[PATCH] dnsmasq: bump to 2.80test2

Kevin Darbyshire-Bryant ldir at darbyshire-bryant.me.uk
Mon May 7 04:17:33 PDT 2018


Refresh patches and backport:

Be persistent with broken-upstream-DNSSEC warnings.
Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip are set.
Add logging for DNS error returns from upstream and local configuration.

Compile & run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
---
 package/network/services/dnsmasq/Makefile          |   8 +-
 ...tent-with-broken-upstream-DNSSEC-warnings.patch |  26 +++
 ...oken-ness-when-no-ping-AND-dhcp-sequentia.patch |  35 ++++
 ...-for-DNS-error-returns-from-upstream-and-.patch | 184 +++++++++++++++++++++
 .../services/dnsmasq/patches/240-ubus.patch        |   8 +-
 5 files changed, 253 insertions(+), 8 deletions(-)
 create mode 100644 package/network/services/dnsmasq/patches/0001-Be-persistent-with-broken-upstream-DNSSEC-warnings.patch
 create mode 100644 package/network/services/dnsmasq/patches/0002-Fix-DHCP-broken-ness-when-no-ping-AND-dhcp-sequentia.patch
 create mode 100644 package/network/services/dnsmasq/patches/0003-Add-logging-for-DNS-error-returns-from-upstream-and-.patch

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index b6502bf5d0..7fa61ad04f 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
-PKG_VERSION:=2.79
-PKG_RELEASE:=3
+PKG_VERSION:=2.80test2
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/
-PKG_HASH:=78ad74f5ca14fd85a8bac93f764cd9d60b27579e90eabd3687ca7b030e67861f
+PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases
+PKG_HASH:=e731666094699afcbad947f89f7f8afbf92e5ddc3c915459d4936159d81116f0
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
diff --git a/package/network/services/dnsmasq/patches/0001-Be-persistent-with-broken-upstream-DNSSEC-warnings.patch b/package/network/services/dnsmasq/patches/0001-Be-persistent-with-broken-upstream-DNSSEC-warnings.patch
new file mode 100644
index 0000000000..beeb15435c
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/0001-Be-persistent-with-broken-upstream-DNSSEC-warnings.patch
@@ -0,0 +1,26 @@
+From f84e674d8aa2316fea8d2145a40fcef0441e3856 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon at thekelleys.org.uk>
+Date: Fri, 4 May 2018 16:29:57 +0100
+Subject: [PATCH 1/3] Be persistent with broken-upstream-DNSSEC warnings.
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
+---
+ src/dnssec.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -876,12 +876,7 @@ int dnssec_validate_ds(time_t now, struc
+   
+   if (rc == STAT_INSECURE)
+     {
+-      static int reported = 0;
+-      if (!reported)
+-	{
+-	  reported = 1;
+-	  my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS servers support DNSSEC?"));
+-	}
++      my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS servers support DNSSEC?"));
+       rc = STAT_BOGUS;
+     }
+   
diff --git a/package/network/services/dnsmasq/patches/0002-Fix-DHCP-broken-ness-when-no-ping-AND-dhcp-sequentia.patch b/package/network/services/dnsmasq/patches/0002-Fix-DHCP-broken-ness-when-no-ping-AND-dhcp-sequentia.patch
new file mode 100644
index 0000000000..eb15113857
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/0002-Fix-DHCP-broken-ness-when-no-ping-AND-dhcp-sequentia.patch
@@ -0,0 +1,35 @@
+From 0669ee7a69a004ce34fed41e50aa575f8e04427b Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon at thekelleys.org.uk>
+Date: Fri, 4 May 2018 16:46:24 +0100
+Subject: [PATCH 2/3] Fix DHCP broken-ness when --no-ping AND
+ --dhcp-sequential-ip are set.
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
+---
+ CHANGELOG  | 3 ++-
+ src/dhcp.c | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -14,7 +14,8 @@ version 2.80
+         when the upstream namesevers do not support DNSSEC, and in this
+         case no DNSSEC validation at all is occuring.
+ 
+-
++        Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip
++	are set. Thanks to Daniel Miess for help with this.
+ 
+ 
+ version 2.79
+--- a/src/dhcp.c
++++ b/src/dhcp.c
+@@ -678,7 +678,7 @@ struct ping_result *do_icmp_ping(time_t
+   if ((count >= max) || option_bool(OPT_NO_PING) || loopback)
+     {
+       /* overloaded, or configured not to check, loopback interface, return "not in use" */
+-      dummy.hash = 0;
++      dummy.hash = hash;
+       return &dummy;
+     }
+   else if (icmp_ping(addr))
diff --git a/package/network/services/dnsmasq/patches/0003-Add-logging-for-DNS-error-returns-from-upstream-and-.patch b/package/network/services/dnsmasq/patches/0003-Add-logging-for-DNS-error-returns-from-upstream-and-.patch
new file mode 100644
index 0000000000..638d576ce2
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/0003-Add-logging-for-DNS-error-returns-from-upstream-and-.patch
@@ -0,0 +1,184 @@
+From 07ed585c38d8f7c0a18470d2e79cf46ea92ea96a Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon at thekelleys.org.uk>
+Date: Fri, 4 May 2018 21:52:22 +0100
+Subject: [PATCH 3/3] Add logging for DNS error returns from upstream and local
+ configuration.
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
+---
+ src/cache.c   | 13 +++++++++++++
+ src/dnsmasq.h |  7 ++++++-
+ src/forward.c | 25 +++++++++++++++++++------
+ src/rfc1035.c | 19 ++++++++++++++-----
+ 4 files changed, 52 insertions(+), 12 deletions(-)
+
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -1598,6 +1598,19 @@ void log_query(unsigned int flags, char
+     {
+       if (flags & F_KEYTAG)
+ 	sprintf(daemon->addrbuff, arg, addr->addr.log.keytag, addr->addr.log.algo, addr->addr.log.digest);
++      else if (flags & F_RCODE)
++	{
++	  unsigned int rcode = addr->addr.rcode.rcode;
++
++	   if (rcode == SERVFAIL)
++	     dest = "SERVFAIL";
++	   else if (rcode == REFUSED)
++	     dest = "REFUSED";
++	   else if (rcode == NOTIMP)
++	     dest = "not implemented";
++	   else
++	     sprintf(daemon->addrbuff, "%u", rcode);
++	}
+       else
+ 	{
+ #ifdef HAVE_IPV6
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -268,7 +268,11 @@ struct all_addr {
+     /* for log_query */
+     struct {
+       unsigned short keytag, algo, digest;
+-    } log; 
++    } log;
++    /* for log_query */
++    struct {
++      unsigned int rcode;
++    } rcode;
+     /* for cache_insert of DNSKEY, DS */
+     struct {
+       unsigned short class, type;
+@@ -459,6 +463,7 @@ struct crec {
+ #define F_IPSET     (1u<<26)
+ #define F_NOEXTRA   (1u<<27)
+ #define F_SERVFAIL  (1u<<28)
++#define F_RCODE     (1u<<29)
+ 
+ /* Values of uid in crecs with F_CONFIG bit set. */
+ #define SRC_INTERFACE 0
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -563,6 +563,7 @@ static size_t process_reply(struct dns_h
+   unsigned char *pheader, *sizep;
+   char **sets = 0;
+   int munged = 0, is_sign;
++  unsigned int rcode = RCODE(header);
+   size_t plen; 
+   
+   (void)ad_reqd;
+@@ -593,6 +594,9 @@ static size_t process_reply(struct dns_h
+   
+   if ((pheader = find_pseudoheader(header, n, &plen, &sizep, &is_sign, NULL)))
+     {
++      /* Get extended RCODE. */
++      rcode |= sizep[2] << 4;
++
+       if (check_subnet && !check_source(header, plen, pheader, query_source))
+ 	{
+ 	  my_syslog(LOG_WARNING, _("discarding DNS reply: subnet option mismatch"));
+@@ -641,11 +645,20 @@ static size_t process_reply(struct dns_h
+   if (!is_sign && !option_bool(OPT_DNSSEC_PROXY))
+      header->hb4 &= ~HB4_AD;
+   
+-  if (OPCODE(header) != QUERY || (RCODE(header) != NOERROR && RCODE(header) != NXDOMAIN))
++  if (OPCODE(header) != QUERY)
+     return resize_packet(header, n, pheader, plen);
++
++  if (rcode != NOERROR && rcode != NXDOMAIN)
++    {
++      struct all_addr a;
++      a.addr.rcode.rcode = rcode;
++      log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL);
++      
++      return resize_packet(header, n, pheader, plen);
++    }
+   
+   /* Complain loudly if the upstream server is non-recursive. */
+-  if (!(header->hb4 & HB4_RA) && RCODE(header) == NOERROR &&
++  if (!(header->hb4 & HB4_RA) && rcode == NOERROR &&
+       server && !(server->flags & SERV_WARNED_RECURSIVE))
+     {
+       prettyprint_addr(&server->addr, daemon->namebuff);
+@@ -654,7 +667,7 @@ static size_t process_reply(struct dns_h
+ 	server->flags |= SERV_WARNED_RECURSIVE;
+     }  
+ 
+-  if (daemon->bogus_addr && RCODE(header) != NXDOMAIN &&
++  if (daemon->bogus_addr && rcode != NXDOMAIN &&
+       check_for_bogus_wildcard(header, n, daemon->namebuff, daemon->bogus_addr, now))
+     {
+       munged = 1;
+@@ -666,7 +679,7 @@ static size_t process_reply(struct dns_h
+     {
+       int doctored = 0;
+       
+-      if (RCODE(header) == NXDOMAIN && 
++      if (rcode == NXDOMAIN && 
+ 	  extract_request(header, n, daemon->namebuff, NULL) &&
+ 	  check_for_local_domain(daemon->namebuff, now))
+ 	{
+@@ -1090,7 +1103,7 @@ void reply_query(int fd, int family, tim
+ 	      if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL))
+ 		domain = daemon->namebuff;
+ 	      
+-	      log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
++	      log_query(F_SECSTAT, domain, NULL, result);
+ 	    }
+ 	  
+ 	  if (status == STAT_SECURE)
+@@ -1948,7 +1961,7 @@ unsigned char *tcp_request(int confd, ti
+ 			  if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL))
+ 			    domain = daemon->namebuff;
+ 
+-			  log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
++			  log_query(F_SECSTAT, domain, NULL, result);
+ 			  
+ 			  if (status == STAT_BOGUS)
+ 			    {
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -926,12 +926,11 @@ unsigned int extract_request(struct dns_
+   return F_QUERY;
+ }
+ 
+-
+ size_t setup_reply(struct dns_header *header, size_t qlen,
+ 		struct all_addr *addrp, unsigned int flags, unsigned long ttl)
+ {
+   unsigned char *p;
+-
++  
+   if (!(p = skip_questions(header, qlen)))
+     return 0;
+   
+@@ -948,7 +947,12 @@ size_t setup_reply(struct dns_header *he
+   else if (flags == F_NXDOMAIN)
+     SET_RCODE(header, NXDOMAIN);
+   else if (flags == F_SERVFAIL)
+-    SET_RCODE(header, SERVFAIL);
++    {
++      struct all_addr a;
++      a.addr.rcode.rcode = SERVFAIL;
++      log_query(F_CONFIG | F_RCODE, "error", &a, NULL);
++      SET_RCODE(header, SERVFAIL);
++    }
+   else if (flags == F_IPV4)
+     { /* we know the address */
+       SET_RCODE(header, NOERROR);
+@@ -966,8 +970,13 @@ size_t setup_reply(struct dns_header *he
+     }
+ #endif
+   else /* nowhere to forward to */
+-    SET_RCODE(header, REFUSED);
+- 
++    {
++      struct all_addr a;
++      a.addr.rcode.rcode = REFUSED;
++      log_query(F_CONFIG | F_RCODE, "error", &a, NULL);
++      SET_RCODE(header, REFUSED);
++    }
++  
+   return p - (unsigned char *)header;
+ }
+ 
diff --git a/package/network/services/dnsmasq/patches/240-ubus.patch b/package/network/services/dnsmasq/patches/240-ubus.patch
index 415c7a5e4c..318b13110d 100644
--- a/package/network/services/dnsmasq/patches/240-ubus.patch
+++ b/package/network/services/dnsmasq/patches/240-ubus.patch
@@ -74,7 +74,7 @@
  int main (int argc, char **argv)
  {
    int bind_fallback = 0;
-@@ -928,6 +988,7 @@ int main (int argc, char **argv)
+@@ -931,6 +991,7 @@ int main (int argc, char **argv)
        set_dbus_listeners();
  #endif	
    
@@ -82,7 +82,7 @@
  #ifdef HAVE_DHCP
        if (daemon->dhcp || daemon->relay4)
  	{
-@@ -1058,6 +1119,8 @@ int main (int argc, char **argv)
+@@ -1061,6 +1122,8 @@ int main (int argc, char **argv)
        check_dbus_listeners();
  #endif
        
@@ -104,7 +104,7 @@
  mostly_clean :
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -1415,6 +1415,8 @@ void emit_dbus_signal(int action, struct
+@@ -1421,6 +1421,8 @@ void emit_dbus_signal(int action, struct
  #  endif
  #endif
  
@@ -115,7 +115,7 @@
  void ipset_init(void);
 --- a/src/rfc2131.c
 +++ b/src/rfc2131.c
-@@ -1621,6 +1621,10 @@ static void log_packet(char *type, void
+@@ -1636,6 +1636,10 @@ static void log_packet(char *type, void
  	      daemon->namebuff,
  	      string ? string : "",
  	      err ? err : "");
-- 
2.15.1 (Apple Git-101)




More information about the Lede-dev mailing list