[Dnsmasq-discuss] ipset add ipv6 address to ipv4 sets.
Simon Kelley
simon at thekelleys.org.uk
Sun Jan 9 21:53:18 UTC 2022
On 09/01/2022 06:37, Justin wrote:
> So. i have
>
> local=/google.com/8.8.8.8
> ipset=/google.com/proxy
>
> when "curl google.com"
> dnsmasq log shows:
>
> ipset add proxy 142.250.217.142 google.com
> ipset add proxy 2607:f8b0:4007:818::200e google.com
>
> looks like dnsmasq does not check the SETNAME "proxy" is ipv4 or ipv6.
> so "ipset add proxy 2607:f8b0:4007:818::200e google.com" is not going to work.
>
> while on ipset command:
>
> "ipset create testname hash:net" by default creates an ipv4 family.
> there seems to be no way to create a SETNAME that contains both ipv4
> and ipv6 family.
>
> finally, my suggestion: can dnsmasq check and SETNAME family and don't
> try to add ipv4 or ipv6 ip to wrong family?
>
It could, and there are two ways it could.
1) Check the address family of the ipset at startup - this will
misbehave if the ipset is (for instance) deleted and recreated with a
different AF.
2) Check the address family of the ipset each time it does an insertion.
This is OK, but it's actually more work than what happens now, which is
that the code attempts to insert the address anyway, and if it's the
wrong AF, the ipset code ignores it.
The main downside to the current system is that the logging is
misleading. Maybe just mentioning this behaviour in the man page is the
best fix?
If you're interesting in IPv6 and IPv4 addresses, you need two ipsets
and something like
ipset=/google.com/proxyv4,proxyv6
Cheers
Simon.
> thanks
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list