On 12/14/21 2:09 PM, Ján Tomko wrote:
This bumps the minimum dnsmasq version to the point where we do not need capability probing, reducing it to a version check (which I will be happy to remove on request). Unless I missed something, this also means we no longer need to spawn radvd manually.
The code doesn't lie! If removing the bits that were only true for older dnsmasq removed the lines that ran radvd, then it's true. (I recall that support for RA was added to dnsmasq fairly soon after the original ipv6 support was added, and radvd was left in libvirt only because there were so many downstreams that still had an older dnsmasq).
Note that DNSMASQ_CAPS_BINDTODEVICE was the indication of a downstream mitigation of a CVE that should no longer be needed if we have --bind-dynamic [...]
17 files changed, 83 insertions(+), 569 deletions(-)
Nice!!! After the minor fixes I noted in 03/17 and 08/17 Reviewed-by: Laine Stump <laine@xxxxxxxxxx> /me ponders what I should idly suggest be removed next...