From 585e2146ba0200dc2daacc8c4b1ebad908996f99 Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Tue, 13 Aug 2024 22:22:46 +0100 Subject: [PATCH] test(connlib): drop DNS queries to CIDR resources for pending connections (#6273) In #6259, we added a regression test for concurrent DNS queries. A case that we overlooked is that when DNS servers are defined as CIDR resources, the queries themselves will act as connection intents and thus dropped until we have a connection. In the tests, the connection is only established as part of `advance`. Thus, if we get multiple concurrent DNS queries to the same server that is defined as a CIDR resource, we need to drop all future queries. Fixes: #6283. --------- Signed-off-by: Thomas Eizinger --- .../tunnel/proptest-regressions/tests.txt | 2 + rust/connlib/tunnel/src/tests/reference.rs | 105 +++++++++--------- rust/connlib/tunnel/src/tests/sim_client.rs | 28 +++-- 3 files changed, 72 insertions(+), 63 deletions(-) diff --git a/rust/connlib/tunnel/proptest-regressions/tests.txt b/rust/connlib/tunnel/proptest-regressions/tests.txt index de264490f..49132957a 100644 --- a/rust/connlib/tunnel/proptest-regressions/tests.txt +++ b/rust/connlib/tunnel/proptest-regressions/tests.txt @@ -72,4 +72,6 @@ cc 843cbb96a856f7e26453a87237f25f52ab3f6295913e9df98dc181e78ce99e80 # shrinks to cc 8401d631b474d28e3f973f25976655dc96f0172a04ffab01c75ac503c26c2b6a # shrinks to (initial_state, transitions, seen_counter) = (ReferenceState { client: Host { inner: RefClient { id: BBBA8EC56CB4800F797D7353A9BF4089, key: PrivateKey("4ef09f873b91c67a753ff3ca8c0fd0397d2ed8f179312132faec6f8efeb18a11"), known_hosts: {"jxiahu.jag.pnomnu": [::ffff:127.0.0.1, 1102:bd92:a6f2:9773:47c1:523a:b826:a074], "djv.mxi": [203.84.178.67, 127.0.0.1, ::ffff:216.40.168.125, 216.152.104.207], "udbe.udmy": [2f58:ab6d:c388:ee52:1fa4:4ddd:b925:f640, 229.94.202.183, ::ffff:26.134.64.26], "xrm.ymzt": [76.114.214.247]}, tunnel_ip4: 100.64.0.1, tunnel_ip6: fd00:2021:1111::, system_dns_resolvers: [], upstream_dns_resolvers: [], internet_resource: None, connected_internet_resources: false }, ip4: None, ip6: Some(2001:db80::1a), default_port: 51731, latency: 158ms }, gateways: {3553CE2C61489F1A5D4FD3E1089028B: Host { inner: RefGateway { key: PrivateKey("51c654a42e12dec7b91a4b9f1887e54e8cbc9fda7a7b7d51e8b47a774084f37f") }, ip4: Some(203.0.113.39), ip6: Some(2001:db80::27), default_port: 55481, latency: 125ms }}, relays: {5E7ABF3217D430D726A2C600418A1A3F: Host { inner: 9616558491995176700, ip4: Some(203.0.113.1), ip6: Some(2001:db80::f), default_port: 3478, latency: 46ms }}, dns_servers: {2C4443AA5C14843D2D097CC4B56497CB: Host { inner: RefDns, ip4: Some(46.126.240.92), ip6: None, default_port: 53, latency: 20ms }, 2D695A14A47CBB27230679531DDA3B14: Host { inner: RefDns, ip4: None, ip6: Some(42df:a972:e71d:212d:642d:44ce:d4b:d534), default_port: 53, latency: 16ms }, 51BF2FE98151FAA5ED3CA77965347591: Host { inner: RefDns, ip4: Some(10.142.30.218), ip6: None, default_port: 53, latency: 42ms }, A8E0F24BE8D9075489CF2029E20F0756: Host { inner: RefDns, ip4: None, ip6: Some(341c:5bb0:ccea:4dca:6735:31bf:5e2c:199c), default_port: 53, latency: 38ms }, B6294BAEEA62CA9BE8A518166DC966D5: Host { inner: RefDns, ip4: Some(115.121.196.179), ip6: None, default_port: 53, latency: 47ms }}, portal: StubPortal { gateways_by_site: {DBBB9EB385303F5A349749928D27C10D: {3553CE2C61489F1A5D4FD3E1089028B}}, cidr_resources: {FAB388824F64C98183140AEC27D669CA: ResourceDescriptionCidr { id: FAB388824F64C98183140AEC27D669CA, address: V4(Ipv4Network { network_address: 165.56.19.160, netmask: 31 }), name: "hrlunqnvpp", address_description: Some("rnfxryqxrt"), sites: [Site { id: DBBB9EB385303F5A349749928D27C10D, name: "genbgrac" }] }, EF940837F90F1AAC541B883E200E6F65: ResourceDescriptionCidr { id: EF940837F90F1AAC541B883E200E6F65, address: V4(Ipv4Network { network_address: 221.41.62.216, netmask: 29 }), name: "mjyih", address_description: None, sites: [Site { id: DBBB9EB385303F5A349749928D27C10D, name: "genbgrac" }] }, 1671E9F3E7E1C5E4692341B60249E3D2: ResourceDescriptionCidr { id: 1671E9F3E7E1C5E4692341B60249E3D2, address: V6(Ipv6Network { network_address: ::ffff:70.14.76.148, netmask: 126 }), name: "syvbfsz", address_description: Some("wujsq"), sites: [Site { id: DBBB9EB385303F5A349749928D27C10D, name: "genbgrac" }] }, 1A2BDF0DFF7DFA086CA00A7171608C7A: ResourceDescriptionCidr { id: 1A2BDF0DFF7DFA086CA00A7171608C7A, address: V6(Ipv6Network { network_address: ::ffff:119.247.112.232, netmask: 128 }), name: "mnajuo", address_description: None, sites: [Site { id: DBBB9EB385303F5A349749928D27C10D, name: "genbgrac" }] }}, dns_resources: {4C904E2717F937D8B7666C6E8832C707: ResourceDescriptionDns { id: 4C904E2717F937D8B7666C6E8832C707, address: "imr.fttgdi", name: "whlt", address_description: Some("hcazliwhs"), sites: [Site { id: DBBB9EB385303F5A349749928D27C10D, name: "genbgrac" }] }, 891F8FBE85CD961CCDE27EFA890AE67C: ResourceDescriptionDns { id: 891F8FBE85CD961CCDE27EFA890AE67C, address: "*.pkjhw.xure.cevw", name: "wmhyste", address_description: Some("zlholbmbwc"), sites: [Site { id: DBBB9EB385303F5A349749928D27C10D, name: "genbgrac" }] }, 9FB7FE5492992539972DFD03B3E78F03: ResourceDescriptionDns { id: 9FB7FE5492992539972DFD03B3E78F03, address: "?.vttg.ttrim", name: "uwhgkch", address_description: Some("kcxwhppoe"), sites: [Site { id: DBBB9EB385303F5A349749928D27C10D, name: "genbgrac" }] }}, internet_resource: ResourceDescriptionInternet { id: 16713BB212AA807D85C7A9C4F669E6A, sites: [Site { id: DBBB9EB385303F5A349749928D27C10D, name: "genbgrac" }] } }, drop_direct_client_traffic: true, global_dns_records: {Name(ildka.apev.pkjhw.xure.cevw.): {198.51.100.153}, Name(ablfe.ppzmzu.pkjhw.xure.cevw.): {198.51.100.125, 198.51.100.249}, Name(vmmqh.pkjhw.xure.cevw.): {198.51.100.48}, Name(imr.fttgdi.): {2001:db80::c7}, Name(uwg.vttg.ttrim.): {2001:db80::b8, 198.51.100.125}}, network: RoutingTable { routes: {(V4(Ipv4Network { network_address: 10.142.30.218, netmask: 32 }), DnsServer(51BF2FE98151FAA5ED3CA77965347591)), (V4(Ipv4Network { network_address: 46.126.240.92, netmask: 32 }), DnsServer(2C4443AA5C14843D2D097CC4B56497CB)), (V4(Ipv4Network { network_address: 115.121.196.179, netmask: 32 }), DnsServer(B6294BAEEA62CA9BE8A518166DC966D5)), (V4(Ipv4Network { network_address: 203.0.113.1, netmask: 32 }), Relay(5E7ABF3217D430D726A2C600418A1A3F)), (V4(Ipv4Network { network_address: 203.0.113.39, netmask: 32 }), Gateway(3553CE2C61489F1A5D4FD3E1089028B)), (V6(Ipv6Network { network_address: 2001:db80::f, netmask: 128 }), Relay(5E7ABF3217D430D726A2C600418A1A3F)), (V6(Ipv6Network { network_address: 2001:db80::1a, netmask: 128 }), Client(BBBA8EC56CB4800F797D7353A9BF4089)), (V6(Ipv6Network { network_address: 2001:db80::27, netmask: 128 }), Gateway(3553CE2C61489F1A5D4FD3E1089028B)), (V6(Ipv6Network { network_address: 341c:5bb0:ccea:4dca:6735:31bf:5e2c:199c, netmask: 128 }), DnsServer(A8E0F24BE8D9075489CF2029E20F0756)), (V6(Ipv6Network { network_address: 42df:a972:e71d:212d:642d:44ce:d4b:d534, netmask: 128 }), DnsServer(2D695A14A47CBB27230679531DDA3B14))} } }, [UpdateUpstreamDnsServers([[42df:a972:e71d:212d:642d:44ce:d4b:d534]:53, 10.142.30.218:53, [341c:5bb0:ccea:4dca:6735:31bf:5e2c:199c]:53, 115.121.196.179:53]), SendDnsQueries([DnsQuery { domain: Name(ildka.apev.pkjhw.xure.cevw.), r_type: Rtype::A, query_id: 4, dns_server: [341c:5bb0:ccea:4dca:6735:31bf:5e2c:199c]:53 }, DnsQuery { domain: Name(imr.fttgdi.), r_type: Rtype::A, query_id: 4, dns_server: [42df:a972:e71d:212d:642d:44ce:d4b:d534]:53 }])], None) cc 8a2f0fb8b3cf3ed7f34785109dbacba971e17b964302890b675b3ff09838e97c # shrinks to (initial_state, transitions, seen_counter) = (ReferenceState { client: Host { inner: RefClient { id: 0, key: PrivateKey("0000000000000000000000000000000000000000000000000000000000000000"), known_hosts: {}, tunnel_ip4: 100.64.0.1, tunnel_ip6: fd00:2021:1111::, system_dns_resolvers: [], upstream_dns_resolvers: [], internet_resource: None, connected_internet_resources: false }, ip4: None, ip6: Some(2001:db80::), default_port: 5717, latency: 180ms }, gateways: {534ADE3F0F99E8400B5253D68996A815: Host { inner: RefGateway { key: PrivateKey("30dc4e2bce8d7005f107577c287f990afc2f0752283681dee22975496fca2aac") }, ip4: Some(203.0.113.23), ip6: Some(2001:db80::48), default_port: 41078, latency: 100ms }, 70FE7AE04267BF1E0AA65EF09678626E: Host { inner: RefGateway { key: PrivateKey("a931ec3e6061a2d8db9145cb74f08263c26b58cc7b5d9ec83cdb9f45ae4aae0a") }, ip4: Some(203.0.113.15), ip6: Some(2001:db80::f), default_port: 19084, latency: 43ms }, 93850805802D02DA8E9F561D77D56D6F: Host { inner: RefGateway { key: PrivateKey("6873cc29df2c418d37c026cc8a41d3219380ee39625e7bf147548abfa015651a") }, ip4: Some(203.0.113.18), ip6: Some(2001:db80::1a), default_port: 35050, latency: 67ms }}, relays: {56BF0E174DB67D2C5996479E3A8A0B7E: Host { inner: 5622247811497803818, ip4: Some(203.0.113.6), ip6: Some(2001:db80::2e), default_port: 3478, latency: 39ms }, 6AB5E36202EE1B6CCAD467FFB18B8159: Host { inner: 17860725346760208071, ip4: Some(203.0.113.22), ip6: Some(2001:db80::50), default_port: 3478, latency: 34ms }}, dns_servers: {C955E9C1C00D8A9439CDAFCB83BBD24: Host { inner: RefDns, ip4: None, ip6: Some(::ffff:237.12.160.223), default_port: 53, latency: 31ms }, 1A78BB58B6E75FE0826AE3F1D227E41A: Host { inner: RefDns, ip4: Some(127.0.0.1), ip6: None, default_port: 53, latency: 12ms }, D292098057ED2B99923B716B70143C38: Host { inner: RefDns, ip4: Some(158.164.138.20), ip6: None, default_port: 53, latency: 32ms }, E35F961A5D6416D6831432D23625A11F: Host { inner: RefDns, ip4: None, ip6: Some(7cc8:573c:88a4:538b:c9e9:b3e3:f03c:8444), default_port: 53, latency: 23ms }, E799AD3182C9D3264463CA8BC5F20DA4: Host { inner: RefDns, ip4: None, ip6: Some(44cd:bd13:bb0d:8b90:e890:def3:1e73:1f62), default_port: 53, latency: 31ms }}, portal: StubPortal { gateways_by_site: {A5B29219FAD139C63FF7521849550CFF: {70FE7AE04267BF1E0AA65EF09678626E}, 5A072B13B9FCCD16D9B78F40B5AE7A02: {93850805802D02DA8E9F561D77D56D6F, 534ADE3F0F99E8400B5253D68996A815}}, cidr_resources: {1F443B50ECE1BE46EA2E0651C242F61: ResourceDescriptionCidr { id: 1F443B50ECE1BE46EA2E0651C242F61, address: V6(Ipv6Network { network_address: 5b54:51eb:6cb0:c88b:a127:b13e:36c8:c320, netmask: 124 }), name: "khpwgwqhqu", address_description: None, sites: [Site { id: A5B29219FAD139C63FF7521849550CFF, name: "jakbna" }] }}, dns_resources: {8BDE94FF19788F78C1A7B83A01007048: ResourceDescriptionDns { id: 8BDE94FF19788F78C1A7B83A01007048, address: "*.flxlcb.emxnr", name: "wlibt", address_description: Some("bwsaetj"), sites: [Site { id: A5B29219FAD139C63FF7521849550CFF, name: "jakbna" }] }, B0930333704D49DA37EF4E4378D19364: ResourceDescriptionDns { id: B0930333704D49DA37EF4E4378D19364, address: "jyv.beaqyx.ecgt", name: "lbsncepkn", address_description: Some("edqho"), sites: [Site { id: 5A072B13B9FCCD16D9B78F40B5AE7A02, name: "qqghfdkbog" }] }, 1D82CB95181F28CAA2E8F9CB6CAA9B06: ResourceDescriptionDns { id: 1D82CB95181F28CAA2E8F9CB6CAA9B06, address: "?.jbgqpl.ghzw.gkswsd", name: "uqstzlzdcf", address_description: None, sites: [Site { id: A5B29219FAD139C63FF7521849550CFF, name: "jakbna" }] }, 6FD48B67F855F236FCD18C1EB00CF1F3: ResourceDescriptionDns { id: 6FD48B67F855F236FCD18C1EB00CF1F3, address: "?.pnvk.eul.uccoe", name: "epwmnweigx", address_description: Some("llrqv"), sites: [Site { id: A5B29219FAD139C63FF7521849550CFF, name: "jakbna" }] }}, internet_resource: ResourceDescriptionInternet { id: E69B34C28067FD36373E2133E313B3EA, sites: [Site { id: 5A072B13B9FCCD16D9B78F40B5AE7A02, name: "qqghfdkbog" }] } }, drop_direct_client_traffic: true, global_dns_records: {Name(eeda.sgb.cmfutt.): {0.0.0.0, 5031:3078:5e76:92e9:e665:878f:b19f:b9e8, 127.0.0.1, 178.244.211.134, 6a34:d2c3:3fda:807b:dd7d:b730:2872:30dd}, Name(jyv.beaqyx.ecgt.): {2001:db80::c4}, Name(kgkcck.cxodol.flxlcb.emxnr.): {198.51.100.56, 198.51.100.43, 198.51.100.5, 198.51.100.102, 2001:db80::e2}, Name(euva.flxlcb.emxnr.): {198.51.100.206}, Name(olzxgj.xca.flxlcb.emxnr.): {2001:db80::f9, 198.51.100.5, 198.51.100.182, 2001:db80::5e}, Name(lzg.jbgqpl.ghzw.gkswsd.): {198.51.100.167, 198.51.100.13, 2001:db80::70, 2001:db80::60}, Name(ftnx.pnvk.eul.uccoe.): {198.51.100.215, 198.51.100.246, 198.51.100.227}, Name(lpqt.pnvk.eul.uccoe.): {2001:db80::a2, 198.51.100.78, 2001:db80::61, 2001:db80::1f, 2001:db80::24}, Name(mjde.ums.): {::ffff:174.2.141.73, 127.0.0.1}}, network: RoutingTable { routes: {(V4(Ipv4Network { network_address: 127.0.0.1, netmask: 32 }), DnsServer(1A78BB58B6E75FE0826AE3F1D227E41A)), (V4(Ipv4Network { network_address: 158.164.138.20, netmask: 32 }), DnsServer(D292098057ED2B99923B716B70143C38)), (V4(Ipv4Network { network_address: 203.0.113.6, netmask: 32 }), Relay(56BF0E174DB67D2C5996479E3A8A0B7E)), (V4(Ipv4Network { network_address: 203.0.113.15, netmask: 32 }), Gateway(70FE7AE04267BF1E0AA65EF09678626E)), (V4(Ipv4Network { network_address: 203.0.113.18, netmask: 32 }), Gateway(93850805802D02DA8E9F561D77D56D6F)), (V4(Ipv4Network { network_address: 203.0.113.22, netmask: 32 }), Relay(6AB5E36202EE1B6CCAD467FFB18B8159)), (V4(Ipv4Network { network_address: 203.0.113.23, netmask: 32 }), Gateway(534ADE3F0F99E8400B5253D68996A815)), (V6(Ipv6Network { network_address: ::ffff:237.12.160.223, netmask: 128 }), DnsServer(C955E9C1C00D8A9439CDAFCB83BBD24)), (V6(Ipv6Network { network_address: 2001:db80::, netmask: 128 }), Client(0)), (V6(Ipv6Network { network_address: 2001:db80::f, netmask: 128 }), Gateway(70FE7AE04267BF1E0AA65EF09678626E)), (V6(Ipv6Network { network_address: 2001:db80::1a, netmask: 128 }), Gateway(93850805802D02DA8E9F561D77D56D6F)), (V6(Ipv6Network { network_address: 2001:db80::2e, netmask: 128 }), Relay(56BF0E174DB67D2C5996479E3A8A0B7E)), (V6(Ipv6Network { network_address: 2001:db80::48, netmask: 128 }), Gateway(534ADE3F0F99E8400B5253D68996A815)), (V6(Ipv6Network { network_address: 2001:db80::50, netmask: 128 }), Relay(6AB5E36202EE1B6CCAD467FFB18B8159)), (V6(Ipv6Network { network_address: 44cd:bd13:bb0d:8b90:e890:def3:1e73:1f62, netmask: 128 }), DnsServer(E799AD3182C9D3264463CA8BC5F20DA4)), (V6(Ipv6Network { network_address: 7cc8:573c:88a4:538b:c9e9:b3e3:f03c:8444, netmask: 128 }), DnsServer(E35F961A5D6416D6831432D23625A11F))} } }, [UpdateSystemDnsServers([7cc8:573c:88a4:538b:c9e9:b3e3:f03c:8444, 44cd:bd13:bb0d:8b90:e890:def3:1e73:1f62]), SendDnsQueries([DnsQuery { domain: Name(eeda.sgb.cmfutt.), r_type: Rtype::A, query_id: 0, dns_server: [44cd:bd13:bb0d:8b90:e890:def3:1e73:1f62]:53 }]), UpdateUpstreamDnsServers([127.0.0.1:53, [44cd:bd13:bb0d:8b90:e890:def3:1e73:1f62]:53])], None) cc 40d8dea79bdce732cacdfd9e36c630d988c83eafade97b580f62aae242163874 # shrinks to (initial_state, transitions, seen_counter) = (ReferenceState { client: Host { inner: RefClient { id: 0, key: PrivateKey("0000000000000000000000000000000000000000000000000000000000000000"), known_hosts: {}, tunnel_ip4: 100.64.0.1, tunnel_ip6: fd00:2021:1111::, system_dns_resolvers: [], upstream_dns_resolvers: [], internet_resource: None, connected_internet_resources: false }, ip4: None, ip6: Some(2001:db80::2), default_port: 56049, latency: 115ms }, gateways: {1974452972ECAEDF5F9F25917A706F67: Host { inner: RefGateway { key: PrivateKey("58186f0ec3815105fdfe5a94f9fa4abb5b2510a8d5f355e0c4af63105e8de754") }, ip4: Some(203.0.113.25), ip6: Some(2001:db80::1), default_port: 47641, latency: 144ms }, C731442BF741907286729D18BFE81C0E: Host { inner: RefGateway { key: PrivateKey("6b0b78ddea80bd33d3ae3387c760cc0bc4078a3c2d3a0e62cff76a44e6f34fce") }, ip4: Some(203.0.113.46), ip6: Some(2001:db80::55), default_port: 16491, latency: 119ms }, C841AE62A115B33B210FF58EB41EEF52: Host { inner: RefGateway { key: PrivateKey("038dc348b2b1261bfd0950ce4ea1b7a00675b865462b9071edd20c8fb236b2ea") }, ip4: Some(203.0.113.83), ip6: Some(2001:db80::39), default_port: 42482, latency: 91ms }}, relays: {1EDE5BE7024889F16A2F64012D05CE3F: Host { inner: 11079292618449803764, ip4: Some(203.0.113.27), ip6: Some(2001:db80::2b), default_port: 3478, latency: 37ms }, 51462E7B1B20EFABEE667A18A1DA1DE2: Host { inner: 5494380713677350642, ip4: Some(203.0.113.93), ip6: Some(2001:db80::10), default_port: 3478, latency: 42ms }}, dns_servers: {3A894DE879F84BBAA6441EFC7621D080: Host { inner: RefDns, ip4: Some(50.66.239.149), ip6: None, default_port: 53, latency: 37ms }, 7EDC7AA998B0620C819A1F02C616FA72: Host { inner: RefDns, ip4: None, ip6: Some(::ffff:83.25.17.133), default_port: 53, latency: 11ms }, B0626949290B3A2A3405E6BECCA47A7D: Host { inner: RefDns, ip4: None, ip6: Some(::ffff:127.0.0.1), default_port: 53, latency: 33ms }, C0BCB79BF210B07AD9BC7F169048951E: Host { inner: RefDns, ip4: Some(31.84.175.190), ip6: None, default_port: 53, latency: 12ms }, D03AF4C28AC7F1DFD178D92F36D02377: Host { inner: RefDns, ip4: None, ip6: Some(b467:9004:a86c:132d:93d:c051:ffc0:735f), default_port: 53, latency: 33ms }, E47DF3C12929CD86EB838FAADDEE21A6: Host { inner: RefDns, ip4: Some(115.129.164.87), ip6: None, default_port: 53, latency: 26ms }}, portal: StubPortal { gateways_by_site: {293E4C57A9A8E205151F3AAAB58494E4: {C731442BF741907286729D18BFE81C0E, C841AE62A115B33B210FF58EB41EEF52, 1974452972ECAEDF5F9F25917A706F67}}, cidr_resources: {3901CB004ECB008E6D692BFA0107F539: ResourceDescriptionCidr { id: 3901CB004ECB008E6D692BFA0107F539, address: V4(Ipv4Network { network_address: 127.0.0.0, netmask: 27 }), name: "emxbv", address_description: None, sites: [Site { id: 293E4C57A9A8E205151F3AAAB58494E4, name: "kqipaju" }] }, CCB85B55F337F41A81A0991E7C25D78B: ResourceDescriptionCidr { id: CCB85B55F337F41A81A0991E7C25D78B, address: V4(Ipv4Network { network_address: 0.0.0.0, netmask: 30 }), name: "dgirzjyzl", address_description: None, sites: [Site { id: 293E4C57A9A8E205151F3AAAB58494E4, name: "kqipaju" }] }, 3B7546748CE2C09D90870CCFBF5CF28D: ResourceDescriptionCidr { id: 3B7546748CE2C09D90870CCFBF5CF28D, address: V6(Ipv6Network { network_address: ::ffff:127.0.0.0, netmask: 125 }), name: "pjznhn", address_description: Some("bpxzjv"), sites: [Site { id: 293E4C57A9A8E205151F3AAAB58494E4, name: "kqipaju" }] }}, dns_resources: {D0FEBF1A3F948C21EB2C210A85CCD333: ResourceDescriptionDns { id: D0FEBF1A3F948C21EB2C210A85CCD333, address: "rcta.pkap.omd", name: "xqecvnpzo", address_description: Some("dydzjd"), sites: [Site { id: 293E4C57A9A8E205151F3AAAB58494E4, name: "kqipaju" }] }, 93D03C399A7C0B55F1A5CAD7CF352AAD: ResourceDescriptionDns { id: 93D03C399A7C0B55F1A5CAD7CF352AAD, address: "kqdgbr.tirkb.mhh", name: "aultnlprq", address_description: Some("toqixrejvb"), sites: [Site { id: 293E4C57A9A8E205151F3AAAB58494E4, name: "kqipaju" }] }}, internet_resource: ResourceDescriptionInternet { id: C619D2106DB40A591845456ABAE36E36, sites: [Site { id: 293E4C57A9A8E205151F3AAAB58494E4, name: "kqipaju" }] } }, drop_direct_client_traffic: false, global_dns_records: {Name(kqdgbr.tirkb.mhh.): {2001:db80::44, 2001:db80::1e}, Name(rcta.pkap.omd.): {198.51.100.64}, Name(jmpcf.ntrt.rts.): {::ffff:127.0.0.1, 46.5.106.226, 127.0.0.1}, Name(aczs.zvcate.snl.): {::ffff:179.212.51.85, 17.1.21.218, ::ffff:17.217.123.114, 288c:8f45:78:ca47:d9ed:be0e:2147:23c9}}, network: RoutingTable { routes: {(V4(Ipv4Network { network_address: 31.84.175.190, netmask: 32 }), DnsServer(C0BCB79BF210B07AD9BC7F169048951E)), (V4(Ipv4Network { network_address: 50.66.239.149, netmask: 32 }), DnsServer(3A894DE879F84BBAA6441EFC7621D080)), (V4(Ipv4Network { network_address: 115.129.164.87, netmask: 32 }), DnsServer(E47DF3C12929CD86EB838FAADDEE21A6)), (V4(Ipv4Network { network_address: 203.0.113.25, netmask: 32 }), Gateway(1974452972ECAEDF5F9F25917A706F67)), (V4(Ipv4Network { network_address: 203.0.113.27, netmask: 32 }), Relay(1EDE5BE7024889F16A2F64012D05CE3F)), (V4(Ipv4Network { network_address: 203.0.113.46, netmask: 32 }), Gateway(C731442BF741907286729D18BFE81C0E)), (V4(Ipv4Network { network_address: 203.0.113.83, netmask: 32 }), Gateway(C841AE62A115B33B210FF58EB41EEF52)), (V4(Ipv4Network { network_address: 203.0.113.93, netmask: 32 }), Relay(51462E7B1B20EFABEE667A18A1DA1DE2)), (V6(Ipv6Network { network_address: ::ffff:83.25.17.133, netmask: 128 }), DnsServer(7EDC7AA998B0620C819A1F02C616FA72)), (V6(Ipv6Network { network_address: ::ffff:127.0.0.1, netmask: 128 }), DnsServer(B0626949290B3A2A3405E6BECCA47A7D)), (V6(Ipv6Network { network_address: 2001:db80::1, netmask: 128 }), Gateway(1974452972ECAEDF5F9F25917A706F67)), (V6(Ipv6Network { network_address: 2001:db80::2, netmask: 128 }), Client(0)), (V6(Ipv6Network { network_address: 2001:db80::10, netmask: 128 }), Relay(51462E7B1B20EFABEE667A18A1DA1DE2)), (V6(Ipv6Network { network_address: 2001:db80::2b, netmask: 128 }), Relay(1EDE5BE7024889F16A2F64012D05CE3F)), (V6(Ipv6Network { network_address: 2001:db80::39, netmask: 128 }), Gateway(C841AE62A115B33B210FF58EB41EEF52)), (V6(Ipv6Network { network_address: 2001:db80::55, netmask: 128 }), Gateway(C731442BF741907286729D18BFE81C0E)), (V6(Ipv6Network { network_address: b467:9004:a86c:132d:93d:c051:ffc0:735f, netmask: 128 }), DnsServer(D03AF4C28AC7F1DFD178D92F36D02377))} } }, [UpdateUpstreamDnsServers([[::ffff:127.0.0.1]:53, 31.84.175.190:53, 115.129.164.87:53]), ActivateResource(Cidr(ResourceDescriptionCidr { id: 3B7546748CE2C09D90870CCFBF5CF28D, address: V6(Ipv6Network { network_address: ::ffff:127.0.0.0, netmask: 125 }), name: "pjznhn", address_description: Some("bpxzjv"), sites: [Site { id: 293E4C57A9A8E205151F3AAAB58494E4, name: "kqipaju" }] })), SendDnsQueries([DnsQuery { domain: Name(kqdgbr.tirkb.mhh.), r_type: Rtype::A, query_id: 0, dns_server: [::ffff:127.0.0.1]:53 }, DnsQuery { domain: Name(rcta.pkap.omd.), r_type: Rtype::A, query_id: 0, dns_server: [::ffff:127.0.0.1]:53 }])], None) +cc 4c68063d59ec9f783eaf23d2398e4fc74d1da3b4b3dba0f38c2a867079878d7c +cc 62bc168a511fbce3ff97f448a37bc7817dc0e22d61cc32c00fd6563bdfe4de90 cc ada50b62702f5a45ccea7553bd3daec01dc8df68c6ac8e2b4c996aba8c2cc3fe # shrinks to (initial_state, transitions, seen_counter) = (ReferenceState { client: Host { inner: RefClient { id: dc8a73db-d5f0-8f52-1788-0c5e72c84396, key: PrivateKey("b46da29dea3ee64cf3664c345dd8e1bed782cca9d587cf5eb17b0b52464bcef3"), known_hosts: {"jcvitg.whlpej.zljie": [127.0.0.1, ::ffff:87.239.113.41, ::ffff:115.241.51.176, c35a:3aa1:eb11:a5b5:8619:3e9a:c901:db34, ::ffff:219.198.95.80], "xlqw.kmrje": [127.0.0.1], "jroor.tuylf": [::ffff:227.45.177.110, 84.159.66.9, 182.123.195.168], "wtlzbd.xqzq": [161.225.212.2, 215.122.229.43], "spkuio.rbbm.uznge": [::ffff:6.159.237.48, ::ffff:166.8.177.72, 107.200.82.124, 127.0.0.1], "fmgj.meu.qzxfac": [98.219.249.233], "bvd.muan.tzt": [196.215.184.87], "pgwfpy.jos": [208.113.155.18, ::ffff:218.26.85.128, 5ed7:e9d2:270b:32f6:d3ef:c596:b1ea:e1b4, 210.213.21.227, ::ffff:18.178.67.22], "edev.vnsq": [::ffff:148.116.182.172, 113.13.126.243, ::ffff:62.168.107.87], "eye.kzkstg": [18.95.222.165], "nbrik.fgxqmv": [127.0.0.1, 402a:746e:c873:3f0f:cc26:af15:7dbe:ef9], "poogly.eltfsg.nspolz": [::ffff:120.213.144.213], "qvry.qzm.dedlwv": [127.0.0.1, 4ef1:be01:aa22:e836:69d8:5c5:3da3:1303, 148.101.60.102], "rsm.mrtfm": [127.0.0.1, ::ffff:127.0.0.1, 3bf3:2833:c1e5:e83c:a7:df8e:ea3f:ef27, 43.152.18.47, 182.1.104.202]}, tunnel_ip4: 100.64.0.1, tunnel_ip6: fd00:2021:1111::, system_dns_resolvers: [], upstream_dns_resolvers: [], internet_resource: None, connected_internet_resources: false }, ip4: None, ip6: Some(2001:db80::50), default_port: 56423, latency: 55ms }, gateways: {2ae98600-98b3-31c0-4147-4259845bf99c: Host { inner: RefGateway { key: PrivateKey("2b00c11ec80ab31bc5562a1fb716b24a04f56a7323356931dbf90e349e0302a5") }, ip4: Some(203.0.113.65), ip6: Some(2001:db80::1d), default_port: 2920, latency: 143ms }, 5d7859c3-64a9-e31f-6c49-3b6f146cdd75: Host { inner: RefGateway { key: PrivateKey("678ac080974b9ad05daa5e6b6e54e40991524202e0472d382b36b3aad49811ff") }, ip4: Some(203.0.113.55), ip6: Some(2001:db80::4a), default_port: 4933, latency: 32ms }, 5ed1105d-d018-a297-381f-df413ffc3084: Host { inner: RefGateway { key: PrivateKey("4c14cafd007561f2a03c2980ad4d18e4569d9fc997fb8682c97e4a4e87f3abd1") }, ip4: Some(203.0.113.75), ip6: Some(2001:db80::24), default_port: 30205, latency: 12ms }, 7133f342-b285-8e6e-5561-94f2ae0ce87a: Host { inner: RefGateway { key: PrivateKey("d51894cf0d72af0c55d31f6035714512ec27dd02399cf8ad88c1e1efe246d7fc") }, ip4: Some(203.0.113.60), ip6: Some(2001:db80::56), default_port: 20102, latency: 81ms }, b5585630-ea18-a747-738e-8be18742760b: Host { inner: RefGateway { key: PrivateKey("e9bd635f398b7966458408449d5831684d595b7a4d6bcdca6f52a2e530e75524") }, ip4: Some(203.0.113.42), ip6: Some(2001:db80::12), default_port: 50449, latency: 149ms }, ba48d9d3-d97b-2eb6-01ed-bbe83c9539b7: Host { inner: RefGateway { key: PrivateKey("7b392515fb0e64ca5ddf4fc74e3b2525f8ea887a604a234ebf58eafe1d4a8cb1") }, ip4: Some(203.0.113.30), ip6: Some(2001:db80::2e), default_port: 25808, latency: 52ms }, ce891cf6-81b7-2ff3-80f1-1f181029a6ab: Host { inner: RefGateway { key: PrivateKey("894e06cea1189477c50a5106dbfc3ccabce2aa01cb6e1d4a90d054f6f1f22f6a") }, ip4: Some(203.0.113.94), ip6: Some(2001:db80::5d), default_port: 63862, latency: 158ms }, f31f800f-54bb-ac45-fed1-8563410864fc: Host { inner: RefGateway { key: PrivateKey("c7063177e13717ba7aac987ec2ea94383ce9932efc26a6ef546e933a8eea59e8") }, ip4: Some(203.0.113.1), ip6: Some(2001:db80::3b), default_port: 51573, latency: 29ms }}, relays: {69b4ffe2-2cfd-f7cf-6435-6e9ded200d6a: Host { inner: 5423086251555565693, ip4: Some(203.0.113.61), ip6: Some(2001:db80::43), default_port: 3478, latency: 14ms }}, dns_servers: {78EAE2BD02F70DA85B217BF2E512DC76: Host { inner: RefDns, ip4: Some(0.0.0.0), ip6: None, default_port: 53, latency: 11ms }, AE19C141EF292BB87FCEFD7060F4C83E: Host { inner: RefDns, ip4: Some(127.0.0.1), ip6: None, default_port: 53, latency: 19ms }, C4D39B871E6D0183C780C44D4992F0E1: Host { inner: RefDns, ip4: None, ip6: Some(::ffff:243.22.7.182), default_port: 53, latency: 28ms }}, portal: StubPortal { gateways_by_site: {afcc7b10-ccf7-9add-c7b5-3555e0be5e7e: {5d7859c3-64a9-e31f-6c49-3b6f146cdd75, 2ae98600-98b3-31c0-4147-4259845bf99c, b5585630-ea18-a747-738e-8be18742760b}, dcfbe3cb-d0fe-38bd-8421-ac52c742bc07: {7133f342-b285-8e6e-5561-94f2ae0ce87a, f31f800f-54bb-ac45-fed1-8563410864fc}, 52326a79-16e9-8420-672a-05a41081cb73: {ba48d9d3-d97b-2eb6-01ed-bbe83c9539b7, ce891cf6-81b7-2ff3-80f1-1f181029a6ab, 5ed1105d-d018-a297-381f-df413ffc3084}}, cidr_resources: {207a49a8-7fba-6069-a00d-f05eb9a5d535: ResourceDescriptionCidr { id: 207a49a8-7fba-6069-a00d-f05eb9a5d535, address: V6(Ipv6Network { network_address: ::ffff:127.0.0.0, netmask: 124 }), name: "ebexyx", address_description: Some("doiakr"), sites: [Site { id: dcfbe3cb-d0fe-38bd-8421-ac52c742bc07, name: "fkojz" }] }, 6e31d543-0fc4-1ec0-81b7-adf6f9b3c43d: ResourceDescriptionCidr { id: 6e31d543-0fc4-1ec0-81b7-adf6f9b3c43d, address: V6(Ipv6Network { network_address: ::ffff:168.12.32.132, netmask: 127 }), name: "rqxkruttci", address_description: Some("bobx"), sites: [Site { id: afcc7b10-ccf7-9add-c7b5-3555e0be5e7e, name: "mxmvrsaj" }] }, fc68f7da-804a-eaa0-cb54-b84dde1e89cc: ResourceDescriptionCidr { id: fc68f7da-804a-eaa0-cb54-b84dde1e89cc, address: V4(Ipv4Network { network_address: 157.223.39.255, netmask: 32 }), name: "syffivavzf", address_description: Some("hgkpgljneh"), sites: [Site { id: 52326a79-16e9-8420-672a-05a41081cb73, name: "xvmdsrrhv" }] }}, dns_resources: {099ae5da-e893-e8d0-8255-dbc3dcab2d64: ResourceDescriptionDns { id: 099ae5da-e893-e8d0-8255-dbc3dcab2d64, address: "*.anqgwm.zaixud.hgsrgh", name: "xupszi", address_description: Some("xbtb"), sites: [Site { id: dcfbe3cb-d0fe-38bd-8421-ac52c742bc07, name: "fkojz" }] }, bcf6e567-d34a-0974-414a-d81d2a784b38: ResourceDescriptionDns { id: bcf6e567-d34a-0974-414a-d81d2a784b38, address: "*.stw.dms.jxowkf", name: "dmwemcvb", address_description: Some("zyktynzt"), sites: [Site { id: dcfbe3cb-d0fe-38bd-8421-ac52c742bc07, name: "fkojz" }] }, a6cef25d-7c9b-10be-c1e2-8c8768b91a82: ResourceDescriptionDns { id: a6cef25d-7c9b-10be-c1e2-8c8768b91a82, address: "*.lkc.xvjc.qbyct", name: "xngldtyv", address_description: Some("xjwhxsso"), sites: [Site { id: dcfbe3cb-d0fe-38bd-8421-ac52c742bc07, name: "fkojz" }] }, 2f0bfb28-e584-2ce6-3d14-e807b4b4e2c6: ResourceDescriptionDns { id: 2f0bfb28-e584-2ce6-3d14-e807b4b4e2c6, address: "*.scwvgv.zgukyq", name: "quaf", address_description: Some("sestdmgp"), sites: [Site { id: afcc7b10-ccf7-9add-c7b5-3555e0be5e7e, name: "mxmvrsaj" }] }}, internet_resource: ResourceDescriptionInternet { id: 4f31b98b-1bf0-5a89-7071-c27e004ff434, sites: [Site { id: afcc7b10-ccf7-9add-c7b5-3555e0be5e7e, name: "mxmvrsaj" }] } }, drop_direct_client_traffic: true, global_dns_records: {Name(nxano.anqgwm.zaixud.hgsrgh.): {2001:db80::7f, 2001:db80::95, 2001:db80::52}, Name(ouyhdo.adklj.stw.dms.jxowkf.): {2001:db80::11}, Name(ubcw.stw.dms.jxowkf.): {2001:db80::e0, 2001:db80::98, 2001:db80::d1}, Name(urdg.stw.dms.jxowkf.): {2001:db80::a}, Name(hqyhg.nfi.): {::ffff:127.0.0.1, ::ffff:214.191.54.144, 251.54.106.18, 141.125.54.18}, Name(syvrsu.cnb.lkc.xvjc.qbyct.): {2001:db80::e1, 198.51.100.111, 2001:db80::c7, 2001:db80::46, 198.51.100.230}, Name(wybkgg.qisco.lkc.xvjc.qbyct.): {198.51.100.80, 198.51.100.231}, Name(rrnurp.lkc.xvjc.qbyct.): {198.51.100.48, 2001:db80::2d, 198.51.100.45, 2001:db80::af, 198.51.100.250}, Name(jipha.trhm.): {::ffff:127.0.0.1, 127.0.0.1, 89.131.140.177}, Name(epd.ziazts.scwvgv.zgukyq.): {2001:db80::55}}, network: RoutingTable { routes: {(V4(Ipv4Network { network_address: 0.0.0.0, netmask: 32 }), DnsServer(78EAE2BD02F70DA85B217BF2E512DC76)), (V4(Ipv4Network { network_address: 127.0.0.1, netmask: 32 }), DnsServer(AE19C141EF292BB87FCEFD7060F4C83E)), (V4(Ipv4Network { network_address: 203.0.113.1, netmask: 32 }), Gateway(f31f800f-54bb-ac45-fed1-8563410864fc)), (V4(Ipv4Network { network_address: 203.0.113.30, netmask: 32 }), Gateway(ba48d9d3-d97b-2eb6-01ed-bbe83c9539b7)), (V4(Ipv4Network { network_address: 203.0.113.42, netmask: 32 }), Gateway(b5585630-ea18-a747-738e-8be18742760b)), (V4(Ipv4Network { network_address: 203.0.113.55, netmask: 32 }), Gateway(5d7859c3-64a9-e31f-6c49-3b6f146cdd75)), (V4(Ipv4Network { network_address: 203.0.113.60, netmask: 32 }), Gateway(7133f342-b285-8e6e-5561-94f2ae0ce87a)), (V4(Ipv4Network { network_address: 203.0.113.61, netmask: 32 }), Relay(69b4ffe2-2cfd-f7cf-6435-6e9ded200d6a)), (V4(Ipv4Network { network_address: 203.0.113.65, netmask: 32 }), Gateway(2ae98600-98b3-31c0-4147-4259845bf99c)), (V4(Ipv4Network { network_address: 203.0.113.75, netmask: 32 }), Gateway(5ed1105d-d018-a297-381f-df413ffc3084)), (V4(Ipv4Network { network_address: 203.0.113.94, netmask: 32 }), Gateway(ce891cf6-81b7-2ff3-80f1-1f181029a6ab)), (V6(Ipv6Network { network_address: ::ffff:243.22.7.182, netmask: 128 }), DnsServer(C4D39B871E6D0183C780C44D4992F0E1)), (V6(Ipv6Network { network_address: 2001:db80::12, netmask: 128 }), Gateway(b5585630-ea18-a747-738e-8be18742760b)), (V6(Ipv6Network { network_address: 2001:db80::1d, netmask: 128 }), Gateway(2ae98600-98b3-31c0-4147-4259845bf99c)), (V6(Ipv6Network { network_address: 2001:db80::24, netmask: 128 }), Gateway(5ed1105d-d018-a297-381f-df413ffc3084)), (V6(Ipv6Network { network_address: 2001:db80::2e, netmask: 128 }), Gateway(ba48d9d3-d97b-2eb6-01ed-bbe83c9539b7)), (V6(Ipv6Network { network_address: 2001:db80::3b, netmask: 128 }), Gateway(f31f800f-54bb-ac45-fed1-8563410864fc)), (V6(Ipv6Network { network_address: 2001:db80::43, netmask: 128 }), Relay(69b4ffe2-2cfd-f7cf-6435-6e9ded200d6a)), (V6(Ipv6Network { network_address: 2001:db80::4a, netmask: 128 }), Gateway(5d7859c3-64a9-e31f-6c49-3b6f146cdd75)), (V6(Ipv6Network { network_address: 2001:db80::50, netmask: 128 }), Client(dc8a73db-d5f0-8f52-1788-0c5e72c84396)), (V6(Ipv6Network { network_address: 2001:db80::56, netmask: 128 }), Gateway(7133f342-b285-8e6e-5561-94f2ae0ce87a)), (V6(Ipv6Network { network_address: 2001:db80::5d, netmask: 128 }), Gateway(ce891cf6-81b7-2ff3-80f1-1f181029a6ab))} } }, [ActivateResource(Cidr(ResourceDescriptionCidr { id: 6e31d543-0fc4-1ec0-81b7-adf6f9b3c43d, address: V6(Ipv6Network { network_address: ::ffff:168.12.32.132, netmask: 127 }), name: "rqxkruttci", address_description: Some("bobx"), sites: [Site { id: afcc7b10-ccf7-9add-c7b5-3555e0be5e7e, name: "mxmvrsaj" }] })), SendICMPPacketToCidrResource { src: fd00:2021:1111::, dst: ::ffff:168.12.32.132, seq: 0, identifier: 0 }, UpdateSystemDnsServers([]), UpdateSystemDnsServers([]), Idle, Idle, SendICMPPacketToCidrResource { src: fd00:2021:1111::, dst: ::ffff:168.12.32.132, seq: 0, identifier: 0 }, SendICMPPacketToCidrResource { src: fd00:2021:1111::, dst: ::ffff:168.12.32.132, seq: 87, identifier: 11969 }], None) diff --git a/rust/connlib/tunnel/src/tests/reference.rs b/rust/connlib/tunnel/src/tests/reference.rs index 33692a5d1..a8d71db88 100644 --- a/rust/connlib/tunnel/src/tests/reference.rs +++ b/rust/connlib/tunnel/src/tests/reference.rs @@ -320,42 +320,42 @@ impl ReferenceStateMachine for ReferenceState { } }), Transition::SendDnsQueries(queries) => { - for DnsQuery { - domain, - r_type, - dns_server, - query_id, - } in queries - { - match state + let mut pending_connections = HashSet::new(); + + for query in queries { + // Queries to known hosts are always successful. + if state .client .inner() - .dns_query_via_cidr_resource(dns_server.ip(), domain) + .is_known_host(&query.domain.to_string()) { - Some(resource) - if !state.client.inner().is_connected_to_cidr(resource) - && !state.client.inner().upstream_dns_resolvers.is_empty() - && !state.client.inner().is_known_host(&domain.to_string()) => - { - state.client.exec_mut(|client| { - client.connected_cidr_resources.insert(resource) - }); - } - Some(_) | None => { - state.client.exec_mut(|client| { - client - .dns_records - .entry(domain.clone()) - .or_default() - .insert(*r_type) - }); - state.client.exec_mut(|client| { - client - .expected_dns_handshakes - .push_back((*dns_server, *query_id)) - }); - } + state.client.exec_mut(|client| client.on_dns_query(query)); + continue; } + + // Check if we the DNS server is defined as a CIDR resource. + let Some(resource) = state.client.inner().dns_query_via_cidr_resource(query) + else { + // Not a CIDR resource, process normally. + state.client.exec_mut(|client| client.on_dns_query(query)); + continue; + }; + + if pending_connections.contains(&resource) { + // DNS server is a CIDR resource and a previous query of this batch is already triggering a connection. + // That connection isn't ready yet so further queries to the same resource are dropped until then. + continue; + } + + if !state.client.inner().is_connected_to_cidr(resource) { + state + .client + .exec_mut(|client| client.connected_cidr_resources.insert(resource)); + pending_connections.insert(resource); + continue; + } + + state.client.exec_mut(|client| client.on_dns_query(query)); } } Transition::SendICMPPacketToNonResourceIp { @@ -537,23 +537,19 @@ impl ReferenceStateMachine for ReferenceState { .iter() .any(|dns_server| state.client.sending_socket_for(dns_server.ip()).is_some()) } - Transition::SendDnsQueries(queries) => queries.iter().all( - |DnsQuery { - domain, dns_server, .. - }| { - let has_socket_for_server = - state.client.sending_socket_for(dns_server.ip()).is_some(); - let is_known_domain = state.global_dns_records.contains_key(domain); - let has_dns_server = state - .client - .inner() - .expected_dns_servers() - .contains(dns_server); - let gateway_is_present_in_case_dns_server_is_cidr_resource = match state - .client - .inner() - .dns_query_via_cidr_resource(dns_server.ip(), domain) - { + Transition::SendDnsQueries(queries) => queries.iter().all(|query| { + let has_socket_for_server = state + .client + .sending_socket_for(query.dns_server.ip()) + .is_some(); + let is_known_domain = state.global_dns_records.contains_key(&query.domain); + let has_dns_server = state + .client + .inner() + .expected_dns_servers() + .contains(&query.dns_server); + let gateway_is_present_in_case_dns_server_is_cidr_resource = + match state.client.inner().dns_query_via_cidr_resource(query) { Some(r) => { let Some(gateway) = state.portal.gateway_for_resource(r) else { return false; @@ -564,12 +560,11 @@ impl ReferenceStateMachine for ReferenceState { None => true, }; - has_socket_for_server - && is_known_domain - && has_dns_server - && gateway_is_present_in_case_dns_server_is_cidr_resource - }, - ), + has_socket_for_server + && is_known_domain + && has_dns_server + && gateway_is_present_in_case_dns_server_is_cidr_resource + }), Transition::RoamClient { ip4, ip6, port } => { // In production, we always rebind to a new port so we never roam to our old existing IP / port combination. diff --git a/rust/connlib/tunnel/src/tests/sim_client.rs b/rust/connlib/tunnel/src/tests/sim_client.rs index 82c0ac040..ff9b4fef8 100644 --- a/rust/connlib/tunnel/src/tests/sim_client.rs +++ b/rust/connlib/tunnel/src/tests/sim_client.rs @@ -3,6 +3,7 @@ use super::{ sim_net::{any_ip_stack, any_port, host, Host}, sim_relay::{map_explode, SimRelay}, strategies::latency, + transition::DnsQuery, IcmpIdentifier, IcmpSeq, QueryId, }; use crate::{proptest::*, ClientState}; @@ -462,6 +463,16 @@ impl RefClient { } } + pub(crate) fn on_dns_query(&mut self, query: &DnsQuery) { + self.dns_records + .entry(query.domain.clone()) + .or_default() + .insert(query.r_type); + + self.expected_dns_handshakes + .push_back((query.dns_server, query.query_id)); + } + pub(crate) fn ipv4_cidr_resource_dsts(&self) -> Vec { self.cidr_resources .iter_ipv4() @@ -601,17 +612,18 @@ impl RefClient { /// Returns the CIDR resource we will forward the DNS query for the given name to. /// /// DNS servers may be resources, in which case queries that need to be forwarded actually need to be encapsulated. - pub(crate) fn dns_query_via_cidr_resource( - &self, - dns_server: IpAddr, - domain: &DomainName, - ) -> Option { - // If we are querying a DNS resource, we will issue a connection intent to the DNS resource, not the CIDR resource. - if self.dns_resource_by_domain(domain).is_some() { + pub(crate) fn dns_query_via_cidr_resource(&self, query: &DnsQuery) -> Option { + // Unless we are using upstream resolvers, DNS queries are never routed through the tunnel. + if self.upstream_dns_resolvers.is_empty() { return None; } - self.cidr_resource_by_ip(dns_server) + // If we are querying a DNS resource, we will issue a connection intent to the DNS resource, not the CIDR resource. + if self.dns_resource_by_domain(&query.domain).is_some() { + return None; + } + + self.cidr_resource_by_ip(query.dns_server.ip()) } pub(crate) fn all_resource_ids(&self) -> Vec {