Hello Simon,
In dnsmasq.conf:
interface-name=martino,lan # 10.10.10.1, 2a07:f32:8fe8:8a61::1
interface-name=martino,guest # 10.11.0.1, 2a07:f32:8fe8:8a63::1
interface-name=martino,remote # 10.10.11.1, 2a07:f32:8fe8:8a62::1
localise-queries
zx2c4@thinkpad ~ $ host martino
--localise-queries
Sorry for the noise.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Hey folks,
I use the interface-name directive like this:
interface-name=martino,lan
interface-name=martino,guest
interface-name=martino,remote
This has the consequence of seeing all the IPs at once for this domain:
zx2c4@thinkpad ~ $ host martino
martino has address 10.10.10.1
martino has
Hey Simon,
Fast forward 5 years from when I wrote the original ipset patch for
dnsmasq, and I too have a need for nftables support with it. Did you
ever figure out how to add nft sets to dnsmasq? If not, maybe I'll
take a stab at it in the next few months.
Jason
I wrote something similar here a while back:
http://git.zx2c4.com/domain-lookup-tree/about/
Your algorithm looks potentially more efficient.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
Hi Simon,
It's just occurred to me that no router developer is going to know to
turn HAVE_IPSET on, and hence, it won't be available immediately on any
devices, which is a bummer. Further, unless the --ipset= options are
used, HAVE_IPSET doesn't contribute at _all_ to the runtime of the app. And
On Wed, Feb 20, 2013 at 3:17 PM, Kaspar Schleiser kas...@schleiser.dewrote:
Could you elaborate on how your tree works?
Went ahead and annotated the source:
http://git.zx2c4.com/domain-lookup-tree/tree/domain-lookup.c
Should be way easier to understand what's up.
On Wed, Feb 20, 2013 at 9:53 PM, Jason A. Donenfeld ja...@zx2c4.com wrote:
Okie dokie, benchmark time! 2012 Intel Core i7, gcc 4.7.2.
Looks like gcc was optimizing out the legacy test. Fixed that, and added
some data verification.
zx2c4@thinkpad ~/Projects/domain-lookup-tree $ make
cc -march
Hi Simon Folks,
Currently when dnsmasq processes server=/.../, address=/.../, local=/.../,
ipset=/.../, and similar, it find the nearest match for a domain name by
iterating through all the keys, and keeping track of which one had the
largest match length. This gets the job done and is fairly,
On Wed, Feb 20, 2013 at 3:17 PM, Kaspar Schleiser kas...@schleiser.dewrote:
Could you elaborate on how your tree works? Did you do any benchmarks?
Each node represents a domain component.
* - [com - [zx2c4 - [data, blog ], kexec ], org - [slashdot ] ]
It splits the domain string by the
On Wed, Feb 20, 2013 at 3:17 PM, Kaspar Schleiser kas...@schleiser.dewrote:
Did you do any benchmarks?
Okie dokie, benchmark time! 2012 Intel Core i7, gcc 4.7.2.
With gcc's -O3:
zx2c4@thinkpad ~/Projects/domain-lookup-tree $ ./benchmark
New method took 0.43 seconds.
Old method took
On Wed, Feb 20, 2013 at 5:46 PM, Simon Kelley si...@thekelleys.org.ukwrote:
I'm
currently snowed under (at least partially with your earlier good work)
so I may not get to this for a while.
No problem. Upstreaming the ipset code is a much bigger priority in my
book. This optimization code is
On Sun, Feb 17, 2013 at 6:28 PM, Simon Kelley si...@thekelleys.org.ukwrote:
Fantastic! I'm beating my way though my my inbox and just caught up with
you. I was intending to put this off to the first thing in 2.67, rather
than the last thing in 2.66, but having got this far, I'm not so sure.
From: Jason A. Donenfeld ja...@zx2c4.com
---
dnsmasq.conf.example | 4
man/dnsmasq.8| 6 ++
2 files changed, 10 insertions(+)
diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
index 5215c2a..9a0dbd7 100644
--- a/dnsmasq.conf.example
+++ b/dnsmasq.conf.example
@@ -69,6
From: Jason A. Donenfeld ja...@zx2c4.com
The matching logic is the same as for --address. extract_address is
responsible for calling out to add_to_ipset.
---
src/dnsmasq.h | 10 +-
src/forward.c | 20 ++-
src/option.c | 64
From: Jason A. Donenfeld ja...@zx2c4.com
This version 2 of the ipset patchset makes a few important changes:
- No HAVE_OLD_IPSET anymore. HAVE_IPSET will enable both, and the
correct code will then be called depending on the running kernel.
- libmnl is no longer used. All
From: Jason A. Donenfeld ja...@zx2c4.com
---
Makefile | 2 +-
src/config.h | 14 +++-
src/dnsmasq.h | 5 ++
src/ipset.c | 220 ++
4 files changed, 239 insertions(+), 2 deletions(-)
create mode 100644 src/ipset.c
diff --git
On Sat, Feb 16, 2013 at 5:28 PM, Mr Dash Four
mr.dash.f...@googlemail.com wrote:
If the set is of type hash:net, then you can use nomatch. In other words:
In an effort to prevent this thread from going off-topic, it's worth
noting that the hash:net functionality of ipset has nothing to do with
.
Jason
/* ipset.c: add or remove an ip address to an ipset.
*
* Copyright (C) 2013 Jason A. Donenfeld ja...@zx2c4.com. All Rights Reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free
On Fri, Feb 15, 2013 at 10:42 PM, sven falempin sven.falem...@gmail.com wrote:
Previsouly i propose a patch to filter out some domain,
i understand filtering should be done by iptables, but only if you think
linux.
Is it possible to use a version of this code to filter some domain out
and/or
Simon,
The attached patch wires ipset into the dnsmasq build system. I'm
assuming the integration and config syntax is something you want to do
yourself rather than have me do it.
After applying the patch, you will be able to call:
int add_to_ipset(const char *setname, const void *ipaddr, int
On Fri, Feb 15, 2013 at 11:30 PM, John Brendler brendle...@gmail.com wrote:
I use ipsets and have written scripts for handling them dynamically.
I think this is a very interesting idea. I'd benefit from hearing some
elaboration on the use cases you have in mind. I think this might also
help
Hi Simon,
Another update to reduce the amount of work for you. This thread
should supersede the other one.
I made ipset.c a bit nicer for dnsmasq by using struct all_addr. New
patch to replace all old ones:
View:
Hah, forget that. I just wrote the entire thing, including configuration,
and it works great. I'll send full patches to the mailing list shortly.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
domains to
the resolved ipset.
If this mailing list post becomes stale, the latest series of patches
may be found at http://git.zx2c4.com/dnsmasq-ipset.
Jason A. Donenfeld (3):
ipset: Integrate ipset.c into build system.
ipset: Parse new --ipset option and match domains in forward.c
ipset
The matching logic is the same as for --address. extract_address is
responsible for calling out to add_to_ipset.
---
src/dnsmasq.h | 12 ++-
src/forward.c | 20 ++-
src/option.c | 64 +++
src/rfc1035.c | 14
, gid_t gid, long max_fd);
diff --git a/src/ipset.c b/src/ipset.c
new file mode 100644
index 000..b241ed4
--- /dev/null
+++ b/src/ipset.c
@@ -0,0 +1,143 @@
+/* ipset.c is Copyright (c) 2013 Jason A. Donenfeld ja...@zx2c4.com. All
Rights Reserved.
+
+ This program is free software; you can
---
dnsmasq.conf.example | 4
man/dnsmasq.8| 6 ++
2 files changed, 10 insertions(+)
diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
index 5215c2a..9a0dbd7 100644
--- a/dnsmasq.conf.example
+++ b/dnsmasq.conf.example
@@ -69,6 +69,10 @@
# --address (and --server) work
consider adding?
Thanks,
Jason Donenfeld
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
29 matches
Mail list logo