Hi Petr,

Regarding 0002-Compare-address-and-interface-index-for-allowed-inte.patch, does 
it support case with different valid interfaces with the same address?
For example:
        tun0 (created/destroyed dynamically)

Regarding appearance, seems newly added code doesn’t fully follow dnsmasq code 
style in several places:
* indentation (should be ident ==2 spaces, 8 spaces == \t)
* brackets on the same code lines
* function args on the next line are not aligned with the first argument
* prettyprint_addr() result is forcibly ignored with (void) unlike other places

Best Regards, Vladislav Grishenko

-----Original Message-----
From: Dnsmasq-discuss <dnsmasq-discuss-boun...@lists.thekelleys.org.uk> On 
Behalf Of Petr Mensik
Sent: Tuesday, July 9, 2019 5:31 PM
To: dnsmasq-discuss@lists.thekelleys.org.uk
Subject: [Dnsmasq-discuss] [PATCH] Issues with TCP queries on recreated 

Hello Simon and others,

we have discovered issues with TCP DNS query on dnsmasq, when running in 
bind-dynamic or bind-interfaces mode. dnsmasq scans automatically new 
interfaces or do that on new query in second case. However, because used 
speedup comparing only IP adresses in iface_allowed function, it never gets 
updated index of an interface.

In case where named interface is destroyed and created again, that drops TCP 
queries on that interface. They are checked for incoming interface number. If 
such number is not found in interfaces list, query is denied.

Luckily, there was a bug in checking, hiding this problem from usual 
configuration. If IPv6 address is enabled on the new device, new iface entry 
would be created, because scope_id of sockaddr_in6 does not match previous. 
That makes even IPv4 queries succeed.

Bug on bugzilla [1] is partly private.

I propose three changes. First is just helper to log what happens with 
listeners on bind-dynamic configuration.

Second is the most important. Create new interface every time index changes. 
Also test address family of incoming TCP query when checking allowed clients.

Third is cleanup of unused interfaces. On some virtual machines hosts, 
interfaces may often be created and destroyed. It might have negative effect on 
walking trough interfaces list. I think listeners should be garbage collected 
also on bind-interfaces configuration. But for now, release memory for unused 
interfaces at least for bind-dynamic.

1. https://bugzilla.redhat.com/show_bug.cgi?id=1721668
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com  PGP: 65C6C973

Dnsmasq-discuss mailing list

Reply via email to