11:58 a.m.
From: Gene Czarcinski <gene(a)czarc.net>
For networks which dnsmasq has "--listen-address" specified, add
the command line parameter so that any dns PTR queries for those
networks are not forwarded.
There are separate patches for IPv4 and IPv6.
Gene Czarcinski (2):
IPV4 local=/....in-addr.arpa/
IPv6 local=/...ip6.arpa/
src/network/bridge_driver.c | 32 ++++++++++++++++++++++
tests/networkxml2argvdata/isolated-network.argv | 1 +
.../networkxml2argvdata/nat-network-dns-hosts.argv | 1 +
.../nat-network-dns-srv-record-minimal.argv | 5 ++++
.../nat-network-dns-srv-record.argv | 5 ++++
.../nat-network-dns-txt-record.argv | 11 ++++++--
tests/networkxml2argvdata/nat-network.argv | 18 ++++++++++--
tests/networkxml2argvdata/nat-network.xml | 4 +++
tests/networkxml2argvdata/netboot-network.argv | 1 +
.../networkxml2argvdata/netboot-proxy-network.argv | 1 +
tests/networkxml2argvdata/routed-network.argv | 3 +-
11 files changed, 76 insertions(+), 6 deletions(-)
--
1.7.11.4
11:58 a.m.
New subject: [libvirt] [PATCH 1/2] tell dnsmasq not to forward PTR queries
From: Gene Czarcinski <gene(a)czarc.net>
For IPv4 networks dnsmasq listens to, do no forward
any IPv4 dns PTR queries for that network.
Only network prefixes 8, 16, or 24 work correctly.
---
src/network/bridge_driver.c | 17 +++++++++++++++++
tests/networkxml2argvdata/isolated-network.argv | 1 +
tests/networkxml2argvdata/nat-network-dns-hosts.argv | 1 +
.../nat-network-dns-srv-record-minimal.argv | 3 +++
.../networkxml2argvdata/nat-network-dns-srv-record.argv | 3 +++
.../networkxml2argvdata/nat-network-dns-txt-record.argv | 9 +++++++--
tests/networkxml2argvdata/nat-network.argv | 12 +++++++++---
tests/networkxml2argvdata/netboot-network.argv | 1 +
tests/networkxml2argvdata/netboot-proxy-network.argv | 1 +
tests/networkxml2argvdata/routed-network.argv | 3 ++-
10 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 4faad5d..7ad6fe2 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -634,6 +634,23 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network,
if (!ipaddr)
goto cleanup;
virCommandAddArgList(cmd, "--listen-address", ipaddr, NULL);
+ int psize = virNetworkIpDefPrefix(tmpipdef);
+ if ((VIR_SOCKET_ADDR_IS_FAMILY(&tmpipdef->address, AF_INET)) &&
+ ((psize==8) || (psize==16) || (psize=24)))
+ {
+ int val =
+ ntohl(tmpipdef->address.data.inet4.sin_addr.s_addr) >> 8;
+ char *p, str[25]; /* strlen("xxx.yyy.zzz.in-addr.arpa")+1 */
+ p = &str[0];
+ if (psize == 24)
+ p += sprintf(p, "%d.", val & 0xff);
+ val = val >> 8;
+ if (psize != 8)
+ p += sprintf(p, "%d.", val & 0xff);
+ val = val >> 8;
+ p += sprintf(p, "%d.in-addr.arpa", val & 0xff);
+ virCommandAddArgFormat(cmd, "--local=/%s/", &str[0]);
+ }
VIR_FREE(ipaddr);
}
diff --git a/tests/networkxml2argvdata/isolated-network.argv
b/tests/networkxml2argvdata/isolated-network.argv
index 048c72b..40592d9 100644
--- a/tests/networkxml2argvdata/isolated-network.argv
+++ b/tests/networkxml2argvdata/isolated-network.argv
@@ -2,6 +2,7 @@
--local=// --domain-needed --conf-file= \
--except-interface lo --dhcp-option=3 --no-resolv \
--listen-address 192.168.152.1 \
+--local=/152.168.192.in-addr.arpa/ \
--dhcp-range 192.168.152.2,192.168.152.254 \
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/private.leases --dhcp-lease-max=253 \
--dhcp-no-override\
diff --git a/tests/networkxml2argvdata/nat-network-dns-hosts.argv
b/tests/networkxml2argvdata/nat-network-dns-hosts.argv
index 03a0676..b04f9cc 100644
--- a/tests/networkxml2argvdata/nat-network-dns-hosts.argv
+++ b/tests/networkxml2argvdata/nat-network-dns-hosts.argv
@@ -1,4 +1,5 @@
@DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \
--local=/example.com/ --domain-needed \
--conf-file= --except-interface lo --listen-address 192.168.122.1 \
+--local=/122.168.192.in-addr.arpa/ \
--expand-hosts --addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts\
diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
index a1e4200..e0ea334 100644
--- a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
+++ b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
@@ -5,10 +5,13 @@
--except-interface lo \
--srv-host=name.tcp.,,,, \
--listen-address 192.168.122.1 \
+--local=/122.168.192.in-addr.arpa/ \
--listen-address 192.168.123.1 \
+--local=/123.168.192.in-addr.arpa/ \
--listen-address 2001:db8:ac10:fe01::1 \
--listen-address 2001:db8:ac10:fd01::1 \
--listen-address 10.24.10.1 \
+--local=/10.in-addr.arpa/ \
--dhcp-range 192.168.122.2,192.168.122.254 \
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \
--dhcp-lease-max=253 \
diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
index 8af38c4..0a5cd6b 100644
--- a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
+++ b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
@@ -5,10 +5,13 @@
--except-interface lo \
--srv-host=name.tcp.test-domain-name,.,1024,10,10 \
--listen-address 192.168.122.1 \
+--local=/122.168.192.in-addr.arpa/ \
--listen-address 192.168.123.1 \
+--local=/123.168.192.in-addr.arpa/ \
--listen-address 2001:db8:ac10:fe01::1 \
--listen-address 2001:db8:ac10:fd01::1 \
--listen-address 10.24.10.1 \
+--local=/10.in-addr.arpa/ \
--dhcp-range 192.168.122.2,192.168.122.254 \
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \
--dhcp-lease-max=253 \
diff --git a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
index 404b56a..6e1d054 100644
--- a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
+++ b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
@@ -1,9 +1,14 @@
@DNSMASQ@ --strict-order --bind-interfaces \
--local=// --domain-needed --conf-file= \
--except-interface lo '--txt-record=example,example value' \
---listen-address 192.168.122.1 --listen-address 192.168.123.1 \
+--listen-address 192.168.122.1 \
+--local=/122.168.192.in-addr.arpa/ \
+--listen-address 192.168.123.1 \
+--local=/123.168.192.in-addr.arpa/ \
--listen-address 2001:db8:ac10:fe01::1 \
---listen-address 2001:db8:ac10:fd01::1 --listen-address 10.24.10.1 \
+--listen-address 2001:db8:ac10:fd01::1 \
+--listen-address 10.24.10.1 \
+--local=/10.in-addr.arpa/ \
--dhcp-range 192.168.122.2,192.168.122.254 \
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \
--dhcp-lease-max=253 --dhcp-no-override \
diff --git a/tests/networkxml2argvdata/nat-network.argv
b/tests/networkxml2argvdata/nat-network.argv
index 1dc8f73..55f31e2 100644
--- a/tests/networkxml2argvdata/nat-network.argv
+++ b/tests/networkxml2argvdata/nat-network.argv
@@ -1,8 +1,14 @@
@DNSMASQ@ --strict-order --bind-interfaces \
--local=// --domain-needed --conf-file= \
---except-interface lo --listen-address 192.168.122.1 \
---listen-address 192.168.123.1 --listen-address 2001:db8:ac10:fe01::1 \
---listen-address 2001:db8:ac10:fd01::1 --listen-address 10.24.10.1 \
+--except-interface lo \
+--listen-address 192.168.122.1 \
+--local=/122.168.192.in-addr.arpa/ \
+--listen-address 192.168.123.1 \
+--local=/123.168.192.in-addr.arpa/ \
+--listen-address 2001:db8:ac10:fe01::1 \
+--listen-address 2001:db8:ac10:fd01::1 \
+--listen-address 10.24.10.1 \
+--local=/10.in-addr.arpa/ \
--dhcp-range 192.168.122.2,192.168.122.254 \
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \
--dhcp-lease-max=253 --dhcp-no-override \
diff --git a/tests/networkxml2argvdata/netboot-network.argv
b/tests/networkxml2argvdata/netboot-network.argv
index 5a85ec2..9d62602 100644
--- a/tests/networkxml2argvdata/netboot-network.argv
+++ b/tests/networkxml2argvdata/netboot-network.argv
@@ -1,6 +1,7 @@
@DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \
--local=/example.com/ --domain-needed --conf-file= \
--except-interface lo --listen-address 192.168.122.1 \
+--local=/122.168.192.in-addr.arpa/ \
--dhcp-range 192.168.122.2,192.168.122.254 \
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \
--dhcp-lease-max=253 --dhcp-no-override --expand-hosts --enable-tftp \
diff --git a/tests/networkxml2argvdata/netboot-proxy-network.argv
b/tests/networkxml2argvdata/netboot-proxy-network.argv
index 36836b0..01a4ffd 100644
--- a/tests/networkxml2argvdata/netboot-proxy-network.argv
+++ b/tests/networkxml2argvdata/netboot-proxy-network.argv
@@ -1,6 +1,7 @@
@DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \
--local=/example.com/ --domain-needed --conf-file= \
--except-interface lo --listen-address 192.168.122.1 \
+--local=/122.168.192.in-addr.arpa/ \
--dhcp-range 192.168.122.2,192.168.122.254 \
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \
--dhcp-lease-max=253 --dhcp-no-override --expand-hosts \
diff --git a/tests/networkxml2argvdata/routed-network.argv
b/tests/networkxml2argvdata/routed-network.argv
index 77e802f..e0b3033 100644
--- a/tests/networkxml2argvdata/routed-network.argv
+++ b/tests/networkxml2argvdata/routed-network.argv
@@ -1,3 +1,4 @@
@DNSMASQ@ --strict-order --bind-interfaces \
--local=// --domain-needed --conf-file= \
---except-interface lo --listen-address 192.168.122.1\
+--except-interface lo --listen-address 192.168.122.1 \
+--local=/122.168.192.in-addr.arpa/\
--
1.7.11.4
11:58 a.m.
New subject: [libvirt] [PATCH 2/2] tell dnsmasq not to forward PTR queries
From: Gene Czarcinski <gene(a)czarc.net>
For IPv6 networks that dnsmasq listens to, do not forward any
dns PTR queries for that network. A character string compare
is performed by dnsmasq where each character is a 4-bit
hexidecimal number. Dots ('.') are used to separate characters.
Note that if a network is "listened to", then the assumption is
that the network is "owned" by dnsmasq for purposes of dns query
forwarding.
---
src/network/bridge_driver.c | 15 +++++++++++++++
.../nat-network-dns-srv-record-minimal.argv | 2 ++
tests/networkxml2argvdata/nat-network-dns-srv-record.argv | 2 ++
tests/networkxml2argvdata/nat-network-dns-txt-record.argv | 2 ++
tests/networkxml2argvdata/nat-network.argv | 6 ++++++
tests/networkxml2argvdata/nat-network.xml | 4 ++++
6 files changed, 31 insertions(+)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 7ad6fe2..e9de25a 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -650,6 +650,21 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network,
val = val >> 8;
p += sprintf(p, "%d.in-addr.arpa", val & 0xff);
virCommandAddArgFormat(cmd, "--local=/%s/", &str[0]);
+ }
+ else if ((VIR_SOCKET_ADDR_IS_FAMILY(&tmpipdef->address, AF_INET6)) &&
+ (psize>0) && (psize<128) && ((psize & 3)==0))
+ {
+ /* note its a "nibble" at a time like the ipv4 8/16/24 */
+ char *p, str[73]; /* 73 is strlen("32*<n.>ip6.arpa")+1 */
+ int ii = psize - 1;
+ p = &str[0];
+ while (ii >= 0) {
+ int val = tmpipdef->address.data.inet6.sin6_addr.s6_addr[ii>>3];
+ p += sprintf(p, "%.1x.", (ii>>2) & 1 ? val & 0x0f : val
>> 4);
