Pi-hole FTL v5.0 #747

Signed-off-by: DL6ER <dl6er@dl6er.de>

Per-client blocking rules, intermediate CNAME path blocking and some more

…to disable deep CNAME inspection. This might be beneficial for very low-end devices. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…ular query is only seen by this client). Signed-off-by: DL6ER <dl6er@dl6er.de>

Add CNAME_DEEP_INSPECT config option

…are never untrusted data, so not security problem. Thanks to Klaus Eisentraut <klaus.eisentraut@web.de> for finding this. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…onally leads to false-negatives during the CI testing (the CI cannot always resolve the hostnames). Signed-off-by: DL6ER <dl6er@dl6er.de>

Do not try to resolve client host names during the tests

Add group zero support

Signed-off-by: DL6ER <dl6er@dl6er.de>

Thanks to Klaus Eisentraut <klaus.eisentraut@web.de> for finding this. Signed-off-by: DL6ER <dl6er@dl6er.de>

Calling lease_update_file() _can_ result in a call to periodic_ra() Since both the DHCPv6 and RA subsystems use the same packet buffer this can overwrite the DHCPv6 packet. To avoid this we ensure the DHCPv6 packet has been sent before calling lease_update_file(). Signed-off-by: DL6ER <dl6er@dl6er.de>

… chain, the originally queried domain itself was not counted as blocked (but as (permitted). Later in the chain, when we find that this is a bad guy, we short-circuit it. We need to correct the domain counter of the domain at the head of the chain, otherwise, the data for the top lists is misleading. For this, we go back the entire path and change the original request to blocked by increasing the blocked count of this domain by one. Fortunately, each CNAME path can easily be tracked back to the original head in FTL's data so we do not need to search it. This makes the change able to happen without causing any delay. Signed-off-by: DL6ER <dl6er@dl6er.de>

… this information during possible later CNAME inspection. This avoids the necessity to check the whitelist filters multiple times. Signed-off-by: DL6ER <dl6er@dl6er.de>

…ermitted property during an entire CNAME inspection process. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…FTL. Signed-off-by: DL6ER <dl6er@dl6er.de>

Change ownership of all shared memory objects before switching user

Tweak CNAME whitelisting behavior

Fix two testing errors

Top lists fix for deeply blocked CNAME chains

…an be used by TCP and UDP clients avoiding any doubled amount of work. Signed-off-by: DL6ER <dl6er@dl6er.de>

…now the same details about client/regex combinations. This commit also fixes an issue with regex group associations for configured clients that have no assigned group. Signed-off-by: DL6ER <dl6er@dl6er.de>

…rsion 9. Signed-off-by: DL6ER <dl6er@dl6er.de>

…t for domains and clients. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Add shared DNS cache between forks

Since the source address of the RAs must be the link-local address.

Hello, My home network has a DNS search domain of home.arpa and my machine's dnsmasq instance is configured with: server=/home.arpa/192.168.0.1 server=//192.168.0.1 stop-dns-rebind rebind-domain-ok=home.arpa rebind-domain-ok=// # Match unqualified domains Querying my router's FQDN works as expected: dnsmasq: query[A] gateway.home.arpa from 127.0.0.1 dnsmasq: forwarded gateway.home.arpa to 192.168.0.1 dnsmasq: reply gateway.home.arpa is 192.168.0.1 But using an unqualified domain name does not: dnsmasq: query[A] gateway from 127.0.0.1 dnsmasq: forwarded gateway to 192.168.0.1 dnsmasq: possible DNS-rebind attack detected: gateway The attached patch addresses this issue by checking for SERV_NO_REBIND when handling dotless domains. >From 0460b07108b009cff06e29eac54910ec2e7fafce Mon Sep 17 00:00:00 2001 From: guns <self@sungpae.com> Date: Mon, 30 Dec 2019 16:34:23 -0600 Subject: [PATCH] Check for SERV_NO_REBIND on unqualified domains Signed-off-by: DL6ER <dl6er@dl6er.de>

Fail on overlarge files (block numbers are limited to 16 bits) Honour tftp-max setting in single port mode. Tweak timeouts, and fix logic which suppresses errors if the last ACK is missing. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

The standard for this never made it beyond an internet-draft which expired in 2012, so it can be considered dead, I think. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…s the compilation process faster. It tells the compiler to use pipes instead of temporary files during the different stages of compilation. Experiments on an AMD Athlon II X2 shows that the compile time reduces from (95.4+/-2.8)s to (88.4+/-0.2)s with this option. The measured differences are averages over 20 compilations, each. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Fix for blocking modes

…n to be blocked. Signed-off-by: DL6ER <dl6er@dl6er.de>

Store additional data when a deep CNAME inspection identified a domain to be blocked

…he entire CNAME chain is to be permitted. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Fix internal DNS cache twist

Signed-off-by: DL6ER <dl6er@dl6er.de>

Clarify gravity database debug message

…EX_CNAME, QUERY_BLACKLIST_CNAME] and store domain that was the reason for blocking during a CNAME inspection Signed-off-by: DL6ER <dl6er@dl6er.de>

Don't use the `latest` tag, use the specific version.

Pin build image to specific version.

…EX_CNAME, QUERY_BLACKLIST_CNAME] and store domain that was the reason for blocking during a CNAME inspection Signed-off-by: DL6ER <dl6er@dl6er.de>

…e -g itself. This drastically reduces the runtime of reload-lists. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Use precomputed gravity count from database

Signed-off-by: DL6ER <dl6er@dl6er.de>

…rting identical regex filters multiple times. Signed-off-by: DL6ER <dl6er@dl6er.de>

… empty domains in server=//... configurations. Signed-off-by: DL6ER <dl6er@dl6er.de>

…66b3434 Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

The previous code here, which started fast-RA whenever that local address associated with a DHCP context changed, is very vulnerable to flapping due to dynamically created addresses in the same net. Simplify so that if a context which has never found an interface now finds one, that gets advertised, but not for other changes. That satisfies the original intention that prefixes not in place when dnsmasq starts should be recognised. Also totally ignore all interfaces where we are configured not to do DHCP, to preclude flapping of they have prefixes in common with interfaces where we do DHCP. Signed-off-by: DL6ER <dl6er@dl6er.de>

When a request matching the clid or mac address is recieved the server will iterate over all candidate addresses until it find's one that is not already leased to a different clid/iaid and advertise this address. Using multiple reservations for a single host makes it possible to maintain a static leases only configuration which support network booting systems with UEFI firmware that request a new address (a new SOLICIT with a new IA_NA option using a new IAID) for different boot modes, for instance 'PXE over IPv6', and 'HTTP-Boot over IPv6'. Open Virtual Machine Firmware (OVMF) and most UEFI firmware build on the EDK2 code base exhibit this behaviour. Signed-off-by: DL6ER <dl6er@dl6er.de>

…resses. Signed-off-by: DL6ER <dl6er@dl6er.de>

Fix negative blocked queries on v5.0 beta

Use -pipe

Ensure each regex is imported only once

Signed-off-by: DL6ER <dl6er@dl6er.de>

…uture. We used sed to ensure to have caught every reference. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

… into new/CNAME_inspection_details Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Fix subtracting one from the wrong variable

Improvements to deep CNAME inspection data processing

…ain if blocking happend during CNAME inspection Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

When dnsmasq forks a child to handle a TCP connection, that child inherits the netlink socket that the main process has open. The child never uses that socket, but there's a chance that when the main process uses the netlink socket, the answer will go to a child process which has a copy of the socket. This causes the main process to block forever awaiting the answer which never comes. The solution is for the child process to close the netlink socket it inherits after the fork(). There's a nasty race because the error decribed above could still occur in the window between the fork() and the close() syscalls. That's fixed by blocking the parent awaiting a single byte sent though the pipe the two processes share. This byte is sent by the child after calling close() on the netlink socket. Thanks to Alin Năstac for spotting this. Signed-off-by: DL6ER <dl6er@dl6er.de>

…1b49c851b531810 Signed-off-by: DL6ER <dl6er@dl6er.de>

Instead, check only local configured entries are answered without rdbit set. All cached replies are still denied, but locally configured names are available with both recursion and without it. Fixes commit 4139298d287eb5c57f4aa53c459cb02fc5be2495 unintended behaviour. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

The former should be used according to POSIX, otherwise it causes bunches of warnings when compiling for musl-based distros like Alpine Linux. Signed-off-by: DL6ER <dl6er@dl6er.de>

Make the existing "insecure DS received" warning more informative by reporting the domain name reporting the issue. This may help identify a problem with a specific domain or server configuration. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Propagate ID of responsible regex up in CNAME inspection

…server. This is using an undocumented feature. Signed-off-by: DL6ER <dl6er@dl6er.de>

Force FTL to use itself as DNS server for name lookups

…EC status (this will not cause a text to be shown on the Query Log). We do not use the UNKNOWN status anywhere else, so we can now get rid of it. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Remove UNKNOWN DNSSEC status and import queries with UNSPECIFIED DNSS…

Fix incorrect database warnings

Signed-off-by: DL6ER <dl6er@dl6er.de>

… This may help on slow devices where updating the database is not yet finished when FTL is already trying to re-read to database tables. Signed-off-by: DL6ER <dl6er@dl6er.de>

Try to reopen gravity database when not available

Signed-off-by: DL6ER <dl6er@dl6er.de>

Note that the the current release of Nettle doesn't yet have support. This code will become active on the next Nettle release. Signed-off-by: DL6ER <dl6er@dl6er.de>

Requires forthcoming nettle 3.6 release. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Dnsmasq needs to close all the file descriptors it inherits, for security reasons. This is traditionally done by calling close() on every possible file descriptor (most of which won't be open.) On big servers where "every possible file descriptor" is a rather large set, this gets rather slow, so we use the /proc/<pid>/fd directory to get a list of the fds which are acually open. This only works on Linux. On other platforms, and on Linux systems without a /proc filesystem, we fall back to the old way. Signed-off-by: DL6ER <dl6er@dl6er.de>

…t may use Classless Inter-Domain Routing (CIDR) notation. This is also known as variable-length subnet masking (VLSM) technique. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…dition. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…TL forcing itself as the first resolver of the system Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Errors encountered if building with 'NO_DHCP6' introduced by commit 137286e9baecf6a3ba97722ef1b49c851b531810 option.c: In function 'dhcp_config_free': option.c:1040:24: error: 'struct dhcp_config' has no member named 'addr6'; did you mean 'addr'? for (addr = config->addr6; addr; addr = tmp) ^~~~~ addr option.c: In function 'one_opt': option.c:3227:7: error: 'struct dhcp_config' has no member named 'addr6'; did you mean 'addr'? new->addr6 = NULL; ^~~~~ addr Wrap new code in ifdef HAVE_DHCP6 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: DL6ER <dl6er@dl6er.de>

Route lookup in Linux is bounded by `ip rules` as well as the contents of specific routing tables. With the advent of vrf's(l3mdev's) non-default tables are regularly being used for routing purposes. dnsmasq listens to all route changes on the box and responds to each one with an event. This is *expensive* when a full BGP routing table is placed into the linux kernel, moreso when dnsmasq is responding to events in tables that it will never actually need to respond to, since dnsmasq at this point in time has no concept of vrf's and would need to be programmed to understand them. Help alleviate this load by reducing the set of data that dnsmasq pays attention to when we know there are events that are not useful at this point in time. Signed-off-by: Donald Sharp <donaldsharp72@gmail.com> Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

When dhcp-host options can have many IPv6 addresses, we need to deal with one of them being declined by a client. The other addresses are still valid. It seems that this logic never worked, even with only one address, since the DECLINED flag was never tested. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…d for the musl builds). Reenable compilation by pretending that <poll.h> should be used instead of <sys/poll.h>. This is what we did before the mentioned commit. Signed-off-by: DL6ER <dl6er@dl6er.de>

…a yet to be done modification to the web interface to hide the mock hardware addresses we generate for these devices. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…esulting binary... Signed-off-by: DL6ER <dl6er@dl6er.de>

…re-opened. Signed-off-by: DL6ER <dl6er@dl6er.de>

…ceeds to 10 mins default Signed-off-by: DL6ER <dl6er@dl6er.de>

…). No need to call it twice in FTL_reload_all_domainlists(). Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: DL6ER <dl6er@dl6er.de>

rfc3315.c:1711:28: warning: use of logical '&&' with constant operand [-Wconstant-logical-operand] if (!(addr_list->flags && ADDRLIST_DECLINED) || ^ ~~~~~~~~~~~~~~~~~ It's a flag bit so should be bitwise '&' operator Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: DL6ER <dl6er@dl6er.de>

There was discussion in the past regarding DHCPv6 NTP server option which needs special subclassing per RFC5908. Patch adds support for unicast, multicast IPv6 address and for FQDN string, preserving possibly used (as suggested earlier) hex value. Unfortunately it's still not fully free from limitations - only address list or only fqdn value list is possible, not mixed due current state option parsing & flagging. Signed-off-by: DL6ER <dl6er@dl6er.de>

Error with prefixed address assignment. When it is calculating number of addresses from prefixlen, it rotates only 32bit int instead of 64b uint. Only result is assigned to 64b variable. Two examples: dhcp-host=[2000::1230:0:0/92],correct-prefix dhcp-host=[2000::1234:5678:0/92],incorrect-prefix If prefix length is lower than 96, the result is zero. It means incorrect-prefix is not refused as it should. Fix is simple, attaching patch with it. Just rotate 64b int. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…debugging output to ARP processing. Signed-off-by: DL6ER <dl6er@dl6er.de>

…n the last 24 hours. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…ree SQL query. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…nly used for applications in Internet telephony, for example, in the mapping of servers and user addresses in the Session Initiation Protocol (SIP) Signed-off-by: DL6ER <dl6er@dl6er.de>

Add support for Name Authority Pointer (NAPTR) resource record

…re it. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…TALE. Signed-off-by: DL6ER <dl6er@dl6er.de>

…eject the loopback address if rebind-localhost-ok is NOT set. Signed-off-by: DL6ER <dl6er@dl6er.de>

Deal with both old kernel header files that don't define it, and old kernels that don't implement it. Also generalise Linux kernel version handling.

When ubus_add_object fails, the ubus_connect object is not freed, so the connection leaks. Add ubus_destroy to free the connection object. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>

…cesses. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…e do not even try to collect queries when we cannot write to the database. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…always catch the right error. Signed-off-by: DL6ER <dl6er@dl6er.de>

… to database being locked). Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…lot of (wrong) VSCode errors. Doing this on request of a user as it is harmless. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…base was not available. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

… enabled. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…when we gather ARP/neigh information about them. Signed-off-by: DL6ER <dl6er@dl6er.de>

Internal resolver tweaks

Implement subnet support for clients

Signed-off-by: DL6ER <dl6er@dl6er.de>

Add all clients FTL knows about to the network table

Signed-off-by: DL6ER <dl6er@dl6er.de>

If dnsmasq is not acting as an authoritative nameserver (no second argument to --auth-server) then it should not appear in the NS RRset. This leaves simply the list of servers specified in --auth-sec-servers. Signed-off-by: DL6ER <dl6er@dl6er.de>

Same as for the dbus, allow specifying ubus service name (namespace) on the command line as an optional argument to --enable-ubus option. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com> Signed-off-by: DL6ER <dl6er@dl6er.de>

Add DELAY_STARTUP setting to delay startup of the embedded dnsmasq

Improvements to overall database handling

…ot check for a strict number of clients during the tests. No changes to the source code. Signed-off-by: DL6ER <dl6er@dl6er.de>

…his was broken before as we returned too early (the SQLite3 engine was not yet fully initialized) when the long-term database was disabled. Signed-off-by: DL6ER <dl6er@dl6er.de>

Fix tests after ARP table modifications

Ensure blocking also works when the long-term database is not used

Signed-off-by: DL6ER <dl6er@dl6er.de>

…ents. Signed-off-by: DL6ER <dl6er@dl6er.de>

…en leakage of more than 110 bytes) Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…Skip otherwise. Signed-off-by: DL6ER <dl6er@dl6er.de>

…t is not our job to care about them if they are not doing any DNS queries. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Fix FTL crashes in ARP table parsing

Signed-off-by: DL6ER <dl6er@dl6er.de>

…ag is set. Signed-off-by: DL6ER <dl6er@dl6er.de>

…accessing the database in case FTL forked. Signed-off-by: DL6ER <dl6er@dl6er.de>

…connection multiple times for the same fork Signed-off-by: DL6ER <dl6er@dl6er.de>

…. This fixes an incompatibility across forks when serving TCP traffic using dedicated workers. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…y the musl-compiler Signed-off-by: DL6ER <dl6er@dl6er.de>

…nts exactly by their IDs Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…connection closed) Signed-off-by: DL6ER <dl6er@dl6er.de>

Restore fork-safety

A call to get_new_frec() for a DNSSEC query could manage to free the original frec that we're doing the DNSSEC query to validate. Bad things then happen. This requires that the original frec is old, so it doesn't happen in practice. I found it when running under gdb, and there have been reports of SEGV associated with large system-clock warps which are probably the same thing. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: Kevin 'silibum' Böhme <kboehme@silibum.de> Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

Restore audit wildcard-support

…btain a host name by using the internal resolver (i.e., FTL). In a second step, when FTL didn't know the answer, ask the resolvers as configured by resolv.conf. We've seen that the latter is necessary to get proper name resolution in docker environments. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…n_others Improve internal resolver algorithm

Signed-off-by: DL6ER <dl6er@dl6er.de>

Update embedded dnsmasq to v2.81

… qemu issue). Signed-off-by: DL6ER <dl6er@dl6er.de>

Don't try setsockopt of non-existing NETLINK_NO_ENOBUFS option (fixes…

…n (fixes qemu issue)." This reverts commit e119ef8. Signed-off-by: DL6ER <dl6er@dl6er.de>

…..) into warning. We call this, which avoids POLLERR returns from netlink on a loaded system, if the kernel is new enough to support it. Sadly, qemu-user doesn't support the socket option, so if it fails despite the kernel being new enough to support it, we just emit a warning, rather than failing hard. Signed-off-by: DL6ER <dl6er@dl6er.de>

…ion to control this. Signed-off-by: DL6ER <dl6er@dl6er.de>

…e disabled by setting BLOCK_ESNI=false in pihole-FTL.conf Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…masq binary. Signed-off-by: DL6ER <dl6er@dl6er.de>

Signed-off-by: DL6ER <dl6er@dl6er.de>

…nt (pre-v5.0 measure) but use the dedicated blockingstatus variable. Signed-off-by: DL6ER <dl6er@dl6er.de>

Fix API summary status report

Automatically block _esni.* subdomains of blocked domains

…d7774e870d4cc1c Install proper qemu fix

Make regex matching case-insensitive by default

Add dnsmasq drop-in replacement support

Signed-off-by: Adam Warner <me@adamwarner.co.uk>

Remove swag store link from readme

…ss no-op. Signed-off-by: DL6ER <dl6er@dl6er.de>

…get property. Signed-off-by: DL6ER <dl6er@dl6er.de>

Fix FTL crash on closing handle to corrupted databases

Signed-off-by: DL6ER <dl6er@dl6er.de>

Fix bit-order in subnet mask generation

Pi-hole FTL v5.0 #747

Pi-hole FTL v5.0 #747

Commits on Dec 11, 2019

Commits on Dec 12, 2019

Commits on Dec 16, 2019

Commits on Dec 18, 2019

Commits on Dec 20, 2019

Commits on Dec 21, 2019

Commits on Dec 27, 2019

Commits on Dec 28, 2019

Commits on Dec 30, 2019

Commits on Dec 31, 2019

Commits on Jan 3, 2020

Commits on Jan 5, 2020

Commits on Jan 8, 2020

Commits on Jan 11, 2020

Commits on Jan 15, 2020

Commits on Jan 20, 2020

Commits on Jan 21, 2020

Commits on Jan 23, 2020

Commits on Jan 27, 2020

Commits on Jan 28, 2020

Commits on Jan 29, 2020

Commits on Feb 2, 2020

Commits on Feb 3, 2020

Commits on Feb 4, 2020

Commits on Feb 5, 2020

Commits on Feb 6, 2020

Commits on Feb 7, 2020

Commits on Feb 10, 2020

Commits on Feb 11, 2020

Commits on Feb 12, 2020

Commits on Feb 14, 2020

Commits on Feb 15, 2020

Commits on Feb 19, 2020

Commits on Feb 20, 2020

Commits on Feb 21, 2020

Commits on Feb 22, 2020

Commits on Feb 25, 2020

Commits on Mar 2, 2020

Commits on Mar 3, 2020

Commits on Mar 4, 2020

Commits on Mar 6, 2020

Commits on Mar 7, 2020

Commits on Mar 8, 2020

Commits on Mar 13, 2020

Commits on Mar 14, 2020

Commits on Mar 15, 2020

Commits on Mar 16, 2020

Commits on Mar 17, 2020

Commits on Mar 23, 2020

Commits on Mar 24, 2020

Commits on Mar 25, 2020

Commits on Mar 28, 2020

Commits on Mar 29, 2020

Commits on Mar 31, 2020

Commits on Apr 2, 2020

Commits on Apr 6, 2020

Commits on Apr 7, 2020

Commits on Apr 9, 2020

Commits on Apr 10, 2020

Commits on Apr 12, 2020

Commits on Apr 18, 2020

Commits on Apr 19, 2020

Commits on Apr 20, 2020

Commits on Apr 21, 2020

Commits on Apr 22, 2020

Commits on Apr 23, 2020

Commits on Apr 28, 2020

Commits on May 1, 2020

Commits on May 3, 2020

Commits on May 5, 2020

Commits on May 8, 2020