dnsmasq-2.86-filter-aaaa+https+unknown.patch

diff --git a/src/cache.c b/src/cache.c
index 8add610..c94132e 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -66,6 +66,7 @@ static const struct {
   { 52,  "TLSA" },
   { 53,  "SMIMEA" },
   { 55,  "HIP" },
+  { 65,  "HTTPS"},
   { 249, "TKEY" },
   { 250, "TSIG" },
   { 251, "IXFR" },
@@ -1805,6 +1806,20 @@ char *record_source(unsigned int index)
   return "<unknown>";
 }
 
+// patch: function returns integer 1 if query type is unknown.
+// known types are defined in cache.c:typestr:36.
+int is_query_type_unknown(unsigned short type)
+{
+  unsigned int i;
+  for (i = 0; i < (sizeof(typestr)/sizeof(typestr[0])); i++)
+    if (typestr[i].type == type) 
+      {
+	return 0;
+      }
+  return 1;
+}
+// end of patch 
+
 char *querystr(char *desc, unsigned short type)
 {
   unsigned int i;
diff --git a/src/dns-protocol.h b/src/dns-protocol.h
index 496a4bb..ed0d64a 100644
--- a/src/dns-protocol.h
+++ b/src/dns-protocol.h
@@ -71,6 +71,7 @@
 #define T_NSEC          47
 #define T_DNSKEY        48
 #define T_NSEC3         50
+#define T_HTTPS         65
 #define	T_TKEY		249		
 #define	T_TSIG		250
 #define T_AXFR          252
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 8674823..642e91b 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -275,7 +275,10 @@ struct event_desc {
 #define OPT_UMBRELLA_DEVID 64
 #define OPT_CMARK_ALST_EN  65
 #define OPT_QUIET_TFTP     66
-#define OPT_LAST           67
+#define OPT_FILTER_AAAA    67
+#define OPT_FILTER_HTTPS   68
+#define OPT_FILTER_UNKNOWN 69
+#define OPT_LAST           70
 
 #define OPTION_BITS (sizeof(unsigned int)*8)
 #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
@@ -1247,6 +1250,10 @@ void cache_init(void);
 void next_uid(struct crec *crecp);
 void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg); 
 char *record_source(unsigned int index);
+// patch: function returns integer 1 if query type is unknown
+// known types are defined in cache.c:typestr:36.
+int is_query_type_unknown(unsigned short type);
+// end of patch
 char *querystr(char *desc, unsigned short type);
 int cache_find_non_terminal(char *name, time_t now);
 struct crec *cache_find_by_addr(struct crec *crecp,
diff --git a/src/option.c b/src/option.c
index ffce9fc..3993c10 100644
--- a/src/option.c
+++ b/src/option.c
@@ -174,6 +174,9 @@ struct myoption {
 #define LOPT_CMARK_ALST_EN 365
 #define LOPT_CMARK_ALST    366
 #define LOPT_QUIET_TFTP    367
+#define LOPT_FILTER_AAAA   368
+#define LOPT_FILTER_HTTPS  369
+#define LOPT_FILTER_UNKNOWN 370
  
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
@@ -353,6 +356,9 @@ static const struct myoption opts[] =
     { "log-debug", 0, 0, LOPT_LOG_DEBUG },
 	{ "umbrella", 2, 0, LOPT_UMBRELLA },
     { "quiet-tftp", 0, 0, LOPT_QUIET_TFTP },
+    { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA },
+    { "filter-https", 0, 0, LOPT_FILTER_HTTPS },
+    { "filter-unknown", 0, 0, LOPT_FILTER_UNKNOWN },
     { NULL, 0, 0, 0 }
   };
 
@@ -539,6 +545,9 @@ static struct {
   { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
   { LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL },
   { LOPT_QUIET_TFTP, OPT_QUIET_TFTP, NULL, gettext_noop("Do not log routine TFTP."), NULL },
+  { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL },
+  { LOPT_FILTER_HTTPS, OPT_FILTER_HTTPS, NULL, gettext_noop("Filter all HTTPS/query type 65 requests."), NULL },
+  { LOPT_FILTER_UNKNOWN, OPT_FILTER_UNKNOWN, NULL, gettext_noop("Filter all unknown query types (known are defined in cache.c)."), NULL },
   { 0, 0, NULL, NULL, NULL }
 }; 
 
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 6fc4f26..395634b 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1987,6 +1987,32 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 	    }
 	}
 
+    //patch to filter aaaa forwards
+    if (qtype == T_AAAA && option_bool(OPT_FILTER_AAAA) ){
+        //return a null reply
+        ans = 1;
+        if (!dryrun) log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
+            break;
+    }
+    //end of patch
+    //patch to filter https/query type 65 forwards
+    if (qtype == T_HTTPS && option_bool(OPT_FILTER_HTTPS) ){
+        //return a null reply
+        ans = 1;
+        if (!dryrun) log_query(F_CONFIG | F_IPV4 | F_NEG, name, &addr, NULL);
+            break;
+    }
+    //end of patch
+    //patch to filter all unknown query types
+    //known types are defined in cache.c:typestr:36.
+    if (is_query_type_unknown(qtype) && option_bool(OPT_FILTER_UNKNOWN)) {
+        //return a null reply
+        ans = 1;
+        if (!dryrun) log_query(F_CONFIG | F_NEG, name, NULL, NULL);
+            break;
+    }
+    //end of patch
+
       if (!ans)
 	return 0; /* failed to answer a question */
     }