Attribution update.

Conflicts:
	CHANGELOG

CHANGELOG

@@ -1,3 +1,35 @@
+version 2.72
+            Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+
+	    Add support for "ipsets" in *BSD, using pf. Thanks to 
+	    Sven Falempim for the patch.
+
+	    Fix race condition which could lock up dnsmasq when an 
+	    interface goes down and up rapidly. Thanks to Conrad 
+	    Kostecki for helping to chase this down.
+
+	    Add DBus methods SetFilterWin2KOption and SetBogusPrivOption
+	    Thanks to the Smoothwall project for the patch.
+	    
+
+version 2.71
+            Subtle change to error handling to help DNSSEC validation 
+	    when servers fail to provide NODATA answers for 
+	    non-existent DS records.
+
+	    Tweak code which removes DNSSEC records from answers when
+	    not required. Fixes broken answers when additional section
+	    has real records in it. Thanks to Marco Davids for the bug 
+	    report.
+
+	    Fix DNSSEC validation of ANY queries. Thanks to Marco Davids
+	    for spotting that too.
+
+	    Fix total DNS failure and 100% CPU use if cachesize set to zero,
+	    regression introduced in 2.69. Thanks to James Hunt and
+	    the Ubuntu crowd for assistance in fixing this.
+
+
 version 2.70
             Fix crash, introduced in 2.69, on TCP request when dnsmasq
 	    compiled with DNSSEC support, but running without DNSSEC

Makefile

@@ -69,7 +69,7 @@ objs = cache.o rfc1035.o util.o option.o forward.o network.o \
        dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
        helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
        dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \
-       domain.o dnssec.o blockdata.o
+       domain.o dnssec.o blockdata.o tables.c
 
 hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
        dns-protocol.h radv-protocol.h ip6addr.h

bld/Android.mk

@@ -9,7 +9,7 @@ LOCAL_SRC_FILES :=  bpf.c cache.c dbus.c dhcp.c dnsmasq.c \
 		    rfc2131.c tftp.c util.c conntrack.c \
 		    dhcp6.c rfc3315.c dhcp-common.c outpacket.c \
 		    radv.c slaac.c auth.c ipset.c domain.c \
-	            dnssec.c dnssec-openssl.c blockdata.c
+	            dnssec.c dnssec-openssl.c blockdata.c tables.c
 
 LOCAL_MODULE := dnsmasq
 

dbus/DBus-interface

@@ -40,6 +40,14 @@ ClearCache
 Returns nothing. Clears the domain name cache and re-reads
 /etc/hosts. The same as sending dnsmasq a HUP signal.
 
+SetFilterWin2KOption
+--------------------
+Takes boolean, sets or resets the --filterwin2k option.
+
+SetBogusPrivOption
+------------------
+Takes boolean, sets or resets the --bogus-priv option.
+
 SetServers
 ----------
 Returns nothing. Takes a set of arguments representing the new

debian/changelog

@@ -1,3 +1,37 @@
+dnsmasq (2.72-1) unstable; urgency=low
+
+   * New upstream.
+
+ -- Simon Kelley <simon@thekelleys.org.uk>  Fri, 20 May 2014 21:01:11 +0000
+
+dnsmasq (2.71-1) unstable; urgency=low
+
+   * New upstream.
+   * Fix 100% CPU-usage bug when dnsmasq started with cachesize
+     set to zero. (LP: #1314697)
+
+ -- Simon Kelley <simon@thekelleys.org.uk>  Fri, 16 May 2014 20:17:10 +0000
+
+dnsmasq (2.70-3) unstable; urgency=medium
+
+   * Write a pid-file, even when being started using systemd, since
+     other components may wish to signal dnsmasq.
+   * Enable dnsmasq systemd unit on install. Otherwise dnsmasq does not run on
+     fresh installations (without administrator handholding) and even worse it
+     is disabled on systems switching from sysv to systemd. Modify
+     postinst/postrm exactly as dh_systemd would, add dependency on
+     init-system-helpers. Closes: #724602
+
+ -- Simon Kelley <simon@thekelleys.org.uk>  Sun, 11 May 2014 17:45:21 +0000
+
+dnsmasq (2.70-2) unstable; urgency=low
+
+   * Ensure daemon not stared if dnsmasq package has been removed,
+     even if dnsmasq-base is still installed. (closes: #746941)
+   * Tidy cruft in initscript. (closes: #746940)
+
+ -- Simon Kelley <simon@thekelleys.org.uk>  Sun, 04 May 2014 21:34:11 +0000
+
 dnsmasq (2.70-1) unstable; urgency=low
 
    * New upstream.

debian/control

@@ -2,13 +2,15 @@ Source: dnsmasq
 Section: net
 Priority: optional
 Build-depends: gettext, libnetfilter-conntrack-dev [linux-any],
-               libidn11-dev, libdbus-1-dev (>=0.61), libgmp-dev, nettle-dev (>=2.4-3)
+               libidn11-dev, libdbus-1-dev (>=0.61), libgmp-dev, 
+               nettle-dev (>=2.4-3)
 Maintainer: Simon Kelley <simon@thekelleys.org.uk>
 Standards-Version: 3.9.3
 
 Package: dnsmasq
 Architecture: all
-Depends: netbase, dnsmasq-base(>= ${binary:Version})
+Depends: netbase, dnsmasq-base(>= ${binary:Version}),
+         init-system-helpers (>= 1.18~)
 Suggests: resolvconf
 Conflicts: resolvconf (<<1.15)
 Description: Small caching DNS proxy and DHCP/TFTP server

debian/init

@@ -29,6 +29,12 @@ if [ -r /etc/default/locale ]; then
         export LANG
 fi
 
+# /etc/dnsmasq.d/README is a non-conffile installed by the dnsmasq package.
+# Should the dnsmasq package be removed, the following test ensures that
+# the daemon is no longer started, even if the dnsmasq-base package is
+# still in place.
+test -e /etc/dnsmasq.d/README || exit 0
+
 test -x $DAEMON || exit 0
 
 # Provide skeleton LSB log functions for backports which don't have LSB functions.
@@ -152,9 +158,6 @@ stop()
 	#   2 if daemon could not be stopped
 	#   other if a failure occurred
 	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/dnsmasq/$NAME.pid --name $NAME
-	RETVAL="$?"
-	[ "$RETVAL" = 2 ] && return 2
-	return "$RETVAL"
 }
 
 stop_resolvconf()
@@ -274,9 +277,15 @@ case "$1" in
 	stop_resolvconf
 	;;
   systemd-exec)
-#  --pid-file without argument disables writing a PIDfile, we don't need one with sytemd.
+# /var/run may be volatile, so we need to ensure that
+        # /var/run/dnsmasq exists here as well as in postinst
+        if [ ! -d /var/run/dnsmasq ]; then
+           mkdir /var/run/dnsmasq || return 2
+           chown dnsmasq:nogroup /var/run/dnsmasq || return 2
+        fi
 # Enable DBus by default because we use DBus activation with systemd.
-	exec $DAEMON --keep-in-foreground --pid-file --enable-dbus \
+	exec $DAEMON --keep-in-foreground --enable-dbus \
+	    -x /var/run/dnsmasq/$NAME.pid \
 	    ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \
 	    ${MAILTARGET:+ -t $MAILTARGET} \
 	    ${DNSMASQ_USER:+ -u $DNSMASQ_USER} \

debian/postinst

@@ -1,6 +1,22 @@
 #!/bin/sh
 set -e
 
+# Code copied from dh_systemd_enable ----------------------
+# This will only remove masks created by d-s-h on package removal.
+deb-systemd-helper unmask dnsmasq.service >/dev/null || true
+
+# was-enabled defaults to true, so new installations run enable.
+if deb-systemd-helper --quiet was-enabled dnsmasq.service; then
+	# Enables the unit on first installation, creates new
+	# symlinks on upgrades if the unit file has changed.
+	deb-systemd-helper enable dnsmasq.service >/dev/null || true
+else
+	# Update the statefile to add new symlinks (if any), which need to be
+	# cleaned up on purge. Also remove old symlinks.
+	deb-systemd-helper update-state dnsmasq.service >/dev/null || true
+fi
+# End code copied from dh_systemd_enable ------------------
+
 if [ -x /etc/init.d/dnsmasq ]; then
    update-rc.d dnsmasq defaults 15 85 >/dev/null
 

debian/postrm

@@ -4,3 +4,19 @@ set -e
 if [ purge = "$1" ]; then
    update-rc.d dnsmasq remove >/dev/null
 fi
+
+# Code copied from dh_systemd_enable ----------------------
+if [ "$1" = "remove" ]; then
+	if [ -x "/usr/bin/deb-systemd-helper" ]; then
+		deb-systemd-helper mask dnsmasq.service >/dev/null
+	fi
+fi
+
+if [ "$1" = "purge" ]; then
+	if [ -x "/usr/bin/deb-systemd-helper" ]; then
+		deb-systemd-helper purge dnsmasq.service >/dev/null
+		deb-systemd-helper unmask dnsmasq.service >/dev/null
+	fi
+fi
+# End code copied from dh_systemd_enable ------------------
+

debian/rules

@@ -11,18 +11,16 @@
 
 package=dnsmasq-base
 
-CFLAGS = $(shell export DEB_BUILD_OPTIONS=$(DEB_BUILD_OPTIONS); dpkg-buildflags --get CFLAGS)
-CFLAGS += $(shell dpkg-buildflags --get CPPFLAGS)
+dpkg_buildflags := DEB_BUILD_MAINT_OPTIONS="hardening=+all" dpkg-buildflags
+
+CFLAGS = $(shell $(dpkg_buildflags) --get CFLAGS)
+CFLAGS += $(shell $(dpkg_buildflags) --get CPPFLAGS)
 CFLAGS += -Wall -W
 
-LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS)
+LDFLAGS = $(shell $(dpkg_buildflags) --get LDFLAGS)
 
 DEB_COPTS = $(COPTS)
 
-# The nettle library in Debian is too old to include
-# ECC support.
-DEB_COPTS += -DNO_NETTLE_ECC
-
 TARGET = install-i18n
 
 DEB_BUILD_ARCH_OS := $(shell dpkg-architecture -qDEB_BUILD_ARCH_OS)

debian/systemd.service

@@ -13,9 +13,8 @@ ExecStartPre=/usr/sbin/dnsmasq --test
 # itself, when called with the "systemd-exec" function.
 #
 # It also adds the command-line flags
-#    --keep-in-foreground --pid-file --enable-dbus 
-# to disable writing a pid-file (not needed with systemd) and 
-# enable DBus by default because we use DBus activation.
+#    --keep-in-foreground --enable-dbus 
+# to enable DBus by default because we use DBus activation.
 #
 ExecStart=/etc/init.d/dnsmasq systemd-exec
 

man/dnsmasq.8

@@ -794,7 +794,7 @@ and
 for details.)
 
 For IPv6, the mode may be some combination of
-.B ra-only, slaac, ra-names, ra-stateless.
+.B ra-only, slaac, ra-names, ra-stateless, ra-advrouter.
 
 .B ra-only
 tells dnsmasq to offer Router Advertisement only on this subnet,
@@ -829,6 +829,11 @@ can be combined  with
 and
 .B slaac.
 
+.B ra-advrouter
+enables a mode where router address(es) rather than prefix(es) are included in the advertisements.
+This is described in RFC-3775 section 7.2 and is used in mobile IPv6. In this mode the interval option
+is also included, as described in RFC-3775 section 7.3.
+
 .TP
 .B \-G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
 Specify per host parameters for the DHCP server. This allows a machine

po/de.po

@@ -9,17 +9,19 @@
 # Simon Kelley <simon@thekelleys.org.uk>, 2005.
 msgid ""
 msgstr ""
-"Project-Id-Version: dnsmasq 2.53rc1\n"
+"Project-Id-Version: dnsmasq 2.70\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2009-06-18 12:24+0100\n"
-"PO-Revision-Date: 2012-04-05 17:54+0100\n"
-"Last-Translator: Conrad Kostecki <ConiKost@gmx.de>\n"
+"PO-Revision-Date: 2014-05-01 22:51+0100\n"
+"Last-Translator: Conrad Kostecki <ck@conrad-kostecki.de>\n"
 "Language-Team: German <de@li.org>\n"
 "Language: de\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 1.6.5\n"
+"X-Poedit-SourceCharset: UTF-8\n"
 
 #: cache.c:821
 #, c-format
@@ -57,8 +59,12 @@ msgstr "%s ist ein CNAME, weise es der DHCP-Lease von %s nicht zu"
 
 #: cache.c:1114
 #, c-format
-msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
-msgstr "Name %s wurde dem DHCP-Lease von %s nicht zugewiesen, da der Name in %s bereits mit Adresse %s existiert"
+msgid ""
+"not giving name %s to the DHCP lease of %s because the name exists in %s "
+"with address %s"
+msgstr ""
+"Name %s wurde dem DHCP-Lease von %s nicht zugewiesen, da der Name in %s "
+"bereits mit Adresse %s existiert"
 
 #: cache.c:1159
 #, c-format
@@ -68,7 +74,9 @@ msgstr "Zeit %lu"
 #: cache.c:1160
 #, c-format
 msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
-msgstr "Cache Größe %d, %d/%d Cache-Einfügungen verwendeten nicht abgelaufene Cache-Einträge wieder."
+msgstr ""
+"Cache Größe %d, %d/%d Cache-Einfügungen verwendeten nicht abgelaufene Cache-"
+"Einträge wieder."
 
 #: cache.c:1162
 #, c-format
@@ -78,12 +86,13 @@ msgstr "%u weitergeleitete Anfragen, %u lokal beantwortete Anfragen"
 #: cache.c:1165
 #, c-format
 msgid "queries for authoritative zones %u"
-msgstr ""
+msgstr "Anfragen nach autoritativen Zonen %u"
 
 #: cache.c:1188
 #, c-format
 msgid "server %s#%d: queries sent %u, retried or failed %u"
-msgstr "Server %s#%d: %u Anfragen gesendet, %u erneut versucht oder fehlgeschlagen"
+msgstr ""
+"Server %s#%d: %u Anfragen gesendet, %u erneut versucht oder fehlgeschlagen"
 
 #: util.c:67
 #, c-format
@@ -126,11 +135,13 @@ msgstr "IP-Adresse für alle Hosts in angebenen Domänen festlegen."
 # from the manpage instead. -- MA
 #: option.c:303
 msgid "Fake reverse lookups for RFC1918 private address ranges."
-msgstr "Für private Adressbereiche nach RFC1918 \"keine solche Domain\" liefern."
+msgstr ""
+"Für private Adressbereiche nach RFC1918 \"keine solche Domain\" liefern."
 
 #: option.c:304
 msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
-msgstr "Diese IP-Adresse als NXDOMAIN interpretieren (wehrt \"Suchhilfen\" ab)."
+msgstr ""
+"Diese IP-Adresse als NXDOMAIN interpretieren (wehrt \"Suchhilfen\" ab)."
 
 #: option.c:305
 #, c-format
@@ -325,11 +336,13 @@ msgstr "Gültigkeitsdauer für Antworten aus /etc/hosts festlegen."
 
 #: option.c:350
 msgid "Specify time-to-live in seconds for negative caching."
-msgstr "Gültigkeitsdauer in Sekunden für Caching negativer Ergebnisse festlegen."
+msgstr ""
+"Gültigkeitsdauer in Sekunden für Caching negativer Ergebnisse festlegen."
 
 #: option.c:351
 msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
-msgstr "Gültigkeitsdauer in Sekunden für Caching negativer Ergebnisse festlegen."
+msgstr ""
+"Gültigkeitsdauer in Sekunden für Caching negativer Ergebnisse festlegen."
 
 #: option.c:352
 #, c-format
@@ -354,7 +367,8 @@ msgstr "SRV-Eintrag festlegen."
 
 #: option.c:357
 msgid "Display this message. Use --help dhcp for known DHCP options."
-msgstr "Diese Hilfe anzeigen. Benutzen Sie --help dhcp für bekannte DHCP-Optionen."
+msgstr ""
+"Diese Hilfe anzeigen. Benutzen Sie --help dhcp für bekannte DHCP-Optionen."
 
 #: option.c:358
 #, c-format
@@ -409,7 +423,9 @@ msgstr "MAC-Adresse (mit Jokerzeichen) auf Netzmarke abbilden."
 
 #: option.c:370
 msgid "Treat DHCP requests on aliases as arriving from interface."
-msgstr "DHCP-Anfragen von Alias-Schnittstellen für die Hauptschnittstelle beantworten."
+msgstr ""
+"DHCP-Anfragen von Alias-Schnittstellen für die Hauptschnittstelle "
+"beantworten."
 
 #: option.c:371
 msgid "Disable ICMP echo address checking in the DHCP server."
@@ -421,7 +437,8 @@ msgstr "Skript, das bei Erzeugung/Löschung einer DHCP-Lease laufen soll."
 
 #: option.c:373
 msgid "Lua script to run on DHCP lease creation and destruction."
-msgstr "Lua-Skript, welches bei Erzeugung/Löschung eines DHCP-Leases laufen soll."
+msgstr ""
+"Lua-Skript, welches bei Erzeugung/Löschung eines DHCP-Leases laufen soll."
 
 #: option.c:374
 msgid "Run lease-change scripts as this user."
@@ -455,7 +472,9 @@ msgstr "Von DHCP-Clients gelieferte Hostnamen ignorieren."
 
 #: option.c:381
 msgid "Do NOT reuse filename and server fields for extra DHCP options."
-msgstr "Dateinamen und Server-Datenfehler für zusätzliche DHCP-Optionen NICHT wiederverwenden."
+msgstr ""
+"Dateinamen und Server-Datenfehler für zusätzliche DHCP-Optionen NICHT "
+"wiederverwenden."
 
 #: option.c:382
 msgid "Enable integrated read-only TFTP server."
@@ -471,7 +490,9 @@ msgstr "IP-Adresse des Klienten an tftp-root anhängen."
 
 #: option.c:385
 msgid "Allow access only to files owned by the user running dnsmasq."
-msgstr "Zugriff nur auf Dateien gestatten, die dem dnsmasq aufrufenden Benutzer gehören."
+msgstr ""
+"Zugriff nur auf Dateien gestatten, die dem dnsmasq aufrufenden Benutzer "
+"gehören."
 
 #: option.c:386
 #, c-format
@@ -484,7 +505,7 @@ msgstr "TFTP-Blockgrößen-Erweiterung abschalten."
 
 #: option.c:388
 msgid "Convert TFTP filenames to lowercase"
-msgstr ""
+msgstr "Konvertiere TFTP Dateinamen in Kleinschreibung"
 
 #: option.c:389
 msgid "Ephemeral port range for use by TFTP transfers."
@@ -496,11 +517,13 @@ msgstr "Erweiterte DHCP-Protokollierung."
 
 #: option.c:391
 msgid "Enable async. logging; optionally set queue length."
-msgstr "Asynchrone Protokollierung einschalten, opt. Warteschlangenlänge festlegen."
+msgstr ""
+"Asynchrone Protokollierung einschalten, opt. Warteschlangenlänge festlegen."
 
 #: option.c:392
 msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
-msgstr "DNS-Rebinding unterbinden, private IP-Bereiche bei der Auflösung ausfiltern."
+msgstr ""
+"DNS-Rebinding unterbinden, private IP-Bereiche bei der Auflösung ausfiltern."
 
 #: option.c:393
 msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
@@ -528,7 +551,8 @@ msgstr "DNS-NAPTR-Eintrag festlegen."
 
 #: option.c:399
 msgid "Specify lowest port available for DNS query transmission."
-msgstr "Niedrigsten verfügbaren Port für Übertragung von DNS-Anfragen festlegen."
+msgstr ""
+"Niedrigsten verfügbaren Port für Übertragung von DNS-Anfragen festlegen."
 
 #: option.c:400
 msgid "Use only fully qualified domain names for DHCP clients."
@@ -545,7 +569,7 @@ msgstr "Diese DHCP-Relais als vollwertige Proxies verwenden."
 
 #: option.c:403
 msgid "Relay DHCP requests to a remote server"
-msgstr ""
+msgstr "Leute DHCP Anfragen an entfernten Server weiter"
 
 #: option.c:404
 msgid "Specify alias name for LOCAL DNS name."
@@ -568,9 +592,10 @@ msgid "Add requestor's MAC address to forwarded DNS queries."
 msgstr "Anfragende MAC-Adresse in die weiterleitende DNS-Anfrage einfügen"
 
 #: option.c:409
-#, fuzzy
 msgid "Add requestor's IP subnet to forwarded DNS queries."
-msgstr "Anfragende MAC-Adresse in die weiterleitende DNS-Anfrage einfügen"
+msgstr ""
+"Füge das IP-Subnetz des Anfragenden in die weitergeleiteten DNS-Anfragen "
+"hinzu."
 
 #: option.c:410
 msgid "Proxy DNSSEC validation results from upstream nameservers."
@@ -582,7 +607,8 @@ msgstr "Versuche sequenzielle IP-Adressen an DHCP-Klienten zu vergeben."
 
 #: option.c:412
 msgid "Copy connection-track mark from queries to upstream connections."
-msgstr "Kopiere \"connection-track mark\" von Anfragen nach Upstream-Verbindungen."
+msgstr ""
+"Kopiere \"connection-track mark\" von Anfragen nach Upstream-Verbindungen."
 
 #: option.c:413
 msgid "Allow DHCP clients to do their own DDNS updates."
@@ -590,78 +616,78 @@ msgstr "Erlaube DHCP-Klienten ihre eigenen DDNS-Updates durchzuführen."
 
 #: option.c:414
 msgid "Send router-advertisements for interfaces doing DHCPv6"
-msgstr "Sende \"Router-Advertisments\" für Netzwerkschnittstellen, welche DHCPv6 nutzen"
+msgstr ""
+"Sende \"Router-Advertisments\" für Netzwerkschnittstellen, welche DHCPv6 "
+"nutzen"
 
 #: option.c:415
 msgid "Specify DUID_EN-type DHCPv6 server DUID"
-msgstr ""
+msgstr "Spezifiziere DUID_EN-type DHCPv6 Server DUID"
 
 #: option.c:416
-#, fuzzy
 msgid "Specify host (A/AAAA and PTR) records"
-msgstr "Einen MX-Eintrag festlegen."
+msgstr "Spezifiziere Host (A/AAAA und PTR) Einträge"
 
 #: option.c:417
-#, fuzzy
 msgid "Specify arbitrary DNS resource record"
-msgstr "DNS-TXT-Eintrag festlegen."
+msgstr "Spezifiziere einen beliebiegen DNS Eintrag"
 
 #: option.c:418
-#, fuzzy
 msgid "Bind to interfaces in use - check for new interfaces"
-msgstr "unbekannte Schnittstelle %s in bridge-interface"
+msgstr "Bindung zu Schnittstellen in Benutzung - prüfe auf neue Schnittstellen"
 
 #: option.c:419
 msgid "Export local names to global DNS"
-msgstr ""
+msgstr "Exportiere lokale Namen in das globale DNS"
 
 #: option.c:420
 msgid "Domain to export to global DNS"
-msgstr ""
+msgstr "Domain für das Exportieren des globalen DNS"
 
 #: option.c:421
 msgid "Set TTL for authoritative replies"
-msgstr ""
+msgstr "Setzte TTL für autoritative Antworten"
 
 #: option.c:422
 msgid "Set authoritive zone information"
-msgstr ""
+msgstr "Setze autoritative Zoneninformationen"
 
 #: option.c:423
 msgid "Secondary authoritative nameservers for forward domains"
-msgstr ""
+msgstr "Sekundärer autoritativer Nameserver für weitergeleitete Domains"
 
 #: option.c:424
 msgid "Peers which are allowed to do zone transfer"
-msgstr ""
+msgstr "Peers welche einen Zonentransfer durchführen dürfen"
 
 #: option.c:425
 msgid "Specify ipsets to which matching domains should be added"
 msgstr ""
+"Spezifiziere IPSets zu welcher passende Domains hinzugefügt werden sollen"
 
 #: option.c:426
 msgid "Specify a domain and address range for synthesised names"
-msgstr ""
+msgstr "Spezifiziere eine Domain und Adressbereich für synthetisierte Namen"
 
 #: option.c:428
 msgid "Specify DHCPv6 prefix class"
-msgstr ""
+msgstr "Spezifiziere DHCPv6 Prefix Klasse"
 
 #: option.c:430
 msgid "Set priority, resend-interval and router-lifetime"
-msgstr ""
+msgstr "Setze Priorität, Intervall des erneuten Sendens und Router Lebenszeit"
 
 #: option.c:431
 msgid "Do not log routine DHCP."
-msgstr ""
+msgstr "Protokolliere kein DHCP."
 
 #: option.c:432
 msgid "Do not log routine DHCPv6."
-msgstr ""
+msgstr "Protokolliere kein DHCPv6."
 
 #: option.c:433
 msgid "Do not log RA."
-msgstr ""
+msgstr "RA nicht protokollieren."
 
 #: option.c:618
 #, c-format
@@ -695,9 +721,8 @@ msgid "bad interface name"
 msgstr "unzulässiger Schnittestellenname"
 
 #: option.c:742
-#, fuzzy
 msgid "bad address"
-msgstr "Fehlerhafte IP-Adresse"
+msgstr "Fehlerhafte Adresse"
 
 #: option.c:876
 msgid "unsupported encapsulation for IPv6 option"
@@ -747,7 +772,9 @@ msgstr "Kann auf %s nicht zugreifen: %s"
 
 #: option.c:1466
 msgid "setting log facility is not possible under Android"
-msgstr "Die Einstellung Protokolliereinrichtung kann unter Android nicht gesetzt werden"
+msgstr ""
+"Die Einstellung Protokolliereinrichtung kann unter Android nicht gesetzt "
+"werden"
 
 #: option.c:1475
 msgid "bad log facility"
@@ -771,21 +798,23 @@ msgstr "unter uClinux ist die Skriptausführung nicht möglich"
 
 #: option.c:1557
 msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
-msgstr "Neuübersetzung mit HAVE_SCRIPT nötig, um Lease-Änderungs-Skripte auszuführen"
+msgstr ""
+"Neuübersetzung mit HAVE_SCRIPT nötig, um Lease-Änderungs-Skripte auszuführen"
 
 #: option.c:1561
 msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
-msgstr "Um Benutzerdefinierte Lua-Scripte zu ermöglichen, muss mit HAVE_LUASCRIPT neu kompiliert werden"
+msgstr ""
+"Um Benutzerdefinierte Lua-Scripte zu ermöglichen, muss mit HAVE_LUASCRIPT "
+"neu kompiliert werden"
 
 #: option.c:1802 option.c:1863 option.c:1933
-#, fuzzy
 msgid "bad prefix"
-msgstr "unzulässiger Port"
+msgstr "unzulässiger Präfix"
 
 #: option.c:2167
-#, fuzzy
 msgid "recompile with HAVE_IPSET defined to enable ipset directives"
-msgstr "Um Benutzerdefinierte Lua-Scripte zu ermöglichen, muss mit HAVE_LUASCRIPT neu kompiliert werden"
+msgstr ""
+"Um IPSet-Direktiven zu aktivieren, muss mit HAVE_IPSET neu übersetzt werden"
 
 #: option.c:2347
 msgid "bad port range"
@@ -808,19 +837,16 @@ msgid "inconsistent DHCP range"
 msgstr "inkonsistenter DHCP-Bereich"
 
 #: option.c:2527
-#, fuzzy
 msgid "prefix length must be exactly 64 for RA subnets"
-msgstr "Der Prefix muss mindestens 64 sein"
+msgstr "Die Präfixlenge muss genau 64 für RA Subnetze sein"
 
 #: option.c:2529
-#, fuzzy
 msgid "prefix length must be exactly 64 for subnet constructors"
-msgstr "Der Prefix muss mindestens 64 sein"
+msgstr "Die Präfixlenge muss genau 64 für Subnet Konstruktoren sein"
 
 #: option.c:2533
-#, fuzzy
 msgid "prefix length must be at least 64"
-msgstr "Der Prefix muss mindestens 64 sein"
+msgstr "Die Präfixlänge muss mindestens 64 sein"
 
 #: option.c:2536
 msgid "inconsistent DHCPv6 range"
@@ -828,7 +854,7 @@ msgstr "Inkonsistenter DHCPv6-Bereich"
 
 #: option.c:2547
 msgid "prefix must be zero with \"constructor:\" argument"
-msgstr ""
+msgstr "Prefix muss mit dem \"constructor:\" Argument Null sein"
 
 #: option.c:2658 option.c:2706
 msgid "bad hex constant"
@@ -839,9 +865,9 @@ msgid "cannot match tags in --dhcp-host"
 msgstr "Kann die Tags in --dhcp-host nicht abgleichen"
 
 #: option.c:2728
-#, fuzzy, c-format
+#, c-format
 msgid "duplicate dhcp-host IP address %s"
-msgstr "doppelte IP-Adresse %s in %s."
+msgstr "doppelte dhcp-host IP-Adresse %s"
 
 #: option.c:2784
 msgid "bad DHCP host name"
@@ -860,17 +886,16 @@ msgid "bad dhcp-proxy address"
 msgstr "Fehlerhafte DHCP-Proxy-Adresse"
 
 #: option.c:3278
-#, fuzzy
 msgid "Bad dhcp-relay"
-msgstr "unzulässiger DHCP-Bereich"
+msgstr "unzulässiger dhcp-relay"
 
 #: option.c:3304
 msgid "bad RA-params"
-msgstr ""
+msgstr "unzulässige RA-Parameter"
 
 #: option.c:3313
 msgid "bad DUID"
-msgstr ""
+msgstr "unzulässige DUID"
 
 #: option.c:3355
 msgid "invalid alias range"
@@ -893,9 +918,8 @@ msgid "bad NAPTR record"
 msgstr "unzulässiger NAPTR-Eintrag"
 
 #: option.c:3499
-#, fuzzy
 msgid "bad RR record"
-msgstr "unzulässiger PTR-Eintrag"
+msgstr "unzulässiger RR-Eintrag"
 
 #: option.c:3528
 msgid "bad TXT record"
@@ -918,17 +942,20 @@ msgid "invalid weight"
 msgstr "unzulässige Wichtung"
 
 #: option.c:3621
-#, fuzzy
 msgid "Bad host-record"
-msgstr "unzulässiger PTR-Eintrag"
+msgstr "unzulässiger host-record"
 
 #: option.c:3638
 msgid "Bad name in host-record"
-msgstr ""
+msgstr "Unzulässiger Name in host-record"
 
 #: option.c:3668
-msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DBus support)"
-msgstr "unzulässige Option (prüfen Sie, ob dnsmasq mit DHCP/TFTP/DBus-Unterstützt übersetzt wurde)"
+msgid ""
+"unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DBus "
+"support)"
+msgstr ""
+"unzulässige Option (prüfen Sie, ob dnsmasq mit DHCP/TFTP/DBus-Unterstützt "
+"übersetzt wurde)"
 
 #: option.c:3726
 msgid "missing \""
@@ -951,9 +978,9 @@ msgid "error"
 msgstr "Fehler"
 
 #: option.c:3796
-#, fuzzy, c-format
+#, c-format
 msgid " at line %d of %s"
-msgstr "%s in Zeile %d von %%s"
+msgstr " in Zeile %d von %s"
 
 #: option.c:3860 tftp.c:661
 #, c-format
@@ -992,12 +1019,14 @@ msgstr "Für diese Software wird ABSOLUT KEINE GARANTIE gewährt.\n"
 #: option.c:4157
 #, c-format
 msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
-msgstr "Dnsmasq ist freie Software, und du bist willkommen es weiter zu verteilen\n"
+msgstr ""
+"Dnsmasq ist freie Software, und du bist willkommen es weiter zu verteilen\n"
 
 #: option.c:4158
 #, c-format
 msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
-msgstr "unter den Bedingungen der GNU General Public Lizenz, Version 2 oder 3.\n"
+msgstr ""
+"unter den Bedingungen der GNU General Public Lizenz, Version 2 oder 3.\n"
 
 #: option.c:4169
 msgid "try --help"
@@ -1023,7 +1052,8 @@ msgstr "mit -n/--no-poll ist nur eine resolv.conf-Datei zulässig."
 
 #: option.c:4260
 msgid "must have exactly one resolv.conf to read domain from."
-msgstr "Um die Domäne zu lesen, muss genau eine resolv.conf-Datei verwendet werden."
+msgstr ""
+"Um die Domäne zu lesen, muss genau eine resolv.conf-Datei verwendet werden."
 
 #: option.c:4263 network.c:1316 dhcp.c:768
 #, c-format
@@ -1037,7 +1067,8 @@ msgstr "keine \"search\"-Anweisung in %s gefunden"
 
 #: option.c:4301
 msgid "there must be a default domain when --dhcp-fqdn is set"
-msgstr "Es muss eine standard Domain gesetzt sein, wenn --dhcp-fqdn gesetzt ist"
+msgstr ""
+"Es muss eine standard Domain gesetzt sein, wenn --dhcp-fqdn gesetzt ist"
 
 #: option.c:4305
 msgid "syntax check OK"
@@ -1050,7 +1081,7 @@ msgstr "Fehlgeschlagen, folgendes Paket zu senden: %s"
 
 #: forward.c:493
 msgid "discarding DNS reply: subnet option mismatch"
-msgstr ""
+msgstr "Verwerfe DNS Antwort: Subnetoption stimmt nicht überrein"
 
 #: forward.c:511
 #, c-format
@@ -1063,9 +1094,9 @@ msgid "possible DNS-rebind attack detected: %s"
 msgstr "möglichen DNS-Rebind-Angriff entdeckt: %s"
 
 #: forward.c:1284
-#, fuzzy, c-format
+#, c-format
 msgid "Maximum number of concurrent DNS queries reached (max: %d)"
-msgstr "Höchstzahl nebenläufiger DNS-Anfragen (%s voreingestellt)."
+msgstr "Maximale Anzahl an nebenläufiger DNS-Anfragen erreicht (Max: %d)"
 
 #: network.c:627
 #, c-format
@@ -1074,22 +1105,30 @@ msgstr "Konnte Empfangs-Socket für %s: %s nicht erzeugen"
 
 #: network.c:947
 #, c-format
-msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
+msgid ""
+"LOUD WARNING: listening on %s may accept requests via interfaces other than "
+"%s"
 msgstr ""
+"LOUD WARNING: Das Abhören von %s kann die Anfragen auf der Schnittstelle "
+"akzeptieren anders als %s"
 
 #: network.c:953
-msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
+msgid ""
+"LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS "
+"amplification attacks via these interface(s)"
 msgstr ""
+"LOUD WARNING: Es sollte --bind-dynamic anstatt --bind-interfaces benutzt "
+"werden, um DNS-Verstärkungsangriffe auf diesen Schnittstellen zu unterbinden"
 
 #: network.c:962
-#, fuzzy, c-format
+#, c-format
 msgid "warning: no addresses found for interface %s"
-msgstr "Benutze lokale Adressen nur für %s %s"
+msgstr "Warnung: Keine Adresse für die Schnittstelle %s gefunden"
 
 #: network.c:1020
-#, fuzzy, c-format
+#, c-format
 msgid "interface %s failed to join DHCPv6 multicast group: %s"
-msgstr "Konnte DHCPv6-Multicast-Gruppe nicht beitreten: %s"
+msgstr "Schnittstelle %s konnte DHCPv6-Multicast-Gruppe nicht beitreten: %s"
 
 #: network.c:1214
 #, c-format
@@ -1158,7 +1197,8 @@ msgstr "Kann nicht --conntrack UND --query-port einsetzen"
 
 #: dnsmasq.c:144
 msgid "Conntrack support not available: set HAVE_CONNTRACK in src/config.h"
-msgstr "Conntrack-Unterstützung nicht verfügbar: setze HAVE_CONNTRACK in src/config.h"
+msgstr ""
+"Conntrack-Unterstützung nicht verfügbar: setze HAVE_CONNTRACK in src/config.h"
 
 #: dnsmasq.c:149
 msgid "asychronous logging is not available under Solaris"
@@ -1169,21 +1209,22 @@ msgid "asychronous logging is not available under Android"
 msgstr "Asynchrone Protokollierung unter Android nicht verfügbar"
 
 #: dnsmasq.c:159
-#, fuzzy
 msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
-msgstr "DBus nicht verfügbar: setzen Sie HAVE_DBUS in src/config.h"
+msgstr ""
+"Authoritatives DNS nicht verfügbar: Es muss HAVE_AUTH in src/config.h "
+"gesetzt sein"
 
 #: dnsmasq.c:169
 msgid "zone serial must be configured in --auth-soa"
-msgstr ""
+msgstr "Zonen Seriennummer muss mit --auth-soa konfiguriert werden"
 
 #: dnsmasq.c:187
 msgid "dhcp-range constructor not available on this platform"
-msgstr ""
+msgstr "dhcp-range Konstruktor ist auf dieser Plattform nicht verfübar"
 
 #: dnsmasq.c:227
 msgid "cannot set --bind-interfaces and --bind-dynamic"
-msgstr ""
+msgstr "Kann nicht --bind-interfaces und --bind-dynamic setzen"
 
 #: dnsmasq.c:231
 #, c-format
@@ -1268,7 +1309,8 @@ msgstr "Warnung: keine vorgelagerten (Upstream) Server konfiguriert"
 #: dnsmasq.c:659
 #, c-format
 msgid "asynchronous logging enabled, queue limit is %d messages"
-msgstr "asynchrone Protokollierung eingeschaltet, Warteschlange fasst %d Nachrichten"
+msgstr ""
+"asynchrone Protokollierung eingeschaltet, Warteschlange fasst %d Nachrichten"
 
 #: dnsmasq.c:680
 msgid "IPv6 router advertisement enabled"
@@ -1277,7 +1319,7 @@ msgstr "IPv6-Router-Advertisement aktiviert"
 #: dnsmasq.c:685
 #, c-format
 msgid "DHCP, sockets bound exclusively to interface %s"
-msgstr ""
+msgstr "DHCP, Sockets exklusiv an das Interface %s gebunden"
 
 # FIXME: this and the next few must be full strings to be translatable - do not assemble in code"
 #: dnsmasq.c:702
@@ -1344,7 +1386,7 @@ msgstr "Konnte Lua-Script nicht laden: %s"
 #: dnsmasq.c:1068
 #, c-format
 msgid "TFTP directory %s inaccessible: %s"
-msgstr ""
+msgstr "Das TFTP-Verzeichnis %s ist nicht zugreifbar: %s"
 
 #: dnsmasq.c:1132
 #, c-format
@@ -1433,7 +1475,7 @@ msgstr "ignoriere %s Zeile %d, doppelter Name oder doppelte IP-Adresse"
 #: dhcp.c:993 rfc3315.c:2063
 #, c-format
 msgid "DHCP relay %s -> %s"
-msgstr ""
+msgstr "DHCP Weiterleitung %s -> %s"
 
 #: lease.c:61
 #, c-format
@@ -1556,8 +1598,11 @@ msgstr "benutze konfigurierte Adresse %s nicht, weil sie an %s verleast ist"
 
 #: rfc2131.c:994
 #, c-format
-msgid "not using configured address %s because it is in use by the server or relay"
-msgstr "benutze konfigurierte Adresse %s nicht, weil sie von Server/Relais verwendet wird"
+msgid ""
+"not using configured address %s because it is in use by the server or relay"
+msgstr ""
+"benutze konfigurierte Adresse %s nicht, weil sie von Server/Relais verwendet "
+"wird"
 
 #: rfc2131.c:997
 #, c-format
@@ -1635,7 +1680,8 @@ msgstr "%u angeforderte Optionen: %s"
 #: rfc2131.c:2447
 #, c-format
 msgid "cannot send RFC3925 option: too many options for enterprise number %d"
-msgstr "Kann RFC3925-Option nicht senden: zu viele Optionen für Unternehmen Nr. %d"
+msgstr ""
+"Kann RFC3925-Option nicht senden: zu viele Optionen für Unternehmen Nr. %d"
 
 #: netlink.c:78
 #, c-format
@@ -1649,7 +1695,8 @@ msgstr "Netlink liefert Fehler %s"
 
 #: dbus.c:259
 msgid "attempt to set an IPv6 server address via DBus - no IPv6 support"
-msgstr "Versuch, via DBus eine IPv6-Serveradresse zu setzen: keine IPv6-Unterstützung"
+msgstr ""
+"Versuch, via DBus eine IPv6-Serveradresse zu setzen: keine IPv6-Unterstützung"
 
 #: dbus.c:523
 msgid "setting upstream servers from DBus"
@@ -1727,9 +1774,9 @@ msgid "cannot create DHCPv6 socket: %s"
 msgstr "Kann DHCPv6-Socket nicht erzeugen: %s"
 
 #: dhcp6.c:80
-#, fuzzy, c-format
+#, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
-msgstr "kann SO_REUSE{ADDR|PORT} für DHCP-Socket nicht aktivieren: %s"
+msgstr "kann SO_REUSE{ADDR|PORT} für DHCPv6-Socket nicht aktivieren: %s"
 
 #: dhcp6.c:92
 #, c-format
@@ -1752,68 +1799,64 @@ msgid "%u available DHCPv6 subnet: %s/%d"
 msgstr "%u verfügbare(s) DHCPv6-Subnetz: %s/%d"
 
 #: rfc3315.c:376
-#, fuzzy, c-format
+#, c-format
 msgid "%u vendor class: %u"
-msgstr "%u \"Vendor class\": %s"
+msgstr "%u Herstellerklasse: %u"
 
 #: rfc3315.c:424
-#, fuzzy, c-format
+#, c-format
 msgid "%u client MAC address: %s"
-msgstr "%u Klient stellt Name bereit: %s"
+msgstr "%u Klient MAC-Adresse: %s"
 
 # FIXME: do not assemble
 #: rfc3315.c:656
-#, fuzzy, c-format
+#, c-format
 msgid "unknown prefix-class %d"
-msgstr "Unbekannter Lease"
+msgstr "unbekannte Präfixklasse %d"
 
 #: rfc3315.c:788 rfc3315.c:910
 msgid "success"
-msgstr ""
+msgstr "Erfolg"
 
 #: rfc3315.c:803 rfc3315.c:805 rfc3315.c:918 rfc3315.c:920
-#, fuzzy
 msgid "no addresses available"
-msgstr "Keine Adresse verfügbar"
+msgstr "Keine Adressen verfügbar"
 
 #: rfc3315.c:862
-#, fuzzy
 msgid "address unavailable"
 msgstr "Adresse nicht verfügbar"
 
 #: rfc3315.c:897
 msgid "not on link"
-msgstr ""
+msgstr "nicht on link"
 
 #: rfc3315.c:970 rfc3315.c:1148 rfc3315.c:1225
 msgid "no binding found"
-msgstr ""
+msgstr "Keine Bindung gefunden"
 
 #: rfc3315.c:1008
 msgid "deprecated"
-msgstr ""
+msgstr "veraltet"
 
 #: rfc3315.c:1013
-#, fuzzy
 msgid "address invalid"
-msgstr "Adresse in Nutzung"
+msgstr "Adresse ungültig"
 
 #: rfc3315.c:1058
 msgid "confirm failed"
-msgstr ""
+msgstr "Bestätigung fehlgeschlagen"
 
 #: rfc3315.c:1069
-#, fuzzy
 msgid "all addresses still on link"
-msgstr "Fehlerhafte Adresse in %s Zeile %d"
+msgstr "Alle Adressen immer noch on link"
 
 #: rfc3315.c:1157
 msgid "release received"
-msgstr ""
+msgstr "Freigabe empfangen"
 
 #: rfc3315.c:2054
 msgid "Cannot multicast to DHCPv6 server without correct interface"
-msgstr ""
+msgstr "Kann nicht zum DHCPv6 Server multicasten ohne korrekte Schnittstelle"
 
 #: dhcp-common.c:145
 #, c-format
@@ -1836,9 +1879,9 @@ msgid "duplicate IP address %s (%s) in dhcp-config directive"
 msgstr "doppelte IP-Adresse %s (%s) in \"dhcp-config\"-Anweisung"
 
 #: dhcp-common.c:494
-#, fuzzy, c-format
+#, c-format
 msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
-msgstr "kann SO_REUSE{ADDR|PORT} für DHCP-Socket nicht aktivieren: %s"
+msgstr "kann SO_BINDTODEVICE für DHCP-Socket nicht aktivieren: %s"
 
 #: dhcp-common.c:615
 #, c-format
@@ -1852,52 +1895,52 @@ msgstr "Bekannte DHCPv6-Optionen:\n"
 
 #: dhcp-common.c:823
 msgid ", prefix deprecated"
-msgstr ""
+msgstr ", Prefix veraltet"
 
 #: dhcp-common.c:826
 #, c-format
 msgid ", lease time "
-msgstr ""
+msgstr ", Lease Zeit"
 
 #: dhcp-common.c:868
 #, c-format
 msgid "%s stateless on %s%.0s%.0s%s"
-msgstr ""
+msgstr "%s stateless auf %s%.0s%.0s%s"
 
 #: dhcp-common.c:870
-#, fuzzy, c-format
+#, c-format
 msgid "%s, static leases only on %.0s%s%s%.0s"
-msgstr "DHCP, nur statische Leases auf %.0s%s, Lease-Zeit %s"
+msgstr "%s, nur statische Leases auf %.0s%s%s%.0s"
 
 #: dhcp-common.c:872
-#, fuzzy, c-format
+#, c-format
 msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
-msgstr "DHCP, Proxy im Subnetz %.0s%s%.0s"
+msgstr "%s, Proxy im Subnetz %.0s%s%.0s%.0s"
 
 #: dhcp-common.c:873
-#, fuzzy, c-format
+#, c-format
 msgid "%s, IP range %s -- %s%s%.0s"
-msgstr "DHCP, IP-Bereich %s - %s, Lease-Zeit %s "
+msgstr "%s, IP-Bereich %s -- %s%s%.0s"
 
 #: dhcp-common.c:886
 #, c-format
 msgid "DHCPv4-derived IPv6 names on %s%s"
-msgstr ""
+msgstr "DHCPv4-abgeleitete IPv6 Namen auf %s%s"
 
 #: dhcp-common.c:889
-#, fuzzy, c-format
+#, c-format
 msgid "router advertisement on %s%s"
-msgstr "Router-Advertisment nur auf %.0s%s, Lebenszeit %s"
+msgstr "Router-Advertisment auf %s%s"
 
 #: dhcp-common.c:900
 #, c-format
 msgid "DHCP relay from %s to %s via %s"
-msgstr ""
+msgstr "DHCP Weiterleitung von %s nach %s über %s"
 
 #: dhcp-common.c:902
 #, c-format
 msgid "DHCP relay from %s to %s"
-msgstr ""
+msgstr "DHCP Weiterleitung von %s nach %s"
 
 #: radv.c:98
 #, c-format
@@ -1905,19 +1948,19 @@ msgid "cannot create ICMPv6 socket: %s"
 msgstr "Kann ICMPv6-Socket nicht erzeugen: %s"
 
 #: auth.c:427
-#, fuzzy, c-format
+#, c-format
 msgid "ignoring zone transfer request from %s"
-msgstr "nicht unterstützte Anfrage von %s"
+msgstr "ignoriere Zonentransfer-Anfrage von %s"
 
 #: ipset.c:95
-#, fuzzy, c-format
+#, c-format
 msgid "failed to find kernel version: %s"
-msgstr "kann nicht an DHCP-Server-Socket binden: %s"
+msgstr "konnte Kernelversion nicht finden: %s"
 
 #: ipset.c:114
-#, fuzzy, c-format
+#, c-format
 msgid "failed to create IPset control socket: %s"
-msgstr "konnte TFTP-Socket nicht erzeugen: %s"
+msgstr "konnte IPset-Kontroll-Socket nicht erzeugen: %s"
 
 #~ msgid "no interface with address %s"
 #~ msgstr "keine Schnittstelle mit Adresse %s"

src/blockdata.c

@@ -25,7 +25,7 @@ static void blockdata_expand(int n)
 {
   struct blockdata *new = whine_malloc(n * sizeof(struct blockdata));
   
-  if (new)
+  if (n > 0 && new)
     {
       int i;
       
@@ -46,14 +46,19 @@ void blockdata_init(void)
   blockdata_alloced = 0;
   blockdata_count = 0;
   blockdata_hwm = 0;
-  
-  blockdata_expand((daemon->cachesize * 100) / sizeof(struct blockdata));
+
+  /* Note that daemon->cachesize is enforced to have non-zero size if OPT_DNSSEC_VALID is set */  
+  if (option_bool(OPT_DNSSEC_VALID))
+    blockdata_expand((daemon->cachesize * 100) / sizeof(struct blockdata));
 }
 
 void blockdata_report(void)
 {
-  my_syslog(LOG_INFO, _("DNSSEC memory in use %u, max %u, allocated %u"), 
-	    blockdata_count * sizeof(struct blockdata),  blockdata_hwm * sizeof(struct blockdata),  blockdata_alloced * sizeof(struct blockdata));
+  if (option_bool(OPT_DNSSEC_VALID))
+    my_syslog(LOG_INFO, _("DNSSEC memory in use %u, max %u, allocated %u"), 
+	      blockdata_count * sizeof(struct blockdata),  
+	      blockdata_hwm * sizeof(struct blockdata),  
+	      blockdata_alloced * sizeof(struct blockdata));
 } 
 
 struct blockdata *blockdata_alloc(char *data, size_t len)

src/bpf.c

@@ -376,7 +376,7 @@ void route_init(void)
     die(_("cannot create PF_ROUTE socket: %s"), NULL, EC_BADNET);
 }
 
-void route_sock(time_t now)
+void route_sock(void)
 {
   struct if_msghdr *msg;
   int rc = recv(daemon->routefd, daemon->packet, daemon->packet_buff_sz, 0);
@@ -401,7 +401,7 @@ void route_sock(time_t now)
    else if (msg->ifm_type == RTM_NEWADDR)
      {
        del_family = 0;
-       newaddress(now);
+       send_newaddr();
      }
    else if (msg->ifm_type == RTM_DELADDR)
      {
@@ -439,7 +439,7 @@ void route_sock(time_t now)
 	       of += sizeof(long) - (diff & (sizeof(long) - 1));
 	   }
        
-       newaddress(now);
+       send_newaddr();
      }
 }
 

src/config.h

@@ -330,7 +330,7 @@ HAVE_SOCKADDR_SA_LEN
 #undef HAVE_AUTH
 #endif
 
-#if defined(NO_IPSET) || !defined(HAVE_LINUX_NETWORK)
+#if defined(NO_IPSET)
 #undef HAVE_IPSET
 #endif
 

src/dbus.c

@@ -44,6 +44,12 @@ const char* introspection_xml_template =
 "    <method name=\"SetServersEx\">\n"
 "      <arg name=\"servers\" direction=\"in\" type=\"aas\"/>\n"
 "    </method>\n"
+"    <method name=\"SetFilterWin2KOption\">\n"
+"      <arg name=\"filterwin2k\" direction=\"in\" type=\"b\"/>\n"
+"    </method>\n"
+"    <method name=\"SetBogusPrivOption\">\n"
+"      <arg name=\"boguspriv\" direction=\"in\" type=\"b\"/>\n"
+"    </method>\n"
 "    <signal name=\"DhcpLeaseAdded\">\n"
 "      <arg name=\"ipaddr\" type=\"s\"/>\n"
 "      <arg name=\"hwaddr\" type=\"s\"/>\n"
@@ -372,6 +378,30 @@ static DBusMessage* dbus_read_servers_ex(DBusMessage *message, int strings)
   return error;
 }
 
+static DBusMessage *dbus_set_bool(DBusMessage *message, int flag, char *name)
+{
+  DBusMessageIter iter;
+  dbus_bool_t enabled;
+
+  if (!dbus_message_iter_init(message, &iter) || dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_BOOLEAN)
+    return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS, "Expected boolean argument");
+  
+  dbus_message_iter_get_basic(&iter, &enabled);
+
+  if (enabled)
+    { 
+      my_syslog(LOG_INFO, "Enabling --%s option from D-Bus", name);
+      set_option_bool(flag);
+    }
+  else
+    {
+      my_syslog(LOG_INFO, "Disabling --$s option from D-Bus", name);
+      reset_option_bool(flag);
+    }
+
+  return NULL;
+}
+
 DBusHandlerResult message_handler(DBusConnection *connection, 
 				  DBusMessage *message, 
 				  void *user_data)
@@ -415,6 +445,14 @@ DBusHandlerResult message_handler(DBusConnection *connection,
       reply = dbus_read_servers_ex(message, 1);
       new_servers = 1;
     }
+  else if (strcmp(method, "SetFilterWin2KOption") == 0)
+    {
+      reply = dbus_set_bool(message, OPT_FILTER, "filterwin2k");
+    }
+  else if (strcmp(method, "SetBogusPrivOption") == 0)
+    {
+      reply = dbus_set_bool(message, OPT_BOGUSPRIV, "bogus-priv");
+    }
   else if (strcmp(method, "ClearCache") == 0)
     clear_cache = 1;
   else

src/dhcp.c

@@ -404,7 +404,8 @@ void dhcp_packet(time_t now, int pxe_fd)
       memcpy(arp_req.arp_ha.sa_data, mess->chaddr, mess->hlen);
       /* interface name already copied in */
       arp_req.arp_flags = ATF_COM;
-      ioctl(daemon->dhcpfd, SIOCSARP, &arp_req);
+      if (ioctl(daemon->dhcpfd, SIOCSARP, &arp_req) == -1)
+	my_syslog(MS_DHCP | LOG_ERR, _("ARP-cache injection failed: %s"), strerror(errno));
     }
 #elif defined(HAVE_SOLARIS_NETWORK)
   else if ((ntohs(mess->flags) & 0x8000) || mess->hlen != ETHER_ADDR_LEN || mess->htype != ARPHRD_ETHER)

src/dhcp6.c

@@ -727,8 +727,7 @@ void dhcp_construct_contexts(time_t now)
      
       if (context->flags & CONTEXT_GC && !(context->flags & CONTEXT_OLD))
 	{
-	  if ((context->flags & (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS)) ||
-	      option_bool(OPT_RA))
+	  if ((context->flags & CONTEXT_RA) || option_bool(OPT_RA))
 	    {
 	      /* previously constructed context has gone. advertise it's demise */
 	      context->flags |= CONTEXT_OLD;

src/dnsmasq.c

@@ -917,10 +917,10 @@ int main (int argc, char **argv)
 
 #if defined(HAVE_LINUX_NETWORK)
       if (FD_ISSET(daemon->netlinkfd, &rset))
-	netlink_multicast(now);
+	netlink_multicast();
 #elif defined(HAVE_BSD_NETWORK)
       if (FD_ISSET(daemon->routefd, &rset))
-	route_sock(now);
+	route_sock();
 #endif
 
       /* Check for changes to resolv files once per second max. */
@@ -1037,6 +1037,11 @@ void send_alarm(time_t event, time_t now)
     }
 }
 
+void send_newaddr(void)
+{
+  send_event(pipewrite, EVENT_NEWADDR, 0, NULL);
+}
+
 void send_event(int fd, int event, int data, char *msg)
 {
   struct event_desc ev;
@@ -1230,6 +1235,10 @@ static void async_event(int pipe, time_t now)
 	if (daemon->log_file != NULL)
 	  log_reopen(daemon->log_file);
 	break;
+
+      case EVENT_NEWADDR:
+	newaddress(now);
+	break;
 	
       case EVENT_TERM:
 	/* Knock all our children on the head. */

src/dnsmasq.h

@@ -165,6 +165,7 @@ struct event_desc {
 #define EVENT_LUA_ERR   19
 #define EVENT_TFTP_ERR  20
 #define EVENT_INIT      21
+#define EVENT_NEWADDR   22
 
 /* Exit codes. */
 #define EC_GOOD        0
@@ -823,7 +824,7 @@ struct dhcp_context {
 #define CONTEXT_NETMASK        (1u<<1)
 #define CONTEXT_BRDCAST        (1u<<2)
 #define CONTEXT_PROXY          (1u<<3)
-#define CONTEXT_RA_ONLY        (1u<<4)
+#define CONTEXT_RA_ROUTER      (1u<<4)
 #define CONTEXT_RA_DONE        (1u<<5)
 #define CONTEXT_RA_NAME        (1u<<6)
 #define CONTEXT_RA_STATELESS   (1u<<7)
@@ -838,7 +839,6 @@ struct dhcp_context {
 #define CONTEXT_OLD            (1u<<16)
 #define CONTEXT_V6             (1u<<17)
 
-
 struct ping_result {
   struct in_addr addr;
   time_t time;
@@ -1289,6 +1289,7 @@ unsigned char *extended_hwaddr(int hwtype, int hwlen, unsigned char *hwaddr,
 int make_icmp_sock(void);
 int icmp_ping(struct in_addr addr);
 #endif
+void send_newaddr(void);
 void send_alarm(time_t event, time_t now);
 void send_event(int fd, int event, int data, char *msg);
 void clear_cache_and_reload(time_t now);
@@ -1297,7 +1298,7 @@ void poll_resolv(int force, int do_reload, time_t now);
 /* netlink.c */
 #ifdef HAVE_LINUX_NETWORK
 void netlink_init(void);
-void netlink_multicast(time_t now);
+void netlink_multicast(void);
 #endif
 
 /* bpf.c */
@@ -1306,7 +1307,7 @@ void init_bpf(void);
 void send_via_bpf(struct dhcp_packet *mess, size_t len,
 		  struct in_addr iface_addr, struct ifreq *ifr);
 void route_init(void);
-void route_sock(time_t now);
+void route_sock(void);
 #endif
 
 /* bpf.c or netlink.c */

src/dnssec.c

@@ -1682,6 +1682,9 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
   GETSHORT(qtype, p1);
   GETSHORT(qclass, p1);
   ans_start = p1;
+
+  if (qtype == T_ANY)
+    have_answer = 1;
  
   /* Can't validate an RRISG query */
   if (qtype == T_RRSIG)
@@ -2132,7 +2135,7 @@ static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, i
   int i, type, class, rdlen;
   unsigned char *pp;
   
-  for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
+  for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount); i++)
     {
       pp = p;
 
@@ -2178,7 +2181,7 @@ size_t filter_rrsigs(struct dns_header *header, size_t plen)
   static int rr_sz = 0;
   
   unsigned char *p = (unsigned char *)(header+1);
-  int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns;
+  int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns, chop_ar;
 
   if (ntohs(header->qdcount) != 1 ||
       !(p = skip_name(p, header, plen, 4)))
@@ -2189,7 +2192,9 @@ size_t filter_rrsigs(struct dns_header *header, size_t plen)
 
   /* First pass, find pointers to start and end of all the records we wish to elide:
      records added for DNSSEC, unless explicity queried for */
-  for (rr_found = 0, chop_ns = 0, chop_an = 0, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
+  for (rr_found = 0, chop_ns = 0, chop_an = 0, chop_ar = 0, i = 0; 
+       i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount);
+       i++)
     {
       unsigned char *pstart = p;
       int type, class;
@@ -2217,8 +2222,10 @@ size_t filter_rrsigs(struct dns_header *header, size_t plen)
 	  
 	  if (i < ntohs(header->ancount))
 	    chop_an++;
-	  else
+	  else if (i < (ntohs(header->nscount) + ntohs(header->ancount)))
 	    chop_ns++;
+	  else
+	    chop_ar++;
 	}
       else if (!ADD_RDLEN(header, p, plen, rdlen))
 	return plen;
@@ -2255,7 +2262,8 @@ size_t filter_rrsigs(struct dns_header *header, size_t plen)
   plen = p - (unsigned char *)header;
   header->ancount = htons(ntohs(header->ancount) - chop_an);
   header->nscount = htons(ntohs(header->nscount) - chop_ns);
-  
+  header->arcount = htons(ntohs(header->arcount) - chop_ar);
+
   /* Fourth pass, fix up pointers in the remaining records */
   p = (unsigned char *)(header+1);
   

src/forward.c

@@ -588,7 +588,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
      header->hb4 &= ~HB4_AD;
   
   if (OPCODE(header) != QUERY || (RCODE(header) != NOERROR && RCODE(header) != NXDOMAIN))
-    return n;
+    return resize_packet(header, n, pheader, plen);
   
   /* Complain loudly if the upstream server is non-recursive. */
   if (!(header->hb4 & HB4_RA) && RCODE(header) == NOERROR && ntohs(header->ancount) == 0 &&
@@ -1347,13 +1347,20 @@ static int do_check_sign(time_t now, struct dns_header *header, size_t plen, cha
 { 
   char *name_start;
   unsigned char *p;
-  int status = dnssec_validate_ds(now, header, plen, name, keyname, class);
-  
-  if (status != STAT_INSECURE)
-    {
-      if (status == STAT_NO_DS)
-	status = STAT_INSECURE;
-      return status;
+  int status;
+
+  /* In this case only, a SERVFAIL reply allows us to continue up the tree, looking for a 
+     suitable NSEC reply to DS queries. */
+  if (RCODE(header) != SERVFAIL)
+    { 
+      status = dnssec_validate_ds(now, header, plen, name, keyname, class);
+      
+      if (status != STAT_INSECURE)
+	{
+	  if (status == STAT_NO_DS)
+	    status = STAT_INSECURE;
+	  return status;
+	}
     }
   
   p = (unsigned char *)(header+1);
@@ -1446,8 +1453,13 @@ static int  tcp_check_for_unsigned_zone(time_t now, struct dns_header *header, s
 	      newhash = hash_questions(header, (unsigned int)m, name);
 	      if (newhash && memcmp(hash, newhash, HASH_SIZE) == 0)
 		{
-		  /* Note this trashes all three name workspaces */
-		  status = tcp_key_recurse(now, STAT_NEED_DS_NEG, header, m, class, name, keyname, server, keycount);
+		   /* In this case only, a SERVFAIL reply allows us to continue up the tree, looking for a 
+		      suitable NSEC reply to DS queries. */
+		  if (RCODE(header) == SERVFAIL)
+		    status = STAT_INSECURE;
+		  else
+		    /* Note this trashes all three name workspaces */
+		    status = tcp_key_recurse(now, STAT_NEED_DS_NEG, header, m, class, name, keyname, server, keycount);
 		  
 		  /* We've found a DS which proves the bit of the DNS where the
 		     original query is, is unsigned, so the answer is OK, 
@@ -1823,6 +1835,10 @@ unsigned char *tcp_request(int confd, time_t now,
 			}
 		      
 		      *length = htons(size);
+
+		      /* get query name again for logging - may have been overwritten */
+		      if (!(gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype)))
+			strcpy(daemon->namebuff, "query");
 		      
 		      if (!read_write(last_server->tcpfd, packet, size + sizeof(u16), 0) ||
 			  !read_write(last_server->tcpfd, &c1, 1, 1) ||
@@ -1836,8 +1852,6 @@ unsigned char *tcp_request(int confd, time_t now,
 		      
 		      m = (c1 << 8) | c2;
 		      
-		      if (!gotname)
-			strcpy(daemon->namebuff, "query");
 		      if (last_server->addr.sa.sa_family == AF_INET)
 			log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, 
 				  (struct all_addr *)&last_server->addr.in.sin_addr, NULL); 

src/ipset.c

@@ -16,7 +16,7 @@
 
 #include "dnsmasq.h"
 
-#ifdef HAVE_IPSET
+#if defined(HAVE_IPSET) && defined(HAVE_LINUX_NETWORK)
 
 #include <string.h>
 #include <errno.h>

src/netlink.c

@@ -38,7 +38,7 @@
 static struct iovec iov;
 static u32 netlink_pid;
 
-static int nl_async(struct nlmsghdr *h);
+static void nl_async(struct nlmsghdr *h);
 
 void netlink_init(void)
 {
@@ -142,7 +142,7 @@ int iface_enumerate(int family, void *parm, int (*callback)())
   struct nlmsghdr *h;
   ssize_t len;
   static unsigned int seq = 0;
-  int callback_ok = 1, newaddr = 0;
+  int callback_ok = 1;
 
   struct {
     struct nlmsghdr nlh;
@@ -191,21 +191,10 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 	if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
 	  {
 	    /* May be multicast arriving async */
-	    if (nl_async(h))
-	      {
-		newaddr = 1; 
-		enumerate_interfaces(1); /* reset */
-	      }
+	    nl_async(h);
 	  }
 	else if (h->nlmsg_type == NLMSG_DONE)
-	  {
-	    /* handle async new interface address arrivals, these have to be done
-	       after we complete as we're not re-entrant */
-	    if (newaddr) 
-	      newaddress(dnsmasq_time());
-		
-	    return callback_ok;
-	  }
+	  return callback_ok;
 	else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL)
 	  {
 	    struct ifaddrmsg *ifa = NLMSG_DATA(h);  
@@ -330,11 +319,11 @@ int iface_enumerate(int family, void *parm, int (*callback)())
     }
 }
 
-void netlink_multicast(time_t now)
+void netlink_multicast(void)
 {
   ssize_t len;
   struct nlmsghdr *h;
-  int flags, newaddr = 0;
+  int flags;
   
   /* don't risk blocking reading netlink messages here. */
   if ((flags = fcntl(daemon->netlinkfd, F_GETFL)) == -1 ||
@@ -343,24 +332,19 @@ void netlink_multicast(time_t now)
   
   if ((len = netlink_recv()) != -1)
     for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
-      if (nl_async(h))
-	newaddr = 1;
+      nl_async(h);
   
   /* restore non-blocking status */
   fcntl(daemon->netlinkfd, F_SETFL, flags);
-  
-  if (newaddr) 
-    newaddress(now);
 }
 
-static int nl_async(struct nlmsghdr *h)
+static void nl_async(struct nlmsghdr *h)
 {
   if (h->nlmsg_type == NLMSG_ERROR)
     {
       struct nlmsgerr *err = NLMSG_DATA(h);
       if (err->error != 0)
 	my_syslog(LOG_ERR, _("netlink returns error: %s"), strerror(-(err->error)));
-      return 0;
     }
   else if (h->nlmsg_pid == 0 && h->nlmsg_type == RTM_NEWROUTE) 
     {
@@ -385,18 +369,15 @@ static int nl_async(struct nlmsghdr *h)
 	      else if (daemon->rfd_save && daemon->rfd_save->refcount != 0)
 		fd = daemon->rfd_save->fd;
 	      else
-		return 0;
+		return;
 	      
 	      while(sendto(fd, daemon->packet, daemon->packet_len, 0,
 			   &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
 	    }
 	}
-      return 0;
     }
   else if (h->nlmsg_type == RTM_NEWADDR || h->nlmsg_type == RTM_DELADDR) 
-    return 1; /* clever bind mode - rescan */
-  
-  return 0;
+    send_newaddr();
 }
 #endif
 

src/network.c

@@ -551,7 +551,7 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
 int enumerate_interfaces(int reset)
 {
   static struct addrlist *spare = NULL;
-  static int done = 0, active = 0;
+  static int done = 0;
   struct iface_param param;
   int errsave, ret = 1;
   struct addrlist *addr, *tmp;
@@ -570,14 +570,11 @@ int enumerate_interfaces(int reset)
       return 1;
     }
 
-  if (done || active)
+  if (done)
     return 1;
 
   done = 1;
 
-  /* protect against recusive calls from iface_enumerate(); */
-  active = 1;
-
   if ((param.fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
     return 0;
  
@@ -677,10 +674,8 @@ int enumerate_interfaces(int reset)
     }
   
   errno = errsave;
-  
   spare = param.spare;
-  active = 0;
-  
+    
   return ret;
 }
 

src/option.c

@@ -2583,9 +2583,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 		if (strcmp(a[leasepos], "static") == 0)
 		  new->flags |= CONTEXT_STATIC | CONTEXT_DHCP;
 		else if (strcmp(a[leasepos], "ra-only") == 0 || strcmp(a[leasepos], "slaac") == 0 )
-		  new->flags |= CONTEXT_RA_ONLY | CONTEXT_RA;
+		  new->flags |= CONTEXT_RA;
 		else if (strcmp(a[leasepos], "ra-names") == 0)
 		  new->flags |= CONTEXT_RA_NAME | CONTEXT_RA;
+		else if (strcmp(a[leasepos], "ra-advrouter") == 0)
+		  new->flags |= CONTEXT_RA_ROUTER | CONTEXT_RA;
 		else if (strcmp(a[leasepos], "ra-stateless") == 0)
 		  new->flags |= CONTEXT_RA_STATELESS | CONTEXT_DHCP | CONTEXT_RA;
 		else if (leasepos == 1 && inet_pton(AF_INET6, a[leasepos], &new->end6))
@@ -2615,7 +2617,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	    
 	    if (new->prefix != 64)
 	      {
-		if ((new->flags & (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS)))
+		if (new->flags & CONTEXT_RA)
 		  ret_err(_("prefix length must be exactly 64 for RA subnets"));
 		else if (new->flags & CONTEXT_TEMPLATE)
 		  ret_err(_("prefix length must be exactly 64 for subnet constructors"));

src/radv-protocol.h

@@ -49,6 +49,7 @@ struct prefix_opt {
 #define ICMP6_OPT_SOURCE_MAC   1
 #define ICMP6_OPT_PREFIX       3
 #define ICMP6_OPT_MTU          5
+#define ICMP6_OPT_ADV_INTERVAL 7
 #define ICMP6_OPT_RDNSS       25
 #define ICMP6_OPT_DNSSL       31
 

src/radv.c

@@ -28,7 +28,7 @@
 
 struct ra_param {
   time_t now;
-  int ind, managed, other, found_context, first;
+  int ind, managed, other, found_context, first, adv_router;
   char *if_name;
   struct dhcp_netid *tags;
   struct in6_addr link_local, link_global, ula;
@@ -226,6 +226,7 @@ static void send_ra(time_t now, int iface, char *iface_name, struct in6_addr *de
   parm.managed = 0;
   parm.other = 0;
   parm.found_context = 0;
+  parm.adv_router = 0;
   parm.if_name = iface_name;
   parm.first = 1;
   parm.now = now;
@@ -286,8 +287,7 @@ static void send_ra(time_t now, int iface, char *iface_name, struct in6_addr *de
 	      setaddr6part(&local, addr6part(&local) & ~((context->prefix == 64) ? (u64)-1LL : (1LLU << (128 - context->prefix)) - 1LLU));
 	     
 	      
-	      if ((context->flags & 
-		   (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS)))
+	      if (context->flags & CONTEXT_RA)
 		{
 		  do_slaac = 1;
 		  if (context->flags & CONTEXT_DHCP)
@@ -339,6 +339,17 @@ static void send_ra(time_t now, int iface, char *iface_name, struct in6_addr *de
   if (!old_prefix && !parm.found_context)
     return; 
   
+  /* If we're sending router address instead of prefix in at least on prefix,
+     include the advertisement interval option. */
+  if (parm.adv_router)
+    {
+      put_opt6_char(ICMP6_OPT_ADV_INTERVAL);
+      put_opt6_char(1);
+      put_opt6_short(0);
+      /* interval value is in milliseconds */
+      put_opt6_long(1000 * calc_interval(find_iface_param(iface_name)));
+    }
+
 #ifdef HAVE_LINUX_NETWORK
   /* Note that IPv6 MTU is not necessarilly the same as the IPv4 MTU
      available from SIOCGIFMTU */
@@ -500,6 +511,7 @@ static int add_prefixes(struct in6_addr *local,  int prefix,
 	  int do_slaac = 0;
 	  int deprecate  = 0;
 	  int constructed = 0;
+	  int adv_router = 0;
 	  unsigned int time = 0xffffffff;
 	  struct dhcp_context *context;
 	  
@@ -511,8 +523,7 @@ static int add_prefixes(struct in6_addr *local,  int prefix,
 	      {
 		context->saved_valid = valid;
 
-		if ((context->flags & 
-		     (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS)))
+		if (context->flags & CONTEXT_RA) 
 		  {
 		    do_slaac = 1;
 		    if (context->flags & CONTEXT_DHCP)
@@ -530,7 +541,17 @@ static int add_prefixes(struct in6_addr *local,  int prefix,
 		    param->managed = 1;
 		    param->other = 1;
 		  }
-		
+
+		/* Configured to advertise router address, not prefix. See RFC 3775 7.2 
+		 In this case we do all addresses associated with a context, 
+		 hence the real_prefix setting here. */
+		if (context->flags & CONTEXT_RA_ROUTER)
+		  {
+		    adv_router = 1;
+		    param->adv_router = 1;
+		    real_prefix = context->prefix;
+		  }
+
 		/* find floor time, don't reduce below 3 * RA interval. */
 		if (time > context->lease_time)
 		  {
@@ -556,7 +577,7 @@ static int add_prefixes(struct in6_addr *local,  int prefix,
 		/* subsequent prefixes on the same interface 
 		   and subsequent instances of this prefix don't need timers.
 		   Be careful not to find the same prefix twice with different
-		   addresses. */
+		   addresses unless we're advertising the actual addresses. */
 		if (!(context->flags & CONTEXT_RA_DONE))
 		  {
 		    if (!param->first)
@@ -607,13 +628,18 @@ static int add_prefixes(struct in6_addr *local,  int prefix,
 	      if ((opt = expand(sizeof(struct prefix_opt))))
 		{
 		  /* zero net part of address */
-		  setaddr6part(local, addr6part(local) & ~((real_prefix == 64) ? (u64)-1LL : (1LLU << (128 - real_prefix)) - 1LLU));
+		  if (!adv_router)
+		    setaddr6part(local, addr6part(local) & ~((real_prefix == 64) ? (u64)-1LL : (1LLU << (128 - real_prefix)) - 1LLU));
 		  
 		  opt->type = ICMP6_OPT_PREFIX;
 		  opt->len = 4;
 		  opt->prefix_len = real_prefix;
 		  /* autonomous only if we're not doing dhcp, always set "on-link" */
-		  opt->flags = do_slaac ? 0xC0 : 0x80;
+		  opt->flags = 0x80;
+		  if (do_slaac)
+		    opt->flags |= 0x40;
+		  if (adv_router)
+		    opt->flags |= 0x20;
 		  opt->valid_lifetime = htonl(valid);
 		  opt->preferred_lifetime = htonl(preferred);
 		  opt->reserved = 0; 

src/tables.c

@@ -0,0 +1,169 @@
+/* tables.c is Copyright (c) 2014 Sven Falempin  All Rights Reserved.
+
+   Author's email: sfalempin@citypassenger.com 
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dnsmasq.h"
+
+#if defined(HAVE_IPSET) && defined(HAVE_BSD_NETWORK)
+
+#include <sys/types.h>
+#include <sys/ioctl.h>
+
+#include <net/if.h>
+#include <netinet/in.h>
+#include <net/pfvar.h>
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+
+#define UNUSED(x) (void)(x)
+
+static char *pf_device = "/dev/pf";
+static int dev = -1;
+
+static char *pfr_strerror(int errnum)
+{
+  switch (errnum) 
+    {
+    case ESRCH:
+      return "Table does not exist";
+    case ENOENT:
+      return "Anchor or Ruleset does not exist";
+    default:
+      return strerror(errnum);
+    }
+}
+
+static int pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags)
+{
+  struct pfioc_table io;
+  
+  if (size < 0 || (size && tbl == NULL)) 
+    {
+      errno = EINVAL;
+      return (-1);
+    }
+  bzero(&io, sizeof io);
+  io.pfrio_flags = flags;
+  io.pfrio_buffer = tbl;
+  io.pfrio_esize = sizeof(*tbl);
+  io.pfrio_size = size;
+  if (ioctl(dev, DIOCRADDTABLES, &io))
+    return (-1);
+  if (nadd != NULL)
+    *nadd = io.pfrio_nadd;
+  return (0);
+}
+
+static int fill_addr(const struct all_addr *ipaddr, int flags, struct pfr_addr* addr) {
+  if ( !addr || !ipaddr)
+    {
+      my_syslog(LOG_ERR, _("error: fill_addr missused"));
+      return -1;
+    }
+  bzero(addr, sizeof(*addr));
+#ifdef HAVE_IPV6
+  if (flags & F_IPV6) 
+    {
+      addr->pfra_af = AF_INET6;
+      addr->pfra_net = 0x80;
+      memcpy(&(addr->pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr));
+    } 
+  else 
+#endif
+    {
+      addr->pfra_af = AF_INET;
+      addr->pfra_net = 0x20;
+      addr->pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr;
+    }
+  return 1;
+}
+
+/*****************************************************************************/
+
+void ipset_init(void) 
+{
+  dev = open( pf_device, O_RDWR);
+  if (dev == -1)
+    {
+      err(1, "%s", pf_device);
+      die (_("failed to access pf devices: %s"), NULL, EC_MISC);
+    }
+}
+
+int add_to_ipset(const char *setname, const struct all_addr *ipaddr,
+		      int flags, int remove)
+{
+  struct pfr_addr addr;
+  struct pfioc_table io;
+  struct pfr_table table;
+  int n = 0, rc = 0;
+
+  if ( dev == -1 ) 
+    {
+      my_syslog(LOG_ERR, _("warning: no opened pf devices %s"), pf_device);
+      return -1;
+    }
+
+  bzero(&table, sizeof(struct pfr_table));
+  table.pfrt_flags |= PFR_TFLAG_PERSIST;
+  if ( strlen(setname) >= PF_TABLE_NAME_SIZE )
+    {
+      my_syslog(LOG_ERR, _("error: cannot use table name %s"), setname);
+      errno = ENAMETOOLONG;
+      return -1;
+    }
+  
+  if ( strlcpy(table.pfrt_name, setname,
+               sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name)) 
+    {
+      my_syslog(LOG_ERR, _("error: cannot strlcpy table name %s"), setname);
+      return -1;
+    }
+  
+  if (rc = pfr_add_tables(&table, 1, &n, 0)) 
+    {
+      my_syslog(LOG_WARNING, _("warning: pfr_add_tables: %s(%d)"),
+		pfr_strerror(errno),rc);
+      return -1;
+    }
+  table.pfrt_flags &= ~PFR_TFLAG_PERSIST;
+  if (n)
+    my_syslog(LOG_INFO, _("info: table created"));
+  
+  fill_addr(ipaddr,flags,&addr);
+  bzero(&io, sizeof(io));
+  io.pfrio_flags = 0;
+  io.pfrio_table = table;
+  io.pfrio_buffer = &addr;
+  io.pfrio_esize = sizeof(addr);
+  io.pfrio_size = 1;
+  if (ioctl(dev, ( remove ? DIOCRDELADDRS : DIOCRADDADDRS ), &io)) 
+    {
+      my_syslog(LOG_WARNING, _("warning: DIOCR%sADDRS: %s"), ( remove ? "DEL" : "ADD" ), pfr_strerror(errno));
+      return -1;
+    }
+  
+  my_syslog(LOG_INFO, _("%d addresses %s"),
+            io.pfrio_nadd, ( remove ? "removed" : "added" ));
+  
+  return io.pfrio_nadd;
+}
+
+
+#endif