dnsmasq: add config option for connmark DNS filtering

This adds uci support to configure connmark based DNS filtering.

Signed-off-by: Etan Kissling <etan_kissling@apple.com>
(See https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/015151.html)
Signed-off-by: Etan Kissling <etan.kissling@gmail.com>

diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 44e7d2d4f90c0fb40cb4181cfd8550c1a4ad4441..3e06218a430eca0afa74ec9cdea8a12b11d7079b 100644 (file)
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -172,6 +172,10 @@ append_ipset() {
        xappend "--ipset=$1"
 }
 
+append_connmark_allowlist() {
+       xappend "--connmark-allowlist=$1"
+}
+
 append_interface() {
        network_get_device ifname "$1" || ifname="$1"
        xappend "--interface=$ifname"
@@ -913,6 +917,14 @@ dnsmasq_start()
        config_list_foreach "$cfg" "rev_server" append_rev_server
        config_list_foreach "$cfg" "address" append_address
        config_list_foreach "$cfg" "ipset" append_ipset
+
+       local connmark_allowlist_enable
+       config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0
+       [ "$connmark_allowlist_enable" -gt 0 ] && {
+               append_parm "$cfg" "connmark_allowlist_enable" "--connmark-allowlist-enable"
+               config_list_foreach "$cfg" "connmark_allowlist" append_connmark_allowlist
+       }
+
        [ -n "$BOOT" ] || {
                config_list_foreach "$cfg" "interface" append_interface
                config_list_foreach "$cfg" "notinterface" append_notinterface