net/dns: don't use interfaces.Tailscale to find the tailscale interface index.

interfaces.Tailscale only returns an interface if it has at least one Tailscale
IP assigned to it. In the resolved DNS manager, when we're called upon to tear
down DNS config, the interface no longer has IPs.

Instead, look up the interface index on construction and reuse it throughout
the daemon lifecycle.

Fixes #1892.

Signed-off-by: David Anderson <dave@natulte.net>
(cherry picked from commit cfde99769907b75621cabd271e4a0559659e3a21)
This commit is contained in:
David Anderson 2021-05-10 15:05:29 -07:00
parent 04d015abbf
commit 38a83e937f
2 changed files with 21 additions and 32 deletions

View File

@ -57,12 +57,12 @@ func NewOSConfigurator(logf logger.Logf, interfaceName string) (ret OSConfigurat
} }
if err := dbusPing("org.freedesktop.NetworkManager", "/org/freedesktop/NetworkManager/DnsManager"); err != nil { if err := dbusPing("org.freedesktop.NetworkManager", "/org/freedesktop/NetworkManager/DnsManager"); err != nil {
dbg("nm", "no") dbg("nm", "no")
return newResolvedManager(logf) return newResolvedManager(logf, interfaceName)
} }
dbg("nm", "yes") dbg("nm", "yes")
if err := nmIsUsingResolved(); err != nil { if err := nmIsUsingResolved(); err != nil {
dbg("nm-resolved", "no") dbg("nm-resolved", "no")
return newResolvedManager(logf) return newResolvedManager(logf, interfaceName)
} }
dbg("nm-resolved", "yes") dbg("nm-resolved", "yes")
@ -90,7 +90,7 @@ func NewOSConfigurator(logf logger.Logf, interfaceName string) (ret OSConfigurat
return newNMManager(interfaceName) return newNMManager(interfaceName)
} }
dbg("nm-old", "no") dbg("nm-old", "no")
return newResolvedManager(logf) return newResolvedManager(logf, interfaceName)
case "resolvconf": case "resolvconf":
dbg("rc", "resolvconf") dbg("rc", "resolvconf")
if err := resolvconfSourceIsNM(bs); err == nil { if err := resolvconfSourceIsNM(bs); err == nil {

View File

@ -12,11 +12,11 @@
"context" "context"
"errors" "errors"
"fmt" "fmt"
"net"
"github.com/godbus/dbus/v5" "github.com/godbus/dbus/v5"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
"inet.af/netaddr" "inet.af/netaddr"
"tailscale.com/net/interfaces"
"tailscale.com/types/logger" "tailscale.com/types/logger"
"tailscale.com/util/dnsname" "tailscale.com/util/dnsname"
) )
@ -85,17 +85,24 @@ func isResolvedActive() bool {
// resolvedManager uses the systemd-resolved DBus API. // resolvedManager uses the systemd-resolved DBus API.
type resolvedManager struct { type resolvedManager struct {
logf logger.Logf logf logger.Logf
ifidx int
resolved dbus.BusObject resolved dbus.BusObject
} }
func newResolvedManager(logf logger.Logf) (*resolvedManager, error) { func newResolvedManager(logf logger.Logf, interfaceName string) (*resolvedManager, error) {
conn, err := dbus.SystemBus() conn, err := dbus.SystemBus()
if err != nil { if err != nil {
return nil, err return nil, err
} }
iface, err := net.InterfaceByName(interfaceName)
if err != nil {
return nil, err
}
return &resolvedManager{ return &resolvedManager{
logf: logf, logf: logf,
ifidx: iface.Index,
resolved: conn.Object("org.freedesktop.resolve1", dbus.ObjectPath("/org/freedesktop/resolve1")), resolved: conn.Object("org.freedesktop.resolve1", dbus.ObjectPath("/org/freedesktop/resolve1")),
}, nil }, nil
} }
@ -105,16 +112,6 @@ func (m *resolvedManager) SetDNS(config OSConfig) error {
ctx, cancel := context.WithTimeout(context.Background(), reconfigTimeout) ctx, cancel := context.WithTimeout(context.Background(), reconfigTimeout)
defer cancel() defer cancel()
// In principle, we could persist this in the manager struct
// if we knew that interface indices are persistent. This does not seem to be the case.
_, iface, err := interfaces.Tailscale()
if err != nil {
return fmt.Errorf("getting interface index: %w", err)
}
if iface == nil {
return errNotReady
}
var linkNameservers = make([]resolvedLinkNameserver, len(config.Nameservers)) var linkNameservers = make([]resolvedLinkNameserver, len(config.Nameservers))
for i, server := range config.Nameservers { for i, server := range config.Nameservers {
ip := server.As16() ip := server.As16()
@ -131,9 +128,9 @@ func (m *resolvedManager) SetDNS(config OSConfig) error {
} }
} }
err = m.resolved.CallWithContext( err := m.resolved.CallWithContext(
ctx, "org.freedesktop.resolve1.Manager.SetLinkDNS", 0, ctx, "org.freedesktop.resolve1.Manager.SetLinkDNS", 0,
iface.Index, linkNameservers, m.ifidx, linkNameservers,
).Store() ).Store()
if err != nil { if err != nil {
return fmt.Errorf("setLinkDNS: %w", err) return fmt.Errorf("setLinkDNS: %w", err)
@ -174,13 +171,13 @@ func (m *resolvedManager) SetDNS(config OSConfig) error {
err = m.resolved.CallWithContext( err = m.resolved.CallWithContext(
ctx, "org.freedesktop.resolve1.Manager.SetLinkDomains", 0, ctx, "org.freedesktop.resolve1.Manager.SetLinkDomains", 0,
iface.Index, linkDomains, m.ifidx, linkDomains,
).Store() ).Store()
if err != nil { if err != nil {
return fmt.Errorf("setLinkDomains: %w", err) return fmt.Errorf("setLinkDomains: %w", err)
} }
if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.SetLinkDefaultRoute", 0, iface.Index, len(config.MatchDomains) == 0); call.Err != nil { if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.SetLinkDefaultRoute", 0, m.ifidx, len(config.MatchDomains) == 0); call.Err != nil {
return fmt.Errorf("setLinkDefaultRoute: %w", err) return fmt.Errorf("setLinkDefaultRoute: %w", err)
} }
@ -189,22 +186,22 @@ func (m *resolvedManager) SetDNS(config OSConfig) error {
// or something). // or something).
// Disable LLMNR, we don't do multicast. // Disable LLMNR, we don't do multicast.
if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.SetLinkLLMNR", 0, iface.Index, "no"); call.Err != nil { if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.SetLinkLLMNR", 0, m.ifidx, "no"); call.Err != nil {
m.logf("[v1] failed to disable LLMNR: %v", call.Err) m.logf("[v1] failed to disable LLMNR: %v", call.Err)
} }
// Disable mdns. // Disable mdns.
if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.SetLinkMulticastDNS", 0, iface.Index, "no"); call.Err != nil { if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.SetLinkMulticastDNS", 0, m.ifidx, "no"); call.Err != nil {
m.logf("[v1] failed to disable mdns: %v", call.Err) m.logf("[v1] failed to disable mdns: %v", call.Err)
} }
// We don't support dnssec consistently right now, force it off to // We don't support dnssec consistently right now, force it off to
// avoid partial failures when we split DNS internally. // avoid partial failures when we split DNS internally.
if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.SetLinkDNSSEC", 0, iface.Index, "no"); call.Err != nil { if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.SetLinkDNSSEC", 0, m.ifidx, "no"); call.Err != nil {
m.logf("[v1] failed to disable DNSSEC: %v", call.Err) m.logf("[v1] failed to disable DNSSEC: %v", call.Err)
} }
if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.SetLinkDNSOverTLS", 0, iface.Index, "no"); call.Err != nil { if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.SetLinkDNSOverTLS", 0, m.ifidx, "no"); call.Err != nil {
m.logf("[v1] failed to disable DoT: %v", call.Err) m.logf("[v1] failed to disable DoT: %v", call.Err)
} }
@ -227,15 +224,7 @@ func (m *resolvedManager) Close() error {
ctx, cancel := context.WithTimeout(context.Background(), reconfigTimeout) ctx, cancel := context.WithTimeout(context.Background(), reconfigTimeout)
defer cancel() defer cancel()
_, iface, err := interfaces.Tailscale() if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.RevertLink", 0, m.ifidx); call.Err != nil {
if err != nil {
return fmt.Errorf("getting interface index: %w", err)
}
if iface == nil {
return errNotReady
}
if call := m.resolved.CallWithContext(ctx, "org.freedesktop.resolve1.Manager.RevertLink", 0, iface.Index); call.Err != nil {
return fmt.Errorf("RevertLink: %w", call.Err) return fmt.Errorf("RevertLink: %w", call.Err)
} }