From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202408 header.b=aZWBX66D; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 4D7BD5A004C for ; Thu, 03 Oct 2024 07:14:07 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202408; t=1727932444; bh=tFba+Dg2lXvYJu+84WfmR7bIgZURMPRvNmGUlz3QWdI=; h=From:To:Cc:Subject:Date:From; b=aZWBX66DTKyuDyn8RJynBv8VK/bPKVG89w4cAF8MX5/3XMWzQXM/w0e4vkqyoLITW EcCdYtaFv14i4k42f1YqskDHUDhSiUyKJkpKSu2mrwknz0R4U+5jblHa3T3Q5G9jnw ZatOTvrTADuR/D6BOydLiqtEE1JqZSgpcSAO5nt4ItgakrCaGhb+rxZD4lL6HsMxr4 YFwiRkNtgdg0f/9OLjYHHjWiyFS05GJXyEaEIjpld72fZdNoBkys5T7mJeChWkRdZQ cO34ya3tZ2jTT/0LPXE4vqVkgFnX58eBxmU9TAOADeY59B9IUgHJmJGJz25oR3oG/L bBdvvnsNfSwtA== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4XK0G452mMz4wx5; Thu, 3 Oct 2024 15:14:04 +1000 (AEST) From: David Gibson To: Stefano Brivio , passt-dev@passt.top Subject: [PATCH] conf: Add --dns-host option to configure host side nameserver Date: Thu, 3 Oct 2024 15:14:02 +1000 Message-ID: <20241003051402.2548424-1-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.46.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: K6RWQT2USXJPDX7XABVOZPCCD6SQCAF7 X-Message-ID-Hash: K6RWQT2USXJPDX7XABVOZPCCD6SQCAF7 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: When redirecting DNS queries with the --dns-forward option, passt/pasta needs a host side nameserver to redirect the queries to. This is controlled by the c->ip[46].dns_host variables. This is set to the first first nameserver listed in the host's /etc/resolv.conf, and there isn't currently a way to override it from the command line. Prior to 0b25cac9 ("conf: Treat --dns addresses as guest visible addresses") it was possible to alter this with the -D/--dns option. However, doing so was confusing and had some nonsensical edge cases because -D generally takes guest side addresses, rather than host side addresses. Add a new --dns-host option to restore this functionality in a more sensible way. Link: https://bugs.passt.top/show_bug.cgi?id=102 Signed-off-by: David Gibson --- conf.c | 16 ++++++++++++++++ passt.1 | 17 +++++++++++++---- 2 files changed, 29 insertions(+), 4 deletions(-) Based on the earlier patch adding the --freebind option. diff --git a/conf.c b/conf.c index e617bb6..b3b5342 100644 --- a/conf.c +++ b/conf.c @@ -829,6 +829,9 @@ static void usage(const char *name, FILE *f, int status) " --dns-forward ADDR Forward DNS queries sent to ADDR\n" " can be specified zero to two times (for IPv4 and IPv6)\n" " default: don't forward DNS queries\n" + " --dns-host ADDR Host nameserver to direct queries to\n" + " can be specified zero to two times (for IPv4 and IPv6)\n" + " default: first nameserver from host's /etc/resolv.conf\n" " --no-tcp Disable TCP protocol handler\n" " --no-udp Disable UDP protocol handler\n" " --no-icmp Disable ICMP/ICMPv6 protocol handler\n" @@ -1290,6 +1293,7 @@ void conf(struct ctx *c, int argc, char **argv) {"map-host-loopback", required_argument, NULL, 21 }, {"map-guest-addr", required_argument, NULL, 22 }, {"host-lo-to-ns-lo", no_argument, NULL, 23 }, + {"dns-host", required_argument, NULL, 24 }, { 0 }, }; const char *logname = (c->mode == MODE_PASTA) ? "pasta" : "passt"; @@ -1472,6 +1476,18 @@ void conf(struct ctx *c, int argc, char **argv) die("--host-lo-to-ns-lo is for pasta mode only"); c->host_lo_to_ns_lo = 1; break; + case 24: + if (inet_pton(AF_INET6, optarg, &c->ip6.dns_host) && + !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns_host)) + break; + + if (inet_pton(AF_INET, optarg, &c->ip4.dns_host) && + !IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns_host) && + !IN4_IS_ADDR_BROADCAST(&c->ip4.dns_host)) + break; + + die("Invalid host nameserver address: %s", optarg); + break; case 'd': c->debug = 1; c->quiet = 0; diff --git a/passt.1 b/passt.1 index 1386f29..f084978 100644 --- a/passt.1 +++ b/passt.1 @@ -249,10 +249,19 @@ the host. .TP .BR \-\-dns-forward " " \fIaddr Map \fIaddr\fR (IPv4 or IPv6) as seen from guest or namespace to the -first configured DNS resolver (with corresponding IP version). Maps -only UDP and TCP traffic to port 53 or port 853. Replies are -translated back with a reverse mapping. This option can be specified -zero to two times (once for IPv4, once for IPv6). +nameserver (with corresponding IP version) specified by the +\fB\-\-dns-host\fR option. Maps only UDP and TCP traffic to port 53 or +port 853. Replies are translated back with a reverse mapping. This +option can be specified zero to two times (once for IPv4, once for +IPv6). + +.TP +.BR \-\-dns-host " " \fIaddr +Configure the host nameserver which guest or namespace queries to the +\fB\-\-dns-forward\fR address will be redirected to. This option can +be specified zero to two times (once for IPv4, once for IPv6). +By default, the first nameserver from the host's +\fI/etc/resolv.conf\fR. .TP .BR \-S ", " \-\-search " " \fIlist -- 2.46.2