Merge tag 'Release43'

.clang-tidy

@@ -0,0 +1,43 @@
+Checks: >
+  -*,
+  modernize-*,
+  bugprone-*,
+  concurrency-*,
+  misc-*,
+  readability-*,
+  performance-*,
+  portability-*,
+  google-*,
+  linuxkernel-*,
+  -bugprone-narrowing-conversions,
+  -bugprone-branch-clone,
+  -bugprone-reserved-identifier,
+  -bugprone-easily-swappable-parameters,
+  -bugprone-sizeof-expression,
+  -bugprone-implicit-widening-of-multiplication-result,
+  -bugprone-suspicious-memory-comparison,
+  -bugprone-not-null-terminated-result,
+  -bugprone-signal-handler,
+  -concurrency-mt-unsafe,
+  -misc-unused-parameters,
+  -misc-misplaced-widening-cast,
+  -misc-no-recursion,
+  -readability-magic-numbers,
+  -readability-use-anyofallof,
+  -readability-identifier-length,
+  -readability-function-cognitive-complexity,
+  -readability-named-parameter,
+  -readability-isolate-declaration,
+  -readability-else-after-return,
+  -readability-redundant-control-flow,
+  -readability-suspicious-call-argument,
+  -google-readability-casting,
+  -google-readability-todo,
+  -performance-no-int-to-ptr,
+#   clang-analyzer-*,
+#   clang-analyzer-deadcode.DeadStores,
+#   clang-analyzer-optin.performance.Padding,
+#   -clang-analyzer-security.insecureAPI.*
+
+# Turn all the warnings from the checks above into errors.
+FormatStyle: file

.github/workflows/c-cpp.yml

@@ -13,5 +13,14 @@ jobs:
 
     steps:
     - uses: actions/checkout@v2
+    - name: prepare
+      run: |
+        sudo apt update
+        sudo apt install libgtest-dev dnsperf
     - name: make
-      run: make
+      run: |
+        make all -j4
+        make clean
+    - name: test
+      run: |
+        make -C test test -j8

.gitignore

@@ -1,5 +1,7 @@
 .vscode
 *.o
+*.pem
 .DS_Store
 *.swp.
 systemd/smartdns.service
+test.bin

Dockerfile

@@ -36,7 +36,7 @@ RUN cd /build/smartdns && \
     \
     ( cd package && tar -xvf *.tar.gz && chmod a+x smartdns/etc/init.d/smartdns ) && \
     \
-    mkdir -p /release/var/log /release/var/run && \
+    mkdir -p /release/var/log /release/run && \
     cp package/smartdns/etc /release/ -a && \
     cp package/smartdns/usr /release/ -a && \
     mkdir -p /release/opt/smartdns && \

Makefile

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 Ruilin Peng (Nick) <[email protected]>.
+# Copyright (C) 2018-2023 Ruilin Peng (Nick) <[email protected]>.
 #
 # smartdns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,7 +18,7 @@ DESTDIR :=
 PREFIX := /usr
 SBINDIR := $(PREFIX)/sbin
 SYSCONFDIR := /etc
-RUNSTATEDIR := /var/run
+RUNSTATEDIR := /run
 SYSTEMDSYSTEMUNITDIR := $(shell ${PKG_CONFIG} --variable=systemdsystemunitdir systemd)
 SMARTDNS_SYSTEMD = systemd/smartdns.service
 

etc/init.d/smartdns

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (C) 2018-2020 Ruilin Peng (Nick) <[email protected]>.
+# Copyright (C) 2018-2023 Ruilin Peng (Nick) <[email protected]>.
 #
 # smartdns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -28,7 +28,10 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin
 
 . /etc/default/smartdns
 SMARTDNS=/usr/sbin/smartdns
-PIDFILE=/var/run/smartdns.pid
+PIDFILE=/run/smartdns.pid
+if [ ! -d "/run" ]; then
+	PIDFILE=/var/run/smartdns.pid
+fi
 
 test -x $SMARTDNS || exit 5
 
@@ -93,7 +96,7 @@ case $1 in
 			exit 1
 		fi
 		echo "smartdns server is running."
-		status=$?
+		status=0
 		;;
 	*)
 		echo "Usage: $0 {start|stop|restart|status}"

etc/smartdns/smartdns.conf

@@ -1,5 +1,8 @@
 # dns server name, default is host name
+# server-name, 
+# example:
 server-name smartdns
+#
 
 # whether resolv local hostname to ip address
 # resolv-hostname yes
@@ -16,9 +19,17 @@ server-name smartdns
 
 # dns server bind ip and port, default dns server port is 53, support binding multi ip and port
 # bind udp server
-#   bind [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
+#   bind [IP]:[port][@device] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
 # bind tcp server
-#   bind-tcp [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
+#   bind-tcp [IP]:[port][@device] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
+# bind tls server
+#   bind-tls [IP]:[port][@device] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
+#   bind-cert-key-file [path to file]
+#      tls private key file
+#   bind-cert-file [path to file]
+#      tls cert file
+#   bind-cert-key-pass [password]
+#      tls private key password
 # option:
 #   -group: set domain request to use the appropriate server group.
 #   -no-rule-addr: skip address rule.
@@ -29,13 +40,16 @@ server-name smartdns
 #   -no-rule-soa: Skip address SOA(#) rules.
 #   -no-dualstack-selection: Disable dualstack ip selection.
 #   -force-aaaa-soa: force AAAA query return SOA.
-#   -set-mark: set mark on packets.
+#   -ipset ipsetname: use ipset rule.
+#   -nftset nftsetname: use nftset rule.
 # example: 
 #  IPV4: 
 #    bind :53
+#    bind :53@eth0
 #    bind :6053 -group office -no-speed-check
 #  IPV6:
 #    bind [::]:53
+#    bind [::]:53@eth0
 #    bind-tcp [::]:53
 bind [::]:53
 bind-tcp [::]:53
@@ -46,6 +60,7 @@ bind-tcp [::]:53
 # dns cache size
 # cache-size [number]
 #   0: for no cache
+#   -1: auto set cache size
 cache-size 102400
 
 # enable persist cache when restart
@@ -54,6 +69,10 @@ cache-persist yes
 # cache persist file
 cache-file /etc/smartdns/smartdns.cache
 
+# cache persist time
+# cache-checkpoint-time [second]
+# cache-checkpoint-time 86400
+
 # prefetch domain
 # prefetch-domain [yes|no]
 prefetch-domain yes
@@ -96,14 +115,16 @@ force-AAAA-SOA yes
 
 # force specific qtype return soa
 # force-qtype-SOA [qtypeid |...]
+# force-qtype-SOA [qtypeid,...]
 # force-qtype-SOA 65 28
+# force-qtype-SOA 65,28
 force-qtype-SOA 65
 
 # Enable IPV4, IPV6 dual stack IP optimization selection strategy
 # dualstack-ip-selection-threshold [num] (0~1000)
 # dualstack-ip-allow-force-AAAA [yes|no]
 # dualstack-ip-selection [yes|no]
-# dualstack-ip-selection yes
+# dualstack-ip-selection no
 
 # edns client subnet
 # edns-client-subnet [ip/subnet]
@@ -115,6 +136,8 @@ force-qtype-SOA 65
 # rr-ttl-min: minimum ttl for resource record
 # rr-ttl-max: maximum ttl for resource record
 # rr-ttl-reply-max: maximum reply ttl for resource record
+# example:
+# rr-ttl 300
 rr-ttl-min 300
 rr-ttl-max 3600
 # rr-ttl-reply-max 60
@@ -128,8 +151,9 @@ rr-ttl-max 3600
 # response-mode [first-ping|fastest-ip|fastest-response]
 
 # set log level
-# log-level: [level], level=fatal, error, warn, notice, info, debug
+# log-level: [level], level=off, fatal, error, warn, notice, info, debug
 # log-file: file path of log file.
+# log-console [yes|no]: output log to console.
 # log-size: size of each log file, support k,m,g
 # log-num: number of logs, 0 means disable log
 log-level error
@@ -145,6 +169,7 @@ log-num 2
 # audit-SOA [yes|no]: enable or disable log soa result.
 # audit-size size of each audit file, support k,m,g
 # audit-file /var/log/smartdns-audit.log
+# audit-console [yes|no]: output audit log to console.
 # audit-file-mode [mode]: file mode of audit file.
 # audit-size 128k
 # audit-num 2
@@ -161,13 +186,18 @@ log-num 2
 # ca-path /etc/ss/certs
 
 # remote udp dns server list
-# server [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
+# server [IP]:[PORT]|URL [-blacklist-ip] [-whitelist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
 # default port is 53
 #   -blacklist-ip: filter result with blacklist ip
-#   -whitelist-ip: filter result whth whitelist ip,  result in whitelist-ip will be accepted.
+#   -whitelist-ip: filter result with whitelist ip,  result in whitelist-ip will be accepted.
 #   -check-edns: result must exist edns RR, or discard result.
 #   -group [group]: set server to group, use with nameserver /domain/group.
 #   -exclude-default-group: exclude this server from default group.
+#   -proxy [proxy-name]: use proxy to connect to server.
+#   -bootstrap-dns: set as bootstrap dns server.
+#   -set-mark: set mark on packets.
+#   -subnet [ip/subnet]: set edns client subnet.
+#   -host-ip [ip]: set dns server host ip.
 # server 8.8.8.8 -blacklist-ip -check-edns -group g1 -group g2
 server 114.114.114.114
 
@@ -185,6 +215,8 @@ server-tcp 8.26.56.26
 #   -tls-host-verify: cert hostname to verify.
 #   -host-name: TLS sni hostname.
 #   -no-check-certificate: no check certificate.
+#   -proxy [proxy-name]: use proxy to connect to server.
+#   -bootstrap-dns: set as bootstrap dns server.
 # Get SPKI with this command:
 #    echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
 # default port is 853
@@ -200,8 +232,16 @@ server-tls 101.101.101.101
 #   -host-name: TLS sni hostname.
 #   -http-host: http host.
 #   -no-check-certificate: no check certificate.
+#   -proxy [proxy-name]: use proxy to connect to server.
+#   -bootstrap-dns: set as bootstrap dns server.
 # default port is 443
 # server-https https://cloudflare-dns.com/dns-query
+
+# socks5 and http proxy list
+# proxy-server URL -name [proxy name]
+#   URL: socks5://[username:password@]host:port
+#        http://[username:password@]host:port
+#   -name: proxy name, use with server -proxy [proxy-name]
 server-https https://doh.pub/dns-query
 server-https https://dns.alidns.com/dns-query
 
@@ -210,12 +250,23 @@ server-https https://dns.alidns.com/dns-query
 # nameserver /www.example.com/office, Set the domain name to use the appropriate server group.
 # nameserver /www.example.com/-, ignore this domain
 
+# expand ptr record from address record
+# expand-ptr-from-address yes
+
 # specific address to domain
-# address /domain/[ip|-|-4|-6|#|#4|#6]
+# address /domain/[ip1,ip2|-|-4|-6|#|#4|#6]
 # address /www.example.com/1.2.3.4, return ip 1.2.3.4 to client
+# address /www.example.com/1.2.3.4,5.6.7.8, return multiple ip addresses
 # address /www.example.com/-, ignore address, query from upstream, suffix 4, for ipv4, 6 for ipv6, none for all
 # address /www.example.com/#, return SOA to client, suffix 4, for ipv4, 6 for ipv6, none for all
 
+# specific cname to domain
+# cname /domain/target
+
+# enalbe DNS64 feature
+# dns64 [ip/subnet]
+# dns64 64:ff9b::/96
+
 # enable ipset timeout by ttl feature
 # ipset-timeout [yes]
 
@@ -224,18 +275,31 @@ server-https https://dns.alidns.com/dns-query
 # ipset /www.example.com/block, set ipset with ipset name of block 
 # ipset /www.example.com/-, ignore this domain
 
+# add to ipset when ping is unreachable
+# ipset-no-speed ipsetname
+# ipset-no-speed pass
+
 # enable nftset timeout by ttl feature
-# nftset-timeout [yes]
+# nftset-timeout [yes|no]
+# nftset-timeout yes
+
+# add to nftset when ping is unreachable
+# nftset-no-speed [#4:ip#table#set,#6:ipv6#table#setv6]
+# nftset-no-speed #4:ip#table#set
 
 # enable nftset debug, check nftset setting result, output log when error.
-# nftset-debug [no]
+# nftset-debug [yes|no]
+# nftset-debug yes
 
 # specific nftset to domain
 # nftset /domain/[#4:ip#table#set,#6:ipv6#table#setv6]
 # nftset /www.example.com/ip#table#set, equivalent to 'nft add element ip table set { ... }'
 # nftset /www.example.com/-, ignore this domain
 # nftset /www.example.com/#6:-, ignore ipv6
 
+# set ddns domain
+# ddns-domain domain
+
 # set domain rules
 # domain-rules /domain/ [-speed-check-mode [...]]
 # rules:
@@ -247,6 +311,7 @@ server-https https://dns.alidns.com/dns-query
 #   [-t] -nftset [nftset|-]: same as nftset option
 #   [-d] -dualstack-ip-selection [yes|no]: same as dualstack-ip-selection option
 #   -no-serve-expired: ignore expired domain
+#   -delete: delete domain rule
 
 # collection of domains 
 # the domain-set can be used with /domain/ for address, nameserver, ipset, etc.