From f80799cd76e28f69d21fdf89affa758ffb08f083 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Mon, 14 Oct 2024 18:56:50 -0400 Subject: [PATCH 1/2] start nameserver only if tproxy mode; resolves #2482 --- router/xgress_edge_tunnel/tunneler.go | 31 ++++++++++++++------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/router/xgress_edge_tunnel/tunneler.go b/router/xgress_edge_tunnel/tunneler.go index ff6daf54e..b9f7264d0 100644 --- a/router/xgress_edge_tunnel/tunneler.go +++ b/router/xgress_edge_tunnel/tunneler.go @@ -68,29 +68,29 @@ func (self *tunneler) Start(notifyClose <-chan struct{}) error { var err error log := pfxlog.Logger() - log.WithField("mode", self.listenOptions.mode).Info("creating interceptor") + var resolver dns.Resolver - resolver, err := dns.NewResolver(self.listenOptions.resolver) - if err != nil { - pfxlog.Logger().WithError(err).Error("failed to start DNS resolver. using dummy resolver") - resolver = dns.NewDummyResolver() - } + if strings.HasPrefix(self.listenOptions.mode, "tproxy") { + log.WithField("mode", self.listenOptions.mode).Info("creating tproxy interceptor") - if err = intercept.SetDnsInterceptIpRange(self.listenOptions.dnsSvcIpRange); err != nil { - pfxlog.Logger().Errorf("invalid dns service IP range %s: %v", self.listenOptions.dnsSvcIpRange, err) - return err - } + resolver, err = dns.NewResolver(self.listenOptions.resolver) + if err != nil { + pfxlog.Logger().WithError(err).Error("failed to start DNS resolver. using dummy resolver") + resolver = dns.NewDummyResolver() + } + + if err = intercept.SetDnsInterceptIpRange(self.listenOptions.dnsSvcIpRange); err != nil { + pfxlog.Logger().Errorf("invalid dns service IP range %s: %v", self.listenOptions.dnsSvcIpRange, err) + return err + } - if strings.HasPrefix(self.listenOptions.mode, "tproxy") { tproxyConfig := tproxy.Config{ LanIf: self.listenOptions.lanIf, UDPIdleTimeout: self.listenOptions.udpIdleTimeout, UDPCheckInterval: self.listenOptions.udpCheckInterval, } - if strings.HasPrefix(self.listenOptions.mode, "tproxy:") { - tproxyConfig.Diverter = strings.TrimPrefix(self.listenOptions.mode, "tproxy:") - } + tproxyConfig.Diverter = strings.TrimPrefix(self.listenOptions.mode, "tproxy:") if self.interceptor, err = tproxy.New(tproxyConfig); err != nil { return errors.Wrap(err, "failed to initialize tproxy interceptor") @@ -99,9 +99,10 @@ func (self *tunneler) Start(notifyClose <-chan struct{}) error { self.listenOptions.resolver = "" self.interceptor = host.New() } else if self.listenOptions.mode == "proxy" { + log.WithField("mode", self.listenOptions.mode).Info("creating proxy interceptor") self.listenOptions.resolver = "" if self.interceptor, err = proxy.New(net.IPv4zero, self.listenOptions.services); err != nil { - return errors.Wrap(err, "failed to initialize tproxy interceptor") + return errors.Wrap(err, "failed to initialize proxy interceptor") } } else { return errors.Errorf("unsupported tunnel mode '%v'", self.listenOptions.mode) From ea38ce0745504ace94f08de6b64780fa5ab27e67 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Mon, 21 Oct 2024 13:00:26 -0400 Subject: [PATCH 2/2] conditionally initialize the diverter if not default tproxy iptables --- router/xgress_edge_tunnel/tunneler.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/router/xgress_edge_tunnel/tunneler.go b/router/xgress_edge_tunnel/tunneler.go index b9f7264d0..6f16aba8d 100644 --- a/router/xgress_edge_tunnel/tunneler.go +++ b/router/xgress_edge_tunnel/tunneler.go @@ -90,7 +90,9 @@ func (self *tunneler) Start(notifyClose <-chan struct{}) error { UDPCheckInterval: self.listenOptions.udpCheckInterval, } - tproxyConfig.Diverter = strings.TrimPrefix(self.listenOptions.mode, "tproxy:") + if strings.HasPrefix(self.listenOptions.mode, "tproxy:") { + tproxyConfig.Diverter = strings.TrimPrefix(self.listenOptions.mode, "tproxy:") + } if self.interceptor, err = tproxy.New(tproxyConfig); err != nil { return errors.Wrap(err, "failed to initialize tproxy interceptor")