Explicitly enable IPV6_V6ONLY on the netmgr sockets

author Ondřej Surý <ondrej@isc.org>

Thu, 13 Jan 2022 12:24:55 +0000 (13:24 +0100)

committer Ondřej Surý <ondrej@isc.org>

Mon, 17 Jan 2022 21:16:27 +0000 (22:16 +0100)
author Ondřej Surý <ondrej@isc.org>
Thu, 13 Jan 2022 12:24:55 +0000 (13:24 +0100)
committer Ondřej Surý <ondrej@isc.org>
Mon, 17 Jan 2022 21:16:27 +0000 (22:16 +0100)
diff --git a/lib/isc/netmgr/netmgr-int.h b/lib/isc/netmgr/netmgr-int.h

index 0b93c22903d9b6ff88bd14eca33331c91b085e65..b8a49feef20fee7bef36a452ab38d8b83cc79791 100644 (file)
--- a/lib/isc/netmgr/netmgr-int.h
+++ b/lib/isc/netmgr/netmgr-int.h
@@ -1849,6 +1849,12 @@ isc__nm_socket_disable_pmtud(uv_os_sock_t fd, sa_family_t sa_family);
   * option, or setting the IP(V6)_MTU_DISCOVER socket option to IP_PMTUDISC_OMIT
   */
  
+isc_result_t
+isc__nm_socket_v6only(uv_os_sock_t fd, sa_family_t sa_family);
+/*%<
+ * Restrict the socket to sending and receiving IPv6 packets only
+ */
+
  isc_result_t
  isc__nm_socket_connectiontimeout(uv_os_sock_t fd, int timeout_ms);
  /*%<
diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c

index 0af8b1044d3e052d45a33cc6485ced5b078c1418..481cc615860a52f2b6915aec01ec55acc1c825c3 100644 (file)
--- a/lib/isc/netmgr/netmgr.c
+++ b/lib/isc/netmgr/netmgr.c
@@ -3183,6 +3183,25 @@ isc__nm_socket_disable_pmtud(uv_os_sock_t fd, sa_family_t sa_family) {
         return (ISC_R_NOTIMPLEMENTED);
  }
  
+isc_result_t
+isc__nm_socket_v6only(uv_os_sock_t fd, sa_family_t sa_family) {
+       /*
+        * Enable the IPv6-only option on IPv6 sockets
+        */
+       if (sa_family == AF_INET6) {
+#if defined(IPV6_V6ONLY)
+               if (setsockopt_on(fd, IPPROTO_IPV6, IPV6_V6ONLY) == -1) {
+                       return (ISC_R_FAILURE);
+               } else {
+                       return (ISC_R_SUCCESS);
+               }
+#else
+               UNUSED(fd);
+#endif
+       }
+       return (ISC_R_NOTIMPLEMENTED);
+}
+
  isc_result_t
  isc_nm_checkaddr(const isc_sockaddr_t *addr, isc_socktype_t type) {
         int proto, pf, addrlen, fd, r;
diff --git a/lib/isc/netmgr/tcp.c b/lib/isc/netmgr/tcp.c

index 2a600c143009f5303737fadd3d07769e0e959ffd..d97c2b486c66d5594edbb48769780c3d9fb74a4c 100644 (file)
--- a/lib/isc/netmgr/tcp.c
+++ b/lib/isc/netmgr/tcp.c
@@ -367,6 +367,7 @@ isc__nm_tcp_lb_socket(sa_family_t sa_family) {
         RUNTIME_CHECK(result == ISC_R_SUCCESS);
  
         (void)isc__nm_socket_incoming_cpu(sock);
+       (void)isc__nm_socket_v6only(sock, sa_family);
  
         /* FIXME: set mss */
  
diff --git a/lib/isc/netmgr/tcpdns.c b/lib/isc/netmgr/tcpdns.c

index 6c840634f409097a099d5592710cf6fc64a1d132..8999207e0a50fd3cafb29323c634ec8825427427 100644 (file)
--- a/lib/isc/netmgr/tcpdns.c
+++ b/lib/isc/netmgr/tcpdns.c
@@ -334,6 +334,7 @@ isc__nm_tcpdns_lb_socket(sa_family_t sa_family) {
         RUNTIME_CHECK(result == ISC_R_SUCCESS);
  
         (void)isc__nm_socket_incoming_cpu(sock);
+       (void)isc__nm_socket_v6only(sock, sa_family);
  
         /* FIXME: set mss */
  
diff --git a/lib/isc/netmgr/tlsdns.c b/lib/isc/netmgr/tlsdns.c

index 385a18aace9677257c5edc97c12a86f425a6fda9..135a854662c0a03beea0c237df046e79ff6942f9 100644 (file)
--- a/lib/isc/netmgr/tlsdns.c
+++ b/lib/isc/netmgr/tlsdns.c
@@ -401,6 +401,7 @@ isc__nm_tlsdns_lb_socket(sa_family_t sa_family) {
         RUNTIME_CHECK(result == ISC_R_SUCCESS);
  
         (void)isc__nm_socket_incoming_cpu(sock);
+       (void)isc__nm_socket_v6only(sock, sa_family);
  
         /* FIXME: set mss */
  
diff --git a/lib/isc/netmgr/udp.c b/lib/isc/netmgr/udp.c

index 4cb3fdc429c9948f911949ad566c60fae1e7e1f4..0b7f01037f30fab1ffa1955200a2a1430e3fcb76 100644 (file)
--- a/lib/isc/netmgr/udp.c
+++ b/lib/isc/netmgr/udp.c
@@ -94,6 +94,7 @@ isc__nm_udp_lb_socket(sa_family_t sa_family) {
  
         (void)isc__nm_socket_incoming_cpu(sock);
         (void)isc__nm_socket_disable_pmtud(sock, sa_family);
+       (void)isc__nm_socket_v6only(sock, sa_family);
  
         result = isc__nm_socket_reuse(sock);
         RUNTIME_CHECK(result == ISC_R_SUCCESS);
diff --git a/lib/ns/interfacemgr.c b/lib/ns/interfacemgr.c

index 84540d3c95ef758dc2de45f1fe664d3e39dca186..1335f4497cfdf55adfcdd8e1ff60f52ded81ad3f 100644 (file)
--- a/lib/ns/interfacemgr.c
+++ b/lib/ns/interfacemgr.c
@@ -544,10 +544,6 @@ ns_interface_listentcp(ns_interface_t *ifp) {
         }
  
  #if 0
-#ifndef ISC_ALLOW_MAPPED
-       isc_socket_ipv6only(ifp->tcpsocket, true);
-#endif /* ifndef ISC_ALLOW_MAPPED */
-
         if (ifp->dscp != -1) {
                 isc_socket_dscp(ifp->tcpsocket,ifp->dscp);
         }
@@ -983,12 +979,10 @@ do_scan(ns_interfacemgr_t *mgr, bool verbose, bool config) {
          * packets as the form of mapped addresses unintentionally
          * unless explicitly allowed.
          */
-#ifndef ISC_ALLOW_MAPPED
         if (scan_ipv6 && isc_net_probe_ipv6only() != ISC_R_SUCCESS) {
                 ipv6only = false;
                 log_explicit = true;
         }
-#endif /* ifndef ISC_ALLOW_MAPPED */
         if (scan_ipv6 && isc_net_probe_ipv6pktinfo() != ISC_R_SUCCESS) {
                 ipv6pktinfo = false;
                 log_explicit = true;
author	Ondřej Surý <ondrej@isc.org>
	Thu, 13 Jan 2022 12:24:55 +0000 (13:24 +0100)
committer	Ondřej Surý <ondrej@isc.org>
	Mon, 17 Jan 2022 21:16:27 +0000 (22:16 +0100)
lib/isc/netmgr/netmgr-int.h		patch \| blob \| blame \| history
lib/isc/netmgr/netmgr.c		patch \| blob \| blame \| history
lib/isc/netmgr/tcp.c		patch \| blob \| blame \| history
lib/isc/netmgr/tcpdns.c		patch \| blob \| blame \| history
lib/isc/netmgr/tlsdns.c		patch \| blob \| blame \| history
lib/isc/netmgr/udp.c		patch \| blob \| blame \| history
lib/ns/interfacemgr.c		patch \| blob \| blame \| history