From e66649a45f0fc024381e600541ce82712580e752 Mon Sep 17 00:00:00 2001 From: Shawn Carey Date: Thu, 1 Aug 2024 15:28:43 -0400 Subject: [PATCH] check for existing hostname/IP when applying intercept address --- tunnel/dns/dummy.go | 5 +++++ tunnel/dns/file.go | 4 ++++ tunnel/dns/refcount.go | 4 ++++ tunnel/dns/resolver.go | 1 + tunnel/dns/server.go | 6 ++++-- tunnel/intercept/iputils.go | 5 +++++ 6 files changed, 23 insertions(+), 2 deletions(-) diff --git a/tunnel/dns/dummy.go b/tunnel/dns/dummy.go index e109ab1ae..f3fd42b04 100644 --- a/tunnel/dns/dummy.go +++ b/tunnel/dns/dummy.go @@ -22,6 +22,11 @@ func (d dummy) Lookup(_ net.IP) (string, error) { return "", nil } +func (d dummy) LookupIP(_ string) (net.IP, bool) { + pfxlog.Logger().Warnf("dummy resolver does not store hostname/ip mappings") + return nil, false +} + func (d dummy) RemoveHostname(_ string) net.IP { return nil } diff --git a/tunnel/dns/file.go b/tunnel/dns/file.go index 6e09cc214..161858665 100644 --- a/tunnel/dns/file.go +++ b/tunnel/dns/file.go @@ -60,6 +60,10 @@ func (h *hostFile) Lookup(_ net.IP) (string, error) { return "", fmt.Errorf("not implemented") } +func (h *hostFile) LookupIP(_ string) (net.IP, bool) { + return nil, false +} + func (h *hostFile) AddHostname(hostname string, ip net.IP) error { h.mutex.Lock() defer h.mutex.Unlock() diff --git a/tunnel/dns/refcount.go b/tunnel/dns/refcount.go index 55b67b4b9..68f085b3d 100644 --- a/tunnel/dns/refcount.go +++ b/tunnel/dns/refcount.go @@ -21,6 +21,10 @@ func (self *RefCountingResolver) Lookup(ip net.IP) (string, error) { return self.wrapped.Lookup(ip) } +func (self *RefCountingResolver) LookupIP(hostname string) (net.IP, bool) { + return self.wrapped.LookupIP(hostname) +} + func (self *RefCountingResolver) AddDomain(name string, cb func(string) (net.IP, error)) error { return self.wrapped.AddDomain(name, cb) } diff --git a/tunnel/dns/resolver.go b/tunnel/dns/resolver.go index d8279b632..0722b7228 100644 --- a/tunnel/dns/resolver.go +++ b/tunnel/dns/resolver.go @@ -22,6 +22,7 @@ type Resolver interface { AddHostname(string, net.IP) error AddDomain(string, func(string) (net.IP, error)) error Lookup(net.IP) (string, error) + LookupIP(string) (net.IP, bool) RemoveHostname(string) net.IP RemoveDomain(string) Cleanup() error diff --git a/tunnel/dns/server.go b/tunnel/dns/server.go index 07c782834..e728d6e07 100644 --- a/tunnel/dns/server.go +++ b/tunnel/dns/server.go @@ -157,7 +157,7 @@ func (r *resolver) testSystemResolver() error { return nil } -func (r *resolver) getHostnameIp(name string) (net.IP, bool) { +func (r *resolver) LookupIP(name string) (net.IP, bool) { r.namesMtx.Lock() defer r.namesMtx.Unlock() canonical := strings.ToLower(name) @@ -166,7 +166,7 @@ func (r *resolver) getHostnameIp(name string) (net.IP, bool) { } func (r *resolver) getAddress(name string) (net.IP, error) { - a, ok := r.getHostnameIp(name) + a, ok := r.LookupIP(name) if ok { return a, nil } @@ -271,6 +271,8 @@ func (r *resolver) AddHostname(hostname string, ip net.IP) error { log.Infof("adding %s = %s to resolver", hostname, ip.String()) r.names[canonical] = ip r.ips[ip.String()] = canonical[0 : len(canonical)-1] // drop the dot + } else { + log.Infof("hostname %s already assigned (%s)", hostname, r.names[canonical]) } return nil diff --git a/tunnel/intercept/iputils.go b/tunnel/intercept/iputils.go index 74888475c..e3f3a1e84 100644 --- a/tunnel/intercept/iputils.go +++ b/tunnel/intercept/iputils.go @@ -82,6 +82,11 @@ func getDnsIp(host string, addrCB func(*net.IPNet, bool), svc *entities.Service, defer dnsCurrentIpMtx.Unlock() var ip netip.Addr + foundIP, found := resolver.LookupIP(host + ".") + if found { + return foundIP, nil + } + // look for returned IPs first if dnsRecycledIps.Len() > 0 { e := dnsRecycledIps.Front()