From patchwork Sun Jun 27 22:02:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etan Kissling X-Patchwork-Id: 1497769 X-Patchwork-Delegate: kevin@darbyshire-bryant.me.uk Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=lb6Wtn6H; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=kX5c3Vtm; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GClC86hHFz9sVm for ; Mon, 28 Jun 2021 08:04:36 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:In-Reply-To:References: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=lHhjWR/JV7wXLGdRx46ZdWbNOesgzOs0vGrHUuKHhOo=; b=lb6Wtn6HtZgP2G ewklu23OHrGOBQ6OxWJAiikhhzQhH6Ysa/fCqUrZ+h7qm1wzWJtPlaJHeOZweUDAOm/rIMKt2+MtE Nz2JDmRxnr8i4FnBncc8VoGE4LlDB0US2mUbM9CVW6diqKfZfnAN3IKS+G9KzhFFnm/9vWLryh4tc ib+4pRSmoED8FgDVzXba8WLpTQVHli/dW4cn+8nRImEK+InZjT+N5ZOHfw4IY/VoYgH7QKpExevK5 cJlH8xQGWQRnIz6pY6e/KitXRNi0YLJMWzZJpv+fVejgpTOtrsuNDEYPZss2wyvne5UQb69l9lurN w95/u+Wn2aqdOZF+RfXA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1lxcrd-006BaS-Fg; Sun, 27 Jun 2021 22:02:53 +0000 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1lxcrZ-006BZU-KB for openwrt-devel@lists.openwrt.org; Sun, 27 Jun 2021 22:02:51 +0000 Received: by mail-ej1-x636.google.com with SMTP id n2so14895808eju.11 for ; Sun, 27 Jun 2021 15:02:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :content-transfer-encoding:mime-version; bh=bsEQuKk5wPi/93f0GFTMNmW9FAHtXC8fyJ6Z9FHOYyk=; b=kX5c3VtmIhe+jwNtH7/AGW4tUl9unBJ9NFWBF1oyF+dKIdqGGmBzabJhTaheD7jxiO V0ixXwZW6Ezh84cPyNP7dxpxyEZmNJk3f5YtJ5NdNtcTgsL7FJXxkd5IwOXSBAXVOsTX i/CHlIonDBZp5EKQIY5K7SVLALpMYLrHDsgrouJDDdcyKFQpaadpaXYveADlaGLZVS3p UhZPe/OU9C/pRBkUi8YktIh6CJKKyzQFlwNeuTyoghBUkchINv/LX1DKABydYEX03nMc 3B0r1a4oRX3iR18g5kw+U96ptX9zbrWyfttYtwGBdm32X7bNtVT6W7yqt57x/rkTYAWM JgCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:content-transfer-encoding:mime-version; bh=bsEQuKk5wPi/93f0GFTMNmW9FAHtXC8fyJ6Z9FHOYyk=; b=gdE6bgk87CI1PtDGvugFewxDqA8DOw5PwA+OXl+oEOMOSqaYJRomZgJfyBQf0Vitl0 wlTlNajKtlJHg6hTIGKuQx1it2pHLetEVFbgLdPFdBt2eEO9kXTg/UrfsmYZxr4GNIvN ELIYoaQq63hTBMlOPQ5iCn5DZu/LbQAxcWV2HbcPIF38aRsISJFq360xh0irYNUYdPSH pmMsmfXSrZl8t9FCR208Y9eSD9za8t3GJmcuFZW1J9ewKYRlOmM9uqSQcEbFLc7yUud2 60A37snJQMQGcrkNrUc0tBNMMyLyB4v5NdSNDZ58pRMqGlnIe2ohUPfmbFcH5H2Ls3iB nagQ== X-Gm-Message-State: AOAM530OMOCSi8vppNCw7xQUIWWcEEASbAxYmp4lLnyFitViKdGY1Sxa sYRK328tgzwg4AogWoX5xv8wjMSYSPs= X-Google-Smtp-Source: ABdhPJwzUehcGZcOjBjIvz9RG1oPWUOeAFwdEO0XnhFQfiGIAto5e+zl6znj9Q5AhlgyHNz/HYEnig== X-Received: by 2002:a17:907:728d:: with SMTP id dt13mr21673876ejc.390.1624831368083; Sun, 27 Jun 2021 15:02:48 -0700 (PDT) Received: from AS8PR09MB5466.eurprd09.prod.outlook.com ([2603:1026:c03:64ad::5]) by smtp.gmail.com with ESMTPSA id l26sm8564699edt.40.2021.06.27.15.02.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 27 Jun 2021 15:02:47 -0700 (PDT) From: Etan Kissling To: "openwrt-devel@lists.openwrt.org" CC: Kevin Darbyshire-Bryant , Simon Kelley Subject: [PATCH v6 1/3] dnsmasq: distinct Ubus names for multiple instances Thread-Topic: [PATCH v6 1/3] dnsmasq: distinct Ubus names for multiple instances Thread-Index: AQHXa6Apm4dDk2nMQk6aeRwO0Gr5nA== X-MS-Exchange-MessageSentRepresentingType: 1 Date: Sun, 27 Jun 2021 22:02:46 +0000 Message-ID: References: , , , , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-Exchange-Organization-SCL: -1 X-MS-TNEF-Correlator: X-MS-Exchange-Organization-RecordReviewCfmType: 0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210627_150249_734146_5280D101 X-CRM114-Status: GOOD ( 13.03 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Currently, when using multiple dnsmasq instances they are all assigned to the same Ubus instance name. This does not work, as only a single instance can register with Ubus at a time. In the log, this [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:636 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [etan.kissling[at]gmail.com] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Currently, when using multiple dnsmasq instances they are all assigned to the same Ubus instance name. This does not work, as only a single instance can register with Ubus at a time. In the log, this leads to `Cannot add object to UBus: Invalid argument` error messages. Furthermore, upstream 3c93e8eb41952a9c91699386132d6fe83050e9be changes behaviour so that instead of the log, dnsmasq crashes instead. This means that dnsmasq versions v2.86test2 and newer no longer apply. With this patch, all dnsmasq instances are assigned unique names so that they can register with Ubus concurrently. One of the enabled instances is always assigned the previous default name "dnsmasq" to avoid breaking backwards compatibility with other software relying on that default. Previously, a random instance got assigned that name (while the others produced error logs). Now, the first unnamed dnsmasq config section is assigned the default name. If there are no unnamed dnsmasq sections the first encountered named dnsmasq config section is assigned instead. A similar issue exists for Dbus and was similarly addressed. Signed-off-by: Etan Kissling --- v5: Introduce this patch so that dnsmasq can be updated. v6: Improve heuristic to always assign default name to one instance. Extend patch for Dbus. * Disabled instances are ignored for sake of instance name assignment. * Single unnamed section (default config) -> default name. * Single named section -> default name. * Multiple named sections -> First enabled one gets default. * Unnamed sections + Named sections -> First unnamed section default. .../services/dnsmasq/files/dnsmasq.init | 32 +++++++++++++++++-- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 44e7d2d4f9..c4c262ad69 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -161,7 +161,7 @@ append_server() { } append_rev_server() { - xappend "--rev-server=$1" + xappend "--rev-server=$1" } append_address() { @@ -878,8 +878,16 @@ dnsmasq_start() append_bool "$cfg" noresolv "--no-resolv" append_bool "$cfg" localise_queries "--localise-queries" append_bool "$cfg" readethers "--read-ethers" - append_bool "$cfg" dbus "--enable-dbus" - append_bool "$cfg" ubus "--enable-ubus" 1 + + local instance_name="dnsmasq.$cfg" + if [ "$cfg" = "$DEFAULT_INSTANCE" ]; then + instance_name="dnsmasq" + fi + config_get_bool dbus "$cfg" "dbus" 0 + [ $dbus -gt 0 ] && xappend "--enable-dbus=uk.org.thekelleys.$instance_name" + config_get_bool ubus "$cfg" "ubus" 1 + [ $ubus -gt 0 ] && xappend "--enable-ubus=$instance_name" + append_bool "$cfg" expandhosts "--expand-hosts" config_get tftp_root "$cfg" "tftp_root" [ -n "$tftp_root" ] && mkdir -p "$tftp_root" && append_bool "$cfg" enable_tftp "--enable-tftp" @@ -1160,6 +1168,7 @@ boot() start_service() { local instance="$1" local instance_found=0 + local first_instance="" . /lib/functions/network.sh @@ -1170,10 +1179,27 @@ start_service() { if [ -n "$instance" ] && [ "$instance" = "$name" ]; then instance_found=1 fi + if [ -z "$DEFAULT_INSTANCE" ]; then + local disabled + config_get_bool disabled "$name" disabled 0 + if [ "$disabled" -eq 0 ]; then + # First enabled section will be assigned default instance name. + # Unnamed sections get precedence over named sections. + if expr "$cfg" : 'cfg[0-9a-f]*$' >/dev/null = "9"; then # See uci_fixup_section. + DEFAULT_INSTANCE="$name" # Unnamed config section. + elif [ -z "$first_instance" ]; then + first_instance="$name" + fi + fi + fi fi } + DEFAULT_INSTANCE="" config_load dhcp + if [ -z "$DEFAULT_INSTANCE" ]; then + DEFAULT_INSTANCE="$first_instance" # No unnamed config section was found. + fi if [ -n "$instance" ]; then [ "$instance_found" -gt 0 ] || return From patchwork Sun Jun 27 22:03:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etan Kissling X-Patchwork-Id: 1497770 X-Patchwork-Delegate: kevin@darbyshire-bryant.me.uk Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=kxolR2hw; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=NPUBsT/z; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GClCk5y1nz9sVm for ; Mon, 28 Jun 2021 08:05:06 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:In-Reply-To:References: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=s890XkQCULq4kk0aIbQRIzgRytYNTD9S55LB6UhKeC4=; b=kxolR2hwC5ylqd BslKWQd8UfgOcMLk0wM8x0TQNVb+FDl50JU8SoEsE0nOjARnenDk38yxuU38+AdAqy6IKWntjvhg2 MgY9z0lBP1OuUe9PLb5VIbG9/rABgS6zKh/nETMln57xdk0Qs8kugRF/Y51Jy1HXogg+IkdhmqW3D 2AV8c6x3MWfbPYm4JSqmzMyQfRVeXqNwye7WFvkhnyTVR/pDja/LWnEn7JPZcr9TF0Tq3IknJaaOX 41epYyK5ckBi2y5Ccto5ZJvSdQ4OtzyTwVmbeQvobAJBAirfi5+eZdlybpI6KDRBbLJ2ggpq24Aal dCIo5BpHklUIvpyAKcUg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1lxcs8-006BeR-DK; Sun, 27 Jun 2021 22:03:24 +0000 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1lxcs4-006Bda-L7 for openwrt-devel@lists.openwrt.org; Sun, 27 Jun 2021 22:03:22 +0000 Received: by mail-ed1-x532.google.com with SMTP id i5so22590277eds.1 for ; Sun, 27 Jun 2021 15:03:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :content-transfer-encoding:mime-version; bh=2tYCpvL/SBqoZf7BQcbXNHblwOrYGzAj6/h+8V1NwWk=; b=NPUBsT/zy2EpLvSIa08vaSA1J8mfYjlGfb+6CCksfaDCb3oLIr0Kf3gVA4AEWuDbGg UjQ0bySMho3Nzj9W3jFvLNnNPfPwVKJ6kru4Igrg7G+1buIk8ZvBfTAy3YbmNMGHNMow oPlwLQ0QdwOqz6SUMys+9UwHBLqvE9vs8dtXtXMwFulHw2d+hr00PXynK3IL8D9QX2QU E4/btHPQ0ieuyiMMms6cB5Hb4dTHng+yv4ymvO+29W2YTMJctFww69pxUTB4cbz4w27c Rrc1DcdrvP7HOU+QvnFC7K0Q2tJj62kx1iuTRjryLWJDoI6/MhIQSQKMUf1NLVtZ0k6v r/Yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:content-transfer-encoding:mime-version; bh=2tYCpvL/SBqoZf7BQcbXNHblwOrYGzAj6/h+8V1NwWk=; b=IUBEZpt+I+w3iLvKK9JTLNVCyNaEbnlIbWoT3e+3bpHIvNJmWobXn45K/dCXNGp/P1 tcSJdSHozvFoq2RZ9okKh2XoI7i3gxwvKNMBLpnGPjmzyDNEAmXa6AFY/X8vZNs/XNGd GwcEBHTOJRfD5Njm4P5mnG7jSdAAv9x0IXRkztZ5ZD9mbf0Rh4mqMSZRBanedWmeV/7R +GghCsY2xwKWrzIKkc0E6pDg+F7EQy44yKxcUGrFTaBjphc4bjv5+QUAn3Stg06pxFHC X7dpXUOtw0/vhxdwsxD7uaRb6jczam+O2kBGwQBJ7qOwM9y/OiqGS5eOyyOSb6HYFivJ L2Gg== X-Gm-Message-State: AOAM531qbJl4zv1XtPSC/r7Xn6QR7S0kte9RfQnqzlGu3zPKglGNaQ7N SiHHkgRQBYpVKdg0Z/TmZPVWT7VvNaE= X-Google-Smtp-Source: ABdhPJzNiNoF/YnYs2qBnrvn4f2iF8fOzpyfQK+oAqqKODhLH0IS4OrJ4vR+SQdmLnlZHoMBscQM0Q== X-Received: by 2002:a50:afe2:: with SMTP id h89mr29439634edd.308.1624831399098; Sun, 27 Jun 2021 15:03:19 -0700 (PDT) Received: from AS8PR09MB5466.eurprd09.prod.outlook.com ([2603:1026:c03:64ad::5]) by smtp.gmail.com with ESMTPSA id n13sm6004079ejk.97.2021.06.27.15.03.18 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 27 Jun 2021 15:03:18 -0700 (PDT) From: Etan Kissling To: "openwrt-devel@lists.openwrt.org" CC: Kevin Darbyshire-Bryant , Simon Kelley Subject: [PATCH v6 2/3] dnsmasq: Update to version 2.86test4 Thread-Topic: [PATCH v6 2/3] dnsmasq: Update to version 2.86test4 Thread-Index: AQHXa6A8AFr2Cjx8BEG2doSFcT7Rgw== X-MS-Exchange-MessageSentRepresentingType: 1 Date: Sun, 27 Jun 2021 22:03:17 +0000 Message-ID: References: , , , , , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-Exchange-Organization-SCL: -1 X-MS-TNEF-Correlator: X-MS-Exchange-Organization-RecordReviewCfmType: 0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210627_150320_731246_BC476756 X-CRM114-Status: GOOD ( 11.33 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Need this version to add config option for connmark DNS filtering. Summary of upstream CHANGELOG: * Handle DHCPREBIND requests in the DHCPv6 server code. * Fix bug which caused dnsmasq to lose track of processes forked. * Major rewrite of the DNS server and domain ha [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:532 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [etan.kissling[at]gmail.com] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Need this version to add config option for connmark DNS filtering. Summary of upstream CHANGELOG: * Handle DHCPREBIND requests in the DHCPv6 server code. * Fix bug which caused dnsmasq to lose track of processes forked. * Major rewrite of the DNS server and domain handling code. * Revise resource handling for number of concurrent DNS queries. * Improve efficiency of DNSSEC. * Connection track mark based DNS query filtering. Signed-off-by: Etan Kissling --- v3: Refreshed patches. v4: Fix crash when running multiple dnsmasq instances. v5: Workaround from v4 is no longer required. Update to version 2.86test4. package/network/services/dnsmasq/Makefile | 6 +++--- .../patches/100-remove-old-runtime-kernel-support.patch | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 90a81b5f65..f593b3939e 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_UPSTREAM_VERSION:=2.85 +PKG_UPSTREAM_VERSION:=2.86test4 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION))) PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz -PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq -PKG_HASH:=ad98d3803df687e5b938080f3d25c628fe41c878752d03fbc6199787fee312fa +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases +PKG_HASH:=0b3c79cf4c03d4b6a01f8d20e0e96c2fd9edd33bc23826ffcd0aa9fb21cbefc2 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch index b601bce1a9..281cf207b5 100644 --- a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch +++ b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch @@ -26,7 +26,7 @@ Signed-off-by: Kevin Darbyshire-Bryant --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -1144,7 +1144,7 @@ extern struct daemon { +@@ -1197,7 +1197,7 @@ extern struct daemon { int inotifyfd; #endif #if defined(HAVE_LINUX_NETWORK) @@ -35,7 +35,7 @@ Signed-off-by: Kevin Darbyshire-Bryant #elif defined(HAVE_BSD_NETWORK) int dhcp_raw_fd, dhcp_icmp_fd, routefd; #endif -@@ -1326,9 +1326,6 @@ int read_write(int fd, unsigned char *pa +@@ -1383,9 +1383,6 @@ int read_write(int fd, unsigned char *pa void close_fds(long max_fd, int spare1, int spare2, int spare3); int wildcard_match(const char* wildcard, const char* match); int wildcard_matchn(const char* wildcard, const char* match, int num); From patchwork Sun Jun 27 22:03:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etan Kissling X-Patchwork-Id: 1497771 X-Patchwork-Delegate: kevin@darbyshire-bryant.me.uk Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=12dT2guj; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=gwVLWt+/; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GClDT21S2z9sVm for ; Mon, 28 Jun 2021 08:05:45 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:In-Reply-To:References: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=nIMj3hnx9m+DLsJFCqDX932YB8/QXULckai0+aHJmp4=; b=12dT2gujbm2KUJ ox/DSk0NI1fl0WUKg3tS9c/jjok/sLFNOC//FV/m3jV4tGoHij8ZTu/08CamANLtXJCJz6K9W90NL dSY39m+0cRb8/RFOEXv/8owndCJfb15jl6JOoolgCsP9HwacSBGa5h7xqJbGOBjB7eYLYva7c8DvW OcbYkD89IFjVPgol5hkp4EAMwmVNg3FJMtyuVvq8dZuVp8q3dwyMMEvQeIRVurVK27MQtddrFm1HY qz1nABJxGDhidQ8mM3N+aegx4doIYKrxWORPppUXHNmxrsm72Hc5hEHkc3a210BTK1vLBrh9LyTUO 8XIZEojK2SMmCmpSt/Fw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1lxcsd-006Blj-3S; Sun, 27 Jun 2021 22:03:55 +0000 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1lxcsZ-006Bke-8A for openwrt-devel@lists.openwrt.org; Sun, 27 Jun 2021 22:03:52 +0000 Received: by mail-ed1-x532.google.com with SMTP id t3so22529152edc.7 for ; Sun, 27 Jun 2021 15:03:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :content-transfer-encoding:mime-version; bh=sBPJM5Y3DUe62THgN6hqHLTxzoRxuhTdrEQ6IVuiPmE=; b=gwVLWt+/WpwaTC9WELKlm/bY2ZAwSvNjH2J1jyEYqa+yTIZrxAleQllfnUtAz0VvwE 1S+F+5qVX+6GDhlgXYU0tcdpcBVKsVQleDuyz68wiKCFu1lZix2+EeeJvYiReuSgOKBn oBBzTL4qpljwK5Qjb3pHjC7kuO1NPh2WWtKZJmBynhC7s5cuQV+XiCCr7iKXkrCKSnf0 xW/iDW0/c5aePTnoZqNkRk3OkJsV0AXV3lzy/Pl9V6qZ4NxNnug0JG09n6gIEvXhSM5v 7rxx9aAoPlf8SEFvGhv6ZGNIu1ofj52wIv5vU8tmVtzvdwhj7J5rNKUsDwHaR13XPmyp sFwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:content-transfer-encoding:mime-version; bh=sBPJM5Y3DUe62THgN6hqHLTxzoRxuhTdrEQ6IVuiPmE=; b=esddl1KHRXjlEgPZ4jggFSb8FeTi0Mpi5b9D7NpQr6HUvDPVboApJcjvPKn72F4Rme munVSuin+ApafOtJB6IklMMed68cv70dJkav204Ex9ALf7OfR1Qh07bjMn9Xkcs3hkiH 8T8FQSsmz0MGTqRgPiEDpbTmaDIpEijiHHB6DJa5S5PaoQF8Q4k3bstk+JRwZ/901Tv+ /DDpUKvb8EhH7ulcsiupRtcAHT7KoZajeWY2TSXnC6HxxuXXQIJhUvlpIrU0d7Rp0PFd DtpAEM5cbEtRITsm6XTNz6alaeX2LdL+EBt5xn5cS0rRgCdoS1VmnHbTmhEaYJ5ivoyS ZjEQ== X-Gm-Message-State: AOAM533AXWwow/5rN47KsOX94qQGrmLX+RnbjOKz0SEmXgPJGJzFt26r woR/6iDpH/LbI0SNtufVu4kX5uMh9/M= X-Google-Smtp-Source: ABdhPJzzifefMakC+4b6tdiM3+tKRUBt/3XfSLNE+C9XEWAJmbsTvTUV9s4o7neJjKOomyVFqd6cXA== X-Received: by 2002:a05:6402:393:: with SMTP id o19mr21287809edv.348.1624831430170; Sun, 27 Jun 2021 15:03:50 -0700 (PDT) Received: from AS8PR09MB5466.eurprd09.prod.outlook.com ([2603:1026:c03:64ad::5]) by smtp.gmail.com with ESMTPSA id d13sm5824771edt.31.2021.06.27.15.03.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 27 Jun 2021 15:03:49 -0700 (PDT) From: Etan Kissling To: "openwrt-devel@lists.openwrt.org" CC: Kevin Darbyshire-Bryant , Simon Kelley Subject: [PATCH v6 3/3] dnsmasq: add config option for connmark DNS filtering Thread-Topic: [PATCH v6 3/3] dnsmasq: add config option for connmark DNS filtering Thread-Index: AQHXa6BOM+LLSqe1VUCZDhLUGIPeNw== X-MS-Exchange-MessageSentRepresentingType: 1 Date: Sun, 27 Jun 2021 22:03:48 +0000 Message-ID: References: , , , , , , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-Exchange-Organization-SCL: -1 X-MS-TNEF-Correlator: X-MS-Exchange-Organization-RecordReviewCfmType: 0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210627_150351_335563_DFD9E109 X-CRM114-Status: UNSURE ( 8.23 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This adds uci support to configure connmark based DNS filtering. Signed-off-by: Etan Kissling (See https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/015151.html) Signed-off-by: Etan Kissling --- v2: Bundle with patch to update dnsmasq. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:532 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [etan.kissling[at]gmail.com] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This adds uci support to configure connmark based DNS filtering. Signed-off-by: Etan Kissling (See https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/015151.html) Signed-off-by: Etan Kissling --- v2: Bundle with patch to update dnsmasq. package/network/services/dnsmasq/files/dnsmasq.init | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index c4c262ad69..04ae2267b7 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -172,6 +172,10 @@ append_ipset() { xappend "--ipset=$1" } +append_connmark_allowlist() { + xappend "--connmark-allowlist=$1" +} + append_interface() { network_get_device ifname "$1" || ifname="$1" xappend "--interface=$ifname" @@ -921,6 +925,14 @@ dnsmasq_start() config_list_foreach "$cfg" "rev_server" append_rev_server config_list_foreach "$cfg" "address" append_address config_list_foreach "$cfg" "ipset" append_ipset + + local connmark_allowlist_enable + config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0 + [ "$connmark_allowlist_enable" -gt 0 ] && { + append_parm "$cfg" "connmark_allowlist_enable" "--connmark-allowlist-enable" + config_list_foreach "$cfg" "connmark_allowlist" append_connmark_allowlist + } + [ -n "$BOOT" ] || { config_list_foreach "$cfg" "interface" append_interface config_list_foreach "$cfg" "notinterface" append_notinterface