From: Willy Tarreau Date: Sat, 31 Mar 2012 17:53:37 +0000 (+0200) Subject: BUG/MEDIUM: balance source did not properly hash IPv6 addresses X-Git-Tag: v1.5-dev9~125 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5dd7fa1f6b8eec57bff8ff4630afd7eb3e837b5e;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: balance source did not properly hash IPv6 addresses The hash of IPv6 addresses was not properly aligned and resulted in the last quarter of the address not being hashed. In practice, this is rarely detected since MAC addresses are used in the second half. But this becomes very visible with IPv6-mapped IPv4 addresses such as ::FFFF:1.2.3.4 where the IPv4 part is never hashed. This bug has been there forever, since introduction of "balance source" in v1.2.11. The fix must then be backported to all stable versions. Thanks to Alex Markham for reporting this issue to the list ! --- diff --git a/src/backend.c b/src/backend.c index 39ee58bce7..f6e2d731ba 100644 --- a/src/backend.c +++ b/src/backend.c @@ -497,7 +497,6 @@ int assign_server(struct session *s) clear_target(&s->target); if (s->be->lbprm.algo & BE_LB_KIND) { - int len; /* we must check if we have at least one server available */ if (!s->be->lbprm.tot_weight) { err = SRV_STATUS_NOSRV; @@ -538,19 +537,21 @@ int assign_server(struct session *s) switch (s->be->lbprm.algo & BE_LB_PARM) { case BE_LB_HASH_SRC: - if (s->req->prod->addr.from.ss_family == AF_INET) - len = 4; - else if (s->req->prod->addr.from.ss_family == AF_INET6) - len = 16; + if (s->req->prod->addr.from.ss_family == AF_INET) { + srv = get_server_sh(s->be, + (void *)&((struct sockaddr_in *)&s->req->prod->addr.from)->sin_addr, + 4); + } + else if (s->req->prod->addr.from.ss_family == AF_INET6) { + srv = get_server_sh(s->be, + (void *)&((struct sockaddr_in6 *)&s->req->prod->addr.from)->sin6_addr, + 16); + } else { /* unknown IP family */ err = SRV_STATUS_INTERNAL; goto out; } - - srv = get_server_sh(s->be, - (void *)&((struct sockaddr_in *)&s->req->prod->addr.from)->sin_addr, - len); break; case BE_LB_HASH_URI: