public inbox for passt-dev@passt.top
 help / color / mirror / code / Atom feed
From: Stefano Brivio <sbrivio@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: passt-dev@passt.top, Paul Holzinger <pholzing@redhat.com>
Subject: Re: [PATCH 2/3] conf: Split the notions of read DNS addresses and offered ones
Date: Thu, 3 Nov 2022 07:42:44 +0100	[thread overview]
Message-ID: <20221103074244.1da10350@elisabeth> (raw)
In-Reply-To: <Y2M3bi2X5rhknGvT@yekko>

On Thu, 3 Nov 2022 14:37:18 +1100
David Gibson <david@gibson.dropbear.id.au> wrote:

> On Thu, Nov 03, 2022 at 12:04:42AM +0100, Stefano Brivio wrote:
> > With --dns-forward, if the host has a loopback address configured as
> > DNS server, we should actually use it to forward queries, but, if
> > --no-map-gw is passed, we shouldn't offer the same address via DHCP,
> > NDP and DHCPv6, because it's not going to be reachable.
> > 
> > Problematic configuration: systemd-resolved configuring the usual
> > 127.0.0.53 on the host, and --dns-forward specified with an unrelated
> > address. We still want to forward queries to 127.0.0.53, so we can't
> > drop it from the addresses in IPv4 and IPv6 context,  
> 
> I'm not entirely sure what you mean by that.

Hopefully clarified enough in v2.

> > but we shouldn't
> > offer that address either.
> > 
> > With this change, I'm only covering the case of automatically
> > configured DNS servers from /etc/resolv.conf. We could extend this to
> > addresses configured with command-line options, but I don't really
> > see a likely use case at this point.
> > 
> > Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> > ---
> >  conf.c   | 50 ++++++++++++++++++++++++++++++++++----------------
> >  dhcp.c   |  5 +++--
> >  dhcpv6.c |  5 +++--
> >  ndp.c    |  6 +++---
> >  passt.h  |  8 ++++++--
> >  5 files changed, 49 insertions(+), 25 deletions(-)
> > 
> > diff --git a/conf.c b/conf.c
> > index 5b88547..c4e1030 100644
> > --- a/conf.c
> > +++ b/conf.c
> > @@ -355,10 +355,11 @@ overlap:
> >   */
> >  static void get_dns(struct ctx *c)
> >  {
> > +	uint32_t *dns4 = &c->ip4.dns[0], *dns4_send = &c->ip4.dns_send[0];
> > +	struct in6_addr *dns6_send = &c->ip6.dns_send[0];
> >  	int dns4_set, dns6_set, dnss_set, dns_set, fd;
> >  	struct in6_addr *dns6 = &c->ip6.dns[0];
> >  	struct fqdn *s = c->dns_search;
> > -	uint32_t *dns4 = &c->ip4.dns[0];
> >  	struct lineread resolvconf;
> >  	int line_len;
> >  	char *line, *p, *end;
> > @@ -388,30 +389,45 @@ static void get_dns(struct ctx *c)
> >  			if (!dns4_set &&
> >  			    dns4 - &c->ip4.dns[0] < ARRAY_SIZE(c->ip4.dns) - 1 &&
> >  			    inet_pton(AF_INET, p + 1, dns4)) {
> > -				/* We can only access local addresses via the gw redirect */
> > -				if (ntohl(*dns4) >> IN_CLASSA_NSHIFT == IN_LOOPBACKNET) {
> > -					if (c->no_map_gw) {
> > -						*dns4 = 0;
> > +				/* Guest or container can only access local
> > +				 * addresses via local redirect
> > +				 */
> > +				if (IPV4_IS_LOOPBACK(ntohl(*dns4))) {
> > +					if (c->no_map_gw)
> >  						continue;  
> 
> In this case shouldn't you still be recording the local address in the
> dns[] array (but not dns_send[]) since it's a valid nameserver for the
> host.  In which case you'd need to advance the dns4 pointer.

Oops, right, fixed in v2.

> If I'm mistaken and you don't want to record it in the dns[] array,
> then shouldn't you clear it (because otherwise you will record it if
> this is the last "nameserver" line).
> 
> > -					}
> > -					*dns4 = c->ip4.gw;
> > +
> > +					*dns4_send = c->ip4.gw;
> > +				} else {
> > +					*dns4_send = *dns4;
> >  				}  
> 
> I think it would be clearer to update *dns4 if necessary, then
> set *dns4_send = *dns4 outside the if statement.

Probably not relevant now that I fixed the case you mentioned above.

-- 
Stefano


  reply	other threads:[~2022-11-03  6:44 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-02 23:04 [PATCH 0/3] Fixes and workarounds for pasta with Podman in Google Cloud Stefano Brivio
2022-11-02 23:04 ` [PATCH 1/3] conf: Consistency check between configured IPv4 netmask and gateway Stefano Brivio
2022-11-03  3:17   ` David Gibson
2022-11-03  6:39     ` Stefano Brivio
2022-11-02 23:04 ` [PATCH 2/3] conf: Split the notions of read DNS addresses and offered ones Stefano Brivio
2022-11-03  3:37   ` David Gibson
2022-11-03  6:42     ` Stefano Brivio [this message]
2022-11-02 23:04 ` [PATCH 3/3] udp: Check for answers to forwarded DNS queries before handling local redirects Stefano Brivio
2022-11-03  3:42   ` David Gibson
2022-11-03  6:42     ` Stefano Brivio
2022-11-05  1:19       ` David Gibson
2022-11-06 22:22         ` Stefano Brivio
2022-11-07  1:08           ` David Gibson
2022-11-07  9:51             ` Stefano Brivio
2022-11-08  5:51               ` David Gibson
2022-11-08  6:22                 ` Stefano Brivio
2022-11-10  4:30                   ` David Gibson
2022-11-03  3:13 ` [PATCH 0/3] Fixes and workarounds for pasta with Podman in Google Cloud David Gibson
2022-11-03  6:36   ` Stefano Brivio

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221103074244.1da10350@elisabeth \
    --to=sbrivio@redhat.com \
    --cc=david@gibson.dropbear.id.au \
    --cc=passt-dev@passt.top \
    --cc=pholzing@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://passt.top/passt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).