From 716ca530e1c4515d8683c9d5be3d56b301758b66 Mon Sep 17 00:00:00 2001 From: James <> Date: Wed, 4 Nov 2015 11:49:21 +0000 Subject: trunk-47381 --- package/network/services/dnsmasq/Makefile | 152 +++++ package/network/services/dnsmasq/files/dhcp.conf | 32 + .../network/services/dnsmasq/files/dnsmasq.conf | 37 ++ .../network/services/dnsmasq/files/dnsmasq.hotplug | 5 + .../network/services/dnsmasq/files/dnsmasq.init | 641 +++++++++++++++++++++ .../patches/100-fix-dhcp-no-address-warning.patch | 47 ++ .../110-ipset-remove-old-kernel-support.patch | 110 ++++ .../210-dnssec-improve-timestamp-heuristic.patch | 47 ++ 8 files changed, 1071 insertions(+) create mode 100644 package/network/services/dnsmasq/Makefile create mode 100644 package/network/services/dnsmasq/files/dhcp.conf create mode 100644 package/network/services/dnsmasq/files/dnsmasq.conf create mode 100644 package/network/services/dnsmasq/files/dnsmasq.hotplug create mode 100644 package/network/services/dnsmasq/files/dnsmasq.init create mode 100644 package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch create mode 100644 package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch create mode 100644 package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch (limited to 'package/network/services/dnsmasq') diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile new file mode 100644 index 0000000..cddde5c --- /dev/null +++ b/package/network/services/dnsmasq/Makefile @@ -0,0 +1,152 @@ +# +# Copyright (C) 2006-2015 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=dnsmasq +PKG_VERSION:=2.75 +PKG_RELEASE:=2 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq +PKG_MD5SUM:=887236f1ddde6eb57cdb9d01916c9f72 + +PKG_LICENSE:=GPL-2.0 +PKG_LICENSE_FILES:=COPYING + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) + +PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 +PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \ + CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \ + CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \ + CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset + +include $(INCLUDE_DIR)/package.mk + +define Package/dnsmasq/Default + SECTION:=net + CATEGORY:=Base system + TITLE:=DNS and DHCP server + URL:=http://www.thekelleys.org.uk/dnsmasq/ +endef + +define Package/dnsmasq +$(call Package/dnsmasq/Default) + VARIANT:=nodhcpv6 +endef + +define Package/dnsmasq-dhcpv6 +$(call Package/dnsmasq/Default) + TITLE += (with DHCPv6 support) + DEPENDS:=@IPV6 + VARIANT:=dhcpv6 +endef + +define Package/dnsmasq-full +$(call Package/dnsmasq/Default) + TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset enabled by default) + DEPENDS:=+PACKAGE_dnsmasq_full_dnssec:libnettle \ + +PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset + VARIANT:=full +endef + +define Package/dnsmasq/description + It is intended to provide coupled DNS and DHCP service to a LAN. +endef + +define Package/dnsmasq-dhcpv6/description +$(call Package/dnsmasq/description) + +This is a variant with DHCPv6 support +endef + +define Package/dnsmasq-full/description +$(call Package/dnsmasq/description) + +This is a fully configurable variant with DHCPv6, DNSSEC, Authroitative DNS and +IPset support enabled by default. +endef + +define Package/dnsmasq/conffiles +/etc/config/dhcp +/etc/dnsmasq.conf +endef + +define Package/dnsmasq-full/config + if PACKAGE_dnsmasq-full + config PACKAGE_dnsmasq_full_dhcpv6 + bool "Build with DHCPv6 support." + depends on IPV6 + default y + config PACKAGE_dnsmasq_full_dnssec + bool "Build with DNSSEC support." + default y + config PACKAGE_dnsmasq_full_auth + bool "Build with the facility to act as an authoritative DNS server." + default y + config PACKAGE_dnsmasq_full_ipset + bool "Build with IPset support." + default y + endif +endef + +Package/dnsmasq-dhcpv6/conffiles = $(Package/dnsmasq/conffiles) +Package/dnsmasq-full/conffiles = $(Package/dnsmasq/conffiles) + +TARGET_CFLAGS += -ffunction-sections -fdata-sections +TARGET_LDFLAGS += -Wl,--gc-sections + +COPTS = $(if $(CONFIG_IPV6),,-DNO_IPV6) + +ifeq ($(BUILD_VARIANT),nodhcpv6) + COPTS += -DNO_DHCP6 +endif + +ifeq ($(BUILD_VARIANT),full) + COPTS += $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6),,-DNO_DHCP6) \ + $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \ + $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \ + $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) + COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,) +else + COPTS += -DNO_AUTH -DNO_IPSET +endif + +MAKE_FLAGS := \ + $(TARGET_CONFIGURE_OPTS) \ + CFLAGS="$(TARGET_CFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + COPTS="$(COPTS)" \ + PREFIX="/usr" + +define Package/dnsmasq/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/dnsmasq $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_DATA) ./files/dhcp.conf $(1)/etc/config/dhcp + $(INSTALL_DATA) ./files/dnsmasq.conf $(1)/etc/dnsmasq.conf + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/dnsmasq.init $(1)/etc/init.d/dnsmasq + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface + $(INSTALL_DATA) ./files/dnsmasq.hotplug $(1)/etc/hotplug.d/iface/25-dnsmasq +endef + +Package/dnsmasq-dhcpv6/install = $(Package/dnsmasq/install) + +define Package/dnsmasq-full/install +$(call Package/dnsmasq/install,$(1)) +ifneq ($(CONFIG_PACKAGE_dnsmasq_full_dnssec),) + $(INSTALL_DIR) $(1)/usr/share/dnsmasq + $(INSTALL_DATA) $(PKG_BUILD_DIR)/trust-anchors.conf $(1)/usr/share/dnsmasq +endif +endef + +$(eval $(call BuildPackage,dnsmasq)) +$(eval $(call BuildPackage,dnsmasq-dhcpv6)) +$(eval $(call BuildPackage,dnsmasq-full)) diff --git a/package/network/services/dnsmasq/files/dhcp.conf b/package/network/services/dnsmasq/files/dhcp.conf new file mode 100644 index 0000000..362b90a --- /dev/null +++ b/package/network/services/dnsmasq/files/dhcp.conf @@ -0,0 +1,32 @@ +config dnsmasq + option domainneeded 1 + option boguspriv 1 + option filterwin2k 0 # enable for dial on demand + option localise_queries 1 + option rebind_protection 1 # disable if upstream must serve RFC1918 addresses + option rebind_localhost 1 # enable for RBL checking and similar services + #list rebind_domain example.lan # whitelist RFC1918 responses for domains + option local '/lan/' + option domain 'lan' + option expandhosts 1 + option nonegcache 0 + option authoritative 1 + option readethers 1 + option leasefile '/tmp/dhcp.leases' + option resolvfile '/tmp/resolv.conf.auto' + #list server '/mycompany.local/1.2.3.4' + #option nonwildcard 1 + #list interface br-lan + #list notinterface lo + #list bogusnxdomain '64.94.110.11' + option localservice 1 # disable to allow DNS requests from non-local subnets + +config dhcp lan + option interface lan + option start 100 + option limit 150 + option leasetime 12h + +config dhcp wan + option interface wan + option ignore 1 diff --git a/package/network/services/dnsmasq/files/dnsmasq.conf b/package/network/services/dnsmasq/files/dnsmasq.conf new file mode 100644 index 0000000..bf5816b --- /dev/null +++ b/package/network/services/dnsmasq/files/dnsmasq.conf @@ -0,0 +1,37 @@ +# Change the following lines if you want dnsmasq to serve SRV +# records. +# You may add multiple srv-host lines. +# The fields are ,,,, + +# A SRV record sending LDAP for the example.com domain to +# ldapserver.example.com port 289 +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 + +# Two SRV records for LDAP, each with different priorities +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 + +# A SRV record indicating that there is no LDAP server for the domain +# example.com +#srv-host=_ldap._tcp.example.com + +# The following line shows how to make dnsmasq serve an arbitrary PTR +# record. This is useful for DNS-SD. +# The fields are , +#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" + +# Change the following lines to enable dnsmasq to serve TXT records. +# These are used for things like SPF and zeroconf. +# The fields are ,,... + +#Example SPF. +#txt-record=example.com,"v=spf1 a -all" + +#Example zeroconf +#txt-record=_http._tcp.example.com,name=value,paper=A4 + +# Provide an alias for a "local" DNS name. Note that this _only_ works +# for targets which are names from DHCP or /etc/hosts. Give host +# "bert" another name, bertrand +# The fields are , +#cname=bertand,bert diff --git a/package/network/services/dnsmasq/files/dnsmasq.hotplug b/package/network/services/dnsmasq/files/dnsmasq.hotplug new file mode 100644 index 0000000..ca5d10c --- /dev/null +++ b/package/network/services/dnsmasq/files/dnsmasq.hotplug @@ -0,0 +1,5 @@ +#!/bin/sh + +[ "$ACTION" = ifup ] || exit 0 + +/etc/init.d/dnsmasq enabled && /etc/init.d/dnsmasq start diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init new file mode 100644 index 0000000..1b42cff --- /dev/null +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -0,0 +1,641 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2007-2012 OpenWrt.org + +START=60 + +USE_PROCD=1 +PROG=/usr/sbin/dnsmasq + +DNS_SERVERS="" +DOMAIN="" + +ADD_LOCAL_DOMAIN=1 +ADD_LOCAL_HOSTNAME=1 + +CONFIGFILE="/var/etc/dnsmasq.conf" +HOSTFILE="/tmp/hosts/dhcp" +TRUSTANCHORSFILE="/usr/share/dnsmasq/trust-anchors.conf" +TIMESTAMPFILE="/etc/dnsmasq.time" + +xappend() { + local value="$1" + + echo "${value#--}" >> $CONFIGFILE +} + +dhcp_calc() { + local ip="$1" + local res=0 + + while [ -n "$ip" ]; do + part="${ip%%.*}" + res="$(($res * 256))" + res="$(($res + $part))" + [ "${ip%.*}" != "$ip" ] && ip="${ip#*.}" || ip= + done + echo "$res" +} + +dhcp_check() { + local ifname="$1" + local stamp="/var/run/dnsmasq.$ifname.dhcp" + local rv=0 + + [ -s "$stamp" ] && return $(cat "$stamp") + + udhcpc -n -q -s /bin/true -t 1 -i "$ifname" >&- && rv=1 || rv=0 + + [ $rv -eq 1 ] && \ + logger -t dnsmasq \ + "found already running DHCP-server on interface '$ifname'" \ + "refusing to start, use 'option force 1' to override" + + echo $rv > "$stamp" + return $rv +} + +log_once() { + pidof dnsmasq >/dev/null || \ + logger -t dnsmasq "$@" +} + +append_bool() { + local section="$1" + local option="$2" + local value="$3" + local _loctmp + config_get_bool _loctmp "$section" "$option" 0 + [ $_loctmp -gt 0 ] && xappend "$value" +} + +append_parm() { + local section="$1" + local option="$2" + local switch="$3" + local _loctmp + config_get _loctmp "$section" "$option" + [ -z "$_loctmp" ] && return 0 + xappend "$switch=$_loctmp" +} + +append_server() { + xappend "--server=$1" +} + +append_address() { + xappend "--address=$1" +} + +append_ipset() { + xappend "--ipset=$1" +} + +append_interface() { + local ifname=$(uci_get_state network "$1" ifname "$1") + xappend "--interface=$ifname" +} + +append_notinterface() { + local ifname=$(uci_get_state network "$1" ifname "$1") + xappend "--except-interface=$ifname" +} + +append_addnhosts() { + xappend "--addn-hosts=$1" +} + +append_bogusnxdomain() { + xappend "--bogus-nxdomain=$1" +} + +append_pxe_service() { + xappend "--pxe-service=$1" +} + +dnsmasq() { + local cfg="$1" + append_bool "$cfg" authoritative "--dhcp-authoritative" + append_bool "$cfg" nodaemon "--no-daemon" + append_bool "$cfg" domainneeded "--domain-needed" + append_bool "$cfg" filterwin2k "--filterwin2k" + append_bool "$cfg" nohosts "--no-hosts" + append_bool "$cfg" nonegcache "--no-negcache" + append_bool "$cfg" strictorder "--strict-order" + append_bool "$cfg" logqueries "--log-queries=extra" + append_bool "$cfg" noresolv "--no-resolv" + append_bool "$cfg" localise_queries "--localise-queries" + append_bool "$cfg" readethers "--read-ethers" + append_bool "$cfg" dbus "--enable-dbus" + append_bool "$cfg" boguspriv "--bogus-priv" + append_bool "$cfg" expandhosts "--expand-hosts" + append_bool "$cfg" enable_tftp "--enable-tftp" + append_bool "$cfg" tftp_no_fail "--tftp-no-fail" + append_bool "$cfg" nonwildcard "--bind-interfaces" + append_bool "$cfg" fqdn "--dhcp-fqdn" + append_bool "$cfg" proxydnssec "--proxy-dnssec" + append_bool "$cfg" localservice "--local-service" + append_bool "$cfg" quietdhcp "--quiet-dhcp" + append_bool "$cfg" sequential_ip "--dhcp-sequential-ip" + + append_parm "$cfg" dhcpscript "--dhcp-script" + append_parm "$cfg" cachesize "--cache-size" + append_parm "$cfg" dnsforwardmax "--dns-forward-max" + append_parm "$cfg" port "--port" + append_parm "$cfg" ednspacket_max "--edns-packet-max" + append_parm "$cfg" dhcpleasemax "--dhcp-lease-max" + append_parm "$cfg" "queryport" "--query-port" + append_parm "$cfg" "domain" "--domain" + append_parm "$cfg" "local" "--server" + config_list_foreach "$cfg" "server" append_server + config_list_foreach "$cfg" "address" append_address + config_list_foreach "$cfg" "ipset" append_ipset + config_list_foreach "$cfg" "interface" append_interface + config_list_foreach "$cfg" "notinterface" append_notinterface + config_list_foreach "$cfg" "addnhosts" append_addnhosts + config_list_foreach "$cfg" "bogusnxdomain" append_bogusnxdomain + append_parm "$cfg" "leasefile" "--dhcp-leasefile" + append_parm "$cfg" "resolvfile" "--resolv-file" + append_parm "$cfg" "serversfile" "--servers-file" + append_parm "$cfg" "tftp_root" "--tftp-root" + append_parm "$cfg" "dhcp_boot" "--dhcp-boot" + append_parm "$cfg" "local_ttl" "--local-ttl" + append_parm "$cfg" "pxe_prompt" "--pxe-prompt" + config_list_foreach "$cfg" "pxe_service" append_pxe_service + config_get DOMAIN "$cfg" domain + + config_get_bool ADD_LOCAL_DOMAIN "$cfg" add_local_domain 1 + config_get_bool ADD_LOCAL_HOSTNAME "$cfg" add_local_hostname 1 + + config_get_bool readethers "$cfg" readethers + [ "$readethers" = "1" -a \! -e "/etc/ethers" ] && touch /etc/ethers + + config_get leasefile $cfg leasefile + [ -n "$leasefile" -a \! -e "$leasefile" ] && touch "$leasefile" + config_get_bool cachelocal "$cfg" cachelocal 1 + + config_get hostsfile "$cfg" dhcphostsfile + [ -e "$hostsfile" ] && xappend "--dhcp-hostsfile=$hostsfile" + + local rebind + config_get_bool rebind "$cfg" rebind_protection 1 + [ $rebind -gt 0 ] && { + log_once \ + "DNS rebinding protection is active," \ + "will discard upstream RFC1918 responses!" + xappend "--stop-dns-rebind" + + local rebind_localhost + config_get_bool rebind_localhost "$cfg" rebind_localhost 0 + [ $rebind_localhost -gt 0 ] && { + log_once "Allowing 127.0.0.0/8 responses" + xappend "--rebind-localhost-ok" + } + + append_rebind_domain() { + log_once "Allowing RFC1918 responses for domain $1" + xappend "--rebind-domain-ok=$1" + } + + config_list_foreach "$cfg" rebind_domain append_rebind_domain + } + + config_get_bool dnssec "$cfg" dnssec 0 + [ "$dnssec" -gt 0 ] && { + xappend "--conf-file=$TRUSTANCHORSFILE" + xappend "--dnssec" + xappend "--dnssec-timestamp=$TIMESTAMPFILE" + append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned" + } + + dhcp_option_add "$cfg" "" 0 + + xappend "--dhcp-broadcast=tag:needs-broadcast" + + mkdir -p /tmp/hosts /tmp/dnsmasq.d + xappend "--addn-hosts=/tmp/hosts" + xappend "--conf-dir=/tmp/dnsmasq.d" + + echo >> $CONFIGFILE +} + +dhcp_subscrid_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get subscriberid "$cfg" subscriberid + [ -n "$subscriberid" ] || return 0 + + xappend "--dhcp-subscrid=$networkid,$subscriberid" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + +dhcp_remoteid_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get remoteid "$cfg" remoteid + [ -n "$remoteid" ] || return 0 + + xappend "--dhcp-remoteid=$networkid,$remoteid" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + +dhcp_circuitid_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get circuitid "$cfg" circuitid + [ -n "$circuitid" ] || return 0 + + xappend "--dhcp-circuitid=$networkid,$circuitid" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + +dhcp_userclass_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get userclass "$cfg" userclass + [ -n "$userclass" ] || return 0 + + xappend "--dhcp-userclass=$networkid,$userclass" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + +dhcp_vendorclass_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get vendorclass "$cfg" vendorclass + [ -n "$vendorclass" ] || return 0 + + xappend "--dhcp-vendorclass=$networkid,$vendorclass" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + +dhcp_host_add() { + local cfg="$1" + + config_get_bool force "$cfg" force 0 + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] && dhcp_option_add "$cfg" "$networkid" "$force" + + config_get name "$cfg" name + config_get ip "$cfg" ip + [ -n "$ip" -o -n "$name" ] || return 0 + + config_get_bool dns "$cfg" dns 0 + [ "$dns" = "1" -a -n "$ip" -a -n "$name" ] && { + echo "$ip $name${DOMAIN:+.$DOMAIN}" >> $HOSTFILE + } + + config_get mac "$cfg" mac + if [ -n "$mac" ]; then + # --dhcp-host=00:20:e0:3b:13:af,192.168.0.199,lap + macs="" + for m in $mac; do append macs "$m" ","; done + else + # --dhcp-host=lap,192.168.0.199 + [ -n "$name" ] || return 0 + macs="$name" + name="" + fi + + config_get tag "$cfg" tag + + config_get_bool broadcast "$cfg" broadcast 0 + [ "$broadcast" = "0" ] && broadcast= + + xappend "--dhcp-host=$macs${networkid:+,net:$networkid}${broadcast:+,set:needs-broadcast}${tag:+,set:$tag}${ip:+,$ip}${name:+,$name}" +} + +dhcp_tag_add() { + local cfg="$1" + + tag="$cfg" + + [ -n "$tag" ] || return 0 + + config_get_bool force "$cfg" force 0 + [ "$force" = "0" ] && force= + + config_get option "$cfg" dhcp_option + for o in $option; do + xappend "--dhcp-option${force:+-force}=tag:$tag,$o" + done +} + +dhcp_mac_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get mac "$cfg" mac + [ -n "$mac" ] || return 0 + + xappend "--dhcp-mac=$networkid,$mac" + + dhcp_option_add "$cfg" "$networkid" +} + +dhcp_boot_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + + config_get filename "$cfg" filename + [ -n "$filename" ] || return 0 + + config_get servername "$cfg" servername + config_get serveraddress "$cfg" serveraddress + + [ -n "$serveraddress" -a ! -n "$servername" ] && return 0 + + xappend "--dhcp-boot=${networkid:+net:$networkid,}${filename}${servername:+,$servername}${serveraddress:+,$serveraddress}" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + + +dhcp_add() { + local cfg="$1" + config_get net "$cfg" interface + [ -n "$net" ] || return 0 + + config_get dhcpv4 "$cfg" dhcpv4 + [ "$dhcpv4" != "disabled" ] || return 0 + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || networkid="$net" + + network_get_subnet subnet "$net" || return 0 + network_get_device ifname "$net" || return 0 + network_get_protocol proto "$net" || return 0 + + [ "$cachelocal" = "0" ] && network_get_dnsserver dnsserver "$net" && { + DNS_SERVERS="$DNS_SERVERS $dnsserver" + } + + append_bool "$cfg" ignore "--no-dhcp-interface=$ifname" && return 0 + + # Do not support non-static interfaces for now + [ static = "$proto" ] || return 0 + + # Override interface netmask with dhcp config if applicable + config_get netmask "$cfg" netmask "${subnet##*/}" + + #check for an already active dhcp server on the interface, unless 'force' is set + config_get_bool force "$cfg" force 0 + [ $force -gt 0 ] || dhcp_check "$ifname" || return 0 + + config_get start "$cfg" start + config_get limit "$cfg" limit + config_get leasetime "$cfg" leasetime + config_get options "$cfg" options + config_get_bool dynamicdhcp "$cfg" dynamicdhcp 1 + + leasetime="${leasetime:-12h}" + start="$(dhcp_calc "${start:-100}")" + limit="${limit:-150}" + [ "$limit" -gt 0 ] && limit=$((limit-1)) + eval "$(ipcalc.sh "${subnet%%/*}" $netmask $start $limit)" + if [ "$dynamicdhcp" = "0" ]; then END="static"; fi + xappend "--dhcp-range=$networkid,$START,$END,$NETMASK,$leasetime${options:+ $options}" + + dhcp_option_add "$cfg" "$networkid" +} + +dhcp_option_add() { + local cfg="$1" + local networkid="$2" + local force="$3" + + [ "$force" = "0" ] && force= + + config_get dhcp_option "$cfg" dhcp_option + for o in $dhcp_option; do + xappend "--dhcp-option${force:+-force}=${networkid:+$networkid,}$o" + done + +} + +dhcp_domain_add() { + local cfg="$1" + local ip name names record + + config_get names "$cfg" name "$2" + [ -n "$names" ] || return 0 + + config_get ip "$cfg" ip "$3" + [ -n "$ip" ] || return 0 + + for name in $names; do + record="${record:+$record }$name" + done + + echo "$ip $record" >> $HOSTFILE +} + +dhcp_srv_add() { + local cfg="$1" + + config_get srv "$cfg" srv + [ -n "$srv" ] || return 0 + + config_get target "$cfg" target + [ -n "$target" ] || return 0 + + config_get port "$cfg" port + [ -n "$port" ] || return 0 + + config_get class "$cfg" class + config_get weight "$cfg" weight + + local service="$srv,$target,$port${class:+,$class${weight:+,$weight}}" + + xappend "--srv-host=$service" +} + +dhcp_mx_add() { + local cfg="$1" + local domain relay pref + + config_get domain "$cfg" domain + [ -n "$domain" ] || return 0 + + config_get relay "$cfg" relay + [ -n "$relay" ] || return 0 + + config_get pref "$cfg" pref 0 + + local service="$domain,$relay,$pref" + + xappend "--mx-host=$service" +} + +dhcp_cname_add() { + local cfg="$1" + local cname target + + config_get cname "$cfg" cname + [ -n "$cname" ] || return 0 + + config_get target "$cfg" target + [ -n "$target" ] || return 0 + + xappend "--cname=${cname},${target}" +} + +dhcp_hostrecord_add() { + local cfg="$1" + local names addresses record val + + config_get names "$cfg" name "$2" + if [ -z "$names" ]; then + return 0 + fi + + config_get addresses "$cfg" ip "$3" + if [ -z "$addresses" ]; then + return 0 + fi + + for val in $names $addresses; do + record="${record:+$record,}$val" + done + + xappend "--host-record=$record" +} + +service_triggers() +{ + procd_add_reload_trigger "dhcp" +} + +boot() { + # Will be launched through hotplug + return 0 +} + +start_service() { + include /lib/functions + + config_load dhcp + + procd_open_instance + procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq.pid + procd_set_param file $CONFIGFILE + procd_set_param respawn + + procd_add_jail dnsmasq ubus log + procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE /etc/passwd /etc/group /etc/TZ /dev/null /dev/urandom /etc/dnsmasq.conf /tmp/dnsmasq.d /tmp/resolv.conf.auto /etc/hosts /etc/ethers + procd_add_jail_mount_rw /var/run/dnsmasq/ /tmp/dhcp.leases $TIMESTAMPFILE + + procd_close_instance + + # before we can call xappend + mkdir -p /var/run/dnsmasq/ + mkdir -p $(dirname $CONFIGFILE) + mkdir -p /var/lib/misc + touch /tmp/dhcp.leases + + if [ ! -f "$TIMESTAMPFILE" ]; then + touch "$TIMESTAMPFILE" + chown nobody.nogroup "$TIMESTAMPFILE" + fi + + echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE + echo "# auto-generated config file from /etc/config/dhcp" > $HOSTFILE + + # if we did this last, we could override auto-generated config + [ -f /etc/dnsmasq.conf ] && { + xappend "--conf-file=/etc/dnsmasq.conf" + } + + args="" + config_foreach dnsmasq dnsmasq + config_foreach dhcp_host_add host + echo >> $CONFIGFILE + config_foreach dhcp_boot_add boot + config_foreach dhcp_mac_add mac + config_foreach dhcp_tag_add tag + config_foreach dhcp_vendorclass_add vendorclass + config_foreach dhcp_userclass_add userclass + config_foreach dhcp_circuitid_add circuitid + config_foreach dhcp_remoteid_add remoteid + config_foreach dhcp_subscrid_add subscrid + config_foreach dhcp_domain_add domain + config_foreach dhcp_hostrecord_add hostrecord + + # add own hostname + local lanaddr + [ $ADD_LOCAL_HOSTNAME -eq 1 ] && network_get_ipaddr lanaddr "lan" && { + local hostname="$(uci_get system @system[0] hostname OpenWrt)" + dhcp_domain_add "" "$hostname" "$lanaddr" + } + + echo >> $CONFIGFILE + config_foreach dhcp_srv_add srvhost + config_foreach dhcp_mx_add mxhost + echo >> $CONFIGFILE + + config_get odhcpd_is_active odhcpd maindhcp + if [ "$odhcpd_is_active" != "1" ]; then + config_foreach dhcp_add dhcp + fi + + echo >> $CONFIGFILE + config_foreach dhcp_cname_add cname + echo >> $CONFIGFILE + + rm -f /tmp/resolv.conf + [ $ADD_LOCAL_DOMAIN -eq 1 ] && [ -n "$DOMAIN" ] && { + echo "search $DOMAIN" >> /tmp/resolv.conf + } + DNS_SERVERS="$DNS_SERVERS 127.0.0.1" + for DNS_SERVER in $DNS_SERVERS ; do + echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf + done +} + +reload_service() { + rc_procd start_service "$@" + return 0 +} + +stop_service() { + [ -f /tmp/resolv.conf ] && { + rm -f /tmp/resolv.conf + ln -s /tmp/resolv.conf.auto /tmp/resolv.conf + } + rm -f /var/run/dnsmasq.*.dhcp +} diff --git a/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch new file mode 100644 index 0000000..f5b5ca0 --- /dev/null +++ b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch @@ -0,0 +1,47 @@ +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -146,7 +146,7 @@ void dhcp_packet(time_t now, int pxe_fd) + struct iovec iov; + ssize_t sz; + int iface_index = 0, unicast_dest = 0, is_inform = 0; +- struct in_addr iface_addr; ++ struct in_addr iface_addr, *addrp = NULL; + struct iface_param parm; + #ifdef HAVE_LINUX_NETWORK + struct arpreq arp_req; +@@ -275,11 +275,9 @@ void dhcp_packet(time_t now, int pxe_fd) + { + ifr.ifr_addr.sa_family = AF_INET; + if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 ) +- iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; +- else + { +- my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); +- return; ++ addrp = &iface_addr; ++ iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; + } + + for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) +@@ -298,7 +296,7 @@ void dhcp_packet(time_t now, int pxe_fd) + parm.relay_local.s_addr = 0; + parm.ind = iface_index; + +- if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL)) ++ if (!iface_check(AF_INET, (struct all_addr *)addrp, ifr.ifr_name, NULL)) + { + /* If we failed to match the primary address of the interface, see if we've got a --listen-address + for a secondary */ +@@ -318,6 +316,12 @@ void dhcp_packet(time_t now, int pxe_fd) + complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm); + } + ++ if (!addrp) ++ { ++ my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); ++ return; ++ } ++ + if (!iface_enumerate(AF_INET, &parm, complete_context)) + return; + diff --git a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch new file mode 100644 index 0000000..61b09d5 --- /dev/null +++ b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch @@ -0,0 +1,110 @@ +--- a/src/ipset.c ++++ b/src/ipset.c +@@ -22,7 +22,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -72,7 +71,7 @@ struct my_nfgenmsg { + + #define NL_ALIGN(len) (((len)+3) & ~(3)) + static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK }; +-static int ipset_sock, old_kernel; ++static int ipset_sock; + static char *buffer; + + static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data) +@@ -87,25 +86,7 @@ static inline void add_attr(struct nlmsg + + void ipset_init(void) + { +- struct utsname utsname; +- int version; +- char *split; +- +- if (uname(&utsname) < 0) +- die(_("failed to find kernel version: %s"), NULL, EC_MISC); +- +- split = strtok(utsname.release, "."); +- version = (split ? atoi(split) : 0); +- split = strtok(NULL, "."); +- version = version * 256 + (split ? atoi(split) : 0); +- split = strtok(NULL, "."); +- version = version * 256 + (split ? atoi(split) : 0); +- old_kernel = (version < KERNEL_VERSION(2,6,32)); +- +- if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1) +- return; +- +- if (!old_kernel && ++ if ( + (buffer = safe_malloc(BUFF_SZ)) && + (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 && + (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1)) +@@ -168,62 +149,16 @@ static int new_add_to_ipset(const char * + } + + +-static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove) +-{ +- socklen_t size; +- struct ip_set_req_adt_get { +- unsigned op; +- unsigned version; +- union { +- char name[IPSET_MAXNAMELEN]; +- uint16_t index; +- } set; +- char typename[IPSET_MAXNAMELEN]; +- } req_adt_get; +- struct ip_set_req_adt { +- unsigned op; +- uint16_t index; +- uint32_t ip; +- } req_adt; +- +- if (strlen(setname) >= sizeof(req_adt_get.set.name)) +- { +- errno = ENAMETOOLONG; +- return -1; +- } +- +- req_adt_get.op = 0x10; +- req_adt_get.version = 3; +- strcpy(req_adt_get.set.name, setname); +- size = sizeof(req_adt_get); +- if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0) +- return -1; +- req_adt.op = remove ? 0x102 : 0x101; +- req_adt.index = req_adt_get.set.index; +- req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr); +- if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0) +- return -1; +- +- return 0; +-} +- +- +- + int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove) + { + int af = AF_INET; + + #ifdef HAVE_IPV6 + if (flags & F_IPV6) +- { + af = AF_INET6; +- /* old method only supports IPv4 */ +- if (old_kernel) +- return -1; +- } + #endif + +- return old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); ++ return new_add_to_ipset(setname, ipaddr, af, remove); + } + + #endif diff --git a/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch new file mode 100644 index 0000000..81fbf18 --- /dev/null +++ b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch @@ -0,0 +1,47 @@ +From 79e60e145f8a595bca5a784c00b437216d51de68 Mon Sep 17 00:00:00 2001 +From: Steven Barth +Date: Mon, 13 Apr 2015 09:45:20 +0200 +Subject: [PATCH] dnssec: improve timestamp heuristic + +Signed-off-by: Steven Barth +--- + src/dnssec.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -429,17 +429,24 @@ static time_t timestamp_time; + int setup_timestamp(void) + { + struct stat statbuf; ++ time_t now; ++ time_t base = 1420070400; /* 1-1-2015 */ + + daemon->back_to_the_future = 0; + + if (!daemon->timestamp_file) + return 0; ++ ++ now = time(NULL); ++ ++ if (!stat("/proc/self/exe", &statbuf) && difftime(statbuf.st_mtime, base) > 0) ++ base = statbuf.st_mtime; + + if (stat(daemon->timestamp_file, &statbuf) != -1) + { + timestamp_time = statbuf.st_mtime; + check_and_exit: +- if (difftime(timestamp_time, time(0)) <= 0) ++ if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0) + { + /* time already OK, update timestamp, and do key checking from the start. */ + if (utime(daemon->timestamp_file, NULL) == -1) +@@ -460,7 +467,7 @@ int setup_timestamp(void) + + close(fd); + +- timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */ ++ timestamp_time = timbuf.actime = timbuf.modtime = base; + if (utime(daemon->timestamp_file, &timbuf) == 0) + goto check_and_exit; + } -- cgit v1.2.3