Fix macos dns issues with proxy#19
Draft
tylerpayne wants to merge 11 commits into
Draft
Conversation
On macOS, libslirp forwards guest DNS to a single libresolv-picked resolver and ignores the system's scoped/VPN/split-DNS resolvers, so guest DNS fails (often entirely) under a VPN. This bundles a patched libslirp that redirects guest DNS to $QUICKSAND_DNS_PROXY, plus a host-side proxy that resolves via the OS resolver (getaddrinfo), which honors scoped/VPN/split-DNS. Auto-enabled on macOS hosts with network_mode=FULL. - quicksand-core: HostDnsProxy module, lifecycle wiring, host_dns_proxy config, dnslib (macOS-only) dependency, unit tests. - quicksand-qemu: build hook compiles patched libslirp 4.9.3 (patches/) into the bundled dylib, with a SONAME guard. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
quicksand-core's dnslib dep is macOS-only at runtime; CI type-checks on Linux where it wasn't installed, so 'ty check' failed on the dnslib imports. Add it to the dev dependency group (not a published runtime dep) so the type checker resolves it everywhere. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
'source .venv/bin/activate' is Unix-only and fails on the Windows runner (PowerShell, and uv puts the activate script under .venv/Scripts). Use 'uv run --no-sync' so the build command runs in the synced venv on all platforms. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
quicksand-qemu: 0.5.11a1.dev0 quicksand-core: 0.11.14a1.dev0
The host DNS proxy used dnslib's default logger, which prints every request/reply to stdout at all times. Route it to logger.debug so the per-query chatter is suppressed at the default log level. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
quicksand-core: 0.11.14a2.dev0
The per-request/reply chatter surfaced even at DEBUG once a guest did any DNS. Disable the request/reply/truncated hooks entirely and keep only error logging routed to our logger at DEBUG. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.