passthrouth: fix passthrouth ttl

Fix typo & ttl issue.
dns_server: make max ttl no countdown
2022-05-03 10:25:33 +08:00 · 2022-05-03 09:00:30 +08:00 · 2022-05-02 22:53:51 +08:00 · 2022-04-30 20:22:57 +08:00 · 2022-04-30 08:46:30 +08:00 · 2022-04-29 22:29:40 +08:00
21 changed files with 2520 additions and 1518 deletions
--- a/ReadMe.md
+++ b/ReadMe.md
--- a/ReadMe_en.md
+++ b/ReadMe_en.md
@@ -503,6 +503,7 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
 |tcp-idle-time|TCP connection idle timeout|120|integer|tcp-idle-time 120
 |rr-ttl|Domain name TTL|Remote query result|number greater than 0|rr-ttl 600
 |rr-ttl-min|Domain name Minimum TTL|Remote query result|number greater than 0|rr-ttl-min 60
 |rr-ttl-reply-max|Domain name Minimum Reply TTL|Remote query result|number greater than 0|rr-ttl-reply-max 60
 |rr-ttl-max|Domain name Maximum TTL|Remote query result|number greater than 0|rr-ttl-max 600
 |log-level|log level|error|fatal,error,warn,notice,info,debug|log-level error
 |log-file|log path|/var/log/smartdns.log|File Pah|log-file /var/log/smartdns.log
@@ -528,12 +529,13 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
 |whitelist-ip|ip whitelist|None|[ip/subnet], Repeatable，When the filtering server responds IPs in the IP whitelist, only result in whitelist will be accepted| whitelist-ip 1.2.3.4/16
 |blacklist-ip|ip blacklist|None|[ip/subnet], Repeatable，When the filtering server responds IPs in the IP blacklist, The result will be discarded directly| blacklist-ip 1.2.3.4/16
 |force-AAAA-SOA|force AAAA query return SOA|no|[yes\|no]|force-AAAA-SOA yes
 |force-qtype-SOA|force specific qtype return SOA|qtype id|[qtypeid | ...]|force-qtype-SOA 65 28
 |prefetch-domain|domain prefetch feature|no|[yes\|no]|prefetch-domain yes
-|serve-expired|Cache serve expired feature|no|[yes\|no], Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish.|serve-expired yes
+|serve-expired|Cache serve expired feature|yes|[yes\|no], Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish.|serve-expired yes
 |serve-expired-ttl|Cache serve expired limite TTL|0|second，0：disable，> 0  seconds after expiration|serve-expired-ttl 0
 |serve-expired-reply-ttl|TTL value to use when replying with expired data|5|second，0：disable，> 0  seconds after expiration|serve-expired-reply-ttl 30
-|dualstack-ip-selection|Dualstack ip selection|no|[yes\|no]|dualstack-ip-selection yes
+|dualstack-ip-selection|Dualstack ip selection|yes|[yes\|no]|dualstack-ip-selection yes
-|dualstack-ip-selection-threshold|Dualstack ip select threadhold|30ms|millisecond|dualstack-ip-selection-threshold [0-1000]
+|dualstack-ip-selection-threshold|Dualstack ip select threadhold|15ms|millisecond|dualstack-ip-selection-threshold [0-1000]
 |ca-file|certificate file|/etc/ssl/certs/ca-certificates.crt|path|ca-file /etc/ssl/certs/ca-certificates.crt
 |ca-path|certificates path|/etc/ssl/certs|path|ca-path /etc/ssl/certs
@@ -646,6 +648,13 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
    bind [::]:6053 -no-speed-check -group office -no-rule-addr
    ```
 1. How to get SPKI of DOT  
    The SPKI can be obtained from the page published by the DNS service provider. If it is not published, it can be obtained by the following command, replace IP with your own IP.
    ````sh
    echo | openssl s_client -connect '1.0.0.1:853' 2>/dev/null | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
    ````
 ## Compile
 smartdns contains scripts for compiling packages, supports compiling luci, debian, openwrt, opare installation packages, and can execute `package/build-pkg.sh` compilation.
--- a/etc/init.d/smartdns
+++ b/etc/init.d/smartdns
@@ -68,11 +68,23 @@ case $1 in
 			echo "Stop smartdns server failed."
 			exit 1;
 		fi
-		rm -f "$PIDFILE"
+		LOOP=1
 		while true; do
 			if [ ! -d "/proc/$PID" ]; then
 				break;
 			fi
 			if [ $LOOP -gt 12 ]; then
 				kill -9 "$PID"
 				break;
 			fi
 			LOOP=$((LOOP+1))
 			sleep .5
 		done
 		echo "Stop smartdns server success."
 		;;
 	restart)
-		"$0" stop && sleep 1 && "$0" start
+		"$0" stop && "$0" start
 		;;
 	status)
 		PID="$(cat "$PIDFILE" 2>/dev/null)"
--- a/etc/smartdns/smartdns.conf
+++ b/etc/smartdns/smartdns.conf
@@ -84,6 +84,10 @@ cache-size 4096
 # force AAAA query return SOA
 # force-AAAA-SOA [yes|no]
 # force specific qtype return soa
 # force-qtype-SOA [qtypeid |...]
 # force-qtype-SOA 65 28
 # Enable IPV4, IPV6 dual stack IP optimization selection strategy
 # dualstack-ip-selection-threshold [num] (0~1000)
 # dualstack-ip-selection [yes|no]
@@ -98,10 +102,12 @@ cache-size 4096
 # rr-ttl: ttl for all record
 # rr-ttl-min: minimum ttl for resource record
 # rr-ttl-max: maximum ttl for resource record
 # tr-ttl-reply-max: maximum reply ttl for resource record
 # example:
 # rr-ttl 300
 # rr-ttl-min 60
 # rr-ttl-max 86400
 # rr-ttl-reply-max 60
 # set log level
 # log-level: [level], level=fatal, error, warn, notice, info, debug
--- a/package/luci-compat/files/luci/i18n/smartdns.zh-cn.po
+++ b/package/luci-compat/files/luci/i18n/smartdns.zh-cn.po
@@ -124,6 +124,9 @@ msgstr "域名TTL最大值"
 msgid "Maximum TTL for all domain result."
 msgstr "设置所有域名的TTL最大值"
 msgid "Maximum Reply TTL for all domain result."
 msgstr "设置返回给客户端的TTL最大值"
 msgid "smartdns custom settings"
 msgstr "smartdns 自定义设置，具体配置参数参考指导"
--- a/package/luci-compat/files/luci/model/cbi/smartdns/smartdns.lua
+++ b/package/luci-compat/files/luci/model/cbi/smartdns/smartdns.lua
@@ -70,7 +70,7 @@ end
 ---- Support DualStack ip selection
 o = s:taboption("settings", Flag, "dualstack_ip_selection", translate("Dual-stack IP Selection"), translate("Enable IP selection between IPV4 and IPV6"))
 o.rmempty     = false
-o.default     = o.disabled
+o.default     = o.enabled
 o.cfgvalue    = function(...)
    return Flag.cfgvalue(...) or "0"
 end
@@ -87,7 +87,7 @@ end
 o = s:taboption("settings", Flag, "serve_expired", translate("Serve expired"), 
 	translate("Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish."))
 o.rmempty     = false
-o.default     = o.disabled
+o.default     = o.enabled
 o.cfgvalue    = function(...)
    return Flag.cfgvalue(...) or "0"
 end
@@ -112,15 +112,19 @@ o.rempty      = true
 ---- rr-ttl-min
 o = s:taboption("settings", Value, "rr_ttl_min", translate("Domain TTL Min"), translate("Minimum TTL for all domain result."))
 o.rempty      = true
-o.placeholder = "300"
+o.placeholder = "600"
-o.default     = 300
+o.default     = 600
 o.optional    = true
 ---- second dns server
 ---- rr-ttl-max
 o = s:taboption("settings", Value, "rr_ttl_max", translate("Domain TTL Max"), translate("Maximum TTL for all domain result."))
 o.rempty      = true
 ---- rr-ttl-reply-max
 o = s:taboption("settings", Value, "rr_ttl_reply_max", translate("Domain TTL Max"), translate("Maximum Reply TTL for all domain result."))
 o.rempty      = true
 ---- second dns server
 ---- Eanble
 o = s:taboption("seconddns", Flag, "seconddns_enabled", translate("Enable"), translate("Enable or disable second DNS server."))
 o.default     = o.disabled
--- a/package/luci/files/luci/i18n/smartdns.zh-cn.po
+++ b/package/luci/files/luci/i18n/smartdns.zh-cn.po
@@ -130,6 +130,9 @@ msgstr "域名TTL最大值"
 msgid "Maximum TTL for all domain result."
 msgstr "设置所有域名的TTL最大值"
 msgid "Maximum Reply TTL for all domain result."
 msgstr "设置返回给客户端的TTL最大值"
 msgid "smartdns custom settings"
 msgstr "smartdns 自定义设置，具体配置参数参考指导"
--- a/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js
+++ b/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js
@@ -188,7 +188,7 @@ return L.view.extend({
 		o = s.taboption("settings", form.Flag, "dualstack_ip_selection", _("Dual-stack IP Selection"),
 			_("Enable IP selection between IPV4 and IPV6"));
 		o.rmempty = false;
-		o.default = o.disabled;
+		o.default = o.enabled;
 		// Domain prefetch load ;
 		o = s.taboption("settings", form.Flag, "prefetch_domain", _("Domain prefetch"),
@@ -200,7 +200,7 @@ return L.view.extend({
 		o = s.taboption("settings", form.Flag, "serve_expired", _("Serve expired"),
 			_("Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish."));
 		o.rmempty = false;
-		o.default = o.disabled;
+		o.default = o.enabled;
 		// Redirect;
 		o = s.taboption("settings", form.ListValue, "redirect", _("Redirect"), _("SmartDNS redirect mode"));
@@ -223,16 +223,21 @@ return L.view.extend({
 		o = s.taboption("settings", form.Value, "rr_ttl_min", _("Domain TTL Min"),
 			_("Minimum TTL for all domain result."));
 		o.rempty = true;
-		o.placeholder = "300";
+		o.placeholder = "600";
-		o.default = 300;
+		o.default = 600;
 		o.optional = true;
 		// second dns server;
 		// rr-ttl-max;
 		o = s.taboption("settings", form.Value, "rr_ttl_max", _("Domain TTL Max"),
-			_("Maximum TTL for all domain result."));
+		_("Maximum TTL for all domain result."));
 		o.rempty = true;
 		// rr-ttl-reply-max;
 		o = s.taboption("settings", form.Value, "rr_ttl_reply_max", _("Domain Reply TTL Max"),
 		_("Maximum Reply TTL for all domain result."));
 		o.rempty = true;
 		// second dns server;
 		// Eanble;
 		o = s.taboption("seconddns", form.Flag, "seconddns_enabled", _("Enable"),
 			_("Enable or disable second DNS server."));
--- a/package/openwrt/files/etc/init.d/smartdns
+++ b/package/openwrt/files/etc/init.d/smartdns
@@ -311,6 +311,9 @@ load_service()
 	config_get rr_ttl_max "$section" "rr_ttl_max" ""
 	[ -z "$rr_ttl_max" ] || conf_append "rr-ttl-max" "$rr_ttl_max"
 	config_get rr_ttl_reply_max "$section" "rr_ttl_reply_max" ""
 	[ -z "$rr_ttl_reply_max" ] || conf_append "rr-ttl-reply-max" "$rr_ttl_reply_max"
 	config_get log_size "$section" "log_size" "64K"
 	[ -z "$log_size" ] || conf_append "log-size" "$log_size"
--- a/src/dns.c
+++ b/src/dns.c
--- a/src/dns.h
+++ b/src/dns.h
@@ -68,6 +68,7 @@ typedef enum dns_type {
 typedef enum dns_opt_code {
 	DNS_OPT_T_ECS = 8, // OPT ECS
 	DNS_OPT_T_COOKIE = 10, //OPT Cookie
 	DNS_OPT_T_TCP_KEEPALIVE = 11,
 	DNS_OPT_T_ALL = 255
 } dns_opt_code_t;
@@ -112,11 +113,15 @@ struct dns_head {
 	unsigned short nrcount; /* number of addititional resource entries */
 } __attribute__((packed, aligned(2)));
-struct dns_rrs {
+#define DNS_PACKET_DICT_SIZE 16
-	unsigned short next;
+struct dns_packet_dict_item {
-	unsigned short len;
+	unsigned pos;
-	dns_type_t type;
+	unsigned int hash;
-	unsigned char data[0];
+};
 struct dns_packet_dict {
 	short dict_count;
 	struct dns_packet_dict_item names[DNS_PACKET_DICT_SIZE];
 };
 /* packet haed */
@@ -129,21 +134,24 @@ struct dns_packet {
 	unsigned short optcount;
 	unsigned short optional;
 	unsigned short payloadsize;
 	struct dns_packet_dict namedict;
 	int size;
 	int len;
 	unsigned char data[0];
 };
-/* RRS encode/decode context */
+struct dns_rrs {
-struct dns_data_context {
+	struct dns_packet *packet;
-	unsigned char *data;
+	unsigned short next;
-	unsigned char *ptr;
+	unsigned short len;
-	unsigned int maxsize;
+	dns_type_t type;
 	unsigned char data[0];
 };
 /* packet encode/decode context */
 struct dns_context {
 	struct dns_packet *packet;
 	struct dns_packet_dict *namedict;
 	unsigned char *data;
 	unsigned int maxsize;
 	unsigned char *ptr;
@@ -169,6 +177,13 @@ struct dns_opt_ecs {
 	unsigned char source_prefix;
 	unsigned char scope_prefix;
 	unsigned char addr[DNS_RR_AAAA_LEN];
 } __attribute__((packed));;
 /* OPT COOLIE */
 struct dns_opt_cookie {
 	char server_cookie_len;
 	unsigned char client_cookie[8];
 	unsigned char server_cookie[32];
 };
 /* OPT */
@@ -226,4 +241,12 @@ int dns_encode(unsigned char *data, int size, struct dns_packet *packet);
 int dns_packet_init(struct dns_packet *packet, int size, struct dns_head *head);
 struct dns_update_param {
 	int id;
 	int ip_ttl;
 	int cname_ttl;
 };
 int dns_packet_update(unsigned char *data, int size, struct dns_update_param *param);
 #endif
--- a/src/dns_cache.c
+++ b/src/dns_cache.c
@@ -162,6 +162,11 @@ void dns_cache_set_data_soa(struct dns_cache_data *dns_cache, int32_t cache_flag
 		goto errout;
 	}
 	dns_cache->head.is_soa = 1;
 	if (dns_cache->head.cache_type == CACHE_TYPE_PACKET) {
 		return;
 	}
 	struct dns_cache_addr *cache_addr = (struct dns_cache_addr *)dns_cache;
 	if (cache_addr == NULL) {
 		goto errout;
@@ -229,6 +234,7 @@ struct dns_cache_data *dns_cache_new_data_packet(uint32_t cache_flag, void *pack
 	}
 	memcpy(cache_packet->data, packet, packet_len);
 	memset(&cache_packet->head, 0, sizeof(cache_packet->head));
 	cache_packet->head.cache_flag = cache_flag;
 	cache_packet->head.cache_type = CACHE_TYPE_PACKET;
@@ -412,15 +418,45 @@ int dns_cache_get_ttl(struct dns_cache *dns_cache)
 	return ttl;
 }
-int dns_cache_is_soa(struct dns_cache *dns_cache) {
+int dns_cache_get_cname_ttl(struct dns_cache *dns_cache) 
 {
 	time_t now;
 	int ttl = 0;
 	time(&now);
 	struct dns_cache_addr *cache_addr = (struct dns_cache_addr *)dns_cache_get_data(dns_cache);
 	if (cache_addr->head.cache_type != CACHE_TYPE_ADDR) {
 		return 0;
 	}
 	ttl = dns_cache->info.insert_time + cache_addr->addr_data.cname_ttl - now;
 	if (ttl < 0) {
 		return 0;
 	}
 	int addr_ttl = dns_cache_get_ttl(dns_cache);
 	if (ttl < addr_ttl && ttl < 0) {
 		return addr_ttl;
 	}
 	if (ttl < 0) {
 		return 0;
 	}
 	return ttl;	
 }
 int dns_cache_is_soa(struct dns_cache *dns_cache) 
 {
 	if (dns_cache == NULL) {
 		return 0;
 	}
-	struct dns_cache_addr *cache_addr = (struct dns_cache_addr *)dns_cache_get_data(dns_cache);
+	if (dns_cache->cache_data->head.is_soa) {
 	if (cache_addr->head.cache_type == CACHE_TYPE_ADDR && cache_addr->addr_data.soa) {
 		return 1;
 	}
 	return 0;
 }
--- a/src/dns_cache.h
+++ b/src/dns_cache.h
@@ -50,6 +50,7 @@ enum CACHE_RECORD_TYPE {
 struct dns_cache_data_head {
 	uint32_t cache_flag;
 	enum CACHE_TYPE cache_type;
 	int is_soa;
 	size_t size;
 };
@@ -143,6 +144,8 @@ void dns_cache_invalidate(dns_cache_preinvalid_callback callback, int ttl_pre);
 int dns_cache_get_ttl(struct dns_cache *dns_cache);
 int dns_cache_get_cname_ttl(struct dns_cache *dns_cache);
 int dns_cache_is_soa(struct dns_cache *dns_cache);
 struct dns_cache_data *dns_cache_new_data(void);
--- a/src/dns_client.c
+++ b/src/dns_client.c
@@ -58,7 +58,7 @@
 #define DNS_TCP_IDLE_TIMEOUT (60 * 10)
 #define DNS_TCP_CONNECT_TIMEOUT (5)
 #define DNS_QUERY_TIMEOUT (500)
-#define DNS_QUERY_RETRY (6)
+#define DNS_QUERY_RETRY (4)
 #define DNS_PENDING_SERVER_RETRY 40
 #define SOCKET_PRIORITY (6)
 #define SOCKET_IP_TOS (IPTOS_LOWDELAY | IPTOS_RELIABILITY)
@@ -117,6 +117,7 @@ struct dns_server_info {
 	time_t last_send;
 	time_t last_recv;
 	int prohibit;
 	/* server addr info */
 	unsigned short ai_family;
@@ -1004,6 +1005,7 @@ static int _dns_client_server_add(char *server_ip, char *server_host, int port,
 	server_info->ttl = ttl;
 	server_info->ttl_range = 0;
 	server_info->skip_check_cert = skip_check_cert;
 	server_info->prohibit = 0;
 	pthread_mutex_init(&server_info->lock, NULL);
 	memcpy(&server_info->flags, flags, sizeof(server_info->flags));
@@ -2152,6 +2154,7 @@ static int _dns_client_process_tcp_buff(struct dns_server_info *server_info)
 		}
 		tlog(TLOG_DEBUG, "recv tcp packet from %s, len = %d", server_info->ip, len);
 		time(&server_info->last_recv);
 		/* process result */
 		if (_dns_client_recv(server_info, inpacket_data, dns_packet_len, &server_info->addr, server_info->ai_addrlen) !=
 			0) {
@@ -2230,7 +2233,6 @@ static int _dns_client_process_tcp(struct dns_server_info *server_info, struct e
 			return ret;
 		}
 		time(&server_info->last_recv);
 		server_info->recv_buff.len += len;
 		if (server_info->recv_buff.len <= 2) {
 			/* wait and recv */
@@ -2787,6 +2789,14 @@ static int _dns_client_send_packet(struct dns_query_struct *query, void *packet,
 		list_for_each_entry_safe(group_member, tmp, &query->server_group->head, list)
 		{
 			server_info = group_member->server;
 			if (server_info->prohibit) {
 				time_t now;
 				time(&now);
 				if ((now - 60 < server_info->last_send) && (now - 5 > server_info->last_recv)) {
 					continue;
 				}
 				server_info->prohibit = 0;
 			}
 			total_server++;
 			tlog(TLOG_DEBUG, "send query to server %s", server_info->ip);
 			if (server_info->fd <= 0) {
@@ -2838,6 +2848,8 @@ static int _dns_client_send_packet(struct dns_query_struct *query, void *packet,
 				time_t now;
 				time(&now);
 				if (now - 5 > server_info->last_recv || send_err != ENOMEM) {
 					server_info->prohibit = 1;
 					tlog(TLOG_INFO, "server %s not alive, prohibit", server_info->ip);
 					_dns_client_shutdown_socket(server_info);
 				}
@@ -3261,6 +3273,34 @@ static void *_dns_client_work(void *arg)
 int dns_client_set_ecs(char *ip, int subnet)
 {
 	struct sockaddr_storage addr;
 	socklen_t addr_len = sizeof(addr);
 	getaddr_by_host(ip, (struct sockaddr *)&addr, &addr_len);
 	switch (addr.ss_family) {
 	case AF_INET: {
 		struct sockaddr_in *addr_in;
 		addr_in = (struct sockaddr_in *)&addr;
 		memcpy(&client.ecs_ipv4.ipv4_addr, &addr_in->sin_addr.s_addr, 4);
 		client.ecs_ipv4.bitlen = subnet;
 		client.ecs_ipv4.enable = 1;
 	} break;
 	case AF_INET6: {
 		struct sockaddr_in6 *addr_in6;
 		addr_in6 = (struct sockaddr_in6 *)&addr;
 		if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
 			memcpy(&client.ecs_ipv4.ipv4_addr, addr_in6->sin6_addr.s6_addr + 12, 4);
 			client.ecs_ipv4.bitlen = subnet;
 			client.ecs_ipv4.enable = 1;
 		} else {
 			memcpy(&client.ecs_ipv6.ipv6_addr, addr_in6->sin6_addr.s6_addr, 16);
 			client.ecs_ipv6.bitlen = subnet;
 			client.ecs_ipv6.enable = 1;
 		}
 	} break;
 	default:
 		return -1;
 	}
 	return 0;
 }
--- a/src/dns_conf.c
+++ b/src/dns_conf.c
@@ -37,6 +37,8 @@ struct dns_ipset_table {
 };
 static struct dns_ipset_table dns_ipset_table;
 struct dns_qtype_soa_table dns_qtype_soa_table;
 /* dns groups */
 struct dns_group_table dns_group_table;
@@ -48,7 +50,7 @@ int dns_conf_tcp_idle_time = 120;
 /* cache */
 int dns_conf_cachesize = DEFAULT_DNS_CACHE_SIZE;
 int dns_conf_prefetch = 0;
-int dns_conf_serve_expired = 0;
+int dns_conf_serve_expired = 1;
 int dns_conf_serve_expired_ttl = 0;
 int dns_conf_serve_expired_reply_ttl = 5;
@@ -88,12 +90,13 @@ art_tree dns_conf_domain_rule;
 struct dns_conf_address_rule dns_conf_address_rule;
 /* dual-stack selection */
-int dns_conf_dualstack_ip_selection;
+int dns_conf_dualstack_ip_selection = 1;
-int dns_conf_dualstack_ip_selection_threshold = 30;
+int dns_conf_dualstack_ip_selection_threshold = 15;
 /* TTL */
 int dns_conf_rr_ttl;
-int dns_conf_rr_ttl_min;
+int dns_conf_rr_ttl_reply_max;
 int dns_conf_rr_ttl_min = 600;
 int dns_conf_rr_ttl_max;
 int dns_conf_force_AAAA_SOA;
@@ -1171,6 +1174,44 @@ static int _config_iplist_rule(char *subnet, enum address_rule rule)
 	return 0;
 }
 static int _config_qtype_soa(void *data, int argc, char *argv[])
 {
 	struct dns_qtype_soa_list *soa_list;
 	int i = 0;
 	if (argc <= 1) {
 		return -1;
 	}
 	for (i = 1; i < argc; i++) {
 		soa_list = malloc(sizeof(*soa_list));
 		if (soa_list == NULL) {
 			tlog(TLOG_ERROR, "cannot malloc memory");
 			return -1;
 		}
 		memset(soa_list, 0, sizeof(*soa_list));
 		soa_list->qtypeid = atol(argv[i]);
 		uint32_t key = hash_32_generic(soa_list->qtypeid, 32);
 		hash_add(dns_qtype_soa_table.qtype, &soa_list->node, key);
 	}
 	return 0;
 }
 static void _config_qtype_soa_table_destroy(void)
 {
 	struct dns_qtype_soa_list *soa_list = NULL;
 	struct hlist_node *tmp = NULL;
 	int i;
 	hash_for_each_safe(dns_qtype_soa_table.qtype, i, tmp, soa_list, node)
 	{
 		hlist_del_init(&soa_list->node);
 		free(soa_list);
 	}
 }
 static int _config_blacklist_ip(void *data, int argc, char *argv[])
 {
 	if (argc <= 1) {
@@ -1216,7 +1257,7 @@ static int _conf_edns_client_subnet(void *data, int argc, char *argv[])
 	struct sockaddr_storage addr;
 	socklen_t addr_len = sizeof(addr);
-	if (argc <= 1 || data == NULL) {
+	if (argc <= 1) {
 		return -1;
 	}
@@ -1447,7 +1488,9 @@ static struct config_item _config_item[] = {
 	CONF_INT("rr-ttl", &dns_conf_rr_ttl, 0, CONF_INT_MAX),
 	CONF_INT("rr-ttl-min", &dns_conf_rr_ttl_min, 0, CONF_INT_MAX),
 	CONF_INT("rr-ttl-max", &dns_conf_rr_ttl_max, 0, CONF_INT_MAX),
 	CONF_INT("rr-ttl-reply-max", &dns_conf_rr_ttl_reply_max, 0, CONF_INT_MAX),
 	CONF_YESNO("force-AAAA-SOA", &dns_conf_force_AAAA_SOA),
 	CONF_CUSTOM("force-qtype-SOA", _config_qtype_soa, NULL),
 	CONF_CUSTOM("blacklist-ip", _config_blacklist_ip, NULL),
 	CONF_CUSTOM("whitelist-ip", _conf_whitelist_ip, NULL),
 	CONF_CUSTOM("bogus-nxdomain", _conf_bogus_nxdomain, NULL),
@@ -1518,6 +1561,7 @@ static int _dns_server_load_conf_init(void)
 	art_tree_init(&dns_conf_domain_rule);
 	hash_init(dns_ipset_table.ipset);
 	hash_init(dns_qtype_soa_table.qtype);
 	hash_init(dns_group_table.group);
 	return 0;
@@ -1530,6 +1574,7 @@ void dns_server_load_exit(void)
 	Destroy_Radix(dns_conf_address_rule.ipv6, _config_address_destroy, NULL);
 	_config_ipset_table_destroy();
 	_config_group_table_destroy();
 	_config_qtype_soa_table_destroy();
 }
 static int _dns_conf_speed_check_mode_verify(void)
--- a/src/dns_conf.h
+++ b/src/dns_conf.h
@@ -203,6 +203,16 @@ struct dns_bind_ip {
 	const char *group;
 };
 struct dns_qtype_soa_list {
 	struct hlist_node node;
 	uint32_t qtypeid;
 };
 struct dns_qtype_soa_table {
 	DECLARE_HASHTABLE(qtype, 8);
 };
 extern struct dns_qtype_soa_table dns_qtype_soa_table;
 extern struct dns_bind_ip dns_conf_bind_ip[DNS_MAX_BIND_IP];
 extern int dns_conf_bind_ip_num;
@@ -245,6 +255,7 @@ extern int dns_conf_dualstack_ip_selection;
 extern int dns_conf_dualstack_ip_selection_threshold;
 extern int dns_conf_rr_ttl;
 extern int dns_conf_rr_ttl_reply_max;
 extern int dns_conf_rr_ttl_min;
 extern int dns_conf_rr_ttl_max;
 extern int dns_conf_force_AAAA_SOA;
--- a/src/dns_server.c
+++ b/src/dns_server.c
--- a/src/tlog.c
+++ b/src/tlog.c
@@ -317,7 +317,7 @@ int tlog_localtime(struct tlog_time *tm)
    return _tlog_gettime(tm);
 }
-tlog_log *tlog_get_root()
+tlog_log *tlog_get_root(void)
 {
    return tlog.root;
 }
@@ -1395,6 +1395,35 @@ static int _tlog_root_write_log(struct tlog_log *log, const char *buff, int buff
    return tlog.output_func(&empty_info.info, buff, bufflen, tlog_get_private(log));
 }
 static void tlog_wait_zip_fini(void)
 {
    tlog_log *next;
    if (tlog.root == NULL) {
        return;
    }
    int wait_zip = 1;
    int time_out = 0;
    while (wait_zip) {
        wait_zip = 0;
        time_out++;
        next = tlog.log;
        while (next) {
            if (next->zip_pid > 0 && wait_zip == 0) {
                wait_zip = 1;
                usleep(1000);
            }
            if (kill(next->zip_pid, 0) != 0 || time_out >= 5000) {
                next->zip_pid = -1;
            }
            next = next->next;
        }
    }
    return;
 }
 static void *_tlog_work(void *arg)
 {
    int log_len = 0;
@@ -1408,6 +1437,9 @@ static void *_tlog_work(void *arg)
    unused = arg;
    // for child process
    tlog_wait_zip_fini();
    while (1) {
        log_len = 0;
        log_extlen = 0;
@@ -1680,6 +1712,12 @@ static void tlog_fork_prepare(void)
    }
    pthread_mutex_lock(&tlog.lock);
    tlog_log *next;
    next = tlog.log;
    while (next) {
        next->multi_log = 1;
        next = next->next;
    }
 }
 static void tlog_fork_parent(void)
@@ -1699,6 +1737,16 @@ static void tlog_fork_child(void)
        return;
    }
    next = tlog.log;
    while (next) {
        next->start = 0;
        next->end = 0;
        next->ext_end = 0;
        next->dropped = 0;
        next->filesize = 0;
        next = next->next;
    }
    pthread_attr_init(&attr);
    int ret = pthread_create(&tlog.tid, &attr, _tlog_work, NULL);
    if (ret != 0) {
--- a/src/tlog.h
+++ b/src/tlog.h
@@ -78,7 +78,9 @@ level: Current log Levels
 format: Log formats
 */
 #ifndef BASE_FILE_NAME
-#define BASE_FILE_NAME __FILE__
+#define BASE_FILE_NAME                                                     \
  (__builtin_strrchr(__FILE__, '/') ? __builtin_strrchr(__FILE__, '/') + 1 \
                                    : __FILE__)
 #endif
 #define tlog(level, format, ...) tlog_ext(level, BASE_FILE_NAME, __LINE__, __func__, NULL, format, ##__VA_ARGS__)
--- a/src/util.c
+++ b/src/util.c
@@ -28,6 +28,7 @@
 #include <fcntl.h>
 #include <inttypes.h>
 #include <linux/capability.h>
 #include <linux/limits.h>
 #include <linux/netlink.h>
 #include <netinet/tcp.h>
 #include <openssl/crypto.h>
@@ -517,6 +518,7 @@ static int _ipset_operate(const char *ipsetname, const unsigned char addr[], int
 	ssize_t rc;
 	int af = 0;
 	static const struct sockaddr_nl snl = {.nl_family = AF_NETLINK};
 	uint32_t expire;
 	if (addr_len != IPV4_ADDR_LEN && addr_len != IPV6_ADDR_LEN) {
 		errno = EINVAL;
@@ -571,8 +573,8 @@ static int _ipset_operate(const char *ipsetname, const unsigned char addr[], int
 	nested[1]->len = (void *)buffer + NETLINK_ALIGN(netlink_head->nlmsg_len) - (void *)nested[1];
 	if (timeout > 0 && _ipset_support_timeout(ipsetname) == 0) {
-		timeout = htonl(timeout);
+		expire = htonl(timeout);
-		_ipset_add_attr(netlink_head, IPSET_ATTR_TIMEOUT | NLA_F_NET_BYTEORDER, sizeof(timeout), &timeout);
+		_ipset_add_attr(netlink_head, IPSET_ATTR_TIMEOUT | NLA_F_NET_BYTEORDER, sizeof(expire), &expire);
 	}
 	nested[0]->len = (void *)buffer + NETLINK_ALIGN(netlink_head->nlmsg_len) - (void *)nested[0];
@@ -607,15 +609,22 @@ int ipset_del(const char *ipsetname, const unsigned char addr[], int addr_len)
 unsigned char *SSL_SHA256(const unsigned char *d, size_t n, unsigned char *md)
 {
 	SHA256_CTX c;
 	static unsigned char m[SHA256_DIGEST_LENGTH];
 	if (md == NULL)
 		md = m;
-	SHA256_Init(&c);
+
-	SHA256_Update(&c, d, n);
+	EVP_MD_CTX* ctx = EVP_MD_CTX_create();
-	SHA256_Final(md, &c);
+	if (ctx == NULL) {
-	OPENSSL_cleanse(&c, sizeof(c));
+		return NULL;
 	}
 	EVP_MD_CTX_init(ctx);
 	EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
 	EVP_DigestUpdate(ctx, d, n);
 	EVP_DigestFinal_ex(ctx, m, NULL);
 	EVP_MD_CTX_destroy(ctx);
 	return (md);
 }
@@ -736,7 +745,11 @@ void SSL_CRYPTO_thread_setup(void)
 		pthread_mutex_init(&(lock_cs[i]), NULL);
 	}
 #if OPENSSL_API_COMPAT < 0x10000000
 	CRYPTO_set_id_callback(_pthreads_thread_id);
 #else
 	CRYPTO_THREADID_set_callback(_pthreads_thread_id);
 #endif
 	CRYPTO_set_locking_callback(_pthreads_locking_callback);
 }
@@ -1036,6 +1049,7 @@ void print_stack(void)
 {
 	const size_t max_buffer = 30;
 	void *buffer[max_buffer];
 	int idx = 0;
 	struct backtrace_state state = {buffer, buffer + max_buffer};
 	_Unwind_Backtrace(unwind_callback, &state);
@@ -1045,7 +1059,7 @@ void print_stack(void)
 	}
 	tlog(TLOG_FATAL, "Stack:");
-	for (int idx = 0; idx < frame_num; ++idx) {
+	for (idx = 0; idx < frame_num; ++idx) {
 		const void *addr = buffer[idx];
 		const char *symbol = "";
--- a/systemd/smartdns.service
+++ b/systemd/smartdns.service
@@ -1,19 +0,0 @@
 [Unit]
 Description=SmartDNS Server
 After=network.target 
 StartLimitBurst=0
 StartLimitIntervalSec=60
 [Service]
 Type=forking
 PIDFile=/var/run/smartdns.pid
 EnvironmentFile=/etc/default/smartdns
 ExecStart=/usr/sbin/smartdns -p /var/run/smartdns.pid $SMART_DNS_OPTS 
 KillMode=process
 Restart=always
 RestartSec=2
 TimeoutStopSec=5
 [Install]
 WantedBy=multi-user.target
 Alias=smartdns.service
Author	SHA1	Message	Date
Nick Peng	34691154fb	passthrouth: fix passthrouth ttl	2022-05-03 10:25:33 +08:00
Nick Peng	29a5803860	Fix typo & ttl issue.	2022-05-03 09:00:30 +08:00
Nick Peng	ebd820bcbb	dns_server: make max ttl no countdown	2022-05-02 22:53:51 +08:00
Nick Peng	1de5557430	client: support ECS	2022-04-30 20:22:57 +08:00
Nick Peng	c92615e6cd	dual-stack: return soa when ipv4 exists in cache	2022-04-30 08:46:30 +08:00
Nick Peng	c561ae2fc5	Feature: Supports setting the maximum TTL value of the response to the client	2022-04-29 22:29:40 +08:00
Nick Peng	d30264ed08	script: force stop smartdns process	2022-04-29 10:09:40 +08:00
Nick Peng	22e13b40db	dns_server: fix passthrouth ipset issue	2022-04-26 20:43:11 +08:00
Nick Peng	75dda9340d	dns_conf: update default configuration.	2022-04-25 18:46:52 +08:00
Nick Peng	baf2be681d	dns-server: Parallel query performance optimization for the same domain name	2022-04-25 18:46:40 +08:00
Nick Peng	5bd521c36b	dns_server: Cache A record for AAAA query when dualstack select	2022-04-22 23:36:37 +08:00
Nick Peng	d0305f60f6	dns_server: make fastest ip first place & fix audit log and ipset for multi IPs.	2022-04-17 18:03:24 +08:00
Nick Peng	6e1363dca4	Feature: select all best ip	2022-04-10 19:47:00 +08:00
Nick Peng	23e9021d30	client: avoid retry query storm	2022-04-09 11:12:00 +08:00
Nick Peng	92af4c05c0	dns: support domain compress.	2022-04-05 21:21:33 +08:00
Nick Peng	24661c2419	Fix issue #903 TXT, SRV, record failed.	2022-04-04 10:34:55 +08:00
Nick Peng	1efa1942cc	tlog: bump tlog to v1.6	2022-03-29 19:20:41 +08:00
WhiredPlanck	1fd18601e7	doc: polish ReadMe.md	2022-03-02 15:08:30 +08:00
Nick Peng	d7d7ef48cd	cache: optimize cname TTL	2022-02-17 16:34:24 +08:00
Nick Peng	0652316e98	server: strict result, discard result without query type	2022-02-17 13:00:50 +08:00
Nick Peng	ee9059bb37	server: Support specific qtype to return SOA	2022-02-17 11:33:09 +08:00
Nick Peng	45180c0dd6	readme: Add instructions on how to get SPKI	2022-02-16 20:49:02 +08:00
Nick Peng	f29e292a41	cache: fix SOA cache issue when dns server timeout.	2022-02-16 20:49:02 +08:00
Nick Peng	cf34cbc045	tls: remove deprecated API, support openssl 3.0	2022-02-16 20:48:57 +08:00
Nick Peng	8d7c54d382	audit: fix audit log for no-speed-check	2022-02-16 17:31:12 +08:00
Nick Peng	75d91096ca	cache: make cname ttl countdown	2022-02-16 17:05:43 +08:00
Nick Peng	e98cf5b711	cache: fix cache not update issue when serve-expired enabled.	2022-02-15 17:35:39 +08:00
paldier	a33d09f80b	fix openssl1.1 without 0.9.8 api compile error when `./Configure --api=1.0.0`, we should not use CRYPTO_set_id_callback().	2022-02-15 10:56:40 +08:00
whiler	ba282c8c60	use type uint32_t for timeout Ref. https://github.com/torvalds/linux/blob/master/include/linux/netfilter/ipset/ip_set.h#L268	2021-11-26 17:34:24 +08:00
Nick Cao	a588793221	remove extraneous unit file	2021-09-16 12:03:19 +08:00
FH0	cd88dd4854	fix `x86_64-linux-gnu-gcc` compile error ``` util.c: In function ‘parse_uri’: util.c:389:17: error: ‘PATH_MAX’ undeclared (first use in this function); did you mean ‘AF_MAX’? 389 \| char host_name[PATH_MAX]; \| ^~~~~~~~ \| AF_MAX util.c:389:17: note: each undeclared identifier is reported only once for each function it appears in ```	2021-09-16 12:00:42 +08:00
FH0	8973acad44	fix tlog_set_permission parameters type	2021-09-14 22:47:58 +08:00