[Dnsmasq-discuss] Wildcards in tags

Simon Kelley simon at thekelleys.org.uk
Sun Aug 29 12:55:23 UTC 2021


Patch applied. That's great, thanks. There's a second patch to be
processed, and then I'll make 2.86rc2


Cheers,

Simon.



On 25/08/2021 21:15, Geoff Back wrote:
> 
> 
> On 25/08/2021 21:09, Geoff Back wrote:
>> On 25/08/2021 15:33, Simon Kelley wrote:
>>> On 25/08/2021 13:08, Geoff Back wrote:
>>>> Good morning,
>>>>
>>>> TL;DR: I need to wildcard-match interface tags and can't see how.
>>>>
>>>> I currently have dnsmasq working on a Linux VPN server to provide DHCP
>>>> options to VPN clients by using these config elements to bind only the
>>>> vpn interfaces:
>>>>
>>>> ====8<==============8<================
>>>> interface=ppp*
>>>> bind-dynamic
>>>> dhcp-range=10.99.0.254,static
>>>> dhcp-option=option:router
>>>> dhcp-option=6,10.99.0.254
>>>> dhcp-option=121,<routes>
>>>> dhcp-option=249,<routes>
>>>> ====8<==============8<================
>>>>
>>>> This works just fine.  However, I now need to also run regular DHCP on
>>>> other interfaces with different options.  Tags seem like the perfect
>>>> solution to this.
>>>>
>>>> As I understand it, the interface on which the request is received
>>>> becomes a tag, which would seem fine, but as far as I can tell from the
>>>> source of version 2.85, the tag:xxx in dhcp-option etc do not support
>>>> wildcards like the 'interface' directive, so I cannot use e.g.
>>>>
>>>> dhcp-option=tag:ppp*,option:router
>>>>
>>>> So I figure OK, set another tag based on the interface tag to represent
>>>> a "group of interfaces", and I end up with this:
>>>>
>>>> ====8<==============8<================
>>>>
>>>> # basic binding settings for all PPP interfaces plus two ethernets.
>>>> bind-dynamic
>>>> interface=ppp*
>>>> interface=lan2
>>>> interface=lan3
>>>>
>>>> # Set a tag for all requests on PPP interfaces.
>>>> # If I understand correctly requests on ppp2 (for example) set a tag ppp2,
>>>> # This should work according to docs but there could be dozens of ppp
>>>> # interfaces in use making this really long and adding a lot of checks
>>>> to every request.
>>>> tag-if=set:ppp,tag:ppp0
>>>> tag-if=set:ppp,tag:ppp1
>>>> tag-if=set:ppp,tag:ppp2
>>>> ... repeated as necessary ...
>>>>
>>>> # DHCP for all ppp interfaces
>>>> # match using tag set by tag-if above.
>>>> dhcp-range=tag:ppp,10.99.0.254,static
>>>> dhcp-option=tag:ppp,option:router
>>>> dhcp-option=tag:ppp,6,10.99.0.254
>>>> dhcp-option=tag:ppp,121,<routes>
>>>> dhcp-option=tag:ppp,249,<routes>
>>>>
>>>> # DHCP for lan2
>>>> # match to interface tag
>>>> dhcp-range=tag:lan2,10.0.0.1,10.0.0.99
>>>> dhcp-option=tag:lan2,option:router,10.0.0.254
>>>>
>>>> ====8<==============8<================
>>>>
>>>> Instead of having to give large numbers of "tag-if=set:ppp,tag:ppp9"
>>>> lines for all the possible ppp interfaces, I would like to do this:
>>>>
>>>> # set 'ppp' tag for all PPP interfaces
>>>> tag-if=set:ppp,tag:ppp*
>>>>
>>>> Of course, allowing wildcards on all tag matches would work too, but my
>>>> thinking is that restricting wildcards to 'tag-if' avoids the
>>>> performance impact of potentially doing wildcard checks on every
>>>> 'dhcp-option' etc. during DHCP packet processing and instead it gets
>>>> done once through 'tag-if'.
>>>>
>>>> Have I missed something and there is already a way to do this?
>>>> Or if not, is it something that could be added?
>>>>
>>>> If it's an acceptable add, I can knock up a patch to do it but I'll have
>>>> to learn enough of the dnsmasq code first.
>>>>
>>>> Regards,
>>>>
>>>> Geoff.
>>>>
>>> Your solution sounds like a good one to me. I'd certainly take a patch,
>>> especially if it updated the man page too.
>>>
>>> To get started, look at run_tag_if() and match_netid() in
>>> src/dhcp-common.c match_netid() does the matching and is called all over
>>> the place, so you either need to replace the call to match_netid() in
>>> run_tag_if() with code that implements the wildcard matching, or extend
>>> match_netid to do wildcard matching when the third argument is 2 or
>>> something similar.
>>>
>>>
>>> Cheers,
>>>
>>> Simon.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>> Hi Simon,
>>
>> Attached is a patch against tag v2.86rc1 that implements wildcards in
>> --tag-if and updates the man page.
>>
>> Cheers,
>>
>> Geoff.
>>
> Hi,
> 
> Oops, there's a bug in the patch (which still lets it work in my test
> case).  Updated patch attached.
> Sorry about that.
> 
> Cheers,
> 
> Geoff.
> 
> -- 
> Geoff Back
> What if we're all just characters in someone's nightmares?
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> 




More information about the Dnsmasq-discuss mailing list