From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 18 Oct 2024 07:14:27 +0000 (+0200)
Subject: socket-default: Always open IPv4 sockets before IPv6 sockets
X-Git-Tag: 6.0.0rc1~35
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c87aae300a4c687af20cf7f08b6441f31ea4d552;p=thirdparty%2Fstrongswan.git

socket-default: Always open IPv4 sockets before IPv6 sockets

Since we now open sockets for each address family independently (via
IPV6_V6ONLY) and without SO_REUSEADDR, it could happen with the previous
order on Linux that opening the port that was allocated as ephemeral
port for IPv6 was already used by a different process for IPv4.

Most IPv6 sockets on ephemeral ports will not have IPV6_V6ONLY set, so
the same port is also reserved for IPv4.  Therefore, it's save to assume
that any ephemeral port we first get for IPv4 is free for IPv6.

References strongswan/strongswan#2494
---

diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index 5f25684950..a34bf81a25 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -900,16 +900,8 @@ socket_default_socket_t *socket_default_socket_create()
 		}
 	}
 
-	/* we allocate IPv6 sockets first as that will reserve randomly allocated
-	 * ports also for IPv4. On OS X, we have to do it the other way round
-	 * for the same effect. */
-#ifdef __APPLE__
 	open_socketpair(this, AF_INET, &this->ipv4, &this->ipv4_natt, "IPv4");
 	open_socketpair(this, AF_INET6, &this->ipv6, &this->ipv6_natt, "IPv6");
-#else /* !__APPLE__ */
-	open_socketpair(this, AF_INET6, &this->ipv6, &this->ipv6_natt, "IPv6");
-	open_socketpair(this, AF_INET, &this->ipv4, &this->ipv4_natt, "IPv4");
-#endif /* __APPLE__ */
 
 	if (this->ipv4 == -1 && this->ipv6 == -1)
 	{