Git log: commit 65c2d6afd67a032f45f40d7e4d620f5d73e5f07d
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed Nov 22 22:02:05 2023 +0000
Fix standalone SHA256 implementation.
Bug report here:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017332.html
This error probably has no practical effect since even if the hash
is wrong, it's only compared internally to other hashes computed using
the same code.
Understanding the error:
hash-questions.c:168:21: runtime error: left shift of 128 by 24 places
cannot be represented in type 'int'
requires a certain amount of c-lawyerliness. I think the problem is that
m[i] = data[j] << 24
promotes the unsigned char data array value to int before doing the shift and
then promotes the result to unsigned char to match the type of m[i].
What needs to happen is to cast the unsigned char to unsigned int
BEFORE the shift.
This patch does that with explicit casts.
commit b27b94cfdc5e0cad6a5a8675471e0bdc64676006
Merge: b8b5b73 568fb02
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed Nov 22 15:29:10 2023 +0000
Merge branch 'master' of ssh://thekelleys.org.uk/var/local/git/dnsmasq
commit b8b5b734b4175311e7d432d86a9ca69401b0717d
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed Nov 22 15:20:53 2023 +0000
Fix misuse of const pointer in src/nftset.c.
Thanks to Kevin Darbyshire-Bryant for the initial patch, which was
modified by srk - any remaining bugs are his.
commit 568fb02449a8b43cce7c8da212558ecf022a5f40
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Nov 13 22:08:08 2023 +0000
Fix use-after-free in cache_remove_uid().
Thanks to Kevin Darbyshire-Bryant for the bug report.
commit 77ef9b260352c7820b6fee7d91c73415a41cbf1d
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri Nov 10 23:13:46 2023 +0000
Fix crash when DNS disabled, introduced in 416390f9962e455769aa8ab6df0e105cae07ae55
commit 416390f9962e455769aa8ab6df0e105cae07ae55
Author: Damian Sawicki <dsawicki@google.com>
Date: Sat Nov 4 23:33:28 2023 +0000
Add --max-tcp-connections option to make this dynamically configurable.
commit 24804b7431f6ace109e91876aef859a751bf3147
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat Nov 4 16:58:30 2023 +0000
Fix compile warning introduced by a889c554a7df71ff93a8299ef96037fbe05f2f55
commit 1fe9d2ba450fbb4aba2823c6fe210fe3c64ac652
Author: Dominik Derigs <dl6er@dl6er.de>
Date: Sat Nov 4 16:52:09 2023 +0000
Add RESINFO RR-type to the table of RR-type names.
commit 3868066085f4f73055d303ad2af59ad66245cf27
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed Oct 11 22:33:17 2023 +0100
Fix bad reply to DHCPCONFIRM messages (wrong message type).
Thanks to renmingshuai <renmingshuai@huawei.com> for
spotting the error, and making the initial patch.
commit a889c554a7df71ff93a8299ef96037fbe05f2f55
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Oct 9 21:50:15 2023 +0100
Work around possible Linux bug with VRF interfaces and DHCPv6.
The scope_id in the source address of recieved packets gets set
to the index of the VRF interface, not the slave. Fortunately,
the interface index returned by packetinfo is correct so we use
instead.
Thanks to Luci Stanescu <luci@safebits.tech> for characterising this.
Ref: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017276.html
commit ca8d04a8ff951896578c1f1026a014955a0b40a7
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Oct 9 21:15:13 2023 +0100
Cache zero-TTL DNS replies when stale-caching is enabled.
commit 8b606543a3fb687f0e49d4e832f98be9a08924d0
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Oct 9 21:00:11 2023 +0100
Fix memory leak in arbitrary-RR caching.
If the cache insertion process fails for any reason, any
blockdata storage allocated needs to be freed.
