Merge branch 'master' into mainline

gnuton · Jan 31, 2020 · f02756e · f02756e
2 parents db26f1d + c8e2b14
commit f02756e
Show file tree

Hide file tree

Showing 4 changed files with 122 additions and 71 deletions.
diff --git a/Changelog-NG.txt b/Changelog-NG.txt
@@ -31,7 +31,7 @@ Asuswrt-Merlin 384/NG Changelog
 
   - UPDATED: Backported some fixes from 384_81981, mostly related
              to WAN, port bonding and mdns.
-  - UPDATED: Merged GPK 384_7756 for RT-AX88U, which adds OFDMA and
+  - UPDATED: Merged GPL 384_7756 for RT-AX88U, which adds OFDMA and
              WPA3 support to that model.
   - UPDATED: Merged with GPL 385_10002 for other models (from RT-AC68U)
   - UPDATED: odhcp6c to 1.1-97-ge199804 (themiron)

diff --git a/release/src/router/rc/dnsfilter.c b/release/src/router/rc/dnsfilter.c
@@ -15,31 +15,70 @@
  * MA 02111-1307 USA
  *
  *
- * Copyright 2014-2019 Eric Sauvageau.
+ * Copyright 2014-2020 Eric Sauvageau.
  *
  */
 
 #include <rc.h>
 #include <net/ethernet.h>
-
-
 #ifdef RTCONFIG_DNSFILTER
+#include "dnsfilter.h"
+
+char *server_table[][2] = {
+	{ "", "" },			/* 0: Unfiltered */
+	{ "208.67.222.222", "" },	/* 1: OpenDNS */
+	{ "", "" },			/* 2: Discontinued Norton Connect Safe */
+	{ "", "" },			/* 3: Discontinued Norton Connect Safe */
+	{ "", "" },			/* 4: Discontinued Norton Connect Safe */
+	{ "77.88.8.88", "" },		/* 5: Secure Mode safe.dns.yandex.ru */
+	{ "77.88.8.7", "" },		/* 6: Family Mode family.dns.yandex.ru */
+	{ "208.67.222.123", "" },	/* 7: OpenDNS Family Shield */
+	{ "", "" },			/* 8: Custom1 */
+	{ "", "" },			/* 9: Custom2 */
+	{ "", "" },			/* 10: Custom3 */
+	{ "", "" },			/* 11: Router */
+	{ "8.26.56.26", "" },		/* 12: Comodo Secure DNS */
+	{ "9.9.9.9", "" },		/* 13: Quad9 */
+	{ "185.228.168.9", "" },	/* 14: CleanBrowsing Security */
+	{ "185.228.168.10", "" },	/* 15: CleanBrowsing Adult */
+	{ "185.228.168.168", "" }	/* 16: CleanBrowsing Family */
+};
+
+#ifdef RTCONFIG_IPV6
+char *server6_table[][2] = {
+	{"", ""},		/* 0: Unfiltered */
+	{"", ""},		/* 1: OpenDNS */
+	{"", ""},		/* 2: Discontinued Norton Connect Safe */
+	{"", ""},		/* 3: Discontinued Norton Connect Safe */
+	{"", ""},		/* 4: Discontinued Norton Connect Safe */
+	{"2a02:6b8::feed:bad","2a02:6b8:0:1::feed:bad"},		/* 5: Secure Mode safe.dns.yandex.ru */
+	{"2a02:6b8::feed:a11","2a02:6b8:0:1::feed:a11"},		/* 6: Family Mode family.dns.yandex.ru */
+	{"", ""},		/* 7: OpenDNS Family Shield */
+	{"", ""},		/* 8: Custom1 - not supported yet */
+	{"", ""},		/* 9: Custom2 - not supported yet */
+	{"", ""},		/* 10: Custom3 - not supported yet */
+	{"", ""},		/* 11: Router  - semi-supported, refer dnsfilter_setup_dnsmasq() */
+	{"", ""},		/* 12: Comodo Secure DNS */
+	{"2620:fe::fe", "2620:fe::9"},	/* 13: Quad9 */
+	{"2a0d:2a00:1::2", "2a0d:2a00:2::2"},	/* 14: CleanBrowsing Security */
+	{"2a0d:2a00:1::1", "2a0d:2a00:2::1"},	/* 15: CleanBrowsing Adult */
+	{"2a0d:2a00:1::", "2a0d:2a00:2::"}	/* 16: CleanBrowsing Family */
+};
+#endif
 
-int get_dns_filter(int proto, int mode, char **server);
-int dnsfilter_support_dot(int mode);
 
 // Return 1 if selected mode supports DNS over TLS
 int dnsfilter_support_dot(int mode)
 {
 	switch (mode){
-		case 8:
-		case 9:
-		case 10:	// Custom 1, 2 and 3 - assume they might support it
-		case 13:	// Quad9
-		case 11:	// Router (in case end-user implements it locally)
-		case 14:
-		case 15:
-		case 16:	// CleanBrowsing 1-3
+		case DNSF_SRV_CUSTOM1:
+		case DNSF_SRV_CUSTOM2:
+		case DNSF_SRV_CUSTOM3:	// Custom 1, 2 and 3 - assume they might support it
+		case DNSF_SRV_QUAD9:
+		case DNSF_SRV_ROUTER:	// Router (in case end-user implements it locally)
+		case DNSF_SRV_CLEANBROWSING_SECURITY:
+		case DNSF_SRV_CLEANBROWSING_ADULT:
+		case DNSF_SRV_CLEANBROWSING_FAMILY:
 			return 1;
 		default:
 			return 0;
@@ -49,52 +88,14 @@ int dnsfilter_support_dot(int mode)
 // ARG: server must be an array of two pointers, each pointing to an array of chars
 int get_dns_filter(int proto, int mode, char **server)
 {
+	server_table[DNSF_SRV_CUSTOM1][0] = nvram_safe_get("dnsfilter_custom1");
+	server_table[DNSF_SRV_CUSTOM2][0] = nvram_safe_get("dnsfilter_custom2");
+	server_table[DNSF_SRV_CUSTOM3][0] = nvram_safe_get("dnsfilter_custom3");
+	server_table[DNSF_SRV_ROUTER][0] = nvram_safe_get("dhcp_dns1_x");
+
 	int count = 0;
-	char *server_table[][2] = {
-		{ "", "" },			/* 0: Unfiltered */
-		{ "208.67.222.222", "" },	/* 1: OpenDNS */
-		{ "", "" },	/* 2: Discontinued Norton Connect Safe */
-		{ "", "" },	/* 3: Discontinued Norton Connect Safe */
-		{ "", "" },	/* 4: Discontinued Norton Connect Safe */
-		{ "77.88.8.88", "" },		/* 5: Secure Mode safe.dns.yandex.ru */
-		{ "77.88.8.7", "" },		/* 6: Family Mode family.dns.yandex.ru */
-		{ "208.67.222.123", "" },	/* 7: OpenDNS Family Shield */
-		{ nvram_safe_get("dnsfilter_custom1"), "" },		/* 8: Custom1 */
-		{ nvram_safe_get("dnsfilter_custom2"), "" },		/* 9: Custom2 */
-		{ nvram_safe_get("dnsfilter_custom3"), "" },		/* 10: Custom3 */
-		{ nvram_safe_get("dhcp_dns1_x"), "" },			/* 11: Router */
-		{ "8.26.56.26", "" },		/* 12: Comodo Secure DNS */
-		{ "9.9.9.9", "" },		/* 13: Quad9 */
-		{ "185.228.168.9", "" },	/* 14: CleanBrowsing Security */
-		{ "185.228.168.10", "" },	/* 15: CleanBrowsing Adult */
-		{ "185.228.168.168", "" }	/* 16: CleanBrowsing Family */
-        };
-#ifdef RTCONFIG_IPV6
-	char *server6_table[][2] = {
-		{"", ""},		/* 0: Unfiltered */
-		{"", ""},		/* 1: OpenDNS */
-		{"", ""},		/* 2: Discontinued Norton Connect Safe */
-		{"", ""},		/* 3: Discontinued Norton Connect Safe */
-		{"", ""},		/* 4: Discontinued Norton Connect Safe */
-		{"2a02:6b8::feed:bad","2a02:6b8:0:1::feed:bad"},		/* 5: Secure Mode safe.dns.yandex.ru */
-		{"2a02:6b8::feed:a11","2a02:6b8:0:1::feed:a11"},		/* 6: Family Mode family.dns.yandex.ru */
-		{"", ""},		/* 7: OpenDNS Family Shield */
-		{"", ""},		/* 8: Custom1 - not supported yet */
-		{"", ""},		/* 9: Custom2 - not supported yet */
-		{"", ""},		/* 10: Custom3 - not supported yet */
-		{"", ""},		/* 11: Router  - semi-supported, refer dnsfilter_setup_dnsmasq() */
-		{"", ""},		/* 12: Comodo Secure DNS */
-		{"2620:fe::fe", "2620:fe::9"},	/* 13: Quad9 */
-		{"2a0d:2a00:1::2", "2a0d:2a00:2::2"},	/* 14: CleanBrowsing Security */
-		{"2a0d:2a00:1::1", "2a0d:2a00:2::1"},	/* 15: CleanBrowsing Adult */
-		{"2a0d:2a00:1::", "2a0d:2a00:2::"}	/* 16: CleanBrowsing Family */
-        };
-#endif
 
 // Initialize
-	server[0] = server_table[0][0];
-	server[1] = server_table[0][1];
-
 	if (mode >= (sizeof(server_table)/sizeof(server_table[0]))) mode = 0;
 
 #ifdef RTCONFIG_IPV6
@@ -109,7 +110,7 @@ int get_dns_filter(int proto, int mode, char **server)
 	}
 
 // Ensure that custom and DHCP-provided DNS do contain something
-	if (((mode == 8) || (mode == 9) || (mode == 10) || (mode == 11)) && (!strlen(server[0])) && (proto == AF_INET)) {
+	if (((mode == DNSF_SRV_CUSTOM1) || (mode == DNSF_SRV_CUSTOM2) || (mode == DNSF_SRV_CUSTOM3) || (mode == DNSF_SRV_ROUTER)) && (!strlen(server[0])) && (proto == AF_INET)) {
 		server[0] = nvram_safe_get("lan_ipaddr");
 	}
 
@@ -148,7 +149,7 @@ void dnsfilter_settings(FILE *fp, char *lan_ip) {
 			if (!*mac || !*mode || !ether_atoe(mac, ea))
 				continue;
 			dnsmode = atoi(mode);
-			if (dnsmode == 0) {
+			if (dnsmode == DNSF_SRV_UNFILTERED) {
 				fprintf(fp,
 					"-A DNSFILTER -m mac --mac-source %s -j RETURN\n",
 					mac);
@@ -162,7 +163,7 @@ void dnsfilter_settings(FILE *fp, char *lan_ip) {
 
 		/* Send other queries to the default server */
 		dnsmode = nvram_get_int("dnsfilter_mode");
-		if ((dnsmode) && get_dns_filter(AF_INET, dnsmode, server)) {
+		if ((dnsmode != DNSF_SRV_UNFILTERED) && get_dns_filter(AF_INET, dnsmode, server)) {
 			fprintf(fp, "-A DNSFILTER -j DNAT --to-destination %s\n", server[0]);
 		}
 	}
@@ -195,7 +196,7 @@ void dnsfilter6_settings(FILE *fp, char *lan_if, char *lan_ip) {
 		dnsmode = atoi(mode);
 		if (!*mac || !ether_atoe(mac, ea))
 			continue;
-		if (dnsmode == 0) {	// Unfiltered
+		if (dnsmode == DNSF_SRV_UNFILTERED) {
 			fprintf(fp, "-A DNSFILTERI -m mac --mac-source %s -j ACCEPT\n"
 				    "-A DNSFILTERF -m mac --mac-source %s -j ACCEPT\n"
 				    "-A DNSFILTER_DOT -m mac --mac-source %s -j ACCEPT\n",
@@ -222,7 +223,7 @@ void dnsfilter6_settings(FILE *fp, char *lan_if, char *lan_ip) {
 	free(nv);
 
 	dnsmode = nvram_get_int("dnsfilter_mode");
-	if (dnsmode) {
+	if (dnsmode != DNSF_SRV_UNFILTERED) {
 		/* Allow other queries to the default server, and drop the rest */
 		count = get_dns_filter(AF_INET6, dnsmode, server);
 		if (count) {
@@ -260,7 +261,7 @@ void dnsfilter_setup_dnsmasq(FILE *fp) {
 		if (dnsmode == defmode)
 			continue;
 		count = get_dns_filter(AF_INET6, dnsmode, server);
-		if (count == 0 && dnsmode == 11) {
+		if (count == 0 && dnsmode == DNSF_SRV_ROUTER) {
 			/* Workaround dynamic router address */
 			server[0] = "::";
 			count = 1;
@@ -284,7 +285,7 @@ void dnsfilter_setup_dnsmasq(FILE *fp) {
 			continue;
 		dnsmode = atoi(mode);
 		/* Skip unfiltered, default, or non-IPv6 capable levels */
-		if ((dnsmode == 0) || (dnsmode == defmode) || (get_dns_filter(AF_INET6, dnsmode, server) == 0))
+		if ((dnsmode == DNSF_SRV_UNFILTERED) || (dnsmode == defmode) || (get_dns_filter(AF_INET6, dnsmode, server) == 0))
 			continue;
 		fprintf(fp, "dhcp-host=%s,set:dnsf%u\n", mac, dnsmode);
 	}
@@ -317,7 +318,7 @@ void dnsfilter_dot_rules(FILE *fp, char *lan_if)
 		if (!*mac || !*mode || !ether_atoe(mac, ea))
 			continue;
 		dnsmode = atoi(mode);
-		if (dnsmode == 0)	// Unfiltered
+		if (dnsmode == DNSF_SRV_UNFILTERED)
 			fprintf(fp, "-A DNSFILTER_DOT -m mac --mac-source %s -j RETURN\n", mac);
 		else if (dnsfilter_support_dot(dnsmode) && get_dns_filter(AF_INET, dnsmode, server) > 0 )	// Filter supports DOT
 			fprintf(fp, "-A DNSFILTER_DOT -m mac --mac-source %s ! -d %s -j REJECT\n", mac, server[0]);
@@ -328,7 +329,7 @@ void dnsfilter_dot_rules(FILE *fp, char *lan_if)
 
 	/* Global filtering */
 	dnsmode = nvram_get_int("dnsfilter_mode");
-	if (dnsmode) {
+	if (dnsmode != DNSF_SRV_UNFILTERED) {
 		if (dnsfilter_support_dot(dnsmode) && get_dns_filter(AF_INET, dnsmode, server) > 0 )
 			fprintf(fp, "-A DNSFILTER_DOT ! -d %s -j REJECT\n", server[0]);
 		else

diff --git a/release/src/router/rc/dnsfilter.h b/release/src/router/rc/dnsfilter.h
@@ -0,0 +1,45 @@
+/*
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+ * MA 02111-1307 USA
+ *
+ *
+ * Copyright 2014-2020 Eric Sauvageau.
+ *
+ */
+
+extern int get_dns_filter(int proto, int mode, char **server);
+extern int dnsfilter_support_dot(int mode);
+
+/* DNSFilter Services */
+enum {
+	DNSF_SRV_UNFILTERED = 0,
+	DNSF_SRV_OPENDNS,
+	DNSF_SRV_NORTON1,
+	DNSF_SRV_NORTON2,
+	DNSF_SRV_NORTON3,
+	DNSF_SRV_YANDEX_SECURE,
+	DNSF_SRV_YANDEX_FAMILY,
+	DNSF_SRV_OPENDNS_FAMILY,
+	DNSF_SRV_CUSTOM1,
+	DNSF_SRV_CUSTOM2,
+	DNSF_SRV_CUSTOM3,
+	DNSF_SRV_ROUTER,
+	DNSF_SRV_COMODO,
+	DNSF_SRV_QUAD9,
+	DNSF_SRV_CLEANBROWSING_SECURITY,
+	DNSF_SRV_CLEANBROWSING_ADULT,
+	DNSF_SRV_CLEANBROWSING_FAMILY,
+	DNSF_SRV_LAST
+};
diff --git a/release/src/router/rc/format.c b/release/src/router/rc/format.c
@@ -17,6 +17,10 @@ extern int vpnc_load_profile(VPNC_PROFILE *list, const int list_size, const int
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
+#ifdef RTCONFIG_DNSFILTER
+#include "dnsfilter.h"
+#endif
+
 void adjust_merlin_config(void)
 {
 #ifdef RTCONFIG_OPENVPN
@@ -151,8 +155,8 @@ void adjust_merlin_config(void)
 /* Remove discontinued DNSFilter services */
 #ifdef RTCONFIG_DNSFILTER
 	globalmode = nvram_get_int("dnsfilter_mode");
-	if (globalmode == 2 || globalmode == 3 || globalmode == 4)
-		nvram_set("dnsfilter_mode", "7");
+	if (globalmode == DNSF_SRV_NORTON1 || globalmode == DNSF_SRV_NORTON2 || globalmode == DNSF_SRV_NORTON3)
+		nvram_set_int("dnsfilter_mode", DNSF_SRV_OPENDNS_FAMILY);
 
 #ifdef HND_ROUTER
 	nv = nvp = malloc(255 * 6 + 1);
@@ -171,9 +175,10 @@ void adjust_merlin_config(void)
 			if (!*mac || !*mode )
 				continue;
 
-			if (mode[0] == '2' || mode[0] == '3' || mode[0] == '4')  mode[0] = '7';
-
-			snprintf(tmp, sizeof(tmp), "<%s>%s>%s", name, mac, mode);
+			if (atoi(mode) == DNSF_SRV_NORTON1 || atoi(mode) == DNSF_SRV_NORTON2 || atoi(mode) == DNSF_SRV_NORTON3)
+				snprintf(tmp, sizeof(tmp), "<%s>%s>%d", name, mac, DNSF_SRV_OPENDNS_FAMILY);
+			else
+				snprintf(tmp, sizeof(tmp), "<%s>%s>%s", name, mac, mode);
 			strcat(newstr, tmp);
 		}