FS#269 - dnsmasq-full doesn't set ipsets

[openwrt-bot]

eTomm:

When you define an ipset in the dhcp config file, dnsmasq doesn't add the set to the ipset list. It correctly configure itself to manage it.

All the tests are being done on LEDE trunk on a Linksys EA8500. Before, in OpenWRT CC 15.05 on a Archer C7 everything was working correctly. In both case the package dnsmasq-full has been installed to substitute dnsmasq.

I declared in /etc/config/dhcp under dnsmasq

config dnsmasq ... list ipset '/hulu.com/hulu' list ipset '/huluim.com/huluim' ...

The configuration generated for dnsmasq correctly contains the ipset, but when you use ipset list to see them you don't see them.

if you use ipset create hash:ip it correctlys begins to fill them.

This is not the case with CC 15.05. There my ipset where working correctly.

[openwrt-bot]

aarond10:

Confirmed also on an Archer C7. Did someone clean up the build rules for this and cut it out by mistake?

Tue Nov 15 12:40:25 2016 daemon.crit dnsmasq[9415]: recompile with HAVE_IPSET defined to enable ipset directives at line 14 of /var/etc/dnsmasq.conf.cfg02411c


[openwrt-bot]

None:

I've just checked on my build and the 'dnsmasq-full' build option selects dhcpv6, dnssec, auth dns, ipset, conntrack & no_id by default. I further checked the binary built and it includes all the things I would expect.

[openwrt-bot]

eTomm:

Should we perform a futher test? What I see is that the ipset is correctly managed by dnsmasq and filled IF IT EXISTS.

Instead in CC 15.05 it was also creating it.

I am using this feature together with mwan3 that has been heavily modified from CC 15.05... maybe was mwan3 that created the ipsets?

[openwrt-bot]

None:

Similarly, even going back as far as Jan 2013, I can find no evidence that the dnsmasq init script created the ipsets, and hence dnsmasq's behaviour is as per documentation in that it needs the sets created before it will populate them.

Ipsets can be created in /etc/config/firewall something like

config ipset
option enabled '1'
option name 'hulu'
option storage 'hash'
option family 'ipv4'
option match 'src_ip'

[openwrt-bot]

eTomm:

But this doesn't explain why it was working in CC 15.05. Do you have any knowledge regarding mwan3 creating the ipsets?

[openwrt-bot]

None:

We can safely say that dnsmasq is not the problem and is working correctly. The issue is elsewhere.

Beyond a quick look at the code and a 'google' a few minutes ago I've no mwan3 knowledge. Assuming you have access to your working system, I'd start by grepping through for 'ipset' and/or some of your set names and see what turns up. Else extract and look through a router backup archive in a similar manner.

I assume you have the mwan3 config rule set - it'll be similar to this is guess:

config rule 'youtube'
option sticky ‘1'
option timeout ‘300'
option ipset 'youtube'
option dest_port '80,443'
option proto 'tcp'
option use_policy 'balanced'