[Dnsmasq-discuss] [patch] logs ipset action
Simon Kelley
simon at thekelleys.org.uk
Sat Mar 29 09:21:05 UTC 2014
On 29/03/14 02:39, Wang Jian wrote:
> Thanks.
>
> I forgot to mention that I didn't test the patch yet. I coded it while
> waiting for a time consuming build.
OK, I tested it and just pushed the required fix.
Cheers,
Simon.
>
> 2014-03-29 4:53 GMT+08:00 Simon Kelley <simon at thekelleys.org.uk>:
>> Patch accepted, thanks.
>>
>> Cheers,
>>
>> Simon.
>>
>>
>> On 28/03/14 16:30, Wang Jian wrote:
>>> I have used ipset action for a while and it works pretty well. Before
>>> this ipset functionality exists, I used scripts to generate ipset
>>> lists based on dnsmasq server= rules.
>>>
>>> But in the last few days, an ip subnet is added to REDSOCKS ipset
>>> which makes a lot of sites damn slow. Because there are other things
>>> happened at the same time frame (an outbound bandwidth hogging client;
>>> APCN2 submarine optical fiber cable broken, etc), I didn't figure out
>>> it first hand.
>>>
>>> Today I was crazy when a should-be-lightning-fast site is very slow. I
>>> noticed that some .js is loading forever. I used firefox developer to
>>> find the domain, and found that it's ip subnet is in REDSOCKS ipset. I
>>> spent about half an hour trying to find which server= rule triggered
>>> this, but failed.
>>>
>>> I have a 'direct' ipset which is used to bypass REDSOCKS ipset. So I
>>> add the ip subnet to this direct ipset. But another slowdown is
>>> expected sooner or later.
>>>
>>> Here is a patch enable logs for ipset action (git pull
>>> https://github/lark/dnsmasq ipset ). I use log_query in a hacky way
>>> to avoid coding lines.
>>>
>>>
>>>
>>> >From 9d40d450debdde34fddbb6aa74989fd03a4aaa22 Mon Sep 17 00:00:00 2001
>>> From: Wang Jian <larkwang at gmail.com>
>>> Date: Fri, 28 Mar 2014 22:50:00 +0800
>>> Subject: [PATCH] Log when adding resolved IP(s) to ipset(s)
>>>
>>> There are occasions that resolved IPs are not suitable for the specified
>>> ipset. Tracing this will be easier with logs.
>>> ---
>>> src/cache.c | 7 +++++++
>>> src/dnsmasq.h | 1 +
>>> src/rfc1035.c | 5 ++++-
>>> 3 files changed, 12 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/src/cache.c b/src/cache.c
>>> index 64cfeb1..5cec918 100644
>>> --- a/src/cache.c
>>> +++ b/src/cache.c
>>> @@ -1609,6 +1609,13 @@ void log_query(unsigned int flags, char *name,
>>> struct all_addr *addr, char *arg)
>>> source = arg;
>>> verb = "to";
>>> }
>>> + else if (flags & F_IPSET)
>>> + {
>>> + source = "ipset add";
>>> + dest = name;
>>> + name = arg;
>>> + verb = daemon->addrbuff;
>>> + }
>>> else
>>> source = "cached";
>>>
>>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
>>> index 9c541eb..de2c97a 100644
>>> --- a/src/dnsmasq.h
>>> +++ b/src/dnsmasq.h
>>> @@ -435,6 +435,7 @@ struct crec {
>>> #define F_KEYTAG (1u<<23)
>>> #define F_SECSTAT (1u<<24)
>>> #define F_NO_RR (1u<<25)
>>> +#define F_IPSET (1u<<26)
>>>
>>> /* Values of uid in crecs with F_CONFIG bit set. */
>>> #define SRC_INTERFACE 0
>>> diff --git a/src/rfc1035.c b/src/rfc1035.c
>>> index 43a06b9..cc9ce82 100644
>>> --- a/src/rfc1035.c
>>> +++ b/src/rfc1035.c
>>> @@ -1102,7 +1102,10 @@ int extract_addresses(struct dns_header
>>> *header, size_t qlen, char *name, time_t
>>> {
>>> ipsets_cur = ipsets;
>>> while (*ipsets_cur)
>>> - add_to_ipset(*ipsets_cur++, &addr, flags, 0);
>>> + {
>>> + log_query(F_IPSET, name, &addr, *ipsets_cur);
>>> + add_to_ipset(*ipsets_cur++, &addr, flags, 0);
>>> + }
>>> }
>>> #endif
>>>
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list