改正openwrt上bind網路卡的行為 #1803
改正openwrt上bind網路卡的行為 #1803
Conversation
hizukiayaka
force-pushed
the
openwrt
branch
2 times, most recently
from
4d3a72b
to
404cd58
Compare
|
|
||
| if [ "$ipv6_server" = "1" ]; then | ||
| local __addr | ||
| __addr=$(ifconfig "$__device"|grep 'Scope:Link' \ |
There was a problem hiding this comment.
ifconfig命令应该要替换为ip命令,ifconfig大部分系统默认不安装
There was a problem hiding this comment.
您原本的script中主要是使用ifconfig的,ip是ip route2或者busybox中的tiny版本。
所以這樣的考量依舊使用了ifconfig,您確認一下如果要ip-addresss(8)我就改了。
| __addr=$(ifconfig "$__device"|grep 'Scope:Link' \ | ||
| | sed 's:.*\(fe[8ab].*\)/.*:\1:') | ||
|
|
||
| conf_append "$bind_type" "[${__addr}]:${port}@${__device} $ARGS" |
There was a problem hiding this comment.
这里还有一个场景是,动态增加的IP,可能就会导致问题。
目前smartdns并不会监听ip地址变化。
如果网口新增了IP,那么新增的将会无法提供服务。
感觉应该设计为两种模式:
- 绑定网口模式。
- 绑定IP地址模式。
不应该两种一起使用
There was a problem hiding this comment.
這個唯獨有問題的場景是下發ipv6位置到lan這邊來,但是一般dhcp會在上面那個link local上在回應client的request。
當然這邊不是沒有考慮過這個問題,hotplug.d可以install一個hook去call update file。
bind port沒有辦法bind到某個interface上而不衝突。
There was a problem hiding this comment.
不是不是 考虑pppoe重新拨号的情况。。。而且有些openwrt固件重新拨号不会触发hotplug
There was a problem hiding this comment.
應該沒有人去bind 到 wan這邊吧。沒有invoke hotplug那就是非offical行為了, script這個level是沒法解決的。
非要解決只能去register個netlink來hook event 了。
There was a problem hiding this comment.
ipv6有一个情形是上游宣告新的ip后,没有宣告旧ip失效,导致设备上存在多个ip
There was a problem hiding this comment.
OK,我要確認一下PD的規範和dnsmasq的行為。
這個問題要不要加一個option只bind 到ULA和link local先完善這個部分feature
There was a problem hiding this comment.
There was a problem hiding this comment.
#1718 這次的commit可以解決這個問題
#1793 的方案是不對的,會和其他dhcp server如dnsmasq造成conflict。udp 沒有connect()是不保證會是同一個process 來response的。
dnsmasq的--listen-address, --bind-interfaces, --interface這幾個options其實一直造成我很困擾,
listen-address不管dhcp的,因為dhcp是工作在broadcast address,但是bind-interfaces 會造成dhcp用的port conflict。
而--interface郵會造成比如我只要dhcp service而不要dns service的場景出問題。
這邊我是計畫向dnsmasq提issue來address這個場景。
不過對於smartdns本身應該這些commits是可以避免自己造成bug的。
所以這個部分建議先接受我這樣的方案,後面再改善。
The interface name defined in /etc/config/network is called logic interface name in OpenWRT. Usually, it didn't present the interface name in Linux system. When we configure the smartdns bind to a interface, it usually means only the addresses assgined with that interface should be listened. We could have many applications bind to the same port.
We could have more than the second bind port.
| config_get force_https_soa "$section" "force_https_soa" "1" | ||
| [ "$force_https_soa" = "1" ] && qtype_soa_list="$qtype_soa_list 65" | ||
| config_get force_https_soa "$section" "force_https_soa" "0" | ||
| [ "$force_https_soa" = "1" ] && server_flags="$server_flags -force-https-soa" |
There was a problem hiding this comment.
預設數值不要關閉對IPv6的查詢。
另外force-qtype-SOA 是一個全局的option,我爲了免得apply到每個interface的不同設定中去。
現在就算是main server也是被認爲獨立的,所以應該要這樣改。
The interface name defined in /etc/config/network is called logic interface name in OpenWRT. Usually, it didn't present the interface name in Linux system.
When we configure the smartdns bind to a interface, it usually means only the addresses assgined with that interface should be listened. We could have many applications bind to the same port.