Nanako/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dnsmasq: bump to 2.87

Browse Source 
Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
This commit is contained in:
ZiMing Mo 2022-09-28 23:55:49 +08:00
parent 81f9f50fa4
commit ab7c30afb5
No known key found for this signature in database
GPG Key ID: 1BED2E3A77AE5ECF
3 changed files with 15 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package/network/services/dnsmasq/Makefile
View File

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.87rc1 PKG_UPSTREAM_VERSION:=2.87
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION))) PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
PKG_RELEASE:=$(AUTORELEASE) PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates/ PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/
PKG_HASH:=a13df87ac500bdda920197f33a07251559ff60f4fbe26f46317241bd2bade9a9 PKG_HASH:=0228c0364a7f2356fd7e7f1549937cbf3099a78d3b2eb1ba5bb0c31e2b89de7a
PKG_LICENSE:=GPL-2.0 PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING PKG_LICENSE_FILES:=COPYING

14
package/network/services/dnsmasq/files/dnsmasq.init
View File

@ -793,14 +793,24 @@ dnsmasq_ipset_add() {
} }
add_nftset() { add_nftset() {
nftsets="${nftsets:+$nftsets,}inet#fw4#$1" local IFS=,
for set in $1; do
local family=$(echo "$set" | sed -nre 's#^.*[^0-9]([46])$#\1#p')
[ -n "$family" ] || \
family=$(nft -t list set inet "$table" "$set" 2>&1 | sed -nre 's#^\t\ttype .*\bipv([46])_addr\b.*$#\1#p')
[ -n "$family" ] || \
logger -t dnsmasq "Cannot infer address family from non-existent nftables set '$set'"
nftsets="${nftsets:+$nftsets,}${family:+$family#}inet#$table#$set"
done
} }
add_domain() { add_domain() {
# leading '/' is expected # leading '/' is expected
domains="$domains/$1" domains="$domains/$1"
} }
config_get table "$cfg" table 'fw4'
config_list_foreach "$cfg" "name" add_ipset config_list_foreach "$cfg" "name" add_ipset
config_list_foreach "$cfg" "name" add_nftset config_list_foreach "$cfg" "name" add_nftset
config_list_foreach "$cfg" "domain" add_domain config_list_foreach "$cfg" "domain" add_domain

43
package/network/services/dnsmasq/patches/0001-Fix-a-problem-in-overload-handling.patch
View File

@ -1,43 +0,0 @@
From c4b9bc63e0029cf1beaf8bdcbd92fa09f33b599d Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 9 Sep 2022 12:53:49 +0100
Subject: [PATCH] Fix a problem in overload handling.
Sending the same query repeatedly to a dnsmasq instance which
doesn't get replies from upstream will eventually hit the
hard limit on frec_src structures and start gettin REFUSED
replies. This is OK, except that since the queries are no longer
being forwarded, an upstream server coming back doesn't reset the
situation. If there is any other traffic, frec allocation will
eventually delete the timed-out frec and get things moving again,
but that's not guaranteed.
To fix this we explicitly delete the frec once timed out in this case.
Thanks to Filip Jenicek for noticing and characterising this problem.
---
src/forward.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/forward.c b/src/forward.c
index 8562b2d..fa80251 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -244,6 +244,14 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
if (!daemon->free_frec_src)
{
query_full(now, NULL);
+ /* This is tricky; if we're blasted with the same query
+ over and over, we'll end up taking this path each time
+ and never resetting until the frec gets deleted by
+ aging followed by the receipt of a different query. This
+ is a bit of a DoS vuln. Avoid by explicitly deleting the
+ frec once it expires. */
+ if (difftime(now, forward->time) >= TIMEOUT)
+ free_frec(forward);
goto reply;
}
--
2.37.3