Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / 9ed821d7e5d875a3395740a9cc2545671fa429b7 / . / ap / app / dnsmasq / dnsmasq-2.86 / src / config.h
blob: 26fcaf0256e83ab8a026d89a9e303f2c05b24521 [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame^]1/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15*/
16
17#define FTABSIZ 150 /* max number of outstanding requests (default) */
18#define MAX_PROCS 2 /* max no children for TCP requests */
19#define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
20#define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
21#define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */
22//#define EDNS_PKTSZ 4096 CVE-2023-28450/* default max EDNS.0 UDP packet from RFC5625 */
23#define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from /dnsflagday.net/2020 */
24#define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */
25#define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */
26#define DNSSEC_WORK 50 /* Max number of queries to validate one question */
27#define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */
28#define FORWARD_TEST 50 /* try all servers every 50 queries */
29#define FORWARD_TIME 20 /* or 20 seconds */
30#define UDP_TEST_TIME 60 /* How often to reset our idea of max packet size. */
31#define SERVERS_LOGGED 30 /* Only log this many servers when logging state */
32#define LOCALS_LOGGED 8 /* Only log this many local addresses when logging state */
33#define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */
34#define CACHESIZ 150 /* default cache size */
35#define TTL_FLOOR_LIMIT 3600 /* don't allow --min-cache-ttl to raise TTL above this under any circumstances */
36#define MAXLEASES 1000 /* maximum number of DHCP leases */
37#define PING_WAIT 3 /* wait for ping address-in-use test */
38#define PING_CACHE_TIME 30 /* Ping test assumed to be valid this long. */
39#define DECLINE_BACKOFF 600 /* disable DECLINEd static addresses for this long */
40#define DHCP_PACKET_MAX 16384 /* hard limit on DHCP packet size */
41#define SMALLDNAME 50 /* most domain names are smaller than this */
42#define CNAME_CHAIN 10 /* chains longer than this atr dropped for loop protection */
43#define DNSSEC_MIN_TTL 60 /* DNSKEY and DS records in cache last at least this long */
44#define HOSTSFILE "/etc/hosts"
45#define ETHERSFILE "/etc/ethers"
46#define DEFLEASE 3600 /* default DHCPv4 lease time, one hour */
47#define DEFLEASE6 (3600*24) /* default lease time for DHCPv6. One day. */
48#define CHUSER "nobody"
49#define CHGRP "dip"
50#define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */
51#define LOG_MAX 5 /* log-queue length */
52#define RANDFILE "/dev/urandom"
53#define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" /* Default - may be overridden by config */
54#define DNSMASQ_PATH "/uk/org/thekelleys/dnsmasq"
55#define DNSMASQ_UBUS_NAME "dnsmasq" /* Default - may be overridden by config */
56#define AUTH_TTL 600 /* default TTL for auth DNS */
57#define SOA_REFRESH 1200 /* SOA refresh default */
58#define SOA_RETRY 180 /* SOA retry default */
59#define SOA_EXPIRY 1209600 /* SOA expiry default */
60#define LOOP_TEST_DOMAIN "test" /* domain for loop testing, "test" is reserved by RFC 2606 and won't therefore clash */
61#define LOOP_TEST_TYPE T_TXT
62
63/* compile-time options: uncomment below to enable or do eg.
64 make COPTS=-DHAVE_BROKEN_RTC
65
66HAVE_BROKEN_RTC
67 define this on embedded systems which don't have an RTC
68 which keeps time over reboots. Causes dnsmasq to use uptime
69 for timing, and keep lease lengths rather than expiry times
70 in its leases file. This also make dnsmasq "flash disk friendly".
71 Normally, dnsmasq tries very hard to keep the on-disk leases file
72 up-to-date: rewriting it after every renewal. When HAVE_BROKEN_RTC
73 is in effect, the lease file is only written when a new lease is
74 created, or an old one destroyed. (Because those are the only times
75 it changes.) This vastly reduces the number of file writes, and makes
76 it viable to keep the lease file on a flash filesystem.
77 NOTE: when enabling or disabling this, be sure to delete any old
78 leases file, otherwise dnsmasq may get very confused.
79
80HAVE_TFTP
81 define this to get dnsmasq's built-in TFTP server.
82
83HAVE_DHCP
84 define this to get dnsmasq's DHCPv4 server.
85
86HAVE_DHCP6
87 define this to get dnsmasq's DHCPv6 server. (implies HAVE_DHCP).
88
89HAVE_SCRIPT
90 define this to get the ability to call scripts on lease-change.
91
92HAVE_LUASCRIPT
93 define this to get the ability to call Lua script on lease-change. (implies HAVE_SCRIPT)
94
95HAVE_DBUS
96 define this if you want to link against libdbus, and have dnsmasq
97 support some methods to allow (re)configuration of the upstream DNS
98 servers via DBus.
99
100HAVE_UBUS
101 define this if you want to link against libubus
102
103HAVE_IDN
104 define this if you want international domain name 2003 support.
105
106HAVE_LIBIDN2
107 define this if you want international domain name 2008 support.
108
109HAVE_CONNTRACK
110 define this to include code which propagates conntrack marks from
111 incoming DNS queries to the corresponding upstream queries. This adds
112 a build-dependency on libnetfilter_conntrack, but the resulting binary will
113 still run happily on a kernel without conntrack support.
114
115HAVE_IPSET
116 define this to include the ability to selectively add resolved ip addresses
117 to given ipsets.
118
119HAVE_AUTH
120 define this to include the facility to act as an authoritative DNS
121 server for one or more zones.
122
123HAVE_CRYPTOHASH
124 include just hash function from crypto library, but no DNSSEC.
125
126HAVE_DNSSEC
127 include DNSSEC validator.
128
129HAVE_DUMPFILE
130 include code to dump packets to a libpcap-format file for debugging.
131
132HAVE_LOOP
133 include functionality to probe for and remove DNS forwarding loops.
134
135HAVE_INOTIFY
136 use the Linux inotify facility to efficiently re-read configuration files.
137
138NO_ID
139 Don't report *.bind CHAOS info to clients, forward such requests upstream instead.
140NO_TFTP
141NO_DHCP
142NO_DHCP6
143NO_SCRIPT
144NO_LARGEFILE
145NO_AUTH
146NO_DUMPFILE
147NO_LOOP
148NO_INOTIFY
149 these are available to explicitly disable compile time options which would
150 otherwise be enabled automatically or which are enabled by default
151 in the distributed source tree. Building dnsmasq
152 with something like "make COPTS=-DNO_SCRIPT" will do the trick.
153NO_GMP
154 Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp.
155
156LEASEFILE
157CONFFILE
158RESOLVFILE
159 the default locations of these files are determined below, but may be overridden
160 in a build command line using COPTS.
161
162*/
163
164/* Defining this builds a binary which handles time differently and works better on a system without a
165 stable RTC (it uses uptime, not epoch time) and writes the DHCP leases file less often to avoid flash wear.
166*/
167
168/* #define HAVE_BROKEN_RTC */
169
170/* The default set of options to build. Built with these options, dnsmasq
171 has no library dependencies other than libc */
172
173#define HAVE_DHCP
174#define HAVE_DHCP6
175#define HAVE_TFTP
176#define HAVE_SCRIPT
177#define HAVE_AUTH
178#define HAVE_IPSET
179#define HAVE_LOOP
180#define HAVE_DUMPFILE
181
182/* Build options which require external libraries.
183
184 Defining HAVE_<opt>_STATIC as _well_ as HAVE_<opt> will link the library statically.
185
186 You can use "make COPTS=-DHAVE_<opt>" instead of editing these.
187*/
188
189/* #define HAVE_LUASCRIPT */
190/* #define HAVE_DBUS */
191/* #define HAVE_IDN */
192/* #define HAVE_LIBIDN2 */
193/* #define HAVE_CONNTRACK */
194/* #define HAVE_CRYPTOHASH */
195/* #define HAVE_DNSSEC */
196
197
198/* Default locations for important system files. */
199
200#ifndef LEASEFILE
201# if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__) || defined(__NetBSD__)
202# define LEASEFILE "/var/db/dnsmasq.leases"
203# elif defined(__sun__) || defined (__sun)
204# define LEASEFILE "/var/cache/dnsmasq.leases"
205# elif defined(__ANDROID__)
206# define LEASEFILE "/data/misc/dhcp/dnsmasq.leases"
207# else
208# define LEASEFILE "/var/lib/misc/dnsmasq.leases"
209# endif
210#endif
211
212#ifndef CONFFILE
213# if defined(__FreeBSD__)
214# define CONFFILE "/usr/local/etc/dnsmasq.conf"
215# else
216# define CONFFILE "/etc/dnsmasq.conf"
217# endif
218#endif
219
220#ifndef RESOLVFILE
221# if defined(__uClinux__)
222# define RESOLVFILE "/etc/config/resolv.conf"
223# else
224# define RESOLVFILE "/etc/resolv.conf"
225# endif
226#endif
227
228#ifndef RUNFILE
229# if defined(__ANDROID__)
230# define RUNFILE "/data/dnsmasq.pid"
231# else
232# define RUNFILE "/var/run/dnsmasq.pid"
233# endif
234#endif
235
236/* platform dependent options: these are determined automatically below
237
238HAVE_LINUX_NETWORK
239HAVE_BSD_NETWORK
240HAVE_SOLARIS_NETWORK
241 define exactly one of these to alter interaction with kernel networking.
242
243HAVE_GETOPT_LONG
244 defined when GNU-style getopt_long available.
245
246HAVE_SOCKADDR_SA_LEN
247 defined if struct sockaddr has sa_len field (*BSD)
248*/
249
250#if defined(__UCLIBC__)
251#define HAVE_LINUX_NETWORK
252#if defined(__UCLIBC_HAS_GNU_GETOPT__) || \
253 ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21))
254# define HAVE_GETOPT_LONG
255#endif
256#undef HAVE_SOCKADDR_SA_LEN
257#if defined(__UCLIBC_HAS_IPV6__)
258# ifndef IPV6_V6ONLY
259# define IPV6_V6ONLY 26
260# endif
261#endif
262
263/* This is for glibc 2.x */
264#elif defined(__linux__)
265#define HAVE_LINUX_NETWORK
266#define HAVE_GETOPT_LONG
267#undef HAVE_SOCKADDR_SA_LEN
268
269#elif defined(__FreeBSD__) || \
270 defined(__OpenBSD__) || \
271 defined(__DragonFly__) || \
272 defined(__FreeBSD_kernel__)
273#define HAVE_BSD_NETWORK
274/* Later versions of FreeBSD have getopt_long() */
275#if defined(optional_argument) && defined(required_argument)
276# define HAVE_GETOPT_LONG
277#endif
278#define HAVE_SOCKADDR_SA_LEN
279
280#elif defined(__APPLE__)
281#define HAVE_BSD_NETWORK
282#define HAVE_GETOPT_LONG
283#define HAVE_SOCKADDR_SA_LEN
284#define NO_IPSET
285/* Define before sys/socket.h is included so we get socklen_t */
286#define _BSD_SOCKLEN_T_
287/* Select the RFC_3542 version of the IPv6 socket API.
288 Define before netinet6/in6.h is included. */
289#define __APPLE_USE_RFC_3542
290/* Required for Mojave. */
291#ifndef SOL_TCP
292# define SOL_TCP IPPROTO_TCP
293#endif
294#define NO_IPSET
295
296#elif defined(__NetBSD__)
297#define HAVE_BSD_NETWORK
298#define HAVE_GETOPT_LONG
299#define HAVE_SOCKADDR_SA_LEN
300
301#elif defined(__sun) || defined(__sun__)
302#define HAVE_SOLARIS_NETWORK
303#define HAVE_GETOPT_LONG
304#undef HAVE_SOCKADDR_SA_LEN
305#define ETHER_ADDR_LEN 6
306
307#endif
308
309/* rules to implement compile-time option dependencies and
310 the NO_XXX flags */
311
312#ifdef NO_TFTP
313#undef HAVE_TFTP
314#endif
315
316#ifdef NO_DHCP
317#undef HAVE_DHCP
318#undef HAVE_DHCP6
319#endif
320
321#if defined(NO_DHCP6)
322#undef HAVE_DHCP6
323#endif
324
325/* DHCP6 needs DHCP too */
326#ifdef HAVE_DHCP6
327#define HAVE_DHCP
328#endif
329
330#if defined(NO_SCRIPT)
331#undef HAVE_SCRIPT
332#undef HAVE_LUASCRIPT
333#endif
334
335/* Must HAVE_SCRIPT to HAVE_LUASCRIPT */
336#ifdef HAVE_LUASCRIPT
337#define HAVE_SCRIPT
338#endif
339
340#ifdef NO_AUTH
341#undef HAVE_AUTH
342#endif
343
344#if defined(NO_IPSET)
345#undef HAVE_IPSET
346#endif
347
348#ifdef NO_LOOP
349#undef HAVE_LOOP
350#endif
351
352#ifdef NO_DUMPFILE
353#undef HAVE_DUMPFILE
354#endif
355
356#if defined (HAVE_LINUX_NETWORK) && !defined(NO_INOTIFY)
357#define HAVE_INOTIFY
358#endif
359
360/* Define a string indicating which options are in use.
361 DNSMASQ_COMPILE_OPTS is only defined in dnsmasq.c */
362
363#ifdef DNSMASQ_COMPILE_OPTS
364
365static char *compile_opts =
366"IPv6 "
367#ifndef HAVE_GETOPT_LONG
368"no-"
369#endif
370"GNU-getopt "
371#ifdef HAVE_BROKEN_RTC
372"no-RTC "
373#endif
374#ifndef HAVE_DBUS
375"no-"
376#endif
377"DBus "
378#ifndef HAVE_UBUS
379"no-"
380#endif
381"UBus "
382#ifndef LOCALEDIR
383"no-"
384#endif
385"i18n "
386#if defined(HAVE_LIBIDN2)
387"IDN2 "
388#else
389 #if !defined(HAVE_IDN)
390"no-"
391 #endif
392"IDN "
393#endif
394#ifndef HAVE_DHCP
395"no-"
396#endif
397"DHCP "
398#if defined(HAVE_DHCP)
399# if !defined (HAVE_DHCP6)
400 "no-"
401# endif
402 "DHCPv6 "
403#endif
404#if !defined(HAVE_SCRIPT)
405 "no-scripts "
406#else
407# if !defined(HAVE_LUASCRIPT)
408 "no-"
409# endif
410 "Lua "
411#endif
412#ifndef HAVE_TFTP
413"no-"
414#endif
415"TFTP "
416#ifndef HAVE_CONNTRACK
417"no-"
418#endif
419"conntrack "
420#ifndef HAVE_IPSET
421"no-"
422#endif
423"ipset "
424#ifndef HAVE_AUTH
425"no-"
426#endif
427"auth "
428#if !defined(HAVE_CRYPTOHASH) && !defined(HAVE_DNSSEC)
429"no-"
430#endif
431"cryptohash "
432#ifndef HAVE_DNSSEC
433"no-"
434#endif
435"DNSSEC "
436#ifdef NO_ID
437"no-ID "
438#endif
439#ifndef HAVE_LOOP
440"no-"
441#endif
442"loop-detect "
443#ifndef HAVE_INOTIFY
444"no-"
445#endif
446"inotify "
447#ifndef HAVE_DUMPFILE
448"no-"
449#endif
450"dumpfile";
451
452#endif /* defined(HAVE_DHCP) */