daxi20/smartdns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: daxi20:feature-dns-forwarding
Branches Tags
daxi20:master daxi20:doc daxi20:quic daxi20:https-svcb daxi20:multi-thread-server daxi20:luci-dns-forwarding
daxi20:Release43 daxi20:Release42 daxi20:Release41 daxi20:Release41-RC3 daxi20:Release41-RC2 daxi20:Release41-RC1 daxi20:Release40 daxi20:feature-dns-forwarding daxi20:Release39 daxi20:Release38.1 daxi20:Release38 daxi20:Release37.2 daxi20:Release37.1 daxi20:Release37 daxi20:Release37-RC3 daxi20:Release37-RC2 daxi20:Release37-RC1 daxi20:all-best-ip daxi20:Release36.1 daxi20:Release36 daxi20:Release35 daxi20:Release34 daxi20:Release33 daxi20:Release32 daxi20:Release32-RC4 daxi20:Release32-RC3 daxi20:Release32-RC2 daxi20:Release32-RC1 daxi20:Release31 daxi20:Release30 daxi20:Release29 daxi20:Release28 daxi20:Release27 daxi20:Release26-Special daxi20:Release25 daxi20:Release24 daxi20:Release23 daxi20:Release22 daxi20:Release21 daxi20:Release20 daxi20:Release18
..
compare: daxi20:Release40
Branches Tags
daxi20:master daxi20:doc daxi20:quic daxi20:https-svcb daxi20:multi-thread-server daxi20:luci-dns-forwarding
daxi20:Release43 daxi20:Release42 daxi20:Release41 daxi20:Release41-RC3 daxi20:Release41-RC2 daxi20:Release41-RC1 daxi20:Release40 daxi20:feature-dns-forwarding daxi20:Release39 daxi20:Release38.1 daxi20:Release38 daxi20:Release37.2 daxi20:Release37.1 daxi20:Release37 daxi20:Release37-RC3 daxi20:Release37-RC2 daxi20:Release37-RC1 daxi20:all-best-ip daxi20:Release36.1 daxi20:Release36 daxi20:Release35 daxi20:Release34 daxi20:Release33 daxi20:Release32 daxi20:Release32-RC4 daxi20:Release32-RC3 daxi20:Release32-RC2 daxi20:Release32-RC1 daxi20:Release31 daxi20:Release30 daxi20:Release29 daxi20:Release28 daxi20:Release27 daxi20:Release26-Special daxi20:Release25 daxi20:Release24 daxi20:Release23 daxi20:Release22 daxi20:Release21 daxi20:Release20 daxi20:Release18

24 Commits
feature-dn ... Release40

Author SHA1 Message Date
Nick Peng
d792e5f7f7 log: optimize log 2023-01-02 15:36:23 +08:00
Nick Peng
98ce7fd38c luci: fix translate typo 2023-01-01 09:37:10 +08:00
PikuZheng
f571b8714b fix Ubuntu service name (#1224) 
Author: PikuZheng <cba321123@gmail.com>
Date:   Sat Dec 31 18:00:57 2022 +0800
 2022-12-31 21:17:47 +08:00
Nick Peng
fffe4caf08 log: optimize log 2022-12-31 09:38:27 +08:00
Nick Peng
98498bf444 luci: fix option description 2022-12-31 09:27:38 +08:00
Nick Peng
69ab9585d7 log: optimize log 2022-12-30 21:13:50 +08:00
Nick Peng
dd9cf62d10 luci: fix UI not display after upgrade issue. 2022-12-28 19:45:37 +08:00
Nick Peng
58aaaa5d5b dns_server: use connect udp socket 2022-12-22 14:12:35 +08:00
孟古一
13a6892c17 Update ReadMe_en.md 2022-12-22 14:08:28 +08:00
孟古一
3099ef6ade readme: update readme for ubuntu installation (#1212) 2022-12-22 09:33:27 +08:00
Nick Peng
95524cab6b makefile: add extra cflags 2022-12-22 00:20:22 +08:00
Nick Peng
f7f1f37faa log: add option to set file permissions 2022-12-21 21:32:29 +08:00
Nick Peng
945653667f feature: support marking packet on upstream server 2022-12-21 18:40:55 +08:00
Nick Peng
4c2b8847f0 readme_en: fix link 2022-12-21 18:40:55 +08:00
Nick Peng
70df7938f3 conf: support disable expired cache on specific domain. 2022-12-21 18:40:55 +08:00
Nick Peng
4b42e1ef85 readme: update readme 2022-12-21 18:40:55 +08:00
Nick Peng
5bc8b3ad62 luci: support config speed check mode 2022-12-21 18:40:55 +08:00
Nick Peng
f300d6ba82 luci: add domain rule list tab 2022-12-21 18:40:55 +08:00
Nick Peng
cdf12f3cb4 luci: add report bugs button 2022-12-21 18:40:55 +08:00
Nick Peng
53593ba5b6 conf: support space in filename 2022-12-21 18:40:55 +08:00
Nick Peng
52e036ac96 dns_server: support force no cname for A,AAAA records 2022-12-21 18:40:55 +08:00
Nick Peng
0b723168bb luci-compat: support dns forwarding feature 2022-12-21 18:40:55 +08:00
Nick Peng
15427ffdf1 luci: support DNS forwarding and block 2022-12-21 18:40:55 +08:00
Nick Peng
3a1ba73386 log: support disable log 2022-12-14 22:26:45 +08:00
24 changed files with 842 additions and 131 deletions
Expand all files Collapse all files

120
ReadMe.md
View File

@@ -112,7 +112,7 @@ rtt min/avg/max/mdev = 5.954/6.133/6.313/0.195 ms
支持域名后缀匹配模式,简化过滤配置,过滤 20 万条记录时间 < 1ms。
6. **域名分流**
支持域名分流,不同类型的域名向不同的 DNS 服务器查询。
支持域名分流,不同类型的域名向不同的 DNS 服务器查询支持iptable和nftable更好的分流
7. **Windows / Linux 多平台支持**
支持标准 Linux 系统树莓派、OpenWrt 系统各种固件和华硕路由器原生固件。同时还支持 WSLWindows Subsystem for Linux适用于 Linux 的 Windows 子系统)。
@@ -186,43 +186,59 @@ entware|ipkg update<br>ipkg install smartdns|软件源路径https://bin.entwa
1. 安装
下载配套安装包,并上传到 Linux 系统中。
标准 Linux 系统X86 / X86_64请执行如下命令安装
```shell
$ tar zxf smartdns.1.yyyy.MM.dd-REL.x86_64-linux-all.tar.gz
$ cd smartdns
$ chmod +x ./install
$ ./install -i
```
树莓派或其他 Debian 系系统ARM / ARM64请执行如下命令安装
```shell
# dpkg -i smartdns.1.yyyy.MM.dd-REL.arm-debian-all.deb
```
下载配套安装包,并上传到 Linux 系统中。
标准 Linux 系统X86 / X86_64请执行如下命令安装
```shell
$ tar zxf smartdns.1.yyyy.MM.dd-REL.x86_64-linux-all.tar.gz
$ cd smartdns
$ chmod +x ./install
$ ./install -i
```
树莓派或其他 Debian 系系统ARM / ARM64请执行如下命令安装
```shell
# dpkg -i smartdns.1.yyyy.MM.dd-REL.arm-debian-all.deb
```
**对于Ubuntu系统**
* `systemd-resolved`会占用TCP53和UDP53端口。你需要手动解决端口占用问题或者修改smartdns监听端口
* 日志文件在`/var/log/smartdns/smartdns.log`
2. 修改配置
安装完成后,可配置 SmartDNS 的上游服务器信息。
一般情况下,只需要增加 `server `[`IP`]`:port` 和 `server-tcp `[`IP`]`:port` 配置项。
请尽可能配置多个上游 DNS 服务器,包括国内外的服务器。
具体配置参数请参考[配置文件说明](#配置文件说明)。
```shell
# vi /etc/smartdns/smartdns.conf
```
```shell
# vi /etc/smartdns/smartdns.conf
```
`/etc/smartdns/smartdns.conf`配置包含如下基本内容:
```
# 指定监听的端口号
bind []:53
# 指定上游服务器
server 1.1.1.1
server-tls 8.8.8.8
# 指定域名规则
address /example.com/1.2.3.4
domain-rule /example.com/ -address 1.2.3.4
```
3. 启动服务
```shell
# systemctl enable smartdns
# systemctl start smartdns
```
```shell
# systemctl enable smartdns
# systemctl start smartdns
```
4. 将 DNS 请求转发到 SmartDNS 解析
@@ -390,6 +406,18 @@ entware|ipkg update<br>ipkg install smartdns|软件源路径https://bin.entwa
```shell
# vi /opt/etc/smartdns/smartdns.conf
```
`/opt/etc/smartdns/smartdns.conf`配置包含如下基本内容:
```
# 指定监听的端口号
bind []:53
# 指定上游服务器
server 1.1.1.1
server-tls 8.8.8.8
# 指定域名规则
address /example.com/1.2.3.4
domain-rule /example.com/ -address 1.2.3.4
```
也可以通过网上邻居修改,网上邻居共享目录 `sda1` 看不到 `asusware.mipsbig` 目录,但可以直接在`文件管理器`中输入 `asusware.mipsbig\etc\init.d` 访问
@@ -418,6 +446,18 @@ entware|ipkg update<br>ipkg install smartdns|软件源路径https://bin.entwa
```shell
# vi /opt/etc/smartdns/smartdns.conf
```
`/opt/etc/smartdns/smartdns.conf`配置包含如下基本内容:
```
# 指定监听的端口号
bind []:53
# 指定上游服务器
server 1.1.1.1
server-tls 8.8.8.8
# 指定域名规则
address /example.com/1.2.3.4
domain-rule /example.com/ -address 1.2.3.4
```
另外,如需支持 IPv6可设置工作模式为 `2`,将 DNSmasq 的 DNS 服务禁用,设置 SmartDNS 为主用 DNS 服务器。将文件 `/opt/etc/smartdns/smartdns-opt.conf` 中的 `SMARTDNS_WORKMODE` 的值修改为 `2`
@@ -480,6 +520,17 @@ entware|ipkg update<br>ipkg install smartdns|软件源路径https://bin.entwa
尽可能配置多个上游DNS服务器包括国内外的服务器。
具体配置请参考[配置文件说明](#配置文件说明)。
`smartdns.conf` 配置包含如下基本内容:
```
# 指定监听的端口号
bind []:53
# 指定上游服务器
server 1.1.1.1
server-tls 8.8.8.8
# 指定域名规则
address /example.com/1.2.3.4
domain-rule /example.com/ -address 1.2.3.4
```
4. 重新加载配置
@@ -508,6 +559,7 @@ entware|ipkg update<br>ipkg install smartdns|软件源路径https://bin.entwa
smartdns name = smartdns.
```
## 配置文件说明
配置建议:**smartdns默认已设置为最优模式适合大部分场景的DNS查询体验改善一般情况只需要增加上游服务器地址即可无需做其他配置修改如有其他配置修改请务必了解其用途避免修改后起到反作用。**
@@ -530,16 +582,18 @@ entware|ipkg update<br>ipkg install smartdns|软件源路径https://bin.entwa
| log-level | 设置日志级别 | error | fatal、error、warn、notice、info 或 debug | log-level error |
| log-file | 日志文件路径 | /var/log/smartdns/smartdns.log | 合法路径字符串 | log-file /var/log/smartdns/smartdns.log |
| log-size | 日志大小 | 128K | 数字 + K、M 或 G | log-size 128K |
| log-num | 日志归档个数 | 2 | 大于等于 0 的数字 | log-num 2 |
| log-num | 日志归档个数 | openwrt为2 其他系统为8 | 大于等于 0 的数字0表示禁用日志 | log-num 2 |
| log-file-mode | 日志归档文件权限 | 0640 | 文件权限 | log-file-mode 644 |
| audit-enable | 设置审计启用 | no | [yes\|no] | audit-enable yes |
| audit-file | 审计文件路径 | /var/log/smartdns/smartdns-audit.log | 合法路径字符串 | audit-file /var/log/smartdns/smartdns-audit.log |
| audit-size | 审计大小 | 128K | 数字 + K、M 或 G | audit-size 128K |
| audit-num | 审计归档个数 | 2 | 大于等于 0 的数字 | audit-num 2 |
| audit-file-mode | 审计归档文件权限 | 0640 | 文件权限 | log-file-mode 644 |
| conf-file | 附加配置文件 | 无 | 合法路径字符串 | conf-file /etc/smartdns/smartdns.more.conf |
| server | 上游 UDP DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-blacklist-ip]:配置 IP 过滤结果。<br>[-whitelist-ip]:指定仅接受参数中配置的 IP 范围<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server 8.8.8.8:53 -blacklist-ip -group g1 |
| server-tcp | 上游 TCP DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:指定仅接受参数中配置的 IP 范围。<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-tcp 8.8.8.8:53 |
| server-tls | 上游 TLS DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]TLS 合法性校验 SPKI 值base64 编码的 sha256 SPKI pin 值<br>[-host-name]TLS SNI 名称, 名称设置为-表示停用SNI名称<br>[-tls-host-verify]TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-tls 8.8.8.8:853 |
| server-https | 上游 HTTPS DNS | 无 | 可重复。<br>https://[host][:port]/path服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]TLS 合法性校验 SPKI 值base64 编码的 sha256 SPKI pin 值<br>[-host-name]TLS SNI 名称<br>[-http-host]http 协议头主机名<br>[-tls-host-verify]TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围。<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除 | server-https https://cloudflare-dns.com/dns-query |
| server | 上游 UDP DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-blacklist-ip]:配置 IP 过滤结果。<br>[-whitelist-ip]:指定仅接受参数中配置的 IP 范围<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除。<br>[-set-mark]设置数据包标记so-mark| server 8.8.8.8:53 -blacklist-ip -group g1 |
| server-tcp | 上游 TCP DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:指定仅接受参数中配置的 IP 范围。<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除。<br>[-set-mark]设置数据包标记so-mark | server-tcp 8.8.8.8:53 |
| server-tls | 上游 TLS DNS | 无 | 可重复。<br>[ip][:port]:服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]TLS 合法性校验 SPKI 值base64 编码的 sha256 SPKI pin 值<br>[-host-name]TLS SNI 名称, 名称设置为-表示停用SNI名称<br>[-tls-host-verify]TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除。<br>[-set-mark]设置数据包标记so-mark | server-tls 8.8.8.8:853 |
| server-https | 上游 HTTPS DNS | 无 | 可重复。<br>https://[host][:port]/path服务器 IP:端口(可选)<br>[-spki-pin [sha256-pin]]TLS 合法性校验 SPKI 值base64 编码的 sha256 SPKI pin 值<br>[-host-name]TLS SNI 名称<br>[-http-host]http 协议头主机名<br>[-tls-host-verify]TLS 证书主机名校验<br> [-no-check-certificate]:跳过证书校验<br>[-blacklist-ip]:配置 IP 过滤结果<br>[-whitelist-ip]:仅接受参数中配置的 IP 范围。<br>[-group [group] ...]DNS 服务器所属组,比如 office 和 foreign和 nameserver 配套使用<br>[-exclude-default-group]:将 DNS 服务器从默认组中排除。<br>[-set-mark]设置数据包标记so-mark | server-https https://cloudflare-dns.com/dns-query |
| speed-check-mode | 测速模式选择 | 无 | [ping\|tcp:[80]\|none] | speed-check-mode ping,tcp:80,tcp:443 |
| response-mode | 首次查询响应模式 | first-ping |模式:[fisrt-ping\|fastest-ip\|fastest-response]<br> [first-ping]: 最快ping响应地址模式DNS上游最快查询时延+ping时延最短查询等待与链接体验最佳;<br>[fastest-ip]: 最快IP地址模式查询到的所有IP地址中ping最短的IP。需等待IP测速; <br>[fastest-response]: 最快响应的DNS结果DNS查询等待时间最短返回的IP地址可能不是最快。| response-mode first-ping |
| address | 指定域名 IP 地址 | 无 | address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6] <br>- 表示忽略 <br># 表示返回 SOA <br>4 表示 IPv4 <br>6 表示 IPv6 | address /www.example.com/1.2.3.4 |
@@ -549,7 +603,7 @@ entware|ipkg update<br>ipkg install smartdns|软件源路径https://bin.entwa
| nftset | 域名 nftset | 无 | nftset /domain/[#4\|#6\|-]:[family#nftable#nftset\|-][,#[4\|6]:[family#nftable#nftset\|-]]]-表示忽略ipv4 地址的 family 只支持 inet 和 ipipv6 地址的 family 只支持 inet 和 ip6由于 nft 限制,两种地址只能分开存放于两个 set 中。| nftset /www.example.com/#4:inet#mytab#dns4,#6:- |
| nftset-timeout | 设置 nftset 超时功能启用 | no | [yes\|no] | nftset-timeout yes |
| nftset-debug | 设置 nftset 调试功能启用 | no | [yes\|no] | nftset-debug yes |
| domain-rules | 设置域名规则 | 无 | domain-rules /domain/ [-rules...]<br>[-c\|-speed-check-mode]:测速模式,参考 speed-check-mode 配置<br>[-a\|-address]:参考 address 配置<br>[-n\|-nameserver]:参考 nameserver 配置<br>[-p\|-ipset]参考ipset配置<br>[-t\|-nftset]参考nftset配置<br>[-d\|-dualstack-ip-selection]:参考 dualstack-ip-selection | domain-rules /www.example.com/ -speed-check-mode none |
| domain-rules | 设置域名规则 | 无 | domain-rules /domain/ [-rules...]<br>[-c\|-speed-check-mode]:测速模式,参考 speed-check-mode 配置<br>[-a\|-address]:参考 address 配置<br>[-n\|-nameserver]:参考 nameserver 配置<br>[-p\|-ipset]参考ipset配置<br>[-t\|-nftset]参考nftset配置<br>[-d\|-dualstack-ip-selection]:参考 dualstack-ip-selection<br> [-no-serve-expired]:禁用过期缓存 | domain-rules /www.example.com/ -speed-check-mode none |
| domain-set | 设置域名集合 | 无 | domain-set [options...]<br>[-n\|-name]:域名集合名称 <br>[-t\|-type]域名集合类型当前仅支持list格式为域名列表一行一个域名。<br>[-f\|-file]:域名集合文件路径。<br> 选项需要配合address, nameserver, ipset, nftset等需要指定域名的地方使用使用方式为 /domain-set:[name]/| domain-set -name set -type list -file /path/to/list <br> address /domain-set:set/1.2.4.8 |
| bogus-nxdomain | 假冒 IP 地址过滤 | 无 | [ip/subnet],可重复 | bogus-nxdomain 1.2.3.4/16 |
| ignore-ip | 忽略 IP 地址 | 无 | [ip/subnet],可重复 | ignore-ip 1.2.3.4/16 |

75
ReadMe_en.md
View File

@@ -17,7 +17,7 @@ Support Raspberry Pi, openwrt, ASUS router, Windows and other devices.
- [Usage](#usage)
- [Use official installation source](#use-official-installation-source)
- [Download the package](#download-the-package)
- [Standard Linux system installation/Raspberry Pi, X86_64 system](#standard-linux-system-installationraspberry-pi-x86_64-system)
- [Standard Linux system installation/Raspberry Pi, X86\_64 system](#standard-linux-system-installationraspberry-pi-x86_64-system)
- [openwrt](#openwrt)
- [ASUS router native firmware / Merlin firmware](#asus-router-native-firmware--merlin-firmware)
- [optware/entware](#optwareentware)
@@ -118,6 +118,9 @@ From the comparison, smartdns found the fastest IP address to visit www.baidu.co
8. **High performance, low resource consumption**
Multi-threaded asynchronous IO mode, cache cache query results.
9. **DNS domain forwarding**
Support DNS forwarding, ipset and nftables.
## Architecture
![Architecture](doc/architecture.png)
@@ -164,7 +167,7 @@ Download the matching version of the SmartDNS installation package. The correspo
* The released packages are statically compiled. If you need a small size package, please compile it yourself or obtain it from the openwrt / entware repository.
* **Please download from the Release page: [Download here](https://github.com/pymu/smartdns/releases)**
* **Please download from the Release page: [Download here](https://github.com/pymumu/smartdns/releases)**
```shell
https://github.com/pymumu/smartdns/releases
@@ -192,6 +195,10 @@ https://github.com/pymumu/smartdns/releases
chmod +x ./install
./install -i
```
**For Ubuntu system:**
* `systemd-resolved` occupies TCP53 and UDP53 ports. You need to manually resolve the port occupancy problem or modify the SmartDNS listening port
* Log files in `/var/log/smartdns/smartdns.log`
1. Configuration
@@ -203,6 +210,18 @@ https://github.com/pymumu/smartdns/releases
vi /etc/smartdns/smartdns.conf
```
`smartdns.conf` example:
```
# set listen port
bind []:53
# set upstream servers
server 1.1.1.1
server-tls 8.8.8.8
# set domain rules
address /example.com/1.2.3.4
domain-rule /example.com/ -address 1.2.3.4
```
1. Start Service
```shell
@@ -363,6 +382,18 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
```shell
vi /opt/etc/smartdns/smartdns.conf
```
`smartdns.conf` example:
```
# set listen port
bind []:53
# set upstream servers
server 1.1.1.1
server-tls 8.8.8.8
# set domain rules
address /example.com/1.2.3.4
domain-rule /example.com/ -address 1.2.3.4
```
It can also be modified from Network Neighborhood. From the neighbor sharing directory `sda1` you can't see the `asusware.mipsbig` directory, but you can directly enter `asusware.mipsbig\etc\init.d` in `File Manager` to modify it.
@@ -392,6 +423,18 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
Vi /opt/etc/smartdns/smartdns.conf
```
`smartdns.conf` example:
```
# set listen port
bind []:53
# set upstream servers
server 1.1.1.1
server-tls 8.8.8.8
# set domain rules
address /example.com/1.2.3.4
domain-rule /example.com/ -address 1.2.3.4
```
Note: if you need to support IPV6, you can set the worke-mode to `2`, this will disable the DNS service of dnsmasq, and smartdns run as the primary DNS server. Change `SMARTDNS_WORKMODE` in the file `/opt/etc/smartdns/smartdns-opt.conf` to 2.
```shell
@@ -447,6 +490,18 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
In general, you only need to add `server [IP]:port`, `server-tcp [IP]:port` configuration items.
Configure as many upstream DNS servers as possible, including servers at home and abroad. Please refer to the `Configuration Parameters` section for configuration parameters.
`smartdns.conf` example:
```
# set listen port
bind []:53
# set upstream servers
server 1.1.1.1
server-tls 8.8.8.8
# set domain rules
address /example.com/1.2.3.4
domain-rule /example.com/ -address 1.2.3.4
```
1. Start Service
Double-click `reload.bat` in the `D:\smartdns\package\windows` directory for reload.
@@ -489,16 +544,18 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
|log-level|log level|error|fatal,error,warn,notice,info,debug|log-level error
|log-file|log path|/var/log/smartdns/smartdns.log|File Pah|log-file /var/log/smartdns/smartdns.log
|log-size|log size|128K|number+K,M,G|log-size 128K
|log-num|archived log number|2|Integer|log-num 2
|log-num|archived log number|2 for openwrt, 8 for other system|Integer, 0 means turn off the log|log-num 2
|log-file-mode|archived log file mode|0640|Integer|log-file-mode 644
|audit-enable|audit log enable|no|[yes\|no]|audit-enable yes
|audit-file|audit log file|/var/log/smartdns/smartdns-audit.log|File Path|audit-file /var/log/smartdns/smartdns-audit.log
|audit-size|audit log size|128K|number+K,M,G|audit-size 128K
|audit-num|archived audit log number|2|Integer|audit-num 2
|audit-num|archived audit log number|2|Integer, 0 means turn off the log|audit-num 2
|audit-file-mode|archived audit log file mode|0640|Integer|audit-file-mode 644
|conf-file|additional conf file|None|File path|conf-file /etc/smartdns/smartdns.more.conf
|server|Upstream UDP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server 8.8.8.8:53 -blacklist-ip
|server-tcp|Upstream TCP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tcp 8.8.8.8:53
|server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name. `-` to disable SNI name.<br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tls 8.8.8.8:853
|server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name<br>`[-http-host]`http header host. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-https https://cloudflare-dns.com/dns-query
|server|Upstream UDP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group. <br>`[-set-mark]`set mark on packets | server 8.8.8.8:53 -blacklist-ip
|server-tcp|Upstream TCP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group <br>`[-set-mark]`set mark on packets | server-tcp 8.8.8.8:53
|server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name. `-` to disable SNI name.<br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group <br> `[-set-mark]`set mark on packets | server-tls 8.8.8.8:853
|server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name<br>`[-http-host]`http header host. <br>`[-tls-host-verify]`: TLS cert hostname to verify. <br>`-no-check-certificate:`: No check certificate. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group <br> `[-set-mark]`set mark on packets | server-https https://cloudflare-dns.com/dns-query
|speed-check-mode|Speed mode|None|[ping\|tcp:[80]\|none]|speed-check-mode ping,tcp:80,tcp:443
|response-mode|First query response mode|first-ping|Mode: [fisrt-ping\|fastest-ip\|fastest-response]<br> [first-ping]: The fastest dns + ping response mode, DNS query delay + ping delay is the shortest;<br>[fastest-ip]: The fastest IP address mode, return the fastest ip address, may take some time to test speed. <br>[fastest-response]: The fastest response DNS result mode, the DNS query waiting time is the shortest. | response-mode first-ping |
|address|Domain IP address|None|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6], `-` for ignore, `#` for return SOA, `4` for IPV4, `6` for IPV6| address /www.example.com/1.2.3.4
@@ -508,7 +565,7 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
|nftset|Domain nftset|None|nftset /domain/[#4\|#6\|-]:[family#nftable#nftset\|-][,#[4\|6]:[family#nftable#nftset\|-]]], `-` to ignore; the valid families are inet and ip for ipv4 addresses while the valid ones are inet and ip6 for ipv6 addresses; due to the limitation of nft, two types of addresses have to be stored in two sets|nftset /www.example.com/#4:inet#mytab#dns4,#6:-
|nftset-timeout|nftset timeout enable|no|[yes\|no]|nftset-timeout yes
|nftset-debug|nftset debug enable|no|[yes\|no]|nftset-debug yes
|domain-rules|set domain rules|None|domain-rules /domain/ [-rules...]<br>[-c\|-speed-check-mode]: set speed check modesame as parameter speed-check-mode<br>[-a\|-address]: same as parameter `address` <br>[-n\|-nameserver]: same as parameter `nameserver`<br>[-p\|-ipset]: same as parameter `nftset`<br>[-t\|-nftset]: same as parameter `nftset`<br>[-d\|-dualstack-ip-selection]: same as parameter `dualstack-ip-selection`|domain-rules /www.example.com/ -speed-check-mode none
|domain-rules|set domain rules|None|domain-rules /domain/ [-rules...]<br>[-c\|-speed-check-mode]: set speed check modesame as parameter speed-check-mode<br>[-a\|-address]: same as parameter `address` <br>[-n\|-nameserver]: same as parameter `nameserver`<br>[-p\|-ipset]: same as parameter `nftset`<br>[-t\|-nftset]: same as parameter `nftset`<br>[-d\|-dualstack-ip-selection]: same as parameter `dualstack-ip-selection`<br> [-no-serve-expired]disable serve expired|domain-rules /www.example.com/ -speed-check-mode none
| domain-set | collection of domains|None| domain-set [options...]<br>[-n\|-name]name of set <br>[-t\|-type] [list]: set type, only support list, one domain per line <br>[-f\|-file]file path of domain set<br> used with address, nameserver, ipset, nftset, example: /domain-set:[name]/ | domain-set -name set -type list -file /path/to/list <br> address /domain-set:set/1.2.4.8 |
|bogus-nxdomain|bogus IP address|None|[IP/subnet], Repeatable| bogus-nxdomain 1.2.3.4/16
|ignore-ip|ignore ip address|None|[ip/subnet], Repeatable| ignore-ip 1.2.3.4/16

6
etc/smartdns/smartdns.conf
View File

@@ -32,6 +32,7 @@
# -no-rule-soa: Skip address SOA(#) rules.
# -no-dualstack-selection: Disable dualstack ip selection.
# -force-aaaa-soa: force AAAA query return SOA.
# -set-mark: set mark on packets.
# example:
# IPV4:
# bind :53
@@ -132,12 +133,13 @@ force-qtype-SOA 65
# log-level: [level], level=fatal, error, warn, notice, info, debug
# log-file: file path of log file.
# log-size: size of each log file, support k,m,g
# log-num: number of logs
# log-num: number of logs, 0 means disable log
log-level info
# log-file /var/log/smartdns/smartdns.log
# log-size 128k
# log-num 2
# log-file-mode [mode]: file mode of log file.
# dns audit
# audit-enable [yes|no]: enable or disable audit.
@@ -145,6 +147,7 @@ log-level info
# audit-SOA [yes|no]: enable or disable log soa result.
# audit-size size of each audit file, support k,m,g
# audit-file /var/log/smartdns-audit.log
# audit-file-mode [mode]: file mode of audit file.
# audit-size 128k
# audit-num 2
@@ -237,6 +240,7 @@ log-level info
# [-p] -ipset [ipset|-]: same as ipset option
# [-t] -nftset [nftset|-]: same as nftset option
# [-d] -dualstack-ip-selection [yes|no]: same as dualstack-ip-selection option
# -no-serve-expired: ignore expired domain
# collection of domains
# the domain-set can be used with /domain/ for address, nameserver, ipset, etc.

26
package/luci-compat/files/luci/i18n/smartdns.zh-cn.po
View File

@@ -2,6 +2,12 @@
msgid "Additional Args for upstream dns servers"
msgstr "额外的上游 DNS 服务器参数"
msgid "Additional Rule Flag"
msgstr "额外规则标识"
msgid "Additional Flags for rules, read help on domain-rule for more information."
msgstr "额外的规则标识具体参考domain-rule的帮助说明。"
msgid "Additional Server Args"
msgstr "额外的服务器参数"
@@ -224,6 +230,12 @@ msgstr "下载的文件列表。"
msgid "Local Port"
msgstr "本地端口"
msgid "Marking Packets"
msgstr "数据包标记"
msgid "Set mark on packets."
msgstr "设置数据包标记。"
msgid "Maximum TTL for all domain result."
msgstr "所有域名的最大 TTL 值。"
@@ -369,6 +381,15 @@ msgstr ""
msgid "Smartdns server name"
msgstr "SmartDNS的服务器名称默认为smartdns留空为主机名"
msgid "Speed check mode is invalid."
msgstr "测速模式无效。"
msgid "Speed Check Mode"
msgstr "测速模式"
msgid "Smartdns speed check mode. "
msgstr "SmartDns测速模式设置。"
msgid ""
"Specify an IP address to return for any host in the given domains, Queries "
"in the domains are never forwarded and always replied to with the specified "
@@ -377,6 +398,9 @@ msgstr ""
"配置特定域名返回特定的IP地址域名查询将不到上游服务器请求直接返回配置的IP"
"地址,可用于广告屏蔽。"
msgid "Report bugs"
msgstr "报告BUG"
msgid "TCP Server"
msgstr "TCP服务器"
@@ -405,7 +429,7 @@ msgid "Update Files"
msgstr "更新文件"
msgid "Upload Config File"
msgstr "上传域名列表文件"
msgstr "上传配置文件"
msgid "Upload Domain List File"
msgstr "上传域名列表文件"

81
package/luci-compat/files/luci/model/cbi/smartdns/smartdns.lua
View File

@@ -55,8 +55,54 @@ o.default = 53
o.datatype = "port"
o.rempty = false
---- Speed check mode;
o = s:taboption("advanced", Value, "speed_check_mode", translate("Speed Check Mode"), translate("Smartdns speed check mode."));
o.rmempty = true;
o.placeholder = "default";
o.default = o.enabled;
o:value("ping,tcp:80,tcp:443");
o:value("ping,tcp:443,tcp:80");
o:value("tcp:80,tcp:443,ping");
o:value("tcp:443,tcp:80,ping");
o:value("none", translate("None"));
function o.validate (section_id, value)
if value == "" then
return value
end
if value == nil then
return nil, translate("Speed check mode is invalid.")
end
if value == "none" then
return value
end
local mode = value:split(",");
for _, v in ipairs(mode) do repeat
if v == "ping" then
break
end
if v == nil then
return nil, translate("Speed check mode is invalid.")
end
local port = v:split(":");
if "tcp" == port[1] then
if tonumber(port[2]) then
break
end
end
return nil, translate("Speed check mode is invalid.")
until true end
return value
end
---- Enable TCP server
o = s:taboption("settings", Flag, "tcp_server", translate("TCP Server"), translate("Enable TCP DNS Server"))
o = s:taboption("advanced", Flag, "tcp_server", translate("TCP Server"), translate("Enable TCP DNS Server"))
o.rmempty = false
o.default = o.enabled
o.cfgvalue = function(...)
@@ -64,7 +110,7 @@ o.cfgvalue = function(...)
end
---- Support IPV6
o = s:taboption("settings", Flag, "ipv6_server", translate("IPV6 Server"), translate("Enable IPV6 DNS Server"))
o = s:taboption("advanced", Flag, "ipv6_server", translate("IPV6 Server"), translate("Enable IPV6 DNS Server"))
o.rmempty = false
o.default = o.enabled
o.cfgvalue = function(...)
@@ -337,14 +383,21 @@ o.datatype = "hostname"
o.rempty = true
uci:foreach("smartdns", "server", function(section)
local server_group = section.server_group
if server_group == nil then
return
end
o:value(server_group);
end)
function o.validate (section_id, value)
if (value == "") then
if value == "" then
return value
end
if value == nil then
return nil, translate('Server Group not exists')
end
local exists = false
uci:foreach("smartdns", "server", function(section)
local server_group = section.server_group
@@ -357,7 +410,7 @@ function o.validate (section_id, value)
end
end)
if (exists == false) then
if exists == false then
return nil, translate('Server Group not exists')
end
@@ -395,6 +448,12 @@ function o.validate(self, value)
return nil, translate("NFTset name format error, format: [#[4|6]:[family#table#set]]")
end
---- other args
o = s:taboption("forwarding", Value, "addition_flag", translate("Additional Rule Flag"), translate("Additional Flags for rules, read help on domain-rule for more information."))
o.default = ""
o.rempty = true
o.modalonly = true;
o = s:taboption("forwarding", FileUpload, "forwarding_domain_set_file", translate("Domain List File"),
translate("Upload domain list file, or configure auto download from Download File Setting page."))
o.rmempty = true
@@ -517,7 +576,11 @@ o.rmempty = false
o.datatype = 'string'
function o.validate(self, value, section)
if value == "" then
return nil
return nil, translate("URL format error, format: http:// or https://")
end
if value == nil then
return nil, translate("URL format error, format: http:// or https://")
end
if value.find(value, "http://") then
@@ -554,6 +617,14 @@ o.write = function()
luci.http.redirect("https://pymumu.github.io/smartdns")
end
o = s:option(Button, "report")
o.title = translate("Report bugs")
o.inputtitle = translate("Report bugs")
o.inputstyle = "apply"
o.write = function()
luci.http.redirect("https://github.com/pymumu/smartdns/issues")
end
o = s:option(Button, "Donate")
o.title = translate("Donate to smartdns")
o.inputtitle = translate("Donate")

6
package/luci-compat/files/luci/model/cbi/smartdns/upstream.lua
View File

@@ -127,6 +127,12 @@ o.rempty = true
o:depends("type", "tls")
o:depends("type", "https")
---- mark
o = s:option(Value, "set_mark", translate("Marking Packets"), translate("Set mark on packets."))
o.default = ""
o.rempty = true
o.datatype = "uinteger"
---- other args
o = s:option(Value, "addition_arg", translate("Additional Server Args"), translate("Additional Args for upstream dns servers"))
o.default = ""

51
package/luci/files/luci/i18n/smartdns.zh-cn.po
View File

@@ -2,6 +2,12 @@
msgid "Additional Args for upstream dns servers"
msgstr "额外的上游 DNS 服务器参数"
msgid "Additional Rule Flag"
msgstr "额外规则标识"
msgid "Additional Flags for rules, read help on domain-rule for more information."
msgstr "额外的规则标识具体参考domain-rule的帮助说明。"
msgid "Additional Server Args"
msgstr "额外的服务器参数"
@@ -19,6 +25,12 @@ msgstr "自动设置Dnsmasq"
msgid "Automatically set as upstream of dnsmasq when port changes."
msgstr "端口更改时自动设为 dnsmasq 的上游。"
msgid "Block domain"
msgstr "屏蔽域名"
msgid "Block domain."
msgstr "屏蔽域名。"
msgid "Cache Size"
msgstr "缓存大小"
@@ -33,6 +45,9 @@ msgstr "配置需要从指定域名服务器结果过滤的IP黑名单。"
msgid "Configure block domain list."
msgstr "配置屏蔽域名列表"
msgid "Configure domain rule list."
msgstr "配置域名规则列表"
msgid "Configure forwarding domain name list."
msgstr "配置分流域名列表"
@@ -66,6 +81,9 @@ msgstr "协议类型"
msgid "DNS domain result cache size"
msgstr "缓存DNS的结果缓存大小配置零则不缓存"
msgid "default"
msgstr "默认"
msgid "Description"
msgstr "描述"
@@ -87,6 +105,12 @@ msgstr "域名列表"
msgid "Domain List File"
msgstr "域名列表文件"
msgid "Domain Rule List"
msgstr "域名规则列表"
msgid "Domain Rule Name"
msgstr "域名规则名称"
msgid "Domain Rules"
msgstr "域名规则"
@@ -232,6 +256,12 @@ msgstr "下载文件列表"
msgid "Local Port"
msgstr "本地端口"
msgid "Marking Packets"
msgstr "数据包标记"
msgid "Set mark on packets."
msgstr "设置数据包标记。"
msgid "Maximum TTL for all domain result."
msgstr "所有域名的最大 TTL 值。"
@@ -250,9 +280,15 @@ msgstr "NFTSet名称格式[#[4|6]:[family#table#set]]"
msgid "NOT RUNNING"
msgstr "未运行"
msgid "No"
msgstr "否"
msgid "No check certificate"
msgstr "停用证书校验"
msgid "None"
msgstr "无"
msgid "Query DNS through specific dns server group, such as office, home."
msgstr "使用指定服务器组查询比如office, home。"
@@ -265,6 +301,9 @@ msgstr "回应的域名TTL最大值"
msgid "Reply maximum TTL for all domain result."
msgstr "设置返回给客户端的域名TTL最大值。"
msgid "Report bugs"
msgstr "报告BUG"
msgid "Resolve Local Hostnames"
msgstr "解析本地主机名"
@@ -295,6 +334,9 @@ msgstr "服务器名称"
msgid "Set Specific domain ip address."
msgstr "设置指定域名的IP地址。"
msgid "Set Specific domain rule list."
msgstr "设置指定域名的规则列表。"
msgid "Set Specific ip blacklist."
msgstr "设置指定的 IP 黑名单列表。"
@@ -377,6 +419,12 @@ msgstr ""
msgid "Smartdns server name"
msgstr "SmartDNS的服务器名称默认为smartdns留空为主机名"
msgid "Smartdns speed check mode."
msgstr "SmartDNS测速模式。"
msgid "Speed Check Mode"
msgstr "测速模式"
msgid ""
"Specify an IP address to return for any host in the given domains, Queries "
"in the domains are never forwarded and always replied to with the specified "
@@ -485,3 +533,6 @@ msgstr "类型"
msgid "udp"
msgstr "udp"
msgid "Yes"
msgstr "是"

225
package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js
View File

@@ -155,19 +155,59 @@ return view.extend({
o.datatype = "port";
o.rempty = false;
///////////////////////////////////////
// advanced settings;
///////////////////////////////////////
// Speed check mode;
o = s.taboption("advanced", form.Value, "speed_check_mode", _("Speed Check Mode"), _("Smartdns speed check mode."));
o.rmempty = true;
o.placeholder = "default";
o.value("", _("default"));
o.value("ping,tcp:80,tcp:443");
o.value("ping,tcp:443,tcp:80");
o.value("tcp:80,tcp:443,ping");
o.value("tcp:443,tcp:80,ping");
o.value("none", _("None"));
o.validate = function (section_id, value) {
if (value == "") {
return true;
}
if (value == "none") {
return true;
}
var check_mode = value.split(",")
for (var i = 0; i < check_mode.length; i++) {
if (check_mode[i] == "ping") {
continue;
}
if (check_mode[i].indexOf("tcp:") == 0) {
var port = check_mode[i].split(":")[1];
if (port == "") {
return _("TCP port is empty");
}
continue;
}
return _("Speed check mode is invalid.");
}
return true;
}
// Enable TCP server;
o = s.taboption("settings", form.Flag, "tcp_server", _("TCP Server"), _("Enable TCP DNS Server"));
o = s.taboption("advanced", form.Flag, "tcp_server", _("TCP Server"), _("Enable TCP DNS Server"));
o.rmempty = false;
o.default = o.enabled;
// Support IPV6;
o = s.taboption("settings", form.Flag, "ipv6_server", _("IPV6 Server"), _("Enable IPV6 DNS Server"));
o = s.taboption("advanced", form.Flag, "ipv6_server", _("IPV6 Server"), _("Enable IPV6 DNS Server"));
o.rmempty = false;
o.default = o.enabled;
///////////////////////////////////////
// advanced settings;
///////////////////////////////////////
// Support DualStack ip selection;
o = s.taboption("advanced", form.Flag, "dualstack_ip_selection", _("Dual-stack IP Selection"),
_("Enable IP selection between IPV4 and IPV6"));
@@ -334,7 +374,6 @@ return view.extend({
o.rmempty = true
o.datatype = "file"
o.rempty = true
o.editable = true
o.root_directory = "/etc/smartdns/conf.d"
o = s.taboption("files", form.FileUpload, "upload_list_file", _("Upload Domain List File"),
@@ -342,7 +381,6 @@ return view.extend({
o.rmempty = true
o.datatype = "file"
o.rempty = true
o.editable = true
o.root_directory = "/etc/smartdns/domain-set"
o = s.taboption('files', form.DummyValue, "_update", _("Update Files"));
@@ -546,6 +584,14 @@ return view.extend({
o.depends("type", "tls")
o.depends("type", "https")
// mark
o = s.taboption("advanced", form.Value, "set_mark", _("Marking Packets"),
_("Set mark on packets."))
o.default = ""
o.rempty = true
o.datatype = "uinteger"
o.modalonly = true;
// other args
o = s.taboption("advanced", form.Value, "addition_arg", _("Additional Server Args"),
_("Additional Args for upstream dns servers"))
@@ -562,6 +608,7 @@ return view.extend({
s.tab("forwarding", _('DNS Forwarding Setting'));
s.tab("block", _("DNS Block Setting"));
s.tab("domain-rule-list", _("Domain Rule List"), _("Set Specific domain rule list."));
s.tab("domain-address", _("Domain Address"), _("Set Specific domain ip address."));
s.tab("blackip-list", _("IP Blacklist"), _("Set Specific ip blacklist."));
@@ -625,6 +672,13 @@ return view.extend({
return true;
}
// other args
o = s.taboption("forwarding", form.Value, "addition_flag", _("Additional Rule Flag"),
_("Additional Flags for rules, read help on domain-rule for more information."))
o.default = ""
o.rempty = true
o.modalonly = true;
o = s.taboption("forwarding", form.FileUpload, "forwarding_domain_set_file", _("Domain List File"),
_("Upload domain list file, or configure auto download from Download File Setting page."));
o.rmempty = true
@@ -680,6 +734,155 @@ return view.extend({
});
};
///////////////////////////////////////
// domain rule list;
///////////////////////////////////////
o = s.taboption('domain-rule-list', form.SectionValue, '__domain-rule-list__', form.GridSection, 'domain-rule-list', _('Domain Rule List'),
_('Configure domain rule list.'));
ss = o.subsection;
ss.addremove = true;
ss.anonymous = true;
ss.sortable = true;
// enable flag;
so = ss.option(form.Flag, "enabled", _("Enable"), _("Enable"));
so.rmempty = false;
so.default = so.enabled;
so.editable = true;
// name;
so = ss.option(form.Value, "name", _("Domain Rule Name"), _("Domain Rule Name"));
so = ss.option(form.Value, "server_group", _("Server Group"), _("DNS Server group belongs to, such as office, home."))
so.rmempty = true
so.placeholder = "default"
so.datatype = "hostname"
so.rempty = true
for (const groupname of groupnames) {
so.value(groupname);
}
so.validate = function (section_id, value) {
if (value == "") {
return true;
}
var val = uci.sections('smartdns', 'server');
for (var i = 0; i < val.length; i++) {
if (value == val[i].server_group) {
return true;
}
}
return _('Server Group %s not exists').format(value);
}
so = ss.option(form.FileUpload, "domain_list_file", _("Domain List File"),
_("Upload domain list file, or configure auto download from Download File Setting page."));
so.rmempty = false
so.datatype = "file"
so.rempty = true
so.root_directory = "/etc/smartdns/domain-set"
so = ss.option(form.ListValue, "block_domain_type", _("Block domain"), _("Block domain."));
so.rmempty = true;
so.value("none", _("None"));
so.value("all", "IPv4/IPv6");
so.value("ipv4", "IPv4");
so.value("ipv6", "IPv6");
so.modalonly = true;
// Support DualStack ip selection;
so = ss.option(form.ListValue, "dualstack_ip_selection", _("Dual-stack IP Selection"),
_("Enable IP selection between IPV4 and IPV6"));
so.rmempty = true;
so.default = "default";
so.modalonly = true;
so.value("", _("default"));
so.value("yes", _("Yes"));
so.value("no", _("No"));
so = ss.option(form.Value, "speed_check_mode", _("Speed Check Mode"), _("Smartdns speed check mode."));
so.rmempty = true;
so.placeholder = "default";
so.modalonly = true;
so.value("", _("default"));
so.value("ping,tcp:80,tcp:443");
so.value("ping,tcp:443,tcp:80");
so.value("tcp:80,tcp:443,ping");
so.value("tcp:443,tcp:80,ping");
so.value("none", _("None"));
so.validate = function (section_id, value) {
if (value == "") {
return true;
}
if (value == "none") {
return true;
}
var check_mode = value.split(",")
for (var i = 0; i < check_mode.length; i++) {
if (check_mode[i] == "ping") {
continue;
}
if (check_mode[i].indexOf("tcp:") == 0) {
var port = check_mode[i].split(":")[1];
if (port == "") {
return _("TCP port is empty");
}
continue;
}
return _("Speed check mode is invalid.");
}
return true;
}
so = ss.option(form.Flag, "force_aaaa_soa", _("Force AAAA SOA"), _("Force AAAA SOA."));
so.rmempty = true;
so.default = so.disabled;
so.modalonly = true;
so = ss.option(form.Value, "ipset_name", _("IPset Name"), _("IPset name."));
so.rmempty = true;
so.datatype = "hostname";
so.rempty = true;
so.modalonly = true;
so = ss.option(form.Value, "nftset_name", _("NFTset Name"), _("NFTset name, format: [#[4|6]:[family#table#set]]"));
so.rmempty = true;
so.datatype = "string";
so.rempty = true;
so.modalonly = true;
so.validate = function (section_id, value) {
if (value == "") {
return true;
}
var nftset = value.split(",")
for (var i = 0; i < nftset.length; i++) {
if (!nftset[i].match(/#[4|6]:[a-zA-Z0-9\-_]+#[a-zA-Z0-9\-_]+#[a-zA-Z0-9\-_]+$/)) {
return _("NFTset name format error, format: [#[4|6]:[family#table#set]]");
}
}
return true;
}
// other args
so = ss.option(form.Value, "addition_flag", _("Additional Rule Flag"),
_("Additional Flags for rules, read help on domain-rule for more information."))
so.default = ""
so.rempty = true
so.modalonly = true;
///////////////////////////////////////
// IP Blacklist;
///////////////////////////////////////
@@ -734,6 +937,14 @@ return view.extend({
window.open("https://pymumu.github.io/smartdns", '_blank');
};
o = s.option(form.Button, "report");
o.title = _("Report bugs");
o.inputtitle = _("Report bugs");
o.inputstyle = "apply";
o.onclick = function () {
window.open("https://github.com/pymumu/smartdns/issues", '_blank');
};
o = s.option(form.Button, "Donate");
o.title = _("Donate to smartdns");
o.inputtitle = _("Donate");

83
package/openwrt/files/etc/init.d/smartdns
View File

@@ -183,6 +183,7 @@ load_server()
config_get check_edns "$section" "check_edns" "0"
config_get spki_pin "$section" "spki_pin" ""
config_get addition_arg "$section" "addition_arg" ""
config_get set_mark "$section" "set_mark" ""
[ "$enabled" = "0" ] && return
@@ -214,6 +215,7 @@ load_server()
[ "$blacklist_ip" = "0" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -blacklist-ip"
[ "$check_edns" = "0" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -check-edns"
[ -z "$spki_pin" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -spki-pin $spki_pin"
[ -z "$set_mark" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -set-mark $set_mark"
if [ -z "$port" ]; then
DNS_ADDRESS="$ip"
@@ -278,9 +280,12 @@ load_domain_rules()
config_get ipset_name "$section" "ipset_name" ""
[ ! -z "$ipset_name" ] && domain_set_args="$domain_set_args -ipset $ipset_name"
config_get ipset_name "$section" "nftset_name" ""
config_get nftset_name "$section" "nftset_name" ""
[ ! -z "$nftset_name" ] && domain_set_args="$domain_set_args -nftset '$nftset_name'"
config_get addition_flag "$section" "addition_flag" ""
[ ! -z "$addition_flag" ] && domain_set_args="$domain_set_args $addition_flag"
config_get forwarding_domain_set_file "$section" "forwarding_domain_set_file" ""
[ ! -z "$forwarding_domain_set_file" ] && {
conf_append "domain-set" "-name ${domain_set_name}-forwarding-file -file '$forwarding_domain_set_file'"
@@ -300,6 +305,49 @@ load_domain_rules()
conf_append "domain-rules" "/domain-set:${domain_set_name}-block-list/ --address #"
}
load_domain_rule_list()
{
local section="$1"
local domain_set_args=""
local domain_set_name="$section"
config_get_bool enabled "$section" "enabled" "0"
[ "$enabled" != "1" ] && return
config_get server_group "$section" "server_group" ""
[ ! -z "$server_group" ] && domain_set_args="$domain_set_args -nameserver $server_group"
config_get block_domain_type "$section" "block_domain_type" ""
[ "$block_domain_type" = "all" ] && domain_set_args="$domain_set_args -address #"
[ "$block_domain_type" = "ipv4" ] && domain_set_args="$domain_set_args -address #4"
[ "$block_domain_type" = "ipv6" ] && domain_set_args="$domain_set_args -address #6"
config_get speed_check_mode "$section" "speed_check_mode" ""
[ ! -z "$speed_check_mode" ] && domain_set_args="$domain_set_args -speed-check-mode $speed_check_mode"
config_get dualstack_ip_selection "$section" "dualstack_ip_selection" ""
[ "$dualstack_ip_selection" = "no" ] && domain_set_args="$domain_set_args -dualstack-ip-selection no"
[ "$dualstack_ip_selection" = "yes" ] && domain_set_args="$domain_set_args -dualstack-ip-selection yes"
config_get_bool force_aaaa_soa "$section" "force_aaaa_soa" "0"
[ "$force_aaaa_soa" = "1" ] && domain_set_args="$domain_set_args -address #6"
config_get ipset_name "$section" "ipset_name" ""
[ ! -z "$ipset_name" ] && domain_set_args="$domain_set_args -ipset $ipset_name"
config_get nftset_name "$section" "nftset_name" ""
[ ! -z "$nftset_name" ] && domain_set_args="$domain_set_args -nftset '$nftset_name'"
config_get domain_list_file "$section" "domain_list_file" ""
[ -z "$domain_list_file" ] && return
config_get addition_flag "$section" "addition_flag" ""
[ ! -z "$addition_flag" ] && domain_set_args="$domain_set_args $addition_flag"
conf_append "domain-set" "-name domain-rule-list-${domain_set_name} -file '$domain_list_file'"
conf_append "domain-rules" "/domain-set:domain-rule-list-${domain_set_name}/ $domain_set_args"
}
load_second_server()
{
local section="$1"
@@ -393,6 +441,9 @@ load_service()
config_get ipv6_server "$section" "ipv6_server" "1"
config_get tcp_server "$section" "tcp_server" "1"
config_get speed_check_mode "$section" "speed_check_mode" ""
[ ! -z "$speed_check_mode" ] && conf_append "speed-check-mode" "$speed_check_mode"
config_get dualstack_ip_selection "$section" "dualstack_ip_selection" "0"
[ "$dualstack_ip_selection" = "0" ] && conf_append "dualstack-ip-selection" "no"
@@ -531,6 +582,8 @@ load_service()
config_foreach load_domain_rules "domain-rule"
config_foreach load_domain_rule_list "domain-rule-list"
{
echo "conf-file $ADDRESS_CONF"
echo "conf-file $BLACKLIST_IP_CONF"
@@ -602,6 +655,33 @@ download_file() {
fi
}
check_and_add_entry() {
local docommit=0
uci -q get smartdns.@smartdns[0] >/dev/null
if [ $? -ne 0 ]; then
uci -q add smartdns smartdns >/dev/null
docommit=1
fi
uci -q get smartdns.@domain-rule[0] >/dev/null
if [ $? -ne 0 ]; then
uci -q add smartdns domain-rule >/dev/null
docommit=1
fi
if [ "$docommit" = "1" ]; then
uci -q commit smartdns >/dev/null
fi
if [ ! -d "$SMARTDNS_DOMAIN_LIST_DOWNLOAD_DIR" ]; then
mkdir -p "$SMARTDNS_DOMAIN_LIST_DOWNLOAD_DIR"
fi
if [ ! -d "$SMARTDNS_CONF_DOWNLOAD_DIR" ]; then
mkdir -p "$SMARTDNS_CONF_DOWNLOAD_DIR"
fi
}
updatefiles() {
config_load "smartdns"
config_foreach download_file "download-file"
@@ -616,6 +696,7 @@ service_stopped()
start_service()
{
check_and_add_entry
config_load "smartdns"
config_foreach load_service "smartdns"
}

1
src/Makefile
View File

@@ -24,6 +24,7 @@ CFLAGS =-O2 -g -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasi
endif
override CFLAGS +=-Iinclude
override CFLAGS += -DBASE_FILE_NAME='"$(notdir $<)"'
override CFLAGS += $(EXTRA_CFLAGS)
ifdef VER
override CFLAGS += -DSMARTDNS_VERION='"$(VER)"'
endif

18
src/dns_cache.c
View File

@@ -245,7 +245,7 @@ struct dns_cache_data *dns_cache_new_data_packet(void *packet, size_t packet_len
return (struct dns_cache_data *)cache_packet;
}
static int _dns_cache_replace(struct dns_cache_key *cache_key, int ttl, int speed, int inactive,
static int _dns_cache_replace(struct dns_cache_key *cache_key, int ttl, int speed, int no_inactive, int inactive,
struct dns_cache_data *cache_data)
{
struct dns_cache *dns_cache = NULL;
@@ -258,7 +258,7 @@ static int _dns_cache_replace(struct dns_cache_key *cache_key, int ttl, int spee
/* lookup existing cache */
dns_cache = dns_cache_lookup(cache_key);
if (dns_cache == NULL) {
return dns_cache_insert(cache_key, ttl, speed, cache_data);
return dns_cache_insert(cache_key, ttl, speed, no_inactive, cache_data);
}
if (ttl < DNS_CACHE_TTL_MIN) {
@@ -273,6 +273,7 @@ static int _dns_cache_replace(struct dns_cache_key *cache_key, int ttl, int spee
dns_cache->info.query_flag = cache_key->query_flag;
dns_cache->info.ttl = ttl;
dns_cache->info.speed = speed;
dns_cache->info.no_inactive = no_inactive;
old_cache_data = dns_cache->cache_data;
dns_cache->cache_data = cache_data;
list_del_init(&dns_cache->list);
@@ -293,14 +294,14 @@ static int _dns_cache_replace(struct dns_cache_key *cache_key, int ttl, int spee
return 0;
}
int dns_cache_replace(struct dns_cache_key *cache_key, int ttl, int speed, struct dns_cache_data *cache_data)
int dns_cache_replace(struct dns_cache_key *cache_key, int ttl, int speed, int no_inactive, struct dns_cache_data *cache_data)
{
return _dns_cache_replace(cache_key, ttl, speed, 0, cache_data);
return _dns_cache_replace(cache_key, ttl, speed, no_inactive, 0, cache_data);
}
int dns_cache_replace_inactive(struct dns_cache_key *cache_key, int ttl, int speed, struct dns_cache_data *cache_data)
int dns_cache_replace_inactive(struct dns_cache_key *cache_key, int ttl, int speed, int no_inactive, struct dns_cache_data *cache_data)
{
return _dns_cache_replace(cache_key, ttl, speed, 1, cache_data);
return _dns_cache_replace(cache_key, ttl, speed, no_inactive, 1, cache_data);
}
static void _dns_cache_remove_by_domain(struct dns_cache_key *cache_key)
@@ -390,7 +391,7 @@ errout:
return -1;
}
int dns_cache_insert(struct dns_cache_key *cache_key, int ttl, int speed, struct dns_cache_data *cache_data)
int dns_cache_insert(struct dns_cache_key *cache_key, int ttl, int speed, int no_inactive, struct dns_cache_data *cache_data)
{
struct dns_cache_info info;
@@ -415,6 +416,7 @@ int dns_cache_insert(struct dns_cache_key *cache_key, int ttl, int speed, struct
info.ttl = ttl;
info.hitnum_update_add = DNS_CACHE_HITNUM_STEP;
info.speed = speed;
info.no_inactive = no_inactive;
time(&info.insert_time);
time(&info.replace_time);
@@ -663,7 +665,7 @@ void dns_cache_invalidate(dns_cache_callback precallback, int ttl_pre, unsigned
}
if (ttl < 0) {
if (dns_cache_head.enable_inactive) {
if (dns_cache_head.enable_inactive && dns_cache->info.no_inactive == 0) {
_dns_cache_move_inactive(dns_cache);
} else {
_dns_cache_remove(dns_cache);

7
src/dns_cache.h
View File

@@ -87,6 +87,7 @@ struct dns_cache_info {
int ttl;
int hitnum;
int speed;
int no_inactive;
int hitnum_update_add;
time_t insert_time;
time_t replace_time;
@@ -135,11 +136,11 @@ struct dns_cache_data *dns_cache_new_data_packet(void *packet, size_t packet_len
int dns_cache_init(int size, int enable_inactive, int inactive_list_expired);
int dns_cache_replace(struct dns_cache_key *key, int ttl, int speed, struct dns_cache_data *cache_data);
int dns_cache_replace(struct dns_cache_key *key, int ttl, int speed, int no_inactive, struct dns_cache_data *cache_data);
int dns_cache_replace_inactive(struct dns_cache_key *key, int ttl, int speed, struct dns_cache_data *cache_data);
int dns_cache_replace_inactive(struct dns_cache_key *key, int ttl, int speed, int no_inactive, struct dns_cache_data *cache_data);
int dns_cache_insert(struct dns_cache_key *key, int ttl, int speed, struct dns_cache_data *cache_data);
int dns_cache_insert(struct dns_cache_key *key, int ttl, int speed, int no_inactive, struct dns_cache_data *cache_data);
struct dns_cache *dns_cache_lookup(struct dns_cache_key *key);

77
src/dns_client.c
View File

@@ -93,6 +93,7 @@ struct dns_server_info {
int port;
/* server type */
dns_server_type_t type;
long long so_mark;
/* client socket */
int fd;
@@ -1045,6 +1046,7 @@ static int _dns_client_server_add(char *server_ip, char *server_host, int port,
server_info->ttl_range = 0;
server_info->skip_check_cert = skip_check_cert;
server_info->prohibit = 0;
server_info->so_mark = flags->set_mark;
pthread_mutex_init(&server_info->lock, NULL);
memcpy(&server_info->flags, flags, sizeof(server_info->flags));
@@ -1683,9 +1685,26 @@ static int _dns_client_create_socket_udp(struct dns_server_info *server_info)
goto errout;
}
if (set_fd_nonblock(fd, 1) != 0) {
tlog(TLOG_ERROR, "set socket non block failed, %s", strerror(errno));
goto errout;
}
server_info->fd = fd;
server_info->status = DNS_SERVER_STATUS_CONNECTIONLESS;
if (connect(fd, &server_info->addr, server_info->ai_addrlen) != 0) {
if (errno == ENETUNREACH || errno == EHOSTUNREACH || errno == ECONNREFUSED) {
tlog(TLOG_WARN, "connect %s failed, %s", server_info->ip, strerror(errno));
goto errout;
}
if (errno != EINPROGRESS) {
tlog(TLOG_ERROR, "connect %s failed, %s", server_info->ip, strerror(errno));
goto errout;
}
}
memset(&event, 0, sizeof(event));
event.events = EPOLLIN;
event.data.ptr = server_info;
@@ -1694,6 +1713,13 @@ static int _dns_client_create_socket_udp(struct dns_server_info *server_info)
return -1;
}
if (server_info->so_mark >= 0) {
unsigned int so_mark = server_info->so_mark;
if (setsockopt(fd, SOL_SOCKET, SO_MARK, &so_mark, sizeof(so_mark)) != 0) {
tlog(TLOG_DEBUG, "set socket mark failed, %s", strerror(errno));
}
}
setsockopt(server_info->fd, IPPROTO_IP, IP_RECVTTL, &on, sizeof(on));
setsockopt(server_info->fd, SOL_IP, IP_TTL, &val, sizeof(val));
setsockopt(server_info->fd, SOL_SOCKET, SO_PRIORITY, &priority, sizeof(priority));
@@ -1736,6 +1762,13 @@ static int _DNS_client_create_socket_tcp(struct dns_server_info *server_info)
goto errout;
}
if (server_info->so_mark >= 0) {
unsigned int so_mark = server_info->so_mark;
if (setsockopt(fd, SOL_SOCKET, SO_MARK, &so_mark, sizeof(so_mark)) != 0) {
tlog(TLOG_DEBUG, "set socket mark failed, %s", strerror(errno));
}
}
/* enable tcp fast open */
if (setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, &yes, sizeof(yes)) != 0) {
tlog(TLOG_DEBUG, "enable TCP fast open failed, %s", strerror(errno));
@@ -1749,7 +1782,7 @@ static int _DNS_client_create_socket_tcp(struct dns_server_info *server_info)
set_sock_keepalive(fd, 15, 3, 4);
if (connect(fd, &server_info->addr, server_info->ai_addrlen) != 0) {
if (errno == ENETUNREACH) {
if (errno == ENETUNREACH || errno == EHOSTUNREACH) {
tlog(TLOG_DEBUG, "connect %s failed, %s", server_info->ip, strerror(errno));
goto errout;
}
@@ -1818,6 +1851,13 @@ static int _DNS_client_create_socket_tls(struct dns_server_info *server_info, ch
goto errout;
}
if (server_info->so_mark >= 0) {
unsigned int so_mark = server_info->so_mark;
if (setsockopt(fd, SOL_SOCKET, SO_MARK, &so_mark, sizeof(so_mark)) != 0) {
tlog(TLOG_DEBUG, "set socket mark failed, %s", strerror(errno));
}
}
if (setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, &yes, sizeof(yes)) != 0) {
tlog(TLOG_DEBUG, "enable TCP fast open failed.");
}
@@ -1831,7 +1871,7 @@ static int _DNS_client_create_socket_tls(struct dns_server_info *server_info, ch
setsockopt(fd, IPPROTO_IP, IP_TOS, &ip_tos, sizeof(ip_tos));
if (connect(fd, &server_info->addr, server_info->ai_addrlen) != 0) {
if (errno == ENETUNREACH) {
if (errno == ENETUNREACH || errno == EHOSTUNREACH) {
tlog(TLOG_DEBUG, "connect %s failed, %s", server_info->ip, strerror(errno));
goto errout;
}
@@ -1949,8 +1989,17 @@ static int _dns_client_process_udp(struct dns_server_info *server_info, struct e
len = recvmsg(server_info->fd, &msg, MSG_DONTWAIT);
if (len < 0) {
tlog(TLOG_ERROR, "recvfrom failed, %s\n", strerror(errno));
return -1;
if (errno == EAGAIN || errno == EWOULDBLOCK) {
return 0;
}
if (errno == ECONNREFUSED) {
tlog(TLOG_DEBUG, "recvfrom %s failed, %s\n", server_info->ip, strerror(errno));
goto errout;
}
tlog(TLOG_ERROR, "recvfrom %s failed, %s\n", server_info->ip, strerror(errno));
goto errout;
}
from_len = msg.msg_namelen;
@@ -1981,6 +2030,15 @@ static int _dns_client_process_udp(struct dns_server_info *server_info, struct e
}
return 0;
errout:
pthread_mutex_lock(&client.server_list_lock);
server_info->recv_buff.len = 0;
server_info->send_buff.len = 0;
_dns_client_close_socket(server_info);
pthread_mutex_unlock(&client.server_list_lock);
return -1;
}
static int _dns_client_socket_ssl_send(struct dns_server_info *server, const void *buf, int num)
@@ -2250,16 +2308,17 @@ static int _dns_client_process_tcp(struct dns_server_info *server_info, struct e
len = _dns_client_socket_recv(server_info);
if (len < 0) {
/* no data to recv, try again */
if (errno == EAGAIN) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
return 0;
}
/* FOR GFW */
if (errno == ECONNRESET) {
if (errno == ECONNRESET || errno == ENETUNREACH || errno == EHOSTUNREACH) {
tlog(TLOG_DEBUG, "recv failed, server %s:%d, %s\n", server_info->ip, server_info->port,
strerror(errno));
goto errout;
}
if (errno == ETIMEDOUT) {
if (errno == ETIMEDOUT || errno == ECONNREFUSED) {
tlog(TLOG_INFO, "recv failed, server %s:%d, %s\n", server_info->ip, server_info->port, strerror(errno));
goto errout;
}
@@ -2651,7 +2710,7 @@ static int _dns_client_send_udp(struct dns_server_info *server_info, void *packe
return -1;
}
send_len = sendto(server_info->fd, packet, len, 0, &server_info->addr, server_info->ai_addrlen);
send_len = sendto(server_info->fd, packet, len, 0, NULL, 0);
if (send_len != len) {
return -1;
}

1
src/dns_client.h
View File

@@ -111,6 +111,7 @@ struct client_dns_server_flags {
dns_server_type_t type;
unsigned int server_flag;
unsigned int result_flag;
long long set_mark;
union {
struct client_dns_server_flag_udp udp;

30
src/dns_conf.c
View File

@@ -105,6 +105,7 @@ int dns_conf_log_level = TLOG_ERROR;
char dns_conf_log_file[DNS_MAX_PATH];
size_t dns_conf_log_size = 1024 * 1024;
int dns_conf_log_num = 8;
int dns_conf_log_file_mode;
/* CA file */
char dns_conf_ca_file[DNS_MAX_PATH];
@@ -119,6 +120,7 @@ int dns_conf_audit_log_SOA;
char dns_conf_audit_file[DNS_MAX_PATH];
size_t dns_conf_audit_size = 1024 * 1024;
int dns_conf_audit_num = 2;
int dns_conf_audit_file_mode;
/* address rules */
art_tree dns_conf_domain_rule;
@@ -370,6 +372,7 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
{"tls-host-verify", required_argument, NULL, 'V' }, /* verify tls hostname */
{"group", required_argument, NULL, 'g'}, /* add to group */
{"exclude-default-group", no_argument, NULL, 'E'}, /* ecluse this from default group */
{"set-mark", required_argument, NULL, 254}, /* set mark */
{NULL, no_argument, NULL, 0}
};
/* clang-format on */
@@ -390,6 +393,7 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
server->hostname[0] = '\0';
server->httphost[0] = '\0';
server->tls_host_verify[0] = '\0';
server->set_mark = -1;
if (type == DNS_SERVER_HTTPS) {
if (parse_uri(ip, NULL, server->server, &port, server->path) != 0) {
@@ -467,6 +471,10 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
server->skip_check_cert = 1;
break;
}
case 254: {
server->set_mark = atoll(optarg);
break;
}
default:
break;
}
@@ -533,7 +541,7 @@ static void _config_address_destroy(radix_node_t *node, void *cbctx)
node->data = NULL;
}
static int _config_domain_set_rule_add_ext(char *set_name, enum domain_rule type, void *rule, unsigned int flags,
static int _config_domain_set_rule_add_ext(const char *set_name, enum domain_rule type, void *rule, unsigned int flags,
int is_clear_flag)
{
struct dns_domain_set_rule *set_rule = NULL;
@@ -587,7 +595,7 @@ errout:
return -1;
}
static int _config_domian_set_rule_flags(char *set_name, unsigned int flags, int is_clear_flag)
static int _config_domian_set_rule_flags(const char *set_name, unsigned int flags, int is_clear_flag)
{
return _config_domain_set_rule_add_ext(set_name, DOMAIN_RULE_FLAGS, NULL, flags, is_clear_flag);
}
@@ -664,7 +672,7 @@ errout:
return -1;
}
static int _config_domain_rule_flag_set(char *domain, unsigned int flag, unsigned int is_clear)
static int _config_domain_rule_flag_set(const char *domain, unsigned int flag, unsigned int is_clear)
{
struct dns_domain_rule *domain_rule = NULL;
struct dns_domain_rule *old_domain_rule = NULL;
@@ -1842,6 +1850,11 @@ errout:
return -1;
}
static int _conf_domain_rule_no_serve_expired(const char *domain)
{
return _config_domain_rule_flag_set(domain, DOMAIN_FLAG_NO_SERVE_EXPIRED, 0);
}
static int _conf_domain_rules(void *data, int argc, char *argv[])
{
int opt = 0;
@@ -1856,6 +1869,7 @@ static int _conf_domain_rules(void *data, int argc, char *argv[])
{"nftset", required_argument, NULL, 't'},
{"nameserver", required_argument, NULL, 'n'},
{"dualstack-ip-selection", required_argument, NULL, 'd'},
{"no-serve-expired", no_argument, NULL, 254},
{NULL, no_argument, NULL, 0}
};
/* clang-format on */
@@ -1952,6 +1966,14 @@ static int _conf_domain_rules(void *data, int argc, char *argv[])
break;
}
case 254: {
if (_conf_domain_rule_no_serve_expired(domain) != 0) {
tlog(TLOG_ERROR, "set no-serve-expired rule failed.");
goto errout;
}
break;
}
default:
break;
}
@@ -2400,9 +2422,11 @@ static struct config_item _config_item[] = {
CONF_STRING("log-file", (char *)dns_conf_log_file, DNS_MAX_PATH),
CONF_SIZE("log-size", &dns_conf_log_size, 0, 1024 * 1024 * 1024),
CONF_INT("log-num", &dns_conf_log_num, 0, 1024),
CONF_INT_BASE("log-file-mode", &dns_conf_log_file_mode, 0, 511, 8),
CONF_YESNO("audit-enable", &dns_conf_audit_enable),
CONF_YESNO("audit-SOA", &dns_conf_audit_log_SOA),
CONF_STRING("audit-file", (char *)&dns_conf_audit_file, DNS_MAX_PATH),
CONF_INT_BASE("audit-file-mode", &dns_conf_audit_file_mode, 0, 511, 8),
CONF_SIZE("audit-size", &dns_conf_audit_size, 0, 1024 * 1024 * 1024),
CONF_INT("audit-num", &dns_conf_audit_num, 0, 1024),
CONF_INT("rr-ttl", &dns_conf_rr_ttl, 0, CONF_INT_MAX),

4
src/dns_conf.h
View File

@@ -97,6 +97,7 @@ typedef enum {
#define DOMAIN_FLAG_NFTSET_INET_IGN (1 << 12)
#define DOMAIN_FLAG_NFTSET_IP_IGN (1 << 13)
#define DOMAIN_FLAG_NFTSET_IP6_IGN (1 << 14)
#define DOMAIN_FLAG_NO_SERVE_EXPIRED (1 << 15)
#define SERVER_FLAG_EXCLUDE_DEFAULT (1 << 0)
@@ -230,6 +231,7 @@ struct dns_servers {
unsigned int server_flag;
int ttl;
dns_server_type_t type;
long long set_mark;
char skip_check_cert;
char spki[DNS_MAX_SPKI_LEN];
char hostname[DNS_MAX_CNAME_LEN];
@@ -348,6 +350,7 @@ extern int dns_conf_log_level;
extern char dns_conf_log_file[DNS_MAX_PATH];
extern size_t dns_conf_log_size;
extern int dns_conf_log_num;
extern int dns_conf_log_file_mode;;
extern char dns_conf_ca_file[DNS_MAX_PATH];
extern char dns_conf_ca_path[DNS_MAX_PATH];
@@ -365,6 +368,7 @@ extern int dns_conf_audit_log_SOA;
extern char dns_conf_audit_file[DNS_MAX_PATH];
extern size_t dns_conf_audit_size;
extern int dns_conf_audit_num;
extern int dns_conf_audit_file_mode;
extern char dns_conf_server_name[DNS_MAX_SERVER_NAME_LEN];
extern art_tree dns_conf_domain_rule;

29
src/dns_server.c
View File

@@ -236,6 +236,7 @@ struct dns_request {
int dualstack_selection_ping_time;
int dualstack_selection_has_ip;
struct dns_request *dualstack_request;
int no_serve_expired;
pthread_mutex_t ip_map_lock;
@@ -1070,17 +1071,17 @@ static int _dns_server_request_update_cache(struct dns_request *request, dns_typ
if (request->prefetch) {
if (request->prefetch_expired_domain == 0) {
if (dns_cache_replace(&cache_key, ttl, speed, cache_data) != 0) {
if (dns_cache_replace(&cache_key, ttl, speed, request->no_serve_expired, cache_data) != 0) {
goto errout;
}
} else {
if (dns_cache_replace_inactive(&cache_key, ttl, speed, cache_data) != 0) {
if (dns_cache_replace_inactive(&cache_key, ttl, speed, request->no_serve_expired, cache_data) != 0) {
goto errout;
}
}
} else {
/* insert result to cache */
if (dns_cache_insert(&cache_key, ttl, speed, cache_data) != 0) {
if (dns_cache_insert(&cache_key, ttl, speed, request->no_serve_expired, cache_data) != 0) {
goto errout;
}
}
@@ -1218,17 +1219,17 @@ static int _dns_cache_cname_packet(struct dns_server_post_context *context)
if (request->prefetch) {
if (request->prefetch_expired_domain == 0) {
if (dns_cache_replace(&cache_key, ttl, speed, cache_packet) != 0) {
if (dns_cache_replace(&cache_key, ttl, speed, request->no_serve_expired, cache_packet) != 0) {
goto errout;
}
} else {
if (dns_cache_replace_inactive(&cache_key, ttl, speed, cache_packet) != 0) {
if (dns_cache_replace_inactive(&cache_key, ttl, speed, request->no_serve_expired, cache_packet) != 0) {
goto errout;
}
}
} else {
/* insert result to cache */
if (dns_cache_insert(&cache_key, ttl, speed, cache_packet) != 0) {
if (dns_cache_insert(&cache_key, ttl, speed, request->no_serve_expired, cache_packet) != 0) {
goto errout;
}
}
@@ -1260,12 +1261,12 @@ static int _dns_cache_packet(struct dns_server_post_context *context)
cache_key.query_flag = request->server_flags;
if (request->prefetch) {
if (dns_cache_replace(&cache_key, context->reply_ttl, -1, cache_packet) != 0) {
if (dns_cache_replace(&cache_key, context->reply_ttl, -1, request->no_serve_expired, cache_packet) != 0) {
goto errout;
}
} else {
/* insert result to cache */
if (dns_cache_insert(&cache_key, context->reply_ttl, -1, cache_packet) != 0) {
if (dns_cache_insert(&cache_key, context->reply_ttl, -1, request->no_serve_expired, cache_packet) != 0) {
goto errout;
}
}
@@ -3603,6 +3604,10 @@ static int _dns_server_pre_process_rule_flags(struct dns_request *request)
}
flags = rule_flag->flags;
if (flags & DOMAIN_FLAG_NO_SERVE_EXPIRED) {
request->no_serve_expired = 1;
}
if (flags & DOMAIN_FLAG_ADDR_IGN) {
/* ignore this domain */
goto out;
@@ -3937,6 +3942,10 @@ reply_cache:
goto out;
}
if (dns_cache_get_ttl(dns_cache) <= 0 && request->no_serve_expired == 1) {
goto out;
}
ret = _dns_server_process_cache_data(request, dns_cache);
if (ret != 0) {
goto out;
@@ -5523,6 +5532,10 @@ static int _dns_server_audit_init(void)
return -1;
}
if (dns_conf_audit_file_mode > 0) {
tlog_set_permission(dns_audit, dns_conf_audit_file_mode, dns_conf_audit_file_mode);
}
return 0;
}

4
src/fast_ping.c
View File

@@ -521,7 +521,7 @@ static int _fast_ping_sendping_v6(struct ping_host_struct *ping_host)
ping_host->addr_len);
