bearice · March 20, 2022 12:31
diff --git a/dnsmasq-filter-aaaa.patch b/dnsmasq-filter-aaaa.patch
 From 966471712184cfb3b067f2ae8dad9d8e2a896cae Mon Sep 17 00:00:00 2001
 From: Bearice Ren <[email protected]>
 Date: Tue, 20 Sep 2016 11:52:08 +0800
 Subject: [PATCH] add filter-aaaa option

 ---
 src/dnsmasq.h | 3 ++-
 src/option.c  | 3 +++
 src/rfc1035.c | 9 +++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)

 diff --git a/src/dnsmasq.h b/src/dnsmasq.h
 index 1896a64..e10d6c4 100644
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
 @@ -238,7 +238,8 @@ struct event_desc {
 #define OPT_SCRIPT_ARP     53
 #define OPT_MAC_B64        54
 #define OPT_MAC_HEX        55
 -#define OPT_LAST           56
 +#define OPT_FILTER_AAAA    56
 +#define OPT_LAST           57

 /* extra flags for my_syslog, we use a couple of facilities since they are known
    not to occupy the same bits as priorities, no matter how syslog.h is set up. */
 diff --git a/src/option.c b/src/option.c
 index d8c57d6..1cc65bf 100644
 --- a/src/option.c
 +++ b/src/option.c
 @@ -159,6 +159,7 @@ struct myoption {
 #define LOPT_SCRIPT_ARP    347
 #define LOPT_DHCPTTL       348
 #define LOPT_TFTP_MTU      349
 +#define LOPT_FILTER_AAAA   350

 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =
 @@ -323,6 +324,7 @@ static const struct myoption opts[] =
     { "dns-loop-detect", 0, 0, LOPT_LOOP_DETECT },
     { "script-arp", 0, 0, LOPT_SCRIPT_ARP },
     { "dhcp-ttl", 1, 0 , LOPT_DHCPTTL },
 +    { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA },
     { NULL, 0, 0, 0 }
   };

 @@ -494,6 +496,7 @@ static struct {
   { LOPT_LOOP_DETECT, OPT_LOOP_DETECT, NULL, gettext_noop("Detect and remove DNS forwarding loops."), NULL },
   { LOPT_IGNORE_ADDR, ARG_DUP, "<ipaddr>", gettext_noop("Ignore DNS responses containing ipaddr."), NULL },
   { LOPT_DHCPTTL, ARG_ONE, "<ttl>", gettext_noop("Set TTL in DNS responses with DHCP-derived addresses."), NULL },
 +  { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL },
   { 0, 0, NULL, NULL, NULL }
 };

 diff --git a/src/rfc1035.c b/src/rfc1035.c
 index 24d08c1..1594962 100644
 --- a/src/rfc1035.c
 +++ b/src/rfc1035.c
 @@ -1783,6 +1783,15 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
            }
        }

 +      //patch to filter aaaa forwards
 +      if (qtype == T_AAAA && option_bool(OPT_FILTER_AAAA) ){
 +        //return a null reply
 +        ans = 1;
 +        if (!dryrun) log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
 +        break;
 +      }
 +      //end of patch
 +
       if (!ans)
        return 0; /* failed to answer a question */
     }
 --
	From 966471712184cfb3b067f2ae8dad9d8e2a896cae Mon Sep 17 00:00:00 2001
	From: Bearice Ren <[email protected]>
	Date: Tue, 20 Sep 2016 11:52:08 +0800
	Subject: [PATCH] add filter-aaaa option

	---
	src/dnsmasq.h \| 3 ++-
	src/option.c \| 3 +++
	src/rfc1035.c \| 9 +++++++++
	3 files changed, 14 insertions(+), 1 deletion(-)

	diff --git a/src/dnsmasq.h b/src/dnsmasq.h
	index 1896a64..e10d6c4 100644
	--- a/src/dnsmasq.h
	+++ b/src/dnsmasq.h
	@@ -238,7 +238,8 @@ struct event_desc {
	#define OPT_SCRIPT_ARP 53
	#define OPT_MAC_B64 54
	#define OPT_MAC_HEX 55
	-#define OPT_LAST 56
	+#define OPT_FILTER_AAAA 56
	+#define OPT_LAST 57

	/* extra flags for my_syslog, we use a couple of facilities since they are known
	not to occupy the same bits as priorities, no matter how syslog.h is set up. */
	diff --git a/src/option.c b/src/option.c
	index d8c57d6..1cc65bf 100644
	--- a/src/option.c
	+++ b/src/option.c
	@@ -159,6 +159,7 @@ struct myoption {
	#define LOPT_SCRIPT_ARP 347
	#define LOPT_DHCPTTL 348
	#define LOPT_TFTP_MTU 349
	+#define LOPT_FILTER_AAAA 350

	#ifdef HAVE_GETOPT_LONG
	static const struct option opts[] =
	@@ -323,6 +324,7 @@ static const struct myoption opts[] =
	{ "dns-loop-detect", 0, 0, LOPT_LOOP_DETECT },
	{ "script-arp", 0, 0, LOPT_SCRIPT_ARP },
	{ "dhcp-ttl", 1, 0 , LOPT_DHCPTTL },
	+ { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA },
	{ NULL, 0, 0, 0 }
	};

	@@ -494,6 +496,7 @@ static struct {
	{ LOPT_LOOP_DETECT, OPT_LOOP_DETECT, NULL, gettext_noop("Detect and remove DNS forwarding loops."), NULL },
	{ LOPT_IGNORE_ADDR, ARG_DUP, "<ipaddr>", gettext_noop("Ignore DNS responses containing ipaddr."), NULL },
	{ LOPT_DHCPTTL, ARG_ONE, "<ttl>", gettext_noop("Set TTL in DNS responses with DHCP-derived addresses."), NULL },
	+ { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL },
	{ 0, 0, NULL, NULL, NULL }
	};

	diff --git a/src/rfc1035.c b/src/rfc1035.c
	index 24d08c1..1594962 100644
	--- a/src/rfc1035.c
	+++ b/src/rfc1035.c
	@@ -1783,6 +1783,15 @@ size_t answer_request(struct dns_header header, char limit, size_t qlen,
	}
	}

	+ //patch to filter aaaa forwards
	+ if (qtype == T_AAAA && option_bool(OPT_FILTER_AAAA) ){
	+ //return a null reply
	+ ans = 1;
	+ if (!dryrun) log_query(F_CONFIG \| F_IPV6 \| F_NEG, name, &addr, NULL);
	+ break;
	+ }
	+ //end of patch
	+
	if (!ans)
	return 0; /* failed to answer a question */
	}
	--