[Dnsmasq-discuss] [PATCH 1/2] Add option to filter out A record requests

Sat Jun 5 16:50:41 UTC 2021

On 6/5/2021 5:38 PM, Geert Stappers via Dnsmasq-discuss wrote:
> From: treysis <treysis at gmx.net>
>
> Intented for IPv6 only installations
> that have to deal with software that prefers IPv4 above IPv6.
> ---
>   src/dnsmasq.h |  3 ++-
>   src/option.c  |  3 +++
>   src/rfc1035.c | 11 +++++++++++
>   3 files changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
> index 95dc8ae..7eae110 100644
> --- a/src/dnsmasq.h
> +++ b/src/dnsmasq.h
> @@ -272,7 +272,8 @@ struct event_desc {
>   #define OPT_LOG_DEBUG      62
>   #define OPT_UMBRELLA       63
>   #define OPT_UMBRELLA_DEVID 64
> -#define OPT_LAST           65
> +#define OPT_FILTER_A       65
> +#define OPT_LAST           66
>
>   #define OPTION_BITS (sizeof(unsigned int)*8)
>   #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
> diff --git a/src/option.c b/src/option.c
> index 23cf058..a81aa1f 100644
> --- a/src/option.c
> +++ b/src/option.c
> @@ -171,6 +171,7 @@ struct myoption {
>   #define LOPT_DYNHOST       362
>   #define LOPT_LOG_DEBUG     363
>   #define LOPT_UMBRELLA	   364
> +#define LOPT_FILTER_A      365
>
>   #ifdef HAVE_GETOPT_LONG
>   static const struct option opts[] =
> @@ -347,6 +348,7 @@ static const struct myoption opts[] =
>       { "dynamic-host", 1, 0, LOPT_DYNHOST },
>       { "log-debug", 0, 0, LOPT_LOG_DEBUG },
>   	{ "umbrella", 2, 0, LOPT_UMBRELLA },
> +    { "filter-a", 0, 0, LOPT_FILTER_A },
>       { NULL, 0, 0, 0 }
>     };
>
> @@ -530,6 +532,7 @@ static struct {
>     { LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which packets to dump"), NULL },
>     { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
>     { LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL },
> +  { LOPT_FILTER_A, OPT_FILTER_A, NULL, gettext_noop("Filter all A requests."), NULL },
>     { 0, 0, NULL, NULL, NULL }
>   };
>
> diff --git a/src/rfc1035.c b/src/rfc1035.c
> index 5a961b8..a7f83f2 100644
> --- a/src/rfc1035.c
> +++ b/src/rfc1035.c
> @@ -1895,6 +1895,17 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
>   	    }
>   	}
>
> +	/* filter a forwards */
> +	if (qtype == T_A && option_bool(OPT_FILTER_A))
> +	  {
> +	    /* return a null reply */
> +		ans = 1;
> +		if (!dryrun)
> +		  log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
> +		break;
> +	  }
> +	/* end of filtering a */
> +
>         if (!ans)
>   	return 0; /* failed to answer a question */
>       }
>

At "Geert Stappers", please don't modify/touch patch that are not yours,
this is bat practiss and undesirable/unwanted.

At "Trey Sis", can you confirm that your original patch applies cleanly
at the tip of the development branch?

Note that the maintainer of the project is "Simon Kelley" and "Geert
Stappers" is not affiliated in anyway with the project.

--
John Doe