From patchwork Wed Apr 27 09:14:01 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hans Dedecker <dedeckeh@gmail.com>
X-Patchwork-Id: 615478
Return-Path: <openwrt-devel-bounces@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from arrakis.dune.hu (caladan.dune.hu [78.24.191.180])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3qvvT02sRNz9s3s
	for <incoming@patchwork.ozlabs.org>;
	Wed, 27 Apr 2016 19:15:48 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=TPY6mjbv;
	dkim-atps=neutral
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id 5336AB80F0C;
	Wed, 27 Apr 2016 11:14:30 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on arrakis.dune.hu
X-Spam-Level: 
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.1
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP;
	Wed, 27 Apr 2016 11:14:30 +0200 (CEST)
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id 19921B80CA0
	for <openwrt-devel@lists.openwrt.org>;
	Wed, 27 Apr 2016 11:14:19 +0200 (CEST)
X-policyd-weight: using cached result; rate: -7
Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com
	[74.125.82.67]) by arrakis.dune.hu (Postfix) with ESMTPS
	for <openwrt-devel@lists.openwrt.org>;
	Wed, 27 Apr 2016 11:14:18 +0200 (CEST)
Received: by mail-wm0-f67.google.com with SMTP id n129so1598114wmn.1
	for <openwrt-devel@lists.openwrt.org>;
	Wed, 27 Apr 2016 02:14:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=kOw9zjGjAjZ2BEu4s55IUvwYJjRFwtcfoVaN6aVfy2A=;
	b=TPY6mjbv6D5g1t2mrAE4o6kmFc4rcNDVDkPW7QdS9tbUEzmYj9IV5dLElJXbeUvyun
	vsA5RDzrnfq3G1OH7l5JCPRpKWjog6pIxn/GuIIN1ePNHffCvP+h/leuBXuxBJXd8dVf
	MwzMN2VlaZjWm8JRaI5C3ye35v6KvTy8uYjr2BAfZenWHOkK3dLwAVpzjd/mi9GPylES
	p6I+nb2Gv7PUqVdeCksd6NBcHrh7N/wL4CX9ZDH27TjhHQ0sKWKm8SOznOFZd7jRPDGj
	PkVKWMXwnT3zxu6UqbCirfQc0mnSI4wZ6kBX+DA2dfDq6/vGaicn8d0M9ri65Nv9/t+f
	JuzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=kOw9zjGjAjZ2BEu4s55IUvwYJjRFwtcfoVaN6aVfy2A=;
	b=mtu6J+gYfRQX/Iwp7S6hpVRMMmkmWXhx5ba53a7wRgsacbcGP0LZCWVGvMG9+5zUDb
	tmaqI6q95P9gAhW0YzsOsZ36qcT49KAnBkwgOGdU25GwJdeB+Eyh0Ywd3QenzSNePOqY
	eSCAORIc8JLe3PoTIGbTy0BpoXtqARs5wEJg5OYTo4Orqp7hBt7/laIrX5N7onvBL0mk
	fEezeSs+qawDBJ3yfLMWpKEXLsbkRzCUue5FxxXsROc1F6xfKnc27TpUZkjvSHyGpFSb
	WzejVsnsn1/RGoXhcqR1lVeA63HkFTMDLdwbTZ4d99KCfTC55pm8w0xZ1M5oOww9VISU
	tVVQ==
X-Gm-Message-State: 
 AOPr4FX2pXaMZm0+vSQCEUXEnCTM3q5j5bgSiLXk6KewiCxt1lssGR9twM7UxxzxQ25glA==
X-Received: by 10.194.230.97 with SMTP id sx1mr8976034wjc.0.1461748458149;
	Wed, 27 Apr 2016 02:14:18 -0700 (PDT)
Received: from cplx43.eu.thmulti.com ([141.11.62.7])
	by smtp.gmail.com with ESMTPSA id
	w3sm3002161wjt.0.2016.04.27.02.14.17
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 27 Apr 2016 02:14:17 -0700 (PDT)
From: Hans Dedecker <dedeckeh@gmail.com>
To: openwrt-devel@lists.openwrt.org
Date: Wed, 27 Apr 2016 11:14:01 +0200
Message-Id: <1461748442-9469-5-git-send-email-dedeckeh@gmail.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1461748442-9469-1-git-send-email-dedeckeh@gmail.com>
References: <1461748442-9469-1-git-send-email-dedeckeh@gmail.com>
Subject: [OpenWrt-Devel] [PATCH 5/6] dnsmasq: Add conntrack support in the
	full variant
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Cc: Hans Dedecker <dedeckeh@gmail.com>, cyrus@openwrt.org
MIME-Version: 1.0
Errors-To: openwrt-devel-bounces@lists.openwrt.org
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>

Conntrack support reads the connection track mark associated with
incoming DNS queries and sets the same mark value on the upstream
forwarded DNS query. This can be usefull to track traffic generated
by dnsmasq to associate it with the clients who generate the queries,
usefull for bandwidth accouting and firewall.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
---
 package/network/services/dnsmasq/Makefile | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index a5b96a3..3f12a40 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -25,7 +25,8 @@ PKG_BUILD_PARALLEL:=1
 PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \
 	CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \
 	CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \
-	CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset
+	CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset \
+	CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -51,9 +52,10 @@ endef
 
 define Package/dnsmasq-full
 $(call Package/dnsmasq/Default)
-  TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset enabled by default)
+  TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset, Conntrack enabled by default)
   DEPENDS:=+PACKAGE_dnsmasq_full_dnssec:libnettle \
-	+PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset
+	+PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset \
+	+PACKAGE_dnsmasq_full_conntrack:libnetfilter-conntrack
   VARIANT:=full
 endef
 
@@ -70,8 +72,8 @@ endef
 define Package/dnsmasq-full/description
 $(call Package/dnsmasq/description)
 
-This is a fully configurable variant with DHCPv6, DNSSEC, Authroitative DNS and
-IPset support enabled by default.
+This is a fully configurable variant with DHCPv6, DNSSEC, Authoritative DNS and
+IPset, Conntrack support enabled by default.
 endef
 
 define Package/dnsmasq/conffiles
@@ -94,6 +96,9 @@ define Package/dnsmasq-full/config
 	config PACKAGE_dnsmasq_full_ipset
 		bool "Build with IPset support."
 		default y
+	config PACKAGE_dnsmasq_full_conntrack
+		bool "Build with Conntrack support."
+		default y
 	endif
 endef
 
@@ -113,7 +118,8 @@ ifeq ($(BUILD_VARIANT),full)
 	COPTS += $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6),,-DNO_DHCP6) \
 		$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \
 		$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \
-		$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET)
+		$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) \
+		$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack),-DHAVE_CONNTRACK,)
 	COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,)
 else
 	COPTS += -DNO_AUTH -DNO_IPSET