From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id B19F45A026A for ; Mon, 27 Feb 2023 14:29:57 +0100 (CET) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4PQLvg5y5Kz4xDv; Tue, 28 Feb 2023 00:29:51 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1677504591; bh=BScs5JczDox4QXzWpD/8ZnqiXdwz9QSz87ZfYw7HKeg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=afmu5fcYblhulx+YvfbF9AfalOeFrYXf9QjZ3EwZOBFc05Dz67okXPFJd7ncGENTT 9QcAMGCdENX72MsQ4sigkUM44zcSW8YLPEhVYmdDapP5E+Zkw2Q8IWLhyykleZNr3c K3OZ4gNVbl21aqUdPpcz3Y6IExmd+6OjQPXiNBuY= Date: Mon, 27 Feb 2023 23:07:31 +1100 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH 3/3] conf, udp: Allow any loopback address to be used as resolver Message-ID: References: <20230223170800.3888094-1-sbrivio@redhat.com> <20230223170800.3888094-4-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="T0lmnq/RUackzlzv" Content-Disposition: inline In-Reply-To: <20230223170800.3888094-4-sbrivio@redhat.com> Message-ID-Hash: KDCXTC43W4CV4JEL25BAIIWJ4GE2A7FZ X-Message-ID-Hash: KDCXTC43W4CV4JEL25BAIIWJ4GE2A7FZ X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Andrea Bolognani X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --T0lmnq/RUackzlzv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 23, 2023 at 06:08:00PM +0100, Stefano Brivio wrote: > Andrea reports that with a Fedora 37 guest running on a Fedora 37 > host, both using systemd-resolved, with passt connecting them, > running with default options, DNS queries don't work. >=20 > systemd-resolved on the host is reachable only at the loopback > address 127.0.0.53. >=20 > We advertise the default gateway address to the guest as resolver, > because our local address is of course unreachable from there, which > means we see DNS queries directed to the default gateway, and we > redirect them to 127.0.0.1. However, systemd-resolved doesn't answer > on 127.0.0.1. >=20 > To fix this, set @dns_match to the address of the default gateway, > unless a different resolver address is explicitly configured, so that > we know we explicitly have to map DNS queries, in this case, to the > address of the local resolver. >=20 > This means that in udp_tap_handler() we need to check, first, if > the destination address of packets matches @dns_match: even if it's > the address of the local gateway, we want to map that to a specific > address, which isn't necessarily 127.0.0.1. >=20 > Do the same for IPv6 for consistency, even though IPv6 defines a > single loopback address. >=20 > Reported-by: Andrea Bolognani > Signed-off-by: Stefano Brivio Reviewed-by: David Gibson > --- > conf.c | 6 ++++++ > udp.c | 20 ++++++++++---------- > 2 files changed, 16 insertions(+), 10 deletions(-) >=20 > diff --git a/conf.c b/conf.c > index ed25e35..37f25d6 100644 > --- a/conf.c > +++ b/conf.c > @@ -395,6 +395,9 @@ static void add_dns4(struct ctx *c, struct in_addr *a= ddr, struct in_addr **conf) > if (!c->no_map_gw) { > **conf =3D c->ip4.gw; > (*conf)++; > + > + if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns_match)) > + c->ip4.dns_match =3D c->ip4.gw; > } > } else { > **conf =3D *addr; > @@ -419,6 +422,9 @@ static void add_dns6(struct ctx *c, > if (!c->no_map_gw) { > memcpy(*conf, &c->ip6.gw, sizeof(**conf)); > (*conf)++; > + > + if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns_match)) > + memcpy(&c->ip6.dns_match, addr, sizeof(*addr)); > } > } else { > memcpy(*conf, addr, sizeof(**conf)); > diff --git a/udp.c b/udp.c > index 1d65559..20a9ea0 100644 > --- a/udp.c > +++ b/udp.c > @@ -857,17 +857,16 @@ int udp_tap_handler(struct ctx *c, int af, const vo= id *addr, > =20 > udp_tap_map[V4][src].ts =3D now->tv_sec; > =20 > - if (IN4_ARE_ADDR_EQUAL(&s_in.sin_addr, &c->ip4.gw) && > - !c->no_map_gw) { > + if (IN4_ARE_ADDR_EQUAL(&s_in.sin_addr, &c->ip4.dns_match) && > + ntohs(s_in.sin_port) =3D=3D 53) { > + s_in.sin_addr =3D c->ip4.dns_host; > + } else if (IN4_ARE_ADDR_EQUAL(&s_in.sin_addr, &c->ip4.gw) && > + !c->no_map_gw) { > if (!(udp_tap_map[V4][dst].flags & PORT_LOCAL) || > (udp_tap_map[V4][dst].flags & PORT_LOOPBACK)) > s_in.sin_addr.s_addr =3D htonl(INADDR_LOOPBACK); > else > s_in.sin_addr =3D c->ip4.addr_seen; > - } else if (IN4_ARE_ADDR_EQUAL(&s_in.sin_addr, > - &c->ip4.dns_match) && > - ntohs(s_in.sin_port) =3D=3D 53) { > - s_in.sin_addr =3D c->ip4.dns_host; > } > } else { > s_in6 =3D (struct sockaddr_in6) { > @@ -880,7 +879,11 @@ int udp_tap_handler(struct ctx *c, int af, const voi= d *addr, > sa =3D (struct sockaddr *)&s_in6; > sl =3D sizeof(s_in6); > =20 > - if (IN6_ARE_ADDR_EQUAL(addr, &c->ip6.gw) && !c->no_map_gw) { > + if (IN6_ARE_ADDR_EQUAL(addr, &c->ip6.dns_match) && > + ntohs(s_in6.sin6_port) =3D=3D 53) { > + s_in6.sin6_addr =3D c->ip6.dns_host; > + } else if (IN6_ARE_ADDR_EQUAL(addr, &c->ip6.gw) && > + !c->no_map_gw) { > if (!(udp_tap_map[V6][dst].flags & PORT_LOCAL) || > (udp_tap_map[V6][dst].flags & PORT_LOOPBACK)) > s_in6.sin6_addr =3D in6addr_loopback; > @@ -888,9 +891,6 @@ int udp_tap_handler(struct ctx *c, int af, const void= *addr, > s_in6.sin6_addr =3D c->ip6.addr; > else > s_in6.sin6_addr =3D c->ip6.addr_seen; > - } else if (IN6_ARE_ADDR_EQUAL(addr, &c->ip6.dns_match) && > - ntohs(s_in6.sin6_port) =3D=3D 53) { > - s_in6.sin6_addr =3D c->ip6.dns_host; > } else if (IN6_IS_ADDR_LINKLOCAL(&s_in6.sin6_addr)) { > bind_addr =3D &c->ip6.addr_ll; > } --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --T0lmnq/RUackzlzv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmP8nP0ACgkQzQJF27ox 2GdfsBAAqXaL3NRKZ/MskjaoiRoBK8TJ2cJEzMLKAkEYl8U4DDBkCHcyKmlZ8orV is5IEt275oegiTmgZWkCdhzJRUdXIu+wyOZYDa1DgpIIzAz6/nd+mKRrGXuKQtt6 OWh6ZSkjdPgsayKW/cRj8EaTOtifSs7zt3zGH3gZgel9qwhdwzmdM2WxN7VewrYC V4MM8xM2vaDzDMBHY2gH8RrlRmTO2+2kNAwZjGE0xLd9oziCNI97GXEgeFwIbvxK zAp2pNlNC4A4JdGfrMuX+AUVMEGb6YaX8HgQAD13eH67d0qHN0PFBYncjerKFUse u2hSfnkOAWL4mT7C6RYkBxNFcbw+4X4bT2xJAXseCCT3N1LypxZyH5yS6TiZ9shu ASGoK3tOXhTfn6GaRgvbKT9PMvHg9Mbo37x8uuHmqQ5cw71iML1YrXpxjtzG5M/G pZq2w4ibALAfgSjt5RZ5qqG9XKyWGm1D2Ue/hAs60CZyf5UbxB251KfggjB2Jhz0 h3hTfNRM9d8Mv+De4NKIypeUQoeOEvOTJuVn4l68ApH4XFUK+E97KMl4tSNYPmCt igXLRTdplvtpTP7pMppOK7w3/URYHMR44scyN5VwdeZNp6iel3FrXKQ8RQmop6cO 8VmNAKBR9yCwaU985ojM/6OfaM7TtHAwtCMukpikObLpif17tVw= =XOaQ -----END PGP SIGNATURE----- --T0lmnq/RUackzlzv--