[Dnsmasq-discuss] [PATCH v8] Connection track mark based DNS query filtering.
john doe
johndoe65534 at mail.com
Wed Jun 16 08:12:21 UTC 2021
I'm being pedantic here and that might not be what Simon desires.
On 6/16/2021 8:34 AM, Etan Kissling wrote:
> This extends query filtering support beyond what is currently possible
> with the `--ipset` configuration option, by adding support for:
> 1) Specifying allowlists on a per-client basis, based on their
> associated Linux connection track mark.
> 2) Dynamic configuration of allowlists via Ubus.
> 3) Reporting when a DNS query resolves or is rejected via Ubus.
> 4) DNS name patterns containing wildcards.
>
> Disallowed queries are not forwarded; they are rejected
> with a REFUSED error code.
>
> Signed-off-by: Etan Kissling <etan_kissling at apple.com>
> (addressed reviewer feedback)
> Signed-off-by: Etan Kissling <etan.kissling at gmail.com>
> ---
Where's the v1?
> v2: Rebase to v2.83, and fix compilation when HAVE_UBUS not present.
> v3: Rebase to v2.84test2.
> v4: Rebase to v2.84rc2 (update copyright notice).
> v5: Correct logging of `ubus_notify` errors (also in existing code).
>
> Etan Kissling <etan.kissling at gmail.com>:
> v6: Integrate checks for weird queries into `extract_request`.
> Skip Ubus reporting when daemon->namebuff is not initialized.
> Fix options parsing for mark / mask with bit 31 set.
> Disable filtering for external queries (`auth_dns && !local_auth`).
> Report all CNAME RRs via Ubus instead of just a (potential) subset.
> Avoid redundant `is_valid_dns_name` evaluations.
> Unify DNS name pattern matching logic across transports (UDP / TCP).
> v7: Fix typos and adjust code style to project.
> v8: Rebase to v2.85 (update options numbers).
>
My understanding is that, the first patch you sent is not a reroll but
the second patch is reroll 1 (v1) the third patch reroll 2 (v2) and so
on...
So unless I'm missing something, by your version descriptions 8 rerolls
has been sent to the list/created by 'git format-patch' but 9
refactorisations (initial patch and 8 rerolls (1 + 8 = 9) of the code
has been performed.
That having been said, this should not have any impact on a potential
merging/reviewing of the code!
--
John Doe
More information about the Dnsmasq-discuss
mailing list