dnsdist: master port for openwrt 19.07, with uci and odhcpd integration

Signed-off-by: Peter van Dijk <[email protected]>
PowerDNS · Nov 19, 2022 · 93c1fb3 · 93c1fb3
1 parent e6ecebb
commit 93c1fb3
Show file tree

Hide file tree

Showing 35 changed files with 2,878 additions and 135 deletions.
diff --git a/.github/workflows/multi-arch-test-build.yml b/.github/workflows/multi-arch-test-build.yml
@@ -11,17 +11,10 @@ jobs:
       fail-fast: false
       matrix:
         arch:
-          - arc_archs
           - arm_cortex-a9_vfpv3-d16
           - mips_24kc
-          - powerpc_464fp
-          - powerpc_8540
         runtime_test: [false]
         include:
-          - arch: aarch64_cortex-a53
-            runtime_test: true
-          - arch: arm_cortex-a15_neon-vfpv4
-            runtime_test: true
           - arch: x86_64
             runtime_test: true
 

diff --git a/libs/h2o-tiny/Makefile b/libs/h2o-tiny/Makefile
@@ -0,0 +1,57 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=h2o
+PKG_VERSION:=2.2.6
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_URL:=https://codeload.github.com/h2o/h2o/tar.gz/v${PKG_VERSION}?
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=f8cbc1b530d85ff098f6efc2c3fdbc5e29baffb30614caac59d5c710f7bda201
+
+PKG_MAINTAINER:=Peter van Dijk <[email protected]>
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+CMAKE_OPTIONS += \
+	-DBUILD_SHARED_LIBS=ON \
+	-DWITH_MRUBY=OFF
+
+define Package/libh2o-evloop-tiny
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=H2O Library compiled with its own event loop
+  URL:=https://h2o.examp1e.net/
+  DEPENDS:=+libopenssl +zlib
+endef
+
+define Package/libh2o-tiny
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=H2O Library compiled with libuv
+  URL:=https://h2o.examp1e.net/
+  DEPENDS:=+libuv +libopenssl +zlib +libyaml
+endef
+
+define Build/InstallDev
+	$(call Build/InstallDev/cmake,$(1))
+	$(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libh2o-evloop.pc
+	$(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/libh2o-evloop.pc
+	$(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libh2o.pc
+	$(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/libh2o.pc
+endef
+
+define Package/libh2o-evloop-tiny/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libh2o-evloop.so* $(1)/usr/lib/
+endef
+
+define Package/libh2o-tiny/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libh2o.so* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libh2o-evloop-tiny))
+$(eval $(call BuildPackage,libh2o-tiny))
diff --git a/libs/h2o-tiny/patches/100-socket_disable_npn.patch b/libs/h2o-tiny/patches/100-socket_disable_npn.patch
@@ -0,0 +1,22 @@
+--- a/include/h2o/socket.h
++++ b/include/h2o/socket.h
+@@ -29,6 +29,7 @@ extern "C" {
+ #include <stdint.h>
+ #include <sys/socket.h>
+ #include <openssl/ssl.h>
++#include <openssl/opensslconf.h>
+ #include "h2o/cache.h"
+ #include "h2o/memory.h"
+ #include "h2o/openssl_backport.h"
+@@ -44,7 +45,11 @@ extern "C" {
+
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ #define H2O_USE_ALPN 1
++#ifndef OPENSSL_NO_NEXTPROTONEG
+ #define H2O_USE_NPN 1
++#else
++#define H2O_USE_NPN 0
++#endif
+ #elif OPENSSL_VERSION_NUMBER >= 0x10001000L
+ #define H2O_USE_ALPN 0
+ #define H2O_USE_NPN 1
diff --git a/libs/h2o-tiny/patches/200-libh2o-evloop_wslay-link.patch b/libs/h2o-tiny/patches/200-libh2o-evloop_wslay-link.patch
@@ -0,0 +1,43 @@
+From f7d5cb83826c7e2b1a3dc618b434d85df130a4d5 Mon Sep 17 00:00:00 2001
+From: James Taylor <[email protected]>
+Date: Tue, 10 Dec 2019 21:58:45 +1100
+Subject: [PATCH] Explicitly link against WSLAY when available
+
+When other libraries attempt to link against libh2o and libh2o-evloop that was
+compiled with libwslay available, there are errors from missing symbols
+associated with code which makes use of the wslay library. To rectify this,
+explicitly link against libwslay during the build process.
+
+Fixes #2105
+
+Signed-off-by: James Taylor <[email protected]>
+---
+ CMakeLists.txt | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -386,13 +386,21 @@ SET_TARGET_PROPERTIES(libh2o PROPERTIES
+     OUTPUT_NAME h2o
+     VERSION ${LIBRARY_VERSION}
+     SOVERSION ${LIBRARY_SOVERSION})
+-TARGET_LINK_LIBRARIES(libh2o ${LIBUV_LIBRARIES} ${EXTRA_LIBS})
++IF (WSLAY_FOUND)
++    TARGET_LINK_LIBRARIES(libh2o ${WSLAY_LIBRARIES} ${LIBUV_LIBRARIES} ${EXTRA_LIBS})
++ELSE ()
++    TARGET_LINK_LIBRARIES(libh2o ${LIBUV_LIBRARIES} ${EXTRA_LIBS})
++ENDIF (WSLAY_FOUND)
+ SET_TARGET_PROPERTIES(libh2o-evloop PROPERTIES
+     OUTPUT_NAME h2o-evloop
+     COMPILE_FLAGS "-DH2O_USE_LIBUV=0"
+     VERSION ${LIBRARY_VERSION}
+     SOVERSION ${LIBRARY_SOVERSION})
+-TARGET_LINK_LIBRARIES(libh2o-evloop ${EXTRA_LIBS})
++IF (WSLAY_FOUND)
++    TARGET_LINK_LIBRARIES(libh2o-evloop ${WSLAY_LIBRARIES} ${EXTRA_LIBS})
++ELSE ()
++    TARGET_LINK_LIBRARIES(libh2o-evloop ${EXTRA_LIBS})
++ENDIF (WSLAY_FOUND)
+
+ IF (OPENSSL_FOUND)
+     TARGET_INCLUDE_DIRECTORIES(libh2o PUBLIC ${OPENSSL_INCLUDE_DIR})
diff --git a/libs/h2o-tiny/patches/300-picotls-chacha-detect.patch b/libs/h2o-tiny/patches/300-picotls-chacha-detect.patch
@@ -0,0 +1,17 @@
+--- a/deps/picotls/include/picotls/openssl.h
++++ b/deps/picotls/include/picotls/openssl.h
+@@ -26,11 +26,14 @@
+ #include <openssl/evp.h>
+ #include <openssl/hmac.h>
+ #include <openssl/x509.h>
++#include <openssl/opensslconf.h>
+ #include "../picotls.h"
+
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ #define PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
+ #endif
++#endif
+
+ extern ptls_key_exchange_algorithm_t ptls_openssl_secp256r1;
+ extern ptls_key_exchange_algorithm_t *ptls_openssl_key_exchanges[];
diff --git a/libs/h2o-tiny/patches/400-backtrace-detection.patch b/libs/h2o-tiny/patches/400-backtrace-detection.patch
@@ -0,0 +1,70 @@
+From 03dbd6757d043581b5d250107b6f1cda6ae203a9 Mon Sep 17 00:00:00 2001
+From: Frederik Deweerdt <[email protected]>
+Date: Wed, 25 Oct 2017 13:52:28 -0700
+Subject: [PATCH] Autodetect backtrace and backtrace_symbols_fd
+
+---
+ CMakeLists.txt | 13 +++++++++++++
+ src/main.c     | 10 ++++++----
+ 2 files changed, 19 insertions(+), 4 deletions(-)
+
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -58,6 +58,19 @@ __sync_add_and_fetch(&a, 1);
+ return 0;
+ }" ARCH_SUPPORTS_64BIT_ATOMICS)
+
++CHECK_C_SOURCE_COMPILES("
++#include <execinfo.h>
++int main(void) {
++void *p[10];
++int ret = backtrace(p, 10);
++backtrace_symbols_fd(p, ret, 2);
++return 0;
++}" LIBC_HAS_BACKTRACE)
++
++IF (LIBC_HAS_BACKTRACE)
++    ADD_DEFINITIONS("-DLIBC_HAS_BACKTRACE")
++ENDIF ()
++
+ SET(WITH_BUNDLED_SSL_DEFAULT "ON")
+ IF ((NOT UNIX) OR CYGWIN)
+     SET(WITH_BUNDLED_SSL_DEFAULT "OFF")
+--- a/src/main.c
++++ b/src/main.c
+@@ -48,7 +48,7 @@
+ #include <openssl/crypto.h>
+ #include <openssl/err.h>
+ #include <openssl/ssl.h>
+-#ifdef __GLIBC__
++#ifdef LIBC_HAS_BACKTRACE
+ #include <execinfo.h>
+ #endif
+ #if H2O_USE_PICOTLS
+@@ -1436,7 +1436,8 @@ static void on_sigterm(int signo)
+     notify_all_threads();
+ }
+
+-#ifdef __GLIBC__
++#ifdef LIBC_HAS_BACKTRACE
++
+ static int popen_crash_handler(void)
+ {
+     char *cmd_fullpath = h2o_configurator_get_cmd_path(conf.crash_handler), *argv[] = {cmd_fullpath, NULL};
+@@ -1488,13 +1489,14 @@ static void on_sigfatal(int signo)
+
+     raise(signo);
+ }
+-#endif
++
++#endif /* LIBC_HAS_BACKTRACE */
+
+ static void setup_signal_handlers(void)
+ {
+     h2o_set_signal_handler(SIGTERM, on_sigterm);
+     h2o_set_signal_handler(SIGPIPE, SIG_IGN);
+-#ifdef __GLIBC__
++#ifdef LIBC_HAS_BACKTRACE
+     if ((crash_handler_fd = popen_crash_handler()) == -1)
+         crash_handler_fd = 2;
+     h2o_set_signal_handler(SIGABRT, on_sigfatal);
diff --git a/libs/h2o-tiny/patches/500-openssl.patch b/libs/h2o-tiny/patches/500-openssl.patch
@@ -0,0 +1,96 @@
+--- a/deps/neverbleed/neverbleed.c
++++ b/deps/neverbleed/neverbleed.c
+@@ -36,6 +36,7 @@
+ #include <sys/types.h>
+ #include <sys/uio.h>
+ #include <unistd.h>
++#include <openssl/engine.h>
+ #include <openssl/rand.h>
+ #include <openssl/ssl.h>
+ #include <openssl/rsa.h>
+--- a/deps/picotls/lib/openssl.c
++++ b/deps/picotls/lib/openssl.c
+@@ -36,6 +36,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
+ #include <openssl/rand.h>
++#include <openssl/rsa.h>
+ #include <openssl/x509.h>
+ #include <openssl/x509v3.h>
+ #include <openssl/x509_vfy.h>
+@@ -941,7 +942,7 @@ int ptls_openssl_encrypt_ticket(ptls_buf
+
+ Exit:
+     if (cctx != NULL)
+-        EVP_CIPHER_CTX_cleanup(cctx);
++        EVP_CIPHER_CTX_reset(cctx);
+     if (hctx != NULL)
+         HMAC_CTX_free(hctx);
+     return ret;
+@@ -1011,7 +1012,7 @@ int ptls_openssl_decrypt_ticket(ptls_buf
+
+ Exit:
+     if (cctx != NULL)
+-        EVP_CIPHER_CTX_cleanup(cctx);
++        EVP_CIPHER_CTX_reset(cctx);
+     if (hctx != NULL)
+         HMAC_CTX_free(hctx);
+     return ret;
+--- a/src/main.c
++++ b/src/main.c
+@@ -45,6 +45,7 @@
+ #include <sys/types.h>
+ #include <sys/un.h>
+ #include <sys/wait.h>
++#include <openssl/dh.h>
+ #include <openssl/crypto.h>
+ #include <openssl/err.h>
+ #include <openssl/ssl.h>
+@@ -1827,7 +1828,7 @@ static h2o_iovec_t on_extra_status(void
+                                           " \"listeners\": %zu,\n"
+                                           " \"worker-threads\": %zu,\n"
+                                           " \"num-sessions\": %lu",
+-                       SSLeay_version(SSLEAY_VERSION), current_time, restart_time, (uint64_t)(now - conf.launch_time), generation,
++                       OpenSSL_version(OPENSSL_VERSION), current_time, restart_time, (uint64_t)(now - conf.launch_time), generation,
+                        num_connections(0), conf.max_connections, conf.num_listeners, conf.num_threads, num_sessions(0));
+     assert(ret.len < BUFSIZE);
+
+@@ -2008,7 +2009,7 @@ int main(int argc, char **argv)
+                 break;
+             case 'v':
+                 printf("h2o version " H2O_VERSION "\n");
+-                printf("OpenSSL: %s\n", SSLeay_version(SSLEAY_VERSION));
++                printf("OpenSSL: %s\n", OpenSSL_version(OPENSSL_VERSION));
+ #if H2O_USE_MRUBY
+                 printf(
+                     "mruby: YES\n"); /* TODO determine the way to obtain the version of mruby (that is being linked dynamically) */
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -911,6 +911,7 @@ void ssl_setup_session_resumption(SSL_CT
+ #endif
+ }
+
++#if OPENSSL_VERSION_NUMBER < 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
+ static pthread_mutex_t *mutexes;
+
+ static void lock_callback(int mode, int n, const char *file, int line)
+@@ -937,9 +938,11 @@ static int add_lock_callback(int *num, i
+
+     return __sync_add_and_fetch(num, amount);
+ }
++#endif
+
+ void init_openssl(void)
+ {
++#if OPENSSL_VERSION_NUMBER < 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
+     int nlocks = CRYPTO_num_locks(), i;
+     mutexes = h2o_mem_alloc(sizeof(*mutexes) * nlocks);
+     for (i = 0; i != nlocks; ++i)
+@@ -953,6 +956,7 @@ void init_openssl(void)
+     SSL_load_error_strings();
+     SSL_library_init();
+     OpenSSL_add_all_algorithms();
++#endif
+
+     cache_init_defaults();
+ #if H2O_USE_SESSION_TICKETS
diff --git a/libs/h2o-tiny/patches/600-engine.patch b/libs/h2o-tiny/patches/600-engine.patch
@@ -0,0 +1,28 @@
+--- a/deps/neverbleed/neverbleed.c
++++ b/deps/neverbleed/neverbleed.c
+@@ -1486,6 +1486,7 @@ int neverbleed_init(neverbleed_t *nb, ch
+     close(pipe_fds[0]);
+     pipe_fds[0] = -1;
+
++#ifndef OPENSSL_NO_ENGINE
+     /* setup engine */
+     if ((nb->engine = ENGINE_new()) == NULL || !ENGINE_set_id(nb->engine, "neverbleed") ||
+         !ENGINE_set_name(nb->engine, "privilege separation software engine") || !ENGINE_set_RSA(nb->engine, rsa_method)
+@@ -1497,6 +1498,7 @@ int neverbleed_init(neverbleed_t *nb, ch
+         goto Fail;
+     }
+     ENGINE_add(nb->engine);
++#endif
+
+     /* setup thread key */
+     pthread_key_create(&nb->thread_key, dispose_thread_data);
+@@ -1515,7 +1517,9 @@ Fail:
+     if (listen_fd != -1)
+         close(listen_fd);
+     if (nb->engine != NULL) {
++#ifndef OPENSSL_NO_ENGINE
+         ENGINE_free(nb->engine);
++#endif
+         nb->engine = NULL;
+     }
+     return -1;
diff --git a/libs/h2o-tiny/patches/800-smaller-write-buffer.patch b/libs/h2o-tiny/patches/800-smaller-write-buffer.patch
@@ -0,0 +1,11 @@
+--- a/include/h2o/http2_internal.h
++++ b/include/h2o/http2_internal.h
+@@ -33,7 +33,7 @@
+ typedef struct st_h2o_http2_conn_t h2o_http2_conn_t;
+ typedef struct st_h2o_http2_stream_t h2o_http2_stream_t;
+
+-#define H2O_HTTP2_DEFAULT_OUTBUF_SIZE 81920 /* the target size of each write call; connection flow control window + alpha */
++#define H2O_HTTP2_DEFAULT_OUTBUF_SIZE 8192 /* the target size of each write call; connection flow control window + alpha */
+ #define H2O_HTTP2_DEFAULT_OUTBUF_SOFT_MAX_SIZE 524288 /* 512KB; stops reading if size exceeds this value */
+
+ /* hpack */