From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ct17ttZ3;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTPS id 9C1B15A026F
	for <passt-dev@passt.top>; Mon, 14 Apr 2025 11:31:07 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1744623066;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=rXaCKZ7+lYWRMktEHQM3ffvhi2Q7uc8GsBJlTa2DEIo=;
	b=ct17ttZ3n1pMZUXLwUxpRBoSTrtLZ5Juo/bLpC7CoS+6XNNHJ1x0Ab8Sxz4URhckGtaCf6
	AcwFIGPqbNniGFOEQxquHrSx0vxd1IUzDXJAJScAN0+J8ouXB7HEdwhdsjwqOyOklC6bly
	Wlh4c48GF0WAQyJ/mCi1xyekJhtAuA8=
Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com
 [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-689-l8Xf0Mo1Mo280HE5STZXeg-1; Mon, 14 Apr 2025 05:31:05 -0400
X-MC-Unique: l8Xf0Mo1Mo280HE5STZXeg-1
X-Mimecast-MFC-AGG-ID: l8Xf0Mo1Mo280HE5STZXeg_1744623064
Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-3914bc0cc4aso2400393f8f.3
        for <passt-dev@passt.top>; Mon, 14 Apr 2025 02:31:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1744623064; x=1745227864;
        h=content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=rXaCKZ7+lYWRMktEHQM3ffvhi2Q7uc8GsBJlTa2DEIo=;
        b=KH8F4ktiKfw/T6k2QfDqzw41tGfOQkUvLh38p/H9uklc3gFZnmoAUQ5AWZLizTJrB9
         RFJHkH3mA1qWJPo+QvWFMOMbUgzi5twwAMjPSQqtk9EyN9nUeOXw6/w9pYi55pKc7k4V
         lQhPjEzT6Y9TIIxJNU22mMkyS5AIjec7mlGN0HBg08gY6QWfjRCfFiyIfkBIocJoYDUH
         ss7NJdI79nIyDdEcvOC4nTDLsajUrA/zUZI549qm1dMSJ76+vDSXlBRCls/EO477cA3E
         RXmiHabUt0Xu2q6v/kWkLbYIjm4kzyz2Uxxu9CbXsi8SR/jtH+5cLdaC3R52BxzQnTO6
         8FBA==
X-Gm-Message-State: AOJu0Yx99t5Q5KmaKW7GyHinFoHAysfuR3j7oA/RSothHktS8d2SHujJ
	tfeqEtQXdbUumpZR/C3QCRMMpHgqkt2QyL5i/OoMpRsxZ2RLpjQZzG+Xl5rXzhWYKreivTTQE0B
	cKHezokx+CicuYuTqA7NpjAQ9Fu/OtqEJiKGMS5keB/BAumYE+0InesTwog==
X-Gm-Gg: ASbGncsfzjpKa5d1uLtAJnYKgZzTRoGt8AcNJF5suXNUL8fn0zXTJFlmFwWE0/az3nL
	4RXwkT3zr26zvnQPTbzs6Xn19yVMaMxORehZHuGldF/XHw9iRLOoQOg8Gtsd0IoijgZ1++klZ6g
	YF1PaZfUbCQ+BrCTm9m7zowirBkedJOPVfHhT5m1MieB7hLguK61Grr9FfJPeHI39GDEtp4RuwE
	5XcvzCC0C2R6Q5hZ5pInZTt4FHv+S16PPjpEx9XqhigQ1GWwbJksKbJ77ZaN+LqnXz69tkLSCfR
	W9HXnZt9m3qeVD8dv41hM8LAoVpZQnrhxUOAcl7p
X-Received: by 2002:a05:6000:40e1:b0:39c:1257:cd40 with SMTP id ffacd0b85a97d-39eaaedd92dmr8973080f8f.58.1744623063625;
        Mon, 14 Apr 2025 02:31:03 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IF4z5xdOn48M/AyKlQLgj9m9UqjuulYt3IWiu+xsVfJHs+rqY+LRe/fhEz8x6tKivc2+/VYYQ==
X-Received: by 2002:a05:6000:40e1:b0:39c:1257:cd40 with SMTP id ffacd0b85a97d-39eaaedd92dmr8973059f8f.58.1744623063132;
        Mon, 14 Apr 2025 02:31:03 -0700 (PDT)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-39eae9640fdsm10343559f8f.7.2025.04.14.02.31.02
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 14 Apr 2025 02:31:02 -0700 (PDT)
Date: Mon, 14 Apr 2025 11:30:58 +0200
From: Stefano Brivio <sbrivio@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH 1/2] conf: Split add_dns_resolv() into separate IPv4 and
 IPv6 versions
Message-ID: <20250414113058.2886caf5@elisabeth>
In-Reply-To: <Z_xtav84GrpdyKzG@zatzit>
References: <20250411091439.2943014-1-sbrivio@redhat.com>
	<20250411091439.2943014-2-sbrivio@redhat.com>
	<Z_xtav84GrpdyKzG@zatzit>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: evuUqsb26GY1ph3Sfat1ApEmbPmAwJD7_skl-iymKEw_1744623064
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID-Hash: 73VGWT7FQMKIOVQUK7OET6ERVMPNLIZ4
X-Message-ID-Hash: 73VGWT7FQMKIOVQUK7OET6ERVMPNLIZ4
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Andrew Sayers <andrew-bugs.passt.top@pileofstuff.org>, Paul Holzinger <pholzing@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20250414113058.2886caf5@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/73VGWT7FQMKIOVQUK7OET6ERVMPNLIZ4/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Mon, 14 Apr 2025 12:05:30 +1000
David Gibson <david@gibson.dropbear.id.au> wrote:

> On Fri, Apr 11, 2025 at 11:14:38AM +0200, Stefano Brivio wrote:
> > Not really valuable by itself, but dropping one level of nested blocks
> > makes the next change more convenient.
> > 
> > No functional changes intended.
> > 
> > Signed-off-by: Stefano Brivio <sbrivio@redhat.com>  
> 
> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
> 
> Not in scope for this code motion, but I did spot another bug here..
> 
> > ---
> >  conf.c | 101 ++++++++++++++++++++++++++++++++++-----------------------
> >  1 file changed, 60 insertions(+), 41 deletions(-)
> > 
> > diff --git a/conf.c b/conf.c
> > index 168646f..18ed11c 100644
> > --- a/conf.c
> > +++ b/conf.c
> > @@ -414,6 +414,62 @@ static unsigned add_dns6(struct ctx *c, const struct in6_addr *addr,
> >  	return 1;
> >  }
> >  
> > +/**
> > + * add_dns_resolv4() - Possibly add one IPv4 nameserver from host's resolv.conf
> > + * @c:		Execution context
> > + * @ns:		Nameserver address
> > + * @idx:	Pointer to index of current IPv4 resolver entry, set on return
> > + */
> > +static void add_dns_resolv4(struct ctx *c, struct in_addr *ns, unsigned *idx)
> > +{
> > +	if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns_host))
> > +		c->ip4.dns_host = *ns;
> > +
> > +	/* Special handling if guest or container can only access local
> > +	 * addresses via redirect, or if the host gateway is also a resolver and
> > +	 * we shadow its address
> > +	 */
> > +	if (IN4_IS_ADDR_LOOPBACK(ns) ||
> > +	    IN4_ARE_ADDR_EQUAL(ns, &c->ip4.map_host_loopback)) {  
> 
> The second bit here is wrong.  We check if the nameserver address is
> the --map-host-loopback address - meaning we can't use it in the
> guest - then try to use it in the guest anyway.  That path should
> instead return, like the ns == 127.0.0.1 && map_host_loopback ==
> 0.0.0.0 case.

I'm not sure why we can't use the --map-host-loopback address in the
guest. DNS traffic has the priority, right?

Together with 2/2, do you still see an issue?

That is, if there's no --dns-forward and no address maps to a local
resolver, there's no way to reach the local resolver and we return, but
in any other case, I guess we can pick that address.

-- 
Stefano