appc,feature/conn25,net: Add DNS response interception for conn25
The new version of app connector (conn25) needs to read DNS responses for domains it is interested in and store and swap out IP addresses. Add a hook to dns manager to enable this. Give the conn25 updated netmaps so that it knows when to assign connecting addresses and from what pool. Assign an address when we see a DNS response for a domain we are interested in, but don't do anything with the address yet. Updates tailscale/corp#34252 Signed-off-by: Fran Bull <fran@tailscale.com>
This commit is contained in:
Fran Bull
+24
-3
@@ -46,6 +46,11 @@ var (
|
||||
// be running.
|
||||
const maxActiveQueries = 256
|
||||
|
||||
// ResponseMapper is a function that accepts the bytes representing
|
||||
// a DNS response and returns bytes representing a DNS response.
|
||||
// Used to observe and/or mutate DNS responses managed by this manager.
|
||||
type ResponseMapper func([]byte) []byte
|
||||
|
||||
// We use file-ignore below instead of ignore because on some platforms,
|
||||
// the lint exception is necessary and on others it is not,
|
||||
// and plain ignore complains if the exception is unnecessary.
|
||||
@@ -67,8 +72,9 @@ type Manager struct {
|
||||
knobs *controlknobs.Knobs // or nil
|
||||
goos string // if empty, gets set to runtime.GOOS
|
||||
|
||||
mu sync.Mutex // guards following
|
||||
config *Config // Tracks the last viable DNS configuration set by Set. nil on failures other than compilation failures or if set has never been called.
|
||||
mu sync.Mutex // guards following
|
||||
config *Config // Tracks the last viable DNS configuration set by Set. nil on failures other than compilation failures or if set has never been called.
|
||||
queryResponseMapper ResponseMapper
|
||||
}
|
||||
|
||||
// NewManager created a new manager from the given config.
|
||||
@@ -467,7 +473,16 @@ func (m *Manager) Query(ctx context.Context, bs []byte, family string, from neti
|
||||
return nil, errFullQueue
|
||||
}
|
||||
defer atomic.AddInt32(&m.activeQueriesAtomic, -1)
|
||||
return m.resolver.Query(ctx, bs, family, from)
|
||||
outbs, err := m.resolver.Query(ctx, bs, family, from)
|
||||
if err != nil {
|
||||
return outbs, err
|
||||
}
|
||||
m.mu.Lock()
|
||||
defer m.mu.Unlock()
|
||||
if m.queryResponseMapper != nil {
|
||||
outbs = m.queryResponseMapper(outbs)
|
||||
}
|
||||
return outbs, err
|
||||
}
|
||||
|
||||
const (
|
||||
@@ -653,3 +668,9 @@ func CleanUp(logf logger.Logf, netMon *netmon.Monitor, bus *eventbus.Bus, health
|
||||
}
|
||||
|
||||
var metricDNSQueryErrorQueue = clientmetric.NewCounter("dns_query_local_error_queue")
|
||||
|
||||
func (m *Manager) SetQueryResponseMapper(fx ResponseMapper) {
|
||||
m.mu.Lock()
|
||||
defer m.mu.Unlock()
|
||||
m.queryResponseMapper = fx
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user