vsock-proxy should lookup IPs of Host before accepting each connection #553
Comments
|
Hello @nv-sankalpk, The vsock-proxy was not originally designed with ALB as a use case in mind. However, your finding is valid and we can handle dynamically changing address for allow-listed hosts. For now, I prefer to keep the current lookup behavior as the default. To accommodate your requirements, we could consider introducing a new command line argument, or a data field in the vsock-proxy.yaml file. This would allow enabling the additional behavior as needed. |
|
We have this issue as well.. we need vsock-proxy to be able to use ALBs and any other infra with potentially changing IP addresses. |
|
Hello @mlschindler & @nv-sankalpk, The latest release of the nitro-cli (v1.3.0) resolves the issue you reported. |
|
@meerd Trying to install the latest version : |
Currently, vsock-proxy gets the first domain name IP after lookup_host resolution and starts connecting to the same IP address. For connecting to services exposed through AWS ALB , AWS Loadbalancer IPs keeps changing, causing an exception of "Could not create connection". To resolve this , can we lookup the IPs of the domain on each client connection accept and then connect.
let sockaddr = SocketAddr::new(self.remote_addr, self.remote_port);
let sock_type = self.sock_type;
self.pool.execute(move || {
let mut server = match sock_type {
SockType::Stream => TcpStream::connect(sockaddr)
.map_err(|_| format!("Could not connect to {:?}", sockaddr)),
_ => Err("Socket type not implemented".to_string()),
}
.expect("Could not create connection");
info!("Connected client from {:?} to {:?}", client_addr, sockaddr);
The text was updated successfully, but these errors were encountered: