[Dnsmasq-discuss] [PATCH v8] Connection track mark based DNS query filtering.

john doe johndoe65534 at mail.com
Wed Jun 16 08:12:21 UTC 2021


I'm being pedantic here and that might not be what Simon desires.

On 6/16/2021 8:34 AM, Etan Kissling wrote:
> This extends query filtering support beyond what is currently possible
> with the `--ipset` configuration option, by adding support for:
> 1) Specifying allowlists on a per-client basis, based on their
>     associated Linux connection track mark.
> 2) Dynamic configuration of allowlists via Ubus.
> 3) Reporting when a DNS query resolves or is rejected via Ubus.
> 4) DNS name patterns containing wildcards.
>
> Disallowed queries are not forwarded; they are rejected
> with a REFUSED error code.
>
> Signed-off-by: Etan Kissling <etan_kissling at apple.com>
> (addressed reviewer feedback)
> Signed-off-by: Etan Kissling <etan.kissling at gmail.com>
> ---

Where's the v1?

> v2: Rebase to v2.83, and fix compilation when HAVE_UBUS not present.
> v3: Rebase to v2.84test2.
> v4: Rebase to v2.84rc2 (update copyright notice).
> v5: Correct logging of `ubus_notify` errors (also in existing code).
>
> Etan Kissling <etan.kissling at gmail.com>:
> v6: Integrate checks for weird queries into `extract_request`.
>      Skip Ubus reporting when daemon->namebuff is not initialized.
>      Fix options parsing for mark / mask with bit 31 set.
>      Disable filtering for external queries (`auth_dns && !local_auth`).
>      Report all CNAME RRs via Ubus instead of just a (potential) subset.
>      Avoid redundant `is_valid_dns_name` evaluations.
>      Unify DNS name pattern matching logic across transports (UDP / TCP).
> v7: Fix typos and adjust code style to project.
> v8: Rebase to v2.85 (update options numbers).
>

My understanding is that, the first patch you sent is not a reroll but
the second patch is reroll 1 (v1)  the third patch reroll 2 (v2) and so
on...

So unless I'm missing something, by your version descriptions 8 rerolls
has been sent to the list/created by 'git format-patch' but 9
refactorisations (initial patch and 8 rerolls (1 + 8 = 9) of the code
has been performed.


That having been said, this should not have any impact on a potential
merging/reviewing of the code!

--
John Doe



More information about the Dnsmasq-discuss mailing list