From 716ca530e1c4515d8683c9d5be3d56b301758b66 Mon Sep 17 00:00:00 2001
From: James <>
Date: Wed, 4 Nov 2015 11:49:21 +0000
Subject: trunk-47381

---
 package/network/services/ipset-dns/Makefile        | 60 ++++++++++++++++++++++
 .../services/ipset-dns/files/ipset-dns.config      | 16 ++++++
 .../services/ipset-dns/files/ipset-dns.init        | 57 ++++++++++++++++++++
 .../patches/100-simultaneous-ipv4-ipv6.patch       | 57 ++++++++++++++++++++
 4 files changed, 190 insertions(+)
 create mode 100644 package/network/services/ipset-dns/Makefile
 create mode 100644 package/network/services/ipset-dns/files/ipset-dns.config
 create mode 100755 package/network/services/ipset-dns/files/ipset-dns.init
 create mode 100644 package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch

(limited to 'package/network/services/ipset-dns')

diff --git a/package/network/services/ipset-dns/Makefile b/package/network/services/ipset-dns/Makefile
new file mode 100644
index 0000000..37cf7c5
--- /dev/null
+++ b/package/network/services/ipset-dns/Makefile
@@ -0,0 +1,60 @@
+#
+# Copyright (C) 2013 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ipset-dns
+PKG_VERSION:=2013-05-03
+PKG_RELEASE=$(PKG_SOURCE_VERSION)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=http://git.zx2c4.com/ipset-dns
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=6be3afd819a86136b51c5ae722ab48266187155b
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
+
+PKG_LICENSE:=GPL-2.0
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/ipset-dns/Default
+endef
+
+define Package/ipset-dns
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=A lightweight DNS forwarder to populate ipsets
+  URL:=http://git.zx2c4.com/ipset-dns/about/
+  DEPENDS:=+libmnl
+endef
+
+define Package/ipset-dns/description
+ The ipset-dns daemon is a lightweight DNS forwarding server that adds all
+ resolved IPs to a given netfilter ipset. It is designed to be used in
+ conjunction with dnsmasq's upstream server directive.
+
+ Practical use cases include routing over a given gateway traffic for
+ particular web services or webpages that do not have a priori predictable
+ IP addresses and instead rely on dizzying arrays of DNS resolutions.
+endef
+
+define Package/ipset-dns/conffiles
+/etc/config/ipset-dns
+endef
+
+define Package/ipset-dns/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ipset-dns $(1)/usr/sbin/ipset-dns
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/ipset-dns.init $(1)/etc/init.d/ipset-dns
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) ./files/ipset-dns.config $(1)/etc/config/ipset-dns
+endef
+
+$(eval $(call BuildPackage,ipset-dns))
diff --git a/package/network/services/ipset-dns/files/ipset-dns.config b/package/network/services/ipset-dns/files/ipset-dns.config
new file mode 100644
index 0000000..0270366
--- /dev/null
+++ b/package/network/services/ipset-dns/files/ipset-dns.config
@@ -0,0 +1,16 @@
+# declare an ipset-dns listener instance, multiple allowed
+config ipset-dns
+	# use given ipset for type A (IPv4) responses
+	option ipset 'domain-filter-ipv4'
+
+	# use given ipset for type AAAA (IPv6) responses
+	option ipset6 'domain-filter-ipv6'
+
+	# use given listening port
+	# defaults to 53000 + instance number
+	#option port  '53001'
+
+	# use given upstream DNS server,
+	# defaults to first entry in /tmp/resolv.conf.auto
+	#option dns   '8.8.8.8'
+
diff --git a/package/network/services/ipset-dns/files/ipset-dns.init b/package/network/services/ipset-dns/files/ipset-dns.init
new file mode 100755
index 0000000..0a76fcc
--- /dev/null
+++ b/package/network/services/ipset-dns/files/ipset-dns.init
@@ -0,0 +1,57 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2013 OpenWrt.org
+
+START=61
+
+USE_PROCD=1
+
+find_nameserver() {
+	. /lib/functions/network.sh
+
+	local tmp
+	if network_find_wan tmp && network_get_dnsserver tmp "$tmp"; then
+		echo "${tmp%% *}"
+		return 0
+	fi
+
+	return 1
+}
+
+start_instance() {
+	local cfg="$1"
+	local ipset ipset6 port dns
+
+	config_get ipset "$cfg" ipset
+	config_get ipset6 "$cfg" ipset6
+	[ -n "$ipset$ipset6" ] || {
+		echo "No ipset specified for instance $cfg" >&2
+		return 1
+	}
+
+	config_get dns "$cfg" dns "$DEFNS"
+	[ -n "$dns" ] || {
+		echo "No DNS server specified for instance $cfg" >&2
+		return 1
+	}
+
+	config_get port "$cfg" port $((PORT++))
+
+	procd_open_instance
+	procd_set_param command /usr/sbin/ipset-dns "$ipset" "$ipset6" "$port" "$dns"
+	procd_set_param env NO_DAEMONIZE=1
+	procd_set_param respawn
+	procd_close_instance
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "ipset-dns"
+}
+
+start_service() {
+	PORT=53001
+	DEFNS="$(find_nameserver)"
+
+	config_load ipset-dns
+	config_foreach start_instance ipset-dns
+}
diff --git a/package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch b/package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch
new file mode 100644
index 0000000..19669a0
--- /dev/null
+++ b/package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch
@@ -0,0 +1,57 @@
+--- a/ipset-dns.c
++++ b/ipset-dns.c
+@@ -307,19 +307,20 @@ int main(int argc, char *argv[]) 
+ 	struct timeval tv;
+ 	char msg[512];
+ 	char ip[INET6_ADDRSTRLEN];
+-	char *ipset;
++	char *ipset, *ipset6;
+ 	int listen_sock, upstream_sock;
+ 	int pos, i, size, af;
+ 	socklen_t len;
+ 	size_t received;
+ 	pid_t child;
+ 	
+-	if (argc != 4) {
+-		fprintf(stderr, "Usage: %s ipset port upstream\n", argv[0]);
++	if (argc != 5) {
++		fprintf(stderr, "Usage: %s ipv4-ipset ipv6-ipset port upstream\n", argv[0]);
+ 		return 1;
+ 	}
+ 
+ 	ipset = argv[1];
++	ipset6 = argv[2];
+ 
+ 	listen_sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ 	if (listen_sock < 0) {
+@@ -329,7 +330,7 @@ int main(int argc, char *argv[]) 
+ 
+ 	memset(&listen_addr, 0, sizeof(listen_addr));
+ 	listen_addr.sin_family = AF_INET;
+-	listen_addr.sin_port = htons(atoi(argv[2]));
++	listen_addr.sin_port = htons(atoi(argv[3]));
+ 	listen_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	i = 1;
+ 	setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));
+@@ -341,7 +342,7 @@ int main(int argc, char *argv[]) 
+ 	memset(&upstream_addr, 0, sizeof(upstream_addr));
+ 	upstream_addr.sin_family = AF_INET;
+ 	upstream_addr.sin_port = htons(53);
+-	inet_aton(argv[3], &upstream_addr.sin_addr);
++	inet_aton(argv[4], &upstream_addr.sin_addr);
+ 	
+ 	/* TODO: Put all of the below code in several forks all listening on the same sock. */
+ 
+@@ -434,8 +435,11 @@ int main(int argc, char *argv[]) 
+ 				continue;
+ 			}
+ 
++			if ((af == AF_INET && !*ipset) || (af == AF_INET6 && !*ipset6))
++				continue;
++
+ 			printf("%s: %s\n", answer.dotted, ip);
+-			if (add_to_ipset(ipset, answer.rdata, af) < 0)
++			if (add_to_ipset((af == AF_INET) ? ipset : ipset6, answer.rdata, af) < 0)
+ 				perror("add_to_ipset");
+ 		}
+ 		
-- 
cgit v1.2.3