add network dns_bind_port setting and set NETAVARK_DNS_PORT from it

This commit allows using aardvark with an alternate port as per implementation in containers/netavark#323 Signed-off-by: Dominique Martinet <[email protected]>
containers · Jul 8, 2022 · 30364ba · 30364ba
1 parent 1b91329
commit 30364ba
Show file tree

Hide file tree

Showing 9 changed files with 46 additions and 0 deletions.
diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md
@@ -359,6 +359,13 @@ and "$HOME/.config/cni/net.d" as rootless.
 For the netavark backend "/etc/containers/networks" is used as root
 and "$graphroot/networks" as rootless.
 
+**dns_bind_port**=53
+
+Port to use for dns forwarding daemon with netavark in rootful bridge
+mode and dns enabled.
+Using an alternate port might be useful if other dns services should
+run on the machine.
+
 ## ENGINE TABLE
 The `engine` table contains configuration options used to set up container engines such as Podman and Buildah.
 

diff --git a/libnetwork/netavark/exec.go b/libnetwork/netavark/exec.go
@@ -119,6 +119,9 @@ func (n *netavarkNetwork) execNetavark(args []string, stdin, result interface{})
 	if logrus.IsLevelEnabled(logrus.DebugLevel) {
 		cmd.Env = append(cmd.Env, "RUST_BACKTRACE=1")
 	}
+	if n.dnsBindPort != 0 {
+		cmd.Env = append(cmd.Env, "NETAVARK_DNS_PORT="+strconv.Itoa(n.dnsBindPort))
+	}
 
 	err = cmd.Start()
 	if err != nil {

diff --git a/libnetwork/netavark/network.go b/libnetwork/netavark/network.go
@@ -43,6 +43,9 @@ type netavarkNetwork struct {
 	// defaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
 	defaultsubnetPools []config.SubnetPool
 
+	// dnsBindPort is set the the port to pass to netavark for aardvark
+	dnsBindPort int
+
 	// ipamDBPath is the path to the ip allocation bolt db
 	ipamDBPath string
 
@@ -80,6 +83,9 @@ type InitConfig struct {
 	// DefaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
 	DefaultsubnetPools []config.SubnetPool
 
+	// DNSBindPort is set the the port to pass to netavark for aardvark
+	DNSBindPort int
+
 	// Syslog describes whenever the netavark debbug output should be log to the syslog as well.
 	// This will use logrus to do so, make sure logrus is set up to log to the syslog.
 	Syslog bool
@@ -131,6 +137,7 @@ func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 		defaultNetwork:     defaultNetworkName,
 		defaultSubnet:      defaultNet,
 		defaultsubnetPools: defaultSubnetPools,
+		dnsBindPort:        conf.DNSBindPort,
 		lock:               lock,
 		syslog:             conf.Syslog,
 	}

diff --git a/libnetwork/network/interface.go b/libnetwork/network/interface.go
@@ -84,6 +84,7 @@ func NetworkBackend(store storage.Store, conf *config.Config, syslog bool) (type
 			DefaultNetwork:     conf.Network.DefaultNetwork,
 			DefaultSubnet:      conf.Network.DefaultSubnet,
 			DefaultsubnetPools: conf.Network.DefaultSubnetPools,
+			DNSBindPort:        conf.Network.DNSBindPort,
 			Syslog:             syslog,
 		})
 		return types.Netavark, netInt, err

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -532,6 +532,11 @@ type NetworkConfig struct {
 
 	// NetworkConfigDir is where network configuration files are stored.
 	NetworkConfigDir string `toml:"network_config_dir,omitempty"`
+
+	// DNSBindPort is the port that should be used by dns forwarding daemon
+	// for netavark rootful bridges with dns enabled. This can be necessary
+	// when other dns forwarders run on the machine. 53 is used if unset.
+	DNSBindPort uint16 `toml:"dns_bind_port,omitempty,omitzero"`
 }
 
 type SubnetPool struct {

diff --git a/pkg/config/config_local_test.go b/pkg/config/config_local_test.go
@@ -134,6 +134,18 @@ var _ = Describe("Config Local", func() {
 		))
 	})
 
+	It("parse dns port", func() {
+		// Given
+		config, err := NewConfig("")
+		gomega.Expect(err).To(gomega.BeNil())
+		gomega.Expect(config.Network.DNSBindPort).To(gomega.Equal(uint16(0)))
+		// When
+		config2, err := NewConfig("testdata/containers_default.conf")
+		// Then
+		gomega.Expect(err).To(gomega.BeNil())
+		gomega.Expect(config2.Network.DNSBindPort).To(gomega.Equal(uint16(1153)))
+	})
+
 	It("should fail during runtime", func() {
 		validDirPath, err := ioutil.TempDir("", "config-empty")
 		if err != nil {

diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf
@@ -325,6 +325,13 @@ default_sysctls = [
 #
 #network_config_dir = "/etc/cni/net.d/"
 
+# Port to use for dns forwarding daemon with netavark in rootful bridge
+# mode and dns enabled.
+# Using an alternate port might be useful if other dns services should
+# run on the machine.
+#
+#dns_bind_port = 53
+
 [engine]
 # Index to the active service
 #

diff --git a/pkg/config/default.go b/pkg/config/default.go
@@ -230,6 +230,7 @@ func DefaultConfig() (*Config, error) {
 			DefaultNetwork:     "podman",
 			DefaultSubnet:      DefaultSubnet,
 			DefaultSubnetPools: DefaultSubnetPools,
+			DNSBindPort:        0,
 			CNIPluginDirs:      DefaultCNIPluginDirs,
 		},
 		Engine:  *defaultEngineConfig,

diff --git a/pkg/config/testdata/containers_default.conf b/pkg/config/testdata/containers_default.conf
@@ -109,6 +109,9 @@ network_config_dir = "/etc/cni/net.d/"
 
 default_subnet_pools = [{"base" = "10.89.0.0/16", "size" = 24}, {"base" = "10.90.0.0/15", "size" = 24}]
 
+# dns port for netavark/aardvark
+dns_bind_port = 1153
+
 [engine]
 
 # Cgroup management implementation used for the runtime.