From 09cb2a4d5197c437a008ca970657d68d5e95d336 Mon Sep 17 00:00:00 2001 From: Liam Date: Fri, 26 Jul 2024 10:28:28 +0100 Subject: [PATCH 1/4] fix: Interleave cloudflare, google, and opendns in configured DNS providers to ensure retries hit different networks --- control-plane/src/dnsproxy.rs | 11 ++++++++--- control-plane/src/main.rs | 9 ++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/control-plane/src/dnsproxy.rs b/control-plane/src/dnsproxy.rs index 67510130..25cef792 100644 --- a/control-plane/src/dnsproxy.rs +++ b/control-plane/src/dnsproxy.rs @@ -11,9 +11,14 @@ use tokio::net::UdpSocket; const DNS_SERVER_OVERRIDE_KEY: &str = "EV_CONTROL_PLANE_DNS_SERVER"; lazy_static::lazy_static! { - pub static ref CLOUDFLARE_DNS_SERVERS: Vec = vec![IpAddr::V4(Ipv4Addr::new(1, 1, 1, 1)), IpAddr::V4(Ipv4Addr::new(1, 0, 0, 1))]; - pub static ref GOOGLE_DNS_SERVERS: Vec = vec![IpAddr::V4(Ipv4Addr::new(8, 8, 8, 8)), IpAddr::V4(Ipv4Addr::new(8, 8, 4, 4))]; - pub static ref OPEN_DNS_SERVERS: Vec = vec![IpAddr::V4(Ipv4Addr::new(208, 67, 222, 222)), IpAddr::V4(Ipv4Addr::new(208, 67, 220, 220))]; + pub static ref DNS_SERVERS: Vec = vec![ + IpAddr::V4(Ipv4Addr::new(1, 1, 1, 1)), // Cloudflare Primary + IpAddr::V4(Ipv4Addr::new(8, 8, 8, 8)), // Google Primary + IpAddr::V4(Ipv4Addr::new(208, 67, 222, 222)), // OpenDNS Primary + IpAddr::V4(Ipv4Addr::new(1, 0, 0, 1)), // Cloudflare Secondary + IpAddr::V4(Ipv4Addr::new(8, 8, 4, 4)), // Google Secondary + IpAddr::V4(Ipv4Addr::new(208, 67, 220, 220)) // OpenDNS Secondary + ]; } pub fn read_dns_server_ips_from_env_var() -> Option> { diff --git a/control-plane/src/main.rs b/control-plane/src/main.rs index 8b40cb2c..7adb9a12 100644 --- a/control-plane/src/main.rs +++ b/control-plane/src/main.rs @@ -114,13 +114,8 @@ async fn main() -> Result<()> { { listen_for_shutdown_signal(); let mut health_check_server = health::HealthCheckServer::new().await?; - let parsed_ip = control_plane::dnsproxy::read_dns_server_ips_from_env_var().unwrap_or( - [ - control_plane::dnsproxy::CLOUDFLARE_DNS_SERVERS.as_slice(), - control_plane::dnsproxy::GOOGLE_DNS_SERVERS.as_slice(), - ] - .concat(), - ); + let parsed_ip = control_plane::dnsproxy::read_dns_server_ips_from_env_var() + .unwrap_or_else(|| control_plane::dnsproxy::DNS_SERVERS.clone()); let dns_proxy_server = control_plane::dnsproxy::DnsProxy::new(parsed_ip); let ( From 542a9f6359c1516d5feabf837210d94bcf8da60f Mon Sep 17 00:00:00 2001 From: Liam Date: Fri, 26 Jul 2024 10:29:17 +0100 Subject: [PATCH 2/4] fix: correct dns servers in default dns proxy conf --- control-plane/src/dnsproxy.rs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/control-plane/src/dnsproxy.rs b/control-plane/src/dnsproxy.rs index 25cef792..502d3515 100644 --- a/control-plane/src/dnsproxy.rs +++ b/control-plane/src/dnsproxy.rs @@ -37,11 +37,7 @@ pub struct DnsProxy { impl std::default::Default for DnsProxy { fn default() -> Self { Self { - dns_server_ips: [ - CLOUDFLARE_DNS_SERVERS.as_slice(), - GOOGLE_DNS_SERVERS.as_slice(), - ] - .concat(), + dns_server_ips: DNS_SERVERS.clone() } } } From ca70101baa213829aa65bd195e0aa1be83b57386 Mon Sep 17 00:00:00 2001 From: Liam Date: Fri, 26 Jul 2024 10:44:42 +0100 Subject: [PATCH 3/4] chore: fmt control plane and data plane, improve error handling on socket recv --- control-plane/src/dnsproxy.rs | 2 +- data-plane/src/dns/enclavedns.rs | 19 ++++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/control-plane/src/dnsproxy.rs b/control-plane/src/dnsproxy.rs index 502d3515..3ea5a7e0 100644 --- a/control-plane/src/dnsproxy.rs +++ b/control-plane/src/dnsproxy.rs @@ -37,7 +37,7 @@ pub struct DnsProxy { impl std::default::Default for DnsProxy { fn default() -> Self { Self { - dns_server_ips: DNS_SERVERS.clone() + dns_server_ips: DNS_SERVERS.clone(), } } } diff --git a/data-plane/src/dns/enclavedns.rs b/data-plane/src/dns/enclavedns.rs index f42698fe..e2385d29 100644 --- a/data-plane/src/dns/enclavedns.rs +++ b/data-plane/src/dns/enclavedns.rs @@ -46,16 +46,17 @@ impl EnclaveDnsProxy { loop { let mut buffer = [0; 512]; - let (amt, src) = shared_socket.recv_from(&mut buffer).await?; - let buf = Bytes::copy_from_slice(&buffer[..amt]); - let dispatch_result = - timeout(dns_dispatch_timeout, dns_lookup_sender.send((buf, src))).await; + if let Ok((amt, src)) = shared_socket.recv_from(&mut buffer).await { + let buf = Bytes::copy_from_slice(&buffer[..amt]); + let dispatch_result = + timeout(dns_dispatch_timeout, dns_lookup_sender.send((buf, src))).await; - match dispatch_result { - Ok(Err(e)) => log::error!("Error dispatching DNS request: {e:?}"), - Err(e) => log::error!("Timeout dispatching DNS request: {e:?}"), - _ => {} - }; + match dispatch_result { + Ok(Err(e)) => log::error!("Error dispatching DNS request: {e:?}"), + Err(e) => log::error!("Timeout dispatching DNS request: {e:?}"), + _ => {} + }; + } } } } From 2b94c9eae9cd30977df019c42a99cfa77ca2f88e Mon Sep 17 00:00:00 2001 From: Liam Date: Fri, 26 Jul 2024 11:15:26 +0100 Subject: [PATCH 4/4] chore: pin rust version in CI. 1.80.0 breaks compilation --- .../workflows/deploy-control-plane-image-production.yml | 2 +- .github/workflows/deploy-control-plane-image-staging.yml | 4 ++-- .github/workflows/deploy-data-plane-binary-staging.yml | 2 +- .github/workflows/test-control-plane.yml | 2 +- .github/workflows/test-data-plane.yml | 4 ++-- .github/workflows/test-shared-lib.yml | 2 +- .github/workflows/vsock-proxy.yml | 8 ++++---- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/deploy-control-plane-image-production.yml b/.github/workflows/deploy-control-plane-image-production.yml index f4ed4a73..efe45a15 100644 --- a/.github/workflows/deploy-control-plane-image-production.yml +++ b/.github/workflows/deploy-control-plane-image-production.yml @@ -25,7 +25,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 components: rustfmt - uses: Swatinem/rust-cache@v2 with: diff --git a/.github/workflows/deploy-control-plane-image-staging.yml b/.github/workflows/deploy-control-plane-image-staging.yml index f34302bc..ca1332fa 100644 --- a/.github/workflows/deploy-control-plane-image-staging.yml +++ b/.github/workflows/deploy-control-plane-image-staging.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 components: rustfmt - uses: Swatinem/rust-cache@v2 with: @@ -37,7 +37,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 - name: Parse semver from cargo.toml id: get-version run: | diff --git a/.github/workflows/deploy-data-plane-binary-staging.yml b/.github/workflows/deploy-data-plane-binary-staging.yml index 90538e3d..1d75c698 100644 --- a/.github/workflows/deploy-data-plane-binary-staging.yml +++ b/.github/workflows/deploy-data-plane-binary-staging.yml @@ -24,7 +24,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 - name: Parse semver from cargo.toml id: get-version run: | diff --git a/.github/workflows/test-control-plane.yml b/.github/workflows/test-control-plane.yml index 145bb7c9..26b48b25 100644 --- a/.github/workflows/test-control-plane.yml +++ b/.github/workflows/test-control-plane.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 components: rustfmt - uses: Swatinem/rust-cache@v2 with: diff --git a/.github/workflows/test-data-plane.yml b/.github/workflows/test-data-plane.yml index 09a80a85..6aab3ea8 100644 --- a/.github/workflows/test-data-plane.yml +++ b/.github/workflows/test-data-plane.yml @@ -26,7 +26,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 - uses: Swatinem/rust-cache@v2 with: shared-key: "standard-cache" @@ -49,7 +49,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 - uses: Swatinem/rust-cache@v2 with: shared-key: "standard-cache" diff --git a/.github/workflows/test-shared-lib.yml b/.github/workflows/test-shared-lib.yml index 3cec1c58..6ee8fc69 100644 --- a/.github/workflows/test-shared-lib.yml +++ b/.github/workflows/test-shared-lib.yml @@ -12,7 +12,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 - uses: Swatinem/rust-cache@v2 with: shared-key: "standard-cache" diff --git a/.github/workflows/vsock-proxy.yml b/.github/workflows/vsock-proxy.yml index de10d7cc..0f31e06b 100644 --- a/.github/workflows/vsock-proxy.yml +++ b/.github/workflows/vsock-proxy.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 - uses: Swatinem/rust-cache@v2 with: shared-key: "vsock-proxy" @@ -37,7 +37,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 - uses: Swatinem/rust-cache@v2 with: shared-key: "vsock-proxy" @@ -52,7 +52,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 - name: Compile proxy run: cargo build -p vsock-proxy --release - name: Upload proxy @@ -69,7 +69,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: - toolchain: stable + toolchain: 1.79.0 - name: Publish vsock-proxy run: cargo publish -p vsock-proxy env: