diff options
| author | Joakim Hulthe <joakim.hulthe@mullvad.net> | 2025-08-08 20:10:54 +0200 |
|---|---|---|
| committer | Joakim Hulthe <joakim.hulthe@mullvad.net> | 2025-08-25 17:55:00 +0200 |
| commit | a087decbd8ccc26224d57f4d0132089f95ad2822 (patch) | |
| tree | 520719663921a3175c49a60e168c39323aec8e54 | |
| parent | 5621df99a0f357262fef6fe886b2fbf956f668ad (diff) | |
| download | mullvadvpn-a087decbd8ccc26224d57f4d0132089f95ad2822.tar.xz mullvadvpn-a087decbd8ccc26224d57f4d0132089f95ad2822.zip | |
Do not bind DNS resolver to special loopback addrs
Make sure we don't use 127.255.255.255/8 for the local DNS resolver,
as that is a broadcast address.
| -rw-r--r-- | Cargo.lock | 2 | ||||
| -rw-r--r-- | talpid-core/Cargo.toml | 2 | ||||
| -rw-r--r-- | talpid-core/src/resolver.rs | 15 |
3 files changed, 12 insertions, 7 deletions
diff --git a/Cargo.lock b/Cargo.lock index fcd51672f7..10bb02092d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5340,7 +5340,7 @@ dependencies = [ "pcap", "pfctl", "pnet_packet 0.35.0", - "rand 0.8.5", + "rand 0.9.0", "resolv-conf", "serde", "serde_json", diff --git a/talpid-core/Cargo.toml b/talpid-core/Cargo.toml index 5ae9b7870a..d771bb23a6 100644 --- a/talpid-core/Cargo.toml +++ b/talpid-core/Cargo.toml @@ -21,7 +21,7 @@ ipnetwork = { workspace = true } libc = "0.2" log = { workspace = true } parking_lot = "0.12.0" -rand = "0.8.5" +rand = "0.9.0" talpid-routing = { path = "../talpid-routing" } talpid-tunnel = { path = "../talpid-tunnel" } talpid-tunnel-config-client = { path = "../talpid-tunnel-config-client" } diff --git a/talpid-core/src/resolver.rs b/talpid-core/src/resolver.rs index 0f7bbb3b2f..2fb61fb35d 100644 --- a/talpid-core/src/resolver.rs +++ b/talpid-core/src/resolver.rs @@ -40,7 +40,7 @@ use hickory_server::{ }, server::{Request, RequestHandler, ResponseHandler, ResponseInfo}, }; -use rand::random; +use rand::random_range; use socket2::{Domain, Protocol, Socket, Type}; use std::sync::LazyLock; use talpid_types::drop_guard::{OnDrop, on_drop}; @@ -379,9 +379,9 @@ impl LocalResolver { /// Create a new [net::UdpSocket] bound to port 53 on loopback. /// /// This socket will try to bind to the following IPs in sequential order: - /// - random ip in the range 127.1-255.0-255.0-255 : 53 - /// - random ip in the range 127.1-255.0-255.0-255 : 53 - /// - random ip in the range 127.1-255.0-255.0-255 : 53 + /// - random ip in the range 127.1-255.0-255.1-254 : 53 + /// - random ip in the range 127.1-255.0-255.1-254 : 53 + /// - random ip in the range 127.1-255.0-255.1-254 : 53 /// - 127.0.0.1 : 53 /// /// We do this to try and avoid collisions with other DNS servers running on the same system. @@ -397,7 +397,12 @@ impl LocalResolver { use std::net::Ipv4Addr; let random_loopback = || async move { - let addr = Ipv4Addr::new(127, 1u8.max(random()), random(), random()); + let addr = Ipv4Addr::new( + 127, + random_range(1..=255), + random_range(0..=255), + random_range(1..=254), + ); // TODO: this command requires root privileges and will thus not work in `cargo test`. // This means that the tests will fall back to 127.0.0.1, and will not assert that the |