From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 1FF225A0276 for ; Fri, 8 Mar 2024 02:17:22 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1709860635; bh=ebVBW+DaARIBtztINTls/m/jauw6QCLWtDQS8s8nC48=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=mwzdcpYRta/2wvF3UDM13OlcZv9cB5YgrswV7Md3tqu5y53OJjTfvYFdRcKO8FF7D znscl0cL3BgA1iXm5dS/7/ilU6GQaUrWUTZ//BZh4b3KIOvBEcP72xflHqs+lKzxER matuLfc8klWIiZ/SBrcIgaUGWxMjCK9xdHmKo59hruxk/j6ubuT9Zr9gjtRPSZGUYR JW4kN/ecfe/jLSc2h0fcr6qvmbmeWnCxvO1tDUOzGz++1qHqjxqBiOmbh6ypPVuyyA uhYerB9RsKFpL7y2XL3TWBDnZVSZztsGV2IEP4W2a4Oxe8LQTO6oRQjYjgjpTauhoQ kbXnpXiy3O14w== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4TrSvH4PCrz4wc9; Fri, 8 Mar 2024 12:17:15 +1100 (AEDT) Date: Fri, 8 Mar 2024 12:17:13 +1100 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH] conf: Don't warn if nameservers were found, but won't be advertised Message-ID: References: <20240307232551.1828628-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tpbWCO9TmPmIP/Wv" Content-Disposition: inline In-Reply-To: <20240307232551.1828628-1-sbrivio@redhat.com> Message-ID-Hash: EVYFK2QEBNJR4MF2ZETAXYX7LIY5RSZW X-Message-ID-Hash: EVYFK2QEBNJR4MF2ZETAXYX7LIY5RSZW X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Paul Holzinger X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --tpbWCO9TmPmIP/Wv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 08, 2024 at 12:25:51AM +0100, Stefano Brivio wrote: > Starting from commit 3a2afde87dd1 ("conf, udp: Drop mostly duplicated > dns_send arrays, rename related fields"), we won't add to c->ip4.dns > and c->ip6.dns nameservers that can't be used by the guest or > container, and we won't advertise them. >=20 > However, the fact that we don't advertise any nameserver doesn't mean > that we didn't find any, and we should warn only if we couldn't find > any. >=20 > This is particularly relevant in case both --dns-forward and > --no-map-gw are passed, and a single loopback address is listed in > /etc/resolv.conf: we'll forward queries directed to the address > specified by --dns-forward to the loopback address we found, we > won't advertise that address, so we shouldn't warn: this is a > perfectly legitimate usage. >=20 > Reported-by: Paul Holzinger > Link: https://github.com/containers/podman/issues/19213 > Fixes: 3a2afde87dd1 ("conf, udp: Drop mostly duplicated dns_send arrays, = rename related fields") > Signed-off-by: Stefano Brivio I don't think this is quite the right fix. It makes sense *when* --dns-forward is specified. However if --dns-forward is *not* specified, then having only localhost resolvers on the host side means we really do have nothing the guest can use. So I think we need to make the behaviour explicitly conditional on the dns_match variable. Possibly by making add_dns[46]() accept localhost addresses if (dns_match && no_map_gw)? > --- > conf.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) >=20 > diff --git a/conf.c b/conf.c > index 4a783b8..c50c039 100644 > --- a/conf.c > +++ b/conf.c > @@ -399,6 +399,7 @@ static void get_dns(struct ctx *c) > int dns4_set, dns6_set, dnss_set, dns_set, fd; > struct fqdn *s =3D c->dns_search; > struct lineread resolvconf; > + unsigned int added =3D 0; > char *line, *end; > const char *p; > int line_len; > @@ -427,13 +428,17 @@ static void get_dns(struct ctx *c) > =20 > if (!dns4_set && > dns4 - &c->ip4.dns[0] < ARRAY_SIZE(c->ip4.dns) - 1 > - && inet_pton(AF_INET, p + 1, &dns4_tmp)) > + && inet_pton(AF_INET, p + 1, &dns4_tmp)) { > add_dns4(c, &dns4_tmp, &dns4); > + added++; > + } > =20 > if (!dns6_set && > dns6 - &c->ip6.dns[0] < ARRAY_SIZE(c->ip6.dns) - 1 > - && inet_pton(AF_INET6, p + 1, &dns6_tmp)) > + && inet_pton(AF_INET6, p + 1, &dns6_tmp)) { > add_dns6(c, &dns6_tmp, &dns6); > + added++; > + } > } else if (!dnss_set && strstr(line, "search ") =3D=3D line && > s =3D=3D c->dns_search) { > end =3D strpbrk(line, "\n"); > @@ -459,7 +464,7 @@ static void get_dns(struct ctx *c) > close(fd); > =20 > out: > - if (!dns_set && dns4 =3D=3D c->ip4.dns && dns6 =3D=3D c->ip6.dns) > + if (!dns_set && !added) > warn("Couldn't get any nameserver address"); > } > =20 --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --tpbWCO9TmPmIP/Wv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmXqZxgACgkQzQJF27ox 2Ge3bBAAl6tKVU2C/Wr+Nd/FuDB8qw8V6Fyr1jzOZu+Jckq0JyPEj2RngQxqVQVa o2oNEMRliJXbGvfh2fWYb1I4O9IxHYBYUW36UHH3IB7vaYr904UajlDRWXINn/7Z Q5D9G1H6HZVw2iXB4gR/aYVOfpbcSRbeQTsLByyRs2lgm8s9AKMXvr3lzlro0d+m DPlBA1Z0AWWCtM9vR0rpsMqqXgZ8Od51F1xTsIW6QOrI0zcukzRWu5wuCYHW0Rx1 miSKEwPlL2870lj0DV072o0BkJwIwA0qrQAaGU1BrL2LFwGJZfV6Fifu+J9gAM4A YkwBspZexnAMjlKpJcUD7eq1Xq0tW4j9Zt/hWRJDxN8bdIxpfPKJ7q5pnBTGmUx1 Kbz8KnrToew6t7ElRupLssBDlgz3JQmjGDZllidfhprZomiaAfxZMvfH06BhZdQr 4Tq0cPacP4JAofOxhBd0CCEKS9iDkXlRXJ5cHjfW0cvHLiMk4bYXQ7rQBHwneNBI FHRJjXv6zvhJQhVfVyqU8AwWMD+sURdMm+nFwBeUpnOPci5DpzSEvCYABBNyfdE5 5B1Aykx1EM8eaxDSEh9LB9dGzahmavCo7Z1ZR7NwB/6V2XIx0LCeFxCboyCDHPj3 sLz4UKE2BRmYGro5R4GhD8CxVKyRkf7UMtL2p5f/geGNPRa/5Xg= =vi4B -----END PGP SIGNATURE----- --tpbWCO9TmPmIP/Wv--