diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 10537d711f3..85c43505e09 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.80 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq diff --git a/package/network/services/dnsmasq/patches/0001-Impove-cache-behaviour-for-TCP-connections.patch b/package/network/services/dnsmasq/patches/0001-Impove-cache-behaviour-for-TCP-connections.patch new file mode 100644 index 00000000000..453c2924b20 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0001-Impove-cache-behaviour-for-TCP-connections.patch @@ -0,0 +1,495 @@ +From a799ca0c6314ad73a97bc6c89382d2712a9c0b0e Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Thu, 18 Oct 2018 19:35:29 +0100 +Subject: [PATCH 01/11] Impove cache behaviour for TCP connections. + +For ease of implementaion, dnsmasq has always forked a new process to +handle each incoming TCP connection. A side-effect of this is that any +DNS queries answered from TCP connections are not cached: when TCP +connections were rare, this was not a problem. With the coming of +DNSSEC, it's now the case that some DNSSEC queries have answers which +spill to TCP, and if, for instance, this applies to the keys for the +root then those never get cached, and performance is very bad. This +fix passes cache entries back from the TCP child process to the main +server process, and fixes the problem. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + CHANGELOG | 14 ++++ + src/blockdata.c | 37 ++++++++- + src/cache.c | 196 ++++++++++++++++++++++++++++++++++++++++++++++-- + src/dnsmasq.c | 58 ++++++++++++-- + src/dnsmasq.h | 5 ++ + 5 files changed, 291 insertions(+), 19 deletions(-) + +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -1,3 +1,17 @@ ++version 2.81 ++ Impove cache behaviour for TCP connections. For ease of ++ implementaion, dnsmasq has always forked a new process to handle ++ each incoming TCP connection. A side-effect of this is that ++ any DNS queries answered from TCP connections are not cached: ++ when TCP connections were rare, this was not a problem. ++ With the coming of DNSSEC, it's now the case that some ++ DNSSEC queries have answers which spill to TCP, and if, ++ for instance, this applies to the keys for the root then ++ those never get cached, and performance is very bad. ++ This fix passes cache entries back from the TCP child process to ++ the main server process, and fixes the problem. ++ ++ + version 2.80 + Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method + for the initial patch and motivation. +--- a/src/blockdata.c ++++ b/src/blockdata.c +@@ -61,7 +61,7 @@ void blockdata_report(void) + blockdata_alloced * sizeof(struct blockdata)); + } + +-struct blockdata *blockdata_alloc(char *data, size_t len) ++static struct blockdata *blockdata_alloc_real(int fd, char *data, size_t len) + { + struct blockdata *block, *ret = NULL; + struct blockdata **prev = &ret; +@@ -89,8 +89,17 @@ struct blockdata *blockdata_alloc(char * + blockdata_hwm = blockdata_count; + + blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len; +- memcpy(block->key, data, blen); +- data += blen; ++ if (data) ++ { ++ memcpy(block->key, data, blen); ++ data += blen; ++ } ++ else if (!read_write(fd, block->key, blen, 1)) ++ { ++ /* failed read free partial chain */ ++ blockdata_free(ret); ++ return NULL; ++ } + len -= blen; + *prev = block; + prev = &block->next; +@@ -100,6 +109,10 @@ struct blockdata *blockdata_alloc(char * + return ret; + } + ++struct blockdata *blockdata_alloc(char *data, size_t len) ++{ ++ return blockdata_alloc_real(0, data, len); ++} + + void blockdata_free(struct blockdata *blocks) + { +@@ -148,5 +161,21 @@ void *blockdata_retrieve(struct blockdat + + return data; + } +- ++ ++ ++void blockdata_write(struct blockdata *block, size_t len, int fd) ++{ ++ for (; len > 0 && block; block = block->next) ++ { ++ size_t blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len; ++ read_write(fd, block->key, blen, 0); ++ len -= blen; ++ } ++} ++ ++struct blockdata *blockdata_read(int fd, size_t len) ++{ ++ return blockdata_alloc_real(fd, NULL, len); ++} ++ + #endif +--- a/src/cache.c ++++ b/src/cache.c +@@ -26,6 +26,8 @@ static union bigname *big_free = NULL; + static int bignames_left, hash_size; + + static void make_non_terminals(struct crec *source); ++static struct crec *really_insert(char *name, struct all_addr *addr, ++ time_t now, unsigned long ttl, unsigned short flags); + + /* type->string mapping: this is also used by the name-hash function as a mixing table. */ + static const struct { +@@ -464,16 +466,10 @@ void cache_start_insert(void) + new_chain = NULL; + insert_error = 0; + } +- ++ + struct crec *cache_insert(char *name, struct all_addr *addr, + time_t now, unsigned long ttl, unsigned short flags) + { +- struct crec *new, *target_crec = NULL; +- union bigname *big_name = NULL; +- int freed_all = flags & F_REVERSE; +- int free_avail = 0; +- unsigned int target_uid; +- + /* Don't log DNSSEC records here, done elsewhere */ + if (flags & (F_IPV4 | F_IPV6 | F_CNAME)) + { +@@ -484,7 +480,20 @@ struct crec *cache_insert(char *name, st + if (daemon->min_cache_ttl != 0 && daemon->min_cache_ttl > ttl) + ttl = daemon->min_cache_ttl; + } ++ ++ return really_insert(name, addr, now, ttl, flags); ++} + ++ ++static struct crec *really_insert(char *name, struct all_addr *addr, ++ time_t now, unsigned long ttl, unsigned short flags) ++{ ++ struct crec *new, *target_crec = NULL; ++ union bigname *big_name = NULL; ++ int freed_all = flags & F_REVERSE; ++ int free_avail = 0; ++ unsigned int target_uid; ++ + /* if previous insertion failed give up now. */ + if (insert_error) + return NULL; +@@ -645,12 +654,185 @@ void cache_end_insert(void) + cache_hash(new_chain); + cache_link(new_chain); + daemon->metrics[METRIC_DNS_CACHE_INSERTED]++; ++ ++ /* If we're a child process, send this cache entry up the pipe to the master. ++ The marshalling process is rather nasty. */ ++ if (daemon->pipe_to_parent != -1) ++ { ++ char *name = cache_get_name(new_chain); ++ ssize_t m = strlen(name); ++ unsigned short flags = new_chain->flags; ++#ifdef HAVE_DNSSEC ++ u16 class = new_chain->uid; ++#endif ++ ++ read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0); ++ read_write(daemon->pipe_to_parent, (unsigned char *)name, m, 0); ++ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->ttd, sizeof(new_chain->ttd), 0); ++ read_write(daemon->pipe_to_parent, (unsigned char *)&flags, sizeof(flags), 0); ++ ++ if (flags & (F_IPV4 | F_IPV6)) ++ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); ++#ifdef HAVE_DNSSEC ++ else if (flags & F_DNSKEY) ++ { ++ read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); ++ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.algo, sizeof(new_chain->addr.key.algo), 0); ++ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keytag, sizeof(new_chain->addr.key.keytag), 0); ++ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.flags, sizeof(new_chain->addr.key.flags), 0); ++ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keylen, sizeof(new_chain->addr.key.keylen), 0); ++ blockdata_write(new_chain->addr.key.keydata, new_chain->addr.key.keylen, daemon->pipe_to_parent); ++ } ++ else if (flags & F_DS) ++ { ++ read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); ++ /* A negative DS entry is possible and has no data, obviously. */ ++ if (!(flags & F_NEG)) ++ { ++ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.algo, sizeof(new_chain->addr.ds.algo), 0); ++ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keytag, sizeof(new_chain->addr.ds.keytag), 0); ++ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.digest, sizeof(new_chain->addr.ds.digest), 0); ++ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keylen, sizeof(new_chain->addr.ds.keylen), 0); ++ blockdata_write(new_chain->addr.ds.keydata, new_chain->addr.ds.keylen, daemon->pipe_to_parent); ++ } ++ } ++#endif ++ ++ } + } ++ + new_chain = tmp; + } ++ ++ /* signal end of cache insert in master process */ ++ if (daemon->pipe_to_parent != -1) ++ { ++ ssize_t m = -1; ++ read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0); ++ } ++ + new_chain = NULL; + } + ++ ++/* A marshalled cache entry arrives on fd, read, unmarshall and insert into cache of master process. */ ++int cache_recv_insert(time_t now, int fd) ++{ ++ ssize_t m; ++ struct all_addr addr; ++ unsigned long ttl; ++ time_t ttd; ++ unsigned short flags; ++ struct crec *crecp = NULL; ++ ++ cache_start_insert(); ++ ++ while(1) ++ { ++ ++ if (!read_write(fd, (unsigned char *)&m, sizeof(m), 1)) ++ return 0; ++ ++ if (m == -1) ++ { ++ cache_end_insert(); ++ return 1; ++ } ++ ++ if (!read_write(fd, (unsigned char *)daemon->namebuff, m, 1) || ++ !read_write(fd, (unsigned char *)&ttd, sizeof(ttd), 1) || ++ !read_write(fd, (unsigned char *)&flags, sizeof(flags), 1)) ++ return 0; ++ ++ daemon->namebuff[m] = 0; ++ ++ ttl = difftime(ttd, now); ++ ++ if (flags & (F_IPV4 | F_IPV6)) ++ { ++ if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) ++ return 0; ++ crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags); ++ } ++ else if (flags & F_CNAME) ++ { ++ struct crec *newc = really_insert(daemon->namebuff, NULL, now, ttl, flags); ++ /* This relies on the fact the the target of a CNAME immediately preceeds ++ it because of the order of extraction in extract_addresses, and ++ the order reversal on the new_chain. */ ++ if (newc) ++ { ++ if (!crecp) ++ { ++ newc->addr.cname.target.cache = NULL; ++ /* anything other than zero, to avoid being mistaken for CNAME to interface-name */ ++ newc->addr.cname.uid = 1; ++ } ++ else ++ { ++ next_uid(crecp); ++ newc->addr.cname.target.cache = crecp; ++ newc->addr.cname.uid = crecp->uid; ++ } ++ } ++ } ++#ifdef HAVE_DNSSEC ++ else if (flags & (F_DNSKEY | F_DS)) ++ { ++ unsigned short class, keylen, keyflags, keytag; ++ unsigned char algo, digest; ++ struct blockdata *keydata; ++ ++ if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1)) ++ return 0; ++ /* Cache needs to known class for DNSSEC stuff */ ++ addr.addr.dnssec.class = class; ++ ++ crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags); ++ ++ if (flags & F_DNSKEY) ++ { ++ if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) || ++ !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) || ++ !read_write(fd, (unsigned char *)&keyflags, sizeof(keyflags), 1) || ++ !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) || ++ !(keydata = blockdata_read(fd, keylen))) ++ return 0; ++ } ++ else if (!(flags & F_NEG)) ++ { ++ if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) || ++ !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) || ++ !read_write(fd, (unsigned char *)&digest, sizeof(digest), 1) || ++ !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) || ++ !(keydata = blockdata_read(fd, keylen))) ++ return 0; ++ } ++ ++ if (crecp) ++ { ++ if (flags & F_DNSKEY) ++ { ++ crecp->addr.key.algo = algo; ++ crecp->addr.key.keytag = keytag; ++ crecp->addr.key.flags = flags; ++ crecp->addr.key.keylen = keylen; ++ crecp->addr.key.keydata = keydata; ++ } ++ else if (!(flags & F_NEG)) ++ { ++ crecp->addr.ds.algo = algo; ++ crecp->addr.ds.keytag = keytag; ++ crecp->addr.ds.digest = digest; ++ crecp->addr.ds.keylen = keylen; ++ crecp->addr.ds.keydata = keydata; ++ } ++ } ++ } ++#endif ++ } ++} ++ + int cache_find_non_terminal(char *name, time_t now) + { + struct crec *crecp; +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -930,6 +930,10 @@ int main (int argc, char **argv) + check_servers(); + + pid = getpid(); ++ ++ daemon->pipe_to_parent = -1; ++ for (i = 0; i < MAX_PROCS; i++) ++ daemon->tcp_pipes[i] = -1; + + #ifdef HAVE_INOTIFY + /* Using inotify, have to select a resolv file at startup */ +@@ -1611,7 +1615,7 @@ static int set_dns_listeners(time_t now) + we don't need to explicitly arrange to wake up here */ + if (listener->tcpfd != -1) + for (i = 0; i < MAX_PROCS; i++) +- if (daemon->tcp_pids[i] == 0) ++ if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1) + { + poll_listen(listener->tcpfd, POLLIN); + break; +@@ -1624,6 +1628,13 @@ static int set_dns_listeners(time_t now) + + } + ++#ifndef NO_FORK ++ if (!option_bool(OPT_DEBUG)) ++ for (i = 0; i < MAX_PROCS; i++) ++ if (daemon->tcp_pipes[i] != -1) ++ poll_listen(daemon->tcp_pipes[i], POLLIN); ++#endif ++ + return wait; + } + +@@ -1632,7 +1643,10 @@ static void check_dns_listeners(time_t n + struct serverfd *serverfdp; + struct listener *listener; + int i; +- ++#ifndef NO_FORK ++ int pipefd[2]; ++#endif ++ + for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) + if (poll_check(serverfdp->fd, POLLIN)) + reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now); +@@ -1642,7 +1656,26 @@ static void check_dns_listeners(time_t n + if (daemon->randomsocks[i].refcount != 0 && + poll_check(daemon->randomsocks[i].fd, POLLIN)) + reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now); +- ++ ++#ifndef NO_FORK ++ /* Races. The child process can die before we read all of the data from the ++ pipe, or vice versa. Therefore send tcp_pids to zero when we wait() the ++ process, and tcp_pipes to -1 and close the FD when we read the last ++ of the data - indicated by cache_recv_insert returning zero. ++ The order of these events is indeterminate, and both are needed ++ to free the process slot. Once the child process has gone, poll() ++ returns POLLHUP, not POLLIN, so have to check for both here. */ ++ if (!option_bool(OPT_DEBUG)) ++ for (i = 0; i < MAX_PROCS; i++) ++ if (daemon->tcp_pipes[i] != -1 && ++ poll_check(daemon->tcp_pipes[i], POLLIN | POLLHUP) && ++ !cache_recv_insert(now, daemon->tcp_pipes[i])) ++ { ++ close(daemon->tcp_pipes[i]); ++ daemon->tcp_pipes[i] = -1; ++ } ++#endif ++ + for (listener = daemon->listeners; listener; listener = listener->next) + { + if (listener->fd != -1 && poll_check(listener->fd, POLLIN)) +@@ -1736,15 +1769,20 @@ static void check_dns_listeners(time_t n + while (retry_send(close(confd))); + } + #ifndef NO_FORK +- else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0) ++ else if (!option_bool(OPT_DEBUG) && pipe(pipefd) == 0 && (p = fork()) != 0) + { +- if (p != -1) ++ close(pipefd[1]); /* parent needs read pipe end. */ ++ if (p == -1) ++ close(pipefd[0]); ++ else + { + int i; ++ + for (i = 0; i < MAX_PROCS; i++) +- if (daemon->tcp_pids[i] == 0) ++ if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1) + { + daemon->tcp_pids[i] = p; ++ daemon->tcp_pipes[i] = pipefd[0]; + break; + } + } +@@ -1761,7 +1799,7 @@ static void check_dns_listeners(time_t n + int flags; + struct in_addr netmask; + int auth_dns; +- ++ + if (iface) + { + netmask = iface->netmask; +@@ -1777,7 +1815,11 @@ static void check_dns_listeners(time_t n + /* Arrange for SIGALRM after CHILD_LIFETIME seconds to + terminate the process. */ + if (!option_bool(OPT_DEBUG)) +- alarm(CHILD_LIFETIME); ++ { ++ alarm(CHILD_LIFETIME); ++ close(pipefd[0]); /* close read end in child. */ ++ daemon->pipe_to_parent = pipefd[1]; ++ } + #endif + + /* start with no upstream connections. */ +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -1091,6 +1091,8 @@ extern struct daemon { + size_t packet_len; /* " " */ + struct randfd *rfd_save; /* " " */ + pid_t tcp_pids[MAX_PROCS]; ++ int tcp_pipes[MAX_PROCS]; ++ int pipe_to_parent; + struct randfd randomsocks[RANDOM_SOCKS]; + int v6pktinfo; + struct addrlist *interface_addrs; /* list of all addresses/prefix lengths associated with all local interfaces */ +@@ -1152,6 +1154,7 @@ struct crec *cache_find_by_name(struct c + char *name, time_t now, unsigned int prot); + void cache_end_insert(void); + void cache_start_insert(void); ++int cache_recv_insert(time_t now, int fd); + struct crec *cache_insert(char *name, struct all_addr *addr, + time_t now, unsigned long ttl, unsigned short flags); + void cache_reload(void); +@@ -1174,6 +1177,8 @@ void blockdata_init(void); + void blockdata_report(void); + struct blockdata *blockdata_alloc(char *data, size_t len); + void *blockdata_retrieve(struct blockdata *block, size_t len, void *data); ++struct blockdata *blockdata_read(int fd, size_t len); ++void blockdata_write(struct blockdata *block, size_t len, int fd); + void blockdata_free(struct blockdata *blocks); + #endif + diff --git a/package/network/services/dnsmasq/patches/0002-Ensure-that-AD-bit-is-reset-on-answers-from-address-.patch b/package/network/services/dnsmasq/patches/0002-Ensure-that-AD-bit-is-reset-on-answers-from-address-.patch new file mode 100644 index 00000000000..e3178b8dfdb --- /dev/null +++ b/package/network/services/dnsmasq/patches/0002-Ensure-that-AD-bit-is-reset-on-answers-from-address-.patch @@ -0,0 +1,26 @@ +From a220545c4277cba534be5ef4638b5076fc7d2cf4 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 22 Oct 2018 18:21:48 +0100 +Subject: [PATCH 02/11] Ensure that AD bit is reset on answers from + --address=//
. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/rfc1035.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -938,9 +938,9 @@ size_t setup_reply(struct dns_header *he + return 0; + + /* clear authoritative and truncated flags, set QR flag */ +- header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; +- /* set RA flag */ +- header->hb4 |= HB4_RA; ++ header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC )) | HB3_QR; ++ /* clear AD flag, set RA flag */ ++ header->hb4 = (header->hb4 & ~HB4_AD) | HB4_RA; + + header->nscount = htons(0); + header->arcount = htons(0); diff --git a/package/network/services/dnsmasq/patches/0003-Remove-ability-to-compile-without-IPv6-support.patch b/package/network/services/dnsmasq/patches/0003-Remove-ability-to-compile-without-IPv6-support.patch new file mode 100644 index 00000000000..be3c4116b67 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0003-Remove-ability-to-compile-without-IPv6-support.patch @@ -0,0 +1,2192 @@ +From ee8750451b49d27b180517a4e35b636be0fae575 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 23 Oct 2018 22:10:17 +0100 +Subject: [PATCH 03/11] Remove ability to compile without IPv6 support. + +This was the source of a large number of #ifdefs, originally +included for use with old embedded libc versions. I'm +sure no-one wants or needs IPv6-free code these days, so this +is a move towards more maintainable code. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/arp.c | 13 ---------- + src/auth.c | 53 ++++++++++---------------------------- + src/bpf.c | 10 ++------ + src/cache.c | 31 ++++------------------ + src/config.h | 30 +++------------------- + src/conntrack.c | 2 -- + src/dbus.c | 4 --- + src/dnsmasq.c | 6 ++--- + src/dnsmasq.h | 20 ++------------- + src/domain.c | 28 +++----------------- + src/dump.c | 4 --- + src/edns0.c | 14 +--------- + src/forward.c | 68 ++++--------------------------------------------- + src/helper.c | 8 ------ + src/ipset.c | 9 +------ + src/netlink.c | 5 +--- + src/network.c | 54 +++------------------------------------ + src/option.c | 34 ------------------------- + src/rfc1035.c | 50 +++++++----------------------------- + src/tables.c | 3 +-- + src/tftp.c | 17 ++----------- + src/util.c | 13 +--------- + 22 files changed, 57 insertions(+), 419 deletions(-) + +--- a/src/arp.c ++++ b/src/arp.c +@@ -44,11 +44,6 @@ static int filter_mac(int family, char * + if (maclen > DHCP_CHADDR_MAX) + return 1; + +-#ifndef HAVE_IPV6 +- if (family != AF_INET) +- return 1; +-#endif +- + /* Look for existing entry */ + for (arp = arps; arp; arp = arp->next) + { +@@ -60,13 +55,11 @@ static int filter_mac(int family, char * + if (arp->addr.addr.addr4.s_addr != ((struct in_addr *)addrp)->s_addr) + continue; + } +-#ifdef HAVE_IPV6 + else + { + if (!IN6_ARE_ADDR_EQUAL(&arp->addr.addr.addr6, (struct in6_addr *)addrp)) + continue; + } +-#endif + + if (arp->status == ARP_EMPTY) + { +@@ -103,10 +96,8 @@ static int filter_mac(int family, char * + memcpy(arp->hwaddr, mac, maclen); + if (family == AF_INET) + arp->addr.addr.addr4.s_addr = ((struct in_addr *)addrp)->s_addr; +-#ifdef HAVE_IPV6 + else + memcpy(&arp->addr.addr.addr6, addrp, IN6ADDRSZ); +-#endif + } + + return 1; +@@ -136,11 +127,9 @@ int find_mac(union mysockaddr *addr, uns + arp->addr.addr.addr4.s_addr != addr->in.sin_addr.s_addr) + continue; + +-#ifdef HAVE_IPV6 + if (arp->family == AF_INET6 && + !IN6_ARE_ADDR_EQUAL(&arp->addr.addr.addr6, &addr->in6.sin6_addr)) + continue; +-#endif + + /* Only accept positive entries unless in lazy mode. */ + if (arp->status != ARP_EMPTY || lazy || updated) +@@ -203,10 +192,8 @@ int find_mac(union mysockaddr *addr, uns + + if (addr->sa.sa_family == AF_INET) + arp->addr.addr.addr4.s_addr = addr->in.sin_addr.s_addr; +-#ifdef HAVE_IPV6 + else + memcpy(&arp->addr.addr.addr6, &addr->in6.sin6_addr, IN6ADDRSZ); +-#endif + } + + return 0; +--- a/src/auth.c ++++ b/src/auth.c +@@ -33,10 +33,8 @@ static struct addrlist *find_addrlist(st + if (is_same_net(addr, list->addr.addr.addr4, netmask)) + return list; + } +-#ifdef HAVE_IPV6 + else if (is_same_net6(&(addr_u->addr.addr6), &list->addr.addr.addr6, list->prefixlen)) + return list; +-#endif + + } while ((list = list->next)); + +@@ -189,7 +187,6 @@ size_t answer_auth(struct dns_header *he + while (intr->next && strcmp(intr->intr, intr->next->intr) == 0) + intr = intr->next; + } +-#ifdef HAVE_IPV6 + else if (flag == F_IPV6) + for (intr = daemon->int_names; intr; intr = intr->next) + { +@@ -205,7 +202,6 @@ size_t answer_auth(struct dns_header *he + while (intr->next && strcmp(intr->intr, intr->next->intr) == 0) + intr = intr->next; + } +-#endif + + if (intr) + { +@@ -378,10 +374,8 @@ size_t answer_auth(struct dns_header *he + if (qtype == T_A) + flag = F_IPV4; + +-#ifdef HAVE_IPV6 + if (qtype == T_AAAA) + flag = F_IPV6; +-#endif + + for (intr = daemon->int_names; intr; intr = intr->next) + if ((rc = hostname_issubdomain(name, intr->name))) +@@ -395,10 +389,9 @@ size_t answer_auth(struct dns_header *he + if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == qtype && + (local_query || filter_zone(zone, flag, &addrlist->addr))) + { +-#ifdef HAVE_IPV6 + if (addrlist->flags & ADDRLIST_REVONLY) + continue; +-#endif ++ + found = 1; + log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL); + if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, +@@ -424,13 +417,11 @@ size_t answer_auth(struct dns_header *he + + if (peer_addr->sa.sa_family == AF_INET) + peer_addr->in.sin_port = 0; +-#ifdef HAVE_IPV6 + else + { + peer_addr->in6.sin6_port = 0; + peer_addr->in6.sin6_scope_id = 0; + } +-#endif + + for (peers = daemon->auth_peers; peers; peers = peers->next) + if (sockaddr_isequal(peer_addr, &peers->addr)) +@@ -442,10 +433,8 @@ size_t answer_auth(struct dns_header *he + { + if (peer_addr->sa.sa_family == AF_INET) + inet_ntop(AF_INET, &peer_addr->in.sin_addr, daemon->addrbuff, ADDRSTRLEN); +-#ifdef HAVE_IPV6 + else + inet_ntop(AF_INET6, &peer_addr->in6.sin6_addr, daemon->addrbuff, ADDRSTRLEN); +-#endif + + my_syslog(LOG_WARNING, _("ignoring zone transfer request from %s"), daemon->addrbuff); + return 0; +@@ -603,7 +592,6 @@ size_t answer_auth(struct dns_header *he + p += sprintf(p, "%u.in-addr.arpa", a & 0xff); + + } +-#ifdef HAVE_IPV6 + else + { + char *p = name; +@@ -617,7 +605,6 @@ size_t answer_auth(struct dns_header *he + p += sprintf(p, "ip6.arpa"); + + } +-#endif + } + + /* handle NS and SOA in auth section or for explicit queries */ +@@ -754,14 +741,12 @@ size_t answer_auth(struct dns_header *he + daemon->auth_ttl, NULL, T_A, C_IN, "4", cut ? intr->name : NULL, &addrlist->addr)) + anscount++; + +-#ifdef HAVE_IPV6 + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) + if ((addrlist->flags & ADDRLIST_IPV6) && + (local_query || filter_zone(zone, F_IPV6, &addrlist->addr)) && + add_resource_record(header, limit, &trunc, -axfroffset, &ansp, + daemon->auth_ttl, NULL, T_AAAA, C_IN, "6", cut ? intr->name : NULL, &addrlist->addr)) + anscount++; +-#endif + + /* restore config data */ + if (cut) +@@ -798,18 +783,11 @@ size_t answer_auth(struct dns_header *he + { + char *cache_name = cache_get_name(crecp); + if (!strchr(cache_name, '.') && +- (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))) +- { +- qtype = T_A; +-#ifdef HAVE_IPV6 +- if (crecp->flags & F_IPV6) +- qtype = T_AAAA; +-#endif +- if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, +- daemon->auth_ttl, NULL, qtype, C_IN, +- (crecp->flags & F_IPV4) ? "4" : "6", cache_name, &crecp->addr)) +- anscount++; +- } ++ (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr))) && ++ add_resource_record(header, limit, &trunc, -axfroffset, &ansp, ++ daemon->auth_ttl, NULL, (crecp->flags & F_IPV6) ? T_AAAA : T_A, C_IN, ++ (crecp->flags & F_IPV4) ? "4" : "6", cache_name, &crecp->addr)) ++ anscount++; + } + + if ((crecp->flags & F_HOSTS) || (((crecp->flags & F_DHCP) && option_bool(OPT_DHCP_FQDN)))) +@@ -818,18 +796,13 @@ size_t answer_auth(struct dns_header *he + if (in_zone(zone, name, &cut) && + (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))) + { +- qtype = T_A; +-#ifdef HAVE_IPV6 +- if (crecp->flags & F_IPV6) +- qtype = T_AAAA; +-#endif +- if (cut) +- *cut = 0; +- +- if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, +- daemon->auth_ttl, NULL, qtype, C_IN, +- (crecp->flags & F_IPV4) ? "4" : "6", cut ? name : NULL, &crecp->addr)) +- anscount++; ++ if (cut) ++ *cut = 0; ++ ++ if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, ++ daemon->auth_ttl, NULL, (crecp->flags & F_IPV6) ? T_AAAA : T_A, C_IN, ++ (crecp->flags & F_IPV4) ? "4" : "6", cut ? name : NULL, &crecp->addr)) ++ anscount++; + } + } + } +--- a/src/bpf.c ++++ b/src/bpf.c +@@ -31,9 +31,7 @@ + # include + #endif + #include +-#ifdef HAVE_IPV6 +-# include +-#endif ++#include + + #ifndef SA_SIZE + #define SA_SIZE(sa) \ +@@ -121,7 +119,7 @@ int iface_enumerate(int family, void *pa + if (getifaddrs(&head) == -1) + return 0; + +-#if defined(HAVE_BSD_NETWORK) && defined(HAVE_IPV6) ++#if defined(HAVE_BSD_NETWORK) + if (family == AF_INET6) + fd = socket(PF_INET6, SOCK_DGRAM, 0); + #endif +@@ -152,7 +150,6 @@ int iface_enumerate(int family, void *pa + if (!((*callback)(addr, iface_index, NULL, netmask, broadcast, parm))) + goto err; + } +-#ifdef HAVE_IPV6 + else if (family == AF_INET6) + { + struct in6_addr *addr = &((struct sockaddr_in6 *) addrs->ifa_addr)->sin6_addr; +@@ -219,7 +216,6 @@ int iface_enumerate(int family, void *pa + (int) preferred, (int)valid, parm))) + goto err; + } +-#endif /* HAVE_IPV6 */ + + #ifdef HAVE_DHCP6 + else if (family == AF_LINK) +@@ -427,10 +423,8 @@ void route_sock(void) + del_family = sa->sa_family; + if (del_family == AF_INET) + del_addr.addr.addr4 = ((struct sockaddr_in *)sa)->sin_addr; +-#ifdef HAVE_IPV6 + else if (del_family == AF_INET6) + del_addr.addr.addr6 = ((struct sockaddr_in6 *)sa)->sin6_addr; +-#endif + else + del_family = 0; + } +--- a/src/cache.c ++++ b/src/cache.c +@@ -410,11 +410,8 @@ static struct crec *cache_scan_free(char + else + { + int i; +-#ifdef HAVE_IPV6 + int addrlen = (flags & F_IPV6) ? IN6ADDRSZ : INADDRSZ; +-#else +- int addrlen = INADDRSZ; +-#endif ++ + for (i = 0; i < hash_size; i++) + for (crecp = hash_table[i], up = &hash_table[i]; + crecp && ((crecp->flags & F_REVERSE) || !(crecp->flags & F_IMMORTAL)); +@@ -512,11 +509,9 @@ static struct crec *really_insert(char * + if ((flags & F_IPV4) && (new->flags & F_IPV4) && + new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr) + return new; +-#ifdef HAVE_IPV6 + else if ((flags & F_IPV6) && (new->flags & F_IPV6) && + IN6_ARE_ADDR_EQUAL(&new->addr.addr.addr.addr6, &addr->addr.addr6)) + return new; +-#endif + } + + insert_error = 1; +@@ -938,11 +933,7 @@ struct crec *cache_find_by_addr(struct c + time_t now, unsigned int prot) + { + struct crec *ans; +-#ifdef HAVE_IPV6 + int addrlen = (prot == F_IPV6) ? IN6ADDRSZ : INADDRSZ; +-#else +- int addrlen = INADDRSZ; +-#endif + + if (crecp) /* iterating */ + ans = crecp->next; +@@ -1171,14 +1162,12 @@ int read_hostsfile(char *filename, unsig + addrlen = INADDRSZ; + domain_suffix = get_domain(addr.addr.addr4); + } +-#ifdef HAVE_IPV6 + else if (inet_pton(AF_INET6, token, &addr) > 0) + { + flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6; + addrlen = IN6ADDRSZ; + domain_suffix = get_domain6(&addr.addr.addr6); + } +-#endif + else + { + my_syslog(LOG_ERR, _("bad address at %s line %d"), filename, lineno); +@@ -1343,7 +1332,7 @@ void cache_reload(void) + cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4 | F_NAMEP | F_CONFIG; + add_hosts_entry(cache, (struct all_addr *)&hr->addr, INADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); + } +-#ifdef HAVE_IPV6 ++ + if (!IN6_IS_ADDR_UNSPECIFIED(&hr->addr6) && + (cache = whine_malloc(SIZEOF_POINTER_CREC))) + { +@@ -1352,7 +1341,6 @@ void cache_reload(void) + cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6 | F_NAMEP | F_CONFIG; + add_hosts_entry(cache, (struct all_addr *)&hr->addr6, IN6ADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); + } +-#endif + } + + if (option_bool(OPT_NO_HOSTS) && !daemon->addn_hosts) +@@ -1451,13 +1439,11 @@ void cache_add_dhcp_entry(char *host_nam + int in_hosts = 0; + size_t addrlen = sizeof(struct in_addr); + +-#ifdef HAVE_IPV6 + if (prot == AF_INET6) + { + flags = F_IPV6; + addrlen = sizeof(struct in6_addr); + } +-#endif + + inet_ntop(prot, host_address, daemon->addrbuff, ADDRSTRLEN); + +@@ -1810,10 +1796,8 @@ void dump_cache(time_t now) + a = daemon->addrbuff; + if (cache->flags & F_IPV4) + inet_ntop(AF_INET, &cache->addr.addr, a, ADDRSTRLEN); +-#ifdef HAVE_IPV6 + else if (cache->flags & F_IPV6) + inet_ntop(AF_INET6, &cache->addr.addr, a, ADDRSTRLEN); +-#endif + } + + if (cache->flags & F_IPV4) +@@ -1954,14 +1938,9 @@ void log_query(unsigned int flags, char + sprintf(daemon->addrbuff, "%u", rcode); + } + else +- { +-#ifdef HAVE_IPV6 +- inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6, +- addr, daemon->addrbuff, ADDRSTRLEN); +-#else +- strncpy(daemon->addrbuff, inet_ntoa(addr->addr.addr4), ADDRSTRLEN); +-#endif +- } ++ inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6, ++ addr, daemon->addrbuff, ADDRSTRLEN); ++ + } + else + dest = arg; +--- a/src/config.h ++++ b/src/config.h +@@ -131,7 +131,6 @@ HAVE_INOTIFY + + NO_ID + Don't report *.bind CHAOS info to clients, forward such requests upstream instead. +-NO_IPV6 + NO_TFTP + NO_DHCP + NO_DHCP6 +@@ -141,8 +140,8 @@ NO_AUTH + NO_DUMPFILE + NO_INOTIFY + these are available to explicitly disable compile time options which would +- otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or +- which are enabled by default in the distributed source tree. Building dnsmasq ++ otherwise be enabled automatically or which are enabled by default ++ in the distributed source tree. Building dnsmasq + with something like "make COPTS=-DNO_SCRIPT" will do the trick. + NO_GMP + Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp. +@@ -308,29 +307,9 @@ HAVE_SOCKADDR_SA_LEN + + #endif + +-/* Decide if we're going to support IPv6 */ +-/* We assume that systems which don't have IPv6 +- headers don't have ntop and pton either */ +- +-#if defined(INET6_ADDRSTRLEN) && defined(IPV6_V6ONLY) +-# define HAVE_IPV6 +-# define ADDRSTRLEN INET6_ADDRSTRLEN +-#else +-# if !defined(INET_ADDRSTRLEN) +-# define INET_ADDRSTRLEN 16 /* 4*3 + 3 dots + NULL */ +-# endif +-# undef HAVE_IPV6 +-# define ADDRSTRLEN INET_ADDRSTRLEN +-#endif +- +- + /* rules to implement compile-time option dependencies and + the NO_XXX flags */ + +-#ifdef NO_IPV6 +-#undef HAVE_IPV6 +-#endif +- + #ifdef NO_TFTP + #undef HAVE_TFTP + #endif +@@ -340,7 +319,7 @@ HAVE_SOCKADDR_SA_LEN + #undef HAVE_DHCP6 + #endif + +-#if defined(NO_DHCP6) || !defined(HAVE_IPV6) ++#if defined(NO_DHCP6) + #undef HAVE_DHCP6 + #endif + +@@ -385,9 +364,6 @@ HAVE_SOCKADDR_SA_LEN + #ifdef DNSMASQ_COMPILE_OPTS + + static char *compile_opts = +-#ifndef HAVE_IPV6 +-"no-" +-#endif + "IPv6 " + #ifndef HAVE_GETOPT_LONG + "no-" +--- a/src/conntrack.c ++++ b/src/conntrack.c +@@ -36,7 +36,6 @@ int get_incoming_mark(union mysockaddr * + nfct_set_attr_u8(ct, ATTR_L4PROTO, istcp ? IPPROTO_TCP : IPPROTO_UDP); + nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(daemon->port)); + +-#ifdef HAVE_IPV6 + if (peer_addr->sa.sa_family == AF_INET6) + { + nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6); +@@ -45,7 +44,6 @@ int get_incoming_mark(union mysockaddr * + nfct_set_attr(ct, ATTR_IPV6_DST, local_addr->addr.addr6.s6_addr); + } + else +-#endif + { + nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_IPV4_SRC, peer_addr->in.sin_addr.s_addr); +--- a/src/dbus.c ++++ b/src/dbus.c +@@ -185,9 +185,6 @@ static void dbus_read_servers(DBusMessag + } + } + +-#ifndef HAVE_IPV6 +- my_syslog(LOG_WARNING, _("attempt to set an IPv6 server address via DBus - no IPv6 support")); +-#else + if (i == sizeof(struct in6_addr)) + { + memcpy(&addr.in6.sin6_addr, p, sizeof(struct in6_addr)); +@@ -202,7 +199,6 @@ static void dbus_read_servers(DBusMessag + source_addr.in6.sin6_port = htons(daemon->query_port); + skip = 0; + } +-#endif + } + else + /* At the end */ +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -1730,11 +1730,11 @@ static void check_dns_listeners(time_t n + indextoname(listener->tcpfd, if_index, intr_name)) + { + struct all_addr addr; +- addr.addr.addr4 = tcp_addr.in.sin_addr; +-#ifdef HAVE_IPV6 ++ + if (tcp_addr.sa.sa_family == AF_INET6) + addr.addr.addr6 = tcp_addr.in6.sin6_addr; +-#endif ++ else ++ addr.addr.addr4 = tcp_addr.in.sin_addr; + + for (iface = daemon->interfaces; iface; iface = iface->next) + if (iface->index == if_index) +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -126,9 +126,7 @@ typedef unsigned long long u64; + #include + #include + #include +-#ifdef HAVE_IPV6 + #include +-#endif + #include + #include + #include +@@ -159,6 +157,8 @@ extern int capget(cap_user_header_t head + /* daemon is function in the C library.... */ + #define daemon dnsmasq_daemon + ++#define ADDRSTRLEN INET6_ADDRSTRLEN ++ + /* Async event queue */ + struct event_desc { + int event, data, msg_sz; +@@ -273,9 +273,7 @@ struct event_desc { + struct all_addr { + union { + struct in_addr addr4; +-#ifdef HAVE_IPV6 + struct in6_addr addr6; +-#endif + /* for log_query */ + struct { + unsigned short keytag, algo, digest; +@@ -383,9 +381,7 @@ struct host_record { + struct name_list *next; + } *names; + struct in_addr addr; +-#ifdef HAVE_IPV6 + struct in6_addr addr6; +-#endif + struct host_record *next; + }; + +@@ -496,9 +492,7 @@ struct crec { + union mysockaddr { + struct sockaddr sa; + struct sockaddr_in in; +-#if defined(HAVE_IPV6) + struct sockaddr_in6 in6; +-#endif + }; + + /* bits in flag param to IPv6 callbacks from iface_enumerate() */ +@@ -660,9 +654,7 @@ struct frec { + struct all_addr dest; + struct server *sentto; /* NULL means free */ + struct randfd *rfd4; +-#ifdef HAVE_IPV6 + struct randfd *rfd6; +-#endif + unsigned int iface; + unsigned short orig_id, new_id; + int log_id, fd, forwardall, flags; +@@ -877,9 +869,7 @@ struct dhcp_bridge { + struct cond_domain { + char *domain, *prefix; + struct in_addr start, end; +-#ifdef HAVE_IPV6 + struct in6_addr start6, end6; +-#endif + int is6, indexed; + struct cond_domain *next; + }; +@@ -1184,9 +1174,7 @@ void blockdata_free(struct blockdata *bl + + /* domain.c */ + char *get_domain(struct in_addr addr); +-#ifdef HAVE_IPV6 + char *get_domain6(struct in6_addr *addr); +-#endif + int is_name_synthetic(int flags, char *name, struct all_addr *addr); + int is_rev_synth(int flag, struct all_addr *addr, char *name); + +@@ -1270,11 +1258,9 @@ int hostname_issubdomain(char *a, char * + time_t dnsmasq_time(void); + int netmask_length(struct in_addr mask); + int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask); +-#ifdef HAVE_IPV6 + int is_same_net6(struct in6_addr *a, struct in6_addr *b, int prefixlen); + u64 addr6part(struct in6_addr *addr); + void setaddr6part(struct in6_addr *addr, u64 host); +-#endif + int retry_send(ssize_t rc); + void prettyprint_time(char *buf, unsigned int t); + int prettyprint_addr(union mysockaddr *addr, char *buf); +@@ -1353,9 +1339,7 @@ int loopback_exception(int fd, int famil + int label_exception(int index, int family, struct all_addr *addr); + int fix_fd(int fd); + int tcp_interface(int fd, int af); +-#ifdef HAVE_IPV6 + int set_ipv6pktinfo(int fd); +-#endif + #ifdef HAVE_DHCP6 + void join_multicast(int dienow); + #endif +--- a/src/domain.c ++++ b/src/domain.c +@@ -18,21 +18,14 @@ + + + static struct cond_domain *search_domain(struct in_addr addr, struct cond_domain *c); +-#ifdef HAVE_IPV6 + static struct cond_domain *search_domain6(struct in6_addr *addr, struct cond_domain *c); +-#endif + + + int is_name_synthetic(int flags, char *name, struct all_addr *addr) + { + char *p; + struct cond_domain *c = NULL; +- int prot = AF_INET; +- +-#ifdef HAVE_IPV6 +- if (flags & F_IPV6) +- prot = AF_INET6; +-#endif ++ int prot = (flags & F_IPV6) ? AF_INET6 : AF_INET; + + for (c = daemon->synth_domains; c; c = c->next) + { +@@ -83,8 +76,7 @@ int is_name_synthetic(int flags, char *n + addr->addr.addr4.s_addr = htonl(ntohl(c->start.s_addr) + index); + found = 1; + } +- } +-#ifdef HAVE_IPV6 ++ } + else + { + u64 index = atoll(tail); +@@ -98,7 +90,6 @@ int is_name_synthetic(int flags, char *n + found = 1; + } + } +-#endif + } + } + else +@@ -111,10 +102,8 @@ int is_name_synthetic(int flags, char *n + if ((c >='0' && c <= '9') || c == '-') + continue; + +-#ifdef HAVE_IPV6 + if (prot == AF_INET6 && ((c >='A' && c <= 'F') || (c >='a' && c <= 'f'))) + continue; +-#endif + + break; + } +@@ -124,7 +113,6 @@ int is_name_synthetic(int flags, char *n + + *p = 0; + +-#ifdef HAVE_IPV6 + if (prot == AF_INET6 && strstr(tail, "--ffff-") == tail) + { + /* special hack for v4-mapped. */ +@@ -134,7 +122,6 @@ int is_name_synthetic(int flags, char *n + *p = '.'; + } + else +-#endif + { + /* swap . or : for - */ + for (p = tail; *p; p++) +@@ -142,10 +129,8 @@ int is_name_synthetic(int flags, char *n + { + if (prot == AF_INET) + *p = '.'; +-#ifdef HAVE_IPV6 + else + *p = ':'; +-#endif + } + } + +@@ -158,7 +143,6 @@ int is_name_synthetic(int flags, char *n + ntohl(addr->addr.addr4.s_addr) <= ntohl(c->end.s_addr)) + found = 1; + } +-#ifdef HAVE_IPV6 + else + { + u64 addrpart = addr6part(&addr->addr.addr6); +@@ -169,7 +153,6 @@ int is_name_synthetic(int flags, char *n + addrpart <= addr6part(&c->end6)) + found = 1; + } +-#endif + } + + } +@@ -221,8 +204,7 @@ int is_rev_synth(int flag, struct all_ad + return 1; + } + +-#ifdef HAVE_IPV6 +- if (flag & F_IPV6 && (c = search_domain6(&addr->addr.addr6, daemon->synth_domains))) ++ if ((flag & F_IPV6) && (c = search_domain6(&addr->addr.addr6, daemon->synth_domains))) + { + char *p; + +@@ -259,7 +241,6 @@ int is_rev_synth(int flag, struct all_ad + + return 1; + } +-#endif + + return 0; + } +@@ -286,7 +267,7 @@ char *get_domain(struct in_addr addr) + return daemon->domain_suffix; + } + +-#ifdef HAVE_IPV6 ++ + static struct cond_domain *search_domain6(struct in6_addr *addr, struct cond_domain *c) + { + u64 addrpart = addr6part(addr); +@@ -310,4 +291,3 @@ char *get_domain6(struct in6_addr *addr) + + return daemon->domain_suffix; + } +-#endif +--- a/src/dump.c ++++ b/src/dump.c +@@ -82,10 +82,8 @@ void dump_init(void) + void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, union mysockaddr *dst) + { + struct ip ip; +-#ifdef HAVE_IPV6 + struct ip6_hdr ip6; + int family; +-#endif + struct udphdr { + u16 uh_sport; /* source port */ + u16 uh_dport; /* destination port */ +@@ -105,7 +103,6 @@ void dump_packet(int mask, void *packet, + /* So wireshark can Id the packet. */ + udp.uh_sport = udp.uh_dport = htons(NAMESERVER_PORT); + +-#ifdef HAVE_IPV6 + if (src) + family = src->sa.sa_family; + else +@@ -139,7 +136,6 @@ void dump_packet(int mask, void *packet, + sum += ((u16 *)&ip6.ip6_src)[i]; + } + else +-#endif + { + iphdr = &ip; + ipsz = sizeof(ip); +--- a/src/edns0.c ++++ b/src/edns0.c +@@ -301,20 +301,14 @@ static size_t add_mac(struct dns_header + + struct subnet_opt { + u16 family; +- u8 source_netmask, scope_netmask; +-#ifdef HAVE_IPV6 ++ u8 source_netmask, scope_netmask; + u8 addr[IN6ADDRSZ]; +-#else +- u8 addr[INADDRSZ]; +-#endif + }; + + static void *get_addrp(union mysockaddr *addr, const short family) + { +-#ifdef HAVE_IPV6 + if (family == AF_INET6) + return &addr->in6.sin6_addr; +-#endif + + return &addr->in.sin_addr; + } +@@ -330,7 +324,6 @@ static size_t calc_subnet_opt(struct sub + opt->source_netmask = 0; + opt->scope_netmask = 0; + +-#ifdef HAVE_IPV6 + if (source->sa.sa_family == AF_INET6 && daemon->add_subnet6) + { + opt->source_netmask = daemon->add_subnet6->mask; +@@ -342,7 +335,6 @@ static size_t calc_subnet_opt(struct sub + else + addrp = &source->in6.sin6_addr; + } +-#endif + + if (source->sa.sa_family == AF_INET && daemon->add_subnet4) + { +@@ -356,11 +348,7 @@ static size_t calc_subnet_opt(struct sub + addrp = &source->in.sin_addr; + } + +-#ifdef HAVE_IPV6 + opt->family = htons(sa_family == AF_INET6 ? 2 : 1); +-#else +- opt->family = htons(1); +-#endif + + len = 0; + +--- a/src/forward.c ++++ b/src/forward.c +@@ -38,9 +38,7 @@ int send_from(int fd, int nowild, char * + #elif defined(IP_SENDSRCADDR) + char control[CMSG_SPACE(sizeof(struct in_addr))]; + #endif +-#ifdef HAVE_IPV6 + char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; +-#endif + } control_u; + + iov[0].iov_base = packet; +@@ -79,7 +77,6 @@ int send_from(int fd, int nowild, char * + #endif + } + else +-#ifdef HAVE_IPV6 + { + struct in6_pktinfo p; + p.ipi6_ifindex = iface; /* Need iface for IPv6 to handle link-local addrs */ +@@ -89,9 +86,6 @@ int send_from(int fd, int nowild, char * + cmptr->cmsg_type = daemon->v6pktinfo; + cmptr->cmsg_level = IPPROTO_IPV6; + } +-#else +- (void)iface; /* eliminate warning */ +-#endif + } + + while (retry_send(sendmsg(fd, &msg, 0))); +@@ -144,10 +138,8 @@ static unsigned int search_servers(time_ + flags = sflag; + if (serv->addr.sa.sa_family == AF_INET) + *addrpp = (struct all_addr *)&serv->addr.in.sin_addr; +-#ifdef HAVE_IPV6 + else + *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr; +-#endif + } + else if (!flags || (flags & F_NXDOMAIN)) + flags = F_NOERR; +@@ -204,10 +196,8 @@ static unsigned int search_servers(time_ + flags = sflag; + if (serv->addr.sa.sa_family == AF_INET) + *addrpp = (struct all_addr *)&serv->addr.in.sin_addr; +-#ifdef HAVE_IPV6 + else + *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr; +-#endif + } + else if (!flags || (flags & F_NXDOMAIN)) + flags = F_NOERR; +@@ -236,10 +226,8 @@ static unsigned int search_servers(time_ + /* handle F_IPV4 and F_IPV6 set on ANY query to 0.0.0.0/:: domain. */ + if (flags & F_IPV4) + log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV6, qdomain, *addrpp, NULL); +-#ifdef HAVE_IPV6 + if (flags & F_IPV6) + log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV4, qdomain, *addrpp, NULL); +-#endif + } + } + else if ((*type) & SERV_USE_RESOLV) +@@ -302,20 +290,17 @@ static int forward_query(int udpfd, unio + + if (forward->sentto->addr.sa.sa_family == AF_INET) + log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec"); +-#ifdef HAVE_IPV6 + else + log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec"); +-#endif ++ + + if (forward->sentto->sfd) + fd = forward->sentto->sfd->fd; + else + { +-#ifdef HAVE_IPV6 + if (forward->sentto->addr.sa.sa_family == AF_INET6) + fd = forward->rfd6->fd; + else +-#endif + fd = forward->rfd4->fd; + } + +@@ -475,7 +460,6 @@ static int forward_query(int udpfd, unio + fd = start->sfd->fd; + else + { +-#ifdef HAVE_IPV6 + if (start->addr.sa.sa_family == AF_INET6) + { + if (!forward->rfd6 && +@@ -485,7 +469,6 @@ static int forward_query(int udpfd, unio + fd = forward->rfd6->fd; + } + else +-#endif + { + if (!forward->rfd4 && + !(forward->rfd4 = allocate_rfd(AF_INET))) +@@ -541,11 +524,9 @@ static int forward_query(int udpfd, unio + if (start->addr.sa.sa_family == AF_INET) + log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, + (struct all_addr *)&start->addr.in.sin_addr, NULL); +-#ifdef HAVE_IPV6 + else + log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, + (struct all_addr *)&start->addr.in6.sin6_addr, NULL); +-#endif + start->queries++; + forwarded = 1; + forward->sentto = start; +@@ -788,11 +769,8 @@ void reply_query(int fd, int family, tim + daemon->srv_save = NULL; + + /* Determine the address of the server replying so that we can mark that as good */ +- serveraddr.sa.sa_family = family; +-#ifdef HAVE_IPV6 +- if (serveraddr.sa.sa_family == AF_INET6) ++ if ((serveraddr.sa.sa_family = family) == AF_INET6) + serveraddr.in6.sin6_flowinfo = 0; +-#endif + + header = (struct dns_header *)daemon->packet; + +@@ -878,7 +856,6 @@ void reply_query(int fd, int family, tim + fd = start->sfd->fd; + else + { +-#ifdef HAVE_IPV6 + if (start->addr.sa.sa_family == AF_INET6) + { + /* may have changed family */ +@@ -887,7 +864,6 @@ void reply_query(int fd, int family, tim + fd = forward->rfd6->fd; + } + else +-#endif + { + /* may have changed family */ + if (!forward->rfd4) +@@ -902,10 +878,8 @@ void reply_query(int fd, int family, tim + + if (start->addr.sa.sa_family == AF_INET) + log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&start->addr.in.sin_addr, "dnssec"); +-#ifdef HAVE_IPV6 + else + log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&start->addr.in6.sin6_addr, "dnssec"); +-#endif + + return; + } +@@ -1099,9 +1073,7 @@ void reply_query(int fd, int family, tim + + new->sentto = server; + new->rfd4 = NULL; +-#ifdef HAVE_IPV6 + new->rfd6 = NULL; +-#endif + new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_HAS_EXTRADATA); + new->forwardall = 0; + +@@ -1125,11 +1097,9 @@ void reply_query(int fd, int family, tim + if (server->addr.sa.sa_family == AF_INET) + log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, daemon->keyname, (struct all_addr *)&(server->addr.in.sin_addr), + querystr("dnssec-query", querytype)); +-#ifdef HAVE_IPV6 + else + log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, daemon->keyname, (struct all_addr *)&(server->addr.in6.sin6_addr), + querystr("dnssec-query", querytype)); +-#endif + + if ((hash = hash_questions(header, nn, daemon->namebuff))) + memcpy(new->hash, hash, HASH_SIZE); +@@ -1147,14 +1117,12 @@ void reply_query(int fd, int family, tim + else + { + fd = -1; +-#ifdef HAVE_IPV6 + if (server->addr.sa.sa_family == AF_INET6) + { + if (new->rfd6 || (new->rfd6 = allocate_rfd(AF_INET6))) + fd = new->rfd6->fd; + } + else +-#endif + { + if (new->rfd4 || (new->rfd4 = allocate_rfd(AF_INET))) + fd = new->rfd4->fd; +@@ -1290,9 +1258,7 @@ void receive_query(struct listener *list + struct cmsghdr *cmptr; + union { + struct cmsghdr align; /* this ensures alignment */ +-#ifdef HAVE_IPV6 + char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; +-#endif + #if defined(HAVE_LINUX_NETWORK) + char control[CMSG_SPACE(sizeof(struct in_pktinfo))]; + #elif defined(IP_RECVDSTADDR) && defined(HAVE_SOLARIS_NETWORK) +@@ -1303,12 +1269,8 @@ void receive_query(struct listener *list + CMSG_SPACE(sizeof(struct sockaddr_dl))]; + #endif + } control_u; +-#ifdef HAVE_IPV6 + /* Can always get recvd interface for IPv6 */ + int check_dst = !option_bool(OPT_NOWILD) || listen->family == AF_INET6; +-#else +- int check_dst = !option_bool(OPT_NOWILD); +-#endif + + /* packet buffer overwritten */ + daemon->srv_save = NULL; +@@ -1359,7 +1321,6 @@ void receive_query(struct listener *list + if (source_addr.in.sin_port == 0) + return; + } +-#ifdef HAVE_IPV6 + else + { + /* Source-port == 0 is an error, we can't send back to that. */ +@@ -1367,13 +1328,12 @@ void receive_query(struct listener *list + return; + source_addr.in6.sin6_flowinfo = 0; + } +-#endif + + /* We can be configured to only accept queries from at-most-one-hop-away addresses. */ + if (option_bool(OPT_LOCAL_SERVICE)) + { + struct addrlist *addr; +-#ifdef HAVE_IPV6 ++ + if (listen->family == AF_INET6) + { + for (addr = daemon->interface_addrs; addr; addr = addr->next) +@@ -1382,7 +1342,6 @@ void receive_query(struct listener *list + break; + } + else +-#endif + { + struct in_addr netmask; + for (addr = daemon->interface_addrs; addr; addr = addr->next) +@@ -1451,7 +1410,6 @@ void receive_query(struct listener *list + } + #endif + +-#ifdef HAVE_IPV6 + if (listen->family == AF_INET6) + { + for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) +@@ -1467,7 +1425,6 @@ void receive_query(struct listener *list + if_index = p.p->ipi6_ifindex; + } + } +-#endif + + /* enforce available interface configuration */ + +@@ -1531,11 +1488,9 @@ void receive_query(struct listener *list + if (listen->family == AF_INET) + log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, + (struct all_addr *)&source_addr.in.sin_addr, types); +-#ifdef HAVE_IPV6 + else + log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, + (struct all_addr *)&source_addr.in6.sin6_addr, types); +-#endif + + #ifdef HAVE_AUTH + /* find queries for zones we're authoritative for, and answer them directly */ +@@ -1744,11 +1699,9 @@ static int tcp_key_recurse(time_t now, i + if (server->addr.sa.sa_family == AF_INET) + log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, keyname, (struct all_addr *)&(server->addr.in.sin_addr), + querystr("dnssec-query", new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS)); +-#ifdef HAVE_IPV6 + else + log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, keyname, (struct all_addr *)&(server->addr.in6.sin6_addr), + querystr("dnssec-query", new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS)); +-#endif + + server->flags |= SERV_GOT_TCP; + +@@ -1813,11 +1766,10 @@ unsigned char *tcp_request(int confd, ti + if (option_bool(OPT_CONNTRACK)) + { + struct all_addr local; +-#ifdef HAVE_IPV6 ++ + if (local_addr->sa.sa_family == AF_INET6) + local.addr.addr6 = local_addr->in6.sin6_addr; + else +-#endif + local.addr.addr4 = local_addr->in.sin_addr; + + have_mark = get_incoming_mark(&peer_addr, &local, 1, &mark); +@@ -1828,7 +1780,7 @@ unsigned char *tcp_request(int confd, ti + if (option_bool(OPT_LOCAL_SERVICE)) + { + struct addrlist *addr; +-#ifdef HAVE_IPV6 ++ + if (peer_addr.sa.sa_family == AF_INET6) + { + for (addr = daemon->interface_addrs; addr; addr = addr->next) +@@ -1837,7 +1789,6 @@ unsigned char *tcp_request(int confd, ti + break; + } + else +-#endif + { + struct in_addr netmask; + for (addr = daemon->interface_addrs; addr; addr = addr->next) +@@ -1892,11 +1843,9 @@ unsigned char *tcp_request(int confd, ti + if (peer_addr.sa.sa_family == AF_INET) + log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, + (struct all_addr *)&peer_addr.in.sin_addr, types); +-#ifdef HAVE_IPV6 + else + log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, + (struct all_addr *)&peer_addr.in6.sin6_addr, types); +-#endif + + #ifdef HAVE_AUTH + /* find queries for zones we're authoritative for, and answer them directly */ +@@ -2072,11 +2021,9 @@ unsigned char *tcp_request(int confd, ti + if (last_server->addr.sa.sa_family == AF_INET) + log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, + (struct all_addr *)&last_server->addr.in.sin_addr, NULL); +-#ifdef HAVE_IPV6 + else + log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, + (struct all_addr *)&last_server->addr.in6.sin6_addr, NULL); +-#endif + + #ifdef HAVE_DNSSEC + if (option_bool(OPT_DNSSEC_VALID) && !checking_disabled && (last_server->flags & SERV_DO_DNSSEC)) +@@ -2175,9 +2122,7 @@ static struct frec *allocate_frec(time_t + f->sentto = NULL; + f->rfd4 = NULL; + f->flags = 0; +-#ifdef HAVE_IPV6 + f->rfd6 = NULL; +-#endif + #ifdef HAVE_DNSSEC + f->dependent = NULL; + f->blocking_query = NULL; +@@ -2237,11 +2182,8 @@ static void free_frec(struct frec *f) + f->rfd4 = NULL; + f->sentto = NULL; + f->flags = 0; +- +-#ifdef HAVE_IPV6 + free_rfd(f->rfd6); + f->rfd6 = NULL; +-#endif + + #ifdef HAVE_DNSSEC + if (f->stash) +--- a/src/helper.c ++++ b/src/helper.c +@@ -64,9 +64,7 @@ struct script_data + #ifdef HAVE_TFTP + off_t file_len; + #endif +-#ifdef HAVE_IPV6 + struct in6_addr addr6; +-#endif + #ifdef HAVE_DHCP6 + int iaid, vendorclass_count; + #endif +@@ -302,10 +300,8 @@ int create_helper(int event_fd, int err_ + + if (!is6) + inet_ntop(AF_INET, &data.addr, daemon->addrbuff, ADDRSTRLEN); +-#ifdef HAVE_IPV6 + else + inet_ntop(AF_INET6, &data.addr6, daemon->addrbuff, ADDRSTRLEN); +-#endif + + #ifdef HAVE_TFTP + /* file length */ +@@ -826,10 +822,8 @@ void queue_tftp(off_t file_len, char *fi + + if ((buf->flags = peer->sa.sa_family) == AF_INET) + buf->addr = peer->in.sin_addr; +-#ifdef HAVE_IPV6 + else + buf->addr6 = peer->in6.sin6_addr; +-#endif + + memcpy((unsigned char *)(buf+1), filename, filename_len); + +@@ -851,10 +845,8 @@ void queue_arp(int action, unsigned char + buf->hwaddr_type = ARPHRD_ETHER; + if ((buf->flags = family) == AF_INET) + buf->addr = addr->addr.addr4; +-#ifdef HAVE_IPV6 + else + buf->addr6 = addr->addr.addr6; +-#endif + + memcpy(buf->hwaddr, mac, maclen); + +--- a/src/ipset.c ++++ b/src/ipset.c +@@ -120,13 +120,8 @@ static int new_add_to_ipset(const char * + struct my_nfgenmsg *nfg; + struct my_nlattr *nested[2]; + uint8_t proto; +- int addrsz = INADDRSZ; ++ int addrsz = (af == AF_INET6) ? INADDRSZ : IN6ADDRSZ; + +-#ifdef HAVE_IPV6 +- if (af == AF_INET6) +- addrsz = IN6ADDRSZ; +-#endif +- + if (strlen(setname) >= IPSET_MAXNAMELEN) + { + errno = ENAMETOOLONG; +@@ -213,7 +208,6 @@ int add_to_ipset(const char *setname, co + { + int ret = 0, af = AF_INET; + +-#ifdef HAVE_IPV6 + if (flags & F_IPV6) + { + af = AF_INET6; +@@ -224,7 +218,6 @@ int add_to_ipset(const char *setname, co + ret = -1; + } + } +-#endif + + if (ret != -1) + ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); +--- a/src/netlink.c ++++ b/src/netlink.c +@@ -51,11 +51,10 @@ void netlink_init(void) + addr.nl_groups = RTMGRP_IPV4_ROUTE; + if (option_bool(OPT_CLEVERBIND)) + addr.nl_groups |= RTMGRP_IPV4_IFADDR; +-#ifdef HAVE_IPV6 + addr.nl_groups |= RTMGRP_IPV6_ROUTE; + if (option_bool(OPT_CLEVERBIND)) + addr.nl_groups |= RTMGRP_IPV6_IFADDR; +-#endif ++ + #ifdef HAVE_DHCP6 + if (daemon->doing_ra || daemon->doing_dhcp6) + addr.nl_groups |= RTMGRP_IPV6_IFADDR; +@@ -235,7 +234,6 @@ int iface_enumerate(int family, void *pa + if (!((*callback)(addr, ifa->ifa_index, label, netmask, broadcast, parm))) + callback_ok = 0; + } +-#ifdef HAVE_IPV6 + else if (ifa->ifa_family == AF_INET6) + { + struct in6_addr *addrp = NULL; +@@ -270,7 +268,6 @@ int iface_enumerate(int family, void *pa + (int) preferred, (int)valid, parm))) + callback_ok = 0; + } +-#endif + } + } + else if (h->nlmsg_type == RTM_NEWNEIGH && family == AF_UNSPEC) +--- a/src/network.c ++++ b/src/network.c +@@ -137,12 +137,10 @@ int iface_check(int family, struct all_a + if (family == AF_INET && + tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) + ret = match_addr = tmp->used = 1; +-#ifdef HAVE_IPV6 + else if (family == AF_INET6 && + IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, + &addr->addr.addr6)) + ret = match_addr = tmp->used = 1; +-#endif + } + } + +@@ -162,11 +160,9 @@ int iface_check(int family, struct all_a + else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET && + tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) + break; +-#ifdef HAVE_IPV6 + else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 && + IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6)) + break; +-#endif + + if (tmp && auth) + { +@@ -200,11 +196,8 @@ int loopback_exception(int fd, int famil + if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) + return 1; + } +-#ifdef HAVE_IPV6 + else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6)) + return 1; +-#endif +- + } + } + return 0; +@@ -292,19 +285,15 @@ static int iface_allowed(struct iface_pa + al->addr.addr.addr4 = addr->in.sin_addr; + al->flags = 0; + } +-#ifdef HAVE_IPV6 + else + { + al->addr.addr.addr6 = addr->in6.sin6_addr; + al->flags = ADDRLIST_IPV6; + } +-#endif + } + } + +-#ifdef HAVE_IPV6 + if (addr->sa.sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr)) +-#endif + { + struct interface_name *int_name; + struct addrlist *al; +@@ -337,7 +326,6 @@ static int iface_allowed(struct iface_pa + } + } + +-#ifdef HAVE_IPV6 + if (addr->sa.sa_family == AF_INET6 && (name->flags & AUTH6)) + { + if (param->spare) +@@ -357,8 +345,6 @@ static int iface_allowed(struct iface_pa + al->flags = ADDRLIST_IPV6; + } + } +-#endif +- + } + #endif + +@@ -386,7 +372,6 @@ static int iface_allowed(struct iface_pa + al->addr.addr.addr4 = addr->in.sin_addr; + al->flags = 0; + } +-#ifdef HAVE_IPV6 + else + { + al->addr.addr.addr6 = addr->in6.sin6_addr; +@@ -396,7 +381,6 @@ static int iface_allowed(struct iface_pa + if (!(iface_flags & IFACE_PERMANENT) || (iface_flags & (IFACE_DEPRECATED | IFACE_TENTATIVE))) + al->flags |= ADDRLIST_REVONLY; + } +-#endif + } + } + } +@@ -438,11 +422,9 @@ static int iface_allowed(struct iface_pa + !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns)) + return 1; + +-#ifdef HAVE_IPV6 + if (addr->sa.sa_family == AF_INET6 && + !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns)) + return 1; +-#endif + + #ifdef HAVE_DHCP + /* No DHCP where we're doing auth DNS. */ +@@ -501,7 +483,6 @@ static int iface_allowed(struct iface_pa + return 0; + } + +-#ifdef HAVE_IPV6 + static int iface_allowed_v6(struct in6_addr *local, int prefix, + int scope, int if_index, int flags, + int preferred, int valid, void *vparam) +@@ -529,7 +510,6 @@ static int iface_allowed_v6(struct in6_a + + return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, flags); + } +-#endif + + static int iface_allowed_v4(struct in_addr local, int if_index, char *label, + struct in_addr netmask, struct in_addr broadcast, void *vparam) +@@ -633,9 +613,7 @@ int enumerate_interfaces(int reset) + + param.spare = spare; + +-#ifdef HAVE_IPV6 + ret = iface_enumerate(AF_INET6, ¶m, iface_allowed_v6); +-#endif + + if (ret) + ret = iface_enumerate(AF_INET, ¶m, iface_allowed_v4); +@@ -740,10 +718,8 @@ static int make_sock(union mysockaddr *a + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1 || !fix_fd(fd)) + goto err; + +-#ifdef HAVE_IPV6 + if (family == AF_INET6 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1) + goto err; +-#endif + + if ((rc = bind(fd, (struct sockaddr *)addr, sa_len(addr))) == -1) + goto err; +@@ -767,15 +743,12 @@ static int make_sock(union mysockaddr *a + #endif + } + } +-#ifdef HAVE_IPV6 + else if (!set_ipv6pktinfo(fd)) + goto err; +-#endif + + return fd; + } + +-#ifdef HAVE_IPV6 + int set_ipv6pktinfo(int fd) + { + int opt = 1; +@@ -802,7 +775,6 @@ int set_ipv6pktinfo(int fd) + + return 0; + } +-#endif + + + /* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */ +@@ -842,7 +814,6 @@ int tcp_interface(int fd, int af) + } + } + } +-#ifdef HAVE_IPV6 + else + { + /* Only the RFC-2292 API has the ability to find the interface for TCP connections, +@@ -874,7 +845,6 @@ int tcp_interface(int fd, int af) + } + } + } +-#endif /* IPV6 */ + #endif /* Linux */ + + return if_index; +@@ -904,7 +874,6 @@ static struct listener *create_listeners + tftpfd = make_sock(addr, SOCK_DGRAM, dienow); + addr->in.sin_port = save; + } +-# ifdef HAVE_IPV6 + else + { + short save = addr->in6.sin6_port; +@@ -912,7 +881,6 @@ static struct listener *create_listeners + tftpfd = make_sock(addr, SOCK_DGRAM, dienow); + addr->in6.sin6_port = save; + } +-# endif + } + #endif + +@@ -945,11 +913,10 @@ void create_wildcard_listeners(void) + + l = create_listeners(&addr, !!option_bool(OPT_TFTP), 1); + +-#ifdef HAVE_IPV6 + memset(&addr, 0, sizeof(addr)); +-# ifdef HAVE_SOCKADDR_SA_LEN ++#ifdef HAVE_SOCKADDR_SA_LEN + addr.in6.sin6_len = sizeof(addr.in6); +-# endif ++#endif + addr.in6.sin6_family = AF_INET6; + addr.in6.sin6_addr = in6addr_any; + addr.in6.sin6_port = htons(daemon->port); +@@ -959,7 +926,6 @@ void create_wildcard_listeners(void) + l->next = l6; + else + l = l6; +-#endif + + daemon->listeners = l; + } +@@ -1159,7 +1125,6 @@ int random_sock(int family) + addr.in.sin_len = sizeof(struct sockaddr_in); + #endif + } +-#ifdef HAVE_IPV6 + else + { + addr.in6.sin6_addr = in6addr_any; +@@ -1168,7 +1133,6 @@ int random_sock(int family) + addr.in6.sin6_len = sizeof(struct sockaddr_in6); + #endif + } +-#endif + + if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0) + return fd; +@@ -1193,10 +1157,8 @@ int local_bind(int fd, union mysockaddr + { + if (addr_copy.sa.sa_family == AF_INET) + addr_copy.in.sin_port = 0; +-#ifdef HAVE_IPV6 + else + addr_copy.in6.sin6_port = 0; +-#endif + } + + if (bind(fd, (struct sockaddr *)&addr_copy, sa_len(&addr_copy)) == -1) +@@ -1211,7 +1173,7 @@ int local_bind(int fd, union mysockaddr + return setsockopt(fd, IPPROTO_IP, IP_UNICAST_IF, &ifindex_opt, sizeof(ifindex_opt)) == 0; + } + #endif +-#if defined(HAVE_IPV6) && defined (IPV6_UNICAST_IF) ++#if defined (IPV6_UNICAST_IF) + if (addr_copy.sa.sa_family == AF_INET6) + { + uint32_t ifindex_opt = htonl(ifindex); +@@ -1247,12 +1209,10 @@ static struct serverfd *allocate_sfd(uni + addr->in.sin_port == htons(0)) + return NULL; + +-#ifdef HAVE_IPV6 + if (addr->sa.sa_family == AF_INET6 && + memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 && + addr->in6.sin6_port == htons(0)) + return NULL; +-#endif + } + + if (intname && strlen(intname) != 0) +@@ -1315,7 +1275,7 @@ void pre_allocate_sfds(void) + #endif + if ((sfd = allocate_sfd(&addr, ""))) + sfd->preallocated = 1; +-#ifdef HAVE_IPV6 ++ + memset(&addr, 0, sizeof(addr)); + addr.in6.sin6_family = AF_INET6; + addr.in6.sin6_addr = in6addr_any; +@@ -1325,7 +1285,6 @@ void pre_allocate_sfds(void) + #endif + if ((sfd = allocate_sfd(&addr, ""))) + sfd->preallocated = 1; +-#endif + } + + for (srv = daemon->servers; srv; srv = srv->next) +@@ -1658,7 +1617,6 @@ int reload_servers(char *fname) + source_addr.in.sin_addr.s_addr = INADDR_ANY; + source_addr.in.sin_port = htons(daemon->query_port); + } +-#ifdef HAVE_IPV6 + else + { + int scope_index = 0; +@@ -1686,10 +1644,6 @@ int reload_servers(char *fname) + else + continue; + } +-#else /* IPV6 */ +- else +- continue; +-#endif + + add_update_server(SERV_FROM_RESOLV, &addr, &source_addr, NULL, NULL); + gotone = 1; +--- a/src/option.c ++++ b/src/option.c +@@ -764,10 +764,8 @@ static char *parse_mysockaddr(char *arg, + { + if (inet_pton(AF_INET, arg, &addr->in.sin_addr) > 0) + addr->sa.sa_family = AF_INET; +-#ifdef HAVE_IPV6 + else if (inet_pton(AF_INET6, arg, &addr->in6.sin6_addr) > 0) + addr->sa.sa_family = AF_INET6; +-#endif + else + return _("bad address"); + +@@ -779,10 +777,8 @@ char *parse_server(char *arg, union myso + int source_port = 0, serv_port = NAMESERVER_PORT; + char *portno, *source; + char *interface_opt = NULL; +-#ifdef HAVE_IPV6 + int scope_index = 0; + char *scope_id; +-#endif + + if (!arg || strlen(arg) == 0) + { +@@ -800,9 +796,7 @@ char *parse_server(char *arg, union myso + !atoi_check16(portno, &serv_port)) + return _("bad port"); + +-#ifdef HAVE_IPV6 + scope_id = split_chr(arg, '%'); +-#endif + + if (source) { + interface_opt = split_chr(source, '@'); +@@ -846,7 +840,6 @@ char *parse_server(char *arg, union myso + } + } + } +-#ifdef HAVE_IPV6 + else if (inet_pton(AF_INET6, arg, &addr->in6.sin6_addr) > 0) + { + if (scope_id && (scope_index = if_nametoindex(scope_id)) == 0) +@@ -881,7 +874,6 @@ char *parse_server(char *arg, union myso + } + } + } +-#endif + else + return _("bad address"); + +@@ -1914,10 +1906,8 @@ static int one_opt(int option, char *arg + unhide_metas(arg); + if (inet_pton(AF_INET, arg, &new->addr.in.sin_addr) > 0) + new->addr.sa.sa_family = AF_INET; +-#ifdef HAVE_IPV6 + else if (inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0) + new->addr.sa.sa_family = AF_INET6; +-#endif + else + { + char *fam = split_chr(arg, '/'); +@@ -1927,10 +1917,8 @@ static int one_opt(int option, char *arg + { + if (strcmp(fam, "4") == 0) + new->addr.sa.sa_family = AF_INET; +-#ifdef HAVE_IPV6 + else if (strcmp(fam, "6") == 0) + new->addr.sa.sa_family = AF_INET6; +-#endif + else + ret_err(gen_err); + } +@@ -1996,14 +1984,12 @@ static int one_opt(int option, char *arg + subnet->prefixlen = (prefixlen == 0) ? 24 : prefixlen; + subnet->flags = ADDRLIST_LITERAL; + } +-#ifdef HAVE_IPV6 + else if (inet_pton(AF_INET6, arg, &addr.addr.addr6)) + { + subnet = opt_malloc(sizeof(struct addrlist)); + subnet->prefixlen = (prefixlen == 0) ? 