[Dnsmasq-discuss] [PATCH 1/2] Add option to filter out A record requests

Trey Sis treysis at gmx.net
Sat Jun 5 17:45:01 UTC 2021


On 6/5/2021 18:50, john doe wrote:
> On 6/5/2021 5:38 PM, Geert Stappers via Dnsmasq-discuss wrote:
>> From: treysis <treysis at gmx.net>
>>
>> Intented for IPv6 only installations
>> that have to deal with software that prefers IPv4 above IPv6.
>> ---
>>   src/dnsmasq.h |  3 ++-
>>   src/option.c  |  3 +++
>>   src/rfc1035.c | 11 +++++++++++
>>   3 files changed, 16 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
>> index 95dc8ae..7eae110 100644
>> --- a/src/dnsmasq.h
>> +++ b/src/dnsmasq.h
>> @@ -272,7 +272,8 @@ struct event_desc {
>>   #define OPT_LOG_DEBUG      62
>>   #define OPT_UMBRELLA       63
>>   #define OPT_UMBRELLA_DEVID 64
>> -#define OPT_LAST           65
>> +#define OPT_FILTER_A       65
>> +#define OPT_LAST           66
>>
>>   #define OPTION_BITS (sizeof(unsigned int)*8)
>>   #define OPTION_SIZE (
>> (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
>> diff --git a/src/option.c b/src/option.c
>> index 23cf058..a81aa1f 100644
>> --- a/src/option.c
>> +++ b/src/option.c
>> @@ -171,6 +171,7 @@ struct myoption {
>>   #define LOPT_DYNHOST       362
>>   #define LOPT_LOG_DEBUG     363
>>   #define LOPT_UMBRELLA       364
>> +#define LOPT_FILTER_A      365
>>
>>   #ifdef HAVE_GETOPT_LONG
>>   static const struct option opts[] =
>> @@ -347,6 +348,7 @@ static const struct myoption opts[] =
>>       { "dynamic-host", 1, 0, LOPT_DYNHOST },
>>       { "log-debug", 0, 0, LOPT_LOG_DEBUG },
>>       { "umbrella", 2, 0, LOPT_UMBRELLA },
>> +    { "filter-a", 0, 0, LOPT_FILTER_A },
>>       { NULL, 0, 0, 0 }
>>     };
>>
>> @@ -530,6 +532,7 @@ static struct {
>>     { LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which
>> packets to dump"), NULL },
>>     { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call
>> dhcp-script when lease expiry changes."), NULL },
>>     { LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send
>> Cisco Umbrella identifiers including remote IP."), NULL },
>> +  { LOPT_FILTER_A, OPT_FILTER_A, NULL, gettext_noop("Filter all A
>> requests."), NULL },
>>     { 0, 0, NULL, NULL, NULL }
>>   };
>>
>> diff --git a/src/rfc1035.c b/src/rfc1035.c
>> index 5a961b8..a7f83f2 100644
>> --- a/src/rfc1035.c
>> +++ b/src/rfc1035.c
>> @@ -1895,6 +1895,17 @@ size_t answer_request(struct dns_header
>> *header, char *limit, size_t qlen,
>>           }
>>       }
>>
>> +    /* filter a forwards */
>> +    if (qtype == T_A && option_bool(OPT_FILTER_A))
>> +      {
>> +        /* return a null reply */
>> +        ans = 1;
>> +        if (!dryrun)
>> +          log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
>> +        break;
>> +      }
>> +    /* end of filtering a */
>> +
>>         if (!ans)
>>       return 0; /* failed to answer a question */
>>       }
>>
>
> At "Geert Stappers", please don't modify/touch patch that are not yours,
> this is bat practiss and undesirable/unwanted.

Hm, I don't really care *that* much, but I also wouldn't mind the
attribution :) Though, in that case I should mention that I adapted the
patch from https://gist.github.com/bearice/7d3dc0e63e003d752622 which
does the same but for AAAA records (so the inverse). I am not sure if
that had been mentioned here. I seem to recall it had appeared here in
the past. But I am not even sure that is the original author.

> At "Trey Sis", can you confirm that your original patch applies cleanly
> at the tip of the development branch?

Yes. I created it against the current head of the dev branch on the git
repo. You can find my branch/commit here:

https://github.com/treysis/dnsmasq/tree/filter-a

> Note that the maintainer of the project is "Simon Kelley" and "Geert
> Stappers" is not affiliated in anyway with the project.
Duly noted. But I am grateful for every help that gets this patch landed.

Cheers,

Treysis




More information about the Dnsmasq-discuss mailing list