dnsmasq: bump to dnsmasq v2.77test3

New test release (since test1) includes 2 LEDE patches that are upstream and may be dropped, along with many spelling fixes. Add forthcoming 2017 root zone trust anchor to trust-anchors.conf. Backport 2 patches that just missed test3: Reduce logspam of those domains handled locally 'local addresses only' Implement RFC-6842 (Client-ids in DHCP replies) Compile & run tested Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2025-11-03 14:34:27 -05:00 · 2017-02-06 21:45:41 +00:00 · 2017-02-06 21:45:41 +00:00 · 0247314f7d
commit 0247314f7d
parent 3ee793f601
5 changed files with 217 additions and 131 deletions
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=dnsmasq
-PKG_VERSION:=2.77test1
+PKG_VERSION:=2.77test3
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases
-PKG_HASH:=be89f1ab7b5b85dc31a982e73f9e9b8a65da6b9dfbdef30eede5284a8f832105
+PKG_HASH:=a5cd2b78048c0b16a9cbd2486430039c7d91b958c395edf3233cd9ae1a9eb8c1

 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
--- a/package/network/services/dnsmasq/patches/010-localise-queries-apply-to-interface-names.patch
+++ b/package/network/services/dnsmasq/patches/010-localise-queries-apply-to-interface-names.patch
@ -1,99 +0,0 @@
-From d42d4706bbcce3b5a40ad778a5a356a997db6b34 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Thu, 2 Feb 2017 16:52:06 +0000
-Subject: [PATCH] Make --localise-queries apply to names from
- --interface-name.
-
---
- CHANGELOG     |    7 +++++++
- man/dnsmasq.8 |    9 +++++----
- src/rfc1035.c |   21 ++++++++++++++++++++-
- 3 files changed, 32 insertions(+), 5 deletions(-)
-
--- a/CHANGELOG
-+++ b/CHANGELOG
-@@ -58,6 +58,13 @@ version 2.77
- 	    this is Nominum's. Thanks to Dave Täht for spotting the
- 	    bug and assisting in the fix.
- 
-+            Fix the manpage which lied that only the primary address
-+	    of an interface is used by --interface-name.
-+
-+	    Make --localise-queries apply to names from --interface-name.
-+	    Thanks to Kevin Darbyshire-Bryant and Eric Luehrsen
-+	    for pushing this.
-+
- 	
- version 2.76
-             Include 0.0.0.0/8 in DNS rebind checks. This range 
--- a/man/dnsmasq.8
-+++ b/man/dnsmasq.8
-@@ -289,8 +289,8 @@ option requires non-standard networking
- under Linux. On other platforms it falls-back to --bind-interfaces mode.
- .TP
- .B \-y, --localise-queries
-Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was
-received. If a name in /etc/hosts has more than one address associated with
-+Return answers to DNS queries from /etc/hosts and --interface-name which depend on the interface over which the query was
-+received. If a name has more than one address associated with
- it, and at least one of those addresses is on the same subnet as the
- interface to which the query was sent, then return only the
- address(es) on that subnet. This allows for a server  to have multiple
-@@ -604,7 +604,7 @@ given by the hex data, which may be of t
- 012345 or any mixture of these.
- .TP
- .B --interface-name=<name>,<interface>[/4|/6]
-Return a DNS record associating the name with the primary address on
-+Return DNS records associating the name with the address(es) of
- the given interface. This flag specifies an A or AAAA record for the given
- name in the same way as an /etc/hosts line, except that the address is
- not constant, but taken from the given interface. The interface may be
-@@ -614,7 +614,8 @@ down, not configured or non-existent, an
- matching PTR record is also created, mapping the interface address to
- the name. More than one name may be associated with an interface
- address by repeating the flag; in that case the first instance is used
-for the reverse address-to-name mapping.
-+for the reverse address-to-name mapping. Note that a name used in 
-+--interface-name may not appear in /etc/hosts.
- .TP
- .B --synth-domain=<domain>,<address range>[,<prefix>]
- Create artificial A/AAAA and PTR records for an address range. The
--- a/src/rfc1035.c
-+++ b/src/rfc1035.c
-@@ -1516,9 +1516,24 @@ size_t answer_request(struct dns_header
- 	      if (intr)
- 		{
- 		  struct addrlist *addrlist;
-		  int gotit = 0;
-+		  int gotit = 0, localise = 0;
- 
- 		  enumerate_interfaces(0);
-+		    
-+		  /* See if a putative address is on the network from which we recieved
-+		     the query, is so we'll filter other answers. */
-+		  if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && type == T_A)
-+		    for (intr = daemon->int_names; intr; intr = intr->next)
-+		      if (hostname_isequal(name, intr->name))
-+			for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
-+#ifdef HAVE_IPV6
-+			  if (!(addrlist->flags & ADDRLIST_IPV6))
-+#endif
-+			    if (is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask))
-+			      {
-+				localise = 1;
-+				break;
-+			      }
- 		  
- 		  for (intr = daemon->int_names; intr; intr = intr->next)
- 		    if (hostname_isequal(name, intr->name))
-@@ -1528,6 +1543,10 @@ size_t answer_request(struct dns_header
- 			  if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type)
- #endif
- 			    {
-+			      if (localise && 
-+				  !is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask))
-+				continue;
-+
- #ifdef HAVE_IPV6
- 			      if (addrlist->flags & ADDRLIST_REVONLY)
- 				continue;
--- a/package/network/services/dnsmasq/patches/010-reduce-logging.patch
+++ b/package/network/services/dnsmasq/patches/010-reduce-logging.patch
@ -0,0 +1,83 @@
+From 3e2496fb16fb78cb95fffdac80f967310a34b1fa Mon Sep 17 00:00:00 2001
+From: Hannu Nyman <hannu.nyman@iki.fi>
+Date: Sat, 11 Feb 2017 13:44:08 +0000
+Subject: [PATCH] Decrease the number of individual sites listed in log.
+
+By default 30 first servers are listed individually to system log, and
+then a count of the remaining items. With e.g. a NXDOMAIN based adblock
+service, dnsmasq lists 30 unnecessary ad sites every time when dnsmasq
+evaluates the list. But the actual nameservers in use are evaluated last
+and are not displayed as they get included in the "remaining items" total.
+
+Handle the "local addresses only" separately and list only a few of them.
+Remove the "local addresses only" from the general count.
+---
+ CHANGELOG     |    4 ++++
+ src/config.h  |    1 +
+ src/network.c |    9 ++++++++-
+ 3 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 788aaf9..f7f5125 100644
+--- a/CHANGELOG
+++ b/CHANGELOG
+@@ -69,6 +69,10 @@ version 2.77
+ 	    servers. Specifically, be prepared to open a new TCP
+ 	    connection when we want to make multiple queries
+             but the upstream server accepts fewer queries per connection.
+ 
+            Improve logging of upstream servers when there are a lot
+	    of "local addresses only" entries. Thanks to Hannu Nyman for
+	    the patch.
+ 
+ 	
+ version 2.76
+diff --git a/src/config.h b/src/config.h
+index be9cf05..cf527b3 100644
+--- a/src/config.h
+++ b/src/config.h
+@@ -27,6 +27,7 @@
+ #define FORWARD_TEST 50 /* try all servers every 50 queries */
+ #define FORWARD_TIME 20 /* or 20 seconds */
+ #define SERVERS_LOGGED 30 /* Only log this many servers when logging state */
+#define LOCALS_LOGGED 8 /* Only log this many local addresses when logging state */
+ #define RANDOM_SOCKS 64 /* max simultaneous random ports */
+ #define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */
+ #define CACHESIZ 150 /* default cache size */
+diff --git a/src/network.c b/src/network.c
+index 770558a..eb41624 100644
+--- a/src/network.c
+++ b/src/network.c
+@@ -1438,6 +1438,7 @@ void check_servers(void)
+   struct server *serv;
+   struct serverfd *sfd, *tmp, **up;
+   int port = 0, count;
+  int locals = 0;
+ 
+   /* interface may be new since startup */
+   if (!option_bool(OPT_NOWILD))
+@@ -1541,7 +1542,11 @@ void check_servers(void)
+ 		s1 = _("domain"), s2 = serv->domain;
+ 	      
+ 	      if (serv->flags & SERV_NO_ADDR)
+-		my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
+		{
+		  count--;
+		  if (++locals <= LOCALS_LOGGED)
+			my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
+	        }
+ 	      else if (serv->flags & SERV_USE_RESOLV)
+ 		my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2);
+ 	      else 
+@@ -1558,6 +1563,8 @@ void check_servers(void)
+ 	}
+     }
+   
+  if (locals > LOCALS_LOGGED)
+    my_syslog(LOG_INFO, _("using %d more local addresses"), locals - LOCALS_LOGGED);
+   if (count - 1 > SERVERS_LOGGED)
+     my_syslog(LOG_INFO, _("using %d more nameservers"), count - SERVERS_LOGGED - 1);
+ 
+-- 
+1.7.10.4
+
--- a/package/network/services/dnsmasq/patches/020-implement-RFC6842.patch
+++ b/package/network/services/dnsmasq/patches/020-implement-RFC6842.patch
@ -0,0 +1,132 @@
+From 88a77a78ad27adc3ed87b7ee603643d26cb896ee Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 11 Feb 2017 17:02:02 +0000
+Subject: [PATCH] Implement RFC-6842 (Client-ids in DHCP replies.)
+
+---
+ CHANGELOG     |    5 ++++-
+ src/rfc2131.c |   33 ++++++++++++++++++++++-----------
+ 2 files changed, 26 insertions(+), 12 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index f7f5125..a4ee280 100644
+--- a/CHANGELOG
+++ b/CHANGELOG
+@@ -74,7 +74,10 @@ version 2.77
+ 	    of "local addresses only" entries. Thanks to Hannu Nyman for
+ 	    the patch.
+ 
+-	
+            Implement RFC 6842. Thanks to Reddeiah Raju Konduru for
+            pointing out that this was missing.
+
+
+ version 2.76
+             Include 0.0.0.0/8 in DNS rebind checks. This range 
+ 	    translates to hosts on  the local network, or, at 
+diff --git a/src/rfc2131.c b/src/rfc2131.c
+index 978c8dc..3e97402 100644
+--- a/src/rfc2131.c
+++ b/src/rfc2131.c
+@@ -38,7 +38,7 @@ static void log_packet(char *type, void *addr, unsigned char *ext_mac,
+ static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize);
+ static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize);
+ static size_t dhcp_packet_size(struct dhcp_packet *mess, unsigned char *agent_id, unsigned char *real_end);
+-static void clear_packet(struct dhcp_packet *mess, unsigned char *end);
+static void clear_packet(struct dhcp_packet *mess, unsigned char *end, unsigned int sz);
+ static int in_list(unsigned char *list, int opt);
+ static void do_options(struct dhcp_context *context,
+ 		       struct dhcp_packet *mess,
+@@ -611,7 +611,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+ 				now); 
+ 	      lease_set_interface(lease, int_index, now);
+ 	      
+-	      clear_packet(mess, end);
+	      clear_packet(mess, end, 0);
+ 	      do_options(context, mess, end, NULL, hostname, get_domain(mess->yiaddr), 
+ 			 netid, subnet_addr, 0, 0, -1, NULL, vendor_class_len, now, 0xffffffff, 0);
+ 	    }
+@@ -814,7 +814,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+ 	  if (!service || !service->basename || !context)
+ 	    return 0;
+ 	  	  
+-	  clear_packet(mess, end);
+	  clear_packet(mess, end, sz);
+ 	  
+ 	  mess->yiaddr = mess->ciaddr;
+ 	  mess->ciaddr.s_addr = 0;
+@@ -882,7 +882,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+ 		      mess->flags |= htons(0x8000); /* broadcast */
+ 		    }
