diff --git a/go.mod b/go.mod index 5a7f55303b..82a30e2f94 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/cavaliergopher/grab/v3 v3.0.1 github.com/cheggaaa/pb/v3 v3.1.6 github.com/containers/common v0.60.4 - github.com/containers/gvisor-tap-vsock v0.8.1 + github.com/containers/gvisor-tap-vsock v0.8.2 github.com/containers/image/v5 v5.32.2 github.com/containers/libhvee v0.9.0 github.com/coreos/go-systemd/v22 v22.5.0 diff --git a/go.sum b/go.sum index 6f23fc32ea..7904dd4339 100644 --- a/go.sum +++ b/go.sum @@ -44,8 +44,8 @@ github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containers/common v0.60.4 h1:H5+LAMHPZEqX6vVNOQ+IguVsaFl8kbO/SZ/VPXjxhy0= github.com/containers/common v0.60.4/go.mod h1:I0upBi1qJX3QmzGbUOBN1LVP6RvkKhd3qQpZbQT+Q54= -github.com/containers/gvisor-tap-vsock v0.8.1 h1:88qkOjGMF9NmyoVG/orUw73mdwj3z4aOwEbRS01hF78= -github.com/containers/gvisor-tap-vsock v0.8.1/go.mod h1:gjdY4JBWnynrXsxT8+OM7peEOd4FCZpoOWjSadHva0g= +github.com/containers/gvisor-tap-vsock v0.8.2 h1:uQMBCCHlIIj62fPjbvgm6AL5EzsP6TP5eviByOJEsOg= +github.com/containers/gvisor-tap-vsock v0.8.2/go.mod h1:EMRe2o63ddq2zxcP0hTysmxCf/5JlaNEg8/gpzP0ox4= github.com/containers/image/v5 v5.32.2 h1:SzNE2Y6sf9b1GJoC8qjCuMBXwQrACFp4p0RK15+4gmQ= github.com/containers/image/v5 v5.32.2/go.mod h1:v1l73VeMugfj/QtKI+jhYbwnwFCFnNGckvbST3rQ5Hk= github.com/containers/libhvee v0.9.0 h1:5UxJMka1lDfxTeITA25Pd8QVVttJAG43eQS1Getw1tc= diff --git a/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns.go b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns.go index e50bbc5223..9168dff056 100644 --- a/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns.go +++ b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns.go @@ -16,17 +16,16 @@ import ( ) type dnsHandler struct { - zones []types.Zone - zonesLock sync.RWMutex - udpClient *dns.Client - tcpClient *dns.Client - hostsFile *HostsFile - nameservers []string + zones []types.Zone + zonesLock sync.RWMutex + udpClient *dns.Client + tcpClient *dns.Client + hostsFile *HostsFile + dnsConfig *dnsConfig } func newDNSHandler(zones []types.Zone) (*dnsHandler, error) { - - nameservers, err := getDNSHostAndPort() + dnsConfig, err := newDNSConfig() if err != nil { return nil, err } @@ -37,13 +36,12 @@ func newDNSHandler(zones []types.Zone) (*dnsHandler, error) { } return &dnsHandler{ - zones: zones, - tcpClient: &dns.Client{Net: "tcp"}, - udpClient: &dns.Client{Net: "udp"}, - nameservers: nameservers, - hostsFile: hostsFile, + zones: zones, + tcpClient: &dns.Client{Net: "tcp"}, + udpClient: &dns.Client{Net: "udp"}, + dnsConfig: dnsConfig, + hostsFile: hostsFile, }, nil - } func (h *dnsHandler) handle(w dns.ResponseWriter, dnsClient *dns.Client, r *dns.Msg, responseMessageSize int) { @@ -145,7 +143,7 @@ func (h *dnsHandler) addAnswers(dnsClient *dns.Client, r *dns.Msg) *dns.Msg { return m } } - for _, nameserver := range h.nameservers { + for _, nameserver := range h.dnsConfig.Nameservers() { msg := r.Copy() r, _, err := dnsClient.Exchange(msg, nameserver) // return first good answer diff --git a/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns_config.go b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns_config.go new file mode 100644 index 0000000000..1abdfe0c2f --- /dev/null +++ b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns_config.go @@ -0,0 +1,24 @@ +package dns + +import "sync" + +type dnsConfig struct { + mu sync.RWMutex + nameservers []string +} + +func newDNSConfig() (*dnsConfig, error) { + r := &dnsConfig{nameservers: []string{}} + if err := r.init(); err != nil { + return nil, err + } + + return r, nil +} + +func (r *dnsConfig) Nameservers() []string { + r.mu.RLock() + defer r.mu.RUnlock() + + return r.nameservers +} diff --git a/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns_config_unix.go b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns_config_unix.go index ef66be3942..c1e90487ac 100644 --- a/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns_config_unix.go +++ b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns_config_unix.go @@ -3,22 +3,54 @@ package dns import ( - "errors" "net" "net/netip" + "github.com/containers/gvisor-tap-vsock/pkg/utils" "github.com/miekg/dns" log "github.com/sirupsen/logrus" ) -var errEmptyResolvConf = errors.New("no DNS servers configured in /etc/resolv.conf") +func (r *dnsConfig) init() error { + if err := r.refreshNameservers(); err != nil { + return err + } + + w, err := utils.NewFileWatcher(etcResolvConfPath) + if err != nil { + return err + } + + if err := w.Start(func() { _ = r.refreshNameservers() }); err != nil { + return err + } + + return nil +} -func getDNSHostAndPort() ([]string, error) { - conf, err := dns.ClientConfigFromFile("/etc/resolv.conf") +func (r *dnsConfig) refreshNameservers() error { + nsList, err := getDNSHostAndPort(etcResolvConfPath) + if err != nil { + log.Errorf("can't load dns nameservers: %v", err) + return err + } + + log.Infof("reloading dns nameservers to %v", nsList) + + r.mu.Lock() + r.nameservers = nsList + r.mu.Unlock() + return nil +} + +const etcResolvConfPath = "/etc/resolv.conf" + +func getDNSHostAndPort(path string) ([]string, error) { + conf, err := dns.ClientConfigFromFile(path) if err != nil { return []string{}, err } - var hosts = make([]string, len(conf.Servers)) + hosts := make([]string, 0, len(conf.Servers)) for _, server := range conf.Servers { dnsIP, err := netip.ParseAddr(server) if err != nil { @@ -31,8 +63,5 @@ func getDNSHostAndPort() ([]string, error) { } } - if len(hosts) == 0 { - return []string{}, errEmptyResolvConf - } return hosts, nil } diff --git a/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns_config_windows.go b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns_config_windows.go index 5f1166d137..431727dfc5 100644 --- a/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns_config_windows.go +++ b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/dns_config_windows.go @@ -9,6 +9,16 @@ import ( qdmDns "github.com/qdm12/dns/v2/pkg/nameserver" ) +func (r *dnsConfig) init() error { + nsList, err := getDNSHostAndPort() + if err != nil { + return err + } + + r.nameservers = nsList + return nil +} + func getDNSHostAndPort() ([]string, error) { nameservers := qdmDns.GetDNSServers() @@ -21,5 +31,4 @@ func getDNSHostAndPort() ([]string, error) { } return dnsServers, nil - } diff --git a/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/hosts_file.go b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/hosts_file.go index d8d8c7d8ae..106129ee4e 100644 --- a/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/hosts_file.go +++ b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/dns/hosts_file.go @@ -2,11 +2,10 @@ package dns import ( "net" - "path/filepath" "sync" "github.com/areYouLazy/libhosty" - "github.com/fsnotify/fsnotify" + "github.com/containers/gvisor-tap-vsock/pkg/utils" log "github.com/sirupsen/logrus" ) @@ -23,48 +22,31 @@ func NewHostsFile(hostsPath string) (*HostsFile, error) { if err != nil { return nil, err } - watcher, err := fsnotify.NewWatcher() - if err != nil { - return nil, err - } h := &HostsFile{ hostsFile: hostsFile, hostsFilePath: hostsFile.Config.FilePath, } - go func() { - h.startWatch(watcher) - }() + if err := h.startWatch(); err != nil { + return nil, err + } + return h, nil } -func (h *HostsFile) startWatch(w *fsnotify.Watcher) { - err := w.Add(filepath.Dir(h.hostsFilePath)) - +func (h *HostsFile) startWatch() error { + watcher, err := utils.NewFileWatcher(h.hostsFilePath) if err != nil { - log.Errorf("Hosts file adding watcher error:%s", err) - return + log.Errorf("Hosts file adding watcher error: %s", err) + return err } - for { - select { - case err, ok := <-w.Errors: - if !ok { - return - } - log.Errorf("Hosts file watcher error:%s", err) - case event, ok := <-w.Events: - if !ok { - return - } - if event.Name == h.hostsFilePath && event.Op&fsnotify.Write == fsnotify.Write { - err := h.updateHostsFile() - if err != nil { - log.Errorf("Hosts file read error:%s", err) - return - } - } - } + + if err := watcher.Start(h.updateHostsFile); err != nil { + log.Errorf("Hosts file adding watcher error: %s", err) + return err } + + return nil } func (h *HostsFile) LookupByHostname(name string) (net.IP, error) { @@ -75,17 +57,17 @@ func (h *HostsFile) LookupByHostname(name string) (net.IP, error) { return ip, err } -func (h *HostsFile) updateHostsFile() error { +func (h *HostsFile) updateHostsFile() { newHosts, err := readHostsFile(h.hostsFilePath) if err != nil { - return err + log.Errorf("Hosts file read error:%s", err) + return } h.hostsReadLock.Lock() defer h.hostsReadLock.Unlock() h.hostsFile = newHosts - return nil } func readHostsFile(hostsFilePath string) (*libhosty.HostsFile, error) { diff --git a/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/forwarder/ports.go b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/forwarder/ports.go index