Thanks to Damian Sawicki for spotting the problem and
supplying patches against earlier releases. This patch by SRK,
and any bugs are his.
commit d16b995756dc079b1fdc2e63665793979f766a26
Author: renmingshuai <renmingshuai@huawei.com>
Date: Sat Sep 30 23:31:08 2023 +0100
Fix memory leak when using --dhcp-optsfile with DHCPv6 options.
commit 768b45a0238b3183f0c19def82c1e09e847fd4fc
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Sep 11 22:11:50 2023 +0100
Remove two-decade old hack.
answer_request() builds answers in the same packet buffer
as the request. This means that any EDNS0 header from the
original request is overwritten. If the answer is in cache, that's
fine: dnsmasq adds its own EDNS0 header, but if the cache lookup fails
partially and the request needs to be sent upstream, it's a problem.
This was fixed a long, long time ago by running the cache
lookup twice if the request included an EDNS0 header. The first time,
nothing would be written to the answer packet, nad if the cache
lookup failed, the untouched question packet was still available
to forward upstream. If cache lookup succeeded, the whole thing
was done again, this time writing the data into the reply packet.
In a world where EDNS0 was rare and so was memory, this was a
reasonable solution. Today EDNS0 is ubiquitous so basically
every query is being looked up twice in the cache. There's also
the problem that any code change which makes successive cache lookups
for a query possibly return different answers adds a subtle hidden
bug, because this hack depends on absence of that behaviour.
This commit removes the lookup-twice hack entirely. answer_request()
can now return zero and overwrite the question packet. The code which
was previously added to support stale caching by saving a copy of the
query in the block-storage system is extended to always be active.
This handles the case where answer_request() returns no answer OR
a stale answer and a copy of the original query is needed to forward
upstream.
commit 3b5ddf37d9c841ce48a63cff653cf2bdc2a9b4b7
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat Sep 2 21:34:54 2023 +0100
Fix problem with arbitrary RR caching.
Caching an answer which has more that one RR, with at least
one answer being <=13 bytes and at least one being >13 bytes
can screw up the F_KEYTAG flag bit, resulting in the wrong
type of the address union being used and either a bad value
return or a crash in the block code.
Thanks to Dominik Derigs and the Pi-hole project for finding
and characterising this.
commit 9bbf098a970c9e5fa251939208e25fb21064d1be
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri May 26 18:19:15 2023 +0100
=/== typo in last commit.
commit 6536187b629382000299cc8e0dee43876c7382d2
Merge: 1419de2 50adf82
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri May 26 18:01:58 2023 +0100
Merge branch 'master' of ssh://thekelleys.org.uk/var/local/git/dnsmasq
commit 50adf82199c362da6c542f1d22be2eeab7481211
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri May 26 17:55:35 2023 +0100
Behave better when attempting to contact unresponsive TCP servers.
By default TCP connect takes minutes to fail when trying to
connect a server which is not responding and for which the
network layer doesn't generate HOSTUNREACH errors.
This is doubled because having failed to connect in FASTOPEN
mode, the code then tries again with a call to connect().
We set TCP_SYNCNT to 2, which make the timeout about 10 seconds.
This in an unportable Linux feature, so it doesn't work on other
platforms.
No longer try connect() if sendmsg in fastopen mode fails with
ETIMEDOUT or EHOSTUNREACH since the story will just be the same.
commit 1419de285fdacde2dc9683b701ee2d71090eade3
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed May 17 23:19:30 2023 +0100
Log truncated DNS replies.
commit 31c91b40bdb1b4758e3fc6d0c3f7f3e8c831a8f8
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon May 15 18:11:06 2023 +0100
Handle SERVFAIL responses to DS queries better.
On 15/5/2023 8.8.8.8 was returning SERVFAIL for a query on ec.europa.eu
ec.europa.eu is not a domain cut, that happens at jrc.ec.europa.eu. which
does return a signed proof of non-existance for a DS record.
Abandoning the search for a DS or proof of non existence at ec.europa.eu
renders everything within that domain BOGUS, since nothing is signed.
This code changes behaviour on a SERVFAIL to continue looking
deeper for a DS or proof of its nonexistence.
commit 1d6fe0ea84689a84c16dfee68b5e2700a62fc892
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon May 1 23:06:29 2023 +0100
Code tidying.
commit d774add784d01c8346b271e8fb5cbedc44d7ed08
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon May 1 20:42:30 2023 +0100
Fix issue with stale caching.
After replying with stale data, dnsmasq sends the query upstream to
refresh the cache asynchronously and sometimes sends the wrong packet:
packet length can be wrong, and if an EDE marking stale data is added
to the answer that can end up in the query also. This bug only seems
to cause problems when the usptream server is a DOH/DOT proxy. Thanks
to Justin He for the bug report.
commit 7500157cff8ea28ab03e6e62e0d1575e4d01746b
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Apr 24 15:07:55 2023 +0100
Improve RFC3315 para 15 packet validation.
Thanks to Shashikumar Shashil for spotting the ommision.
commit 52e6ad2761e4e39c3e89fe3b8d68b98cf538a27c
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Apr 17 21:25:30 2023 +0100
Log failure to determine MAC address in DHCPv6.
commit bcb46809dcf8992aeb36a3267e4af4ac1c04f471
Author: Petr Menšík <pemensik@redhat.com>
Date: Mon Apr 17 21:05:00 2023 +0100
Optimization of socket events handling of dbus.
Reduces calls to locate the file descriptor structure. Should lower CPU usage when monitoring
dbus watches.
commit 33635d8564f96cedcef9bf9826cbbca76f28aa81
Author: Petr Menšík <pemensik@redhat.com>
Date: Mon Apr 17 20:55:31 2023 +0100
Fix crash in dbus code.
If I configure dnsmasq to use dbus and then restart dbus.service with watchers present,
it crashes dnsmasq. The reason is simple, it uses loop to walk over watchers to call
dbus handling code. But from that code the same list can be modified and watchers removed.
But the list iteration continues anyway.
Restart the loop if list were modified.
commit bd188e306a06ca0acb6c213ecc0e1dc0dc22c3f6
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Apr 17 16:23:06 2023 +0100
Fix paren blunder in aaba66efbd3b4e7283993ca3718df47706a8549b
Thanks to Dominik Derigs for spotting this.
commit aaba66efbd3b4e7283993ca3718df47706a8549b
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed Apr 12 22:55:14 2023 +0100
Add --no-dhcpv4-interface and --no-dhcpv6-interface options.
commit 597378cdf55b248a54b930fa31acbad7415aaefd
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed Apr 12 16:25:49 2023 +0100
Turn "used" member of struct iname into flags in preparation for more.
commit 15dcdc824ad49e98aaa1a527d82ac6502bdb50fb
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed Apr 5 17:42:23 2023 +0100
Missed copyright date.
commit 86ee779e22e9fc3a6f3add1935d3392e27df1dca
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed Apr 5 17:29:04 2023 +0100
Make --server=/#/<addr> behave the same as --server=<addr>
For consistency with --address and older dnsmasq releases.
commit df242de5c695b297cf96bcba5095158c87c3a93d
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed Apr 5 12:34:34 2023 +0100
Bump copyrights to 2023.
commit b14aa762ff2a42573b8b9ead85ccfa1f2b938a72
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat Apr 1 22:03:49 2023 +0100
Fix long-term bug in TCP caching code which would lose NXDOMAIN.
A NXDOMAIN answer recieved over TCP by a child process would
be correctly sent back to the master process which would then
fail to insert it into the cache.
commit a78487a4df8f23f99e8e8d5bb7449b6429bae1fa
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat Apr 1 21:35:26 2023 +0100
Use a simpler arrangement for the all_addr union to avoid
the compiler padding it with an extra 8 bytes.
Use the F_KEYTAG flag in a a cache record to discriminate between
an arbitrary RR stored entirely in the addr union and one
which has a point to block storage.
commit 3a601d06bdf22f0312177a26f606d9b5f857c1ae
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat Apr 1 00:50:29 2023 +0100
Fix copy-n-paste error in 138e1e2a2d918b37cb0274fe310d53be35acf4cf
commit 047256a6d89ae4b2de0aa51d1f490b521ba32fa1
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri Mar 31 23:28:56 2023 +0100
--domain=# is valid. --synth-domain=# isn't.
commit c244d92d8a3f96e3a16b53f733190faa17004ae3
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri Mar 31 18:49:22 2023 +0100
Allow --cache-rr=ANY with the obvious meaning.
commit 138e1e2a2d918b37cb0274fe310d53be35acf4cf
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri Mar 31 17:44:02 2023 +0100
Optimse memory use for arbitrary-RR caching.
RRs 13 bytes or less don't need to allocate block storage.
commit 153eeb070b2135cac9e12fc38e944ca8683b74c7
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu Mar 30 16:00:04 2023 +0100
Optimise no-action case in rrfilter().
commit a3c8b75972604443cf763fb06e259b38ceec3351
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed Mar 29 22:43:21 2023 +0100
Add filtering of arbitrary RR-types.
commit 042c64273d553c8305d3747849b44a0b257b0622
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue Mar 28 18:24:22 2023 +0100
Remove code for caching SRV.
Function replaced by the ability to cache any RR type.
For backwards compatibilty SRV records are always on the
list of cacheable RR-types.
commit 638c7c4d20004c0f320820098e29df62a27dd2a1
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu Mar 23 17:15:35 2023 +0000
Add --cache-rr to enable caching of arbitrary RR types.
commit 88fc6c80236e946c7b719a8ef0bd0b08bdbc3295
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Mar 20 23:11:38 2023 +0000
Fold F_NOERR and F_DNSSEC to make space for new F_RR.
commit 3fb10cd0d8217b42071ab575c2edaae2554b1780
Merge: 0427e37 ff28a48
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Mar 20 22:30:11 2023 +0000
Merge branch 'master' into all-rr-type
commit ff28a485cf8b592a6c21b39bbb8e42f5bc390685
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Mar 20 22:22:46 2023 +0000
Close Debian bug.
commit 1f0f86a0d0d0759de4c5eb1080333618563ee5a0
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Mar 20 18:32:14 2023 +0000
Add EDE "filtered" extended error when --filter-A or --filter-AAAA act.
If a NODATA answer is returned instead of actual data for A or AAAA
queries because of the existence of --filter-A or --filter-AAAA
config options, then mark the replies with an EDE "filtered" tag.
Basic patch by Petr Menšík, tweaked by Simon Kelley to apply onto
the preceding caching patches.
commit 28429720355c21739c851c28b003b6d0b4aee549
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Mar 20 17:14:17 2023 +0000
More --filter-AAAA caching improvements.
Cache answers before filtering and filter coming out of the cache.
commit 5a9eae429a7d0680d606f03f2759d7dde0bbe3f0
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Mar 20 15:16:29 2023 +0000
Improve cache use with --filter-A and --filter-AAAA
If --filter-AAAA is set and we have cached entry for
the domain in question fpr any RR type that allows us to
return a NODATA reply when --filter-AAAA is set without
going upstream. Similarly for --filter-A.
commit 946180701191ea7e552fa5a939140a635d47b566
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu Mar 16 15:16:17 2023 +0000
Remove limitation on --dynamic-host.
Dynamic-host was implemented to ignore interface addresses with /32
(or /128 for IPv6) prefix lengths, since they are not useful for
synthesising addresses.
Due to a bug before 2.88, this didn't work for IPv4, and some have
used --dynamic-host=example.com,0.0.0.0,eth0 to do the equivalent of
--interface-name for such interfaces. When the bug was fixed in 2.88
these uses broke.
Since this behaviour seems to violate the principle of least surprise,
and since the 2.88 fix is breaking existing imstallations, this
commit removes the check on /32 and /128 prefix lengths to solve both
problems.
commit 00be8b39e240934e404533deda08cbae2aae25a8
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed Mar 15 21:12:55 2023 +0000
Fix DHCPv6 "use multicast" response which previously failed
to set the message type correctly.
Thanks to Petr Menšík for spotting the problem.
commit ef5aac95d4391fb1290fd76a3826b2851e589bbc
Author: Clayton Craft <clayton@craftyguy.net>
Date: Wed Mar 8 15:35:05 2023 +0000
Allow configuring filter-A/AAAA via dbus.
commit ef8e930e4295265b8f46898a8e166f17d7f8ddc8
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue Mar 7 22:46:44 2023 +0000
Generalise cached NXDOMAIN replies.
We can cache an NXDOMAIN reply to a query for any RRTYPE
and reply from a cached NXDOMAIN to any RRTYPE.
commit eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue Mar 7 22:07:46 2023 +0000
Set the default maximum DNS UDP packet size to 1232.
http://www.dnsflagday.net/2020/ refers.
Thanks to Xiang Li for the prompt.
commit 9a698434dd9cc0f3abbf98f9b266c491d322d20f
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Mar 6 23:30:36 2023 +0000
Bump version in Debian changelog.
commit f5ef0f064c3f06b250a9eeda36dc239227658b00
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Mar 6 23:00:58 2023 +0000
Fix possible SEGV when no servers defined.
If there exists a --address=/<domain>/ or --server=/<domain>/#
configuration but no upstream server config unqualified by
domain then when a query which doesnt match the domain is
recieved it will use the qualfied server config and in the process
possibly make an out-of-bounds memory access.
Thanks to Daniel Danzberger for spotting the bug.
commit 997982f78bd3f8c311b9557e1ef825555e7290bb
Author: Dominik Derigs <dl6er@dl6er.de>
Date: Fri Mar 3 18:05:26 2023 +0100
Fix --rev-server option. It was broken in 1db9943c6879c160a5fbef885d5ceadd3668b74d when resolving upstream servers by name was extended to --rev-server without accounting for the fact that re-using one and the same upstream server for each of the x.y.z.in-addr.arpa is actually a wanted feature
Signed-off-by: DL6ER <dl6er@dl6er.de>
commit 7d6b68c5d7016aca5372f12e9f0c25f0a108644d
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon Mar 6 13:06:03 2023 +0000
Document suppressing deafult options in --dhcp-option.
commit 137ae2e9cf0dc3596641e7c8b91d15307a35319e
Author: Taylor R Campbell <campbell+dnsmasq@mumble.net>
Date: Sat Feb 25 15:00:30 2023 +0000
Avoid undefined behaviour with the ctype(3) functions.
As defined in the C standard:
In all cases the argument is an int, the value of which shall
be representable as an unsigned char or shall equal the value
of the macro EOF. If the argument has any other value, the
behavior is undefined.
This is because they're designed to work with the int values returned
by getc or fgetc; they need extra work to handle a char value.
If EOF is -1 (as it almost always is), with 8-bit bytes, the allowed
inputs to the ctype(3) functions are:
{-1, 0, 1, 2, 3, ..., 255}.
However, on platforms where char is signed, such as x86 with the
usual ABI, code like
char *arg = ...;
... isspace(*arg) ...
may pass in values in the range:
{-128, -127, -126, ..., -2, -1, 0, 1, ..., 127}.
This has two problems:
1. Inputs in the set {-128, -127, -126, ..., -2} are forbidden.
2. The non-EOF byte 0xff is conflated with the value EOF = -1, so
even though the input is not forbidden, it may give the wrong
answer.
Casting char to int first before passing the result to ctype(3)
doesn't help: inputs like -128 are unchanged by this cast. It is
necessary to cast char inputs to unsigned char first; you can then
cast to int if you like but there's no need because the functions
will always convert the argument to int by definition. So the above
fragment needs to be:
char *arg = ...;
... isspace((unsigned char)*arg) ...
This patch inserts unsigned char casts where necessary, and changes
int casts to unsigned char casts where the input is char.
I left alone int casts where the input is unsigned char already --
they're not immediately harmful, although they would have the effect
of suppressing some compiler warnings if the input is ever changed to
be char instead of unsigned char, so it might be better to remove
those casts too.
I also left alone calls where the input is int to begin with because
it came from getc; casting to unsigned char here would be wrong, of
course.
commit 0427e371160882a24825df6f4f963961257df952
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu Feb 2 20:20:13 2023 +0000
Replace dead link in dnsmasq.conf.example.
Thanks to Timo van Roermund for spotting this.