From: Eric Luehrsen Date: Fri, 17 Aug 2018 01:37:43 +0000 (-0400) Subject: unbound: drop odhcpd leases with wrong field count X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=cad5ceed6a87fc65653d4070b96ddfa5b6b81a4d;p=feed%2Fpackages.git unbound: drop odhcpd leases with wrong field count Signed-off-by: Eric Luehrsen (cherry pick commit: 59617f076d7cbdd04a341bf7cfb5f3d9772b5765) --- diff --git a/net/unbound/Makefile b/net/unbound/Makefile index c28b2a003e..ec93dc2fdf 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.6.8 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/net/unbound/files/odhcpd.awk b/net/unbound/files/odhcpd.awk index 160950884e..3c53788700 100644 --- a/net/unbound/files/odhcpd.awk +++ b/net/unbound/files/odhcpd.awk @@ -37,6 +37,12 @@ sub( /.*\//, "", cdr2 ) ; + if ( hst !~ /^[[:alnum:]]([-[:alnum:]]*[[:alnum:]])?$/ ) { + # that is not a valid host name (RFC1123) + hst = "-" ; + } + + if ( bisolt == 1 ) { # TODO: this might be better with a substituion option, # or per DHCP pool do-not-DNS option, but its getting busy here. @@ -50,81 +56,73 @@ } - if ( cls == "ipv4" ) { - if ( NF == 8 ) { - # odhcpd errata in field format without host name - adr = $8 ; hst = "-" ; cdr = adr ; - sub( /\/.*/, "", adr ) ; - sub( /.*\//, "", cdr ) ; + if ((cls == "ipv4") && (hst != "-") && (cdr == 32) && (NF == 9)) { + # IPV4 ; only for provided hostnames and full /32 assignments + # NF=9 ; odhcpd errata in field format without host name + ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ; + slaac = slaac_eui64( id ) ; + + + if ( bconf == 1 ) { + x = ( "local-data: \"" fqdn ". 120 IN A " adr "\"" ) ; + y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ; + print ( x "\n" y "\n" ) > hostfile ; } + else { + for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; } + x = ( fqdn ". 120 IN A " adr ) ; + y = ( qpr "in-addr.arpa. 120 IN PTR " fqdn ) ; + print ( x "\n" y ) > hostfile ; + } - if (( cdr == 32 ) && ( hst != "-" )) { - # only for provided hostnames and full /32 assignments - ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ; - slaac = slaac_eui64( id ) ; + if (( bslaac == 1 ) && ( slaac != 0 )) { + # UCI option to discover IPV6 routed SLAAC addresses + # NOT TODO - ping probe take too long when added in awk-rule loop + cmd = ( "ip -6 --oneline route show dev " net ) ; - if ( bconf == 1 ) { - x = ( "local-data: \"" fqdn ". 120 IN A " adr "\"" ) ; - y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ; - print ( x "\n" y ) > hostfile ; - } - else { - for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; } - x = ( fqdn ". 120 IN A " adr ) ; - y = ( qpr "in-addr.arpa. 120 IN PTR " fqdn ) ; - print ( x "\n" y ) > hostfile ; - } + while ( ( cmd | getline adr ) > 0 ) { + if (( substr( adr, 1, 5 ) <= "fdff:" ) \ + && ( index( adr, "anycast" ) == 0 ) \ + && ( index( adr, "via" ) == 0 )) { + # GA or ULA routed addresses only (not LL or MC) + sub( /\/.*/, "", adr ) ; + adr = ( adr slaac ) ; - if (( bslaac == 1 ) && ( slaac != 0 )) { - # UCI option to discover IPV6 routed SLAAC addresses - # NOT TODO - ping probe take too long when added in awk-rule loop - cmd = ( "ip -6 --oneline route show dev " net ) ; - - - while ( ( cmd | getline adr ) > 0 ) { - if (( substr( adr, 1, 5 ) <= "fd00:" ) \ - && ( index( adr, "via" ) == 0 )) { - # GA or ULA routed addresses only (not LL or MC) - sub( /\/.*/, "", adr ) ; - adr = ( adr slaac ) ; - - - if ( split( adr, tmp0, ":" ) >= 8 ) { - sub( "::", ":", adr ) ; - } - - - if ( bconf == 1 ) { - x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ; - y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ; - print ( x "\n" y ) > hostfile ; - } - - else { - qpr = ipv6_ptr( adr ) ; - x = ( fqdn ". 120 IN AAAA " adr ) ; - y = ( qpr ". 120 IN PTR " fqdn ) ; - print ( x "\n" y ) > hostfile ; - } + if ( split( adr, tmp0, ":" ) > 8 ) { + sub( "::", ":", adr ) ; } - } - close( cmd ) ; + if ( bconf == 1 ) { + x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ; + y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ; + print ( x "\n" y "\n" ) > hostfile ; + } + + else { + qpr = ipv6_ptr( adr ) ; + x = ( fqdn ". 120 IN AAAA " adr ) ; + y = ( qpr ". 120 IN PTR " fqdn ) ; + print ( x "\n" y ) > hostfile ; + } + } } + + + close( cmd ) ; } } - else { - if (( cdr == 128 ) && ( hst != "-" )) { + else if ((cls != "ipv4") && (hst != "-") && (9 <= NF) && (NF <= 10)) { + if (cdr == 128) { if ( bconf == 1 ) { x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ; y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ; - print ( x "\n" y ) > hostfile ; + print ( x "\n" y "\n" ) > hostfile ; } else { @@ -135,12 +133,12 @@ print ( x "\n" y ) > hostfile ; } } - - if (( cdr2 == 128 ) && ( hst != "-" )) { + + if (cdr2 == 128) { if ( bconf == 1 ) { x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr2 "\"" ) ; y = ( "local-data-ptr: \"" adr2 " 120 " fqdn "\"" ) ; - print ( x "\n" y ) > hostfile ; + print ( x "\n" y "\n" ) > hostfile ; } else { @@ -152,6 +150,10 @@ } } } + + else { + # dump non-conforming lease records + } } ##############################################################################