parse-nm: add a workaround for the DoT DNS option

Netplan doesn't support DNS options such as SNI. When we parse a nameserver entry with the SNI server name, example: 1.2.3.4#name.domain, the string is added to the list of nameservers without proper parsing/validation. This is a workaround for LP: #2055148.
canonical · Mar 27, 2024 · 2c9f3da · 2c9f3da
1 parent 957f4e8
commit 2c9f3da
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/src/parse-nm.c b/src/parse-nm.c
@@ -348,6 +348,21 @@ parse_nameservers(GKeyFile* kf, const gchar* group, GArray** nameserver_arr)
     g_assert(nameserver_arr);
     gchar **split = g_key_file_get_string_list(kf, group, "dns", NULL, NULL);
     if (split) {
+
+        /* Workaround for LP: #2055148
+         * When an SNI server name is appended to the DNS server IP address,
+         * for example: 1.2.3.4#example.com, we skip the parsing and keep the configuration
+         * in the passthrough section by checking if the string is a valid IP address.
+         * TODO: implement proper DNS options for both NM and ND and drop this
+         * workaround.
+         */
+        for (unsigned i = 0; split[i]; ++i) {
+            if (!is_ip4_address(split[i]) && !is_ip6_address(split[i])) {
+                g_strfreev(split);
+                return;
+            }
+        }
+
         if (!*nameserver_arr)
             *nameserver_arr = g_array_new(FALSE, FALSE, sizeof(char*));
         for(unsigned i = 0; split[i]; ++i) {

diff --git a/tests/parser/test_keyfile.py b/tests/parser/test_keyfile.py
@@ -2355,3 +2355,42 @@ def test_vrf_without_table_should_fail(self):
 method=link-local\n'''.format(UUID), expect_fail=True)
 
         self.assertIn('missing \'table\' property', out)
+
+    def test_nameserver_with_DoT_lp2055148(self):
+        self.generate_from_keyfile('''[connection]
+id=ethernet-eth123
+uuid={}
+type=ethernet
+interface-name=eth123
+
+[ethernet]
+
+[ipv4]
+dns=8.8.8.8;1.1.1.1#lxd;192.168.0.1#domain.local;
+method=auto
+
+[ipv6]
+addr-gen-mode=default
+method=auto
+
+[proxy]\n'''.format(UUID))
+        self.assert_netplan({UUID: '''network:
+  version: 2
+  ethernets:
+    NM-{}:
+      renderer: NetworkManager
+      match:
+        name: "eth123"
+      dhcp4: true
+      dhcp6: true
+      wakeonlan: true
+      networkmanager:
+        uuid: "{}"
+        name: "ethernet-eth123"
+        passthrough:
+          ethernet._: ""
+          ipv4.dns: "8.8.8.8;1.1.1.1#lxd;192.168.0.1#domain.local;"
+          ipv6.addr-gen-mode: "default"
+          ipv6.ip6-privacy: "-1"
+          proxy._: ""
+'''.format(UUID, UUID)})