github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

connlib: add dns routes at tunnel init (#2870)

Browse Source 
Fixes #2853 

Note: it seems that this actually fixes ERR_NETWORK_CHANGED.
This commit is contained in:
Gabi
2023-12-11 16:42:55 -03:00
committed by GitHub
parent 8718cc9245
commit 8d3bdf7d45
2 changed files with 38 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
rust/connlib/tunnel/src/client.rs
View File

@@ -32,6 +32,10 @@ use std::time::Duration;
use tokio::time::Instant;
use webrtc::ice_transport::ice_candidate::RTCIceCandidate;
// Using str here because Ipv4/6Network doesn't support `const` 🙃
const IPV4_RESOURCES: &str = "100.96.0.0/11";
const IPV6_RESOURCES: &str = "fd00:2021:1111:8000::/107";
#[derive(Debug, Clone, Hash, PartialEq, Eq)]
pub struct DnsResource {
pub id: ResourceId,
@@ -117,7 +121,17 @@ where
self.device.store(Some(device.clone()));
self.no_device_waker.wake();
// TODO: the requirement for the DNS_SENTINEL means you NEED ipv4 stack
// we are trying to support ipv4 and ipv6, so we should have an ipv6 dns sentinel
// alternative.
self.add_route(DNS_SENTINEL.into()).await?;
// Note: I'm just assuming this needs to succeed since we already require ipv4 stack due to the dns sentinel
// TODO: change me when we don't require ipv4
self.add_route(IPV4_RESOURCES.parse().unwrap()).await?;
if let Err(e) = self.add_route(IPV6_RESOURCES.parse().unwrap()).await {
tracing::warn!(err = ?e, "ipv6 not supported");
}
self.callbacks.on_tunnel_ready()?;
@@ -595,8 +609,8 @@ impl Default for ClientState {
dns_strategy: Default::default(),
// TODO: decide ip ranges
ip_provider: IpProvider::new(
"100.96.0.0/11".parse().unwrap(),
"fd00:2021:1111:8000::/107".parse().unwrap(),
IPV4_RESOURCES.parse().unwrap(),
IPV6_RESOURCES.parse().unwrap(),
),
dns_resources_internal_ips: Default::default(),
dns_resources: Default::default(),

44
rust/connlib/tunnel/src/control_protocol/client.rs
View File

@@ -272,33 +272,33 @@ where
})
.collect();
let dev = Arc::clone(self);
let ips = addrs.clone();
let resource = resource_description.clone();
tokio::spawn(async move {
for ip in &ips {
if let Err(e) = dev.add_route((*ip).into()).await {
tracing::error!(err = ?e, "add route failed");
}
}
role_state
.dns_resources_internal_ips
.insert(resource_description.clone(), addrs.clone());
if let Some(device) = dev.device.load().as_ref() {
let mut role_state = dev.role_state.lock();
send_dns_answer(&mut role_state, Rtype::Aaaa, device, &resource, &ips);
send_dns_answer(&mut role_state, Rtype::A, device, &resource, &ips);
}
dev.role_state
.lock()
.dns_resources_internal_ips
.insert(resource, ips);
});
let ips: Vec<IpNetwork> = addrs.into_iter().map(Into::into).collect();
let ips: Vec<IpNetwork> = addrs.iter().copied().map(Into::into).collect();
for ip in &ips {
peer.add_allowed_ip(*ip);
}
if let Some(device) = self.device.load().as_ref() {
send_dns_answer(
&mut role_state,
Rtype::Aaaa,
device,
&resource_description,
&addrs,
);
send_dns_answer(
&mut role_state,
Rtype::A,
device,
&resource_description,
&addrs,
);
}
Ok(ips)
}