Re: [PATCH] loopback is not always just lo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday, 7 November 2016 13:10:06 CET Laine Stump wrote:
> On 11/07/2016 04:15 AM, Daniel P. Berrange wrote:
> > On Mon, Nov 07, 2016 at 01:52:05AM -0500, Laine Stump wrote:
> >> On 11/06/2016 01:54 AM, Roman Bogorodskiy wrote:
> >>>     Daniel P. Berrange wrote:
> >>>
> >>>> On Tue, Nov 01, 2016 at 06:15:59PM +0300, Pavel Timofeev wrote:
> >>>>>    On BSD family OSes (Free/Net/Open/DragonFlyBSD, Mac OS) and
> >>>>>    Solaris loopback interface is called 'lo0' instead of just 'lo'.
> >>>>>
> >>>>> ---
> >>>>>    src/network/bridge_driver.c | 5 +++++
> >>>>>    1 file changed, 5 insertions(+)
> >>>>>
> >>>>> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
> >>>>> index a3ee3f3..9d94d65 100644
> >>>>> --- a/src/network/bridge_driver.c
> >>>>> +++ b/src/network/bridge_driver.c
> >>>>> @@ -1002,7 +1002,12 @@ networkDnsmasqConfContents(virNetworkObjPtr network,
> >>>>>            virBufferAsprintf(&configbuf, "pid-file=%s\n", pidfile);
> >>>>>        /* dnsmasq will *always* listen on localhost unless told otherwise */
> >>>>> +#ifdef __linux__
> >>>>>        virBufferAddLit(&configbuf, "except-interface=lo\n");
> >>>>> +#else
> >>>>> +    /* BSD family OSes and Solaris call loopback interface as lo0 */
> >>>>> +    virBufferAddLit(&configbuf, "except-interface=lo0\n");
> >>>>> +#endif
> >>>>>        if (dnsmasqCapsGet(caps, DNSMASQ_CAPS_BIND_DYNAMIC)) {
> >>>>>            /* using --bind-dynamic with only --interface (no
> >>>> ACK will push shortly.
> >>> This breaks all the networkxml2conftest tests, for example:
> >>>
> >>> $ VIR_TEST_DEBUG=1 VIR_TEST_RANGE=1 ./tests/networkxml2conftest
> >>> TEST: networkxml2conftest
> >>>    1) Network XML-2-Conf isolated-network                               ...
> >>> In '/home/novel/code/libvirt/tests/networkxml2confdata/isolated-network.conf':
> >>> Offset 303
> >>> Expect [
> >>> ]
> >>> Actual [0
> >>> ]
> >>> $
> >> On IRC the other day Roman mentioned the idea of just replacing "lo" with
> >> "lo*" on all platforms. I checked the dnsmasq documentation and this simple
> >> wildcarding is supported for the except-interface option, so I tried out
> >> such a patch on my system and it seems to work properly. Maybe we should do
> >> that instead of having yet another chunk of #ifdef __linux__ code (the test
> >> case datafiles will still need to be changed, but at least they'll be
> >> identical for all platforms).
> > Any idea how far back wildcards work.  If they still work on the RHEL-6
> > vintage dnsmasq, then I'd agree with you and it'll make the test case
> > fix easier to avoid the conditional.
> 
> Time for the "Monday Sigh". Sigh.
> 
> I looked this up in dnsmasq's git repo, and it seems recognition of 
> wildcards in interface names was added in
> 
>    commit 49333cbdbef3bf86198b31a42bffad002de305d5
>    Author: Simon Kelley <simon@xxxxxxxxxxxxxxxxx>
>    Date:   Fri Mar 15 20:30:51 2013 +0000
> 
>        Allow trailing '*' wildcard in interface names.
> 
> That commit was first in dnsmasq 2.66, but RHEL6 is using dnsmasq 2.48.
> 
> The strange thing is that I tried running dnsmasq on RHEL6 with 
> "--except-interface=lo*" and was able to run multiple instances. I guess 
> my test was flawed. (NetworkManager doesn't support use of dnsmasq for 
> DNS services, as Cole suggested as a test in:
> 
>    https://bugzilla.redhat.com/show_bug.cgi?id=886663#c2
> 
> But the source doesn't lie.)
> 
> So I guess we need to parameterize the tests somehow (this seems 
> familiar, but I can't remember why).

Another option could be to create two except-interface items in the
configuration, "lo" and "lo0", regardless the OS. It seems like
dnsmasq supports multiple arguments for --interface and
--except-interface for a decade (I went back to v2.32 cca 2006, feel
free to double check). If the lo* solution proposed above was deemed
safe, just matching two specific interface names instead of everything
starting with "lo" should be even more safe.

What do you think? Should I go ahead and send the patch implementing
my above proposal?

-- 
Pino Toscano

Attachment: signature.asc
Description: This is a digitally signed message part.

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux