Last active
December 15, 2015 15:38
-
-
Save ayanamist/5282721 to your computer and use it in GitHub Desktop.
让dnsmasq额外支持bogus-gfw参数,过滤GFW产生的污染结果。
未测试。
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52540f42e67b8bca7ea4fa087090ac6554d66d71 | |
src/dnsmasq.h | 1 + | |
src/forward.c | 8 ++++++++ | |
src/option.c | 19 +++++++++++++++++++ | |
3 files changed, 28 insertions(+) | |
diff --git a/src/dnsmasq.h b/src/dnsmasq.h | |
index 21a309c..efc66b4 100644 | |
--- a/src/dnsmasq.h | |
+++ b/src/dnsmasq.h | |
@@ -778,6 +778,7 @@ extern struct daemon { | |
char *lease_change_command; | |
struct iname *if_names, *if_addrs, *if_except, *dhcp_except, *auth_peers; | |
struct bogus_addr *bogus_addr; | |
+ struct bogus_addr *gfw_addr; | |
struct server *servers; | |
int log_fac; /* log facility */ | |
char *log_file; /* optional log file */ | |
diff --git a/src/forward.c b/src/forward.c | |
index fb0b4c4..ea78671 100644 | |
--- a/src/forward.c | |
+++ b/src/forward.c | |
@@ -501,6 +501,14 @@ static size_t process_reply(struct dns_header *header, time_t now, | |
} | |
} | |
+ /* check if response contains GFW polluted result and abandon it if found */ | |
+ if (daemon->gfw_addr && RCODE(header) == NOERROR && | |
+ check_for_bogus_wildcard(header, n, daemon->namebuff, daemon->gfw_addr, now)) | |
+ { | |
+ munged = 1; | |
+ SET_RCODE(header, FORMERR); | |
+ } | |
+ | |
/* do this after extract_addresses. Ensure NODATA reply and remove | |
nameserver info. */ | |
diff --git a/src/option.c b/src/option.c | |
index 3fc3e03..5465581 100644 | |
--- a/src/option.c | |
+++ b/src/option.c | |
@@ -127,6 +127,7 @@ struct myoption { | |
#define LOPT_AUTHSOA 316 | |
#define LOPT_AUTHSFS 317 | |
#define LOPT_AUTHPEER 318 | |
+#define LOPT_GFW 444 | |
#ifdef HAVE_GETOPT_LONG | |
static const struct option opts[] = | |
@@ -159,6 +160,7 @@ static const struct myoption opts[] = | |
{ "listen-address", 1, 0, 'a' }, | |
{ "bogus-priv", 0, 0, 'b' }, | |
{ "bogus-nxdomain", 1, 0, 'B' }, | |
+ { "bogus-gfw", 1, 0, LOPT_GFW }, | |
{ "selfmx", 0, 0, 'e' }, | |
{ "filterwin2k", 0, 0, 'f' }, | |
{ "pid-file", 2, 0, 'x' }, | |
@@ -279,6 +281,7 @@ static struct { | |
{ 'A', ARG_DUP, "/<domain>/<ipaddr>", gettext_noop("Return ipaddr for all hosts in specified domains."), NULL }, | |
{ 'b', OPT_BOGUSPRIV, NULL, gettext_noop("Fake reverse lookups for RFC1918 private address ranges."), NULL }, | |
{ 'B', ARG_DUP, "<ipaddr>", gettext_noop("Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."), NULL }, | |
+ { LOPT_GFW, ARG_DUP, "<ipaddr>", gettext_noop("Treat ipaddr as GFW polluted."), NULL }, | |
{ 'c', ARG_ONE, "<integer>", gettext_noop("Specify the size of the cache in entries (defaults to %s)."), "$" }, | |
{ 'C', ARG_DUP, "<path>", gettext_noop("Specify configuration file (defaults to %s)."), CONFFILE }, | |
{ 'd', OPT_DEBUG, NULL, gettext_noop("Do NOT fork into the background: run in debug mode."), NULL }, | |
@@ -1890,6 +1893,22 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma | |
break; | |
} | |
+ case LOPT_GFW: /* --bogus-gfw */ | |
+ { | |
+ struct in_addr addr; | |
+ unhide_metas(arg); | |
+ if (arg && (addr.s_addr = inet_addr(arg)) != (in_addr_t)-1) | |
+ { | |
+ struct bogus_addr *gaddr = opt_malloc(sizeof(struct bogus_addr)); | |
+ gaddr->next = daemon->gfw_addr; | |
+ daemon->gfw_addr = gaddr; | |
+ gaddr->addr = addr; | |
+ } | |
+ else | |
+ ret_err(gen_err); /* error */ | |
+ break; | |
+ } | |
+ | |
case 'a': /* --listen-address */ | |
case LOPT_AUTHPEER: /* --auth-peer */ | |
do { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment