diff options
Diffstat (limited to 'package/network/services/ipset-dns')
4 files changed, 190 insertions, 0 deletions
diff --git a/package/network/services/ipset-dns/Makefile b/package/network/services/ipset-dns/Makefile new file mode 100644 index 0000000..37cf7c5 --- /dev/null +++ b/package/network/services/ipset-dns/Makefile @@ -0,0 +1,60 @@ +# +# Copyright (C) 2013 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=ipset-dns +PKG_VERSION:=2013-05-03 +PKG_RELEASE=$(PKG_SOURCE_VERSION) + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=http://git.zx2c4.com/ipset-dns +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_VERSION:=6be3afd819a86136b51c5ae722ab48266187155b +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz +PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org> + +PKG_LICENSE:=GPL-2.0 +PKG_LICENSE_FILES:=COPYING + +include $(INCLUDE_DIR)/package.mk + +define Package/ipset-dns/Default +endef + +define Package/ipset-dns + SECTION:=net + CATEGORY:=Network + TITLE:=A lightweight DNS forwarder to populate ipsets + URL:=http://git.zx2c4.com/ipset-dns/about/ + DEPENDS:=+libmnl +endef + +define Package/ipset-dns/description + The ipset-dns daemon is a lightweight DNS forwarding server that adds all + resolved IPs to a given netfilter ipset. It is designed to be used in + conjunction with dnsmasq's upstream server directive. + + Practical use cases include routing over a given gateway traffic for + particular web services or webpages that do not have a priori predictable + IP addresses and instead rely on dizzying arrays of DNS resolutions. +endef + +define Package/ipset-dns/conffiles +/etc/config/ipset-dns +endef + +define Package/ipset-dns/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ipset-dns $(1)/usr/sbin/ipset-dns + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/ipset-dns.init $(1)/etc/init.d/ipset-dns + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/ipset-dns.config $(1)/etc/config/ipset-dns +endef + +$(eval $(call BuildPackage,ipset-dns)) diff --git a/package/network/services/ipset-dns/files/ipset-dns.config b/package/network/services/ipset-dns/files/ipset-dns.config new file mode 100644 index 0000000..0270366 --- /dev/null +++ b/package/network/services/ipset-dns/files/ipset-dns.config @@ -0,0 +1,16 @@ +# declare an ipset-dns listener instance, multiple allowed +config ipset-dns + # use given ipset for type A (IPv4) responses + option ipset 'domain-filter-ipv4' + + # use given ipset for type AAAA (IPv6) responses + option ipset6 'domain-filter-ipv6' + + # use given listening port + # defaults to 53000 + instance number + #option port '53001' + + # use given upstream DNS server, + # defaults to first entry in /tmp/resolv.conf.auto + #option dns '8.8.8.8' + diff --git a/package/network/services/ipset-dns/files/ipset-dns.init b/package/network/services/ipset-dns/files/ipset-dns.init new file mode 100755 index 0000000..0a76fcc --- /dev/null +++ b/package/network/services/ipset-dns/files/ipset-dns.init @@ -0,0 +1,57 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2013 OpenWrt.org + +START=61 + +USE_PROCD=1 + +find_nameserver() { + . /lib/functions/network.sh + + local tmp + if network_find_wan tmp && network_get_dnsserver tmp "$tmp"; then + echo "${tmp%% *}" + return 0 + fi + + return 1 +} + +start_instance() { + local cfg="$1" + local ipset ipset6 port dns + + config_get ipset "$cfg" ipset + config_get ipset6 "$cfg" ipset6 + [ -n "$ipset$ipset6" ] || { + echo "No ipset specified for instance $cfg" >&2 + return 1 + } + + config_get dns "$cfg" dns "$DEFNS" + [ -n "$dns" ] || { + echo "No DNS server specified for instance $cfg" >&2 + return 1 + } + + config_get port "$cfg" port $((PORT++)) + + procd_open_instance + procd_set_param command /usr/sbin/ipset-dns "$ipset" "$ipset6" "$port" "$dns" + procd_set_param env NO_DAEMONIZE=1 + procd_set_param respawn + procd_close_instance +} + +service_triggers() +{ + procd_add_reload_trigger "ipset-dns" +} + +start_service() { + PORT=53001 + DEFNS="$(find_nameserver)" + + config_load ipset-dns + config_foreach start_instance ipset-dns +} diff --git a/package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch b/package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch new file mode 100644 index 0000000..19669a0 --- /dev/null +++ b/package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch @@ -0,0 +1,57 @@ +--- a/ipset-dns.c ++++ b/ipset-dns.c +@@ -307,19 +307,20 @@ int main(int argc, char *argv[]) + struct timeval tv; + char msg[512]; + char ip[INET6_ADDRSTRLEN]; +- char *ipset; ++ char *ipset, *ipset6; + int listen_sock, upstream_sock; + int pos, i, size, af; + socklen_t len; + size_t received; + pid_t child; + +- if (argc != 4) { +- fprintf(stderr, "Usage: %s ipset port upstream\n", argv[0]); ++ if (argc != 5) { ++ fprintf(stderr, "Usage: %s ipv4-ipset ipv6-ipset port upstream\n", argv[0]); + return 1; + } + + ipset = argv[1]; ++ ipset6 = argv[2]; + + listen_sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + if (listen_sock < 0) { +@@ -329,7 +330,7 @@ int main(int argc, char *argv[]) + + memset(&listen_addr, 0, sizeof(listen_addr)); + listen_addr.sin_family = AF_INET; +- listen_addr.sin_port = htons(atoi(argv[2])); ++ listen_addr.sin_port = htons(atoi(argv[3])); + listen_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + i = 1; + setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i)); +@@ -341,7 +342,7 @@ int main(int argc, char *argv[]) + memset(&upstream_addr, 0, sizeof(upstream_addr)); + upstream_addr.sin_family = AF_INET; + upstream_addr.sin_port = htons(53); +- inet_aton(argv[3], &upstream_addr.sin_addr); ++ inet_aton(argv[4], &upstream_addr.sin_addr); + + /* TODO: Put all of the below code in several forks all listening on the same sock. */ + +@@ -434,8 +435,11 @@ int main(int argc, char *argv[]) + continue; + } + ++ if ((af == AF_INET && !*ipset) || (af == AF_INET6 && !*ipset6)) ++ continue; ++ + printf("%s: %s\n", answer.dotted, ip); +- if (add_to_ipset(ipset, answer.rdata, af) < 0) ++ if (add_to_ipset((af == AF_INET) ? ipset : ipset6, answer.rdata, af) < 0) + perror("add_to_ipset"); + } + |