From 7541d30c9c2946fe112d7966f9d1e7456725c324 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Mon, 17 Dec 2018 16:36:44 +0000 Subject: [PATCH] dnsmasq: backport latest pre2.81 patches f52bb5b fix previous commit 18eac67 Fix entries in /etc/hosts disabling static leases. f8c77ed Fix removal of DHCP_CLIENT_MAC options from DHCPv6 relay replies. 4bf62f6 Tidy cache_blockdata_free() 9c0d445 Fix e7bfd556c079c8b5e7425aed44abc35925b24043 to actually work. 2896e24 Check for not(DS or DNSKEY) in is_outdated_cname_pointer() a90f09d Fix crash freeing negative SRV cache entries. 5b99eae Cache SRV records. 2daca52 Fix typo in ra-param man page section. 2c59473 File logic bug in cache-marshalling code. Introduced a couple of commits back. cc921df Remove nested struct/union in cache records and all_addr. ab194ed Futher address union tidying. 65a01b7 Tidy address-union handling: move class into explicit argument. bde4647 Tidy all_addr union, merge log and rcode fields. e7bfd55 Alter DHCP address selection after DECLINE in consec-addr mode. Avoid offering the same address after a recieving a DECLINE message to stop an infinite protocol loop. This has long been done in default address allocation mode: this adds similar behaviour when allocaing addresses consecutively. The most relevant fix for openwrt is 18eac67 (& my own local f52bb5b which fixes a missing bracket silly) To quote the patch: It is possible for a config entry to have one address family specified by a dhcp-host directive and the other added from /etc/hosts. This is especially common on OpenWrt because it uses odhcpd for DHCPv6 and IPv6 leases are imported into dnsmasq via a hosts file. To handle this case there need to be separate *_HOSTS flags for IPv4 and IPv6. Otherwise when the hosts file is reloaded it will clear the CONFIG_ADDR(6) flag which was set by the dhcp-host directive. Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 2 +- ...-cache-behaviour-for-TCP-connections.patch | 2 +- ...it-is-reset-on-answers-from-address-.patch | 2 +- ...lity-to-compile-without-IPv6-support.patch | 2 +- ...rward-.bind-.server-queries-upstream.patch | 2 +- ...f5984367bc6a949e3803a576512c5a7bc48e.patch | 2 +- ...flags-in-some-DNS-replies-from-local.patch | 2 +- ...ead-code-elimination-use-array-inste.patch | 2 +- ...-lines-generating-UBUS-linker-config.patch | 2 +- ...312d4bae30b78daafcd6f51dc441b8685b1e.patch | 2 +- ...RK-compile-time-option-and-support-f.patch | 2 +- ...config-file-values-on-parsing-errors.patch | 2 +- ...KEY-queries-being-forwarded-the-same.patch | 32 + .../0013-ipset-fix-ternary-order-swap.patch | 21 - ...g-errors-introduced-in-59e470381f84.patch} | 18 +- .../0015-fix-ipv6-ipset-bug-in-master.patch | 45 + ...re-on-master-with-NO_DHCPv6-and-fix.patch} | 23 + ...ss-selection-after-DECLINE-in-consec.patch | 57 + ...ddr-union-merge-log-and-rcode-fields.patch | 80 + ...on-handling-move-class-into-explicit.patch | 290 +++ .../0020-Futher-address-union-tidying.patch | 363 +++ ...ruct-union-in-cache-records-and-all_.patch | 2316 +++++++++++++++++ ...n-cache-marshalling-code.-Introduced.patch | 23 + ...ix-typo-in-ra-param-man-page-section.patch | 33 + .../patches/0024-Cache-SRV-records.patch | 523 ++++ ...h-freeing-negative-SRV-cache-entries.patch | 23 + ...-or-DNSKEY-in-is_outdated_cname_poin.patch | 24 + ...c8b5e7425aed44abc35925b24043-to-actu.patch | 95 + .../0028-Tidy-cache_blockdata_free.patch | 36 + ...HCP_CLIENT_MAC-options-from-DHCPv6-r.patch | 52 + ...in-etc-hosts-disabling-static-leases.patch | 54 + .../patches/0031-fix-previous-commit.patch | 27 + 32 files changed, 4118 insertions(+), 41 deletions(-) create mode 100644 package/network/services/dnsmasq/patches/0013-Treat-DS-and-DNSKEY-queries-being-forwarded-the-same.patch delete mode 100644 package/network/services/dnsmasq/patches/0013-ipset-fix-ternary-order-swap.patch rename package/network/services/dnsmasq/patches/{0014-option-dhcp-boot-dhcp-reply-delay-tag-fixes.patch => 0014-Fix-option-parsing-errors-introduced-in-59e470381f84.patch} (52%) create mode 100644 package/network/services/dnsmasq/patches/0015-fix-ipv6-ipset-bug-in-master.patch rename package/network/services/dnsmasq/patches/{0012-option-fix-non-DHCPv6-build-error.patch => 0016-build-failure-on-master-with-NO_DHCPv6-and-fix.patch} (54%) create mode 100644 package/network/services/dnsmasq/patches/0017-Alter-DHCP-address-selection-after-DECLINE-in-consec.patch create mode 100644 package/network/services/dnsmasq/patches/0018-Tidy-all_addr-union-merge-log-and-rcode-fields.patch create mode 100644 package/network/services/dnsmasq/patches/0019-Tidy-address-union-handling-move-class-into-explicit.patch create mode 100644 package/network/services/dnsmasq/patches/0020-Futher-address-union-tidying.patch create mode 100644 package/network/services/dnsmasq/patches/0021-Remove-nested-struct-union-in-cache-records-and-all_.patch create mode 100644 package/network/services/dnsmasq/patches/0022-File-logic-bug-in-cache-marshalling-code.-Introduced.patch create mode 100644 package/network/services/dnsmasq/patches/0023-Fix-typo-in-ra-param-man-page-section.patch create mode 100644 package/network/services/dnsmasq/patches/0024-Cache-SRV-records.patch create mode 100644 package/network/services/dnsmasq/patches/0025-Fix-crash-freeing-negative-SRV-cache-entries.patch create mode 100644 package/network/services/dnsmasq/patches/0026-Check-for-not-DS-or-DNSKEY-in-is_outdated_cname_poin.patch create mode 100644 package/network/services/dnsmasq/patches/0027-Fix-e7bfd556c079c8b5e7425aed44abc35925b24043-to-actu.patch create mode 100644 package/network/services/dnsmasq/patches/0028-Tidy-cache_blockdata_free.patch create mode 100644 package/network/services/dnsmasq/patches/0029-Fix-removal-of-DHCP_CLIENT_MAC-options-from-DHCPv6-r.patch create mode 100644 package/network/services/dnsmasq/patches/0030-Fix-entries-in-etc-hosts-disabling-static-leases.patch create mode 100644 package/network/services/dnsmasq/patches/0031-fix-previous-commit.patch diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index fc067ebb0f..daa01042e9 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.80 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq diff --git a/package/network/services/dnsmasq/patches/0001-Impove-cache-behaviour-for-TCP-connections.patch b/package/network/services/dnsmasq/patches/0001-Impove-cache-behaviour-for-TCP-connections.patch index 453c2924b2..5c13bf937b 100644 --- a/package/network/services/dnsmasq/patches/0001-Impove-cache-behaviour-for-TCP-connections.patch +++ b/package/network/services/dnsmasq/patches/0001-Impove-cache-behaviour-for-TCP-connections.patch @@ -1,7 +1,7 @@ From a799ca0c6314ad73a97bc6c89382d2712a9c0b0e Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Thu, 18 Oct 2018 19:35:29 +0100 -Subject: [PATCH 01/11] Impove cache behaviour for TCP connections. +Subject: [PATCH 01/30] Impove cache behaviour for TCP connections. For ease of implementaion, dnsmasq has always forked a new process to handle each incoming TCP connection. A side-effect of this is that any diff --git a/package/network/services/dnsmasq/patches/0002-Ensure-that-AD-bit-is-reset-on-answers-from-address-.patch b/package/network/services/dnsmasq/patches/0002-Ensure-that-AD-bit-is-reset-on-answers-from-address-.patch index e3178b8dfd..b23766d715 100644 --- a/package/network/services/dnsmasq/patches/0002-Ensure-that-AD-bit-is-reset-on-answers-from-address-.patch +++ b/package/network/services/dnsmasq/patches/0002-Ensure-that-AD-bit-is-reset-on-answers-from-address-.patch @@ -1,7 +1,7 @@ From a220545c4277cba534be5ef4638b5076fc7d2cf4 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 22 Oct 2018 18:21:48 +0100 -Subject: [PATCH 02/11] Ensure that AD bit is reset on answers from +Subject: [PATCH 02/30] Ensure that AD bit is reset on answers from --address=//
. Signed-off-by: Kevin Darbyshire-Bryant diff --git a/package/network/services/dnsmasq/patches/0003-Remove-ability-to-compile-without-IPv6-support.patch b/package/network/services/dnsmasq/patches/0003-Remove-ability-to-compile-without-IPv6-support.patch index be3c4116b6..352d071882 100644 --- a/package/network/services/dnsmasq/patches/0003-Remove-ability-to-compile-without-IPv6-support.patch +++ b/package/network/services/dnsmasq/patches/0003-Remove-ability-to-compile-without-IPv6-support.patch @@ -1,7 +1,7 @@ From ee8750451b49d27b180517a4e35b636be0fae575 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Tue, 23 Oct 2018 22:10:17 +0100 -Subject: [PATCH 03/11] Remove ability to compile without IPv6 support. +Subject: [PATCH 03/30] Remove ability to compile without IPv6 support. This was the source of a large number of #ifdefs, originally included for use with old embedded libc versions. I'm diff --git a/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch b/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch index 497b4c3df2..cf59309298 100644 --- a/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch +++ b/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch @@ -1,7 +1,7 @@ From cf5984367bc6a949e3803a576512c5a7bc48ebab Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko Date: Thu, 18 Oct 2018 04:55:21 +0500 -Subject: [PATCH 04/11] Don't forward *.bind/*.server queries upstream +Subject: [PATCH 04/30] Don't forward *.bind/*.server queries upstream Chaos .bind and .server (RFC4892) zones are local, therefore don't forward queries upstream to avoid mixing with supported diff --git a/package/network/services/dnsmasq/patches/0005-Fix-logging-in-cf5984367bc6a949e3803a576512c5a7bc48e.patch b/package/network/services/dnsmasq/patches/0005-Fix-logging-in-cf5984367bc6a949e3803a576512c5a7bc48e.patch index b9be306118..0281a2c98c 100644 --- a/package/network/services/dnsmasq/patches/0005-Fix-logging-in-cf5984367bc6a949e3803a576512c5a7bc48e.patch +++ b/package/network/services/dnsmasq/patches/0005-Fix-logging-in-cf5984367bc6a949e3803a576512c5a7bc48e.patch @@ -1,7 +1,7 @@ From cbb5b17ad8e03e08ade62376a4f6a2066e55960d Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Tue, 23 Oct 2018 23:45:57 +0100 -Subject: [PATCH 05/11] Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab +Subject: [PATCH 05/30] Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab Signed-off-by: Kevin Darbyshire-Bryant --- diff --git a/package/network/services/dnsmasq/patches/0006-Fix-spurious-AD-flags-in-some-DNS-replies-from-local.patch b/package/network/services/dnsmasq/patches/0006-Fix-spurious-AD-flags-in-some-DNS-replies-from-local.patch index 3271a5f3af..0433cca18e 100644 --- a/package/network/services/dnsmasq/patches/0006-Fix-spurious-AD-flags-in-some-DNS-replies-from-local.patch +++ b/package/network/services/dnsmasq/patches/0006-Fix-spurious-AD-flags-in-some-DNS-replies-from-local.patch @@ -1,7 +1,7 @@ From 6f7812d97bc8f87004c0a5069c6c94c64af78106 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Tue, 23 Oct 2018 23:54:44 +0100 -Subject: [PATCH 06/11] Fix spurious AD flags in some DNS replies from local +Subject: [PATCH 06/30] Fix spurious AD flags in some DNS replies from local config. Signed-off-by: Kevin Darbyshire-Bryant diff --git a/package/network/services/dnsmasq/patches/0007-Do-not-rely-on-dead-code-elimination-use-array-inste.patch b/package/network/services/dnsmasq/patches/0007-Do-not-rely-on-dead-code-elimination-use-array-inste.patch index 55ea917c39..c1c674fbfb 100644 --- a/package/network/services/dnsmasq/patches/0007-Do-not-rely-on-dead-code-elimination-use-array-inste.patch +++ b/package/network/services/dnsmasq/patches/0007-Do-not-rely-on-dead-code-elimination-use-array-inste.patch @@ -1,7 +1,7 @@ From 24b87607c1353e94689e8a2190571ab3f3b36f31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Wed, 24 Oct 2018 22:30:18 +0100 -Subject: [PATCH 07/11] Do not rely on dead code elimination, use array +Subject: [PATCH 07/30] Do not rely on dead code elimination, use array instead. Make options bits derived from size and count. Use size of option bits and last supported bit in computation. No new change would be required when new options are added. Just change OPT_LAST constant. diff --git a/package/network/services/dnsmasq/patches/0008-Fix-Makefile-lines-generating-UBUS-linker-config.patch b/package/network/services/dnsmasq/patches/0008-Fix-Makefile-lines-generating-UBUS-linker-config.patch index 91b465fd1c..9c00291d86 100644 --- a/package/network/services/dnsmasq/patches/0008-Fix-Makefile-lines-generating-UBUS-linker-config.patch +++ b/package/network/services/dnsmasq/patches/0008-Fix-Makefile-lines-generating-UBUS-linker-config.patch @@ -1,7 +1,7 @@ From 3a5a84cdd1488bad118eeac72d09a60299bca744 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Wed, 31 Oct 2018 21:30:13 +0000 -Subject: [PATCH 08/11] Fix Makefile lines generating UBUS linker config. +Subject: [PATCH 08/30] Fix Makefile lines generating UBUS linker config. If arg2 of pkg-wrapper is "--copy", then arg1 is NOT the name of the package manager (--copy doesn't invoke it) it's a secondary diff --git a/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch b/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch index ff9ddd842c..dcbfc3d9fa 100644 --- a/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch +++ b/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch @@ -1,7 +1,7 @@ From 122392e0b352507cabb9e982208d35d2e56902e0 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Wed, 31 Oct 2018 22:24:02 +0000 -Subject: [PATCH 09/11] Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e +Subject: [PATCH 09/30] Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e The above is intended to increase robustness, but actually does the opposite. The problem is that by ignoring SERVFAIL messages and hoping diff --git a/package/network/services/dnsmasq/patches/0010-Remove-the-NO_FORK-compile-time-option-and-support-f.patch b/package/network/services/dnsmasq/patches/0010-Remove-the-NO_FORK-compile-time-option-and-support-f.patch index 1110d4c5fa..2aa4ae7ded 100644 --- a/package/network/services/dnsmasq/patches/0010-Remove-the-NO_FORK-compile-time-option-and-support-f.patch +++ b/package/network/services/dnsmasq/patches/0010-Remove-the-NO_FORK-compile-time-option-and-support-f.patch @@ -1,7 +1,7 @@ From 48d12f14c9c0fc8cf943b52774c3892517dd72d4 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Fri, 2 Nov 2018 21:55:04 +0000 -Subject: [PATCH 10/11] Remove the NO_FORK compile-time option, and support for +Subject: [PATCH 10/30] Remove the NO_FORK compile-time option, and support for uclinux. In an era where everything has an MMU, this looks like diff --git a/package/network/services/dnsmasq/patches/0011-Free-config-file-values-on-parsing-errors.patch b/package/network/services/dnsmasq/patches/0011-Free-config-file-values-on-parsing-errors.patch index 3ba971fe72..9609376ba3 100644 --- a/package/network/services/dnsmasq/patches/0011-Free-config-file-values-on-parsing-errors.patch +++ b/package/network/services/dnsmasq/patches/0011-Free-config-file-values-on-parsing-errors.patch @@ -1,7 +1,7 @@ From 59e470381f84f2fdf0640c7bc67827f3f0c64784 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Fri, 2 Nov 2018 22:39:39 +0000 -Subject: [PATCH 11/11] Free config file values on parsing errors. +Subject: [PATCH 11/30] Free config file values on parsing errors. This time I have a little bit more controversal patches. But I think still useful. They fixes memory leaks that might occur in some cases. diff --git a/package/network/services/dnsmasq/patches/0013-Treat-DS-and-DNSKEY-queries-being-forwarded-the-same.patch b/package/network/services/dnsmasq/patches/0013-Treat-DS-and-DNSKEY-queries-being-forwarded-the-same.patch new file mode 100644 index 0000000000..d0f59de1ed --- /dev/null +++ b/package/network/services/dnsmasq/patches/0013-Treat-DS-and-DNSKEY-queries-being-forwarded-the-same.patch @@ -0,0 +1,32 @@ +From 07e25da5bf26d46aad4f1d2eb19b260789182004 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Sun, 16 Dec 2018 18:21:58 +0000 +Subject: [PATCH 13/30] Treat DS and DNSKEY queries being forwarded the same as + those locally originated. + +The queries will not be forwarded to a server for a domain, unless +there's a trust anchor provided for that domain. This allows, especially, +suitable proof of non-existance for DS records to come from +the parent domain for domains which are not signed. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/rfc1035.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -916,6 +916,13 @@ unsigned int extract_request(struct dns_ + if (qtype == T_ANY) + return F_IPV4 | F_IPV6; + } ++ ++ /* F_DNSSECOK as agument to search_servers() inhibits forwarding ++ to servers for domains without a trust anchor. This make the ++ behaviour for DS and DNSKEY queries we forward the same ++ as for DS and DNSKEY queries we originate. */ ++ if (qtype == T_DS || qtype == T_DNSKEY) ++ return F_DNSSECOK; + + return F_QUERY; + } diff --git a/package/network/services/dnsmasq/patches/0013-ipset-fix-ternary-order-swap.patch b/package/network/services/dnsmasq/patches/0013-ipset-fix-ternary-order-swap.patch deleted file mode 100644 index e93e6240a8..0000000000 --- a/package/network/services/dnsmasq/patches/0013-ipset-fix-ternary-order-swap.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 46de5d4954b470db155098001cffc357b51e50f4 Mon Sep 17 00:00:00 2001 -From: Kevin Darbyshire-Bryant -Date: Wed, 12 Dec 2018 11:35:12 +0000 -Subject: [PATCH] ipset fix ternary order swap - -Signed-off-by: Kevin Darbyshire-Bryant ---- - src/ipset.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/ipset.c -+++ b/src/ipset.c -@@ -120,7 +120,7 @@ static int new_add_to_ipset(const char * - struct my_nfgenmsg *nfg; - struct my_nlattr *nested[2]; - uint8_t proto; -- int addrsz = (af == AF_INET6) ? INADDRSZ : IN6ADDRSZ; -+ int addrsz = (af == AF_INET6) ? IN6ADDRSZ : INADDRSZ; - - if (strlen(setname) >= IPSET_MAXNAMELEN) - { diff --git a/package/network/services/dnsmasq/patches/0014-option-dhcp-boot-dhcp-reply-delay-tag-fixes.patch b/package/network/services/dnsmasq/patches/0014-Fix-option-parsing-errors-introduced-in-59e470381f84.patch similarity index 52% rename from package/network/services/dnsmasq/patches/0014-option-dhcp-boot-dhcp-reply-delay-tag-fixes.patch rename to package/network/services/dnsmasq/patches/0014-Fix-option-parsing-errors-introduced-in-59e470381f84.patch index 7712a32827..a38ca334cb 100644 --- a/package/network/services/dnsmasq/patches/0014-option-dhcp-boot-dhcp-reply-delay-tag-fixes.patch +++ b/package/network/services/dnsmasq/patches/0014-Fix-option-parsing-errors-introduced-in-59e470381f84.patch @@ -1,17 +1,19 @@ -From 668b45c29c38d440c8fce4bc994c56910adc3919 Mon Sep 17 00:00:00 2001 +From 137e9f878fafb38369eab7d9dfe84e4228ff5f89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Fri, 14 Dec 2018 17:03:08 +0100 -Subject: [PATCH] Fix required tags in few places +Date: Sun, 16 Dec 2018 21:25:29 +0000 +Subject: [PATCH 14/30] Fix option parsing errors introduced in + 59e470381f84f2fdf0640c7bc67827f3f0c64784 -Some locations were incorrectly changed to require always tags, else -dnsmasq will not start. Fix dhcp-boot, dhcp-reply-delay and pxe-prompt. +Thanks to Kevin Darbyshire-Bryant for spotting this. + +Signed-off-by: Kevin Darbyshire-Bryant --- src/option.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/src/option.c +++ b/src/option.c -@@ -3434,7 +3434,7 @@ static int one_opt(int option, char *arg +@@ -3432,7 +3432,7 @@ static int one_opt(int option, char *arg { struct dhcp_netid *id = dhcp_tags(&arg); @@ -20,7 +22,7 @@ dnsmasq will not start. Fix dhcp-boot, dhcp-reply-delay and pxe-prompt. { ret_err(gen_err); } -@@ -3485,7 +3485,7 @@ static int one_opt(int option, char *arg +@@ -3483,7 +3483,7 @@ static int one_opt(int option, char *arg { struct dhcp_netid *id = dhcp_tags(&arg); @@ -29,7 +31,7 @@ dnsmasq will not start. Fix dhcp-boot, dhcp-reply-delay and pxe-prompt. { ret_err(gen_err); } -@@ -3515,7 +3515,7 @@ static int one_opt(int option, char *arg +@@ -3513,7 +3513,7 @@ static int one_opt(int option, char *arg new->opt = 10; /* PXE_MENU_PROMPT */ new->netid = dhcp_tags(&arg); diff --git a/package/network/services/dnsmasq/patches/0015-fix-ipv6-ipset-bug-in-master.patch b/package/network/services/dnsmasq/patches/0015-fix-ipv6-ipset-bug-in-master.patch new file mode 100644 index 0000000000..daf0ed6aca --- /dev/null +++ b/package/network/services/dnsmasq/patches/0015-fix-ipv6-ipset-bug-in-master.patch @@ -0,0 +1,45 @@ +From 3becf468bad699bfdcb2d18d553bc72d4c79e23c Mon Sep 17 00:00:00 2001 +From: Kevin Darbyshire-Bryant +Date: Wed, 12 Dec 2018 12:00:19 +0000 +Subject: [PATCH 15/30] fix ipv6 ipset bug in master +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Hi Simon, + +Another one fallen out of the openwrt tree shake :-) + +ipv6 ipset addresses weren’t being set correctly. patch attached + +Cheers, + +Kevin D-B + +012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A +From b50fc0491e374186f982b019f293379955afd203 Mon Sep 17 00:00:00 2001 +From: Kevin Darbyshire-Bryant +Date: Wed, 12 Dec 2018 11:35:12 +0000 +Subject: [PATCH] ipset fix ternary order swap + +ee87504 Remove ability to compile without IPv6 support introduced a +ternary operator for ip address size. Unfortunately the true/false +order was incorrect which meant ipv6 ipset addresses were added +incorrectly. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/ipset.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/ipset.c ++++ b/src/ipset.c +@@ -120,7 +120,7 @@ static int new_add_to_ipset(const char * + struct my_nfgenmsg *nfg; + struct my_nlattr *nested[2]; + uint8_t proto; +- int addrsz = (af == AF_INET6) ? INADDRSZ : IN6ADDRSZ; ++ int addrsz = (af == AF_INET6) ? IN6ADDRSZ : INADDRSZ; + + if (strlen(setname) >= IPSET_MAXNAMELEN) + { diff --git a/package/network/services/dnsmasq/patches/0012-option-fix-non-DHCPv6-build-error.patch b/package/network/services/dnsmasq/patches/0016-build-failure-on-master-with-NO_DHCPv6-and-fix.patch similarity index 54% rename from package/network/services/dnsmasq/patches/0012-option-fix-non-DHCPv6-build-error.patch rename to package/network/services/dnsmasq/patches/0016-build-failure-on-master-with-NO_DHCPv6-and-fix.patch index 983cb1402e..ac13de4a99 100644 --- a/package/network/services/dnsmasq/patches/0012-option-fix-non-DHCPv6-build-error.patch +++ b/package/network/services/dnsmasq/patches/0016-build-failure-on-master-with-NO_DHCPv6-and-fix.patch @@ -1,3 +1,26 @@ +From b683cf37f9f3dd3dc5d95d621ee75850d559b2e4 Mon Sep 17 00:00:00 2001 +From: Kevin Darbyshire-Bryant +Date: Mon, 10 Dec 2018 10:34:35 +0000 +Subject: [PATCH 16/30] build failure on master with NO_DHCPv6 and fix.... + +Hi Simon, + +master has a build error when building without HAVE_DHCPv6 + +option.c: In function 'dhcp_context_free': +option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface' + free(ctx->template_interface); + +Sadly, need to put in a little conditional compilation ifdef'erey + +Simplest patch in the world attached + +Cheers, + +Kevin D-B + +012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A + From 061eb8599636bb360e0b7fa5986935b86db39497 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Mon, 10 Dec 2018 10:07:33 +0000 diff --git a/package/network/services/dnsmasq/patches/0017-Alter-DHCP-address-selection-after-DECLINE-in-consec.patch b/package/network/services/dnsmasq/patches/0017-Alter-DHCP-address-selection-after-DECLINE-in-consec.patch new file mode 100644 index 0000000000..ef8b78a920 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0017-Alter-DHCP-address-selection-after-DECLINE-in-consec.patch @@ -0,0 +1,57 @@ +From e7bfd556c079c8b5e7425aed44abc35925b24043 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 31 Dec 2018 20:51:15 +0000 +Subject: [PATCH 17/30] Alter DHCP address selection after DECLINE in + consec-addr mode. Avoid offering the same address after a recieving a DECLINE + message to stop an infinite protocol loop. This has long been done in default + address allocation mode: this adds similar behaviour when allocaing addresses + consecutively. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/dhcp.c | 13 +++++++++++++ + src/dhcp6.c | 11 +++++++++-- + 2 files changed, 22 insertions(+), 2 deletions(-) + +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -754,6 +754,19 @@ int address_allocate(struct dhcp_context + if (addr.s_addr == d->router.s_addr) + break; + ++ /* in consec-ip mode, skip addresses equal to ++ the number of addresses rejected by clients. This ++ should avoid the same client being offered the same ++ address after it has rjected it. */ ++ if (option_bool(OPT_CONSEC_ADDR)) ++ { ++ if (c->addr_epoch) ++ { ++ c->addr_epoch--; ++ d = context; /* d non-NULL skips the address. */ ++ } ++ } ++ + /* Addresses which end in .255 and .0 are broken in Windows even when using + supernetting. ie dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 + then 192.168.0.255 is a valid IP address, but not for Windows as it's +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -431,8 +431,15 @@ struct dhcp_context *address6_allocate(s + else + { + if (!temp_addr && option_bool(OPT_CONSEC_ADDR)) +- /* seed is largest extant lease addr in this context */ +- start = lease_find_max_addr6(c) + serial; ++ { ++ /* seed is largest extant lease addr in this context, ++ skip addresses equal to the number of addresses rejected ++ by clients. This should avoid the same client being offered the same ++ address after it has rjected it. */ ++ start = lease_find_max_addr6(c) + serial + c->addr_epoch; ++ if (c->addr_epoch) ++ c->addr_epoch--; ++ } + else + { + u64 range = 1 + addr6part(&c->end6) - addr6part(&c->start6); diff --git a/package/network/services/dnsmasq/patches/0018-Tidy-all_addr-union-merge-log-and-rcode-fields.patch b/package/network/services/dnsmasq/patches/0018-Tidy-all_addr-union-merge-log-and-rcode-fields.patch new file mode 100644 index 0000000000..cd9d02237f --- /dev/null +++ b/package/network/services/dnsmasq/patches/0018-Tidy-all_addr-union-merge-log-and-rcode-fields.patch @@ -0,0 +1,80 @@ +From bde46476ee06c96e821653dfdb8fa11fe7326998 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 31 Dec 2018 23:28:24 +0000 +Subject: [PATCH 18/30] Tidy all_addr union, merge log and rcode fields. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/cache.c | 2 +- + src/dnsmasq.h | 6 +----- + src/forward.c | 2 +- + src/rfc1035.c | 6 +++--- + 4 files changed, 6 insertions(+), 10 deletions(-) + +--- a/src/cache.c ++++ b/src/cache.c +@@ -1926,7 +1926,7 @@ void log_query(unsigned int flags, char + sprintf(daemon->addrbuff, arg, addr->addr.log.keytag, addr->addr.log.algo, addr->addr.log.digest); + else if (flags & F_RCODE) + { +- unsigned int rcode = addr->addr.rcode.rcode; ++ unsigned int rcode = addr->addr.log.rcode; + + if (rcode == SERVFAIL) + dest = "SERVFAIL"; +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -279,12 +279,8 @@ struct all_addr { + struct in6_addr addr6; + /* for log_query */ + struct { +- unsigned short keytag, algo, digest; ++ unsigned short keytag, algo, digest, rcode; + } log; +- /* for log_query */ +- struct { +- unsigned int rcode; +- } rcode; + /* for cache_insert of DNSKEY, DS */ + struct { + unsigned short class, type; +--- a/src/forward.c ++++ b/src/forward.c +@@ -658,7 +658,7 @@ static size_t process_reply(struct dns_h + if (rcode != NOERROR && rcode != NXDOMAIN) + { + struct all_addr a; +- a.addr.rcode.rcode = rcode; ++ a.addr.log.rcode = rcode; + log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL); + + return resize_packet(header, n, pheader, plen); +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -950,7 +950,7 @@ size_t setup_reply(struct dns_header *he + else if (flags == F_SERVFAIL) + { + struct all_addr a; +- a.addr.rcode.rcode = SERVFAIL; ++ a.addr.log.rcode = SERVFAIL; + log_query(F_CONFIG | F_RCODE, "error", &a, NULL); + SET_RCODE(header, SERVFAIL); + } +@@ -975,7 +975,7 @@ size_t setup_reply(struct dns_header *he + else /* nowhere to forward to */ + { + struct all_addr a; +- a.addr.rcode.rcode = REFUSED; ++ a.addr.log.rcode = REFUSED; + log_query(F_CONFIG | F_RCODE, "error", &a, NULL); + SET_RCODE(header, REFUSED); + } +@@ -1374,7 +1374,7 @@ size_t answer_request(struct dns_header + notimp = 1, auth = 0; + if (!dryrun) + { +- addr.addr.rcode.rcode = NOTIMP; ++ addr.addr.log.rcode = NOTIMP; + log_query(F_CONFIG | F_RCODE, name, &addr, NULL); + } + ans = 1, sec_data = 0; diff --git a/package/network/services/dnsmasq/patches/0019-Tidy-address-union-handling-move-class-into-explicit.patch b/package/network/services/dnsmasq/patches/0019-Tidy-address-union-handling-move-class-into-explicit.patch new file mode 100644 index 0000000000..883202da85 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0019-Tidy-address-union-handling-move-class-into-explicit.patch @@ -0,0 +1,290 @@ +From 65a01b71bb433c9466e4c78a73a8d8ed218ed4e8 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 31 Dec 2018 23:56:33 +0000 +Subject: [PATCH 19/30] Tidy address-union handling: move class into explicit + argument. + +This moves the class argument to cache-insert into an argument, +rather then overloading a union in the address argument. Note that +tha class is NOT stored in the cache other than for DS/DNSKEY entries, +so must always be C_IN except for these. The data-extraction code +ensures this as it only attempts to cache C_IN class records. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/cache.c | 57 ++++++++++++++++++++++----------------------------- + src/dnsmasq.h | 2 +- + src/dnssec.c | 13 +++--------- + src/rfc1035.c | 12 +++++------ + 4 files changed, 34 insertions(+), 50 deletions(-) + +--- a/src/cache.c ++++ b/src/cache.c +@@ -26,7 +26,7 @@ static union bigname *big_free = NULL; + static int bignames_left, hash_size; + + static void make_non_terminals(struct crec *source); +-static struct crec *really_insert(char *name, struct all_addr *addr, ++static struct crec *really_insert(char *name, struct all_addr *addr, unsigned short class, + time_t now, unsigned long ttl, unsigned short flags); + + /* type->string mapping: this is also used by the name-hash function as a mixing table. */ +@@ -330,8 +330,8 @@ static int is_expired(time_t now, struct + return 1; + } + +-static struct crec *cache_scan_free(char *name, struct all_addr *addr, time_t now, unsigned short flags, +- struct crec **target_crec, unsigned int *target_uid) ++static struct crec *cache_scan_free(char *name, struct all_addr *addr, unsigned short class, time_t now, ++ unsigned short flags, struct crec **target_crec, unsigned int *target_uid) + { + /* Scan and remove old entries. + If (flags & F_FORWARD) then remove any forward entries for name and any expired +@@ -350,6 +350,8 @@ static struct crec *cache_scan_free(char + This entry will get re-used with the same name, to preserve CNAMEs. */ + + struct crec *crecp, **up; ++ ++ (void)class; + + if (flags & F_FORWARD) + { +@@ -381,7 +383,7 @@ static struct crec *cache_scan_free(char + + #ifdef HAVE_DNSSEC + /* Deletion has to be class-sensitive for DS and DNSKEY */ +- if ((flags & crecp->flags & (F_DNSKEY | F_DS)) && crecp->uid == addr->addr.dnssec.class) ++ if ((flags & crecp->flags & (F_DNSKEY | F_DS)) && crecp->uid == class) + { + if (crecp->flags & F_CONFIG) + return crecp; +@@ -464,7 +466,7 @@ void cache_start_insert(void) + insert_error = 0; + } + +-struct crec *cache_insert(char *name, struct all_addr *addr, ++struct crec *cache_insert(char *name, struct all_addr *addr, unsigned short class, + time_t now, unsigned long ttl, unsigned short flags) + { + /* Don't log DNSSEC records here, done elsewhere */ +@@ -478,11 +480,11 @@ struct crec *cache_insert(char *name, st + ttl = daemon->min_cache_ttl; + } + +- return really_insert(name, addr, now, ttl, flags); ++ return really_insert(name, addr, class, now, ttl, flags); + } + + +-static struct crec *really_insert(char *name, struct all_addr *addr, ++static struct crec *really_insert(char *name, struct all_addr *addr, unsigned short class, + time_t now, unsigned long ttl, unsigned short flags) + { + struct crec *new, *target_crec = NULL; +@@ -497,7 +499,7 @@ static struct crec *really_insert(char * + + /* First remove any expired entries and entries for the name/address we + are currently inserting. */ +- if ((new = cache_scan_free(name, addr, now, flags, &target_crec, &target_uid))) ++ if ((new = cache_scan_free(name, addr, class, now, flags, &target_crec, &target_uid))) + { + /* We're trying to insert a record over one from + /etc/hosts or DHCP, or other config. If the +@@ -553,21 +555,14 @@ static struct crec *really_insert(char * + + if (freed_all) + { +- struct all_addr free_addr = new->addr.addr;; +- +-#ifdef HAVE_DNSSEC +- /* For DNSSEC records, addr holds class. */ +- if (new->flags & (F_DS | F_DNSKEY)) +- free_addr.addr.dnssec.class = new->uid; +-#endif +- ++ /* For DNSSEC records, uid holds class. */ + free_avail = 1; /* Must be free space now. */ +- cache_scan_free(cache_get_name(new), &free_addr, now, new->flags, NULL, NULL); ++ cache_scan_free(cache_get_name(new), &new->addr.addr, new->uid, now, new->flags, NULL, NULL); + daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED]++; + } + else + { +- cache_scan_free(NULL, NULL, now, 0, NULL, NULL); ++ cache_scan_free(NULL, NULL, class, now, 0, NULL, NULL); + freed_all = 1; + } + } +@@ -615,15 +610,13 @@ static struct crec *really_insert(char * + else + *cache_get_name(new) = 0; + +- if (addr) +- { + #ifdef HAVE_DNSSEC +- if (flags & (F_DS | F_DNSKEY)) +- new->uid = addr->addr.dnssec.class; +- else ++ if (flags & (F_DS | F_DNSKEY)) ++ new->uid = class; + #endif +- new->addr.addr = *addr; +- } ++ ++ if (addr) ++ new->addr.addr = *addr; + + new->ttd = now + (time_t)ttl; + new->next = new_chain; +@@ -747,11 +740,11 @@ int cache_recv_insert(time_t now, int fd + { + if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) + return 0; +- crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags); ++ crecp = really_insert(daemon->namebuff, &addr, C_IN, now, ttl, flags); + } + else if (flags & F_CNAME) + { +- struct crec *newc = really_insert(daemon->namebuff, NULL, now, ttl, flags); ++ struct crec *newc = really_insert(daemon->namebuff, NULL, C_IN, now, ttl, flags); + /* This relies on the fact the the target of a CNAME immediately preceeds + it because of the order of extraction in extract_addresses, and + the order reversal on the new_chain. */ +@@ -780,10 +773,8 @@ int cache_recv_insert(time_t now, int fd + + if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1)) + return 0; +- /* Cache needs to known class for DNSSEC stuff */ +- addr.addr.dnssec.class = class; +- +- crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags); ++ ++ crecp = really_insert(daemon->namebuff, NULL, class, now, ttl, flags); + + if (flags & F_DNSKEY) + { +@@ -1463,7 +1454,7 @@ void cache_add_dhcp_entry(char *host_nam + } + else if (!(crec->flags & F_DHCP)) + { +- cache_scan_free(host_name, NULL, 0, crec->flags & (flags | F_CNAME | F_FORWARD), NULL, NULL); ++ cache_scan_free(host_name, NULL, C_IN, 0, crec->flags & (flags | F_CNAME | F_FORWARD), NULL, NULL); + /* scan_free deletes all addresses associated with name */ + break; + } +@@ -1490,7 +1481,7 @@ void cache_add_dhcp_entry(char *host_nam + if (crec->flags & F_NEG) + { + flags |= F_REVERSE; +- cache_scan_free(NULL, (struct all_addr *)host_address, 0, flags, NULL, NULL); ++ cache_scan_free(NULL, (struct all_addr *)host_address, C_IN, 0, flags, NULL, NULL); + } + } + else +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -1144,7 +1144,7 @@ struct crec *cache_find_by_name(struct c + void cache_end_insert(void); + void cache_start_insert(void); + int cache_recv_insert(time_t now, int fd); +-struct crec *cache_insert(char *name, struct all_addr *addr, ++struct crec *cache_insert(char *name, struct all_addr *addr, unsigned short class, + time_t now, unsigned long ttl, unsigned short flags); + void cache_reload(void); + void cache_add_dhcp_entry(char *host_name, int prot, struct all_addr *host_address, time_t ttd); +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -798,12 +798,9 @@ int dnssec_validate_by_ds(time_t now, st + algo = *p++; + keytag = dnskey_keytag(algo, flags, p, rdlen - 4); + +- /* Cache needs to known class for DNSSEC stuff */ +- a.addr.dnssec.class = class; +- + if ((key = blockdata_alloc((char*)p, rdlen - 4))) + { +- if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK))) ++ if (!(recp1 = cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK))) + { + blockdata_free(key); + return STAT_BOGUS; +@@ -927,12 +924,9 @@ int dnssec_validate_ds(time_t now, struc + algo = *p++; + digest = *p++; + +- /* Cache needs to known class for DNSSEC stuff */ +- a.addr.dnssec.class = class; +- + if ((key = blockdata_alloc((char*)p, rdlen - 4))) + { +- if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK))) ++ if (!(crecp = cache_insert(name, NULL, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK))) + { + blockdata_free(key); + return STAT_BOGUS; +@@ -1021,8 +1015,7 @@ int dnssec_validate_ds(time_t now, struc + { + cache_start_insert(); + +- a.addr.dnssec.class = class; +- if (!cache_insert(name, &a, now, ttl, flags)) ++ if (!cache_insert(name, NULL, class, now, ttl, flags)) + return STAT_BOGUS; + + cache_end_insert(); +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -701,7 +701,7 @@ int extract_addresses(struct dns_header + goto cname_loop; + } + +- cache_insert(name, &addr, now, cttl, name_encoding | secflag | F_REVERSE); ++ cache_insert(name, &addr, C_IN, now, cttl, name_encoding | secflag | F_REVERSE); + found = 1; + } + +@@ -719,7 +719,7 @@ int extract_addresses(struct dns_header + ttl = find_soa(header, qlen, NULL, doctored); + } + if (ttl) +- cache_insert(NULL, &addr, now, ttl, name_encoding | F_REVERSE | F_NEG | flags | (secure ? F_DNSSECOK : 0)); ++ cache_insert(NULL, &addr, C_IN, now, ttl, name_encoding | F_REVERSE | F_NEG | flags | (secure ? F_DNSSECOK : 0)); + } + } + else +@@ -773,7 +773,7 @@ int extract_addresses(struct dns_header + { + if (!cname_count--) + return 0; /* looped CNAMES */ +- newc = cache_insert(name, NULL, now, attl, F_CNAME | F_FORWARD | secflag); ++ newc = cache_insert(name, NULL, C_IN, now, attl, F_CNAME | F_FORWARD | secflag); + if (newc) + { + newc->addr.cname.target.cache = NULL; +@@ -833,7 +833,7 @@ int extract_addresses(struct dns_header + } + #endif + +- newc = cache_insert(name, &addr, now, attl, flags | F_FORWARD | secflag); ++ newc = cache_insert(name, &addr, C_IN, now, attl, flags | F_FORWARD | secflag); + if (newc && cpp) + { + next_uid(newc); +@@ -860,7 +860,7 @@ int extract_addresses(struct dns_header + pointing at this, inherit its TTL */ + if (ttl || cpp) + { +- newc = cache_insert(name, NULL, now, ttl ? ttl : cttl, F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0)); ++ newc = cache_insert(name, NULL, C_IN, now, ttl ? ttl : cttl, F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0)); + if (newc && cpp) + { + next_uid(newc); +@@ -1054,7 +1054,7 @@ int check_for_bogus_wildcard(struct dns_ + /* Found a bogus address. Insert that info here, since there no SOA record + to get the ttl from in the normal processing */ + cache_start_insert(); +- cache_insert(name, NULL, now, ttl, F_IPV4 | F_FORWARD | F_NEG | F_NXDOMAIN); ++ cache_insert(name, NULL, C_IN, now, ttl, F_IPV4 | F_FORWARD | F_NEG | F_NXDOMAIN); + cache_end_insert(); + + return 1; diff --git a/package/network/services/dnsmasq/patches/0020-Futher-address-union-tidying.patch b/package/network/services/dnsmasq/patches/0020-Futher-address-union-tidying.patch new file mode 100644 index 0000000000..a5f17ec859 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0020-Futher-address-union-tidying.patch @@ -0,0 +1,363 @@ +From ab194ed7ca433e4e2e8b2ec338bfa4e6aa886a4b Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 1 Jan 2019 01:35:30 +0000 +Subject: [PATCH 20/30] Futher address union tidying. + +Pass DNSKEY and DS data into cache_insert via the address argument, +now these data types are included in struct all_addr. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/cache.c | 116 ++++++++++++++++---------------------------------- + src/dnsmasq.h | 26 +++++------ + src/dnssec.c | 53 +++++++++++------------ + 3 files changed, 73 insertions(+), 122 deletions(-) + +--- a/src/cache.c ++++ b/src/cache.c +@@ -202,9 +202,9 @@ static void cache_hash(struct crec *crec + static void cache_blockdata_free(struct crec *crecp) + { + if (crecp->flags & F_DNSKEY) +- blockdata_free(crecp->addr.key.keydata); ++ blockdata_free(crecp->addr.addr.addr.key.keydata); + else if ((crecp->flags & F_DS) && !(crecp->flags & F_NEG)) +- blockdata_free(crecp->addr.ds.keydata); ++ blockdata_free(crecp->addr.addr.addr.ds.keydata); + } + #endif + +@@ -659,33 +659,22 @@ void cache_end_insert(void) + read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->ttd, sizeof(new_chain->ttd), 0); + read_write(daemon->pipe_to_parent, (unsigned char *)&flags, sizeof(flags), 0); + +- if (flags & (F_IPV4 | F_IPV6)) ++ if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS)) + read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); + #ifdef HAVE_DNSSEC +- else if (flags & F_DNSKEY) ++ if (flags & F_DNSKEY) + { + read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); +- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.algo, sizeof(new_chain->addr.key.algo), 0); +- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keytag, sizeof(new_chain->addr.key.keytag), 0); +- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.flags, sizeof(new_chain->addr.key.flags), 0); +- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keylen, sizeof(new_chain->addr.key.keylen), 0); +- blockdata_write(new_chain->addr.key.keydata, new_chain->addr.key.keylen, daemon->pipe_to_parent); ++ blockdata_write(new_chain->addr.addr.addr.key.keydata, new_chain->addr.addr.addr.key.keylen, daemon->pipe_to_parent); + } + else if (flags & F_DS) + { + read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); + /* A negative DS entry is possible and has no data, obviously. */ + if (!(flags & F_NEG)) +- { +- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.algo, sizeof(new_chain->addr.ds.algo), 0); +- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keytag, sizeof(new_chain->addr.ds.keytag), 0); +- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.digest, sizeof(new_chain->addr.ds.digest), 0); +- read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keylen, sizeof(new_chain->addr.ds.keylen), 0); +- blockdata_write(new_chain->addr.ds.keydata, new_chain->addr.ds.keylen, daemon->pipe_to_parent); +- } ++ blockdata_write(new_chain->addr.addr.addr.ds.keydata, new_chain->addr.addr.addr.ds.keylen, daemon->pipe_to_parent); + } + #endif +- + } + } + +@@ -736,11 +725,30 @@ int cache_recv_insert(time_t now, int fd + + ttl = difftime(ttd, now); + +- if (flags & (F_IPV4 | F_IPV6)) ++ if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS)) + { ++ unsigned short class = C_IN; ++ + if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) + return 0; +- crecp = really_insert(daemon->namebuff, &addr, C_IN, now, ttl, flags); ++ ++#ifdef HAVE_DNSSEC ++ if (flags & F_DNSKEY) ++ { ++ if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || ++ !(addr.addr.key.keydata = blockdata_read(fd, addr.addr.key.keylen))) ++ return 0; ++ } ++ else if (flags & F_DS) ++ { ++ if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || ++ (flags & F_NEG) || ++ !(addr.addr.key.keydata = blockdata_read(fd, addr.addr.key.keylen))) ++ return 0; ++ } ++#endif ++ ++ crecp = really_insert(daemon->namebuff, &addr, class, now, ttl, flags); + } + else if (flags & F_CNAME) + { +@@ -764,58 +772,6 @@ int cache_recv_insert(time_t now, int fd + } + } + } +-#ifdef HAVE_DNSSEC +- else if (flags & (F_DNSKEY | F_DS)) +- { +- unsigned short class, keylen, keyflags, keytag; +- unsigned char algo, digest; +- struct blockdata *keydata; +- +- if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1)) +- return 0; +- +- crecp = really_insert(daemon->namebuff, NULL, class, now, ttl, flags); +- +- if (flags & F_DNSKEY) +- { +- if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) || +- !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) || +- !read_write(fd, (unsigned char *)&keyflags, sizeof(keyflags), 1) || +- !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) || +- !(keydata = blockdata_read(fd, keylen))) +- return 0; +- } +- else if (!(flags & F_NEG)) +- { +- if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) || +- !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) || +- !read_write(fd, (unsigned char *)&digest, sizeof(digest), 1) || +- !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) || +- !(keydata = blockdata_read(fd, keylen))) +- return 0; +- } +- +- if (crecp) +- { +- if (flags & F_DNSKEY) +- { +- crecp->addr.key.algo = algo; +- crecp->addr.key.keytag = keytag; +- crecp->addr.key.flags = flags; +- crecp->addr.key.keylen = keylen; +- crecp->addr.key.keydata = keydata; +- } +- else if (!(flags & F_NEG)) +- { +- crecp->addr.ds.algo = algo; +- crecp->addr.ds.keytag = keytag; +- crecp->addr.ds.digest = digest; +- crecp->addr.ds.keylen = keylen; +- crecp->addr.ds.keydata = keydata; +- } +- } +- } +-#endif + } + } + +@@ -1290,15 +1246,15 @@ void cache_reload(void) + #ifdef HAVE_DNSSEC + for (ds = daemon->ds; ds; ds = ds->next) + if ((cache = whine_malloc(SIZEOF_POINTER_CREC)) && +- (cache->addr.ds.keydata = blockdata_alloc(ds->digest, ds->digestlen))) ++ (cache->addr.addr.addr.ds.keydata = blockdata_alloc(ds->digest, ds->digestlen))) + { + cache->flags = F_FORWARD | F_IMMORTAL | F_DS | F_CONFIG | F_NAMEP; + cache->ttd = daemon->local_ttl; + cache->name.namep = ds->name; +- cache->addr.ds.keylen = ds->digestlen; +- cache->addr.ds.algo = ds->algo; +- cache->addr.ds.keytag = ds->keytag; +- cache->addr.ds.digest = ds->digest_type; ++ cache->addr.addr.addr.ds.keylen = ds->digestlen; ++ cache->addr.addr.addr.ds.algo = ds->algo; ++ cache->addr.addr.addr.ds.keytag = ds->keytag; ++ cache->addr.addr.addr.ds.digest = ds->digest_type; + cache->uid = ds->class; + cache_hash(cache); + make_non_terminals(cache); +@@ -1775,12 +1731,12 @@ void dump_cache(time_t now) + else if (cache->flags & F_DS) + { + if (!(cache->flags & F_NEG)) +- sprintf(a, "%5u %3u %3u", cache->addr.ds.keytag, +- cache->addr.ds.algo, cache->addr.ds.digest); ++ sprintf(a, "%5u %3u %3u", cache->addr.addr.addr.ds.keytag, ++ cache->addr.addr.addr.ds.algo, cache->addr.addr.addr.ds.digest); + } + else if (cache->flags & F_DNSKEY) +- sprintf(a, "%5u %3u %3u", cache->addr.key.keytag, +- cache->addr.key.algo, cache->addr.key.flags); ++ sprintf(a, "%5u %3u %3u", cache->addr.addr.addr.key.keytag, ++ cache->addr.addr.addr.key.algo, cache->addr.addr.addr.key.flags); + #endif + else if (!(cache->flags & F_NEG) || !(cache->flags & F_FORWARD)) + { +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -277,14 +277,21 @@ struct all_addr { + union { + struct in_addr addr4; + struct in6_addr addr6; ++ struct { ++ struct blockdata *keydata; ++ unsigned short keylen, flags, keytag; ++ unsigned char algo; ++ } key; ++ struct { ++ struct blockdata *keydata; ++ unsigned short keylen, keytag; ++ unsigned char algo; ++ unsigned char digest; ++ } ds; + /* for log_query */ + struct { + unsigned short keytag, algo, digest, rcode; + } log; +- /* for cache_insert of DNSKEY, DS */ +- struct { +- unsigned short class, type; +- } dnssec; + } addr; + }; + +@@ -414,17 +421,6 @@ struct crec { + } target; + unsigned int uid; /* 0 if union is interface-name */ + } cname; +- struct { +- struct blockdata *keydata; +- unsigned short keylen, flags, keytag; +- unsigned char algo; +- } key; +- struct { +- struct blockdata *keydata; +- unsigned short keylen, keytag; +- unsigned char algo; +- unsigned char digest; +- } ds; + } addr; + time_t ttd; /* time to die */ + /* used as class if DNSKEY/DS, index to source for F_HOSTS */ +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -628,10 +628,10 @@ static int validate_rrset(time_t now, st + { + /* iterate through all possible keys 4035 5.3.1 */ + for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY)) +- if (crecp->addr.key.algo == algo && +- crecp->addr.key.keytag == key_tag && ++ if (crecp->addr.addr.addr.key.algo == algo && ++ crecp->addr.addr.addr.key.keytag == key_tag && + crecp->uid == (unsigned int)class && +- verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo)) ++ verify(crecp->addr.addr.addr.key.keydata, crecp->addr.addr.addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo)) + return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE; + } + } +@@ -728,10 +728,10 @@ int dnssec_validate_by_ds(time_t now, st + const struct nettle_hash *hash; + int sigcnt, rrcnt; + +- if (recp1->addr.ds.algo == algo && +- recp1->addr.ds.keytag == keytag && ++ if (recp1->addr.addr.addr.ds.algo == algo && ++ recp1->addr.addr.addr.ds.keytag == keytag && + recp1->uid == (unsigned int)class && +- (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) && ++ (hash = hash_find(ds_digest_name(recp1->addr.addr.addr.ds.digest))) && + hash_init(hash, &ctx, &digest)) + + { +@@ -746,9 +746,9 @@ int dnssec_validate_by_ds(time_t now, st + from_wire(name); + + if (!(recp1->flags & F_NEG) && +- recp1->addr.ds.keylen == (int)hash->digest_size && +- (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) && +- memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 && ++ recp1->addr.addr.addr.ds.keylen == (int)hash->digest_size && ++ (ds_digest = blockdata_retrieve(recp1->addr.addr.addr.ds.keydata, recp1->addr.addr.addr.ds.keylen, NULL)) && ++ memcmp(ds_digest, digest, recp1->addr.addr.addr.ds.keylen) == 0 && + explore_rrset(header, plen, class, T_DNSKEY, name, keyname, &sigcnt, &rrcnt) && + sigcnt != 0 && rrcnt != 0 && + validate_rrset(now, header, plen, class, T_DNSKEY, sigcnt, rrcnt, name, keyname, +@@ -800,7 +800,13 @@ int dnssec_validate_by_ds(time_t now, st + + if ((key = blockdata_alloc((char*)p, rdlen - 4))) + { +- if (!(recp1 = cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK))) ++ a.addr.key.keylen = rdlen - 4; ++ a.addr.key.keydata = key; ++ a.addr.key.algo = algo; ++ a.addr.key.keytag = keytag; ++ a.addr.key.flags = flags; ++ ++ if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)) + { + blockdata_free(key); + return STAT_BOGUS; +@@ -813,12 +819,6 @@ int dnssec_validate_by_ds(time_t now, st + log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu"); + else + log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)"); +- +- recp1->addr.key.keylen = rdlen - 4; +- recp1->addr.key.keydata = key; +- recp1->addr.key.algo = algo; +- recp1->addr.key.keytag = keytag; +- recp1->addr.key.flags = flags; + } + } + } +@@ -915,8 +915,7 @@ int dnssec_validate_ds(time_t now, struc + int algo, digest, keytag; + unsigned char *psave = p; + struct blockdata *key; +- struct crec *crecp; +- ++ + if (rdlen < 4) + return STAT_BOGUS; /* bad packet */ + +@@ -926,7 +925,13 @@ int dnssec_validate_ds(time_t now, struc + + if ((key = blockdata_alloc((char*)p, rdlen - 4))) + { +- if (!(crecp = cache_insert(name, NULL, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK))) ++ a.addr.ds.digest = digest; ++ a.addr.ds.keydata = key; ++ a.addr.ds.algo = algo; ++ a.addr.ds.keytag = keytag; ++ a.addr.ds.keylen = rdlen - 4; ++ ++ if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)) + { + blockdata_free(key); + return STAT_BOGUS; +@@ -940,12 +945,6 @@ int dnssec_validate_ds(time_t now, struc + log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu"); + else + log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)"); +- +- crecp->addr.ds.digest = digest; +- crecp->addr.ds.keydata = key; +- crecp->addr.ds.algo = algo; +- crecp->addr.ds.keytag = keytag; +- crecp->addr.ds.keylen = rdlen - 4; + } + } + +@@ -1711,8 +1710,8 @@ static int zone_status(char *name, int c + do + { + if (crecp->uid == (unsigned int)class && +- ds_digest_name(crecp->addr.ds.digest) && +- algo_digest_name(crecp->addr.ds.algo)) ++ ds_digest_name(crecp->addr.addr.addr.ds.digest) && ++ algo_digest_name(crecp->addr.addr.addr.ds.algo)) + break; + } + while ((crecp = cache_find_by_name(crecp, keyname, now, F_DS))); diff --git a/package/network/services/dnsmasq/patches/0021-Remove-nested-struct-union-in-cache-records-and-all_.patch b/package/network/services/dnsmasq/patches/0021-Remove-nested-struct-union-in-cache-records-and-all_.patch new file mode 100644 index 0000000000..4377cc1562 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0021-Remove-nested-struct-union-in-cache-records-and-all_.patch @@ -0,0 +1,2316 @@ +From cc921df9ceac79acf9f1c477d015a3d88275422d Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 2 Jan 2019 22:48:59 +0000 +Subject: [PATCH 21/30] Remove nested struct/union in cache records and + all_addr. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/arp.c | 18 ++++----- + src/auth.c | 36 ++++++++--------- + src/bpf.c | 10 ++--- + src/cache.c | 98 +++++++++++++++++++++++----------------------- + src/conntrack.c | 6 +-- + src/dbus.c | 24 ++++++------ + src/dhcp-common.c | 14 +++---- + src/dhcp.c | 20 +++++----- + src/dhcp6.c | 2 +- + src/dnsmasq.c | 6 +-- + src/dnsmasq.h | 99 ++++++++++++++++++++++++----------------------- + src/dnssec.c | 56 +++++++++++++-------------- + src/domain.c | 32 +++++++-------- + src/forward.c | 88 ++++++++++++++++++++--------------------- + src/helper.c | 6 +-- + src/ipset.c | 10 ++--- + src/lease.c | 22 +++++------ + src/network.c | 36 ++++++++--------- + src/option.c | 16 ++++---- + src/rfc1035.c | 46 +++++++++++----------- + src/rfc3315.c | 12 +++--- + src/tables.c | 6 +-- + src/tftp.c | 8 ++-- + 23 files changed, 336 insertions(+), 335 deletions(-) + +--- a/src/arp.c ++++ b/src/arp.c +@@ -28,7 +28,7 @@ struct arp_record { + unsigned short hwlen, status; + int family; + unsigned char hwaddr[DHCP_CHADDR_MAX]; +- struct all_addr addr; ++ union all_addr addr; + struct arp_record *next; + }; + +@@ -52,12 +52,12 @@ static int filter_mac(int family, char * + + if (family == AF_INET) + { +- if (arp->addr.addr.addr4.s_addr != ((struct in_addr *)addrp)->s_addr) ++ if (arp->addr.addr4.s_addr != ((struct in_addr *)addrp)->s_addr) + continue; + } + else + { +- if (!IN6_ARE_ADDR_EQUAL(&arp->addr.addr.addr6, (struct in6_addr *)addrp)) ++ if (!IN6_ARE_ADDR_EQUAL(&arp->addr.addr6, (struct in6_addr *)addrp)) + continue; + } + +@@ -95,9 +95,9 @@ static int filter_mac(int family, char * + arp->family = family; + memcpy(arp->hwaddr, mac, maclen); + if (family == AF_INET) +- arp->addr.addr.addr4.s_addr = ((struct in_addr *)addrp)->s_addr; ++ arp->addr.addr4.s_addr = ((struct in_addr *)addrp)->s_addr; + else +- memcpy(&arp->addr.addr.addr6, addrp, IN6ADDRSZ); ++ memcpy(&arp->addr.addr6, addrp, IN6ADDRSZ); + } + + return 1; +@@ -124,11 +124,11 @@ int find_mac(union mysockaddr *addr, uns + continue; + + if (arp->family == AF_INET && +- arp->addr.addr.addr4.s_addr != addr->in.sin_addr.s_addr) ++ arp->addr.addr4.s_addr != addr->in.sin_addr.s_addr) + continue; + + if (arp->family == AF_INET6 && +- !IN6_ARE_ADDR_EQUAL(&arp->addr.addr.addr6, &addr->in6.sin6_addr)) ++ !IN6_ARE_ADDR_EQUAL(&arp->addr.addr6, &addr->in6.sin6_addr)) + continue; + + /* Only accept positive entries unless in lazy mode. */ +@@ -191,9 +191,9 @@ int find_mac(union mysockaddr *addr, uns + arp->hwlen = 0; + + if (addr->sa.sa_family == AF_INET) +- arp->addr.addr.addr4.s_addr = addr->in.sin_addr.s_addr; ++ arp->addr.addr4.s_addr = addr->in.sin_addr.s_addr; + else +- memcpy(&arp->addr.addr.addr6, &addr->in6.sin6_addr, IN6ADDRSZ); ++ memcpy(&arp->addr.addr6, &addr->in6.sin6_addr, IN6ADDRSZ); + } + + return 0; +--- a/src/auth.c ++++ b/src/auth.c +@@ -18,22 +18,22 @@ + + #ifdef HAVE_AUTH + +-static struct addrlist *find_addrlist(struct addrlist *list, int flag, struct all_addr *addr_u) ++static struct addrlist *find_addrlist(struct addrlist *list, int flag, union all_addr *addr_u) + { + do { + if (!(list->flags & ADDRLIST_IPV6)) + { +- struct in_addr netmask, addr = addr_u->addr.addr4; ++ struct in_addr netmask, addr = addr_u->addr4; + + if (!(flag & F_IPV4)) + continue; + + netmask.s_addr = htonl(~(in_addr_t)0 << (32 - list->prefixlen)); + +- if (is_same_net(addr, list->addr.addr.addr4, netmask)) ++ if (is_same_net(addr, list->addr.addr4, netmask)) + return list; + } +- else if (is_same_net6(&(addr_u->addr.addr6), &list->addr.addr.addr6, list->prefixlen)) ++ else if (is_same_net6(&(addr_u->addr6), &list->addr.addr6, list->prefixlen)) + return list; + + } while ((list = list->next)); +@@ -41,7 +41,7 @@ static struct addrlist *find_addrlist(st + return NULL; + } + +-static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u) ++static struct addrlist *find_subnet(struct auth_zone *zone, int flag, union all_addr *addr_u) + { + if (!zone->subnet) + return NULL; +@@ -49,7 +49,7 @@ static struct addrlist *find_subnet(stru + return find_addrlist(zone->subnet, flag, addr_u); + } + +-static struct addrlist *find_exclude(struct auth_zone *zone, int flag, struct all_addr *addr_u) ++static struct addrlist *find_exclude(struct auth_zone *zone, int flag, union all_addr *addr_u) + { + if (!zone->exclude) + return NULL; +@@ -57,7 +57,7 @@ static struct addrlist *find_exclude(str + return find_addrlist(zone->exclude, flag, addr_u); + } + +-static int filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u) ++static int filter_zone(struct auth_zone *zone, int flag, union all_addr *addr_u) + { + if (find_exclude(zone, flag, addr_u)) + return 0; +@@ -113,7 +113,7 @@ size_t answer_auth(struct dns_header *he + struct txt_record *txt; + struct interface_name *intr; + struct naptr *na; +- struct all_addr addr; ++ union all_addr addr; + struct cname *a, *candidate; + unsigned int wclen; + +@@ -178,7 +178,7 @@ size_t answer_auth(struct dns_header *he + struct addrlist *addrlist; + + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) +- if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr.addr4.s_addr == addrlist->addr.addr.addr4.s_addr) ++ if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr4.s_addr == addrlist->addr.addr4.s_addr) + break; + + if (addrlist) +@@ -193,7 +193,7 @@ size_t answer_auth(struct dns_header *he + struct addrlist *addrlist; + + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) +- if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr.addr6, &addrlist->addr.addr.addr6)) ++ if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr6, &addrlist->addr.addr6)) + break; + + if (addrlist) +@@ -468,10 +468,10 @@ size_t answer_auth(struct dns_header *he + { + nxdomain = 0; + if ((crecp->flags & flag) && +- (local_query || filter_zone(zone, flag, &(crecp->addr.addr)))) ++ (local_query || filter_zone(zone, flag, &(crecp->addr)))) + { + *cut = '.'; /* restore domain part */ +- log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid)); ++ log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid)); + *cut = 0; /* remove domain part */ + found = 1; + if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, +@@ -491,9 +491,9 @@ size_t answer_auth(struct dns_header *he + do + { + nxdomain = 0; +- if ((crecp->flags & flag) && (local_query || filter_zone(zone, flag, &(crecp->addr.addr)))) ++ if ((crecp->flags & flag) && (local_query || filter_zone(zone, flag, &(crecp->addr)))) + { +- log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid)); ++ log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid)); + found = 1; + if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, + daemon->auth_ttl, NULL, qtype, C_IN, +@@ -580,7 +580,7 @@ size_t answer_auth(struct dns_header *he + + if (!(subnet->flags & ADDRLIST_IPV6)) + { +- in_addr_t a = ntohl(subnet->addr.addr.addr4.s_addr) >> 8; ++ in_addr_t a = ntohl(subnet->addr.addr4.s_addr) >> 8; + char *p = name; + + if (subnet->prefixlen >= 24) +@@ -599,7 +599,7 @@ size_t answer_auth(struct dns_header *he + + for (i = subnet->prefixlen-1; i >= 0; i -= 4) + { +- int dig = ((unsigned char *)&subnet->addr.addr.addr6)[i>>3]; ++ int dig = ((unsigned char *)&subnet->addr.addr6)[i>>3]; + p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4); + } + p += sprintf(p, "ip6.arpa"); +@@ -783,7 +783,7 @@ size_t answer_auth(struct dns_header *he + { + char *cache_name = cache_get_name(crecp); + if (!strchr(cache_name, '.') && +- (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr))) && ++ (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr))) && + add_resource_record(header, limit, &trunc, -axfroffset, &ansp, + daemon->auth_ttl, NULL, (crecp->flags & F_IPV6) ? T_AAAA : T_A, C_IN, + (crecp->flags & F_IPV4) ? "4" : "6", cache_name, &crecp->addr)) +@@ -794,7 +794,7 @@ size_t answer_auth(struct dns_header *he + { + strcpy(name, cache_get_name(crecp)); + if (in_zone(zone, name, &cut) && +- (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))) ++ (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr)))) + { + if (cut) + *cut = 0; +--- a/src/bpf.c ++++ b/src/bpf.c +@@ -42,7 +42,7 @@ + + #ifdef HAVE_BSD_NETWORK + static int del_family = 0; +-static struct all_addr del_addr; ++static union all_addr del_addr; + #endif + + #if defined(HAVE_BSD_NETWORK) && !defined(__APPLE__) +@@ -139,7 +139,7 @@ int iface_enumerate(int family, void *pa + struct in_addr addr, netmask, broadcast; + addr = ((struct sockaddr_in *) addrs->ifa_addr)->sin_addr; + #ifdef HAVE_BSD_NETWORK +- if (del_family == AF_INET && del_addr.addr.addr4.s_addr == addr.s_addr) ++ if (del_family == AF_INET && del_addr.addr4.s_addr == addr.s_addr) + continue; + #endif + netmask = ((struct sockaddr_in *) addrs->ifa_netmask)->sin_addr; +@@ -159,7 +159,7 @@ int iface_enumerate(int family, void *pa + u32 valid = 0xffffffff, preferred = 0xffffffff; + int flags = 0; + #ifdef HAVE_BSD_NETWORK +- if (del_family == AF_INET6 && IN6_ARE_ADDR_EQUAL(&del_addr.addr.addr6, addr)) ++ if (del_family == AF_INET6 && IN6_ARE_ADDR_EQUAL(&del_addr.addr6, addr)) + continue; + #endif + #if defined(HAVE_BSD_NETWORK) && !defined(__APPLE__) +@@ -422,9 +422,9 @@ void route_sock(void) + { + del_family = sa->sa_family; + if (del_family == AF_INET) +- del_addr.addr.addr4 = ((struct sockaddr_in *)sa)->sin_addr; ++ del_addr.addr4 = ((struct sockaddr_in *)sa)->sin_addr; + else if (del_family == AF_INET6) +- del_addr.addr.addr6 = ((struct sockaddr_in6 *)sa)->sin6_addr; ++ del_addr.addr6 = ((struct sockaddr_in6 *)sa)->sin6_addr; + else + del_family = 0; + } +--- a/src/cache.c ++++ b/src/cache.c +@@ -26,7 +26,7 @@ static union bigname *big_free = NULL; + static int bignames_left, hash_size; + + static void make_non_terminals(struct crec *source); +-static struct crec *really_insert(char *name, struct all_addr *addr, unsigned short class, ++static struct crec *really_insert(char *name, union all_addr *addr, unsigned short class, + time_t now, unsigned long ttl, unsigned short flags); + + /* type->string mapping: this is also used by the name-hash function as a mixing table. */ +@@ -202,9 +202,9 @@ static void cache_hash(struct crec *crec + static void cache_blockdata_free(struct crec *crecp) + { + if (crecp->flags & F_DNSKEY) +- blockdata_free(crecp->addr.addr.addr.key.keydata); ++ blockdata_free(crecp->addr.key.keydata); + else if ((crecp->flags & F_DS) && !(crecp->flags & F_NEG)) +- blockdata_free(crecp->addr.addr.addr.ds.keydata); ++ blockdata_free(crecp->addr.ds.keydata); + } + #endif + +@@ -330,7 +330,7 @@ static int is_expired(time_t now, struct + return 1; + } + +-static struct crec *cache_scan_free(char *name, struct all_addr *addr, unsigned short class, time_t now, ++static struct crec *cache_scan_free(char *name, union all_addr *addr, unsigned short class, time_t now, + unsigned short flags, struct crec **target_crec, unsigned int *target_uid) + { + /* Scan and remove old entries. +@@ -430,7 +430,7 @@ static struct crec *cache_scan_free(char + else if (!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) && + (flags & crecp->flags & F_REVERSE) && + (flags & crecp->flags & (F_IPV4 | F_IPV6)) && +- memcmp(&crecp->addr.addr, addr, addrlen) == 0) ++ memcmp(&crecp->addr, addr, addrlen) == 0) + { + *up = crecp->hash_next; + cache_unlink(crecp); +@@ -466,7 +466,7 @@ void cache_start_insert(void) + insert_error = 0; + } + +-struct crec *cache_insert(char *name, struct all_addr *addr, unsigned short class, ++struct crec *cache_insert(char *name, union all_addr *addr, unsigned short class, + time_t now, unsigned long ttl, unsigned short flags) + { + /* Don't log DNSSEC records here, done elsewhere */ +@@ -484,7 +484,7 @@ struct crec *cache_insert(char *name, st + } + + +-static struct crec *really_insert(char *name, struct all_addr *addr, unsigned short class, ++static struct crec *really_insert(char *name, union all_addr *addr, unsigned short class, + time_t now, unsigned long ttl, unsigned short flags) + { + struct crec *new, *target_crec = NULL; +@@ -509,10 +509,10 @@ static struct crec *really_insert(char * + if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr) + { + if ((flags & F_IPV4) && (new->flags & F_IPV4) && +- new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr) ++ new->addr.addr4.s_addr == addr->addr4.s_addr) + return new; + else if ((flags & F_IPV6) && (new->flags & F_IPV6) && +- IN6_ARE_ADDR_EQUAL(&new->addr.addr.addr.addr6, &addr->addr.addr6)) ++ IN6_ARE_ADDR_EQUAL(&new->addr.addr6, &addr->addr6)) + return new; + } + +@@ -557,7 +557,7 @@ static struct crec *really_insert(char * + { + /* For DNSSEC records, uid holds class. */ + free_avail = 1; /* Must be free space now. */ +- cache_scan_free(cache_get_name(new), &new->addr.addr, new->uid, now, new->flags, NULL, NULL); ++ cache_scan_free(cache_get_name(new), &new->addr, new->uid, now, new->flags, NULL, NULL); + daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED]++; + } + else +@@ -616,7 +616,7 @@ static struct crec *really_insert(char * + #endif + + if (addr) +- new->addr.addr = *addr; ++ new->addr = *addr; + + new->ttd = now + (time_t)ttl; + new->next = new_chain; +@@ -665,14 +665,14 @@ void cache_end_insert(void) + if (flags & F_DNSKEY) + { + read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); +- blockdata_write(new_chain->addr.addr.addr.key.keydata, new_chain->addr.addr.addr.key.keylen, daemon->pipe_to_parent); ++ blockdata_write(new_chain->addr.key.keydata, new_chain->addr.key.keylen, daemon->pipe_to_parent); + } + else if (flags & F_DS) + { + read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0); + /* A negative DS entry is possible and has no data, obviously. */ + if (!(flags & F_NEG)) +- blockdata_write(new_chain->addr.addr.addr.ds.keydata, new_chain->addr.addr.addr.ds.keylen, daemon->pipe_to_parent); ++ blockdata_write(new_chain->addr.ds.keydata, new_chain->addr.ds.keylen, daemon->pipe_to_parent); + } + #endif + } +@@ -696,7 +696,7 @@ void cache_end_insert(void) + int cache_recv_insert(time_t now, int fd) + { + ssize_t m; +- struct all_addr addr; ++ union all_addr addr; + unsigned long ttl; + time_t ttd; + unsigned short flags; +@@ -736,14 +736,14 @@ int cache_recv_insert(time_t now, int fd + if (flags & F_DNSKEY) + { + if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || +- !(addr.addr.key.keydata = blockdata_read(fd, addr.addr.key.keylen))) ++ !(addr.key.keydata = blockdata_read(fd, addr.key.keylen))) + return 0; + } + else if (flags & F_DS) + { + if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || + (flags & F_NEG) || +- !(addr.addr.key.keydata = blockdata_read(fd, addr.addr.key.keylen))) ++ !(addr.key.keydata = blockdata_read(fd, addr.key.keylen))) + return 0; + } + #endif +@@ -876,7 +876,7 @@ struct crec *cache_find_by_name(struct c + return NULL; + } + +-struct crec *cache_find_by_addr(struct crec *crecp, struct all_addr *addr, ++struct crec *cache_find_by_addr(struct crec *crecp, union all_addr *addr, + time_t now, unsigned int prot) + { + struct crec *ans; +@@ -900,7 +900,7 @@ struct crec *cache_find_by_addr(struct c + if (!is_expired(now, crecp)) + { + if ((crecp->flags & prot) && +- memcmp(&crecp->addr.addr, addr, addrlen) == 0) ++ memcmp(&crecp->addr, addr, addrlen) == 0) + { + if (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) + { +@@ -931,7 +931,7 @@ struct crec *cache_find_by_addr(struct c + if (ans && + (ans->flags & F_REVERSE) && + (ans->flags & prot) && +- memcmp(&ans->addr.addr, addr, addrlen) == 0) ++ memcmp(&ans->addr, addr, addrlen) == 0) + return ans; + + return NULL; +@@ -961,7 +961,7 @@ static void add_hosts_cname(struct crec + } + } + +-static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrlen, ++static void add_hosts_entry(struct crec *cache, union all_addr *addr, int addrlen, + unsigned int index, struct crec **rhash, int hashsz) + { + struct crec *lookup = cache_find_by_name(NULL, cache_get_name(cache), 0, cache->flags & (F_IPV4 | F_IPV6)); +@@ -972,7 +972,7 @@ static void add_hosts_entry(struct crec + if (lookup && (lookup->flags & F_HOSTS)) + { + nameexists = 1; +- if (memcmp(&lookup->addr.addr, addr, addrlen) == 0) ++ if (memcmp(&lookup->addr, addr, addrlen) == 0) + { + free(cache); + return; +@@ -1004,7 +1004,7 @@ static void add_hosts_entry(struct crec + + for (lookup = rhash[j]; lookup; lookup = lookup->next) + if ((lookup->flags & cache->flags & (F_IPV4 | F_IPV6)) && +- memcmp(&lookup->addr.addr, addr, addrlen) == 0) ++ memcmp(&lookup->addr, addr, addrlen) == 0) + { + cache->flags &= ~F_REVERSE; + break; +@@ -1026,7 +1026,7 @@ static void add_hosts_entry(struct crec + } + + cache->uid = index; +- memcpy(&cache->addr.addr, addr, addrlen); ++ memcpy(&cache->addr, addr, addrlen); + cache_hash(cache); + make_non_terminals(cache); + +@@ -1088,7 +1088,7 @@ int read_hostsfile(char *filename, unsig + char *token = daemon->namebuff, *domain_suffix = NULL; + int addr_count = 0, name_count = cache_size, lineno = 0; + unsigned short flags = 0; +- struct all_addr addr; ++ union all_addr addr; + int atnl, addrlen = 0; + + if (!f) +@@ -1107,13 +1107,13 @@ int read_hostsfile(char *filename, unsig + { + flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4; + addrlen = INADDRSZ; +- domain_suffix = get_domain(addr.addr.addr4); ++ domain_suffix = get_domain(addr.addr4); + } + else if (inet_pton(AF_INET6, token, &addr) > 0) + { + flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6; + addrlen = IN6ADDRSZ; +- domain_suffix = get_domain6(&addr.addr.addr6); ++ domain_suffix = get_domain6(&addr.addr6); + } + else + { +@@ -1246,15 +1246,15 @@ void cache_reload(void) + #ifdef HAVE_DNSSEC + for (ds = daemon->ds; ds; ds = ds->next) + if ((cache = whine_malloc(SIZEOF_POINTER_CREC)) && +- (cache->addr.addr.addr.ds.keydata = blockdata_alloc(ds->digest, ds->digestlen))) ++ (cache->addr.ds.keydata = blockdata_alloc(ds->digest, ds->digestlen))) + { + cache->flags = F_FORWARD | F_IMMORTAL | F_DS | F_CONFIG | F_NAMEP; + cache->ttd = daemon->local_ttl; + cache->name.namep = ds->name; +- cache->addr.addr.addr.ds.keylen = ds->digestlen; +- cache->addr.addr.addr.ds.algo = ds->algo; +- cache->addr.addr.addr.ds.keytag = ds->keytag; +- cache->addr.addr.addr.ds.digest = ds->digest_type; ++ cache->addr.ds.keylen = ds->digestlen; ++ cache->addr.ds.algo = ds->algo; ++ cache->addr.ds.keytag = ds->keytag; ++ cache->addr.ds.digest = ds->digest_type; + cache->uid = ds->class; + cache_hash(cache); + make_non_terminals(cache); +@@ -1277,7 +1277,7 @@ void cache_reload(void) + cache->name.namep = nl->name; + cache->ttd = hr->ttl; + cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV4 | F_NAMEP | F_CONFIG; +- add_hosts_entry(cache, (struct all_addr *)&hr->addr, INADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); ++ add_hosts_entry(cache, (union all_addr *)&hr->addr, INADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); + } + + if (!IN6_IS_ADDR_UNSPECIFIED(&hr->addr6) && +@@ -1286,7 +1286,7 @@ void cache_reload(void) + cache->name.namep = nl->name; + cache->ttd = hr->ttl; + cache->flags = F_HOSTS | F_IMMORTAL | F_FORWARD | F_REVERSE | F_IPV6 | F_NAMEP | F_CONFIG; +- add_hosts_entry(cache, (struct all_addr *)&hr->addr6, IN6ADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); ++ add_hosts_entry(cache, (union all_addr *)&hr->addr6, IN6ADDRSZ, SRC_CONFIG, (struct crec **)daemon->packet, revhashsz); + } + } + +@@ -1320,7 +1320,7 @@ struct in_addr a_record_from_hosts(char + + while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4))) + if (crecp->flags & F_HOSTS) +- return *(struct in_addr *)&crecp->addr; ++ return crecp->addr.addr4; + + my_syslog(MS_DHCP | LOG_WARNING, _("No IPv4 address found for %s"), name); + +@@ -1379,7 +1379,7 @@ static void add_dhcp_cname(struct crec * + } + + void cache_add_dhcp_entry(char *host_name, int prot, +- struct all_addr *host_address, time_t ttd) ++ union all_addr *host_address, time_t ttd) + { + struct crec *crec = NULL, *fail_crec = NULL; + unsigned short flags = F_IPV4; +@@ -1403,7 +1403,7 @@ void cache_add_dhcp_entry(char *host_nam + my_syslog(MS_DHCP | LOG_WARNING, + _("%s is a CNAME, not giving it to the DHCP lease of %s"), + host_name, daemon->addrbuff); +- else if (memcmp(&crec->addr.addr, host_address, addrlen) == 0) ++ else if (memcmp(&crec->addr, host_address, addrlen) == 0) + in_hosts = 1; + else + fail_crec = crec; +@@ -1423,7 +1423,7 @@ void cache_add_dhcp_entry(char *host_nam + /* Name in hosts, address doesn't match */ + if (fail_crec) + { +- inet_ntop(prot, &fail_crec->addr.addr, daemon->namebuff, MAXDNAME); ++ inet_ntop(prot, &fail_crec->addr, daemon->namebuff, MAXDNAME); + my_syslog(MS_DHCP | LOG_WARNING, + _("not giving name %s to the DHCP lease of %s because " + "the name exists in %s with address %s"), +@@ -1432,12 +1432,12 @@ void cache_add_dhcp_entry(char *host_nam + return; + } + +- if ((crec = cache_find_by_addr(NULL, (struct all_addr *)host_address, 0, flags))) ++ if ((crec = cache_find_by_addr(NULL, (union all_addr *)host_address, 0, flags))) + { + if (crec->flags & F_NEG) + { + flags |= F_REVERSE; +- cache_scan_free(NULL, (struct all_addr *)host_address, C_IN, 0, flags, NULL, NULL); ++ cache_scan_free(NULL, (union all_addr *)host_address, C_IN, 0, flags, NULL, NULL); + } + } + else +@@ -1455,7 +1455,7 @@ void cache_add_dhcp_entry(char *host_nam + crec->flags |= F_IMMORTAL; + else + crec->ttd = ttd; +- crec->addr.addr = *host_address; ++ crec->addr = *host_address; + crec->name.namep = host_name; + crec->uid = UID_NONE; + cache_hash(crec); +@@ -1731,20 +1731,20 @@ void dump_cache(time_t now) + else if (cache->flags & F_DS) + { + if (!(cache->flags & F_NEG)) +- sprintf(a, "%5u %3u %3u", cache->addr.addr.addr.ds.keytag, +- cache->addr.addr.addr.ds.algo, cache->addr.addr.addr.ds.digest); ++ sprintf(a, "%5u %3u %3u", cache->addr.ds.keytag, ++ cache->addr.ds.algo, cache->addr.ds.digest); + } + else if (cache->flags & F_DNSKEY) +- sprintf(a, "%5u %3u %3u", cache->addr.addr.addr.key.keytag, +- cache->addr.addr.addr.key.algo, cache->addr.addr.addr.key.flags); ++ sprintf(a, "%5u %3u %3u", cache->addr.key.keytag, ++ cache->addr.key.algo, cache->addr.key.flags); + #endif + else if (!(cache->flags & F_NEG) || !(cache->flags & F_FORWARD)) + { + a = daemon->addrbuff; + if (cache->flags & F_IPV4) +- inet_ntop(AF_INET, &cache->addr.addr, a, ADDRSTRLEN); ++ inet_ntop(AF_INET, &cache->addr, a, ADDRSTRLEN); + else if (cache->flags & F_IPV6) +- inet_ntop(AF_INET6, &cache->addr.addr, a, ADDRSTRLEN); ++ inet_ntop(AF_INET6, &cache->addr, a, ADDRSTRLEN); + } + + if (cache->flags & F_IPV4) +@@ -1857,7 +1857,7 @@ char *querystr(char *desc, unsigned shor + return buff ? buff : ""; + } + +-void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg) ++void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg) + { + char *source, *dest = daemon->addrbuff; + char *verb = "is"; +@@ -1870,10 +1870,10 @@ void log_query(unsigned int flags, char + if (addr) + { + if (flags & F_KEYTAG) +- sprintf(daemon->addrbuff, arg, addr->addr.log.keytag, addr->addr.log.algo, addr->addr.log.digest); ++ sprintf(daemon->addrbuff, arg, addr->log.keytag, addr->log.algo, addr->log.digest); + else if (flags & F_RCODE) + { +- unsigned int rcode = addr->addr.log.rcode; ++ unsigned int rcode = addr->log.rcode; + + if (rcode == SERVFAIL) + dest = "SERVFAIL"; +--- a/src/conntrack.c ++++ b/src/conntrack.c +@@ -24,7 +24,7 @@ static int gotit = 0; /* yuck */ + + static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data); + +-int get_incoming_mark(union mysockaddr *peer_addr, struct all_addr *local_addr, int istcp, unsigned int *markp) ++int get_incoming_mark(union mysockaddr *peer_addr, union all_addr *local_addr, int istcp, unsigned int *markp) + { + struct nf_conntrack *ct; + struct nfct_handle *h; +@@ -41,14 +41,14 @@ int get_incoming_mark(union mysockaddr * + nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6); + nfct_set_attr(ct, ATTR_IPV6_SRC, peer_addr->in6.sin6_addr.s6_addr); + nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in6.sin6_port); +- nfct_set_attr(ct, ATTR_IPV6_DST, local_addr->addr.addr6.s6_addr); ++ nfct_set_attr(ct, ATTR_IPV6_DST, local_addr->addr6.s6_addr); + } + else + { + nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_IPV4_SRC, peer_addr->in.sin_addr.s_addr); + nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in.sin_port); +- nfct_set_attr_u32(ct, ATTR_IPV4_DST, local_addr->addr.addr4.s_addr); ++ nfct_set_attr_u32(ct, ATTR_IPV4_DST, local_addr->addr4.s_addr); + } + + +--- a/src/dbus.c ++++ b/src/dbus.c +@@ -456,7 +456,7 @@ static DBusMessage *dbus_add_lease(DBusM + int clid_len, hostname_len, hw_len, hw_type; + dbus_uint32_t expires, ia_id; + dbus_bool_t is_temporary; +- struct all_addr addr; ++ union all_addr addr; + time_t now = dnsmasq_time(); + unsigned char dhcp_chaddr[DHCP_CHADDR_MAX]; + +@@ -526,20 +526,20 @@ static DBusMessage *dbus_add_lease(DBusM + + dbus_message_iter_get_basic(&iter, &is_temporary); + +- if (inet_pton(AF_INET, ipaddr, &addr.addr.addr4)) ++ if (inet_pton(AF_INET, ipaddr, &addr.addr4)) + { + if (ia_id != 0 || is_temporary) + return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS, + "ia_id and is_temporary must be zero for IPv4 lease"); + +- if (!(lease = lease_find_by_addr(addr.addr.addr4))) +- lease = lease4_allocate(addr.addr.addr4); ++ if (!(lease = lease_find_by_addr(addr.addr4))) ++ lease = lease4_allocate(addr.addr4); + } + #ifdef HAVE_DHCP6 +- else if (inet_pton(AF_INET6, ipaddr, &addr.addr.addr6)) ++ else if (inet_pton(AF_INET6, ipaddr, &addr.addr6)) + { +- if (!(lease = lease6_find_by_addr(&addr.addr.addr6, 128, 0))) +- lease = lease6_allocate(&addr.addr.addr6, ++ if (!(lease = lease6_find_by_addr(&addr.addr6, 128, 0))) ++ lease = lease6_allocate(&addr.addr6, + is_temporary ? LEASE_TA : LEASE_NA); + lease_set_iaid(lease, ia_id); + } +@@ -570,7 +570,7 @@ static DBusMessage *dbus_del_lease(DBusM + DBusMessageIter iter; + const char *ipaddr; + DBusMessage *reply; +- struct all_addr addr; ++ union all_addr addr; + dbus_bool_t ret = 1; + time_t now = dnsmasq_time(); + +@@ -584,11 +584,11 @@ static DBusMessage *dbus_del_lease(DBusM + + dbus_message_iter_get_basic(&iter, &ipaddr); + +- if (inet_pton(AF_INET, ipaddr, &addr.addr.addr4)) +- lease = lease_find_by_addr(addr.addr.addr4); ++ if (inet_pton(AF_INET, ipaddr, &addr.addr4)) ++ lease = lease_find_by_addr(addr.addr4); + #ifdef HAVE_DHCP6 +- else if (inet_pton(AF_INET6, ipaddr, &addr.addr.addr6)) +- lease = lease6_find_by_addr(&addr.addr.addr6, 128, 0); ++ else if (inet_pton(AF_INET6, ipaddr, &addr.addr6)) ++ lease = lease6_find_by_addr(&addr.addr6, 128, 0); + #endif + else + return dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS, +--- a/src/dhcp-common.c ++++ b/src/dhcp-common.c +@@ -403,30 +403,30 @@ void dhcp_update_configs(struct dhcp_con + crec = cache_find_by_name(crec, config->hostname, 0, cacheflags); + if (!crec) + continue; /* should be never */ +- inet_ntop(prot, &crec->addr.addr, daemon->addrbuff, ADDRSTRLEN); ++ inet_ntop(prot, &crec->addr, daemon->addrbuff, ADDRSTRLEN); + my_syslog(MS_DHCP | LOG_WARNING, _("%s has more than one address in hostsfile, using %s for DHCP"), + config->hostname, daemon->addrbuff); + } + + if (prot == AF_INET && +- (!(conf_tmp = config_find_by_address(configs, crec->addr.addr.addr.addr4)) || conf_tmp == config)) ++ (!(conf_tmp = config_find_by_address(configs, crec->addr.addr4)) || conf_tmp == config)) + { +- config->addr = crec->addr.addr.addr.addr4; ++ config->addr = crec->addr.addr4; + config->flags |= CONFIG_ADDR | CONFIG_ADDR_HOSTS; + continue; + } + + #ifdef HAVE_DHCP6 + if (prot == AF_INET6 && +- (!(conf_tmp = config_find_by_address6(configs, &crec->addr.addr.addr.addr6, 128, 0)) || conf_tmp == config)) ++ (!(conf_tmp = config_find_by_address6(configs, &crec->addr.addr6, 128, 0)) || conf_tmp == config)) + { +- memcpy(&config->addr6, &crec->addr.addr.addr.addr6, IN6ADDRSZ); ++ memcpy(&config->addr6, &crec->addr.addr6, IN6ADDRSZ); + config->flags |= CONFIG_ADDR6 | CONFIG_ADDR_HOSTS; + continue; + } + #endif + +- inet_ntop(prot, &crec->addr.addr, daemon->addrbuff, ADDRSTRLEN); ++ inet_ntop(prot, &crec->addr, daemon->addrbuff, ADDRSTRLEN); + my_syslog(MS_DHCP | LOG_WARNING, _("duplicate IP address %s (%s) in dhcp-config directive"), + daemon->addrbuff, config->hostname); + +@@ -693,7 +693,7 @@ char *option_string(int prot, unsigned i + + if (ot[o].size & OT_ADDR_LIST) + { +- struct all_addr addr; ++ union all_addr addr; + int addr_len = INADDRSZ; + + #ifdef HAVE_DHCP6 +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -310,7 +310,7 @@ void dhcp_packet(time_t now, int pxe_fd) + parm.relay_local.s_addr = 0; + parm.ind = iface_index; + +- if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL)) ++ if (!iface_check(AF_INET, (union all_addr *)&iface_addr, ifr.ifr_name, NULL)) + { + /* If we failed to match the primary address of the interface, see if we've got a --listen-address + for a secondary */ +@@ -558,7 +558,7 @@ static int complete_context(struct in_ad + } + + for (relay = daemon->relay4; relay; relay = relay->next) +- if (if_index == param->ind && relay->local.addr.addr4.s_addr == local.s_addr && relay->current == relay && ++ if (if_index == param->ind && relay->local.addr4.s_addr == local.s_addr && relay->current == relay && + (param->relay_local.s_addr == 0 || param->relay_local.s_addr == local.s_addr)) + { + relay->current = param->relay; +@@ -984,7 +984,7 @@ char *host_from_dns(struct in_addr addr) + if (daemon->port == 0) + return NULL; /* DNS disabled. */ + +- lookup = cache_find_by_addr(NULL, (struct all_addr *)&addr, 0, F_IPV4); ++ lookup = cache_find_by_addr(NULL, (union all_addr *)&addr, 0, F_IPV4); + + if (lookup && (lookup->flags & F_HOSTS)) + { +@@ -1013,25 +1013,25 @@ char *host_from_dns(struct in_addr addr) + static int relay_upstream4(struct dhcp_relay *relay, struct dhcp_packet *mess, size_t sz, int iface_index) + { + /* ->local is same value for all relays on ->current chain */ +- struct all_addr from; ++ union all_addr from; + + if (mess->op != BOOTREQUEST) + return 0; + + /* source address == relay address */ +- from.addr.addr4 = relay->local.addr.addr4; ++ from.addr4 = relay->local.addr4; + + /* already gatewayed ? */ + if (mess->giaddr.s_addr) + { + /* if so check if by us, to stomp on loops. */ +- if (mess->giaddr.s_addr == relay->local.addr.addr4.s_addr) ++ if (mess->giaddr.s_addr == relay->local.addr4.s_addr) + return 1; + } + else + { + /* plug in our address */ +- mess->giaddr.s_addr = relay->local.addr.addr4.s_addr; ++ mess->giaddr.s_addr = relay->local.addr4.s_addr; + } + + if ((mess->hops++) > 20) +@@ -1042,7 +1042,7 @@ static int relay_upstream4(struct dhcp_ + union mysockaddr to; + + to.sa.sa_family = AF_INET; +- to.in.sin_addr = relay->server.addr.addr4; ++ to.in.sin_addr = relay->server.addr4; + to.in.sin_port = htons(daemon->dhcp_server_port); + + send_from(daemon->dhcpfd, 0, (char *)mess, sz, &to, &from, 0); +@@ -1050,7 +1050,7 @@ static int relay_upstream4(struct dhcp_ + if (option_bool(OPT_LOG_OPTS)) + { + inet_ntop(AF_INET, &relay->local, daemon->addrbuff, ADDRSTRLEN); +- my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay %s -> %s"), daemon->addrbuff, inet_ntoa(relay->server.addr.addr4)); ++ my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay %s -> %s"), daemon->addrbuff, inet_ntoa(relay->server.addr4)); + } + + /* Save this for replies */ +@@ -1070,7 +1070,7 @@ static struct dhcp_relay *relay_reply4(s + + for (relay = daemon->relay4; relay; relay = relay->next) + { +- if (mess->giaddr.s_addr == relay->local.addr.addr4.s_addr) ++ if (mess->giaddr.s_addr == relay->local.addr4.s_addr) + { + if (!relay->interface || wildcard_match(relay->interface, arrival_interface)) + return relay->iface_index != 0 ? relay : NULL; +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -371,7 +371,7 @@ static int complete_context6(struct in6_ + } + + for (relay = daemon->relay6; relay; relay = relay->next) +- if (IN6_ARE_ADDR_EQUAL(local, &relay->local.addr.addr6) && relay->current == relay && ++ if (IN6_ARE_ADDR_EQUAL(local, &relay->local.addr6) && relay->current == relay && + (IN6_IS_ADDR_UNSPECIFIED(¶m->relay_local) || IN6_ARE_ADDR_EQUAL(local, ¶m->relay_local))) + { + relay->current = param->relay; +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -1721,12 +1721,12 @@ static void check_dns_listeners(time_t n + if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 && + indextoname(listener->tcpfd, if_index, intr_name)) + { +- struct all_addr addr; ++ union all_addr addr; + + if (tcp_addr.sa.sa_family == AF_INET6) +- addr.addr.addr6 = tcp_addr.in6.sin6_addr; ++ addr.addr6 = tcp_addr.in6.sin6_addr; + else +- addr.addr.addr4 = tcp_addr.in.sin_addr; ++ addr.addr4 = tcp_addr.in.sin_addr; + + for (iface = daemon->interfaces; iface; iface = iface->next) + if (iface->index == if_index) +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -273,28 +273,39 @@ struct event_desc { + #define MS_DHCP LOG_DAEMON + #define MS_SCRIPT LOG_MAIL + +-struct all_addr { +- union { +- struct in_addr addr4; +- struct in6_addr addr6; +- struct { +- struct blockdata *keydata; +- unsigned short keylen, flags, keytag; +- unsigned char algo; +- } key; +- struct { +- struct blockdata *keydata; +- unsigned short keylen, keytag; +- unsigned char algo; +- unsigned char digest; +- } ds; +- /* for log_query */ +- struct { +- unsigned short keytag, algo, digest, rcode; +- } log; +- } addr; ++/* Note that this is used widely as a container for IPv4/IPv6 addresses, ++ so for that reason, was well as to avoid wasting memory in almost every ++ cache entry, the other variants should not be larger than ++ sizeof(struct in6_addr) - 16 bytes. ++*/ ++union all_addr { ++ struct in_addr addr4; ++ struct in6_addr addr6; ++ struct { ++ union { ++ struct crec *cache; ++ struct interface_name *int_name; ++ } target; ++ unsigned int uid; /* 0 if union is interface-name */ ++ } cname; ++ struct { ++ struct blockdata *keydata; ++ unsigned short keylen, flags, keytag; ++ unsigned char algo; ++ } key; ++ struct { ++ struct blockdata *keydata; ++ unsigned short keylen, keytag; ++ unsigned char algo; ++ unsigned char digest; ++ } ds; ++ /* for log_query */ ++ struct { ++ unsigned short keytag, algo, digest, rcode; ++ } log; + }; + ++ + struct bogus_addr { + struct in_addr addr; + struct bogus_addr *next; +@@ -359,7 +370,7 @@ struct ds_config { + #define ADDRLIST_REVONLY 4 + + struct addrlist { +- struct all_addr addr; ++ union all_addr addr; + int flags, prefixlen; + struct addrlist *next; + }; +@@ -411,17 +422,7 @@ struct blockdata { + + struct crec { + struct crec *next, *prev, *hash_next; +- /* union is 16 bytes when doing IPv6, 8 bytes on 32 bit machines without IPv6 */ +- union { +- struct all_addr addr; +- struct { +- union { +- struct crec *cache; +- struct interface_name *int_name; +- } target; +- unsigned int uid; /* 0 if union is interface-name */ +- } cname; +- } addr; ++ union all_addr addr; + time_t ttd; /* time to die */ + /* used as class if DNSKEY/DS, index to source for F_HOSTS */ + unsigned int uid; +@@ -646,7 +647,7 @@ struct hostsfile { + + struct frec { + union mysockaddr source; +- struct all_addr dest; ++ union all_addr dest; + struct server *sentto; /* NULL means free */ + struct randfd *rfd4; + struct randfd *rfd6; +@@ -962,7 +963,7 @@ struct tftp_prefix { + }; + + struct dhcp_relay { +- struct all_addr local, server; ++ union all_addr local, server; + char *interface; /* Allowable interface for replies from server, and dest for IPv6 multicast */ + int iface_index; /* working - interface in which requests arrived, for return */ + struct dhcp_relay *current, *next; +@@ -1128,22 +1129,22 @@ extern struct daemon { + /* cache.c */ + void cache_init(void); + void next_uid(struct crec *crecp); +-void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg); ++void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg); + char *record_source(unsigned int index); + char *querystr(char *desc, unsigned short type); + int cache_find_non_terminal(char *name, time_t now); + struct crec *cache_find_by_addr(struct crec *crecp, +- struct all_addr *addr, time_t now, ++ union all_addr *addr, time_t now, + unsigned int prot); + struct crec *cache_find_by_name(struct crec *crecp, + char *name, time_t now, unsigned int prot); + void cache_end_insert(void); + void cache_start_insert(void); + int cache_recv_insert(time_t now, int fd); +-struct crec *cache_insert(char *name, struct all_addr *addr, unsigned short class, ++struct crec *cache_insert(char *name, union all_addr *addr, unsigned short class, + time_t now, unsigned long ttl, unsigned short flags); + void cache_reload(void); +-void cache_add_dhcp_entry(char *host_name, int prot, struct all_addr *host_address, time_t ttd); ++void cache_add_dhcp_entry(char *host_name, int prot, union all_addr *host_address, time_t ttd); + struct in_addr a_record_from_hosts(char *name, time_t now); + void cache_unhash_dhcp(void); + void dump_cache(time_t now); +@@ -1170,8 +1171,8 @@ void blockdata_free(struct blockdata *bl + /* domain.c */ + char *get_domain(struct in_addr addr); + char *get_domain6(struct in6_addr *addr); +-int is_name_synthetic(int flags, char *name, struct all_addr *addr); +-int is_rev_synth(int flag, struct all_addr *addr, char *name); ++int is_name_synthetic(int flags, char *name, union all_addr *addr); ++int is_rev_synth(int flag, union all_addr *addr, char *name); + + /* rfc1035.c */ + int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, +@@ -1182,7 +1183,7 @@ unsigned char *skip_section(unsigned cha + unsigned int extract_request(struct dns_header *header, size_t qlen, + char *name, unsigned short *typep); + size_t setup_reply(struct dns_header *header, size_t qlen, +- struct all_addr *addrp, unsigned int flags, ++ union all_addr *addrp, unsigned int flags, + unsigned long ttl); + int extract_addresses(struct dns_header *header, size_t qlen, char *name, + time_t now, char **ipsets, int is_sign, int check_rebind, +@@ -1203,7 +1204,7 @@ int add_resource_record(struct dns_heade + unsigned char *skip_questions(struct dns_header *header, size_t plen); + int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + char *name, int isExtract, int extrabytes); +-int in_arpa_name_2_addr(char *namein, struct all_addr *addrp); ++int in_arpa_name_2_addr(char *namein, union all_addr *addrp); + int private_net(struct in_addr addr, int ban_localhost); + + /* auth.c */ +@@ -1302,7 +1303,7 @@ unsigned char *tcp_request(int confd, ti + void server_gone(struct server *server); + struct frec *get_new_frec(time_t now, int *wait, int force); + int send_from(int fd, int nowild, char *packet, size_t len, +- union mysockaddr *to, struct all_addr *source, ++ union mysockaddr *to, union all_addr *source, + unsigned int iface); + void resend_query(void); + struct randfd *allocate_rfd(int family); +@@ -1329,9 +1330,9 @@ void warn_bound_listeners(void); + void warn_wild_labels(void); + void warn_int_names(void); + int is_dad_listeners(void); +-int iface_check(int family, struct all_addr *addr, char *name, int *auth); +-int loopback_exception(int fd, int family, struct all_addr *addr, char *name); +-int label_exception(int index, int family, struct all_addr *addr); ++int iface_check(int family, union all_addr *addr, char *name, int *auth); ++int loopback_exception(int fd, int family, union all_addr *addr, char *name); ++int label_exception(int index, int family, union all_addr *addr); + int fix_fd(int fd); + int tcp_interface(int fd, int af); + int set_ipv6pktinfo(int fd); +@@ -1461,7 +1462,7 @@ void ubus_event_bcast(const char *type, + /* ipset.c */ + #ifdef HAVE_IPSET + void ipset_init(void); +-int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove); ++int add_to_ipset(const char *setname, const union all_addr *ipaddr, int flags, int remove); + #endif + + /* helper.c */ +@@ -1474,7 +1475,7 @@ void queue_script(int action, struct dhc + void queue_tftp(off_t file_len, char *filename, union mysockaddr *peer); + #endif + void queue_arp(int action, unsigned char *mac, int maclen, +- int family, struct all_addr *addr); ++ int family, union all_addr *addr); + int helper_buf_empty(void); + #endif + +@@ -1487,7 +1488,7 @@ int do_tftp_script_run(void); + + /* conntrack.c */ + #ifdef HAVE_CONNTRACK +-int get_incoming_mark(union mysockaddr *peer_addr, struct all_addr *local_addr, ++int get_incoming_mark(union mysockaddr *peer_addr, union all_addr *local_addr, + int istcp, unsigned int *markp); + #endif + +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -628,10 +628,10 @@ static int validate_rrset(time_t now, st + { + /* iterate through all possible keys 4035 5.3.1 */ + for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY)) +- if (crecp->addr.addr.addr.key.algo == algo && +- crecp->addr.addr.addr.key.keytag == key_tag && ++ if (crecp->addr.key.algo == algo && ++ crecp->addr.key.keytag == key_tag && + crecp->uid == (unsigned int)class && +- verify(crecp->addr.addr.addr.key.keydata, crecp->addr.addr.addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo)) ++ verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo)) + return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE; + } + } +@@ -655,7 +655,7 @@ int dnssec_validate_by_ds(time_t now, st + struct crec *crecp, *recp1; + int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag; + struct blockdata *key; +- struct all_addr a; ++ union all_addr a; + + if (ntohs(header->qdcount) != 1 || + !extract_name(header, plen, &p, name, 1, 4)) +@@ -728,10 +728,10 @@ int dnssec_validate_by_ds(time_t now, st + const struct nettle_hash *hash; + int sigcnt, rrcnt; + +- if (recp1->addr.addr.addr.ds.algo == algo && +- recp1->addr.addr.addr.ds.keytag == keytag && ++ if (recp1->addr.ds.algo == algo && ++ recp1->addr.ds.keytag == keytag && + recp1->uid == (unsigned int)class && +- (hash = hash_find(ds_digest_name(recp1->addr.addr.addr.ds.digest))) && ++ (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) && + hash_init(hash, &ctx, &digest)) + + { +@@ -746,9 +746,9 @@ int dnssec_validate_by_ds(time_t now, st + from_wire(name); + + if (!(recp1->flags & F_NEG) && +- recp1->addr.addr.addr.ds.keylen == (int)hash->digest_size && +- (ds_digest = blockdata_retrieve(recp1->addr.addr.addr.ds.keydata, recp1->addr.addr.addr.ds.keylen, NULL)) && +- memcmp(ds_digest, digest, recp1->addr.addr.addr.ds.keylen) == 0 && ++ recp1->addr.ds.keylen == (int)hash->digest_size && ++ (ds_digest = blockdata_retrieve(recp1->addr.ds.keydata, recp1->addr.ds.keylen, NULL)) && ++ memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 && + explore_rrset(header, plen, class, T_DNSKEY, name, keyname, &sigcnt, &rrcnt) && + sigcnt != 0 && rrcnt != 0 && + validate_rrset(now, header, plen, class, T_DNSKEY, sigcnt, rrcnt, name, keyname, +@@ -800,11 +800,11 @@ int dnssec_validate_by_ds(time_t now, st + + if ((key = blockdata_alloc((char*)p, rdlen - 4))) + { +- a.addr.key.keylen = rdlen - 4; +- a.addr.key.keydata = key; +- a.addr.key.algo = algo; +- a.addr.key.keytag = keytag; +- a.addr.key.flags = flags; ++ a.key.keylen = rdlen - 4; ++ a.key.keydata = key; ++ a.key.algo = algo; ++ a.key.keytag = keytag; ++ a.key.flags = flags; + + if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)) + { +@@ -813,8 +813,8 @@ int dnssec_validate_by_ds(time_t now, st + } + else + { +- a.addr.log.keytag = keytag; +- a.addr.log.algo = algo; ++ a.log.keytag = keytag; ++ a.log.algo = algo; + if (algo_digest_name(algo)) + log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu"); + else +@@ -857,7 +857,7 @@ int dnssec_validate_ds(time_t now, struc + int qtype, qclass, rc, i, neganswer, nons; + int aclass, atype, rdlen; + unsigned long ttl; +- struct all_addr a; ++ union all_addr a; + + if (ntohs(header->qdcount) != 1 || + !(p = skip_name(p, header, plen, 4))) +@@ -925,11 +925,11 @@ int dnssec_validate_ds(time_t now, struc + + if ((key = blockdata_alloc((char*)p, rdlen - 4))) + { +- a.addr.ds.digest = digest; +- a.addr.ds.keydata = key; +- a.addr.ds.algo = algo; +- a.addr.ds.keytag = keytag; +- a.addr.ds.keylen = rdlen - 4; ++ a.ds.digest = digest; ++ a.ds.keydata = key; ++ a.ds.algo = algo; ++ a.ds.keytag = keytag; ++ a.ds.keylen = rdlen - 4; + + if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)) + { +@@ -938,9 +938,9 @@ int dnssec_validate_ds(time_t now, struc + } + else + { +- a.addr.log.keytag = keytag; +- a.addr.log.algo = algo; +- a.addr.log.digest = digest; ++ a.log.keytag = keytag; ++ a.log.algo = algo; ++ a.log.digest = digest; + if (ds_digest_name(digest) && algo_digest_name(algo)) + log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu"); + else +@@ -1710,8 +1710,8 @@ static int zone_status(char *name, int c + do + { + if (crecp->uid == (unsigned int)class && +- ds_digest_name(crecp->addr.addr.addr.ds.digest) && +- algo_digest_name(crecp->addr.addr.addr.ds.algo)) ++ ds_digest_name(crecp->addr.ds.digest) && ++ algo_digest_name(crecp->addr.ds.algo)) + break; + } + while ((crecp = cache_find_by_name(crecp, keyname, now, F_DS))); +--- a/src/domain.c ++++ b/src/domain.c +@@ -21,7 +21,7 @@ static struct cond_domain *search_domain + static struct cond_domain *search_domain6(struct in6_addr *addr, struct cond_domain *c); + + +-int is_name_synthetic(int flags, char *name, struct all_addr *addr) ++int is_name_synthetic(int flags, char *name, union all_addr *addr) + { + char *p; + struct cond_domain *c = NULL; +@@ -73,7 +73,7 @@ int is_name_synthetic(int flags, char *n + if (!c->is6 && + index <= ntohl(c->end.s_addr) - ntohl(c->start.s_addr)) + { +- addr->addr.addr4.s_addr = htonl(ntohl(c->start.s_addr) + index); ++ addr->addr4.s_addr = htonl(ntohl(c->start.s_addr) + index); + found = 1; + } + } +@@ -85,8 +85,8 @@ int is_name_synthetic(int flags, char *n + index <= addr6part(&c->end6) - addr6part(&c->start6)) + { + u64 start = addr6part(&c->start6); +- addr->addr.addr6 = c->start6; +- setaddr6part(&addr->addr.addr6, start + index); ++ addr->addr6 = c->start6; ++ setaddr6part(&addr->addr6, start + index); + found = 1; + } + } +@@ -139,16 +139,16 @@ int is_name_synthetic(int flags, char *n + if (prot == AF_INET) + { + if (!c->is6 && +- ntohl(addr->addr.addr4.s_addr) >= ntohl(c->start.s_addr) && +- ntohl(addr->addr.addr4.s_addr) <= ntohl(c->end.s_addr)) ++ ntohl(addr->addr4.s_addr) >= ntohl(c->start.s_addr) && ++ ntohl(addr->addr4.s_addr) <= ntohl(c->end.s_addr)) + found = 1; + } + else + { +- u64 addrpart = addr6part(&addr->addr.addr6); ++ u64 addrpart = addr6part(&addr->addr6); + + if (c->is6 && +- is_same_net6(&addr->addr.addr6, &c->start6, 64) && ++ is_same_net6(&addr->addr6, &c->start6, 64) && + addrpart >= addr6part(&c->start6) && + addrpart <= addr6part(&c->end6)) + found = 1; +@@ -173,18 +173,18 @@ int is_name_synthetic(int flags, char *n + } + + +-int is_rev_synth(int flag, struct all_addr *addr, char *name) ++int is_rev_synth(int flag, union all_addr *addr, char *name) + { + struct cond_domain *c; + +- if (flag & F_IPV4 && (c = search_domain(addr->addr.addr4, daemon->synth_domains))) ++ if (flag & F_IPV4 && (c = search_domain(addr->addr4, daemon->synth_domains))) + { + char *p; + + *name = 0; + if (c->indexed) + { +- unsigned int index = ntohl(addr->addr.addr4.s_addr) - ntohl(c->start.s_addr); ++ unsigned int index = ntohl(addr->addr4.s_addr) - ntohl(c->start.s_addr); + snprintf(name, MAXDNAME, "%s%u", c->prefix ? c->prefix : "", index); + } + else +@@ -192,7 +192,7 @@ int is_rev_synth(int flag, struct all_ad + if (c->prefix) + strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN); + +- inet_ntop(AF_INET, &addr->addr.addr4, name + strlen(name), ADDRSTRLEN); ++ inet_ntop(AF_INET, &addr->addr4, name + strlen(name), ADDRSTRLEN); + for (p = name; *p; p++) + if (*p == '.') + *p = '-'; +@@ -204,14 +204,14 @@ int is_rev_synth(int flag, struct all_ad + return 1; + } + +- if ((flag & F_IPV6) && (c = search_domain6(&addr->addr.addr6, daemon->synth_domains))) ++ if ((flag & F_IPV6) && (c = search_domain6(&addr->addr6, daemon->synth_domains))) + { + char *p; + + *name = 0; + if (c->indexed) + { +- u64 index = addr6part(&addr->addr.addr6) - addr6part(&c->start6); ++ u64 index = addr6part(&addr->addr6) - addr6part(&c->start6); + snprintf(name, MAXDNAME, "%s%llu", c->prefix ? c->prefix : "", index); + } + else +@@ -219,14 +219,14 @@ int is_rev_synth(int flag, struct all_ad + if (c->prefix) + strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN); + +- inet_ntop(AF_INET6, &addr->addr.addr6, name + strlen(name), ADDRSTRLEN); ++ inet_ntop(AF_INET6, &addr->addr6, name + strlen(name), ADDRSTRLEN); + + /* IPv6 presentation address can start with ":", but valid domain names + cannot start with "-" so prepend a zero in that case. */ + if (!c->prefix && *name == ':') + { + *name = '0'; +- inet_ntop(AF_INET6, &addr->addr.addr6, name+1, ADDRSTRLEN); ++ inet_ntop(AF_INET6, &addr->addr6, name+1, ADDRSTRLEN); + } + + /* V4-mapped have periods.... */ +--- a/src/forward.c ++++ b/src/forward.c +@@ -26,7 +26,7 @@ static void free_frec(struct frec *f); + /* Send a UDP packet with its source address set as "source" + unless nowild is true, when we just send it with the kernel default */ + int send_from(int fd, int nowild, char *packet, size_t len, +- union mysockaddr *to, struct all_addr *source, ++ union mysockaddr *to, union all_addr *source, + unsigned int iface) + { + struct msghdr msg; +@@ -64,13 +64,13 @@ int send_from(int fd, int nowild, char * + #if defined(HAVE_LINUX_NETWORK) + struct in_pktinfo p; + p.ipi_ifindex = 0; +- p.ipi_spec_dst = source->addr.addr4; ++ p.ipi_spec_dst = source->addr4; + memcpy(CMSG_DATA(cmptr), &p, sizeof(p)); + msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); + cmptr->cmsg_level = IPPROTO_IP; + cmptr->cmsg_type = IP_PKTINFO; + #elif defined(IP_SENDSRCADDR) +- memcpy(CMSG_DATA(cmptr), &(source->addr.addr4), sizeof(source->addr.addr4)); ++ memcpy(CMSG_DATA(cmptr), &(source->addr4), sizeof(source->addr4)); + msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_addr)); + cmptr->cmsg_level = IPPROTO_IP; + cmptr->cmsg_type = IP_SENDSRCADDR; +@@ -80,7 +80,7 @@ int send_from(int fd, int nowild, char * + { + struct in6_pktinfo p; + p.ipi6_ifindex = iface; /* Need iface for IPv6 to handle link-local addrs */ +- p.ipi6_addr = source->addr.addr6; ++ p.ipi6_addr = source->addr6; + memcpy(CMSG_DATA(cmptr), &p, sizeof(p)); + msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); + cmptr->cmsg_type = daemon->v6pktinfo; +@@ -100,7 +100,7 @@ int send_from(int fd, int nowild, char * + return 1; + } + +-static unsigned int search_servers(time_t now, struct all_addr **addrpp, unsigned int qtype, ++static unsigned int search_servers(time_t now, union all_addr **addrpp, unsigned int qtype, + char *qdomain, int *type, char **domain, int *norebind) + + { +@@ -112,7 +112,7 @@ static unsigned int search_servers(time_ + unsigned int matchlen = 0; + struct server *serv; + unsigned int flags = 0; +- static struct all_addr zero; ++ static union all_addr zero; + + for (serv = daemon->servers; serv; serv=serv->next) + if (qtype == F_DNSSECOK && !(serv->flags & SERV_DO_DNSSEC)) +@@ -137,9 +137,9 @@ static unsigned int search_servers(time_ + { + flags = sflag; + if (serv->addr.sa.sa_family == AF_INET) +- *addrpp = (struct all_addr *)&serv->addr.in.sin_addr; ++ *addrpp = (union all_addr *)&serv->addr.in.sin_addr; + else +- *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr; ++ *addrpp = (union all_addr *)&serv->addr.in6.sin6_addr; + } + else if (!flags || (flags & F_NXDOMAIN)) + flags = F_NOERR; +@@ -195,9 +195,9 @@ static unsigned int search_servers(time_ + { + flags = sflag; + if (serv->addr.sa.sa_family == AF_INET) +- *addrpp = (struct all_addr *)&serv->addr.in.sin_addr; ++ *addrpp = (union all_addr *)&serv->addr.in.sin_addr; + else +- *addrpp = (struct all_addr *)&serv->addr.in6.sin6_addr; ++ *addrpp = (union all_addr *)&serv->addr.in6.sin6_addr; + } + else if (!flags || (flags & F_NXDOMAIN)) + flags = F_NOERR; +@@ -239,13 +239,13 @@ static unsigned int search_servers(time_ + } + + static int forward_query(int udpfd, union mysockaddr *udpaddr, +- struct all_addr *dst_addr, unsigned int dst_iface, ++ union all_addr *dst_addr, unsigned int dst_iface, + struct dns_header *header, size_t plen, time_t now, + struct frec *forward, int ad_reqd, int do_bit) + { + char *domain = NULL; + int type = SERV_DO_DNSSEC, norebind = 0; +- struct all_addr *addrp = NULL; ++ union all_addr *addrp = NULL; + unsigned int flags = 0; + struct server *start = NULL; + #ifdef HAVE_DNSSEC +@@ -289,9 +289,9 @@ static int forward_query(int udpfd, unio + PUTSHORT(SAFE_PKTSZ, pheader); + + if (forward->sentto->addr.sa.sa_family == AF_INET) +- log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec"); ++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (union all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec"); + else +- log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec"); ++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (union all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec"); + + + if (forward->sentto->sfd) +@@ -523,10 +523,10 @@ static int forward_query(int udpfd, unio + strcpy(daemon->namebuff, "query"); + if (start->addr.sa.sa_family == AF_INET) + log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, +- (struct all_addr *)&start->addr.in.sin_addr, NULL); ++ (union all_addr *)&start->addr.in.sin_addr, NULL); + else + log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, +- (struct all_addr *)&start->addr.in6.sin6_addr, NULL); ++ (union all_addr *)&start->addr.in6.sin6_addr, NULL); + start->queries++; + forwarded = 1; + forward->sentto = start; +@@ -657,8 +657,8 @@ static size_t process_reply(struct dns_h + + if (rcode != NOERROR && rcode != NXDOMAIN) + { +- struct all_addr a; +- a.addr.log.rcode = rcode; ++ union all_addr a; ++ a.log.rcode = rcode; + log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL); + + return resize_packet(header, n, pheader, plen); +@@ -877,9 +877,9 @@ void reply_query(int fd, int family, tim + sa_len(&start->addr)))); + + if (start->addr.sa.sa_family == AF_INET) +- log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&start->addr.in.sin_addr, "dnssec"); ++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (union all_addr *)&start->addr.in.sin_addr, "dnssec"); + else +- log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&start->addr.in6.sin6_addr, "dnssec"); ++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (union all_addr *)&start->addr.in6.sin6_addr, "dnssec"); + + return; + } +@@ -1094,10 +1094,10 @@ void reply_query(int fd, int family, tim + daemon->keyname, forward->class, querytype, server->edns_pktsz); + + if (server->addr.sa.sa_family == AF_INET) +- log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, daemon->keyname, (struct all_addr *)&(server->addr.in.sin_addr), ++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, daemon->keyname, (union all_addr *)&(server->addr.in.sin_addr), + querystr("dnssec-query", querytype)); + else +- log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, daemon->keyname, (struct all_addr *)&(server->addr.in6.sin6_addr), ++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, daemon->keyname, (union all_addr *)&(server->addr.in6.sin6_addr), + querystr("dnssec-query", querytype)); + + if ((hash = hash_questions(header, nn, daemon->namebuff))) +@@ -1244,7 +1244,7 @@ void receive_query(struct listener *list + union mysockaddr source_addr; + unsigned char *pheader; + unsigned short type, udp_size = PACKETSZ; /* default if no EDNS0 */ +- struct all_addr dst_addr; ++ union all_addr dst_addr; + struct in_addr netmask, dst_addr_4; + size_t m; + ssize_t n; +@@ -1274,7 +1274,7 @@ void receive_query(struct listener *list + /* packet buffer overwritten */ + daemon->srv_save = NULL; + +- dst_addr_4.s_addr = dst_addr.addr.addr4.s_addr = 0; ++ dst_addr_4.s_addr = dst_addr.addr4.s_addr = 0; + netmask.s_addr = 0; + + if (option_bool(OPT_NOWILD) && listen->iface) +@@ -1283,7 +1283,7 @@ void receive_query(struct listener *list + + if (listen->family == AF_INET) + { +- dst_addr_4 = dst_addr.addr.addr4 = listen->iface->addr.in.sin_addr; ++ dst_addr_4 = dst_addr.addr4 = listen->iface->addr.in.sin_addr; + netmask = listen->iface->netmask; + } + } +@@ -1337,7 +1337,7 @@ void receive_query(struct listener *list + { + for (addr = daemon->interface_addrs; addr; addr = addr->next) + if ((addr->flags & ADDRLIST_IPV6) && +- is_same_net6(&addr->addr.addr.addr6, &source_addr.in6.sin6_addr, addr->prefixlen)) ++ is_same_net6(&addr->addr.addr6, &source_addr.in6.sin6_addr, addr->prefixlen)) + break; + } + else +@@ -1347,7 +1347,7 @@ void receive_query(struct listener *list + { + netmask.s_addr = htonl(~(in_addr_t)0 << (32 - addr->prefixlen)); + if (!(addr->flags & ADDRLIST_IPV6) && +- is_same_net(addr->addr.addr.addr4, source_addr.in.sin_addr, netmask)) ++ is_same_net(addr->addr.addr4, source_addr.in.sin_addr, netmask)) + break; + } + } +@@ -1380,7 +1380,7 @@ void receive_query(struct listener *list + struct in_pktinfo *p; + } p; + p.c = CMSG_DATA(cmptr); +- dst_addr_4 = dst_addr.addr.addr4 = p.p->ipi_spec_dst; ++ dst_addr_4 = dst_addr.addr4 = p.p->ipi_spec_dst; + if_index = p.p->ipi_ifindex; + } + #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF) +@@ -1398,7 +1398,7 @@ void receive_query(struct listener *list + } p; + p.c = CMSG_DATA(cmptr); + if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVDSTADDR) +- dst_addr_4 = dst_addr.addr.addr4 = *(p.a); ++ dst_addr_4 = dst_addr.addr4 = *(p.a); + else if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF) + #ifdef HAVE_SOLARIS_NETWORK + if_index = *(p.i); +@@ -1420,7 +1420,7 @@ void receive_query(struct listener *list + } p; + p.c = CMSG_DATA(cmptr); + +- dst_addr.addr.addr6 = p.p->ipi6_addr; ++ dst_addr.addr6 = p.p->ipi6_addr; + if_index = p.p->ipi6_ifindex; + } + } +@@ -1486,10 +1486,10 @@ void receive_query(struct listener *list + + if (listen->family == AF_INET) + log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, +- (struct all_addr *)&source_addr.in.sin_addr, types); ++ (union all_addr *)&source_addr.in.sin_addr, types); + else + log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, +- (struct all_addr *)&source_addr.in6.sin6_addr, types); ++ (union all_addr *)&source_addr.in6.sin6_addr, types); + + #ifdef HAVE_AUTH + /* find queries for zones we're authoritative for, and answer them directly */ +@@ -1696,10 +1696,10 @@ static int tcp_key_recurse(time_t now, i + + + if (server->addr.sa.sa_family == AF_INET) +- log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, keyname, (struct all_addr *)&(server->addr.in.sin_addr), ++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, keyname, (union all_addr *)&(server->addr.in.sin_addr), + querystr("dnssec-query", new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS)); + else +- log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, keyname, (struct all_addr *)&(server->addr.in6.sin6_addr), ++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, keyname, (union all_addr *)&(server->addr.in6.sin6_addr), + querystr("dnssec-query", new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS)); + + server->flags |= SERV_GOT_TCP; +@@ -1764,12 +1764,12 @@ unsigned char *tcp_request(int confd, ti + /* Get connection mark of incoming query to set on outgoing connections. */ + if (option_bool(OPT_CONNTRACK)) + { +- struct all_addr local; ++ union all_addr local; + + if (local_addr->sa.sa_family == AF_INET6) +- local.addr.addr6 = local_addr->in6.sin6_addr; ++ local.addr6 = local_addr->in6.sin6_addr; + else +- local.addr.addr4 = local_addr->in.sin_addr; ++ local.addr4 = local_addr->in.sin_addr; + + have_mark = get_incoming_mark(&peer_addr, &local, 1, &mark); + } +@@ -1784,7 +1784,7 @@ unsigned char *tcp_request(int confd, ti + { + for (addr = daemon->interface_addrs; addr; addr = addr->next) + if ((addr->flags & ADDRLIST_IPV6) && +- is_same_net6(&addr->addr.addr.addr6, &peer_addr.in6.sin6_addr, addr->prefixlen)) ++ is_same_net6(&addr->addr.addr6, &peer_addr.in6.sin6_addr, addr->prefixlen)) + break; + } + else +@@ -1794,7 +1794,7 @@ unsigned char *tcp_request(int confd, ti + { + netmask.s_addr = htonl(~(in_addr_t)0 << (32 - addr->prefixlen)); + if (!(addr->flags & ADDRLIST_IPV6) && +- is_same_net(addr->addr.addr.addr4, peer_addr.in.sin_addr, netmask)) ++ is_same_net(addr->addr.addr4, peer_addr.in.sin_addr, netmask)) + break; + } + } +@@ -1841,10 +1841,10 @@ unsigned char *tcp_request(int confd, ti + + if (peer_addr.sa.sa_family == AF_INET) + log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, +- (struct all_addr *)&peer_addr.in.sin_addr, types); ++ (union all_addr *)&peer_addr.in.sin_addr, types); + else + log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, +- (struct all_addr *)&peer_addr.in6.sin6_addr, types); ++ (union all_addr *)&peer_addr.in6.sin6_addr, types); + + #ifdef HAVE_AUTH + /* find queries for zones we're authoritative for, and answer them directly */ +@@ -1900,7 +1900,7 @@ unsigned char *tcp_request(int confd, ti + if (m == 0) + { + unsigned int flags = 0; +- struct all_addr *addrp = NULL; ++ union all_addr *addrp = NULL; + int type = SERV_DO_DNSSEC; + char *domain = NULL; + unsigned char *oph = find_pseudoheader(header, size, NULL, NULL, NULL, NULL); +@@ -2019,10 +2019,10 @@ unsigned char *tcp_request(int confd, ti + + if (last_server->addr.sa.sa_family == AF_INET) + log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, +- (struct all_addr *)&last_server->addr.in.sin_addr, NULL); ++ (union all_addr *)&last_server->addr.in.sin_addr, NULL); + else + log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, +- (struct all_addr *)&last_server->addr.in6.sin6_addr, NULL); ++ (union all_addr *)&last_server->addr.in6.sin6_addr, NULL); + + #ifdef HAVE_DNSSEC + if (option_bool(OPT_DNSSEC_VALID) && !checking_disabled && (last_server->flags & SERV_DO_DNSSEC)) +--- a/src/helper.c ++++ b/src/helper.c +@@ -831,7 +831,7 @@ void queue_tftp(off_t file_len, char *fi + } + #endif + +-void queue_arp(int action, unsigned char *mac, int maclen, int family, struct all_addr *addr) ++void queue_arp(int action, unsigned char *mac, int maclen, int family, union all_addr *addr) + { + /* no script */ + if (daemon->helperfd == -1) +@@ -844,9 +844,9 @@ void queue_arp(int action, unsigned char + buf->hwaddr_len = maclen; + buf->hwaddr_type = ARPHRD_ETHER; + if ((buf->flags = family) == AF_INET) +- buf->addr = addr->addr.addr4; ++ buf->addr = addr->addr4; + else +- buf->addr6 = addr->addr.addr6; ++ buf->addr6 = addr->addr6; + + memcpy(buf->hwaddr, mac, maclen); + +--- a/src/ipset.c ++++ b/src/ipset.c +@@ -114,7 +114,7 @@ void ipset_init(void) + die (_("failed to create IPset control socket: %s"), NULL, EC_MISC); + } + +-static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int af, int remove) ++static int new_add_to_ipset(const char *setname, const union all_addr *ipaddr, int af, int remove) + { + struct nlmsghdr *nlh; + struct my_nfgenmsg *nfg; +@@ -152,7 +152,7 @@ static int new_add_to_ipset(const char * + nested[1]->nla_type = NLA_F_NESTED | IPSET_ATTR_IP; + add_attr(nlh, + (af == AF_INET ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6) | NLA_F_NET_BYTEORDER, +- addrsz, &ipaddr->addr); ++ addrsz, ipaddr); + nested[1]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[1]; + nested[0]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[0]; + +@@ -163,7 +163,7 @@ static int new_add_to_ipset(const char * + } + + +-static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove) ++static int old_add_to_ipset(const char *setname, const union all_addr *ipaddr, int remove) + { + socklen_t size; + struct ip_set_req_adt_get { +@@ -195,7 +195,7 @@ static int old_add_to_ipset(const char * + return -1; + req_adt.op = remove ? 0x102 : 0x101; + req_adt.index = req_adt_get.set.index; +- req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr); ++ req_adt.ip = ntohl(ipaddr->addr4.s_addr); + if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0) + return -1; + +@@ -204,7 +204,7 @@ static int old_add_to_ipset(const char * + + + +-int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove) ++int add_to_ipset(const char *setname, const union all_addr *ipaddr, int flags, int remove) + { + int ret = 0, af = AF_INET; + +--- a/src/lease.c ++++ b/src/lease.c +@@ -24,7 +24,7 @@ static int dns_dirty, file_dirty, leases + static int read_leases(time_t now, FILE *leasestream) + { + unsigned long ei; +- struct all_addr addr; ++ union all_addr addr; + struct dhcp_lease *lease; + int clid_len, hw_len, hw_type; + int items; +@@ -62,9 +62,9 @@ static int read_leases(time_t now, FILE + daemon->namebuff, daemon->dhcp_buff, daemon->packet) != 3) + return 0; + +- if (inet_pton(AF_INET, daemon->namebuff, &addr.addr.addr4)) ++ if (inet_pton(AF_INET, daemon->namebuff, &addr.addr4)) + { +- if ((lease = lease4_allocate(addr.addr.addr4))) ++ if ((lease = lease4_allocate(addr.addr4))) + domain = get_domain(lease->addr); + + hw_len = parse_hex(daemon->dhcp_buff2, (unsigned char *)daemon->dhcp_buff2, DHCP_CHADDR_MAX, NULL, &hw_type); +@@ -73,7 +73,7 @@ static int read_leases(time_t now, FILE + hw_type = ARPHRD_ETHER; + } + #ifdef HAVE_DHCP6 +- else if (inet_pton(AF_INET6, daemon->namebuff, &addr.addr.addr6)) ++ else if (inet_pton(AF_INET6, daemon->namebuff, &addr.addr6)) + { + char *s = daemon->dhcp_buff2; + int lease_type = LEASE_NA; +@@ -84,7 +84,7 @@ static int read_leases(time_t now, FILE + s++; + } + +- if ((lease = lease6_allocate(&addr.addr.addr6, lease_type))) ++ if ((lease = lease6_allocate(&addr.addr6, lease_type))) + { + lease_set_iaid(lease, strtoul(s, NULL, 10)); + domain = get_domain6(&lease->addr6); +@@ -514,28 +514,28 @@ void lease_update_dns(int force) + if (slaac->backoff == 0) + { + if (lease->fqdn) +- cache_add_dhcp_entry(lease->fqdn, AF_INET6, (struct all_addr *)&slaac->addr, lease->expires); ++ cache_add_dhcp_entry(lease->fqdn, AF_INET6, (union all_addr *)&slaac->addr, lease->expires); + if (!option_bool(OPT_DHCP_FQDN) && lease->hostname) +- cache_add_dhcp_entry(lease->hostname, AF_INET6, (struct all_addr *)&slaac->addr, lease->expires); ++ cache_add_dhcp_entry(lease->hostname, AF_INET6, (union all_addr *)&slaac->addr, lease->expires); + } + } + + if (lease->fqdn) + cache_add_dhcp_entry(lease->fqdn, prot, +- prot == AF_INET ? (struct all_addr *)&lease->addr : (struct all_addr *)&lease->addr6, ++ prot == AF_INET ? (union all_addr *)&lease->addr : (union all_addr *)&lease->addr6, + lease->expires); + + if (!option_bool(OPT_DHCP_FQDN) && lease->hostname) + cache_add_dhcp_entry(lease->hostname, prot, +- prot == AF_INET ? (struct all_addr *)&lease->addr : (struct all_addr *)&lease->addr6, ++ prot == AF_INET ? (union all_addr *)&lease->addr : (union all_addr *)&lease->addr6, + lease->expires); + + #else + if (lease->fqdn) +- cache_add_dhcp_entry(lease->fqdn, prot, (struct all_addr *)&lease->addr, lease->expires); ++ cache_add_dhcp_entry(lease->fqdn, prot, (union all_addr *)&lease->addr, lease->expires); + + if (!option_bool(OPT_DHCP_FQDN) && lease->hostname) +- cache_add_dhcp_entry(lease->hostname, prot, (struct all_addr *)&lease->addr, lease->expires); ++ cache_add_dhcp_entry(lease->hostname, prot, (union all_addr *)&lease->addr, lease->expires); + #endif + } + +--- a/src/network.c ++++ b/src/network.c +@@ -109,7 +109,7 @@ int indextoname(int fd, int index, char + + #endif + +-int iface_check(int family, struct all_addr *addr, char *name, int *auth) ++int iface_check(int family, union all_addr *addr, char *name, int *auth) + { + struct iname *tmp; + int ret = 1, match_addr = 0; +@@ -135,11 +135,11 @@ int iface_check(int family, struct all_a + if (tmp->addr.sa.sa_family == family) + { + if (family == AF_INET && +- tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) ++ tmp->addr.in.sin_addr.s_addr == addr->addr4.s_addr) + ret = match_addr = tmp->used = 1; + else if (family == AF_INET6 && + IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, +- &addr->addr.addr6)) ++ &addr->addr6)) + ret = match_addr = tmp->used = 1; + } + } +@@ -158,10 +158,10 @@ int iface_check(int family, struct all_a + break; + } + else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET && +- tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) ++ tmp->addr.in.sin_addr.s_addr == addr->addr4.s_addr) + break; + else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 && +- IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6)) ++ IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr6)) + break; + + if (tmp && auth) +@@ -179,7 +179,7 @@ int iface_check(int family, struct all_a + an interface other than the loopback. Accept packet if it arrived via a loopback + interface, even when we're not accepting packets that way, as long as the destination + address is one we're believing. Interface list must be up-to-date before calling. */ +-int loopback_exception(int fd, int family, struct all_addr *addr, char *name) ++int loopback_exception(int fd, int family, union all_addr *addr, char *name) + { + struct ifreq ifr; + struct irec *iface; +@@ -193,10 +193,10 @@ int loopback_exception(int fd, int famil + { + if (family == AF_INET) + { +- if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) ++ if (iface->addr.in.sin_addr.s_addr == addr->addr4.s_addr) + return 1; + } +- else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6)) ++ else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr6)) + return 1; + } + } +@@ -207,7 +207,7 @@ int loopback_exception(int fd, int famil + on the relevant address, but the name of the arrival interface, derived from the + index won't match the config. Check that we found an interface address for the arrival + interface: daemon->interfaces must be up-to-date. */ +-int label_exception(int index, int family, struct all_addr *addr) ++int label_exception(int index, int family, union all_addr *addr) + { + struct irec *iface; + +@@ -217,7 +217,7 @@ int label_exception(int index, int famil + + for (iface = daemon->interfaces; iface; iface = iface->next) + if (iface->index == index && iface->addr.sa.sa_family == AF_INET && +- iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) ++ iface->addr.in.sin_addr.s_addr == addr->addr4.s_addr) + return 1; + + return 0; +@@ -282,12 +282,12 @@ static int iface_allowed(struct iface_pa + + if (addr->sa.sa_family == AF_INET) + { +- al->addr.addr.addr4 = addr->in.sin_addr; ++ al->addr.addr4 = addr->in.sin_addr; + al->flags = 0; + } + else + { +- al->addr.addr.addr6 = addr->in6.sin6_addr; ++ al->addr.addr6 = addr->in6.sin6_addr; + al->flags = ADDRLIST_IPV6; + } + } +@@ -321,7 +321,7 @@ static int iface_allowed(struct iface_pa + al->next = zone->subnet; + zone->subnet = al; + al->prefixlen = prefixlen; +- al->addr.addr.addr4 = addr->in.sin_addr; ++ al->addr.addr4 = addr->in.sin_addr; + al->flags = 0; + } + } +@@ -341,7 +341,7 @@ static int iface_allowed(struct iface_pa + al->next = zone->subnet; + zone->subnet = al; + al->prefixlen = prefixlen; +- al->addr.addr.addr6 = addr->in6.sin6_addr; ++ al->addr.addr6 = addr->in6.sin6_addr; + al->flags = ADDRLIST_IPV6; + } + } +@@ -369,12 +369,12 @@ static int iface_allowed(struct iface_pa + + if (addr->sa.sa_family == AF_INET) + { +- al->addr.addr.addr4 = addr->in.sin_addr; ++ al->addr.addr4 = addr->in.sin_addr; + al->flags = 0; + } + else + { +- al->addr.addr.addr6 = addr->in6.sin6_addr; ++ al->addr.addr6 = addr->in6.sin6_addr; + al->flags = ADDRLIST_IPV6; + /* Privacy addresses and addresses still undergoing DAD and deprecated addresses + don't appear in forward queries, but will in reverse ones. */ +@@ -419,11 +419,11 @@ static int iface_allowed(struct iface_pa + } + + if (addr->sa.sa_family == AF_INET && +- !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns)) ++ !iface_check(AF_INET, (union all_addr *)&addr->in.sin_addr, label, &auth_dns)) + return 1; + + if (addr->sa.sa_family == AF_INET6 && +- !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns)) ++ !iface_check(AF_INET6, (union all_addr *)&addr->in6.sin6_addr, label, &auth_dns)) + return 1; + + #ifdef HAVE_DHCP +--- a/src/option.c ++++ b/src/option.c +@@ -2064,7 +2064,7 @@ static int one_opt(int option, char *arg + int is_exclude = 0; + char *prefix; + struct addrlist *subnet = NULL; +- struct all_addr addr; ++ union all_addr addr; + + comma = split(arg); + prefix = split_chr(arg, '/'); +@@ -2078,13 +2078,13 @@ static int one_opt(int option, char *arg + arg = arg+8; + } + +- if (inet_pton(AF_INET, arg, &addr.addr.addr4)) ++ if (inet_pton(AF_INET, arg, &addr.addr4)) + { + subnet = opt_malloc(sizeof(struct addrlist)); + subnet->prefixlen = (prefixlen == 0) ? 24 : prefixlen; + subnet->flags = ADDRLIST_LITERAL; + } +- else if (inet_pton(AF_INET6, arg, &addr.addr.addr6)) ++ else if (inet_pton(AF_INET6, arg, &addr.addr6)) + { + subnet = opt_malloc(sizeof(struct addrlist)); + subnet->prefixlen = (prefixlen == 0) ? 64 : prefixlen; +@@ -4268,7 +4268,7 @@ err: + + while (arg) + { +- struct all_addr addr; ++ union all_addr addr; + char *dig; + + for (dig = arg; *dig != 0; dig++) +@@ -4276,10 +4276,10 @@ err: + break; + if (*dig == 0) + new->ttl = atoi(arg); +- else if (inet_pton(AF_INET, arg, &addr)) +- new->addr = addr.addr.addr4; +- else if (inet_pton(AF_INET6, arg, &addr)) +- new->addr6 = addr.addr.addr6; ++ else if (inet_pton(AF_INET, arg, &addr.addr4)) ++ new->addr = addr.addr4; ++ else if (inet_pton(AF_INET6, arg, &addr.addr6)) ++ new->addr6 = addr.addr6; + else + { + int nomem; +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -143,7 +143,7 @@ int extract_name(struct dns_header *head + + /* Max size of input string (for IPv6) is 75 chars.) */ + #define MAXARPANAME 75 +-int in_arpa_name_2_addr(char *namein, struct all_addr *addrp) ++int in_arpa_name_2_addr(char *namein, union all_addr *addrp) + { + int j; + char name[MAXARPANAME+1], *cp1; +@@ -153,7 +153,7 @@ int in_arpa_name_2_addr(char *namein, st + if (strlen(namein) > MAXARPANAME) + return 0; + +- memset(addrp, 0, sizeof(struct all_addr)); ++ memset(addrp, 0, sizeof(union all_addr)); + + /* turn name into a series of asciiz strings */ + /* j counts no. of labels */ +@@ -234,7 +234,7 @@ int in_arpa_name_2_addr(char *namein, st + if (*(cp1+1) || !isxdigit((unsigned char)*cp1)) + return 0; + +- for (j = sizeof(struct all_addr)-1; j>0; j--) ++ for (j = sizeof(struct in6_addr)-1; j>0; j--) + addr[j] = (addr[j] >> 4) | (addr[j-1] << 4); + addr[0] = (addr[0] >> 4) | (strtol(cp1, NULL, 16) << 4); + } +@@ -585,7 +585,7 @@ int extract_addresses(struct dns_header + unsigned char *p, *p1, *endrr, *namep; + int i, j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0; + unsigned long ttl = 0; +- struct all_addr addr; ++ union all_addr addr; + #ifdef HAVE_IPSET + char **ipsets_cur; + #else +@@ -808,14 +808,14 @@ int extract_addresses(struct dns_header + if (check_rebind) + { + if ((flags & F_IPV4) && +- private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND))) ++ private_net(addr.addr4, !option_bool(OPT_LOCAL_REBIND))) + return 1; + + if ((flags & F_IPV6) && +- IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6)) ++ IN6_IS_ADDR_V4MAPPED(&addr.addr6)) + { + struct in_addr v4; +- v4.s_addr = ((const uint32_t *) (&addr.addr.addr6))[3]; ++ v4.s_addr = ((const uint32_t *) (&addr.addr6))[3]; + if (private_net(v4, !option_bool(OPT_LOCAL_REBIND))) + return 1; + } +@@ -928,7 +928,7 @@ unsigned int extract_request(struct dns_ + } + + size_t setup_reply(struct dns_header *header, size_t qlen, +- struct all_addr *addrp, unsigned int flags, unsigned long ttl) ++ union all_addr *addrp, unsigned int flags, unsigned long ttl) + { + unsigned char *p; + +@@ -949,8 +949,8 @@ size_t setup_reply(struct dns_header *he + SET_RCODE(header, NXDOMAIN); + else if (flags == F_SERVFAIL) + { +- struct all_addr a; +- a.addr.log.rcode = SERVFAIL; ++ union all_addr a; ++ a.log.rcode = SERVFAIL; + log_query(F_CONFIG | F_RCODE, "error", &a, NULL); + SET_RCODE(header, SERVFAIL); + } +@@ -974,8 +974,8 @@ size_t setup_reply(struct dns_header *he + } + else /* nowhere to forward to */ + { +- struct all_addr a; +- a.addr.log.rcode = REFUSED; ++ union all_addr a; ++ a.log.rcode = REFUSED; + log_query(F_CONFIG | F_RCODE, "error", &a, NULL); + SET_RCODE(header, REFUSED); + } +@@ -1277,7 +1277,7 @@ size_t answer_request(struct dns_header + char *name = daemon->namebuff; + unsigned char *p, *ansp; + unsigned int qtype, qclass; +- struct all_addr addr; ++ union all_addr addr; + int nameoffset; + unsigned short flag; + int q, ans, anscount = 0, addncount = 0; +@@ -1374,7 +1374,7 @@ size_t answer_request(struct dns_header + notimp = 1, auth = 0; + if (!dryrun) + { +- addr.addr.log.rcode = NOTIMP; ++ addr.log.rcode = NOTIMP; + log_query(F_CONFIG | F_RCODE, name, &addr, NULL); + } + ans = 1, sec_data = 0; +@@ -1418,7 +1418,7 @@ size_t answer_request(struct dns_header + struct addrlist *addrlist; + + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) +- if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr.addr4.s_addr == addrlist->addr.addr.addr4.s_addr) ++ if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr4.s_addr == addrlist->addr.addr4.s_addr) + break; + + if (addrlist) +@@ -1433,7 +1433,7 @@ size_t answer_request(struct dns_header + struct addrlist *addrlist; + + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) +- if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr.addr6, &addrlist->addr.addr.addr6)) ++ if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr6, &addrlist->addr.addr6)) + break; + + if (addrlist) +@@ -1533,8 +1533,8 @@ size_t answer_request(struct dns_header + } + } + else if (option_bool(OPT_BOGUSPRIV) && ( +- (is_arpa == F_IPV6 && private_net6(&addr.addr.addr6)) || +- (is_arpa == F_IPV4 && private_net(addr.addr.addr4, 1)))) ++ (is_arpa == F_IPV6 && private_net6(&addr.addr6)) || ++ (is_arpa == F_IPV4 && private_net(addr.addr4, 1)))) + { + struct server *serv; + unsigned int namelen = strlen(name); +@@ -1600,7 +1600,7 @@ size_t answer_request(struct dns_header + if (hostname_isequal(name, intr->name)) + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) + if (!(addrlist->flags & ADDRLIST_IPV6) && +- is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) ++ is_same_net(addrlist->addr.addr4, local_addr, local_netmask)) + { + localise = 1; + break; +@@ -1613,7 +1613,7 @@ size_t answer_request(struct dns_header + if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type) + { + if (localise && +- !is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) ++ !is_same_net(addrlist->addr.addr4, local_addr, local_netmask)) + continue; + + if (addrlist->flags & ADDRLIST_REVONLY) +@@ -1651,7 +1651,7 @@ size_t answer_request(struct dns_header + struct crec *save = crecp; + do { + if ((crecp->flags & F_HOSTS) && +- is_same_net(*((struct in_addr *)&crecp->addr), local_addr, local_netmask)) ++ is_same_net(crecp->addr.addr4, local_addr, local_netmask)) + { + localise = 1; + break; +@@ -1710,7 +1710,7 @@ size_t answer_request(struct dns_header + filter here. */ + if (localise && + (crecp->flags & F_HOSTS) && +- !is_same_net(*((struct in_addr *)&crecp->addr), local_addr, local_netmask)) ++ !is_same_net(crecp->addr.addr4, local_addr, local_netmask)) + continue; + + if (!(crecp->flags & (F_HOSTS | F_DHCP))) +@@ -1719,7 +1719,7 @@ size_t answer_request(struct dns_header + ans = 1; + if (!dryrun) + { +- log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr.addr, ++ log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr, + record_source(crecp->uid)); + + if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -2120,7 +2120,7 @@ void relay_upstream6(struct dhcp_relay * + { + /* ->local is same value for all relays on ->current chain */ + +- struct all_addr from; ++ union all_addr from; + unsigned char *header; + unsigned char *inbuff = daemon->dhcp_packet.iov_base; + int msg_type = *inbuff; +@@ -2133,7 +2133,7 @@ void relay_upstream6(struct dhcp_relay * + get_client_mac(peer_address, scope_id, mac, &maclen, &mactype, now); + + /* source address == relay address */ +- from.addr.addr6 = relay->local.addr.addr6; ++ from.addr6 = relay->local.addr6; + + /* Get hop count from nested relayed message */ + if (msg_type == DHCP6RELAYFORW) +@@ -2153,7 +2153,7 @@ void relay_upstream6(struct dhcp_relay * + + header[0] = DHCP6RELAYFORW; + header[1] = hopcount; +- memcpy(&header[2], &relay->local.addr.addr6, IN6ADDRSZ); ++ memcpy(&header[2], &relay->local.addr6, IN6ADDRSZ); + memcpy(&header[18], peer_address, IN6ADDRSZ); + + /* RFC-6939 */ +@@ -2174,12 +2174,12 @@ void relay_upstream6(struct dhcp_relay * + union mysockaddr to; + + to.sa.sa_family = AF_INET6; +- to.in6.sin6_addr = relay->server.addr.addr6; ++ to.in6.sin6_addr = relay->server.addr6; + to.in6.sin6_port = htons(DHCPV6_SERVER_PORT); + to.in6.sin6_flowinfo = 0; + to.in6.sin6_scope_id = 0; + +- if (IN6_ARE_ADDR_EQUAL(&relay->server.addr.addr6, &multicast)) ++ if (IN6_ARE_ADDR_EQUAL(&relay->server.addr6, &multicast)) + { + int multicast_iface; + if (!relay->interface || strchr(relay->interface, '*') || +@@ -2218,7 +2218,7 @@ unsigned short relay_reply6(struct socka + memcpy(&link, &inbuff[2], IN6ADDRSZ); + + for (relay = daemon->relay6; relay; relay = relay->next) +- if (IN6_ARE_ADDR_EQUAL(&link, &relay->local.addr.addr6) && ++ if (IN6_ARE_ADDR_EQUAL(&link, &relay->local.addr6) && + (!relay->interface || wildcard_match(relay->interface, arrival_interface))) + break; + +--- a/src/tables.c ++++ b/src/tables.c +@@ -62,7 +62,7 @@ void ipset_init(void) + } + } + +-int add_to_ipset(const char *setname, const struct all_addr *ipaddr, ++int add_to_ipset(const char *setname, const union all_addr *ipaddr, + int flags, int remove) + { + struct pfr_addr addr; +@@ -113,13 +113,13 @@ int add_to_ipset(const char *setname, co + { + addr.pfra_af = AF_INET6; + addr.pfra_net = 0x80; +- memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); ++ memcpy(&(addr.pfra_ip6addr), ipaddr, sizeof(struct in6_addr)); + } + else + { + addr.pfra_af = AF_INET; + addr.pfra_net = 0x20; +- addr.pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr; ++ addr.pfra_ip4addr.s_addr = ipaddr->addr4.s_addr; + } + + bzero(&io, sizeof(io)); +--- a/src/tftp.c ++++ b/src/tftp.c +@@ -59,7 +59,7 @@ void tftp_request(struct listener *liste + char *name = NULL; + char *prefix = daemon->tftp_prefix; + struct tftp_prefix *pref; +- struct all_addr addra; ++ union all_addr addra; + /* Can always get recvd interface for IPv6 */ + int check_dest = !option_bool(OPT_NOWILD) || listen->family == AF_INET6; + union { +@@ -189,10 +189,10 @@ void tftp_request(struct listener *liste + + name = namebuff; + +- addra.addr.addr4 = addr.in.sin_addr; ++ addra.addr4 = addr.in.sin_addr; + + if (listen->family == AF_INET6) +- addra.addr.addr6 = addr.in6.sin6_addr; ++ addra.addr6 = addr.in6.sin6_addr; + + if (daemon->tftp_interfaces) + { +@@ -212,7 +212,7 @@ void tftp_request(struct listener *liste + if (!option_bool(OPT_CLEVERBIND)) + enumerate_interfaces(0); + if (!loopback_exception(listen->tftpfd, listen->family, &addra, name) && +- !label_exception(if_index, listen->family, &addra) ) ++ !label_exception(if_index, listen->family, &addra)) + return; + } + diff --git a/package/network/services/dnsmasq/patches/0022-File-logic-bug-in-cache-marshalling-code.-Introduced.patch b/package/network/services/dnsmasq/patches/0022-File-logic-bug-in-cache-marshalling-code.-Introduced.patch new file mode 100644 index 0000000000..92944fabe6 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0022-File-logic-bug-in-cache-marshalling-code.-Introduced.patch @@ -0,0 +1,23 @@ +From 2c594732eb7391e7cfa817598e33e61cab71131f Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Thu, 3 Jan 2019 13:42:03 +0000 +Subject: [PATCH 22/30] File logic bug in cache-marshalling code. Introduced a + couple of commits back. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/cache.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/src/cache.c ++++ b/src/cache.c +@@ -742,8 +742,7 @@ int cache_recv_insert(time_t now, int fd + else if (flags & F_DS) + { + if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1) || +- (flags & F_NEG) || +- !(addr.key.keydata = blockdata_read(fd, addr.key.keylen))) ++ (!(flags & F_NEG) && !(addr.key.keydata = blockdata_read(fd, addr.key.keylen)))) + return 0; + } + #endif diff --git a/package/network/services/dnsmasq/patches/0023-Fix-typo-in-ra-param-man-page-section.patch b/package/network/services/dnsmasq/patches/0023-Fix-typo-in-ra-param-man-page-section.patch new file mode 100644 index 0000000000..ecc060e1a9 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0023-Fix-typo-in-ra-param-man-page-section.patch @@ -0,0 +1,33 @@ +From 2daca52b80afdc92e7c976629a2bf8182335a626 Mon Sep 17 00:00:00 2001 +From: Christian Weiske +Date: Thu, 3 Jan 2019 20:10:14 +0000 +Subject: [PATCH 23/30] Fix typo in ra-param man page section. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + man/dnsmasq.8 | 2 +- + man/fr/dnsmasq.8 | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -1829,7 +1829,7 @@ The interval between router advertisemen + .B --ra-param=eth0,60. + The lifetime of the route may be changed or set to zero, which allows + a router to advertise prefixes but not a route via itself. +-.B --ra-parm=eth0,0,0 ++.B --ra-param=eth0,0,0 + (A value of zero for the interval means the default value.) All four parameters may be set at once. + .B --ra-param=eth0,mtu:1280,low,60,1200 + +--- a/man/fr/dnsmasq.8 ++++ b/man/fr/dnsmasq.8 +@@ -1774,7 +1774,7 @@ Un intervalle (en secondes) entre les an + .B --ra-param=eth0,60. + La durée de vie de la route peut être changée ou mise à zéro, auquel cas + le routeur peut annoncer les préfixes mais pas de route : +-.B --ra-parm=eth0,0,0 ++.B --ra-param=eth0,0,0 + (une valeur de zéro pour l'intervalle signifie qu'il garde la valeur par défaut). + Ces quatre paramètres peuvent être configurés en une fois : + .B --ra-param=eth0,mtu:1280,low,60,1200 diff --git a/package/network/services/dnsmasq/patches/0024-Cache-SRV-records.patch b/package/network/services/dnsmasq/patches/0024-Cache-SRV-records.patch new file mode 100644 index 0000000000..dec3b82050 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0024-Cache-SRV-records.patch @@ -0,0 +1,523 @@ +From 5b99eae59d59a8e34a7e512059b98bbd803312f2 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Sun, 6 Jan 2019 23:09:50 +0000 +Subject: [PATCH 24/30] Cache SRV records. + +Inpsired by a patch from Jeremy Allison, but completely re-rolled +by srk. All bugs are mine. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/auth.c | 2 +- + src/blockdata.c | 12 ++--- + src/cache.c | 64 ++++++++++++++-------- + src/dnsmasq.c | 2 - + src/dnsmasq.h | 11 ++-- + src/rfc1035.c | 141 ++++++++++++++++++++++++++++++++++++++---------- + 6 files changed, 166 insertions(+), 66 deletions(-) + +--- a/src/auth.c ++++ b/src/auth.c +@@ -129,7 +129,7 @@ size_t answer_auth(struct dns_header *he + + for (q = ntohs(header->qdcount); q != 0; q--) + { +- unsigned short flag = 0; ++ unsigned int flag = 0; + int found = 0; + int cname_wildcard = 0; + +--- a/src/blockdata.c ++++ b/src/blockdata.c +@@ -16,8 +16,6 @@ + + #include "dnsmasq.h" + +-#ifdef HAVE_DNSSEC +- + static struct blockdata *keyblock_free; + static unsigned int blockdata_count, blockdata_hwm, blockdata_alloced; + +@@ -54,11 +52,10 @@ void blockdata_init(void) + + void blockdata_report(void) + { +- if (option_bool(OPT_DNSSEC_VALID)) +- my_syslog(LOG_INFO, _("DNSSEC memory in use %u, max %u, allocated %u"), +- blockdata_count * sizeof(struct blockdata), +- blockdata_hwm * sizeof(struct blockdata), +- blockdata_alloced * sizeof(struct blockdata)); ++ my_syslog(LOG_INFO, _("pool memory in use %u, max %u, allocated %u"), ++ blockdata_count * sizeof(struct blockdata), ++ blockdata_hwm * sizeof(struct blockdata), ++ blockdata_alloced * sizeof(struct blockdata)); + } + + static struct blockdata *blockdata_alloc_real(int fd, char *data, size_t len) +@@ -178,4 +175,3 @@ struct blockdata *blockdata_read(int fd, + return blockdata_alloc_real(fd, NULL, len); + } + +-#endif +--- a/src/cache.c ++++ b/src/cache.c +@@ -27,7 +27,7 @@ static int bignames_left, hash_size; + + static void make_non_terminals(struct crec *source); + static struct crec *really_insert(char *name, union all_addr *addr, unsigned short class, +- time_t now, unsigned long ttl, unsigned short flags); ++ time_t now, unsigned long ttl, unsigned int flags); + + /* type->string mapping: this is also used by the name-hash function as a mixing table. */ + static const struct { +@@ -198,15 +198,17 @@ static void cache_hash(struct crec *crec + *up = crecp; + } + +-#ifdef HAVE_DNSSEC + static void cache_blockdata_free(struct crec *crecp) + { +- if (crecp->flags & F_DNSKEY) ++ if (crecp->flags & F_SRV) ++ blockdata_free(crecp->addr.srv.target); ++#ifdef HAVE_DNSSEC ++ else if (crecp->flags & F_DNSKEY) + blockdata_free(crecp->addr.key.keydata); + else if ((crecp->flags & F_DS) && !(crecp->flags & F_NEG)) + blockdata_free(crecp->addr.ds.keydata); +-} + #endif ++} + + static void cache_free(struct crec *crecp) + { +@@ -230,9 +232,7 @@ static void cache_free(struct crec *crec + crecp->flags &= ~F_BIGNAME; + } + +-#ifdef HAVE_DNSSEC + cache_blockdata_free(crecp); +-#endif + } + + /* insert a new cache entry at the head of the list (youngest entry) */ +@@ -331,7 +331,7 @@ static int is_expired(time_t now, struct + } + + static struct crec *cache_scan_free(char *name, union all_addr *addr, unsigned short class, time_t now, +- unsigned short flags, struct crec **target_crec, unsigned int *target_uid) ++ unsigned int flags, struct crec **target_crec, unsigned int *target_uid) + { + /* Scan and remove old entries. + If (flags & F_FORWARD) then remove any forward entries for name and any expired +@@ -360,7 +360,7 @@ static struct crec *cache_scan_free(char + if ((crecp->flags & F_FORWARD) && hostname_isequal(cache_get_name(crecp), name)) + { + /* Don't delete DNSSEC in favour of a CNAME, they can co-exist */ +- if ((flags & crecp->flags & (F_IPV4 | F_IPV6)) || ++ if ((flags & crecp->flags & (F_IPV4 | F_IPV6 | F_SRV)) || + (((crecp->flags | flags) & F_CNAME) && !(crecp->flags & (F_DNSKEY | F_DS)))) + { + if (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) +@@ -467,10 +467,10 @@ void cache_start_insert(void) + } + + struct crec *cache_insert(char *name, union all_addr *addr, unsigned short class, +- time_t now, unsigned long ttl, unsigned short flags) ++ time_t now, unsigned long ttl, unsigned int flags) + { + /* Don't log DNSSEC records here, done elsewhere */ +- if (flags & (F_IPV4 | F_IPV6 | F_CNAME)) ++ if (flags & (F_IPV4 | F_IPV6 | F_CNAME | F_SRV)) + { + log_query(flags | F_UPSTREAM, name, addr, NULL); + /* Don't mess with TTL for DNSSEC records. */ +@@ -485,7 +485,7 @@ struct crec *cache_insert(char *name, un + + + static struct crec *really_insert(char *name, union all_addr *addr, unsigned short class, +- time_t now, unsigned long ttl, unsigned short flags) ++ time_t now, unsigned long ttl, unsigned int flags) + { + struct crec *new, *target_crec = NULL; + union bigname *big_name = NULL; +@@ -649,7 +649,7 @@ void cache_end_insert(void) + { + char *name = cache_get_name(new_chain); + ssize_t m = strlen(name); +- unsigned short flags = new_chain->flags; ++ unsigned int flags = new_chain->flags; + #ifdef HAVE_DNSSEC + u16 class = new_chain->uid; + #endif +@@ -659,8 +659,10 @@ void cache_end_insert(void) + read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->ttd, sizeof(new_chain->ttd), 0); + read_write(daemon->pipe_to_parent, (unsigned char *)&flags, sizeof(flags), 0); + +- if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS)) ++ if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV)) + read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); ++ if (flags & F_SRV) ++ blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); + #ifdef HAVE_DNSSEC + if (flags & F_DNSKEY) + { +@@ -699,7 +701,7 @@ int cache_recv_insert(time_t now, int fd + union all_addr addr; + unsigned long ttl; + time_t ttd; +- unsigned short flags; ++ unsigned int flags; + struct crec *crecp = NULL; + + cache_start_insert(); +@@ -725,13 +727,16 @@ int cache_recv_insert(time_t now, int fd + + ttl = difftime(ttd, now); + +- if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS)) ++ if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV)) + { + unsigned short class = C_IN; + + if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) + return 0; +- ++ ++ if (flags & F_SRV && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) ++ return 0; ++ + #ifdef HAVE_DNSSEC + if (flags & F_DNSKEY) + { +@@ -802,7 +807,7 @@ struct crec *cache_find_by_name(struct c + /* first search, look for relevant entries and push to top of list + also free anything which has expired */ + struct crec *next, **up, **insert = NULL, **chainp = &ans; +- unsigned short ins_flags = 0; ++ unsigned int ins_flags = 0; + + for (up = hash_bucket(name), crecp = *up; crecp; crecp = next) + { +@@ -1086,7 +1091,7 @@ int read_hostsfile(char *filename, unsig + FILE *f = fopen(filename, "r"); + char *token = daemon->namebuff, *domain_suffix = NULL; + int addr_count = 0, name_count = cache_size, lineno = 0; +- unsigned short flags = 0; ++ unsigned int flags = 0; + union all_addr addr; + int atnl, addrlen = 0; + +@@ -1201,9 +1206,8 @@ void cache_reload(void) + for (i=0; ihash_next; + if (cache->flags & (F_HOSTS | F_CONFIG)) + { +@@ -1381,7 +1385,7 @@ void cache_add_dhcp_entry(char *host_nam + union all_addr *host_address, time_t ttd) + { + struct crec *crec = NULL, *fail_crec = NULL; +- unsigned short flags = F_IPV4; ++ unsigned int flags = F_IPV4; + int in_hosts = 0; + size_t addrlen = sizeof(struct in_addr); + +@@ -1682,9 +1686,8 @@ void dump_cache(time_t now) + #ifdef HAVE_AUTH + my_syslog(LOG_INFO, _("queries for authoritative zones %u"), daemon->metrics[METRIC_DNS_AUTH_ANSWERED]); + #endif +-#ifdef HAVE_DNSSEC ++ + blockdata_report(); +-#endif + + /* sum counts from different records for same server */ + for (serv = daemon->servers; serv; serv = serv->next) +@@ -1726,6 +1729,17 @@ void dump_cache(time_t now) + p += sprintf(p, "%-30.30s ", sanitise(n)); + if ((cache->flags & F_CNAME) && !is_outdated_cname_pointer(cache)) + a = sanitise(cache_get_cname_target(cache)); ++ else if ((cache->flags & F_SRV) && !(cache->flags & F_NEG)) ++ { ++ int targetlen = cache->addr.srv.targetlen; ++ ssize_t len = sprintf(a, "%u %u %u ", cache->addr.srv.priority, ++ cache->addr.srv.weight, cache->addr.srv.srvport); ++ ++ if (targetlen > (40 - len)) ++ targetlen = 40 - len; ++ blockdata_retrieve(cache->addr.srv.target, targetlen, a + len); ++ a[len + targetlen] = 0; ++ } + #ifdef HAVE_DNSSEC + else if (cache->flags & F_DS) + { +@@ -1752,6 +1766,8 @@ void dump_cache(time_t now) + t = "6"; + else if (cache->flags & F_CNAME) + t = "C"; ++ else if (cache->flags & F_SRV) ++ t = "V"; + #ifdef HAVE_DNSSEC + else if (cache->flags & F_DS) + t = "S"; +@@ -1913,6 +1929,8 @@ void log_query(unsigned int flags, char + } + else if (flags & F_CNAME) + dest = ""; ++ else if (flags & F_SRV) ++ dest = ""; + else if (flags & F_RRNAME) + dest = arg; + +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -366,9 +366,7 @@ int main (int argc, char **argv) + { + cache_init(); + +-#ifdef HAVE_DNSSEC + blockdata_init(); +-#endif + } + + #ifdef HAVE_INOTIFY +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -299,6 +299,10 @@ union all_addr { + unsigned char algo; + unsigned char digest; + } ds; ++ struct { ++ struct blockdata *target; ++ unsigned short targetlen, srvport, priority, weight; ++ } srv; + /* for log_query */ + struct { + unsigned short keytag, algo, digest, rcode; +@@ -426,7 +430,7 @@ struct crec { + time_t ttd; /* time to die */ + /* used as class if DNSKEY/DS, index to source for F_HOSTS */ + unsigned int uid; +- unsigned short flags; ++ unsigned int flags; + union { + char sname[SMALLDNAME]; + union bigname *bname; +@@ -470,6 +474,7 @@ struct crec { + #define F_NOEXTRA (1u<<27) + #define F_SERVFAIL (1u<<28) + #define F_RCODE (1u<<29) ++#define F_SRV (1u<<30) + + #define UID_NONE 0 + /* Values of uid in crecs with F_CONFIG bit set. */ +@@ -1142,7 +1147,7 @@ void cache_end_insert(void); + void cache_start_insert(void); + int cache_recv_insert(time_t now, int fd); + struct crec *cache_insert(char *name, union all_addr *addr, unsigned short class, +- time_t now, unsigned long ttl, unsigned short flags); ++ time_t now, unsigned long ttl, unsigned int flags); + void cache_reload(void); + void cache_add_dhcp_entry(char *host_name, int prot, union all_addr *host_address, time_t ttd); + struct in_addr a_record_from_hosts(char *name, time_t now); +@@ -1158,7 +1163,6 @@ int read_hostsfile(char *filename, unsig + struct crec **rhash, int hashsz); + + /* blockdata.c */ +-#ifdef HAVE_DNSSEC + void blockdata_init(void); + void blockdata_report(void); + struct blockdata *blockdata_alloc(char *data, size_t len); +@@ -1166,7 +1170,6 @@ void *blockdata_retrieve(struct blockdat + struct blockdata *blockdata_read(int fd, size_t len); + void blockdata_write(struct blockdata *block, size_t len, int fd); + void blockdata_free(struct blockdata *blocks); +-#endif + + /* domain.c */ + char *get_domain(struct in_addr addr); +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -726,7 +726,7 @@ int extract_addresses(struct dns_header + { + /* everything other than PTR */ + struct crec *newc; +- int addrlen; ++ int addrlen = 0; + + if (qtype == T_A) + { +@@ -738,7 +738,9 @@ int extract_addresses(struct dns_header + addrlen = IN6ADDRSZ; + flags |= F_IPV6; + } +- else ++ else if (qtype == T_SRV) ++ flags |= F_SRV; ++ else + continue; + + cname_loop1: +@@ -799,39 +801,61 @@ int extract_addresses(struct dns_header + { + found = 1; + +- /* copy address into aligned storage */ +- if (!CHECK_LEN(header, p1, qlen, addrlen)) +- return 0; /* bad packet */ +- memcpy(&addr, p1, addrlen); +- +- /* check for returned address in private space */ +- if (check_rebind) ++ if (flags & F_SRV) + { +- if ((flags & F_IPV4) && +- private_net(addr.addr4, !option_bool(OPT_LOCAL_REBIND))) +- return 1; +- +- if ((flags & F_IPV6) && +- IN6_IS_ADDR_V4MAPPED(&addr.addr6)) ++ unsigned char *tmp = namep; ++ ++ if (!CHECK_LEN(header, p1, qlen, 6)) ++ return 0; /* bad packet */ ++ GETSHORT(addr.srv.priority, p1); ++ GETSHORT(addr.srv.weight, p1); ++ GETSHORT(addr.srv.srvport, p1); ++ if (!extract_name(header, qlen, &p1, name, 1, 0)) ++ return 0; ++ addr.srv.targetlen = strlen(name) + 1; /* include terminating zero */ ++ if (!(addr.srv.target = blockdata_alloc(name, addr.srv.targetlen))) ++ return 0; ++ ++ /* we overwrote the original name, so get it back here. */ ++ if (!extract_name(header, qlen, &tmp, name, 1, 0)) ++ return 0; ++ } ++ else ++ { ++ /* copy address into aligned storage */ ++ if (!CHECK_LEN(header, p1, qlen, addrlen)) ++ return 0; /* bad packet */ ++ memcpy(&addr, p1, addrlen); ++ ++ /* check for returned address in private space */ ++ if (check_rebind) + { +- struct in_addr v4; +- v4.s_addr = ((const uint32_t *) (&addr.addr6))[3]; +- if (private_net(v4, !option_bool(OPT_LOCAL_REBIND))) ++ if ((flags & F_IPV4) && ++ private_net(addr.addr4, !option_bool(OPT_LOCAL_REBIND))) + return 1; ++ ++ if ((flags & F_IPV6) && ++ IN6_IS_ADDR_V4MAPPED(&addr.addr6)) ++ { ++ struct in_addr v4; ++ v4.s_addr = ((const uint32_t *) (&addr.addr6))[3]; ++ if (private_net(v4, !option_bool(OPT_LOCAL_REBIND))) ++ return 1; ++ } + } +- } +- ++ + #ifdef HAVE_IPSET +- if (ipsets && (flags & (F_IPV4 | F_IPV6))) +- { +- ipsets_cur = ipsets; +- while (*ipsets_cur) ++ if (ipsets && (flags & (F_IPV4 | F_IPV6))) + { +- log_query((flags & (F_IPV4 | F_IPV6)) | F_IPSET, name, &addr, *ipsets_cur); +- add_to_ipset(*ipsets_cur++, &addr, flags, 0); ++ ipsets_cur = ipsets; ++ while (*ipsets_cur) ++ { ++ log_query((flags & (F_IPV4 | F_IPV6)) | F_IPSET, name, &addr, *ipsets_cur); ++ add_to_ipset(*ipsets_cur++, &addr, flags, 0); ++ } + } +- } + #endif ++ } + + newc = cache_insert(name, &addr, C_IN, now, attl, flags | F_FORWARD | secflag); + if (newc && cpp) +@@ -1844,7 +1868,68 @@ size_t answer_request(struct dns_header + *up = move; + move->next = NULL; + } +- ++ ++ if (!found) ++ { ++ cname_srv_restart: ++ if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME | F_SRV | (dryrun ? F_NO_RR : 0))) && ++ (!do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))) ++ { ++ if (!(crecp->flags & F_DNSSECOK)) ++ sec_data = 0; ++ ++ auth = 0; ++ found = ans = 1; ++ ++ do { ++ if (crecp->flags & F_CNAME) ++ { ++ char *cname_target = cache_get_cname_target(crecp); ++ ++ if (!dryrun) ++ { ++ log_query(crecp->flags, name, NULL, record_source(crecp->uid)); ++ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, ++ crec_ttl(crecp, now), &nameoffset, ++ T_CNAME, C_IN, "d", cname_target)) ++ anscount++; ++ } ++ ++ strcpy(name, cname_target); ++ goto cname_srv_restart; ++ } ++ else if (crecp->flags & F_NEG) ++ { ++ if (crecp->flags & F_NXDOMAIN) ++ nxdomain = 1; ++ if (!dryrun) ++ log_query(crecp->flags, name, NULL, NULL); ++ } ++ else ++ { ++ unsigned char *p1 = ((unsigned char *)header) + nameoffset; ++ ++ if (!dryrun) ++ { ++ log_query(crecp->flags, name, NULL, 0); ++ ++ blockdata_retrieve(crecp->addr.srv.target, crecp->addr.srv.targetlen, name); ++ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, ++ crec_ttl(crecp, now), NULL, T_SRV, C_IN, "sssd", ++ crecp->addr.srv.priority, crecp->addr.srv.weight, crecp->addr.srv.srvport, ++ name)) ++ anscount++; ++ ++ ++ /* restore name we overwrote */ ++ if (!extract_name(header, qlen, &p1, name, 1, 0)) ++ return 0; /* bad packet */ ++ } ++ } ++ } while ((crecp = cache_find_by_name(crecp, name, now, F_SRV | F_CNAME))); ++ } ++ } ++ + if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_')))) + { + ans = 1; diff --git a/package/network/services/dnsmasq/patches/0025-Fix-crash-freeing-negative-SRV-cache-entries.patch b/package/network/services/dnsmasq/patches/0025-Fix-crash-freeing-negative-SRV-cache-entries.patch new file mode 100644 index 0000000000..ec4d52d7fd --- /dev/null +++ b/package/network/services/dnsmasq/patches/0025-Fix-crash-freeing-negative-SRV-cache-entries.patch @@ -0,0 +1,23 @@ +From a90f09db4cc635941a32b973b57e58c662569625 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 9 Jan 2019 15:08:16 +0000 +Subject: [PATCH 25/30] Fix crash freeing negative SRV cache entries. + +Thanks to Daniel for finding this one. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/cache.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/cache.c ++++ b/src/cache.c +@@ -200,7 +200,7 @@ static void cache_hash(struct crec *crec + + static void cache_blockdata_free(struct crec *crecp) + { +- if (crecp->flags & F_SRV) ++ if (crecp->flags & F_SRV && !(crecp->flags & F_NEG)) + blockdata_free(crecp->addr.srv.target); + #ifdef HAVE_DNSSEC + else if (crecp->flags & F_DNSKEY) diff --git a/package/network/services/dnsmasq/patches/0026-Check-for-not-DS-or-DNSKEY-in-is_outdated_cname_poin.patch b/package/network/services/dnsmasq/patches/0026-Check-for-not-DS-or-DNSKEY-in-is_outdated_cname_poin.patch new file mode 100644 index 0000000000..b84a9281f8 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0026-Check-for-not-DS-or-DNSKEY-in-is_outdated_cname_poin.patch @@ -0,0 +1,24 @@ +From 2896e2485e44c04e73a0b7c9f7cbc9c8515d0800 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 9 Jan 2019 15:12:34 +0000 +Subject: [PATCH 26/30] Check for not(DS or DNSKEY) in + is_outdated_cname_pointer() + +Previous check was _for_ IPV4, IPv6 CNAME, and I missed adding SRV. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/cache.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/cache.c ++++ b/src/cache.c +@@ -312,7 +312,7 @@ static int is_outdated_cname_pointer(str + /* NB. record may be reused as DS or DNSKEY, where uid is + overloaded for something completely different */ + if (crecp->addr.cname.target.cache && +- (crecp->addr.cname.target.cache->flags & (F_IPV4 | F_IPV6 | F_CNAME)) && ++ !(crecp->addr.cname.target.cache->flags & (F_DNSKEY | F_DS)) && + crecp->addr.cname.uid == crecp->addr.cname.target.cache->uid) + return 0; + diff --git a/package/network/services/dnsmasq/patches/0027-Fix-e7bfd556c079c8b5e7425aed44abc35925b24043-to-actu.patch b/package/network/services/dnsmasq/patches/0027-Fix-e7bfd556c079c8b5e7425aed44abc35925b24043-to-actu.patch new file mode 100644 index 0000000000..180a030020 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0027-Fix-e7bfd556c079c8b5e7425aed44abc35925b24043-to-actu.patch @@ -0,0 +1,95 @@ +From 9c0d445ef4abffa2b9342ad65e85ef425c1f83bb Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 9 Jan 2019 17:57:56 +0000 +Subject: [PATCH 27/30] Fix e7bfd556c079c8b5e7425aed44abc35925b24043 to + actually work. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/dhcp.c | 54 +++++++++++++++++++++++++---------------------------- + src/dhcp6.c | 2 +- + 2 files changed, 26 insertions(+), 30 deletions(-) + +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -754,19 +754,6 @@ int address_allocate(struct dhcp_context + if (addr.s_addr == d->router.s_addr) + break; + +- /* in consec-ip mode, skip addresses equal to +- the number of addresses rejected by clients. This +- should avoid the same client being offered the same +- address after it has rjected it. */ +- if (option_bool(OPT_CONSEC_ADDR)) +- { +- if (c->addr_epoch) +- { +- c->addr_epoch--; +- d = context; /* d non-NULL skips the address. */ +- } +- } +- + /* Addresses which end in .255 and .0 are broken in Windows even when using + supernetting. ie dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 + then 192.168.0.255 is a valid IP address, but not for Windows as it's +@@ -778,24 +765,33 @@ int address_allocate(struct dhcp_context + (!IN_CLASSC(ntohl(addr.s_addr)) || + ((ntohl(addr.s_addr) & 0xff) != 0xff && ((ntohl(addr.s_addr) & 0xff) != 0x0)))) + { +- struct ping_result *r; +- +- if ((r = do_icmp_ping(now, addr, j, loopback))) +- { +- /* consec-ip mode: we offered this address for another client +- (different hash) recently, don't offer it to this one. */ +- if (!option_bool(OPT_CONSEC_ADDR) || r->hash == j) +- { +- *addrp = addr; +- return 1; +- } +- } ++ /* in consec-ip mode, skip addresses equal to ++ the number of addresses rejected by clients. This ++ should avoid the same client being offered the same ++ address after it has rjected it. */ ++ if (option_bool(OPT_CONSEC_ADDR) && c->addr_epoch) ++ c->addr_epoch--; + else + { +- /* address in use: perturb address selection so that we are +- less likely to try this address again. */ +- if (!option_bool(OPT_CONSEC_ADDR)) +- c->addr_epoch++; ++ struct ping_result *r; ++ ++ if ((r = do_icmp_ping(now, addr, j, loopback))) ++ { ++ /* consec-ip mode: we offered this address for another client ++ (different hash) recently, don't offer it to this one. */ ++ if (!option_bool(OPT_CONSEC_ADDR) || r->hash == j) ++ { ++ *addrp = addr; ++ return 1; ++ } ++ } ++ else ++ { ++ /* address in use: perturb address selection so that we are ++ less likely to try this address again. */ ++ if (!option_bool(OPT_CONSEC_ADDR)) ++ c->addr_epoch++; ++ } + } + } + +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -436,7 +436,7 @@ struct dhcp_context *address6_allocate(s + skip addresses equal to the number of addresses rejected + by clients. This should avoid the same client being offered the same + address after it has rjected it. */ +- start = lease_find_max_addr6(c) + serial + c->addr_epoch; ++ start = lease_find_max_addr6(c) + 1 + serial + c->addr_epoch; + if (c->addr_epoch) + c->addr_epoch--; + } diff --git a/package/network/services/dnsmasq/patches/0028-Tidy-cache_blockdata_free.patch b/package/network/services/dnsmasq/patches/0028-Tidy-cache_blockdata_free.patch new file mode 100644 index 0000000000..ed8170c59b --- /dev/null +++ b/package/network/services/dnsmasq/patches/0028-Tidy-cache_blockdata_free.patch @@ -0,0 +1,36 @@ +From 4bf62f616b82fad7a7f91195b0204dd64d79a35c Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Thu, 10 Jan 2019 21:54:22 +0000 +Subject: [PATCH 28/30] Tidy cache_blockdata_free() + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/cache.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +--- a/src/cache.c ++++ b/src/cache.c +@@ -200,14 +200,17 @@ static void cache_hash(struct crec *crec + + static void cache_blockdata_free(struct crec *crecp) + { +- if (crecp->flags & F_SRV && !(crecp->flags & F_NEG)) +- blockdata_free(crecp->addr.srv.target); ++ if (!(crecp->flags & F_NEG)) ++ { ++ if (crecp->flags & F_SRV) ++ blockdata_free(crecp->addr.srv.target); + #ifdef HAVE_DNSSEC +- else if (crecp->flags & F_DNSKEY) +- blockdata_free(crecp->addr.key.keydata); +- else if ((crecp->flags & F_DS) && !(crecp->flags & F_NEG)) +- blockdata_free(crecp->addr.ds.keydata); ++ else if (crecp->flags & F_DNSKEY) ++ blockdata_free(crecp->addr.key.keydata); ++ else if (crecp->flags & F_DS) ++ blockdata_free(crecp->addr.ds.keydata); + #endif ++ } + } + + static void cache_free(struct crec *crecp) diff --git a/package/network/services/dnsmasq/patches/0029-Fix-removal-of-DHCP_CLIENT_MAC-options-from-DHCPv6-r.patch b/package/network/services/dnsmasq/patches/0029-Fix-removal-of-DHCP_CLIENT_MAC-options-from-DHCPv6-r.patch new file mode 100644 index 0000000000..d8ae0e7910 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0029-Fix-removal-of-DHCP_CLIENT_MAC-options-from-DHCPv6-r.patch @@ -0,0 +1,52 @@ +From f8c77edbdffb8ada7753ea9fa104f0f6da70cfe3 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Thu, 10 Jan 2019 21:58:18 +0000 +Subject: [PATCH 29/30] Fix removal of DHCP_CLIENT_MAC options from DHCPv6 + relay replies. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/rfc3315.c | 30 +++++++++++++++++------------- + 1 file changed, 17 insertions(+), 13 deletions(-) + +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -219,21 +219,25 @@ static int dhcp6_maybe_relay(struct stat + if (opt6_ptr(opt, 0) + opt6_len(opt) > end) + return 0; + +- int o = new_opt6(opt6_type(opt)); +- if (opt6_type(opt) == OPTION6_RELAY_MSG) ++ /* Don't copy MAC address into reply. */ ++ if (opt6_type(opt) != OPTION6_CLIENT_MAC) + { +- struct in6_addr align; +- /* the packet data is unaligned, copy to aligned storage */ +- memcpy(&align, inbuff + 2, IN6ADDRSZ); +- state->link_address = &align; +- /* zero is_unicast since that is now known to refer to the +- relayed packet, not the original sent by the client */ +- if (!dhcp6_maybe_relay(state, opt6_ptr(opt, 0), opt6_len(opt), client_addr, 0, now)) +- return 0; ++ int o = new_opt6(opt6_type(opt)); ++ if (opt6_type(opt) == OPTION6_RELAY_MSG) ++ { ++ struct in6_addr align; ++ /* the packet data is unaligned, copy to aligned storage */ ++ memcpy(&align, inbuff + 2, IN6ADDRSZ); ++ state->link_address = &align; ++ /* zero is_unicast since that is now known to refer to the ++ relayed packet, not the original sent by the client */ ++ if (!dhcp6_maybe_relay(state, opt6_ptr(opt, 0), opt6_len(opt), client_addr, 0, now)) ++ return 0; ++ } ++ else ++ put_opt6(opt6_ptr(opt, 0), opt6_len(opt)); ++ end_opt6(o); + } +- else if (opt6_type(opt) != OPTION6_CLIENT_MAC) +- put_opt6(opt6_ptr(opt, 0), opt6_len(opt)); +- end_opt6(o); + } + + return 1; diff --git a/package/network/services/dnsmasq/patches/0030-Fix-entries-in-etc-hosts-disabling-static-leases.patch b/package/network/services/dnsmasq/patches/0030-Fix-entries-in-etc-hosts-disabling-static-leases.patch new file mode 100644 index 0000000000..265bd3fc9e --- /dev/null +++ b/package/network/services/dnsmasq/patches/0030-Fix-entries-in-etc-hosts-disabling-static-leases.patch @@ -0,0 +1,54 @@ +From 18eac67c0a15b673c8d27002c248651b308093e4 Mon Sep 17 00:00:00 2001 +From: Steven Siloti +Date: Sun, 13 Jan 2019 22:56:36 +0000 +Subject: [PATCH 30/30] Fix entries in /etc/hosts disabling static leases. + +It is possible for a config entry to have one address family specified by a +dhcp-host directive and the other added from /etc/hosts. This is especially +common on OpenWrt because it uses odhcpd for DHCPv6 and IPv6 leases are +imported into dnsmasq via a hosts file. + +To handle this case there need to be separate *_HOSTS flags for IPv4 and IPv6. +Otherwise when the hosts file is reloaded it will clear the CONFIG_ADDR(6) flag +which was set by the dhcp-host directive. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/dhcp-common.c | 8 ++++++-- + src/dnsmasq.h | 1 + + 2 files changed, 7 insertions(+), 2 deletions(-) + +--- a/src/dhcp-common.c ++++ b/src/dhcp-common.c +@@ -372,7 +372,11 @@ void dhcp_update_configs(struct dhcp_con + + for (config = configs; config; config = config->next) + if (config->flags & CONFIG_ADDR_HOSTS) +- config->flags &= ~(CONFIG_ADDR | CONFIG_ADDR6 | CONFIG_ADDR_HOSTS); ++ config->flags &= ~(CONFIG_ADDR | CONFIG_ADDR_HOSTS); ++#ifdef HAVE_DHCP6 ++ if (config->flags & CONFIG_ADDR6_HOSTS) ++ config->flags &= ~(CONFIG_ADDR6 | CONFIG_ADDR6_HOSTS); ++#endif + + #ifdef HAVE_DHCP6 + again: +@@ -421,7 +425,7 @@ void dhcp_update_configs(struct dhcp_con + (!(conf_tmp = config_find_by_address6(configs, &crec->addr.addr6, 128, 0)) || conf_tmp == config)) + { + memcpy(&config->addr6, &crec->addr.addr6, IN6ADDRSZ); +- config->flags |= CONFIG_ADDR6 | CONFIG_ADDR_HOSTS; ++ config->flags |= CONFIG_ADDR6 | CONFIG_ADDR6_HOSTS; + continue; + } + #endif +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -789,6 +789,7 @@ struct dhcp_config { + #define CONFIG_BANK 2048 /* from dhcp hosts file */ + #define CONFIG_ADDR6 4096 + #define CONFIG_WILDCARD 8192 ++#define CONFIG_ADDR6_HOSTS 16384 /* address added by from /etc/hosts */ + + struct dhcp_opt { + int opt, len, flags; diff --git a/package/network/services/dnsmasq/patches/0031-fix-previous-commit.patch b/package/network/services/dnsmasq/patches/0031-fix-previous-commit.patch new file mode 100644 index 0000000000..d985c4ac43 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0031-fix-previous-commit.patch @@ -0,0 +1,27 @@ +From f52bb5be437ab33d7cd10f0ff1cdf0bb86857cf7 Mon Sep 17 00:00:00 2001 +From: Kevin Darbyshire-Bryant +Date: Wed, 16 Jan 2019 09:48:07 +0000 +Subject: [PATCH 31/31] fix previous commit + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/dhcp-common.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/src/dhcp-common.c ++++ b/src/dhcp-common.c +@@ -371,12 +371,14 @@ void dhcp_update_configs(struct dhcp_con + int prot = AF_INET; + + for (config = configs; config; config = config->next) ++ { + if (config->flags & CONFIG_ADDR_HOSTS) + config->flags &= ~(CONFIG_ADDR | CONFIG_ADDR_HOSTS); + #ifdef HAVE_DHCP6 + if (config->flags & CONFIG_ADDR6_HOSTS) + config->flags &= ~(CONFIG_ADDR6 | CONFIG_ADDR6_HOSTS); + #endif ++ } + + #ifdef HAVE_DHCP6 + again: