From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 31 Jan 2012 21:09:49 +0000 (-0500)
Subject: Set IPV6_V6ONLY on listener sockets bound to IPv6 addresses.
X-Git-Tag: tor-0.2.3.13-alpha~71^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd68d596cdf68999c0cb4c0caf594d8580eaba40;p=thirdparty%2Ftor.git

Set IPV6_V6ONLY on listener sockets bound to IPv6 addresses.

If we don't do this, [::] can be interpreted to mean all v4 and all
v6 addresses.  Found by dcf.  Fixes bug 4760.  See RFC 3493 section
5.3 for more info.
---

diff --git a/changes/bug4760 b/changes/bug4760
new file mode 100644
index 0000000000..ea8d16edb7
--- /dev/null
+++ b/changes/bug4760
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - When binding to an IPv6 address, set the IPV6_V6ONLY socket
+      option, so that the IP stack doesn't decide to use it for IPv4
+      too. Fixes bug 4760; bugfix on 0.2.3.9-alpha.
diff --git a/src/or/connection.c b/src/or/connection.c
index bf65e8e81b..06a7562656 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -902,6 +902,25 @@ connection_listener_new(const struct sockaddr *listensockaddr,
 
     make_socket_reuseable(s);
 
+#ifdef IPV6_V6ONLY
+    if (listensockaddr->sa_family == AF_INET6) {
+#ifdef _WIN32
+      /* In Redmond, this kind of thing passes for standards-conformance. */
+      DWORD one = 1;
+#else
+      int one = 1;
+#endif
+      /* We need to set IPV6_V6ONLY so that this socket can't get used for
+       * IPv4 connections. */
+      if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY, (void*)&one, sizeof(one))<0) {
+        int e = tor_socket_errno(s);
+        log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
+                 tor_socket_strerror(e));
+        /* Keep going; probably not harmful. */
+      }
+    }
+#endif
+
     if (bind(s,listensockaddr,socklen) < 0) {
       const char *helpfulhint = "";
       int e = tor_socket_errno(s);