LUCI support SPKI

2019-02-24 00:51:58 +08:00
parent 7828f0ec27
commit 7c2df9c96b
4 changed files with 96 additions and 8 deletions
--- a/package/luci/files/luci/i18n/smartdns.zh-cn.po
+++ b/package/luci/files/luci/i18n/smartdns.zh-cn.po
@@ -139,18 +139,36 @@ msgstr "协议类型"
 msgid "Domain Address"
 msgstr "域名地址"

+msgid "Server Group"
+msgstr "服务器组"
+
+msgid "DNS Server group belongs to, used with nameserver, such as offlce, home."
+msgsr "DNS服务器所属组， 配合nameserver使用，例如：office，home。"
+
 msgid "IP Blacklist Filtering"
 msgstr "IP黑名单过滤"

 msgid "Anti Answer Forgery"
 msgstr "反回答伪造"

-msgid "anti answer forgery, if DNS does not work properly after enabling, please turn off this feature"
+msgid "Anti answer forgery, if DNS does not work properly after enabling, please turn off this feature"
 msgstr "反回答伪造，如果启用后DNS工作不正常，请关闭此功能。"

 msgid "Filtering IP with blacklist"
 msgstr "使用IP黑名单过滤"

+msgid "TLS SPKI Pinning"
+msgstr "TLS SPKI 指纹"
+
+msgid "Used to verify the validity of the TLS server, The value is Base64 encoded SPKI fingerprint, leaving blank to indicate that the validity of TLS is not verified."
+msgstr "用于校验TLS服务器的有效性，数值为Base64编码的SPKI指纹, 留空表示不验证TLS的合法性"
+
+msgid "Additional Server Args"
+msgstr "额外的服务器参数"
+
+msgid "Additional Args for upstream dns servers"
+msgstr "额外的上游DNS服务器参数"
+
 msgid "Upstream DNS Server Configuration"
 msgstr "上游DNS服务器配置"

--- a/package/luci/files/luci/model/cbi/smartdns/upstream.lua
+++ b/package/luci/files/luci/model/cbi/smartdns/upstream.lua
@@ -13,6 +13,35 @@ s = m:section(NamedSection, sid, "server")
 s.anonymous = true
 s.addremove   = false

+---- name
+s:option(Value, "name", translate("DNS Server Name"), translate("DNS Server Name"))
+
+---- IP address
+o = s:option(Value, "ip", translate("ip"), translate("DNS Server ip"))
+o.datatype = "ipaddr"
+o.rmempty = false 
+---- port
+o = s:option(Value, "port", translate("port"), translate("DNS Server port"))
+o.placeholder = "default"
+o.datatype    = "port"
+o.rempty      = true
+
+---- type
+o = s:option(ListValue, "type", translate("type"), translate("DNS Server type"))
+o.placeholder = "udp"
+o:value("udp", translate("udp"))
+o:value("tcp", translate("tcp"))
+o:value("tls", translate("tls"))
+o.default     = "udp"
+o.rempty      = false
+
+---- server group
+o = s:option(Value, "server_group", translate("Server Group"), translate("DNS Server group belongs to, used with nameserver, such as offlce, home."))
+o.rmempty     = true
+o.placeholder = "default"
+o.datatype    = "hostname"
+o.rempty      = true
+
 ---- blacklist_ip
 o = s:option(Flag, "blacklist_ip", translate("IP Blacklist Filtering"), translate("Filtering IP with blacklist"))
 o.rmempty     = false
@@ -22,11 +51,23 @@ o.cfgvalue    = function(...)
 end

 ---- anti-Answer-Forgery
-o = s:option(Flag, "check_edns", translate("Anti Answer Forgery"), translate("anti answer forgery, if DNS does not work properly after enabling, please turn off this feature"))
+o = s:option(Flag, "check_edns", translate("Anti Answer Forgery"), translate("Anti answer forgery, if DNS does not work properly after enabling, please turn off this feature"))
 o.rmempty     = false
 o.default     = o.disabled
 o.cfgvalue    = function(...)
    return Flag.cfgvalue(...) or "0"
 end

