[Dnsmasq-discuss] Using dnsmasq IPv6 announcement to configure its 'own' network interface

[Andy Hawkins]

Hi,

I'm currently running a network which has IPv6 support via a tunnel from
Hurricane Electric's tunnelbroker.net.

I currently use radvd to broadcast my IPv6 prefix around my internal
network, allowing machines to automatically assign their own IPv6 address.
This *also* allows the internal network interface (eth1 in my case) to
automatically configure its own address.

I'm experimenting with dnsmasq at the moment, with a view to replacing my
current setup of bind and dhcpd with dnsmasq. However, I'm finding that
unless I *manually* assign an appropriate ipv6 address to eth1, dnsmasq will
not even send out advertisements of my IPv6 prefix.

Is there any way I can get this working?  What I'd ideally like is for
dnsmasq to automatically determine the appropriate prefix from the tunnel
interface, and then broadcast this prefix out over the internal network
(eth1), and as a side effect of that allow eth1 to pick up an appropriate
IPv6 address of its own. It seems a sham to have to manually assign an
address to eth1, when it's technically possible for it to automatically
configure itself (as this works when using radvd to advertise the prefix).

Thanks for any advice you can offer.

Andy



___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] IPv6 Router Advertisements not working

[Andy Hawkins]

Hi,
In article <8534ac3c-30d0-095a-8bde-179bdbe8f...@thekelleys.org.uk>,
   Simon Kelley wrote:
> Do you have an interface configured with an address in fd01::/64 ?

Is this a requirement? radvd is able to send advertisements out on an
interface that has no IPv6 address configured (indeed, I have been using
this facility to automatically configure the interface that router
advertisements are being sent on).

Would be nice to be able to do the same with dnsmasq without having to
manually configure the IPv6 address of the interface.

Thanks

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] --synth-domain enhancement

[Andy Hawkins]

Hi,

I'm contemplating a move from bind and isc-dhcpd to dnamasq. 

One of the features of bind that I take advantage of in my domain is
generating sequences of DNS entries using a single line. For example, in my
zone file I have:

$GENERATE 50-70 dyn-${-50}  IN  A   192.168.202.$

This will generate the following DNS entries:

dyn-0.gently.org.uk on address 192.168.202.50
dyn-1.gently.org.uk on address 192.168.202.51

...

dyn-19.gently.org.uk on address 192.168.202.69
dyn-20.gently.org.uk on address 192.168.202.70

I realise that dnsmasq has the 'synth-domain' option, but the names
generated by this are a little ugly. Is there any chance an enhancement
could be made to so something similar to the facilities available in bind?

Thanks

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Extension to hosts-dir and dhcohosts-dir

[Andy Hawkins]

Hi all,

Would it be possible to extend hosts-dir and dhcphosts-dir to also allow the
specification of a file mask to process within those directories?

I'm finding that when I edit files in those directories, my editor creates a
backup file (original file name with ~ appended) and these backup files are
then processed by dnsmasq leading to a duplicate.

Would be nice if they could be made to work the same was as conf-dir does.

Thanks

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Extension to hosts-dir and dhcohosts-dir

[Andy Hawkins]

Hi,

In article <20180208164432.GA97242@wopr>,
   Kurt H Maier wrote:
> You should fix the editor; that behavior is dangerous for other reasons,
> similar to the ones outlined here:
> http://openwall.com/lists/oss-security/2017/11/27/2

I take your point. However, given that the facility is available for config
files, I don't see any reason why it shouldn't be extended to other
directories that contain files that are designed to be modified while
dnsmasq is running.

