dns_client: avoid disconnect with server after query complete

fix  Download/default is missing the FILE field..  Stop. error on openwrt

.clang-format

@@ -7,3 +7,4 @@ UseTab: ForContinuationAndIndentation
 MaxEmptyLinesToKeep: 1
 AllowShortFunctionsOnASingleLine: Empty
 BreakBeforeBraces: Linux
+ColumnLimit: 120

Dockerfile

@@ -0,0 +1,18 @@
+ FROM debian:buster-slim
+
+ RUN apt update && \
+     apt install -y git make gcc libssl-dev && \
+     git clone https://github.com/pymumu/smartdns.git --depth 1 && \
+     cd smartdns && \
+     sh ./package/build-pkg.sh --platform debian --arch `dpkg --print-architecture` && \
+     dpkg -i package/*.deb && \
+     cd / && \
+     rm -rf smartdns/ && \
+     apt autoremove -y git make gcc libssl-dev && \
+     apt clean && \
+     rm -rf /var/lib/apt/lists/*
+
+ EXPOSE 53/udp
+ VOLUME "/etc/smartdns/"
+
+ CMD ["/usr/sbin/smartdns", "-f"]

LICENSE

@@ -1,21 +1,23 @@
-                    GNU AFFERO GENERAL PUBLIC LICENSE
+                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 19 November 2007
+                       Version 3, 29 June 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
                             Preamble
 
-  The GNU Affero General Public License is a free, copyleft license for
+  The GNU General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
+software and other kinds of works.
-cooperation with the community in the case of network server software.
 
   The licenses for most software and other practical works are designed
 to take away your freedom to share and change the works.  By contrast,
-our General Public Licenses are intended to guarantee your freedom to
+the GNU General Public License is intended to guarantee your freedom to
 share and change all versions of a program--to make sure it remains free
-software for all its users.
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
 
   When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@@ -24,34 +26,44 @@ them if you wish), that you receive source code or can get it if you
 want it, that you can change the software or use pieces of it in new
 free programs, and that you know you can do these things.
 
-  Developers that use our General Public Licenses protect your rights
+  To protect your rights, we need to prevent others from denying you
-with two steps: (1) assert copyright on the software, and (2) offer
+these rights or asking you to surrender the rights.  Therefore, you have
-you this License which gives you legal permission to copy, distribute
+certain responsibilities if you distribute copies of the software, or if
-and/or modify the software.
+you modify it: responsibilities to respect the freedom of others.
 
-  A secondary benefit of defending all users' freedom is that
+  For example, if you distribute copies of such a program, whether
-improvements made in alternate versions of the program, if they
+gratis or for a fee, you must pass on to the recipients the same
-receive widespread use, become available for other developers to
+freedoms that you received.  You must make sure that they, too, receive
-incorporate.  Many developers of free software are heartened and
+or can get the source code.  And you must show them these terms so they
-encouraged by the resulting cooperation.  However, in the case of
+know their rights.
-software used on network servers, this result may fail to come about.
-The GNU General Public License permits making a modified version and
-letting the public access it on a server without ever releasing its
-source code to the public.
 
-  The GNU Affero General Public License is designed specifically to
+  Developers that use the GNU GPL protect your rights with two steps:
-ensure that, in such cases, the modified source code becomes available
+(1) assert copyright on the software, and (2) offer you this License
-to the community.  It requires the operator of a network server to
+giving you legal permission to copy, distribute and/or modify it.
-provide the source code of the modified version running there to the
-users of that server.  Therefore, public use of a modified version, on
-a publicly accessible server, gives the public access to the source
-code of the modified version.
 
-  An older license, called the Affero General Public License and
+  For the developers' and authors' protection, the GPL clearly explains
-published by Affero, was designed to accomplish similar goals.  This is
+that there is no warranty for this free software.  For both users' and
-a different license, not a version of the Affero GPL, but Affero has
+authors' sake, the GPL requires that modified versions be marked as
-released a new version of the Affero GPL which permits relicensing under
+changed, so that their problems will not be attributed erroneously to
-this license.
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
 
   The precise terms and conditions for copying, distribution and
 modification follow.
@@ -60,7 +72,7 @@ modification follow.
 
   0. Definitions.
 
-  "This License" refers to version 3 of the GNU Affero General Public License.
+  "This License" refers to version 3 of the GNU General Public License.
 
   "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
@@ -537,45 +549,35 @@ to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.
 
-  13. Remote Network Interaction; Use with the GNU General Public License.
+  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, if you modify the
-Program, your modified version must prominently offer all users
-interacting with it remotely through a computer network (if your version
-supports such interaction) an opportunity to receive the Corresponding
-Source of your version by providing access to the Corresponding Source
-from a network server at no charge, through some standard or customary
-means of facilitating copying of software.  This Corresponding Source
-shall include the Corresponding Source for any work covered by version 3
-of the GNU General Public License that is incorporated pursuant to the
-following paragraph.
 
   Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
+under version 3 of the GNU Affero General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
+but the special requirements of the GNU Affero General Public License,
-3 of the GNU General Public License.
+section 13, concerning interaction through a network will apply to the
+combination as such.
 
   14. Revised Versions of this License.
 
   The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
+the GNU General Public License from time to time.  Such new versions will
-will be similar in spirit to the present version, but may differ in detail to
+be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
 
   Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
+Program specifies that a certain numbered version of the GNU General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
+GNU General Public License, you may choose any version ever published
 by the Free Software Foundation.
 
   If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
+versions of the GNU General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.
 
@@ -633,29 +635,40 @@ the "copyright" line and a pointer to where the full notice is found.
     Copyright (C) <year>  <name of author>
 
     This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
+    it under the terms of the GNU General Public License as published by
-    by the Free Software Foundation, either version 3 of the License, or
+    the Free Software Foundation, either version 3 of the License, or
     (at your option) any later version.
 
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
+    GNU General Public License for more details.
 
-    You should have received a copy of the GNU Affero General Public License
+    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
-  If your software can interact with users remotely through a computer
+  If the program does terminal interaction, make it output a short
-network, you should also make sure that it provides a way for users to
+notice like this when it starts in an interactive mode:
-get its source.  For example, if your program is a web application, its
+
-interface could display a "Source" link that leads users to an archive
+    <program>  Copyright (C) <year>  <name of author>
-of the code.  There are many ways you could offer source, and different
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-solutions will be better for different programs; see section 13 for the
+    This is free software, and you are welcome to redistribute it
-specific requirements.
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
 
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU AGPL, see
+For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

Makefile

@@ -0,0 +1,47 @@
+# Copyright (C) 2018-2020 Ruilin Peng (Nick) <pymumu@gmail.com>.
+#
+# smartdns is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# smartdns is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+PKG_CONFIG := pkg-config
+DESTDIR :=
+PREFIX := /usr
+SBINDIR := $(PREFIX)/sbin
+SYSCONFDIR := /etc
+RUNSTATEDIR := /var/run
+SYSTEMDSYSTEMUNITDIR := $(shell ${PKG_CONFIG} --variable=systemdsystemunitdir systemd)
+SMARTDNS_SYSTEMD = systemd/smartdns.service
+
+.PHONY: all clean install SMARTDNS_BIN
+all: SMARTDNS_BIN 
+
+SMARTDNS_BIN: $(SMARTDNS_SYSTEMD)
+	$(MAKE) $(MFLAGS) -C src all 
+
+$(SMARTDNS_SYSTEMD): systemd/smartdns.service.in
+	cp $< $@
+	sed -i 's|@SBINDIR@|$(SBINDIR)|' $@
+	sed -i 's|@SYSCONFDIR@|$(SYSCONFDIR)|' $@
+	sed -i 's|@RUNSTATEDIR@|$(RUNSTATEDIR)|' $@
+
+clean:
+	$(MAKE) $(MFLAGS) -C src clean  
+	$(RM) $(SMARTDNS_SYSTEMD)
+
+install: SMARTDNS_BIN 
+	install -v -m 0640 -D -t $(DESTDIR)$(SYSCONFDIR)/default etc/default/smartdns
+	install -v -m 0755 -D -t $(DESTDIR)$(SYSCONFDIR)/init.d etc/init.d/smartdns
+	install -v -m 0640 -D -t $(DESTDIR)$(SYSCONFDIR)/smartdns etc/smartdns/smartdns.conf
+	install -v -m 0755 -D -t $(DESTDIR)$(SBINDIR) src/smartdns
+	install -v -m 0644 -D -t $(DESTDIR)$(SYSTEMDSYSTEMUNITDIR) systemd/smartdns.service
+

ReadMe.md

@@ -519,8 +519,8 @@ https://github.com/pymumu/smartdns/releases
 |conf-file|附加配置文件|无|文件路径|conf-file /etc/smartdns/smartdns.more.conf
 |server|上游UDP DNS|无|可重复<br>`[ip][:port]`：服务器IP，端口可选。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server 8.8.8.8:53 -blacklist-ip -group g1
 |server-tcp|上游TCP DNS|无|可重复<br>`[ip][:port]`：服务器IP，端口可选。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server-tcp 8.8.8.8:53
-|server-tls|上游TLS DNS|无|可重复<br>`[ip][:port]`：服务器IP，端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值，base64编码的sha256 SPKI pin值<br>`[-host-name]`：TLS SNI名称。<br>`[-tls-host-verify]`: TLS证书主机名校验。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server-tls 8.8.8.8:853
+|server-tls|上游TLS DNS|无|可重复<br>`[ip][:port]`：服务器IP，端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值，base64编码的sha256 SPKI pin值<br>`[-host-name]`：TLS SNI名称。<br>`[-tls-host-verify]`: TLS证书主机名校验。<br> `-no-check-certificate:`：跳过证书校验。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server-tls 8.8.8.8:853
-|server-https|上游HTTPS DNS|无|可重复<br>`https://[host][:port]/path`：服务器IP，端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值，base64编码的sha256 SPKI pin值<br>`[-host-name]`：TLS SNI名称<br>`[-http-host]`：http协议头主机名。<br>`[-tls-host-verify]`: TLS证书主机名校验。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server-https https://cloudflare-dns.com/dns-query
+|server-https|上游HTTPS DNS|无|可重复<br>`https://[host][:port]/path`：服务器IP，端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值，base64编码的sha256 SPKI pin值<br>`[-host-name]`：TLS SNI名称<br>`[-http-host]`：http协议头主机名。<br>`[-tls-host-verify]`: TLS证书主机名校验。<br> `-no-check-certificate:`：跳过证书校验。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server-https https://cloudflare-dns.com/dns-query
 |speed-check-mode|测速模式选择|无|[ping\|tcp:[80]\|none]|speed-check-mode ping,tcp:80
 |address|指定域名IP地址|无|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6] <br>`-`表示忽略 <br>`#`表示返回SOA <br>`4`表示IPV4 <br>`6`表示IPV6| address /www.example.com/1.2.3.4
 |nameserver|指定域名使用server组解析|无|nameserver /domain/[group\|-], `group`为组名，`-`表示忽略此规则，配套server中的`-group`参数使用| nameserver /www.example.com/office
@@ -537,6 +537,8 @@ https://github.com/pymumu/smartdns/releases
 |serve-expired-ttl|过期缓存服务最长超时时间|0|秒，0：表示停用超时，> 0表示指定的超时的秒数|serve-expired-ttl 0
 |dualstack-ip-selection|双栈IP优选|no|[yes\|no]|dualstack-ip-selection yes
 |dualstack-ip-selection-threshold|双栈IP优选阈值|30ms|毫秒|dualstack-ip-selection-threshold [0-1000]
+|ca-file|证书文件|/etc/ssl/certs/ca-certificates.crt|路径|ca-file /etc/ssl/certs/ca-certificates.crt
+|ca-path|证书文件路径|/etc/ssl/certs|路径|ca-path /etc/ssl/certs
 
 ## FAQ
 

ReadMe_en.md

@@ -513,8 +513,8 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
 |conf-file|additional conf file|None|File path|conf-file /etc/smartdns/smartdns.more.conf
 |server|Upstream UDP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server 8.8.8.8:53 -blacklist-ip
 |server-tcp|Upstream TCP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tcp 8.8.8.8:53
-|server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name. <br>`[-tls-host-verify]`: TLS cert hostname to verify.<br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tls 8.8.8.8:853
+|server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tls 8.8.8.8:853
-|server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name<br>`[-http-host]`：http header host. <br>`[-tls-host-verify]`: TLS cert hostname to verify.<br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-https https://cloudflare-dns.com/dns-query
+|server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name<br>`[-http-host]`：http header host. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-https https://cloudflare-dns.com/dns-query
 |speed-check-mode|Speed ​​mode|None|[ping\|tcp:[80]\|none]|speed-check-mode ping,tcp:443
 |address|Domain IP address|None|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6], `-` for ignore, `#` for return SOA, `4` for IPV4, `6` for IPV6| address /www.example.com/1.2.3.4
 |nameserver|To query domain with specific server group|None|nameserver /domain/[group\|-], `group` is the group name, `-` means ignore this rule, use the `-group` parameter in the related server|nameserver /www.example.com/office
@@ -531,6 +531,8 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
 |serve-expired-ttl|Cache serve expired limite TTL|0|second，0：disable，> 0  seconds after expiration|serve-expired-ttl 0
 |dualstack-ip-selection|Dualstack ip selection|no|[yes\|no]|dualstack-ip-selection yes
 |dualstack-ip-selection-threshold|Dualstack ip select threadhold|30ms|millisecond|dualstack-ip-selection-threshold [0-1000]
+|ca-file|certificate file|/etc/ssl/certs/ca-certificates.crt|path|ca-file /etc/ssl/certs/ca-certificates.crt
+|ca-path|certificates path|/etc/ssl/certs|path|ca-path /etc/ssl/certs
 
 ## FAQ
 

etc/smartdns/smartdns.conf

@@ -112,6 +112,14 @@ log-level info
 # audit-size 128k
 # audit-num 2
 
+# certificate file
+# ca-file [file]
+# ca-file /etc/ssl/certs/ca-certificates.crt
+
+# certificate path
+# ca-path [path]
+# ca-path /etc/ss/certs
+
 # remote udp dns server list
 # server [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
 # default port is 53
@@ -130,8 +138,9 @@ log-level info
 # remote tls dns server list
 # server-tls [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
 #   -spki-pin: TLS spki pin to verify.
-#   -tls-host-check: cert hostname to verify.
+#   -tls-host-verify: cert hostname to verify.
-#   -hostname: TLS sni hostname.
+#   -host-name: TLS sni hostname.
+#   -no-check-certificate: no check certificate.
 # Get SPKI with this command:
 #    echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
 # default port is 853
@@ -141,9 +150,10 @@ log-level info
 # remote https dns server list
 # server-https https://[host]:[port]/path [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
 #   -spki-pin: TLS spki pin to verify.
-#   -tls-host-check: cert hostname to verify.
+#   -tls-host-verify: cert hostname to verify.
-#   -hostname: TLS sni hostname.
+#   -host-name: TLS sni hostname.
 #   -http-host: http host.
+#   -no-check-certificate: no check certificate.
 # default port is 443
 # server-https https://cloudflare-dns.com/dns-query
 

package/build-pkg.sh

@@ -43,8 +43,8 @@ showhelp()
 build_smartdns()
 {
 	if [ "$PLATFORM" != "luci" ]; then
-		make -C $CODE_DIR/src clean 
+		make -C $CODE_DIR clean $MAKE_ARGS
-		make -C $CODE_DIR/src all -j8 VER=$VER $MAKE_ARGS
+		make -C $CODE_DIR all -j8 VER=$VER $MAKE_ARGS
 		if [ $? -ne 0 ]; then
 			echo "make smartdns failed"
 			exit 1

package/linux/install

@@ -77,14 +77,18 @@ install_files()
 		return 1
 	fi
 
-	install -v -m 0755 -t $PREFIX/usr/sbin src/smartdns
+	install -v -m 0755 -t $PREFIX/usr/sbin usr/sbin/smartdns
 	if [ $? -ne 0 ]; then
 		return 1
 	fi
 
-	install -v -m 0640 -t  $PREFIX$SMARTDNS_CONF_DIR etc/smartdns/smartdns.conf
+	if [ -e "$PREFIX$SMARTDNS_CONF_DIR/smartdns.conf" ]; then
-	if [ $? -ne 0 ]; then
+		cp etc/smartdns/smartdns.conf $PREFIX$SMARTDNS_CONF_DIR/smartdns.conf.pkg
-		return 1
+	else 
+		install -v -m 0640 -t  $PREFIX$SMARTDNS_CONF_DIR etc/smartdns/smartdns.conf
+		if [ $? -ne 0 ]; then
+			return 1
+		fi
 	fi
 
 	install -v -m 0640 -t  $PREFIX/etc/default etc/default/smartdns
@@ -118,7 +122,6 @@ uninstall_smartdns()
 	if [ -z "$PREFIX" ]; then
 		stop_service 2>/dev/null
 	fi	
-	rm -f $PREFIX$SMARTDNS_CONF_DIR/smartdns.conf
 	rmdir $PREFIX$SMARTDNS_CONF_DIR 2>/dev/null
 	rm -f $PREFIX/usr/sbin/smartdns
 	rm -f $PREFIX/etc/default/smartdns

package/linux/make.sh

@@ -23,12 +23,17 @@ build()
 	cd $PKG_ROOT/
 
 	# Generic x86_64
-	mkdir $PKG_ROOT/smartdns/src -p
+	mkdir $PKG_ROOT/smartdns/usr/sbin -p
 	mkdir $PKG_ROOT/smartdns/package -p
+	mkdir $PKG_ROOT/smartdns/systemd -p 
+	
 	cd $SMARTDNS_DIR
 	cp package/windows $PKG_ROOT/smartdns/package/ -a
-	cp etc systemd *.md LICENSE install $PKG_ROOT/smartdns/ -a
+	cp etc *.md LICENSE package/linux/install $PKG_ROOT/smartdns/ -a
-	cp src/smartdns $PKG_ROOT/smartdns/src -a
+	cp systemd/smartdns.service $PKG_ROOT/smartdns/systemd
+	cp src/smartdns $PKG_ROOT/smartdns/usr/sbin -a
+	chmod +x $PKG_ROOT/smartdns/install
+
 	if [ $? -ne 0 ]; then
 		echo "copy smartdns file failed"
 		rm -fr $PKG_ROOT

package/luci-compat/control/control

@@ -4,5 +4,4 @@ Depends: libc, smartdns
 Source: feeds/luci/applications/luci-app-smartdns
 Section: luci
 Architecture: all
-Installed-Size: 1040
+Description:  A smartdns server
-Description:  A smartdns server module

package/luci-compat/files/luci/i18n/smartdns.zh-cn.po

@@ -214,6 +214,12 @@ msgstr "校验TLS主机名"
 msgid "Set TLS hostname to verify."
 msgstr "设置校验TLS主机名。"
 
+msgid "No check certificate"
+msgstr "停用证书校验"
+
+msgid "Do not check certificate."
+msgstr "不校验证书的合法性。"
+
 msgid "TLS SNI name"
 msgstr "TLS SNI名称"
 

package/luci-compat/files/luci/model/cbi/smartdns/upstream.lua

@@ -78,6 +78,16 @@ o.rempty      = true
 o:depends("type", "tls")
 o:depends("type", "https")
 
+---- certificate verify
+o = s:option(Flag, "no_check_certificate", translate("No check certificate"), translate("Do not check certificate."))
+o.rmempty     = false
+o.default     = o.disabled
+o.cfgvalue    = function(...)
+    return Flag.cfgvalue(...) or "0"
+end
+o:depends("type", "tls")
+o:depends("type", "https")
+
 ---- SNI host name
 o = s:option(Value, "host_name", translate("TLS SNI name"), translate("Sets the server name indication for query."))
 o.default     = ""

package/luci-compat/make.sh

@@ -75,7 +75,7 @@ build()
 	cd $ROOT
 
 	tar zcf $ROOT/data.tar.gz -C root .
-	tar zcf $OUTPUTDIR/luci-app-smartdns.$VER.$FILEARCH.ipk control.tar.gz data.tar.gz debian-binary
+	tar zcf $OUTPUTDIR/luci-app-smartdns.$VER.$FILEARCH.ipk ./control.tar.gz ./data.tar.gz ./debian-binary
 
 	rm -fr $ROOT/
 }

package/luci/control/control

@@ -4,5 +4,4 @@ Depends: libc, smartdns
 Source: feeds/luci/applications/luci-app-smartdns
 Section: luci
 Architecture: all
-Installed-Size: 1040
+Description:  A smartdns server
-Description:  A smartdns server module

package/luci/control/postinst-pkg

@@ -1,4 +0,0 @@
-[ -n "${IPKG_INSTROOT}" ] || {
-	(. /etc/uci-defaults/50_luci-smartdns) && rm -f /etc/uci-defaults/50_luci-smartdns
-	exit 0
-}

package/luci/files/etc/uci-defaults/50_luci-smartdns

@@ -1,26 +0,0 @@
-#!/bin/sh
-#
-# Copyright (C) 2018-2020 Ruilin Peng (Nick) <pymumu@gmail.com>.
-#
-# smartdns is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# smartdns is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-uci -q batch <<-EOF >/dev/null
-	delete ucitrack.@smartdns[-1]
-	add ucitrack smartdns
-	set ucitrack.@smartdns[-1].init=smartdns
-	commit ucitrack
-EOF
-
-rm -f /tmp/luci-indexcache
-exit 0

package/luci/files/luci/controller/smartdns.lua

@@ -1,27 +0,0 @@
---
--- Copyright (C) 2018-2020 Ruilin Peng (Nick) <pymumu@gmail.com>.
---
--- smartdns is free software: you can redistribute it and/or modify
--- it under the terms of the GNU General Public License as published by
--- the Free Software Foundation, either version 3 of the License, or
--- (at your option) any later version.
---
--- smartdns is distributed in the hope that it will be useful,
--- but WITHOUT ANY WARRANTY; without even the implied warranty of
--- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--- GNU General Public License for more details.
---
--- You should have received a copy of the GNU General Public License
--- along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-module("luci.controller.smartdns", package.seeall)
-
-function index()
-	if not nixio.fs.access("/etc/config/smartdns") then
-		return
-	end
-
-	local page
-	page = entry({"admin", "services", "smartdns"}, view("smartdns/smartdns"), _("SmartDNS"), 60)
-	page.dependent = true
-end

package/luci/files/luci/i18n/smartdns.zh-cn.po

@@ -226,6 +226,12 @@ msgstr "校验TLS主机名"
 msgid "Set TLS hostname to verify."
 msgstr "设置校验TLS主机名。"
 
+msgid "No check certificate"
+msgstr "停用证书校验"
+
+msgid "Do not check certificate."
+msgstr "不校验证书的合法性。"
+
 msgid "TLS SNI name"
 msgstr "TLS SNI名称"
 

package/luci/files/root/usr/share/luci/menu.d/luci-app-smartdns.json

@@ -0,0 +1,12 @@
+{
+	"admin/services/smartdns": {
+		"title": "SmartDNS",
+		"action": {
+			"type": "view",
+			"path": "smartdns/smartdns"
+		},
+		"depends": {
+			"uci": { "smartdns": true }
+		}
+	}
+}

package/luci/files/root/usr/share/rpcd/acl.d/luci-app-smartdns.json

@@ -4,18 +4,20 @@
 		"read": {
 			"file": {
 				"/etc/smartdns/*": [ "read" ],
-				"/usr/sbin/iptables": [ "exec" ],
+				"/usr/sbin/iptables -t nat -nL PREROUTING": [ "exec" ],
-				"/usr/sbin/ip6tables": [ "exec" ],
+				"/usr/sbin/ip6tables -t nat -nL PREROUTING": [ "exec" ],
 				"/usr/sbin/smartdns": [ "exec" ]
 			},
 			"ubus": {
 				"service": [ "list" ]
-			}
+			},
+			"uci": [ "smartdns" ]
 		},
 		"write": {
 			"file": {
 				"/etc/smartdns/*": [ "write" ]
-			}
+			},
+			"uci": [ "smartdns" ]
 		}
 	}
-}
+}

package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js

@@ -81,9 +81,9 @@ function smartdnsRenderStatus(res) {
 	var ipv6Enabled = uci.get_first('smartdns', 'smartdns', 'ipv6_server');
 
 	if (isRunning) {
-		renderHTML += "<b><font color=green>SmartDNS - " + _("RUNNING") + "</font></b></em>";
+		renderHTML += "<span style=\"color:green;font-weight:bold\">SmartDNS - " + _("RUNNING") + "</span>";
 	} else {
-		renderHTML += "<b><font color=red>SmartDNS - " + _("NOT RUNNING") + "</font></b></em>";
+		renderHTML += "<span style=\"color:red;font-weight:bold\">SmartDNS - " + _("NOT RUNNING") + "</span>";
 		return renderHTML;
 	}
 
@@ -92,7 +92,7 @@ function smartdnsRenderStatus(res) {
 		var dnsmasqServer = uci.get_first('dhcp', 'dnsmasq', 'server') || "";
 
 		if (dnsmasqServer.indexOf(matchLine) < 0) {
-			renderHTML += "<br></br><b><font color=red>" + _("Dnsmasq Forwared To Smartdns Failure") + "</font></b>";
+			renderHTML += "<br /><span style=\"color:red;font-weight:bold\">" + _("Dnsmasq Forwared To Smartdns Failure") + "</span>";
 		}
 	} else if (redirectMode === "redirect") {
 		var redirectRules = (ipt || '').split(/\n/).filter(function (rule) {
@@ -100,13 +100,13 @@ function smartdnsRenderStatus(res) {
 		});
 
 		if (redirectRules.length <= 0) {
-			renderHTML += "<br></br><b><font color=red>" + _("IPV4 53 Port Redirect Failure") + "</font></b>";
+			renderHTML += "<br /><span style=\"color:red;font-weight:bold\">" + _("IPV4 53 Port Redirect Failure") + "</span>";
 			if (ipv6Enabled) {
 				var redirectRules = (ip6t || '').split(/\n/).filter(function (rule) {
 					return rule.match(/REDIRECT/) && rule.match(/dpt:53/) && rule.match("ports " + serverPort);
 				});
 				if (redirectRules.length <= 0) {
-					renderHTML += "<br></br><b><font color=red>" + _("IPV6 53 Port Redirect Failure") + "</font></b>";
+					renderHTML += "<br /><span style=\"color:red;font-weight:bold\">" + _("IPV6 53 Port Redirect Failure") + "</span>";
 				}
 			}
 		}
@@ -118,8 +118,6 @@ function smartdnsRenderStatus(res) {
 return L.view.extend({
 	load: function () {
 		return Promise.all([
-			L.resolveDefault(fs.stat('/etc/config/smartdns'), null),
-			L.resolveDefault(fs.stat('/usr/sbin/smartdns'), {}),
 			uci.load('smartdns'),
 			uci.load('dhcp')
 		]);
@@ -192,11 +190,12 @@ return L.view.extend({
 		o.rmempty = false;
 		o.default = o.disabled;
 
+		// Domain prefetch load ;
 		o = s.taboption("settings", form.Flag, "prefetch_domain", _("Domain prefetch"),
-		_("Enable domain prefetch, accelerate domain response speed."));
+			_("Enable domain prefetch, accelerate domain response speed."));
 		o.rmempty = false;
 		o.default = o.disabled;
-		
+
 		// Domain Serve expired
 		o = s.taboption("settings", form.Flag, "serve_expired", _("Serve expired"),
 			_("Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish."));
@@ -306,8 +305,7 @@ return L.view.extend({
 
 		// custom settings;
 		o = s.taboption("custom", form.TextValue, "custom_conf",
-			_(""),
+			"", _("smartdns custom settings"));
-			_("smartdns custom settings"));
 
 		o.rows = 20;
 		o.cfgvalue = function (section_id) {
@@ -391,6 +389,15 @@ return L.view.extend({
 		o.depends("type", "tls")
 		o.depends("type", "https")
 
+		// certificate verify
+		o = s.taboption("advanced", form.Flag, "no_check_certificate", _("No check certificate"),
+			_("Do not check certificate."))
+		o.rmempty = false
+		o.default = o.disabled
+		o.modalonly = true;
+		o.depends("type", "tls")
+		o.depends("type", "https")
+
 		// SNI host name
 		o = s.taboption("advanced", form.Value, "host_name", _("TLS SNI name"),
 			_("Sets the server name indication for query."))
@@ -436,7 +443,7 @@ return L.view.extend({
 		s.tab("blackip-list", _("IP Blacklist"), _("Set Specific ip blacklist."));
 
 		o = s.taboption("domain-address", form.TextValue, "address_conf",
-			_(""),
+			"",
 			_("Specify an IP address to return for any host in the given domains, Queries in the domains are never "
 				+ "forwarded and always replied to with the specified IP address which may be IPv4 or IPv6."));
 		o.rows = 20;
@@ -450,8 +457,7 @@ return L.view.extend({
 		// IP Blacklist;
 		// blacklist;
 		o = s.taboption("blackip-list", form.TextValue, "blackip_ip_conf",
-			_(""),
+			"", _("Configure IP blacklists that will be filtered from the results of specific DNS server."));
-			_("Configure IP blacklists that will be filtered from the results of specific DNS server."));
 		o.rows = 20;
 		o.cfgvalue = function (section_id) {
 			return fs.trimmed('/etc/smartdns/blacklist-ip.conf');
@@ -484,4 +490,3 @@ return L.view.extend({
 		return m.render();
 	}
 });
-

package/luci/make.sh

@@ -53,22 +53,15 @@ build()
 	cd $ROOT/
 	build_tool
 	
-	mkdir $ROOT/root/usr/lib/lua/ -p
+	mkdir $ROOT/root/usr/lib/lua/luci -p
-	mkdir $ROOT/root/usr/lib/lua/luci/controller/ -p
 	mkdir $ROOT/root/usr/share/rpcd/acl.d/ -p
-	cp $ROOT/files/luci/controller/* $ROOT/root/usr/lib/lua/luci/controller/ -avf
 	cp $ROOT/files/luci/i18n $ROOT/root/usr/lib/lua/luci/ -avf
-	cp $ROOT/files/luci/view $ROOT/root/usr/lib/lua/luci/ -avf
-
-	mkdir $ROOT/root/www/luci-static/resources/view -p
-	cp $ROOT/files/luci/htdocs/luci-static/resources/view/* $ROOT/root/www/luci-static/resources/view/ -avf
 
 	#Generate Language
 	$PO2LMO $ROOT/files/luci/i18n/smartdns.zh-cn.po $ROOT/root/usr/lib/lua/luci/i18n/smartdns.zh-cn.lmo
 	rm $ROOT/root/usr/lib/lua/luci/i18n/smartdns.zh-cn.po
 
-	cp $ROOT/files/etc $ROOT/root/ -avf
+	cp $ROOT/files/root/* $ROOT/root/ -avf
-	cp $ROOT/files/usr $ROOT/root/ -avf
 	INST_SIZE="`du -sb $ROOT/root/ | awk '{print $1}'`"
 	
 	sed -i "s/^Architecture.*/Architecture: all/g" $ROOT/control/control
@@ -84,7 +77,7 @@ build()
 	cd $ROOT
 
 	tar zcf $ROOT/data.tar.gz -C root .
-	tar zcf $OUTPUTDIR/luci-app-smartdns.$VER.$FILEARCH.ipk control.tar.gz data.tar.gz debian-binary
+	tar zcf $OUTPUTDIR/luci-app-smartdns.$VER.$FILEARCH.ipk ./control.tar.gz ./data.tar.gz ./debian-binary
 
 	rm -fr $ROOT/
 }

package/openwrt/Makefile

@@ -9,6 +9,9 @@ PKG_NAME:=smartdns
 PKG_VERSION:=1.2019.28
 PKG_RELEASE:=1
 
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://www.github.com/pymumu/smartdns.git
 PKG_SOURCE_VERSION:=982002e836e486fb4e360bc10e84e7e7197caf46

package/openwrt/files/etc/init.d/smartdns

@@ -46,7 +46,6 @@ set_forward_dnsmasq()
 		[ "$server" = "$addr" ] && continue
 		uci add_list dhcp.@dnsmasq[0].server="$server"
 	done
-	uci delete dhcp.@dnsmasq[0].resolvfile 2>/dev/null
 	uci set dhcp.@dnsmasq[0].noresolv=1
 	uci commit dhcp
 	/etc/init.d/dnsmasq restart
@@ -57,14 +56,13 @@ stop_forward_dnsmasq()
 	local OLD_PORT="$1"
 	addr="127.0.0.1#$OLD_PORT"
 	OLD_SERVER="$(uci get dhcp.@dnsmasq[0].server 2>/dev/null)"
-	if echo "$OLD_SERVER" | grep "^$addr" >/dev/null 2>&1; then
+	if ! echo "$OLD_SERVER" | grep "^$addr" >/dev/null 2>&1; then
 		return
 	fi
 
 	uci del_list dhcp.@dnsmasq[0].server="$addr" 2>/dev/null
 	addrlist="$(uci get dhcp.@dnsmasq[0].server 2>/dev/null)"
 	[ -z "$addrlist" ] && {
-		uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto 2>/dev/null
 		uci delete dhcp.@dnsmasq[0].noresolv 2>/dev/null
 	}
 	uci commit dhcp
@@ -125,7 +123,6 @@ service_triggers() {
 	procd_add_reload_trigger smartdns
 }
 
-
 conf_append()
 {
 	echo "$1 $2" >> $SMARTDNS_CONF_TMP
@@ -159,6 +156,7 @@ load_server()
 	config_get type "$section" "type" "udp"
 	config_get ip "$section" "ip" ""
 	config_get tls_host_verify "$section" "tls_host_verify" ""
+	config_get no_check_certificate "$section" "no_check_certificate" "0"
 	config_get host_name "$section" "host_name" ""
 	config_get http_host "$section" "http_host" ""
 	config_get server_group "$section" "server_group" ""
@@ -189,6 +187,7 @@ load_server()
 	fi
 
 	[ -z "$tls_host_verify" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -tls-host-verify $tls_host_verify"
+	[ "$no_check_certificate" = "0" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -no-check-certificate"
 	[ -z "$host_name" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -host-name $host_name"
 	[ -z "$http_host" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -http-host $http_host"
 	[ -z "$server_group" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -group $server_group"

src/Makefile

@@ -38,7 +38,7 @@ else
 override LDFLAGS += -lssl -lcrypto -lpthread 
 endif
 
-.PHONY: all
+.PHONY: all clean
 
 all: $(BIN)
  

src/dns.c

@@ -18,15 +18,15 @@
 
 #define _GNU_SOURCE
 #include "dns.h"
-#include "tlog.h"
 #include "stringutil.h"
+#include "tlog.h"
+#include <arpa/inet.h>
 #include <fcntl.h>
 #include <stdio.h>
 #include <string.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
-#include <arpa/inet.h>
 
 #define QR_MASK 0x8000
 #define OPCODE_MASK 0x7800
@@ -37,9 +37,9 @@
 #define RCODE_MASK 0x000F
 #define DNS_RR_END (0XFFFF)
 
-#define UNUSED(expr)                                                                                                                                           \
+#define UNUSED(expr)                                                                                                   \
-	do {                                                                                                                                                       \
+	do {                                                                                                               \
-		(void)(expr);                                                                                                                                          \
+		(void)(expr);                                                                                                  \
 	} while (0)
 
 /* read short and move pointer */
@@ -305,7 +305,8 @@ static int _dns_get_qr_head(struct dns_data_context *data_context, char *domain,
 	return 0;
 }
 
-static int _dns_add_rr_head(struct dns_data_context *data_context, char *domain, int qtype, int qclass, int ttl, int rr_len)
+static int _dns_add_rr_head(struct dns_data_context *data_context, char *domain, int qtype, int qclass, int ttl,
+							int rr_len)
 {
 	int len = 0;
 
@@ -333,7 +334,8 @@ static int _dns_add_rr_head(struct dns_data_context *data_context, char *domain,
 	return 0;
 }
 
-static int _dns_get_rr_head(struct dns_data_context *data_context, char *domain, int maxsize, int *qtype, int *qclass, int *ttl, int *rr_len)
+static int _dns_get_rr_head(struct dns_data_context *data_context, char *domain, int maxsize, int *qtype, int *qclass,
+							int *ttl, int *rr_len)
 {
 	int len = 0;
 
@@ -358,7 +360,8 @@ static int _dns_get_rr_head(struct dns_data_context *data_context, char *domain,
 	return len;
 }
 
-static int _dns_add_RAW(struct dns_packet *packet, dns_rr_type rrtype, dns_type_t rtype, char *domain, int ttl, void *raw, int raw_len)
+static int _dns_add_RAW(struct dns_packet *packet, dns_rr_type rrtype, dns_type_t rtype, char *domain, int ttl,
+						void *raw, int raw_len)
 {
 	int maxlen = 0;
 	int len = 0;
@@ -451,14 +454,16 @@ static int _dns_add_opt_RAW(struct dns_packet *packet, dns_opt_code_t opt_rrtype
 	return _dns_add_RAW(packet, DNS_RRS_OPT, DNS_OPT_T_TCP_KEEPALIVE, "", 0, opt_data, len);
 }
 
-static int _dns_get_opt_RAW(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, struct dns_opt *dns_opt, int *dns_optlen)
+static int _dns_get_opt_RAW(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, struct dns_opt *dns_opt,
+							int *dns_optlen)
 {
 	*dns_optlen = DNS_MAX_OPT_LEN;
 
 	return _dns_get_RAW(rrs, domain, maxsize, ttl, dns_opt, dns_optlen);
 }
 
-static int __attribute__((unused))  _dns_add_OPT(struct dns_packet *packet, dns_rr_type type, unsigned short opt_code, unsigned short opt_len, struct dns_opt *opt)
+static int __attribute__((unused)) _dns_add_OPT(struct dns_packet *packet, dns_rr_type type, unsigned short opt_code,
+												unsigned short opt_len, struct dns_opt *opt)
 {
 	// TODO
 
@@ -508,7 +513,8 @@ static int __attribute__((unused))  _dns_add_OPT(struct dns_packet *packet, dns_
 	return _dns_rr_add_end(packet, type, DNS_T_OPT, len);
 }
 
-static int __attribute__((unused)) _dns_get_OPT(struct dns_rrs *rrs, unsigned short *opt_code, unsigned short *opt_len, struct dns_opt *opt, int *opt_maxlen)
+static int __attribute__((unused)) _dns_get_OPT(struct dns_rrs *rrs, unsigned short *opt_code, unsigned short *opt_len,
+												struct dns_opt *opt, int *opt_maxlen)
 {
 	// TODO
 
@@ -593,7 +599,8 @@ int dns_get_NS(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, char *c
 	return _dns_get_RAW(rrs, domain, maxsize, ttl, cname, &len);
 }
 
-int dns_add_AAAA(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, unsigned char addr[DNS_RR_AAAA_LEN])
+int dns_add_AAAA(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl,
+				 unsigned char addr[DNS_RR_AAAA_LEN])
 {
 	return _dns_add_RAW(packet, type, DNS_T_AAAA, domain, ttl, addr, DNS_RR_AAAA_LEN);
 }
@@ -749,7 +756,8 @@ int dns_add_OPT_TCP_KEEYALIVE(struct dns_packet *packet, unsigned short timeout)
 	return _dns_add_opt_RAW(packet, DNS_OPT_T_TCP_KEEPALIVE, &timeout_net, data_len);
 }
 
-int dns_get_OPT_TCP_KEEYALIVE(struct dns_rrs *rrs, unsigned short *opt_code, unsigned short *opt_len, unsigned short *timeout)
+int dns_get_OPT_TCP_KEEYALIVE(struct dns_rrs *rrs, unsigned short *opt_code, unsigned short *opt_len,
+							  unsigned short *timeout)
 {
 	unsigned char opt_data[DNS_MAX_OPT_LEN];
 	struct dns_opt *opt = (struct dns_opt *)opt_data;
@@ -961,7 +969,8 @@ static int _dns_decode_domain(struct dns_context *context, char *output, int siz
 			}
 			ptr = context->data + len;
 			if (ptr > context->data + context->maxsize) {
-				tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", context->maxsize, (long)(ptr - context->data), context->ptr, context->data);
+				tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", context->maxsize, (long)(ptr - context->data),
+					 context->ptr, context->data);
 				return -1;
 			}
 			is_compressed = 1;
@@ -979,7 +988,8 @@ static int _dns_decode_domain(struct dns_context *context, char *output, int siz
 		}
 
 		if (ptr > context->data + context->maxsize) {
-			tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", context->maxsize, (long)(ptr - context->data), context->ptr, context->data);
+			tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", context->maxsize, (long)(ptr - context->data),
+				 context->ptr, context->data);
 			return -1;
 		}
 
@@ -988,7 +998,8 @@ static int _dns_decode_domain(struct dns_context *context, char *output, int siz
 			/* copy sub string */
 			copy_len = (len < size - output_len) ? len : size - 1 - output_len;
 			if ((ptr + copy_len) > (context->data + context->maxsize)) {
-				tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", context->maxsize, (long)(ptr - context->data), context->ptr, context->data);
+				tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", context->maxsize, (long)(ptr - context->data),
+					 context->ptr, context->data);
 				return -1;
 			}
 			memcpy(output, ptr, copy_len);
@@ -1089,7 +1100,8 @@ static int _dns_encode_qr_head(struct dns_context *context, char *domain, int qt
 	return 0;
 }
 
-static int _dns_decode_rr_head(struct dns_context *context, char *domain, int domain_size, int *qtype, int *qclass, int *ttl, int *rr_len)
+static int _dns_decode_rr_head(struct dns_context *context, char *domain, int domain_size, int *qtype, int *qclass,
+							   int *ttl, int *rr_len)
 {
 	int len = 0;
 
@@ -1358,7 +1370,8 @@ static int _dns_decode_opt_ecs(struct dns_context *context, struct dns_opt_ecs *
 	memcpy(ecs->addr, context->ptr, len);
 	context->ptr += len;
 
-	tlog(TLOG_DEBUG, "ECS: family:%d, source_prefix:%d, scope_prefix:%d, len:%d", ecs->family, ecs->source_prefix, ecs->scope_prefix, len);
+	tlog(TLOG_DEBUG, "ECS: family:%d, source_prefix:%d, scope_prefix:%d, len:%d", ecs->family, ecs->source_prefix,
+		 ecs->scope_prefix, len);
 	tlog(TLOG_DEBUG, "%d.%d.%d.%d", ecs->addr[0], ecs->addr[1], ecs->addr[2], ecs->addr[3]);
 
 	return 0;

src/dns.h

@@ -44,7 +44,10 @@ typedef enum dns_rr_type {
 	DNS_RRS_END,
 } dns_rr_type;
 
-typedef enum dns_class { DNS_C_IN = 1, DNS_C_ANY = 255 } dns_class_t;
+typedef enum dns_class {
+	DNS_C_IN = 1, // DNS C IN
+	DNS_C_ANY = 255
+} dns_class_t;
 
 typedef enum dns_type {
 	DNS_T_A = 1,
@@ -63,10 +66,10 @@ typedef enum dns_type {
 	DNS_T_ALL = 255
 } dns_type_t;
 
-typedef enum dns_opt_code { 
+typedef enum dns_opt_code {
-	DNS_OPT_T_ECS = 8, 
+	DNS_OPT_T_ECS = 8, // OPT ECS
 	DNS_OPT_T_TCP_KEEPALIVE = 11,
-	DNS_OPT_T_ALL = 255 
+	DNS_OPT_T_ALL = 255
 } dns_opt_code_t;
 
 typedef enum dns_opcode {
@@ -107,7 +110,7 @@ struct dns_head {
 	unsigned short ancount; /* number of answer entries */
 	unsigned short nscount; /* number of authority entries */
 	unsigned short nrcount; /* number of addititional resource entries */
-} __attribute__((packed));
+} __attribute__((packed, aligned(2)));
 
 struct dns_rrs {
 	unsigned short next;
@@ -196,7 +199,8 @@ int dns_get_A(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, unsigned
 int dns_add_PTR(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, char *cname);
 int dns_get_PTR(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, char *cname, int cname_size);
 
