dnsmasq-2.80.orig/0000775000000000000000000000000013350032235010734 5ustar dnsmasq-2.80.orig/.gitattributes0000664000000000000000000000002513350032235013624 0ustar VERSION export-subst dnsmasq-2.80.orig/Android.mk0000664000000000000000000000011413350032235012641 0ustar ifneq ($(TARGET_SIMULATOR),true) include $(call all-subdir-makefiles) endif dnsmasq-2.80.orig/CHANGELOG0000664000000000000000000026614613350032235012165 0ustar version 2.80 Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method for the initial patch and motivation. Alter the default for dnssec-check-unsigned. Versions of dnsmasq prior to 2.80 defaulted to not checking unsigned replies, and used --dnssec-check-unsigned to switch this on. Such configurations will continue to work as before, but those which used the default of no checking will need to be altered to explicitly select no checking. The new default is because switching off checking for unsigned replies is inherently dangerous. Not only does it open the possiblity of forged replies, but it allows everything to appear to be working even when the upstream namesevers do not support DNSSEC, and in this case no DNSSEC validation at all is occuring. Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip are set. Thanks to Daniel Miess for help with this. Add a facilty to store DNS packets sent/recieved in a pcap-format file for later debugging. The file location is given by the --dumpfile option, and a bitmap controlling which packets should be dumped is given by the --dumpmask option. Handle the case of both standard and constructed dhcp-ranges on the same interface better. We don't now contruct a dhcp-range if there's already one specified. This allows the specified interface to have different parameters and avoids advertising the same prefix twice. Thanks to Luis Marsano for spotting this case. Allow zone transfer in authoritative mode if auth-peer is specified, even if auth-sec-servers is not. Thanks to Raphaël Halimi for the suggestion. Fix bug which sometimes caused dnsmasq to wrongly return answers without DNSSEC RRs to queries with the do-bit set, but only when DNSSEC validation was not enabled. Thanks to Petr Menšík for spotting this. Fix missing fatal errors with some malformed options (server, local, address, rebind-domain-ok, ipset, alias). Thanks to Eugene Lozovoy for spotting the problem. Fix crash on startup with a --synth-domain which has no prefix. Introduced in 2.79. Thanks to Andreas Engel for the bug report. Fix missing EDNS0 section in some replies generated by local DNS configuration which confused systemd-resolvd. Thanks to Steve Dodd for characterising the problem. Add --dhcp-name-match config option. Add --caa-record config option. Implement --address=/example.com/# as (more efficient) syntactic sugar for --address=/example.com/0.0.0.0 and --address=/example.com/:: Returning null addresses is a useful technique for ad-blocking. Thanks to Peter Russell for the suggestion. Change anti cache-snooping behaviour with queries with the recursion-desired bit unset. Instead to returning SERVFAIL, we now always forward, and never answer from the cache. This allows "dig +trace" command to work. Include in the example config file a formulation which stops DHCP clients from claiming the DNS name "wpad". This is a fix for the CERT Vulnerability VU#598349. version 2.79 Fix parsing of CNAME arguments, which are confused by extra spaces. Thanks to Diego Aguirre for spotting the bug. Where available, use IP_UNICAST_IF or IPV6_UNICAST_IF to bind upstream servers to an interface, rather than SO_BINDTODEVICE. Thanks to Beniamino Galvani for the patch. Always return a SERVFAIL answer to DNS queries without the recursion desired bit set, UNLESS acting as an authoritative DNS server. This avoids a potential route to cache snooping. Add support for Ed25519 signatures in DNSSEC validation. No longer support RSA/MD5 signatures in DNSSEC validation, since these are not secure. This behaviour is mandated in RFC-6944. Fix incorrect error exit code from dhcp_release6 utility. Thanks Gaudenz Steinlin for the bug report. Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC time validation when --dnssec-no-timecheck is in use. Note that this is an incompatible change from earlier releases. Allow more than one --bridge-interface option to refer to an interface, so that we can use --bridge-interface=int1,alias1 --bridge-interface=int1,alias2 as an alternative to --bridge-interface=int1,alias1,alias2 Thanks to Neil Jerram for work on this. Fix for DNSSEC with wildcard-derived NSEC records. It's OK for NSEC records to be expanded from wildcards, but in that case, the proof of non-existence is only valid starting at the wildcard name, *. NOT the name expanded from the wildcard. Without this check it's possible for an attacker to craft an NSEC which wrongly proves non-existence. Thanks to Ralph Dolmans for finding this, and co-ordinating the vulnerability tracking and fix release. CVE-2017-15107 applies. Remove special handling of A-for-A DNS queries. These are no longer a significant problem in the global DNS. http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf Thanks to Mattias Hellström for the initial patch. Fix failure to delete dynamically created dhcp options from files in -dhcp-optsdir directories. Thanks to Lindgren Fredrik for the bug report. Add to --synth-domain the ability to create names using sequential numbers, as well as encodings of IP addresses. For instance, --synth-domain=thekelleys.org.uk,192.168.0.50,192.168.0.70,internal-* creates 21 domain names of the form internal-4.thekelleys.org.uk over the address range given, with internal-0.thekelleys.org.uk being 192.168.0.50 and internal-20.thekelleys.org.uk being 192.168.0.70 Thanks to Andy Hawkins for the suggestion. Tidy up Crypto code, removing workarounds for ancient versions of libnettle. We now require libnettle 3. version 2.78 Fix logic of appending "." to PXE basename. Thanks to Chris Novakovic for the patch. Revert ping-check of address in DHCPDISCOVER if there already exists a lease for the address. Under some circumstances, and netbooted windows installation can reply to pings before if has a DHCP lease and block allocation of the address it already used during netboot. Thanks to Jan Psota for spotting this. Fix DHCP relaying, broken in 2.76 and 2.77 by commit ff325644c7afae2588583f935f4ea9b9694eb52e. Thanks to John Fitzgibbon for the diagnosis and patch. Try other servers if first returns REFUSED when --strict-order active. Thanks to Hans Dedecker for the patch Fix regression in 2.77, ironically added as a security improvement, which resulted in a crash when a DNS query exceeded 512 bytes (or the EDNS0 packet size, if different.) Thanks to Christian Kujau, Arne Woerner Juan Manuel Fernandez and Kevin Darbyshire-Bryant for chasing this one down. CVE-2017-13704 applies. Fix heap overflow in DNS code. This is a potentially serious security hole. It allows an attacker who can make DNS requests to dnsmasq, and who controls the contents of a domain, which is thereby queried, to overflow (by 2 bytes) a heap buffer and either crash, or even take control of, dnsmasq. CVE-2017-14491 applies. Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana Kevin Hamacher and Ron Bowes of the Google Security Team for finding this. Fix heap overflow in IPv6 router advertisement code. This is a potentially serious security hole, as a crafted RA request can overflow a buffer and crash or control dnsmasq. Attacker must be on the local network. CVE-2017-14492 applies. Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher of the Google Security Team for finding this. Fix stack overflow in DHCPv6 code. An attacker who can send a DHCPv6 request to dnsmasq can overflow the stack frame and crash or control dnsmasq. CVE-2017-14493 applies. Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana Kevin Hamacher and Ron Bowes of the Google Security Team for finding this. Fix information leak in DHCPv6. A crafted DHCPv6 packet can cause dnsmasq to forward memory from outside the packet buffer to a DHCPv6 server when acting as a relay. CVE-2017-14494 applies. Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana Kevin Hamacher and Ron Bowes of the Google Security Team for finding this. Fix DoS in DNS. Invalid boundary checks in the add_pseudoheader function allows a memcpy call with negative size An attacker which can send malicious DNS queries to dnsmasq can trigger a DoS remotely. dnsmasq is vulnerable only if one of the following option is specified: --add-mac, --add-cpe-id or --add-subnet. CVE-2017-14496 applies. Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana Kevin Hamacher and Ron Bowes of the Google Security Team for finding this. Fix out-of-memory Dos vulnerability. An attacker which can send malicious DNS queries to dnsmasq can trigger memory allocations in the add_pseudoheader function The allocated memory is never freed which leads to a DoS through memory exhaustion. dnsmasq is vulnerable only if one of the following option is specified: --add-mac, --add-cpe-id or --add-subnet. CVE-2017-14495 applies. Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana Kevin Hamacher and Ron Bowes of the Google Security Team for finding this. version 2.77 Generate an error when configured with a CNAME loop, rather than a crash. Thanks to George Metz for spotting this problem. Calculate the length of TFTP error reply packet correctly. This fixes a problem when the error message in a TFTP packet exceeds the arbitrary limit of 500 characters. The message was correctly truncated, but not the packet length, so extra data was appended. This is a possible security risk, since the extra data comes from a buffer which is also used for DNS, so that previous DNS queries or replies may be leaked. Thanks to Mozilla for funding the security audit which spotted this bug. Fix logic error in Linux netlink code. This could cause dnsmasq to enter a tight loop on systems with a very large number of network interfaces. Thanks to Ivan Kokshaysky for the diagnosis and patch. Fix problem with --dnssec-timestamp whereby receipt of SIGHUP would erroneously engage timestamp checking. Thanks to Kevin Darbyshire-Bryant for this work. Bump zone serial on reloading /etc/hosts and friends when providing authoritative DNS. Thanks to Harrald Dunkel for spotting this. Handle v4-mapped IPv6 addresses sanely in --synth-domain. These have standard representation like ::ffff:1.2.3.4 and are now converted to names like --ffff-1-2-3-4. Handle binding upstream servers to an interface (--server=1.2.3.4@eth0) when the named interface is destroyed and recreated in the kernel. Thanks to Beniamino Galvani for the patch. Allow wildcard CNAME records in authoritative zones. For example --cname=*.example.com,default.example.com Thanks to Pro Backup for sponsoring this development. Bump the allowed backlog of TCP connections from 5 to 32, and make this a compile-time configurable option. Thanks to Donatas Abraitis for diagnosing this as a potential problem. Add DNSMASQ_REQUESTED_OPTIONS environment variable to the lease-change script. Thanks to ZHAO Yu for the patch. Fix foobar in rrfilter code, that could cause malformed replies, especially when DNSSEC validation on, and the upstream server returns answer with the RRs in a particular order. The only DNS server known to tickle this is Nominum's. Thanks to Dave Täht for spotting the bug and assisting in the fix. Fix the manpage which lied that only the primary address of an interface is used by --interface-name. Make --localise-queries apply to names from --interface-name. Thanks to Kevin Darbyshire-Bryant and Eric Luehrsen for pushing this. Improve connection handling when talking to TCP upstream servers. Specifically, be prepared to open a new TCP connection when we want to make multiple queries but the upstream server accepts fewer queries per connection. Improve logging of upstream servers when there are a lot of "local addresses only" entries. Thanks to Hannu Nyman for the patch. Make --bogus-priv apply to IPv6, for the prefixes specified in RFC6303. Thanks to Kevin Darbyshire-Bryant for work on this. Allow use of MAC addresses with --tftp-unique-root. Thanks to Floris Bos for the patch. Add --dhcp-reply-delay option. Thanks to Floris Bos for the patch. Add mtu setting facility to --ra-param. Thanks to David Flamand for the patch. Capture STDOUT and STDERR output from dhcp-script and log it as part of the dnsmasq log stream. Makes life easier for diagnosing unexpected problems in scripts. Thanks to Petr Mensik for the patch. Generate fatal errors when failing to parse the output of the dhcp-script in "init" mode. Avoids strange errors when the script accidentally emits error messages. Thanks to Petr Mensik for the patch. Make --rev-server for an RFC1918 subnet work even in the presence of the --bogus-priv flag. Thanks to Vladislav Grishenko for the patch. Extend --ra-param mtu: field to allow an interface name. This allows the MTU of a WAN interface to be advertised on the internal interfaces of a router. Thanks to Vladislav Grishenko for the patch. Do ICMP-ping check for address-in-use for DHCPv4 when the client specifies an address in DHCPDISCOVER, and when an address in configured locally. Thanks to Alin Năstac for spotting the problem. Add new DHCP tag "known-othernet" which is set when only a dhcp-host exists for another subnet. Can be used to ensure that privileged hosts are not given "guest" addresses by accident. Thanks to Todd Sanket for the suggestion. Remove historic automatic inclusion of IDN support when building internationalisation support. This doesn't fit now there is a choice of IDN libraries. Be sure to include either -DHAVE_IDN or -DHAVE_LIBIDN2 for IDN support. version 2.76 Include 0.0.0.0/8 in DNS rebind checks. This range translates to hosts on the local network, or, at least, 0.0.0.0 accesses the local host, so could be targets for DNS rebinding. See RFC 5735 section 3 for details. Thanks to Stephen Röttger for the bug report. Enhance --add-subnet to allow arbitrary subnet addresses. Thanks to Ed Barsley for the patch. Respect the --no-resolv flag in inotify code. Fixes bug which caused dnsmasq to fail to start if a resolv-file was a dangling symbolic link, even of --no-resolv set. Thanks to Alexander Kurtz for spotting the problem. Fix crash when an A or AAAA record is defined locally, in a hosts file, and an upstream server sends a reply that the same name is empty. Thanks to Edwin Török for the patch. Fix failure to correctly calculate cache-size when reading a hosts-file fails. Thanks to André Glüpker for the patch. Fix wrong answer to simple name query when --domain-needed set, but no upstream servers configured. Dnsmasq returned REFUSED, in this case, when it should be the same as when upstream servers are configured - NOERROR. Thanks to Allain Legacy for spotting the problem. Return REFUSED when running out of forwarding table slots, not SERVFAIL. Add --max-port configuration. Thanks to Hans Dedecker for the patch. Add --script-arp and two new functions for the dhcp-script. These are "arp" and "arp-old" which announce the arrival and removal of entries in the ARP or neighbour tables. Extend --add-mac to allow a new encoding of the MAC address as base64, by configuring --add-mac=base64 Add --add-cpe-id option. Don't crash with divide-by-zero if an IPv6 dhcp-range is declared as a whole /64. (ie xx::0 to xx::ffff:ffff:ffff:ffff) Thanks to Laurent Bendel for spotting this problem. Add support for a TTL parameter in --host-record and --cname. Add --dhcp-ttl option. Add --tftp-mtu option. Thanks to Patrick McLean for the initial patch. Check return-code of inet_pton() when parsing dhcp-option. Bad addresses could fail to generate errors and result in garbage dhcp-options being sent. Thanks to Marc Branchaud for spotting this. Fix wrong value for EDNS UDP packet size when using --servers-file to define upstream DNS servers. Thanks to Scott Bonar for the bug report. Move the dhcp_release and dhcp_lease_time tools from contrib/wrt to contrib/lease-tools. Add dhcp_release6 to contrib/lease-tools. Many thanks to Sergey Nechaev for this code. To avoid filling logs in configurations which define many upstream nameservers, don't log more that 30 servers. The number to be logged can be changed as SERVERS_LOGGED in src/config.h. Swap the values if BC_EFI and x86-64_EFI in --pxe-service. These were previously wrong due to an error in RFC 4578. If you're using BC_EFI to boot 64-bit EFI machines, you will need to update your config. Add ARM32_EFI and ARM64_EFI as valid architectures in --pxe-service. Fix PXE booting for UEFI architectures. Modify PXE boot sequence in this case to force the client to talk to dnsmasq over port 4011. This makes PXE and especially proxy-DHCP PXE work with these architectures. Workaround problems with UEFI PXE clients. There exist in the wild PXE clients which have problems with PXE boot menus. To work around this, when there's a single --pxe-service which applies to client, then that target will be booted directly, rather then sending a single-item boot menu. Many thanks to Jarek Polok, Michael Kuron and Dreamcat4 for their work on the long-standing UEFI PXE problem. Subtle change in the semantics of "basename" in --pxe-service. The historical behaviour has always been that the actual filename downloaded from the TFTP server is . where is an integer which corresponds to the layer parameter supplied by the client. It's not clear what the function of the "layer" actually is in the PXE protocol, and in practise layer is always zero, so the filename is .0 The new behaviour is the same as the old, except when includes a file suffix, in which case the layer suffix is no longer added. This allows sensible suffices to be used, rather then the meaningless ".0". Only in the unlikely event that you have a config with a basename which already has a suffix, is this an incompatible change, since the file downloaded will change from name.suffix.0 to just name.suffix version 2.75 Fix reversion on 2.74 which caused 100% CPU use when a dhcp-script is configured. Thanks to Adrian Davey for reporting the bug and testing the fix. version 2.74 Fix reversion in 2.73 where --conf-file would attempt to read the default file, rather than no file. Fix inotify code to handle dangling symlinks better and not SEGV in some circumstances. DNSSEC fix. In the case of a signed CNAME generated by a wildcard which pointed to an unsigned domain, the wrong status would be logged, and some necessary checks omitted. version 2.73 Fix crash at startup when an empty suffix is supplied to --conf-dir, also trivial memory leak. Thanks to Tomas Hozza for spotting this. Remove floor of 4096 on advertised EDNS0 packet size when DNSSEC in use, the original rationale for this has long gone. Thanks to Anders Kaseorg for spotting this. Use inotify for checking on updates to /etc/resolv.conf and friends under Linux. This fixes race conditions when the files are updated rapidly and saves CPU by noy polling. To build a binary that runs on old Linux kernels without inotify, use make COPTS=-DNO_INOTIFY Fix breakage of --domain=,,local - only reverse queries were intercepted. THis appears to have been broken since 2.69. Thanks to Josh Stone for finding the bug. Eliminate IPv6 privacy addresses and deprecated addresses from the answers given by --interface-name. Note that reverse queries (ie looking for names, given addresses) are not affected. Thanks to Michael Gorbach for the suggestion. Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids for the bug report. Add --ignore-address option. Ignore replies to A-record queries which include the specified address. No error is generated, dnsmasq simply continues to listen for another reply. This is useful to defeat blocking strategies which rely on quickly supplying a forged answer to a DNS request for certain domains, before the correct answer can arrive. Thanks to Glen Huang for the patch. Revisit the part of DNSSEC validation which determines if an unsigned answer is legit, or is in some part of the DNS tree which should be signed. Dnsmasq now works from the DNS root downward looking for the limit of signed delegations, rather than working bottom up. This is both more correct, and less likely to trip over broken nameservers in the unsigned parts of the DNS tree which don't respond well to DNSSEC queries. Add --log-queries=extra option, which makes logs easier to search automatically. Add --min-cache-ttl option. I've resisted this for a long time, on the grounds that disbelieving TTLs is never a good idea, but I've been persuaded that there are sometimes reasons to do it. (Step forward, GFW). To avoid misuse, there's a hard limit on the TTL floor of one hour. Thanks to RinSatsuki for the patch. Cope with multiple interfaces with the same link-local address. (IPv6 addresses are scoped, so this is allowed.) Thanks to Cory Benfield for help with this. Add --dhcp-hostsdir. This allows addition of new host configurations to a running dnsmasq instance much more cheaply than having dnsmasq re-read all its existing configuration each time. Don't reply to DHCPv6 SOLICIT messages if we're not configured to do stateful DHCPv6. Thanks to Win King Wan for the patch. Fix broken DNSSEC validation of ECDSA signatures. Add --dnssec-timestamp option, which provides an automatic way to detect when the system time becomes valid after boot on systems without an RTC, whilst allowing DNS queries before the clock is valid so that NTP can run. Thanks to Kevin Darbyshire-Bryant for developing this idea. Add --tftp-no-fail option. Thanks to Stefan Tomanek for the patch. Fix crash caused by looking up servers.bind, CHAOS text record, when more than about five --servers= lines are in the dnsmasq config. This causes memory corruption which causes a crash later. Thanks to Matt Coddington for sterling work chasing this down. Fix crash on receipt of certain malformed DNS requests. Thanks to Nick Sampanis for spotting the problem. Note that this is could allow the dnsmasq process's memory to be read by an attacker under certain circumstances, so it has a CVE, CVE-2015-3294 Fix crash in authoritative DNS code, if a .arpa zone is declared as authoritative, and then a PTR query which is not to be treated as authoritative arrived. Normally, directly declaring .arpa zone as authoritative is not done, so this crash wouldn't be seen. Instead the relevant .arpa zone should be specified as a subnet in the auth-zone declaration. Thanks to Johnny S. Lee for the bugreport and initial patch. Fix authoritative DNS code to correctly reply to NS and SOA queries for .arpa zones for which we are declared authoritative by means of a subnet in auth-zone. Previously we provided correct answers to PTR queries in such zones (including NS and SOA) but not direct NS and SOA queries. Thanks to Johnny S. Lee for pointing out the problem. Fix logging of DHCPREPLY which should be suppressed by quiet-dhcp6. Thanks to J. Pablo Abonia for spotting the problem. Try and handle net connections with broken fragmentation that lose large UDP packets. If a server times out, reduce the maximum UDP packet size field in the EDNS0 header to 1280 bytes. If it then answers, make that change permanent. Check IPv4-mapped IPv6 addresses when --stop-rebind is active. Thanks to Jordan Milne for spotting this. Allow DHCPv4 options T1 and T2 to be set using --dhcp-option. Thanks to Kevin Benton for patches and work on this. Fix code for DHCPCONFIRM DHCPv6 messages to confirm addresses in the correct subnet, even of not in dynamic address allocation range. Thanks to Steve Hirsch for spotting the problem. Add AddDhcpLease and DeleteDhcpLease DBus methods. Thanks to Nicolas Cavallari for the patch. Allow configuration of router advertisements without the "on-link" bit set. Thanks to Neil Jerram for the patch. Extend --bridge-interface to DHCPv6 and router advertisements. Thanks to Neil Jerram for the patch. version 2.72 Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. Add support for "ipsets" in *BSD, using pf. Thanks to Sven Falempin for the patch. Fix race condition which could lock up dnsmasq when an interface goes down and up rapidly. Thanks to Conrad Kostecki for helping to chase this down. Add DBus methods SetFilterWin2KOption and SetBogusPrivOption Thanks to the Smoothwall project for the patch. Fix failure to build against Nettle-3.0. Thanks to Steven Barth for spotting this and finding the fix. When assigning existing DHCP leases to interfaces by comparing networks, handle the case that two or more interfaces have the same network part, but different prefix lengths (favour the longer prefix length.) Thanks to Lung-Pin Chang for the patch. Add a mode which detects and removes DNS forwarding loops, ie a query sent to an upstream server returns as a new query to dnsmasq, and would therefore be forwarded again, resulting in a query which loops many times before being dropped. Upstream servers which loop back are disabled and this event is logged. Thanks to Smoothwall for their sponsorship of this feature. Extend --conf-dir to allow filtering of files. So --conf-dir=/etc/dnsmasq.d,\*.conf will load all the files in /etc/dnsmasq.d which end in .conf Fix bug when resulted in NXDOMAIN answers instead of NODATA in some circumstances. Fix bug which caused dnsmasq to become unresponsive if it failed to send packets due to a network interface disappearing. Thanks to Niels Peen for spotting this. Fix problem with --local-service option on big-endian platforms Thanks to Richard Genoud for the patch. version 2.71 Subtle change to error handling to help DNSSEC validation when servers fail to provide NODATA answers for non-existent DS records. Tweak code which removes DNSSEC records from answers when not required. Fixes broken answers when additional section has real records in it. Thanks to Marco Davids for the bug report. Fix DNSSEC validation of ANY queries. Thanks to Marco Davids for spotting that too. Fix total DNS failure and 100% CPU use if cachesize set to zero, regression introduced in 2.69. Thanks to James Hunt and the Ubuntu crowd for assistance in fixing this. version 2.70 Fix crash, introduced in 2.69, on TCP request when dnsmasq compiled with DNSSEC support, but running without DNSSEC enabled. Thanks to Manish Sing for spotting that one. Fix regression which broke ipset functionality. Thanks to Wang Jian for the bug report. version 2.69 Implement dynamic interface discovery on *BSD. This allows the constructor: syntax to be used in dhcp-range for DHCPv6 on the BSD platform. Thanks to Matthias Andree for valuable research on how to implement this. Fix infinite loop associated with some --bogus-nxdomain configs. Thanks fogobogo for the bug report. Fix missing RA RDNS option with configuration like --dhcp-option=option6:23,[::] Thanks to Tsachi Kimeldorfer for spotting the problem. Add [fd00::] and [fe80::] as special addresses in DHCPv6 options, analogous to [::]. [fd00::] is replaced with the actual ULA of the interface on the machine running dnsmasq, [fe80::] with the link-local address. Thanks to Tsachi Kimeldorfer for championing this. DNSSEC validation and caching. Dnsmasq needs to be compiled with this enabled, with make dnsmasq COPTS=-DHAVE_DNSSEC this adds dependencies on the nettle crypto library and the gmp maths library. It's possible to have these linked statically with make dnsmasq COPTS='-DHAVE_DNSSEC -DHAVE_DNSSEC_STATIC' which bloats the dnsmasq binary, but saves the size of the shared libraries which are much bigger. To enable, DNSSEC, you will need a set of trust-anchors. Now that the TLDs are signed, this can be the keys for the root zone, and for convenience they are included in trust-anchors.conf in the dnsmasq distribution. You should of course check that these are legitimate and up-to-date. So, adding conf-file=/path/to/trust-anchors.conf dnssec to your config is all that's needed to get things working. The upstream nameservers have to be DNSSEC-capable too, of course. Many ISP nameservers aren't, but the Google public nameservers (8.8.8.8 and 8.8.4.4) are. When DNSSEC is configured, dnsmasq validates any queries for domains which are signed. Query results which are bogus are replaced with SERVFAIL replies, and results which are correctly signed have the AD bit set. In addition, and just as importantly, dnsmasq supplies correct DNSSEC information to clients which are doing their own validation, and caches DNSKEY, DS and RRSIG records, which significantly improve the performance of downstream validators. Setting --log-queries will show DNSSEC in action. If a domain is returned from an upstream nameserver without DNSSEC signature, dnsmasq by default trusts this. This means that for unsigned zone (still the majority) there is effectively no cost for having DNSSEC enabled. Of course this allows an attacker to replace a signed record with a false unsigned record. This is addressed by the --dnssec-check-unsigned flag, which instructs dnsmasq to prove that an unsigned record is legitimate, by finding a secure proof that the zone containing the record is not signed. Doing this has costs (typically one or two extra upstream queries). It also has a nasty failure mode if dnsmasq's upstream nameservers are not DNSSEC capable. Without --dnssec-check-unsigned using such an upstream server will simply result in not queries being validated; with --dnssec-check-unsigned enabled and a DNSSEC-ignorant upstream server, _all_ queries will fail. Note that DNSSEC requires that the local time is valid and accurate, if not then DNSSEC validation will fail. NTP should be running. This presents a problem for routers without a battery-backed clock. To set the time needs NTP to do DNS lookups, but lookups will fail until NTP has run. To address this, there's a flag, --dnssec-no-timecheck which disables the time checks (only) in DNSSEC. When dnsmasq is started and the clock is not synced, this flag should be used. As soon as the clock is synced, SIGHUP dnsmasq. The SIGHUP clears the cache of partially-validated data and resets the no-timecheck flag, so that all DNSSEC checks henceforward will be complete. The development of DNSSEC in dnsmasq was started by Giovanni Bajo, to whom huge thanks are owed. It has been supported by Comcast, whose techfund grant has allowed for an invaluable period of full-time work to get it to a workable state. Add --rev-server. Thanks to Dave Taht for suggesting this. Add --servers-file. Allows dynamic update of upstream servers full access to configuration. Add --local-service. Accept DNS queries only from hosts whose address is on a local subnet, ie a subnet for which an interface exists on the server. This option only has effect if there are no --interface --except-interface, --listen-address or --auth-server options. It is intended to be set as a default on installation, to allow unconfigured installations to be useful but also safe from being used for DNS amplification attacks. Fix crashes in cache_get_cname_target() when dangling CNAMEs encountered. Thanks to Andy and the rt-n56u project for find this and helping to chase it down. Fix wrong RCODE in authoritative DNS replies to PTR queries. The correct answer was included, but the RCODE was set to NXDOMAIN. Thanks to Craig McQueen for spotting this. Make statistics available as DNS queries in the .bind TLD as well as logging them. version 2.68 Use random addresses for DHCPv6 temporary address allocations, instead of algorithmically determined stable addresses. Fix bug which meant that the DHCPv6 DUID was not available in DHCP script runs during the lifetime of the dnsmasq process which created the DUID de-novo. Once the DUID was created and stored in the lease file and dnsmasq restarted, this bug disappeared. Fix bug introduced in 2.67 which could result in erroneous NXDOMAIN returns to CNAME queries. Fix build failures on MacOS X and openBSD. Allow subnet specifications in --auth-zone to be interface names as well as address literals. This makes it possible to configure authoritative DNS when local address ranges are dynamic and works much better than the previous work-around which exempted constructed DHCP ranges from the IP address filtering. As a consequence, that work-around is removed. Under certain circumstances, this change wil break existing configuration: if you're relying on the constructed-range exception, you need to change --auth-zone to specify the same interface as is used to construct your DHCP ranges, probably with a trailing "/6" like this: --auth-zone=example.com,eth0/6 to limit the addresses to IPv6 addresses of eth0. Fix problems when advertising deleted IPv6 prefixes. If the prefix is deleted (rather than replaced), it doesn't get advertised with zero preferred time. Thanks to Tsachi for the bug report. Fix segfault with some locally configured CNAMEs. Thanks to Andrew Childs for spotting the problem. Fix memory leak on re-reading /etc/hosts and friends, introduced in 2.67. Check the arrival interface of incoming DNS and TFTP requests via IPv6, even in --bind-interfaces mode. This isn't possible for IPv4 and can generate scary warnings, but as it's always possible for IPv6 (the API always exists) then we should do it always. Tweak the rules on prefix-lengths in --dhcp-range for IPv6. The new rule is that the specified prefix length must be larger than or equal to the prefix length of the corresponding address on the local interface. version 2.67 Fix crash if upstream server returns SERVFAIL when --conntrack in use. Thanks to Giacomo Tazzari for finding this and supplying the patch. Repair regression in 2.64. That release stopped sending lease-time information in the reply to DHCPINFORM requests, on the correct grounds that it was a standards violation. However, this broke the dnsmasq-specific dhcp_lease_time utility. Now, DHCPINFORM returns lease-time only if it's specifically requested (maintaining standards) and the dhcp_lease_time utility has been taught to ask for it (restoring functionality). Fix --dhcp-match, --dhcp-vendorclass and --dhcp-userclass to work with BOOTP and well as DHCP. Thanks to Peter Korsgaard for spotting the problem. Add --synth-domain. Thanks to Vishvananda Ishaya for suggesting this. Fix failure to compile ipset.c if old kernel headers are in use. Thanks to Eugene Rudoy for pointing this out. Handle IPv4 interface-address labels in Linux. These are often used to emulate the old IP-alias addresses. Before, using --interface=eth0 would service all the addresses of eth0, including ones configured as aliases, which appear in ifconfig as eth0:0. Now, only addresses with the label eth0 are active. This is not backwards compatible: if you want to continue to bind the aliases too, you need to add eg. --interface=eth0:0 to the config. Fix "failed to set SO_BINDTODEVICE on DHCP socket: Socket operation on non-socket" error on startup with configurations which have exactly one --interface option and do RA but _not_ DHCPv6. Thanks to Trever Adams for the bug report. Generalise --interface-name to cope with IPv6 addresses and multiple addresses per interface per address family. Fix option parsing for --dhcp-host, which was generating a spurious error when all seven possible items were included. Thanks to Zhiqiang Wang for the bug report. Remove restriction on prefix-length in --auth-zone. Thanks to Toke Hoiland-Jorgensen for suggesting this. Log when the maximum number of concurrent DNS queries is reached. Thanks to Marcelo Salhab Brogliato for the patch. If wildcards are used in --interface, don't assume that there will only ever be one available interface for DHCP just because there is one at start-up. More may appear, so we can't use SO_BINDTODEVICE. Thanks to Natrio for the bug report. Increase timeout/number of retries in TFTP to accommodate AudioCodes Voice Gateways doing streaming writes to flash. Thanks to Damian Kaczkowski for spotting the problem. Fix crash with empty DHCP string options when adding zero terminator. Thanks to Patrick McLean for the bug report. Allow hostnames to start with a number, as allowed in RFC-1123. Thanks to Kyle Mestery for the patch. Fixes to DHCP FQDN option handling: don't terminate FQDN if domain not known and allow a FQDN option with blank name to request that a FQDN option is returned in the reply. Thanks to Roy Marples for the patch. Make --clear-on-reload apply to setting upstream servers via DBus too. When the address which triggered the construction of an advertised IPv6 prefix disappears, continue to advertise the prefix for up to 2 hours, with the preferred lifetime set to zero. This satisfies RFC 6204 4.3 L-13 and makes things work better if a prefix disappears without being deprecated first. Thanks to Uwe Schindler for persuasively arguing for this. Fix MAC address enumeration on *BSD. Thanks to Brad Smith for the bug report. Support RFC-4242 information-refresh-time options in the reply to DHCPv6 information-request. The lease time of the smallest valid dhcp-range is sent. Thanks to Uwe Schindler for suggesting this. Make --listen-address higher priority than --except-interface in all circumstances. Thanks to Thomas Hood for the bugreport. Provide independent control over which interfaces get TFTP service. If enable-tftp is given a list of interfaces, then TFTP is provided on those. Without the list, the previous behaviour (provide TFTP to the same interfaces we provide DHCP to) is retained. Thanks to Lonnie Abelbeck for the suggestion. Add --dhcp-relay config option. Many thanks to vtsl.net for sponsoring this development. Fix crash with empty tag: in --dhcp-range. Thanks to Kaspar Schleiser for the bug report. Add "baseline" and "bloatcheck" makefile targets, for revealing size changes during development. Thanks to Vladislav Grishenko for the patch. Cope with DHCPv6 clients which send REQUESTs without address options - treat them as SOLICIT with rapid commit. Support identification of clients by MAC address in DHCPv6. When using a relay, the relay must support RFC 6939 for this to work. It always works for directly connected clients. Thanks to Vladislav Grishenko for prompting this feature. Remove the rule for constructed DHCP ranges that the local address must be either the first or last address in the range. This was originally to avoid SLAAC addresses, but we now explicitly autoconfig and privacy addresses instead. Update Polish translation. Thanks to Jan Psota. Fix problem in DHCPv6 vendorclass/userclass matching code. Thanks to Tanguy Bouzeloc for the patch. Update Spanish translation. Thanks to Vicente Soriano. Add --ra-param option. Thanks to Vladislav Grishenko for inspiration on this. Add --add-subnet configuration, to tell upstream DNS servers where the original client is. Thanks to DNSthingy for sponsoring this feature. Add --quiet-dhcp, --quiet-dhcp6 and --quiet-ra. Thanks to Kevin Darbyshire-Bryant for the initial patch. Allow A/AAAA records created by --interface-name to be the target of --cname. Thanks to Hadmut Danisch for the suggestion. Avoid treating a --dhcp-host which has an IPv6 address as eligible for use with DHCPv4 on the grounds that it has no address, and vice-versa. Thanks to Yury Konovalov for spotting the problem. Do a better job caching dangling CNAMEs. Thanks to Yves Dorfsman for spotting the problem. version 2.66 Add the ability to act as an authoritative DNS server. Dnsmasq can now answer queries from the wider 'net with local data, as long as the correct NS records are set up. Only local data is provided, to avoid creating an open DNS relay. Zone transfer is supported, to allow secondary servers to be configured. Add "constructed DHCP ranges" for DHCPv6. This is intended for IPv6 routers which get prefixes dynamically via prefix delegation. With suitable configuration, stateful DHCPv6 and RA can happen automatically as prefixes are delegated and then deprecated, without having to re-write the dnsmasq configuration file or restart the daemon. Thanks to Steven Barth for extensive testing and development work on this idea. Fix crash on startup on Solaris 11. Regression probably introduced in 2.61. Thanks to Geoff Johnstone for the patch. Add code to make behaviour for TCP DNS requests that same as for UDP requests, when a request arrives for an allowed address, but via a banned interface. This change is only active on Linux, since the relevant API is missing (AFAIK) on other platforms. Many thanks to Tomas Hozza for spotting the problem, and doing invaluable discovery of the obscure and undocumented API required for the solution. Don't send the default DHCP option advertising dnsmasq as the local DNS server if dnsmasq is configured to not act as DNS server, or it's configured to a non-standard port. Add DNSMASQ_CIRCUIT_ID, DNSMASQ_SUBSCRIBER_ID, DNSMASQ_REMOTE_ID variables to the environment of the lease-change script (and the corresponding Lua). These hold information inserted into the DHCP request by a DHCP relay agent. Thanks to Lakefield Communications for providing a bounty for this addition. Fixed crash, introduced in 2.64, whilst handling DHCPv6 information-requests with some common configurations. Thanks to Robert M. Albrecht for the bug report and chasing the problem. Add --ipset option. Thanks to Jason A. Donenfeld for the patch. Don't erroneously reject some option names in --dhcp-match options. Thanks to Benedikt Hochstrasser for the bug report. Allow a trailing '*' wildcard in all interface-name configurations. Thanks to Christian Parpart for the patch. Handle the situation where libc headers define SO_REUSEPORT, but the kernel in use doesn't, to cope with the introduction of this option to Linux. Thanks to Rich Felker for the bug report. Update Polish translation. Thanks to Jan Psota. Fix crash if the configured DHCP lease limit is reached. Regression occurred in 2.61. Thanks to Tsachi for the bug report. Update the French translation. Thanks to Gildas le Nadan. version 2.65 Fix regression which broke forwarding of queries sent via TCP which are not for A and AAAA and which were directed to non-default servers. Thanks to Niax for the bug report. Fix failure to build with DHCP support excluded. Thanks to Gustavo Zacarias for the patch. Fix nasty regression in 2.64 which completely broke caching. version 2.64 Handle DHCP FQDN options with all flag bits zero and --dhcp-client-update set. Thanks to Bernd Krumbroeck for spotting the problem. Finesse the check for /etc/hosts names which conflict with DHCP names. Previously a name/address pair in /etc/hosts which didn't match the name/address of a DHCP lease would generate a warning. Now that only happens if there is not also a match. This allows multiple addresses for a name in /etc/hosts with one of them assigned via DHCP. Fix broken vendor-option processing for BOOTP. Thanks to Hans-Joachim Baader for the bug report. Don't report spurious netlink errors, regression in 2.63. Thanks to Vladislav Grishenko for the patch. Flag DHCP or DHCPv6 in startup logging. Thanks to Vladislav Grishenko for the patch. Add SetServersEx method in DBus interface. Thanks to Dan Williams for the patch. Add SetDomainServers method in DBus interface. Thanks to Roy Marples for the patch. Fix build with later Lua libraries. Thanks to Cristian Rodriguez for the patch. Add --max-cache-ttl option. Thanks to Dennis Kaarsemaker for the patch. Fix breakage of --host-record parsing, resulting in infinite loop at startup. Regression in 2.63. Thanks to Haim Gelfenbeyn for spotting this. Set SO_REUSEADDRESS and SO_V6ONLY options on the DHCPv6 socket, this allows multiple instances of dnsmasq on a single machine, in the same way as for DHCPv4. Thanks to Gene Czarcinski and Vladislav Grishenko for work on this. Fix DHCPv6 to do access control correctly when it's configured with --listen-address. Thanks to Gene Czarcinski for sorting this out. Add a "wildcard" dhcp-range which works for any IPv6 subnet, --dhcp-range=::,static Useful for Stateless DHCPv6. Thanks to Vladislav Grishenko for the patch. Don't include lease-time in DHCPACK replies to DHCPINFORM queries, since RFC-2131 says we shouldn't. Thanks to Wouter Ibens for pointing this out. Makefile tweak to do dependency checking on header files. Thanks to Johan Peeters for the patch. Check interface for outgoing unsolicited router advertisements, rather than relying on interface address configuration. Thanks to Gene Czarinski for the patch. Handle better attempts to transmit on interfaces which are still doing DAD, and specifically do not just transmit without setting source address and interface, since this can cause very puzzling effects when a router advertisement goes astray. Thanks again to Gene Czarinski. Get RA timers right when there is more than one dhcp-range on a subnet. version 2.63 Do duplicate dhcp-host address check in --test mode. Check that tftp-root directories are accessible before start-up. Thanks to Daniel Veillard for the initial patch. Allow more than one --tfp-root flag. The per-interface stuff is pointless without that. Add --bind-dynamic. A hybrid mode between the default and --bind-interfaces which copes with dynamically created interfaces. A couple of fixes to the build system for Android. Thanks to Metin Kaya for the patches. Remove the interface: argument in --dhcp-range, and the interface argument to --enable-tftp. These were a still-born attempt to allow automatic isolated configuration by libvirt, but have never (to my knowledge) been used, had very strange semantics, and have been superseded by other mechanisms. Fixed bug logging filenames when duplicate dhcp-host addresses are found. Thanks to John Hanks for the patch. Fix regression in 2.61 which broke caching of CNAME chains. Thanks to Atul Gupta for the bug report. Allow the target of a --cname flag to be another --cname. Teach DHCPv6 about the RFC 4242 information-refresh-time option, and add parsing if the minutes, hours and days format for options. Thanks to Francois-Xavier Le Bail for the suggestion. Allow "w" (for week) as multiplier in lease times, as well as seconds, minutes, hours and days. Álvaro Gámez Machado spotted the omission. Update French translation. Thanks to Gildas Le Nadan. Allow a DBus service name to be given with --enable-dbus which overrides the default, uk.org.thekelleys.dnsmasq. Thanks to Mathieu Trudel-Lapierre for the patch. Set the "prefix on-link" bit in Router Advertisements. Thanks to Gui Iribarren for the patch. version 2.62 Update German translation. Thanks to Conrad Kostecki. Cope with router-solict packets which don't have a valid source address. Thanks to Vladislav Grishenko for the patch. Fixed bug which caused missing periodic router advertisements with some configurations. Thanks to Vladislav Grishenko for the patch. Fixed bug which broke DHCPv6/RA with prefix lengths which are not divisible by 8. Thanks to Andre Coetzee for spotting this. Fix non-response to router-solicitations when router-advertisement configured, but DHCPv6 not configured. Thanks to Marien Zwart for the patch. Add --dns-rr, to allow arbitrary DNS resource records. Fixed bug which broke RA scheduling when an interface had two addresses in the same network. Thanks to Jim Bos for his help nailing this. version 2.61 Re-write interface discovery code on *BSD to use getifaddrs. This is more portable, more straightforward, and allows us to find the prefix length for IPv6 addresses. Add ra-names, ra-stateless and slaac keywords for DHCPv6. Dnsmasq can now synthesise AAAA records for dual-stack hosts which get IPv6 addresses via SLAAC. It is also now possible to use SLAAC and stateless DHCPv6, and to tell clients to use SLAAC addresses as well as DHCP ones. Thanks to Dave Taht for help with this. Add --dhcp-duid to allow DUID-EN uids to be used. Explicitly send DHCPv6 replies to the correct port, instead of relying on clients to send requests with the correct source address, since at least one client in the wild gets this wrong. Thanks to Conrad Kostecki for help tracking this down. Send a preference value of 255 in DHCPv6 replies when --dhcp-authoritative is in effect. This tells clients not to wait around for other DHCP servers. Better logging of DHCPv6 options. Add --host-record. Thanks to Rob Zwissler for the suggestion. Invoke the DHCP script with action "tftp" when a TFTP file transfer completes. The size of the file, address to which it was sent and complete pathname are supplied. Note that version 2.60 introduced some script incompatibilities associated with DHCPv6, and this is a further change. To be safe, scripts should ignore unknown actions, and if not IPv6-aware, should exit if the environment variable DNSMASQ_IAID is set. The use-case for this is to track netboot/install. Suggestion from Shantanu Gadgil. Update contrib/port-forward/dnsmasq-portforward to reflect the above. Set the environment variable DNSMASQ_LOG_DHCP when running the script id --log-dhcp is in effect, so that script can taylor their logging verbosity. Suggestion from Malte Forkel. Arrange that addresses specified with --listen-address work even if there is no interface carrying the address. This is chiefly useful for IPv4 loopback addresses, where any address in 127.0.0.0/8 is a valid loopback address, but normally only 127.0.0.1 appears on the lo interface. Thanks to Mathieu Trudel-Lapierre for the idea and initial patch. Fix crash, introduced in 2.60, when a DHCPINFORM is received from a network which has no valid dhcp-range. Thanks to Stephane Glondu for the bug report. Add a new DHCP lease time keyword, "deprecated" for --dhcp-range. This is only valid for IPv6, and sets the preferred lease time for both DHCP and RA to zero. The effect is that clients can continue to use the address for existing connections, but new connections will use other addresses, if they exist. This makes hitless renumbering at least possible. Fix bug in address6_available() which caused DHCPv6 lease acquisition to fail if more than one dhcp-range in use. Provide RDNSS and DNSSL data in router advertisements, using the settings provided for DHCP options option6:domain-search and option6:dns-server. Tweak logo/favicon.ico to add some transparency. Thanks to SamLT for work on this. Don't cache data from non-recursive nameservers, since it may erroneously look like a valid CNAME to a non-existent name. Thanks to Ben Winslow for finding this. Call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP on exactly one interface and --bind-interfaces is set. This makes the OpenStack use-case of one dnsmasq per virtual interface work. This is only available on Linux; it's not supported on other platforms. Thanks to Vishvananda Ishaya and the OpenStack team for the suggestion. Updated French translation. Thanks to Gildas Le Nadan. Give correct from-cache answers to explicit CNAME queries. Thanks to Rob Zwissler for spotting this. Add --tftp-lowercase option. Thanks to Oliver Rath for the patch. Ensure that the DBus DhcpLeaseUpdated events are generated when a lease goes through INIT_REBOOT state, even if the dhcp-script is not in use. Thanks to Antoaneta-Ecaterina Ene for the patch. Fix failure of TFTP over IPv4 on OpenBSD platform. Thanks to Brad Smith for spotting this. version 2.60 Fix compilation problem in Mac OS X Lion. Thanks to Olaf Flebbe for the patch. Fix DHCP when using --listen-address with an IP address which is not the primary address of an interface. Add --dhcp-client-update option. Add Lua integration. Dnsmasq can now execute a DHCP lease-change script written in Lua. This needs to be enabled at compile time by setting HAVE_LUASCRIPT in src/config.h or running "make COPTS=-DHAVE_LUASCRIPT" Thanks to Jan-Piet Mens for the idea and proof-of-concept implementation. Tidied src/config.h to distinguish between platform-dependent compile-time options which are selected automatically, and builder-selectable compile time options. Document the latter better, and describe how to set them from the make command line. Tidied up IPPROTO_IP/SOL_IP (and IPv6 equivalent) confusion. IPPROTO_IP works everywhere now. Set TOS on DHCP sockets, this improves things on busy wireless networks. Thanks to Dave Taht for the patch. Determine VERSION automatically based on git magic: release tags or hash values. Improve start-up speed when reading large hosts files containing many distinct addresses. Fix problem if dnsmasq is started without the stdin, stdout and stderr file descriptors open. This can manifest itself as 100% CPU use. Thanks to Chris Moore for finding this. Fix shell-scripting bug in bld/pkg-wrapper. Thanks to Mark Mitchell for the patch. Allow the TFP server or boot server in --pxe-service, to be a domain name instead of an IP address. This allows for round-robin to multiple servers, in the same way as --dhcp-boot. A good suggestion from Cristiano Cumer. Support BUILDDIR variable in the Makefile. Allows builds for multiple archs from the same source tree with eg. make BUILDDIR=linux (relative to dnsmasq tree) make BUILDDIR=/tmp/openbsd (absolute path) If BUILDDIR is not set, compilation happens in the src directory, as before. Suggestion from Mark Mitchell. Support DHCPv6. Support is there for the sort of things the existing v4 server does, including tags, options, static addresses and relay support. Missing is prefix delegation, which is probably not required in the dnsmasq niche, and an easy way to accept prefix delegations from an upstream DHCPv6 server, which is. Future plans include support for DHCPv6 router option and MAC address option (to make selecting clients by MAC address work like IPv4). These will be added as the standards mature. This code has been tested, but this is the first release, so don't bet the farm on it just yet. Many thanks to all testers who have got it this far. Support IPv6 router advertisements. This is a simple-minded implementation, aimed at providing the vestigial RA needed to go alongside IPv6. Is picks up configuration from the DHCPv6 conf, and should just need enabling with --enable-ra. Fix long-standing wrinkle with --localise-queries that could result in wrong answers when DNS packets arrive via an interface other than the expected one. Thanks to Lorenzo Milesi and John Hanks for spotting this one. Update French translation. Thanks to Gildas Le Nadan. Update Polish translation. Thanks to Jan Psota. version 2.59 Fix regression in 2.58 which caused failure to start up with some combinations of dnsmasq config and IPv6 kernel network config. Thanks to Brielle Bruns for the bug report. Improve dnsmasq's behaviour when network interfaces are still doing duplicate address detection (DAD). Previously, dnsmasq would wait up to 20 seconds at start-up for the DAD state to terminate. This is broken for bridge interfaces on recent Linux kernels, which don't start DAD until the bridge comes up, and so can take arbitrary time. The new behaviour lets dnsmasq poll for an arbitrary time whilst providing service on other interfaces. Thanks to Stephen Hemminger for pointing out the problem. version 2.58 Provide a definition of the SA_SIZE macro where it's missing. Fixes build failure on openBSD. Don't include a zero terminator at the end of messages sent to /dev/log when /dev/log is a datagram socket. Thanks to Didier Rabound for spotting the problem. Add --dhcp-sequential-ip flag, to force allocation of IP addresses in ascending order. Note that the default pseudo-random mode is in general better but some server-deployment applications need this. Fix problem where a server-id of 0.0.0.0 is sent to a client when a dhcp-relay is in use if a client renews a lease after dnsmasq restart and before any clients on the subnet get a new lease. Thanks to Mike Ruiz for assistance in chasing this one down. Don't return NXDOMAIN to an AAAA query if we have CNAME which points to an A record only: NODATA is the correct reply in this case. Thanks to Tom Fernandes for spotting the problem. Relax the need to supply a netmask in --dhcp-range for networks which use a DHCP relay. Whilst this is still desirable, in the absence of a netmask dnsmasq will use a default based on the class (A, B, or C) of the address. This should at least remove a cause of mysterious failure for people using RFC1918 addresses and relays. Add support for Linux conntrack connection marking. If enabled with --conntrack, the connection mark for incoming DNS queries will be copied to the outgoing connections used to answer those queries. This allows clever firewall and accounting stuff. Only available if dnsmasq is compiled with HAVE_CONNTRACK and adds a dependency on libnetfilter-conntrack. Thanks to Ed Wildgoose for the initial idea, testing and sponsorship of this function. Provide a sane error message when someone attempts to match a tag in --dhcp-host. Tweak the behaviour of --domain-needed, to avoid problems with recursive nameservers downstream of dnsmasq. The new behaviour only stops A and AAAA queries, and returns NODATA rather than NXDOMAIN replies. Efficiency fix for very large DHCP configurations, thanks to James Gartrell and Mike Ruiz for help with this. Allow the TFTP-server address in --dhcp-boot to be a domain-name which is looked up in /etc/hosts. This can give multiple IP addresses which are used round-robin, thus doing TFTP server load-balancing. Thanks to Sushil Agrawal for the patch. When two tagged dhcp-options for a particular option number are both valid, use the one which is valid without a tag from the dhcp-range. Allows overriding of the value of a DHCP option for a particular host as well as per-network values. So --dhcp-range=set:interface1,...... --dhcp-host=set:myhost,..... --dhcp-option=tag:interface1,option:nis-domain,"domain1" --dhcp-option=tag:myhost,option:nis-domain,"domain2" will set the NIS-domain to domain1 for hosts in the range, but override that to domain2 for a particular host. Fix bug which resulted in truncated files and timeouts for some TFTP transfers. The bug only occurs with netascii transfers and needs an unfortunate relationship between file size, blocksize and the number of newlines in the last block before it manifests itself. Many thanks to Alkis Georgopoulos for spotting the problem and providing a comprehensive test-case. Fix regression in TFTP server on *BSD platforms introduced in version 2.56, due to confusion with sockaddr length. Many thanks to Loic Pefferkorn for finding this. Support scope-ids in IPv6 addresses of nameservers from /etc/resolv.conf and in --server options. Eg nameserver fe80::202:a412:4512:7bbf%eth0 or server=fe80::202:a412:4512:7bbf%eth0. Thanks to Michael Stapelberg for the suggestion. Update Polish translation, thanks to Jan Psota. Update French translation. Thanks to Gildas Le Nadan. version 2.57 Add patches to allow build under Android. Provide our own header for the DNS protocol, rather than relying on arpa/nameser.h. This has proved more or less defective over the years and the final straw is that it's effectively empty on Android. Fix regression in 2.56 which caused hex constants in configuration to be rejected if they contain the '*' wildcard. Correct wrong casts of arguments to ctype.h functions, isdigit(), isxdigit() etc. Thanks to Matthias Andree for spotting this. Allow build with IDN support independently from i18n. IDN support continues to be included automatically when i18n is included. 'make COPTS=-DHAVE_IDN' is the magic incantation. Modify check on extraneous command line junk (added in 2.56) so that it doesn't complain about extra _empty_ arguments. Otherwise this breaks libvirt. version 2.56 Add a patch to allow dnsmasq to get interface names right in a Solaris zone. Thanks to Dj Padzensky for this. Improve data-type parsing heuristics so that --dhcp-option=option:domain-search,. treats the value as a string and not an IP address. Thanks to Clemens Fischer for spotting that. Add IPv6 support to the TFTP server. Many thanks to Jan 'RedBully' Seiffert for the patches. Log DNS queries at level LOG_INFO, rather then LOG_DEBUG. This makes things consistent with DHCP logging. Thanks to Adam Pribyl for spotting the problem. Ensure that dnsmasq terminates cleanly when using --syslog-async even if it cannot make a connection to the syslogd. Add --add-mac option. This is to support currently experimental DNS filtering facilities. Thanks to Benjamin Petrin for the original patch. Fix bug which meant that tags were ignored in dhcp-range configuration specifying PXE-proxy service. Thanks to Cristiano Cumer for spotting this. Raise an error if there is extra junk, not part of an option, on the command line. Flag a couple of log messages in cache.c as coming from the DHCP subsystem. Thanks to Olaf Westrik for the patch. Omit timestamps from logs when a) logging to stderr and b) --keep-in-foreground is set. The logging facility on the other end of stderr can be assumed to supply them. Thanks to John Hallam for the patch. Don't complain about strings longer than 255 characters in --txt-record, just split the long strings into 255 character chunks instead. Fix crash on double-free. This bug can only happen when dhcp-script is in use and then only in rare circumstances triggered by high DHCP transaction rate and a slow script. Thanks to Ferenc Wagner for finding the problem. Only log that a file has been sent by TFTP after the transfer has completed successfully. A good suggestion from Ferenc Wagner: extend the --domain option to allow this sort of thing: --domain=thekelleys.org.uk,192.168.0.0/24,local which automatically creates --local=/thekelleys.org.uk/ --local=/0.168.192.in-addr.arpa/ Tighten up syntax checking of hex constants in the config file. Thanks to Fred Damen for spotting this. Add dnsmasq logo/icon, contributed by Justin Swift. Many thanks for that. Never cache DNS replies which have the 'cd' bit set, or which result from queries forwarded with the 'cd' bit set. The 'cd' bit instructs a DNSSEC validating server upstream to ignore signature failures and return replies anyway. Without this change it's possible to pollute the dnsmasq cache with bad data by making a query with the 'cd' bit set and subsequent queries would return this data without its being marked as suspect. Thanks to Anders Kaseorg for pointing out this problem. Add --proxy-dnssec flag, for compliance with RFC 4035. Dnsmasq will now clear the 'ad' bit in answers returned from upstream validating nameservers unless this option is set. Allow a filename of "-" for --conf-file to read stdin. Suggestion from Timothy Redaelli. Rotate the order of SRV records in replies, to provide round-robin load balancing when all the priorities are equal. Thanks to Peter McKinney for the suggestion. Edit contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist so that it doesn't log all queries to a file by default. Thanks again to Peter McKinney. By default, setting an IPv4 address for a domain but not an IPv6 address causes dnsmasq to return a NODATA reply for IPv6 (or vice-versa). So --address=/google.com/1.2.3.4 stops IPv6 queries for *google.com from being forwarded. Make it possible to override this behaviour by defining the semantics if the same domain appears in both --server and --address. In that case, the --address has priority for the address family in which is appears, but the --server has priority of the address family which doesn't appear in --address So: --address=/google.com/1.2.3.4 --server=/google.com/# will return 1.2.3.4 for IPv4 queries for *.google.com but forward IPv6 queries to the normal upstream nameserver. Similarly when setting an IPv6 address only this will allow forwarding of IPv4 queries. Thanks to William for pointing out the need for this. Allow more than one --dhcp-optsfile and --dhcp-hostsfile and make them understand directories as arguments in the same way as --addn-hosts. Suggestion from John Hanks. Ignore rebinding requests for leases we don't know about. Rebind is broadcast, so we might get to overhear a request meant for another DHCP server. NAKing this is wrong. Thanks to Brad D'Hondt for assistance with this. Fix cosmetic bug which produced strange output when dumping cache statistics with some configurations. Thanks to Fedor Kozhevnikov for spotting this. version 2.55 Fix crash when /etc/ethers is in use. Thanks to Gianluigi Tiesi for finding this. Fix crash in netlink_multicast(). Thanks to Arno Wald for finding this one. Allow the empty domain "." in dhcp domain-search (119) options. version 2.54 There is no version 2.54 to avoid confusion with 2.53, which incorrectly identifies itself as 2.54. version 2.53 Fix failure to compile on Debian/kFreeBSD. Thanks to Axel Beckert and Petr Salinger. Fix code to avoid scary strict-aliasing warnings generated by gcc 4.4. Added FAQ entry warning about DHCP failures with Vista when firewalls block 255.255.255.255. Fixed bug which caused bad things to happen if a resolv.conf file which exists is subsequently removed. Thanks to Nikolai Saoukh for the patch. Rationalised the DHCP tag system. Every configuration item which can set a tag does so by adding "set:" and every configuration item which is conditional on a tag is made so by "tag:". The NOT operator changes to '!', which is a bit more intuitive too. Dhcp-host directives can set more than one tag now. The old '#' NOT, "net:" prefix and no-prefixes are still honoured, so no existing config file needs to be changed, but the documentation and new-style config files should be much less confusing. Added --tag-if to allow boolean operations on tags. This allows complicated logic to be clearer and more general. A great suggestion from Richard Voigt. Add broadcast/unicast information to DHCP logging. Allow --dhcp-broadcast to be unconditional. Fixed incorrect behaviour with NOT conditionals in dhcp-options. Thanks to Max Turkewitz for assistance finding this. If we send vendor-class encapsulated options based on the vendor-class supplied by the client, and no explicit vendor-class option is given, echo back the vendor-class from the client. Fix bug which stopped dnsmasq from matching both a circuitid and a remoteid. Thanks to Ignacio Bravo for finding this. Add --dhcp-proxy, which makes it possible to configure dnsmasq to use a DHCP relay agent as a full proxy, with all DHCP messages passing through the proxy. This is useful if the relay adds extra information to the packets it forwards, but cannot be configured with the RFC 5107 server-override option. Added interface: part to dhcp-range. The semantics of this are very odd at first sight, but it allows a single line of the form dhcp-range=interface:virt0,192.168.0.4,192.168.0.200 to be added to dnsmasq configuration which then supplies DHCP and DNS services to that interface, without affecting what services are supplied to other interfaces and irrespective of the existence or lack of interface= lines elsewhere in the dnsmasq configuration. The idea is that such a line can be added automatically by libvirt or equivalent systems, without disturbing any manual configuration. Similarly to the above, allow --enable-tftp= Allow a TFTP root to be set separately for requests via different interfaces, --tftp-root=, Correctly handle and log clashes between CNAMES and DNS names being given to DHCP leases. This fixes a bug which caused nonsense IP addresses to be logged. Thanks to Sergei Zhirikov for finding and analysing the problem. Tweak flush_log so as to avoid leaving the log file in non-blocking mode. O_NONBLOCK is a property of the file, not the process/descriptor. Fix contrib/Solaris10/create_package (/usr/man -> /usr/share/man) Thanks to Vita Batrla. Fix a problem where, if a client got a lease, then went to another subnet and got another lease, then moved back, it couldn't resume the old lease, but would instead get a new address. Thanks to Leonardo Rodrigues for spotting this and testing the fix. Fix weird bug which sometimes omitted certain characters from the start of quoted strings in dhcp-options. Thanks to Dayton Turner for spotting the problem. Add facility to redirect some domains to the standard upstream servers: this allows something like --server=/google.com/1.2.3.4 --server=/www.google.com/# which will send queries for *.google.com to 1.2.3.4, except *www.google.com which will be forwarded as usual. Thanks to AJ Weber for prompting this addition. Improve the hash-algorithm used to generate IP addresses from MAC addresses during initial DHCP address allocation. This improves performance when large numbers of hosts with similar MAC addresses all try and get an IP address at the same time. Thanks to Paul Smith for his work on this. Tweak DHCP code so that --bridge-interface can be used to select which IP alias of an interface should be used for DHCP purposes on Linux. If eth0 has an alias eth0:dhcp then adding --bridge-interface=eth0:dhcp,eth0 will use the address of eth0:dhcp to determine the correct subnet for DHCP address allocation. Thanks to Pawel Golaszewski for prompting this and Eric Cooper for further testing. Add --dhcp-generate-names. Suggestion by Ferenc Wagner. Tweak DNS server selection algorithm when there is more than one server available for a domain, eg. --server=/mydomain/1.1.1.1 --server=/mydomain/2.2.2.2 Thanks to Alberto Cuesta-Canada for spotting a weakness here. Add --max-ttl. Thanks to Fredrik Ringertz for the patch. Allow --log-facility=- to force all logging to stderr. Suggestion from Clemens Fischer. Fix regression which caused configuration like --address=/.domain.com/1.2.3.4 to be rejected. The dot to the left of the domain has been implied and not required for a long time, but it should be accepted for backward compatibility. Thanks to Andrew Burcin for spotting this. Add --rebind-domain-ok and --rebind-localhost-ok. Suggestion from Clemens Fischer. Log replies to queries of type TXT, when --log-queries is set. Fix compiler warnings when compiled with -DNO_DHCP. Thanks to Shantanu Gadgil for the patch. Updated French translation. Thanks to Gildas Le Nadan. Updated Polish translation. Thanks to Jan Psota. Updated German translation. Thanks to Matthias Andree. Added contrib/static-arp, thanks to Darren Hoo. Fix corruption of the domain when a name from /etc/hosts overrides one supplied by a DHCP client. Thanks to Fedor Kozhevnikov for spotting the problem. Updated Spanish translation. Thanks to Chris Chatham. version 2.52 Work around a Linux kernel bug which insists that the length of the option passed to setsockopt must be at least sizeof(int) bytes, even if we're calling SO_BINDTODEVICE and the device name is "lo". Note that this is fixed in kernel 2.6.31, but the workaround is harmless and allows earlier kernels to be used. Also fix dnsmasq bug which reported the wrong address when this failed. Thanks to Fedor for finding this. The API for IPv6 PKTINFO changed around Linux kernel 2.6.14. Workaround the case where dnsmasq is compiled against newer headers, but then run on an old kernel: necessary for some *WRT distros. Re-read the set of network interfaces when re-loading /etc/resolv.conf if --bind-interfaces is not set. This handles the case that loopback interfaces do not exist when dnsmasq is first started. Tweak the PXE code to support port 4011. This should reduce broadcasts and make things more reliable when other servers are around. It also improves inter-operability with certain clients. Make a pxe-service configuration with no filename or boot service type legal: this does a local boot. eg. pxe-service=x86PC, "Local boot" Be more conservative in detecting "A for A" queries. Dnsmasq checks if the name in a type=A query looks like a dotted-quad IP address and answers the query itself if so, rather than forwarding it. Previously dnsmasq relied in the library function inet_addr() to convert addresses, and that will accept some things which are confusing in this context, like 1.2.3 or even just 1234. Now we only do A for A processing for four decimal numbers delimited by dots. A couple of tweaks to fix compilation on Solaris. Thanks to Joel Macklow for help with this. Another Solaris compilation tweak, needed for Solaris 2009.06. Thanks to Lee Essen for that. Added extract packaging stuff from Lee Essen to contrib/Solaris10. Increased the default limit on number of leases to 1000 (from 150). This is mainly a defence against DoS attacks, and for the average "one for two class C networks" installation, IP address exhaustion does that just as well. Making the limit greater than the number of IP addresses available in such an installation removes a surprise which otherwise can catch people out. Removed extraneous trailing space in the value of the DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and DNSMASQ_LEASE_EXPIRES environment variables. Thanks to Gildas Le Nadan for spotting this. Provide the network-id tags for a DHCP transaction to the lease-change script in the environment variable DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan. Add support for RFC3925 "Vendor-Identifying Vendor Options". The syntax looks like this: --dhcp-option=vi-encap:, ......... Add support to --dhcp-match to allow matching against RFC3925 "Vendor-Identifying Vendor Classes". The syntax looks like this: --dhcp-match=tag,vi-encap, Add some application specific code to assist in implementing the Broadband forum TR069 CPE-WAN specification. The details are in contrib/CPE-WAN/README Increase the default DNS packet size limit to 4096, as recommended by RFC5625 section 4.4.3. This can be reconfigured using --edns-packet-max if needed. Thanks to Francis Dupont for pointing this out. Rewrite query-ids even for TSIG signed packets, since this is allowed by RFC5625 section 4.5. Use getopt_long by default on OS X. It has been supported since version 10.3.0. Thanks to Arek Dreyer for spotting this. Added up-to-date startup configuration for MacOSX/launchd in contrib/MacOSX-launchd. Thanks to Arek Dreyer for providing this. Fix link error when including Dbus but excluding DHCP. Thanks to Oschtan for the bug report. Updated French translation. Thanks to Gildas Le Nadan. Updated Polish translation. Thanks to Jan Psota. Updated Spanish translation. Thanks to Chris Chatham. Fixed confusion about domains, when looking up DHCP hosts in /etc/hosts. This could cause spurious "Ignoring domain..." messages. Thanks to Fedor Kozhevnikov for finding and analysing the problem. version 2.51 Add support for internationalised DNS. Non-ASCII characters in domain names found in /etc/hosts, /etc/ethers and /etc/dnsmasq.conf will be correctly handled by translation to punycode, as specified in RFC3490. This function is only available if dnsmasq is compiled with internationalisation support, and adds a dependency on GNU libidn. Without i18n support, dnsmasq continues to be compilable with just standard tools. Thanks to Yves Dorfsman for the suggestion. Add two more environment variables for lease-change scripts: First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname supplied by a client, even if the actual hostname used is over-ridden by dhcp-host or dhcp-ignore-names directives. Also DNSMASQ_RELAY_ADDRESS which gives the address of a DHCP relay, if used. Suggestions from Michael Rack. Fix regression which broke echo of relay-agent options. Thanks to Michael Rack for spotting this. Don't treat option 67 as being interchangeable with dhcp-boot parameters if it's specified as dhcp-option-force. Make the code to call scripts on lease-change compile-time optional. It can be switched off by editing src/config.h or building with "make COPTS=-DNO_SCRIPT". Make the TFTP server cope with filenames from Windows/DOS which use '\' as pathname separator. Thanks to Ralf for the patch. Updated Polish translation. Thanks to Jan Psota. Warn if an IP address is duplicated in /etc/ethers. Thanks to Felix Schwarz for pointing this out. Teach --conf-dir to take an option list of file suffices which will be ignored when scanning the directory. Useful for backup files etc. Thanks to Helmut Hullen for the suggestion. Add new DHCP option named tftpserver-address, which corresponds to the third argument of dhcp-boot. This allows the complete functionality of dhcp-boot to be replicated with dhcp-option. Useful when using dhcp-optsfile. Test which upstream nameserver to use every 10 seconds or 50 queries and not just when a query times out and is retried. This should improve performance when there is a slow nameserver in the list. Thanks to Joe for the suggestion. Don't do any PXE processing, even for clients with the correct vendorclass, unless at least one pxe-prompt or pxe-service option is given. This stops dnsmasq interfering with proxy PXE subsystems when it is just the DHCP server. Thanks to Spencer Clark for spotting this. Limit the blocksize used for TFTP transfers to a value which avoids packet fragmentation, based on the MTU of the local interface. Many netboot ROMs can't cope with fragmented packets. Honour dhcp-ignore configuration for PXE and proxy-PXE requests. Thanks to Niels Basjes for the bug report. Updated French translation. Thanks to Gildas Le Nadan. version 2.50 Fix security problem which allowed any host permitted to do TFTP to possibly compromise dnsmasq by remote buffer overflow when TFTP enabled. Thanks to Core Security Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and Pablo Annetta. This problem has Bugtraq id: 36121 and CVE: 2009-2957 Fix a problem which allowed a malicious TFTP client to crash dnsmasq. Thanks to Steve Grubb at Red Hat for spotting this. This problem has Bugtraq id: 36120 and CVE: 2009-2958 version 2.49 Fix regression in 2.48 which disables the lease-change script. Thanks to Jose Luis Duran for spotting this. Log TFTP "file not found" errors. These were not logged, since a normal PXELinux boot generates many of them, but the lack of the messages seems to be more confusing than routinely seeing them when there is no real error. Update Spanish translation. Thanks to Chris Chatham. version 2.48 Archived the extensive, backwards, changelog to CHANGELOG.archive. The current changelog now runs from version 2.43 and runs conventionally. Fixed bug which broke binding of servers to physical interfaces when interface names were longer than four characters. Thanks to MURASE Katsunori for the patch. Fixed netlink code to check that messages come from the correct source, and not another userspace process. Thanks to Steve Grubb for the patch. Maintainability drive: removed bug and missing feature workarounds for some old platforms. Solaris 9, OpenBSD older than 4.1, Glibc older than 2.2, Linux 2.2.x and DBus older than 1.1.x are no longer supported. Don't read included configuration files more than once: allows complex configuration structures without problems. Mark log messages from the various subsystems in dnsmasq: messages from the DHCP subsystem now have the ident string "dnsmasq-dhcp" and messages from TFTP have ident "dnsmasq-tftp". Thanks to Olaf Westrik for the patch. Fix possible infinite DHCP protocol loop when an IP address nailed to a hostname (not a MAC address) and a host sometimes provides the name, sometimes not. Allow --addn-hosts to take a directory: all the files in the directory are read. Thanks to Phil Cornelius for the suggestion. Support --bridge-interface on all platforms, not just BSD. Added support for advanced PXE functions. It's now possible to define a prompt and menu options which will be displayed when a client PXE boots. It's also possible to hand-off booting to other boot servers. Proxy-DHCP, where dnsmasq just supplies the PXE information and another DHCP server does address allocation, is also allowed. See the --pxe-prompt and --pxe-service keywords. Thanks to Alkis Georgopoulos for the suggestion and Guilherme Moro and Michael Brown for assistance. Improvements to DHCP logging. Thanks to Tom Metro for useful suggestions. Add ability to build dnsmasq without DHCP support. To do this, edit src/config.h or build with "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch. Added --test command-line switch - syntax check configuration files only. Updated French translation. Thanks to Gildas Le Nadan. version 2.47 Updated French translation. Thanks to Gildas Le Nadan. Fixed interface enumeration code to work on NetBSD 5.0. Thanks to Roy Marples for the patch. Updated config.h to use the same location for the lease file on NetBSD as the other *BSD variants. Also allow LEASEFILE and CONFFILE symbols to be overridden in CFLAGS. Handle duplicate address detection on IPv6 more intelligently. In IPv6, an interface can have an address which is not usable, because it is still undergoing DAD (such addresses are marked "tentative"). Attempting to bind to an address in this state returns an error, EADDRNOTAVAIL. Previously, on getting such an error, dnsmasq would silently abandon the address, and never listen on it. Now, it retries once per second for 20 seconds before generating a fatal error. 20 seconds should be long enough for any DAD process to complete, but can be adjusted in src/config.h if necessary. Thanks to Martin Krafft for the bug report. Add DBus introspection. Patch from Jeremy Laine. Update Dbus configuration file. Patch from Colin Walters. Fix for this bug: http://bugs.freedesktop.org/show_bug.cgi?id=18961 Support arbitrarily encapsulated DHCP options, suggestion and initial patch from Samium Gromoff. This is useful for (eg) iPXE, which expect all its private options to be encapsulated inside a single option 175. So, eg, dhcp-option = encap:175, 190, "iscsi-client0" dhcp-option = encap:175, 191, "iscsi-client0-secret" will provide iSCSI parameters to iPXE. Enhance --dhcp-match to allow testing of the contents of a client-sent option, as well as its presence. This application in mind for this is RFC 4578 client-architecture specifiers, but it's generally useful. Joey Korkames suggested the enhancement. Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on OpenSolaris. Thanks to Bastian Machek for the heads-up. No longer complain about blank lines in /etc/ethers. Thanks to Jon Nelson for the patch. Fix binding of servers to physical devices, eg --server=/domain/1.2.3.4@eth0 which was broken from 2.43 onwards unless --query-port=0 set. Thanks to Peter Naulls for the bug report. Reply to DHCPINFORM requests even when the supplied ciaddr doesn't fall in any dhcp-range. In this case it's not possible to supply a complete configuration, but individually-configured options (eg PAC) may be useful. Allow the source address of an alias to be a range: --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255, as before. --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 maps only the 192.168.0.10->192.168.0.40 region. Thanks to Ib Uhrskov for the suggestion. Don't dynamically allocate DHCP addresses which may break Windows. Addresses which end in .255 or .0 are broken in Windows even when using supernetting. --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means 192.168.0.255 is a valid IP address, but not for Windows. See Microsoft KB281579. We therefore no longer allocate these addresses to avoid hard-to-diagnose problems. Update Polish translation. Thanks to Jan Psota. Delete the PID-file when dnsmasq shuts down. Note that by this time, dnsmasq is normally not running as root, so this will fail if the PID-file is stored in a root-owned directory; such failure is silently ignored. To take advantage of this feature, the PID-file must be stored in a directory owned and write-able by the user running dnsmasq. version 2.46 Allow --bootp-dynamic to take a netid tag, so that it may be selectively enabled. Thanks to Olaf Westrik for the suggestion. Remove ISC-leasefile reading code. This has been deprecated for a long time, and last time I removed it, it ended up going back by request of one user. This time, it's gone for good; otherwise it would need to be re-worked to support multiple domains (see below). Support DHCP clients in multiple DNS domains. This is a long-standing request. Clients are assigned to a domain based in their IP address. Add --dhcp-fqdn flag, which changes behaviour if DNS names assigned to DHCP clients. When this is set, there must be a domain associated with each client, and only fully-qualified domain names are added to the DNS. The advantage is that the only the FQDN needs to be unique, so that two or more DHCP clients can share a hostname, as long as they are in different domains. Set environment variable DNSMASQ_DOMAIN when invoking lease-change script. This may be useful information to have now that it's variable. Tighten up data-checking code for DNS packet handling. Thanks to Steve Dodd who found certain illegal packets which could crash dnsmasq. No memory overwrite was possible, so this is not a security issue beyond the DoS potential. Update example config dhcp option 47, the previous suggestion generated an illegal, zero-length, option. Thanks to Matthias Andree for finding this. Rewrite hosts-file reading code to remove the limit of 1024 characters per line. John C Meuser found this. Create a net-id tag with the name of the interface on which the DHCP request was received. Fixed minor memory leak in DBus code, thanks to Jeremy Laine for the patch. Emit DBus signals as the DHCP lease database changes. Thanks to Jeremy Laine for the patch. Allow for more that one MAC address in a dhcp-host line. This configuration tells dnsmasq that it's OK to abandon a DHCP lease of the fixed address to one MAC address, if another MAC address in the dhcp-host statement asks for an address. This is useful to give a fixed address to a host which has two network interfaces (say, a laptop with wired and wireless interfaces.) It's very important to ensure that only one interface at a time is up, since dnsmasq abandons the first lease and re-uses the address before the leased time has elapsed. John Gray suggested this. Tweak the response to a DHCP request packet with a wrong server-id when --dhcp-authoritative is set; dnsmasq now returns a DHCPNAK, rather than silently ignoring the packet. Thanks to Chris Marget for spotting this improvement. Add --cname option. This provides a limited alias function, usable for DHCP names. Thanks to AJ Weber for suggestions on this. Updated contrib/webmin with latest version from Neil Fisher. Updated Polish translation. Thanks to Jan Psota. Correct the text names for DHCP options 64 and 65 to be "nis+-domain" and "nis+-servers". Updated Spanish translation. Thanks to Chris Chatham. Force re-reading of /etc/resolv.conf when an "interface up" event occurs. version 2.45 Fix total DNS failure in release 2.44 unless --min-port specified. Thanks to Steven Barth and Grant Coady for bugreport. Also reject out-of-range port spec, which could break things too: suggestion from Gilles Espinasse. version 2.44 Fix crash when unknown client attempts to renew a DHCP lease, problem introduced in version 2.43. Thanks to Carlos Carvalho for help chasing this down. Fix potential crash when a host which doesn't have a lease does DHCPINFORM. Again introduced in 2.43. This bug has never been reported in the wild. Fix crash in netlink code introduced in 2.43. Thanks to Jean Wolter for finding this. Change implementation of min_port to work even if min-port is large. Patch to enable compilation of latest Mac OS X. Thanks to David Gilman. Update Spanish translation. Thanks to Christopher Chatham. version 2.43 Updated Polish translation. Thanks to Jan Psota. Flag errors when configuration options are repeated illegally. Further tweaks for GNU/kFreeBSD Add --no-wrap to msgmerge call - provides nicer .po file format. Honour lease-time spec in dhcp-host lines even for BOOTP. The user is assumed to known what they are doing in this case. (Hosts without the time spec still get infinite leases for BOOTP, over-riding the default in the dhcp-range.) Thanks to Peter Katzmann for uncovering this. Fix problem matching relay-agent ids. Thanks to Michael Rack for the bug report. Add --naptr-record option. Suggestion from Johan Bergquist. Implement RFC 5107 server-id-override DHCP relay agent option. Apply patches from Stefan Kruger for compilation on Solaris 10 under Sun studio. Yet more tweaking of Linux capability code, to suppress pointless wingeing from kernel 2.6.25 and above. Improve error checking during startup. Previously, some errors which occurred during startup would be worked around, with dnsmasq still starting up. Some were logged, some silent. Now, they all cause a fatal error and dnsmasq terminates with a non-zero exit code. The errors are those associated with changing uid and gid, setting process capabilities and writing the pidfile. Thanks to Uwe Gansert and the Suse security team for pointing out this improvement, and Bill Reimers for good implementation suggestions. Provide NO_LARGEFILE compile option to switch off largefile support when compiling against versions of uclibc which don't support it. Thanks to Stephane Billiart for the patch. Implement random source ports for interactions with upstream nameservers. New spoofing attacks have been found against nameservers which do not do this, though it is not clear if dnsmasq is vulnerable, since to doesn't implement recursion. By default dnsmasq will now use a different source port (and socket) for each query it sends upstream. This behaviour can suppressed using the --query-port option, and the old default behaviour restored using --query-port=0. Explicit source-port specifications in --server configs are still honoured. Replace the random number generator, for better security. On most BSD systems, dnsmasq uses the arc4random() RNG, which is secure, but on other platforms, it relied on the C-library RNG, which may be guessable and therefore allow spoofing. This release replaces the libc RNG with the SURF RNG, from Daniel J. Berstein's DJBDNS package. Don't attempt to change user or group or set capabilities if dnsmasq is run as a non-root user. Without this, the change from soft to hard errors when these fail causes problems for non-root daemons listening on high ports. Thanks to Patrick McLean for spotting this. Updated French translation. Thanks to Gildas Le Nadan. version 2.42 The changelog for version 2.42 and earlier is available in CHANGELOG.archive. dnsmasq-2.80.orig/CHANGELOG.archive0000664000000000000000000031503313350032235013573 0ustar release 0.4 - initial public release release 0.5 - added caching, removed compiler warning on linux PPC release 0.6 - TCP handling: close socket and return to connect state if we can't read the first byte. This corrects a problem seen very occasionally where dnsmasq would loop using all available CPU. Added a patch from Cris Bailiff to set SO_REUSEADDR on the tcp socket which stops problems when dnsmasq is restarted and old connections still exist. Stopped claiming in doc.html that smail is the default Debian mailer, since it isn't any longer. (Pointed out by David Karlin ) release 0.7 Create a pidfile at /var/run/dnsmasq.pid Extensive armouring against "poison packets" courtesy of Thomas Moestl Set sockaddr.sa_family on outgoing address, patch from David Symonds Patch to clear cache on SIGHUP from Jason L. Wagner Fix bad bug resulting from not initialising value-result address-length parameter to recvfrom() and accept() - it worked by luck before! release 0.95 Major rewrite: remove calls to gethostbyname() and talk directly to the upstream server(s) instead. This has many advantages. (1) Dnsmasq no longer blocks during long lookups. (2) All query types are handled now, (eg MX) not just internet address queries. Addresses are cached, all other queries are forwarded directly. (3) Time-to-live data from upstream server is read and used by dnsmasq to purge entries from the cache. (4) /etc/hosts is still read and its contents served (unless the -h option is given). (5) Dnsmasq can get its upstream servers from a file other than /etc/resolv.conf (-r option) this allows dnsmasq to serve names to the machine it is running on (put nameserver 127.0.0.1 in /etc/resolv.conf and give dnsmasq the option -r /etc/resolv.dnsmasq) (6) Dnsmasq will re-read its servers if the modification time of resolv.conf changes. Along with 4 above this allows nameservers to be set automatically by ppp or dhcp. A really clever NAT-like technique allows the daemon to have lots of queries in progress, but still remain very lightweight. Dnsmasq has a small footprint and normally doesn't allocate any more memory after start-up. The NAT-like forwarding was inspired by a suggestion from Eli Chen release 0.96 Fixed embarrassing thinko in cache linked-list code. release 0.98 Some enhancements and bug-fixes. Thanks to "Denis Carre" and Martin Otte (1) Dnsmasq now always sets the IP source address of its replies correctly. Older versions would not always do this on multi-homed and IP aliased hosts, which violates the RFC. (2) Dnsmasq no longer crashes if a server loop is created (ie dnsmasq is told to use itself as an upstream server.) Now it just logs the problem and doesn't use the bad server address. (3) Dnsmasq should now forward (but not cache) inverse queries and server status queries; this feature has not been tested. (4) Don't write the pid file when in non-daemon mode. (5) Create the pid file mode 644, rather then 666 (!). (6) Generate queries to upstream nameservers with unpredictable ids, to thwart DNS spoofers. (7) Dnsmasq no longer forwards queries when the "recursion desired" bit is not set in the header. (8) Fixed getopt code to work on compilers with unsigned char. release 0.991 Added -b flag: when set causes dnsmasq to always answer reverse queries on the RFC 1918 private IP space itself and never forward them to an upstream server. If the name is not in /etc/hosts, dnsmasq replies with the dotted-quad address. Fixed a bug which stopped dnsmasq working on a box with two or more interfaces with the same IP address. Fixed caching of CNAMEs. Previously, a CNAME which pointed to a name with many A records would not have all the addresses returned when being answered from the cache. Thanks to "Steve Hardy" for his input on these fixes. Fixed race which could cause dnsmasq to miss the second of two closely-spaced updates of resolv.conf (Thanks to Eli Chen for pointing this out.) Fixed a bug which could cause dnsmasq to fail to cache some dns names. release 0.992 Small change to memory allocation so that names in /etc/hosts don't use cache slots. Also make "-c 0" flag meaningfully disable caching completely. release 0.993 Return only the first (canonical) name from an entry in /etc/hosts as reply to reverse query. Handle wildcard queries for names/addresses in /etc/hosts this is mainly to allow reverse lookups by dig to succeed. (Bug reported by Simon J. Rowe" ) Subtle change to the logic which selects which of multiple upstream servers we send queries to. This fixes a problem where dnsmasq continuously sends queries to a server which is returning error codes and ignores one which is working. release 0.994 Fixed bug which broke lookup of names in /etc/hosts which have upper-case letters in them. Thanks for Joao Clemente for spotting that one. Output cache statistics on receipt of SIGUSR1. These go to syslog except in debug (-d) mode, when a complete cache dump goes to stdout. Suggestion from Joao Clemente, code based in John Volpe's. Accept GNU long options on the command line. Code from John Volpe for this. Split source code into multiple files and produced a proper makefile. Included code from John Volpe to parse dhcp.leases file written by ISC dhcpd. The hostnames in the leases file are added to the cache and updated as dhcpd updates the leases file. The code has been heavily re-worked by me, so any bugs are probably mine. release 0.995 Small tidy-ups to signal handling and cache code. release 0.996 Added negative caching: If dnsmasq gets a "no such domain" reply from an upstream nameserver, it will cache that information for a time specified by the SOA RR in the reply. See RFC 2308 for details. This is useful with resolver libraries which append assorted suffices to non-FQDN in an attempt to resolve them, causing useless cache misses. Added -i flag, which restricts dnsmasq to offering name service only on specified interfaces. release 0.997 Deleted INSTALL script and added "install" target to makefile. Stopped distributing binaries in the tarball to avoid libc version clashes. Fixed interface detection code to remove spurious startup errors in rare circumstances. Dnsmasq now changes its uid, irrevocably, to nobody after startup for security reasons. Thanks to Peter Bailey for this patch. Cope with infinite DHCP leases. Patch thanks to Yaacov Akiba Slama. Added rpm control files to .tar.gz distribution. Thanks to Peter Baldwin at ClarkConnect for those. Improved startup script for rpms. Thanks to Yaacov Akiba Slama. release 1.0 Stable release: dnsmasq is now considered feature-complete and stable. release 1.1 Added --user argument to allow user to change to a different userid. Added --mx-target argument to allow mail to be delivered away from the gateway machine running dnsmasq. Fixed highly obscure bug with wildcard queries for DHCP lease derived names. Moved manpage from section 1 to section 8. Added --no-poll option. Added Suse-rpm support. Thanks to Joerg Mayer for the last two. release 1.2 Added IPv6 DNS record support. AAAA records are cached and read from /etc/hosts. Reverse-lookups in the ip6.int and ip6.arpa domains are supported. Dnsmasq can talk to upstream servers via IPv6 if it finds IP6 addresses in /etc/resolv.conf and it offers DNS service automatically if IPv6 support is present in the kernel. Extended negative caching to NODATA replies. Re-vamped CNAME processing to cope with RFC 2317's use of CNAMES to PTR RRs in CIDR. Added config.h and a couple of symbols to aid compilation on non-linux systems. release 1.3 Some versions of the Linux kernel return EINVAL rather then ENPROTONOSUPPORT when IPv6 is not available, causing dnsmasq to bomb out. This release fixes that. Thanks to Steve Davis for pointing this one out. Trivial change to startup logic so that dnsmasq logs its stuff and reads config files straight away on starting, rather than after the first query - principle of least surprise applies here. release 1.4 Fix a bug with DHCP lease parsing which broke in non-UTC timezones. Thanks to Mark Wormgoor for spotting and diagnosing this. Fixed versions in the .spec files this time. Fixed bug in Suse startup script. Thanks to Didi Niklaus for pointing this out. release 1.5 Added --filterwin2k option which stops dnsmasq from forwarding "spam" queries from win2k boxes. This is useful to stop spurious connections over dial-on-demand links. Thanks to Steve Hardy for this code. Clear "truncated" bit in replies we return from upstream. This stops resolvers from switching to TCP, which is pointless since dnsmasq doesn't support TCP. This should solve problems in resolving hotmail.com domains. Don't include getopt.h when Gnu-long-options are disabled - hopefully this will allow compilation on FreeBSD. Added the --listen-address and --pid-file flags. Fixed a bug which caused old entries in the DHCP leases file to be used in preference to current ones under certain circumstances. release 1.6 If a machine gets named via DHCP and the DHCP name doesn't have a domain part and domain suffix is set using the -s flag, then that machine has two names with the same address, with and without the domain suffix. When doing a _reverse_ lookup to get the name, the "without suffix" name used to be returned, now the "with suffix" one gets returned instead. This change suggested by Arnold Schulz. Fixed assorted typos in the documentation. Thanks to David Kimdon. Subtle rearrangement to the downloadable tarball, and stopped distributing .debs, since dnsmasq is now an official Debian package. release 1.7 Fix a problem with cache not clearing properly on receipt of SIGHUP. Bug spotted by Sat Deshpande. In group-id changing code: 1) Drop supplementary groups. 2) Change gid before dropping root (patch from Soewono Effendi.) 3) Change group to "dip" if it exists, to allow access to /etc/ppp/resolv.conf (suggestion from Jorg Sommer.) Update docs to reflect above changes. Other documentation changes from David Miller. Added suggested script fragment for dhcpcd.exe. release 1.8 Fix unsafe use of tolower() macro - allows linking against ulibc. (Patches from Soewono Effendi and Bjorn Andersson.) Fix typo in usage string. Added advice about RedHat PPP configuration to documentation. (Thanks to C. Lee Taylor.) Patches to fix problems on BSD systems from Marc Huber and Can Erkin Acar. These add the options HAVE_ARC4RANDOM and HAVE_SOCKADDR_SA_LEN to config.h. Elaborated config.h - should really use autoconf. Fix time-to-live calculation when chasing CNAMEs. Fix use-after-free and missing initialisation bugs in the cache code. (Thanks to Marc Huber.) Builds on Solaris 9. (Thanks to Marc Huber.) release 1.9 Fixes to rpm .spec files. Don't put expired DHCP entries into the cache only to throw them away again. Put dnsmasq on a severe memory diet: this reduces both the amount of heap space used and the stack size required. The difference is not really visible with bloated libcs like glibc, but should dramatically reduce memory requirements when linked against ulibc for use on embedded routers, and that's the point really. Thanks to Matthew Natalier for prompting this. Changed debug mode (-d) so that all logging appears on stderr as well as going to syslogd. Added HAVE_IPV6 config symbol to allow compilation against a libc which doesn't have IPv6 support. Added a facility to log all queries, enabled with -q flag. Fixed packet size checking bug in address extraction code. Halved default cache size - 300 was way OTT in typical use. Added self-MX function, enabled by -e flag. Thanks to Lyonel Vincent for the patch. Added HAVE_FORK config symbol and stuff to support uClinux. Thanks to Matthew Natalier for uClinux stuff. release 1.10 Log warnings if resolv.conf or dhcp.leases are not accessible for any reason, as suggested by Hinrich Eilts. Fixed wrong address printing in error message about no interface with address. Updated docs and split installation instructions into setup.html. Fix bug in CNAME chasing code: One CNAME pointing to many A records would lose A records after the first. This bug was introduced in version 1.9. Log startup failures at level Critical as well as printing them to standard error. Exit with return code 1 when given bad options. Cleaned up code for no-cache operation. Added -o option which forces dnsmasq to use to upstream servers in the order they appear in /etc/resolv.conf. Added upstream server use logging. Log full cache dump on receipt of SIGUSR1 when query logging is enabled (-q switch). Added -S option to directly specify upstream servers and added ability to direct queries for specific domains to specific servers. Suggested by Jens Vonderheide. Upgraded random ID generation - patch from Rob Funk. Fixed reading of domains in arguments with capital letters or trailing periods. Fixed potential SEGV when given bad options. Read options from /etc/dnsmasq.conf if it exists. Do sensible things with missing parameters, eg "--resolv-file=" turns off reading /etc/resolv.conf. release 1.11 Actually implement the -R flag promised in the 1.10 man page. Improve and rationalise the return codes in answers to queries. In the case that there are no available upstream servers to forward a query to, return REFUSED. This makes sendmail work better on modem connected systems when the modem link is down (Thanks to Roger Plant). Cache and return the NXDOMAIN status of failed queries: this makes the `host` command work when traversing search paths (Thanks to Peter Bailey). Set the "authoritative" bit in replies containing names from /etc/hosts or DHCP. Tolerate MS-DOS style line ending codes in /etc/hosts and /etc/resolv.conf, for people who copy from winsock installations. Allow specification of more than one resolv.conf file. This is intended for laptops which connect via DHCP or PPP. Whichever resolv.conf was updated last is used. Allow -S flags which specify a domain but no server address. This gives local domains which are never forwarded. Add -E flag to automatically add the domain suffix to names in /etc/hosts -suggestion from Phil Harman. Always return a zero time-to-live for names derived from DHCP which stops anything else caching these names. Previously the TTL was derived from the lease time but that is incorrect since a lease can be given up early: dnsmasq would know this but anything with the name cached with long TTL would not be updated. Extended HAVE_IPV6 config flag to allow compilation on old systems which don't have modern library routines like inet_ntop(). Thanks to Phil Harman for the patch. release 1.12 Allow more than one domain in server config lines and make "local" a synonym for "server". This makes things like "local=/localnet/thekelleys.org.uk/" legal. Allow port to specified as part of server address. Allow whole domains to have an IP address specified in /etc/dnsmasq.conf. (/etc/hosts doesn't work domains). address=/doubleclick.net/127.0.0.1 should catch all those nasty banner ads. Inspired by a patch from Daniel Gryniewicz Log the source of each query when logging switched on. Fix bug in script fragment for dhcpcd - thanks to Barry Stewart. Fix bug which meant that strict-order and self-mx were always enabled. Builds with Linux libc5 now - for the Freesco project. Fixed Makefile installation script (patch from Silvan Minghetti) and added CC and CFLAGS variables. Improve resource allocation to reduce vulnerability to DOS attacks - the old version could have all queries blocked by a continuous high-speed stream of queries. Now some queries will succeed, and the excess will be rejected with a server fail error. This change also protects against server-loops; setting up a resolving loop between two instances of dnsmasq is no longer catastrophic. The servers will continue to run, looped queries fail and a warning is logged. Thanks to C. Lee Taylor for help with this. release 1.13 Added support for building rpms suitable for modern Suse systems. (patch from Andi ) Added options --group, --localmx, --local-ttl, --no-negcache, --addn-host. Moved all the various rpm-building bits into /rpm. Fix builds with glibc 2.1 (thanks to Cristian Ionescu-Idbohrn) Preserve case in domain names, as per RFC1035. Fixed ANY queries to domains with --address specification. Fixed FreeBSD build. (thanks to Steven Honson) Added -Q option which allows a specified port to be used to talk to upstream servers. Useful for people who want very paranoid firewalls which open individual UDP port. (thanks to David Coe for the patch) release 1.14 Fixed man page description of -b option which confused /etc/hosts with /etc/resolv.conf. (thanks to Christopher Weimann) Fixed config.h to allow building under MACOS X and glibc 2.0.x. (thanks to Matthew Gregan and Serge Caron) Added --except-interface option. (Suggested by Serge Caron) Added SIGUSR2 facility to re-scan for new interfaces. (Suggested by Serge Caron) Fixed SEGV in option-reading code for invalid options. (Thanks to Klaas Teschauer) Fixed man page to clarify effect of SIGUSR1 on /etc/resolv.conf. (Thanks to Klaas Teschauer) Check that received queries have only rfc1035-legal characters in them. This check is mainly to avoid bad strings being sent to syslog. Fixed &&/& confusion in option.c and added DESTDIR variable for "make install" (Thanks to Osvaldo Marques for the patch.) Fixed /etc/hosts parsing code to cope with MS-DOS line-ends in the file. This was supposed to be done in version 1.11, but something got missed. (Thanks to Doug Copestake for helping to find this.) Squash repeated name/address pairs read from hosts files. Tidied up resource handling in util.c (Thanks to Cristian Ionescu-Idbohrn). Added hashed searching of domain names. People are starting to use dnsmasq with larger loads now, and bigger caches, and large lists of ad-block addresses. This means doing linear searches can start to use lots of CPU so I added hashed searching and seriously optimised the cache code for algorithmic efficiency. Also upped the limit on cache size to 10000. Fixed logging of the source of names from the additional hosts file and from the "bogus private address" option. Fixed spurious re-reading of empty lease files. (Thanks to Lewis Baughman for spotting this.) Fixed building under uclibc (patch from Cristian Ionescu-Idbohrn) Do some socket tweaking to allow dnsmasq to co-exist with BIND. Thanks to Stefan 'Sec' Zehl for the patch. release 1.15 Added --bogus-nxdomain option. Restrict checking of resolv.conf and DHCP leases files to once per second. This is intended to improve performance under heavy loads. Also make a system call to get the current time once per query, rather than four times. Increased number of outstanding queries to 150 in config.h release 1.16 Allow "/" characters in domain names - this fixes caching of RFC 2317 CNAME-PTR records. Fixed brain-fart in -B option when GETOPT_LONG not enabled - thanks to Steven Young and Jason Miller for pointing this out. Generalised bogus-nxdomain code: allow more than one address to check, and deal with replies with multiple answer records. (Based on contribution from Humberto Massa.) Updated the documentation to include information about bogus-nxdomain and the Verisign tragedy. Added libraries needed on Solaris to Makefile. Added facility to set source address in queries to upstream nameservers. This is useful with multihomed hosts, especially when using VPNs. Thanks to Tom Fanning for suggesting this feature. Tweaked logging: log to facility LOCAL0 when in debug/no-daemon mode and changed level of query logging from INFO to DEBUG. Make log options controllable in config.h release 1.17 Fixed crash with DHCP hostnames > 40 characters. Fixed name-comparison routines to not depend on Locale, in theory this versions since 1.15 could lock up or give wrong results when run with locale != 'C'. Fix potential lockup in cache code. (thanks to Henning Glawe for help chasing this down.) Made lease-file reader bullet-proof. Added -D option, suggested by Peter Fichtner. release 1.18 Added round-robin DNS for names which have more than one address. In this case all the addresses will be returned, as before, but the order will change on each query. Remove stray tolower() and isalnum() calls missed in last release to complete LOCALE independence. Allow port numbers in source-address specifications. For hostnames without a domain part which don't get forwarded because -D is in effect, return NXDOMAIN not an empty reply. Add code to return the software version in response to the correct magic query in the same way as BIND. Use "dig version.bind chaos txt" to make the query. Added negative caching for PTR (address to name) records. Ensure that names of the form typically used in PTR queries (ie w.x.yz.in-addr.arpa and IPv6 equivalents) get correct answers when queried as other types. It's unlikely that anyone would do this, but the change makes things pedantically correct. Taught dnsmasq to understand "bitstring" names, as these are used for PTR lookups of IPv6 addresses by some resolvers and lookup tools. Dnsmasq now understands both the ip6.int domain and the ip6.arpa domain and both nibble and bitstring formats so it should work with any client code. Standards for this stuff have flip-flopped over the last few years, leaving many different clients in their wake. See RFC2673 for details of bitstrings. Allow '_' characters in domain names: Legal characters are now [a-z][A-Z].-_ Check names read from hosts files and leases files and reject illegal ones with a message in syslog. Make empty domain names in server and address options have the special meaning "unqualified names". (unqualified names are names without any dots in them). It's now possible to do server=//1.2.3.4 and have unqualified names sent to a special nameserver. release 2.0rc1 Moved source code into src/ directory. Fixes to cure compilation breakage when HAVE_IPV6 not set, thanks to Claas Hilbrecht. BIG CHANGE: added an integrated DHCP server and removed the code to read ISC dhcp.leases. This wins in terms of ease of setup and configuration flexibility and total machine resources consumed. Re-jiged the signal handling code to remove a race condition and to be more portable. release 2.0 Thanks to David Ashworth for feedback which informed many of the fixes below. Allow hosts to be specified by client ID in dhcp-hosts options. These are now one of dhcp-host=,.... dhcp-host=id:,..... dhcp-host=id:,..... Allow dhcp-host options to specify any IP address on the DHCP-served network, not just the range available for dynamic allocation. Allow dhcp-host options for the same host with different IP addresses where the correct one will be selected for the network the host appears on. Fix parsing of --dhcp-option to allow more than one IP address and to allow text-type options. Inhibit use of --dhcp-option to send hostname DHCP options. Update the DNS with DHCP information after re-reading /etc/hosts so that any DHCP derived names which have been shadowed by now-deleted hosts entries become visible. Fix typos in dnsmasq.conf.example Fixes to Makefile(s) to help pkgsrc packaging - patch from "pancake". Add dhcp-boot option to support network boot. Check for duplicate IP addresses in dhcp-hosts lines and refuse to run if found. If allowed to remain these can provoke an infinite loop in the DHCP protocol. Attempted to rationalise the .spec files for rpm building. There are now files for Redhat, Suse and Mandrake. I hope they work OK. Fixed hard-to-reproduce crash involving use of local domains and IPv6 queries. Thanks to Roy Marples for helping to track that one down. release 2.1 Thanks to Matt Swift and Dag Wieers for many suggestions which went into this release. Tweak include files to allow compilation on FreeBSD 5 Fix unaligned access warnings on BSD/Alpha. Allow empty DHCP options, like so: dhcp-option=44 Allow single-byte DHCP options like so: dhcp-option=20,1 Allow comments on the same line as options in /etc/dnsmasq.conf Don't complain when the same name and address is allocated to a host using DHCP and /etc/hosts. Added to the example configuration the dnsmasq equivalent of the ISC dhcpd settings given in http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt Fixed long-existing strangeness in Linux IPv6 interface discovery code. The flags field in /proc/net/if_inet6 is _not_ the interface flags. Fail gracefully when getting an ENODEV error when trying to bind an IPv6 socket, rather than bailing out. Thanks to Jan Ischebeck for feedback on that. Allow the name->address mapping for static DHCP leases to be set by /etc/hosts. It's now possible to have dhcp-host=,wibble or even dhcp-host=wibble and in /etc/hosts have wibble 1.2.3.4 and for the correct thing to happen. Note that some sort of dhcp-host line is still needed, it's not possible for random host to claim an address in /etc/hosts without some explicit configuration. Make 0.0.0.0 in a dhcp-option to mean "the machine running dnsmasq". Fix lease time spec when specified in dhcp-range and not in dhcp-host, previously this was always one hour. Fix problem with setting domains as "local only". - thanks to Chris Schank. Added support for max message size DHCP option. release 2.2 Fix total lack for DHCP functionality on Linux systems with IPv6 enabled. - thanks to Jonathon Hudson for spotting that. Move default config file under FreeBSD - patch from Steven Honson release 2.3 Fix "install" makefile target. (reported by Rob Stevens) Ensure that "local=/domain/" flag is obeyed for all queries on a domain, not just A and AAAA. (Reported by Peter Fichtner.) Handle DHCPDECLINE messages and provide an error message in DHCPNAK messages. Add "domain" setting example to dnsmasq.conf.example. Thanks to K P Kirchdorfer for spotting that it was missing. Subtle change to the DHCPREQUEST handling code to work around a bug in the DHCP client in HP Jetdirect printers. Thanks to Marko Stolle for finding this problem. Return DHCP T1 and T2 times, with "fuzz" to desynchronise lease renewals, as specified in the RFC. Ensure that the END option is always present in DHCP packets , even if the packet is too small to fit all the requested options. Handle larger-than-default DHCP packets if required, up to the ethernet MTU. Fix a couple of places where the return code from malloc() was not checked. Cope with a machine taking a DHCP lease and then moving network so that the lease address is no longer valid. The DHCP server will now work via a BOOTP relay - remote networks are configured with the dhcp-range option the same as directly connected ones, but they need an additional netmask parameter. Eg --dhcp-range=192.168.4.10,192.168.4.50,255.255,255.0 will enable DHCP service via a BOOTP relay on the 192.168.4.0 network. Add a limit on the number of available DHCP leases, otherwise the daemon could be DOSed by a malicious host. The default is 150, but it can be changed by the dhcp-lease-max option. Fixed compilation on OpenBSD (thanks to Frederic Brodbeck for help with that.) Reworked the DHCP network handling code for two good effects: (1) The limit of one network only for DHCP on FreeBSD is now gone, (2) The DHCP server copes with dynamically created interfaces. The one-interface limitation remains for OpenBSD, which is missing extensions to the socket API which have been in Linux since version 2.2 and FreeBSD since version 4.8. Reworked the DNS network code to also cope with dynamically created interfaces. dnsmasq will now listen to the wildcard address and port 53 by default, so if no --interface or --address options are given it will handle dynamically created interfaces. The old behaviour can be restored with --bind-interfaces for people running BIND on one interface and dnsmasq on another. Note that --interface and --address options still work, but the filtering is done by dnsmasq, rather then the kernel. This works on Linux, and FreeBSD>=5.0. On systems which don't support the required API extensions, the old behaviour is used, just as if --bind-interfaces had been set. Allow IPv6 support to be disabled at compile time. To do that, add -DNO_IPV6 to the CFLAGS. Thanks to Oleg I. Vdovikin for the suggestion to do that. Add ability to set DHCP options per network. This is done by giving a network an identifier like this: dhcp-range=red-net,192.168.0.10,192.168.0.50 and then labeling options intended for that network only like this: dhcp-option=red-net,6,1.1.1.1 Thanks to Oleg Vdovikin for arguing that one through. Made errors in the configuration file non-fatal: dnsmasq will now complain bitterly, but continue. Added --read-ethers option, to allow dnsmasq to pull static DHCP information from that file. Thanks to Andi Cambeis for that suggestion. Added HAVE_BROKEN_RTC compilation option to support embedded systems without a stable RTC. Oleg Vdovikin helped work out how to make that work. release 2.4 Fixed inability to start when the lease file doesn't already exist. Thanks to Dag Wieers for reporting that. Fixed problem were dhcp-host configuration options did not play well with entries in /etc/ethers for the same host. Thanks again to Dag Wieers. Tweaked DHCP code to favour moving to a newly-configured static IP address rather than an old lease when doing DHCP allocation. Added --alias configuration option. This provides IPv4 rewrite facilities like Cisco "DNS doctoring". Suggested by Chad Skeeters. Fixed bug in /etc/ethers parsing code triggered by tab characters. Kudos to Dag Wieers for helping to nail that one. Added "bind-interfaces" option correctly. release 2.5 Made "where are we allocating addresses?" code in DHCP server cope with requests via a relay which is on a directly connected network for which there is not a configured netmask. This strange state of affairs occurs with win4lin. Thanks to Alex Melt and Jim Horner for bug reports and testing with this. Fixed trivial-but-irritating missing #include which broke compilation on *BSD. Force --bind-interfaces if IP-aliased interface specifications are used, since the sockets API provides no other sane way to determine which alias of an interface a packet was sent to. Thanks to Javier Kohen for the bug report. release 2.6 Support Token Ring DHCP. Thanks to Dag Wieers for help testing. Note that Token ring support only works on Linux currently. Fix compilation on MacOS X. Thanks to Bernhard Ehlers for the patch. Added new "ignore" keyword for dhcp-host. "dhcp-host=11:22:33:44:55:66,ignore" will cause the DHCP server to ignore any host with the given MAC address, leaving it to other servers on the network. This also works with client-id and hostnames. Suggestion by Alex Melt. Fixed parsing of hex client IDs. Problem spotted by Peter Fichtner. Allow conf-file options in configuration file, to provide an include function. Re-read /etc/ethers on receipt of SIGHUP. Added back the ability to read ISC dhcpd lease files, by popular demand. Note that this is deprecated and for backwards compatibility only. You can get back the 4K of memory that the code occupies by undefining "HAVE_ISC_READER" in src/config.h Added ability to disable "pool" DHCP address allocation whilst leaving static leases working. The syntax is "dhcp-range=192.168.0.0,static" Thanks to Grzegorz Nosek for the suggestion. Generalized dnsmasq-rh.spec file to work on Mandrake too, and removed dnsmasq-mdk.spec. Thanks to Doug Keller. Allow DHCP options which are tied to specific static leases in the same way as to specific networks. Generalised the dhcp-option parser a bit to allow hex strings as parameters. This is now legal: dhcp-option=128,e4:45:74:68:00:00 Inspired by a patch from Joel Nordell. Changed the semantics of argument-less dhcp-options for the default-setting ones, ie 1, 3, 6 and 28. Now, doing eg, dhcp-option=3 stops dnsmasq from sending a default router option at all. Thanks to Scott Emmons for pointing out that this is useful. Fixed dnsmasq.conf parsing bug which interpreted port numbers in server= lines as a comment. To start a comment, a '#' character must now be a the start of a line or preceded by whitespace. Thanks to Christian Haggstrom for the bug report. release 2.7 Allow the dhcp-host specification of id:* which makes dnsmasq ignore any client-id. This is useful to ensure that a dual-boot machine sees the same lease when one OS gives a client-id and the other doesn't. It's also useful when PXE boot DHCP does not use client IDs but the OS it boots does. Thanks to Grzegorz Nosek for suggesting this enhancement. No longer assume that ciaddr is zero in received DHCPDISCOVER messages, just for security against broken clients. Set default of siaddr field to the address of the machine running dnsmasq when not explicitly set using dhcp-boot option. This is the ISC dhcpd behaviour. Send T1 and T2 options in DHCPOFFER packets. This is required by the DHCP client in some JetDirect printers. Thanks to Paul Mattal for work on this. Fixed bug with DHCP on OpenBSD reported by Dominique Jacquel. The code which added loopback interfaces to the list was confusing the DHCP code, which expected one interface only. Solved by adding loopback interfaces to address list instead. Add dhcp-vendorclass option to allow options to be sent only to certain classes of clients. Tweaked option search code so that if a netid-qualified option is used, any unqualified option is ignored. Changed the method of picking new dynamic IP addresses. This used to use the next consecutive address as long it was free, now it uses a hash from the client hardware address. This reduces the amount of address movement for clients which let their lease expire and allows consecutive DHCPOFFERS to the same host to (almost always) be for the same address, without storing state before a lease is granted. Tweaked option handling code to return all possible options rather than none when DHCP "requested options" field is missing. This fixes interoperability with ancient IBM LANMAN DHCP clients. Thanks to Jim Louvau for help with this. release 2.8 Pad DHCP packets to a minimum size of 300 bytes. This fixes interoperability problems with the Linux in-kernel DHCP/BOOTP client. Thanks to Richard Musil for diagnosing this and supplying a patch. Fixed option-parsing bug and potential memory leak. Patch from Richard Musil. Improved vendor class configuration and added user class configuration. Specifically: (1) options are matched on the netids from dhcp-range, dhcp-host, vendor class and user class(es). Multiple net-ids are allowed and options are searched on them all. (2) matches against vendor class and user class are now on a substring, if the given string is a substring of the vendor/user class, then a match occurs. Thanks again to Richard Musil for prompting this. Make "#" match any domain on --address and --server flags. --address=/#/1.2.3.4 will return 1.2.3.4 for _any_ domain not otherwise matched. Of course --server=/#/1.2.3.4 is exactly equivalent to --server=1.2.3.4. Special request from Josh Howlett. Fixed a nasty bug which would cause dnsmasq to lose track of leases for hosts which had a --dhcp-host flag without a name specification. The mechanism for this was that the hostname could get erroneously set as a zero-length string and then written to the leases file as a mal-formed line. Restarting dnsmasq would then lose the lease. Alex Hermann's work helped chase down this problem. Add checks against DHCP clients which return zero-length hostnames. This avoids the potential lease-loss problems referred to above. Also, if a client sends a hostname when it creates a lease but subsequently sends no or a zero-length hostname whilst renewing, continue to use the existing hostname, don't wipe it out. Tweaked option parsing to flag some parameter errors. release 2.9 Fixed interface filter code for two effects: 1) Fixed bug where queries sent via loopback interface but to the address of another interface were ignored unless the loopback interface was explicitly configured. 2) on OpenBSD failure to configure one interface now causes a fatal error on startup rather than a huge stream of log messages. Thanks to Erik Jan Tromp for finding that bug. Changed server selection strategy to improve performance when there are many available servers and some are broken. The new algorithm is to pick as before for the first try, but if a query is retried, to send to all available servers in parallel. The first one to reply then becomes preferred for the next query. This should improve reliability without generating significant extra upstream load. Fixed breakage of special servers/addresses for unqualified domains introduced in version 2.8 Allow fallback to "bind-interfaces" at runtime: Some versions of *BSD seem to have enough stuff in the header files to build but no kernel support. Also now log if "bind-interfaces" is forced on. Log replies from upstream servers which refuse to do recursion - dnsmasq is not a recursive nameserver and relies on upstream servers to do the recursion, this flags a configuration error. Disable client-id matching for hosts whose MAC address is read from /etc/ethers. Patch from Oleg I. Vdovikin. Extended --mx-host flag to allow arbitrary targets for MX records, suggested by Moritz Bunkus. Fixed build under NetBSD 2.0 - thanks to Felix Deichmann for the patch. Deal correctly with repeated addresses in /etc/hosts. The first name found is now returned for reverse lookups, rather than all of them. Add back fatal errors when nonexistent interfaces or interface addresses are given but only in "bind-interfaces" mode. Principle of least surprise applies. Allow # as the argument to --domain, meaning "read the domain from the first search directive in /etc.resolv.conf". Feature suggested by Evan Jones. release 2.10 Allow --query-port to be set to a low port by creating and binding the socket before dropping root. (Suggestion from Jamie Lokier) Support TCP queries. It turned out to be possible to do this with a couple of hundred lines of code, once I knew how. The executable size went up by a few K on i386. There are a few limitations: data obtained via TCP is not cached, and dynamically-created interfaces may break under certain circumstances. Source-address or query-port specifications are ignored for TCP. NAK attempts to renew a DHCP lease where the DHCP range has changed and the lease is no longer in the allowed range. Jamie Lokier pointed out this bug. NAK attempts to renew a pool DHCP lease when a statically allocated address has become available, forcing a host to move to its allocated address. Lots of people have suggested this change and been rebuffed (they know who they are) the straws that broke the camel's back were Tim Cutts and Jamie Lokier. Remove any nameserver records from answers which are modified by --alias flags. If the answer is modified, it cannot any longer be authoritative. Change behaviour of "bogus-priv" option to return NXDOMAIN rather than a PTR record with the dotted-quad address as name. The new behaviour doesn't provoke tcpwrappers like the old behavior did. Added a patch for the Suse rpm. That changes the default group to one suitable for Suse and disables inclusion of the ISC lease-file reader code. Thanks to Andy Cambeis for his ongoing work on Suse packaging. Support forwarding of EDNS.0 The maximum UDP packet size defaults to 1280, but may be changed with the --edns-packet-max option. Detect queries with the do bit set and always forward them, since DNSSEC records are not cached. This behaviour is required to make DNSSECbis work properly though dnsmasq. Thanks to Simon Josefsson for help with this. Move default config file location under OpenBSD from /usr/local/etc/dnsmasq.conf to /etc/dnsmasq.conf. Bug report from Jonathan Weiss. Use a lease with matching MAC address for a host which doesn't present a client-id, even if there was a client ID at some point in the past. This reduces surprises when changing DHCP clients, adding id:* to a host, and from the semantics change of /etc/ethers in 2.9. Thanks to Bernard Sammer for finding that. Added a "contrib" directory and in it the dnslist utility, from Thomas Tuttle. Fixed "fail to start up" problems under Linux with IPv6 enabled. It's not clear that these were an issue in released versions, but they manifested themselves when TCP support was added. Thanks to Michael Hamilton for assistance with this. version 2.11 Fixed DHCP problem which could result in two leases in the database with the same address. This looked much more alarming then it was, since it could only happen when a machine changes MAC address but kept the same name. The old lease would persist until it timed out but things would still work OK. Check that IP addresses in all dhcp-host directives are unique and die horribly if they are not, since otherwise endless protocol loops can occur. Use IPV6_RECVPKTINFO as socket option rather than IPV6_PKTINFO where available. This keeps late-model FreeBSD happy. Set source interface when replying to IPv6 UDP queries. This is needed to cope with link-local addresses. version 2.12 Added extra checks to ensure that DHCP created DNS entries cannot generate multiple DNS address->name entries. Thanks to Stefan Monnier for finding the exact set of configuration options which could create this. Don't set the the filterwin2k option in the example config file and add warnings that is breaks Kerberos. Thanks to Simon Josefsson and Timothy Folks for pointing that out. Log types of incoming queries as well as source and domain. Log NODATA replies generated as a result of the filterwin2k option. version 2.13 Fixed crash with un-named DHCP hosts introduced in 2.12. Thanks to Nicolo Wojewoda and Gregory Gathy for bug reports. version 2.14 Fix DHCP network detection for hosts which talk via a relay. This makes lease renewal for such hosts work correctly. Support RFC3011 subnet selectors in the DHCP server. Fix DHCP code to generate RFC-compliant responses to hosts in the INIT-REBOOT state. In the DHCP server, set the receive buffer size on the transmit-only packet socket to zero, to avoid waste of kernel buffers. Fix DHCP address allocation code to use the whole of the DHCP range, including the start and end addresses. Attempt an ICMP "ping" on new addresses before allocating them to leases, to avoid allocating addresses which are in use. Handle rfc951 BOOTP as well as DHCP for hosts which have MAC address to IP address mapping defined. Fix compilation under MacOS X. Thanks to Chris Tomlinson. Fix compilation under NetBSD. Thanks to Felix Deichmann. Added "keep-in-foreground" option. Thanks to Sean MacLennan for the patch. version 2.15 Fixed NXDOMAIN/NODATA confusion for locally known names. We now return a NODATA response for names which are locally known. Now a query for (eg AAAA or MX) for a name with an IPv4 address in /etc/hosts which fails upstream will generate a NODATA response. Note that the query is still tried upstream, but a NXDOMAIN reply gets converted to NODATA. Thanks to Eric de Thouars, Eric Spakman and Mike Mestnik for bug reports/testing. Allow multiple dhcp-ranges within the same network. The original intention was that there would be a dhcp-range option for each network served, but there's no real reason not to allow discontinuous ranges within a network so this release adds support for that. Check for dhcp-ranges which are inconsistent with their netmask, and generate errors or warnings. Improve error messages when there are problems with configuration. version 2.16 Fixed typo in OpenBSD-only code which stopped compilation under that OS. Chris Weinhaupl gets credit for reporting this. Added dhcp-authoritative option which restores non-RFC compliant but desirable behaviour of pre-2.14 versions and avoids long timeouts while DHCP clients try to renew leases which are unknown to dnsmasq. Thanks to John Mastwijk for help with this. Added support to the DHCP option code to allow RFC-3397 domain search DHCP option (119) to be sent. Set NONBLOCK on all listening sockets to workaround non-POSIX compliance in Linux 2.4 and 2.6. This fixes rare hangs which occurred when corrupted packets were received. Thanks to Joris van Rantwijk for chasing that down. Updated config.h for NetBSD. Thanks to Martin Lambers. Do a better job of distinguishing between retransmissions and new queries when forwarding. This fixes a bug triggered by the polipo web cache which sends A and AAAA queries both with the same transaction-ID. Thanks to Joachim Berdal Haga and Juliusz Chroboczek for help with this. Rewrote cache code to store CNAMES, rather then chasing them before storage. This eliminates bad situations when clients get inconsistent views depending on if data comes from the cache. Allow for more than one --addn-hosts flag. Clarify logged message when a DHCP lease clashes with an /etc/hosts entry. Thanks to Mat Swift for the suggestion. Added dynamic-dnsmasq from Peter Willis to the contrib section. version 2.17 Correctly deduce the size of numeric dhcp-options, rather than making wild guesses. Also cope with negative values. Fixed use of C library reserved symbol "index" which broke under certain combinations of library and compiler. Make bind-interfaces work for IPv6 interfaces too. Warn if an interface is given for listening which doesn't currently exist when not in bind-interfaces mode. (This is already a fatal error when bind-interfaces is set.) Allow the --interface and --except-interface options to take a comma-separated list of interfaces. Tweak --dhcp-userclass matching code to work with the ISC dhclient which violates RFC3004 unless its configuration is very warped. Thanks to Cedric Duval for the bug report. Allow more than one network-id tag in a dhcp-option. All the tags must match to enable the option. Added dhcp-ignore option to disable classes of hosts based on network-id tags. Also allow BOOTP options to be controlled by network tags. Fill in sname, file and siaddr fields in replies to DHCPINFORM messages. Don't send NAK replies to DHCPREQUEST packets for disabled clients. Credit to Cedric Duval for spotting this. Fix rare crash associated with long DNS names and CNAME records. Thanks to Holger Hoffstatte and especially Steve Grecni for help chasing that one down. version 2.18 Reworked the Linux interface discovery code (again) to cope with interfaces which have only IPv6 addresses and interfaces with more than one IPv6 address. Thanks to Martin Pels for help with that. Fix problems which occurred when more than one dhcp-range was specified in the same subnet: sometimes parameters (lease time, network-id tag) from the wrong one would be used. Thanks to Rory Campbell-Lange for the bug report. Reset cache statistics when clearing the cache. Enable long command line options on FreeBSD when the C library supports them. version 2.19 Tweaked the Linux-only interface discovery code to cope with interface-indexes larger than 8 bits in /proc/net/if_inet6. This only affects Linux, obviously. Thanks to Richard Atterer for the bug report. Check for under-length option fields in DHCP packets, a zero length client-id, in particular, could seriously confuse dnsmasq 'till now. Thanks to Will Murname for help with that. If a DHCP-allocated address has an associated name in /etc/hosts, and the client does not provide a hostname parameter and there is no hostname in a matching dhcp-host option, send the /etc/hosts name as the hostname in the DHCP lease. Thanks to Will Murname for the suggestion. version 2.20 Allow more than one instance of dnsmasq to run on a machine, each providing DHCP service on a different interface, provided that --bind-interfaces is set. This configuration used to work, but regressed in version 2.14 Fix compilation on Mac OS X. Thanks to Kevin Bullock. Protect against overlong names and overlong labels in configuration and from DHCP. Fix interesting corner case in CNAME handling. This occurs when a CNAME has a target which "shadowed" by a name in /etc/hosts or from DHCP. Resolving the CNAME would sneak the upstream value of the CNAME's target into the cache, alongside the local value. Now that doesn't happen, though resolving the CNAME still gives the unshadowed value. This is arguably wrong but rather difficult to fix. The main thing is to avoid getting strange results for the target due to the cache pollution when resolving the CNAME. Thanks to Pierre Habouzit for exploring the corner and submitting a very clear bug report. Fix subtle bug in the DNS packet parsing code. It's almost impossible to describe this succinctly, but the one known manifestation is the inability to cache the A record for www.apple.com. Thanks to Bob Alexander for spotting that. Support SRV records. Thanks to Robert Kean for the patches for this. Fixed sign confusion in the vendor-id matching code which could cause crashes sometimes. (Credit to Mark Wiater for help finding this.) Added the ability to match the netid tag in a dhcp-range. Combined with the ability to have multiple ranges in a single subnet, this provides a means to segregate hosts on different address ranges based on vendorclass or userclass. Thanks to Mark Wiater for prompting this enhancement. Added preference values for MX records. Added the --localise-queries option. version 2.21 Improve handling of SERVFAIL and REFUSED errors. Receiving these now initiates search for a new good server, and a server which returns them is not a candidate as a good server. Thanks to Istvan Varadi for pointing out the problem. Tweak the time code in BROKEN_RTC mode. Sanity check lease times in dhcp-range and dhcp-host configurations and force them to be at least two minutes (120s) leases shorter than a minute confuse some clients, notably Apple MacOS X. Rory Campbell-Lange found this problem. Only warn once about an upstream server which is refusing to do recursive queries. Fix DHCP address allocation problem when netid tags are in use. Thanks to Will Murname for the bug report and subsequent testing. Add an additional data section to the reply for MX and SRV queries. Add support for DNS TXT records. Thanks to Robert Kean and John Hampton for prompts and testing of these. Apply address rewriting to records in the additional data section of DNS packets. This makes things like MX records work with the alias function. Thanks to Chad Skeeters for pointing out the need for this. Added support for quoted strings in config file. Detect and defeat cache-poisoning attacks which attempt to send (malicious) answers to questions we didn't send. These are ignored now even if the attacker manages to guess a random query-id. Provide DHCP support for interfaces with multiple IP addresses or aliases. This in only enabled under Linux. See the FAQ entry for details. Revisit the MAC-address and client-id matching code to provide saner behaviour with PXE boots, where some requests have a client-id and some don't. Fixed off-by-one buffer overflow in lease file reading code. Thanks to Rob Holland for the bug report. Added wildcard matching for MAC addresses in dhcp-host options. A sensible suggestion by Nathaniel McCallum. version 2.22 Fixed build problems on (many) systems with older libc headers where is required before . Enabled HAVE_RTNETLINK under uclibc now that this fix is in place. Added support for encapsulated vendor-class-specific DHCP options. Thanks to Eric Shattow for help with this. Fix regression in 2.21 which broke commas in filenames and corrupted argv. Thanks to Eric Scott for the bugreport. Fixed stupid thinko which caused dnsmasq to wedge during startup with certain MX-record options. Another 2.21 regression. Fixed broken-ness when reading /etc/ethers. 2.21 broke this too. Fixed wedge with certain DHCP options. Yet another 2.21 regression. Rob Holland and Roy Marples chased this one down. version 2.23 Added a check to ensure that there cannot be more than one dhcp-host option for any one IP address, even if the addresses are assigned indirectly via a hostname and /etc/hosts. Include a "server identifier" in DHCPNAK replies, as required by RFC2131. Added method support for DBus (http://www.freedesktop.org/Software/dbus) This is a superior way to re-configure dnsmasq on-the-fly with different upstream nameservers, as the host moves between networks. DBus support must be enabled in src/config.h and should be considered experimental at this point. See DBus-interface for the specification of the DBus method calls supported. Added information to the FAQ about setting the DNS domain in windows XP and Mac OS X, thanks to Rick Hull. Added sanity check to resolv.conf polling code to cope with backwards-moving clocks. Thanks to Leonardo Canducci for help with this. Handle so-called "A-for-A" queries, which are queries for the address associated with a name which is already a dotted-quad address. These should be handled by the resolver code, but sometimes aren't and there's no point in forwarding them. Added "no-dhcp-interface" option to disable DHCP service on an interface, whilst still providing DNS. Fix format-string problem - config file names get passed to fprintf as a format string, so % characters could cause crashes. Thanks to Rob Holland for sleuthing that one. Fixed multiple compiler warnings from gcc 4. Thanks to Tim Cutts for the report. Send the hostname option on DHCP offer messages as well as DHCP ack messages. This is required by the Rio Digital Audio Receiver. Thanks to Ron Frederick for the patch. Add 'd' (for day) as a possible time multiplier in lease time specifications. Thanks to Michael Deegan. Make quoting suppress recognition of IP addresses, so dhcp-option=66,1.2.3.4 now means something different to dhcp-option=66,"1.2.3.4", which sets the option to a string value. Thanks to Brian Macauley for the bug report. Fixed the option parsing code to avoid segfaults from some invalid configurations. Thanks to Wookey for spotting that one. Provide information about which compile-time options were selected, both in the log at startup and as part of the output from dnsmasq --version. Thanks to Dirk Schenkewitz for the suggestion. Fix pathological behaviour when a broken client keeps sending DHCPDISCOVER messages repeatedly and fast. Because dealing with each of these takes a few seconds, (because of the ping) then a queue of DHCP packets could build up. Now, the results of a ping test are assumed to be valid for 30 seconds, so repeated waits are not required. Thanks to Luca Landi for finding this. Allow DHCPINFORM requests without hardware address information. These are generated by some browsers, looking for proxy information. Thanks to Stanley Jaddoe for the bug report on that. Add support of the "client FQDN" DHCP option. If present, this is used to allow the client to tell dnsmasq its name, in preference to (mis)using the hostname option. See http://tools.ietf.org/wg/dhc/draft-ietf-dhc-fqdn-option/\ draft-ietf-dhc-fqdn-option-10.txt for details of the draft spec. Added startup scripts for MacOS X Tiger/Panther to the contrib collection. Thanks to Tim Cutts. Tweak DHCP network selection so that clients which turn up on our network in REBINDING state and with a lease for a foreign network will get a NAK response. Thanks to Dan Shechter for work on this and an initial patch and thanks to Gyorgy Farkas for further testing. Fix DNS query forwarding for empty queries and forward queries even when the recursion-desired bit is clear. This allows "dig +trace" to work. Problem report from Uwe Gansert. Added "const" declarations where appropriate, thanks to Andreas Mohr for the patch. Added --bootp-dynamic option and associated functionality. Thanks to Josef Wolf for the suggestion. version 2.24 Updated contrib/openvpn/dnsmasq.patch from Joseph Tate. Tweaked DHCP NAK code, a DHCP NAK is now unicast as a fallback in cases where a broadcast is futile: namely in response to a unicast REQUEST from a non-local network which was not sent via a relay. Slightly changed the semantics of domain matching in --server and --address configs. --server=/domain.com/ still matches domain.com and sub.domain.com but does not now match newdomain.com The semantics of --server=/.domain.com/ are unchanged. Thanks to Chris Blaise for the patch. Added backwards-compatible internationalisation support. The existing make targets, (all, dnsmasq, install) work as before. New ones (all-i18n, and install-i18n) add gettext. The translations live in po/ There are not too many strings, so if anybody can provide translations (and for the manpage....) please send them in. Tweak behaviour on receipt of REFUSED or SERVFAIL rcodes, now the query gets retried on all servers before returning the error to the source of the query. Thanks to Javier Kohen for the report. Added Polish translation - thanks to Tomasz Sochanski. Changed default manpage install location from /usr/man to /usr/share/man Added Spanish translation - thanks to Christopher Chatham. Log a warning when a DHCP packet is truncated due to lack of space. (Thanks to Michael Welle for the prompt to do this.) Added French translation - thanks to Lionel Tricon. Added Indonesian translation - thanks to Salman AS. Tweaked the netlink code to cope with interface broadcast address not set, or set to 0.0.0.0. Fixed problem assigning fixed addresses to hosts when more than one dhcp-range is available. Thanks to Sorin Panca for help chasing this down. Added more explicit error messages to the hosts file and ethers file reading code. Markus Kaiserswerth suffered to make this happen. Ensure that a hostname supplied by a DHCP client can never override one configured on the server. Previously, any host claiming a name would be given it, even if that over-rode a dhcp-host declaration, leading to potentially confusing situations. Added Slackware package-build stuff into contrib/ The i18n effort broke the current scripts, and working ones were needed for testing, so they ended up here rather than make Pat re-invent the wheel. Added Romanian translation, thanks to Sorin Panca for that. version 2.25 Fixed RedHat spec file for FC4 - thanks to Werner Hoelzl and Andrew Bird. Fixed Suse spec file - thanks to Steven Springl. Fixed DHCP bug when two distinct subnets are on the same physical interface. Thanks to Pawel Zawora for finding this and suggesting the fix. Added logging to make it explicit when dnsmasq falls back from using RT-netlink sockets to the old ioctl API for getting information about interfaces. Doing this completely silently made remote debugging hard. Merged uclibc build fixes from the OpenWRT package into src/config.h Added Norwegian translation - thanks to Jan Erik Askildt. version 2.26 Fixed SuSe rpm patch problem - thanks to Steven Springl. Fixed crash when attempting to send a DHCP NAK to a host which believes it has a lease on an unknown network. Thanks to Lutz Pressler for the bug report and patch. version 2.27 Tweaked DHCP behaviour when a client attempts to renew a lease which dnsmasq doesn't know about. Previously that would always result in a DHCPNAK. Now, in dhcp-authoritative mode, the lease will be created, if it's legal. This makes dnsmasq work better if the lease database is lost, for example on an OpenWRT system which reboots. Thanks to Stephen Rose for work on this. Added the ability to support RFC-3442 style destination descriptors in dhcp-options. This makes classless static routes easy to do, eg dhcp-option=121,192.168.1.0/24,1.2.3.4 Added error-checking to the code which writes the lease file. If this fails for any reason, an error is logged, and a retry occurs after one minute. This should improve things eg when a filesystem is full. Thanks to Jens Holze for the bug report. Fixed breakage of the "/#/ matches any domain" facility which happened in 2.24. Thanks to Peter Surda for the bug report. Use "size_t" and "ssize_t" types where appropriate in the code. Fix buggy CNAME handling in mixed IPv4 and IPv6 queries. Thanks to Andreas Pelme for help finding that. Added some code to attempt to re-transmit DNS queries when a network interface comes up. This helps on DoD links, where frequently the packet which triggers dialling is a DNS query, which then gets lost. By re-sending, we can avoid the lookup failing. This function is only active when netlink support is compiled in, and therefore only under Linux. Thanks to Jean Wolter for help with this. Tweaked the DHCP tag-matching code to work correctly with NOT-tag conditions. Thanks to Lutz Pressler for finding the bug. Generalised netid-tag matching in dhcp-range statements to allow more than one tag. Added --dhcp-mac to do MAC address matching in the same way as vendorclass and userclass matching. A good suggestion from Lutz Pressler. Add workaround for buggy early Microsoft DHCP clients which need zero-termination in string options. Thanks to Fabiano Pires for help with this. Generalised the DHCP code to cope with any hardware address type, at least on Linux. *BSD is still limited to ethernet only. version 2.28 Eliminated all raw network access when running on Linux. All DHCP network activity now goes through the IP stack. Packet sockets are no longer required. Apart from being a neat hack, this should also allow DHCP over IPsec to work better. On *BSD and OS X, the old method of raw net access through BPF is retained. Simplified build options. Networking is now slimmed down to a choice of "linux" or "other". Netlink is always used under Linux. Since netlink has been available since 2.2 and non-optional in an IPv4-configured kernel since 2.4, and the dnsmasq netlink code is now well tested, this should work out fine. Removed decayed build support for libc5 and Solaris. Removed pselect code: use a pipe for race-free signal handling instead, as this works everywhere. No longer enable the ISC leasefile reading code in the distributed sources. I doubt there are many people left using this 1.x compatibility code. Those that are will have to explicitly enable it in src/config.h. Don't send the "DHCP maximum message size" option, even if requested. RFC2131 says this is a "MUST NOT". Support larger-than-minimum DHCP message. Dnsmasq is now happy to get larger than 576-byte DHCP messages, and will return large messages, if permitted by the "maximum message size" option of the message to which it is replying. There's now an arbitrary sanity limit of 16384 bytes. Added --no-ping option. This fixes an RFC2131 "SHOULD". Building on the 2.27 MAC-address changes, allow clients to provide no MAC address at all, relying on the client-id as a unique identifier. This should make things like DHCP for USB come easier. Fixed regression in netlink code under 2.2.x kernels which occurred in 2.27. Erik Jan Tromp is the vintage kernel fan who found this. P.S. It looks like this "netlink bind: permission denied" problem occurred in kernels at least as late a 2.4.18. Good information from Alain Richoux. Added a warning when it's impossible to give a host its configured address because the address is leased elsewhere. A sensible suggestion from Mircea Bardac. Added minimal support for RFC 3046 DHCP relay agent-id options. The DHCP server now echoes these back to the relay, as required by the RFC. Also, RFC 3527 link selection sub-options are honoured. Set the process "dumpable" flag when running in debug mode: this makes getting core dumps from root processes much easier. Fixed one-byte buffer overflow which seems to only cause problems when dnsmasq is linked with uclibc. Thanks to Eric House and Eric Spakman for help in chasing this down. Tolerate configuration screwups which lead to the DHCP server attempting to allocate its own address to a client; eg setting the whole subnet range as a DHCP range. Addresses in use by the server are now excluded from use by clients. Did some thinking about HAVE_BROKEN_RTC mode, and made it much simpler and better. The key is to just keep lease lengths in the lease file. Since these normally never change, even as the lease is renewed, the lease file never needs to change except when machines arrive on the network or leave. This eliminates the code for timed writes, and reduces the amount of wear on a flash filesystem to the absolute minimum. Also re-did the basic time function in this mode to use the portable times(), rather than parsing /proc/uptime. Believe the source port number when replying to unicast DHCP requests and DHCP requests via a relay, instead of always using the standard ports. This will allow relays on non-standard ports and DHCPINFORM from unprivileged ports to work. The source port sent by unconfigured clients is still ignored, since this may be unreliable. This means that a DHCP client must use the standard port to do full configuration. version 2.29 Fixed compilation on OpenBSD (thanks to Tom Hensel for the report). Fixed false "no interface" errors when --bind-interfaces is set along with --interface=lo or --listen-address. Thanks to Paul Wise for the report. Updated patch for SuSE rpm. Thanks to Steven Springl. It turns out that there are some Linux kernel configurations which make using the capability system impossible. If this situation occurs then continue, running as root, and log a warning. Thanks to Scott Wehrenberg for help tracking this down. version 2.30 Fixed crash when a DHCP client requested a broadcast reply. This problem was introduced in version 2.28. Thanks to Sandra Dekkers for the bug report. version 2.31 Added --dhcp-script option. There have been calls for this for a long time from many good people. Fabio Muzzi gets the prize for finally convincing me. Added example dbus config file and moved dbus stuff into its own directory. Removed horribly outdated Redhat RPM build files. These are obsolete now that dnsmasq in in Fedora extras. Thanks to Patrick "Jima" Laughton, the Fedora package maintainer. Added workaround for Linux kernel bug. This manifests itself as failure of DHCP on kernels with "support for classical IP over ATM" configured. That includes most Debian kernel packages. Many thanks to A. Costa and Benjamin Kudria for their huge efforts in chasing this down. Force-kill child processes when dnsmasq is sent a sigterm, otherwise an unclosed TCP connection could keep dnsmasq hanging round for a few minutes. Tweaked config.h logic for uclibc build. It will now pick up MMU and IPV6 status correctly on every system I tested. version 2.32 Attempt a better job of replacing previous configuration when re-reading /etc/hosts and /etc/ethers. SIGHUP is still not identical to a restart under all circumstances, but it is for the common case of name->MAC address in /etc/ethers and name->IP address in /etc/hosts. Fall back to broadcast for DHCP to an unconfigured client when the MAC address size is greater than 14 bytes. Fix problem in 2.28-onwards releases which breaks DNS on Mac OS X. Thanks to Doug Fields for the bug report and testing. Added fix to allow compilation on c89-only compilers. Thanks to John Mastwijk for the patch. Tweak resolv file polling code to work better if there is a race between updating the mtime and file contents. This is not normally a problem, but it can be on systems which replace nameservers whilst active. The code now continues to read resolv.conf until it gets at least one usable server. Thanks to Holger Mauermann for help with this. If a client DECLINEs an address which is allocated to it via dhcp-host or /etc/hosts, lock that address out of use for ten minutes, instead of forever, and log when it's not being used because of the lock-out. This should provide less surprising behaviour when a configured address can't be used. Thanks to Peter Surda and Heinz Deinhart for input on this. Fixed *BSD DHCP breakage with only some arches/compilers, depending on structure padding rules. Thanks to Jeb Campbell and Tom Hensel for help with this. Added --conf-dir option. Suggestion from Aaron Tygart. Applied patch from Brent Cook which allows netids in dhcp-option configuration lines to be prefixed by "net:". This is not required by the syntax, but it is consistent with other configuration items. Added --log-facility option. Suggestion from Fabio Muzzi. Major update to Spanish translation. Many thanks to Chris Chatham. Fixed gcc-4.1 strict-alias compilation warning. version 2.33 Remove bash-specific shellcode from the Makefile. Fix breakage with some DHCP relay implementations which was introduced in 2.28. Believing the source port in DHCP requests and sending the reply there is sometimes a bad thing to do, so I've reverted to always sending to the relay on port 68. Thanks to Daniel Hamlin and Alex (alde) for bug reports on this. Moved the SuSe packaging files to contrib. I will no longer attempt to maintain this in the source tarball. It will be done externally, in the same way as packaging for other distros. Suse packages are available from ftp://ftp.suse.com/pub/people/ug/ Merged patch from Gentoo to honour $LDFLAGS environment. Fix bug in resolv.conf processing when more than one file is being checked. Add --dns-forward-max option. Warn if --resolv-file flags are ignored because of --no-resolv. Thanks to Martin F Krafft for spotting this one. Add --leasefile-ro option which allows the use of an external lease database. Many thanks to Steve Horbachuk for assistance developing this feature. Provide extra information to lease-change script via its environment. If the host has a client-id, then DNSMASQ_CLIENT_ID will be set. Either the lease length (in DNSMASQ_LEASE_LENGTH) or lease expiry time (in DNSMASQ_LEASE_EXPIRES) will be set, depending on the HAVE_BROKEN_RTC compile-time option. This extra information should make it possible to maintain the lease database in external storage such as LDAP or a relational database. Note that while leasefile-ro is set, the script will be called with "old" events more often, since changes to the client-id and lease length (HAVE_BROKEN_RTC) or lease expiry time (otherwise) are now flagged. Add contrib/wrt/* which is an example implementation of an external persistent lease database for *WRT distros with the nvram command. Add contrib/wrt/dhcp_release.c which is a small utility which removes DHCP leases using DHCPRELEASE operation in the DHCP protocol. version 2.34 Tweak network-determination code for another corner case: in this case a host forced to move between dhcp-ranges on the same physical interface. Thanks to Matthias Andree. Improve handling of high DNS loads by throttling acceptance of new queries when resources are tight. This should be a better response than the "forwarding table full..." message which was logged before. Fixed intermittent infinite loop when re-reading /etc/ethers after SIGHUP. Thanks to Eldon Ziegler for the bug report. Provide extra information to the lease-change script: when a lease loses its hostname (because a new lease comes along and claims the same new), the "old" action is called with the current state of the lease, ie no name. The change is to provide the former name which the lease had in the environment variable DNSMASQ_OLD_HOSTNAME. This helps scripts which do stuff based on hostname, rather than IP address. Also provide vendor-class and user-class information to the lease-change script when a new lease is created in the DNSMASQ_VENDOR_CLASS and DNSMASQ_USER_CLASS environment variables. Suggestion from Francois-Xavier Le Bail. Run the lease change script as root, even when dnsmasq is configured to change UID to an unprivileged user. Since most uses of the lease change script need root, this allows its use whilst keeping the security advantages of running the daemon without privs. The script is invoked via a small helper process which keeps root UID, and validates all data received from the main process. To get root, an attacker would have to break dnsmasq and then break the helper through the restricted comms channel linking the two. Add contrib/port-forward/* which is a script to set up port-forwards using the DHCP lease-change script. It's possible to add a host to a config file by name, and when that host gets a DHCP lease, the script will use iptables to set up port-forwards to configured ports at the address which the host is allocated. The script also handles setting up the port-forward iptables entries after reboot, using the persistent lease database, and removing them when a host leaves and its DHCP lease expires. Fix unaligned access problem which caused wrong log messages with some clients on some architectures. Thanks to Francois-Xavier Le Bail for the bugreport. Fixed problem with DHCPRELEASE and multi-address interfaces. Enhanced contrib/wrt/dhcp_release to cope under these circumstances too. Thanks to Eldon Ziegler for input on this. Updated French translation: thanks to Gildas Le Nadan. Upgraded the name hash function in the DNS cache. Thanks to Oleg Khovayko for good work on this. Added --clear-on-reload flag. Suggestion from Johannes Stezenbach. Treat a nameserver address of 0.0.0.0 as "nothing". Erwin Cabrera spotted that specifying a nameserver as 0.0.0.0 breaks things badly; this is because the network stack treats is as "this host" and an endless loop ensues. Added Webmin module in contrib/webmin. Thanks to Neil Fisher for that. version 2.35 Generate an "old" script event when a client does a DHCPREQUEST in INIT-REBOOT or SELECTING state and the lease already exists. Supply vendor and user class information to these script calls. Added support for Dragonfly BSD to src/config.h Removed "Upgrading to 2.0" document, which is ancient history now. Tweak DHCP networking code for BSD, esp OpenBSD. Added a workaround for a bug in OpenBSD 4.0: there should finally be support for multiple interfaces under OpenBSD now. Note that no version of dnsmasq before 2.35 will work for DHCP under OpenBSD 4.0 because of a kernel bug. Thanks to Claudio Jeker, Jeb Campbell and Cristobal Palmer for help with this. Optimised the cache code for the case of large /etc/hosts. This is mainly to remove the O(n-squared) algorithm which made reading large (50000 lines) files slow, but it also takes into account the size of /etc/hosts when building hash tables, so overall performance should be better. Thanks to "koko" for pointing out the problem. version 2.36 Added --dhcp-ignore-names flag which tells dnsmasq not to use names provided by DHCP clients. Suggestion from Thomas M Steenholdt. Send netmask and broadcast address DHCP options always, even if the client doesn't request them. This makes a few odd clients work better. Added simple TFTP function, optimised for net-boot. It is now possible to net boot hosts using only dnsmasq. The TFTP server is read-only, binary-mode only, and designed to be secure; it adds about 4K to the dnsmasq binary. Support DHCP option 120, SIP servers, (RFC 3361). Both encodings are supported, so both --dhcp-option=120,192.168.2.3 and --dhcp-option=120,sip.example.net will work. Brian Candler pointed out the need for this. Allow spaces in domain names, to support DNS-SD. Add --ptr-record flag, again for DNS-SD. Thanks to Stephan Sokolow for the suggestion. Tolerate leading space on lines in the config file. Thanks to Luigi Rizzo for pointing this out. Fixed netlink.c to cope with headers from the Linux 2.6.19 kernel. Thanks to Philip Wall for the bug report. Added --dhcp-bridge option, but only to the FreeBSD build. This fixes an oddity with a particular bridged network configuration on FreeBSD. Thanks to Luigi Rizzo for the patch. Added FAQ entry about running dnsmasq in a Linux vserver. Thanks to Gildas le Nadan for the information. Fixed problem with option parsing which interpreted "/" as an address and not a string. Thanks to Luigi Rizzo for the patch. Ignore the --domain-needed flag when forwarding NS and SOA queries, since NS queries of TLDs are always legit. Marcus Better pointed out this problem. Take care to forward signed DNS requests bit-perfect, so as not to affect the validity of the signature. This should allow DDNS updates to be forwarded. version 2.37 Add better support for RFC-2855 DHCP-over-firewire and RFC -4390 DHCP-over-InfiniBand. A good suggestion from Karl Svec. Some efficiency tweaks to the cache code for very large /etc/hosts files. Should improve reverse (address->name) lookups and garbage collection. Thanks to Jan 'RedBully' Seiffert for input on this. Fix regression in 2.36 which made bogus-nxdomain and DNS caching unreliable. Thanks to Dennis DeDonatis and Jan Seiffert for bug reports. Make DHCP encapsulated vendor-class options sane. Be warned that some conceivable existing configurations using these may break, but they work in a much simpler and more logical way now. Prepending "vendor:" to an option encapsulates it in option 43, and the option is sent only if the client-supplied vendor-class substring-matches with the given client-id. Thanks to Dennis DeDonatis for help with this. Apply patch from Jan Seiffert to tidy up tftp.c Add support for overloading the filename and servername fields in DHCP packet. This gives extra option-space when these fields are not being used or with a modern client which supports moving them into options. Added a LIMITS section to the man-page, with guidance on maximum numbers of clients, file sizes and tuning. release 2.38 Fix compilation on *BSD. Thanks to Tom Hensel. Don't send length zero DHCP option 43 and cope with encapsulated options whose total length exceeds 255 octets by splitting them into multiple option 43 pieces. Avoid queries being retried forever when --strict-order is set and an upstream server returns a SERVFAIL error. Thanks to Johannes Stezenbach for spotting this. Fix BOOTP support, broken in version 2.37. Add example dhcp-options for Etherboot. Add \e (for ASCII ESCape) to the set of valid escapes in config-file strings. Added --dhcp-option-force flag and examples in the configuration file which use this to control PXELinux. Added --tftp-no-blocksize option. Set netid tag "bootp" when BOOTP (rather than DHCP) is in use. This makes it easy to customise which options are sent to BOOTP clients. (BOOTP allows only 64 octets for options, so it can be necessary to trim things.) Fix rare hang in cache code, a 2.37 regression. This probably needs an infinite DHCP lease and some bad luck to trigger. Thanks to Detlef Reichelt for bug reports and testing. release 2.39 Apply patch from Mike Baker/OpenWRT to ensure that names like "localhost." in /etc/hosts with trailing period are treated as fully-qualified. Tolerate and ignore spaces around commas in the configuration file in all circumstances. Note that this may change the meaning of a few existing config files, for instance txt-record=mydomain.com, string would have a leading space in the string before, and now will not. To get the old behaviour back, use quotes: txt-record=mydomain.com," string" /a is no longer a valid escape in quoted strings. Added symbolic DHCP option names. Instead of dhcp-option = 3, 1.2.3.4 it is now possible to do dhcp-option = option:router, 1.2.3.4 To see the list of known DHCP options, use the command "dnsmasq --help dhcp" Thanks to Luigi Rizzo for a patch and good work on this. Overhauled the log code so that logging can be asynchronous; dnsmasq then no longer blocks waiting for the syslog() library call. This is important on systems where syslog is being used to log over the network (and therefore doing DNS lookups) and syslog is using dnsmasq as its DNS server. Having dnsmasq block awaiting syslog under such circumstances can lead to syslog and dnsmasq deadlocking. The new behaviour is enabled with a new --log-async flag, which can also be used to tune the queue length. Paul Chambers found and diagnosed this trap for the unwary. He also did much testing of the solution along with Carlos Carvalho. --log-facility can now take a file-name instead of a facility name. When this is done, dnsmasq logs to the file and not via syslog. (Failures early in startup, whilst reading configuration, will still go to syslog, and syslog is used as a log-of-last-resort if the file cannot be written.) Added --log-dhcp flag. Suggestion from Carlos Carvalho. Made BINDIR, MANDIR and LOCALEDIR independently over-rideable in the makefile. Suggestion from Thomas Klausner. Added 127.0.0.0/8 and 169.254.0.0/16 to the address ranges affected by --bogus-priv. Thanks to Paul Chambers for the patch. Fixed failure of TFTP server with --listen-address. Thanks to William Dinkel for the bug report. Added --dhcp-circuitid and --dhcp-remoteid for RFC3046 relay agent data matching. Added --dhcp-subscrid for RFC3993 subscriber-id relay agent data matching. Correctly garbage-collect connections when upstream servers go away as a result of DBus transactions. Allow absolute paths for TFTP transfers even when --tftp-root is set, as long as the path matches the root, so /var/ftp/myfile is OK with tftp-root=/var/ftp. Thanks for Thomas Mizzi for the patch. Updated Spanish translation - thanks to Chris Chatham. Updated French translation - thanks to Gildas Le Nadan. Added to example conf file example of routing PTR queries for a subnet to a different nameserver. Suggestion from Jon Nicholson. Added --interface-name option. This provides a facility to add a domain name with a dynamic IP address taken from the address of a local network interface. Useful for networks with dynamic IPs. version 2.40 Make SIGUSR2 close-and-reopen the logfile when logging direct to a file. Thanks to Carlos Carvalho for suggesting this. When a logfile is created, change its ownership to the user dnsmasq will run as, don't leave it owned by root. Set a special tag, "known" for hosts which are matched by a dhcp-host or /etc/ethers line. This is especially useful to be able to do --dhcp-ignore=#known, like ISCs "deny unknown-clients". Explicitly set a umask before creating the leases file, rather than relying on whatever we inherited. The permissions are set to 644. Fix handling of fully-qualified names in --dhcp-host directives and in /etc/ethers. These are now rejected if the domain doesn't match that given by --domain, and used correctly otherwise. Before, putting a FQDN here could cause the whole FQDN to be used as hostname. Thanks to Michael Heimpold for the bug report. Massive but trivial edit to make the "daemon" variable global, instead of copying the same value around as the first argument to half the functions in the program. Updated Spanish manpage and message catalog. Thanks to Chris Chatham. Added patch for support of DNS LOC records in contrib/dns-loc. Thanks to Lorenz Schori. Fixed error in manpage: dhcp-ignore-name -> dhcp-ignore-names. Thanks to Daniel Mentz for spotting this. Use client-id as hash-seed for DHCP address allocation with Firewire and InfiniBand, as these don't supply a MAC address. Tweaked TFTP file-open code to make it behave sensibly when the filesystem changes under its feet. Added DNSMASQ_TIME_REMAINING environment variable to the lease-script. Always send replies to DHCPINFORM requests to the source of the request and not to the address in ciaddr. This allows third-party queries. Return "lease time remaining" in the reply to a DHCPINFORM request if there exists a lease for the host sending the request. Added --dhcp-hostsfile option. This gives a superset of the functionality provided by /etc/ethers. Thanks to Greg Kurtzer for the suggestion. Accept keyword "server" as a synonym for "nameserver" in resolv.conf. Thanks to Andrew Bartlett for the report. Add --tftp-unique-root option. Suggestion from Dermot Bradley. Tweak TFTP retry timer to avoid problems with difficult clients. Thanks to Dermot Bradley for assistance with this. Continue to use unqualified hostnames provided by DHCP clients, even if the domain part is illegal. (The domain is ignored, and an error logged.) Previously in this situation, the whole name would have been rejected. Thanks to Jima for the patch. Handle EINTR returns from wait() correctly and reap our children's children if necessary. This fixes a problem with zombie-creation under *BSD when using --dhcp-script. Escape spaces in hostnames when they are stored in the leases file and passed to the lease-change script. Suggestion from Ben Voigt. Re-run the lease change script with an "old" event for each lease when dnsmasq receives a SIGHUP. Added more useful exit codes, including passing on a non-zero exit code from the lease-script "init" call when --leasefile-ro is set. Log memory allocation failure whilst the daemon is running. Allocation failures during startup are fatal, but lack of memory whilst running is worked around. This used to be silent, but now is logged. Fixed misaligned memory access which caused problems on Blackfin CPUs. Thanks to Alex Landau for the patch. Don't include (useless) script-calling code when NO_FORK is set. Since this tends to be used on very small uclinux systems, it's worth-while to save some code-size. Don't set REUSEADDR on TFTP listening socket. There's no need to do so, and it creates confusing behaviour when inetd is also listening on the same port. Thanks to Erik Brown for spotting the problem. version 2.41 Remove deprecated calls when compiled against libdbus 1.1. Fix "strict-alias" warning in bpf.c Reduce dependency on Gnu-make in build system: dnsmasq now builds with system make under OpenBSD. Port to Solaris. Dnsmasq 1.x used to run under Solaris, and this release does so again, for Solaris 9 or better. Allow the DNS function to be completely disabled, by setting the port to zero "--port=0". The allows dnsmasq to be used as a simple DHCP server, simple TFTP server, or both, but without the DNS server getting in the way. Fix a bug where NXDOMAIN could be returned for a query even if the name's value was known for a different query type. This bug could be prodded with --local=/domain/ --address=/name.domain/1.2.3.4 An IPv6 query for name.domain would return NXDOMAIN, and not the correct NOERROR. Thanks to Lars Nooden for spotting the bug and Jima for diagnosis of the problem. Added per-server stats to the information logged when dnsmasq gets SIGUSR1. Added counts of queries forwarded and queries answered locally (from the cache, /etc/hosts or config). Fixed possible crash bug in DBus IPv6 code. Thanks to Matt Domsch and Jima. Tighten checks for clashes between hosts-file and DHCP-derived names. Multiple addresses associated with a name in hosts-file no longer confuses the check. Add --dhcp-no-override option to fix problems with some combinations of stage zero and stage one bootloaders. Thanks to Steve Alexander for the bug report. Add --tftp-port-range option. Thanks to Daniel Mierswa for the suggestion. Add --stop-dns-rebind option. Thanks to Collin Mulliner for the patch. Added GPL version 3 as a license option. Added --all-servers option. Thanks to Peter Naulls for the patch. Extend source address mechanism so that the interface used to contact an upstream DNS server can be nailed down. Something like "--server=1.2.3.4@eth1" will force the use of eth1 for traffic to DNS-server 1.2.3.4. This facility is only available on Linux and Solaris. Thanks to Peter Naulls for prompting this. Add --dhcp-optsfile option. Thanks to Carlos Carvalho for the suggestion. Fixed failure to set source address for server connections when using TCP. Thanks to Simon Capper for finding this bug. Refuse to give a DHCP client the address it asks for if the address range in question is not available to that particular host. Thanks to Cedric Duval for the bug report. Changed behavior of DHCP server to always return total length of a new lease in DHCPOFFER, even if an existing lease exists. (It used to return the time remaining on the lease when one existed.) This fixes problems with the Sony Ericsson K610i phone. Thanks to Hakon Stordahl for finding and fixing this. Add DNSMASQ_INTERFACE to the environment of the lease-change script. Thanks to Nikos Mavrogiannopoulos for the patch. Fixed broken --alias functionality. Thanks to Michael Meelis for the bug report. Added French translation of the man page. Thank to Gildas Le Nadan for that. Add --dhcp-match flag, to check for arbitrary options in DHCP messages from clients. This enables use of dnsmasq with iPXE. Thanks to Rance Hall for the suggestion. Added --dhcp-broadcast, to force broadcast replies to DHCP clients which need them but are too dumb or too old to ask. Thanks to Bodo Bellut for the suggestion. Disable path-MTU discovery on DHCP and TFTP sockets. This is never needed, and the presence of DF flags in the IP header confuses some broken PXE ROMS. Thanks again to Bodo Bellut for spotting this. Fix problems with addresses which have multiple PTR records - all but one of these could get lost. Fix bug with --address and ANY query type seeing REFUSED return code in replies. Thanks to Mike Wright for spotting the problem. Update Spanish translation. Thanks to Chris Chatham. Add --neg-ttl option. Add warnings about the bad effects of --filterwin2k on SIP, XMPP and Google-talk to the example config file. Fix va_list abuse in log.c. This fixes crashes on powerpc when debug mode is set. Thanks to Cedric Duval for the patch. version 2.42 Define _GNU_SOURCE to avoid problems with later glibc headers. Thanks to Jima for spotting the problem. Add --dhcp-alternate-port option. Thanks to Jan Psota for the suggestion. Fix typo in code which is only used on BSD, when Dbus and IPv6 support is enabled. Thanks to Roy Marples. Updated Polish translations - thank to Jan Psota. Fix OS detection logic to cope with GNU/FreeBSD. Fix uninitialised variable in DBus code - thanks to Roy Marples. Fix network enumeration code to work on later NetBSD - thanks to Roy Marples. Provide --dhcp-bridge on all BSD variants. Define _LARGEFILE_SOURCE which removes an arbitrary 2GB limit on logfiles. Thanks to Paul Chambers for spotting the problem. Fix RFC3046 agent-id echo code, broken for many releases. Thanks to Jeremy Laine for spotting the problem and providing a patch. Added Solaris 10 service manifest from David Connelly in contrib/Solaris10 Add --dhcp-scriptuser option. Support new capability interface on suitable Linux kernels, removes "legacy support in use" messages. Thanks to Jorge Bastos for pointing this out. Fix subtle bug in cache code which could cause dnsmasq to lock spinning CPU in rare circumstances. Thanks to Alex Chekholko for bug reports and help debugging. Support netascii transfer mode for TFTP. dnsmasq-2.80.orig/COPYING0000664000000000000000000004312713350032235011776 0ustar GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19yy name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. dnsmasq-2.80.orig/COPYING-v30000664000000000000000000010451313350032235012321 0ustar GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . dnsmasq-2.80.orig/FAQ0000664000000000000000000006560113350032235011276 0ustar Q: Why does dnsmasq open UDP ports >1024 as well as port 53. Is this a security problem/trojan/backdoor? A: The high ports that dnsmasq opens are for replies from the upstream nameserver(s). Queries from dnsmasq to upstream nameservers are sent from these ports and replies received to them. The reason for doing this is that most firewall setups block incoming packets _to_ port 53, in order to stop DNS queries from the outside world. If dnsmasq sent its queries from port 53 the replies would be _to_ port 53 and get blocked. This is not a security hole since dnsmasq will only accept replies to that port: queries are dropped. The replies must be to outstanding queries which dnsmasq has forwarded, otherwise they are dropped too. Addendum: dnsmasq now has the option "query-port" (-Q), which allows you to specify the UDP port to be used for this purpose. If not specified, the operating system will select an available port number just as it did before. Second addendum: following the discovery of a security flaw in the DNS protocol, dnsmasq from version 2.43 has changed behavior. It now uses a new, randomly selected, port for each query. The old default behaviour (use one port allocated by the OS) is available by setting --query-port=0, and setting the query port to a positive value still works. You should think hard and know what you are doing before using either of these options. Q: Why doesn't dnsmasq support DNS queries over TCP? Don't the RFC's specify that? A: Update: from version 2.10, it does. There are a few limitations: data obtained via TCP is not cached, and source-address or query-port specifications are ignored for TCP. Q: When I send SIGUSR1 to dump the contents of the cache, some entries have no IP address and are for names like mymachine.mydomain.com.mydomain.com. What are these? A: They are negative entries: that's what the N flag means. Dnsmasq asked an upstream nameserver to resolve that address and it replied "doesn't exist, and won't exist for hours" so dnsmasq saved that information so that if _it_ gets asked the same question it can answer directly without having to go back to the upstream server again. The strange repeated domains result from the way resolvers search short names. See "man resolv.conf" for details. Q: Will dnsmasq compile/run on non-Linux systems? A: Yes, there is explicit support for *BSD and MacOS X and Solaris. There are start-up scripts for MacOS X Tiger and Panther in /contrib. Dnsmasq will link with uclibc to provide small binaries suitable for use in embedded systems such as routers. (There's special code to support machines with flash filesystems and no battery-backed RTC.) If you encounter make errors with *BSD, try installing gmake from ports and building dnsmasq with "make MAKE=gmake" For other systems, try altering the settings in config.h. Q: My company's nameserver knows about some names which aren't in the public DNS. Even though I put it first in /etc/resolv.conf, it doesn't work: dnsmasq seems not to use the nameservers in the order given. What am I doing wrong? A: By default, dnsmasq treats all the nameservers it knows about as equal: it picks the one to use using an algorithm designed to avoid nameservers which aren't responding. To make dnsmasq use the servers in order, give it the -o flag. If you want some queries sent to a special server, think about using the -S flag to give the IP address of that server, and telling dnsmasq exactly which domains to use the server for. Q: OK, I've got queries to a private nameserver working, now how about reverse queries for a range of IP addresses? A: Use the standard DNS convention of .in-addr.arpa. For instance to send reverse queries on the range 192.168.0.0 to 192.168.0.255 to a nameserver at 10.0.0.1 do server=/0.168.192.in-addr.arpa/10.0.0.1 Note that the "bogus-priv" option take priority over this option, so the above will not work when the bogus-priv option is set. Q: Dnsmasq fails to start with an error like this: "dnsmasq: bind failed: Cannot assign requested address". What's the problem? A: This has been seen when a system is bringing up a PPP interface at boot time: by the time dnsmasq start the interface has been created, but not brought up and assigned an address. The easiest solution is to use --interface flags to specify which interfaces dnsmasq should listen on. Since you are unlikely to want dnsmasq to listen on a PPP interface and offer DNS service to the world, the problem is solved. Q: I'm running on BSD and dnsmasq won't accept long options on the command line. A: Dnsmasq when built on some BSD systems doesn't use GNU getopt by default. You can either just use the single-letter options or change config.h and the Makefile to use getopt-long. Note that options in /etc/dnsmasq.conf must always be the long form, on all platforms. Q: Names on the internet are working fine, but looking up local names from /etc/hosts or DHCP doesn't seem to work. A: Resolver code sometime does strange things when given names without any dots in. Win2k and WinXP may not use the DNS at all and just try and look up the name using WINS. On unix look at "options ndots:" in "man resolv.conf" for details on this topic. Testing lookups using "nslookup" or "dig" will work, but then attempting to run "ping" will get a lookup failure, appending a dot to the end of the hostname will fix things. (ie "ping myhost" fails, but "ping myhost." works. The solution is to make sure that all your hosts have a domain set ("domain" in resolv.conf, or set a domain in your DHCP server, see below for Windows XP and Mac OS X). Any domain will do, but "localnet" is traditional. Now when you resolve "myhost" the resolver will attempt to look up "myhost.localnet" so you need to have dnsmasq reply to that name. The way to do that is to include the domain in each name on /etc/hosts and/or to use the --expand-hosts and --domain options. Q: How do I set the DNS domain in Windows XP or MacOS X (ref: previous question)? A: for XP, Control Panel > Network Connections > { Connection to gateway / DNS } > Properties > { Highlight TCP/IP } > Properties > Advanced > DNS Tab > DNS suffix for this connection: A: for OS X, System Preferences > Network > {Connection to gateway / DNS } > Search domains: Q: Can I get dnsmasq to save the contents of its cache to disk when I shut my machine down and re-load when it starts again? A: No, that facility is not provided. Very few names in the DNS have their time-to-live set for longer than a few hours so most of the cache entries would have expired after a shutdown. For longer-lived names it's much cheaper to just reload them from the upstream server. Note that dnsmasq is not shut down between PPP sessions so go off-line and then on-line again will not lose the contents of the cache. Q: Who are Verisign, what do they have to do with the bogus-nxdomain option in dnsmasq and why should I wory about it? A: [note: this was written in September 2003, things may well change.] Verisign run the .com and .net top-level-domains. They have just changed the configuration of their servers so that unknown .com and .net domains, instead of returning an error code NXDOMAIN, (no such domain) return the address of a host at Verisign which runs a web server showing a search page. Most right-thinking people regard this new behaviour as broken :-). You can test to see if you are suffering Verisign brokenness by run a command like host jlsdajkdalld.com If you get "jlsdajkdalld.com" does not exist, then all is fine, if host returns an IP address, then the DNS is broken. (Try a few different unlikely domains, just in case you picked a weird one which really _is_ registered.) Assuming that your DNS is broken, and you want to fix it, simply note the IP address being returned and pass it to dnsmasq using the --bogus-nxdomain flag. Dnsmasq will check for results returning that address and substitute an NXDOMAIN instead. As of writing, the IP address in question for the .com and .net domains is is 64.94.110.11. Various other, less prominent, registries pull the same stunt; there is a list of them all, and the addresses to block, at http://winware.org/bogus-domains.txt Q: This new DHCP server is well and good, but it doesn't work for me. What's the problem? A: There are a couple of configuration gotchas which have been encountered by people moving from the ISC dhcpd to the dnsmasq integrated DHCP daemon. Both are related to differences in in the way the two daemons bypass the IP stack to do "ground up" IP configuration and can lead to the dnsmasq daemon failing whilst the ISC one works. The first thing to check is the broadcast address set for the ethernet interface. This is normally the address on the connected network with all ones in the host part. For instance if the address of the ethernet interface is 192.168.55.7 and the netmask is 255.255.255.0 then the broadcast address should be 192.168.55.255. Having a broadcast address which is not on the network to which the interface is connected kills things stone dead. The second potential problem relates to firewall rules: since the ISC daemon in some configurations bypasses the kernel firewall rules entirely, the ability to run the ISC daemon does not indicate that the current configuration is OK for the dnsmasq daemon. For the dnsmasq daemon to operate it's vital that UDP packets to and from ports 67 and 68 and broadcast packets with source address 0.0.0.0 and destination address 255.255.255.255 are not dropped by iptables/ipchains. Q: I'm running Debian, and my machines get an address fine with DHCP, but their names are not appearing in the DNS. A: By default, none of the DHCP clients send the host-name when asking for a lease. For most of the clients, you can set the host-name to send with the "hostname" keyword in /etc/network/interfaces. (See "man interfaces" for details.) That doesn't work for dhclient, were you have to add something like "send host-name daisy" to /etc/dhclient.conf [Update: the latest dhcpcd packages _do_ send the hostname by default. Q: I'm network booting my machines, and trying to give them static DHCP-assigned addresses. The machine gets its correct address whilst booting, but then the OS starts and it seems to get allocated a different address. A: What is happening is this: The boot process sends a DHCP request and gets allocated the static address corresponding to its MAC address. The boot loader does not send a client-id. Then the OS starts and repeats the DHCP process, but it it does send a client-id. Dnsmasq cannot assume that the two requests are from the same machine (since the client ID's don't match) and even though the MAC address has a static allocation, that address is still in use by the first incarnation of the machine (the one from the boot, without a client ID.) dnsmasq therefore has to give the machine a dynamic address from its pool. There are three ways to solve this: (1) persuade your DHCP client not to send a client ID, or (2) set up the static assignment to the client ID, not the MAC address. The default client-id will be 01:, so change the dhcp-host line from "dhcp-host=11:22:33:44:55:66,1.2.3.4" to "dhcp-host=id:01:11:22:33:44:55:66,1.2.3.4" or (3) tell dnsmasq to ignore client IDs for a particular MAC address, like this: dhcp-host=11:22:33:44:55:66,id:* Q: What network types are supported by the DHCP server? A: Ethernet (and 802.11 wireless) are supported on all platforms. On Linux all network types (including FireWire) are supported. Q: What are these strange "bind-interface" and "bind-dynamic" options? A: Dnsmasq from v2.63 can operate in one of three different "networking modes". This is unfortunate as it requires users configuring dnsmasq to take into account some rather bizarre constraints and select the mode which best fits the requirements of a particular installation. The origin of these are deficiencies in the Unix networking model and APIs and each mode has different advantages and problems. Just to add to the confusion, not all modes are available on all platforms (due the to lack of supporting network APIs).To further add to the confusion, the rules for the DHCP subsystem on dnsmasq are different to the rules for the DNS and TFTP subsystems. The three modes are "wildcard", "bind-interfaces" and "bind-dynamic". In "wildcard" mode, dnsmasq binds the wildcard IP address (0.0.0.0 or ::). This allows it to receive all the packets sent to the server on the relevant port. Access control (--interface, --except-interface, --listen-address, etc) is implemented by dnsmasq: it queries the kernel to determine the interface on which a packet was received and the address to which it was sent, and applies the configured rules. Wildcard mode is the default if neither of the other modes are specified. In "bind-interfaces" mode, dnsmasq runs through all the network interfaces available when it starts, finds the set of IP addresses on those interfaces, filters that set using the access control configuration, and then binds the set of IP addresses. Only packets sent to the allowed addresses are delivered by the kernel to dnsmasq. In "bind-dynamic" mode, access control filtering is done both by binding individual IP addresses, as for bind-interfaces, and by inspecting individual packets on arrival as for wildcard mode. In addition, dnsmasq notices when new interfaces appear or new addresses appear on existing interfaces, and the resulting IP addresses are bound automatically without having to restart dnsmasq. The mode chosen has four different effects: co-existence with other servers, semantics of --interface access control, effect of new interfaces, and legality of --interface specifications for non-existent interfaces. We will deal with these in order. A dnsmasq instance running in wildcard mode precludes a machine from running a second instance of dnsmasq or any other DNS, TFTP or DHCP server. Attempts to do so will fail with an "address in use" error. Dnsmasq running in --bind-interfaces or bind-dynamic mode allow other instances of dnsmasq or other servers, as long as no two servers are configured to listen on the same interface address. The semantics of --interface varies subtly between wildcard or bind-dynamic mode and bind-interfaces mode. The situation where this matters is a request which arrives via one interface (A), but with a destination address of a second interface (B) and when dnsmasq is configured to listen only on B. In wildcard or bind-dynamic mode, such a request will be ignored, in bind-interfaces mode, it will be accepted. The creation of new network interfaces after dnsmasq starts is ignored by dnsmasq when in --bind-interfaces mode. In wildcard or bind-dynamic mode, such interfaces are handled normally. An --interface specification for a non-existent interface is a fatal error at start-up when in --bind-interfaces mode, by just generates a warning in wildcard or bind-dynamic mode. Q: Why doesn't Kerberos work/why can't I get sensible answers to queries for SRV records. A: Probably because you have the "filterwin2k" option set. Note that it was on by default in example configuration files included in versions before 2.12, so you might have it set on without realising. Q: Can I get email notification when a new version of dnsmasq is released? A: Yes, new releases of dnsmasq are always announced through freshmeat.net, and they allow you to subscribe to email alerts when new versions of particular projects are released. New releases are also announced in the dnsmasq-discuss mailing list, subscribe at http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss Q: What does the dhcp-authoritative option do? A: The DHCP spec says that when a DHCP server receives a renewal request from a client it has no knowledge of, it should just ignore it. This is because it's supported to have more than one DHCP server on a network, and another DHCP server may be dealing with the client. This has the unfortunate effect that when _no_ DHCP replies to the client, it takes some time for the client to time-out and start to get a new lease. Setting this option makes dnsmasq violate the standard to the extent that it will send a NAK reply to the client, causing it to immediately start to get a new lease. This improves behaviour when machines move networks, and in the case that the DHCP lease database is lost. As long as there are not more tha one DHCP server on the network, it's safe to enable the option. Q: Why does my Gentoo box pause for a minute before getting a new lease? A: Because when a Gentoo box shuts down, it releases its lease with the server but remembers it on the client; this seems to be a Gentoo-specific patch to dhcpcd. On restart it tries to renew a lease which is long gone, as far as dnsmasq is concerned, and dnsmasq ignores it until is times out and restarts the process. To fix this, set the dhcp-authoritative flag in dnsmasq. Q: My laptop has two network interfaces, a wired one and a wireless one. I never use both interfaces at the same time, and I'd like the same IP and configuration to be used irrespective of which interface is in use. How can I do that? A: By default, the identity of a machine is determined by using the MAC address, which is associated with interface hardware. Once an IP is bound to the MAC address of one interface, it cannot be associated with another MAC address until after the DHCP lease expires. The solution to this is to use a client-id as the machine identity rather than the MAC address. If you arrange for the same client-id to sent when either interface is in use, the DHCP server will recognise the same machine, and use the same address. The method for setting the client-id varies with DHCP client software, dhcpcd uses the "-I" flag. Windows uses a registry setting, see http://www.jsiinc.com/SUBF/TIP2800/rh2845.htm Addendum: From version 2.46, dnsmasq has a solution to this which doesn't involve setting client-IDs. It's possible to put more than one MAC address in a --dhcp-host configuration. This tells dnsmasq that it should use the specified IP for any of the specified MAC addresses, and furthermore it gives dnsmasq permission to summarily abandon a lease to one of the MAC addresses if another one comes along. Note that this will work fine only as longer as only one interface is up at any time. There is no way for dnsmasq to enforce this constraint: if you configure multiple MAC addresses and violate this rule, bad things will happen. Addendum-II: The link above is dead, the former contents of the link are: ------------------------------------------------------------------------------ How can I keep the same DHCP client reservation, if the MAC address changes? When you reserve an IP address for a DHCP client, you provide the MAC address of the client's NIC. It is possible to use a custom identifier, which is sent as option 61 in the client's DHCP Discover and Request packet. The DhcpClientIdentifier is a REG_DWORD value that is located at: Windows NT 4.0 SP2+ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\'X'\Parameters\Tcpip where is the NIC driver name and 'X' is the number of the NIC. Windows 2000 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TcpIp\Parameters\Interfaces\ where is the GUID of the NIC. The valid range of data is 0x0 - 0xFFFFFFFF. The custom identifier is send as 4 bytes, 8 hexadecimal character, in groups of 2 hexadecimal characters, with the groups being sent in reverse order. If the custom identifier is less than 8 hexadeciaml characters, it is zero padded at the end. Examples: Custom Client Client Reservation Identifier on DHCP Server 12345678 78563412 123456 56341200 1234 34120000 1234567 67452301 12345 45230100 123 23010000 A18F42 428FA100 CF432 32F40C00 C32D1BE BED1320C ------------------------------------------------------------------------------------------------------- Q: Can dnsmasq do DHCP on IP-alias interfaces? A: Yes, from version-2.21. The support is only available running under Linux, on a kernel which provides the RT-netlink facility. All 2.4 and 2.6 kernels provide RT-netlink and it's an option in 2.2 kernels. If a physical interface has more than one IP address or aliases with extra IP addresses, then any dhcp-ranges corresponding to these addresses can be used for address allocation. So if an interface has addresses 192.168.1.0/24 and 192.168.2.0/24 and there are DHCP ranges 192.168.1.100-192.168.1.200 and 192.168.2.100-192.168.2.200 then both ranges would be used for host connected to the physical interface. A more typical use might be to have one of the address-ranges as static-only, and have known hosts allocated addresses on that subnet using dhcp-host options, while anonymous hosts go on the other. Q: Dnsmasq sometimes logs "nameserver xxx.xxx.xxx.xxx refused to do a recursive query" and DNS stops working. What's going on? A: Probably the nameserver is an authoritative nameserver for a particular domain, but is not configured to answer general DNS queries for an arbitrary domain. It is not suitable for use by dnsmasq as an upstream server and should be removed from the configuration. Note that if you have more than one upstream nameserver configured dnsmasq will load-balance across them and it may be some time before dnsmasq gets around to using a particular nameserver. This means that a particular configuration may work for sometime with a broken upstream nameserver configuration. Q: Does the dnsmasq DHCP server probe addresses before allocating them, as recommended in RFC2131? A: Yes, dynamically allocated IP addresses are checked by sending an ICMP echo request (ping). If a reply is received, then dnsmasq assumes that the address is in use, and attempts to allocate an different address. The wait for a reply is between two and three seconds. Because the DHCP server is not re-entrant, it cannot serve other DHCP requests during this time. To avoid dropping requests, the address probe may be skipped when dnsmasq is under heavy load. Q: I'm using dnsmasq on a machine with the Firestarter firewall, and DHCP doesn't work. What's the problem? A: This a variant on the iptables problem. Explicit details on how to proceed can be found at http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2005q3/000431.html Q: I'm using dnsmasq on a machine with the shorewall firewall, and DHCP doesn't work. What's the problem? A: This a variant on the iptables problem. Explicit details on how to proceed can be found at http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2007q4/001764.html Q: Dnsmasq fails to start up with a message about capabilities. Why did that happen and what can do to fix it? A: Change your kernel configuration: either deselect CONFIG_SECURITY _or_ select CONFIG_SECURITY_CAPABILITIES. Alternatively, you can remove the need to set capabilities by running dnsmasq as root. Q: Where can I get .rpms Suitable for openSUSE/SLES? A: Dnsmasq is in openSUSE itself, and the latest releases are also available at http://download.opensuse.org/repositories/network/ Q: Can I run dnsmasq in a Linux vserver? A: Yes, as a DNS server, dnsmasq will just work in a vserver. To use dnsmasq's DHCP function you need to give the vserver extra system capabilities. Please note that doing so will lesser the overall security of your system. The capabilities required are NET_ADMIN and NET_RAW. NET_ADMIN is essential, NET_RAW is required to do an ICMP "ping" check on newly allocated addresses. If you don't need this check, you can disable it with --no-ping and omit the NET_RAW capability. Adding the capabilities is done by adding them, one per line, to either /etc/vservers//ccapabilities for a 2.4 kernel or /etc/vservers//bcapabilities for a 2.6 kernel (please refer to the vserver documentation for more information). Q: What's the problem with syslog and dnsmasq? A: In almost all cases: none. If you have the normal arrangement with local daemons logging to a local syslog, which then writes to disk, then there's never a problem. If you use network logging, then there's a potential problem with deadlock: the syslog daemon will do DNS lookups so that it can log the source of log messages, these lookups will (depending on exact configuration) go through dnsmasq, which also sends log messages. With bad timing, you can arrive at a situation where syslog is waiting for dnsmasq, and dnsmasq is waiting for syslog; they will both wait forever. This problem is fixed from dnsmasq-2.39, which introduces asynchronous logging: dnsmasq no longer waits for syslog and the deadlock is broken. There is a remaining problem in 2.39, where "log-queries" is in use. In this case most DNS queries generate two log lines, if these go to a syslog which is doing a DNS lookup for each log line, then those queries will in turn generate two more log lines, and a chain reaction runaway will occur. To avoid this, use syslog-ng and turn on syslog-ng's dns-cache function. Q: DHCP doesn't work with windows Vista, but everything else is fine. A: The DHCP client on windows Vista (and possibly later versions) demands that the DHCP server send replies as broadcasts. Most other clients don't do this. The broadcasts are send to 255.255.255.255. A badly configured firewall which blocks such packets will show exactly these symptoms (Vista fails, others work). Q: DHCP doesn't work with windows 7 but everything else is fine. A: There seems to be a problem if Windows 7 doesn't get a value for DHCP option 252 in DHCP packets it gets from the server. The symptoms have been variously reported as continual DHCPINFORM requests in an attempt to get an option-252, or even ignoring DHCP offers completely (and failing to get an IP address) if there is no option-252 supplied. DHCP option 252 is for WPAD, WWW Proxy Auto Detection and if you don't want or need to use that, then simplest fix seems to be to supply an empty option with: dhcp-option=252,"\n" dnsmasq-2.80.orig/Makefile0000664000000000000000000001531213350032235012376 0ustar # dnsmasq is Copyright (c) 2000-2016 Simon Kelley # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; version 2 dated June, 1991, or # (at your option) version 3 dated 29 June, 2007. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # NOTE: Building the i18n targets requires GNU-make # Variables you may well want to override. PREFIX = /usr/local BINDIR = $(PREFIX)/sbin MANDIR = $(PREFIX)/share/man LOCALEDIR = $(PREFIX)/share/locale BUILDDIR = $(SRC) DESTDIR = CFLAGS = -Wall -W -O2 LDFLAGS = COPTS = RPM_OPT_FLAGS = LIBS = ################################################################# # Variables you might want to override. PKG_CONFIG = pkg-config INSTALL = install MSGMERGE = msgmerge MSGFMT = msgfmt XGETTEXT = xgettext SRC = src PO = po MAN = man ################################################################# # pmake way. (NB no spaces to keep gmake 3.82 happy) top!=pwd # GNU make way. top?=$(CURDIR) dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1` dbus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS $(PKG_CONFIG) --copy -lubox -lubus` idn_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn` idn_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn` idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --cflags libidn2` idn2_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --libs libidn2` ct_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack` ct_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack` lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.2` lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.2` nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed` nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed` gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp` sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi` version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"' sum?=$(shell $(CC) -DDNSMASQ_COMPILE_OPTS $(COPTS) -E $(top)/$(SRC)/dnsmasq.h | ( md5sum 2>/dev/null || md5 ) | cut -f 1 -d ' ') sum!=$(CC) -DDNSMASQ_COMPILE_OPTS $(COPTS) -E $(top)/$(SRC)/dnsmasq.h | ( md5sum 2>/dev/null || md5 ) | cut -f 1 -d ' ' copts_conf = .copts_$(sum) objs = cache.o rfc1035.o util.o option.o forward.o network.o \ dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \ helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \ dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \ domain.o dnssec.o blockdata.o tables.o loop.o inotify.o \ poll.o rrfilter.o edns0.o arp.o crypto.o dump.o ubus.o metrics.o hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \ dns-protocol.h radv-protocol.h ip6addr.h metrics.h all : $(BUILDDIR) @cd $(BUILDDIR) && $(MAKE) \ top="$(top)" \ build_cflags="$(version) $(dbus_cflags) $(idn2_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags) $(nettle_cflags)" \ build_libs="$(dbus_libs) $(idn2_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs) $(ubus_libs)" \ -f $(top)/Makefile dnsmasq mostly_clean : rm -f $(BUILDDIR)/*.mo $(BUILDDIR)/*.pot rm -f $(BUILDDIR)/.copts_* $(BUILDDIR)/*.o $(BUILDDIR)/dnsmasq.a $(BUILDDIR)/dnsmasq clean : mostly_clean rm -f $(BUILDDIR)/dnsmasq_baseline rm -f core */core rm -f *~ contrib/*/*~ */*~ install : all install-common install-common : $(INSTALL) -d $(DESTDIR)$(BINDIR) $(INSTALL) -d $(DESTDIR)$(MANDIR)/man8 $(INSTALL) -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 $(INSTALL) -m 755 $(BUILDDIR)/dnsmasq $(DESTDIR)$(BINDIR) all-i18n : $(BUILDDIR) @cd $(BUILDDIR) && $(MAKE) \ top="$(top)" \ i18n=-DLOCALEDIR=\'\"$(LOCALEDIR)\"\' \ build_cflags="$(version) $(dbus_cflags) $(idn2_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags) $(nettle_cflags)" \ build_libs="$(dbus_libs) $(idn2_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs)" \ -f $(top)/Makefile dnsmasq for f in `cd $(PO); echo *.po`; do \ cd $(top) && cd $(BUILDDIR) && $(MAKE) top="$(top)" -f $(top)/Makefile $${f%.po}.mo; \ done install-i18n : all-i18n install-common cd $(BUILDDIR); $(top)/bld/install-mo $(DESTDIR)$(LOCALEDIR) $(INSTALL) cd $(MAN); ../bld/install-man $(DESTDIR)$(MANDIR) $(INSTALL) merge : @cd $(BUILDDIR) && $(MAKE) top="$(top)" -f $(top)/Makefile dnsmasq.pot for f in `cd $(PO); echo *.po`; do \ echo -n msgmerge $(PO)/$$f && $(MSGMERGE) --no-wrap -U $(PO)/$$f $(BUILDDIR)/dnsmasq.pot; \ done # Canonicalise .po file. %.po : @cd $(BUILDDIR) && $(MAKE) -f $(top)/Makefile dnsmasq.pot mv $(PO)/$*.po $(PO)/$*.po.orig && $(MSGMERGE) --no-wrap $(PO)/$*.po.orig $(BUILDDIR)/dnsmasq.pot >$(PO)/$*.po; $(BUILDDIR): mkdir -p $(BUILDDIR) # rules below are helpers for size tracking baseline : mostly_clean all @cd $(BUILDDIR) && \ mv dnsmasq dnsmasq_baseline bloatcheck : $(BUILDDIR)/dnsmasq_baseline mostly_clean all @cd $(BUILDDIR) && \ $(top)/bld/bloat-o-meter dnsmasq_baseline dnsmasq; \ size dnsmasq_baseline dnsmasq # rules below are targets in recursive makes with cwd=$(BUILDDIR) $(copts_conf): $(hdrs) @rm -f *.o .copts_* @touch $@ $(objs:.o=.c) $(hdrs): ln -s $(top)/$(SRC)/$@ . $(objs): $(copts_conf) $(hdrs) .c.o: $(CC) $(CFLAGS) $(COPTS) $(i18n) $(build_cflags) $(RPM_OPT_FLAGS) -c $< dnsmasq : $(objs) $(CC) $(LDFLAGS) -o $@ $(objs) $(build_libs) $(LIBS) dnsmasq.pot : $(objs:.o=.c) $(hdrs) $(XGETTEXT) -d dnsmasq --foreign-user --omit-header --keyword=_ -o $@ -i $(objs:.o=.c) %.mo : $(top)/$(PO)/%.po dnsmasq.pot $(MSGMERGE) -o - $(top)/$(PO)/$*.po dnsmasq.pot | $(MSGFMT) -o $*.mo - .PHONY : all clean mostly_clean install install-common all-i18n install-i18n merge baseline bloatcheck dnsmasq-2.80.orig/VERSION0000664000000000000000000000003613350032235012003 0ustar (HEAD -> master, tag: v2.80) dnsmasq-2.80.orig/bld/0000775000000000000000000000000013350032235011475 5ustar dnsmasq-2.80.orig/bld/Android.mk0000664000000000000000000000146313350032235013412 0ustar LOCAL_PATH := external/dnsmasq/src ######################### include $(CLEAR_VARS) LOCAL_SRC_FILES := bpf.c cache.c dbus.c dhcp.c dnsmasq.c \ forward.c helper.c lease.c log.c \ netlink.c network.c option.c rfc1035.c \ rfc2131.c tftp.c util.c conntrack.c \ dhcp6.c rfc3315.c dhcp-common.c outpacket.c \ radv.c slaac.c auth.c ipset.c domain.c \ dnssec.c dnssec-openssl.c blockdata.c tables.c \ loop.c inotify.c poll.c rrfilter.c edns0.c arp.c \ crypto.c dump.c ubus.c LOCAL_MODULE := dnsmasq LOCAL_C_INCLUDES := external/dnsmasq/src LOCAL_CFLAGS := -O2 -g -W -Wall -D__ANDROID__ -DNO_IPV6 -DNO_TFTP -DNO_SCRIPT LOCAL_SYSTEM_SHARED_LIBRARIES := libc libcutils LOCAL_LDLIBS := -L$(SYSROOT)/usr/lib -llog include $(BUILD_EXECUTABLE) dnsmasq-2.80.orig/bld/bloat-o-meter0000775000000000000000000001022013350032235014065 0ustar #!/usr/bin/env python # # Copyright 2004 Matt Mackall # # Inspired by perl Bloat-O-Meter (c) 1997 by Andi Kleen # # This software may be used and distributed according to the terms # of the GNU General Public License, incorporated herein by reference. import sys, os#, re def usage(): sys.stderr.write("usage: %s [-t] file1 file2\n" % sys.argv[0]) sys.exit(-1) f1, f2 = (None, None) flag_timing, dashes = (False, False) for f in sys.argv[1:]: if f.startswith("-"): if f == "--": # sym_args dashes = True break if f == "-t": # timings flag_timing = True else: if not os.path.exists(f): sys.stderr.write("Error: file '%s' does not exist\n" % f) usage() if f1 is None: f1 = f elif f2 is None: f2 = f if flag_timing: import time if f1 is None or f2 is None: usage() sym_args = " ".join(sys.argv[3 + flag_timing + dashes:]) def getsizes(file): sym, alias, lut = {}, {}, {} for l in os.popen("readelf -W -s %s %s" % (sym_args, file)).readlines(): l = l.strip() if not (len(l) and l[0].isdigit() and len(l.split()) == 8): continue num, value, size, typ, bind, vis, ndx, name = l.split() if ndx == "UND": continue # skip undefined if typ in ["SECTION", "FILES"]: continue # skip sections and files if "." in name: name = "static." + name.split(".")[0] value = int(value, 16) size = int(size, 16) if size.startswith('0x') else int(size) if vis != "DEFAULT" and bind != "GLOBAL": # see if it is an alias alias[(value, size)] = {"name" : name} else: sym[name] = {"addr" : value, "size": size} lut[(value, size)] = 0 for addr, sz in iter(alias.keys()): # If the non-GLOBAL sym has an implementation elsewhere then # it's an alias, disregard it. if not (addr, sz) in lut: # If this non-GLOBAL sym does not have an implementation at # another address, then treat it as a normal symbol. sym[alias[(addr, sz)]["name"]] = {"addr" : addr, "size": sz} for l in os.popen("readelf -W -S " + file).readlines(): x = l.split() if len(x)<6: continue # Should take these into account too! #if x[1] not in [".text", ".rodata", ".symtab", ".strtab"]: continue if x[1] not in [".rodata"]: continue sym[x[1]] = {"addr" : int(x[3], 16), "size" : int(x[5], 16)} return sym if flag_timing: start_t1 = int(time.time() * 1e9) old = getsizes(f1) if flag_timing: end_t1 = int(time.time() * 1e9) start_t2 = int(time.time() * 1e9) new = getsizes(f2) if flag_timing: end_t2 = int(time.time() * 1e9) start_t3 = int(time.time() * 1e9) grow, shrink, add, remove, up, down = 0, 0, 0, 0, 0, 0 delta, common = [], {} for name in iter(old.keys()): if name in new: common[name] = 1 for name in old: if name not in common: remove += 1 sz = old[name]["size"] down += sz delta.append((-sz, name)) for name in new: if name not in common: add += 1 sz = new[name]["size"] up += sz delta.append((sz, name)) for name in common: d = new[name].get("size", 0) - old[name].get("size", 0) if d>0: grow, up = grow+1, up+d elif d<0: shrink, down = shrink+1, down-d else: continue delta.append((d, name)) delta.sort() delta.reverse() if flag_timing: end_t3 = int(time.time() * 1e9) print("%-48s %7s %7s %+7s" % ("function", "old", "new", "delta")) for d, n in delta: if d: old_sz = old.get(n, {}).get("size", "-") new_sz = new.get(n, {}).get("size", "-") print("%-48s %7s %7s %+7d" % (n, old_sz, new_sz, d)) print("-"*78) total="(add/remove: %s/%s grow/shrink: %s/%s up/down: %s/%s)%%sTotal: %s bytes"\ % (add, remove, grow, shrink, up, -down, up-down) print(total % (" "*(80-len(total)))) if flag_timing: print("\n%d/%d; %d Parse origin/new; processing nsecs" % (end_t1-start_t1, end_t2-start_t2, end_t3-start_t3)) print("total nsecs: %d" % (end_t3-start_t1)) dnsmasq-2.80.orig/bld/get-version0000775000000000000000000000232613350032235013670 0ustar #!/bin/sh # Determine the version string to build into a binary. # When building in the git repository, we can use the output # of "git describe" which gives an unequivocal answer. # # Failing that, we use the contents of the VERSION file # which has a set of references substituted into it by git. # If we can find one which matches $v[0-9].* then we assume it's # a version-number tag, else we just use the whole string. # If there is more than one v[0-9].* tag, sort them and use the # first. This favours, eg v2.63 over 2.63rc6. # Change directory to the toplevel source directory. if test -z "$1" || ! test -d "$1" || ! cd "$1"; then echo "$0: First argument $1 must be toplevel dir." >&2 exit 1 fi if which git >/dev/null 2>&1 && \ ([ -d .git ] || grep '^gitdir:' .git >/dev/null 2>&1) && \ git describe >/dev/null 2>&1; then git describe | sed 's/^v//' elif grep '\$Format:%d\$' $1/VERSION >/dev/null 2>&1; then # unsubstituted VERSION, but no git available. echo UNKNOWN else vers=`cat $1/VERSION | sed 's/[(), ]/,/ g' | tr ',' '\n' | grep ^v[0-9]` if [ $? -eq 0 ]; then echo "${vers}" | sort -r | head -n 1 | sed 's/^v//' else cat $1/VERSION fi fi exit 0 dnsmasq-2.80.orig/bld/install-man0000775000000000000000000000024513350032235013643 0ustar #!/bin/sh for f in *; do if [ -d $f ]; then $2 -m 755 -d $1/$f/man8 $2 -m 644 $f/dnsmasq.8 $1/$f/man8 echo installing $f/man8/dnsmasq.8 fi done dnsmasq-2.80.orig/bld/install-mo0000775000000000000000000000025713350032235013506 0ustar #!/bin/sh for f in *.mo; do $2 -m 755 -d $1/${f%.mo}/LC_MESSAGES $2 -m 644 $f $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo echo installing ${f%.mo}/LC_MESSAGES/dnsmasq.mo done dnsmasq-2.80.orig/bld/pkg-wrapper0000775000000000000000000000176013350032235013666 0ustar #!/bin/sh search=$1 shift pkg=$1 shift op=$1 shift in=`cat` if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \ echo $in | grep $search >/dev/null 2>&1; then # Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP if [ $op = "--copy" ]; then if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \ echo $in | grep $pkg >/dev/null 2>&1; then pkg="" else pkg="$*" fi elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ echo $in | grep ${search}_STATIC >/dev/null 2>&1; then pkg=`$pkg --static $op $*` else pkg=`$pkg $op $*` fi if grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \ echo $in | grep ${search}_STATIC >/dev/null 2>&1; then if [ $op = "--libs" ] || [ $op = "--copy" ]; then echo "-Wl,-Bstatic $pkg -Wl,-Bdynamic" else echo "$pkg" fi else echo "$pkg" fi fi dnsmasq-2.80.orig/contrib/0000775000000000000000000000000013350032235012374 5ustar dnsmasq-2.80.orig/contrib/CPE-WAN/0000775000000000000000000000000013350032235013426 5ustar dnsmasq-2.80.orig/contrib/CPE-WAN/README0000664000000000000000000000316313350032235014311 0ustar Dnsmasq from version 2.52 has a couple of rather application-specific features designed to allow for implementation of the DHCP part of CPE WAN management protocol. http://www.broadband-forum.org/technical/download/TR-069_Amendment-2.pdf http://en.wikipedia.org/wiki/TR-069 The relevant sections are F.2.1 "Gateway Requirements" and F.2.5 "DHCP Vendor Options". First, dnsmasq checks for DHCP requests which contain an option-125 vendor-class option which in turn holds a vendor section for IANA enterprise number 3561 which contains sub-options codes 1 and 2. If this is present then the network-tag "cpewan-id" is set. This allows dnsmasq to be configured to reply with the correct GatewayManufacturerOUI, GatewaySerialNumber and GatewayProductClass like this: dhcp-option=cpewan-id,vi-encap:3561,4,"" dhcp-option=cpewan-id,vi-encap:3561,5,"" dhcp-option=cpewan-id,vi-encap:3561,6,"" Second, the received sub-options 1, 2, and 3 are passed to the DHCP lease-change script as the environment variables DNSMASQ_CPEWAN_OUI, DNSMASQ_CPEWAN_SERIAL, and DNSMASQ_CPEWAN_CLASS respectively. This allows the script to be used to maintain a ManageableDevice table as specified in F.2.1. Note that this data is not retained in dnsmasq's internal DHCP lease database, so it is not available on every call to the script (this is the same as some other data such as vendor and user classes). It will however be available for at least the "add" call, and should be stored then against the IP address as primary key for future use. This feature was added to dnsmasq under sponsorship from Ericsson. dnsmasq-2.80.orig/contrib/MacOSX-launchd/0000775000000000000000000000000013350032235015102 5ustar dnsmasq-2.80.orig/contrib/MacOSX-launchd/launchd-README.txt0000664000000000000000000000344213350032235020217 0ustar This is a launchd item for Mac OS X and Mac OS X Server. For more information about launchd, the "System wide and per-user daemon/agent manager", see the launchd man page, or the wikipedia page: http://en.wikipedia.org/wiki/Launchd This launchd item uses the following flags: --keep-in-foreground - this is crucial for use with launchd --log-queries - this is optional and you can remove it --log-facility=/var/log/dnsmasq.log - again optional instead of system.log To use this launchd item for dnsmasq: If you don't already have a folder /Library/LaunchDaemons, then create one: sudo mkdir /Library/LaunchDaemons sudo chown root:admin /Library/LaunchDaemons sudo chmod 775 /Library/LaunchDaemons Copy uk.org.thekelleys.dnsmasq.plist there and then set ownership/permissions: sudo cp uk.org.thekelleys.dnsmasq.plist /Library/LaunchDaemons/ sudo chown root:admin /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist sudo chmod 644 /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist Optionally, edit your dnsmasq configuration file to your liking. To start the launchd job, which starts dnsmasq, reboot or use the command: sudo launchctl load /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist To stop the launchd job, which stops dnsmasq, use the command: sudo launchctl unload /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist If you want to permanently stop the launchd job, so it doesn't start the job even after a reboot, use the following command: sudo launchctl unload -w /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist If you make a change to the configuration file, you should relaunch dnsmasq; to do this unload and then load again: sudo launchctl unload /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist sudo launchctl load /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist dnsmasq-2.80.orig/contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist0000664000000000000000000000063413350032235023204 0ustar Label uk.org.thekelleys.dnsmasq ProgramArguments /usr/local/sbin/dnsmasq --keep-in-foreground RunAtLoad dnsmasq-2.80.orig/contrib/Solaris10/0000775000000000000000000000000013350032235014151 5ustar dnsmasq-2.80.orig/contrib/Solaris10/README0000664000000000000000000000201013350032235015022 0ustar From: David Connelly Date: Mon, Apr 7, 2008 at 3:31 AM Subject: Solaris 10 service manifest To: dnsmasq-discuss@lists.thekelleys.org.uk I've found dnsmasq much easier to set up on my home server running Solaris 10 than the stock dhcp/dns server, which is probably overkill anyway for my simple home network needs. Since Solaris now uses SMF (Service Management Facility) to manage services I thought I'd create a simple service manifest for the dnsmasq service. The manifest currently assumes that dnsmasq has been installed in '/usr/local/sbin/dnsmasq' and the configuration file in '/usr/local/etc/dnsmasq.conf', so you may have to adjust these paths for your local installation. Here are the steps I followed to install and enable the dnsmasq service: # svccfg import dnsmasq.xml # svcadm enable dnsmasq To confirm that the service is enabled and online: # svcs -l dnsmasq I've just started learning about SMF so if anyone has any corrections/feedback they are more than welcome. Thanks, David dnsmasq-2.80.orig/contrib/Solaris10/README-sparc0000664000000000000000000000047713350032235016147 0ustar Hi Simon, I just wanted to let you know that I have built a Solaris .pkg install package of your dnsmasq utility for people to use. Feel free to point them in my direction if you have people who want this sort of thing. http://ejesconsulting.wordpress.com/2010/05/12/gnu-dnsmasq-for-opensolaris-sparc/ Thanks -evan dnsmasq-2.80.orig/contrib/Solaris10/README.create_package0000664000000000000000000000211613350032235017746 0ustar Ok, script attached ... seems to be working ok for me, tried to install and remove a few times. It does the right thing with the smf when installing, you can then simply enable the service. Upon removal it cleans up the files but won't clean up the services (I think until a reboot) ... I've only started looking at the new packages stuff in the last day or two, so I could be missing something, but I can't find any way to force a proper cleanup. It requires that you have a writable repository setup as per the docs on the opensolaris website and it will create a dnsmasq package (package name is a variable in the script). The script takes a version number for the package and assumes that it's in the contrib/Solaris10 directory, it then works out the base tree directory from $0. i.e. $ contrib/Solaris10/create_package 2.52-1 or $ cd contrib/Solaris10; ./create_package 2.52-1 It's a bit more complex than it could be because I prefer putting the daemon in /usr/sbin and the config in /etc, so the script will actually create a new version of the existing contrib dnsmasq.xml. dnsmasq-2.80.orig/contrib/Solaris10/create_package0000664000000000000000000000502513350032235017014 0ustar #!/bin/sh # # For our package, and for the SMF script, we need to define where we # want things to go... # BIN_DIR="/usr/sbin" CONF_DIR="/etc" MAN_DIR="/usr/share/man/man8" PACKAGE_NAME="dnsmasq" # # Since we know we are in the contrib directory we can work out where # the rest of the tree is... # BASEDIR="`dirname $0`/../.." # # We need a version number to use for the package creation... # if [ $# != 1 ]; then echo "Usage: $0 " >&2 exit 1 fi VERSION="$1" # # First thing we do is fix-up the smf file to use the paths we prefer... # if [ ! -f "${BASEDIR}/contrib/Solaris10/dnsmasq.xml" ]; then echo "$0: unable to find contrib/Solaris10/dnsmasq.xml" >&2 exit 1 fi echo "Fixing up smf file ... \c" cat "${BASEDIR}/contrib/Solaris10/dnsmasq.xml" | \ sed -e "s%/usr/local/etc%${CONF_DIR}%" \ -e "s%/usr/local/sbin%${BIN_DIR}%" \ -e "s%/usr/local/man%${MAN_DIR}%" > ${BASEDIR}/contrib/Solaris10/dnsmasq-pkg.xml echo "done." echo "Creating packaging file ... \c" cat <${BASEDIR}/contrib/Solaris10/dnsmasq_package.inc # # header # set name=pkg.name value="dnsmasq" set name=pkg.description value="dnsmasq daemon - dns, dhcp, tftp etc" set name=pkg.detailed_url value="http://www.thekelleys.org.uk/dnsmasq/doc.html" set name=info.maintainer value="TBD (tbd@tbd.com)" set name=info.upstream value="dnsmasq-discuss@lists.thekelleys.org.uk" set name=info.upstream_url value="http://www.thekelleys.org.uk/dnsmasq/doc.html" # # dependencies ... none? # # # directories # dir mode=0755 owner=root group=bin path=${BIN_DIR}/ dir mode=0755 owner=root group=sys path=${CONF_DIR}/ dir mode=0755 owner=root group=sys path=${MAN_DIR}/ dir mode=0755 owner=root group=sys path=/var/ dir mode=0755 owner=root group=sys path=/var/svc dir mode=0755 owner=root group=sys path=/var/svc/manifest dir mode=0755 owner=root group=sys path=/var/svc/manifest/network # # files # file ${BASEDIR}/src/dnsmasq mode=0555 owner=root group=bin path=${BIN_DIR}/dnsmasq file ${BASEDIR}/man/dnsmasq.8 mode=0555 owner=root group=bin path=${MAN_DIR}/dnsmasq.8 file ${BASEDIR}/dnsmasq.conf.example mode=0644 owner=root group=sys path=${CONF_DIR}/dnsmasq.conf preserve=strawberry file ${BASEDIR}/contrib/Solaris10/dnsmasq-pkg.xml mode=0644 owner=root group=sys path=/var/svc/manifest/network/dnsmasq.xml restart_fmri=svc:/system/manifest-import:default EOF echo "done." echo "Creating package..." eval `pkgsend open ${PACKAGE_NAME}@${VERSION}` pkgsend include ${BASEDIR}/contrib/Solaris10/dnsmasq_package.inc if [ "$?" = 0 ]; then pkgsend close else echo "Errors" fi dnsmasq-2.80.orig/contrib/Solaris10/dnsmasq.xml0000664000000000000000000000357013350032235016346 0ustar dnsmasq-2.80.orig/contrib/Suse/0000775000000000000000000000000013350032235013313 5ustar dnsmasq-2.80.orig/contrib/Suse/README0000664000000000000000000000026213350032235014173 0ustar This packaging is now unmaintained in the dnsmasq source: dnsmasq is included in Suse proper, and up-to-date packages are now available from ftp://ftp.suse.com/pub/people/ug/ dnsmasq-2.80.orig/contrib/Suse/README.susefirewall0000664000000000000000000000321613350032235016701 0ustar This is a patch against SuSEfirewall2-3.1-206 (SuSE 9.x and older) It fixes the dependency from the dns daemon name 'named' After appending the patch, the SuSEfirewall is again able to autodetect the dnsmasq named service. This is a very old bug in the SuSEfirewall script. The SuSE people think the name of the dns server will always 'named' --- /sbin/SuSEfirewall2.orig 2004-01-23 13:30:09.000000000 +0100 +++ /sbin/SuSEfirewall2 2004-01-23 13:31:56.000000000 +0100 @@ -764,7 +764,7 @@ echo 'FW_ALLOW_INCOMING_HIGHPORTS_UDP should be set to yes, if you are running a DNS server!' test "$FW_SERVICE_AUTODETECT" = yes -o "$FW_SERVICE_AUTODETECT" = dmz -o "$FW_SERVICE_AUTODETECT" = ext && { - test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv named && { + test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv dnsmasq && { echo -e 'Warning: detected activated named, enabling FW_SERVICE_DNS! You still have to allow tcp/udp port 53 on internal, dmz and/or external.' FW_SERVICE_DNS=$FW_SERVICE_AUTODETECT @@ -878,7 +878,7 @@ test -e /etc/resolv.conf || echo "Warning: /etc/resolv.conf not found" # Get ports/IP bindings of NAMED/SQUID test "$FW_SERVICE_DNS" = yes -o "$FW_SERVICE_DNS" = dmz -o "$FW_SERVICE_DNS" = ext -o "$START_NAMED" = yes && DNS_PORT=`$LSOF -i -n -P | \ - $AWK -F: '/^named .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un` + $AWK -F: '/^dnsmasq .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un` test "$FW_SERVICE_SQUID" = yes -o "$FW_SERVICE_SQUID" = dmz -o "$FW_SERVICE_SQUID" = ext -o "$START_SQUID" = yes && SQUID_PORT=`$LSOF -i -n -P | \ $AWK -F: '/^squid .* UDP/ {print $2}'| $SORT -un` dnsmasq-2.80.orig/contrib/Suse/dnsmasq-SuSE.patch0000664000000000000000000000134713350032235016624 0ustar --- man/dnsmasq.8 2004-08-08 20:57:56.000000000 +0200 +++ man/dnsmasq.8 2004-08-12 00:40:01.000000000 +0200 @@ -69,7 +69,7 @@ .TP .B \-g, --group= Specify the group which dnsmasq will run -as. The defaults to "dip", if available, to facilitate access to +as. The defaults to "dialout", if available, to facilitate access to /etc/ppp/resolv.conf which is not normally world readable. .TP .B \-v, --version --- src/config.h 2004-08-11 11:39:18.000000000 +0200 +++ src/config.h 2004-08-12 00:40:01.000000000 +0200 @@ -44,7 +44,7 @@ #endif #define DEFLEASE 3600 /* default lease time, 1 hour */ #define CHUSER "nobody" -#define CHGRP "dip" +#define CHGRP "dialout" #define DHCP_SERVER_PORT 67 #define DHCP_CLIENT_PORT 68 dnsmasq-2.80.orig/contrib/Suse/dnsmasq-suse.spec0000664000000000000000000000636213350032235016621 0ustar ############################################################################### # # General # ############################################################################### Name: dnsmasq Version: 2.33 Release: 1 Copyright: GPL Group: Productivity/Networking/DNS/Servers Vendor: Simon Kelley Packager: Simon Kelley URL: http://www.thekelleys.org.uk/dnsmasq Provides: dns_daemon Conflicts: bind bind8 bind9 PreReq: %fillup_prereq %insserv_prereq Autoreqprov: on Source0: %{name}-%{version}.tar.bz2 BuildRoot: /var/tmp/%{name}-%{version} Summary: A lightweight caching nameserver %description Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines. ############################################################################### # # Build # ############################################################################### %prep %setup -q patch -p0 intr = safe_string_alloc(comma); break; } + + case LOPT_LOC: + { + struct loc_record *new; + unsigned char *p, *q; + + comma = split(arg); + + if (!canonicalise_opt(arg)) + { + option = '?'; + problem = _("bad LOC record"); + break; + } + + new = safe_malloc(sizeof(struct loc_record)); + new->next = daemon->loc; + daemon->loc = new; + new->class = C_IN; + if (!comma || loc_aton(comma,new->loc)!=16) + { + option = '?'; + problem = _("bad LOC record"); + break; + } + + if (comma) + *comma = 0; + new->name = safe_string_alloc(arg); + break; + } case LOPT_PTR: /* --ptr-record */ { diff -Nur dnsmasq-2.39-orig/src/rfc1035.c dnsmasq-2.39/src/rfc1035.c --- dnsmasq-2.39-orig/src/rfc1035.c 2007-04-20 12:54:26.000000000 +0200 +++ dnsmasq-2.39/src/rfc1035.c 2007-05-20 18:22:46.000000000 +0200 @@ -1112,6 +1112,27 @@ } } + if (qtype == T_LOC || qtype == T_ANY) + { + struct loc_record *t; + for(t = daemon->loc; t ; t = t->next) + { + if (t->class == qclass && hostname_isequal(name, t->name)) + { + ans = 1; + if (!dryrun) + { + log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, 0, NULL, 0); + if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, + daemon->local_ttl, NULL, + T_LOC, t->class, "t", 16, t->loc)) + anscount++; + + } + } + } + } + if (qclass == C_IN) { if (qtype == T_PTR || qtype == T_ANY) diff -Nur dnsmasq-2.39-orig/src/rfc1876.c dnsmasq-2.39/src/rfc1876.c --- dnsmasq-2.39-orig/src/rfc1876.c 1970-01-01 01:00:00.000000000 +0100 +++ dnsmasq-2.39/src/rfc1876.c 2007-05-20 19:50:10.000000000 +0200 @@ -0,0 +1,379 @@ +/* + * routines to convert between on-the-wire RR format and zone file + * format. Does not contain conversion to/from decimal degrees; + * divide or multiply by 60*60*1000 for that. + */ + +#include "dnsmasq.h" + +static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000, + 1000000,10000000,100000000,1000000000}; + +/* takes an XeY precision/size value, returns a string representation.*/ +static const char * +precsize_ntoa(u_int8_t prec) +{ + static char retbuf[sizeof("90000000.00")]; + unsigned long val; + int mantissa, exponent; + + mantissa = (int)((prec >> 4) & 0x0f) % 10; + exponent = (int)((prec >> 0) & 0x0f) % 10; + + val = mantissa * poweroften[exponent]; + + (void) sprintf(retbuf,"%d.%.2d", val/100, val%100); + return (retbuf); +} + +/* converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer.*/ +static u_int8_t +precsize_aton(char **strptr) +{ + unsigned int mval = 0, cmval = 0; + u_int8_t retval = 0; + register char *cp; + register int exponent; + register int mantissa; + + cp = *strptr; + + while (isdigit(*cp)) + mval = mval * 10 + (*cp++ - '0'); + + if (*cp == '.') { /* centimeters */ + cp++; + if (isdigit(*cp)) { + cmval = (*cp++ - '0') * 10; + if (isdigit(*cp)) { + cmval += (*cp++ - '0'); + } + } + } + cmval = (mval * 100) + cmval; + + for (exponent = 0; exponent < 9; exponent++) + if (cmval < poweroften[exponent+1]) + break; + + mantissa = cmval / poweroften[exponent]; + if (mantissa > 9) + mantissa = 9; + + retval = (mantissa << 4) | exponent; + + *strptr = cp; + + return (retval); +} + +/* converts ascii lat/lon to unsigned encoded 32-bit number. + * moves pointer. */ +static u_int32_t +latlon2ul(char **latlonstrptr,int *which) +{ + register char *cp; + u_int32_t retval; + int deg = 0, min = 0, secs = 0, secsfrac = 0; + + cp = *latlonstrptr; + + while (isdigit(*cp)) + deg = deg * 10 + (*cp++ - '0'); + + while (isspace(*cp)) + cp++; + + if (!(isdigit(*cp))) + goto fndhemi; + + while (isdigit(*cp)) + min = min * 10 + (*cp++ - '0'); + while (isspace(*cp)) + cp++; + + if (!(isdigit(*cp))) + goto fndhemi; + + while (isdigit(*cp)) + secs = secs * 10 + (*cp++ - '0'); + + if (*cp == '.') { /* decimal seconds */ + cp++; + if (isdigit(*cp)) { + secsfrac = (*cp++ - '0') * 100; + if (isdigit(*cp)) { + secsfrac += (*cp++ - '0') * 10; + if (isdigit(*cp)) { + secsfrac += (*cp++ - '0'); + } + } + } + } + + while (!isspace(*cp)) /* if any trailing garbage */ + cp++; + + while (isspace(*cp)) + cp++; + + fndhemi: + switch (*cp) { + case 'N': case 'n': + case 'E': case 'e': + retval = ((unsigned)1<<31) + + (((((deg * 60) + min) * 60) + secs) * 1000) + + secsfrac; + break; + case 'S': case 's': + case 'W': case 'w': + retval = ((unsigned)1<<31) + - (((((deg * 60) + min) * 60) + secs) * 1000) + - secsfrac; + break; + default: + retval = 0; /* invalid value -- indicates error */ + break; + } + + switch (*cp) { + case 'N': case 'n': + case 'S': case 's': + *which = 1; /* latitude */ + break; + case 'E': case 'e': + case 'W': case 'w': + *which = 2; /* longitude */ + break; + default: + *which = 0; /* error */ + break; + } + + cp++; /* skip the hemisphere */ + + while (!isspace(*cp)) /* if any trailing garbage */ + cp++; + + while (isspace(*cp)) /* move to next field */ + cp++; + + *latlonstrptr = cp; + + return (retval); +} + +/* converts a zone file representation in a string to an RDATA + * on-the-wire representation. */ +u_int32_t +loc_aton(const char *ascii, u_char *binary) +{ + const char *cp, *maxcp; + u_char *bcp; + + u_int32_t latit = 0, longit = 0, alt = 0; + u_int32_t lltemp1 = 0, lltemp2 = 0; + int altmeters = 0, altfrac = 0, altsign = 1; + u_int8_t hp = 0x16; /* default = 1e6 cm = 10000.00m = 10km */ + u_int8_t vp = 0x13; /* default = 1e3 cm = 10.00m */ + u_int8_t siz = 0x12; /* default = 1e2 cm = 1.00m */ + int which1 = 0, which2 = 0; + + cp = ascii; + maxcp = cp + strlen(ascii); + + lltemp1 = latlon2ul(&cp, &which1); + lltemp2 = latlon2ul(&cp, &which2); + + switch (which1 + which2) { + case 3: /* 1 + 2, the only valid combination */ + if ((which1 == 1) && (which2 == 2)) { /* normal case */ + latit = lltemp1; + longit = lltemp2; + } else if ((which1 == 2) && (which2 == 1)) {/*reversed*/ + longit = lltemp1; + latit = lltemp2; + } else { /* some kind of brokenness */ + return 0; + } + break; + default: /* we didn't get one of each */ + return 0; + } + + /* altitude */ + if (*cp == '-') { + altsign = -1; + cp++; + } + + if (*cp == '+') + cp++; + + while (isdigit(*cp)) + altmeters = altmeters * 10 + (*cp++ - '0'); + + if (*cp == '.') { /* decimal meters */ + cp++; + if (isdigit(*cp)) { + altfrac = (*cp++ - '0') * 10; + if (isdigit(*cp)) { + altfrac += (*cp++ - '0'); + } + } + } + + alt = (10000000 + (altsign * (altmeters * 100 + altfrac))); + + while (!isspace(*cp) && (cp < maxcp)) + /* if trailing garbage or m */ + cp++; + + while (isspace(*cp) && (cp < maxcp)) + cp++; + if (cp >= maxcp) + goto defaults; + + siz = precsize_aton(&cp); + + while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/ + cp++; + + while (isspace(*cp) && (cp < maxcp)) + cp++; + + if (cp >= maxcp) + goto defaults; + + hp = precsize_aton(&cp); + + while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/ + cp++; + + while (isspace(*cp) && (cp < maxcp)) + cp++; + + if (cp >= maxcp) + goto defaults; + + vp = precsize_aton(&cp); + + defaults: + + bcp = binary; + *bcp++ = (u_int8_t) 0; /* version byte */ + *bcp++ = siz; + *bcp++ = hp; + *bcp++ = vp; + PUTLONG(latit,bcp); + PUTLONG(longit,bcp); + PUTLONG(alt,bcp); + + return (16); /* size of RR in octets */ +} + +/* takes an on-the-wire LOC RR and prints it in zone file + * (human readable) format. */ +char * +loc_ntoa(const u_char *binary,char *ascii) +{ + static char tmpbuf[255*3]; + + register char *cp; + register const u_char *rcp; + + int latdeg, latmin, latsec, latsecfrac; + int longdeg, longmin, longsec, longsecfrac; + char northsouth, eastwest; + int altmeters, altfrac, altsign; + + const int referencealt = 100000 * 100; + + int32_t latval, longval, altval; + u_int32_t templ; + u_int8_t sizeval, hpval, vpval, versionval; + + char *sizestr, *hpstr, *vpstr; + + rcp = binary; + if (ascii) + cp = ascii; + else { + cp = tmpbuf; + } + + versionval = *rcp++; + + if (versionval) { + sprintf(cp,"; error: unknown LOC RR version"); + return (cp); + } + + sizeval = *rcp++; + + hpval = *rcp++; + vpval = *rcp++; + + GETLONG(templ,rcp); + latval = (templ - ((unsigned)1<<31)); + + GETLONG(templ,rcp); + longval = (templ - ((unsigned)1<<31)); + + GETLONG(templ,rcp); + if (templ < referencealt) { /* below WGS 84 spheroid */ + altval = referencealt - templ; + altsign = -1; + } else { + altval = templ - referencealt; + altsign = 1; + } + + if (latval < 0) { + northsouth = 'S'; + latval = -latval; + } + else + northsouth = 'N'; + + latsecfrac = latval % 1000; + latval = latval / 1000; + latsec = latval % 60; + latval = latval / 60; + latmin = latval % 60; + latval = latval / 60; + latdeg = latval; + + if (longval < 0) { + eastwest = 'W'; + longval = -longval; + } + else + eastwest = 'E'; + + longsecfrac = longval % 1000; + longval = longval / 1000; + longsec = longval % 60; + longval = longval / 60; + longmin = longval % 60; + longval = longval / 60; + longdeg = longval; + + altfrac = altval % 100; + altmeters = (altval / 100) * altsign; + + sizestr = strdup(precsize_ntoa(sizeval)); + hpstr = strdup(precsize_ntoa(hpval)); + vpstr = strdup(precsize_ntoa(vpval)); + + sprintf(cp, + "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %d.%.2dm %sm %sm %sm", + latdeg, latmin, latsec, latsecfrac, northsouth, + longdeg, longmin, longsec, longsecfrac, eastwest, + altmeters, altfrac, sizestr, hpstr, vpstr); + free(sizestr); + free(hpstr); + free(vpstr); + + return (cp); +} dnsmasq-2.80.orig/contrib/dnslist/0000775000000000000000000000000013350032235014054 5ustar dnsmasq-2.80.orig/contrib/dnslist/dhcp.css0000664000000000000000000000136313350032235015507 0ustar body { font-family: sans-serif; color: #000; } h1 { font-size: medium; font-weight: bold; } h1 .updated { color: #999; } table { border-collapse: collapse; border-bottom: 2px solid #000; } th { background: #DDD; border-top: 2px solid #000; text-align: left; font-weight: bold; } /* Any row */ tr { border-top: 2px solid #000; } /* Any row but the first or second (overrides above rule) */ tr + tr + tr { border-top: 2px solid #999; } tr.offline td.hostname { color: #999; } .hostname { width: 10em; } .ip_addr { width: 10em; background: #DDD; } .ether_addr { width: 15em; } .client_id { width: 15em; background: #DDD; } .status { width: 5em; } .since { width: 10em; background: #DDD; } .lease { width: 10em; } dnsmasq-2.80.orig/contrib/dnslist/dnslist.pl0000775000000000000000000006302513350032235016102 0ustar #!/usr/bin/perl # dnslist - Read state file from dnsmasq and create a nice web page to display # a list of DHCP clients. # # Copyright (C) 2004 Thomas Tuttle # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTIBILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program*; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # * The license is in fact included at the end of this file, and can # either be viewed by reading everything after "__DATA__" or by # running dnslist with the '-l' option. # # Version: 0.2 # Author: Thomas Tuttle # Email: dnslist.20.thinkinginbinary@spamgourmet.org # License: GNU General Public License, version 2.0 # # v. 0.0: Too ugly to publish, thrown out. # # v. 0.1: First rewrite. # Added master host list so offline hosts can still be displayed. # Fixed modification detection (a newer modification time is lower.) # # v. 0.2: Fixed Client ID = "*" => "None" # Fixed HTML entities (a client ID of ???? my $dnsmasq_state_file = '/var/lib/misc/dnsmasq.leases'; # Location of template. (Assumed to be in current directory.) # Change with -t my $html_template_file = 'dnslist.tt2'; # File to write HTML page to. (This is where Slackware puts WWW pages. It may # be different on other systems. Make sure the permissions are set correctly # for it.) my $html_output_file = '/var/www/htdocs/dhcp.html'; # Time to wait after each page update. (The state file is checked for changes # before each update but is not read in each time, in case it is very big. The # page is rewritten just so the "(updated __/__ __:__:__)" text changes ;-) my $wait_time = 2; # Read command-line arguments. while ($_ = shift @ARGV) { if (/-s/) { $dnsmasq_state_file = shift; next; } if (/-t/) { $html_template_file = shift; next; } if (/-o/) { $html_output_file = shift; next; } if (/-d/) { $wait_time = shift; next; } if (/-l/) { show_license(); exit; } die "usage: dnslist [-s state_file] [-t template_file] [-o output_file] [-d delay_time]\n"; } # Master list of clients, offline and online. my $list = {}; # Sorted host list. (It's actually sorted by IP--the sub &byip() compares two # IP addresses, octet by octet, and figures out which is higher.) my @hosts = (); # Last time the state file was changed. my $last_state_change; # Check for a change to the state file. sub check_state { if (defined $last_state_change) { if (-M $dnsmasq_state_file < $last_state_change) { print "check_state: state file has been changed.\n"; $last_state_change = -M $dnsmasq_state_file; return 1; } else { return 0; } } else { # Last change undefined, so we are running for the first time. print "check_state: reading state file at startup.\n"; read_state(); $last_state_change = -M $dnsmasq_state_file; return 1; } } # Read data in state file. sub read_state { my $old; my $new; # Open file. unless (open STATE, $dnsmasq_state_file) { warn "read_state: can't open $dnsmasq_state_file!\n"; return 0; } # Mark all hosts as offline, saving old state. foreach $ether (keys %{$list}) { $list->{$ether}->{'old_online'} = $list->{$ether}->{'online'}; $list->{$ether}->{'online'} = 0; } # Read hosts. while () { chomp; @host{qw/raw_lease ether_addr ip_addr hostname raw_client_id/} = split /\s+/; $ether = $host{ether_addr}; # Mark each online host as online. $list->{$ether}->{'online'} = 1; # Copy data to master list. foreach $key (keys %host) { $list->{$ether}->{$key} = $host{$key}; } } close STATE; # Handle changes in offline/online state. (The sub &do_host() handles # all of the extra stuff to do with a host's data once it is read. foreach $ether (keys %{$list}) { $old = $list->{$ether}->{'old_online'}; $new = $list->{$ether}->{'online'}; if (not $old) { if (not $new) { do_host($ether, 'offline'); } else { do_host($ether, 'join'); } } else { if (not $new) { do_host($ether, 'leave'); } else { do_host($ether, 'online'); } } } # Sort hosts by IP ;-) @hosts = sort byip values %{$list}; # Copy sorted list to template data store. $data->{'hosts'} = [ @hosts ]; } # Do stuff per host. sub do_host { my ($ether, $status) = @_; # Find textual representation of DHCP client ID. if ($list->{$ether}->{'raw_client_id'} eq '*') { $list->{$ether}->{'text_client_id'} = 'None'; } else { my $text = ""; foreach $char (split /:/, $list->{$ether}->{'raw_client_id'}) { $char = pack('H2', $char); if (ord($char) >= 32 and ord($char) <= 127) { $text .= $char; } else { $text .= "?"; } } $list->{$ether}->{'text_client_id'} = $text; } # Convert lease expiration date/time to text. if ($list->{$ether}->{'raw_lease'} == 0) { $list->{$ether}->{'text_lease'} = 'Never'; } else { $list->{$ether}->{'text_lease'} = nice_time($list->{$ether}->{'raw_lease'}); } if ($status eq 'offline') { # Nothing to do. } elsif ($status eq 'online') { # Nothing to do. } elsif ($status eq 'join') { # Update times for joining host. print "do_host: $ether joined the network.\n"; $list->{$ether}->{'join_time'} = time; $list->{$ether}->{'since'} = nice_time(time); } elsif ($status eq 'leave') { # Update times for leaving host. print "do_host: $ether left the network.\n"; $list->{$ether}->{'leave_time'} = time; $list->{$ether}->{'since'} = nice_time(time); } } # Convert time to a string representation. sub nice_time { my $time = shift; my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $dst) = localtime($time); $sec = pad($sec, '0', 2); $min = pad($min, '0', 2); $hour = pad($hour, '0', 2); $mon = pad($mon, '0', 2); $mday = pad($mday, '0', 2); return "$mon/$mday $hour:$min:$sec"; } # Pad string to a certain length by repeatedly prepending another string. sub pad { my ($text, $pad, $length) = @_; while (length($text) < $length) { $text = "$pad$text"; } return $text; } # Compare two IP addresses. (Uses $a and $b from sort.) sub byip { # Split into octets. my @a = split /\./, $a->{ip_addr}; my @b = split /\./, $b->{ip_addr}; # Compare octets. foreach $n (0..3) { return $a[$n] <=> $b[$n] if ($a[$n] != $b[$n]); } # If we get here there is no difference. return 0; } # Output HTML file. sub write_output { # Create new template object. my $template = Template->new( { ABSOLUTE => 1, # /var/www/... is an absolute path OUTPUT => $html_output_file # put it here, not STDOUT } ); $data->{'updated'} = nice_time(time); # add "(updated ...)" to file unless ($template->process($html_template_file, $data)) { # do it warn "write_output: Template Toolkit error: " . $template->error() . "\n"; return 0; } print "write_output: page updated.\n"; return 1; } sub show_license { while () { print; $line++; if ($line == 24) { <>; $line = 1; } } } # Main loop. while (1) { # Check for state change. if (check_state()) { read_state(); sleep 1; # Sleep for a second just so we don't wear anything # out. (By not sleeping the whole time after a change # we can detect rapid changes more easily--like if 300 # hosts all come back online, they show up quicker.) } else { sleep $wait_time; # Take a nap. } write_output(); # Write the file anyway. } __DATA__ GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. dnsmasq-2.80.orig/contrib/dnslist/dnslist.tt20000664000000000000000000000210513350032235016165 0ustar DHCP Clients

DHCP Clients (updated [% updated %])

[% FOREACH host IN hosts %] [% END %]
Hostname IP Address Ethernet Address DHCP Client ID Status Since Lease Expires
[% host.hostname %] [% host.ip_addr %] [% host.ether_addr %] [% host.text_client_id %] ([% host.raw_client_id %]) [% IF host.online %]Online[% ELSE %]Offline[% END %] [% host.since %] [% host.text_lease %]
dnsmasq-2.80.orig/contrib/dnsmasq_MacOSX-pre10.4/0000775000000000000000000000000013350032235016303 5ustar dnsmasq-2.80.orig/contrib/dnsmasq_MacOSX-pre10.4/DNSmasq0000775000000000000000000000044613350032235017543 0ustar #!/bin/sh . /etc/rc.common StartService() { if [ "${DNSMASQ:=-NO-}" = "-YES-" ] ; then /usr/local/sbin/dnsmasq -q -n fi } StopService() { pid=`GetPID dnsmasq` if [ $? -eq 0 ]; then kill $pid fi } RestartService() { StopService "$@" StartService "$@" } RunService "$1" dnsmasq-2.80.orig/contrib/dnsmasq_MacOSX-pre10.4/README.rtf0000664000000000000000000000263413350032235017762 0ustar {\rtf1\mac\ansicpg10000\cocoartf824\cocoasubrtf100 {\fonttbl\f0\fswiss\fcharset77 Helvetica;\f1\fnil\fcharset77 Monaco;} {\colortbl;\red255\green255\blue255;} \paperw11900\paperh16840\margl1440\margr1440\vieww11120\viewh10100\viewkind0 \pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\ql\qnatural\pardirnatural \f0\fs24 \cf0 1. If you've used DNSenabler, or if you're using Mac OS X Server, or if you have in any other way activated Mac OS X's built-in DHCP and/or DNS servers, disable them. This would usually involve checking that they are either set to -NO- or absent altogether in \f1 /etc/hostconfig \f0 . If you've never done anything to do with DNS or DHCP servers on a client version of MacOS X, you won't need to worry about this; it will already be configured for you.\ \ 2. Add a configuration item to \f1 /etc/hostconfig \f0 as follows:\ \ \f1 DNSMASQ=-YES- \f0 \ \ 3. Create a system-wide StartupItems directory for dnsmasq:\ \ \f1 sudo mkdir -p /Library/StartupItems/DNSmasq\ \f0 \ 4. Copy the files \f1 DNSmasq \f0 and \f1 StartupParameters.plist \f0 into this directory, and make sure the former is executable:\ \ \f1 sudo cp DNSmasq StartupParameters.plist /Library/StartupItems/DNSmasq\ sudo chmod 755 /Library/StartupItems/DNSmasq/DNSmasq\ \f0 \ 5. Start the service:\ \ \f1 sudo /Library/StartupItems/DNSmasq/DNSmasq start\ \f0 \cf0 \ That should be all...}dnsmasq-2.80.orig/contrib/dnsmasq_MacOSX-pre10.4/StartupParameters.plist0000664000000000000000000000065513350032235023054 0ustar Description DNSmasq OrderPreference None Provides DNSmasq Uses Network dnsmasq-2.80.orig/contrib/dynamic-dnsmasq/0000775000000000000000000000000013350032235015464 5ustar dnsmasq-2.80.orig/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl0000775000000000000000000001616713350032235021127 0ustar #!/usr/bin/perl # dynamic-dnsmasq.pl - update dnsmasq's internal dns entries dynamically # Copyright (C) 2004 Peter Willis # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # the purpose of this script is to be able to update dnsmasq's dns # records from a remote dynamic dns client. # # basic use of this script: # dynamic-dnsmasq.pl add testaccount 1234 testaccount.mydomain.com # dynamic-dnsmasq.pl listen & # # this script tries to emulate DynDNS.org's dynamic dns service, so # technically you should be able to use any DynDNS.org client to # update the records here. tested and confirmed to work with ddnsu # 1.3.1. just point the client's host to the IP of this machine, # port 9020, and include the hostname, user and pass, and it should # work. # # make sure "addn-hosts=/etc/dyndns-hosts" is in your /etc/dnsmasq.conf # file and "nopoll" is commented out. use strict; use IO::Socket; use MIME::Base64; use DB_File; use Fcntl; my $accountdb = "accounts.db"; my $recordfile = "/etc/dyndns-hosts"; my $dnsmasqpidfile = "/var/run/dnsmasq.pid"; # if this doesn't exist, will look for process in /proc my $listenaddress = "0.0.0.0"; my $listenport = 9020; # no editing past this point should be necessary if ( @ARGV < 1 ) { die "Usage: $0 ADD|DEL|LISTUSERS|WRITEHOSTSFILE|LISTEN\n"; } elsif ( lc $ARGV[0] eq "add" ) { die "Usage: $0 ADD USER PASS HOSTNAME\n" unless @ARGV == 4; add_acct($ARGV[1], $ARGV[2], $ARGV[3]); } elsif ( lc $ARGV[0] eq "del" ) { die "Usage: $0 DEL USER\n" unless @ARGV == 2; print "Are you sure you want to delete user \"$ARGV[1]\"? [N/y] "; my $resp = ; chomp $resp; if ( lc substr($resp,0,1) eq "y" ) { del_acct($ARGV[1]); } } elsif ( lc $ARGV[0] eq "listusers" or lc $ARGV[0] eq "writehostsfile" ) { my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; my $fh; if ( lc $ARGV[0] eq "writehostsfile" ) { open($fh, ">$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n"; flock($fh, 2); seek($fh, 0, 0); truncate($fh, 0); } while ( my ($key, $val) = each %h ) { my ($pass, $domain, $ip) = split("\t",$val); if ( lc $ARGV[0] eq "listusers" ) { print "user $key, hostname $domain, ip $ip\n"; } else { if ( defined $ip ) { print $fh "$ip\t$domain\n"; } } } if ( lc $ARGV[0] eq "writehostsfile" ) { flock($fh, 8); close($fh); dnsmasq_rescan_configs(); } undef $X; untie %h; } elsif ( lc $ARGV[0] eq "listen" ) { listen_for_updates(); } sub listen_for_updates { my $sock = IO::Socket::INET->new(Listen => 5, LocalAddr => $listenaddress, LocalPort => $listenport, Proto => 'tcp', ReuseAddr => 1, MultiHomed => 1) || die "Could not open listening socket: $!\n"; $SIG{'CHLD'} = 'IGNORE'; while ( my $client = $sock->accept() ) { my $p = fork(); if ( $p != 0 ) { next; } $SIG{'CHLD'} = 'DEFAULT'; my @headers; my %cgi; while ( <$client> ) { s/(\r|\n)//g; last if $_ eq ""; push @headers, $_; } foreach my $header (@headers) { if ( $header =~ /^GET \/nic\/update\?([^\s].+) HTTP\/1\.[01]$/ ) { foreach my $element (split('&', $1)) { $cgi{(split '=', $element)[0]} = (split '=', $element)[1]; } } elsif ( $header =~ /^Authorization: basic (.+)$/ ) { unless ( defined $cgi{'hostname'} ) { print_http_response($client, undef, "badsys"); exit(1); } if ( !exists $cgi{'myip'} ) { $cgi{'myip'} = $client->peerhost(); } my ($user,$pass) = split ":", MIME::Base64::decode($1); if ( authorize($user, $pass, $cgi{'hostname'}, $cgi{'myip'}) == 0 ) { print_http_response($client, $cgi{'myip'}, "good"); update_dns(\%cgi); } else { print_http_response($client, undef, "badauth"); exit(1); } last; } } exit(0); } return(0); } sub add_acct { my ($user, $pass, $hostname) = @_; my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; $X->put($user, join("\t", ($pass, $hostname))); undef $X; untie %h; } sub del_acct { my ($user, $pass, $hostname) = @_; my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; $X->del($user); undef $X; untie %h; } sub authorize { my $user = shift; my $pass = shift; my $hostname = shift; my $ip = shift;; my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; my ($spass, $shost) = split("\t", $h{$user}); if ( defined $h{$user} and ($spass eq $pass) and ($shost eq $hostname) ) { $X->put($user, join("\t", $spass, $shost, $ip)); undef $X; untie %h; return(0); } undef $X; untie %h; return(1); } sub print_http_response { my $sock = shift; my $ip = shift; my $response = shift; print $sock "HTTP/1.0 200 OK\n"; my @tmp = split /\s+/, scalar gmtime(); print $sock "Date: $tmp[0], $tmp[2] $tmp[1] $tmp[4] $tmp[3] GMT\n"; print $sock "Server: Peter's Fake DynDNS.org Server/1.0\n"; print $sock "Content-Type: text/plain; charset=ISO-8859-1\n"; print $sock "Connection: close\n"; print $sock "Transfer-Encoding: chunked\n"; print $sock "\n"; #print $sock "12\n"; # this was part of the dyndns response but i'm not sure what it is print $sock "$response", defined($ip)? " $ip" : "" . "\n"; } sub update_dns { my $hashref = shift; my @records; my $found = 0; # update the addn-hosts file open(FILE, "+<$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n"; flock(FILE, 2); while ( ) { if ( /^(\d+\.\d+\.\d+\.\d+)\s+$$hashref{'hostname'}\n$/si ) { if ( $1 ne $$hashref{'myip'} ) { push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n"; $found = 1; } } else { push @records, $_; } } unless ( $found ) { push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n"; } sysseek(FILE, 0, 0); truncate(FILE, 0); syswrite(FILE, join("", @records)); flock(FILE, 8); close(FILE); dnsmasq_rescan_configs(); return(0); } sub dnsmasq_rescan_configs { # send the HUP signal to dnsmasq if ( -r $dnsmasqpidfile ) { open(PID,"<$dnsmasqpidfile") || die "Could not open PID file \"$dnsmasqpidfile\": $!\n"; my $pid = ; close(PID); chomp $pid; if ( kill(0, $pid) ) { kill(1, $pid); } else { goto LOOKFORDNSMASQ; } } else { LOOKFORDNSMASQ: opendir(DIR,"/proc") || die "Couldn't opendir /proc: $!\n"; my @dirs = grep(/^\d+$/, readdir(DIR)); closedir(DIR); foreach my $process (@dirs) { if ( open(FILE,"; close(FILE); if ( (split(/\0/,$cmdline))[0] =~ /dnsmasq/ ) { kill(1, $process); } } } } return(0); } dnsmasq-2.80.orig/contrib/lease-access/0000775000000000000000000000000013350032235014724 5ustar dnsmasq-2.80.orig/contrib/lease-access/README0000664000000000000000000000115413350032235015605 0ustar Hello, For some specific application I needed to deny access to a MAC address to a lease. For this reason I modified the dhcp-script behavior and is called with an extra parameter "access" once a dhcp request or discover is received. In that case if the exit code of the script is zero, dnsmasq continues normally, and if non-zero the packet is ignored. This was not added as a security feature but as a mean to handle differently some addresses. It is also quite intrusive since it requires changes in several other subsystems. It attach the patch in case someone is interested. regards, Nikos nmav@gennetsa.com dnsmasq-2.80.orig/contrib/lease-access/lease.access.patch0000664000000000000000000004055413350032235020306 0ustar Index: src/dnsmasq.c =================================================================== --- src/dnsmasq.c (revision 696) +++ src/dnsmasq.c (revision 821) @@ -59,7 +59,6 @@ static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp); static void check_dns_listeners(fd_set *set, time_t now); static void sig_handler(int sig); -static void async_event(int pipe, time_t now); static void fatal_event(struct event_desc *ev); static void poll_resolv(void); @@ -275,7 +274,7 @@ piperead = pipefd[0]; pipewrite = pipefd[1]; /* prime the pipe to load stuff first time. */ - send_event(pipewrite, EVENT_RELOAD, 0); + send_event(pipewrite, EVENT_RELOAD, 0, 0); err_pipe[1] = -1; @@ -340,7 +339,7 @@ } else if (getuid() == 0) { - send_event(err_pipe[1], EVENT_PIDFILE, errno); + send_event(err_pipe[1], EVENT_PIDFILE, errno, 0); _exit(0); } } @@ -372,7 +371,7 @@ (setgroups(0, &dummy) == -1 || setgid(gp->gr_gid) == -1)) { - send_event(err_pipe[1], EVENT_GROUP_ERR, errno); + send_event(err_pipe[1], EVENT_GROUP_ERR, errno, 0); _exit(0); } @@ -415,14 +414,14 @@ if (bad_capabilities != 0) { - send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities); + send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, 0); _exit(0); } /* finally drop root */ if (setuid(ent_pw->pw_uid) == -1) { - send_event(err_pipe[1], EVENT_USER_ERR, errno); + send_event(err_pipe[1], EVENT_USER_ERR, errno, 0); _exit(0); } @@ -434,7 +433,7 @@ /* lose the setuid and setgid capabilities */ if (capset(hdr, data) == -1) { - send_event(err_pipe[1], EVENT_CAP_ERR, errno); + send_event(err_pipe[1], EVENT_CAP_ERR, errno, 0); _exit(0); } #endif @@ -647,7 +646,7 @@ } if (FD_ISSET(piperead, &rset)) - async_event(piperead, now); + async_event(piperead, now, NULL, 0); #ifdef HAVE_LINUX_NETWORK if (FD_ISSET(daemon->netlinkfd, &rset)) @@ -674,7 +673,7 @@ #endif if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset)) - dhcp_packet(now); + dhcp_packet(piperead, now); #ifndef NO_FORK if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset)) @@ -719,17 +718,18 @@ else return; - send_event(pipewrite, event, 0); + send_event(pipewrite, event, 0, 0); errno = errsave; } } -void send_event(int fd, int event, int data) +void send_event(int fd, int event, int data, int priv) { struct event_desc ev; ev.event = event; ev.data = data; + ev.priv = priv; /* error pipe, debug mode. */ if (fd == -1) @@ -771,14 +771,17 @@ die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE); } } - -static void async_event(int pipe, time_t now) + +/* returns the private data of the event + */ +int async_event(int pipe, time_t now, struct event_desc* event, unsigned int secs) { pid_t p; struct event_desc ev; int i; - if (read_write(pipe, (unsigned char *)&ev, sizeof(ev), 1)) + if (read_timeout(pipe, (unsigned char *)&ev, sizeof(ev), now, secs) > 0) + { switch (ev.event) { case EVENT_RELOAD: @@ -872,6 +875,14 @@ flush_log(); exit(EC_GOOD); } + } + else + return -1; /* timeout */ + + if (event) + memcpy( event, &ev, sizeof(ev)); + + return 0; } static void poll_resolv() Index: src/config.h =================================================================== --- src/config.h (revision 696) +++ src/config.h (revision 821) @@ -51,6 +51,8 @@ #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */ #define LOG_MAX 5 /* log-queue length */ #define RANDFILE "/dev/urandom" +#define SCRIPT_TIMEOUT 6 +#define LEASE_CHECK_TIMEOUT 10 /* DBUS interface specifics */ #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" Index: src/dnsmasq.h =================================================================== --- src/dnsmasq.h (revision 696) +++ src/dnsmasq.h (revision 821) @@ -116,6 +116,7 @@ /* Async event queue */ struct event_desc { int event, data; + unsigned int priv; }; #define EVENT_RELOAD 1 @@ -390,6 +391,7 @@ #define ACTION_OLD_HOSTNAME 2 #define ACTION_OLD 3 #define ACTION_ADD 4 +#define ACTION_ACCESS 5 #define DHCP_CHADDR_MAX 16 @@ -709,6 +711,7 @@ char *print_mac(char *buff, unsigned char *mac, int len); void bump_maxfd(int fd, int *max); int read_write(int fd, unsigned char *packet, int size, int rw); +int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs); /* log.c */ void die(char *message, char *arg1, int exit_code); @@ -748,7 +751,7 @@ /* dhcp.c */ void dhcp_init(void); -void dhcp_packet(time_t now); +void dhcp_packet(int piperead, time_t now); struct dhcp_context *address_available(struct dhcp_context *context, struct in_addr addr, @@ -792,14 +795,16 @@ void rerun_scripts(void); /* rfc2131.c */ -size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, +size_t dhcp_reply(int pipefd, struct dhcp_context *context, char *iface_name, int int_index, size_t sz, time_t now, int unicast_dest, int *is_inform); /* dnsmasq.c */ int make_icmp_sock(void); int icmp_ping(struct in_addr addr); -void send_event(int fd, int event, int data); +void send_event(int fd, int event, int data, int priv); void clear_cache_and_reload(time_t now); +int wait_for_child(int pipe); +int async_event(int pipe, time_t now, struct event_desc*, unsigned int timeout); /* isc.c */ #ifdef HAVE_ISC_READER @@ -832,9 +837,9 @@ /* helper.c */ #ifndef NO_FORK int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd); -void helper_write(void); +int helper_write(void); void queue_script(int action, struct dhcp_lease *lease, - char *hostname, time_t now); + char *hostname, time_t now, unsigned int uid); int helper_buf_empty(void); #endif Index: src/util.c =================================================================== --- src/util.c (revision 696) +++ src/util.c (revision 821) @@ -444,3 +444,38 @@ return 1; } +int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs) +{ + ssize_t n, done; + time_t expire; + + expire = now + secs; + + for (done = 0; done < size; done += n) + { + retry: + if (secs > 0) alarm(secs); + n = read(fd, &packet[done], (size_t)(size - done)); + + if (n == 0) + return 0; + else if (n == -1) + { + if (errno == EINTR) { + my_syslog(LOG_INFO, _("read timed out (errno %d)"), errno); + return 0; + } + + if (retry_send() || errno == ENOMEM || errno == ENOBUFS || errno == EAGAIN) + { + if (secs == 0 || (secs > 0 && dnsmasq_time() < expire)) + goto retry; + } + + my_syslog(LOG_INFO, _("error in read (timeout %d, errno %d)"), secs, errno); + return 0; + } + } + return 1; +} + Index: src/dhcp.c =================================================================== --- src/dhcp.c (revision 696) +++ src/dhcp.c (revision 821) @@ -103,7 +103,7 @@ daemon->dhcp_packet.iov_base = safe_malloc(daemon->dhcp_packet.iov_len); } -void dhcp_packet(time_t now) +void dhcp_packet(int piperead, time_t now) { struct dhcp_packet *mess; struct dhcp_context *context; @@ -239,7 +239,8 @@ if (!iface_enumerate(&parm, complete_context, NULL)) return; lease_prune(NULL, now); /* lose any expired leases */ - iov.iov_len = dhcp_reply(parm.current, ifr.ifr_name, iface_index, (size_t)sz, + + iov.iov_len = dhcp_reply(piperead, parm.current, ifr.ifr_name, iface_index, (size_t)sz, now, unicast_dest, &is_inform); lease_update_file(now); lease_update_dns(); Index: src/helper.c =================================================================== --- src/helper.c (revision 696) +++ src/helper.c (revision 821) @@ -45,6 +45,7 @@ #endif unsigned char hwaddr[DHCP_CHADDR_MAX]; char interface[IF_NAMESIZE]; + unsigned int uid; }; static struct script_data *buf = NULL; @@ -60,7 +61,7 @@ then fork our process. */ if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1) { - send_event(err_fd, EVENT_PIPE_ERR, errno); + send_event(err_fd, EVENT_PIPE_ERR, errno, 0); _exit(0); } @@ -87,13 +88,13 @@ { if (daemon->options & OPT_NO_FORK) /* send error to daemon process if no-fork */ - send_event(event_fd, EVENT_HUSER_ERR, errno); + send_event(event_fd, EVENT_HUSER_ERR, errno, 0); else { /* kill daemon */ - send_event(event_fd, EVENT_DIE, 0); + send_event(event_fd, EVENT_DIE, 0, 0); /* return error */ - send_event(err_fd, EVENT_HUSER_ERR, errno);; + send_event(err_fd, EVENT_HUSER_ERR, errno, 0); } _exit(0); } @@ -122,6 +123,8 @@ action_str = "del"; else if (data.action == ACTION_ADD) action_str = "add"; + else if (data.action == ACTION_ACCESS) + action_str = "access"; else if (data.action == ACTION_OLD || data.action == ACTION_OLD_HOSTNAME) action_str = "old"; else @@ -178,9 +181,11 @@ { /* On error send event back to main process for logging */ if (WIFSIGNALED(status)) - send_event(event_fd, EVENT_KILLED, WTERMSIG(status)); - else if (WIFEXITED(status) && WEXITSTATUS(status) != 0) - send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status)); + send_event(event_fd, EVENT_KILLED, WTERMSIG(status), data.uid); + else if (WIFEXITED(status)) + send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status), data.uid); + else + send_event(event_fd, EVENT_EXITED, -1, data.uid); break; } @@ -263,7 +268,7 @@ err = errno; } /* failed, send event so the main process logs the problem */ - send_event(event_fd, EVENT_EXEC_ERR, err); + send_event(event_fd, EVENT_EXEC_ERR, err, data.uid); _exit(0); } } @@ -295,7 +300,7 @@ } /* pack up lease data into a buffer */ -void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now) +void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now, unsigned int uid) { unsigned char *p; size_t size; @@ -332,6 +337,7 @@ buf_size = size; } + buf->uid = uid; buf->action = action; buf->hwaddr_len = lease->hwaddr_len; buf->hwaddr_type = lease->hwaddr_type; @@ -393,12 +399,15 @@ return bytes_in_buf == 0; } -void helper_write(void) +/* returns -1 if write failed for a reason, 1 if no data exist + * and 0 if everything was ok. + */ +int helper_write(void) { ssize_t rc; if (bytes_in_buf == 0) - return; + return 1; if ((rc = write(daemon->helperfd, buf, bytes_in_buf)) != -1) { @@ -409,9 +418,11 @@ else { if (errno == EAGAIN || errno == EINTR) - return; + return -1; bytes_in_buf = 0; } + + return 0; } #endif Index: src/rfc2131.c =================================================================== --- src/rfc2131.c (revision 696) +++ src/rfc2131.c (revision 821) @@ -100,8 +100,49 @@ int clid_len, unsigned char *clid, int *len_out); static void match_vendor_opts(unsigned char *opt, struct dhcp_opt *dopt); +static int check_access_script( int piperead, struct dhcp_lease *lease, struct dhcp_packet *mess, time_t now) +{ +#ifndef NO_FORK +unsigned int uid; +struct event_desc ev; +int ret; +struct dhcp_lease _lease; + + if (daemon->lease_change_command == NULL) return 0; /* ok */ + + if (!lease) { /* if host has not been seen before lease is NULL */ + memset(&_lease, 0, sizeof(_lease)); + lease = &_lease; + lease_set_hwaddr(lease, mess->chaddr, NULL, mess->hlen, mess->htype, 0); + } + + uid = rand16(); + queue_script(ACTION_ACCESS, lease, NULL, now, uid); + + /* send all data to helper process */ + do + { + helper_write(); + } while (helper_buf_empty() == 0); + + /* wait for our event */ + ret = 0; + do + { + ret = async_event( piperead, now, &ev, SCRIPT_TIMEOUT); + } + while(ev.priv != uid && ret >= 0); + + if (ret < 0 || ev.data != 0) /* timeout or error */ + { + return -1; + } + +#endif + return 0; /* ok */ +} -size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, +size_t dhcp_reply(int piperead, struct dhcp_context *context, char *iface_name, int int_index, size_t sz, time_t now, int unicast_dest, int *is_inform) { unsigned char *opt, *clid = NULL; @@ -252,7 +293,7 @@ mac->netid.next = netid; netid = &mac->netid; } - + /* Determine network for this packet. Our caller will have already linked all the contexts which match the addresses of the receiving interface but if the machine has an address already, or came via a relay, or we have a subnet selector, @@ -329,7 +370,7 @@ my_syslog(LOG_INFO, _("Available DHCP range: %s -- %s"), daemon->namebuff, inet_ntoa(context_tmp->end)); } } - + mess->op = BOOTREPLY; config = find_config(daemon->dhcp_conf, context, clid, clid_len, @@ -418,7 +459,7 @@ else mess->yiaddr = lease->addr; } - + if (!message && !lease && (!(lease = lease_allocate(mess->yiaddr)))) @@ -641,7 +682,14 @@ memcpy(req_options, option_ptr(opt, 0), option_len(opt)); req_options[option_len(opt)] = OPTION_END; } - + + if (mess_type == DHCPREQUEST || mess_type == DHCPDISCOVER) + if (check_access_script(piperead, lease, mess, now) < 0) + { + my_syslog(LOG_INFO, _("Ignoring client due to access script")); + return 0; + } + switch (mess_type) { case DHCPDECLINE: Index: src/log.c =================================================================== --- src/log.c (revision 696) +++ src/log.c (revision 821) @@ -73,7 +73,7 @@ if (!log_reopen(daemon->log_file)) { - send_event(errfd, EVENT_LOG_ERR, errno); + send_event(errfd, EVENT_LOG_ERR, errno, 0); _exit(0); } Index: src/lease.c =================================================================== --- src/lease.c (revision 696) +++ src/lease.c (revision 821) @@ -511,7 +511,7 @@ if (lease->old_hostname) { #ifndef NO_FORK - queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now); + queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0); #endif free(lease->old_hostname); lease->old_hostname = NULL; @@ -520,7 +520,7 @@ else { #ifndef NO_FORK - queue_script(ACTION_DEL, lease, lease->hostname, now); + queue_script(ACTION_DEL, lease, lease->hostname, now, 0); #endif old_leases = lease->next; @@ -540,7 +540,7 @@ if (lease->old_hostname) { #ifndef NO_FORK - queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now); + queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0); #endif free(lease->old_hostname); lease->old_hostname = NULL; @@ -552,7 +552,7 @@ (lease->aux_changed && (daemon->options & OPT_LEASE_RO))) { #ifndef NO_FORK - queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now); + queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now, 0); #endif lease->new = lease->changed = lease->aux_changed = 0; Index: man/dnsmasq.8 =================================================================== --- man/dnsmasq.8 (revision 696) +++ man/dnsmasq.8 (revision 821) @@ -724,12 +724,15 @@ .B \-6 --dhcp-script= Whenever a new DHCP lease is created, or an old one destroyed, the binary specified by this option is run. The arguments to the process -are "add", "old" or "del", the MAC +are "add", "old", "access" or "del", the MAC address of the host (or ""), the IP address, and the hostname, if known. "add" means a lease has been created, "del" means it has been destroyed, "old" is a notification of an existing lease when dnsmasq starts or a change to MAC address or hostname of an existing lease (also, lease length or expiry and client-id, if leasefile-ro is set). +The "access" keyword means that a request was just received and depending +on the script exit status request for address will be granted, if exit status +is zero or not if it is non-zero. The process is run as root (assuming that dnsmasq was originally run as root) even if dnsmasq is configured to change UID to an unprivileged user. The environment is inherited from the invoker of dnsmasq, and if the dnsmasq-2.80.orig/contrib/lease-tools/0000775000000000000000000000000013350032235014623 5ustar dnsmasq-2.80.orig/contrib/lease-tools/Makefile0000664000000000000000000000021513350032235016261 0ustar CFLAGS?= -O2 -Wall -W all: dhcp_release dhcp_release6 dhcp_lease_time clean: rm -f *~ *.o core dhcp_release dhcp_release6 dhcp_lease_time dnsmasq-2.80.orig/contrib/lease-tools/dhcp_lease_time.10000664000000000000000000000152313350032235020013 0ustar .TH DHCP_LEASE_TIME 1 .SH NAME dhcp_lease_time \- Query remaining time of a lease on a the local dnsmasq DHCP server. .SH SYNOPSIS .B dhcp_lease_time
.SH "DESCRIPTION" Send a DHCPINFORM message to a dnsmasq server running on the local host and print (to stdout) the time remaining in any lease for the given address. The time is given as string printed to stdout. If an error occurs or no lease exists for the given address, nothing is sent to stdout a message is sent to stderr and a non-zero error code is returned. Requires dnsmasq 2.67 or later and may not work with other DHCP servers. The address argument is a dotted-quad IP addresses and mandatory. .SH LIMITATIONS Only works with IPv4 addresses and DHCP leases. .SH SEE ALSO .BR dnsmasq (8) .SH AUTHOR This manual page was written by Simon Kelley . dnsmasq-2.80.orig/contrib/lease-tools/dhcp_lease_time.c0000664000000000000000000001304613350032235020100 0ustar /* Copyright (c) 2007 Simon Kelley This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 dated June, 1991. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. */ /* dhcp_lease_time
*/ /* Send a DHCPINFORM message to a dnsmasq server running on the local host and print (to stdout) the time remaining in any lease for the given address. The time is given as string printed to stdout. If an error occurs or no lease exists for the given address, nothing is sent to stdout a message is sent to stderr and a non-zero error code is returned. This version requires dnsmasq 2.67 or later. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define DHCP_CHADDR_MAX 16 #define BOOTREQUEST 1 #define DHCP_COOKIE 0x63825363 #define OPTION_PAD 0 #define OPTION_LEASE_TIME 51 #define OPTION_OVERLOAD 52 #define OPTION_MESSAGE_TYPE 53 #define OPTION_REQUESTED_OPTIONS 55 #define OPTION_END 255 #define DHCPINFORM 8 #define DHCP_SERVER_PORT 67 #define option_len(opt) ((int)(((unsigned char *)(opt))[1])) #define option_ptr(opt) ((void *)&(((unsigned char *)(opt))[2])) typedef unsigned char u8; typedef unsigned short u16; typedef unsigned int u32; struct dhcp_packet { u8 op, htype, hlen, hops; u32 xid; u16 secs, flags; struct in_addr ciaddr, yiaddr, siaddr, giaddr; u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128]; u32 cookie; unsigned char options[308]; }; static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize) { while (*p != OPTION_END) { if (p >= end) return NULL; /* malformed packet */ else if (*p == OPTION_PAD) p++; else { int opt_len; if (p >= end - 2) return NULL; /* malformed packet */ opt_len = option_len(p); if (end - p >= (2 + opt_len)) return NULL; /* malformed packet */ if (*p == opt && opt_len >= minsize) return p; p += opt_len + 2; } } return opt == OPTION_END ? p : NULL; } static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize) { unsigned char *ret, *overload; /* skip over DHCP cookie; */ if ((ret = option_find1(&mess->options[0], ((unsigned char *)mess) + size, opt_type, minsize))) return ret; /* look for overload option. */ if (!(overload = option_find1(&mess->options[0], ((unsigned char *)mess) + size, OPTION_OVERLOAD, 1))) return NULL; /* Can we look in filename area ? */ if ((overload[2] & 1) && (ret = option_find1(&mess->file[0], &mess->file[128], opt_type, minsize))) return ret; /* finally try sname area */ if ((overload[2] & 2) && (ret = option_find1(&mess->sname[0], &mess->sname[64], opt_type, minsize))) return ret; return NULL; } static unsigned int option_uint(unsigned char *opt, int size) { /* this worries about unaligned data and byte order */ unsigned int ret = 0; int i; unsigned char *p = option_ptr(opt); for (i = 0; i < size; i++) ret = (ret << 8) | *p++; return ret; } int main(int argc, char **argv) { struct in_addr lease; struct dhcp_packet packet; unsigned char *p = packet.options; struct sockaddr_in dest; int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); ssize_t rc; if (argc < 2) { fprintf(stderr, "usage: dhcp_lease_time
\n"); exit(1); } if (fd == -1) { perror("cannot create socket"); exit(1); } lease.s_addr = inet_addr(argv[1]); memset(&packet, 0, sizeof(packet)); packet.hlen = 0; packet.htype = 0; packet.op = BOOTREQUEST; packet.ciaddr = lease; packet.cookie = htonl(DHCP_COOKIE); *(p++) = OPTION_MESSAGE_TYPE; *(p++) = 1; *(p++) = DHCPINFORM; /* Explicitly request the lease time, it won't be sent otherwise: this is a dnsmasq extension, not standard. */ *(p++) = OPTION_REQUESTED_OPTIONS; *(p++) = 1; *(p++) = OPTION_LEASE_TIME; *(p++) = OPTION_END; dest.sin_family = AF_INET; dest.sin_addr.s_addr = inet_addr("127.0.0.1"); dest.sin_port = ntohs(DHCP_SERVER_PORT); if (sendto(fd, &packet, sizeof(packet), 0, (struct sockaddr *)&dest, sizeof(dest)) == -1) { perror("sendto failed"); exit(1); } alarm(3); /* noddy timeout. */ rc = recv(fd, &packet, sizeof(packet), 0); if (rc < (ssize_t)(sizeof(packet) - sizeof(packet.options))) { perror("recv failed"); exit(1); } if ((p = option_find(&packet, (size_t)rc, OPTION_LEASE_TIME, 4))) { unsigned int t = option_uint(p, 4); if (t == 0xffffffff) printf("infinite"); else { unsigned int x; if ((x = t/86400)) printf("%ud", x); if ((x = (t/3600)%24)) printf("%uh", x); if ((x = (t/60)%60)) printf("%um", x); if ((x = t%60)) printf("%us", x); } return 0; } return 1; /* no lease */ } dnsmasq-2.80.orig/contrib/lease-tools/dhcp_release.10000664000000000000000000000227013350032235017324 0ustar .TH DHCP_RELEASE 1 .SH NAME dhcp_release \- Release a DHCP lease on a the local dnsmasq DHCP server. .SH SYNOPSIS .B dhcp_release
.SH "DESCRIPTION" A utility which forces the DHCP server running on this machine to release a DHCP lease. .PP Send a DHCPRELEASE message via the specified interface to tell the local DHCP server to delete a particular lease. The interface argument is the interface in which a DHCP request _would_ be received if it was coming from the client, rather than being faked up here. The address argument is a dotted-quad IP addresses and mandatory. The MAC address is colon separated hex, and is mandatory. It may be prefixed by an address-type byte followed by -, eg 10-11:22:33:44:55:66 but if the address-type byte is missing it is assumed to be 1, the type for ethernet. This encoding is the one used in dnsmasq lease files. The client-id is optional. If it is "*" then it treated as being missing. .SH NOTES MUST be run as root - will fail otherwise. .SH LIMITATIONS Only usable on IPv4 DHCP leases. .SH SEE ALSO .BR dnsmasq (8) .SH AUTHOR This manual page was written by Simon Kelley . dnsmasq-2.80.orig/contrib/lease-tools/dhcp_release.c0000664000000000000000000002023713350032235017411 0ustar /* Copyright (c) 2006 Simon Kelley This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 dated June, 1991. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. */ /* dhcp_release
MUST be run as root - will fail otherwise. */ /* Send a DHCPRELEASE message via the specified interface to tell the local DHCP server to delete a particular lease. The interface argument is the interface in which a DHCP request _would_ be received if it was coming from the client, rather than being faked up here. The address argument is a dotted-quad IP addresses and mandatory. The MAC address is colon separated hex, and is mandatory. It may be prefixed by an address-type byte followed by -, eg 10-11:22:33:44:55:66 but if the address-type byte is missing it is assumed to be 1, the type for ethernet. This encoding is the one used in dnsmasq lease files. The client-id is optional. If it is "*" then it treated as being missing. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define DHCP_CHADDR_MAX 16 #define BOOTREQUEST 1 #define DHCP_COOKIE 0x63825363 #define OPTION_SERVER_IDENTIFIER 54 #define OPTION_CLIENT_ID 61 #define OPTION_MESSAGE_TYPE 53 #define OPTION_END 255 #define DHCPRELEASE 7 #define DHCP_SERVER_PORT 67 typedef unsigned char u8; typedef unsigned short u16; typedef unsigned int u32; struct dhcp_packet { u8 op, htype, hlen, hops; u32 xid; u16 secs, flags; struct in_addr ciaddr, yiaddr, siaddr, giaddr; u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128]; u32 cookie; unsigned char options[308]; }; static struct iovec iov; static int expand_buf(struct iovec *iov, size_t size) { void *new; if (size <= iov->iov_len) return 1; if (!(new = malloc(size))) { errno = ENOMEM; return 0; } if (iov->iov_base) { memcpy(new, iov->iov_base, iov->iov_len); free(iov->iov_base); } iov->iov_base = new; iov->iov_len = size; return 1; } static ssize_t netlink_recv(int fd) { struct msghdr msg; ssize_t rc; msg.msg_control = NULL; msg.msg_controllen = 0; msg.msg_name = NULL; msg.msg_namelen = 0; msg.msg_iov = &iov; msg.msg_iovlen = 1; while (1) { msg.msg_flags = 0; while ((rc = recvmsg(fd, &msg, MSG_PEEK)) == -1 && errno == EINTR); /* 2.2.x doesn't support MSG_PEEK at all, returning EOPNOTSUPP, so we just grab a big buffer and pray in that case. */ if (rc == -1 && errno == EOPNOTSUPP) { if (!expand_buf(&iov, 2000)) return -1; break; } if (rc == -1 || !(msg.msg_flags & MSG_TRUNC)) break; if (!expand_buf(&iov, iov.iov_len + 100)) return -1; } /* finally, read it for real */ while ((rc = recvmsg(fd, &msg, 0)) == -1 && errno == EINTR); return rc; } static int parse_hex(char *in, unsigned char *out, int maxlen, int *mac_type) { int i = 0; char *r; if (mac_type) *mac_type = 0; while (maxlen == -1 || i < maxlen) { for (r = in; *r != 0 && *r != ':' && *r != '-'; r++); if (*r == 0) maxlen = i; if (r != in ) { if (*r == '-' && i == 0 && mac_type) { *r = 0; *mac_type = strtol(in, NULL, 16); mac_type = NULL; } else { *r = 0; out[i] = strtol(in, NULL, 16); i++; } } in = r+1; } return i; } static int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask) { return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr); } static struct in_addr find_interface(struct in_addr client, int fd, unsigned int index) { struct sockaddr_nl addr; struct nlmsghdr *h; ssize_t len; struct { struct nlmsghdr nlh; struct rtgenmsg g; } req; addr.nl_family = AF_NETLINK; addr.nl_pad = 0; addr.nl_groups = 0; addr.nl_pid = 0; /* address to kernel */ req.nlh.nlmsg_len = sizeof(req); req.nlh.nlmsg_type = RTM_GETADDR; req.nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST | NLM_F_ACK; req.nlh.nlmsg_pid = 0; req.nlh.nlmsg_seq = 1; req.g.rtgen_family = AF_INET; if (sendto(fd, (void *)&req, sizeof(req), 0, (struct sockaddr *)&addr, sizeof(addr)) == -1) { perror("sendto failed"); exit(1); } while (1) { if ((len = netlink_recv(fd)) == -1) { perror("netlink"); exit(1); } for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len)) if (h->nlmsg_type == NLMSG_DONE) exit(0); else if (h->nlmsg_type == RTM_NEWADDR) { struct ifaddrmsg *ifa = NLMSG_DATA(h); struct rtattr *rta; unsigned int len1 = h->nlmsg_len - NLMSG_LENGTH(sizeof(*ifa)); if (ifa->ifa_index == index && ifa->ifa_family == AF_INET) { struct in_addr netmask, addr; netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen)); addr.s_addr = 0; for (rta = IFA_RTA(ifa); RTA_OK(rta, len1); rta = RTA_NEXT(rta, len1)) if (rta->rta_type == IFA_LOCAL) addr = *((struct in_addr *)(rta+1)); if (addr.s_addr && is_same_net(addr, client, netmask)) return addr; } } } exit(0); } int main(int argc, char **argv) { struct in_addr server, lease; int mac_type; struct dhcp_packet packet; unsigned char *p = packet.options; struct sockaddr_in dest; struct ifreq ifr; int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); int nl = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (argc < 4 || argc > 5) { fprintf(stderr, "usage: dhcp_release []\n"); exit(1); } if (fd == -1 || nl == -1) { perror("cannot create socket"); exit(1); } /* This voodoo fakes up a packet coming from the correct interface, which really matters for a DHCP server */ strncpy(ifr.ifr_name, argv[1], sizeof(ifr.ifr_name)-1); ifr.ifr_name[sizeof(ifr.ifr_name)-1] = '\0'; if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1) { perror("cannot setup interface"); exit(1); } if (inet_addr(argv[2]) == INADDR_NONE) { perror("invalid ip address"); exit(1); } lease.s_addr = inet_addr(argv[2]); server = find_interface(lease, nl, if_nametoindex(argv[1])); memset(&packet, 0, sizeof(packet)); packet.hlen = parse_hex(argv[3], packet.chaddr, DHCP_CHADDR_MAX, &mac_type); if (mac_type == 0) packet.htype = ARPHRD_ETHER; else packet.htype = mac_type; packet.op = BOOTREQUEST; packet.ciaddr = lease; packet.cookie = htonl(DHCP_COOKIE); *(p++) = OPTION_MESSAGE_TYPE; *(p++) = 1; *(p++) = DHCPRELEASE; *(p++) = OPTION_SERVER_IDENTIFIER; *(p++) = sizeof(server); memcpy(p, &server, sizeof(server)); p += sizeof(server); if (argc == 5 && strcmp(argv[4], "*") != 0) { unsigned int clid_len = parse_hex(argv[4], p+2, 255, NULL); *(p++) = OPTION_CLIENT_ID; *(p++) = clid_len; p += clid_len; } *(p++) = OPTION_END; dest.sin_family = AF_INET; dest.sin_port = ntohs(DHCP_SERVER_PORT); dest.sin_addr = server; if (sendto(fd, &packet, sizeof(packet), 0, (struct sockaddr *)&dest, sizeof(dest)) == -1) { perror("sendto failed"); exit(1); } return 0; } dnsmasq-2.80.orig/contrib/lease-tools/dhcp_release6.10000664000000000000000000000242613350032235017415 0ustar .TH DHCP_RELEASE 1 .SH NAME dhcp_release6 \- Release a DHCPv6 lease on a the local dnsmasq DHCP server. .SH SYNOPSIS .B dhcp_release6 --iface --client-id --server-id server-id --iaid --ip [--dry-run] [--help] .SH "DESCRIPTION" A utility which forces the DHCP server running on this machine to release a DHCPv6 lease. .SS OPTIONS .IP "-a, --ip" IPv6 address to release. .IP "-c, --client-id" Colon-separated hex string representing DHCPv6 client id. Normally it can be found in leases file both on client and server. .IP "-d, --dry-run" Print hexadecimal representation of generated DHCPv6 release packet to standard output and exit. .IP "-h, --help" print usage information to standard output and exit. .IP "-i, --iaid" Decimal representation of DHCPv6 IAID. Normally it can be found in leases file both on client and server. .IP "-n, --iface" Network interface to send a DHCPv6 release packet from. .IP "-s, --server-id" Colon-separated hex string representing DHCPv6 server id. Normally it can be found in leases file both on client and server. .SH NOTES MUST be run as root - will fail otherwise. .SH LIMITATIONS Only usable on IPv6 DHCP leases. .SH SEE ALSO .BR dnsmasq (8) .SH AUTHOR This manual page was written by Simon Kelley . dnsmasq-2.80.orig/contrib/lease-tools/dhcp_release6.c0000664000000000000000000003027213350032235017477 0ustar /* dhcp_release6 --iface --client-id --server-id server-id --iaid --ip [--dry-run] [--help] MUST be run as root - will fail otherwise */ /* Send a DHCPRELEASE message to IPv6 multicast address via the specified interface to tell the local DHCP server to delete a particular lease. The interface argument is the interface in which a DHCP request _would_ be received if it was coming from the client, rather than being faked up here. The client-id argument is colon-separated hex string and mandatory. Normally it can be found in leases file both on client and server The server-id argument is colon-separated hex string and mandatory. Normally it can be found in leases file both on client and server. The iaid argument is numeric string and mandatory. Normally it can be found in leases file both on client and server. IP is an IPv6 address to release If --dry-run is specified, dhcp_release6 just prints hexadecimal representation of packet to send to stdout and exits. If --help is specified, dhcp_release6 print usage information to stdout and exits */ #include #include #include #include #include #include #include #include #include #include #define NOT_REPLY_CODE 115 typedef unsigned char u8; typedef unsigned short u16; typedef unsigned int u32; enum DHCP6_TYPES { SOLICIT = 1, ADVERTISE = 2, REQUEST = 3, CONFIRM = 4, RENEW = 5, REBIND = 6, REPLY = 7, RELEASE = 8, DECLINE = 9, RECONFIGURE = 10, INFORMATION_REQUEST = 11, RELAY_FORW = 12, RELAY_REPL = 13 }; enum DHCP6_OPTIONS { CLIENTID = 1, SERVERID = 2, IA_NA = 3, IA_TA = 4, IAADDR = 5, ORO = 6, PREFERENCE = 7, ELAPSED_TIME = 8, RELAY_MSG = 9, AUTH = 11, UNICAST = 12, STATUS_CODE = 13, RAPID_COMMIT = 14, USER_CLASS = 15, VENDOR_CLASS = 16, VENDOR_OPTS = 17, INTERFACE_ID = 18, RECONF_MSG = 19, RECONF_ACCEPT = 20, }; enum DHCP6_STATUSES { SUCCESS = 0, UNSPEC_FAIL = 1, NOADDR_AVAIL=2, NO_BINDING = 3, NOT_ON_LINK = 4, USE_MULTICAST =5 }; static struct option longopts[] = { {"ip", required_argument, 0, 'a' }, {"server-id", required_argument, 0, 's' }, {"client-id", required_argument, 0, 'c' }, {"iface", required_argument, 0, 'n' }, {"iaid", required_argument, 0, 'i' }, {"dry-run", no_argument, 0, 'd' }, {"help", no_argument, 0, 'h' }, {0, 0, 0, 0 } }; const short DHCP6_CLIENT_PORT = 546; const short DHCP6_SERVER_PORT = 547; const char* DHCP6_MULTICAST_ADDRESS = "ff02::1:2"; struct dhcp6_option { uint16_t type; uint16_t len; char value[1024]; }; struct dhcp6_iaaddr_option { uint16_t type; uint16_t len; struct in6_addr ip; uint32_t preferred_lifetime; uint32_t valid_lifetime; }; struct dhcp6_iana_option { uint16_t type; uint16_t len; uint32_t iaid; uint32_t t1; uint32_t t2; char options[1024]; }; struct dhcp6_packet { size_t len; char buf[2048]; }; size_t pack_duid(const char* str, char* dst) { char* tmp = strdup(str); char* tmp_to_free = tmp; char *ptr; uint8_t write_pos = 0; while ((ptr = strtok (tmp, ":"))) { dst[write_pos] = (uint8_t) strtol(ptr, NULL, 16); write_pos += 1; tmp = NULL; } free(tmp_to_free); return write_pos; } struct dhcp6_option create_client_id_option(const char* duid) { struct dhcp6_option option; option.type = htons(CLIENTID); bzero(option.value, sizeof(option.value)); option.len = htons(pack_duid(duid, option.value)); return option; } struct dhcp6_option create_server_id_option(const char* duid) { struct dhcp6_option option; option.type = htons(SERVERID); bzero(option.value, sizeof(option.value)); option.len = htons(pack_duid(duid, option.value)); return option; } struct dhcp6_iaaddr_option create_iaadr_option(const char* ip) { struct dhcp6_iaaddr_option result; result.type =htons(IAADDR); /* no suboptions needed here, so length is 24 */ result.len = htons(24); result.preferred_lifetime = 0; result.valid_lifetime = 0; int s = inet_pton(AF_INET6, ip, &(result.ip)); if (s <= 0) { if (s == 0) fprintf(stderr, "Not in presentation format"); else perror("inet_pton"); exit(EXIT_FAILURE); } return result; } struct dhcp6_iana_option create_iana_option(const char * iaid, struct dhcp6_iaaddr_option ia_addr) { struct dhcp6_iana_option result; result.type = htons(IA_NA); result.iaid = htonl(atoi(iaid)); result.t1 = 0; result.t2 = 0; result.len = htons(12 + ntohs(ia_addr.len) + 2 * sizeof(uint16_t)); memcpy(result.options, &ia_addr, ntohs(ia_addr.len) + 2 * sizeof(uint16_t)); return result; } struct dhcp6_packet create_release_packet(const char* iaid, const char* ip, const char* client_id, const char* server_id) { struct dhcp6_packet result; bzero(result.buf, sizeof(result.buf)); /* message_type */ result.buf[0] = RELEASE; /* tx_id */ bzero(result.buf+1, 3); struct dhcp6_option client_option = create_client_id_option(client_id); struct dhcp6_option server_option = create_server_id_option(server_id); struct dhcp6_iaaddr_option iaaddr_option = create_iaadr_option(ip); struct dhcp6_iana_option iana_option = create_iana_option(iaid, iaaddr_option); int offset = 4; memcpy(result.buf + offset, &client_option, ntohs(client_option.len) + 2*sizeof(uint16_t)); offset += (ntohs(client_option.len)+ 2 *sizeof(uint16_t) ); memcpy(result.buf + offset, &server_option, ntohs(server_option.len) + 2*sizeof(uint16_t) ); offset += (ntohs(server_option.len)+ 2* sizeof(uint16_t)); memcpy(result.buf + offset, &iana_option, ntohs(iana_option.len) + 2*sizeof(uint16_t) ); offset += (ntohs(iana_option.len)+ 2* sizeof(uint16_t)); result.len = offset; return result; } uint16_t parse_iana_suboption(char* buf, size_t len) { size_t current_pos = 0; char option_value[1024]; while (current_pos < len) { uint16_t option_type, option_len; memcpy(&option_type,buf + current_pos, sizeof(uint16_t)); memcpy(&option_len,buf + current_pos + sizeof(uint16_t), sizeof(uint16_t)); option_type = ntohs(option_type); option_len = ntohs(option_len); current_pos += 2 * sizeof(uint16_t); if (option_type == STATUS_CODE) { uint16_t status; memcpy(&status, buf + current_pos, sizeof(uint16_t)); status = ntohs(status); if (status != SUCCESS) { memcpy(option_value, buf + current_pos + sizeof(uint16_t) , option_len - sizeof(uint16_t)); option_value[option_len-sizeof(uint16_t)] ='\0'; fprintf(stderr, "Error: %s\n", option_value); } return status; } } return -2; } int16_t parse_packet(char* buf, size_t len) { int16_t ret = -1; uint8_t type = buf[0]; /*skipping tx id. you need it, uncomment following line uint16_t tx_id = ntohs((buf[1] <<16) + (buf[2] <<8) + buf[3]); */ size_t current_pos = 4; if (type != REPLY ) return NOT_REPLY_CODE; char option_value[1024]; while (current_pos < len) { uint16_t option_type, option_len; memcpy(&option_type,buf + current_pos, sizeof(uint16_t)); memcpy(&option_len,buf + current_pos + sizeof(uint16_t), sizeof(uint16_t)); option_type = ntohs(option_type); option_len = ntohs(option_len); current_pos += 2 * sizeof(uint16_t); if (option_type == STATUS_CODE) { uint16_t status; memcpy(&status, buf + current_pos, sizeof(uint16_t)); status = ntohs(status); if (status != SUCCESS) { memcpy(option_value, buf + current_pos +sizeof(uint16_t) , option_len -sizeof(uint16_t)); fprintf(stderr, "Error: %d %s\n", status, option_value); return status; } /* Got success status, return that if there's no specific error in an IA_NA. */ ret = SUCCESS; } if (option_type == IA_NA ) { uint16_t result = parse_iana_suboption(buf + current_pos +24, option_len -24); if (result) return result; } current_pos += option_len; } return ret; } void usage(const char* arg, FILE* stream) { const char* usage_string ="--ip IPv6 --iface IFACE --server-id SERVER_ID --client-id CLIENT_ID --iaid IAID [--dry-run] | --help"; fprintf (stream, "Usage: %s %s\n", arg, usage_string); } int send_release_packet(const char* iface, struct dhcp6_packet* packet) { struct sockaddr_in6 server_addr, client_addr; char response[1400]; int sock = socket(PF_INET6, SOCK_DGRAM, 0); int i = 0; if (sock < 0) { perror("creating socket"); return -1; } if (setsockopt(sock, SOL_SOCKET, 25, iface, strlen(iface)) == -1) { perror("SO_BINDTODEVICE"); close(sock); return -1; } memset(&server_addr, 0, sizeof(server_addr)); server_addr.sin6_family = AF_INET6; client_addr.sin6_family = AF_INET6; client_addr.sin6_port = htons(DHCP6_CLIENT_PORT); client_addr.sin6_flowinfo = 0; client_addr.sin6_scope_id =0; inet_pton(AF_INET6, "::", &client_addr.sin6_addr); bind(sock, (struct sockaddr*)&client_addr, sizeof(struct sockaddr_in6)); inet_pton(AF_INET6, DHCP6_MULTICAST_ADDRESS, &server_addr.sin6_addr); server_addr.sin6_port = htons(DHCP6_SERVER_PORT); int16_t recv_size = 0; for (i = 0; i < 5; i++) { if (sendto(sock, packet->buf, packet->len, 0, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) { perror("sendto failed"); exit(4); } recv_size = recvfrom(sock, response, sizeof(response), MSG_DONTWAIT, NULL, 0); if (recv_size == -1) { if (errno == EAGAIN) { sleep(1); continue; } else { perror("recvfrom"); } } int16_t result = parse_packet(response, recv_size); if (result == NOT_REPLY_CODE) { sleep(1); continue; } close(sock); return result; } close(sock); fprintf(stderr, "Response timed out\n"); return -1; } int main(int argc, char * const argv[]) { const char* UNINITIALIZED = ""; const char* iface = UNINITIALIZED; const char* ip = UNINITIALIZED; const char* client_id = UNINITIALIZED; const char* server_id = UNINITIALIZED; const char* iaid = UNINITIALIZED; int dry_run = 0; while (1) { int option_index = 0; int c = getopt_long(argc, argv, "a:s:c:n:i:hd", longopts, &option_index); if (c == -1) break; switch(c) { case 0: if (longopts[option_index].flag !=0) break; printf ("option %s", longopts[option_index].name); if (optarg) printf (" with arg %s", optarg); printf ("\n"); break; case 'i': iaid = optarg; break; case 'n': iface = optarg; break; case 'a': ip = optarg; break; case 'c': client_id = optarg; break; case 'd': dry_run = 1; break; case 's': server_id = optarg; break; case 'h': usage(argv[0], stdout); return 0; case '?': usage(argv[0], stderr); return -1; default: abort(); } } if (iaid == UNINITIALIZED) { fprintf(stderr, "Missing required iaid parameter\n"); usage(argv[0], stderr); return -1; } if (server_id == UNINITIALIZED) { fprintf(stderr, "Missing required server-id parameter\n"); usage(argv[0], stderr); return -1; } if (client_id == UNINITIALIZED) { fprintf(stderr, "Missing required client-id parameter\n"); usage(argv[0], stderr); return -1; } if (ip == UNINITIALIZED) { fprintf(stderr, "Missing required ip parameter\n"); usage(argv[0], stderr); return -1; } if (iface == UNINITIALIZED) { fprintf(stderr, "Missing required iface parameter\n"); usage(argv[0], stderr); return -1; } struct dhcp6_packet packet = create_release_packet(iaid, ip, client_id, server_id); if (dry_run) { uint16_t i; for(i=0; i "$STATUS_FILE".new if [ "$action" = "add" -o "$action" = "old" ]; then echo "$ip $mac" >> "$STATUS_FILE".new fi mv "$STATUS_FILE".new "$STATUS_FILE" # atomic update. fi fi dnsmasq-2.80.orig/contrib/openvpn/0000775000000000000000000000000013350032235014061 5ustar dnsmasq-2.80.orig/contrib/openvpn/README0000664000000000000000000000413013350032235014737 0ustar The patch I have attached lets me get the behavior I wish out of dnsmasq. I also include my version of dhclient-enter-hooks as required for the switchover from pre-dnsmasq and dhclient. On 8/16/05, Joseph Tate wrote: > I'm trying to use dnsmasq on a laptop in order to facilitate openvpn > connections. As such, the only configuration option I'm concerned > about is a single server=3D/example.com/192.168.0.1 line. > > The way I currently have it set up is I modified dhclient to write its > resolv.conf data to /etc/resolv.conf.dhclient and configured > /etc/dnsmasq.conf to look there for its upstream dns servers. > /etc/resolv.conf is set to nameserver 127.0.0.1 > > All of this works great. When I start the openvpn service, it the > routes, and queries to the domain in the server=3D line work just fine. > > The only problem is that the hostname for my system doesn't get set > correctly. With the resolv.conf data written to something other than > /etc/resolv.conf, the ifup scripts don't have a valid dns server to do > the ipcalc call to set the laptop's hostname. If I start dnsmasq > before the network comes up, something gets fubar'd. I'm not sure how > to describe it exactly, but network services are slow to load, and > restarting networking and dnsmasq doesn't solve the problem. Perhaps > dnsmasq is answering the dhcp request when the network starts? > Certainly not desired behavior. > > Anyway, my question: is there a way to have the best of both worlds? > DHCP requests to another server, and DNS lookups that work at all > times? > > My current best idea on how to solve this problem is modifying the > dnsmasq initscript to tweak /etc/dhclient-enter-hooks to change where > dhclient writes resolv.conf data, and fixing up /etc/resolv.conf on > the fly to set 127.0.0.1 to the nameserver (and somehow keep the > search domains intact), but I'm hoping that I'm just missing some key > piece of the puzzle and that this problem has been solved before. Any > insights? > > -- > Joseph Tate > Personal e-mail: jtate AT dragonstrider DOT com > Web: http://www.dragonstrider.com > dnsmasq-2.80.orig/contrib/openvpn/dhclient-enter-hooks0000664000000000000000000000130713350032235020033 0ustar #!/bin/bash function save_previous() { if [ -e $1 -a ! -e $1.predhclient ]; then mv $1 $1.predhclient fi } function write_resolv_conf() { RESOLVCONF=$1 if [ -n "$new_domain_name" ] || [ -n "$new_domain_name_servers" ]; then save_previous $RESOLVCONF echo '; generated by /etc/dhclient-enter-hooks' > $RESOLVCONF if [ -n "$SEARCH" ]; then echo search $SEARCH >> $RESOLVCONF else if [ -n "$new_domain_name" ]; then echo search $new_domain_name >> $RESOLVCONF fi fi chmod 644 $RESOLVCONF for nameserver in $new_domain_name_servers; do echo nameserver $nameserver >>$RESOLVCONF done fi } make_resolv_conf() { write_resolv_conf /etc/resolv.conf } dnsmasq-2.80.orig/contrib/openvpn/dnsmasq.patch0000664000000000000000000000403113350032235016546 0ustar --- dnsmasq-2.22/rpm/dnsmasq.rh 2005-03-24 09:51:18.000000000 -0500 +++ dnsmasq-2.22/rpm/dnsmasq.rh.new 2005-08-25 10:52:04.310568784 -0400 @@ -2,7 +2,7 @@ # # Startup script for the DNS caching server # -# chkconfig: 2345 99 01 +# chkconfig: 2345 07 89 # description: This script starts your DNS caching server # processname: dnsmasq # pidfile: /var/run/dnsmasq.pid @@ -10,6 +10,25 @@ # Source function library. . /etc/rc.d/init.d/functions +function setup_dhclient_enter_hooks() { + if [ -f /etc/dhclient-enter-hooks ]; then + . /etc/dhclient-enter-hooks + cp /etc/resolv.conf /etc/resolv.conf.dnsmasq + cp /etc/dhclient-enter-hooks /etc/dhclient-enter-hooks.dnsmasq + sed -e 's/resolv\.conf$/resolv.conf.dnsmasq/' /etc/dhclient-enter-hooks.dnsmasq > /etc/dhclient-enter-hooks + sed -e 's/\(nameserver[ tab]\+\)[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/\1127.0.0.1/' /etc/resolv.conf.dnsmasq > /etc/resolv.conf + fi +} + +function teardown_dhclient_enter_hooks() { + if [ -f /etc/dhclient-enter-hooks -a -f /etc/dhclient-enter-hooks.dnsmasq ]; then + if [ -f /etc/resolv.conf.dnsmasq ]; then + mv /etc/resolv.conf.dnsmasq /etc/resolv.conf + fi + mv /etc/dhclient-enter-hooks.dnsmasq /etc/dhclient-enter-hooks + fi +} + # Source networking configuration. . /etc/sysconfig/network @@ -24,7 +43,7 @@ MAILHOSTNAME="" # change this line if you want dns to get its upstream servers from # somewhere other that /etc/resolv.conf -RESOLV_CONF="" +RESOLV_CONF="/etc/resolv.conf.dnsmasq" # change this if you want dnsmasq to cache any "hostname" or "client-hostname" from # a dhcpd's lease file @@ -54,6 +73,7 @@ case "$1" in start) echo -n "Starting dnsmasq: " + setup_dhclient_enter_hooks daemon $dnsmasq $OPTIONS RETVAL=$? echo @@ -62,6 +82,7 @@ stop) if test "x`pidof dnsmasq`" != x; then echo -n "Shutting down dnsmasq: " + teardown_dhclient_enter_hooks killproc dnsmasq fi RETVAL=$? dnsmasq-2.80.orig/contrib/port-forward/0000775000000000000000000000000013350032235015022 5ustar dnsmasq-2.80.orig/contrib/port-forward/dnsmasq-portforward0000775000000000000000000000362013350032235020766 0ustar #!/bin/bash # # /usr/sbin/dnsmasq-portforward # # A script which gets run when the dnsmasq DHCP lease database changes. # It logs to $LOGFILE, if it exists, and maintains port-forwards using # IP-tables so that they always point to the correct host. See # $PORTSFILE for details on configuring this. dnsmasq must be version 2.34 # or later. # # To enable this script, add # dhcp-script=/usr/sbin/dnsmasq-portforward # to /etc/dnsmasq.conf # # To enable logging, touch $LOGFILE # PORTSFILE=/etc/portforward LOGFILE=/var/log/dhcp.log IPTABLES=/sbin/iptables action=${1:-0} hostname=${4} # log what's going on. if [ -f ${LOGFILE} ] ; then date +"%D %T $*" >>${LOGFILE} fi # If a lease gets stripped of a name, we see that as an "old" action # with DNSMASQ_OLD_HOSTNAME set, convert it into a "del" if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then action=del hostname=${DNSMASQ_OLD_HOSTNAME} fi # IPv6 leases are not our concern. no NAT there! if [ ${DNSMASQ_IAID} ] ; then exit 0 fi # action init is not relevant, and will only be seen when leasefile-ro is set. if [ ${action} = init ] ; then exit 0 fi # action tftp is not relevant. if [ ${action} = tftp ] ; then exit 0 fi if [ ${hostname} ]; then ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE}) for port in $ports; do verb=removed protocol=tcp if [ ${port:0:1} = u ] ; then protocol=udp port=${port/u/} fi src=${port/:*/} dst=${port/*:/} # delete first, to avoid multiple copies of rules. ${IPTABLES} -t nat -D PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst if [ ${action} != del ] ; then ${IPTABLES} -t nat -A PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst verb=added fi if [ -f ${LOGFILE} ] ; then echo " DNAT $protocol $src to ${3}:$dst ${verb}." >>${LOGFILE} fi done fi exit 0 dnsmasq-2.80.orig/contrib/port-forward/portforward0000664000000000000000000000243713350032235017324 0ustar # This file is read by /usr/sbin/dnsmasq-portforward and used to set up port # forwarding to hostnames. If the dnsmasq-determined hostname matches the # first column of this file, then a DNAT port-forward will be set up # to the address which has just been allocated by DHCP . The second field # is port number(s). If there is only one, then the port-forward goes to # the same port on the DHCP-client, if there are two separated with a # colon, then the second number is the port to which the connection # is forwarded on the DHCP-client. By default, forwarding is set up # for TCP, but it can done for UDP instead by prefixing the port to "u". # To forward both TCP and UDP, two lines are required. # # eg. # wwwserver 80 # will set up a port forward from port 80 on this host to port 80 # at the address allocated to wwwserver whenever wwwserver gets a DHCP lease. # # wwwserver 8080:80 # will set up a port forward from port 8080 on this host to port 80 # on the DHCP-client. # # dnsserver 53 # dnsserver u53 # will port forward port 53 UDP and TCP from this host to port 53 on dnsserver. # # Port forwards will recreated when dnsmasq restarts after a reboot, and # removed when DHCP leases expire. After editing this file, send # SIGHUP to dnsmasq to install new iptables entries in the kernel. dnsmasq-2.80.orig/contrib/reverse-dns/0000775000000000000000000000000013350032235014631 5ustar dnsmasq-2.80.orig/contrib/reverse-dns/README0000664000000000000000000000114413350032235015511 0ustar The script reads stdin and replaces all IP addresses with names before outputting it again. IPs from private networks are reverse looked up via dns. Other IP addresses are searched for in the dnsmasq query log. This gives names (CNAMEs if I understand DNS correctly) that are closer to the name the client originally asked for then the names obtained by reverse lookup. Just run netstat -n -4 | ./reverse_replace.sh to see what it does. It needs log-queries log-facility=/var/log/dnsmasq.log in the dnsmasq configuration. The script runs on debian (with ash installed) and on busybox. dnsmasq-2.80.orig/contrib/reverse-dns/reverse_replace.sh0000664000000000000000000000513213350032235020334 0ustar #!/bin/ash # $Id: reverse_replace.sh 18 2015-03-01 16:12:35Z jo $ # # Usage e.g.: netstat -n -4 | reverse_replace.sh # Parses stdin for IP4 addresses and replaces them # with names retrieved by parsing the dnsmasq log. # This currently only gives CNAMEs. But these # usually tell you more than the ones from reverse # lookups. # # This has been tested on debian and asuswrt. Please # report successful tests on other platforms. # # Author: Joachim Zobel # License: Consider this MIT style licensed. You can # do as you ike, but you must not remove my name. # LOG=/var/log/dnsmasq.log MAX_LINES=15000 # sed regex do match IPs IP_regex='[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' # private IP ranges IP_private='\(^127\.\)\|\(^192\.168\.\)\|\(^10\.\)\|\(^172\.1[6-9]\.\)\|\(^172\.2[0-9]\.\)\|\(^172\.3[0-1]\.\)' ####################################################################### # Find Commands HOST=nslookup if type host > /dev/null 2>&1; then # echo "No need for nslookup, host is there" HOST=host fi ####################################################################### # Functions # Use shell variables for an (IP) lookup table create_lookup_table() { # Parse log into lookup table local CMDS="$( tail -"$MAX_LINES" "$LOG" | \ grep " is $IP_regex" | \ sed "s#.* \([^ ]*\) is \($IP_regex\).*#set_val \2 \1;#" )" local IFS=' ' for CMD in $CMDS do eval $CMD done } set_val() { local _IP=$(echo $1 | tr . _) local KEY="__IP__$_IP" eval "$KEY"=$2 } get_val() { local _IP=$(echo $1 | tr . _) local KEY="__IP__$_IP" eval echo -n '${'"$KEY"'}' } dns_lookup() { local IP=$1 local RTN="$($HOST $IP | \ sed 's#\s\+#\n#g' | \ grep -v '^$' | \ tail -1 | tr -d '\n' | \ sed 's#\.$##')" if echo $RTN | grep -q NXDOMAIN; then echo -n $IP else echo -n "$RTN" fi } reverse_dns() { local IP=$1 # Skip if it is not an IP if ! echo $IP | grep -q "^$IP_regex$"; then echo -n $IP return fi # Do a dns lookup, if it is a local IP if echo $IP | grep -q $IP_private; then dns_lookup $IP return fi local NAME="$(get_val $IP)" if [ -z "$NAME" ]; then echo -n $IP else echo -n $NAME fi } ####################################################################### # Main create_lookup_table while read LINE; do for IP in $(echo "$LINE" | \ sed "s#\b\($IP_regex\)\b#\n\1\n#g" | \ grep $IP_regex) do NAME=`reverse_dns $IP ` # echo "$NAME $IP" LINE=`echo "$LINE" | sed "s#$IP#$NAME#" ` done echo $LINE done dnsmasq-2.80.orig/contrib/slackware-dnsmasq/0000775000000000000000000000000013350032235016014 5ustar dnsmasq-2.80.orig/contrib/slackware-dnsmasq/dnsmasq.SlackBuild0000775000000000000000000000314113350032235021423 0ustar #!/bin/sh CWD=`pwd` PKG=/tmp/package-dnsmasq VERSION=2.24 ARCH=${ARCH:-i486} BUILD=${BUILD:-1} if [ "$ARCH" = "i386" ]; then SLKCFLAGS="-O2 -march=i386 -mcpu=i686" elif [ "$ARCH" = "i486" ]; then SLKCFLAGS="-O2 -march=i486 -mcpu=i686" elif [ "$ARCH" = "s390" ]; then SLKCFLAGS="-O2" elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2" fi rm -rf $PKG mkdir -p $PKG cd /tmp rm -rf dnsmasq-$VERSION tar xzvf $CWD/dnsmasq-$VERSION.tar.gz cd dnsmasq-$VERSION zcat $CWD/dnsmasq.leasedir.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit chown -R root.root . make install-i18n PREFIX=/usr DESTDIR=$PKG MANDIR=/usr/man chmod 755 $PKG/usr/sbin/dnsmasq chown -R root.bin $PKG/usr/sbin gzip -9 $PKG/usr/man/man8/dnsmasq.8 for f in $PKG/usr/share/man/*; do if [ -f $$f/man8/dnsmasq.8 ]; then gzip -9 $$f/man8/dnsmasq.8 ; fi done gzip -9 $PKG/usr/man/*/man8/dnsmasq.8 mkdir -p $PKG/var/state/dnsmasq ( cd $PKG find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null ) mkdir $PKG/etc cat dnsmasq.conf.example > $PKG/etc/dnsmasq.conf.new mkdir $PKG/etc/rc.d zcat $CWD/rc.dnsmasq.gz > $PKG/etc/rc.d/rc.dnsmasq.new mkdir -p $PKG/usr/doc/dnsmasq-$VERSION cp -a \ CHANGELOG COPYING FAQ UPGRADING_to_2.0 doc.html setup.html \ $PKG/usr/doc/dnsmasq-$VERSION mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh cd $PKG makepkg -l y -c n ../dnsmasq-$VERSION-$ARCH-$BUILD.tgz dnsmasq-2.80.orig/contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz0000664000000000000000000000066313350032235022527 0ustar 9A}N07O1*7R'4R$ЊвRrIcءS*X(E̙B Im[ѵ\'MbZ(6-"zxg(8}XxI6g=Ep&kXK|Z?׫wx~>' /xMr9_ }m*Tho[_bDN,Ӎ'm|BdwxP3~-^[wc*Rto 鉽%7[M c0bE)/`VLQlO47Wb-hDa l!=8[Box}i'Ss q!`ǵ 5U}!to6*Z2ijM%Z*8EC?V} wa]?UVC QF#ydnsmasq-2.80.orig/contrib/slackware-dnsmasq/doinst.sh.gz0000664000000000000000000000045613350032235020274 0ustar 1p@doinst.shuOMK1xn *-({Ӄ "xaͬ ld[ߝ Uz&k1 xZm[w֥` # If you use dnsmasq as DHCP server on a router, you may have # met with attackers trying ARP Poison Routing (APR) on your # local area network. This script will setup a 'permanent' entry # in the router's ARP table upon each DHCP transaction so as to # make the attacker's efforts less successful. # Usage: # edit /etc/dnsmasq.conf and specify the path of this script # to dhcp-script, for example: # dhcp-script=/usr/sbin/static-arp # if $1 is add or old, update the static arp table entry. # if $1 is del, then delete the entry from the table # if $1 is init which is called by dnsmasq at startup, it's ignored ARP=/usr/sbin/arp # Arguments. # $1 is action (add, del, old) # $2 is MAC # $3 is address # $4 is hostname (optional, may be unset) if [ ${1} = del ] ; then ${ARP} -d $3 fi if [ ${1} = old ] || [ ${1} = add ] ; then ${ARP} -s $3 $2 fi dnsmasq-2.80.orig/contrib/systemd/0000775000000000000000000000000013350032235014064 5ustar dnsmasq-2.80.orig/contrib/systemd/README0000664000000000000000000000107513350032235014747 0ustar Hello, I created a systemd service file for dnsmasq. systemd is a sysvinit replacement (see [1] for more information). One of the goals of systemd is to encourage standardization between different distributions. This means, while I also submitted a ticket in Debian GNU/Linux, I would like to ask you to accept this service file as the upstream distributor, so that other distributions can use the same service file and don’t have to ship their own. Please include this file in your next release (just like in init script). [1] http://en.wikipedia.org/wiki/Systemd dnsmasq-2.80.orig/contrib/systemd/dbus_activation0000664000000000000000000000324513350032235017171 0ustar To: dnsmasq-discuss@lists.thekelleys.org.uk From: Alex Elsayed Date: Tue, 15 May 2012 01:53:54 -0700 Subject: [Dnsmasq-discuss] [PATCH] Support dbus activation Introduce dbus service file and turn dbus on in the systemd unit. Note to packagers: To add support for dbus activation, you must install the dbus service file (dbus/uk.org.thekelleys.dnsmasq.service) into $DATADIR/dbus-1/system-services. --- contrib/systemd/dnsmasq.service | 2 +- dbus/uk.org.thekelleys.dnsmasq.service | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 dbus/uk.org.thekelleys.dnsmasq.service diff --git a/contrib/systemd/dnsmasq.service b/contrib/systemd/dnsmasq.service index a27fe6d..4a784d3 100644 --- a/contrib/systemd/dnsmasq.service +++ b/contrib/systemd/dnsmasq.service @@ -5,7 +5,7 @@ Description=A lightweight DHCP and caching DNS server Type=dbus BusName=uk.org.thekelleys.dnsmasq ExecStartPre=/usr/sbin/dnsmasq --test -ExecStart=/usr/sbin/dnsmasq -k +ExecStart=/usr/sbin/dnsmasq -k -1 ExecReload=/bin/kill -HUP $MAINPID [Install] diff --git a/dbus/uk.org.thekelleys.dnsmasq.service b/dbus/uk.org.thekelleys.dnsmasq.service new file mode 100644 index 0000000..f5fe98d --- /dev/null +++ b/dbus/uk.org.thekelleys.dnsmasq.service @@ -0,0 +1,7 @@ +[D-BUS Service] +Name=uk.org.thekelleys.dnsmasq +Exec=/usr/sbin/dnsmasq -k -1 +User=root +SystemdService=dnsmasq.service + + -- 1.7.10.2 _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss dnsmasq-2.80.orig/contrib/systemd/dnsmasq.service0000664000000000000000000000041413350032235017113 0ustar [Unit] Description=dnsmasq - A lightweight DHCP and caching DNS server [Service] Type=dbus BusName=uk.org.thekelleys.dnsmasq ExecStartPre=/usr/sbin/dnsmasq --test ExecStart=/usr/sbin/dnsmasq -k ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target dnsmasq-2.80.orig/contrib/try-all-ns/0000775000000000000000000000000013350032235014376 5ustar dnsmasq-2.80.orig/contrib/try-all-ns/README0000664000000000000000000000107713350032235015263 0ustar Date: Thu, 07 Dec 2006 00:41:43 -0500 From: Bob Carroll Subject: dnsmasq suggestion To: simon@thekelleys.org.uk Hello, I recently needed a feature in dnsmasq for a very bizarre situation. I placed a list of name servers in a special resolve file and told dnsmasq to use that. But I wanted it to try requests in order and treat NXDOMAIN requests as a failed tcp connection. I wrote the feature into dnsmasq and it seems to work. I prepared a patch in the event that others might find it useful as well. Thanks and keep up the good work. --Bob dnsmasq-2.80.orig/contrib/try-all-ns/README-2.470000664000000000000000000000073413350032235015652 0ustar A remake of patch Bob Carroll had posted to dnsmasq, now compatible with version 2.47. Hopefully he doesn't mind (sending a copy of this mail to him too). Maybe the patch in question is not acceptable as it doesn't add new switch, rather it binds itself to "strict-order". What it does is: if you have strict-order in the dnsmasq config file and query a domain that would result in NXDOMAIN, it iterates the whole given nameserver list until the last one says NXDOMAIN. dnsmasq-2.80.orig/contrib/try-all-ns/README-2.780000664000000000000000000000053613350032235015656 0ustar Hi, I updated the try-all-ns patch to work with the latest version of git. Ended up implementing it on top of master, 2.78test2-7-g63437ff. As that specific if-clause has been changed in the last few commits, it's not compatible for 2.77, sadly. Find the patch attached. Regards, Rasmus Ahlberg Software Developer, R&D Electrolux Small Appliances dnsmasq-2.80.orig/contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch0000664000000000000000000000452013350032235021453 0ustar diff -Nau dnsmasq-2.35/src/dnsmasq.h dnsmasq/src/dnsmasq.h --- dnsmasq-2.35/src/dnsmasq.h 2006-10-18 16:24:50.000000000 -0400 +++ dnsmasq/src/dnsmasq.h 2006-11-16 22:06:31.000000000 -0500 @@ -112,6 +112,7 @@ #define OPT_NO_PING 2097152 #define OPT_LEASE_RO 4194304 #define OPT_RELOAD 8388608 +#define OPT_TRY_ALL_NS 16777216 struct all_addr { union { diff -Nau dnsmasq-2.35/src/forward.c dnsmasq/src/forward.c --- dnsmasq-2.35/src/forward.c 2006-10-18 16:24:50.000000000 -0400 +++ dnsmasq/src/forward.c 2006-11-16 22:08:19.000000000 -0500 @@ -445,6 +445,10 @@ { struct server *server = forward->sentto; + // If strict-order and try-all-ns are set, treat NXDOMAIN as a failed request + if( (daemon->options & OPT_ORDER) && (daemon->options && OPT_TRY_ALL_NS) + && header->rcode == NXDOMAIN ) header->rcode = SERVFAIL; + if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && forward->forwardall == 0) /* for broken servers, attempt to send to another one. */ { diff -Nau dnsmasq-2.35/src/option.c dnsmasq/src/option.c --- dnsmasq-2.35/src/option.c 2006-10-18 16:24:50.000000000 -0400 +++ dnsmasq/src/option.c 2006-11-16 22:10:36.000000000 -0500 @@ -28,7 +28,7 @@ /* options which don't have a one-char version */ #define LOPT_RELOAD 256 - +#define LOPT_TRY_ALL_NS 257 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = @@ -102,6 +102,7 @@ {"leasefile-ro", 0, 0, '9'}, {"dns-forward-max", 1, 0, '0'}, {"clear-on-reload", 0, 0, LOPT_RELOAD }, + {"try-all-ns", 0, 0, LOPT_TRY_ALL_NS }, { NULL, 0, 0, 0 } }; @@ -134,6 +135,7 @@ { '5', OPT_NO_PING }, { '9', OPT_LEASE_RO }, { LOPT_RELOAD, OPT_RELOAD }, + { LOPT_TRY_ALL_NS,OPT_TRY_ALL_NS }, { 'v', 0}, { 'w', 0}, { 0, 0 } @@ -208,6 +210,7 @@ { "-9, --leasefile-ro", gettext_noop("Read leases at startup, but never write the lease file."), NULL }, { "-0, --dns-forward-max=", gettext_noop("Maximum number of concurrent DNS queries. (defaults to %s)"), "!" }, { " --clear-on-reload", gettext_noop("Clear DNS cache when reloading %s."), RESOLVFILE }, + { " --try-all-ns", gettext_noop("Try all name servers in tandem on NXDOMAIN replies (use with strict-order)."), NULL }, { NULL, NULL, NULL } }; dnsmasq-2.80.orig/contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch0000664000000000000000000000124713350032235024113 0ustar diff -ur dnsmasq-2.47/src/forward.c dnsmasq-2.47-patched/src/forward.c --- dnsmasq-2.47/src/forward.c 2009-02-01 17:59:48.000000000 +0200 +++ dnsmasq-2.47-patched/src/forward.c 2009-03-18 19:10:22.000000000 +0200 @@ -488,9 +488,12 @@ return; server = forward->sentto; + + if ( (header->rcode == NXDOMAIN) && ((daemon->options & OPT_ORDER) != 0) && (server->next != NULL) ) + header->rcode = SERVFAIL; if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && - !(daemon->options & OPT_ORDER) && + ((daemon->options & OPT_ORDER) != 0) && forward->forwardall == 0) /* for broken servers, attempt to send to another one. */ { dnsmasq-2.80.orig/contrib/try-all-ns/dnsmasq-2.68-try-all-ns0000664000000000000000000000202613350032235020362 0ustar From: Jesse Glick To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Ability to delegate to one server but fall back to another after NXDOMAIN? On Wed, Jan 15, 2014 at 12:30 PM, Simon Kelley wrote: > > There's a (very old) patch in contrib/try-all-ns that would make a starting point This does not apply against trunk, so I tried to rework it. The following appears to do what I expect: diff --git a/src/forward.c b/src/forward.c index 8167229..76070b5 100644 --- a/src/forward.c +++ b/src/forward.c @@ -610,7 +610,11 @@ void reply_query(int fd, int family, time_t now) if ((RCODE(header) == SERVFAIL || RCODE(header) == REFUSED) && !option_bool(OPT_ORDER) && - forward->forwardall == 0) + forward->forwardall == 0 || + /* try each in turn */ + RCODE(header) == NXDOMAIN && + option_bool(OPT_ORDER) && + server->next != NULL) /* for broken servers, attempt to send to another one. */ { unsigned char *pheader; dnsmasq-2.80.orig/contrib/try-all-ns/dnsmasq-2.78xx-try-all-ns.patch0000664000000000000000000000144313350032235022043 0ustar diff --git a/src/forward.c b/src/forward.c index e3fa94b..ecf3b98 100644 --- a/src/forward.c +++ b/src/forward.c @@ -789,9 +789,12 @@ void reply_query(int fd, int family, time_t now) /* Note: if we send extra options in the EDNS0 header, we can't recreate the query from the reply. */ - if (RCODE(header) == REFUSED && - forward->forwardall == 0 && - !(forward->flags & FREC_HAS_EXTRADATA)) + if ((RCODE(header) == REFUSED && + forward->forwardall == 0 && + !(forward->flags & FREC_HAS_EXTRADATA)) || + /* If strict-order is set, try next server on NXDOMAIN reply */ + (RCODE(header) == NXDOMAIN && option_bool(OPT_ORDER) && + server->next != NULL)) /* for broken servers, attempt to send to another one. */ { unsigned char *pheader; dnsmasq-2.80.orig/contrib/webmin/0000775000000000000000000000000013350032235013655 5ustar dnsmasq-2.80.orig/contrib/webmin/README0000664000000000000000000000425413350032235014542 0ustar This is the README for the Dnsmasq webmin module. Problems: 1) There's only basic error checking - if you enter some bad addresses or names, they will go straight into the config file although we do check for things like IP addresses being of the correct form (no letters, 4 groups of up to 3 digits separated by dots etc). One thing that ISN'T CHECKED FOR is that IP dotted quads are all numbers < 256. Another is that netmasks are logical (you could enter a netmask of 255.0.255.0 for example). Essentially, if it'll pass the config file regex scanner (and the above examples will), it won't be flagged as "bad" even if it is a big no-no for dnsmasq itself. 2) Code is ugly and a kludge - I ain't a programmer! There are probably a lot of things that could be done to tidy up the code - eg, it probably wouldn't hurt to move some common stuff into the lib file. 3) I've used the %text hash and written an english lang file, but I am mono-lingual so no other language support as yet. 4) for reasons unknown to me, the icon does not appear properly on the servers page of webmin (at least it doesn't for me!) 5) icons have been shamelessly stolen from the ipfilter module, specifically the up and down arrows. 6) if you delete an item, the config file will contain an otherwise empty, but commented line. This means that if you add some new stuff, then delete it, the config file will have a number of lines at the end that are just comments. Therefore, the config file could possibly grow quite large. 7) NO INCLUDE FILES! if you use an include file, it'll be flagged as an error. OK if the include file line is commented out though. 8) deprecated lines not supported (eg user and group) - they may produce an error! (user and group don't, but you can't change them) IOW, it works, it's just not very elegant and not very robust. Hope you find it useful though - I do, as I prevents me having to ever wade through the config file and man pages again. If you modify it, or add a language file, and you have a spare moment, please e-mail me - I won't be upset at all if you fix my poor coding! (rather the opposite - I'd be pleased someone found it useful) Cheers, Neil Fisher dnsmasq-2.80.orig/contrib/webmin/dnsmasq.wbm0000664000000000000000000052400013350032235016033 0ustar dnsmasq/0000755000000000000000000000000010512645440011223 5ustar rootrootdnsmasq/config.info0000644000000000000000000000013210505663743013351 0ustar rootrootconfig_file=Full path to DNSmasq config file,0 restart=Shell script to re-start DNSmasq,0 dnsmasq/config0000644000000000000000000000006110505663767012426 0ustar rootrootconfig_file=/etc/dnsmasq.conf restart=restart.sh dnsmasq/images/0000755000000000000000000000000010506375201012466 5ustar rootrootdnsmasq/images/icon.gif0000644000000000000000000000061610505632635014116 0ustar rootrootGIF89a00ccc,00I8k;`xqBY~b vq*W^9\HCG!ŏD?+ -p P j:@o1~9~mz{~}my|D-@VQb,P'VOr^Vjxz;[f^zøȰܞħL}1O`By {{H@0E1F,D)~dH!%̑rґYm_61ɓgw4+3&,;\ZTEL{Z 5jS?Έ;dnsmasq/images/template.gif0000644000000000000000000000356006771443034015005 0ustar rootrootGIF89a0UUU999rrr!Made with GIMP,0 8AZdiӠhksh߶L|G,rY̥q0 Ԓ0-]%6AkX=Q}~T{Moa-W~~x,vuc&$xa4eSyu`g$bͽ~ʣ `lˁj\QԸꪀ>"{9ۗFḃYWͳ?QdƌJf)hcv'w+#1|XgO-ahB (`DZڄU.EbP FKD[B< [Ŝ" JÞi0*a -VI@ \( I /*!0@*>Lhp20:v6V.᧲.Ԛa& 9M$bE\ d"uKw;_a_J]6㰣'yDt3WA3i6In:&Q,~tj'-W{!ϵ 71w^w P 8hY 2T\mS|FG]څGEvM1%!U.#pGDeV+.ע>>Y68duZ&8\GM}gMY{U.٢XX&#)kpKL(XF1M\Jh#Ma&qrYF*]AhF9hT)L\]1lfj`\㩝pyV*M֪|8tY.$>\)(vJ:(܆N۬n/{'^yySU洦gj5ۃ-,䮳%K5;[~,|ӌJ:uzA࠿d^8)W1ʩz)nj. zÇ9scm%Z[=Sy\ So]5E_]K[+uO5Sn3 bM Ēܶэ5rmBN!-?58Ŕ hOk~ }3^Q8Yκi{=8'r;+pڛͻz*r4[0k&<#/$q;֜tŅ" C Mtv0_+PI 7 >⁲$*F,N|H}t>YxT7s=X!ZÓJsؿd ;v尋F`%-xG#6. .O8xdH!D춨XjXϢV>q7c @<2_V1X^F p\2)Ѹ'OEf'$Gce˲eҐٛD/rI4ڥ@,+'6dlT T(7!@*:!,&ɴ< }h&iRUiџ ηibkCfPM~O('%Sfxy:5v*_I6m =Hn$z4Z(Q\e >5 DnRۘj4 W百5%&Gi:fXJQ-IXq" :xFS|`H ɔj--{ DGjRv-[rzhhGKҚiWֺ6{lgKڢ ͭnwk\ pEr=ߒ:}t+R5.K;dnsmasq/images/up.gif0000644000000000000000000000014710506373750013612 0ustar rootrootGIF89arrr!Made with GIMP! ,& |'Io|b%eRG;Ssf;dnsmasq/images/down.gif0000644000000000000000000000015410506373750014133 0ustar rootrootGIF89arrr!Made with GIMP! ,+@"IUieJbA I m.dN;dnsmasq/images/gap.gif0000644000000000000000000000011110506375201013715 0ustar rootrootGIF89a!Made with GIMP! ,ڋ>;dnsmasq/module.info0000644000000000000000000000014210501433425013356 0ustar rootrootname=DNSMasq desc=DNSMasq integrated DNS & DHCP servers os_support= depends=0.77 category=servers dnsmasq/index.cgi0000755000000000000000000000753110512641067013030 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - index.cgi; basic DNS config # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks &header($text{'index_title'}, "", "intro", 1, 1, undef, "Written by Neil Fisher
Author
Home://page"); # uses the index_title entry from ./lang/en or appropriate ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure # output as web page &header( "DNSMasq settings", "" ); &parse_config_file( \%config, \$config_file ); print "
\n"; if( $config{errors} > 0 ) { print "

WARNING: found "; print $config{errors}; print "errors in config file!


\n"; } print &ui_form_start( 'basic_apply.cgi', "post" ); print "
\n"; print "

$text{'DNS_settings'}

"; print "

\n"; print $text{'local_domain'}; print &ui_textbox( "local_domain", $config{domain}{domain}, 32 ); print "

\n"; print $text{'domain_needed'}; print &ui_yesno_radio( "domain_needed", ($config{domain_needed}{used})?1:0 ); print "

\n"; print $text{'expand_hosts'}; print &ui_yesno_radio( "expand_hosts", ($config{expand_hosts}{used})?1:0 ); print "

\n"; print $text{'bogus_priv'}; print &ui_yesno_radio( "bogus_priv", ($config{bogus_priv}{used})?0:1 ); print "

\n"; print $text{'filterwin2k'}; print &ui_yesno_radio( "filterwin2k", ($config{filterwin2k}{used})?1:0 ); print "

\n"; print $text{'hosts'}; print &ui_yesno_radio( "hosts", ($config{no_hosts}{used}?0:1) ); print "
\n"; print $text{'xhosts'}; print &ui_yesno_radio( "xhosts", ($config{addn_hosts}{used}?1:0) ); print "
\n"; print $text{'xhostsfile'}; print &ui_textbox( "addn_hosts", $config{addn_hosts}{file}, 40 ); print "

\n"; print $text{'neg_cache'}; print &ui_yesno_radio( "neg_cache", ($config{neg_cache}{used}?0:1) ); print "

\n"; print $text{'cache_size'}; print &ui_yesno_radio( "cache_size", ($config{cache_size}{used}?1:0) ); print "
\n"; print $text{'cust_cache_size'}; print &ui_textbox( "cust_cache_size", $config{cache_size}{size}, 40 ); print "

\n"; print $text{'log_queries'}; print &ui_yesno_radio( "log_queries", ($config{log_queries}{used}?1:0) ); print "

\n"; print $text{'local_ttl'}; print &ui_yesno_radio( "local_ttl", ($config{local_ttl}{used}?1:0) ); print "
\n"; print $text{'ttl'}; print &ui_textbox( "ttl", $config{local_ttl}{ttl}, 40 ); print "

\n"; print &ui_submit( $text{'save_button'} ); print &ui_form_end( ); print "
"; print ""; print $text{'servers_config'}; print "
"; print ""; print $text{'iface_config'}; print "
"; print ""; print $text{'alias_config'}; print "
"; print "
"; print ""; print $text{'DHCP_config'}; print "
"; print "
"; print ""; print $text{'restart'}; print "
"; &footer("/", $text{'index'}); # uses the index entry in /lang/en ## if subroutines are not in an extra file put them here ### END of index.cgi ###. dnsmasq/acl_security.pl0000644000000000000000000000056107000420647014246 0ustar rootroot # acl_security_form(&options) # Output HTML for editing security options for the apache module sub acl_security_form { ## Here you have to fill in the code for output } # acl_security_save(&options) # Parse the form for security options for the apache module sub acl_security_save { ## here you have to fill in the handling code for the saving the ACL } ### END.dnsmasq/lang/0000755000000000000000000000000010512641175012145 5ustar rootrootdnsmasq/lang/en0000644000000000000000000000766610512637344012514 0ustar rootroot lang=en author=Neil Fisher module_author=Neil Fisher homepage=www.nonexistent.invalid copyright=(C) 2006 by Neil Fisher license=GPL index_title=DNSMasq - integrated DNS and DHCP servers DNS_settings=Basic DNS settings DHCP_settings=DHCP settings DNS_servers=DNS Upstream Servers Configuration iface_settings=Network Interface Settings alias_settings=Alias / Redirect Settings local_domain=Local domain name domain_needed=Only forward names with a domain part expand_hosts=Add local domain name to DHCP leases & hosts in /etc/hosts bogus_priv=Allow unresolved reverse lookups on local network to propogate out filterwin2k=Prevent windows SOA & SRV requests propogating out resolv=Read /etc/resolv.conf poll=poll resolv.conf file resolv_file_explicit=Use non-standard resolv.conf file resolv_file=non-standard resolv.conf file to use strict_order=Always use nameservers in order provided hosts=Read /etc/hosts file xhosts=Use additional hosts file xhostsfile=File to use for additional hosts neg_cache=Cache negative responses log_queries=Log each DNS lookup cache_size=Use custom cache size cust_cache_size=Custom cache size to use local_ttl=Use specified local Time-To-Live ttl=Local TTL dynamic=Defined in resolv.conf file domain=For domain address=IP address in_use=In use used=In Use not_used=Defined only (not used) in_file=Defined in config file new_dns_serv=Add new upstream server to config file save_button=Save servers_config=Configure upstream DNS Servers alias_config=Configure Forced Domains and Alias responses iface_config=Configure network interfaces DHCP_config=Configure DHCP restart=Restart DNSmasq restarting=Trying to restart DNSmasq. Script messages are: srv_edit=Edit upstream DNS server srv_named=For specific domain srv_name=Specific domain srv_addr=Server address delet=Delete iface=Interface xiface=Except Interface listen=Listen on new_iface=Add new interface iface_listen=Interface to listen on xiface_listen=Except interfaces listen_addr=Listen Address new_addr=Add new address edit_iface=Edit interface iface_name=Interface name edit_xiface=Edit except interface listen_name=Listen address edit_listen=Edit listen address xiface_name=Except interface name bind_iface=Bind to individual interfaces instead of wildcard address forced=Forced domain responses nx=Forced NXDOMAIN IP addresses alias=Aliased IP addresses forced_domain=Domain name forced_ip=To IP address forced_from=From IP address forced_mask=Netmask forced_mask_used=Use a netmask forced_add=Add new forced domain alias_add=Add new alias nx_add=Add new forced NXDOMAIN forced_edit=Edit forced domain reponse alias_edit=Edit IP address alias nx_edit=Edit Forced NXDOMAIN response net_id=Network/Client ID timed=Use a lease time leasetime=Lease time dhcp_range=DHCP IP address ranges range_edit=Edit DHCP range range_add=Add new DHCP range ided=Network ID id=Network ID to use hosts=Specific Hosts host_add=Add a new host specification vendor_classes=Vendor Class Specification user_classes=User Class Specification vendor=Vendor user=User class=Class vend_add=Add new vendor class user_add=Add new user class read_ethers=Read /etc/ethers for lease info misc=Miscellaneous DHCP options dhcp_options=Non-standard DHCP options dhcp_option=Option dhcp_add=Add new option edit_host=Edit DHCP host specification edit_opt=Edit DHCP options opt_spec=DHCP option specification use_bootp=Use BOOTP (network boot) bootp_host=Hostname bootp_file=File bootp_address=IP Address max_leases=Maximum number of leases to grant leasefile=Use a nonstandard lease file lfikletouse=Nonstandard leasefile to use error_heading=Warning - ERROR!!!! err_line=Error in line: err_type=Type of error is: err_help=Try going back and retyping the offending information err_notip=Not a valid IP address err_notmask=Not a valid netmask err_nottime=not a valid time err_configbad=Configuration file has an error err_filebad=Bad file name err_hostbad=Bad host name err_numbbad=Bad number err_domainbad=Bad domain err_namebad=Bad name dnsmasq/lang/en~0000644000000000000000000000034407076651262012702 0ustar rootroot lang=en author=Name of language file author here module_author=Writers name here homepage=modules homepage url here copyright=(C) YYYY by author license=GPL your_message=here you have to write your messages dnsmasq/.index.cgi.swp0000644000000000000000000003000010475225557013710 0ustar rootrootb0VIM 6.3R+DB#staffupstairs.localnet~staff/template/index.cgi3210#"! UtpIad$\ IV U R Q = 7    ] B A 5 4   ~ z w u t _ E C   x w v \ ### END of### END of index.cgi ###.## if subroutines are not in an extra file put them here# uses the index entry in /lang/en&footer("/", $text{'index'});&header( "DNSmasq configuration", "" );} print "$key = $config{$key}
";{foreach my $key (%config)# output as web page} } } $config{"$line"}=1; { else } $config{"$1"}=$2; { if ($line =~ /(.*)\=(.*)/) next if( $line =~ /^\#/ ); { if (defined ($line)){foreach my $line (@$config_file)my %config;# pass into data structure$config_file = &read_file_lines( "/etc/dnsmasq.conf" );# read config file## Insert Output code here# uses the index_title entry from ./lang/en or appropriate "Written by Neil Fisher
Author
Home://page");&header($text{'index_title'}, "", "intro", 1, 1, undef,## sanity checks## put in ACL checks here if needed%access=&get_module_acl;&init_config("MODULENAME");$|=1;do '../web-lib.pl';# This module inherited from the Webmin Module Template 0.79.1 by tn## GNU General Public License for more details.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the# but WITHOUT ANY WARRANTY; without even the implied warranty of# This program is distributed in the hope that it will be useful,## (at your option) any later version.# the Free Software Foundation; either version 2 of the License, or# it under the terms of the GNU General Public License as published by# This program is free software; you can redistribute it and/or modify# # Copyright (C) 2006 by Neil Fisher# DNSMasq Webmin Module ##!/usr/bin/perldnsmasq/srv_edit.cgi0000755000000000000000000000450310512323643013531 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - dns_edit.cgi; upstream server edit # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{srv_edit}."

"; print &ui_form_start( "srv_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print "
".$text{in_use}.&ui_yesno_radio( "used", ($config{servers}[$in{idx}]{used})?1:0 ); print "
".$text{srv_named}.&ui_yesno_radio( "named", ($config{servers}[$in{idx}]{domain_used})?1:0 ); print "
".$text{srv_name}; print &ui_textbox( "name", $config{servers}[$in{idx}]{domain}, 50 ); print "
".$text{srv_addr}; print &ui_textbox( "addr", $config{servers}[$in{idx}]{address}, 18 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "".$text{delet}.""; #print "".$text{delet}.""; print "
".$text{servers_config}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of dns_edit.cgi ###. dnsmasq/dnsmasq-lib.pl0000755000000000000000000003354710512631060014002 0ustar rootroot# # dnsmasq-lib.pl # # dnsmasq webmin module library module # # # the config hash holds the parsed config file # my %config = { errors => 0, mx_host => { used => 0, line => 0, host => "" }, mx_target => { used => 0, line => 0, host => "" }, selfmx => { used => 0, line => 0 }, localmx => { used => 0, line => 0 }, domain_needed => { line => 0, used => 0 }, bogus_priv => { line =>0, used => 0 }, filterwin2k => { line => 0, used => 0 }, resolv_file => { line => 0, used => 0, filename => "/etc/hosts" }, strict_order => { line => 0, used => 0 }, no_resolv => { line => 0, used => 0 }, no_poll => { line => 0, used => 0 }, servers => [], locals => [], forced => [], bogus => [], user => { used => 0, user =>"" }, group => { used => 0, group => "" }, interface => [], ex_interface => [], listen_on => [], alias => [], bind_interfaces => { used => 0, line => 0 }, no_hosts => { used => 0, line => 0 }, addn_hosts => { used => 0, line => 0, file => "" }, expand_hosts => { used => 0, line => 0 }, domain => { used => 0, line => 0, domain => "" }, cache_size => { used => 0, line =>0, size => 0 }, neg_cache => { used => 0, line => 0 }, local_ttl => { used => 0, line => 0, ttl => 0 }, log_queries => { used => 0, line => 0 }, dhcp_range => [], dhcp_host => [], vendor_class => [], user_class => [], dhcp_option => [], dhcp_boot => { used => 0, line => 0, file => "", host => "", address => "" }, dhcp_leasemax => { used => 0, line => 0, max => 0 }, dhcp_leasefile => { used => 0, line => 0, file => "" }, dhcp_ethers => { used => 0, line => 0 } }; # # parse the configuration file and populate the %config structure # sub parse_config_file { my $lineno; my $config = shift; my $config_file = shift; $IPADDR = "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"; $NAME = "[a-zA-Z\_\.][0-9a-zA-Z\_\.]*"; $TIME = "[0-9}+[h|m]*"; $FILE = "[0-9a-zA-Z\_\-\.\/]+"; $NUMBER="[0-9]+"; $lineno=-1; foreach my $line (@$$config_file) { my $subline; my %temp; $lineno++; if (defined ($line)) { # # we always use regexp starting with # ^[\#]*[\s]* # because that allows for a commented out line with # possibly space(s) between the comment marker and keyword # while rejecting any comments that carry our keyword # # reject lines blank at start! next if ($line !~ /^[0-9a-zA-Z\_\-\#]/); # MX records server? if ( $line =~ /(^[\#]*[\s]*mx-host)\=([0-9a-zA-Z\.\-]*)/ ) { } elsif ($line =~ /(^[\#]*[\s]*mx-target)\=([0-9a-zA-Z\.\-]*)/ ) { } elsif ($line =~ /^[\#]*[\s]*selfmx/ ) { $$config{selfmx}{line}=$lineno; $$config{selfmx}{used}=($line !~ /^\#/); } elsif ($line =~ /^[\#]*[\s]*localmx/ ) { $$config{localmx}{line}=$lineno; $$config{localmx}{used}=($line !~ /^\#/); } # forward names witout a domain? elsif ($line =~ /^[\#]*[\s]*domain-needed/ ) { $$config{domain_needed}{used}=($line!~/^\#/); $$config{domain_needed}{line}=$lineno; } #forward names in nonrouted address space? elsif ($line =~ /^[\#]*[\s]*bogus-priv/ ) { $$config{bogus_priv}{used}=($line!~/^\#/); $$config{bogus_priv}{line}=$lineno; } # filter windows wierdo names? elsif ($line =~ /^[\#]*[\s]*filterwin2k/ ) { $$config{filterwin2k}{used}=($line!~/^\#/); $$config{filterwin2k}{line}=$lineno; } # resolv.conf file elsif ($line =~ /(^[\#]*[\s]*resolv-file\=)([0-9a-zA-Z\/\.\-]*)/ ) { $$config{resolv_file}{filename}=$2; $$config{resolv_file}{line}=$lineno; $$config{resolv_file}{used}=($line!~/^\#/); } # any resolv.conf file at all? elsif ($line =~ /^[\#]*[\s]*no-resolv/ ) { $$config{no_resolv}{used}=($line!~/^\#/); $$config{no_resolv}{line}=$lineno; } # upstream servers in order? elsif ($line =~ /^[\#]*[\s]*strict-order/ ) { $$config{strict_order}{used}=($line!~/^\#/); $$config{strict_order}{line}=$lineno; } # check resolv. conf regularly? elsif ($line =~ /^[\#]*[\s]*no-poll/ ) { $$config{no_poll}{used}=($line!~/^\#/); $$config{no_poll}{line}=$lineno; } # extra name servers? elsif ($line =~ /(^[\#]*[\s]*server\=)([0-9a-zA-Z\.\-\/]*)/ ) { $subline=$2; %temp = {}; if( $subline =~ /\/($NAME)\/($IPADDR)/ ) { $temp{domain}=$1; $temp{domain_used}=1; $temp{address}=$2; $temp{line}=$lineno; $temp{used}= ($line !~ /^\#/); push @{ $$config{servers} }, { %temp }; } elsif( $subline =~ /($IPADDR)/ ) { $temp{domain}=""; $temp{domain_used}=0; $temp{address}=$1; $temp{line}=$lineno; $temp{used}= ($line !~ /^\#/); push @{ $$config{servers} }, { %temp }; } else { print "Error in line $lineno!"; $$config{errors}++; } } # local-only domains elsif ($line =~ /(^[\#]*[\s]*local\=)([0-9a-zA-Z\.\-\/]*)/ ) { $subline=$2; %temp={}; if( $subline =~ /\/($NAME)\// ) { $temp{domain}=$1; $temp{lineno}=$lineno; $temp{used}=($line !~ /^\#/); push @{ $$config{locals} }, { %temp }; } else { print "Error in line $lineno!"; $$config{errors}++; } } # force lookups to addresses elsif ($line =~ /(^[\#]*[\s]*address\=)([0-9a-zA-Z\.\-\/]*)/ ) { $subline=$2; %temp = {}; if( $subline =~ /\/($NAME)\/($IPADDR)/ ) { $temp{line}=$lineno; $temp{domain}=$1; $temp{addr}=$2; $temp{used}=($line !~ /^\#/); push @{ $$config{forced} }, { %temp }; } else { print "Error in line $lineno!"; $$config{errors}++; } } # deprecated /etc/ppp/resolv.conf permissions elsif ($line =~ /(^[\#]*[\s]*user\=)([0-9a-zA-Z\.\-\/]*)/ ) { } elsif ($line =~ /(^[\#]*[\s]*group\=)([0-9a-zA-Z\.\-\/]*)/ ) { } # where and how do we listen? elsif ($line =~ /(^[\#]*[\s]*listen-address\=)([0-9\.]*)/ ) { $subline=$2; %temp = {}; if( $subline =~ /($IPADDR)/ ) { $temp{line}=$lineno; $temp{address}=$1; $temp{used}= ($line !~ /^\#/); push @{ $$config{listen_on} }, { %temp }; } else { print "Error in line $lineno!"; $$config{errors}++; } } elsif ($line =~ /(^[\#]*[\s]*except-interface\=)([0-9a-zA-Z\.\-\/]*)/ ) { $subline=$2; %temp = {}; if( $subline =~ /($NAME)/ ) { $temp{line}=$lineno; $temp{iface}=$1; $temp{used}= ($line !~ /^\#/); push @{ $$config{ex_interface} }, { %temp }; } else { print "Error in line $lineno!"; $$config{errors}++; } } elsif ($line =~ /(^[\#]*[\s]*interface\=)([0-9a-zA-Z\.\-\/]*)/ ) { $subline=$2; %temp = {}; if( $subline =~ /($NAME)/ ) { $temp{line}=$lineno; $temp{iface}=$1; $temp{used}= ($line !~ /^\#/); push @{ $$config{interface} }, { %temp }; } else { print "Error in line $lineno!"; $$config{errors}++; } } elsif ($line =~ /^[\#]*[\s]*bind-interfaces/ ) { $$config{bind_interfaces}{used}=($line!~/^\#/); $$config{bind_interfaces}{line}=$lineno; } # hosts file elsif ($line =~ /^[\#]*[\s]*no-hosts/ ) { $$config{no_hosts}{used}=($line!~/^\#/); $$config{no_hosts}{line}=$lineno; } elsif ($line =~ /(^[\#]*[\s]*addn-hosts\=)([0-9a-zA-Z\_\.\-\/]*)/ ) { $$config{addn_hosts}{line}=$lineno; $$config{addn_hosts}{file}=$2; $$config{addn_hosts}{used}=($line!~/^\#/); } # add domain to hosts file? elsif ($line =~ /^[\#]*[\s]*expand-hosts/ ) { $$config{expand_hosts}{used}=($line!~/^\#/); $$config{expand_hosts}{line}=$lineno; } # translate wild-card responses to NXDOMAIN elsif ($line =~ /(^[\#]*[\s]*bogus-nxdomain\=)([0-9\.]*)/ ) { $subline=$2; %temp = {}; if( $subline =~ /($IPADDR)/ ) { $temp{line}=$lineno; $temp{addr}=$1; $temp{used}= ($line !~ /^\#/); push @{ $$config{bogus} }, { %temp }; } else { print "Error in line $lineno!"; $$config{errors}++; } } # local domain elsif ($line =~ /(^[\#]*[\s]*domain\=)([0-9a-zA-Z\.\-\/]*)/ ) { $$config{domain}{line}=$lineno; $$config{domain}{domain}=$2; $$config{domain}{used}=($line!~/^\#/); } # cache size elsif ($line =~ /(^[\#]*[\s]*cache-size\=)([0-9]*)/ ) { $$config{cache_size}{line}=$lineno; $$config{cache_size}{size}=$2; $$config{cache_size}{used}=($line !~/^\#/); } # negative cache elsif ($line =~ /(^[\#]*[\s]*no-negcache)/ ) { $$config{neg_cache}{line}=$lineno; $$config{neg_cache}{used}=($line !~/^\#/); } # local ttl elsif ($line =~ /(^[\#]*[\s]*local-ttl\=)([0-9]*)/ ) { $$config{local_ttl}{line}=$lineno; $$config{local_ttl}{ttl}=$2; $$config{local_ttl}{used}=($line !~/^\#/); } # log requests? elsif ($line =~ /(^[\#]*[\s]*log-queries)/ ) { $$config{log_queries}{line}=$lineno; $$config{log_queries}{used}=($line !~/^\#/); } # alias IP addresses elsif ($line =~ /(^[\#]*[\s]*alias\=)([0-9\.\,]*)/ ) { $subline=$2; %temp = {}; if( $subline =~ /($IPADDR)\,($IPADDR)\,($IPADDR)/ ) { # with netmask $temp{line}=$lineno; $temp{from}=$1; $temp{to}=$2; $temp{netmask}=$3; $temp{netmask_used}=1; $temp{used}= ($line !~ /^\#/); push @{ $$config{alias} }, { %temp }; } elsif( $subline =~ /($IPADDR)\,($IPADDR)/ ) { # no netmask $temp{line}=$lineno; $temp{from}=$1; $temp{to}=$2; $temp{netmask}=0; $temp{netmask_used}=0; $temp{used}= ($line !~ /^\#/); push @{ $$config{alias} }, { %temp }; } else { print "Error in line $lineno!"; $$config{errors}++; } } # DHCP # address range to use elsif ($line =~ /(^[\#]*[\s]*dhcp-range\=)([0-9a-zA-Z\.\,\-\_]*)/ ) { %temp={}; $subline=$2; $temp{line}=$lineno; $temp{used}=($line !~/^\#/); if ($subline =~ /^($NAME)\,($IPADDR)\,($IPADDR)\,($IPADDR)(\,*)(\d*[mh]*)/ ) { # network id, start, end, netmask, time (optionally) $temp{id}=$1; $temp{id_used}=1; $temp{start}=$2; $temp{end}=$3; $temp{mask}=$4; $temp{mask_used}=1; $temp{leasetime}=$6; $temp{time_used}=($6 =~ /^\d/); $temp{used} =( $line !~ /^\#/ ); push @{ $$config{dhcp_range} }, { %temp }; } elsif ($subline =~ /^($NAME)\,($IPADDR)\,($IPADDR)(\,*)(\d*[mh]*)/ ) { # network id, start, end, time (optionally) $temp{id}=$1; $temp{id_used}=1; $temp{start}=$2; $temp{end}=$3; $temp{mask}=""; $temp{mask_used}=0; $temp{leasetime}=$5; $temp{time_used}=($5 =~ /^\d/); $temp{used} =( $line !~ /^\#/ ); push @{ $$config{dhcp_range} }, { %temp }; } elsif ($subline =~ /^($IPADDR)\,($IPADDR)\,($IPADDR)(\,*)(\d*[mh]*)/ ) { # start, end, netmask, time (optionally) $temp{id}=""; $temp{id_used}=0; $temp{start}=$1; $temp{end}=$2; $temp{mask}=$3; $temp{mask_used}=1; $temp{leasetime}=$5; $temp{time_used}=($5 =~ /^\d/); $temp{used} =( $line !~ /^\#/ ); push @{ $$config{dhcp_range} }, { %temp }; } elsif ($subline =~ /^($IPADDR)\,($IPADDR)(\,*)(\d*[mh]*)/ ) { # start, end, time (optionally) $temp{id}=""; $temp{id_used}=0; $temp{start}=$1; $temp{end}=$2; $temp{mask}=""; $temp{mask_used}=0; $temp{leasetime}=$4; $temp{time_used}=($4 =~ /^\d/); $temp{used} =( $line !~ /^\#/ ); push @{ $$config{dhcp_range} }, { %temp }; } else { print "Error in line $lineno!"; $$config{errors}++; } } # specify hosts elsif ($line =~ /(^[\#]*[\s]*dhcp-host\=)([0-9a-zA-Z\.\:\,\*]*)/) { # too many to classify - all as string! %temp = {}; $temp{line}=$lineno; $temp{option}=$2; $temp{used}=($line !~/^\#/); push @{ $$config{dhcp_host} }, { %temp }; } # vendor class elsif ($line =~ /(^[\#]*[\s]*dhcp-vendorclass\=)($NAME)\,($NAME)/ ) { %temp = {}; $temp{line}=$lineno; $temp{class}=$2; $temp{vendor}=$3; $temp{used}=($line !~/^\#/); push @{ $$config{vendor_class} }, { %temp }; } # user class elsif ($line =~ /(^[\#]*[\s]*dhcp-userclass\=)($NAME)\,($NAME)/ ) { %temp = {}; $temp{line}=$lineno; $temp{class}=$2; $temp{user}=$3; $temp{used}=($line !~/^\#/); push @{ $$config{user_class} }, { %temp }; } # /etc/ethers? elsif ($line =~ /(^[\#]*[\s]*read-ethers)/ ) { $$config{dhcp_ethers}{line}=$lineno; $$config{dhcp_ethers}{used}=($line !~/^\#/); } # dchp options elsif ($line =~ /(^[\#]*[\s]*dhcp-option\=)([0-9a-zA-Z\,\_\.]*)/ ) { # too many to classify - all as string! %temp = {}; $temp{line}=$lineno; $temp{option}=$2; $temp{used}=($line !~/^\#/); push @{ $$config{dhcp_option} }, { %temp }; } # lease time elsif ($line =~ /(^[\#]*[\s]*dhcp-lease-max\=)([0-9]*)/ ) { $$config{dhcp_leasemax}{line}=$lineno; $$config{dhcp_leasemax}{max}=$2; $$config{dhcp_leasemax}{used}=($line !~/^\#/); } # bootp host & file elsif ($line =~ /(^[\#]*[\s]*dhcp-boot\=)([0-9a-zA-Z0-9\,\_\.\/]*)/ ) { $subline=$2; if( $subline =~ /([0-9a-zA-Z\.\-\_\/]+)\,($NAME)\,($IPADDR)/ ) { $$config{dhcp_boot}{line}=$lineno; $$config{dhcp_boot}{file}=$1; $$config{dhcp_boot}{host}=$2; $$config{dhcp_boot}{address}=$3; $$config{dhcp_boot}{used}=($line !~/^\#/); } } # leases file elsif ($line =~ /(^[\#]*[\s]*dhcp-leasefile\=)([0-9a-zA-Z0-9\_\.\/]*)/ ) { $$config{dhcp_leasefile}{line}=$lineno; $$config{dhcp_leasefile}{file}=$2; $$config{dhcp_leasefile}{used}=($line !~/^\#/); } else { # everything else that's not a comment # we don't understand so it may be an error! if( $line !~ /^#/ ) { $config{errors}++; } } } } } #end of sub read_config_file # # update the config file array # # arguments are: # $lineno - the line number (array index) to update # $text - the new contents of the line # $file - reference to the array to change # $comm - put a comment marker ('#') at start of line? # false (0) means comment the line # sub update { my $lineno = shift; my $text = shift; my $file = shift; my $comm = shift; my $line; $line = ( $comm != 0 ) ? $text : "#" . $text; if( $lineno == 0 ) { push @$file, $line; } else { @$file[$lineno]=$line; } } # end of sub update 1; dnsmasq/servers.cgi0000755000000000000000000000704010512350076013402 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - server.cgi; Upstream Servers config # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks &header($text{'index_title'}, "", "intro", 1, 1, undef, "Written by Neil Fisher
Author
Home://page"); # uses the index_title entry from ./lang/en or appropriate ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure # output as web page my $count=0; &header( "DNSMasq settings", "" ); &parse_config_file( \%config, \$config_file ); print "

"; print $text{'DNS_servers'}; print "

"; print &ui_form_start( "srv_apply.cgi", "post" ); print "

".$text{dynamic}."

"; print $text{resolv}; print &ui_yesno_radio( "resolv", ($config{no_resolv}{used}?0:1) ); print "
".$text{resolv_file_explicit}; print &ui_yesno_radio( "resolv_std", ($config{resolv_file}{used}?1:0) ); print "
".$text{resolv_file}; print &ui_textbox( "resolv_file", $config{resolv_file}{filename}, 50 ); print "

".$text{poll}."
"; print &ui_yesno_radio( "poll", ($config{no_poll}{used}?0:1) ); print "

".$text{strict_order}; print &ui_yesno_radio( "strict", ($config{strict_order}{used}?1:0) ); print "

".$text{in_file}."

"; print &ui_columns_start( [ $text{domain}, $text{address}, $text{in_use}, "" ], 100 ); foreach my $server ( @{$config{servers}} ) { local ( $mover, $edit ); if( $count == @{$config{servers}}-1 ) { $mover=""; } else { $mover = ""; } if( $count == 0 ) { $mover.=""; } else { $mover .= ""; } $edit = "".$$server{address}.""; print &ui_columns_row( [ $$server{domain}, $edit, ($$server{used})?$text{used}:$text{not_used}, $mover ], [ "width=30%", "width=30%", "width=30%", "width=10%" ] ); $count++; } print &ui_columns_end(); print "
". $text{new_dns_serv}."
"; print "
" . &ui_submit( $text{'save_button'} ); print &ui_form_end(); print "
"; print ""; print $text{'DNS_settings'}; print "
"; print ""; print $text{'iface_config'}; print "
"; print ""; print $text{'alias_config'}; print "
"; print "
"; print ""; print $text{'DHCP_config'}; print "
"; &footer("/", $text{'index'}); # uses the index entry in /lang/en ## if subroutines are not in an extra file put them here ### END of servers.cgi ###. dnsmasq/iface.cgi0000755000000000000000000000711710512345430012763 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - iface.cgi; network interfaces # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks &header($text{'index_title'}, "", "intro", 1, 1, undef, "Written by Neil Fisher
Author
Home://page"); # uses the index_title entry from ./lang/en or appropriate ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure # output as web page my $count=0; &header( "DNSMasq settings", "" ); &parse_config_file( \%config, \$config_file ); print "

"; print $text{'iface_listen'}; print "

"; print &ui_columns_start( [ $text{iface}, $text{in_use} ], 100 ); foreach my $iface ( @{$config{interface}} ) { my $edit = "".$$iface{iface}.""; print &ui_columns_row( [ $edit, ($$iface{used})?$text{used}:$text{not_used} ], [ "width=30%", "width=30%", "width=30%" ] ); $count++; } print &ui_columns_end(); print "
". $text{new_iface}."
"; print "

"; print $text{'xiface_listen'}; print "

"; $count=0; print &ui_columns_start( [ $text{xiface}, $text{in_use} ], 100 ); foreach my $iface ( @{$config{ex_interface}} ) { my $edit = "".$$iface{iface}.""; print &ui_columns_row( [ $edit, ($$iface{used})?$text{used}:$text{not_used} ], [ "width=30%", "width=30%", "width=30%" ] ); $count++; } print &ui_columns_end(); print "
". $text{new_iface}."
"; print "

"; print $text{'listen_addr'}; print "

"; $count=0; print &ui_columns_start( [ $text{listen_addr}, $text{in_use} ], 100 ); foreach my $iface ( @{$config{listen_on}} ) { my $edit = "".$$iface{address}.""; print &ui_columns_row( [ $edit, ($$iface{used})?$text{used}:$text{not_used} ], [ "width=30%", "width=30%", "width=30%" ] ); $count++; } print &ui_columns_end(); print "
"; print "
". $text{new_addr}."

"; print &ui_form_start( 'iface_apply.cgi', "post" ); print $text{bind_iface}; print &ui_yesno_radio( "bind_iface", ($config{bind_interfaces}{used})?1:0 ); print "
".&ui_submit( $text{save_button} ); print &ui_form_end(); print "

".$text{'DNS_settings'}."
"; print "".$text{'servers_config'}."
"; print "".$text{'alias_config'}."
"; print "
"; print ""; print $text{'DHCP_config'}; print "
"; &footer("/", $text{'index'}); # uses the index entry in /lang/en ## if subroutines are not in an extra file put them here ### END of iface.cgi ###. dnsmasq/iface_edit.cgi0000755000000000000000000000406110512324451013763 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - iface_edit.cgi; edit interface # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{edit_iface}."

"; print &ui_form_start( "iface_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print "
".$text{in_use}.&ui_yesno_radio( "used", ($config{interface}[$in{idx}]{used})?1:0 ); print "
".$text{iface_name}; print &ui_textbox( "iface", $config{interface}[$in{idx}]{iface}, 50 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "".$text{delet}.""; print "
".$text{iface_config}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of iface_edit.cgi ###. dnsmasq/help/0000755000000000000000000000000010507121320012141 5ustar rootrootdnsmasq/help/intro.html0000644000000000000000000000202210507121320014156 0ustar rootroot
DNSmasq Configuration

Introduction to DNSmasq

DNSmasq is an integrated DNS caching proxy server and DHCP server designed to run on a host that is masquerading a local private network to the rest of the internet.

Configuring DNSmasq

In most cases, all you'll need to change will be the local domain name. Under some circumstances, you may want to change how DNSmasq resolves names to allow for other local nameservers (if for example you are using a VPN tunnel to another location).

All the functionality of DNSmasq is beyond the scope of this help file - please read the man pages!

Limitations

Please read the README file.
In Short, this is a quick and dirty implementation with virtually no error checking. Therefore, it assumes you know what you are doing!

Use with care!

If you enter a name where a IP address should be (for example) then you may need to edit the config file manually to remove or edit the offending line. YOU HAVE BEEN WARNED! dnsmasq/alias.cgi0000755000000000000000000000754010512627251013011 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - alias.cgi; aliasing and redirection # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure # output as web page &parse_config_file( \%config, \$config_file ); if( $config{errors} > 0 ) { my $line="error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } &header($text{'index_title'}, "", "intro", 1, 1, undef, "Written by Neil Fisher
Author
Home://page"); print "
\n"; # uses the index_title entry from ./lang/en or appropriate print "
\n"; print "

".$text{forced}."

"; print "

\n"; my $count=0; print &ui_columns_start( [ $text{forced_domain}, $text{forced_ip}, $text{in_use} ], 100 ); foreach my $frcd ( @{$config{forced}} ) { my $edit = "".$$frcd{domain}.""; print &ui_columns_row( [ $edit, $$frcd{addr}, ($$frcd{used}) ? $text{used} : $text{not_used} ], [ "width=30%", "width=30%", "width=30%" ] ); $count++; } print &ui_columns_end(); print "
\n"; print "". $text{forced_add}.""; print "
\n"; print "

\n"; print "
"; print "
\n"; print "

".$text{alias}."

"; print "

\n"; $count=0; print &ui_columns_start( [ $text{forced_from}, $text{forced_ip}, $text{forced_mask}, $text{in_use} ], 100 ); foreach my $frcd ( @{$config{alias}} ) { my $edit = "".$$frcd{from}.""; print &ui_columns_row( [ $edit, $$frcd{to}, ($$frcd{netmask_used}) ? $$frcd{netmask} : "255.255.255.255", ($$frcd{used}) ? $text{used} : $text{not_used} ], [ "width=25%", "width=25%", "width=25%", "width=25%" ] ); $count++; } print &ui_columns_end(); print "
\n"; print "". $text{alias_add}.""; print "
\n"; print "
"; print "
\n"; print "

".$text{nx}."

"; print "

\n"; $count=0; print &ui_columns_start( [ $text{forced_from}, $text{in_use} ], 100 ); foreach my $frcd ( @{$config{bogus}} ) { my $edit = "".$$frcd{addr}.""; print &ui_columns_row( [ $edit, ($$frcd{used}) ? $text{used} : $text{not_used} ], [ "width=50%", "width=50%" ] ); $count++; } print &ui_columns_end(); print "
\n"; print "". $text{nx_add}.""; print "
\n"; print "
"; print "

\n"; print "

\n"; print ""; print $text{'DNS_settings'}; print "
"; print ""; print $text{'DNS_servers'}; print "
"; print ""; print $text{'iface_config'}; print "
"; print "
"; print ""; print $text{'DHCP_config'}; print "
"; &footer("/", $text{'index'}); # uses the index entry in /lang/en ## if subroutines are not in an extra file put them here ### END of alias.cgi ###. dnsmasq/dhcp.cgi0000755000000000000000000001306010512347345012633 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - dhcp.cgi; DHCP config # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks &header($text{'index_title'}, "", "intro", 1, 1, undef, "Written by Neil Fisher
Author
Home://page"); # uses the index_title entry from ./lang/en or appropriate ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure # output as web page &header( "DNSMasq settings", "" ); &parse_config_file( \%config, \$config_file ); print "
\n"; if( $config{errors} > 0 ) { print "

WARNING: found "; print $config{errors}; print "errors in config file!


\n"; } print "
\n"; print "

$text{'DHCP_settings'}

"; print "

\n"; my $count; my $width; $count=0; $width="width=33%"; print "

".$text{vendor_classes}."

"; print &ui_columns_start( [ $text{class}, $text{vendor}, $text{in_use} ], 100 ); foreach my $range ( @{$config{vendor_class}} ) { my $edit = "".$$range{class}.""; print &ui_columns_row( [ $edit, $$range{vendor}, ($$range{used}) ? $text{used} : $text{not_used} ], [ $width, $width, $width ] ); $count++; } print &ui_columns_end(); print "
". $text{vend_add}."

"; $count=0; $width="width=33%"; print "

".$text{user_classes}."

"; print &ui_columns_start( [ $text{class}, $text{user}, $text{in_use} ], 100 ); foreach my $range ( @{$config{user_class}} ) { my $edit = "".$$range{class}.""; print &ui_columns_row( [ $edit, $$range{user}, ($$range{used}) ? $text{used} : $text{not_used} ], [ $width, $width, $width ] ); $count++; } print &ui_columns_end(); print "
". $text{user_add}."

"; $count=0; $width="20%"; print "

".$text{dhcp_range}."

"; print &ui_columns_start( [ $text{net_id}, $text{forced_from}, $text{forced_ip}, $text{forced_mask}, $text{leasetime}, $text{in_use} ], 100 ); foreach my $range ( @{$config{dhcp_range}} ) { my $edit = "".$$range{start}.""; print &ui_columns_row( [ $$range{id}, $edit, $$range{end}, $$range{mask}, $$range{leasetime}, ($$range{used}) ? $text{used} : $text{not_used} ], [ $width, $width, $width, $width, $width ] ); $count++; } print &ui_columns_end(); print "
". $text{range_add}."

"; $count=0; $width="width=50%"; print "

".$text{hosts}."

"; print &ui_columns_start( [ $text{hosts}, $text{in_use} ], 100 ); foreach my $range ( @{$config{dhcp_host}} ) { my $edit = "".$$range{option}.""; print &ui_columns_row( [ $edit, ($$range{used}) ? $text{used} : $text{not_used} ], [ $width, $width ] ); $count++; } print &ui_columns_end(); print "
". $text{host_add}."

"; $count=0; $width="width=50%"; print "

".$text{dhcp_options}."

"; print &ui_columns_start( [ $text{dhcp_option}, $text{in_use} ], 100 ); foreach my $range ( @{$config{dhcp_option}} ) { my $edit = "".$$range{option}.""; print &ui_columns_row( [ $edit, ($$range{used}) ? $text{used} : $text{not_used} ], [ $width, $width ] ); $count++; } print &ui_columns_end(); print "
". $text{dhcp_add}."

"; print &ui_form_start( 'dhcp_apply.cgi', "get" ); print "

".$text{misc}."


"; print $text{read_ethers}.&ui_yesno_radio( "ethers", ($config{dhcp_ethers}{used})?1:0 ); print "

".$text{use_bootp}.&ui_yesno_radio ( "bootp", ($config{dhcp_boot}{used})?1:0 ); print "
".$text{bootp_host}.&ui_textbox( "bootp_host", $config{dhcp_boot}{host}, 80 ); print "
".$text{bootp_file}.&ui_textbox( "bootp_file", $config{dhcp_boot}{file}, 80 ); print "
".$text{bootp_address}.&ui_textbox( "bootp_addr", $config{dhcp_boot}{address}, 80 ); print "

".$text{max_leases}.&ui_textbox( "max_leases", $config{dhcp_leasemax}{max}, 10 ); print "

".$text{leasefile}.&ui_yesno_radio( "useleasefile", ($config{dhcp_leasefile}{used})?1:0 ); print "
".$text{lfiletouse}.&ui_textbox( "leasefile", $config{dhcp_leasefile}{file}, 80 ); print "

".&ui_submit( $text{'save_button'} ); print &ui_form_end( ); print "

"; print $text{'DNS_settings'}; print "
"; &footer("/", $text{'index'}); # uses the index entry in /lang/en ## if subroutines are not in an extra file put them here ### END of dhcp.cgi ###. dnsmasq/restart.cgi0000755000000000000000000000300510507123056013372 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - restart.cgi; restart DNSmasq # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks &header($text{'index_title'}, "", "intro", 1, 1, undef, "Written by Neil Fisher
Author
Home://page"); # uses the index_title entry from ./lang/en or appropriate ## Insert Output code here # output as web page my $line=$config{restart}; &header( "DNSMasq settings", "" ); print $text{restarting} . "
"; print `$line`; print "
"; print $text{DNS_settings}; print ""; &footer("/", $text{'index'}); # uses the index entry in /lang/en ## if subroutines are not in an extra file put them here ### END of restart.cgi ###. dnsmasq/srv_apply.cgi0000755000000000000000000000415310512642213013727 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - srv_apply.cgi; update DNS server info # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line = "error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # check for input data errors if( ($in{resolv_std}) && ($in{resolv_file} !~ /^$FILE$/) ) { my $line = "error.cgi?line=".$text{resolv_file}; $line .= "&type=".$text{err_filebad}; &redirect( $line ); exit; } # adjust everything to what we got # # use resolv.conf? # &update( $config{no_resolv}{line}, "no-resolv", $config_file, ( $in{resolv} == 0 ) ); # # standard location for resolv.conf? # &update( $config{resolv_file}{line}, "resolv-file=".$in{resolv_file}, $config_file, ( $in{resolv_std} == 1 ) ); # # servers in order provided? # &update( $config{strict_order}{line}, "strict-order", $config_file, ( $in{strict} == 1 ) ); # # poll resolv.conf? # &update( $config{no_poll}{line}, "no-poll", $config_file, ( $in{poll} == 0 ) ); # # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "servers.cgi" ); # # sub-routines # ### END of srv_apply.cgi ###. dnsmasq/restart.sh0000755000000000000000000000034010506066357013252 0ustar rootroot#!/bin/bash echo "killing existing process PID is " cat /var/run/dnsmasq.pid kill -9 `cat /var/run/dnsmasq.pid` echo "done. Starting new process..." /usr/local/sbin/dnsmasq echo "Done. New PID is " cat /var/run/dnsmasq.pid dnsmasq/srv_move.cgi0000755000000000000000000000404510507102723013551 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - dns_move.cgi; move server # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # my $selected=$config{servers}[$in{idx}]{line}; if( $in{dir} eq "up" ) { $config{servers}[$in{idx}]{line}=$config{servers}[$in{idx}-1]{line}; $config{servers}[$in{idx}-1]{line}=$selected; } else { $config{servers}[$in{idx}]{line}=$config{servers}[$in{idx}+1]{line}; $config{servers}[$in{idx}+1]{line}=$selected; } foreach my $server (@{$config{servers}}) { $line= ($$server{domain_used}) ? "server=/".$$server{domain}."/".$$server{address} : "server=".$$server{address}; &update( $$server{line}, $line, $config_file, ($$server{used}) ); } # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "servers.cgi" ); # # sub-routines # ### END of dns_move.cgi ###. dnsmasq/srv_edit_apply.cgi0000755000000000000000000000364610512642225014745 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - srv_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line = "error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # check for input data errors if( $in{addr} !~ /^$IPADDR$/ ) { my $line = "error.cgi?line=".$text{srv_addr}; $line .= "&type=".$text{err_notip}; &redirect( $line ); exit; } if( ($in{named}) && ($in{name} !~ /^$NAME$/) ) { my $line = "error.cgi?line=".$text{srv_name}; $line .= "&type=".$text{err_domainbad}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="server="; $line .= ($in{named})?"/".$in{name}."/":""; $line .= $in{addr}; &update( $config{servers}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "servers.cgi" ); # # sub-routines # ### END of srv_edit_apply.cgi ###. dnsmasq/delete.cgi0000755000000000000000000000265410512627424013165 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - delete.cgi; delete a line # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line="error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # adjust everything to what we got # # &update( $config{$in{what}}[$in{idx}]{line}, "", $config_file, 0 ); &flush_file_lines(); &redirect( $in{where} ); # # sub-routines # ### END of delete.cgi ###. dnsmasq/xiface_edit.cgi0000755000000000000000000000410410512343715014155 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - xiface_edit.cgi; edit except interface # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{edit_xiface}."

"; print &ui_form_start( "xiface_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print "
".$text{in_use}.&ui_yesno_radio( "used", ($config{ex_interface}[$in{idx}]{used})?1:0 ); print "
".$text{xiface_name}; print &ui_textbox( "iface", $config{ex_interface}[$in{idx}]{iface}, 50 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "". $text{delet}.""; print "
< a href=iface.cgi>".$text{iface_config}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of xiface_edit.cgi ###. dnsmasq/listen_edit.cgi0000755000000000000000000000407010512324553014215 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - listen_edit.cgi; edit listen on # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{edit_listen}."

"; print &ui_form_start( "listen_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print "
".$text{in_use}.&ui_yesno_radio( "used", ($config{listen_on}[$in{idx}]{used})?1:0 ); print "
".$text{listen_name}; print &ui_textbox( "addr", $config{listen_on}[$in{idx}]{address}, 50 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "".$text{delet}.""; print "
".$text{iface_config}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of listen_edit.cgi ###. dnsmasq/nx_edit.cgi0000755000000000000000000000402510512324660013343 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - nx_edit.cgi; edit forced NXDOMAIN # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{bogus}."

"; print &ui_form_start( "nx_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print $text{forced_from}. &ui_textbox( "from", $config{bogus}[$in{idx}]{addr}, 15 ); print "
".$text{in_use}.&ui_yesno_radio( "used", ($config{bogus}[$in{idx}]{used})?1:0 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "".$text{delet}.""; print "
".$text{alias_config}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of nx_edit.cgi ###. dnsmasq/add.cgi0000755000000000000000000000265010512627117012446 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - add.cgi; add a line # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line="error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # adjust everything to what we got # push @{$config_file}, "#".$in{what}; # # write file!! &flush_file_lines(); # # re-load basic page &redirect( $in{where} ); # # sub-routines # ### END of add.cgi ###. dnsmasq/README0000644000000000000000000000425510512644024012106 0ustar rootroot This is the README for the DNSmasq webmin module. Problems: 1) There's only basic error checking - if you enter some bad addresses or names, they will go straight into the config file although we do check for things like IP addresses being of the correct form (no letters, 4 groups of up to 3 digits separated by dots etc). One thing that ISN'T CHECKED FOR is that IP dotted quads are all numbers < 256. Another is that netmasks are logical (you could enter a netmask of 255.0.255.0 for example). Essentially, if it'll pass the config file regex scanner (and the above examples will), it won't be flagged as "bad" even if it is a big no-no for dnsmasq itself. 2) Code is ugly and a kludge - I ain't a programmer! There are probably a lot of things that could be done to tidy up the code - eg, it probably wouldn't hurt to move some common stuff into the lib file. 3) I've used the %text hash and written an english lang file, but I am mono-lingual so no other language support as yet. 4) for reasons unknown to me, the icon does not appear properly on the servers page of webmin (at least it doesn't for me!) 5) icons have been shamelessly stolen from the ipfilter module, specifically the up and down arrows. 6) if you delete an item, the config file will contain an otherwise empty, but commented line. This means that if you add some new stuff, then delete it, the config file will have a number of lines at the end that are just comments. Therefore, the config file could possibly grow quite large. 7) NO INCLUDE FILES! if you use an include file, it'll be flagged as an error. OK if the include file line is commented out though. 8) deprecated lines not supported (eg user and group) - they may produce an error! (user and group don't, but you can't change them) IOW, it works, it's just not very elegant and not very robust. Hope you find it useful though - I do, as I prevents me having to ever wade through the config file and man pages again. If you modify it, or add a language file, and you have a spare moment, please e-mail me - I won't be upset at all if you fix my poor coding! (rather the opposite - I'd be pleased someone found it usefull) Cheers, Neil Fisher dnsmasq/iface_edit_apply.cgi0000755000000000000000000000304010512633233015165 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - iface_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line = "error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="interface=".$in{iface}; &update( $config{interface}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "iface.cgi" ); # # sub-routines # ### END of iface_edit_apply.cgi ###. dnsmasq/xiface_edit_apply.cgi0000755000000000000000000000305510512640306015362 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - xiface_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line = "error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="except-interface=".$in{iface}; &update( $config{ex_interface}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "iface.cgi" ); # # sub-routines # ### END of _xiface_edit_apply.cgi ###. dnsmasq/listen_edit_apply.cgi0000755000000000000000000000332510512642154015424 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - listen_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line= "error.cgi?line=x&type=".$text{listen_addr}; &redirect( $line ); exit; } # check for input data errors if( $in{addr} !~ /^$IPADDR$/ ) { my $line= "error.cgi?line=".$text{listen_addr}; $line .= "&type=".$text{err_notip}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="listen-address=".$in{addr}; &update( $config{listen_on}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "iface.cgi" ); # # sub-routines # ### END of listen_edit_apply.cgi ###. dnsmasq/range_edit_apply.cgi0000755000000000000000000000535210512642203015217 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - range_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line = "error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # check for input data errors if( $in{from} !~ /^$IPADDR$/ ) { my $line = "error.cgi?line=".$text{forced_from}; $line .= "&type=".$text{err_notip}; &redirect( $line ); exit; } if( $in{to} !~ /^$IPADDR$/ ) { my $line = "error.cgi?line=".$text{forced_ip}; $line .= "&type=".$text{err_notip}; &redirect( $line ); exit; } if( ($in{masked}) && ($in{mask} !~ /^$IPADDR$/) ) { my $line = "error.cgi?line=".$text{forced_mask}; $line .= "&type=".$text{err_notmask}; &redirect( $line ); exit; } if( ($in{timed}) && ($in{'time'} !~ /^$TIME$/) ) { my $line = "error.cgi?line=".$text{leasetime}; $line .= "&type=".$text{err_nottime}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="dhcp-range="; $line .= $in{id}."," if $in{ided}; $line .= $in{from}.",".$in{to}; $line .= $in{mask} if $in{masked}; $line .= $in{'time'} if $in{timed}; &update( $config{dhcp_range}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "dhcp.cgi" ); # # sub-routines # ### END of range_edit_apply.cgi ###. # adjust everything to what we got # my $line="dhcp-range="; $line .= $in{id}."," if $in{ided}; $line .= $in{from}.",".$in{to}; $line .= $in{mask} if $in{masked}; $line .= $in{'time'} if $in{timed}; &update( $config{dhcp_range}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "dhcp.cgi" ); # # sub-routines # ### END of range_edit_apply.cgi ###. dnsmasq/host_edit.cgi0000755000000000000000000000405710512351537013703 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - host_edit.cgi; edit DHCP host # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{edit_host}."

"; print &ui_form_start( "host_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print "
".$text{in_use}.&ui_yesno_radio( "used", ($config{dhcp_host}[$in{idx}]{used})?1:0 ); print "
".$text{host_spec}; print &ui_textbox( "host", $config{dhcp_host}[$in{idx}]{option}, 80 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "".$text{delet}.""; print "
".$text{DHCP_settings}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of host_edit.cgi ###. dnsmasq/range_edit.cgi0000755000000000000000000000541310512347165014021 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - range_edit.cgi; DHCP range edit # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{range_edit}."

"; print &ui_form_start( "range_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print "
".$text{in_use}.&ui_yesno_radio( "used", ($config{dhcp_range}[$in{idx}]{used})?1:0 ); print "
".$text{ided}.&ui_yesno_radio( "ided", ($config{dhcp_range}[$in{idx}]{id_used})?1:0 ); print "
".$text{id}; print &ui_textbox( "id", $config{dhcp_range}[$in{idx}]{id}, 50 ); print "
".$text{forced_from}; print &ui_textbox( "from", $config{dhcp_range}[$in{idx}]{start}, 18 ); print "
".$text{forced_ip}; print &ui_textbox( "to", $config{dhcp_range}[$in{idx}]{end}, 18 ); print "
".$text{forced_mask_used}.&ui_yesno_radio( "masked", ($config{dhcp_range}[$in{idx}]{mask_used})?1:0 ); print "
".$text{forced_mask}; print &ui_textbox( "mask", $config{dhcp_range}[$in{idx}]{mask}, 18 ); print "
".$text{timed}.&ui_yesno_radio( "timed", ($config{dhcp_range}[$in{idx}]{time_used})?1:0 ); print "
".$text{leasetime}; print &ui_textbox( "time", $config{dhcp_range}[$in{idx}]{leasetime}, 18 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "".$text{delet}.""; print "
".$text{DHCP_settings}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of range_edit.cgi ###. dnsmasq/option_edit.cgi0000755000000000000000000000407610512351517014235 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - option_edit.cgi; edit DHCP option # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{edit_opt}."

"; print &ui_form_start( "option_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print "
".$text{in_use}.&ui_yesno_radio( "used", ($config{dhcp_option}[$in{idx}]{used})?1:0 ); print "
".$text{option_spec}; print &ui_textbox( "host", $config{dhcp_option}[$in{idx}]{option}, 80 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "".$text{delet}.""; print "
".$text{DHCP_settings}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of option_edit.cgi ###. dnsmasq/host_edit_apply.cgi0000755000000000000000000000303210512633002015066 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - host_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line="error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="dhcp-host=".$in{host}; &update( $config{dhcp_host}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "dhcp.cgi" ); # # sub-routines # ### END of host_edit_apply.cgi ###. dnsmasq/iface_apply.cgi0000755000000000000000000000300210512633156014162 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - iface_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line = "error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # adjust everything to what we got # &update( $config{bind_interfaces}{line}, "bind-interfaces", $config_file, ( $in{bind_iface} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "iface.cgi" ); # # sub-routines # ### END of iface_apply.cgi ###. dnsmasq/forced_edit.cgi0000755000000000000000000000423010512324260014152 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - forced_edit.cgi; forced domain response edit # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{forced}."

"; print &ui_form_start( "forced_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print $text{forced_domain}. &ui_textbox( "domain", $config{forced}[$in{idx}]{domain}, 50 ); print "
"; print $text{forced_ip}. &ui_textbox( "to", $config{forced}[$in{idx}]{addr}, 15 ); print "
".$text{in_use}.&ui_yesno_radio( "used", ($config{forced}[$in{idx}]{used})?1:0 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "".$text{delet}.""; print "
".$text{alias_config}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of forced_edit.cgi ###. dnsmasq/alias_edit.cgi0000755000000000000000000000435010512627345014016 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - alias_edit.cgi; IP alias edit # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line="error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{alias}."

"; print &ui_form_start( "alias_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print $text{forced_from}. &ui_textbox( "from", $config{alias}[$in{idx}]{from}, 15 ); print "
"; print $text{forced_ip}. &ui_textbox( "to", $config{alias}[$in{idx}]{to}, 15 ); print "
"; print $text{forced_mask_used}. &ui_yesno_radio( "mask", ($config{alias}[$in{idx}]{netmask_used})?1:0 ); print $text{forced_mask}. &ui_textbox( "netmask", $config{alias}[$in{idx}]{netmask}, 15 ); print "
".$text{in_use}.&ui_yesno_radio( "used", ($config{forced}[$in{idx}]{used})?1:0 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "".$text{delet}.""; print "
".$text{alias_config}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of alias_edit.cgi ###. dnsmasq/option_edit_apply.cgi0000755000000000000000000000304010512633571015433 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - option_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line= "error.cgi?line=x&type=".$text{listen_addr}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="dhcp-option=".$in{host}; &update( $config{dhcp_option}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "dhcp.cgi" ); # # sub-routines # ### END of option_edit_apply.cgi ###. dnsmasq/basic_apply.cgi0000755000000000000000000000720010512642037014176 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - dns_apply.cgi; update basic DNS info # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line = "error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # check user input for obvious errors if( $in{local_domain} !~ /^$FILE$/ ) { my $line = "error.cgi?line=".$text{local_domain}; $line .= "&type=".$text{err_domainbad}; &redirect( $line ); exit; } if( ($in{xhosts}) && ($in{addn_hosts} !~ /^$FILE$/) ) { my $line = "error.cgi?line=".$text{xhostsfile}; $line .= "&type=".$text{err_filebad}; &redirect( $line ); exit; } if( ($in{cache_size}) && ($in{cust_cache_size} !~ /^$NUMBER/) ) { my $line = "error.cgi?line=".$text{cust_cache_size}; $line .= "&type=".$text{err_numbbad}; &redirect( $line ); exit; } if( ($in{local_ttl}) && ($in{ttl} !~ /^$NUMBER/) ) { my $line = "error.cgi?line=".$text{ttl}; $line .= "&type=".$text{err_numbbad}; &redirect( $line ); exit; } # adjust everything to what we got # #our local domain # &update( $config{domain}{line}, "domain=".$in{local_domain}, $config_file, 1 ); # # need domains for forwarded lookups? # &update( $config{domain_needed}{line}, "domain-needed", $config_file, ( $in{domain_needed} == 1 ) ); # # add local domain to local hosts? # &update( $config{expand_hosts}{line}, "expand-hosts", $config_file, ( $in{expand_hosts} == 1 ) ); # # reverse lookups of local subnets propogating? # # NOTE: reversed logic in question! &update( $config{bogus_priv}{line}, "bogus-priv", $config_file, ( $in{bogus_priv} == 0 ) ); # # reverse lookups of local subnets propogating? # &update( $config{filterwin2k}{line}, "filterwin2k", $config_file, ( $in{filterwin2k} == 1 ) ); # # read /etc/hosts? # # NOTE: reverse logic in config file &update( $config{no_hosts}{line}, "no-hosts", $config_file, ( $in{hosts} == 0 ) ); # # read extra hosts file? # &update( $config{addn_hosts}{line}, "addn-hosts=".$in{addn_hosts}, $config_file, ( $in{xhosts} == 1 ) ); # # negative caching? # # NOTE: reverse logic in config file &update( $config{neg_cache}{line}, "no-negcache", $config_file, ( $in{neg_cache} == 0 ) ); # # custom cache size? # &update( $config{cache_size}{line}, "cache-size=".$in{cust_cache_size}, $config_file, ( $in{cache_size} == 1 ) ); # # log all lookups? # &update( $config{log_queries}{line}, "log-queries", $config_file, ( $in{log_queries} == 1 ) ); # # cache size? # &update( $config{local_ttl}{line}, "local-ttl=".$in{ttl}, $config_file, ( $in{local_ttl} == 1) ); # # # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "index.cgi" ); # # sub-routines # ### END of dns_apply.cgi ###. dnsmasq/alias_edit_apply.cgi0000755000000000000000000000407310512641777015232 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - alias_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line="error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # check user input for obvious errors if( $in{from} !~ /^$IPADDR$/ ) { my $line="error.cgi?line=".$text{forced_from}; $line .= "&type=".$text{err_notip}; &redirect( $line ); exit; } if( $in{to} !~ /^$IPADDR$/ ) { my $line="error.cgi?line=".$text{forced_ip}; $line .= "&type=".$text{err_notip}; &redirect( $line ); exit; } if( ($in{mask}) && ($in{netmask} !~ /^$IPADDR$/) ) { my $line="error.cgi?line=".$text{forced_mask}; $line .= "&type=".$text{err_notip}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="alias=".$in{from}.",".$in{to}; $line .= ",".$in{netmask} if $in{mask}; &update( $config{alias}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "alias.cgi" ); # # sub-routines # ### END of alias_edit_apply.cgi ###. dnsmasq/forced_edit_apply.cgi0000755000000000000000000000357110512642101015363 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - forced_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line="error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # check for input data errors if( $in{domain} !~ /^$NAME$/ ) { my $line="error.cgi?line=".$text{forced_domain}; $line .= "&type=".$text{err_domainbad}; &redirect( $line ); exit; } if( $in{to} !~ /^$IPADDR$/ ) { my $line="error.cgi?line=".$text{forced_domain}; $line .= "&type=".$text{err_domainbad}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="address=/".$in{domain}."/".$in{to}; &update( $config{forced}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "alias.cgi" ); # # sub-routines # ### END of forced_edit_apply.cgi ###. dnsmasq/nx_edit_apply.cgi0000755000000000000000000000331110512642170014544 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - nx_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line= "error.cgi?line=x&type=".$text{listen_addr}; &redirect( $line ); exit; } # check for input data errors if( $in{from} !~ /^$IPADDR$/ ) { my $line= "error.cgi?line=".$text{forced_from}; $line .= "&type=".$text{err_notip}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="bogus-nxdomain=".$in{from}; &update( $config{bogus}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "alias.cgi" ); # # sub-routines # ### END of nx_edit_apply.cgi ###. dnsmasq/user_edit.cgi0000755000000000000000000000417110512343452013676 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - vend_edit.cgi; edit user class # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{user_classes}."

"; print &ui_form_start( "user_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print $text{in_use}.&ui_yesno_radio( "used", ($config{user_class}[$in{idx}]{used})?1:0 ); print $text{class}. &ui_textbox( "class", $config{user_class}[$in{idx}]{class}, 60 ); print "
".$text{user}. &ui_textbox( "user", $config{user_class}[$in{idx}]{user}, 60 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "".$text{delet}.""; print "
".$text{DHCP_config}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of user_edit.cgi ###. dnsmasq/vend_edit.cgi0000755000000000000000000000421010512343567013655 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - vend_edit.cgi; edit vendor class # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { &header( "DNSMasq settings", "" ); print "

"; print $text{warn_errors}; print $config{errors}; print $text{didnt_apply}; print "

\n"; &footer( "/", $text{'index'}); exit; } # adjust everything to what we got # &header( "DNSMasq settings", "" ); print "

".$text{vendor_classes}."

"; print &ui_form_start( "vend_edit_apply.cgi", "post" ); print &ui_hidden( "idx", $in{idx} ); print $text{in_use}.&ui_yesno_radio( "used", ($config{vendor_class}[$in{idx}]{used})?1:0 ); print $text{class}. &ui_textbox( "class", $config{vendor_class}[$in{idx}]{class}, 60 ); print "
".$text{vendor}. &ui_textbox( "vendor", $config{vendor_class}[$in{idx}]{vendor}, 60 ); print "

" . &ui_submit( $text{'save_button'} )."
"; print &ui_form_end(); print "". $text{delet}.""; print "
".$text{DHCP_config}.""; &footer( "/", $text{'index'}); # # # sub-routines # ### END of vend_edit.cgi ###. dnsmasq/dhcp_apply.cgi0000755000000000000000000000536210512642064014042 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - dhcp_apply.cgi; update misc DHCP info # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line="error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # check for input data errors if( $in{bootp_addr} !~ /^$IPADDR$/ ) { my $line="error.cgi?line=".$text{bootp_address}; $line .= "&type=".$text{err_notip}; &redirect( $line ); exit; } if( $in{bootp_file} !~ /^$FILE$/ ) { my $line="error.cgi?line=".$text{bootp_file}; $line .= "&type=".$text{err_filebad}; &redirect( $line ); exit; } if( $in{bootp_host} !~ /^$NAME$/ ) { my $line="error.cgi?line=".$text{bootp_host}; $line .= "&type=".$text{err_hostbad}; &redirect( $line ); exit; } if( $in{max_leases} !~ /^$NUMBER$/ ) { my $line="error.cgi?line=".$text{max_leases}; $line .= "&type=".$text{err_numbbad}; &redirect( $line ); exit; } if( $in{leasefile} !~ /^$FILE$/ ) { my $line="error.cgi?line=".$text{leasefile}; $line .= "&type=".$text{err_filebad}; &redirect( $line ); exit; } # adjust everything to what we got # # read /etc/ethers # &update( $config{dhcp_ethers}{line}, "read-ethers", $config_file, ($in{ethers} == 1) ); # # bootp # my $line="dhcp-boot=".$in{bootp_file}.",".$in{bootp_host}; $line .= ",".$in{bootp_addr}; &update( $config{dhcp_boot}{line}, $line, $config_file, ($in{bootp} == 1) ); # # max leases # &update( $config{dhcp_leasemax}{line}, "dhcp-lease-max=".$in{max_leases}, $config_file, ($in{max_leases} != 150) ); # # leases file # &update( $config{dhcp_leasefile}{line}, "dhcp-leasefile=".$in{leasefile}, $config_file, ($in{useleasefile} == 1) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "dhcp.cgi" ); # # sub-routines # ### END of dhcp_apply.cgi ###. dnsmasq/user_edit_apply.cgi0000755000000000000000000000355710512642234015112 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - user_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line = "error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # check for input data errors if( $in{class} !~ /^$NAME$/ ) { my $line = "error.cgi?line=".$text{class}; $line .= "&type=".$text{err_namebad}; &redirect( $line ); exit; } if( $in{user} !~ /^$NAME$/ ) { my $line = "error.cgi?line=".$text{user}; $line .= "&type=".$text{err_namebad}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="dhcp-userclass=".$in{class}.",".$in{user}; &update( $config{user_class}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "dhcp.cgi" ); # # sub-routines # ### END of user_edit_apply.cgi ###. dnsmasq/vend_edit_apply.cgi0000755000000000000000000000357310512642243015066 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - vend_edit_apply.cgi; do the update # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks ## Insert Output code here # read config file $config_file = &read_file_lines( $config{config_file} ); # pass into data structure &parse_config_file( \%config, \$config_file ); # read posted data &ReadParse(); # check for errors in read config if( $config{errors} > 0 ) { my $line = "error.cgi?line=xx&type=".$text{err_configbad}; &redirect( $line ); exit; } # check for input data errors if( $in{class} !~ /^$NAME$/ ) { my $line = "error.cgi?line=".$text{class}; $line .= "&type=".$text{err_namebad}; &redirect( $line ); exit; } if( $in{vendor} !~ /^$NAME$/ ) { my $line = "error.cgi?line=".$text{vendor}; $line .= "&type=".$text{err_namebad}; &redirect( $line ); exit; } # adjust everything to what we got # my $line="dhcp-vendorclass=".$in{class}.",".$in{vendor}; &update( $config{vendor_class}[$in{idx}]{line}, $line, $config_file, ( $in{used} == 1 ) ); # # write file!! &flush_file_lines(); # # re-load basic page &redirect( "dhcp.cgi" ); # # sub-routines # ### END of vend_edit_apply.cgi ###. dnsmasq/error.cgi0000755000000000000000000000302610511350547013044 0ustar rootroot#!/usr/bin/perl # # DNSMasq Webmin Module - error.cgi; report errors # Copyright (C) 2006 by Neil Fisher # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # This module inherited from the Webmin Module Template 0.79.1 by tn do '../web-lib.pl'; do '../ui-lib.pl'; do 'dnsmasq-lib.pl'; $|=1; &init_config("DNSMasq"); %access=&get_module_acl; ## put in ACL checks here if needed ## sanity checks &header($text{'index_title'}, "", "intro", 1, 1, undef, "Written by Neil Fisher
Author
Home://page"); # uses the index_title entry from ./lang/en or appropriate ## Insert Output code here # output as web page &ReadParse(); print "

".$text{error_heading}."

"; print "

"; print $text{err_line}; print $in{line}; print "
\n"; print $text{err_type}; print $in{type}; print "

\n"; print $text{err_help}; &footer("/", $text{'index'}); # uses the index entry in /lang/en ## if subroutines are not in an extra file put them here ### END of error.cgi ###. dnsmasq-2.80.orig/contrib/wrt/0000775000000000000000000000000013350032235013210 5ustar dnsmasq-2.80.orig/contrib/wrt/README0000664000000000000000000000530713350032235014075 0ustar This script can be used to implement persistent leases on openWRT, DD-WRT etc. Persistent leases are good: if the lease database is lost on a reboot, then it will eventually be restored as hosts renew their leases. Until a host renews (which may take hours/days) it will not exist in the DNS if dnsmasq's DDNS function is in use. *WRT systems remount all non-volatile filesystems read-only after boot, so the normal leasefile will not work. They do, however have NV storage, accessed with the nvram command: /usr/lib # nvram usage: nvram [get name] [set name=value] [unset name] [show] The principle is that leases are kept in NV variable with data corresponding to the line in a leasefile: dnsmasq_lease_192.168.1.56=3600 00:41:4a:05:80:74 192.168.1.56 * * By giving dnsmasq the leasefile-ro command, it no longer creates or writes a leasefile; responsibility for maintaining the lease database transfers to the lease change script. At startup, in leasefile-ro mode, dnsmasq will run " init" and read whatever that command spits out, expecting it to be in dnsmasq leasefile format. So the lease change script, given "init" as argv[1] will suck existing leases out of the NVRAM and emit them from stdout in the correct format. The second part of the problem is keeping the NVRAM up-to-date: this is done by the lease-change script which dnsmasq runs when a lease is updated. When it is called with argv[1] as "old", "add", or "del" it updates the relevant nvram entry. So, dnsmasq should be run as : dnsmasq --leasefile-ro --dhcp-script=/path/to/lease_update.sh or the same flags added to /etc/dnsmasq.conf Notes: This needs dnsmasq-2.33 or later to work. This technique will work with, or without, compilation with HAVE_BROKEN_RTC. Compiling with HAVE_BROKEN_RTC is _highly_recommended_ for this application since is avoids problems with the system clock being warped by NTP, and it vastly reduces the number of writes to the NVRAM. With HAVE_BROKEN_RTC, NVRAM is updated only when a lease is created or destroyed; without it, a write occurs every time a lease is renewed. It probably makes sense to restrict the number of active DHCP leases to an appropriate number using dhcp-lease-max. On a new DD_WRT system, there are about 10K bytes free in the NVRAM. Each lease record is about 100 bytes, so restricting the number of leases to 50 will limit use to half that. (The default limit in the distributed source is 150) Any UI script which reads the dnsmasq leasefile will have to be amended, probably by changing it to read the output of `lease_update init` instead. Thanks: To Steve Horbachuk for checks on the script and debugging beyond the call of duty. Simon Kelley Fri Jul 28 11:51:13 BST 2006 dnsmasq-2.80.orig/contrib/wrt/lease_update.sh0000775000000000000000000000275713350032235016215 0ustar #!/bin/sh # Copyright (c) 2006 Simon Kelley # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; version 2 dated June, 1991. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # if $1 is add del or old, this is a dnsmasq-called lease-change # script, update the nvram database. if $1 is init, emit a # dnsmasq-format lease file to stdout representing the current state of the # database, this is called by dnsmasq at startup. NVRAM=/usr/sbin/nvram PREFIX=dnsmasq_lease_ # Arguments. # $1 is action (add, del, old) # $2 is MAC # $3 is address # $4 is hostname (optional, may be unset) # env. # DNSMASQ_LEASE_LENGTH or DNSMASQ_LEASE_EXPIRES (which depends on HAVE_BROKEN_RTC) # DNSMASQ_CLIENT_ID (optional, may be unset) # File. # length|expires MAC addr hostname|* CLID|* # Primary key is address. if [ ${1} = init ] ; then ${NVRAM} show | sed -n -e "/^${PREFIX}.*/ s/^.*=//p" else if [ ${1} = del ] ; then ${NVRAM} unset ${PREFIX}${3} fi if [ ${1} = old ] || [ ${1} = add ] ; then ${NVRAM} set ${PREFIX}${3}="${DNSMASQ_LEASE_LENGTH:-}${DNSMASQ_LEASE_EXPIRES:-} ${2} ${3} ${4:-*} ${DNSMASQ_CLIENT_ID:-*}" fi ${NVRAM} commit fi dnsmasq-2.80.orig/dbus/0000775000000000000000000000000013350032235011671 5ustar dnsmasq-2.80.orig/dbus/DBus-interface0000664000000000000000000001747313350032235014423 0ustar DBus support must be enabled at compile-time and run-time. Ensure that src/config.h contains the line #define HAVE_DBUS. and that /etc/dnsmasq.conf contains the line enable-dbus Because dnsmasq can operate stand-alone from the DBus, and may need to provide service before the dbus daemon is available, it will continue to run if the DBus connection is not available at startup. The DBus will be polled every 250ms until a connection is established. Start of polling and final connection establishment are both logged. When dnsmasq establishes a connection to the dbus, it sends the signal "Up". Anything controlling the server settings in dnsmasq should re-invoke the SetServers method (q.v.) when it sees this signal. This allows dnsmasq to be restarted and avoids startup races with the provider of nameserver information. Dnsmasq provides one service on the DBus: uk.org.thekelleys.dnsmasq and a single object: /uk/org/thekelleys/dnsmasq The name of the service may be changed by giving an argument to --enable-dbus. 1. METHODS ---------- Methods are of the form uk.org.thekelleys. Available methods are: GetVersion ---------- Returns a string containing the version of dnsmasq running. ClearCache ---------- Returns nothing. Clears the domain name cache and re-reads /etc/hosts. The same as sending dnsmasq a HUP signal. SetFilterWin2KOption -------------------- Takes boolean, sets or resets the --filterwin2k option. SetBogusPrivOption ------------------ Takes boolean, sets or resets the --bogus-priv option. SetServers ---------- Returns nothing. Takes a set of arguments representing the new upstream DNS servers to be used by dnsmasq. IPv4 addresses are represented as a UINT32 (in network byte order) and IPv6 addresses are represented as sixteen BYTEs (since there is no UINT128 type). Each server address may be followed by one or more STRINGS, which are the domains for which the preceding server should be used. Examples. UINT32: UNIT32: is equivalent to --server= --server= UINT32 UINT32 STRING "somedomain.com" is equivalent to --server= --server=/somedomain.com/ UINT32 UINT32 STRING "somedomain.com" UINT32 STRING "anotherdomain.com" STRING "thirddomain.com" is equivalent to --server= --server=/somedomain.com/ --server=/anotherdomain.com/thirddomain.com/ Am IPv4 address of 0.0.0.0 is interpreted as "no address, local only", so UINT32: <0.0.0.0> STRING "local.domain" is equivalent to --local=/local.domain/ Each call to SetServers completely replaces the set of servers specified by via the DBus, but it leaves any servers specified via the command line or /etc/dnsmasq.conf or /etc/resolv.conf alone. SetServersEx ------------ This function is more flexible and the SetServers function, in that it can handle address scoping, port numbers, and is easier for clients to use. Returns nothing. Takes a set of arguments representing the new upstream DNS servers to be used by dnsmasq. All addresses (both IPv4 and IPv6) are represented as STRINGS. Each server address may be followed by one or more STRINGS, which are the domains for which the preceding server should be used. This function takes an array of STRING arrays, where each inner array represents a set of DNS servers and domains for which those servers may be used. Each string represents a list of upstream DNS servers first, and domains second. Mixing of domains and servers within a the string array is not allowed. Examples. [ ["1.2.3.4", "foobar.com"], ["1003:1234:abcd::1%eth0", "eng.mycorp.com", "lab.mycorp.com"] ] is equivalent to --server=/foobar.com/1.2.3.4 \ --server=/eng.mycorp.com/lab.mycorp.com/1003:1234:abcd::1%eth0 An IPv4 address of 0.0.0.0 is interpreted as "no address, local only", so [ ["0.0.0.0", "local.domain"] ] is equivalent to --local=/local.domain/ Each call to SetServersEx completely replaces the set of servers specified by via the DBus, but it leaves any servers specified via the command line or /etc/dnsmasq.conf or /etc/resolv.conf alone. SetDomainServers ---------------- Yes another variation for setting DNS servers, with the capability of SetServersEx, but without using arrays of arrays, which are not sendable with dbus-send. The arguments are an array of strings which are identical to the equivalent arguments --server, so the example for SetServersEx is represented as [ "/foobar.com/1.2.3.4" "/eng.mycorp.com/lab.mycorp.com/1003:1234:abcd::1%eth0" ] GetLoopServers -------------- (Only available if dnsmasq compiled with HAVE_LOOP) Return an array of strings, each string is the IP address of an upstream server which has been found to loop queries back to this dnsmasq instance, and it therefore not being used. AddDhcpLease ------------ Returns nothing. Adds or updates a DHCP or DHCPv6 lease to the internal lease database, as if a client requested and obtained a lease. If a lease for the IPv4 or IPv6 address already exist, it is overwritten. Note that this function will trigger the DhcpLeaseAdded or DhcpLeaseUpdated D-Bus signal and will run the configured DHCP lease script accordingly. This function takes many arguments which are the lease parameters: - A string with the textual representation of the IPv4 or IPv6 address of the client. Examples: "192.168.1.115" "1003:1234:abcd::1%eth0" "2001:db8:abcd::1" - A string representing the hardware address of the client, using the same format as the one used in the lease database. Examples: "00:23:45:67:89:ab" "06-00:20:e0:3b:13:af" (token ring) - The hostname of the client, as an array of bytes (so there is no problem with non-ASCII character encoding). May be empty. Example (for "hostname.or.fqdn"): [104, 111, 115, 116, 110, 97, 109, 101, 46, 111, 114, 46, 102, 113, 100, 110] - The client identifier (IPv4) or DUID (IPv6) as an array of bytes. May be empty. Examples: DHCPv6 DUID: [0, 3, 0, 1, 0, 35, 69, 103, 137, 171] DHCPv4 client identifier: [255, 12, 34, 56, 78, 0, 1, 0, 1, 29, 9, 99, 190, 35, 69, 103, 137, 171] - The duration of the lease, in seconds. If the lease is updated, then the duration replaces the previous duration. Example: 7200 - The IAID (Identity association identifier) of the DHCPv6 lease, as a network byte-order unsigned integer. For DHCPv4 leases, this must be set to 0. Example (for IPv6): 203569230 - A boolean which, if true, indicates that the DHCPv6 lease is for a temporary address (IA_TA). If false, the DHCPv6 lease is for a non-temporary address (IA_NA). For DHCPv4 leases, this must be set to false. RemoveDhcpLease --------------- Returns nothing. Removes a DHCP or DHCPv6 lease to the internal lease database, as if a client sent a release message to abandon a lease. This function takes only one parameter: the text representation of the IPv4 or IPv6 address of the lease to remove. Note that this function will trigger the DhcpLeaseRemoved signal and the configured DHCP lease script will be run with the "del" action. GetMetrics ---------- Returns an array with various metrics for DNS and DHCP. 2. SIGNALS ---------- If dnsmasq's DHCP server is active, it will send signals over DBUS whenever the DHCP lease database changes. Think of these signals as transactions on a database with the IP address acting as the primary key. Signals are of the form: uk.org.thekelleys. and their parameters are: STRING "192.168.1.115" STRING "01:23:45:67:89:ab" STRING "hostname.or.fqdn" Available signals are: DhcpLeaseAdded --------------- This signal is emitted when a DHCP lease for a given IP address is created. DhcpLeaseDeleted ---------------- This signal is emitted when a DHCP lease for a given IP address is deleted. DhcpLeaseUpdated ---------------- This signal is emitted when a DHCP lease for a given IP address is updated. dnsmasq-2.80.orig/dbus/dnsmasq.conf0000664000000000000000000000073313350032235014211 0ustar dnsmasq-2.80.orig/dnsmasq.conf.example0000664000000000000000000006536513350032235014722 0ustar # Configuration file for dnsmasq. # # Format is one option per line, legal options are the same # as the long options legal on the command line. See # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. # Listen on this specific port instead of the standard DNS port # (53). Setting this to zero completely disables DNS function, # leaving only DHCP and/or TFTP. #port=5353 # The following two options make you a better netizen, since they # tell dnsmasq to filter out queries which the public DNS cannot # answer, and which load the servers (especially the root servers) # unnecessarily. If you have a dial-on-demand link they also stop # these requests from bringing up the link unnecessarily. # Never forward plain names (without a dot or domain part) #domain-needed # Never forward addresses in the non-routed address spaces. #bogus-priv # Uncomment these to enable DNSSEC validation and caching: # (Requires dnsmasq to be built with DNSSEC option.) #conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf #dnssec # Replies which are not DNSSEC signed may be legitimate, because the domain # is unsigned, or may be forgeries. Setting this option tells dnsmasq to # check that an unsigned reply is OK, by finding a secure proof that a DS # record somewhere between the root and the domain does not exist. # The cost of setting this is that even queries in unsigned domains will need # one or more extra DNS queries to verify. #dnssec-check-unsigned # Uncomment this to filter useless windows-originated DNS requests # which can trigger dial-on-demand links needlessly. # Note that (amongst other things) this blocks all SRV requests, # so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. # This option only affects forwarding, SRV records originating for # dnsmasq (via srv-host= lines) are not suppressed by it. #filterwin2k # Change this line if you want dns to get its upstream servers from # somewhere other that /etc/resolv.conf #resolv-file= # By default, dnsmasq will send queries to any of the upstream # servers it knows about and tries to favour servers to are known # to be up. Uncommenting this forces dnsmasq to try each query # with each server strictly in the order they appear in # /etc/resolv.conf #strict-order # If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #no-resolv # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv # files for changes and re-read them then uncomment this. #no-poll # Add other name servers here, with domain specs if they are for # non-public domains. #server=/localnet/192.168.0.1 # Example of routing PTR queries to nameservers: this will send all # address->name queries for 192.168.3/24 to nameserver 10.1.2.3 #server=/3.168.192.in-addr.arpa/10.1.2.3 # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. #local=/localnet/ # Add domains which you want to force to an IP address here. # The example below send any host in double-click.net to a local # web-server. #address=/double-click.net/127.0.0.1 # --address (and --server) work with IPv6 addresses too. #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83 # Add the IPs of all queries to yahoo.com, google.com, and their # subdomains to the vpn and search ipsets: #ipset=/yahoo.com/google.com/vpn,search # You can control how dnsmasq talks to a server: this forces # queries to 10.1.2.3 to be routed via eth1 # server=10.1.2.3@eth1 # and this sets the source (ie local) address used to talk to # 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that # IP on the machine, obviously). # server=10.1.2.3@192.168.1.1#55 # If you want dnsmasq to change uid and gid to something other # than the default, edit the following lines. #user= #group= # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. #interface= # Or you can specify which interface _not_ to listen on #except-interface= # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) #listen-address= # If you want dnsmasq to provide only DNS service on an interface, # configure it as shown above, and then use the following line to # disable DHCP and TFTP on it. #no-dhcp-interface= # On systems which support it, dnsmasq binds the wildcard address, # even when it is listening on only some interfaces. It then discards # requests that it shouldn't reply to. This has the advantage of # working even when interfaces come and go and change address. If you # want dnsmasq to really bind only the interfaces it is listening on, # uncomment this option. About the only time you may need this is when # running another nameserver on the same machine. #bind-interfaces # If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. #no-hosts # or if you want it to read another file, as well as /etc/hosts, use # this. #addn-hosts=/etc/banner_add_hosts # Set this (and domain: see below) if you want to have a domain # automatically added to simple names in a hosts-file. #expand-hosts # Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. # 1) Allows DHCP hosts to have fully qualified domain names, as long # as the domain part matches this setting. # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" #domain=thekelleys.org.uk # Set a different domain for a particular subnet #domain=wireless.thekelleys.org.uk,192.168.2.0/24 # Same idea, but range rather then subnet #domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200 # Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally # a lease time. If you have more than one network, you will need to # repeat this for each network on which you want to supply DHCP # service. #dhcp-range=192.168.0.50,192.168.0.150,12h # This is an example of a DHCP range where the netmask is given. This # is needed for networks we reach the dnsmasq DHCP server via a relay # agent. If you don't know what a DHCP relay agent is, you probably # don't need to worry about this. #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h # This is an example of a DHCP range which sets a tag, so that # some DHCP options may be set only for this network. #dhcp-range=set:red,192.168.0.50,192.168.0.150 # Use this DHCP range only when the tag "green" is set. #dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h # Specify a subnet which can't be used for dynamic address allocation, # is available for hosts with matching --dhcp-host lines. Note that # dhcp-host declarations will be ignored unless there is a dhcp-range # of some type for the subnet in question. # In this case the netmask is implied (it comes from the network # configuration on the machine running dnsmasq) it is possible to give # an explicit netmask instead. #dhcp-range=192.168.0.0,static # Enable DHCPv6. Note that the prefix-length does not need to be specified # and defaults to 64 if missing/ #dhcp-range=1234::2, 1234::500, 64, 12h # Do Router Advertisements, BUT NOT DHCP for this subnet. #dhcp-range=1234::, ra-only # Do Router Advertisements, BUT NOT DHCP for this subnet, also try and # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack # hosts. Use the DHCPv4 lease to derive the name, network segment and # MAC address and assume that the host will also have an # IPv6 address calculated using the SLAAC algorithm. #dhcp-range=1234::, ra-names # Do Router Advertisements, BUT NOT DHCP for this subnet. # Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.) #dhcp-range=1234::, ra-only, 48h # Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA # so that clients can use SLAAC addresses as well as DHCP ones. #dhcp-range=1234::2, 1234::500, slaac # Do Router Advertisements and stateless DHCP for this subnet. Clients will # not get addresses from DHCP, but they will get other configuration information. # They will use SLAAC for addresses. #dhcp-range=1234::, ra-stateless # Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses # from DHCPv4 leases. #dhcp-range=1234::, ra-stateless, ra-names # Do router advertisements for all subnets where we're doing DHCPv6 # Unless overridden by ra-stateless, ra-names, et al, the router # advertisements will have the M and O bits set, so that the clients # get addresses and configuration from DHCPv6, and the A bit reset, so the # clients don't use SLAAC addresses. #enable-ra # Supply parameters for specified hosts using DHCP. There are lots # of valid alternatives, so we will give examples of each. Note that # IP addresses DO NOT have to be in the range given above, they just # need to be on the same network. The order of the parameters in these # do not matter, it's permissible to give name, address and MAC in any # order. # Always allocate the host with Ethernet address 11:22:33:44:55:66 # The IP address 192.168.0.60 #dhcp-host=11:22:33:44:55:66,192.168.0.60 # Always set the name of the host with hardware address # 11:22:33:44:55:66 to be "fred" #dhcp-host=11:22:33:44:55:66,fred # Always give the host with Ethernet address 11:22:33:44:55:66 # the name fred and IP address 192.168.0.60 and lease time 45 minutes #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m # Give a host with Ethernet address 11:22:33:44:55:66 or # 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume # that these two Ethernet interfaces will never be in use at the same # time, and give the IP address to the second, even if it is already # in use by the first. Useful for laptops with wired and wireless # addresses. #dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60 # Give the machine which says its name is "bert" IP address # 192.168.0.70 and an infinite lease #dhcp-host=bert,192.168.0.70,infinite # Always give the host with client identifier 01:02:02:04 # the IP address 192.168.0.60 #dhcp-host=id:01:02:02:04,192.168.0.60 # Always give the InfiniBand interface with hardware address # 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the # ip address 192.168.0.61. The client id is derived from the prefix # ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of # hex digits of the hardware address. #dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61 # Always give the host with client identifier "marjorie" # the IP address 192.168.0.60 #dhcp-host=id:marjorie,192.168.0.60 # Enable the address given for "judge" in /etc/hosts # to be given to a machine presenting the name "judge" when # it asks for a DHCP lease. #dhcp-host=judge # Never offer DHCP service to a machine whose Ethernet # address is 11:22:33:44:55:66 #dhcp-host=11:22:33:44:55:66,ignore # Ignore any client-id presented by the machine with Ethernet # address 11:22:33:44:55:66. This is useful to prevent a machine # being treated differently when running under different OS's or # between PXE boot and OS boot. #dhcp-host=11:22:33:44:55:66,id:* # Send extra options which are tagged as "red" to # the machine with Ethernet address 11:22:33:44:55:66 #dhcp-host=11:22:33:44:55:66,set:red # Send extra options which are tagged as "red" to # any machine with Ethernet address starting 11:22:33: #dhcp-host=11:22:33:*:*:*,set:red # Give a fixed IPv6 address and name to client with # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 # Note the MAC addresses CANNOT be used to identify DHCPv6 clients. # Note also that the [] around the IPv6 address are obligatory. #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] # Ignore any clients which are not specified in dhcp-host lines # or /etc/ethers. Equivalent to ISC "deny unknown-clients". # This relies on the special "known" tag which is set when # a host is matched. #dhcp-ignore=tag:!known # Send extra options which are tagged as "red" to any machine whose # DHCP vendorclass string includes the substring "Linux" #dhcp-vendorclass=set:red,Linux # Send extra options which are tagged as "red" to any machine one # of whose DHCP userclass strings includes the substring "accounts" #dhcp-userclass=set:red,accounts # Send extra options which are tagged as "red" to any machine whose # MAC address matches the pattern. #dhcp-mac=set:red,00:60:8C:*:*:* # If this line is uncommented, dnsmasq will read /etc/ethers and act # on the ethernet-address/IP pairs found there just as if they had # been given as --dhcp-host options. Useful if you keep # MAC-address/host mappings there for other purposes. #read-ethers # Send options to hosts which ask for a DHCP lease. # See RFC 2132 for details of available options. # Common options can be given to dnsmasq by name: # run "dnsmasq --help dhcp" to get a list. # Note that all the common settings, such as netmask and # broadcast address, DNS server and default route, are given # sane defaults by dnsmasq. You very likely will not need # any dhcp-options. If you use Windows clients and Samba, there # are some options which are recommended, they are detailed at the # end of this section. # Override the default route supplied by dnsmasq, which assumes the # router is the same machine as the one running dnsmasq. #dhcp-option=3,1.2.3.4 # Do the same thing, but using the option name #dhcp-option=option:router,1.2.3.4 # Override the default route supplied by dnsmasq and send no default # route at all. Note that this only works for the options sent by # default (1, 3, 6, 12, 28) the same line will send a zero-length option # for all other option numbers. #dhcp-option=3 # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5 #dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5 # Send DHCPv6 option. Note [] around IPv6 addresses. #dhcp-option=option6:dns-server,[1234::77],[1234::88] # Send DHCPv6 option for namservers as the machine running # dnsmasq and another. #dhcp-option=option6:dns-server,[::],[1234::88] # Ask client to poll for option changes every six hours. (RFC4242) #dhcp-option=option6:information-refresh-time,6h # Set option 58 client renewal time (T1). Defaults to half of the # lease time if not specified. (RFC2132) #dhcp-option=option:T1,1m # Set option 59 rebinding time (T2). Defaults to 7/8 of the # lease time if not specified. (RFC2132) #dhcp-option=option:T2,2m # Set the NTP time server address to be the same machine as # is running dnsmasq #dhcp-option=42,0.0.0.0 # Set the NIS domain name to "welly" #dhcp-option=40,welly # Set the default time-to-live to 50 #dhcp-option=23,50 # Set the "all subnets are local" flag #dhcp-option=27,1 # Send the etherboot magic flag and then etherboot options (a string). #dhcp-option=128,e4:45:74:68:00:00 #dhcp-option=129,NIC=eepro100 # Specify an option which will only be sent to the "red" network # (see dhcp-range for the declaration of the "red" network) # Note that the tag: part must precede the option: part. #dhcp-option = tag:red, option:ntp-server, 192.168.1.1 # The following DHCP options set up dnsmasq in the same way as is specified # for the ISC dhcpcd in # http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt # adapted for a typical dnsmasq installation where the host running # dnsmasq is also the host running samba. # you may want to uncomment some or all of them if you use # Windows clients and Samba. #dhcp-option=19,0 # option ip-forwarding off #dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) #dhcp-option=45,0.0.0.0 # netbios datagram distribution server #dhcp-option=46,8 # netbios node type # Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave. #dhcp-option=252,"\n" # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client # probably doesn't support this...... #dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com # Send RFC-3442 classless static routes (note the netmask encoding) #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8 # Send vendor-class specific options encapsulated in DHCP option 43. # The meaning of the options is defined by the vendor-class so # options are sent only when the client supplied vendor class # matches the class given here. (A substring match is OK, so "MSFT" # matches "MSFT" and "MSFT 5.0"). This example sets the # mtftp address to 0.0.0.0 for PXEClients. #dhcp-option=vendor:PXEClient,1,0.0.0.0 # Send microsoft-specific option to tell windows to release the DHCP lease # when it shuts down. Note the "i" flag, to tell dnsmasq to send the # value as a four-byte integer - that's what microsoft wants. See # http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true #dhcp-option=vendor:MSFT,2,1i # Send the Encapsulated-vendor-class ID needed by some configurations of # Etherboot to allow is to recognise the DHCP server. #dhcp-option=vendor:Etherboot,60,"Etherboot" # Send options to PXELinux. Note that we need to send the options even # though they don't appear in the parameter request list, so we need # to use dhcp-option-force here. # See http://syslinux.zytor.com/pxe.php#special for details. # Magic number - needed before anything else is recognised #dhcp-option-force=208,f1:00:74:7e # Configuration file name #dhcp-option-force=209,configs/common # Path prefix #dhcp-option-force=210,/tftpboot/pxelinux/files/ # Reboot time. (Note 'i' to send 32-bit value) #dhcp-option-force=211,30i # Set the boot filename for netboot/PXE. You will only need # this if you want to boot machines over the network and you will need # a TFTP server; either dnsmasq's built-in TFTP server or an # external one. (See below for how to enable the TFTP server.) #dhcp-boot=pxelinux.0 # The same as above, but use custom tftp-server instead machine running dnsmasq #dhcp-boot=pxelinux,server.name,192.168.1.100 # Boot for iPXE. The idea is to send two different # filenames, the first loads iPXE, and the second tells iPXE what to # load. The dhcp-match sets the ipxe tag for requests from iPXE. #dhcp-boot=undionly.kpxe #dhcp-match=set:ipxe,175 # iPXE sends a 175 option. #dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php # Encapsulated options for iPXE. All the options are # encapsulated within option 175 #dhcp-option=encap:175, 1, 5b # priority code #dhcp-option=encap:175, 176, 1b # no-proxydhcp #dhcp-option=encap:175, 177, string # bus-id #dhcp-option=encap:175, 189, 1b # BIOS drive code #dhcp-option=encap:175, 190, user # iSCSI username #dhcp-option=encap:175, 191, pass # iSCSI password # Test for the architecture of a netboot client. PXE clients are # supposed to send their architecture as option 93. (See RFC 4578) #dhcp-match=peecees, option:client-arch, 0 #x86-32 #dhcp-match=itanics, option:client-arch, 2 #IA64 #dhcp-match=hammers, option:client-arch, 6 #x86-64 #dhcp-match=mactels, option:client-arch, 7 #EFI x86-64 # Do real PXE, rather than just booting a single file, this is an # alternative to dhcp-boot. #pxe-prompt="What system shall I netboot?" # or with timeout before first available action is taken: #pxe-prompt="Press F8 for menu.", 60 # Available boot services. for PXE. #pxe-service=x86PC, "Boot from local disk" # Loads /pxelinux.0 from dnsmasq TFTP server. #pxe-service=x86PC, "Install Linux", pxelinux # Loads /pxelinux.0 from TFTP server at 1.2.3.4. # Beware this fails on old PXE ROMS. #pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4 # Use bootserver on network, found my multicast or broadcast. #pxe-service=x86PC, "Install windows from RIS server", 1 # Use bootserver at a known IP address. #pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4 # If you have multicast-FTP available, # information for that can be passed in a similar way using options 1 # to 5. See page 19 of # http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf # Enable dnsmasq's built-in TFTP server #enable-tftp # Set the root directory for files available via FTP. #tftp-root=/var/ftpd # Do not abort if the tftp-root is unavailable #tftp-no-fail # Make the TFTP server more secure: with this set, only files owned by # the user dnsmasq is running as will be send over the net. #tftp-secure # This option stops dnsmasq from negotiating a larger blocksize for TFTP # transfers. It will slow things down, but may rescue some broken TFTP # clients. #tftp-no-blocksize # Set the boot file name only when the "red" tag is set. #dhcp-boot=tag:red,pxelinux.red-net # An example of dhcp-boot with an external TFTP server: the name and IP # address of the server are given after the filename. # Can fail with old PXE ROMS. Overridden by --pxe-service. #dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3 # If there are multiple external tftp servers having a same name # (using /etc/hosts) then that name can be specified as the # tftp_servername (the third option to dhcp-boot) and in that # case dnsmasq resolves this name and returns the resultant IP # addresses in round robin fashion. This facility can be used to # load balance the tftp load among a set of servers. #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name # Set the limit on DHCP leases, the default is 150 #dhcp-lease-max=150 # The DHCP server needs somewhere on disk to keep its lease database. # This defaults to a sane location, but if you want to change it, use # the line below. #dhcp-leasefile=/var/lib/misc/dnsmasq.leases # Set the DHCP server to authoritative mode. In this mode it will barge in # and take over the lease for any client which broadcasts on the network, # whether it has a record of the lease or not. This avoids long timeouts # when a machine wakes up on a new network. DO NOT enable this if there's # the slightest chance that you might end up accidentally configuring a DHCP # server for your campus/company accidentally. The ISC server uses # the same option, and this URL provides more information: # http://www.isc.org/files/auth.html #dhcp-authoritative # Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039. # In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit # option with a DHCPACK including a Rapid Commit option and fully committed address # and configuration information. This must only be enabled if either the server is # the only server for the subnet, or multiple servers are present and they each # commit a binding for all clients. #dhcp-rapid-commit # Run an executable when a DHCP lease is created or destroyed. # The arguments sent to the script are "add" or "del", # then the MAC address, the IP address and finally the hostname # if there is one. #dhcp-script=/bin/echo # Set the cachesize here. #cache-size=150 # If you want to disable negative caching, uncomment this. #no-negcache # Normally responses which come from /etc/hosts and the DHCP lease # file have Time-To-Live set as zero, which conventionally means # do not cache further. If you are happy to trade lower load on the # server for potentially stale date, you can set a time-to-live (in # seconds) here. #local-ttl= # If you want dnsmasq to detect attempts by Verisign to send queries # to unregistered .com and .net hosts to its sitefinder service and # have dnsmasq instead return the correct NXDOMAIN response, uncomment # this line. You can add similar lines to do the same for other # registries which have implemented wildcard A records. #bogus-nxdomain=64.94.110.11 # If you want to fix up DNS results from upstream servers, use the # alias option. This only works for IPv4. # This alias makes a result of 1.2.3.4 appear as 5.6.7.8 #alias=1.2.3.4,5.6.7.8 # and this maps 1.2.3.x to 5.6.7.x #alias=1.2.3.0,5.6.7.0,255.255.255.0 # and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40 #alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 # Change these lines if you want dnsmasq to serve MX records. # Return an MX record named "maildomain.com" with target # servermachine.com and preference 50 #mx-host=maildomain.com,servermachine.com,50 # Set the default target for MX records created using the localmx option. #mx-target=servermachine.com # Return an MX record pointing to the mx-target for all local # machines. #localmx # Return an MX record pointing to itself for all local machines. #selfmx # Change the following lines if you want dnsmasq to serve SRV # records. These are useful if you want to serve ldap requests for # Active Directory and other windows-originated DNS requests. # See RFC 2782. # You may add multiple srv-host lines. # The fields are ,,,, # If the domain part if missing from the name (so that is just has the # service and protocol sections) then the domain given by the domain= # config option is used. (Note that expand-hosts does not need to be # set for this to work.) # A SRV record sending LDAP for the example.com domain to # ldapserver.example.com port 389 #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 # A SRV record sending LDAP for the example.com domain to # ldapserver.example.com port 389 (using domain=) #domain=example.com #srv-host=_ldap._tcp,ldapserver.example.com,389 # Two SRV records for LDAP, each with different priorities #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 # A SRV record indicating that there is no LDAP server for the domain # example.com #srv-host=_ldap._tcp.example.com # The following line shows how to make dnsmasq serve an arbitrary PTR # record. This is useful for DNS-SD. (Note that the # domain-name expansion done for SRV records _does_not # occur for PTR records.) #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" # Change the following lines to enable dnsmasq to serve TXT records. # These are used for things like SPF and zeroconf. (Note that the # domain-name expansion done for SRV records _does_not # occur for TXT records.) #Example SPF. #txt-record=example.com,"v=spf1 a -all" #Example zeroconf #txt-record=_http._tcp.example.com,name=value,paper=A4 # Provide an alias for a "local" DNS name. Note that this _only_ works # for targets which are names from DHCP or /etc/hosts. Give host # "bert" another name, bertrand #cname=bertand,bert # For debugging purposes, log each DNS query as it passes through # dnsmasq. #log-queries # Log lots of extra information about DHCP transactions. #log-dhcp # Include another lot of configuration options. #conf-file=/etc/dnsmasq.more.conf #conf-dir=/etc/dnsmasq.d # Include all the files in a directory except those ending in .bak #conf-dir=/etc/dnsmasq.d,.bak # Include all files in a directory which end in .conf #conf-dir=/etc/dnsmasq.d/,*.conf # If a DHCP client claims that its name is "wpad", ignore that. # This fixes a security hole. see CERT Vulnerability VU#598349 #dhcp-name-match=set:wpad-ignore,wpad #dhcp-ignore-names=tag:wpad-ignore dnsmasq-2.80.orig/doc.html0000664000000000000000000001316413350032235012374 0ustar Dnsmasq - network services for small networks.

Dnsmasq
Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks. Supported platforms include Linux (with glibc and uclibc), Android, *BSD, and Mac OS X. Dnsmasq is included in most Linux distributions and the ports systems of FreeBSD, OpenBSD and NetBSD. Dnsmasq provides full IPv6 support.

The DNS subsystem provides a local DNS server for the network, with forwarding of all query types to upstream recursive DNS servers and caching of common record types (A, AAAA, CNAME and PTR, also DNSKEY and DS when DNSSEC is enabled).

  • Local DNS names can be defined by reading /etc/hosts, by importing names from the DHCP subsystem, or by configuration of a wide range of useful record types.
  • Upstream servers can be configured in a variety of convenient ways, including dynamic configuration as these change on moving upstream network.
  • Authoritative DNS mode allows local DNS names may be exported to zone in the global DNS. Dnsmasq acts as authoritative server for this zone, and also provides zone transfer to secondaries for the zone, if required.
  • DNSSEC validation may be performed on DNS replies from upstream nameservers, providing security against spoofing and cache poisoning.
  • Specified sub-domains can be directed to their own upstream DNS servers, making VPN configuration easy.
  • Internationalised domain names are supported.

    • The DHCP subsystem supports DHCPv4, DHCPv6, BOOTP and PXE.

  • Both static and dynamic DHCP leases are supported, along with stateless mode in DHCPv6.
  • The PXE system is a full PXE server, supporting netboot menus and multiple architecture support. It includes proxy-mode, where the PXE system co-operates with another DHCP server.
  • There is a built in read-only TFTP server to support netboot.
  • Machines which are configured by DHCP have their names automatically included in the DNS and the names can specified by each machine or centrally by associating a name with a MAC address or UID in the dnsmasq configuration file.
    •

    The Router Advertisement subsystem provides basic autoconfiguration for IPv6 hosts. It can be used stand-alone or in conjunction with DHCPv6.

  • The M and O bits are configurable, to control hosts' use of DHCPv6.
  • Router advertisements can include the RDNSS option.
  • There is a mode which uses name information from DHCPv4 configuration to provide DNS entries for autoconfigured IPv6 addresses which would otherwise be anonymous.
    •

    For extra compactness, unused features may be omitted at compile time.

    Get code.

    Download dnsmasq here. The tarball includes this documentation, source, and manpage. There is also a CHANGELOG and a FAQ. Dnsmasq has a git repository which contains the complete release history of version 2 and development history from 2.60. You can browse the repo, or get a copy using git protocol with the command 
    git clone git://thekelleys.org.uk/dnsmasq.git
    or 
    git clone http://thekelleys.org.uk/git/dnsmasq.git

    License.

    Dnsmasq is distributed under the GPL, version 2 or version 3 at your discretion. See the files COPYING and COPYING-v3 in the distribution for details.

    Contact.

    There is a dnsmasq mailing list at http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss which should be the first location for queries, bugreports, suggestions etc. The list is mirrored, with a search facility, at https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/. You can contact me at simon@thekelleys.org.uk.

    Donations.

    Dnsmasq is mainly written and maintained by Simon Kelley. For most of its life, dnsmasq has been a spare-time project. These days I'm working on it as my main activity. I don't have an employer or anyone who pays me regularly to work on dnsmasq. If you'd like to make a contribution towards my expenses, please use the donation button below.
    dnsmasq-2.80.orig/logo/0000775000000000000000000000000013350032235011674 5ustar dnsmasq-2.80.orig/logo/README0000664000000000000000000000043013350032235012551 0ustar Dnsmasq logo, contributed by Justin Clift. The source format is Inkscape SVG vector format, which is scalable and easy to export to other formats. For convenience I've included a 56x31 png export and a 16x16 ico suitable for use as a web favicon. Simon Kelley, 22/10/2010 dnsmasq-2.80.orig/logo/favicon.ico0000664000000000000000000000257613350032235014027 0ustar h( ^effggcfhh o p n sty|~xx|(,178;z?@A{DAvGGFGIqOLPRRiUWWWa\Z]]__azdbfQyPy^99;?LJSCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC>>>CCCCCC>>>CCCB >>CC>>>CB ,5 >B,= @@"@@:>;@' 9@0,@#&% >C@6+.)$!%(*>CCC>@47132/-48>CCCCCCB>A>>CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCdnsmasq-2.80.orig/logo/icon.png0000664000000000000000000000550613350032235013340 0ustar PNG  IHDR8/sBIT|d pHYs B(xtEXtSoftwarewww.inkscape.org< IDATX͙ypTEǿL&w2Ia0II@@aQPkr]]jK]-Z֋$rHB so׽{3/*k̼_׿7sB1~4TU T鼜0K)YHg ~_Qr ׅNo `)*O>I {7 ZM5BrEdF%WdE&nF Ʊ% PG 9,.*Kfmy%@xOgZ% \ lXt*P%(@ԉ()mM͵y‰n|5`'&L#-"b!4U̙? ӅXAc& ?'(anEe~80+.BC66mѪ]r`>y!3A%,Wum>'ltЬ a*#h܅vZT/oXݿ׃)kI!& [ʦOkA!% %N6c_$ox]Ihl&LHO WfZȫO 6pF\ MzgoGrIq{ * c8^xn&y_=Nr1U<2~LtFt  DH#m 7<]J<&f+VGfRH9׻p^a6q*ahޘ줫9W9< Ύ.zTD %C9]9]``*[B%˵5&ߊvxզ2v鋏e^d9(mZPPY4h5gp%Wutk^yy$T}+xդ~ĴH{li zH)/*s(U3[Bˁ~:B`*gj+[oI_̘ @3:v`Z?܌t3]X?p0 ;oQY}ec;I=lv邝EqB%vJG;`N !R,zN\O #8b 0۱7ÔF,n ]f.8Nu;sʪ5O\ӆMkWEI I߬ތIg (Dmc>$u'/GL8w*yɷչYuDtJ$1$JjCU*1DUM fv>>0^W-Jɩ篪|Y8{jJ߂Ip|w{̬1,Vrҧ >\JMvRwdxgW 6UR}ŌqLњGv%ye8CsKqm wPzs3 P  >5dl\*ͧŹb p۴0J]8  h#}^L!:h;(w/;X;NN_W -;ʮQjNIogcMÚ!<JFwi;3rtQn]yJaIq!$1@x%(w1Ys). ^ qPăGv)rNYO*KV,s7܁@9g݇ ޱbLuW4t Wt^ۨ~VF:Ηe#r˾B`xWcDES(}Ts5|+O&G$X4)qf=,GW"KoATXb1s 0j쩛C4M-rÔ]o37~}ICМnΣ#UDzi׮8gM6G잒Rh^ ̅Xfvw\-jۗǤ֣Q,l.72v|0vejgvusooJ~Qʰ:_UBת 'RDh|u/> wNGݻdd0qz&>ƯhlS6#}`6zz,!;ueX49mA ceY@j GLýؒmnGNMs. n񠀨G ; ۞X!ssv1]5K/:tq7.k ;3jcw}&KtdQjwYOQӧA44^# 42 @kδ,*-ׄDP m" "=QvMZ/˘mL?AGFԷwnfMphܕMh%'ӵӋ4Cjѷ>l1FY9$uR 4"nk:^Sƣh6Vqmk"Ƅ#M5ڤʺPݩ5 ngF{KBʺ;ƪ7}11lrm^c6VbOND=x!)?u&aR6u_6T)JIENDB`dnsmasq-2.80.orig/logo/icon.svg0000664000000000000000000001375113350032235013354 0ustar image/svg+xml dnsmasq-2.80.orig/man/0000775000000000000000000000000013350032235011507 5ustar dnsmasq-2.80.orig/man/dnsmasq.80000664000000000000000000034046013350032235013255 0ustar .TH DNSMASQ 8 .SH NAME dnsmasq \- A lightweight DHCP and caching DNS server. .SH SYNOPSIS .B dnsmasq .I [OPTION]... .SH "DESCRIPTION" .BR dnsmasq is a lightweight DNS, TFTP, PXE, router advertisement and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. .PP Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server. It loads the contents of /etc/hosts so that local hostnames which do not appear in the global DNS can be resolved and also answers DNS queries for DHCP configured hosts. It can also act as the authoritative DNS server for one or more domains, allowing local names to appear in the global DNS. It can be configured to do DNSSEC validation. .PP The dnsmasq DHCP server supports static address assignments and multiple networks. It automatically sends a sensible default set of DHCP options, and can be configured to send any desired set of DHCP options, including vendor-encapsulated options. It includes a secure, read-only, TFTP server to allow net/PXE boot of DHCP hosts and also supports BOOTP. The PXE support is full featured, and includes a proxy mode which supplies PXE information to clients whilst DHCP address allocation is done by another server. .PP The dnsmasq DHCPv6 server provides the same set of features as the DHCPv4 server, and in addition, it includes router advertisements and a neat feature which allows naming for clients which use DHCPv4 and stateless autoconfiguration only for IPv6 configuration. There is support for doing address allocation (both DHCPv6 and RA) from subnets which are dynamically delegated via DHCPv6 prefix delegation. .PP Dnsmasq is coded with small embedded systems in mind. It aims for the smallest possible memory footprint compatible with the supported functions, and allows unneeded functions to be omitted from the compiled binary. .SH OPTIONS Note that in general missing parameters are allowed and switch off functions, for instance "--pid-file" disables writing a PID file. On BSD, unless the GNU getopt library is linked, the long form of the options does not work on the command line; it is still recognised in the configuration file. .TP .B --test Read and syntax check configuration file(s). Exit with code 0 if all is OK, or a non-zero code otherwise. Do not start up dnsmasq. .TP .B \-w, --help Display all command-line options. .B --help dhcp will display known DHCPv4 configuration options, and .B --help dhcp6 will display DHCPv6 options. .TP .B \-h, --no-hosts Don't read the hostnames in /etc/hosts. .TP .B \-H, --addn-hosts= Additional hosts file. Read the specified file as well as /etc/hosts. If \fB--no-hosts\fP is given, read only the specified file. This option may be repeated for more than one additional hosts file. If a directory is given, then read all the files contained in that directory. .TP .B --hostsdir= Read all the hosts files contained in the directory. New or changed files are read automatically. See \fB--dhcp-hostsdir\fP for details. .TP .B \-E, --expand-hosts Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names. Note that this does not apply to domain names in cnames, PTR records, TXT records etc. .TP .B \-T, --local-ttl=