[Dnsmasq-discuss] [patch] logs ipset action
Wang Jian
larkwang at gmail.com
Fri Mar 28 16:30:22 UTC 2014
I have used ipset action for a while and it works pretty well. Before
this ipset functionality exists, I used scripts to generate ipset
lists based on dnsmasq server= rules.
But in the last few days, an ip subnet is added to REDSOCKS ipset
which makes a lot of sites damn slow. Because there are other things
happened at the same time frame (an outbound bandwidth hogging client;
APCN2 submarine optical fiber cable broken, etc), I didn't figure out
it first hand.
Today I was crazy when a should-be-lightning-fast site is very slow. I
noticed that some .js is loading forever. I used firefox developer to
find the domain, and found that it's ip subnet is in REDSOCKS ipset. I
spent about half an hour trying to find which server= rule triggered
this, but failed.
I have a 'direct' ipset which is used to bypass REDSOCKS ipset. So I
add the ip subnet to this direct ipset. But another slowdown is
expected sooner or later.
Here is a patch enable logs for ipset action (git pull
https://github/lark/dnsmasq ipset ). I use log_query in a hacky way
to avoid coding lines.
>From 9d40d450debdde34fddbb6aa74989fd03a4aaa22 Mon Sep 17 00:00:00 2001
From: Wang Jian <larkwang at gmail.com>
Date: Fri, 28 Mar 2014 22:50:00 +0800
Subject: [PATCH] Log when adding resolved IP(s) to ipset(s)
There are occasions that resolved IPs are not suitable for the specified
ipset. Tracing this will be easier with logs.
---
src/cache.c | 7 +++++++
src/dnsmasq.h | 1 +
src/rfc1035.c | 5 ++++-
3 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/cache.c b/src/cache.c
index 64cfeb1..5cec918 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1609,6 +1609,13 @@ void log_query(unsigned int flags, char *name,
struct all_addr *addr, char *arg)
source = arg;
verb = "to";
}
+ else if (flags & F_IPSET)
+ {
+ source = "ipset add";
+ dest = name;
+ name = arg;
+ verb = daemon->addrbuff;
+ }
else
source = "cached";
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 9c541eb..de2c97a 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -435,6 +435,7 @@ struct crec {
#define F_KEYTAG (1u<<23)
#define F_SECSTAT (1u<<24)
#define F_NO_RR (1u<<25)
+#define F_IPSET (1u<<26)
/* Values of uid in crecs with F_CONFIG bit set. */
#define SRC_INTERFACE 0
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 43a06b9..cc9ce82 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1102,7 +1102,10 @@ int extract_addresses(struct dns_header
*header, size_t qlen, char *name, time_t
{
ipsets_cur = ipsets;
while (*ipsets_cur)
- add_to_ipset(*ipsets_cur++, &addr, flags, 0);
+ {
+ log_query(F_IPSET, name, &addr, *ipsets_cur);
+ add_to_ipset(*ipsets_cur++, &addr, flags, 0);
+ }
}
#endif
--
1.9.0
More information about the Dnsmasq-discuss
mailing list