[Dnsmasq-discuss] [PATCH 1/2] Add option to filter out A record requests
Trey Sis
treysis at gmx.net
Sat Jun 5 17:45:01 UTC 2021
On 6/5/2021 18:50, john doe wrote:
> On 6/5/2021 5:38 PM, Geert Stappers via Dnsmasq-discuss wrote:
>> From: treysis <treysis at gmx.net>
>>
>> Intented for IPv6 only installations
>> that have to deal with software that prefers IPv4 above IPv6.
>> ---
>> src/dnsmasq.h | 3 ++-
>> src/option.c | 3 +++
>> src/rfc1035.c | 11 +++++++++++
>> 3 files changed, 16 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
>> index 95dc8ae..7eae110 100644
>> --- a/src/dnsmasq.h
>> +++ b/src/dnsmasq.h
>> @@ -272,7 +272,8 @@ struct event_desc {
>> #define OPT_LOG_DEBUG 62
>> #define OPT_UMBRELLA 63
>> #define OPT_UMBRELLA_DEVID 64
>> -#define OPT_LAST 65
>> +#define OPT_FILTER_A 65
>> +#define OPT_LAST 66
>>
>> #define OPTION_BITS (sizeof(unsigned int)*8)
>> #define OPTION_SIZE (
>> (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
>> diff --git a/src/option.c b/src/option.c
>> index 23cf058..a81aa1f 100644
>> --- a/src/option.c
>> +++ b/src/option.c
>> @@ -171,6 +171,7 @@ struct myoption {
>> #define LOPT_DYNHOST 362
>> #define LOPT_LOG_DEBUG 363
>> #define LOPT_UMBRELLA 364
>> +#define LOPT_FILTER_A 365
>>
>> #ifdef HAVE_GETOPT_LONG
>> static const struct option opts[] =
>> @@ -347,6 +348,7 @@ static const struct myoption opts[] =
>> { "dynamic-host", 1, 0, LOPT_DYNHOST },
>> { "log-debug", 0, 0, LOPT_LOG_DEBUG },
>> { "umbrella", 2, 0, LOPT_UMBRELLA },
>> + { "filter-a", 0, 0, LOPT_FILTER_A },
>> { NULL, 0, 0, 0 }
>> };
>>
>> @@ -530,6 +532,7 @@ static struct {
>> { LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which
>> packets to dump"), NULL },
>> { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call
>> dhcp-script when lease expiry changes."), NULL },
>> { LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send
>> Cisco Umbrella identifiers including remote IP."), NULL },
>> + { LOPT_FILTER_A, OPT_FILTER_A, NULL, gettext_noop("Filter all A
>> requests."), NULL },
>> { 0, 0, NULL, NULL, NULL }
>> };
>>
>> diff --git a/src/rfc1035.c b/src/rfc1035.c
>> index 5a961b8..a7f83f2 100644
>> --- a/src/rfc1035.c
>> +++ b/src/rfc1035.c
>> @@ -1895,6 +1895,17 @@ size_t answer_request(struct dns_header
>> *header, char *limit, size_t qlen,
>> }
>> }
>>
>> + /* filter a forwards */
>> + if (qtype == T_A && option_bool(OPT_FILTER_A))
>> + {
>> + /* return a null reply */
>> + ans = 1;
>> + if (!dryrun)
>> + log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
>> + break;
>> + }
>> + /* end of filtering a */
>> +
>> if (!ans)
>> return 0; /* failed to answer a question */
>> }
>>
>
> At "Geert Stappers", please don't modify/touch patch that are not yours,
> this is bat practiss and undesirable/unwanted.
Hm, I don't really care *that* much, but I also wouldn't mind the
attribution :) Though, in that case I should mention that I adapted the
patch from https://gist.github.com/bearice/7d3dc0e63e003d752622 which
does the same but for AAAA records (so the inverse). I am not sure if
that had been mentioned here. I seem to recall it had appeared here in
the past. But I am not even sure that is the original author.
> At "Trey Sis", can you confirm that your original patch applies cleanly
> at the tip of the development branch?
Yes. I created it against the current head of the dev branch on the git
repo. You can find my branch/commit here:
https://github.com/treysis/dnsmasq/tree/filter-a
> Note that the maintainer of the project is "Simon Kelley" and "Geert
> Stappers" is not affiliated in anyway with the project.
Duly noted. But I am grateful for every help that gets this patch landed.
Cheers,
Treysis
More information about the Dnsmasq-discuss
mailing list