Re: [Dnsmasq-discuss] Set environment variable for dhcp-script
That is the original problem. Just trying to pass a custom DHCP header option to the dhcp-scrip=. What do you mean by "So let us know which DNSMASQ_... you miss" ? I understand there is a lot of DNSMASQ_... options on the man page under dhcp-script. None let you grab all of the DHCP headers passed from the client to the server. Thanks, Daniel From: Dnsmasq-discuss on behalf of Geert Stappers Sent: Friday, August 10, 2018 7:20:50 AM To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Set environment variable for dhcp-script On Fri, Aug 10, 2018 at 09:11:48AM +, Daniel Weller wrote: > From: Geert Stappers, Sent: Friday, August 10, 2018 1:51:26 AM > > On Thu, Aug 09, 2018 at 08:38:33PM +, Daniel Weller wrote: > > > Hello, > > > > > > I am trying to set an environment variable from inside dnsmasq- giving > > > the script being called by dhcp-script access to that variable. I > > > think the location to do this is inside helper.c in the create_helper() > > > function. However, when it forks I am unable to follow the child process > > > in my debugger. I have tried setting "set follow-fork-mode " & > > > "set detach-on-fork " but after the process forks- it seems to > > > just hang and never be called. > > > > > > Also I've got my local variable inside the lease struct and passed to > > > queue_script() in helper.c. > > > > > > Any ideas how to debug the dhcp-script child process or where I should > > > set the environment variable to allow the script called by dhcp-script > > > to read this environment variable? > > > > What is the original problem? > > > I am trying to pass a DHCP header value that is read from the client > DHCP request- to the file being called by dhcp-script=. The > easiest way to do that I think is to set an environment variable that > the dhcp-script= has access to while executing. > What is the original problem? So let us know which DNSMASQ_... you miss. ( check manual for DNSMASQ_ ) Groeten Geert Stappers -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] DNS query random ports
Hello, we discovered our dnsmasq were using also privileged source ports when sending queries. Interesting enough, it has right to do it, because it has to listen also on privileged port. It never drops such privilege. It was fixed in commit [1]. But my question is, why is there even custom generator or random ports, when OS can do it itself? And usually far better? So I dug a bit into it and came with patch, that would use random ports from OS by default. When I tested it, I got the same results when skipping bind() call on random ports at all. Is there some reason, why dnsmasq does not follow OS policy for source outgoing port and choses its own range by itself? 1. http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=baf553db0cdb50707ddab464fb3eff7786ea576c -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: 65C6C973 From 57b19ecc3fdd1f7357ea4472bfa4fe731e28c3cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 9 Aug 2018 18:17:26 +0200 Subject: [PATCH 1/2] Use OS random ports by default Unless max-port or min-port is given, let OS allocate random ports for DNS queries. Randomize similar to --query-port=0, but for each query separately. Would use port according to system policy. --- src/dnsmasq.c | 2 +- src/network.c | 15 --- src/option.c | 4 +++- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/src/dnsmasq.c b/src/dnsmasq.c index 7a8e891..02fa003 100644 --- a/src/dnsmasq.c +++ b/src/dnsmasq.c @@ -230,7 +230,7 @@ int main (int argc, char **argv) die(_("Ubus not available: set HAVE_UBUS in src/config.h"), NULL, EC_BADCONF); #endif - if (daemon->max_port < daemon->min_port) + if (daemon->max_port >= 0 && daemon->max_port < daemon->min_port) die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF); now = dnsmasq_time(); diff --git a/src/network.c b/src/network.c index b405458..e1b60d1 100644 --- a/src/network.c +++ b/src/network.c @@ -1138,18 +1138,27 @@ int random_sock(int family) if ((fd = socket(family, SOCK_DGRAM, 0)) != -1) { union mysockaddr addr; - unsigned int ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1; - int tries = ports_avail < 30 ? 3 * ports_avail : 100; + unsigned short ports_avail = 0; + int tries = 100; + unsigned short port = 0; memset(&addr, 0, sizeof(addr)); addr.sa.sa_family = family; + if (daemon->max_port >= 0) +{ + ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1; + if (ports_avail < 30) +tries = 3 * ports_avail; +} + /* don't loop forever if all ports in use. */ if (fix_fd(fd)) while(tries--) { - unsigned short port = htons(daemon->min_port + (rand16() % ((unsigned short)ports_avail))); +if (ports_avail) + port = htons(daemon->min_port + (rand16() % ports_avail)); if (family == AF_INET) { diff --git a/src/option.c b/src/option.c index c203826..f77f5aa 100644 --- a/src/option.c +++ b/src/option.c @@ -2620,6 +2620,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma case LOPT_MINPORT: /* --min-port */ if (!atoi_check16(arg, &daemon->min_port)) ret_err(gen_err); + if (daemon->max_port < 0) +daemon->max_port = MAX_PORT; break; case LOPT_MAXPORT: /* --max-port */ @@ -4698,7 +4700,7 @@ void read_opts(int argc, char **argv, char *compile_opts) daemon->soa_refresh = SOA_REFRESH; daemon->soa_retry = SOA_RETRY; daemon->soa_expiry = SOA_EXPIRY; - daemon->max_port = MAX_PORT; + daemon->max_port = -1; daemon->min_port = MIN_PORT; #ifndef NO_ID -- 2.14.4 From b54e4550f8ebf3ee5aaaca41e8f7ccf278539bcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 9 Aug 2018 20:57:07 +0200 Subject: [PATCH 2/2] Simplify random ports generator Do not bind random port with any address at all, just leave socket unbound. Rely on sendto() to connect it first time. --- src/network.c | 28 +--- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/src/network.c b/src/network.c index e1b60d1..71f5186 100644 --- a/src/network.c +++ b/src/network.c @@ -1138,27 +1138,25 @@ int random_sock(int family) if ((fd = socket(family, SOCK_DGRAM, 0)) != -1) { union mysockaddr addr; - unsigned short ports_avail = 0; - int tries = 100; - unsigned short port = 0; + unsigned short ports_avail; + int tries; + unsigned short port; + + if (!fix_fd(fd)) +goto close_fd; + + if (daemon->max_port < 0) + return fd; memset(&addr, 0, sizeof(addr)); addr.sa.sa_family = family; - - if (daemon->max_port >= 0) -{ - ports_avail = ((unsigned short)daemon->max_port - (unsigned short)da
Re: [Dnsmasq-discuss] Set environment variable for dhcp-script
On Fri, Aug 10, 2018 at 09:11:48AM +, Daniel Weller wrote: > From: Geert Stappers, Sent: Friday, August 10, 2018 1:51:26 AM > > On Thu, Aug 09, 2018 at 08:38:33PM +, Daniel Weller wrote: > > > Hello, > > > > > > I am trying to set an environment variable from inside dnsmasq- giving > > > the script being called by dhcp-script access to that variable. I > > > think the location to do this is inside helper.c in the create_helper() > > > function. However, when it forks I am unable to follow the child process > > > in my debugger. I have tried setting "set follow-fork-mode " & > > > "set detach-on-fork " but after the process forks- it seems to > > > just hang and never be called. > > > > > > Also I've got my local variable inside the lease struct and passed to > > > queue_script() in helper.c. > > > > > > Any ideas how to debug the dhcp-script child process or where I should > > > set the environment variable to allow the script called by dhcp-script > > > to read this environment variable? > > > > What is the original problem? > > > I am trying to pass a DHCP header value that is read from the client > DHCP request- to the file being called by dhcp-script=. The > easiest way to do that I think is to set an environment variable that > the dhcp-script= has access to while executing. > What is the original problem? So let us know which DNSMASQ_... you miss. ( check manual for DNSMASQ_ ) Groeten Geert Stappers -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Set environment variable for dhcp-script
I am trying to pass a DHCP header value that is read from the client DHCP request- to the file being called by dhcp-script=. The easiest way to do that I think is to set an environment variable that the dhcp-script= has access to while executing. Thanks, Daniel From: Dnsmasq-discuss on behalf of Geert Stappers Sent: Friday, August 10, 2018 1:51:26 AM To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Set environment variable for dhcp-script On Thu, Aug 09, 2018 at 08:38:33PM +, Daniel Weller wrote: > Hello, > > I am trying to set an environment variable from inside dnsmasq- giving > the script being called by dhcp-script access to that variable. I > think the location to do this is inside helper.c in the create_helper() > function. However, when it forks I am unable to follow the child process > in my debugger. I have tried setting "set follow-fork-mode " & > "set detach-on-fork " but after the process forks- it seems to > just hang and never be called. > > Also I've got my local variable inside the lease struct and passed to > queue_script() in helper.c. > > Any ideas how to debug the dhcp-script child process or where I should > set the environment variable to allow the script called by dhcp-script > to read this environment variable? What is the original problem? Groeten Geert Stappers -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss