diff --git a/etc/smartdns/smartdns.conf b/etc/smartdns/smartdns.conf index 25ed2c87aa..f0a70faa59 100644 --- a/etc/smartdns/smartdns.conf +++ b/etc/smartdns/smartdns.conf @@ -44,6 +44,8 @@ # -no-dualstack-selection: Disable dualstack ip selection. # -no-ip-alias: ignore ip alias. # -force-aaaa-soa: force AAAA query return SOA. +# -force-https-soa: force HTTPS query return SOA. +# -no-serve-expired: no serve expired. # -ipset ipsetname: use ipset rule. # -nftset nftsetname: use nftset rule. # example: @@ -284,9 +286,10 @@ log-level info # ipset-timeout [yes] # specific ipset to domain -# ipset /domain/[ipset|-] -# ipset /www.example.com/block, set ipset with ipset name of block -# ipset /www.example.com/-, ignore this domain +# ipset /domain/[ipsetname|#4:v4setname|#6:v6setname|-|#4:-|#6:-] +# ipset [ipsetname|#4:v4setname|#6:v6setname], set global ipset. +# ipset /www.example.com/block, set ipset with ipset name of block. +# ipset /www.example.com/-, ignore this domain. # add to ipset when ping is unreachable # ipset-no-speed ipsetname @@ -306,6 +309,7 @@ log-level info # specific nftset to domain # nftset /domain/[#4:ip#table#set,#6:ipv6#table#setv6] +# nftset [#4:ip#table#set,#6:ipv6#table#setv6] set global nftset. # nftset /www.example.com/ip#table#set, equivalent to 'nft add element ip table set { ... }' # nftset /www.example.com/-, ignore this domain # nftset /www.example.com/#6:-, ignore ipv6 diff --git a/package/linux/install b/package/linux/install index 8c3e7276b6..ac5782431a 100644 --- a/package/linux/install +++ b/package/linux/install @@ -24,6 +24,7 @@ showhelp() echo "Options:" echo " -i install smartdns." echo " -u uninstall smartdns." + echo " -U upgrade install smartdns." echo " --prefix [dir] prefix directory." echo " -h show this message." } @@ -223,7 +224,7 @@ main() { ACTION="" - OPTS=`getopt -o iuh --long help,prefix: \ + OPTS=`getopt -o iuhU --long help,prefix: \ -n "" -- "$@"` if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi @@ -246,6 +247,9 @@ main() -u ) ACTION="UNINSTALL" shift ;; + -U ) + ACTION="UPGRADE" + shift ;; -- ) shift; break ;; * ) break ;; esac @@ -262,7 +266,14 @@ main() elif [ "$ACTION" = "UNINSTALL" ]; then uninstall_smartdns return 0 - fi + elif [ "$ACTION" = "UPGRADE" ]; then + uninstall_smartdns + install_smartdns + return $? + else + showhelp + return 1 + fi } diff --git a/package/luci-compat/files/luci/model/cbi/smartdns/smartdns.lua b/package/luci-compat/files/luci/model/cbi/smartdns/smartdns.lua index b3f1369028..f9b73a6801 100644 --- a/package/luci-compat/files/luci/model/cbi/smartdns/smartdns.lua +++ b/package/luci-compat/files/luci/model/cbi/smartdns/smartdns.lua @@ -271,6 +271,11 @@ o.cfgvalue = function(...) return Flag.cfgvalue(...) or "1" end +o = s:taboption("advanced", Value, "ipset_name", translate("IPset Name"), translate("IPset name.")) +o.rmempty = true +o.datatype = "string" +o.rempty = true + ---- Ipset no speed. o = s:taboption("advanced", Value, "ipset_no_speed", translate("No Speed IPset Name"), translate("Ipset name, Add domain result to ipset when speed check fails.")); @@ -278,6 +283,22 @@ o.rmempty = true; o.datatype = "hostname"; o.rempty = true; +o = s:taboption("advanced", Value, "nftset_name", translate("NFTset Name"), translate("NFTset name, format: [#[4|6]:[family#table#set]]")) +o.rmempty = true +o.datatype = "string" +o.rempty = true +function o.validate(self, value) + if (value == "") then + return value + end + + if (value:match("#[4|6]:[a-zA-Z0-9%-_]+#[a-zA-Z0-9%-_]+#[a-zA-Z0-9%-_]+$")) then + return value + end + + return nil, translate("NFTset name format error, format: [#[4|6]:[family#table#set]]") +end + ---- NFTset no speed. o = s:taboption("advanced", Value, "nftset_no_speed", translate("No Speed NFTset Name"), translate("Nftset name, Add domain result to nftset when speed check fails, format: [#[4|6]:[family#table#set]]")); @@ -434,6 +455,13 @@ o.cfgvalue = function(...) return Flag.cfgvalue(...) or "0" end +o = s:taboption("seconddns", Flag, "seconddns_force_https_soa", translate("Force HTTPS SOA"), translate("Force HTTPS SOA.")) +o.rmempty = false +o.default = o.disabled +o.cfgvalue = function(...) + return Flag.cfgvalue(...) or "0" +end + o = s:taboption("seconddns", Flag, "seconddns_no_ip_alias", translate("Skip IP Alias")) o.rmempty = true o.default = o.disabled @@ -443,7 +471,7 @@ end o = s:taboption("seconddns", Value, "seconddns_ipset_name", translate("IPset Name"), translate("IPset name.")) o.rmempty = true -o.datatype = "hostname" +o.datatype = "string" o.rempty = true o = s:taboption("seconddns", Value, "seconddns_nftset_name", translate("NFTset Name"), translate("NFTset name, format: [#[4|6]:[family#table#set]]")) diff --git a/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js b/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js index dde6ed11d0..a94c2f4f3d 100644 --- a/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js +++ b/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js @@ -331,6 +331,26 @@ return view.extend({ o.rmempty = false; o.default = o.enabled; + // ipset name; + o = s.taboption("advanced", form.Value, "ipset_name", _("IPset Name"), _("IPset name.")); + o.rmempty = true; + o.datatype = "string"; + o.rempty = true; + o.validate = function (section_id, value) { + if (value == "") { + return true; + } + + var ipset = value.split(",") + for (var i = 0; i < ipset.length; i++) { + if (!ipset[i].match(/^(#[4|6]:)?[a-zA-Z0-9\-_]+$/)) { + return _("ipset name format error, format: [#[4|6]:]ipsetname"); + } + } + + return true; + } + // Ipset no speed. o = s.taboption("advanced", form.Value, "ipset_no_speed", _("No Speed IPset Name"), _("Ipset name, Add domain result to ipset when speed check fails.")); @@ -351,6 +371,26 @@ return view.extend({ return true; } + + // NFTset name; + o = s.taboption("advanced", form.Value, "nftset_name", _("NFTset Name"), _("NFTset name, format: [#[4|6]:[family#table#set]]")); + o.rmempty = true; + o.datatype = "string"; + o.rempty = true; + o.validate = function (section_id, value) { + if (value == "") { + return true; + } + + var nftset = value.split(",") + for (var i = 0; i < nftset.length; i++) { + if (!nftset[i].match(/^#[4|6]:[a-zA-Z0-9\-_]+#[a-zA-Z0-9\-_]+#[a-zA-Z0-9\-_]+$/)) { + return _("NFTset name format error, format: [#[4|6]:[family#table#set]]"); + } + } + + return true; + } // NFTset no speed. o = s.taboption("advanced", form.Value, "nftset_no_speed", _("No Speed NFTset Name"), @@ -503,6 +543,11 @@ return view.extend({ o = s.taboption("seconddns", form.Flag, "seconddns_force_aaaa_soa", _("Force AAAA SOA"), _("Force AAAA SOA.")); o.rmempty = true; o.default = o.disabled; + + // Force HTTPS SOA + o = s.taboption("seconddns", form.Flag, "seconddns_force_https_soa", _("Force HTTPS SOA"), _("Force HTTPS SOA.")); + o.rmempty = true; + o.default = o.disabled; o = s.taboption("seconddns", form.Flag, "seconddns_no_ip_alias", _("Skip IP Alias")); o.rmempty = true; diff --git a/package/openwrt/files/etc/init.d/smartdns b/package/openwrt/files/etc/init.d/smartdns index 6017ff17ed..aab02afe82 100644 --- a/package/openwrt/files/etc/init.d/smartdns +++ b/package/openwrt/files/etc/init.d/smartdns @@ -484,6 +484,9 @@ load_second_server() config_get_bool seconddns_force_aaaa_soa "$section" "seconddns_force_aaaa_soa" "0" [ "$seconddns_force_aaaa_soa" = "1" ] && ARGS="$ARGS -force-aaaa-soa" + config_get_bool seconddns_force_https_soa "$section" "seconddns_force_https_soa" "0" + [ "$seconddns_force_https_soa" = "1" ] && ARGS="$ARGS -force-https-soa" + config_get_bool seconddns_no_ip_alias "$section" "seconddns_no_ip_alias" "0" [ "$seconddns_no_ip_alias" = "1" ] && ARGS="$ARGS -no-ip-alias" @@ -605,6 +608,12 @@ load_service() config_get auto_set_dnsmasq "$section" "auto_set_dnsmasq" "1" + config_get ipset_name "$section" "ipset_name" "" + [ -z "$ipset_name" ] || conf_append "ipset" "$ipset_name" + + config_get nftset_name "$section" "nftset_name" "" + [ -z "$nftset_name" ] || conf_append "nftset" "$nftset_name" + config_get ipset_no_speed "$section" "ipset_no_speed" "" [ -z "$ipset_no_speed" ] || conf_append "ipset-no-speed" "$ipset_no_speed" diff --git a/src/dns_client.c b/src/dns_client.c index 45505fbc12..4220c4fc6d 100644 --- a/src/dns_client.c +++ b/src/dns_client.c @@ -612,14 +612,18 @@ static struct dns_server_group *_dns_client_get_dnsserver_group(const char *grou struct dns_server_group *group = _dns_client_get_group(group_name); if (group == NULL) { - group = client.default_group; + goto use_default; } else { if (list_empty(&group->head)) { - group = client.default_group; + tlog(TLOG_INFO, "group %s not exist, use default group.", group_name); + goto use_default; } } return group; + +use_default: + return client.default_group; } /* add server to group */ @@ -1228,7 +1232,8 @@ static int _dns_client_server_add(char *server_ip, char *server_host, int port, snprintf(ifname, sizeof(ifname), "@%s", flags->ifname); } - tlog(TLOG_INFO, "add server %s:%d%s, type: %s", server_ip, port, ifname, _dns_server_get_type_string(server_info->type)); + tlog(TLOG_INFO, "add server %s:%d%s, type: %s", server_ip, port, ifname, + _dns_server_get_type_string(server_info->type)); return 0; errout: diff --git a/src/dns_conf.c b/src/dns_conf.c index cd847f4474..3566aad66e 100644 --- a/src/dns_conf.c +++ b/src/dns_conf.c @@ -163,8 +163,10 @@ int dns_conf_force_AAAA_SOA; int dns_conf_force_no_cname; int dns_conf_ipset_timeout_enable; struct dns_ipset_names dns_conf_ipset_no_speed; +struct dns_ipset_names dns_conf_ipset; int dns_conf_nftset_timeout_enable; struct dns_nftset_names dns_conf_nftset_no_speed; +struct dns_nftset_names dns_conf_nftset; int dns_conf_nftset_debug_enable; int dns_conf_mdns_lookup; @@ -318,10 +320,15 @@ static int _get_domain(char *value, char *domain, int max_domain_size, char **pt } size_t domain_len = max_domain_size; - domain_len = utf8_to_punycode(begin, len, domain, domain_len); - if (domain_len <= 0) { - tlog(TLOG_ERROR, "domain name %s invalid", value); - goto errout; + if (strncmp(begin, "domain-set:", sizeof("domain-set:") - 1) == 0) { + memcpy(domain, begin, len); + domain_len = len; + } else { + domain_len = utf8_to_punycode(begin, len, domain, domain_len); + if (domain_len <= 0) { + tlog(TLOG_ERROR, "domain name %s invalid", value); + goto errout; + } } domain[domain_len] = '\0'; @@ -887,21 +894,28 @@ static int _config_set_rule_each_from_list(const char *file, set_rule_add_func c return ret; } -static int _config_domain_rule_set_each(const char *domain_set, set_rule_add_func callback, void *priv) +static struct dns_domain_set_name_list *_config_get_domain_set_name_list(const char *name) { - struct dns_domain_set_name_list *set_name_list = NULL; - struct dns_domain_set_name *set_name_item = NULL; - uint32_t key = 0; + struct dns_domain_set_name_list *set_name_list = NULL; - key = hash_string(domain_set); + key = hash_string(name); hash_for_each_possible(dns_domain_set_name_table.names, set_name_list, node, key) { - if (strcmp(set_name_list->name, domain_set) == 0) { - break; + if (strcmp(set_name_list->name, name) == 0) { + return set_name_list; } } + return NULL; +} + +static int _config_domain_rule_set_each(const char *domain_set, set_rule_add_func callback, void *priv) +{ + struct dns_domain_set_name_list *set_name_list = NULL; + struct dns_domain_set_name *set_name_item = NULL; + + set_name_list = _config_get_domain_set_name_list(domain_set); if (set_name_list == NULL) { tlog(TLOG_WARN, "domain set %s not found.", domain_set); return -1; @@ -1223,6 +1237,7 @@ static int _conf_domain_rule_ipset(char *domain, const char *ipsetname) char *copied_name = NULL; enum domain_rule type = 0; int ignore_flag = 0; + int ret = -1; copied_name = strdup(ipsetname); @@ -1272,6 +1287,7 @@ static int _conf_domain_rule_ipset(char *domain, const char *ipsetname) ipset_rule = NULL; } + ret = 0; goto clear; errout: @@ -1286,42 +1302,18 @@ static int _conf_domain_rule_ipset(char *domain, const char *ipsetname) free(copied_name); } - return 0; -} - -static int _config_ipset(void *data, int argc, char *argv[]) -{ - char domain[DNS_MAX_CONF_CNAME_LEN]; - char *value = argv[1]; - - if (argc <= 1) { - goto errout; - } - - if (_get_domain(value, domain, DNS_MAX_CONF_CNAME_LEN, &value) != 0) { - goto errout; - } - - return _conf_domain_rule_ipset(domain, value); -errout: - tlog(TLOG_ERROR, "add ipset %s failed", value); - return 0; + return ret; } -static int _config_ipset_no_speed(void *data, int argc, char *argv[]) +static int _config_ipset_setvalue(struct dns_ipset_names *ipsets, const char *ipsetvalue) { - char *ipsetname = argv[1]; char *copied_name = NULL; const char *ipset = NULL; struct dns_ipset_rule *ipset_rule_array[2] = {NULL, NULL}; char *ipset_rule_enable_array[2] = {NULL, NULL}; int ipset_num = 0; - if (argc <= 1) { - goto errout; - } - - copied_name = strdup(ipsetname); + copied_name = strdup(ipsetvalue); if (copied_name == NULL) { goto errout; @@ -1330,12 +1322,12 @@ static int _config_ipset_no_speed(void *data, int argc, char *argv[]) for (char *tok = strtok(copied_name, ","); tok && ipset_num <= 2; tok = strtok(NULL, ",")) { if (tok[0] == '#') { if (strncmp(tok, "#6:", 3U) == 0) { - ipset_rule_array[ipset_num] = &dns_conf_ipset_no_speed.ipv6; - ipset_rule_enable_array[ipset_num] = &dns_conf_ipset_no_speed.ipv6_enable; + ipset_rule_array[ipset_num] = &ipsets->ipv6; + ipset_rule_enable_array[ipset_num] = &ipsets->ipv6_enable; ipset_num++; } else if (strncmp(tok, "#4:", 3U) == 0) { - ipset_rule_array[ipset_num] = &dns_conf_ipset_no_speed.ipv4; - ipset_rule_enable_array[ipset_num] = &dns_conf_ipset_no_speed.ipv4_enable; + ipset_rule_array[ipset_num] = &ipsets->ipv4; + ipset_rule_enable_array[ipset_num] = &ipsets->ipv4_enable; ipset_num++; } else { goto errout; @@ -1344,11 +1336,9 @@ static int _config_ipset_no_speed(void *data, int argc, char *argv[]) } if (ipset_num == 0) { - ipset_rule_array[1] = &dns_conf_ipset_no_speed.ipv6; - ipset_rule_enable_array[1] = &dns_conf_ipset_no_speed.ipv6_enable; - ipset_rule_array[0] = &dns_conf_ipset_no_speed.ipv4; - ipset_rule_enable_array[0] = &dns_conf_ipset_no_speed.ipv4_enable; - ipset_num = 2; + ipset_rule_array[0] = &ipsets->inet; + ipset_rule_enable_array[0] = &ipsets->inet_enable; + ipset_num = 1; } if (strncmp(tok, "-", 1) == 0) { @@ -1376,6 +1366,57 @@ static int _config_ipset_no_speed(void *data, int argc, char *argv[]) free(copied_name); } + return 0; +} + +static int _config_ipset(void *data, int argc, char *argv[]) +{ + char domain[DNS_MAX_CONF_CNAME_LEN]; + char *value = argv[1]; + int ret = 0; + + if (argc <= 1) { + goto errout; + } + + if (_get_domain(value, domain, DNS_MAX_CONF_CNAME_LEN, &value) != 0) { + if (strstr(value, "/")) { + goto errout; + } + + if (_config_ipset_setvalue(&dns_conf_ipset, value) != 0) { + ret = -1; + goto errout; + } + + return 0; + } + + ret = _conf_domain_rule_ipset(domain, value); + if (ret != 0) { + goto errout; + } + + return 0; +errout: + tlog(TLOG_WARN, "add ipset %s failed.", value); + return ret; +} + +static int _config_ipset_no_speed(void *data, int argc, char *argv[]) +{ + char *ipsetname = argv[1]; + + if (argc <= 1) { + goto errout; + } + + if (_config_ipset_setvalue(&dns_conf_ipset_no_speed, ipsetname) != 0) { + goto errout; + } + + return 0; +errout: tlog(TLOG_ERROR, "add ipset-no-speed %s failed", ipsetname); return 0; } @@ -1549,23 +1590,23 @@ static int _config_nftset(void *data, int argc, char *argv[]) return 0; } -static int _config_nftset_no_speed(void *data, int argc, char *argv[]) +static int _config_nftset_setvalue(struct dns_nftset_names *nftsets, const char *nftsetvalue) { const struct dns_nftset_name *nftset = NULL; char *copied_name = NULL; - char *nftsetname = argv[1]; int nftset_num = 0; char *setname = NULL; char *tablename = NULL; char *family = NULL; + int ret = -1; struct dns_nftset_rule *nftset_rule_array[2] = {NULL, NULL}; char *nftset_rule_enable_array[2] = {NULL, NULL}; - if (argc <= 1) { + if (nftsetvalue == NULL) { goto errout; } - copied_name = strdup(nftsetname); + copied_name = strdup(nftsetvalue); if (copied_name == NULL) { goto errout; @@ -1576,13 +1617,13 @@ static int _config_nftset_no_speed(void *data, int argc, char *argv[]) char *tok_set = NULL; if (strncmp(tok, "#4:", 3U) == 0) { - dns_conf_nftset_no_speed.ip_enable = 1; - nftset_rule_array[nftset_num] = &dns_conf_nftset_no_speed.ip; - nftset_rule_enable_array[nftset_num] = &dns_conf_nftset_no_speed.ip_enable; + nftsets->ip_enable = 1; + nftset_rule_array[nftset_num] = &nftsets->ip; + nftset_rule_enable_array[nftset_num] = &nftsets->ip_enable; nftset_num++; } else if (strncmp(tok, "#6:", 3U) == 0) { - nftset_rule_enable_array[nftset_num] = &dns_conf_nftset_no_speed.ip6_enable; - nftset_rule_array[nftset_num] = &dns_conf_nftset_no_speed.ip6; + nftset_rule_enable_array[nftset_num] = &nftsets->ip6_enable; + nftset_rule_array[nftset_num] = &nftsets->ip6; nftset_num++; } else if (strncmp(tok, "-", 2U) == 0) { continue; @@ -1594,10 +1635,10 @@ static int _config_nftset_no_speed(void *data, int argc, char *argv[]) tok_set = tok + 3; if (nftset_num == 0) { - nftset_rule_array[0] = &dns_conf_nftset_no_speed.ip; - nftset_rule_enable_array[0] = &dns_conf_nftset_no_speed.ip_enable; - nftset_rule_array[1] = &dns_conf_nftset_no_speed.ip6; - nftset_rule_enable_array[1] = &dns_conf_nftset_no_speed.ip6_enable; + nftset_rule_array[0] = &nftsets->ip; + nftset_rule_enable_array[0] = &nftsets->ip_enable; + nftset_rule_array[1] = &nftsets->ip6; + nftset_rule_enable_array[1] = &nftsets->ip6_enable; nftset_num = 2; } @@ -1636,15 +1677,34 @@ static int _config_nftset_no_speed(void *data, int argc, char *argv[]) nftset_num = 0; } + ret = 0; goto clear; errout: - tlog(TLOG_ERROR, "add nftset %s failed", nftsetname); + ret = -1; clear: if (copied_name) { free(copied_name); } + return ret; +} + +static int _config_nftset_no_speed(void *data, int argc, char *argv[]) +{ + char *nftsetname = argv[1]; + + if (argc <= 1) { + goto errout; + } + + if (_config_nftset_setvalue(&dns_conf_nftset_no_speed, nftsetname) != 0) { + goto errout; + } + + return 0; +errout: + tlog(TLOG_ERROR, "add nftset %s failed", nftsetname); return 0; } @@ -2286,6 +2346,8 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type) {"no-dualstack-selection", no_argument, NULL, 'D'}, {"no-ip-alias", no_argument, NULL, 'a'}, {"force-aaaa-soa", no_argument, NULL, 'F'}, + {"no-serve-expired", no_argument, NULL, 253}, + {"force-https-soa", no_argument, NULL, 254}, {"ipset", required_argument, NULL, 255}, {"nftset", required_argument, NULL, 256}, {NULL, no_argument, NULL, 0} @@ -2375,12 +2437,26 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type) server_flag |= BIND_FLAG_FORCE_AAAA_SOA; break; } + case 253: { + server_flag |= BIND_FLAG_NO_SERVE_EXPIRED; + break; + } + case 254: { + server_flag |= BIND_FLAG_FORCE_HTTPS_SOA; + break; + } case 255: { _config_bind_ip_parser_ipset(bind_ip, &server_flag, optarg); + server_flag |= BIND_FLAG_NO_DUALSTACK_SELECTION; + server_flag |= BIND_FLAG_NO_PREFETCH; + server_flag |= BIND_FLAG_NO_SERVE_EXPIRED; break; } case 256: { _config_bind_ip_parser_nftset(bind_ip, &server_flag, optarg); + server_flag |= BIND_FLAG_NO_DUALSTACK_SELECTION; + server_flag |= BIND_FLAG_NO_PREFETCH; + server_flag |= BIND_FLAG_NO_SERVE_EXPIRED; break; } default: @@ -3665,6 +3741,7 @@ static int _conf_domain_rules(void *data, int argc, char *argv[]) {"ipset", required_argument, NULL, 'p'}, {"nftset", required_argument, NULL, 't'}, {"nameserver", required_argument, NULL, 'n'}, + {"group", required_argument, NULL, 'n'}, {"dualstack-ip-selection", required_argument, NULL, 'd'}, {"cname", required_argument, NULL, 'A'}, {"rr-ttl", required_argument, NULL, 251}, @@ -3687,6 +3764,16 @@ static int _conf_domain_rules(void *data, int argc, char *argv[]) goto errout; } + /* check domain set exists. */ + if (strncmp(domain, "domain-set:", sizeof("domain-set:") - 1) == 0) { + const char *set_name = domain + sizeof("domain-set:") - 1; + struct dns_domain_set_name_list *name = _config_get_domain_set_name_list(set_name); + if (name == NULL) { + tlog(TLOG_ERROR, "domain set '%s' not found.", set_name); + goto errout; + } + } + /* process extra options */ optind = 1; while (1) { diff --git a/src/dns_conf.h b/src/dns_conf.h index b55a7866a2..0700986cf7 100644 --- a/src/dns_conf.h +++ b/src/dns_conf.h @@ -148,6 +148,9 @@ typedef enum { #define BIND_FLAG_NO_RULE_CNAME (1 << 9) #define BIND_FLAG_NO_RULE_NFTSET (1 << 10) #define BIND_FLAG_NO_IP_ALIAS (1 << 11) +#define BIND_FLAG_NO_PREFETCH (1 << 12) +#define BIND_FLAG_FORCE_HTTPS_SOA (1 << 13) +#define BIND_FLAG_NO_SERVE_EXPIRED (1 << 14) enum response_mode_type { DNS_RESPONSE_MODE_FIRST_PING_IP = 0, @@ -189,12 +192,15 @@ struct dns_ipset_rule { }; struct dns_ipset_names { + char inet_enable; char ipv4_enable; char ipv6_enable; + struct dns_ipset_rule inet; struct dns_ipset_rule ipv4; struct dns_ipset_rule ipv6; }; extern struct dns_ipset_names dns_conf_ipset_no_speed; +extern struct dns_ipset_names dns_conf_ipset; struct dns_cname_rule { struct dns_rule head; @@ -231,6 +237,7 @@ struct dns_nftset_names { struct dns_nftset_rule ip6; }; extern struct dns_nftset_names dns_conf_nftset_no_speed; +extern struct dns_nftset_names dns_conf_nftset; struct dns_domain_rule { struct dns_rule head; diff --git a/src/dns_server.c b/src/dns_server.c index 2ea790ae80..9873581b8e 100644 --- a/src/dns_server.c +++ b/src/dns_server.c @@ -1889,6 +1889,14 @@ static int _dns_server_setup_ipset_nftset_packet(struct dns_server_post_context if (ipset_rule == NULL) { ipset_rule = _dns_server_get_bind_ipset_nftset_rule(request, DOMAIN_RULE_IPSET); } + + if (ipset_rule == NULL && dns_conf_ipset.inet_enable) { + ipset_rule = &dns_conf_ipset.inet; + } + + if (ipset_rule == NULL && check_no_speed_rule && dns_conf_ipset_no_speed.inet_enable) { + ipset_rule_v4 = &dns_conf_ipset_no_speed.inet; + } } if (!rule_flags || (rule_flags->flags & DOMAIN_FLAG_IPSET_IPV4_IGN) == 0) { @@ -1897,7 +1905,11 @@ static int _dns_server_setup_ipset_nftset_packet(struct dns_server_post_context ipset_rule_v4 = _dns_server_get_bind_ipset_nftset_rule(request, DOMAIN_RULE_IPSET_IPV4); } - if (ipset_rule == NULL && check_no_speed_rule && dns_conf_ipset_no_speed.ipv4_enable) { + if (ipset_rule_v4 == NULL && ipset_rule == NULL && dns_conf_ipset.ipv4_enable) { + ipset_rule_v4 = &dns_conf_ipset.ipv4; + } + + if (ipset_rule_v4 == NULL && check_no_speed_rule && dns_conf_ipset_no_speed.ipv4_enable) { ipset_rule_v4 = &dns_conf_ipset_no_speed.ipv4; } } @@ -1908,6 +1920,10 @@ static int _dns_server_setup_ipset_nftset_packet(struct dns_server_post_context ipset_rule_v6 = _dns_server_get_bind_ipset_nftset_rule(request, DOMAIN_RULE_IPSET_IPV6); } + if (ipset_rule_v6 == NULL && ipset_rule == NULL && dns_conf_ipset.ipv6_enable) { + ipset_rule_v6 = &dns_conf_ipset.ipv6; + } + if (ipset_rule_v6 == NULL && check_no_speed_rule && dns_conf_ipset_no_speed.ipv6_enable) { ipset_rule_v6 = &dns_conf_ipset_no_speed.ipv6; } @@ -1919,6 +1935,10 @@ static int _dns_server_setup_ipset_nftset_packet(struct dns_server_post_context nftset_ip = _dns_server_get_bind_ipset_nftset_rule(request, DOMAIN_RULE_NFTSET_IP); } + if (nftset_ip == NULL && dns_conf_nftset.ip_enable) { + nftset_ip = &dns_conf_nftset.ip; + } + if (nftset_ip == NULL && check_no_speed_rule && dns_conf_nftset_no_speed.ip_enable) { nftset_ip = &dns_conf_nftset_no_speed.ip; } @@ -1931,6 +1951,10 @@ static int _dns_server_setup_ipset_nftset_packet(struct dns_server_post_context nftset_ip6 = _dns_server_get_bind_ipset_nftset_rule(request, DOMAIN_RULE_NFTSET_IP6); } + if (nftset_ip6 == NULL && dns_conf_nftset.ip6_enable) { + nftset_ip6 = &dns_conf_nftset.ip6; + } + if (nftset_ip6 == NULL && check_no_speed_rule && dns_conf_nftset_no_speed.ip6_enable) { nftset_ip6 = &dns_conf_nftset_no_speed.ip6; } @@ -4522,6 +4546,19 @@ static int _dns_server_pre_process_server_flags(struct dns_request *request) request->no_ipalias = 1; } + if (_dns_server_has_bind_flag(request, BIND_FLAG_NO_PREFETCH) == 0) { + request->prefetch_flags |= PREFETCH_FLAGS_NOPREFETCH; + } + + if (_dns_server_has_bind_flag(request, BIND_FLAG_NO_SERVE_EXPIRED) == 0) { + request->no_serve_expired = 1; + } + + if (_dns_server_has_bind_flag(request, BIND_FLAG_FORCE_HTTPS_SOA) == 0) { + _dns_server_reply_SOA(DNS_RC_NOERROR, request); + return 0; + } + return -1; } diff --git a/src/tlog.c b/src/tlog.c index 17202df6fe..6ad31d0fc3 100644 --- a/src/tlog.c +++ b/src/tlog.c @@ -716,6 +716,11 @@ static int _tlog_early_print(struct tlog_info_inter *info_inter, const char *for out_len++; } + if (out_len + 1 < sizeof(log_buf) - out_len - 1) { + log_buf[out_len] = '\0'; + out_len++; + } + if (tlog.early_print_output != NULL) { len = tlog.early_print_output(&info_inter->info, log_buf, out_len, tlog.early_print_userptr); if (tlog.early_print_with_screen == 0) {