bridge: bind ip for aardvark-dns in unmanaged mode if gateway ip is not on the host

shivkr6 · shivkr6 · commit c98368dc1206 · 2025-08-11T11:26:20.000+05:30
Signed-off-by: Shivang K Raghuvanshi &lt;shivangraghuvanshi2005@gmail.com&gt;
diff --git a/src/network/bridge.rs b/src/network/bridge.rs
@@ -10,6 +10,7 @@ use netlink_packet_route::link::{
 use crate::dns::aardvark::SafeString;
 use crate::network::core_utils::get_default_route_interface;
 use crate::network::dhcp::{dhcp_teardown, get_dhcp_lease};
+use crate::network::netlink::LinkID;
 use crate::{
     dns::aardvark::AardvarkEntry,
     error::{ErrorWrap, NetavarkError, NetavarkErrorList, NetavarkResult},
@@ -252,18 +253,36 @@ impl driver::NetworkDriver for Bridge<'_> {
                 }
             }
 
-            let gw = data
-                .ipam
-                .gateway_addresses
-                .iter()
-                .map(|ipnet| ipnet.addr())
-                .collect();
+            // Fixes #1177: In unmanaged mode, the gateway IP may not be on the host.
+            // We need to find an IP on the bridge itself for aardvark-dns to bind to.
+            let bind_addr: Vec<IpAddr> = if data.mode == BridgeMode::Unmanaged {
+                let addresses = host_sock
+                    .dump_addresses(Some(LinkID::Name(data.bridge_interface_name.clone())))?;
+                let mut bind_addr = Vec::with_capacity(addresses.len());
+                for addr_msg in addresses {
+                    for attr in addr_msg.attributes {
+                        if let netlink_packet_route::address::AddressAttribute::Address(ip) = attr {
+                            bind_addr.push(ip);
+                        }
+                    }
+                }
+                if bind_addr.is_empty() {
+                    return Err(NetavarkError::msg(format!("bridge '{}' in unmanaged mode has no IP addresses, but aardvark-dns requires at least one address to bind to. Please add an IP address or disable DNS for this network (--disable-dns).", data.bridge_interface_name)));
+                }
+                bind_addr
+            } else {
+                data.ipam
+                    .gateway_addresses
+                    .iter()
+                    .map(|ipnet| ipnet.addr())
+                    .collect()
+            };
 
             match self.info.container_id.as_str().try_into() {
                 Ok(id) => Some(AardvarkEntry {
                     network_name: &self.info.network.name,
                     container_id: id,
-                    network_gateways: gw,
+                    network_gateways: bind_addr,
                     network_dns_servers: &self.info.network.network_dns_servers,
                     container_ips_v4: ipv4,
                     container_ips_v6: ipv6,
