Simon Kelley píše v Út 21. 02. 2017 v 18:50 +0000: > > Labels are now supported and dnsmasq is able to bind only to > > secondary IPv4 interface with different address. (Since 2.67!) It > > works well with --bind-interfaces. However it has inconsistent > > behavior with and without that option. > > > > Let's say my configuration is: 4: virbr0: > > <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP > > group default qlen 1000 link/ether 52:54:00:2b:ee:d3 brd > > ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope > > global virbr0 valid_lft forever preferred_lft forever inet > > 192.168.122.254/24 scope global secondary virbr0:1 valid_lft > > forever preferred_lft forever > > > > > > $ dnsmasq -i virbr0 will respond to queries to both addresses. It > > might be useful backward compatibility feature. However $ dnsmasq > > -i virbr0:1 Will respond only on address 192.168.122.254. Ok, call > > it a feature. > > > > Problem is, $ dnsmasq -i virbr0 -z Will respond only on address > > 192.168.122.1, as I would expect. > > > > $ dnsmasq -i virbr0:1 -z Behaves the same way, as without -z. > > > > I think different behavior is an error. It might be a feature, but > > even then, it has to be documented. Opinions? > > The different behavior is certainly undesirable, and can be fixed. > Unfortunately, I can only see how to easily fix it so that the > --bind-interfaces case works the same way as the default. I would suggest a new option then. For example --bind-interfaces-exact. It would listen just like --bind-interfaces, but would allow you to listen only on virbr0, when ignoring any addresses with labels. Current behavior in other words, but documented as a new feature. It would allow previous behavior at the same time also. > > The problem is that the sockets API tells you the interface that the > packet arrived on, and that's what's checked with -i. In your > example, > queries send to 192.168.122.1 and 192.168.122.254 both arrive at > interface virbr0, so there's no easy way to tell them apart, except > by > looking at the address they were sent to and correlating that with > the > list of interfaces and their addresses . > > That requires an up-to-date list of all interfaces, which means, if > you're going to behave well in the face of interfaces and addresses > coming and going, enumerating the list for every packet received, > which will likely kill performance. I think this already happens if you listen on virbr0:1.
Another option might be getting interface address of by index. If they would not match with destination of packet, return failure from iface_check (and let it be accepted by label_exception). You would not have to enumerate all addresses of all interfaces, only one for current interface. It adds one more syscall, but it should be faster than getifaddrs(). ioctl SIOCGIFADDR is already used in dhcp.c. > > My feeling is that consistency is good, so I'll certainly make a > change, the question is, is the current behaviour of -i <interface > name> as encompassing _all_ addresses associated with the interface > OK? I think it is unexpected and should be mentioned in manual page. But it acted like that before, so it would be not break backward compatibility at least. If it is fixed in default wild mode, we should note that -i virbr0,virbr0:* is now required for previous behavior in manual. > > > > Cheers, > > Simon. > Cheers, Petr > > > > > > >  > > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3f2873d42 > > c4d > > 7e7dba32b6e64a3687d43928bc8e > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasqemail@example.com > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: 65C6C973
Description: This is a digitally signed message part
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasqfirstname.lastname@example.org http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss