Merge remote-tracking branch 'origin/development' into new/parseList

Signed-off-by: DL6ER <[email protected]>
pi-hole · May 20, 2023 · 1bcee5f · 1bcee5f
2 parents 6913775 + 2fa2d86
commit 1bcee5f
Show file tree

Hide file tree

Showing 65 changed files with 2,066 additions and 830 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -24,7 +24,7 @@ jobs:
     steps:
       -
         name: Checkout code
-        uses: actions/checkout@v3.4.0
+        uses: actions/checkout@v3.5.2
       -
         name: "Calculate required variables"
         id: variables
@@ -90,7 +90,7 @@ jobs:
     steps:
       -
         name: Checkout code
-        uses: actions/checkout@v3.4.0
+        uses: actions/checkout@v3.5.2
       -
         name: "Fix ownership of repository"
         run: chown -R root .
@@ -133,7 +133,7 @@ jobs:
     steps:
       -
         name: Checkout code
-        uses: actions/checkout@v3.4.0
+        uses: actions/checkout@v3.5.2
       -
         name: Get Binaries built in previous jobs
         uses: actions/[email protected]

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
@@ -10,7 +10,7 @@ jobs:
     steps:
     -
       name: Checkout repository
-      uses: actions/checkout@v3.4.0
+      uses: actions/checkout@v3.5.2
     -
       name: Spell-Checking
       uses: codespell-project/actions-codespell@master

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -2,25 +2,44 @@ name: Mark stale issues
 
 on:
   schedule:
-  - cron: '0 8 * * *'
+    - cron: '0 8 * * *'
   workflow_dispatch:
+  issue_comment:
 
-jobs:
-  stale:
+env:
+  stale_label: stale
 
+jobs:
+  stale_action:
+    if: github.event_name != 'issue_comment'
     runs-on: ubuntu-latest
     permissions:
       issues: write
 
     steps:
-    - uses: actions/stale@v7.0.0
+    - uses: actions/stale@v8.0.0
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         days-before-stale: 30
         days-before-close: 5
         stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
-        stale-issue-label: 'stale'
+        stale-issue-label: $stale_label
         exempt-issue-labels: 'Fixed in next release, Bug, Bug:Confirmed, Bugfix in progress, documentation needed, internal'
         exempt-all-issue-assignees: true
         operations-per-run: 300
         close-issue-reason: 'not_planned'
+
+  remove_stale: # trigger "stale" removal immediately when stale issues are commented on
+    if: github.event_name == 'issue_comment'
+    permissions:
+      contents: read #  for actions/checkout
+      issues: write #  to edit issues label
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+      - name: Remove 'stale' label
+        run: gh issue edit ${{ github.event.issue.number }} --remove-label $stale_label
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
diff --git a/.github/workflows/stale_pr.yml b/.github/workflows/stale_pr.yml
@@ -17,7 +17,7 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/stale@v7.0.0
+      - uses: actions/stale@v8.0.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           # Do not automatically mark PR/issue as stale

diff --git a/.github/workflows/sync-back-to-dev.yml b/.github/workflows/sync-back-to-dev.yml
@@ -11,7 +11,7 @@ jobs:
     name: Syncing branches
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.4.0
+        uses: actions/checkout@v3.5.2
       - name: Opening pull request
         run: gh pr create -B development -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal'
         env:

diff --git a/patch/lua/0001-add-pihole-library.patch b/patch/lua/0001-add-pihole-library.patch
@@ -48,9 +48,9 @@ index 454ce12f..a363925c 100644
 +  ftl_lua_init(L);
 +  /***************************************************/
 +
-   if (!runargs(L, argv, script))  /* execute arguments -e and -l */
+   if (!runargs(L, argv, optlim))  /* execute arguments -e and -l */
      return 0;  /* something failed */
-   if (script < argc &&  /* execute main script (if there is one) */
+   if (script > 0) {  /* execute main script (if there is one) */
 @@ -616,7 +622,9 @@ static int pmain (lua_State *L) {
  }
 

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -116,8 +116,6 @@ set(sources
         daemon.h
         datastructure.c
         datastructure.h
-        dhcp-discover.c
-        dhcp-discover.h
         dnsmasq_interface.c
         dnsmasq_interface.h
         edns0.c
@@ -182,6 +180,7 @@ add_executable(pihole-FTL
         $<TARGET_OBJECTS:lua>
         $<TARGET_OBJECTS:tre-regex>
         $<TARGET_OBJECTS:syscalls>
+        $<TARGET_OBJECTS:tools>
         )
 if(STATIC STREQUAL "true")
     set_target_properties(pihole-FTL PROPERTIES LINK_SEARCH_START_STATIC ON)
@@ -255,3 +254,4 @@ add_subdirectory(lua)
 add_subdirectory(lua/scripts)
 add_subdirectory(tre-regex)
 add_subdirectory(syscalls)
+add_subdirectory(tools)
diff --git a/src/args.c b/src/args.c
@@ -32,10 +32,12 @@
 #include "shmem.h"
 // LUA dependencies
 #include "lua/ftl_lua.h"
-// run_dhcp_discover()
-#include "dhcp-discover.h"
 // gravity_parseList()
 #include "gravity-tools.h"
+// run_dhcp_discover()
+#include "tools/dhcp-discover.h"
+// run_arp_scan()
+#include "tools/arp-scan.h"
 // defined in dnsmasq.c
 extern void print_dnsmasq_version(const char *yellow, const char *green, const char *bold, const char *normal);
 
@@ -188,6 +190,23 @@ void parse_args(int argc, char* argv[])
 		exit(EXIT_FAILURE);
 	}
 
+	// DHCP discovery mode
+	if(argc > 1 && strcmp(argv[1], "dhcp-discover") == 0)
+	{
+		// Enable stdout printing
+		cli_mode = true;
+		exit(run_dhcp_discover());
+	}
+
+	// ARP scanning mode
+	if(argc > 1 && strcmp(argv[1], "arp-scan") == 0)
+	{
+		// Enable stdout printing
+		cli_mode = true;
+		const bool scan_all = argc > 2 && strcmp(argv[2], "-a") == 0;
+		const bool extreme_mode = argc > 2 && strcmp(argv[2], "-x") == 0;
+		exit(run_arp_scan(scan_all, extreme_mode));
+	}
 
 	// start from 1, as argv[0] is the executable name
 	for(int i = 1; i < argc; i++)
@@ -441,14 +460,6 @@ void parse_args(int argc, char* argv[])
 			}
 		}
 
-		// Regex test mode
-		if(strcmp(argv[i], "dhcp-discover") == 0)
-		{
-			// Enable stdout printing
-			cli_mode = true;
-			exit(run_dhcp_discover());
-		}
-
 		// List of implemented arguments
 		if(strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "help") == 0 || strcmp(argv[i], "--help") == 0)
 		{
@@ -521,13 +532,19 @@ void parse_args(int argc, char* argv[])
 
 			printf("%sDebugging and special use:%s\n", yellow, normal);
 			printf("\t%sd%s, %sdebug%s            Enter debugging mode\n", green, normal, green, normal);
-			printf("\t%stest%s                Don't start pihole-FTL but\n", green, normal);
-			printf("\t                    instead quit immediately\n");
+			printf("\t%stest%s                Don't start pihole-FTL but instead\n", green, normal);
+			printf("\t                    quit immediately\n");
 			printf("\t%s-f%s, %sno-daemon%s       Don't go into daemon mode\n\n", green, normal, green, normal);
 
 			printf("%sOther:%s\n", yellow, normal);
 			printf("\t%sdhcp-discover%s       Discover DHCP servers in the local\n", green, normal);
 			printf("\t                    network\n");
+			printf("\t%sarp-scan %s[-a/-x]%s    Use ARP to scan local network for\n", green, cyan, normal);
+			printf("\t                    possible IP conflicts\n");
+			printf("\t                    Append %s-a%s to force scan on all\n", cyan, normal);
+			printf("\t                    interfaces\n");
+			printf("\t                    Append %s-x%s to force scan on all\n", cyan, normal);
+			printf("\t                    interfaces and scan 10x more often\n");
 			printf("\t%s-h%s, %shelp%s            Display this help and exit\n\n", green, normal, green, normal);
 			exit(EXIT_SUCCESS);
 		}

diff --git a/src/capabilities.c b/src/capabilities.c
@@ -21,6 +21,47 @@ static const unsigned int capabilityIDs[]   = { CAP_CHOWN ,  CAP_DAC_OVERRIDE ,
 static const char*        capabilityNames[] = {"CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_DAC_READ_SEARCH", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_SETGID", "CAP_SETUID", "CAP_SETPCAP", "CAP_LINUX_IMMUTABLE", "CAP_NET_BIND_SERVICE", "CAP_NET_BROADCAST", "CAP_NET_ADMIN", "CAP_NET_RAW", "CAP_IPC_LOCK", "CAP_IPC_OWNER", "CAP_SYS_MODULE", "CAP_SYS_RAWIO", "CAP_SYS_CHROOT", "CAP_SYS_PTRACE", "CAP_SYS_PACCT", "CAP_SYS_ADMIN", "CAP_SYS_BOOT", "CAP_SYS_NICE", "CAP_SYS_RESOURCE", "CAP_SYS_TIME", "CAP_SYS_TTY_CONFIG", "CAP_MKNOD", "CAP_LEASE", "CAP_AUDIT_WRITE", "CAP_AUDIT_CONTROL", "CAP_SETFCAP"};
 static const unsigned int numCaps = sizeof(capabilityIDs) / sizeof(*capabilityIDs);
 
+bool check_capability(const unsigned int cap)
+{
+	// First assume header version 1
+	int capsize = 1; // VFS_CAP_U32_1
+	cap_user_data_t data = NULL;
+	cap_user_header_t hdr = calloc(sizeof(*hdr), capsize);
+
+	// Determine capabilities version used by the current kernel
+	capget(hdr, NULL);
+
+	// Check version
+	if (hdr->version != LINUX_CAPABILITY_VERSION_1)
+	{
+		// If unknown version, use largest supported version (3)
+		// Version 2 is deprecated according to linux/capability.h
+		if (hdr->version != LINUX_CAPABILITY_VERSION_2)
+		{
+			hdr->version = LINUX_CAPABILITY_VERSION_3;
+			capsize = 2; // VFS_CAP_U32_3
+		}
+		else
+		{
+			// Use version 2
+			capsize = 2; // VFS_CAP_U32_2
+		}
+	}
+
+	// Get current capabilities
+	data = calloc(sizeof(*data), capsize);
+	capget(hdr, data);
+
+	// Check if the capability is available
+	const bool available = ((data->permitted & (1 << cap)) && (data->effective & (1 << cap)));
+
+	// Free memory
+	free(hdr);
+	free(data);
+
+	return available;
+}
+
 bool check_capabilities(void)
 {
 	// First assume header version 1

diff --git a/src/capabilities.h b/src/capabilities.h
@@ -10,6 +10,7 @@
 #ifndef CAPABILITIES_H
 #define CAPABILITIES_H
 
+bool check_capability(const unsigned int cap);
 bool check_capabilities(void);
 
 #endif //CAPABILITIES_H
diff --git a/src/config.c b/src/config.c
@@ -837,9 +837,6 @@ static char *parse_FTLconf(FILE *fp, const char *key)
 	// Go to beginning of file
 	fseek(fp, 0L, SEEK_SET);
 
-	if(config.debug & DEBUG_EXTRA)
-		logg("initial: conflinebuffer = %p, keystr = %p, size = %zu", conflinebuffer, keystr, size);
-
 	// Set size to zero if conflinebuffer is not available here
 	// This causes getline() to allocate memory for the buffer itself
 	if(conflinebuffer == NULL && size != 0)
@@ -848,11 +845,6 @@ static char *parse_FTLconf(FILE *fp, const char *key)
 	errno = 0;
 	while(getline(&conflinebuffer, &size, fp) != -1)
 	{
-		if(config.debug & DEBUG_EXTRA)
-		{
-			logg("conflinebuffer = %p, keystr = %p, size = %zu", conflinebuffer, keystr, size);
-			logg("  while reading line \"%s\" looking for \"%s\"", conflinebuffer, keystr);
-		}
 		// Check if memory allocation failed
 		if(conflinebuffer == NULL)
 			break;

diff --git a/src/dnsmasq/forward.c b/src/dnsmasq/forward.c
@@ -723,6 +723,10 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
       /* Get extended RCODE. */
       rcode |= sizep[2] << 4;
 
+      // Pi-hole modification: Interpret the pseudoheader before
+      // it might get stripped off below (added_pheader == true)
+      FTL_parse_pseudoheaders(pheader, (size_t)plen);
+
       if (option_bool(OPT_CLIENT_SUBNET) && !check_source(header, plen, pheader, query_source))
 	{
 	  my_syslog(LOG_WARNING, _("discarding DNS reply: subnet option mismatch"));
@@ -783,7 +787,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
       a.log.rcode = rcode;
       a.log.ede = ede;
       log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL, 0);
-      
+
       return resize_packet(header, n, pheader, plen);
     }
 
@@ -1166,6 +1170,8 @@ void reply_query(int fd, time_t now)
 
   server = daemon->serverarray[c];
 
+  FTL_header_analysis(header->hb4, RCODE(header), server, daemon->log_display_id);
+
   if (RCODE(header) != REFUSED)
     daemon->serverarray[first]->last_server = c;
   else if (daemon->serverarray[first]->last_server == c)
@@ -1750,9 +1756,8 @@ void receive_query(struct listener *listen, time_t now)
     have_mark = get_incoming_mark(&source_addr, &dst_addr, /* istcp: */ 0, &mark);
 #endif
   //********************** Pi-hole modification **********************//
-  ednsData edns = { 0 };
-  if (find_pseudoheader(header, (size_t)n, NULL, &pheader, NULL, NULL))
-    FTL_parse_pseudoheaders(header, n, &source_addr, &edns);
+  pheader = find_pseudoheader(header, (size_t)n, NULL, &pheader, NULL, NULL);
+  FTL_parse_pseudoheaders(pheader, (size_t)n);
   //******************************************************************//
 
   if (extract_request(header, (size_t)n, daemon->namebuff, &type))
@@ -1763,7 +1768,7 @@ void receive_query(struct listener *listen, time_t now)
       log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff,
 			   &source_addr, auth_dns ? "auth" : "query", type);
       piholeblocked = FTL_new_query(F_QUERY | F_FORWARD , daemon->namebuff,
-				    &source_addr, auth_dns ? "auth" : "query", type, daemon->log_display_id, &edns, UDP);
+				    &source_addr, auth_dns ? "auth" : "query", type, daemon->log_display_id, UDP);
 
 #ifdef HAVE_CONNTRACK
       is_single_query = 1;
@@ -2086,6 +2091,8 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
   unsigned char *packet = NULL;
   struct dns_header *new_header = NULL;
 
+  FTL_header_analysis(header->hb4, RCODE(header), server, daemon->log_display_id);
+
   while (1)
     {
       size_t m;
@@ -2298,9 +2305,9 @@ unsigned char *tcp_request(int confd, time_t now,
 	no_cache_dnssec = 1;
 
       //********************** Pi-hole modification **********************//
-      ednsData edns = { 0 };
-      if (find_pseudoheader(header, (size_t)size, NULL, &pheader, NULL, NULL))
-        FTL_parse_pseudoheaders(header, size, &peer_addr, &edns);
+      unsigned char *pheader = NULL;
+      pheader = find_pseudoheader(header, (size_t)size, NULL, &pheader, NULL, NULL);
+      FTL_parse_pseudoheaders(pheader, (size_t)size);
       //******************************************************************//
 
       if ((gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype)))
@@ -2320,7 +2327,7 @@ unsigned char *tcp_request(int confd, time_t now,
 				   &peer_addr, auth_dns ? "auth" : "query", qtype);
 
 	      piholeblocked = FTL_new_query(F_QUERY | F_FORWARD, daemon->namebuff,
-					    &peer_addr, auth_dns ? "auth" : "query", qtype, daemon->log_display_id, &edns, TCP);
+					    &peer_addr, auth_dns ? "auth" : "query", qtype, daemon->log_display_id, TCP);
 
 #ifdef HAVE_AUTH
 	      /* find queries for zones we're authoritative for, and answer them directly */