[management, client] Add IPv6 overlay support (#5631)

client/internal/dns/upstream_ios.go

@@ -19,9 +19,7 @@ import (
 
 type upstreamResolverIOS struct {
 	*upstreamResolverBase
-	lIP           netip.Addr
-	lNet          netip.Prefix
-	interfaceName string
+	wgIface WGIface
 }
 
 func newUpstreamResolver(
@@ -35,9 +33,7 @@ func newUpstreamResolver(
 
 	ios := &upstreamResolverIOS{
 		upstreamResolverBase: upstreamResolverBase,
-		lIP:                  wgIface.Address().IP,
-		lNet:                 wgIface.Address().Network,
-		interfaceName:        wgIface.Name(),
+		wgIface:              wgIface,
 	}
 	ios.upstreamClient = ios
 
@@ -65,11 +61,13 @@ func (u *upstreamResolverIOS) exchange(ctx context.Context, upstream string, r *
 	} else {
 		upstreamIP = upstreamIP.Unmap()
 	}
-	needsPrivate := u.lNet.Contains(upstreamIP) ||
+	addr := u.wgIface.Address()
+	needsPrivate := addr.Network.Contains(upstreamIP) ||
+		addr.IPv6Net.Contains(upstreamIP) ||
 		(u.routeMatch != nil && u.routeMatch(upstreamIP))
 	if needsPrivate {
 		log.Debugf("using private client to query %s via upstream %s", r.Question[0].Name, upstream)
-		client, err = GetClientPrivate(u.lIP, u.interfaceName, timeout)
+		client, err = GetClientPrivate(u.wgIface, upstreamIP, timeout)
 		if err != nil {
 			return nil, 0, fmt.Errorf("create private client: %s", err)
 		}
@@ -79,25 +77,33 @@ func (u *upstreamResolverIOS) exchange(ctx context.Context, upstream string, r *
 	return ExchangeWithFallback(nil, client, r, upstream)
 }
 
-// GetClientPrivate returns a new DNS client bound to the local IP address of the Netbird interface
-// This method is needed for iOS
-func GetClientPrivate(ip netip.Addr, interfaceName string, dialTimeout time.Duration) (*dns.Client, error) {
-	index, err := getInterfaceIndex(interfaceName)
+// GetClientPrivate returns a new DNS client bound to the local IP of the Netbird interface.
+// It selects the v6 bind address when the upstream is IPv6 and the interface has one, otherwise v4.
+func GetClientPrivate(iface privateClientIface, upstreamIP netip.Addr, dialTimeout time.Duration) (*dns.Client, error) {
+	index, err := getInterfaceIndex(iface.Name())
 	if err != nil {
-		log.Debugf("unable to get interface index for %s: %s", interfaceName, err)
+		log.Debugf("unable to get interface index for %s: %s", iface.Name(), err)
 		return nil, err
 	}
 
+	addr := iface.Address()
+	bindIP := addr.IP
+	if upstreamIP.Is6() && addr.HasIPv6() {
+		bindIP = addr.IPv6
+	}
+
+	proto, opt := unix.IPPROTO_IP, unix.IP_BOUND_IF
+	if bindIP.Is6() {
+		proto, opt = unix.IPPROTO_IPV6, unix.IPV6_BOUND_IF
+	}
+
 	dialer := &net.Dialer{
-		LocalAddr: &net.UDPAddr{
-			IP:   ip.AsSlice(),
-			Port: 0, // Let the OS pick a free port
-		},
-		Timeout: dialTimeout,
+		LocalAddr: net.UDPAddrFromAddrPort(netip.AddrPortFrom(bindIP, 0)),
+		Timeout:   dialTimeout,
 		Control: func(network, address string, c syscall.RawConn) error {
 			var operr error
 			fn := func(s uintptr) {
-				operr = unix.SetsockoptInt(int(s), unix.IPPROTO_IP, unix.IP_BOUND_IF, index)
+				operr = unix.SetsockoptInt(int(s), proto, opt, index)
 			}
 
 			if err := c.Control(fn); err != nil {