[Dnsmasq-discuss] Wildcards in tags
simon at thekelleys.org.uk
Wed Aug 25 14:33:45 UTC 2021
On 25/08/2021 13:08, Geoff Back wrote:
> Good morning,
> TL;DR: I need to wildcard-match interface tags and can't see how.
> I currently have dnsmasq working on a Linux VPN server to provide DHCP
> options to VPN clients by using these config elements to bind only the
> vpn interfaces:
> This works just fine. However, I now need to also run regular DHCP on
> other interfaces with different options. Tags seem like the perfect
> solution to this.
> As I understand it, the interface on which the request is received
> becomes a tag, which would seem fine, but as far as I can tell from the
> source of version 2.85, the tag:xxx in dhcp-option etc do not support
> wildcards like the 'interface' directive, so I cannot use e.g.
> So I figure OK, set another tag based on the interface tag to represent
> a "group of interfaces", and I end up with this:
> # basic binding settings for all PPP interfaces plus two ethernets.
> # Set a tag for all requests on PPP interfaces.
> # If I understand correctly requests on ppp2 (for example) set a tag ppp2,
> # This should work according to docs but there could be dozens of ppp
> # interfaces in use making this really long and adding a lot of checks
> to every request.
> ... repeated as necessary ...
> # DHCP for all ppp interfaces
> # match using tag set by tag-if above.
> # DHCP for lan2
> # match to interface tag
> Instead of having to give large numbers of "tag-if=set:ppp,tag:ppp9"
> lines for all the possible ppp interfaces, I would like to do this:
> # set 'ppp' tag for all PPP interfaces
> Of course, allowing wildcards on all tag matches would work too, but my
> thinking is that restricting wildcards to 'tag-if' avoids the
> performance impact of potentially doing wildcard checks on every
> 'dhcp-option' etc. during DHCP packet processing and instead it gets
> done once through 'tag-if'.
> Have I missed something and there is already a way to do this?
> Or if not, is it something that could be added?
> If it's an acceptable add, I can knock up a patch to do it but I'll have
> to learn enough of the dnsmasq code first.
Your solution sounds like a good one to me. I'd certainly take a patch,
especially if it updated the man page too.
To get started, look at run_tag_if() and match_netid() in
src/dhcp-common.c match_netid() does the matching and is called all over
the place, so you either need to replace the call to match_netid() in
run_tag_if() with code that implements the wildcard matching, or extend
match_netid to do wildcard matching when the third argument is 2 or
More information about the Dnsmasq-discuss