daxi20/smartdns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: daxi20:Release37-RC2
Branches Tags
daxi20:master daxi20:doc daxi20:quic daxi20:https-svcb daxi20:multi-thread-server daxi20:luci-dns-forwarding
daxi20:Release43 daxi20:Release42 daxi20:Release41 daxi20:Release41-RC3 daxi20:Release41-RC2 daxi20:Release41-RC1 daxi20:Release40 daxi20:feature-dns-forwarding daxi20:Release39 daxi20:Release38.1 daxi20:Release38 daxi20:Release37.2 daxi20:Release37.1 daxi20:Release37 daxi20:Release37-RC3 daxi20:Release37-RC2 daxi20:Release37-RC1 daxi20:all-best-ip daxi20:Release36.1 daxi20:Release36 daxi20:Release35 daxi20:Release34 daxi20:Release33 daxi20:Release32 daxi20:Release32-RC4 daxi20:Release32-RC3 daxi20:Release32-RC2 daxi20:Release32-RC1 daxi20:Release31 daxi20:Release30 daxi20:Release29 daxi20:Release28 daxi20:Release27 daxi20:Release26-Special daxi20:Release25 daxi20:Release24 daxi20:Release23 daxi20:Release22 daxi20:Release21 daxi20:Release20 daxi20:Release18
..
compare: daxi20:Release37
Branches Tags
daxi20:master daxi20:doc daxi20:quic daxi20:https-svcb daxi20:multi-thread-server daxi20:luci-dns-forwarding
daxi20:Release43 daxi20:Release42 daxi20:Release41 daxi20:Release41-RC3 daxi20:Release41-RC2 daxi20:Release41-RC1 daxi20:Release40 daxi20:feature-dns-forwarding daxi20:Release39 daxi20:Release38.1 daxi20:Release38 daxi20:Release37.2 daxi20:Release37.1 daxi20:Release37 daxi20:Release37-RC3 daxi20:Release37-RC2 daxi20:Release37-RC1 daxi20:all-best-ip daxi20:Release36.1 daxi20:Release36 daxi20:Release35 daxi20:Release34 daxi20:Release33 daxi20:Release32 daxi20:Release32-RC4 daxi20:Release32-RC3 daxi20:Release32-RC2 daxi20:Release32-RC1 daxi20:Release31 daxi20:Release30 daxi20:Release29 daxi20:Release28 daxi20:Release27 daxi20:Release26-Special daxi20:Release25 daxi20:Release24 daxi20:Release23 daxi20:Release22 daxi20:Release21 daxi20:Release20 daxi20:Release18

9 Commits
Release37- ... Release37

Author SHA1 Message Date
Nick Peng
5a2559f064 Update readme 2022-08-06 16:24:33 +08:00
Nick Peng
3605e6ed71 smartdns: support no create pid file. 2022-08-05 22:13:26 +08:00
Nick Peng
6588c9822f fast_ping: supress error log 2022-08-04 21:40:18 +08:00
honwen.chan
2f1d83cc2c docker: refine Dockerfile, make cache happy. 2022-08-01 21:58:51 +08:00
Nick Peng
ac042e8bee dns-debug: support record fail packet for debugging 2022-07-31 15:49:10 +08:00
Nick Peng
ab415f2ee9 feature: support response mode: first-ping, fastest-ip, fastest-response 2022-07-25 22:54:27 +08:00
Nick Peng
d3bbd8edd7 log: set default log path to /var/log/smartdns/ and auto create directory 2022-07-25 22:52:42 +08:00
Nick Peng
9390a49a72 dns_server: make log happy. 2022-07-21 21:45:14 +08:00
Felix Yan
798226ddb3 Correct typos in dns.c 2022-07-17 14:10:00 +08:00
18 changed files with 677 additions and 131 deletions
Expand all files Collapse all files

40
Dockerfile
View File

@@ -1,35 +1,41 @@
FROM ubuntu:latest as smartdns-builder
LABEL previous-stage=smartdns-builder
COPY . /smartdns/
# prepare builder
ARG OPENSSL_VER=1.1.1f
RUN apt update && \
apt install -y perl wget make musl-tools musl-dev && \
OPENSSL_VER=1.1.1f && \
mkdir /build -p && \
apt install -y perl curl make musl-tools musl-dev && \
ln -s /usr/include/linux /usr/include/$(uname -m)-linux-musl && \
ln -s /usr/include/asm-generic /usr/include/$(uname -m)-linux-musl && \
ln -s /usr/include/$(uname -m)-linux-gnu/asm /usr/include/$(uname -m)-linux-musl && \
cd /build && \
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_${OPENSSL_VER}.orig.tar.gz && \
tar xf openssl_${OPENSSL_VER}.orig.tar.gz && \
cd openssl-${OPENSSL_VER} && \
\
mkdir -p /build/openssl && \
cd /build/openssl && \
curl -sSL http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_${OPENSSL_VER}.orig.tar.gz | tar --strip-components=1 -zxv && \
\
export CC=musl-gcc && \
if [ "$(uname -m)" = "aarch64" ]; then \
./config --prefix=/opt/build no-tests -mno-outline-atomics ; \
else \
./config --prefix=/opt/build no-tests; \
./config --prefix=/opt/build no-tests ; \
fi && \
make all -j8 && make install_sw && \
cd /smartdns && \
cd / && rm -rf /build
# do make
COPY . /build/smartdns/
RUN cd /build/smartdns && \
export CC=musl-gcc && \
export CFLAGS="-I /opt/build/include" && \
export LDFLAGS="-L /opt/build/lib" && \
sh ./package/build-pkg.sh --platform linux --arch `dpkg --print-architecture` --static && \
mkdir /release -p && \
cd /smartdns/package && tar xf *.tar.gz && \
cp /smartdns/package/smartdns/etc /release/ -a && \
cp /smartdns/package/smartdns/usr /release/ -a && \
chmod +x /release/etc/init.d/smartdns && \
mkdir /release/var/log/ /release/var/run/ -p && \
rm -fr /build /smartdns
\
( cd package && tar -xvf *.tar.gz && chmod a+x smartdns/etc/init.d/smartdns ) && \
\
mkdir -p /release/var/log /release/var/run && \
cp package/smartdns/etc /release/ -a && \
cp package/smartdns/usr /release/ -a && \
cd / && rm -rf /build
FROM busybox:latest
COPY --from=smartdns-builder /release/ /

8
ReadMe.md
View File

@@ -548,6 +548,8 @@ rtt min/avg/max/mdev = 5.954/6.133/6.313/0.195 ms
## 配置文件说明
配置建议:**smartdns默认已设置为最优模式适合大部分场景的DNS查询体验改善一般情况只需要增加上游服务器地址即可无需做其他配置修改如有其他配置修改请务必了解其用途避免修改后起到反作用。**
| 键名 | 功能说明 | 默认值 | 可用值/要求 | 举例 |
| :--- | :--- | :--- | :--- | :--- |
| server-name | DNS 服务器名称 | 操作系统主机名 / smartdns | 符合主机名规格的字符串 | server-name smartdns |
@@ -563,11 +565,11 @@ rtt min/avg/max/mdev = 5.954/6.133/6.313/0.195 ms
| rr-ttl-reply-max | 允许返回给客户端的最大 TTL 值 | 远程查询结果 | 大于 0 的数字 | rr-ttl-reply-max 60 |
| max-reply-ip-num | 允许返回给客户的最大IP数量 | IP数量 | 大于 0 的数字 | max-reply-ip-num 1 |
| log-level | 设置日志级别 | error | fatal、error、warn、notice、info 或 debug | log-level error |
| log-file | 日志文件路径 | /var/log/smartdns.log | 合法路径字符串 | log-file /var/log/smartdns.log |
| log-file | 日志文件路径 | /var/log/smartdns/smartdns.log | 合法路径字符串 | log-file /var/log/smartdns/smartdns.log |
| log-size | 日志大小 | 128K | 数字 + K、M 或 G | log-size 128K |
| log-num | 日志归档个数 | 2 | 大于等于 0 的数字 | log-num 2 |
| audit-enable | 设置审计启用 | no | [yes\|no] | audit-enable yes |
| audit-file | 审计文件路径 | /var/log/smartdns-audit.log | 合法路径字符串 | audit-file /var/log/smartdns-audit.log |
| audit-file | 审计文件路径 | /var/log/smartdns/smartdns-audit.log | 合法路径字符串 | audit-file /var/log/smartdns/smartdns-audit.log |
| audit-size | 审计大小 | 128K | 数字 + K、M 或 G | audit-size 128K |
| audit-num | 审计归档个数 | 2 | 大于等于 0 的数字 | audit-num 2 |
| conf-file | 附加配置文件 | 无 | 合法路径字符串 | conf-file /etc/smartdns/smartdns.more.conf |
@@ -576,6 +578,7 @@ rtt min/avg/max/mdev = 5.954/6.133/6.313/0.195 ms
| server-tls | 上游 TLS DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]TLS 合法性校验 SPKI 值base64 编码的 sha256 SPKI pin 值<br>[-host-name]TLS SNI 名称<br>[-tls-host-verify]TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-tls 8.8.8.8:853 |
| server-https | 上游 HTTPS DNS | 无 | 可重复。<br>https://[host][:port]/path服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]TLS 合法性校验 SPKI 值base64 编码的 sha256 SPKI pin 值<br>[-host-name]TLS SNI 名称<br>[-http-host]http 协议头主机名<br>[-tls-host-verify]TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围。<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-https https://cloudflare-dns.com/dns-query |
| speed-check-mode | 测速模式选择 | 无 | [ping\|tcp:[80]\|none] | speed-check-mode ping,tcp:80,tcp:443 |
| response-mode | 首次查询响应模式 | first-ping |模式:[fisrt-ping\|fastest-ip\|first-response]<br> [first-ping]: 最快ping响应地址模式DNS上游最快查询时延+ping时延最短查询等待与链接体验最佳;<br>[fastest-ip]: 最快IP地址模式查询到的所有IP地址中ping最短的IP。需等待IP测速; <br>[first-response]: 最快响应的DNS结果DNS查询等待时间最短返回的IP地址可能不是最快。| response-mode first-ping |
| address | 指定域名 IP 地址 | 无 | address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6] <br>- 表示忽略 <br># 表示返回 SOA <br>4 表示 IPv4 <br>6 表示 IPv6 | address /www.example.com/1.2.3.4 |
| nameserver | 指定域名使用 server 组解析 | 无 | nameserver /domain/[group\|-], group 为组名,- 表示忽略此规则,配套 server 中的 -group 参数使用 | nameserver /www.example.com/office |
| ipset | 域名 ipset | 无 | ipset /domain/[ipset\|-\|#[4\|6]:[ipset\|-][,#[4\|6]:[ipset\|-]]]-表示忽略 | ipset /www.example.com/#4:dns4,#6:- |
@@ -594,6 +597,7 @@ rtt min/avg/max/mdev = 5.954/6.133/6.313/0.195 ms
| serve-expired-reply-ttl | 回应的过期缓存 TTL | 5 | 秒0 表示停用超时,大于 0 表示指定的超时的秒数 | serve-expired-reply-ttl 30 |
| dualstack-ip-selection | 双栈 IP 优选 | yes | [yes\|no] | dualstack-ip-selection yes |
| dualstack-ip-selection-threshold | 双栈 IP 优选阈值 | 15ms | 单位为毫秒ms | dualstack-ip-selection-threshold [0-1000] |
| user | 进程运行用户 | root | user [username] | user nobody |
| ca-file | 证书文件 | /etc/ssl/certs/ca-certificates.crt | 合法路径字符串 | ca-file /etc/ssl/certs/ca-certificates.crt |
| ca-path | 证书文件路径 | /etc/ssl/certs | 合法路径字符串 | ca-path /etc/ssl/certs |

6
ReadMe_en.md
View File

@@ -501,11 +501,11 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
|rr-ttl-max|Domain name Maximum TTL|Remote query result|number greater than 0|rr-ttl-max 600
|max-reply-ip-num|Maximum number of IPs returned to the client|8|number of IPs, 1~16 |max-reply-ip-num 1
|log-level|log level|error|fatal,error,warn,notice,info,debug|log-level error
|log-file|log path|/var/log/smartdns.log|File Pah|log-file /var/log/smartdns.log
|log-file|log path|/var/log/smartdns/smartdns.log|File Pah|log-file /var/log/smartdns/smartdns.log
|log-size|log size|128K|number+K,M,G|log-size 128K
|log-num|archived log number|2|Integer|log-num 2
|audit-enable|audit log enable|no|[yes\|no]|audit-enable yes
|audit-file|audit log file|/var/log/smartdns-audit.log|File Path|audit-file /var/log/smartdns-audit.log
|audit-file|audit log file|/var/log/smartdns/smartdns-audit.log|File Path|audit-file /var/log/smartdns/smartdns-audit.log
|audit-size|audit log size|128K|number+K,M,G|audit-size 128K
|audit-num|archived audit log number|2|Integer|audit-num 2
|conf-file|additional conf file|None|File path|conf-file /etc/smartdns/smartdns.more.conf
@@ -514,6 +514,7 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
|server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tls 8.8.8.8:853
|server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name<br>`[-http-host]`http header host. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-https https://cloudflare-dns.com/dns-query
|speed-check-mode|Speed mode|None|[ping\|tcp:[80]\|none]|speed-check-mode ping,tcp:80,tcp:443
|response-mode|First query response mode|first-ping|Mode: [fisrt-ping\|fastest-ip\|first-response]<br> [first-ping]: The fastest dns + ping response mode, DNS query delay + ping delay is the shortest;<br>[fastest-ip]: The fastest IP address mode, return the fastest ip address, may take some time to test speed. <br>[first-response]: The fastest response DNS result mode, the DNS query waiting time is the shortest. | response-mode first-ping |
|address|Domain IP address|None|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6], `-` for ignore, `#` for return SOA, `4` for IPV4, `6` for IPV6| address /www.example.com/1.2.3.4
|nameserver|To query domain with specific server group|None|nameserver /domain/[group\|-], `group` is the group name, `-` means ignore this rule, use the `-group` parameter in the related server|nameserver /www.example.com/office
|ipset|Domain IPSet|None|ipset /domain/[ipset\|-\|#[4\|6]:[ipset\|-][,#[4\|6]:[ipset\|-]]], `-` for ignore|ipset /www.example.com/#4:dns4,#6:-
@@ -532,6 +533,7 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
|serve-expired-reply-ttl|TTL value to use when replying with expired data|5|second0disable> 0 seconds after expiration|serve-expired-reply-ttl 30
|dualstack-ip-selection|Dualstack ip selection|yes|[yes\|no]|dualstack-ip-selection yes
|dualstack-ip-selection-threshold|Dualstack ip select threadhold|15ms|millisecond|dualstack-ip-selection-threshold [0-1000]
|user|run as user|root|user [username]|user nobody
|ca-file|certificate file|/etc/ssl/certs/ca-certificates.crt|path|ca-file /etc/ssl/certs/ca-certificates.crt
|ca-path|certificates path|/etc/ssl/certs|path|ca-path /etc/ssl/certs

10
etc/smartdns/smartdns.conf
View File

@@ -4,7 +4,7 @@
# server-name smartdns
#
# dns server run ser
# dns server run user
# user [username]
# example: run as nobody
# user nobody
@@ -109,7 +109,7 @@ cache-size 16384
# rr-ttl: ttl for all record
# rr-ttl-min: minimum ttl for resource record
# rr-ttl-max: maximum ttl for resource record
# tr-ttl-reply-max: maximum reply ttl for resource record
# rr-ttl-reply-max: maximum reply ttl for resource record
# example:
# rr-ttl 300
# rr-ttl-min 60
@@ -120,13 +120,17 @@ cache-size 16384
# example:
# max-reply-ip-num 1
# response mode
# Experimental feature
# response-mode [first-ping|fastest-ip|fastest-response]
# set log level
# log-level: [level], level=fatal, error, warn, notice, info, debug
# log-file: file path of log file.
# log-size: size of each log file, support k,m,g
# log-num: number of logs
log-level info
# log-file /var/log/smartdns.log
# log-file /var/log/smartdns/smartdns.log
# log-size 128k
# log-num 2

67
src/dns.c
View File

@@ -342,7 +342,7 @@ struct dns_rrs *dns_get_rrs_start(struct dns_packet *packet, dns_rr_type type, i
break;
}
/* if not resource record, reutrn null */
/* if not resource record, return null */
if (start == DNS_RR_END) {
return NULL;
}
@@ -431,7 +431,7 @@ static int _dns_rr_add_end(struct dns_packet *packet, int type, dns_type_t rtype
break;
}
/* add data to end of dns_packet, and set previouse rrs point to this rrs */
/* add data to end of dns_packet, and set previous rrs point to this rrs */
if (*start != DNS_RR_END) {
rrs_next = (struct dns_rrs *)(packet->data + *start);
while (rrs_next->next != DNS_RR_END) {
@@ -731,7 +731,8 @@ int dns_get_CNAME(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, char
return _dns_get_RAW(rrs, domain, maxsize, ttl, cname, &len);
}
int dns_add_A(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, unsigned char addr[DNS_RR_A_LEN])
int dns_add_A(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl,
unsigned char addr[DNS_RR_A_LEN])
{
return _dns_add_RAW(packet, type, DNS_T_A, domain, ttl, addr, DNS_RR_A_LEN);
}
@@ -1693,7 +1694,8 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
unsigned char addr[DNS_RR_A_LEN];
ret = _dns_decode_raw(context, addr, sizeof(addr));
if (ret < 0) {
tlog(TLOG_ERROR, "decode A failed, %s", domain);
tlog(TLOG_DEBUG, "decode A failed, %s, len: %d:%d", domain, (int)(context->ptr - context->data),
_dns_left_len(context));
return -1;
}
@@ -1707,7 +1709,8 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
char cname[DNS_MAX_CNAME_LEN];
ret = _dns_decode_CNAME(context, cname, DNS_MAX_CNAME_LEN);
if (ret < 0) {
tlog(TLOG_ERROR, "decode CNAME failed, %s", domain);
tlog(TLOG_DEBUG, "decode CNAME failed, %s, len: %d:%d", domain, (int)(context->ptr - context->data),
_dns_left_len(context));
return -1;
}
@@ -1721,7 +1724,7 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
struct dns_soa soa;
ret = _dns_decode_SOA(context, &soa);
if (ret < 0) {
tlog(TLOG_ERROR, "decode SOA failed, %s", domain);
tlog(TLOG_DEBUG, "decode SOA failed, %s", domain);
return -1;
}
@@ -1735,7 +1738,7 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
char ns[DNS_MAX_CNAME_LEN];
ret = _dns_decode_CNAME(context, ns, DNS_MAX_CNAME_LEN);
if (ret < 0) {
tlog(TLOG_ERROR, "decode NS failed, %s", domain);
tlog(TLOG_DEBUG, "decode NS failed, %s", domain);
return -1;
}
@@ -1749,7 +1752,7 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
char name[DNS_MAX_CNAME_LEN];
ret = _dns_decode_CNAME(context, name, DNS_MAX_CNAME_LEN);
if (ret < 0) {
tlog(TLOG_ERROR, "decode PTR failed, %s", domain);
tlog(TLOG_DEBUG, "decode PTR failed, %s", domain);
return -1;
}
@@ -1763,7 +1766,7 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
unsigned char addr[DNS_RR_AAAA_LEN];
ret = _dns_decode_raw(context, addr, sizeof(addr));
if (ret < 0) {
tlog(TLOG_ERROR, "decode AAAA failed, %s", domain);
tlog(TLOG_DEBUG, "decode AAAA failed, %s", domain);
return -1;
}
@@ -1777,12 +1780,12 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
unsigned char *opt_start = context->ptr;
ret = _dns_decode_opt(context, type, ttl, rr_len);
if (ret < 0) {
tlog(TLOG_ERROR, "decode opt failed, %s", domain);
tlog(TLOG_DEBUG, "decode opt failed, %s", domain);
return -1;
}
if (context->ptr - opt_start != rr_len) {
tlog(TLOG_ERROR, "opt length mismatch, %s\n", domain);
tlog(TLOG_DEBUG, "opt length mismatch, %s\n", domain);
return -1;
}
@@ -1797,7 +1800,7 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
ret = _dns_decode_raw(context, raw_data, rr_len);
if (ret < 0) {
tlog(TLOG_ERROR, "decode A failed, %s", domain);
tlog(TLOG_DEBUG, "decode A failed, %s", domain);
return -1;
}
@@ -2220,43 +2223,3 @@ int dns_packet_update(unsigned char *data, int size, struct dns_update_param *pa
return 0;
}
#if 0
void dns_debug(void)
{
unsigned char data[1024];
ssize_t len;
char buff[4096];
int fd = open("dns.bin", O_RDWR);
if (fd < 0) {
return;
}
len = read(fd, data, 1024);
close(fd);
if (len < 0) {
return;
}
struct dns_packet *packet = (struct dns_packet *)buff;
if (dns_decode(packet, 4096, data, len) != 0) {
tlog(TLOG_ERROR, "decode failed.\n");
}
memset(data, 0, sizeof(data));
len = dns_encode(data, 1024, packet);
if (len < 0) {
tlog(TLOG_ERROR, "encode failed.");
}
fd = open("dns-cmp.bin", O_CREAT | O_TRUNC | O_RDWR, 0660);
write(fd, data, len);
close(fd);
packet = (struct dns_packet *)buff;
if (dns_decode(packet, 4096, data, len) != 0) {
tlog(TLOG_ERROR, "decode failed.\n");
}
}
#endif

2
src/dns_cache.h
View File

@@ -31,7 +31,7 @@
extern "C" {
#endif
#define DNS_CACHE_TTL_MIN 30
#define DNS_CACHE_TTL_MIN 1
#define DNS_CACHE_VERSION_LEN 32
#define MAGIC_NUMBER 0x6548634163536e44
#define MAGIC_CACHE_DATA 0x44615461

23
src/dns_client.c
View File

@@ -574,7 +574,8 @@ errout:
return -1;
}
static int _dns_client_add_to_pending_group(const char *group_name, char *server_ip, int port, dns_server_type_t server_type)
static int _dns_client_add_to_pending_group(const char *group_name, char *server_ip, int port,
dns_server_type_t server_type)
{
struct dns_server_pending *item = NULL;
struct dns_server_pending *tmp = NULL;
@@ -621,8 +622,8 @@ errout:
}
/* add server to group */
static int _dns_client_add_to_group_pending(const char *group_name, char *server_ip, int port, dns_server_type_t server_type,
int ispending)
static int _dns_client_add_to_group_pending(const char *group_name, char *server_ip, int port,
dns_server_type_t server_type, int ispending)
{
struct dns_server_info *server_info = NULL;
@@ -1591,8 +1592,11 @@ static int _dns_client_recv(struct dns_server_info *server_info, unsigned char *
len = dns_decode(packet, DNS_PACKSIZE, inpacket, inpacket_len);
if (len != 0) {
char host_name[DNS_MAX_CNAME_LEN];
tlog(TLOG_WARN, "decode failed, packet len = %d, tc = %d, id = %d, from = %s\n", inpacket_len, packet->head.tc,
tlog(TLOG_INFO, "decode failed, packet len = %d, tc = %d, id = %d, from = %s\n", inpacket_len, packet->head.tc,
packet->head.id, gethost_by_addr(host_name, sizeof(host_name), from));
if (dns_save_fail_packet) {
dns_packet_save(dns_save_fail_packet_dir, "client", host_name, inpacket, inpacket_len);
}
return -1;
}
@@ -1721,7 +1725,7 @@ static int _DNS_client_create_socket_tcp(struct dns_server_info *server_info)
fd = socket(server_info->ai_family, SOCK_STREAM, 0);
if (fd < 0) {
tlog(TLOG_ERROR, "create socket failed.");
tlog(TLOG_ERROR, "create socket failed, %s", strerror(errno));
goto errout;
}
@@ -1732,7 +1736,7 @@ static int _DNS_client_create_socket_tcp(struct dns_server_info *server_info)
/* enable tcp fast open */
if (setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, &yes, sizeof(yes)) != 0) {
tlog(TLOG_DEBUG, "enable TCP fast open failed.");
tlog(TLOG_DEBUG, "enable TCP fast open failed, %s", strerror(errno));
}
setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &yes, sizeof(yes));
@@ -1988,6 +1992,11 @@ static int _dns_client_socket_ssl_send(struct dns_server_info *server, const voi
return -1;
}
if (num < 0) {
errno = EINVAL;
return -1;
}
ret = _ssl_write(server, buf, num);
if (ret > 0) {
return ret;
@@ -2075,7 +2084,7 @@ static int _dns_client_socket_ssl_recv(struct dns_server_info *server, void *buf
return 0;
}
tlog(TLOG_ERROR, "SSL read fail error no: %s(%lx)\n", ERR_reason_error_string(ssl_err), ssl_err);
tlog(TLOG_INFO, "SSL read fail error no: %s(%lx), len: %d\n", ERR_reason_error_string(ssl_err), ssl_err, num);
errno = EFAULT;
ret = -1;
break;

24
src/dns_conf.c
View File

@@ -59,6 +59,14 @@ int dns_conf_tcp_idle_time = 120;
int dns_conf_max_reply_ip_num = DNS_MAX_REPLY_IP_NUM;
static struct config_enum_list dns_conf_response_mode_enum[] = {
{"first-ping", DNS_RESPONSE_MODE_FIRST_PING_IP},
{"fastest-ip", DNS_RESPONSE_MODE_FASTEST_IP},
{"fastest-response", DNS_RESPONSE_MODE_FASTEST_RESPONSE},
{0, 0}};
enum response_mode_type dns_conf_response_mode;
/* cache */
int dns_conf_cachesize = DEFAULT_DNS_CACHE_SIZE;
int dns_conf_prefetch = 0;
@@ -122,6 +130,9 @@ int dns_conf_ipset_timeout_enable;
char dns_conf_user[DNS_CONF_USRNAME_LEN];
int dns_save_fail_packet;
char dns_save_fail_packet_dir[DNS_MAX_PATH];
/* ECS */
struct dns_edns_client_subnet dns_conf_ipv4_ecs;
struct dns_edns_client_subnet dns_conf_ipv6_ecs;
@@ -1022,7 +1033,7 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
bind_ip->flags = server_flag;
bind_ip->group = group;
dns_conf_bind_ip_num++;
tlog(TLOG_DEBUG, "bind ip %s, type:%d, flag: %X", ip, type, server_flag);
tlog(TLOG_DEBUG, "bind ip %s, type: %d, flag: %X", ip, type, server_flag);
return 0;
@@ -1897,6 +1908,7 @@ static struct config_item _config_item[] = {
CONF_INT("rr-ttl-max", &dns_conf_rr_ttl_max, 0, CONF_INT_MAX),
CONF_INT("rr-ttl-reply-max", &dns_conf_rr_ttl_reply_max, 0, CONF_INT_MAX),
CONF_INT("max-reply-ip-num", &dns_conf_max_reply_ip_num, 1, CONF_INT_MAX),
CONF_ENUM("response-mode", &dns_conf_response_mode, &dns_conf_response_mode_enum),
CONF_YESNO("force-AAAA-SOA", &dns_conf_force_AAAA_SOA),
CONF_YESNO("force-no-CNAME", &dns_conf_force_no_cname),
CONF_CUSTOM("force-qtype-SOA", _config_qtype_soa, NULL),
@@ -1911,6 +1923,8 @@ static struct config_item _config_item[] = {
CONF_STRING("ca-file", (char *)&dns_conf_ca_file, DNS_MAX_PATH),
CONF_STRING("ca-path", (char *)&dns_conf_ca_path, DNS_MAX_PATH),
CONF_STRING("user", (char *)&dns_conf_user, sizeof(dns_conf_user)),
CONF_YESNO("debug-save-fail-packet", &dns_save_fail_packet),
CONF_STRING("debug-save-fail-packet-dir", (char *)&dns_save_fail_packet_dir, sizeof(dns_save_fail_packet_dir)),
CONF_CUSTOM("conf-file", config_addtional_file, NULL),
CONF_END(),
};
@@ -2059,6 +2073,8 @@ static int _dns_conf_load_pre(void)
_dns_ping_cap_check();
safe_strncpy(dns_save_fail_packet_dir, SMARTDNS_DEBUG_DIR, sizeof(dns_save_fail_packet_dir));
return 0;
errout:
@@ -2069,6 +2085,12 @@ static int _dns_conf_load_post(void)
{
_dns_conf_speed_check_mode_verify();
if (dns_conf_cachesize == 0 && dns_conf_response_mode == DNS_RESPONSE_MODE_FASTEST_RESPONSE) {
dns_conf_response_mode = DNS_RESPONSE_MODE_FASTEST_IP;
tlog(TLOG_WARN, "force set response to %s as cache size is 0",
dns_conf_response_mode_enum[dns_conf_response_mode].name);
}
return 0;
}

14
src/dns_conf.h
View File

@@ -49,9 +49,10 @@ extern "C" {
#define DEFAULT_DNS_HTTPS_PORT 443
#define DNS_MAX_CONF_CNAME_LEN 256
#define SMARTDNS_CONF_FILE "/etc/smartdns/smartdns.conf"
#define SMARTDNS_LOG_FILE "/var/log/smartdns.log"
#define SMARTDNS_AUDIT_FILE "/var/log/smartdns-audit.log"
#define SMARTDNS_LOG_FILE "/var/log/smartdns/smartdns.log"
#define SMARTDNS_AUDIT_FILE "/var/log/smartdns/smartdns-audit.log"
#define SMARTDNS_CACHE_FILE "/tmp/smartdns.cache"
#define SMARTDNS_DEBUG_DIR "/tmp/smartdns"
enum domain_rule {
DOMAIN_RULE_FLAGS = 0,
@@ -298,6 +299,12 @@ extern int dns_conf_dualstack_ip_allow_force_AAAA;
extern int dns_conf_dualstack_ip_selection_threshold;
extern int dns_conf_max_reply_ip_num;
enum response_mode_type {
DNS_RESPONSE_MODE_FIRST_PING_IP = 0,
DNS_RESPONSE_MODE_FASTEST_IP,
DNS_RESPONSE_MODE_FASTEST_RESPONSE,
};
extern enum response_mode_type dns_conf_response_mode;
extern int dns_conf_rr_ttl;
extern int dns_conf_rr_ttl_reply_max;
@@ -315,6 +322,9 @@ extern struct dns_edns_client_subnet dns_conf_ipv6_ecs;
extern char dns_conf_sni_proxy_ip[DNS_MAX_IPLEN];
extern int dns_save_fail_packet;
extern char dns_save_fail_packet_dir[DNS_MAX_PATH];
void dns_server_load_exit(void);
int dns_server_load_conf(const char *file);

152
src/dns_server.c
View File

@@ -110,6 +110,8 @@ struct dns_server_post_context {
int do_ipset;
int do_log_result;
int reply_ttl;
int cache_ttl;
int no_check_add_ip;
int do_audit;
int do_force_soa;
int skip_notify_count;
@@ -477,6 +479,11 @@ static void _dns_server_audit_log(struct dns_server_post_context *context)
continue;
}
if (strncmp(name, request->domain, DNS_MAX_CNAME_LEN - 1) != 0 &&
strncmp(name, request->cname, DNS_MAX_CNAME_LEN - 1) != 0) {
continue;
}
const char *fmt = "%d.%d.%d.%d";
if (ip_num > 0) {
fmt = ", %d.%d.%d.%d";
@@ -492,6 +499,12 @@ static void _dns_server_audit_log(struct dns_server_post_context *context)
if (dns_get_AAAA(rrs, name, DNS_MAX_CNAME_LEN, &ttl, ipv6_addr) != 0) {
continue;
}
if (strncmp(name, request->domain, DNS_MAX_CNAME_LEN - 1) != 0 &&
strncmp(name, request->cname, DNS_MAX_CNAME_LEN - 1) != 0) {
continue;
}
const char *fmt = "%s";
if (ip_num > 0) {
fmt = ", %s";
@@ -543,8 +556,9 @@ static void _dns_server_audit_log(struct dns_server_post_context *context)
snprintf(req_time, sizeof(req_time), "[%.4d-%.2d-%.2d %.2d:%.2d:%.2d,%.3d]", tm.year, tm.mon, tm.mday, tm.hour,
tm.min, tm.sec, tm.usec / 1000);
tlog_printf(dns_audit, "%s %s query %s, time %lums, type %d, result %s\n", req_time, req_host, request->domain,
get_tick_count() - request->send_tick, request->qtype, req_result);
tlog_printf(dns_audit, "%s %s query %s, type %d, time %lums, speed: %.1fms, result %s\n", req_time, req_host,
request->domain, request->qtype, get_tick_count() - request->send_tick,
((float)request->ping_time) / 10, req_result);
}
static void _dns_rrs_result_log(struct dns_server_post_context *context, struct dns_ip_address *addr_map)
@@ -872,7 +886,7 @@ static int _dns_server_reply_udp(struct dns_request *request, struct dns_server_
unsigned char *inpacket, int inpacket_len)
{
int send_len = 0;
if (atomic_read(&server.run) == 0) {
if (atomic_read(&server.run) == 0 || inpacket == NULL || inpacket_len <= 0) {
return -1;
}
@@ -909,7 +923,7 @@ static int _dns_reply_inpacket(struct dns_request *request, unsigned char *inpac
}
static int _dns_server_request_update_cache(struct dns_request *request, dns_type_t qtype,
struct dns_cache_data *cache_data, int has_soa)
struct dns_cache_data *cache_data, int has_soa, int cache_ttl)
{
int ttl = 0;
int speed = 0;
@@ -918,7 +932,11 @@ static int _dns_server_request_update_cache(struct dns_request *request, dns_typ
goto errout;
}
ttl = _dns_server_get_conf_ttl(request->ip_ttl);
if (cache_ttl > 0) {
ttl = cache_ttl;
} else {
ttl = _dns_server_get_conf_ttl(request->ip_ttl);
}
speed = request->ping_time;
if (has_soa) {
@@ -926,11 +944,14 @@ static int _dns_server_request_update_cache(struct dns_request *request, dns_typ
ttl = _dns_server_get_conf_ttl(request->ip_ttl);
} else {
ttl = dns_conf_rr_ttl;
if (ttl == 0) {
ttl = DNS_SERVER_TMOUT_TTL;
}
}
dns_cache_set_data_soa(cache_data, request->server_flags, request->cname, request->ttl_cname);
}
tlog(TLOG_DEBUG, "cache %s qtype:%d ttl: %d\n", request->domain, qtype, ttl);
tlog(TLOG_DEBUG, "cache %s qtype: %d ttl: %d\n", request->domain, qtype, ttl);
/* if doing prefetch, update cache only */
if (request->prefetch) {
@@ -1006,6 +1027,10 @@ static int _dns_cache_cname_packet(struct dns_server_post_context *context)
continue;
}
if (strncmp(request->cname, name, DNS_MAX_CNAME_LEN - 1) != 0) {
continue;
}
ret = dns_add_A(cname_packet, DNS_RRS_AN, request->cname, ttl, ipv4_addr);
if (ret != 0) {
return -1;
@@ -1018,6 +1043,10 @@ static int _dns_cache_cname_packet(struct dns_server_post_context *context)
continue;
}
if (strncmp(request->cname, name, DNS_MAX_CNAME_LEN - 1) != 0) {
continue;
}
ret = dns_add_AAAA(cname_packet, DNS_RRS_AN, request->cname, ttl, ipv6_addr);
if (ret != 0) {
return -1;
@@ -1234,7 +1263,7 @@ static int _dns_cache_reply_packet(struct dns_server_post_context *context)
has_soa = 0;
}
if (_dns_server_request_update_cache(request, context->qtype, cache_packet, has_soa) != 0) {
if (_dns_server_request_update_cache(request, context->qtype, cache_packet, has_soa, context->cache_ttl) != 0) {
tlog(TLOG_WARN, "update packet cache failed.");
}
@@ -1937,6 +1966,7 @@ static void _dns_server_ping_result(struct ping_host_struct *ping_host, const ch
int may_complete = 0;
int threshold = 100;
struct dns_ip_address *addr_map = NULL;
int last_rtt = request->ping_time;
if (request == NULL) {
return;
@@ -1948,6 +1978,7 @@ static void _dns_server_ping_result(struct ping_host_struct *ping_host, const ch
return;
} else if (result == PING_RESULT_TIMEOUT) {
tlog(TLOG_DEBUG, "ping %s timeout", host);
goto out;
return;
} else if (result == PING_RESULT_ERROR) {
if (addr->sa_family != AF_INET6) {
@@ -1965,7 +1996,6 @@ static void _dns_server_ping_result(struct ping_host_struct *ping_host, const ch
}
int rtt = tv->tv_sec * 10000 + tv->tv_usec / 100;
int last_rtt = request->ping_time;
if (result == PING_RESULT_RESPONSE) {
tlog(TLOG_DEBUG, "from %s: seq=%d time=%d, lasttime=%d id=%d", host, seqno, rtt, last_rtt, request->id);
@@ -2058,10 +2088,18 @@ static void _dns_server_ping_result(struct ping_host_struct *ping_host, const ch
break;
}
out:
/* If the ping delay is less than the threshold, the result is returned */
if (rtt < threshold) {
may_complete = 1;
} else if (rtt < (int)(get_tick_count() - request->send_tick) * 8) {
if (request->ping_time > 0) {
if (request->ping_time < threshold) {
may_complete = 1;
} else if (request->ping_time < (int)(get_tick_count() - request->send_tick) * 8) {
may_complete = 1;
}
}
/* Get first ping result */
if (dns_conf_response_mode == DNS_RESPONSE_MODE_FIRST_PING_IP && last_rtt == -1 && request->ping_time > 0) {
may_complete = 1;
}
@@ -2204,8 +2242,8 @@ static int _dns_server_is_adblock_ipv6(const unsigned char addr[16])
return -1;
}
static int _dns_server_process_answer_A(struct dns_rrs *rrs, struct dns_request *request, const char *domain, char *cname,
unsigned int result_flag)
static int _dns_server_process_answer_A(struct dns_rrs *rrs, struct dns_request *request, const char *domain,
char *cname, unsigned int result_flag)
{
int ttl = 0;
int ip_check_result = 0;
@@ -2282,8 +2320,8 @@ static int _dns_server_process_answer_A(struct dns_rrs *rrs, struct dns_request
return 0;
}
static int _dns_server_process_answer_AAAA(struct dns_rrs *rrs, struct dns_request *request, const char *domain, char *cname,
unsigned int result_flag)
static int _dns_server_process_answer_AAAA(struct dns_rrs *rrs, struct dns_request *request, const char *domain,
char *cname, unsigned int result_flag)
{
unsigned char addr[16];
char name[DNS_MAX_CNAME_LEN] = {0};
@@ -2408,10 +2446,17 @@ static int _dns_server_process_answer(struct dns_request *request, const char *d
case DNS_T_NS: {
char nsname[DNS_MAX_CNAME_LEN];
dns_get_CNAME(rrs, name, DNS_MAX_CNAME_LEN, &ttl, nsname, DNS_MAX_CNAME_LEN);
tlog(TLOG_DEBUG, "NS: %s ttl:%d nsname: %s\n", name, ttl, nsname);
tlog(TLOG_DEBUG, "NS: %s ttl: %d nsname: %s\n", name, ttl, nsname);
} break;
case DNS_T_CNAME: {
dns_get_CNAME(rrs, name, DNS_MAX_CNAME_LEN, &ttl, cname, DNS_MAX_CNAME_LEN);
char domain_name[DNS_MAX_CNAME_LEN] = {0};
char domain_cname[DNS_MAX_CNAME_LEN] = {0};
dns_get_CNAME(rrs, domain_name, DNS_MAX_CNAME_LEN, &ttl, domain_cname, DNS_MAX_CNAME_LEN);
if (strncmp(domain_name, request->domain, DNS_MAX_CNAME_LEN - 1) != 0 &&
strncmp(domain_name, cname, DNS_MAX_CNAME_LEN - 1) != 0) {
continue;
}
safe_strncpy(cname, domain_cname, DNS_MAX_CNAME_LEN);
tlog(TLOG_DEBUG, "name: %s ttl: %d cname: %s\n", name, ttl, cname);
} break;
case DNS_T_SOA: {
@@ -2440,8 +2485,8 @@ static int _dns_server_process_answer(struct dns_request *request, const char *d
return 0;
}
static int _dns_server_passthrough_rule_check(struct dns_request *request, const char *domain, struct dns_packet *packet,
unsigned int result_flag, int *pttl)
static int _dns_server_passthrough_rule_check(struct dns_request *request, const char *domain,
struct dns_packet *packet, unsigned int result_flag, int *pttl)
{
int ttl = 0;
char name[DNS_MAX_CNAME_LEN] = {0};
@@ -2486,7 +2531,7 @@ static int _dns_server_passthrough_rule_check(struct dns_request *request, const
continue;
}
tlog(TLOG_DEBUG, "domain: %s TTL:%d IP: %d.%d.%d.%d", name, ttl_tmp, addr[0], addr[1], addr[2],
tlog(TLOG_DEBUG, "domain: %s TTL: %d IP: %d.%d.%d.%d", name, ttl_tmp, addr[0], addr[1], addr[2],
addr[3]);
/* ip rule check */
@@ -2575,7 +2620,13 @@ static int _dns_server_get_answer(struct dns_server_post_context *context)
/* get A result */
dns_get_A(rrs, name, DNS_MAX_CNAME_LEN, &ttl, addr);
if (_dns_ip_address_check_add(request, name, addr, DNS_T_A) != 0) {
if (strncmp(name, request->domain, DNS_MAX_CNAME_LEN - 1) != 0 &&
strncmp(name, request->cname, DNS_MAX_CNAME_LEN - 1) != 0) {
continue;
}
if (context->no_check_add_ip == 0 && _dns_ip_address_check_add(request, name, addr, DNS_T_A) != 0) {
continue;
}
@@ -2599,7 +2650,13 @@ static int _dns_server_get_answer(struct dns_server_post_context *context)
continue;
}
dns_get_AAAA(rrs, name, DNS_MAX_CNAME_LEN, &ttl, addr);
if (_dns_ip_address_check_add(request, name, addr, DNS_T_AAAA) != 0) {
if (strncmp(name, request->domain, DNS_MAX_CNAME_LEN - 1) != 0 &&
strncmp(name, request->cname, DNS_MAX_CNAME_LEN - 1) != 0) {
continue;
}
if (context->no_check_add_ip == 0 && _dns_ip_address_check_add(request, name, addr, DNS_T_AAAA) != 0) {
continue;
}
@@ -2617,7 +2674,7 @@ static int _dns_server_get_answer(struct dns_server_post_context *context)
char cname[DNS_MAX_CNAME_LEN];
char name[DNS_MAX_CNAME_LEN] = {0};
dns_get_CNAME(rrs, name, DNS_MAX_CNAME_LEN, &ttl, cname, DNS_MAX_CNAME_LEN);
tlog(TLOG_DEBUG, "NS: %s ttl:%d cname: %s\n", name, ttl, cname);
tlog(TLOG_DEBUG, "NS: %s ttl: %d cname: %s\n", name, ttl, cname);
} break;
case DNS_T_CNAME: {
char cname[DNS_MAX_CNAME_LEN];
@@ -2627,7 +2684,12 @@ static int _dns_server_get_answer(struct dns_server_post_context *context)
}
dns_get_CNAME(rrs, name, DNS_MAX_CNAME_LEN, &ttl, cname, DNS_MAX_CNAME_LEN);
tlog(TLOG_DEBUG, "name:%s ttl: %d cname: %s\n", name, ttl, cname);
tlog(TLOG_DEBUG, "name: %s ttl: %d cname: %s\n", name, ttl, cname);
if (strncmp(name, request->domain, DNS_MAX_CNAME_LEN - 1) != 0 &&
strncmp(name, request->cname, DNS_MAX_CNAME_LEN - 1) != 0) {
continue;
}
safe_strncpy(request->cname, cname, DNS_MAX_CNAME_LEN);
request->ttl_cname = _dns_server_get_conf_ttl(ttl);
request->has_cname = 1;
@@ -2644,9 +2706,6 @@ static int _dns_server_get_answer(struct dns_server_post_context *context)
"%d, minimum: %d",
request->domain, request->qtype, request->soa.mname, request->soa.rname, request->soa.serial,
request->soa.refresh, request->soa.retry, request->soa.expire, request->soa.minimum);
if (atomic_inc_return(&request->soa_num) >= (dns_server_num() / 2)) {
_dns_server_request_complete(request);
}
} break;
default:
break;
@@ -2754,10 +2813,10 @@ static int dns_server_resolve_callback(const char *domain, dns_result_type rtype
}
if (rtype == DNS_QUERY_RESULT) {
tlog(TLOG_DEBUG, "query result from server %s:%d, type: %d", dns_client_get_server_ip(server_info),
tlog(TLOG_DEBUG, "query result from server %s: %d, type: %d", dns_client_get_server_ip(server_info),
dns_client_get_server_port(server_info), dns_client_get_server_type(server_info));
if (request->passthrough) {
if (request->passthrough && atomic_read(&request->notified) == 0) {
struct dns_server_post_context context;
int ttl = 0;
ret = _dns_server_passthrough_rule_check(request, domain, packet, result_flag, &ttl);
@@ -2778,6 +2837,33 @@ static int dns_server_resolve_callback(const char *domain, dns_result_type rtype
context.reply_ttl = ttl;
return _dns_server_reply_passthrouth(&context);
}
if (request->prefetch == 0 && dns_conf_response_mode == DNS_RESPONSE_MODE_FASTEST_RESPONSE &&
atomic_read(&request->notified) == 0) {
struct dns_server_post_context context;
int ttl = 0;
ret = _dns_server_passthrough_rule_check(request, domain, packet, result_flag, &ttl);
if (ret != 0) {
_dns_server_post_context_init_from(&context, request, packet, inpacket, inpacket_len);
context.do_cache = 1;
context.do_audit = 1;
context.do_reply = 1;
context.do_ipset = 1;
context.reply_ttl = 2;
context.cache_ttl = 2;
context.no_check_add_ip = 1;
_dns_server_reply_passthrouth(&context);
request->cname[0] = 0;
request->has_ip = 0;
request->has_cname = 0;
request->has_ping_result = 0;
request->has_soa = 0;
request->has_ptr = 0;
request->ping_time = -1;
request->ip_ttl = 0;
}
}
_dns_server_process_answer(request, domain, packet, result_flag);
return 0;
} else if (rtype == DNS_QUERY_ERR) {
@@ -3447,6 +3533,7 @@ static int _dns_server_process_cache_packet(struct dns_request *request, struct
request->ping_time = dns_cache->info.speed;
if (dns_decode(context.packet, context.packet_maxlen, cache_packet->data, cache_packet->head.size) != 0) {
tlog(TLOG_ERROR, "decode cache failed, %d, %d", context.packet_maxlen, context.inpacket_len);
return -1;
}
@@ -4073,6 +4160,9 @@ static int _dns_server_recv(struct dns_server_conn_head *conn, unsigned char *in
if (decode_len < 0) {
tlog(TLOG_DEBUG, "decode failed.\n");
ret = RECV_ERROR_INVALID_PACKET;
if (dns_save_fail_packet) {
dns_packet_save(dns_save_fail_packet_dir, "server", name, inpacket, inpacket_len);
}
goto errout;
}
@@ -4089,6 +4179,8 @@ static int _dns_server_recv(struct dns_server_conn_head *conn, unsigned char *in
}
if (_dns_server_parser_request(request, packet) != 0) {
tlog(TLOG_DEBUG, "parser request failed.");
ret = RECV_ERROR_INVALID_PACKET;
goto errout;
}
@@ -4107,7 +4199,7 @@ static int _dns_server_recv(struct dns_server_conn_head *conn, unsigned char *in
return ret;
errout:
if (request) {
ret = _dns_server_forward_request(inpacket, inpacket_len);
_dns_server_forward_request(inpacket, inpacket_len);
_dns_server_request_release(request);
}

12
src/fast_ping.c
View File

@@ -673,6 +673,12 @@ static int _fast_ping_create_icmp_sock(FAST_PING_TYPE type)
}
}
if (fd < 0) {
if (errno == EACCES || errno == EAFNOSUPPORT) {
if (bool_print_log == 0) {
goto errout;
}
bool_print_log = 0;
}
tlog(TLOG_ERROR, "create icmp socket failed, %s\n", strerror(errno));
goto errout;
}
@@ -689,6 +695,12 @@ static int _fast_ping_create_icmp_sock(FAST_PING_TYPE type)
}
if (fd < 0) {
if (errno == EACCES || errno == EAFNOSUPPORT) {
if (bool_print_log == 0) {
goto errout;
}
bool_print_log = 0;
}
tlog(TLOG_ERROR, "create icmp socket failed, %s\n", strerror(errno));
goto errout;
}

21
src/include/conf.h
View File

@@ -64,6 +64,16 @@ struct config_item_size {
size_t max;
};
struct config_enum_list {
char *name;
int id;
};
struct config_enum {
int *data;
struct config_enum_list *list;
};
#define CONF_INT(key, value, min_value, max_value) \
{ \
key, conf_int, &(struct config_item_int) \
@@ -92,6 +102,15 @@ struct config_item_size {
.data = value, .min = min_value, .max = max_value \
} \
}
#define CONF_ENUM(key, value, enum) \
{ \
key, conf_enum, &(struct config_enum) \
{ \
.data = (int *)value, .list = (struct config_enum_list *)enum \
} \
}
/*
* func: int (*func)(void *data, int argc, char *argv[]);
*/
@@ -118,6 +137,8 @@ extern int conf_yesno(const char *item, void *data, int argc, char *argv[]);
extern int conf_size(const char *item, void *data, int argc, char *argv[]);
extern int conf_enum(const char *item, void *data, int argc, char *argv[]);
/*
* Example:
* int num = 0;

26
src/lib/conf.c
View File

@@ -97,7 +97,6 @@ int conf_yesno(const char *item, void *data, int argc, char *argv[])
int conf_size(const char *item, void *data, int argc, char *argv[])
{
/* read dns cache size */
int base = 1;
size_t size = 0;
int num = 0;
@@ -129,6 +128,31 @@ int conf_size(const char *item, void *data, int argc, char *argv[])
return 0;
}
int conf_enum(const char *item, void *data, int argc, char *argv[])
{
struct config_enum *item_enum = data;
char *enum_name = argv[1];
int i = 0;
if (argc <= 0) {
return -1;
}
for (i = 0; item_enum->list[i].name != NULL; i++) {
if (strcmp(enum_name, item_enum->list[i].name) == 0) {
*(item_enum->data) = item_enum->list[i].id;
return 0;
}
}
printf("Not found config value '%s', valid value is:\n", enum_name);
for (i = 0; item_enum->list[i].name != NULL; i++) {
printf(" %s\n", item_enum->list[i].name);
}
return -1;
}
static void conf_getopt_reset(void)
{
static struct option long_options[] = {{"-", 0, 0, 0}, {0, 0, 0, 0}};

67
src/smartdns.c
View File

@@ -114,8 +114,8 @@ static int drop_root_privilege(void)
prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
cap.effective |= (1 << CAP_NET_RAW | 1 << CAP_NET_ADMIN);
cap.permitted |= (1 << CAP_NET_RAW | 1 << CAP_NET_ADMIN);
unused = setuid(uid);
unused = setgid(gid);
unused = setuid(uid);
if (capset(&header, &cap) < 0) {
return -1;
}
@@ -132,7 +132,7 @@ static void _help(void)
"Start smartdns server.\n"
" -f run forground.\n"
" -c [conf] config file.\n"
" -p [pid] pid file path\n"
" -p [pid] pid file path, '-' means don't create pid file.\n"
" -S ignore segment fault signal.\n"
" -x verbose screen.\n"
" -v dispaly version.\n"
@@ -323,15 +323,22 @@ static int _smartdns_destroy_ssl(void)
return 0;
}
static int _smartdns_init(void)
static const char *_smartdns_log_path(void)
{
int ret = 0;
char *logfile = SMARTDNS_LOG_FILE;
if (dns_conf_log_file[0] != 0) {
logfile = dns_conf_log_file;
}
return logfile;
}
static int _smartdns_init(void)
{
int ret = 0;
const char *logfile = _smartdns_log_path();
ret = tlog_init(logfile, dns_conf_log_size, dns_conf_log_num, 0, 0);
if (ret != 0) {
tlog(TLOG_ERROR, "start tlog failed.\n");
@@ -341,7 +348,7 @@ static int _smartdns_init(void)
tlog_setlogscreen(verbose_screen);
tlog_setlevel(dns_conf_log_level);
tlog(TLOG_NOTICE, "smartdns starting...(Copyright (C) Nick Peng <pymumu@gmail.com>, build:%s %s)", __DATE__,
tlog(TLOG_NOTICE, "smartdns starting...(Copyright (C) Nick Peng <pymumu@gmail.com>, build: %s %s)", __DATE__,
__TIME__);
if (_smartdns_init_ssl() != 0) {
@@ -463,6 +470,43 @@ static void _reg_signal(void)
}
}
static int _smartdns_create_logdir(void)
{
int uid = 0;
int gid = 0;
char logdir[PATH_MAX] = {0};
safe_strncpy(logdir, _smartdns_log_path(), PATH_MAX);
dirname(logdir);
if (access(logdir, F_OK) == 0) {
return 0;
}
if (mkdir(logdir, 0750) != 0) {
if (errno == EEXIST) {
return 0;
}
return -1;
}
int unused __attribute__((unused)) = 0;
if (get_uid_gid(&uid, &gid) != 0) {
return -1;
}
chown(logdir, uid, gid);
return 0;
}
static int _smartdns_init_pre(void)
{
_smartdns_create_logdir();
return 0;
}
int main(int argc, char *argv[])
{
int ret = 0;
@@ -480,7 +524,7 @@ int main(int argc, char *argv[])
sigemptyset(&empty_sigblock);
sigprocmask(SIG_SETMASK, &empty_sigblock, NULL);
while ((opt = getopt(argc, argv, "fhc:p:Svx")) != -1) {
while ((opt = getopt(argc, argv, "fhc:p:SvxN:")) != -1) {
switch (opt) {
case 'f':
is_forground = 1;
@@ -501,6 +545,10 @@ int main(int argc, char *argv[])
_show_version();
return 0;
break;
#ifdef DEBUG
case 'N':
return dns_packet_debug(optarg);
#endif
case 'h':
_help();
return 1;
@@ -523,7 +571,7 @@ int main(int argc, char *argv[])
_reg_signal();
}
if (create_pid_file(pid_file) != 0) {
if (strncmp(pid_file, "-", 2) != 0 && create_pid_file(pid_file) != 0) {
goto errout;
}
@@ -531,6 +579,11 @@ int main(int argc, char *argv[])
signal(SIGINT, _sig_exit);
signal(SIGTERM, _sig_exit);
if (_smartdns_init_pre() != 0) {
fprintf(stderr, "init failed.\n");
return 1;
}
drop_root_privilege();
ret = _smartdns_init();

43
src/tlog.c
View File

@@ -79,6 +79,7 @@ struct tlog_log {
int zip_pid;
int multi_log;
int logscreen;
int no_write_log;
int segment_log;
int max_line_size;
@@ -216,7 +217,6 @@ static int _tlog_mkdir(const char *path)
}
if (mkdir(path_c, 0750) != 0) {
fprintf(stderr, "create directory %s failed, %s\n", path_c, strerror(errno));
return -1;
}
@@ -1130,6 +1130,10 @@ static int _tlog_write(struct tlog_log *log, const char *buff, int bufflen)
unused = write(STDOUT_FILENO, buff, bufflen);
}
if (log->no_write_log) {
return 0;
}
/* if log file size exceeds threshold, start to compress */
if (log->multi_log && log->fd > 0) {
log->filesize = lseek(log->fd, 0, SEEK_END);
@@ -1160,7 +1164,15 @@ static int _tlog_write(struct tlog_log *log, const char *buff, int bufflen)
char logfile[PATH_MAX * 2];
if (_tlog_mkdir(log->logdir) != 0) {
fprintf(stderr, "create log dir %s failed.\n", log->logdir);
if (print_errmsg == 0) {
return -1;
}
print_errmsg = 0;
fprintf(stderr, "create log dir %s failed, %s\n", log->logdir, strerror(errno));
if (errno == EACCES && log->logscreen == 0) {
fprintf(stderr, "no permission to write log file, output log to console\n");
tlog_logscreen_only(log, 1);
}
return -1;
}
snprintf(logfile, sizeof(logfile), "%s/%s", log->logdir, log->logname);
@@ -1574,11 +1586,26 @@ static void _tlog_log_setlogscreen(struct tlog_log *log, int enable)
log->logscreen = (enable != 0) ? 1 : 0;
}
static void _tlog_log_setlogscreen_only(struct tlog_log *log, int enable)
{
if (log == NULL) {
return;
}
log->logscreen = (enable != 0) ? 1 : 0;
log->no_write_log = (enable != 0) ? 1 : 0;
}
void tlog_setlogscreen(int enable)
{
_tlog_log_setlogscreen(tlog.root, enable);
}
void tlog_setlogscreen_only(int enable)
{
_tlog_log_setlogscreen_only(tlog.root, enable);
}
int tlog_write_log(char *buff, int bufflen)
{
if (unlikely(tlog.root == NULL)) {
@@ -1597,6 +1624,15 @@ void tlog_logscreen(tlog_log *log, int enable)
_tlog_log_setlogscreen(log, enable);
}
void tlog_logscreen_only(tlog_log *log, int enable)
{
if (log == NULL) {
return;
}
_tlog_log_setlogscreen_only(log, enable);
}
int tlog_reg_output_func(tlog_log *log, tlog_output_func output)
{
if (log == NULL) {
@@ -1830,13 +1866,13 @@ int tlog_init(const char *logfile, int maxlogsize, int maxlogcount, int buffsize
}
tlog_reg_output_func(log, _tlog_root_write_log);
tlog.root = log;
ret = pthread_create(&tlog.tid, &attr, _tlog_work, NULL);
if (ret != 0) {
fprintf(stderr, "create tlog work thread failed, %s\n", strerror(errno));
goto errout;
}
tlog.root = log;
if (flag & TLOG_SUPPORT_FORK) {
pthread_atfork(&tlog_fork_prepare, &tlog_fork_parent, &tlog_fork_child);
}
@@ -1852,6 +1888,7 @@ errout:
pthread_cond_destroy(&tlog.cond);
pthread_mutex_destroy(&tlog.lock);
tlog.run = 0;
tlog.root = NULL;
_tlog_close(log, 1);

6
src/tlog.h
View File

@@ -104,6 +104,9 @@ extern void tlog_set_logfile(const char *logfile);
/* enalbe log to screen */
extern void tlog_setlogscreen(int enable);
/* output log to screen only */
extern void tlog_setlogscreen_only(int enable);
/* enalbe early log to screen */
extern void tlog_set_early_printf(int enable);
@@ -184,6 +187,9 @@ extern int tlog_vprintf(tlog_log *log, const char *format, va_list ap);
/* enalbe log to screen */
extern void tlog_logscreen(tlog_log *log, int enable);
/* enalbe log to screen only*/
extern void tlog_logscreen_only(tlog_log *log, int enable);
/* register output callback */
typedef int (*tlog_output_func)(struct tlog_log *log, const char *buff, int bufflen);
extern int tlog_reg_output_func(tlog_log *log, tlog_output_func output);

283
src/util.c
View File

@@ -34,12 +34,13 @@
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <pthread.h>
#include <signal.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/statvfs.h>
#include <sys/time.h>
#include <sys/types.h>
#include <time.h>
#include <unistd.h>
@@ -79,6 +80,8 @@
#define NETLINK_ALIGN(len) (((len) + 3) & ~(3))
#define BUFF_SZ 1024
#define PACKET_BUF_SIZE 8192
#define PACKET_MAGIC 0X11040918
struct ipset_netlink_attr {
unsigned short len;
@@ -641,7 +644,7 @@ unsigned char *SSL_SHA256(const unsigned char *d, size_t n, unsigned char *md)
md = m;
}
EVP_MD_CTX* ctx = EVP_MD_CTX_create();
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
if (ctx == NULL) {
return NULL;
}
@@ -1159,7 +1162,7 @@ void bug_ext(const char *file, int line, const char *func, const char *errfmt, .
int write_file(const char *filename, void *data, int data_len)
{
int fd = open(filename, O_WRONLY|O_CREAT, 0644);
int fd = open(filename, O_WRONLY | O_CREAT, 0644);
if (fd < 0) {
return -1;
}
@@ -1178,3 +1181,277 @@ errout:
return -1;
}
int dns_packet_save(const char *dir, const char *type, const char *from, const void *packet, int packet_len)
{
char *data = NULL;
int data_len = 0;
char filename[BUFF_SZ];
char time_s[BUFF_SZ];
int ret = -1;
struct tm *ptm;
struct tm tm;
struct timeval tmval;
struct stat sb;
if (stat(dir, &sb) != 0) {
mkdir(dir, 0750);
}
if (gettimeofday(&tmval, NULL) != 0) {
return -1;
}
ptm = localtime_r(&tmval.tv_sec, &tm);
if (ptm == NULL) {
return -1;
}
ret = snprintf(time_s, sizeof(time_s) - 1, "%.4d-%.2d-%.2d %.2d:%.2d:%.2d.%.3d", ptm->tm_year + 1900,
ptm->tm_mon + 1, ptm->tm_mday, ptm->tm_hour, ptm->tm_min, ptm->tm_sec, (int)(tmval.tv_usec / 1000));
ret = snprintf(filename, sizeof(filename) - 1, "%s/%s-%.4d%.2d%.2d-%.2d%.2d%.2d%.1d.packet", dir, type,
ptm->tm_year + 1900, ptm->tm_mon + 1, ptm->tm_mday, ptm->tm_hour, ptm->tm_min, ptm->tm_sec,
(int)(tmval.tv_usec / 100000));
data = malloc(PACKET_BUF_SIZE);
if (data == NULL) {
return -1;
}
data_len = snprintf(data, PACKET_BUF_SIZE,
"type: %s\n"
"from: %s\n"
"time: %s\n"
"packet-len: %d\n",
type, from, time_s, packet_len);
if (data_len <= 0 || data_len >= PACKET_BUF_SIZE) {
goto out;
}
data[data_len] = 0;
data_len++;
uint32_t magic = htonl(PACKET_MAGIC);
memcpy(data + data_len, &magic, sizeof(magic));
data_len += sizeof(magic);
int len_in_h = htonl(packet_len);
memcpy(data + data_len, &len_in_h, sizeof(len_in_h));
data_len += 4;
memcpy(data + data_len, packet, packet_len);
data_len += packet_len;
ret = write_file(filename, data, data_len);
if (ret != 0) {
goto out;
}
ret = 0;
out:
if (data) {
free(data);
}
return ret;
}
#ifdef DEBUG
struct _dns_read_packet_info {
int data_len;
int message_len;
char *message;
int packet_len;
uint8_t *packet;
uint8_t data[0];
};
static struct _dns_read_packet_info *_dns_read_packet_file(const char *packet_file)
{
struct _dns_read_packet_info *info = NULL;
int fd = 0;
int len = 0;
int message_len = 0;
uint8_t *ptr = NULL;
info = malloc(sizeof(struct _dns_read_packet_info) + PACKET_BUF_SIZE);
fd = open(packet_file, O_RDONLY);
if (fd < 0) {
printf("open file %s failed, %s\n", packet_file, strerror(errno));
goto errout;
}
len = read(fd, info->data, PACKET_BUF_SIZE);
if (len < 0) {
printf("read file %s failed, %s\n", packet_file, strerror(errno));
goto errout;
}
message_len = strnlen((char *)info->data, PACKET_BUF_SIZE);
if (message_len >= 512 || message_len >= len) {
printf("invalid packet file, bad message len\n");
goto errout;
}
info->message_len = message_len;
info->message = (char *)info->data;
ptr = info->data + message_len + 1;
uint32_t magic = 0;
if (ptr - (uint8_t *)info + sizeof(magic) >= (size_t)len) {
printf("invalid packet file, magic length is invalid.\n");
goto errout;
}
memcpy(&magic, ptr, sizeof(magic));
if (magic != htonl(PACKET_MAGIC)) {
printf("invalid packet file, bad magic\n");
goto errout;
}
ptr += sizeof(magic);
uint32_t packet_len = 0;
if (ptr - info->data + sizeof(packet_len) >= (size_t)len) {
printf("invalid packet file, packet length is invalid.\n");
goto errout;
}
memcpy(&packet_len, ptr, sizeof(packet_len));
packet_len = ntohl(packet_len);
ptr += sizeof(packet_len);
if (packet_len != (size_t)len - (ptr - info->data)) {
printf("invalid packet file, packet length is invalid\n");
goto errout;
}
info->packet_len = packet_len;
info->packet = ptr;
close(fd);
return info;
errout:
if (fd > 0) {
close(fd);
}
if (info) {
free(info);
}
return NULL;
}
static int _dns_debug_display(struct dns_packet *packet)
{
int i = 0;
int j = 0;
int ttl = 0;
struct dns_rrs *rrs = NULL;
int rr_count = 0;
char req_host[MAX_IP_LEN];
for (j = 1; j < DNS_RRS_END; j++) {
rrs = dns_get_rrs_start(packet, j, &rr_count);
printf("section: %d\n", j);
for (i = 0; i < rr_count && rrs; i++, rrs = dns_get_rrs_next(packet, rrs)) {
switch (rrs->type) {
case DNS_T_A: {
unsigned char addr[4];
char name[DNS_MAX_CNAME_LEN] = {0};
/* get A result */
dns_get_A(rrs, name, DNS_MAX_CNAME_LEN, &ttl, addr);
req_host[0] = '\0';
inet_ntop(AF_INET, addr, req_host, sizeof(req_host));
printf("domain: %s A: %s TTL: %d\n", name, req_host, ttl);
} break;
case DNS_T_AAAA: {
unsigned char addr[16];
char name[DNS_MAX_CNAME_LEN] = {0};
dns_get_AAAA(rrs, name, DNS_MAX_CNAME_LEN, &ttl, addr);
req_host[0] = '\0';
inet_ntop(AF_INET6, addr, req_host, sizeof(req_host));
printf("domain: %s AAAA: %s TTL:%d\n", name, req_host, ttl);
} break;
case DNS_T_NS: {
char cname[DNS_MAX_CNAME_LEN];
char name[DNS_MAX_CNAME_LEN] = {0};
dns_get_CNAME(rrs, name, DNS_MAX_CNAME_LEN, &ttl, cname, DNS_MAX_CNAME_LEN);
printf("domain: %s TTL: %d NS: %s\n", name, ttl, cname);
} break;
case DNS_T_CNAME: {
char cname[DNS_MAX_CNAME_LEN];
char name[DNS_MAX_CNAME_LEN] = {0};
if (dns_conf_force_no_cname) {
continue;
}
dns_get_CNAME(rrs, name, DNS_MAX_CNAME_LEN, &ttl, cname, DNS_MAX_CNAME_LEN);
printf("domain: %s TTL: %d CNAME: %s\n", name, ttl, cname);
} break;
case DNS_T_SOA: {
char name[DNS_MAX_CNAME_LEN] = {0};
struct dns_soa soa;
dns_get_SOA(rrs, name, 128, &ttl, &soa);
printf("domain: %s SOA: mname: %s, rname: %s, serial: %d, refresh: %d, retry: %d, expire: "
"%d, minimum: %d",
name, soa.mname, soa.rname, soa.serial, soa.refresh, soa.retry, soa.expire, soa.minimum);
} break;
default:
break;
}
}
printf("\n");
}
return 0;
}
int dns_packet_debug(const char *packet_file)
{
struct _dns_read_packet_info *info = NULL;
char buff[DNS_PACKSIZE];
tlog_setlogscreen_only(1);
tlog_setlevel(TLOG_DEBUG);
info = _dns_read_packet_file(packet_file);
if (info == NULL) {
goto errout;
}
const char *send_env = getenv("SMARTDNS_DEBUG_SEND");
if (send_env != NULL) {
char ip[32];
int port = 53;
if (parse_ip(send_env, ip, &port) == 0) {
int sockfd = socket(AF_INET, SOCK_DGRAM, 0);
if (sockfd > 0) {
struct sockaddr_in server;
server.sin_family = AF_INET;
server.sin_port = htons(port);
server.sin_addr.s_addr = inet_addr(ip);
sendto(sockfd, info->packet, info->packet_len, 0, (struct sockaddr *)&server, sizeof(server));
close(sockfd);
}
}
}
struct dns_packet *packet = (struct dns_packet *)buff;
if (dns_decode(packet, DNS_PACKSIZE, info->packet, info->packet_len) != 0) {
printf("decode failed.\n");
goto errout;
}
_dns_debug_display(packet);
free(info);
return 0;
errout:
if (info) {
free(info);
}
return -1;
}
#endif

4
src/util.h
View File

@@ -126,6 +126,10 @@ void print_stack(void);
int write_file(const char *filename, void *data, int data_len);
int dns_packet_save(const char *dir, const char *type, const char *from, const void *packet, int packet_len);
int dns_packet_debug(const char *packet_file);
#ifdef __cplusplus
}
#endif /*__cplusplus */