[Dnsmasq-discuss] ipset-dns: Integrate Netfilter IPSet Support

Jason A. Donenfeld Jason at zx2c4.com
Fri Feb 15 20:14:48 GMT 2013


Hi Simon,

On Fri, Feb 15, 2013 at 3:05 PM, Simon Kelley <simon at thekelleys.org.uk> wrote:
> It looks like the extra code is quite small, so I'd certainly consider
> it.

Wonderful! I've extracted heavy lifting code into a separate file
(attached as ipset.c), and licensed it under the same license as
dnsmasq so that you can just copy and paste. Given that the
server=/.../ matching already exists and that the difficult netlink
part has already been written, adding this to dnsmasq should be very
trivial.

> Do you take account of the time-to-live of DNS records, or are
> ipsets create-only?

IPs can be both added and removed to and from ipsets. Ipset itself
doesn't have a built-in TTL mechanism, but it would be trivial to just
remove IPs from the ipset at the sametime dnsmasq purges its cache.
This isn't always the desired behavior, however -- if I have connected
to an IP address that was added to an ipset via its DNS lookup, I
don't want it to be removed from the ipset while I'm still connected
to it, even if the DNS TTL is up. In any case, I've added a "remove"
argument to the ipset function so that you can easily add this
functionality behind a switch.

Looking forward! Thanks Simon.

Jason
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipset.c
Type: text/x-csrc
Size: 3877 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20130215/fc3fc061/attachment-0001.c>


More information about the Dnsmasq-discuss mailing list