From: Amaury Denoyelle Date: Fri, 16 Feb 2024 14:40:06 +0000 (+0100) Subject: MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support X-Git-Tag: v3.0-dev4~24 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9b806550b79f7b8ec1f1e11a74472a6fa3379162;p=thirdparty%2Fhaproxy.git MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support Binding on multiple addresses for QUIC is safe only if IP_PKTINFO or equivalent is available. Else, the behavior may be undefined as the system is responsible to choose the network interface and source address on response. This commit adds a warning on boot if no or partial support for IP_PKTINFO or equivalent is detected and configuration contains UDP binding on multiple addresses. This should be backported up to 2.6. Special backport recommdations : * change ha_warning() to ha_diag_warning() to ensure no spurrious warnings will be triggered on stable releases * IP_PKTINFO usage was introduced on 2.7. For 2.6, multiple addresses QUIC binding is always unreliable. As such, preprocessor condition must simply be removed so that the warning is always active regarding of the system. Warning message should also be truncated to suppress IP_PKTINFO reference. --- diff --git a/src/listener.c b/src/listener.c index 86d0945daf..37d897a1da 100644 --- a/src/listener.c +++ b/src/listener.c @@ -2195,6 +2195,9 @@ int bind_parse_args_list(struct bind_conf *bind_conf, char **args, int cur_arg, */ if ((bind_conf->options & (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) == (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) { #ifdef USE_QUIC + struct listener *l __maybe_unused; + int listener_count __maybe_unused = 0; + bind_conf->xprt = xprt_get(XPRT_QUIC); if (!(bind_conf->options & BC_O_USE_SSL)) { bind_conf->options |= BC_O_USE_SSL; @@ -2202,6 +2205,17 @@ int bind_parse_args_list(struct bind_conf *bind_conf, char **args, int cur_arg, file, linenum, args[0], args[1], section); } quic_transport_params_init(&bind_conf->quic_params, 1); + +#if (!defined(IP_PKTINFO) && !defined(IP_RECVDSTADDR)) || !defined(IPV6_RECVPKTINFO) + list_for_each_entry(l, &bind_conf->listeners, by_bind) { + if (++listener_count > 1 || !is_inet_addr(&l->rx.addr)) { + ha_warning("parsing [%s:%d] : '%s %s' in section '%s' : UDP binding on multiple addresses without IP_PKTINFO or equivalent support may be unreliable.\n", + file, linenum, args[0], args[1], section); + break; + } + } +#endif /* (!IP_PKTINFO && !IP_RECVDSTADDR) || !IPV6_RECVPKTINFO */ + #else ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : QUIC protocol selected but support not compiled in (check build options).\n", file, linenum, args[0], args[1], section);