mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-01 03:26:51 +00:00
4540c3c3bf
Bump to 2.81rc5 and re-work ipset-remove-old-kernel-support. More runtime kernel version checking is done in 2.81rc5 in various parts of the code, so expand the ipset patch' scope to inlude those new areas and rename to something a bit more generic.:wq Upstream changes from rc4 532246f Tweak to DNSSEC logging. 8caf3d7 Fix rare problem allocating frec for DNSSEC. d162bee Allow overriding of ubus service name. b43585c Fix nameserver list in auth mode. 3f60ecd Fixed resource leak on ubus_init failure. 0506a5e Handle old kernels that don't do NETLINK_NO_ENOBUFS. e7ee1aa Extend stop-dns-rebind to reject IPv6 LL and ULA addresses. We also reject the loopback address if rebind-localhost-ok is NOT set. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
179 lines
5.1 KiB
Diff
179 lines
5.1 KiB
Diff
From 7df4c681678612d196b4e1eec24963d181fdb28a Mon Sep 17 00:00:00 2001
|
|
From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
Date: Sun, 5 Apr 2020 17:18:23 +0100
|
|
Subject: [PATCH] drop runtime old kernel support
|
|
|
|
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
---
|
|
src/dnsmasq.c | 4 ----
|
|
src/dnsmasq.h | 5 +---
|
|
src/ipset.c | 64 ++++-----------------------------------------------
|
|
src/netlink.c | 3 +--
|
|
src/util.c | 19 ---------------
|
|
5 files changed, 6 insertions(+), 89 deletions(-)
|
|
|
|
--- a/src/dnsmasq.c
|
|
+++ b/src/dnsmasq.c
|
|
@@ -94,10 +94,6 @@ int main (int argc, char **argv)
|
|
|
|
read_opts(argc, argv, compile_opts);
|
|
|
|
-#ifdef HAVE_LINUX_NETWORK
|
|
- daemon->kernel_version = kernel_version();
|
|
-#endif
|
|
-
|
|
if (daemon->edns_pktsz < PACKETSZ)
|
|
daemon->edns_pktsz = PACKETSZ;
|
|
|
|
--- a/src/dnsmasq.h
|
|
+++ b/src/dnsmasq.h
|
|
@@ -1110,7 +1110,7 @@ extern struct daemon {
|
|
int inotifyfd;
|
|
#endif
|
|
#if defined(HAVE_LINUX_NETWORK)
|
|
- int netlinkfd, kernel_version;
|
|
+ int netlinkfd;
|
|
#elif defined(HAVE_BSD_NETWORK)
|
|
int dhcp_raw_fd, dhcp_icmp_fd, routefd;
|
|
#endif
|
|
@@ -1290,9 +1290,6 @@ int read_write(int fd, unsigned char *pa
|
|
void close_fds(long max_fd, int spare1, int spare2, int spare3);
|
|
int wildcard_match(const char* wildcard, const char* match);
|
|
int wildcard_matchn(const char* wildcard, const char* match, int num);
|
|
-#ifdef HAVE_LINUX_NETWORK
|
|
-int kernel_version(void);
|
|
-#endif
|
|
|
|
/* log.c */
|
|
void die(char *message, char *arg1, int exit_code) ATTRIBUTE_NORETURN;
|
|
--- a/src/ipset.c
|
|
+++ b/src/ipset.c
|
|
@@ -70,7 +70,7 @@ struct my_nfgenmsg {
|
|
|
|
#define NL_ALIGN(len) (((len)+3) & ~(3))
|
|
static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK };
|
|
-static int ipset_sock, old_kernel;
|
|
+static int ipset_sock;
|
|
static char *buffer;
|
|
|
|
static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data)
|
|
@@ -85,12 +85,7 @@ static inline void add_attr(struct nlmsg
|
|
|
|
void ipset_init(void)
|
|
{
|
|
- old_kernel = (daemon->kernel_version < KERNEL_VERSION(2,6,32));
|
|
-
|
|
- if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1)
|
|
- return;
|
|
-
|
|
- if (!old_kernel &&
|
|
+ if (
|
|
(buffer = safe_malloc(BUFF_SZ)) &&
|
|
(ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 &&
|
|
(bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1))
|
|
@@ -147,65 +142,14 @@ static int new_add_to_ipset(const char *
|
|
return errno == 0 ? 0 : -1;
|
|
}
|
|
|
|
-
|
|
-static int old_add_to_ipset(const char *setname, const union all_addr *ipaddr, int remove)
|
|
-{
|
|
- socklen_t size;
|
|
- struct ip_set_req_adt_get {
|
|
- unsigned op;
|
|
- unsigned version;
|
|
- union {
|
|
- char name[IPSET_MAXNAMELEN];
|
|
- uint16_t index;
|
|
- } set;
|
|
- char typename[IPSET_MAXNAMELEN];
|
|
- } req_adt_get;
|
|
- struct ip_set_req_adt {
|
|
- unsigned op;
|
|
- uint16_t index;
|
|
- uint32_t ip;
|
|
- } req_adt;
|
|
-
|
|
- if (strlen(setname) >= sizeof(req_adt_get.set.name))
|
|
- {
|
|
- errno = ENAMETOOLONG;
|
|
- return -1;
|
|
- }
|
|
-
|
|
- req_adt_get.op = 0x10;
|
|
- req_adt_get.version = 3;
|
|
- strcpy(req_adt_get.set.name, setname);
|
|
- size = sizeof(req_adt_get);
|
|
- if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0)
|
|
- return -1;
|
|
- req_adt.op = remove ? 0x102 : 0x101;
|
|
- req_adt.index = req_adt_get.set.index;
|
|
- req_adt.ip = ntohl(ipaddr->addr4.s_addr);
|
|
- if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0)
|
|
- return -1;
|
|
-
|
|
- return 0;
|
|
-}
|
|
-
|
|
-
|
|
-
|
|
int add_to_ipset(const char *setname, const union all_addr *ipaddr, int flags, int remove)
|
|
{
|
|
int ret = 0, af = AF_INET;
|
|
|
|
if (flags & F_IPV6)
|
|
- {
|
|
af = AF_INET6;
|
|
- /* old method only supports IPv4 */
|
|
- if (old_kernel)
|
|
- {
|
|
- errno = EAFNOSUPPORT ;
|
|
- ret = -1;
|
|
- }
|
|
- }
|
|
-
|
|
- if (ret != -1)
|
|
- ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove);
|
|
+
|
|
+ ret = new_add_to_ipset(setname, ipaddr, af, remove);
|
|
|
|
if (ret == -1)
|
|
my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno));
|
|
--- a/src/netlink.c
|
|
+++ b/src/netlink.c
|
|
@@ -82,8 +82,7 @@ void netlink_init(void)
|
|
}
|
|
|
|
if (daemon->netlinkfd == -1 ||
|
|
- (daemon->kernel_version >= KERNEL_VERSION(2,6,30) &&
|
|
- setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1) ||
|
|
+ (setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1) ||
|
|
getsockname(daemon->netlinkfd, (struct sockaddr *)&addr, &slen) == -1)
|
|
die(_("cannot create netlink socket: %s"), NULL, EC_MISC);
|
|
|
|
--- a/src/util.c
|
|
+++ b/src/util.c
|
|
@@ -786,22 +786,3 @@ int wildcard_matchn(const char* wildcard
|
|
|
|
return (!num) || (*wildcard == *match);
|
|
}
|
|
-
|
|
-#ifdef HAVE_LINUX_NETWORK
|
|
-int kernel_version(void)
|
|
-{
|
|
- struct utsname utsname;
|
|
- int version;
|
|
- char *split;
|
|
-
|
|
- if (uname(&utsname) < 0)
|
|
- die(_("failed to find kernel version: %s"), NULL, EC_MISC);
|
|
-
|
|
- split = strtok(utsname.release, ".");
|
|
- version = (split ? atoi(split) : 0);
|
|
- split = strtok(NULL, ".");
|
|
- version = version * 256 + (split ? atoi(split) : 0);
|
|
- split = strtok(NULL, ".");
|
|
- return version * 256 + (split ? atoi(split) : 0);
|
|
-}
|
|
-#endif
|