]>
git.ipfire.org Git - people/ms/dnsmasq.git/log
Michael Tremer [Thu, 4 Feb 2016 23:45:09 +0000 (23:45 +0000)]
isc.c: Improve OOM handling when reading DHCP leases
This patch mainly suppresses a compiler warning. The application
will still crash.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 1 Feb 2015 23:21:51 +0000 (00:21 +0100)]
Fix merge error
Michael Tremer [Tue, 6 May 2014 18:42:21 +0000 (20:42 +0200)]
ISC dhcpd reader: Don't add duplicate entries.
Michael Tremer [Tue, 29 Apr 2014 10:09:08 +0000 (12:09 +0200)]
ISC DHCP reader: Simplify parsing dates.
Michael Tremer [Sun, 27 Apr 2014 22:51:13 +0000 (00:51 +0200)]
Add support to read ISC DHCP lease file.
Simon Kelley [Mon, 1 Feb 2016 17:59:07 +0000 (17:59 +0000)]
Make names of ARP script actions consistent.
Andy Stormont [Mon, 1 Feb 2016 12:07:57 +0000 (12:07 +0000)]
Fix FTBFS on illumos
Chris Novakovic [Mon, 25 Jan 2016 21:54:35 +0000 (21:54 +0000)]
Treat REFUSED (not SERVFAIL) as an unsuccessful upstream response
Commit
51967f9807665dae403f1497b827165c5fa1084b began treating SERVFAIL
as a successful response from an upstream server (thus ignoring future
responses to the query from other upstream servers), but a typo in that
commit means that REFUSED responses are accidentally being treated as
successful instead of SERVFAIL responses.
This commit corrects this typo and provides the behaviour intended by
commit
51967f9 : SERVFAIL responses are considered successful (and will
be sent back to the requester), while REFUSED responses are considered
unsuccessful (and dnsmasq will wait for responses from other upstream
servers that haven't responded yet).
Simon Kelley [Mon, 25 Jan 2016 21:29:23 +0000 (21:29 +0000)]
Final form of configuration for EDNS0 MAC-address code.
Hans Dedecker [Sat, 23 Jan 2016 10:48:12 +0000 (10:48 +0000)]
Add --max-port config option.
Simon Kelley [Tue, 19 Jan 2016 21:23:30 +0000 (21:23 +0000)]
Fix wrong reply to simple name when --domain-needed set and no servers configured.
Also return REFUSED and not SERVFAIL when out of memory.
Thanks to Allain Legacy for problem report.
Simon Kelley [Tue, 19 Jan 2016 20:29:57 +0000 (20:29 +0000)]
Fix problems in last commit when DNSSEC not enabled.
Simon Kelley [Mon, 18 Jan 2016 18:04:17 +0000 (18:04 +0000)]
Complete DNSSEC server-selection code and set conntrack on DNSSEC queries.
Simon Kelley [Mon, 18 Jan 2016 12:51:08 +0000 (12:51 +0000)]
Fix sporadic crash in find_mac() - hwlen must be zero for empty entries.
Simon Kelley [Sun, 17 Jan 2016 21:53:57 +0000 (21:53 +0000)]
Fix botch in forward.c flags code.
Thanks to Matthias Anfree for spotting this.
Simon Kelley [Sat, 16 Jan 2016 18:39:54 +0000 (18:39 +0000)]
Complete work to allow DNSSEC validation with private DNS servers.
Simon Kelley [Thu, 14 Jan 2016 19:23:10 +0000 (19:23 +0000)]
arp.c tidy up.
Simon Kelley [Tue, 12 Jan 2016 15:58:23 +0000 (15:58 +0000)]
Disable DNSSEC for server=/domain/.. servers unless trust-anchor provided.
André Glüpker [Tue, 12 Jan 2016 12:54:17 +0000 (12:54 +0000)]
Fix bad cache-size calculation when hosts-file read fails.
Simon Kelley [Tue, 12 Jan 2016 11:28:58 +0000 (11:28 +0000)]
DNSSEC: Handle non-root trust anchors, and check we have a root trust anchor.
Simon Kelley [Mon, 11 Jan 2016 22:50:00 +0000 (22:50 +0000)]
Inhibit DNSSEC validation when forwarding to private servers for a domain.
server=/example.com/<ip-of-server>
The rationale is that the chain-of-trust will not be complete to
private servers. If it was, it would not be necessary to access the
server direct.
Simon Kelley [Wed, 6 Jan 2016 22:51:17 +0000 (22:51 +0000)]
Fix FTBFS when scripts excluded at compilation time.
Simon Kelley [Wed, 6 Jan 2016 18:52:33 +0000 (18:52 +0000)]
Update copyright notices. Happy new year!
Simon Kelley [Wed, 6 Jan 2016 17:59:13 +0000 (17:59 +0000)]
Handle building with script support enabled and DHCP disabled.
Simon Kelley [Mon, 4 Jan 2016 17:17:41 +0000 (17:17 +0000)]
Fix botch in new arp-cache linked-list code resulting in 100% CPU spin.
Simon Kelley [Mon, 4 Jan 2016 16:04:51 +0000 (16:04 +0000)]
Fix datatype-sixe botch which broke DNSSEC sig timestamps when far in the future.
Simon Kelley [Thu, 31 Dec 2015 20:55:39 +0000 (20:55 +0000)]
Trivial code tweak.
Simon Kelley [Thu, 31 Dec 2015 16:18:11 +0000 (16:18 +0000)]
Correct logic for when to start helper.
Simon Kelley [Mon, 28 Dec 2015 23:17:15 +0000 (23:17 +0000)]
First complete version of DNS-client-id EDNS0 and ARP tracking code.
Simon Kelley [Wed, 23 Dec 2015 16:15:58 +0000 (16:15 +0000)]
Cache access to the kernel's ARP table.
Simon Kelley [Wed, 23 Dec 2015 12:27:37 +0000 (12:27 +0000)]
More EDNS0 packet-size tweaks.
Simon Kelley [Mon, 21 Dec 2015 18:31:55 +0000 (18:31 +0000)]
Log signature algo with DNSKEY and DS, also digest with DS.
Simon Kelley [Mon, 21 Dec 2015 17:30:44 +0000 (17:30 +0000)]
Fix build failure when DNSSEC code omitted.
Simon Kelley [Mon, 21 Dec 2015 17:20:35 +0000 (17:20 +0000)]
Truncate DNS replies >512 bytes that the client isn't expecting.
Simon Kelley [Mon, 21 Dec 2015 16:23:47 +0000 (16:23 +0000)]
Handle extending EDNS0 OPT RR.
Simon Kelley [Mon, 21 Dec 2015 14:17:06 +0000 (14:17 +0000)]
Split EDNS0 stuff into its own source file.
Simon Kelley [Sun, 20 Dec 2015 21:39:19 +0000 (21:39 +0000)]
NSEC3 check: RFC5155 para 8.2
Simon Kelley [Sun, 20 Dec 2015 21:19:20 +0000 (21:19 +0000)]
Minor tweak to previous commit.
Simon Kelley [Sun, 20 Dec 2015 20:50:05 +0000 (20:50 +0000)]
Nasty, rare and obscure off-by-one in DNSSEC hostname_cmp().
Simon Kelley [Sun, 20 Dec 2015 20:44:23 +0000 (20:44 +0000)]
More tweaks in handling unknown DNSSEC algorithms.
Simon Kelley [Sun, 20 Dec 2015 17:12:16 +0000 (17:12 +0000)]
Major tidy up of EDNS0 handling and computation/use of udp packet size.
Simon Kelley [Thu, 17 Dec 2015 17:23:03 +0000 (17:23 +0000)]
Do a better job of determining which DNSSEC sig algos are supported.
Simon Kelley [Thu, 17 Dec 2015 16:58:04 +0000 (16:58 +0000)]
Fix brace botch in dnssec_validate_ds()
Thanks to Michał Kępień for spotting this.
Simon Kelley [Thu, 17 Dec 2015 11:57:26 +0000 (11:57 +0000)]
Tidy up DNSSEC non-existence code. Check zone status is NSEC proof bad.
Simon Kelley [Thu, 17 Dec 2015 10:44:58 +0000 (10:44 +0000)]
Tweaks to EDNS0 handling in DNS replies.
Simon Kelley [Wed, 16 Dec 2015 13:41:58 +0000 (13:41 +0000)]
DNSSEC validation tweak.
A zone which has at least one key with an algorithm we don't
support should be considered as insecure.
Simon Kelley [Tue, 15 Dec 2015 17:25:21 +0000 (17:25 +0000)]
Generalise RR-filtering code, for use with EDNS0.
Simon Kelley [Tue, 15 Dec 2015 16:11:06 +0000 (16:11 +0000)]
Move code which caches DS records to a more logical place.
Simon Kelley [Tue, 15 Dec 2015 12:04:40 +0000 (12:04 +0000)]
Abandon caching RRSIGs and returning them from cache.
The list of exceptions to being able to locally answer
cached data for validated records when DNSSEC data is requested
was getting too long, so don't ever do that. This means
that the cache no longer has to hold RRSIGS and allows
us to lose lots of code. Note that cached validated
answers are still returned as long as do=0
Simon Kelley [Tue, 15 Dec 2015 10:20:39 +0000 (10:20 +0000)]
Major rationalisation of DNSSEC validation.
Much gnarly special-case code removed and replaced with correct
general implementaion. Checking of zone-status moved to DNSSEC code,
where it should be, vastly simplifying query-forwarding code.
Simon Kelley [Sat, 21 Nov 2015 21:47:41 +0000 (21:47 +0000)]
Fix crash at start up with conf-dir=/path,*
Thanks to Brian Carpenter and American Fuzzy Lop for finding the bug.
Simon Kelley [Fri, 20 Nov 2015 23:20:47 +0000 (23:20 +0000)]
Handle unknown DS hash algos correctly.
When we can validate a DS RRset, but don't speak the hash algo it
contains, treat that the same as an NSEC/3 proving that the DS
doesn't exist. 4025 5.2
Edwin Török [Sat, 14 Nov 2015 17:45:48 +0000 (17:45 +0000)]
Fix crash when empty address from DNS overlays A record from hosts.
Simon Kelley [Tue, 20 Oct 2015 20:21:32 +0000 (21:21 +0100)]
Update list of subnet for --bogus-priv
RFC6303 specifies & recommends following zones not be forwarded
to globally facing servers.
+------------------------------+-----------------------+
| Zone | Description |
+------------------------------+-----------------------+
| 0.IN-ADDR.ARPA | IPv4 "THIS" NETWORK |
| 127.IN-ADDR.ARPA | IPv4 Loopback NETWORK |
| 254.169.IN-ADDR.ARPA | IPv4 LINK LOCAL |
| 2.0.192.IN-ADDR.ARPA | IPv4 TEST-NET-1 |
| 100.51.198.IN-ADDR.ARPA | IPv4 TEST-NET-2 |
| 113.0.203.IN-ADDR.ARPA | IPv4 TEST-NET-3 |
| 255.255.255.255.IN-ADDR.ARPA | IPv4 BROADCAST |
+------------------------------+-----------------------+
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Simon Kelley [Tue, 13 Oct 2015 19:30:32 +0000 (20:30 +0100)]
Catch errors from sendmsg in DHCP code.
Logs, eg, iptables DROPS of dest 255.255.255.255
Simon Kelley [Tue, 29 Sep 2015 21:54:41 +0000 (22:54 +0100)]
Use /run/dnsmasq instead of /var/run/dnsmasq in Debian package.
Simon Kelley [Sat, 26 Sep 2015 20:40:45 +0000 (21:40 +0100)]
Simon Kelley [Thu, 10 Sep 2015 22:08:43 +0000 (23:08 +0100)]
Respect the --no-resolv flag in inotify code.
Simon Kelley [Thu, 10 Sep 2015 20:50:00 +0000 (21:50 +0100)]
DHCPv6 option 56 does not hold an address list. (RFC 5908).
Simon Kelley [Wed, 9 Sep 2015 21:51:13 +0000 (22:51 +0100)]
Handle signed dangling CNAME replies to DS queries.
Simon Kelley [Wed, 26 Aug 2015 21:48:13 +0000 (22:48 +0100)]
Clarify man page on RDNSS set in router advertisement.
Simon Kelley [Wed, 26 Aug 2015 21:38:08 +0000 (22:38 +0100)]
Suggest solution to ENOMEM error with IPv6 multicast.
Simon Kelley [Tue, 25 Aug 2015 22:08:39 +0000 (23:08 +0100)]
Fix behaviour of empty dhcp-option=option6:dns-server, which should inhibit sending option.
Simon Kelley [Sun, 9 Aug 2015 16:45:06 +0000 (17:45 +0100)]
Don't answer non-auth queries for auth zones locally when --localise-queries set.
Ed Bardsley [Wed, 5 Aug 2015 20:17:18 +0000 (21:17 +0100)]
Enhance --add-subnet to allow arbitary subnet addresses.
Simon Kelley [Mon, 3 Aug 2015 20:52:12 +0000 (21:52 +0100)]
Include 0.0.0.0/8 in DNS rebind checks.
Simon Kelley [Thu, 30 Jul 2015 19:59:07 +0000 (20:59 +0100)]
Fix new poll() code for helper pipe. Removed CPU-spin.
Simon Kelley [Mon, 27 Jul 2015 18:48:43 +0000 (19:48 +0100)]
Declare utime().
Kevin Darbyshire-Bryant [Mon, 27 Jul 2015 18:34:23 +0000 (19:34 +0100)]
Update DNSSEC timestamp file on process TERM.
Conrad Kostecki [Mon, 27 Jul 2015 18:22:49 +0000 (19:22 +0100)]
Update german translation
Simon Kelley [Mon, 27 Jul 2015 17:56:43 +0000 (18:56 +0100)]
DNSSEC fix: correct logic for signed records in unsigned DNS space.
Simon Kelley [Thu, 16 Jul 2015 21:37:37 +0000 (22:37 +0100)]
Small tweak to DNSSEC fix.
Simon Kelley [Thu, 16 Jul 2015 21:23:13 +0000 (22:23 +0100)]
DNSSEC fix, signed wildcard CNAME to unsigned domain.
Jan Psota [Wed, 15 Jul 2015 18:57:47 +0000 (19:57 +0100)]
Update Polish translation.
Simon Kelley [Wed, 15 Jul 2015 18:54:50 +0000 (19:54 +0100)]
Close Lauchpad bug in Debian changelog.
Simon Kelley [Mon, 13 Jul 2015 11:47:52 +0000 (12:47 +0100)]
Grow pollfds array exponentially.
Simon Kelley [Sun, 12 Jul 2015 20:27:40 +0000 (21:27 +0100)]
Merge messages for translations.
Simon Kelley [Sun, 12 Jul 2015 20:09:11 +0000 (21:09 +0100)]
Use poll() instead of select() to remove limits on open file descriptors.
Simon Kelley [Wed, 8 Jul 2015 21:42:14 +0000 (22:42 +0100)]
Log message typo.
Simon Kelley [Wed, 8 Jul 2015 21:40:57 +0000 (22:40 +0100)]
Fix compilation warning.
Simon Kelley [Wed, 8 Jul 2015 21:38:13 +0000 (22:38 +0100)]
Test for overflowing platform FD_SET size.
Simon Kelley [Tue, 7 Jul 2015 20:54:55 +0000 (21:54 +0100)]
Bump version in Debian changelog.
Simon Kelley [Mon, 6 Jul 2015 20:48:49 +0000 (21:48 +0100)]
Fix inotify code to handle dangling symlinks better.
Simon Kelley [Sun, 5 Jul 2015 21:31:30 +0000 (22:31 +0100)]
Avoid hanngs in DHCP ping code when system time goes backwards.
Simon Kelley [Sun, 5 Jul 2015 20:59:10 +0000 (21:59 +0100)]
--conf-file should read no file, not try and read the default file.
Ján Sáreník [Sun, 5 Jul 2015 20:23:27 +0000 (21:23 +0100)]
Manpage typo fix.
Simon Kelley [Fri, 12 Jun 2015 20:39:11 +0000 (21:39 +0100)]
Handle CNAMEs to DS records when confirming absence of DS for DNSSEC.
Simon Kelley [Wed, 10 Jun 2015 21:31:02 +0000 (22:31 +0100)]
Merge messages and fix makefile process to do this.
Neil Jerram [Wed, 10 Jun 2015 21:23:20 +0000 (22:23 +0100)]
Documenation updates for --bridge-interface and "off-link".
Neil Jerram [Wed, 10 Jun 2015 21:16:35 +0000 (22:16 +0100)]
Apply --bridge-interfaces to unsolicited router advertisements.
Neil Jerram [Wed, 10 Jun 2015 21:14:49 +0000 (22:14 +0100)]
Upply --bridge-interface aliasing to solicited router advertisements.
Neil Jerram [Wed, 10 Jun 2015 21:13:06 +0000 (22:13 +0100)]
Allow router advertisements to have the "off-link" bit set.
Neil Jerram [Wed, 10 Jun 2015 21:11:06 +0000 (22:11 +0100)]
Extend --bridge-interface aliasing to DHCPv6.
Neil Jerram [Wed, 10 Jun 2015 21:06:33 +0000 (22:06 +0100)]
Fix logging of unknown interface in --bridge-interface, DHPCv4.
Simon Kelley [Tue, 9 Jun 2015 19:45:07 +0000 (20:45 +0100)]
Add a couple of missed logging strings to the catalogue.
Nicolas Cavallari [Tue, 9 Jun 2015 19:42:20 +0000 (20:42 +0100)]
Add Dbus methods to create and delete DHCP leases.
Simon Kelley [Sat, 6 Jun 2015 22:13:57 +0000 (23:13 +0100)]
Handle corner cases in NSEC coverage checks.
Simon Kelley [Thu, 4 Jun 2015 21:32:43 +0000 (22:32 +0100)]
More reproducibility fixes for Debian package.
Simon Kelley [Wed, 3 Jun 2015 21:30:59 +0000 (22:30 +0100)]
DHCPv6: DHCPCONFIRM should be OK for any address on link, not just dynamic addresses.
Simon Kelley [Mon, 1 Jun 2015 20:00:16 +0000 (21:00 +0100)]
Close Debian bug for bug fixed upstream.