chore(connlib): be more verbose when probing DNS packets (#6751)

Currently, checking whether a packet is a DNS query has multiple silent
exit paths. This makes it DNS problems difficult to debug because the
packets will be treated as if they have to get routed through the
tunnel.

This is also something we should fix but that isn't done in this PR: If
we know that a packet is for connlib's DNS stub resolver, we should
never route it through the tunnel. Currently, this isn't possible to
express with the type signature of our DNS module and requires more
refactoring.

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>

rust/connlib/tunnel/src/dns.rs

@@ -211,11 +211,21 @@ impl StubResolver {
         dns_mapping: &bimap::BiMap<IpAddr, DnsServer>,
         packet: &IpPacket,
     ) -> Option<ResolveStrategy> {
-        let upstream = dns_mapping.get_by_left(&packet.destination())?.address();
-        let datagram = packet.as_udp()?;
+        let dst = packet.destination();
+        let _guard = tracing::debug_span!("packet", %dst);
+        let upstream = dns_mapping.get_by_left(&dst)?.address();
 
-        // We only support DNS on port 53.
-        if datagram.destination_port() != DNS_PORT {
+        let Some(datagram) = packet.as_udp() else {
+            let protocol = packet.next_header().keyword_str().unwrap_or("unassigned");
+
+            tracing::debug!(%protocol, "DNS is only supported over UDP");
+            return None;
+        };
+
+        let port = datagram.destination_port();
+
+        if port != DNS_PORT {
+            tracing::debug!(%port, "DNS over UDP is only supported on port 53");
             return None;
         }
 

rust/ip-packet/src/lib.rs

@@ -732,7 +732,7 @@ impl<'a> IpPacket<'a> {
         }
     }
 
-    fn next_header(&self) -> IpNumber {
+    pub fn next_header(&self) -> IpNumber {
         match self {
             Self::Ipv4(p) => p.ip_header().protocol(),
             Self::Ipv6(p) => p.header().next_header(),