-int dns_add_AAAA(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, unsigned char addr[DNS_RR_AAAA_LEN]);
+int dns_add_AAAA(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl,
+				 unsigned char addr[DNS_RR_AAAA_LEN]);
 int dns_get_AAAA(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, unsigned char addr[DNS_RR_AAAA_LEN]);
 
 int dns_add_SOA(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, struct dns_soa *soa);
@@ -212,7 +216,8 @@ int dns_add_OPT_ECS(struct dns_packet *packet, struct dns_opt_ecs *ecs);
 int dns_get_OPT_ECS(struct dns_rrs *rrs, unsigned short *opt_code, unsigned short *opt_len, struct dns_opt_ecs *ecs);
 
 int dns_add_OPT_TCP_KEEYALIVE(struct dns_packet *packet, unsigned short timeout);
-int dns_get_OPT_TCP_KEEYALIVE(struct dns_rrs *rrs, unsigned short *opt_code, unsigned short *opt_len, unsigned short *timeout);
+int dns_get_OPT_TCP_KEEYALIVE(struct dns_rrs *rrs, unsigned short *opt_code, unsigned short *opt_len,
+							  unsigned short *timeout);
 /*
  * Packet operation
  */

src/dns_cache.c

@@ -82,6 +82,7 @@ static void _dns_cache_delete(struct dns_cache *dns_cache)
 	hash_del(&dns_cache->node);
 	list_del_init(&dns_cache->list);
 	atomic_dec(&dns_cache_head.num);
+	dns_cache_data_free(dns_cache->cache_data);
 	free(dns_cache);
 }
 
@@ -118,9 +119,89 @@ static void _dns_cache_move_inactive(struct dns_cache *dns_cache)
 	list_add_tail(&dns_cache->list, &dns_cache_head.inactive_list);
 }
 
-int dns_cache_replace(char *domain, char *cname, int cname_ttl, int ttl, dns_type_t qtype, unsigned char *addr, int addr_len, int speed)
+enum CACHE_TYPE dns_cache_data_type(struct dns_cache_data *cache_data)
+{
+	return cache_data->head.cache_type;
+}
+
+uint32_t dns_cache_get_cache_flag(struct dns_cache_data *cache_data)
+{
+	return cache_data->head.cache_flag;
+}
+
+void dns_cache_data_free(struct dns_cache_data *data)
+{
+	if (data == NULL) {
+		return;
+	}
+
+	free(data);
+}
+
+struct dns_cache_data *dns_cache_new_data_addr(uint32_t cache_flag, char *cname, int cname_ttl, unsigned char *addr,
+											   int addr_len)
+{
+	struct dns_cache_addr *cache_addr = malloc(sizeof(struct dns_cache_addr));
+	memset(cache_addr, 0, sizeof(struct dns_cache_addr));
+	if (cache_addr == NULL) {
+		return NULL;
+	}
+
+	if (addr_len == DNS_RR_A_LEN) {
+		memcpy(cache_addr->addr_data.addr, addr, DNS_RR_A_LEN);
+	} else if (addr_len != DNS_RR_AAAA_LEN) {
+		memcpy(cache_addr->addr_data.addr, addr, DNS_RR_AAAA_LEN);
+	} else {
+		goto errout;
+	}
+
+	if (cname) {
+		safe_strncpy(cache_addr->addr_data.cname, cname, DNS_MAX_CNAME_LEN);
+		cache_addr->addr_data.cname_ttl = cname_ttl;
+	}
+
+	cache_addr->head.cache_flag = cache_flag;
+	cache_addr->head.cache_type = CACHE_TYPE_ADDR;
+	cache_addr->head.size = sizeof(struct dns_cache_addr) - sizeof(struct dns_cache_head);
+
+	return (struct dns_cache_data *)cache_addr;
+
+errout:
+	if (cache_addr) {
+		free(cache_addr);
+		cache_addr = NULL;
+	}
+
+	return NULL;
+}
+
+struct dns_cache_data *dns_cache_new_data_packet(uint32_t cache_flag, void *packet, size_t packet_len)
+{
+	struct dns_cache_packet *cache_packet = NULL;
+	size_t data_size = 0;
+	if (packet == NULL || packet_len <= 0) {
+		return NULL;
+	}
+
+	data_size = sizeof(*cache_packet) + packet_len;
+	cache_packet = malloc(data_size);
+	if (cache_packet == NULL) {
+		return NULL;
+	}
+
+	memcpy(cache_packet->data, packet, packet_len);
+
+	cache_packet->head.cache_flag = cache_flag;
+	cache_packet->head.cache_type = CACHE_TYPE_PACKET;
+	cache_packet->head.size = packet_len;
+
+	return (struct dns_cache_data *)cache_packet;
+}
+
+int dns_cache_replace(char *domain, int ttl, dns_type_t qtype, int speed, struct dns_cache_data *cache_data)
 {
 	struct dns_cache *dns_cache = NULL;
+	struct dns_cache_data *old_cache_data = NULL;
 
 	if (dns_cache_head.size <= 0) {
 		return 0;
@@ -129,7 +210,7 @@ int dns_cache_replace(char *domain, char *cname, int cname_ttl, int ttl, dns_typ
 	/* lookup existing cache */
 	dns_cache = dns_cache_lookup(domain, qtype);
 	if (dns_cache == NULL) {
-		return 0;
+		return dns_cache_insert(domain, ttl, qtype, speed, cache_data);
 	}
 
 	if (ttl < DNS_CACHE_TTL_MIN) {
@@ -144,45 +225,26 @@ int dns_cache_replace(char *domain, char *cname, int cname_ttl, int ttl, dns_typ
 	dns_cache->del_pending = 0;
 	dns_cache->speed = speed;
 	time(&dns_cache->insert_time);
-	if (qtype == DNS_T_A) {
+	old_cache_data = dns_cache->cache_data;
-		if (addr_len != DNS_RR_A_LEN) {
+	dns_cache->cache_data = cache_data;
-			goto errout_unlock;
-		}
-		memcpy(dns_cache->addr, addr, DNS_RR_A_LEN);
-	} else if (qtype == DNS_T_AAAA) {
-		if (addr_len != DNS_RR_AAAA_LEN) {
-			goto errout_unlock;
-		}
-		memcpy(dns_cache->addr, addr, DNS_RR_AAAA_LEN);
-	} else {
-		goto errout_unlock;
-	}
-
-	if (cname) {
-		safe_strncpy(dns_cache->cname, cname, DNS_MAX_CNAME_LEN);
-		dns_cache->cname_ttl = cname_ttl;
-	}
-
 	list_del_init(&dns_cache->list);
 	list_add_tail(&dns_cache->list, &dns_cache_head.cache_list);
 	pthread_mutex_unlock(&dns_cache_head.lock);
 
+	dns_cache_data_free(old_cache_data);
 	dns_cache_release(dns_cache);
 	return 0;
-errout_unlock:
-	pthread_mutex_unlock(&dns_cache_head.lock);
-	// errout:
-	if (dns_cache) {
-		dns_cache_release(dns_cache);
-	}
-	return -1;
 }
 
-int dns_cache_insert(char *domain, char *cname, int cname_ttl, int ttl, dns_type_t qtype, unsigned char *addr, int addr_len, int speed)
+int dns_cache_insert(char *domain, int ttl, dns_type_t qtype, int speed, struct dns_cache_data *cache_data)
 {
 	uint32_t key = 0;
 	struct dns_cache *dns_cache = NULL;
 
+	if (cache_data == NULL || domain == NULL) {
+		return -1;
+	}
+
 	if (dns_cache_head.size <= 0) {
 		return 0;
 	}
@@ -204,37 +266,19 @@ int dns_cache_insert(char *domain, char *cname, int cname_ttl, int ttl, dns_type
 		ttl = DNS_CACHE_TTL_MIN;
 	}
 
+	memset(dns_cache, 0, sizeof(*dns_cache));
 	key = hash_string(domain);
 	key = jhash(&qtype, sizeof(qtype), key);
 	safe_strncpy(dns_cache->domain, domain, DNS_MAX_CNAME_LEN);
-	dns_cache->cname[0] = 0;
+	atomic_set(&dns_cache->hitnum, 3);
+	atomic_set(&dns_cache->ref, 1);
 	dns_cache->qtype = qtype;
 	dns_cache->ttl = ttl;
-	atomic_set(&dns_cache->hitnum, 3);
 	dns_cache->hitnum_update_add = DNS_CACHE_HITNUM_STEP;
 	dns_cache->del_pending = 0;
 	dns_cache->speed = speed;
-	atomic_set(&dns_cache->ref, 1);
+	dns_cache->cache_data = cache_data;
 	time(&dns_cache->insert_time);
-	if (qtype == DNS_T_A) {
-		if (addr_len != DNS_RR_A_LEN) {
-			goto errout;
-		}
-		memcpy(dns_cache->addr, addr, DNS_RR_A_LEN);
-	} else if (qtype == DNS_T_AAAA) {
-		if (addr_len != DNS_RR_AAAA_LEN) {
-			goto errout;
-		}
-		memcpy(dns_cache->addr, addr, DNS_RR_AAAA_LEN);
-	} else {
-		goto errout;
-	}
-
-	if (cname) {
-		safe_strncpy(dns_cache->cname, cname, DNS_MAX_CNAME_LEN);
-		dns_cache->cname_ttl = cname_ttl;
-	}
-
 	pthread_mutex_lock(&dns_cache_head.lock);
 	hash_add(dns_cache_head.cache_hash, &dns_cache->node, key);
 	list_add_tail(&dns_cache->list, &dns_cache_head.cache_list);
@@ -319,6 +363,11 @@ int dns_cache_get_ttl(struct dns_cache *dns_cache)
 	return ttl;
 }
 
+struct dns_cache_data *dns_cache_get_data(struct dns_cache *dns_cache)
+{
+	return dns_cache->cache_data;
+}
+
 void dns_cache_delete(struct dns_cache *dns_cache)
 {
 	pthread_mutex_lock(&dns_cache_head.lock);

src/dns_cache.h

@@ -33,33 +33,74 @@ extern "C" {
 
 #define DNS_CACHE_TTL_MIN 30
 
+enum CACHE_TYPE {
+	CACHE_TYPE_NONE,
+	CACHE_TYPE_ADDR,
+	CACHE_TYPE_PACKET,
+};
+struct dns_cache_data_head {
+	uint32_t cache_flag;
+	enum CACHE_TYPE cache_type;
+	size_t size;
+};
+
+struct dns_cache_data {
+	struct dns_cache_data_head head;
+	unsigned char data[0];
+};
+
+struct dns_cache_addr {
+	struct dns_cache_data_head head;
+	struct dns_cache_addr_data {
+		unsigned int cname_ttl;
+		char cname[DNS_MAX_CNAME_LEN];
+		union {
+			unsigned char ipv4_addr[DNS_RR_A_LEN];
+			unsigned char ipv6_addr[DNS_RR_AAAA_LEN];
+			unsigned char addr[0];
+		};
+	} addr_data;
+};
+
+struct dns_cache_packet {
+	struct dns_cache_data_head head;
+	unsigned char data[0];
+};
+
 struct dns_cache {
 	struct hlist_node node;
 	struct list_head list;
 	struct list_head check_list;
+	
 	atomic_t ref;
-	char domain[DNS_MAX_CNAME_LEN];
-	char cname[DNS_MAX_CNAME_LEN];
-	unsigned int cname_ttl;
-	unsigned int ttl;
-	int speed;
 	atomic_t hitnum;
+
+	char domain[DNS_MAX_CNAME_LEN];
+	int ttl;
+	int speed;
 	int hitnum_update_add;
 	int del_pending;
 	time_t insert_time;
+	
 	dns_type_t qtype;
-	union {
+	struct dns_cache_data *cache_data;
-		unsigned char ipv4_addr[DNS_RR_A_LEN];
-		unsigned char ipv6_addr[DNS_RR_AAAA_LEN];
-		unsigned char addr[0];
-	};
 };
 
+enum CACHE_TYPE dns_cache_data_type(struct dns_cache_data *cache_data);
+
+uint32_t dns_cache_get_cache_flag(struct dns_cache_data *cache_data);
+
+void dns_cache_data_free(struct dns_cache_data *data);
+
+struct dns_cache_data *dns_cache_new_data_addr(uint32_t cache_flag, char *cname, int cname_ttl, unsigned char *addr, int addr_len);
+
+struct dns_cache_data *dns_cache_new_data_packet(uint32_t cache_flag, void *packet, size_t packet_len);
+
 int dns_cache_init(int size, int enable_inactive, int inactive_list_expired);
 
-int dns_cache_replace(char *domain, char *cname, int cname_ttl, int ttl, dns_type_t qtype, unsigned char *addr, int addr_len, int speed);
+int dns_cache_replace(char *domain, int ttl, dns_type_t qtype, int speed, struct dns_cache_data *cache_data);
 
-int dns_cache_insert(char *domain, char *cname, int cname_ttl, int ttl, dns_type_t qtype, unsigned char *addr, int addr_len, int speed);
+int dns_cache_insert(char *domain, int ttl, dns_type_t qtype, int speed, struct dns_cache_data *cache_data);
 
 struct dns_cache *dns_cache_lookup(char *domain, dns_type_t qtype);
 
@@ -79,6 +120,8 @@ void dns_cache_invalidate(dns_cache_preinvalid_callback callback, int ttl_pre);
 
 int dns_cache_get_ttl(struct dns_cache *dns_cache);
 
+struct dns_cache_data *dns_cache_get_data(struct dns_cache *dns_cache);
+
 void dns_cache_destroy(void);
 
 #ifdef __cpluscplus

src/dns_client.h

@@ -52,8 +52,9 @@ int dns_client_init(void);
 int dns_client_set_ecs(char *ip, int subnet);
 
 /* query result notify function */
-typedef int (*dns_client_callback)(char *domain, dns_result_type rtype, unsigned int result_flag, struct dns_packet *packet, unsigned char *inpacket,
+typedef int (*dns_client_callback)(char *domain, dns_result_type rtype, unsigned int result_flag,
-								   int inpacket_len, void *user_ptr);
+								   struct dns_packet *packet, unsigned char *inpacket, int inpacket_len,
+								   void *user_ptr);
 
 /* query domain */
 int dns_client_query(char *domain, int qtype, dns_client_callback callback, void *user_ptr, const char *group_name);
@@ -69,6 +70,7 @@ struct client_dns_server_flag_tls {
 	int spi_len;
 	char hostname[DNS_MAX_CNAME_LEN];
 	char tls_host_verify[DNS_MAX_CNAME_LEN];
+	char skip_check_cert;
 };
 
 struct client_dns_server_flag_https {
@@ -78,6 +80,7 @@ struct client_dns_server_flag_https {
 	char httphost[DNS_MAX_CNAME_LEN];
 	char path[DNS_MAX_CNAME_LEN];
 	char tls_host_verify[DNS_MAX_CNAME_LEN];
+	char skip_check_cert;
 };
 
 struct client_dns_server_flags {
@@ -95,7 +98,8 @@ struct client_dns_server_flags {
 int dns_client_spki_decode(const char *spki, unsigned char *spki_data_out);
 
 /* add remote dns server */
-int dns_client_add_server(char *server_ip, int port, dns_server_type_t server_type, struct client_dns_server_flags *flags);
+int dns_client_add_server(char *server_ip, int port, dns_server_type_t server_type,
+						  struct client_dns_server_flags *flags);
 
 /* remove remote dns server */
 int dns_client_remove_server(char *server_ip, int port, dns_server_type_t server_type);

src/dns_conf.c

@@ -68,6 +68,10 @@ char dns_conf_log_file[DNS_MAX_PATH];
 size_t dns_conf_log_size = 1024 * 1024;
 int dns_conf_log_num = 8;
 
+/* CA file */
+char dns_conf_ca_file[DNS_MAX_PATH];
+char dns_conf_ca_path[DNS_MAX_PATH];
+
 /* auditing */
 int dns_conf_audit_enable = 0;
 int dns_conf_audit_log_SOA;
@@ -246,6 +250,7 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
 		{"spki-pin", required_argument, NULL, 'p'}, /* check SPKI pin */
 		{"host-name", required_argument, NULL, 'h'}, /* host name */
 		{"http-host", required_argument, NULL, 'H'}, /* http host */
+		{"no-check-certificate", no_argument, NULL, 'N'}, /* do not check certificate */
 		{"tls-host-verify", required_argument, NULL, 'V' }, /* verify tls hostname */
 		{"group", required_argument, NULL, 'g'}, /* add to group */
 		{"exclude-default-group", no_argument, NULL, 'E'}, /* ecluse this from default group */
@@ -257,6 +262,7 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
 		return -1;
 	}
 
+	ip = argv[1];
 	if (index >= DNS_MAX_SERVERS) {
 		tlog(TLOG_WARN, "exceeds max server number, %s", ip);
 		return 0;
@@ -269,8 +275,6 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
 	server->httphost[0] = '\0';
 	server->tls_host_verify[0] = '\0';
 
-	ip = argv[1];
-
 	if (type == DNS_SERVER_HTTPS) {
 		if (parse_uri(ip, NULL, server->server, &port, server->path) != 0) {
 			return -1;
@@ -340,6 +344,10 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
 			safe_strncpy(server->tls_host_verify, optarg, DNS_MAX_CNAME_LEN);
 			break;
 		}
+		case 'N': {
+			server->skip_check_cert = 1;
+			break;
+		}
 		default:
 			break;
 		}
@@ -862,6 +870,7 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
 		goto errout;
 	}
 
+	ip = argv[1];
 	if (index >= DNS_MAX_SERVERS) {
 		tlog(TLOG_WARN, "exceeds max server number, %s", ip);
 		return 0;
@@ -870,7 +879,6 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
 	bind_ip = &dns_conf_bind_ip[index];
 	bind_ip->type = type;
 	bind_ip->flags = 0;
-	ip = argv[1];
 	safe_strncpy(bind_ip->ip, ip, DNS_MAX_IPLEN);
 
 	/* process extra options */
@@ -1370,6 +1378,8 @@ static struct config_item _config_item[] = {
 	CONF_CUSTOM("ignore-ip", _conf_ip_ignore, NULL),
 	CONF_CUSTOM("edns-client-subnet", _conf_edns_client_subnet, NULL),
 	CONF_CUSTOM("domain-rules", _conf_domain_rules, NULL),
+	CONF_STRING("ca-file", (char *)&dns_conf_ca_file, DNS_MAX_PATH),
+	CONF_STRING("ca-path", (char *)&dns_conf_ca_path, DNS_MAX_PATH),
 	CONF_CUSTOM("conf-file", config_addtional_file, NULL),
 	CONF_END(),
 };
@@ -1443,11 +1453,9 @@ void dns_server_load_exit(void)
 static int _dns_conf_speed_check_mode_verify(void)
 {
 	int i, j;
-	int has_cap = has_network_raw_cap();
 	int print_log = 0;
 
-	dns_has_cap_ping = has_cap;
+	if (dns_has_cap_ping == 1) {
-	if (has_cap == 1) {
 		return 0;
 	}
 
@@ -1468,16 +1476,31 @@ static int _dns_conf_speed_check_mode_verify(void)
 	return 0;
 }
 
+static int _dns_conf_load_pre(void)
+{
+	if (_dns_server_load_conf_init() != 0) {
+		goto errout;
+	}
+
+	dns_has_cap_ping = has_network_raw_cap();
+
+	return 0;
+
+errout:
+	return -1;
+}
+
 static int _dns_conf_load_post(void)
 {
 	_dns_conf_speed_check_mode_verify();
+
 	return 0;
 }
 
 int dns_server_load_conf(const char *file)
 {
 	int ret = 0;
-	_dns_server_load_conf_init();
+	_dns_conf_load_pre();
 	openlog("smartdns", LOG_CONS | LOG_NDELAY, LOG_LOCAL1);
 	ret = load_conf(file, _config_item, _conf_printf);
 	closelog();

src/dns_conf.h

@@ -145,6 +145,7 @@ struct dns_servers {
 	unsigned int server_flag;
 	int ttl;
 	dns_server_type_t type;
+	char skip_check_cert;
 	char spki[DNS_MAX_SPKI_LEN];
 	char hostname[DNS_MAX_CNAME_LEN];
 	char httphost[DNS_MAX_CNAME_LEN];
@@ -211,6 +212,9 @@ extern char dns_conf_log_file[DNS_MAX_PATH];
 extern size_t dns_conf_log_size;
 extern int dns_conf_log_num;
 
+extern char dns_conf_ca_file[DNS_MAX_PATH];
+extern char dns_conf_ca_path[DNS_MAX_PATH];
+
 extern struct dns_domain_check_order dns_conf_check_order;
 
 extern struct dns_server_groups dns_conf_server_groups[DNS_NAX_GROUP_NUMBER];

src/dns_server.h

@@ -20,6 +20,7 @@
 #define _SMART_DNS_SERVER_H
 
 #include "dns.h"
+#include <stdint.h>
 
 #ifdef __cpluscplus
 extern "C" {
@@ -36,10 +37,11 @@ void dns_server_stop(void);
 void dns_server_exit(void);
 
 /* query result notify function */
-typedef int (*dns_result_callback)(char *domain, dns_rtcode_t rtcode, dns_type_t addr_type, char *ip, unsigned int ping_time, void *user_ptr);
+typedef int (*dns_result_callback)(char *domain, dns_rtcode_t rtcode, dns_type_t addr_type, char *ip,
+								   unsigned int ping_time, void *user_ptr);
 
 /* query domain */
-int dns_server_query(char *domain, int qtype, dns_result_callback callback, void *user_ptr);
+int dns_server_query(char *domain, int qtype, uint32_t server_flags, dns_result_callback callback, void *user_ptr);
 
 #ifdef __cpluscplus
 }

src/fast_ping.c

@@ -219,7 +219,8 @@ static void _fast_ping_install_filter_v4(int sock)
 	}
 }
 
-static int _fast_ping_sockaddr_ip_cmp(struct sockaddr *first_addr, socklen_t first_addr_len, struct sockaddr *second_addr, socklen_t second_addr_len)
+static int _fast_ping_sockaddr_ip_cmp(struct sockaddr *first_addr, socklen_t first_addr_len,
+									  struct sockaddr *second_addr, socklen_t second_addr_len)
 {
 	if (first_addr_len != second_addr_len) {
 		return -1;
@@ -379,8 +380,8 @@ static void _fast_ping_host_put(struct ping_host_struct *ping_host)
 		tv.tv_sec = 0;
 		tv.tv_usec = 0;
 
-		ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_END, &ping_host->addr, ping_host->addr_len, ping_host->seq, ping_host->ttl, &tv,
+		ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_END, &ping_host->addr, ping_host->addr_len,
-								 ping_host->userptr);
+								 ping_host->seq, ping_host->ttl, &tv, ping_host->userptr);
 	}
 
 	tlog(TLOG_DEBUG, "ping end, id %d", ping_host->sid);
@@ -407,8 +408,8 @@ static void _fast_ping_host_remove(struct ping_host_struct *ping_host)
 		tv.tv_sec = 0;
 		tv.tv_usec = 0;
 
-		ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_END, &ping_host->addr, ping_host->addr_len, ping_host->seq, ping_host->ttl, &tv,
+		ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_END, &ping_host->addr, ping_host->addr_len,
-								 ping_host->userptr);
+								 ping_host->seq, ping_host->ttl, &tv, ping_host->userptr);
 	}
 
 	_fast_ping_host_put(ping_host);
@@ -435,7 +436,8 @@ static int _fast_ping_sendping_v6(struct ping_host_struct *ping_host)
 	packet->msg.seq = ping_host->seq;
 	icmp6->icmp6_cksum = _fast_ping_checksum((void *)packet, sizeof(struct fast_ping_packet));
 
-	len = sendto(ping.fd_icmp6, &ping_host->packet, sizeof(struct fast_ping_packet), 0, (struct sockaddr *)&ping_host->addr, ping_host->addr_len);
+	len = sendto(ping.fd_icmp6, &ping_host->packet, sizeof(struct fast_ping_packet), 0,
+				 (struct sockaddr *)&ping_host->addr, ping_host->addr_len);
 	if (len < 0 || len != sizeof(struct fast_ping_packet)) {
 		int err = errno;
 		if (errno == ENETUNREACH || errno == EINVAL) {
@@ -450,8 +452,9 @@ static int _fast_ping_sendping_v6(struct ping_host_struct *ping_host)
 		}
 
 		char ping_host_name[PING_MAX_HOSTLEN];
-		tlog(TLOG_ERROR, "sendto %s, id %d, %s", gethost_by_addr(ping_host_name, sizeof(ping_host_name), (struct sockaddr *)&ping_host->addr), ping_host->sid,
+		tlog(TLOG_ERROR, "sendto %s, id %d, %s",
-			 strerror(err));
+			 gethost_by_addr(ping_host_name, sizeof(ping_host_name), (struct sockaddr *)&ping_host->addr),
+			 ping_host->sid, strerror(err));
 		goto errout;
 	}
 
@@ -482,15 +485,17 @@ static int _fast_ping_sendping_v4(struct ping_host_struct *ping_host)
 	packet->msg.cookie = ping_host->cookie;
 	icmp->icmp_cksum = _fast_ping_checksum((void *)packet, sizeof(struct fast_ping_packet));
 
-	len = sendto(ping.fd_icmp, packet, sizeof(struct fast_ping_packet), 0, (struct sockaddr *)&ping_host->addr, ping_host->addr_len);
+	len = sendto(ping.fd_icmp, packet, sizeof(struct fast_ping_packet), 0, (struct sockaddr *)&ping_host->addr,
+				 ping_host->addr_len);
 	if (len < 0 || len != sizeof(struct fast_ping_packet)) {
 		int err = errno;
 		if (errno == ENETUNREACH || errno == EINVAL) {
 			goto errout;
 		}
 		char ping_host_name[PING_MAX_HOSTLEN];
-		tlog(TLOG_ERROR, "sendto %s, id %d, %s", gethost_by_addr(ping_host_name, sizeof(ping_host_name), (struct sockaddr *)&ping_host->addr), ping_host->sid,
+		tlog(TLOG_ERROR, "sendto %s, id %d, %s",
-			 strerror(err));
+			 gethost_by_addr(ping_host_name, sizeof(ping_host_name), (struct sockaddr *)&ping_host->addr),
+			 ping_host->sid, strerror(err));
 		goto errout;
 	}
 
@@ -535,8 +540,9 @@ static int _fast_ping_sendping_udp(struct ping_host_struct *ping_host)
 			goto errout;
 		}
 		char ping_host_name[PING_MAX_HOSTLEN];
-		tlog(TLOG_ERROR, "sendto %s, id %d, %s", gethost_by_addr(ping_host_name, sizeof(ping_host_name), (struct sockaddr *)&ping_host->addr), ping_host->sid,
+		tlog(TLOG_ERROR, "sendto %s, id %d, %s",
-			 strerror(err));
+			 gethost_by_addr(ping_host_name, sizeof(ping_host_name), (struct sockaddr *)&ping_host->addr),
+			 ping_host->sid, strerror(err));
 		goto errout;
 	}
 
@@ -567,6 +573,11 @@ static int _fast_ping_sendping_tcp(struct ping_host_struct *ping_host)
 	setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &yes, sizeof(yes));
 	setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &priority, sizeof(priority));
 	setsockopt(fd, IPPROTO_IP, IP_TOS, &ip_tos, sizeof(ip_tos));
+	set_sock_keepalive(fd, 0, 0, 0);
+	/* Set the socket lingering so we will RST connections instead of wasting
+	 * bandwidth with the four-step close
+	 */
+	set_sock_lingertime(fd, 0);
 
 	ping_host->seq++;
 	if (connect(fd, (struct sockaddr *)&ping_host->addr, ping_host->addr_len) != 0) {
@@ -583,7 +594,8 @@ static int _fast_ping_sendping_tcp(struct ping_host_struct *ping_host)
 				bool_print_log = 0;
 			}
 
-			tlog(TLOG_ERROR, "connect %s, id %d, %s", gethost_by_addr(ping_host_name, sizeof(ping_host_name), (struct sockaddr *)&ping_host->addr),
+			tlog(TLOG_ERROR, "connect %s, id %d, %s",
+				 gethost_by_addr(ping_host_name, sizeof(ping_host_name), (struct sockaddr *)&ping_host->addr),
 				 ping_host->sid, strerror(errno));
 			goto errout;
 		}
@@ -671,8 +683,8 @@ static int _fast_ping_create_icmp_sock(FAST_PING_TYPE type)
 	}
 
 	struct icmp_filter filt;
-	filt.data = ~((1 << ICMP_SOURCE_QUENCH) | (1 << ICMP_DEST_UNREACH) | (1 << ICMP_TIME_EXCEEDED) | (1 << ICMP_PARAMETERPROB) | (1 << ICMP_REDIRECT) |
+	filt.data = ~((1 << ICMP_SOURCE_QUENCH) | (1 << ICMP_DEST_UNREACH) | (1 << ICMP_TIME_EXCEEDED) |
-				  (1 << ICMP_ECHOREPLY));
+				  (1 << ICMP_PARAMETERPROB) | (1 << ICMP_REDIRECT) | (1 << ICMP_ECHOREPLY));
 	setsockopt(fd, SOL_RAW, ICMP_FILTER, &filt, sizeof filt);
 	setsockopt(fd, SOL_SOCKET, SO_SNDBUF, (const char *)&buffsize, optlen);
 	setsockopt(fd, SOL_SOCKET, SO_RCVBUF, (const char *)&buffsize, optlen);
@@ -829,8 +841,9 @@ errout:
 	return -1;
 }
 
-static void _fast_ping_print_result(struct ping_host_struct *ping_host, const char *host, FAST_PING_RESULT result, struct sockaddr *addr, socklen_t addr_len,
+static void _fast_ping_print_result(struct ping_host_struct *ping_host, const char *host, FAST_PING_RESULT result,
-									int seqno, int ttl, struct timeval *tv, void *userptr)
+									struct sockaddr *addr, socklen_t addr_len, int seqno, int ttl, struct timeval *tv,
+									void *userptr)
 {
 	if (result == PING_RESULT_RESPONSE) {
 		double rtt = tv->tv_sec * 1000.0 + tv->tv_usec / 1000.0;
@@ -842,7 +855,8 @@ static void _fast_ping_print_result(struct ping_host_struct *ping_host, const ch
 	}
 }
 
-static int _fast_ping_get_addr_by_icmp(const char *ip_str, int port, struct addrinfo **out_gai, FAST_PING_TYPE *out_ping_type)
+static int _fast_ping_get_addr_by_icmp(const char *ip_str, int port, struct addrinfo **out_gai,
+									   FAST_PING_TYPE *out_ping_type)
 {
 	struct addrinfo *gai = NULL;
 	int socktype = 0;
@@ -891,7 +905,8 @@ errout:
 	return -1;
 }
 
-static int _fast_ping_get_addr_by_tcp(const char *ip_str, int port, struct addrinfo **out_gai, FAST_PING_TYPE *out_ping_type)
+static int _fast_ping_get_addr_by_tcp(const char *ip_str, int port, struct addrinfo **out_gai,
+									  FAST_PING_TYPE *out_ping_type)
 {
 	struct addrinfo *gai = NULL;
 	int socktype = 0;
@@ -926,7 +941,8 @@ errout:
 	return -1;
 }
 
-static int _fast_ping_get_addr_by_dns(const char *ip_str, int port, struct addrinfo **out_gai, FAST_PING_TYPE *out_ping_type)
+static int _fast_ping_get_addr_by_dns(const char *ip_str, int port, struct addrinfo **out_gai,
+									  FAST_PING_TYPE *out_ping_type)
 {
 	struct addrinfo *gai = NULL;
 	int socktype = 0;
@@ -982,7 +998,8 @@ errout:
 	return -1;
 }
 
-static int _fast_ping_get_addr_by_type(PING_TYPE type, const char *ip_str, int port, struct addrinfo **out_gai, FAST_PING_TYPE *out_ping_type)
+static int _fast_ping_get_addr_by_type(PING_TYPE type, const char *ip_str, int port, struct addrinfo **out_gai,
+									   FAST_PING_TYPE *out_ping_type)
 {
 	switch (type) {
 	case PING_TYPE_ICMP:
@@ -1001,14 +1018,15 @@ static int _fast_ping_get_addr_by_type(PING_TYPE type, const char *ip_str, int p
 	return -1;
 }
 
-struct ping_host_struct *fast_ping_start(PING_TYPE type, const char *host, int count, int interval, int timeout, fast_ping_result ping_callback, void *userptr)
+struct ping_host_struct *fast_ping_start(PING_TYPE type, const char *host, int count, int interval, int timeout,
+										 fast_ping_result ping_callback, void *userptr)
 {
 	struct ping_host_struct *ping_host = NULL;
 	struct addrinfo *gai = NULL;
 	uint32_t addrkey;
 	char ip_str[PING_MAX_HOSTLEN];
 	int port = -1;
-	FAST_PING_TYPE ping_type;
+	FAST_PING_TYPE ping_type = FAST_PING_END;
 	unsigned int seed;
 	int ret = 0;
 
@@ -1106,7 +1124,8 @@ static void tv_sub(struct timeval *out, struct timeval *in)
 	out->tv_sec -= in->tv_sec;
 }
 
-static struct fast_ping_packet *_fast_ping_icmp6_packet(struct ping_host_struct *ping_host, struct msghdr *msg, u_char *packet_data, int data_len)
+static struct fast_ping_packet *_fast_ping_icmp6_packet(struct ping_host_struct *ping_host, struct msghdr *msg,
+														u_char *packet_data, int data_len)
 {
 	int icmp_len;
 	struct fast_ping_packet *packet = (struct fast_ping_packet *)packet_data;
@@ -1148,7 +1167,8 @@ static struct fast_ping_packet *_fast_ping_icmp6_packet(struct ping_host_struct
 	return packet;
 }
 
-static struct fast_ping_packet *_fast_ping_icmp_packet(struct ping_host_struct *ping_host, struct msghdr *msg, u_char *packet_data, int data_len)
+static struct fast_ping_packet *_fast_ping_icmp_packet(struct ping_host_struct *ping_host, struct msghdr *msg,
+													   u_char *packet_data, int data_len)
 {
 	struct ip *ip = (struct ip *)packet_data;
 	struct fast_ping_packet *packet;
@@ -1185,8 +1205,8 @@ static struct fast_ping_packet *_fast_ping_icmp_packet(struct ping_host_struct *
 	return packet;
 }
 
-static struct fast_ping_packet *_fast_ping_recv_packet(struct ping_host_struct *ping_host, struct msghdr *msg, u_char *inpacket, int len,
+static struct fast_ping_packet *_fast_ping_recv_packet(struct ping_host_struct *ping_host, struct msghdr *msg,
-													   struct timeval *tvrecv)
+													   u_char *inpacket, int len, struct timeval *tvrecv)
 {
 	struct fast_ping_packet *packet = NULL;
 
@@ -1248,7 +1268,8 @@ static int _fast_ping_process_icmp(struct ping_host_struct *ping_host, struct ti
 	packet = _fast_ping_recv_packet(ping_host, &msg, inpacket, len, now);
 	if (packet == NULL) {
 		char name[PING_MAX_HOSTLEN];
-		tlog(TLOG_DEBUG, "recv ping packet from %s failed.", gethost_by_addr(name, sizeof(name), (struct sockaddr *)&from));
+		tlog(TLOG_DEBUG, "recv ping packet from %s failed.",
+			 gethost_by_addr(name, sizeof(name), (struct sockaddr *)&from));
 		goto errout;
 	}
 
@@ -1260,7 +1281,8 @@ static int _fast_ping_process_icmp(struct ping_host_struct *ping_host, struct ti
 	pthread_mutex_lock(&ping.map_lock);
 	hash_for_each_possible(ping.addrmap, recv_ping_host, addr_node, addrkey)
 	{
-		if (_fast_ping_sockaddr_ip_cmp(&recv_ping_host->addr, recv_ping_host->addr_len, (struct sockaddr *)&from, from_len) == 0 &&
+		if (_fast_ping_sockaddr_ip_cmp(&recv_ping_host->addr, recv_ping_host->addr_len, (struct sockaddr *)&from,
+									   from_len) == 0 &&
 			recv_ping_host->sid == sid && recv_ping_host->cookie == cookie) {
 			_fast_ping_host_get(recv_ping_host);
 			break;
@@ -1282,8 +1304,9 @@ static int _fast_ping_process_icmp(struct ping_host_struct *ping_host, struct ti
 	recv_ping_host->ttl = packet->ttl;
 	tv_sub(&tvresult, tvsend);
 	if (recv_ping_host->ping_callback) {
-		recv_ping_host->ping_callback(recv_ping_host, recv_ping_host->host, PING_RESULT_RESPONSE, &recv_ping_host->addr, recv_ping_host->addr_len,
+		recv_ping_host->ping_callback(recv_ping_host, recv_ping_host->host, PING_RESULT_RESPONSE, &recv_ping_host->addr,
-									  recv_ping_host->seq, recv_ping_host->ttl, &tvresult, recv_ping_host->userptr);
+									  recv_ping_host->addr_len, recv_ping_host->seq, recv_ping_host->ttl, &tvresult,
+									  recv_ping_host->userptr);
 	}
 
 	recv_ping_host->send = 0;
@@ -1316,8 +1339,8 @@ static int _fast_ping_process_tcp(struct ping_host_struct *ping_host, struct epo
 	}
 	tv_sub(&tvresult, tvsend);
 	if (ping_host->ping_callback) {
-		ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_RESPONSE, &ping_host->addr, ping_host->addr_len, ping_host->seq, ping_host->ttl,
+		ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_RESPONSE, &ping_host->addr,
-								 &tvresult, ping_host->userptr);
+								 ping_host->addr_len, ping_host->seq, ping_host->ttl, &tvresult, ping_host->userptr);
 	}
 
 	ping_host->send = 0;
@@ -1393,7 +1416,8 @@ static int _fast_ping_process_udp(struct ping_host_struct *ping_host, struct tim
 	pthread_mutex_lock(&ping.map_lock);
 	hash_for_each_possible(ping.addrmap, recv_ping_host, addr_node, addrkey)
 	{
-		if (_fast_ping_sockaddr_ip_cmp(&recv_ping_host->addr, recv_ping_host->addr_len, (struct sockaddr *)&from, from_len) == 0 &&
+		if (_fast_ping_sockaddr_ip_cmp(&recv_ping_host->addr, recv_ping_host->addr_len, (struct sockaddr *)&from,
+									   from_len) == 0 &&
 			recv_ping_host->sid == sid) {
 			_fast_ping_host_get(recv_ping_host);
 			break;
@@ -1410,8 +1434,9 @@ static int _fast_ping_process_udp(struct ping_host_struct *ping_host, struct tim
 	tvsend = &recv_ping_host->last;
 	tv_sub(&tvresult, tvsend);
 	if (recv_ping_host->ping_callback) {
-		recv_ping_host->ping_callback(recv_ping_host, recv_ping_host->host, PING_RESULT_RESPONSE, &recv_ping_host->addr, recv_ping_host->addr_len,
+		recv_ping_host->ping_callback(recv_ping_host, recv_ping_host->host, PING_RESULT_RESPONSE, &recv_ping_host->addr,
-									  recv_ping_host->seq, recv_ping_host->ttl, &tvresult, recv_ping_host->userptr);
+									  recv_ping_host->addr_len, recv_ping_host->seq, recv_ping_host->ttl, &tvresult,
+									  recv_ping_host->userptr);
 	}
 
 	recv_ping_host->send = 0;
@@ -1518,8 +1543,9 @@ static void _fast_ping_period_run(void)
 		tv_sub(&interval, &ping_host->last);
 		millisecond = interval.tv_sec * 1000 + interval.tv_usec / 1000;
 		if (millisecond >= ping_host->timeout && ping_host->send == 1) {
-			ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_TIMEOUT, &ping_host->addr, ping_host->addr_len, ping_host->seq, ping_host->ttl,
+			ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_TIMEOUT, &ping_host->addr,
-									 &interval, ping_host->userptr);
+									 ping_host->addr_len, ping_host->seq, ping_host->ttl, &interval,
+									 ping_host->userptr);
 			ping_host->send = 0;
 		}
 

src/fast_ping.h

@@ -38,11 +38,13 @@ typedef enum {
 } FAST_PING_RESULT;
 
 struct ping_host_struct;
-typedef void (*fast_ping_result)(struct ping_host_struct *ping_host, const char *host, FAST_PING_RESULT result, struct sockaddr *addr, socklen_t addr_len,
+typedef void (*fast_ping_result)(struct ping_host_struct *ping_host, const char *host, FAST_PING_RESULT result,
-								 int seqno, int ttl, struct timeval *tv, void *userptr);
+								 struct sockaddr *addr, socklen_t addr_len, int seqno, int ttl, struct timeval *tv,
+								 void *userptr);
 
 /* start ping */
-struct ping_host_struct *fast_ping_start(PING_TYPE type, const char *host, int count, int interval, int timeout, fast_ping_result ping_callback, void *userptr);
+struct ping_host_struct *fast_ping_start(PING_TYPE type, const char *host, int count, int interval, int timeout,
+										 fast_ping_result ping_callback, void *userptr);
 
 /* stop ping */
 int fast_ping_stop(struct ping_host_struct *ping_host);

src/http_parse.c

@@ -19,6 +19,7 @@
 #include "http_parse.h"
 #include "hash.h"
 #include "hashtable.h"
+#include "util.h"
 #include "jhash.h"
 #include "list.h"
 #include <stdlib.h>
@@ -214,7 +215,7 @@ static int _http_head_parse_response(struct http_head *http_head, char *key, cha
 {
 	char *field_start = NULL;
 	char *tmp_ptr = NULL;
-	char *result = NULL;
+	char *ret_msg = NULL;
 	char *ret_code = NULL;
 
 	if (strstr(key, "HTTP/") == NULL) {
@@ -226,29 +227,27 @@ static int _http_head_parse_response(struct http_head *http_head, char *key, cha
 			field_start = tmp_ptr;
 		}
 
-		if (*tmp_ptr == ' ') {
+		if (*tmp_ptr != ' ') {
-			*tmp_ptr = '\0';
+			continue;
-			if (ret_code == NULL) {
-				ret_code = field_start;
-			} else if (result == NULL) {
-				result = field_start;
-				break;
-			}
-
-			field_start = NULL;
 		}
+		
+		*tmp_ptr = '\0';
+		ret_code = field_start;
+		ret_msg = tmp_ptr + 1;
+		field_start = NULL;
+		break;
 	}
 
-	if (field_start && result == NULL) {
+	if (ret_code == NULL || ret_msg == NULL) {
-		result = field_start;
+		return -1;
 	}
 
-	if (ret_code == NULL || result == NULL) {
+	if (is_numeric(ret_code) != 0) {
 		return -1;
 	}
 
 	http_head->code = atol(ret_code);
-	http_head->code_msg = result;
+	http_head->code_msg = ret_msg;
 	http_head->version = key;
 	http_head->head_type = HTTP_HEAD_RESPONSE;
 

src/include/atomic.h

@@ -20,12 +20,6 @@
 #ifndef _GENERIC_ATOMIC_H
 #define _GENERIC_ATOMIC_H
 
-
-/* Check GCC version, just to be safe */
-#if !defined(__GNUC__) || (__GNUC__ < 4) || (__GNUC_MINOR__ < 1)
-# error atomic.h works only with GCC newer than version 4.1
-#endif /* GNUC >= 4.1 */
-
 /**
  * Atomic type.
  */

src/include/conf.h

@@ -16,7 +16,6 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-
 #ifndef _GENERIC_CONF_H
 #define _GENERIC_CONF_H
 
@@ -27,9 +26,9 @@
 #define CONF_INT_MAX (~(1 << 31))
 #define CONF_INT_MIN (1 << 31)
 
-#define CONF_RET_OK     0
+#define CONF_RET_OK 0
-#define CONF_RET_ERR   -1
+#define CONF_RET_ERR -1
-#define CONF_RET_WARN  -2
+#define CONF_RET_WARN -2
 #define CONF_RET_NOENT -3
 
 struct config_item {
@@ -64,48 +63,48 @@ struct config_item_size {
 	size_t max;
 };
 
