diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index b14ef4775..7bab43e59 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_UPSTREAM_VERSION:=2.85 +PKG_UPSTREAM_VERSION:=2.86 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION))) PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq -PKG_HASH:=ad98d3803df687e5b938080f3d25c628fe41c878752d03fbc6199787fee312fa +PKG_HASH:=28d52cfc9e2004ac4f85274f52b32e1647b4dbc9761b82e7de1e41c49907eb08 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 8f610bff1..96c8788d3 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -173,6 +173,10 @@ append_ipset() { xappend "--ipset=$1" } +append_connmark_allowlist() { + xappend "--connmark-allowlist=$1" +} + append_interface() { network_get_device ifname "$1" || ifname="$1" xappend "--interface=$ifname" @@ -942,6 +946,14 @@ dnsmasq_start() config_list_foreach "$cfg" "rev_server" append_rev_server config_list_foreach "$cfg" "address" append_address config_list_foreach "$cfg" "ipset" append_ipset + + local connmark_allowlist_enable + config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0 + [ "$connmark_allowlist_enable" -gt 0 ] && { + append_parm "$cfg" "connmark_allowlist_enable" "--connmark-allowlist-enable" + config_list_foreach "$cfg" "connmark_allowlist" append_connmark_allowlist + } + [ -n "$BOOT" ] || { config_list_foreach "$cfg" "interface" append_interface config_list_foreach "$cfg" "notinterface" append_notinterface diff --git a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch index b601bce1a..4f8fe4ecb 100644 --- a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch +++ b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch @@ -26,7 +26,7 @@ Signed-off-by: Kevin Darbyshire-Bryant --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -1144,7 +1144,7 @@ extern struct daemon { +@@ -1201,7 +1201,7 @@ extern struct daemon { int inotifyfd; #endif #if defined(HAVE_LINUX_NETWORK) @@ -35,7 +35,7 @@ Signed-off-by: Kevin Darbyshire-Bryant #elif defined(HAVE_BSD_NETWORK) int dhcp_raw_fd, dhcp_icmp_fd, routefd; #endif -@@ -1326,9 +1326,6 @@ int read_write(int fd, unsigned char *pa +@@ -1388,9 +1388,6 @@ int read_write(int fd, unsigned char *pa void close_fds(long max_fd, int spare1, int spare2, int spare3); int wildcard_match(const char* wildcard, const char* match); int wildcard_matchn(const char* wildcard, const char* match, int num); @@ -140,7 +140,7 @@ Signed-off-by: Kevin Darbyshire-Bryant my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno)); --- a/src/util.c +++ b/src/util.c -@@ -786,22 +786,3 @@ int wildcard_matchn(const char* wildcard +@@ -796,22 +796,3 @@ int wildcard_matchn(const char* wildcard return (!num) || (*wildcard == *match); } diff --git a/package/network/services/dnsmasq/patches/910-mini-ttl.patch b/package/network/services/dnsmasq/patches/910-mini-ttl.patch index 88e7bbe38..ac7d17ad0 100644 --- a/package/network/services/dnsmasq/patches/910-mini-ttl.patch +++ b/package/network/services/dnsmasq/patches/910-mini-ttl.patch @@ -1,25 +1,25 @@ --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -1059,7 +1059,7 @@ extern struct daemon { +@@ -1116,7 +1116,7 @@ extern struct daemon { int max_logs; /* queue limit */ int cachesize, ftabsize; int port, query_port, min_port, max_port; - unsigned long local_ttl, neg_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl; + unsigned long local_ttl, neg_ttl, min_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl; char *dns_client_id; - struct hostsfile *addn_hosts; - struct dhcp_context *dhcp, *dhcp6; + u32 umbrella_org; + u32 umbrella_asset; --- a/src/option.c +++ b/src/option.c -@@ -170,6 +170,7 @@ struct myoption { - #define LOPT_PXE_VENDOR 361 - #define LOPT_DYNHOST 362 - #define LOPT_LOG_DEBUG 363 -+#define LOPT_MINTTL 364 +@@ -174,6 +174,7 @@ struct myoption { + #define LOPT_CMARK_ALST_EN 365 + #define LOPT_CMARK_ALST 366 + #define LOPT_QUIET_TFTP 367 ++#define LOPT_MINTTL 368 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = -@@ -288,6 +289,7 @@ static const struct myoption opts[] = +@@ -292,6 +293,7 @@ static const struct myoption opts[] = { "dhcp-name-match", 1, 0, LOPT_NAME_MATCH }, { "dhcp-broadcast", 2, 0, LOPT_BROADCAST }, { "neg-ttl", 1, 0, LOPT_NEGTTL }, @@ -27,7 +27,7 @@ { "max-ttl", 1, 0, LOPT_MAXTTL }, { "min-cache-ttl", 1, 0, LOPT_MINCTTL }, { "max-cache-ttl", 1, 0, LOPT_MAXCTTL }, -@@ -417,6 +419,7 @@ static struct { +@@ -425,6 +427,7 @@ static struct { { 't', ARG_ONE, "", gettext_noop("Specify default target in an MX record."), NULL }, { 'T', ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for replies from /etc/hosts."), NULL }, { LOPT_NEGTTL, ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for negative caching."), NULL }, @@ -35,7 +35,7 @@ { LOPT_MAXTTL, ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL }, { LOPT_MAXCTTL, ARG_ONE, "", gettext_noop("Specify time-to-live ceiling for cache."), NULL }, { LOPT_MINCTTL, ARG_ONE, "", gettext_noop("Specify time-to-live floor for cache."), NULL }, -@@ -2835,6 +2838,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma +@@ -3047,6 +3050,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma case 'T': /* --local-ttl */ case LOPT_NEGTTL: /* --neg-ttl */ @@ -43,7 +43,7 @@ case LOPT_MAXTTL: /* --max-ttl */ case LOPT_MINCTTL: /* --min-cache-ttl */ case LOPT_MAXCTTL: /* --max-cache-ttl */ -@@ -2846,6 +2850,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma +@@ -3058,6 +3062,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma ret_err(gen_err); else if (option == LOPT_NEGTTL) daemon->neg_ttl = (unsigned long)ttl; @@ -54,49 +54,49 @@ else if (option == LOPT_MINCTTL) --- a/src/rfc1035.c +++ b/src/rfc1035.c -@@ -606,6 +606,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t - for (j = 0; j < ntohs(header->ancount); j++) - { - int secflag = 0; -+ unsigned long mttl = 0; - unsigned char *tmp = namep; - /* the loop body overwrites the original name, so get it back here. */ - if (!extract_name(header, qlen, &tmp, name, 1, 0) || -@@ -616,6 +617,14 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t - GETSHORT(aqclass, p1); - GETLONG(attl, p1); - if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign) -+ { -+ mttl = daemon->max_ttl; -+ } -+ if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign) -+ { -+ mttl = daemon->min_ttl; -+ } -+ if (mttl != 0) - { - (p1) -= 4; - PUTLONG(daemon->max_ttl, p1); -@@ -704,6 +713,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t +@@ -607,6 +607,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t for (j = 0; j < ntohs(header->ancount); j++) { int secflag = 0; + unsigned long mttl = 0; - if (!(res = extract_name(header, qlen, &p1, name, 0, 10))) return 0; /* bad packet */ -@@ -712,6 +722,14 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t - GETSHORT(aqclass, p1); + +@@ -615,6 +616,14 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t GETLONG(attl, p1); + if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign) -+ { -+ mttl = daemon->max_ttl; -+ } -+ if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign) -+ { -+ mttl = daemon->min_ttl; -+ } -+ if (mttl != 0) ++ { ++ mttl = daemon->max_ttl; ++ } ++ if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign) ++ { ++ mttl = daemon->min_ttl; ++ } ++ if (mttl != 0) { (p1) -= 4; PUTLONG(daemon->max_ttl, p1); +@@ -722,6 +731,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t + for (j = 0; j < ntohs(header->ancount); j++) + { + int secflag = 0; ++ unsigned long mttl = 0; + + if (!(res = extract_name(header, qlen, &p1, name, 0, 10))) + return 0; /* bad packet */ +@@ -730,6 +740,14 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t + GETSHORT(aqclass, p1); + GETLONG(attl, p1); + if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign) ++ { ++ mttl = daemon->max_ttl; ++ } ++ if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign) ++ { ++ mttl = daemon->min_ttl; ++ } ++ if (mttl != 0) + { + (p1) -= 4; + PUTLONG(daemon->max_ttl, p1); diff --git a/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch b/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch index 42f69957b..82ba913d9 100644 --- a/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch +++ b/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch @@ -11,45 +11,45 @@ Subject: [PATCH] add filter-aaaa option --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -270,7 +270,8 @@ struct event_desc { - #define OPT_SINGLE_PORT 60 - #define OPT_LEASE_RENEW 61 - #define OPT_LOG_DEBUG 62 --#define OPT_LAST 63 -+#define OPT_FILTER_AAAA 63 -+#define OPT_LAST 64 +@@ -275,7 +275,8 @@ struct event_desc { + #define OPT_UMBRELLA_DEVID 64 + #define OPT_CMARK_ALST_EN 65 + #define OPT_QUIET_TFTP 66 +-#define OPT_LAST 67 ++#define OPT_FILTER_AAAA 67 ++#define OPT_LAST 68 #define OPTION_BITS (sizeof(unsigned int)*8) #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) ) --- a/src/option.c +++ b/src/option.c -@@ -171,6 +171,7 @@ struct myoption { - #define LOPT_DYNHOST 362 - #define LOPT_LOG_DEBUG 363 - #define LOPT_MINTTL 364 -+#define LOPT_FILTER_AAAA 365 +@@ -175,6 +175,7 @@ struct myoption { + #define LOPT_CMARK_ALST 366 + #define LOPT_QUIET_TFTP 367 + #define LOPT_MINTTL 368 ++#define LOPT_FILTER_AAAA 369 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = -@@ -347,6 +348,7 @@ static const struct myoption opts[] = - { "dhcp-ignore-clid", 0, 0, LOPT_IGNORE_CLID }, - { "dynamic-host", 1, 0, LOPT_DYNHOST }, +@@ -355,6 +356,7 @@ static const struct myoption opts[] = { "log-debug", 0, 0, LOPT_LOG_DEBUG }, + { "umbrella", 2, 0, LOPT_UMBRELLA }, + { "quiet-tftp", 0, 0, LOPT_QUIET_TFTP }, + { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA }, { NULL, 0, 0, 0 } }; -@@ -530,6 +532,7 @@ static struct { - { LOPT_DUMPFILE, ARG_ONE, "", gettext_noop("Path to debug packet dump file"), NULL }, - { LOPT_DUMPMASK, ARG_ONE, "", gettext_noop("Mask which packets to dump"), NULL }, +@@ -542,6 +544,7 @@ static struct { { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL }, + { LOPT_UMBRELLA, ARG_ONE, "[=]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL }, + { LOPT_QUIET_TFTP, OPT_QUIET_TFTP, NULL, gettext_noop("Do not log routine TFTP."), NULL }, + { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL }, { 0, 0, NULL, NULL, NULL } }; --- a/src/rfc1035.c +++ b/src/rfc1035.c -@@ -1913,6 +1913,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, +@@ -2005,6 +2005,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, } }