Hi Petr,
Regarding 0002-Compare-address-and-interface-index-for-allowed-inte.patch, does
it support case with different valid interfaces with the same address?
For example:
eth0 192.168.1.1/24
tun0 192.168.1.1./16 (created/destroyed dynamically)
Regarding appearance, seems newly added code doesn’t fully follow dnsmasq code
style in several places:
* indentation (should be ident ==2 spaces, 8 spaces == \t)
* brackets on the same code lines
* function args on the next line are not aligned with the first argument
* prettyprint_addr() result is forcibly ignored with (void) unlike other places
Best Regards, Vladislav Grishenko
-----Original Message-----
From: Dnsmasq-discuss <dnsmasq-discuss-boun...@lists.thekelleys.org.uk> On
Behalf Of Petr Mensik
Sent: Tuesday, July 9, 2019 5:31 PM
To: dnsmasq-discuss@lists.thekelleys.org.uk
Subject: [Dnsmasq-discuss] [PATCH] Issues with TCP queries on recreated
interfaces.
Hello Simon and others,
we have discovered issues with TCP DNS query on dnsmasq, when running in
bind-dynamic or bind-interfaces mode. dnsmasq scans automatically new
interfaces or do that on new query in second case. However, because used
speedup comparing only IP adresses in iface_allowed function, it never gets
updated index of an interface.
In case where named interface is destroyed and created again, that drops TCP
queries on that interface. They are checked for incoming interface number. If
such number is not found in interfaces list, query is denied.
Luckily, there was a bug in checking, hiding this problem from usual
configuration. If IPv6 address is enabled on the new device, new iface entry
would be created, because scope_id of sockaddr_in6 does not match previous.
That makes even IPv4 queries succeed.
Bug on bugzilla [1] is partly private.
I propose three changes. First is just helper to log what happens with
listeners on bind-dynamic configuration.
Second is the most important. Create new interface every time index changes.
Also test address family of incoming TCP query when checking allowed clients.
Third is cleanup of unused interfaces. On some virtual machines hosts,
interfaces may often be created and destroyed. It might have negative effect on
walking trough interfaces list. I think listeners should be garbage collected
also on bind-interfaces configuration. But for now, release memory for unused
interfaces at least for bind-dynamic.
1. https://bugzilla.redhat.com/show_bug.cgi?id=1721668
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com PGP: 65C6C973
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