+ ii -= 4;
+ }
+ p += sprintf(p, "ip6.arpa");
+ virCommandAddArgFormat(cmd, "--local=/%s/", &str[0]);
}
VIR_FREE(ipaddr);
}
diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
index e0ea334..6e666cd 100644
--- a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
+++ b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
@@ -9,7 +9,9 @@
--listen-address 192.168.123.1 \
--local=/123.168.192.in-addr.arpa/ \
--listen-address 2001:db8:ac10:fe01::1 \
+--local=/1.0.e.f.0.1.c.a.8.b.d.0.1.0.0.2.ip6.arpa/ \
--listen-address 2001:db8:ac10:fd01::1 \
+--local=/1.0.d.f.0.1.c.a.8.b.d.0.1.0.0.2.ip6.arpa/ \
--listen-address 10.24.10.1 \
--local=/10.in-addr.arpa/ \
--dhcp-range 192.168.122.2,192.168.122.254 \
diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
index 0a5cd6b..6021ca0 100644
--- a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
+++ b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
@@ -9,7 +9,9 @@
--listen-address 192.168.123.1 \
--local=/123.168.192.in-addr.arpa/ \
--listen-address 2001:db8:ac10:fe01::1 \
+--local=/1.0.e.f.0.1.c.a.8.b.d.0.1.0.0.2.ip6.arpa/ \
--listen-address 2001:db8:ac10:fd01::1 \
+--local=/1.0.d.f.0.1.c.a.8.b.d.0.1.0.0.2.ip6.arpa/ \
--listen-address 10.24.10.1 \
--local=/10.in-addr.arpa/ \
--dhcp-range 192.168.122.2,192.168.122.254 \
diff --git a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
index 6e1d054..28c808d 100644
--- a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
+++ b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
@@ -6,7 +6,9 @@
--listen-address 192.168.123.1 \
--local=/123.168.192.in-addr.arpa/ \
--listen-address 2001:db8:ac10:fe01::1 \
+--local=/1.0.e.f.0.1.c.a.8.b.d.0.1.0.0.2.ip6.arpa/ \
--listen-address 2001:db8:ac10:fd01::1 \
+--local=/1.0.d.f.0.1.c.a.8.b.d.0.1.0.0.2.ip6.arpa/ \
--listen-address 10.24.10.1 \
--local=/10.in-addr.arpa/ \
--dhcp-range 192.168.122.2,192.168.122.254 \
diff --git a/tests/networkxml2argvdata/nat-network.argv
b/tests/networkxml2argvdata/nat-network.argv
index 55f31e2..b516706 100644
--- a/tests/networkxml2argvdata/nat-network.argv
+++ b/tests/networkxml2argvdata/nat-network.argv
@@ -6,7 +6,13 @@
--listen-address 192.168.123.1 \
--local=/123.168.192.in-addr.arpa/ \
--listen-address 2001:db8:ac10:fe01::1 \
+--local=/1.0.e.f.0.1.c.a.8.b.d.0.1.0.0.2.ip6.arpa/ \
--listen-address 2001:db8:ac10:fd01::1 \
+--local=/1.0.d.f.0.1.c.a.8.b.d.0.1.0.0.2.ip6.arpa/ \
+--listen-address fe00:2001:dead:beef:fd01::1 \
+--local=/e.e.b.d.a.e.d.1.0.0.2.0.0.e.f.ip6.arpa/ \
+--listen-address fe00:dead:beef:1234:fd01::1 \
+--local=/0.0.0.0.0.0.0.0.0.0.1.0.d.f.4.3.2.1.f.e.e.b.d.a.e.d.0.0.e.f.ip6.arpa/ \
--listen-address 10.24.10.1 \
--local=/10.in-addr.arpa/ \
--dhcp-range 192.168.122.2,192.168.122.254 \
diff --git a/tests/networkxml2argvdata/nat-network.xml
b/tests/networkxml2argvdata/nat-network.xml
index eb71d9e..98dcca2 100644
--- a/tests/networkxml2argvdata/nat-network.xml
+++ b/tests/networkxml2argvdata/nat-network.xml
@@ -16,6 +16,10 @@
</ip>
<ip family='ipv6' address='2001:db8:ac10:fd01::1'
prefix='64'>
</ip>
+ <ip family='ipv6' address='fe00:2001:dead:beef:fd01::1'
prefix='60'>
+ </ip>
+ <ip family='ipv6' address='fe00:dead:beef:1234:fd01::1'
prefix='120'>
+ </ip>
<ip family='ipv4' address='10.24.10.1'>
</ip>
</network>
--
1.7.11.4
12:25 p.m.
I would appreciate it if the libvirt developers who are attempting to
provide overall guidance to give some thought to the two patches.
I have done a bunch of testing and both patches work as intended ...
they only deal with the dns service provided by dnsmasq.
