From fe1f13ace392ea2960f902bd5aaac9179cdce8d6 Mon Sep 17 00:00:00 2001 From: luoguocui Date: Mon, 29 Sep 2025 12:05:49 +0000 Subject: [PATCH] fix reply confirm packet when binding-mac-with-ip6 on (cherry picked from commit 831722d78a329fbad01373920e07db4fd807bf42) --- allow-binding-mac-with-ip6.patch | 44 +++++++++++++++++--------------- dnsmasq.spec | 8 +++++- 2 files changed, 30 insertions(+), 22 deletions(-) diff --git a/allow-binding-mac-with-ip6.patch b/allow-binding-mac-with-ip6.patch index 4bd2022..aaf3731 100644 --- a/allow-binding-mac-with-ip6.patch +++ b/allow-binding-mac-with-ip6.patch @@ -1,8 +1,9 @@ -From 271510e5f7c2130ad4b7e33186e47daf0d3d2d30 Mon Sep 17 00:00:00 2001 -From: huyizhen -Date: Fri, 28 Feb 2025 14:38:44 +0800 +From 3a75aef92140e728e3a91c507541a714c5a3dd82 Mon Sep 17 00:00:00 2001 +From: luoguocui +Date: Thu, 25 Sep 2025 13:39:43 +0000 Subject: [PATCH] allow binding mac with ip6 +v1: Bind the IPv6 address to the MAC address of the client. This command is used to solve the problem that the client cannot obtain an IPv6 address after the system is reinstalled. If this parameter is not specified, the client duid changes @@ -14,13 +15,15 @@ In addition, all client MAC addresses and IPv6 addresses must be bound in one-to using --dhcp-host. Combine bugfix-allow-binding-mac-with-ipv6.patch bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch -to allow-binding-mac-with-ip6.patch +v2: +Fix reply confirm packet when binding-mac-with-ipv6 on. When dnsmasq processes the Confirm packet with binding-mac-with-ipv6 on, if the packet falls into an abnormal branch, dnsmasq replies with an confirm packet. This issue has been fixed. + --- src/dnsmasq.c | 1 + src/dnsmasq.h | 4 +++- src/option.c | 3 +++ - src/rfc3315.c | 61 ++++++++++++++++++++++++++++++++++++++++++--------- - 4 files changed, 58 insertions(+), 11 deletions(-) + src/rfc3315.c | 60 ++++++++++++++++++++++++++++++++++++++++++--------- + 4 files changed, 57 insertions(+), 11 deletions(-) diff --git a/src/dnsmasq.c b/src/dnsmasq.c index f3d87cd..3609106 100644 @@ -85,7 +88,7 @@ index 9b5066e..7c316b9 100644 }; diff --git a/src/rfc3315.c b/src/rfc3315.c -index 400d939..e579494 100644 +index 400d939..90488bd 100644 --- a/src/rfc3315.c +++ b/src/rfc3315.c @@ -48,8 +48,8 @@ static int build_ia(struct state *state, int *t1cntr); @@ -135,7 +138,7 @@ index 400d939..e579494 100644 { /* Address leased to another DUID/IAID */ o1 = new_opt6(OPTION6_STATUS_CODE); -@@ -1075,12 +1075,32 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu +@@ -1075,12 +1075,34 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu case DHCP6CONFIRM: { int good_addr = 0, bad_addr = 0; @@ -158,35 +161,34 @@ index 400d939..e579494 100644 + } + /* requires all mac has binding ipv6 address. */ + if (find_bind == 0) { -+ o1 = new_opt6(OPTION6_STATUS_CODE); ++ bad_addr = 1; ++ log6_quiet(state, "DHCPREPLY", NULL, _("confirm failed, no binding found")); ++ o1 = new_opt6(OPTION6_STATUS_CODE); + put_opt6_short(DHCP6NOTONLINK); + put_opt6_string(_("confirm failed, no binding found")); + end_opt6(o1); -+ return 1; ++ break; + } + } + for (opt = state->packet_options; opt; opt = opt6_next(opt, state->end)) { void *ia_option, *ia_end; -@@ -1104,6 +1124,16 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu +@@ -1104,6 +1126,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu good_addr = 1; log6_quiet(state, "DHCPREPLY", &req_addr, state->hostname); } + -+ if(daemon->bind_mac_with_ip6) { -+ if (!is_same_net6(&req_addr, &find_config->addr6, 128)) { -+ o1 = new_opt6(OPTION6_STATUS_CODE); -+ put_opt6_short(DHCP6NOTONLINK); -+ put_opt6_string(_("confirm failed, not binding to this address")); -+ end_opt6(o1); -+ return 1; ++ if(daemon->bind_mac_with_ip6 && good_addr) { ++ if(!is_same_net6(&req_addr, &find_config->addr6, 128)) { ++ bad_addr = 1; ++ log6_quiet(state, "DHCPREPLY", &req_addr, _("confirm failed, not binding to this address")); + } + } } } -@@ -1723,13 +1753,24 @@ static void mark_config_used(struct dhcp_context *context, struct in6_addr *addr +@@ -1723,13 +1752,24 @@ static void mark_config_used(struct dhcp_context *context, struct in6_addr *addr } /* make sure address not leased to another CLID/IAID */ @@ -212,7 +214,7 @@ index 400d939..e579494 100644 if (lease->clid_len != state->clid_len || memcmp(lease->clid, state->clid, state->clid_len) != 0 || lease->iaid != state->iaid) -@@ -1769,7 +1810,7 @@ static struct addrlist *config_implies(struct dhcp_config *config, struct dhcp_c +@@ -1769,7 +1809,7 @@ static struct addrlist *config_implies(struct dhcp_config *config, struct dhcp_c return NULL; } @@ -221,7 +223,7 @@ index 400d939..e579494 100644 { u64 addrpart, i, addresses; struct addrlist *addr_list; -@@ -1803,7 +1844,7 @@ static int config_valid(struct dhcp_config *config, struct dhcp_context *context +@@ -1803,7 +1843,7 @@ static int config_valid(struct dhcp_config *config, struct dhcp_context *context { setaddr6part(addr, addrpart+i); diff --git a/dnsmasq.spec b/dnsmasq.spec index a43b57a..b402458 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,6 +1,6 @@ Name: dnsmasq Version: 2.90 -Release: 4 +Release: 5 Summary: Dnsmasq provides network infrastructure for small networks License: GPLv2 or GPLv3 URL: http://www.thekelleys.org.uk/dnsmasq/ @@ -111,6 +111,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf %{_mandir}/man8/dnsmasq* %changelog +* Mon Sep 29 2025 luoguocui - 2.90-5 +- Type:bugfix +- CVE: +- SUG:NA +- DESC:fix reply confirm packet when binding-mac-with-ip6 on + * Thu Mar 20 2025 lingsheng - 2.90-4 - Type:bugfix - CVE:NA -- Gitee