64 : prefixlen; + subnet->flags = ADDRLIST_LITERAL | ADDRLIST_IPV6; + } +-#endif + else + { + struct auth_name_list *name = opt_malloc(sizeof(struct auth_name_list)); +@@ -2015,10 +2001,8 @@ static int one_opt(int option, char *arg + { + if (prefixlen == 4) + name->flags &= ~AUTH6; +-#ifdef HAVE_IPV6 + else if (prefixlen == 6) + name->flags &= ~AUTH4; +-#endif + else + ret_err(gen_err); + } +@@ -2139,7 +2123,6 @@ static int one_opt(int option, char *arg + } + } + } +-#ifdef HAVE_IPV6 + else if (inet_pton(AF_INET6, comma, &new->start6)) + { + u64 mask = (1LLU << (128 - msize)) - 1LLU; +@@ -2183,7 +2166,6 @@ static int one_opt(int option, char *arg + } + } + } +-#endif + else + ret_err(gen_err); + } +@@ -2201,7 +2183,6 @@ static int one_opt(int option, char *arg + else if (!inet_pton(AF_INET, arg, &new->end)) + ret_err(gen_err); + } +-#ifdef HAVE_IPV6 + else if (inet_pton(AF_INET6, comma, &new->start6)) + { + new->is6 = 1; +@@ -2210,7 +2191,6 @@ static int one_opt(int option, char *arg + else if (!inet_pton(AF_INET6, arg, &new->end6)) + ret_err(gen_err); + } +-#endif + else + ret_err(gen_err); + +@@ -2369,7 +2349,6 @@ static int one_opt(int option, char *arg + new->addr.in.sin_len = sizeof(new->addr.in); + #endif + } +-#ifdef HAVE_IPV6 + else if (arg && inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0) + { + new->addr.sa.sa_family = AF_INET6; +@@ -2380,7 +2359,6 @@ static int one_opt(int option, char *arg + new->addr.in6.sin6_len = sizeof(new->addr.in6); + #endif + } +-#endif + else + ret_err(gen_err); + +@@ -2493,9 +2471,7 @@ static int one_opt(int option, char *arg + int size; + struct server *serv; + struct in_addr addr4; +-#ifdef HAVE_IPV6 + struct in6_addr addr6; +-#endif + + unhide_metas(arg); + if (!arg || !(comma=split(arg)) || !(string = split_chr(arg, '/')) || !atoi_check(string, &size)) +@@ -2507,10 +2483,8 @@ static int one_opt(int option, char *arg + if (!serv) + ret_err(_("bad prefix")); + } +-#ifdef HAVE_IPV6 + else if (inet_pton(AF_INET6, arg, &addr6)) + serv = add_rev6(&addr6, size); +-#endif + else + ret_err(gen_err); + +@@ -3863,10 +3837,8 @@ err: + { + if (strcmp(arg, "4") == 0) + new->family = AF_INET; +-#ifdef HAVE_IPV6 + else if (strcmp(arg, "6") == 0) + new->family = AF_INET6; +-#endif + else + ret_err(gen_err); + } +@@ -4156,10 +4128,8 @@ err: + new->ttl = atoi(arg); + else if (inet_pton(AF_INET, arg, &addr)) + new->addr = addr.addr.addr4; +-#ifdef HAVE_IPV6 + else if (inet_pton(AF_INET6, arg, &addr)) + new->addr6 = addr.addr.addr6; +-#endif + else + { + int nomem; +@@ -4866,10 +4836,8 @@ void read_opts(int argc, char **argv, ch + { + if (tmp->source_addr.sa.sa_family == AF_INET) + tmp->source_addr.in.sin_port = htons(daemon->query_port); +-#ifdef HAVE_IPV6 + else if (tmp->source_addr.sa.sa_family == AF_INET6) + tmp->source_addr.in6.sin6_port = htons(daemon->query_port); +-#endif + } + } + +@@ -4930,10 +4898,8 @@ void read_opts(int argc, char **argv, ch + for(tmp = daemon->if_addrs; tmp; tmp = tmp->next) + if (tmp->addr.sa.sa_family == AF_INET) + tmp->addr.in.sin_port = htons(daemon->port); +-#ifdef HAVE_IPV6 + else if (tmp->addr.sa.sa_family == AF_INET6) + tmp->addr.in6.sin6_port = htons(daemon->port); +-#endif /* IPv6 */ + } + + /* create default, if not specified */ +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -198,7 +198,6 @@ int in_arpa_name_2_addr(char *namein, st + + return F_IPV4; + } +-#ifdef HAVE_IPV6 + else if (hostname_isequal(penchunk, "ip6") && + (hostname_isequal(lastchunk, "int") || hostname_isequal(lastchunk, "arpa"))) + { +@@ -243,7 +242,6 @@ int in_arpa_name_2_addr(char *namein, st + return F_IPV6; + } + } +-#endif + + return 0; + } +@@ -426,7 +424,6 @@ int private_net(struct in_addr addr, int + ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF) /* 255.255.255.255/32 (broadcast)*/ ; + } + +-#ifdef HAVE_IPV6 + static int private_net6(struct in6_addr *a) + { + return +@@ -436,8 +433,6 @@ static int private_net6(struct in6_addr + ((unsigned char *)a)[0] == 0xfd || /* RFC 6303 4.4 */ + ((u32 *)a)[0] == htonl(0x20010db8); /* RFC 6303 4.6 */ + } +-#endif +- + + static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name, int *doctored) + { +@@ -738,13 +733,11 @@ int extract_addresses(struct dns_header + addrlen = INADDRSZ; + flags |= F_IPV4; + } +-#ifdef HAVE_IPV6 + else if (qtype == T_AAAA) + { + addrlen = IN6ADDRSZ; + flags |= F_IPV6; + } +-#endif + else + continue; + +@@ -818,7 +811,6 @@ int extract_addresses(struct dns_header + private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND))) + return 1; + +-#ifdef HAVE_IPV6 + if ((flags & F_IPV6) && + IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6)) + { +@@ -827,7 +819,6 @@ int extract_addresses(struct dns_header + if (private_net(v4, !option_bool(OPT_LOCAL_REBIND))) + return 1; + } +-#endif + } + + #ifdef HAVE_IPSET +@@ -966,7 +957,6 @@ size_t setup_reply(struct dns_header *he + add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); + } + +-#ifdef HAVE_IPV6 + if (flags & F_IPV6) + { + SET_RCODE(header, NOERROR); +@@ -974,7 +964,6 @@ size_t setup_reply(struct dns_header *he + header->hb3 |= HB3_AA; + add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_AAAA, C_IN, "6", addrp); + } +-#endif + } + else /* nowhere to forward to */ + { +@@ -1164,14 +1153,12 @@ int add_resource_record(struct dns_heade + for (; *format; format++) + switch (*format) + { +-#ifdef HAVE_IPV6 + case '6': + CHECK_LIMIT(IN6ADDRSZ); + sval = va_arg(ap, char *); + memcpy(p, sval, IN6ADDRSZ); + p += IN6ADDRSZ; + break; +-#endif + + case '4': + CHECK_LIMIT(INADDRSZ); +@@ -1413,7 +1400,6 @@ size_t answer_request(struct dns_header + while (intr->next && strcmp(intr->intr, intr->next->intr) == 0) + intr = intr->next; + } +-#ifdef HAVE_IPV6 + else if (is_arpa == F_IPV6) + for (intr = daemon->int_names; intr; intr = intr->next) + { +@@ -1429,7 +1415,6 @@ size_t answer_request(struct dns_header + while (intr->next && strcmp(intr->intr, intr->next->intr) == 0) + intr = intr->next; + } +-#endif + + if (intr) + { +@@ -1521,9 +1506,7 @@ size_t answer_request(struct dns_header + } + } + else if (option_bool(OPT_BOGUSPRIV) && ( +-#ifdef HAVE_IPV6 + (is_arpa == F_IPV6 && private_net6(&addr.addr.addr6)) || +-#endif + (is_arpa == F_IPV4 && private_net(addr.addr.addr4, 1)))) + { + struct server *serv; +@@ -1564,16 +1547,9 @@ size_t answer_request(struct dns_header + + for (flag = F_IPV4; flag; flag = (flag == F_IPV4) ? F_IPV6 : 0) + { +- unsigned short type = T_A; ++ unsigned short type = (flag == F_IPV6) ? T_AAAA : T_A; + struct interface_name *intr; + +- if (flag == F_IPV6) +-#ifdef HAVE_IPV6 +- type = T_AAAA; +-#else +- break; +-#endif +- + if (qtype != type && qtype != T_ANY) + continue; + +@@ -1596,31 +1572,26 @@ size_t answer_request(struct dns_header + for (intr = daemon->int_names; intr; intr = intr->next) + if (hostname_isequal(name, intr->name)) + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) +-#ifdef HAVE_IPV6 +- if (!(addrlist->flags & ADDRLIST_IPV6)) +-#endif +- if (is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) +- { +- localise = 1; +- break; +- } ++ if (!(addrlist->flags & ADDRLIST_IPV6) && ++ is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) ++ { ++ localise = 1; ++ break; ++ } + + for (intr = daemon->int_names; intr; intr = intr->next) + if (hostname_isequal(name, intr->name)) + { + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) +-#ifdef HAVE_IPV6 + if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type) +-#endif + { + if (localise && + !is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) + continue; + +-#ifdef HAVE_IPV6 + if (addrlist->flags & ADDRLIST_REVONLY) + continue; +-#endif ++ + ans = 1; + sec_data = 0; + if (!dryrun) +@@ -1904,11 +1875,8 @@ size_t answer_request(struct dns_header + crecp = NULL; + while ((crecp = cache_find_by_name(crecp, rec->target, now, F_IPV4 | F_IPV6))) + { +-#ifdef HAVE_IPV6 + int type = crecp->flags & F_IPV4 ? T_A : T_AAAA; +-#else +- int type = T_A; +-#endif ++ + if (crecp->flags & F_NEG) + continue; + +--- a/src/tables.c ++++ b/src/tables.c +@@ -108,7 +108,7 @@ int add_to_ipset(const char *setname, co + my_syslog(LOG_INFO, _("info: table created")); + + bzero(&addr, sizeof(addr)); +-#ifdef HAVE_IPV6 ++ + if (flags & F_IPV6) + { + addr.pfra_af = AF_INET6; +@@ -116,7 +116,6 @@ int add_to_ipset(const char *setname, co + memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); + } + else +-#endif + { + addr.pfra_af = AF_INET; + addr.pfra_net = 0x20; +--- a/src/tftp.c ++++ b/src/tftp.c +@@ -60,17 +60,11 @@ void tftp_request(struct listener *liste + char *prefix = daemon->tftp_prefix; + struct tftp_prefix *pref; + struct all_addr addra; +-#ifdef HAVE_IPV6 + /* Can always get recvd interface for IPv6 */ + int check_dest = !option_bool(OPT_NOWILD) || listen->family == AF_INET6; +-#else +- int check_dest = !option_bool(OPT_NOWILD); +-#endif + union { + struct cmsghdr align; /* this ensures alignment */ +-#ifdef HAVE_IPV6 + char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; +-#endif + #if defined(HAVE_LINUX_NETWORK) + char control[CMSG_SPACE(sizeof(struct in_pktinfo))]; + #elif defined(HAVE_SOLARIS_NETWORK) +@@ -174,7 +168,6 @@ void tftp_request(struct listener *liste + + #endif + +-#ifdef HAVE_IPV6 + if (listen->family == AF_INET6) + { + for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) +@@ -190,7 +183,6 @@ void tftp_request(struct listener *liste + if_index = p.p->ipi6_ifindex; + } + } +-#endif + + if (!indextoname(listen->tftpfd, if_index, namebuff)) + return; +@@ -199,10 +191,8 @@ void tftp_request(struct listener *liste + + addra.addr.addr4 = addr.in.sin_addr; + +-#ifdef HAVE_IPV6 + if (listen->family == AF_INET6) + addra.addr.addr6 = addr.in6.sin6_addr; +-#endif + + if (daemon->tftp_interfaces) + { +@@ -262,7 +252,6 @@ void tftp_request(struct listener *liste + addr.in.sin_len = sizeof(addr.in); + #endif + } +-#ifdef HAVE_IPV6 + else + { + addr.in6.sin6_port = htons(port); +@@ -272,7 +261,6 @@ void tftp_request(struct listener *liste + addr.in6.sin6_len = sizeof(addr.in6); + #endif + } +-#endif + + if (!(transfer = whine_malloc(sizeof(struct tftp_transfer)))) + return; +@@ -310,10 +298,9 @@ void tftp_request(struct listener *liste + { + if (listen->family == AF_INET) + addr.in.sin_port = htons(port); +-#ifdef HAVE_IPV6 + else +- addr.in6.sin6_port = htons(port); +-#endif ++ addr.in6.sin6_port = htons(port); ++ + continue; + } + my_syslog(MS_TFTP | LOG_ERR, _("unable to get free port for TFTP")); +--- a/src/util.c ++++ b/src/util.c +@@ -320,13 +320,12 @@ int sockaddr_isequal(union mysockaddr *s + s1->in.sin_port == s2->in.sin_port && + s1->in.sin_addr.s_addr == s2->in.sin_addr.s_addr) + return 1; +-#ifdef HAVE_IPV6 ++ + if (s1->sa.sa_family == AF_INET6 && + s1->in6.sin6_port == s2->in6.sin6_port && + s1->in6.sin6_scope_id == s2->in6.sin6_scope_id && + IN6_ARE_ADDR_EQUAL(&s1->in6.sin6_addr, &s2->in6.sin6_addr)) + return 1; +-#endif + } + return 0; + } +@@ -336,11 +335,9 @@ int sa_len(union mysockaddr *addr) + #ifdef HAVE_SOCKADDR_SA_LEN + return addr->sa.sa_len; + #else +-#ifdef HAVE_IPV6 + if (addr->sa.sa_family == AF_INET6) + return sizeof(addr->in6); + else +-#endif + return sizeof(addr->in); + #endif + } +@@ -437,7 +434,6 @@ int is_same_net(struct in_addr a, struct + return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr); + } + +-#ifdef HAVE_IPV6 + int is_same_net6(struct in6_addr *a, struct in6_addr *b, int prefixlen) + { + int pfbytes = prefixlen >> 3; +@@ -476,15 +472,12 @@ void setaddr6part(struct in6_addr *addr, + } + } + +-#endif +- + + /* returns port number from address */ + int prettyprint_addr(union mysockaddr *addr, char *buf) + { + int port = 0; + +-#ifdef HAVE_IPV6 + if (addr->sa.sa_family == AF_INET) + { + inet_ntop(AF_INET, &addr->in.sin_addr, buf, ADDRSTRLEN); +@@ -503,10 +496,6 @@ int prettyprint_addr(union mysockaddr *a + } + port = ntohs(addr->in6.sin6_port); + } +-#else +- strcpy(buf, inet_ntoa(addr->in.sin_addr)); +- port = ntohs(addr->in.sin_port); +-#endif + + return port; + } diff --git a/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch b/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch new file mode 100644 index 00000000000..497b4c3df21 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch @@ -0,0 +1,52 @@ +From cf5984367bc6a949e3803a576512c5a7bc48ebab Mon Sep 17 00:00:00 2001 +From: Vladislav Grishenko +Date: Thu, 18 Oct 2018 04:55:21 +0500 +Subject: [PATCH 04/11] Don't forward *.bind/*.server queries upstream + +Chaos .bind and .server (RFC4892) zones are local, therefore +don't forward queries upstream to avoid mixing with supported +locally and false replies with NO_ID enabled. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/rfc1035.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1276,7 +1276,7 @@ size_t answer_request(struct dns_header + int q, ans, anscount = 0, addncount = 0; + int dryrun = 0; + struct crec *crecp; +- int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1; ++ int nxdomain = 0, notimp = 0, auth = 1, trunc = 0, sec_data = 1; + struct mx_srv_record *rec; + size_t len; + +@@ -1355,6 +1355,17 @@ size_t answer_request(struct dns_header + } + } + ++ if (qclass == C_CHAOS) ++ { ++ /* don't forward *.bind and *.server chaos queries */ ++ if (hostname_issubdomain("bind", name) || hostname_issubdomain("server", name)) ++ { ++ if (!ans) ++ notimp = 1, auth = 0; ++ ans = 1; ++ } ++ } ++ + if (qclass == C_IN) + { + struct txt_record *t; +@@ -1903,6 +1914,8 @@ size_t answer_request(struct dns_header + + if (nxdomain) + SET_RCODE(header, NXDOMAIN); ++ else if (notimp) ++ SET_RCODE(header, NOTIMP); + else + SET_RCODE(header, NOERROR); /* no error */ + header->ancount = htons(anscount); diff --git a/package/network/services/dnsmasq/patches/0005-Fix-logging-in-cf5984367bc6a949e3803a576512c5a7bc48e.patch b/package/network/services/dnsmasq/patches/0005-Fix-logging-in-cf5984367bc6a949e3803a576512c5a7bc48e.patch new file mode 100644 index 00000000000..b9be3061180 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0005-Fix-logging-in-cf5984367bc6a949e3803a576512c5a7bc48e.patch @@ -0,0 +1,63 @@ +From cbb5b17ad8e03e08ade62376a4f6a2066e55960d Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 23 Oct 2018 23:45:57 +0100 +Subject: [PATCH 05/11] Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/rfc1035.c | 27 ++++++++++++++++++--------- + 1 file changed, 18 insertions(+), 9 deletions(-) + +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1335,7 +1335,6 @@ size_t answer_request(struct dns_header + { + unsigned long ttl = daemon->local_ttl; + int ok = 1; +- log_query(F_CONFIG | F_RRNAME, name, NULL, ""); + #ifndef NO_ID + /* Dynamically generate stat record */ + if (t->stat != 0) +@@ -1345,11 +1344,14 @@ size_t answer_request(struct dns_header + ok = 0; + } + #endif +- if (ok && add_resource_record(header, limit, &trunc, nameoffset, &ansp, +- ttl, NULL, +- T_TXT, t->class, "t", t->len, t->txt)) +- anscount++; +- ++ if (ok) ++ { ++ log_query(F_CONFIG | F_RRNAME, name, NULL, ""); ++ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, ++ ttl, NULL, ++ T_TXT, t->class, "t", t->len, t->txt)) ++ anscount++; ++ } + } + } + } +@@ -1357,12 +1359,19 @@ size_t answer_request(struct dns_header + + if (qclass == C_CHAOS) + { +- /* don't forward *.bind and *.server chaos queries */ ++ /* don't forward *.bind and *.server chaos queries - always reply with NOTIMP */ + if (hostname_issubdomain("bind", name) || hostname_issubdomain("server", name)) + { + if (!ans) +- notimp = 1, auth = 0; +- ans = 1; ++ { ++ notimp = 1, auth = 0; ++ if (!dryrun) ++ { ++ addr.addr.rcode.rcode = NOTIMP; ++ log_query(F_CONFIG | F_RCODE, name, &addr, NULL); ++ } ++ ans = 1; ++ } + } + } + diff --git a/package/network/services/dnsmasq/patches/0006-Fix-spurious-AD-flags-in-some-DNS-replies-from-local.patch b/package/network/services/dnsmasq/patches/0006-Fix-spurious-AD-flags-in-some-DNS-replies-from-local.patch new file mode 100644 index 00000000000..3271a5f3af2 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0006-Fix-spurious-AD-flags-in-some-DNS-replies-from-local.patch @@ -0,0 +1,120 @@ +From 6f7812d97bc8f87004c0a5069c6c94c64af78106 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 23 Oct 2018 23:54:44 +0100 +Subject: [PATCH 06/11] Fix spurious AD flags in some DNS replies from local + config. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/rfc1035.c | 42 ++++++++++++++++++++++++------------------ + 1 file changed, 24 insertions(+), 18 deletions(-) + +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1330,7 +1330,7 @@ size_t answer_request(struct dns_header + { + if (t->class == qclass && hostname_isequal(name, t->name)) + { +- ans = 1; ++ ans = 1, sec_data = 0; + if (!dryrun) + { + unsigned long ttl = daemon->local_ttl; +@@ -1370,7 +1370,7 @@ size_t answer_request(struct dns_header + addr.addr.rcode.rcode = NOTIMP; + log_query(F_CONFIG | F_RCODE, name, &addr, NULL); + } +- ans = 1; ++ ans = 1, sec_data = 0; + } + } + } +@@ -1725,7 +1725,7 @@ size_t answer_request(struct dns_header + } + else if (is_name_synthetic(flag, name, &addr)) + { +- ans = 1; ++ ans = 1, sec_data = 0; + if (!dryrun) + { + log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL); +@@ -1763,25 +1763,27 @@ size_t answer_request(struct dns_header + for (rec = daemon->mxnames; rec; rec = rec->next) + if (!rec->issrv && hostname_isequal(name, rec->name)) + { +- ans = found = 1; +- if (!dryrun) +- { +- int offset; +- log_query(F_CONFIG | F_RRNAME, name, NULL, ""); +- if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, +- &offset, T_MX, C_IN, "sd", rec->weight, rec->target)) +- { +- anscount++; +- if (rec->target) +- rec->offset = offset; +- } +- } ++ ans = found = 1; ++ sec_data = 0; ++ if (!dryrun) ++ { ++ int offset; ++ log_query(F_CONFIG | F_RRNAME, name, NULL, ""); ++ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, ++ &offset, T_MX, C_IN, "sd", rec->weight, rec->target)) ++ { ++ anscount++; ++ if (rec->target) ++ rec->offset = offset; ++ } ++ } + } + + if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) && + cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP | F_NO_RR)) + { + ans = 1; ++ sec_data = 0; + if (!dryrun) + { + log_query(F_CONFIG | F_RRNAME, name, NULL, ""); +@@ -1802,6 +1804,7 @@ size_t answer_request(struct dns_header + if (rec->issrv && hostname_isequal(name, rec->name)) + { + found = ans = 1; ++ sec_data = 0; + if (!dryrun) + { + int offset; +@@ -1838,6 +1841,7 @@ size_t answer_request(struct dns_header + if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_')))) + { + ans = 1; ++ sec_data = 0; + if (!dryrun) + log_query(F_CONFIG | F_NEG, name, NULL, NULL); + } +@@ -1850,6 +1854,7 @@ size_t answer_request(struct dns_header + if (hostname_isequal(name, na->name)) + { + ans = 1; ++ sec_data = 0; + if (!dryrun) + { + log_query(F_CONFIG | F_RRNAME, name, NULL, ""); +@@ -1862,11 +1867,12 @@ size_t answer_request(struct dns_header + } + + if (qtype == T_MAILB) +- ans = 1, nxdomain = 1; ++ ans = 1, nxdomain = 1, sec_data = 0; + + if (qtype == T_SOA && option_bool(OPT_FILTER)) + { +- ans = 1; ++ ans = 1; ++ sec_data = 0; + if (!dryrun) + log_query(F_CONFIG | F_NEG, name, &addr, NULL); + } diff --git a/package/network/services/dnsmasq/patches/0007-Do-not-rely-on-dead-code-elimination-use-array-inste.patch b/package/network/services/dnsmasq/patches/0007-Do-not-rely-on-dead-code-elimination-use-array-inste.patch new file mode 100644 index 00000000000..55ea917c39b --- /dev/null +++ b/package/network/services/dnsmasq/patches/0007-Do-not-rely-on-dead-code-elimination-use-array-inste.patch @@ -0,0 +1,71 @@ +From 24b87607c1353e94689e8a2190571ab3f3b36f31 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Wed, 24 Oct 2018 22:30:18 +0100 +Subject: [PATCH 07/11] Do not rely on dead code elimination, use array + instead. Make options bits derived from size and count. Use size of option + bits and last supported bit in computation. No new change would be required + when new options are added. Just change OPT_LAST constant. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/dnsmasq.h | 11 +++++++---- + src/option.c | 10 ++-------- + 2 files changed, 9 insertions(+), 12 deletions(-) + +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -200,9 +200,6 @@ struct event_desc { + #define EC_MISC 5 + #define EC_INIT_OFFSET 10 + +-/* Trust the compiler dead-code eliminator.... */ +-#define option_bool(x) (((x) < 32) ? daemon->options & (1u << (x)) : daemon->options2 & (1u << ((x) - 32))) +- + #define OPT_BOGUSPRIV 0 + #define OPT_FILTER 1 + #define OPT_LOG 2 +@@ -264,6 +261,12 @@ struct event_desc { + #define OPT_UBUS 58 + #define OPT_LAST 59 + ++#define OPTION_BITS (sizeof(unsigned int)*8) ++#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) ) ++#define option_var(x) (daemon->options[(x) / OPTION_BITS]) ++#define option_val(x) ((1u) << ((x) % OPTION_BITS)) ++#define option_bool(x) (option_var(x) & option_val(x)) ++ + /* extra flags for my_syslog, we use a couple of facilities since they are known + not to occupy the same bits as priorities, no matter how syslog.h is set up. */ + #define MS_TFTP LOG_USER +@@ -978,7 +981,7 @@ extern struct daemon { + config file arguments. All set (including defaults) + in option.c */ + +- unsigned int options, options2; ++ unsigned int options[OPTION_SIZE]; + struct resolvc default_resolv, *resolv_files; + time_t last_resolv; + char *servers_file; +--- a/src/option.c ++++ b/src/option.c +@@ -1490,18 +1490,12 @@ static int parse_dhcp_opt(char *errstr, + + void set_option_bool(unsigned int opt) + { +- if (opt < 32) +- daemon->options |= 1u << opt; +- else +- daemon->options2 |= 1u << (opt - 32); ++ option_var(opt) |= option_val(opt); + } + + void reset_option_bool(unsigned int opt) + { +- if (opt < 32) +- daemon->options &= ~(1u << opt); +- else +- daemon->options2 &= ~(1u << (opt - 32)); ++ option_var(opt) &= ~(option_val(opt)); + } + + static int one_opt(int option, char *arg, char *errstr, char *gen_err, int command_line, int servers_only) diff --git a/package/network/services/dnsmasq/patches/0008-Fix-Makefile-lines-generating-UBUS-linker-config.patch b/package/network/services/dnsmasq/patches/0008-Fix-Makefile-lines-generating-UBUS-linker-config.patch new file mode 100644 index 00000000000..91b465fd1c5 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0008-Fix-Makefile-lines-generating-UBUS-linker-config.patch @@ -0,0 +1,63 @@ +From 3a5a84cdd1488bad118eeac72d09a60299bca744 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 31 Oct 2018 21:30:13 +0000 +Subject: [PATCH 08/11] Fix Makefile lines generating UBUS linker config. + +If arg2 of pkg-wrapper is "--copy", then arg1 is NOT the name of +the package manager (--copy doesn't invoke it) it's a secondary +config string that inhibts the copy if found. This patch allows that +to be the empty string, for unconditional copy, and modifies the +ubus linker config to use it. It worked by coincidence before, because +there was no config string called "pkg-config". + +Signed-off-by: Kevin Darbyshire-Bryant +--- + Makefile | 2 +- + bld/pkg-wrapper | 14 ++++++++------ + 2 files changed, 9 insertions(+), 7 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -53,7 +53,7 @@ top?=$(CURDIR) + + dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1` + dbus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` +-ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS $(PKG_CONFIG) --copy -lubox -lubus` ++ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS "" --copy -lubox -lubus` + idn_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn` + idn_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn` + idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --cflags libidn2` +--- a/bld/pkg-wrapper ++++ b/bld/pkg-wrapper +@@ -11,23 +11,25 @@ in=`cat` + + if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \ + echo $in | grep $search >/dev/null 2>&1; then +-# Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP ++# Nasty, nasty, in --copy, arg 2 (if non-empty) is another config to search for, used with NO_GMP + if [ $op = "--copy" ]; then +- if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \ +- echo $in | grep $pkg >/dev/null 2>&1; then ++ if [ -z "$pkg" ]; then ++ pkg="$*" ++ elif grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \ ++ echo $in | grep $pkg >/dev/null 2>&1; then + pkg="" + else + pkg="$*" + fi + elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ +- echo $in | grep ${search}_STATIC >/dev/null 2>&1; then ++ echo $in | grep ${search}_STATIC >/dev/null 2>&1; then + pkg=`$pkg --static $op $*` + else + pkg=`$pkg $op $*` + fi +- ++ + if grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ +- echo $in | grep ${search}_STATIC >/dev/null 2>&1; then ++ echo $in | grep ${search}_STATIC >/dev/null 2>&1; then + if [ $op = "--libs" ] || [ $op = "--copy" ]; then + echo "-Wl,-Bstatic $pkg -Wl,-Bdynamic" + else diff --git a/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch b/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch new file mode 100644 index 00000000000..ff9ddd842cf --- /dev/null +++ b/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch @@ -0,0 +1,41 @@ +From 122392e0b352507cabb9e982208d35d2e56902e0 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 31 Oct 2018 22:24:02 +0000 +Subject: [PATCH 09/11] Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e + +The above is intended to increase robustness, but actually does the +opposite. The problem is that by ignoring SERVFAIL messages and hoping +for a better answer from another of the servers we've forwarded to, +we become vulnerable in the case that one or more of the configured +servers is down or not responding. + +Consider the case that a domain is indeed BOGUS, and we've send the +query to n servers. With 68f6312d4bae30b78daafcd6f51dc441b8685b1e +we ignore the first n-1 SERVFAIL replies, and only return the +final n'th answer to the client. Now, if one of the servers we are +forwarding to is down, then we won't get all n replies, and the +client will never get an answer! This is a far more likely scenario +than a temporary SERVFAIL from only one of a set of notionally identical +servers, so, on the ground of robustness, we have to believe +any SERVFAIL answers we get, and return them to the client. + +The client could be using the same recursive servers we are, +so it should, in theory, retry on SERVFAIL anyway. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/forward.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/src/forward.c ++++ b/src/forward.c +@@ -957,8 +957,7 @@ void reply_query(int fd, int family, tim + we get a good reply from another server. Kill it when we've + had replies from all to avoid filling the forwarding table when + everything is broken */ +- if (forward->forwardall == 0 || --forward->forwardall == 1 || +- (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL)) ++ if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED) + { + int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0; + diff --git a/package/network/services/dnsmasq/patches/0010-Remove-the-NO_FORK-compile-time-option-and-support-f.patch b/package/network/services/dnsmasq/patches/0010-Remove-the-NO_FORK-compile-time-option-and-support-f.patch new file mode 100644 index 00000000000..1110d4c5fa1 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0010-Remove-the-NO_FORK-compile-time-option-and-support-f.patch @@ -0,0 +1,199 @@ +From 48d12f14c9c0fc8cf943b52774c3892517dd72d4 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 2 Nov 2018 21:55:04 +0000 +Subject: [PATCH 10/11] Remove the NO_FORK compile-time option, and support for + uclinux. + +In an era where everything has an MMU, this looks like +an anachronism, and it adds to (Ok, multiplies!) the +combinatorial explosion of compile-time options. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + CHANGELOG | 6 ++++++ + src/config.h | 21 ++------------------- + src/dnsmasq.c | 14 -------------- + src/option.c | 4 +--- + 4 files changed, 9 insertions(+), 36 deletions(-) + +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -11,6 +11,12 @@ version 2.81 + This fix passes cache entries back from the TCP child process to + the main server process, and fixes the problem. + ++ Remove the NO_FORK compile-time option, and support for uclinux. ++ In an era where everything has an MMU, this looks like ++ an anachronism, and it adds to (Ok, multiplies!) the ++ combinatorial explosion of compile-time options. Thanks to ++ Kevin Darbyshire-Bryant for the patch. ++ + + version 2.80 + Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method +--- a/src/config.h ++++ b/src/config.h +@@ -239,27 +239,13 @@ HAVE_SOCKADDR_SA_LEN + defined if struct sockaddr has sa_len field (*BSD) + */ + +-/* Must precede __linux__ since uClinux defines __linux__ too. */ +-#if defined(__uClinux__) +-#define HAVE_LINUX_NETWORK +-#define HAVE_GETOPT_LONG +-#undef HAVE_SOCKADDR_SA_LEN +-/* Never use fork() on uClinux. Note that this is subtly different from the +- --keep-in-foreground option, since it also suppresses forking new +- processes for TCP connections and disables the call-a-script on leasechange +- system. It's intended for use on MMU-less kernels. */ +-#define NO_FORK +- +-#elif defined(__UCLIBC__) ++#if defined(__UCLIBC__) + #define HAVE_LINUX_NETWORK + #if defined(__UCLIBC_HAS_GNU_GETOPT__) || \ + ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21)) + # define HAVE_GETOPT_LONG + #endif + #undef HAVE_SOCKADDR_SA_LEN +-#if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__) +-# define NO_FORK +-#endif + #if defined(__UCLIBC_HAS_IPV6__) + # ifndef IPV6_V6ONLY + # define IPV6_V6ONLY 26 +@@ -328,7 +314,7 @@ HAVE_SOCKADDR_SA_LEN + #define HAVE_DHCP + #endif + +-#if defined(NO_SCRIPT) || defined(NO_FORK) ++#if defined(NO_SCRIPT) + #undef HAVE_SCRIPT + #undef HAVE_LUASCRIPT + #endif +@@ -372,9 +358,6 @@ static char *compile_opts = + #ifdef HAVE_BROKEN_RTC + "no-RTC " + #endif +-#ifdef NO_FORK +-"no-MMU " +-#endif + #ifndef HAVE_DBUS + "no-" + #endif +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -485,7 +485,6 @@ int main (int argc, char **argv) + if (chdir("/") != 0) + die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC); + +-#ifndef NO_FORK + if (!option_bool(OPT_NO_FORK)) + { + pid_t pid; +@@ -525,7 +524,6 @@ int main (int argc, char **argv) + if (pid != 0) + _exit(0); + } +-#endif + + /* write pidfile _after_ forking ! */ + if (daemon->runfile) +@@ -1628,12 +1626,10 @@ static int set_dns_listeners(time_t now) + + } + +-#ifndef NO_FORK + if (!option_bool(OPT_DEBUG)) + for (i = 0; i < MAX_PROCS; i++) + if (daemon->tcp_pipes[i] != -1) + poll_listen(daemon->tcp_pipes[i], POLLIN); +-#endif + + return wait; + } +@@ -1643,9 +1639,7 @@ static void check_dns_listeners(time_t n + struct serverfd *serverfdp; + struct listener *listener; + int i; +-#ifndef NO_FORK + int pipefd[2]; +-#endif + + for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) + if (poll_check(serverfdp->fd, POLLIN)) +@@ -1657,7 +1651,6 @@ static void check_dns_listeners(time_t n + poll_check(daemon->randomsocks[i].fd, POLLIN)) + reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now); + +-#ifndef NO_FORK + /* Races. The child process can die before we read all of the data from the + pipe, or vice versa. Therefore send tcp_pids to zero when we wait() the + process, and tcp_pipes to -1 and close the FD when we read the last +@@ -1674,7 +1667,6 @@ static void check_dns_listeners(time_t n + close(daemon->tcp_pipes[i]); + daemon->tcp_pipes[i] = -1; + } +-#endif + + for (listener = daemon->listeners; listener; listener = listener->next) + { +@@ -1768,7 +1760,6 @@ static void check_dns_listeners(time_t n + shutdown(confd, SHUT_RDWR); + while (retry_send(close(confd))); + } +-#ifndef NO_FORK + else if (!option_bool(OPT_DEBUG) && pipe(pipefd) == 0 && (p = fork()) != 0) + { + close(pipefd[1]); /* parent needs read pipe end. */ +@@ -1791,7 +1782,6 @@ static void check_dns_listeners(time_t n + /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */ + daemon->log_id += TCP_MAX_QUERIES; + } +-#endif + else + { + unsigned char *buff; +@@ -1811,7 +1801,6 @@ static void check_dns_listeners(time_t n + auth_dns = 0; + } + +-#ifndef NO_FORK + /* Arrange for SIGALRM after CHILD_LIFETIME seconds to + terminate the process. */ + if (!option_bool(OPT_DEBUG)) +@@ -1820,7 +1809,6 @@ static void check_dns_listeners(time_t n + close(pipefd[0]); /* close read end in child. */ + daemon->pipe_to_parent = pipefd[1]; + } +-#endif + + /* start with no upstream connections. */ + for (s = daemon->servers; s; s = s->next) +@@ -1846,13 +1834,11 @@ static void check_dns_listeners(time_t n + shutdown(s->tcpfd, SHUT_RDWR); + while (retry_send(close(s->tcpfd))); + } +-#ifndef NO_FORK + if (!option_bool(OPT_DEBUG)) + { + flush_log(); + _exit(0); + } +-#endif + } + } + } +--- a/src/option.c ++++ b/src/option.c +@@ -1828,9 +1828,7 @@ static int one_opt(int option, char *arg + /* Sorry about the gross pre-processor abuse */ + case '6': /* --dhcp-script */ + case LOPT_LUASCRIPT: /* --dhcp-luascript */ +-# if defined(NO_FORK) +- ret_err(_("cannot run scripts under uClinux")); +-# elif !defined(HAVE_SCRIPT) ++# if !defined(HAVE_SCRIPT) + ret_err(_("recompile with HAVE_SCRIPT defined to enable lease-change scripts")); + # else + if (option == LOPT_LUASCRIPT) diff --git a/package/network/services/dnsmasq/patches/0011-Free-config-file-values-on-parsing-errors.patch b/package/network/services/dnsmasq/patches/0011-Free-config-file-values-on-parsing-errors.patch new file mode 100644 index 00000000000..3ba971fe723 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0011-Free-config-file-values-on-parsing-errors.patch @@ -0,0 +1,1199 @@ +From 59e470381f84f2fdf0640c7bc67827f3f0c64784 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 2 Nov 2018 22:39:39 +0000 +Subject: [PATCH 11/11] Free config file values on parsing errors. + +This time I have a little bit more controversal patches. But I think +still useful. They fixes memory leaks that might occur in some cases. +Most dnsmasq errors is fatal, so it does not matter. But some are not. +Some parts are reloaded on SIGHUP signal, so it might leak more than once. + +Some example when it changes the failures. Use dhcp-options file with +this content: + +tag:error,vendor:redhat +option:ntp-server,1.2.3.4.5 +option6:ntp-server,[:::] + +Is not fatal and dnsmasq will start. On each reload command, it would +leak some memory. I validated it using valgrind --leak-check=full +dnsmasq -d. This patch fixes it. It introduces something that might be +considered constructor and destructor of selected structures. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/option.c | 533 ++++++++++++++++++++++++++++++++++----------------- + 1 file changed, 352 insertions(+), 181 deletions(-) + +--- a/src/option.c ++++ b/src/option.c +@@ -577,14 +577,15 @@ static void *opt_malloc(size_t size) + return ret; + } + +-static char *opt_string_alloc(char *cp) ++static char *opt_string_alloc(const char *cp) + { + char *ret = NULL; ++ size_t len; + +- if (cp && strlen(cp) != 0) ++ if (cp && (len = strlen(cp)) != 0) + { +- ret = opt_malloc(strlen(cp)+1); +- strcpy(ret, cp); ++ ret = opt_malloc(len+1); ++ memcpy(ret, cp, len+1); + + /* restore hidden metachars */ + unhide_metas(ret); +@@ -759,6 +760,8 @@ static void do_usage(void) + } + + #define ret_err(x) do { strcpy(errstr, (x)); return 0; } while (0) ++#define ret_err_free(x,m) do { strcpy(errstr, (x)); free((m)); return 0; } while (0) ++#define goto_err(x) do { strcpy(errstr, (x)); goto on_error; } while (0) + + static char *parse_mysockaddr(char *arg, union mysockaddr *addr) + { +@@ -904,6 +907,8 @@ static struct server *add_rev4(struct in + p += sprintf(p, "%d.", (a >> 24) & 0xff); + break; + default: ++ free(serv->domain); ++ free(serv); + return NULL; + } + +@@ -958,6 +963,97 @@ static char *set_prefix(char *arg) + return arg; + } + ++static struct dhcp_netid * ++dhcp_netid_create(const char *net, struct dhcp_netid *next) ++{ ++ struct dhcp_netid *tt; ++ tt = opt_malloc(sizeof (struct dhcp_netid)); ++ tt->net = opt_string_alloc(net); ++ tt->next = next; ++ return tt; ++} ++ ++static void dhcp_netid_free(struct dhcp_netid *nid) ++{ ++ while (nid) ++ { ++ struct dhcp_netid *tmp = nid; ++ nid = nid->next; ++ free(tmp->net); ++ free(tmp); ++ } ++} ++ ++/* Parse one or more tag:s before parameters. ++ * Moves arg to the end of tags. */ ++static struct dhcp_netid * dhcp_tags(char **arg) ++{ ++ struct dhcp_netid *id = NULL; ++ ++ while (is_tag_prefix(*arg)) ++ { ++ char *comma = split(*arg); ++ id = dhcp_netid_create((*arg)+4, id); ++ *arg = comma; ++ }; ++ if (!*arg) ++ { ++ dhcp_netid_free(id); ++ id = NULL; ++ } ++ return id; ++} ++ ++static void dhcp_netid_list_free(struct dhcp_netid_list *netid) ++{ ++ while (netid) ++ { ++ struct dhcp_netid_list *tmplist = netid; ++ netid = netid->next; ++ dhcp_netid_free(tmplist->list); ++ free(tmplist); ++ } ++} ++ ++static void dhcp_config_free(struct dhcp_config *config) ++{ ++ if (config) ++ { ++ struct hwaddr_config *hwaddr = config->hwaddr; ++ while (hwaddr) ++ { ++ struct hwaddr_config *tmp = hwaddr; ++ hwaddr = hwaddr->next; ++ free(tmp); ++ } ++ dhcp_netid_list_free(config->netid); ++ if (config->flags & CONFIG_CLID) ++ free(config->clid); ++ free(config); ++ } ++} ++ ++static void dhcp_context_free(struct dhcp_context *ctx) ++{ ++ if (ctx) ++ { ++ dhcp_netid_free(ctx->filter); ++ free(ctx->netid.net); ++ free(ctx->template_interface); ++ free(ctx); ++ } ++} ++ ++static void dhcp_opt_free(struct dhcp_opt *opt) ++{ ++ if (opt->flags & DHOPT_VENDOR) ++ free(opt->u.vendor_class); ++ dhcp_netid_free(opt->netid); ++ free(opt->val); ++ free(opt); ++} ++ ++ + /* This is too insanely large to keep in-line in the switch */ + static int parse_dhcp_opt(char *errstr, char *arg, int flags) + { +@@ -965,7 +1061,6 @@ static int parse_dhcp_opt(char *errstr, + char lenchar = 0, *cp; + int addrs, digs, is_addr, is_addr6, is_hex, is_dec, is_string, dots; + char *comma = NULL; +- struct dhcp_netid *np = NULL; + u16 opt_len = 0; + int is6 = 0; + int option_ok = 0; +@@ -1052,14 +1147,9 @@ static int parse_dhcp_opt(char *errstr, + } + else + { +- new->netid = opt_malloc(sizeof (struct dhcp_netid)); + /* allow optional "net:" or "tag:" for consistency */ +- if (is_tag_prefix(arg)) +- new->netid->net = opt_string_alloc(arg+4); +- else +- new->netid->net = opt_string_alloc(set_prefix(arg)); +- new->netid->next = np; +- np = new->netid; ++ const char *name = (is_tag_prefix(arg)) ? arg+4 : set_prefix(arg); ++ new->netid = dhcp_netid_create(name, new->netid); + } + + arg = comma; +@@ -1069,7 +1159,7 @@ static int parse_dhcp_opt(char *errstr, + if (is6) + { + if (new->flags & (DHOPT_VENDOR | DHOPT_ENCAPSULATE)) +- ret_err(_("unsupported encapsulation for IPv6 option")); ++ goto_err(_("unsupported encapsulation for IPv6 option")); + + if (opt_len == 0 && + !(new->flags & DHOPT_RFC3925)) +@@ -1083,7 +1173,7 @@ static int parse_dhcp_opt(char *errstr, + + /* option may be missing with rfc3925 match */ + if (!option_ok) +- ret_err(_("bad dhcp-option")); ++ goto_err(_("bad dhcp-option")); + + if (comma) + { +@@ -1151,10 +1241,10 @@ static int parse_dhcp_opt(char *errstr, + is_string = is_dec = is_hex = 0; + + if (!is6 && (!is_addr || dots == 0)) +- ret_err(_("bad IP address")); ++ goto_err(_("bad IP address")); + + if (is6 && !is_addr6) +- ret_err(_("bad IPv6 address")); ++ goto_err(_("bad IPv6 address")); + } + /* or names */ + else if (opt_len & (OT_NAME | OT_RFC1035_NAME | OT_CSTRING)) +@@ -1247,7 +1337,7 @@ static int parse_dhcp_opt(char *errstr, + comma = split(cp); + slash = split_chr(cp, '/'); + if (!inet_pton(AF_INET, cp, &in)) +- ret_err(_("bad IPv4 address")); ++ goto_err(_("bad IPv4 address")); + if (!slash) + { + memcpy(op, &in, INADDRSZ); +@@ -1292,8 +1382,8 @@ static int parse_dhcp_opt(char *errstr, + op += IN6ADDRSZ; + continue; + } +- +- ret_err(_("bad IPv6 address")); ++ ++ goto_err(_("bad IPv6 address")); + } + new->len = op - new->val; + } +@@ -1320,7 +1410,7 @@ static int parse_dhcp_opt(char *errstr, + if (strcmp (arg, ".") != 0) + { + if (!(dom = canonicalise_opt(arg))) +- ret_err(_("bad domain in dhcp-option")); ++ goto_err(_("bad domain in dhcp-option")); + + domlen = strlen(dom) + 2; + } +@@ -1414,7 +1504,7 @@ static int parse_dhcp_opt(char *errstr, + { + char *dom = canonicalise_opt(arg); + if (!dom) +- ret_err(_("bad domain in dhcp-option")); ++ goto_err(_("bad domain in dhcp-option")); + + newp = opt_malloc(len + strlen(dom) + 2); + +@@ -1452,14 +1542,14 @@ static int parse_dhcp_opt(char *errstr, + ((new->len > 255) || + (new->len > 253 && (new->flags & (DHOPT_VENDOR | DHOPT_ENCAPSULATE))) || + (new->len > 250 && (new->flags & DHOPT_RFC3925)))) +- ret_err(_("dhcp-option too long")); ++ goto_err(_("dhcp-option too long")); + + if (flags == DHOPT_MATCH) + { + if ((new->flags & (DHOPT_ENCAPSULATE | DHOPT_VENDOR)) || + !new->netid || + new->netid->next) +- ret_err(_("illegal dhcp-match")); ++ goto_err(_("illegal dhcp-match")); + + if (is6) + { +@@ -1484,6 +1574,9 @@ static int parse_dhcp_opt(char *errstr, + } + + return 1; ++on_error: ++ dhcp_opt_free(new); ++ return 0; + } + + #endif +@@ -1498,6 +1591,16 @@ void reset_option_bool(unsigned int opt) + option_var(opt) &= ~(option_val(opt)); + } + ++static void server_list_free(struct server *list) ++{ ++ while (list) ++ { ++ struct server *tmp = list; ++ list = list->next; ++ free(tmp); ++ } ++} ++ + static int one_opt(int option, char *arg, char *errstr, char *gen_err, int command_line, int servers_only) + { + int i; +@@ -1679,13 +1782,13 @@ static int one_opt(int option, char *arg + /* has subnet+len */ + err = parse_mysockaddr(arg, &new->addr); + if (err) +- ret_err(err); ++ ret_err_free(err, new); + if (!atoi_check(end, &new->mask)) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + new->addr_used = 1; + } + else if (!atoi_check(arg, &new->mask)) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + + daemon->add_subnet4 = new; + +@@ -1697,15 +1800,15 @@ static int one_opt(int option, char *arg + /* has subnet+len */ + err = parse_mysockaddr(comma, &new->addr); + if (err) +- ret_err(err); ++ ret_err_free(err, new); + if (!atoi_check(end, &new->mask)) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + new->addr_used = 1; + } + else + { + if (!atoi_check(comma, &new->mask)) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + } + + daemon->add_subnet6 = new; +@@ -1912,7 +2015,10 @@ static int one_opt(int option, char *arg + else if (strcmp(fam, "6") == 0) + new->addr.sa.sa_family = AF_INET6; + else +- ret_err(gen_err); ++ { ++ free(new->name); ++ ret_err_free(gen_err, new); ++ } + } + } + new->next = daemon->authinterface; +@@ -2077,7 +2183,7 @@ static int one_opt(int option, char *arg + + arg = split(netpart); + if (!atoi_check(netpart, &msize)) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + else if (inet_pton(AF_INET, comma, &new->start)) + { + int mask = (1 << (32 - msize)) - 1; +@@ -2090,18 +2196,18 @@ static int one_opt(int option, char *arg + { + if (!(new->prefix = canonicalise_opt(arg)) || + strlen(new->prefix) > MAXLABEL - INET_ADDRSTRLEN) +- ret_err(_("bad prefix")); ++ ret_err_free(_("bad prefix"), new); + } + else if (strcmp(arg, "local") != 0 || + (msize != 8 && msize != 16 && msize != 24)) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + else + { + /* generate the equivalent of + local=/xxx.yyy.zzz.in-addr.arpa/ */ + struct server *serv = add_rev4(new->start, msize); + if (!serv) +- ret_err(_("bad prefix")); ++ ret_err_free(_("bad prefix"), new); + + serv->flags |= SERV_NO_ADDR; + +@@ -2130,17 +2236,17 @@ static int one_opt(int option, char *arg + setaddr6part(&new->end6, addrpart | mask); + + if (msize < 64) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + else if (arg) + { + if (option != 's') + { + if (!(new->prefix = canonicalise_opt(arg)) || + strlen(new->prefix) > MAXLABEL - INET6_ADDRSTRLEN) +- ret_err(_("bad prefix")); ++ ret_err_free(_("bad prefix"), new); + } + else if (strcmp(arg, "local") != 0 || ((msize & 4) != 0)) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + else + { + /* generate the equivalent of +@@ -2159,7 +2265,7 @@ static int one_opt(int option, char *arg + } + } + else +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + } + else + { +@@ -2173,7 +2279,7 @@ static int one_opt(int option, char *arg + if (!arg) + new->end.s_addr = new->start.s_addr; + else if (!inet_pton(AF_INET, arg, &new->end)) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + } + else if (inet_pton(AF_INET6, comma, &new->start6)) + { +@@ -2181,16 +2287,16 @@ static int one_opt(int option, char *arg + if (!arg) + memcpy(&new->end6, &new->start6, IN6ADDRSZ); + else if (!inet_pton(AF_INET6, arg, &new->end6)) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + } + else +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + + if (option != 's' && prefstr) + { + if (!(new->prefix = canonicalise_opt(prefstr)) || + strlen(new->prefix) > MAXLABEL - INET_ADDRSTRLEN) +- ret_err(_("bad prefix")); ++ ret_err_free(_("bad prefix"), new); + } + } + +@@ -2352,7 +2458,7 @@ static int one_opt(int option, char *arg + #endif + } + else +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + + new->used = 0; + if (option == 'a') +@@ -2423,7 +2529,10 @@ static int one_opt(int option, char *arg + { + newlist->flags |= SERV_LITERAL_ADDRESS; + if (!(newlist->flags & SERV_TYPE)) +- ret_err(gen_err); ++ { ++ server_list_free(newlist); ++ ret_err(gen_err); ++ } + } + else if (option == LOPT_NO_REBIND) + newlist->flags |= SERV_NO_REBIND; +@@ -2440,7 +2549,10 @@ static int one_opt(int option, char *arg + { + char *err = parse_server(arg, &newlist->addr, &newlist->source_addr, newlist->interface, &newlist->flags); + if (err) +- ret_err(err); ++ { ++ server_list_free(newlist); ++ ret_err(err); ++ } + } + + serv = newlist; +@@ -2776,21 +2888,19 @@ static int one_opt(int option, char *arg + { + if (is_tag_prefix(arg)) + { +- struct dhcp_netid *tt = opt_malloc(sizeof (struct dhcp_netid)); +- tt->net = opt_string_alloc(arg+4); +- tt->next = new->filter; + /* ignore empty tag */ +- if (tt->net) +- new->filter = tt; ++ if (arg[4]) ++ new->filter = dhcp_netid_create(arg+4, new->filter); + } + else + { + if (new->netid.net) +- ret_err(_("only one tag allowed")); +- else if (strstr(arg, "set:") == arg) +- new->netid.net = opt_string_alloc(arg+4); ++ { ++ dhcp_context_free(new); ++ ret_err(_("only one tag allowed")); ++ } + else +- new->netid.net = opt_string_alloc(arg); ++ new->netid.net = opt_string_alloc(set_prefix(arg)); + } + arg = comma; + } +@@ -2806,7 +2916,10 @@ static int one_opt(int option, char *arg + break; + + if (k < 2) +- ret_err(_("bad dhcp-range")); ++ { ++ dhcp_context_free(new); ++ ret_err(_("bad dhcp-range")); ++ } + + if (inet_pton(AF_INET, a[0], &new->start)) + { +@@ -2818,7 +2931,10 @@ static int one_opt(int option, char *arg + else if (strcmp(a[1], "proxy") == 0) + new->flags |= CONTEXT_PROXY; + else if (!inet_pton(AF_INET, a[1], &new->end)) +- ret_err(_("bad dhcp-range")); ++ { ++ dhcp_context_free(new); ++ ret_err(_("bad dhcp-range")); ++ } + + if (ntohl(new->start.s_addr) > ntohl(new->end.s_addr)) + { +@@ -2833,7 +2949,10 @@ static int one_opt(int option, char *arg + new->flags |= CONTEXT_NETMASK; + leasepos = 3; + if (!is_same_net(new->start, new->end, new->netmask)) +- ret_err(_("inconsistent DHCP range")); ++ { ++ dhcp_context_free(new); ++ ret_err(_("inconsistent DHCP range")); ++ } + + + if (k >= 4 && strchr(a[3], '.') && +@@ -2847,6 +2966,8 @@ static int one_opt(int option, char *arg + #ifdef HAVE_DHCP6 + else if (inet_pton(AF_INET6, a[0], &new->start6)) + { ++ const char *err = NULL; ++ + new->flags |= CONTEXT_V6; + new->prefix = 64; /* default */ + new->end6 = new->start6; +@@ -2892,19 +3013,24 @@ static int one_opt(int option, char *arg + } + } + +- if (new->prefix != 64) ++ if (new->prefix > 64) + { + if (new->flags & CONTEXT_RA) +- ret_err(_("prefix length must be exactly 64 for RA subnets")); ++ err=(_("prefix length must be exactly 64 for RA subnets")); + else if (new->flags & CONTEXT_TEMPLATE) +- ret_err(_("prefix length must be exactly 64 for subnet constructors")); ++ err=(_("prefix length must be exactly 64 for subnet constructors")); + } +- +- if (new->prefix < 64) +- ret_err(_("prefix length must be at least 64")); ++ else if (new->prefix < 64) ++ err=(_("prefix length must be at least 64")); + +- if (!is_same_net6(&new->start6, &new->end6, new->prefix)) +- ret_err(_("inconsistent DHCPv6 range")); ++ if (!err && !is_same_net6(&new->start6, &new->end6, new->prefix)) ++ err=(_("inconsistent DHCPv6 range")); ++ ++ if (err) ++ { ++ dhcp_context_free(new); ++ ret_err(err); ++ } + + /* dhcp-range=:: enables DHCP stateless on any interface */ + if (IN6_IS_ADDR_UNSPECIFIED(&new->start6) && !(new->flags & CONTEXT_TEMPLATE)) +@@ -2915,7 +3041,10 @@ static int one_opt(int option, char *arg + struct in6_addr zero; + memset(&zero, 0, sizeof(zero)); + if (!is_same_net6(&zero, &new->start6, new->prefix)) +- ret_err(_("prefix must be zero with \"constructor:\" argument")); ++ { ++ dhcp_context_free(new); ++ ret_err(_("prefix must be zero with \"constructor:\" argument")); ++ } + } + + if (addr6part(&new->start6) > addr6part(&new->end6)) +@@ -2927,12 +3056,18 @@ static int one_opt(int option, char *arg + } + #endif + else +- ret_err(_("bad dhcp-range")); ++ { ++ dhcp_context_free(new); ++ ret_err(_("bad dhcp-range")); ++ } + + if (leasepos < k) + { + if (leasepos != k-1) +- ret_err(_("bad dhcp-range")); ++ { ++ dhcp_context_free(new); ++ ret_err(_("bad dhcp-range")); ++ } + + if (strcmp(a[leasepos], "infinite") == 0) + new->lease_time = 0xffffffff; +@@ -2971,7 +3106,7 @@ static int one_opt(int option, char *arg + break; + + if (*cp || (leasepos+1 < k)) +- ret_err(_("bad dhcp-range")); ++ ret_err_free(_("bad dhcp-range"), new); + + new->lease_time = atoi(a[leasepos]) * fac; + /* Leases of a minute or less confuse +@@ -2998,6 +3133,7 @@ static int one_opt(int option, char *arg + new->flags = (option == LOPT_BANK) ? CONFIG_BANK : 0; + new->hwaddr = NULL; + new->netid = NULL; ++ new->clid = NULL; + + if ((a[0] = arg)) + for (k = 1; k < 7; k++) +@@ -3028,7 +3164,10 @@ static int one_opt(int option, char *arg + } + + if (len == -1) +- ret_err(_("bad hex constant")); ++ { ++ dhcp_config_free(new); ++ ret_err(_("bad hex constant")); ++ } + else if ((new->clid = opt_malloc(len))) + { + new->flags |= CONFIG_CLID; +@@ -3040,17 +3179,17 @@ static int one_opt(int option, char *arg + /* dhcp-host has strange backwards-compat needs. */ + else if (strstr(arg, "net:") == arg || strstr(arg, "set:") == arg) + { +- struct dhcp_netid *newtag = opt_malloc(sizeof(struct dhcp_netid)); + struct dhcp_netid_list *newlist = opt_malloc(sizeof(struct dhcp_netid_list)); +- newtag->net = opt_malloc(strlen(arg + 4) + 1); + newlist->next = new->netid; + new->netid = newlist; +- newlist->list = newtag; +- strcpy(newtag->net, arg+4); +- unhide_metas(newtag->net); ++ newlist->list = dhcp_netid_create(arg+4, NULL); + } + else if (strstr(arg, "tag:") == arg) +- ret_err(_("cannot match tags in --dhcp-host")); ++ { ++ ++ dhcp_config_free(new); ++ ret_err(_("cannot match tags in --dhcp-host")); ++ } + #ifdef HAVE_DHCP6 + else if (arg[0] == '[' && arg[strlen(arg)-1] == ']') + { +@@ -3058,7 +3197,10 @@ static int one_opt(int option, char *arg + arg++; + + if (!inet_pton(AF_INET6, arg, &new->addr6)) +- ret_err(_("bad IPv6 address")); ++ { ++ dhcp_config_free(new); ++ ret_err(_("bad IPv6 address")); ++ } + + for (i= 0; i < 8; i++) + if (new->addr6.s6_addr[i] != 0) +@@ -3076,10 +3218,13 @@ static int one_opt(int option, char *arg + struct hwaddr_config *newhw = opt_malloc(sizeof(struct hwaddr_config)); + if ((newhw->hwaddr_len = parse_hex(a[j], newhw->hwaddr, DHCP_CHADDR_MAX, + &newhw->wildcard_mask, &newhw->hwaddr_type)) == -1) +- ret_err(_("bad hex constant")); ++ { ++ free(newhw); ++ dhcp_config_free(new); ++ ret_err(_("bad hex constant")); ++ } + else + { +- + newhw->next = new->hwaddr; + new->hwaddr = newhw; + } +@@ -3156,7 +3301,10 @@ static int one_opt(int option, char *arg + { + if (!(new->hostname = canonicalise_opt(a[j])) || + !legal_hostname(new->hostname)) +- ret_err(_("bad DHCP host name")); ++ { ++ dhcp_config_free(new); ++ ret_err(_("bad DHCP host name")); ++ } + + new->flags |= CONFIG_NAME; + new->domain = strip_hostname(new->hostname); +@@ -3209,10 +3357,7 @@ static int one_opt(int option, char *arg + } + else + { +- struct dhcp_netid *newtag = opt_malloc(sizeof(struct dhcp_netid)); +- newtag->net = opt_malloc(len - 3); +- strcpy(newtag->net, arg+4); +- unhide_metas(newtag->net); ++ struct dhcp_netid *newtag = dhcp_netid_create(arg+4, NULL); + + if (strstr(arg, "set:") == arg) + { +@@ -3229,7 +3374,7 @@ static int one_opt(int option, char *arg + else + { + new->set = NULL; +- free(newtag); ++ dhcp_netid_free(newtag); + break; + } + } +@@ -3238,7 +3383,11 @@ static int one_opt(int option, char *arg + } + + if (!new->set) +- ret_err(_("bad tag-if")); ++ { ++ dhcp_netid_free(new->tag); ++ dhcp_netid_list_free(new->set); ++ ret_err_free(_("bad tag-if"), new); ++ } + + break; + } +@@ -3281,19 +3430,12 @@ static int one_opt(int option, char *arg + + case 'M': /* --dhcp-boot */ + { +- struct dhcp_netid *id = NULL; +- while (is_tag_prefix(arg)) +- { +- struct dhcp_netid *newid = opt_malloc(sizeof(struct dhcp_netid)); +- newid->next = id; +- id = newid; +- comma = split(arg); +- newid->net = opt_string_alloc(arg+4); +- arg = comma; +- }; ++ struct dhcp_netid *id = dhcp_tags(&arg); + +- if (!arg) +- ret_err(gen_err); ++ if (!id) ++ { ++ ret_err(gen_err); ++ } + else + { + char *dhcp_file, *dhcp_sname = NULL, *tftp_sname = NULL; +@@ -3339,19 +3481,12 @@ static int one_opt(int option, char *arg + + case LOPT_REPLY_DELAY: /* --dhcp-reply-delay */ + { +- struct dhcp_netid *id = NULL; +- while (is_tag_prefix(arg)) +- { +- struct dhcp_netid *newid = opt_malloc(sizeof(struct dhcp_netid)); +- newid->next = id; +- id = newid; +- comma = split(arg); +- newid->net = opt_string_alloc(arg+4); +- arg = comma; +- }; ++ struct dhcp_netid *id = dhcp_tags(&arg); + +- if (!arg) +- ret_err(gen_err); ++ if (!id) ++ { ++ ret_err(gen_err); ++ } + else + { + struct delay_config *new; +@@ -3376,19 +3511,13 @@ static int one_opt(int option, char *arg + + new->netid = NULL; + new->opt = 10; /* PXE_MENU_PROMPT */ +- +- while (is_tag_prefix(arg)) +- { +- struct dhcp_netid *nn = opt_malloc(sizeof (struct dhcp_netid)); +- comma = split(arg); +- nn->next = new->netid; +- new->netid = nn; +- nn->net = opt_string_alloc(arg+4); +- arg = comma; +- } ++ new->netid = dhcp_tags(&arg); + +- if (!arg) +- ret_err(gen_err); ++ if (!new->netid) ++ { ++ dhcp_opt_free(new); ++ ret_err(gen_err); ++ } + else + { + comma = split(arg); +@@ -3424,17 +3553,8 @@ static int one_opt(int option, char *arg + new->netid = NULL; + new->sname = NULL; + new->server.s_addr = 0; ++ new->netid = dhcp_tags(&arg); + +- while (is_tag_prefix(arg)) +- { +- struct dhcp_netid *nn = opt_malloc(sizeof (struct dhcp_netid)); +- comma = split(arg); +- nn->next = new->netid; +- new->netid = nn; +- nn->net = opt_string_alloc(arg+4); +- arg = comma; +- } +- + if (arg && (comma = split(arg))) + { + for (i = 0; CSA[i]; i++) +@@ -3511,7 +3631,10 @@ static int one_opt(int option, char *arg + unhide_metas(comma); + new->hwaddr_len = parse_hex(comma, new->hwaddr, DHCP_CHADDR_MAX, &new->mask, &new->hwaddr_type); + if (new->hwaddr_len == -1) +- ret_err(gen_err); ++ { ++ free(new->netid.net); ++ ret_err_free(gen_err, new); ++ } + else + { + new->next = daemon->dhcp_macs; +@@ -3528,7 +3651,7 @@ static int one_opt(int option, char *arg + + if (!(comma = split(arg)) || + !atoi_check16(comma, &new->class)) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + + new->tag.net = opt_string_alloc(set_prefix(arg)); + new->next = daemon->prefix_classes; +@@ -3550,7 +3673,7 @@ static int one_opt(int option, char *arg + struct dhcp_vendor *new = opt_malloc(sizeof(struct dhcp_vendor)); + + if (!(comma = split(arg))) +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + + new->netid.net = opt_string_alloc(set_prefix(arg)); + /* check for hex string - must digits may include : must not have nothing else, +@@ -3560,7 +3683,10 @@ static int one_opt(int option, char *arg + if ((comma = split(arg))) + { + if (option != 'U' || strstr(arg, "enterprise:") != arg) +- ret_err(gen_err); ++ { ++ free(new->netid.net); ++ ret_err_free(gen_err, new); ++ } + else + new->enterprise = atoi(arg+11); + } +@@ -3662,14 +3788,8 @@ static int one_opt(int option, char *arg + } + + while (arg) { +- struct dhcp_netid *member = opt_malloc(sizeof(struct dhcp_netid)); + comma = split(arg); +- member->next = list; +- list = member; +- if (is_tag_prefix(arg)) +- member->net = opt_string_alloc(arg+4); +- else +- member->net = opt_string_alloc(arg); ++ list = dhcp_netid_create(is_tag_prefix(arg) ? arg+4 :arg, list); + arg = comma; + } + +@@ -3683,7 +3803,7 @@ static int one_opt(int option, char *arg + struct addr_list *new = opt_malloc(sizeof(struct addr_list)); + comma = split(arg); + if (!(inet_pton(AF_INET, arg, &new->addr) > 0)) +- ret_err(_("bad dhcp-proxy address")); ++ ret_err_free(_("bad dhcp-proxy address"), new); + new->next = daemon->override_relays; + daemon->override_relays = new; + arg = comma; +@@ -3709,7 +3829,10 @@ static int one_opt(int option, char *arg + } + #endif + else +- ret_err(_("Bad dhcp-relay")); ++ { ++ free(new->interface); ++ ret_err_free(_("Bad dhcp-relay"), new); ++ } + + break; + } +@@ -3749,8 +3872,11 @@ static int one_opt(int option, char *arg + arg = split(comma); + if (!atoi_check(comma, &new->interval) || + (arg && !atoi_check(arg, &new->lifetime))) ++ { + err: +- ret_err(_("bad RA-params")); ++ free(new->name); ++ ret_err_free(_("bad RA-params"), new); ++ } + + new->next = daemon->ra_interfaces; + daemon->ra_interfaces = new; +@@ -3799,7 +3925,7 @@ err: + (!(inet_pton(AF_INET, dash, &new->end) > 0) || + !is_same_net(new->in, new->end, new->mask) || + ntohl(new->in.s_addr) > ntohl(new->end.s_addr))) +- ret_err(_("invalid alias range")); ++ ret_err_free(_("invalid alias range"), new); + + break; + } +@@ -3832,7 +3958,7 @@ err: + else if (strcmp(arg, "6") == 0) + new->family = AF_INET6; + else +- ret_err(gen_err); ++ ret_err_free(gen_err, new); + } + new->intr = opt_string_alloc(comma); + break; +@@ -3864,11 +3990,19 @@ err: + alias = canonicalise_opt(arg); + + if (!alias || !target) +- ret_err(_("bad CNAME")); ++ { ++ free(target); ++ free(alias); ++ ret_err(_("bad CNAME")); ++ } + + for (new = daemon->cnames; new; new = new->next) + if (hostname_isequal(new->alias, alias)) +- ret_err(_("duplicate CNAME")); ++ { ++ free(target); ++ free(alias); ++ ret_err(_("duplicate CNAME")); ++ } + new = opt_malloc(sizeof(struct cname)); + new->next = daemon->cnames; + daemon->cnames = new; +@@ -3891,7 +4025,11 @@ err: + + if (!(dom = canonicalise_opt(arg)) || + (comma && !(target = canonicalise_opt(comma)))) +- ret_err(_("bad PTR record")); ++ { ++ free(dom); ++ free(target); ++ ret_err(_("bad PTR record")); ++ } + else + { + new = opt_malloc(sizeof(struct ptr_record)); +@@ -3909,7 +4047,7 @@ err: + int k = 0; + struct naptr *new; + int order, pref; +- char *name, *replace = NULL; ++ char *name=NULL, *replace = NULL; + + if ((a[0] = arg)) + for (k = 1; k < 7; k++) +@@ -3922,7 +4060,11 @@ err: + !atoi_check16(a[1], &order) || + !atoi_check16(a[2], &pref) || + (k == 7 && !(replace = canonicalise_opt(a[6])))) +- ret_err(_("bad NAPTR record")); ++ { ++ free(name); ++ free(replace); ++ ret_err(_("bad NAPTR record")); ++ } + else + { + new = opt_malloc(sizeof(struct naptr)); +@@ -3944,22 +4086,26 @@ err: + struct txt_record *new; + size_t len = 0; + char *data; +- int val; ++ int class; + + comma = split(arg); + data = split(comma); + + new = opt_malloc(sizeof(struct txt_record)); +- new->next = daemon->rr; +- daemon->rr = new; ++ new->name = NULL; + +- if (!atoi_check(comma, &val) || ++ if (!atoi_check(comma, &class) || + !(new->name = canonicalise_opt(arg)) || + (data && (len = parse_hex(data, (unsigned char *)data, -1, NULL, NULL)) == -1U)) +- ret_err(_("bad RR record")); +- +- new->class = val; ++ { ++ free(new->name); ++ ret_err_free(_("bad RR record"), new); ++ } ++ + new->len = 0; ++ new->class = class; ++ new->next = daemon->rr; ++ daemon->rr = new; + + if (data) + { +@@ -4011,14 +4157,14 @@ err: + comma = split(arg); + + new = opt_malloc(sizeof(struct txt_record)); +- new->next = daemon->txt; +- daemon->txt = new; + new->class = C_IN; + new->stat = 0; + + if (!(new->name = canonicalise_opt(arg))) +- ret_err(_("bad TXT record")); ++ ret_err_free(_("bad TXT record"), new); + ++ new->next = daemon->txt; ++ daemon->txt = new; + len = comma ? strlen(comma) : 0; + len += (len/255) + 1; /* room for extra counts */ + new->txt = p = opt_malloc(len); +@@ -4065,24 +4211,32 @@ err: + arg = comma; + comma = split(arg); + if (!(target = canonicalise_opt(arg))) +- ret_err(_("bad SRV target")); ++ ret_err_free(_("bad SRV target"), name); + + if (comma) + { + arg = comma; + comma = split(arg); + if (!atoi_check16(arg, &port)) +- ret_err(_("invalid port number")); ++ { ++ free(name); ++ ret_err_free(_("invalid port number"), target); ++ } + + if (comma) + { + arg = comma; + comma = split(arg); + if (!atoi_check16(arg, &priority)) +- ret_err(_("invalid priority")); +- ++ { ++ free(name); ++ ret_err_free(_("invalid priority"), target); ++ } + if (comma && !atoi_check16(comma, &weight)) +- ret_err(_("invalid weight")); ++ { ++ free(name); ++ ret_err_free(_("invalid weight"), target); ++ } + } + } + } +@@ -4101,13 +4255,15 @@ err: + + case LOPT_HOST_REC: /* --host-record */ + { +- struct host_record *new = opt_malloc(sizeof(struct host_record)); +- memset(new, 0, sizeof(struct host_record)); +- new->ttl = -1; ++ struct host_record *new; + + if (!arg || !(comma = split(arg))) + ret_err(_("Bad host-record")); + ++ new = opt_malloc(sizeof(struct host_record)); ++ memset(new, 0, sizeof(struct host_record)); ++ new->ttl = -1; ++ + while (arg) + { + struct all_addr addr; +@@ -4126,10 +4282,19 @@ err: + { + int nomem; + char *canon = canonicalise(arg, &nomem); +- struct name_list *nl = opt_malloc(sizeof(struct name_list)); ++ struct name_list *nl; + if (!canon) +- ret_err(_("Bad name in host-record")); ++ { ++ struct name_list *tmp = new->names, *next; ++ for (tmp = new->names; tmp; tmp = next) ++ { ++ next = tmp->next; ++ free(tmp); ++ } ++ ret_err_free(_("Bad name in host-record"), new); ++ } + ++ nl = opt_malloc(sizeof(struct name_list)); + nl->name = canon; + /* keep order, so that PTR record goes to first name */ + nl->next = NULL; +@@ -4179,6 +4344,7 @@ err: + int len; + + new->class = C_IN; ++ new->name = NULL; + + if ((comma = split(arg)) && (algo = split(comma))) + { +@@ -4203,7 +4369,7 @@ err: + !atoi_check8(algo, &new->algo) || + !atoi_check8(digest, &new->digest_type) || + !(new->name = canonicalise_opt(arg))) +- ret_err(_("bad trust anchor")); ++ ret_err_free(_("bad trust anchor"), new); + + /* Upper bound on length */ + len = (2*strlen(keyhex))+1; +@@ -4217,7 +4383,10 @@ err: + else + cp++; + if ((new->digestlen = parse_hex(keyhex, (unsigned char *)new->digest, len, NULL, NULL)) == -1) +- ret_err(_("bad HEX in trust anchor")); ++ { ++ free(new->name); ++ ret_err_free(_("bad HEX in trust anchor"), new); ++ } + + new->next = daemon->ds; + daemon->ds = new; +@@ -4686,8 +4855,8 @@ void read_opts(int argc, char **argv, ch + size_t argbuf_size = MAXDNAME; + char *argbuf = opt_malloc(argbuf_size); + char *buff = opt_malloc(MAXDNAME); +- int option, conffile_opt = '7', testmode = 0; +- char *arg, *conffile = CONFFILE; ++ int option, testmode = 0; ++ char *arg, *conffile = NULL; + + opterr = 0; + +@@ -4796,7 +4965,8 @@ void read_opts(int argc, char **argv, ch + } + else if (option == 'C') + { +- conffile_opt = 0; /* file must exist */ ++ if (conffile) ++ free(conffile); + conffile = opt_string_alloc(arg); + } + else +@@ -4814,10 +4984,11 @@ void read_opts(int argc, char **argv, ch + + if (conffile) + { +- one_file(conffile, conffile_opt); +- if (conffile_opt == 0) +- free(conffile); ++ one_file(conffile, 0); ++ free(conffile); + } ++ else ++ one_file(CONFFILE, '7'); + + /* port might not be known when the address is parsed - fill in here */ + if (daemon->servers) diff --git a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch index 88e334b0fc9..f2681e39939 100644 --- a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch +++ b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch @@ -44,7 +44,7 @@ (buffer = safe_malloc(BUFF_SZ)) && (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 && (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1)) -@@ -217,17 +198,10 @@ int add_to_ipset(const char *setname, co +@@ -211,16 +192,9 @@ int add_to_ipset(const char *setname, co if (flags & F_IPV6) { af = AF_INET6; @@ -55,7 +55,6 @@ - ret = -1; - } } - #endif - if (ret != -1) - ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove);