On 09/01/2022 06:37, Justin wrote: > So. i have > > local=/google.com/8.8.8.8 > ipset=/google.com/proxy > > when "curl google.com" > dnsmasq log shows: > > ipset add proxy 142.250.217.142 google.com > ipset add proxy 2607:f8b0:4007:818::200e google.com > > looks like dnsmasq does not check the SETNAME "proxy" is ipv4 or ipv6. > so "ipset add proxy 2607:f8b0:4007:818::200e google.com" is not going to work. > > while on ipset command: > > "ipset create testname hash:net" by default creates an ipv4 family. > there seems to be no way to create a SETNAME that contains both ipv4 > and ipv6 family. > > finally, my suggestion: can dnsmasq check and SETNAME family and don't > try to add ipv4 or ipv6 ip to wrong family? >
It could, and there are two ways it could. 1) Check the address family of the ipset at startup - this will misbehave if the ipset is (for instance) deleted and recreated with a different AF. 2) Check the address family of the ipset each time it does an insertion. This is OK, but it's actually more work than what happens now, which is that the code attempts to insert the address anyway, and if it's the wrong AF, the ipset code ignores it. The main downside to the current system is that the logging is misleading. Maybe just mentioning this behaviour in the man page is the best fix? If you're interesting in IPv6 and IPv4 addresses, you need two ipsets and something like ipset=/google.com/proxyv4,proxyv6 Cheers Simon. > thanks > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
