diff options
author | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2013-05-06 08:44:54 +0000 |
---|---|---|
committer | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2013-05-06 08:44:54 +0000 |
commit | 7fcd308f5487ca56232786e87e9fd862b830e89b (patch) | |
tree | 116ab009eaca998f579951e0496ae3998876013f | |
parent | f84b697c231ab36e0460008983dfc5645b8048e2 (diff) |
Add ipset-dns - a tiny DNS proxy service which puts resolved ip addresses into a specified ipset
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36552 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r-- | package/network/services/ipset-dns/Makefile | 60 | ||||
-rw-r--r-- | package/network/services/ipset-dns/files/ipset-dns.config | 13 | ||||
-rwxr-xr-x | package/network/services/ipset-dns/files/ipset-dns.init | 64 |
3 files changed, 137 insertions, 0 deletions
diff --git a/package/network/services/ipset-dns/Makefile b/package/network/services/ipset-dns/Makefile new file mode 100644 index 000000000..431c77915 --- /dev/null +++ b/package/network/services/ipset-dns/Makefile @@ -0,0 +1,60 @@ +# +# Copyright (C) 2013 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=ipset-dns +PKG_VERSION:=2013-05-03 +PKG_RELEASE=$(PKG_SOURCE_VERSION) + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=http://git.zx2c4.com/ipset-dns +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_VERSION:=6be3afd819a86136b51c5ae722ab48266187155b +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz +PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org> + +PKG_LICENSE:=GPLv2 +PKG_LICENSE_FILES:=COPYING + +include $(INCLUDE_DIR)/package.mk + +define Package/ipset-dns/Default +endef + +define Package/ipset-dns + SECTION:=net + CATEGORY:=Network + TITLE:=A lightweight DNS forwarder to populate ipsets + URL:=http://git.zx2c4.com/ipset-dns/about/ + DEPENDS:=+libmnl +endef + +define Package/ipset-dns/description + The ipset-dns daemon is a lightweight DNS forwarding server that adds all + resolved IPs to a given netfilter ipset. It is designed to be used in + conjunction with dnsmasq's upstream server directive. + + Practical use cases include routing over a given gateway traffic for + particular web services or webpages that do not have a priori predictable + IP addresses and instead rely on dizzying arrays of DNS resolutions. +endef + +define Package/ipset-dns/conffiles +/etc/config/ipset-dns +endef + +define Package/ipset-dns/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ipset-dns $(1)/usr/sbin/ipset-dns + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/ipset-dns.init $(1)/etc/init.d/ipset-dns + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/ipset-dns.config $(1)/etc/config/ipset-dns +endef + +$(eval $(call BuildPackage,ipset-dns)) diff --git a/package/network/services/ipset-dns/files/ipset-dns.config b/package/network/services/ipset-dns/files/ipset-dns.config new file mode 100644 index 000000000..52e87b27c --- /dev/null +++ b/package/network/services/ipset-dns/files/ipset-dns.config @@ -0,0 +1,13 @@ +# declare an ipset-dns listener instance, multiple allowed +config ipset-dns + # use given ipset + option ipset 'domain-filter' + + # use given listening port + # defaults to 53000 + instance number + #option port '53001' + + # use given upstream DNS server, + # defaults to first entry in /tmp/resolv.conf.auto + #option dns '8.8.8.8' + diff --git a/package/network/services/ipset-dns/files/ipset-dns.init b/package/network/services/ipset-dns/files/ipset-dns.init new file mode 100755 index 000000000..5d41539a7 --- /dev/null +++ b/package/network/services/ipset-dns/files/ipset-dns.init @@ -0,0 +1,64 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2013 OpenWrt.org + +START=61 + +SERVICE_DAEMONIZE=1 +SERVICE_WRITE_PID=1 + + +find_nameserver() { + . /lib/functions/network.sh + + local tmp + if network_find_wan tmp && network_get_dnsserver tmp "$tmp"; then + echo "${tmp%% *}" + return 0 + fi + + return 1 +} + +start_instance() { + local cfg="$1" + local ipset port dns + + config_get ipset "$cfg" ipset + [ -n "$ipset" ] || { + echo "No ipset specified for instance $cfg" >&2 + return 1 + } + + config_get dns "$cfg" dns "$DEFNS" + [ -n "$dns" ] || { + echo "No DNS server specified for instance $cfg" >&2 + return 1 + } + + config_get port "$cfg" port $((PORT++)) + + SERVICE_PID_FILE="/var/run/ipset-dns-$port.pid" \ + service_start /usr/sbin/ipset-dns "$ipset" "$port" "$dns" +} + +start() { + PORT=53001 + DEFNS="$(find_nameserver)" + + # required by ipset-dns to not daemonize itself + export NO_DAEMONIZE=1 + + config_load ipset-dns + config_foreach start_instance ipset-dns +} + +stop() { + local pid + for pid in /var/run/ipset-dns-*.pid; do + [ -f "$pid" ] || continue + SERVICE_PID_FILE="$pid" \ + service_stop /usr/sbin/ipset-dns + rm -f "$pid" + done +} + |