Add ipset-dns - a tiny DNS proxy service which puts resolved ip addresses into a specified ipset

SVN-Revision: 36552

package/network/services/ipset-dns/Makefile

@@ -0,0 +1,60 @@
+#
+# Copyright (C) 2013 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ipset-dns
+PKG_VERSION:=2013-05-03
+PKG_RELEASE=$(PKG_SOURCE_VERSION)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=http://git.zx2c4.com/ipset-dns
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=6be3afd819a86136b51c5ae722ab48266187155b
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
+
+PKG_LICENSE:=GPLv2
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/ipset-dns/Default
+endef
+
+define Package/ipset-dns
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=A lightweight DNS forwarder to populate ipsets
+  URL:=http://git.zx2c4.com/ipset-dns/about/
+  DEPENDS:=+libmnl
+endef
+
+define Package/ipset-dns/description
+ The ipset-dns daemon is a lightweight DNS forwarding server that adds all
+ resolved IPs to a given netfilter ipset. It is designed to be used in
+ conjunction with dnsmasq's upstream server directive.
+
+ Practical use cases include routing over a given gateway traffic for
+ particular web services or webpages that do not have a priori predictable
+ IP addresses and instead rely on dizzying arrays of DNS resolutions.
+endef
+
+define Package/ipset-dns/conffiles
+/etc/config/ipset-dns
+endef
+
+define Package/ipset-dns/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ipset-dns $(1)/usr/sbin/ipset-dns
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/ipset-dns.init $(1)/etc/init.d/ipset-dns
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) ./files/ipset-dns.config $(1)/etc/config/ipset-dns
+endef
+
+$(eval $(call BuildPackage,ipset-dns))

package/network/services/ipset-dns/files/ipset-dns.config

@@ -0,0 +1,13 @@
+# declare an ipset-dns listener instance, multiple allowed
+config ipset-dns
+	# use given ipset
+	option ipset 'domain-filter'
+
+	# use given listening port
+	# defaults to 53000 + instance number
+	#option port  '53001'
+
+	# use given upstream DNS server,
+	# defaults to first entry in /tmp/resolv.conf.auto
+	#option dns   '8.8.8.8'
+

package/network/services/ipset-dns/files/ipset-dns.init

@@ -0,0 +1,64 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2013 OpenWrt.org
+
+START=61
+
+SERVICE_DAEMONIZE=1
+SERVICE_WRITE_PID=1
+
+
+find_nameserver() {
+	. /lib/functions/network.sh
+
+	local tmp
+	if network_find_wan tmp && network_get_dnsserver tmp "$tmp"; then
+		echo "${tmp%% *}"
+		return 0
+	fi
+
+	return 1
+}
+
+start_instance() {
+	local cfg="$1"
+	local ipset port dns
+
+	config_get ipset "$cfg" ipset
+	[ -n "$ipset" ] || {
+		echo "No ipset specified for instance $cfg" >&2
+		return 1
+	}
+
+	config_get dns "$cfg" dns "$DEFNS"
+	[ -n "$dns" ] || {
+		echo "No DNS server specified for instance $cfg" >&2
+		return 1
+	}
+
+	config_get port "$cfg" port $((PORT++))
+
+	SERVICE_PID_FILE="/var/run/ipset-dns-$port.pid" \
+		service_start /usr/sbin/ipset-dns "$ipset" "$port" "$dns"
+}
+
+start() {
+	PORT=53001
+	DEFNS="$(find_nameserver)"
+
+	# required by ipset-dns to not daemonize itself
+	export NO_DAEMONIZE=1
+
+	config_load ipset-dns
+	config_foreach start_instance ipset-dns
+}
+
+stop() {
+	local pid
+	for pid in /var/run/ipset-dns-*.pid; do
+		[ -f "$pid" ] || continue
+		SERVICE_PID_FILE="$pid" \
+			service_stop /usr/sbin/ipset-dns
+		rm -f "$pid"
+	done
+}
+