ipset-dns: support simultaneously populating IPv4 and IPv6 sets
authorJo-Philipp Wich <jow@openwrt.org>
Mon, 6 May 2013 10:01:45 +0000 (10:01 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Mon, 6 May 2013 10:01:45 +0000 (10:01 +0000)
SVN-Revision: 36554

package/network/services/ipset-dns/files/ipset-dns.config
package/network/services/ipset-dns/files/ipset-dns.init
package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch [new file with mode: 0644]

index 52e87b27cc81d84edd63adc6a5eaaf51313f8223..0270366af755ac0e96fd26bea76d46a99a2cb88f 100644 (file)
@@ -1,7 +1,10 @@
 # declare an ipset-dns listener instance, multiple allowed
 config ipset-dns
-       # use given ipset
-       option ipset 'domain-filter'
+       # use given ipset for type A (IPv4) responses
+       option ipset 'domain-filter-ipv4'
+
+       # use given ipset for type AAAA (IPv6) responses
+       option ipset6 'domain-filter-ipv6'
 
        # use given listening port
        # defaults to 53000 + instance number
index 5d41539a7bd9278b8dbd23554f2adf5c6fe3d9b5..7b732791eae34ed4609a90ac5f0d7d4127dc3f99 100755 (executable)
@@ -21,10 +21,11 @@ find_nameserver() {
 
 start_instance() {
        local cfg="$1"
-       local ipset port dns
+       local ipset ipset6 port dns
 
        config_get ipset "$cfg" ipset
-       [ -n "$ipset" ] || {
+       config_get ipset6 "$cfg" ipset6
+       [ -n "$ipset$ipset6" ] || {
                echo "No ipset specified for instance $cfg" >&2
                return 1
        }
@@ -38,7 +39,7 @@ start_instance() {
        config_get port "$cfg" port $((PORT++))
 
        SERVICE_PID_FILE="/var/run/ipset-dns-$port.pid" \
-               service_start /usr/sbin/ipset-dns "$ipset" "$port" "$dns"
+               service_start /usr/sbin/ipset-dns "$ipset" "$ipset6" "$port" "$dns"
 }
 
 start() {
diff --git a/package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch b/package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch
new file mode 100644 (file)
index 0000000..19669a0
--- /dev/null
@@ -0,0 +1,57 @@
+--- a/ipset-dns.c
++++ b/ipset-dns.c
+@@ -307,19 +307,20 @@ int main(int argc, char *argv[]) 
+       struct timeval tv;
+       char msg[512];
+       char ip[INET6_ADDRSTRLEN];
+-      char *ipset;
++      char *ipset, *ipset6;
+       int listen_sock, upstream_sock;
+       int pos, i, size, af;
+       socklen_t len;
+       size_t received;
+       pid_t child;
+       
+-      if (argc != 4) {
+-              fprintf(stderr, "Usage: %s ipset port upstream\n", argv[0]);
++      if (argc != 5) {
++              fprintf(stderr, "Usage: %s ipv4-ipset ipv6-ipset port upstream\n", argv[0]);
+               return 1;
+       }
+       ipset = argv[1];
++      ipset6 = argv[2];
+       listen_sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+       if (listen_sock < 0) {
+@@ -329,7 +330,7 @@ int main(int argc, char *argv[]) 
+       memset(&listen_addr, 0, sizeof(listen_addr));
+       listen_addr.sin_family = AF_INET;
+-      listen_addr.sin_port = htons(atoi(argv[2]));
++      listen_addr.sin_port = htons(atoi(argv[3]));
+       listen_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+       i = 1;
+       setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));
+@@ -341,7 +342,7 @@ int main(int argc, char *argv[]) 
+       memset(&upstream_addr, 0, sizeof(upstream_addr));
+       upstream_addr.sin_family = AF_INET;
+       upstream_addr.sin_port = htons(53);
+-      inet_aton(argv[3], &upstream_addr.sin_addr);
++      inet_aton(argv[4], &upstream_addr.sin_addr);
+       
+       /* TODO: Put all of the below code in several forks all listening on the same sock. */
+@@ -434,8 +435,11 @@ int main(int argc, char *argv[]) 
+                               continue;
+                       }
++                      if ((af == AF_INET && !*ipset) || (af == AF_INET6 && !*ipset6))
++                              continue;
++
+                       printf("%s: %s\n", answer.dotted, ip);
+-                      if (add_to_ipset(ipset, answer.rdata, af) < 0)
++                      if (add_to_ipset((af == AF_INET) ? ipset : ipset6, answer.rdata, af) < 0)
+                               perror("add_to_ipset");
+               }
+