On 02/01/12 09:44, Thomas Schweikle wrote: >> That's exactly what happens without --bind-interface, interfaces which >> are configured in dnsmasq but don't exist at startup generate a warning >> only, and start to work when they are created. > > This seems to be correct. > >> Packets from interfaces which are not configured are ignored. > > This isn't correct at all. Assume configuration: > > auto vm0 > iface vm0 inet dhcp > bridge_fd 3 > bridge_hello 2 > bridge_maxage 12 > bridge_stp off > bridge_ports eth0 > > auto vm1 > iface vm1 inet static > address 172.18.1.1 > netmask 255.255.255.0 > bridge_fd 3 > bridge_hello 2 > bridge_maxage 12 > bridge_stp off > pre-up brctl addbr $IFACE > post-down brctl delbr $IFACE > > auto vm8 > iface vm1 inet static > address 172.18.8.1 > netmask 255.255.255.0 > bridge_fd 3 > bridge_hello 2 > bridge_maxage 12 > bridge_stp off > pre-up brctl addbr $IFACE > post-down brctl delbr $IFACE > > and in /etc/dnsmasq.conf: > localise-queries > domain-needed > expand-hosts > no-negcache > filterwin2k > cache-size=150 > > dhcp-authoritative > dhcp-fqdn > dhcp-leasefile=/var/lib/misc/dnsmasq.leases > > dhcp-boot=boot/grub/i386-pc/core.0 > dhcp-no-override > tftp-root=/srv/tftpboot > enable-tftp > > listen-address=127.0.0.1 > resolv-file=/etc/resolv.dhcp > > domain=fritz.box > > #== Interface vm1 > listen-address=172.18.1.1 > domain=fritz.box,172.18.1.0/24 > dhcp-range=172-18-1,172.18.1.129,172.18.1.200,255.255.255.0,30m > dhcp-option=net:172-18-1,28,172.18.1.255 # > option broadcast address > dhcp-option=net:172-18-1,3,172.18.1.1 # > option default route > dhcp-option=net:172-18-1,option:domain-search,fritz.box # > option domain search (RFC-3397) > dhcp-option=net:172-18-1,42,172.18.1.1 # > option ntp-servers > dhcp-option=net:172-18-1,6,172.18.1.1 # > option domain name servers > dhcp-option=net:172-18-1,15,fritz.box # > option domain name > dhcp-option=net:172-18-1,40,fritz.box # > option nis domain > dhcp-option=net:172-18-1,23,50 # > option ttl > dhcp-option=net:172-18-1,19,0 # > option ip-forwarding off > dhcp-option=net:172-18-1,44,0.0.0.0 # set > netbios-over-TCP/IP nameserver(s) aka WINS server(s) > dhcp-option=net:172-18-1,45,0.0.0.0 # > netbios datagram distribution server > dhcp-option=net:172-18-1,46,8 # > netbios node type > > dhcp-option=net:172-18-1,vendor:PXEClient,1,0.0.0.0 > dhcp-option=net:172-18-1,vendor:MSFT,2,1i # > Microsoft: tell client to release the lease > > #== Interface vm8 > listen-address=172.18.8.1 > domain=fritz.box,172.18.8.0/24 > dhcp-range=172-18-8,172.18.8.129,172.18.8.200,255.255.255.0,30m > dhcp-option=net:172-18-8,28,172.18.8.255 # > option broadcast address > dhcp-option=net:172-18-8,3,172.18.8.1 # > option default route > dhcp-option=net:172-18-8,option:domain-search,fritz.box # > option domain search (RFC-3397) > dhcp-option=net:172-18-8,42,172.18.8.1 # > option ntp-servers > dhcp-option=net:172-18-8,6,172.18.8.1 # > option domain name servers > dhcp-option=net:172-18-8,15,fritz.box # > option domain name > dhcp-option=net:172-18-8,40,fritz.box # > option nis domain > dhcp-option=net:172-18-8,23,50 # > option ttl > dhcp-option=net:172-18-8,19,0 # > option ip-forwarding off > dhcp-option=net:172-18-8,44,0.0.0.0 # > set netbios-over-TCP/IP nameserver(s) aka WINS server(s) > dhcp-option=net:172-18-8,45,0.0.0.0 # > netbios datagram distribution server > dhcp-option=net:172-18-8,46,8 # > netbios node type > > dhcp-option=net:172-18-8,vendor:PXEClient,1,0.0.0.0 > dhcp-option=net:172-18-8,vendor:MSFT,2,1i # > Microsoft: tell client to release the lease > > > dhcp-queries are answered on interfaces connected to all bridges! As soon, as > I turn on dnsmasq systems connected via ethernet receive addresses from my > dnsmasq dhcp server I'd suppose only being seen from virtual bridges inside > the host. If I turn on "bind-interfaces" all is OK again. >
OK, some of this behaviour, I think I understand, some not. The first thing to say, is that it's much better to use --interface, instead of --listen-address to control this stuff with DHCP. --listen-address works fine for DNS or TFTP, because the client sends requests to a server address, and the that can be used to filter incoming requests. If a request is sent to 172.18.8.1 or 172.18.1.1 it gets answered, other addresses, it is ignored. This doesn't work for DHCP, because DHCP requests are broadcast to 255.255.255.255. The only thing dnsmasq really knows about a DHCP request is which interface it arrived on. To do --listen-address filtering, it uses the primary IP address of that interface. If the interface doesn't _have_ an IP address, like vm0, it can't do filtering and answers always. That may be a bug: I need to think about this more, but the immediate solution is to use interface=vm1 interface=vm8 instead of listen-address. That always well-defined. For the DHCP part of dnsmasq, the only difference in behavior between --bind-interfaces and no --bind-interfaces, is that the sockopt SO_REUSEADDR is set on the DHCP listening socket whith --bind-interfaces. I'm not sure if that's having an effect here. Simon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/876458 Title: dnsmasq started before all interfaces are up To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/876458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
