]> git.ipfire.org Git - ipfire-2.x.git/blob - src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dnsmasq: Import patches from upstream
[ipfire-2.x.git] / src / patches / dnsmasq / 0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch
1 From 476693678e778886b64d0b56e27eb7695cbcca99 Mon Sep 17 00:00:00 2001
2 From: Simon Kelley <simon@thekelleys.org.uk>
3 Date: Wed, 17 Dec 2014 12:41:56 +0000
4 Subject: [PATCH 15/98] Eliminate IPv6 privacy addresses from --interface-name
5 answers.
6
7 ---
8 CHANGELOG | 5 +++++
9 src/auth.c | 4 ++++
10 src/dnsmasq.h | 1 +
11 src/network.c | 12 ++++++++----
12 src/rfc1035.c | 17 ++++++++++-------
13 5 files changed, 28 insertions(+), 11 deletions(-)
14
15 diff --git a/CHANGELOG b/CHANGELOG
16 index 9e6c7aa4fd68..01f5208ec006 100644
17 --- a/CHANGELOG
18 +++ b/CHANGELOG
19 @@ -14,6 +14,11 @@ version 2.73
20 Fix breakage of --domain=<domain>,<subnet>,local - only reverse
21 queries were intercepted. THis appears to have been broken
22 since 2.69. Thanks to Josh Stone for finding the bug.
23 +
24 + Eliminate IPv6 privacy addresses and deprecated addresses from
25 + the answers given by --interface-name. Note that reverse queries
26 + (ie looking for names, given addresses) are not affected.
27 + Thanks to Michael Gorbach for the suggestion.
28
29
30 version 2.72
31 diff --git a/src/auth.c b/src/auth.c
32 index dd46566ec2cc..a327f16d8c0b 100644
33 --- a/src/auth.c
34 +++ b/src/auth.c
35 @@ -363,6 +363,10 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
36 if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == qtype &&
37 (local_query || filter_zone(zone, flag, &addrlist->addr)))
38 {
39 +#ifdef HAVE_IPV6
40 + if (addrlist->flags & ADDRLIST_REVONLY)
41 + continue;
42 +#endif
43 found = 1;
44 log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
45 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
46 diff --git a/src/dnsmasq.h b/src/dnsmasq.h
47 index ebb6b957812f..1dd61c5edba3 100644
48 --- a/src/dnsmasq.h
49 +++ b/src/dnsmasq.h
50 @@ -318,6 +318,7 @@ struct ds_config {
51
52 #define ADDRLIST_LITERAL 1
53 #define ADDRLIST_IPV6 2
54 +#define ADDRLIST_REVONLY 4
55
56 struct addrlist {
57 struct all_addr addr;
58 diff --git a/src/network.c b/src/network.c
59 index 99419f57951e..14d2af2ce313 100644
60 --- a/src/network.c
61 +++ b/src/network.c
62 @@ -236,7 +236,7 @@ struct iface_param {
63 };
64
65 static int iface_allowed(struct iface_param *param, int if_index, char *label,
66 - union mysockaddr *addr, struct in_addr netmask, int prefixlen, int dad)
67 + union mysockaddr *addr, struct in_addr netmask, int prefixlen, int iface_flags)
68 {
69 struct irec *iface;
70 int mtu = 0, loopback;
71 @@ -388,6 +388,10 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
72 {
73 al->addr.addr.addr6 = addr->in6.sin6_addr;
74 al->flags = ADDRLIST_IPV6;
75 + /* Privacy addresses and addresses still undergoing DAD and deprecated addresses
76 + don't appear in forward queries, but will in reverse ones. */
77 + if (!(iface_flags & IFACE_PERMANENT) || (iface_flags & (IFACE_DEPRECATED | IFACE_TENTATIVE)))
78 + al->flags |= ADDRLIST_REVONLY;
79 }
80 #endif
81 }
82 @@ -399,7 +403,7 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
83 for (iface = daemon->interfaces; iface; iface = iface->next)
84 if (sockaddr_isequal(&iface->addr, addr))
85 {
86 - iface->dad = dad;
87 + iface->dad = !!(iface_flags & IFACE_TENTATIVE);
88 iface->found = 1; /* for garbage collection */
89 return 1;
90 }
91 @@ -474,7 +478,7 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
92 iface->dhcp_ok = dhcp_ok;
93 iface->dns_auth = auth_dns;
94 iface->mtu = mtu;
95 - iface->dad = dad;
96 + iface->dad = !!(iface_flags & IFACE_TENTATIVE);
97 iface->found = 1;
98 iface->done = iface->multicast_done = iface->warned = 0;
99 iface->index = if_index;
100 @@ -519,7 +523,7 @@ static int iface_allowed_v6(struct in6_addr *local, int prefix,
101 else
102 addr.in6.sin6_scope_id = 0;
103
104 - return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, !!(flags & IFACE_TENTATIVE));
105 + return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, flags);
106 }
107 #endif
108
109 diff --git a/src/rfc1035.c b/src/rfc1035.c
110 index 8a7d2608dac5..bdeb3fb10e68 100644
111 --- a/src/rfc1035.c
112 +++ b/src/rfc1035.c
113 @@ -1923,14 +1923,17 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
114 for (intr = daemon->int_names; intr; intr = intr->next)
115 if (hostname_isequal(name, intr->name))
116 {
117 - ans = 1;
118 - if (!dryrun)
119 - {
120 -
121 - for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
122 + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
123 #ifdef HAVE_IPV6
124 - if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type)
125 + if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type)
126 #endif
127 + {
128 +#ifdef HAVE_IPV6
129 + if (addrlist->flags & ADDRLIST_REVONLY)
130 + continue;
131 +#endif
132 + ans = 1;
133 + if (!dryrun)
134 {
135 gotit = 1;
136 log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
137 @@ -1939,7 +1942,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
138 type == T_A ? "4" : "6", &addrlist->addr))
139 anscount++;
140 }
141 - }
142 + }
143 }
144
145 if (!dryrun && !gotit)
146 --
147 2.1.0
148
IPFire 2.x development tree