[libvirt] [PATCH] add --interface to dnsmasq command line so bind-interfaces works

Fri Oct 19 17:01:35 UTC 2012

On 10/19/2012 01:04 AM, Gene Czarcinski wrote:
>  The problem is that, without SO_BINDTODEVICE, there is no guarantee
>  that the kernel will route DHCP (v4 or v6) packets to the correct
>  instance of dnsmasq, when there is more than one.

Thanks for taking the time to investigate this (and the other problems
you've found) and interface with the dnsmasq maintainer!

Before we push this, we need to ascertain how this will change behavior
for older versions of dnsmasq on still-in-support older versions of
various distros. In particular, Fedora 16 is using dnsmasq 2.59,
RHEL6/CentOS6 are using dnsmasq 2.48, and RHEL5/CentOS5 are using
dnsmasq 2.45. (I don't have information about the dnsmasq versions on
other distros)

If it turns out that having the two options together is harmless on
those older versions, we can push it as is; otherwise we need to at
least seriously consider doing a check of dnsmasq version and setup the
args appropriately according to version (or alternately start thinking
about requiring people building upstream libvirt on the oldest platforms
to also build their own upstream dnsmasq).

I just happen to have Fedora 16 and RHEL6 running on real hardware, but
RHEL5 only in a guest. I'm not exactly sure what is an adequate test,
though. Do you know enough about the alleged "problems with older
versions" to provide a cookbook?

> ---
>  src/network/bridge_driver.c                          | 20 ++++++++++++++------
>  tests/networkxml2argvdata/isolated-network.argv      |  1 +
>  tests/networkxml2argvdata/nat-network-dns-hosts.argv |  3 ++-
>  .../nat-network-dns-srv-record-minimal.argv          |  1 +
>  .../nat-network-dns-srv-record.argv                  |  1 +
>  .../nat-network-dns-txt-record.argv                  |  1 +
>  tests/networkxml2argvdata/nat-network.argv           |  3 ++-
>  tests/networkxml2argvdata/netboot-network.argv       |  3 ++-
>  tests/networkxml2argvdata/netboot-proxy-network.argv |  3 ++-
>  tests/networkxml2argvdata/routed-network.argv        |  3 ++-
>  10 files changed, 28 insertions(+), 11 deletions(-)
>
> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
> index 5578373..821b955 100644
> --- a/src/network/bridge_driver.c
> +++ b/src/network/bridge_driver.c
> @@ -682,14 +682,22 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network,
>          }
>      }
>  
> -    /*
> -     * --interface does not actually work with dnsmasq < 2.47,
> -     * due to DAD for ipv6 addresses on the interface.
> -     *
> -     * virCommandAddArgList(cmd, "--interface", ipdef->bridge, NULL);
> +    /* It may have been important not to use --interface at one time,
> +     * but with with dnsmasq => 2.61 there is a problem if
> +     * --interface is not specified because --bind-interfaces
> +     * will have no effect.  Here is what Simon Kelly (dnsmasq
> +     * developer) has to say on the subject:
> +     * "The problem is that, without SO_BINDTODEVICE, there is 
> +     * no guarantee that the kernel will route DHCP (v4 or v6) 
> +     * packets to the correct instance of dnsmasq, 
> +     * when there is more than one."
>       *
> -     * So listen on all defined IPv[46] addresses
> +     * --interface is added but the --listen-address parameters
> +     * are left in.
>       */
> +
> +    virCommandAddArgList(cmd, "--interface", network->def->bridge, NULL);
> +    
>      for (ii = 0;
>           (tmpipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, ii));
>           ii++) {
> diff --git a/tests/networkxml2argvdata/isolated-network.argv b/tests/networkxml2argvdata/isolated-network.argv
> index 048c72b..c27f793 100644
> --- a/tests/networkxml2argvdata/isolated-network.argv
> +++ b/tests/networkxml2argvdata/isolated-network.argv
> @@ -1,6 +1,7 @@
>  @DNSMASQ@ --strict-order --bind-interfaces \
>  --local=// --domain-needed --conf-file= \
>  --except-interface lo --dhcp-option=3 --no-resolv \
> +--interface virbr2 \
>  --listen-address 192.168.152.1 \
>  --dhcp-range 192.168.152.2,192.168.152.254 \
>  --dhcp-leasefile=/var/lib/libvirt/dnsmasq/private.leases --dhcp-lease-max=253 \
> diff --git a/tests/networkxml2argvdata/nat-network-dns-hosts.argv b/tests/networkxml2argvdata/nat-network-dns-hosts.argv
> index 03a0676..0b72bcd 100644
> --- a/tests/networkxml2argvdata/nat-network-dns-hosts.argv
> +++ b/tests/networkxml2argvdata/nat-network-dns-hosts.argv
> @@ -1,4 +1,5 @@
>  @DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \
>  --local=/example.com/ --domain-needed \
> ---conf-file= --except-interface lo --listen-address 192.168.122.1 \
> +--conf-file= --except-interface lo \
> +--interface virbr0 --listen-address 192.168.122.1 \
>  --expand-hosts --addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts\
> diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
> index a1e4200..f1273de 100644
> --- a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
> +++ b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
> @@ -4,6 +4,7 @@
>  --local=// --domain-needed --conf-file= \
>  --except-interface lo \
>  --srv-host=name.tcp.,,,, \
> +--interface virbr0 \
>  --listen-address 192.168.122.1 \
>  --listen-address 192.168.123.1 \
>  --listen-address 2001:db8:ac10:fe01::1 \
> diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
> index 8af38c4..6aac056 100644
> --- a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
> +++ b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
> @@ -4,6 +4,7 @@
>  --local=// --domain-needed --conf-file= \
>  --except-interface lo \
>  --srv-host=name.tcp.test-domain-name,.,1024,10,10 \
> +--interface virbr0 \
>  --listen-address 192.168.122.1 \
>  --listen-address 192.168.123.1 \
>  --listen-address 2001:db8:ac10:fe01::1 \
> diff --git a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
> index 404b56a..a65e9a8 100644
> --- a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
> +++ b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
> @@ -1,6 +1,7 @@
>  @DNSMASQ@ --strict-order --bind-interfaces \
>  --local=// --domain-needed --conf-file= \
>  --except-interface lo '--txt-record=example,example value' \
> +--interface virbr0 \
>  --listen-address 192.168.122.1 --listen-address 192.168.123.1 \
>  --listen-address 2001:db8:ac10:fe01::1 \
>  --listen-address 2001:db8:ac10:fd01::1 --listen-address 10.24.10.1 \
> diff --git a/tests/networkxml2argvdata/nat-network.argv b/tests/networkxml2argvdata/nat-network.argv
> index 1dc8f73..f25979d 100644
> --- a/tests/networkxml2argvdata/nat-network.argv
> +++ b/tests/networkxml2argvdata/nat-network.argv
> @@ -1,6 +1,7 @@
>  @DNSMASQ@ --strict-order --bind-interfaces \
>  --local=// --domain-needed --conf-file= \
> ---except-interface lo --listen-address 192.168.122.1 \
> +--except-interface lo --interface virbr0 \
> +--listen-address 192.168.122.1 \
>  --listen-address 192.168.123.1 --listen-address 2001:db8:ac10:fe01::1 \
>  --listen-address 2001:db8:ac10:fd01::1 --listen-address 10.24.10.1 \
>  --dhcp-range 192.168.122.2,192.168.122.254 \
> diff --git a/tests/networkxml2argvdata/netboot-network.argv b/tests/networkxml2argvdata/netboot-network.argv
> index 5a85ec2..59a0266 100644
> --- a/tests/networkxml2argvdata/netboot-network.argv
> +++ b/tests/networkxml2argvdata/netboot-network.argv
> @@ -1,6 +1,7 @@
>  @DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \
>  --local=/example.com/ --domain-needed --conf-file= \
> ---except-interface lo --listen-address 192.168.122.1 \
> +--except-interface lo --interface virbr1 \
> +--listen-address 192.168.122.1 \
>  --dhcp-range 192.168.122.2,192.168.122.254 \
>  --dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \
>  --dhcp-lease-max=253 --dhcp-no-override --expand-hosts --enable-tftp \
> diff --git a/tests/networkxml2argvdata/netboot-proxy-network.argv b/tests/networkxml2argvdata/netboot-proxy-network.argv
> index 36836b0..e3fe668 100644
> --- a/tests/networkxml2argvdata/netboot-proxy-network.argv
> +++ b/tests/networkxml2argvdata/netboot-proxy-network.argv
> @@ -1,6 +1,7 @@
>  @DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \
>  --local=/example.com/ --domain-needed --conf-file= \
> ---except-interface lo --listen-address 192.168.122.1 \
> +--except-interface lo --interface virbr1 \
> +--listen-address 192.168.122.1 \
>  --dhcp-range 192.168.122.2,192.168.122.254 \
>  --dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \
>  --dhcp-lease-max=253 --dhcp-no-override --expand-hosts \
> diff --git a/tests/networkxml2argvdata/routed-network.argv b/tests/networkxml2argvdata/routed-network.argv
> index 77e802f..093c0ee 100644
> --- a/tests/networkxml2argvdata/routed-network.argv
> +++ b/tests/networkxml2argvdata/routed-network.argv
> @@ -1,3 +1,4 @@
>  @DNSMASQ@ --strict-order --bind-interfaces \
>  --local=// --domain-needed --conf-file= \
> ---except-interface lo --listen-address 192.168.122.1\
> +--except-interface lo --interface virbr1 \
> +--listen-address 192.168.122.1\