daxi20/smartdns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f39bdb64b217da11e39cf3b5e1b759c2f591e2e9
smartdns/src/dns_conf.c
Nick Peng f39bdb64b2 dns_conf: Output log when option is not supported
2023-10-23 01:49:49 +00:00

4430 lines
105 KiB
C
Raw Blame History

/*************************************************************************
*
* Copyright (C) 2018-2023 Ruilin Peng (Nick) <pymumu@gmail.com>.
*
* smartdns is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* smartdns is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "dns_conf.h"
#include "list.h"
#include "rbtree.h"
#include "tlog.h"
#include "util.h"
#include <errno.h>
#include <getopt.h>
#include <libgen.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
#define TMP_BUFF_LEN 1024
/* ipset */
struct dns_ipset_table {
DECLARE_HASHTABLE(ipset, 8);
};
static struct dns_ipset_table dns_ipset_table;
struct dns_nftset_table {
DECLARE_HASHTABLE(nftset, 8);
};
static struct dns_nftset_table dns_nftset_table;
uint8_t *dns_qtype_soa_table;
struct dns_domain_set_name_table dns_domain_set_name_table;
struct dns_ip_set_name_table dns_ip_set_name_table;
/* dns groups */
struct dns_group_table dns_group_table;
struct dns_proxy_table dns_proxy_table;
struct dns_ptr_table dns_ptr_table;
static char dns_conf_dnsmasq_lease_file[DNS_MAX_PATH];
static time_t dns_conf_dnsmasq_lease_file_time;
struct dns_hosts_table dns_hosts_table;
int dns_hosts_record_num;
/* DNS64 */
struct dns_dns64 dns_conf_dns_dns64;
/* server ip/port */
struct dns_bind_ip dns_conf_bind_ip[DNS_MAX_BIND_IP];
int dns_conf_bind_ip_num = 0;
int dns_conf_tcp_idle_time = 120;
char dns_conf_bind_ca_file[DNS_MAX_PATH];
char dns_conf_bind_ca_key_file[DNS_MAX_PATH];
char dns_conf_bind_ca_key_pass[DNS_MAX_PATH];
char dns_conf_need_cert = 0;
int dns_conf_max_reply_ip_num = DNS_MAX_REPLY_IP_NUM;
static struct config_enum_list dns_conf_response_mode_enum[] = {
{"first-ping", DNS_RESPONSE_MODE_FIRST_PING_IP},
{"fastest-ip", DNS_RESPONSE_MODE_FASTEST_IP},
{"fastest-response", DNS_RESPONSE_MODE_FASTEST_RESPONSE},
{NULL, 0}};
enum response_mode_type dns_conf_response_mode;
/* cache */
ssize_t dns_conf_cachesize = -1;
int dns_conf_prefetch = 0;
int dns_conf_serve_expired = 1;
int dns_conf_serve_expired_ttl = 24 * 3600 * 3; /* 3 days */
int dns_conf_serve_expired_prefetch_time;
int dns_conf_serve_expired_reply_ttl = 3;
/* upstream servers */
struct dns_servers dns_conf_servers[DNS_MAX_SERVERS];
char dns_conf_server_name[DNS_MAX_SERVER_NAME_LEN];
int dns_conf_server_num;
static int dns_conf_resolv_hostname = 1;
static char dns_conf_exist_bootstrap_dns;
struct dns_domain_check_orders dns_conf_check_orders = {
.orders =
{
{.type = DOMAIN_CHECK_ICMP, .tcp_port = 0},
{.type = DOMAIN_CHECK_TCP, .tcp_port = 80},
{.type = DOMAIN_CHECK_TCP, .tcp_port = 443},
},
};
static int dns_has_cap_ping = 0;
/* logging */
int dns_conf_log_level = TLOG_ERROR;
char dns_conf_log_file[DNS_MAX_PATH];
size_t dns_conf_log_size = 1024 * 1024;
int dns_conf_log_num = 8;
int dns_conf_log_file_mode;
int dns_conf_log_console;
/* CA file */
char dns_conf_ca_file[DNS_MAX_PATH];
char dns_conf_ca_path[DNS_MAX_PATH];
char dns_conf_cache_file[DNS_MAX_PATH];
int dns_conf_cache_persist = 2;
int dns_conf_cache_checkpoint_time;
/* auditing */
int dns_conf_audit_enable = 0;
int dns_conf_audit_log_SOA;
char dns_conf_audit_file[DNS_MAX_PATH];
size_t dns_conf_audit_size = 1024 * 1024;
int dns_conf_audit_num = 2;
int dns_conf_audit_file_mode;
int dns_conf_audit_console;
/* address rules */
art_tree dns_conf_domain_rule;
struct dns_conf_address_rule dns_conf_address_rule;
/* dual-stack selection */
int dns_conf_dualstack_ip_selection = 1;
int dns_conf_dualstack_ip_allow_force_AAAA;
int dns_conf_dualstack_ip_selection_threshold = 10;
static int dns_conf_expand_ptr_from_address = 0;
/* TTL */
int dns_conf_rr_ttl;
int dns_conf_rr_ttl_reply_max;
int dns_conf_rr_ttl_min = 600;
int dns_conf_rr_ttl_max;
int dns_conf_local_ttl;
int dns_conf_force_AAAA_SOA;
int dns_conf_force_no_cname;
int dns_conf_ipset_timeout_enable;
struct dns_ipset_names dns_conf_ipset_no_speed;
int dns_conf_nftset_timeout_enable;
struct dns_nftset_names dns_conf_nftset_no_speed;
int dns_conf_nftset_debug_enable;
char dns_conf_user[DNS_CONF_USERNAME_LEN];
int dns_save_fail_packet;
char dns_save_fail_packet_dir[DNS_MAX_PATH];
char dns_resolv_file[DNS_MAX_PATH];
int dns_no_pidfile;
int dns_no_daemon;
/* ECS */
struct dns_edns_client_subnet dns_conf_ipv4_ecs;
struct dns_edns_client_subnet dns_conf_ipv6_ecs;
char dns_conf_sni_proxy_ip[DNS_MAX_IPLEN];
static int _conf_domain_rule_nameserver(char *domain, const char *group_name);
static int _conf_ptr_add(const char *hostname, const char *ip, int is_dynamic);
static int _conf_client_subnet(char *subnet, struct dns_edns_client_subnet *ipv4_ecs,
struct dns_edns_client_subnet *ipv6_ecs);
static int _conf_domain_rule_address(char *domain, const char *domain_address);
static struct dns_domain_rule *_config_domain_rule_get(const char *domain);
static void *_new_dns_rule_ext(enum domain_rule domain_rule, int ext_size)
{
struct dns_rule *rule;
int size = 0;
if (domain_rule >= DOMAIN_RULE_MAX) {
return NULL;
}
switch (domain_rule) {
case DOMAIN_RULE_FLAGS:
size = sizeof(struct dns_rule_flags);
break;
case DOMAIN_RULE_ADDRESS_IPV4:
size = sizeof(struct dns_rule_address_IPV4);
break;
case DOMAIN_RULE_ADDRESS_IPV6:
size = sizeof(struct dns_rule_address_IPV6);
break;
case DOMAIN_RULE_IPSET:
case DOMAIN_RULE_IPSET_IPV4:
case DOMAIN_RULE_IPSET_IPV6:
size = sizeof(struct dns_ipset_rule);
break;
case DOMAIN_RULE_NFTSET_IP:
case DOMAIN_RULE_NFTSET_IP6:
size = sizeof(struct dns_nftset_rule);
break;
case DOMAIN_RULE_NAMESERVER:
size = sizeof(struct dns_nameserver_rule);
break;
case DOMAIN_RULE_CHECKSPEED:
size = sizeof(struct dns_domain_check_orders);
break;
case DOMAIN_RULE_RESPONSE_MODE:
size = sizeof(struct dns_response_mode_rule);
break;
case DOMAIN_RULE_CNAME:
size = sizeof(struct dns_cname_rule);
break;
case DOMAIN_RULE_TTL:
size = sizeof(struct dns_ttl_rule);
break;
default:
return NULL;
}
size += ext_size;
rule = malloc(size);
if (!rule) {
return NULL;
}
memset(rule, 0, size);
rule->rule = domain_rule;
atomic_set(&rule->refcnt, 1);
return rule;
}
static void *_new_dns_rule(enum domain_rule domain_rule)
{
return _new_dns_rule_ext(domain_rule, 0);
}
static void _dns_rule_get(struct dns_rule *rule)
{
atomic_inc(&rule->refcnt);
}
static void _dns_rule_put(struct dns_rule *rule)
{
if (atomic_dec_and_test(&rule->refcnt)) {
free(rule);
}
}
static void _dns_iplist_ip_address_add(struct dns_iplist_ip_addresses *iplist, unsigned char addr[], int addr_len)
{
iplist->ipaddr = realloc(iplist->ipaddr, (iplist->ipaddr_num + 1) * sizeof(struct dns_iplist_ip_address));
if (iplist->ipaddr == NULL) {
return;
}
memset(&iplist->ipaddr[iplist->ipaddr_num], 0, sizeof(struct dns_iplist_ip_address));
iplist->ipaddr[iplist->ipaddr_num].addr_len = addr_len;
memcpy(iplist->ipaddr[iplist->ipaddr_num].addr, addr, addr_len);
iplist->ipaddr_num++;
}
static int _get_domain(char *value, char *domain, int max_domain_size, char **ptr_after_domain)
{
char *begin = NULL;
char *end = NULL;
int len = 0;
if (value == NULL || domain == NULL) {
goto errout;
}
/* first field */
begin = strstr(value, "/");
if (begin == NULL) {
goto errout;
}
/* second field */
begin++;
end = strstr(begin, "/");
if (end == NULL) {
goto errout;
}
/* remove prefix . */
while (*begin == '.') {
begin++;
}
/* Get domain */
len = end - begin;
if (len >= max_domain_size) {
tlog(TLOG_ERROR, "domain name %s too long", value);
goto errout;
}
memcpy(domain, begin, len);
domain[len] = '\0';
if (ptr_after_domain) {
*ptr_after_domain = end + 1;
}
return 0;
errout:
return -1;
}
/* create and get dns server group */
static struct dns_server_groups *_dns_conf_get_group(const char *group_name)
{
uint32_t key = 0;
struct dns_server_groups *group = NULL;
key = hash_string(group_name);
hash_for_each_possible(dns_group_table.group, group, node, key)
{
if (strncmp(group->group_name, group_name, DNS_GROUP_NAME_LEN) == 0) {
return group;
}
}
group = malloc(sizeof(*group));
if (group == NULL) {
goto errout;
}
memset(group, 0, sizeof(*group));
safe_strncpy(group->group_name, group_name, DNS_GROUP_NAME_LEN);
hash_add(dns_group_table.group, &group->node, key);
return group;
errout:
if (group) {
free(group);
}
return NULL;
}
static int _dns_conf_get_group_set(const char *group_name, struct dns_servers *server)
{
struct dns_server_groups *group = NULL;
int i = 0;
group = _dns_conf_get_group(group_name);
if (group == NULL) {
return -1;
}
for (i = 0; i < group->server_num; i++) {
if (group->servers[i] == server) {
return 0;
}
}
if (group->server_num >= DNS_MAX_SERVERS) {
return -1;
}
group->servers[group->server_num] = server;
group->server_num++;
return 0;
}
static const char *_dns_conf_get_group_name(const char *group_name)
{
struct dns_server_groups *group = NULL;
group = _dns_conf_get_group(group_name);
if (group == NULL) {
return NULL;
}
return group->group_name;
}
static void _config_group_table_destroy(void)
{
struct dns_server_groups *group = NULL;
struct hlist_node *tmp = NULL;
unsigned long i = 0;
hash_for_each_safe(dns_group_table.group, i, tmp, group, node)
{
hlist_del_init(&group->node);
free(group);
}
}
struct dns_proxy_names *dns_server_get_proxy_nams(const char *proxyname)
{
uint32_t key = 0;
struct dns_proxy_names *proxy = NULL;
key = hash_string(proxyname);
hash_for_each_possible(dns_proxy_table.proxy, proxy, node, key)
{
if (strncmp(proxy->proxy_name, proxyname, DNS_GROUP_NAME_LEN) == 0) {
return proxy;
}
}
return NULL;
}
/* create and get dns server group */
static struct dns_proxy_names *_dns_conf_get_proxy(const char *proxy_name)
{
uint32_t key = 0;
struct dns_proxy_names *proxy = NULL;
key = hash_string(proxy_name);
hash_for_each_possible(dns_proxy_table.proxy, proxy, node, key)
{
if (strncmp(proxy->proxy_name, proxy_name, PROXY_NAME_LEN) == 0) {
return proxy;
}
}
proxy = malloc(sizeof(*proxy));
if (proxy == NULL) {
goto errout;
}
memset(proxy, 0, sizeof(*proxy));
safe_strncpy(proxy->proxy_name, proxy_name, PROXY_NAME_LEN);
hash_add(dns_proxy_table.proxy, &proxy->node, key);
INIT_LIST_HEAD(&proxy->server_list);
return proxy;
errout:
if (proxy) {
free(proxy);
}
return NULL;
}
static int _dns_conf_proxy_servers_add(const char *proxy_name, struct dns_proxy_servers *server)
{
struct dns_proxy_names *proxy = NULL;
proxy = _dns_conf_get_proxy(proxy_name);
if (proxy == NULL) {
return -1;
}
list_add_tail(&server->list, &proxy->server_list);
return 0;
}
static const char *_dns_conf_get_proxy_name(const char *proxy_name)
{
struct dns_proxy_names *proxy = NULL;
proxy = _dns_conf_get_proxy(proxy_name);
if (proxy == NULL) {
return NULL;
}
return proxy->proxy_name;
}
static void _config_proxy_table_destroy(void)
{
struct dns_proxy_names *proxy = NULL;
struct hlist_node *tmp = NULL;
unsigned int i;
struct dns_proxy_servers *server = NULL;
struct dns_proxy_servers *server_tmp = NULL;
hash_for_each_safe(dns_proxy_table.proxy, i, tmp, proxy, node)
{
hlist_del_init(&proxy->node);
list_for_each_entry_safe(server, server_tmp, &proxy->server_list, list)
{
list_del(&server->list);
free(server);
}
free(proxy);
}
}
static int _config_server(int argc, char *argv[], dns_server_type_t type, int default_port)
{
int index = dns_conf_server_num;
struct dns_servers *server = NULL;
int port = -1;
char *ip = NULL;
char scheme[DNS_MAX_CNAME_LEN] = {0};
int opt = 0;
unsigned int result_flag = 0;
unsigned int server_flag = 0;
unsigned char *spki = NULL;
int drop_packet_latency_ms = 0;
int is_bootstrap_dns = 0;
int is_hostip_set = 0;
int ttl = 0;
/* clang-format off */
static struct option long_options[] = {
{"drop-packet-latency", required_argument, NULL, 'D'},
{"exclude-default-group", no_argument, NULL, 'e'}, /* exclude this from default group */
{"group", required_argument, NULL, 'g'}, /* add to group */
{"proxy", required_argument, NULL, 'p'}, /* proxy server */
{"no-check-certificate", no_argument, NULL, 'k'}, /* do not check certificate */
{"bootstrap-dns", no_argument, NULL, 'b'}, /* set as bootstrap dns */
#ifdef FEATURE_CHECK_EDNS
/* experimental feature */
{"check-edns", no_argument, NULL, 251}, /* check edns */
#endif
{"whitelist-ip", no_argument, NULL, 252}, /* filtering with whitelist-ip */
{"blacklist-ip", no_argument, NULL, 253}, /* filtering with blacklist-ip */
{"set-mark", required_argument, NULL, 254}, /* set mark */
{"subnet", required_argument, NULL, 256}, /* set subnet */
{"hitchhiking", no_argument, NULL, 257}, /* hitchhiking */
{"host-ip", required_argument, NULL, 258}, /* host ip */
{"spki-pin", required_argument, NULL, 259}, /* check SPKI pin */
{"host-name", required_argument, NULL, 260}, /* host name */
{"http-host", required_argument, NULL, 261}, /* http host */
{"tls-host-verify", required_argument, NULL, 262 }, /* verify tls hostname */
{NULL, no_argument, NULL, 0}
};
/* clang-format on */
if (argc <= 1) {
tlog(TLOG_ERROR, "invalid parameter.");
return -1;
}
ip = argv[1];
if (index >= DNS_MAX_SERVERS) {
tlog(TLOG_WARN, "exceeds max server number, %s", ip);
return 0;
}
server = &dns_conf_servers[index];
server->spki[0] = '\0';
server->path[0] = '\0';
server->hostname[0] = '\0';
server->httphost[0] = '\0';
server->tls_host_verify[0] = '\0';
server->proxyname[0] = '\0';
server->set_mark = -1;
server->drop_packet_latency_ms = drop_packet_latency_ms;
if (parse_uri(ip, scheme, server->server, &port, server->path) != 0) {
return -1;
}
if (scheme[0] != '\0') {
if (strcasecmp(scheme, "https") == 0) {
type = DNS_SERVER_HTTPS;
default_port = DEFAULT_DNS_HTTPS_PORT;
} else if (strcasecmp(scheme, "tls") == 0) {
type = DNS_SERVER_TLS;
default_port = DEFAULT_DNS_TLS_PORT;
} else if (strcasecmp(scheme, "tcp") == 0) {
type = DNS_SERVER_TCP;
default_port = DEFAULT_DNS_PORT;
} else if (strcasecmp(scheme, "udp") == 0) {
type = DNS_SERVER_UDP;
default_port = DEFAULT_DNS_PORT;
} else {
tlog(TLOG_ERROR, "invalid scheme: %s", scheme);
return -1;
}
}
if (type == DNS_SERVER_HTTPS) {
safe_strncpy(server->hostname, server->server, sizeof(server->hostname));
safe_strncpy(server->httphost, server->server, sizeof(server->httphost));
if (server->path[0] == 0) {
safe_strncpy(server->path, "/", sizeof(server->path));
}
}
/* if port is not defined, set port to default 53 */
if (port == PORT_NOT_DEFINED) {
port = default_port;
}
/* process extra options */
optind = 1;
while (1) {
opt = getopt_long_only(argc, argv, "D:kg:p:eb", long_options, NULL);
if (opt == -1) {
break;
}
switch (opt) {
case 'D': {
drop_packet_latency_ms = atoi(optarg);
break;
}
case 'e': {
server_flag |= SERVER_FLAG_EXCLUDE_DEFAULT;
break;
}
case 'g': {
if (_dns_conf_get_group_set(optarg, server) != 0) {
tlog(TLOG_ERROR, "add group failed.");
goto errout;
}
break;
}
case 'p': {
if (_dns_conf_get_proxy_name(optarg) == NULL) {
tlog(TLOG_ERROR, "add proxy server failed.");
goto errout;
}
safe_strncpy(server->proxyname, optarg, PROXY_NAME_LEN);
break;
}
case 'k': {
server->skip_check_cert = 1;
break;
}
case 'b': {
is_bootstrap_dns = 1;
break;
}
case 251: {
result_flag |= DNSSERVER_FLAG_CHECK_EDNS;
break;
}
case 252: {
result_flag |= DNSSERVER_FLAG_WHITELIST_IP;
break;
}
case 253: {
result_flag |= DNSSERVER_FLAG_BLACKLIST_IP;
break;
}
case 254: {
server->set_mark = atoll(optarg);
break;
}
case 256: {
_conf_client_subnet(optarg, &server->ipv4_ecs, &server->ipv6_ecs);
break;
}
case 257: {
server_flag |= SERVER_FLAG_HITCHHIKING;
break;
}
case 258: {
if (check_is_ipaddr(server->server) != 0) {
_conf_domain_rule_address(server->server, optarg);
is_hostip_set = 1;
}
break;
}
case 259: {
safe_strncpy(server->spki, optarg, DNS_MAX_SPKI_LEN);
break;
}
case 260: {
safe_strncpy(server->hostname, optarg, DNS_MAX_CNAME_LEN);
if (strncmp(server->hostname, "-", 2) == 0) {
server->hostname[0] = '\0';
}
break;
}
case 261: {
safe_strncpy(server->httphost, optarg, DNS_MAX_CNAME_LEN);
break;
}
case 262: {
safe_strncpy(server->tls_host_verify, optarg, DNS_MAX_CNAME_LEN);
break;
}
default:
tlog(TLOG_WARN, "invalid server option: %s", argv[optind - 1]);
break;
}
}
/* if server is domain name, then verify domain */
if (server->tls_host_verify[0] == '\0' && check_is_ipaddr(server->server) != 0) {
safe_strncpy(server->tls_host_verify, server->server, DNS_MAX_CNAME_LEN);
}
/* update address rules for host-ip */
if (is_hostip_set == 1) {
struct dns_domain_rule *rule = _config_domain_rule_get(server->server);
if (rule) {
if (rule->rules[DOMAIN_RULE_ADDRESS_IPV4] != NULL && rule->rules[DOMAIN_RULE_ADDRESS_IPV6] == NULL) {
_conf_domain_rule_address(server->server, "#6");
} else if (rule->rules[DOMAIN_RULE_ADDRESS_IPV4] == NULL && rule->rules[DOMAIN_RULE_ADDRESS_IPV6] != NULL) {
_conf_domain_rule_address(server->server, "#4");
}
}
}
/* add new server */
server->type = type;
server->port = port;
server->result_flag = result_flag;
server->server_flag = server_flag;
server->ttl = ttl;
server->drop_packet_latency_ms = drop_packet_latency_ms;
dns_conf_server_num++;
tlog(TLOG_DEBUG, "add server %s, flag: %X, ttl: %d", ip, result_flag, ttl);
if (is_bootstrap_dns) {
server->server_flag |= SERVER_FLAG_EXCLUDE_DEFAULT;
_dns_conf_get_group_set("bootstrap-dns", server);
dns_conf_exist_bootstrap_dns = 1;
}
return 0;
errout:
if (spki) {
free(spki);
}
return -1;
}
static int _config_update_bootstrap_dns_rule(void)
{
struct dns_servers *server = NULL;
if (dns_conf_exist_bootstrap_dns == 0) {
return 0;
}
for (int i = 0; i < dns_conf_server_num; i++) {
server = &dns_conf_servers[i];
if (check_is_ipaddr(server->server) == 0) {
continue;
}
_conf_domain_rule_nameserver(server->server, "bootstrap-dns");
}
return 0;
}
static int _config_domain_rule_free(struct dns_domain_rule *domain_rule)
{
int i = 0;
if (domain_rule == NULL) {
return 0;
}
for (i = 0; i < DOMAIN_RULE_MAX; i++) {
if (domain_rule->rules[i] == NULL) {
continue;
}
_dns_rule_put(domain_rule->rules[i]);
domain_rule->rules[i] = NULL;
}
free(domain_rule);
return 0;
}
static int _config_domain_iter_free(void *data, const unsigned char *key, uint32_t key_len, void *value)
{
struct dns_domain_rule *domain_rule = value;
return _config_domain_rule_free(domain_rule);
}
static void _config_domain_destroy(void)
{
art_iter(&dns_conf_domain_rule, _config_domain_iter_free, NULL);
art_tree_destroy(&dns_conf_domain_rule);
}
typedef int (*set_rule_add_func)(const char *value, void *priv);
static int _config_set_rule_each_from_list(const char *file, set_rule_add_func callback, void *priv)
{
FILE *fp = NULL;
char line[MAX_LINE_LEN];
char value[DNS_MAX_CNAME_LEN];
int ret = 0;
int line_no = 0;
int filed_num = 0;
fp = fopen(file, "r");
if (fp == NULL) {
tlog(TLOG_WARN, "open file %s error, %s", file, strerror(errno));
return 0;
}
line_no = 0;
while (fgets(line, MAX_LINE_LEN, fp)) {
line_no++;
filed_num = sscanf(line, "%255s", value);
if (filed_num <= 0) {
continue;
}
if (value[0] == '#' || value[0] == '\n') {
continue;
}
ret = callback(value, priv);
if (ret != 0) {
tlog(TLOG_WARN, "process file %s failed at line %d.", file, line_no);
continue;
}
}
fclose(fp);
return ret;
}
static int _config_domain_rule_set_each(const char *domain_set, set_rule_add_func callback, void *priv)
{
struct dns_domain_set_name_list *set_name_list = NULL;
struct dns_domain_set_name *set_name_item = NULL;
uint32_t key = 0;
key = hash_string(domain_set);
hash_for_each_possible(dns_domain_set_name_table.names, set_name_list, node, key)
{
if (strcmp(set_name_list->name, domain_set) == 0) {
break;
}
}
if (set_name_list == NULL) {
tlog(TLOG_WARN, "domain set %s not found.", domain_set);
return -1;
}
list_for_each_entry(set_name_item, &set_name_list->set_name_list, list)
{
switch (set_name_item->type) {
case DNS_DOMAIN_SET_LIST:
_config_set_rule_each_from_list(set_name_item->file, callback, priv);
break;
case DNS_DOMAIN_SET_GEOSITE:
break;
default:
tlog(TLOG_WARN, "domain set %s type %d not support.", set_name_list->name, set_name_item->type);
break;
}
}
return 0;
}
static int _config_domain_rule_add(const char *domain, enum domain_rule type, void *rule);
static int _config_domain_rule_add_callback(const char *domain, void *priv)
{
struct dns_set_rule_add_callback_args *args = (struct dns_set_rule_add_callback_args *)priv;
return _config_domain_rule_add(domain, args->type, args->rule);
}
static int _config_setup_domain_key(const char *domain, char *domain_key, int domain_key_max_len, int *domain_key_len,
int *root_rule_only, int *sub_rule_only)
{
int tmp_root_rule_only = 0;
int tmp_sub_rule_only = 0;
int len = strlen(domain);
if (len >= domain_key_max_len - 2) {
tlog(TLOG_ERROR, "domain %s too long", domain);
return -1;
}
reverse_string(domain_key, domain, len, 1);
if (domain[0] == '*') {
/* prefix wildcard */
len--;
if (domain[1] == '.') {
tmp_sub_rule_only = 1;
} else if ((domain[1] == '-') && (domain[2] == '.')) {
len--;
tmp_sub_rule_only = 1;
tmp_root_rule_only = 1;
}
} else if (domain[0] == '-') {
/* root match only */
len--;
if (domain[1] == '.') {
tmp_root_rule_only = 1;
}
} else {
/* suffix match */
domain_key[len] = '.';
len++;
}
domain_key[len] = 0;
*domain_key_len = len;
if (root_rule_only) {
*root_rule_only = tmp_root_rule_only;
}
if (sub_rule_only) {
*sub_rule_only = tmp_sub_rule_only;
}
return 0;
}
static struct dns_domain_rule *_config_domain_rule_get(const char *domain)
{
char domain_key[DNS_MAX_CONF_CNAME_LEN];
int len = 0;
if (_config_setup_domain_key(domain, domain_key, sizeof(domain_key), &len, NULL, NULL) != 0) {
return NULL;
}
return art_search(&dns_conf_domain_rule, (unsigned char *)domain_key, len);
}
static int _config_domain_rule_add(const char *domain, enum domain_rule type, void *rule)
{
struct dns_domain_rule *domain_rule = NULL;
struct dns_domain_rule *old_domain_rule = NULL;
struct dns_domain_rule *add_domain_rule = NULL;
char domain_key[DNS_MAX_CONF_CNAME_LEN];
int len = 0;
int sub_rule_only = 0;
int root_rule_only = 0;
if (strncmp(domain, "domain-set:", sizeof("domain-set:") - 1) == 0) {
struct dns_set_rule_add_callback_args args;
args.type = type;
args.rule = rule;
return _config_domain_rule_set_each(domain + sizeof("domain-set:") - 1, _config_domain_rule_add_callback,
&args);
}
/* Reverse string, for suffix match */
if (_config_setup_domain_key(domain, domain_key, sizeof(domain_key), &len, &root_rule_only, &sub_rule_only) != 0) {
goto errout;
}
if (type >= DOMAIN_RULE_MAX) {
goto errout;
}
/* Get existing or create domain rule */
domain_rule = art_search(&dns_conf_domain_rule, (unsigned char *)domain_key, len);
if (domain_rule == NULL) {
add_domain_rule = malloc(sizeof(*add_domain_rule));
if (add_domain_rule == NULL) {
goto errout;
}
memset(add_domain_rule, 0, sizeof(*add_domain_rule));
domain_rule = add_domain_rule;
}
/* add new rule to domain */
if (domain_rule->rules[type]) {
_dns_rule_put(domain_rule->rules[type]);
domain_rule->rules[type] = NULL;
}
domain_rule->rules[type] = rule;
domain_rule->sub_rule_only = sub_rule_only;
domain_rule->root_rule_only = root_rule_only;
_dns_rule_get(rule);
/* update domain rule */
if (add_domain_rule) {
old_domain_rule = art_insert(&dns_conf_domain_rule, (unsigned char *)domain_key, len, add_domain_rule);
if (old_domain_rule) {
_config_domain_rule_free(old_domain_rule);
}
}
return 0;
errout:
if (add_domain_rule) {
free(add_domain_rule);
}
tlog(TLOG_ERROR, "add domain %s rule failed", domain);
return -1;
}
static int _config_domain_rule_delete(const char *domain);
static int _config_domain_rule_delete_callback(const char *domain, void *priv)
{
return _config_domain_rule_delete(domain);
}
static int _config_domain_rule_delete(const char *domain)
{
char domain_key[DNS_MAX_CONF_CNAME_LEN];
int len = 0;
if (strncmp(domain, "domain-set:", sizeof("domain-set:") - 1) == 0) {
return _config_domain_rule_set_each(domain + sizeof("domain-set:") - 1, _config_domain_rule_delete_callback,
NULL);
}
/* Reverse string, for suffix match */
if (_config_setup_domain_key(domain, domain_key, sizeof(domain_key), &len, NULL, NULL) != 0) {
goto errout;
}
/* delete existing rules */
void *rule = art_delete(&dns_conf_domain_rule, (unsigned char *)domain_key, len);
if (rule) {
_config_domain_rule_free(rule);
}
return 0;
errout:
tlog(TLOG_ERROR, "delete domain %s rule failed", domain);
return -1;
}
static int _config_domain_rule_flag_set(const char *domain, unsigned int flag, unsigned int is_clear);
static int _config_domain_rule_flag_callback(const char *domain, void *priv)
{
struct dns_set_rule_flags_callback_args *args = (struct dns_set_rule_flags_callback_args *)priv;
return _config_domain_rule_flag_set(domain, args->flags, args->is_clear_flag);
}
static int _config_domain_rule_flag_set(const char *domain, unsigned int flag, unsigned int is_clear)
{
struct dns_domain_rule *domain_rule = NULL;
struct dns_domain_rule *old_domain_rule = NULL;
struct dns_domain_rule *add_domain_rule = NULL;
struct dns_rule_flags *rule_flags = NULL;
char domain_key[DNS_MAX_CONF_CNAME_LEN];
int len = 0;
int sub_rule_only = 0;
int root_rule_only = 0;
if (strncmp(domain, "domain-set:", sizeof("domain-set:") - 1) == 0) {
struct dns_set_rule_flags_callback_args args;
args.flags = flag;
args.is_clear_flag = is_clear;
return _config_domain_rule_set_each(domain + sizeof("domain-set:") - 1, _config_domain_rule_flag_callback,
&args);
}
if (_config_setup_domain_key(domain, domain_key, sizeof(domain_key), &len, &root_rule_only, &sub_rule_only) != 0) {
goto errout;
}
/* Get existing or create domain rule */
domain_rule = art_search(&dns_conf_domain_rule, (unsigned char *)domain_key, len);
if (domain_rule == NULL) {
add_domain_rule = malloc(sizeof(*add_domain_rule));
if (add_domain_rule == NULL) {
goto errout;
}
memset(add_domain_rule, 0, sizeof(*add_domain_rule));
domain_rule = add_domain_rule;
}
/* add new rule to domain */
if (domain_rule->rules[DOMAIN_RULE_FLAGS] == NULL) {
rule_flags = _new_dns_rule(DOMAIN_RULE_FLAGS);
rule_flags->flags = 0;
domain_rule->rules[DOMAIN_RULE_FLAGS] = (struct dns_rule *)rule_flags;
}
domain_rule->sub_rule_only = sub_rule_only;
domain_rule->root_rule_only = root_rule_only;
rule_flags = (struct dns_rule_flags *)domain_rule->rules[DOMAIN_RULE_FLAGS];
if (is_clear == false) {
rule_flags->flags |= flag;
} else {
rule_flags->flags &= ~flag;
}
rule_flags->is_flag_set |= flag;
/* update domain rule */
if (add_domain_rule) {
old_domain_rule = art_insert(&dns_conf_domain_rule, (unsigned char *)domain_key, len, add_domain_rule);
if (old_domain_rule) {
_config_domain_rule_free(old_domain_rule);
}
}
return 0;
errout:
if (add_domain_rule) {
free(add_domain_rule);
}
tlog(TLOG_ERROR, "add domain %s rule failed", domain);
return 0;
}
static void _config_ipset_table_destroy(void)
{
struct dns_ipset_name *ipset_name = NULL;
struct hlist_node *tmp = NULL;
unsigned long i = 0;
hash_for_each_safe(dns_ipset_table.ipset, i, tmp, ipset_name, node)
{
hlist_del_init(&ipset_name->node);
free(ipset_name);
}
}
static const char *_dns_conf_get_ipset(const char *ipsetname)
{
uint32_t key = 0;
struct dns_ipset_name *ipset_name = NULL;
key = hash_string(ipsetname);
hash_for_each_possible(dns_ipset_table.ipset, ipset_name, node, key)
{
if (strncmp(ipset_name->ipsetname, ipsetname, DNS_MAX_IPSET_NAMELEN) == 0) {
return ipset_name->ipsetname;
}
}
ipset_name = malloc(sizeof(*ipset_name));
if (ipset_name == NULL) {
goto errout;
}
key = hash_string(ipsetname);
safe_strncpy(ipset_name->ipsetname, ipsetname, DNS_MAX_IPSET_NAMELEN);
hash_add(dns_ipset_table.ipset, &ipset_name->node, key);
return ipset_name->ipsetname;
errout:
if (ipset_name) {
free(ipset_name);
}
return NULL;
}
static int _conf_domain_rule_ipset(char *domain, const char *ipsetname)
{
struct dns_ipset_rule *ipset_rule = NULL;
const char *ipset = NULL;
char *copied_name = NULL;
enum domain_rule type = 0;
int ignore_flag = 0;
copied_name = strdup(ipsetname);
if (copied_name == NULL) {
goto errout;
}
for (char *tok = strtok(copied_name, ","); tok; tok = strtok(NULL, ",")) {
if (tok[0] == '#') {
if (strncmp(tok, "#6:", 3U) == 0) {
type = DOMAIN_RULE_IPSET_IPV6;
ignore_flag = DOMAIN_FLAG_IPSET_IPV6_IGN;
} else if (strncmp(tok, "#4:", 3U) == 0) {
type = DOMAIN_RULE_IPSET_IPV4;
ignore_flag = DOMAIN_FLAG_IPSET_IPV4_IGN;
} else {
goto errout;
}
tok += 3;
} else {
type = DOMAIN_RULE_IPSET;
ignore_flag = DOMAIN_FLAG_IPSET_IGN;
}
if (strncmp(tok, "-", 1) == 0) {
_config_domain_rule_flag_set(domain, ignore_flag, 0);
continue;
}
/* new ipset domain */
ipset = _dns_conf_get_ipset(tok);
if (ipset == NULL) {
goto errout;
}
ipset_rule = _new_dns_rule(type);
if (ipset_rule == NULL) {
goto errout;
}
ipset_rule->ipsetname = ipset;
if (_config_domain_rule_add(domain, type, ipset_rule) != 0) {
goto errout;
}
_dns_rule_put(&ipset_rule->head);
ipset_rule = NULL;
}
goto clear;
errout:
tlog(TLOG_ERROR, "add ipset %s failed", ipsetname);
if (ipset_rule) {
_dns_rule_put(&ipset_rule->head);
}
clear:
if (copied_name) {
free(copied_name);
}
return 0;
}
static int _config_ipset(void *data, int argc, char *argv[])
{
char domain[DNS_MAX_CONF_CNAME_LEN];
char *value = argv[1];
if (argc <= 1) {
goto errout;
}
if (_get_domain(value, domain, DNS_MAX_CONF_CNAME_LEN, &value) != 0) {
goto errout;
}
return _conf_domain_rule_ipset(domain, value);
errout:
tlog(TLOG_ERROR, "add ipset %s failed", value);
return 0;
}
static int _config_ipset_no_speed(void *data, int argc, char *argv[])
{
char *ipsetname = argv[1];
char *copied_name = NULL;
const char *ipset = NULL;
struct dns_ipset_rule *ipset_rule_array[2] = {NULL, NULL};
char *ipset_rule_enable_array[2] = {NULL, NULL};
int ipset_num = 0;
if (argc <= 1) {
goto errout;
}
copied_name = strdup(ipsetname);
if (copied_name == NULL) {
goto errout;
}
for (char *tok = strtok(copied_name, ","); tok && ipset_num <= 2; tok = strtok(NULL, ",")) {
if (tok[0] == '#') {
if (strncmp(tok, "#6:", 3U) == 0) {
ipset_rule_array[ipset_num] = &dns_conf_ipset_no_speed.ipv6;
ipset_rule_enable_array[ipset_num] = &dns_conf_ipset_no_speed.ipv6_enable;
ipset_num++;
} else if (strncmp(tok, "#4:", 3U) == 0) {
ipset_rule_array[ipset_num] = &dns_conf_ipset_no_speed.ipv4;
ipset_rule_enable_array[ipset_num] = &dns_conf_ipset_no_speed.ipv4_enable;
ipset_num++;
} else {
goto errout;
}
tok += 3;
}
if (ipset_num == 0) {
ipset_rule_array[1] = &dns_conf_ipset_no_speed.ipv6;
ipset_rule_enable_array[1] = &dns_conf_ipset_no_speed.ipv6_enable;
ipset_rule_array[0] = &dns_conf_ipset_no_speed.ipv4;
ipset_rule_enable_array[0] = &dns_conf_ipset_no_speed.ipv4_enable;
ipset_num = 2;
}
if (strncmp(tok, "-", 1) == 0) {
continue;
}
/* new ipset domain */
ipset = _dns_conf_get_ipset(tok);
if (ipset == NULL) {
goto errout;
}
for (int i = 0; i < ipset_num; i++) {
ipset_rule_array[i]->ipsetname = ipset;
*ipset_rule_enable_array[i] = 1;
}
ipset_num = 0;
}
free(copied_name);
return 0;
errout:
if (copied_name) {
free(copied_name);
}
tlog(TLOG_ERROR, "add ipset-no-speed %s failed", ipsetname);
return 0;
}
static void _config_nftset_table_destroy(void)
{
struct dns_nftset_name *nftset = NULL;
struct hlist_node *tmp = NULL;
unsigned long i = 0;
hash_for_each_safe(dns_nftset_table.nftset, i, tmp, nftset, node)
{
hlist_del_init(&nftset->node);
free(nftset);
}
}
static const struct dns_nftset_name *_dns_conf_get_nftable(const char *familyname, const char *tablename,
const char *setname)
{
uint32_t key = 0;
struct dns_nftset_name *nftset_name = NULL;
if (familyname == NULL || tablename == NULL || setname == NULL) {
return NULL;
}
const char *hasher[4] = {familyname, tablename, setname, NULL};
key = hash_string_array(hasher);
hash_for_each_possible(dns_nftset_table.nftset, nftset_name, node, key)
{
if (strncmp(nftset_name->nftfamilyname, familyname, DNS_MAX_NFTSET_FAMILYLEN) == 0 &&
strncmp(nftset_name->nfttablename, tablename, DNS_MAX_NFTSET_NAMELEN) == 0 &&
strncmp(nftset_name->nftsetname, setname, DNS_MAX_NFTSET_NAMELEN) == 0) {
return nftset_name;
}
}
nftset_name = malloc(sizeof(*nftset_name));
if (nftset_name == NULL) {
goto errout;
}
safe_strncpy(nftset_name->nftfamilyname, familyname, DNS_MAX_NFTSET_FAMILYLEN);
safe_strncpy(nftset_name->nfttablename, tablename, DNS_MAX_NFTSET_NAMELEN);
safe_strncpy(nftset_name->nftsetname, setname, DNS_MAX_NFTSET_NAMELEN);
hash_add(dns_nftset_table.nftset, &nftset_name->node, key);
return nftset_name;
errout:
if (nftset_name) {
free(nftset_name);
}
return NULL;
}
static int _conf_domain_rule_nftset(char *domain, const char *nftsetname)
{
struct dns_nftset_rule *nftset_rule = NULL;
const struct dns_nftset_name *nftset = NULL;
char *copied_name = NULL;
enum domain_rule type = 0;
int ignore_flag = 0;
char *setname = NULL;
char *tablename = NULL;
char *family = NULL;
copied_name = strdup(nftsetname);
if (copied_name == NULL) {
goto errout;
}
for (char *tok = strtok(copied_name, ","); tok; tok = strtok(NULL, ",")) {
char *saveptr = NULL;
char *tok_set = NULL;
nftset_rule = NULL;
if (strncmp(tok, "#4:", 3U) == 0) {
type = DOMAIN_RULE_NFTSET_IP;
ignore_flag = DOMAIN_FLAG_NFTSET_IP_IGN;
} else if (strncmp(tok, "#6:", 3U) == 0) {
type = DOMAIN_RULE_NFTSET_IP6;
ignore_flag = DOMAIN_FLAG_NFTSET_IP6_IGN;
} else if (strncmp(tok, "-", 2U) == 0) {
_config_domain_rule_flag_set(domain, DOMAIN_FLAG_NFTSET_INET_IGN, 0);
continue;
} else {
goto errout;
}
tok_set = tok + 3;
if (strncmp(tok_set, "-", 2U) == 0) {
_config_domain_rule_flag_set(domain, ignore_flag, 0);
continue;
}
family = strtok_r(tok_set, "#", &saveptr);
if (family == NULL) {
goto errout;
}
tablename = strtok_r(NULL, "#", &saveptr);
if (tablename == NULL) {
goto errout;
}
setname = strtok_r(NULL, "#", &saveptr);
if (setname == NULL) {
goto errout;
}
/* new nftset domain */
nftset = _dns_conf_get_nftable(family, tablename, setname);
if (nftset == NULL) {
goto errout;
}
nftset_rule = _new_dns_rule(type);
if (nftset_rule == NULL) {
goto errout;
}
nftset_rule->nfttablename = nftset->nfttablename;
nftset_rule->nftsetname = nftset->nftsetname;
nftset_rule->familyname = nftset->nftfamilyname;
if (_config_domain_rule_add(domain, type, nftset_rule) != 0) {
goto errout;
}
_dns_rule_put(&nftset_rule->head);
nftset_rule = NULL;
}
goto clear;
errout:
tlog(TLOG_ERROR, "add nftset %s %s failed", domain, nftsetname);
if (nftset_rule) {
_dns_rule_put(&nftset_rule->head);
}
clear:
if (copied_name) {
free(copied_name);
}
return 0;
}
static int _config_nftset(void *data, int argc, char *argv[])
{
char domain[DNS_MAX_CONF_CNAME_LEN];
char *value = argv[1];
if (argc <= 1) {
goto errout;
}
if (_get_domain(value, domain, DNS_MAX_CONF_CNAME_LEN, &value) != 0) {
goto errout;
}
return _conf_domain_rule_nftset(domain, value);
errout:
tlog(TLOG_ERROR, "add nftset %s failed", value);
return 0;
}
static int _config_nftset_no_speed(void *data, int argc, char *argv[])
{
const struct dns_nftset_name *nftset = NULL;
char *copied_name = NULL;
char *nftsetname = argv[1];
int nftset_num = 0;
char *setname = NULL;
char *tablename = NULL;
char *family = NULL;
struct dns_nftset_rule *nftset_rule_array[2] = {NULL, NULL};
char *nftset_rule_enable_array[2] = {NULL, NULL};
if (argc <= 1) {
goto errout;
}
copied_name = strdup(nftsetname);
if (copied_name == NULL) {
goto errout;
}
for (char *tok = strtok(copied_name, ","); tok && nftset_num <= 2; tok = strtok(NULL, ",")) {
char *saveptr = NULL;
char *tok_set = NULL;
if (strncmp(tok, "#4:", 3U) == 0) {
dns_conf_nftset_no_speed.ip_enable = 1;
nftset_rule_array[nftset_num] = &dns_conf_nftset_no_speed.ip;
nftset_rule_enable_array[nftset_num] = &dns_conf_nftset_no_speed.ip_enable;
nftset_num++;
} else if (strncmp(tok, "#6:", 3U) == 0) {
nftset_rule_enable_array[nftset_num] = &dns_conf_nftset_no_speed.ip6_enable;
nftset_rule_array[nftset_num] = &dns_conf_nftset_no_speed.ip6;
nftset_num++;
} else if (strncmp(tok, "-", 2U) == 0) {
continue;
continue;
} else {
goto errout;
}
tok_set = tok + 3;
if (nftset_num == 0) {
nftset_rule_array[0] = &dns_conf_nftset_no_speed.ip;
nftset_rule_enable_array[0] = &dns_conf_nftset_no_speed.ip_enable;
nftset_rule_array[1] = &dns_conf_nftset_no_speed.ip6;
nftset_rule_enable_array[1] = &dns_conf_nftset_no_speed.ip6_enable;
nftset_num = 2;
}
if (strncmp(tok_set, "-", 2U) == 0) {
continue;
}
family = strtok_r(tok_set, "#", &saveptr);
if (family == NULL) {
goto errout;
}
tablename = strtok_r(NULL, "#", &saveptr);
if (tablename == NULL) {
goto errout;
}
setname = strtok_r(NULL, "#", &saveptr);
if (setname == NULL) {
goto errout;
}
/* new nftset domain */
nftset = _dns_conf_get_nftable(family, tablename, setname);
if (nftset == NULL) {
goto errout;
}
for (int i = 0; i < nftset_num; i++) {
nftset_rule_array[i]->familyname = nftset->nftfamilyname;
nftset_rule_array[i]->nfttablename = nftset->nfttablename;
nftset_rule_array[i]->nftsetname = nftset->nftsetname;
*nftset_rule_enable_array[i] = 1;
}
nftset_num = 0;
}
goto clear;
errout:
tlog(TLOG_ERROR, "add nftset %s failed", nftsetname);
clear:
if (copied_name) {
free(copied_name);
}
return 0;
}
static int _conf_domain_rule_address(char *domain, const char *domain_address)
{
struct dns_rule_address_IPV4 *address_ipv4 = NULL;
struct dns_rule_address_IPV6 *address_ipv6 = NULL;
struct dns_rule *address = NULL;
char ip[MAX_IP_LEN];
int port = 0;
struct sockaddr_storage addr;
socklen_t addr_len = sizeof(addr);
unsigned int flag = 0;
char *ptr = NULL;
char *field = NULL;
char tmpbuff[TMP_BUFF_LEN] = {0};
char ipv6_addr[DNS_MAX_REPLY_IP_NUM][DNS_RR_AAAA_LEN];
int ipv6_num = 0;
char ipv4_addr[DNS_MAX_REPLY_IP_NUM][DNS_RR_A_LEN];
int ipv4_num = 0;
safe_strncpy(tmpbuff, domain_address, sizeof(tmpbuff));
ptr = tmpbuff;
do {
field = ptr;
ptr = strstr(ptr, ",");
if (field == NULL || *field == '\0') {
break;
}
if (ptr) {
*ptr = 0;
}
if (*(field) == '#') {
if (strncmp(field, "#4", sizeof("#4")) == 0) {
flag = DOMAIN_FLAG_ADDR_IPV4_SOA;
} else if (strncmp(field, "#6", sizeof("#6")) == 0) {
flag = DOMAIN_FLAG_ADDR_IPV6_SOA;
} else if (strncmp(field, "#", sizeof("#")) == 0) {
flag = DOMAIN_FLAG_ADDR_SOA;
} else {
goto errout;
}
/* add SOA rule */
if (_config_domain_rule_flag_set(domain, flag, 0) != 0) {
goto errout;
}
continue;
} else if (*(field) == '-') {
if (strncmp(field, "-4", sizeof("-4")) == 0) {
flag = DOMAIN_FLAG_ADDR_IPV4_IGN;
} else if (strncmp(field, "-6", sizeof("-6")) == 0) {
flag = DOMAIN_FLAG_ADDR_IPV6_IGN;
} else if (strncmp(field, "-", sizeof("-")) == 0) {
flag = DOMAIN_FLAG_ADDR_IGN;
} else {
goto errout;
}
/* ignore rule */
if (_config_domain_rule_flag_set(domain, flag, 0) != 0) {
goto errout;
}
continue;
}
/* set address to domain */
if (parse_ip(field, ip, &port) != 0) {
goto errout;
}
addr_len = sizeof(addr);
if (getaddr_by_host(ip, (struct sockaddr *)&addr, &addr_len) != 0) {
goto errout;
}
switch (addr.ss_family) {
case AF_INET: {
struct sockaddr_in *addr_in = NULL;
addr_in = (struct sockaddr_in *)&addr;
if (ipv4_num < DNS_MAX_REPLY_IP_NUM) {
memcpy(ipv4_addr[ipv4_num], &addr_in->sin_addr.s_addr, DNS_RR_A_LEN);
ipv4_num++;
}
} break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)&addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr) && ipv4_num < DNS_MAX_REPLY_IP_NUM) {
memcpy(ipv4_addr[ipv4_num], addr_in6->sin6_addr.s6_addr + 12, DNS_RR_A_LEN);
ipv4_num++;
} else if (ipv6_num < DNS_MAX_REPLY_IP_NUM) {
memcpy(ipv6_addr[ipv6_num], addr_in6->sin6_addr.s6_addr, DNS_RR_AAAA_LEN);
ipv6_num++;
}
} break;
default:
ip[0] = '\0';
break;
}
/* add PTR */
if (dns_conf_expand_ptr_from_address == 1 && ip[0] != '\0' && _conf_ptr_add(domain, ip, 0) != 0) {
goto errout;
}
if (ptr) {
ptr++;
}
} while (ptr);
if (ipv4_num > 0) {
address_ipv4 = _new_dns_rule_ext(DOMAIN_RULE_ADDRESS_IPV4, ipv4_num * DNS_RR_A_LEN);
if (address_ipv4 == NULL) {
goto errout;
}
memcpy(address_ipv4->ipv4_addr, ipv4_addr[0], ipv4_num * DNS_RR_A_LEN);
address_ipv4->addr_num = ipv4_num;
address = (struct dns_rule *)address_ipv4;
if (_config_domain_rule_add(domain, DOMAIN_RULE_ADDRESS_IPV4, address) != 0) {
goto errout;
}
_dns_rule_put(address);
}
if (ipv6_num > 0) {
address_ipv6 = _new_dns_rule_ext(DOMAIN_RULE_ADDRESS_IPV6, ipv6_num * DNS_RR_AAAA_LEN);
if (address_ipv6 == NULL) {
goto errout;
}
memcpy(address_ipv6->ipv6_addr, ipv6_addr[0], ipv6_num * DNS_RR_AAAA_LEN);
address_ipv6->addr_num = ipv6_num;
address = (struct dns_rule *)address_ipv6;
if (_config_domain_rule_add(domain, DOMAIN_RULE_ADDRESS_IPV6, address) != 0) {
goto errout;
}
_dns_rule_put(address);
}
return 0;
errout:
if (address) {
_dns_rule_put(address);
}
tlog(TLOG_ERROR, "add address %s, %s at %s:%d failed", domain, domain_address, conf_get_conf_file(),
conf_get_current_lineno());
return 0;
}
static int _config_address(void *data, int argc, char *argv[])
{
char *value = argv[1];
char domain[DNS_MAX_CONF_CNAME_LEN];
if (argc <= 1) {
goto errout;
}
if (_get_domain(value, domain, DNS_MAX_CONF_CNAME_LEN, &value) != 0) {
goto errout;
}
return _conf_domain_rule_address(domain, value);
errout:
tlog(TLOG_ERROR, "add address %s failed", value);
return 0;
}
static int _conf_domain_rule_cname(const char *domain, const char *cname)
{
struct dns_cname_rule *cname_rule = NULL;
enum domain_rule type = DOMAIN_RULE_CNAME;
cname_rule = _new_dns_rule(type);
if (cname_rule == NULL) {
goto errout;
}
/* ignore this domain */
if (*cname == '-') {
if (_config_domain_rule_flag_set(domain, DOMAIN_FLAG_CNAME_IGN, 0) != 0) {
goto errout;
}
return 0;
}
safe_strncpy(cname_rule->cname, cname, DNS_MAX_CONF_CNAME_LEN);
if (_config_domain_rule_add(domain, type, cname_rule) != 0) {
goto errout;
}
_dns_rule_put(&cname_rule->head);
cname_rule = NULL;
return 0;
errout:
tlog(TLOG_ERROR, "add cname %s:%s failed", domain, cname);
if (cname_rule) {
_dns_rule_put(&cname_rule->head);
}
return 0;
}
static int _config_cname(void *data, int argc, char *argv[])
{
char *value = argv[1];
char domain[DNS_MAX_CONF_CNAME_LEN];
if (argc <= 1) {
goto errout;
}
if (_get_domain(value, domain, DNS_MAX_CONF_CNAME_LEN, &value) != 0) {
goto errout;
}
return _conf_domain_rule_cname(domain, value);
errout:
tlog(TLOG_ERROR, "add cname %s:%s failed", domain, value);
return 0;
}
static void _config_speed_check_mode_clear(struct dns_domain_check_orders *check_orders)
{
memset(check_orders->orders, 0, sizeof(check_orders->orders));
}
static int _config_speed_check_mode_parser(struct dns_domain_check_orders *check_orders, const char *mode)
{
char tmpbuff[DNS_MAX_OPT_LEN];
char *field = NULL;
char *ptr = NULL;
int order = 0;
int port = 80;
int i = 0;
safe_strncpy(tmpbuff, mode, DNS_MAX_OPT_LEN);
_config_speed_check_mode_clear(check_orders);
ptr = tmpbuff;
do {
field = ptr;
ptr = strstr(ptr, ",");
if (field == NULL || order >= DOMAIN_CHECK_NUM) {
return 0;
}
if (ptr) {
*ptr = 0;
}
if (strncmp(field, "ping", sizeof("ping")) == 0) {
if (dns_has_cap_ping == 0) {
if (ptr) {
ptr++;
}
continue;
}
check_orders->orders[order].type = DOMAIN_CHECK_ICMP;
check_orders->orders[order].tcp_port = 0;
} else if (strstr(field, "tcp") == field) {
char *port_str = strstr(field, ":");
if (port_str) {
port = atoi(port_str + 1);
if (port <= 0 || port >= 65535) {
port = 80;
}
}
check_orders->orders[order].type = DOMAIN_CHECK_TCP;
check_orders->orders[order].tcp_port = port;
} else if (strncmp(field, "none", sizeof("none")) == 0) {
for (i = order; i < DOMAIN_CHECK_NUM; i++) {
check_orders->orders[i].type = DOMAIN_CHECK_NONE;
check_orders->orders[i].tcp_port = 0;
}
return 0;
}
order++;
if (ptr) {
ptr++;
}
} while (ptr);
return 0;
}
static int _config_speed_check_mode(void *data, int argc, char *argv[])
{
char mode[DNS_MAX_OPT_LEN];
if (argc <= 1) {
return -1;
}
safe_strncpy(mode, argv[1], sizeof(mode));
return _config_speed_check_mode_parser(&dns_conf_check_orders, mode);
}
static int _config_dns64(void *data, int argc, char *argv[])
{
prefix_t prefix;
char *subnet = NULL;
const char *errmsg = NULL;
void *p = NULL;
if (argc <= 1) {
return -1;
}
subnet = argv[1];
p = prefix_pton(subnet, -1, &prefix, &errmsg);
if (p == NULL) {
goto errout;
}
if (prefix.family != AF_INET6) {
tlog(TLOG_ERROR, "dns64 subnet %s is not ipv6", subnet);
goto errout;
}
if (prefix.bitlen <= 0 || prefix.bitlen > 96) {
tlog(TLOG_ERROR, "dns64 subnet %s is not valid", subnet);
goto errout;
}
memcpy(&dns_conf_dns_dns64.prefix, &prefix.add.sin6.s6_addr, sizeof(dns_conf_dns_dns64.prefix));
dns_conf_dns_dns64.prefix_len = prefix.bitlen;
return 0;
errout:
return -1;
}
static int _config_bind_ip_parser_nftset(struct dns_bind_ip *bind_ip, unsigned int *server_flag, const char *nftsetname)
{
struct dns_nftset_rule *nftset_rule = NULL;
struct dns_nftset_rule **bind_nftset_rule = NULL;
const struct dns_nftset_name *nftset_name = NULL;
enum domain_rule type = DOMAIN_RULE_MAX;
char *setname = NULL;
char *tablename = NULL;
char *family = NULL;
char copied_name[DNS_MAX_NFTSET_NAMELEN + 1];
safe_strncpy(copied_name, nftsetname, DNS_MAX_NFTSET_NAMELEN);
for (char *tok = strtok(copied_name, ","); tok; tok = strtok(NULL, ",")) {
char *saveptr = NULL;
char *tok_set = NULL;
if (strncmp(tok, "#4:", 3U) == 0) {
bind_nftset_rule = &bind_ip->nftset_ipset_rule.nftset_ip;
type = DOMAIN_RULE_NFTSET_IP;
} else if (strncmp(tok, "#6:", 3U) == 0) {
bind_nftset_rule = &bind_ip->nftset_ipset_rule.nftset_ip6;
type = DOMAIN_RULE_NFTSET_IP6;
} else if (strncmp(tok, "-", 2U) == 0) {
continue;
} else {
return -1;
}
tok_set = tok + 3;
if (strncmp(tok_set, "-", 2U) == 0) {
*server_flag |= BIND_FLAG_NO_RULE_NFTSET;
continue;
}
family = strtok_r(tok_set, "#", &saveptr);
if (family == NULL) {
return -1;
}
tablename = strtok_r(NULL, "#", &saveptr);
if (tablename == NULL) {
return -1;
}
setname = strtok_r(NULL, "#", &saveptr);
if (setname == NULL) {
return -1;
}
/* new nftset domain */
nftset_name = _dns_conf_get_nftable(family, tablename, setname);
if (nftset_name == NULL) {
return -1;
}
nftset_rule = _new_dns_rule(type);
if (nftset_rule == NULL) {
return -1;
}
nftset_rule->nfttablename = nftset_name->nfttablename;
nftset_rule->nftsetname = nftset_name->nftsetname;
nftset_rule->familyname = nftset_name->nftfamilyname;
/* reference is 1 here */
*bind_nftset_rule = nftset_rule;
nftset_rule = NULL;
}
return 0;
}
static int _config_bind_ip_parser_ipset(struct dns_bind_ip *bind_ip, unsigned int *server_flag, const char *ipsetname)
{
struct dns_ipset_rule **bind_ipset_rule = NULL;
struct dns_ipset_rule *ipset_rule = NULL;
const char *ipset = NULL;
enum domain_rule type = DOMAIN_RULE_MAX;
char copied_name[DNS_MAX_NFTSET_NAMELEN + 1];
safe_strncpy(copied_name, ipsetname, DNS_MAX_NFTSET_NAMELEN);
for (char *tok = strtok(copied_name, ","); tok; tok = strtok(NULL, ",")) {
if (tok[0] == '#') {
if (strncmp(tok, "#6:", 3U) == 0) {
bind_ipset_rule = &bind_ip->nftset_ipset_rule.ipset_ip6;
type = DOMAIN_RULE_IPSET_IPV6;
} else if (strncmp(tok, "#4:", 3U) == 0) {
bind_ipset_rule = &bind_ip->nftset_ipset_rule.ipset_ip;
type = DOMAIN_RULE_IPSET_IPV4;
} else {
goto errout;
}
tok += 3;
} else {
type = DOMAIN_RULE_IPSET;
bind_ipset_rule = &bind_ip->nftset_ipset_rule.ipset;
}
if (strncmp(tok, "-", 1) == 0) {
*server_flag |= BIND_FLAG_NO_RULE_IPSET;
continue;
}
if (bind_ipset_rule == NULL) {
continue;
}
/* new ipset domain */
ipset = _dns_conf_get_ipset(tok);
if (ipset == NULL) {
goto errout;
}
ipset_rule = _new_dns_rule(type);
if (ipset_rule == NULL) {
goto errout;
}
ipset_rule->ipsetname = ipset;
/* reference is 1 here */
*bind_ipset_rule = ipset_rule;
ipset_rule = NULL;
}
return 0;
errout:
if (ipset_rule) {
_dns_rule_put(&ipset_rule->head);
}
return -1;
}
static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
{
int index = dns_conf_bind_ip_num;
struct dns_bind_ip *bind_ip = NULL;
char *ip = NULL;
int opt = 0;
char group_name[DNS_GROUP_NAME_LEN];
const char *group = NULL;
unsigned int server_flag = 0;
int i = 0;
/* clang-format off */
static struct option long_options[] = {
{"group", required_argument, NULL, 'g'}, /* add to group */
{"no-rule-addr", no_argument, NULL, 'A'},
{"no-rule-nameserver", no_argument, NULL, 'N'},
{"no-rule-ipset", no_argument, NULL, 'I'},
{"no-rule-sni-proxy", no_argument, NULL, 'P'},
{"no-rule-soa", no_argument, NULL, 'O'},
{"no-speed-check", no_argument, NULL, 'S'},
{"no-cache", no_argument, NULL, 'C'},
{"no-dualstack-selection", no_argument, NULL, 'D'},
{"no-ip-alias", no_argument, NULL, 'a'},
{"force-aaaa-soa", no_argument, NULL, 'F'},
{"ipset", required_argument, NULL, 255},
{"nftset", required_argument, NULL, 256},
{NULL, no_argument, NULL, 0}
};
/* clang-format on */
if (argc <= 1) {
tlog(TLOG_ERROR, "invalid parameter.");
goto errout;
}
ip = argv[1];
if (index >= DNS_MAX_SERVERS) {
tlog(TLOG_WARN, "exceeds max server number, %s", ip);
return 0;
}
for (i = 0; i < dns_conf_bind_ip_num; i++) {
bind_ip = &dns_conf_bind_ip[i];
if (bind_ip->type != type) {
continue;
}
if (strncmp(bind_ip->ip, ip, DNS_MAX_IPLEN) != 0) {
continue;
}
tlog(TLOG_WARN, "Bind server %s, type %d, already configured, skip.", ip, type);
return 0;
}
bind_ip = &dns_conf_bind_ip[index];
bind_ip->type = type;
bind_ip->flags = 0;
safe_strncpy(bind_ip->ip, ip, DNS_MAX_IPLEN);
/* process extra options */
optind = 1;
while (1) {
opt = getopt_long_only(argc, argv, "", long_options, NULL);
if (opt == -1) {
break;
}
switch (opt) {
case 'g': {
safe_strncpy(group_name, optarg, DNS_GROUP_NAME_LEN);
group = _dns_conf_get_group_name(group_name);
break;
}
case 'A': {
server_flag |= BIND_FLAG_NO_RULE_ADDR;
break;
}
case 'a': {
server_flag |= BIND_FLAG_NO_IP_ALIAS;
break;
}
case 'N': {
server_flag |= BIND_FLAG_NO_RULE_NAMESERVER;
break;
}
case 'I': {
server_flag |= BIND_FLAG_NO_RULE_IPSET;
break;
}
case 'P': {
server_flag |= BIND_FLAG_NO_RULE_SNIPROXY;
break;
}
case 'S': {
server_flag |= BIND_FLAG_NO_SPEED_CHECK;
break;
}
case 'C': {
server_flag |= BIND_FLAG_NO_CACHE;
break;
}
case 'O': {
server_flag |= BIND_FLAG_NO_RULE_SOA;
break;
}
case 'D': {
server_flag |= BIND_FLAG_NO_DUALSTACK_SELECTION;
break;
}
case 'F': {
server_flag |= BIND_FLAG_FORCE_AAAA_SOA;
break;
}
case 255: {
_config_bind_ip_parser_ipset(bind_ip, &server_flag, optarg);
break;
}
case 256: {
_config_bind_ip_parser_nftset(bind_ip, &server_flag, optarg);
break;
}
default:
tlog(TLOG_WARN, "invalid bind option: %s", argv[optind - 1]);
break;
}
}
/* add new server */
bind_ip->flags = server_flag;
bind_ip->group = group;
dns_conf_bind_ip_num++;
if (bind_ip->type == DNS_BIND_TYPE_TLS) {
if (bind_ip->ssl_cert_file == NULL || bind_ip->ssl_cert_key_file == NULL) {
bind_ip->ssl_cert_file = dns_conf_bind_ca_file;
bind_ip->ssl_cert_key_file = dns_conf_bind_ca_key_file;
bind_ip->ssl_cert_key_pass = dns_conf_bind_ca_key_pass;
dns_conf_need_cert = 1;
}
}
tlog(TLOG_DEBUG, "bind ip %s, type: %d, flag: %X", ip, type, server_flag);
return 0;
errout:
return -1;
}
static int _config_bind_ip_udp(void *data, int argc, char *argv[])
{
return _config_bind_ip(argc, argv, DNS_BIND_TYPE_UDP);
}
static int _config_bind_ip_tcp(void *data, int argc, char *argv[])
{
return _config_bind_ip(argc, argv, DNS_BIND_TYPE_TCP);
}
static int _config_bind_ip_tls(void *data, int argc, char *argv[])
{
return _config_bind_ip(argc, argv, DNS_BIND_TYPE_TLS);
}
static int _config_option_parser_filepath(void *data, int argc, char *argv[])
{
if (argc <= 1) {
tlog(TLOG_ERROR, "invalid parameter.");
return -1;
}
conf_get_conf_fullpath(argv[1], data, DNS_MAX_PATH);
return 0;
}
static int _config_server_udp(void *data, int argc, char *argv[])
{
return _config_server(argc, argv, DNS_SERVER_UDP, DEFAULT_DNS_PORT);
}
static int _config_server_tcp(void *data, int argc, char *argv[])
{
return _config_server(argc, argv, DNS_SERVER_TCP, DEFAULT_DNS_PORT);
}
static int _config_server_tls(void *data, int argc, char *argv[])
{
return _config_server(argc, argv, DNS_SERVER_TLS, DEFAULT_DNS_TLS_PORT);
}
static int _config_server_https(void *data, int argc, char *argv[])
{
int ret = 0;
ret = _config_server(argc, argv, DNS_SERVER_HTTPS, DEFAULT_DNS_HTTPS_PORT);
return ret;
}
static int _conf_domain_rule_nameserver(char *domain, const char *group_name)
{
struct dns_nameserver_rule *nameserver_rule = NULL;
const char *group = NULL;
if (strncmp(group_name, "-", sizeof("-")) != 0) {
group = _dns_conf_get_group_name(group_name);
if (group == NULL) {
goto errout;
}
nameserver_rule = _new_dns_rule(DOMAIN_RULE_NAMESERVER);
if (nameserver_rule == NULL) {
goto errout;
}
nameserver_rule->group_name = group;
} else {
/* ignore this domain */
if (_config_domain_rule_flag_set(domain, DOMAIN_FLAG_NAMESERVER_IGNORE, 0) != 0) {
goto errout;
}
return 0;
}
if (_config_domain_rule_add(domain, DOMAIN_RULE_NAMESERVER, nameserver_rule) != 0) {
goto errout;
}
_dns_rule_put(&nameserver_rule->head);
return 0;
errout:
if (nameserver_rule) {
_dns_rule_put(&nameserver_rule->head);
}
tlog(TLOG_ERROR, "add nameserver %s, %s failed", domain, group_name);
return 0;
}
static int _conf_domain_rule_dualstack_selection(char *domain, const char *yesno)
{
if (strncmp(yesno, "yes", sizeof("yes")) == 0 || strncmp(yesno, "Yes", sizeof("Yes")) == 0) {
if (_config_domain_rule_flag_set(domain, DOMAIN_FLAG_DUALSTACK_SELECT, 0) != 0) {
goto errout;
}
} else {
/* ignore this domain */
if (_config_domain_rule_flag_set(domain, DOMAIN_FLAG_DUALSTACK_SELECT, 1) != 0) {
goto errout;
}
}
return 0;
errout:
tlog(TLOG_ERROR, "set dualstack for %s failed. ", domain);
return 1;
}
static int _config_nameserver(void *data, int argc, char *argv[])
{
char domain[DNS_MAX_CONF_CNAME_LEN];
char *value = argv[1];
if (argc <= 1) {
goto errout;
}
if (_get_domain(value, domain, DNS_MAX_CONF_CNAME_LEN, &value) != 0) {
goto errout;
}
return _conf_domain_rule_nameserver(domain, value);
errout:
tlog(TLOG_ERROR, "add nameserver %s failed", value);
return 0;
}
static int _config_proxy_server(void *data, int argc, char *argv[])
{
char *servers_name = NULL;
struct dns_proxy_servers *server = NULL;
proxy_type_t type = PROXY_TYPE_END;
char *ip = NULL;
int opt = 0;
int use_domain = 0;
char scheme[DNS_MAX_CNAME_LEN] = {0};
int port = PORT_NOT_DEFINED;
/* clang-format off */
static struct option long_options[] = {
{"name", required_argument, NULL, 'n'},
{"use-domain", no_argument, NULL, 'd'},
{NULL, no_argument, NULL, 0}
};
/* clang-format on */
if (argc <= 1) {
return 0;
}
server = malloc(sizeof(*server));
if (server == NULL) {
tlog(TLOG_WARN, "malloc memory failed.");
goto errout;
}
memset(server, 0, sizeof(*server));
ip = argv[1];
if (parse_uri_ext(ip, scheme, server->username, server->password, server->server, &port, NULL) != 0) {
goto errout;
}
/* process extra options */
optind = 1;
while (1) {
opt = getopt_long_only(argc, argv, "n:d", long_options, NULL);
if (opt == -1) {
break;
}
switch (opt) {
case 'n': {
servers_name = optarg;
break;
}
case 'd': {
use_domain = 1;
break;
}
default:
break;
}
}
if (strcasecmp(scheme, "socks5") == 0) {
if (port == PORT_NOT_DEFINED) {
port = 1080;
}
type = PROXY_SOCKS5;
} else if (strcasecmp(scheme, "http") == 0) {
if (port == PORT_NOT_DEFINED) {
port = 3128;
}
type = PROXY_HTTP;
} else {
tlog(TLOG_ERROR, "invalid scheme %s", scheme);
return -1;
}
if (servers_name == NULL) {
tlog(TLOG_ERROR, "please set name");
goto errout;
}
if (_dns_conf_proxy_servers_add(servers_name, server) != 0) {
tlog(TLOG_ERROR, "add group failed.");
goto errout;
}
/* add new server */
server->type = type;
server->port = port;
server->use_domain = use_domain;
tlog(TLOG_DEBUG, "add proxy server %s", ip);
return 0;
errout:
if (server) {
free(server);
}
return -1;
}
static radix_node_t *_create_addr_node(const char *addr)
{
radix_node_t *node = NULL;
void *p = NULL;
prefix_t prefix;
const char *errmsg = NULL;
radix_tree_t *tree = NULL;
p = prefix_pton(addr, -1, &prefix, &errmsg);
if (p == NULL) {
return NULL;
}
switch (prefix.family) {
case AF_INET:
tree = dns_conf_address_rule.ipv4;
break;
case AF_INET6:
tree = dns_conf_address_rule.ipv6;
break;
}
node = radix_lookup(tree, &prefix);
return node;
}
static void *_new_dns_ip_rule_ext(enum ip_rule ip_rule, int ext_size)
{
struct dns_ip_rule *rule;
int size = 0;
if (ip_rule >= IP_RULE_MAX) {
return NULL;
}
switch (ip_rule) {
case IP_RULE_FLAGS:
size = sizeof(struct ip_rule_flags);
break;
case IP_RULE_ALIAS:
size = sizeof(struct ip_rule_alias);
break;
default:
return NULL;
}
size += ext_size;
rule = malloc(size);
if (!rule) {
return NULL;
}
memset(rule, 0, size);
rule->rule = ip_rule;
atomic_set(&rule->refcnt, 1);
return rule;
}
static void *_new_dns_ip_rule(enum ip_rule ip_rule)
{
return _new_dns_ip_rule_ext(ip_rule, 0);
}
static void _dns_ip_rule_get(struct dns_ip_rule *rule)
{
atomic_inc(&rule->refcnt);
}
static void _dns_ip_rule_put(struct dns_ip_rule *rule)
{
if (atomic_dec_and_test(&rule->refcnt)) {
if (rule->rule == IP_RULE_ALIAS) {
struct ip_rule_alias *alias = container_of(rule, struct ip_rule_alias, head);
if (alias->ip_alias.ipaddr) {
free(alias->ip_alias.ipaddr);
alias->ip_alias.ipaddr = NULL;
alias->ip_alias.ipaddr_num = 0;
}
}
free(rule);
}
}
static int _config_qtype_soa(void *data, int argc, char *argv[])
{
int i = 0;
int j = 0;
if (argc <= 1) {
return -1;
}
for (i = 1; i < argc; i++) {
char sub_arg[1024];
safe_strncpy(sub_arg, argv[i], sizeof(sub_arg));
for (char *tok = strtok(sub_arg, ","); tok; tok = strtok(NULL, ",")) {
char *dash = strstr(tok, "-");
if (dash != NULL) {
*dash = '\0';
}
long start = atol(tok);
long end = start;
if (start > MAX_QTYPE_NUM || start < 0) {
tlog(TLOG_ERROR, "invalid qtype %ld", start);
continue;
}
if (dash != NULL && *(dash + 1) != '\0') {
end = atol(dash + 1);
if (end > MAX_QTYPE_NUM) {
end = MAX_QTYPE_NUM;
}
}
for (j = start; j <= end; j++) {
int offset = j / 8;
int bit = j % 8;
dns_qtype_soa_table[offset] |= (1 << bit);
}
}
}
return 0;
}
static void _config_qtype_soa_table_destroy(void)
{
if (dns_qtype_soa_table) {
free(dns_qtype_soa_table);
dns_qtype_soa_table = NULL;
}
}
static void _config_domain_set_name_table_destroy(void)
{
struct dns_domain_set_name_list *set_name_list = NULL;
struct hlist_node *tmp = NULL;
struct dns_domain_set_name *set_name = NULL;
struct dns_domain_set_name *tmp1 = NULL;
unsigned long i = 0;
hash_for_each_safe(dns_domain_set_name_table.names, i, tmp, set_name_list, node)
{
hlist_del_init(&set_name_list->node);
list_for_each_entry_safe(set_name, tmp1, &set_name_list->set_name_list, list)
{
list_del(&set_name->list);
free(set_name);
}
free(set_name_list);
}
}
static int _conf_client_subnet(char *subnet, struct dns_edns_client_subnet *ipv4_ecs,
struct dns_edns_client_subnet *ipv6_ecs)
{
char *slash = NULL;
int subnet_len = 0;
struct dns_edns_client_subnet *ecs = NULL;
struct sockaddr_storage addr;
socklen_t addr_len = sizeof(addr);
char str_subnet[128];
if (subnet == NULL) {
return -1;
}
safe_strncpy(str_subnet, subnet, sizeof(str_subnet));
slash = strstr(str_subnet, "/");
if (slash) {
*slash = 0;
slash++;
subnet_len = atoi(slash);
}
if (getaddr_by_host(str_subnet, (struct sockaddr *)&addr, &addr_len) != 0) {
goto errout;
}
switch (addr.ss_family) {
case AF_INET:
if (subnet_len < 0 || subnet_len > 32) {
return -1;
}
if (subnet_len == 0) {
subnet_len = 32;
}
ecs = ipv4_ecs;
break;
case AF_INET6:
if (subnet_len < 0 || subnet_len > 128) {
return -1;
}
if (subnet_len == 0) {
subnet_len = 128;
}
ecs = ipv6_ecs;
break;
default:
goto errout;
}
if (ecs == NULL) {
return 0;
}
safe_strncpy(ecs->ip, str_subnet, DNS_MAX_IPLEN);
ecs->subnet = subnet_len;
ecs->enable = 1;
return 0;
errout:
return -1;
}
static int _conf_edns_client_subnet(void *data, int argc, char *argv[])
{
if (argc <= 1) {
return -1;
}
return _conf_client_subnet(argv[1], &dns_conf_ipv4_ecs, &dns_conf_ipv6_ecs);
}
static int _conf_domain_rule_speed_check(char *domain, const char *mode)
{
struct dns_domain_check_orders *check_orders = NULL;
check_orders = _new_dns_rule(DOMAIN_RULE_CHECKSPEED);
if (check_orders == NULL) {
goto errout;
}
if (_config_speed_check_mode_parser(check_orders, mode) != 0) {
goto errout;
}
if (_config_domain_rule_add(domain, DOMAIN_RULE_CHECKSPEED, check_orders) != 0) {
goto errout;
}
_dns_rule_put(&check_orders->head);
return 0;
errout:
if (check_orders) {
_dns_rule_put(&check_orders->head);
}
return 0;
}
static int _conf_domain_rule_response_mode(char *domain, const char *mode)
{
enum response_mode_type response_mode_type = DNS_RESPONSE_MODE_FIRST_PING_IP;
struct dns_response_mode_rule *response_mode = NULL;
for (int i = 0; dns_conf_response_mode_enum[i].name != NULL; i++) {
if (strcmp(mode, dns_conf_response_mode_enum[i].name) == 0) {
response_mode_type = dns_conf_response_mode_enum[i].id;
break;
}
}
response_mode = _new_dns_rule(DOMAIN_RULE_RESPONSE_MODE);
if (response_mode == NULL) {
goto errout;
}
response_mode->mode = response_mode_type;
if (_config_domain_rule_add(domain, DOMAIN_RULE_RESPONSE_MODE, response_mode) != 0) {
goto errout;
}
_dns_rule_put(&response_mode->head);
return 0;
errout:
if (response_mode) {
_dns_rule_put(&response_mode->head);
}
return 0;
}
static int _conf_domain_set(void *data, int argc, char *argv[])
{
int opt = 0;
uint32_t key = 0;
struct dns_domain_set_name *domain_set = NULL;
struct dns_domain_set_name_list *domain_set_name_list = NULL;
char set_name[DNS_MAX_CNAME_LEN] = {0};
/* clang-format off */
static struct option long_options[] = {
{"name", required_argument, NULL, 'n'},
{"type", required_argument, NULL, 't'},
{"file", required_argument, NULL, 'f'},
{NULL, 0, NULL, 0}
};
if (argc <= 1) {
tlog(TLOG_ERROR, "invalid parameter.");
goto errout;
}
domain_set = malloc(sizeof(*domain_set));
if (domain_set == NULL) {
tlog(TLOG_ERROR, "cannot malloc memory.");
goto errout;
}
memset(domain_set, 0, sizeof(*domain_set));
INIT_LIST_HEAD(&domain_set->list);
optind = 1;
while (1) {
opt = getopt_long_only(argc, argv, "n:t:f:", long_options, NULL);
if (opt == -1) {
break;
}
switch (opt) {
case 'n':
safe_strncpy(set_name, optarg, DNS_MAX_CNAME_LEN);
break;
case 't': {
const char *type = optarg;
if (strncmp(type, "list", 5) == 0) {
domain_set->type = DNS_DOMAIN_SET_LIST;
} else if (strncmp(type, "geosite", 7) == 0) {
domain_set->type = DNS_DOMAIN_SET_GEOSITE;
} else {
tlog(TLOG_ERROR, "invalid domain set type.");
goto errout;
}
break;
}
case 'f':
conf_get_conf_fullpath(optarg, domain_set->file, DNS_MAX_PATH);
break;
default:
break;
}
}
/* clang-format on */
if (set_name[0] == 0 || domain_set->file[0] == 0) {
tlog(TLOG_ERROR, "invalid parameter.");
goto errout;
}
key = hash_string(set_name);
hash_for_each_possible(dns_domain_set_name_table.names, domain_set_name_list, node, key)
{
if (strcmp(domain_set_name_list->name, set_name) == 0) {
break;
}
}
if (domain_set_name_list == NULL) {
domain_set_name_list = malloc(sizeof(*domain_set_name_list));
if (domain_set_name_list == NULL) {
tlog(TLOG_ERROR, "cannot malloc memory.");
goto errout;
}
memset(domain_set_name_list, 0, sizeof(*domain_set_name_list));
INIT_LIST_HEAD(&domain_set_name_list->set_name_list);
safe_strncpy(domain_set_name_list->name, set_name, DNS_MAX_CNAME_LEN);
hash_add(dns_domain_set_name_table.names, &domain_set_name_list->node, key);
}
list_add_tail(&domain_set->list, &domain_set_name_list->set_name_list);
return 0;
errout:
if (domain_set) {
free(domain_set);
}
return -1;
}
static int _config_ip_rule_set_each(const char *ip_set, set_rule_add_func callback, void *priv)
{
struct dns_ip_set_name_list *set_name_list = NULL;
struct dns_ip_set_name *set_name_item = NULL;
uint32_t key = 0;
key = hash_string(ip_set);
hash_for_each_possible(dns_ip_set_name_table.names, set_name_list, node, key)
{
if (strcmp(set_name_list->name, ip_set) == 0) {
break;
}
}
if (set_name_list == NULL) {
tlog(TLOG_WARN, "ip set %s not found.", ip_set);
return -1;
}
list_for_each_entry(set_name_item, &set_name_list->set_name_list, list)
{
switch (set_name_item->type) {
case DNS_IP_SET_LIST:
_config_set_rule_each_from_list(set_name_item->file, callback, priv);
break;
default:
tlog(TLOG_WARN, "ip set %s type %d not support.", set_name_list->name, set_name_item->type);
break;
}
}
return 0;
}
static int _config_ip_rules_free(struct dns_ip_rules *ip_rules)
{
int i = 0;
if (ip_rules == NULL) {
return 0;
}
for (i = 0; i < IP_RULE_MAX; i++) {
if (ip_rules->rules[i] == NULL) {
continue;
}
_dns_ip_rule_put(ip_rules->rules[i]);
ip_rules->rules[i] = NULL;
}
free(ip_rules);
return 0;
}
static int _config_ip_rule_flag_set(const char *ip_cidr, unsigned int flag, unsigned int is_clear);
static int _config_ip_rule_flag_callback(const char *ip_cidr, void *priv)
{
struct dns_set_rule_flags_callback_args *args = (struct dns_set_rule_flags_callback_args *)priv;
return _config_ip_rule_flag_set(ip_cidr, args->flags, args->is_clear_flag);
}
static int _config_ip_rule_flag_set(const char *ip_cidr, unsigned int flag, unsigned int is_clear)
{
struct dns_ip_rules *ip_rules = NULL;
struct dns_ip_rules *add_ip_rules = NULL;
struct ip_rule_flags *ip_rule_flags = NULL;
radix_node_t *node = NULL;
if (strncmp(ip_cidr, "ip-set:", sizeof("ip-set:") - 1) == 0) {
struct dns_set_rule_flags_callback_args args;
args.flags = flag;
args.is_clear_flag = is_clear;
return _config_ip_rule_set_each(ip_cidr + sizeof("ip-set:") - 1, _config_ip_rule_flag_callback, &args);
}
/* Get existing or create domain rule */
node = _create_addr_node(ip_cidr);
if (node == NULL) {
tlog(TLOG_ERROR, "create addr node failed.");
goto errout;
}
ip_rules = node->data;
if (ip_rules == NULL) {
add_ip_rules = malloc(sizeof(*add_ip_rules));
if (add_ip_rules == NULL) {
goto errout;
}
memset(add_ip_rules, 0, sizeof(*add_ip_rules));
ip_rules = add_ip_rules;
node->data = ip_rules;
}
/* add new rule to domain */
if (ip_rules->rules[IP_RULE_FLAGS] == NULL) {
ip_rule_flags = _new_dns_ip_rule(IP_RULE_FLAGS);
ip_rule_flags->flags = 0;
ip_rules->rules[IP_RULE_FLAGS] = &ip_rule_flags->head;
}
ip_rule_flags = container_of(ip_rules->rules[IP_RULE_FLAGS], struct ip_rule_flags, head);
if (is_clear == false) {
ip_rule_flags->flags |= flag;
} else {
ip_rule_flags->flags &= ~flag;
}
ip_rule_flags->is_flag_set |= flag;
return 0;
errout:
if (add_ip_rules) {
free(add_ip_rules);
}
tlog(TLOG_ERROR, "set ip %s flags failed", ip_cidr);
return 0;
}
static int _config_ip_rule_add(const char *ip_cidr, enum ip_rule type, void *rule);
static int _config_ip_rule_add_callback(const char *ip_cidr, void *priv)
{
struct dns_set_rule_add_callback_args *args = (struct dns_set_rule_add_callback_args *)priv;
return _config_ip_rule_add(ip_cidr, args->type, args->rule);
}
static int _config_ip_rule_add(const char *ip_cidr, enum ip_rule type, void *rule)
{
struct dns_ip_rules *ip_rules = NULL;
struct dns_ip_rules *add_ip_rules = NULL;
radix_node_t *node = NULL;
if (ip_cidr == NULL) {
goto errout;
}
if (type >= IP_RULE_MAX) {
goto errout;
}
if (strncmp(ip_cidr, "ip-set:", sizeof("ip-set:") - 1) == 0) {
struct dns_set_rule_add_callback_args args;
args.type = type;
args.rule = rule;
return _config_ip_rule_set_each(ip_cidr + sizeof("ip-set:") - 1, _config_ip_rule_add_callback, &args);
}
/* Get existing or create domain rule */
node = _create_addr_node(ip_cidr);
if (node == NULL) {
tlog(TLOG_ERROR, "create addr node failed.");
goto errout;
}
ip_rules = node->data;
if (ip_rules == NULL) {
add_ip_rules = malloc(sizeof(*add_ip_rules));
if (add_ip_rules == NULL) {
goto errout;
}
memset(add_ip_rules, 0, sizeof(*add_ip_rules));
ip_rules = add_ip_rules;
node->data = ip_rules;
}
/* add new rule to domain */
if (ip_rules->rules[type]) {
_dns_ip_rule_put(ip_rules->rules[type]);
ip_rules->rules[type] = NULL;
}
ip_rules->rules[type] = rule;
_dns_ip_rule_get(rule);
return 0;
errout:
if (add_ip_rules) {
free(add_ip_rules);
}
tlog(TLOG_ERROR, "add ip %s rule failed", ip_cidr);
return -1;
}
static int _config_ip_alias(const char *ip_cidr, const char *ips)
{
struct ip_rule_alias *ip_alias = NULL;
char *target_ips = NULL;
if (ip_cidr == NULL || ips == NULL) {
goto errout;
}
ip_alias = _new_dns_ip_rule(IP_RULE_ALIAS);
if (ip_alias == NULL) {
goto errout;
}
target_ips = strdup(ips);
if (target_ips == NULL) {
goto errout;
}
for (char *tok = strtok(target_ips, ","); tok != NULL; tok = strtok(NULL, ",")) {
struct sockaddr_storage addr;
socklen_t addr_len = sizeof(addr);
unsigned char *paddr = NULL;
int ret = 0;
ret = getaddr_by_host(tok, (struct sockaddr *)&addr, &addr_len);
if (ret != 0) {
goto errout;
}
switch (addr.ss_family) {
case AF_INET: {
struct sockaddr_in *addr_in = NULL;
addr_in = (struct sockaddr_in *)&addr;
paddr = (unsigned char *)&(addr_in->sin_addr.s_addr);
_dns_iplist_ip_address_add(&ip_alias->ip_alias, paddr, DNS_RR_A_LEN);
} break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)&addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
paddr = addr_in6->sin6_addr.s6_addr + 12;
_dns_iplist_ip_address_add(&ip_alias->ip_alias, paddr, DNS_RR_A_LEN);
} else {
paddr = addr_in6->sin6_addr.s6_addr;
_dns_iplist_ip_address_add(&ip_alias->ip_alias, paddr, DNS_RR_AAAA_LEN);
}
} break;
default:
goto errout;
break;
}
}
if (_config_ip_rule_add(ip_cidr, IP_RULE_ALIAS, ip_alias) != 0) {
goto errout;
}
_dns_ip_rule_put(&ip_alias->head);
free(target_ips);
return 0;
errout:
if (ip_alias) {
_dns_ip_rule_put(&ip_alias->head);
}
if (target_ips) {
free(target_ips);
}
return -1;
}
static int _config_blacklist_ip(void *data, int argc, char *argv[])
{
if (argc <= 1) {
return -1;
}
return _config_ip_rule_flag_set(argv[1], IP_RULE_FLAG_BLACKLIST, 0);
}
static int _conf_bogus_nxdomain(void *data, int argc, char *argv[])
{
if (argc <= 1) {
return -1;
}
return _config_ip_rule_flag_set(argv[1], IP_RULE_FLAG_BOGUS, 0);
}
static int _conf_ip_ignore(void *data, int argc, char *argv[])
{
if (argc <= 1) {
return -1;
}
return _config_ip_rule_flag_set(argv[1], IP_RULE_FLAG_IP_IGNORE, 0);
}
static int _conf_whitelist_ip(void *data, int argc, char *argv[])
{
if (argc <= 1) {
return -1;
}
return _config_ip_rule_flag_set(argv[1], IP_RULE_FLAG_WHITELIST, 0);
}
static int _conf_ip_alias(void *data, int argc, char *argv[])
{
if (argc <= 2) {
return -1;
}
return _config_ip_alias(argv[1], argv[2]);
}
static int _conf_ip_rules(void *data, int argc, char *argv[])
{
int opt = 0;
char *ip_cidr = argv[1];
/* clang-format off */
static struct option long_options[] = {
{"blacklist-ip", no_argument, NULL, 'b'},
{"whitelist-ip", no_argument, NULL, 'w'},
{"bogus-nxdomain", no_argument, NULL, 'n'},
{"ignore-ip", no_argument, NULL, 'i'},
{"ip-alias", required_argument, NULL, 'a'},
{NULL, no_argument, NULL, 0}
};
/* clang-format on */
if (argc <= 1) {
tlog(TLOG_ERROR, "invalid parameter.");
goto errout;
}
/* process extra options */
optind = 1;
while (1) {
opt = getopt_long_only(argc, argv, "", long_options, NULL);
if (opt == -1) {
break;
}
switch (opt) {
case 'b': {
if (_config_ip_rule_flag_set(ip_cidr, IP_RULE_FLAG_BLACKLIST, 0) != 0) {
goto errout;
}
break;
}
case 'w': {
if (_config_ip_rule_flag_set(ip_cidr, IP_RULE_FLAG_WHITELIST, 0) != 0) {
goto errout;
}
break;
}
case 'n': {
if (_config_ip_rule_flag_set(ip_cidr, IP_RULE_FLAG_BOGUS, 0) != 0) {
goto errout;
}
break;
}
case 'i': {
if (_config_ip_rule_flag_set(ip_cidr, IP_RULE_FLAG_IP_IGNORE, 0) != 0) {
goto errout;
}
break;
}
case 'a': {
if (_config_ip_alias(ip_cidr, optarg) != 0) {
goto errout;
}
break;
}
default:
tlog(TLOG_WARN, "invalid ip-rules option: %s", argv[optind - 1]);
break;
}
}
return 0;
errout:
return -1;
}
static int _conf_ip_set(void *data, int argc, char *argv[])
{
int opt = 0;
uint32_t key = 0;
struct dns_ip_set_name *ip_set = NULL;
struct dns_ip_set_name_list *ip_set_name_list = NULL;
char set_name[DNS_MAX_CNAME_LEN] = {0};
/* clang-format off */
static struct option long_options[] = {
{"name", required_argument, NULL, 'n'},
{"type", required_argument, NULL, 't'},
{"file", required_argument, NULL, 'f'},
{NULL, 0, NULL, 0}
};
if (argc <= 1) {
tlog(TLOG_ERROR, "invalid parameter.");
goto errout;
}
ip_set = malloc(sizeof(*ip_set));
if (ip_set == NULL) {
tlog(TLOG_ERROR, "cannot malloc memory.");
goto errout;
}
memset(ip_set, 0, sizeof(*ip_set));
INIT_LIST_HEAD(&ip_set->list);
optind = 1;
while (1) {
opt = getopt_long_only(argc, argv, "n:t:f:", long_options, NULL);
if (opt == -1) {
break;
}
switch (opt) {
case 'n':
safe_strncpy(set_name, optarg, DNS_MAX_CNAME_LEN);
break;
case 't': {
const char *type = optarg;
if (strncmp(type, "list", 5) == 0) {
ip_set->type = DNS_IP_SET_LIST;
} else {
tlog(TLOG_ERROR, "invalid domain set type.");
goto errout;
}
break;
}
case 'f':
conf_get_conf_fullpath(optarg, ip_set->file, DNS_MAX_PATH);
break;
default:
break;
}
}
/* clang-format on */
if (set_name[0] == 0 || ip_set->file[0] == 0) {
tlog(TLOG_ERROR, "invalid parameter.");
goto errout;
}
key = hash_string(set_name);
hash_for_each_possible(dns_ip_set_name_table.names, ip_set_name_list, node, key)
{
if (strcmp(ip_set_name_list->name, set_name) == 0) {
break;
}
}
if (ip_set_name_list == NULL) {
ip_set_name_list = malloc(sizeof(*ip_set_name_list));
if (ip_set_name_list == NULL) {
tlog(TLOG_ERROR, "cannot malloc memory.");
goto errout;
}
memset(ip_set_name_list, 0, sizeof(*ip_set_name_list));
INIT_LIST_HEAD(&ip_set_name_list->set_name_list);
safe_strncpy(ip_set_name_list->name, set_name, DNS_MAX_CNAME_LEN);
hash_add(dns_ip_set_name_table.names, &ip_set_name_list->node, key);
}
list_add_tail(&ip_set->list, &ip_set_name_list->set_name_list);
return 0;
errout:
if (ip_set) {
free(ip_set);
}
return -1;
}
static void _config_ip_iter_free(radix_node_t *node, void *cbctx)
{
struct dns_ip_rules *ip_rules = NULL;
if (node == NULL) {
return;
}
if (node->data == NULL) {
return;
}
ip_rules = node->data;
_config_ip_rules_free(ip_rules);
node->data = NULL;
}
static void _config_ip_set_name_table_destroy(void)
{
struct dns_ip_set_name_list *set_name_list = NULL;
struct hlist_node *tmp = NULL;
struct dns_ip_set_name *set_name = NULL;
struct dns_ip_set_name *tmp1 = NULL;
unsigned long i = 0;
hash_for_each_safe(dns_ip_set_name_table.names, i, tmp, set_name_list, node)
{
hlist_del_init(&set_name_list->node);
list_for_each_entry_safe(set_name, tmp1, &set_name_list->set_name_list, list)
{
list_del(&set_name->list);
free(set_name);
}
free(set_name_list);
}
}
static int _conf_ddns_domain(void *data, int argc, char *argv[])
{
if (argc <= 1) {
tlog(TLOG_ERROR, "invalid parameter.");
return -1;
}
const char *domain = argv[1];
_config_domain_rule_flag_set(domain, DOMAIN_FLAG_SMARTDNS_DOMAIN, 0);
return 0;
}
static int _conf_domain_rule_rr_ttl(const char *domain, int ttl, int ttl_min, int ttl_max)
{
struct dns_ttl_rule *rr_ttl = NULL;
if (ttl < 0 || ttl_min < 0 || ttl_max < 0) {
tlog(TLOG_ERROR, "invalid ttl value.");
goto errout;
}
rr_ttl = _new_dns_rule(DOMAIN_RULE_TTL);
if (rr_ttl == NULL) {
goto errout;
}
rr_ttl->ttl = ttl;
rr_ttl->ttl_min = ttl_min;
rr_ttl->ttl_max = ttl_max;
if (_config_domain_rule_add(domain, DOMAIN_RULE_TTL, rr_ttl) != 0) {
goto errout;
}
_dns_rule_put(&rr_ttl->head);
return 0;
errout:
if (rr_ttl != NULL) {
_dns_rule_put(&rr_ttl->head);
}
return -1;
}
static int _conf_domain_rule_no_serve_expired(const char *domain)
{
return _config_domain_rule_flag_set(domain, DOMAIN_FLAG_NO_SERVE_EXPIRED, 0);
}
static int _conf_domain_rule_delete(const char *domain)
{
return _config_domain_rule_delete(domain);
}
static int _conf_domain_rule_no_cache(const char *domain)
{
return _config_domain_rule_flag_set(domain, DOMAIN_FLAG_NO_CACHE, 0);
}
static int _conf_domain_rule_no_ipalias(const char *domain)
{
return _config_domain_rule_flag_set(domain, DOMAIN_FLAG_NO_IPALIAS, 0);
}
static int _conf_domain_rules(void *data, int argc, char *argv[])
{
int opt = 0;
char domain[DNS_MAX_CONF_CNAME_LEN];
char *value = argv[1];
int rr_ttl = 0;
int rr_ttl_min = 0;
int rr_ttl_max = 0;
/* clang-format off */
static struct option long_options[] = {
{"speed-check-mode", required_argument, NULL, 'c'},
{"response-mode", required_argument, NULL, 'r'},
{"address", required_argument, NULL, 'a'},
{"ipset", required_argument, NULL, 'p'},
{"nftset", required_argument, NULL, 't'},
{"nameserver", required_argument, NULL, 'n'},
{"dualstack-ip-selection", required_argument, NULL, 'd'},
{"cname", required_argument, NULL, 'A'},
{"rr-ttl", required_argument, NULL, 251},
{"rr-ttl-min", required_argument, NULL, 252},
{"rr-ttl-max", required_argument, NULL, 253},
{"no-serve-expired", no_argument, NULL, 254},
{"delete", no_argument, NULL, 255},
{"no-cache", no_argument, NULL, 256},
{"no-ip-alias", no_argument, NULL, 257},
{NULL, no_argument, NULL, 0}
};
/* clang-format on */
if (argc <= 1) {
tlog(TLOG_ERROR, "invalid parameter.");
goto errout;
}
if (_get_domain(value, domain, DNS_MAX_CONF_CNAME_LEN, &value) != 0) {
goto errout;
}
/* process extra options */
optind = 1;
while (1) {
opt = getopt_long_only(argc, argv, "c:a:p:t:n:d:A:r:", long_options, NULL);
if (opt == -1) {
break;
}
switch (opt) {
case 'c': {
const char *check_mode = optarg;
if (check_mode == NULL) {
goto errout;
}
if (_conf_domain_rule_speed_check(domain, check_mode) != 0) {
tlog(TLOG_ERROR, "add check-speed-rule rule failed.");
goto errout;
}
break;
}
case 'r': {
const char *response_mode = optarg;
if (response_mode == NULL) {
goto errout;
}
if (_conf_domain_rule_response_mode(domain, response_mode) != 0) {
tlog(TLOG_ERROR, "add response-mode rule failed.");
goto errout;
}
break;
}
case 'a': {
const char *address = optarg;
if (address == NULL) {
goto errout;
}
if (_conf_domain_rule_address(domain, address) != 0) {
tlog(TLOG_ERROR, "add address rule failed.");
goto errout;
}
break;
}
case 'p': {
const char *ipsetname = optarg;
if (ipsetname == NULL) {
goto errout;
}
if (_conf_domain_rule_ipset(domain, ipsetname) != 0) {
tlog(TLOG_ERROR, "add ipset rule failed.");
goto errout;
}
break;
}
case 'n': {
const char *nameserver_group = optarg;
if (nameserver_group == NULL) {
goto errout;
}
if (_conf_domain_rule_nameserver(domain, nameserver_group) != 0) {
tlog(TLOG_ERROR, "add nameserver rule failed.");
goto errout;
}
break;
}
case 'A': {
const char *cname = optarg;
if (_conf_domain_rule_cname(domain, cname) != 0) {
tlog(TLOG_ERROR, "add cname rule failed.");
goto errout;
}
break;
}
case 'd': {
const char *yesno = optarg;
if (_conf_domain_rule_dualstack_selection(domain, yesno) != 0) {
tlog(TLOG_ERROR, "set dualstack selection rule failed.");
goto errout;
}
break;
}
case 't': {
const char *nftsetname = optarg;
if (nftsetname == NULL) {
goto errout;
}
if (_conf_domain_rule_nftset(domain, nftsetname) != 0) {
tlog(TLOG_ERROR, "add nftset rule failed.");
goto errout;
}
break;
}
case 251: {
rr_ttl = atoi(optarg);
break;
}
case 252: {
rr_ttl_min = atoi(optarg);
break;
}
case 253: {
rr_ttl_max = atoi(optarg);
break;
}
case 254: {
if (_conf_domain_rule_no_serve_expired(domain) != 0) {
tlog(TLOG_ERROR, "set no-serve-expired rule failed.");
goto errout;
}
break;
}
case 255: {
if (_conf_domain_rule_delete(domain) != 0) {
tlog(TLOG_ERROR, "delete domain rule failed.");
goto errout;
}
return 0;
}
case 256: {
if (_conf_domain_rule_no_cache(domain) != 0) {
tlog(TLOG_ERROR, "set no-cache rule failed.");
goto errout;
}
break;
}
case 257: {
if (_conf_domain_rule_no_ipalias(domain) != 0) {
tlog(TLOG_ERROR, "set no-ipalias rule failed.");
goto errout;
}
break;
}
default:
tlog(TLOG_WARN, "invalid domain-rules option: %s", argv[optind - 1]);
break;
}
}
if (rr_ttl > 0 || rr_ttl_min > 0 || rr_ttl_max > 0) {
if (_conf_domain_rule_rr_ttl(domain, rr_ttl, rr_ttl_min, rr_ttl_max) != 0) {
tlog(TLOG_ERROR, "set rr-ttl rule failed.");
goto errout;
}
}
return 0;
errout:
return -1;
}
static struct dns_ptr *_dns_conf_get_ptr(const char *ptr_domain)
{
uint32_t key = 0;
struct dns_ptr *ptr = NULL;
key = hash_string(ptr_domain);
hash_for_each_possible(dns_ptr_table.ptr, ptr, node, key)
{
if (strncmp(ptr->ptr_domain, ptr_domain, DNS_MAX_PTR_LEN) != 0) {
continue;
}
return ptr;
}
ptr = malloc(sizeof(*ptr));
if (ptr == NULL) {
goto errout;
}
safe_strncpy(ptr->ptr_domain, ptr_domain, DNS_MAX_PTR_LEN);
hash_add(dns_ptr_table.ptr, &ptr->node, key);
ptr->is_soa = 1;
return ptr;
errout:
if (ptr) {
free(ptr);
}
return NULL;
}
static int _conf_ptr_add(const char *hostname, const char *ip, int is_dynamic)
{
struct dns_ptr *ptr = NULL;
struct sockaddr_storage addr;
unsigned char *paddr = NULL;
socklen_t addr_len = sizeof(addr);
char ptr_domain[DNS_MAX_PTR_LEN];
if (getaddr_by_host(ip, (struct sockaddr *)&addr, &addr_len) != 0) {
goto errout;
}
switch (addr.ss_family) {
case AF_INET: {
struct sockaddr_in *addr_in = NULL;
addr_in = (struct sockaddr_in *)&addr;
paddr = (unsigned char *)&(addr_in->sin_addr.s_addr);
snprintf(ptr_domain, sizeof(ptr_domain), "%d.%d.%d.%d.in-addr.arpa", paddr[3], paddr[2], paddr[1], paddr[0]);
} break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)&addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
paddr = addr_in6->sin6_addr.s6_addr + 12;
snprintf(ptr_domain, sizeof(ptr_domain), "%d.%d.%d.%d.in-addr.arpa", paddr[3], paddr[2], paddr[1],
paddr[0]);
} else {
paddr = addr_in6->sin6_addr.s6_addr;
snprintf(ptr_domain, sizeof(ptr_domain),
"%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
"%x.ip6.arpa",
paddr[15] & 0xF, (paddr[15] >> 4) & 0xF, paddr[14] & 0xF, (paddr[14] >> 4) & 0xF, paddr[13] & 0xF,
(paddr[13] >> 4) & 0xF, paddr[12] & 0xF, (paddr[12] >> 4) & 0xF, paddr[11] & 0xF,
(paddr[11] >> 4) & 0xF, paddr[10] & 0xF, (paddr[10] >> 4) & 0xF, paddr[9] & 0xF,
(paddr[9] >> 4) & 0xF, paddr[8] & 0xF, (paddr[8] >> 4) & 0xF, paddr[7] & 0xF,
(paddr[7] >> 4) & 0xF, paddr[6] & 0xF, (paddr[6] >> 4) & 0xF, paddr[5] & 0xF,
(paddr[5] >> 4) & 0xF, paddr[4] & 0xF, (paddr[4] >> 4) & 0xF, paddr[3] & 0xF,
(paddr[3] >> 4) & 0xF, paddr[2] & 0xF, (paddr[2] >> 4) & 0xF, paddr[1] & 0xF,
(paddr[1] >> 4) & 0xF, paddr[0] & 0xF, (paddr[0] >> 4) & 0xF);
}
} break;
default:
goto errout;
break;
}
ptr = _dns_conf_get_ptr(ptr_domain);
if (ptr == NULL) {
goto errout;
}
if (is_dynamic == 1 && ptr->is_soa == 0 && ptr->is_dynamic == 0) {
/* already set fix PTR, skip */
return 0;
}
ptr->is_dynamic = is_dynamic;
ptr->is_soa = 0;
safe_strncpy(ptr->hostname, hostname, DNS_MAX_CNAME_LEN);
return 0;
errout:
return -1;
}
static void _config_ptr_table_destroy(int only_dynamic)
{
struct dns_ptr *ptr = NULL;
struct hlist_node *tmp = NULL;
unsigned long i = 0;
hash_for_each_safe(dns_ptr_table.ptr, i, tmp, ptr, node)
{
if (only_dynamic != 0 && ptr->is_dynamic == 0) {
continue;
}
hlist_del_init(&ptr->node);
free(ptr);
}
}
static struct dns_hosts *_dns_conf_get_hosts(const char *hostname, int dns_type)
{
uint32_t key = 0;
struct dns_hosts *host = NULL;
char hostname_lower[DNS_MAX_CNAME_LEN];
key = hash_string(to_lower_case(hostname_lower, hostname, DNS_MAX_CNAME_LEN));
key = jhash(&dns_type, sizeof(dns_type), key);
hash_for_each_possible(dns_hosts_table.hosts, host, node, key)
{
if (host->dns_type != dns_type) {
continue;
}
if (strncmp(host->domain, hostname_lower, DNS_MAX_CNAME_LEN) != 0) {
continue;
}
return host;
}
host = malloc(sizeof(*host));
if (host == NULL) {
goto errout;
}
safe_strncpy(host->domain, hostname_lower, DNS_MAX_CNAME_LEN);
host->dns_type = dns_type;
host->is_soa = 1;
hash_add(dns_hosts_table.hosts, &host->node, key);
return host;
errout:
if (host) {
free(host);
}
return NULL;
}
static int _conf_host_add(const char *hostname, const char *ip, dns_hosts_type host_type, int is_dynamic)
{
struct dns_hosts *host = NULL;
struct dns_hosts *host_other __attribute__((unused));
struct sockaddr_storage addr;
socklen_t addr_len = sizeof(addr);
int dns_type = 0;
int dns_type_other = 0;
if (getaddr_by_host(ip, (struct sockaddr *)&addr, &addr_len) != 0) {
goto errout;
}
switch (addr.ss_family) {
case AF_INET:
dns_type = DNS_T_A;
dns_type_other = DNS_T_AAAA;
break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)&addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
dns_type = DNS_T_A;
dns_type_other = DNS_T_AAAA;
} else {
dns_type = DNS_T_AAAA;
dns_type_other = DNS_T_A;
}
} break;
default:
goto errout;
break;
}
host = _dns_conf_get_hosts(hostname, dns_type);
if (host == NULL) {
goto errout;
}
if (is_dynamic == 1 && host->is_soa == 0 && host->is_dynamic == 0) {
/* already set fixed PTR, skip */
return 0;
}
/* add this to return SOA when addr is not exist */
host_other = _dns_conf_get_hosts(hostname, dns_type_other);
host->is_dynamic = is_dynamic;
host->host_type = host_type;
switch (addr.ss_family) {
case AF_INET: {
struct sockaddr_in *addr_in = NULL;
addr_in = (struct sockaddr_in *)&addr;
memcpy(host->ipv4_addr, &addr_in->sin_addr.s_addr, 4);
host->is_soa = 0;
} break;
case AF_INET6: {
struct sockaddr_in6 *addr_in6 = NULL;
addr_in6 = (struct sockaddr_in6 *)&addr;
if (IN6_IS_ADDR_V4MAPPED(&addr_in6->sin6_addr)) {
memcpy(host->ipv4_addr, addr_in6->sin6_addr.s6_addr + 12, 4);
} else {
memcpy(host->ipv6_addr, addr_in6->sin6_addr.s6_addr, 16);
}
host->is_soa = 0;
} break;
default:
goto errout;
}
dns_hosts_record_num++;
return 0;
errout:
return -1;
}
static int _conf_dhcp_lease_dnsmasq_add(const char *file)
{
FILE *fp = NULL;
char line[MAX_LINE_LEN];
char ip[DNS_MAX_IPLEN];
char hostname[DNS_MAX_CNAME_LEN];
int ret = 0;
int line_no = 0;
int filed_num = 0;
fp = fopen(file, "r");
if (fp == NULL) {
tlog(TLOG_WARN, "open file %s error, %s", file, strerror(errno));
return 0;
}
line_no = 0;
while (fgets(line, MAX_LINE_LEN, fp)) {
line_no++;
filed_num = sscanf(line, "%*s %*s %63s %255s %*s", ip, hostname);
if (filed_num <= 0) {
continue;
}
if (strncmp(hostname, "*", DNS_MAX_CNAME_LEN - 1) == 0) {
continue;
}
ret = _conf_host_add(hostname, ip, DNS_HOST_TYPE_DNSMASQ, 1);
if (ret != 0) {
tlog(TLOG_WARN, "add host %s/%s at %d failed", hostname, ip, line_no);
}
ret = _conf_ptr_add(hostname, ip, 1);
if (ret != 0) {
tlog(TLOG_WARN, "add ptr %s/%s at %d failed.", hostname, ip, line_no);
}
}
fclose(fp);
return 0;
}
static int _conf_dhcp_lease_dnsmasq_file(void *data, int argc, char *argv[])
{
struct stat statbuf;
if (argc < 1) {
return -1;
}
conf_get_conf_fullpath(argv[1], dns_conf_dnsmasq_lease_file, sizeof(dns_conf_dnsmasq_lease_file));
if (_conf_dhcp_lease_dnsmasq_add(dns_conf_dnsmasq_lease_file) != 0) {
return -1;
}
if (stat(dns_conf_dnsmasq_lease_file, &statbuf) != 0) {
return 0;
}
dns_conf_dnsmasq_lease_file_time = statbuf.st_mtime;
return 0;
}
static int _conf_hosts_file(void *data, int argc, char *argv[])
{
return 0;
}
static void _config_host_table_destroy(int only_dynamic)
{
struct dns_hosts *host = NULL;
struct hlist_node *tmp = NULL;
unsigned long i = 0;
hash_for_each_safe(dns_hosts_table.hosts, i, tmp, host, node)
{
if (only_dynamic != 0 && host->is_dynamic == 0) {
continue;
}
hlist_del_init(&host->node);
free(host);
}
dns_hosts_record_num = 0;
}
int dns_server_check_update_hosts(void)
{
struct stat statbuf;
time_t now = 0;
if (dns_conf_dnsmasq_lease_file[0] == '\0') {
return -1;
}
if (stat(dns_conf_dnsmasq_lease_file, &statbuf) != 0) {
return -1;
}
if (dns_conf_dnsmasq_lease_file_time == statbuf.st_mtime) {
return -1;
}
time(&now);
if (now - statbuf.st_mtime < 30) {
return -1;
}
_config_ptr_table_destroy(1);
_config_host_table_destroy(1);
if (_conf_dhcp_lease_dnsmasq_add(dns_conf_dnsmasq_lease_file) != 0) {
return -1;
}
dns_conf_dnsmasq_lease_file_time = statbuf.st_mtime;
return 0;
}
static int _config_log_level(void *data, int argc, char *argv[])
{
/* read log level and set */
char *value = argv[1];
if (strncasecmp("debug", value, MAX_LINE_LEN) == 0) {
dns_conf_log_level = TLOG_DEBUG;
} else if (strncasecmp("info", value, MAX_LINE_LEN) == 0) {
dns_conf_log_level = TLOG_INFO;
} else if (strncasecmp("notice", value, MAX_LINE_LEN) == 0) {
dns_conf_log_level = TLOG_NOTICE;
} else if (strncasecmp("warn", value, MAX_LINE_LEN) == 0) {
dns_conf_log_level = TLOG_WARN;
} else if (strncasecmp("error", value, MAX_LINE_LEN) == 0) {
dns_conf_log_level = TLOG_ERROR;
} else if (strncasecmp("fatal", value, MAX_LINE_LEN) == 0) {
dns_conf_log_level = TLOG_FATAL;
} else if (strncasecmp("off", value, MAX_LINE_LEN) == 0) {
dns_conf_log_level = TLOG_OFF;
} else {
return -1;
}
return 0;
}
static void _config_setup_smartdns_domain(void)
{
char hostname[DNS_MAX_CNAME_LEN];
char domainname[DNS_MAX_CNAME_LEN];
hostname[0] = '\0';
domainname[0] = '\0';
/* get local domain name */
if (getdomainname(domainname, DNS_MAX_CNAME_LEN - 1) == 0) {
/* check domain is valid */
if (strncmp(domainname, "(none)", DNS_MAX_CNAME_LEN - 1) == 0) {
domainname[0] = '\0';
}
}
if (gethostname(hostname, DNS_MAX_CNAME_LEN - 1) == 0) {
/* check hostname is valid */
if (strncmp(hostname, "(none)", DNS_MAX_CNAME_LEN - 1) == 0) {
hostname[0] = '\0';
}
}
if (dns_conf_resolv_hostname == 1) {
/* add hostname to rule table */
if (hostname[0] != '\0') {
_config_domain_rule_flag_set(hostname, DOMAIN_FLAG_SMARTDNS_DOMAIN, 0);
}
/* add domainname to rule table */
if (domainname[0] != '\0') {
char full_domain[DNS_MAX_CNAME_LEN];
snprintf(full_domain, DNS_MAX_CNAME_LEN, "%.64s.%.128s", hostname, domainname);
_config_domain_rule_flag_set(full_domain, DOMAIN_FLAG_SMARTDNS_DOMAIN, 0);
}
}
/* add server name to rule table */
if (dns_conf_server_name[0] != '\0' &&
strncmp(dns_conf_server_name, "smartdns", DNS_MAX_SERVER_NAME_LEN - 1) != 0) {
_config_domain_rule_flag_set(dns_conf_server_name, DOMAIN_FLAG_SMARTDNS_DOMAIN, 0);
}
_config_domain_rule_flag_set("smartdns", DOMAIN_FLAG_SMARTDNS_DOMAIN, 0);
}
static struct config_item _config_item[] = {
CONF_STRING("server-name", (char *)dns_conf_server_name, DNS_MAX_SERVER_NAME_LEN),
CONF_YESNO("resolv-hostname", &dns_conf_resolv_hostname),
CONF_CUSTOM("bind", _config_bind_ip_udp, NULL),
CONF_CUSTOM("bind-tcp", _config_bind_ip_tcp, NULL),
CONF_CUSTOM("bind-tls", _config_bind_ip_tls, NULL),
CONF_CUSTOM("bind-cert-file", _config_option_parser_filepath, &dns_conf_bind_ca_file),
CONF_CUSTOM("bind-cert-key-file", _config_option_parser_filepath, &dns_conf_bind_ca_key_file),
CONF_STRING("bind-cert-key-pass", dns_conf_bind_ca_key_pass, DNS_MAX_PATH),
CONF_CUSTOM("server", _config_server_udp, NULL),
CONF_CUSTOM("server-tcp", _config_server_tcp, NULL),
CONF_CUSTOM("server-tls", _config_server_tls, NULL),
CONF_CUSTOM("server-https", _config_server_https, NULL),
CONF_CUSTOM("nameserver", _config_nameserver, NULL),
CONF_YESNO("expand-ptr-from-address", &dns_conf_expand_ptr_from_address),
CONF_CUSTOM("address", _config_address, NULL),
CONF_CUSTOM("cname", _config_cname, NULL),
CONF_CUSTOM("proxy-server", _config_proxy_server, NULL),
CONF_YESNO("ipset-timeout", &dns_conf_ipset_timeout_enable),
CONF_CUSTOM("ipset", _config_ipset, NULL),
CONF_CUSTOM("ipset-no-speed", _config_ipset_no_speed, NULL),
CONF_YESNO("nftset-timeout", &dns_conf_nftset_timeout_enable),
CONF_YESNO("nftset-debug", &dns_conf_nftset_debug_enable),
CONF_CUSTOM("nftset", _config_nftset, NULL),
CONF_CUSTOM("nftset-no-speed", _config_nftset_no_speed, NULL),
CONF_CUSTOM("speed-check-mode", _config_speed_check_mode, NULL),
CONF_INT("tcp-idle-time", &dns_conf_tcp_idle_time, 0, 3600),
CONF_SSIZE("cache-size", &dns_conf_cachesize, 0, CONF_INT_MAX),
CONF_CUSTOM("cache-file", _config_option_parser_filepath, (char *)&dns_conf_cache_file),
CONF_YESNO("cache-persist", &dns_conf_cache_persist),
CONF_INT("cache-checkpoint-time", &dns_conf_cache_checkpoint_time, 0, 3600 * 24 * 7),
CONF_YESNO("prefetch-domain", &dns_conf_prefetch),
CONF_YESNO("serve-expired", &dns_conf_serve_expired),
CONF_INT("serve-expired-ttl", &dns_conf_serve_expired_ttl, 0, CONF_INT_MAX),
CONF_INT("serve-expired-reply-ttl", &dns_conf_serve_expired_reply_ttl, 0, CONF_INT_MAX),
CONF_INT("serve-expired-prefetch-time", &dns_conf_serve_expired_prefetch_time, 0, CONF_INT_MAX),
CONF_YESNO("dualstack-ip-selection", &dns_conf_dualstack_ip_selection),
CONF_YESNO("dualstack-ip-allow-force-AAAA", &dns_conf_dualstack_ip_allow_force_AAAA),
CONF_INT("dualstack-ip-selection-threshold", &dns_conf_dualstack_ip_selection_threshold, 0, 1000),
CONF_CUSTOM("dns64", _config_dns64, NULL),
CONF_CUSTOM("log-level", _config_log_level, NULL),
CONF_CUSTOM("log-file", _config_option_parser_filepath, (char *)dns_conf_log_file),
CONF_SIZE("log-size", &dns_conf_log_size, 0, 1024 * 1024 * 1024),
CONF_INT("log-num", &dns_conf_log_num, 0, 1024),
CONF_YESNO("log-console", &dns_conf_log_console),
CONF_INT_BASE("log-file-mode", &dns_conf_log_file_mode, 0, 511, 8),
CONF_YESNO("audit-enable", &dns_conf_audit_enable),
CONF_YESNO("audit-SOA", &dns_conf_audit_log_SOA),
CONF_CUSTOM("audit-file", _config_option_parser_filepath, (char *)&dns_conf_audit_file),
CONF_INT_BASE("audit-file-mode", &dns_conf_audit_file_mode, 0, 511, 8),
CONF_SIZE("audit-size", &dns_conf_audit_size, 0, 1024 * 1024 * 1024),
CONF_INT("audit-num", &dns_conf_audit_num, 0, 1024),
CONF_YESNO("audit-console", &dns_conf_audit_console),
CONF_INT("rr-ttl", &dns_conf_rr_ttl, 0, CONF_INT_MAX),
CONF_INT("rr-ttl-min", &dns_conf_rr_ttl_min, 0, CONF_INT_MAX),
CONF_INT("rr-ttl-max", &dns_conf_rr_ttl_max, 0, CONF_INT_MAX),
CONF_INT("rr-ttl-reply-max", &dns_conf_rr_ttl_reply_max, 0, CONF_INT_MAX),
CONF_INT("local-ttl", &dns_conf_local_ttl, 0, CONF_INT_MAX),
CONF_INT("max-reply-ip-num", &dns_conf_max_reply_ip_num, 1, CONF_INT_MAX),
CONF_ENUM("response-mode", &dns_conf_response_mode, &dns_conf_response_mode_enum),
CONF_YESNO("force-AAAA-SOA", &dns_conf_force_AAAA_SOA),
CONF_YESNO("force-no-CNAME", &dns_conf_force_no_cname),
CONF_CUSTOM("force-qtype-SOA", _config_qtype_soa, NULL),
CONF_CUSTOM("blacklist-ip", _config_blacklist_ip, NULL),
CONF_CUSTOM("whitelist-ip", _conf_whitelist_ip, NULL),
CONF_CUSTOM("ip-alias", _conf_ip_alias, NULL),
CONF_CUSTOM("ip-rules", _conf_ip_rules, NULL),
CONF_CUSTOM("ip-set", _conf_ip_set, NULL),
CONF_CUSTOM("bogus-nxdomain", _conf_bogus_nxdomain, NULL),
CONF_CUSTOM("ignore-ip", _conf_ip_ignore, NULL),
CONF_CUSTOM("edns-client-subnet", _conf_edns_client_subnet, NULL),
CONF_CUSTOM("domain-rules", _conf_domain_rules, NULL),
CONF_CUSTOM("domain-set", _conf_domain_set, NULL),
CONF_CUSTOM("ddns-domain", _conf_ddns_domain, NULL),
CONF_CUSTOM("dnsmasq-lease-file", _conf_dhcp_lease_dnsmasq_file, NULL),
CONF_CUSTOM("hosts-file", _conf_hosts_file, NULL),
CONF_STRING("ca-file", (char *)&dns_conf_ca_file, DNS_MAX_PATH),
CONF_STRING("ca-path", (char *)&dns_conf_ca_path, DNS_MAX_PATH),
CONF_STRING("user", (char *)&dns_conf_user, sizeof(dns_conf_user)),
CONF_YESNO("debug-save-fail-packet", &dns_save_fail_packet),
CONF_YESNO("no-pidfile", &dns_no_pidfile),
CONF_YESNO("no-daemon", &dns_no_daemon),
CONF_STRING("resolv-file", (char *)&dns_resolv_file, sizeof(dns_resolv_file)),
CONF_STRING("debug-save-fail-packet-dir", (char *)&dns_save_fail_packet_dir, sizeof(dns_save_fail_packet_dir)),
CONF_CUSTOM("conf-file", config_additional_file, NULL),
CONF_END(),
};
static int _conf_printf(const char *file, int lineno, int ret)
{
switch (ret) {
case CONF_RET_ERR:
case CONF_RET_WARN:
case CONF_RET_BADCONF:
tlog(TLOG_WARN, "process config file '%s' failed at line %d.", file, lineno);
syslog(LOG_NOTICE, "process config file '%s' failed at line %d.", file, lineno);
return -1;
break;
default:
break;
}
return 0;
}
int config_additional_file(void *data, int argc, char *argv[])
{
char *conf_file = NULL;
char file_path[DNS_MAX_PATH];
char file_path_dir[DNS_MAX_PATH];
if (argc < 1) {
return -1;
}
conf_file = argv[1];
if (conf_file[0] != '/') {
safe_strncpy(file_path_dir, conf_get_conf_file(), DNS_MAX_PATH);
dir_name(file_path_dir);
if (strncmp(file_path_dir, conf_get_conf_file(), sizeof(file_path_dir)) == 0) {
if (snprintf(file_path, DNS_MAX_PATH, "%s", conf_file) < 0) {
return -1;
}
} else {
if (snprintf(file_path, DNS_MAX_PATH, "%s/%s", file_path_dir, conf_file) < 0) {
return -1;
}
}
} else {
safe_strncpy(file_path, conf_file, DNS_MAX_PATH);
}
if (access(file_path, R_OK) != 0) {
tlog(TLOG_WARN, "conf file %s is not readable.", file_path);
syslog(LOG_NOTICE, "conf file %s is not readable.", file_path);
return 0;
}
return load_conf(file_path, _config_item, _conf_printf);
}
const char *dns_conf_get_cache_dir(void)
{
if (dns_conf_cache_file[0] == '\0') {
return SMARTDNS_CACHE_FILE;
}
return dns_conf_cache_file;
}
static int _dns_server_load_conf_init(void)
{
dns_conf_address_rule.ipv4 = New_Radix();
dns_conf_address_rule.ipv6 = New_Radix();
if (dns_conf_address_rule.ipv4 == NULL || dns_conf_address_rule.ipv6 == NULL) {
tlog(TLOG_WARN, "init radix tree failed.");
return -1;
}
art_tree_init(&dns_conf_domain_rule);
hash_init(dns_ipset_table.ipset);
hash_init(dns_nftset_table.nftset);
dns_qtype_soa_table = malloc(MAX_QTYPE_NUM / 8 + 1);
if (dns_qtype_soa_table == NULL) {
tlog(TLOG_WARN, "malloc qtype soa table failed.");
return -1;
}
memset(dns_qtype_soa_table, 0, MAX_QTYPE_NUM / 8 + 1);
hash_init(dns_group_table.group);
hash_init(dns_hosts_table.hosts);
hash_init(dns_ptr_table.ptr);
hash_init(dns_domain_set_name_table.names);
hash_init(dns_ip_set_name_table.names);
return 0;
}
static void dns_server_bind_destroy(void)
{
for (int i = 0; i < dns_conf_bind_ip_num; i++) {
struct dns_bind_ip *bind_ip = &dns_conf_bind_ip[i];
if (bind_ip->nftset_ipset_rule.ipset) {
_dns_rule_put(&bind_ip->nftset_ipset_rule.ipset->head);
}
if (bind_ip->nftset_ipset_rule.ipset_ip) {
_dns_rule_put(&bind_ip->nftset_ipset_rule.ipset_ip->head);
}
if (bind_ip->nftset_ipset_rule.ipset_ip6) {
_dns_rule_put(&bind_ip->nftset_ipset_rule.ipset_ip6->head);
}
if (bind_ip->nftset_ipset_rule.nftset_ip) {
_dns_rule_put(&bind_ip->nftset_ipset_rule.nftset_ip->head);
}
if (bind_ip->nftset_ipset_rule.nftset_ip6) {
_dns_rule_put(&bind_ip->nftset_ipset_rule.nftset_ip6->head);
}
}
memset(dns_conf_bind_ip, 0, sizeof(dns_conf_bind_ip));
dns_conf_bind_ip_num = 0;
}
static void _config_ip_rules_destroy(void)
{
Destroy_Radix(dns_conf_address_rule.ipv4, _config_ip_iter_free, NULL);
Destroy_Radix(dns_conf_address_rule.ipv6, _config_ip_iter_free, NULL);
}
void dns_server_load_exit(void)
{
_config_domain_destroy();
_config_ip_rules_destroy();
_config_ipset_table_destroy();
_config_nftset_table_destroy();
_config_group_table_destroy();
_config_ptr_table_destroy(0);
_config_host_table_destroy(0);
_config_qtype_soa_table_destroy();
_config_proxy_table_destroy();
dns_conf_server_num = 0;
dns_server_bind_destroy();
}
static int _config_add_default_server_if_needed(void)
{
if (dns_conf_bind_ip_num > 0) {
return 0;
}
/* add default server */
char *argv[] = {"bind", "[::]:53", NULL};
int argc = sizeof(argv) / sizeof(char *) - 1;
return _config_bind_ip(argc, argv, DNS_BIND_TYPE_UDP);
}
static int _dns_conf_speed_check_mode_verify(void)
{
int i = 0;
int j = 0;
int print_log = 0;
if (dns_has_cap_ping == 1) {
return 0;
}
for (i = 0; i < DOMAIN_CHECK_NUM; i++) {
if (dns_conf_check_orders.orders[i].type == DOMAIN_CHECK_ICMP) {
for (j = i + 1; j < DOMAIN_CHECK_NUM; j++) {
dns_conf_check_orders.orders[j - 1].type = dns_conf_check_orders.orders[j].type;
dns_conf_check_orders.orders[j - 1].tcp_port = dns_conf_check_orders.orders[j].tcp_port;
}
dns_conf_check_orders.orders[j - 1].type = DOMAIN_CHECK_NONE;
dns_conf_check_orders.orders[j - 1].tcp_port = 0;
print_log = 1;
}
}
if (print_log) {
tlog(TLOG_WARN, "speed check by ping is disabled because smartdns does not have network raw privileges");
}
return 0;
}
static int _dns_ping_cap_check(void)
{
int has_ping = 0;
int has_raw_cap = 0;
has_raw_cap = has_network_raw_cap();
has_ping = has_unprivileged_ping();
if (has_ping == 0) {
if (errno == EACCES && has_raw_cap == 0) {
tlog(TLOG_WARN, "unprivileged ping is disabled, please enable by setting net.ipv4.ping_group_range");
}
}
if (has_ping == 1 || has_raw_cap == 1) {
dns_has_cap_ping = 1;
}
return 0;
}
static int _dns_conf_load_pre(void)
{
if (_dns_server_load_conf_init() != 0) {
goto errout;
}
_dns_ping_cap_check();
safe_strncpy(dns_save_fail_packet_dir, SMARTDNS_DEBUG_DIR, sizeof(dns_save_fail_packet_dir));
return 0;
errout:
return -1;
}
static void _dns_conf_auto_set_cache_size(void)
{
uint64_t memsize = get_system_mem_size();
if (dns_conf_cachesize >= 0) {
return;
}
if (memsize <= 16 * 1024 * 1024) {
dns_conf_cachesize = 2048; /* 1MB memory */
} else if (memsize <= 32 * 1024 * 1024) {
dns_conf_cachesize = 8192; /* 4MB memory*/
} else if (memsize <= 64 * 1024 * 1024) {
dns_conf_cachesize = 16384; /* 8MB memory*/
} else if (memsize <= 128 * 1024 * 1024) {
dns_conf_cachesize = 32768; /* 16MB memory*/
} else if (memsize <= 256 * 1024 * 1024) {
dns_conf_cachesize = 65536; /* 32MB memory*/
} else if (memsize <= 512 * 1024 * 1024) {
dns_conf_cachesize = 131072; /* 64MB memory*/
} else {
dns_conf_cachesize = 262144; /* 128MB memory*/
}
}
static int _dns_conf_load_post(void)
{
_config_setup_smartdns_domain();
_dns_conf_speed_check_mode_verify();
_dns_conf_auto_set_cache_size();
if (dns_conf_cachesize == 0 && dns_conf_response_mode == DNS_RESPONSE_MODE_FASTEST_RESPONSE) {
dns_conf_response_mode = DNS_RESPONSE_MODE_FASTEST_IP;
tlog(TLOG_WARN, "force set response to %s as cache size is 0",
dns_conf_response_mode_enum[dns_conf_response_mode].name);
}
if ((dns_conf_rr_ttl_min > dns_conf_rr_ttl_max) && dns_conf_rr_ttl_max > 0) {
dns_conf_rr_ttl_min = dns_conf_rr_ttl_max;
}
if ((dns_conf_rr_ttl_max < dns_conf_rr_ttl_min) && dns_conf_rr_ttl_max > 0) {
dns_conf_rr_ttl_max = dns_conf_rr_ttl_min;
}
if (dns_resolv_file[0] == '\0') {
safe_strncpy(dns_resolv_file, DNS_RESOLV_FILE, sizeof(dns_resolv_file));
}
_config_domain_set_name_table_destroy();
_config_ip_set_name_table_destroy();
_config_update_bootstrap_dns_rule();
_config_add_default_server_if_needed();
return 0;
}
int dns_server_load_conf(const char *file)
{
int ret = 0;
ret = _dns_conf_load_pre();
if (ret != 0) {
return ret;
}
openlog("smartdns", LOG_CONS | LOG_NDELAY, LOG_LOCAL1);
ret = load_conf(file, _config_item, _conf_printf);
closelog();
if (ret != 0) {
return ret;
}
ret = _dns_conf_load_post();
return ret;
}
Reference in New Issue View Git Blame Copy Permalink