Add ipset-dns - a tiny DNS proxy service which puts resolved ip addresses into a specified ipset

SVN-Revision: 36552
This commit is contained in:
Jo-Philipp Wich 2013-05-06 08:44:54 +00:00
parent b693bfc710
commit 3c17fd41a4
3 changed files with 137 additions and 0 deletions

View File

@ -0,0 +1,60 @@
#
# Copyright (C) 2013 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=ipset-dns
PKG_VERSION:=2013-05-03
PKG_RELEASE=$(PKG_SOURCE_VERSION)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=http://git.zx2c4.com/ipset-dns
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_VERSION:=6be3afd819a86136b51c5ae722ab48266187155b
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
PKG_LICENSE:=GPLv2
PKG_LICENSE_FILES:=COPYING
include $(INCLUDE_DIR)/package.mk
define Package/ipset-dns/Default
endef
define Package/ipset-dns
SECTION:=net
CATEGORY:=Network
TITLE:=A lightweight DNS forwarder to populate ipsets
URL:=http://git.zx2c4.com/ipset-dns/about/
DEPENDS:=+libmnl
endef
define Package/ipset-dns/description
The ipset-dns daemon is a lightweight DNS forwarding server that adds all
resolved IPs to a given netfilter ipset. It is designed to be used in
conjunction with dnsmasq's upstream server directive.
Practical use cases include routing over a given gateway traffic for
particular web services or webpages that do not have a priori predictable
IP addresses and instead rely on dizzying arrays of DNS resolutions.
endef
define Package/ipset-dns/conffiles
/etc/config/ipset-dns
endef
define Package/ipset-dns/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ipset-dns $(1)/usr/sbin/ipset-dns
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/ipset-dns.init $(1)/etc/init.d/ipset-dns
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/ipset-dns.config $(1)/etc/config/ipset-dns
endef
$(eval $(call BuildPackage,ipset-dns))

View File

@ -0,0 +1,13 @@
# declare an ipset-dns listener instance, multiple allowed
config ipset-dns
# use given ipset
option ipset 'domain-filter'
# use given listening port
# defaults to 53000 + instance number
#option port '53001'
# use given upstream DNS server,
# defaults to first entry in /tmp/resolv.conf.auto
#option dns '8.8.8.8'

View File

@ -0,0 +1,64 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2013 OpenWrt.org
START=61
SERVICE_DAEMONIZE=1
SERVICE_WRITE_PID=1
find_nameserver() {
. /lib/functions/network.sh
local tmp
if network_find_wan tmp && network_get_dnsserver tmp "$tmp"; then
echo "${tmp%% *}"
return 0
fi
return 1
}
start_instance() {
local cfg="$1"
local ipset port dns
config_get ipset "$cfg" ipset
[ -n "$ipset" ] || {
echo "No ipset specified for instance $cfg" >&2
return 1
}
config_get dns "$cfg" dns "$DEFNS"
[ -n "$dns" ] || {
echo "No DNS server specified for instance $cfg" >&2
return 1
}
config_get port "$cfg" port $((PORT++))
SERVICE_PID_FILE="/var/run/ipset-dns-$port.pid" \
service_start /usr/sbin/ipset-dns "$ipset" "$port" "$dns"
}
start() {
PORT=53001
DEFNS="$(find_nameserver)"
# required by ipset-dns to not daemonize itself
export NO_DAEMONIZE=1
config_load ipset-dns
config_foreach start_instance ipset-dns
}
stop() {
local pid
for pid in /var/run/ipset-dns-*.pid; do
[ -f "$pid" ] || continue
SERVICE_PID_FILE="$pid" \
service_stop /usr/sbin/ipset-dns
rm -f "$pid"
done
}