[Dnsmasq-discuss] [patch] logs ipset action

Simon Kelley simon at thekelleys.org.uk
Fri Mar 28 20:53:53 UTC 2014


Patch accepted, thanks.

Cheers,

Simon.


On 28/03/14 16:30, Wang Jian wrote:
> I have used ipset action for a while and it works pretty well. Before
> this ipset functionality exists, I used scripts to generate ipset
> lists based on dnsmasq server= rules.
> 
> But in the last few days, an ip subnet is added to REDSOCKS ipset
> which makes a lot of sites damn slow. Because there are other things
> happened at the same time frame (an outbound bandwidth hogging client;
> APCN2 submarine optical fiber cable broken, etc), I didn't figure out
> it first hand.
> 
> Today I was crazy when a should-be-lightning-fast site is very slow. I
> noticed that some .js is loading forever. I used firefox developer to
> find the domain, and found that it's ip subnet is in REDSOCKS ipset. I
> spent about half an hour trying to find which server= rule triggered
> this, but failed.
> 
> I have a 'direct' ipset which is used to bypass REDSOCKS ipset. So I
> add the ip subnet to this direct ipset. But another slowdown is
> expected sooner or later.
> 
> Here is a patch enable logs for ipset action (git pull
> https://github/lark/dnsmasq  ipset ). I use log_query in a hacky way
> to avoid coding lines.
> 
> 
> 
>>From 9d40d450debdde34fddbb6aa74989fd03a4aaa22 Mon Sep 17 00:00:00 2001
> From: Wang Jian <larkwang at gmail.com>
> Date: Fri, 28 Mar 2014 22:50:00 +0800
> Subject: [PATCH] Log when adding resolved IP(s) to ipset(s)
> 
> There are occasions that resolved IPs are not suitable for the specified
> ipset. Tracing this will be easier with logs.
> ---
>  src/cache.c   | 7 +++++++
>  src/dnsmasq.h | 1 +
>  src/rfc1035.c | 5 ++++-
>  3 files changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/src/cache.c b/src/cache.c
> index 64cfeb1..5cec918 100644
> --- a/src/cache.c
> +++ b/src/cache.c
> @@ -1609,6 +1609,13 @@ void log_query(unsigned int flags, char *name,
> struct all_addr *addr, char *arg)
>        source = arg;
>        verb = "to";
>      }
> +  else if (flags & F_IPSET)
> +    {
> +      source = "ipset add";
> +      dest = name;
> +      name = arg;
> +      verb = daemon->addrbuff;
> +    }
>    else
>      source = "cached";
> 
> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
> index 9c541eb..de2c97a 100644
> --- a/src/dnsmasq.h
> +++ b/src/dnsmasq.h
> @@ -435,6 +435,7 @@ struct crec {
>  #define F_KEYTAG    (1u<<23)
>  #define F_SECSTAT   (1u<<24)
>  #define F_NO_RR     (1u<<25)
> +#define F_IPSET     (1u<<26)
> 
>  /* Values of uid in crecs with F_CONFIG bit set. */
>  #define SRC_INTERFACE 0
> diff --git a/src/rfc1035.c b/src/rfc1035.c
> index 43a06b9..cc9ce82 100644
> --- a/src/rfc1035.c
> +++ b/src/rfc1035.c
> @@ -1102,7 +1102,10 @@ int extract_addresses(struct dns_header
> *header, size_t qlen, char *name, time_t
>                         {
>                           ipsets_cur = ipsets;
>                           while (*ipsets_cur)
> -                           add_to_ipset(*ipsets_cur++, &addr, flags, 0);
> +                            {
> +                             log_query(F_IPSET, name, &addr, *ipsets_cur);
> +                             add_to_ipset(*ipsets_cur++, &addr, flags, 0);
> +                            }
>                         }
>  #endif
> 




More information about the Dnsmasq-discuss mailing list