diff options
| -rw-r--r-- | package/network/services/dnsmasq/Makefile | 3 | ||||
| -rw-r--r-- | package/network/services/dnsmasq/files/dhcpbogushostname.conf | 8 | ||||
| -rw-r--r-- | package/network/services/dnsmasq/files/dnsmasq.init | 8 |
3 files changed, 18 insertions, 1 deletions
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index f1daac397c..287edf5791 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.80test8 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases @@ -166,6 +166,7 @@ define Package/dnsmasq/install $(INSTALL_DIR) $(1)/etc/hotplug.d/tftp $(INSTALL_DATA) ./files/dnsmasqsec.hotplug $(1)/etc/hotplug.d/ntp/25-dnsmasqsec $(INSTALL_DIR) $(1)/usr/share/dnsmasq + $(INSTALL_DATA) ./files/dhcpbogushostname.conf $(1)/usr/share/dnsmasq/ $(INSTALL_DATA) ./files/rfc6761.conf $(1)/usr/share/dnsmasq/ $(INSTALL_DIR) $(1)/usr/lib/dnsmasq $(INSTALL_BIN) ./files/dhcp-script.sh $(1)/usr/lib/dnsmasq/dhcp-script.sh diff --git a/package/network/services/dnsmasq/files/dhcpbogushostname.conf b/package/network/services/dnsmasq/files/dhcpbogushostname.conf new file mode 100644 index 0000000000..e83b6975d0 --- /dev/null +++ b/package/network/services/dnsmasq/files/dhcpbogushostname.conf @@ -0,0 +1,8 @@ +# dhcpbogushostname.conf included configuration file for dnsmasq +# +# includes a list of hostnames that should not be associated with dhcp leases +# in response to CERT VU#598349 +# file included by default, option dhcpbogushostname 0 to disable + +dhcp-name-match=set:dhcp_bogus_hostname,localhost +dhcp-name-match=set:dhcp_bogus_hostname,wpad diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index de15552424..0c786e82c7 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -16,6 +16,7 @@ BASEHOSTFILE="/tmp/hosts/dhcp" TRUSTANCHORSFILE="/usr/share/dnsmasq/trust-anchors.conf" TIMEVALIDFILE="/var/state/dnsmasqsec" BASEDHCPSTAMPFILE="/var/run/dnsmasq" +DHCPBOGUSHOSTNAMEFILE="/usr/share/dnsmasq/dhcpbogushostname.conf" RFC6761FILE="/usr/share/dnsmasq/rfc6761.conf" DHCPSCRIPT="/usr/lib/dnsmasq/dhcp-script.sh" @@ -956,6 +957,13 @@ dnsmasq_start() config_foreach filter_dnsmasq host dhcp_host_add "$cfg" echo >> $CONFIGFILE_TMP + + config_get_bool dhcpbogushostname "$cfg" dhcpbogushostname 1 + [ "$dhcpbogushostname" -gt 0 ] && { + xappend "--dhcp-ignore-names=tag:dhcp_bogus_hostname" + [ -r "$DHCPBOGUSHOSTNAMEFILE" ] && xappend "--conf-file=$DHCPBOGUSHOSTNAMEFILE" + } + config_foreach filter_dnsmasq boot dhcp_boot_add "$cfg" config_foreach filter_dnsmasq mac dhcp_mac_add "$cfg" config_foreach filter_dnsmasq tag dhcp_tag_add "$cfg" |