+---- SPKI pin
+o = s:option(Value, "spki_pin", translate("TLS SPKI Pinning"), translate("Used to verify the validity of the TLS server, The value is Base64 encoded SPKI fingerprint, leaving blank to indicate that the validity of TLS is not verified."))
+o.default     = ""
+o.datatype    = "wpakey"
+o.rempty      = true
+
+---- other args
+o = s:option(Value, "addition_arg", translate("Additional Server Args"), translate("Additional Args for upstream dns servers"))
+o.default     = ""
+o.rempty      = true
+o.optional    = true
+
 return m
--- a/package/openwrt/files/etc/init.d/smartdns
+++ b/package/openwrt/files/etc/init.d/smartdns
@@ -136,8 +136,11 @@ load_server()
 	config_get "port" "$section" "port" ""
 	config_get "type" "$section" "type" "udp"
 	config_get "ip" "$section" "ip" ""
+	config_get "server_group" "$section" "server_group" ""
 	config_get "blacklist_ip" "$section" "blacklist_ip" "0"
 	config_get "check_edns" "$section" "check_edns" "0"
+	config_get "spki_pin" "$section" "spki_pin" ""
+	config_get "addition_arg" "$section" "addition_arg" ""

 	if [ "$enabled" = "0" ]; then
 		return
@@ -160,6 +163,10 @@ load_server()
 		fi
 	fi

+	if [ ! -z "$server_group" ]; then
+		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -group $server_group"
+	fi
+
 	if [ "$blacklist_ip" != "0" ]; then
 		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -blacklist-ip"
 	fi
@@ -168,13 +175,17 @@ load_server()
 		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -check-edns"
 	fi

+	if [ ! -z "$spki_pin" ]; then
+		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -spki-pin $spki_pin"
+	fi
+
 	if [ ! -z "$port" ]; then
 		DNS_ADDRESS="$ip:$port"
 	else
 		DNS_ADDRESS="$ip"
 	fi

-	conf_append "$SERVER" "$DNS_ADDRESS $ADDITIONAL_ARGS"
+	conf_append "$SERVER" "$DNS_ADDRESS $ADDITIONAL_ARGS $addition_arg"
 }

 load_service() {
--- a/src/dns_client.c
+++ b/src/dns_client.c
@@ -363,6 +363,26 @@ static struct dns_server_group *_dns_client_get_group(const char *group_name)
 	return NULL;
 }

+/* get server group by name */
+static struct dns_server_group *_dns_client_get_dnsserver_group(const char *group_name)
+{
+	struct dns_server_group *group = _dns_client_get_group(group_name);
+
+	if (group == NULL) {
+		group = client.default_group;
+		tlog(TLOG_DEBUG, "send query to group %s", DNS_SERVER_GROUP_DEFAULT);
+	} else {
+		if (list_empty(&group->head)) {
+			group = client.default_group;
+			tlog(TLOG_DEBUG, "send query to group %s", DNS_SERVER_GROUP_DEFAULT);
+		} else {
+			tlog(TLOG_DEBUG, "send query to group %s", group_name);
+		}
+	}
+
+	return group;
+}
+
 /* add server to group */
 static int _dns_client_add_to_group(char *group_name, struct dns_server_info *server_info)
 {
@@ -2208,12 +2228,10 @@ int dns_client_query(char *domain, int qtype, dns_client_callback callback, void
 	query->qtype = qtype;
 	query->send_tick = 0;
 	query->sid = atomic_inc_return(&dns_client_sid);
-	query->server_group = _dns_client_get_group(group_name);
+	query->server_group = _dns_client_get_dnsserver_group(group_name);
 	if (query->server_group == NULL) {
-		query->server_group = client.default_group;
-		tlog(TLOG_DEBUG, "send query to group %s", DNS_SERVER_GROUP_DEFAULT);
-	} else {
-		tlog(TLOG_DEBUG, "send query to group %s", group_name);
+		tlog(TLOG_ERROR, "get dns server group %s failed.", group_name);
+		goto errout;
 	}

 	_dns_client_query_get(query);