Hi List,
Ipset supports a concept of 'aging' entries, like:
~~
Examples from ipset(8):
ipset create test hash:ip timeout 300
ipset add test 192.168.0.1 timeout 60
ipset -exist add test 192.168.0.1 timeout 600
~~
Dnsmasq supports a concept of adding entries to ipset
~~
ipset=/.wearetriple.com/p1_afkl_http_https_test
~~
However the timeout functionality is not implemented in the current DNSMASQ
implementation.
Using the DNS TTL as an IPSET TIMEOUT would seem natural...
Would this be right construct, to support that behavior?
ATTR_DATA followed by the IP or TIMEOUT value in the nested construct?
~~
proto = IPSET_PROTOCOL;
add_attr(nlh, IPSET_ATTR_PROTOCOL, sizeof(proto), &proto);
add_attr(nlh, IPSET_ATTR_SETNAME, strlen(setname) + 1, setname);
nested[0] = (struct my_nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
nlh->nlmsg_len += NL_ALIGN(sizeof(struct my_nlattr));
nested[0]->nla_type = NLA_F_NESTED | IPSET_ATTR_DATA;
nested[1] = (struct my_nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
nlh->nlmsg_len += NL_ALIGN(sizeof(struct my_nlattr));
nested[1]->nla_type = NLA_F_NESTED | IPSET_ATTR_IP;
add_attr(nlh,
(af == AF_INET ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6) |
NLA_F_NET_BYTEORDER,
addrsz, ipaddr);
nested[2] = (struct my_nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
nlh->nlmsg_len += NL_ALIGN(sizeof(struct my_nlattr));
nested[2]->nla_type = NLA_F_NESTED | IPSET_ATTR_DATA;
nested[3] = (struct my_nlattr *)(buffer + NL_ALIGN(nlh->nlmsg_len));
nlh->nlmsg_len += NL_ALIGN(sizeof(struct my_nlattr));
nested[3]->nla_type = NLA_F_NESTED | IPSET_ATTR_TIMEOUT;
add_attr(nlh, IPSET_ATTR_TIMEOUT | NLA_F_NET_BYTEORDER, sizeof(attl), &attl);
nested[3]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void
*)nested[3];
nested[2]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void
*)nested[2];
nested[1]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void
*)nested[1];
nested[0]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void
*)nested[0];
while (retry_send(sendto(ipset_sock, buffer, nlh->nlmsg_len, 0,
(struct sockaddr *)&snl, sizeof(snl))));
~~
sendto(3, {{len=88, type=NFNL_SUBSYS_IPSET<<8|IPSET_CMD_ADD,
flags=NLM_F_REQUEST, seq=0, pid=0}, {nfgen_family=AF_INET,
version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=5, nla_type=NFNETLINK_V1},
"\x06"}, {{nla_len=28, nla_type=0x2},
"\x70\x31\x5f\x61\x66\x6b\x6c\x5f\x68\x74\x74\x70\x5f\x68\x74\x74\x70\x73\x5f\x74\x65\x73\x74\x00"},
{{nla_len=32, nla_type=NLA_F_NESTED|0x7},
"\x1c\x00\x01\x80\x08\x00\x01\x40\x5d\xbb\x0d\xc8\x10\x00\x06\x80\x0c\x00\x06\x40\x0e\x00\x00\x00\x00\x00\x00\x00"}]},
88, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 88
Met vriendelijke groet / Best regards,
Roderick Groesbeek
CTO
M: +31 6250 67917
O: +31 72 512 95 16<tel:+31725129516>
E: r.groesb...@wearetriple.com<mailto:r.groesb...@wearetriple.com>
W: www.wearetriple.com<http://www.wearetriple.com/>
Triple | Keesomstraat 10E | 1821 BS | Alkmaar | The Netherlands
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
