[Dnsmasq-discuss] [patch] logs ipset action
Simon Kelley
simon at thekelleys.org.uk
Fri Mar 28 20:53:53 UTC 2014
Patch accepted, thanks.
Cheers,
Simon.
On 28/03/14 16:30, Wang Jian wrote:
> I have used ipset action for a while and it works pretty well. Before
> this ipset functionality exists, I used scripts to generate ipset
> lists based on dnsmasq server= rules.
>
> But in the last few days, an ip subnet is added to REDSOCKS ipset
> which makes a lot of sites damn slow. Because there are other things
> happened at the same time frame (an outbound bandwidth hogging client;
> APCN2 submarine optical fiber cable broken, etc), I didn't figure out
> it first hand.
>
> Today I was crazy when a should-be-lightning-fast site is very slow. I
> noticed that some .js is loading forever. I used firefox developer to
> find the domain, and found that it's ip subnet is in REDSOCKS ipset. I
> spent about half an hour trying to find which server= rule triggered
> this, but failed.
>
> I have a 'direct' ipset which is used to bypass REDSOCKS ipset. So I
> add the ip subnet to this direct ipset. But another slowdown is
> expected sooner or later.
>
> Here is a patch enable logs for ipset action (git pull
> https://github/lark/dnsmasq ipset ). I use log_query in a hacky way
> to avoid coding lines.
>
>
>
>>From 9d40d450debdde34fddbb6aa74989fd03a4aaa22 Mon Sep 17 00:00:00 2001
> From: Wang Jian <larkwang at gmail.com>
> Date: Fri, 28 Mar 2014 22:50:00 +0800
> Subject: [PATCH] Log when adding resolved IP(s) to ipset(s)
>
> There are occasions that resolved IPs are not suitable for the specified
> ipset. Tracing this will be easier with logs.
> ---
> src/cache.c | 7 +++++++
> src/dnsmasq.h | 1 +
> src/rfc1035.c | 5 ++++-
> 3 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/src/cache.c b/src/cache.c
> index 64cfeb1..5cec918 100644
> --- a/src/cache.c
> +++ b/src/cache.c
> @@ -1609,6 +1609,13 @@ void log_query(unsigned int flags, char *name,
> struct all_addr *addr, char *arg)
> source = arg;
> verb = "to";
> }
> + else if (flags & F_IPSET)
> + {
> + source = "ipset add";
> + dest = name;
> + name = arg;
> + verb = daemon->addrbuff;
> + }
> else
> source = "cached";
>
> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
> index 9c541eb..de2c97a 100644
> --- a/src/dnsmasq.h
> +++ b/src/dnsmasq.h
> @@ -435,6 +435,7 @@ struct crec {
> #define F_KEYTAG (1u<<23)
> #define F_SECSTAT (1u<<24)
> #define F_NO_RR (1u<<25)
> +#define F_IPSET (1u<<26)
>
> /* Values of uid in crecs with F_CONFIG bit set. */
> #define SRC_INTERFACE 0
> diff --git a/src/rfc1035.c b/src/rfc1035.c
> index 43a06b9..cc9ce82 100644
> --- a/src/rfc1035.c
> +++ b/src/rfc1035.c
> @@ -1102,7 +1102,10 @@ int extract_addresses(struct dns_header
> *header, size_t qlen, char *name, time_t
> {
> ipsets_cur = ipsets;
> while (*ipsets_cur)
> - add_to_ipset(*ipsets_cur++, &addr, flags, 0);
> + {
> + log_query(F_IPSET, name, &addr, *ipsets_cur);
> + add_to_ipset(*ipsets_cur++, &addr, flags, 0);
> + }
> }
> #endif
>
More information about the Dnsmasq-discuss
mailing list