+ 		  
+-		  clear_packet(mess, end);
+		  clear_packet(mess, end, sz);
+ 		  
+ 		  /* Redirect EFI clients to port 4011 */
+ 		  if (pxearch >= 6)
+@@ -1062,7 +1062,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+       log_packet("DHCPOFFER" , &mess->yiaddr, emac, emac_len, iface_name, NULL, NULL, mess->xid);
+       
+       time = calc_time(context, config, option_find(mess, sz, OPTION_LEASE_TIME, 4));
+-      clear_packet(mess, end);
+      clear_packet(mess, end, sz);
+       option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPOFFER);
+       option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
+       option_put(mess, end, OPTION_LEASE_TIME, 4, time);
+@@ -1245,7 +1245,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+ 	  log_packet("DHCPNAK", &mess->yiaddr, emac, emac_len, iface_name, NULL, message, mess->xid);
+ 	  
+ 	  mess->yiaddr.s_addr = 0;
+-	  clear_packet(mess, end);
+	  clear_packet(mess, end, sz);
+ 	  option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPNAK);
+ 	  option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
+ 	  option_put_string(mess, end, OPTION_MESSAGE, message, borken_opt);
+@@ -1401,7 +1401,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+ 
+ 	  log_packet("DHCPACK", &mess->yiaddr, emac, emac_len, iface_name, hostname, NULL, mess->xid);  
+ 	  
+-	  clear_packet(mess, end);
+	  clear_packet(mess, end, sz);
+ 	  option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK);
+ 	  option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
+ 	  option_put(mess, end, OPTION_LEASE_TIME, 4, time);
+@@ -1452,7 +1452,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+ 	    override = lease->override;
+ 	}
+ 
+-      clear_packet(mess, end);
+      clear_packet(mess, end, sz);
+       option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK);
+       option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
+      
+@@ -2180,12 +2180,23 @@ static struct dhcp_opt *pxe_opts(int pxe_arch, struct dhcp_netid *netid, struct
+  
+   return ret;
+ }
+-  
+-static void clear_packet(struct dhcp_packet *mess, unsigned char *end)
+
+static void clear_packet(struct dhcp_packet *mess, unsigned char *end, unsigned int sz)
+ {
+  unsigned char *opt;
+  unsigned int clid_tot = 0;
+  
+  /* If sz is non-zero, save any client-id option by copying it as the first
+   option in the new packet */
+    if (sz != 0 && (opt = option_find(mess, sz, OPTION_CLIENT_ID, 1)))
+    {
+      clid_tot = option_len(opt) + 2u;
+      memmove(&mess->options[0] + sizeof(u32), opt, clid_tot);
+    }
+  
+   memset(mess->sname, 0, sizeof(mess->sname));
+   memset(mess->file, 0, sizeof(mess->file));
+-  memset(&mess->options[0] + sizeof(u32), 0, end - (&mess->options[0] + sizeof(u32)));
+  memset(&mess->options[0] + sizeof(u32) + clid_tot, 0, end - (&mess->options[0] + sizeof(u32) + clid_tot));
+   mess->siaddr.s_addr = 0;
+ }
+ 
+-- 
+1.7.10.4
+
--- a/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch
+++ b/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch
@ -1,30 +0,0 @@
-From 94a8815892f538b334d640012eebcafc2c7fa284 Mon Sep 17 00:00:00 2001
-From: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
-Date: Thu, 27 Oct 2016 12:17:03 +0200
-Subject: [PATCH] Consider SERVFAIL as a non-successful response
-
-Treat Servfail as a recoverable error instead of a hard error.
-
-A misconfigured dns forwarder upstream can return a Servfail faster than
-a correctly configured one.
-
-In the case of a dnssec misbehaving, it will misbehave on all correctly
-configured upstreams. In the case of a normal DNS query, the original
-behavior of dnsmasq here was more robust.
-
---
- src/forward.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
--- a/src/forward.c
-+++ b/src/forward.c
-@@ -853,7 +853,8 @@ void reply_query(int fd, int family, tim
-      we get a good reply from another server. Kill it when we've
-      had replies from all to avoid filling the forwarding table when
-      everything is broken */
-  if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED)
-+  if (forward->forwardall == 0 || --forward->forwardall == 1
-+          || (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL))
-     {
-       int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
-