Skip to content

Commit 9819e05

Browse files
openshift-merge-bot[bot]openshift-merge-bot[bot]
authored
Merge pull request #2233 from Luap99/resolv-ipv6-link-local
libnetwork/resolvconf: filter out ipv6 link local
2 parents 13a63dc + d830bf8 commit 9819e05

File tree

2 files changed

+22
-5
lines changed

2 files changed

+22
-5
lines changed

libnetwork/resolvconf/resolv_test.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -122,6 +122,18 @@ func TestNew(t *testing.T) {
122122
ipv6: true,
123123
want: "nameserver 1.1.1.1\nnameserver fd::1\n",
124124
},
125+
{
126+
name: "ipv6 link local must always be filtered when netns is private",
127+
baseContent: "nameserver 1.1.1.1\nnameserver fe80::1%eth1\nnameserver fd::1\n",
128+
ipv6: true,
129+
want: "nameserver 1.1.1.1\nnameserver fd::1\n",
130+
},
131+
{
132+
name: "ipv6 link local must not be filtered when netns is host",
133+
baseContent: "nameserver 1.1.1.1\nnameserver fe80::1%eth1\nnameserver fd::1\n",
134+
hostns: true,
135+
want: "nameserver 1.1.1.1\nnameserver fe80::1%eth1\nnameserver fd::1\n",
136+
},
125137
}
126138
for _, tt := range tests {
127139
t.Run(tt.name, func(t *testing.T) {

libnetwork/resolvconf/resolvconf.go

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -32,11 +32,12 @@ var (
3232
// ipLocalhost is a regex pattern for IPv4 or IPv6 loopback range.
3333
ipLocalhost = `((127\.([0-9]{1,3}\.){2}[0-9]{1,3})|(::1)$)`
3434

35-
localhostNSRegexp = regexp.Delayed(`(?m)^nameserver\s+` + ipLocalhost + `\s*\n*`)
36-
nsIPv6Regexp = regexp.Delayed(`(?m)^nameserver\s+` + ipv6Address + `\s*\n*`)
37-
nsRegexp = regexp.Delayed(`^\s*nameserver\s*((` + ipv4Address + `)|(` + ipv6Address + `))\s*$`)
38-
searchRegexp = regexp.Delayed(`^\s*search\s*(([^\s]+\s*)*)$`)
39-
optionsRegexp = regexp.Delayed(`^\s*options\s*(([^\s]+\s*)*)$`)
35+
localhostNSRegexp = regexp.Delayed(`(?m)^nameserver\s+` + ipLocalhost + `\s*\n*`)
36+
nsIPv6Regexp = regexp.Delayed(`(?m)^nameserver\s+` + ipv6Address + `\s*\n*`)
37+
nsIPv6LinkLocalRegexp = regexp.Delayed(`(?m)^nameserver\s+` + ipv6Address + `%.*\s*\n*`)
38+
nsRegexp = regexp.Delayed(`^\s*nameserver\s*((` + ipv4Address + `)|(` + ipv6Address + `))\s*$`)
39+
searchRegexp = regexp.Delayed(`^\s*search\s*(([^\s]+\s*)*)$`)
40+
optionsRegexp = regexp.Delayed(`^\s*options\s*(([^\s]+\s*)*)$`)
4041
)
4142

4243
// filterResolvDNS cleans up the config in resolvConf. It has two main jobs:
@@ -54,6 +55,10 @@ func filterResolvDNS(resolvConf []byte, ipv6Enabled bool, netnsEnabled bool) []b
5455
// if IPv6 is not enabled, also clean out any IPv6 address nameserver
5556
if !ipv6Enabled {
5657
cleanedResolvConf = nsIPv6Regexp.ReplaceAll(cleanedResolvConf, []byte{})
58+
} else {
59+
// If ipv6 is we still must remove any ipv6 link-local addresses as
60+
// the zone will never match the interface name or index in the container.
61+
cleanedResolvConf = nsIPv6LinkLocalRegexp.ReplaceAll(cleanedResolvConf, []byte{})
5762
}
5863
// if the resulting resolvConf has no more nameservers defined, add appropriate
5964
// default DNS servers for IPv4 and (optionally) IPv6

0 commit comments

Comments
 (0)