C++程序  |  1103行  |  34.28 KB

/* dnsmasq is Copyright (c) 2000-2009 Simon Kelley

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; version 2 dated June, 1991, or
   (at your option) version 3 dated 29 June, 2007.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "dnsmasq.h"

#include <sys/stat.h>

#if defined(HAVE_BSD_NETWORK)
#error Should not HAVE_BSD_NETWORK
#endif

#if defined(HAVE_SOCKADDR_SA_LEN)
#error Should not HAVE_SOCKADDR_SA_LEN
#endif

#if defined(HAVE_SOLARIS_NETWORK)
#error Should not HAVE_SOLARIS_NETWORK
#endif

#if !defined(HAVE_LINUX_NETWORK)
#error Should HAVE_LINUX_NETWORK
#endif

struct daemon* daemon;

static char* compile_opts =
#ifndef HAVE_IPV6
    "no-"
#endif
    "IPv6 "
#ifndef HAVE_GETOPT_LONG
    "no-"
#endif
    "GNU-getopt "
#ifdef HAVE_BROKEN_RTC
    "no-RTC "
#endif
#ifdef NO_FORK
    "no-MMU "
#endif
#ifndef LOCALEDIR
    "no-"
#endif
    "I18N "
#ifndef HAVE_DHCP
    "no-"
#endif
    "DHCP "
#if defined(HAVE_DHCP) && !defined(HAVE_SCRIPT)
    "no-scripts"
#endif
    "";

static volatile pid_t pid = 0;
static volatile int pipewrite;

static int set_dns_listeners(time_t now, fd_set* set, int* maxfdp);
static void check_dns_listeners(fd_set* set, time_t now);
static void sig_handler(int sig);
static void async_event(int pipe, time_t now);
static void fatal_event(struct event_desc* ev);
static void poll_resolv(void);
#ifdef __ANDROID__
static int set_android_listeners(fd_set* set, int* maxfdp);
static int check_android_listeners(fd_set* set);
#endif

void setupSignalHandling() {
    struct sigaction sigact;

    sigact.sa_handler = sig_handler;
    sigact.sa_flags = 0;
    sigemptyset(&sigact.sa_mask);
    sigaction(SIGUSR1, &sigact, NULL);
    sigaction(SIGUSR2, &sigact, NULL);
    sigaction(SIGHUP, &sigact, NULL);
    sigaction(SIGTERM, &sigact, NULL);
    sigaction(SIGALRM, &sigact, NULL);
    sigaction(SIGCHLD, &sigact, NULL);

    /* ignore SIGPIPE */
    sigact.sa_handler = SIG_IGN;
    sigaction(SIGPIPE, &sigact, NULL);
}

void closeUnwantedFileDescriptors() {
    const long kMaxFd = sysconf(_SC_OPEN_MAX);
    long i;
    struct stat stat_buf;

    /* Close any file descriptors we inherited apart from std{in|out|err}. */
    for (i = 0; i < kMaxFd; i++) {
        // TODO: Evaluate just skipping STDIN, since netd does not
        // (intentionally) pass in any other file descriptors.
        if (i == STDOUT_FILENO || i == STDERR_FILENO || i == STDIN_FILENO) {
            continue;
        }

        if (fstat(i, &stat_buf) != 0) {
            if (errno == EBADF) continue;
            if (errno == EACCES) continue;  // Lessen the log spam.
            my_syslog(LOG_ERR, "fstat(%d) error: %d/%s", i, errno, strerror(errno));
        } else {
            my_syslog(LOG_ERR, "Closing inherited file descriptor %d (%u:%u)", i, stat_buf.st_dev,
                      stat_buf.st_ino);
        }
        close(i);
    }
}

int main(int argc, char** argv) {
    int bind_fallback = 0;
    time_t now;
    struct iname* if_tmp;
    int piperead, pipefd[2], err_pipe[2];
    struct passwd* ent_pw = NULL;
#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
    uid_t script_uid = 0;
    gid_t script_gid = 0;
#endif
    struct group* gp = NULL;
    long i, max_fd = sysconf(_SC_OPEN_MAX);
    char* baduser = NULL;
    int log_err;
#if defined(HAVE_LINUX_NETWORK)
    cap_user_header_t hdr = NULL;
    cap_user_data_t data = NULL;
#endif

#ifdef LOCALEDIR
    setlocale(LC_ALL, "");
    bindtextdomain("dnsmasq", LOCALEDIR);
    textdomain("dnsmasq");
#endif

    setupSignalHandling();

    umask(022); /* known umask, create leases and pid files as 0644 */

    read_opts(argc, argv, compile_opts);

    if (daemon->edns_pktsz < PACKETSZ) daemon->edns_pktsz = PACKETSZ;
    daemon->packet_buff_sz =
        daemon->edns_pktsz > DNSMASQ_PACKETSZ ? daemon->edns_pktsz : DNSMASQ_PACKETSZ;
    daemon->packet = safe_malloc(daemon->packet_buff_sz);

#ifdef HAVE_DHCP
    if (!daemon->lease_file) {
        if (daemon->dhcp) daemon->lease_file = LEASEFILE;
    }
#endif

    closeUnwantedFileDescriptors();

#ifdef HAVE_LINUX_NETWORK
    netlink_init();
#elif !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
    if (!(daemon->options & OPT_NOWILD)) {
        bind_fallback = 1;
        daemon->options |= OPT_NOWILD;
    }
#endif

    rand_init();

    now = dnsmasq_time();

#ifdef HAVE_DHCP
    if (daemon->dhcp) {
        /* Note that order matters here, we must call lease_init before
       creating any file descriptors which shouldn't be leaked
       to the lease-script init process. */
        lease_init(now);
        dhcp_init();
    }
#endif

    if (!enumerate_interfaces()) die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);

    if (daemon->options & OPT_NOWILD) {
        daemon->listeners = create_bound_listeners();

        for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
            if (if_tmp->name && !if_tmp->used)
                die(_("unknown interface %s"), if_tmp->name, EC_BADNET);

        for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
            if (!if_tmp->used) {
                prettyprint_addr(&if_tmp->addr, daemon->namebuff);
                die(_("no interface with address %s"), daemon->namebuff, EC_BADNET);
            }
    } else if ((daemon->port != 0 || (daemon->options & OPT_TFTP)) &&
               !(daemon->listeners = create_wildcard_listeners()))
        die(_("failed to create listening socket: %s"), NULL, EC_BADNET);

    if (daemon->port != 0) cache_init();

    if (daemon->port != 0) pre_allocate_sfds();

#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
    /* Note getpwnam returns static storage */
    if (daemon->dhcp && daemon->lease_change_command && daemon->scriptuser) {
        if ((ent_pw = getpwnam(daemon->scriptuser))) {
            script_uid = ent_pw->pw_uid;
            script_gid = ent_pw->pw_gid;
        } else
            baduser = daemon->scriptuser;
    }
#endif

    if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
        baduser = daemon->username;
    else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
        baduser = daemon->groupname;

    if (baduser) die(_("unknown user or group: %s"), baduser, EC_BADCONF);

    /* implement group defaults, "dip" if available, or group associated with uid */
    if (!daemon->group_set && !gp) {
        if (!(gp = getgrnam(CHGRP)) && ent_pw) gp = getgrgid(ent_pw->pw_gid);

        /* for error message */
        if (gp) daemon->groupname = gp->gr_name;
    }

#if defined(HAVE_LINUX_NETWORK)
    /* determine capability API version here, while we can still
       call safe_malloc */
    if (ent_pw && ent_pw->pw_uid != 0) {
        int capsize = 1; /* for header version 1 */
        hdr = safe_malloc(sizeof(*hdr));

        /* find version supported by kernel */
        memset(hdr, 0, sizeof(*hdr));
        capget(hdr, NULL);

        if (hdr->version != LINUX_CAPABILITY_VERSION_1) {
            /* if unknown version, use largest supported version (3) */
            if (hdr->version != LINUX_CAPABILITY_VERSION_2)
                hdr->version = LINUX_CAPABILITY_VERSION_3;
            capsize = 2;
        }

        data = safe_malloc(sizeof(*data) * capsize);
        memset(data, 0, sizeof(*data) * capsize);
    }
#endif

    /* Use a pipe to carry signals and other events back to the event loop
       in a race-free manner and another to carry errors to daemon-invoking process */
    safe_pipe(pipefd, 1);

    piperead = pipefd[0];
    pipewrite = pipefd[1];
    /* prime the pipe to load stuff first time. */
    send_event(pipewrite, EVENT_RELOAD, 0);

    err_pipe[1] = -1;

    if (!(daemon->options & OPT_DEBUG)) {
#ifndef __ANDROID__
        int nullfd;
#endif

        /* The following code "daemonizes" the process.
       See Stevens section 12.4 */

        if (chdir("/") != 0) die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);

#ifndef NO_FORK
        if (!(daemon->options & OPT_NO_FORK)) {
            pid_t pid;

            /* pipe to carry errors back to original process.
               When startup is complete we close this and the process terminates. */
            safe_pipe(err_pipe, 0);

            if ((pid = fork()) == -1) /* fd == -1 since we've not forked, never returns. */
                send_event(-1, EVENT_FORK_ERR, errno);

            if (pid != 0) {
                struct event_desc ev;

                /* close our copy of write-end */
                close(err_pipe[1]);

                /* check for errors after the fork */
                if (read_write(err_pipe[0], (unsigned char*) &ev, sizeof(ev), 1)) fatal_event(&ev);

                _exit(EC_GOOD);
            }

            close(err_pipe[0]);

            /* NO calls to die() from here on. */

            setsid();

            if ((pid = fork()) == -1) send_event(err_pipe[1], EVENT_FORK_ERR, errno);

            if (pid != 0) _exit(0);
        }
#endif

        /* write pidfile _after_ forking ! */
        if (daemon->runfile) {
            FILE* pidfile;

            /* only complain if started as root */
            if ((pidfile = fopen(daemon->runfile, "w"))) {
                fprintf(pidfile, "%d\n", (int) getpid());
                fclose(pidfile);
            } else if (getuid() == 0) {
                send_event(err_pipe[1], EVENT_PIDFILE, errno);
                _exit(0);
            }
        }

#ifndef __ANDROID__
        /* open  stdout etc to /dev/null */
        nullfd = open("/dev/null", O_RDWR);
        dup2(nullfd, STDOUT_FILENO);
        dup2(nullfd, STDERR_FILENO);
        dup2(nullfd, STDIN_FILENO);
        close(nullfd);
#endif
    }

    log_err = log_start(ent_pw, err_pipe[1]);

    /* if we are to run scripts, we need to fork a helper before dropping root. */
    daemon->helperfd = -1;
#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
    if (daemon->dhcp && daemon->lease_change_command)
        daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
#endif

    if (!(daemon->options & OPT_DEBUG) && getuid() == 0) {
        int bad_capabilities = 0;
        gid_t dummy;

        /* remove all supplimentary groups */
        if (gp && (setgroups(0, &dummy) == -1 || setgid(gp->gr_gid) == -1)) {
            send_event(err_pipe[1], EVENT_GROUP_ERR, errno);
            _exit(0);
        }

        if (ent_pw && ent_pw->pw_uid != 0) {
#if defined(HAVE_LINUX_NETWORK)
            /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
               CAP_NET_RAW (for icmp) if we're doing dhcp */
            data->effective = data->permitted = data->inheritable =
#ifdef __ANDROID__
                (1 << CAP_NET_BIND_SERVICE) |
#endif
                (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);

            /* Tell kernel to not clear capabilities when dropping root */
            if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
                bad_capabilities = errno;

#endif

            if (bad_capabilities != 0) {
                send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities);
                _exit(0);
            }

            /* finally drop root */
            if (setuid(ent_pw->pw_uid) == -1) {
                send_event(err_pipe[1], EVENT_USER_ERR, errno);
                _exit(0);
            }

#ifdef HAVE_LINUX_NETWORK
            data->effective = data->permitted =
#ifdef __ANDROID__
                (1 << CAP_NET_BIND_SERVICE) |
#endif
                (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
            data->inheritable = 0;

            /* lose the setuid and setgid capbilities */
            if (capset(hdr, data) == -1) {
                send_event(err_pipe[1], EVENT_CAP_ERR, errno);
                _exit(0);
            }
#endif
        }
    }

#ifdef HAVE_LINUX_NETWORK
    if (daemon->options & OPT_DEBUG) prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
#endif

    if (daemon->port == 0)
        my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
    else if (daemon->cachesize != 0)
        my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
    else
        my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);

    my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);

    if (log_err != 0)
        my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"), daemon->log_file,
                  strerror(log_err));

    if (bind_fallback)
        my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));

    if (!(daemon->options & OPT_NOWILD))
        for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
            if (if_tmp->name && !if_tmp->used)
                my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"),
                          if_tmp->name);

    if (daemon->port != 0 && (daemon->options & OPT_NO_RESOLV)) {
        if (daemon->resolv_files && !daemon->resolv_files->is_default)
            my_syslog(LOG_WARNING,
                      _("warning: ignoring resolv-file flag because no-resolv is set"));
        daemon->resolv_files = NULL;
        if (!daemon->servers) my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
    }

    if (daemon->max_logs != 0)
        my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"),
                  daemon->max_logs);

#ifdef HAVE_DHCP
    if (daemon->dhcp) {
        struct dhcp_context* dhcp_tmp;

        for (dhcp_tmp = daemon->dhcp; dhcp_tmp; dhcp_tmp = dhcp_tmp->next) {
            prettyprint_time(daemon->dhcp_buff2, dhcp_tmp->lease_time);
            strcpy(daemon->dhcp_buff, inet_ntoa(dhcp_tmp->start));
            my_syslog(MS_DHCP | LOG_INFO,
                      (dhcp_tmp->flags & CONTEXT_STATIC)
                          ? _("DHCP, static leases only on %.0s%s, lease time %s")
                          : (dhcp_tmp->flags & CONTEXT_PROXY)
                                ? _("DHCP, proxy on subnet %.0s%s%.0s")
                                : _("DHCP, IP range %s -- %s, lease time %s"),
                      daemon->dhcp_buff, inet_ntoa(dhcp_tmp->end), daemon->dhcp_buff2);
        }
    }
#endif

    /* finished start-up - release original process */
    if (err_pipe[1] != -1) close(err_pipe[1]);

    if (daemon->port != 0) check_servers();

    pid = getpid();

    while (1) {
        int maxfd = -1;
        struct timeval t, *tp = NULL;
        fd_set rset, wset, eset;

        FD_ZERO(&rset);
        FD_ZERO(&wset);
        FD_ZERO(&eset);

        /* if we are out of resources, find how long we have to wait
       for some to come free, we'll loop around then and restart
       listening for queries */
        if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0) {
            t.tv_usec = 0;
            tp = &t;
        }
#ifdef __ANDROID__
        set_android_listeners(&rset, &maxfd);
#endif

#ifdef HAVE_DHCP
        if (daemon->dhcp) {
            FD_SET(daemon->dhcpfd, &rset);
            bump_maxfd(daemon->dhcpfd, &maxfd);
        }
#endif

#ifdef HAVE_LINUX_NETWORK
        FD_SET(daemon->netlinkfd, &rset);
        bump_maxfd(daemon->netlinkfd, &maxfd);
#endif

        FD_SET(piperead, &rset);
        bump_maxfd(piperead, &maxfd);

#ifdef HAVE_DHCP
#ifdef HAVE_SCRIPT
        while (helper_buf_empty() && do_script_run(now))
            ;

        if (!helper_buf_empty()) {
            FD_SET(daemon->helperfd, &wset);
            bump_maxfd(daemon->helperfd, &maxfd);
        }
#else
        /* need this for other side-effects */
        while (do_script_run(now))
            ;
#endif
#endif

        /* must do this just before select(), when we know no
       more calls to my_syslog() can occur */
        set_log_writer(&wset, &maxfd);

        if (select(maxfd + 1, &rset, &wset, &eset, tp) < 0) {
            /* otherwise undefined after error */
            FD_ZERO(&rset);
            FD_ZERO(&wset);
            FD_ZERO(&eset);
        }

        now = dnsmasq_time();

        check_log_writer(&wset);

        /* Check for changes to resolv files once per second max. */
        /* Don't go silent for long periods if the clock goes backwards. */
        if (daemon->last_resolv == 0 || difftime(now, daemon->last_resolv) > 1.0 ||
            difftime(now, daemon->last_resolv) < -1.0) {
            daemon->last_resolv = now;

            if (daemon->port != 0 && !(daemon->options & OPT_NO_POLL)) poll_resolv();
        }

        if (FD_ISSET(piperead, &rset)) async_event(piperead, now);

#ifdef HAVE_LINUX_NETWORK
        if (FD_ISSET(daemon->netlinkfd, &rset)) netlink_multicast();
#endif

#ifdef __ANDROID__
        check_android_listeners(&rset);
#endif

        check_dns_listeners(&rset, now);

#ifdef HAVE_DHCP
        if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset)) dhcp_packet(now);

#ifdef HAVE_SCRIPT
        if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset)) helper_write();
#endif
#endif
    }
}

static void sig_handler(int sig) {
    if (pid == 0) {
        /* ignore anything other than TERM during startup
           and in helper proc. (helper ignore TERM too) */
        if (sig == SIGTERM) exit(EC_MISC);
    } else if (pid != getpid()) {
        /* alarm is used to kill TCP children after a fixed time. */
        if (sig == SIGALRM) _exit(0);
    } else {
        /* master process */
        const int errsave = errno;
        int event;

        if (sig == SIGHUP)
            event = EVENT_RELOAD;
        else if (sig == SIGCHLD)
            event = EVENT_CHILD;
        else if (sig == SIGALRM)
            event = EVENT_ALARM;
        else if (sig == SIGTERM)
            event = EVENT_TERM;
        else if (sig == SIGUSR1)
            event = EVENT_DUMP;
        else if (sig == SIGUSR2)
            event = EVENT_REOPEN;
        else
            return;

        send_event(pipewrite, event, 0);
        errno = errsave;
    }
}

void send_event(int fd, int event, int data) {
    struct event_desc ev;

    ev.event = event;
    ev.data = data;

    /* error pipe, debug mode. */
    if (fd == -1)
        fatal_event(&ev);
    else
        /* pipe is non-blocking and struct event_desc is smaller than
           PIPE_BUF, so this either fails or writes everything */
        while (write(fd, &ev, sizeof(ev)) == -1 && errno == EINTR)
            ;
}

static void fatal_event(struct event_desc* ev) {
    errno = ev->data;

    switch (ev->event) {
        case EVENT_DIE:
            exit(0);

        case EVENT_FORK_ERR:
            die(_("cannot fork into background: %s"), NULL, EC_MISC);

        case EVENT_PIPE_ERR:
            die(_("failed to create helper: %s"), NULL, EC_MISC);

        case EVENT_CAP_ERR:
            die(_("setting capabilities failed: %s"), NULL, EC_MISC);

        case EVENT_USER_ERR:
        case EVENT_HUSER_ERR:
            die(_("failed to change user-id to %s: %s"),
                ev->event == EVENT_USER_ERR ? daemon->username : daemon->scriptuser, EC_MISC);

        case EVENT_GROUP_ERR:
            die(_("failed to change group-id to %s: %s"), daemon->groupname, EC_MISC);

        case EVENT_PIDFILE:
            die(_("failed to open pidfile %s: %s"), daemon->runfile, EC_FILE);

        case EVENT_LOG_ERR:
            die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE);
    }
}

static void async_event(int pipe, time_t now) {
    pid_t p;
    struct event_desc ev;
    int i;

    if (read_write(pipe, (unsigned char*) &ev, sizeof(ev), 1)) switch (ev.event) {
            case EVENT_RELOAD:
                clear_cache_and_reload(now);
                if (daemon->port != 0 && daemon->resolv_files && (daemon->options & OPT_NO_POLL)) {
                    reload_servers(daemon->resolv_files->name);
                    check_servers();
                }
#ifdef HAVE_DHCP
                rerun_scripts();
#endif
                break;

            case EVENT_DUMP:
                if (daemon->port != 0) dump_cache(now);
                break;

            case EVENT_ALARM:
#ifdef HAVE_DHCP
                if (daemon->dhcp) {
                    lease_prune(NULL, now);
                    lease_update_file(now);
                }
#endif
                break;

            case EVENT_CHILD:
                /* See Stevens 5.10 */
                while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
                    if (p == -1) {
                        if (errno != EINTR) break;
                    } else
                        for (i = 0; i < MAX_PROCS; i++)
                            if (daemon->tcp_pids[i] == p) daemon->tcp_pids[i] = 0;
                break;

            case EVENT_KILLED:
                my_syslog(LOG_WARNING, _("child process killed by signal %d"), ev.data);
                break;

            case EVENT_EXITED:
                my_syslog(LOG_WARNING, _("child process exited with status %d"), ev.data);
                break;

            case EVENT_EXEC_ERR:
                my_syslog(LOG_ERR, _("failed to execute %s: %s"), daemon->lease_change_command,
                          strerror(ev.data));
                break;

                /* necessary for fatal errors in helper */
            case EVENT_HUSER_ERR:
            case EVENT_DIE:
                fatal_event(&ev);
                break;

            case EVENT_REOPEN:
                /* Note: this may leave TCP-handling processes with the old file still open.
                   Since any such process will die in CHILD_LIFETIME or probably much sooner,
                   we leave them logging to the old file. */
                if (daemon->log_file != NULL) log_reopen(daemon->log_file);
                break;

            case EVENT_TERM:
                /* Knock all our children on the head. */
                for (i = 0; i < MAX_PROCS; i++)
                    if (daemon->tcp_pids[i] != 0) kill(daemon->tcp_pids[i], SIGALRM);

#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
                /* handle pending lease transitions */
                if (daemon->helperfd != -1) {
                    /* block in writes until all done */
                    if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
                        fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
                    do {
                        helper_write();
                    } while (!helper_buf_empty() || do_script_run(now));
                    close(daemon->helperfd);
                }
#endif

                if (daemon->lease_stream) fclose(daemon->lease_stream);

                if (daemon->runfile) unlink(daemon->runfile);

                my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
                flush_log();
                exit(EC_GOOD);
        }
}

static void poll_resolv() {
    struct resolvc *res, *latest;
    struct stat statbuf;
    time_t last_change = 0;
    /* There may be more than one possible file.
       Go through and find the one which changed _last_.
       Warn of any which can't be read. */
    for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
        if (stat(res->name, &statbuf) == -1) {
            if (!res->logged)
                my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
            res->logged = 1;
        } else {
            res->logged = 0;
            if (statbuf.st_mtime != res->mtime) {
                res->mtime = statbuf.st_mtime;
                if (difftime(statbuf.st_mtime, last_change) > 0.0) {
                    last_change = statbuf.st_mtime;
                    latest = res;
                }
            }
        }

    if (latest) {
        static int warned = 0;
        if (reload_servers(latest->name)) {
            my_syslog(LOG_INFO, _("reading %s"), latest->name);
            warned = 0;
            check_servers();
            if (daemon->options & OPT_RELOAD) cache_reload();
        } else {
            latest->mtime = 0;
            if (!warned) {
                my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
                warned = 1;
            }
        }
    }
}

void clear_cache_and_reload(time_t now) {
    if (daemon->port != 0) cache_reload();

#ifdef HAVE_DHCP
    if (daemon->dhcp) {
        reread_dhcp();
        dhcp_update_configs(daemon->dhcp_conf);
        check_dhcp_hosts(0);
        lease_update_from_configs();
        lease_update_file(now);
        lease_update_dns();
    }
#endif
}

#ifdef __ANDROID__

static int set_android_listeners(fd_set* set, int* maxfdp) {
    FD_SET(STDIN_FILENO, set);
    bump_maxfd(STDIN_FILENO, maxfdp);
    return 0;
}

static int check_android_listeners(fd_set* set) {
    int retcode = 0;
    if (FD_ISSET(STDIN_FILENO, set)) {
        char buffer[1024];
        int rc;
        int consumed = 0;

        if ((rc = read(STDIN_FILENO, buffer, sizeof(buffer) - 1)) < 0) {
            my_syslog(LOG_ERR, _("Error reading from stdin (%s)"), strerror(errno));
            return -1;
        }
        buffer[rc] = '\0';
        while (consumed < rc) {
            char* cmd;
            char* current_cmd = &buffer[consumed];
            char* params = current_cmd;
            int len = strlen(current_cmd);

            cmd = strsep(&params, "|");
            if (!strcmp(cmd, "update_dns")) {
                if (params != NULL) {
                    set_servers(params);
                    check_servers();
                } else {
                    my_syslog(LOG_ERR, _("Misformatted msg '%s'"), current_cmd);
                    retcode = -1;
                }
            } else if (!strcmp(cmd, "update_ifaces")) {
                if (params != NULL) {
                    set_interfaces(params);
                } else {
                    my_syslog(LOG_ERR, _("Misformatted msg '%s'"), current_cmd);
                    retcode = -1;
                }
            } else {
                my_syslog(LOG_ERR, _("Unknown cmd '%s'"), cmd);
                retcode = -1;
            }
            consumed += len + 1;
        }
    }
    return retcode;
}
#endif

static int set_dns_listeners(time_t now, fd_set* set, int* maxfdp) {
    struct serverfd* serverfdp;
    struct listener* listener;
    int wait = 0, i;

    /* will we be able to get memory? */
    if (daemon->port != 0) get_new_frec(now, &wait);

    for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) {
        FD_SET(serverfdp->fd, set);
        bump_maxfd(serverfdp->fd, maxfdp);
    }

    if (daemon->port != 0 && !daemon->osport)
        for (i = 0; i < RANDOM_SOCKS; i++)
            if (daemon->randomsocks[i].refcount != 0) {
                FD_SET(daemon->randomsocks[i].fd, set);
                bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
            }

    for (listener = daemon->listeners; listener; listener = listener->next) {
        /* only listen for queries if we have resources */
        if (listener->fd != -1 && wait == 0) {
            FD_SET(listener->fd, set);
            bump_maxfd(listener->fd, maxfdp);
        }

        /* death of a child goes through the select loop, so
       we don't need to explicitly arrange to wake up here */
        if (listener->tcpfd != -1)
            for (i = 0; i < MAX_PROCS; i++)
                if (daemon->tcp_pids[i] == 0) {
                    FD_SET(listener->tcpfd, set);
                    bump_maxfd(listener->tcpfd, maxfdp);
                    break;
                }
    }

    return wait;
}

static void check_dns_listeners(fd_set* set, time_t now) {
    struct serverfd* serverfdp;
    struct listener* listener;
    int i;

    for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
        if (FD_ISSET(serverfdp->fd, set))
            reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);

    if (daemon->port != 0 && !daemon->osport)
        for (i = 0; i < RANDOM_SOCKS; i++)
            if (daemon->randomsocks[i].refcount != 0 && FD_ISSET(daemon->randomsocks[i].fd, set))
                reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);

    for (listener = daemon->listeners; listener; listener = listener->next) {
        if (listener->fd != -1 && FD_ISSET(listener->fd, set)) receive_query(listener, now);

        if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set)) {
            int confd;
            struct irec* iface = NULL;
            pid_t p;

            while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR)
                ;

            if (confd == -1) continue;

            if (daemon->options & OPT_NOWILD)
                iface = listener->iface;
            else {
                union mysockaddr tcp_addr;
                socklen_t tcp_len = sizeof(union mysockaddr);
                /* Check for allowed interfaces when binding the wildcard address:
               we do this by looking for an interface with the same address as
               the local address of the TCP connection, then looking to see if that's
               an allowed interface. As a side effect, we get the netmask of the
               interface too, for localisation. */

                /* interface may be new since startup */
                if (enumerate_interfaces() &&
                    getsockname(confd, (struct sockaddr*) &tcp_addr, &tcp_len) != -1)
                    for (iface = daemon->interfaces; iface; iface = iface->next)
                        if (sockaddr_isequal(&iface->addr, &tcp_addr)) break;
            }

            if (!iface) {
                shutdown(confd, SHUT_RDWR);
                close(confd);
            }
#ifndef NO_FORK
            else if (!(daemon->options & OPT_DEBUG) && (p = fork()) != 0) {
                if (p != -1) {
                    int i;
                    for (i = 0; i < MAX_PROCS; i++)
                        if (daemon->tcp_pids[i] == 0) {
                            daemon->tcp_pids[i] = p;
                            break;
                        }
                }
                close(confd);
            }
#endif
            else {
                unsigned char* buff;
                struct server* s;
                int flags;
                struct in_addr dst_addr_4;

                dst_addr_4.s_addr = 0;

                /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
               terminate the process. */
                if (!(daemon->options & OPT_DEBUG)) alarm(CHILD_LIFETIME);

                /* start with no upstream connections. */
                for (s = daemon->servers; s; s = s->next) s->tcpfd = -1;

                /* The connected socket inherits non-blocking
               attribute from the listening socket.
               Reset that here. */
                if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
                    fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);

                if (listener->family == AF_INET) dst_addr_4 = iface->addr.in.sin_addr;

                buff = tcp_request(confd, now, dst_addr_4, iface->netmask);

                shutdown(confd, SHUT_RDWR);
                close(confd);

                if (buff) free(buff);

                for (s = daemon->servers; s; s = s->next)
                    if (s->tcpfd != -1) {
                        shutdown(s->tcpfd, SHUT_RDWR);
                        close(s->tcpfd);
                    }
#ifndef NO_FORK
                if (!(daemon->options & OPT_DEBUG)) {
                    flush_log();
                    _exit(0);
                }
#endif
            }
        }
    }
}

#ifdef HAVE_DHCP
int make_icmp_sock(void) {
    int fd;
    int zeroopt = 0;

    if ((fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1) {
        if (!fix_fd(fd) ||
            setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1) {
            close(fd);
            fd = -1;
        }
    }

    return fd;
}

int icmp_ping(struct in_addr addr) {
    /* Try and get an ICMP echo from a machine. */

    /* Note that whilst in the three second wait, we check for
       (and service) events on the DNS sockets, (so doing that
       better not use any resources our caller has in use...)
       but we remain deaf to signals or further DHCP packets. */

    int fd;
    struct sockaddr_in saddr;
    struct {
        struct ip ip;
        struct icmp icmp;
    } packet;
    unsigned short id = rand16();
    unsigned int i, j;
    int gotreply = 0;
    time_t start, now;

#if defined(HAVE_LINUX_NETWORK)
    if ((fd = make_icmp_sock()) == -1) return 0;
#else
    int opt = 2000;
    fd = daemon->dhcp_icmp_fd;
    setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
#endif

    saddr.sin_family = AF_INET;
    saddr.sin_port = 0;
    saddr.sin_addr = addr;

    memset(&packet.icmp, 0, sizeof(packet.icmp));
    packet.icmp.icmp_type = ICMP_ECHO;
    packet.icmp.icmp_id = id;
    for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++) j += ((u16*) &packet.icmp)[i];
    while (j >> 16) j = (j & 0xffff) + (j >> 16);
    packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;

    while (sendto(fd, (char*) &packet.icmp, sizeof(struct icmp), 0, (struct sockaddr*) &saddr,
                  sizeof(saddr)) == -1 &&
           retry_send())
        ;

    for (now = start = dnsmasq_time(); difftime(now, start) < (float) PING_WAIT;) {
        struct timeval tv;
        fd_set rset, wset;
        struct sockaddr_in faddr;
        int maxfd = fd;
        socklen_t len = sizeof(faddr);

        tv.tv_usec = 250000;
        tv.tv_sec = 0;

        FD_ZERO(&rset);
        FD_ZERO(&wset);
        FD_SET(fd, &rset);
        set_dns_listeners(now, &rset, &maxfd);
        set_log_writer(&wset, &maxfd);

        if (select(maxfd + 1, &rset, &wset, NULL, &tv) < 0) {
            FD_ZERO(&rset);
            FD_ZERO(&wset);
        }

        now = dnsmasq_time();

        check_log_writer(&wset);
        check_dns_listeners(&rset, now);

        if (FD_ISSET(fd, &rset) &&
            recvfrom(fd, &packet, sizeof(packet), 0, (struct sockaddr*) &faddr, &len) ==
                sizeof(packet) &&
            saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
            packet.icmp.icmp_type == ICMP_ECHOREPLY && packet.icmp.icmp_seq == 0 &&
            packet.icmp.icmp_id == id) {
            gotreply = 1;
            break;
        }
    }

#if defined(HAVE_LINUX_NETWORK)
    close(fd);
#else
    opt = 1;
    setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
#endif

    return gotreply;
}
#endif