[Dnsmasq-discuss] [PATCH] Another regression from v2.83 on bound interfaces
Petr Menšík
pemensik at redhat.com
Mon Mar 15 11:32:50 UTC 2021
On 3/13/21 12:54 AM, Simon Kelley wrote:
> So, networkmanager is specifying a source address or interface with its
> servers? Slightly worrying that that inhibits random ports and reduces
> security anyway. I don't think your patch makes it any worse.
Sure, it uses interface names in forwarder definitions.
>
> I think it's possible to iterate over all the servers that a query could
> have been sent to using only forward->sentto as input, which would give
> the set of sfds a query would have been sent to and is a more
> conservative test than yours. I think yours is fine, but iterating over
> the possible servers saves us trying to prove that!
Oh, cool. I haven't realized frec->sentto contains enough information to
reproduce that loop.
>
>
> <FX: furious typing>
>
> I came up with the attached patch. It compiles, but is completely untested.
>
> Simon.
>
I am afraid your version cannot work.
for (s = f->sentto; s != f->sentto; s = s->next ? s->next : daemon->servers)
terminates it always without entering the loop.
Because I found many similar places, I moved the check into static
function and used it there. My version does not try to keep the same
order of servers, but it is used only as boolean check to ensure such
server exists, so I guess order can be ignored in this case. Moved sfd
check to start in attempt to optimize additional checks a little bit.
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Check-all-sentto-servers-fd.patch
Type: text/x-patch
Size: 3722 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210315/d321afd4/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210315/d321afd4/attachment-0001.sig>
More information about the Dnsmasq-discuss
mailing list