-
Notifications
You must be signed in to change notification settings - Fork 15
/
002-regex-ipset.patch
101 lines (97 loc) · 3.01 KB
/
002-regex-ipset.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
diff --git a/src/config.h b/src/config.h
index 0aed8d7..2993cb2 100644
--- a/src/config.h
+++ b/src/config.h
@@ -200,6 +200,7 @@ RESOLVFILE
/* #define HAVE_DNSSEC */
/* #define HAVE_NFTSET */
/* #define HAVE_REGEX */
+/* #define HAVE_REGEX_IPSET */
/* Default locations for important system files. */
@@ -392,7 +393,12 @@ static char *compile_opts =
#ifndef HAVE_REGEX
"no-"
#endif
-"regex "
+"regex"
+#if defined(HAVE_REGEX) && defined(HAVE_REGEX_IPSET) && (defined(HAVE_IPSET) || defined(HAVE_NFTSET))
+"(+ipset,nftset) "
+#else
+" "
+#endif
#if defined(HAVE_LIBIDN2)
"IDN2 "
#else
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 77dc93a..f0886ea 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -659,6 +659,10 @@ struct ipsets {
char **sets;
char *domain;
struct ipsets *next;
+#if defined(HAVE_REGEX) && defined(HAVE_REGEX_IPSET)
+ pcre *regex;
+ pcre_extra *pextra;
+#endif
};
struct allowlist {
diff --git a/src/forward.c b/src/forward.c
index be449f5..89453e3 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -651,6 +651,12 @@ static struct ipsets *domain_find_sets(struct ipsets *setlist, const char *domai
unsigned int matchlen = 0;
for (ipset_pos = setlist; ipset_pos; ipset_pos = ipset_pos->next)
{
+#if defined(HAVE_REGEX) && defined(HAVE_REGEX_IPSET)
+ if (ipset_pos->regex){
+ if (match_regex(ipset_pos->regex, ipset_pos->pextra, daemon->namebuff, namelen))
+ ret = ipset_pos;
+ }else{
+#endif
unsigned int domainlen = strlen(ipset_pos->domain);
const char *matchstart = domain + namelen - domainlen;
if (namelen >= domainlen && hostname_isequal(matchstart, ipset_pos->domain) &&
@@ -660,6 +666,9 @@ static struct ipsets *domain_find_sets(struct ipsets *setlist, const char *domai
matchlen = domainlen;
ret = ipset_pos;
}
+#if defined(HAVE_REGEX) && defined(HAVE_REGEX_IPSET)
+ }
+#endif
}
return ret;
diff --git a/src/option.c b/src/option.c
index 730adf4..859f3ab 100644
--- a/src/option.c
+++ b/src/option.c
@@ -3191,6 +3191,18 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
while ((end = split_chr(arg, '/')))
{
char *domain = NULL;
+#if defined(HAVE_REGEX) && defined(HAVE_REGEX_IPSET)
+ char *real_end = arg + strlen(arg);
+ if (*arg == ':' && *(real_end - 1) == ':'){
+ const char *error = NULL;
+ *(real_end - 1) = '\0';
+ ipsets->next = opt_malloc(sizeof(struct ipsets));
+ ipsets = ipsets->next;
+ memset(ipsets, 0, sizeof(struct ipsets));
+ if ((error = parse_regex_option(arg + 1, &ipsets->regex, &ipsets->pextra)))
+ ret_err(error);
+ }else{
+#endif
/* elide leading dots - they are implied in the search algorithm */
while (*arg == '.')
arg++;
@@ -3203,6 +3215,9 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
ipsets = ipsets->next;
memset(ipsets, 0, sizeof(struct ipsets));
ipsets->domain = domain;
+#if defined(HAVE_REGEX) && defined(HAVE_REGEX_IPSET)
+ }
+#endif
arg = end;
}
}