Bug 217900

Summary: dns/dnsmasq: allow to run on PF-less system
Product: Ports & Packages Reporter: op
Component: Individual Port(s)Assignee: Matthias Andree <mandree>
Status: Closed FIXED    
Severity: Affects Some People Keywords: patch
Priority: --- Flags: mandree: maintainer-feedback+
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
0001-HBSD-add-the-ability-to-use-dnsmasq-on-systems-witho.patch none

Description op 2017-03-18 21:16:01 UTC 
Created attachment 180941 [details]
0001-HBSD-add-the-ability-to-use-dnsmasq-on-systems-witho.patch

HBSD: add the ability to use dnsmasq on systems without PF  support

The IPSET functionality in dnsmasq require /dev/pf interface, which
is provided by the PF firewall, but on system with only IPFW enabled,
there are no /dev/pf device. The IPSET functionality is able to
dynamically maintain a PF table from the resolved host names.
Without this functionality the dnsmasq is still fully functional
(like it is on OS X/macOS).

By default keep the historical state (default to enabled IPSET).
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-03-21 22:44:10 UTC 
A commit references this bug:

Author: mandree
Date: Tue Mar 21 22:43:56 UTC 2017
New revision: 436660
URL: https://svnweb.freebsd.org/changeset/ports/436660

Log:
  Allow build on PF-less (NO_IPSET) systems.

  This adds a new ports option, IPSET, defaulting to on.

  Use the opportunity to use the options helpers OPT_CFLAGS[_OFF] on the
  trivial options.

  PR:		217900
  Submitted by:	Oliver Pinter <oliver.pinter@hardenedbsd.org>

Changes:
  head/dns/dnsmasq/Makefile
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-03-21 22:46:14 UTC 
A commit references this bug:

Author: mandree
Date: Tue Mar 21 22:45:44 UTC 2017
New revision: 436661
URL: https://svnweb.freebsd.org/changeset/ports/436661

Log:
  Correct placement of option helpers.

  Related to:
  PR: 217900

Changes:
  head/dns/dnsmasq/Makefile
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-03-21 22:51:20 UTC 
A commit references this bug:

Author: mandree
Date: Tue Mar 21 22:50:44 UTC 2017
New revision: 436662
URL: https://svnweb.freebsd.org/changeset/ports/436662

Log:
  Update to -test4 release, forward port IPSET [1]

  Changes since -test3 release (edited diff from CHANGELOG):
  * Improve logging of upstream servers when there are a lot of "local
    addresses only" entries.
  * Implement RFC 6842.
  * Make --bogus-priv apply to IPv6, for the prefixes specified in RFC6303.

  Forward port IPSET option from ../dnsmasq port, to permit build on
  PF-less systems.

  PR:		217900 [1]
  Submitted by:	Oliver Pinter <oliver.pinter@hardenedbsd.org>

Changes:
  head/dns/dnsmasq-devel/Makefile
  head/dns/dnsmasq-devel/distinfo
Comment 4 Matthias Andree freebsd_committer freebsd_triage 2017-03-21 22:51:51 UTC 
Thanks for your submission, the patch has been applied, and then cleaned up and forward ported to dnsmasq-devel, which was also updated at the time.
Comment 5 op 2017-03-21 22:53:34 UTC 
Thanks for the fast response / commit! Just a small correction related to the commited commit log, this is a runtime fix, and not a build time fix.