From 74d5f34b0a2e9eff1ccbde36f27120def460ccc1 Mon Sep 17 00:00:00 2001
From: Joan Bruguera <joanbrugueram@gmail.com>
Date: Sun, 12 Feb 2023 20:06:08 +0000
Subject: [PATCH] resolved: Fall back to TCP if UDP is blocked

If UDP is blocked on the system (e.g. by iptables or BPF), the kernel will
return EPERM on some or all of the system calls (connect, sendmsg, etc.).
In this case, try to fall back to TCP, which hopefully will not be blocked.

(cherry picked from commit 3dd6336ad0cb40e928745404ed72c41e4ac9c39e)
(cherry picked from commit a88e35bf953f5a0047d5170d0d0e2d372b2280ae)
(cherry picked from commit 58cbb7a89b1b66be8b593eec29a6413d5ecdb780)
(cherry picked from commit 5f6a369a6a680051872a94e97a3420187901301c)
---
 src/resolve/resolved-dns-transaction.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 3010548872..9438eb44c2 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -2029,7 +2029,9 @@ int dns_transaction_go(DnsTransaction *t) {
                         log_debug("Sending query via TCP since it is too large.");
                 else if (r == -EAGAIN)
                         log_debug("Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.");
-                if (IN_SET(r, -EMSGSIZE, -EAGAIN))
+                else if (r == -EPERM)
+                        log_debug("Sending query via TCP since UDP is blocked.");
+                if (IN_SET(r, -EMSGSIZE, -EAGAIN, -EPERM))
                         r = dns_transaction_emit_tcp(t);
         }
         if (r == -ELOOP) {