daxi20/smartdns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: daxi20:all-best-ip
Branches Tags
daxi20:master daxi20:doc daxi20:quic daxi20:https-svcb daxi20:multi-thread-server daxi20:luci-dns-forwarding
daxi20:Release43 daxi20:Release42 daxi20:Release41 daxi20:Release41-RC3 daxi20:Release41-RC2 daxi20:Release41-RC1 daxi20:Release40 daxi20:feature-dns-forwarding daxi20:Release39 daxi20:Release38.1 daxi20:Release38 daxi20:Release37.2 daxi20:Release37.1 daxi20:Release37 daxi20:Release37-RC3 daxi20:Release37-RC2 daxi20:Release37-RC1 daxi20:all-best-ip daxi20:Release36.1 daxi20:Release36 daxi20:Release35 daxi20:Release34 daxi20:Release33 daxi20:Release32 daxi20:Release32-RC4 daxi20:Release32-RC3 daxi20:Release32-RC2 daxi20:Release32-RC1 daxi20:Release31 daxi20:Release30 daxi20:Release29 daxi20:Release28 daxi20:Release27 daxi20:Release26-Special daxi20:Release25 daxi20:Release24 daxi20:Release23 daxi20:Release22 daxi20:Release21 daxi20:Release20 daxi20:Release18
...
compare: daxi20:Release37-RC2
Branches Tags
daxi20:master daxi20:doc daxi20:quic daxi20:https-svcb daxi20:multi-thread-server daxi20:luci-dns-forwarding
daxi20:Release43 daxi20:Release42 daxi20:Release41 daxi20:Release41-RC3 daxi20:Release41-RC2 daxi20:Release41-RC1 daxi20:Release40 daxi20:feature-dns-forwarding daxi20:Release39 daxi20:Release38.1 daxi20:Release38 daxi20:Release37.2 daxi20:Release37.1 daxi20:Release37 daxi20:Release37-RC3 daxi20:Release37-RC2 daxi20:Release37-RC1 daxi20:all-best-ip daxi20:Release36.1 daxi20:Release36 daxi20:Release35 daxi20:Release34 daxi20:Release33 daxi20:Release32 daxi20:Release32-RC4 daxi20:Release32-RC3 daxi20:Release32-RC2 daxi20:Release32-RC1 daxi20:Release31 daxi20:Release30 daxi20:Release29 daxi20:Release28 daxi20:Release27 daxi20:Release26-Special daxi20:Release25 daxi20:Release24 daxi20:Release23 daxi20:Release22 daxi20:Release21 daxi20:Release20 daxi20:Release18

52 Commits
all-best-i ... Release37-

Author SHA1 Message Date
Nick Peng
d223194eff dns_server: fix crash issue 2022-07-14 22:55:50 +08:00
Nick Peng
a83818c094 code: cleanup lint and extra compile warnings 2022-07-10 10:32:01 +08:00
Nick Peng
4e2161c6fc conf: optimize badconfig log 2022-07-07 22:49:30 +08:00
Nick Peng
7d62226995 server: some minor fixes 2022-07-05 23:32:22 +08:00
Nick Peng
092b4ede88 dns_server: fix ip number is only one when speed check is none 2022-07-05 00:18:28 +08:00
Nick Peng
301ab3ba10 server: fix server not exit issue on asus router 2022-07-02 13:26:58 +08:00
Nick Peng
362b7f978f security: support dropping root, and no root privileges required for ping 2022-07-01 23:37:24 +08:00
Nick Peng
435b2905cf iniscript: Make sure the cache has enough time to save to disk 2022-07-01 22:38:37 +08:00
Nick Peng
e3436263d9 conf: add config: dualstack-ip-allow-force-AAAA 2022-06-28 22:10:42 +08:00
Nick Peng
1f07a7ea97 log: make log happy when receiving malformd packet 2022-06-28 22:01:14 +08:00
Nick Peng
9fdf53baa5 Update tlog 2022-06-26 18:49:17 +08:00
Nick Peng
db328640c8 tlog: fix dead lock when forking 2022-06-25 20:25:20 +08:00
Nick Peng
5006059074 cache: fix dns cache prefetch issue 2022-06-25 20:24:27 +08:00
Nick Peng
883116708b dualstack: fix speed check issue when there is only one ip record. 2022-06-19 10:02:34 +08:00
Nick Peng
cbc8c59125 dns_conf: add expired domain prefetch time 2022-06-18 14:11:39 +08:00
Nick Peng
b70feb112a ipset: fix ipset missing issue 2022-06-18 10:17:25 +08:00
Nick Peng
ff0f42b87c docker: reduce docker images size 2022-06-17 20:49:29 +08:00
Nick Peng
1873a0c336 cache: support expired domain prefetch 2022-06-12 23:39:42 +08:00
Nick Peng
995bee4088 dns_server: optimize code 2022-06-12 23:39:42 +08:00
Nick Peng
09dc2e9275 dns_server: fix discard issue. 2022-06-12 23:37:12 +08:00
Nick Peng
c0f4c72626 docker: make dockerfile build from local source 2022-06-12 00:51:19 +08:00
Nick Peng
d185b78836 dns_server: fix SRV query discard issue. 2022-06-11 23:11:25 +08:00
Nick Peng
7e985e7d11 dns_server: fix dualstack select issue. 2022-06-08 23:28:46 +08:00
Nick Peng
6cfaa639f6 speed-check: fix domain-rule speed check memleak issue 2022-06-05 16:08:19 +08:00
Nick Peng
c960f3f511 dns_server: refactoring dualstack selection code. 2022-06-05 10:10:28 +08:00
Nick Peng
848c9e6cf2 dns_server: fix dns cache issue & supress ping log 2022-05-30 23:22:03 +08:00
Nick Peng
c7db5b2667 dns_server: fix pending query callback fail issue. 2022-05-30 00:47:38 +08:00
Nick Peng
0a04b91763 Readme: add readme for DNS TYPE65 & DNSMASQ hostname 2022-05-29 23:04:10 +08:00
Nick Peng
c27040099b dns_server: fix tcp ping config not working issue and add more ping mode. 2022-05-29 22:44:41 +08:00
Nick Peng
b6740f5aab cache: cache special records 2022-05-28 16:09:06 +08:00
Nick Peng
6a7ce39727 dns_server: fix max reply ip number issue. 2022-05-28 12:52:25 +08:00
Nick Peng
2365a1a2b0 cache: cache NXDOMAIN records. 2022-05-28 09:33:49 +08:00
Nick Peng
b5a5311976 ecs: support pass client ecs to upstream 2022-05-26 19:59:22 +08:00
Nick Peng
b125d142bd cache: cache cname record 2022-05-25 11:50:39 +08:00
Nick Peng
bc68d5979c Support force not CNAME records 2022-05-22 10:09:58 +08:00
HalfLife
b6f9d7e7bc 修复openwrt中stop、restart时无法正确终止程序,导致第一端口被占用 2022-05-21 23:41:35 +08:00
Nick Peng
e6fe6771bf conf: Supports setting the maximum number of IPs returned to the client 2022-05-21 14:18:28 +08:00
Nick Peng
94b84cd32c dns_server: support query smartdns server ip 2022-05-21 11:32:31 +08:00
Nick Peng
dae263444f Feature: support local host name & ptr resolve. 2022-05-21 11:23:54 +08:00
Nick Peng
dbfe9063e4 Update Readme 2022-05-19 19:14:41 +08:00
Nick Peng
ae3beb5fba dns_client: ipv4, ipv6 ecs, use either 2022-05-19 19:14:19 +08:00
PikuZheng
7a55471ce3 luci: set dualstack-ip-selection to no when checkbox unselected. 2022-05-17 20:42:06 +08:00
Nick Peng
03478debe8 feature: auto detect ipv6 features. 2022-05-17 20:35:36 +08:00
Nick Peng
ee40591aed dns_server: fix ipv6 not response issue 2022-05-17 01:15:14 +08:00
Nick Peng
bdc3a87d6d debian: fake package version avoid auto upgrade 2022-05-16 14:25:53 +08:00
Nick Peng
68ce6b3f0f dns_server: fix ipv6 multi ipaddress issue 2022-05-16 13:09:46 +08:00
Nick Peng
9dffec3fd3 dns_server: set max ip count to 10 2022-05-15 22:13:12 +08:00
Nick Peng
e64007f558 dns_server: fix issue for AAAA cache query 2022-05-15 21:42:36 +08:00
Nick Peng
87a400ebae dns_server: fix bootstrap dns not working issue 2022-05-12 00:08:56 +08:00
Nick Peng
9804c305d0 update tlog 2022-05-12 00:08:56 +08:00
Nick Peng
e1755dadc1 Systemd: remove killmode 2022-05-12 00:08:56 +08:00
Mo Zhou
c7d54a2111 Different version scheme results in Debian package overwrite (Closes: https://github.com/pymumu/smartdns/issues/748) 2022-05-08 12:17:41 +08:00
35 changed files with 3607 additions and 1491 deletions
Expand all files Collapse all files

9
.github/ISSUE_TEMPLATE/issue.md vendored
View File

@@ -15,6 +15,11 @@ assignees: ''
2. 运营商
3. smartdns来源以及版本
4. 涉及的配置(注意去除个人相关信息)
**重现步骤**
1. 上游DNS配置。
@@ -22,8 +27,8 @@ assignees: ''
**信息收集**
1. 将/var/log/smrtdns.log日志作为附件上传。
2. 如进程异常请将coredump功能开启上传coredump信息文件。
1. 将/var/log/smrtdns.log日志作为附件上传(注意去除个人相关信息)
2. 如进程异常请将coredump功能开启上传coredump信息文件同时上传配套的smartdns进程文件
在自定义界面,开启设置->自定义设置->生成coredump配置重现问题后提交coredump文件
coredump文件在/tmp目录下

53
Dockerfile
View File

@@ -1,18 +1,39 @@
FROM debian:buster-slim
FROM ubuntu:latest as smartdns-builder
LABEL previous-stage=smartdns-builder
COPY . /smartdns/
RUN apt update && \
apt install -y perl wget make musl-tools musl-dev && \
OPENSSL_VER=1.1.1f && \
mkdir /build -p && \
ln -s /usr/include/linux /usr/include/$(uname -m)-linux-musl && \
ln -s /usr/include/asm-generic /usr/include/$(uname -m)-linux-musl && \
ln -s /usr/include/$(uname -m)-linux-gnu/asm /usr/include/$(uname -m)-linux-musl && \
cd /build && \
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_${OPENSSL_VER}.orig.tar.gz && \
tar xf openssl_${OPENSSL_VER}.orig.tar.gz && \
cd openssl-${OPENSSL_VER} && \
export CC=musl-gcc && \
if [ "$(uname -m)" = "aarch64" ]; then \
./config --prefix=/opt/build no-tests -mno-outline-atomics ; \
else \
./config --prefix=/opt/build no-tests; \
fi && \
make all -j8 && make install_sw && \
cd /smartdns && \
export CFLAGS="-I /opt/build/include" && \
export LDFLAGS="-L /opt/build/lib" && \
sh ./package/build-pkg.sh --platform linux --arch `dpkg --print-architecture` --static && \
mkdir /release -p && \
cd /smartdns/package && tar xf *.tar.gz && \
cp /smartdns/package/smartdns/etc /release/ -a && \
cp /smartdns/package/smartdns/usr /release/ -a && \
chmod +x /release/etc/init.d/smartdns && \
mkdir /release/var/log/ /release/var/run/ -p && \
rm -fr /build /smartdns
RUN apt update && \
apt install -y git make gcc libssl-dev && \
git clone https://github.com/pymumu/smartdns.git --depth 1 && \
cd smartdns && \
sh ./package/build-pkg.sh --platform debian --arch `dpkg --print-architecture` && \
dpkg -i package/*.deb && \
cd / && \
rm -rf smartdns/ && \
apt autoremove -y git make gcc libssl-dev && \
apt clean && \
rm -rf /var/lib/apt/lists/*
FROM busybox:latest
COPY --from=smartdns-builder /release/ /
EXPOSE 53/udp
VOLUME "/etc/smartdns/"
EXPOSE 53/udp
VOLUME "/etc/smartdns/"
CMD ["/usr/sbin/smartdns", "-f"]
CMD ["/usr/sbin/smartdns", "-f", "-x"]

138
ReadMe.md
View File

@@ -311,8 +311,6 @@ rtt min/avg/max/mdev = 5.954/6.133/6.313/0.195 ms
* **检测上游服务是否配置成功**
* 方法一
执行
```shell
@@ -329,22 +327,24 @@ rtt min/avg/max/mdev = 5.954/6.133/6.313/0.195 ms
Non-authoritative answer:
smartdns name = smartdns.
```
* 方法二
使用 `nslookup` 查询域名(例如 `www.baidu.com`),查看结果中 IP 地址是否**只有一个**,如有多个 IP 地址返回,则表示未生效,请多尝试几个域名检查。
或执行
```shell
$ nslookup www.baidu.com 192.168.1.1
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.215.177.38
$ nslookup smartdns
```
查看命令结果是否有解析出路由器的IP地址如果是则表示生效。
或执行
```shell
ping smartdns.
```
检测ping是否解析对应主机的IP地址。
4. 启动服务
勾选配置页面中的 `Enable启用`来启动 SmartDNS。
@@ -550,50 +550,52 @@ rtt min/avg/max/mdev = 5.954/6.133/6.313/0.195 ms
| 键名 | 功能说明 | 默认值 | 可用值/要求 | 举例 |
| :--- | :--- | :--- | :--- | :--- |
| `server-name` | DNS 服务器名称 | 操作系统主机名 / `smartdns` | 符合主机名规格的字符串 | `server-name smartdns` |
| `bind` | DNS 监听端口号 | `[::]:53` | 可绑定多个端口。<br>`IP:PORT`: 服务器 IP:端口号<br>[`-group`]: 请求时使用的 DNS 服务器组<br>[`-no-rule-addr`]:跳过 address 规则<br>[`-no-rule-nameserver`]:跳过 Nameserver 规则<br>[`-no-rule-ipset`]:跳过 ipset 规则<br>[`-no-rule-soa`]:跳过 SOA(#) 规则<br>[`-no-dualstack-selection`]:停用双栈测速<br>[`-no-speed-check`]:停用测速<br>[`-no-cache`]:停止缓存 | `bind :53` |
| `bind-tcp` | DNS TCP 监听端口号 | `[::]:53` | 可绑定多个端口。<br>`IP:PORT`: 服务器 IP:端口号<br>[`-group`]: 请求时使用的 DNS 服务器组<br>[`-no-rule-addr`]:跳过 address 规则<br>[`-no-rule-nameserver`]:跳过 `nameserver` 规则<br>[`-no-rule-ipset`]:跳过 `ipset` 规则。<br>[`-no-rule-soa`]:跳过 SOA(#) 规则<br>[`-no-dualstack-selection`]:停用双栈测速<br>[`-no-speed-check`]:停用测速<br>[`-no-cache`]:停止缓存 | `bind-tcp :53` |
| `cache-size` | 域名结果缓存个数 | `512` | 大于等于 `0` 的数字 | `cache-size 512` |
| `cache-persist` | 是否持久化缓存 | 自动。<br>当 `cache-file` 所在的位置有超过 128 MB 的可用空间时启用,否则禁用。 | [`yes`\|`no`] | `cache-persist yes` |
| `cache-file` | 缓存持久化文件路径 | `/tmp/smartdns.cache` | 合法路径字符串 | `cache-file /tmp/smartdns.cache` |
| `tcp-idle-time` | TCP 链接空闲超时时间 | `120` | 大于等于 `0` 的数字 | `tcp-idle-time 120` |
| `rr-ttl` | 域名结果 TTL | 远程查询结果 | 大于 `0` 的数字 | `rr-ttl 600` |
| `rr-ttl-min` | 允许的最小 TTL 值 | 远程查询结果 | 大于 `0` 的数字 | `rr-ttl-min 60` |
| `rr-ttl-max` | 允许的最大 TTL 值 | 远程查询结果 | 大于 `0` 的数字 | `rr-ttl-max 600` |
| `rr-ttl-reply-max` | 允许返回给客户端的最大 TTL 值 | 远程查询结果 | 大于 `0` 的数字 | `rr-ttl-reply-max 60` |
| `log-level` | 设置日志级别 | `error` | `fatal`、`error`、`warn`、`notice`、`info` 或 `debug` | `log-level error` |
| `log-file` | 日志文件路径 | `/var/log/smartdns.log` | 合法路径字符串 | `log-file /var/log/smartdns.log` |
| `log-size` | 日志大小 | `128K` | 数字 + `K`、`M` 或 `G` | `log-size 128K` |
| `log-num` | 日志归档个数 | `2` | 大于等于 `0` 的数字 | `log-num 2` |
| `audit-enable` | 设置审计启用 | `no` | [`yes`\|`no`] | `audit-enable yes` |
| `audit-file` | 审计文件路径 | `/var/log/smartdns-audit.log` | 合法路径字符串 | `audit-file /var/log/smartdns-audit.log` |
| `audit-size` | 审计大小 | `128K` | 数字 + `K`、`M` 或 `G` | `audit-size 128K` |
| `audit-num` | 审计归档个数 | `2` | 大于等于 `0` 的数字 | `audit-num 2` |
| `conf-file` | 附加配置文件 | | 合法路径字符串 | `conf-file /etc/smartdns/smartdns.more.conf` |
| `server` | 上游 UDP DNS | 无 | 可重复。<br>[`ip`][`:port`]:服务器 IP:端口(可选)<br>[`-blacklist-ip`]:配置 IP 过滤结果。<br>[`-whitelist-ip`]:指定仅接受参数中配置的 IP 范围<br>[`-group` [`group`] ...]DNS 服务器所属组,比如 `office` 和 `foreign`,和 `nameserver` 配套使用<br>[`-exclude-default-group`]:将 DNS 服务器从默认组中排除 | `server 8.8.8.8:53 -blacklist-ip -group g1` |
| `server-tcp` | 上游 TCP DNS | 无 | 可重复。<br>[`ip`][`:port`]:服务器 IP:端口(可选)<br>[`-blacklist-ip`]:配置 IP 过滤结果<br>[`-whitelist-ip`]:指定仅接受参数中配置的 IP 范围<br>[`-group` [`group`] ...]DNS 服务器所属组,比如 `office``foreign`,和 `nameserver` 配套使用<br>[`-exclude-default-group`]:将 DNS 服务器从默认组中排除 | `server-tcp 8.8.8.8:53` |
| `server-tls` | 上游 TLS DNS | 无 | 可重复。<br>[`ip`][`:port`]:服务器 IP:端口(可选)<br>[`-spki-pin` [`sha256-pin`]]TLS 合法性校验 SPKI 值base64 编码的 sha256 SPKI pin 值<br>[`-host-name`]TLS SNI 名称<br>[`-tls-host-verify`]TLS 证书主机名校验<br> [`-no-check-certificate`]:跳过证书校验<br>[`-blacklist-ip`]:配置 IP 过滤结果<br>[`-whitelist-ip`]:仅接受参数中配置的 IP 范围<br>[`-group` [`group`] ...]DNS 服务器所属组,比如 `office``foreign`,和 `nameserver` 配套使用<br>[`-exclude-default-group`]:将 DNS 服务器从默认组中排除 | `server-tls 8.8.8.8:853` |
| `server-https` | 上游 HTTPS DNS | 无 | 可重复。<br>`https://`[`host`][`:port`]`/path`:服务器 IP:端口(可选<br>[`-spki-pin` [`sha256-pin`]]TLS 合法性校验 SPKI 值base64 编码的 sha256 SPKI pin 值<br>[`-host-name`]TLS SNI 名称<br>[`-http-host`]http 协议头主机名<br>[`-tls-host-verify`]TLS 证书主机名校验<br> [`-no-check-certificate`]:跳过证书校验<br>[`-blacklist-ip`]:配置 IP 过滤结果<br>[`-whitelist-ip`]:仅接受参数中配置的 IP 范围<br>[`-group` [`group`] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[`-exclude-default-group`]:将 DNS 服务器从默认组中排除 | `server-https https://cloudflare-dns.com/dns-query` |
| `speed-check-mode` | 测速模式选择 | 无 | [`ping`\|`tcp:`[`80`]\|`none`] | `speed-check-mode ping,tcp:80` |
