[Dnsmasq-discuss] [patch] logs ipset action

Simon Kelley simon at thekelleys.org.uk
Sat Mar 29 09:21:05 UTC 2014


On 29/03/14 02:39, Wang Jian wrote:
> Thanks.
> 
> I forgot to mention that I didn't test the patch yet. I coded it while
> waiting for a time consuming build.

OK, I tested it and just pushed the required fix.

Cheers,


Simon.

> 
> 2014-03-29 4:53 GMT+08:00 Simon Kelley <simon at thekelleys.org.uk>:
>> Patch accepted, thanks.
>>
>> Cheers,
>>
>> Simon.
>>
>>
>> On 28/03/14 16:30, Wang Jian wrote:
>>> I have used ipset action for a while and it works pretty well. Before
>>> this ipset functionality exists, I used scripts to generate ipset
>>> lists based on dnsmasq server= rules.
>>>
>>> But in the last few days, an ip subnet is added to REDSOCKS ipset
>>> which makes a lot of sites damn slow. Because there are other things
>>> happened at the same time frame (an outbound bandwidth hogging client;
>>> APCN2 submarine optical fiber cable broken, etc), I didn't figure out
>>> it first hand.
>>>
>>> Today I was crazy when a should-be-lightning-fast site is very slow. I
>>> noticed that some .js is loading forever. I used firefox developer to
>>> find the domain, and found that it's ip subnet is in REDSOCKS ipset. I
>>> spent about half an hour trying to find which server= rule triggered
>>> this, but failed.
>>>
>>> I have a 'direct' ipset which is used to bypass REDSOCKS ipset. So I
>>> add the ip subnet to this direct ipset. But another slowdown is
>>> expected sooner or later.
>>>
>>> Here is a patch enable logs for ipset action (git pull
>>> https://github/lark/dnsmasq  ipset ). I use log_query in a hacky way
>>> to avoid coding lines.
>>>
>>>
>>>
>>> >From 9d40d450debdde34fddbb6aa74989fd03a4aaa22 Mon Sep 17 00:00:00 2001
>>> From: Wang Jian <larkwang at gmail.com>
>>> Date: Fri, 28 Mar 2014 22:50:00 +0800
>>> Subject: [PATCH] Log when adding resolved IP(s) to ipset(s)
>>>
>>> There are occasions that resolved IPs are not suitable for the specified
>>> ipset. Tracing this will be easier with logs.
>>> ---
>>>  src/cache.c   | 7 +++++++
>>>  src/dnsmasq.h | 1 +
>>>  src/rfc1035.c | 5 ++++-
>>>  3 files changed, 12 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/src/cache.c b/src/cache.c
>>> index 64cfeb1..5cec918 100644
>>> --- a/src/cache.c
>>> +++ b/src/cache.c
>>> @@ -1609,6 +1609,13 @@ void log_query(unsigned int flags, char *name,
>>> struct all_addr *addr, char *arg)
>>>        source = arg;
>>>        verb = "to";
>>>      }
>>> +  else if (flags & F_IPSET)
>>> +    {
>>> +      source = "ipset add";
>>> +      dest = name;
>>> +      name = arg;
>>> +      verb = daemon->addrbuff;
>>> +    }
>>>    else
>>>      source = "cached";
>>>
>>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
>>> index 9c541eb..de2c97a 100644
>>> --- a/src/dnsmasq.h
>>> +++ b/src/dnsmasq.h
>>> @@ -435,6 +435,7 @@ struct crec {
>>>  #define F_KEYTAG    (1u<<23)
>>>  #define F_SECSTAT   (1u<<24)
>>>  #define F_NO_RR     (1u<<25)
>>> +#define F_IPSET     (1u<<26)
>>>
>>>  /* Values of uid in crecs with F_CONFIG bit set. */
>>>  #define SRC_INTERFACE 0
>>> diff --git a/src/rfc1035.c b/src/rfc1035.c
>>> index 43a06b9..cc9ce82 100644
>>> --- a/src/rfc1035.c
>>> +++ b/src/rfc1035.c
>>> @@ -1102,7 +1102,10 @@ int extract_addresses(struct dns_header
>>> *header, size_t qlen, char *name, time_t
>>>                         {
>>>                           ipsets_cur = ipsets;
>>>                           while (*ipsets_cur)
>>> -                           add_to_ipset(*ipsets_cur++, &addr, flags, 0);
>>> +                            {
>>> +                             log_query(F_IPSET, name, &addr, *ipsets_cur);
>>> +                             add_to_ipset(*ipsets_cur++, &addr, flags, 0);
>>> +                            }
>>>                         }
>>>  #endif
>>>
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 




More information about the Dnsmasq-discuss mailing list