mirror of
https://github.com/kubenetworks/kubevpn.git
synced 2025-12-24 11:51:13 +08:00
hotfix: fix CVE (#669)
* hotfix: fix CVE * feat: prefer use cmd rather than magic dns to set dns on linux * feat: update go work sum * feat: update ut
This commit is contained in:
naison
@@ -1,60 +0,0 @@
|
||||
package dns
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"text/template"
|
||||
)
|
||||
|
||||
type CoreFile struct {
|
||||
Content []byte
|
||||
}
|
||||
|
||||
// Body Gets the Caddyfile contents
|
||||
func (c *CoreFile) Body() []byte {
|
||||
return c.Content
|
||||
}
|
||||
|
||||
// Path Gets the path to the origin file
|
||||
func (c *CoreFile) Path() string {
|
||||
return "CoreFile"
|
||||
}
|
||||
|
||||
// ServerType The type of server this input is intended for
|
||||
func (c *CoreFile) ServerType() string {
|
||||
return "dns"
|
||||
}
|
||||
|
||||
type CoreFileTmpl struct {
|
||||
UpstreamDNS string
|
||||
Nameservers string
|
||||
}
|
||||
|
||||
func BuildCoreFile(corefileTmpl CoreFileTmpl) (*CoreFile, error) {
|
||||
tplText := `
|
||||
.:53 {
|
||||
bind 127.0.0.1
|
||||
forward cluster.local {{ .UpstreamDNS }}
|
||||
forward . {{ .Nameservers }} {{ .UpstreamDNS }} {
|
||||
policy sequential
|
||||
max_concurrent 1
|
||||
}
|
||||
cache 30
|
||||
log
|
||||
errors
|
||||
reload
|
||||
}`
|
||||
|
||||
tpl, err := template.New("corefile").Parse(tplText)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
data := bytes.NewBuffer(nil)
|
||||
if err := tpl.Execute(data, corefileTmpl); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &CoreFile{
|
||||
Content: data.Bytes(),
|
||||
}, nil
|
||||
}
|
||||
@@ -13,9 +13,6 @@ import (
|
||||
"os/exec"
|
||||
"strings"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
_ "github.com/coredns/coredns/core/dnsserver"
|
||||
_ "github.com/coredns/coredns/core/plugin"
|
||||
"github.com/docker/docker/libnetwork/resolvconf"
|
||||
miekgdns "github.com/miekg/dns"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
@@ -31,24 +28,7 @@ func (c *Config) SetupDNS(ctx context.Context) error {
|
||||
config := c.Config
|
||||
tunName := c.TunName
|
||||
|
||||
// 1) setup dns by magicDNS
|
||||
plog.G(ctx).Debugf("Use library to setup DNS...")
|
||||
// https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables
|
||||
if _, found := os.LookupEnv("GITHUB_ACTIONS"); !found {
|
||||
err := c.UseLibraryDNS(tunName, config)
|
||||
if err == nil {
|
||||
plog.G(ctx).Debugf("Use library to setup DNS done")
|
||||
return nil
|
||||
} else if errors.Is(err, ErrorNotSupportSplitDNS) {
|
||||
plog.G(ctx).Debugf("Library not support on current OS")
|
||||
err = nil
|
||||
} else {
|
||||
plog.G(ctx).Errorf("Setup DNS by library failed: %v", err)
|
||||
err = nil
|
||||
}
|
||||
}
|
||||
|
||||
// 2) use systemctl or resolvectl to setup dns
|
||||
// 1) use systemctl or resolvectl to setup dns
|
||||
plog.G(ctx).Debugf("Use systemd to setup DNS...")
|
||||
// TODO consider use https://wiki.debian.org/NetworkManager and nmcli to config DNS
|
||||
// try to solve:
|
||||
@@ -66,20 +46,30 @@ func (c *Config) SetupDNS(ctx context.Context) error {
|
||||
_, err := exec.LookPath(cmd)
|
||||
return err == nil
|
||||
}
|
||||
var success bool
|
||||
plog.G(ctx).Debugf("Try to setup DNS by resolvectl or systemd-resolve...")
|
||||
if exists("resolvectl") {
|
||||
if setupDnsByCmdResolvectl(ctx, tunName, config) == nil {
|
||||
success = true
|
||||
return nil
|
||||
}
|
||||
}
|
||||
if exists("systemd-resolve") {
|
||||
if setupDNSbyCmdSystemdResolve(ctx, tunName, config) == nil {
|
||||
success = true
|
||||
return nil
|
||||
}
|
||||
}
|
||||
if success {
|
||||
|
||||
// 2) setup dns by magicDNS
|
||||
plog.G(ctx).Debugf("Use library to setup DNS...")
|
||||
err := c.UseLibraryDNS(tunName, config)
|
||||
if err == nil {
|
||||
plog.G(ctx).Debugf("Use library to setup DNS done")
|
||||
return nil
|
||||
} else if errors.Is(err, ErrorNotSupportSplitDNS) {
|
||||
plog.G(ctx).Debugf("Library not support on current OS")
|
||||
err = nil
|
||||
} else {
|
||||
plog.G(ctx).Errorf("Setup DNS by library failed: %v", err)
|
||||
err = nil
|
||||
}
|
||||
|
||||
// 3) write dns info to file: /etc/resolv.conf
|
||||
@@ -164,32 +154,6 @@ func (c *Config) UseLibraryDNS(tunName string, clientConfig *miekgdns.ClientConf
|
||||
return c.OSConfigurator.SetDNS(config)
|
||||
}
|
||||
|
||||
func SetupLocalDNS(ctx context.Context, clientConfig *miekgdns.ClientConfig, existNameservers []string) error {
|
||||
corefile, err := BuildCoreFile(CoreFileTmpl{
|
||||
UpstreamDNS: clientConfig.Servers[0],
|
||||
Nameservers: strings.Join(existNameservers, " "),
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
plog.G(ctx).Debugf("Corefile content: %s", string(corefile.Body()))
|
||||
|
||||
// Start your engines
|
||||
instance, err := caddy.Start(corefile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Twiddle your thumbs
|
||||
go instance.Wait()
|
||||
go func() {
|
||||
<-ctx.Done()
|
||||
instance.Stop()
|
||||
}()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *Config) CancelDNS() {
|
||||
c.removeHosts(sets.New[Entry]().Insert(c.Hosts...).UnsortedList())
|
||||
if c.OSConfigurator != nil {
|
||||
|
||||
@@ -393,7 +393,7 @@ func udpClient(t *testing.T, ip string, port int) error {
|
||||
func udpServer(t *testing.T, port int) {
|
||||
// 创建监听
|
||||
udpConn, err := net.ListenUDP("udp4", &net.UDPAddr{
|
||||
IP: net.IPv4(0, 0, 0, 0),
|
||||
IP: net.ParseIP("127.0.0.1"),
|
||||
Port: port,
|
||||
})
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user