New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TCP fallback is not always used and forcing it is not ergonomic #2197
Comments
This looks like 3 different issues:
This makes sense to me. Want to send a PR? I think we have some code for fallback already so probably just involves adding
I'm not sure this use case is important enough that we'd want to have specific API for it, but we recently discussed in #2188 that mutating the configuration returned from
I don't know that we can readily get this information? We use the resolv-conf crate on Linux, and from a quick look it doesn't to yield this information. It otherwise sounds reasonable, though. |
Possibly 😅
I'm unfortunately not familiar enough with Rust to contribute such changes.
Fair enough. It would be sufficient if
I don't think there's an OS-agnostic way of getting this information. This shouldn't however be an obstacle in leaving it to the OS, which is not difficult, unless there's a strong need for otherwise. |
Describe the bug
There are systems that block all outgoing UDP with their firewall. In such cases
bind
succeeds butsendto
on those sockets returns-1 (EINVAL)
.This results in a
ResolveError { kind: Proto(ProtoError { kind: Io(Os { code: 22, kind: InvalidInput, message: "Invalid argument" }) })
, but the resolver does not fall back to TCP.To Reproduce
Add
ip protocol udp drop
to the host's prerouting rules, run one of the examples.Expected behavior
The library should fall back to TCP when
EINVAL
is returned on UDP writes. (This also likely applies to QUIC connections.)Ideally it would be possible to force TCP with a simple call when configuring the resolver, such as:
Resolver::from_system_conf().force_proto(Protocol::Tcp)
.It would also be nice if the library would let the host OS choose the ephemeral source port. Either by-default for
from_system_conf
resolvers or it should be easy to enable. It's quite possible that the host OS is configured to allow a range better (or more suitable in some setups) than what the library uses. Source port ranges and usage can also used for fingerprinting, this would reduce the effectiveness of such approaches.System:
Version:
The text was updated successfully, but these errors were encountered: