Skip to content

Enable DNS tunneling for VirtioProxy networking mode#14461

Merged
benhillis merged 1 commit intomasterfrom
user/benhill/virtioproxy_dns_tunneling
Mar 18, 2026
Merged

Enable DNS tunneling for VirtioProxy networking mode#14461
benhillis merged 1 commit intomasterfrom
user/benhill/virtioproxy_dns_tunneling

Conversation

@benhillis
Copy link
Member

@benhillis benhillis commented Mar 17, 2026

This change lights up the wsldevicehost version of DNS tunneling. This uses a different mechanism than that dnstunneling approach for NAT and Mirrored networking modes which run a resolver inside the guest and send DNS queries over hvsocket to the host. For virtioproxy, /etc/resolv.conf is directed to the gateway address, and then intercepted in consomme where the same DNS tunneling APIs are used. For more information see the openvmm changes where this support was added:
microsoft/openvmm#2633
microsoft/openvmm#2807

  • Allow VirtioProxy to keep EnableDnsTunneling=true in config, but clear socket-specific options (BestEffortDnsParsing, DnsTunnelingIpAddress)
  • Suppress dedicated DNS tunneling hvsocket for VirtioProxy; tunneling is handled through the VirtioNetworking device host instead
  • Set DnsTunneling flag on VirtioNetworkingFlags so the device host knows to tunnel DNS
  • Expand SWIOTLB kernel cmdline to cover VirtioFs and VirtioProxy
  • Add VirtioProxy DNS test coverage for tunneling on/off
  • Skip GuestPortIsReleasedV6 on Windows 10

Enable DNS tunneling for VirtioProxy networking mode
db1118a 
- Allow VirtioProxy to keep EnableDnsTunneling=true in config, but clear
  socket-specific options (BestEffortDnsParsing, DnsTunnelingIpAddress)
- Suppress dedicated DNS tunneling hvsocket for VirtioProxy; tunneling
  is handled through the VirtioNetworking device host instead
- Set DnsTunneling flag on VirtioNetworkingFlags so the device host
  knows to tunnel DNS
- Expand SWIOTLB kernel cmdline to cover VirtioFs and VirtioProxy
- Bump DeviceHost package to 1.1.39-0
- Add VirtioProxy DNS test coverage for tunneling on/off
- Skip GuestPortIsReleasedV6 on Windows 10
@benhillis benhillis requested a review from damanm24 March 17, 2026 18:23
@benhillis benhillis requested a review from a team as a code owner March 17, 2026 18:23
Copilot AI reviewed Mar 17, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Enable DNS tunneling support for VirtioProxy by moving tunneling responsibility to the VirtioNetworking device host (instead of a dedicated DNS hvsocket), while expanding related kernel configuration and test coverage.

Changes:

  • Disable dedicated DNS tunneling hvsocket path for VirtioProxy and signal tunneling via VirtioNetworking flags.
  • Adjust config validation to allow EnableDnsTunneling in VirtioProxy while clearing socket-specific tunneling options.
  • Expand SWIOTLB enablement to cover more virtio features and add VirtioProxy DNS tunneling on/off tests (plus Windows 11 gating for one IPv6 port-release test).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 12 comments.

File Description
test/windows/NetworkTests.cpp Adds a shared IPv6 dig helper and expands VirtioProxy DNS tests to cover tunneling enabled/disabled; gates one test to Windows 11.
src/windows/service/exe/WslCoreVm.cpp Suppresses DNS hvsocket for VirtioProxy, sets VirtioNetworking DNS tunneling flag, and broadens SWIOTLB enablement.
src/windows/common/WslCoreConfig.cpp Updates config validation to permit DNS tunneling in VirtioProxy while forcing socket-specific DNS tunneling options off.
packages.config Updates Microsoft.WSL.DeviceHost dependency version to pick up VirtioProxy DNS tunneling support.

You can also share your feedback on Copilot code review. Take the survey.

benhillis
benhillis commented Mar 17, 2026
View reviewed changes
test/windows/NetworkTests.cpp
TEST_METHOD(GuestPortIsReleasedV6)
{
VIRTIOPROXY_TEST_ONLY();
WINDOWS_11_TEST_ONLY();
Copy link
Member Author

@benhillis benhillis Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated, to this PR but this test is failing on Windows 10, I will debug.

@benhillis benhillis merged commit c5fb4aa into master Mar 18, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@OneBlue OneBlue OneBlue approved these changes

@damanm24 damanm24 Awaiting requested review from damanm24

@jstarks jstarks Awaiting requested review from jstarks jstarks is a code owner automatically assigned from microsoft/wsl-maintainers

@craigloewen-msft craigloewen-msft Awaiting requested review from craigloewen-msft craigloewen-msft is a code owner automatically assigned from microsoft/wsl-maintainers

@justus-camp-microsoft justus-camp-microsoft Awaiting requested review from justus-camp-microsoft justus-camp-microsoft is a code owner automatically assigned from microsoft/wsl-maintainers

Assignees

No one assigned

Labels

network

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@benhillis @OneBlue