search

containers / gvisor-tap-vsock

A new network stack based on gVisor
Apache License 2.0
250 stars 47 forks source link

gvisor-tap-vsock DNS server misbehaving in corner cases? #235

Closed cfergeau closed 1 year ago

cfergeau commented 1 year ago

There is some discussion in https://github.com/containers/gvisor-tap-vsock/pull/234/commits/2f01b72f1d2672d58fb658c3b04ef8b62a1bb6ed Using busybox image and querying aerserv-bc-us-east.bidswitch.net with nslookup:

8.8.8.8:

socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
bind(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}, 16) = 0
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
write(3, "8\247\1\0\0\1\0\0\0\0\0\0\22aerserv-bc-us-east\t"..., 50) = 50
write(3, "\312Y\1\0\0\1\0\0\0\0\0\0\22aerserv-bc-us-east\t"..., 50) = 50
read(3, "\312Y\201\200\0\1\0\0\0\1\0\0\22aerserv-bc-us-east\t"..., 512) = 102
read(3, "8\247\203\200\0\1\0\0\0\0\0\0\22aerserv-bc-us-east\t"..., 512) = 50
close(3)                                = 0

192.168.127.1:

socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
bind(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.127.1")}, 16) = 0
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
write(3, "\237K\1\0\0\1\0\0\0\0\0\0\22aerserv-bc-us-east\t"..., 50) = 50
write(3, "\355\r\1\0\0\1\0\0\0\0\0\0\22aerserv-bc-us-east\t"..., 50) = 50
read(3, "\355\r\201\200\0\1\0\0\0\0\0\0\22aerserv-bc-us-east\t"..., 512) = 50
read(3, "\237K\201\200\0\1\0\242\0\0\0\0\22aerserv-bc-us-east\t"..., 512) = 512
close(3)

gvisor-tap-vsock is sending more data than 8.8.8.8 (there is one extra read returning 512 bytes), and this ends with a Parsing error.

gbraad commented 1 year ago

What does the tcpdump look like?

cfergeau commented 1 year ago

This is fixed by #239

nhart12 commented 1 year ago

@cfergeau what /when's the plan for the next release?

cfergeau commented 1 year ago

I'd like to get https://github.com/containers/gvisor-tap-vsock/pull/215 in , but this needs careful testing, I'm a bit worried it could cause subtle issues. And I also want https://github.com/containers/gvisor-tap-vsock/pull/238 Apart from that, I agree it's time for a new release!

cfergeau commented 1 year ago

@nhart12 I cut https://github.com/containers/gvisor-tap-vsock/releases/tag/v0.6.2 without #215 , next release can be 0.7.0 with #215 and the switch to newer gvisor-tap-vsock/golang 1.20 :)