From: Steven Barth Date: Wed, 18 Jun 2014 10:04:34 +0000 (+0000) Subject: dnsmasq: various house-keeping updates X-Git-Tag: reboot~6884 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=495b237cc4d179b48a8c3587de267446d83855f8;p=openwrt%2Fstaging%2Flynxis.git dnsmasq: various house-keeping updates * Add Authoritative DNS and IPSET to full variant * Remove some bloat from IPSET support * Reintroduce "DHCP no address warning"-patch Signed-off-by: Steven Barth SVN-Revision: 41246 --- diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 34d543f151..5c54d855c1 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.71 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq @@ -28,7 +28,7 @@ include $(INCLUDE_DIR)/package.mk define Package/dnsmasq/Default SECTION:=net CATEGORY:=Base system - TITLE:=A lightweight DNS and DHCP server + TITLE:=DNS and DHCP server URL:=http://www.thekelleys.org.uk/dnsmasq/ endef @@ -46,7 +46,7 @@ endef define Package/dnsmasq-full $(call Package/dnsmasq/Default) - TITLE += (with DHCPv6 and DNSSEC) + TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPSET) DEPENDS:=@IPV6 +kmod-ipv6 +libnettle VARIANT:=full endef @@ -64,7 +64,7 @@ endef define Package/dnsmasq-full/description $(call Package/dnsmasq/description) -This is a variant with DHCPv6 and DNSSEC support +This is a variant with DHCPv6, DNSSEC, Authroitative DNS and IPSET support endef define Package/dnsmasq/conffiles @@ -78,7 +78,7 @@ Package/dnsmasq-full/conffiles = $(Package/dnsmasq/conffiles) TARGET_CFLAGS += -ffunction-sections -fdata-sections TARGET_LDFLAGS += -Wl,--gc-sections -COPTS = $(if $(CONFIG_IPV6),,-DNO_IPV6) -DNO_IPSET -DNO_AUTH +COPTS = $(if $(CONFIG_IPV6),,-DNO_IPV6) ifeq ($(BUILD_VARIANT),nodhcpv6) COPTS += -DNO_DHCP6 @@ -87,6 +87,8 @@ endif ifeq ($(BUILD_VARIANT),full) COPTS += -DHAVE_DNSSEC COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,) +else + COPTS += -DNO_AUTH -DNO_IPSET endif MAKE_FLAGS := \ diff --git a/package/network/services/dnsmasq/patches/0001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch b/package/network/services/dnsmasq/patches/0001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch deleted file mode 100644 index f9a62cd650..0000000000 --- a/package/network/services/dnsmasq/patches/0001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 063efb330a3f341c2548e2cf1f67f83e49cd6395 Mon Sep 17 00:00:00 2001 -From: Simon Kelley -Date: Tue, 17 Jun 2014 19:49:31 +0100 -Subject: [PATCH] Build config: add -DNO_GMP for use with nettle/mini-gmp - ---- - Makefile | 2 +- - bld/pkg-wrapper | 9 +++++++-- - src/config.h | 7 +++++++ - src/dnssec.c | 3 ++- - 4 files changed, 17 insertions(+), 4 deletions(-) - -diff --git a/Makefile b/Makefile -index c58b50b..17eeb27 100644 ---- a/Makefile -+++ b/Makefile -@@ -61,7 +61,7 @@ lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CON - lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1` - nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed` - nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed` --gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --copy -lgmp` -+gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp` - sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi` - version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"' - -diff --git a/bld/pkg-wrapper b/bld/pkg-wrapper -index 9f9332d..0ddb678 100755 ---- a/bld/pkg-wrapper -+++ b/bld/pkg-wrapper -@@ -11,9 +11,14 @@ in=`cat` - - if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \ - echo $in | grep $search >/dev/null 2>&1; then -- -+# Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP - if [ $op = "--copy" ]; then -- pkg="$*" -+ if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \ -+ echo $in | grep $pkg >/dev/null 2>&1; then -+ pkg="" -+ else -+ pkg="$*" -+ fi - elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ - echo $in | grep ${search}_STATIC >/dev/null 2>&1; then - pkg=`$pkg --static $op $*` -diff --git a/src/config.h b/src/config.h -index 2155544..ee6d218 100644 ---- a/src/config.h -+++ b/src/config.h -@@ -105,6 +105,8 @@ HAVE_AUTH - define this to include the facility to act as an authoritative DNS - server for one or more zones. - -+HAVE_DNSSEC -+ include DNSSEC validator. - - NO_IPV6 - NO_TFTP -@@ -118,6 +120,11 @@ NO_AUTH - which are enabled by default in the distributed source tree. Building dnsmasq - with something like "make COPTS=-DNO_SCRIPT" will do the trick. - -+NO_NETTLE_ECC -+ Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions. -+NO_GMP -+ Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp. -+ - LEASEFILE - CONFFILE - RESOLVFILE -diff --git a/src/dnssec.c b/src/dnssec.c -index 44d626b..2ffb75d 100644 ---- a/src/dnssec.c -+++ b/src/dnssec.c -@@ -26,7 +26,8 @@ - # include - #endif - #include --#include -+#include -+ - - #define SERIAL_UNDEF -100 - #define SERIAL_EQ 0 --- -2.0.0 - diff --git a/package/network/services/dnsmasq/patches/001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch b/package/network/services/dnsmasq/patches/001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch new file mode 100644 index 0000000000..dcc1b1f0ed --- /dev/null +++ b/package/network/services/dnsmasq/patches/001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch @@ -0,0 +1,77 @@ +From 063efb330a3f341c2548e2cf1f67f83e49cd6395 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 17 Jun 2014 19:49:31 +0100 +Subject: [PATCH] Build config: add -DNO_GMP for use with nettle/mini-gmp + +--- + Makefile | 2 +- + bld/pkg-wrapper | 9 +++++++-- + src/config.h | 7 +++++++ + src/dnssec.c | 3 ++- + 4 files changed, 17 insertions(+), 4 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -61,7 +61,7 @@ lua_cflags = `echo $(COPTS) | $(top)/ + lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1` + nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed` + nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed` +-gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --copy -lgmp` ++gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp` + sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi` + version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"' + +--- a/bld/pkg-wrapper ++++ b/bld/pkg-wrapper +@@ -11,9 +11,14 @@ in=`cat` + + if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \ + echo $in | grep $search >/dev/null 2>&1; then +- ++# Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP + if [ $op = "--copy" ]; then +- pkg="$*" ++ if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \ ++ echo $in | grep $pkg >/dev/null 2>&1; then ++ pkg="" ++ else ++ pkg="$*" ++ fi + elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ + echo $in | grep ${search}_STATIC >/dev/null 2>&1; then + pkg=`$pkg --static $op $*` +--- a/src/config.h ++++ b/src/config.h +@@ -105,6 +105,8 @@ HAVE_AUTH + define this to include the facility to act as an authoritative DNS + server for one or more zones. + ++HAVE_DNSSEC ++ include DNSSEC validator. + + NO_IPV6 + NO_TFTP +@@ -118,6 +120,11 @@ NO_AUTH + which are enabled by default in the distributed source tree. Building dnsmasq + with something like "make COPTS=-DNO_SCRIPT" will do the trick. + ++NO_NETTLE_ECC ++ Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions. ++NO_GMP ++ Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp. ++ + LEASEFILE + CONFFILE + RESOLVFILE +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -26,7 +26,8 @@ + # include + #endif + #include +-#include ++#include ++ + + #define SERIAL_UNDEF -100 + #define SERIAL_EQ 0 diff --git a/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch new file mode 100644 index 0000000000..a502a60aee --- /dev/null +++ b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch @@ -0,0 +1,47 @@ +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -146,7 +146,7 @@ void dhcp_packet(time_t now, int pxe_fd) + struct iovec iov; + ssize_t sz; + int iface_index = 0, unicast_dest = 0, is_inform = 0; +- struct in_addr iface_addr; ++ struct in_addr iface_addr, *addrp = NULL; + struct iface_param parm; + #ifdef HAVE_LINUX_NETWORK + struct arpreq arp_req; +@@ -272,11 +272,9 @@ void dhcp_packet(time_t now, int pxe_fd) + { + ifr.ifr_addr.sa_family = AF_INET; + if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 ) +- iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; +- else + { +- my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); +- return; ++ addrp = &iface_addr; ++ iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; + } + + for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) +@@ -295,7 +293,7 @@ void dhcp_packet(time_t now, int pxe_fd) + parm.relay_local.s_addr = 0; + parm.ind = iface_index; + +- if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL)) ++ if (!iface_check(AF_INET, (struct all_addr *)addrp, ifr.ifr_name, NULL)) + { + /* If we failed to match the primary address of the interface, see if we've got a --listen-address + for a secondary */ +@@ -315,6 +313,12 @@ void dhcp_packet(time_t now, int pxe_fd) + complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm); + } + ++ if (!addrp) ++ { ++ my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); ++ return; ++ } ++ + if (!iface_enumerate(AF_INET, &parm, complete_context)) + return; + diff --git a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch new file mode 100644 index 0000000000..61b09d5b2c --- /dev/null +++ b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch @@ -0,0 +1,110 @@ +--- a/src/ipset.c ++++ b/src/ipset.c +@@ -22,7 +22,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -72,7 +71,7 @@ struct my_nfgenmsg { + + #define NL_ALIGN(len) (((len)+3) & ~(3)) + static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK }; +-static int ipset_sock, old_kernel; ++static int ipset_sock; + static char *buffer; + + static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data) +@@ -87,25 +86,7 @@ static inline void add_attr(struct nlmsg + + void ipset_init(void) + { +- struct utsname utsname; +- int version; +- char *split; +- +- if (uname(&utsname) < 0) +- die(_("failed to find kernel version: %s"), NULL, EC_MISC); +- +- split = strtok(utsname.release, "."); +- version = (split ? atoi(split) : 0); +- split = strtok(NULL, "."); +- version = version * 256 + (split ? atoi(split) : 0); +- split = strtok(NULL, "."); +- version = version * 256 + (split ? atoi(split) : 0); +- old_kernel = (version < KERNEL_VERSION(2,6,32)); +- +- if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1) +- return; +- +- if (!old_kernel && ++ if ( + (buffer = safe_malloc(BUFF_SZ)) && + (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 && + (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1)) +@@ -168,62 +149,16 @@ static int new_add_to_ipset(const char * + } + + +-static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove) +-{ +- socklen_t size; +- struct ip_set_req_adt_get { +- unsigned op; +- unsigned version; +- union { +- char name[IPSET_MAXNAMELEN]; +- uint16_t index; +- } set; +- char typename[IPSET_MAXNAMELEN]; +- } req_adt_get; +- struct ip_set_req_adt { +- unsigned op; +- uint16_t index; +- uint32_t ip; +- } req_adt; +- +- if (strlen(setname) >= sizeof(req_adt_get.set.name)) +- { +- errno = ENAMETOOLONG; +- return -1; +- } +- +- req_adt_get.op = 0x10; +- req_adt_get.version = 3; +- strcpy(req_adt_get.set.name, setname); +- size = sizeof(req_adt_get); +- if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0) +- return -1; +- req_adt.op = remove ? 0x102 : 0x101; +- req_adt.index = req_adt_get.set.index; +- req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr); +- if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0) +- return -1; +- +- return 0; +-} +- +- +- + int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove) + { + int af = AF_INET; + + #ifdef HAVE_IPV6 + if (flags & F_IPV6) +- { + af = AF_INET6; +- /* old method only supports IPv4 */ +- if (old_kernel) +- return -1; +- } + #endif + +- return old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); ++ return new_add_to_ipset(setname, ipaddr, af, remove); + } + + #endif