pi-hole · DL6ER · Sep 11, 2022 · Feb 18, 2022 · Feb 22, 2022 · Feb 24, 2022
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -11,6 +11,6 @@
 cmake_minimum_required(VERSION 2.8.12)
 project(PIHOLE_FTL C)
 
-set(DNSMASQ_VERSION pi-hole-2.87test8)
+set(DNSMASQ_VERSION pi-hole-v2.87rc1)
 
 add_subdirectory(src)
diff --git a/src/dnsmasq/cache.c b/src/dnsmasq/cache.c
@@ -1683,10 +1683,8 @@ int cache_make_stat(struct txt_record *t)
 	      {
 		/* expand buffer if necessary */
 		newlen = bytes_needed + 1 + bufflen - bytes_avail;
-		if (!(new = whine_malloc(newlen)))
+		if (!(new = whine_realloc(buff, newlen)))
 		  return 0;
-		memcpy(new, buff, bufflen);
-		free(buff);
 		p = new + (p - buff);
 		lenp = p - 1;
 		buff = new;

diff --git a/src/dnsmasq/dbus.c b/src/dnsmasq/dbus.c
@@ -761,8 +761,11 @@ char *dbus_init(void)
 
   dbus_error_init (&dbus_error);
   if (!(connection = dbus_bus_get (DBUS_BUS_SYSTEM, &dbus_error)))
-    return NULL;
-
+    {
+      dbus_error_free(&dbus_error);
+      return NULL;
+    }
+
   dbus_connection_set_exit_on_disconnect(connection, FALSE);
   dbus_connection_set_watch_functions(connection, add_watch, remove_watch, 
 				      NULL, NULL, NULL);

diff --git a/src/dnsmasq/dhcp-common.c b/src/dnsmasq/dhcp-common.c
@@ -685,6 +685,7 @@ const struct opttab_t {
   { "client-machine-id", 97, 0 },
   { "posix-timezone", 100, OT_NAME }, /* RFC 4833, Sec. 2 */
   { "tzdb-timezone", 101, OT_NAME }, /* RFC 4833, Sec. 2 */
+  { "ipv6-only", 108, 4 | OT_DEC },  /* RFC 8925 */ 
   { "subnet-select", 118, OT_INTERNAL },
   { "domain-search", 119, OT_RFC1035_NAME },
   { "sip-server", 120, 0 },
@@ -1017,15 +1018,22 @@ void log_relay(int family, struct dhcp_relay *relay)
 {
   int broadcast = relay->server.addr4.s_addr == 0;
   inet_ntop(family, &relay->local, daemon->addrbuff, ADDRSTRLEN);
-  inet_ntop(family, &relay->server, daemon->namebuff, ADDRSTRLEN); 
+  inet_ntop(family, &relay->server, daemon->namebuff, ADDRSTRLEN);
+
+  if (family == AF_INET && relay->port != DHCP_SERVER_PORT)
+    sprintf(daemon->namebuff + strlen(daemon->namebuff), "#%u", relay->port);
 
 #ifdef HAVE_DHCP6
   struct in6_addr multicast;
 
   inet_pton(AF_INET6, ALL_SERVERS, &multicast);
 
   if (family == AF_INET6)
-    broadcast = IN6_ARE_ADDR_EQUAL(&relay->server.addr6, &multicast);
+    {
+      broadcast = IN6_ARE_ADDR_EQUAL(&relay->server.addr6, &multicast);
+      if (relay->port != DHCPV6_SERVER_PORT)
+	sprintf(daemon->namebuff + strlen(daemon->namebuff), "#%u", relay->port);
+    }
 #endif
 
 

diff --git a/src/dnsmasq/dhcp-protocol.h b/src/dnsmasq/dhcp-protocol.h
@@ -64,6 +64,7 @@
 #define OPTION_SIP_SERVER        120
 #define OPTION_VENDOR_IDENT      124
 #define OPTION_VENDOR_IDENT_OPT  125
+#define OPTION_MUD_URL_V4        161
 #define OPTION_END               255
 
 #define SUBOPT_CIRCUIT_ID        1

diff --git a/src/dnsmasq/dhcp.c b/src/dnsmasq/dhcp.c
@@ -177,8 +177,7 @@ void dhcp_packet(time_t now, int pxe_fd)
     return;
 
 #ifdef HAVE_DUMPFILE
-  dump_packet(DUMP_DHCP, (void *)daemon->dhcp_packet.iov_base, sz, (union mysockaddr *)&dest, NULL,
-	      pxe_fd ? PXE_PORT : daemon->dhcp_server_port);
+  dump_packet_udp(DUMP_DHCP, (void *)daemon->dhcp_packet.iov_base, sz, (union mysockaddr *)&dest, NULL, fd);
 #endif
 
 #if defined (HAVE_LINUX_NETWORK)
@@ -464,8 +463,8 @@ void dhcp_packet(time_t now, int pxe_fd)
         dest.sin_addr = mess->yiaddr;
       dest.sin_port = htons(daemon->dhcp_client_port);
 
-      dump_packet(DUMP_DHCP, (void *)iov.iov_base, iov.iov_len, NULL,
-		  (union mysockaddr *)&dest, daemon->dhcp_server_port);
+      dump_packet_udp(DUMP_DHCP, (void *)iov.iov_base, iov.iov_len, NULL,
+		      (union mysockaddr *)&dest, fd);
 #endif
 
       send_via_bpf(mess, iov.iov_len, iface_addr, &ifr);
@@ -478,8 +477,8 @@ void dhcp_packet(time_t now, int pxe_fd)
 #endif
 
 #ifdef HAVE_DUMPFILE
-  dump_packet(DUMP_DHCP, (void *)iov.iov_base, iov.iov_len, NULL,
-	      (union mysockaddr *)&dest, daemon->dhcp_server_port);
+  dump_packet_udp(DUMP_DHCP, (void *)iov.iov_base, iov.iov_len, NULL,
+		  (union mysockaddr *)&dest, fd);
 #endif
 
   while(retry_send(sendmsg(fd, &msg, 0)));
@@ -1121,7 +1120,7 @@ static int relay_upstream4(int iface_index, struct dhcp_packet *mess, size_t sz)
 
 	to.sa.sa_family = AF_INET;
 	to.in.sin_addr = relay->server.addr4;
-	to.in.sin_port = htons(daemon->dhcp_server_port);
+	to.in.sin_port = htons(relay->port);
 
 	/* Broadcasting to server. */
 	if (relay->server.addr4.s_addr == 0)
@@ -1147,8 +1146,8 @@ static int relay_upstream4(int iface_index, struct dhcp_packet *mess, size_t sz)
 	  fromsock.in.sin_port = htons(daemon->dhcp_server_port);
 	  fromsock.in.sin_addr = from.addr4;
 	  fromsock.sa.sa_family = AF_INET;
-	  
-	  dump_packet(DUMP_DHCP, (void *)mess, sz, &fromsock, &to, 0);
+
+	  dump_packet_udp(DUMP_DHCP, (void *)mess, sz, &fromsock, &to, -1);
 	}
 #endif
 

diff --git a/src/dnsmasq/dhcp6-protocol.h b/src/dnsmasq/dhcp6-protocol.h
@@ -63,6 +63,7 @@
 #define OPTION6_FQDN            39
 #define OPTION6_NTP_SERVER      56
 #define OPTION6_CLIENT_MAC      79
+#define OPTION6_MUD_URL         112
 
 #define NTP_SUBOPTION_SRV_ADDR  1
 #define NTP_SUBOPTION_MC_ADDR   2

diff --git a/src/dnsmasq/dhcp6.c b/src/dnsmasq/dhcp6.c
@@ -119,8 +119,8 @@ void dhcp6_packet(time_t now)
     return;
 
 #ifdef HAVE_DUMPFILE
-  dump_packet(DUMP_DHCPV6, (void *)daemon->dhcp_packet.iov_base, sz,
-	      (union mysockaddr *)&from, NULL, DHCPV6_SERVER_PORT);
+  dump_packet_udp(DUMP_DHCPV6, (void *)daemon->dhcp_packet.iov_base, sz,
+		  (union mysockaddr *)&from, NULL, daemon->dhcp6fd);
 #endif
 
   for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
@@ -142,8 +142,8 @@ void dhcp6_packet(time_t now)
   if (relay_reply6(&from, sz, ifr.ifr_name))
     {
 #ifdef HAVE_DUMPFILE
-      dump_packet(DUMP_DHCPV6, (void *)daemon->outpacket.iov_base, save_counter(-1), NULL,
-		  (union mysockaddr *)&from, DHCPV6_SERVER_PORT);
+      dump_packet_udp(DUMP_DHCPV6, (void *)daemon->outpacket.iov_base, save_counter(-1), NULL,
+		      (union mysockaddr *)&from, daemon->dhcp6fd);
 #endif
 
       while (retry_send(sendto(daemon->dhcp6fd, daemon->outpacket.iov_base, 
@@ -254,8 +254,8 @@ void dhcp6_packet(time_t now)
 	  from.sin6_port = htons(port);
 
 #ifdef HAVE_DUMPFILE
-	  dump_packet(DUMP_DHCPV6, (void *)daemon->outpacket.iov_base, save_counter(-1),
-		      NULL, (union mysockaddr *)&from, DHCPV6_SERVER_PORT);
+	  dump_packet_udp(DUMP_DHCPV6, (void *)daemon->outpacket.iov_base, save_counter(-1),
+			  NULL, (union mysockaddr *)&from, daemon->dhcp6fd);
 #endif 
 
 	  while (retry_send(sendto(daemon->dhcp6fd, daemon->outpacket.iov_base,

diff --git a/src/dnsmasq/dnsmasq.c b/src/dnsmasq/dnsmasq.c
@@ -1689,9 +1689,10 @@ static void poll_resolv(int force, int do_reload, time_t now)
     else
       {
 	res->logged = 0;
-	if (force || (statbuf.st_mtime != res->mtime))
+	if (force || (statbuf.st_mtime != res->mtime || statbuf.st_ino != res->ino))
           {
             res->mtime = statbuf.st_mtime;
+	    res->ino = statbuf.st_ino;
 	    if (difftime(statbuf.st_mtime, last_change) > 0.0)
 	      {
 		last_change = statbuf.st_mtime;

diff --git a/src/dnsmasq/dnsmasq.h b/src/dnsmasq/dnsmasq.h
@@ -677,6 +677,7 @@ struct resolvc {
   struct resolvc *next;
   int is_default, logged;
   time_t mtime;
+  ino_t ino;
   char *name;
 #ifdef HAVE_INOTIFY
   int wd; /* inotify watch descriptor */
@@ -987,6 +988,8 @@ struct dhcp_bridge {
 
 struct cond_domain {
   char *domain, *prefix; /* prefix is text-prefix on domain name */
+  char *interface;       /* These two set when domain comes from interface. */
+  struct addrlist *al;
   struct in_addr start, end;
   struct in6_addr start6, end6;
   int is6, indexed, prefixlen;
@@ -1094,6 +1097,7 @@ struct dhcp_relay {
   union all_addr local, server;
   char *interface; /* Allowable interface for replies from server, and dest for IPv6 multicast */
   int iface_index; /* working - interface in which requests arrived, for return */
+  int port;        /* Port of relay we forward to. */
 #ifdef HAVE_SCRIPT
   struct snoop_record {
     struct in6_addr client, prefix;
@@ -1421,6 +1425,7 @@ void *safe_malloc(size_t size);
 void safe_strncpy(char *dest, const char *src, size_t size);
 void safe_pipe(int *fd, int read_noblock);
 void *whine_malloc(size_t size);
+void *whine_realloc(void *ptr, size_t size);
 int sa_len(union mysockaddr *addr);
 int sockaddr_isequal(const union mysockaddr *s1, const union mysockaddr *s2);
 int hostname_order(const char *a, const char *b);
@@ -1838,8 +1843,10 @@ int do_arp_script_run(void);
 /* dump.c */
 #ifdef HAVE_DUMPFILE
 void dump_init(void);
-void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src,
-		 union mysockaddr *dst, int port);
+void dump_packet_udp(int mask, void *packet, size_t len, union mysockaddr *src,
+		     union mysockaddr *dst, int fd);
+void dump_packet_icmp(int mask, void *packet, size_t len, union mysockaddr *src,
+		      union mysockaddr *dst);
 #endif
 
 /* domain-match.c */

diff --git a/src/dnsmasq/dnssec.c b/src/dnsmasq/dnssec.c
@@ -1851,7 +1851,7 @@ static int zone_status(char *name, int class, char *keyname, time_t now)
    STAT_NEED_DS  need DS to complete validation (name is returned in keyname)
 
    daemon->rr_status points to a char array which corressponds to the RRs in the 
-   answer and auth sections. This is set to 1 for each RR which is validated, and 0 for any which aren't.
+   answer and auth sections. This is set to >1 for each RR which is validated, and 0 for any which aren't.
 
    When validating replies to DS records, we're only interested in the NSEC{3} RRs in the auth section.
    Other RRs in that section missing sigs will not cause am INSECURE reply. We determine this mode

diff --git a/src/dnsmasq/domain-match.c b/src/dnsmasq/domain-match.c
@@ -213,9 +213,13 @@ int lookup_domain(char *domain, int flags, int *lowout, int *highout)
 	       to continue generalising */
 	    {
 	      /* We've matched a setting which says to use servers without a domain.
-		 Continue the search with empty query */
+		 Continue the search with empty query. We set the F_SERVER flag
+		 so that --address=/#/... doesn't match. */
 	      if (daemon->serverarray[nlow]->flags & SERV_USE_RESOLV)
-		crop_query = qlen;
+		{
+		  crop_query = qlen;
+		  flags |= F_SERVER;
+		}
 	      else
 		break;
 	    }
@@ -299,23 +303,23 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
 
       for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_6ADDR); i++);
 
-      if (i != nlow && (flags & F_IPV6))
+      if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV6))
 	nhigh = i;
       else
 	{
 	  nlow = i;
 
 	  for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_4ADDR); i++);
 
-	  if (i != nlow && (flags & F_IPV4))
+	  if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV4))
 	    nhigh = i;
 	  else
 	    {
 	      nlow = i;
 
 	      for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_ALL_ZEROS); i++);
 
-	      if (i != nlow && (flags & (F_IPV4 | F_IPV6)))
+	      if (!(flags & F_SERVER) && i != nlow && (flags & (F_IPV4 | F_IPV6)))
 		nhigh = i;
 	      else
 		{

diff --git a/src/dnsmasq/domain.c b/src/dnsmasq/domain.c
@@ -230,9 +230,17 @@ int is_rev_synth(int flag, union all_addr *addr, char *name)
 
 static int match_domain(struct in_addr addr, struct cond_domain *c)
 {
-  if (!c->is6 &&
-      ntohl(addr.s_addr) >= ntohl(c->start.s_addr) &&
-      ntohl(addr.s_addr) <= ntohl(c->end.s_addr))
+  if (c->interface)
+    {
+      struct addrlist *al;
+      for (al = c->al; al; al = al->next)
+	if (!(al->flags & ADDRLIST_IPV6) &&
+	    is_same_net_prefix(addr, al->addr.addr4, al->prefixlen))
+	  return 1;
+    }
+  else if (!c->is6 &&
+	   ntohl(addr.s_addr) >= ntohl(c->start.s_addr) &&
+	   ntohl(addr.s_addr) <= ntohl(c->end.s_addr))
     return 1;
 
   return 0;
@@ -259,12 +267,21 @@ char *get_domain(struct in_addr addr)
 
 static int match_domain6(struct in6_addr *addr, struct cond_domain *c)
 {
-  u64 addrpart = addr6part(addr);
-
-  if (c->is6)
+
+  /* subnet from interface address. */
+  if (c->interface)
+    {
+      struct addrlist *al;
+      for (al = c->al; al; al = al->next)
+	if (al->flags & ADDRLIST_IPV6 &&
+	    is_same_net6(addr, &al->addr.addr6, al->prefixlen))
+	  return 1;
+    }
+  else if (c->is6)
     {
       if (c->prefixlen >= 64)
 	{
+	  u64 addrpart = addr6part(addr);
 	  if (is_same_net6(addr, &c->start6, 64) &&
 	      addrpart >= addr6part(&c->start6) &&
 	      addrpart <= addr6part(&c->end6))
@@ -273,7 +290,7 @@ static int match_domain6(struct in6_addr *addr, struct cond_domain *c)
       else if (is_same_net6(addr, &c->start6, c->prefixlen))
 	return 1;
     }
-
+    
   return 0;
 }