-#define CONF_INT(key, value, min_value, max_value)                                                                                                             \
+#define CONF_INT(key, value, min_value, max_value)                                                                     \
-	{                                                                                                                                                          \
+	{                                                                                                                  \
-		key, conf_int, &(struct config_item_int)                                                                                                               \
+		key, conf_int, &(struct config_item_int)                                                                       \
-		{                                                                                                                                                      \
+		{                                                                                                              \
-			.data = value, .min = min_value, .max = max_value                                                                                                  \
+			.data = value, .min = min_value, .max = max_value                                                          \
-		}                                                                                                                                                      \
+		}                                                                                                              \
 	}
-#define CONF_STRING(key, value, len_value)                                                                                                                     \
+#define CONF_STRING(key, value, len_value)                                                                             \
-	{                                                                                                                                                          \
+	{                                                                                                                  \
-		key, conf_string, &(struct config_item_string)                                                                                                         \
+		key, conf_string, &(struct config_item_string)                                                                 \
-		{                                                                                                                                                      \
+		{                                                                                                              \
-			.data = value, .size = len_value                                                                                                                   \
+			.data = value, .size = len_value                                                                           \
-		}                                                                                                                                                      \
+		}                                                                                                              \
 	}
-#define CONF_YESNO(key, value)                                                                                                                                 \
+#define CONF_YESNO(key, value)                                                                                         \
-	{                                                                                                                                                          \
+	{                                                                                                                  \
-		key, conf_yesno, &(struct config_item_yesno)                                                                                                           \
+		key, conf_yesno, &(struct config_item_yesno)                                                                   \
-		{                                                                                                                                                      \
+		{                                                                                                              \
-			.data = value                                                                                                                                      \
+			.data = value                                                                                              \
-		}                                                                                                                                                      \
+		}                                                                                                              \
 	}
-#define CONF_SIZE(key, value, min_value, max_value)                                                                                                            \
+#define CONF_SIZE(key, value, min_value, max_value)                                                                    \
-	{                                                                                                                                                          \
+	{                                                                                                                  \
-		key, conf_size, &(struct config_item_size)                                                                                                             \
+		key, conf_size, &(struct config_item_size)                                                                     \
-		{                                                                                                                                                      \
+		{                                                                                                              \
-			.data = value, .min = min_value, .max = max_value                                                                                                  \
+			.data = value, .min = min_value, .max = max_value                                                          \
-		}                                                                                                                                                      \
+		}                                                                                                              \
 	}
 /*
  * func: int (*func)(void *data, int argc, char *argv[]);
  */
-#define CONF_CUSTOM(key, func, data)                                                                                                                           \
+#define CONF_CUSTOM(key, func, data)                                                                                   \
-	{                                                                                                                                                          \
+	{                                                                                                                  \
-		key, conf_custom, &(struct config_item_custom)                                                                                                         \
+		key, conf_custom, &(struct config_item_custom)                                                                 \
-		{                                                                                                                                                      \
+		{                                                                                                              \
-			.custom_data = data, .custom_func = func                                                                                                           \
+			.custom_data = data, .custom_func = func                                                                   \
-		}                                                                                                                                                      \
+		}                                                                                                              \
 	}
 
-#define CONF_END()                                                                                                                                             \
+#define CONF_END()                                                                                                     \
-	{                                                                                                                                                          \
+	{                                                                                                                  \
-		NULL, NULL, NULL                                                                                                                                                \
+		NULL, NULL, NULL                                                                                               \
 	}
 
 extern int conf_custom(const char *item, void *data, int argc, char *argv[]);

src/smartdns.c

@@ -79,7 +79,8 @@ static void _show_version(void)
 #else
 	struct tm tm;
 	get_compiled_time(&tm);
-	snprintf(str_ver, sizeof(str_ver), "1.%.4d%.2d%.2d-%.2d%.2d", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, tm.tm_hour, tm.tm_min);
+	snprintf(str_ver, sizeof(str_ver), "1.%.4d%.2d%.2d-%.2d%.2d", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday,
+			 tm.tm_hour, tm.tm_min);
 #endif
 	printf("smartdns %s\n", str_ver);
 }
@@ -157,13 +158,18 @@ static int _smartdns_add_servers(void)
 			safe_strncpy(flag_http->hostname, dns_conf_servers[i].hostname, sizeof(flag_http->hostname));
 			safe_strncpy(flag_http->path, dns_conf_servers[i].path, sizeof(flag_http->path));
 			safe_strncpy(flag_http->httphost, dns_conf_servers[i].httphost, sizeof(flag_http->httphost));
-			safe_strncpy(flag_http->tls_host_verify, dns_conf_servers[i].tls_host_verify, sizeof(flag_http->tls_host_verify));
+			safe_strncpy(flag_http->tls_host_verify, dns_conf_servers[i].tls_host_verify,
+						 sizeof(flag_http->tls_host_verify));
+			flag_http->skip_check_cert = dns_conf_servers[i].skip_check_cert;
 		} break;
 		case DNS_SERVER_TLS: {
 			struct client_dns_server_flag_tls *flag_tls = &flags.tls;
 			flag_tls->spi_len = dns_client_spki_decode(dns_conf_servers[i].spki, (unsigned char *)flag_tls->spki);
 			safe_strncpy(flag_tls->hostname, dns_conf_servers[i].hostname, sizeof(flag_tls->hostname));
-			safe_strncpy(flag_tls->tls_host_verify, dns_conf_servers[i].tls_host_verify, sizeof(flag_tls->tls_host_verify));
+			safe_strncpy(flag_tls->tls_host_verify, dns_conf_servers[i].tls_host_verify,
+						 sizeof(flag_tls->tls_host_verify));
+			flag_tls->skip_check_cert = dns_conf_servers[i].skip_check_cert;
+
 		} break;
 		case DNS_SERVER_TCP:
 			break;
@@ -175,7 +181,8 @@ static int _smartdns_add_servers(void)
 		flags.type = dns_conf_servers[i].type;
 		flags.server_flag = dns_conf_servers[i].server_flag;
 		flags.result_flag = dns_conf_servers[i].result_flag;
-		ret = dns_client_add_server(dns_conf_servers[i].server, dns_conf_servers[i].port, dns_conf_servers[i].type, &flags);
+		ret = dns_client_add_server(dns_conf_servers[i].server, dns_conf_servers[i].port, dns_conf_servers[i].type,
+									&flags);
 		if (ret != 0) {
 			tlog(TLOG_ERROR, "add server failed, %s:%d", dns_conf_servers[i].server, dns_conf_servers[i].port);
 			return -1;
@@ -259,7 +266,8 @@ static int _smartdns_init(void)
 	tlog_setlogscreen(verbose_screen);
 	tlog_setlevel(dns_conf_log_level);
 
-	tlog(TLOG_NOTICE, "smartdns starting...(Copyright (C) Nick Peng <pymumu@gmail.com>, build:%s %s)", __DATE__, __TIME__);
+	tlog(TLOG_NOTICE, "smartdns starting...(Copyright (C) Nick Peng <pymumu@gmail.com>, build:%s %s)", __DATE__,
+		 __TIME__);
 
 	if (_smartdns_init_ssl() != 0) {
 		tlog(TLOG_ERROR, "init ssl failed.");
@@ -331,21 +339,30 @@ static void _sig_error_exit(int signo, siginfo_t *siginfo, void *ct)
 {
 	unsigned long PC = 0;
 	ucontext_t *context = ct;
+	const char *arch = NULL;
 #if defined(__i386__)
 	int *pgregs = (int *)(&(context->uc_mcontext.gregs));
 	PC = pgregs[REG_EIP];
+	arch = "i386";
 #elif defined(__x86_64__)
 	int *pgregs = (int *)(&(context->uc_mcontext.gregs));
 	PC = pgregs[REG_RIP];
+	arch = "x86_64";
 #elif defined(__arm__)
 	PC = context->uc_mcontext.arm_pc;
+	arch = "arm";
 #elif defined(__aarch64__)
 	PC = context->uc_mcontext.pc;
+	arch = "arm64";
 #elif defined(__mips__)
 	PC = context->uc_mcontext.pc;
+	arch = "mips";
 #endif
-	tlog(TLOG_FATAL, "process exit with signal %d, code = %d, errno = %d, pid = %d, self = %d, pc = %#lx, addr = %#lx, build(%s %s)\n", signo, siginfo->si_code,
+	tlog(TLOG_FATAL,
-		 siginfo->si_errno, siginfo->si_pid, getpid(), PC, (unsigned long)siginfo->si_addr, __DATE__, __TIME__);
+		 "process exit with signal %d, code = %d, errno = %d, pid = %d, self = %d, pc = %#lx, addr = %#lx, build(%s "
+		 "%s %s)\n",
+		 signo, siginfo->si_code, siginfo->si_errno, siginfo->si_pid, getpid(), PC, (unsigned long)siginfo->si_addr,
+		 __DATE__, __TIME__, arch);
 
 	sleep(1);
 	_exit(0);
@@ -422,6 +439,7 @@ int main(int argc, char *argv[])
 		goto errout;
 	}
 
+	signal(SIGPIPE, SIG_IGN);
 	if (dns_server_load_conf(config_file) != 0) {
 		fprintf(stderr, "load config failed.\n");
 		goto errout;
@@ -434,7 +452,6 @@ int main(int argc, char *argv[])
 	}
 
 	signal(SIGINT, _sig_exit);
-	signal(SIGPIPE, SIG_IGN);
 	atexit(_smartdns_exit);
 
 	return _smartdns_run();

src/tlog.c

@@ -94,7 +94,7 @@ struct tlog {
 };
 
 struct tlog_segment_log_head {
-    struct tlog_info info;
+    struct tlog_loginfo info;
     unsigned short len;
     char data[0];
 }  __attribute__((packed));
@@ -117,7 +117,7 @@ struct count_log {
 };
 
 struct tlog_info_inter {
-    struct tlog_info info;
+    struct tlog_loginfo info;
     void *userptr;
 };
 
@@ -166,6 +166,10 @@ static int _tlog_mkdir(const char *path)
     if (access(path, F_OK) == 0) {
         return 0;
     }
+    
+    while(*path == ' ' && *path != '\0') {
+        path++;
+    }
 
     strncpy(path_c, path, sizeof(path_c) - 1);
     path_c[sizeof(path_c) - 1] = '\0';
@@ -181,6 +185,11 @@ static int _tlog_mkdir(const char *path)
             continue;
         }
 
+        if (path_end == path_c) {
+            path_end++;
+            continue;
+        }
+
         str = *path_end;
         *path_end = '\0';
         if (access(path_c, F_OK) == 0) {
@@ -203,8 +212,8 @@ static int _tlog_mkdir(const char *path)
 
 static struct tm *_tlog_localtime(time_t *timep, struct tm *tm)
 {
-    static time_t last_time = {0};
+    static time_t last_time;
-    static struct tm last_tm = {0};
+    static struct tm last_tm;
 
     /* localtime_r has a global timezone lock, it's about 8 times slower than gmtime
      * this code is used to speed up localtime_r call.
@@ -297,11 +306,14 @@ void *tlog_get_private(tlog_log *log)
     return log->private_data;
 }
 
-static int _tlog_format(char *buff, int maxlen, struct tlog_info *info, void *userptr, const char *format, va_list ap)
+static int _tlog_format(char *buff, int maxlen, struct tlog_loginfo *info, void *userptr, const char *format, va_list ap)
 {
     int len = 0;
     int total_len = 0;
     struct tlog_time *tm = &info->time;
+    void* unused __attribute__ ((unused));
+
+    unused = userptr;
 
     if (tlog.root->multi_log) {
         /* format prefix */
@@ -388,6 +400,9 @@ static int _tlog_print_buffer(char *buff, int maxlen, void *userptr, const char
 {
     int len;
     int total_len = 0;
+    void* unused __attribute__ ((unused));
+
+    unused = userptr;
 
     /* format log message */
     len = vsnprintf(buff, maxlen, format, ap);
@@ -550,8 +565,9 @@ int tlog_printf(struct tlog_log *log, const char *format, ...)
 static int _tlog_early_print(const char *format, va_list ap) 
 {
     char log_buf[TLOG_MAX_LINE_LEN];
-    int len = 0;
+    size_t len = 0;
-    int out_len = 0;
+    size_t out_len = 0;
+    int unused __attribute__ ((unused));
 
     if (tlog_disable_early_print) {
         return 0;
@@ -565,9 +581,9 @@ static int _tlog_early_print(const char *format, va_list ap)
         out_len = sizeof(log_buf);
     }
 
-    write(STDOUT_FILENO, log_buf, out_len);
+    unused = write(STDOUT_FILENO, log_buf, out_len);
     if (log_buf[out_len - 1] != '\n') {
-        write(STDOUT_FILENO, "\n", 1);
+        unused = write(STDOUT_FILENO, "\n", 1);
     }
 
     return len;
@@ -650,6 +666,7 @@ static int _tlog_list_dir(const char *path, list_callback callback, void *userpt
     DIR *dir = NULL;
     struct dirent *ent;
     int ret = 0;
+    const char* unused __attribute__ ((unused)) = path;
 
     dir = opendir(path);
     if (dir == NULL) {
@@ -682,6 +699,7 @@ static int _tlog_count_log_callback(const char *path, struct dirent *entry, void
     struct count_log *count_log = (struct count_log *)userptr;
     struct tlog_log *log = count_log->log;
     char logname[TLOG_LOG_NAME_LEN * 2];
+    const char* unused __attribute__ ((unused)) = path;
 
     if (strstr(entry->d_name, log->suffix) == NULL) {
         return 0;
@@ -1005,9 +1023,10 @@ static int _tlog_archive_log(struct tlog_log *log)
     }
 }
 
-static int _tlog_write(struct tlog_log *log, char *buff, int bufflen)
+static int _tlog_write(struct tlog_log *log, const char *buff, int bufflen)
 {
     int len;
+    int unused __attribute__ ((unused));
 
     if (bufflen <= 0) {
         return 0;
@@ -1015,7 +1034,7 @@ static int _tlog_write(struct tlog_log *log, char *buff, int bufflen)
 
      /* output log to screen */
     if (log->logscreen) {
-        write(STDOUT_FILENO, buff, bufflen);
+        unused = write(STDOUT_FILENO, buff, bufflen);
     }
 
     /* if log file size exceeds threshold, start to compress */
@@ -1027,7 +1046,7 @@ static int _tlog_write(struct tlog_log *log, char *buff, int bufflen)
         if (log->filesize < lseek(log->fd, 0, SEEK_END) && log->multi_log == 0) {
             const char *msg = "[Auto enable multi-process write mode, log may be lost, please enable multi-process write mode manually]\n";
             log->multi_log = 1;
-            write(log->fd, msg, strlen(msg));
+            unused = write(log->fd, msg, strlen(msg));
         }
         close(log->fd);
         log->fd = -1;
@@ -1083,7 +1102,7 @@ static int _tlog_write(struct tlog_log *log, char *buff, int bufflen)
     return len;
 }
 
-int tlog_write(struct tlog_log *log, char *buff, int bufflen)
+int tlog_write(struct tlog_log *log, const char *buff, int bufflen)
 {
     return _tlog_write(log, buff, bufflen);
 }
@@ -1297,7 +1316,7 @@ static void _tlog_work_write(struct tlog_log *log, int log_len, int log_extlen,
     }
 }
 
-static int _tlog_root_write_log(struct tlog_log *log, char *buff, int bufflen)
+static int _tlog_root_write_log(struct tlog_log *log, const char *buff, int bufflen)
 {
     struct tlog_segment_log_head *head = NULL;
     static struct tlog_segment_log_head empty_info;
@@ -1326,7 +1345,10 @@ static void *_tlog_work(void *arg)
     int log_dropped = 0;
     struct tlog_log *log = NULL;
     struct tlog_log *loop_log = NULL;
+    void* unused __attribute__ ((unused));
 
