0;
  215. int err;
  216. @@ -92,7 +93,8 @@ struct ifi_info *get_ifi_info_linuxv6(int family, int doaliases)
  217. int err;
  218. int sockfd = -1;
  219. struct ifreq ifr;
  220. -
  221. + char mask[64] = "%4s%4s%4s%4s%4s%4s%4s%4s %02x %02x %02x %02x %";
  222. + sprintf(mask+strlen(mask), "%ds\n", IFNAMSIZ);
  223. res0=NULL;
  224. ifihead = NULL;
  225. ifipnext = &ifihead;
  226. @@ -104,11 +106,12 @@ struct ifi_info *get_ifi_info_linuxv6(int family, int doaliases)
  227. goto gotError;
  228. }
  229. while (fscanf(fp,
  230. - "%4s%4s%4s%4s%4s%4s%4s%4s %02x %02x %02x %02x %8s\n",
  231. + mask,
  232. addr[0],addr[1],addr[2],addr[3],
  233. addr[4],addr[5],addr[6],addr[7],
  234. &index, &plen, &scope, &flags, ifname) != EOF) {
  235. + if (flags & IFA_F_DEPRECATED) continue;
  236. myflags = 0;
  237. if (strncmp(lastname, ifname, IFNAMSIZ) == 0) {
  238. if (doaliases == 0)
  239. diff --git a/mDNSShared/dnsextd_parser.y b/mDNSShared/dnsextd_parser.y
  240. index 18c5990..d4b63ce 100644
  241. --- a/mDNSShared/dnsextd_parser.y
  242. +++ b/mDNSShared/dnsextd_parser.y
  243. @@ -15,6 +15,8 @@
  244. * limitations under the License.
  245. */
  246. +%parse-param { void *context }
  247. +
  248. %{
  249. #include <stdio.h>
  250. #include <stdlib.h>
  251. @@ -23,7 +25,7 @@
  252. #include "DebugServices.h"
  253. #include "dnsextd.h"
  254. -void yyerror( const char* error );
  255. +void yyerror( void *context, const char* error );
  256. int yylex(void);
  257. @@ -409,7 +419,7 @@ int yywrap(void);
  258. extern int yylineno;
  259. -void yyerror( const char *str )
  260. +void yyerror( void *context, const char *str )
  261. {
  262. fprintf( stderr,"%s:%d: error: %s\n", g_filename, yylineno, str );
  263. }