Upgrade embedded dnsmasq to v2.80

FTL.h

@@ -90,26 +90,28 @@ enum { MODE_IP, MODE_NX, MODE_NULL, MODE_IP_NODATA_AAAA };
 enum { REGEX_UNKNOWN, REGEX_BLOCKED, REGEX_NOTBLOCKED };
 enum { BLOCKING_DISABLED, BLOCKING_ENABLED, BLOCKING_UNKNOWN };
 
+// Privacy mode constants
+#define HIDDEN_DOMAIN "hidden"
+#define HIDDEN_CLIENT "0.0.0.0"
+
 // Static structs
 typedef struct {
  const char* conf;
- const char* log;
- const char* pid;
- const char* port;
+ const char* snapConf;
+ char* log;
+ char* pid;
+ char* port;
  char* db;
- const char* socketfile;
+ char* socketfile;
 } FTLFileNamesStruct;
 
 typedef struct {
- const char* log;
- const char* preEventHorizon;
- const char* whitelist;
- const char* blacklist;
- const char* gravity;
- const char* regexlist;
- const char* setupVars;
- const char* auditlist;
- const char* dnsmasqconfig;
+ char* whitelist;
+ char* blacklist;
+ char* gravity;
+ char* regexlist;
+ char* setupVars;
+ char* auditlist;
 } logFileNamesStruct;
 
 typedef struct {
@@ -146,7 +148,7 @@ typedef struct {
  int DBinterval;
  int port;
  int maxlogage;
- int privacylevel;
+ unsigned char privacylevel;
  bool ignore_localhost;
  unsigned char blockingmode;
  bool regex_debugmode;
@@ -167,7 +169,7 @@ typedef struct {
  bool db;
  int id; // the ID is a (signed) int in dnsmasq, so no need for a long int here
  bool complete;
- bool private;
+ unsigned char privacylevel;
  unsigned long response; // saved in units of 1/10 milliseconds (1 = 0.1ms, 2 = 0.2ms, 2500 = 250.0ms, etc.)
  unsigned char reply;
  unsigned char dnssec;

Makefile

@@ -8,16 +8,16 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
-DNSMASQVERSION = "pi-hole-2.79"
+DNSMASQVERSION = "pi-hole-2.80"
 DNSMASQOPTS = -DHAVE_DNSSEC -DHAVE_DNSSEC_STATIC
 # Flags for compiling with libidn : -DHAVE_IDN
 # Flags for compiling with libidn2: -DHAVE_LIBIDN2 -DIDN2_VERSION_NUMBER=0x02000003
 
 FTLDEPS = FTL.h routines.h version.h api.h dnsmasq_interface.h
 FTLOBJ = main.o memory.o log.o daemon.o datastructure.o signals.o socket.o request.o grep.o setupVars.o args.o threads.o gc.o config.o database.o msgpack.o api.o dnsmasq_interface.o resolve.o regex.o 
 
-DNSMASQDEPS = config.h dhcp-protocol.h dns-protocol.h radv-protocol.h dhcp6-protocol.h dnsmasq.h ip6addr.h
-DNSMASQOBJ = arp.o dbus.o domain.o lease.o outpacket.o rrfilter.o auth.o dhcp6.o edns0.o log.o poll.o slaac.o blockdata.o dhcp.o forward.o loop.o radv.o tables.o bpf.o dhcp-common.o helper.o netlink.o rfc1035.o tftp.o cache.o dnsmasq.o inotify.o network.o rfc2131.o util.o conntrack.o dnssec.o ipset.o option.o rfc3315.o crypto.o
+DNSMASQDEPS = config.h dhcp-protocol.h dns-protocol.h radv-protocol.h dhcp6-protocol.h dnsmasq.h ip6addr.h metrics.h
+DNSMASQOBJ = arp.o dbus.o domain.o lease.o outpacket.o rrfilter.o auth.o dhcp6.o edns0.o log.o poll.o slaac.o blockdata.o dhcp.o forward.o loop.o radv.o tables.o bpf.o dhcp-common.o helper.o netlink.o rfc1035.o tftp.o cache.o dnsmasq.o inotify.o network.o rfc2131.o util.o conntrack.o dnssec.o ipset.o option.o rfc3315.o crypto.o dump.o ubus.o metrics.o
 
 # Get git commit version and date
 GIT_BRANCH := $(shell git branch | sed -n 's/^\* //p')

api.c

@@ -87,6 +87,7 @@ void getStats(int *sock)
  // Send individual reply type counters
  ssend(*sock, "reply_NODATA %i\nreply_NXDOMAIN %i\nreply_CNAME %i\nreply_IP %i\n",
  counters.reply_NODATA, counters.reply_NXDOMAIN, counters.reply_CNAME, counters.reply_IP);
+ ssend(*sock, "privacy_level %i\n", config.privacylevel);
  }
  else
  {
@@ -264,7 +265,7 @@ void getTopDomains(char *client_message, int *sock)
  continue;
 
  // Hidden domain, probably due to privacy level. Skip this in the top lists
- if(strcmp(domains[j].domain, "hidden") == 0)
+ if(strcmp(domains[j].domain, HIDDEN_DOMAIN) == 0)
  continue;
 
  if(blocked && showblocked && domains[j].blockedcount > 0)
@@ -403,7 +404,7 @@ void getTopClients(char *client_message, int *sock)
  continue;
 
  // Hidden client, probably due to privacy level. Skip this in the top lists
- if(strcmp(clients[j].ip, "0.0.0.0") == 0)
+ if(strcmp(clients[j].ip, HIDDEN_CLIENT) == 0)
  continue;
 
  // Only return name if available
@@ -760,7 +761,7 @@ void getAllQueries(char *client_message, int *sock)
  {
  validate_access("queries", i, true, __LINE__, __FUNCTION__, __FILE__);
  // Check if this query has been create while in maximum privacy mode
- if(queries[i].private) continue;
+ if(queries[i].privacylevel >= PRIVACY_MAXIMUM) continue;
 
  validate_access("domains", queries[i].domainID, true, __LINE__, __FUNCTION__, __FILE__);
  validate_access("clients", queries[i].clientID, true, __LINE__, __FUNCTION__, __FILE__);
@@ -808,13 +809,17 @@ void getAllQueries(char *client_message, int *sock)
  continue;
  }
 
- char *domain = domains[queries[i].domainID].domain;
+ // Ask subroutine for domain. It may return "hidden" depending on
+ // the privacy settings at the time the query was made
+ char *domain = getDomainString(i);
+ // Similarly for the client
  char *client;
  if(clients[queries[i].clientID].name != NULL &&
- strlen(clients[queries[i].clientID].name) > 0)
+ strlen(clients[queries[i].clientID].name) > 0 &&
+ queries[i].privacylevel < PRIVACY_HIDE_DOMAINS_CLIENTS)
  client = clients[queries[i].clientID].name;
  else
- client = clients[queries[i].clientID].ip;
+ client = getClientIPString(i);
 
  unsigned long delay = queries[i].response;
  // Check if received (delay should be smaller than 30min)
@@ -857,11 +862,6 @@ void getRecentBlocked(char *client_message, int *sock)
 {
  int i, num=1;
 
- // Exit before processing any data if requested via config setting
- get_privacy_level(NULL);
- if(config.privacylevel >= PRIVACY_HIDE_DOMAINS)
- return;
-
  // Test for integer that specifies number of entries to be shown
  if(sscanf(client_message, "%*[^(](%i)", &num) > 0) {
  // User wants a different number of requests
@@ -881,9 +881,13 @@ void getRecentBlocked(char *client_message, int *sock)
  {
  found++;
 
+ // Ask subroutine for domain. It may return "hidden" depending on
+ // the privacy settings at the time the query was made
+ char *domain = getDomainString(i);
+
  if(istelnet[*sock])
- ssend(*sock,"%s\n", domains[queries[i].domainID].domain);
- else if(!pack_str32(*sock, domains[queries[i].domainID].domain))
+ ssend(*sock,"%s\n", domain);
+ else if(!pack_str32(*sock, domain))
  return;
  }
 

args.c

@@ -93,11 +93,6 @@ void parse_args(int argc, char* argv[])
  if(strcmp(argv[i], "travis-ci") == 0)
  {
  travis = true;
- FTLfiles.log = "pihole-FTL.log";
- // FTLfiles.db will be set to "pihole-FTL.db" via config file on Travis
- FTLfiles.conf = "pihole-FTL.conf";
- FTLfiles.socketfile = "pihole-FTL.sock";
- files.log = "pihole.log";
  ok = true;
  }
 

config.c

@@ -13,15 +13,60 @@
 ConfigStruct config;
 static char *parse_FTLconf(FILE *fp, const char * key);
 static void release_config_memory(void);
+void getpath(FILE* fp, const char *option, const char *defaultloc, char **pointer);
 
 char *conflinebuffer = NULL;
 
+void getLogFilePath(void)
+{
+ FILE *fp;
+ char * buffer;
+
+ // Try to open default config file. Use fallback if not found
+ if( ((fp = fopen(FTLfiles.conf, "r")) == NULL) &&
+ ((fp = fopen(FTLfiles.snapConf, "r")) == NULL) &&
+ ((fp = fopen("pihole-FTL.conf", "r")) == NULL))
+ {
+ printf("Notice: Found no readable FTL config file");
+ }
+
+ // Read LOGFILE value if available
+ // defaults to: "/var/log/pihole-FTL.log"
+ buffer = parse_FTLconf(fp, "LOGFILE");
+
+ errno = 0;
+ // Use sscanf() to obtain filename from config file parameter only if buffer != NULL
+ if(buffer == NULL || sscanf(buffer, "%127ms", &FTLfiles.log) != 1)
+ {
+ // Use standard path if no custom path was obtained from the config file
+ FTLfiles.log = strdup("/var/log/pihole-FTL.log");
+ }
+
+ // Test if memory allocation was successful
+ if(FTLfiles.log == NULL)
+ {
+ printf("FATAL: Allocating memory for FTLfiles.log failed (%s, %i). Exiting.",
+ strerror(errno), errno);
+ exit(EXIT_FAILURE);
+ }
+ else if(strlen(FTLfiles.log) == 0)
+ {
+ printf("Fatal: Log file location cannot be empty");
+ exit(EXIT_FAILURE);
+ }
+ else
+ logg("Using log file %s", FTLfiles.log);
+}
+
 void read_FTLconf(void)
 {
  FILE *fp;
  char * buffer;
 
- if((fp = fopen(FTLfiles.conf, "r")) == NULL)
+ // Try to open default config file. Use fallback if not found
+ if( ((fp = fopen(FTLfiles.conf, "r")) == NULL) &&
+ ((fp = fopen(FTLfiles.snapConf, "r")) == NULL) &&
+ ((fp = fopen("pihole-FTL.conf", "r")) == NULL))
  {
  logg("Notice: Found no readable FTL config file");
  logg(" Using default settings");
@@ -244,6 +289,33 @@ void read_FTLconf(void)
  else
  logg(" DBIMPORT: Not importing history from database");
 
+ // PIDFILE
+ getpath(fp, "PIDFILE", "/var/run/pihole-FTL.pid", &FTLfiles.pid);
+
+ // PORTFILE
+ getpath(fp, "PORTFILE", "/var/run/pihole-FTL.port", &FTLfiles.port);
+
+ // SOCKETFILE
+ getpath(fp, "SOCKETFILE", "/var/run/pihole/FTL.sock", &FTLfiles.socketfile);
+
+ // WHITELISTFILE
+ getpath(fp, "WHITELISTFILE", "/etc/pihole/whitelist.txt", &files.whitelist);
+
+ // BLACKLISTFILE
+ getpath(fp, "BLACKLISTFILE", "/etc/pihole/blacklist.txt", &files.blacklist);
+
+ // GRAVITYFILE
+ getpath(fp, "GRAVITYFILE", "/etc/pihole/gravity.list", &files.gravity);
+
+ // REGEXLISTFILE
+ getpath(fp, "REGEXLISTFILE", "/etc/pihole/regex.list", &files.regexlist);
+
+ // SETUPVARSFILE
+ getpath(fp, "SETUPVARSFILE", "/etc/pihole/setupVars.conf", &files.setupVars);
+
+ // AUDITLISTFILE
+ getpath(fp, "AUDITLISTFILE", "/etc/pihole/auditlog.list", &files.auditlist);
+
  logg("Finished config file parsing");
 
  // Release memory
@@ -253,6 +325,40 @@ void read_FTLconf(void)
  fclose(fp);
 }
 
+void getpath(FILE* fp, const char *option, const char *defaultloc, char **pointer)
+{
+ // This subroutine is used to read paths from pihole-FTL.conf
+ // fp: File pointer to opened and readable config file
+ // option: Option string ("key") to try to read
+ // defaultloc: Value used if key is not found in file
+ // pointer: Location where read (or default) parameter is stored
+ char *buffer = parse_FTLconf(fp, "PIDFILE");
+
+ errno = 0;
+ // Use sscanf() to obtain filename from config file parameter only if buffer != NULL
+ if(buffer == NULL || sscanf(buffer, "%127ms", pointer) != 1)
+ {
+ // Use standard path if no custom path was obtained from the config file
+ *pointer = strdup(defaultloc);
+ }
+
+ // Test if memory allocation was successful
+ if(*pointer == NULL)
+ {
+ logg("FATAL: Allocating memory for %s failed (%s, %i). Exiting.", option, strerror(errno), errno);
+ exit(EXIT_FAILURE);
+ }
+ else if(strlen(*pointer) == 0)
+ {
+ logg(" %s: Empty file name is not possible!", option);
+ exit(EXIT_FAILURE);
+ }
+ else
+ {
+ logg(" %s: Using %s", option, *pointer);
+ }
+}
+
 static char *parse_FTLconf(FILE *fp, const char * key)
 {
  // Return NULL if fp is an invalid file pointer
@@ -326,11 +432,11 @@ void get_privacy_level(FILE *fp)
  if(buffer != NULL && sscanf(buffer, "%i", &value) == 1)
  {
  // Check for change and validity of privacy level (set in FTL.h)
- if(value != config.privacylevel &&
- value >= PRIVACY_SHOW_ALL &&
- value <= PRIVACY_NOSTATS)
+ if(value >= PRIVACY_SHOW_ALL &&
+ value <= PRIVACY_NOSTATS &&
+ value > config.privacylevel)
  {
- logg("Notice: Changing privacy level from %i to %i", config.privacylevel, value);
+ logg("Notice: Increasing privacy level from %i to %i", config.privacylevel, value);
  config.privacylevel = value;
  }
  }

database.c

@@ -393,10 +393,8 @@ void save_to_DB(void)
 
  // Memory checks
  validate_access("queries", i, true, __LINE__, __FUNCTION__, __FILE__);
- validate_access("domains", queries[i].domainID, true, __LINE__, __FUNCTION__, __FILE__);
- validate_access("clients", queries[i].clientID, true, __LINE__, __FUNCTION__, __FILE__);
 
- if(queries[i].private)
+ if(queries[i].privacylevel >= PRIVACY_MAXIMUM)
  {
  // Skip, we never store nor count queries recorded
  // while have been in maximum privacy mode in the database
@@ -413,10 +411,12 @@ void save_to_DB(void)
  sqlite3_bind_int(stmt, 3, queries[i].status);
 
  // DOMAIN
- sqlite3_bind_text(stmt, 4, domains[queries[i].domainID].domain, -1, SQLITE_TRANSIENT);
+ char *domain = getDomainString(i);
+ sqlite3_bind_text(stmt, 4, domain, -1, SQLITE_TRANSIENT);
 
  // CLIENT
- sqlite3_bind_text(stmt, 5, clients[queries[i].clientID].ip, -1, SQLITE_TRANSIENT);
+ char *client = getClientIPString(i);
+ sqlite3_bind_text(stmt, 5, client, -1, SQLITE_TRANSIENT);
 
  // FORWARD
  if(queries[i].status == QUERY_FORWARDED && queries[i].forwardID > -1)

datastructure.c

@@ -234,3 +234,29 @@ bool isValidIPv6(const char *addr)
  struct sockaddr_in6 sa;
  return inet_pton(AF_INET6, addr, &(sa.sin6_addr)) != 0;
 }
+
+// Privacy-level sensitive subroutine that returns the domain name
+// only when appropriate for the requested query
+char *getDomainString(int queryID)
+{
+ if(queries[queryID].privacylevel < PRIVACY_HIDE_DOMAINS)
+ {
+ validate_access("domains", queries[queryID].domainID, true, __LINE__, __FUNCTION__, __FILE__);
+ return domains[queries[queryID].domainID].domain;
+ }
+ else
+ return HIDDEN_DOMAIN;
+}
+
+// Privacy-level sensitive subroutine that returns the client IP
+// only when appropriate for the requested query
+char *getClientIPString(int queryID)
+{
+ if(queries[queryID].privacylevel < PRIVACY_HIDE_DOMAINS_CLIENTS)
+ {
+ validate_access("clients", queries[queryID].clientID, true, __LINE__, __FUNCTION__, __FILE__);
+ return clients[queries[queryID].clientID].ip;
+ }
+ else
+ return HIDDEN_CLIENT;
+}