Revert "dnsmasq: force sync with official code" (#6266)

Fixes: 9170d18d0d ("dnsmasq: Update to 2.84test3")
2025-04-16 14:23:38 +00:00 · 2021-01-27 17:12:30 +08:00 · 2021-01-27 17:12:30 +08:00 · b95ffef87f
commit b95ffef87f
parent 6ee0262477
5 changed files with 82 additions and 15 deletions
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@ -100,22 +100,22 @@ define Package/dnsmasq-full/config
 	config PACKAGE_dnsmasq_full_dhcpv6
 		bool "Build with DHCPv6 support."
 		depends on IPV6 && PACKAGE_dnsmasq_full_dhcp
-		default y
+		default n
 	config PACKAGE_dnsmasq_full_dnssec
 		bool "Build with DNSSEC support."
-		default y
+		default n
 	config PACKAGE_dnsmasq_full_auth
 		bool "Build with the facility to act as an authoritative DNS server."
-		default y
+		default n
 	config PACKAGE_dnsmasq_full_ipset
 		bool "Build with IPset support."
 		default y
 	config PACKAGE_dnsmasq_full_conntrack
 		bool "Build with Conntrack support."
-		default y
+		default n
 	config PACKAGE_dnsmasq_full_noid
 		bool "Build with NO_ID. (hide *.bind pseudo domain)"
-		default y
+		default n
 	config PACKAGE_dnsmasq_full_broken_rtc
 		bool "Build with HAVE_BROKEN_RTC."
 		default n
@ -180,7 +180,6 @@ define Package/dnsmasq/install
 	$(INSTALL_BIN) ./files/dhcp-script.sh $(1)/usr/lib/dnsmasq/dhcp-script.sh
 	$(INSTALL_DIR) $(1)/usr/share/acl.d
 	$(INSTALL_DATA) ./files/dnsmasq_acl.json $(1)/usr/share/acl.d/
-	$(INSTALL_DATA) ./files/dnsmasqsec_hotplug_acl.json $(1)/usr/share/acl.d/
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) ./files/50-dnsmasq-migrate-resolv-conf-auto.sh $(1)/etc/uci-defaults
 endef
--- a/package/network/services/dnsmasq/files/dhcp.conf
+++ b/package/network/services/dnsmasq/files/dhcp.conf
@ -20,7 +20,7 @@ config dnsmasq
 	#list notinterface	lo
 	#list bogusnxdomain     '64.94.110.11'
 	option localservice	1  # disable to allow DNS requests from non-local subnets
-	option ednspacket_max	1232
+	option filter_aaaa	1

 config dhcp lan
 	option interface	lan
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@ -896,6 +896,8 @@ dnsmasq_start()
 	append_bool "$cfg" rapidcommit "--dhcp-rapid-commit"
 	append_bool "$cfg" scriptarp "--script-arp"

+	append_bool "$cfg" filter_aaaa "--filter-aaaa"
+
 	append_parm "$cfg" logfacility "--log-facility"

 	append_parm "$cfg" cachesize "--cache-size"
--- a/package/network/services/dnsmasq/files/dnsmasqsec_hotplug_acl.json
+++ b/package/network/services/dnsmasq/files/dnsmasqsec_hotplug_acl.json
@ -1,8 +0,0 @@
-{
-	"user": "ntp",
-	"access": {
-		"service": {
-			"methods": [ "signal" ]
-		}
-	}
-}
--- a/package/network/services/dnsmasq/patches/900-filter-aaaa.patch
+++ b/package/network/services/dnsmasq/patches/900-filter-aaaa.patch
@ -0,0 +1,74 @@
+From 966471712184cfb3b067f2ae8dad9d8e2a896cae Mon Sep 17 00:00:00 2001
+From: Bearice Ren <bearice@icybear.net>
+Date: Tue, 20 Sep 2016 11:52:08 +0800
+Subject: [PATCH] add filter-aaaa option
+
+---
+ src/dnsmasq.h | 3 ++-
+ src/option.c  | 3 +++
+ src/rfc1035.c | 9 +++++++++
+ 3 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index f53e9a5..e9617a6 100644
+--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
+@@ -269,7 +269,8 @@
+ #define OPT_IGNORE_CLID    59
+ #define OPT_SINGLE_PORT    60
+ #define OPT_LEASE_RENEW    61
+-#define OPT_LAST           62
+#define OPT_FILTER_AAAA    62
+#define OPT_LAST           63
+ 
+ #define OPTION_BITS (sizeof(unsigned int)*8)
+ #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
+diff --git a/src/option.c b/src/option.c
+index 44b1dc5..f954d7f 100644
+--- a/src/option.c
+++ b/src/option.c
+@@ -168,6 +168,7 @@ struct myoption {
+ #define LOPT_SINGLE_PORT   359
+ #define LOPT_SCRIPT_TIME   360
+ #define LOPT_PXE_VENDOR    361
+#define LOPT_FILTER_AAAA   362
+  
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =  
+@@ -341,6 +342,7 @@ static const struct myoption opts[] =
+     { "dumpfile", 1, 0, LOPT_DUMPFILE },
+     { "dumpmask", 1, 0, LOPT_DUMPMASK },
+     { "dhcp-ignore-clid", 0, 0,  LOPT_IGNORE_CLID },
+    { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA },
+     { NULL, 0, 0, 0 }
+   };
+ 
+@@ -521,6 +523,7 @@ static struct {
+   { LOPT_DUMPFILE, ARG_ONE, "<path>", gettext_noop("Path to debug packet dump file"), NULL },
+   { LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which packets to dump"), NULL },
+   { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
+  { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL },
+   { 0, 0, NULL, NULL, NULL }
+ }; 
+ 
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 6290f22..b67b169 100644
+--- a/src/rfc1035.c
+++ b/src/rfc1035.c
+@@ -1908,6 +1908,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ 	    }
+ 	}
+ 
+      /* patch to filter aaaa forwards */
+      if (qtype == T_AAAA && option_bool(OPT_FILTER_AAAA))
+        {
+          /* return a null reply */
+          ans = 1;
+          if (!dryrun)
+            log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
+          break;
+        }
+
+       if (!ans)
+ 	return 0; /* failed to answer a question */
+     }