[Dnsmasq-discuss] Wildcards in tags

Fri Sep 3 12:16:12 UTC 2021

Hi Simon and Geoff,

I would include just small safeguard in the code. It may dereference
negative char index in case of empty string. No empty strings there are
allowed now, but I think failsafe in this place would be worth few cpu
cycles.

Patch attached.

What would you think?

Cheers,

Petr

On 8/29/21 2:55 PM, Simon Kelley wrote:
> Patch applied. That's great, thanks. There's a second patch to be
> processed, and then I'll make 2.86rc2
>
>
> Cheers,
>
> Simon.
>
>
>
> On 25/08/2021 21:15, Geoff Back wrote:
>>
>> On 25/08/2021 21:09, Geoff Back wrote:
>>> On 25/08/2021 15:33, Simon Kelley wrote:
>>>> On 25/08/2021 13:08, Geoff Back wrote:
>>>>> Good morning,
>>>>>
>>>>> TL;DR: I need to wildcard-match interface tags and can't see how.
>>>>>
>>>>> I currently have dnsmasq working on a Linux VPN server to provide DHCP
>>>>> options to VPN clients by using these config elements to bind only the
>>>>> vpn interfaces:
>>>>>
>>>>> ====8<==============8<================
>>>>> interface=ppp*
>>>>> bind-dynamic
>>>>> dhcp-range=10.99.0.254,static
>>>>> dhcp-option=option:router
>>>>> dhcp-option=6,10.99.0.254
>>>>> dhcp-option=121,<routes>
>>>>> dhcp-option=249,<routes>
>>>>> ====8<==============8<================
>>>>>
>>>>> This works just fine.  However, I now need to also run regular DHCP on
>>>>> other interfaces with different options.  Tags seem like the perfect
>>>>> solution to this.
>>>>>
>>>>> As I understand it, the interface on which the request is received
>>>>> becomes a tag, which would seem fine, but as far as I can tell from the
>>>>> source of version 2.85, the tag:xxx in dhcp-option etc do not support
>>>>> wildcards like the 'interface' directive, so I cannot use e.g.
>>>>>
>>>>> dhcp-option=tag:ppp*,option:router
>>>>>
>>>>> So I figure OK, set another tag based on the interface tag to represent
>>>>> a "group of interfaces", and I end up with this:
>>>>>
>>>>> ====8<==============8<================
>>>>>
>>>>> # basic binding settings for all PPP interfaces plus two ethernets.
>>>>> bind-dynamic
>>>>> interface=ppp*
>>>>> interface=lan2
>>>>> interface=lan3
>>>>>
>>>>> # Set a tag for all requests on PPP interfaces.
>>>>> # If I understand correctly requests on ppp2 (for example) set a tag ppp2,
>>>>> # This should work according to docs but there could be dozens of ppp
>>>>> # interfaces in use making this really long and adding a lot of checks
>>>>> to every request.
>>>>> tag-if=set:ppp,tag:ppp0
>>>>> tag-if=set:ppp,tag:ppp1
>>>>> tag-if=set:ppp,tag:ppp2
>>>>> ... repeated as necessary ...
>>>>>
>>>>> # DHCP for all ppp interfaces
>>>>> # match using tag set by tag-if above.
>>>>> dhcp-range=tag:ppp,10.99.0.254,static
>>>>> dhcp-option=tag:ppp,option:router
>>>>> dhcp-option=tag:ppp,6,10.99.0.254
>>>>> dhcp-option=tag:ppp,121,<routes>
>>>>> dhcp-option=tag:ppp,249,<routes>
>>>>>
>>>>> # DHCP for lan2
>>>>> # match to interface tag
>>>>> dhcp-range=tag:lan2,10.0.0.1,10.0.0.99
>>>>> dhcp-option=tag:lan2,option:router,10.0.0.254
>>>>>
>>>>> ====8<==============8<================
>>>>>
>>>>> Instead of having to give large numbers of "tag-if=set:ppp,tag:ppp9"
>>>>> lines for all the possible ppp interfaces, I would like to do this:
>>>>>
>>>>> # set 'ppp' tag for all PPP interfaces
>>>>> tag-if=set:ppp,tag:ppp*
>>>>>
>>>>> Of course, allowing wildcards on all tag matches would work too, but my
>>>>> thinking is that restricting wildcards to 'tag-if' avoids the
>>>>> performance impact of potentially doing wildcard checks on every
>>>>> 'dhcp-option' etc. during DHCP packet processing and instead it gets
>>>>> done once through 'tag-if'.
>>>>>
>>>>> Have I missed something and there is already a way to do this?
>>>>> Or if not, is it something that could be added?
>>>>>
>>>>> If it's an acceptable add, I can knock up a patch to do it but I'll have
>>>>> to learn enough of the dnsmasq code first.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Geoff.
>>>>>
>>>> Your solution sounds like a good one to me. I'd certainly take a patch,
>>>> especially if it updated the man page too.
>>>>
>>>> To get started, look at run_tag_if() and match_netid() in
>>>> src/dhcp-common.c match_netid() does the matching and is called all over
>>>> the place, so you either need to replace the call to match_netid() in
>>>> run_tag_if() with code that implements the wildcard matching, or extend
>>>> match_netid to do wildcard matching when the third argument is 2 or
>>>> something similar.
>>>>
>>>>
>>>> Cheers,
>>>>
>>>> Simon.
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Dnsmasq-discuss mailing list
>>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>>> Hi Simon,
>>>
>>> Attached is a patch against tag v2.86rc1 that implements wildcards in
>>> --tag-if and updates the man page.
>>>
>>> Cheers,
>>>
>>> Geoff.
>>>
>> Hi,
>>
>> Oops, there's a bug in the patch (which still lets it work in my test
>> case).  Updated patch attached.
>> Sorry about that.
>>
>> Cheers,
>>
>> Geoff.
>>
>> -- 
>> Geoff Back
>> What if we're all just characters in someone's nightmares?
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Small-safeguard-to-unexpected-data.patch
Type: text/x-patch
Size: 1036 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210903/69261ed3/attachment.bin>