Rollback setting IP_DONTFRAG option on the UDP sockets

In DNS Flag Day 2020, the development branch started setting the
IP_DONTFRAG option on the UDP sockets.  It turned out, that this
code was incomplete leading to dropping the outgoing UDP packets.
Henceforth this commit rolls back this setting until we have a
proper fix that would send back empty response with TC flag set.

(cherry picked from commit 66eefac78c92b64b6689a1655cc677a2b1d13496)

diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c
index 46f07586207fab628cc90540666135b16727dec7..14149818b805a6513085d6f6b3d3cc519d5790b4 100644 (file)
--- a/lib/isc/netmgr/netmgr.c
+++ b/lib/isc/netmgr/netmgr.c
@@ -2101,6 +2101,9 @@ isc__nm_closesocket(uv_os_sock_t sock) {
 #define setsockopt_on(socket, level, name) \
        setsockopt(socket, level, name, &(int){ 1 }, sizeof(int))
 
+#define setsockopt_off(socket, level, name) \
+       setsockopt(socket, level, name, &(int){ 1 }, sizeof(int))
+
 isc_result_t
 isc__nm_socket_freebind(uv_os_sock_t fd, sa_family_t sa_family) {
        /*
@@ -2226,14 +2229,22 @@ isc__nm_socket_dontfrag(uv_os_sock_t fd, sa_family_t sa_family) {
         */
        if (sa_family == AF_INET6) {
 #if defined(IPV6_DONTFRAG)
-               if (setsockopt_on(fd, IPPROTO_IPV6, IPV6_DONTFRAG) == -1) {
+               if (setsockopt_off(fd, IPPROTO_IPV6, IPV6_DONTFRAG) == -1) {
+                       return (ISC_R_FAILURE);
+               } else {
+                       return (ISC_R_SUCCESS);
+               }
+#elif defined(IPV6_MTU_DISCOVER) && defined(IP_PMTUDISC_OMIT)
+               if (setsockopt(fd, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+                              &(int){ IP_PMTUDISC_OMIT }, sizeof(int)) == -1)
+               {
                        return (ISC_R_FAILURE);
                } else {
                        return (ISC_R_SUCCESS);
                }
-#elif defined(IPV6_MTU_DISCOVER)
+#elif defined(IPV6_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
                if (setsockopt(fd, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
-                              &(int){ IP_PMTUDISC_DO }, sizeof(int)) == -1)
+                              &(int){ IP_PMTUDISC_DONT }, sizeof(int)) == -1)
                {
                        return (ISC_R_FAILURE);
                } else {
@@ -2244,14 +2255,22 @@ isc__nm_socket_dontfrag(uv_os_sock_t fd, sa_family_t sa_family) {
 #endif
        } else if (sa_family == AF_INET) {
 #if defined(IP_DONTFRAG)
-               if (setsockopt_on(fd, IPPROTO_IP, IP_DONTFRAG) == -1) {
+               if (setsockopt_off(fd, IPPROTO_IP, IP_DONTFRAG) == -1) {
+                       return (ISC_R_FAILURE);
+               } else {
+                       return (ISC_R_SUCCESS);
+               }
+#elif defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_OMIT)
+               if (setsockopt(fd, IPPROTO_IP, IP_MTU_DISCOVER,
+                              &(int){ IP_PMTUDISC_OMIT }, sizeof(int)) == -1)
+               {
                        return (ISC_R_FAILURE);
                } else {
                        return (ISC_R_SUCCESS);
                }
-#elif defined(IP_MTU_DISCOVER)
+#elif defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
                if (setsockopt(fd, IPPROTO_IP, IP_MTU_DISCOVER,
-                              &(int){ IP_PMTUDISC_DO }, sizeof(int)) == -1)
+                              &(int){ IP_PMTUDISC_DONT }, sizeof(int)) == -1)
                {
                        return (ISC_R_FAILURE);
                } else {