don't try to start tunneler in intercept mode unless on linux

openziti · Jan 29, 2025 · 4fe50f7 · 4fe50f7
1 parent ec06ce2
commit 4fe50f7
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 70 deletions.
diff --git a/tunnel/dns/dns.go b/tunnel/dns/dns.go
@@ -0,0 +1,81 @@
+//go:build linux
+
+package dns
+
+import (
+	"fmt"
+	"github.com/miekg/dns"
+	"github.com/sirupsen/logrus"
+	"net"
+	"os/exec"
+	"sync"
+	"time"
+)
+
+func NewDnsServer(addr string) (Resolver, error) {
+	log.Infof("starting dns server...")
+	s := &dns.Server{
+		Addr: addr,
+		Net:  "udp",
+	}
+
+	names := make(map[string]net.IP)
+	r := &resolver{
+		server:     s,
+		names:      names,
+		ips:        make(map[string]string),
+		namesMtx:   sync.Mutex{},
+		domains:    make(map[string]*domainEntry),
+		domainsMtx: sync.Mutex{},
+	}
+	s.Handler = r
+
+	errChan := make(chan error)
+	go func() {
+		errChan <- s.ListenAndServe()
+	}()
+
+	select {
+	case err := <-errChan:
+		if err != nil {
+			return nil, fmt.Errorf("dns server failed to start: %w", err)
+		} else {
+			return nil, fmt.Errorf("dns server stopped prematurely")
+		}
+	case <-time.After(2 * time.Second):
+		log.Infof("dns server running at %s", s.Addr)
+	}
+
+	const resolverConfigHelp = "ziti-tunnel runs an internal DNS server which must be first in the host's\n" +
+		"resolver configuration. On systems that use NetManager/dhclient, this can\n" +
+		"be achieved by adding the following to /etc/dhcp/dhclient.conf:\n" +
+		"\n" +
+		"    prepend domain-name-servers %s;\n\n"
+
+	err := r.testSystemResolver()
+	if err != nil {
+		log.Errorf("system resolver test failed: %s\n\n"+resolverConfigHelp, err, addr)
+	}
+
+	return r, nil
+}
+
+func flushDnsCaches() {
+	bin, err := exec.LookPath("systemd-resolve")
+	arg := "--flush-caches"
+	if err != nil {
+		bin, err = exec.LookPath("resolvectl")
+		if err != nil {
+			logrus.WithError(err).Warn("unable to find systemd-resolve or resolvectl in path, consider adding a dns flush to your restart process")
+			return
+		}
+		arg = "flush-caches"
+	}
+
+	cmd := exec.Command(bin, arg)
+	if err = cmd.Run(); err != nil {
+		logrus.WithError(err).Warn("unable to flush dns caches, consider adding a dns flush to your restart process")
+	} else {
+		logrus.Info("dns caches flushed")
+	}
+}
diff --git a/tunnel/dns/dns_notlinux.go b/tunnel/dns/dns_notlinux.go
@@ -0,0 +1,11 @@
+//go:build !linux
+
+package dns
+
+func NewDnsServer(addr string) (Resolver, error) {
+	return nil, nil
+}
+
+func flushDnsCaches() {
+	// not implemented
+}
diff --git a/tunnel/dns/server.go b/tunnel/dns/server.go
@@ -23,10 +23,8 @@ import (
 	"github.com/sirupsen/logrus"
 	"net"
 	"net/url"
-	"os/exec"
 	"strings"
 	"sync"
-	"time"
 )
 
 var log = logrus.StandardLogger()
@@ -40,26 +38,6 @@ type resolver struct {
 	domainsMtx sync.Mutex
 }
 
-func flushDnsCaches() {
-	bin, err := exec.LookPath("systemd-resolve")
-	arg := "--flush-caches"
-	if err != nil {
-		bin, err = exec.LookPath("resolvectl")
-		if err != nil {
-			logrus.WithError(err).Warn("unable to find systemd-resolve or resolvectl in path, consider adding a dns flush to your restart process")
-			return
-		}
-		arg = "flush-caches"
-	}
-
-	cmd := exec.Command(bin, arg)
-	if err = cmd.Run(); err != nil {
-		logrus.WithError(err).Warn("unable to flush dns caches, consider adding a dns flush to your restart process")
-	} else {
-		logrus.Info("dns caches flushed")
-	}
-}
-
 func NewResolver(config string) (Resolver, error) {
 	flushDnsCaches()
 	if config == "" {
@@ -85,54 +63,6 @@ func NewResolver(config string) (Resolver, error) {
 	return nil, fmt.Errorf("invalid resolver configuration '%s'. must be 'file://' or 'udp://' URL", config)
 }
 
-func NewDnsServer(addr string) (Resolver, error) {
-	log.Infof("starting dns server...")
-	s := &dns.Server{
-		Addr: addr,
-		Net:  "udp",
-	}
-
-	names := make(map[string]net.IP)
-	r := &resolver{
-		server:     s,
-		names:      names,
-		ips:        make(map[string]string),
-		namesMtx:   sync.Mutex{},
-		domains:    make(map[string]*domainEntry),
-		domainsMtx: sync.Mutex{},
-	}
-	s.Handler = r
-
-	errChan := make(chan error)
-	go func() {
-		errChan <- s.ListenAndServe()
-	}()
-
-	select {
-	case err := <-errChan:
-		if err != nil {
-			return nil, fmt.Errorf("dns server failed to start: %w", err)
-		} else {
-			return nil, fmt.Errorf("dns server stopped prematurely")
-		}
-	case <-time.After(2 * time.Second):
-		log.Infof("dns server running at %s", s.Addr)
-	}
-
-	const resolverConfigHelp = "ziti-tunnel runs an internal DNS server which must be first in the host's\n" +
-		"resolver configuration. On systems that use NetManager/dhclient, this can\n" +
-		"be achieved by adding the following to /etc/dhcp/dhclient.conf:\n" +
-		"\n" +
-		"    prepend domain-name-servers %s;\n\n"
-
-	err := r.testSystemResolver()
-	if err != nil {
-		log.Errorf("system resolver test failed: %s\n\n"+resolverConfigHelp, err, addr)
-	}
-
-	return r, nil
-}
-
 func (r *resolver) testSystemResolver() error {
 	const resolverTestHostname = "ziti-tunnel.resolver.test"
 	resolverTestIP := net.IP{19, 65, 28, 94}