a99af460a9..a1de540132 100644 --- a/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/forwarder/ports.go +++ b/vendor/github.com/containers/gvisor-tap-vsock/pkg/services/forwarder/ports.go @@ -25,11 +25,13 @@ import ( "gvisor.dev/gvisor/pkg/tcpip/stack" ) +type ProxyKey string + type PortsForwarder struct { stack *stack.Stack proxiesLock sync.Mutex - proxies map[string]proxy + proxies map[ProxyKey]proxy } type proxy struct { @@ -61,14 +63,14 @@ func (w CloseWrapper) Close() error { func NewPortsForwarder(s *stack.Stack) *PortsForwarder { return &PortsForwarder{ stack: s, - proxies: make(map[string]proxy), + proxies: make(map[ProxyKey]proxy), } } func (f *PortsForwarder) Expose(protocol types.TransportProtocol, local, remote string) error { f.proxiesLock.Lock() defer f.proxiesLock.Unlock() - if _, ok := f.proxies[local]; ok { + if _, ok := f.proxies[key(protocol, local)]; ok { return errors.New("proxy already running") } @@ -256,8 +258,8 @@ func (f *PortsForwarder) Expose(protocol types.TransportProtocol, local, remote return nil } -func key(protocol types.TransportProtocol, local string) string { - return fmt.Sprintf("%s/%s", protocol, local) +func key(protocol types.TransportProtocol, local string) ProxyKey { + return ProxyKey(fmt.Sprintf("%s/%s", protocol, local)) } func (f *PortsForwarder) Unexpose(protocol types.TransportProtocol, local string) error { diff --git a/vendor/github.com/containers/gvisor-tap-vsock/pkg/utils/filewatcher.go b/vendor/github.com/containers/gvisor-tap-vsock/pkg/utils/filewatcher.go new file mode 100644 index 0000000000..0993d38ed7 --- /dev/null +++ b/vendor/github.com/containers/gvisor-tap-vsock/pkg/utils/filewatcher.go @@ -0,0 +1,84 @@ +package utils + +import ( + "fmt" + "path/filepath" + "time" + + "github.com/fsnotify/fsnotify" +) + +// FileWatcher is an utility that +type FileWatcher struct { + w *fsnotify.Watcher + path string + + writeGracePeriod time.Duration + timer *time.Timer +} + +func NewFileWatcher(path string) (*FileWatcher, error) { + watcher, err := fsnotify.NewWatcher() + if err != nil { + return nil, err + } + + return &FileWatcher{w: watcher, path: path, writeGracePeriod: 200 * time.Millisecond}, nil +} + +func (fw *FileWatcher) Start(changeHandler func()) error { + // Ensure that the target that we're watching is not a symlink as we won't get any events when we're watching + // a symlink. + fileRealPath, err := filepath.EvalSymlinks(fw.path) + if err != nil { + return fmt.Errorf("adding watcher failed: %s", err) + } + + // watch the directory instead of the individual file to ensure the notification still works when the file is modified + // through moving/renaming rather than writing into it directly (like what most modern editor does by default). + // ref: https://github.com/fsnotify/fsnotify/blob/a9bc2e01792f868516acf80817f7d7d7b3315409/README.md#watching-a-file-doesnt-work-well + if err = fw.w.Add(filepath.Dir(fileRealPath)); err != nil { + return fmt.Errorf("adding watcher failed: %s", err) + } + + go func() { + for { + select { + case _, ok := <-fw.w.Errors: + if !ok { + return // watcher is closed. + } + case event, ok := <-fw.w.Events: + if !ok { + return // watcher is closed. + } + + if event.Name != fileRealPath { + continue // we don't care about this file. + } + + // Create may not always followed by Write e.g. when we replace the file with mv. + if event.Op.Has(fsnotify.Create) || event.Op.Has(fsnotify.Write) { + // as per the documentation, receiving Write does not mean that the write is finished. + // we try our best here to ignore "unfinished" write by assuming that after [writeGracePeriod] of + // inactivity the write has been finished. + fw.debounce(changeHandler) + } + } + } + }() + + return nil +} + +func (fw *FileWatcher) debounce(fn func()) { + if fw.timer != nil { + fw.timer.Stop() + } + + fw.timer = time.AfterFunc(fw.writeGracePeriod, fn) +} + +func (fw *FileWatcher) Stop() error { + return fw.w.Close() +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 875da09a9f..cbc84e0a82 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -92,7 +92,7 @@ github.com/cloudflare/circl/sign/ed448 # github.com/containers/common v0.60.4 ## explicit; go 1.21.0 github.com/containers/common/pkg/strongunits -# github.com/containers/gvisor-tap-vsock v0.8.1 +# github.com/containers/gvisor-tap-vsock v0.8.2 ## explicit; go 1.22.0 github.com/containers/gvisor-tap-vsock/pkg/client github.com/containers/gvisor-tap-vsock/pkg/fs