]>
git.ipfire.org Git - people/ms/dnsmasq.git/log
Simon Kelley [Thu, 14 May 2015 20:16:18 +0000 (21:16 +0100)]
Tweak last commit.
Simon Kelley [Wed, 13 May 2015 21:33:04 +0000 (22:33 +0100)]
Allow T1 and T2 DHCPv4 options to be set.
Simon Kelley [Wed, 13 May 2015 11:35:57 +0000 (12:35 +0100)]
Pointer to mail-archive mailing list mirror in doc.html.
Simon Kelley [Wed, 13 May 2015 11:16:13 +0000 (12:16 +0100)]
Tweak Debian systemd unit file.
Simon Kelley [Sun, 10 May 2015 12:50:59 +0000 (13:50 +0100)]
Tweak EDNS timeout code.
Simon Kelley [Fri, 8 May 2015 19:25:51 +0000 (20:25 +0100)]
Check IPv4-mapped IPv6 addresses with --stop-rebind.
Simon Kelley [Fri, 8 May 2015 15:25:38 +0000 (16:25 +0100)]
Handle UDP packet loss when fragmentation of large packets is broken.
Nicolas Cavallari [Tue, 28 Apr 2015 20:55:18 +0000 (21:55 +0100)]
Constify some DHCP lease management functions.
Simon Kelley [Tue, 28 Apr 2015 20:26:35 +0000 (21:26 +0100)]
Don't remove RRSIG RR from answers to ANY queries when the do bit is not set.
Simon Kelley [Tue, 28 Apr 2015 19:45:57 +0000 (20:45 +0100)]
Fix argument-order botch which broke DNSSEC for TCP queries.
Johnny S. Lee [Sun, 26 Apr 2015 21:23:57 +0000 (22:23 +0100)]
Make get-version work when repo is a git submodule.
Simon Kelley [Sat, 25 Apr 2015 20:46:10 +0000 (21:46 +0100)]
Logs in DHCPv6 not suppressed by dhcp6-quiet.
Simon Kelley [Wed, 22 Apr 2015 20:14:31 +0000 (21:14 +0100)]
Tweaks to previous, DNS label charset commit.
Simon Kelley [Tue, 21 Apr 2015 21:57:06 +0000 (22:57 +0100)]
Handle domain names with '.' or /000 within labels.
Only in DNSSEC mode, where we might need to validate or store
such names. In none-DNSSEC mode, simply don't cache these, as before.
Simon Kelley [Mon, 20 Apr 2015 20:34:05 +0000 (21:34 +0100)]
Moshe Levi [Sun, 19 Apr 2015 21:10:40 +0000 (22:10 +0100)]
Check IP address command line arg in dhcp_release.c
Simon Kelley [Fri, 17 Apr 2015 21:50:20 +0000 (22:50 +0100)]
Log domain when reporting DNSSEC validation failure.
Simon Kelley [Thu, 16 Apr 2015 14:24:52 +0000 (15:24 +0100)]
Note CVE-2015-3294
Stefan Tomanek [Thu, 16 Apr 2015 14:20:59 +0000 (15:20 +0100)]
Fix (srk induced) crash in new tftp_no_fail code.
Simon Kelley [Thu, 16 Apr 2015 14:05:30 +0000 (15:05 +0100)]
Auth: correct replies to NS and SOA in .arpa zones.
Simon Kelley [Sun, 12 Apr 2015 20:52:47 +0000 (21:52 +0100)]
Fix crash in auth code with odd configuration.
Simon Kelley [Thu, 9 Apr 2015 20:48:00 +0000 (21:48 +0100)]
Fix crash on receipt of certain malformed DNS requests.
Simon Kelley [Mon, 6 Apr 2015 16:19:13 +0000 (17:19 +0100)]
Fix crash caused by looking up servers.bind when many servers defined.
Simon Kelley [Fri, 3 Apr 2015 20:42:30 +0000 (21:42 +0100)]
Fix compiler warning when not including DNSSEC.
Simon Kelley [Fri, 3 Apr 2015 20:25:05 +0000 (21:25 +0100)]
Return INSECURE, rather than BOGUS when DS proved not to exist.
Return INSECURE when validating DNS replies which have RRSIGs, but
when a needed DS record in the trust chain is proved not to exist.
It's allowed for a zone to set up DNSKEY and RRSIG records first, then
add a DS later, completing the chain of trust.
Also, since we don't have the infrastructure to track that these
non-validated replies have RRSIGS, don't cache them, so we don't
provide answers with missing RRSIGS from the cache.
Stefan Tomanek [Wed, 1 Apr 2015 16:55:07 +0000 (17:55 +0100)]
Whitespace fixes.
Stefan Tomanek [Tue, 31 Mar 2015 21:32:11 +0000 (22:32 +0100)]
add --tftp-no-fail to ignore missing tftp root
Simon Kelley [Mon, 30 Mar 2015 06:52:21 +0000 (07:52 +0100)]
Merge message translations.
Simon Kelley [Sun, 29 Mar 2015 21:35:44 +0000 (22:35 +0100)]
Fix crash in last commit.
Simon Kelley [Sun, 29 Mar 2015 21:17:14 +0000 (22:17 +0100)]
Allow control characters in names in the cache, handle when logging.
Simon Kelley [Sat, 28 Mar 2015 21:34:07 +0000 (21:34 +0000)]
DNSSEC fix for non-ascii characters in labels.
Simon Kelley [Fri, 27 Mar 2015 11:44:55 +0000 (11:44 +0000)]
Protect against broken DNSSEC upstreams.
Simon Kelley [Fri, 27 Mar 2015 09:58:26 +0000 (09:58 +0000)]
Return SERVFAIL when validation abandoned.
Simon Kelley [Thu, 26 Mar 2015 21:15:43 +0000 (21:15 +0000)]
Don't fail DNSSEC when a signed CNAME dangles into an unsigned zone.
Lung-Pin Chang [Thu, 19 Mar 2015 23:22:21 +0000 (23:22 +0000)]
dhcp: set outbound interface via cmsg in unicast reply
If multiple routes to the same network exist, Linux blindly picks
the first interface (route) based on destination address, which might not be
the one we're actually offering leases. Rather than relying on this,
always set the interface for outgoing unicast DHCP packets.
Simon Kelley [Thu, 19 Mar 2015 22:50:22 +0000 (22:50 +0000)]
Make --address=/example.com/ equivalent to --server=/example.com/
Simon Kelley [Wed, 11 Mar 2015 21:36:30 +0000 (21:36 +0000)]
Fix boilerplate code for re-running system calls on EINTR and EAGAIN etc.
The nasty code with static variable in retry_send() which
avoids looping forever needs to be called on success of the syscall,
to reset the static variable.
Simon Kelley [Sat, 7 Mar 2015 18:28:06 +0000 (18:28 +0000)]
Tweak DNSSEC timestamp code to create file later, removing need to chown it.
Simon Kelley [Wed, 4 Mar 2015 20:32:26 +0000 (20:32 +0000)]
New version of contrib/reverse-dns
Simon Kelley [Mon, 2 Mar 2015 22:47:23 +0000 (22:47 +0000)]
Fix last commit to not crash if uid changing not configured.
Simon Kelley [Sun, 1 Mar 2015 18:17:54 +0000 (18:17 +0000)]
Add --dnssec-timestamp option and facility.
Joachim Zobel [Mon, 23 Feb 2015 21:38:11 +0000 (21:38 +0000)]
Log parsing utils in contrib/reverse-dns
Tomas Hozza [Mon, 23 Feb 2015 21:26:26 +0000 (21:26 +0000)]
Fix uninitialized value used in get_client_mac()
Chen Wei [Tue, 17 Feb 2015 22:07:35 +0000 (22:07 +0000)]
Fix trivial memory leaks to quieten valgrind.
Simon Kelley [Sat, 14 Feb 2015 20:08:56 +0000 (20:08 +0000)]
Make dynamic hosts files work when --no-hosts set.
Simon Kelley [Sat, 14 Feb 2015 20:02:37 +0000 (20:02 +0000)]
Typos.
Simon Kelley [Thu, 12 Feb 2015 18:30:32 +0000 (18:30 +0000)]
Debian systemd fixes.
Shantanu Gadgil [Wed, 11 Feb 2015 20:16:59 +0000 (20:16 +0000)]
Fix get-version script which returned wrong tag in some situations.
Chris Lamb [Mon, 9 Feb 2015 11:52:30 +0000 (11:52 +0000)]
Make Debian build reproducible.
Simon Kelley [Sat, 7 Feb 2015 22:36:34 +0000 (22:36 +0000)]
man page typo.
Simon Kelley [Tue, 3 Feb 2015 21:52:48 +0000 (21:52 +0000)]
Extra logging for inotify code.
Simon Kelley [Mon, 2 Feb 2015 22:36:42 +0000 (22:36 +0000)]
Fixup dhcp-configs after reading extra hostfiles with inotify.
ThiƩbaud Weksteen [Mon, 2 Feb 2015 21:37:27 +0000 (21:37 +0000)]
Manpage typo fix.
Simon Kelley [Mon, 2 Feb 2015 21:27:39 +0000 (21:27 +0000)]
Debian changelog bugfix.
Simon Kelley [Sun, 1 Feb 2015 21:48:46 +0000 (21:48 +0000)]
Fix build failure on openBSD.
Simon Kelley [Sun, 1 Feb 2015 00:15:16 +0000 (00:15 +0000)]
BSD make support
Simon Kelley [Sat, 31 Jan 2015 22:44:26 +0000 (22:44 +0000)]
Fix broken ECDSA DNSSEC signatures.
Simon Kelley [Sat, 31 Jan 2015 21:59:13 +0000 (21:59 +0000)]
inotify documentation updates.
Simon Kelley [Sat, 31 Jan 2015 20:13:40 +0000 (20:13 +0000)]
Update copyrights for dawn of 2015.
Simon Kelley [Sat, 31 Jan 2015 19:59:29 +0000 (19:59 +0000)]
Expand inotify code to dhcp-hostsdir, dhcp-optsdir and hostsdir.
Simon Kelley [Mon, 26 Jan 2015 11:23:43 +0000 (11:23 +0000)]
Allow inotify to be disabled at compile time on Linux.
Win King Wan [Wed, 21 Jan 2015 20:41:48 +0000 (20:41 +0000)]
Don't reply to DHCPv6 SOLICIT messages when not configured for statefull DHCPv6.
Conrad Kostecki [Tue, 20 Jan 2015 21:07:56 +0000 (21:07 +0000)]
Update German translation.
Simon Kelley [Tue, 20 Jan 2015 20:51:02 +0000 (20:51 +0000)]
Add --dhcp-hostsdir config option.
Simon Kelley [Sun, 18 Jan 2015 22:20:48 +0000 (22:20 +0000)]
Don't treat SERVFAIL as a recoverable error.....
Simon Kelley [Sun, 18 Jan 2015 22:11:10 +0000 (22:11 +0000)]
Cope with multiple interfaces with the same LL address.
Simon Kelley [Mon, 12 Jan 2015 23:22:08 +0000 (23:22 +0000)]
Logs for DS records consistent.
Simon Kelley [Mon, 12 Jan 2015 23:16:56 +0000 (23:16 +0000)]
Don't answer from cache RRsets from wildcards, as we don't have NSECs.
Simon Kelley [Mon, 12 Jan 2015 20:18:18 +0000 (20:18 +0000)]
Log port of requestor when doing extra logging.
RinSatsuki [Sat, 10 Jan 2015 15:22:21 +0000 (15:22 +0000)]
Add --min-cache-ttl option.
Simon Kelley [Fri, 9 Jan 2015 15:53:03 +0000 (15:53 +0000)]
Add --log-queries=extra option for more complete logging.
Simon Kelley [Wed, 7 Jan 2015 21:58:05 +0000 (21:58 +0000)]
Merge branch 'unsigned'
Simon Kelley [Wed, 7 Jan 2015 21:55:43 +0000 (21:55 +0000)]
DNSSEC: do top-down search for limit of secure delegation.
Yousong Zhou [Mon, 5 Jan 2015 17:03:35 +0000 (17:03 +0000)]
Fix race condition issue in makefile.
Yousong Zhou [Sat, 3 Jan 2015 16:36:14 +0000 (16:36 +0000)]
Implement makefile dependencies on COPTS variable.
Matthias Andree [Sat, 27 Dec 2014 15:36:38 +0000 (15:36 +0000)]
Fix build failure in new inotify code on BSD.
Simon Kelley [Sat, 27 Dec 2014 15:33:32 +0000 (15:33 +0000)]
Bad packet protection.
Glen Huang [Sat, 27 Dec 2014 15:28:12 +0000 (15:28 +0000)]
Add --ignore-address option.
Simon Kelley [Tue, 23 Dec 2014 18:42:38 +0000 (18:42 +0000)]
Initialise return value.
Simon Kelley [Tue, 23 Dec 2014 15:46:08 +0000 (15:46 +0000)]
Fix problems validating NSEC3 and wildcards.
Simon Kelley [Sun, 21 Dec 2014 21:21:53 +0000 (21:21 +0000)]
Make caching work for CNAMEs pointing to A/AAAA records shadowed in /etc/hosts
If the answer to an upstream query is a CNAME which points to an
A/AAAA record which also exists in /etc/hosts and friends, then
caching is suppressed, to avoid inconsistent answers. This is
now modified to allow caching when the upstream and local A/AAAA
records have the same value.
Simon Kelley [Sun, 21 Dec 2014 16:11:52 +0000 (16:11 +0000)]
Fix crash in DNSSEC code when attempting to verify large RRs.
Simon Kelley [Wed, 17 Dec 2014 20:38:20 +0000 (20:38 +0000)]
Tweak field width in cache dump to avoid truncating IPv6 addresses.
Simon Kelley [Wed, 17 Dec 2014 12:41:56 +0000 (12:41 +0000)]
Eliminate IPv6 privacy addresses from --interface-name answers.
Simon Kelley [Tue, 16 Dec 2014 20:41:29 +0000 (20:41 +0000)]
Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
Simon Kelley [Tue, 16 Dec 2014 18:25:17 +0000 (18:25 +0000)]
Fix breakage of --domain=<domain>,<subnet>,local
Simon Kelley [Mon, 15 Dec 2014 17:52:22 +0000 (17:52 +0000)]
CHANGELOG re. inotify.
Simon Kelley [Mon, 15 Dec 2014 17:50:15 +0000 (17:50 +0000)]
Remove floor on EDNS0 packet size with DNSSEC.
Simon Kelley [Mon, 15 Dec 2014 15:58:13 +0000 (15:58 +0000)]
Teach the new inotify code about symlinks.
Simon Kelley [Wed, 10 Dec 2014 17:40:03 +0000 (17:40 +0000)]
Merge branch 'inotify'
Simon Kelley [Wed, 10 Dec 2014 17:32:16 +0000 (17:32 +0000)]
Use inotify instead of polling on Linux.
This should solve problems people are seeing when a file changes
twice within a second and thus is missed for polling.
Hans Dedecker [Tue, 9 Dec 2014 22:22:53 +0000 (22:22 +0000)]
Fix conntrack with --bind-interfaces
Make sure dst_addr is assigned the correct address in receive_query when OPTNOWILD is
enabled so the assigned mark can be correctly retrieved and set in forward_query when
conntrack is enabled.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Vladislav Grishenko [Mon, 6 Oct 2014 13:34:24 +0000 (14:34 +0100)]
Improve RFC-compliance when unable to supply addresses in DHCPv6
While testing https://github.com/sbyx/odhcp6c client I have noticed it
permanently crashes after startup.
The reason was it (odhcp6c) doesn't expect empty IA options in ADVERTISE
message without any suboptions.
Despite this validation bug of odhcp6c, dnsmasq should not generate
ADVERTISE messages with IA if there's nothing to advert per RFC 3315
17.2.2:
If the server will not assign any addresses to any IAs in a
subsequent Request from the client, the server MUST send an Advertise
message to the client that includes only a Status Code option with
code NoAddrsAvail and a status message for the user, a Server
Identifier option with the server's DUID, and a Client Identifier
option with the client's DUID.
Meanwhile it's need to add status code for every IA in REPLY message per
RFC3315 18.2.1:
If the server cannot assign any addresses to an IA in the message
from the client, the server MUST include the IA in the Reply message
with no addresses in the IA and a Status Code option in the IA
containing status code NoAddrsAvail.
So, I've changed the logic to skip IA completely from ADVERTISE messages and
to add NoAddrsAvail subcode into IA of REPLY messages.
As for overhead, yes, I believe it's ok to return NoAddrsAvail twice in IA
and in global section for compatibility with all old and new clients.
Tomas Hozza [Mon, 6 Oct 2014 09:46:48 +0000 (10:46 +0100)]
Fit example conf file typo.
Daniel Collins [Fri, 3 Oct 2014 20:58:43 +0000 (21:58 +0100)]
Fix typo in new Dbus code.
Simon's fault.
Karl Vogel [Fri, 3 Oct 2014 20:45:15 +0000 (21:45 +0100)]
Set conntrack mark before connect() call.
SO_MARK has to be done before issuing the connect() call on the
TCP socket.
Simon Kelley [Fri, 3 Oct 2014 07:50:37 +0000 (08:50 +0100)]
Bump Debian version.
Simon Kelley [Fri, 3 Oct 2014 07:48:11 +0000 (08:48 +0100)]
Debian build fixes for kFreeBSD
Simon Kelley [Thu, 2 Oct 2014 20:44:21 +0000 (21:44 +0100)]
crash at startup when an empty suffix is supplied to --conf-dir
Simon Kelley [Thu, 25 Sep 2014 20:51:25 +0000 (21:51 +0100)]
Add newline at the end of example config file.