Página Principal Explorar Ajuda
Iniciar Sessão
jahway603
/
libreCMC
biforcado de libreCMC/libreCMC
1
0
Fork 0
Ficheiros
Árvore: c152c845b4
Ramos Etiquetas
libreCMC
/
package
/
network
/
services
/
dnsmasq
/
patches
/
0001-Impove-cache-behaviour-for-TCP-connections.patch

0001-Impove-cache-behaviour-for-TCP-connections.patch 16 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495 
  1. From a799ca0c6314ad73a97bc6c89382d2712a9c0b0e Mon Sep 17 00:00:00 2001
    2. 

  2. From: Simon Kelley <simon@thekelleys.org.uk>
    3. 

  3. Date: Thu, 18 Oct 2018 19:35:29 +0100
    4. 

  4. Subject: [PATCH 01/32] Impove cache behaviour for TCP connections.
    5. 

  5. 

  6. For ease of implementaion, dnsmasq has always forked a new process to
    7. 

  7. handle each incoming TCP connection. A side-effect of this is that any
    8. 

  8. DNS queries answered from TCP connections are not cached: when TCP
    9. 

  9. connections were rare, this was not a problem.  With the coming of
    10. 

  10. DNSSEC, it's now the case that some DNSSEC queries have answers which
    11. 

  11. spill to TCP, and if, for instance, this applies to the keys for the
    12. 

  12. root then those never get cached, and performance is very bad.  This
    13. 

  13. fix passes cache entries back from the TCP child process to the main
    14. 

  14. server process, and fixes the problem.
    15. 

  15. 

  16. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
    17. 

  17. ---
    18. 

  18.  CHANGELOG       |  14 ++++
    19. 

  19.  src/blockdata.c |  37 ++++++++-
    20. 

  20.  src/cache.c     | 196 ++++++++++++++++++++++++++++++++++++++++++++++--
    21. 

  21.  src/dnsmasq.c   |  58 ++++++++++++--
    22. 

  22.  src/dnsmasq.h   |   5 ++
    23. 

  23.  5 files changed, 291 insertions(+), 19 deletions(-)
    24. 

  24. 

  25. --- a/CHANGELOG
    26. 

  26. +++ b/CHANGELOG
    27. 

  27. @@ -1,3 +1,17 @@
    28. 

  28. +version 2.81
    29. 

  29. +	Impove cache behaviour for TCP connections. For ease of
    30. 

  30. +	implementaion, dnsmasq has always forked a new process to handle
    31. 

  31. +	each incoming TCP connection. A side-effect of this is that
    32. 

  32. +	any DNS queries answered from TCP connections are not cached:
    33. 

  33. +	when TCP connections were rare, this was not a problem.
    34. 

  34. +	With the coming of DNSSEC, it's now the case that some
    35. 

  35. +	DNSSEC queries have answers which spill to TCP, and if,
    36. 

  36. +	for instance, this applies to the keys for the root then
    37. 

  37. +	those never get cached, and performance is very bad.
    38. 

  38. +	This fix passes cache entries back from the TCP child process to
    39. 

  39. +	the main server process, and fixes the problem.
    40. 

  40. +
    41. 

  41. +
    42. 

  42.  version 2.80
    43. 

  43.  	Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method
    44. 

  44.  	for the initial patch and motivation.
    45. 

  45. --- a/src/blockdata.c
    46. 

  46. +++ b/src/blockdata.c
    47. 

  47. @@ -61,7 +61,7 @@ void blockdata_report(void)
    48. 

  48.  	      blockdata_alloced * sizeof(struct blockdata));
    49. 

  49.  } 
    50. 

  50.  
    51. 

  51. -struct blockdata *blockdata_alloc(char *data, size_t len)
    52. 

  52. +static struct blockdata *blockdata_alloc_real(int fd, char *data, size_t len)
    53. 

  53.  {
    54. 

  54.    struct blockdata *block, *ret = NULL;
    55. 

  55.    struct blockdata **prev = &ret;
    56. 

  56. @@ -89,8 +89,17 @@ struct blockdata *blockdata_alloc(char *
    57. 

  57.  	blockdata_hwm = blockdata_count; 
    58. 

  58.        
    59. 

  59.        blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len;
    60. 

  60. -      memcpy(block->key, data, blen);
    61. 

  61. -      data += blen;
    62. 

  62. +      if (data)
    63. 

  63. +	{
    64. 

  64. +	  memcpy(block->key, data, blen);
    65. 

  65. +	  data += blen;
    66. 

  66. +	}
    67. 

  67. +      else if (!read_write(fd, block->key, blen, 1))
    68. 

  68. +	{
    69. 

  69. +	  /* failed read free partial chain */
    70. 

  70. +	  blockdata_free(ret);
    71. 

  71. +	  return NULL;
    72. 

  72. +	}
    73. 

  73.        len -= blen;
    74. 

  74.        *prev = block;
    75. 

  75.        prev = &block->next;
    76. 

  76. @@ -100,6 +109,10 @@ struct blockdata *blockdata_alloc(char *
    77. 

  77.    return ret;
    78. 

  78.  }
    79. 

  79.  
    80. 

  80. +struct blockdata *blockdata_alloc(char *data, size_t len)
    81. 

  81. +{
    82. 

  82. +  return blockdata_alloc_real(0, data, len);
    83. 

  83. +}
    84. 

  84.  
    85. 

  85.  void blockdata_free(struct blockdata *blocks)
    86. 

  86.  {
    87. 

  87. @@ -148,5 +161,21 @@ void *blockdata_retrieve(struct blockdat
    88. 

  88.  
    89. 

  89.    return data;
    90. 

  90.  }
    91. 

  91. - 
    92. 

  92. +
    93. 

  93. +
    94. 

  94. +void blockdata_write(struct blockdata *block, size_t len, int fd)
    95. 

  95. +{
    96. 

  96. +  for (; len > 0 && block; block = block->next)
    97. 

  97. +    {
    98. 

  98. +      size_t blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len;
    99. 

  99. +      read_write(fd, block->key, blen, 0);
    100. 

  100. +      len -= blen;
    101. 

  101. +    }
    102. 

  102. +}
    103. 

  103. +
    104. 

  104. +struct blockdata *blockdata_read(int fd, size_t len)
    105. 

  105. +{
    106. 

  106. +  return blockdata_alloc_real(fd, NULL, len);
    107. 

  107. +}
    108. 

  108. +
    109. 

  109.  #endif
    110. 

  110. --- a/src/cache.c
    111. 

  111. +++ b/src/cache.c
    112. 

  112. @@ -26,6 +26,8 @@ static union bigname *big_free = NULL;
    113. 

  113.  static int bignames_left, hash_size;
    114. 

  114.  
    115. 

  115.  static void make_non_terminals(struct crec *source);
    116. 

  116. +static struct crec *really_insert(char *name, struct all_addr *addr, 
    117. 

  117. +				  time_t now,  unsigned long ttl, unsigned short flags);
    118. 

  118.  
    119. 

  119.  /* type->string mapping: this is also used by the name-hash function as a mixing table. */
    120. 

  120.  static const struct {
    121. 

  121. @@ -464,16 +466,10 @@ void cache_start_insert(void)
    122. 

  122.    new_chain = NULL;
    123. 

  123.    insert_error = 0;
    124. 

  124.  }
    125. 

  125. - 
    126. 

  126. +
    127. 

  127.  struct crec *cache_insert(char *name, struct all_addr *addr, 
    128. 

  128.  			  time_t now,  unsigned long ttl, unsigned short flags)
    129. 

  129.  {
    130. 

  130. -  struct crec *new, *target_crec = NULL;
    131. 

  131. -  union bigname *big_name = NULL;
    132. 

  132. -  int freed_all = flags & F_REVERSE;
    133. 

  133. -  int free_avail = 0;
    134. 

  134. -  unsigned int target_uid;
    135. 

  135. -  
    136. 

  136.    /* Don't log DNSSEC records here, done elsewhere */
    137. 

  137.    if (flags & (F_IPV4 | F_IPV6 | F_CNAME))
    138. 

  138.      {
    139. 

  139. @@ -484,7 +480,20 @@ struct crec *cache_insert(char *name, st
    140. 

  140.        if (daemon->min_cache_ttl != 0 && daemon->min_cache_ttl > ttl)
    141. 

  141.  	ttl = daemon->min_cache_ttl;
    142. 

  142.      }
    143. 

  143. +  
    144. 

  144. +  return really_insert(name, addr, now, ttl, flags);
    145. 

  145. +}
    146. 

  146.  
    147. 

  147. +
    148. 

  148. +static struct crec *really_insert(char *name, struct all_addr *addr, 
    149. 

  149. +				  time_t now,  unsigned long ttl, unsigned short flags)
    150. 

  150. +{
    151. 

  151. +  struct crec *new, *target_crec = NULL;
    152. 

  152. +  union bigname *big_name = NULL;
    153. 

  153. +  int freed_all = flags & F_REVERSE;
    154. 

  154. +  int free_avail = 0;
    155. 

  155. +  unsigned int target_uid;
    156. 

  156. +  
    157. 

  157.    /* if previous insertion failed give up now. */
    158. 

  158.    if (insert_error)
    159. 

  159.      return NULL;
    160. 

  160. @@ -645,12 +654,185 @@ void cache_end_insert(void)
    161. 

  161.  	  cache_hash(new_chain);
    162. 

  162.  	  cache_link(new_chain);
    163. 

  163.  	  daemon->metrics[METRIC_DNS_CACHE_INSERTED]++;
    164. 

  164. +
    165. 

  165. +	  /* If we're a child process, send this cache entry up the pipe to the master.
    166. 

  166. +	     The marshalling process is rather nasty. */
    167. 

  167. +	  if (daemon->pipe_to_parent != -1)
    168. 

  168. +	    {
    169. 

  169. +	      char *name = cache_get_name(new_chain);
    170. 

  170. +	      ssize_t m = strlen(name);
    171. 

  171. +	      unsigned short flags = new_chain->flags;
    172. 

  172. +#ifdef HAVE_DNSSEC
    173. 

  173. +	      u16 class = new_chain->uid;
    174. 

  174. +#endif
    175. 

  175. +	      
    176. 

  176. +	      read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0);
    177. 

  177. +	      read_write(daemon->pipe_to_parent, (unsigned char *)name, m, 0);
    178. 

  178. +	      read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->ttd, sizeof(new_chain->ttd), 0);
    179. 

  179. +	      read_write(daemon->pipe_to_parent, (unsigned  char *)&flags, sizeof(flags), 0);
    180. 

  180. +
    181. 

  181. +	      if (flags & (F_IPV4 | F_IPV6))
    182. 

  182. +		read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0);
    183. 

  183. +#ifdef HAVE_DNSSEC
    184. 

  184. +	      else if (flags & F_DNSKEY)
    185. 

  185. +		{
    186. 

  186. +		  read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0);
    187. 

  187. +		  read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.algo, sizeof(new_chain->addr.key.algo), 0);
    188. 

  188. +		  read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keytag, sizeof(new_chain->addr.key.keytag), 0);
    189. 

  189. +		  read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.flags, sizeof(new_chain->addr.key.flags), 0);
    190. 

  190. +		  read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keylen, sizeof(new_chain->addr.key.keylen), 0);
    191. 

  191. +		  blockdata_write(new_chain->addr.key.keydata, new_chain->addr.key.keylen, daemon->pipe_to_parent);
    192. 

  192. +		}
    193. 

  193. +	      else if (flags & F_DS)
    194. 

  194. +		{
    195. 

  195. +		  read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0);
    196. 

  196. +		  /* A negative DS entry is possible and has no data, obviously. */
    197. 

  197. +		  if (!(flags & F_NEG))
    198. 

  198. +		    {
    199. 

  199. +		      read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.algo, sizeof(new_chain->addr.ds.algo), 0);
    200. 

  200. +		      read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keytag, sizeof(new_chain->addr.ds.keytag), 0);
    201. 

  201. +		      read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.digest, sizeof(new_chain->addr.ds.digest), 0);
    202. 

  202. +		      read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keylen, sizeof(new_chain->addr.ds.keylen), 0);
    203. 

  203. +		      blockdata_write(new_chain->addr.ds.keydata, new_chain->addr.ds.keylen, daemon->pipe_to_parent);
    204. 

  204. +		    }
    205. 

  205. +		}
    206. 

  206. +#endif
    207. 

  207. +	      
    208. 

  208. +	    }
    209. 

  209.  	}
    210. 

  210. +      
    211. 

  211.        new_chain = tmp;
    212. 

  212.      }
    213. 

  213. +
    214. 

  214. +  /* signal end of cache insert in master process */
    215. 

  215. +  if (daemon->pipe_to_parent != -1)
    216. 

  216. +    {
    217. 

  217. +      ssize_t m = -1;
    218. 

  218. +      read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0);
    219. 

  219. +    }
    220. 

  220. +      
    221. 

  221.    new_chain = NULL;
    222. 

  222.  }
    223. 

  223.  
    224. 

  224. +
    225. 

  225. +/* A marshalled cache entry arrives on fd, read, unmarshall and insert into cache of master process. */
    226. 

  226. +int cache_recv_insert(time_t now, int fd)
    227. 

  227. +{
    228. 

  228. +  ssize_t m;
    229. 

  229. +  struct all_addr addr;
    230. 

  230. +  unsigned long ttl;
    231. 

  231. +  time_t ttd;
    232. 

  232. +  unsigned short flags;
    233. 

  233. +  struct crec *crecp = NULL;
    234. 

  234. +  
    235. 

  235. +  cache_start_insert();
    236. 

  236. +  
    237. 

  237. +  while(1)
    238. 

  238. +    {
    239. 

  239. + 
    240. 

  240. +      if (!read_write(fd, (unsigned char *)&m, sizeof(m), 1))
    241. 

  241. +	return 0;
    242. 

  242. +      
    243. 

  243. +      if (m == -1)
    244. 

  244. +	{
    245. 

  245. +	  cache_end_insert();
    246. 

  246. +	  return 1;
    247. 

  247. +	}
    248. 

  248. +
    249. 

  249. +      if (!read_write(fd, (unsigned char *)daemon->namebuff, m, 1) ||
    250. 

  250. +	  !read_write(fd, (unsigned char *)&ttd, sizeof(ttd), 1) ||
    251. 

  251. +	  !read_write(fd, (unsigned char *)&flags, sizeof(flags), 1))
    252. 

  252. +	return 0;
    253. 

  253. +
    254. 

  254. +      daemon->namebuff[m] = 0;
    255. 

  255. +
    256. 

  256. +      ttl = difftime(ttd, now);
    257. 

  257. +      
    258. 

  258. +      if (flags & (F_IPV4 | F_IPV6))
    259. 

  259. +	{
    260. 

  260. +	  if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1))
    261. 

  261. +	    return 0;
    262. 

  262. +	  crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags);
    263. 

  263. +	}
    264. 

  264. +      else if (flags & F_CNAME)
    265. 

  265. +	{
    266. 

  266. +	  struct crec *newc = really_insert(daemon->namebuff, NULL, now, ttl, flags);
    267. 

  267. +	  /* This relies on the fact the the target of a CNAME immediately preceeds
    268. 

  268. +	     it because of the order of extraction in extract_addresses, and
    269. 

  269. +	     the order reversal on the new_chain. */
    270. 

  270. +	  if (newc)
    271. 

  271. +	    {
    272. 

  272. +	      if (!crecp)
    273. 

  273. +		{
    274. 

  274. +		  newc->addr.cname.target.cache = NULL;
    275. 

  275. +		  /* anything other than zero, to avoid being mistaken for CNAME to interface-name */ 
    276. 

  276. +		  newc->addr.cname.uid = 1; 
    277. 

  277. +		}
    278. 

  278. +	      else
    279. 

  279. +		{
    280. 

  280. +		  next_uid(crecp);
    281. 

  281. +		  newc->addr.cname.target.cache = crecp;
    282. 

  282. +		  newc->addr.cname.uid = crecp->uid;
    283. 

  283. +		}
    284. 

  284. +	    }
    285. 

  285. +	}
    286. 

  286. +#ifdef HAVE_DNSSEC
    287. 

  287. +      else if (flags & (F_DNSKEY | F_DS))
    288. 

  288. +	{
    289. 

  289. +	  unsigned short class, keylen, keyflags, keytag;
    290. 

  290. +	  unsigned char algo, digest;
    291. 

  291. +	  struct blockdata *keydata;
    292. 

  292. +	  
    293. 

  293. +	  if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1))
    294. 

  294. +	    return 0;
    295. 

  295. +	  /* Cache needs to known class for DNSSEC stuff */
    296. 

  296. +	  addr.addr.dnssec.class = class;
    297. 

  297. +
    298. 

  298. +	  crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags);
    299. 

  299. +	    
    300. 

  300. +	  if (flags & F_DNSKEY)
    301. 

  301. +	    {
    302. 

  302. +	      if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) ||
    303. 

  303. +		  !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) ||
    304. 

  304. +		  !read_write(fd, (unsigned char *)&keyflags, sizeof(keyflags), 1) ||
    305. 

  305. +		  !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) ||
    306. 

  306. +		  !(keydata = blockdata_read(fd, keylen)))
    307. 

  307. +		return 0;
    308. 

  308. +	    }
    309. 

  309. +	  else if (!(flags & F_NEG))
    310. 

  310. +	    {
    311. 

  311. +	      if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) ||
    312. 

  312. +		  !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) ||
    313. 

  313. +		  !read_write(fd, (unsigned char *)&digest, sizeof(digest), 1) ||
    314. 

  314. +		  !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) ||
    315. 

  315. +		  !(keydata = blockdata_read(fd, keylen)))
    316. 

  316. +		return 0;
    317. 

  317. +	    }
    318. 

  318. +
    319. 

  319. +	  if (crecp)
    320. 

  320. +	    {
    321. 

  321. +	       if (flags & F_DNSKEY)
    322. 

  322. +		 {
    323. 

  323. +		   crecp->addr.key.algo = algo;
    324. 

  324. +		   crecp->addr.key.keytag = keytag;
    325. 

  325. +		   crecp->addr.key.flags = flags;
    326. 

  326. +		   crecp->addr.key.keylen = keylen;
    327. 

  327. +		   crecp->addr.key.keydata = keydata;
    328. 

  328. +		 }
    329. 

  329. +	       else if (!(flags & F_NEG))
    330. 

  330. +		 {
    331. 

  331. +		   crecp->addr.ds.algo = algo;
    332. 

  332. +		   crecp->addr.ds.keytag = keytag;
    333. 

  333. +		   crecp->addr.ds.digest = digest;
    334. 

  334. +		   crecp->addr.ds.keylen = keylen;
    335. 

  335. +		   crecp->addr.ds.keydata = keydata;
    336. 

  336. +		 }
    337. 

  337. +	    }
    338. 

  338. +	}
    339. 

  339. +#endif
    340. 

  340. +    }
    341. 

  341. +}
    342. 

  342. +	
    343. 

  343.  int cache_find_non_terminal(char *name, time_t now)
    344. 

  344.  {
    345. 

  345.    struct crec *crecp;
    346. 

  346. --- a/src/dnsmasq.c
    347. 

  347. +++ b/src/dnsmasq.c
    348. 

  348. @@ -930,6 +930,10 @@ int main (int argc, char **argv)
    349. 

  349.      check_servers();
    350. 

  350.    
    351. 

  351.    pid = getpid();
    352. 

  352. +
    353. 

  353. +  daemon->pipe_to_parent = -1;
    354. 

  354. +  for (i = 0; i < MAX_PROCS; i++)
    355. 

  355. +    daemon->tcp_pipes[i] = -1;
    356. 

  356.    
    357. 

  357.  #ifdef HAVE_INOTIFY
    358. 

  358.    /* Using inotify, have to select a resolv file at startup */
    359. 

  359. @@ -1611,7 +1615,7 @@ static int set_dns_listeners(time_t now)
    360. 

  360.  	 we don't need to explicitly arrange to wake up here */
    361. 

  361.        if  (listener->tcpfd != -1)
    362. 

  362.  	for (i = 0; i < MAX_PROCS; i++)
    363. 

  363. -	  if (daemon->tcp_pids[i] == 0)
    364. 

  364. +	  if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1)
    365. 

  365.  	    {
    366. 

  366.  	      poll_listen(listener->tcpfd, POLLIN);
    367. 

  367.  	      break;
    368. 

  368. @@ -1624,6 +1628,13 @@ static int set_dns_listeners(time_t now)
    369. 

  369.  
    370. 

  370.      }
    371. 

  371.    
    372. 

  372. +#ifndef NO_FORK
    373. 

  373. +  if (!option_bool(OPT_DEBUG))
    374. 

  374. +    for (i = 0; i < MAX_PROCS; i++)
    375. 

  375. +      if (daemon->tcp_pipes[i] != -1)
    376. 

  376. +	poll_listen(daemon->tcp_pipes[i], POLLIN);
    377. 

  377. +#endif
    378. 

  378. +  
    379. 

  379.    return wait;
    380. 

  380.  }
    381. 

  381.  
    382. 

  382. @@ -1632,7 +1643,10 @@ static void check_dns_listeners(time_t n
    383. 

  383.    struct serverfd *serverfdp;
    384. 

  384.    struct listener *listener;
    385. 

  385.    int i;
    386. 

  386. -
    387. 

  387. +#ifndef NO_FORK
    388. 

  388. +  int pipefd[2];
    389. 

  389. +#endif
    390. 

  390. +  
    391. 

  391.    for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
    392. 

  392.      if (poll_check(serverfdp->fd, POLLIN))
    393. 

  393.        reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
    394. 

  394. @@ -1642,7 +1656,26 @@ static void check_dns_listeners(time_t n
    395. 

  395.        if (daemon->randomsocks[i].refcount != 0 && 
    396. 

  396.  	  poll_check(daemon->randomsocks[i].fd, POLLIN))
    397. 

  397.  	reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
    398. 

  398. -  
    399. 

  399. +
    400. 

  400. +#ifndef NO_FORK
    401. 

  401. +  /* Races. The child process can die before we read all of the data from the
    402. 

  402. +     pipe, or vice versa. Therefore send tcp_pids to zero when we wait() the 
    403. 

  403. +     process, and tcp_pipes to -1 and close the FD when we read the last
    404. 

  404. +     of the data - indicated by cache_recv_insert returning zero.
    405. 

  405. +     The order of these events is indeterminate, and both are needed
    406. 

  406. +     to free the process slot. Once the child process has gone, poll()
    407. 

  407. +     returns POLLHUP, not POLLIN, so have to check for both here. */
    408. 

  408. +  if (!option_bool(OPT_DEBUG))
    409. 

  409. +    for (i = 0; i < MAX_PROCS; i++)
    410. 

  410. +      if (daemon->tcp_pipes[i] != -1 &&
    411. 

  411. +	  poll_check(daemon->tcp_pipes[i], POLLIN | POLLHUP) &&
    412. 

  412. +	  !cache_recv_insert(now, daemon->tcp_pipes[i]))
    413. 

  413. +	{
    414. 

  414. +	  close(daemon->tcp_pipes[i]);
    415. 

  415. +	  daemon->tcp_pipes[i] = -1;	
    416. 

  416. +	}
    417. 

  417. +#endif
    418. 

  418. +	
    419. 

  419.    for (listener = daemon->listeners; listener; listener = listener->next)
    420. 

  420.      {
    421. 

  421.        if (listener->fd != -1 && poll_check(listener->fd, POLLIN))
    422. 

  422. @@ -1736,15 +1769,20 @@ static void check_dns_listeners(time_t n
    423. 

  423.  	      while (retry_send(close(confd)));
    424. 

  424.  	    }
    425. 

  425.  #ifndef NO_FORK
    426. 

  426. -	  else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
    427. 

  427. +	  else if (!option_bool(OPT_DEBUG) && pipe(pipefd) == 0 && (p = fork()) != 0)
    428. 

  428.  	    {
    429. 

  429. -	      if (p != -1)
    430. 

  430. +	      close(pipefd[1]); /* parent needs read pipe end. */
    431. 

  431. +	      if (p == -1)
    432. 

  432. +		close(pipefd[0]);
    433. 

  433. +	      else
    434. 

  434.  		{
    435. 

  435.  		  int i;
    436. 

  436. +
    437. 

  437.  		  for (i = 0; i < MAX_PROCS; i++)
    438. 

  438. -		    if (daemon->tcp_pids[i] == 0)
    439. 

  439. +		    if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1)
    440. 

  440.  		      {
    441. 

  441.  			daemon->tcp_pids[i] = p;
    442. 

  442. +			daemon->tcp_pipes[i] = pipefd[0];
    443. 

  443.  			break;
    444. 

  444.  		      }
    445. 

  445.  		}
    446. 

  446. @@ -1761,7 +1799,7 @@ static void check_dns_listeners(time_t n
    447. 

  447.  	      int flags;
    448. 

  448.  	      struct in_addr netmask;
    449. 

  449.  	      int auth_dns;
    450. 

  450. -
    451. 

  451. +	   
    452. 

  452.  	      if (iface)
    453. 

  453.  		{
    454. 

  454.  		  netmask = iface->netmask;
    455. 

  455. @@ -1777,7 +1815,11 @@ static void check_dns_listeners(time_t n
    456. 

  456.  	      /* Arrange for SIGALRM after CHILD_LIFETIME seconds to
    457. 

  457.  		 terminate the process. */
    458. 

  458.  	      if (!option_bool(OPT_DEBUG))
    459. 

  459. -		alarm(CHILD_LIFETIME);
    460. 

  460. +		{
    461. 

  461. +		  alarm(CHILD_LIFETIME);
    462. 

  462. +		  close(pipefd[0]); /* close read end in child. */
    463. 

  463. +		  daemon->pipe_to_parent = pipefd[1];
    464. 

  464. +		}
    465. 

  465.  #endif
    466. 

  466.  
    467. 

  467.  	      /* start with no upstream connections. */
    468. 

  468. --- a/src/dnsmasq.h
    469. 

  469. +++ b/src/dnsmasq.h
    470. 

  470. @@ -1091,6 +1091,8 @@ extern struct daemon {
    471. 

  471.    size_t packet_len;       /*      "        "        */
    472. 

  472.    struct randfd *rfd_save; /*      "        "        */
    473. 

  473.    pid_t tcp_pids[MAX_PROCS];
    474. 

  474. +  int tcp_pipes[MAX_PROCS];
    475. 

  475. +  int pipe_to_parent;
    476. 

  476.    struct randfd randomsocks[RANDOM_SOCKS];
    477. 

  477.    int v6pktinfo; 
    478. 

  478.    struct addrlist *interface_addrs; /* list of all addresses/prefix lengths associated with all local interfaces */
    479. 

  479. @@ -1152,6 +1154,7 @@ struct crec *cache_find_by_name(struct c
    480. 

  480.  				char *name, time_t now, unsigned int prot);
    481. 

  481.  void cache_end_insert(void);
    482. 

  482.  void cache_start_insert(void);
    483. 

  483. +int cache_recv_insert(time_t now, int fd);
    484. 

  484.  struct crec *cache_insert(char *name, struct all_addr *addr,
    485. 

  485.  			  time_t now, unsigned long ttl, unsigned short flags);
    486. 

  486.  void cache_reload(void);
    487. 

  487. @@ -1174,6 +1177,8 @@ void blockdata_init(void);
    488. 

  488.  void blockdata_report(void);
    489. 

  489.  struct blockdata *blockdata_alloc(char *data, size_t len);
    490. 

  490.  void *blockdata_retrieve(struct blockdata *block, size_t len, void *data);
    491. 

  491. +struct blockdata *blockdata_read(int fd, size_t len);
    492. 

  492. +void blockdata_write(struct blockdata *block, size_t len, int fd);
    493. 

  493.  void blockdata_free(struct blockdata *blocks);
    494. 

  494.  #endif
    495. 

  495.  
    496.