From ce9e5e16ff325a349cd8efd86b9380f7da415fd3 Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Wed, 27 Apr 2016 11:14:01 +0200 Subject: [PATCH] dnsmasq: Add conntrack support in the full variant Conntrack support reads the connection track mark associated with incoming DNS queries and sets the same mark value on the upstream forwarded DNS query. This can be usefull to track traffic generated by dnsmasq to associate it with the clients who generate the queries, usefull for bandwidth accouting and firewall. Signed-off-by: Hans Dedecker --- package/network/services/dnsmasq/Makefile | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index a5b96a3d28e7..3f12a40cd33f 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -25,7 +25,8 @@ PKG_BUILD_PARALLEL:=1 PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \ - CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset + CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset \ + CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack include $(INCLUDE_DIR)/package.mk @@ -51,9 +52,10 @@ endef define Package/dnsmasq-full $(call Package/dnsmasq/Default) - TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset enabled by default) + TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset, Conntrack enabled by default) DEPENDS:=+PACKAGE_dnsmasq_full_dnssec:libnettle \ - +PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset + +PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset \ + +PACKAGE_dnsmasq_full_conntrack:libnetfilter-conntrack VARIANT:=full endef @@ -70,8 +72,8 @@ endef define Package/dnsmasq-full/description $(call Package/dnsmasq/description) -This is a fully configurable variant with DHCPv6, DNSSEC, Authroitative DNS and -IPset support enabled by default. +This is a fully configurable variant with DHCPv6, DNSSEC, Authoritative DNS and +IPset, Conntrack support enabled by default. endef define Package/dnsmasq/conffiles @@ -94,6 +96,9 @@ define Package/dnsmasq-full/config config PACKAGE_dnsmasq_full_ipset bool "Build with IPset support." default y + config PACKAGE_dnsmasq_full_conntrack + bool "Build with Conntrack support." + default y endif endef @@ -113,7 +118,8 @@ ifeq ($(BUILD_VARIANT),full) COPTS += $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6),,-DNO_DHCP6) \ $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \ $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \ - $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) + $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) \ + $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack),-DHAVE_CONNTRACK,) COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,) else COPTS += -DNO_AUTH -DNO_IPSET -- 2.30.2