if (len < 0 || len != sizeof(struct fast_ping_packet)) {
int err = errno;
if (errno == ENETUNREACH || errno == EINVAL || errno == EADDRNOTAVAIL) {
if (errno == ENETUNREACH || errno == EINVAL || errno == EADDRNOTAVAIL || errno == EHOSTUNREACH) {
goto errout;
}
@@ -668,7 +668,7 @@ static int _fast_ping_sendping_tcp(struct ping_host_struct *ping_host)
if (connect(fd, &ping_host->addr, ping_host->addr_len) != 0) {
if (errno != EINPROGRESS) {
char ping_host_name[PING_MAX_HOSTLEN];
if (errno == ENETUNREACH || errno == EINVAL || errno == EADDRNOTAVAIL) {
if (errno == ENETUNREACH || errno == EINVAL || errno == EADDRNOTAVAIL || errno == EHOSTUNREACH) {
goto errout;
}

16
src/include/conf.h
View File

@@ -49,6 +49,13 @@ struct config_item_int {
int max;
};
struct config_item_int_base {
int *data;
int min;
int max;
int base;
};
struct config_item_string {
char *data;
size_t size;
@@ -81,6 +88,13 @@ struct config_enum {
.data = value, .min = min_value, .max = max_value \
} \
}
#define CONF_INT_BASE(key, value, min_value, max_value, base_value) \
{ \
key, conf_int_base, &(struct config_item_int_base) \
{ \
.data = value, .min = min_value, .max = max_value, .base = base_value \
} \
}
#define CONF_STRING(key, value, len_value) \
{ \
key, conf_string, &(struct config_item_string) \
@@ -131,6 +145,8 @@ extern int conf_custom(const char *item, void *data, int argc, char *argv[]);
extern int conf_int(const char *item, void *data, int argc, char *argv[]);
extern int conf_int_base(const char *item, void *data, int argc, char *argv[]);
extern int conf_string(const char *item, void *data, int argc, char *argv[]);
extern int conf_yesno(const char *item, void *data, int argc, char *argv[]);

21
src/lib/conf.c
View File

@@ -87,6 +87,27 @@ int conf_int(const char *item, void *data, int argc, char *argv[])
return 0;
}
int conf_int_base(const char *item, void *data, int argc, char *argv[])
{
struct config_item_int_base *item_int = data;
int value = 0;
if (argc < 2) {
return -1;
}
value = strtol(argv[1], NULL, item_int->base);
if (value < item_int->min) {
value = item_int->min;
} else if (value > item_int->max) {
value = item_int->max;
}
*(item_int->data) = value;
return 0;
}
int conf_string(const char *item, void *data, int argc, char *argv[])
{
struct config_item_string *item_string = data;

4
src/smartdns.c
View File

@@ -269,6 +269,7 @@ static int _smartdns_add_servers(void)
flags.type = dns_conf_servers[i].type;
flags.server_flag = dns_conf_servers[i].server_flag;
flags.result_flag = dns_conf_servers[i].result_flag;
flags.set_mark = dns_conf_servers[i].set_mark;
ret = dns_client_add_server(dns_conf_servers[i].server, dns_conf_servers[i].port, dns_conf_servers[i].type,
&flags);
if (ret != 0) {
@@ -360,6 +361,9 @@ static int _smartdns_init(void)
tlog_setlogscreen(verbose_screen);
tlog_setlevel(dns_conf_log_level);
if (dns_conf_log_file_mode > 0) {
tlog_set_permission(tlog_get_root(), dns_conf_log_file_mode, dns_conf_log_file_mode);
}
tlog(TLOG_NOTICE, "smartdns starting...(Copyright (C) Nick Peng <pymumu@gmail.com>, build: %s %s)", __DATE__,
__TIME__);

73
src/tlog.c
View File

@@ -79,9 +79,9 @@ struct tlog_log {
int zip_pid;
int multi_log;
int logscreen;
int no_write_log;
int segment_log;
int max_line_size;
int print_errmsg;
tlog_output_func output_func;
void *private_data;
@@ -90,6 +90,7 @@ struct tlog_log {
time_t last_waitpid;
mode_t file_perm;
mode_t archive_perm;
int mode_changed;
int waiters;
int is_exit;
@@ -315,10 +316,24 @@ void tlog_set_maxline_size(struct tlog_log *log, int size)
log->max_line_size = size;
}
void tlog_logcount(struct tlog_log *log, int count)
{
if (log == NULL) {
return;
}
if (count < 0) {
count = 0;
}
log->logcount = count;
}
void tlog_set_permission(struct tlog_log *log, unsigned int file, unsigned int archive)
{
log->file_perm = file;
log->archive_perm = archive;
log->mode_changed = 1;
}
int tlog_localtime(struct tlog_time *tm)
@@ -505,6 +520,10 @@ static int _tlog_vprintf(struct tlog_log *log, vprint_callback print_callback, v
return -1;
}
if (unlikely(log->logcount <= 0 && log->logscreen == 0) ) {
return 0;
}
if (_tlog_need_drop(log) == 0) {
return -1;
}
@@ -1130,7 +1149,7 @@ static int _tlog_write(struct tlog_log *log, const char *buff, int bufflen)
unused = write(STDOUT_FILENO, buff, bufflen);
}
if (log->no_write_log) {
if (log->logcount <= 0) {
return 0;
}
@@ -1153,7 +1172,6 @@ static int _tlog_write(struct tlog_log *log, const char *buff, int bufflen)
if (log->fd <= 0) {
/* open a new log file to write */
static int print_errmsg = 1;
time_t now;
time(&now);
@@ -1164,14 +1182,15 @@ static int _tlog_write(struct tlog_log *log, const char *buff, int bufflen)
char logfile[PATH_MAX * 2];
if (_tlog_mkdir(log->logdir) != 0) {
if (print_errmsg == 0) {
if (log->print_errmsg == 0) {
return -1;
}
print_errmsg = 0;
log->print_errmsg = 0;
fprintf(stderr, "create log dir %s failed, %s\n", log->logdir, strerror(errno));
if (errno == EACCES && log->logscreen == 0) {
fprintf(stderr, "no permission to write log file, output log to console\n");
tlog_logscreen_only(log, 1);
tlog_logscreen(log, 1);
tlog_logcount(log, 0);
}
return -1;
}
@@ -1179,17 +1198,21 @@ static int _tlog_write(struct tlog_log *log, const char *buff, int bufflen)
log->filesize = 0;
log->fd = open(logfile, O_APPEND | O_CREAT | O_WRONLY | O_CLOEXEC, log->file_perm);
if (log->fd < 0) {
if (print_errmsg == 0) {
if (log->print_errmsg == 0) {
return -1;
}
fprintf(stderr, "open log file %s failed, %s\n", logfile, strerror(errno));
print_errmsg = 0;
log->print_errmsg = 0;
return -1;
}
if (log->mode_changed != 0) {
fchmod(log->fd, log->file_perm);
}
log->last_try = 0;
print_errmsg = 1;
log->print_errmsg = 1;
/* get log file size */
log->filesize = lseek(log->fd, 0, SEEK_END);
}
@@ -1577,6 +1600,11 @@ const char *tlog_get_level_string(tlog_level level)
return tlog_level_str[level];
}
void tlog_set_maxlog_count(int count)
{
tlog_logcount(tlog.root, count);
}
static void _tlog_log_setlogscreen(struct tlog_log *log, int enable)
{
if (log == NULL) {
@@ -1586,26 +1614,11 @@ static void _tlog_log_setlogscreen(struct tlog_log *log, int enable)
log->logscreen = (enable != 0) ? 1 : 0;
}
static void _tlog_log_setlogscreen_only(struct tlog_log *log, int enable)
{
if (log == NULL) {
return;
}
log->logscreen = (enable != 0) ? 1 : 0;
log->no_write_log = (enable != 0) ? 1 : 0;
}
void tlog_setlogscreen(int enable)
{
_tlog_log_setlogscreen(tlog.root, enable);
}
void tlog_setlogscreen_only(int enable)
{
_tlog_log_setlogscreen_only(tlog.root, enable);
}
int tlog_write_log(char *buff, int bufflen)
{
if (unlikely(tlog.root == NULL)) {
@@ -1624,15 +1637,6 @@ void tlog_logscreen(tlog_log *log, int enable)
_tlog_log_setlogscreen(log, enable);
}
void tlog_logscreen_only(tlog_log *log, int enable)
{
if (log == NULL) {
return;
}
_tlog_log_setlogscreen_only(log, enable);
}
int tlog_reg_output_func(tlog_log *log, tlog_output_func output)
{
if (log == NULL) {
@@ -1704,12 +1708,13 @@ tlog_log *tlog_open(const char *logfile, int maxlogsize, int maxlogcount, int bu
log->dropped = 0;
log->buffsize = (buffsize > 0) ? buffsize : TLOG_BUFF_SIZE;
log->logsize = (maxlogsize >= 0) ? maxlogsize : TLOG_LOG_SIZE;
log->logcount = (maxlogcount > 0) ? maxlogcount : TLOG_LOG_COUNT;
log->logcount = (maxlogcount <= 0) ? 0 : maxlogcount;
log->fd = -1;
log->filesize = 0;
log->zip_pid = -1;
log->is_exit = 0;
log->fail = 0;
log->print_errmsg = 1;
log->waiters = 0;
log->block = ((flag & TLOG_NONBLOCK) == 0) ? 1 : 0;
log->nocompress = ((flag & TLOG_NOCOMPRESS) == 0) ? 0 : 1;

12
src/tlog.h
View File

@@ -104,15 +104,15 @@ extern void tlog_set_logfile(const char *logfile);
/* enalbe log to screen */
extern void tlog_setlogscreen(int enable);
/* output log to screen only */
extern void tlog_setlogscreen_only(int enable);
/* enalbe early log to screen */
extern void tlog_set_early_printf(int enable);
/* Get log level in string */
extern const char *tlog_get_level_string(tlog_level level);
/* set max log count */
extern void tlog_set_maxlog_count(int count);
/*
Function: Initialize log module
logfile: log file.
@@ -187,9 +187,6 @@ extern int tlog_vprintf(tlog_log *log, const char *format, va_list ap);
/* enalbe log to screen */
extern void tlog_logscreen(tlog_log *log, int enable);
/* enalbe log to screen only*/
extern void tlog_logscreen_only(tlog_log *log, int enable);
/* register output callback */
typedef int (*tlog_output_func)(struct tlog_log *log, const char *buff, int bufflen);
extern int tlog_reg_output_func(tlog_log *log, tlog_output_func output);
@@ -206,6 +203,9 @@ extern int tlog_localtime(struct tlog_time *tm);
/* set max line size */
extern void tlog_set_maxline_size(struct tlog_log *log, int size);
/* set max log count */
extern void tlog_logcount(struct tlog_log *log, int count);
/*
Function: set log file and archive permission
log: log stream

3
src/util.c
View File

@@ -1468,7 +1468,8 @@ int dns_packet_debug(const char *packet_file)
struct _dns_read_packet_info *info = NULL;
char buff[DNS_PACKSIZE];
tlog_setlogscreen_only(1);
tlog_set_maxlog_count(0);
tlog_setlogscreen(1);;
tlog_setlevel(TLOG_DEBUG);
info = _dns_read_packet_file(packet_file);