aboutgitcodebugslistschat
path: root/contrib
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2024-03-15 15:17:08 +0100
committerStefano Brivio <sbrivio@redhat.com>2024-03-18 08:57:40 +0100
commitd989eae308c2ea2032fc91cc04fb02dffe4a4b63 (patch)
tree61f6fb7738b54a5509cf4bf6241017b7be6bcc67 /contrib
parentf919dc7a4b1ced7e80d790a654900415e1d6250e (diff)
downloadpasst-d989eae308c2ea2032fc91cc04fb02dffe4a4b63.tar
passt-d989eae308c2ea2032fc91cc04fb02dffe4a4b63.tar.gz
passt-d989eae308c2ea2032fc91cc04fb02dffe4a4b63.tar.bz2
passt-d989eae308c2ea2032fc91cc04fb02dffe4a4b63.tar.lz
passt-d989eae308c2ea2032fc91cc04fb02dffe4a4b63.tar.xz
passt-d989eae308c2ea2032fc91cc04fb02dffe4a4b63.tar.zst
passt-d989eae308c2ea2032fc91cc04fb02dffe4a4b63.zip
udp: Translate source address of resolver only for DNS remapped queries
Paul reports that if pasta is configured with --dns-forward, and the container queries a resolver which is configured on the host directly, without using the address given for --dns-forward, we'll translate the source address of the response pretending it's coming from the address passed as --dns-forward, and the client will discard the reply. That is, $ cat /etc/resolv.conf 198.51.100.1 $ pasta --config-net --dns-forward 192.0.2.1 nslookup passt.top will not work, because we change the source address of the reply from 198.51.100.1 to 192.0.2.1. But the client contacted 198.51.100.1, and it's from that address that it expects an answer. Add a PORT_DNS_FWD flag for tap-facing ports, which is triggered by activity in the opposite direction as the other flags. If the tap-facing port was seen sending a DNS query that was remapped, we'll remap the source address of the response, otherwise we'll leave it unaffected. Reported-by: Paul Holzinger <pholzing@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'contrib')
0 files changed, 0 insertions, 0 deletions