| `address` | 指定域名 IP 地址 | 无 | `address /domain/`[`ip`\|`-`\|`-4`\|`-6`\|`#`\|`#4`\|`#6`] <br>`-` 表示忽略 <br>`#` 表示返回 SOA <br>`4` 表示 IPv4 <br>`6` 表示 IPv6 | `address /www.example.com/1.2.3.4` |
| `nameserver` | 指定域名使用 `server` 组解析 | 无 | `nameserver /domain/`[`group`\|`-`], `group` 为组名,`-` 表示忽略此规则,配套 `server` 中的 `-group` 参数使用 | `nameserver /www.example.com/office` |
| `ipset` | 域名 ipset | 无 | `ipset /domain/`[`ipset`\|`-`\|`#`[`4`\|`6`]:[`ipset`\|`-`][`,#`[`4`\|`6`]`:`[`ipset`\|`-`]]]`-`表示忽略 | `ipset /www.example.com/#4:dns4,#6:-` |
| `ipset-timeout` | 设置 `ipset` 超时功能启用 | 自动 | [`yes`] | `ipset-timeout yes` |
| `domain-rules` | 设置域名规则 | 无 | `domain-rules /domain/` [`-rules`...]<br>[`-c`\|`-speed-check-mode`]:测速模式,参考 `speed-check-mode` 配置<br>[`-a`\|`-address`]:参考 `address` 配置<br>[`-n`\|`-nameserver`]:参考 `nameserver` 配置<br>[`-p`\|`-ipset`]:参考`ipset`配置<br>[`-d`\|`-dualstack-ip-selection`]:参考 `dualstack-ip-selection` | `domain-rules /www.example.com/ -speed-check-mode none` |
| `bogus-nxdomain` | 假冒 IP 地址过滤 | 无 | [`ip/subnet`],可重复 | `bogus-nxdomain 1.2.3.4/16` |
| `ignore-ip` | 忽略 IP 地址 | 无 | [`ip/subnet`],可重复 | `ignore-ip 1.2.3.4/16` |
| `whitelist-ip` | 白名单 IP 地址 | 无 | [`ip/subnet`],可重复 | `whitelist-ip 1.2.3.4/16` |
| `blacklist-ip` | 名单 IP 地址 | 无 | [`ip/subnet`],可重复 | `blacklist-ip 1.2.3.4/16` |
| `force-AAAA-SOA` | 强制 AAAA 地址返回 SOA | `no` | [`yes`\|`no`] | `force-AAAA-SOA yes` |
| `force-qtype-SOA` | 强制指定 qtype 返回 SOA | qtype id | [`<qtypeid>` \| ...] | `force-qtype-SOA 65 28`
| `prefetch-domain` | 域名预先获取功能 | `no` | [`yes`\|`no`] | `prefetch-domain yes` |
| `serve-expired` | 过期缓存服务功能 | `yes` | [`yes`\|`no`],开启此功能后,如果有请求时尝试回应 TTL 为 0 的过期记录,并发查询记录,以避免查询等待 |
| `serve-expired-ttl` | 过期缓存服务最长超时时间 | `0` | 秒,`0` 表示停用超时,大于 `0` 表示指定的超时的秒数 | `serve-expired-ttl 0` |
| `serve-expired-reply-ttl` | 回应的过期缓存 TTL | `5` | 秒,`0` 表示停用超时,大于 `0` 表示指定的超时的秒数 | `serve-expired-reply-ttl 30` |
| `dualstack-ip-selection` | 双栈 IP 优选 | `yes` | [`yes`\|`no`] | `dualstack-ip-selection yes` |
| `dualstack-ip-selection-threshold` | 双栈 IP 优选阈值 | `15ms` | 单位为毫秒(`ms` | `dualstack-ip-selection-threshold [0-1000]` |
| `ca-file` | 证书文件 | `/etc/ssl/certs/ca-certificates.crt` | 合法路径字符串 | `ca-file /etc/ssl/certs/ca-certificates.crt` |
| `ca-path` | 证书文件路径 | `/etc/ssl/certs` | 合法路径字符串 | `ca-path /etc/ssl/certs` |
| server-name | DNS 服务器名称 | 操作系统主机名 / smartdns | 符合主机名规格的字符串 | server-name smartdns |
| bind | DNS 监听端口号 | [::]:53 | 可绑定多个端口。<br>IP:PORT: 服务器 IP:端口号<br>[-group]: 请求时使用的 DNS 服务器组<br>[-no-rule-addr]:跳过 address 规则<br>[-no-rule-nameserver]:跳过 Nameserver 规则<br>[-no-rule-ipset]:跳过 ipset 规则<br>[-no-rule-soa]:跳过 SOA(#) 规则<br>[-no-dualstack-selection]:停用双栈测速<br>[-no-speed-check]:停用测速<br>[-no-cache]:停止缓存 | bind :53 |
| bind-tcp | DNS TCP 监听端口号 | [::]:53 | 可绑定多个端口。<br>IP:PORT: 服务器 IP:端口号<br>[-group]: 请求时使用的 DNS 服务器组<br>[-no-rule-addr]:跳过 address 规则<br>[-no-rule-nameserver]:跳过 nameserver 规则<br>[-no-rule-ipset]:跳过 ipset 规则。<br>[-no-rule-soa]:跳过 SOA(#) 规则<br>[-no-dualstack-selection]:停用双栈测速<br>[-no-speed-check]:停用测速<br>[-no-cache]:停止缓存 | bind-tcp :53 |
| cache-size | 域名结果缓存个数 | 512 | 大于等于 0 的数字 | cache-size 512 |
| cache-persist | 是否持久化缓存 | 自动。<br>当 cache-file 所在的位置有超过 128 MB 的可用空间时启用,否则禁用。 | [yes\|no] | cache-persist yes |
| cache-file | 缓存持久化文件路径 | /tmp/smartdns.cache | 合法路径字符串 | cache-file /tmp/smartdns.cache |
| tcp-idle-time | TCP 链接空闲超时时间 | 120 | 大于等于 0 的数字 | tcp-idle-time 120 |
| rr-ttl | 域名结果 TTL | 远程查询结果 | 大于 0 的数字 | rr-ttl 600 |
| rr-ttl-min | 允许的最小 TTL 值 | 远程查询结果 | 大于 0 的数字 | rr-ttl-min 60 |
| rr-ttl-max | 允许的最大 TTL 值 | 远程查询结果 | 大于 0 的数字 | rr-ttl-max 600 |
| rr-ttl-reply-max | 允许返回给客户端的最大 TTL 值 | 远程查询结果 | 大于 0 的数字 | rr-ttl-reply-max 60 |
| max-reply-ip-num | 允许返回给客户的最大IP数量 | IP数量 | 大于 0 的数字 | max-reply-ip-num 1 |
| log-level | 设置日志级别 | error | fatal、error、warn、notice、info 或 debug | log-level error |
| log-file | 日志文件路径 | /var/log/smartdns.log | 合法路径字符串 | log-file /var/log/smartdns.log |
| log-size | 日志大小 | 128K | 数字 + K、M 或 G | log-size 128K |
| log-num | 日志归档个数 | 2 | 大于等于 0 的数字 | log-num 2 |
| audit-enable | 设置审计启用 | no | [yes\|no] | audit-enable yes |
| audit-file | 审计文件路径 | /var/log/smartdns-audit.log | 合法路径字符串 | audit-file /var/log/smartdns-audit.log |
| audit-size | 审计大小 | 128K | 数字 + K、M 或 G | audit-size 128K |
| audit-num | 审计归档个数 | 2 | 大于等于 0 的数字 | audit-num 2 |
| conf-file | 附加配置文件 | 无 | 合法路径字符串 | conf-file /etc/smartdns/smartdns.more.conf |
| server | 上游 UDP DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:指定仅接受参数中配置的 IP 范围<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server 8.8.8.8:53 -blacklist-ip -group g1 |
| server-tcp | 上游 TCP DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]指定仅接受参数中配置的 IP 范围<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-tcp 8.8.8.8:53 |
| server-tls | 上游 TLS DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]TLS 合法性校验 SPKI 值base64 编码的 sha256 SPKI pin 值<br>[-host-name]TLS SNI 名称<br>[-tls-host-verify]TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-tls 8.8.8.8:853 |
| server-https | 上游 HTTPS DNS | 无 | 可重复。<br>https://[host][:port]/path服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]TLS 合法性校验 SPKI 值base64 编码的 sha256 SPKI pin 值<br>[-host-name]TLS SNI 名称<br>[-http-host]http 协议头主机名<br>[-tls-host-verify]TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围。<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-https https://cloudflare-dns.com/dns-query |
| speed-check-mode | 测速模式选择 | 无 | [ping\|tcp:[80]\|none] | speed-check-mode ping,tcp:80,tcp:443 |
| address | 指定域名 IP 地址 | 无 | address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6] <br>- 表示忽略 <br># 表示返回 SOA <br>4 表示 IPv4 <br>6 表示 IPv6 | address /www.example.com/1.2.3.4 |
| nameserver | 指定域名使用 server 组解析 | 无 | nameserver /domain/[group\|-], group 为组名,- 表示忽略此规则,配套 server 中的 -group 参数使用 | nameserver /www.example.com/office |
| ipset | 域名 ipset | 无 | ipset /domain/[ipset\|-\|#[4\|6]:[ipset\|-][,#[4\|6]:[ipset\|-]]]-表示忽略 | ipset /www.example.com/#4:dns4,#6:- |
| ipset-timeout | 设置 ipset 超时功能启用 | 自动 | [yes] | ipset-timeout yes |
| domain-rules | 设置域名规则 | 无 | domain-rules /domain/ [-rules...]<br>[-c\|-speed-check-mode]:测速模式,参考 speed-check-mode 配置<br>[-a\|-address]:参考 address 配置<br>[-n\|-nameserver]:参考 nameserver 配置<br>[-p\|-ipset]参考ipset配置<br>[-d\|-dualstack-ip-selection]:参考 dualstack-ip-selection | domain-rules /www.example.com/ -speed-check-mode none |
| bogus-nxdomain | 假冒 IP 地址过滤 | 无 | [ip/subnet],可重复 | bogus-nxdomain 1.2.3.4/16 |
| ignore-ip | 忽略 IP 地址 | 无 | [ip/subnet],可重复 | ignore-ip 1.2.3.4/16 |
| whitelist-ip | 名单 IP 地址 | 无 | [ip/subnet],可重复 | whitelist-ip 1.2.3.4/16 |
| blacklist-ip | 黑名单 IP 地址 | 无 | [ip/subnet],可重复 | blacklist-ip 1.2.3.4/16 |
| force-AAAA-SOA | 强制 AAAA 地址返回 SOA | no | [yes\|no] | force-AAAA-SOA yes |
| force-qtype-SOA | 强制指定 qtype 返回 SOA | qtype id | [<qtypeid> \| ...] | force-qtype-SOA 65 28
| prefetch-domain | 域名预先获取功能 | no | [yes\|no] | prefetch-domain yes |
| dnsmasq-lease-file | 支持读取dnsmasq dhcp文件解析本地主机名功能 | 无 | dnsmasq dhcp lease文件路径 | dnsmasq-lease-file /var/lib/misc/dnsmasq.leases |
| serve-expired | 过期缓存服务功能 | yes | [yes\|no],开启此功能后,如果有请求时尝试回应 TTL 为 0 的过期记录,并发查询记录,以避免查询等待 |
| serve-expired-ttl | 过期缓存服务最长超时时间 | 0 | 秒0 表示停用超时,大于 0 表示指定的超时的秒数 | serve-expired-ttl 0 |
| serve-expired-reply-ttl | 回应的过期缓存 TTL | 5 | 秒0 表示停用超时,大于 0 表示指定的超时的秒数 | serve-expired-reply-ttl 30 |
| dualstack-ip-selection | 双栈 IP 优选 | yes | [yes\|no] | dualstack-ip-selection yes |
| dualstack-ip-selection-threshold | 双栈 IP 优选阈值 | 15ms | 单位为毫秒ms | dualstack-ip-selection-threshold [0-1000] |
| ca-file | 证书文件 | /etc/ssl/certs/ca-certificates.crt | 合法路径字符串 | ca-file /etc/ssl/certs/ca-certificates.crt |
| ca-path | 证书文件路径 | /etc/ssl/certs | 合法路径字符串 | ca-path /etc/ssl/certs |
## 常见问题
@@ -728,6 +730,24 @@ rtt min/avg/max/mdev = 5.954/6.133/6.313/0.195 ms
$ echo | openssl s_client -connect '1.0.0.1:853' 2>/dev/null | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
```
11. iOS系统解析缓慢问题怎么解决
IOS14开始苹果支持了DNS HTTPS(TYPE65)记录的解析此功能用于快速DNS查询和解决HTTPS链接相关的问题但当前还是草案另外会导致广告屏蔽等功能失效建议通过如下配置关闭TYPE65记录查询。
```sh
force-qtype-SOA 65
```
12. 如何解析本地主机名称?
smartdns可以配合DNSMASQ的dhcp lease文件支持本地主机名->IP地址的解析可以配置smartdns读取dnsmasq的lease文件并支持解析。具体配置参数如下注意DNSMASQ lease文件每个系统可能不一样需要按实际情况配置
```
dnsmasq-lease-file /var/lib/misc/dnsmasq.leases
```
配置完成后,可以直接使用主机名连接对应的机器。但需要注意:
* Windows系统默认使用mDNS解析地址如需要在windows下用使用smartdns解析则需要在主机名后面增加`.`表示使用DNS解析。如`ping smartdns.`
## 编译
SmartDNS 提供了编译软件包的脚本(`package/build-pkg.sh`),支持编译 LuCI、Debian、OpenWrt 和 Optware 安装包。

44
ReadMe_en.md
View File

@@ -281,7 +281,7 @@ https://github.com/pymumu/smartdns/releases
* **Check if the service is configured successfully**
* Method 1: Query domain name with `nslookup -querytype=ptr 0.0.0.1`
* Query domain name with `nslookup -querytype=ptr 0.0.0.1`
See if the `name` item in the command result is displayed as `smartdns` or `hostname`, such as `smartdns`
```shell
@@ -293,18 +293,12 @@ https://github.com/pymumu/smartdns/releases
smartdns name = smartdns.
```
* Method 2: Use `nslookup` to query the `www.baidu.com` domain name to see if the IP address of Baidu in the result is `only one. If there are multiple IP addresses returned, it means that it is not valid. Please try to check several domain names.
* or Query doman name `smartdns `with `nslookup smartdns`
```shell
$ nslookup smartdns
```
```shell
pi@raspberrypi:~ $ nslookup www.baidu.com 192.168.1.1
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.215.177.38
```
Check whether the command result resolves the IP address of the router, if so, it means it is working.
1. Start Service
@@ -505,6 +499,7 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
|rr-ttl-min|Domain name Minimum TTL|Remote query result|number greater than 0|rr-ttl-min 60
|rr-ttl-reply-max|Domain name Minimum Reply TTL|Remote query result|number greater than 0|rr-ttl-reply-max 60
|rr-ttl-max|Domain name Maximum TTL|Remote query result|number greater than 0|rr-ttl-max 600
|max-reply-ip-num|Maximum number of IPs returned to the client|8|number of IPs, 1~16 |max-reply-ip-num 1
|log-level|log level|error|fatal,error,warn,notice,info,debug|log-level error
|log-file|log path|/var/log/smartdns.log|File Pah|log-file /var/log/smartdns.log
|log-size|log size|128K|number+K,M,G|log-size 128K
@@ -518,7 +513,7 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
|server-tcp|Upstream TCP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tcp 8.8.8.8:53
|server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tls 8.8.8.8:853
|server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name<br>`[-http-host]`http header host. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-https https://cloudflare-dns.com/dns-query
|speed-check-mode|Speed mode|None|[ping\|tcp:[80]\|none]|speed-check-mode ping,tcp:443
|speed-check-mode|Speed mode|None|[ping\|tcp:[80]\|none]|speed-check-mode ping,tcp:80,tcp:443
|address|Domain IP address|None|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6], `-` for ignore, `#` for return SOA, `4` for IPV4, `6` for IPV6| address /www.example.com/1.2.3.4
|nameserver|To query domain with specific server group|None|nameserver /domain/[group\|-], `group` is the group name, `-` means ignore this rule, use the `-group` parameter in the related server|nameserver /www.example.com/office
|ipset|Domain IPSet|None|ipset /domain/[ipset\|-\|#[4\|6]:[ipset\|-][,#[4\|6]:[ipset\|-]]], `-` for ignore|ipset /www.example.com/#4:dns4,#6:-
@@ -531,6 +526,7 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
|force-AAAA-SOA|force AAAA query return SOA|no|[yes\|no]|force-AAAA-SOA yes
|force-qtype-SOA|force specific qtype return SOA|qtype id|[qtypeid | ...]|force-qtype-SOA 65 28
|prefetch-domain|domain prefetch feature|no|[yes\|no]|prefetch-domain yes
|dnsmasq-lease-file|Support reading dnsmasq dhcp file to resolve local hostname|None|dnsmasq dhcp lease file| dnsmasq-lease-file /var/lib/misc/dnsmasq.leases
|serve-expired|Cache serve expired feature|yes|[yes\|no], Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish.|serve-expired yes
|serve-expired-ttl|Cache serve expired limite TTL|0|second0disable> 0 seconds after expiration|serve-expired-ttl 0
|serve-expired-reply-ttl|TTL value to use when replying with expired data|5|second0disable> 0 seconds after expiration|serve-expired-reply-ttl 30
@@ -651,9 +647,27 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
1. How to get SPKI of DOT
The SPKI can be obtained from the page published by the DNS service provider. If it is not published, it can be obtained by the following command, replace IP with your own IP.
````sh
```sh
echo | openssl s_client -connect '1.0.0.1:853' 2>/dev/null | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
````
```
1. How to solve the problem of slow DNS resolution in iOS system?
Since iOS14, Apple has supported the resolution of DNS HTTPS (TYPE65) records. This function is used for solving problems related to HTTPS connections, but it is still a draft, and it will cause some functions such as adblocking fail. It is recommended to disable it through the following configuration.
```sh
force-qtype-SOA 65
```
1. How to resolve localhost ip by hostname?
smartdns can cooperate with the dhcp server of DNSMASQ to support the resolution of local host name to IP address. You can configure smartdns to read the lease file of dnsmasq and support the resolution. The specific configuration parameters are as follows, (note that the DNSMASQ lease file may be different for each system and needs to be configured according to the actual situation)
```sh
dnsmasq-lease-file /var/lib/misc/dnsmasq.leases
````\
After the configuration is complete, you can directly use the host name to connect to the local machine. But need to pay attention:
* Windows system uses mDNS to resolve addresses by default. If you need to use smartdns to resolve addresses under Windows, you need to add `.` after the host name, indicating that DNS resolution is used. Such as `ping smartdns.`
## Compile

20
etc/smartdns/smartdns.conf
View File

@@ -4,6 +4,12 @@
# server-name smartdns
#
# dns server run ser
# user [username]
# example: run as nobody
# user nobody
#
# Include another configuration options
# conf-file [file]
# conf-file blacklist-ip.conf
@@ -38,7 +44,7 @@ bind [::]:53
# dns cache size
# cache-size [number]
# 0: for no cache
cache-size 4096
cache-size 16384
# enable persist cache when restart
# cache-persist yes
@@ -77,7 +83,7 @@ cache-size 4096
# speed check mode
# speed-check-mode [ping|tcp:port|none|,]
# example:
# speed-check-mode ping,tcp:80
# speed-check-mode ping,tcp:80,tcp:443
# speed-check-mode tcp:443,ping
# speed-check-mode none
@@ -90,13 +96,14 @@ cache-size 4096
# Enable IPV4, IPV6 dual stack IP optimization selection strategy
# dualstack-ip-selection-threshold [num] (0~1000)
# dualstack-ip-allow-force-AAAA [yes|no]
# dualstack-ip-selection [yes|no]
# dualstack-ip-selection yes
# edns client subnet
# edns-client-subnet [ip/subnet]
# edns-client-subnet 192.168.1.1/24
# edns-client-subnet [8::8]/56
# edns-client-subnet 8::8/56
# ttl for all resource record
# rr-ttl: ttl for all record
@@ -109,6 +116,10 @@ cache-size 4096
# rr-ttl-max 86400
# rr-ttl-reply-max 60
# Maximum number of IPs returned to the client|8|number of IPs, 1~16
# example:
# max-reply-ip-num 1
# set log level
# log-level: [level], level=fatal, error, warn, notice, info, debug
# log-file: file path of log file.
@@ -128,6 +139,9 @@ log-level info
# audit-size 128k
# audit-num 2
# Support reading dnsmasq dhcp file to resolve local hostname
# dnsmasq-lease-file /var/lib/misc/dnsmasq.leases
# certificate file
# ca-file [file]
# ca-file /etc/ssl/certs/ca-certificates.crt

2
package/debian/DEBIAN/changelog
View File

@@ -1,4 +1,4 @@
smartdns (1.2018.7.9) stable; urgency=low
smartdns (1:1.2022.04.05) stable; urgency=low
* Initial build

4
package/debian/make.sh
View File

@@ -43,7 +43,9 @@ build()
mkdir $ROOT/etc/default/ -p
mkdir $ROOT/lib/systemd/system/ -p
sed -i "s/Version:.*/Version: $VER/" $ROOT/DEBIAN/control
pkgver=$(echo ${VER}| sed 's/^1\.//g')
sed -i "s/Version:.*/Version: ${pkgver}/" $ROOT/DEBIAN/control
sed -i "s/Architecture:.*/Architecture: $ARCH/" $ROOT/DEBIAN/control
chmod 0755 $ROOT/DEBIAN/prerm

3
package/openwrt/files/etc/init.d/smartdns
View File

@@ -289,7 +289,7 @@ load_service()
fi
}
config_get dualstack_ip_selection "$section" "dualstack_ip_selection" "0"
[ "$dualstack_ip_selection" = "1" ] && conf_append "dualstack-ip-selection" "yes"
[ "$dualstack_ip_selection" = "0" ] && conf_append "dualstack-ip-selection" "no"
config_get prefetch_domain "$section" "prefetch_domain" "0"
[ "$prefetch_domain" = "1" ] && conf_append "prefetch-domain" "yes"
@@ -377,6 +377,7 @@ load_service()
procd_set_param command /usr/sbin/smartdns -f -c $SMARTDNS_CONF $args
[ "$RESPAWN" = "1" ] && procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
procd_set_param file "$SMARTDNS_CONF"
procd_set_param term_timeout 60
procd_close_instance
}

10
package/optware/S50smartdns
View File

@@ -339,7 +339,7 @@ case "$1" in
SLEEP="sleep"
SLEEPTIME=0.2
fi
N=30
N=300
while [ $N -gt 0 ]
do
pid="$(cat "$SMARTDNS_PID" | head -n 1 2>/dev/null)"
@@ -348,7 +348,13 @@ case "$1" in
fi
if [ ! -d "/proc/$pid" ]; then
return 0;
return 0
fi
stat="$(cat /proc/${pid}/stat | awk '{print $3}' 2>/dev/null)"
if [ "$stat" = "Z" ]; then
$SLEEP $SLEEPTIME
return 0
fi
$SLEEP $SLEEPTIME 2>/dev/null

2
src/Makefile
View File

@@ -20,7 +20,7 @@ OBJS=smartdns.o fast_ping.o dns_client.o dns_server.o dns.o util.o tlog.o dns_co
# cflags
ifndef CFLAGS
CFLAGS =-O2 -g -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing -funwind-tables
CFLAGS =-O2 -g -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing -funwind-tables -Wmissing-prototypes -Wshadow -Wextra -Wno-unused-parameter -Wno-implicit-fallthrough
endif
override CFLAGS +=-Iinclude
override CFLAGS += -DBASE_FILE_NAME=\"$(notdir $<)\"

194
src/dns.c
View File

@@ -45,7 +45,7 @@
/* read short and move pointer */
static short _dns_read_short(unsigned char **buffer)
{
unsigned short value;
unsigned short value = 0;
value = ntohs(*((unsigned short *)(*buffer)));
*buffer += 2;
@@ -86,7 +86,7 @@ static void _dns_write_int(unsigned char **buffer, unsigned int value)
/* read int and move pointer */
static unsigned int _dns_read_int(unsigned char **buffer)
{
unsigned int value;
unsigned int value = 0;
value = ntohl(*((unsigned int *)(*buffer)));
*buffer += 4;
@@ -99,12 +99,13 @@ static inline int _dns_left_len(struct dns_context *context)
return context->maxsize - (context->ptr - context->data);
}
static int _dns_get_domain_from_packet(unsigned char *packet, int packet_size, unsigned char **domain_ptr, char *output, int size)
static int _dns_get_domain_from_packet(unsigned char *packet, int packet_size, unsigned char **domain_ptr, char *output,
int size)
{
int output_len = 0;
int copy_len = 0;
int len = 0;
unsigned char *ptr = (unsigned char*)*domain_ptr;
unsigned char *ptr = *domain_ptr;
int is_compressed = 0;
int ptr_jump = 0;
@@ -140,8 +141,8 @@ static int _dns_get_domain_from_packet(unsigned char *packet, int packet_size, u
ptr = packet + len;
if (ptr > packet + packet_size) {
tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", packet_size, (long)(ptr - packet),
*domain_ptr, packet);
tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", packet_size, (long)(ptr - packet), *domain_ptr,
packet);
return -1;
}
is_compressed = 1;
@@ -159,8 +160,8 @@ static int _dns_get_domain_from_packet(unsigned char *packet, int packet_size, u
}
if (ptr > packet + packet_size) {
tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", packet_size, (long)(ptr - packet),
*domain_ptr, packet);
tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", packet_size, (long)(ptr - packet), *domain_ptr,
packet);
return -1;
}
@@ -169,8 +170,8 @@ static int _dns_get_domain_from_packet(unsigned char *packet, int packet_size, u
/* copy sub string */
copy_len = (len < size - output_len) ? len : size - 1 - output_len;
if ((ptr + copy_len) > (packet + packet_size)) {
tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", packet_size, (long)(ptr - packet),
*domain_ptr, packet);
tlog(TLOG_DEBUG, "length is not enough %u:%ld, %p, %p", packet_size, (long)(ptr - packet), *domain_ptr,
packet);
return -1;
}
memcpy(output, ptr, copy_len);
@@ -190,18 +191,20 @@ static int _dns_get_domain_from_packet(unsigned char *packet, int packet_size, u
static int _dns_decode_domain(struct dns_context *context, char *output, int size)
{
return _dns_get_domain_from_packet(context->data, context->maxsize, &(context->ptr), output, size);
return _dns_get_domain_from_packet(context->data, context->maxsize, &(context->ptr), output, size);
}
unsigned int dict_hash(const char *s)
static unsigned int dict_hash(const char *s)
{
unsigned int hashval;
for (hashval = 0; *s != '\0'; s++)
hashval = *s + 31 * hashval;
return hashval;
unsigned int hashval = 0;
for (hashval = 0; *s != '\0'; s++) {
hashval = *s + 31 * hashval;
}
return hashval;
}
int _dns_add_domain_dict(struct dns_context *context, unsigned int hash, int pos) {
static int _dns_add_domain_dict(struct dns_context *context, unsigned int hash, int pos)
{
struct dns_packet_dict *dict = context->namedict;
if (dict->dict_count >= DNS_PACKET_DICT_SIZE) {
@@ -224,7 +227,8 @@ int _dns_add_domain_dict(struct dns_context *context, unsigned int hash, int pos
return 0;
}
int _dns_get_domain_offset(struct dns_context *context, const char *domain) {
static int _dns_get_domain_offset(struct dns_context *context, const char *domain)
{
int i = 0;
char domain_check[DNS_MAX_CNAME_LEN];
@@ -241,7 +245,8 @@ int _dns_get_domain_offset(struct dns_context *context, const char *domain) {
}
unsigned char *domain_check_ptr = dict->names[i].pos + context->data;
if (_dns_get_domain_from_packet(context->data, context->maxsize, &domain_check_ptr, domain_check, DNS_MAX_CNAME_LEN) !=0) {
if (_dns_get_domain_from_packet(context->data, context->maxsize, &domain_check_ptr, domain_check,
DNS_MAX_CNAME_LEN) != 0) {
return -1;
}
@@ -252,7 +257,7 @@ int _dns_get_domain_offset(struct dns_context *context, const char *domain) {
return -1;
}
static int _dns_encode_domain(struct dns_context *context, char *domain)
static int _dns_encode_domain(struct dns_context *context, const char *domain)
{
int num = 0;
int total_len = 0;
@@ -269,7 +274,6 @@ static int _dns_encode_domain(struct dns_context *context, char *domain)
int offset = 0xc000 | dict_offset;
_dns_write_short(&ptr_num, offset);
context->ptr++;
dict_offset = -1;
ptr_num = NULL;
return total_len;
}
@@ -308,7 +312,7 @@ static int _dns_encode_domain(struct dns_context *context, char *domain)
/* iterator get rrs begin */
struct dns_rrs *dns_get_rrs_start(struct dns_packet *packet, dns_rr_type type, int *count)
{
unsigned short start;
unsigned short start = 0;
struct dns_head *head = &packet->head;
/* get rrs count by rrs type */
@@ -357,8 +361,9 @@ struct dns_rrs *dns_get_rrs_next(struct dns_packet *packet, struct dns_rrs *rrs)
return (struct dns_rrs *)(packet->data + rrs->next);
}
static void _dns_init_context_by_rrs(struct dns_rrs *rrs, struct dns_context *context) {
context->packet =rrs->packet;
static void _dns_init_context_by_rrs(struct dns_rrs *rrs, struct dns_context *context)
{
context->packet = rrs->packet;
context->data = rrs->packet->data;
context->ptr = rrs->data;
context->namedict = &rrs->packet->namedict;
@@ -368,10 +373,10 @@ static void _dns_init_context_by_rrs(struct dns_rrs *rrs, struct dns_context *co
/* iterator add rrs begin */
static int _dns_add_rrs_start(struct dns_packet *packet, struct dns_context *context)
{
struct dns_rrs *rrs;
struct dns_rrs *rrs = NULL;
unsigned char *end = packet->data + packet->len;
if ((packet->len + sizeof(*rrs)) >= packet->size) {
if ((packet->len + (int)sizeof(*rrs)) >= packet->size) {
return -1;
}
rrs = (struct dns_rrs *)end;
@@ -388,15 +393,15 @@ static int _dns_add_rrs_start(struct dns_packet *packet, struct dns_context *con
/* iterator add rrs end */
static int _dns_rr_add_end(struct dns_packet *packet, int type, dns_type_t rtype, int len)
{
struct dns_rrs *rrs;
struct dns_rrs *rrs_next;
struct dns_rrs *rrs = NULL;
struct dns_rrs *rrs_next = NULL;
struct dns_head *head = &packet->head;
unsigned char *end = packet->data + packet->len;
unsigned short *count;
unsigned short *start;
unsigned short *count = NULL;
unsigned short *start = NULL;
rrs = (struct dns_rrs *)end;
if (packet->len + len > packet->size - sizeof(*packet) - sizeof(*rrs)) {
if (packet->len + len > packet->size - (int)sizeof(*packet) - (int)sizeof(*rrs)) {
return -1;
}
@@ -449,7 +454,7 @@ static int _dns_rr_add_end(struct dns_packet *packet, int type, dns_type_t rtype
return 0;
}
static int _dns_add_qr_head(struct dns_context *context, char *domain, int qtype, int qclass)
static int _dns_add_qr_head(struct dns_context *context, const char *domain, int qtype, int qclass)
{
int ret = _dns_encode_domain(context, domain);
if (ret < 0) {
@@ -473,7 +478,7 @@ static int _dns_get_qr_head(struct dns_context *context, char *domain, int maxsi
if (domain == NULL || context == NULL) {
return -1;
}
ret = _dns_decode_domain(context, domain, maxsize);
if (ret < 0) {
return -1;
@@ -489,8 +494,7 @@ static int _dns_get_qr_head(struct dns_context *context, char *domain, int maxsi
return 0;
}
static int _dns_add_rr_head(struct dns_context *context, char *domain, int qtype, int qclass, int ttl,
int rr_len)
static int _dns_add_rr_head(struct dns_context *context, const char *domain, int qtype, int qclass, int ttl, int rr_len)
{
int len = 0;
@@ -515,8 +519,8 @@ static int _dns_add_rr_head(struct dns_context *context, char *domain, int qtype
return len + 6;
}
static int _dns_get_rr_head(struct dns_context *context, char *domain, int maxsize, int *qtype, int *qclass,
int *ttl, int *rr_len)
static int _dns_get_rr_head(struct dns_context *context, char *domain, int maxsize, int *qtype, int *qclass, int *ttl,
int *rr_len)
{
int len = 0;
@@ -538,12 +542,12 @@ static int _dns_get_rr_head(struct dns_context *context, char *domain, int maxsi
return len;
}
static int _dns_add_RAW(struct dns_packet *packet, dns_rr_type rrtype, dns_type_t rtype, char *domain, int ttl,
void *raw, int raw_len)
static int _dns_add_RAW(struct dns_packet *packet, dns_rr_type rrtype, dns_type_t rtype, const char *domain, int ttl,
const void *raw, int raw_len)
{
int len = 0;
struct dns_context context;
int ret;
int ret = 0;
/* resource record */
/* |domain |
@@ -621,7 +625,7 @@ static int _dns_add_opt_RAW(struct dns_packet *packet, dns_opt_code_t opt_rrtype
len += raw_len;
len += sizeof(*opt);
return _dns_add_RAW(packet, DNS_RRS_OPT, DNS_OPT_T_TCP_KEEPALIVE, "", 0, opt_data, len);
return _dns_add_RAW(packet, DNS_RRS_OPT, (dns_type_t)DNS_OPT_T_TCP_KEEPALIVE, "", 0, opt_data, len);
}
static int _dns_get_opt_RAW(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, struct dns_opt *dns_opt,
@@ -715,7 +719,7 @@ static int __attribute__((unused)) _dns_get_OPT(struct dns_rrs *rrs, unsigned sh
return 0;
}
int dns_add_CNAME(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, char *cname)
int dns_add_CNAME(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, const char *cname)
{
int rr_len = strnlen(cname, DNS_MAX_CNAME_LEN) + 1;
return _dns_add_RAW(packet, type, DNS_T_CNAME, domain, ttl, cname, rr_len);
@@ -727,7 +731,7 @@ int dns_get_CNAME(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, char
return _dns_get_RAW(rrs, domain, maxsize, ttl, cname, &len);
}
int dns_add_A(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, unsigned char addr[DNS_RR_A_LEN])
int dns_add_A(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, unsigned char addr[DNS_RR_A_LEN])
{
return _dns_add_RAW(packet, type, DNS_T_A, domain, ttl, addr, DNS_RR_A_LEN);
}
@@ -738,7 +742,7 @@ int dns_get_A(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, unsigned
return _dns_get_RAW(rrs, domain, maxsize, ttl, addr, &len);
}
int dns_add_PTR(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, char *cname)
int dns_add_PTR(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, char *cname)
{
int rr_len = strnlen(cname, DNS_MAX_CNAME_LEN) + 1;
return _dns_add_RAW(packet, type, DNS_T_PTR, domain, ttl, cname, rr_len);
@@ -750,7 +754,7 @@ int dns_get_PTR(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, char *
return _dns_get_RAW(rrs, domain, maxsize, ttl, cname, &len);
}
int dns_add_NS(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, char *cname)
int dns_add_NS(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, const char *cname)
{
int rr_len = strnlen(cname, DNS_MAX_CNAME_LEN) + 1;
return _dns_add_RAW(packet, type, DNS_T_NS, domain, ttl, cname, rr_len);
@@ -762,7 +766,7 @@ int dns_get_NS(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, char *c
return _dns_get_RAW(rrs, domain, maxsize, ttl, cname, &len);
}
int dns_add_AAAA(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl,
int dns_add_AAAA(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl,
unsigned char addr[DNS_RR_AAAA_LEN])
{
return _dns_add_RAW(packet, type, DNS_T_AAAA, domain, ttl, addr, DNS_RR_AAAA_LEN);
@@ -774,7 +778,7 @@ int dns_get_AAAA(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, unsig
return _dns_get_RAW(rrs, domain, maxsize, ttl, addr, &len);
}
int dns_add_SOA(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, struct dns_soa *soa)
int dns_add_SOA(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, struct dns_soa *soa)
{
/* SOA */
/*| mname |
@@ -845,7 +849,6 @@ int dns_get_SOA(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, struct
memcpy(&soa->expire, ptr, 4);
ptr += 4;
memcpy(&soa->minimum, ptr, 4);
ptr += 4;
return 0;
}
@@ -881,21 +884,22 @@ int dns_add_OPT_ECS(struct dns_packet *packet, struct dns_opt_ecs *ecs)
memcpy(opt->data, ecs, len);
len += sizeof(*opt);
return _dns_add_RAW(packet, DNS_RRS_OPT, DNS_OPT_T_ECS, "", 0, opt_data, len);
return _dns_add_RAW(packet, DNS_RRS_OPT, (dns_type_t)DNS_OPT_T_ECS, "", 0, opt_data, len);
}
int dns_get_OPT_ECS(struct dns_rrs *rrs, unsigned short *opt_code, unsigned short *opt_len, struct dns_opt_ecs *ecs)
{
unsigned char opt_data[DNS_MAX_OPT_LEN];
char domain[DNS_MAX_CNAME_LEN] = {0};
struct dns_opt *opt = (struct dns_opt *)opt_data;
int len = DNS_MAX_OPT_LEN;
int ttl = 0;
if (_dns_get_RAW(rrs, NULL, 0, &ttl, opt_data, &len) != 0) {
if (_dns_get_RAW(rrs, domain, DNS_MAX_CNAME_LEN, &ttl, opt_data, &len) != 0) {
return -1;
}
if (len < sizeof(*opt)) {
if (len < (int)sizeof(*opt)) {
return -1;
}
@@ -933,7 +937,7 @@ int dns_get_OPT_TCP_KEEYALIVE(struct dns_rrs *rrs, unsigned short *opt_code, uns
return -1;
}
if (len < sizeof(*opt)) {
if (len < (int)sizeof(*opt)) {
return -1;
}
@@ -961,7 +965,7 @@ int dns_get_OPT_TCP_KEEYALIVE(struct dns_rrs *rrs, unsigned short *opt_code, uns
* Format:
* |DNS_NAME\0(string)|qtype(short)|qclass(short)|
*/
int dns_add_domain(struct dns_packet *packet, char *domain, int qtype, int qclass)
int dns_add_domain(struct dns_packet *packet, const char *domain, int qtype, int qclass)
{
int len = 0;
int ret = 0;
@@ -994,7 +998,7 @@ int dns_get_domain(struct dns_rrs *rrs, char *domain, int maxsize, int *qtype, i
static int _dns_decode_head(struct dns_context *context)
{
unsigned int fields;
unsigned int fields = 0;
int len = 12;
struct dns_head *head = &context->packet->head;
@@ -1151,7 +1155,8 @@ static int _dns_decode_rr_head(struct dns_context *context, char *domain, int do
return 0;
}
static int _dns_encode_rr_head(struct dns_context *context, char *domain, int qtype, int qclass, int ttl, int rr_len, unsigned char **rr_len_ptr)
static int _dns_encode_rr_head(struct dns_context *context, char *domain, int qtype, int qclass, int ttl, int rr_len,
unsigned char **rr_len_ptr)
{
int ret = 0;
ret = _dns_encode_qr_head(context, domain, qtype, qclass);
@@ -1174,12 +1179,12 @@ static int _dns_encode_rr_head(struct dns_context *context, char *domain, int qt
static int _dns_encode_raw(struct dns_context *context, struct dns_rrs *rrs)
{
int ret;
int ret = 0;
int qtype = 0;
int qclass = 0;
int ttl = 0;
char domain[DNS_MAX_CNAME_LEN];
int rr_len;
int rr_len = 0;
unsigned char *rr_len_ptr = NULL;
struct dns_context data_context;
/*
@@ -1249,12 +1254,12 @@ static int _dns_decode_CNAME(struct dns_context *context, char *cname, int cname
static int _dns_encode_CNAME(struct dns_context *context, struct dns_rrs *rrs)
{
int ret;
int ret = 0;
int qtype = 0;
int qclass = 0;
int ttl = 0;
char domain[DNS_MAX_CNAME_LEN];
int rr_len;
int rr_len = 0;
unsigned char *rr_len_ptr = NULL;
struct dns_context data_context;
@@ -1314,7 +1319,7 @@ static int _dns_decode_SOA(struct dns_context *context, struct dns_soa *soa)
static int _dns_encode_SOA(struct dns_context *context, struct dns_rrs *rrs)
{
int ret;
int ret = 0;
int qtype = 0;
int qclass = 0;
int ttl = 0;
@@ -1390,7 +1395,7 @@ static int _dns_decode_opt_ecs(struct dns_context *context, struct dns_opt_ecs *
len = (ecs->source_prefix / 8);
len += (ecs->source_prefix % 8 > 0) ? 1 : 0;
if (_dns_left_len(context) < len || len > sizeof(ecs->addr)) {
if (_dns_left_len(context) < len || len > (int)sizeof(ecs->addr)) {
return -1;
}
@@ -1404,7 +1409,6 @@ static int _dns_decode_opt_ecs(struct dns_context *context, struct dns_opt_ecs *
return 0;
}
static int _dns_decode_opt_cookie(struct dns_context *context, struct dns_opt_cookie *cookie)
{
// TODO
@@ -1435,16 +1439,15 @@ static int _dns_decode_opt_cookie(struct dns_context *context, struct dns_opt_co
return 0;
}
static int _dns_encode_OPT(struct dns_context *context, struct dns_rrs *rrs)
{
int ret;
int ret = 0;
int opt_code = 0;
int qclass = 0;
char domain[DNS_MAX_CNAME_LEN];
struct dns_context data_context;
int rr_len = 0;
int ttl;
int ttl = 0;
struct dns_opt *dns_opt = NULL;
_dns_init_context_by_rrs(rrs, &data_context);
@@ -1453,7 +1456,7 @@ static int _dns_encode_OPT(struct dns_context *context, struct dns_rrs *rrs)
return -1;
}
if (rr_len < sizeof(*dns_opt)) {
if (rr_len < (int)sizeof(*dns_opt)) {
return -1;
}
@@ -1492,8 +1495,8 @@ static int _dns_get_opts_data_len(struct dns_packet *packet, struct dns_rrs *rrs
int len = 0;
int opt_code = 0;
int qclass = 0;
int ttl;
int ret;
int ttl = 0;
int ret = 0;
char domain[DNS_MAX_CNAME_LEN];
struct dns_context data_context;
int rr_len = 0;
@@ -1549,10 +1552,10 @@ static int _dns_encode_opts(struct dns_packet *packet, struct dns_context *conte
return 0;
}
static int __attribute__((unused)) _dns_decode_opt(struct dns_context *context, dns_rr_type type, unsigned int ttl, int rr_len)
static int _dns_decode_opt(struct dns_context *context, dns_rr_type type, unsigned int ttl, int rr_len)
{
unsigned short opt_code;
unsigned short opt_len;
unsigned short opt_code = 0;
unsigned short opt_len = 0;
unsigned short ercode = (ttl >> 16) & 0xFFFF;
unsigned short ever = (ttl)&0xFFFF;
unsigned char *start = context->ptr;
@@ -1598,6 +1601,8 @@ static int __attribute__((unused)) _dns_decode_opt(struct dns_context *context,
while (context->ptr - start < rr_len) {
if (_dns_left_len(context) < 4) {
tlog(TLOG_WARN, "data length is invalid, %d:%d", _dns_left_len(context),
(int)(context->ptr - context->data));
return -1;
}
opt_code = _dns_read_short(&context->ptr);
@@ -1645,7 +1650,7 @@ static int __attribute__((unused)) _dns_decode_opt(struct dns_context *context,
static int _dns_decode_qd(struct dns_context *context)
{
struct dns_packet *packet = context->packet;
int len;
int len = 0;
int qtype = 0;
int qclass = 0;
char domain[DNS_MAX_CNAME_LEN];
@@ -1665,14 +1670,14 @@ static int _dns_decode_qd(struct dns_context *context)
static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
{
int ret;
int ret = 0;
int qtype = 0;
int qclass = 0;
int ttl;
int ttl = 0;
int rr_len = 0;
char domain[DNS_MAX_CNAME_LEN];
struct dns_packet *packet = context->packet;
unsigned char *start;
unsigned char *start = NULL;
/* decode rr head */
ret = _dns_decode_rr_head(context, domain, DNS_MAX_CNAME_LEN, &qtype, &qclass, &ttl, &rr_len);
@@ -1716,13 +1721,13 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
struct dns_soa soa;
ret = _dns_decode_SOA(context, &soa);
if (ret < 0) {
tlog(TLOG_ERROR, "decode CNAME failed, %s", domain);
tlog(TLOG_ERROR, "decode SOA failed, %s", domain);
return -1;
}
ret = dns_add_SOA(packet, type, domain, ttl, &soa);
if (ret < 0) {
tlog(TLOG_ERROR, "add CNAME failed, %s", domain);
tlog(TLOG_ERROR, "add SOA failed, %s", domain);
return -1;
}
} break;
@@ -1785,7 +1790,7 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
} break;
default: {
unsigned char raw_data[1024];
if (_dns_left_len(context) < rr_len || rr_len >= sizeof(raw_data)) {
if (_dns_left_len(context) < rr_len || rr_len >= (int)sizeof(raw_data)) {
tlog(TLOG_DEBUG, "length mismatch\n");
return -1;
}
@@ -1801,7 +1806,7 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
tlog(TLOG_ERROR, "add raw failed, %s", domain);
return -1;
}
tlog(TLOG_DEBUG, "DNS type = %d not supported", qtype);
break;
}
@@ -1817,7 +1822,7 @@ static int _dns_decode_an(struct dns_context *context, dns_rr_type type)
static int _dns_encode_qd(struct dns_context *context, struct dns_rrs *rrs)
{
int ret;
int ret = 0;
int qtype = 0;
int qclass = 0;
char domain[DNS_MAX_CNAME_LEN];
@@ -1839,7 +1844,7 @@ static int _dns_encode_qd(struct dns_context *context, struct dns_rrs *rrs)
static int _dns_encode_an(struct dns_context *context, struct dns_rrs *rrs)
{
int ret;
int ret = 0;
switch (rrs->type) {
case DNS_T_A:
case DNS_T_AAAA: {
@@ -1929,8 +1934,8 @@ static int _dns_encode_body(struct dns_context *context)
struct dns_head *head = &packet->head;
int i = 0;
int len = 0;
struct dns_rrs *rrs;
int count;
struct dns_rrs *rrs = NULL;
int count = 0;
rrs = dns_get_rrs_start(packet, DNS_RRS_QD, &count);
head->qdcount = count;
@@ -1983,7 +1988,7 @@ static int _dns_encode_body(struct dns_context *context)
int dns_packet_init(struct dns_packet *packet, int size, struct dns_head *head)
{
struct dns_head *init_head = &packet->head;
if (size < sizeof(*packet)) {
if (size < (int)sizeof(*packet)) {
return -1;
}
@@ -2078,13 +2083,13 @@ int dns_encode(unsigned char *data, int size, struct dns_packet *packet)
static int _dns_update_an(struct dns_context *context, dns_rr_type type, struct dns_update_param *param)
{
int ret;
int ret = 0;
int qtype = 0;
int qclass = 0;
int ttl;
int ttl = 0;
int rr_len = 0;
char domain[DNS_MAX_CNAME_LEN];
unsigned char *start;
unsigned char *start = NULL;
/* decode rr head */
ret = _dns_decode_rr_head(context, domain, DNS_MAX_CNAME_LEN, &qtype, &qclass, &ttl, &rr_len);
@@ -2114,7 +2119,6 @@ static int _dns_update_an(struct dns_context *context, dns_rr_type type, struct
return 0;
}
static int _dns_update_body(struct dns_context *context, struct dns_update_param *param)
{
struct dns_packet *packet = context->packet;
@@ -2127,9 +2131,9 @@ static int _dns_update_body(struct dns_context *context, struct dns_update_param
head->qdcount = 0;
for (i = 0; i < count; i++) {
char domain[DNS_MAX_CNAME_LEN];
int qtype;
int qclass;
int len;
int qtype = 0;
int qclass = 0;
int len = 0;
len = _dns_decode_qr_head(context, domain, DNS_MAX_CNAME_LEN, &qtype, &qclass);
if (len < 0) {
tlog(TLOG_DEBUG, "update qd failed.");
@@ -2170,8 +2174,8 @@ static int _dns_update_body(struct dns_context *context, struct dns_update_param
return 0;
}
int _dns_update_id(unsigned char *data, int size, struct dns_update_param *param) {
static int _dns_update_id(unsigned char *data, int size, struct dns_update_param *param)
{
unsigned char *ptr = data;
_dns_write_short(&ptr, param->id);
return 0;
@@ -2212,7 +2216,7 @@ int dns_packet_update(unsigned char *data, int size, struct dns_update_param *pa
if (ret < 0) {
tlog(TLOG_DEBUG, "decode body failed.\n");
return -1;
}
}
return 0;
}
@@ -2221,7 +2225,7 @@ int dns_packet_update(unsigned char *data, int size, struct dns_update_param *pa
void dns_debug(void)
{
unsigned char data[1024];
int len;
ssize_t len;
char buff[4096];
int fd = open("dns.bin", O_RDWR);

30
src/dns.h
View File

@@ -23,13 +23,18 @@
#define DNS_RR_AAAA_LEN 16
#define DNS_MAX_CNAME_LEN 256
#define DNS_MAX_OPT_LEN 256
#define DNS_IN_PACKSIZE (512 * 4)
#define DNS_PACKSIZE (512 * 10)
#define DNS_IN_PACKSIZE (512 * 8)
#define DNS_PACKSIZE (512 * 12)
#define DNS_DEFAULT_PACKET_SIZE 512
#define DNS_ADDR_FAMILY_IP 1
#define DNS_ADDR_FAMILY_IPV6 2
/*
DNS parameters:
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
*/
typedef enum dns_qr {
DNS_QR_QUERY = 0,
DNS_QR_ANSWER = 1,
@@ -61,6 +66,7 @@ typedef enum dns_type {
DNS_T_SRV = 33,
DNS_T_OPT = 41,
DNS_T_SSHFP = 44,
DNS_T_HTTPS = 65,
DNS_T_SPF = 99,
DNS_T_AXFR = 252,
DNS_T_ALL = 255
@@ -115,7 +121,7 @@ struct dns_head {
#define DNS_PACKET_DICT_SIZE 16
struct dns_packet_dict_item {
unsigned pos;
unsigned short pos;
unsigned int hash;
};
@@ -144,7 +150,7 @@ struct dns_rrs {
struct dns_packet *packet;
unsigned short next;
unsigned short len;
dns_type_t type;
int type;
unsigned char data[0];
};
@@ -153,7 +159,7 @@ struct dns_context {
struct dns_packet *packet;
struct dns_packet_dict *namedict;
unsigned char *data;
unsigned int maxsize;
int maxsize;
unsigned char *ptr;
};
@@ -199,29 +205,29 @@ struct dns_rrs *dns_get_rrs_start(struct dns_packet *packet, dns_rr_type type, i
/*
* Question
*/
int dns_add_domain(struct dns_packet *packet, char *domain, int qtype, int qclass);
int dns_add_domain(struct dns_packet *packet, const char *domain, int qtype, int qclass);
int dns_get_domain(struct dns_rrs *rrs, char *domain, int maxsize, int *qtype, int *qclass);
/*
* Answers
*/
int dns_add_CNAME(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, char *cname);
int dns_add_CNAME(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, const char *cname);
int dns_get_CNAME(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, char *cname, int cname_size);
int dns_add_A(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, unsigned char addr[DNS_RR_A_LEN]);
int dns_add_A(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, unsigned char addr[DNS_RR_A_LEN]);
int dns_get_A(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, unsigned char addr[DNS_RR_A_LEN]);
int dns_add_PTR(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, char *cname);
int dns_add_PTR(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, char *cname);
int dns_get_PTR(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, char *cname, int cname_size);
int dns_add_AAAA(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl,
int dns_add_AAAA(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl,
unsigned char addr[DNS_RR_AAAA_LEN]);
int dns_get_AAAA(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, unsigned char addr[DNS_RR_AAAA_LEN]);
int dns_add_SOA(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, struct dns_soa *soa);
int dns_add_SOA(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, struct dns_soa *soa);
int dns_get_SOA(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, struct dns_soa *soa);
int dns_add_NS(struct dns_packet *packet, dns_rr_type type, char *domain, int ttl, char *cname);
int dns_add_NS(struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, const char *cname);
int dns_get_NS(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, char *cname, int cname_size);
int dns_set_OPT_payload_size(struct dns_packet *packet, int payload_size);

163
src/dns_cache.c
View File

@@ -243,7 +243,8 @@ struct dns_cache_data *dns_cache_new_data_packet(uint32_t cache_flag, void *pack
return (struct dns_cache_data *)cache_packet;
}
int dns_cache_replace(char *domain, int ttl, dns_type_t qtype, int speed, struct dns_cache_data *cache_data)
static int _dns_cache_replace(char *domain, int ttl, dns_type_t qtype, int speed, int inactive,
struct dns_cache_data *cache_data)
{
struct dns_cache *dns_cache = NULL;
struct dns_cache_data *old_cache_data = NULL;
@@ -269,11 +270,19 @@ int dns_cache_replace(char *domain, int ttl, dns_type_t qtype, int speed, struct
dns_cache->info.qtype = qtype;
dns_cache->info.ttl = ttl;
dns_cache->info.speed = speed;
time(&dns_cache->info.insert_time);
old_cache_data = dns_cache->cache_data;
dns_cache->cache_data = cache_data;
list_del_init(&dns_cache->list);
list_add_tail(&dns_cache->list, &dns_cache_head.cache_list);
if (inactive == 0) {
time(&dns_cache->info.insert_time);
time(&dns_cache->info.replace_time);
list_add_tail(&dns_cache->list, &dns_cache_head.cache_list);
} else {
time(&dns_cache->info.replace_time);
list_add_tail(&dns_cache->list, &dns_cache_head.inactive_list);
}
pthread_mutex_unlock(&dns_cache_head.lock);
dns_cache_data_free(old_cache_data);
@@ -281,18 +290,48 @@ int dns_cache_replace(char *domain, int ttl, dns_type_t qtype, int speed, struct
return 0;
}
int _dns_cache_insert(struct dns_cache_info *info, struct dns_cache_data *cache_data, struct list_head *head)
int dns_cache_replace(char *domain, int ttl, dns_type_t qtype, int speed, struct dns_cache_data *cache_data)
{
return _dns_cache_replace(domain, ttl, qtype, speed, 0, cache_data);
}
int dns_cache_replace_inactive(char *domain, int ttl, dns_type_t qtype, int speed, struct dns_cache_data *cache_data)
{
return _dns_cache_replace(domain, ttl, qtype, speed, 1, cache_data);
}
static void _dns_cache_remove_by_domain(const char *domain, dns_type_t qtype)
{
uint32_t key = 0;
struct dns_cache *dns_cache = NULL;
key = hash_string(domain);
key = jhash(&qtype, sizeof(qtype), key);
pthread_mutex_lock(&dns_cache_head.lock);
hash_for_each_possible(dns_cache_head.cache_hash, dns_cache, node, key)
{
if (dns_cache->info.qtype != qtype) {
continue;
}
if (strncmp(domain, dns_cache->info.domain, DNS_MAX_CNAME_LEN) != 0) {
continue;
}
_dns_cache_remove(dns_cache);
break;
}
pthread_mutex_unlock(&dns_cache_head.lock);
}
static int _dns_cache_insert(struct dns_cache_info *info, struct dns_cache_data *cache_data, struct list_head *head)
{
uint32_t key = 0;
struct dns_cache *dns_cache = NULL;
/* if cache already exists, free */
dns_cache = dns_cache_lookup(info->domain, info->qtype);
if (dns_cache) {
dns_cache_delete(dns_cache);
dns_cache_release(dns_cache);
dns_cache = NULL;
}
_dns_cache_remove_by_domain(info->domain, info->qtype);
dns_cache = malloc(sizeof(*dns_cache));
if (dns_cache == NULL) {
@@ -313,7 +352,7 @@ int _dns_cache_insert(struct dns_cache_info *info, struct dns_cache_data *cache_
/* Release extra cache, remove oldest cache record */
if (atomic_inc_return(&dns_cache_head.num) > dns_cache_head.size) {
struct dns_cache *del_cache;
struct dns_cache *del_cache = NULL;
del_cache = _dns_inactive_cache_first();
if (del_cache) {
_dns_cache_remove(del_cache);
@@ -354,6 +393,7 @@ int dns_cache_insert(char *domain, int ttl, dns_type_t qtype, int speed, struct
info.hitnum_update_add = DNS_CACHE_HITNUM_STEP;
info.speed = speed;
time(&info.insert_time);
time(&info.replace_time);
return _dns_cache_insert(&info, cache_data, &dns_cache_head.cache_list);
}
@@ -363,7 +403,7 @@ struct dns_cache *dns_cache_lookup(char *domain, dns_type_t qtype)
uint32_t key = 0;
struct dns_cache *dns_cache = NULL;
struct dns_cache *dns_cache_ret = NULL;
time_t now;
time_t now = 0;
if (dns_cache_head.size <= 0) {
return NULL;
@@ -406,7 +446,7 @@ struct dns_cache *dns_cache_lookup(char *domain, dns_type_t qtype)
int dns_cache_get_ttl(struct dns_cache *dns_cache)
{
time_t now;
time_t now = 0;
int ttl = 0;
time(&now);
@@ -418,9 +458,9 @@ int dns_cache_get_ttl(struct dns_cache *dns_cache)
return ttl;
}
int dns_cache_get_cname_ttl(struct dns_cache *dns_cache)
int dns_cache_get_cname_ttl(struct dns_cache *dns_cache)
{
time_t now;
time_t now = 0;
int ttl = 0;
time(&now);
@@ -444,10 +484,10 @@ int dns_cache_get_cname_ttl(struct dns_cache *dns_cache)
return 0;
}
return ttl;
return ttl;
}
int dns_cache_is_soa(struct dns_cache *dns_cache)
int dns_cache_is_soa(struct dns_cache *dns_cache)
{
if (dns_cache == NULL) {
return 0;
@@ -502,12 +542,16 @@ void dns_cache_update(struct dns_cache *dns_cache)
pthread_mutex_unlock(&dns_cache_head.lock);
}
void _dns_cache_remove_expired_ttl(time_t *now)
static void _dns_cache_remove_expired_ttl(dns_cache_callback inactive_precallback, int ttl_inactive_pre,
unsigned int max_callback_num, const time_t *now)
{
struct dns_cache *dns_cache = NULL;
struct dns_cache *tmp;
struct dns_cache *tmp = NULL;
unsigned int callback_num = 0;
int ttl = 0;
LIST_HEAD(checklist);
pthread_mutex_lock(&dns_cache_head.lock);
list_for_each_entry_safe(dns_cache, tmp, &dns_cache_head.inactive_list, list)
{
ttl = dns_cache->info.insert_time + dns_cache->info.ttl - *now;
@@ -515,21 +559,55 @@ void _dns_cache_remove_expired_ttl(time_t *now)
continue;
}
if (dns_cache_head.inactive_list_expired + ttl > 0) {
if (dns_cache_head.inactive_list_expired + ttl < 0) {
_dns_cache_remove(dns_cache);
continue;
}
_dns_cache_remove(dns_cache);
ttl = *now - dns_cache->info.replace_time;
if (ttl < ttl_inactive_pre || inactive_precallback == NULL) {
continue;
}
if (callback_num >= max_callback_num) {
continue;
}
if (dns_cache->del_pending == 1) {
continue;
}
/* If the TTL time is in the pre-timeout range, call callback function */
dns_cache_get(dns_cache);
list_add_tail(&dns_cache->check_list, &checklist);
dns_cache->del_pending = 1;
callback_num++;
}
pthread_mutex_unlock(&dns_cache_head.lock);
list_for_each_entry_safe(dns_cache, tmp, &checklist, check_list)
{
/* run inactive_precallback */
if (inactive_precallback) {
inactive_precallback(dns_cache);
}
dns_cache_release(dns_cache);
}
}
void dns_cache_invalidate(dns_cache_preinvalid_callback callback, int ttl_pre)
void dns_cache_invalidate(dns_cache_callback precallback, int ttl_pre, unsigned int max_callback_num,
dns_cache_callback inactive_precallback, int ttl_inactive_pre)
{
struct dns_cache *dns_cache = NULL;
struct dns_cache *tmp;
time_t now;
struct dns_cache *tmp = NULL;
time_t now = 0;
int ttl = 0;
LIST_HEAD(checklist);
unsigned int callback_num = 0;
if (max_callback_num <= 0) {
max_callback_num = -1;
}
if (dns_cache_head.size <= 0) {
return;
@@ -542,35 +620,36 @@ void dns_cache_invalidate(dns_cache_preinvalid_callback callback, int ttl_pre)
ttl = dns_cache->info.insert_time + dns_cache->info.ttl - now;
if (ttl > 0 && ttl < ttl_pre) {
/* If the TTL time is in the pre-timeout range, call callback function */
if (callback && dns_cache->del_pending == 0) {
if (precallback && dns_cache->del_pending == 0 && callback_num < max_callback_num) {
list_add_tail(&dns_cache->check_list, &checklist);
dns_cache_get(dns_cache);
dns_cache->del_pending = 1;
callback_num++;
continue;
}
}
if (ttl < 0) {
if (dns_cache_head.enable_inactive && (dns_cache_is_soa(dns_cache) == 0)) {
if (dns_cache_head.enable_inactive) {
_dns_cache_move_inactive(dns_cache);
} else {
_dns_cache_remove(dns_cache);
}
}
}
pthread_mutex_unlock(&dns_cache_head.lock);
if (dns_cache_head.enable_inactive && dns_cache_head.inactive_list_expired != 0) {
_dns_cache_remove_expired_ttl(&now);
_dns_cache_remove_expired_ttl(inactive_precallback, ttl_inactive_pre, max_callback_num, &now);
}
pthread_mutex_unlock(&dns_cache_head.lock);
list_for_each_entry_safe(dns_cache, tmp, &checklist, check_list)
{
/* run callback */
if (callback) {
callback(dns_cache);
if (precallback) {
precallback(dns_cache);
}
list_del(&dns_cache->check_list);
dns_cache_release(dns_cache);
}
}
@@ -578,8 +657,8 @@ void dns_cache_invalidate(dns_cache_preinvalid_callback callback, int ttl_pre)
static int _dns_cache_read_record(int fd, uint32_t cache_number)
{
int i = 0;
int ret = 0;
unsigned int i = 0;
ssize_t ret = 0;
struct dns_cache_record cache_record;
struct dns_cache_data_head data_head;
struct dns_cache_data *cache_data = NULL;
@@ -647,12 +726,18 @@ errout:
int dns_cache_load(const char *file)
{
int fd = -1;
int ret = 0;
ssize_t ret = 0;
off_t filesize = 0;
fd = open(file, O_RDONLY);
if (fd < 0) {
return 0;
}
filesize = lseek(fd, 0, SEEK_END);
lseek(fd, 0, SEEK_SET);
posix_fadvise(fd, 0, filesize, POSIX_FADV_WILLNEED | POSIX_FADV_SEQUENTIAL);
struct dns_cache_file cache_file;
ret = read(fd, &cache_file, sizeof(cache_file));
if (ret != sizeof(cache_file)) {
@@ -665,11 +750,12 @@ int dns_cache_load(const char *file)
goto errout;
}
if (strncmp(cache_file.version, __TIMESTAMP__, DNS_CACHE_VERSION_LEN) != 0) {
if (strncmp(cache_file.version, __TIMESTAMP__, DNS_CACHE_VERSION_LEN - 1) != 0) {
tlog(TLOG_WARN, "cache version is different, skip load cache.");
goto errout;
}
tlog(TLOG_INFO, "load cache file %s, total %d records", file, cache_file.cache_number);
if (_dns_cache_read_record(fd, cache_file.cache_number) != 0) {
goto errout;
}
@@ -696,7 +782,7 @@ static int _dns_cache_write_record(int fd, uint32_t *cache_number, enum CACHE_RE
cache_record.magic = MAGIC_CACHE_DATA;
cache_record.type = type;
memcpy(&cache_record.info, &dns_cache->info, sizeof(struct dns_cache_info));
int ret = write(fd, &cache_record, sizeof(cache_record));
ssize_t ret = write(fd, &cache_record, sizeof(cache_record));
if (ret != sizeof(cache_record)) {
tlog(TLOG_ERROR, "write cache failed, %s", strerror(errno));
goto errout;
@@ -704,7 +790,7 @@ static int _dns_cache_write_record(int fd, uint32_t *cache_number, enum CACHE_RE
struct dns_cache_data *cache_data = dns_cache->cache_data;
ret = write(fd, cache_data, sizeof(*cache_data) + cache_data->head.size);
if (ret != sizeof(*cache_data) + cache_data->head.size) {
if (ret != (int)sizeof(*cache_data) + cache_data->head.size) {
tlog(TLOG_ERROR, "write cache data failed, %s", strerror(errno));
goto errout;
}
@@ -788,7 +874,8 @@ errout:
void dns_cache_destroy(void)
{
struct dns_cache *dns_cache = NULL;
struct dns_cache *tmp;
struct dns_cache *tmp = NULL;
pthread_mutex_lock(&dns_cache_head.lock);
list_for_each_entry_safe(dns_cache, tmp, &dns_cache_head.inactive_list, list)
{

10
src/dns_cache.h
View File

@@ -51,7 +51,7 @@ struct dns_cache_data_head {
uint32_t cache_flag;
enum CACHE_TYPE cache_type;
int is_soa;
size_t size;
ssize_t size;
};
struct dns_cache_data {
@@ -85,6 +85,7 @@ struct dns_cache_info {
int speed;
int hitnum_update_add;
time_t insert_time;
time_t replace_time;
dns_type_t qtype;
};
@@ -124,6 +125,8 @@ int dns_cache_init(int size, int enable_inactive, int inactive_list_expired);
int dns_cache_replace(char *domain, int ttl, dns_type_t qtype, int speed, struct dns_cache_data *cache_data);
int dns_cache_replace_inactive(char *domain, int ttl, dns_type_t qtype, int speed, struct dns_cache_data *cache_data);
int dns_cache_insert(char *domain, int ttl, dns_type_t qtype, int speed, struct dns_cache_data *cache_data);
struct dns_cache *dns_cache_lookup(char *domain, dns_type_t qtype);
@@ -138,9 +141,10 @@ int dns_cache_hitnum_dec_get(struct dns_cache *dns_cache);
void dns_cache_update(struct dns_cache *dns_cache);
typedef void dns_cache_preinvalid_callback(struct dns_cache *dns_cache);
typedef void dns_cache_callback(struct dns_cache *dns_cache);
void dns_cache_invalidate(dns_cache_preinvalid_callback callback, int ttl_pre);
void dns_cache_invalidate(dns_cache_callback precallback, int ttl_pre, unsigned int max_callback_num,
dns_cache_callback inactive_precallback, int ttl_inactive_pre);
int dns_cache_get_ttl(struct dns_cache *dns_cache);

538
src/dns_client.c
View File

File diff suppressed because it is too large Load Diff

36
src/dns_client.h
View File

@@ -47,17 +47,41 @@ typedef enum dns_result_type {
#define DNSSERVER_FLAG_CHECK_EDNS (0x1 << 2)
#define DNSSERVER_FLAG_CHECK_TTL (0x1 << 3)
#define DNS_QUEY_OPTION_ECS_DNS (1 << 0)
#define DNS_QUEY_OPTION_ECS_IP (1 << 1)
int dns_client_init(void);
int dns_client_set_ecs(char *ip, int subnet);
struct dns_server_info;
/* query result notify function */
typedef int (*dns_client_callback)(char *domain, dns_result_type rtype, unsigned int result_flag,
typedef int (*dns_client_callback)(const char *domain, dns_result_type rtype, struct dns_server_info *server_info,
struct dns_packet *packet, unsigned char *inpacket, int inpacket_len,
void *user_ptr);
unsigned int dns_client_server_result_flag(struct dns_server_info *server_info);
const char *dns_client_get_server_ip(struct dns_server_info *server_info);
int dns_client_get_server_port(struct dns_server_info *server_info);
dns_server_type_t dns_client_get_server_type(struct dns_server_info *server_info);
struct dns_query_ecs_ip {
char ip[DNS_MAX_CNAME_LEN];
int subnet;
};
struct dns_query_options {
unsigned long long enable_flag;
struct dns_opt_ecs ecs_dns;
struct dns_query_ecs_ip ecs_ip;
};
/* query domain */
int dns_client_query(char *domain, int qtype, dns_client_callback callback, void *user_ptr, const char *group_name);
int dns_client_query(const char *domain, int qtype, dns_client_callback callback, void *user_ptr, const char *group_name,
struct dns_query_options *options);
void dns_client_exit(void);
@@ -104,13 +128,13 @@ int dns_client_add_server(char *server_ip, int port, dns_server_type_t server_ty
/* remove remote dns server */
int dns_client_remove_server(char *server_ip, int port, dns_server_type_t server_type);
int dns_client_add_group(char *group_name);
int dns_client_add_group(const char *group_name);
int dns_client_add_to_group(char *group_name, char *server_ip, int port, dns_server_type_t server_type);
int dns_client_add_to_group(const char *group_name, char *server_ip, int port, dns_server_type_t server_type);
int dns_client_remove_from_group(char *group_name, char *server_ip, int port, dns_server_type_t server_type);
int dns_client_remove_from_group(const char *group_name, char *server_ip, int port, dns_server_type_t server_type);
int dns_client_remove_group(char *group_name);
int dns_client_remove_group(const char *group_name);
int dns_server_num(void);

560
src/dns_conf.c
View File

@@ -21,6 +21,7 @@
#include "rbtree.h"
#include "tlog.h"
#include "util.h"
#include <errno.h>
#include <getopt.h>
#include <libgen.h>
#include <stdio.h>
@@ -30,6 +31,7 @@
#include <unistd.h>
#define DEFAULT_DNS_CACHE_SIZE 512
#define DNS_MAX_REPLY_IP_NUM 8
/* ipset */
struct dns_ipset_table {
@@ -42,28 +44,43 @@ struct dns_qtype_soa_table dns_qtype_soa_table;
/* dns groups */
struct dns_group_table dns_group_table;
struct dns_ptr_table dns_ptr_table;
static char dns_conf_dnsmasq_lease_file[DNS_MAX_PATH];
static time_t dns_conf_dnsmasq_lease_file_time;
struct dns_hosts_table dns_hosts_table;
int dns_hosts_record_num;
/* server ip/port */
struct dns_bind_ip dns_conf_bind_ip[DNS_MAX_BIND_IP];
int dns_conf_bind_ip_num = 0;
int dns_conf_tcp_idle_time = 120;
int dns_conf_max_reply_ip_num = DNS_MAX_REPLY_IP_NUM;
/* cache */
int dns_conf_cachesize = DEFAULT_DNS_CACHE_SIZE;
int dns_conf_prefetch = 0;
int dns_conf_serve_expired = 1;
int dns_conf_serve_expired_ttl = 0;
int dns_conf_serve_expired_reply_ttl = 5;
int dns_conf_serve_expired_ttl = 24 * 3600; /* 1 day */
int dns_conf_serve_expired_prefetch_time;
int dns_conf_serve_expired_reply_ttl = 3;
/* upstream servers */
struct dns_servers dns_conf_servers[DNS_MAX_SERVERS];
char dns_conf_server_name[DNS_MAX_SERVER_NAME_LEN];
int dns_conf_server_num;
struct dns_domain_check_order dns_conf_check_order = {
.order = {DOMAIN_CHECK_ICMP, DOMAIN_CHECK_TCP},
.tcp_port = 80,
struct dns_domain_check_orders dns_conf_check_orders = {
.orders =
{
{.type = DOMAIN_CHECK_ICMP, .tcp_port = 0},
{.type = DOMAIN_CHECK_TCP, .tcp_port = 80},
{.type = DOMAIN_CHECK_TCP, .tcp_port = 443},
},
};
int dns_has_cap_ping = 0;
static int dns_has_cap_ping = 0;
/* logging */
int dns_conf_log_level = TLOG_ERROR;
@@ -91,6 +108,7 @@ struct dns_conf_address_rule dns_conf_address_rule;
/* dual-stack selection */
int dns_conf_dualstack_ip_selection = 1;
int dns_conf_dualstack_ip_allow_force_AAAA;
int dns_conf_dualstack_ip_selection_threshold = 15;
/* TTL */
@@ -99,9 +117,11 @@ int dns_conf_rr_ttl_reply_max;
int dns_conf_rr_ttl_min = 600;
int dns_conf_rr_ttl_max;
int dns_conf_force_AAAA_SOA;
int dns_conf_force_no_cname;
int dns_conf_ipset_timeout_enable;
char dns_conf_user[DNS_CONF_USRNAME_LEN];
/* ECS */
struct dns_edns_client_subnet dns_conf_ipv4_ecs;
struct dns_edns_client_subnet dns_conf_ipv6_ecs;
@@ -229,7 +249,7 @@ static void _config_group_table_destroy(void)
{
struct dns_server_groups *group = NULL;
struct hlist_node *tmp = NULL;
int i;
unsigned long i = 0;
hash_for_each_safe(dns_group_table.group, i, tmp, group, node)
{
@@ -241,7 +261,7 @@ static void _config_group_table_destroy(void)
static int _config_server(int argc, char *argv[], dns_server_type_t type, int default_port)
{
int index = dns_conf_server_num;
struct dns_servers *server;
struct dns_servers *server = NULL;
int port = -1;
char *ip = NULL;
int opt = 0;
@@ -435,7 +455,7 @@ static int _config_domain_rule_add(char *domain, enum domain_rule type, void *ru
/* Reverse string, for suffix match */
len = strlen(domain);
if (len >= sizeof(domain_key)) {
if (len >= (int)sizeof(domain_key)) {
tlog(TLOG_ERROR, "domain name %s too long", domain);
goto errout;
}
@@ -496,7 +516,7 @@ static int _config_domain_rule_flag_set(char *domain, unsigned int flag, unsigne
int len = 0;
len = strlen(domain);
if (len >= sizeof(domain_key)) {
if (len >= (int)sizeof(domain_key)) {
tlog(TLOG_ERROR, "domain %s too long", domain);
return -1;
}
@@ -554,7 +574,7 @@ static void _config_ipset_table_destroy(void)
{
struct dns_ipset_name *ipset_name = NULL;
struct hlist_node *tmp = NULL;
int i;
unsigned long i = 0;
hash_for_each_safe(dns_ipset_table.ipset, i, tmp, ipset_name, node)
{
@@ -599,8 +619,8 @@ static int _conf_domain_rule_ipset(char *domain, const char *ipsetname)
struct dns_ipset_rule *ipset_rule = NULL;
const char *ipset = NULL;
char *copied_name = NULL;
enum domain_rule type;
int ignore_flag;
enum domain_rule type = 0;
int ignore_flag = 0;
copied_name = strdup(ipsetname);
@@ -610,10 +630,10 @@ static int _conf_domain_rule_ipset(char *domain, const char *ipsetname)
for (char *tok = strtok(copied_name, ","); tok; tok = strtok(NULL, ",")) {
if (tok[0] == '#') {
if (strncmp(tok, "#6:", 3u) == 0) {
if (strncmp(tok, "#6:", 3U) == 0) {
type = DOMAIN_RULE_IPSET_IPV6;
ignore_flag = DOMAIN_FLAG_IPSET_IPV6_IGN;
} else if (strncmp(tok, "#4:", 3u) == 0) {
} else if (strncmp(tok, "#4:", 3U) == 0) {
type = DOMAIN_RULE_IPSET_IPV4;
ignore_flag = DOMAIN_FLAG_IPSET_IPV4_IGN;
} else {
@@ -690,7 +710,7 @@ static int _conf_domain_rule_address(char *domain, const char *domain_address)
struct dns_address_IPV6 *address_ipv6 = NULL;
void *address = NULL;
char ip[MAX_IP_LEN];
int port;
int port = 0;
struct sockaddr_storage addr;
socklen_t addr_len = sizeof(addr);
enum domain_rule type = 0;
@@ -742,7 +762,7 @@ static int _conf_domain_rule_address(char *domain, const char *domain_address)
switch (addr.ss_family) {
case AF_INET: {
struct sockaddr_in *addr_in;
struct sockaddr_in *addr_in = NULL;
address_ipv4 = malloc(sizeof(*address_ipv4));
if (address_ipv4 == NULL) {
goto errout;
@@ -754,7 +774,7 @@ static int _conf_domain_rule_address(char *domain, const char *domain_address)
address = address_ipv4;
} break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6;
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)&addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
address_ipv4 = malloc(sizeof(*address_ipv4));
@@ -813,17 +833,17 @@ errout:
return 0;
}
static int _config_speed_check_mode_parser(struct dns_domain_check_order *check_order, const char *mode)
static int _config_speed_check_mode_parser(struct dns_domain_check_orders *check_orders, const char *mode)
{
char tmpbuff[DNS_MAX_OPT_LEN];
char *field;
char *ptr;
char *field = NULL;
char *ptr = NULL;
int order = 0;
int port = 80;
int i = 0;
safe_strncpy(tmpbuff, mode, DNS_MAX_OPT_LEN);
memset(check_order, 0, sizeof(*check_order));
memset(check_orders, 0, sizeof(*check_orders));
ptr = tmpbuff;
do {
@@ -844,7 +864,8 @@ static int _config_speed_check_mode_parser(struct dns_domain_check_order *check_
}
continue;
}
check_order->order[order] = DOMAIN_CHECK_ICMP;
check_orders->orders[order].type = DOMAIN_CHECK_ICMP;
check_orders->orders[order].tcp_port = 0;
} else if (strstr(field, "tcp") == field) {
char *port_str = strstr(field, ":");
if (port_str) {
@@ -854,12 +875,12 @@ static int _config_speed_check_mode_parser(struct dns_domain_check_order *check_
}
}
check_order->order[order] = DOMAIN_CHECK_TCP;
check_order->tcp_port = port;
check_orders->orders[order].type = DOMAIN_CHECK_TCP;
check_orders->orders[order].tcp_port = port;
} else if (strncmp(field, "none", sizeof("none")) == 0) {
check_order->order[order] = DOMAIN_CHECK_NONE;
for (i = order + 1; i < DOMAIN_CHECK_NUM; i++) {
check_order->order[i] = DOMAIN_CHECK_NONE;
for (i = order; i < DOMAIN_CHECK_NUM; i++) {
check_orders->orders[i].type = DOMAIN_CHECK_NONE;
check_orders->orders[i].tcp_port = 0;
}
return 0;
@@ -883,18 +904,19 @@ static int _config_speed_check_mode(void *data, int argc, char *argv[])
}
safe_strncpy(mode, argv[1], sizeof(mode));
return _config_speed_check_mode_parser(&dns_conf_check_order, mode);
return _config_speed_check_mode_parser(&dns_conf_check_orders, mode);
}
static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
{
int index = dns_conf_bind_ip_num;
struct dns_bind_ip *bind_ip;
struct dns_bind_ip *bind_ip = NULL;
char *ip = NULL;
int opt = 0;
char group_name[DNS_GROUP_NAME_LEN];
const char *group = NULL;
unsigned int server_flag = 0;
int i = 0;
/* clang-format off */
static struct option long_options[] = {
@@ -922,6 +944,20 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
return 0;
}
for (i = 0; i < dns_conf_bind_ip_num; i++) {
bind_ip = &dns_conf_bind_ip[i];
if (bind_ip->type != type) {
continue;
}
if (strncmp(bind_ip->ip, ip, DNS_MAX_IPLEN) != 0) {
continue;
}
tlog(TLOG_WARN, "Bind server %s, type %d, already configured, skip.", ip, type);
return 0;
}
bind_ip = &dns_conf_bind_ip[index];
bind_ip->type = type;
bind_ip->flags = 0;
@@ -1108,8 +1144,8 @@ errout:
static radix_node_t *_create_addr_node(char *addr)
{
radix_node_t *node;
void *p;
radix_node_t *node = NULL;
void *p = NULL;
prefix_t prefix;
const char *errmsg = NULL;
radix_tree_t *tree = NULL;
@@ -1176,7 +1212,7 @@ static int _config_iplist_rule(char *subnet, enum address_rule rule)
static int _config_qtype_soa(void *data, int argc, char *argv[])
{
struct dns_qtype_soa_list *soa_list;
struct dns_qtype_soa_list *soa_list = NULL;
int i = 0;
if (argc <= 1) {
@@ -1192,6 +1228,9 @@ static int _config_qtype_soa(void *data, int argc, char *argv[])
memset(soa_list, 0, sizeof(*soa_list));
soa_list->qtypeid = atol(argv[i]);
if (soa_list->qtypeid == DNS_T_AAAA) {
dns_conf_force_AAAA_SOA = 1;
}
uint32_t key = hash_32_generic(soa_list->qtypeid, 32);
hash_add(dns_qtype_soa_table.qtype, &soa_list->node, key);
}
@@ -1203,7 +1242,7 @@ static void _config_qtype_soa_table_destroy(void)
{
struct dns_qtype_soa_list *soa_list = NULL;
struct hlist_node *tmp = NULL;
int i;
unsigned long i = 0;
hash_for_each_safe(dns_qtype_soa_table.qtype, i, tmp, soa_list, node)
{
@@ -1300,25 +1339,26 @@ errout:
static int _conf_domain_rule_speed_check(char *domain, const char *mode)
{
struct dns_domain_check_order *check_order;
struct dns_domain_check_orders *check_orders = NULL;
check_order = malloc(sizeof(*check_order));
if (check_order == NULL) {
check_orders = malloc(sizeof(*check_orders) * DOMAIN_CHECK_NUM);
if (check_orders == NULL) {
goto errout;
}
memset(check_orders, 0, sizeof(*check_orders));
if (_config_speed_check_mode_parser(check_orders, mode) != 0) {
goto errout;
}
if (_config_speed_check_mode_parser(check_order, mode) != 0) {
goto errout;
}
if (_config_domain_rule_add(domain, DOMAIN_RULE_CHECKSPEED, check_order) != 0) {
if (_config_domain_rule_add(domain, DOMAIN_RULE_CHECKSPEED, check_orders) != 0) {
goto errout;
}
return 0;
errout:
if (check_order) {
free(check_order);
if (check_orders) {
free(check_orders);
}
return 0;
}
@@ -1429,6 +1469,342 @@ errout:
return -1;
}
static struct dns_ptr *_dns_conf_get_ptr(const char *ptr_domain)
{
uint32_t key = 0;
struct dns_ptr *ptr = NULL;
key = hash_string(ptr_domain);
hash_for_each_possible(dns_ptr_table.ptr, ptr, node, key)
{
if (strncmp(ptr->ptr_domain, ptr_domain, DNS_MAX_PTR_LEN) != 0) {
continue;
}
return ptr;
}
ptr = malloc(sizeof(*ptr));
if (ptr == NULL) {
goto errout;
}
safe_strncpy(ptr->ptr_domain, ptr_domain, DNS_MAX_PTR_LEN);
hash_add(dns_ptr_table.ptr, &ptr->node, key);
return ptr;
errout:
if (ptr) {
free(ptr);
}
return NULL;
}
static int _conf_ptr_add(const char *hostname, const char *ip)
{
struct dns_ptr *ptr = NULL;
struct sockaddr_storage addr;
unsigned char *paddr = NULL;
socklen_t addr_len = sizeof(addr);
char ptr_domain[DNS_MAX_PTR_LEN];
if (getaddr_by_host(ip, (struct sockaddr *)&addr, &addr_len) != 0) {
goto errout;
}
switch (addr.ss_family) {
case AF_INET: {
struct sockaddr_in *addr_in = NULL;
addr_in = (struct sockaddr_in *)&addr;
paddr = (unsigned char *)&(addr_in->sin_addr.s_addr);
snprintf(ptr_domain, sizeof(ptr_domain), "%d.%d.%d.%d.in-addr.arpa", paddr[3], paddr[2], paddr[1], paddr[0]);
} break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)&addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
paddr = addr_in6->sin6_addr.s6_addr + 12;
snprintf(ptr_domain, sizeof(ptr_domain), "%d.%d.%d.%d.in-addr.arpa", paddr[3], paddr[2], paddr[1],
paddr[0]);
} else {
paddr = addr_in6->sin6_addr.s6_addr;
snprintf(ptr_domain, sizeof(ptr_domain),
"%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
"%x.ip6.arpa",
paddr[15] & 0xF, (paddr[15] >> 4) & 0xF, paddr[14] & 0xF, (paddr[14] >> 4) & 0xF, paddr[13] & 0xF,
(paddr[13] >> 4) & 0xF, paddr[12] & 0xF, (paddr[12] >> 4) & 0xF, paddr[11] & 0xF,
(paddr[11] >> 4) & 0xF, paddr[10] & 0xF, (paddr[10] >> 4) & 0xF, paddr[9] & 0xF,
(paddr[9] >> 4) & 0xF, paddr[8] & 0xF, (paddr[8] >> 4) & 0xF, paddr[7] & 0xF,
(paddr[7] >> 4) & 0xF, paddr[6] & 0xF, (paddr[6] >> 4) & 0xF, paddr[5] & 0xF,
(paddr[5] >> 4) & 0xF, paddr[4] & 0xF, (paddr[4] >> 4) & 0xF, paddr[3] & 0xF,
(paddr[3] >> 4) & 0xF, paddr[2] & 0xF, (paddr[2] >> 4) & 0xF, paddr[1] & 0xF,
(paddr[1] >> 4) & 0xF, paddr[0] & 0xF, (paddr[0] >> 4) & 0xF);
}
} break;
default:
goto errout;
break;
}
ptr = _dns_conf_get_ptr(ptr_domain);
if (ptr == NULL) {
goto errout;
}
safe_strncpy(ptr->hostname, hostname, DNS_MAX_CNAME_LEN);
return 0;
errout:
return -1;
}
static void _config_ptr_table_destroy(void)
{
struct dns_ptr *ptr = NULL;
struct hlist_node *tmp = NULL;
unsigned long i = 0;
hash_for_each_safe(dns_ptr_table.ptr, i, tmp, ptr, node)
{
hlist_del_init(&ptr->node);
free(ptr);
}
}
static struct dns_hosts *_dns_conf_get_hosts(const char *hostname, int dns_type)
{
uint32_t key = 0;
struct dns_hosts *host = NULL;
char hostname_lower[DNS_MAX_CNAME_LEN];
key = hash_string(to_lower_case(hostname_lower, hostname, DNS_MAX_CNAME_LEN));
key = jhash(&dns_type, sizeof(dns_type), key);
hash_for_each_possible(dns_hosts_table.hosts, host, node, key)
{
if (host->dns_type != dns_type) {
continue;
}
if (strncmp(host->domain, hostname_lower, DNS_MAX_CNAME_LEN) != 0) {
continue;
}
return host;
}
host = malloc(sizeof(*host));
if (host == NULL) {
goto errout;
}
safe_strncpy(host->domain, hostname_lower, DNS_MAX_CNAME_LEN);
host->dns_type = dns_type;
host->is_soa = 1;
hash_add(dns_hosts_table.hosts, &host->node, key);
return host;
errout:
if (host) {
free(host);
}
return NULL;
}
static int _conf_host_add(const char *hostname, const char *ip, dns_hosts_type host_type)
{
struct dns_hosts *host = NULL;
struct dns_hosts *host_other __attribute__((unused));
struct sockaddr_storage addr;
socklen_t addr_len = sizeof(addr);
int dns_type = 0;
int dns_type_other = 0;
if (getaddr_by_host(ip, (struct sockaddr *)&addr, &addr_len) != 0) {
goto errout;
}
switch (addr.ss_family) {
case AF_INET:
dns_type = DNS_T_A;
dns_type_other = DNS_T_AAAA;
break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)&addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
dns_type = DNS_T_A;
dns_type_other = DNS_T_AAAA;
} else {
dns_type = DNS_T_AAAA;
dns_type_other = DNS_T_A;
}
} break;
default:
goto errout;
break;
}
host = _dns_conf_get_hosts(hostname, dns_type);
if (host == NULL) {
goto errout;
}
/* add this to return SOA when addr is not exist */
host_other = _dns_conf_get_hosts(hostname, dns_type_other);
host->host_type = host_type;
switch (addr.ss_family) {
case AF_INET: {
struct sockaddr_in *addr_in = NULL;
