dns_server: fix tcp ping config not working issue and add more ping mode.
This commit is contained in:
Nick Peng
@@ -566,7 +566,7 @@ rtt min/avg/max/mdev = 5.954/6.133/6.313/0.195 ms
|
|||||||
| server-tcp | 上游 TCP DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:指定仅接受参数中配置的 IP 范围。<br>[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-tcp 8.8.8.8:53 |
|
| server-tcp | 上游 TCP DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:指定仅接受参数中配置的 IP 范围。<br>[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-tcp 8.8.8.8:53 |
|
||||||
| server-tls | 上游 TLS DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]:TLS 合法性校验 SPKI 值,base64 编码的 sha256 SPKI pin 值<br>[-host-name]:TLS SNI 名称<br>[-tls-host-verify]:TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围<br>[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-tls 8.8.8.8:853 |
|
| server-tls | 上游 TLS DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]:TLS 合法性校验 SPKI 值,base64 编码的 sha256 SPKI pin 值<br>[-host-name]:TLS SNI 名称<br>[-tls-host-verify]:TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围<br>[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-tls 8.8.8.8:853 |
|
||||||
| server-https | 上游 HTTPS DNS | 无 | 可重复。<br>https://[host][:port]/path:服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]:TLS 合法性校验 SPKI 值,base64 编码的 sha256 SPKI pin 值<br>[-host-name]:TLS SNI 名称<br>[-http-host]:http 协议头主机名<br>[-tls-host-verify]:TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围。<br>[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-https https://cloudflare-dns.com/dns-query |
|
| server-https | 上游 HTTPS DNS | 无 | 可重复。<br>https://[host][:port]/path:服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]:TLS 合法性校验 SPKI 值,base64 编码的 sha256 SPKI pin 值<br>[-host-name]:TLS SNI 名称<br>[-http-host]:http 协议头主机名<br>[-tls-host-verify]:TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围。<br>[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-https https://cloudflare-dns.com/dns-query |
|
||||||
| speed-check-mode | 测速模式选择 | 无 | [ping\|tcp:[80]\|none] | speed-check-mode ping,tcp:80 |
|
| speed-check-mode | 测速模式选择 | 无 | [ping\|tcp:[80]\|none] | speed-check-mode ping,tcp:80,tcp:443 |
|
||||||
| address | 指定域名 IP 地址 | 无 | address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6] <br>- 表示忽略 <br># 表示返回 SOA <br>4 表示 IPv4 <br>6 表示 IPv6 | address /www.example.com/1.2.3.4 |
|
| address | 指定域名 IP 地址 | 无 | address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6] <br>- 表示忽略 <br># 表示返回 SOA <br>4 表示 IPv4 <br>6 表示 IPv6 | address /www.example.com/1.2.3.4 |
|
||||||
| nameserver | 指定域名使用 server 组解析 | 无 | nameserver /domain/[group\|-], group 为组名,- 表示忽略此规则,配套 server 中的 -group 参数使用 | nameserver /www.example.com/office |
|
| nameserver | 指定域名使用 server 组解析 | 无 | nameserver /domain/[group\|-], group 为组名,- 表示忽略此规则,配套 server 中的 -group 参数使用 | nameserver /www.example.com/office |
|
||||||
| ipset | 域名 ipset | 无 | ipset /domain/[ipset\|-\|#[4\|6]:[ipset\|-][,#[4\|6]:[ipset\|-]]],-表示忽略 | ipset /www.example.com/#4:dns4,#6:- |
|
| ipset | 域名 ipset | 无 | ipset /domain/[ipset\|-\|#[4\|6]:[ipset\|-][,#[4\|6]:[ipset\|-]]],-表示忽略 | ipset /www.example.com/#4:dns4,#6:- |
|
||||||
|
|||||||
@@ -513,7 +513,7 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
|
|||||||
|server-tcp|Upstream TCP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tcp 8.8.8.8:53
|
|server-tcp|Upstream TCP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tcp 8.8.8.8:53
|
||||||
|server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tls 8.8.8.8:853
|
|server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tls 8.8.8.8:853
|
||||||
|server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name<br>`[-http-host]`:http header host. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-https https://cloudflare-dns.com/dns-query
|
|server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name<br>`[-http-host]`:http header host. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-https https://cloudflare-dns.com/dns-query
|
||||||
|speed-check-mode|Speed mode|None|[ping\|tcp:[80]\|none]|speed-check-mode ping,tcp:443
|
|speed-check-mode|Speed mode|None|[ping\|tcp:[80]\|none]|speed-check-mode ping,tcp:80,tcp:443
|
||||||
|address|Domain IP address|None|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6], `-` for ignore, `#` for return SOA, `4` for IPV4, `6` for IPV6| address /www.example.com/1.2.3.4
|
|address|Domain IP address|None|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6], `-` for ignore, `#` for return SOA, `4` for IPV4, `6` for IPV6| address /www.example.com/1.2.3.4
|
||||||
|nameserver|To query domain with specific server group|None|nameserver /domain/[group\|-], `group` is the group name, `-` means ignore this rule, use the `-group` parameter in the related server|nameserver /www.example.com/office
|
|nameserver|To query domain with specific server group|None|nameserver /domain/[group\|-], `group` is the group name, `-` means ignore this rule, use the `-group` parameter in the related server|nameserver /www.example.com/office
|
||||||
|ipset|Domain IPSet|None|ipset /domain/[ipset\|-\|#[4\|6]:[ipset\|-][,#[4\|6]:[ipset\|-]]], `-` for ignore|ipset /www.example.com/#4:dns4,#6:-
|
|ipset|Domain IPSet|None|ipset /domain/[ipset\|-\|#[4\|6]:[ipset\|-][,#[4\|6]:[ipset\|-]]], `-` for ignore|ipset /www.example.com/#4:dns4,#6:-
|
||||||
|
|||||||
@@ -77,7 +77,7 @@ cache-size 4096
|
|||||||
# speed check mode
|
# speed check mode
|
||||||
# speed-check-mode [ping|tcp:port|none|,]
|
# speed-check-mode [ping|tcp:port|none|,]
|
||||||
# example:
|
# example:
|
||||||
# speed-check-mode ping,tcp:80
|
# speed-check-mode ping,tcp:80,tcp:443
|
||||||
# speed-check-mode tcp:443,ping
|
# speed-check-mode tcp:443,ping
|
||||||
# speed-check-mode none
|
# speed-check-mode none
|
||||||
|
|
||||||
|
|||||||
@@ -71,9 +71,10 @@ struct dns_servers dns_conf_servers[DNS_MAX_SERVERS];
|
|||||||
char dns_conf_server_name[DNS_MAX_SERVER_NAME_LEN];
|
char dns_conf_server_name[DNS_MAX_SERVER_NAME_LEN];
|
||||||
int dns_conf_server_num;
|
int dns_conf_server_num;
|
||||||
|
|
||||||
struct dns_domain_check_order dns_conf_check_order = {
|
struct dns_domain_check_order dns_conf_check_order[DOMAIN_CHECK_NUM] = {
|
||||||
.order = {DOMAIN_CHECK_ICMP, DOMAIN_CHECK_TCP},
|
{.type = DOMAIN_CHECK_ICMP, .tcp_port = 0},
|
||||||
.tcp_port = 80,
|
{.type = DOMAIN_CHECK_TCP, .tcp_port = 80},
|
||||||
|
{.type = DOMAIN_CHECK_TCP, .tcp_port = 443},
|
||||||
};
|
};
|
||||||
int dns_has_cap_ping = 0;
|
int dns_has_cap_ping = 0;
|
||||||
|
|
||||||
@@ -825,7 +826,7 @@ errout:
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int _config_speed_check_mode_parser(struct dns_domain_check_order *check_order, const char *mode)
|
static int _config_speed_check_mode_parser(struct dns_domain_check_order check_order[], const char *mode)
|
||||||
{
|
{
|
||||||
char tmpbuff[DNS_MAX_OPT_LEN];
|
char tmpbuff[DNS_MAX_OPT_LEN];
|
||||||
char *field;
|
char *field;
|
||||||
@@ -856,7 +857,8 @@ static int _config_speed_check_mode_parser(struct dns_domain_check_order *check_
|
|||||||
}
|
}
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
check_order->order[order] = DOMAIN_CHECK_ICMP;
|
check_order[order].type = DOMAIN_CHECK_ICMP;
|
||||||
|
check_order[order].tcp_port = 0;
|
||||||
} else if (strstr(field, "tcp") == field) {
|
} else if (strstr(field, "tcp") == field) {
|
||||||
char *port_str = strstr(field, ":");
|
char *port_str = strstr(field, ":");
|
||||||
if (port_str) {
|
if (port_str) {
|
||||||
@@ -866,12 +868,12 @@ static int _config_speed_check_mode_parser(struct dns_domain_check_order *check_
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
check_order->order[order] = DOMAIN_CHECK_TCP;
|
check_order[order].type = DOMAIN_CHECK_TCP;
|
||||||
check_order->tcp_port = port;
|
check_order[order].tcp_port = port;
|
||||||
} else if (strncmp(field, "none", sizeof("none")) == 0) {
|
} else if (strncmp(field, "none", sizeof("none")) == 0) {
|
||||||
check_order->order[order] = DOMAIN_CHECK_NONE;
|
for (i = order; i < DOMAIN_CHECK_NUM; i++) {
|
||||||
for (i = order + 1; i < DOMAIN_CHECK_NUM; i++) {
|
check_order[i].type = DOMAIN_CHECK_NONE;
|
||||||
check_order->order[i] = DOMAIN_CHECK_NONE;
|
check_order[i].tcp_port = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@@ -895,7 +897,7 @@ static int _config_speed_check_mode(void *data, int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
safe_strncpy(mode, argv[1], sizeof(mode));
|
safe_strncpy(mode, argv[1], sizeof(mode));
|
||||||
return _config_speed_check_mode_parser(&dns_conf_check_order, mode);
|
return _config_speed_check_mode_parser(dns_conf_check_order, mode);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
|
static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
|
||||||
@@ -1983,11 +1985,13 @@ static int _dns_conf_speed_check_mode_verify(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < DOMAIN_CHECK_NUM; i++) {
|
for (i = 0; i < DOMAIN_CHECK_NUM; i++) {
|
||||||
if (dns_conf_check_order.order[i] == DOMAIN_CHECK_ICMP) {
|
if (dns_conf_check_order[i].type == DOMAIN_CHECK_ICMP) {
|
||||||
for (j = i + 1; j < DOMAIN_CHECK_NUM; j++) {
|
for (j = i + 1; j < DOMAIN_CHECK_NUM; j++) {
|
||||||
dns_conf_check_order.order[j - 1] = dns_conf_check_order.order[j];
|
dns_conf_check_order[j - 1].type = dns_conf_check_order[j].type;
|
||||||
|
dns_conf_check_order[j - 1].tcp_port = dns_conf_check_order[j].tcp_port;
|
||||||
}
|
}
|
||||||
dns_conf_check_order.order[j - 1] = DOMAIN_CHECK_NONE;
|
dns_conf_check_order[j - 1].type = DOMAIN_CHECK_NONE;
|
||||||
|
dns_conf_check_order[j - 1].tcp_port = 0;
|
||||||
print_log = 1;
|
print_log = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -73,7 +73,7 @@ typedef enum {
|
|||||||
#define DOMAIN_CHECK_NONE 0
|
#define DOMAIN_CHECK_NONE 0
|
||||||
#define DOMAIN_CHECK_ICMP 1
|
#define DOMAIN_CHECK_ICMP 1
|
||||||
#define DOMAIN_CHECK_TCP 2
|
#define DOMAIN_CHECK_TCP 2
|
||||||
#define DOMAIN_CHECK_NUM 2
|
#define DOMAIN_CHECK_NUM 3
|
||||||
|
|
||||||
#define DOMAIN_FLAG_ADDR_SOA (1 << 0)
|
#define DOMAIN_FLAG_ADDR_SOA (1 << 0)
|
||||||
#define DOMAIN_FLAG_ADDR_IPV4_SOA (1 << 1)
|
#define DOMAIN_FLAG_ADDR_IPV4_SOA (1 << 1)
|
||||||
@@ -138,7 +138,7 @@ struct dns_server_groups {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct dns_domain_check_order {
|
struct dns_domain_check_order {
|
||||||
char order[DOMAIN_CHECK_NUM];
|
char type;
|
||||||
unsigned short tcp_port;
|
unsigned short tcp_port;
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -272,7 +272,7 @@ extern char dns_conf_ca_path[DNS_MAX_PATH];
|
|||||||
extern char dns_conf_cache_file[DNS_MAX_PATH];
|
extern char dns_conf_cache_file[DNS_MAX_PATH];
|
||||||
extern int dns_conf_cache_persist;
|
extern int dns_conf_cache_persist;
|
||||||
|
|
||||||
extern struct dns_domain_check_order dns_conf_check_order;
|
extern struct dns_domain_check_order dns_conf_check_order[DOMAIN_CHECK_NUM];
|
||||||
|
|
||||||
extern struct dns_server_groups dns_conf_server_groups[DNS_NAX_GROUP_NUMBER];
|
extern struct dns_server_groups dns_conf_server_groups[DNS_NAX_GROUP_NUMBER];
|
||||||
extern int dns_conf_server_group_num;
|
extern int dns_conf_server_group_num;
|
||||||
|
|||||||
108
src/dns_server.c
108
src/dns_server.c
@@ -48,10 +48,10 @@
|
|||||||
#define DNS_SERVER_TMOUT_TTL (5 * 60)
|
#define DNS_SERVER_TMOUT_TTL (5 * 60)
|
||||||
#define DNS_SERVER_FAIL_TTL (60)
|
#define DNS_SERVER_FAIL_TTL (60)
|
||||||
#define DNS_CONN_BUFF_SIZE 4096
|
#define DNS_CONN_BUFF_SIZE 4096
|
||||||
#define DNS_REQUEST_MAX_TIMEOUT 850
|
#define DNS_REQUEST_MAX_TIMEOUT 900
|
||||||
#define DNS_PING_TIMEOUT (DNS_REQUEST_MAX_TIMEOUT)
|
#define DNS_PING_TIMEOUT (DNS_REQUEST_MAX_TIMEOUT)
|
||||||
#define DNS_TCPPING_START (300)
|
#define DNS_PING_CHECK_INTERVAL (250)
|
||||||
#define DNS_PING_SECOND_TIMEOUT (DNS_REQUEST_MAX_TIMEOUT - DNS_TCPPING_START)
|
#define DNS_PING_SECOND_TIMEOUT (DNS_REQUEST_MAX_TIMEOUT - DNS_PING_CHECK_INTERVAL)
|
||||||
#define SOCKET_IP_TOS (IPTOS_LOWDELAY | IPTOS_RELIABILITY)
|
#define SOCKET_IP_TOS (IPTOS_LOWDELAY | IPTOS_RELIABILITY)
|
||||||
#define SOCKET_PRIORITY (6)
|
#define SOCKET_PRIORITY (6)
|
||||||
#define CACHE_AUTO_ENABLE_SIZE (1024 * 1024 * 128)
|
#define CACHE_AUTO_ENABLE_SIZE (1024 * 1024 * 128)
|
||||||
@@ -231,6 +231,7 @@ struct dns_request {
|
|||||||
|
|
||||||
struct dns_domain_rule domain_rule;
|
struct dns_domain_rule domain_rule;
|
||||||
struct dns_domain_check_order *check_order_list;
|
struct dns_domain_check_order *check_order_list;
|
||||||
|
int check_order;
|
||||||
|
|
||||||
struct dns_request_pending_list *request_pending_list;
|
struct dns_request_pending_list *request_pending_list;
|
||||||
};
|
};
|
||||||
@@ -1079,8 +1080,7 @@ errout:
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int _dns_cache_specify_packet(struct dns_server_post_context *context)
|
||||||
static int _dns_cache_specify_packet(struct dns_server_post_context *context)
|
|
||||||
{
|
{
|
||||||
switch (context->qtype) {
|
switch (context->qtype) {
|
||||||
case DNS_T_PTR:
|
case DNS_T_PTR:
|
||||||
@@ -1232,7 +1232,8 @@ static int _dns_request_post(struct dns_server_post_context *context)
|
|||||||
struct dns_request *request = context->request;
|
struct dns_request *request = context->request;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
tlog(TLOG_DEBUG, "reply %s qtype: %d, rcode: %d", request->domain, request->qtype, context->packet->head.rcode);
|
tlog(TLOG_DEBUG, "reply %s qtype: %d, rcode: %d, reply: %d", request->domain, request->qtype,
|
||||||
|
context->packet->head.rcode, context->do_reply);
|
||||||
|
|
||||||
if (request->conn == NULL) {
|
if (request->conn == NULL) {
|
||||||
context->do_reply = 0;
|
context->do_reply = 0;
|
||||||
@@ -1463,7 +1464,7 @@ static int _dns_server_request_complete(struct dns_request *request)
|
|||||||
if (request->rcode == DNS_RC_SERVFAIL || request->rcode == DNS_RC_NXDOMAIN) {
|
if (request->rcode == DNS_RC_SERVFAIL || request->rcode == DNS_RC_NXDOMAIN) {
|
||||||
ttl = DNS_SERVER_FAIL_TTL;
|
ttl = DNS_SERVER_FAIL_TTL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (request->prefetch == 1) {
|
if (request->prefetch == 1) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -1854,7 +1855,7 @@ static struct dns_request *_dns_server_new_request(void)
|
|||||||
request->rcode = DNS_RC_SERVFAIL;
|
request->rcode = DNS_RC_SERVFAIL;
|
||||||
request->conn = NULL;
|
request->conn = NULL;
|
||||||
request->result_callback = NULL;
|
request->result_callback = NULL;
|
||||||
request->check_order_list = &dns_conf_check_order;
|
request->check_order_list = dns_conf_check_order;
|
||||||
INIT_LIST_HEAD(&request->list);
|
INIT_LIST_HEAD(&request->list);
|
||||||
hash_init(request->ip_map);
|
hash_init(request->ip_map);
|
||||||
_dns_server_request_get(request);
|
_dns_server_request_get(request);
|
||||||
@@ -1882,6 +1883,7 @@ static void _dns_server_ping_result(struct ping_host_struct *ping_host, const ch
|
|||||||
fast_ping_stop(ping_host);
|
fast_ping_stop(ping_host);
|
||||||
return;
|
return;
|
||||||
} else if (result == PING_RESULT_TIMEOUT) {
|
} else if (result == PING_RESULT_TIMEOUT) {
|
||||||
|
tlog(TLOG_DEBUG, "ping %s timeout", host);
|
||||||
return;
|
return;
|
||||||
} else if (result == PING_RESULT_ERROR) {
|
} else if (result == PING_RESULT_ERROR) {
|
||||||
if (addr->sa_family != AF_INET6) {
|
if (addr->sa_family != AF_INET6) {
|
||||||
@@ -2016,27 +2018,37 @@ static int _dns_server_ping(struct dns_request *request, PING_TYPE type, char *i
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int _dns_server_check_speed(struct dns_request *request, char *ip, int mode_order, int timeout)
|
static int _dns_server_check_speed(struct dns_request *request, char *ip)
|
||||||
{
|
{
|
||||||
char tcp_ip[DNS_MAX_CNAME_LEN] = {0};
|
char tcp_ip[DNS_MAX_CNAME_LEN] = {0};
|
||||||
int port = 80;
|
int port = 80;
|
||||||
int type = DOMAIN_CHECK_NONE;
|
int type = DOMAIN_CHECK_NONE;
|
||||||
|
int order = request->check_order;
|
||||||
|
int ping_timeout = DNS_PING_TIMEOUT;
|
||||||
|
unsigned long now = get_tick_count();
|
||||||
|
|
||||||
if (mode_order >= DOMAIN_CHECK_NUM || request->check_order_list == NULL) {
|
if (order >= DOMAIN_CHECK_NUM || request->check_order_list == NULL) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
port = request->check_order_list->tcp_port;
|
ping_timeout = ping_timeout - (now - request->send_tick);
|
||||||
type = request->check_order_list->order[mode_order];
|
if (ping_timeout > DNS_PING_TIMEOUT) {
|
||||||
|
ping_timeout = DNS_PING_TIMEOUT;
|
||||||
|
} else if (ping_timeout < 10) {
|
||||||
|
ping_timeout = 10;
|
||||||
|
}
|
||||||
|
|
||||||
|
port = request->check_order_list[order].tcp_port;
|
||||||
|
type = request->check_order_list[order].type;
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case DOMAIN_CHECK_ICMP:
|
case DOMAIN_CHECK_ICMP:
|
||||||
tlog(TLOG_DEBUG, "ping %s with icmp", ip);
|
tlog(TLOG_DEBUG, "ping %s with icmp, order: %d, timeout: %d", ip, order, ping_timeout);
|
||||||
return _dns_server_ping(request, PING_TYPE_ICMP, ip, timeout);
|
return _dns_server_ping(request, PING_TYPE_ICMP, ip, ping_timeout);
|
||||||
break;
|
break;
|
||||||
case DOMAIN_CHECK_TCP:
|
case DOMAIN_CHECK_TCP:
|
||||||
snprintf(tcp_ip, sizeof(tcp_ip), "%s:%d", ip, port);
|
snprintf(tcp_ip, sizeof(tcp_ip), "%s:%d", ip, port);
|
||||||
tlog(TLOG_DEBUG, "ping %s with tcp", tcp_ip);
|
tlog(TLOG_DEBUG, "ping %s with tcp, order: %d, timeout: %d", tcp_ip, order, ping_timeout);
|
||||||
return _dns_server_ping(request, PING_TYPE_TCP, tcp_ip, timeout);
|
return _dns_server_ping(request, PING_TYPE_TCP, tcp_ip, ping_timeout);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
@@ -2132,7 +2144,7 @@ static int _dns_server_is_adblock_ipv6(unsigned char addr[16])
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int _dns_server_process_answer_A(struct dns_rrs *rrs, struct dns_request *request, char *domain, char *cname,
|
static int _dns_server_process_answer_A(struct dns_rrs *rrs, struct dns_request *request, char *domain, char *cname,
|
||||||
unsigned int result_flag, int ping_timeout)
|
unsigned int result_flag)
|
||||||
{
|
{
|
||||||
int ttl;
|
int ttl;
|
||||||
int ip_check_result = 0;
|
int ip_check_result = 0;
|
||||||
@@ -2186,8 +2198,8 @@ static int _dns_server_process_answer_A(struct dns_rrs *rrs, struct dns_request
|
|||||||
|
|
||||||
/* Ad blocking result */
|
/* Ad blocking result */
|
||||||
if (addr[0] == 0 || addr[0] == 127) {
|
if (addr[0] == 0 || addr[0] == 127) {
|
||||||
/* If half of the servers return the same result, then the domain name result is the IP address. */
|
/* If half of the servers return the same result, then ignore this address */
|
||||||
if (atomic_inc_return(&request->adblock) <= dns_server_num() / 2) {
|
if (atomic_inc_return(&request->adblock) <= (dns_server_num() / 2 + dns_server_num() % 2)) {
|
||||||
_dns_server_request_release(request);
|
_dns_server_request_release(request);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -2202,7 +2214,7 @@ static int _dns_server_process_answer_A(struct dns_rrs *rrs, struct dns_request
|
|||||||
sprintf(ip, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
|
sprintf(ip, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
|
||||||
|
|
||||||
/* start ping */
|
/* start ping */
|
||||||
if (_dns_server_check_speed(request, ip, 0, ping_timeout) != 0) {
|
if (_dns_server_check_speed(request, ip) != 0) {
|
||||||
_dns_server_request_release(request);
|
_dns_server_request_release(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2210,7 +2222,7 @@ static int _dns_server_process_answer_A(struct dns_rrs *rrs, struct dns_request
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int _dns_server_process_answer_AAAA(struct dns_rrs *rrs, struct dns_request *request, char *domain, char *cname,
|
static int _dns_server_process_answer_AAAA(struct dns_rrs *rrs, struct dns_request *request, char *domain, char *cname,
|
||||||
unsigned int result_flag, int ping_timeout)
|
unsigned int result_flag)
|
||||||
{
|
{
|
||||||
unsigned char addr[16];
|
unsigned char addr[16];
|
||||||
char name[DNS_MAX_CNAME_LEN] = {0};
|
char name[DNS_MAX_CNAME_LEN] = {0};
|
||||||
@@ -2262,8 +2274,8 @@ static int _dns_server_process_answer_AAAA(struct dns_rrs *rrs, struct dns_reque
|
|||||||
|
|
||||||
/* Ad blocking result */
|
/* Ad blocking result */
|
||||||
if (_dns_server_is_adblock_ipv6(addr) == 0) {
|
if (_dns_server_is_adblock_ipv6(addr) == 0) {
|
||||||
/* If half of the servers return the same result, then the domain name result is the IP address. */
|
/* If half of the servers return the same result, then ignore this address */
|
||||||
if (atomic_inc_return(&request->adblock) <= dns_server_num() / 2) {
|
if (atomic_inc_return(&request->adblock) <= (dns_server_num() / 2 + dns_server_num() % 2)) {
|
||||||
_dns_server_request_release(request);
|
_dns_server_request_release(request);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -2280,7 +2292,7 @@ static int _dns_server_process_answer_AAAA(struct dns_rrs *rrs, struct dns_reque
|
|||||||
addr[14], addr[15]);
|
addr[14], addr[15]);
|
||||||
|
|
||||||
/* start ping */
|
/* start ping */
|
||||||
if (_dns_server_check_speed(request, ip, 0, ping_timeout) != 0) {
|
if (_dns_server_check_speed(request, ip) != 0) {
|
||||||
_dns_server_request_release(request);
|
_dns_server_request_release(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2297,8 +2309,6 @@ static int _dns_server_process_answer(struct dns_request *request, char *domain,
|
|||||||
int i = 0;
|
int i = 0;
|
||||||
int j = 0;
|
int j = 0;
|
||||||
struct dns_rrs *rrs = NULL;
|
struct dns_rrs *rrs = NULL;
|
||||||
int ping_timeout = DNS_PING_TIMEOUT;
|
|
||||||
unsigned long now = get_tick_count();
|
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
if (packet->head.rcode != DNS_RC_NOERROR && packet->head.rcode != DNS_RC_NXDOMAIN) {
|
if (packet->head.rcode != DNS_RC_NOERROR && packet->head.rcode != DNS_RC_NXDOMAIN) {
|
||||||
@@ -2310,19 +2320,12 @@ static int _dns_server_process_answer(struct dns_request *request, char *domain,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
ping_timeout = ping_timeout - (now - request->send_tick);
|
|
||||||
if (ping_timeout > DNS_PING_TIMEOUT) {
|
|
||||||
ping_timeout = DNS_PING_TIMEOUT;
|
|
||||||
} else if (ping_timeout < 10) {
|
|
||||||
ping_timeout = 10;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (j = 1; j < DNS_RRS_END; j++) {
|
for (j = 1; j < DNS_RRS_END; j++) {
|
||||||
rrs = dns_get_rrs_start(packet, j, &rr_count);
|
rrs = dns_get_rrs_start(packet, j, &rr_count);
|
||||||
for (i = 0; i < rr_count && rrs; i++, rrs = dns_get_rrs_next(packet, rrs)) {
|
for (i = 0; i < rr_count && rrs; i++, rrs = dns_get_rrs_next(packet, rrs)) {
|
||||||
switch (rrs->type) {
|
switch (rrs->type) {
|
||||||
case DNS_T_A: {
|
case DNS_T_A: {
|
||||||
ret = _dns_server_process_answer_A(rrs, request, domain, cname, result_flag, ping_timeout);
|
ret = _dns_server_process_answer_A(rrs, request, domain, cname, result_flag);
|
||||||
if (ret == -1) {
|
if (ret == -1) {
|
||||||
break;
|
break;
|
||||||
} else if (ret == -2) {
|
} else if (ret == -2) {
|
||||||
@@ -2331,7 +2334,7 @@ static int _dns_server_process_answer(struct dns_request *request, char *domain,
|
|||||||
request->rcode = packet->head.rcode;
|
request->rcode = packet->head.rcode;
|
||||||
} break;
|
} break;
|
||||||
case DNS_T_AAAA: {
|
case DNS_T_AAAA: {
|
||||||
ret = _dns_server_process_answer_AAAA(rrs, request, domain, cname, result_flag, ping_timeout);
|
ret = _dns_server_process_answer_AAAA(rrs, request, domain, cname, result_flag);
|
||||||
if (ret == -1) {
|
if (ret == -1) {
|
||||||
break;
|
break;
|
||||||
} else if (ret == -2) {
|
} else if (ret == -2) {
|
||||||
@@ -2644,6 +2647,8 @@ static int dns_server_resolve_callback(char *domain, dns_result_type rtype, unsi
|
|||||||
} else {
|
} else {
|
||||||
pthread_mutex_lock(&request->ip_map_lock);
|
pthread_mutex_lock(&request->ip_map_lock);
|
||||||
ip_num = request->ip_map_num;
|
ip_num = request->ip_map_num;
|
||||||
|
/* if adblock ip address exist */
|
||||||
|
ip_num += atomic_read(&request->adblock) == 0 ? 0 : 1;
|
||||||
request_wait = request->request_wait;
|
request_wait = request->request_wait;
|
||||||
request->request_wait--;
|
request->request_wait--;
|
||||||
pthread_mutex_unlock(&request->ip_map_lock);
|
pthread_mutex_unlock(&request->ip_map_lock);
|
||||||
@@ -3451,11 +3456,11 @@ void _dns_server_check_ipv6_ready(void)
|
|||||||
|
|
||||||
if (do_get_conf == 0) {
|
if (do_get_conf == 0) {
|
||||||
for (i = 0; i < DOMAIN_CHECK_NUM; i++) {
|
for (i = 0; i < DOMAIN_CHECK_NUM; i++) {
|
||||||
if (dns_conf_check_order.order[i] == DOMAIN_CHECK_ICMP) {
|
if (dns_conf_check_order[i].type == DOMAIN_CHECK_ICMP) {
|
||||||
is_icmp_check_set = 1;
|
is_icmp_check_set = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dns_conf_check_order.order[i] == DOMAIN_CHECK_TCP) {
|
if (dns_conf_check_order[i].type == DOMAIN_CHECK_TCP) {
|
||||||
is_tcp_check_set = 1;
|
is_tcp_check_set = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -3616,7 +3621,7 @@ static const char *_dns_server_get_request_groupname(struct dns_request *request
|
|||||||
|
|
||||||
static void _dns_server_check_set_passthrough(struct dns_request *request)
|
static void _dns_server_check_set_passthrough(struct dns_request *request)
|
||||||
{
|
{
|
||||||
if (request->check_order_list->order[0] == DOMAIN_CHECK_NONE) {
|
if (request->check_order_list[0].type == DOMAIN_CHECK_NONE) {
|
||||||
request->passthrough = 1;
|
request->passthrough = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4321,18 +4326,15 @@ static int _dns_server_process(struct dns_server_conn_head *conn, struct epoll_e
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void _dns_server_second_ping_check(struct dns_request *request)
|
static int _dns_server_second_ping_check(struct dns_request *request)
|
||||||
{
|
{
|
||||||
struct dns_ip_address *addr_map;
|
struct dns_ip_address *addr_map;
|
||||||
int bucket = 0;
|
int bucket = 0;
|
||||||
char ip[DNS_MAX_CNAME_LEN] = {0};
|
char ip[DNS_MAX_CNAME_LEN] = {0};
|
||||||
|
int ret = -1;
|
||||||
|
|
||||||
if (request->has_ping_result) {
|
if (request->has_ping_result) {
|
||||||
return;
|
return ret;
|
||||||
}
|
|
||||||
|
|
||||||
if (request->has_ping_tcp) {
|
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* start tcping */
|
/* start tcping */
|
||||||
@@ -4344,7 +4346,8 @@ static void _dns_server_second_ping_check(struct dns_request *request)
|
|||||||
_dns_server_request_get(request);
|
_dns_server_request_get(request);
|
||||||
sprintf(ip, "%d.%d.%d.%d", addr_map->ipv4_addr[0], addr_map->ipv4_addr[1], addr_map->ipv4_addr[2],
|
sprintf(ip, "%d.%d.%d.%d", addr_map->ipv4_addr[0], addr_map->ipv4_addr[1], addr_map->ipv4_addr[2],
|
||||||
addr_map->ipv4_addr[3]);
|
addr_map->ipv4_addr[3]);
|
||||||
if (_dns_server_check_speed(request, ip, 1, DNS_PING_SECOND_TIMEOUT) != 0) {
|
ret = _dns_server_check_speed(request, ip);
|
||||||
|
if (ret != 0) {
|
||||||
_dns_server_request_release(request);
|
_dns_server_request_release(request);
|
||||||
}
|
}
|
||||||
} break;
|
} break;
|
||||||
@@ -4355,8 +4358,8 @@ static void _dns_server_second_ping_check(struct dns_request *request)
|
|||||||
addr_map->ipv6_addr[4], addr_map->ipv6_addr[5], addr_map->ipv6_addr[6], addr_map->ipv6_addr[7],
|
addr_map->ipv6_addr[4], addr_map->ipv6_addr[5], addr_map->ipv6_addr[6], addr_map->ipv6_addr[7],
|
||||||
addr_map->ipv6_addr[8], addr_map->ipv6_addr[9], addr_map->ipv6_addr[10], addr_map->ipv6_addr[11],
|
addr_map->ipv6_addr[8], addr_map->ipv6_addr[9], addr_map->ipv6_addr[10], addr_map->ipv6_addr[11],
|
||||||
addr_map->ipv6_addr[12], addr_map->ipv6_addr[13], addr_map->ipv6_addr[14], addr_map->ipv6_addr[15]);
|
addr_map->ipv6_addr[12], addr_map->ipv6_addr[13], addr_map->ipv6_addr[14], addr_map->ipv6_addr[15]);
|
||||||
|
ret = _dns_server_check_speed(request, ip);
|
||||||
if (_dns_server_check_speed(request, ip, 1, DNS_PING_SECOND_TIMEOUT) != 0) {
|
if (ret != 0) {
|
||||||
_dns_server_request_release(request);
|
_dns_server_request_release(request);
|
||||||
}
|
}
|
||||||
} break;
|
} break;
|
||||||
@@ -4366,7 +4369,7 @@ static void _dns_server_second_ping_check(struct dns_request *request)
|
|||||||
}
|
}
|
||||||
pthread_mutex_unlock(&request->ip_map_lock);
|
pthread_mutex_unlock(&request->ip_map_lock);
|
||||||
|
|
||||||
request->has_ping_tcp = 1;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void _dns_server_prefetch_domain(struct dns_cache *dns_cache)
|
static void _dns_server_prefetch_domain(struct dns_cache *dns_cache)
|
||||||
@@ -4468,17 +4471,20 @@ static void _dns_server_period_run(void)
|
|||||||
list_for_each_entry_safe(request, tmp, &server.request_list, list)
|
list_for_each_entry_safe(request, tmp, &server.request_list, list)
|
||||||
{
|
{
|
||||||
/* Need to use tcping detection speed */
|
/* Need to use tcping detection speed */
|
||||||
if (request->send_tick < now - DNS_TCPPING_START && request->has_ping_tcp == 0) {
|
int check_order = request->check_order + 1;
|
||||||
|
if (request->send_tick < now - (check_order * DNS_PING_CHECK_INTERVAL) && request->has_ping_result == 0) {
|
||||||
_dns_server_request_get(request);
|
_dns_server_request_get(request);
|
||||||
list_add_tail(&request->check_list, &check_list);
|
list_add_tail(&request->check_list, &check_list);
|
||||||
|
request->check_order++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
pthread_mutex_unlock(&server.request_list_lock);
|
pthread_mutex_unlock(&server.request_list_lock);
|
||||||
|
|
||||||
list_for_each_entry_safe(request, tmp, &check_list, check_list)
|
list_for_each_entry_safe(request, tmp, &check_list, check_list)
|
||||||
{
|
{
|
||||||
_dns_server_second_ping_check(request);
|
if (_dns_server_second_ping_check(request) != 0) {
|
||||||
_dns_server_request_remove(request);
|
_dns_server_request_remove(request);
|
||||||
|
}
|
||||||
list_del_init(&request->check_list);
|
list_del_init(&request->check_list);
|
||||||
_dns_server_request_release(request);
|
_dns_server_request_release(request);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -390,8 +390,7 @@ static void _fast_ping_host_put(struct ping_host_struct *ping_host)
|
|||||||
ping_host->seq, ping_host->ttl, &tv, ping_host->error, ping_host->userptr);
|
ping_host->seq, ping_host->ttl, &tv, ping_host->error, ping_host->userptr);
|
||||||
}
|
}
|
||||||
|
|
||||||
tlog(TLOG_DEBUG, "ping end, id %d", ping_host->sid);
|
tlog(TLOG_DEBUG, "ping %s end, id %d", ping_host->host, ping_host->sid);
|
||||||
// memset(ping_host, 0, sizeof(*ping_host));
|
|
||||||
ping_host->type = FAST_PING_END;
|
ping_host->type = FAST_PING_END;
|
||||||
free(ping_host);
|
free(ping_host);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user