[Dnsmasq-discuss] [patch] logs ipset action

Wang Jian larkwang at gmail.com
Sat Mar 29 02:39:18 UTC 2014


Thanks.

I forgot to mention that I didn't test the patch yet. I coded it while
waiting for a time consuming build.

2014-03-29 4:53 GMT+08:00 Simon Kelley <simon at thekelleys.org.uk>:
> Patch accepted, thanks.
>
> Cheers,
>
> Simon.
>
>
> On 28/03/14 16:30, Wang Jian wrote:
>> I have used ipset action for a while and it works pretty well. Before
>> this ipset functionality exists, I used scripts to generate ipset
>> lists based on dnsmasq server= rules.
>>
>> But in the last few days, an ip subnet is added to REDSOCKS ipset
>> which makes a lot of sites damn slow. Because there are other things
>> happened at the same time frame (an outbound bandwidth hogging client;
>> APCN2 submarine optical fiber cable broken, etc), I didn't figure out
>> it first hand.
>>
>> Today I was crazy when a should-be-lightning-fast site is very slow. I
>> noticed that some .js is loading forever. I used firefox developer to
>> find the domain, and found that it's ip subnet is in REDSOCKS ipset. I
>> spent about half an hour trying to find which server= rule triggered
>> this, but failed.
>>
>> I have a 'direct' ipset which is used to bypass REDSOCKS ipset. So I
>> add the ip subnet to this direct ipset. But another slowdown is
>> expected sooner or later.
>>
>> Here is a patch enable logs for ipset action (git pull
>> https://github/lark/dnsmasq  ipset ). I use log_query in a hacky way
>> to avoid coding lines.
>>
>>
>>
>>>From 9d40d450debdde34fddbb6aa74989fd03a4aaa22 Mon Sep 17 00:00:00 2001
>> From: Wang Jian <larkwang at gmail.com>
>> Date: Fri, 28 Mar 2014 22:50:00 +0800
>> Subject: [PATCH] Log when adding resolved IP(s) to ipset(s)
>>
>> There are occasions that resolved IPs are not suitable for the specified
>> ipset. Tracing this will be easier with logs.
>> ---
>>  src/cache.c   | 7 +++++++
>>  src/dnsmasq.h | 1 +
>>  src/rfc1035.c | 5 ++++-
>>  3 files changed, 12 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/cache.c b/src/cache.c
>> index 64cfeb1..5cec918 100644
>> --- a/src/cache.c
>> +++ b/src/cache.c
>> @@ -1609,6 +1609,13 @@ void log_query(unsigned int flags, char *name,
>> struct all_addr *addr, char *arg)
>>        source = arg;
>>        verb = "to";
>>      }
>> +  else if (flags & F_IPSET)
>> +    {
>> +      source = "ipset add";
>> +      dest = name;
>> +      name = arg;
>> +      verb = daemon->addrbuff;
>> +    }
>>    else
>>      source = "cached";
>>
>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
>> index 9c541eb..de2c97a 100644
>> --- a/src/dnsmasq.h
>> +++ b/src/dnsmasq.h
>> @@ -435,6 +435,7 @@ struct crec {
>>  #define F_KEYTAG    (1u<<23)
>>  #define F_SECSTAT   (1u<<24)
>>  #define F_NO_RR     (1u<<25)
>> +#define F_IPSET     (1u<<26)
>>
>>  /* Values of uid in crecs with F_CONFIG bit set. */
>>  #define SRC_INTERFACE 0
>> diff --git a/src/rfc1035.c b/src/rfc1035.c
>> index 43a06b9..cc9ce82 100644
>> --- a/src/rfc1035.c
>> +++ b/src/rfc1035.c
>> @@ -1102,7 +1102,10 @@ int extract_addresses(struct dns_header
>> *header, size_t qlen, char *name, time_t
>>                         {
>>                           ipsets_cur = ipsets;
>>                           while (*ipsets_cur)
>> -                           add_to_ipset(*ipsets_cur++, &addr, flags, 0);
>> +                            {
>> +                             log_query(F_IPSET, name, &addr, *ipsets_cur);
>> +                             add_to_ipset(*ipsets_cur++, &addr, flags, 0);
>> +                            }
>>                         }
>>  #endif
>>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



More information about the Dnsmasq-discuss mailing list