dnsmasq: add config option for connmark DNS filtering

[openwrt/staging/ldir.git] / package / network / services / dnsmasq / files / dnsmasq.init

diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 0fa3074f92ddab4c711208e16f9e86c8b09afd52..3e06218a430eca0afa74ec9cdea8a12b11d7079b 100644 (file)
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -172,6 +172,10 @@ append_ipset() {
        xappend "--ipset=$1"
 }
 
+append_connmark_allowlist() {
+       xappend "--connmark-allowlist=$1"
+}
+
 append_interface() {
        network_get_device ifname "$1" || ifname="$1"
        xappend "--interface=$ifname"
@@ -769,6 +773,29 @@ dhcp_relay_add() {
        fi
 }
 
+dnsmasq_ipset_add() {
+       local cfg="$1"
+       local ipsets domains
+
+       add_ipset() {
+               ipsets="${ipsets:+$ipsets,}$1"
+       }
+
+       add_domain() {
+               # leading '/' is expected
+               domains="$domains/$1"
+       }
+
+       config_list_foreach "$cfg" "name" add_ipset
+       config_list_foreach "$cfg" "domain" add_domain
+
+       if [ -z "$ipsets" ] || [ -z "$domains" ]; then
+               return 0
+       fi
+
+       xappend "--ipset=$domains/$ipsets"
+}
+
 dnsmasq_start()
 {
        local cfg="$1"
@@ -890,6 +917,14 @@ dnsmasq_start()
        config_list_foreach "$cfg" "rev_server" append_rev_server
        config_list_foreach "$cfg" "address" append_address
        config_list_foreach "$cfg" "ipset" append_ipset
+
+       local connmark_allowlist_enable
+       config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0
+       [ "$connmark_allowlist_enable" -gt 0 ] && {
+               append_parm "$cfg" "connmark_allowlist_enable" "--connmark-allowlist-enable"
+               config_list_foreach "$cfg" "connmark_allowlist" append_connmark_allowlist
+       }
+
        [ -n "$BOOT" ] || {
                config_list_foreach "$cfg" "interface" append_interface
                config_list_foreach "$cfg" "notinterface" append_notinterface
@@ -989,7 +1024,12 @@ dnsmasq_start()
 
        xappend "--dhcp-broadcast=tag:needs-broadcast"
 
-       xappend "--addn-hosts=$(dirname $HOSTFILE)"
+       config_get_bool ignore_hosts_dir "$cfg" ignore_hosts_dir 0
+       if [ "$ignore_hosts_dir" = "1" ]; then
+               xappend "--addn-hosts=$HOSTFILE"
+       else
+               xappend "--addn-hosts=$(dirname $HOSTFILE)"
+       fi
 
        config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq.d"
        xappend "--conf-dir=$dnsmasqconfdir"
@@ -1056,6 +1096,10 @@ dnsmasq_start()
        config_foreach filter_dnsmasq cname dhcp_cname_add "$cfg"
        echo >> $CONFIGFILE_TMP
 
+       echo >> $CONFIGFILE_TMP
+       config_foreach filter_dnsmasq ipset dnsmasq_ipset_add "$cfg"
+       echo >> $CONFIGFILE_TMP
+
        echo >> $CONFIGFILE_TMP
        mv -f $CONFIGFILE_TMP $CONFIGFILE
        mv -f $HOSTFILE_TMP $HOSTFILE
@@ -1066,6 +1110,7 @@ dnsmasq_start()
                        echo "search $DOMAIN" >> /tmp/resolv.conf
                }
                DNS_SERVERS="$DNS_SERVERS 127.0.0.1"
+               [ -e /proc/sys/net/ipv6 ] && DNS_SERVERS="$DNS_SERVERS ::1"
                for DNS_SERVER in $DNS_SERVERS ; do
                        echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf
                done