When dsnmasq is providing both dns and dhcp services, this makes sense.
But how about the situations where dnsmasq is only listening?
The earlier patches I submitted for not forwarding A, AAAA, or MX dns
queries because there was no way for an upstream dns server determining
what should be forwarded to the "Big Eye" Internet. [why isn't
"test.virt" as good a FQDN as anything else]
But, the same is not true for private network PTR queries ... dnsmasq
"bogus-priv" can indicate not to forward them. There is also some
discussion about implementing a similar capability for IPv6.
Anyway, here they are for your consideration.
Gene
On 09/11/2012 12:58 PM, gene(a)czarc.net wrote:
From: Gene Czarcinski <gene(a)czarc.net>
For networks which dnsmasq has "--listen-address" specified, add
the command line parameter so that any dns PTR queries for those
networks are not forwarded.
There are separate patches for IPv4 and IPv6.
Gene Czarcinski (2):
IPV4 local=/....in-addr.arpa/
IPv6 local=/...ip6.arpa/
src/network/bridge_driver.c | 32 ++++++++++++++++++++++
tests/networkxml2argvdata/isolated-network.argv | 1 +
.../networkxml2argvdata/nat-network-dns-hosts.argv | 1 +
.../nat-network-dns-srv-record-minimal.argv | 5 ++++
.../nat-network-dns-srv-record.argv | 5 ++++
.../nat-network-dns-txt-record.argv | 11 ++++++--
tests/networkxml2argvdata/nat-network.argv | 18 ++++++++++--
tests/networkxml2argvdata/nat-network.xml | 4 +++
tests/networkxml2argvdata/netboot-network.argv | 1 +
.../networkxml2argvdata/netboot-proxy-network.argv | 1 +
tests/networkxml2argvdata/routed-network.argv | 3 +-
11 files changed, 76 insertions(+), 6 deletions(-)
9:07 a.m.
On 09/11/2012 01:25 PM, Gene Czarcinski wrote:
I would appreciate it if the libvirt developers who are attempting to
provide overall guidance to give some thought to the two patches.
I have done a bunch of testing and both patches work as intended ...
they only deal with the dns service provided by dnsmasq.
When dsnmasq is providing both dns and dhcp services, this makes
sense. But how about the situations where dnsmasq is only listening?
The earlier patches I submitted for not forwarding A, AAAA, or MX dns
queries because there was no way for an upstream dns server
determining what should be forwarded to the "Big Eye" Internet. [why
isn't "test.virt" as good a FQDN as anything else]
But, the same is not true for private network PTR queries ... dnsmasq
"bogus-priv" can indicate not to forward them. There is also some
discussion about implementing a similar capability for IPv6.
Anyway, here they are for your consideration.
Gene
On 09/11/2012 12:58 PM, gene(a)czarc.net wrote:
> From: Gene Czarcinski <gene(a)czarc.net>
>
> For networks which dnsmasq has "--listen-address" specified, add
> the command line parameter so that any dns PTR queries for those
> networks are not forwarded.
>
> There are separate patches for IPv4 and IPv6.
>
> Gene Czarcinski (2):
> IPV4 local=/....in-addr.arpa/
> IPv6 local=/...ip6.arpa/
>
> src/network/bridge_driver.c | 32
> ++++++++++++++++++++++
> tests/networkxml2argvdata/isolated-network.argv | 1 +
> .../networkxml2argvdata/nat-network-dns-hosts.argv | 1 +
> .../nat-network-dns-srv-record-minimal.argv | 5 ++++
> .../nat-network-dns-srv-record.argv | 5 ++++
> .../nat-network-dns-txt-record.argv | 11 ++++++--
> tests/networkxml2argvdata/nat-network.argv | 18 ++++++++++--
> tests/networkxml2argvdata/nat-network.xml | 4 +++
> tests/networkxml2argvdata/netboot-network.argv | 1 +
> .../networkxml2argvdata/netboot-proxy-network.argv | 1 +
> tests/networkxml2argvdata/routed-network.argv | 3 +-
> 11 files changed, 76 insertions(+), 6 deletions(-)
>
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Mumble, mumble ... for some reason my patches did not make it ... I will
resubmit.
Gene
4456
days inactive
4457
days old
4 comments
2 participants
participants (2)
-
Gene Czarcinski -
gene@czarc.net