298977887/lede
1
0
Fork 0
mirror of https://github.com/coolsnowwolf/lede.git synced 2025-04-16 14:23:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

dnsmasq: Update to 2.84test3 (#6259)

Browse Source
This commit is contained in:
Beginner 2021-01-26 18:38:30 +08:00 committed by GitHub
parent d75d45a145
commit 9170d18d0d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 55 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
package/network/services/dnsmasq/Makefile
View File

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.84rc2
PKG_UPSTREAM_VERSION:=2.84test3
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates
PKG_HASH:=e76ff2e75da4ce5191c89e7393de218c75732a5feb454ed43b320eb17dd66581
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases
PKG_HASH:=20d1109c991ca08778ea20322b8f3245f2e974688d494b59b2e6ae096ec592b1
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
@ -100,22 +100,22 @@ define Package/dnsmasq-full/config
config PACKAGE_dnsmasq_full_dhcpv6
bool "Build with DHCPv6 support."
depends on IPV6 && PACKAGE_dnsmasq_full_dhcp
default n
default y
config PACKAGE_dnsmasq_full_dnssec
bool "Build with DNSSEC support."
default n
default y
config PACKAGE_dnsmasq_full_auth
bool "Build with the facility to act as an authoritative DNS server."
default n
default y
config PACKAGE_dnsmasq_full_ipset
bool "Build with IPset support."
default y
config PACKAGE_dnsmasq_full_conntrack
bool "Build with Conntrack support."
default n
default y
config PACKAGE_dnsmasq_full_noid
bool "Build with NO_ID. (hide *.bind pseudo domain)"
default n
default y
config PACKAGE_dnsmasq_full_broken_rtc
bool "Build with HAVE_BROKEN_RTC."
default n
@ -172,7 +172,7 @@ define Package/dnsmasq/install
$(INSTALL_DIR) $(1)/etc/hotplug.d/neigh
$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp
$(INSTALL_DIR) $(1)/etc/hotplug.d/tftp
$(INSTALL_CONF) ./files/dnsmasqsec.hotplug $(1)/etc/hotplug.d/ntp/25-dnsmasqsec
$(INSTALL_DATA) ./files/dnsmasqsec.hotplug $(1)/etc/hotplug.d/ntp/25-dnsmasqsec
$(INSTALL_DIR) $(1)/usr/share/dnsmasq
$(INSTALL_CONF) ./files/dhcpbogushostname.conf $(1)/usr/share/dnsmasq/
$(INSTALL_CONF) ./files/rfc6761.conf $(1)/usr/share/dnsmasq/
@ -180,6 +180,7 @@ define Package/dnsmasq/install
$(INSTALL_BIN) ./files/dhcp-script.sh $(1)/usr/lib/dnsmasq/dhcp-script.sh
$(INSTALL_DIR) $(1)/usr/share/acl.d
$(INSTALL_DATA) ./files/dnsmasq_acl.json $(1)/usr/share/acl.d/
$(INSTALL_DATA) ./files/dnsmasqsec_hotplug_acl.json $(1)/usr/share/acl.d/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/50-dnsmasq-migrate-resolv-conf-auto.sh $(1)/etc/uci-defaults
endef

2
package/network/services/dnsmasq/files/dhcp.conf
View File

@ -20,7 +20,7 @@ config dnsmasq
#list notinterface lo
#list bogusnxdomain '64.94.110.11'
option localservice 1 # disable to allow DNS requests from non-local subnets
option filter_aaaa 1
option ednspacket_max 1232
config dhcp lan
option interface lan

40
package/network/services/dnsmasq/files/dnsmasq.init
View File

@ -42,9 +42,14 @@ dnsmasq_ignore_opt() {
bootp-*|\
pxe-*)
[ -z "$dnsmasq_has_dhcp" ] ;;
dnssec-*|\
dnssec*|\
trust-anchor)
[ -z "$dnsmasq_has_dnssec" ] ;;
if [ -z "$dnsmasq_has_dnssec" ]; then
echo "dnsmasq: \"$opt\" requested, but dnssec support is not available" >&2
exit 1
fi
return 1
;;
tftp-*)
[ -z "$dnsmasq_has_tftp" ] ;;
ipset)
@ -764,6 +769,29 @@ dhcp_relay_add() {
fi
}
dnsmasq_ipset_add() {
local cfg="$1"
local ipsets domains
add_ipset() {
ipsets="${ipsets:+$ipsets,}$1"
}
add_domain() {
# leading '/' is expected
domains="$domains/$1"
}
config_list_foreach "$cfg" "name" add_ipset
config_list_foreach "$cfg" "domain" add_domain
if [ -z "$ipsets" ] || [ -z "$domains" ]; then
return 0
fi
xappend "--ipset=$domains/$ipsets"
}
dnsmasq_start()
{
local cfg="$1"
@ -868,8 +896,6 @@ dnsmasq_start()
append_bool "$cfg" rapidcommit "--dhcp-rapid-commit"
append_bool "$cfg" scriptarp "--script-arp"
append_bool "$cfg" filter_aaaa "--filter-aaaa"
append_parm "$cfg" logfacility "--log-facility"
append_parm "$cfg" cachesize "--cache-size"
@ -902,6 +928,7 @@ dnsmasq_start()
append_parm "$cfg" "min_cache_ttl" "--min-cache-ttl"
append_parm "$cfg" "max_cache_ttl" "--max-cache-ttl"
append_parm "$cfg" "pxe_prompt" "--pxe-prompt"
append_parm "$cfg" "tftp_unique_root" "--tftp-unique-root"
config_list_foreach "$cfg" "pxe_service" append_pxe_service
config_get DOMAIN "$cfg" domain
@ -1052,6 +1079,10 @@ dnsmasq_start()
config_foreach filter_dnsmasq cname dhcp_cname_add "$cfg"
echo >> $CONFIGFILE_TMP
echo >> $CONFIGFILE_TMP
config_foreach filter_dnsmasq ipset dnsmasq_ipset_add "$cfg"
echo >> $CONFIGFILE_TMP
echo >> $CONFIGFILE_TMP
mv -f $CONFIGFILE_TMP $CONFIGFILE
mv -f $HOSTFILE_TMP $HOSTFILE
@ -1062,6 +1093,7 @@ dnsmasq_start()
echo "search $DOMAIN" >> /tmp/resolv.conf
}
DNS_SERVERS="$DNS_SERVERS 127.0.0.1"
[ -e /proc/sys/net/ipv6 ] && DNS_SERVERS="$DNS_SERVERS ::1"
for DNS_SERVER in $DNS_SERVERS ; do
echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf
done

8
package/network/services/dnsmasq/files/dnsmasqsec_hotplug_acl.json Normal file
View File

@ -0,0 +1,8 @@
{
"user": "ntp",
"access": {
"service": {
"methods": [ "signal" ]
}
}
}

74
package/network/services/dnsmasq/patches/900-filter-aaaa.patch
View File

@ -1,74 +0,0 @@
From 966471712184cfb3b067f2ae8dad9d8e2a896cae Mon Sep 17 00:00:00 2001
From: Bearice Ren <bearice@icybear.net>
Date: Tue, 20 Sep 2016 11:52:08 +0800
Subject: [PATCH] add filter-aaaa option
---
src/dnsmasq.h | 3 ++-
src/option.c | 3 +++
src/rfc1035.c | 9 +++++++++
3 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index f53e9a5..e9617a6 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -269,7 +269,8 @@
#define OPT_IGNORE_CLID 59
#define OPT_SINGLE_PORT 60
#define OPT_LEASE_RENEW 61
-#define OPT_LAST 62
+#define OPT_FILTER_AAAA 62
+#define OPT_LAST 63
#define OPTION_BITS (sizeof(unsigned int)*8)
#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
diff --git a/src/option.c b/src/option.c
index 44b1dc5..f954d7f 100644
--- a/src/option.c
+++ b/src/option.c
@@ -168,6 +168,7 @@ struct myoption {
#define LOPT_SINGLE_PORT 359
#define LOPT_SCRIPT_TIME 360
#define LOPT_PXE_VENDOR 361
+#define LOPT_FILTER_AAAA 362
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
@@ -341,6 +342,7 @@ static const struct myoption opts[] =
{ "dumpfile", 1, 0, LOPT_DUMPFILE },
{ "dumpmask", 1, 0, LOPT_DUMPMASK },
{ "dhcp-ignore-clid", 0, 0, LOPT_IGNORE_CLID },
+ { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA },
{ NULL, 0, 0, 0 }
};
@@ -521,6 +523,7 @@ static struct {
{ LOPT_DUMPFILE, ARG_ONE, "<path>", gettext_noop("Path to debug packet dump file"), NULL },
{ LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which packets to dump"), NULL },
{ LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
+ { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL },
{ 0, 0, NULL, NULL, NULL }
};
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 6290f22..b67b169 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1908,6 +1908,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
}
}
+ /* patch to filter aaaa forwards */
+ if (qtype == T_AAAA && option_bool(OPT_FILTER_AAAA))
+ {
+ /* return a null reply */
+ ans = 1;
+ if (!dryrun)
+ log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
+ break;
+ }
+
if (!ans)
return 0; /* failed to answer a question */
}