openwrtv4/package/network/services/dnsmasq/patches/260-dnssec-SIGINT.patch

121 lines
3.7 KiB
Diff
Raw Normal View History

From 3c973ad92d317df736d5a8fde67baba6b102d91e Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sun, 14 Jan 2018 21:05:37 +0000
Subject: [PATCH] Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC
time validation.
---
src/dnsmasq.c | 36 +++++++++++++++++++++++++-----------
src/dnsmasq.h | 1 +
src/helper.c | 3 ++-
5 files changed, 38 insertions(+), 14 deletions(-)
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -137,7 +137,8 @@ int main (int argc, char **argv)
sigaction(SIGTERM, &sigact, NULL);
sigaction(SIGALRM, &sigact, NULL);
sigaction(SIGCHLD, &sigact, NULL);
-
+ sigaction(SIGINT, &sigact, NULL);
+
/* ignore SIGPIPE */
sigact.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &sigact, NULL);
@@ -815,7 +816,7 @@ int main (int argc, char **argv)
daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
- my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
+ my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until receipt of SIGINT"));
if (rc == 1)
my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid"));
@@ -1142,7 +1143,7 @@ static void sig_handler(int sig)
{
/* ignore anything other than TERM during startup
and in helper proc. (helper ignore TERM too) */
- if (sig == SIGTERM)
+ if (sig == SIGTERM || sig == SIGINT)
exit(EC_MISC);
}
else if (pid != getpid())
@@ -1168,6 +1169,15 @@ static void sig_handler(int sig)
event = EVENT_DUMP;
else if (sig == SIGUSR2)
event = EVENT_REOPEN;
+ else if (sig == SIGINT)
+ {
+ /* Handle SIGINT normally in debug mode, so
+ ctrl-c continues to operate. */
+ if (option_bool(OPT_DEBUG))
+ exit(EC_MISC);
+ else
+ event = EVENT_TIME;
+ }
else
return;
@@ -1295,14 +1305,7 @@ static void async_event(int pipe, time_t
{
case EVENT_RELOAD:
daemon->soa_sn++; /* Bump zone serial, as it may have changed. */
-
-#ifdef HAVE_DNSSEC
- if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
- {
- my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
- daemon->dnssec_no_time_check = 0;
- }
-#endif
+
/* fall through */
case EVENT_INIT:
@@ -1411,6 +1414,17 @@ static void async_event(int pipe, time_t
poll_resolv(0, 1, now);
break;
+ case EVENT_TIME:
+#ifdef HAVE_DNSSEC
+ if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
+ {
+ my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
+ daemon->dnssec_no_time_check = 0;
+ clear_cache_and_reload(now);
+ }
+#endif
+ break;
+
case EVENT_TERM:
/* Knock all our children on the head. */
for (i = 0; i < MAX_PROCS; i++)
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -175,6 +175,7 @@ struct event_desc {
#define EVENT_NEWROUTE 23
#define EVENT_TIME_ERR 24
#define EVENT_SCRIPT_LOG 25
+#define EVENT_TIME 26
/* Exit codes. */
#define EC_GOOD 0
--- a/src/helper.c
+++ b/src/helper.c
@@ -97,13 +97,14 @@ int create_helper(int event_fd, int err_
return pipefd[1];
}
- /* ignore SIGTERM, so that we can clean up when the main process gets hit
+ /* ignore SIGTERM and SIGINT, so that we can clean up when the main process gets hit
and SIGALRM so that we can use sleep() */
sigact.sa_handler = SIG_IGN;
sigact.sa_flags = 0;
sigemptyset(&sigact.sa_mask);
sigaction(SIGTERM, &sigact, NULL);
sigaction(SIGALRM, &sigact, NULL);
+ sigaction(SIGINT, &sigact, NULL);
if (!option_bool(OPT_DEBUG) && uid != 0)
{