+    unused = arg;
+    
     while (1) {
         log_len = 0;
         log_extlen = 0;
@@ -1355,7 +1377,7 @@ static void *_tlog_work(void *arg)
             log = _tlog_wait_log_locked(log);
             if (log == NULL) {
                 pthread_mutex_unlock(&tlog.lock);
-                if (errno != ETIMEDOUT) {
+                if (errno != ETIMEDOUT && tlog.run) {
                     sleep(1);
                 }
                 continue;
@@ -1491,6 +1513,11 @@ int tlog_setlevel(tlog_level level)
     return 0;
 }
 
+tlog_level tlog_getlevel(void)
+{
+    return tlog_set_level;
+}
+
 tlog_log *tlog_open(const char *logfile, int maxlogsize, int maxlogcount, int buffsize, unsigned int flag)
 {
     struct tlog_log *log = NULL;

src/tlog.h

@@ -9,6 +9,11 @@
 #include <stdarg.h>
 
 #ifdef __cplusplus
+#include <string>
+#include <memory>
+#include <sstream>
+#include <iostream>
+#include <functional>
 extern "C" {
 #endif /*__cplusplus */
 
@@ -55,7 +60,7 @@ struct tlog_time {
 /* enable log to screen */
 #define TLOG_SCREEN (1 << 4)
 
-struct tlog_info {
+struct tlog_loginfo {
     tlog_level level;
     const char *file;
     const char *func;
@@ -83,6 +88,9 @@ extern int tlog_write_log(char *buff, int bufflen);
 /* set log level */
 extern int tlog_setlevel(tlog_level level);
 
+/* get log level */
+extern tlog_level tlog_getlevel(void);
+
 /* enalbe log to screen */
 extern void tlog_setlogscreen(int enable);
 
@@ -113,13 +121,13 @@ steps:
 
 read _tlog_format for example.
 */
-typedef int (*tlog_format_func)(char *buff, int maxlen, struct tlog_info *info, void *userptr, const char *format, va_list ap);
+typedef int (*tlog_format_func)(char *buff, int maxlen, struct tlog_loginfo *info, void *userptr, const char *format, va_list ap);
 extern int tlog_reg_format_func(tlog_format_func func);
 
 /* register log output callback 
  Note: info is invalid when flag TLOG_SEGMENT is not set.
  */
-typedef int (*tlog_log_output_func)(struct tlog_info *info, char *buff, int bufflen, void *private_data);
+typedef int (*tlog_log_output_func)(struct tlog_loginfo *info, const char *buff, int bufflen, void *private_data);
 extern int tlog_reg_log_output_func(tlog_log_output_func output, void *private_data);
 
 struct tlog_log;
@@ -132,11 +140,11 @@ maxlogcount: Number of archived logs.
 buffsize: Buffer size, zero for default (128K)
 flag: read tlog flags
 return: log stream handler.
- */
+*/
 extern tlog_log *tlog_open(const char *logfile, int maxlogsize, int maxlogcount, int buffsize, unsigned int flag);
 
 /* write buff to log file */
-extern int tlog_write(struct tlog_log *log, char *buff, int bufflen);
+extern int tlog_write(struct tlog_log *log, const char *buff, int bufflen);
 
 /* close log stream */
 extern void tlog_close(tlog_log *log);
@@ -160,7 +168,7 @@ extern int tlog_vprintf(tlog_log *log, const char *format, va_list ap);
 extern void tlog_logscreen(tlog_log *log, int enable);
 
 /* register output callback */
-typedef int (*tlog_output_func)(struct tlog_log *log, char *buff, int bufflen);
+typedef int (*tlog_output_func)(struct tlog_log *log, const char *buff, int bufflen);
 extern int tlog_reg_output_func(tlog_log *log, tlog_output_func output);
 
 /* set private data */
@@ -173,6 +181,65 @@ extern void *tlog_get_private(tlog_log *log);
 extern int tlog_localtime(struct tlog_time *tm);
 
 #ifdef __cplusplus
-}
+class Tlog {
-#endif /*__cplusplus */
+    using Stream = std::ostringstream;
+    using Buffer = std::unique_ptr<Stream, std::function<void(Stream*)>>;
+public:
+    Tlog(){}
+    ~Tlog(){}
+
+    static Tlog &Instance() {
+        static Tlog logger;
+        return logger;
+    }
+
+    Buffer LogStream(tlog_level level, const char *file, int line, const char *func, void *userptr) {
+        return Buffer(new Stream, [=](Stream *st) {
+            tlog_ext(level, file, line, func, userptr, "%s", st->str().c_str());
+            delete st;
+        });
+    }
+};
+
+class TlogOut {
+    using Stream = std::ostringstream;
+    using Buffer = std::unique_ptr<Stream, std::function<void(Stream*)>>;
+public:
+    TlogOut(){}
+    ~TlogOut(){}
+
+    static TlogOut &Instance() {
+        static TlogOut logger;
+        return logger;
+    }
+
+    Buffer Out(tlog_log *log) {
+        return Buffer(new Stream, [=](Stream *st) {
+            tlog_printf(log, "%s", st->str().c_str());
+            delete st;
+        });
+    }
+};
+
+#define Tlog_logger (Tlog::Instance())
+#define Tlog_stream(level) if (tlog_getlevel() <= level) *Tlog_logger.LogStream(level, BASE_FILE_NAME, __LINE__, __func__, NULL) 
+#define tlog_debug Tlog_stream(TLOG_DEBUG)
+#define tlog_info Tlog_stream(TLOG_INFO)
+#define tlog_notice Tlog_stream(TLOG_NOTICE)
+#define tlog_warn Tlog_stream(TLOG_WARN)
+#define tlog_error Tlog_stream(TLOG_ERROR)
+#define tlog_fatal Tlog_stream(TLOG_FATAL)
+
+#define Tlog_out_logger (TlogOut::Instance())
+#define tlog_out(stream)  (*Tlog_out_logger.Out(stream))
+
+} /*__cplusplus */
+#else
+#define tlog_debug(...) tlog(TLOG_DEBUG, ##__VA_ARGS__)
+#define tlog_info(...) tlog(TLOG_INFO, ##__VA_ARGS__)
+#define tlog_notice(...) tlog(TLOG_NOTICE, ##__VA_ARGS__)
+#define tlog_warn(...) tlog(TLOG_WARN, ##__VA_ARGS__)
+#define tlog_error(...) tlog(TLOG_ERROR, ##__VA_ARGS__)
+#define tlog_fatal(...) tlog(TLOG_FATAL, ##__VA_ARGS__)
+#endif 
 #endif // !TLOG_H

src/util.c

@@ -24,20 +24,20 @@
 #include <arpa/inet.h>
 #include <errno.h>
 #include <fcntl.h>
-#include <linux/netlink.h>
+#include <inttypes.h>
 #include <linux/capability.h>
+#include <linux/netlink.h>
+#include <netinet/tcp.h>
 #include <openssl/crypto.h>
 #include <openssl/ssl.h>
 #include <pthread.h>
-#include <netinet/tcp.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/prctl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <time.h>
 #include <unistd.h>
-#include <inttypes.h>
-#include <sys/prctl.h>
 
 #define TMP_BUFF_LEN_32 32
 
@@ -285,14 +285,14 @@ int parse_ip(const char *value, char *ip, int *port)
 	return 0;
 }
 
-static int _check_is_ipv4(const char *ip) 
+static int _check_is_ipv4(const char *ip)
 {
 	const char *ptr = ip;
 	char c = 0;
 	int dot_num = 0;
 	int dig_num = 0;
 
-	while ( (c = *ptr++) != '\0') {
+	while ((c = *ptr++) != '\0') {
 		if (c == '.') {
 			dot_num++;
 			dig_num = 0;
@@ -326,7 +326,7 @@ static int _check_is_ipv6(const char *ip)
 	int colon_num = 0;
 	int dig_num = 0;
 
-	while ( (c = *ptr++) != '\0') {
+	while ((c = *ptr++) != '\0') {
 		if (c == '[' || c == ']') {
 			continue;
 		}
@@ -420,7 +420,7 @@ int parse_uri(char *value, char *scheme, char *host, int *port, char *path)
 
 	if (path) {
 		strncpy(path, process_ptr, PATH_MAX);
-	} 
+	}
 	return 0;
 }
 
@@ -456,8 +456,8 @@ char *reverse_string(char *output, const char *input, int len, int to_lower_case
 		if (to_lower_case) {
 			if (*output >= 'A' && *output <= 'Z') {
 				/* To lower case */
-         		*output = *output + 32;
+				*output = *output + 32;
-      		}
+			}
 		}
 		output++;
 		len--;
@@ -502,7 +502,8 @@ static int _ipset_support_timeout(const char *ipsetname)
 	return -1;
 }
 
-static int _ipset_operate(const char *ipsetname, const unsigned char addr[], int addr_len, unsigned long timeout, int operate)
+static int _ipset_operate(const char *ipsetname, const unsigned char addr[], int addr_len, unsigned long timeout,
+						  int operate)
 {
 	struct nlmsghdr *netlink_head;
 	struct ipset_netlink_msg *netlink_msg;
@@ -560,7 +561,9 @@ static int _ipset_operate(const char *ipsetname, const unsigned char addr[], int
 	netlink_head->nlmsg_len += NETLINK_ALIGN(sizeof(struct ipset_netlink_attr));
 	nested[1]->type = NLA_F_NESTED | IPSET_ATTR_IP;
 
-	_ipset_add_attr(netlink_head, (af == AF_INET ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6) | NLA_F_NET_BYTEORDER, addr_len, addr);
+	_ipset_add_attr(netlink_head,
+					(af == AF_INET ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6) | NLA_F_NET_BYTEORDER, addr_len,
+					addr);
 	nested[1]->len = (void *)buffer + NETLINK_ALIGN(netlink_head->nlmsg_len) - (void *)nested[1];
 
 	if (timeout > 0 && _ipset_support_timeout(ipsetname) == 0) {
@@ -925,25 +928,35 @@ static int parse_server_name_extension(const char *data, size_t data_len, char *
 	return -2;
 }
 
-void get_compiled_time(struct tm *tm) 
+void get_compiled_time(struct tm *tm)
-{ 
+{
-    char s_month[5];
+	char s_month[5];
-    int month, day, year;
+	int month, day, year;
 	int hour, min, sec;
-    static const char *month_names = "JanFebMarAprMayJunJulAugSepOctNovDec";
+	static const char *month_names = "JanFebMarAprMayJunJulAugSepOctNovDec";
 
-    sscanf(__DATE__, "%5s %d %d", s_month, &day, &year);
+	sscanf(__DATE__, "%5s %d %d", s_month, &day, &year);
-    month = (strstr(month_names, s_month) - month_names) / 3;
+	month = (strstr(month_names, s_month) - month_names) / 3;
 	sscanf(__TIME__, "%d:%d:%d", &hour, &min, &sec);
-    tm->tm_year = year - 1900;
+	tm->tm_year = year - 1900;
-    tm->tm_mon = month;
+	tm->tm_mon = month;
-    tm->tm_mday = day;
+	tm->tm_mday = day;
-    tm->tm_isdst = -1;
+	tm->tm_isdst = -1;
 	tm->tm_hour = hour;
 	tm->tm_min = min;
 	tm->tm_sec = sec;
 }
 
+int is_numeric(const char *str)
+{
+	while (*str != '\0') {
+		if (*str < '0' || *str > '9')
+			return -1;
+		str++;
+	}
+	return 0;
+}
+
 int has_network_raw_cap(void)
 {
 	int fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
@@ -958,7 +971,7 @@ int has_network_raw_cap(void)
 int set_sock_keepalive(int fd, int keepidle, int keepinterval, int keepcnt)
 {
 	const int yes = 1;
-	if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &yes, sizeof(yes))!= 0) {
+	if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &yes, sizeof(yes)) != 0) {
 		return -1;
 	}
 
@@ -966,5 +979,19 @@ int set_sock_keepalive(int fd, int keepidle, int keepinterval, int keepcnt)
 	setsockopt(fd, IPPROTO_TCP, TCP_KEEPIDLE, &keepinterval, sizeof(keepinterval));
 	setsockopt(fd, IPPROTO_TCP, TCP_KEEPIDLE, &keepcnt, sizeof(keepcnt));
 
+	return 0;
+}
+
+int set_sock_lingertime(int fd, int time)
+{
+	struct linger l;
+
+	l.l_onoff = 1;
+	l.l_linger = 0;
+
+	if (setsockopt(fd, SOL_SOCKET, SO_LINGER, (const char *)&l, sizeof(l)) != 0) {
+		return -1;
+	}
+
 	return 0;
 }

src/util.h

@@ -19,23 +19,27 @@
 #ifndef SMART_DNS_UTIL_H
 #define SMART_DNS_UTIL_H
 
+#include "stringutil.h"
 #include <netdb.h>
 #include <time.h>
-#include "stringutil.h"
 
 #ifdef __cplusplus
 extern "C" {
 #endif /*__cplusplus */
 
+#ifndef TCP_FASTOPEN
+#define TCP_FASTOPEN 23
+#endif
+
 #ifndef TCP_FASTOPEN_CONNECT
 #define TCP_FASTOPEN_CONNECT 30
 #endif
 #ifndef TCP_THIN_LINEAR_TIMEOUTS
-#define TCP_THIN_LINEAR_TIMEOUTS 16 
+#define TCP_THIN_LINEAR_TIMEOUTS 16
 #endif
 
 #ifndef TCP_THIN_DUPACK
-#define TCP_THIN_DUPACK		 17 
+#define TCP_THIN_DUPACK 17
 #endif
 
 #define PORT_NOT_DEFINED -1
@@ -94,10 +98,14 @@ int parse_tls_header(const char *data, size_t data_len, char *hostname, const ch
 
 void get_compiled_time(struct tm *tm);
 
+int is_numeric(const char *str);
+
 int has_network_raw_cap(void);
 
 int set_sock_keepalive(int fd, int keepidle, int keepinterval, int keepcnt);
 
+int set_sock_lingertime(int fd, int time);
+
 #ifdef __cplusplus
 }
 #endif /*__cplusplus */

systemd/smartdns.service.in

@@ -1,17 +1,17 @@
 [Unit]
 Description=smart dns server
 After=network.target 
+StartLimitBurst=0
+StartLimitIntervalSec=60
 
 [Service]
 Type=forking
-PIDFile=/var/run/smartdns.pid
+PIDFile=@RUNSTATEDIR@/smartdns.pid
-EnvironmentFile=/etc/default/smartdns
+EnvironmentFile=@SYSCONFDIR@/default/smartdns
-ExecStart=/usr/sbin/smartdns $SMART_DNS_OPTS
+ExecStart=@SBINDIR@/smartdns -p @RUNSTATEDIR@/smartdns.pid $SMART_DNS_OPTS 
 KillMode=process
 Restart=always
 RestartSec=2
-StartLimitBurst=0
-StartLimitIntervalSec=60
 
 [Install]
 WantedBy=multi-user.target