addr_in = (struct sockaddr_in *)&addr;
memcpy(host->ipv4_addr, &addr_in->sin_addr.s_addr, 4);
host->is_soa = 0;
} break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)&addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
memcpy(host->ipv4_addr, addr_in6->sin6_addr.s6_addr + 12, 4);
} else {
memcpy(host->ipv6_addr, addr_in6->sin6_addr.s6_addr, 16);
}
host->is_soa = 0;
} break;
default:
goto errout;
}
dns_hosts_record_num++;
return 0;
errout:
return -1;
}
static int _conf_dhcp_lease_dnsmasq_add(const char *file)
{
FILE *fp = NULL;
char line[MAX_LINE_LEN];
char ip[DNS_MAX_IPLEN];
char hostname[DNS_MAX_CNAME_LEN];
int ret = 0;
int line_no = 0;
int filed_num = 0;
fp = fopen(file, "r");
if (fp == NULL) {
tlog(TLOG_WARN, "open file %s error, %s", file, strerror(errno));
return 0;
}
line_no = 0;
while (fgets(line, MAX_LINE_LEN, fp)) {
line_no++;
filed_num = sscanf(line, "%*s %*s %64s %256s %*s", ip, hostname);
if (filed_num <= 0) {
continue;
}
if (strncmp(hostname, "*", DNS_MAX_CNAME_LEN - 1) == 0) {
continue;
}
ret = _conf_host_add(hostname, ip, DNS_HOST_TYPE_DNSMASQ);
if (ret != 0) {
tlog(TLOG_WARN, "add host %s/%s at %d failed", hostname, ip, line_no);
}
ret = _conf_ptr_add(hostname, ip);
if (ret != 0) {
tlog(TLOG_WARN, "add ptr %s/%s at %d failed.", hostname, ip, line_no);
}
}
fclose(fp);
return 0;
}
static int _conf_dhcp_lease_dnsmasq_file(void *data, int argc, char *argv[])
{
struct stat statbuf;
if (argc < 1) {
return -1;
}
safe_strncpy(dns_conf_dnsmasq_lease_file, argv[1], DNS_MAX_PATH);
if (_conf_dhcp_lease_dnsmasq_add(argv[1]) != 0) {
return -1;
}
if (stat(dns_conf_dnsmasq_lease_file, &statbuf) != 0) {
return 0;
}
dns_conf_dnsmasq_lease_file_time = statbuf.st_mtime;
return 0;
}
static int _conf_hosts_file(void *data, int argc, char *argv[])
{
return 0;
}
static void _config_host_table_destroy(void)
{
struct dns_hosts *host = NULL;
struct hlist_node *tmp = NULL;
unsigned long i = 0;
hash_for_each_safe(dns_hosts_table.hosts, i, tmp, host, node)
{
hlist_del_init(&host->node);
free(host);
}
dns_hosts_record_num = 0;
}
int dns_server_check_update_hosts(void)
{
struct stat statbuf;
time_t now = 0;
if (dns_conf_dnsmasq_lease_file[0] == '\0') {
return -1;
}
if (stat(dns_conf_dnsmasq_lease_file, &statbuf) != 0) {
return -1;
}
if (dns_conf_dnsmasq_lease_file_time == statbuf.st_mtime) {
return -1;
}
time(&now);
if (now - statbuf.st_mtime < 30) {
return -1;
}
_config_ptr_table_destroy();
_config_host_table_destroy();
if (_conf_dhcp_lease_dnsmasq_add(dns_conf_dnsmasq_lease_file) != 0) {
return -1;
}
dns_conf_dnsmasq_lease_file_time = statbuf.st_mtime;
return 0;
}
static int _config_log_level(void *data, int argc, char *argv[])
{
/* read log level and set */
@@ -1453,6 +1829,35 @@ static int _config_log_level(void *data, int argc, char *argv[])
return 0;
}
static void _config_setup_smartdns_domain(void)
{
char hostname[DNS_MAX_CNAME_LEN];
/* get local host name */
if (getdomainname(hostname, DNS_MAX_CNAME_LEN) != 0) {
gethostname(hostname, DNS_MAX_CNAME_LEN);
}
/* get host name again */
if (strncmp(hostname, "(none)", DNS_MAX_CNAME_LEN - 1) == 0) {
gethostname(hostname, DNS_MAX_CNAME_LEN);
}
/* if hostname is (none), return smartdns */
if (strncmp(hostname, "(none)", DNS_MAX_CNAME_LEN - 1) == 0) {
safe_strncpy(hostname, "smartdns", DNS_MAX_CNAME_LEN);
}
if (hostname[0] != '\0') {
_config_domain_rule_flag_set(hostname, DOMAIN_FLAG_SMARTDNS_DOMAIN, 0);
}
if (dns_conf_server_name[0] != '\0') {
_config_domain_rule_flag_set(dns_conf_server_name, DOMAIN_FLAG_SMARTDNS_DOMAIN, 0);
}
_config_domain_rule_flag_set("smartdns", DOMAIN_FLAG_SMARTDNS_DOMAIN, 0);
}
static struct config_item _config_item[] = {
CONF_STRING("server-name", (char *)dns_conf_server_name, DNS_MAX_SERVER_NAME_LEN),
CONF_CUSTOM("bind", _config_bind_ip_udp, NULL),
@@ -1474,7 +1879,9 @@ static struct config_item _config_item[] = {
CONF_YESNO("serve-expired", &dns_conf_serve_expired),
CONF_INT("serve-expired-ttl", &dns_conf_serve_expired_ttl, 0, CONF_INT_MAX),
CONF_INT("serve-expired-reply-ttl", &dns_conf_serve_expired_reply_ttl, 0, CONF_INT_MAX),
CONF_INT("serve-expired-prefetch-time", &dns_conf_serve_expired_prefetch_time, 0, CONF_INT_MAX),
CONF_YESNO("dualstack-ip-selection", &dns_conf_dualstack_ip_selection),
CONF_YESNO("dualstack-ip-allow-force-AAAA", &dns_conf_dualstack_ip_allow_force_AAAA),
CONF_INT("dualstack-ip-selection-threshold", &dns_conf_dualstack_ip_selection_threshold, 0, 1000),
CONF_CUSTOM("log-level", _config_log_level, NULL),
CONF_STRING("log-file", (char *)dns_conf_log_file, DNS_MAX_PATH),
@@ -1489,7 +1896,9 @@ static struct config_item _config_item[] = {
CONF_INT("rr-ttl-min", &dns_conf_rr_ttl_min, 0, CONF_INT_MAX),
CONF_INT("rr-ttl-max", &dns_conf_rr_ttl_max, 0, CONF_INT_MAX),
CONF_INT("rr-ttl-reply-max", &dns_conf_rr_ttl_reply_max, 0, CONF_INT_MAX),
CONF_INT("max-reply-ip-num", &dns_conf_max_reply_ip_num, 1, CONF_INT_MAX),
CONF_YESNO("force-AAAA-SOA", &dns_conf_force_AAAA_SOA),
CONF_YESNO("force-no-CNAME", &dns_conf_force_no_cname),
CONF_CUSTOM("force-qtype-SOA", _config_qtype_soa, NULL),
CONF_CUSTOM("blacklist-ip", _config_blacklist_ip, NULL),
CONF_CUSTOM("whitelist-ip", _conf_whitelist_ip, NULL),
@@ -1497,22 +1906,27 @@ static struct config_item _config_item[] = {
CONF_CUSTOM("ignore-ip", _conf_ip_ignore, NULL),
CONF_CUSTOM("edns-client-subnet", _conf_edns_client_subnet, NULL),
CONF_CUSTOM("domain-rules", _conf_domain_rules, NULL),
CONF_CUSTOM("dnsmasq-lease-file", _conf_dhcp_lease_dnsmasq_file, NULL),
CONF_CUSTOM("hosts-file", _conf_hosts_file, NULL),
CONF_STRING("ca-file", (char *)&dns_conf_ca_file, DNS_MAX_PATH),
CONF_STRING("ca-path", (char *)&dns_conf_ca_path, DNS_MAX_PATH),
CONF_STRING("user", (char *)&dns_conf_user, sizeof(dns_conf_user)),
CONF_CUSTOM("conf-file", config_addtional_file, NULL),
CONF_END(),
};
static int _conf_printf(const char *file, int lineno, int ret)
{
if (ret == CONF_RET_ERR) {
tlog(TLOG_ERROR, "process config file '%s' failed at line %d.", file, lineno);
syslog(LOG_NOTICE, "process config file '%s' failed at line %d.", file, lineno);
return -1;
} else if (ret == CONF_RET_WARN) {
switch (ret) {
case CONF_RET_ERR:
case CONF_RET_WARN:
case CONF_RET_BADCONF:
tlog(TLOG_WARN, "process config file '%s' failed at line %d.", file, lineno);
syslog(LOG_NOTICE, "process config file '%s' failed at line %d.", file, lineno);
return -1;
break;
default:
break;
}
return 0;
@@ -1520,10 +1934,15 @@ static int _conf_printf(const char *file, int lineno, int ret)
int config_addtional_file(void *data, int argc, char *argv[])
{
char *conf_file = argv[1];
char *conf_file = NULL;
char file_path[DNS_MAX_PATH];
char file_path_dir[DNS_MAX_PATH];
if (argc < 1) {
return -1;
}
conf_file = argv[1];
if (conf_file[0] != '/') {
safe_strncpy(file_path_dir, conf_get_conf_file(), DNS_MAX_PATH);
dirname(file_path_dir);
@@ -1563,6 +1982,10 @@ static int _dns_server_load_conf_init(void)
hash_init(dns_ipset_table.ipset);
hash_init(dns_qtype_soa_table.qtype);
hash_init(dns_group_table.group);
hash_init(dns_hosts_table.hosts);
hash_init(dns_ptr_table.ptr);
_config_setup_smartdns_domain();
return 0;
}
@@ -1574,12 +1997,15 @@ void dns_server_load_exit(void)
Destroy_Radix(dns_conf_address_rule.ipv6, _config_address_destroy, NULL);
_config_ipset_table_destroy();
_config_group_table_destroy();
_config_ptr_table_destroy();
_config_host_table_destroy();
_config_qtype_soa_table_destroy();
}
static int _dns_conf_speed_check_mode_verify(void)
{
int i, j;
int i = 0;
int j = 0;
int print_log = 0;
if (dns_has_cap_ping == 1) {
@@ -1587,11 +2013,13 @@ static int _dns_conf_speed_check_mode_verify(void)
}
for (i = 0; i < DOMAIN_CHECK_NUM; i++) {
if (dns_conf_check_order.order[i] == DOMAIN_CHECK_ICMP) {
if (dns_conf_check_orders.orders[i].type == DOMAIN_CHECK_ICMP) {
for (j = i + 1; j < DOMAIN_CHECK_NUM; j++) {
dns_conf_check_order.order[j - 1] = dns_conf_check_order.order[j];
dns_conf_check_orders.orders[j - 1].type = dns_conf_check_orders.orders[j].type;
dns_conf_check_orders.orders[j - 1].tcp_port = dns_conf_check_orders.orders[j].tcp_port;
}
dns_conf_check_order.order[j - 1] = DOMAIN_CHECK_NONE;
dns_conf_check_orders.orders[j - 1].type = DOMAIN_CHECK_NONE;
dns_conf_check_orders.orders[j - 1].tcp_port = 0;
print_log = 1;
}
}
@@ -1603,13 +2031,33 @@ static int _dns_conf_speed_check_mode_verify(void)
return 0;
}
static int _dns_ping_cap_check(void)
{
int has_ping = 0;
int has_raw_cap = 0;
has_raw_cap = has_network_raw_cap();
has_ping = has_unprivileged_ping();
if (has_ping == 0) {
if (errno == EACCES && has_raw_cap == 0) {
tlog(TLOG_WARN, "unpriviledged ping is disabled, please enable by setting net.ipv4.ping_group_range");
}
}
if (has_ping == 1 || has_raw_cap == 1) {
dns_has_cap_ping = 1;
}
return 0;
}
static int _dns_conf_load_pre(void)
{
if (_dns_server_load_conf_init() != 0) {
goto errout;
}
dns_has_cap_ping = has_network_raw_cap();
_dns_ping_cap_check();
return 0;

57
src/dns_conf.h
View File

@@ -35,10 +35,12 @@ extern "C" {
#define DNS_MAX_BIND_IP 16
#define DNS_MAX_SERVERS 64
#define DNS_MAX_SERVER_NAME_LEN 128
#define DNS_MAX_PTR_LEN 128
#define DNS_MAX_IPSET_NAMELEN 32
#define DNS_GROUP_NAME_LEN 32
#define DNS_NAX_GROUP_NUMBER 16
#define DNS_MAX_IPLEN 64
#define DNS_CONF_USRNAME_LEN 32
#define DNS_MAX_SPKI_LEN 64
#define DNS_MAX_URL_LEN 256
#define DNS_MAX_PATH 1024
@@ -72,7 +74,7 @@ typedef enum {
#define DOMAIN_CHECK_NONE 0
#define DOMAIN_CHECK_ICMP 1
#define DOMAIN_CHECK_TCP 2
#define DOMAIN_CHECK_NUM 2
#define DOMAIN_CHECK_NUM 3
#define DOMAIN_FLAG_ADDR_SOA (1 << 0)
#define DOMAIN_FLAG_ADDR_IPV4_SOA (1 << 1)
@@ -85,6 +87,7 @@ typedef enum {
#define DOMAIN_FLAG_IPSET_IPV6_IGN (1 << 8)
#define DOMAIN_FLAG_NAMESERVER_IGNORE (1 << 9)
#define DOMAIN_FLAG_DUALSTACK_SELECT (1 << 10)
#define DOMAIN_FLAG_SMARTDNS_DOMAIN (1 << 11)
#define SERVER_FLAG_EXCLUDE_DEFAULT (1 << 0)
@@ -136,15 +139,53 @@ struct dns_server_groups {
};
struct dns_domain_check_order {
char order[DOMAIN_CHECK_NUM];
char type;
unsigned short tcp_port;
};
struct dns_domain_check_orders {
struct dns_domain_check_order orders[DOMAIN_CHECK_NUM];
};
struct dns_group_table {
DECLARE_HASHTABLE(group, 8);
};
extern struct dns_group_table dns_group_table;
struct dns_ptr {
struct hlist_node node;
char ptr_domain[DNS_MAX_PTR_LEN];
char hostname[DNS_MAX_CNAME_LEN];
};
struct dns_ptr_table {
DECLARE_HASHTABLE(ptr, 16);
};
extern struct dns_ptr_table dns_ptr_table;
typedef enum dns_hosts_type {
DNS_HOST_TYPE_HOST = 0,
DNS_HOST_TYPE_DNSMASQ = 1,
} dns_hosts_type;
struct dns_hosts {
struct hlist_node node;
char domain[DNS_MAX_CNAME_LEN];
dns_hosts_type host_type;
int dns_type;
int is_soa;
union {
unsigned char ipv4_addr[DNS_RR_A_LEN];
unsigned char ipv6_addr[DNS_RR_AAAA_LEN];
};
};
struct dns_hosts_table {
DECLARE_HASHTABLE(hosts, 16);
};
extern struct dns_hosts_table dns_hosts_table;
extern int dns_hosts_record_num;
struct dns_servers {
char server[DNS_MAX_IPLEN];
unsigned short port;
@@ -221,6 +262,7 @@ extern int dns_conf_cachesize;
extern int dns_conf_prefetch;
extern int dns_conf_serve_expired;
extern int dns_conf_serve_expired_ttl;
extern int dns_conf_serve_expired_prefetch_time;
extern int dns_conf_serve_expired_reply_ttl;
extern struct dns_servers dns_conf_servers[DNS_MAX_SERVERS];
extern int dns_conf_server_num;
@@ -236,7 +278,7 @@ extern char dns_conf_ca_path[DNS_MAX_PATH];
extern char dns_conf_cache_file[DNS_MAX_PATH];
extern int dns_conf_cache_persist;
extern struct dns_domain_check_order dns_conf_check_order;
extern struct dns_domain_check_orders dns_conf_check_orders;
extern struct dns_server_groups dns_conf_server_groups[DNS_NAX_GROUP_NUMBER];
extern int dns_conf_server_group_num;
@@ -252,8 +294,11 @@ extern art_tree dns_conf_domain_rule;
extern struct dns_conf_address_rule dns_conf_address_rule;
extern int dns_conf_dualstack_ip_selection;
extern int dns_conf_dualstack_ip_allow_force_AAAA;
extern int dns_conf_dualstack_ip_selection_threshold;
extern int dns_conf_max_reply_ip_num;
extern int dns_conf_rr_ttl;
extern int dns_conf_rr_ttl_reply_max;
extern int dns_conf_rr_ttl_min;
@@ -261,6 +306,10 @@ extern int dns_conf_rr_ttl_max;
extern int dns_conf_force_AAAA_SOA;
extern int dns_conf_ipset_timeout_enable;
extern int dns_conf_force_no_cname;
extern char dns_conf_user[DNS_CONF_USRNAME_LEN];
extern struct dns_edns_client_subnet dns_conf_ipv4_ecs;
extern struct dns_edns_client_subnet dns_conf_ipv6_ecs;
@@ -270,6 +319,8 @@ void dns_server_load_exit(void);
int dns_server_load_conf(const char *file);
int dns_server_check_update_hosts(void);
extern int config_addtional_file(void *data, int argc, char *argv[]);
#ifdef __cpluscplus
}

2518
src/dns_server.c
View File

File diff suppressed because it is too large Load Diff

4
src/dns_server.h
View File

@@ -37,11 +37,11 @@ void dns_server_stop(void);
void dns_server_exit(void);
/* query result notify function */
typedef int (*dns_result_callback)(char *domain, dns_rtcode_t rtcode, dns_type_t addr_type, char *ip,
typedef int (*dns_result_callback)(const char *domain, dns_rtcode_t rtcode, dns_type_t addr_type, char *ip,
unsigned int ping_time, void *user_ptr);
/* query domain */
int dns_server_query(char *domain, int qtype, uint32_t server_flags, dns_result_callback callback, void *user_ptr);
int dns_server_query(const char *domain, int qtype, uint32_t server_flags, dns_result_callback callback, void *user_ptr);
#ifdef __cpluscplus
}

196
src/fast_ping.c
View File

@@ -97,6 +97,7 @@ struct ping_host_struct {
FAST_PING_TYPE type;
void *userptr;
int error;
fast_ping_result ping_callback;
char host[PING_MAX_HOSTLEN];
@@ -123,12 +124,13 @@ struct ping_host_struct {
};
struct fast_ping_struct {
int run;
atomic_t run;
pthread_t tid;
pthread_mutex_t lock;
unsigned short ident;
int epoll_fd;
int no_unprivileged_ping;
int fd_icmp;
struct ping_host_struct icmp_host;
int fd_icmp6;
@@ -149,7 +151,7 @@ static int bool_print_log = 1;
static uint16_t _fast_ping_checksum(uint16_t *header, size_t len)
{
uint32_t sum = 0;
int i;
unsigned int i = 0;
for (i = 0; i < len / sizeof(uint16_t); i++) {
sum += ntohs(header[i]);
@@ -260,13 +262,13 @@ static uint32_t _fast_ping_hash_key(unsigned int sid, struct sockaddr *addr)
switch (addr->sa_family) {
case AF_INET: {
struct sockaddr_in *addr_in;
struct sockaddr_in *addr_in = NULL;
addr_in = (struct sockaddr_in *)addr;
sin_addr = &addr_in->sin_addr.s_addr;
sin_addr_len = IPV4_ADDR_LEN;
} break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6;
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
sin_addr = addr_in6->sin6_addr.s6_addr + 12;
@@ -356,7 +358,7 @@ static void _fast_ping_close_host_sock(struct ping_host_struct *ping_host)
if (ping_host->fd < 0) {
return;
}
struct epoll_event *event;
struct epoll_event *event = NULL;
event = (struct epoll_event *)1;
epoll_ctl(ping.epoll_fd, EPOLL_CTL_DEL, ping_host->fd, event);
close(ping_host->fd);
@@ -386,11 +388,10 @@ static void _fast_ping_host_put(struct ping_host_struct *ping_host)
tv.tv_usec = 0;
ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_END, &ping_host->addr, ping_host->addr_len,
ping_host->seq, ping_host->ttl, &tv, ping_host->userptr);
ping_host->seq, ping_host->ttl, &tv, ping_host->error, ping_host->userptr);
}
tlog(TLOG_DEBUG, "ping end, id %d", ping_host->sid);
// memset(ping_host, 0, sizeof(*ping_host));
tlog(TLOG_DEBUG, "ping %s end, id %d", ping_host->host, ping_host->sid);
ping_host->type = FAST_PING_END;
free(ping_host);
}
@@ -414,7 +415,7 @@ static void _fast_ping_host_remove(struct ping_host_struct *ping_host)
tv.tv_usec = 0;
ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_END, &ping_host->addr, ping_host->addr_len,
ping_host->seq, ping_host->ttl, &tv, ping_host->userptr);
ping_host->seq, ping_host->ttl, &tv, ping_host->error, ping_host->userptr);
}
_fast_ping_host_put(ping_host);
@@ -441,11 +442,11 @@ static int _fast_ping_sendping_v6(struct ping_host_struct *ping_host)
packet->msg.seq = ping_host->seq;
icmp6->icmp6_cksum = _fast_ping_checksum((void *)packet, sizeof(struct fast_ping_packet));
len = sendto(ping.fd_icmp6, &ping_host->packet, sizeof(struct fast_ping_packet), 0,
(struct sockaddr *)&ping_host->addr, ping_host->addr_len);
len = sendto(ping.fd_icmp6, &ping_host->packet, sizeof(struct fast_ping_packet), 0, &ping_host->addr,
ping_host->addr_len);
if (len < 0 || len != sizeof(struct fast_ping_packet)) {
int err = errno;
if (errno == ENETUNREACH || errno == EINVAL) {
if (errno == ENETUNREACH || errno == EINVAL || errno == EADDRNOTAVAIL) {
goto errout;
}
@@ -473,7 +474,7 @@ static int _fast_ping_sendping_v4(struct ping_host_struct *ping_host)
{
struct fast_ping_packet *packet = &ping_host->packet;
struct icmp *icmp = &packet->icmp;
int len;
int len = 0;
ping_host->seq++;
memset(icmp, 0, sizeof(*icmp));
@@ -490,11 +491,10 @@ static int _fast_ping_sendping_v4(struct ping_host_struct *ping_host)
packet->msg.cookie = ping_host->cookie;
icmp->icmp_cksum = _fast_ping_checksum((void *)packet, sizeof(struct fast_ping_packet));
len = sendto(ping.fd_icmp, packet, sizeof(struct fast_ping_packet), 0, (struct sockaddr *)&ping_host->addr,
ping_host->addr_len);
len = sendto(ping.fd_icmp, packet, sizeof(struct fast_ping_packet), 0, &ping_host->addr, ping_host->addr_len);
if (len < 0 || len != sizeof(struct fast_ping_packet)) {
int err = errno;
if (errno == ENETUNREACH || errno == EINVAL) {
if (errno == ENETUNREACH || errno == EINVAL || errno == EADDRNOTAVAIL) {
goto errout;
}
char ping_host_name[PING_MAX_HOSTLEN];
@@ -513,7 +513,7 @@ errout:
static int _fast_ping_sendping_udp(struct ping_host_struct *ping_host)
{
struct ping_dns_head dns_head;
int len;
int len = 0;
int flag = 0;
int fd = 0;
@@ -538,10 +538,10 @@ static int _fast_ping_sendping_udp(struct ping_host_struct *ping_host)
dns_head.id = htons(ping_host->sid);
dns_head.flag = flag;
gettimeofday(&ping_host->last, NULL);
len = sendto(fd, &dns_head, sizeof(dns_head), 0, (struct sockaddr *)&ping_host->addr, ping_host->addr_len);
len = sendto(fd, &dns_head, sizeof(dns_head), 0, &ping_host->addr, ping_host->addr_len);
if (len < 0 || len != sizeof(dns_head)) {
int err = errno;
if (errno == ENETUNREACH || errno == EINVAL) {
if (errno == ENETUNREACH || errno == EINVAL || errno == EADDRNOTAVAIL) {
goto errout;
}
char ping_host_name[PING_MAX_HOSTLEN];
@@ -560,7 +560,7 @@ errout:
static int _fast_ping_sendping_tcp(struct ping_host_struct *ping_host)
{
struct epoll_event event;
int flags;
int flags = 0;
int fd = -1;
int yes = 1;
const int priority = SOCKET_PRIORITY;
@@ -585,10 +585,10 @@ static int _fast_ping_sendping_tcp(struct ping_host_struct *ping_host)
set_sock_lingertime(fd, 0);
ping_host->seq++;
if (connect(fd, (struct sockaddr *)&ping_host->addr, ping_host->addr_len) != 0) {
if (connect(fd, &ping_host->addr, ping_host->addr_len) != 0) {
if (errno != EINPROGRESS) {
char ping_host_name[PING_MAX_HOSTLEN];
if (errno == ENETUNREACH || errno == EINVAL) {
if (errno == ENETUNREACH || errno == EINVAL || errno == EADDRNOTAVAIL) {
goto errout;
}
@@ -644,6 +644,7 @@ static int _fast_ping_sendping(struct ping_host_struct *ping_host)
ping_host->send = 1;
if (ret != 0) {
ping_host->error = errno;
return ret;
}
@@ -663,21 +664,34 @@ static int _fast_ping_create_icmp_sock(FAST_PING_TYPE type)
switch (type) {
case FAST_PING_ICMP:
fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
if (ping.no_unprivileged_ping == 0) {
fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
} else {
fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
if (fd > 0) {
_fast_ping_install_filter_v4(fd);
}
}
if (fd < 0) {
tlog(TLOG_ERROR, "create icmp socket failed, %s\n", strerror(errno));
goto errout;
}
_fast_ping_install_filter_v4(fd);
icmp_host = &ping.icmp_host;
break;
case FAST_PING_ICMP6:
fd = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
if (ping.no_unprivileged_ping == 0) {
fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6);
} else {
fd = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
if (fd > 0) {
_fast_ping_install_filter_v6(fd);
}
}
if (fd < 0) {
tlog(TLOG_ERROR, "create icmp socket failed, %s\n", strerror(errno));
goto errout;
}
_fast_ping_install_filter_v6(fd);
setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &on, sizeof(on));
setsockopt(fd, IPPROTO_IPV6, IPV6_2292HOPLIMIT, &on, sizeof(on));
setsockopt(fd, IPPROTO_IPV6, IPV6_HOPLIMIT, &on, sizeof(on));
@@ -696,6 +710,9 @@ static int _fast_ping_create_icmp_sock(FAST_PING_TYPE type)
setsockopt(fd, SOL_IP, IP_TTL, &val, sizeof(val));
setsockopt(fd, IPPROTO_IP, IP_TOS, &ip_tos, sizeof(ip_tos));
icmp_host->fd = fd;
icmp_host->type = type;
memset(&event, 0, sizeof(event));
event.events = EPOLLIN;
event.data.ptr = icmp_host;
@@ -703,12 +720,14 @@ static int _fast_ping_create_icmp_sock(FAST_PING_TYPE type)
goto errout;
}
icmp_host->fd = fd;
icmp_host->type = type;
return fd;
errout:
close(fd);
if (icmp_host) {
icmp_host->fd = -1;
icmp_host->type = 0;
}
return -1;
}
@@ -848,13 +867,15 @@ errout:
static void _fast_ping_print_result(struct ping_host_struct *ping_host, const char *host, FAST_PING_RESULT result,
struct sockaddr *addr, socklen_t addr_len, int seqno, int ttl, struct timeval *tv,
void *userptr)
int error, void *userptr)
{
if (result == PING_RESULT_RESPONSE) {
double rtt = tv->tv_sec * 1000.0 + tv->tv_usec / 1000.0;
tlog(TLOG_INFO, "from %15s: seq=%d ttl=%d time=%.3f\n", host, seqno, ttl, rtt);
} else if (result == PING_RESULT_TIMEOUT) {
tlog(TLOG_INFO, "from %15s: seq=%d timeout\n", host, seqno);
} else if (result == PING_RESULT_ERROR) {
tlog(TLOG_DEBUG, "from %15s: error is %s\n", host, strerror(error));
} else if (result == PING_RESULT_END) {
fast_ping_stop(ping_host);
}
@@ -866,7 +887,7 @@ static int _fast_ping_get_addr_by_icmp(const char *ip_str, int port, struct addr
struct addrinfo *gai = NULL;
int socktype = 0;
int domain = -1;
FAST_PING_TYPE ping_type;
FAST_PING_TYPE ping_type = 0;
int sockproto = 0;
char *service = NULL;
@@ -915,7 +936,7 @@ static int _fast_ping_get_addr_by_tcp(const char *ip_str, int port, struct addri
{
struct addrinfo *gai = NULL;
int socktype = 0;
FAST_PING_TYPE ping_type;
FAST_PING_TYPE ping_type = 0;
int sockproto = 0;
char *service = NULL;
char port_str[MAX_IP_LEN];
@@ -951,7 +972,7 @@ static int _fast_ping_get_addr_by_dns(const char *ip_str, int port, struct addri
{
struct addrinfo *gai = NULL;
int socktype = 0;
FAST_PING_TYPE ping_type;
FAST_PING_TYPE ping_type = 0;
int sockproto = 0;
char port_str[MAX_IP_LEN];
int domain = -1;
@@ -1028,11 +1049,11 @@ struct ping_host_struct *fast_ping_start(PING_TYPE type, const char *host, int c
{
struct ping_host_struct *ping_host = NULL;
struct addrinfo *gai = NULL;
uint32_t addrkey;
uint32_t addrkey = 0;
char ip_str[PING_MAX_HOSTLEN];
int port = -1;
FAST_PING_TYPE ping_type = FAST_PING_END;
unsigned int seed;
unsigned int seed = 0;
int ret = 0;
if (parse_ip(host, ip_str, &port) != 0) {
@@ -1041,7 +1062,6 @@ struct ping_host_struct *fast_ping_start(PING_TYPE type, const char *host, int c
ret = _fast_ping_get_addr_by_type(type, ip_str, port, &gai, &ping_type);
if (ret != 0) {
tlog(TLOG_ERROR, "get addr by type failed, host: %s", host);
goto errout;
}
@@ -1097,6 +1117,8 @@ struct ping_host_struct *fast_ping_start(PING_TYPE type, const char *host, int c
_fast_ping_host_put(ping_host);
return ping_host;
errout_remove:
ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_ERROR, &ping_host->addr, ping_host->addr_len,
ping_host->seq, ping_host->ttl, NULL, ping_host->error, ping_host->userptr);
fast_ping_stop(ping_host);
_fast_ping_host_put(ping_host);
ping_host = NULL;
@@ -1136,22 +1158,24 @@ static void tv_sub(struct timeval *out, struct timeval *in)
static struct fast_ping_packet *_fast_ping_icmp6_packet(struct ping_host_struct *ping_host, struct msghdr *msg,
u_char *packet_data, int data_len)
{
int icmp_len;
int icmp_len = 0;
struct fast_ping_packet *packet = (struct fast_ping_packet *)packet_data;
struct icmp6_hdr *icmp6 = &packet->icmp6;
struct cmsghdr *c;
struct cmsghdr *c = NULL;
int hops = 0;
for (c = CMSG_FIRSTHDR(msg); c; c = CMSG_NXTHDR(msg, c)) {
if (c->cmsg_level != IPPROTO_IPV6)
if (c->cmsg_level != IPPROTO_IPV6) {
continue;
}
switch (c->cmsg_type) {
case IPV6_HOPLIMIT:
#ifdef IPV6_2292HOPLIMIT
case IPV6_2292HOPLIMIT:
#endif
if (c->cmsg_len < CMSG_LEN(sizeof(int)))
if (c->cmsg_len < CMSG_LEN(sizeof(int))) {
continue;
}
memcpy(&hops, CMSG_DATA(c), sizeof(hops));
}
}
@@ -1168,9 +1192,11 @@ static struct fast_ping_packet *_fast_ping_icmp6_packet(struct ping_host_struct
return NULL;
}
if (icmp6->icmp6_id != ping.ident) {
tlog(TLOG_ERROR, "ident failed, %d:%d", icmp6->icmp6_id, ping.ident);
return NULL;
if (ping.no_unprivileged_ping) {
if (icmp6->icmp6_id != ping.ident) {
tlog(TLOG_ERROR, "ident failed, %d:%d", icmp6->icmp6_id, ping.ident);
return NULL;
}
}
return packet;
@@ -1180,15 +1206,10 @@ static struct fast_ping_packet *_fast_ping_icmp_packet(struct ping_host_struct *
u_char *packet_data, int data_len)
{
struct ip *ip = (struct ip *)packet_data;
struct fast_ping_packet *packet;
struct icmp *icmp;
int hlen;
int icmp_len;
if (ip->ip_p != IPPROTO_ICMP) {
tlog(TLOG_ERROR, "ip type faild, %d:%d", ip->ip_p, IPPROTO_ICMP);
return NULL;
}
struct fast_ping_packet *packet = NULL;
struct icmp *icmp = NULL;
int hlen = 0;
int icmp_len = 0;
hlen = ip->ip_hl << 2;
packet = (struct fast_ping_packet *)(packet_data + hlen);
@@ -1206,9 +1227,16 @@ static struct fast_ping_packet *_fast_ping_icmp_packet(struct ping_host_struct *
return NULL;
}
if (icmp->icmp_id != ping.ident) {
tlog(TLOG_ERROR, "ident failed, %d:%d", icmp->icmp_id, ping.ident);
return NULL;
if (ping.no_unprivileged_ping) {
if (ip->ip_p != IPPROTO_ICMP) {
tlog(TLOG_ERROR, "ip type faild, %d:%d", ip->ip_p, IPPROTO_ICMP);
return NULL;
}
if (icmp->icmp_id != ping.ident) {
tlog(TLOG_ERROR, "ident failed, %d:%d", icmp->icmp_id, ping.ident);
return NULL;
}
}
return packet;
@@ -1241,18 +1269,18 @@ errout:
static int _fast_ping_process_icmp(struct ping_host_struct *ping_host, struct timeval *now)
{
int len;
int len = 0;
u_char inpacket[ICMP_INPACKET_SIZE];
struct sockaddr_storage from;
struct ping_host_struct *recv_ping_host;
struct ping_host_struct *recv_ping_host = NULL;
struct fast_ping_packet *packet = NULL;
socklen_t from_len = sizeof(from);
uint32_t addrkey;
uint32_t addrkey = 0;
struct timeval tvresult = *now;
struct timeval *tvsend = NULL;
unsigned int sid;
unsigned int seq;
unsigned int cookie;
unsigned int sid = 0;
unsigned int seq = 0;
unsigned int cookie = 0;
struct msghdr msg;
struct iovec iov;
char ans_data[4096];
@@ -1315,7 +1343,7 @@ static int _fast_ping_process_icmp(struct ping_host_struct *ping_host, struct ti
if (recv_ping_host->ping_callback) {
recv_ping_host->ping_callback(recv_ping_host, recv_ping_host->host, PING_RESULT_RESPONSE, &recv_ping_host->addr,
recv_ping_host->addr_len, recv_ping_host->seq, recv_ping_host->ttl, &tvresult,
recv_ping_host->userptr);
ping_host->error, recv_ping_host->userptr);
}
recv_ping_host->send = 0;
@@ -1349,7 +1377,8 @@ static int _fast_ping_process_tcp(struct ping_host_struct *ping_host, struct epo
tv_sub(&tvresult, tvsend);
if (ping_host->ping_callback) {
ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_RESPONSE, &ping_host->addr,
ping_host->addr_len, ping_host->seq, ping_host->ttl, &tvresult, ping_host->userptr);
ping_host->addr_len, ping_host->seq, ping_host->ttl, &tvresult, ping_host->error,
ping_host->userptr);
}
ping_host->send = 0;
@@ -1368,20 +1397,20 @@ errout:
static int _fast_ping_process_udp(struct ping_host_struct *ping_host, struct timeval *now)
{
int len;
ssize_t len = 0;
u_char inpacket[ICMP_INPACKET_SIZE];
struct sockaddr_storage from;
struct ping_host_struct *recv_ping_host;
struct ping_host_struct *recv_ping_host = NULL;
struct ping_dns_head *dns_head = NULL;
socklen_t from_len = sizeof(from);
uint32_t addrkey;
uint32_t addrkey = 0;
struct timeval tvresult = *now;
struct timeval *tvsend = NULL;
unsigned int sid;
unsigned int sid = 0;
struct msghdr msg;
struct iovec iov;
char ans_data[4096];
struct cmsghdr *cmsg;
struct cmsghdr *cmsg = NULL;
int ttl = 0;
memset(&msg, 0, sizeof(msg));
@@ -1416,7 +1445,7 @@ static int _fast_ping_process_udp(struct ping_host_struct *ping_host, struct tim
from_len = msg.msg_namelen;
dns_head = (struct ping_dns_head *)inpacket;
if (len < sizeof(*dns_head)) {
if (len < (ssize_t)sizeof(*dns_head)) {
goto errout;
}
@@ -1445,7 +1474,7 @@ static int _fast_ping_process_udp(struct ping_host_struct *ping_host, struct tim
if (recv_ping_host->ping_callback) {
recv_ping_host->ping_callback(recv_ping_host, recv_ping_host->host, PING_RESULT_RESPONSE, &recv_ping_host->addr,
recv_ping_host->addr_len, recv_ping_host->seq, recv_ping_host->ttl, &tvresult,
recv_ping_host->userptr);
ping_host->error, recv_ping_host->userptr);
}
recv_ping_host->send = 0;
@@ -1491,7 +1520,7 @@ static void _fast_ping_remove_all(void)
struct ping_host_struct *ping_host = NULL;
struct ping_host_struct *ping_host_tmp = NULL;
struct hlist_node *tmp = NULL;
int i;
unsigned long i = 0;
LIST_HEAD(remove_list);
@@ -1513,11 +1542,11 @@ static void _fast_ping_period_run(void)
struct ping_host_struct *ping_host = NULL;
struct ping_host_struct *ping_host_tmp = NULL;
struct hlist_node *tmp = NULL;
int i = 0;
unsigned long i = 0;
struct timeval now;
struct timezone tz;
struct timeval interval;
int64_t millisecond;
int64_t millisecond = 0;
gettimeofday(&now, &tz);
LIST_HEAD(action);
@@ -1553,7 +1582,7 @@ static void _fast_ping_period_run(void)
millisecond = interval.tv_sec * 1000 + interval.tv_usec / 1000;
if (millisecond >= ping_host->timeout && ping_host->send == 1) {
ping_host->ping_callback(ping_host, ping_host->host, PING_RESULT_TIMEOUT, &ping_host->addr,
ping_host->addr_len, ping_host->seq, ping_host->ttl, &interval,
ping_host->addr_len, ping_host->seq, ping_host->ttl, &interval, ping_host->error,
ping_host->userptr);
ping_host->send = 0;
}
@@ -1583,8 +1612,8 @@ static void _fast_ping_period_run(void)
static void *_fast_ping_work(void *arg)
{
struct epoll_event events[PING_MAX_EVENTS + 1];
int num;
int i;
int num = 0;
int i = 0;
unsigned long now = {0};
struct timeval tvnow = {0};
int sleep = 100;
@@ -1594,7 +1623,7 @@ static void *_fast_ping_work(void *arg)
sleep_time = sleep;
now = get_tick_count() - sleep;
expect_time = now + sleep;
while (ping.run) {
while (atomic_read(&ping.run)) {
now = get_tick_count();
if (now >= expect_time) {
_fast_ping_period_run();
@@ -1634,7 +1663,7 @@ int fast_ping_init(void)
{
pthread_attr_t attr;
int epollfd = -1;
int ret;
int ret = 0;
bool_print_log = 1;
if (ping.epoll_fd > 0) {
@@ -1654,8 +1683,9 @@ int fast_ping_init(void)
pthread_mutex_init(&ping.lock, NULL);
hash_init(ping.addrmap);
ping.epoll_fd = epollfd;
ping.no_unprivileged_ping = !has_unprivileged_ping();
ping.ident = (getpid() & 0XFFFF);
ping.run = 1;
atomic_set(&ping.run, 1);
ret = pthread_create(&ping.tid, &attr, _fast_ping_work, NULL);
if (ret != 0) {
tlog(TLOG_ERROR, "create ping work thread failed, %s\n", strerror(errno));
@@ -1664,10 +1694,11 @@ int fast_ping_init(void)
return 0;
errout:
if (ping.tid > 0) {
if (ping.tid) {
void *retval = NULL;
ping.run = 0;
atomic_set(&ping.run, 0);
pthread_join(ping.tid, &retval);
ping.tid = 0;
}
if (epollfd) {
@@ -1705,10 +1736,11 @@ static void _fast_ping_close_fds(void)
void fast_ping_exit(void)
{
if (ping.tid > 0) {
if (ping.tid) {
void *ret = NULL;
ping.run = 0;
atomic_set(&ping.run, 0);
pthread_join(ping.tid, &ret);
ping.tid = 0;
}
_fast_ping_close_fds();

5
src/fast_ping.h
View File

@@ -34,13 +34,14 @@ typedef enum {
typedef enum {
PING_RESULT_RESPONSE = 1,
PING_RESULT_TIMEOUT = 2,
PING_RESULT_END = 3,
PING_RESULT_ERROR = 3,
PING_RESULT_END = 4,
} FAST_PING_RESULT;
struct ping_host_struct;
typedef void (*fast_ping_result)(struct ping_host_struct *ping_host, const char *host, FAST_PING_RESULT result,
struct sockaddr *addr, socklen_t addr_len, int seqno, int ttl, struct timeval *tv,
void *userptr);
int error, void *userptr);
/* start ping */
struct ping_host_struct *fast_ping_start(PING_TYPE type, const char *host, int count, int interval, int timeout,

4
src/http_parse.c
View File

@@ -108,7 +108,7 @@ struct http_head_fields *http_head_first_fields(struct http_head *http_head)
const char *http_head_get_fields_value(struct http_head *http_head, const char *name)
{
unsigned long key;
uint32_t key;
struct http_head_fields *filed;
key = hash_string(name);
@@ -193,7 +193,7 @@ int http_head_get_data_len(struct http_head *http_head)
static int _http_head_add_fields(struct http_head *http_head, char *name, char *value)
{
unsigned long key = 0;
uint32_t key = 0;
struct http_head_fields *fields = NULL;
fields = malloc(sizeof(*fields));
if (fields == NULL) {

15
src/include/atomic.h
View File

@@ -20,6 +20,11 @@
#ifndef _GENERIC_ATOMIC_H
#define _GENERIC_ATOMIC_H
#define ACCESS_ONCE(x) (*(volatile typeof(x) *)&(x))
#define READ_ONCE(x) \
({ typeof(x) ___x = ACCESS_ONCE(x); ___x; })
/**
* Atomic type.
*/
@@ -35,14 +40,20 @@ typedef struct {
*
* Atomically reads the value of @v.
*/
#define atomic_read(v) ((v)->counter)
static inline int atomic_read(const atomic_t *v)
{
return READ_ONCE((v)->counter);
}
/**
* Set atomic variable
* @param v pointer of type atomic_t
* @param i required value
*/
#define atomic_set(v,i) (((v)->counter) = (i))
static inline void atomic_set(atomic_t *v, int i)
{
v->counter = i;
}
/**
* Add to the atomic variable

1
src/include/conf.h
View File

@@ -30,6 +30,7 @@
#define CONF_RET_ERR -1
#define CONF_RET_WARN -2
#define CONF_RET_NOENT -3
#define CONF_RET_BADCONF -4
struct config_item {
const char *item;

16
src/include/hash.h
View File

@@ -219,14 +219,16 @@ static inline uint32_t hash32_ptr(const void *ptr)
return (uint32_t)val;
}
static inline unsigned long
hash_string(const char *str)
static inline uint32_t hash_string(const char *s)
{
unsigned long v = 0;
const char *c;
for (c = str; *c; )
v = (((v << 1) + (v >> 14)) ^ (*c++)) & 0x3fff;
return(v);
uint32_t h = 0;
while (*s) {
h = h * 31 + *s;
s++;
}
return h;
}
#endif /* _GENERIC_HASH_H */

2
src/lib/art.c
View File

@@ -1016,7 +1016,7 @@ static void art_copy_key(art_leaf *leaf, unsigned char *key, int *key_len)
return;
}
len = leaf->key_len > *key_len ? *key_len : leaf->key_len;
len = (int)leaf->key_len > *key_len ? *key_len : (int)leaf->key_len;
memcpy(key, leaf->key, len);
*key_len = len;
}

18
src/lib/conf.c
View File

@@ -129,7 +129,7 @@ int conf_size(const char *item, void *data, int argc, char *argv[])
return 0;
}
void conf_getopt_reset(void)
static void conf_getopt_reset(void)
{
static struct option long_options[] = {{"-", 0, 0, 0}, {0, 0, 0, 0}};
int argc = 2;
@@ -144,7 +144,7 @@ void conf_getopt_reset(void)
optopt = 0;
}
int conf_parse_args(char *key, char *value, int *argc, char **argv)
static int conf_parse_args(char *key, char *value, int *argc, char **argv)
{
char *start = NULL;
char *ptr = value;
@@ -205,12 +205,9 @@ int conf_parse_args(char *key, char *value, int *argc, char **argv)
return 0;
}
void load_exit(void)
{
return;
}
void load_exit(void) {}
int load_conf_printf(const char *file, int lineno, int ret)
static int load_conf_printf(const char *file, int lineno, int ret)
{
if (ret != CONF_RET_OK) {
printf("process config file '%s' failed at line %d.", file, lineno);
@@ -224,15 +221,15 @@ int load_conf_printf(const char *file, int lineno, int ret)
return 0;
}
int load_conf_file(const char *file, struct config_item *items, conf_error_handler handler)
static int load_conf_file(const char *file, struct config_item *items, conf_error_handler handler)
{
FILE *fp = NULL;
char line[MAX_LINE_LEN];
char key[MAX_KEY_LEN];
char value[MAX_LINE_LEN];
int filed_num = 0;
int i;
int argc;
int i = 0;
int argc = 0;
char *argv[1024];
int ret = 0;
int call_ret = 0;
@@ -262,6 +259,7 @@ int load_conf_file(const char *file, struct config_item *items, conf_error_handl
/* if field format is not key = value, error */
if (filed_num != 2) {
handler(file, line_no, CONF_RET_BADCONF);
goto errout;
}

4
src/lib/radix.c
View File

@@ -87,7 +87,7 @@ comp_with_mask(unsigned char *addr, unsigned char *dest, unsigned int mask)
{
if (memcmp(addr, dest, mask / 8) == 0) {
unsigned int n = mask / 8;
unsigned int m = ((~0) << (8 - (mask % 8)));
unsigned int m = ((unsigned int)(~0) << (8 - (mask % 8)));
if (mask % 8 == 0 || (addr[n] & m) == (dest[n] & m))
return (1);
@@ -549,7 +549,7 @@ sanitise_mask(unsigned char *addr, unsigned int masklen, unsigned int maskbits)
unsigned int j = masklen % 8;
if (j != 0) {
addr[i] &= (~0) << (8 - j);
addr[i] &= (unsigned int)(~0) << (8 - j);
i++;
}
for (; i < maskbits / 8; i++)

114
src/smartdns.c
View File

@@ -31,12 +31,15 @@
#include <errno.h>
#include <fcntl.h>
#include <libgen.h>
#include <linux/capability.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <ucontext.h>
@@ -49,6 +52,78 @@
static int verbose_screen;
int capget(struct __user_cap_header_struct *header, struct __user_cap_data_struct *cap);
int capset(struct __user_cap_header_struct *header, struct __user_cap_data_struct *cap);
static int get_uid_gid(int *uid, int *gid)
{
struct passwd *result = NULL;
struct passwd pwd;
char *buf = NULL;
ssize_t bufsize = 0;
int ret = -1;
if (dns_conf_user[0] == '\0') {
return -1;
}
bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
if (bufsize == -1) {
bufsize = 1024 * 16;
}
buf = malloc(bufsize);
if (buf == NULL) {
goto out;
}
ret = getpwnam_r(dns_conf_user, &pwd, buf, bufsize, &result);
if (ret != 0) {
goto out;
}
*uid = result->pw_uid;
*gid = result->pw_gid;
out:
if (buf) {
free(buf);
}
return ret;
}
static int drop_root_privilege(void)
{
struct __user_cap_data_struct cap;
struct __user_cap_header_struct header;
header.version = _LINUX_CAPABILITY_VERSION;
header.pid = 0;
int uid = 0;
int gid = 0;
int unused __attribute__((unused)) = 0;
if (get_uid_gid(&uid, &gid) != 0) {
return -1;
}
if (capget(&header, &cap) < 0) {
return -1;
}
prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
cap.effective |= (1 << CAP_NET_RAW | 1 << CAP_NET_ADMIN);
cap.permitted |= (1 << CAP_NET_RAW | 1 << CAP_NET_ADMIN);
unused = setuid(uid);
unused = setgid(gid);
if (capset(&header, &cap) < 0) {
return -1;
}
prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0);
return 0;
}
static void _help(void)
{
/* clang-format off */
@@ -112,7 +187,7 @@ static int _smartdns_load_from_resolv(void)
continue;
}
if (strncmp(key, "nameserver", MAX_KEY_LEN) != 0) {
if (strncmp(key, "nameserver", MAX_KEY_LEN - 1) != 0) {
continue;
}
@@ -138,14 +213,14 @@ static int _smartdns_load_from_resolv(void)
static int _smartdns_add_servers(void)
{
int i = 0;
unsigned long i = 0;
int j = 0;
int ret = 0;
struct dns_server_groups *group = NULL;
struct dns_servers *server = NULL;
struct client_dns_server_flags flags;
for (i = 0; i < dns_conf_server_num; i++) {
for (i = 0; i < (unsigned int)dns_conf_server_num; i++) {
memset(&flags, 0, sizeof(flags));
switch (dns_conf_servers[i].type) {
case DNS_SERVER_UDP: {
@@ -250,7 +325,7 @@ static int _smartdns_destroy_ssl(void)
static int _smartdns_init(void)
{
int ret;
int ret = 0;
char *logfile = SMARTDNS_LOG_FILE;
if (dns_conf_log_file[0] != 0) {
@@ -322,9 +397,10 @@ static int _smartdns_run(void)
static void _smartdns_exit(void)
{
dns_server_exit();
tlog(TLOG_INFO, "smartdns exit...");
dns_client_exit();
fast_ping_exit();
dns_server_exit();
_smartdns_destroy_ssl();
tlog_exit();
dns_server_load_exit();
@@ -332,6 +408,7 @@ static void _smartdns_exit(void)
static void _sig_exit(int signo)
{
tlog(TLOG_INFO, "stop smartdns by signal %d", signo);
dns_server_stop();
}
@@ -374,7 +451,8 @@ static int sig_num = sizeof(sig_list) / sizeof(int);
static void _reg_signal(void)
{
struct sigaction act, old;
struct sigaction act;
struct sigaction old;
int i = 0;
act.sa_sigaction = _sig_error_exit;
sigemptyset(&act.sa_mask);
@@ -387,16 +465,21 @@ static void _reg_signal(void)
int main(int argc, char *argv[])
{
int ret;
int ret = 0;
int is_forground = 0;
int opt;
int opt = 0;
char config_file[MAX_LINE_LEN];
char pid_file[MAX_LINE_LEN];
int signal_ignore = 0;
sigset_t empty_sigblock;
safe_strncpy(config_file, SMARTDNS_CONF_FILE, MAX_LINE_LEN);
safe_strncpy(pid_file, SMARTDNS_PID_FILE, MAX_LINE_LEN);
/* patch for Asus router: unblock all signal*/
sigemptyset(&empty_sigblock);
sigprocmask(SIG_SETMASK, &empty_sigblock, NULL);
while ((opt = getopt(argc, argv, "fhc:p:Svx")) != -1) {
switch (opt) {
case 'f':
@@ -424,6 +507,11 @@ int main(int argc, char *argv[])
}
}
if (dns_server_load_conf(config_file) != 0) {
fprintf(stderr, "load config failed.\n");
goto errout;
}
if (is_forground == 0) {
if (daemon(0, 0) < 0) {
fprintf(stderr, "run daemon process failed, %s\n", strerror(errno));
@@ -440,10 +528,10 @@ int main(int argc, char *argv[])
}
signal(SIGPIPE, SIG_IGN);
if (dns_server_load_conf(config_file) != 0) {
fprintf(stderr, "load config failed.\n");
goto errout;
}
signal(SIGINT, _sig_exit);
signal(SIGTERM, _sig_exit);
drop_root_privilege();
ret = _smartdns_init();
if (ret != 0) {
@@ -451,8 +539,6 @@ int main(int argc, char *argv[])
goto errout;
}
signal(SIGINT, _sig_exit);
signal(SIGTERM, _sig_exit);
atexit(_smartdns_exit);
return _smartdns_run();

103
src/tlog.c
View File

@@ -19,6 +19,7 @@
#include <string.h>
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>
@@ -45,6 +46,14 @@
#define TLOG_SEGMENT_MAGIC 0xFF446154
struct linux_dirent64 {
unsigned long long d_ino;
long long d_off;
unsigned short d_reclen;
unsigned char d_type;
char d_name[256];
};
struct tlog_log {
char *buff;
int buffsize;
@@ -71,7 +80,7 @@ struct tlog_log {
int multi_log;
int logscreen;
int segment_log;
unsigned int max_line_size;
int max_line_size;
tlog_output_func output_func;
void *private_data;
@@ -504,9 +513,12 @@ static int _tlog_vprintf(struct tlog_log *log, vprint_callback print_callback, v
if (len <= 0) {
return -1;
} else if (len >= log->max_line_size) {
strncpy(buff, "[LOG TOO LONG, DISCARD]\n", sizeof(buff));
buff[sizeof(buff) - 1] = '\0';
len = strnlen(buff, sizeof(buff));
len = log->max_line_size;
buff[len - 1] = '\0';
buff[len - 2] = '\n';
buff[len - 3] = '.';
buff[len - 4] = '.';
buff[len - 5] = '.';
}
pthread_mutex_lock(&tlog.lock);
@@ -919,47 +931,67 @@ static void _tlog_close_all_fd_by_res(void)
}
}
static int _tlog_str_to_int(const char *str)
{
int num = 0;
while (*str >= '0' && *str <= '9') {
num = num * 10 + (*str - '0');
++str;
}
if (*str) {
return -1;
}
return num;
}
static void _tlog_close_all_fd(void)
{
char path_name[PATH_MAX];
DIR *dir = NULL;
struct dirent *ent;
#if defined(__linux__)
int dir_fd = -1;
snprintf(path_name, sizeof(path_name), "/proc/self/fd/");
dir = opendir(path_name);
if (dir == NULL) {
dir_fd = open("/proc/self/fd/", O_RDONLY | O_DIRECTORY);
if (dir_fd < 0) {
goto errout;
}
dir_fd = dirfd(dir);
char buffer[sizeof(struct linux_dirent64)];
int bytes;
while ((bytes = syscall(SYS_getdents64, dir_fd,
(struct linux_dirent64 *)buffer,
sizeof(buffer)))
> 0) {
struct linux_dirent64 *entry;
int offset;
while ((ent = readdir(dir)) != NULL) {
int fd = atoi(ent->d_name);
if (fd < 0 || dir_fd == fd) {
continue;
}
switch (fd) {
case STDIN_FILENO:
case STDOUT_FILENO:
case STDERR_FILENO:
continue;
break;
default:
break;
}
for (offset = 0; offset < bytes; offset += entry->d_reclen) {
int fd;
entry = (struct linux_dirent64 *)(buffer + offset);
if ((fd = _tlog_str_to_int(entry->d_name)) < 0) {
continue;
}
close(fd);
if (fd == dir_fd || fd == STDIN_FILENO || fd == STDOUT_FILENO || fd == STDERR_FILENO) {
continue;
}
close(fd);
}
}
closedir(dir);
close(dir_fd);
if (bytes < 0) {
goto errout;
}
return;
errout:
if (dir) {
closedir(dir);
if (dir_fd > 0) {
close(dir_fd);
}
#endif
_tlog_close_all_fd_by_res();
return;
}
@@ -1059,7 +1091,7 @@ static int _tlog_archive_log(struct tlog_log *log)
}
}
void _tlog_get_log_name_dir(struct tlog_log *log)
static void _tlog_get_log_name_dir(struct tlog_log *log)
{
char log_file[PATH_MAX];
if (log->fd > 0) {
@@ -1810,10 +1842,11 @@ int tlog_init(const char *logfile, int maxlogsize, int maxlogcount, int buffsize
}
return 0;
errout:
if (tlog.tid > 0) {
if (tlog.tid) {
void *retval = NULL;
tlog.run = 0;
pthread_join(tlog.tid, &retval);
tlog.tid = 0;
}
pthread_cond_destroy(&tlog.cond);
@@ -1827,13 +1860,14 @@ errout:
void tlog_exit(void)
{
if (tlog.tid > 0) {
if (tlog.tid) {
void *ret = NULL;
tlog.run = 0;
pthread_mutex_lock(&tlog.lock);
pthread_cond_signal(&tlog.cond);
pthread_mutex_unlock(&tlog.lock);
pthread_join(tlog.tid, &ret);
tlog.tid = 0;
}
tlog.root = NULL;
@@ -1843,4 +1877,7 @@ void tlog_exit(void)
pthread_cond_destroy(&tlog.cond);
pthread_mutex_destroy(&tlog.lock);
tlog_format = NULL;
tlog.is_wait = 0;
}

1
src/tlog.h
View File

@@ -8,6 +8,7 @@
#define TLOG_H
#include <stdarg.h>
#include <sys/stat.h>
#include <sys/types.h>
#ifdef __cplusplus
#include <functional>

203
src/util.c
View File

@@ -36,6 +36,7 @@
#include <pthread.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/statvfs.h>
@@ -77,7 +78,7 @@
#define NETLINK_ALIGN(len) (((len) + 3) & ~(3))
#define BUFF_SZ 256
#define BUFF_SZ 1024
struct ipset_netlink_attr {
unsigned short len;
@@ -108,12 +109,12 @@ char *gethost_by_addr(char *host, int maxsize, struct sockaddr *addr)
host[0] = 0;
switch (addr_store->ss_family) {
case AF_INET: {
struct sockaddr_in *addr_in;
struct sockaddr_in *addr_in = NULL;
addr_in = (struct sockaddr_in *)addr;
inet_ntop(AF_INET, &addr_in->sin_addr, host, maxsize);
} break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6;
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
struct sockaddr_in addr_in4;
@@ -133,7 +134,7 @@ errout:
return NULL;
}
int getaddr_by_host(char *host, struct sockaddr *addr, socklen_t *addr_len)
int getaddr_by_host(const char *host, struct sockaddr *addr, socklen_t *addr_len)
{
struct addrinfo hints;
struct addrinfo *result = NULL;
@@ -176,14 +177,14 @@ int getsocknet_inet(int fd, struct sockaddr *addr, socklen_t *addr_len)
switch (addr_store.ss_family) {
case AF_INET: {
struct sockaddr_in *addr_in;
struct sockaddr_in *addr_in = NULL;
addr_in = (struct sockaddr_in *)addr;
addr_in->sin_family = AF_INET;
*addr_len = sizeof(struct sockaddr_in);
memcpy(addr, addr_in, sizeof(struct sockaddr_in));
} break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6;
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
struct sockaddr_in addr_in4;
@@ -411,7 +412,7 @@ int parse_uri(char *value, char *scheme, char *host, int *port, char *path)
};
field_len = host_end - process_ptr;
if (field_len >= sizeof(host_name)) {
if (field_len >= (int)sizeof(host_name)) {
return -1;
}
memcpy(host_name, process_ptr, field_len);
@@ -431,7 +432,7 @@ int parse_uri(char *value, char *scheme, char *host, int *port, char *path)
int set_fd_nonblock(int fd, int nonblock)
{
int ret;
int ret = 0;
int flags = fcntl(fd, F_GETFL);
if (flags == -1) {
@@ -473,6 +474,31 @@ char *reverse_string(char *output, const char *input, int len, int to_lower_case
return begin;
}
char *to_lower_case(char *output, const char *input, int len)
{
char *begin = output;
int i = 0;
if (len <= 0) {
*output = 0;
return output;
}
len--;
while (i < len && *(input + i) != '\0') {
*output = *(input + i);
if (*output >= 'A' && *output <= 'Z') {
/* To lower case */
*output = *output + 32;
}
output++;
i++;
}
*output = 0;
return begin;
}
static inline void _ipset_add_attr(struct nlmsghdr *netlink_head, uint16_t type, size_t len, const void *data)
{
struct ipset_netlink_attr *attr = (void *)netlink_head + NETLINK_ALIGN(netlink_head->nlmsg_len);
@@ -498,7 +524,7 @@ static int _ipset_socket_init(void)
return 0;
}
static int _ipset_support_timeout(const char *ipsetname)
static int _ipset_support_timeout(void)
{
if (dns_conf_ipset_timeout_enable) {
return 0;
@@ -510,15 +536,15 @@ static int _ipset_support_timeout(const char *ipsetname)
static int _ipset_operate(const char *ipsetname, const unsigned char addr[], int addr_len, unsigned long timeout,
int operate)
{
struct nlmsghdr *netlink_head;
struct ipset_netlink_msg *netlink_msg;
struct nlmsghdr *netlink_head = NULL;
struct ipset_netlink_msg *netlink_msg = NULL;
struct ipset_netlink_attr *nested[3];
char buffer[BUFF_SZ];
uint8_t proto;
ssize_t rc;
uint8_t proto = 0;
ssize_t rc = 0;
int af = 0;
static const struct sockaddr_nl snl = {.nl_family = AF_NETLINK};
uint32_t expire;
uint32_t expire = 0;
if (addr_len != IPV4_ADDR_LEN && addr_len != IPV6_ADDR_LEN) {
errno = EINVAL;
@@ -572,7 +598,7 @@ static int _ipset_operate(const char *ipsetname, const unsigned char addr[], int
addr);
nested[1]->len = (void *)buffer + NETLINK_ALIGN(netlink_head->nlmsg_len) - (void *)nested[1];
if (timeout > 0 && _ipset_support_timeout(ipsetname) == 0) {
if (timeout > 0 && _ipset_support_timeout() == 0) {
expire = htonl(timeout);
_ipset_add_attr(netlink_head, IPSET_ATTR_TIMEOUT | NLA_F_NET_BYTEORDER, sizeof(expire), &expire);
}
@@ -611,8 +637,9 @@ unsigned char *SSL_SHA256(const unsigned char *d, size_t n, unsigned char *md)
{
static unsigned char m[SHA256_DIGEST_LENGTH];
if (md == NULL)
if (md == NULL) {
md = m;
}
EVP_MD_CTX* ctx = EVP_MD_CTX_create();
if (ctx == NULL) {
@@ -631,7 +658,7 @@ unsigned char *SSL_SHA256(const unsigned char *d, size_t n, unsigned char *md)
int SSL_base64_decode(const char *in, unsigned char *out)
{
size_t inlen = strlen(in);
int outlen;
int outlen = 0;
if (inlen == 0) {
return 0;
@@ -654,8 +681,8 @@ errout:
int create_pid_file(const char *pid_file)
{
int fd;
int flags;
int fd = 0;
int flags = 0;
char buff[TMP_BUFF_LEN_32];
/* create pid file, and lock this file */
@@ -720,7 +747,7 @@ static __attribute__((unused)) void _pthreads_locking_callback(int mode, int typ
static __attribute__((unused)) unsigned long _pthreads_thread_id(void)
{
unsigned long ret;
unsigned long ret = 0;
ret = (unsigned long)pthread_self();
return (ret);
@@ -728,16 +755,18 @@ static __attribute__((unused)) unsigned long _pthreads_thread_id(void)
void SSL_CRYPTO_thread_setup(void)
{
int i;
int i = 0;
lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
if (!lock_cs || !lock_count) {
/* Nothing we can do about this...void function! */
if (lock_cs)
if (lock_cs) {
OPENSSL_free(lock_cs);
if (lock_count)
}
if (lock_count) {
OPENSSL_free(lock_count);
}
return;
}
for (i = 0; i < CRYPTO_num_locks(); i++) {
@@ -755,7 +784,7 @@ void SSL_CRYPTO_thread_setup(void)
void SSL_CRYPTO_thread_cleanup(void)
{
int i;
int i = 0;
CRYPTO_set_locking_callback(NULL);
for (i = 0; i < CRYPTO_num_locks(); i++) {
@@ -792,18 +821,20 @@ static int parse_server_name_extension(const char *, size_t, char *, const char
*/
int parse_tls_header(const char *data, size_t data_len, char *hostname, const char **hostname_ptr)
{
char tls_content_type;
char tls_version_major;
char tls_version_minor;
char tls_content_type = 0;
char tls_version_major = 0;
char tls_version_minor = 0;
size_t pos = TLS_HEADER_LEN;
size_t len;
size_t len = 0;
if (hostname == NULL)
if (hostname == NULL) {
return -3;
}
/* Check that our TCP payload is at least large enough for a TLS header */
if (data_len < TLS_HEADER_LEN)
if (data_len < TLS_HEADER_LEN) {
return -1;
}
/* SSL 2.0 compatible Client Hello
*
@@ -831,8 +862,9 @@ int parse_tls_header(const char *data, size_t data_len, char *hostname, const ch
data_len = MIN(data_len, len);
/* Check we received entire TLS record length */
if (data_len < len)
if (data_len < len) {
return -1;
}
/*
* Handshake
@@ -854,20 +886,23 @@ int parse_tls_header(const char *data, size_t data_len, char *hostname, const ch
pos += 38;
/* Session ID */
if (pos + 1 > data_len)
if (pos + 1 > data_len) {
return -5;
}
len = (unsigned char)data[pos];
pos += 1 + len;
/* Cipher Suites */
if (pos + 2 > data_len)
if (pos + 2 > data_len) {
return -5;
}
len = ((unsigned char)data[pos] << 8) + (unsigned char)data[pos + 1];
pos += 2 + len;
/* Compression Methods */
if (pos + 1 > data_len)
if (pos + 1 > data_len) {
return -5;
}
len = (unsigned char)data[pos];
pos += 1 + len;
@@ -876,20 +911,22 @@ int parse_tls_header(const char *data, size_t data_len, char *hostname, const ch
}
/* Extensions */
if (pos + 2 > data_len)
if (pos + 2 > data_len) {
return -5;
}
len = ((unsigned char)data[pos] << 8) + (unsigned char)data[pos + 1];
pos += 2;
if (pos + len > data_len)
if (pos + len > data_len) {
return -5;
}
return parse_extensions(data + pos, len, hostname, hostname_ptr);
}
static int parse_extensions(const char *data, size_t data_len, char *hostname, const char **hostname_ptr)
{
size_t pos = 0;
size_t len;
size_t len = 0;
/* Parse each 4 bytes for the extension header */
while (pos + 4 <= data_len) {
@@ -900,15 +937,17 @@ static int parse_extensions(const char *data, size_t data_len, char *hostname, c
if (data[pos] == 0x00 && data[pos + 1] == 0x00) {
/* There can be only one extension of each type, so we break
* our state and move p to beinnging of the extension here */
if (pos + 4 + len > data_len)
if (pos + 4 + len > data_len) {
return -5;
}
return parse_server_name_extension(data + pos + 4, len, hostname, hostname_ptr);
}
pos += 4 + len; /* Advance to the next extension header */
}
/* Check we ended where we expected to */
if (pos != data_len)
if (pos != data_len) {
return -5;
}
return -2;
}
@@ -916,13 +955,14 @@ static int parse_extensions(const char *data, size_t data_len, char *hostname, c
static int parse_server_name_extension(const char *data, size_t data_len, char *hostname, const char **hostname_ptr)
{
size_t pos = 2; /* skip server name list length */
size_t len;
size_t len = 0;
while (pos + 3 < data_len) {
len = ((unsigned char)data[pos + 1] << 8) + (unsigned char)data[pos + 2];
if (pos + 3 + len > data_len)
if (pos + 3 + len > data_len) {
return -5;
}
switch (data[pos]) { /* name type */
case 0x00: /* host_name */
@@ -939,8 +979,9 @@ static int parse_server_name_extension(const char *data, size_t data_len, char *
pos += 3 + len;
}
/* Check we ended where we expected to */
if (pos != data_len)
if (pos != data_len) {
return -5;
}
return -2;
}
@@ -948,8 +989,12 @@ static int parse_server_name_extension(const char *data, size_t data_len, char *
void get_compiled_time(struct tm *tm)
{
char s_month[5];
int month, day, year;
int hour, min, sec;
int month = 0;
int day = 0;
int year = 0;
int hour = 0;
int min = 0;
int sec = 0;
static const char *month_names = "JanFebMarAprMayJunJulAugSepOctNovDec";
sscanf(__DATE__, "%4s %d %d", s_month, &day, &year);
@@ -967,8 +1012,9 @@ void get_compiled_time(struct tm *tm)
int is_numeric(const char *str)
{
while (*str != '\0') {
if (*str < '0' || *str > '9')
if (*str < '0' || *str > '9') {
return -1;
}
str++;
}
return 0;
@@ -985,6 +1031,25 @@ int has_network_raw_cap(void)
return 1;
}
int has_unprivileged_ping(void)
{
int fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
if (fd < 0) {
return 0;
}
close(fd);
fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6);
if (fd < 0) {
return 0;
}
close(fd);
return 1;
}
int set_sock_keepalive(int fd, int keepidle, int keepinterval, int keepcnt)
{
const int yes = 1;
@@ -1038,9 +1103,9 @@ static _Unwind_Reason_Code unwind_callback(struct _Unwind_Context *context, void
if (pc) {
if (state->current == state->end) {
return _URC_END_OF_STACK;
} else {
*state->current++ = (void *)(pc);
}
*state->current++ = (void *)(pc);
}
return _URC_NO_REASON;
}
@@ -1057,7 +1122,7 @@ void print_stack(void)
if (frame_num == 0) {
return;
}
tlog(TLOG_FATAL, "Stack:");
for (idx = 0; idx < frame_num; ++idx) {
const void *addr = buffer[idx];
@@ -1070,6 +1135,46 @@ void print_stack(void)
}
void *offset = (void *)((char *)(addr) - (char *)(info.dli_fbase));
tlog(TLOG_FATAL, "#%.2d: %p %s from %s+%p", idx + 1, addr, symbol, info.dli_fname, offset);
tlog(TLOG_FATAL, "#%.2d: %p %s() from %s+%p", idx + 1, addr, symbol, info.dli_fname, offset);
}
}
void bug_ext(const char *file, int line, const char *func, const char *errfmt, ...)
{
va_list ap;
va_start(ap, errfmt);
tlog_vext(TLOG_FATAL, file, line, func, NULL, errfmt, ap);
va_end(ap);
print_stack();
/* trigger BUG */
sleep(1);
raise(SIGSEGV);
while (true) {
sleep(1);
};
}
int write_file(const char *filename, void *data, int data_len)
{
int fd = open(filename, O_WRONLY|O_CREAT, 0644);
if (fd < 0) {
return -1;
}
int len = write(fd, data, data_len);
if (len < 0) {
goto errout;
}
close(fd);
return 0;
errout:
if (fd > 0) {
close(fd);
}
return -1;
}

18
src/util.h
View File

@@ -45,11 +45,21 @@ extern "C" {
#define PORT_NOT_DEFINED -1
#define MAX_IP_LEN 64
#ifndef BASE_FILE_NAME
#define BASE_FILE_NAME \
(__builtin_strrchr(__FILE__, '/') ? __builtin_strrchr(__FILE__, '/') + 1 \
: __FILE__)
#endif
#define BUG(format, ...) bug_ext(BASE_FILE_NAME, __LINE__, __func__, format, ##__VA_ARGS__)
void bug_ext(const char *file, int line, const char *func, const char *errfmt, ...)
__attribute__((format(printf, 4, 5))) __attribute__((nonnull(4)));
unsigned long get_tick_count(void);
char *gethost_by_addr(char *host, int maxsize, struct sockaddr *addr);
int getaddr_by_host(char *host, struct sockaddr *addr, socklen_t *addr_len);
int getaddr_by_host(const char *host, struct sockaddr *addr, socklen_t *addr_len);
int getsocknet_inet(int fd, struct sockaddr *addr, socklen_t *addr_len);
@@ -65,6 +75,8 @@ int set_fd_nonblock(int fd, int nonblock);
char *reverse_string(char *output, const char *input, int len, int to_lower_case);
char *to_lower_case(char *output, const char *input, int len);
void print_stack(void);
int ipset_add(const char *ipsetname, const unsigned char addr[], int addr_len, unsigned long timeout);
@@ -102,6 +114,8 @@ int is_numeric(const char *str);
int has_network_raw_cap(void);
int has_unprivileged_ping(void);
int set_sock_keepalive(int fd, int keepidle, int keepinterval, int keepcnt);
int set_sock_lingertime(int fd, int time);
@@ -110,6 +124,8 @@ uint64_t get_free_space(const char *path);
void print_stack(void);
int write_file(const char *filename, void *data, int data_len);
#ifdef __cplusplus
}
#endif /*__cplusplus */

3
systemd/smartdns.service.in
View File

@@ -9,10 +9,9 @@ Type=forking
PIDFile=@RUNSTATEDIR@/smartdns.pid
EnvironmentFile=@SYSCONFDIR@/default/smartdns
ExecStart=@SBINDIR@/smartdns -p @RUNSTATEDIR@/smartdns.pid $SMART_DNS_OPTS
KillMode=process
Restart=always
RestartSec=2
TimeoutStopSec=5
TimeoutStopSec=15
[Install]
WantedBy=multi-user.target