[Dnsmasq-discuss] ipset add ipv6 address to ipv4 sets.

Justin cattyhouse at gmail.com
Mon Jan 10 10:44:12 UTC 2022 

ok, i agree, if wrong family, at most, it is ignored by ipset.

but, if ipset=/google.com/proxyv4,proxyv6

then, likely dnsmasq will run ipset add at least 4 times ( twice for one
ipv4 and twice for one ipv6)



On Mon, Jan 10, 2022 at 06:14 Simon Kelley <simon at thekelleys.org.uk> wrote:

> On 09/01/2022 06:37, Justin wrote:
> > So. i have
> >
> > local=/google.com/8.8.8.8
> > ipset=/google.com/proxy
> >
> > when "curl google.com"
> > dnsmasq log shows:
> >
> > ipset add proxy 142.250.217.142 google.com
> > ipset add proxy 2607:f8b0:4007:818::200e google.com
> >
> > looks like dnsmasq does not check the SETNAME "proxy" is ipv4 or ipv6.
> > so "ipset add proxy 2607:f8b0:4007:818::200e google.com" is not going
> to work.
> >
> > while on ipset command:
> >
> > "ipset create testname hash:net" by default creates an ipv4 family.
> > there seems to be no way to create a SETNAME that contains both ipv4
> > and ipv6 family.
> >
> > finally, my suggestion: can dnsmasq check and SETNAME family and don't
> > try to add ipv4 or ipv6 ip to wrong family?
> >
>
>
> It could, and there are two ways it could.
>
> 1) Check the address family of the ipset at startup - this will
> misbehave if the ipset is (for instance) deleted and recreated with a
> different AF.
>
> 2) Check the address family of the ipset each time it does an insertion.
> This is OK, but it's actually more work than what happens now, which is
> that the code attempts to insert the address anyway, and if it's the
> wrong AF, the ipset code ignores it.
>
>
> The main downside to the current system is that the logging is
> misleading. Maybe just mentioning this behaviour in the man page is the
> best fix?
>
>
> If you're interesting in IPv6 and IPv4 addresses, you need two ipsets
> and something like
>
>  ipset=/google.com/proxyv4,proxyv6
>
>
> Cheers
>
> Simon.
>
> > thanks
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> >
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
-- 

Regards
Justin He
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20220110/fecc6e04/attachment.htm>

More information about the Dnsmasq-discuss mailing list