On Thu, Jan 16, 2020 at 08:25:16PM +0100, Peter J. Philipp wrote:
> > dig is supposed to use SOCK_DNS, and then not bother doing additional
> > stuff.
> >
> > 105 is setsockopt. We would investigate if the setsockopt being done
> > is required, or if it can be removed. After all, the "bind as a library"
> > code remaining no longer needs to serve "daemon functionality".
>
> Thanks for that hint, that makes it easier, with the kdump and some grepping
> I have located it (it's the only tcp setsockopt in dig's lib):
>
> ------->
> beta$ grep -R setsockopt * | grep IPPROTO_TCP
> grep: obj: Permission denied
> lib/isc/unix/socket.c: (void)setsockopt(sock->fd, IPPROTO_TCP,
> TCP_MAXSEG,
> beta$ grep TCP_MAXSEG /usr/include/netinet/tcp.h
> #define TCP_MAXSEG 0x02 /* set maximum segment size */
> <------
>
> I've not come across this setsockopt in my network programming, but I guess
> the comment is good enough.
Sorry I broke it off prematurely for this mail, I wanted to get you the info
as fast as possible. I have looked at this, and there is something I should
set straight about my network. When I dug rhombus.centroid.eu it only has
an IPv4 address, but the kdump clearly shows an IPv6 setsockopt being done
before the last setsockopt (for tcp) at the pledge violation. Since I use
DNS64 and NAT64 here locally I assume that's why it worked on an IPv6 socket.
That's what I forgot to mention.
In lib/isc/unix/socket.c there is a wrapper function around this setsockopt()
and that wrapper is called twice in socket.c itself. For the first instance
it is here:
2286 /*
2287 * Use minimum mtu if possible.
2288 */
2289 if (sock->type == isc_sockettype_tcp && sock->pf == AF_INET6) {
2290 use_min_mtu(sock);
2291 set_tcp_maxseg(sock, 1280 - 20 - 40); /* 1280 - TCP - IP
V6 */
2292 }
So it sets the mtu of the socket to 1280 (I have seen this before on gif
interfaces and also in some v6 RFC, I'd have to dig). And then sets the
maxseg of the tcp.. I don't know why they do this instead of letting the
OS take care of setting the mss (including setting route sub-headers and what
have you). I am unsure if removing set_tcp_maxseg() will hurt here, due to
my inexperience with setting the MTU on a socket and it beign IPv6 on top of
that. I'm inexperienced to say the least on this.
The second instance is in internal_accept() after an accept() so the socket
is already established.
3140 /*
3141 * Use minimum mtu if possible.
3142 */
3143 use_min_mtu(NEWCONNSOCK(dev));
3144 set_tcp_maxseg(NEWCONNSOCK(dev), 1280 - 20 - 40);
I really don't know what to do about this one either. And it's getting late
over here (way past my bedtime).
Unfortunately I can't be of more help beyond telling that my network is NAT64.
Best regards,
-peter
