Merge branch 'master' of ssh://thekelleys.org.uk/var/local/git/dnsmasq

12 files changed, 73 insertions, 34 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 4bc7fb1..780e55c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -58,6 +58,14 @@ version 2.87
 	Fix write-after-free error in DHCPv6 server code.
 	CVE-2022-0934 refers.
 	
+	Add the ability to specify destination port in
+	DHCP-relay mode. This change also removes a previous bug
+	where --dhcp-alternate-port would affect the port used
+	to relay _to_ as well as the port being listened on.
+	The new feature allows configuration to provide bug-for-bug
+	compatibility, if required. Thanks to Damian Kaczkowski 
+	for the feature suggestion.
+	
 	
 version 2.86
 	Handle DHCPREBIND requests in the DHCPv6 server code.
diff --git a/COPYING b/COPYING
index 60549be..d159169 100644
--- a/COPYING
+++ b/COPYING
@@ -1,12 +1,12 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
-			    Preamble
+                            Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -15,7 +15,7 @@ software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
+the GNU Lesser General Public License instead.)  You can apply it to
 your programs, too.
 
   When we speak of free software, we are referring to freedom, not
@@ -55,8 +55,8 @@ patent must be licensed for everyone's free use or not licensed at all.
 
   The precise terms and conditions for copying, distribution and
 modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
+
+                    GNU GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License applies to any program or other work which contains
@@ -110,7 +110,7 @@ above, provided that you also meet all of these conditions:
     License.  (Exception: if the Program itself is interactive but
     does not normally print such an announcement, your work based on
     the Program is not required to print an announcement.)
-
+
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
@@ -168,7 +168,7 @@ access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
-
+
   4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
@@ -225,7 +225,7 @@ impose that choice.
 
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
-
+
   8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
@@ -255,7 +255,7 @@ make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
 
-			    NO WARRANTY
+                            NO WARRANTY
 
   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
@@ -277,9 +277,9 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
 
   If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
@@ -291,7 +291,7 @@ convey the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
     <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) 19yy  <name of author>
+    Copyright (C) <year>  <name of author>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -303,17 +303,16 @@ the "copyright" line and a pointer to where the full notice is found.
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
 
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
 Also add information on how to contact you by electronic and paper mail.
 
 If the program is interactive, make it output a short notice like this
 when it starts in an interactive mode:
 
-    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision version 69, Copyright (C) year name of author
     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.
@@ -336,5 +335,5 @@ necessary.  Here is a sample; alter the names:
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
+library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index fea89fa..f084757 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -1342,7 +1342,7 @@ DHCP options. This make extra space available in the DHCP packet for
 options but can, rarely, confuse old or broken clients. This flag
 forces "simple and safe" behaviour to avoid problems in such a case.
 .TP
-.B --dhcp-relay=<local address>[,<server address>][,<interface]
+.B --dhcp-relay=<local address>[,<server address>[#<server port>]][,<interface]
 Configure dnsmasq to do DHCP relay. The local address is an address
 allocated to an interface on the host running dnsmasq. All DHCP
 requests arriving on that interface will we relayed to a remote DHCP
@@ -1350,9 +1350,12 @@ server at the server address. It is possible to relay from a single local
 address to multiple remote servers by using multiple \fB--dhcp-relay\fP
 configs with the same local address and different server
 addresses. A server address must be an IP literal address, not a
-domain name. If the server address is ommitted, the request will be
+domain name. If the server address is omitted, the request will be
 forwarded by broadcast (IPv4) or multicast (IPv6). In this case the interface
-must be given and not be wildcard.
+must be given and not be wildcard. The server address may specify a non-standard
+port to relay to. If this is used then \fB--dhcp-proxy\fP should likely also be set,
+otherwise parts of the DHCP conversation which do not pass through the relay
+will be delivered to the wrong port.
 
 Access control for DHCP clients has the same rules as for the DHCP
 server, see \fB--interface\fP, \fB--except-interface\fP, etc. The optional
diff --git a/src/dhcp-common.c b/src/dhcp-common.c
index 95d41da..ab18342 100644
--- a/src/dhcp-common.c
+++ b/src/dhcp-common.c
@@ -1017,7 +1017,10 @@ void log_relay(int family, struct dhcp_relay *relay)
 {
   int broadcast = relay->server.addr4.s_addr == 0;
   inet_ntop(family, &relay->local, daemon->addrbuff, ADDRSTRLEN);
-  inet_ntop(family, &relay->server, daemon->namebuff, ADDRSTRLEN); 
+  inet_ntop(family, &relay->server, daemon->namebuff, ADDRSTRLEN);
+
+  if (family == AF_INET && relay->port != DHCP_SERVER_PORT)
+    sprintf(daemon->namebuff + strlen(daemon->namebuff), "#%u", relay->port);
 
 #ifdef HAVE_DHCP6
   struct in6_addr multicast;
@@ -1025,7 +1028,11 @@ void log_relay(int family, struct dhcp_relay *relay)
   inet_pton(AF_INET6, ALL_SERVERS, &multicast);
 
   if (family == AF_INET6)
-    broadcast = IN6_ARE_ADDR_EQUAL(&relay->server.addr6, &multicast);
+    {
+      broadcast = IN6_ARE_ADDR_EQUAL(&relay->server.addr6, &multicast);
+      if (relay->port != DHCPV6_SERVER_PORT)
+	sprintf(daemon->namebuff + strlen(daemon->namebuff), "#%u", relay->port);
+    }
 #endif
   
   
diff --git a/src/dhcp.c b/src/dhcp.c
index 6104c87..8e9c606 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -1121,7 +1121,7 @@ static int relay_upstream4(int iface_index, struct dhcp_packet *mess, size_t sz)
 	
 	to.sa.sa_family = AF_INET;
 	to.in.sin_addr = relay->server.addr4;
-	to.in.sin_port = htons(daemon->dhcp_server_port);
+	to.in.sin_port = htons(relay->port);
 	
 	/* Broadcasting to server. */
 	if (relay->server.addr4.s_addr == 0)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 7cfb493..858c731 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -1665,9 +1665,10 @@ static void poll_resolv(int force, int do_reload, time_t now)
     else
       {
 	res->logged = 0;
-	if (force || (statbuf.st_mtime != res->mtime))
+	if (force || (statbuf.st_mtime != res->mtime || statbuf.st_ino != res->ino))
           {
             res->mtime = statbuf.st_mtime;
+	    res->ino = statbuf.st_ino;
 	    if (difftime(statbuf.st_mtime, last_change) > 0.0)
 	      {
 		last_change = statbuf.st_mtime;
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index bfc0fd4..a8937ce 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -665,6 +665,7 @@ struct resolvc {
   struct resolvc *next;
   int is_default, logged;
   time_t mtime;
+  ino_t ino;
   char *name;
 #ifdef HAVE_INOTIFY
   int wd; /* inotify watch descriptor */
@@ -1084,6 +1085,7 @@ struct dhcp_relay {
   union all_addr local, server;
   char *interface; /* Allowable interface for replies from server, and dest for IPv6 multicast */
   int iface_index; /* working - interface in which requests arrived, for return */
+  int port;        /* Port of relay we forward to. */
 #ifdef HAVE_SCRIPT
   struct snoop_record {
     struct in6_addr client, prefix;
diff --git a/src/dnssec.c b/src/dnssec.c
index 9965eea..daf679e 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1851,7 +1851,7 @@ static int zone_status(char *name, int class, char *keyname, time_t now)
    STAT_NEED_DS  need DS to complete validation (name is returned in keyname)
 
    daemon->rr_status points to a char array which corressponds to the RRs in the 
-   answer and auth sections. This is set to 1 for each RR which is validated, and 0 for any which aren't.
+   answer and auth sections. This is set to >1 for each RR which is validated, and 0 for any which aren't.
 
    When validating replies to DS records, we're only interested in the NSEC{3} RRs in the auth section.
    Other RRs in that section missing sigs will not cause am INSECURE reply. We determine this mode
diff --git a/src/forward.c b/src/forward.c
index c17541b..b522c1f 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -527,8 +527,8 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 		}
 #ifdef HAVE_DNSSEC
 	      else
-		log_query_mysockaddr(F_NOEXTRA | F_DNSSEC, daemon->namebuff, &srv->addr,
-				     "dnssec-retry", (forward->flags & FREC_DNSKEY_QUERY) ? T_DNSKEY : T_DS);
+		log_query_mysockaddr(F_NOEXTRA | F_DNSSEC | F_SERVER, daemon->namebuff, &srv->addr,
+				     (forward->flags & FREC_DNSKEY_QUERY) ? "dnssec-retry[DNSKEY]" : "dnssec-retry[DS]", 0);
 #endif
 
 	      srv->queries++;
diff --git a/src/netlink.c b/src/netlink.c
index da82943..c156cde 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -258,7 +258,16 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 		    
 		    while (RTA_OK(rta, len1))
 		      {
-			if (rta->rta_type == IFA_ADDRESS)
+			/*
+			 * Important comment: (from if_addr.h)
+			 * IFA_ADDRESS is prefix address, rather than local interface address.
+			 * It makes no difference for normally configured broadcast interfaces,
+			 * but for point-to-point IFA_ADDRESS is DESTINATION address,
+			 * local address is supplied in IFA_LOCAL attribute.
+			 */
+			if (rta->rta_type == IFA_LOCAL)
+			  addrp = ((struct in6_addr *)(rta+1));
+			else if (rta->rta_type == IFA_ADDRESS && !addrp)
 			  addrp = ((struct in6_addr *)(rta+1)); 
 			else if (rta->rta_type == IFA_CACHEINFO)
 			  {
diff --git a/src/option.c b/src/option.c
index 39e1179..c5e8cb4 100644
--- a/src/option.c
+++ b/src/option.c
@@ -4333,6 +4333,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	  {
 	    if (inet_pton(AF_INET, arg, &new->local))
 	      {
+		char *hash = split_chr(two, '#');
+
+		if (!hash || !atoi_check16(hash, &new->port))
+		  new->port = DHCP_SERVER_PORT;
+		
 		if (!inet_pton(AF_INET, two, &new->server))
 		  {
 		    new->server.addr4.s_addr = 0;
@@ -4351,6 +4356,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 #ifdef HAVE_DHCP6
 	    else if (inet_pton(AF_INET6, arg, &new->local))
 	      {
+		char *hash = split_chr(two, '#');
+
+		if (!hash || !atoi_check16(hash, &new->port))
+		  new->port = DHCPV6_SERVER_PORT;
+
 		if (!inet_pton(AF_INET6, two, &new->server))
 		  {
 		    inet_pton(AF_INET6, ALL_SERVERS, &new->server.addr6);
diff --git a/src/rfc3315.c b/src/rfc3315.c
index e218d26..6533197 100644
--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -2170,7 +2170,7 @@ int relay_upstream6(int iface_index, ssize_t sz,
 	
 	to.sa.sa_family = AF_INET6;
 	to.in6.sin6_addr = relay->server.addr6;
-	to.in6.sin6_port = htons(DHCPV6_SERVER_PORT);
+	to.in6.sin6_port = htons(relay->port);
 	to.in6.sin6_flowinfo = 0;
 	to.in6.sin6_scope_id = 0;