diff options
author | Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | 2019-03-09 08:40:57 +0000 |
---|---|---|
committer | Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | 2020-03-04 20:44:23 +0000 |
commit | 3251ac8f2d3de29af2a1584f427246ea702fdbd9 (patch) | |
tree | 6c00b1db0a44edb920cb8a1ba33e3538944981b6 | |
parent | 633c5137df86e782759e0d88c0facfb2d3f0c424 (diff) | |
download | upstream-3251ac8f2d3de29af2a1584f427246ea702fdbd9.tar.gz upstream-3251ac8f2d3de29af2a1584f427246ea702fdbd9.tar.bz2 upstream-3251ac8f2d3de29af2a1584f427246ea702fdbd9.zip |
dnsmasq: bump to v2.81rc1
1st release candidate for v2.81 after 18 months.
Refresh patches & remove all upstreamed leaving:
110-ipset-remove-old-kernel-support.patch
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
35 files changed, 5 insertions, 8841 deletions
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 7d690af36d..b6d7071ab0 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_UPSTREAM_VERSION:=2.80 +PKG_UPSTREAM_VERSION:=2.81rc1 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION))) -PKG_RELEASE:=18 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz -PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq -PKG_HASH:=cdaba2785e92665cf090646cba6f94812760b9d7d8c8d0cfb07ac819377a63bb +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates +PKG_HASH:=47afc967fb3d673d1700ebfa2192ab1436197fa6e135e335f0d0ef17cdb2f0fc PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING @@ -130,7 +130,7 @@ Package/dnsmasq-full/conffiles = $(Package/dnsmasq/conffiles) TARGET_CFLAGS += -flto TARGET_LDFLAGS += -flto=jobserver -COPTS = -DHAVE_UBUS \ +COPTS = -DHAVE_UBUS -DHAVE_POLL_H \ $(if $(CONFIG_IPV6),,-DNO_IPV6) ifeq ($(BUILD_VARIANT),nodhcpv6) diff --git a/package/network/services/dnsmasq/patches/0001-Impove-cache-behaviour-for-TCP-connections.patch b/package/network/services/dnsmasq/patches/0001-Impove-cache-behaviour-for-TCP-connections.patch deleted file mode 100644 index c801f258b3..0000000000 --- a/package/network/services/dnsmasq/patches/0001-Impove-cache-behaviour-for-TCP-connections.patch +++ /dev/null @@ -1,495 +0,0 @@ -From a799ca0c6314ad73a97bc6c89382d2712a9c0b0e Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Thu, 18 Oct 2018 19:35:29 +0100 -Subject: [PATCH 01/32] Impove cache behaviour for TCP connections. - -For ease of implementaion, dnsmasq has always forked a new process to -handle each incoming TCP connection. A side-effect of this is that any -DNS queries answered from TCP connections are not cached: when TCP -connections were rare, this was not a problem. With the coming of -DNSSEC, it's now the case that some DNSSEC queries have answers which -spill to TCP, and if, for instance, this applies to the keys for the -root then those never get cached, and performance is very bad. This -fix passes cache entries back from the TCP child process to the main -server process, and fixes the problem. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - CHANGELOG | 14 ++++ - src/blockdata.c | 37 ++++++++- - src/cache.c | 196 ++++++++++++++++++++++++++++++++++++++++++++++-- - src/dnsmasq.c | 58 ++++++++++++-- - src/dnsmasq.h | 5 ++ - 5 files changed, 291 insertions(+), 19 deletions(-) - ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -1,3 +1,17 @@ -+version 2.81 -+ Impove cache behaviour for TCP connections. For ease of -+ implementaion, dnsmasq has always forked a new process to handle -+ each incoming TCP connection. A side-effect of this is that -+ any DNS queries answered from TCP connections are not cached: -+ when TCP connections were rare, this was not a problem. -+ With the coming of DNSSEC, it's now the case that some -+ DNSSEC queries have answers which spill to TCP, and if, -+ for instance, this applies to the keys for the root then -+ those never get cached, and performance is very bad. -+ This fix passes cache entries back from the TCP child process to -+ the main server process, and fixes the problem. -+ -+ - version 2.80 - Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method - for the initial patch and motivation. ---- a/src/blockdata.c -+++ b/src/blockdata.c -@@ -61,7 +61,7 @@ void blockdata_report(void) - blockdata_alloced * sizeof(struct blockdata)); - } - --struct blockdata *blockdata_alloc(char *data, size_t len) -+static struct blockdata *blockdata_alloc_real(int fd, char *data, size_t len) - { - struct blockdata *block, *ret = NULL; - struct blockdata **prev = &ret; -@@ -89,8 +89,17 @@ struct blockdata *blockdata_alloc(char * - blockdata_hwm = blockdata_count; - - blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len; -- memcpy(block->key, data, blen); -- data += blen; -+ if (data) -+ { -+ memcpy(block->key, data, blen); -+ data += blen; -+ } -+ else if (!read_write(fd, block->key, blen, 1)) -+ { -+ /* failed read free partial chain */ -+ blockdata_free(ret); -+ return NULL; -+ } - len -= blen; - *prev = block; - prev = &block->next; -@@ -100,6 +109,10 @@ struct blockdata *blockdata_alloc(char * - return ret; - } - -+struct blockdata *blockdata_alloc(char *data, size_t len) -+{ -+ return blockdata_alloc_real(0, data, len); -+} - - void blockdata_free(struct blockdata *blocks) - { -@@ -148,5 +161,21 @@ void *blockdata_retrieve(struct blockdat - - return data; - } -- -+ -+ -+void blockdata_write(struct blockdata *block, size_t len, int fd) -+{ -+ for (; len > 0 && block; block = block->next) -+ { -+ size_t blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len; -+ read_write(fd, block->key, blen, 0); -+ len -= blen; -+ } -+} -+ -+struct blockdata *blockdata_read(int fd, size_t len) -+{ -+ return blockdata_alloc_real(fd, NULL, len); -+} -+ - #endif ---- a/src/cache.c -+++ b/src/cache.c -@@ -26,6 +26,8 @@ static union bigname *big_free = NULL; - static int bignames_left, hash_size; - - static void make_non_terminals(struct crec *source); -+static struct crec *really_insert(char *name, struct all_addr *addr, -+ time_t now, unsigned long ttl, unsigned short flags); - - /* type->string mapping: this is also used by the name-hash function as a mixing table. */ - static const struct { -@@ -464,16 +466,10 @@ void cache_start_insert(void) - new_chain = NULL; - insert_error = 0; - } -- -+ - struct crec *cache_insert(char *name, struct all_addr *addr, - time_t now, unsigned long ttl, unsigned short flags) - { -- struct crec *new, *target_crec = NULL; -- union bigname *big_name = NULL; -- int freed_all = flags & F_REVERSE; -- int free_avail = 0; -- unsigned int target_uid; -- - /* Don't log DNSSEC records here, done elsewhere */ - if (flags & (F_IPV4 | F_IPV6 | F_CNAME)) - { -@@ -484,7 +480,20 @@ struct crec *cache_insert(char *name, st - if (daemon->min_cache_ttl != 0 && daemon->min_cache_ttl > ttl) - ttl = daemon->min_cache_ttl; - } -+ -+ return really_insert(name, addr, now, ttl, flags); -+} - -+ -+static struct crec *really_insert(char *name, struct all_addr *addr, -+ time_t now, unsigned long ttl, unsigned short flags) -+{ -+ struct crec *new, *target_crec = NULL; -+ union bigname *big_name = NULL; -+ int freed_all = flags & F_REVERSE; -+ int free_avail = 0; -+ unsigned int target_uid; -+ - /* if previous insertion failed give up now. */ - if (insert_error) - return NULL; -@@ -645,12 +654,185 @@ void cache_end_insert(void) - cache_hash(new_chain); - cache_link(new_chain); - daemon->metrics[METRIC_DNS_CACHE_INSERTED]++; -+ -+ /* If we're a child process, send this cache entry up the pipe to the master. -+ The marshalling process is rather nasty. */ -+ if (daemon->pipe_to_parent != -1) -+ { -+ char *name = cache_get_name(new_chain); -+ ssize_t m = strlen(name); -+ unsigned short flags = new_chain->flags; -+#ifdef HAVE_DNSSEC -+ u16 class = new_chain->uid; -+#endif -+ -+ read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0); -+ read_write(daemon->pipe_to_parent, (unsigned char *)name, m, 0); -+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->ttd, sizeof(new_chain->ttd), 0); -+ read_write(daemon->pipe_to_parent, (unsigned char *)&flags, sizeof(flags), 0); -+ -+ if (flags & (F_IPV4 | F_IPV6)) -+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); -+#ifdef HAVE_DNSSEC -+ else if (flags & F_DNSKEY) -+ { -+ read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); -+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.algo, sizeof(new_chain->addr.key.algo), 0); -+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keytag, sizeof(new_chain->addr.key.keytag), 0); -+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.flags, sizeof(new_chain->addr.key.flags), 0); -+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keylen, sizeof(new_chain->addr.key.keylen), 0); -+ blockdata_write(new_chain->addr.key.keydata, new_chain->addr.key.keylen, daemon->pipe_to_parent); -+ } -+ else if (flags & F_DS) -+ { -+ read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); -+ /* A negative DS entry is possible and has no data, obviously. */ -+ if (!(flags & F_NEG)) -+ { -+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.algo, sizeof(new_chain->addr.ds.algo), 0); -+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keytag, sizeof(new_chain->addr.ds.keytag), 0); -+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.digest, sizeof(new_chain->addr.ds.digest), 0); -+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keylen, sizeof(new_chain->addr.ds.keylen), 0); -+ blockdata_write(new_chain->addr.ds.keydata, new_chain->addr.ds.keylen, daemon->pipe_to_parent); -+ } -+ } -+#endif -+ -+ } - } -+ - new_chain = tmp; - } -+ -+ /* signal end of cache insert in master process */ -+ if (daemon->pipe_to_parent != -1) -+ { -+ ssize_t m = -1; -+ read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0); -+ } -+ - new_chain = NULL; - } - -+ -+/* A marshalled cache entry arrives on fd, read, unmarshall and insert into cache of master process. */ -+int cache_recv_insert(time_t now, int fd) -+{ -+ ssize_t m; -+ struct all_addr addr; -+ unsigned long ttl; -+ time_t ttd; -+ unsigned short flags; -+ struct crec *crecp = NULL; -+ -+ cache_start_insert(); -+ -+ while(1) -+ { -+ -+ if (!read_write(fd, (unsigned char *)&m, sizeof(m), 1)) -+ return 0; -+ -+ if (m == -1) -+ { -+ cache_end_insert(); -+ return 1; -+ } -+ -+ if (!read_write(fd, (unsigned char *)daemon->namebuff, m, 1) || -+ !read_write(fd, (unsigned char *)&ttd, sizeof(ttd), 1) || -+ !read_write(fd, (unsigned char *)&flags, sizeof(flags), 1)) -+ return 0; -+ -+ daemon->namebuff[m] = 0; -+ -+ ttl = difftime(ttd, now); -+ -+ if (flags & (F_IPV4 | F_IPV6)) -+ { -+ if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) -+ return 0; -+ crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags); -+ } -+ else if (flags & F_CNAME) -+ { -+ struct crec *newc = really_insert(daemon->namebuff, NULL, now, ttl, flags); -+ /* This relies on the fact the the target of a CNAME immediately preceeds -+ it because of the order of extraction in extract_addresses, and -+ the order reversal on the new_chain. */ -+ if (newc) -+ { -+ if (!crecp) -+ { -+ newc->addr.cname.target.cache = NULL; -+ /* anything other than zero, to avoid being mistaken for CNAME to interface-name */ -+ newc->addr.cname.uid = 1; -+ } -+ else -+ { -+ next_uid(crecp); -+ newc->addr.cname.target.cache = crecp; -+ newc->addr.cname.uid = crecp->uid; -+ } -+ } -+ } -+#ifdef HAVE_DNSSEC -+ else if (flags & (F_DNSKEY | F_DS)) -+ { -+ unsigned short class, keylen, keyflags, keytag; -+ unsigned char algo, digest; -+ struct blockdata *keydata; -+ -+ if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1)) -+ return 0; -+ /* Cache needs to known class for DNSSEC stuff */ -+ addr.addr.dnssec.class = class; -+ -+ crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags); -+ -+ if (flags & F_DNSKEY) -+ { -+ if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) || -+ !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) || -+ !read_write(fd, (unsigned char *)&keyflags, sizeof(keyflags), 1) || -+ !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) || -+ !(keydata = blockdata_read(fd, keylen))) -+ return 0; -+ } -+ else if (!(flags & F_NEG)) -+ { -+ if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) || -+ !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) || -+ !read_write(fd, (unsigned char *)&digest, sizeof(digest), 1) || -+ !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) || -+ !(keydata = blockdata_read(fd, keylen))) -+ return 0; -+ } -+ -+ if (crecp) -+ { -+ if (flags & F_DNSKEY) -+ { -+ crecp->addr.key.algo = algo; -+ crecp->addr.key.keytag = keytag; -+ crecp->addr.key.flags = flags; -+ crecp->addr.key.keylen = keylen; -+ crecp->addr.key.keydata = keydata; -+ } -+ else if (!(flags & F_NEG)) -+ { -+ crecp->addr.ds.algo = algo; -+ crecp->addr.ds.keytag = keytag; -+ crecp->addr.ds.digest = digest; -+ crecp->addr.ds.keylen = keylen; -+ crecp->addr.ds.keydata = keydata; -+ } -+ } -+ } -+#endif -+ } -+} -+ - int cache_find_non_terminal(char *name, time_t now) - { - struct crec *crecp; ---- a/src/dnsmasq.c -+++ b/src/dnsmasq.c -@@ -930,6 +930,10 @@ int main (int argc, char **argv) - check_servers(); - - pid = getpid(); -+ -+ daemon->pipe_to_parent = -1; -+ for (i = 0; i < MAX_PROCS; i++) -+ daemon->tcp_pipes[i] = -1; - - #ifdef HAVE_INOTIFY - /* Using inotify, have to select a resolv file at startup */ -@@ -1611,7 +1615,7 @@ static int set_dns_listeners(time_t now) - we don't need to explicitly arrange to wake up here */ - if (listener->tcpfd != -1) - for (i = 0; i < MAX_PROCS; i++) -- if (daemon->tcp_pids[i] == 0) -+ if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1) - { - poll_listen(listener->tcpfd, POLLIN); - break; -@@ -1624,6 +1628,13 @@ static int set_dns_listeners(time_t now) - - } - -+#ifndef NO_FORK -+ if (!option_bool(OPT_DEBUG)) -+ for (i = 0; i < MAX_PROCS; i++) -+ if (daemon->tcp_pipes[i] != -1) -+ poll_listen(daemon->tcp_pipes[i], POLLIN); -+#endif -+ - return wait; - } - -@@ -1632,7 +1643,10 @@ static void check_dns_listeners(time_t n - struct serverfd *serverfdp; - struct listener *listener; - int i; -- -+#ifndef NO_FORK -+ int pipefd[2]; -+#endif -+ - for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) - if (poll_check(serverfdp->fd, POLLIN)) - reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now); -@@ -1642,7 +1656,26 @@ static void check_dns_listeners(time_t n - if (daemon->randomsocks[i].refcount != 0 && - poll_check(daemon->randomsocks[i].fd, POLLIN)) - reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now); -- -+ -+#ifndef NO_FORK -+ /* Races. The child process can die before we read all of the data from the -+ pipe, or vice versa. Therefore send tcp_pids to zero when we wait() the -+ process, and tcp_pipes to -1 and close the FD when we read the last -+ of the data - indicated by cache_recv_insert returning zero. -+ The order of these events is indeterminate, and both are needed -+ to free the process slot. Once the child process has gone, poll() -+ returns POLLHUP, not POLLIN, so have to check for both here. */ -+ if (!option_bool(OPT_DEBUG)) -+ for (i = 0; i < MAX_PROCS; i++) -+ if (daemon->tcp_pipes[i] != -1 && -+ poll_check(daemon->tcp_pipes[i], POLLIN | POLLHUP) && -+ !cache_recv_insert(now, daemon->tcp_pipes[i])) -+ { -+ close(daemon->tcp_pipes[i]); -+ daemon->tcp_pipes[i] = -1; -+ } -+#endif -+ - for (listener = daemon->listeners; listener; listener = listener->next) - { - if (listener->fd != -1 && poll_check(listener->fd, POLLIN)) -@@ -1736,15 +1769,20 @@ static void check_dns_listeners(time_t n - while (retry_send(close(confd))); - } - #ifndef NO_FORK -- else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0) -+ else if (!option_bool(OPT_DEBUG) && pipe(pipefd) == 0 && (p = fork()) != 0) - { -- if (p != -1) -+ close(pipefd[1]); /* parent needs read pipe end. */ -+ if (p == -1) -+ close(pipefd[0]); -+ else - { - int i; -+ - for (i = 0; i < MAX_PROCS; i++) -- if (daemon->tcp_pids[i] == 0) -+ if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1) - { - daemon->tcp_pids[i] = p; -+ daemon->tcp_pipes[i] = pipefd[0]; - break; - } - } -@@ -1761,7 +1799,7 @@ static void check_dns_listeners(time_t n - int flags; - struct in_addr netmask; - int auth_dns; -- -+ - if (iface) - { - netmask = iface->netmask; -@@ -1777,7 +1815,11 @@ static void check_dns_listeners(time_t n - /* Arrange for SIGALRM after CHILD_LIFETIME seconds to - terminate the process. */ - if (!option_bool(OPT_DEBUG)) -- alarm(CHILD_LIFETIME); -+ { -+ alarm(CHILD_LIFETIME); -+ close(pipefd[0]); /* close read end in child. */ -+ daemon->pipe_to_parent = pipefd[1]; -+ } - #endif - - /* start with no upstream connections. */ ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -1091,6 +1091,8 @@ extern struct daemon { - size_t packet_len; /* " " */ - struct randfd *rfd_save; /* " " */ - pid_t tcp_pids[MAX_PROCS]; -+ int tcp_pipes[MAX_PROCS]; -+ int pipe_to_parent; - struct randfd randomsocks[RANDOM_SOCKS]; - int v6pktinfo; - struct addrlist *interface_addrs; /* list of all addresses/prefix lengths associated with all local interfaces */ -@@ -1152,6 +1154,7 @@ struct crec *cache_find_by_name(struct c - char *name, time_t now, unsigned int prot); - void cache_end_insert(void); - void cache_start_insert(void); -+int cache_recv_insert(time_t now, int fd); - struct crec *cache_insert(char *name, struct all_addr *addr, - time_t now, unsigned long ttl, unsigned short flags); - void cache_reload(void); -@@ -1174,6 +1177,8 @@ void blockdata_init(void); - void blockdata_report(void); - struct blockdata *blockdata_alloc(char *data, size_t len); - void *blockdata_retrieve(struct blockdata *block, size_t len, void *data); -+struct blockdata *blockdata_read(int fd, size_t len); -+void blockdata_write(struct blockdata *block, size_t len, int fd); - void blockdata_free(struct blockdata *blocks); - #endif - diff --git a/package/network/services/dnsmasq/patches/0002-Ensure-that-AD-bit-is-reset-on-answers-from-address-.patch b/package/network/services/dnsmasq/patches/0002-Ensure-that-AD-bit-is-reset-on-answers-from-address-.patch deleted file mode 100644 index 0a115fe0be..0000000000 --- a/package/network/services/dnsmasq/patches/0002-Ensure-that-AD-bit-is-reset-on-answers-from-address-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From a220545c4277cba534be5ef4638b5076fc7d2cf4 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Mon, 22 Oct 2018 18:21:48 +0100 -Subject: [PATCH 02/32] Ensure that AD bit is reset on answers from - --address=/<domain>/<address>. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/rfc1035.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -938,9 +938,9 @@ size_t setup_reply(struct dns_header *he - return 0; - - /* clear authoritative and truncated flags, set QR flag */ -- header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; -- /* set RA flag */ -- header->hb4 |= HB4_RA; -+ header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC )) | HB3_QR; -+ /* clear AD flag, set RA flag */ -+ header->hb4 = (header->hb4 & ~HB4_AD) | HB4_RA; - - header->nscount = htons(0); - header->arcount = htons(0); diff --git a/package/network/services/dnsmasq/patches/0003-Remove-ability-to-compile-without-IPv6-support.patch b/package/network/services/dnsmasq/patches/0003-Remove-ability-to-compile-without-IPv6-support.patch deleted file mode 100644 index 527a38d249..0000000000 --- a/package/network/services/dnsmasq/patches/0003-Remove-ability-to-compile-without-IPv6-support.patch +++ /dev/null @@ -1,2192 +0,0 @@ -From ee8750451b49d27b180517a4e35b636be0fae575 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Tue, 23 Oct 2018 22:10:17 +0100 -Subject: [PATCH 03/32] Remove ability to compile without IPv6 support. - -This was the source of a large number of #ifdefs, originally -included for use with old embedded libc versions. I'm -sure no-one wants or needs IPv6-free code these days, so this -is a move towards more maintainable code. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/arp.c | 13 ---------- - src/auth.c | 53 ++++++++++---------------------------- - src/bpf.c | 10 ++------ - src/cache.c | 31 ++++------------------ - src/config.h | 30 +++------------------- - src/conntrack.c | 2 -- - src/dbus.c | 4 --- - src/dnsmasq.c | 6 ++--- - src/dnsmasq.h | 20 ++------------- - src/domain.c | 28 +++----------------- - src/dump.c | 4 --- - src/edns0.c | 14 +--------- - src/forward.c | 68 ++++--------------------------------------------- - src/helper.c | 8 ------ - src/ipset.c | 9 +------ - src/netlink.c | 5 +--- - src/network.c | 54 +++------------------------------------ - src/option.c | 34 ------------------------- - src/rfc1035.c | 50 +++++++----------------------------- - src/tables.c | 3 +-- - src/tftp.c | 17 ++----------- - src/util.c | 13 +--------- - 22 files changed, 57 insertions(+), 419 deletions(-) - ---- a/src/arp.c -+++ b/src/arp.c -@@ -44,11 +44,6 @@ static int filter_mac(int family, char * - if (maclen > DHCP_CHADDR_MAX) - return 1; - --#ifndef HAVE_IPV6 -- if (family != AF_INET) -- return 1; --#endif -- - /* Look for existing entry */ - for (arp = arps; arp; arp = arp->next) - { -@@ -60,13 +55,11 @@ static int filter_mac(int family, char * - if (arp->addr.addr.addr4.s_addr != ((struct in_addr *)addrp)->s_addr) - continue; - } --#ifdef HAVE_IPV6 - else - { - if (!IN6_ARE_ADDR_EQUAL(&arp->addr.addr.addr6, (struct in6_addr *)addrp)) - continue; - } --#endif - - if (arp->status == ARP_EMPTY) - { -@@ -103,10 +96,8 @@ static int filter_mac(int family, char * - memcpy(arp->hwaddr, mac, maclen); - if (family == AF_INET) - arp->addr.addr.addr4.s_addr = ((struct in_addr *)addrp)->s_addr; --#ifdef HAVE_IPV6 - else - memcpy(&arp->addr.addr.addr6, addrp, IN6ADDRSZ); --#endif - } - - return 1; -@@ -136,11 +127,9 @@ int find_mac(union mysockaddr *addr, uns - arp->addr.addr.addr4.s_addr != addr->in.sin_addr.s_addr) - continue; - --#ifdef HAVE_IPV6 - if (arp->family == AF_INET6 && - !IN6_ARE_ADDR_EQUAL(&arp->addr.addr.addr6, &addr->in6.sin6_addr)) - continue; --#endif - - /* Only accept positive entries unless in lazy mode. */ - if (arp->status != ARP_EMPTY || lazy || updated) -@@ -203,10 +192,8 @@ int find_mac(union mysockaddr *addr, uns - - if (addr->sa.sa_family == AF_INET) - arp->addr.addr.addr4.s_addr = addr->in.sin_addr.s_addr; --#ifdef HAVE_IPV6 - else - memcpy(&arp->addr.addr.addr6, &addr->in6.sin6_addr, IN6ADDRSZ); --#endif - } - - return 0; ---- a/src/auth.c -+++ b/src/auth.c -@@ -33,10 +33,8 @@ static struct addrlist *find_addrlist(st - if (is_same_net(addr, list->addr.addr.addr4, netmask)) - return list; - } --#ifdef HAVE_IPV6 - else if (is_same_net6(&(addr_u->addr.addr6), &list->addr.addr.addr6, list->prefixlen)) - return list; --#endif - - } while ((list = list->next)); - -@@ -189,7 +187,6 @@ size_t answer_auth(struct dns_header *he - while (intr->next && strcmp(intr->intr, intr->next->intr) == 0) - intr = intr->next; - } --#ifdef HAVE_IPV6 - else if (flag == F_IPV6) - for (intr = daemon->int_names; intr; intr = intr->next) - { -@@ -205,7 +202,6 @@ size_t answer_auth(struct dns_header *he - while (intr->next && strcmp(intr->intr, intr->next->intr) == 0) - intr = intr->next; - } --#endif - - if (intr) - { -@@ -378,10 +374,8 @@ size_t answer_auth(struct dns_header *he - if (qtype == T_A) - flag = F_IPV4; - --#ifdef HAVE_IPV6 - if (qtype == T_AAAA) - flag = F_IPV6; --#endif - - for (intr = daemon->int_names; intr; intr = intr->next) - if ((rc = hostname_issubdomain(name, intr->name))) -@@ -395,10 +389,9 @@ size_t answer_auth(struct dns_header *he - if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == qtype && - (local_query || filter_zone(zone, flag, &addrlist->addr))) - { --#ifdef HAVE_IPV6 - if (addrlist->flags & ADDRLIST_REVONLY) - continue; --#endif -+ - found = 1; - log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL); - if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, -@@ -424,13 +417,11 @@ size_t answer_auth(struct dns_header *he - - if (peer_addr->sa.sa_family == AF_INET) - peer_addr->in.sin_port = 0; --#ifdef HAVE_IPV6 - else - { - peer_addr->in6.sin6_port = 0; - peer_addr->in6.sin6_scope_id = 0; - } --#endif - - for (peers = daemon->auth_peers; peers; peers = peers->next) - if (sockaddr_isequal(peer_addr, &peers->addr)) -@@ -442,10 +433,8 @@ size_t answer_auth(struct dns_header *he - { - if (peer_addr->sa.sa_family == AF_INET) - inet_ntop(AF_INET, &peer_addr->in.sin_addr, daemon->addrbuff, ADDRSTRLEN); --#ifdef HAVE_IPV6 - else - inet_ntop(AF_INET6, &peer_addr->in6.sin6_addr, daemon->addrbuff, ADDRSTRLEN); --#endif - - my_syslog(LOG_WARNING, _("ignoring zone transfer request from %s"), daemon->addrbuff); - return 0; -@@ -603,7 +592,6 @@ size_t answer_auth(struct dns_header *he - p += sprintf(p, "%u.in-addr.arpa", a & 0xff); - - } --#ifdef HAVE_IPV6 - else - { - char *p = name; -@@ -617,7 +605,6 @@ size_t answer_auth(struct dns_header *he - p += sprintf(p, "ip6.arpa"); - - } --#endif - } - - /* handle NS and SOA in auth section or for explicit queries */ -@@ -754,14 +741,12 @@ size_t answer_auth(struct dns_header *he - daemon->auth_ttl, NULL, T_A, C_IN, "4", cut ? intr->name : NULL, &addrlist->addr)) - anscount++; - --#ifdef HAVE_IPV6 - for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) - if ((addrlist->flags & ADDRLIST_IPV6) && - (local_query || filter_zone(zone, F_IPV6, &addrlist->addr)) && - add_resource_record(header, limit, &trunc, -axfroffset, &ansp, - daemon->auth_ttl, NULL, T_AAAA, C_IN, "6", cut ? intr->name : NULL, &addrlist->addr)) - anscount++; --#endif - - /* restore config data */ - if (cut) -@@ -798,18 +783,11 @@ size_t answer_auth(struct dns_header *he - { - char *cache_name = cache_get_name(crecp); - if (!strchr(cache_name, '.') && -- (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))) -- { -- qtype = T_A; --#ifdef HAVE_IPV6 -- if (crecp->flags & F_IPV6) -- qtype = T_AAAA; --#endif -- if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, -- daemon->auth_ttl, NULL, qtype, C_IN, -- (crecp->flags & F_IPV4) ? "4" : "6", cache_name, &crecp->addr)) -- anscount++; -- } -+ (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr))) && -+ add_resource_record(header, limit, &trunc, -axfroffset, &ansp, -+ daemon->auth_ttl, NULL, (crecp->flags & F_IPV6) ? T_AAAA : T_A, C_IN, -+ (crecp->flags & F_IPV4) ? "4" : "6", cache_name, &crecp->addr)) -+ anscount++; - } - - if ((crecp->flags & F_HOSTS) || (((crecp->flags & F_DHCP) && option_bool(OPT_DHCP_FQDN)))) -@@ -818,18 +796,13 @@ size_t answer_auth(struct dns_header *he - if (in_zone(zone, name, &cut) && - (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))) - { -- qtype = T_A; --#ifdef HAVE_IPV6 -- if (crecp->flags & F_IPV6) -- qtype = T_AAAA; --#endif -- if (cut) -- *cut = 0; -- -- if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, -- daemon->auth_ttl, NULL, qtype, C_IN, -- (crecp->flags & F_IPV4) ? "4" : "6", cut ? name : NULL, &crecp->addr)) -- anscount++; -+ if (cut) -+ *cut = 0; -+ -+ if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, -+ daemon->auth_ttl, NULL, (crecp->flags & F_IPV6) ? T_AAAA : T_A, C_IN, -+ (crecp->flags & F_IPV4) ? "4" : "6", cut ? name : NULL, &crecp->addr)) -+ anscount++; - } - } - } ---- a/src/bpf.c -+++ b/src/bpf.c -@@ -31,9 +31,7 @@ - # include <net/if_var.h> - #endif - #include <netinet/in_var.h> --#ifdef HAVE_IPV6 --# include <netinet6/in6_var.h> --#endif -+#include <netinet6/in6_var.h> - - #ifndef SA_SIZE - #define SA_SIZE(sa) \ -@@ -121,7 +119,7 @@ int iface_enumerate(int family, void *pa - if (getifaddrs(&head) == -1) - return 0; - --#if defined(HAVE_BSD_NETWORK) && defined(HAVE_IPV6) -+#if defined(HAVE_BSD_NETWORK) - if (family == AF_INET6) - fd = socket(PF_INET6, SOCK_DGRAM, 0); - #endif -@@ -152,7 +150,6 @@ int iface_enumerate(int family, void *pa - if (!((*callback)(addr, iface_index, NULL, netmask, broadcast, parm))) - goto err; - } --#ifdef HAVE_IPV6 - else if (family == AF_INET6) - { - struct in6_addr *addr = &((struct sockaddr_in6 *) addrs->ifa_addr)->sin6_addr; -@@ -219,7 +216,6 @@ int iface_enumerate(int family, void *pa - (int) preferred, (int)valid, parm))) - goto err; - } --#endif /* HAVE_IPV6 */ - - #ifdef HAVE_DHCP6 - else if (family == AF_LINK) -@@ -427,10 +423,8 @@ void route_sock(void) - del_family = sa->sa_family; - if (del_family == AF_INET) - del_addr.addr.addr4 = ((struct sockaddr_in *)sa)->sin_addr; --#ifdef HAVE_IPV6 - else if (del_family == AF_INET6) - del_addr.addr.addr6 = ((struct sockaddr_in6 *)sa)->sin6_addr; --#endif - else - del_family = 0; - } ---- a/src/cache.c -+++ b/src/cache.c -@@ -410,11 +410,8 @@ static struct crec *cache_scan_free(char - else - { - int i; --#ifdef HAVE_IPV6 - int addrlen = (flags & F_IPV6) ? IN6ADDRSZ : INADDRSZ; --#else -- int addrlen = INADDRSZ; --#endif -+ - for (i = 0; i < hash_size; i++) - for (crecp = hash_table[i], up = &hash_table[i]; - crecp && ((crecp->flags & F_REVERSE) || !(crecp->flags & F_IMMORTAL)); -@@ -512,11 +509,9 @@ static struct crec *really_insert(char * - if ((flags & F_IPV4) && (new->flags & F_IPV4) && - new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr) - return new; --#ifdef HAVE_IPV6 - else if ((flags & F_IPV6) && (new->flags & F_IPV6) && - IN6_ARE_ADDR_EQUAL(&new->addr.addr.addr.addr6, &addr->addr.addr6)) - return new; --#endif - } - - insert_error = 1; -@@ -938,11 +933,7 @@ struct crec *cache_find_by_addr(struct c - time_t now, unsigned int prot) - { - struct crec *ans; --#ifdef HAVE_IPV6 - int addrlen = (prot == F_IPV6) ? IN6ADDRSZ : INADDRSZ; --#else -- int addrlen = INADDRSZ; --#endif - - if (crecp) /* iterating */ - ans = crecp->next; -@@ -1171,14 +1162,12 @@ int read_hostsfile(char *filename, unsig - addrlen = INADDRSZ; - domain_suffix = get_domain(addr.addr.addr4); - } --#ifdef HAVE_IPV6 - else if (inet_pton(AF_INET6, token, &addr) > 0) - { - flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6; - addrlen = IN6ADDRSZ; - domain_suffix = get_domain6(&addr.addr.addr6); - } --#endif - else - { - my_syslog(LOG_ERR, _("bad address at %s line %d"), filename, lineno); -@@ -1343,7 +1332,7 @@ void cache_reload(void) - cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4 | F_NAMEP | F_CONFIG; - add_hosts_entry(cache, (struct all_addr *)&hr->addr, INADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); - } --#ifdef HAVE_IPV6 -+ - if (!IN6_IS_ADDR_UNSPECIFIED(&hr->addr6) && - (cache = whine_malloc(SIZEOF_POINTER_CREC))) - { -@@ -1352,7 +1341,6 @@ void cache_reload(void) - cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6 | F_NAMEP | F_CONFIG; - add_hosts_entry(cache, (struct all_addr *)&hr->addr6, IN6ADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); - } --#endif - } - - if (option_bool(OPT_NO_HOSTS) && !daemon->addn_hosts) -@@ -1451,13 +1439,11 @@ void cache_add_dhcp_entry(char *host_nam - int in_hosts = 0; - size_t addrlen = sizeof(struct in_addr); - --#ifdef HAVE_IPV6 - if (prot == AF_INET6) - { - flags = F_IPV6; - addrlen = sizeof(struct in6_addr); - } --#endif - - inet_ntop(prot, host_address, daemon->addrbuff, ADDRSTRLEN); - -@@ -1810,10 +1796,8 @@ void dump_cache(time_t now) - a = daemon->addrbuff; - if (cache->flags & F_IPV4) - inet_ntop(AF_INET, &cache->addr.addr, a, ADDRSTRLEN); --#ifdef HAVE_IPV6 - else if (cache->flags & F_IPV6) - inet_ntop(AF_INET6, &cache->addr.addr, a, ADDRSTRLEN); --#endif - } - - if (cache->flags & F_IPV4) -@@ -1954,14 +1938,9 @@ void log_query(unsigned int flags, char - sprintf(daemon->addrbuff, "%u", rcode); - } - else -- { --#ifdef HAVE_IPV6 -- inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6, -- addr, daemon->addrbuff, ADDRSTRLEN); --#else -- strncpy(daemon->addrbuff, inet_ntoa(addr->addr.addr4), ADDRSTRLEN); --#endif -- } -+ inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6, -+ addr, daemon->addrbuff, ADDRSTRLEN); -+ - } - else - dest = arg; ---- a/src/config.h -+++ b/src/config.h -@@ -131,7 +131,6 @@ HAVE_INOTIFY - - NO_ID - Don't report *.bind CHAOS info to clients, forward such requests upstream instead. --NO_IPV6 - NO_TFTP - NO_DHCP - NO_DHCP6 -@@ -141,8 +140,8 @@ NO_AUTH - NO_DUMPFILE - NO_INOTIFY - these are available to explicitly disable compile time options which would -- otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or -- which are enabled by default in the distributed source tree. Building dnsmasq -+ otherwise be enabled automatically or which are enabled by default -+ in the distributed source tree. Building dnsmasq - with something like "make COPTS=-DNO_SCRIPT" will do the trick. - NO_GMP - Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp. -@@ -308,29 +307,9 @@ HAVE_SOCKADDR_SA_LEN - - #endif - --/* Decide if we're going to support IPv6 */ --/* We assume that systems which don't have IPv6 -- headers don't have ntop and pton either */ -- --#if defined(INET6_ADDRSTRLEN) && defined(IPV6_V6ONLY) --# define HAVE_IPV6 --# define ADDRSTRLEN INET6_ADDRSTRLEN --#else --# if !defined(INET_ADDRSTRLEN) --# define INET_ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */ --# endif --# undef HAVE_IPV6 --# define ADDRSTRLEN INET_ADDRSTRLEN --#endif -- -- - /* rules to implement compile-time option dependencies and - the NO_XXX flags */ - --#ifdef NO_IPV6 --#undef HAVE_IPV6 --#endif -- - #ifdef NO_TFTP - #undef HAVE_TFTP - #endif -@@ -340,7 +319,7 @@ HAVE_SOCKADDR_SA_LEN - #undef HAVE_DHCP6 - #endif - --#if defined(NO_DHCP6) || !defined(HAVE_IPV6) -+#if defined(NO_DHCP6) - #undef HAVE_DHCP6 - #endif - -@@ -385,9 +364,6 @@ HAVE_SOCKADDR_SA_LEN - #ifdef DNSMASQ_COMPILE_OPTS - - static char *compile_opts = --#ifndef HAVE_IPV6 --"no-" --#endif - "IPv6 " - #ifndef HAVE_GETOPT_LONG - "no-" ---- a/src/conntrack.c -+++ b/src/conntrack.c -@@ -36,7 +36,6 @@ int get_incoming_mark(union mysockaddr * - nfct_set_attr_u8(ct, ATTR_L4PROTO, istcp ? IPPROTO_TCP : IPPROTO_UDP); - nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(daemon->port)); - --#ifdef HAVE_IPV6 - if (peer_addr->sa.sa_family == AF_INET6) - { - nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6); -@@ -45,7 +44,6 @@ int get_incoming_mark(union mysockaddr * - nfct_set_attr(ct, ATTR_IPV6_DST, local_addr->addr.addr6.s6_addr); - } - else --#endif - { - nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); - nfct_set_attr_u32(ct, ATTR_IPV4_SRC, peer_addr->in.sin_addr.s_addr); ---- a/src/dbus.c -+++ b/src/dbus.c -@@ -185,9 +185,6 @@ static void dbus_read_servers(DBusMessag - } - } - --#ifndef HAVE_IPV6 -- my_syslog(LOG_WARNING, _("attempt to set an IPv6 server address via DBus - no IPv6 support")); --#else - if (i == sizeof(struct in6_addr)) - { - memcpy(&addr.in6.sin6_addr, p, sizeof(struct in6_addr)); -@@ -202,7 +199,6 @@ static void dbus_read_servers(DBusMessag - source_addr.in6.sin6_port = htons(daemon->query_port); - skip = 0; - } --#endif - } - else - /* At the end */ ---- a/src/dnsmasq.c -+++ b/src/dnsmasq.c -@@ -1730,11 +1730,11 @@ static void check_dns_listeners(time_t n - indextoname(listener->tcpfd, if_index, intr_name)) - { - struct all_addr addr; -- addr.addr.addr4 = tcp_addr.in.sin_addr; --#ifdef HAVE_IPV6 -+ - if (tcp_addr.sa.sa_family == AF_INET6) - addr.addr.addr6 = tcp_addr.in6.sin6_addr; --#endif -+ else -+ addr.addr.addr4 = tcp_addr.in.sin_addr; - - for (iface = daemon->interfaces; iface; iface = iface->next) - if (iface->index == if_index) ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -126,9 +126,7 @@ typedef unsigned long long u64; - #include <net/if_arp.h> - #include <netinet/in_systm.h> - #include <netinet/ip.h> --#ifdef HAVE_IPV6 - #include <netinet/ip6.h> --#endif - #include <netinet/ip_icmp.h> - #include <sys/uio.h> - #include <syslog.h> -@@ -159,6 +157,8 @@ extern int capget(cap_user_header_t head - /* daemon is function in the C library.... */ - #define daemon dnsmasq_daemon - -+#define ADDRSTRLEN INET6_ADDRSTRLEN -+ - /* Async event queue */ - struct event_desc { - int event, data, msg_sz; -@@ -273,9 +273,7 @@ struct event_desc { - struct all_addr { - union { - struct in_addr addr4; --#ifdef HAVE_IPV6 - struct in6_addr addr6; --#endif - /* for log_query */ - struct { - unsigned short keytag, algo, digest; -@@ -383,9 +381,7 @@ struct host_record { - struct name_list *next; - } *names; - struct in_addr addr; --#ifdef HAVE_IPV6 - struct in6_addr addr6; --#endif - struct host_record *next; - }; - -@@ -496,9 +492,7 @@ struct crec { - union mysockaddr { - struct sockaddr sa; - struct sockaddr_in in; --#if defined(HAVE_IPV6) - struct sockaddr_in6 in6; --#endif - }; - - /* bits in flag param to IPv6 callbacks from iface_enumerate() */ -@@ -660,9 +654,7 @@ struct frec { - struct all_addr dest; - struct server *sentto; /* NULL means free */ - struct randfd *rfd4; --#ifdef HAVE_IPV6 - struct randfd *rfd6; --#endif - unsigned int iface; - unsigned short orig_id, new_id; - int log_id, fd, forwardall, flags; -@@ -877,9 +869,7 @@ struct dhcp_bridge { - struct cond_domain { - char *domain, *prefix; - struct in_addr start, end; --#ifdef HAVE_IPV6 - struct in6_addr start6, end6; --#endif - int is6, indexed; - struct cond_domain *next; - }; -@@ -1184,9 +1174,7 @@ void blockdata_free(struct blockdata *bl - - /* domain.c */ - char *get_domain(struct in_addr addr); --#ifdef HAVE_IPV6 - char *get_domain6(struct in6_addr *addr); --#endif - int is_name_synthetic(int flags, char *name, struct all_addr *addr); - int is_rev_synth(int flag, struct all_addr *addr, char *name); - -@@ -1270,11 +1258,9 @@ int hostname_issubdomain(char *a, char * - time_t dnsmasq_time(void); - int netmask_length(struct in_addr mask); - int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask); --#ifdef HAVE_IPV6 - int is_same_net6(struct in6_addr *a, struct in6_addr *b, int prefixlen); - u64 addr6part(struct in6_addr *addr); - void setaddr6part(struct in6_addr *addr, u64 host); --#endif - int retry_send(ssize_t rc); - void prettyprint_time(char *buf, unsigned int t); - int prettyprint_addr(union mysockaddr *addr, char *buf); -@@ -1353,9 +1339,7 @@ int loopback_exception(int fd, int famil - int label_exception(int index, int family, struct all_addr *addr); - int fix_fd(int fd); - int tcp_interface(int fd, int af); --#ifdef HAVE_IPV6 - int set_ipv6pktinfo(int fd); --#endif - #ifdef HAVE_DHCP6 - void join_multicast(int dienow); - #endif ---- a/src/domain.c -+++ b/src/domain.c -@@ -18,21 +18,14 @@ - - - static struct cond_domain *search_domain(struct in_addr addr, struct cond_domain *c); --#ifdef HAVE_IPV6 - static struct cond_domain *search_domain6(struct in6_addr *addr, struct cond_domain *c); --#endif - - - int is_name_synthetic(int flags, char *name, struct all_addr *addr) - { - char *p; - struct cond_domain *c = NULL; -- int prot = AF_INET; -- --#ifdef HAVE_IPV6 -- if (flags & F_IPV6) -- prot = AF_INET6; --#endif -+ int prot = (flags & F_IPV6) ? AF_INET6 : AF_INET; - - for (c = daemon->synth_domains; c; c = c->next) - { -@@ -83,8 +76,7 @@ int is_name_synthetic(int flags, char *n - addr->addr.addr4.s_addr = htonl(ntohl(c->start.s_addr) + index); - found = 1; - } -- } --#ifdef HAVE_IPV6 -+ } - else - { - u64 index = atoll(tail); -@@ -98,7 +90,6 @@ int is_name_synthetic(int flags, char *n - found = 1; - } - } --#endif - } - } - else -@@ -111,10 +102,8 @@ int is_name_synthetic(int flags, char *n - if ((c >='0' && c <= '9') || c == '-') - continue; - --#ifdef HAVE_IPV6 - if (prot == AF_INET6 && ((c >='A' && c <= 'F') || (c >='a' && c <= 'f'))) - continue; --#endif - - break; - } -@@ -124,7 +113,6 @@ int is_name_synthetic(int flags, char *n - - *p = 0; - --#ifdef HAVE_IPV6 - if (prot == AF_INET6 && strstr(tail, "--ffff-") == tail) - { - /* special hack for v4-mapped. */ -@@ -134,7 +122,6 @@ int is_name_synthetic(int flags, char *n - *p = '.'; - } - else --#endif - { - /* swap . or : for - */ - for (p = tail; *p; p++) -@@ -142,10 +129,8 @@ int is_name_synthetic(int flags, char *n - { - if (prot == AF_INET) - *p = '.'; --#ifdef HAVE_IPV6 - else - *p = ':'; --#endif - } - } - -@@ -158,7 +143,6 @@ int is_name_synthetic(int flags, char *n - ntohl(addr->addr.addr4.s_addr) <= ntohl(c->end.s_addr)) - found = 1; - } --#ifdef HAVE_IPV6 - else - { - u64 addrpart = addr6part(&addr->addr.addr6); -@@ -169,7 +153,6 @@ int is_name_synthetic(int flags, char *n - addrpart <= addr6part(&c->end6)) - found = 1; - } --#endif - } - - } -@@ -221,8 +204,7 @@ int is_rev_synth(int flag, struct all_ad - return 1; - } - --#ifdef HAVE_IPV6 -- if (flag & F_IPV6 && (c = search_domain6(&addr->addr.addr6, daemon->synth_domains))) -+ if ((flag & F_IPV6) && (c = search_domain6(&addr->addr.addr6, daemon->synth_domains))) - { - char *p; - -@@ -259,7 +241,6 @@ int is_rev_synth(int flag, struct all_ad - - return 1; - } --#endif - - return 0; - } -@@ -286,7 +267,7 @@ char *get_domain(struct in_addr addr) - return daemon->domain_suffix; - } - --#ifdef HAVE_IPV6 -+ - static struct cond_domain *search_domain6(struct in6_addr *addr, struct cond_domain *c) - { - u64 addrpart = addr6part(addr); -@@ -310,4 +291,3 @@ char *get_domain6(struct in6_addr *addr) - - return daemon->domain_suffix; - } --#endif ---- a/src/dump.c -+++ b/src/dump.c -@@ -82,10 +82,8 @@ void dump_init(void) - void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, union mysockaddr *dst) - { - struct ip ip; --#ifdef HAVE_IPV6 - struct ip6_hdr ip6; - int family; --#endif - struct udphdr { - u16 uh_sport; /* source port */ - u16 uh_dport; /* destination port */ -@@ -105,7 +103,6 @@ void dump_packet(int mask, void *packet, - /* So wireshark can Id the packet. */ - udp.uh_sport = udp.uh_dport = htons(NAMESERVER_PORT); - --#ifdef HAVE_IPV6 - if (src) - family = src->sa.sa_family; - else -@@ -139,7 +136,6 @@ void dump_packet(int mask, void *packet, - sum += ((u16 *)&ip6.ip6_src)[i]; - } - else --#endif - { - iphdr = &ip; - ipsz = sizeof(ip); ---- a/src/edns0.c -+++ b/src/edns0.c -@@ -301,20 +301,14 @@ static size_t add_mac(struct dns_header - - struct subnet_opt { - u16 family; -- u8 source_netmask, scope_netmask; --#ifdef HAVE_IPV6 -+ u8 source_netmask, scope_netmask; - u8 addr[IN6ADDRSZ]; --#else -- u8 addr[INADDRSZ]; --#endif - }; - - static void *get_addrp(union mysockaddr *addr, const short family) - { --#ifdef HAVE_IPV6 - if (family == AF_INET6) - return &addr->in6.sin6_addr; --#endif - - return &addr->in.sin_addr; - } -@@ -330,7 +324,6 @@ static size_t calc_subnet_opt(struct sub - opt->source_netmask = 0; - opt->scope_netmask = 0; - --#ifdef HAVE_IPV6 - if (source->sa.sa_family == AF_INET6 && daemon->add_subnet6) - { - opt->source_netmask = daemon->add_subnet6->mask; -@@ -342,7 +335,6 @@ static size_t calc_subnet_opt(struct sub - else - addrp = &source->in6.sin6_addr; - } --#endif - - if (source->sa.sa_family == AF_INET && daemon->add_subnet4) - { -@@ -356,11 +348,7 @@ static size_t calc_subnet_opt(struct sub - addrp = &source->in.sin_addr; - } - --#ifdef HAVE_IPV6 - opt->family = htons(sa_family == AF_INET6 ? 2 : 1); --#else -- opt->family = htons(1); --#endif - - len = 0; - ---- a/src/forward.c -+++ b/src/forward.c -@@ -38,9 +38,7 @@ int send_from(int fd, int nowild, char * - #elif defined(IP_SENDSRCADDR) - char control[CMSG_SPACE(sizeof(struct in_addr))]; - #endif --#ifdef HAVE_IPV6 - char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; --#endif - } control_u; - - iov[0].iov_base = packet; -@@ -79,7 +77,6 @@ int send_from(int fd, int nowild, char * - #endif - } - else --#ifdef HAVE_IPV6 - { - struct in6_pktinfo p; - p.ipi6_ifindex = iface; /* Need iface for IPv6 to handle link-local addrs */ -@@ -89,9 +86,6 @@ int send_from(int fd, int nowild, char * - cmptr->cmsg_type = daemon->v6pktinfo; - cmptr->cmsg_level = IPPROTO_IPV6; - } --#else -- (void)iface; /* eliminate warning */ --#endif - } - - while (retry_send(sendmsg(fd, &msg, 0))); -@@ -144,10 +138,8 @@ static unsigned int search_servers(time_ - flags = sflag; - if (serv->addr.sa.sa_family == AF_INET) - *addrpp = (struct all_addr *)&serv->addr.in.sin_addr; --#ifdef HAVE_IPV6 - else - *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr; --#endif - } - else if (!flags || (flags & F_NXDOMAIN)) - flags = F_NOERR; -@@ -204,10 +196,8 @@ static unsigned int search_servers(time_ - flags = sflag; - if (serv->addr.sa.sa_family == AF_INET) - *addrpp = (struct all_addr *)&serv->addr.in.sin_addr; --#ifdef HAVE_IPV6 - else - *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr; --#endif - } - else if (!flags || (flags & F_NXDOMAIN)) - flags = F_NOERR; -@@ -236,10 +226,8 @@ static unsigned int search_servers(time_ - /* handle F_IPV4 and F_IPV6 set on ANY query to 0.0.0.0/:: domain. */ - if (flags & F_IPV4) - log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV6, qdomain, *addrpp, NULL); --#ifdef HAVE_IPV6 - if (flags & F_IPV6) - log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV4, qdomain, *addrpp, NULL); --#endif - } - } - else if ((*type) & SERV_USE_RESOLV) -@@ -302,20 +290,17 @@ static int forward_query(int udpfd, unio - - if (forward->sentto->addr.sa.sa_family == AF_INET) - log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec"); --#ifdef HAVE_IPV6 - else - log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec"); --#endif -+ - - if (forward->sentto->sfd) - fd = forward->sentto->sfd->fd; - else - { --#ifdef HAVE_IPV6 - if (forward->sentto->addr.sa.sa_family == AF_INET6) - fd = forward->rfd6->fd; - else --#endif - fd = forward->rfd4->fd; - } - -@@ -475,7 +460,6 @@ static int forward_query(int udpfd, unio - fd = start->sfd->fd; - else - { --#ifdef HAVE_IPV6 - if (start->addr.sa.sa_family == AF_INET6) - { - if (!forward->rfd6 && -@@ -485,7 +469,6 @@ static int forward_query(int udpfd, unio - fd = forward->rfd6->fd; - } - else --#endif - { - if (!forward->rfd4 && - !(forward->rfd4 = allocate_rfd(AF_INET))) -@@ -541,11 +524,9 @@ static int forward_query(int udpfd, unio - if (start->addr.sa.sa_family == AF_INET) - log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, - (struct all_addr *)&start->addr.in.sin_addr, NULL); --#ifdef HAVE_IPV6 - else - log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, - (struct all_addr *)&start->addr.in6.sin6_addr, NULL); --#endif - start->queries++; - forwarded = 1; - forward->sentto = start; -@@ -788,11 +769,8 @@ void reply_query(int fd, int family, tim - daemon->srv_save = NULL; - - /* Determine the address of the server replying so that we can mark that as good */ -- serveraddr.sa.sa_family = family; --#ifdef HAVE_IPV6 -- if (serveraddr.sa.sa_family == AF_INET6) -+ if ((serveraddr.sa.sa_family = family) == AF_INET6) - serveraddr.in6.sin6_flowinfo = 0; --#endif - - header = (struct dns_header *)daemon->packet; - -@@ -878,7 +856,6 @@ void reply_query(int fd, int family, tim - fd = start->sfd->fd; - else - { --#ifdef HAVE_IPV6 - if (start->addr.sa.sa_family == AF_INET6) - { - /* may have changed family */ -@@ -887,7 +864,6 @@ void reply_query(int fd, int family, tim - fd = forward->rfd6->fd; - } - else --#endif - { - /* may have changed family */ - if (!forward->rfd4) -@@ -902,10 +878,8 @@ void reply_query(int fd, int family, tim - - if (start->addr.sa.sa_family == AF_INET) - log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&start->addr.in.sin_addr, "dnssec"); --#ifdef HAVE_IPV6 - else - log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&start->addr.in6.sin6_addr, "dnssec"); --#endif - - return; - } -@@ -1099,9 +1073,7 @@ void reply_query(int fd, int family, tim - - new->sentto = server; - new->rfd4 = NULL; --#ifdef HAVE_IPV6 - new->rfd6 = NULL; --#endif - new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_HAS_EXTRADATA); - new->forwardall = 0; - -@@ -1125,11 +1097,9 @@ void reply_query(int fd, int family, tim - if (server->addr.sa.sa_family == AF_INET) - log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, daemon->keyname, (struct all_addr *)&(server->addr.in.sin_addr), - querystr("dnssec-query", querytype)); --#ifdef HAVE_IPV6 - else - log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, daemon->keyname, (struct all_addr *)&(server->addr.in6.sin6_addr), - querystr("dnssec-query", querytype)); --#endif - - if ((hash = hash_questions(header, nn, daemon->namebuff))) - memcpy(new->hash, hash, HASH_SIZE); -@@ -1147,14 +1117,12 @@ void reply_query(int fd, int family, tim - else - { - fd = -1; --#ifdef HAVE_IPV6 - if (server->addr.sa.sa_family == AF_INET6) - { - if (new->rfd6 || (new->rfd6 = allocate_rfd(AF_INET6))) - fd = new->rfd6->fd; - } - else --#endif - { - if (new->rfd4 || (new->rfd4 = allocate_rfd(AF_INET))) - fd = new->rfd4->fd; -@@ -1290,9 +1258,7 @@ void receive_query(struct listener *list - struct cmsghdr *cmptr; - union { - struct cmsghdr align; /* this ensures alignment */ --#ifdef HAVE_IPV6 - char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; --#endif - #if defined(HAVE_LINUX_NETWORK) - char control[CMSG_SPACE(sizeof(struct in_pktinfo))]; - #elif defined(IP_RECVDSTADDR) && defined(HAVE_SOLARIS_NETWORK) -@@ -1303,12 +1269,8 @@ void receive_query(struct listener *list - CMSG_SPACE(sizeof(struct sockaddr_dl))]; - #endif - } control_u; --#ifdef HAVE_IPV6 - /* Can always get recvd interface for IPv6 */ - int check_dst = !option_bool(OPT_NOWILD) || listen->family == AF_INET6; --#else -- int check_dst = !option_bool(OPT_NOWILD); --#endif - - /* packet buffer overwritten */ - daemon->srv_save = NULL; -@@ -1359,7 +1321,6 @@ void receive_query(struct listener *list - if (source_addr.in.sin_port == 0) - return; - } --#ifdef HAVE_IPV6 - else - { - /* Source-port == 0 is an error, we can't send back to that. */ -@@ -1367,13 +1328,12 @@ void receive_query(struct listener *list - return; - source_addr.in6.sin6_flowinfo = 0; - } --#endif - - /* We can be configured to only accept queries from at-most-one-hop-away addresses. */ - if (option_bool(OPT_LOCAL_SERVICE)) - { - struct addrlist *addr; --#ifdef HAVE_IPV6 -+ - if (listen->family == AF_INET6) - { - for (addr = daemon->interface_addrs; addr; addr = addr->next) -@@ -1382,7 +1342,6 @@ void receive_query(struct listener *list - break; - } - else --#endif - { - struct in_addr netmask; - for (addr = daemon->interface_addrs; addr; addr = addr->next) -@@ -1451,7 +1410,6 @@ void receive_query(struct listener *list - } - #endif - --#ifdef HAVE_IPV6 - if (listen->family == AF_INET6) - { - for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) -@@ -1467,7 +1425,6 @@ void receive_query(struct listener *list - if_index = p.p->ipi6_ifindex; - } - } --#endif - - /* enforce available interface configuration */ - -@@ -1531,11 +1488,9 @@ void receive_query(struct listener *list - if (listen->family == AF_INET) - log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, - (struct all_addr *)&source_addr.in.sin_addr, types); --#ifdef HAVE_IPV6 - else - log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, - (struct all_addr *)&source_addr.in6.sin6_addr, types); --#endif - - #ifdef HAVE_AUTH - /* find queries for zones we're authoritative for, and answer them directly */ -@@ -1744,11 +1699,9 @@ static int tcp_key_recurse(time_t now, i - if (server->addr.sa.sa_family == AF_INET) - log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, keyname, (struct all_addr *)&(server->addr.in.sin_addr), - querystr("dnssec-query", new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS)); --#ifdef HAVE_IPV6 - else - log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, keyname, (struct all_addr *)&(server->addr.in6.sin6_addr), - querystr("dnssec-query", new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS)); --#endif - - server->flags |= SERV_GOT_TCP; - -@@ -1813,11 +1766,10 @@ unsigned char *tcp_request(int confd, ti - if (option_bool(OPT_CONNTRACK)) - { - struct all_addr local; --#ifdef HAVE_IPV6 -+ - if (local_addr->sa.sa_family == AF_INET6) - local.addr.addr6 = local_addr->in6.sin6_addr; - else --#endif - local.addr.addr4 = local_addr->in.sin_addr; - - have_mark = get_incoming_mark(&peer_addr, &local, 1, &mark); -@@ -1828,7 +1780,7 @@ unsigned char *tcp_request(int confd, ti - if (option_bool(OPT_LOCAL_SERVICE)) - { - struct addrlist *addr; --#ifdef HAVE_IPV6 -+ - if (peer_addr.sa.sa_family == AF_INET6) - { - for (addr = daemon->interface_addrs; addr; addr = addr->next) -@@ -1837,7 +1789,6 @@ unsigned char *tcp_request(int confd, ti - break; - } - else --#endif - { - struct in_addr netmask; - for (addr = daemon->interface_addrs; addr; addr = addr->next) -@@ -1892,11 +1843,9 @@ unsigned char *tcp_request(int confd, ti - if (peer_addr.sa.sa_family == AF_INET) - log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, - (struct all_addr *)&peer_addr.in.sin_addr, types); --#ifdef HAVE_IPV6 - else - log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, - (struct all_addr *)&peer_addr.in6.sin6_addr, types); --#endif - - #ifdef HAVE_AUTH - /* find queries for zones we're authoritative for, and answer them directly */ -@@ -2072,11 +2021,9 @@ unsigned char *tcp_request(int confd, ti - if (last_server->addr.sa.sa_family == AF_INET) - log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, - (struct all_addr *)&last_server->addr.in.sin_addr, NULL); --#ifdef HAVE_IPV6 - else - log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, - (struct all_addr *)&last_server->addr.in6.sin6_addr, NULL); --#endif - - #ifdef HAVE_DNSSEC - if (option_bool(OPT_DNSSEC_VALID) && !checking_disabled && (last_server->flags & SERV_DO_DNSSEC)) -@@ -2175,9 +2122,7 @@ static struct frec *allocate_frec(time_t - f->sentto = NULL; - f->rfd4 = NULL; - f->flags = 0; --#ifdef HAVE_IPV6 - f->rfd6 = NULL; --#endif - #ifdef HAVE_DNSSEC - f->dependent = NULL; - f->blocking_query = NULL; -@@ -2237,11 +2182,8 @@ static void free_frec(struct frec *f) - f->rfd4 = NULL; - f->sentto = NULL; - f->flags = 0; -- --#ifdef HAVE_IPV6 - free_rfd(f->rfd6); - f->rfd6 = NULL; --#endif - - #ifdef HAVE_DNSSEC - if (f->stash) ---- a/src/helper.c -+++ b/src/helper.c -@@ -64,9 +64,7 @@ struct script_data - #ifdef HAVE_TFTP - off_t file_len; - #endif --#ifdef HAVE_IPV6 - struct in6_addr addr6; --#endif - #ifdef HAVE_DHCP6 - int iaid, vendorclass_count; - #endif -@@ -302,10 +300,8 @@ int create_helper(int event_fd, int err_ - - if (!is6) - inet_ntop(AF_INET, &data.addr, daemon->addrbuff, ADDRSTRLEN); --#ifdef HAVE_IPV6 - else - inet_ntop(AF_INET6, &data.addr6, daemon->addrbuff, ADDRSTRLEN); --#endif - - #ifdef HAVE_TFTP - /* file length */ -@@ -826,10 +822,8 @@ void queue_tftp(off_t file_len, char *fi - - if ((buf->flags = peer->sa.sa_family) == AF_INET) - buf->addr = peer->in.sin_addr; --#ifdef HAVE_IPV6 - else - buf->addr6 = peer->in6.sin6_addr; --#endif - - memcpy((unsigned char *)(buf+1), filename, filename_len); - -@@ -851,10 +845,8 @@ void queue_arp(int action, unsigned char - buf->hwaddr_type = ARPHRD_ETHER; - if ((buf->flags = family) == AF_INET) - buf->addr = addr->addr.addr4; --#ifdef HAVE_IPV6 - else - buf->addr6 = addr->addr.addr6; --#endif - - memcpy(buf->hwaddr, mac, maclen); - ---- a/src/ipset.c -+++ b/src/ipset.c -@@ -120,13 +120,8 @@ static int new_add_to_ipset(const char * - struct my_nfgenmsg *nfg; - struct my_nlattr *nested[2]; - uint8_t proto; -- int addrsz = INADDRSZ; -+ int addrsz = (af == AF_INET6) ? INADDRSZ : IN6ADDRSZ; - --#ifdef HAVE_IPV6 -- if (af == AF_INET6) -- addrsz = IN6ADDRSZ; --#endif -- - if (strlen(setname) >= IPSET_MAXNAMELEN) - { - errno = ENAMETOOLONG; -@@ -213,7 +208,6 @@ int add_to_ipset(const char *setname, co - { - int ret = 0, af = AF_INET; - --#ifdef HAVE_IPV6 - if (flags & F_IPV6) - { - af = AF_INET6; -@@ -224,7 +218,6 @@ int add_to_ipset(const char *setname, co - ret = -1; - } - } --#endif - - if (ret != -1) - ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); ---- a/src/netlink.c -+++ b/src/netlink.c -@@ -51,11 +51,10 @@ void netlink_init(void) - addr.nl_groups = RTMGRP_IPV4_ROUTE; - if (option_bool(OPT_CLEVERBIND)) - addr.nl_groups |= RTMGRP_IPV4_IFADDR; --#ifdef HAVE_IPV6 - addr.nl_groups |= RTMGRP_IPV6_ROUTE; - if (option_bool(OPT_CLEVERBIND)) - addr.nl_groups |= RTMGRP_IPV6_IFADDR; --#endif -+ - #ifdef HAVE_DHCP6 - if (daemon->doing_ra || daemon->doing_dhcp6) - addr.nl_groups |= RTMGRP_IPV6_IFADDR; -@@ -235,7 +234,6 @@ int iface_enumerate(int family, void *pa - if (!((*callback)(addr, ifa->ifa_index, label, netmask, broadcast, parm))) - callback_ok = 0; - } --#ifdef HAVE_IPV6 - else if (ifa->ifa_family == AF_INET6) - { - struct in6_addr *addrp = NULL; -@@ -270,7 +268,6 @@ int iface_enumerate(int family, void *pa - (int) preferred, (int)valid, parm))) - callback_ok = 0; - } --#endif - } - } - else if (h->nlmsg_type == RTM_NEWNEIGH && family == AF_UNSPEC) ---- a/src/network.c -+++ b/src/network.c -@@ -137,12 +137,10 @@ int iface_check(int family, struct all_a - if (family == AF_INET && - tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) - ret = match_addr = tmp->used = 1; --#ifdef HAVE_IPV6 - else if (family == AF_INET6 && - IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, - &addr->addr.addr6)) - ret = match_addr = tmp->used = 1; --#endif - } - } - -@@ -162,11 +160,9 @@ int iface_check(int family, struct all_a - else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET && - tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) - break; --#ifdef HAVE_IPV6 - else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 && - IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6)) - break; --#endif - - if (tmp && auth) - { -@@ -200,11 +196,8 @@ int loopback_exception(int fd, int famil - if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) - return 1; - } --#ifdef HAVE_IPV6 - else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6)) - return 1; --#endif -- - } - } - return 0; -@@ -292,19 +285,15 @@ static int iface_allowed(struct iface_pa - al->addr.addr.addr4 = addr->in.sin_addr; - al->flags = 0; - } --#ifdef HAVE_IPV6 - else - { - al->addr.addr.addr6 = addr->in6.sin6_addr; - al->flags = ADDRLIST_IPV6; - } --#endif - } - } - --#ifdef HAVE_IPV6 - if (addr->sa.sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr)) --#endif - { - struct interface_name *int_name; - struct addrlist *al; -@@ -337,7 +326,6 @@ static int iface_allowed(struct iface_pa - } - } - --#ifdef HAVE_IPV6 - if (addr->sa.sa_family == AF_INET6 && (name->flags & AUTH6)) - { - if (param->spare) -@@ -357,8 +345,6 @@ static int iface_allowed(struct iface_pa - al->flags = ADDRLIST_IPV6; - } - } --#endif -- - } - #endif - -@@ -386,7 +372,6 @@ static int iface_allowed(struct iface_pa - al->addr.addr.addr4 = addr->in.sin_addr; - al->flags = 0; - } --#ifdef HAVE_IPV6 - else - { - al->addr.addr.addr6 = addr->in6.sin6_addr; -@@ -396,7 +381,6 @@ static int iface_allowed(struct iface_pa - if (!(iface_flags & IFACE_PERMANENT) || (iface_flags & (IFACE_DEPRECATED | IFACE_TENTATIVE))) - al->flags |= ADDRLIST_REVONLY; - } --#endif - } - } - } -@@ -438,11 +422,9 @@ static int iface_allowed(struct iface_pa - !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns)) - return 1; - --#ifdef HAVE_IPV6 - if (addr->sa.sa_family == AF_INET6 && - !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns)) - return 1; --#endif - - #ifdef HAVE_DHCP - /* No DHCP where we're doing auth DNS. */ -@@ -501,7 +483,6 @@ static int iface_allowed(struct iface_pa - return 0; - } - --#ifdef HAVE_IPV6 - static int iface_allowed_v6(struct in6_addr *local, int prefix, - int scope, int if_index, int flags, - int preferred, int valid, void *vparam) -@@ -529,7 +510,6 @@ static int iface_allowed_v6(struct in6_a - - return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, flags); - } --#endif - - static int iface_allowed_v4(struct in_addr local, int if_index, char *label, - struct in_addr netmask, struct in_addr broadcast, void *vparam) -@@ -633,9 +613,7 @@ int enumerate_interfaces(int reset) - - param.spare = spare; - --#ifdef HAVE_IPV6 - ret = iface_enumerate(AF_INET6, ¶m, iface_allowed_v6); --#endif - - if (ret) - ret = iface_enumerate(AF_INET, ¶m, iface_allowed_v4); -@@ -740,10 +718,8 @@ static int make_sock(union mysockaddr *a - if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd)) - goto err; - --#ifdef HAVE_IPV6 - if (family == AF_INET6 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1) - goto err; --#endif - - if ((rc = bind(fd, (struct sockaddr *)addr, sa_len(addr))) == -1) - goto err; -@@ -767,15 +743,12 @@ static int make_sock(union mysockaddr *a - #endif - } - } --#ifdef HAVE_IPV6 - else if (!set_ipv6pktinfo(fd)) - goto err; --#endif - - return fd; - } - --#ifdef HAVE_IPV6 - int set_ipv6pktinfo(int fd) - { - int opt = 1; -@@ -802,7 +775,6 @@ int set_ipv6pktinfo(int fd) - - return 0; - } --#endif - - - /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */ -@@ -842,7 +814,6 @@ int tcp_interface(int fd, int af) - } - } - } --#ifdef HAVE_IPV6 - else - { - /* Only the RFC-2292 API has the ability to find the interface for TCP connections, -@@ -874,7 +845,6 @@ int tcp_interface(int fd, int af) - } - } - } --#endif /* IPV6 */ - #endif /* Linux */ - - return if_index; -@@ -904,7 +874,6 @@ static struct listener *create_listeners - tftpfd = make_sock(addr, SOCK_DGRAM, dienow); - addr->in.sin_port = save; - } --# ifdef HAVE_IPV6 - else - { - short save = addr->in6.sin6_port; -@@ -912,7 +881,6 @@ static struct listener *create_listeners - tftpfd = make_sock(addr, SOCK_DGRAM, dienow); - addr->in6.sin6_port = save; - } --# endif - } - #endif - -@@ -945,11 +913,10 @@ void create_wildcard_listeners(void) - - l = create_listeners(&addr, !!option_bool(OPT_TFTP), 1); - --#ifdef HAVE_IPV6 - memset(&addr, 0, sizeof(addr)); --# ifdef HAVE_SOCKADDR_SA_LEN -+#ifdef HAVE_SOCKADDR_SA_LEN - addr.in6.sin6_len = sizeof(addr.in6); --# endif -+#endif - addr.in6.sin6_family = AF_INET6; - addr.in6.sin6_addr = in6addr_any; - addr.in6.sin6_port = htons(daemon->port); -@@ -959,7 +926,6 @@ void create_wildcard_listeners(void) - l->next = l6; - else - l = l6; --#endif - - daemon->listeners = l; - } -@@ -1159,7 +1125,6 @@ int random_sock(int family) - addr.in.sin_len = sizeof(struct sockaddr_in); - #endif - } --#ifdef HAVE_IPV6 - else - { - addr.in6.sin6_addr = in6addr_any; -@@ -1168,7 +1133,6 @@ int random_sock(int family) - addr.in6.sin6_len = sizeof(struct sockaddr_in6); - #endif - } --#endif - - if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0) - return fd; -@@ -1193,10 +1157,8 @@ int local_bind(int fd, union mysockaddr - { - if (addr_copy.sa.sa_family == AF_INET) - addr_copy.in.sin_port = 0; --#ifdef HAVE_IPV6 - else - addr_copy.in6.sin6_port = 0; --#endif - } - - if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) == -1) -@@ -1211,7 +1173,7 @@ int local_bind(int fd, union mysockaddr - return setsockopt(fd, IPPROTO_IP, IP_UNICAST_IF, &ifindex_opt, sizeof(ifindex_opt)) == 0; - } - #endif --#if defined(HAVE_IPV6) && defined (IPV6_UNICAST_IF) -+#if defined (IPV6_UNICAST_IF) - if (addr_copy.sa.sa_family == AF_INET6) - { - uint32_t ifindex_opt = htonl(ifindex); -@@ -1247,12 +1209,10 @@ static struct serverfd *allocate_sfd(uni - addr->in.sin_port == htons(0)) - return NULL; - --#ifdef HAVE_IPV6 - if (addr->sa.sa_family == AF_INET6 && - memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 && - addr->in6.sin6_port == htons(0)) - return NULL; --#endif - } - - if (intname && strlen(intname) != 0) -@@ -1315,7 +1275,7 @@ void pre_allocate_sfds(void) - #endif - if ((sfd = allocate_sfd(&addr, ""))) - sfd->preallocated = 1; --#ifdef HAVE_IPV6 -+ - memset(&addr, 0, sizeof(addr)); - addr.in6.sin6_family = AF_INET6; - addr.in6.sin6_addr = in6addr_any; -@@ -1325,7 +1285,6 @@ void pre_allocate_sfds(void) - #endif - if ((sfd = allocate_sfd(&addr, ""))) - sfd->preallocated = 1; --#endif - } - - for (srv = daemon->servers; srv; srv = srv->next) -@@ -1658,7 +1617,6 @@ int reload_servers(char *fname) - source_addr.in.sin_addr.s_addr = INADDR_ANY; - source_addr.in.sin_port = htons(daemon->query_port); - } --#ifdef HAVE_IPV6 - else - { - int scope_index = 0; -@@ -1686,10 +1644,6 @@ int reload_servers(char *fname) - else - continue; - } --#else /* IPV6 */ -- else -- continue; --#endif - - add_update_server(SERV_FROM_RESOLV, &addr, &source_addr, NULL, NULL); - gotone = 1; ---- a/src/option.c -+++ b/src/option.c -@@ -764,10 +764,8 @@ static char *parse_mysockaddr(char *arg, - { - if (inet_pton(AF_INET, arg, &addr->in.sin_addr) > 0) - addr->sa.sa_family = AF_INET; --#ifdef HAVE_IPV6 - else if (inet_pton(AF_INET6, arg, &addr->in6.sin6_addr) > 0) - addr->sa.sa_family = AF_INET6; --#endif - else - return _("bad address"); - -@@ -779,10 +777,8 @@ char *parse_server(char *arg, union myso - int source_port = 0, serv_port = NAMESERVER_PORT; - char *portno, *source; - char *interface_opt = NULL; --#ifdef HAVE_IPV6 - int scope_index = 0; - char *scope_id; --#endif - - if (!arg || strlen(arg) == 0) - { -@@ -800,9 +796,7 @@ char *parse_server(char *arg, union myso - !atoi_check16(portno, &serv_port)) - return _("bad port"); - --#ifdef HAVE_IPV6 - scope_id = split_chr(arg, '%'); --#endif - - if (source) { - interface_opt = split_chr(source, '@'); -@@ -846,7 +840,6 @@ char *parse_server(char *arg, union myso - } - } - } --#ifdef HAVE_IPV6 - else if (inet_pton(AF_INET6, arg, &addr->in6.sin6_addr) > 0) - { - if (scope_id && (scope_index = if_nametoindex(scope_id)) == 0) -@@ -881,7 +874,6 @@ char *parse_server(char *arg, union myso - } - } - } --#endif - else - return _("bad address"); - -@@ -1914,10 +1906,8 @@ static int one_opt(int option, char *arg - unhide_metas(arg); - if (inet_pton(AF_INET, arg, &new->addr.in.sin_addr) > 0) - new->addr.sa.sa_family = AF_INET; --#ifdef HAVE_IPV6 - else if (inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0) - new->addr.sa.sa_family = AF_INET6; --#endif - else - { - char *fam = split_chr(arg, '/'); -@@ -1927,10 +1917,8 @@ static int one_opt(int option, char *arg - { - if (strcmp(fam, "4") == 0) - new->addr.sa.sa_family = AF_INET; --#ifdef HAVE_IPV6 - else if (strcmp(fam, "6") == 0) - new->addr.sa.sa_family = AF_INET6; --#endif - else - ret_err(gen_err); - } -@@ -1996,14 +1984,12 @@ static int one_opt(int option, char *arg - subnet->prefixlen = (prefixlen == 0) ? 24 : prefixlen; - subnet->flags = ADDRLIST_LITERAL; - } --#ifdef HAVE_IPV6 - else if (inet_pton(AF_INET6, arg, &addr.addr.addr6)) - { - subnet = opt_malloc(sizeof(struct addrlist)); - subnet->prefixlen = (prefixlen == 0) ? 64 : prefixlen; - subnet->flags = ADDRLIST_LITERAL | ADDRLIST_IPV6; - } --#endif - else - { - struct auth_name_list *name = opt_malloc(sizeof(struct auth_name_list)); -@@ -2015,10 +2001,8 @@ static int one_opt(int option, char *arg - { - if (prefixlen == 4) - name->flags &= ~AUTH6; --#ifdef HAVE_IPV6 - else if (prefixlen == 6) - name->flags &= ~AUTH4; --#endif - else - ret_err(gen_err); - } -@@ -2139,7 +2123,6 @@ static int one_opt(int option, char *arg - } - } - } --#ifdef HAVE_IPV6 - else if (inet_pton(AF_INET6, comma, &new->start6)) - { - u64 mask = (1LLU << (128 - msize)) - 1LLU; -@@ -2183,7 +2166,6 @@ static int one_opt(int option, char *arg - } - } - } --#endif - else - ret_err(gen_err); - } -@@ -2201,7 +2183,6 @@ static int one_opt(int option, char *arg - else if (!inet_pton(AF_INET, arg, &new->end)) - ret_err(gen_err); - } --#ifdef HAVE_IPV6 - else if (inet_pton(AF_INET6, comma, &new->start6)) - { - new->is6 = 1; -@@ -2210,7 +2191,6 @@ static int one_opt(int option, char *arg - else if (!inet_pton(AF_INET6, arg, &new->end6)) - ret_err(gen_err); - } --#endif - else - ret_err(gen_err); - -@@ -2369,7 +2349,6 @@ static int one_opt(int option, char *arg - new->addr.in.sin_len = sizeof(new->addr.in); - #endif - } --#ifdef HAVE_IPV6 - else if (arg && inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0) - { - new->addr.sa.sa_family = AF_INET6; -@@ -2380,7 +2359,6 @@ static int one_opt(int option, char *arg - new->addr.in6.sin6_len = sizeof(new->addr.in6); - #endif - } --#endif - else - ret_err(gen_err); - -@@ -2493,9 +2471,7 @@ static int one_opt(int option, char *arg - int size; - struct server *serv; - struct in_addr addr4; --#ifdef HAVE_IPV6 - struct in6_addr addr6; --#endif - - unhide_metas(arg); - if (!arg || !(comma=split(arg)) || !(string = split_chr(arg, '/')) || !atoi_check(string, &size)) -@@ -2507,10 +2483,8 @@ static int one_opt(int option, char *arg - if (!serv) - ret_err(_("bad prefix")); - } --#ifdef HAVE_IPV6 - else if (inet_pton(AF_INET6, arg, &addr6)) - serv = add_rev6(&addr6, size); --#endif - else - ret_err(gen_err); - -@@ -3863,10 +3837,8 @@ err: - { - if (strcmp(arg, "4") == 0) - new->family = AF_INET; --#ifdef HAVE_IPV6 - else if (strcmp(arg, "6") == 0) - new->family = AF_INET6; --#endif - else - ret_err(gen_err); - } -@@ -4156,10 +4128,8 @@ err: - new->ttl = atoi(arg); - else if (inet_pton(AF_INET, arg, &addr)) - new->addr = addr.addr.addr4; --#ifdef HAVE_IPV6 - else if (inet_pton(AF_INET6, arg, &addr)) - new->addr6 = addr.addr.addr6; --#endif - else - { - int nomem; -@@ -4866,10 +4836,8 @@ void read_opts(int argc, char **argv, ch - { - if (tmp->source_addr.sa.sa_family == AF_INET) - tmp->source_addr.in.sin_port = htons(daemon->query_port); --#ifdef HAVE_IPV6 - else if (tmp->source_addr.sa.sa_family == AF_INET6) - tmp->source_addr.in6.sin6_port = htons(daemon->query_port); --#endif - } - } - -@@ -4930,10 +4898,8 @@ void read_opts(int argc, char **argv, ch - for(tmp = daemon->if_addrs; tmp; tmp = tmp->next) - if (tmp->addr.sa.sa_family == AF_INET) - tmp->addr.in.sin_port = htons(daemon->port); --#ifdef HAVE_IPV6 - else if (tmp->addr.sa.sa_family == AF_INET6) - tmp->addr.in6.sin6_port = htons(daemon->port); --#endif /* IPv6 */ - } - - /* create default, if not specified */ ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -198,7 +198,6 @@ int in_arpa_name_2_addr(char *namein, st - - return F_IPV4; - } --#ifdef HAVE_IPV6 - else if (hostname_isequal(penchunk, "ip6") && - (hostname_isequal(lastchunk, "int") || hostname_isequal(lastchunk, "arpa"))) - { -@@ -243,7 +242,6 @@ int in_arpa_name_2_addr(char *namein, st - return F_IPV6; - } - } --#endif - - return 0; - } -@@ -426,7 +424,6 @@ int private_net(struct in_addr addr, int - ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF) /* 255.255.255.255/32 (broadcast)*/ ; - } - --#ifdef HAVE_IPV6 - static int private_net6(struct in6_addr *a) - { - return -@@ -436,8 +433,6 @@ static int private_net6(struct in6_addr - ((unsigned char *)a)[0] == 0xfd || /* RFC 6303 4.4 */ - ((u32 *)a)[0] == htonl(0x20010db8); /* RFC 6303 4.6 */ - } --#endif -- - - static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name, int *doctored) - { -@@ -738,13 +733,11 @@ int extract_addresses(struct dns_header - addrlen = INADDRSZ; - flags |= F_IPV4; - } --#ifdef HAVE_IPV6 - else if (qtype == T_AAAA) - { - addrlen = IN6ADDRSZ; - flags |= F_IPV6; - } --#endif - else - continue; - -@@ -818,7 +811,6 @@ int extract_addresses(struct dns_header - private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND))) - return 1; - --#ifdef HAVE_IPV6 - if ((flags & F_IPV6) && - IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6)) - { -@@ -827,7 +819,6 @@ int extract_addresses(struct dns_header - if (private_net(v4, !option_bool(OPT_LOCAL_REBIND))) - return 1; - } --#endif - } - - #ifdef HAVE_IPSET -@@ -966,7 +957,6 @@ size_t setup_reply(struct dns_header *he - add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); - } - --#ifdef HAVE_IPV6 - if (flags & F_IPV6) - { - SET_RCODE(header, NOERROR); -@@ -974,7 +964,6 @@ size_t setup_reply(struct dns_header *he - header->hb3 |= HB3_AA; - add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_AAAA, C_IN, "6", addrp); - } --#endif - } - else /* nowhere to forward to */ - { -@@ -1164,14 +1153,12 @@ int add_resource_record(struct dns_heade - for (; *format; format++) - switch (*format) - { --#ifdef HAVE_IPV6 - case '6': - CHECK_LIMIT(IN6ADDRSZ); - sval = va_arg(ap, char *); - memcpy(p, sval, IN6ADDRSZ); - p += IN6ADDRSZ; - break; --#endif - - case '4': - CHECK_LIMIT(INADDRSZ); -@@ -1413,7 +1400,6 @@ size_t answer_request(struct dns_header - while (intr->next && strcmp(intr->intr, intr->next->intr) == 0) - intr = intr->next; - } --#ifdef HAVE_IPV6 - else if (is_arpa == F_IPV6) - for (intr = daemon->int_names; intr; intr = intr->next) - { -@@ -1429,7 +1415,6 @@ size_t answer_request(struct dns_header - while (intr->next && strcmp(intr->intr, intr->next->intr) == 0) - intr = intr->next; - } --#endif - - if (intr) - { -@@ -1521,9 +1506,7 @@ size_t answer_request(struct dns_header - } - } - else if (option_bool(OPT_BOGUSPRIV) && ( --#ifdef HAVE_IPV6 - (is_arpa == F_IPV6 && private_net6(&addr.addr.addr6)) || --#endif - (is_arpa == F_IPV4 && private_net(addr.addr.addr4, 1)))) - { - struct server *serv; -@@ -1564,16 +1547,9 @@ size_t answer_request(struct dns_header - - for (flag = F_IPV4; flag; flag = (flag == F_IPV4) ? F_IPV6 : 0) - { -- unsigned short type = T_A; -+ unsigned short type = (flag == F_IPV6) ? T_AAAA : T_A; - struct interface_name *intr; - -- if (flag == F_IPV6) --#ifdef HAVE_IPV6 -- type = T_AAAA; --#else -- break; --#endif -- - if (qtype != type && qtype != T_ANY) - continue; - -@@ -1596,31 +1572,26 @@ size_t answer_request(struct dns_header - for (intr = daemon->int_names; intr; intr = intr->next) - if (hostname_isequal(name, intr->name)) - for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) --#ifdef HAVE_IPV6 -- if (!(addrlist->flags & ADDRLIST_IPV6)) --#endif -- if (is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) -- { -- localise = 1; -- break; -- } -+ if (!(addrlist->flags & ADDRLIST_IPV6) && -+ is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) -+ { -+ localise = 1; -+ break; -+ } - - for (intr = daemon->int_names; intr; intr = intr->next) - if (hostname_isequal(name, intr->name)) - { - for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) --#ifdef HAVE_IPV6 - if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type) --#endif - { - if (localise && - !is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) - continue; - --#ifdef HAVE_IPV6 - if (addrlist->flags & ADDRLIST_REVONLY) - continue; --#endif -+ - ans = 1; - sec_data = 0; - if (!dryrun) -@@ -1904,11 +1875,8 @@ size_t answer_request(struct dns_header - crecp = NULL; - while ((crecp = cache_find_by_name(crecp, rec->target, now, F_IPV4 | F_IPV6))) - { --#ifdef HAVE_IPV6 - int type = crecp->flags & F_IPV4 ? T_A : T_AAAA; --#else -- int type = T_A; --#endif -+ - if (crecp->flags & F_NEG) - continue; - ---- a/src/tables.c -+++ b/src/tables.c -@@ -108,7 +108,7 @@ int add_to_ipset(const char *setname, co - my_syslog(LOG_INFO, _("info: table created")); - - bzero(&addr, sizeof(addr)); --#ifdef HAVE_IPV6 -+ - if (flags & F_IPV6) - { - addr.pfra_af = AF_INET6; -@@ -116,7 +116,6 @@ int add_to_ipset(const char *setname, co - memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); - } - else --#endif - { - addr.pfra_af = AF_INET; - addr.pfra_net = 0x20; ---- a/src/tftp.c -+++ b/src/tftp.c -@@ -60,17 +60,11 @@ void tftp_request(struct listener *liste - char *prefix = daemon->tftp_prefix; - struct tftp_prefix *pref; - struct all_addr addra; --#ifdef HAVE_IPV6 - /* Can always get recvd interface for IPv6 */ - int check_dest = !option_bool(OPT_NOWILD) || listen->family == AF_INET6; --#else -- int check_dest = !option_bool(OPT_NOWILD); --#endif - union { - struct cmsghdr align; /* this ensures alignment */ --#ifdef HAVE_IPV6 - char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; --#endif - #if defined(HAVE_LINUX_NETWORK) - char control[CMSG_SPACE(sizeof(struct in_pktinfo))]; - #elif defined(HAVE_SOLARIS_NETWORK) -@@ -174,7 +168,6 @@ void tftp_request(struct listener *liste - - #endif - --#ifdef HAVE_IPV6 - if (listen->family == AF_INET6) - { - for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) -@@ -190,7 +183,6 @@ void tftp_request(struct listener *liste - if_index = p.p->ipi6_ifindex; - } - } --#endif - - if (!indextoname(listen->tftpfd, if_index, namebuff)) - return; -@@ -199,10 +191,8 @@ void tftp_request(struct listener *liste - - addra.addr.addr4 = addr.in.sin_addr; - --#ifdef HAVE_IPV6 - if (listen->family == AF_INET6) - addra.addr.addr6 = addr.in6.sin6_addr; --#endif - - if (daemon->tftp_interfaces) - { -@@ -262,7 +252,6 @@ void tftp_request(struct listener *liste - addr.in.sin_len = sizeof(addr.in); - #endif - } --#ifdef HAVE_IPV6 - else - { - addr.in6.sin6_port = htons(port); -@@ -272,7 +261,6 @@ void tftp_request(struct listener *liste - addr.in6.sin6_len = sizeof(addr.in6); - #endif - } --#endif - - if (!(transfer = whine_malloc(sizeof(struct tftp_transfer)))) - return; -@@ -310,10 +298,9 @@ void tftp_request(struct listener *liste - { - if (listen->family == AF_INET) - addr.in.sin_port = htons(port); --#ifdef HAVE_IPV6 - else -- addr.in6.sin6_port = htons(port); --#endif -+ addr.in6.sin6_port = htons(port); -+ - continue; - } - my_syslog(MS_TFTP | LOG_ERR, _("unable to get free port for TFTP")); ---- a/src/util.c -+++ b/src/util.c -@@ -320,13 +320,12 @@ int sockaddr_isequal(union mysockaddr *s - s1->in.sin_port == s2->in.sin_port && - s1->in.sin_addr.s_addr == s2->in.sin_addr.s_addr) - return 1; --#ifdef HAVE_IPV6 -+ - if (s1->sa.sa_family == AF_INET6 && - s1->in6.sin6_port == s2->in6.sin6_port && - s1->in6.sin6_scope_id == s2->in6.sin6_scope_id && - IN6_ARE_ADDR_EQUAL(&s1->in6.sin6_addr, &s2->in6.sin6_addr)) - return 1; --#endif - } - return 0; - } -@@ -336,11 +335,9 @@ int sa_len(union mysockaddr *addr) - #ifdef HAVE_SOCKADDR_SA_LEN - return addr->sa.sa_len; - #else --#ifdef HAVE_IPV6 - if (addr->sa.sa_family == AF_INET6) - return sizeof(addr->in6); - else --#endif - return sizeof(addr->in); - #endif - } -@@ -437,7 +434,6 @@ int is_same_net(struct in_addr a, struct - return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr); - } - --#ifdef HAVE_IPV6 - int is_same_net6(struct in6_addr *a, struct in6_addr *b, int prefixlen) - { - int pfbytes = prefixlen >> 3; -@@ -476,15 +472,12 @@ void setaddr6part(struct in6_addr *addr, - } - } - --#endif -- - - /* returns port number from address */ - int prettyprint_addr(union mysockaddr *addr, char *buf) - { - int port = 0; - --#ifdef HAVE_IPV6 - if (addr->sa.sa_family == AF_INET) - { - inet_ntop(AF_INET, &addr->in.sin_addr, buf, ADDRSTRLEN); -@@ -503,10 +496,6 @@ int prettyprint_addr(union mysockaddr *a - } - port = ntohs(addr->in6.sin6_port); - } --#else -- strcpy(buf, inet_ntoa(addr->in.sin_addr)); -- port = ntohs(addr->in.sin_port); --#endif - - return port; - } diff --git a/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch b/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch deleted file mode 100644 index cbf211a644..0000000000 --- a/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch +++ /dev/null @@ -1,52 +0,0 @@ -From cf5984367bc6a949e3803a576512c5a7bc48ebab Mon Sep 17 00:00:00 2001 -From: Vladislav Grishenko <themiron@mail.ru> -Date: Thu, 18 Oct 2018 04:55:21 +0500 -Subject: [PATCH 04/32] Don't forward *.bind/*.server queries upstream - -Chaos .bind and .server (RFC4892) zones are local, therefore -don't forward queries upstream to avoid mixing with supported -locally and false replies with NO_ID enabled. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/rfc1035.c | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -1276,7 +1276,7 @@ size_t answer_request(struct dns_header - int q, ans, anscount = 0, addncount = 0; - int dryrun = 0; - struct crec *crecp; -- int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1; -+ int nxdomain = 0, notimp = 0, auth = 1, trunc = 0, sec_data = 1; - struct mx_srv_record *rec; - size_t len; - -@@ -1355,6 +1355,17 @@ size_t answer_request(struct dns_header - } - } - -+ if (qclass == C_CHAOS) -+ { -+ /* don't forward *.bind and *.server chaos queries */ -+ if (hostname_issubdomain("bind", name) || hostname_issubdomain("server", name)) -+ { -+ if (!ans) -+ notimp = 1, auth = 0; -+ ans = 1; -+ } -+ } -+ - if (qclass == C_IN) - { - struct txt_record *t; -@@ -1903,6 +1914,8 @@ size_t answer_request(struct dns_header - - if (nxdomain) - SET_RCODE(header, NXDOMAIN); -+ else if (notimp) -+ SET_RCODE(header, NOTIMP); - else - SET_RCODE(header, NOERROR); /* no error */ - header->ancount = htons(anscount); diff --git a/package/network/services/dnsmasq/patches/0005-Fix-logging-in-cf5984367bc6a949e3803a576512c5a7bc48e.patch b/package/network/services/dnsmasq/patches/0005-Fix-logging-in-cf5984367bc6a949e3803a576512c5a7bc48e.patch deleted file mode 100644 index 473297bcdc..0000000000 --- a/package/network/services/dnsmasq/patches/0005-Fix-logging-in-cf5984367bc6a949e3803a576512c5a7bc48e.patch +++ /dev/null @@ -1,63 +0,0 @@ -From cbb5b17ad8e03e08ade62376a4f6a2066e55960d Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Tue, 23 Oct 2018 23:45:57 +0100 -Subject: [PATCH 05/32] Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/rfc1035.c | 27 ++++++++++++++++++--------- - 1 file changed, 18 insertions(+), 9 deletions(-) - ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -1335,7 +1335,6 @@ size_t answer_request(struct dns_header - { - unsigned long ttl = daemon->local_ttl; - int ok = 1; -- log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>"); - #ifndef NO_ID - /* Dynamically generate stat record */ - if (t->stat != 0) -@@ -1345,11 +1344,14 @@ size_t answer_request(struct dns_header - ok = 0; - } - #endif -- if (ok && add_resource_record(header, limit, &trunc, nameoffset, &ansp, -- ttl, NULL, -- T_TXT, t->class, "t", t->len, t->txt)) -- anscount++; -- -+ if (ok) -+ { -+ log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>"); -+ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, -+ ttl, NULL, -+ T_TXT, t->class, "t", t->len, t->txt)) -+ anscount++; -+ } - } - } - } -@@ -1357,12 +1359,19 @@ size_t answer_request(struct dns_header - - if (qclass == C_CHAOS) - { -- /* don't forward *.bind and *.server chaos queries */ -+ /* don't forward *.bind and *.server chaos queries - always reply with NOTIMP */ - if (hostname_issubdomain("bind", name) || hostname_issubdomain("server", name)) - { - if (!ans) -- notimp = 1, auth = 0; -- ans = 1; -+ { -+ notimp = 1, auth = 0; -+ if (!dryrun) -+ { -+ addr.addr.rcode.rcode = NOTIMP; -+ log_query(F_CONFIG | F_RCODE, name, &addr, NULL); -+ } -+ ans = 1; -+ } - } - } - diff --git a/package/network/services/dnsmasq/patches/0006-Fix-spurious-AD-flags-in-some-DNS-replies-from-local.patch b/package/network/services/dnsmasq/patches/0006-Fix-spurious-AD-flags-in-some-DNS-replies-from-local.patch deleted file mode 100644 index bebc7ba453..0000000000 --- a/package/network/services/dnsmasq/patches/0006-Fix-spurious-AD-flags-in-some-DNS-replies-from-local.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 6f7812d97bc8f87004c0a5069c6c94c64af78106 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Tue, 23 Oct 2018 23:54:44 +0100 -Subject: [PATCH 06/32] Fix spurious AD flags in some DNS replies from local - config. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/rfc1035.c | 42 ++++++++++++++++++++++++------------------ - 1 file changed, 24 insertions(+), 18 deletions(-) - ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -1330,7 +1330,7 @@ size_t answer_request(struct dns_header - { - if (t->class == qclass && hostname_isequal(name, t->name)) - { -- ans = 1; -+ ans = 1, sec_data = 0; - if (!dryrun) - { - unsigned long ttl = daemon->local_ttl; -@@ -1370,7 +1370,7 @@ size_t answer_request(struct dns_header - addr.addr.rcode.rcode = NOTIMP; - log_query(F_CONFIG | F_RCODE, name, &addr, NULL); - } -- ans = 1; -+ ans = 1, sec_data = 0; - } - } - } -@@ -1725,7 +1725,7 @@ size_t answer_request(struct dns_header - } - else if (is_name_synthetic(flag, name, &addr)) - { -- ans = 1; -+ ans = 1, sec_data = 0; - if (!dryrun) - { - log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL); -@@ -1763,25 +1763,27 @@ size_t answer_request(struct dns_header - for (rec = daemon->mxnames; rec; rec = rec->next) - if (!rec->issrv && hostname_isequal(name, rec->name)) - { -- ans = found = 1; -- if (!dryrun) -- { -- int offset; -- log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>"); -- if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, -- &offset, T_MX, C_IN, "sd", rec->weight, rec->target)) -- { -- anscount++; -- if (rec->target) -- rec->offset = offset; -- } -- } -+ ans = found = 1; -+ sec_data = 0; -+ if (!dryrun) -+ { -+ int offset; -+ log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>"); -+ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, -+ &offset, T_MX, C_IN, "sd", rec->weight, rec->target)) -+ { -+ anscount++; -+ if (rec->target) -+ rec->offset = offset; -+ } -+ } - } - - if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) && - cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP | F_NO_RR)) - { - ans = 1; -+ sec_data = 0; - if (!dryrun) - { - log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>"); -@@ -1802,6 +1804,7 @@ size_t answer_request(struct dns_header - if (rec->issrv && hostname_isequal(name, rec->name)) - { - found = ans = 1; -+ sec_data = 0; - if (!dryrun) - { - int offset; -@@ -1838,6 +1841,7 @@ size_t answer_request(struct dns_header - if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_')))) - { - ans = 1; -+ sec_data = 0; - if (!dryrun) - log_query(F_CONFIG | F_NEG, name, NULL, NULL); - } -@@ -1850,6 +1854,7 @@ size_t answer_request(struct dns_header - if (hostname_isequal(name, na->name)) - { - ans = 1; -+ sec_data = 0; - if (!dryrun) - { - log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>"); -@@ -1862,11 +1867,12 @@ size_t answer_request(struct dns_header - } - - if (qtype == T_MAILB) -- ans = 1, nxdomain = 1; -+ ans = 1, nxdomain = 1, sec_data = 0; - - if (qtype == T_SOA && option_bool(OPT_FILTER)) - { -- ans = 1; -+ ans = 1; -+ sec_data = 0; - if (!dryrun) - log_query(F_CONFIG | F_NEG, name, &addr, NULL); - } diff --git a/package/network/services/dnsmasq/patches/0007-Do-not-rely-on-dead-code-elimination-use-array-inste.patch b/package/network/services/dnsmasq/patches/0007-Do-not-rely-on-dead-code-elimination-use-array-inste.patch deleted file mode 100644 index 79347920dc..0000000000 --- a/package/network/services/dnsmasq/patches/0007-Do-not-rely-on-dead-code-elimination-use-array-inste.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 24b87607c1353e94689e8a2190571ab3f3b36f31 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> -Date: Wed, 24 Oct 2018 22:30:18 +0100 -Subject: [PATCH 07/32] Do not rely on dead code elimination, use array - instead. Make options bits derived from size and count. Use size of option - bits and last supported bit in computation. No new change would be required - when new options are added. Just change OPT_LAST constant. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/dnsmasq.h | 11 +++++++---- - src/option.c | 10 ++-------- - 2 files changed, 9 insertions(+), 12 deletions(-) - ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -200,9 +200,6 @@ struct event_desc { - #define EC_MISC 5 - #define EC_INIT_OFFSET 10 - --/* Trust the compiler dead-code eliminator.... */ --#define option_bool(x) (((x) < 32) ? daemon->options & (1u << (x)) : daemon->options2 & (1u << ((x) - 32))) -- - #define OPT_BOGUSPRIV 0 - #define OPT_FILTER 1 - #define OPT_LOG 2 -@@ -264,6 +261,12 @@ struct event_desc { - #define OPT_UBUS 58 - #define OPT_LAST 59 - -+#define OPTION_BITS (sizeof(unsigned int)*8) -+#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) ) -+#define option_var(x) (daemon->options[(x) / OPTION_BITS]) -+#define option_val(x) ((1u) << ((x) % OPTION_BITS)) -+#define option_bool(x) (option_var(x) & option_val(x)) -+ - /* extra flags for my_syslog, we use a couple of facilities since they are known - not to occupy the same bits as priorities, no matter how syslog.h is set up. */ - #define MS_TFTP LOG_USER -@@ -978,7 +981,7 @@ extern struct daemon { - config file arguments. All set (including defaults) - in option.c */ - -- unsigned int options, options2; -+ unsigned int options[OPTION_SIZE]; - struct resolvc default_resolv, *resolv_files; - time_t last_resolv; - char *servers_file; ---- a/src/option.c -+++ b/src/option.c -@@ -1490,18 +1490,12 @@ static int parse_dhcp_opt(char *errstr, - - void set_option_bool(unsigned int opt) - { -- if (opt < 32) -- daemon->options |= 1u << opt; -- else -- daemon->options2 |= 1u << (opt - 32); -+ option_var(opt) |= option_val(opt); - } - - void reset_option_bool(unsigned int opt) - { -- if (opt < 32) -- daemon->options &= ~(1u << opt); -- else -- daemon->options2 &= ~(1u << (opt - 32)); -+ option_var(opt) &= ~(option_val(opt)); - } - - static int one_opt(int option, char *arg, char *errstr, char *gen_err, int command_line, int servers_only) diff --git a/package/network/services/dnsmasq/patches/0008-Fix-Makefile-lines-generating-UBUS-linker-config.patch b/package/network/services/dnsmasq/patches/0008-Fix-Makefile-lines-generating-UBUS-linker-config.patch deleted file mode 100644 index 766aad2637..0000000000 --- a/package/network/services/dnsmasq/patches/0008-Fix-Makefile-lines-generating-UBUS-linker-config.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 3a5a84cdd1488bad118eeac72d09a60299bca744 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Wed, 31 Oct 2018 21:30:13 +0000 -Subject: [PATCH 08/32] Fix Makefile lines generating UBUS linker config. - -If arg2 of pkg-wrapper is "--copy", then arg1 is NOT the name of -the package manager (--copy doesn't invoke it) it's a secondary -config string that inhibts the copy if found. This patch allows that -to be the empty string, for unconditional copy, and modifies the -ubus linker config to use it. It worked by coincidence before, because -there was no config string called "pkg-config". - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - Makefile | 2 +- - bld/pkg-wrapper | 14 ++++++++------ - 2 files changed, 9 insertions(+), 7 deletions(-) - ---- a/Makefile -+++ b/Makefile -@@ -53,7 +53,7 @@ top?=$(CURDIR) - - dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1` - dbus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` --ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS $(PKG_CONFIG) --copy -lubox -lubus` -+ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS "" --copy -lubox -lubus` - idn_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn` - idn_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn` - idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --cflags libidn2` ---- a/bld/pkg-wrapper -+++ b/bld/pkg-wrapper -@@ -11,23 +11,25 @@ in=`cat` - - if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \ - echo $in | grep $search >/dev/null 2>&1; then --# Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP -+# Nasty, nasty, in --copy, arg 2 (if non-empty) is another config to search for, used with NO_GMP - if [ $op = "--copy" ]; then -- if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \ -- echo $in | grep $pkg >/dev/null 2>&1; then -+ if [ -z "$pkg" ]; then -+ pkg="$*" -+ elif grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \ -+ echo $in | grep $pkg >/dev/null 2>&1; then - pkg="" - else - pkg="$*" - fi - elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ -- echo $in | grep ${search}_STATIC >/dev/null 2>&1; then -+ echo $in | grep ${search}_STATIC >/dev/null 2>&1; then - pkg=`$pkg --static $op $*` - else - pkg=`$pkg $op $*` - fi -- -+ - if grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ -- echo $in | grep ${search}_STATIC >/dev/null 2>&1; then -+ echo $in | grep ${search}_STATIC >/dev/null 2>&1; then - if [ $op = "--libs" ] || [ $op = "--copy" ]; then - echo "-Wl,-Bstatic $pkg -Wl,-Bdynamic" - else diff --git a/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch b/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch deleted file mode 100644 index 32468ae5a7..0000000000 --- a/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 122392e0b352507cabb9e982208d35d2e56902e0 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Wed, 31 Oct 2018 22:24:02 +0000 -Subject: [PATCH 09/32] Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e - -The above is intended to increase robustness, but actually does the -opposite. The problem is that by ignoring SERVFAIL messages and hoping -for a better answer from another of the servers we've forwarded to, -we become vulnerable in the case that one or more of the configured -servers is down or not responding. - -Consider the case that a domain is indeed BOGUS, and we've send the -query to n servers. With 68f6312d4bae30b78daafcd6f51dc441b8685b1e -we ignore the first n-1 SERVFAIL replies, and only return the -final n'th answer to the client. Now, if one of the servers we are -forwarding to is down, then we won't get all n replies, and the -client will never get an answer! This is a far more likely scenario -than a temporary SERVFAIL from only one of a set of notionally identical -servers, so, on the ground of robustness, we have to believe -any SERVFAIL answers we get, and return them to the client. - -The client could be using the same recursive servers we are, -so it should, in theory, retry on SERVFAIL anyway. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/forward.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - ---- a/src/forward.c -+++ b/src/forward.c -@@ -957,8 +957,7 @@ void reply_query(int fd, int family, tim - we get a good reply from another server. Kill it when we've - had replies from all to avoid filling the forwarding table when - everything is broken */ -- if (forward->forwardall == 0 || --forward->forwardall == 1 || -- (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL)) -+ if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED) - { - int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0; - diff --git a/package/network/services/dnsmasq/patches/0010-Remove-the-NO_FORK-compile-time-option-and-support-f.patch b/package/network/services/dnsmasq/patches/0010-Remove-the-NO_FORK-compile-time-option-and-support-f.patch deleted file mode 100644 index 78f31d0c2d..0000000000 --- a/package/network/services/dnsmasq/patches/0010-Remove-the-NO_FORK-compile-time-option-and-support-f.patch +++ /dev/null @@ -1,199 +0,0 @@ -From 48d12f14c9c0fc8cf943b52774c3892517dd72d4 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Fri, 2 Nov 2018 21:55:04 +0000 -Subject: [PATCH 10/32] Remove the NO_FORK compile-time option, and support for - uclinux. - -In an era where everything has an MMU, this looks like -an anachronism, and it adds to (Ok, multiplies!) the -combinatorial explosion of compile-time options. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - CHANGELOG | 6 ++++++ - src/config.h | 21 ++------------------- - src/dnsmasq.c | 14 -------------- - src/option.c | 4 +--- - 4 files changed, 9 insertions(+), 36 deletions(-) - ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -11,6 +11,12 @@ version 2.81 - This fix passes cache entries back from the TCP child process to - the main server process, and fixes the problem. - -+ Remove the NO_FORK compile-time option, and support for uclinux. -+ In an era where everything has an MMU, this looks like -+ an anachronism, and it adds to (Ok, multiplies!) the -+ combinatorial explosion of compile-time options. Thanks to -+ Kevin Darbyshire-Bryant for the patch. -+ - - version 2.80 - Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method ---- a/src/config.h -+++ b/src/config.h -@@ -239,27 +239,13 @@ HAVE_SOCKADDR_SA_LEN - defined if struct sockaddr has sa_len field (*BSD) - */ - --/* Must precede __linux__ since uClinux defines __linux__ too. */ --#if defined(__uClinux__) --#define HAVE_LINUX_NETWORK --#define HAVE_GETOPT_LONG --#undef HAVE_SOCKADDR_SA_LEN --/* Never use fork() on uClinux. Note that this is subtly different from the -- --keep-in-foreground option, since it also suppresses forking new -- processes for TCP connections and disables the call-a-script on leasechange -- system. It's intended for use on MMU-less kernels. */ --#define NO_FORK -- --#elif defined(__UCLIBC__) -+#if defined(__UCLIBC__) - #define HAVE_LINUX_NETWORK - #if defined(__UCLIBC_HAS_GNU_GETOPT__) || \ - ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21)) - # define HAVE_GETOPT_LONG - #endif - #undef HAVE_SOCKADDR_SA_LEN --#if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__) --# define NO_FORK --#endif - #if defined(__UCLIBC_HAS_IPV6__) - # ifndef IPV6_V6ONLY - # define IPV6_V6ONLY 26 -@@ -328,7 +314,7 @@ HAVE_SOCKADDR_SA_LEN - #define HAVE_DHCP - #endif - --#if defined(NO_SCRIPT) || defined(NO_FORK) -+#if defined(NO_SCRIPT) - #undef HAVE_SCRIPT - #undef HAVE_LUASCRIPT - #endif -@@ -372,9 +358,6 @@ static char *compile_opts = - #ifdef HAVE_BROKEN_RTC - "no-RTC " - #endif --#ifdef NO_FORK --"no-MMU " --#endif - #ifndef HAVE_DBUS - "no-" - #endif ---- a/src/dnsmasq.c -+++ b/src/dnsmasq.c -@@ -485,7 +485,6 @@ int main (int argc, char **argv) - if (chdir("/") != 0) - die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC); - --#ifndef NO_FORK - if (!option_bool(OPT_NO_FORK)) - { - pid_t pid; -@@ -525,7 +524,6 @@ int main (int argc, char **argv) - if (pid != 0) - _exit(0); - } --#endif - - /* write pidfile _after_ forking ! */ - if (daemon->runfile) -@@ -1628,12 +1626,10 @@ static int set_dns_listeners(time_t now) - - } - --#ifndef NO_FORK - if (!option_bool(OPT_DEBUG)) - for (i = 0; i < MAX_PROCS; i++) - if (daemon->tcp_pipes[i] != -1) - poll_listen(daemon->tcp_pipes[i], POLLIN); --#endif - - return wait; - } -@@ -1643,9 +1639,7 @@ static void check_dns_listeners(time_t n - struct serverfd *serverfdp; - struct listener *listener; - int i; --#ifndef NO_FORK - int pipefd[2]; --#endif - - for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) - if (poll_check(serverfdp->fd, POLLIN)) -@@ -1657,7 +1651,6 @@ static void check_dns_listeners(time_t n - poll_check(daemon->randomsocks[i].fd, POLLIN)) - reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now); - --#ifndef NO_FORK - /* Races. The child process can die before we read all of the data from the - pipe, or vice versa. Therefore send tcp_pids to zero when we wait() the - process, and tcp_pipes to -1 and close the FD when we read the last -@@ -1674,7 +1667,6 @@ static void check_dns_listeners(time_t n - close(daemon->tcp_pipes[i]); - daemon->tcp_pipes[i] = -1; - } --#endif - - for (listener = daemon->listeners; listener; listener = listener->next) - { -@@ -1768,7 +1760,6 @@ static void check_dns_listeners(time_t n - shutdown(confd, SHUT_RDWR); - while (retry_send(close(confd))); - } --#ifndef NO_FORK - else if (!option_bool(OPT_DEBUG) && pipe(pipefd) == 0 && (p = fork()) != 0) - { - close(pipefd[1]); /* parent needs read pipe end. */ -@@ -1791,7 +1782,6 @@ static void check_dns_listeners(time_t n - /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */ - daemon->log_id += TCP_MAX_QUERIES; - } --#endif - else - { - unsigned char *buff; -@@ -1811,7 +1801,6 @@ static void check_dns_listeners(time_t n - auth_dns = 0; - } - --#ifndef NO_FORK - /* Arrange for SIGALRM after CHILD_LIFETIME seconds to - terminate the process. */ - if (!option_bool(OPT_DEBUG)) -@@ -1820,7 +1809,6 @@ static void check_dns_listeners(time_t n - close(pipefd[0]); /* close read end in child. */ - daemon->pipe_to_parent = pipefd[1]; - } --#endif - - /* start with no upstream connections. */ - for (s = daemon->servers; s; s = s->next) -@@ -1846,13 +1834,11 @@ static void check_dns_listeners(time_t n - shutdown(s->tcpfd, SHUT_RDWR); - while (retry_send(close(s->tcpfd))); - } --#ifndef NO_FORK - if (!option_bool(OPT_DEBUG)) - { - flush_log(); - _exit(0); - } --#endif - } - } - } ---- a/src/option.c -+++ b/src/option.c -@@ -1828,9 +1828,7 @@ static int one_opt(int option, char *arg - /* Sorry about the gross pre-processor abuse */ - case '6': /* --dhcp-script */ - case LOPT_LUASCRIPT: /* --dhcp-luascript */ --# if defined(NO_FORK) -- ret_err(_("cannot run scripts under uClinux")); --# elif !defined(HAVE_SCRIPT) -+# if !defined(HAVE_SCRIPT) - ret_err(_("recompile with HAVE_SCRIPT defined to enable lease-change scripts")); - # else - if (option == LOPT_LUASCRIPT) diff --git a/package/network/services/dnsmasq/patches/0011-Free-config-file-values-on-parsing-errors.patch b/package/network/services/dnsmasq/patches/0011-Free-config-file-values-on-parsing-errors.patch deleted file mode 100644 index 0b53b30057..0000000000 --- a/package/network/services/dnsmasq/patches/0011-Free-config-file-values-on-parsing-errors.patch +++ /dev/null @@ -1,1199 +0,0 @@ -From 59e470381f84f2fdf0640c7bc67827f3f0c64784 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> -Date: Fri, 2 Nov 2018 22:39:39 +0000 -Subject: [PATCH 11/32] Free config file values on parsing errors. - -This time I have a little bit more controversal patches. But I think -still useful. They fixes memory leaks that might occur in some cases. -Most dnsmasq errors is fatal, so it does not matter. But some are not. -Some parts are reloaded on SIGHUP signal, so it might leak more than once. - -Some example when it changes the failures. Use dhcp-options file with -this content: - -tag:error,vendor:redhat -option:ntp-server,1.2.3.4.5 -option6:ntp-server,[:::] - -Is not fatal and dnsmasq will start. On each reload command, it would -leak some memory. I validated it using valgrind --leak-check=full -dnsmasq -d. This patch fixes it. It introduces something that might be -considered constructor and destructor of selected structures. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/option.c | 533 ++++++++++++++++++++++++++++++++++----------------- - 1 file changed, 352 insertions(+), 181 deletions(-) - ---- a/src/option.c -+++ b/src/option.c -@@ -577,14 +577,15 @@ static void *opt_malloc(size_t size) - return ret; - } - --static char *opt_string_alloc(char *cp) -+static char *opt_string_alloc(const char *cp) - { - char *ret = NULL; -+ size_t len; - -- if (cp && strlen(cp) != 0) -+ if (cp && (len = strlen(cp)) != 0) - { -- ret = opt_malloc(strlen(cp)+1); -- strcpy(ret, cp); -+ ret = opt_malloc(len+1); -+ memcpy(ret, cp, len+1); - - /* restore hidden metachars */ - unhide_metas(ret); -@@ -759,6 +760,8 @@ static void do_usage(void) - } - - #define ret_err(x) do { strcpy(errstr, (x)); return 0; } while (0) -+#define ret_err_free(x,m) do { strcpy(errstr, (x)); free((m)); return 0; } while (0) -+#define goto_err(x) do { strcpy(errstr, (x)); goto on_error; } while (0) - - static char *parse_mysockaddr(char *arg, union mysockaddr *addr) - { -@@ -904,6 +907,8 @@ static struct server *add_rev4(struct in - p += sprintf(p, "%d.", (a >> 24) & 0xff); - break; - default: -+ free(serv->domain); -+ free(serv); - return NULL; - } - -@@ -958,6 +963,97 @@ static char *set_prefix(char *arg) - return arg; - } - -+static struct dhcp_netid * -+dhcp_netid_create(const char *net, struct dhcp_netid *next) -+{ -+ struct dhcp_netid *tt; -+ tt = opt_malloc(sizeof (struct dhcp_netid)); -+ tt->net = opt_string_alloc(net); -+ tt->next = next; -+ return tt; -+} -+ -+static void dhcp_netid_free(struct dhcp_netid *nid) -+{ -+ while (nid) -+ { -+ struct dhcp_netid *tmp = nid; -+ nid = nid->next; -+ free(tmp->net); -+ free(tmp); -+ } -+} -+ -+/* Parse one or more tag:s before parameters. -+ * Moves arg to the end of tags. */ -+static struct dhcp_netid * dhcp_tags(char **arg) -+{ -+ struct dhcp_netid *id = NULL; -+ -+ while (is_tag_prefix(*arg)) -+ { -+ char *comma = split(*arg); -+ id = dhcp_netid_create((*arg)+4, id); -+ *arg = comma; -+ }; -+ if (!*arg) -+ { -+ dhcp_netid_free(id); -+ id = NULL; -+ } -+ return id; -+} -+ -+static void dhcp_netid_list_free(struct dhcp_netid_list *netid) -+{ -+ while (netid) -+ { -+ struct dhcp_netid_list *tmplist = netid; -+ netid = netid->next; -+ dhcp_netid_free(tmplist->list); -+ free(tmplist); -+ } -+} -+ -+static void dhcp_config_free(struct dhcp_config *config) -+{ -+ if (config) -+ { -+ struct hwaddr_config *hwaddr = config->hwaddr; -+ while (hwaddr) -+ { -+ struct hwaddr_config *tmp = hwaddr; -+ hwaddr = hwaddr->next; -+ free(tmp); -+ } -+ dhcp_netid_list_free(config->netid); -+ if (config->flags & CONFIG_CLID) -+ free(config->clid); -+ free(config); -+ } -+} -+ -+static void dhcp_context_free(struct dhcp_context *ctx) -+{ -+ if (ctx) -+ { -+ dhcp_netid_free(ctx->filter); -+ free(ctx->netid.net); -+ free(ctx->template_interface); -+ free(ctx); -+ } -+} -+ -+static void dhcp_opt_free(struct dhcp_opt *opt) -+{ -+ if (opt->flags & DHOPT_VENDOR) -+ free(opt->u.vendor_class); -+ dhcp_netid_free(opt->netid); -+ free(opt->val); -+ free(opt); -+} -+ -+ - /* This is too insanely large to keep in-line in the switch */ - static int parse_dhcp_opt(char *errstr, char *arg, int flags) - { -@@ -965,7 +1061,6 @@ static int parse_dhcp_opt(char *errstr, - char lenchar = 0, *cp; - int addrs, digs, is_addr, is_addr6, is_hex, is_dec, is_string, dots; - char *comma = NULL; -- struct dhcp_netid *np = NULL; - u16 opt_len = 0; - int is6 = 0; - int option_ok = 0; -@@ -1052,14 +1147,9 @@ static int parse_dhcp_opt(char *errstr, - } - else - { -- new->netid = opt_malloc(sizeof (struct dhcp_netid)); - /* allow optional "net:" or "tag:" for consistency */ -- if (is_tag_prefix(arg)) -- new->netid->net = opt_string_alloc(arg+4); -- else -- new->netid->net = opt_string_alloc(set_prefix(arg)); -- new->netid->next = np; -- np = new->netid; -+ const char *name = (is_tag_prefix(arg)) ? arg+4 : set_prefix(arg); -+ new->netid = dhcp_netid_create(name, new->netid); - } - - arg = comma; -@@ -1069,7 +1159,7 @@ static int parse_dhcp_opt(char *errstr, - if (is6) - { - if (new->flags & (DHOPT_VENDOR | DHOPT_ENCAPSULATE)) -- ret_err(_("unsupported encapsulation for IPv6 option")); -+ goto_err(_("unsupported encapsulation for IPv6 option")); - - if (opt_len == 0 && - !(new->flags & DHOPT_RFC3925)) -@@ -1083,7 +1173,7 @@ static int parse_dhcp_opt(char *errstr, - - /* option may be missing with rfc3925 match */ - if (!option_ok) -- ret_err(_("bad dhcp-option")); -+ goto_err(_("bad dhcp-option")); - - if (comma) - { -@@ -1151,10 +1241,10 @@ static int parse_dhcp_opt(char *errstr, - is_string = is_dec = is_hex = 0; - - if (!is6 && (!is_addr || dots == 0)) -- ret_err(_("bad IP address")); -+ goto_err(_("bad IP address")); - - if (is6 && !is_addr6) -- ret_err(_("bad IPv6 address")); -+ goto_err(_("bad IPv6 address")); - } - /* or names */ - else if (opt_len & (OT_NAME | OT_RFC1035_NAME | OT_CSTRING)) -@@ -1247,7 +1337,7 @@ static int parse_dhcp_opt(char *errstr, - comma = split(cp); - slash = split_chr(cp, '/'); - if (!inet_pton(AF_INET, cp, &in)) -- ret_err(_("bad IPv4 address")); -+ goto_err(_("bad IPv4 address")); - if (!slash) - { - memcpy(op, &in, INADDRSZ); -@@ -1292,8 +1382,8 @@ static int parse_dhcp_opt(char *errstr, - op += IN6ADDRSZ; - continue; - } -- -- ret_err(_("bad IPv6 address")); -+ -+ goto_err(_("bad IPv6 address")); - } - new->len = op - new->val; - } -@@ -1320,7 +1410,7 @@ static int parse_dhcp_opt(char *errstr, - if (strcmp (arg, ".") != 0) - { - if (!(dom = canonicalise_opt(arg))) -- ret_err(_("bad domain in dhcp-option")); -+ goto_err(_("bad domain in dhcp-option")); - - domlen = strlen(dom) + 2; - } -@@ -1414,7 +1504,7 @@ static int parse_dhcp_opt(char *errstr, - { - char *dom = canonicalise_opt(arg); - if (!dom) -- ret_err(_("bad domain in dhcp-option")); -+ goto_err(_("bad domain in dhcp-option")); - - newp = opt_malloc(len + strlen(dom) + 2); - -@@ -1452,14 +1542,14 @@ static int parse_dhcp_opt(char *errstr, - ((new->len > 255) || - (new->len > 253 && (new->flags & (DHOPT_VENDOR | DHOPT_ENCAPSULATE))) || - (new->len > 250 && (new->flags & DHOPT_RFC3925)))) -- ret_err(_("dhcp-option too long")); -+ goto_err(_("dhcp-option too long")); - - if (flags == DHOPT_MATCH) - { - if ((new->flags & (DHOPT_ENCAPSULATE | DHOPT_VENDOR)) || - !new->netid || - new->netid->next) -- ret_err(_("illegal dhcp-match")); -+ goto_err(_("illegal dhcp-match")); - - if (is6) - { -@@ -1484,6 +1574,9 @@ static int parse_dhcp_opt(char *errstr, - } - - return 1; -+on_error: -+ dhcp_opt_free(new); -+ return 0; - } - - #endif -@@ -1498,6 +1591,16 @@ void reset_option_bool(unsigned int opt) - option_var(opt) &= ~(option_val(opt)); - } - -+static void server_list_free(struct server *list) -+{ -+ while (list) -+ { -+ struct server *tmp = list; -+ list = list->next; -+ free(tmp); -+ } -+} -+ - static int one_opt(int option, char *arg, char *errstr, char *gen_err, int command_line, int servers_only) - { - int i; -@@ -1679,13 +1782,13 @@ static int one_opt(int option, char *arg - /* has subnet+len */ - err = parse_mysockaddr(arg, &new->addr); - if (err) -- ret_err(err); -+ ret_err_free(err, new); - if (!atoi_check(end, &new->mask)) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - new->addr_used = 1; - } - else if (!atoi_check(arg, &new->mask)) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - - daemon->add_subnet4 = new; - -@@ -1697,15 +1800,15 @@ static int one_opt(int option, char *arg - /* has subnet+len */ - err = parse_mysockaddr(comma, &new->addr); - if (err) -- ret_err(err); -+ ret_err_free(err, new); - if (!atoi_check(end, &new->mask)) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - new->addr_used = 1; - } - else - { - if (!atoi_check(comma, &new->mask)) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - } - - daemon->add_subnet6 = new; -@@ -1912,7 +2015,10 @@ static int one_opt(int option, char *arg - else if (strcmp(fam, "6") == 0) - new->addr.sa.sa_family = AF_INET6; - else -- ret_err(gen_err); -+ { -+ free(new->name); -+ ret_err_free(gen_err, new); -+ } - } - } - new->next = daemon->authinterface; -@@ -2077,7 +2183,7 @@ static int one_opt(int option, char *arg - - arg = split(netpart); - if (!atoi_check(netpart, &msize)) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - else if (inet_pton(AF_INET, comma, &new->start)) - { - int mask = (1 << (32 - msize)) - 1; -@@ -2090,18 +2196,18 @@ static int one_opt(int option, char *arg - { - if (!(new->prefix = canonicalise_opt(arg)) || - strlen(new->prefix) > MAXLABEL - INET_ADDRSTRLEN) -- ret_err(_("bad prefix")); -+ ret_err_free(_("bad prefix"), new); - } - else if (strcmp(arg, "local") != 0 || - (msize != 8 && msize != 16 && msize != 24)) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - else - { - /* generate the equivalent of - local=/xxx.yyy.zzz.in-addr.arpa/ */ - struct server *serv = add_rev4(new->start, msize); - if (!serv) -- ret_err(_("bad prefix")); -+ ret_err_free(_("bad prefix"), new); - - serv->flags |= SERV_NO_ADDR; - -@@ -2130,17 +2236,17 @@ static int one_opt(int option, char *arg - setaddr6part(&new->end6, addrpart | mask); - - if (msize < 64) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - else if (arg) - { - if (option != 's') - { - if (!(new->prefix = canonicalise_opt(arg)) || - strlen(new->prefix) > MAXLABEL - INET6_ADDRSTRLEN) -- ret_err(_("bad prefix")); -+ ret_err_free(_("bad prefix"), new); - } - else if (strcmp(arg, "local") != 0 || ((msize & 4) != 0)) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - else - { - /* generate the equivalent of -@@ -2159,7 +2265,7 @@ static int one_opt(int option, char *arg - } - } - else -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - } - else - { -@@ -2173,7 +2279,7 @@ static int one_opt(int option, char *arg - if (!arg) - new->end.s_addr = new->start.s_addr; - else if (!inet_pton(AF_INET, arg, &new->end)) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - } - else if (inet_pton(AF_INET6, comma, &new->start6)) - { -@@ -2181,16 +2287,16 @@ static int one_opt(int option, char *arg - if (!arg) - memcpy(&new->end6, &new->start6, IN6ADDRSZ); - else if (!inet_pton(AF_INET6, arg, &new->end6)) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - } - else -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - - if (option != 's' && prefstr) - { - if (!(new->prefix = canonicalise_opt(prefstr)) || - strlen(new->prefix) > MAXLABEL - INET_ADDRSTRLEN) -- ret_err(_("bad prefix")); -+ ret_err_free(_("bad prefix"), new); - } - } - -@@ -2352,7 +2458,7 @@ static int one_opt(int option, char *arg - #endif - } - else -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - - new->used = 0; - if (option == 'a') -@@ -2423,7 +2529,10 @@ static int one_opt(int option, char *arg - { - newlist->flags |= SERV_LITERAL_ADDRESS; - if (!(newlist->flags & SERV_TYPE)) -- ret_err(gen_err); -+ { -+ server_list_free(newlist); -+ ret_err(gen_err); -+ } - } - else if (option == LOPT_NO_REBIND) - newlist->flags |= SERV_NO_REBIND; -@@ -2440,7 +2549,10 @@ static int one_opt(int option, char *arg - { - char *err = parse_server(arg, &newlist->addr, &newlist->source_addr, newlist->interface, &newlist->flags); - if (err) -- ret_err(err); -+ { -+ server_list_free(newlist); -+ ret_err(err); -+ } - } - - serv = newlist; -@@ -2776,21 +2888,19 @@ static int one_opt(int option, char *arg - { - if (is_tag_prefix(arg)) - { -- struct dhcp_netid *tt = opt_malloc(sizeof (struct dhcp_netid)); -- tt->net = opt_string_alloc(arg+4); -- tt->next = new->filter; - /* ignore empty tag */ -- if (tt->net) -- new->filter = tt; -+ if (arg[4]) -+ new->filter = dhcp_netid_create(arg+4, new->filter); - } - else - { - if (new->netid.net) -- ret_err(_("only one tag allowed")); -- else if (strstr(arg, "set:") == arg) -- new->netid.net = opt_string_alloc(arg+4); -+ { -+ dhcp_context_free(new); -+ ret_err(_("only one tag allowed")); -+ } - else -- new->netid.net = opt_string_alloc(arg); -+ new->netid.net = opt_string_alloc(set_prefix(arg)); - } - arg = comma; - } -@@ -2806,7 +2916,10 @@ static int one_opt(int option, char *arg - break; - - if (k < 2) -- ret_err(_("bad dhcp-range")); -+ { -+ dhcp_context_free(new); -+ ret_err(_("bad dhcp-range")); -+ } - - if (inet_pton(AF_INET, a[0], &new->start)) - { -@@ -2818,7 +2931,10 @@ static int one_opt(int option, char *arg - else if (strcmp(a[1], "proxy") == 0) - new->flags |= CONTEXT_PROXY; - else if (!inet_pton(AF_INET, a[1], &new->end)) -- ret_err(_("bad dhcp-range")); -+ { -+ dhcp_context_free(new); -+ ret_err(_("bad dhcp-range")); -+ } - - if (ntohl(new->start.s_addr) > ntohl(new->end.s_addr)) - { -@@ -2833,7 +2949,10 @@ static int one_opt(int option, char *arg - new->flags |= CONTEXT_NETMASK; - leasepos = 3; - if (!is_same_net(new->start, new->end, new->netmask)) -- ret_err(_("inconsistent DHCP range")); -+ { -+ dhcp_context_free(new); -+ ret_err(_("inconsistent DHCP range")); -+ } - - - if (k >= 4 && strchr(a[3], '.') && -@@ -2847,6 +2966,8 @@ static int one_opt(int option, char *arg - #ifdef HAVE_DHCP6 - else if (inet_pton(AF_INET6, a[0], &new->start6)) - { -+ const char *err = NULL; -+ - new->flags |= CONTEXT_V6; - new->prefix = 64; /* default */ - new->end6 = new->start6; -@@ -2892,19 +3013,24 @@ static int one_opt(int option, char *arg - } - } - -- if (new->prefix != 64) -+ if (new->prefix > 64) - { - if (new->flags & CONTEXT_RA) -- ret_err(_("prefix length must be exactly 64 for RA subnets")); -+ err=(_("prefix length must be exactly 64 for RA subnets")); - else if (new->flags & CONTEXT_TEMPLATE) -- ret_err(_("prefix length must be exactly 64 for subnet constructors")); -+ err=(_("prefix length must be exactly 64 for subnet constructors")); - } -- -- if (new->prefix < 64) -- ret_err(_("prefix length must be at least 64")); -+ else if (new->prefix < 64) -+ err=(_("prefix length must be at least 64")); - -- if (!is_same_net6(&new->start6, &new->end6, new->prefix)) -- ret_err(_("inconsistent DHCPv6 range")); -+ if (!err && !is_same_net6(&new->start6, &new->end6, new->prefix)) -+ err=(_("inconsistent DHCPv6 range")); -+ -+ if (err) -+ { -+ dhcp_context_free(new); -+ ret_err(err); -+ } - - /* dhcp-range=:: enables DHCP stateless on any interface */ - if (IN6_IS_ADDR_UNSPECIFIED(&new->start6) && !(new->flags & CONTEXT_TEMPLATE)) -@@ -2915,7 +3041,10 @@ static int one_opt(int option, char *arg - struct in6_addr zero; - memset(&zero, 0, sizeof(zero)); - if (!is_same_net6(&zero, &new->start6, new->prefix)) -- ret_err(_("prefix must be zero with \"constructor:\" argument")); -+ { -+ dhcp_context_free(new); -+ ret_err(_("prefix must be zero with \"constructor:\" argument")); -+ } - } - - if (addr6part(&new->start6) > addr6part(&new->end6)) -@@ -2927,12 +3056,18 @@ static int one_opt(int option, char *arg - } - #endif - else -- ret_err(_("bad dhcp-range")); -+ { -+ dhcp_context_free(new); -+ ret_err(_("bad dhcp-range")); -+ } - - if (leasepos < k) - { - if (leasepos != k-1) -- ret_err(_("bad dhcp-range")); -+ { -+ dhcp_context_free(new); -+ ret_err(_("bad dhcp-range")); -+ } - - if (strcmp(a[leasepos], "infinite") == 0) - new->lease_time = 0xffffffff; -@@ -2971,7 +3106,7 @@ static int one_opt(int option, char *arg - break; - - if (*cp || (leasepos+1 < k)) -- ret_err(_("bad dhcp-range")); -+ ret_err_free(_("bad dhcp-range"), new); - - new->lease_time = atoi(a[leasepos]) * fac; - /* Leases of a minute or less confuse -@@ -2998,6 +3133,7 @@ static int one_opt(int option, char *arg - new->flags = (option == LOPT_BANK) ? CONFIG_BANK : 0; - new->hwaddr = NULL; - new->netid = NULL; -+ new->clid = NULL; - - if ((a[0] = arg)) - for (k = 1; k < 7; k++) -@@ -3028,7 +3164,10 @@ static int one_opt(int option, char *arg - } - - if (len == -1) -- ret_err(_("bad hex constant")); -+ { -+ dhcp_config_free(new); -+ ret_err(_("bad hex constant")); -+ } - else if ((new->clid = opt_malloc(len))) - { - new->flags |= CONFIG_CLID; -@@ -3040,17 +3179,17 @@ static int one_opt(int option, char *arg - /* dhcp-host has strange backwards-compat needs. */ - else if (strstr(arg, "net:") == arg || strstr(arg, "set:") == arg) - { -- struct dhcp_netid *newtag = opt_malloc(sizeof(struct dhcp_netid)); - struct dhcp_netid_list *newlist = opt_malloc(sizeof(struct dhcp_netid_list)); -- newtag->net = opt_malloc(strlen(arg + 4) + 1); - newlist->next = new->netid; - new->netid = newlist; -- newlist->list = newtag; -- strcpy(newtag->net, arg+4); -- unhide_metas(newtag->net); -+ newlist->list = dhcp_netid_create(arg+4, NULL); - } - else if (strstr(arg, "tag:") == arg) -- ret_err(_("cannot match tags in --dhcp-host")); -+ { -+ -+ dhcp_config_free(new); -+ ret_err(_("cannot match tags in --dhcp-host")); -+ } - #ifdef HAVE_DHCP6 - else if (arg[0] == '[' && arg[strlen(arg)-1] == ']') - { -@@ -3058,7 +3197,10 @@ static int one_opt(int option, char *arg - arg++; - - if (!inet_pton(AF_INET6, arg, &new->addr6)) -- ret_err(_("bad IPv6 address")); -+ { -+ dhcp_config_free(new); -+ ret_err(_("bad IPv6 address")); -+ } - - for (i= 0; i < 8; i++) - if (new->addr6.s6_addr[i] != 0) -@@ -3076,10 +3218,13 @@ static int one_opt(int option, char *arg - struct hwaddr_config *newhw = opt_malloc(sizeof(struct hwaddr_config)); - if ((newhw->hwaddr_len = parse_hex(a[j], newhw->hwaddr, DHCP_CHADDR_MAX, - &newhw->wildcard_mask, &newhw->hwaddr_type)) == -1) -- ret_err(_("bad hex constant")); -+ { -+ free(newhw); -+ dhcp_config_free(new); -+ ret_err(_("bad hex constant")); -+ } - else - { -- - newhw->next = new->hwaddr; - new->hwaddr = newhw; - } -@@ -3156,7 +3301,10 @@ static int one_opt(int option, char *arg - { - if (!(new->hostname = canonicalise_opt(a[j])) || - !legal_hostname(new->hostname)) -- ret_err(_("bad DHCP host name")); -+ { -+ dhcp_config_free(new); -+ ret_err(_("bad DHCP host name")); -+ } - - new->flags |= CONFIG_NAME; - new->domain = strip_hostname(new->hostname); -@@ -3209,10 +3357,7 @@ static int one_opt(int option, char *arg - } - else - { -- struct dhcp_netid *newtag = opt_malloc(sizeof(struct dhcp_netid)); -- newtag->net = opt_malloc(len - 3); -- strcpy(newtag->net, arg+4); -- unhide_metas(newtag->net); -+ struct dhcp_netid *newtag = dhcp_netid_create(arg+4, NULL); - - if (strstr(arg, "set:") == arg) - { -@@ -3229,7 +3374,7 @@ static int one_opt(int option, char *arg - else - { - new->set = NULL; -- free(newtag); -+ dhcp_netid_free(newtag); - break; - } - } -@@ -3238,7 +3383,11 @@ static int one_opt(int option, char *arg - } - - if (!new->set) -- ret_err(_("bad tag-if")); -+ { -+ dhcp_netid_free(new->tag); -+ dhcp_netid_list_free(new->set); -+ ret_err_free(_("bad tag-if"), new); -+ } - - break; - } -@@ -3281,19 +3430,12 @@ static int one_opt(int option, char *arg - - case 'M': /* --dhcp-boot */ - { -- struct dhcp_netid *id = NULL; -- while (is_tag_prefix(arg)) -- { -- struct dhcp_netid *newid = opt_malloc(sizeof(struct dhcp_netid)); -- newid->next = id; -- id = newid; -- comma = split(arg); -- newid->net = opt_string_alloc(arg+4); -- arg = comma; -- }; -+ struct dhcp_netid *id = dhcp_tags(&arg); - -- if (!arg) -- ret_err(gen_err); -+ if (!id) -+ { -+ ret_err(gen_err); -+ } - else - { - char *dhcp_file, *dhcp_sname = NULL, *tftp_sname = NULL; -@@ -3339,19 +3481,12 @@ static int one_opt(int option, char *arg - - case LOPT_REPLY_DELAY: /* --dhcp-reply-delay */ - { -- struct dhcp_netid *id = NULL; -- while (is_tag_prefix(arg)) -- { -- struct dhcp_netid *newid = opt_malloc(sizeof(struct dhcp_netid)); -- newid->next = id; -- id = newid; -- comma = split(arg); -- newid->net = opt_string_alloc(arg+4); -- arg = comma; -- }; -+ struct dhcp_netid *id = dhcp_tags(&arg); - -- if (!arg) -- ret_err(gen_err); -+ if (!id) -+ { -+ ret_err(gen_err); -+ } - else - { - struct delay_config *new; -@@ -3376,19 +3511,13 @@ static int one_opt(int option, char *arg - - new->netid = NULL; - new->opt = 10; /* PXE_MENU_PROMPT */ -- -- while (is_tag_prefix(arg)) -- { -- struct dhcp_netid *nn = opt_malloc(sizeof (struct dhcp_netid)); -- comma = split(arg); -- nn->next = new->netid; -- new->netid = nn; -- nn->net = opt_string_alloc(arg+4); -- arg = comma; -- } -+ new->netid = dhcp_tags(&arg); - -- if (!arg) -- ret_err(gen_err); -+ if (!new->netid) -+ { -+ dhcp_opt_free(new); -+ ret_err(gen_err); -+ } - else - { - comma = split(arg); -@@ -3424,17 +3553,8 @@ static int one_opt(int option, char *arg - new->netid = NULL; - new->sname = NULL; - new->server.s_addr = 0; -+ new->netid = dhcp_tags(&arg); - -- while (is_tag_prefix(arg)) -- { -- struct dhcp_netid *nn = opt_malloc(sizeof (struct dhcp_netid)); -- comma = split(arg); -- nn->next = new->netid; -- new->netid = nn; -- nn->net = opt_string_alloc(arg+4); -- arg = comma; -- } -- - if (arg && (comma = split(arg))) - { - for (i = 0; CSA[i]; i++) -@@ -3511,7 +3631,10 @@ static int one_opt(int option, char *arg - unhide_metas(comma); - new->hwaddr_len = parse_hex(comma, new->hwaddr, DHCP_CHADDR_MAX, &new->mask, &new->hwaddr_type); - if (new->hwaddr_len == -1) -- ret_err(gen_err); -+ { -+ free(new->netid.net); -+ ret_err_free(gen_err, new); -+ } - else - { - new->next = daemon->dhcp_macs; -@@ -3528,7 +3651,7 @@ static int one_opt(int option, char *arg - - if (!(comma = split(arg)) || - !atoi_check16(comma, &new->class)) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - - new->tag.net = opt_string_alloc(set_prefix(arg)); - new->next = daemon->prefix_classes; -@@ -3550,7 +3673,7 @@ static int one_opt(int option, char *arg - struct dhcp_vendor *new = opt_malloc(sizeof(struct dhcp_vendor)); - - if (!(comma = split(arg))) -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - - new->netid.net = opt_string_alloc(set_prefix(arg)); - /* check for hex string - must digits may include : must not have nothing else, -@@ -3560,7 +3683,10 @@ static int one_opt(int option, char *arg - if ((comma = split(arg))) - { - if (option != 'U' || strstr(arg, "enterprise:") != arg) -- ret_err(gen_err); -+ { -+ free(new->netid.net); -+ ret_err_free(gen_err, new); -+ } - else - new->enterprise = atoi(arg+11); - } -@@ -3662,14 +3788,8 @@ static int one_opt(int option, char *arg - } - - while (arg) { -- struct dhcp_netid *member = opt_malloc(sizeof(struct dhcp_netid)); - comma = split(arg); -- member->next = list; -- list = member; -- if (is_tag_prefix(arg)) -- member->net = opt_string_alloc(arg+4); -- else -- member->net = opt_string_alloc(arg); -+ list = dhcp_netid_create(is_tag_prefix(arg) ? arg+4 :arg, list); - arg = comma; - } - -@@ -3683,7 +3803,7 @@ static int one_opt(int option, char *arg - struct addr_list *new = opt_malloc(sizeof(struct addr_list)); - comma = split(arg); - if (!(inet_pton(AF_INET, arg, &new->addr) > 0)) -- ret_err(_("bad dhcp-proxy address")); -+ ret_err_free(_("bad dhcp-proxy address"), new); - new->next = daemon->override_relays; - daemon->override_relays = new; - arg = comma; -@@ -3709,7 +3829,10 @@ static int one_opt(int option, char *arg - } - #endif - else -- ret_err(_("Bad dhcp-relay")); -+ { -+ free(new->interface); -+ ret_err_free(_("Bad dhcp-relay"), new); -+ } - - break; - } -@@ -3749,8 +3872,11 @@ static int one_opt(int option, char *arg - arg = split(comma); - if (!atoi_check(comma, &new->interval) || - (arg && !atoi_check(arg, &new->lifetime))) -+ { - err: -- ret_err(_("bad RA-params")); -+ free(new->name); -+ ret_err_free(_("bad RA-params"), new); -+ } - - new->next = daemon->ra_interfaces; - daemon->ra_interfaces = new; -@@ -3799,7 +3925,7 @@ err: - (!(inet_pton(AF_INET, dash, &new->end) > 0) || - !is_same_net(new->in, new->end, new->mask) || - ntohl(new->in.s_addr) > ntohl(new->end.s_addr))) -- ret_err(_("invalid alias range")); -+ ret_err_free(_("invalid alias range"), new); - - break; - } -@@ -3832,7 +3958,7 @@ err: - else if (strcmp(arg, "6") == 0) - new->family = AF_INET6; - else -- ret_err(gen_err); -+ ret_err_free(gen_err, new); - } - new->intr = opt_string_alloc(comma); - break; -@@ -3864,11 +3990,19 @@ err: - alias = canonicalise_opt(arg); - - if (!alias || !target) -- ret_err(_("bad CNAME")); -+ { -+ free(target); -+ free(alias); -+ ret_err(_("bad CNAME")); -+ } - - for (new = daemon->cnames; new; new = new->next) - if (hostname_isequal(new->alias, alias)) -- ret_err(_("duplicate CNAME")); -+ { -+ free(target); -+ free(alias); -+ ret_err(_("duplicate CNAME")); -+ } - new = opt_malloc(sizeof(struct cname)); - new->next = daemon->cnames; - daemon->cnames = new; -@@ -3891,7 +4025,11 @@ err: - - if (!(dom = canonicalise_opt(arg)) || - (comma && !(target = canonicalise_opt(comma)))) -- ret_err(_("bad PTR record")); -+ { -+ free(dom); -+ free(target); -+ ret_err(_("bad PTR record")); -+ } - else - { - new = opt_malloc(sizeof(struct ptr_record)); -@@ -3909,7 +4047,7 @@ err: - int k = 0; - struct naptr *new; - int order, pref; -- char *name, *replace = NULL; -+ char *name=NULL, *replace = NULL; - - if ((a[0] = arg)) - for (k = 1; k < 7; k++) -@@ -3922,7 +4060,11 @@ err: - !atoi_check16(a[1], &order) || - !atoi_check16(a[2], &pref) || - (k == 7 && !(replace = canonicalise_opt(a[6])))) -- ret_err(_("bad NAPTR record")); -+ { -+ free(name); -+ free(replace); -+ ret_err(_("bad NAPTR record")); -+ } - else - { - new = opt_malloc(sizeof(struct naptr)); -@@ -3944,22 +4086,26 @@ err: - struct txt_record *new; - size_t len = 0; - char *data; -- int val; -+ int class; - - comma = split(arg); - data = split(comma); - - new = opt_malloc(sizeof(struct txt_record)); -- new->next = daemon->rr; -- daemon->rr = new; -+ new->name = NULL; - -- if (!atoi_check(comma, &val) || -+ if (!atoi_check(comma, &class) || - !(new->name = canonicalise_opt(arg)) || - (data && (len = parse_hex(data, (unsigned char *)data, -1, NULL, NULL)) == -1U)) -- ret_err(_("bad RR record")); -- -- new->class = val; -+ { -+ free(new->name); -+ ret_err_free(_("bad RR record"), new); -+ } -+ - new->len = 0; -+ new->class = class; -+ new->next = daemon->rr; -+ daemon->rr = new; - - if (data) - { -@@ -4011,14 +4157,14 @@ err: - comma = split(arg); - - new = opt_malloc(sizeof(struct txt_record)); -- new->next = daemon->txt; -- daemon->txt = new; - new->class = C_IN; - new->stat = 0; - - if (!(new->name = canonicalise_opt(arg))) -- ret_err(_("bad TXT record")); -+ ret_err_free(_("bad TXT record"), new); - -+ new->next = daemon->txt; -+ daemon->txt = new; - len = comma ? strlen(comma) : 0; - len += (len/255) + 1; /* room for extra counts */ - new->txt = p = opt_malloc(len); -@@ -4065,24 +4211,32 @@ err: - arg = comma; - comma = split(arg); - if (!(target = canonicalise_opt(arg))) -- ret_err(_("bad SRV target")); -+ ret_err_free(_("bad SRV target"), name); - - if (comma) - { - arg = comma; - comma = split(arg); - if (!atoi_check16(arg, &port)) -- ret_err(_("invalid port number")); -+ { -+ free(name); -+ ret_err_free(_("invalid port number"), target); -+ } - - if (comma) - { - arg = comma; - comma = split(arg); - if (!atoi_check16(arg, &priority)) -- ret_err(_("invalid priority")); -- -+ { -+ free(name); -+ ret_err_free(_("invalid priority"), target); -+ } - if (comma && !atoi_check16(comma, &weight)) -- ret_err(_("invalid weight")); -+ { -+ free(name); -+ ret_err_free(_("invalid weight"), target); -+ } - } - } - } -@@ -4101,13 +4255,15 @@ err: - - case LOPT_HOST_REC: /* --host-record */ - { -- struct host_record *new = opt_malloc(sizeof(struct host_record)); -- memset(new, 0, sizeof(struct host_record)); -- new->ttl = -1; -+ struct host_record *new; - - if (!arg || !(comma = split(arg))) - ret_err(_("Bad host-record")); - -+ new = opt_malloc(sizeof(struct host_record)); -+ memset(new, 0, sizeof(struct host_record)); -+ new->ttl = -1; -+ - while (arg) - { - struct all_addr addr; -@@ -4126,10 +4282,19 @@ err: - { - int nomem; - char *canon = canonicalise(arg, &nomem); -- struct name_list *nl = opt_malloc(sizeof(struct name_list)); -+ struct name_list *nl; - if (!canon) -- ret_err(_("Bad name in host-record")); -+ { -+ struct name_list *tmp = new->names, *next; -+ for (tmp = new->names; tmp; tmp = next) -+ { -+ next = tmp->next; -+ free(tmp); -+ } -+ ret_err_free(_("Bad name in host-record"), new); -+ } - -+ nl = opt_malloc(sizeof(struct name_list)); - nl->name = canon; - /* keep order, so that PTR record goes to first name */ - nl->next = NULL; -@@ -4179,6 +4344,7 @@ err: - int len; - - new->class = C_IN; -+ new->name = NULL; - - if ((comma = split(arg)) && (algo = split(comma))) - { -@@ -4203,7 +4369,7 @@ err: - !atoi_check8(algo, &new->algo) || - !atoi_check8(digest, &new->digest_type) || - !(new->name = canonicalise_opt(arg))) -- ret_err(_("bad trust anchor")); -+ ret_err_free(_("bad trust anchor"), new); - - /* Upper bound on length */ - len = (2*strlen(keyhex))+1; -@@ -4217,7 +4383,10 @@ err: - else - cp++; - if ((new->digestlen = parse_hex(keyhex, (unsigned char *)new->digest, len, NULL, NULL)) == -1) -- ret_err(_("bad HEX in trust anchor")); -+ { -+ free(new->name); -+ ret_err_free(_("bad HEX in trust anchor"), new); -+ } - - new->next = daemon->ds; - daemon->ds = new; -@@ -4686,8 +4855,8 @@ void read_opts(int argc, char **argv, ch - size_t argbuf_size = MAXDNAME; - char *argbuf = opt_malloc(argbuf_size); - char *buff = opt_malloc(MAXDNAME); -- int option, conffile_opt = '7', testmode = 0; -- char *arg, *conffile = CONFFILE; -+ int option, testmode = 0; -+ char *arg, *conffile = NULL; - - opterr = 0; - -@@ -4796,7 +4965,8 @@ void read_opts(int argc, char **argv, ch - } - else if (option == 'C') - { -- conffile_opt = 0; /* file must exist */ -+ if (conffile) -+ free(conffile); - conffile = opt_string_alloc(arg); - } - else -@@ -4814,10 +4984,11 @@ void read_opts(int argc, char **argv, ch - - if (conffile) - { -- one_file(conffile, conffile_opt); -- if (conffile_opt == 0) -- free(conffile); -+ one_file(conffile, 0); -+ free(conffile); - } -+ else -+ one_file(CONFFILE, '7'); - - /* port might not be known when the address is parsed - fill in here */ - if (daemon->servers) diff --git a/package/network/services/dnsmasq/patches/0013-Treat-DS-and-DNSKEY-queries-being-forwarded-the-same.patch b/package/network/services/dnsmasq/patches/0013-Treat-DS-and-DNSKEY-queries-being-forwarded-the-same.patch deleted file mode 100644 index 7053d032b8..0000000000 --- a/package/network/services/dnsmasq/patches/0013-Treat-DS-and-DNSKEY-queries-being-forwarded-the-same.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 07e25da5bf26d46aad4f1d2eb19b260789182004 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Sun, 16 Dec 2018 18:21:58 +0000 -Subject: [PATCH 13/32] Treat DS and DNSKEY queries being forwarded the same as - those locally originated. - -The queries will not be forwarded to a server for a domain, unless -there's a trust anchor provided for that domain. This allows, especially, -suitable proof of non-existance for DS records to come from -the parent domain for domains which are not signed. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/rfc1035.c | 7 +++++++ - 1 file changed, 7 insertions(+) - ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -916,6 +916,13 @@ unsigned int extract_request(struct dns_ - if (qtype == T_ANY) - return F_IPV4 | F_IPV6; - } -+ -+ /* F_DNSSECOK as agument to search_servers() inhibits forwarding -+ to servers for domains without a trust anchor. This make the -+ behaviour for DS and DNSKEY queries we forward the same -+ as for DS and DNSKEY queries we originate. */ -+ if (qtype == T_DS || qtype == T_DNSKEY) -+ return F_DNSSECOK; - - return F_QUERY; - } diff --git a/package/network/services/dnsmasq/patches/0014-Fix-option-parsing-errors-introduced-in-59e470381f84.patch b/package/network/services/dnsmasq/patches/0014-Fix-option-parsing-errors-introduced-in-59e470381f84.patch deleted file mode 100644 index 2aaf382bad..0000000000 --- a/package/network/services/dnsmasq/patches/0014-Fix-option-parsing-errors-introduced-in-59e470381f84.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 137e9f878fafb38369eab7d9dfe84e4228ff5f89 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> -Date: Sun, 16 Dec 2018 21:25:29 +0000 -Subject: [PATCH 14/32] Fix option parsing errors introduced in - 59e470381f84f2fdf0640c7bc67827f3f0c64784 - -Thanks to Kevin Darbyshire-Bryant for spotting this. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/option.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - ---- a/src/option.c -+++ b/src/option.c -@@ -3432,7 +3432,7 @@ static int one_opt(int option, char *arg - { - struct dhcp_netid *id = dhcp_tags(&arg); - -- if (!id) -+ if (!arg) - { - ret_err(gen_err); - } -@@ -3483,7 +3483,7 @@ static int one_opt(int option, char *arg - { - struct dhcp_netid *id = dhcp_tags(&arg); - -- if (!id) -+ if (!arg) - { - ret_err(gen_err); - } -@@ -3513,7 +3513,7 @@ static int one_opt(int option, char *arg - new->opt = 10; /* PXE_MENU_PROMPT */ - new->netid = dhcp_tags(&arg); - -- if (!new->netid) -+ if (!arg) - { - dhcp_opt_free(new); - ret_err(gen_err); diff --git a/package/network/services/dnsmasq/patches/0015-fix-ipv6-ipset-bug-in-master.patch b/package/network/services/dnsmasq/patches/0015-fix-ipv6-ipset-bug-in-master.patch deleted file mode 100644 index 920cf7510a..0000000000 --- a/package/network/services/dnsmasq/patches/0015-fix-ipv6-ipset-bug-in-master.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 3becf468bad699bfdcb2d18d553bc72d4c79e23c Mon Sep 17 00:00:00 2001 -From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> -Date: Wed, 12 Dec 2018 12:00:19 +0000 -Subject: [PATCH 15/32] fix ipv6 ipset bug in master -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Hi Simon, - -Another one fallen out of the openwrt tree shake :-) - -ipv6 ipset addresses weren’t being set correctly. patch attached - -Cheers, - -Kevin D-B - -012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A -From b50fc0491e374186f982b019f293379955afd203 Mon Sep 17 00:00:00 2001 -From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> -Date: Wed, 12 Dec 2018 11:35:12 +0000 -Subject: [PATCH] ipset fix ternary order swap - -ee87504 Remove ability to compile without IPv6 support introduced a -ternary operator for ip address size. Unfortunately the true/false -order was incorrect which meant ipv6 ipset addresses were added -incorrectly. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/ipset.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/ipset.c -+++ b/src/ipset.c -@@ -120,7 +120,7 @@ static int new_add_to_ipset(const char * - struct my_nfgenmsg *nfg; - struct my_nlattr *nested[2]; - uint8_t proto; -- int addrsz = (af == AF_INET6) ? INADDRSZ : IN6ADDRSZ; -+ int addrsz = (af == AF_INET6) ? IN6ADDRSZ : INADDRSZ; - - if (strlen(setname) >= IPSET_MAXNAMELEN) - { diff --git a/package/network/services/dnsmasq/patches/0016-build-failure-on-master-with-NO_DHCPv6-and-fix.patch b/package/network/services/dnsmasq/patches/0016-build-failure-on-master-with-NO_DHCPv6-and-fix.patch deleted file mode 100644 index e4e363ba47..0000000000 --- a/package/network/services/dnsmasq/patches/0016-build-failure-on-master-with-NO_DHCPv6-and-fix.patch +++ /dev/null @@ -1,50 +0,0 @@ -From b683cf37f9f3dd3dc5d95d621ee75850d559b2e4 Mon Sep 17 00:00:00 2001 -From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> -Date: Mon, 10 Dec 2018 10:34:35 +0000 -Subject: [PATCH 16/32] build failure on master with NO_DHCPv6 and fix.... - -Hi Simon, - -master has a build error when building without HAVE_DHCPv6 - -option.c: In function 'dhcp_context_free': -option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface' - free(ctx->template_interface); - -Sadly, need to put in a little conditional compilation ifdef'erey - -Simplest patch in the world attached - -Cheers, - -Kevin D-B - -012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A - -From 061eb8599636bb360e0b7fa5986935b86db39497 Mon Sep 17 00:00:00 2001 -From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> -Date: Mon, 10 Dec 2018 10:07:33 +0000 -Subject: [PATCH] option: fix non DHCPv6 build error - -option.c: In function 'dhcp_context_free': -option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface' - free(ctx->template_interface); - ^~ - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/option.c | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/src/option.c -+++ b/src/option.c -@@ -1039,7 +1039,9 @@ static void dhcp_context_free(struct dhc - { - dhcp_netid_free(ctx->filter); - free(ctx->netid.net); -+#ifdef HAVE_DHCP6 - free(ctx->template_interface); -+#endif - free(ctx); - } - } diff --git a/package/network/services/dnsmasq/patches/0017-Alter-DHCP-address-selection-after-DECLINE-in-consec.patch b/package/network/services/dnsmasq/patches/0017-Alter-DHCP-address-selection-after-DECLINE-in-consec.patch deleted file mode 100644 index 1a3b341b9f..0000000000 --- a/package/network/services/dnsmasq/patches/0017-Alter-DHCP-address-selection-after-DECLINE-in-consec.patch +++ /dev/null @@ -1,57 +0,0 @@ -From e7bfd556c079c8b5e7425aed44abc35925b24043 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Mon, 31 Dec 2018 20:51:15 +0000 -Subject: [PATCH 17/32] Alter DHCP address selection after DECLINE in - consec-addr mode. Avoid offering the same address after a recieving a DECLINE - message to stop an infinite protocol loop. This has long been done in default - address allocation mode: this adds similar behaviour when allocaing addresses - consecutively. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/dhcp.c | 13 +++++++++++++ - src/dhcp6.c | 11 +++++++++-- - 2 files changed, 22 insertions(+), 2 deletions(-) - ---- a/src/dhcp.c -+++ b/src/dhcp.c -@@ -754,6 +754,19 @@ int address_allocate(struct dhcp_context - if (addr.s_addr == d->router.s_addr) - break; - -+ /* in consec-ip mode, skip addresses equal to -+ the number of addresses rejected by clients. This -+ should avoid the same client being offered the same -+ address after it has rjected it. */ -+ if (option_bool(OPT_CONSEC_ADDR)) -+ { -+ if (c->addr_epoch) -+ { -+ c->addr_epoch--; -+ d = context; /* d non-NULL skips the address. */ -+ } -+ } -+ - /* Addresses which end in .255 and .0 are broken in Windows even when using - supernetting. ie dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 - then 192.168.0.255 is a valid IP address, but not for Windows as it's ---- a/src/dhcp6.c -+++ b/src/dhcp6.c -@@ -431,8 +431,15 @@ struct dhcp_context *address6_allocate(s - else - { - if (!temp_addr && option_bool(OPT_CONSEC_ADDR)) -- /* seed is largest extant lease addr in this context */ -- start = lease_find_max_addr6(c) + serial; -+ { -+ /* seed is largest extant lease addr in this context, -+ skip addresses equal to the number of addresses rejected -+ by clients. This should avoid the same client being offered the same -+ address after it has rjected it. */ -+ start = lease_find_max_addr6(c) + serial + c->addr_epoch; -+ if (c->addr_epoch) -+ c->addr_epoch--; -+ } - else - { - u64 range = 1 + addr6part(&c->end6) - addr6part(&c->start6); diff --git a/package/network/services/dnsmasq/patches/0018-Tidy-all_addr-union-merge-log-and-rcode-fields.patch b/package/network/services/dnsmasq/patches/0018-Tidy-all_addr-union-merge-log-and-rcode-fields.patch deleted file mode 100644 index e6b456f974..0000000000 --- a/package/network/services/dnsmasq/patches/0018-Tidy-all_addr-union-merge-log-and-rcode-fields.patch +++ /dev/null @@ -1,80 +0,0 @@ -From bde46476ee06c96e821653dfdb8fa11fe7326998 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Mon, 31 Dec 2018 23:28:24 +0000 -Subject: [PATCH 18/32] Tidy all_addr union, merge log and rcode fields. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/cache.c | 2 +- - src/dnsmasq.h | 6 +----- - src/forward.c | 2 +- - src/rfc1035.c | 6 +++--- - 4 files changed, 6 insertions(+), 10 deletions(-) - ---- a/src/cache.c -+++ b/src/cache.c -@@ -1926,7 +1926,7 @@ void log_query(unsigned int flags, char - sprintf(daemon->addrbuff, arg, addr->addr.log.keytag, addr->addr.log.algo, addr->addr.log.digest); - else if (flags & F_RCODE) - { -- unsigned int rcode = addr->addr.rcode.rcode; -+ unsigned int rcode = addr->addr.log.rcode; - - if (rcode == SERVFAIL) - dest = "SERVFAIL"; ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -279,12 +279,8 @@ struct all_addr { - struct in6_addr addr6; - /* for log_query */ - struct { -- unsigned short keytag, algo, digest; -+ unsigned short keytag, algo, digest, rcode; - } log; -- /* for log_query */ -- struct { -- unsigned int rcode; -- } rcode; - /* for cache_insert of DNSKEY, DS */ - struct { - unsigned short class, type; ---- a/src/forward.c -+++ b/src/forward.c -@@ -658,7 +658,7 @@ static size_t process_reply(struct dns_h - if (rcode != NOERROR && rcode != NXDOMAIN) - { - struct all_addr a; -- a.addr.rcode.rcode = rcode; -+ a.addr.log.rcode = rcode; - log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL); - - return resize_packet(header, n, pheader, plen); ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -950,7 +950,7 @@ size_t setup_reply(struct dns_header *he - else if (flags == F_SERVFAIL) - { - struct all_addr a; -- a.addr.rcode.rcode = SERVFAIL; -+ a.addr.log.rcode = SERVFAIL; - log_query(F_CONFIG | F_RCODE, "error", &a, NULL); - SET_RCODE(header, SERVFAIL); - } -@@ -975,7 +975,7 @@ size_t setup_reply(struct dns_header *he - else /* nowhere to forward to */ - { - struct all_addr a; -- a.addr.rcode.rcode = REFUSED; -+ a.addr.log.rcode = REFUSED; - log_query(F_CONFIG | F_RCODE, "error", &a, NULL); - SET_RCODE(header, REFUSED); - } -@@ -1374,7 +1374,7 @@ size_t answer_request(struct dns_header - notimp = 1, auth = 0; - if (!dryrun) - { -- addr.addr.rcode.rcode = NOTIMP; -+ addr.addr.log.rcode = NOTIMP; - log_query(F_CONFIG | F_RCODE, name, &addr, NULL); - } - ans = 1, sec_data = 0; diff --git a/package/network/services/dnsmasq/patches/0019-Tidy-address-union-handling-move-class-into-explicit.patch b/package/network/services/dnsmasq/patches/0019-Tidy-address-union-handling-move-class-into-explicit.patch deleted file mode 100644 index 4854617a0f..0000000000 --- a/package/network/services/dnsmasq/patches/0019-Tidy-address-union-handling-move-class-into-explicit.patch +++ /dev/null @@ -1,290 +0,0 @@ -From 65a01b71bb433c9466e4c78a73a8d8ed218ed4e8 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Mon, 31 Dec 2018 23:56:33 +0000 -Subject: [PATCH 19/32] Tidy address-union handling: move class into explicit - argument. - -This moves the class argument to cache-insert into an argument, -rather then overloading a union in the address argument. Note that -tha class is NOT stored in the cache other than for DS/DNSKEY entries, -so must always be C_IN except for these. The data-extraction code -ensures this as it only attempts to cache C_IN class records. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/cache.c | 57 ++++++++++++++++++++++----------------------------- - src/dnsmasq.h | 2 +- - src/dnssec.c | 13 +++--------- - src/rfc1035.c | 12 +++++------ - 4 files changed, 34 insertions(+), 50 deletions(-) - ---- a/src/cache.c -+++ b/src/cache.c -@@ -26,7 +26,7 @@ static union bigname *big_free = NULL; - static int bignames_left, hash_size; - - static void make_non_terminals(struct crec *source); --static struct crec *really_insert(char *name, struct all_addr *addr, -+static struct crec *really_insert(char *name, struct all_addr *addr, unsigned short class, - time_t now, unsigned long ttl, unsigned short flags); - - /* type->string mapping: this is also used by the name-hash function as a mixing table. */ -@@ -330,8 +330,8 @@ static int is_expired(time_t now, struct - return 1; - } - --static struct crec *cache_scan_free(char *name, struct all_addr *addr, time_t now, unsigned short flags, -- struct crec **target_crec, unsigned int *target_uid) -+static struct crec *cache_scan_free(char *name, struct all_addr *addr, unsigned short class, time_t now, -+ unsigned short flags, struct crec **target_crec, unsigned int *target_uid) - { - /* Scan and remove old entries. - If (flags & F_FORWARD) then remove any forward entries for name and any expired -@@ -350,6 +350,8 @@ static struct crec *cache_scan_free(char - This entry will get re-used with the same name, to preserve CNAMEs. */ - - struct crec *crecp, **up; -+ -+ (void)class; - - if (flags & F_FORWARD) - { -@@ -381,7 +383,7 @@ static struct crec *cache_scan_free(char - - #ifdef HAVE_DNSSEC - /* Deletion has to be class-sensitive for DS and DNSKEY */ -- if ((flags & crecp->flags & (F_DNSKEY | F_DS)) && crecp->uid == addr->addr.dnssec.class) -+ if ((flags & crecp->flags & (F_DNSKEY | F_DS)) && crecp->uid == class) - { - if (crecp->flags & F_CONFIG) - return crecp; -@@ -464,7 +466,7 @@ void cache_start_insert(void) - insert_error = 0; - } - --struct crec *cache_insert(char *name, struct all_addr *addr, -+struct crec *cache_insert(char *name, struct all_addr *addr, unsigned short class, - time_t now, unsigned long ttl, unsigned short flags) - { - /* Don't log DNSSEC records here, done elsewhere */ -@@ -478,11 +480,11 @@ struct crec *cache_insert(char *name, st - ttl = daemon->min_cache_ttl; - } - -- return really_insert(name, addr, now, ttl, flags); -+ return really_insert(name, addr, class, now, ttl, flags); - } - - --static struct crec *really_insert(char *name, struct all_addr *addr, -+static struct crec *really_insert(char *name, struct all_addr *addr, unsigned short class, - time_t now, unsigned long ttl, unsigned short flags) - { - struct crec *new, *target_crec = NULL; -@@ -497,7 +499,7 @@ static struct crec *really_insert(char * - - /* First remove any expired entries and entries for the name/address we - are currently inserting. */ -- if ((new = cache_scan_free(name, addr, now, flags, &target_crec, &target_uid))) -+ if ((new = cache_scan_free(name, addr, class, now, flags, &target_crec, &target_uid))) - { - /* We're trying to insert a record over one from - /etc/hosts or DHCP, or other config. If the -@@ -553,21 +555,14 @@ static struct crec *really_insert(char * - - if (freed_all) - { -- struct all_addr free_addr = new->addr.addr;; -- --#ifdef HAVE_DNSSEC -- /* For DNSSEC records, addr holds class. */ -- if (new->flags & (F_DS | F_DNSKEY)) -- free_addr.addr.dnssec.class = new->uid; --#endif -- -+ /* For DNSSEC records, uid holds class. */ - free_avail = 1; /* Must be free space now. */ -- cache_scan_free(cache_get_name(new), &free_addr, now, new->flags, NULL, NULL); -+ cache_scan_free(cache_get_name(new), &new->addr.addr, new->uid, now, new->flags, NULL, NULL); - daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED]++; - } - else - { -- cache_scan_free(NULL, NULL, now, 0, NULL, NULL); -+ cache_scan_free(NULL, NULL, class, now, 0, NULL, NULL); - freed_all = 1; - } - } -@@ -615,15 +610,13 @@ static struct crec *really_insert(char * - else - *cache_get_name(new) = 0; - -- if (addr) -- { - #ifdef HAVE_DNSSEC -- if (flags & (F_DS | F_DNSKEY)) -- new->uid = addr->addr.dnssec.class; -- else -+ if (flags & (F_DS | F_DNSKEY)) -+ new->uid = class; - #endif -- new->addr.addr = *addr; -- } -+ -+ if (addr) -+ new->addr.addr = *addr; - - new->ttd = now + (time_t)ttl; - new->next = new_chain; -@@ -747,11 +740,11 @@ int cache_recv_insert(time_t now, int fd - { - if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) - return 0; -- crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags); -+ crecp = really_insert(daemon->namebuff, &addr, C_IN, now, ttl, flags); - } - else if (flags & F_CNAME) - { -- struct crec *newc = really_insert(daemon->namebuff, NULL, now, ttl, flags); -+ struct crec *newc = really_insert(daemon->namebuff, NULL, C_IN, now, ttl, flags); - /* This relies on the fact the the target of a CNAME immediately preceeds - it because of the order of extraction in extract_addresses, and - the order reversal on the new_chain. */ -@@ -780,10 +773,8 @@ int cache_recv_insert(time_t now, int fd - - if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1)) - return 0; -- /* Cache needs to known class for DNSSEC stuff */ -- addr.addr.dnssec.class = class; -- -- crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags); -+ -+ crecp = really_insert(daemon->namebuff, NULL, class, now, ttl, flags); - - if (flags & F_DNSKEY) - { -@@ -1463,7 +1454,7 @@ void cache_add_dhcp_entry(char *host_nam - } - else if (!(crec->flags & F_DHCP)) - { -- cache_scan_free(host_name, NULL, 0, crec->flags & (flags | F_CNAME | F_FORWARD), NULL, NULL); -+ cache_scan_free(host_name, NULL, C_IN, 0, crec->flags & (flags | F_CNAME | F_FORWARD), NULL, NULL); - /* scan_free deletes all addresses associated with name */ - break; - } -@@ -1490,7 +1481,7 @@ void cache_add_dhcp_entry(char *host_nam - if (crec->flags & F_NEG) - { - flags |= F_REVERSE; -- cache_scan_free(NULL, (struct all_addr *)host_address, 0, flags, NULL, NULL); -+ cache_scan_free(NULL, (struct all_addr *)host_address, C_IN, 0, flags, NULL, NULL); - } - } - else ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -1144,7 +1144,7 @@ struct crec *cache_find_by_name(struct c - void cache_end_insert(void); - void cache_start_insert(void); - int cache_recv_insert(time_t now, int fd); --struct crec *cache_insert(char *name, struct all_addr *addr, -+struct crec *cache_insert(char *name, struct all_addr *addr, unsigned short class, - time_t now, unsigned long ttl, unsigned short flags); - void cache_reload(void); - void cache_add_dhcp_entry(char *host_name, int prot, struct all_addr *host_address, time_t ttd); ---- a/src/dnssec.c -+++ b/src/dnssec.c -@@ -798,12 +798,9 @@ int dnssec_validate_by_ds(time_t now, st - algo = *p++; - keytag = dnskey_keytag(algo, flags, p, rdlen - 4); - -- /* Cache needs to known class for DNSSEC stuff */ -- a.addr.dnssec.class = class; -- - if ((key = blockdata_alloc((char*)p, rdlen - 4))) - { -- if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK))) -+ if (!(recp1 = cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK))) - { - blockdata_free(key); - return STAT_BOGUS; -@@ -927,12 +924,9 @@ int dnssec_validate_ds(time_t now, struc - algo = *p++; - digest = *p++; - -- /* Cache needs to known class for DNSSEC stuff */ -- a.addr.dnssec.class = class; -- - if ((key = blockdata_alloc((char*)p, rdlen - 4))) - { -- if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK))) -+ if (!(crecp = cache_insert(name, NULL, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK))) - { - blockdata_free(key); - return STAT_BOGUS; -@@ -1021,8 +1015,7 @@ int dnssec_validate_ds(time_t now, struc - { - cache_start_insert(); - -- a.addr.dnssec.class = class; -- if (!cache_insert(name, &a, now, ttl, flags)) -+ if (!cache_insert(name, NULL, class, now, ttl, flags)) - return STAT_BOGUS; - - cache_end_insert(); ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -701,7 +701,7 @@ int extract_addresses(struct dns_header - goto cname_loop; - } - -- cache_insert(name, &addr, now, cttl, name_encoding | secflag | F_REVERSE); -+ cache_insert(name, &addr, C_IN, now, cttl, name_encoding | secflag | F_REVERSE); - found = 1; - } - -@@ -719,7 +719,7 @@ int extract_addresses(struct dns_header - ttl = find_soa(header, qlen, NULL, doctored); - } - if (ttl) -- cache_insert(NULL, &addr, now, ttl, name_encoding | F_REVERSE | F_NEG | flags | (secure ? F_DNSSECOK : 0)); -+ cache_insert(NULL, &addr, C_IN, now, ttl, name_encoding | F_REVERSE | F_NEG | flags | (secure ? F_DNSSECOK : 0)); - } - } - else -@@ -773,7 +773,7 @@ int extract_addresses(struct dns_header - { - if (!cname_count--) - return 0; /* looped CNAMES */ -- newc = cache_insert(name, NULL, now, attl, F_CNAME | F_FORWARD | secflag); -+ newc = cache_insert(name, NULL, C_IN, now, attl, F_CNAME | F_FORWARD | secflag); - if (newc) - { - newc->addr.cname.target.cache = NULL; -@@ -833,7 +833,7 @@ int extract_addresses(struct dns_header - } - #endif - -- newc = cache_insert(name, &addr, now, attl, flags | F_FORWARD | secflag); -+ newc = cache_insert(name, &addr, C_IN, now, attl, flags | F_FORWARD | secflag); - if (newc && cpp) - { - next_uid(newc); -@@ -860,7 +860,7 @@ int extract_addresses(struct dns_header - pointing at this, inherit its TTL */ - if (ttl || cpp) - { -- newc = cache_insert(name, NULL, now, ttl ? ttl : cttl, F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0)); -+ newc = cache_insert(name, NULL, C_IN, now, ttl ? ttl : cttl, F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0)); - if (newc && cpp) - { - next_uid(newc); -@@ -1054,7 +1054,7 @@ int check_for_bogus_wildcard(struct dns_ - /* Found a bogus address. Insert that info here, since there no SOA record - to get the ttl from in the normal processing */ - cache_start_insert(); -- cache_insert(name, NULL, now, ttl, F_IPV4 | F_FORWARD | F_NEG | F_NXDOMAIN); -+ cache_insert(name, NULL, C_IN, now, ttl, F_IPV4 | F_FORWARD | F_NEG | F_NXDOMAIN); - cache_end_insert(); - - return 1; diff --git a/package/network/services/dnsmasq/patches/0020-Futher-address-union-tidying.patch b/package/network/services/dnsmasq/patches/0020-Futher-address-union-tidying.patch deleted file mode 100644 index deda82fee0..0000000000 --- a/package/network/services/dnsmasq/patches/0020-Futher-address-union-tidying.patch +++ /dev/null @@ -1,363 +0,0 @@ -From ab194ed7ca433e4e2e8b2ec338bfa4e6aa886a4b Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Tue, 1 Jan 2019 01:35:30 +0000 -Subject: [PATCH 20/32] Futher address union tidying. - -Pass DNSKEY and DS data into cache_insert via the address argument, -now these data types are included in struct all_addr. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/cache.c | 116 ++++++++++++++++---------------------------------- - src/dnsmasq.h | 26 +++++------ - src/dnssec.c | 53 +++++++++++------------ - 3 files changed, 73 insertions(+), 122 deletions(-) - ---- a/src/cache.c -+++ b/src/cache.c -@@ -202,9 +202,9 @@ static void cache_hash(struct crec *crec - static void cache_blockdata_free(struct crec *crecp) - { - if (crecp->flags & F_DNSKEY) -- blockdata_free(crecp->addr.key.keydata); -+ blockdata_free(crecp->addr.addr.addr.key.keydata); - else if ((crecp->flags & F_DS) && !(crecp->flags & F_NEG)) -- blockdata_free(crecp->addr.ds.keydata); -+ blockdata_free(crecp->addr.addr.addr.ds.keydata); - } - #endif - -@@ -659,33 +659,22 @@ void cache_end_insert(void) - read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->ttd, sizeof(new_chain->ttd), 0); - read_write(daemon->pipe_to_parent, (unsigned char *)&flags, sizeof(flags), 0); - -- if (flags & (F_IPV4 | F_IPV6)) -+ if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS)) - read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); - #ifdef HAVE_DNSSEC -- else if (flags & F_DNSKEY) -+ if (flags & F_DNSKEY) - { - read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); -- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.algo, sizeof(new_chain->addr.key.algo), 0); -- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keytag, sizeof(new_chain->addr.key.keytag), 0); -- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.flags, sizeof(new_chain->addr.key.flags), 0); -- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keylen, sizeof(new_chain->addr.key.keylen), 0); -- blockdata_write(new_chain->addr.key.keydata, new_chain->addr.key.keylen, daemon->pipe_to_parent); -+ blockdata_write(new_chain->addr.addr.addr.key.keydata, new_chain->addr.addr.addr.key.keylen, daemon->pipe_to_parent); - } - else if (flags & F_DS) - { - read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); - /* A negative DS entry is possible and has no data, obviously. */ - if (!(flags & F_NEG)) -- { -- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.algo, sizeof(new_chain->addr.ds.algo), 0); -- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keytag, sizeof(new_chain->addr.ds.keytag), 0); -- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.digest, sizeof(new_chain->addr.ds.digest), 0); -- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keylen, sizeof(new_chain->addr.ds.keylen), 0); -- blockdata_write(new_chain->addr.ds.keydata, new_chain->addr.ds.keylen, daemon->pipe_to_parent); -- } -+ blockdata_write(new_chain->addr.addr.addr.ds.keydata, new_chain->addr.addr.addr.ds.keylen, daemon->pipe_to_parent); - } - #endif -- - } - } - -@@ -736,11 +725,30 @@ int cache_recv_insert(time_t now, int fd - - ttl = difftime(ttd, now); - -- if (flags & (F_IPV4 | F_IPV6)) -+ if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS)) - { -+ unsigned short class = C_IN; -+ - if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) - return 0; -- crecp = really_insert(daemon->namebuff, &addr, C_IN, now, ttl, flags); -+ -+#ifdef HAVE_DNSSEC -+ if (flags & F_DNSKEY) -+ { -+ if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || -+ !(addr.addr.key.keydata = blockdata_read(fd, addr.addr.key.keylen))) -+ return 0; -+ } -+ else if (flags & F_DS) -+ { -+ if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || -+ (flags & F_NEG) || -+ !(addr.addr.key.keydata = blockdata_read(fd, addr.addr.key.keylen))) -+ return 0; -+ } -+#endif -+ -+ crecp = really_insert(daemon->namebuff, &addr, class, now, ttl, flags); - } - else if (flags & F_CNAME) - { -@@ -764,58 +772,6 @@ int cache_recv_insert(time_t now, int fd - } - } - } --#ifdef HAVE_DNSSEC -- else if (flags & (F_DNSKEY | F_DS)) -- { -- unsigned short class, keylen, keyflags, keytag; -- unsigned char algo, digest; -- struct blockdata *keydata; -- -- if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1)) -- return 0; -- -- crecp = really_insert(daemon->namebuff, NULL, class, now, ttl, flags); -- -- if (flags & F_DNSKEY) -- { -- if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) || -- !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) || -- !read_write(fd, (unsigned char *)&keyflags, sizeof(keyflags), 1) || -- !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) || -- !(keydata = blockdata_read(fd, keylen))) -- return 0; -- } -- else if (!(flags & F_NEG)) -- { -- if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) || -- !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) || -- !read_write(fd, (unsigned char *)&digest, sizeof(digest), 1) || -- !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) || -- !(keydata = blockdata_read(fd, keylen))) -- return 0; -- } -- -- if (crecp) -- { -- if (flags & F_DNSKEY) -- { -- crecp->addr.key.algo = algo; -- crecp->addr.key.keytag = keytag; -- crecp->addr.key.flags = flags; -- crecp->addr.key.keylen = keylen; -- crecp->addr.key.keydata = keydata; -- } -- else if (!(flags & F_NEG)) -- { -- crecp->addr.ds.algo = algo; -- crecp->addr.ds.keytag = keytag; -- crecp->addr.ds.digest = digest; -- crecp->addr.ds.keylen = keylen; -- crecp->addr.ds.keydata = keydata; -- } -- } -- } --#endif - } - } - -@@ -1290,15 +1246,15 @@ void cache_reload(void) - #ifdef HAVE_DNSSEC - for (ds = daemon->ds; ds; ds = ds->next) - if ((cache = whine_malloc(SIZEOF_POINTER_CREC)) && -- (cache->addr.ds.keydata = blockdata_alloc(ds->digest, ds->digestlen))) -+ (cache->addr.addr.addr.ds.keydata = blockdata_alloc(ds->digest, ds->digestlen))) - { - cache->flags = F_FORWARD | F_IMMORTAL | F_DS | F_CONFIG | F_NAMEP; - cache->ttd = daemon->local_ttl; - cache->name.namep = ds->name; -- cache->addr.ds.keylen = ds->digestlen; -- cache->addr.ds.algo = ds->algo; -- cache->addr.ds.keytag = ds->keytag; -- cache->addr.ds.digest = ds->digest_type; -+ cache->addr.addr.addr.ds.keylen = ds->digestlen; -+ cache->addr.addr.addr.ds.algo = ds->algo; -+ cache->addr.addr.addr.ds.keytag = ds->keytag; -+ cache->addr.addr.addr.ds.digest = ds->digest_type; - cache->uid = ds->class; - cache_hash(cache); - make_non_terminals(cache); -@@ -1775,12 +1731,12 @@ void dump_cache(time_t now) - else if (cache->flags & F_DS) - { - if (!(cache->flags & F_NEG)) -- sprintf(a, "%5u %3u %3u", cache->addr.ds.keytag, -- cache->addr.ds.algo, cache->addr.ds.digest); -+ sprintf(a, "%5u %3u %3u", cache->addr.addr.addr.ds.keytag, -+ cache->addr.addr.addr.ds.algo, cache->addr.addr.addr.ds.digest); - } - else if (cache->flags & F_DNSKEY) -- sprintf(a, "%5u %3u %3u", cache->addr.key.keytag, -- cache->addr.key.algo, cache->addr.key.flags); -+ sprintf(a, "%5u %3u %3u", cache->addr.addr.addr.key.keytag, -+ cache->addr.addr.addr.key.algo, cache->addr.addr.addr.key.flags); - #endif - else if (!(cache->flags & F_NEG) || !(cache->flags & F_FORWARD)) - { ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -277,14 +277,21 @@ struct all_addr { - union { - struct in_addr addr4; - struct in6_addr addr6; -+ struct { -+ struct blockdata *keydata; -+ unsigned short keylen, flags, keytag; -+ unsigned char algo; -+ } key; -+ struct { -+ struct blockdata *keydata; -+ unsigned short keylen, keytag; -+ unsigned char algo; -+ unsigned char digest; -+ } ds; - /* for log_query */ - struct { - unsigned short keytag, algo, digest, rcode; - } log; -- /* for cache_insert of DNSKEY, DS */ -- struct { -- unsigned short class, type; -- } dnssec; - } addr; - }; - -@@ -414,17 +421,6 @@ struct crec { - } target; - unsigned int uid; /* 0 if union is interface-name */ - } cname; -- struct { -- struct blockdata *keydata; -- unsigned short keylen, flags, keytag; -- unsigned char algo; -- } key; -- struct { -- struct blockdata *keydata; -- unsigned short keylen, keytag; -- unsigned char algo; -- unsigned char digest; -- } ds; - } addr; - time_t ttd; /* time to die */ - /* used as class if DNSKEY/DS, index to source for F_HOSTS */ ---- a/src/dnssec.c -+++ b/src/dnssec.c -@@ -628,10 +628,10 @@ static int validate_rrset(time_t now, st - { - /* iterate through all possible keys 4035 5.3.1 */ - for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY)) -- if (crecp->addr.key.algo == algo && -- crecp->addr.key.keytag == key_tag && -+ if (crecp->addr.addr.addr.key.algo == algo && -+ crecp->addr.addr.addr.key.keytag == key_tag && - crecp->uid == (unsigned int)class && -- verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo)) -+ verify(crecp->addr.addr.addr.key.keydata, crecp->addr.addr.addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo)) - return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE; - } - } -@@ -728,10 +728,10 @@ int dnssec_validate_by_ds(time_t now, st - const struct nettle_hash *hash; - int sigcnt, rrcnt; - -- if (recp1->addr.ds.algo == algo && -- recp1->addr.ds.keytag == keytag && -+ if (recp1->addr.addr.addr.ds.algo == algo && -+ recp1->addr.addr.addr.ds.keytag == keytag && - recp1->uid == (unsigned int)class && -- (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) && -+ (hash = hash_find(ds_digest_name(recp1->addr.addr.addr.ds.digest))) && - hash_init(hash, &ctx, &digest)) - - { -@@ -746,9 +746,9 @@ int dnssec_validate_by_ds(time_t now, st - from_wire(name); - - if (!(recp1->flags & F_NEG) && -- recp1->addr.ds.keylen == (int)hash->digest_size && -- (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) && -- memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 && -+ recp1->addr.addr.addr.ds.keylen == (int)hash->digest_size && -+ (ds_digest = blockdata_retrieve(recp1->addr.addr.addr.ds.keydata, recp1->addr.addr.addr.ds.keylen, NULL)) && -+ memcmp(ds_digest, digest, recp1->addr.addr.addr.ds.keylen) == 0 && - explore_rrset(header, plen, class, T_DNSKEY, name, keyname, &sigcnt, &rrcnt) && - sigcnt != 0 && rrcnt != 0 && - validate_rrset(now, header, plen, class, T_DNSKEY, sigcnt, rrcnt, name, keyname, -@@ -800,7 +800,13 @@ int dnssec_validate_by_ds(time_t now, st - - if ((key = blockdata_alloc((char*)p, rdlen - 4))) - { -- if (!(recp1 = cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK))) -+ a.addr.key.keylen = rdlen - 4; -+ a.addr.key.keydata = key; -+ a.addr.key.algo = algo; -+ a.addr.key.keytag = keytag; -+ a.addr.key.flags = flags; -+ -+ if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)) - { - blockdata_free(key); - return STAT_BOGUS; -@@ -813,12 +819,6 @@ int dnssec_validate_by_ds(time_t now, st - log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu"); - else - log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)"); -- -- recp1->addr.key.keylen = rdlen - 4; -- recp1->addr.key.keydata = key; -- recp1->addr.key.algo = algo; -- recp1->addr.key.keytag = keytag; -- recp1->addr.key.flags = flags; - } - } - } -@@ -915,8 +915,7 @@ int dnssec_validate_ds(time_t now, struc - int algo, digest, keytag; - unsigned char *psave = p; - struct blockdata *key; -- struct crec *crecp; -- -+ - if (rdlen < 4) - return STAT_BOGUS; /* bad packet */ - -@@ -926,7 +925,13 @@ int dnssec_validate_ds(time_t now, struc - - if ((key = blockdata_alloc((char*)p, rdlen - 4))) - { -- if (!(crecp = cache_insert(name, NULL, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK))) -+ a.addr.ds.digest = digest; -+ a.addr.ds.keydata = key; -+ a.addr.ds.algo = algo; -+ a.addr.ds.keytag = keytag; -+ a.addr.ds.keylen = rdlen - 4; -+ -+ if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)) - { - blockdata_free(key); - return STAT_BOGUS; -@@ -940,12 +945,6 @@ int dnssec_validate_ds(time_t now, struc - log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu"); - else - log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)"); -- -- crecp->addr.ds.digest = digest; -- crecp->addr.ds.keydata = key; -- crecp->addr.ds.algo = algo; -- crecp->addr.ds.keytag = keytag; -- crecp->addr.ds.keylen = rdlen - 4; - } - } - -@@ -1711,8 +1710,8 @@ static int zone_status(char *name, int c - do - { - if (crecp->uid == (unsigned int)class && -- ds_digest_name(crecp->addr.ds.digest) && -- algo_digest_name(crecp->addr.ds.algo)) -+ ds_digest_name(crecp->addr.addr.addr.ds.digest) && -+ algo_digest_name(crecp->addr.addr.addr.ds.algo)) - break; - } - while ((crecp = cache_find_by_name(crecp, keyname, now, F_DS))); diff --git a/package/network/services/dnsmasq/patches/0021-Remove-nested-struct-union-in-cache-records-and-all_.patch b/package/network/services/dnsmasq/patches/0021-Remove-nested-struct-union-in-cache-records-and-all_.patch deleted file mode 100644 index 360e8a4c04..0000000000 --- a/package/network/services/dnsmasq/patches/0021-Remove-nested-struct-union-in-cache-records-and-all_.patch +++ /dev/null @@ -1,2316 +0,0 @@ -From cc921df9ceac79acf9f1c477d015a3d88275422d Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Wed, 2 Jan 2019 22:48:59 +0000 -Subject: [PATCH 21/32] Remove nested struct/union in cache records and - all_addr. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/arp.c | 18 ++++----- - src/auth.c | 36 ++++++++--------- - src/bpf.c | 10 ++--- - src/cache.c | 98 +++++++++++++++++++++++----------------------- - src/conntrack.c | 6 +-- - src/dbus.c | 24 ++++++------ - src/dhcp-common.c | 14 +++---- - src/dhcp.c | 20 +++++----- - src/dhcp6.c | 2 +- - src/dnsmasq.c | 6 +-- - src/dnsmasq.h | 99 ++++++++++++++++++++++++----------------------- - src/dnssec.c | 56 +++++++++++++-------------- - src/domain.c | 32 +++++++-------- - src/forward.c | 88 ++++++++++++++++++++--------------------- - src/helper.c | 6 +-- - src/ipset.c | 10 ++--- - src/lease.c | 22 +++++------ - src/network.c | 36 ++++++++--------- - src/option.c | 16 ++++---- - src/rfc1035.c | 46 +++++++++++----------- - src/rfc3315.c | 12 +++--- - src/tables.c | 6 +-- - src/tftp.c | 8 ++-- - 23 files changed, 336 insertions(+), 335 deletions(-) - ---- a/src/arp.c -+++ b/src/arp.c -@@ -28,7 +28,7 @@ struct arp_record { - unsigned short hwlen, status; - int family; - unsigned char hwaddr[DHCP_CHADDR_MAX]; -- struct all_addr addr; -+ union all_addr addr; - struct arp_record *next; - }; - -@@ -52,12 +52,12 @@ static int filter_mac(int family, char * - - if (family == AF_INET) - { -- if (arp->addr.addr.addr4.s_addr != ((struct in_addr *)addrp)->s_addr) -+ if (arp->addr.addr4.s_addr != ((struct in_addr *)addrp)->s_addr) - continue; - } - else - { -- if (!IN6_ARE_ADDR_EQUAL(&arp->addr.addr.addr6, (struct in6_addr *)addrp)) -+ if (!IN6_ARE_ADDR_EQUAL(&arp->addr.addr6, (struct in6_addr *)addrp)) - continue; - } - -@@ -95,9 +95,9 @@ static int filter_mac(int family, char * - arp->family = family; - memcpy(arp->hwaddr, mac, maclen); - if (family == AF_INET) -- arp->addr.addr.addr4.s_addr = ((struct in_addr *)addrp)->s_addr; -+ arp->addr.addr4.s_addr = ((struct in_addr *)addrp)->s_addr; - else -- memcpy(&arp->addr.addr.addr6, addrp, IN6ADDRSZ); -+ memcpy(&arp->addr.addr6, addrp, IN6ADDRSZ); - } - - return 1; -@@ -124,11 +124,11 @@ int find_mac(union mysockaddr *addr, uns - continue; - - if (arp->family == AF_INET && -- arp->addr.addr.addr4.s_addr != addr->in.sin_addr.s_addr) -+ arp->addr.addr4.s_addr != addr->in.sin_addr.s_addr) - continue; - - if (arp->family == AF_INET6 && -- !IN6_ARE_ADDR_EQUAL(&arp->addr.addr.addr6, &addr->in6.sin6_addr)) -+ !IN6_ARE_ADDR_EQUAL(&arp->addr.addr6, &addr->in6.sin6_addr)) - continue; - - /* Only accept positive entries unless in lazy mode. */ -@@ -191,9 +191,9 @@ int find_mac(union mysockaddr *addr, uns - arp->hwlen = 0; - - if (addr->sa.sa_family == AF_INET) -- arp->addr.addr.addr4.s_addr = addr->in.sin_addr.s_addr; -+ arp->addr.addr4.s_addr = addr->in.sin_addr.s_addr; - else -- memcpy(&arp->addr.addr.addr6, &addr->in6.sin6_addr, IN6ADDRSZ); -+ memcpy(&arp->addr.addr6, &addr->in6.sin6_addr, IN6ADDRSZ); - } - - return 0; ---- a/src/auth.c -+++ b/src/auth.c -@@ -18,22 +18,22 @@ - - #ifdef HAVE_AUTH - --static struct addrlist *find_addrlist(struct addrlist *list, int flag, struct all_addr *addr_u) -+static struct addrlist *find_addrlist(struct addrlist *list, int flag, union all_addr *addr_u) - { - do { - if (!(list->flags & ADDRLIST_IPV6)) - { -- struct in_addr netmask, addr = addr_u->addr.addr4; -+ struct in_addr netmask, addr = addr_u->addr4; - - if (!(flag & F_IPV4)) - continue; - - netmask.s_addr = htonl(~(in_addr_t)0 << (32 - list->prefixlen)); - -- if (is_same_net(addr, list->addr.addr.addr4, netmask)) -+ if (is_same_net(addr, list->addr.addr4, netmask)) - return list; - } -- else if (is_same_net6(&(addr_u->addr.addr6), &list->addr.addr.addr6, list->prefixlen)) -+ else if (is_same_net6(&(addr_u->addr6), &list->addr.addr6, list->prefixlen)) - return list; - - } while ((list = list->next)); -@@ -41,7 +41,7 @@ static struct addrlist *find_addrlist(st - return NULL; - } - --static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u) -+static struct addrlist *find_subnet(struct auth_zone *zone, int flag, union all_addr *addr_u) - { - if (!zone->subnet) - return NULL; -@@ -49,7 +49,7 @@ static struct addrlist *find_subnet(stru - return find_addrlist(zone->subnet, flag, addr_u); - } - --static struct addrlist *find_exclude(struct auth_zone *zone, int flag, struct all_addr *addr_u) -+static struct addrlist *find_exclude(struct auth_zone *zone, int flag, union all_addr *addr_u) - { - if (!zone->exclude) - return NULL; -@@ -57,7 +57,7 @@ static struct addrlist *find_exclude(str - return find_addrlist(zone->exclude, flag, addr_u); - } - --static int filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u) -+static int filter_zone(struct auth_zone *zone, int flag, union all_addr *addr_u) - { - if (find_exclude(zone, flag, addr_u)) - return 0; -@@ -113,7 +113,7 @@ size_t answer_auth(struct dns_header *he - struct txt_record *txt; - struct interface_name *intr; - struct naptr *na; -- struct all_addr addr; -+ union all_addr addr; - struct cname *a, *candidate; - unsigned int wclen; - -@@ -178,7 +178,7 @@ size_t answer_auth(struct dns_header *he - struct addrlist *addrlist; - - for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) -- if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr.addr4.s_addr == addrlist->addr.addr.addr4.s_addr) -+ if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr4.s_addr == addrlist->addr.addr4.s_addr) - break; - - if (addrlist) -@@ -193,7 +193,7 @@ size_t answer_auth(struct dns_header *he - struct addrlist *addrlist; - - for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) -- if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr.addr6, &addrlist->addr.addr.addr6)) -+ if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr6, &addrlist->addr.addr6)) - break; - - if (addrlist) -@@ -468,10 +468,10 @@ size_t answer_auth(struct dns_header *he - { - nxdomain = 0; - if ((crecp->flags & flag) && -- (local_query || filter_zone(zone, flag, &(crecp->addr.addr)))) -+ (local_query || filter_zone(zone, flag, &(crecp->addr)))) - { - *cut = '.'; /* restore domain part */ -- log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid)); -+ log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid)); - *cut = 0; /* remove domain part */ - found = 1; - if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, -@@ -491,9 +491,9 @@ size_t answer_auth(struct dns_header *he - do - { - nxdomain = 0; -- if ((crecp->flags & flag) && (local_query || filter_zone(zone, flag, &(crecp->addr.addr)))) -+ if ((crecp->flags & flag) && (local_query || filter_zone(zone, flag, &(crecp->addr)))) - { -- log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid)); -+ log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid)); - found = 1; - if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, - daemon->auth_ttl, NULL, qtype, C_IN, -@@ -580,7 +580,7 @@ size_t answer_auth(struct dns_header *he - - if (!(subnet->flags & ADDRLIST_IPV6)) - { -- in_addr_t a = ntohl(subnet->addr.addr.addr4.s_addr) >> 8; -+ in_addr_t a = ntohl(subnet->addr.addr4.s_addr) >> 8; - char *p = name; - - if (subnet->prefixlen >= 24) -@@ -599,7 +599,7 @@ size_t answer_auth(struct dns_header *he - - for (i = subnet->prefixlen-1; i >= 0; i -= 4) - { -- int dig = ((unsigned char *)&subnet->addr.addr.addr6)[i>>3]; -+ int dig = ((unsigned char *)&subnet->addr.addr6)[i>>3]; - p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4); - } - p += sprintf(p, "ip6.arpa"); -@@ -783,7 +783,7 @@ size_t answer_auth(struct dns_header *he - { - char *cache_name = cache_get_name(crecp); - if (!strchr(cache_name, '.') && -- (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr))) && -+ (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr))) && - add_resource_record(header, limit, &trunc, -axfroffset, &ansp, - daemon->auth_ttl, NULL, (crecp->flags & F_IPV6) ? T_AAAA : T_A, C_IN, - (crecp->flags & F_IPV4) ? "4" : "6", cache_name, &crecp->addr)) -@@ -794,7 +794,7 @@ size_t answer_auth(struct dns_header *he - { - strcpy(name, cache_get_name(crecp)); - if (in_zone(zone, name, &cut) && -- (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))) -+ (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr)))) - { - if (cut) - *cut = 0; ---- a/src/bpf.c -+++ b/src/bpf.c -@@ -42,7 +42,7 @@ - - #ifdef HAVE_BSD_NETWORK - static int del_family = 0; --static struct all_addr del_addr; -+static union all_addr del_addr; - #endif - - #if defined(HAVE_BSD_NETWORK) && !defined(__APPLE__) -@@ -139,7 +139,7 @@ int iface_enumerate(int family, void *pa - struct in_addr addr, netmask, broadcast; - addr = ((struct sockaddr_in *) addrs->ifa_addr)->sin_addr; - #ifdef HAVE_BSD_NETWORK -- if (del_family == AF_INET && del_addr.addr.addr4.s_addr == addr.s_addr) -+ if (del_family == AF_INET && del_addr.addr4.s_addr == addr.s_addr) - continue; - #endif - netmask = ((struct sockaddr_in *) addrs->ifa_netmask)->sin_addr; -@@ -159,7 +159,7 @@ int iface_enumerate(int family, void *pa - u32 valid = 0xffffffff, preferred = 0xffffffff; - int flags = 0; - #ifdef HAVE_BSD_NETWORK -- if (del_family == AF_INET6 && IN6_ARE_ADDR_EQUAL(&del_addr.addr.addr6, addr)) -+ if (del_family == AF_INET6 && IN6_ARE_ADDR_EQUAL(&del_addr.addr6, addr)) - continue; - #endif - #if defined(HAVE_BSD_NETWORK) && !defined(__APPLE__) -@@ -422,9 +422,9 @@ void route_sock(void) - { - del_family = sa->sa_family; - if (del_family == AF_INET) -- del_addr.addr.addr4 = ((struct sockaddr_in *)sa)->sin_addr; -+ del_addr.addr4 = ((struct sockaddr_in *)sa)->sin_addr; - else if (del_family == AF_INET6) -- del_addr.addr.addr6 = ((struct sockaddr_in6 *)sa)->sin6_addr; -+ del_addr.addr6 = ((struct sockaddr_in6 *)sa)->sin6_addr; - else - del_family = 0; - } ---- a/src/cache.c -+++ b/src/cache.c -@@ -26,7 +26,7 @@ static union bigname *big_free = NULL; - static int bignames_left, hash_size; - - static void make_non_terminals(struct crec *source); --static struct crec *really_insert(char *name, struct all_addr *addr, unsigned short class, -+static struct crec *really_insert(char *name, union all_addr *addr, unsigned short class, - time_t now, unsigned long ttl, unsigned short flags); - - /* type->string mapping: this is also used by the name-hash function as a mixing table. */ -@@ -202,9 +202,9 @@ static void cache_hash(struct crec *crec - static void cache_blockdata_free(struct crec *crecp) - { - if (crecp->flags & F_DNSKEY) -- blockdata_free(crecp->addr.addr.addr.key.keydata); -+ blockdata_free(crecp->addr.key.keydata); - else if ((crecp->flags & F_DS) && !(crecp->flags & F_NEG)) -- blockdata_free(crecp->addr.addr.addr.ds.keydata); -+ blockdata_free(crecp->addr.ds.keydata); - } - #endif - -@@ -330,7 +330,7 @@ static int is_expired(time_t now, struct - return 1; - } - --static struct crec *cache_scan_free(char *name, struct all_addr *addr, unsigned short class, time_t now, -+static struct crec *cache_scan_free(char *name, union all_addr *addr, unsigned short class, time_t now, - unsigned short flags, struct crec **target_crec, unsigned int *target_uid) - { - /* Scan and remove old entries. -@@ -430,7 +430,7 @@ static struct crec *cache_scan_free(char - else if (!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) && - (flags & crecp->flags & F_REVERSE) && - (flags & crecp->flags & (F_IPV4 | F_IPV6)) && -- memcmp(&crecp->addr.addr, addr, addrlen) == 0) -+ memcmp(&crecp->addr, addr, addrlen) == 0) - { - *up = crecp->hash_next; - cache_unlink(crecp); -@@ -466,7 +466,7 @@ void cache_start_insert(void) - insert_error = 0; - } - --struct crec *cache_insert(char *name, struct all_addr *addr, unsigned short class, -+struct crec *cache_insert(char *name, union all_addr *addr, unsigned short class, - time_t now, unsigned long ttl, unsigned short flags) - { - /* Don't log DNSSEC records here, done elsewhere */ -@@ -484,7 +484,7 @@ struct crec *cache_insert(char *name, st - } - - --static struct crec *really_insert(char *name, struct all_addr *addr, unsigned short class, -+static struct crec *really_insert(char *name, union all_addr *addr, unsigned short class, - time_t now, unsigned long ttl, unsigned short flags) - { - struct crec *new, *target_crec = NULL; -@@ -509,10 +509,10 @@ static struct crec *really_insert(char * - if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr) - { - if ((flags & F_IPV4) && (new->flags & F_IPV4) && -- new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr) -+ new->addr.addr4.s_addr == addr->addr4.s_addr) - return new; - else if ((flags & F_IPV6) && (new->flags & F_IPV6) && -- IN6_ARE_ADDR_EQUAL(&new->addr.addr.addr.addr6, &addr->addr.addr6)) -+ IN6_ARE_ADDR_EQUAL(&new->addr.addr6, &addr->addr6)) - return new; - } - -@@ -557,7 +557,7 @@ static struct crec *really_insert(char * - { - /* For DNSSEC records, uid holds class. */ - free_avail = 1; /* Must be free space now. */ -- cache_scan_free(cache_get_name(new), &new->addr.addr, new->uid, now, new->flags, NULL, NULL); -+ cache_scan_free(cache_get_name(new), &new->addr, new->uid, now, new->flags, NULL, NULL); - daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED]++; - } - else -@@ -616,7 +616,7 @@ static struct crec *really_insert(char * - #endif - - if (addr) -- new->addr.addr = *addr; -+ new->addr = *addr; - - new->ttd = now + (time_t)ttl; - new->next = new_chain; -@@ -665,14 +665,14 @@ void cache_end_insert(void) - if (flags & F_DNSKEY) - { - read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); -- blockdata_write(new_chain->addr.addr.addr.key.keydata, new_chain->addr.addr.addr.key.keylen, daemon->pipe_to_parent); -+ blockdata_write(new_chain->addr.key.keydata, new_chain->addr.key.keylen, daemon->pipe_to_parent); - } - else if (flags & F_DS) - { - read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); - /* A negative DS entry is possible and has no data, obviously. */ - if (!(flags & F_NEG)) -- blockdata_write(new_chain->addr.addr.addr.ds.keydata, new_chain->addr.addr.addr.ds.keylen, daemon->pipe_to_parent); -+ blockdata_write(new_chain->addr.ds.keydata, new_chain->addr.ds.keylen, daemon->pipe_to_parent); - } - #endif - } -@@ -696,7 +696,7 @@ void cache_end_insert(void) - int cache_recv_insert(time_t now, int fd) - { - ssize_t m; -- struct all_addr addr; -+ union all_addr addr; - unsigned long ttl; - time_t ttd; - unsigned short flags; -@@ -736,14 +736,14 @@ int cache_recv_insert(time_t now, int fd - if (flags & F_DNSKEY) - { - if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || -- !(addr.addr.key.keydata = blockdata_read(fd, addr.addr.key.keylen))) -+ !(addr.key.keydata = blockdata_read(fd, addr.key.keylen))) - return 0; - } - else if (flags & F_DS) - { - if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || - (flags & F_NEG) || -- !(addr.addr.key.keydata = blockdata_read(fd, addr.addr.key.keylen))) -+ !(addr.key.keydata = blockdata_read(fd, addr.key.keylen))) - return 0; - } - #endif -@@ -876,7 +876,7 @@ struct crec *cache_find_by_name(struct c - return NULL; - } - --struct crec *cache_find_by_addr(struct crec *crecp, struct all_addr *addr, -+struct crec *cache_find_by_addr(struct crec *crecp, union all_addr *addr, - time_t now, unsigned int prot) - { - struct crec *ans; -@@ -900,7 +900,7 @@ struct crec *cache_find_by_addr(struct c - if (!is_expired(now, crecp)) - { - if ((crecp->flags & prot) && -- memcmp(&crecp->addr.addr, addr, addrlen) == 0) -+ memcmp(&crecp->addr, addr, addrlen) == 0) - { - if (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) - { -@@ -931,7 +931,7 @@ struct crec *cache_find_by_addr(struct c - if (ans && - (ans->flags & F_REVERSE) && - (ans->flags & prot) && -- memcmp(&ans->addr.addr, addr, addrlen) == 0) -+ memcmp(&ans->addr, addr, addrlen) == 0) - return ans; - - return NULL; -@@ -961,7 +961,7 @@ static void add_hosts_cname(struct crec - } - } - --static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrlen, -+static void add_hosts_entry(struct crec *cache, union all_addr *addr, int addrlen, - unsigned int index, struct crec **rhash, int hashsz) - { - struct crec *lookup = cache_find_by_name(NULL, cache_get_name(cache), 0, cache->flags & (F_IPV4 | F_IPV6)); -@@ -972,7 +972,7 @@ static void add_hosts_entry(struct crec - if (lookup && (lookup->flags & F_HOSTS)) - { - nameexists = 1; -- if (memcmp(&lookup->addr.addr, addr, addrlen) == 0) -+ if (memcmp(&lookup->addr, addr, addrlen) == 0) - { - free(cache); - return; -@@ -1004,7 +1004,7 @@ static void add_hosts_entry(struct crec - - for (lookup = rhash[j]; lookup; lookup = lookup->next) - if ((lookup->flags & cache->flags & (F_IPV4 | F_IPV6)) && -- memcmp(&lookup->addr.addr, addr, addrlen) == 0) -+ memcmp(&lookup->addr, addr, addrlen) == 0) - { - cache->flags &= ~F_REVERSE; - break; -@@ -1026,7 +1026,7 @@ static void add_hosts_entry(struct crec - } - - cache->uid = index; -- memcpy(&cache->addr.addr, addr, addrlen); -+ memcpy(&cache->addr, addr, addrlen); - cache_hash(cache); - make_non_terminals(cache); - -@@ -1088,7 +1088,7 @@ int read_hostsfile(char *filename, unsig - char *token = daemon->namebuff, *domain_suffix = NULL; - int addr_count = 0, name_count = cache_size, lineno = 0; - unsigned short flags = 0; -- struct all_addr addr; -+ union all_addr addr; - int atnl, addrlen = 0; - - if (!f) -@@ -1107,13 +1107,13 @@ int read_hostsfile(char *filename, unsig - { - flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4; - addrlen = INADDRSZ; -- domain_suffix = get_domain(addr.addr.addr4); -+ domain_suffix = get_domain(addr.addr4); - } - else if (inet_pton(AF_INET6, token, &addr) > 0) - { - flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6; - addrlen = IN6ADDRSZ; -- domain_suffix = get_domain6(&addr.addr.addr6); -+ domain_suffix = get_domain6(&addr.addr6); - } - else - { -@@ -1246,15 +1246,15 @@ void cache_reload(void) - #ifdef HAVE_DNSSEC - for (ds = daemon->ds; ds; ds = ds->next) - if ((cache = whine_malloc(SIZEOF_POINTER_CREC)) && -- (cache->addr.addr.addr.ds.keydata = blockdata_alloc(ds->digest, ds->digestlen))) -+ (cache->addr.ds.keydata = blockdata_alloc(ds->digest, ds->digestlen))) - { - cache->flags = F_FORWARD | F_IMMORTAL | F_DS | F_CONFIG | F_NAMEP; - cache->ttd = daemon->local_ttl; - cache->name.namep = ds->name; -- cache->addr.addr.addr.ds.keylen = ds->digestlen; -- cache->addr.addr.addr.ds.algo = ds->algo; -- cache->addr.addr.addr.ds.keytag = ds->keytag; -- cache->addr.addr.addr.ds.digest = ds->digest_type; -+ cache->addr.ds.keylen = ds->digestlen; -+ cache->addr.ds.algo = ds->algo; -+ cache->addr.ds.keytag = ds->keytag; -+ cache->addr.ds.digest = ds->digest_type; - cache->uid = ds->class; - cache_hash(cache); - make_non_terminals(cache); -@@ -1277,7 +1277,7 @@ void cache_reload(void) - cache->name.namep = nl->name; - cache->ttd = hr->ttl; - cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4 | F_NAMEP | F_CONFIG; -- add_hosts_entry(cache, (struct all_addr *)&hr->addr, INADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); -+ add_hosts_entry(cache, (union all_addr *)&hr->addr, INADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); - } - - if (!IN6_IS_ADDR_UNSPECIFIED(&hr->addr6) && -@@ -1286,7 +1286,7 @@ void cache_reload(void) - cache->name.namep = nl->name; - cache->ttd = hr->ttl; - cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6 | F_NAMEP | F_CONFIG; -- add_hosts_entry(cache, (struct all_addr *)&hr->addr6, IN6ADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); -+ add_hosts_entry(cache, (union all_addr *)&hr->addr6, IN6ADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); - } - } - -@@ -1320,7 +1320,7 @@ struct in_addr a_record_from_hosts(char - - while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4))) - if (crecp->flags & F_HOSTS) -- return *(struct in_addr *)&crecp->addr; -+ return crecp->addr.addr4; - - my_syslog(MS_DHCP | LOG_WARNING, _("No IPv4 address found for %s"), name); - -@@ -1379,7 +1379,7 @@ static void add_dhcp_cname(struct crec * - } - - void cache_add_dhcp_entry(char *host_name, int prot, -- struct all_addr *host_address, time_t ttd) -+ union all_addr *host_address, time_t ttd) - { - struct crec *crec = NULL, *fail_crec = NULL; - unsigned short flags = F_IPV4; -@@ -1403,7 +1403,7 @@ void cache_add_dhcp_entry(char *host_nam - my_syslog(MS_DHCP | LOG_WARNING, - _("%s is a CNAME, not giving it to the DHCP lease of %s"), - host_name, daemon->addrbuff); -- else if (memcmp(&crec->addr.addr, host_address, addrlen) == 0) -+ else if (memcmp(&crec->addr, host_address, addrlen) == 0) - in_hosts = 1; - else - fail_crec = crec; -@@ -1423,7 +1423,7 @@ void cache_add_dhcp_entry(char *host_nam - /* Name in hosts, address doesn't match */ - if (fail_crec) - { -- inet_ntop(prot, &fail_crec->addr.addr, daemon->namebuff, MAXDNAME); -+ inet_ntop(prot, &fail_crec->addr, daemon->namebuff, MAXDNAME); - my_syslog(MS_DHCP | LOG_WARNING, - _("not giving name %s to the DHCP lease of %s because " - "the name exists in %s with address %s"), -@@ -1432,12 +1432,12 @@ void cache_add_dhcp_entry(char *host_nam - return; - } - -- if ((crec = cache_find_by_addr(NULL, (struct all_addr *)host_address, 0, flags))) -+ if ((crec = cache_find_by_addr(NULL, (union all_addr *)host_address, 0, flags))) - { - if (crec->flags & F_NEG) - { - flags |= F_REVERSE; -- cache_scan_free(NULL, (struct all_addr *)host_address, C_IN, 0, flags, NULL, NULL); -+ cache_scan_free(NULL, (union all_addr *)host_address, C_IN, 0, flags, NULL, NULL); - } - } - else -@@ -1455,7 +1455,7 @@ void cache_add_dhcp_entry(char *host_nam - crec->flags |= F_IMMORTAL; - else - crec->ttd = ttd; -- crec->addr.addr = *host_address; -+ crec->addr = *host_address; - crec->name.namep = host_name; - crec->uid = UID_NONE; - cache_hash(crec); -@@ -1731,20 +1731,20 @@ void dump_cache(time_t now) - else if (cache->flags & F_DS) - { - if (!(cache->flags & F_NEG)) -- sprintf(a, "%5u %3u %3u", cache->addr.addr.addr.ds.keytag, -- cache->addr.addr.addr.ds.algo, cache->addr.addr.addr.ds.digest); -+ sprintf(a, "%5u %3u %3u", cache->addr.ds.keytag, -+ cache->addr.ds.algo, cache->addr.ds.digest); - } - else if (cache->flags & F_DNSKEY) -- sprintf(a, "%5u %3u %3u", cache->addr.addr.addr.key.keytag, -- cache->addr.addr.addr.key.algo, cache->addr.addr.addr.key.flags); -+ sprintf(a, "%5u %3u %3u", cache->addr.key.keytag, -+ cache->addr.key.algo, cache->addr.key.flags); - #endif - else if (!(cache->flags & F_NEG) || !(cache->flags & F_FORWARD)) - { - a = daemon->addrbuff; - if (cache->flags & F_IPV4) -- inet_ntop(AF_INET, &cache->addr.addr, a, ADDRSTRLEN); -+ inet_ntop(AF_INET, &cache->addr, a, ADDRSTRLEN); - else if (cache->flags & F_IPV6) -- inet_ntop(AF_INET6, &cache->addr.addr, a, ADDRSTRLEN); -+ inet_ntop(AF_INET6, &cache->addr, a, ADDRSTRLEN); - } - - if (cache->flags & F_IPV4) -@@ -1857,7 +1857,7 @@ char *querystr(char *desc, unsigned shor - return buff ? buff : ""; - } - --void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg) -+void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg) - { - char *source, *dest = daemon->addrbuff; - char *verb = "is"; -@@ -1870,10 +1870,10 @@ void log_query(unsigned int flags, char - if (addr) - { - if (flags & F_KEYTAG) -- sprintf(daemon->addrbuff, arg, addr->addr.log.keytag, addr->addr.log.algo, addr->addr.log.digest); -+ sprintf(daemon->addrbuff, arg, addr->log.keytag, addr->log.algo, addr->log.digest); - else if (flags & F_RCODE) - { -- unsigned int rcode = addr->addr.log.rcode; -+ unsigned int rcode = addr->log.rcode; - - if (rcode == SERVFAIL) - dest = "SERVFAIL"; ---- a/src/conntrack.c -+++ b/src/conntrack.c -@@ -24,7 +24,7 @@ static int gotit = 0; /* yuck */ - - static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data); - --int get_incoming_mark(union mysockaddr *peer_addr, struct all_addr *local_addr, int istcp, unsigned int *markp) -+int get_incoming_mark(union mysockaddr *peer_addr, union all_addr *local_addr, int istcp, unsigned int *markp) - { - struct nf_conntrack *ct; - struct nfct_handle *h; -@@ -41,14 +41,14 @@ int get_incoming_mark(union mysockaddr * - nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6); - nfct_set_attr(ct, ATTR_IPV6_SRC, peer_addr->in6.sin6_addr.s6_addr); - nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in6.sin6_port); -- nfct_set_attr(ct, ATTR_IPV6_DST, local_addr->addr.addr6.s6_addr); -+ nfct_set_attr(ct, ATTR_IPV6_DST, local_addr->addr6.s6_addr); - } - else - { - nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); - nfct_set_attr_u32(ct, ATTR_IPV4_SRC, peer_addr->in.sin_addr.s_addr); - nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in.sin_port); -- nfct_set_attr_u32(ct, ATTR_IPV4_DST, local_addr->addr.addr4.s_addr); -+ nfct_set_attr_u32(ct, ATTR_IPV4_DST, local_addr->addr4.s_addr); - } - - ---- a/src/dbus.c -+++ b/src/dbus.c -@@ -456,7 +456,7 @@ static DBusMessage *dbus_add_lease(DBusM - int clid_len, hostname_len, hw_len, hw_type; - dbus_uint32_t expires, ia_id; - dbus_bool_t is_temporary; -- struct all_addr addr; -+ union all_addr addr; - time_t now = dnsmasq_time(); - unsigned char dhcp_chaddr[DHCP_CHADDR_MAX]; - -@@ -526,20 +526,20 @@ static DBusMessage *dbus_add_lease(DBusM - - dbus_message_iter_get_basic(&iter, &is_temporary); - -- if (inet_pton(AF_INET, ipaddr, &addr.addr.addr4)) -+ if (inet_pton(AF_INET, ipaddr, &addr.addr4)) - { - if (ia_id != 0 || is_temporary) - return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS, - "ia_id and is_temporary must be zero for IPv4 lease"); - -- if (!(lease = lease_find_by_addr(addr.addr.addr4))) -- lease = lease4_allocate(addr.addr.addr4); -+ if (!(lease = lease_find_by_addr(addr.addr4))) -+ lease = lease4_allocate(addr.addr4); - } - #ifdef HAVE_DHCP6 -- else if (inet_pton(AF_INET6, ipaddr, &addr.addr.addr6)) -+ else if (inet_pton(AF_INET6, ipaddr, &addr.addr6)) - { -- if (!(lease = lease6_find_by_addr(&addr.addr.addr6, 128, 0))) -- lease = lease6_allocate(&addr.addr.addr6, -+ if (!(lease = lease6_find_by_addr(&addr.addr6, 128, 0))) -+ lease = lease6_allocate(&addr.addr6, - is_temporary ? LEASE_TA : LEASE_NA); - lease_set_iaid(lease, ia_id); - } -@@ -570,7 +570,7 @@ static DBusMessage *dbus_del_lease(DBusM - DBusMessageIter iter; - const char *ipaddr; - DBusMessage *reply; -- struct all_addr addr; -+ union all_addr addr; - dbus_bool_t ret = 1; - time_t now = dnsmasq_time(); - -@@ -584,11 +584,11 @@ static DBusMessage *dbus_del_lease(DBusM - - dbus_message_iter_get_basic(&iter, &ipaddr); - -- if (inet_pton(AF_INET, ipaddr, &addr.addr.addr4)) -- lease = lease_find_by_addr(addr.addr.addr4); -+ if (inet_pton(AF_INET, ipaddr, &addr.addr4)) -+ lease = lease_find_by_addr(addr.addr4); - #ifdef HAVE_DHCP6 -- else if (inet_pton(AF_INET6, ipaddr, &addr.addr.addr6)) -- lease = lease6_find_by_addr(&addr.addr.addr6, 128, 0); -+ else if (inet_pton(AF_INET6, ipaddr, &addr.addr6)) -+ lease = lease6_find_by_addr(&addr.addr6, 128, 0); - #endif - else - return dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS, ---- a/src/dhcp-common.c -+++ b/src/dhcp-common.c -@@ -403,30 +403,30 @@ void dhcp_update_configs(struct dhcp_con - crec = cache_find_by_name(crec, config->hostname, 0, cacheflags); - if (!crec) - continue; /* should be never */ -- inet_ntop(prot, &crec->addr.addr, daemon->addrbuff, ADDRSTRLEN); -+ inet_ntop(prot, &crec->addr, daemon->addrbuff, ADDRSTRLEN); - my_syslog(MS_DHCP | LOG_WARNING, _("%s has more than one address in hostsfile, using %s for DHCP"), - config->hostname, daemon->addrbuff); - } - - if (prot == AF_INET && -- (!(conf_tmp = config_find_by_address(configs, crec->addr.addr.addr.addr4)) || conf_tmp == config)) -+ (!(conf_tmp = config_find_by_address(configs, crec->addr.addr4)) || conf_tmp == config)) - { -- config->addr = crec->addr.addr.addr.addr4; -+ config->addr = crec->addr.addr4; - config->flags |= CONFIG_ADDR | CONFIG_ADDR_HOSTS; - continue; - } - - #ifdef HAVE_DHCP6 - if (prot == AF_INET6 && -- (!(conf_tmp = config_find_by_address6(configs, &crec->addr.addr.addr.addr6, 128, 0)) || conf_tmp == config)) -+ (!(conf_tmp = config_find_by_address6(configs, &crec->addr.addr6, 128, 0)) || conf_tmp == config)) - { -- memcpy(&config->addr6, &crec->addr.addr.addr.addr6, IN6ADDRSZ); -+ memcpy(&config->addr6, &crec->addr.addr6, IN6ADDRSZ); - config->flags |= CONFIG_ADDR6 | CONFIG_ADDR_HOSTS; - continue; - } - #endif - -- inet_ntop(prot, &crec->addr.addr, daemon->addrbuff, ADDRSTRLEN); -+ inet_ntop(prot, &crec->addr, daemon->addrbuff, ADDRSTRLEN); - my_syslog(MS_DHCP | LOG_WARNING, _("duplicate IP address %s (%s) in dhcp-config directive"), - daemon->addrbuff, config->hostname); - -@@ -693,7 +693,7 @@ char *option_string(int prot, unsigned i - - if (ot[o].size & OT_ADDR_LIST) - { -- struct all_addr addr; -+ union all_addr addr; - int addr_len = INADDRSZ; - - #ifdef HAVE_DHCP6 ---- a/src/dhcp.c -+++ b/src/dhcp.c -@@ -310,7 +310,7 @@ void dhcp_packet(time_t now, int pxe_fd) - parm.relay_local.s_addr = 0; - parm.ind = iface_index; - -- if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL)) -+ if (!iface_check(AF_INET, (union all_addr *)&iface_addr, ifr.ifr_name, NULL)) - { - /* If we failed to match the primary address of the interface, see if we've got a --listen-address - for a secondary */ -@@ -558,7 +558,7 @@ static int complete_context(struct in_ad - } - - for (relay = daemon->relay4; relay; relay = relay->next) -- if (if_index == param->ind && relay->local.addr.addr4.s_addr == local.s_addr && relay->current == relay && -+ if (if_index == param->ind && relay->local.addr4.s_addr == local.s_addr && relay->current == relay && - (param->relay_local.s_addr == 0 || param->relay_local.s_addr == local.s_addr)) - { - relay->current = param->relay; -@@ -984,7 +984,7 @@ char *host_from_dns(struct in_addr addr) - if (daemon->port == 0) - return NULL; /* DNS disabled. */ - -- lookup = cache_find_by_addr(NULL, (struct all_addr *)&addr, 0, F_IPV4); -+ lookup = cache_find_by_addr(NULL, (union all_addr *)&addr, 0, F_IPV4); - - if (lookup && (lookup->flags & F_HOSTS)) - { -@@ -1013,25 +1013,25 @@ char *host_from_dns(struct in_addr addr) - static int relay_upstream4(struct dhcp_relay *relay, struct dhcp_packet *mess, size_t sz, int iface_index) - { - /* ->local is same value for all relays on ->current chain */ -- struct all_addr from; -+ union all_addr from; - - if (mess->op != BOOTREQUEST) - return 0; - - /* source address == relay address */ -- from.addr.addr4 = relay->local.addr.addr4; -+ from.addr4 = relay->local.addr4; - - /* already gatewayed ? */ - if (mess->giaddr.s_addr) - { - /* if so check if by us, to stomp on loops. */ -- if (mess->giaddr.s_addr == relay->local.addr.addr4.s_addr) -+ if (mess->giaddr.s_addr == relay->local.addr4.s_addr) - return 1; - } - else - { - /* plug in our address */ -- mess->giaddr.s_addr = relay->local.addr.addr4.s_addr; -+ mess->giaddr.s_addr = relay->local.addr4.s_addr; - } - - if ((mess->hops++) > 20) -@@ -1042,7 +1042,7 @@ static int relay_upstream4(struct dhcp_ - union mysockaddr to; - - to.sa.sa_family = AF_INET; -- to.in.sin_addr = relay->server.addr.addr4; -+ to.in.sin_addr = relay->server.addr4; - to.in.sin_port = htons(daemon->dhcp_server_port); - - send_from(daemon->dhcpfd, 0, (char *)mess, sz, &to, &from, 0); -@@ -1050,7 +1050,7 @@ static int relay_upstream4(struct dhcp_ - if (option_bool(OPT_LOG_OPTS)) - { - inet_ntop(AF_INET, &relay->local, daemon->addrbuff, ADDRSTRLEN); -- my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay %s -> %s"), daemon->addrbuff, inet_ntoa(relay->server.addr.addr4)); -+ my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay %s -> %s"), daemon->addrbuff, inet_ntoa(relay->server.addr4)); - } - - /* Save this for replies */ -@@ -1070,7 +1070,7 @@ static struct dhcp_relay *relay_reply4(s - - for (relay = daemon->relay4; relay; relay = relay->next) - { -- if (mess->giaddr.s_addr == relay->local.addr.addr4.s_addr) -+ if (mess->giaddr.s_addr == relay->local.addr4.s_addr) - { - if (!relay->interface || wildcard_match(relay->interface, arrival_interface)) - return relay->iface_index != 0 ? relay : NULL; ---- a/src/dhcp6.c -+++ b/src/dhcp6.c -@@ -371,7 +371,7 @@ static int complete_context6(struct in6_ - } - - for (relay = daemon->relay6; relay; relay = relay->next) -- if (IN6_ARE_ADDR_EQUAL(local, &relay->local.addr.addr6) && relay->current == relay && -+ if (IN6_ARE_ADDR_EQUAL(local, &relay->local.addr6) && relay->current == relay && - (IN6_IS_ADDR_UNSPECIFIED(¶m->relay_local) || IN6_ARE_ADDR_EQUAL(local, ¶m->relay_local))) - { - relay->current = param->relay; ---- a/src/dnsmasq.c -+++ b/src/dnsmasq.c -@@ -1721,12 +1721,12 @@ static void check_dns_listeners(time_t n - if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 && - indextoname(listener->tcpfd, if_index, intr_name)) - { -- struct all_addr addr; -+ union all_addr addr; - - if (tcp_addr.sa.sa_family == AF_INET6) -- addr.addr.addr6 = tcp_addr.in6.sin6_addr; -+ addr.addr6 = tcp_addr.in6.sin6_addr; - else -- addr.addr.addr4 = tcp_addr.in.sin_addr; -+ addr.addr4 = tcp_addr.in.sin_addr; - - for (iface = daemon->interfaces; iface; iface = iface->next) - if (iface->index == if_index) ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -273,28 +273,39 @@ struct event_desc { - #define MS_DHCP LOG_DAEMON - #define MS_SCRIPT LOG_MAIL - --struct all_addr { -- union { -- struct in_addr addr4; -- struct in6_addr addr6; -- struct { -- struct blockdata *keydata; -- unsigned short keylen, flags, keytag; -- unsigned char algo; -- } key; -- struct { -- struct blockdata *keydata; -- unsigned short keylen, keytag; -- unsigned char algo; -- unsigned char digest; -- } ds; -- /* for log_query */ -- struct { -- unsigned short keytag, algo, digest, rcode; -- } log; -- } addr; -+/* Note that this is used widely as a container for IPv4/IPv6 addresses, -+ so for that reason, was well as to avoid wasting memory in almost every -+ cache entry, the other variants should not be larger than -+ sizeof(struct in6_addr) - 16 bytes. -+*/ -+union all_addr { -+ struct in_addr addr4; -+ struct in6_addr addr6; -+ struct { -+ union { -+ struct crec *cache; -+ struct interface_name *int_name; -+ } target; -+ unsigned int uid; /* 0 if union is interface-name */ -+ } cname; -+ struct { -+ struct blockdata *keydata; -+ unsigned short keylen, flags, keytag; -+ unsigned char algo; -+ } key; -+ struct { -+ struct blockdata *keydata; -+ unsigned short keylen, keytag; -+ unsigned char algo; -+ unsigned char digest; -+ } ds; -+ /* for log_query */ -+ struct { -+ unsigned short keytag, algo, digest, rcode; -+ } log; - }; - -+ - struct bogus_addr { - struct in_addr addr; - struct bogus_addr *next; -@@ -359,7 +370,7 @@ struct ds_config { - #define ADDRLIST_REVONLY 4 - - struct addrlist { -- struct all_addr addr; -+ union all_addr addr; - int flags, prefixlen; - struct addrlist *next; - }; -@@ -411,17 +422,7 @@ struct blockdata { - - struct crec { - struct crec *next, *prev, *hash_next; -- /* union is 16 bytes when doing IPv6, 8 bytes on 32 bit machines without IPv6 */ -- union { -- struct all_addr addr; -- struct { -- union { -- struct crec *cache; -- struct interface_name *int_name; -- } target; -- unsigned int uid; /* 0 if union is interface-name */ -- } cname; -- } addr; -+ union all_addr addr; - time_t ttd; /* time to die */ - /* used as class if DNSKEY/DS, index to source for F_HOSTS */ - unsigned int uid; -@@ -646,7 +647,7 @@ struct hostsfile { - - struct frec { - union mysockaddr source; -- struct all_addr dest; -+ union all_addr dest; - struct server *sentto; /* NULL means free */ - struct randfd *rfd4; - struct randfd *rfd6; -@@ -962,7 +963,7 @@ struct tftp_prefix { - }; - - struct dhcp_relay { -- struct all_addr local, server; -+ union all_addr local, server; - char *interface; /* Allowable interface for replies from server, and dest for IPv6 multicast */ - int iface_index; /* working - interface in which requests arrived, for return */ - struct dhcp_relay *current, *next; -@@ -1128,22 +1129,22 @@ extern struct daemon { - /* cache.c */ - void cache_init(void); - void next_uid(struct crec *crecp); --void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg); -+void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg); - char *record_source(unsigned int index); - char *querystr(char *desc, unsigned short type); - int cache_find_non_terminal(char *name, time_t now); - struct crec *cache_find_by_addr(struct crec *crecp, -- struct all_addr *addr, time_t now, -+ union all_addr *addr, time_t now, - unsigned int prot); - struct crec *cache_find_by_name(struct crec *crecp, - char *name, time_t now, unsigned int prot); - void cache_end_insert(void); - void cache_start_insert(void); - int cache_recv_insert(time_t now, int fd); --struct crec *cache_insert(char *name, struct all_addr *addr, unsigned short class, -+struct crec *cache_insert(char *name, union all_addr *addr, unsigned short class, - time_t now, unsigned long ttl, unsigned short flags); - void cache_reload(void); --void cache_add_dhcp_entry(char *host_name, int prot, struct all_addr *host_address, time_t ttd); -+void cache_add_dhcp_entry(char *host_name, int prot, union all_addr *host_address, time_t ttd); - struct in_addr a_record_from_hosts(char *name, time_t now); - void cache_unhash_dhcp(void); - void dump_cache(time_t now); -@@ -1170,8 +1171,8 @@ void blockdata_free(struct blockdata *bl - /* domain.c */ - char *get_domain(struct in_addr addr); - char *get_domain6(struct in6_addr *addr); --int is_name_synthetic(int flags, char *name, struct all_addr *addr); --int is_rev_synth(int flag, struct all_addr *addr, char *name); -+int is_name_synthetic(int flags, char *name, union all_addr *addr); -+int is_rev_synth(int flag, union all_addr *addr, char *name); - - /* rfc1035.c */ - int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, -@@ -1182,7 +1183,7 @@ unsigned char *skip_section(unsigned cha - unsigned int extract_request(struct dns_header *header, size_t qlen, - char *name, unsigned short *typep); - size_t setup_reply(struct dns_header *header, size_t qlen, -- struct all_addr *addrp, unsigned int flags, -+ union all_addr *addrp, unsigned int flags, - unsigned long ttl); - int extract_addresses(struct dns_header *header, size_t qlen, char *name, - time_t now, char **ipsets, int is_sign, int check_rebind, -@@ -1203,7 +1204,7 @@ int add_resource_record(struct dns_heade - unsigned char *skip_questions(struct dns_header *header, size_t plen); - int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, - char *name, int isExtract, int extrabytes); --int in_arpa_name_2_addr(char *namein, struct all_addr *addrp); -+int in_arpa_name_2_addr(char *namein, union all_addr *addrp); - int private_net(struct in_addr addr, int ban_localhost); - - /* auth.c */ -@@ -1302,7 +1303,7 @@ unsigned char *tcp_request(int confd, ti - void server_gone(struct server *server); - struct frec *get_new_frec(time_t now, int *wait, int force); - int send_from(int fd, int nowild, char *packet, size_t len, -- union mysockaddr *to, struct all_addr *source, -+ union mysockaddr *to, union all_addr *source, - unsigned int iface); - void resend_query(void); - struct randfd *allocate_rfd(int family); -@@ -1329,9 +1330,9 @@ void warn_bound_listeners(void); - void warn_wild_labels(void); - void warn_int_names(void); - int is_dad_listeners(void); --int iface_check(int family, struct all_addr *addr, char *name, int *auth); --int loopback_exception(int fd, int family, struct all_addr *addr, char *name); --int label_exception(int index, int family, struct all_addr *addr); -+int iface_check(int family, union all_addr *addr, char *name, int *auth); -+int loopback_exception(int fd, int family, union all_addr *addr, char *name); -+int label_exception(int index, int family, union all_addr *addr); - int fix_fd(int fd); - int tcp_interface(int fd, int af); - int set_ipv6pktinfo(int fd); -@@ -1461,7 +1462,7 @@ void ubus_event_bcast(const char *type, - /* ipset.c */ - #ifdef HAVE_IPSET - void ipset_init(void); --int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove); -+int add_to_ipset(const char *setname, const union all_addr *ipaddr, int flags, int remove); - #endif - - /* helper.c */ -@@ -1474,7 +1475,7 @@ void queue_script(int action, struct dhc - void queue_tftp(off_t file_len, char *filename, union mysockaddr *peer); - #endif - void queue_arp(int action, unsigned char *mac, int maclen, -- int family, struct all_addr *addr); -+ int family, union all_addr *addr); - int helper_buf_empty(void); - #endif - -@@ -1487,7 +1488,7 @@ int do_tftp_script_run(void); - - /* conntrack.c */ - #ifdef HAVE_CONNTRACK --int get_incoming_mark(union mysockaddr *peer_addr, struct all_addr *local_addr, -+int get_incoming_mark(union mysockaddr *peer_addr, union all_addr *local_addr, - int istcp, unsigned int *markp); - #endif - ---- a/src/dnssec.c -+++ b/src/dnssec.c -@@ -628,10 +628,10 @@ static int validate_rrset(time_t now, st - { - /* iterate through all possible keys 4035 5.3.1 */ - for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY)) -- if (crecp->addr.addr.addr.key.algo == algo && -- crecp->addr.addr.addr.key.keytag == key_tag && -+ if (crecp->addr.key.algo == algo && -+ crecp->addr.key.keytag == key_tag && - crecp->uid == (unsigned int)class && -- verify(crecp->addr.addr.addr.key.keydata, crecp->addr.addr.addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo)) -+ verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo)) - return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE; - } - } -@@ -655,7 +655,7 @@ int dnssec_validate_by_ds(time_t now, st - struct crec *crecp, *recp1; - int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag; - struct blockdata *key; -- struct all_addr a; -+ union all_addr a; - - if (ntohs(header->qdcount) != 1 || - !extract_name(header, plen, &p, name, 1, 4)) -@@ -728,10 +728,10 @@ int dnssec_validate_by_ds(time_t now, st - const struct nettle_hash *hash; - int sigcnt, rrcnt; - -- if (recp1->addr.addr.addr.ds.algo == algo && -- recp1->addr.addr.addr.ds.keytag == keytag && -+ if (recp1->addr.ds.algo == algo && -+ recp1->addr.ds.keytag == keytag && - recp1->uid == (unsigned int)class && -- (hash = hash_find(ds_digest_name(recp1->addr.addr.addr.ds.digest))) && -+ (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) && - hash_init(hash, &ctx, &digest)) - - { -@@ -746,9 +746,9 @@ int dnssec_validate_by_ds(time_t now, st - from_wire(name); - - if (!(recp1->flags & F_NEG) && -- recp1->addr.addr.addr.ds.keylen == (int)hash->digest_size && -- (ds_digest = blockdata_retrieve(recp1->addr.addr.addr.ds.keydata, recp1->addr.addr.addr.ds.keylen, NULL)) && -- memcmp(ds_digest, digest, recp1->addr.addr.addr.ds.keylen) == 0 && -+ recp1->addr.ds.keylen == (int)hash->digest_size && -+ (ds_digest = blockdata_retrieve(recp1->addr.ds.keydata, recp1->addr.ds.keylen, NULL)) && -+ memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 && - explore_rrset(header, plen, class, T_DNSKEY, name, keyname, &sigcnt, &rrcnt) && - sigcnt != 0 && rrcnt != 0 && - validate_rrset(now, header, plen, class, T_DNSKEY, sigcnt, rrcnt, name, keyname, -@@ -800,11 +800,11 @@ int dnssec_validate_by_ds(time_t now, st - - if ((key = blockdata_alloc((char*)p, rdlen - 4))) - { -- a.addr.key.keylen = rdlen - 4; -- a.addr.key.keydata = key; -- a.addr.key.algo = algo; -- a.addr.key.keytag = keytag; -- a.addr.key.flags = flags; -+ a.key.keylen = rdlen - 4; -+ a.key.keydata = key; -+ a.key.algo = algo; -+ a.key.keytag = keytag; -+ a.key.flags = flags; - - if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)) - { -@@ -813,8 +813,8 @@ int dnssec_validate_by_ds(time_t now, st - } - else - { -- a.addr.log.keytag = keytag; -- a.addr.log.algo = algo; -+ a.log.keytag = keytag; -+ a.log.algo = algo; - if (algo_digest_name(algo)) - log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu"); - else -@@ -857,7 +857,7 @@ int dnssec_validate_ds(time_t now, struc - int qtype, qclass, rc, i, neganswer, nons; - int aclass, atype, rdlen; - unsigned long ttl; -- struct all_addr a; -+ union all_addr a; - - if (ntohs(header->qdcount) != 1 || - !(p = skip_name(p, header, plen, 4))) -@@ -925,11 +925,11 @@ int dnssec_validate_ds(time_t now, struc - - if ((key = blockdata_alloc((char*)p, rdlen - 4))) - { -- a.addr.ds.digest = digest; -- a.addr.ds.keydata = key; -- a.addr.ds.algo = algo; -- a.addr.ds.keytag = keytag; -- a.addr.ds.keylen = rdlen - 4; -+ a.ds.digest = digest; -+ a.ds.keydata = key; -+ a.ds.algo = algo; -+ a.ds.keytag = keytag; -+ a.ds.keylen = rdlen - 4; - - if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)) - { -@@ -938,9 +938,9 @@ int dnssec_validate_ds(time_t now, struc - } - else - { -- a.addr.log.keytag = keytag; -- a.addr.log.algo = algo; -- a.addr.log.digest = digest; -+ a.log.keytag = keytag; -+ a.log.algo = algo; -+ a.log.digest = digest; - if (ds_digest_name(digest) && algo_digest_name(algo)) - log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu"); - else -@@ -1710,8 +1710,8 @@ static int zone_status(char *name, int c - do - { - if (crecp->uid == (unsigned int)class && -- ds_digest_name(crecp->addr.addr.addr.ds.digest) && -- algo_digest_name(crecp->addr.addr.addr.ds.algo)) -+ ds_digest_name(crecp->addr.ds.digest) && -+ algo_digest_name(crecp->addr.ds.algo)) - break; - } - while ((crecp = cache_find_by_name(crecp, keyname, now, F_DS))); ---- a/src/domain.c -+++ b/src/domain.c -@@ -21,7 +21,7 @@ static struct cond_domain *search_domain - static struct cond_domain *search_domain6(struct in6_addr *addr, struct cond_domain *c); - - --int is_name_synthetic(int flags, char *name, struct all_addr *addr) -+int is_name_synthetic(int flags, char *name, union all_addr *addr) - { - char *p; - struct cond_domain *c = NULL; -@@ -73,7 +73,7 @@ int is_name_synthetic(int flags, char *n - if (!c->is6 && - index <= ntohl(c->end.s_addr) - ntohl(c->start.s_addr)) - { -- addr->addr.addr4.s_addr = htonl(ntohl(c->start.s_addr) + index); -+ addr->addr4.s_addr = htonl(ntohl(c->start.s_addr) + index); - found = 1; - } - } -@@ -85,8 +85,8 @@ int is_name_synthetic(int flags, char *n - index <= addr6part(&c->end6) - addr6part(&c->start6)) - { - u64 start = addr6part(&c->start6); -- addr->addr.addr6 = c->start6; -- setaddr6part(&addr->addr.addr6, start + index); -+ addr->addr6 = c->start6; -+ setaddr6part(&addr->addr6, start + index); - found = 1; - } - } -@@ -139,16 +139,16 @@ int is_name_synthetic(int flags, char *n - if (prot == AF_INET) - { - if (!c->is6 && -- ntohl(addr->addr.addr4.s_addr) >= ntohl(c->start.s_addr) && -- ntohl(addr->addr.addr4.s_addr) <= ntohl(c->end.s_addr)) -+ ntohl(addr->addr4.s_addr) >= ntohl(c->start.s_addr) && -+ ntohl(addr->addr4.s_addr) <= ntohl(c->end.s_addr)) - found = 1; - } - else - { -- u64 addrpart = addr6part(&addr->addr.addr6); -+ u64 addrpart = addr6part(&addr->addr6); - - if (c->is6 && -- is_same_net6(&addr->addr.addr6, &c->start6, 64) && -+ is_same_net6(&addr->addr6, &c->start6, 64) && - addrpart >= addr6part(&c->start6) && - addrpart <= addr6part(&c->end6)) - found = 1; -@@ -173,18 +173,18 @@ int is_name_synthetic(int flags, char *n - } - - --int is_rev_synth(int flag, struct all_addr *addr, char *name) -+int is_rev_synth(int flag, union all_addr *addr, char *name) - { - struct cond_domain *c; - -- if (flag & F_IPV4 && (c = search_domain(addr->addr.addr4, daemon->synth_domains))) -+ if (flag & F_IPV4 && (c = search_domain(addr->addr4, daemon->synth_domains))) - { - char *p; - - *name = 0; - if (c->indexed) - { -- unsigned int index = ntohl(addr->addr.addr4.s_addr) - ntohl(c->start.s_addr); -+ unsigned int index = ntohl(addr->addr4.s_addr) - ntohl(c->start.s_addr); - snprintf(name, MAXDNAME, "%s%u", c->prefix ? c->prefix : "", index); - } - else -@@ -192,7 +192,7 @@ int is_rev_synth(int flag, struct all_ad - if (c->prefix) - strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN); - -- inet_ntop(AF_INET, &addr->addr.addr4, name + strlen(name), ADDRSTRLEN); -+ inet_ntop(AF_INET, &addr->addr4, name + strlen(name), ADDRSTRLEN); - for (p = name; *p; p++) - if (*p == '.') - *p = '-'; -@@ -204,14 +204,14 @@ int is_rev_synth(int flag, struct all_ad - return 1; - } - -- if ((flag & F_IPV6) && (c = search_domain6(&addr->addr.addr6, daemon->synth_domains))) -+ if ((flag & F_IPV6) && (c = search_domain6(&addr->addr6, daemon->synth_domains))) - { - char *p; - - *name = 0; - if (c->indexed) - { -- u64 index = addr6part(&addr->addr.addr6) - addr6part(&c->start6); -+ u64 index = addr6part(&addr->addr6) - addr6part(&c->start6); - snprintf(name, MAXDNAME, "%s%llu", c->prefix ? c->prefix : "", index); - } - else -@@ -219,14 +219,14 @@ int is_rev_synth(int flag, struct all_ad - if (c->prefix) - strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN); - -- inet_ntop(AF_INET6, &addr->addr.addr6, name + strlen(name), ADDRSTRLEN); -+ inet_ntop(AF_INET6, &addr->addr6, name + strlen(name), ADDRSTRLEN); - - /* IPv6 presentation address can start with ":", but valid domain names - cannot start with "-" so prepend a zero in that case. */ - if (!c->prefix && *name == ':') - { - *name = '0'; -- inet_ntop(AF_INET6, &addr->addr.addr6, name+1, ADDRSTRLEN); -+ inet_ntop(AF_INET6, &addr->addr6, name+1, ADDRSTRLEN); - } - - /* V4-mapped have periods.... */ ---- a/src/forward.c -+++ b/src/forward.c -@@ -26,7 +26,7 @@ static void free_frec(struct frec *f); - /* Send a UDP packet with its source address set as "source" - unless nowild is true, when we just send it with the kernel default */ - int send_from(int fd, int nowild, char *packet, size_t len, -- union mysockaddr *to, struct all_addr *source, -+ union mysockaddr *to, union all_addr *source, - unsigned int iface) - { - struct msghdr msg; -@@ -64,13 +64,13 @@ int send_from(int fd, int nowild, char * - #if defined(HAVE_LINUX_NETWORK) - struct in_pktinfo p; - p.ipi_ifindex = 0; -- p.ipi_spec_dst = source->addr.addr4; -+ p.ipi_spec_dst = source->addr4; - memcpy(CMSG_DATA(cmptr), &p, sizeof(p)); - msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); - cmptr->cmsg_level = IPPROTO_IP; - cmptr->cmsg_type = IP_PKTINFO; - #elif defined(IP_SENDSRCADDR) -- memcpy(CMSG_DATA(cmptr), &(source->addr.addr4), sizeof(source->addr.addr4)); -+ memcpy(CMSG_DATA(cmptr), &(source->addr4), sizeof(source->addr4)); - msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_addr)); - cmptr->cmsg_level = IPPROTO_IP; - cmptr->cmsg_type = IP_SENDSRCADDR; -@@ -80,7 +80,7 @@ int send_from(int fd, int nowild, char * - { - struct in6_pktinfo p; - p.ipi6_ifindex = iface; /* Need iface for IPv6 to handle link-local addrs */ -- p.ipi6_addr = source->addr.addr6; -+ p.ipi6_addr = source->addr6; - memcpy(CMSG_DATA(cmptr), &p, sizeof(p)); - msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); - cmptr->cmsg_type = daemon->v6pktinfo; -@@ -100,7 +100,7 @@ int send_from(int fd, int nowild, char * - return 1; - } - --static unsigned int search_servers(time_t now, struct all_addr **addrpp, unsigned int qtype, -+static unsigned int search_servers(time_t now, union all_addr **addrpp, unsigned int qtype, - char *qdomain, int *type, char **domain, int *norebind) - - { -@@ -112,7 +112,7 @@ static unsigned int search_servers(time_ - unsigned int matchlen = 0; - struct server *serv; - unsigned int flags = 0; -- static struct all_addr zero; -+ static union all_addr zero; - - for (serv = daemon->servers; serv; serv=serv->next) - if (qtype == F_DNSSECOK && !(serv->flags & SERV_DO_DNSSEC)) -@@ -137,9 +137,9 @@ static unsigned int search_servers(time_ - { - flags = sflag; - if (serv->addr.sa.sa_family == AF_INET) -- *addrpp = (struct all_addr *)&serv->addr.in.sin_addr; -+ *addrpp = (union all_addr *)&serv->addr.in.sin_addr; - else -- *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr; -+ *addrpp = (union all_addr *)&serv->addr.in6.sin6_addr; - } - else if (!flags || (flags & F_NXDOMAIN)) - flags = F_NOERR; -@@ -195,9 +195,9 @@ static unsigned int search_servers(time_ - { - flags = sflag; - if (serv->addr.sa.sa_family == AF_INET) -- *addrpp = (struct all_addr *)&serv->addr.in.sin_addr; -+ *addrpp = (union all_addr *)&serv->addr.in.sin_addr; - else -- *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr; -+ *addrpp = (union all_addr *)&serv->addr.in6.sin6_addr; - } - else if (!flags || (flags & F_NXDOMAIN)) - flags = F_NOERR; -@@ -239,13 +239,13 @@ static unsigned int search_servers(time_ - } - - static int forward_query(int udpfd, union mysockaddr *udpaddr, -- struct all_addr *dst_addr, unsigned int dst_iface, -+ union all_addr *dst_addr, unsigned int dst_iface, - struct dns_header *header, size_t plen, time_t now, - struct frec *forward, int ad_reqd, int do_bit) - { - char *domain = NULL; - int type = SERV_DO_DNSSEC, norebind = 0; -- struct all_addr *addrp = NULL; -+ union all_addr *addrp = NULL; - unsigned int flags = 0; - struct server *start = NULL; - #ifdef HAVE_DNSSEC -@@ -289,9 +289,9 @@ static int forward_query(int udpfd, unio - PUTSHORT(SAFE_PKTSZ, pheader); - - if (forward->sentto->addr.sa.sa_family == AF_INET) -- log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec"); -+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (union all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec"); - else -- log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec"); -+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (union all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec"); - - - if (forward->sentto->sfd) -@@ -523,10 +523,10 @@ static int forward_query(int udpfd, unio - strcpy(daemon->namebuff, "query"); - if (start->addr.sa.sa_family == AF_INET) - log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, -- (struct all_addr *)&start->addr.in.sin_addr, NULL); -+ (union all_addr *)&start->addr.in.sin_addr, NULL); - else - log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, -- (struct all_addr *)&start->addr.in6.sin6_addr, NULL); -+ (union all_addr *)&start->addr.in6.sin6_addr, NULL); - start->queries++; - forwarded = 1; - forward->sentto = start; -@@ -657,8 +657,8 @@ static size_t process_reply(struct dns_h - - if (rcode != NOERROR && rcode != NXDOMAIN) - { -- struct all_addr a; -- a.addr.log.rcode = rcode; -+ union all_addr a; -+ a.log.rcode = rcode; - log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL); - - return resize_packet(header, n, pheader, plen); -@@ -877,9 +877,9 @@ void reply_query(int fd, int family, tim - sa_len(&start->addr)))); - - if (start->addr.sa.sa_family == AF_INET) -- log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&start->addr.in.sin_addr, "dnssec"); -+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (union all_addr *)&start->addr.in.sin_addr, "dnssec"); - else -- log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&start->addr.in6.sin6_addr, "dnssec"); -+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (union all_addr *)&start->addr.in6.sin6_addr, "dnssec"); - - return; - } -@@ -1094,10 +1094,10 @@ void reply_query(int fd, int family, tim - daemon->keyname, forward->class, querytype, server->edns_pktsz); - - if (server->addr.sa.sa_family == AF_INET) -- log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, daemon->keyname, (struct all_addr *)&(server->addr.in.sin_addr), -+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, daemon->keyname, (union all_addr *)&(server->addr.in.sin_addr), - querystr("dnssec-query", querytype)); - else -- log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, daemon->keyname, (struct all_addr *)&(server->addr.in6.sin6_addr), -+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, daemon->keyname, (union all_addr *)&(server->addr.in6.sin6_addr), - querystr("dnssec-query", querytype)); - - if ((hash = hash_questions(header, nn, daemon->namebuff))) -@@ -1244,7 +1244,7 @@ void receive_query(struct listener *list - union mysockaddr source_addr; - unsigned char *pheader; - unsigned short type, udp_size = PACKETSZ; /* default if no EDNS0 */ -- struct all_addr dst_addr; -+ union all_addr dst_addr; - struct in_addr netmask, dst_addr_4; - size_t m; - ssize_t n; -@@ -1274,7 +1274,7 @@ void receive_query(struct listener *list - /* packet buffer overwritten */ - daemon->srv_save = NULL; - -- dst_addr_4.s_addr = dst_addr.addr.addr4.s_addr = 0; -+ dst_addr_4.s_addr = dst_addr.addr4.s_addr = 0; - netmask.s_addr = 0; - - if (option_bool(OPT_NOWILD) && listen->iface) -@@ -1283,7 +1283,7 @@ void receive_query(struct listener *list - - if (listen->family == AF_INET) - { -- dst_addr_4 = dst_addr.addr.addr4 = listen->iface->addr.in.sin_addr; -+ dst_addr_4 = dst_addr.addr4 = listen->iface->addr.in.sin_addr; - netmask = listen->iface->netmask; - } - } -@@ -1337,7 +1337,7 @@ void receive_query(struct listener *list - { - for (addr = daemon->interface_addrs; addr; addr = addr->next) - if ((addr->flags & ADDRLIST_IPV6) && -- is_same_net6(&addr->addr.addr.addr6, &source_addr.in6.sin6_addr, addr->prefixlen)) -+ is_same_net6(&addr->addr.addr6, &source_addr.in6.sin6_addr, addr->prefixlen)) - break; - } - else -@@ -1347,7 +1347,7 @@ void receive_query(struct listener *list - { - netmask.s_addr = htonl(~(in_addr_t)0 << (32 - addr->prefixlen)); - if (!(addr->flags & ADDRLIST_IPV6) && -- is_same_net(addr->addr.addr.addr4, source_addr.in.sin_addr, netmask)) -+ is_same_net(addr->addr.addr4, source_addr.in.sin_addr, netmask)) - break; - } - } -@@ -1380,7 +1380,7 @@ void receive_query(struct listener *list - struct in_pktinfo *p; - } p; - p.c = CMSG_DATA(cmptr); -- dst_addr_4 = dst_addr.addr.addr4 = p.p->ipi_spec_dst; -+ dst_addr_4 = dst_addr.addr4 = p.p->ipi_spec_dst; - if_index = p.p->ipi_ifindex; - } - #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF) -@@ -1398,7 +1398,7 @@ void receive_query(struct listener *list - } p; - p.c = CMSG_DATA(cmptr); - if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVDSTADDR) -- dst_addr_4 = dst_addr.addr.addr4 = *(p.a); -+ dst_addr_4 = dst_addr.addr4 = *(p.a); - else if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF) - #ifdef HAVE_SOLARIS_NETWORK - if_index = *(p.i); -@@ -1420,7 +1420,7 @@ void receive_query(struct listener *list - } p; - p.c = CMSG_DATA(cmptr); - -- dst_addr.addr.addr6 = p.p->ipi6_addr; -+ dst_addr.addr6 = p.p->ipi6_addr; - if_index = p.p->ipi6_ifindex; - } - } -@@ -1486,10 +1486,10 @@ void receive_query(struct listener *list - - if (listen->family == AF_INET) - log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, -- (struct all_addr *)&source_addr.in.sin_addr, types); -+ (union all_addr *)&source_addr.in.sin_addr, types); - else - log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, -- (struct all_addr *)&source_addr.in6.sin6_addr, types); -+ (union all_addr *)&source_addr.in6.sin6_addr, types); - - #ifdef HAVE_AUTH - /* find queries for zones we're authoritative for, and answer them directly */ -@@ -1696,10 +1696,10 @@ static int tcp_key_recurse(time_t now, i - - - if (server->addr.sa.sa_family == AF_INET) -- log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, keyname, (struct all_addr *)&(server->addr.in.sin_addr), -+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, keyname, (union all_addr *)&(server->addr.in.sin_addr), - querystr("dnssec-query", new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS)); - else -- log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, keyname, (struct all_addr *)&(server->addr.in6.sin6_addr), -+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, keyname, (union all_addr *)&(server->addr.in6.sin6_addr), - querystr("dnssec-query", new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS)); - - server->flags |= SERV_GOT_TCP; -@@ -1764,12 +1764,12 @@ unsigned char *tcp_request(int confd, ti - /* Get connection mark of incoming query to set on outgoing connections. */ - if (option_bool(OPT_CONNTRACK)) - { -- struct all_addr local; -+ union all_addr local; - - if (local_addr->sa.sa_family == AF_INET6) -- local.addr.addr6 = local_addr->in6.sin6_addr; -+ local.addr6 = local_addr->in6.sin6_addr; - else -- local.addr.addr4 = local_addr->in.sin_addr; -+ local.addr4 = local_addr->in.sin_addr; - - have_mark = get_incoming_mark(&peer_addr, &local, 1, &mark); - } -@@ -1784,7 +1784,7 @@ unsigned char *tcp_request(int confd, ti - { - for (addr = daemon->interface_addrs; addr; addr = addr->next) - if ((addr->flags & ADDRLIST_IPV6) && -- is_same_net6(&addr->addr.addr.addr6, &peer_addr.in6.sin6_addr, addr->prefixlen)) -+ is_same_net6(&addr->addr.addr6, &peer_addr.in6.sin6_addr, addr->prefixlen)) - break; - } - else -@@ -1794,7 +1794,7 @@ unsigned char *tcp_request(int confd, ti - { - netmask.s_addr = htonl(~(in_addr_t)0 << (32 - addr->prefixlen)); - if (!(addr->flags & ADDRLIST_IPV6) && -- is_same_net(addr->addr.addr.addr4, peer_addr.in.sin_addr, netmask)) -+ is_same_net(addr->addr.addr4, peer_addr.in.sin_addr, netmask)) - break; - } - } -@@ -1841,10 +1841,10 @@ unsigned char *tcp_request(int confd, ti - - if (peer_addr.sa.sa_family == AF_INET) - log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, -- (struct all_addr *)&peer_addr.in.sin_addr, types); -+ (union all_addr *)&peer_addr.in.sin_addr, types); - else - log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, -- (struct all_addr *)&peer_addr.in6.sin6_addr, types); -+ (union all_addr *)&peer_addr.in6.sin6_addr, types); - - #ifdef HAVE_AUTH - /* find queries for zones we're authoritative for, and answer them directly */ -@@ -1900,7 +1900,7 @@ unsigned char *tcp_request(int confd, ti - if (m == 0) - { - unsigned int flags = 0; -- struct all_addr *addrp = NULL; -+ union all_addr *addrp = NULL; - int type = SERV_DO_DNSSEC; - char *domain = NULL; - unsigned char *oph = find_pseudoheader(header, size, NULL, NULL, NULL, NULL); -@@ -2019,10 +2019,10 @@ unsigned char *tcp_request(int confd, ti - - if (last_server->addr.sa.sa_family == AF_INET) - log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, -- (struct all_addr *)&last_server->addr.in.sin_addr, NULL); -+ (union all_addr *)&last_server->addr.in.sin_addr, NULL); - else - log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, -- (struct all_addr *)&last_server->addr.in6.sin6_addr, NULL); -+ (union all_addr *)&last_server->addr.in6.sin6_addr, NULL); - - #ifdef HAVE_DNSSEC - if (option_bool(OPT_DNSSEC_VALID) && !checking_disabled && (last_server->flags & SERV_DO_DNSSEC)) ---- a/src/helper.c -+++ b/src/helper.c -@@ -831,7 +831,7 @@ void queue_tftp(off_t file_len, char *fi - } - #endif - --void queue_arp(int action, unsigned char *mac, int maclen, int family, struct all_addr *addr) -+void queue_arp(int action, unsigned char *mac, int maclen, int family, union all_addr *addr) - { - /* no script */ - if (daemon->helperfd == -1) -@@ -844,9 +844,9 @@ void queue_arp(int action, unsigned char - buf->hwaddr_len = maclen; - buf->hwaddr_type = ARPHRD_ETHER; - if ((buf->flags = family) == AF_INET) -- buf->addr = addr->addr.addr4; -+ buf->addr = addr->addr4; - else -- buf->addr6 = addr->addr.addr6; -+ buf->addr6 = addr->addr6; - - memcpy(buf->hwaddr, mac, maclen); - ---- a/src/ipset.c -+++ b/src/ipset.c -@@ -114,7 +114,7 @@ void ipset_init(void) - die (_("failed to create IPset control socket: %s"), NULL, EC_MISC); - } - --static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int af, int remove) -+static int new_add_to_ipset(const char *setname, const union all_addr *ipaddr, int af, int remove) - { - struct nlmsghdr *nlh; - struct my_nfgenmsg *nfg; -@@ -152,7 +152,7 @@ static int new_add_to_ipset(const char * - nested[1]->nla_type = NLA_F_NESTED | IPSET_ATTR_IP; - add_attr(nlh, - (af == AF_INET ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6) | NLA_F_NET_BYTEORDER, -- addrsz, &ipaddr->addr); -+ addrsz, ipaddr); - nested[1]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[1]; - nested[0]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[0]; - -@@ -163,7 +163,7 @@ static int new_add_to_ipset(const char * - } - - --static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove) -+static int old_add_to_ipset(const char *setname, const union all_addr *ipaddr, int remove) - { - socklen_t size; - struct ip_set_req_adt_get { -@@ -195,7 +195,7 @@ static int old_add_to_ipset(const char * - return -1; - req_adt.op = remove ? 0x102 : 0x101; - req_adt.index = req_adt_get.set.index; -- req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr); -+ req_adt.ip = ntohl(ipaddr->addr4.s_addr); - if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0) - return -1; - -@@ -204,7 +204,7 @@ static int old_add_to_ipset(const char * - - - --int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove) -+int add_to_ipset(const char *setname, const union all_addr *ipaddr, int flags, int remove) - { - int ret = 0, af = AF_INET; - ---- a/src/lease.c -+++ b/src/lease.c -@@ -24,7 +24,7 @@ static int dns_dirty, file_dirty, leases - static int read_leases(time_t now, FILE *leasestream) - { - unsigned long ei; -- struct all_addr addr; -+ union all_addr addr; - struct dhcp_lease *lease; - int clid_len, hw_len, hw_type; - int items; -@@ -62,9 +62,9 @@ static int read_leases(time_t now, FILE - daemon->namebuff, daemon->dhcp_buff, daemon->packet) != 3) - return 0; - -- if (inet_pton(AF_INET, daemon->namebuff, &addr.addr.addr4)) -+ if (inet_pton(AF_INET, daemon->namebuff, &addr.addr4)) - { -- if ((lease = lease4_allocate(addr.addr.addr4))) -+ if ((lease = lease4_allocate(addr.addr4))) - domain = get_domain(lease->addr); - - hw_len = parse_hex(daemon->dhcp_buff2, (unsigned char *)daemon->dhcp_buff2, DHCP_CHADDR_MAX, NULL, &hw_type); -@@ -73,7 +73,7 @@ static int read_leases(time_t now, FILE - hw_type = ARPHRD_ETHER; - } - #ifdef HAVE_DHCP6 -- else if (inet_pton(AF_INET6, daemon->namebuff, &addr.addr.addr6)) -+ else if (inet_pton(AF_INET6, daemon->namebuff, &addr.addr6)) - { - char *s = daemon->dhcp_buff2; - int lease_type = LEASE_NA; -@@ -84,7 +84,7 @@ static int read_leases(time_t now, FILE - s++; - } - -- if ((lease = lease6_allocate(&addr.addr.addr6, lease_type))) -+ if ((lease = lease6_allocate(&addr.addr6, lease_type))) - { - lease_set_iaid(lease, strtoul(s, NULL, 10)); - domain = get_domain6(&lease->addr6); -@@ -514,28 +514,28 @@ void lease_update_dns(int force) - if (slaac->backoff == 0) - { - if (lease->fqdn) -- cache_add_dhcp_entry(lease->fqdn, AF_INET6, (struct all_addr *)&slaac->addr, lease->expires); -+ cache_add_dhcp_entry(lease->fqdn, AF_INET6, (union all_addr *)&slaac->addr, lease->expires); - if (!option_bool(OPT_DHCP_FQDN) && lease->hostname) -- cache_add_dhcp_entry(lease->hostname, AF_INET6, (struct all_addr *)&slaac->addr, lease->expires); -+ cache_add_dhcp_entry(lease->hostname, AF_INET6, (union all_addr *)&slaac->addr, lease->expires); - } - } - - if (lease->fqdn) - cache_add_dhcp_entry(lease->fqdn, prot, -- prot == AF_INET ? (struct all_addr *)&lease->addr : (struct all_addr *)&lease->addr6, -+ prot == AF_INET ? (union all_addr *)&lease->addr : (union all_addr *)&lease->addr6, - lease->expires); - - if (!option_bool(OPT_DHCP_FQDN) && lease->hostname) - cache_add_dhcp_entry(lease->hostname, prot, -- prot == AF_INET ? (struct all_addr *)&lease->addr : (struct all_addr *)&lease->addr6, -+ prot == AF_INET ? (union all_addr *)&lease->addr : (union all_addr *)&lease->addr6, - lease->expires); - - #else - if (lease->fqdn) -- cache_add_dhcp_entry(lease->fqdn, prot, (struct all_addr *)&lease->addr, lease->expires); -+ cache_add_dhcp_entry(lease->fqdn, prot, (union all_addr *)&lease->addr, lease->expires); - - if (!option_bool(OPT_DHCP_FQDN) && lease->hostname) -- cache_add_dhcp_entry(lease->hostname, prot, (struct all_addr *)&lease->addr, lease->expires); -+ cache_add_dhcp_entry(lease->hostname, prot, (union all_addr *)&lease->addr, lease->expires); - #endif - } - ---- a/src/network.c -+++ b/src/network.c -@@ -109,7 +109,7 @@ int indextoname(int fd, int index, char - - #endif - --int iface_check(int family, struct all_addr *addr, char *name, int *auth) -+int iface_check(int family, union all_addr *addr, char *name, int *auth) - { - struct iname *tmp; - int ret = 1, match_addr = 0; -@@ -135,11 +135,11 @@ int iface_check(int family, struct all_a - if (tmp->addr.sa.sa_family == family) - { - if (family == AF_INET && -- tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) -+ tmp->addr.in.sin_addr.s_addr == addr->addr4.s_addr) - ret = match_addr = tmp->used = 1; - else if (family == AF_INET6 && - IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, -- &addr->addr.addr6)) -+ &addr->addr6)) - ret = match_addr = tmp->used = 1; - } - } -@@ -158,10 +158,10 @@ int iface_check(int family, struct all_a - break; - } - else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET && -- tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) -+ tmp->addr.in.sin_addr.s_addr == addr->addr4.s_addr) - break; - else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 && -- IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6)) -+ IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr6)) - break; - - if (tmp && auth) -@@ -179,7 +179,7 @@ int iface_check(int family, struct all_a - an interface other than the loopback. Accept packet if it arrived via a loopback - interface, even when we're not accepting packets that way, as long as the destination - address is one we're believing. Interface list must be up-to-date before calling. */ --int loopback_exception(int fd, int family, struct all_addr *addr, char *name) -+int loopback_exception(int fd, int family, union all_addr *addr, char *name) - { - struct ifreq ifr; - struct irec *iface; -@@ -193,10 +193,10 @@ int loopback_exception(int fd, int famil - { - if (family == AF_INET) - { -- if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) -+ if (iface->addr.in.sin_addr.s_addr == addr->addr4.s_addr) - return 1; - } -- else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6)) -+ else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr6)) - return 1; - } - } -@@ -207,7 +207,7 @@ int loopback_exception(int fd, int famil - on the relevant address, but the name of the arrival interface, derived from the - index won't match the config. Check that we found an interface address for the arrival - interface: daemon->interfaces must be up-to-date. */ --int label_exception(int index, int family, struct all_addr *addr) -+int label_exception(int index, int family, union all_addr *addr) - { - struct irec *iface; - -@@ -217,7 +217,7 @@ int label_exception(int index, int famil - - for (iface = daemon->interfaces; iface; iface = iface->next) - if (iface->index == index && iface->addr.sa.sa_family == AF_INET && -- iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) -+ iface->addr.in.sin_addr.s_addr == addr->addr4.s_addr) - return 1; - - return 0; -@@ -282,12 +282,12 @@ static int iface_allowed(struct iface_pa - - if (addr->sa.sa_family == AF_INET) - { -- al->addr.addr.addr4 = addr->in.sin_addr; -+ al->addr.addr4 = addr->in.sin_addr; - al->flags = 0; - } - else - { -- al->addr.addr.addr6 = addr->in6.sin6_addr; -+ al->addr.addr6 = addr->in6.sin6_addr; - al->flags = ADDRLIST_IPV6; - } - } -@@ -321,7 +321,7 @@ static int iface_allowed(struct iface_pa - al->next = zone->subnet; - zone->subnet = al; - al->prefixlen = prefixlen; -- al->addr.addr.addr4 = addr->in.sin_addr; -+ al->addr.addr4 = addr->in.sin_addr; - al->flags = 0; - } - } -@@ -341,7 +341,7 @@ static int iface_allowed(struct iface_pa - al->next = zone->subnet; - zone->subnet = al; - al->prefixlen = prefixlen; -- al->addr.addr.addr6 = addr->in6.sin6_addr; -+ al->addr.addr6 = addr->in6.sin6_addr; - al->flags = ADDRLIST_IPV6; - } - } -@@ -369,12 +369,12 @@ static int iface_allowed(struct iface_pa - - if (addr->sa.sa_family == AF_INET) - { -- al->addr.addr.addr4 = addr->in.sin_addr; -+ al->addr.addr4 = addr->in.sin_addr; - al->flags = 0; - } - else - { -- al->addr.addr.addr6 = addr->in6.sin6_addr; -+ al->addr.addr6 = addr->in6.sin6_addr; - al->flags = ADDRLIST_IPV6; - /* Privacy addresses and addresses still undergoing DAD and deprecated addresses - don't appear in forward queries, but will in reverse ones. */ -@@ -419,11 +419,11 @@ static int iface_allowed(struct iface_pa - } - - if (addr->sa.sa_family == AF_INET && -- !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns)) -+ !iface_check(AF_INET, (union all_addr *)&addr->in.sin_addr, label, &auth_dns)) - return 1; - - if (addr->sa.sa_family == AF_INET6 && -- !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns)) -+ !iface_check(AF_INET6, (union all_addr *)&addr->in6.sin6_addr, label, &auth_dns)) - return 1; - - #ifdef HAVE_DHCP ---- a/src/option.c -+++ b/src/option.c -@@ -2064,7 +2064,7 @@ static int one_opt(int option, char *arg - int is_exclude = 0; - char *prefix; - struct addrlist *subnet = NULL; -- struct all_addr addr; -+ union all_addr addr; - - comma = split(arg); - prefix = split_chr(arg, '/'); -@@ -2078,13 +2078,13 @@ static int one_opt(int option, char *arg - arg = arg+8; - } - -- if (inet_pton(AF_INET, arg, &addr.addr.addr4)) -+ if (inet_pton(AF_INET, arg, &addr.addr4)) - { - subnet = opt_malloc(sizeof(struct addrlist)); - subnet->prefixlen = (prefixlen == 0) ? 24 : prefixlen; - subnet->flags = ADDRLIST_LITERAL; - } -- else if (inet_pton(AF_INET6, arg, &addr.addr.addr6)) -+ else if (inet_pton(AF_INET6, arg, &addr.addr6)) - { - subnet = opt_malloc(sizeof(struct addrlist)); - subnet->prefixlen = (prefixlen == 0) ? 64 : prefixlen; -@@ -4268,7 +4268,7 @@ err: - - while (arg) - { -- struct all_addr addr; -+ union all_addr addr; - char *dig; - - for (dig = arg; *dig != 0; dig++) -@@ -4276,10 +4276,10 @@ err: - break; - if (*dig == 0) - new->ttl = atoi(arg); -- else if (inet_pton(AF_INET, arg, &addr)) -- new->addr = addr.addr.addr4; -- else if (inet_pton(AF_INET6, arg, &addr)) -- new->addr6 = addr.addr.addr6; -+ else if (inet_pton(AF_INET, arg, &addr.addr4)) -+ new->addr = addr.addr4; -+ else if (inet_pton(AF_INET6, arg, &addr.addr6)) -+ new->addr6 = addr.addr6; - else - { - int nomem; ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -143,7 +143,7 @@ int extract_name(struct dns_header *head - - /* Max size of input string (for IPv6) is 75 chars.) */ - #define MAXARPANAME 75 --int in_arpa_name_2_addr(char *namein, struct all_addr *addrp) -+int in_arpa_name_2_addr(char *namein, union all_addr *addrp) - { - int j; - char name[MAXARPANAME+1], *cp1; -@@ -153,7 +153,7 @@ int in_arpa_name_2_addr(char *namein, st - if (strlen(namein) > MAXARPANAME) - return 0; - -- memset(addrp, 0, sizeof(struct all_addr)); -+ memset(addrp, 0, sizeof(union all_addr)); - - /* turn name into a series of asciiz strings */ - /* j counts no. of labels */ -@@ -234,7 +234,7 @@ int in_arpa_name_2_addr(char *namein, st - if (*(cp1+1) || !isxdigit((unsigned char)*cp1)) - return 0; - -- for (j = sizeof(struct all_addr)-1; j>0; j--) -+ for (j = sizeof(struct in6_addr)-1; j>0; j--) - addr[j] = (addr[j] >> 4) | (addr[j-1] << 4); - addr[0] = (addr[0] >> 4) | (strtol(cp1, NULL, 16) << 4); - } -@@ -585,7 +585,7 @@ int extract_addresses(struct dns_header - unsigned char *p, *p1, *endrr, *namep; - int i, j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0; - unsigned long ttl = 0; -- struct all_addr addr; -+ union all_addr addr; - #ifdef HAVE_IPSET - char **ipsets_cur; - #else -@@ -808,14 +808,14 @@ int extract_addresses(struct dns_header - if (check_rebind) - { - if ((flags & F_IPV4) && -- private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND))) -+ private_net(addr.addr4, !option_bool(OPT_LOCAL_REBIND))) - return 1; - - if ((flags & F_IPV6) && -- IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6)) -+ IN6_IS_ADDR_V4MAPPED(&addr.addr6)) - { - struct in_addr v4; -- v4.s_addr = ((const uint32_t *) (&addr.addr.addr6))[3]; -+ v4.s_addr = ((const uint32_t *) (&addr.addr6))[3]; - if (private_net(v4, !option_bool(OPT_LOCAL_REBIND))) - return 1; - } -@@ -928,7 +928,7 @@ unsigned int extract_request(struct dns_ - } - - size_t setup_reply(struct dns_header *header, size_t qlen, -- struct all_addr *addrp, unsigned int flags, unsigned long ttl) -+ union all_addr *addrp, unsigned int flags, unsigned long ttl) - { - unsigned char *p; - -@@ -949,8 +949,8 @@ size_t setup_reply(struct dns_header *he - SET_RCODE(header, NXDOMAIN); - else if (flags == F_SERVFAIL) - { -- struct all_addr a; -- a.addr.log.rcode = SERVFAIL; -+ union all_addr a; -+ a.log.rcode = SERVFAIL; - log_query(F_CONFIG | F_RCODE, "error", &a, NULL); - SET_RCODE(header, SERVFAIL); - } -@@ -974,8 +974,8 @@ size_t setup_reply(struct dns_header *he - } - else /* nowhere to forward to */ - { -- struct all_addr a; -- a.addr.log.rcode = REFUSED; -+ union all_addr a; -+ a.log.rcode = REFUSED; - log_query(F_CONFIG | F_RCODE, "error", &a, NULL); - SET_RCODE(header, REFUSED); - } -@@ -1277,7 +1277,7 @@ size_t answer_request(struct dns_header - char *name = daemon->namebuff; - unsigned char *p, *ansp; - unsigned int qtype, qclass; -- struct all_addr addr; -+ union all_addr addr; - int nameoffset; - unsigned short flag; - int q, ans, anscount = 0, addncount = 0; -@@ -1374,7 +1374,7 @@ size_t answer_request(struct dns_header - notimp = 1, auth = 0; - if (!dryrun) - { -- addr.addr.log.rcode = NOTIMP; -+ addr.log.rcode = NOTIMP; - log_query(F_CONFIG | F_RCODE, name, &addr, NULL); - } - ans = 1, sec_data = 0; -@@ -1418,7 +1418,7 @@ size_t answer_request(struct dns_header - struct addrlist *addrlist; - - for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) -- if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr.addr4.s_addr == addrlist->addr.addr.addr4.s_addr) -+ if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr4.s_addr == addrlist->addr.addr4.s_addr) - break; - - if (addrlist) -@@ -1433,7 +1433,7 @@ size_t answer_request(struct dns_header - struct addrlist *addrlist; - - for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) -- if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr.addr6, &addrlist->addr.addr.addr6)) -+ if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr6, &addrlist->addr.addr6)) - break; - - if (addrlist) -@@ -1533,8 +1533,8 @@ size_t answer_request(struct dns_header - } - } - else if (option_bool(OPT_BOGUSPRIV) && ( -- (is_arpa == F_IPV6 && private_net6(&addr.addr.addr6)) || -- (is_arpa == F_IPV4 && private_net(addr.addr.addr4, 1)))) -+ (is_arpa == F_IPV6 && private_net6(&addr.addr6)) || -+ (is_arpa == F_IPV4 && private_net(addr.addr4, 1)))) - { - struct server *serv; - unsigned int namelen = strlen(name); -@@ -1600,7 +1600,7 @@ size_t answer_request(struct dns_header - if (hostname_isequal(name, intr->name)) - for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) - if (!(addrlist->flags & ADDRLIST_IPV6) && -- is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) -+ is_same_net(addrlist->addr.addr4, local_addr, local_netmask)) - { - localise = 1; - break; -@@ -1613,7 +1613,7 @@ size_t answer_request(struct dns_header - if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type) - { - if (localise && -- !is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) -+ !is_same_net(addrlist->addr.addr4, local_addr, local_netmask)) - continue; - - if (addrlist->flags & ADDRLIST_REVONLY) -@@ -1651,7 +1651,7 @@ size_t answer_request(struct dns_header - struct crec *save = crecp; - do { - if ((crecp->flags & F_HOSTS) && -- is_same_net(*((struct in_addr *)&crecp->addr), local_addr, local_netmask)) -+ is_same_net(crecp->addr.addr4, local_addr, local_netmask)) - { - localise = 1; - break; -@@ -1710,7 +1710,7 @@ size_t answer_request(struct dns_header - filter here. */ - if (localise && - (crecp->flags & F_HOSTS) && -- !is_same_net(*((struct in_addr *)&crecp->addr), local_addr, local_netmask)) -+ !is_same_net(crecp->addr.addr4, local_addr, local_netmask)) - continue; - - if (!(crecp->flags & (F_HOSTS | F_DHCP))) -@@ -1719,7 +1719,7 @@ size_t answer_request(struct dns_header - ans = 1; - if (!dryrun) - { -- log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr.addr, -+ log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr, - record_source(crecp->uid)); - - if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, ---- a/src/rfc3315.c -+++ b/src/rfc3315.c -@@ -2120,7 +2120,7 @@ void relay_upstream6(struct dhcp_relay * - { - /* ->local is same value for all relays on ->current chain */ - -- struct all_addr from; -+ union all_addr from; - unsigned char *header; - unsigned char *inbuff = daemon->dhcp_packet.iov_base; - int msg_type = *inbuff; -@@ -2133,7 +2133,7 @@ void relay_upstream6(struct dhcp_relay * - get_client_mac(peer_address, scope_id, mac, &maclen, &mactype, now); - - /* source address == relay address */ -- from.addr.addr6 = relay->local.addr.addr6; -+ from.addr6 = relay->local.addr6; - - /* Get hop count from nested relayed message */ - if (msg_type == DHCP6RELAYFORW) -@@ -2153,7 +2153,7 @@ void relay_upstream6(struct dhcp_relay * - - header[0] = DHCP6RELAYFORW; - header[1] = hopcount; -- memcpy(&header[2], &relay->local.addr.addr6, IN6ADDRSZ); -+ memcpy(&header[2], &relay->local.addr6, IN6ADDRSZ); - memcpy(&header[18], peer_address, IN6ADDRSZ); - - /* RFC-6939 */ -@@ -2174,12 +2174,12 @@ void relay_upstream6(struct dhcp_relay * - union mysockaddr to; - - to.sa.sa_family = AF_INET6; -- to.in6.sin6_addr = relay->server.addr.addr6; -+ to.in6.sin6_addr = relay->server.addr6; - to.in6.sin6_port = htons(DHCPV6_SERVER_PORT); - to.in6.sin6_flowinfo = 0; - to.in6.sin6_scope_id = 0; - -- if (IN6_ARE_ADDR_EQUAL(&relay->server.addr.addr6, &multicast)) -+ if (IN6_ARE_ADDR_EQUAL(&relay->server.addr6, &multicast)) - { - int multicast_iface; - if (!relay->interface || strchr(relay->interface, '*') || -@@ -2218,7 +2218,7 @@ unsigned short relay_reply6(struct socka - memcpy(&link, &inbuff[2], IN6ADDRSZ); - - for (relay = daemon->relay6; relay; relay = relay->next) -- if (IN6_ARE_ADDR_EQUAL(&link, &relay->local.addr.addr6) && -+ if (IN6_ARE_ADDR_EQUAL(&link, &relay->local.addr6) && - (!relay->interface || wildcard_match(relay->interface, arrival_interface))) - break; - ---- a/src/tables.c -+++ b/src/tables.c -@@ -62,7 +62,7 @@ void ipset_init(void) - } - } - --int add_to_ipset(const char *setname, const struct all_addr *ipaddr, -+int add_to_ipset(const char *setname, const union all_addr *ipaddr, - int flags, int remove) - { - struct pfr_addr addr; -@@ -113,13 +113,13 @@ int add_to_ipset(const char *setname, co - { - addr.pfra_af = AF_INET6; - addr.pfra_net = 0x80; -- memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); -+ memcpy(&(addr.pfra_ip6addr), ipaddr, sizeof(struct in6_addr)); - } - else - { - addr.pfra_af = AF_INET; - addr.pfra_net = 0x20; -- addr.pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr; -+ addr.pfra_ip4addr.s_addr = ipaddr->addr4.s_addr; - } - - bzero(&io, sizeof(io)); ---- a/src/tftp.c -+++ b/src/tftp.c -@@ -59,7 +59,7 @@ void tftp_request(struct listener *liste - char *name = NULL; - char *prefix = daemon->tftp_prefix; - struct tftp_prefix *pref; -- struct all_addr addra; -+ union all_addr addra; - /* Can always get recvd interface for IPv6 */ - int check_dest = !option_bool(OPT_NOWILD) || listen->family == AF_INET6; - union { -@@ -189,10 +189,10 @@ void tftp_request(struct listener *liste - - name = namebuff; - -- addra.addr.addr4 = addr.in.sin_addr; -+ addra.addr4 = addr.in.sin_addr; - - if (listen->family == AF_INET6) -- addra.addr.addr6 = addr.in6.sin6_addr; -+ addra.addr6 = addr.in6.sin6_addr; - - if (daemon->tftp_interfaces) - { -@@ -212,7 +212,7 @@ void tftp_request(struct listener *liste - if (!option_bool(OPT_CLEVERBIND)) - enumerate_interfaces(0); - if (!loopback_exception(listen->tftpfd, listen->family, &addra, name) && -- !label_exception(if_index, listen->family, &addra) ) -+ !label_exception(if_index, listen->family, &addra)) - return; - } - diff --git a/package/network/services/dnsmasq/patches/0022-File-logic-bug-in-cache-marshalling-code.-Introduced.patch b/package/network/services/dnsmasq/patches/0022-File-logic-bug-in-cache-marshalling-code.-Introduced.patch deleted file mode 100644 index 32a02cd56a..0000000000 --- a/package/network/services/dnsmasq/patches/0022-File-logic-bug-in-cache-marshalling-code.-Introduced.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 2c594732eb7391e7cfa817598e33e61cab71131f Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Thu, 3 Jan 2019 13:42:03 +0000 -Subject: [PATCH 22/32] File logic bug in cache-marshalling code. Introduced a - couple of commits back. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/cache.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - ---- a/src/cache.c -+++ b/src/cache.c -@@ -742,8 +742,7 @@ int cache_recv_insert(time_t now, int fd - else if (flags & F_DS) - { - if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || -- (flags & F_NEG) || -- !(addr.key.keydata = blockdata_read(fd, addr.key.keylen))) -+ (!(flags & F_NEG) && !(addr.key.keydata = blockdata_read(fd, addr.key.keylen)))) - return 0; - } - #endif diff --git a/package/network/services/dnsmasq/patches/0023-Fix-typo-in-ra-param-man-page-section.patch b/package/network/services/dnsmasq/patches/0023-Fix-typo-in-ra-param-man-page-section.patch deleted file mode 100644 index 48343afeaf..0000000000 --- a/package/network/services/dnsmasq/patches/0023-Fix-typo-in-ra-param-man-page-section.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 2daca52b80afdc92e7c976629a2bf8182335a626 Mon Sep 17 00:00:00 2001 -From: Christian Weiske <cweiske@cweiske.de> -Date: Thu, 3 Jan 2019 20:10:14 +0000 -Subject: [PATCH 23/32] Fix typo in ra-param man page section. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - man/dnsmasq.8 | 2 +- - man/fr/dnsmasq.8 | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - ---- a/man/dnsmasq.8 -+++ b/man/dnsmasq.8 -@@ -1829,7 +1829,7 @@ The interval between router advertisemen - .B --ra-param=eth0,60. - The lifetime of the route may be changed or set to zero, which allows - a router to advertise prefixes but not a route via itself. --.B --ra-parm=eth0,0,0 -+.B --ra-param=eth0,0,0 - (A value of zero for the interval means the default value.) All four parameters may be set at once. - .B --ra-param=eth0,mtu:1280,low,60,1200 - ---- a/man/fr/dnsmasq.8 -+++ b/man/fr/dnsmasq.8 -@@ -1774,7 +1774,7 @@ Un intervalle (en secondes) entre les an - .B --ra-param=eth0,60. - La durée de vie de la route peut être changée ou mise à zéro, auquel cas - le routeur peut annoncer les préfixes mais pas de route : --.B --ra-parm=eth0,0,0 -+.B --ra-param=eth0,0,0 - (une valeur de zéro pour l'intervalle signifie qu'il garde la valeur par défaut). - Ces quatre paramètres peuvent être configurés en une fois : - .B --ra-param=eth0,mtu:1280,low,60,1200 diff --git a/package/network/services/dnsmasq/patches/0024-Cache-SRV-records.patch b/package/network/services/dnsmasq/patches/0024-Cache-SRV-records.patch deleted file mode 100644 index d38d30e9d5..0000000000 --- a/package/network/services/dnsmasq/patches/0024-Cache-SRV-records.patch +++ /dev/null @@ -1,523 +0,0 @@ -From 5b99eae59d59a8e34a7e512059b98bbd803312f2 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Sun, 6 Jan 2019 23:09:50 +0000 -Subject: [PATCH 24/32] Cache SRV records. - -Inpsired by a patch from Jeremy Allison, but completely re-rolled -by srk. All bugs are mine. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/auth.c | 2 +- - src/blockdata.c | 12 ++--- - src/cache.c | 64 ++++++++++++++-------- - src/dnsmasq.c | 2 - - src/dnsmasq.h | 11 ++-- - src/rfc1035.c | 141 ++++++++++++++++++++++++++++++++++++++---------- - 6 files changed, 166 insertions(+), 66 deletions(-) - ---- a/src/auth.c -+++ b/src/auth.c -@@ -129,7 +129,7 @@ size_t answer_auth(struct dns_header *he - - for (q = ntohs(header->qdcount); q != 0; q--) - { -- unsigned short flag = 0; -+ unsigned int flag = 0; - int found = 0; - int cname_wildcard = 0; - ---- a/src/blockdata.c -+++ b/src/blockdata.c -@@ -16,8 +16,6 @@ - - #include "dnsmasq.h" - --#ifdef HAVE_DNSSEC -- - static struct blockdata *keyblock_free; - static unsigned int blockdata_count, blockdata_hwm, blockdata_alloced; - -@@ -54,11 +52,10 @@ void blockdata_init(void) - - void blockdata_report(void) - { -- if (option_bool(OPT_DNSSEC_VALID)) -- my_syslog(LOG_INFO, _("DNSSEC memory in use %u, max %u, allocated %u"), -- blockdata_count * sizeof(struct blockdata), -- blockdata_hwm * sizeof(struct blockdata), -- blockdata_alloced * sizeof(struct blockdata)); -+ my_syslog(LOG_INFO, _("pool memory in use %u, max %u, allocated %u"), -+ blockdata_count * sizeof(struct blockdata), -+ blockdata_hwm * sizeof(struct blockdata), -+ blockdata_alloced * sizeof(struct blockdata)); - } - - static struct blockdata *blockdata_alloc_real(int fd, char *data, size_t len) -@@ -178,4 +175,3 @@ struct blockdata *blockdata_read(int fd, - return blockdata_alloc_real(fd, NULL, len); - } - --#endif ---- a/src/cache.c -+++ b/src/cache.c -@@ -27,7 +27,7 @@ static int bignames_left, hash_size; - - static void make_non_terminals(struct crec *source); - static struct crec *really_insert(char *name, union all_addr *addr, unsigned short class, -- time_t now, unsigned long ttl, unsigned short flags); -+ time_t now, unsigned long ttl, unsigned int flags); - - /* type->string mapping: this is also used by the name-hash function as a mixing table. */ - static const struct { -@@ -198,15 +198,17 @@ static void cache_hash(struct crec *crec - *up = crecp; - } - --#ifdef HAVE_DNSSEC - static void cache_blockdata_free(struct crec *crecp) - { -- if (crecp->flags & F_DNSKEY) -+ if (crecp->flags & F_SRV) -+ blockdata_free(crecp->addr.srv.target); -+#ifdef HAVE_DNSSEC -+ else if (crecp->flags & F_DNSKEY) - blockdata_free(crecp->addr.key.keydata); - else if ((crecp->flags & F_DS) && !(crecp->flags & F_NEG)) - blockdata_free(crecp->addr.ds.keydata); --} - #endif -+} - - static void cache_free(struct crec *crecp) - { -@@ -230,9 +232,7 @@ static void cache_free(struct crec *crec - crecp->flags &= ~F_BIGNAME; - } - --#ifdef HAVE_DNSSEC - cache_blockdata_free(crecp); --#endif - } - - /* insert a new cache entry at the head of the list (youngest entry) */ -@@ -331,7 +331,7 @@ static int is_expired(time_t now, struct - } - - static struct crec *cache_scan_free(char *name, union all_addr *addr, unsigned short class, time_t now, -- unsigned short flags, struct crec **target_crec, unsigned int *target_uid) -+ unsigned int flags, struct crec **target_crec, unsigned int *target_uid) - { - /* Scan and remove old entries. - If (flags & F_FORWARD) then remove any forward entries for name and any expired -@@ -360,7 +360,7 @@ static struct crec *cache_scan_free(char - if ((crecp->flags & F_FORWARD) && hostname_isequal(cache_get_name(crecp), name)) - { - /* Don't delete DNSSEC in favour of a CNAME, they can co-exist */ -- if ((flags & crecp->flags & (F_IPV4 | F_IPV6)) || -+ if ((flags & crecp->flags & (F_IPV4 | F_IPV6 | F_SRV)) || - (((crecp->flags | flags) & F_CNAME) && !(crecp->flags & (F_DNSKEY | F_DS)))) - { - if (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) -@@ -467,10 +467,10 @@ void cache_start_insert(void) - } - - struct crec *cache_insert(char *name, union all_addr *addr, unsigned short class, -- time_t now, unsigned long ttl, unsigned short flags) -+ time_t now, unsigned long ttl, unsigned int flags) - { - /* Don't log DNSSEC records here, done elsewhere */ -- if (flags & (F_IPV4 | F_IPV6 | F_CNAME)) -+ if (flags & (F_IPV4 | F_IPV6 | F_CNAME | F_SRV)) - { - log_query(flags | F_UPSTREAM, name, addr, NULL); - /* Don't mess with TTL for DNSSEC records. */ -@@ -485,7 +485,7 @@ struct crec *cache_insert(char *name, un - - - static struct crec *really_insert(char *name, union all_addr *addr, unsigned short class, -- time_t now, unsigned long ttl, unsigned short flags) -+ time_t now, unsigned long ttl, unsigned int flags) - { - struct crec *new, *target_crec = NULL; - union bigname *big_name = NULL; -@@ -649,7 +649,7 @@ void cache_end_insert(void) - { - char *name = cache_get_name(new_chain); - ssize_t m = strlen(name); -- unsigned short flags = new_chain->flags; -+ unsigned int flags = new_chain->flags; - #ifdef HAVE_DNSSEC - u16 class = new_chain->uid; - #endif -@@ -659,8 +659,10 @@ void cache_end_insert(void) - read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->ttd, sizeof(new_chain->ttd), 0); - read_write(daemon->pipe_to_parent, (unsigned char *)&flags, sizeof(flags), 0); - -- if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS)) -+ if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV)) - read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); -+ if (flags & F_SRV) -+ blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); - #ifdef HAVE_DNSSEC - if (flags & F_DNSKEY) - { -@@ -699,7 +701,7 @@ int cache_recv_insert(time_t now, int fd - union all_addr addr; - unsigned long ttl; - time_t ttd; -- unsigned short flags; -+ unsigned int flags; - struct crec *crecp = NULL; - - cache_start_insert(); -@@ -725,13 +727,16 @@ int cache_recv_insert(time_t now, int fd - - ttl = difftime(ttd, now); - -- if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS)) -+ if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV)) - { - unsigned short class = C_IN; - - if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) - return 0; -- -+ -+ if (flags & F_SRV && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) -+ return 0; -+ - #ifdef HAVE_DNSSEC - if (flags & F_DNSKEY) - { -@@ -802,7 +807,7 @@ struct crec *cache_find_by_name(struct c - /* first search, look for relevant entries and push to top of list - also free anything which has expired */ - struct crec *next, **up, **insert = NULL, **chainp = &ans; -- unsigned short ins_flags = 0; -+ unsigned int ins_flags = 0; - - for (up = hash_bucket(name), crecp = *up; crecp; crecp = next) - { -@@ -1086,7 +1091,7 @@ int read_hostsfile(char *filename, unsig - FILE *f = fopen(filename, "r"); - char *token = daemon->namebuff, *domain_suffix = NULL; - int addr_count = 0, name_count = cache_size, lineno = 0; -- unsigned short flags = 0; -+ unsigned int flags = 0; - union all_addr addr; - int atnl, addrlen = 0; - -@@ -1201,9 +1206,8 @@ void cache_reload(void) - for (i=0; i<hash_size; i++) - for (cache = hash_table[i], up = &hash_table[i]; cache; cache = tmp) - { --#ifdef HAVE_DNSSEC - cache_blockdata_free(cache); --#endif -+ - tmp = cache->hash_next; - if (cache->flags & (F_HOSTS | F_CONFIG)) - { -@@ -1381,7 +1385,7 @@ void cache_add_dhcp_entry(char *host_nam - union all_addr *host_address, time_t ttd) - { - struct crec *crec = NULL, *fail_crec = NULL; -- unsigned short flags = F_IPV4; -+ unsigned int flags = F_IPV4; - int in_hosts = 0; - size_t addrlen = sizeof(struct in_addr); - -@@ -1682,9 +1686,8 @@ void dump_cache(time_t now) - #ifdef HAVE_AUTH - my_syslog(LOG_INFO, _("queries for authoritative zones %u"), daemon->metrics[METRIC_DNS_AUTH_ANSWERED]); - #endif --#ifdef HAVE_DNSSEC -+ - blockdata_report(); --#endif - - /* sum counts from different records for same server */ - for (serv = daemon->servers; serv; serv = serv->next) -@@ -1726,6 +1729,17 @@ void dump_cache(time_t now) - p += sprintf(p, "%-30.30s ", sanitise(n)); - if ((cache->flags & F_CNAME) && !is_outdated_cname_pointer(cache)) - a = sanitise(cache_get_cname_target(cache)); -+ else if ((cache->flags & F_SRV) && !(cache->flags & F_NEG)) -+ { -+ int targetlen = cache->addr.srv.targetlen; -+ ssize_t len = sprintf(a, "%u %u %u ", cache->addr.srv.priority, -+ cache->addr.srv.weight, cache->addr.srv.srvport); -+ -+ if (targetlen > (40 - len)) -+ targetlen = 40 - len; -+ blockdata_retrieve(cache->addr.srv.target, targetlen, a + len); -+ a[len + targetlen] = 0; -+ } - #ifdef HAVE_DNSSEC - else if (cache->flags & F_DS) - { -@@ -1752,6 +1766,8 @@ void dump_cache(time_t now) - t = "6"; - else if (cache->flags & F_CNAME) - t = "C"; -+ else if (cache->flags & F_SRV) -+ t = "V"; - #ifdef HAVE_DNSSEC - else if (cache->flags & F_DS) - t = "S"; -@@ -1913,6 +1929,8 @@ void log_query(unsigned int flags, char - } - else if (flags & F_CNAME) - dest = "<CNAME>"; -+ else if (flags & F_SRV) -+ dest = "<SRV>"; - else if (flags & F_RRNAME) - dest = arg; - ---- a/src/dnsmasq.c -+++ b/src/dnsmasq.c -@@ -366,9 +366,7 @@ int main (int argc, char **argv) - { - cache_init(); - --#ifdef HAVE_DNSSEC - blockdata_init(); --#endif - } - - #ifdef HAVE_INOTIFY ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -299,6 +299,10 @@ union all_addr { - unsigned char algo; - unsigned char digest; - } ds; -+ struct { -+ struct blockdata *target; -+ unsigned short targetlen, srvport, priority, weight; -+ } srv; - /* for log_query */ - struct { - unsigned short keytag, algo, digest, rcode; -@@ -426,7 +430,7 @@ struct crec { - time_t ttd; /* time to die */ - /* used as class if DNSKEY/DS, index to source for F_HOSTS */ - unsigned int uid; -- unsigned short flags; -+ unsigned int flags; - union { - char sname[SMALLDNAME]; - union bigname *bname; -@@ -470,6 +474,7 @@ struct crec { - #define F_NOEXTRA (1u<<27) - #define F_SERVFAIL (1u<<28) - #define F_RCODE (1u<<29) -+#define F_SRV (1u<<30) - - #define UID_NONE 0 - /* Values of uid in crecs with F_CONFIG bit set. */ -@@ -1142,7 +1147,7 @@ void cache_end_insert(void); - void cache_start_insert(void); - int cache_recv_insert(time_t now, int fd); - struct crec *cache_insert(char *name, union all_addr *addr, unsigned short class, -- time_t now, unsigned long ttl, unsigned short flags); -+ time_t now, unsigned long ttl, unsigned int flags); - void cache_reload(void); - void cache_add_dhcp_entry(char *host_name, int prot, union all_addr *host_address, time_t ttd); - struct in_addr a_record_from_hosts(char *name, time_t now); -@@ -1158,7 +1163,6 @@ int read_hostsfile(char *filename, unsig - struct crec **rhash, int hashsz); - - /* blockdata.c */ --#ifdef HAVE_DNSSEC - void blockdata_init(void); - void blockdata_report(void); - struct blockdata *blockdata_alloc(char *data, size_t len); -@@ -1166,7 +1170,6 @@ void *blockdata_retrieve(struct blockdat - struct blockdata *blockdata_read(int fd, size_t len); - void blockdata_write(struct blockdata *block, size_t len, int fd); - void blockdata_free(struct blockdata *blocks); --#endif - - /* domain.c */ - char *get_domain(struct in_addr addr); ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -726,7 +726,7 @@ int extract_addresses(struct dns_header - { - /* everything other than PTR */ - struct crec *newc; -- int addrlen; -+ int addrlen = 0; - - if (qtype == T_A) - { -@@ -738,7 +738,9 @@ int extract_addresses(struct dns_header - addrlen = IN6ADDRSZ; - flags |= F_IPV6; - } -- else -+ else if (qtype == T_SRV) -+ flags |= F_SRV; -+ else - continue; - - cname_loop1: -@@ -799,39 +801,61 @@ int extract_addresses(struct dns_header - { - found = 1; - -- /* copy address into aligned storage */ -- if (!CHECK_LEN(header, p1, qlen, addrlen)) -- return 0; /* bad packet */ -- memcpy(&addr, p1, addrlen); -- -- /* check for returned address in private space */ -- if (check_rebind) -+ if (flags & F_SRV) - { -- if ((flags & F_IPV4) && -- private_net(addr.addr4, !option_bool(OPT_LOCAL_REBIND))) -- return 1; -- -- if ((flags & F_IPV6) && -- IN6_IS_ADDR_V4MAPPED(&addr.addr6)) -+ unsigned char *tmp = namep; -+ -+ if (!CHECK_LEN(header, p1, qlen, 6)) -+ return 0; /* bad packet */ -+ GETSHORT(addr.srv.priority, p1); -+ GETSHORT(addr.srv.weight, p1); -+ GETSHORT(addr.srv.srvport, p1); -+ if (!extract_name(header, qlen, &p1, name, 1, 0)) -+ return 0; -+ addr.srv.targetlen = strlen(name) + 1; /* include terminating zero */ -+ if (!(addr.srv.target = blockdata_alloc(name, addr.srv.targetlen))) -+ return 0; -+ -+ /* we overwrote the original name, so get it back here. */ -+ if (!extract_name(header, qlen, &tmp, name, 1, 0)) -+ return 0; -+ } -+ else -+ { -+ /* copy address into aligned storage */ -+ if (!CHECK_LEN(header, p1, qlen, addrlen)) -+ return 0; /* bad packet */ -+ memcpy(&addr, p1, addrlen); -+ -+ /* check for returned address in private space */ -+ if (check_rebind) - { -- struct in_addr v4; -- v4.s_addr = ((const uint32_t *) (&addr.addr6))[3]; -- if (private_net(v4, !option_bool(OPT_LOCAL_REBIND))) -+ if ((flags & F_IPV4) && -+ private_net(addr.addr4, !option_bool(OPT_LOCAL_REBIND))) - return 1; -+ -+ if ((flags & F_IPV6) && -+ IN6_IS_ADDR_V4MAPPED(&addr.addr6)) -+ { -+ struct in_addr v4; -+ v4.s_addr = ((const uint32_t *) (&addr.addr6))[3]; -+ if (private_net(v4, !option_bool(OPT_LOCAL_REBIND))) -+ return 1; -+ } - } -- } -- -+ - #ifdef HAVE_IPSET -- if (ipsets && (flags & (F_IPV4 | F_IPV6))) -- { -- ipsets_cur = ipsets; -- while (*ipsets_cur) -+ if (ipsets && (flags & (F_IPV4 | F_IPV6))) - { -- log_query((flags & (F_IPV4 | F_IPV6)) | F_IPSET, name, &addr, *ipsets_cur); -- add_to_ipset(*ipsets_cur++, &addr, flags, 0); -+ ipsets_cur = ipsets; -+ while (*ipsets_cur) -+ { -+ log_query((flags & (F_IPV4 | F_IPV6)) | F_IPSET, name, &addr, *ipsets_cur); -+ add_to_ipset(*ipsets_cur++, &addr, flags, 0); -+ } - } -- } - #endif -+ } - - newc = cache_insert(name, &addr, C_IN, now, attl, flags | F_FORWARD | secflag); - if (newc && cpp) -@@ -1844,7 +1868,68 @@ size_t answer_request(struct dns_header - *up = move; - move->next = NULL; - } -- -+ -+ if (!found) -+ { -+ cname_srv_restart: -+ if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME | F_SRV | (dryrun ? F_NO_RR : 0))) && -+ (!do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))) -+ { -+ if (!(crecp->flags & F_DNSSECOK)) -+ sec_data = 0; -+ -+ auth = 0; -+ found = ans = 1; -+ -+ do { -+ if (crecp->flags & F_CNAME) -+ { -+ char *cname_target = cache_get_cname_target(crecp); -+ -+ if (!dryrun) -+ { -+ log_query(crecp->flags, name, NULL, record_source(crecp->uid)); -+ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, -+ crec_ttl(crecp, now), &nameoffset, -+ T_CNAME, C_IN, "d", cname_target)) -+ anscount++; -+ } -+ -+ strcpy(name, cname_target); -+ goto cname_srv_restart; -+ } -+ else if (crecp->flags & F_NEG) -+ { -+ if (crecp->flags & F_NXDOMAIN) -+ nxdomain = 1; -+ if (!dryrun) -+ log_query(crecp->flags, name, NULL, NULL); -+ } -+ else -+ { -+ unsigned char *p1 = ((unsigned char *)header) + nameoffset; -+ -+ if (!dryrun) -+ { -+ log_query(crecp->flags, name, NULL, 0); -+ -+ blockdata_retrieve(crecp->addr.srv.target, crecp->addr.srv.targetlen, name); -+ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, -+ crec_ttl(crecp, now), NULL, T_SRV, C_IN, "sssd", -+ crecp->addr.srv.priority, crecp->addr.srv.weight, crecp->addr.srv.srvport, -+ name)) -+ anscount++; -+ -+ -+ /* restore name we overwrote */ -+ if (!extract_name(header, qlen, &p1, name, 1, 0)) -+ return 0; /* bad packet */ -+ } -+ } -+ } while ((crecp = cache_find_by_name(crecp, name, now, F_SRV | F_CNAME))); -+ } -+ } -+ - if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_')))) - { - ans = 1; diff --git a/package/network/services/dnsmasq/patches/0025-Fix-crash-freeing-negative-SRV-cache-entries.patch b/package/network/services/dnsmasq/patches/0025-Fix-crash-freeing-negative-SRV-cache-entries.patch deleted file mode 100644 index 424574bbf6..0000000000 --- a/package/network/services/dnsmasq/patches/0025-Fix-crash-freeing-negative-SRV-cache-entries.patch +++ /dev/null @@ -1,23 +0,0 @@ -From a90f09db4cc635941a32b973b57e58c662569625 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Wed, 9 Jan 2019 15:08:16 +0000 -Subject: [PATCH 25/32] Fix crash freeing negative SRV cache entries. - -Thanks to Daniel for finding this one. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/cache.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/cache.c -+++ b/src/cache.c -@@ -200,7 +200,7 @@ static void cache_hash(struct crec *crec - - static void cache_blockdata_free(struct crec *crecp) - { -- if (crecp->flags & F_SRV) -+ if (crecp->flags & F_SRV && !(crecp->flags & F_NEG)) - blockdata_free(crecp->addr.srv.target); - #ifdef HAVE_DNSSEC - else if (crecp->flags & F_DNSKEY) diff --git a/package/network/services/dnsmasq/patches/0026-Check-for-not-DS-or-DNSKEY-in-is_outdated_cname_poin.patch b/package/network/services/dnsmasq/patches/0026-Check-for-not-DS-or-DNSKEY-in-is_outdated_cname_poin.patch deleted file mode 100644 index 4ca0be455f..0000000000 --- a/package/network/services/dnsmasq/patches/0026-Check-for-not-DS-or-DNSKEY-in-is_outdated_cname_poin.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 2896e2485e44c04e73a0b7c9f7cbc9c8515d0800 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Wed, 9 Jan 2019 15:12:34 +0000 -Subject: [PATCH 26/32] Check for not(DS or DNSKEY) in - is_outdated_cname_pointer() - -Previous check was _for_ IPV4, IPv6 CNAME, and I missed adding SRV. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/cache.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/cache.c -+++ b/src/cache.c -@@ -312,7 +312,7 @@ static int is_outdated_cname_pointer(str - /* NB. record may be reused as DS or DNSKEY, where uid is - overloaded for something completely different */ - if (crecp->addr.cname.target.cache && -- (crecp->addr.cname.target.cache->flags & (F_IPV4 | F_IPV6 | F_CNAME)) && -+ !(crecp->addr.cname.target.cache->flags & (F_DNSKEY | F_DS)) && - crecp->addr.cname.uid == crecp->addr.cname.target.cache->uid) - return 0; - diff --git a/package/network/services/dnsmasq/patches/0027-Fix-e7bfd556c079c8b5e7425aed44abc35925b24043-to-actu.patch b/package/network/services/dnsmasq/patches/0027-Fix-e7bfd556c079c8b5e7425aed44abc35925b24043-to-actu.patch deleted file mode 100644 index 63d5baa4cd..0000000000 --- a/package/network/services/dnsmasq/patches/0027-Fix-e7bfd556c079c8b5e7425aed44abc35925b24043-to-actu.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 9c0d445ef4abffa2b9342ad65e85ef425c1f83bb Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Wed, 9 Jan 2019 17:57:56 +0000 -Subject: [PATCH 27/32] Fix e7bfd556c079c8b5e7425aed44abc35925b24043 to - actually work. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/dhcp.c | 54 +++++++++++++++++++++++++---------------------------- - src/dhcp6.c | 2 +- - 2 files changed, 26 insertions(+), 30 deletions(-) - ---- a/src/dhcp.c -+++ b/src/dhcp.c -@@ -754,19 +754,6 @@ int address_allocate(struct dhcp_context - if (addr.s_addr == d->router.s_addr) - break; - -- /* in consec-ip mode, skip addresses equal to -- the number of addresses rejected by clients. This -- should avoid the same client being offered the same -- address after it has rjected it. */ -- if (option_bool(OPT_CONSEC_ADDR)) -- { -- if (c->addr_epoch) -- { -- c->addr_epoch--; -- d = context; /* d non-NULL skips the address. */ -- } -- } -- - /* Addresses which end in .255 and .0 are broken in Windows even when using - supernetting. ie dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 - then 192.168.0.255 is a valid IP address, but not for Windows as it's -@@ -778,24 +765,33 @@ int address_allocate(struct dhcp_context - (!IN_CLASSC(ntohl(addr.s_addr)) || - ((ntohl(addr.s_addr) & 0xff) != 0xff && ((ntohl(addr.s_addr) & 0xff) != 0x0)))) - { -- struct ping_result *r; -- -- if ((r = do_icmp_ping(now, addr, j, loopback))) -- { -- /* consec-ip mode: we offered this address for another client -- (different hash) recently, don't offer it to this one. */ -- if (!option_bool(OPT_CONSEC_ADDR) || r->hash == j) -- { -- *addrp = addr; -- return 1; -- } -- } -+ /* in consec-ip mode, skip addresses equal to -+ the number of addresses rejected by clients. This -+ should avoid the same client being offered the same -+ address after it has rjected it. */ -+ if (option_bool(OPT_CONSEC_ADDR) && c->addr_epoch) -+ c->addr_epoch--; - else - { -- /* address in use: perturb address selection so that we are -- less likely to try this address again. */ -- if (!option_bool(OPT_CONSEC_ADDR)) -- c->addr_epoch++; -+ struct ping_result *r; -+ -+ if ((r = do_icmp_ping(now, addr, j, loopback))) -+ { -+ /* consec-ip mode: we offered this address for another client -+ (different hash) recently, don't offer it to this one. */ -+ if (!option_bool(OPT_CONSEC_ADDR) || r->hash == j) -+ { -+ *addrp = addr; -+ return 1; -+ } -+ } -+ else -+ { -+ /* address in use: perturb address selection so that we are -+ less likely to try this address again. */ -+ if (!option_bool(OPT_CONSEC_ADDR)) -+ c->addr_epoch++; -+ } - } - } - ---- a/src/dhcp6.c -+++ b/src/dhcp6.c -@@ -436,7 +436,7 @@ struct dhcp_context *address6_allocate(s - skip addresses equal to the number of addresses rejected - by clients. This should avoid the same client being offered the same - address after it has rjected it. */ -- start = lease_find_max_addr6(c) + serial + c->addr_epoch; -+ start = lease_find_max_addr6(c) + 1 + serial + c->addr_epoch; - if (c->addr_epoch) - c->addr_epoch--; - } diff --git a/package/network/services/dnsmasq/patches/0028-Tidy-cache_blockdata_free.patch b/package/network/services/dnsmasq/patches/0028-Tidy-cache_blockdata_free.patch deleted file mode 100644 index 8aa69a743b..0000000000 --- a/package/network/services/dnsmasq/patches/0028-Tidy-cache_blockdata_free.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 4bf62f616b82fad7a7f91195b0204dd64d79a35c Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Thu, 10 Jan 2019 21:54:22 +0000 -Subject: [PATCH 28/32] Tidy cache_blockdata_free() - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/cache.c | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - ---- a/src/cache.c -+++ b/src/cache.c -@@ -200,14 +200,17 @@ static void cache_hash(struct crec *crec - - static void cache_blockdata_free(struct crec *crecp) - { -- if (crecp->flags & F_SRV && !(crecp->flags & F_NEG)) -- blockdata_free(crecp->addr.srv.target); -+ if (!(crecp->flags & F_NEG)) -+ { -+ if (crecp->flags & F_SRV) -+ blockdata_free(crecp->addr.srv.target); - #ifdef HAVE_DNSSEC -- else if (crecp->flags & F_DNSKEY) -- blockdata_free(crecp->addr.key.keydata); -- else if ((crecp->flags & F_DS) && !(crecp->flags & F_NEG)) -- blockdata_free(crecp->addr.ds.keydata); -+ else if (crecp->flags & F_DNSKEY) -+ blockdata_free(crecp->addr.key.keydata); -+ else if (crecp->flags & F_DS) -+ blockdata_free(crecp->addr.ds.keydata); - #endif -+ } - } - - static void cache_free(struct crec *crecp) diff --git a/package/network/services/dnsmasq/patches/0029-Fix-removal-of-DHCP_CLIENT_MAC-options-from-DHCPv6-r.patch b/package/network/services/dnsmasq/patches/0029-Fix-removal-of-DHCP_CLIENT_MAC-options-from-DHCPv6-r.patch deleted file mode 100644 index e02bd11d23..0000000000 --- a/package/network/services/dnsmasq/patches/0029-Fix-removal-of-DHCP_CLIENT_MAC-options-from-DHCPv6-r.patch +++ /dev/null @@ -1,52 +0,0 @@ -From f8c77edbdffb8ada7753ea9fa104f0f6da70cfe3 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Thu, 10 Jan 2019 21:58:18 +0000 -Subject: [PATCH 29/32] Fix removal of DHCP_CLIENT_MAC options from DHCPv6 - relay replies. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/rfc3315.c | 30 +++++++++++++++++------------- - 1 file changed, 17 insertions(+), 13 deletions(-) - ---- a/src/rfc3315.c -+++ b/src/rfc3315.c -@@ -219,21 +219,25 @@ static int dhcp6_maybe_relay(struct stat - if (opt6_ptr(opt, 0) + opt6_len(opt) > end) - return 0; - -- int o = new_opt6(opt6_type(opt)); -- if (opt6_type(opt) == OPTION6_RELAY_MSG) -+ /* Don't copy MAC address into reply. */ -+ if (opt6_type(opt) != OPTION6_CLIENT_MAC) - { -- struct in6_addr align; -- /* the packet data is unaligned, copy to aligned storage */ -- memcpy(&align, inbuff + 2, IN6ADDRSZ); -- state->link_address = &align; -- /* zero is_unicast since that is now known to refer to the -- relayed packet, not the original sent by the client */ -- if (!dhcp6_maybe_relay(state, opt6_ptr(opt, 0), opt6_len(opt), client_addr, 0, now)) -- return 0; -+ int o = new_opt6(opt6_type(opt)); -+ if (opt6_type(opt) == OPTION6_RELAY_MSG) -+ { -+ struct in6_addr align; -+ /* the packet data is unaligned, copy to aligned storage */ -+ memcpy(&align, inbuff + 2, IN6ADDRSZ); -+ state->link_address = &align; -+ /* zero is_unicast since that is now known to refer to the -+ relayed packet, not the original sent by the client */ -+ if (!dhcp6_maybe_relay(state, opt6_ptr(opt, 0), opt6_len(opt), client_addr, 0, now)) -+ return 0; -+ } -+ else -+ put_opt6(opt6_ptr(opt, 0), opt6_len(opt)); -+ end_opt6(o); - } -- else if (opt6_type(opt) != OPTION6_CLIENT_MAC) -- put_opt6(opt6_ptr(opt, 0), opt6_len(opt)); -- end_opt6(o); - } - - return 1; diff --git a/package/network/services/dnsmasq/patches/0030-Fix-entries-in-etc-hosts-disabling-static-leases.patch b/package/network/services/dnsmasq/patches/0030-Fix-entries-in-etc-hosts-disabling-static-leases.patch deleted file mode 100644 index 00f2102fde..0000000000 --- a/package/network/services/dnsmasq/patches/0030-Fix-entries-in-etc-hosts-disabling-static-leases.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 18eac67c0a15b673c8d27002c248651b308093e4 Mon Sep 17 00:00:00 2001 -From: Steven Siloti <ssiloti@gmail.com> -Date: Sun, 13 Jan 2019 22:56:36 +0000 -Subject: [PATCH 30/32] Fix entries in /etc/hosts disabling static leases. - -It is possible for a config entry to have one address family specified by a -dhcp-host directive and the other added from /etc/hosts. This is especially -common on OpenWrt because it uses odhcpd for DHCPv6 and IPv6 leases are -imported into dnsmasq via a hosts file. - -To handle this case there need to be separate *_HOSTS flags for IPv4 and IPv6. -Otherwise when the hosts file is reloaded it will clear the CONFIG_ADDR(6) flag -which was set by the dhcp-host directive. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/dhcp-common.c | 8 ++++++-- - src/dnsmasq.h | 1 + - 2 files changed, 7 insertions(+), 2 deletions(-) - ---- a/src/dhcp-common.c -+++ b/src/dhcp-common.c -@@ -372,7 +372,11 @@ void dhcp_update_configs(struct dhcp_con - - for (config = configs; config; config = config->next) - if (config->flags & CONFIG_ADDR_HOSTS) -- config->flags &= ~(CONFIG_ADDR | CONFIG_ADDR6 | CONFIG_ADDR_HOSTS); -+ config->flags &= ~(CONFIG_ADDR | CONFIG_ADDR_HOSTS); -+#ifdef HAVE_DHCP6 -+ if (config->flags & CONFIG_ADDR6_HOSTS) -+ config->flags &= ~(CONFIG_ADDR6 | CONFIG_ADDR6_HOSTS); -+#endif - - #ifdef HAVE_DHCP6 - again: -@@ -421,7 +425,7 @@ void dhcp_update_configs(struct dhcp_con - (!(conf_tmp = config_find_by_address6(configs, &crec->addr.addr6, 128, 0)) || conf_tmp == config)) - { - memcpy(&config->addr6, &crec->addr.addr6, IN6ADDRSZ); -- config->flags |= CONFIG_ADDR6 | CONFIG_ADDR_HOSTS; -+ config->flags |= CONFIG_ADDR6 | CONFIG_ADDR6_HOSTS; - continue; - } - #endif ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -789,6 +789,7 @@ struct dhcp_config { - #define CONFIG_BANK 2048 /* from dhcp hosts file */ - #define CONFIG_ADDR6 4096 - #define CONFIG_WILDCARD 8192 -+#define CONFIG_ADDR6_HOSTS 16384 /* address added by from /etc/hosts */ - - struct dhcp_opt { - int opt, len, flags; diff --git a/package/network/services/dnsmasq/patches/0031-Fix-missing-braces-in-8eac67c0a15b673c8d27002c248651.patch b/package/network/services/dnsmasq/patches/0031-Fix-missing-braces-in-8eac67c0a15b673c8d27002c248651.patch deleted file mode 100644 index 928c6ee603..0000000000 --- a/package/network/services/dnsmasq/patches/0031-Fix-missing-braces-in-8eac67c0a15b673c8d27002c248651.patch +++ /dev/null @@ -1,28 +0,0 @@ -From d2d49907435433001ab00698a3e9ca2a7b5b3236 Mon Sep 17 00:00:00 2001 -From: Steven Siloti <ssiloti@gmail.com> -Date: Thu, 17 Jan 2019 22:52:13 +0000 -Subject: [PATCH 31/32] Fix missing braces in - 8eac67c0a15b673c8d27002c248651b308093e4 - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/dhcp-common.c | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/src/dhcp-common.c -+++ b/src/dhcp-common.c -@@ -371,12 +371,14 @@ void dhcp_update_configs(struct dhcp_con - int prot = AF_INET; - - for (config = configs; config; config = config->next) -+ { - if (config->flags & CONFIG_ADDR_HOSTS) - config->flags &= ~(CONFIG_ADDR | CONFIG_ADDR_HOSTS); - #ifdef HAVE_DHCP6 - if (config->flags & CONFIG_ADDR6_HOSTS) - config->flags &= ~(CONFIG_ADDR6 | CONFIG_ADDR6_HOSTS); - #endif -+ } - - #ifdef HAVE_DHCP6 - again: diff --git a/package/network/services/dnsmasq/patches/0032-Change-read_leases-to-skip-invalid-entries.patch b/package/network/services/dnsmasq/patches/0032-Change-read_leases-to-skip-invalid-entries.patch deleted file mode 100644 index bbaed874e2..0000000000 --- a/package/network/services/dnsmasq/patches/0032-Change-read_leases-to-skip-invalid-entries.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 28cfe36e1eee9d2c234e0256ad459956b415a3bb Mon Sep 17 00:00:00 2001 -From: Brian Haley <haleyb.dev@gmail.com> -Date: Thu, 17 Jan 2019 23:21:23 +0000 -Subject: [PATCH 32/32] Change read_leases() to skip invalid entries. - -There's no reason to stop reading the existing lease file -when dnsmasq is started and an invalid entry is found, it -can just be ignored. This was fallout from an Openstack -bug where the file was being written incorrectly with [] -around IPv6 addresses. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/lease.c | 22 +++++++++++++++------- - 1 file changed, 15 insertions(+), 7 deletions(-) - ---- a/src/lease.c -+++ b/src/lease.c -@@ -60,8 +60,13 @@ static int read_leases(time_t now, FILE - - if (fscanf(leasestream, " %64s %255s %764s", - daemon->namebuff, daemon->dhcp_buff, daemon->packet) != 3) -- return 0; -- -+ { -+ my_syslog(MS_DHCP | LOG_WARNING, _("ignoring invalid line in lease database: %s %s %s %s ..."), -+ daemon->dhcp_buff3, daemon->dhcp_buff2, -+ daemon->namebuff, daemon->dhcp_buff); -+ continue; -+ } -+ - if (inet_pton(AF_INET, daemon->namebuff, &addr.addr4)) - { - if ((lease = lease4_allocate(addr.addr4))) -@@ -92,7 +97,12 @@ static int read_leases(time_t now, FILE - } - #endif - else -- return 0; -+ { -+ my_syslog(MS_DHCP | LOG_WARNING, _("ignoring invalid line in lease database, bad address: %s"), -+ daemon->namebuff); -+ continue; -+ } -+ - - if (!lease) - die (_("too many stored leases"), NULL, EC_MISC); -@@ -172,10 +182,8 @@ void lease_init(time_t now) - if (leasestream) - { - if (!read_leases(now, leasestream)) -- my_syslog(MS_DHCP | LOG_ERR, _("failed to parse lease database, invalid line: %s %s %s %s ..."), -- daemon->dhcp_buff3, daemon->dhcp_buff2, -- daemon->namebuff, daemon->dhcp_buff); -- -+ my_syslog(MS_DHCP | LOG_ERR, _("failed to parse lease database cleanly")); -+ - if (ferror(leasestream)) - die(_("failed to read lease file %s: %s"), daemon->lease_file, EC_FILE); - } diff --git a/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch b/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch deleted file mode 100644 index 5b1d59566d..0000000000 --- a/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch +++ /dev/null @@ -1,35 +0,0 @@ -From e710c34469af4378c2db6fa0b0be88313adcb68f Mon Sep 17 00:00:00 2001 -From: Alin Nastac <alin.nastac@gmail.com> -Date: Mon, 30 Sep 2019 15:30:26 +0100 -Subject: [PATCH] Fix crash when negative SRV response over TCP gets stored in - LRU cache entry. - -Patch extended to receive side of pipe by SRK. ---- - src/cache.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - ---- a/src/cache.c -+++ b/src/cache.c -@@ -665,7 +665,11 @@ void cache_end_insert(void) - if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV)) - read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); - if (flags & F_SRV) -- blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); -+ { -+ /* A negative SRV entry is possible and has no data, obviously. */ -+ if (!(flags & F_NEG)) -+ blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); -+ } - #ifdef HAVE_DNSSEC - if (flags & F_DNSKEY) - { -@@ -737,7 +741,7 @@ int cache_recv_insert(time_t now, int fd - if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) - return 0; - -- if (flags & F_SRV && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) -+ if ((flags & F_SRV) && !(flags & F_NEG) && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) - return 0; - - #ifdef HAVE_DNSSEC diff --git a/package/network/services/dnsmasq/patches/050-crypto-use-nettle-ecc_curve-access-functions.patch b/package/network/services/dnsmasq/patches/050-crypto-use-nettle-ecc_curve-access-functions.patch deleted file mode 100644 index c52a6bc44a..0000000000 --- a/package/network/services/dnsmasq/patches/050-crypto-use-nettle-ecc_curve-access-functions.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 1f55b09dd88bc65b3ee6e3a665bc844a5a9a9e8d Mon Sep 17 00:00:00 2001 -From: Hans Dedecker <dedeckeh@gmail.com> -Date: Fri, 9 Aug 2019 21:08:17 +0200 -Subject: [PATCH] crypto: use nettle ecc_curve access functions - -Nettle 3.5.1 has made ecc_curve definitions (nettle_secp_192r1, -nettle_secp_224r1, nettle_secp_256r1, ...) private and forces -users to make use of the accessor functions (nettle_get_secp_192r1, -...) to retrieve the specific ecc_curve structs. - -Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> ---- - src/crypto.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/src/crypto.c -+++ b/src/crypto.c -@@ -294,7 +294,7 @@ static int dnsmasq_ecdsa_verify(struct b - if (!(key_256 = whine_malloc(sizeof(struct ecc_point)))) - return 0; - -- nettle_ecc_point_init(key_256, &nettle_secp_256r1); -+ nettle_ecc_point_init(key_256, nettle_get_secp_256r1()); - } - - key = key_256; -@@ -307,7 +307,7 @@ static int dnsmasq_ecdsa_verify(struct b - if (!(key_384 = whine_malloc(sizeof(struct ecc_point)))) - return 0; - -- nettle_ecc_point_init(key_384, &nettle_secp_384r1); -+ nettle_ecc_point_init(key_384, nettle_get_secp_384r1()); - } - - key = key_384; diff --git a/package/network/services/dnsmasq/patches/230-fix-poll-h-include-warning-on-musl.patch b/package/network/services/dnsmasq/patches/230-fix-poll-h-include-warning-on-musl.patch deleted file mode 100644 index 2501079b3f..0000000000 --- a/package/network/services/dnsmasq/patches/230-fix-poll-h-include-warning-on-musl.patch +++ /dev/null @@ -1,18 +0,0 @@ -dnsmasq: fix warning with poll.h include on musl - -Warning is: - #warning redirecting incorrect #include <sys/poll.h> to <poll.h> - -Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> - ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -95,7 +95,7 @@ typedef unsigned long long u64; - #if defined(HAVE_SOLARIS_NETWORK) - # include <sys/sockio.h> - #endif --#include <sys/poll.h> -+#include <poll.h> - #include <sys/wait.h> - #include <sys/time.h> - #include <sys/un.h> |