From b95ffef87f059369648ce5d087b599a6b3c4fbec Mon Sep 17 00:00:00 2001
From: AmadeusGhost <42570690+AmadeusGhost@users.noreply.github.com>
Date: Wed, 27 Jan 2021 17:12:30 +0800
Subject: [PATCH] Revert "dnsmasq: force sync with official code" (#6266)

Fixes: 9170d18d0da78b7e70b9f45d0bf7771feee90a25 ("dnsmasq: Update to 2.84test3")
---
 package/network/services/dnsmasq/Makefile     | 11 ++-
 .../network/services/dnsmasq/files/dhcp.conf  |  2 +-
 .../services/dnsmasq/files/dnsmasq.init       |  2 +
 .../dnsmasq/files/dnsmasqsec_hotplug_acl.json |  8 --
 .../dnsmasq/patches/900-filter-aaaa.patch     | 74 +++++++++++++++++++
 5 files changed, 82 insertions(+), 15 deletions(-)
 delete mode 100644 package/network/services/dnsmasq/files/dnsmasqsec_hotplug_acl.json
 create mode 100644 package/network/services/dnsmasq/patches/900-filter-aaaa.patch

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index 2e404dfef..0f27ab7c7 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -100,22 +100,22 @@ define Package/dnsmasq-full/config
 	config PACKAGE_dnsmasq_full_dhcpv6
 		bool "Build with DHCPv6 support."
 		depends on IPV6 && PACKAGE_dnsmasq_full_dhcp
-		default y
+		default n
 	config PACKAGE_dnsmasq_full_dnssec
 		bool "Build with DNSSEC support."
-		default y
+		default n
 	config PACKAGE_dnsmasq_full_auth
 		bool "Build with the facility to act as an authoritative DNS server."
-		default y
+		default n
 	config PACKAGE_dnsmasq_full_ipset
 		bool "Build with IPset support."
 		default y
 	config PACKAGE_dnsmasq_full_conntrack
 		bool "Build with Conntrack support."
-		default y
+		default n
 	config PACKAGE_dnsmasq_full_noid
 		bool "Build with NO_ID. (hide *.bind pseudo domain)"
-		default y
+		default n
 	config PACKAGE_dnsmasq_full_broken_rtc
 		bool "Build with HAVE_BROKEN_RTC."
 		default n
@@ -180,7 +180,6 @@ define Package/dnsmasq/install
 	$(INSTALL_BIN) ./files/dhcp-script.sh $(1)/usr/lib/dnsmasq/dhcp-script.sh
 	$(INSTALL_DIR) $(1)/usr/share/acl.d
 	$(INSTALL_DATA) ./files/dnsmasq_acl.json $(1)/usr/share/acl.d/
-	$(INSTALL_DATA) ./files/dnsmasqsec_hotplug_acl.json $(1)/usr/share/acl.d/
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) ./files/50-dnsmasq-migrate-resolv-conf-auto.sh $(1)/etc/uci-defaults
 endef
diff --git a/package/network/services/dnsmasq/files/dhcp.conf b/package/network/services/dnsmasq/files/dhcp.conf
index 8c42ef782..5acaa7d8e 100644
--- a/package/network/services/dnsmasq/files/dhcp.conf
+++ b/package/network/services/dnsmasq/files/dhcp.conf
@@ -20,7 +20,7 @@ config dnsmasq
 	#list notinterface	lo
 	#list bogusnxdomain     '64.94.110.11'
 	option localservice	1  # disable to allow DNS requests from non-local subnets
-	option ednspacket_max	1232
+	option filter_aaaa	1
 
 config dhcp lan
 	option interface	lan
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 680e72f9e..8f3b429b1 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -896,6 +896,8 @@ dnsmasq_start()
 	append_bool "$cfg" rapidcommit "--dhcp-rapid-commit"
 	append_bool "$cfg" scriptarp "--script-arp"
 
+	append_bool "$cfg" filter_aaaa "--filter-aaaa"
+
 	append_parm "$cfg" logfacility "--log-facility"
 
 	append_parm "$cfg" cachesize "--cache-size"
diff --git a/package/network/services/dnsmasq/files/dnsmasqsec_hotplug_acl.json b/package/network/services/dnsmasq/files/dnsmasqsec_hotplug_acl.json
deleted file mode 100644
index 861ecbe03..000000000
--- a/package/network/services/dnsmasq/files/dnsmasqsec_hotplug_acl.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-	"user": "ntp",
-	"access": {
-		"service": {
-			"methods": [ "signal" ]
-		}
-	}
-}
diff --git a/package/network/services/dnsmasq/patches/900-filter-aaaa.patch b/package/network/services/dnsmasq/patches/900-filter-aaaa.patch
new file mode 100644
index 000000000..15c063e26
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/900-filter-aaaa.patch
@@ -0,0 +1,74 @@
+From 966471712184cfb3b067f2ae8dad9d8e2a896cae Mon Sep 17 00:00:00 2001
+From: Bearice Ren <bearice@icybear.net>
+Date: Tue, 20 Sep 2016 11:52:08 +0800
+Subject: [PATCH] add filter-aaaa option
+
+---
+ src/dnsmasq.h | 3 ++-
+ src/option.c  | 3 +++
+ src/rfc1035.c | 9 +++++++++
+ 3 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index f53e9a5..e9617a6 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -269,7 +269,8 @@
+ #define OPT_IGNORE_CLID    59
+ #define OPT_SINGLE_PORT    60
+ #define OPT_LEASE_RENEW    61
+-#define OPT_LAST           62
++#define OPT_FILTER_AAAA    62
++#define OPT_LAST           63
+ 
+ #define OPTION_BITS (sizeof(unsigned int)*8)
+ #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
+diff --git a/src/option.c b/src/option.c
+index 44b1dc5..f954d7f 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -168,6 +168,7 @@ struct myoption {
+ #define LOPT_SINGLE_PORT   359
+ #define LOPT_SCRIPT_TIME   360
+ #define LOPT_PXE_VENDOR    361
++#define LOPT_FILTER_AAAA   362
+  
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =  
+@@ -341,6 +342,7 @@ static const struct myoption opts[] =
+     { "dumpfile", 1, 0, LOPT_DUMPFILE },
+     { "dumpmask", 1, 0, LOPT_DUMPMASK },
+     { "dhcp-ignore-clid", 0, 0,  LOPT_IGNORE_CLID },
++    { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA },
+     { NULL, 0, 0, 0 }
+   };
+ 
+@@ -521,6 +523,7 @@ static struct {
+   { LOPT_DUMPFILE, ARG_ONE, "<path>", gettext_noop("Path to debug packet dump file"), NULL },
+   { LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which packets to dump"), NULL },
+   { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
++  { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL },
+   { 0, 0, NULL, NULL, NULL }
+ }; 
+ 
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 6290f22..b67b169 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1908,6 +1908,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ 	    }
+ 	}
+ 
++      /* patch to filter aaaa forwards */
++      if (qtype == T_AAAA && option_bool(OPT_FILTER_AAAA))
++        {
++          /* return a null reply */
++          ans = 1;
++          if (!dryrun)
++            log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
++          break;
++        }
++
+       if (!ans)
+ 	return 0; /* failed to answer a question */
+     }