import dnsmasq-2.79-20.el8

2021-11-11 04:18:22 +00:00 · 2021-11-11 04:18:22 +00:00 · ad51900b9c
parent b0a42572f2
commit ad51900b9c
3 changed files with 143 additions and 1 deletions
--- a/SOURCES/dnsmasq-2.79-alternative-lease.patch
+++ b/SOURCES/dnsmasq-2.79-alternative-lease.patch
@ -0,0 +1,107 @@
+From 268080fc19990711a1d1e1acd68a50aa2f6cb5fb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Fri, 17 Sep 2021 20:12:21 +0200
+Subject: [PATCH] Offer alternative DHCPv6 address if requested is taken
+
+In some cases multiple requests might arrive from single DUID. It may
+happen just one address is offered to different IAID requests. When
+the first request confirms lease, another would be offered alternative
+address instead of address in use error.
+
+Includes check on such Rapid commit equivalents and returns NotOnLink
+error, required by RFC 8145, if requested address were not on any
+supported prefix.
+---
+ src/rfc3315.c | 39 ++++++++++++++++++++++++++++-----------
+ 1 file changed, 28 insertions(+), 11 deletions(-)
+
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 5c2ff97..d1534ad 100644
+--- a/src/rfc3315.c
+++ b/src/rfc3315.c
+@@ -614,7 +614,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+       
+     case DHCP6SOLICIT:
+       {
+-      	int address_assigned = 0;
+	int address_assigned = 0, ia_invalid = 0;
+ 	/* tags without all prefix-class tags */
+ 	struct dhcp_netid *solicit_tags;
+ 	struct dhcp_context *c;
+@@ -697,6 +697,8 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ 		    get_context_tag(state, c);
+ 		    address_assigned = 1;
+ 		  }
+		else
+		  ia_invalid++;
+ 	      }
+ 	    
+ 	    /* Suggest configured address(es) */
+@@ -782,11 +784,26 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ 	    tagif = add_options(state, 0);
+ 	  }
+ 	else
+-	  { 
+	  {
+	    char *errmsg;
+ 	    /* no address, return error */
+ 	    o1 = new_opt6(OPTION6_STATUS_CODE);
+-	    put_opt6_short(DHCP6NOADDRS);
+-	    put_opt6_string(_("no addresses available"));
+	    if (state->lease_allocate && ia_invalid)
+	      {
+		/* RFC 8415, Section 18.3.2:
+		   If any of the prefixes of the included addresses are not
+		   appropriate for the link to which the client is connected,
+		   the server MUST return the IA to the client with a Status
+		   Code option with the value NotOnLink. */
+		put_opt6_short(DHCP6NOTONLINK);
+		errmsg = _("not on link");
+	      }
+	    else
+	      {
+		put_opt6_short(DHCP6NOADDRS);
+		errmsg = _("no addresses available");
+	      }
+	    put_opt6_string(errmsg);
+ 	    end_opt6(o1);
+ 
+ 	    /* Some clients will ask repeatedly when we're not giving
+@@ -795,7 +812,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ 	    for (c = state->context; c; c = c->current)
+ 	      if (!(c->flags & CONTEXT_RA_STATELESS))
+ 		{
+-		  log6_packet(state, state->lease_allocate ? "DHCPREPLY" : "DHCPADVERTISE", NULL, _("no addresses available"));
+		  log6_packet(state, state->lease_allocate ? "DHCPREPLY" : "DHCPADVERTISE", NULL, errmsg);
+ 		  break;
+ 		}
+ 	  }
+@@ -831,7 +848,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ 		 /* If we get a request with an IA_*A without addresses, treat it exactly like
+ 		    a SOLICT with rapid commit set. */
+ 		 save_counter(start);
+-		 goto request_no_address; 
+		 goto request_no_address;
+ 	       }
+ 
+ 	    o = build_ia(state, &t1cntr);
+@@ -861,11 +878,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ 		      }
+ 		    else if (!check_address(state, &req_addr))
+ 		      {
+-			/* Address leased to another DUID/IAID */
+-			o1 = new_opt6(OPTION6_STATUS_CODE);
+-			put_opt6_short(DHCP6UNSPEC);
+-			put_opt6_string(_("address in use"));
+-			end_opt6(o1);
+			/* Address leased to another DUID/IAID.
+			   Find another address for the client, treat it exactly like
+			   a SOLICT with rapid commit set. */
+			save_counter(start);
+			goto request_no_address;
+ 		      } 
+ 		    else 
+ 		      {
+-- 
+2.31.1
+
--- a/SOURCES/dnsmasq-2.86-dhcpv6-client-arch.patch
+++ b/SOURCES/dnsmasq-2.86-dhcpv6-client-arch.patch
@ -0,0 +1,28 @@
+From 9e2b6474f2074511c3911b2f777e8e8704782670 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Wed, 22 Sep 2021 14:54:01 +0200
+Subject: [PATCH] Add support for option6 names of RFC 5970
+
+Client Network Interface Identifier and Client System Architecture Type
+options were not understood by dnsmasq. Add it to supported option
+types.
+---
+ src/dhcp-common.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/dhcp-common.c b/src/dhcp-common.c
+index 224c4d6..368d686 100644
+--- a/src/dhcp-common.c
+++ b/src/dhcp-common.c
+@@ -645,6 +645,8 @@ static const struct opttab_t opttab6[] = {
+   { "ntp-server", 56,  0 },
+   { "bootfile-url", 59, OT_NAME },
+   { "bootfile-param", 60, OT_CSTRING },
+  { "client-arch", 61, 2 | OT_DEC }, /* RFC 5970 */
+  { "client-interface-id", 62, 1 | OT_DEC }, /* RFC 5970 */
+   { NULL, 0, 0 }
+ };
+ #endif
+-- 
+2.31.1
+
--- a/SPECS/dnsmasq.spec
+++ b/SPECS/dnsmasq.spec
@ -13,7 +13,7 @@

 Name:           dnsmasq
 Version:        2.79
-Release:        19%{?extraversion:.%{extraversion}}%{?dist}
+Release:        20%{?extraversion:.%{extraversion}}%{?dist}
 Summary:        A lightweight DHCP/caching DNS server

 License:        GPLv2 or GPLv3
@ -67,6 +67,8 @@ Patch29:        dnsmasq-2.84-bind-dynamic-netlink.patch
 Patch30:        dnsmasq-2.85-CVE-2021-3448.patch
 # http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03212e533b1e07aba30d2f4112009dc3af867ea5
 Patch31:        dnsmasq-2.80-man-nameing.patch
+Patch32:        dnsmasq-2.79-alternative-lease.patch
+Patch33:        dnsmasq-2.86-dhcpv6-client-arch.patch

 # This is workaround to nettle bug #1549190
 # https://bugzilla.redhat.com/show_bug.cgi?id=1549190
@ -131,6 +133,8 @@ server's leases.
 %patch29 -p1 -b .rh1887649
 %patch30 -p1 -b .CVE-2021-3448
 %patch31 -p1 -b .rh1947039
+%patch32 -p1 -b .rh1998448
+%patch33 -p1 -b .dhcpv6-client-arch

 # use /var/lib/dnsmasq instead of /var/lib/misc
 for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@ -230,6 +234,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
 %{_mandir}/man1/dhcp_*

 %changelog
+* Mon Sep 20 2021 Petr Menšík <pemensik@redhat.com> - 2.79-20
+- Offer alternate DHCPv6 address if requested is already leased (#1998448)
+
 * Tue Jun 29 2021 Petr Menšík <pemensik@redhat.com> - 2.79-19
 - Correct typo in man page (#1947039)