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Extension to hosts-dir and dhcohosts-dir

[Andy Hawkins]

Hi,

In article <slrnp80aau.nkj.a...@xcp-mailnews.gently.org.uk>,
   Andy Hawkins<a...@gently.org.uk> wrote:
> In inotify.c, around line 236 is the following code block:
>
> /* ignore emacs backups and dotfiles */
> if (in->len == 0 || 
> in->name[in->len - 1] == '~' ||
> (in->name[0] == '#' && in->name[in->len - 1] == '#') ||
> in->name[0] == '.')
>   continue;
> 
> However, if I create a file called 'fred~' in the directory I've specified
> using dhcp-hostsdir I still get an event in syslog that shows this file is
> being processed:
>
> Feb 11 11:14:34 xcp-gateway dnsmasq[1039]: inotify, new or changed file 
>   /etc/dnsmasq/dhcp-hosts.d/fred~

Ok, I've done some debugging. I added the following lines:

  my_syslog(LOG_INFO, "ADH: len: %d", in->len);
  my_syslog(LOG_INFO, "ADH: name: %s", in->name);
  my_syslog(LOG_INFO, "ADH: last char: %c", in->name[in->len - 1]);

And I get the following output:

dnsmasq: ADH: len: 16
dnsmasq: ADH: name: fred4~
dnsmasq: ADH: last char:

So, it appears that the length in in->len is being interpreted correctly.

According to the inotify man page:

   The len field counts all of the bytes in name, including the null
   bytes; the length of each inotify_event structure is thus
   sizeof(struct inotify_event)+len.

So in fact, 'len' seems to be a fixed length, irrespective of the length of
the file name in the 'name' field.

It looks like the check should actually be something like:

  /* ignore emacs backups and dotfiles */
  if (in->len == 0 ||
  in->name[strlen(in->name) - 1] == '~' ||
  (in->name[0] == '#' && in->name[strlen(in->name) - 1] == '#') ||
  in->name[0] == '.')

I guess you may need to check that there's a null in the name somewhere
before using strlen, otherwise you might end up running off the end of the
string. I don't know inotify well enough to know if there's guaranteed to be
a null in there somewhere. The manpage does say that the name field is null
terminated, but I don't know if that's guaranteed or not.

I could have a look at submitting a patch, but my editor is showing some
very strange indentation of the source, so I suspect I have my tab settings
incorrect. What is the standard setting for tabs on the dnasmasq source
files?

Thanks

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Extension to hosts-dir and dhcohosts-dir

[Andy Hawkins]

Hi,

In article <slrnp80btc.nkj.a...@xcp-mailnews.gently.org.uk>,
   Andy Hawkins<a...@gently.org.uk> wrote:
> I could have a look at submitting a patch, but my editor is showing some
> very strange indentation of the source, so I suspect I have my tab settings
> incorrect. What is the standard setting for tabs on the dnasmasq source
> files?

Here's an attempt at a patch. If it needs to be in a different format, then
please let me know. The changes are minimal however, so applying the patch
manually should be trivial.

[andy@xcp-dev dnsmasq (hosts-dirs *)]$ git diff --ignore-space-at-eol
diff --git a/src/inotify.c b/src/inotify.c
old mode 100644
new mode 100755
index eda1d56..a655fe2
--- a/src/inotify.c
+++ b/src/inotify.c
@@ -235,8 +235,8 @@ int inotify_check(time_t now)

  /* ignore emacs backups and dotfiles */
  if (in->len == 0 ||
- in->name[in->len - 1] == '~' ||
- (in->name[0] == '#' && in->name[in->len - 1] == '#') ||
+ in->name[strlen(in->name) - 1] == '~' ||
+ (in->name[0] == '#' && in->name[strlen(in->name) - 1] == '#') ||
  in->name[0] == '.')
continue;

Hope that helps.

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Extension to hosts-dir and dhcohosts-dir

[Andy Hawkins]

Hi,

In article <45676db9-d890-14a0-7743-f0340b7d1...@mail.com>,
   john doe wrote:
>> [andy@xcp-dev dnsmasq (hosts-dirs *)]$ git diff --ignore-space-at-eol
>> diff --git a/src/inotify.c b/src/inotify.c
>> old mode 100644
>> new mode 100755
>
> Is the change of the mode intentionel (from 644 to 755)?

No. Probably a combination of my editor and it being accessed via Samba.

The key change is to the content of inotify.c.

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH] Inotify: Ignore backup files created by editors

[Andy Hawkins]

Use strlen to determine the length of the filename returned by
inotify, as in->len refers to the length of the buffer containing
the name, not the length of the name itself.

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011950.html

Signed-off-by: Andy Hawkins <a...@gently.org.uk>
---
 src/inotify.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/inotify.c b/src/inotify.c
index eda1d56..45c730a 100644
--- a/src/inotify.c
+++ b/src/inotify.c
@@ -235,8 +235,8 @@ int inotify_check(time_t now)
 
  /* ignore emacs backups and dotfiles */
  if (in->len == 0 || 
- in->name[in->len - 1] == '~' ||
- (in->name[0] == '#' && in->name[in->len - 1] == '#') ||
+ in->name[strlen(in->name) - 1] == '~' ||
+ (in->name[0] == '#' && in->name[strlen(in->name) - 1] == '#') ||
  in->name[0] == '.')
continue;
  
-- 
2.11.0


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Extension to hosts-dir and dhcohosts-dir

[Andy Hawkins]

In article ,
   Will Parsons wrote:
> I know it's fun to come up with a patch to fix a supposed problem with
> a widely-employed piece of software, but stop for a minute and think
> about what you're attempting to "achieve".
>
> If successful, you will add just another piece of bloat (that is
> subject to error and will have to be tested) to dnsmasq to address a
> problem that is not in fact dnsmasq's, but a misconfiguration problem
> at the *user's* end.

The code already exists in dnsmasq, it just doesn't work properly.

This is the block of code in question (around line 235 in src/inotify.c):

  /* ignore emacs backups and dotfiles */
  if (in->len == 0 ||
  in->name[in->len - 1] == '~' ||
  (in->name[0] == '#' && in->name[in->len - 1] == '#') ||
  in->name[0] == '.')
continue;

What it's trying to do, is ignore any file whose last characeter is a '~',
or first and last characters are '#', or first character is '.'.

However, it's incorrectly using 'in->len', assuming this indicates the
length of the file name. However, it actually indicates the length of the
*buffer* containing the file name (which appears to be being allocated in
something like 16 byte chunks).

The patch is simply replacing 'in->len - 1' with 'strlen(in->name) - 1' (on
two lines) to correctly get the last character from the name, so it's hardly
adding 'bloat', it's merely fixing functionality that has already been
attempted but implemented incorrectly.

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH] Fix typo in debian/readme

[Andy Hawkins]

Fix a typo in the section of debian/readme that details the various
DEB_BUILD_OPTIONS that are available. use_lua should actually be
uselua.
---
 debian/readme | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/readme b/debian/readme
index c724177..768662e 100644
--- a/debian/readme
+++ b/debian/readme
@@ -54,7 +54,7 @@ Notes on configuring dnsmasq as packaged for Debian.
   nodhcp  : omit DHCP support.
   nodhcp6 : omit DHCPv6 support.
   noscript: omit lease-change script support.
-  use_lua : provide support for lease-change scripts written
+  uselua  : provide support for lease-change scripts written
 in Lua.
   noipv6  : omit IPv6 support.
   nodbus  : omit DBus support.
-- 
2.11.0


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] --synth-domain enhancement

[Andy Hawkins]

Hi,

In article <11034711-6140-1e7c-5eeb-ad951fee2...@thekelleys.org.uk>,
   Simon Kelley wrote:
> My second example gives exactly that. To clarify, the serial numbers in
> the names correspond to the addresses in the range supplied. If you use
> a subnet to specify the range, for instance 192.168.202.0/24, then yes
> dyn-1 will be 192.168.202.0, but if you use start,end to specify the
> range, then the start address becomes dyn-1, so for
>
>  --synth-domain=gently.org.uk,192.168.202.50,192.168.202.70,dyn-*
>
> 192.168.202.50 is dyn-1

Ah, apologies, I hadn't realised that. In that case then, this sounds
perfect to meet my needs.

> (or maybe dyn-0. Do we want this one-based or zero-based? Having a
> choice is NOT an option)

I think I'd want dyn-1 personally, but don't feel particularly strongly
about it either way to be honest.

Thanks.

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] --synth-domain enhancement

[Andy Hawkins]

Hi,

In article <774c6255-31dd-a6f3-d208-11aa41b9c...@thekelleys.org.uk>,
   Simon Kelley wrote:
> It could be done: just requires even more scary string-mangling in
> src/domain.c and inventing a way to configure it.
>
> I prosose something like
>
>  --synth-domain=thekelleys.org.uk,192.168.0.0/24,internal-*
>
> where the final * in the prefix generates "counting mode" so that
>
> 192.168.0.0 becomes internal-0,thekelleys.org.uk
>
> A range rather than a subnet is already allowed, so your example becomes
>
>
>  --synth-domain=gently.org.uk,192.168.202.50,192.168.202.70,dyn-*
>
>
> Anyone got a better idea?

That sounds good to me. The only thing missing is the 'arithmetic' bit on
the generated host name / IP address.

In your example above, I would want (for example)

192.168.202.50 - dyn-1
192.168.202.51 - dyn-2

etc.

This is possible in bind using the syntax I posted earlier, but isn't (yet)
in dnsmasq.

It's hardly the end of the world if I have to manually enter each one
though, so I wouldn't push for this change too much if it turned out to be
particularly difficult or generate any strong objections.

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Inotify: Ignore backup files created by editors

[Andy Hawkins]

Hi,
In article <0f10b5dc-7504-a92a-824d-ecc091b00...@thekelleys.org.uk>,
   Simon Kelley wrote:
> Patch applied, with two modifications.
>
> 1) I added a check for strlen(in->name) not being zero. I don't know if
> inotify could give us a zero-length filename, but if it did, we'd make
> an out-of-bounds array reference to in->name[-1]. I also saved the
> return from strlen(in->name) in a variable, rather than call strlen
> three times.
>
> 2) Move the resolv-file test to after the dotfiles test. Only relevant
> if someone configures a resolv file name which looks like an editor
> backup file, but at least in's consistent. Also allows removal of a
> now-redundant in->len == 0 test.

Is it possible for in->len to be zero? The man page for inotify does say the
name is optional, so I assumed that this was what that test was checking
for?

I'll take a look at your version of the code in git and see how it looks
compared to mine.

Thanks

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Inotify: Ignore backup files created by editors

[Andy Hawkins]

Hi,

In article <slrnp8bfuo.vn.a...@xcp-mailnews.gently.org.uk>,
   Andy Hawkins<a...@gently.org.uk> wrote:
> I'll take a look at your version of the code in git and see how it looks
> compared to mine.

Ok, things are a bit clearer after looking at the actual commit.

My only comment (and it's a fairly personal one) is that I generally dislike
seeing variable assignments inside if statements. However, I can see the
reason for doing it in this case, as if you carried out the strlen outside
the 'if', then you'd need to put that in an 'if' of its own, checking that
in->len wasn't zero.

Thanks for including the fix however, appreciated. What are the chances of
this ending up in a package in the current debian stable?

Thanks again

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmasq dhcp-optsdir remove options problem

[Andy Hawkins]

Hi,

In article 
,
   Lindgren Fredrik wrote:
> What I did to test this was to add "option:router,10.243.0.1" to a new opti=
> on file.
>
> Which is re-read by dnsmasq
>
>
> I start a dhclient that I'm testing with, output in console of dnsmasq indi=
> cate that router entry is part of response (also seen in dhcpdump of packag=
> e)
>
> I stop the dhclient and remove the config file with this option and send SI=
> GHUP to pid for dnsmasq
>
> Then start the dhclient again and still see the router entry being sent.

When you say "still see the router entry being sent" are you just checking
the resulting IP configuration on the client, or are you actually capturing
the DHCP response with Wireshark or similar?

If you haven't captured the actual response on the wire, that'd be my next
step to see if it's the client that's somehow remembering the information.

Andy


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss