mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-26 19:00:34 +02:00
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into dnsmasq
This commit is contained in:
Matthias Fischer
@@ -40,9 +40,6 @@ if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
|
||||
echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
|
||||
echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
|
||||
echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
|
||||
echo "Name: linux-pae" > /opt/pakfire/db/meta/meta-linux-pae
|
||||
echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-pae
|
||||
echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-pae
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@@ -79,18 +79,13 @@ int main(int argc, char *argv[])
|
||||
freekeyvalues(kv);
|
||||
kv = NULL;
|
||||
|
||||
if (!(gw = fopen(CONFIG_ROOT "/red/remote-ipaddress", "r")))
|
||||
{
|
||||
if ((gw = fopen(CONFIG_ROOT "/red/remote-ipaddress", "r"))) {
|
||||
if (fgets(gateway, STRING_SIZE, gw) == NULL) {
|
||||
fprintf(stderr, "Couldn't read remote-ipaddress\n");
|
||||
exit(1);
|
||||
}
|
||||
} else {
|
||||
fprintf(stderr, "Couldn't open remote-ipaddress file\n");
|
||||
fclose(gw);
|
||||
gw = NULL;
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (fgets(gateway, STRING_SIZE, gw) == NULL)
|
||||
{
|
||||
fprintf(stderr, "Couldn't read remote-ipaddress\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (!(fd = fopen(CONFIG_ROOT "/main/hosts", "r")))
|
||||
@@ -112,7 +107,8 @@ int main(int argc, char *argv[])
|
||||
else
|
||||
fprintf(hosts, "%s\t%s\n",address,hostname);
|
||||
|
||||
fprintf(hosts, "%s\tgateway\n",gateway);
|
||||
if (strlen(gateway) > 0)
|
||||
fprintf(hosts, "%s\tgateway\n", gateway);
|
||||
|
||||
while (fgets(buffer, STRING_SIZE, fd))
|
||||
{
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
###############################################################################
|
||||
# #
|
||||
# IPFire.org - A linux based firewall #
|
||||
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
|
||||
# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
|
||||
# #
|
||||
# This program is free software: you can redistribute it and/or modify #
|
||||
# it under the terms of the GNU General Public License as published by #
|
||||
@@ -393,6 +393,7 @@ sub dbgetlist {
|
||||
foreach $file (@files) {
|
||||
next if ( $file eq "." );
|
||||
next if ( $file eq ".." );
|
||||
next if ( $file eq "meta-" );
|
||||
next if ( $file =~ /^old/ );
|
||||
open(FILE, "<$Conf::dbdir/meta/$file");
|
||||
@meta = <FILE>;
|
||||
@@ -589,6 +590,25 @@ sub resolvedeps {
|
||||
return @all;
|
||||
}
|
||||
|
||||
sub resolvedeps_recursive {
|
||||
my @packages = shift;
|
||||
my @result = ();
|
||||
|
||||
foreach my $pkg (@packages) {
|
||||
my @deps = &Pakfire::resolvedeps($pkg);
|
||||
|
||||
foreach my $dep (@deps) {
|
||||
push(@result, $dep);
|
||||
}
|
||||
}
|
||||
|
||||
# Sort the result array and remove dupes
|
||||
my %sort = map{ $_, 1 } @result;
|
||||
@result = keys %sort;
|
||||
|
||||
return @result;
|
||||
}
|
||||
|
||||
sub cleanup {
|
||||
my $dir = shift;
|
||||
my $path;
|
||||
@@ -695,7 +715,7 @@ sub getpak {
|
||||
}
|
||||
|
||||
unless ($file) {
|
||||
message("No filename given in meta-file. Please phone the developers.");
|
||||
message("No filename given in meta-file.");
|
||||
exit 1;
|
||||
}
|
||||
|
||||
@@ -870,6 +890,7 @@ sub checkcryptodb {
|
||||
unless ( "$ret" eq "0" ) {
|
||||
message("CRYPTO WARN: The GnuPG isn't configured corectly. Trying now to fix this.");
|
||||
message("CRYPTO WARN: It's normal to see this on first execution.");
|
||||
message("CRYPTO WARN: If this message is being shown repeatedly, check if time and date are set correctly, and if IPFire can connect via port 11371 TCP.");
|
||||
my $command = "gpg --keyserver pgp.ipfire.org --always-trust --status-fd 2";
|
||||
system("$command --recv-key $myid >> $Conf::logdir/gnupg-database.log 2>&1");
|
||||
system("$command --recv-key $trustid >> $Conf::logdir/gnupg-database.log 2>&1");
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
###############################################################################
|
||||
# #
|
||||
# IPFire.org - A linux based firewall #
|
||||
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
|
||||
# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
|
||||
# #
|
||||
# This program is free software: you can redistribute it and/or modify #
|
||||
# it under the terms of the GNU General Public License as published by #
|
||||
@@ -255,14 +255,11 @@
|
||||
} elsif ("$ARGV[0]" eq "upgrade") {
|
||||
&Pakfire::upgradecore();
|
||||
my @upgradepaks = &Pakfire::dblist("upgrade", "noweb");
|
||||
my @temp, $pak;
|
||||
|
||||
foreach (@upgradepaks) {
|
||||
@temp = &Pakfire::resolvedeps("$_");
|
||||
foreach (@temp) { push(@upgradepaks,$_) if $_; }
|
||||
}
|
||||
|
||||
|
||||
if (@upgradepaks) {
|
||||
# Resolve the dependencies of the to be upgraded packages
|
||||
my @deps = &Pakfire::resolvedeps_recursive(@upgradepaks);
|
||||
|
||||
&Pakfire::message("");
|
||||
&Pakfire::message("PAKFIRE UPGR: We are going to install all packages listed above.");
|
||||
if ($interactive) {
|
||||
@@ -277,16 +274,24 @@
|
||||
}
|
||||
}
|
||||
|
||||
### Download first
|
||||
# Download packages
|
||||
foreach $pak (@upgradepaks) {
|
||||
#system("mv $Conf::dbdir/meta/meta-$pak $Conf::dbdir/meta/old-meta-$pak");
|
||||
&Pakfire::getpak("$pak", "");
|
||||
}
|
||||
|
||||
|
||||
# Download dependencies
|
||||
foreach $pak (@deps) {
|
||||
&Pakfire::getpak("$pak", "");
|
||||
}
|
||||
|
||||
# Install dependencies first
|
||||
foreach $pak (@deps) {
|
||||
&Pakfire::setuppak("$pak");
|
||||
}
|
||||
|
||||
# Install all upgrades
|
||||
foreach $pak (@upgradepaks) {
|
||||
if (&Pakfire::upgradepak("$pak")) {
|
||||
#system("mv $Conf::dbdir/meta/old-meta-$pak $Conf::dbdir/meta/meta-$pak");
|
||||
}
|
||||
&Pakfire::upgradepak("$pak");
|
||||
}
|
||||
|
||||
} elsif ("$ARGV[0]" eq "list") {
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
############################################################################
|
||||
#
|
||||
. /opt/pakfire/lib/functions.sh
|
||||
extract_backup_includes
|
||||
stop_service ${NAME}
|
||||
make_backup ${NAME}
|
||||
remove_files
|
||||
|
||||
@@ -55,29 +55,24 @@ depmod -a $KVER-ipfire-pae
|
||||
#
|
||||
/usr/bin/dracut --force --xz /boot/initramfs-$KVER-ipfire-pae.img $KVER-ipfire-pae
|
||||
|
||||
|
||||
ROOT="$(find_partition "/")"
|
||||
case $ROOT in
|
||||
xvd* )
|
||||
#
|
||||
# We are on XEN so create new grub.conf / menu.lst for pygrub
|
||||
#
|
||||
echo "timeout 10" > /boot/grub/grub.conf
|
||||
echo "default 0" >> /boot/grub/grub.conf
|
||||
echo "title IPFire (pae-kernel)" >> /boot/grub/grub.conf
|
||||
echo " kernel /vmlinuz-$KVER-ipfire-pae root=/dev/$ROOT rootdelay=10 panic=10 console=hvc0" \
|
||||
>> /boot/grub/grub.conf
|
||||
echo " initrd /initramfs-$KVER-ipfire-pae.img" >> /boot/grub/grub.conf
|
||||
echo "# savedefault 0" >> /boot/grub/grub.conf
|
||||
ln -s grub.conf $MNThdd/boot/grub/menu.lst
|
||||
;;
|
||||
* )
|
||||
#
|
||||
# Update grub2 config
|
||||
#
|
||||
grub-mkconfig > /boot/grub/grub.cfg
|
||||
;;
|
||||
esac
|
||||
if [ -e /boot/grub/grub.cfg ]; then
|
||||
#
|
||||
# Update grub2 config
|
||||
#
|
||||
grub-mkconfig > /boot/grub/grub.cfg
|
||||
else
|
||||
#
|
||||
# xen pv with pygrub need grub.conf / menu.lst
|
||||
#
|
||||
echo "timeout 10" > /boot/grub/grub.conf
|
||||
echo "default 0" >> /boot/grub/grub.conf
|
||||
echo "title IPFire (pae-kernel)" >> /boot/grub/grub.conf
|
||||
echo " kernel /vmlinuz-$KVER-ipfire-pae root=/dev/$ROOT rootdelay=10 panic=10 console=hvc0" \
|
||||
>> /boot/grub/grub.conf
|
||||
echo " initrd /initramfs-$KVER-ipfire-pae.img" >> /boot/grub/grub.conf
|
||||
echo "# savedefault 0" >> /boot/grub/grub.conf
|
||||
ln -s grub.conf $MNThdd/boot/grub/menu.lst
|
||||
fi
|
||||
|
||||
# request a reboot if pae is supported
|
||||
if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
############################################################################
|
||||
#
|
||||
. /opt/pakfire/lib/functions.sh
|
||||
extract_backup_includes
|
||||
stop_service ${NAME}
|
||||
make_backup ${NAME}
|
||||
remove_files
|
||||
@@ -23,10 +23,12 @@
|
||||
#
|
||||
. /opt/pakfire/lib/functions.sh
|
||||
extract_files
|
||||
restore_backup ${NAME}
|
||||
postalias /etc/aliases
|
||||
# Set postfix's hostname
|
||||
postconf -e "myhostname=$(hostname -f)"
|
||||
/etc/init.d/postfix start
|
||||
|
||||
start_service ${NAME}
|
||||
|
||||
# Enable autostart for postfix
|
||||
ln -sf ../init.d/postfix /etc/rc.d/rc0.d/K25postfix
|
||||
|
||||
@@ -22,5 +22,8 @@
|
||||
############################################################################
|
||||
#
|
||||
. /opt/pakfire/lib/functions.sh
|
||||
extract_backup_includes
|
||||
stop_service ${NAME}
|
||||
make_backup ${NAME}
|
||||
remove_files
|
||||
rm -rfv /etc/rc.d/rc*.d/*postfix
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f2658275b25ebfe691cdcb9fede85a3088cca168 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 25 Sep 2014 21:51:25 +0100
|
||||
Subject: [PATCH 01/87] Add newline at the end of example config file.
|
||||
Subject: [PATCH 01/98] Add newline at the end of example config file.
|
||||
|
||||
---
|
||||
dnsmasq.conf.example | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 00cd9d551998307225312fd21f761cfa8868bd2c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 2 Oct 2014 21:44:21 +0100
|
||||
Subject: [PATCH 02/87] crash at startup when an empty suffix is supplied to
|
||||
Subject: [PATCH 02/98] crash at startup when an empty suffix is supplied to
|
||||
--conf-dir
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 6ac3bc0452a74e16e3d620a0757b0f8caab182ec Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 3 Oct 2014 08:48:11 +0100
|
||||
Subject: [PATCH 03/87] Debian build fixes for kFreeBSD
|
||||
Subject: [PATCH 03/98] Debian build fixes for kFreeBSD
|
||||
|
||||
---
|
||||
src/tables.c | 6 +++++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From e9828b6f66b22ce8873f8d30a773137d1aef1b92 Mon Sep 17 00:00:00 2001
|
||||
From: Karl Vogel <karl.vogel@gmail.com>
|
||||
Date: Fri, 3 Oct 2014 21:45:15 +0100
|
||||
Subject: [PATCH 04/87] Set conntrack mark before connect() call.
|
||||
Subject: [PATCH 04/98] Set conntrack mark before connect() call.
|
||||
|
||||
SO_MARK has to be done before issuing the connect() call on the
|
||||
TCP socket.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 17b475912f6a4e72797a543dad59d4d5dde6bb1b Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Collins <daniel.collins@smoothwall.net>
|
||||
Date: Fri, 3 Oct 2014 21:58:43 +0100
|
||||
Subject: [PATCH 05/87] Fix typo in new Dbus code.
|
||||
Subject: [PATCH 05/98] Fix typo in new Dbus code.
|
||||
|
||||
Simon's fault.
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3d9d2dd0018603a2ae4b9cd65ac6ff959f4fd8c7 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Hozza <thozza@redhat.com>
|
||||
Date: Mon, 6 Oct 2014 10:46:48 +0100
|
||||
Subject: [PATCH 06/87] Fit example conf file typo.
|
||||
Subject: [PATCH 06/98] Fit example conf file typo.
|
||||
|
||||
---
|
||||
dnsmasq.conf.example | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From b9ff5c8f435173cfa616e3c398bdc089ef690a07 Mon Sep 17 00:00:00 2001
|
||||
From: Vladislav Grishenko <themiron@mail.ru>
|
||||
Date: Mon, 6 Oct 2014 14:34:24 +0100
|
||||
Subject: [PATCH 07/87] Improve RFC-compliance when unable to supply addresses
|
||||
Subject: [PATCH 07/98] Improve RFC-compliance when unable to supply addresses
|
||||
in DHCPv6
|
||||
|
||||
While testing https://github.com/sbyx/odhcp6c client I have noticed it
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 98906275a02ae260fe3f82133bd79054f8315f06 Mon Sep 17 00:00:00 2001
|
||||
From: Hans Dedecker <dedeckeh@gmail.com>
|
||||
Date: Tue, 9 Dec 2014 22:22:53 +0000
|
||||
Subject: [PATCH 08/87] Fix conntrack with --bind-interfaces
|
||||
Subject: [PATCH 08/98] Fix conntrack with --bind-interfaces
|
||||
|
||||
Make sure dst_addr is assigned the correct address in receive_query when OPTNOWILD is
|
||||
enabled so the assigned mark can be correctly retrieved and set in forward_query when
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 193de4abf59e49c6b70d54cfe9720fcb95ca2f71 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 10 Dec 2014 17:32:16 +0000
|
||||
Subject: [PATCH 09/87] Use inotify instead of polling on Linux.
|
||||
Subject: [PATCH 09/98] Use inotify instead of polling on Linux.
|
||||
|
||||
This should solve problems people are seeing when a file changes
|
||||
twice within a second and thus is missed for polling.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 857973e6f7e0a3d03535a9df7f9373fd7a0b65cc Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 15 Dec 2014 15:58:13 +0000
|
||||
Subject: [PATCH 10/87] Teach the new inotify code about symlinks.
|
||||
Subject: [PATCH 10/98] Teach the new inotify code about symlinks.
|
||||
|
||||
---
|
||||
src/inotify.c | 43 +++++++++++++++++++++++++++----------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 800c5cc1e7438818fd80f08c2d472df249a6942d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 15 Dec 2014 17:50:15 +0000
|
||||
Subject: [PATCH 11/87] Remove floor on EDNS0 packet size with DNSSEC.
|
||||
Subject: [PATCH 11/98] Remove floor on EDNS0 packet size with DNSSEC.
|
||||
|
||||
---
|
||||
CHANGELOG | 6 +++++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From ad946d555dce44eb690c7699933b6ff40ab85bb6 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 15 Dec 2014 17:52:22 +0000
|
||||
Subject: [PATCH 12/87] CHANGELOG re. inotify.
|
||||
Subject: [PATCH 12/98] CHANGELOG re. inotify.
|
||||
|
||||
---
|
||||
CHANGELOG | 4 ++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3ad3f3bbd4ee716a7d2fb1e115cf89bd1b1a5de9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 16 Dec 2014 18:25:17 +0000
|
||||
Subject: [PATCH 13/87] Fix breakage of --domain=<domain>,<subnet>,local
|
||||
Subject: [PATCH 13/98] Fix breakage of --domain=<domain>,<subnet>,local
|
||||
|
||||
---
|
||||
CHANGELOG | 4 ++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From bd9520b7ade7098ee423acc38965376aa57feb07 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 16 Dec 2014 20:41:29 +0000
|
||||
Subject: [PATCH 14/87] Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
|
||||
Subject: [PATCH 14/98] Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
|
||||
|
||||
---
|
||||
src/network.c | 4 ----
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 476693678e778886b64d0b56e27eb7695cbcca99 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 17 Dec 2014 12:41:56 +0000
|
||||
Subject: [PATCH 15/87] Eliminate IPv6 privacy addresses from --interface-name
|
||||
Subject: [PATCH 15/98] Eliminate IPv6 privacy addresses from --interface-name
|
||||
answers.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3267804598047bd1781cab91508d1bc516e5ddbb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 17 Dec 2014 20:38:20 +0000
|
||||
Subject: [PATCH 16/87] Tweak field width in cache dump to avoid truncating
|
||||
Subject: [PATCH 16/98] Tweak field width in cache dump to avoid truncating
|
||||
IPv6 addresses.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 094b5c3d904bae9aeb3206d9f3b8348926b84975 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 21 Dec 2014 16:11:52 +0000
|
||||
Subject: [PATCH 17/87] Fix crash in DNSSEC code when attempting to verify
|
||||
Subject: [PATCH 17/98] Fix crash in DNSSEC code when attempting to verify
|
||||
large RRs.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From cbc652423403e3cef00e00240f6beef713142246 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 21 Dec 2014 21:21:53 +0000
|
||||
Subject: [PATCH 18/87] Make caching work for CNAMEs pointing to A/AAAA records
|
||||
Subject: [PATCH 18/98] Make caching work for CNAMEs pointing to A/AAAA records
|
||||
shadowed in /etc/hosts
|
||||
|
||||
If the answer to an upstream query is a CNAME which points to an
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fbc5205702c7f6f431d9f1043c553d7fb62ddfdb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 23 Dec 2014 15:46:08 +0000
|
||||
Subject: [PATCH 19/87] Fix problems validating NSEC3 and wildcards.
|
||||
Subject: [PATCH 19/98] Fix problems validating NSEC3 and wildcards.
|
||||
|
||||
---
|
||||
src/dnssec.c | 253 ++++++++++++++++++++++++++++++-----------------------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 83d2ed09fc0216b567d7fb2197e4ff3eae150b0d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 23 Dec 2014 18:42:38 +0000
|
||||
Subject: [PATCH 20/87] Initialise return value.
|
||||
Subject: [PATCH 20/98] Initialise return value.
|
||||
|
||||
---
|
||||
src/dnssec.c | 7 +++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 32fc6dbe03569d70dd394420ceb73532cf303c33 Mon Sep 17 00:00:00 2001
|
||||
From: Glen Huang <curvedmark@gmail.com>
|
||||
Date: Sat, 27 Dec 2014 15:28:12 +0000
|
||||
Subject: [PATCH 21/87] Add --ignore-address option.
|
||||
Subject: [PATCH 21/98] Add --ignore-address option.
|
||||
|
||||
---
|
||||
CHANGELOG | 8 ++++++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0b1008d367d44e77352134a4c5178f896f0db3e7 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 27 Dec 2014 15:33:32 +0000
|
||||
Subject: [PATCH 22/87] Bad packet protection.
|
||||
Subject: [PATCH 22/98] Bad packet protection.
|
||||
|
||||
---
|
||||
src/dnssec.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From d310ab7ecbffce79d3d90debba621e0222f9bced Mon Sep 17 00:00:00 2001
|
||||
From: Matthias Andree <matthias.andree@gmx.de>
|
||||
Date: Sat, 27 Dec 2014 15:36:38 +0000
|
||||
Subject: [PATCH 23/87] Fix build failure in new inotify code on BSD.
|
||||
Subject: [PATCH 23/98] Fix build failure in new inotify code on BSD.
|
||||
|
||||
---
|
||||
src/inotify.c | 4 ++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 81c538efcebfce2ce4a1d3a420b6c885b8f08df9 Mon Sep 17 00:00:00 2001
|
||||
From: Yousong Zhou <yszhou4tech@gmail.com>
|
||||
Date: Sat, 3 Jan 2015 16:36:14 +0000
|
||||
Subject: [PATCH 24/87] Implement makefile dependencies on COPTS variable.
|
||||
Subject: [PATCH 24/98] Implement makefile dependencies on COPTS variable.
|
||||
|
||||
---
|
||||
.gitignore | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From d8dbd903d024f84a149dac2f8a674a68dfed47a3 Mon Sep 17 00:00:00 2001
|
||||
From: Yousong Zhou <yszhou4tech@gmail.com>
|
||||
Date: Mon, 5 Jan 2015 17:03:35 +0000
|
||||
Subject: [PATCH 25/87] Fix race condition issue in makefile.
|
||||
Subject: [PATCH 25/98] Fix race condition issue in makefile.
|
||||
|
||||
---
|
||||
Makefile | 4 +++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 97e618a0e3f29465acc689d87288596b006f197e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 7 Jan 2015 21:55:43 +0000
|
||||
Subject: [PATCH 26/87] DNSSEC: do top-down search for limit of secure
|
||||
Subject: [PATCH 26/98] DNSSEC: do top-down search for limit of secure
|
||||
delegation.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 25cf5e373eb41c088d4ee5e625209c4cf6a5659e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 9 Jan 2015 15:53:03 +0000
|
||||
Subject: [PATCH 27/87] Add --log-queries=extra option for more complete
|
||||
Subject: [PATCH 27/98] Add --log-queries=extra option for more complete
|
||||
logging.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 28de38768e2c7d763b9aa5b7a4d251d5e56bab0b Mon Sep 17 00:00:00 2001
|
||||
From: RinSatsuki <aa65535@live.com>
|
||||
Date: Sat, 10 Jan 2015 15:22:21 +0000
|
||||
Subject: [PATCH 28/87] Add --min-cache-ttl option.
|
||||
Subject: [PATCH 28/98] Add --min-cache-ttl option.
|
||||
|
||||
---
|
||||
CHANGELOG | 7 +++++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 9f79ee4ae34886c0319f06d8f162b81ef79d62fb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 12 Jan 2015 20:18:18 +0000
|
||||
Subject: [PATCH 29/87] Log port of requestor when doing extra logging.
|
||||
Subject: [PATCH 29/98] Log port of requestor when doing extra logging.
|
||||
|
||||
---
|
||||
src/cache.c | 6 +++---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 5e321739db381a1d7b5964d76e9c81471d2564c9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 12 Jan 2015 23:16:56 +0000
|
||||
Subject: [PATCH 30/87] Don't answer from cache RRsets from wildcards, as we
|
||||
Subject: [PATCH 30/98] Don't answer from cache RRsets from wildcards, as we
|
||||
don't have NSECs.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From ae4624bf46b5e37ff1a9a2ba3c927e0dede95adb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 12 Jan 2015 23:22:08 +0000
|
||||
Subject: [PATCH 31/87] Logs for DS records consistent.
|
||||
Subject: [PATCH 31/98] Logs for DS records consistent.
|
||||
|
||||
---
|
||||
src/rfc1035.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 393415597c8b5b09558b789ab9ac238dbe3db65d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 18 Jan 2015 22:11:10 +0000
|
||||
Subject: [PATCH 32/87] Cope with multiple interfaces with the same LL address.
|
||||
Subject: [PATCH 32/98] Cope with multiple interfaces with the same LL address.
|
||||
|
||||
---
|
||||
CHANGELOG | 4 ++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 2ae195f5a71f7c5a75717845de1bd72fc7dd67f3 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 18 Jan 2015 22:20:48 +0000
|
||||
Subject: [PATCH 33/87] Don't treat SERVFAIL as a recoverable error.....
|
||||
Subject: [PATCH 33/98] Don't treat SERVFAIL as a recoverable error.....
|
||||
|
||||
---
|
||||
src/forward.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 5f4dc5c6ca50655ab14f572c7e30815ed74cd51a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 20 Jan 2015 20:51:02 +0000
|
||||
Subject: [PATCH 34/87] Add --dhcp-hostsdir config option.
|
||||
Subject: [PATCH 34/98] Add --dhcp-hostsdir config option.
|
||||
|
||||
---
|
||||
CHANGELOG | 5 +++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fbf01f7046e75f9aa73fd4aab2a94e43386d9052 Mon Sep 17 00:00:00 2001
|
||||
From: Conrad Kostecki <ck@conrad-kostecki.de>
|
||||
Date: Tue, 20 Jan 2015 21:07:56 +0000
|
||||
Subject: [PATCH 35/87] Update German translation.
|
||||
Subject: [PATCH 35/98] Update German translation.
|
||||
|
||||
---
|
||||
po/de.po | 101 +++++++++++++++++++++++++++++----------------------------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 61b838dd574c51d96fef100285a0d225824534f9 Mon Sep 17 00:00:00 2001
|
||||
From: Win King Wan <pinwing+dnsmasq@gmail.com>
|
||||
Date: Wed, 21 Jan 2015 20:41:48 +0000
|
||||
Subject: [PATCH 36/87] Don't reply to DHCPv6 SOLICIT messages when not
|
||||
Subject: [PATCH 36/98] Don't reply to DHCPv6 SOLICIT messages when not
|
||||
configured for statefull DHCPv6.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0491805d2ff6e7727f0272c94fd97d9897d1e22c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 26 Jan 2015 11:23:43 +0000
|
||||
Subject: [PATCH 37/87] Allow inotify to be disabled at compile time on Linux.
|
||||
Subject: [PATCH 37/98] Allow inotify to be disabled at compile time on Linux.
|
||||
|
||||
---
|
||||
CHANGELOG | 4 +++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 70d1873dd9e70041ed4bb88c69d5b886b7cc634c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 19:59:29 +0000
|
||||
Subject: [PATCH 38/87] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and
|
||||
Subject: [PATCH 38/98] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and
|
||||
hostsdir.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From aff3396280e944833f0e23d834aa6acd5fe2605a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 20:13:40 +0000
|
||||
Subject: [PATCH 39/87] Update copyrights for dawn of 2015.
|
||||
Subject: [PATCH 39/98] Update copyrights for dawn of 2015.
|
||||
|
||||
---
|
||||
Makefile | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3d04f46334d0e345f589eda1372e638b946fe637 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 21:59:13 +0000
|
||||
Subject: [PATCH 40/87] inotify documentation updates.
|
||||
Subject: [PATCH 40/98] inotify documentation updates.
|
||||
|
||||
---
|
||||
man/dnsmasq.8 | 11 +++++++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 22:44:26 +0000
|
||||
Subject: [PATCH 41/87] Fix broken ECDSA DNSSEC signatures.
|
||||
Subject: [PATCH 41/98] Fix broken ECDSA DNSSEC signatures.
|
||||
|
||||
---
|
||||
CHANGELOG | 2 ++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 106266761828a0acb006346ae47bf031dee46a5d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 1 Feb 2015 00:15:16 +0000
|
||||
Subject: [PATCH 42/87] BSD make support
|
||||
Subject: [PATCH 42/98] BSD make support
|
||||
|
||||
---
|
||||
Makefile | 6 ++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 8d8a54ec79d9f96979fabbd97b1dd2ddebc7d78f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 1 Feb 2015 21:48:46 +0000
|
||||
Subject: [PATCH 43/87] Fix build failure on openBSD.
|
||||
Subject: [PATCH 43/98] Fix build failure on openBSD.
|
||||
|
||||
---
|
||||
src/tables.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From d36b732c4cfa91ea09af64b5dc0f3a85a075e5bc Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= <thiebaud@weksteen.fr>
|
||||
Date: Mon, 2 Feb 2015 21:37:27 +0000
|
||||
Subject: [PATCH 44/87] Manpage typo fix.
|
||||
Subject: [PATCH 44/98] Manpage typo fix.
|
||||
|
||||
---
|
||||
man/dnsmasq.8 | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 2941d3ac898cf84b544e47c9735c5e4111711db1 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 2 Feb 2015 22:36:42 +0000
|
||||
Subject: [PATCH 45/87] Fixup dhcp-configs after reading extra hostfiles with
|
||||
Subject: [PATCH 45/98] Fixup dhcp-configs after reading extra hostfiles with
|
||||
inotify.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f9c863708c6b0aea31ff7a466647685dc739de50 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 3 Feb 2015 21:52:48 +0000
|
||||
Subject: [PATCH 46/87] Extra logging for inotify code.
|
||||
Subject: [PATCH 46/98] Extra logging for inotify code.
|
||||
|
||||
---
|
||||
src/cache.c | 9 ++++-----
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From efb8b5566aafc1f3ce18514a2df93af5a2e4998c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 7 Feb 2015 22:36:34 +0000
|
||||
Subject: [PATCH 47/87] man page typo.
|
||||
Subject: [PATCH 47/98] man page typo.
|
||||
|
||||
---
|
||||
man/dnsmasq.8 | 1 +
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f4f400776b3c1aa303d1a0fcd500f0ab5bc970f2 Mon Sep 17 00:00:00 2001
|
||||
From: Shantanu Gadgil <shantanugadgil@yahoo.com>
|
||||
Date: Wed, 11 Feb 2015 20:16:59 +0000
|
||||
Subject: [PATCH 48/87] Fix get-version script which returned wrong tag in some
|
||||
Subject: [PATCH 48/98] Fix get-version script which returned wrong tag in some
|
||||
situations.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 8ff70de618eb7de9147dbfbd4deca4a2dd62f0cb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 14 Feb 2015 20:02:37 +0000
|
||||
Subject: [PATCH 49/87] Typos.
|
||||
Subject: [PATCH 49/98] Typos.
|
||||
|
||||
---
|
||||
src/inotify.c | 3 ++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From caeea190f12efd20139f694aac4942d1ac00019f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 14 Feb 2015 20:08:56 +0000
|
||||
Subject: [PATCH 50/87] Make dynamic hosts files work when --no-hosts set.
|
||||
Subject: [PATCH 50/98] Make dynamic hosts files work when --no-hosts set.
|
||||
|
||||
---
|
||||
src/cache.c | 21 +++++++++++----------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 28b879ac47b872af6e8c5e86d76806c69338434d Mon Sep 17 00:00:00 2001
|
||||
From: Chen Wei <weichen302@icloud.com>
|
||||
Date: Tue, 17 Feb 2015 22:07:35 +0000
|
||||
Subject: [PATCH 51/87] Fix trivial memory leaks to quieten valgrind.
|
||||
Subject: [PATCH 51/98] Fix trivial memory leaks to quieten valgrind.
|
||||
|
||||
---
|
||||
src/dnsmasq.c | 2 ++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0705a7e2d57654b27c7e14f35ca77241c1821f4d Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Hozza <thozza@redhat.com>
|
||||
Date: Mon, 23 Feb 2015 21:26:26 +0000
|
||||
Subject: [PATCH 52/87] Fix uninitialized value used in get_client_mac()
|
||||
Subject: [PATCH 52/98] Fix uninitialized value used in get_client_mac()
|
||||
|
||||
---
|
||||
src/dhcp6.c | 4 +++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 47b9ac59c715827252ae6e6732903c3dabb697fb Mon Sep 17 00:00:00 2001
|
||||
From: Joachim Zobel <jz-2014@heute-morgen.de>
|
||||
Date: Mon, 23 Feb 2015 21:38:11 +0000
|
||||
Subject: [PATCH 53/87] Log parsing utils in contrib/reverse-dns
|
||||
Subject: [PATCH 53/98] Log parsing utils in contrib/reverse-dns
|
||||
|
||||
---
|
||||
contrib/reverse-dns/README | 18 ++++++++++++++++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f6e62e2af96f5fa0d1e3d93167a93a8f09bf6e61 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 1 Mar 2015 18:17:54 +0000
|
||||
Subject: [PATCH 54/87] Add --dnssec-timestamp option and facility.
|
||||
Subject: [PATCH 54/98] Add --dnssec-timestamp option and facility.
|
||||
|
||||
---
|
||||
CHANGELOG | 6 +++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 9003b50b13da624ca45f3e0cf99abb623b8d026b Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 2 Mar 2015 22:47:23 +0000
|
||||
Subject: [PATCH 55/87] Fix last commit to not crash if uid changing not
|
||||
Subject: [PATCH 55/98] Fix last commit to not crash if uid changing not
|
||||
configured.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 4c960fa90a975d20f75a1ecabd217247f1922c8f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 4 Mar 2015 20:32:26 +0000
|
||||
Subject: [PATCH 56/87] New version of contrib/reverse-dns
|
||||
Subject: [PATCH 56/98] New version of contrib/reverse-dns
|
||||
|
||||
---
|
||||
contrib/reverse-dns/README | 22 +++---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 360f2513ab12a9bf1e262d388dd2ea8a566590a3 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 7 Mar 2015 18:28:06 +0000
|
||||
Subject: [PATCH 57/87] Tweak DNSSEC timestamp code to create file later,
|
||||
Subject: [PATCH 57/98] Tweak DNSSEC timestamp code to create file later,
|
||||
removing need to chown it.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From ff841ebf5a5d6864ff48571f607c32ce80dbb75a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 11 Mar 2015 21:36:30 +0000
|
||||
Subject: [PATCH 58/87] Fix boilerplate code for re-running system calls on
|
||||
Subject: [PATCH 58/98] Fix boilerplate code for re-running system calls on
|
||||
EINTR and EAGAIN etc.
|
||||
|
||||
The nasty code with static variable in retry_send() which
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 979fe86bc8693f660eddea232ae39cbbb50b294c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 19 Mar 2015 22:50:22 +0000
|
||||
Subject: [PATCH 59/87] Make --address=/example.com/ equivalent to
|
||||
Subject: [PATCH 59/98] Make --address=/example.com/ equivalent to
|
||||
--server=/example.com/
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 65c721200023ef0023114459a8d12f8b0a24cfd8 Mon Sep 17 00:00:00 2001
|
||||
From: Lung-Pin Chang <changlp@cs.nctu.edu.tw>
|
||||
Date: Thu, 19 Mar 2015 23:22:21 +0000
|
||||
Subject: [PATCH 60/87] dhcp: set outbound interface via cmsg in unicast reply
|
||||
Subject: [PATCH 60/98] dhcp: set outbound interface via cmsg in unicast reply
|
||||
|
||||
If multiple routes to the same network exist, Linux blindly picks
|
||||
the first interface (route) based on destination address, which might not be
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 8805283088d670baecb92569252c01cf754cda51 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 26 Mar 2015 21:15:43 +0000
|
||||
Subject: [PATCH 61/87] Don't fail DNSSEC when a signed CNAME dangles into an
|
||||
Subject: [PATCH 61/98] Don't fail DNSSEC when a signed CNAME dangles into an
|
||||
unsigned zone.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 150162bc37170a6edae9d488435e836b1e4e3a4e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 27 Mar 2015 09:58:26 +0000
|
||||
Subject: [PATCH 62/87] Return SERVFAIL when validation abandoned.
|
||||
Subject: [PATCH 62/98] Return SERVFAIL when validation abandoned.
|
||||
|
||||
---
|
||||
src/forward.c | 11 +++++++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0b8a5a30a77331974ba24a04e43e720585dfbc61 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 27 Mar 2015 11:44:55 +0000
|
||||
Subject: [PATCH 63/87] Protect against broken DNSSEC upstreams.
|
||||
Subject: [PATCH 63/98] Protect against broken DNSSEC upstreams.
|
||||
|
||||
---
|
||||
src/dnssec.c | 7 +++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 1e153945def3c50d1e59ceea6a768db0ac770f98 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 28 Mar 2015 21:34:07 +0000
|
||||
Subject: [PATCH 64/87] DNSSEC fix for non-ascii characters in labels.
|
||||
Subject: [PATCH 64/98] DNSSEC fix for non-ascii characters in labels.
|
||||
|
||||
---
|
||||
src/dnssec.c | 34 +++++++++++++++++-----------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 394ff492da6af5da7e7d356be9586683bc5fc011 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 29 Mar 2015 22:17:14 +0100
|
||||
Subject: [PATCH 65/87] Allow control characters in names in the cache, handle
|
||||
Subject: [PATCH 65/98] Allow control characters in names in the cache, handle
|
||||
when logging.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 794fccca7ffebfba4468bfffc6276b68bbf6afd9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 29 Mar 2015 22:35:44 +0100
|
||||
Subject: [PATCH 66/87] Fix crash in last commit.
|
||||
Subject: [PATCH 66/98] Fix crash in last commit.
|
||||
|
||||
---
|
||||
src/cache.c | 7 ++++---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fd6ad9e481ab7c812a6b1515244908818cbb0442 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 30 Mar 2015 07:52:21 +0100
|
||||
Subject: [PATCH 67/87] Merge message translations.
|
||||
Subject: [PATCH 67/98] Merge message translations.
|
||||
|
||||
---
|
||||
po/de.po | 803 +++++++++++++++++++++++++++++++++--------------------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 30d0879ed55cb67b1b735beab3d93f3bb3ef1dd2 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
|
||||
Date: Tue, 31 Mar 2015 22:32:11 +0100
|
||||
Subject: [PATCH 68/87] add --tftp-no-fail to ignore missing tftp root
|
||||
Subject: [PATCH 68/98] add --tftp-no-fail to ignore missing tftp root
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 7aa970e2c7043201663d86a4b5d8cd5c592cef39 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
|
||||
Date: Wed, 1 Apr 2015 17:55:07 +0100
|
||||
Subject: [PATCH 69/87] Whitespace fixes.
|
||||
Subject: [PATCH 69/98] Whitespace fixes.
|
||||
|
||||
---
|
||||
src/dnsmasq.c | 14 +++++++-------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fe3992f9fa69fa975ea31919c53933b5f6a63527 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 3 Apr 2015 21:25:05 +0100
|
||||
Subject: [PATCH 70/87] Return INSECURE, rather than BOGUS when DS proved not
|
||||
Subject: [PATCH 70/98] Return INSECURE, rather than BOGUS when DS proved not
|
||||
to exist.
|
||||
|
||||
Return INSECURE when validating DNS replies which have RRSIGs, but
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 982faf402487e265ed11ac03524531d42b03c966 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 3 Apr 2015 21:42:30 +0100
|
||||
Subject: [PATCH 71/87] Fix compiler warning when not including DNSSEC.
|
||||
Subject: [PATCH 71/98] Fix compiler warning when not including DNSSEC.
|
||||
|
||||
---
|
||||
src/forward.c | 3 ++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 04b0ac05377936d121a36873bb63d492cde292c9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 6 Apr 2015 17:19:13 +0100
|
||||
Subject: [PATCH 72/87] Fix crash caused by looking up servers.bind when many
|
||||
Subject: [PATCH 72/98] Fix crash caused by looking up servers.bind when many
|
||||
servers defined.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 9 Apr 2015 21:48:00 +0100
|
||||
Subject: [PATCH 73/87] Fix crash on receipt of certain malformed DNS requests.
|
||||
Subject: [PATCH 73/98] Fix crash on receipt of certain malformed DNS requests.
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 38440b204db65f9be16c4c3daa7e991e4356f6ed Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 12 Apr 2015 21:52:47 +0100
|
||||
Subject: [PATCH 74/87] Fix crash in auth code with odd configuration.
|
||||
Subject: [PATCH 74/98] Fix crash in auth code with odd configuration.
|
||||
|
||||
---
|
||||
CHANGELOG | 32 +++++++++++++++++++++-----------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 78c6184752dce27849e36cce4360abc27b8d76d2 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 16 Apr 2015 15:05:30 +0100
|
||||
Subject: [PATCH 75/87] Auth: correct replies to NS and SOA in .arpa zones.
|
||||
Subject: [PATCH 75/98] Auth: correct replies to NS and SOA in .arpa zones.
|
||||
|
||||
---
|
||||
CHANGELOG | 8 ++++++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From b4c0f092d8ce63ea4763c0ac17aa8d24318ad301 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
|
||||
Date: Thu, 16 Apr 2015 15:20:59 +0100
|
||||
Subject: [PATCH 76/87] Fix (srk induced) crash in new tftp_no_fail code.
|
||||
Subject: [PATCH 76/98] Fix (srk induced) crash in new tftp_no_fail code.
|
||||
|
||||
---
|
||||
src/dnsmasq.c | 6 ++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0df29f5e23fd2f16181847db1fcf3a8b392d869a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 16 Apr 2015 15:24:52 +0100
|
||||
Subject: [PATCH 77/87] Note CVE-2015-3294
|
||||
Subject: [PATCH 77/98] Note CVE-2015-3294
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 554b580e970275d5a869cb4fbfb2716f92b2f664 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 17 Apr 2015 22:50:20 +0100
|
||||
Subject: [PATCH 78/87] Log domain when reporting DNSSEC validation failure.
|
||||
Subject: [PATCH 78/98] Log domain when reporting DNSSEC validation failure.
|
||||
|
||||
---
|
||||
src/forward.c | 15 ++++++++++-----
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From a006eb7e1486023480ea40244720ef7aab51de71 Mon Sep 17 00:00:00 2001
|
||||
From: Moshe Levi <moshele@mellanox.com>
|
||||
Date: Sun, 19 Apr 2015 22:10:40 +0100
|
||||
Subject: [PATCH 79/87] Check IP address command line arg in dhcp_release.c
|
||||
Subject: [PATCH 79/98] Check IP address command line arg in dhcp_release.c
|
||||
|
||||
---
|
||||
contrib/wrt/dhcp_release.c | 5 +++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 338b340be9e7198f5c0f68133d070d6598a0814c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 20 Apr 2015 21:34:05 +0100
|
||||
Subject: [PATCH 80/87] Revert 61b838dd574c51d96fef100285a0d225824534f9 and
|
||||
Subject: [PATCH 80/98] Revert 61b838dd574c51d96fef100285a0d225824534f9 and
|
||||
just quieten log instead.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From cbe379ad6b52a538a4416a7cd992817e5637ccf9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 21 Apr 2015 22:57:06 +0100
|
||||
Subject: [PATCH 81/87] Handle domain names with '.' or /000 within labels.
|
||||
Subject: [PATCH 81/98] Handle domain names with '.' or /000 within labels.
|
||||
|
||||
Only in DNSSEC mode, where we might need to validate or store
|
||||
such names. In none-DNSSEC mode, simply don't cache these, as before.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From b8f16556d36924cd8dc7663cb4129d7b1f3fc2be Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 22 Apr 2015 21:14:31 +0100
|
||||
Subject: [PATCH 82/87] Tweaks to previous, DNS label charset commit.
|
||||
Subject: [PATCH 82/98] Tweaks to previous, DNS label charset commit.
|
||||
|
||||
---
|
||||
src/dns-protocol.h | 6 +++++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From a5ae1f85873829efe473075ad77806cc02792622 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 25 Apr 2015 21:46:10 +0100
|
||||
Subject: [PATCH 83/87] Logs in DHCPv6 not suppressed by dhcp6-quiet.
|
||||
Subject: [PATCH 83/98] Logs in DHCPv6 not suppressed by dhcp6-quiet.
|
||||
|
||||
---
|
||||
CHANGELOG | 6 +++++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 8efd731cc4ed2baa42aa69d0a9d336392e9987cb Mon Sep 17 00:00:00 2001
|
||||
From: "Johnny S. Lee" <_@jsl.io>
|
||||
Date: Sun, 26 Apr 2015 22:23:57 +0100
|
||||
Subject: [PATCH 84/87] Make get-version work when repo is a git submodule.
|
||||
Subject: [PATCH 84/98] Make get-version work when repo is a git submodule.
|
||||
|
||||
---
|
||||
bld/get-version | 5 +++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From e66b4dff3c562c7836d5be4c26972d665ad783f1 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 28 Apr 2015 20:45:57 +0100
|
||||
Subject: [PATCH 85/87] Fix argument-order botch which broke DNSSEC for TCP
|
||||
Subject: [PATCH 85/98] Fix argument-order botch which broke DNSSEC for TCP
|
||||
queries.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 2ed162ac204f3609fe4d9f9a0430baeaa352d88f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 28 Apr 2015 21:26:35 +0100
|
||||
Subject: [PATCH 86/87] Don't remove RRSIG RR from answers to ANY queries when
|
||||
Subject: [PATCH 86/98] Don't remove RRSIG RR from answers to ANY queries when
|
||||
the do bit is not set.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 64bcff1c7c72eecda8750bc2dca8b4c5dc38a837 Mon Sep 17 00:00:00 2001
|
||||
From: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
|
||||
Date: Tue, 28 Apr 2015 21:55:18 +0100
|
||||
Subject: [PATCH 87/87] Constify some DHCP lease management functions.
|
||||
Subject: [PATCH 87/98] Constify some DHCP lease management functions.
|
||||
|
||||
---
|
||||
src/dnsmasq.h | 7 ++++---
|
||||
|
||||
@@ -0,0 +1,332 @@
|
||||
From a77cec8d58231d71cbc26615f0c0f0292c09ef54 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 8 May 2015 16:25:38 +0100
|
||||
Subject: [PATCH 88/98] Handle UDP packet loss when fragmentation of large
|
||||
packets is broken.
|
||||
|
||||
---
|
||||
CHANGELOG | 6 ++++++
|
||||
src/config.h | 1 +
|
||||
src/dnsmasq.h | 5 +++--
|
||||
src/dnssec.c | 11 +++++++++--
|
||||
src/forward.c | 37 +++++++++++++++++++++++++++++--------
|
||||
src/network.c | 1 +
|
||||
src/option.c | 18 +++++++++++-------
|
||||
src/rfc1035.c | 22 ++++++----------------
|
||||
8 files changed, 66 insertions(+), 35 deletions(-)
|
||||
|
||||
diff --git a/CHANGELOG b/CHANGELOG
|
||||
index af2b22cf8f73..d8fc57a418bb 100644
|
||||
--- a/CHANGELOG
|
||||
+++ b/CHANGELOG
|
||||
@@ -109,6 +109,12 @@ version 2.73
|
||||
by quiet-dhcp6. Thanks to J. Pablo Abonia for
|
||||
spotting the problem.
|
||||
|
||||
+ Try and handle net connections with broken fragmentation
|
||||
+ that lose large UDP packets. If a server times out,
|
||||
+ reduce the maximum UDP packet size field in the EDNS0
|
||||
+ header to 1280 bytes. If it then answers, make that
|
||||
+ change permanent.
|
||||
+
|
||||
|
||||
version 2.72
|
||||
Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
|
||||
diff --git a/src/config.h b/src/config.h
|
||||
index 8def6f200461..f75fe9db7081 100644
|
||||
--- a/src/config.h
|
||||
+++ b/src/config.h
|
||||
@@ -19,6 +19,7 @@
|
||||
#define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
|
||||
#define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
|
||||
#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
|
||||
+#define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */
|
||||
#define KEYBLOCK_LEN 40 /* choose to mininise fragmentation when storing DNSSEC keys */
|
||||
#define DNSSEC_WORK 50 /* Max number of queries to validate one question */
|
||||
#define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */
|
||||
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
|
||||
index 824a86009439..ab16f79b3ec9 100644
|
||||
--- a/src/dnsmasq.h
|
||||
+++ b/src/dnsmasq.h
|
||||
@@ -504,7 +504,7 @@ struct server {
|
||||
char interface[IF_NAMESIZE+1];
|
||||
struct serverfd *sfd;
|
||||
char *domain; /* set if this server only handles a domain. */
|
||||
- int flags, tcpfd;
|
||||
+ int flags, tcpfd, edns_pktsz;
|
||||
unsigned int queries, failed_queries;
|
||||
#ifdef HAVE_LOOP
|
||||
u32 uid;
|
||||
@@ -594,6 +594,7 @@ struct hostsfile {
|
||||
#define FREC_DO_QUESTION 64
|
||||
#define FREC_ADDED_PHEADER 128
|
||||
#define FREC_CHECK_NOSIGN 256
|
||||
+#define FREC_TEST_PKTSZ 512
|
||||
|
||||
#ifdef HAVE_DNSSEC
|
||||
#define HASH_SIZE 20 /* SHA-1 digest size */
|
||||
@@ -1148,7 +1149,7 @@ int in_zone(struct auth_zone *zone, char *name, char **cut);
|
||||
#endif
|
||||
|
||||
/* dnssec.c */
|
||||
-size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr);
|
||||
+size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr, int edns_pktsz);
|
||||
int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t n, char *name, char *keyname, int class);
|
||||
int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class);
|
||||
int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer, int *nons);
|
||||
diff --git a/src/dnssec.c b/src/dnssec.c
|
||||
index a9e12153ccf2..e91d7c2cf040 100644
|
||||
--- a/src/dnssec.c
|
||||
+++ b/src/dnssec.c
|
||||
@@ -2162,10 +2162,12 @@ int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
|
||||
}
|
||||
}
|
||||
|
||||
-size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
|
||||
+size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class,
|
||||
+ int type, union mysockaddr *addr, int edns_pktsz)
|
||||
{
|
||||
unsigned char *p;
|
||||
char *types = querystr("dnssec-query", type);
|
||||
+ size_t ret;
|
||||
|
||||
if (addr->sa.sa_family == AF_INET)
|
||||
log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
|
||||
@@ -2194,7 +2196,12 @@ size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, i
|
||||
PUTSHORT(type, p);
|
||||
PUTSHORT(class, p);
|
||||
|
||||
- return add_do_bit(header, p - (unsigned char *)header, end);
|
||||
+ ret = add_do_bit(header, p - (unsigned char *)header, end);
|
||||
+
|
||||
+ if (find_pseudoheader(header, ret, NULL, &p, NULL))
|
||||
+ PUTSHORT(edns_pktsz, p);
|
||||
+
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
/* Go through a domain name, find "pointers" and fix them up based on how many bytes
|
||||
diff --git a/src/forward.c b/src/forward.c
|
||||
index a8e403c4b25e..592243fd4d35 100644
|
||||
--- a/src/forward.c
|
||||
+++ b/src/forward.c
|
||||
@@ -253,6 +253,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
|
||||
void *hash = &crc;
|
||||
#endif
|
||||
unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
|
||||
+ unsigned char *pheader;
|
||||
|
||||
(void)do_bit;
|
||||
|
||||
@@ -261,19 +262,32 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
|
||||
forward = NULL;
|
||||
else if (forward || (hash && (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash))))
|
||||
{
|
||||
+ /* If we didn't get an answer advertising a maximal packet in EDNS,
|
||||
+ fall back to 1280, which should work everywhere on IPv6.
|
||||
+ If that generates an answer, it will become the new default
|
||||
+ for this server */
|
||||
+ forward->flags |= FREC_TEST_PKTSZ;
|
||||
+
|
||||
#ifdef HAVE_DNSSEC
|
||||
/* If we've already got an answer to this query, but we're awaiting keys for validation,
|
||||
there's no point retrying the query, retry the key query instead...... */
|
||||
if (forward->blocking_query)
|
||||
{
|
||||
int fd;
|
||||
-
|
||||
+
|
||||
+ forward->flags &= ~FREC_TEST_PKTSZ;
|
||||
+
|
||||
while (forward->blocking_query)
|
||||
forward = forward->blocking_query;
|
||||
+
|
||||
+ forward->flags |= FREC_TEST_PKTSZ;
|
||||
|
||||
blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
|
||||
plen = forward->stash_len;
|
||||
|
||||
+ if (find_pseudoheader(header, plen, NULL, &pheader, NULL))
|
||||
+ PUTSHORT((forward->flags & FREC_TEST_PKTSZ) ? SAFE_PKTSZ : forward->sentto->edns_pktsz, pheader);
|
||||
+
|
||||
if (forward->sentto->addr.sa.sa_family == AF_INET)
|
||||
log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec");
|
||||
#ifdef HAVE_IPV6
|
||||
@@ -417,7 +431,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
|
||||
plen = new_plen;
|
||||
}
|
||||
#endif
|
||||
-
|
||||
+
|
||||
while (1)
|
||||
{
|
||||
/* only send to servers dealing with our domain.
|
||||
@@ -464,6 +478,9 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
|
||||
}
|
||||
#endif
|
||||
}
|
||||
+
|
||||
+ if (find_pseudoheader(header, plen, NULL, &pheader, NULL))
|
||||
+ PUTSHORT((forward->flags & FREC_TEST_PKTSZ) ? SAFE_PKTSZ : start->edns_pktsz, pheader);
|
||||
|
||||
if (retry_send(sendto(fd, (char *)header, plen, 0,
|
||||
&start->addr.sa,
|
||||
@@ -760,7 +777,6 @@ void reply_query(int fd, int family, time_t now)
|
||||
}
|
||||
|
||||
server = forward->sentto;
|
||||
-
|
||||
if ((forward->sentto->flags & SERV_TYPE) == 0)
|
||||
{
|
||||
if (RCODE(header) == REFUSED)
|
||||
@@ -781,7 +797,12 @@ void reply_query(int fd, int family, time_t now)
|
||||
if (!option_bool(OPT_ALL_SERVERS))
|
||||
daemon->last_server = server;
|
||||
}
|
||||
-
|
||||
+
|
||||
+ /* We tried resending to this server with a smaller maximum size and got an answer.
|
||||
+ Make that permanent. */
|
||||
+ if (server && (forward->flags & FREC_TEST_PKTSZ))
|
||||
+ server->edns_pktsz = SAFE_PKTSZ;
|
||||
+
|
||||
/* If the answer is an error, keep the forward record in place in case
|
||||
we get a good reply from another server. Kill it when we've
|
||||
had replies from all to avoid filling the forwarding table when
|
||||
@@ -890,7 +911,7 @@ void reply_query(int fd, int family, time_t now)
|
||||
{
|
||||
new->flags |= FREC_DNSKEY_QUERY;
|
||||
nn = dnssec_generate_query(header, ((char *) header) + daemon->packet_buff_sz,
|
||||
- daemon->keyname, forward->class, T_DNSKEY, &server->addr);
|
||||
+ daemon->keyname, forward->class, T_DNSKEY, &server->addr, server->edns_pktsz);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -899,7 +920,7 @@ void reply_query(int fd, int family, time_t now)
|
||||
else
|
||||
new->flags |= FREC_DS_QUERY;
|
||||
nn = dnssec_generate_query(header,((char *) header) + daemon->packet_buff_sz,
|
||||
- daemon->keyname, forward->class, T_DS, &server->addr);
|
||||
+ daemon->keyname, forward->class, T_DS, &server->addr, server->edns_pktsz);
|
||||
}
|
||||
if ((hash = hash_questions(header, nn, daemon->namebuff)))
|
||||
memcpy(new->hash, hash, HASH_SIZE);
|
||||
@@ -1526,7 +1547,7 @@ static int tcp_check_for_unsigned_zone(time_t now, struct dns_header *header, s
|
||||
|
||||
/* Can't find it in the cache, have to send a query */
|
||||
|
||||
- m = dnssec_generate_query(header, ((char *) header) + 65536, name_start, class, T_DS, &server->addr);
|
||||
+ m = dnssec_generate_query(header, ((char *) header) + 65536, name_start, class, T_DS, &server->addr, server->edns_pktsz);
|
||||
|
||||
*length = htons(m);
|
||||
|
||||
@@ -1638,7 +1659,7 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
|
||||
|
||||
another_tcp_key:
|
||||
m = dnssec_generate_query(new_header, ((char *) new_header) + 65536, keyname, class,
|
||||
- new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS, &server->addr);
|
||||
+ new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS, &server->addr, server->edns_pktsz);
|
||||
|
||||
*length = htons(m);
|
||||
|
||||
diff --git a/src/network.c b/src/network.c
|
||||
index 992f023c31de..a1d90c876fc1 100644
|
||||
--- a/src/network.c
|
||||
+++ b/src/network.c
|
||||
@@ -1396,6 +1396,7 @@ void add_update_server(int flags,
|
||||
serv->domain = domain_str;
|
||||
serv->next = next;
|
||||
serv->queries = serv->failed_queries = 0;
|
||||
+ serv->edns_pktsz = daemon->edns_pktsz;
|
||||
#ifdef HAVE_LOOP
|
||||
serv->uid = rand32();
|
||||
#endif
|
||||
diff --git a/src/option.c b/src/option.c
|
||||
index f91cfbb1aa54..c7add88de7ac 100644
|
||||
--- a/src/option.c
|
||||
+++ b/src/option.c
|
||||
@@ -4498,15 +4498,19 @@ void read_opts(int argc, char **argv, char *compile_opts)
|
||||
{
|
||||
struct server *tmp;
|
||||
for (tmp = daemon->servers; tmp; tmp = tmp->next)
|
||||
- if (!(tmp->flags & SERV_HAS_SOURCE))
|
||||
- {
|
||||
- if (tmp->source_addr.sa.sa_family == AF_INET)
|
||||
- tmp->source_addr.in.sin_port = htons(daemon->query_port);
|
||||
+ {
|
||||
+ tmp->edns_pktsz = daemon->edns_pktsz;
|
||||
+
|
||||
+ if (!(tmp->flags & SERV_HAS_SOURCE))
|
||||
+ {
|
||||
+ if (tmp->source_addr.sa.sa_family == AF_INET)
|
||||
+ tmp->source_addr.in.sin_port = htons(daemon->query_port);
|
||||
#ifdef HAVE_IPV6
|
||||
- else if (tmp->source_addr.sa.sa_family == AF_INET6)
|
||||
- tmp->source_addr.in6.sin6_port = htons(daemon->query_port);
|
||||
+ else if (tmp->source_addr.sa.sa_family == AF_INET6)
|
||||
+ tmp->source_addr.in6.sin6_port = htons(daemon->query_port);
|
||||
#endif
|
||||
- }
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
if (daemon->if_addrs)
|
||||
diff --git a/src/rfc1035.c b/src/rfc1035.c
|
||||
index 5828055caa5d..8b1709dd3495 100644
|
||||
--- a/src/rfc1035.c
|
||||
+++ b/src/rfc1035.c
|
||||
@@ -552,7 +552,7 @@ static size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned
|
||||
return plen;
|
||||
*p++ = 0; /* empty name */
|
||||
PUTSHORT(T_OPT, p);
|
||||
- PUTSHORT(daemon->edns_pktsz, p); /* max packet length */
|
||||
+ PUTSHORT(SAFE_PKTSZ, p); /* max packet length, this will be overwritten */
|
||||
PUTSHORT(0, p); /* extended RCODE and version */
|
||||
PUTSHORT(set_do ? 0x8000 : 0, p); /* DO flag */
|
||||
lenp = p;
|
||||
@@ -1537,7 +1537,6 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
||||
unsigned short flag;
|
||||
int q, ans, anscount = 0, addncount = 0;
|
||||
int dryrun = 0, sec_reqd = 0, have_pseudoheader = 0;
|
||||
- int is_sign;
|
||||
struct crec *crecp;
|
||||
int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
|
||||
struct mx_srv_record *rec;
|
||||
@@ -1557,28 +1556,19 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
||||
forward rather than answering from the cache, which doesn't include
|
||||
security information, unless we're in DNSSEC validation mode. */
|
||||
|
||||
- if (find_pseudoheader(header, qlen, NULL, &pheader, &is_sign))
|
||||
+ if (find_pseudoheader(header, qlen, NULL, &pheader, NULL))
|
||||
{
|
||||
- unsigned short udpsz, flags;
|
||||
- unsigned char *psave = pheader;
|
||||
-
|
||||
+ unsigned short flags;
|
||||
+
|
||||
have_pseudoheader = 1;
|
||||
|
||||
- GETSHORT(udpsz, pheader);
|
||||
- pheader += 2; /* ext_rcode */
|
||||
+ pheader += 4; /* udp size, ext_rcode */
|
||||
GETSHORT(flags, pheader);
|
||||
|
||||
if ((sec_reqd = flags & 0x8000))
|
||||
*do_bit = 1;/* do bit */
|
||||
- *ad_reqd = 1;
|
||||
-
|
||||
- /* If our client is advertising a larger UDP packet size
|
||||
- than we allow, trim it so that we don't get an overlarge
|
||||
- response from upstream */
|
||||
-
|
||||
- if (!is_sign && (udpsz > daemon->edns_pktsz))
|
||||
- PUTSHORT(daemon->edns_pktsz, psave);
|
||||
|
||||
+ *ad_reqd = 1;
|
||||
dryrun = 1;
|
||||
}
|
||||
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,59 @@
|
||||
From b059c96dc69dfe3055c5b32b078a05c53b11ebb3 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 8 May 2015 20:25:51 +0100
|
||||
Subject: [PATCH 89/98] Check IPv4-mapped IPv6 addresses with --stop-rebind.
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
src/rfc1035.c | 21 +++++++++++++++++----
|
||||
2 files changed, 20 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/CHANGELOG b/CHANGELOG
|
||||
index d8fc57a418bb..94a521f996e2 100644
|
||||
--- a/CHANGELOG
|
||||
+++ b/CHANGELOG
|
||||
@@ -115,6 +115,9 @@ version 2.73
|
||||
header to 1280 bytes. If it then answers, make that
|
||||
change permanent.
|
||||
|
||||
+ Check IPv4-mapped IPv6 addresses when --stop-rebind
|
||||
+ is active. Thanks to Jordan Milne for spotting this.
|
||||
+
|
||||
|
||||
version 2.72
|
||||
Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
|
||||
diff --git a/src/rfc1035.c b/src/rfc1035.c
|
||||
index 8b1709dd3495..5e3f566fdbc5 100644
|
||||
--- a/src/rfc1035.c
|
||||
+++ b/src/rfc1035.c
|
||||
@@ -1117,10 +1117,23 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
|
||||
memcpy(&addr, p1, addrlen);
|
||||
|
||||
/* check for returned address in private space */
|
||||
- if (check_rebind &&
|
||||
- (flags & F_IPV4) &&
|
||||
- private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
|
||||
- return 1;
|
||||
+ if (check_rebind)
|
||||
+ {
|
||||
+ if ((flags & F_IPV4) &&
|
||||
+ private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
|
||||
+ return 1;
|
||||
+
|
||||
+#ifdef HAVE_IPV6
|
||||
+ if ((flags & F_IPV6) &&
|
||||
+ IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6))
|
||||
+ {
|
||||
+ struct in_addr v4;
|
||||
+ v4.s_addr = ((const uint32_t *) (&addr.addr.addr6))[3];
|
||||
+ if (private_net(v4, !option_bool(OPT_LOCAL_REBIND)))
|
||||
+ return 1;
|
||||
+ }
|
||||
+#endif
|
||||
+ }
|
||||
|
||||
#ifdef HAVE_IPSET
|
||||
if (ipsets && (flags & (F_IPV4 | F_IPV6)))
|
||||
--
|
||||
2.1.0
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user