From 495b237cc4d179b48a8c3587de267446d83855f8 Mon Sep 17 00:00:00 2001
From: Steven Barth <cyrus@openwrt.org>
Date: Wed, 18 Jun 2014 10:04:34 +0000
Subject: [PATCH] dnsmasq: various house-keeping updates

* Add Authoritative DNS and IPSET to full variant
* Remove some bloat from IPSET support
* Reintroduce "DHCP no address warning"-patch

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 41246
---
 package/network/services/dnsmasq/Makefile     |  12 +-
 ...DNO_GMP-for-use-with-nettle-mini-gm.patch} |  13 +--
 .../100-fix-dhcp-no-address-warning.patch     |  47 ++++++++
 .../110-ipset-remove-old-kernel-support.patch | 110 ++++++++++++++++++
 4 files changed, 165 insertions(+), 17 deletions(-)
 rename package/network/services/dnsmasq/patches/{0001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch => 001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch} (87%)
 create mode 100644 package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch
 create mode 100644 package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index 34d543f151..5c54d855c1 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
 PKG_VERSION:=2.71
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
@@ -28,7 +28,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/dnsmasq/Default
   SECTION:=net
   CATEGORY:=Base system
-  TITLE:=A lightweight DNS and DHCP server
+  TITLE:=DNS and DHCP server
   URL:=http://www.thekelleys.org.uk/dnsmasq/
 endef
 
@@ -46,7 +46,7 @@ endef
 
 define Package/dnsmasq-full
 $(call Package/dnsmasq/Default)
-  TITLE += (with DHCPv6 and DNSSEC)
+  TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPSET)
   DEPENDS:=@IPV6 +kmod-ipv6 +libnettle
   VARIANT:=full
 endef
@@ -64,7 +64,7 @@ endef
 define Package/dnsmasq-full/description
 $(call Package/dnsmasq/description)
 
-This is a variant with DHCPv6 and DNSSEC support
+This is a variant with DHCPv6, DNSSEC, Authroitative DNS and IPSET support
 endef
 
 define Package/dnsmasq/conffiles
@@ -78,7 +78,7 @@ Package/dnsmasq-full/conffiles = $(Package/dnsmasq/conffiles)
 TARGET_CFLAGS += -ffunction-sections -fdata-sections
 TARGET_LDFLAGS += -Wl,--gc-sections
 
-COPTS = $(if $(CONFIG_IPV6),,-DNO_IPV6) -DNO_IPSET -DNO_AUTH
+COPTS = $(if $(CONFIG_IPV6),,-DNO_IPV6)
 
 ifeq ($(BUILD_VARIANT),nodhcpv6)
 	COPTS += -DNO_DHCP6
@@ -87,6 +87,8 @@ endif
 ifeq ($(BUILD_VARIANT),full)
 	COPTS += -DHAVE_DNSSEC
 	COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,)
+else
+	COPTS += -DNO_AUTH -DNO_IPSET
 endif
 
 MAKE_FLAGS := \
diff --git a/package/network/services/dnsmasq/patches/0001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch b/package/network/services/dnsmasq/patches/001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch
similarity index 87%
rename from package/network/services/dnsmasq/patches/0001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch
rename to package/network/services/dnsmasq/patches/001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch
index f9a62cd650..dcc1b1f0ed 100644
--- a/package/network/services/dnsmasq/patches/0001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch
+++ b/package/network/services/dnsmasq/patches/001-Build-config-add-DNO_GMP-for-use-with-nettle-mini-gm.patch
@@ -10,11 +10,9 @@ Subject: [PATCH] Build config: add -DNO_GMP for use with nettle/mini-gmp
  src/dnssec.c    | 3 ++-
  4 files changed, 17 insertions(+), 4 deletions(-)
 
-diff --git a/Makefile b/Makefile
-index c58b50b..17eeb27 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -61,7 +61,7 @@ lua_cflags =    `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CON
+@@ -61,7 +61,7 @@ lua_cflags =    `echo $(COPTS) | $(top)/
  lua_libs =      `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1` 
  nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed`
  nettle_libs =   `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed`
@@ -23,8 +21,6 @@ index c58b50b..17eeb27 100644
  sunos_libs =    `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
  version =     -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
  
-diff --git a/bld/pkg-wrapper b/bld/pkg-wrapper
-index 9f9332d..0ddb678 100755
 --- a/bld/pkg-wrapper
 +++ b/bld/pkg-wrapper
 @@ -11,9 +11,14 @@ in=`cat`
@@ -44,8 +40,6 @@ index 9f9332d..0ddb678 100755
      elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
  	      echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
  	pkg=`$pkg  --static $op $*`
-diff --git a/src/config.h b/src/config.h
-index 2155544..ee6d218 100644
 --- a/src/config.h
 +++ b/src/config.h
 @@ -105,6 +105,8 @@ HAVE_AUTH
@@ -69,8 +63,6 @@ index 2155544..ee6d218 100644
  LEASEFILE
  CONFFILE
  RESOLVFILE
-diff --git a/src/dnssec.c b/src/dnssec.c
-index 44d626b..2ffb75d 100644
 --- a/src/dnssec.c
 +++ b/src/dnssec.c
 @@ -26,7 +26,8 @@
@@ -83,6 +75,3 @@ index 44d626b..2ffb75d 100644
  
  #define SERIAL_UNDEF  -100
  #define SERIAL_EQ        0
--- 
-2.0.0
-
diff --git a/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch
new file mode 100644
index 0000000000..a502a60aee
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch
@@ -0,0 +1,47 @@
+--- a/src/dhcp.c
++++ b/src/dhcp.c
+@@ -146,7 +146,7 @@ void dhcp_packet(time_t now, int pxe_fd)
+   struct iovec iov;
+   ssize_t sz; 
+   int iface_index = 0, unicast_dest = 0, is_inform = 0;
+-  struct in_addr iface_addr;
++  struct in_addr iface_addr, *addrp = NULL;
+   struct iface_param parm;
+ #ifdef HAVE_LINUX_NETWORK
+   struct arpreq arp_req;
+@@ -272,11 +272,9 @@ void dhcp_packet(time_t now, int pxe_fd)
+     {
+       ifr.ifr_addr.sa_family = AF_INET;
+       if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 )
+-	iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
+-      else
+ 	{
+-	  my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name);
+-	  return;
++	  addrp = &iface_addr;
++	  iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
+ 	}
+       
+       for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
+@@ -295,7 +293,7 @@ void dhcp_packet(time_t now, int pxe_fd)
+       parm.relay_local.s_addr = 0;
+       parm.ind = iface_index;
+       
+-      if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL))
++      if (!iface_check(AF_INET, (struct all_addr *)addrp, ifr.ifr_name, NULL))
+ 	{
+ 	  /* If we failed to match the primary address of the interface, see if we've got a --listen-address
+ 	     for a secondary */
+@@ -315,6 +313,12 @@ void dhcp_packet(time_t now, int pxe_fd)
+ 	  complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm);
+ 	}    
+       
++      if (!addrp)
++        {
++          my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name);
++          return;
++        }
++
+       if (!iface_enumerate(AF_INET, &parm, complete_context))
+ 	return;
+ 
diff --git a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch
new file mode 100644
index 0000000000..61b09d5b2c
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch
@@ -0,0 +1,110 @@
+--- a/src/ipset.c
++++ b/src/ipset.c
+@@ -22,7 +22,6 @@
+ #include <errno.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+-#include <sys/utsname.h>
+ #include <arpa/inet.h>
+ #include <linux/version.h>
+ #include <linux/netlink.h>
+@@ -72,7 +71,7 @@ struct my_nfgenmsg {
+ 
+ #define NL_ALIGN(len) (((len)+3) & ~(3))
+ static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK };
+-static int ipset_sock, old_kernel;
++static int ipset_sock;
+ static char *buffer;
+ 
+ static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data)
+@@ -87,25 +86,7 @@ static inline void add_attr(struct nlmsg
+ 
+ void ipset_init(void)
+ {
+-  struct utsname utsname;
+-  int version;
+-  char *split;
+-  
+-  if (uname(&utsname) < 0)
+-    die(_("failed to find kernel version: %s"), NULL, EC_MISC);
+-  
+-  split = strtok(utsname.release, ".");
+-  version = (split ? atoi(split) : 0);
+-  split = strtok(NULL, ".");
+-  version = version * 256 + (split ? atoi(split) : 0);
+-  split = strtok(NULL, ".");
+-  version = version * 256 + (split ? atoi(split) : 0);
+-  old_kernel = (version < KERNEL_VERSION(2,6,32));
+-  
+-  if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1)
+-    return;
+-  
+-  if (!old_kernel && 
++  if ( 
+       (buffer = safe_malloc(BUFF_SZ)) &&
+       (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 &&
+       (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1))
+@@ -168,62 +149,16 @@ static int new_add_to_ipset(const char *
+ }
+ 
+ 
+-static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove)
+-{
+-  socklen_t size;
+-  struct ip_set_req_adt_get {
+-    unsigned op;
+-    unsigned version;
+-    union {
+-      char name[IPSET_MAXNAMELEN];
+-      uint16_t index;
+-    } set;
+-    char typename[IPSET_MAXNAMELEN];
+-  } req_adt_get;
+-  struct ip_set_req_adt {
+-    unsigned op;
+-    uint16_t index;
+-    uint32_t ip;
+-  } req_adt;
+-  
+-  if (strlen(setname) >= sizeof(req_adt_get.set.name)) 
+-    {
+-      errno = ENAMETOOLONG;
+-      return -1;
+-    }
+-  
+-  req_adt_get.op = 0x10;
+-  req_adt_get.version = 3;
+-  strcpy(req_adt_get.set.name, setname);
+-  size = sizeof(req_adt_get);
+-  if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0)
+-    return -1;
+-  req_adt.op = remove ? 0x102 : 0x101;
+-  req_adt.index = req_adt_get.set.index;
+-  req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr);
+-  if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0)
+-    return -1;
+-  
+-  return 0;
+-}
+-
+-
+-
+ int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove)
+ {
+   int af = AF_INET;
+ 
+ #ifdef HAVE_IPV6
+   if (flags & F_IPV6)
+-    {
+       af = AF_INET6;
+-      /* old method only supports IPv4 */
+-      if (old_kernel)
+-	return -1;
+-    }
+ #endif
+   
+-  return old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove);
++  return new_add_to_ipset(setname, ipaddr, af, remove);
+ }
+ 
+ #endif
-- 
2.30.2