allow the firewall to use the router for dns requests (in rules)

This commit is contained in:
Pierre Alain 2024-05-06 19:11:23 +02:00 committed by Hannes Mehnert
parent a37584a720
commit 8e4c24bfba
2 changed files with 4 additions and 4 deletions

View File

@ -446,14 +446,14 @@ struct
clients := !clients |> Dao.VifMap.add key cleanup))) clients := !clients |> Dao.VifMap.add key cleanup)))
let send_dns_client_query t ~src_port ~dst ~dst_port buf = let send_dns_client_query t ~src_port ~dst ~dst_port buf =
match t with match t.uplink with
| None -> | None ->
Log.err (fun f -> f "No uplink interface"); Log.err (fun f -> f "No uplink interface");
Lwt.return (Error (`Msg "failure")) Lwt.return (Error (`Msg "failure"))
| Some t -> ( | Some uplink -> (
Lwt.catch Lwt.catch
(fun () -> (fun () ->
U.write ~src_port ~dst ~dst_port t.udp buf >|= function U.write ~src_port ~dst ~dst_port uplink.udp buf >|= function
| Error s -> | Error s ->
Log.err (fun f -> f "error sending udp packet: %a" U.pp_error s); Log.err (fun f -> f "error sending udp packet: %a" U.pp_error s);
Error (`Msg "failure") Error (`Msg "failure")

View File

@ -103,7 +103,7 @@ module Main (R : Mirage_random.S)(Clock : Mirage_clock.MCLOCK)(Time : Mirage_tim
~uplink:None ~uplink:None
in in
let send_dns_query = Dispatcher.send_dns_client_query None in let send_dns_query = Dispatcher.send_dns_client_query router in
let dns_mvar = Lwt_mvar.create_empty () in let dns_mvar = Lwt_mvar.create_empty () in
let nameservers = `Udp, [ config.Dao.dns, 53 ; config.Dao.dns2, 53 ] in let nameservers = `Udp, [ config.Dao.dns, 53 ; config.Dao.dns2, 53 ] in
let dns_client = Dns_client.create ~nameservers (router, send_dns_query, dns_mvar) in let dns_client = Dns_client.create ~nameservers (router, send_dns_query, dns_mvar) in